On Fri, 28 Aug 2020, Yang Shi wrote: > On Fri, Aug 28, 2020 at 7:55 AM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: > > > > On Fri, Aug 28, 2020 at 03:25:46PM +0100, Matthew Wilcox wrote: > > > If I understand truncate of a shmem THP correctly ... > > > > > > Let's suppose the file has a single 2MB page at index 0, and is being > > > truncated down to 7 bytes in size. > > > > > > shmem_setattr() > > > i_size_write(7); > > > shmem_truncate_range(7, -1); > > > shmem_undo_range(7, -1) > > > start = 1; > > > page = &head[1]; > > > shmem_punch_compound(); > > > split_huge_page() > > > end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE); # == 1 > > > __split_huge_page(..., 1, ...); > > > __delete_from_page_cache(&head[1], ...); > > > truncate_inode_page(page); > > > delete_from_page_cache(page) > > > __delete_from_page_cache(&head[1]) > > > > > > I think the solution is to call truncate_inode_page() from within > > > shmem_punch_compound() if we don't call split_huge_page(). I came across > > > this while reusing all this infrastructure for the XFS THP patchset, > > > so I'm not in a great position to test this patch. It's a good observation of an oddity that I probably didn't think of, but you haven't said which kind of shmem page accounting goes wrong here (vm_enough_memory? df of filesystem? du of filesystem? memcg charge? all of the above? observed in practice?), and what needs solving. If that page has already been deleted from page cache when splitting, truncate_inode_page() sees NULL page->mapping != mapping and returns without doing anything. What's the problem? Hugh > > > > Oh, this works for truncate, but not hole-punch. __split_huge_page() > > won't call __delete_from_page_cache() for pages below the end of the > > file. So maybe this instead? > > > > It's a bit cheesy ... maybe split_huge_page() could return 1 to indicate > > that it actually disposed of the page passed in? > > I'm fine to have split_huge_page() return 1. > > > > > +++ b/mm/shmem.c > > @@ -827,7 +827,7 @@ static bool shmem_punch_compound(struct page *page, pgoff_t start, pgoff_t end) > > return true; > > > > /* Try to split huge page, so we can truly punch the hole or truncate */ > > - return split_huge_page(page) >= 0; > > + return split_huge_page(page) >= 0 && end < -1; > > It would be more clear if we could have some comment about what "-1" > means. It took me a little while to understand the magic number, but > once I understood it it looks more straightforward to me. > > > } > > > > /*
