__GFP_NOFAIL is documented both in gfp.h and memory-allocation.rst.
The details are not entirely consistent.
This patch ensures both places state that:
- there is a risk of deadlock with reclaim/writeback/oom-kill
- it should only be used when there is no real alternative
- it is preferable to an endless loop
- it is strongly discourages for costly-order allocations.
Signed-off-by: NeilBrown <neilb@xxxxxxx>
---
Documentation/core-api/memory-allocation.rst | 25 ++++++++++++++++++++++++-
include/linux/gfp.h | 6 +++++-
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/Documentation/core-api/memory-allocation.rst b/Documentation/core-api/memory-allocation.rst
index 5954ddf6ee13..8ea077465446 100644
--- a/Documentation/core-api/memory-allocation.rst
+++ b/Documentation/core-api/memory-allocation.rst
@@ -126,7 +126,30 @@ or another request.
* ``GFP_KERNEL | __GFP_NOFAIL`` - overrides the default allocator behavior
and all allocation requests will loop endlessly until they succeed.
- This might be really dangerous especially for larger orders.
+ Any attempt to use ``__GFP_NOFAIL`` for allocations larger than
+ order-1 (2 pages) will trigger a warning.
+
+ Use of ``__GFP_NOFAIL`` can cause deadlocks so it should only be used
+ when there is no alternative, and then should be used with caution.
+ Deadlocks can happen if the calling process holds any resources
+ (e.g. locks) which might be needed for memory reclaim or write-back,
+ or which might prevent a process killed by the OOM killer from
+ successfully exiting. Where possible, locks should be released
+ before using ``__GFP_NOFAIL``.
+
+ While this flag is best avoided, it is still preferable to endless
+ loops around the allocator. Endless loops may still be used when
+ there is a need to test for the process being killed
+ (fatal_signal_pending(current)).
+
+ * ``GFP_NOFS | __GFP_NOFAIL`` - Loop endlessly instead of failing
+ when performing allocations in file system code. The same guidance
+ as for ``GFP_KERNEL | __GFP_NOFAIL`` applies with extra emphasis on
+ the possibility of deadlocks. ``GFP_NOFS`` often implies that
+ filesystem locks are held which might lead to blocking reclaim.
+ Preemptively flushing or reclaiming memory associated with such
+ locks might be appropriate before requesting a ``__GFP_NOFAIL``
+ allocation.
Selecting memory allocator
==========================
diff --git a/include/linux/gfp.h b/include/linux/gfp.h
index 55b2ec1f965a..1d2a89e20b8b 100644
--- a/include/linux/gfp.h
+++ b/include/linux/gfp.h
@@ -209,7 +209,11 @@ struct vm_area_struct;
* used only when there is no reasonable failure policy) but it is
* definitely preferable to use the flag rather than opencode endless
* loop around allocator.
- * Using this flag for costly allocations is _highly_ discouraged.
+ * Use of this flag may lead to deadlocks if locks are held which would
+ * be needed for memory reclaim, write-back, or the timely exit of a
+ * process killed by the OOM-killer. Dropping any locks not absolutely
+ * needed is advisable before requesting a %__GFP_NOFAIL allocate.
+ * Using this flag for costly allocations (order>1) is _highly_ discouraged.
*/
#define __GFP_IO ((__force gfp_t)___GFP_IO)
#define __GFP_FS ((__force gfp_t)___GFP_FS)
