On Tue, 15 Jul 2014, Vlastimil Babka wrote:
> On 07/15/2014 12:31 PM, Hugh Dickins wrote:
> > f00cdc6df7d7 ("shmem: fix faulting into a hole while it's punched") was
> > buggy: Sasha sent a lockdep report to remind us that grabbing i_mutex in
> > the fault path is a no-no (write syscall may already hold i_mutex while
> > faulting user buffer).
> >
> > We tried a completely different approach (see following patch) but that
> > proved inadequate: good enough for a rational workload, but not good
> > enough against trinity - which forks off so many mappings of the object
> > that contention on i_mmap_mutex while hole-puncher holds i_mutex builds
> > into serious starvation when concurrent faults force the puncher to fall
> > back to single-page unmap_mapping_range() searches of the i_mmap tree.
> >
> > So return to the original umbrella approach, but keep away from i_mutex
> > this time. We really don't want to bloat every shmem inode with a new
> > mutex or completion, just to protect this unlikely case from trinity.
> > So extend the original with wait_queue_head on stack at the hole-punch
> > end, and wait_queue item on the stack at the fault end.
>
> Hi, thanks a lot, I will definitely test it soon, although my reproducer is
> rather limited - it already works fine with the current kernel. Trinity will
> be more useful here.
Yes, 2/2 (minus the page->swap addition) already proved good enough for
your (more realistic than trinity) testcase, and for mine. And 1/2 (minus
the new waiting) already proved good enough for you too, just more awkward
to backport way back. I agree that it's trinity we most need, to check
that I didn't mess up 1/2 - though your testing welcome too, thanks.
> But there's something that caught my eye so I though I
> would raise the concern now.
Thank you.
>
> > @@ -760,7 +760,7 @@ static int shmem_writepage(struct page *
> > spin_lock(&inode->i_lock);
> > shmem_falloc = inode->i_private;
>
> Without ACCESS_ONCE, can shmem_falloc potentially become an alias on
> inode->i_private and later become re-read outside of the lock?
No, it could be re-read inside the locked section (which is okay since
the locking ensures the same value would be re-read each time), but it
cannot be re-read after the unlock. The unlock guarantees that (whereas
an assignment after the unlock might be moved up before the unlock).
I searched for a simple example (preferably not in code written by me!)
to convince you. I thought it would be easy to find an example of
spin_lock(&lock);
thing_to_free = whatever;
spin_unlock(&lock);
if (thing_to_free)
free(thing_to_free);
but everything I hit upon was actually a little more complicated than
than that (e.g. involving whatever(), or setting whatever = NULL after),
and therefore less convincing. Please hunt around to convince yourself.
>
> > if (shmem_falloc &&
> > - !shmem_falloc->mode &&
> > + !shmem_falloc->waitq &&
> > index >= shmem_falloc->start &&
> > index < shmem_falloc->next)
> > shmem_falloc->nr_unswapped++;
...
> > if (unlikely(inode->i_private)) {
> > struct shmem_falloc *shmem_falloc;
> >
> > spin_lock(&inode->i_lock);
> > shmem_falloc = inode->i_private;
>
> Same here.
Same here :)
>
> > - if (!shmem_falloc ||
> > - shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE ||
> > - vmf->pgoff < shmem_falloc->start ||
> > - vmf->pgoff >= shmem_falloc->next)
> > - shmem_falloc = NULL;
> > - spin_unlock(&inode->i_lock);
> > - /*
> > - * i_lock has protected us from taking shmem_falloc seriously
> > - * once return from shmem_fallocate() went back up that
> > stack.
> > - * i_lock does not serialize with i_mutex at all, but it does
> > - * not matter if sometimes we wait unnecessarily, or
> > sometimes
> > - * miss out on waiting: we just need to make those cases
> > rare.
> > - */
> > - if (shmem_falloc) {
> > + if (shmem_falloc &&
> > + shmem_falloc->waitq &&
>
> Here it's operating outside of lock.
No, it's inside the lock: just easier to see from the patched source
than from the patch itself.
Hugh
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>