Re: [PATCH 3.5 29/64] fs: buffer: move allocation failure loop intothe allocator
From: Johannes Weiner
Date: Thu Oct 31 2013 - 12:06:24 EST
On Thu, Oct 31, 2013 at 03:48:48PM +0100, Jan Kara wrote:
> On Thu 31-10-13 10:00:08, Johannes Weiner wrote:
> > On Mon, Oct 28, 2013 at 02:47:48PM +0000, Luis Henriques wrote:
> > > 3.5.7.24 -stable review patch. If anyone has any objections, please let me know.
> > >
> > > ------------------
> > >
> > > From: Johannes Weiner <hannes@xxxxxxxxxxx>
> > >
> > > commit 84235de394d9775bfaa7fa9762a59d91fef0c1fc upstream.
> > >
> > > Buffer allocation has a very crude indefinite loop around waking the
> > > flusher threads and performing global NOFS direct reclaim because it can
> > > not handle allocation failures.
> > >
> > > The most immediate problem with this is that the allocation may fail due
> > > to a memory cgroup limit, where flushers + direct reclaim might not make
> > > any progress towards resolving the situation at all. Because unlike the
> > > global case, a memory cgroup may not have any cache at all, only
> > > anonymous pages but no swap. This situation will lead to a reclaim
> > > livelock with insane IO from waking the flushers and thrashing unrelated
> > > filesystem cache in a tight loop.
> > >
> > > Use __GFP_NOFAIL allocations for buffers for now. This makes sure that
> > > any looping happens in the page allocator, which knows how to
> > > orchestrate kswapd, direct reclaim, and the flushers sensibly. It also
> > > allows memory cgroups to detect allocations that can't handle failure
> > > and will allow them to ultimately bypass the limit if reclaim can not
> > > make progress.
> So I was under the impression that __GFP_NOFAIL is going away, doesn't
> it? At least about an year ago there was some effort to remove its users so
> we ended up creating loops like the above one (and similar ones for
> jbd/jbd2) in cases where handling the failure wasn't easily possible. And now
> it seems we are going in the opposite direction... At least we have a
> steady flow of patches guaranteed :)
Lol.
I would assume that people had a problem with allocations that can not
fail, rather than __GFP_NOFAIL. As long as we do have callsites that
can't deal with failure, I'd much prefer __GFP_NOFAIL over open-coded
looping. The page allocator is much better equipped to make forward
progress and the problematic sites are immediately apparent/greppable.
In order of preference, this is how allocation sites should deal with
errors:
1. Gracefully abort current operation and move on
2. Stab eyes with fork
3. Use __GFP_NOFAIL
... but never loop around the allocation, please.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/