Re: [PATCH v3 3/3] mm/percpu: Avoid IO/FS reclaim in backing allocations

From: Kaitao Cheng

Date: Wed Jun 17 2026 - 05:00:22 EST

在 2026/6/17 14:53, Dennis Zhou 写道:
> On Fri, Jun 12, 2026 at 10:26:48AM +0800, Kaitao Cheng wrote:
>> From: Kaitao Cheng <chengkaitao@xxxxxxxxxx>
>>
>> Commit 9a5b183941b5 ("mm, percpu: do not consider sleepable
>> allocations atomic") allows sleepable GFP_NOIO and GFP_NOFS percpu
>> allocations to take pcpu_alloc_mutex. This avoids premature allocation
>> failures, but it also makes the mutex visible to callers from constrained
>> IO/FS contexts.
>>
>> Thread A calls pcpu_alloc_noprof() with GFP_KERNEL and takes
>> pcpu_alloc_mutex. Since the internal allocation is not constrained by
>> NOFS, it may enter FS reclaim while still holding pcpu_alloc_mutex,
>> creating a dependency like: pcpu_alloc_mutex -> fs_reclaim -> FS lock
>>
>> At the same time, Thread B may already hold an FS lock and then call
>> pcpu_alloc_noprof() with GFP_NOFS. It will try to acquire
>> pcpu_alloc_mutex and block, creating the reverse dependency:
>> FS lock -> pcpu_alloc_mutex
>>
>> This can still form a potential deadlock cycle.
>>
>> Avoid the dependency by restricting percpu backing allocations to GFP_NOIO.
>> The public allocation still uses the caller's GFP context to decide whether
>> it may block, but the internal memory allocations performed while
>> pcpu_alloc_mutex is held cannot recurse into IO or FS reclaim.
>>
>> Fixes: 9a5b183941b5 ("mm, percpu: do not consider sleepable allocations atomic")
>> Signed-off-by: Kaitao Cheng <chengkaitao@xxxxxxxxxx>
>> ---
>> mm/percpu.c | 16 +++++++++++-----
>> 1 file changed, 11 insertions(+), 5 deletions(-)
>>
>> diff --git a/mm/percpu.c b/mm/percpu.c
>> index 4d89965cba16..47824061a701 100644
>> --- a/mm/percpu.c
>> +++ b/mm/percpu.c
>> @@ -1726,9 +1726,9 @@ static void pcpu_alloc_tag_free_hook(struct pcpu_chunk *chunk, int off, size_t s
>> * @gfp: allocation flags
>> *
>> * Allocate percpu area of @size bytes aligned at @align. If @gfp doesn't
>> - * contain %GFP_KERNEL, the allocation is atomic. If @gfp has __GFP_NOWARN
>> - * then no warning will be triggered on invalid or failed allocation
>> - * requests.
>> + * allow blocking, the allocation is atomic. If @gfp has __GFP_NOFAIL, backing
>> + * allocation failures are retried. If @gfp has __GFP_NOWARN then no warning
>> + * will be triggered on invalid or failed allocation requests.
>> *
>> * RETURNS:
>> * Percpu pointer to the allocated area on success, NULL on failure.
>> @@ -1749,8 +1749,14 @@ void __percpu *pcpu_alloc_noprof(size_t size, size_t align, bool reserved,
>> size_t bits, bit_align;
>>
>> gfp = current_gfp_context(gfp);
>> - /* whitelisted flags that can be passed to the backing allocators */
>> - pcpu_gfp = gfp & (GFP_KERNEL | __GFP_NORETRY | __GFP_NOWARN);
>> + /*
>> + * Allowlisted flags that can be passed to the backing allocators.
>> + * Backing allocations under pcpu_alloc_mutex must not recurse into
>> + * IO/FS reclaim. Otherwise a GFP_KERNEL caller holding the mutex can
>> + * block on reclaim while a GFP_NOIO/NOFS caller holding an IO/FS lock
>> + * waits for the same mutex.
>> + */
>> + pcpu_gfp = gfp & (GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN | __GFP_NOFAIL);
>> is_atomic = !gfpflags_allow_blocking(gfp);
>> do_warn = !(gfp & __GFP_NOWARN);
>>
>
> I think GFP_KERNEL -> GFP_NOIO makes sense. It breaks the cycle.
>
> For __GFP_NOFAIL, I think my concern is that a chunk can be quite large
> and might need numerous pages. If we allow __GFP_NOFAIL, then we could
> potentially churn and stall out other allocations for quite some time
> while GFP_NOIO tries to reclaim without access to fs or io paths.

__GFP_NOFAIL is actually unnecessary here. The main reason is that,
for now, I have not found any in-kernel callers that pass __GFP_NOFAIL
to pcpu_alloc_noprof() or its wrapper functions. The reason I added
__GFP_NOFAIL was to address the issue reported by sashiko, and I
provided a detailed clarification in the link below.

https://lore.kernel.org/all/3de3a89b-92f0-4cd2-9f41-8e853eae4e78@xxxxxxxxx/

We should probably revert the current patch back to the v2 version,
and then add some comments explaining why pcpu_alloc_noprof() must
not be passed the __GFP_NOFAIL flag, as suggested by Andrew Morton.

--
Thanks
Kaitao Cheng