From: Nick Piggin <npiggin@suse.de>
To: Linux Memory Management <linux-mm@kvack.org>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
Linux Filesystems <linux-fsdevel@vger.kernel.org>,
Nick Piggin <npiggin@suse.de>, Andrew Morton <akpm@osdl.org>
Subject: [patch 3/10] mm: revert "generic_file_buffered_write(): deadlock on vectored write"
Date: Sat, 13 Jan 2007 04:24:43 +0100 (CET) [thread overview]
Message-ID: <20070113011227.9449.42066.sendpatchset@linux.site> (raw)
In-Reply-To: <20070113011159.9449.4327.sendpatchset@linux.site>
From: Andrew Morton <akpm@osdl.org>
Revert 6527c2bdf1f833cc18e8f42bd97973d583e4aa83
This patch fixed the following bug:
When prefaulting in the pages in generic_file_buffered_write(), we only
faulted in the pages for the firts segment of the iovec. If the second of
successive segment described a mmapping of the page into which we're
write()ing, and that page is not up-to-date, the fault handler tries to lock
the already-locked page (to bring it up to date) and deadlocks.
An exploit for this bug is in writev-deadlock-demo.c, in
http://www.zip.com.au/~akpm/linux/patches/stuff/ext3-tools.tar.gz.
(These demos assume blocksize < PAGE_CACHE_SIZE).
The problem with this fix is that it takes the kernel back to doing a single
prepare_write()/commit_write() per iovec segment. So in the worst case we'll
run prepare_write+commit_write 1024 times where we previously would have run
it once. The other problem with the fix is that it fix all the locking problems.
<insert numbers obtained via ext3-tools's writev-speed.c here>
And apparently this change killed NFS overwrite performance, because, I
suppose, it talks to the server for each prepare_write+commit_write.
So just back that patch out - we'll be fixing the deadlock by other means.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Nick says: also it only ever actually papered over the bug, because after
faulting in the pages, they might be unmapped or reclaimed.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Index: linux-2.6/mm/filemap.c
===================================================================
--- linux-2.6.orig/mm/filemap.c
+++ linux-2.6/mm/filemap.c
@@ -1881,21 +1881,14 @@ generic_file_buffered_write(struct kiocb
do {
unsigned long index;
unsigned long offset;
+ unsigned long maxlen;
size_t copied;
offset = (pos & (PAGE_CACHE_SIZE -1)); /* Within page */
index = pos >> PAGE_CACHE_SHIFT;
bytes = PAGE_CACHE_SIZE - offset;
-
- /* Limit the size of the copy to the caller's write size */
- bytes = min(bytes, count);
-
- /*
- * Limit the size of the copy to that of the current segment,
- * because fault_in_pages_readable() doesn't know how to walk
- * segments.
- */
- bytes = min(bytes, cur_iov->iov_len - iov_base);
+ if (bytes > count)
+ bytes = count;
/*
* Bring in the user page that we will copy from _first_.
@@ -1903,7 +1896,10 @@ generic_file_buffered_write(struct kiocb
* same page as we're writing to, without it being marked
* up-to-date.
*/
- fault_in_pages_readable(buf, bytes);
+ maxlen = cur_iov->iov_len - iov_base;
+ if (maxlen > bytes)
+ maxlen = bytes;
+ fault_in_pages_readable(buf, maxlen);
page = __grab_cache_page(mapping,index,&cached_page,&lru_pvec);
if (!page) {
WARNING: multiple messages have this Message-ID (diff)
From: Nick Piggin <npiggin@suse.de>
From: Andrew Morton <akpm@osdl.org>
To: Linux Memory Management <linux-mm@kvack.org>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
Linux Filesystems <linux-fsdevel@vger.kernel.org>,
Nick Piggin <npiggin@suse.de>, Andrew Morton <akpm@osdl.org>
Subject: [patch 3/10] mm: revert "generic_file_buffered_write(): deadlock on vectored write"
Date: Sat, 13 Jan 2007 04:24:43 +0100 (CET) [thread overview]
Message-ID: <20070113011227.9449.42066.sendpatchset@linux.site> (raw)
In-Reply-To: <20070113011159.9449.4327.sendpatchset@linux.site>
Revert 6527c2bdf1f833cc18e8f42bd97973d583e4aa83
This patch fixed the following bug:
When prefaulting in the pages in generic_file_buffered_write(), we only
faulted in the pages for the firts segment of the iovec. If the second of
successive segment described a mmapping of the page into which we're
write()ing, and that page is not up-to-date, the fault handler tries to lock
the already-locked page (to bring it up to date) and deadlocks.
An exploit for this bug is in writev-deadlock-demo.c, in
http://www.zip.com.au/~akpm/linux/patches/stuff/ext3-tools.tar.gz.
(These demos assume blocksize < PAGE_CACHE_SIZE).
The problem with this fix is that it takes the kernel back to doing a single
prepare_write()/commit_write() per iovec segment. So in the worst case we'll
run prepare_write+commit_write 1024 times where we previously would have run
it once. The other problem with the fix is that it fix all the locking problems.
<insert numbers obtained via ext3-tools's writev-speed.c here>
And apparently this change killed NFS overwrite performance, because, I
suppose, it talks to the server for each prepare_write+commit_write.
So just back that patch out - we'll be fixing the deadlock by other means.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Nick says: also it only ever actually papered over the bug, because after
faulting in the pages, they might be unmapped or reclaimed.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Index: linux-2.6/mm/filemap.c
===================================================================
--- linux-2.6.orig/mm/filemap.c
+++ linux-2.6/mm/filemap.c
@@ -1881,21 +1881,14 @@ generic_file_buffered_write(struct kiocb
do {
unsigned long index;
unsigned long offset;
+ unsigned long maxlen;
size_t copied;
offset = (pos & (PAGE_CACHE_SIZE -1)); /* Within page */
index = pos >> PAGE_CACHE_SHIFT;
bytes = PAGE_CACHE_SIZE - offset;
-
- /* Limit the size of the copy to the caller's write size */
- bytes = min(bytes, count);
-
- /*
- * Limit the size of the copy to that of the current segment,
- * because fault_in_pages_readable() doesn't know how to walk
- * segments.
- */
- bytes = min(bytes, cur_iov->iov_len - iov_base);
+ if (bytes > count)
+ bytes = count;
/*
* Bring in the user page that we will copy from _first_.
@@ -1903,7 +1896,10 @@ generic_file_buffered_write(struct kiocb
* same page as we're writing to, without it being marked
* up-to-date.
*/
- fault_in_pages_readable(buf, bytes);
+ maxlen = cur_iov->iov_len - iov_base;
+ if (maxlen > bytes)
+ maxlen = bytes;
+ fault_in_pages_readable(buf, maxlen);
page = __grab_cache_page(mapping,index,&cached_page,&lru_pvec);
if (!page) {
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2007-01-13 3:25 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-13 3:24 [patch 0/10] buffered write deadlock fix Nick Piggin
2007-01-13 3:24 ` Nick Piggin
2007-01-13 3:24 ` [patch 1/10] fs: libfs buffered write leak fix Nick Piggin
2007-01-13 3:24 ` Nick Piggin
2007-01-13 3:24 ` [patch 2/10] mm: revert "generic_file_buffered_write(): handle zero length iovec segments" Nick Piggin
2007-01-13 3:24 ` Nick Piggin, Andrew Morton
2007-01-13 3:24 ` Nick Piggin [this message]
2007-01-13 3:24 ` [patch 3/10] mm: revert "generic_file_buffered_write(): deadlock on vectored write" Nick Piggin, Andrew Morton
2007-01-13 3:24 ` [patch 4/10] mm: generic_file_buffered_write cleanup Nick Piggin
2007-01-13 3:24 ` Nick Piggin, Andrew Morton
2007-01-13 3:25 ` [patch 5/10] mm: debug write deadlocks Nick Piggin
2007-01-13 3:25 ` Nick Piggin
2007-01-13 3:25 ` [patch 6/10] mm: be sure to trim blocks Nick Piggin
2007-01-13 3:25 ` Nick Piggin
2007-01-14 14:25 ` Dmitriy Monakhov
2007-01-14 14:25 ` Dmitriy Monakhov
2007-01-20 3:50 ` Nick Piggin
2007-01-20 3:50 ` Nick Piggin
2007-01-16 17:36 ` Peter Zijlstra
2007-01-16 17:36 ` Peter Zijlstra
2007-01-16 19:14 ` Peter Zijlstra
2007-01-16 19:14 ` Peter Zijlstra
2007-01-20 3:52 ` Nick Piggin
2007-01-20 3:52 ` Nick Piggin
2007-01-13 3:25 ` [patch 7/10] mm: cleanup pagecache insertion operations Nick Piggin
2007-01-13 3:25 ` Nick Piggin
2007-01-13 3:25 ` [patch 8/10] mm: generic_file_buffered_write cleanup more Nick Piggin
2007-01-13 3:25 ` Nick Piggin
2007-01-13 3:25 ` [patch 9/10] mm: generic_file_buffered_write iovec cleanup Nick Piggin
2007-01-13 3:25 ` Nick Piggin
2007-01-13 3:25 ` [patch 10/10] mm: fix pagecache write deadlocks Nick Piggin
2007-01-13 3:25 ` Nick Piggin
2007-01-14 3:59 ` Nick Piggin
2007-01-14 3:59 ` Nick Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070113011227.9449.42066.sendpatchset@linux.site \
--to=npiggin@suse.de \
--cc=akpm@osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.