Re: [PATCH] mm: vmscan: handle any negative return value from scan_objects

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dave Chinner <dchinner@redhat.com>
To: Oskar Andero <oskar.andero@sonymobile.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	"Lekanovic, Radovan" <Radovan.Lekanovic@sonymobile.com>,
	David Rientjes <rientjes@google.com>,
	Glauber Costa <glommer@openvz.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Hugh Dickins <hughd@google.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] mm: vmscan: handle any negative return value from scan_objects
Date: Fri, 17 May 2013 16:33:40 +1000	[thread overview]
Message-ID: <20130517063340.GE11167@devil.localdomain> (raw)
In-Reply-To: <20130516122752.GG24072@caracas.corpusers.net>

On Thu, May 16, 2013 at 02:27:52PM +0200, Oskar Andero wrote:
> On 13:52 Thu 16 May     , Dave Chinner wrote:
> > On Thu, May 16, 2013 at 10:42:16AM +0200, Oskar Andero wrote:
> > > The shrinkers must return -1 to indicate that it is busy. Instead, treat
> > > any negative value as busy.
> > 
> > Why? The API defines return condition for aborting a scan and gives
> > a specific value for doing that. i.e. explain why should change the
> > API to over-specify the 'abort scan" return value like this.
> 
> As I pointed out earlier, looking in to the code (from master):
> 	if (shrink_ret == -1)
> 		break;
> 	if (shrink_ret < nr_before)
> 		ret += nr_before - shrink_ret;
> 
> This piece of code lacks a sanity check and will only function if shrink_ret
> is either greater than zero or exactly -1. If shrink_ret is e.g. -2 this will
> lead to undefined behaviour.

If a shrinker is returning -2 then the shrinker is broken and needs
fixing.

> > FWIW, using "any" negative number for "abort scan" is a bad API
> > design decision. It means that in future we can't introduce
> > different negative return values in the API if we have a new to.
> > i.e. each specific negative return value needs to have the potential
> > for defining a different behaviour. 
> 
> An alternative to my patch would be to add:
> if (shrink_ret < -1)
>    /* handle illegal return code in some way */

How? We have one valid negative return code. WTF are we supposed to
do if a shrinker is passing undefined return values? IOWs, the only
sane thing to do is:

	BUG_ON(shrink_ret < -1);

> > So if any change needs to be made, it is to change the -1 return
> > value to an enum and have the shrinkers return that enum when they
> > want an abort.
> 
> I am all for an enum, but I still believe we should handle the case where
> the shrinkers return something wicked.

Which bit of "broken shrinkers need to be fixed" don't you
understand? A BUG_ON() will make sure they get fixed - anything else
that allows broken shrinkers to continue functioning is a completely
unacceptible solution.

-Dave.
-- 
Dave Chinner
dchinner@redhat.com

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

WARNING: multiple messages have this Message-ID (diff)

From: Dave Chinner <dchinner@redhat.com>
To: Oskar Andero <oskar.andero@sonymobile.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	"Lekanovic, Radovan" <Radovan.Lekanovic@sonymobile.com>,
	David Rientjes <rientjes@google.com>,
	Glauber Costa <glommer@openvz.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Hugh Dickins <hughd@google.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] mm: vmscan: handle any negative return value from scan_objects
Date: Fri, 17 May 2013 16:33:40 +1000	[thread overview]
Message-ID: <20130517063340.GE11167@devil.localdomain> (raw)
In-Reply-To: <20130516122752.GG24072@caracas.corpusers.net>

On Thu, May 16, 2013 at 02:27:52PM +0200, Oskar Andero wrote:
> On 13:52 Thu 16 May     , Dave Chinner wrote:
> > On Thu, May 16, 2013 at 10:42:16AM +0200, Oskar Andero wrote:
> > > The shrinkers must return -1 to indicate that it is busy. Instead, treat
> > > any negative value as busy.
> > 
> > Why? The API defines return condition for aborting a scan and gives
> > a specific value for doing that. i.e. explain why should change the
> > API to over-specify the 'abort scan" return value like this.
> 
> As I pointed out earlier, looking in to the code (from master):
> 	if (shrink_ret == -1)
> 		break;
> 	if (shrink_ret < nr_before)
> 		ret += nr_before - shrink_ret;
> 
> This piece of code lacks a sanity check and will only function if shrink_ret
> is either greater than zero or exactly -1. If shrink_ret is e.g. -2 this will
> lead to undefined behaviour.

If a shrinker is returning -2 then the shrinker is broken and needs
fixing.

> > FWIW, using "any" negative number for "abort scan" is a bad API
> > design decision. It means that in future we can't introduce
> > different negative return values in the API if we have a new to.
> > i.e. each specific negative return value needs to have the potential
> > for defining a different behaviour. 
> 
> An alternative to my patch would be to add:
> if (shrink_ret < -1)
>    /* handle illegal return code in some way */

How? We have one valid negative return code. WTF are we supposed to
do if a shrinker is passing undefined return values? IOWs, the only
sane thing to do is:

	BUG_ON(shrink_ret < -1);

> > So if any change needs to be made, it is to change the -1 return
> > value to an enum and have the shrinkers return that enum when they
> > want an abort.
> 
> I am all for an enum, but I still believe we should handle the case where
> the shrinkers return something wicked.

Which bit of "broken shrinkers need to be fixed" don't you
understand? A BUG_ON() will make sure they get fixed - anything else
that allows broken shrinkers to continue functioning is a completely
unacceptible solution.

-Dave.
-- 
Dave Chinner
dchinner@redhat.com

next prev parent reply	other threads:[~2013-05-17  6:33 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-16  8:42 [PATCH] mm: vmscan: handle any negative return value from scan_objects Oskar Andero
2013-05-16  8:42 ` Oskar Andero
2013-05-16 11:52 ` Dave Chinner
2013-05-16 11:52   ` Dave Chinner
2013-05-16 12:27   ` Oskar Andero
2013-05-16 12:27     ` Oskar Andero
2013-05-17  6:33     ` Dave Chinner [this message]
2013-05-17  6:33       ` Dave Chinner
2013-05-17  8:00       ` Oskar Andero
2013-05-17  8:00         ` Oskar Andero

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130517063340.GE11167@devil.localdomain \
    --to=dchinner@redhat.com \
    --cc=Radovan.Lekanovic@sonymobile.com \
    --cc=akpm@linux-foundation.org \
    --cc=glommer@openvz.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=hughd@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=oskar.andero@sonymobile.com \
    --cc=rientjes@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.