From: Mike Kravetz <mike.kravetz@oracle.com>
To: Dave Hansen <dave.hansen@intel.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
Hugh Dickins <hughd@google.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH v2 2/4] mm/hugetlb: Setup hugetlb_falloc during fallocate hole punch
Date: Tue, 20 Oct 2015 18:02:38 -0700 [thread overview]
Message-ID: <5626E42E.7000402@oracle.com> (raw)
In-Reply-To: <5626D84C.6060204@intel.com>
On 10/20/2015 05:11 PM, Dave Hansen wrote:
> On 10/20/2015 04:52 PM, Mike Kravetz wrote:
>> if (hole_end > hole_start) {
>> struct address_space *mapping = inode->i_mapping;
>> + DECLARE_WAIT_QUEUE_HEAD_ONSTACK(hugetlb_falloc_waitq);
>> + /*
>> + * Page faults on the area to be hole punched must be stopped
>> + * during the operation. Initialize struct and have
>> + * inode->i_private point to it.
>> + */
>> + struct hugetlb_falloc hugetlb_falloc = {
>> + .waitq = &hugetlb_falloc_waitq,
>> + .start = hole_start >> hpage_shift,
>> + .end = hole_end >> hpage_shift
>> + };
> ...
>> @@ -527,6 +550,12 @@ static long hugetlbfs_punch_hole(struct inode *inode, loff_t offset, loff_t len)
>> hole_end >> PAGE_SHIFT);
>> i_mmap_unlock_write(mapping);
>> remove_inode_hugepages(inode, hole_start, hole_end);
>> +
>> + spin_lock(&inode->i_lock);
>> + inode->i_private = NULL;
>> + wake_up_all(&hugetlb_falloc_waitq);
>> + spin_unlock(&inode->i_lock);
>
> I see the shmem code doing something similar. But, in the end, we're
> passing the stack-allocated 'hugetlb_falloc_waitq' over to the page
> faulting thread. Is there something subtle that keeps
> 'hugetlb_falloc_waitq' from becoming invalid while the other task is
> sleeping?
>
> That wake_up_all() obviously can't sleep, but it seems like the faulting
> thread's finish_wait() *HAS* to run before wake_up_all() can return.
>
The 'trick' is noted in the comment in the shmem_fault code:
/*
* shmem_falloc_waitq points into the
shmem_fallocate()
* stack of the hole-punching task:
shmem_falloc_waitq
* is usually invalid by the time we reach here, but
* finish_wait() does not dereference it in that
case;
* though i_lock needed lest racing with
wake_up_all().
*/
The faulting thread is removed from the waitq when awakened with
wake_up_all(). See the DEFINE_WAIT() and supporting code in the
faulting thread. Because of this, when the faulting thread calls
finish_wait() it does not access the waitq that was/is on the stack.
At least I've convinced myself it works this way. :)
--
Mike Kravetz
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Mike Kravetz <mike.kravetz@oracle.com>
To: Dave Hansen <dave.hansen@intel.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
Hugh Dickins <hughd@google.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH v2 2/4] mm/hugetlb: Setup hugetlb_falloc during fallocate hole punch
Date: Tue, 20 Oct 2015 18:02:38 -0700 [thread overview]
Message-ID: <5626E42E.7000402@oracle.com> (raw)
In-Reply-To: <5626D84C.6060204@intel.com>
On 10/20/2015 05:11 PM, Dave Hansen wrote:
> On 10/20/2015 04:52 PM, Mike Kravetz wrote:
>> if (hole_end > hole_start) {
>> struct address_space *mapping = inode->i_mapping;
>> + DECLARE_WAIT_QUEUE_HEAD_ONSTACK(hugetlb_falloc_waitq);
>> + /*
>> + * Page faults on the area to be hole punched must be stopped
>> + * during the operation. Initialize struct and have
>> + * inode->i_private point to it.
>> + */
>> + struct hugetlb_falloc hugetlb_falloc = {
>> + .waitq = &hugetlb_falloc_waitq,
>> + .start = hole_start >> hpage_shift,
>> + .end = hole_end >> hpage_shift
>> + };
> ...
>> @@ -527,6 +550,12 @@ static long hugetlbfs_punch_hole(struct inode *inode, loff_t offset, loff_t len)
>> hole_end >> PAGE_SHIFT);
>> i_mmap_unlock_write(mapping);
>> remove_inode_hugepages(inode, hole_start, hole_end);
>> +
>> + spin_lock(&inode->i_lock);
>> + inode->i_private = NULL;
>> + wake_up_all(&hugetlb_falloc_waitq);
>> + spin_unlock(&inode->i_lock);
>
> I see the shmem code doing something similar. But, in the end, we're
> passing the stack-allocated 'hugetlb_falloc_waitq' over to the page
> faulting thread. Is there something subtle that keeps
> 'hugetlb_falloc_waitq' from becoming invalid while the other task is
> sleeping?
>
> That wake_up_all() obviously can't sleep, but it seems like the faulting
> thread's finish_wait() *HAS* to run before wake_up_all() can return.
>
The 'trick' is noted in the comment in the shmem_fault code:
/*
* shmem_falloc_waitq points into the
shmem_fallocate()
* stack of the hole-punching task:
shmem_falloc_waitq
* is usually invalid by the time we reach here, but
* finish_wait() does not dereference it in that
case;
* though i_lock needed lest racing with
wake_up_all().
*/
The faulting thread is removed from the waitq when awakened with
wake_up_all(). See the DEFINE_WAIT() and supporting code in the
faulting thread. Because of this, when the faulting thread calls
finish_wait() it does not access the waitq that was/is on the stack.
At least I've convinced myself it works this way. :)
--
Mike Kravetz
next prev parent reply other threads:[~2015-10-21 1:02 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-20 23:52 [PATCH v2 0/4] hugetlbfs fallocate hole punch race with page faults Mike Kravetz
2015-10-20 23:52 ` Mike Kravetz
2015-10-20 23:52 ` [PATCH v2 1/4] mm/hugetlb: Define hugetlb_falloc structure for hole punch race Mike Kravetz
2015-10-20 23:52 ` Mike Kravetz
2015-10-20 23:52 ` [PATCH v2 2/4] mm/hugetlb: Setup hugetlb_falloc during fallocate hole punch Mike Kravetz
2015-10-20 23:52 ` Mike Kravetz
2015-10-21 0:11 ` Dave Hansen
2015-10-21 0:11 ` Dave Hansen
2015-10-21 1:02 ` Mike Kravetz [this message]
2015-10-21 1:02 ` Mike Kravetz
2015-10-20 23:52 ` [PATCH v2 3/4] mm/hugetlb: page faults check for fallocate hole punch in progress and wait Mike Kravetz
2015-10-20 23:52 ` Mike Kravetz
2015-10-28 3:37 ` Hugh Dickins
2015-10-28 3:37 ` Hugh Dickins
2015-10-20 23:52 ` [PATCH v2 4/4] mm/hugetlb: Unmap pages to remove if page fault raced with hole punch Mike Kravetz
2015-10-20 23:52 ` Mike Kravetz
2015-10-28 3:34 ` [PATCH v2 0/4] hugetlbfs fallocate hole punch race with page faults Hugh Dickins
2015-10-28 3:34 ` Hugh Dickins
2015-10-28 16:06 ` Mike Kravetz
2015-10-28 16:06 ` Mike Kravetz
2015-10-28 21:00 ` Hugh Dickins
2015-10-28 21:00 ` Hugh Dickins
2015-10-28 21:13 ` Mike Kravetz
2015-10-28 21:13 ` Mike Kravetz
2015-10-29 0:21 ` Mike Kravetz
2015-10-29 0:21 ` Mike Kravetz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5626E42E.7000402@oracle.com \
--to=mike.kravetz@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=dave.hansen@intel.com \
--cc=dave@stgolabs.net \
--cc=hughd@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=n-horiguchi@ah.jp.nec.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.