From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: NeilBrown <neilb@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Uladzislau Rezki <urezki@gmail.com>,
Michal Hocko <mhocko@kernel.org>,
Dave Chinner <david@fromorbit.com>,
Christoph Hellwig <hch@lst.de>,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
LKML <linux-kernel@vger.kernel.org>,
Ilya Dryomov <idryomov@gmail.com>,
Jeff Layton <jlayton@kernel.org>, Michal Hocko <mhocko@suse.com>
Subject: Re: [PATCH v2 2/4] mm/vmalloc: add support for __GFP_NOFAIL
Date: Wed, 24 Nov 2021 19:32:31 -0500 [thread overview]
Message-ID: <YZ7Zn8pEp9D/oqS1@mit.edu> (raw)
In-Reply-To: <163773141164.1891.1440920123016055540@noble.neil.brown.name>
On Wed, Nov 24, 2021 at 04:23:31PM +1100, NeilBrown wrote:
>
> It would get particularly painful if some system call started returned
> -ENOMEM, which had never returned that before. I note that ext4 uses
> __GFP_NOFAIL when handling truncate. I don't think user-space would be
> happy with ENOMEM from truncate (or fallocate(PUNHC_HOLE)), though a
> recent commit which adds it focuses more on wanting to avoid the need
> for fsck.
If the inode is in use (via an open file descriptor) when it is
unlocked, we can't actually do the truncate until the inode is
evicted, and at that point, there is no user space to return to. For
that reason, the evict_inode() method is not *allowed* to fail. So
this is why we need to use GFP_NOFAIL or an open-coded retry loop.
The alternative would be to mark the file system corrupt, and then
either remount the file system, panic the system and reboot, or leave
the file system corrupted ("don't worry, be happy"). I considered
GFP_NOFAIL to be the lesser of the evils. :-)
If the VFS allowed evict_inode() to fail, all it could do is to put
the inode back on the list of inodes to be later evicted --- which is
to say, we would have to add a lot of complexity to effectively add a
gigantic retry loop.
Granted, we wouldn't need to be holding any locks in between retries,
so perhaps it'a better than adding a retry loop deep in the guts of
the ext4 truncate codepath. But then we would need to worry about
userspace getting ENOMEM for system calls which historically, users
have traditionally never failing. I suppose we could also solve this
problem by adding retry logic in the top-level VFS truncate codepath,
so instead of returning ENOMEM, we just retry the truncate(2) system
call and hope that we have enough memory to succeed this time.
After all, can the userspace do if truncate() fails with ENOMEM? It
can fail the userspace program, which in the case of a long-running
daemon such as mysqld, is basically the userspace equivalent of "panic
and reboot", or it can retry truncate(2) syste call at the userspace
level.
Are we detecting a pattern here? There will always be cases where the
choice is "panic" or "retry".
- Ted
next prev parent reply other threads:[~2021-11-25 0:34 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-22 15:32 [PATCH v2 0/4] extend vmalloc support for constrained allocations Michal Hocko
2021-11-22 15:32 ` [PATCH v2 1/4] mm/vmalloc: alloc GFP_NO{FS,IO} for vmalloc Michal Hocko
2021-11-23 19:05 ` Uladzislau Rezki
2021-11-26 15:13 ` Vlastimil Babka
2021-11-22 15:32 ` [PATCH v2 2/4] mm/vmalloc: add support for __GFP_NOFAIL Michal Hocko
2021-11-23 19:01 ` Uladzislau Rezki
2021-11-23 20:09 ` Michal Hocko
2021-11-24 20:46 ` Uladzislau Rezki
2021-11-24 1:02 ` Andrew Morton
2021-11-24 3:16 ` NeilBrown
2021-11-24 3:48 ` Andrew Morton
2021-11-24 5:23 ` NeilBrown
2021-11-25 0:32 ` Theodore Y. Ts'o [this message]
2021-11-26 14:50 ` Vlastimil Babka
2021-11-26 15:09 ` Michal Hocko
2021-11-24 23:45 ` Dave Chinner
2021-11-24 8:43 ` Michal Hocko
2021-11-24 20:37 ` Uladzislau Rezki
2021-11-25 8:48 ` Michal Hocko
2021-11-25 18:40 ` Uladzislau Rezki
2021-11-25 19:21 ` Michal Hocko
2021-11-24 20:11 ` Uladzislau Rezki
2021-11-25 8:46 ` Michal Hocko
2021-11-25 18:02 ` Uladzislau Rezki
2021-11-25 19:24 ` Michal Hocko
2021-11-25 20:03 ` Uladzislau Rezki
2021-11-25 20:13 ` Michal Hocko
2021-11-25 20:21 ` Uladzislau Rezki
2021-11-26 10:48 ` Michal Hocko
2021-11-28 0:00 ` Andrew Morton
2021-11-29 8:56 ` Michal Hocko
2021-11-26 15:32 ` Vlastimil Babka
2021-11-22 15:32 ` [PATCH v2 3/4] mm/vmalloc: be more explicit about supported gfp flags Michal Hocko
2021-11-23 18:58 ` Uladzislau Rezki
2021-11-26 15:39 ` Vlastimil Babka
2021-11-22 15:32 ` [PATCH v2 4/4] mm: allow !GFP_KERNEL allocations for kvmalloc Michal Hocko
2021-11-23 18:57 ` Uladzislau Rezki
2021-11-23 19:02 ` Uladzislau Rezki
2021-11-26 15:50 ` Vlastimil Babka
2021-11-24 22:55 ` [PATCH v2 0/4] extend vmalloc support for constrained allocations Dave Chinner
2021-11-25 8:58 ` Michal Hocko
2021-11-25 9:30 ` Michal Hocko
2021-11-25 21:30 ` Dave Chinner
2021-11-26 9:20 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YZ7Zn8pEp9D/oqS1@mit.edu \
--to=tytso@mit.edu \
--cc=akpm@linux-foundation.org \
--cc=david@fromorbit.com \
--cc=hch@lst.de \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=mhocko@suse.com \
--cc=neilb@suse.de \
--cc=urezki@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).