From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from out-179.mta1.migadu.com (out-179.mta1.migadu.com [95.215.58.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BA454ADD81
	for <linux-kernel@vger.kernel.org>; Fri,  5 Jun 2026 08:49:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.179
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780649379; cv=none; b=WzIhSWjJnVNMffhvdHe4feMJPfX2+aW2UAJyhjttpdWr34spqj5ahK7ZBSIaaLAzC4c2saQAOV0dQTaNXk5ROpcXfQ6r3dMhtlrFtmLI5rd5g3LKZO7eZNI6573w3anuICtaR68VIvZY3ny61yMBHruODyEVUCY2h2U08jtk2eg=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780649379; c=relaxed/simple;
	bh=525DidrRUguisOGviV352RpUUgN/U0MluVOTN6XIta4=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type; b=f+TvbFSmarsV3o9mL1d5sZSYTY2/eivX3aCj5G2SzhSIxwxXCGnh7TYaxW9P9iKLyIn0w+01Ih3utRe8uTWSu6If2M3cdzs3wen3fAtHm/19r85lSyUvFitbgg+IWhL7fKQOLrkgcHaDL4jSR5f9lkhy56R781nV45HQRAM1Yjc=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=qjZBmLwJ; arc=none smtp.client-ip=95.215.58.179
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="qjZBmLwJ"
Message-ID: <3de3a89b-92f0-4cd2-9f41-8e853eae4e78@linux.dev>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
	t=1780649372;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=YOToXdxhhhdNK71DLVY4SYkIbODfD9tHfsxl+vivDR8=;
	b=qjZBmLwJgvsbuvq1fHyyIIcdo6WxEInJqqF3BNOBkvY1ArbkqE+G54aTWf86cZwwFBdXdn
	tr5j+DmrGHYFquCnV9slP+JnPAuV+Jgj5EuAXnT7DAck61kRPkW+plclGgVpgCzomSHQFO
	lsPlG9KHy3eJMYoD4IWUcfjiM2/d8MA=
Date: Fri, 5 Jun 2026 16:48:35 +0800
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Subject: Re: [PATCH v2 3/3] mm/percpu: Avoid IO/FS reclaim in backing
 allocations
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Dennis Zhou <dennis@kernel.org>, Tejun Heo <tj@kernel.org>,
 Christoph Lameter <cl@gentwo.org>, Uladzislau Rezki <urezki@gmail.com>,
 Pedro Falcato <pfalcato@suse.de>, Vlastimil Babka <vbabka@kernel.org>,
 Michal Hocko <mhocko@suse.com>, muchun.song@linux.dev, linux-mm@kvack.org,
 linux-kernel@vger.kernel.org, Kaitao Cheng <chengkaitao@kylinos.cn>
References: <20260604113101.89510-1-kaitao.cheng@linux.dev>
 <20260604113101.89510-4-kaitao.cheng@linux.dev>
 <20260604120709.445c027637b3ad72ad13279a@linux-foundation.org>
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From: Kaitao Cheng <kaitao.cheng@linux.dev>
In-Reply-To: <20260604120709.445c027637b3ad72ad13279a@linux-foundation.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Migadu-Flow: FLOW_OUT

在 2026/6/5 03:07, Andrew Morton 写道:
> On Thu,  4 Jun 2026 19:31:01 +0800 Kaitao Cheng <kaitao.cheng@linux.dev> wrote:
> 
>> From: Kaitao Cheng <chengkaitao@kylinos.cn>
>>
>> Commit 9a5b183941b5 ("mm, percpu: do not consider sleepable
>> allocations atomic") allows sleepable GFP_NOIO and GFP_NOFS percpu
>> allocations to take pcpu_alloc_mutex.  This avoids premature allocation
>> failures, but it also makes the mutex visible to callers from constrained
>> IO/FS contexts.
>>
>> Thread A calls pcpu_alloc_noprof() with GFP_KERNEL and takes
>> pcpu_alloc_mutex. Since the internal allocation is not constrained by
>> NOFS, it may enter FS reclaim while still holding pcpu_alloc_mutex,
>> creating a dependency like: pcpu_alloc_mutex -> fs_reclaim -> FS lock
>>
>> At the same time, Thread B may already hold an FS lock and then call
>> pcpu_alloc_noprof() with GFP_NOFS. It will try to acquire
>> pcpu_alloc_mutex and block, creating the reverse dependency:
>> FS lock -> pcpu_alloc_mutex
>>
>> This can still form a potential deadlock cycle.
>>
>> Avoid the dependency by restricting percpu backing allocations to GFP_NOIO.
>> The public allocation still uses the caller's GFP context to decide whether
>> it may block, but the internal memory allocations performed while
>> pcpu_alloc_mutex is held cannot recurse into IO or FS reclaim.
>>
>> ...
>>
>> --- a/mm/percpu.c
>> +++ b/mm/percpu.c
>> @@ -1726,9 +1726,8 @@ static void pcpu_alloc_tag_free_hook(struct pcpu_chunk *chunk, int off, size_t s
>>   * @gfp: allocation flags
>>   *
>>   * Allocate percpu area of @size bytes aligned at @align.  If @gfp doesn't
>> - * contain %GFP_KERNEL, the allocation is atomic. If @gfp has __GFP_NOWARN
>> - * then no warning will be triggered on invalid or failed allocation
>> - * requests.
>> + * allow blocking, the allocation is atomic. If @gfp has __GFP_NOWARN then no
>> + * warning will be triggered on invalid or failed allocation requests.
>>   *
>>   * RETURNS:
>>   * Percpu pointer to the allocated area on success, NULL on failure.
>> @@ -1749,8 +1748,14 @@ void __percpu *pcpu_alloc_noprof(size_t size, size_t align, bool reserved,
>>  	size_t bits, bit_align;
>>  
>>  	gfp = current_gfp_context(gfp);
>> -	/* whitelisted flags that can be passed to the backing allocators */
>> -	pcpu_gfp = gfp & (GFP_KERNEL | __GFP_NORETRY | __GFP_NOWARN);
>> +	/*
>> +	 * Whitelisted flags that can be passed to the backing allocators.
> 
> We're supposed to say "allowlist".
> 
>> +	 * Backing allocations under pcpu_alloc_mutex must not recurse into
>> +	 * IO/FS reclaim.  Otherwise a GFP_KERNEL caller holding the mutex can
>> +	 * block on reclaim while a GFP_NOIO/NOFS caller holding an IO/FS lock
>> +	 * waits for the same mutex.
>> +	 */
>> +	pcpu_gfp = gfp & (GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN);
> 
> AI review
> (https://sashiko.dev/#/patchset/20260604113101.89510-1-kaitao.cheng@linux.dev)
> asked why we're currently removing __GFP_NOFAIL here.  There are
> probably good reasons for this, but it would be good to describe them
> in that comment.
> 

This behavior has been present since commit 554fef1c39ee
("percpu: allow select gfp to be passed to underlying allocators"),
which introduced the whitelist for GFP flags passed down to the backing
allocators.

I did a quick AI-assisted scan of the current tree and did not find any
in-tree caller passing __GFP_NOFAIL to pcpu_alloc_noprof() or its
wrappers. So the issue Sashiko described does not appear to be reachable
with current callers.

That said, I agree the semantics are somewhat incomplete: __GFP_NOFAIL
is handled when taking pcpu_alloc_mutex, but it is not propagated through
pcpu_gfp to the backing allocations. If we want to address this
defensively, I think it would be better as a separate patch. Even though it
touches the same line, it fixes a different issue from this change.

-- 
Thanks
Kaitao Cheng