lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 17 Sep 2021 12:56:57 +1000
From:   NeilBrown <neilb@...e.de>
To:     Andrew Morton <akpm@...ux-foundation.org>,
        Theodore Ts'o <tytso@....edu>,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        "Darrick J. Wong" <djwong@...nel.org>,
        Matthew Wilcox <willy@...radead.org>,
        Mel Gorman <mgorman@...e.de>, Michal Hocko <mhocko@...e.com>,
        ". Dave Chinner" <david@...morbit.com>,
        Jonathan Corbet <corbet@....net>
Cc:     linux-xfs@...r.kernel.org, linux-ext4@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org,
        linux-mm@...ck.org, linux-kernel@...r.kernel.org,
        linux-doc@...r.kernel.org
Subject: [PATCH 2/6] MM: improve documentation for __GFP_NOFAIL

__GFP_NOFAIL is documented both in gfp.h and memory-allocation.rst.
The details are not entirely consistent.

This patch ensures both places state that:
 - there is a risk of deadlock with reclaim/writeback/oom-kill
 - it should only be used when there is no real alternative
 - it is preferable to an endless loop
 - it is strongly discourages for costly-order allocations.

Signed-off-by: NeilBrown <neilb@...e.de>
---
 Documentation/core-api/memory-allocation.rst |   25 ++++++++++++++++++++++++-
 include/linux/gfp.h                          |    6 +++++-
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/Documentation/core-api/memory-allocation.rst b/Documentation/core-api/memory-allocation.rst
index 5954ddf6ee13..8ea077465446 100644
--- a/Documentation/core-api/memory-allocation.rst
+++ b/Documentation/core-api/memory-allocation.rst
@@ -126,7 +126,30 @@ or another request.
 
   * ``GFP_KERNEL | __GFP_NOFAIL`` - overrides the default allocator behavior
     and all allocation requests will loop endlessly until they succeed.
-    This might be really dangerous especially for larger orders.
+    Any attempt to use ``__GFP_NOFAIL`` for allocations larger than
+    order-1 (2 pages) will trigger a warning.
+
+    Use of ``__GFP_NOFAIL`` can cause deadlocks so it should only be used
+    when there is no alternative, and then should be used with caution.
+    Deadlocks can happen if the calling process holds any resources
+    (e.g. locks) which might be needed for memory reclaim or write-back,
+    or which might prevent a process killed by the OOM killer from
+    successfully exiting.  Where possible, locks should be released
+    before using ``__GFP_NOFAIL``.
+
+    While this flag is best avoided, it is still preferable to endless
+    loops around the allocator.  Endless loops may still be used when
+    there is a need to test for the process being killed
+    (fatal_signal_pending(current)).
+
+  * ``GFP_NOFS | __GFP_NOFAIL`` - Loop endlessly instead of failing
+    when performing allocations in file system code.  The same guidance
+    as for ``GFP_KERNEL | __GFP_NOFAIL`` applies with extra emphasis on
+    the possibility of deadlocks.  ``GFP_NOFS`` often implies that
+    filesystem locks are held which might lead to blocking reclaim.
+    Preemptively flushing or reclaiming memory associated with such
+    locks might be appropriate before requesting a ``__GFP_NOFAIL``
+    allocation.
 
 Selecting memory allocator
 ==========================
diff --git a/include/linux/gfp.h b/include/linux/gfp.h
index 55b2ec1f965a..1d2a89e20b8b 100644
--- a/include/linux/gfp.h
+++ b/include/linux/gfp.h
@@ -209,7 +209,11 @@ struct vm_area_struct;
  * used only when there is no reasonable failure policy) but it is
  * definitely preferable to use the flag rather than opencode endless
  * loop around allocator.
- * Using this flag for costly allocations is _highly_ discouraged.
+ * Use of this flag may lead to deadlocks if locks are held which would
+ * be needed for memory reclaim, write-back, or the timely exit of a
+ * process killed by the OOM-killer.  Dropping any locks not absolutely
+ * needed is advisable before requesting a %__GFP_NOFAIL allocate.
+ * Using this flag for costly allocations (order>1) is _highly_ discouraged.
  */
 #define __GFP_IO	((__force gfp_t)___GFP_IO)
 #define __GFP_FS	((__force gfp_t)___GFP_FS)


Powered by blists - more mailing lists