From: Barry Song <v-songbao...@oppo.com>
Non-blocking allocation with __GFP_NOFAIL is not supported and may still
result in NULL pointers (if we don't return NULL, we result in busy-loop
within non-sleepable contexts):
static inline struct page *
__alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order,
struct alloc_context *ac)
{
...
/*
* Make sure that __GFP_NOFAIL request doesn't leak out and make sure
* we always retry
*/
if (gfp_mask & __GFP_NOFAIL) {
/*
* All existing users of the __GFP_NOFAIL are blockable, so warn
* of any new users that actually require GFP_NOWAIT
*/
if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask))
goto fail;
...
}
...
fail:
warn_alloc(gfp_mask, ac->nodemask,
"page allocation failure: order:%u", order);
got_pg:
return page;
}
Highlight this in the documentation of __GFP_NOFAIL so that non-mm
subsystems can reject any illegal usage of __GFP_NOFAIL with GFP_ATOMIC,
GFP_NOWAIT, etc.
Signed-off-by: Barry Song <v-songbao...@oppo.com>
Acked-by: Michal Hocko <mho...@suse.com>
Reviewed-by: Christoph Hellwig <h...@lst.de>
Acked-by: Vlastimil Babka <vba...@suse.cz>
Acked-by: Davidlohr Bueso <d...@stgolabs.net>
Cc: Christoph Lameter <c...@linux.com>
Cc: David Rientjes <rient...@google.com>
Cc: "Eugenio PĂ©rez" <epere...@redhat.com>
Cc: Hailong.Liu <hailong....@oppo.com>
Cc: Hyeonggon Yoo <42.hye...@gmail.com>
Cc: Jason Wang <jasow...@redhat.com>
Cc: Joonsoo Kim <iamjoonsoo....@lge.com>
Cc: Kees Cook <k...@kernel.org>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Lorenzo Stoakes <lorenzo.stoa...@oracle.com>
Cc: Maxime Coquelin <maxime.coque...@redhat.com>
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Cc: Pekka Enberg <penb...@kernel.org>
Cc: Roman Gushchin <roman.gushc...@linux.dev>
Cc: Uladzislau Rezki (Sony) <ure...@gmail.com>
Cc: Xuan Zhuo <xuanz...@linux.alibaba.com>
---
include/linux/gfp_types.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/linux/gfp_types.h b/include/linux/gfp_types.h
index 313be4ad79fd..4a1fa7706b0c 100644
--- a/include/linux/gfp_types.h
+++ b/include/linux/gfp_types.h
@@ -215,7 +215,8 @@ enum {
* the caller still has to check for failures) while costly requests try to be
* not disruptive and back off even without invoking the OOM killer.
* The following three modifiers might be used to override some of these
- * implicit rules.
+ * implicit rules. Please note that all of them must be used along with
+ * %__GFP_DIRECT_RECLAIM flag.
*
* %__GFP_NORETRY: The VM implementation will try only very lightweight
* memory direct reclaim to get some memory under memory pressure (thus
@@ -246,6 +247,8 @@ enum {
* cannot handle allocation failures. The allocation could block
* indefinitely but will never return with failure. Testing for
* failure is pointless.
+ * It _must_ be blockable and used together with __GFP_DIRECT_RECLAIM.
+ * It should _never_ be used in non-sleepable contexts.
* New users should be evaluated carefully (and the flag should be
* used only when there is no reasonable failure policy) but it is
* definitely preferable to use the flag rather than opencode endless
--
2.39.3 (Apple Git-146)
