Re: [PATCH RESEND 7/8] pipe: account to kmemcg
From: Minchan Kim <minchan@kernel.org>
Date: 2016-05-26 07:04:55
Also in:
linux-fsdevel, linux-mm, lkml
On Wed, May 25, 2016 at 01:30:11PM +0300, Vladimir Davydov wrote:
On Tue, May 24, 2016 at 01:04:33PM -0700, Eric Dumazet wrote:quoted
On Tue, 2016-05-24 at 19:13 +0300, Vladimir Davydov wrote:quoted
On Tue, May 24, 2016 at 05:59:02AM -0700, Eric Dumazet wrote: ...quoted
quoted
+static int anon_pipe_buf_steal(struct pipe_inode_info *pipe, + struct pipe_buffer *buf) +{ + struct page *page = buf->page; + + if (page_count(page) == 1) {This looks racy : some cpu could have temporarily elevated page count.All pipe operations (pipe_buf_operations->get, ->release, ->steal) are supposed to be called under pipe_lock. So, if we see a pipe_buffer->page with refcount of 1 in ->steal, that means that we are the only its user and it can't be spliced to another pipe. In fact, I just copied the code from generic_pipe_buf_steal, adding kmemcg related checks along the way, so it should be fine.So you guarantee that no other cpu might have done get_page_unless_zero() right before this test ?Each pipe_buffer holds a reference to its page. If we find page's refcount to be 1 here, then it can be referenced only by our pipe_buffer. And the refcount cannot be increased by a parallel thread, because we hold pipe_lock, which rules out splice, and otherwise it's impossible to reach the page as it is not on lru. That said, I think I guarantee that this should be safe.
I don't know kmemcg internal and pipe stuff so my comment might be totally crap. No one cannot guarantee any CPU cannot held a reference of a page. Look at get_page_unless_zero usecases. 1. balloon_page_isolate It can hold a reference in random page and then verify the page is balloon page. Otherwise, just put. 2. page_idle_get_page It has PageLRU check but it's racy so it can hold a reference of randome page and then verify within zone->lru_lock. If it's not LRU page, just put.