Re: [PATCH 1/2] mm: clarify __GFP_MEMALLOC usage

From: John Hubbard
Date: Mon Apr 06 2020 - 19:41:03 EST


On 4/6/20 4:32 PM, David Rientjes wrote:
On Mon, 6 Apr 2020, John Hubbard wrote:

Hi Michal and all,

How about using approximately this wording instead? I found Neil's wording to
be
especially helpful so I mixed it in. (Also fixed a couple of slight 80-col
overruns.)

diff --git a/include/linux/gfp.h b/include/linux/gfp.h
index be2754841369..c247a911d8c7 100644
--- a/include/linux/gfp.h
+++ b/include/linux/gfp.h
@@ -111,6 +111,15 @@ struct vm_area_struct;
* very shortly e.g. process exiting or swapping. Users either should
* be the MM or co-ordinating closely with the VM (e.g. swap over NFS).
*
+ * To be extra clear: users of __GFP_MEMALLOC must be working to free other
+ * memory, and that other memory needs to be freed "soon"; specifically,
before
+ * the reserve is exhausted. This generally implies a throttling mechanism
that
+ * balances the amount of __GFP_MEMALLOC memory used against the amount that
the
+ * caller is about to free.
+ *
+ * Usage of a pre-allocated pool (e.g. mempool) should be always considered
+ * before using this flag.
+ *
* %__GFP_NOMEMALLOC is used to explicitly forbid access to emergency
reserves.
* This takes precedence over the %__GFP_MEMALLOC flag if both are set.
*/

I agree this looks better, but if a developer is reading this and is
unfamiliar with the implementation of memory reserves or __GFP_MEMALLOC,
how do they take any action that memory allocated with this bit is freed
before the reserve is exhausted?


In order to make it even possible to write documentation, I'd like to constrain
what "a developer" means a bit more. Someone who comes decides to use this
flag will at least get a clear indication of what's involved, and I would
expect that if it's still not clear, they would take a slightly deeper look.

So "a developer unfamiliar with the implementation of memory reserves" is
probably going to get into trouble if they remain unfamiliar. This documentation
should inspire them to learn what they need to learn.


It seems like it's simply saying "don't allocate a lot of this before you
free it." That may be very well how it goes, but any discussion of
depletion of the reserve seems to imply we'd want to quantify it and I
agree that's not what we want the user to do.

So maybe simply state that reserves can be extremely limited and thus it's
best to assume there is very little reserve left?


Well...but now we're sort of back to the original documentation anyway. I
like the idea of putting in a bit about "you're supposed to be doing something
that frees up memory" in the comments, because it is a lot more concrete.

Because it's pretty hard to figure out what "be careful, there's not much
left" really means, in terms of code that one writes. :)

thanks,
--
John Hubbard
NVIDIA