2005-04-17 02:20:36 +04:00
/*
* Copyright ( C ) 2001 Momchil Velikov
* Portions Copyright ( C ) 2001 Christoph Hellwig
2008-07-04 20:59:22 +04:00
* Copyright ( C ) 2005 SGI , Christoph Lameter
2006-12-07 07:33:44 +03:00
* Copyright ( C ) 2006 Nick Piggin
2012-03-29 01:42:53 +04:00
* Copyright ( C ) 2012 Konstantin Khlebnikov
2016-05-21 03:02:58 +03:00
* Copyright ( C ) 2016 Intel , Matthew Wilcox
* Copyright ( C ) 2016 Intel , Ross Zwisler
2005-04-17 02:20:36 +04:00
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation ; either version 2 , or ( at
* your option ) any later version .
*
* This program is distributed in the hope that it will be useful , but
* WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
* General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
2016-12-20 18:27:56 +03:00
# include <linux/bitmap.h>
# include <linux/bitops.h>
2017-11-28 23:16:24 +03:00
# include <linux/bug.h>
2016-12-15 02:09:01 +03:00
# include <linux/cpu.h>
2005-04-17 02:20:36 +04:00
# include <linux/errno.h>
2016-12-20 18:27:56 +03:00
# include <linux/export.h>
# include <linux/idr.h>
2005-04-17 02:20:36 +04:00
# include <linux/init.h>
# include <linux/kernel.h>
2016-12-20 18:27:56 +03:00
# include <linux/kmemleak.h>
2005-04-17 02:20:36 +04:00
# include <linux/percpu.h>
2016-12-20 18:27:56 +03:00
# include <linux/preempt.h> /* in_interrupt() */
# include <linux/radix-tree.h>
# include <linux/rcupdate.h>
2005-04-17 02:20:36 +04:00
# include <linux/slab.h>
# include <linux/string.h>
2017-11-04 06:09:45 +03:00
# include <linux/xarray.h>
2005-04-17 02:20:36 +04:00
/*
* Radix tree node cache .
*/
2017-11-10 23:15:08 +03:00
struct kmem_cache * radix_tree_node_cachep ;
2005-04-17 02:20:36 +04:00
2012-05-30 02:07:34 +04:00
/*
* The radix tree is variable - height , so an insert operation not only has
* to build the branch to its corresponding item , it also has to build the
* branch to existing items if the size has to be increased ( by
* radix_tree_extend ) .
*
* The worst case is a zero height tree with just a single item at index 0 ,
* and then inserting an item at index ULONG_MAX . This requires 2 new branches
* of RADIX_TREE_MAX_PATH size to be created , with only the root node shared .
* Hence :
*/
# define RADIX_TREE_PRELOAD_SIZE (RADIX_TREE_MAX_PATH * 2 - 1)
2016-12-20 18:27:56 +03:00
/*
* The IDR does not have to be as high as the radix tree since it uses
* signed integers , not unsigned longs .
*/
# define IDR_INDEX_BITS (8 /* CHAR_BIT */ * sizeof(int) - 1)
# define IDR_MAX_PATH (DIV_ROUND_UP(IDR_INDEX_BITS, \
RADIX_TREE_MAP_SHIFT ) )
# define IDR_PRELOAD_SIZE (IDR_MAX_PATH * 2 - 1)
2016-12-16 19:55:56 +03:00
/*
* The IDA is even shorter since it uses a bitmap at the last level .
*/
# define IDA_INDEX_BITS (8 * sizeof(int) - 1 - ilog2(IDA_BITMAP_BITS))
# define IDA_MAX_PATH (DIV_ROUND_UP(IDA_INDEX_BITS, \
RADIX_TREE_MAP_SHIFT ) )
# define IDA_PRELOAD_SIZE (IDA_MAX_PATH * 2 - 1)
2005-04-17 02:20:36 +04:00
/*
* Per - cpu pool of preloaded nodes
*/
struct radix_tree_preload {
2016-05-21 03:03:04 +03:00
unsigned nr ;
2017-01-17 00:41:29 +03:00
/* nodes->parent points to next preallocated node */
2015-06-26 01:02:19 +03:00
struct radix_tree_node * nodes ;
2005-04-17 02:20:36 +04:00
} ;
2009-01-07 01:40:50 +03:00
static DEFINE_PER_CPU ( struct radix_tree_preload , radix_tree_preloads ) = { 0 , } ;
2005-04-17 02:20:36 +04:00
2016-12-15 02:08:49 +03:00
static inline struct radix_tree_node * entry_to_node ( void * ptr )
{
return ( void * ) ( ( unsigned long ) ptr & ~ RADIX_TREE_INTERNAL_NODE ) ;
}
2016-05-21 03:03:24 +03:00
static inline void * node_to_entry ( void * ptr )
2010-11-12 01:05:19 +03:00
{
2016-05-21 03:03:22 +03:00
return ( void * ) ( ( unsigned long ) ptr | RADIX_TREE_INTERNAL_NODE ) ;
2010-11-12 01:05:19 +03:00
}
2017-11-04 06:09:45 +03:00
# define RADIX_TREE_RETRY XA_RETRY_ENTRY
2016-05-21 03:01:57 +03:00
2017-02-13 23:58:24 +03:00
static inline unsigned long
get_slot_offset ( const struct radix_tree_node * parent , void __rcu * * slot )
2016-05-21 03:01:57 +03:00
{
2018-08-18 14:05:50 +03:00
return parent ? slot - parent - > slots : 0 ;
2016-05-21 03:01:57 +03:00
}
2016-12-20 01:43:19 +03:00
static unsigned int radix_tree_descend ( const struct radix_tree_node * parent ,
2016-05-21 03:03:48 +03:00
struct radix_tree_node * * nodep , unsigned long index )
2016-05-21 03:01:57 +03:00
{
2016-05-21 03:03:48 +03:00
unsigned int offset = ( index > > parent - > shift ) & RADIX_TREE_MAP_MASK ;
2017-02-13 23:58:24 +03:00
void __rcu * * entry = rcu_dereference_raw ( parent - > slots [ offset ] ) ;
2016-05-21 03:01:57 +03:00
* nodep = ( void * ) entry ;
return offset ;
}
2016-12-20 01:43:19 +03:00
static inline gfp_t root_gfp_mask ( const struct radix_tree_root * root )
2006-06-23 13:03:22 +04:00
{
2017-11-08 00:30:10 +03:00
return root - > xa_flags & ( __GFP_BITS_MASK & ~ GFP_ZONEMASK ) ;
2006-06-23 13:03:22 +04:00
}
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
static inline void tag_set ( struct radix_tree_node * node , unsigned int tag ,
int offset )
{
__set_bit ( offset , node - > tags [ tag ] ) ;
}
static inline void tag_clear ( struct radix_tree_node * node , unsigned int tag ,
int offset )
{
__clear_bit ( offset , node - > tags [ tag ] ) ;
}
2016-12-20 01:43:19 +03:00
static inline int tag_get ( const struct radix_tree_node * node , unsigned int tag ,
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
int offset )
{
return test_bit ( offset , node - > tags [ tag ] ) ;
}
2016-12-20 01:43:19 +03:00
static inline void root_tag_set ( struct radix_tree_root * root , unsigned tag )
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
{
2017-11-08 00:30:10 +03:00
root - > xa_flags | = ( __force gfp_t ) ( 1 < < ( tag + ROOT_TAG_SHIFT ) ) ;
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
}
2016-05-21 03:03:04 +03:00
static inline void root_tag_clear ( struct radix_tree_root * root , unsigned tag )
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
{
2017-11-08 00:30:10 +03:00
root - > xa_flags & = ( __force gfp_t ) ~ ( 1 < < ( tag + ROOT_TAG_SHIFT ) ) ;
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
}
static inline void root_tag_clear_all ( struct radix_tree_root * root )
{
2017-11-08 00:30:10 +03:00
root - > xa_flags & = ( __force gfp_t ) ( ( 1 < < ROOT_TAG_SHIFT ) - 1 ) ;
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
}
2016-12-20 01:43:19 +03:00
static inline int root_tag_get ( const struct radix_tree_root * root , unsigned tag )
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
{
2017-11-08 00:30:10 +03:00
return ( __force int ) root - > xa_flags & ( 1 < < ( tag + ROOT_TAG_SHIFT ) ) ;
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
}
2016-12-20 01:43:19 +03:00
static inline unsigned root_tags_get ( const struct radix_tree_root * root )
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
{
2017-11-08 00:30:10 +03:00
return ( __force unsigned ) root - > xa_flags > > ROOT_TAG_SHIFT ;
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
}
2016-12-20 18:27:56 +03:00
static inline bool is_idr ( const struct radix_tree_root * root )
2016-05-21 03:02:23 +03:00
{
2017-11-08 00:30:10 +03:00
return ! ! ( root - > xa_flags & ROOT_IS_IDR ) ;
2016-05-21 03:02:23 +03:00
}
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
/*
* Returns 1 if any slot in the node has this tag set .
* Otherwise returns 0.
*/
2016-12-20 01:43:19 +03:00
static inline int any_tag_set ( const struct radix_tree_node * node ,
unsigned int tag )
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
{
2016-05-21 03:03:04 +03:00
unsigned idx ;
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
for ( idx = 0 ; idx < RADIX_TREE_TAG_LONGS ; idx + + ) {
if ( node - > tags [ tag ] [ idx ] )
return 1 ;
}
return 0 ;
}
2012-03-29 01:42:53 +04:00
2016-12-20 18:27:56 +03:00
static inline void all_tag_set ( struct radix_tree_node * node , unsigned int tag )
{
bitmap_fill ( node - > tags [ tag ] , RADIX_TREE_MAP_SIZE ) ;
}
2012-03-29 01:42:53 +04:00
/**
* radix_tree_find_next_bit - find the next set bit in a memory region
*
* @ addr : The address to base the search on
* @ size : The bitmap size in bits
* @ offset : The bitnumber to start searching at
*
* Unrollable variant of find_next_bit ( ) for constant size arrays .
* Tail bits starting from size to roundup ( size , BITS_PER_LONG ) must be zero .
* Returns next bit offset , or size if nothing found .
*/
static __always_inline unsigned long
2016-12-15 02:08:40 +03:00
radix_tree_find_next_bit ( struct radix_tree_node * node , unsigned int tag ,
unsigned long offset )
2012-03-29 01:42:53 +04:00
{
2016-12-15 02:08:40 +03:00
const unsigned long * addr = node - > tags [ tag ] ;
2012-03-29 01:42:53 +04:00
2016-12-15 02:08:40 +03:00
if ( offset < RADIX_TREE_MAP_SIZE ) {
2012-03-29 01:42:53 +04:00
unsigned long tmp ;
addr + = offset / BITS_PER_LONG ;
tmp = * addr > > ( offset % BITS_PER_LONG ) ;
if ( tmp )
return __ffs ( tmp ) + offset ;
offset = ( offset + BITS_PER_LONG ) & ~ ( BITS_PER_LONG - 1 ) ;
2016-12-15 02:08:40 +03:00
while ( offset < RADIX_TREE_MAP_SIZE ) {
2012-03-29 01:42:53 +04:00
tmp = * + + addr ;
if ( tmp )
return __ffs ( tmp ) + offset ;
offset + = BITS_PER_LONG ;
}
}
2016-12-15 02:08:40 +03:00
return RADIX_TREE_MAP_SIZE ;
2012-03-29 01:42:53 +04:00
}
2016-12-15 02:08:55 +03:00
static unsigned int iter_offset ( const struct radix_tree_iter * iter )
{
2018-09-22 23:14:30 +03:00
return iter - > index & RADIX_TREE_MAP_MASK ;
2016-12-15 02:08:55 +03:00
}
2016-12-15 02:08:43 +03:00
/*
* The maximum index which can be stored in a radix tree
*/
static inline unsigned long shift_maxindex ( unsigned int shift )
{
return ( RADIX_TREE_MAP_SIZE < < shift ) - 1 ;
}
2016-12-20 01:43:19 +03:00
static inline unsigned long node_maxindex ( const struct radix_tree_node * node )
2016-12-15 02:08:43 +03:00
{
return shift_maxindex ( node - > shift ) ;
}
2016-12-20 18:27:56 +03:00
static unsigned long next_index ( unsigned long index ,
const struct radix_tree_node * node ,
unsigned long offset )
{
return ( index & ~ node_maxindex ( node ) ) + ( offset < < node - > shift ) ;
}
2005-04-17 02:20:36 +04:00
/*
* This assumes that the caller has performed appropriate preallocation , and
* that the caller has pinned this thread of control to the current CPU .
*/
static struct radix_tree_node *
2016-12-20 18:27:56 +03:00
radix_tree_node_alloc ( gfp_t gfp_mask , struct radix_tree_node * parent ,
2017-01-17 01:10:21 +03:00
struct radix_tree_root * root ,
2016-12-15 02:09:31 +03:00
unsigned int shift , unsigned int offset ,
2017-11-09 17:23:56 +03:00
unsigned int count , unsigned int nr_values )
2005-04-17 02:20:36 +04:00
{
2008-02-05 09:29:10 +03:00
struct radix_tree_node * ret = NULL ;
2005-04-17 02:20:36 +04:00
2013-09-12 01:26:05 +04:00
/*
2016-05-21 03:03:04 +03:00
* Preload code isn ' t irq safe and it doesn ' t make sense to use
* preloading during an interrupt anyway as all the allocations have
* to be atomic . So just do normal allocation when in interrupt .
2013-09-12 01:26:05 +04:00
*/
2015-11-07 03:28:21 +03:00
if ( ! gfpflags_allow_blocking ( gfp_mask ) & & ! in_interrupt ( ) ) {
2005-04-17 02:20:36 +04:00
struct radix_tree_preload * rtp ;
2016-03-18 00:18:36 +03:00
/*
* Even if the caller has preloaded , try to allocate from the
2016-08-03 00:03:01 +03:00
* cache first for the new node to get accounted to the memory
* cgroup .
2016-03-18 00:18:36 +03:00
*/
ret = kmem_cache_alloc ( radix_tree_node_cachep ,
2016-08-03 00:03:01 +03:00
gfp_mask | __GFP_NOWARN ) ;
2016-03-18 00:18:36 +03:00
if ( ret )
goto out ;
2008-02-05 09:29:10 +03:00
/*
* Provided the caller has preloaded here , we will always
* succeed in getting a node here ( and never reach
* kmem_cache_alloc )
*/
2014-06-05 03:07:56 +04:00
rtp = this_cpu_ptr ( & radix_tree_preloads ) ;
2005-04-17 02:20:36 +04:00
if ( rtp - > nr ) {
2015-06-26 01:02:19 +03:00
ret = rtp - > nodes ;
2017-01-17 00:41:29 +03:00
rtp - > nodes = ret - > parent ;
2005-04-17 02:20:36 +04:00
rtp - > nr - - ;
}
2014-06-07 01:38:18 +04:00
/*
* Update the allocation stack trace as this is more useful
* for debugging .
*/
kmemleak_update_trace ( ret ) ;
2016-03-18 00:18:36 +03:00
goto out ;
2005-04-17 02:20:36 +04:00
}
2016-08-03 00:03:01 +03:00
ret = kmem_cache_alloc ( radix_tree_node_cachep , gfp_mask ) ;
2016-03-18 00:18:36 +03:00
out :
2016-05-21 03:03:30 +03:00
BUG_ON ( radix_tree_is_internal_node ( ret ) ) ;
2016-12-15 02:09:31 +03:00
if ( ret ) {
ret - > shift = shift ;
ret - > offset = offset ;
ret - > count = count ;
2017-11-09 17:23:56 +03:00
ret - > nr_values = nr_values ;
2017-01-17 01:10:21 +03:00
ret - > parent = parent ;
2017-11-09 17:23:56 +03:00
ret - > array = root ;
2016-12-15 02:09:31 +03:00
}
2005-04-17 02:20:36 +04:00
return ret ;
}
2017-11-10 23:15:08 +03:00
void radix_tree_node_rcu_free ( struct rcu_head * head )
2006-12-07 07:33:44 +03:00
{
struct radix_tree_node * node =
container_of ( head , struct radix_tree_node , rcu_head ) ;
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
/*
2016-12-15 02:08:58 +03:00
* Must only free zeroed nodes into the slab . We can be left with
* non - NULL entries by radix_tree_free_nodes , so clear the entries
* and tags here .
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
*/
2016-12-15 02:08:58 +03:00
memset ( node - > slots , 0 , sizeof ( node - > slots ) ) ;
memset ( node - > tags , 0 , sizeof ( node - > tags ) ) ;
2016-12-15 02:08:34 +03:00
INIT_LIST_HEAD ( & node - > private_list ) ;
radix-tree: fix small lockless radix-tree bug
We shrink a radix tree when its root node has only one child, in the left
most slot. The child becomes the new root node. To perform this
operation in a manner compatible with concurrent lockless lookups, we
atomically switch the root pointer from the parent to its child.
However a concurrent lockless lookup may now have loaded a pointer to the
parent (and is presently deciding what to do next). For this reason, we
also have to keep the parent node in a valid state after shrinking the
tree, until the next RCU grace period -- otherwise this lookup with the
parent pointer may not do the right thing. Notably, we need to keep the
child in the left most slot there in case that is requested by the lookup.
This is all pretty standard RCU stuff. It is worth repeating because in
my eagerness to obey the radix tree node constructor scheme, I had broken
it by zeroing the radix tree node before the grace period.
What could happen is that a lookup can load the parent pointer, then
decide it wants to follow the left most child slot, only to find the slot
contained NULL due to the concurrent shrinker having zeroed the parent
node before waiting for a grace period. The lookup would return a false
negative as a result.
Fix it by doing that clearing in the RCU callback. I would normally want
to rip out the constructor entirely, but radix tree nodes are one of those
places where they make sense (only few cachelines will be touched soon
after allocation).
This was never actually found in any lockless pagecache testing or by the
test harness, but by seeing the odd problem with my scalable vmap rewrite.
I have not tickled the test harness into reproducing it yet, but I'll
keep working at it.
Fortunately, it is not a problem anywhere lockless pagecache is used in
mainline kernels (pagecache probe is not a guarantee, and brd does not
have concurrent lookups and deletes).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-13 02:21:52 +04:00
2006-12-07 07:33:44 +03:00
kmem_cache_free ( radix_tree_node_cachep , node ) ;
}
2005-04-17 02:20:36 +04:00
static inline void
radix_tree_node_free ( struct radix_tree_node * node )
{
2006-12-07 07:33:44 +03:00
call_rcu ( & node - > rcu_head , radix_tree_node_rcu_free ) ;
2005-04-17 02:20:36 +04:00
}
/*
* Load up this CPU ' s radix_tree_node buffer with sufficient objects to
* ensure that the addition of a single element in the tree cannot fail . On
* success , return zero , with preemption disabled . On error , return - ENOMEM
* with preemption not disabled .
FS-Cache: Use radix tree preload correctly in tracking of pages to be stored
__fscache_write_page() attempts to load the radix tree preallocation pool for
the CPU it is on before calling radix_tree_insert(), as the insertion must be
done inside a pair of spinlocks.
Use of the preallocation pool, however, is contingent on the radix tree being
initialised without __GFP_WAIT specified. __fscache_acquire_cookie() was
passing GFP_NOFS to INIT_RADIX_TREE() - but that includes __GFP_WAIT.
The solution is to AND out __GFP_WAIT.
Additionally, the banner comment to radix_tree_preload() is altered to make
note of this prerequisite. Possibly there should be a WARN_ON() too.
Without this fix, I have seen the following recursive deadlock caused by
radix_tree_insert() attempting to allocate memory inside the spinlocked
region, which resulted in FS-Cache being called back into to release memory -
which required the spinlock already held.
=============================================
[ INFO: possible recursive locking detected ]
2.6.32-rc6-cachefs #24
---------------------------------------------
nfsiod/7916 is trying to acquire lock:
(&cookie->lock){+.+.-.}, at: [<ffffffffa0076872>] __fscache_uncache_page+0xdb/0x160 [fscache]
but task is already holding lock:
(&cookie->lock){+.+.-.}, at: [<ffffffffa0076acc>] __fscache_write_page+0x15c/0x3f3 [fscache]
other info that might help us debug this:
5 locks held by nfsiod/7916:
#0: (nfsiod){+.+.+.}, at: [<ffffffff81048290>] worker_thread+0x19a/0x2e2
#1: (&task->u.tk_work#2){+.+.+.}, at: [<ffffffff81048290>] worker_thread+0x19a/0x2e2
#2: (&cookie->lock){+.+.-.}, at: [<ffffffffa0076acc>] __fscache_write_page+0x15c/0x3f3 [fscache]
#3: (&object->lock#2){+.+.-.}, at: [<ffffffffa0076b07>] __fscache_write_page+0x197/0x3f3 [fscache]
#4: (&cookie->stores_lock){+.+...}, at: [<ffffffffa0076b0f>] __fscache_write_page+0x19f/0x3f3 [fscache]
stack backtrace:
Pid: 7916, comm: nfsiod Not tainted 2.6.32-rc6-cachefs #24
Call Trace:
[<ffffffff8105ac7f>] __lock_acquire+0x1649/0x16e3
[<ffffffff81059ded>] ? __lock_acquire+0x7b7/0x16e3
[<ffffffff8100e27d>] ? dump_trace+0x248/0x257
[<ffffffff8105ad70>] lock_acquire+0x57/0x6d
[<ffffffffa0076872>] ? __fscache_uncache_page+0xdb/0x160 [fscache]
[<ffffffff8135467c>] _spin_lock+0x2c/0x3b
[<ffffffffa0076872>] ? __fscache_uncache_page+0xdb/0x160 [fscache]
[<ffffffffa0076872>] __fscache_uncache_page+0xdb/0x160 [fscache]
[<ffffffffa0077eb7>] ? __fscache_check_page_write+0x0/0x71 [fscache]
[<ffffffffa00b4755>] nfs_fscache_release_page+0x86/0xc4 [nfs]
[<ffffffffa00907f0>] nfs_release_page+0x3c/0x41 [nfs]
[<ffffffff81087ffb>] try_to_release_page+0x32/0x3b
[<ffffffff81092c2b>] shrink_page_list+0x316/0x4ac
[<ffffffff81058a9b>] ? mark_held_locks+0x52/0x70
[<ffffffff8135451b>] ? _spin_unlock_irq+0x2b/0x31
[<ffffffff81093153>] shrink_inactive_list+0x392/0x67c
[<ffffffff81058a9b>] ? mark_held_locks+0x52/0x70
[<ffffffff810934ca>] shrink_list+0x8d/0x8f
[<ffffffff81093744>] shrink_zone+0x278/0x33c
[<ffffffff81052c70>] ? ktime_get_ts+0xad/0xba
[<ffffffff8109453b>] try_to_free_pages+0x22e/0x392
[<ffffffff8109184c>] ? isolate_pages_global+0x0/0x212
[<ffffffff8108e16b>] __alloc_pages_nodemask+0x3dc/0x5cf
[<ffffffff810ae24a>] cache_alloc_refill+0x34d/0x6c1
[<ffffffff811bcf74>] ? radix_tree_node_alloc+0x52/0x5c
[<ffffffff810ae929>] kmem_cache_alloc+0xb2/0x118
[<ffffffff811bcf74>] radix_tree_node_alloc+0x52/0x5c
[<ffffffff811bcfd5>] radix_tree_insert+0x57/0x19c
[<ffffffffa0076b53>] __fscache_write_page+0x1e3/0x3f3 [fscache]
[<ffffffffa00b4248>] __nfs_readpage_to_fscache+0x58/0x11e [nfs]
[<ffffffffa009bb77>] nfs_readpage_release+0x34/0x9b [nfs]
[<ffffffffa009c0d9>] nfs_readpage_release_full+0x32/0x4b [nfs]
[<ffffffffa0006cff>] rpc_release_calldata+0x12/0x14 [sunrpc]
[<ffffffffa0006e2d>] rpc_free_task+0x59/0x61 [sunrpc]
[<ffffffffa0006f03>] rpc_async_release+0x10/0x12 [sunrpc]
[<ffffffff810482e5>] worker_thread+0x1ef/0x2e2
[<ffffffff81048290>] ? worker_thread+0x19a/0x2e2
[<ffffffff81352433>] ? thread_return+0x3e/0x101
[<ffffffffa0006ef3>] ? rpc_async_release+0x0/0x12 [sunrpc]
[<ffffffff8104bff5>] ? autoremove_wake_function+0x0/0x34
[<ffffffff81058d25>] ? trace_hardirqs_on+0xd/0xf
[<ffffffff810480f6>] ? worker_thread+0x0/0x2e2
[<ffffffff8104bd21>] kthread+0x7a/0x82
[<ffffffff8100beda>] child_rip+0xa/0x20
[<ffffffff8100b87c>] ? restore_args+0x0/0x30
[<ffffffff8104c2b9>] ? add_wait_queue+0x15/0x44
[<ffffffff8104bca7>] ? kthread+0x0/0x82
[<ffffffff8100bed0>] ? child_rip+0x0/0x20
Signed-off-by: David Howells <dhowells@redhat.com>
2009-11-19 21:11:14 +03:00
*
* To make use of this facility , the radix tree must be initialised without
2015-11-07 03:28:21 +03:00
* __GFP_DIRECT_RECLAIM being passed to INIT_RADIX_TREE ( ) .
2005-04-17 02:20:36 +04:00
*/
2017-09-09 02:15:54 +03:00
static __must_check int __radix_tree_preload ( gfp_t gfp_mask , unsigned nr )
2005-04-17 02:20:36 +04:00
{
struct radix_tree_preload * rtp ;
struct radix_tree_node * node ;
int ret = - ENOMEM ;
2016-08-03 00:03:01 +03:00
/*
* Nodes preloaded by one cgroup can be be used by another cgroup , so
* they should never be accounted to any particular memory cgroup .
*/
gfp_mask & = ~ __GFP_ACCOUNT ;
2005-04-17 02:20:36 +04:00
preempt_disable ( ) ;
2014-06-05 03:07:56 +04:00
rtp = this_cpu_ptr ( & radix_tree_preloads ) ;
2016-07-27 01:26:02 +03:00
while ( rtp - > nr < nr ) {
2005-04-17 02:20:36 +04:00
preempt_enable ( ) ;
2008-04-28 13:12:05 +04:00
node = kmem_cache_alloc ( radix_tree_node_cachep , gfp_mask ) ;
2005-04-17 02:20:36 +04:00
if ( node = = NULL )
goto out ;
preempt_disable ( ) ;
2014-06-05 03:07:56 +04:00
rtp = this_cpu_ptr ( & radix_tree_preloads ) ;
2016-07-27 01:26:02 +03:00
if ( rtp - > nr < nr ) {
2017-01-17 00:41:29 +03:00
node - > parent = rtp - > nodes ;
2015-06-26 01:02:19 +03:00
rtp - > nodes = node ;
rtp - > nr + + ;
} else {
2005-04-17 02:20:36 +04:00
kmem_cache_free ( radix_tree_node_cachep , node ) ;
2015-06-26 01:02:19 +03:00
}
2005-04-17 02:20:36 +04:00
}
ret = 0 ;
out :
return ret ;
}
2013-09-12 01:26:05 +04:00
/*
* Load up this CPU ' s radix_tree_node buffer with sufficient objects to
* ensure that the addition of a single element in the tree cannot fail . On
* success , return zero , with preemption disabled . On error , return - ENOMEM
* with preemption not disabled .
*
* To make use of this facility , the radix tree must be initialised without
2015-11-07 03:28:21 +03:00
* __GFP_DIRECT_RECLAIM being passed to INIT_RADIX_TREE ( ) .
2013-09-12 01:26:05 +04:00
*/
int radix_tree_preload ( gfp_t gfp_mask )
{
/* Warn on non-sensical use... */
2015-11-07 03:28:21 +03:00
WARN_ON_ONCE ( ! gfpflags_allow_blocking ( gfp_mask ) ) ;
2016-07-27 01:26:02 +03:00
return __radix_tree_preload ( gfp_mask , RADIX_TREE_PRELOAD_SIZE ) ;
2013-09-12 01:26:05 +04:00
}
2007-07-14 10:05:04 +04:00
EXPORT_SYMBOL ( radix_tree_preload ) ;
2005-04-17 02:20:36 +04:00
2013-09-12 01:26:05 +04:00
/*
* The same as above function , except we don ' t guarantee preloading happens .
* We do it , if we decide it helps . On success , return zero with preemption
* disabled . On error , return - ENOMEM with preemption not disabled .
*/
int radix_tree_maybe_preload ( gfp_t gfp_mask )
{
2015-11-07 03:28:21 +03:00
if ( gfpflags_allow_blocking ( gfp_mask ) )
2016-07-27 01:26:02 +03:00
return __radix_tree_preload ( gfp_mask , RADIX_TREE_PRELOAD_SIZE ) ;
2013-09-12 01:26:05 +04:00
/* Preloading doesn't help anything with this gfp mask, skip it */
preempt_disable ( ) ;
return 0 ;
}
EXPORT_SYMBOL ( radix_tree_maybe_preload ) ;
2016-12-20 01:43:19 +03:00
static unsigned radix_tree_load_root ( const struct radix_tree_root * root ,
2016-05-21 03:02:08 +03:00
struct radix_tree_node * * nodep , unsigned long * maxindex )
{
2017-11-08 00:30:10 +03:00
struct radix_tree_node * node = rcu_dereference_raw ( root - > xa_head ) ;
2016-05-21 03:02:08 +03:00
* nodep = node ;
2016-05-21 03:03:30 +03:00
if ( likely ( radix_tree_is_internal_node ( node ) ) ) {
2016-05-21 03:03:27 +03:00
node = entry_to_node ( node ) ;
2016-05-21 03:02:08 +03:00
* maxindex = node_maxindex ( node ) ;
2016-05-21 03:03:10 +03:00
return node - > shift + RADIX_TREE_MAP_SHIFT ;
2016-05-21 03:02:08 +03:00
}
* maxindex = 0 ;
return 0 ;
}
2005-04-17 02:20:36 +04:00
/*
* Extend a radix tree so it can store key @ index .
*/
2016-12-20 18:27:56 +03:00
static int radix_tree_extend ( struct radix_tree_root * root , gfp_t gfp ,
2016-05-21 03:03:19 +03:00
unsigned long index , unsigned int shift )
2005-04-17 02:20:36 +04:00
{
2017-02-13 23:58:24 +03:00
void * entry ;
2016-05-21 03:03:19 +03:00
unsigned int maxshift ;
2005-04-17 02:20:36 +04:00
int tag ;
2016-05-21 03:03:19 +03:00
/* Figure out what the shift should be. */
maxshift = shift ;
while ( index > shift_maxindex ( maxshift ) )
maxshift + = RADIX_TREE_MAP_SHIFT ;
2005-04-17 02:20:36 +04:00
2017-11-08 00:30:10 +03:00
entry = rcu_dereference_raw ( root - > xa_head ) ;
2017-02-13 23:58:24 +03:00
if ( ! entry & & ( ! is_idr ( root ) | | root_tag_get ( root , IDR_FREE ) ) )
2005-04-17 02:20:36 +04:00
goto out ;
do {
2016-12-20 18:27:56 +03:00
struct radix_tree_node * node = radix_tree_node_alloc ( gfp , NULL ,
2017-01-17 01:10:21 +03:00
root , shift , 0 , 1 , 0 ) ;
2016-05-21 03:03:04 +03:00
if ( ! node )
2005-04-17 02:20:36 +04:00
return - ENOMEM ;
2016-12-20 18:27:56 +03:00
if ( is_idr ( root ) ) {
all_tag_set ( node , IDR_FREE ) ;
if ( ! root_tag_get ( root , IDR_FREE ) ) {
tag_clear ( node , IDR_FREE , 0 ) ;
root_tag_set ( root , IDR_FREE ) ;
}
} else {
/* Propagate the aggregated tag info to the new child */
for ( tag = 0 ; tag < RADIX_TREE_MAX_TAGS ; tag + + ) {
if ( root_tag_get ( root , tag ) )
tag_set ( node , tag , 0 ) ;
}
2005-04-17 02:20:36 +04:00
}
2016-05-21 03:03:19 +03:00
BUG_ON ( shift > BITS_PER_LONG ) ;
2017-02-13 23:58:24 +03:00
if ( radix_tree_is_internal_node ( entry ) ) {
entry_to_node ( entry ) - > parent = node ;
2017-11-03 20:30:42 +03:00
} else if ( xa_is_value ( entry ) ) {
2017-11-09 17:23:56 +03:00
/* Moving a value entry root->xa_head to a node */
node - > nr_values = 1 ;
2016-12-13 03:43:41 +03:00
}
2017-02-13 23:58:24 +03:00
/*
* entry was already in the radix tree , so we do not need
* rcu_assign_pointer here
*/
node - > slots [ 0 ] = ( void __rcu * ) entry ;
entry = node_to_entry ( node ) ;
2017-11-08 00:30:10 +03:00
rcu_assign_pointer ( root - > xa_head , entry ) ;
2016-05-21 03:03:19 +03:00
shift + = RADIX_TREE_MAP_SHIFT ;
} while ( shift < = maxshift ) ;
2005-04-17 02:20:36 +04:00
out :
2016-05-21 03:03:19 +03:00
return maxshift + RADIX_TREE_MAP_SHIFT ;
2005-04-17 02:20:36 +04:00
}
2016-12-13 03:43:46 +03:00
/**
* radix_tree_shrink - shrink radix tree to minimum height
* @ root radix tree root
*/
2018-04-09 23:24:45 +03:00
static inline bool radix_tree_shrink ( struct radix_tree_root * root )
2016-12-13 03:43:46 +03:00
{
2017-01-28 17:56:22 +03:00
bool shrunk = false ;
2016-12-13 03:43:46 +03:00
for ( ; ; ) {
2017-11-08 00:30:10 +03:00
struct radix_tree_node * node = rcu_dereference_raw ( root - > xa_head ) ;
2016-12-13 03:43:46 +03:00
struct radix_tree_node * child ;
if ( ! radix_tree_is_internal_node ( node ) )
break ;
node = entry_to_node ( node ) ;
/*
* The candidate node has more than one child , or its child
2018-09-22 23:14:30 +03:00
* is not at the leftmost slot , we cannot shrink .
2016-12-13 03:43:46 +03:00
*/
if ( node - > count ! = 1 )
break ;
2017-02-13 23:22:48 +03:00
child = rcu_dereference_raw ( node - > slots [ 0 ] ) ;
2016-12-13 03:43:46 +03:00
if ( ! child )
break ;
2018-06-25 13:56:50 +03:00
/*
* For an IDR , we must not shrink entry 0 into the root in
* case somebody calls idr_replace ( ) with a pointer that
* appears to be an internal entry
*/
if ( ! node - > shift & & is_idr ( root ) )
break ;
2016-12-13 03:43:46 +03:00
if ( radix_tree_is_internal_node ( child ) )
entry_to_node ( child ) - > parent = NULL ;
/*
* We don ' t need rcu_assign_pointer ( ) , since we are simply
* moving the node from one part of the tree to another : if it
* was safe to dereference the old pointer to it
* ( node - > slots [ 0 ] ) , it will be safe to dereference the new
2017-11-08 00:30:10 +03:00
* one ( root - > xa_head ) as far as dependent read barriers go .
2016-12-13 03:43:46 +03:00
*/
2017-11-08 00:30:10 +03:00
root - > xa_head = ( void __rcu * ) child ;
2016-12-20 18:27:56 +03:00
if ( is_idr ( root ) & & ! tag_get ( node , IDR_FREE , 0 ) )
root_tag_clear ( root , IDR_FREE ) ;
2016-12-13 03:43:46 +03:00
/*
* We have a dilemma here . The node ' s slot [ 0 ] must not be
* NULLed in case there are concurrent lookups expecting to
* find the item . However if this was a bottom - level node ,
* then it may be subject to the slot pointer being visible
* to callers dereferencing it . If item corresponding to
* slot [ 0 ] is subsequently deleted , these callers would expect
* their slot to become empty sooner or later .
*
* For example , lockless pagecache will look up a slot , deref
* the page pointer , and if the page has 0 refcount it means it
* was concurrently deleted from pagecache so try the deref
* again . Fortunately there is already a requirement for logic
* to retry the entire slot lookup - - the indirect pointer
* problem ( replacing direct root node with an indirect pointer
* also results in a stale slot ) . So tag the slot as indirect
* to force callers to retry .
*/
2016-12-13 03:43:49 +03:00
node - > count = 0 ;
if ( ! radix_tree_is_internal_node ( child ) ) {
2017-02-13 23:58:24 +03:00
node - > slots [ 0 ] = ( void __rcu * ) RADIX_TREE_RETRY ;
2016-12-13 03:43:49 +03:00
}
2016-12-13 03:43:46 +03:00
mm: workingset: fix use-after-free in shadow node shrinker
Several people report seeing warnings about inconsistent radix tree
nodes followed by crashes in the workingset code, which all looked like
use-after-free access from the shadow node shrinker.
Dave Jones managed to reproduce the issue with a debug patch applied,
which confirmed that the radix tree shrinking indeed frees shadow nodes
while they are still linked to the shadow LRU:
WARNING: CPU: 2 PID: 53 at lib/radix-tree.c:643 delete_node+0x1e4/0x200
CPU: 2 PID: 53 Comm: kswapd0 Not tainted 4.10.0-rc2-think+ #3
Call Trace:
delete_node+0x1e4/0x200
__radix_tree_delete_node+0xd/0x10
shadow_lru_isolate+0xe6/0x220
__list_lru_walk_one.isra.4+0x9b/0x190
list_lru_walk_one+0x23/0x30
scan_shadow_nodes+0x2e/0x40
shrink_slab.part.44+0x23d/0x5d0
shrink_node+0x22c/0x330
kswapd+0x392/0x8f0
This is the WARN_ON_ONCE(!list_empty(&node->private_list)) placed in the
inlined radix_tree_shrink().
The problem is with 14b468791fa9 ("mm: workingset: move shadow entry
tracking to radix tree exceptional tracking"), which passes an update
callback into the radix tree to link and unlink shadow leaf nodes when
tree entries change, but forgot to pass the callback when reclaiming a
shadow node.
While the reclaimed shadow node itself is unlinked by the shrinker, its
deletion from the tree can cause the left-most leaf node in the tree to
be shrunk. If that happens to be a shadow node as well, we don't unlink
it from the LRU as we should.
Consider this tree, where the s are shadow entries:
root->rnode
|
[0 n]
| |
[s ] [sssss]
Now the shadow node shrinker reclaims the rightmost leaf node through
the shadow node LRU:
root->rnode
|
[0 ]
|
[s ]
Because the parent of the deleted node is the first level below the
root and has only one child in the left-most slot, the intermediate
level is shrunk and the node containing the single shadow is put in
its place:
root->rnode
|
[s ]
The shrinker again sees a single left-most slot in a first level node
and thus decides to store the shadow in root->rnode directly and free
the node - which is a leaf node on the shadow node LRU.
root->rnode
|
s
Without the update callback, the freed node remains on the shadow LRU,
where it causes later shrinker runs to crash.
Pass the node updater callback into __radix_tree_delete_node() in case
the deletion causes the left-most branch in the tree to collapse too.
Also add warnings when linked nodes are freed right away, rather than
wait for the use-after-free when the list is scanned much later.
Fixes: 14b468791fa9 ("mm: workingset: move shadow entry tracking to radix tree exceptional tracking")
Reported-by: Dave Chinner <david@fromorbit.com>
Reported-by: Hugh Dickins <hughd@google.com>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Reported-and-tested-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Chris Leech <cleech@redhat.com>
Cc: Lee Duncan <lduncan@suse.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Matthew Wilcox <mawilcox@linuxonhyperv.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-01-07 03:21:43 +03:00
WARN_ON_ONCE ( ! list_empty ( & node - > private_list ) ) ;
2016-12-13 03:43:46 +03:00
radix_tree_node_free ( node ) ;
2017-01-28 17:56:22 +03:00
shrunk = true ;
2016-12-13 03:43:46 +03:00
}
2017-01-28 17:56:22 +03:00
return shrunk ;
2016-12-13 03:43:46 +03:00
}
2017-01-28 17:56:22 +03:00
static bool delete_node ( struct radix_tree_root * root ,
2018-04-09 23:24:45 +03:00
struct radix_tree_node * node )
2016-12-13 03:43:46 +03:00
{
2017-01-28 17:56:22 +03:00
bool deleted = false ;
2016-12-13 03:43:46 +03:00
do {
struct radix_tree_node * parent ;
if ( node - > count ) {
2017-02-13 23:22:48 +03:00
if ( node_to_entry ( node ) = =
2017-11-08 00:30:10 +03:00
rcu_dereference_raw ( root - > xa_head ) )
2018-04-09 23:24:45 +03:00
deleted | = radix_tree_shrink ( root ) ;
2017-01-28 17:56:22 +03:00
return deleted ;
2016-12-13 03:43:46 +03:00
}
parent = node - > parent ;
if ( parent ) {
parent - > slots [ node - > offset ] = NULL ;
parent - > count - - ;
} else {
2016-12-20 18:27:56 +03:00
/*
* Shouldn ' t the tags already have all been cleared
* by the caller ?
*/
if ( ! is_idr ( root ) )
root_tag_clear_all ( root ) ;
2017-11-08 00:30:10 +03:00
root - > xa_head = NULL ;
2016-12-13 03:43:46 +03:00
}
mm: workingset: fix use-after-free in shadow node shrinker
Several people report seeing warnings about inconsistent radix tree
nodes followed by crashes in the workingset code, which all looked like
use-after-free access from the shadow node shrinker.
Dave Jones managed to reproduce the issue with a debug patch applied,
which confirmed that the radix tree shrinking indeed frees shadow nodes
while they are still linked to the shadow LRU:
WARNING: CPU: 2 PID: 53 at lib/radix-tree.c:643 delete_node+0x1e4/0x200
CPU: 2 PID: 53 Comm: kswapd0 Not tainted 4.10.0-rc2-think+ #3
Call Trace:
delete_node+0x1e4/0x200
__radix_tree_delete_node+0xd/0x10
shadow_lru_isolate+0xe6/0x220
__list_lru_walk_one.isra.4+0x9b/0x190
list_lru_walk_one+0x23/0x30
scan_shadow_nodes+0x2e/0x40
shrink_slab.part.44+0x23d/0x5d0
shrink_node+0x22c/0x330
kswapd+0x392/0x8f0
This is the WARN_ON_ONCE(!list_empty(&node->private_list)) placed in the
inlined radix_tree_shrink().
The problem is with 14b468791fa9 ("mm: workingset: move shadow entry
tracking to radix tree exceptional tracking"), which passes an update
callback into the radix tree to link and unlink shadow leaf nodes when
tree entries change, but forgot to pass the callback when reclaiming a
shadow node.
While the reclaimed shadow node itself is unlinked by the shrinker, its
deletion from the tree can cause the left-most leaf node in the tree to
be shrunk. If that happens to be a shadow node as well, we don't unlink
it from the LRU as we should.
Consider this tree, where the s are shadow entries:
root->rnode
|
[0 n]
| |
[s ] [sssss]
Now the shadow node shrinker reclaims the rightmost leaf node through
the shadow node LRU:
root->rnode
|
[0 ]
|
[s ]
Because the parent of the deleted node is the first level below the
root and has only one child in the left-most slot, the intermediate
level is shrunk and the node containing the single shadow is put in
its place:
root->rnode
|
[s ]
The shrinker again sees a single left-most slot in a first level node
and thus decides to store the shadow in root->rnode directly and free
the node - which is a leaf node on the shadow node LRU.
root->rnode
|
s
Without the update callback, the freed node remains on the shadow LRU,
where it causes later shrinker runs to crash.
Pass the node updater callback into __radix_tree_delete_node() in case
the deletion causes the left-most branch in the tree to collapse too.
Also add warnings when linked nodes are freed right away, rather than
wait for the use-after-free when the list is scanned much later.
Fixes: 14b468791fa9 ("mm: workingset: move shadow entry tracking to radix tree exceptional tracking")
Reported-by: Dave Chinner <david@fromorbit.com>
Reported-by: Hugh Dickins <hughd@google.com>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Reported-and-tested-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Chris Leech <cleech@redhat.com>
Cc: Lee Duncan <lduncan@suse.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Matthew Wilcox <mawilcox@linuxonhyperv.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-01-07 03:21:43 +03:00
WARN_ON_ONCE ( ! list_empty ( & node - > private_list ) ) ;
2016-12-13 03:43:46 +03:00
radix_tree_node_free ( node ) ;
2017-01-28 17:56:22 +03:00
deleted = true ;
2016-12-13 03:43:46 +03:00
node = parent ;
} while ( node ) ;
2017-01-28 17:56:22 +03:00
return deleted ;
2016-12-13 03:43:46 +03:00
}
2005-04-17 02:20:36 +04:00
/**
2014-04-04 01:47:54 +04:00
* __radix_tree_create - create a slot in a radix tree
2005-04-17 02:20:36 +04:00
* @ root : radix tree root
* @ index : index key
2014-04-04 01:47:54 +04:00
* @ nodep : returns node
* @ slotp : returns slot
2005-04-17 02:20:36 +04:00
*
2014-04-04 01:47:54 +04:00
* Create , if necessary , and return the node and slot for an item
* at position @ index in the radix tree @ root .
*
* Until there is more than one item in the tree , no nodes are
2017-11-08 00:30:10 +03:00
* allocated and @ root - > xa_head is used as a direct slot instead of
2014-04-04 01:47:54 +04:00
* pointing to a node , in which case * @ nodep will be NULL .
*
* Returns - ENOMEM , or 0 for success .
2005-04-17 02:20:36 +04:00
*/
2017-11-17 18:01:45 +03:00
static int __radix_tree_create ( struct radix_tree_root * root ,
2018-09-22 23:14:30 +03:00
unsigned long index , struct radix_tree_node * * nodep ,
void __rcu * * * slotp )
2005-04-17 02:20:36 +04:00
{
2016-05-21 03:03:42 +03:00
struct radix_tree_node * node = NULL , * child ;
2017-11-08 00:30:10 +03:00
void __rcu * * slot = ( void __rcu * * ) & root - > xa_head ;
2016-05-21 03:02:11 +03:00
unsigned long maxindex ;
2016-05-21 03:03:42 +03:00
unsigned int shift , offset = 0 ;
2018-09-22 23:14:30 +03:00
unsigned long max = index ;
2016-12-20 18:27:56 +03:00
gfp_t gfp = root_gfp_mask ( root ) ;
2016-05-21 03:02:11 +03:00
2016-05-21 03:03:42 +03:00
shift = radix_tree_load_root ( root , & child , & maxindex ) ;
2005-04-17 02:20:36 +04:00
/* Make sure the tree is high enough. */
2016-05-21 03:02:11 +03:00
if ( max > maxindex ) {
2016-12-20 18:27:56 +03:00
int error = radix_tree_extend ( root , gfp , max , shift ) ;
2016-05-21 03:02:11 +03:00
if ( error < 0 )
2005-04-17 02:20:36 +04:00
return error ;
2016-05-21 03:02:11 +03:00
shift = error ;
2017-11-08 00:30:10 +03:00
child = rcu_dereference_raw ( root - > xa_head ) ;
2005-04-17 02:20:36 +04:00
}
2018-09-22 23:14:30 +03:00
while ( shift > 0 ) {
2016-05-21 03:03:10 +03:00
shift - = RADIX_TREE_MAP_SHIFT ;
2016-05-21 03:03:42 +03:00
if ( child = = NULL ) {
2005-04-17 02:20:36 +04:00
/* Have to add a child node. */
2017-01-17 01:10:21 +03:00
child = radix_tree_node_alloc ( gfp , node , root , shift ,
2016-12-15 02:09:31 +03:00
offset , 0 , 0 ) ;
2016-05-21 03:03:42 +03:00
if ( ! child )
2005-04-17 02:20:36 +04:00
return - ENOMEM ;
2016-05-21 03:03:42 +03:00
rcu_assign_pointer ( * slot , node_to_entry ( child ) ) ;
if ( node )
2005-04-17 02:20:36 +04:00
node - > count + + ;
2016-05-21 03:03:42 +03:00
} else if ( ! radix_tree_is_internal_node ( child ) )
2016-03-18 00:21:54 +03:00
break ;
2005-04-17 02:20:36 +04:00
/* Go a level down */
2016-05-21 03:03:42 +03:00
node = entry_to_node ( child ) ;
2016-05-21 03:03:48 +03:00
offset = radix_tree_descend ( node , & child , index ) ;
2016-05-21 03:03:42 +03:00
slot = & node - > slots [ offset ] ;
2016-03-18 00:21:54 +03:00
}
2016-12-15 02:08:58 +03:00
if ( nodep )
* nodep = node ;
if ( slotp )
* slotp = slot ;
return 0 ;
}
/*
* Free any nodes below this node . The tree is presumed to not need
* shrinking , and any user data in the tree is presumed to not need a
* destructor called on it . If we need to add a destructor , we can
* add that functionality later . Note that we may not clear tags or
* slots from the tree as an RCU walker may still have a pointer into
* this subtree . We could replace the entries with RADIX_TREE_RETRY ,
* but we ' ll still have to clear those in rcu_free .
*/
static void radix_tree_free_nodes ( struct radix_tree_node * node )
{
unsigned offset = 0 ;
struct radix_tree_node * child = entry_to_node ( node ) ;
for ( ; ; ) {
2017-02-13 23:22:48 +03:00
void * entry = rcu_dereference_raw ( child - > slots [ offset ] ) ;
2017-11-04 06:09:45 +03:00
if ( xa_is_node ( entry ) & & child - > shift ) {
2016-12-15 02:08:58 +03:00
child = entry_to_node ( entry ) ;
offset = 0 ;
continue ;
}
offset + + ;
while ( offset = = RADIX_TREE_MAP_SIZE ) {
struct radix_tree_node * old = child ;
offset = child - > offset + 1 ;
child = child - > parent ;
2017-01-25 02:18:16 +03:00
WARN_ON_ONCE ( ! list_empty ( & old - > private_list ) ) ;
2016-12-15 02:08:58 +03:00
radix_tree_node_free ( old ) ;
if ( old = = entry_to_node ( node ) )
return ;
}
}
}
2017-02-13 23:58:24 +03:00
static inline int insert_entries ( struct radix_tree_node * node ,
2018-09-22 23:14:30 +03:00
void __rcu * * slot , void * item , bool replace )
2016-12-15 02:08:58 +03:00
{
if ( * slot )
return - EEXIST ;
rcu_assign_pointer ( * slot , item ) ;
if ( node ) {
node - > count + + ;
2017-11-03 20:30:42 +03:00
if ( xa_is_value ( item ) )
2017-11-09 17:23:56 +03:00
node - > nr_values + + ;
2016-12-15 02:08:58 +03:00
}
return 1 ;
}
2014-04-04 01:47:54 +04:00
/**
2016-03-18 00:21:54 +03:00
* __radix_tree_insert - insert into a radix tree
2014-04-04 01:47:54 +04:00
* @ root : radix tree root
* @ index : index key
* @ item : item to insert
*
* Insert an item into the radix tree at position @ index .
*/
2018-09-22 23:14:30 +03:00
int radix_tree_insert ( struct radix_tree_root * root , unsigned long index ,
void * item )
2014-04-04 01:47:54 +04:00
{
struct radix_tree_node * node ;
2017-02-13 23:58:24 +03:00
void __rcu * * slot ;
2014-04-04 01:47:54 +04:00
int error ;
2016-05-21 03:03:30 +03:00
BUG_ON ( radix_tree_is_internal_node ( item ) ) ;
2014-04-04 01:47:54 +04:00
2018-09-22 23:14:30 +03:00
error = __radix_tree_create ( root , index , & node , & slot ) ;
2014-04-04 01:47:54 +04:00
if ( error )
return error ;
2016-12-15 02:08:58 +03:00
2018-09-22 23:14:30 +03:00
error = insert_entries ( node , slot , item , false ) ;
2016-12-15 02:08:58 +03:00
if ( error < 0 )
return error ;
2005-09-07 02:16:46 +04:00
2006-06-23 13:03:22 +04:00
if ( node ) {
2016-05-21 03:02:23 +03:00
unsigned offset = get_slot_offset ( node , slot ) ;
BUG_ON ( tag_get ( node , 0 , offset ) ) ;
BUG_ON ( tag_get ( node , 1 , offset ) ) ;
BUG_ON ( tag_get ( node , 2 , offset ) ) ;
2006-06-23 13:03:22 +04:00
} else {
2016-05-21 03:02:23 +03:00
BUG_ON ( root_tags_get ( root ) ) ;
2006-06-23 13:03:22 +04:00
}
2005-04-17 02:20:36 +04:00
return 0 ;
}
2018-09-22 23:14:30 +03:00
EXPORT_SYMBOL ( radix_tree_insert ) ;
2005-04-17 02:20:36 +04:00
2014-04-04 01:47:54 +04:00
/**
* __radix_tree_lookup - lookup an item in a radix tree
* @ root : radix tree root
* @ index : index key
* @ nodep : returns node
* @ slotp : returns slot
*
* Lookup and return the item at position @ index in the radix
* tree @ root .
*
* Until there is more than one item in the tree , no nodes are
2017-11-08 00:30:10 +03:00
* allocated and @ root - > xa_head is used as a direct slot instead of
2014-04-04 01:47:54 +04:00
* pointing to a node , in which case * @ nodep will be NULL .
2006-12-07 07:33:44 +03:00
*/
2016-12-20 01:43:19 +03:00
void * __radix_tree_lookup ( const struct radix_tree_root * root ,
unsigned long index , struct radix_tree_node * * nodep ,
2017-02-13 23:58:24 +03:00
void __rcu * * * slotp )
2005-04-17 02:20:36 +04:00
{
2014-04-04 01:47:54 +04:00
struct radix_tree_node * node , * parent ;
2016-05-21 03:02:20 +03:00
unsigned long maxindex ;
2017-02-13 23:58:24 +03:00
void __rcu * * slot ;
2006-06-23 13:03:22 +04:00
2016-05-21 03:02:20 +03:00
restart :
parent = NULL ;
2017-11-08 00:30:10 +03:00
slot = ( void __rcu * * ) & root - > xa_head ;
2016-05-21 03:03:48 +03:00
radix_tree_load_root ( root , & node , & maxindex ) ;
2016-05-21 03:02:20 +03:00
if ( index > maxindex )
2005-04-17 02:20:36 +04:00
return NULL ;
2016-05-21 03:03:30 +03:00
while ( radix_tree_is_internal_node ( node ) ) {
2016-05-21 03:02:20 +03:00
unsigned offset ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:03:27 +03:00
parent = entry_to_node ( node ) ;
2016-05-21 03:03:48 +03:00
offset = radix_tree_descend ( parent , & node , index ) ;
2016-05-21 03:02:20 +03:00
slot = parent - > slots + offset ;
2018-12-06 16:19:13 +03:00
if ( node = = RADIX_TREE_RETRY )
goto restart ;
2018-06-25 13:56:50 +03:00
if ( parent - > shift = = 0 )
break ;
2016-05-21 03:02:20 +03:00
}
2005-04-17 02:20:36 +04:00
2014-04-04 01:47:54 +04:00
if ( nodep )
* nodep = parent ;
if ( slotp )
* slotp = slot ;
return node ;
2009-06-17 02:33:42 +04:00
}
/**
* radix_tree_lookup_slot - lookup a slot in a radix tree
* @ root : radix tree root
* @ index : index key
*
* Returns : the slot corresponding to the position @ index in the
* radix tree @ root . This is useful for update - if - exists operations .
*
* This function can be called under rcu_read_lock iff the slot is not
* modified by radix_tree_replace_slot , otherwise it must be called
* exclusive from other writers . Any dereference of the slot must be done
* using radix_tree_deref_slot .
*/
2017-02-13 23:58:24 +03:00
void __rcu * * radix_tree_lookup_slot ( const struct radix_tree_root * root ,
2016-12-20 01:43:19 +03:00
unsigned long index )
2009-06-17 02:33:42 +04:00
{
2017-02-13 23:58:24 +03:00
void __rcu * * slot ;
2014-04-04 01:47:54 +04:00
if ( ! __radix_tree_lookup ( root , index , NULL , & slot ) )
return NULL ;
return slot ;
2005-11-07 11:59:29 +03:00
}
EXPORT_SYMBOL ( radix_tree_lookup_slot ) ;
/**
* radix_tree_lookup - perform lookup operation on a radix tree
* @ root : radix tree root
* @ index : index key
*
* Lookup the item at the position @ index in the radix tree @ root .
2006-12-07 07:33:44 +03:00
*
* This function can be called under rcu_read_lock , however the caller
* must manage lifetimes of leaf nodes ( eg . RCU may also be used to free
* them safely ) . No RCU barriers are required to access or modify the
* returned item , however .
2005-11-07 11:59:29 +03:00
*/
2016-12-20 01:43:19 +03:00
void * radix_tree_lookup ( const struct radix_tree_root * root , unsigned long index )
2005-11-07 11:59:29 +03:00
{
2014-04-04 01:47:54 +04:00
return __radix_tree_lookup ( root , index , NULL , NULL ) ;
2005-04-17 02:20:36 +04:00
}
EXPORT_SYMBOL ( radix_tree_lookup ) ;
2017-02-13 23:58:24 +03:00
static void replace_slot ( void __rcu * * slot , void * item ,
2017-11-09 17:23:56 +03:00
struct radix_tree_node * node , int count , int values )
2016-12-13 03:43:41 +03:00
{
2017-11-09 17:23:56 +03:00
if ( node & & ( count | | values ) ) {
2016-12-13 03:43:46 +03:00
node - > count + = count ;
2017-11-09 17:23:56 +03:00
node - > nr_values + = values ;
2016-12-13 03:43:46 +03:00
}
2016-12-13 03:43:41 +03:00
rcu_assign_pointer ( * slot , item ) ;
}
2016-12-20 18:27:56 +03:00
static bool node_tag_get ( const struct radix_tree_root * root ,
const struct radix_tree_node * node ,
unsigned int tag , unsigned int offset )
2016-12-15 02:09:07 +03:00
{
2016-12-20 18:27:56 +03:00
if ( node )
return tag_get ( node , tag , offset ) ;
return root_tag_get ( root , tag ) ;
}
2016-12-15 02:09:07 +03:00
2016-12-20 18:27:56 +03:00
/*
* IDR users want to be able to store NULL in the tree , so if the slot isn ' t
* free , don ' t adjust the count , even if it ' s transitioning between NULL and
* non - NULL . For the IDA , we mark slots as being IDR_FREE while they still
* have empty bits , but it only stores NULL in slots when they ' re being
* deleted .
*/
static int calculate_count ( struct radix_tree_root * root ,
2017-02-13 23:58:24 +03:00
struct radix_tree_node * node , void __rcu * * slot ,
2016-12-20 18:27:56 +03:00
void * item , void * old )
{
if ( is_idr ( root ) ) {
unsigned offset = get_slot_offset ( node , slot ) ;
bool free = node_tag_get ( root , node , IDR_FREE , offset ) ;
if ( ! free )
return 0 ;
if ( ! old )
return 1 ;
2016-12-15 02:09:07 +03:00
}
2016-12-20 18:27:56 +03:00
return ! ! item - ! ! old ;
2016-12-15 02:09:07 +03:00
}
2016-12-13 03:43:43 +03:00
/**
* __radix_tree_replace - replace item in a slot
2016-12-13 03:43:49 +03:00
* @ root : radix tree root
* @ node : pointer to tree node
* @ slot : pointer to slot in @ node
* @ item : new item to store in the slot .
2016-12-13 03:43:43 +03:00
*
* For use with __radix_tree_lookup ( ) . Caller must hold tree write locked
* across slot lookup and replacement .
*/
void __radix_tree_replace ( struct radix_tree_root * root ,
struct radix_tree_node * node ,
2018-04-09 23:24:45 +03:00
void __rcu * * slot , void * item )
2016-12-13 03:43:43 +03:00
{
2016-12-20 18:27:56 +03:00
void * old = rcu_dereference_raw ( * slot ) ;
2017-11-09 17:23:56 +03:00
int values = ! ! xa_is_value ( item ) - ! ! xa_is_value ( old ) ;
2016-12-20 18:27:56 +03:00
int count = calculate_count ( root , node , slot , item , old ) ;
2016-12-13 03:43:43 +03:00
/*
2017-11-09 17:23:56 +03:00
* This function supports replacing value entries and
2016-12-13 03:43:46 +03:00
* deleting entries , but that needs accounting against the
2017-11-08 00:30:10 +03:00
* node unless the slot is root - > xa_head .
2016-12-13 03:43:43 +03:00
*/
2017-11-08 00:30:10 +03:00
WARN_ON_ONCE ( ! node & & ( slot ! = ( void __rcu * * ) & root - > xa_head ) & &
2017-11-09 17:23:56 +03:00
( count | | values ) ) ;
replace_slot ( slot , item , node , count , values ) ;
2016-12-13 03:43:46 +03:00
2016-12-13 03:43:49 +03:00
if ( ! node )
return ;
2018-04-09 23:24:45 +03:00
delete_node ( root , node ) ;
2016-12-13 03:43:43 +03:00
}
/**
* radix_tree_replace_slot - replace item in a slot
* @ root : radix tree root
* @ slot : pointer to slot
* @ item : new item to store in the slot .
*
2017-12-02 06:13:06 +03:00
* For use with radix_tree_lookup_slot ( ) and
2016-12-13 03:43:43 +03:00
* radix_tree_gang_lookup_tag_slot ( ) . Caller must hold tree write locked
* across slot lookup and replacement .
*
* NOTE : This cannot be used to switch between non - entries ( empty slots ) ,
2017-11-09 17:23:56 +03:00
* regular entries , and value entries , as that requires accounting
2016-12-13 03:43:46 +03:00
* inside the radix tree node . When switching from one type of entry or
2016-12-15 02:09:01 +03:00
* deleting , use __radix_tree_lookup ( ) and __radix_tree_replace ( ) or
* radix_tree_iter_replace ( ) .
2016-12-13 03:43:43 +03:00
*/
void radix_tree_replace_slot ( struct radix_tree_root * root ,
2017-02-13 23:58:24 +03:00
void __rcu * * slot , void * item )
2016-12-13 03:43:43 +03:00
{
2018-04-09 23:24:45 +03:00
__radix_tree_replace ( root , NULL , slot , item ) ;
2016-12-13 03:43:43 +03:00
}
2017-01-11 21:00:51 +03:00
EXPORT_SYMBOL ( radix_tree_replace_slot ) ;
2016-12-13 03:43:43 +03:00
2016-12-15 02:09:01 +03:00
/**
* radix_tree_iter_replace - replace item in a slot
* @ root : radix tree root
* @ slot : pointer to slot
* @ item : new item to store in the slot .
*
2018-05-19 23:47:47 +03:00
* For use with radix_tree_for_each_slot ( ) .
* Caller must hold tree write locked .
2016-12-15 02:09:01 +03:00
*/
void radix_tree_iter_replace ( struct radix_tree_root * root ,
2017-02-13 23:58:24 +03:00
const struct radix_tree_iter * iter ,
void __rcu * * slot , void * item )
2016-12-15 02:09:01 +03:00
{
2018-04-09 23:24:45 +03:00
__radix_tree_replace ( root , iter - > node , slot , item ) ;
2016-12-15 02:09:01 +03:00
}
2017-01-28 17:55:20 +03:00
static void node_tag_set ( struct radix_tree_root * root ,
struct radix_tree_node * node ,
unsigned int tag , unsigned int offset )
{
while ( node ) {
if ( tag_get ( node , tag , offset ) )
return ;
tag_set ( node , tag , offset ) ;
offset = node - > offset ;
node = node - > parent ;
}
if ( ! root_tag_get ( root , tag ) )
root_tag_set ( root , tag ) ;
}
2005-04-17 02:20:36 +04:00
/**
* radix_tree_tag_set - set a tag on a radix tree node
* @ root : radix tree root
* @ index : index key
2016-05-21 03:03:04 +03:00
* @ tag : tag index
2005-04-17 02:20:36 +04:00
*
2006-03-25 14:08:05 +03:00
* Set the search tag ( which must be < RADIX_TREE_MAX_TAGS )
* corresponding to @ index in the radix tree . From
2005-04-17 02:20:36 +04:00
* the root all the way down to the leaf node .
*
2016-05-21 03:03:04 +03:00
* Returns the address of the tagged item . Setting a tag on a not - present
2005-04-17 02:20:36 +04:00
* item is a bug .
*/
void * radix_tree_tag_set ( struct radix_tree_root * root ,
2006-03-25 14:08:05 +03:00
unsigned long index , unsigned int tag )
2005-04-17 02:20:36 +04:00
{
2016-05-21 03:02:32 +03:00
struct radix_tree_node * node , * parent ;
unsigned long maxindex ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:03:48 +03:00
radix_tree_load_root ( root , & node , & maxindex ) ;
2016-05-21 03:02:32 +03:00
BUG_ON ( index > maxindex ) ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:03:30 +03:00
while ( radix_tree_is_internal_node ( node ) ) {
2016-05-21 03:02:32 +03:00
unsigned offset ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:03:27 +03:00
parent = entry_to_node ( node ) ;
2016-05-21 03:03:48 +03:00
offset = radix_tree_descend ( parent , & node , index ) ;
2016-05-21 03:02:32 +03:00
BUG_ON ( ! node ) ;
if ( ! tag_get ( parent , tag , offset ) )
tag_set ( parent , tag , offset ) ;
2005-04-17 02:20:36 +04:00
}
2006-06-23 13:03:22 +04:00
/* set the root's tag bit */
2016-05-21 03:02:32 +03:00
if ( ! root_tag_get ( root , tag ) )
2006-06-23 13:03:22 +04:00
root_tag_set ( root , tag ) ;
2016-05-21 03:02:32 +03:00
return node ;
2005-04-17 02:20:36 +04:00
}
EXPORT_SYMBOL ( radix_tree_tag_set ) ;
2016-05-21 03:03:45 +03:00
static void node_tag_clear ( struct radix_tree_root * root ,
struct radix_tree_node * node ,
unsigned int tag , unsigned int offset )
{
while ( node ) {
if ( ! tag_get ( node , tag , offset ) )
return ;
tag_clear ( node , tag , offset ) ;
if ( any_tag_set ( node , tag ) )
return ;
offset = node - > offset ;
node = node - > parent ;
}
/* clear the root's tag bit */
if ( root_tag_get ( root , tag ) )
root_tag_clear ( root , tag ) ;
}
2005-04-17 02:20:36 +04:00
/**
* radix_tree_tag_clear - clear a tag on a radix tree node
* @ root : radix tree root
* @ index : index key
2016-05-21 03:03:04 +03:00
* @ tag : tag index
2005-04-17 02:20:36 +04:00
*
2006-03-25 14:08:05 +03:00
* Clear the search tag ( which must be < RADIX_TREE_MAX_TAGS )
2016-05-21 03:03:04 +03:00
* corresponding to @ index in the radix tree . If this causes
* the leaf node to have no tags set then clear the tag in the
2005-04-17 02:20:36 +04:00
* next - to - leaf node , etc .
*
* Returns the address of the tagged item on success , else NULL . ie :
* has the same return value and semantics as radix_tree_lookup ( ) .
*/
void * radix_tree_tag_clear ( struct radix_tree_root * root ,
2006-03-25 14:08:05 +03:00
unsigned long index , unsigned int tag )
2005-04-17 02:20:36 +04:00
{
2016-05-21 03:02:35 +03:00
struct radix_tree_node * node , * parent ;
unsigned long maxindex ;
radix_tree: take radix_tree_path off stack
Down, down in the deepest depths of GFP_NOIO page reclaim, we have
shrink_page_list() calling __remove_mapping() calling __delete_from_
swap_cache() or __delete_from_page_cache().
You would not expect those to need much stack, but in fact they call
radix_tree_delete(): which declares a 192-byte radix_tree_path array on
its stack (to record the node,offsets it visits when descending, in case
it needs to ascend to update them). And if any tag is still set [1],
that calls radix_tree_tag_clear(), which declares a further such
192-byte radix_tree_path array on the stack. (At least we have
interrupts disabled here, so won't then be pushing registers too.)
That was probably a good choice when most users were 32-bit (array of
half the size), and adding fields to radix_tree_node would have bloated
it unnecessarily. But nowadays many are 64-bit, and each
radix_tree_node contains a struct rcu_head, which is only used when
freeing; whereas the radix_tree_path info is only used for updating the
tree (deleting, clearing tags or setting tags if tagged) when a lock
must be held, of no interest when accessing the tree locklessly.
So add a parent pointer to the radix_tree_node, in union with the
rcu_head, and remove all uses of the radix_tree_path. There would be
space in that union to save the offset when descending as before (we can
argue that a lock must already be held to exclude other users), but
recalculating it when ascending is both easy (a constant shift and a
constant mask) and uncommon, so it seems better just to do that.
Two little optimizations: no need to decrement height when descending,
adjusting shift is enough; and once radix_tree_tag_if_tagged() has set
tag on a node and its ancestors, it need not ascend from that node
again.
perf on the radix tree test harness reports radix_tree_insert() as 2%
slower (now having to set parent), but radix_tree_delete() 24% faster.
Surely that's an exaggeration from rtth's artificially low map shift 3,
but forcing it back to 6 still rates radix_tree_delete() 8% faster.
[1] Can a pagecache tag (dirty, writeback or towrite) actually still be
set at the time of radix_tree_delete()? Perhaps not if the filesystem is
well-behaved. But although I've not tracked any stack overflow down to
this cause, I have observed a curious case in which a dirty tag is set
and left set on tmpfs: page migration's migrate_page_copy() happens to
use __set_page_dirty_nobuffers() to set PageDirty on the newpage, and
that sets PAGECACHE_TAG_DIRTY as a side-effect - harmless to a
filesystem which doesn't use tags, except for this stack depth issue.
Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Nai Xia <nai.xia@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-01-13 05:20:41 +04:00
int uninitialized_var ( offset ) ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:03:48 +03:00
radix_tree_load_root ( root , & node , & maxindex ) ;
2016-05-21 03:02:35 +03:00
if ( index > maxindex )
return NULL ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:02:35 +03:00
parent = NULL ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:03:30 +03:00
while ( radix_tree_is_internal_node ( node ) ) {
2016-05-21 03:03:27 +03:00
parent = entry_to_node ( node ) ;
2016-05-21 03:03:48 +03:00
offset = radix_tree_descend ( parent , & node , index ) ;
2005-04-17 02:20:36 +04:00
}
2016-05-21 03:03:45 +03:00
if ( node )
node_tag_clear ( root , parent , tag , offset ) ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:02:35 +03:00
return node ;
2005-04-17 02:20:36 +04:00
}
EXPORT_SYMBOL ( radix_tree_tag_clear ) ;
2017-01-28 17:55:20 +03:00
/**
* radix_tree_iter_tag_clear - clear a tag on the current iterator entry
* @ root : radix tree root
* @ iter : iterator state
* @ tag : tag to clear
*/
void radix_tree_iter_tag_clear ( struct radix_tree_root * root ,
const struct radix_tree_iter * iter , unsigned int tag )
{
node_tag_clear ( root , iter - > node , tag , iter_offset ( iter ) ) ;
}
2005-04-17 02:20:36 +04:00
/**
2005-09-07 02:16:48 +04:00
* radix_tree_tag_get - get a tag on a radix tree node
* @ root : radix tree root
* @ index : index key
2016-05-21 03:03:04 +03:00
* @ tag : tag index ( < RADIX_TREE_MAX_TAGS )
2005-04-17 02:20:36 +04:00
*
2005-09-07 02:16:48 +04:00
* Return values :
2005-04-17 02:20:36 +04:00
*
2006-06-23 13:03:22 +04:00
* 0 : tag not present or not set
* 1 : tag set
radix_tree_tag_get() is not as safe as the docs make out [ver #2]
radix_tree_tag_get() is not safe to use concurrently with radix_tree_tag_set()
or radix_tree_tag_clear(). The problem is that the double tag_get() in
radix_tree_tag_get():
if (!tag_get(node, tag, offset))
saw_unset_tag = 1;
if (height == 1) {
int ret = tag_get(node, tag, offset);
may see the value change due to the action of set/clear. RCU is no protection
against this as no pointers are being changed, no nodes are being replaced
according to a COW protocol - set/clear alter the node directly.
The documentation in linux/radix-tree.h, however, says that
radix_tree_tag_get() is an exception to the rule that "any function modifying
the tree or tags (...) must exclude other modifications, and exclude any
functions reading the tree".
The problem is that the next statement in radix_tree_tag_get() checks that the
tag doesn't vary over time:
BUG_ON(ret && saw_unset_tag);
This has been seen happening in FS-Cache:
https://www.redhat.com/archives/linux-cachefs/2010-April/msg00013.html
To this end, remove the BUG_ON() from radix_tree_tag_get() and note in various
comments that the value of the tag may change whilst the RCU read lock is held,
and thus that the return value of radix_tree_tag_get() may not be relied upon
unless radix_tree_tag_set/clear() and radix_tree_delete() are excluded from
running concurrently with it.
Reported-by: Romain DEGEZ <romain.degez@smartjog.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-04-07 01:36:20 +04:00
*
* Note that the return value of this function may not be relied on , even if
* the RCU lock is held , unless tag modification and node deletion are excluded
* from concurrency .
2005-04-17 02:20:36 +04:00
*/
2016-12-20 01:43:19 +03:00
int radix_tree_tag_get ( const struct radix_tree_root * root ,
2006-03-25 14:08:05 +03:00
unsigned long index , unsigned int tag )
2005-04-17 02:20:36 +04:00
{
2016-05-21 03:02:38 +03:00
struct radix_tree_node * node , * parent ;
unsigned long maxindex ;
2005-04-17 02:20:36 +04:00
2006-06-23 13:03:22 +04:00
if ( ! root_tag_get ( root , tag ) )
return 0 ;
2016-05-21 03:03:48 +03:00
radix_tree_load_root ( root , & node , & maxindex ) ;
2016-05-21 03:02:38 +03:00
if ( index > maxindex )
return 0 ;
2006-12-07 07:33:44 +03:00
2016-05-21 03:03:30 +03:00
while ( radix_tree_is_internal_node ( node ) ) {
2016-05-21 03:03:48 +03:00
unsigned offset ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:03:27 +03:00
parent = entry_to_node ( node ) ;
2016-05-21 03:03:48 +03:00
offset = radix_tree_descend ( parent , & node , index ) ;
2005-04-17 02:20:36 +04:00
2016-05-21 03:02:38 +03:00
if ( ! tag_get ( parent , tag , offset ) )
2011-11-01 04:07:02 +04:00
return 0 ;
2016-05-21 03:02:38 +03:00
if ( node = = RADIX_TREE_RETRY )
break ;
2005-04-17 02:20:36 +04:00
}
2016-05-21 03:02:38 +03:00
return 1 ;
2005-04-17 02:20:36 +04:00
}
EXPORT_SYMBOL ( radix_tree_tag_get ) ;
2016-12-15 02:08:49 +03:00
/* Construct iter->tags bit-mask from node->tags[tag] array */
static void set_iter_tags ( struct radix_tree_iter * iter ,
struct radix_tree_node * node , unsigned offset ,
unsigned tag )
{
unsigned tag_long = offset / BITS_PER_LONG ;
unsigned tag_bit = offset % BITS_PER_LONG ;
2016-12-20 18:27:56 +03:00
if ( ! node ) {
iter - > tags = 1 ;
return ;
}
2016-12-15 02:08:49 +03:00
iter - > tags = node - > tags [ tag ] [ tag_long ] > > tag_bit ;
/* This never happens if RADIX_TREE_TAG_LONGS == 1 */
if ( tag_long < RADIX_TREE_TAG_LONGS - 1 ) {
/* Pick tags from next element */
if ( tag_bit )
iter - > tags | = node - > tags [ tag ] [ tag_long + 1 ] < <
( BITS_PER_LONG - tag_bit ) ;
/* Clip chunk size, here only BITS_PER_LONG tags */
iter - > next_index = __radix_tree_iter_add ( iter , BITS_PER_LONG ) ;
}
}
2017-02-13 23:58:24 +03:00
void __rcu * * radix_tree_iter_resume ( void __rcu * * slot ,
struct radix_tree_iter * iter )
2016-12-15 02:08:49 +03:00
{
slot + + ;
iter - > index = __radix_tree_iter_add ( iter , 1 ) ;
iter - > next_index = iter - > index ;
iter - > tags = 0 ;
return NULL ;
}
EXPORT_SYMBOL ( radix_tree_iter_resume ) ;
2012-03-29 01:42:53 +04:00
/**
* radix_tree_next_chunk - find next chunk of slots for iteration
*
* @ root : radix tree root
* @ iter : iterator state
* @ flags : RADIX_TREE_ITER_ * flags and tag index
* Returns : pointer to chunk first slot , or NULL if iteration is over
*/
2017-02-13 23:58:24 +03:00
void __rcu * * radix_tree_next_chunk ( const struct radix_tree_root * root ,
2012-03-29 01:42:53 +04:00
struct radix_tree_iter * iter , unsigned flags )
{
2016-05-21 03:03:48 +03:00
unsigned tag = flags & RADIX_TREE_ITER_TAG_MASK ;
2016-05-21 03:03:36 +03:00
struct radix_tree_node * node , * child ;
2016-05-21 03:02:26 +03:00
unsigned long index , offset , maxindex ;
2012-03-29 01:42:53 +04:00
if ( ( flags & RADIX_TREE_ITER_TAGGED ) & & ! root_tag_get ( root , tag ) )
return NULL ;
/*
* Catch next_index overflow after ~ 0UL . iter - > index never overflows
* during iterating ; it can be zero only at the beginning .
* And we cannot overflow iter - > next_index in a single step ,
* because RADIX_TREE_MAP_SHIFT < BITS_PER_LONG .
2012-06-05 21:36:33 +04:00
*
* This condition also used by radix_tree_next_slot ( ) to stop
2016-12-15 02:08:31 +03:00
* contiguous iterating , and forbid switching to the next chunk .
2012-03-29 01:42:53 +04:00
*/
index = iter - > next_index ;
if ( ! index & & iter - > index )
return NULL ;
2016-05-21 03:02:26 +03:00
restart :
2016-05-21 03:03:48 +03:00
radix_tree_load_root ( root , & child , & maxindex ) ;
2016-05-21 03:02:26 +03:00
if ( index > maxindex )
return NULL ;
2016-05-21 03:03:36 +03:00
if ( ! child )
return NULL ;
2016-05-21 03:02:26 +03:00
2016-05-21 03:03:36 +03:00
if ( ! radix_tree_is_internal_node ( child ) ) {
2012-03-29 01:42:53 +04:00
/* Single-slot tree */
2016-05-21 03:02:26 +03:00
iter - > index = index ;
iter - > next_index = maxindex + 1 ;
2012-03-29 01:42:53 +04:00
iter - > tags = 1 ;
2016-12-15 02:08:55 +03:00
iter - > node = NULL ;
2017-11-08 00:30:10 +03:00
return ( void __rcu * * ) & root - > xa_head ;
2016-05-21 03:03:36 +03:00
}
2016-05-21 03:02:26 +03:00
2016-05-21 03:03:36 +03:00
do {
node = entry_to_node ( child ) ;
2016-05-21 03:03:48 +03:00
offset = radix_tree_descend ( node , & child , index ) ;
2016-05-21 03:02:26 +03:00
2012-03-29 01:42:53 +04:00
if ( ( flags & RADIX_TREE_ITER_TAGGED ) ?
2016-05-21 03:03:36 +03:00
! tag_get ( node , tag , offset ) : ! child ) {
2012-03-29 01:42:53 +04:00
/* Hole detected */
if ( flags & RADIX_TREE_ITER_CONTIG )
return NULL ;
if ( flags & RADIX_TREE_ITER_TAGGED )
2016-12-15 02:08:40 +03:00
offset = radix_tree_find_next_bit ( node , tag ,
2012-03-29 01:42:53 +04:00
offset + 1 ) ;
else
while ( + + offset < RADIX_TREE_MAP_SIZE ) {
2017-02-13 23:22:48 +03:00
void * slot = rcu_dereference_raw (
node - > slots [ offset ] ) ;
2016-05-21 03:02:26 +03:00
if ( slot )
2012-03-29 01:42:53 +04:00
break ;
}
2016-05-21 03:03:36 +03:00
index & = ~ node_maxindex ( node ) ;
2016-05-21 03:03:48 +03:00
index + = offset < < node - > shift ;
2012-03-29 01:42:53 +04:00
/* Overflow after ~0UL */
if ( ! index )
return NULL ;
if ( offset = = RADIX_TREE_MAP_SIZE )
goto restart ;
2016-05-21 03:03:36 +03:00
child = rcu_dereference_raw ( node - > slots [ offset ] ) ;
2012-03-29 01:42:53 +04:00
}
2016-12-15 02:09:01 +03:00
if ( ! child )
2012-03-29 01:42:53 +04:00
goto restart ;
2016-12-15 02:09:01 +03:00
if ( child = = RADIX_TREE_RETRY )
break ;
2018-06-25 13:56:50 +03:00
} while ( node - > shift & & radix_tree_is_internal_node ( child ) ) ;
2012-03-29 01:42:53 +04:00
/* Update the iterator state */
2018-09-22 23:14:30 +03:00
iter - > index = ( index & ~ node_maxindex ( node ) ) | offset ;
2016-05-21 03:03:36 +03:00
iter - > next_index = ( index | node_maxindex ( node ) ) + 1 ;
2016-12-15 02:08:55 +03:00
iter - > node = node ;
2012-03-29 01:42:53 +04:00
2016-12-15 02:08:49 +03:00
if ( flags & RADIX_TREE_ITER_TAGGED )
set_iter_tags ( iter , node , offset , tag ) ;
2012-03-29 01:42:53 +04:00
return node - > slots + offset ;
}
EXPORT_SYMBOL ( radix_tree_next_chunk ) ;
2005-04-17 02:20:36 +04:00
/**
* radix_tree_gang_lookup - perform multiple lookup on a radix tree
* @ root : radix tree root
* @ results : where the results of the lookup are placed
* @ first_index : start the lookup from this key
* @ max_items : place up to this many items at * results
*
* Performs an index - ascending scan of the tree for present items . Places
* them at * @ results and returns the number of items which were placed at
* * @ results .
*
* The implementation is naive .
2006-12-07 07:33:44 +03:00
*
* Like radix_tree_lookup , radix_tree_gang_lookup may be called under
* rcu_read_lock . In this case , rather than the returned results being
2016-05-21 03:03:04 +03:00
* an atomic snapshot of the tree at a single point in time , the
* semantics of an RCU protected gang lookup are as though multiple
* radix_tree_lookups have been issued in individual locks , and results
* stored in ' results ' .
2005-04-17 02:20:36 +04:00
*/
unsigned int
2016-12-20 01:43:19 +03:00
radix_tree_gang_lookup ( const struct radix_tree_root * root , void * * results ,
2005-04-17 02:20:36 +04:00
unsigned long first_index , unsigned int max_items )
{
2012-03-29 01:42:53 +04:00
struct radix_tree_iter iter ;
2017-02-13 23:58:24 +03:00
void __rcu * * slot ;
2012-03-29 01:42:53 +04:00
unsigned int ret = 0 ;
2006-12-07 07:33:44 +03:00
2012-03-29 01:42:53 +04:00
if ( unlikely ( ! max_items ) )
2006-12-07 07:33:44 +03:00
return 0 ;
2005-04-17 02:20:36 +04:00
2012-03-29 01:42:53 +04:00
radix_tree_for_each_slot ( slot , root , & iter , first_index ) {
2016-02-03 03:57:52 +03:00
results [ ret ] = rcu_dereference_raw ( * slot ) ;
2012-03-29 01:42:53 +04:00
if ( ! results [ ret ] )
continue ;
2016-05-21 03:03:30 +03:00
if ( radix_tree_is_internal_node ( results [ ret ] ) ) {
2016-02-03 03:57:52 +03:00
slot = radix_tree_iter_retry ( & iter ) ;
continue ;
}
2012-03-29 01:42:53 +04:00
if ( + + ret = = max_items )
2005-04-17 02:20:36 +04:00
break ;
}
2006-12-07 07:33:44 +03:00
2005-04-17 02:20:36 +04:00
return ret ;
}
EXPORT_SYMBOL ( radix_tree_gang_lookup ) ;
/**
* radix_tree_gang_lookup_tag - perform multiple lookup on a radix tree
* based on a tag
* @ root : radix tree root
* @ results : where the results of the lookup are placed
* @ first_index : start the lookup from this key
* @ max_items : place up to this many items at * results
2006-03-25 14:08:05 +03:00
* @ tag : the tag index ( < RADIX_TREE_MAX_TAGS )
2005-04-17 02:20:36 +04:00
*
* Performs an index - ascending scan of the tree for present items which
* have the tag indexed by @ tag set . Places the items at * @ results and
* returns the number of items which were placed at * @ results .
*/
unsigned int
2016-12-20 01:43:19 +03:00
radix_tree_gang_lookup_tag ( const struct radix_tree_root * root , void * * results ,
2006-03-25 14:08:05 +03:00
unsigned long first_index , unsigned int max_items ,
unsigned int tag )
2005-04-17 02:20:36 +04:00
{
2012-03-29 01:42:53 +04:00
struct radix_tree_iter iter ;
2017-02-13 23:58:24 +03:00
void __rcu * * slot ;
2012-03-29 01:42:53 +04:00
unsigned int ret = 0 ;
2006-06-23 13:03:22 +04:00
2012-03-29 01:42:53 +04:00
if ( unlikely ( ! max_items ) )
2006-12-07 07:33:44 +03:00
return 0 ;
2012-03-29 01:42:53 +04:00
radix_tree_for_each_tagged ( slot , root , & iter , first_index , tag ) {
2016-02-03 03:57:52 +03:00
results [ ret ] = rcu_dereference_raw ( * slot ) ;
2012-03-29 01:42:53 +04:00
if ( ! results [ ret ] )
continue ;
2016-05-21 03:03:30 +03:00
if ( radix_tree_is_internal_node ( results [ ret ] ) ) {
2016-02-03 03:57:52 +03:00
slot = radix_tree_iter_retry ( & iter ) ;
continue ;
}
2012-03-29 01:42:53 +04:00
if ( + + ret = = max_items )
2005-04-17 02:20:36 +04:00
break ;
}
2006-12-07 07:33:44 +03:00
2005-04-17 02:20:36 +04:00
return ret ;
}
EXPORT_SYMBOL ( radix_tree_gang_lookup_tag ) ;
2008-07-26 06:45:29 +04:00
/**
* radix_tree_gang_lookup_tag_slot - perform multiple slot lookup on a
* radix tree based on a tag
* @ root : radix tree root
* @ results : where the results of the lookup are placed
* @ first_index : start the lookup from this key
* @ max_items : place up to this many items at * results
* @ tag : the tag index ( < RADIX_TREE_MAX_TAGS )
*
* Performs an index - ascending scan of the tree for present items which
* have the tag indexed by @ tag set . Places the slots at * @ results and
* returns the number of slots which were placed at * @ results .
*/
unsigned int
2016-12-20 01:43:19 +03:00
radix_tree_gang_lookup_tag_slot ( const struct radix_tree_root * root ,
2017-02-13 23:58:24 +03:00
void __rcu * * * results , unsigned long first_index ,
2016-12-20 01:43:19 +03:00
unsigned int max_items , unsigned int tag )
2008-07-26 06:45:29 +04:00
{
2012-03-29 01:42:53 +04:00
struct radix_tree_iter iter ;
2017-02-13 23:58:24 +03:00
void __rcu * * slot ;
2012-03-29 01:42:53 +04:00
unsigned int ret = 0 ;
2008-07-26 06:45:29 +04:00
2012-03-29 01:42:53 +04:00
if ( unlikely ( ! max_items ) )
2008-07-26 06:45:29 +04:00
return 0 ;
2012-03-29 01:42:53 +04:00
radix_tree_for_each_tagged ( slot , root , & iter , first_index , tag ) {
results [ ret ] = slot ;
if ( + + ret = = max_items )
2008-07-26 06:45:29 +04:00
break ;
}
return ret ;
}
EXPORT_SYMBOL ( radix_tree_gang_lookup_tag_slot ) ;
2017-01-28 17:56:22 +03:00
static bool __radix_tree_delete ( struct radix_tree_root * root ,
2017-02-13 23:58:24 +03:00
struct radix_tree_node * node , void __rcu * * slot )
2017-01-28 17:56:22 +03:00
{
2016-12-20 18:27:56 +03:00
void * old = rcu_dereference_raw ( * slot ) ;
2017-11-09 17:23:56 +03:00
int values = xa_is_value ( old ) ? - 1 : 0 ;
2017-01-28 17:56:22 +03:00
unsigned offset = get_slot_offset ( node , slot ) ;
int tag ;
2016-12-20 18:27:56 +03:00
if ( is_idr ( root ) )
node_tag_set ( root , node , IDR_FREE , offset ) ;
else
for ( tag = 0 ; tag < RADIX_TREE_MAX_TAGS ; tag + + )
node_tag_clear ( root , node , tag , offset ) ;
2017-01-28 17:56:22 +03:00
2017-11-09 17:23:56 +03:00
replace_slot ( slot , NULL , node , - 1 , values ) ;
2018-04-09 23:24:45 +03:00
return node & & delete_node ( root , node ) ;
2017-01-28 17:56:22 +03:00
}
2005-04-17 02:20:36 +04:00
/**
2017-01-28 17:56:22 +03:00
* radix_tree_iter_delete - delete the entry at this iterator position
* @ root : radix tree root
* @ iter : iterator state
* @ slot : pointer to slot
2005-04-17 02:20:36 +04:00
*
2017-01-28 17:56:22 +03:00
* Delete the entry at the position currently pointed to by the iterator .
* This may result in the current node being freed ; if it is , the iterator
* is advanced so that it will not reference the freed memory . This
* function may be called without any locking if there are no other threads
* which can access this tree .
*/
void radix_tree_iter_delete ( struct radix_tree_root * root ,
2017-02-13 23:58:24 +03:00
struct radix_tree_iter * iter , void __rcu * * slot )
2017-01-28 17:56:22 +03:00
{
if ( __radix_tree_delete ( root , iter - > node , slot ) )
iter - > index = iter - > next_index ;
}
2017-08-16 11:52:08 +03:00
EXPORT_SYMBOL ( radix_tree_iter_delete ) ;
2017-01-28 17:56:22 +03:00
/**
* radix_tree_delete_item - delete an item from a radix tree
* @ root : radix tree root
* @ index : index key
* @ item : expected item
2005-04-17 02:20:36 +04:00
*
2017-01-28 17:56:22 +03:00
* Remove @ item at @ index from the radix tree rooted at @ root .
2005-04-17 02:20:36 +04:00
*
2017-01-28 17:56:22 +03:00
* Return : the deleted entry , or % NULL if it was not present
* or the entry at the given @ index was not @ item .
2005-04-17 02:20:36 +04:00
*/
2014-04-04 01:47:39 +04:00
void * radix_tree_delete_item ( struct radix_tree_root * root ,
unsigned long index , void * item )
2005-04-17 02:20:36 +04:00
{
2016-12-20 18:27:56 +03:00
struct radix_tree_node * node = NULL ;
2018-05-26 00:47:24 +03:00
void __rcu * * slot = NULL ;
2014-04-04 01:47:54 +04:00
void * entry ;
2005-04-17 02:20:36 +04:00
2014-04-04 01:47:54 +04:00
entry = __radix_tree_lookup ( root , index , & node , & slot ) ;
2018-05-26 00:47:24 +03:00
if ( ! slot )
return NULL ;
2016-12-20 18:27:56 +03:00
if ( ! entry & & ( ! is_idr ( root ) | | node_tag_get ( root , node , IDR_FREE ,
get_slot_offset ( node , slot ) ) ) )
2014-04-04 01:47:54 +04:00
return NULL ;
2005-04-17 02:20:36 +04:00
2014-04-04 01:47:54 +04:00
if ( item & & entry ! = item )
return NULL ;
2017-01-28 17:56:22 +03:00
__radix_tree_delete ( root , node , slot ) ;
2006-06-23 13:03:22 +04:00
2014-04-04 01:47:54 +04:00
return entry ;
2005-04-17 02:20:36 +04:00
}
2014-04-04 01:47:39 +04:00
EXPORT_SYMBOL ( radix_tree_delete_item ) ;
/**
2017-01-28 17:56:22 +03:00
* radix_tree_delete - delete an entry from a radix tree
* @ root : radix tree root
* @ index : index key
2014-04-04 01:47:39 +04:00
*
2017-01-28 17:56:22 +03:00
* Remove the entry at @ index from the radix tree rooted at @ root .
2014-04-04 01:47:39 +04:00
*
2017-01-28 17:56:22 +03:00
* Return : The deleted entry , or % NULL if it was not present .
2014-04-04 01:47:39 +04:00
*/
void * radix_tree_delete ( struct radix_tree_root * root , unsigned long index )
{
return radix_tree_delete_item ( root , index , NULL ) ;
}
2005-04-17 02:20:36 +04:00
EXPORT_SYMBOL ( radix_tree_delete ) ;
/**
* radix_tree_tagged - test whether any items in the tree are tagged
* @ root : radix tree root
* @ tag : tag to test
*/
2016-12-20 01:43:19 +03:00
int radix_tree_tagged ( const struct radix_tree_root * root , unsigned int tag )
2005-04-17 02:20:36 +04:00
{
2006-06-23 13:03:22 +04:00
return root_tag_get ( root , tag ) ;
2005-04-17 02:20:36 +04:00
}
EXPORT_SYMBOL ( radix_tree_tagged ) ;
2016-12-20 18:27:56 +03:00
/**
* idr_preload - preload for idr_alloc ( )
* @ gfp_mask : allocation mask to use for preloading
*
* Preallocate memory to use for the next call to idr_alloc ( ) . This function
* returns with preemption disabled . It will be enabled by idr_preload_end ( ) .
*/
void idr_preload ( gfp_t gfp_mask )
{
2017-09-09 02:15:54 +03:00
if ( __radix_tree_preload ( gfp_mask , IDR_PRELOAD_SIZE ) )
preempt_disable ( ) ;
2016-12-20 18:27:56 +03:00
}
EXPORT_SYMBOL ( idr_preload ) ;
2017-11-28 23:16:24 +03:00
void __rcu * * idr_get_free ( struct radix_tree_root * root ,
idr: Add new APIs to support unsigned long
The following new APIs are added:
int idr_alloc_ext(struct idr *idr, void *ptr, unsigned long *index,
unsigned long start, unsigned long end, gfp_t gfp);
void *idr_remove_ext(struct idr *idr, unsigned long id);
void *idr_find_ext(const struct idr *idr, unsigned long id);
void *idr_replace_ext(struct idr *idr, void *ptr, unsigned long id);
void *idr_get_next_ext(struct idr *idr, unsigned long *nextid);
Signed-off-by: Chris Mi <chrism@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-08-30 09:31:57 +03:00
struct radix_tree_iter * iter , gfp_t gfp ,
unsigned long max )
2016-12-20 18:27:56 +03:00
{
struct radix_tree_node * node = NULL , * child ;
2017-11-08 00:30:10 +03:00
void __rcu * * slot = ( void __rcu * * ) & root - > xa_head ;
2016-12-20 18:27:56 +03:00
unsigned long maxindex , start = iter - > next_index ;
unsigned int shift , offset = 0 ;
grow :
shift = radix_tree_load_root ( root , & child , & maxindex ) ;
if ( ! radix_tree_tagged ( root , IDR_FREE ) )
start = max ( start , maxindex + 1 ) ;
if ( start > max )
return ERR_PTR ( - ENOSPC ) ;
if ( start > maxindex ) {
int error = radix_tree_extend ( root , gfp , start , shift ) ;
if ( error < 0 )
return ERR_PTR ( error ) ;
shift = error ;
2017-11-08 00:30:10 +03:00
child = rcu_dereference_raw ( root - > xa_head ) ;
2016-12-20 18:27:56 +03:00
}
2018-06-25 13:56:50 +03:00
if ( start = = 0 & & shift = = 0 )
shift = RADIX_TREE_MAP_SHIFT ;
2016-12-20 18:27:56 +03:00
while ( shift ) {
shift - = RADIX_TREE_MAP_SHIFT ;
if ( child = = NULL ) {
/* Have to add a child node. */
2017-01-17 01:10:21 +03:00
child = radix_tree_node_alloc ( gfp , node , root , shift ,
offset , 0 , 0 ) ;
2016-12-20 18:27:56 +03:00
if ( ! child )
return ERR_PTR ( - ENOMEM ) ;
all_tag_set ( child , IDR_FREE ) ;
rcu_assign_pointer ( * slot , node_to_entry ( child ) ) ;
if ( node )
node - > count + + ;
} else if ( ! radix_tree_is_internal_node ( child ) )
break ;
node = entry_to_node ( child ) ;
offset = radix_tree_descend ( node , & child , start ) ;
if ( ! tag_get ( node , IDR_FREE , offset ) ) {
offset = radix_tree_find_next_bit ( node , IDR_FREE ,
offset + 1 ) ;
start = next_index ( start , node , offset ) ;
if ( start > max )
return ERR_PTR ( - ENOSPC ) ;
while ( offset = = RADIX_TREE_MAP_SIZE ) {
offset = node - > offset + 1 ;
node = node - > parent ;
if ( ! node )
goto grow ;
shift = node - > shift ;
}
child = rcu_dereference_raw ( node - > slots [ offset ] ) ;
}
slot = & node - > slots [ offset ] ;
}
iter - > index = start ;
if ( node )
iter - > next_index = 1 + min ( max , ( start | node_maxindex ( node ) ) ) ;
else
iter - > next_index = 1 ;
iter - > node = node ;
set_iter_tags ( iter , node , offset , IDR_FREE ) ;
return slot ;
}
/**
* idr_destroy - release all internal memory from an IDR
* @ idr : idr handle
*
* After this function is called , the IDR is empty , and may be reused or
* the data structure containing it may be freed .
*
* A typical clean - up sequence for objects stored in an idr tree will use
* idr_for_each ( ) to free all objects , if necessary , then idr_destroy ( ) to
* free the memory used to keep track of those objects .
*/
void idr_destroy ( struct idr * idr )
{
2017-11-08 00:30:10 +03:00
struct radix_tree_node * node = rcu_dereference_raw ( idr - > idr_rt . xa_head ) ;
2016-12-20 18:27:56 +03:00
if ( radix_tree_is_internal_node ( node ) )
radix_tree_free_nodes ( node ) ;
2017-11-08 00:30:10 +03:00
idr - > idr_rt . xa_head = NULL ;
2016-12-20 18:27:56 +03:00
root_tag_set ( & idr - > idr_rt , IDR_FREE ) ;
}
EXPORT_SYMBOL ( idr_destroy ) ;
2005-04-17 02:20:36 +04:00
static void
mm: keep page cache radix tree nodes in check
Previously, page cache radix tree nodes were freed after reclaim emptied
out their page pointers. But now reclaim stores shadow entries in their
place, which are only reclaimed when the inodes themselves are
reclaimed. This is problematic for bigger files that are still in use
after they have a significant amount of their cache reclaimed, without
any of those pages actually refaulting. The shadow entries will just
sit there and waste memory. In the worst case, the shadow entries will
accumulate until the machine runs out of memory.
To get this under control, the VM will track radix tree nodes
exclusively containing shadow entries on a per-NUMA node list. Per-NUMA
rather than global because we expect the radix tree nodes themselves to
be allocated node-locally and we want to reduce cross-node references of
otherwise independent cache workloads. A simple shrinker will then
reclaim these nodes on memory pressure.
A few things need to be stored in the radix tree node to implement the
shadow node LRU and allow tree deletions coming from the list:
1. There is no index available that would describe the reverse path
from the node up to the tree root, which is needed to perform a
deletion. To solve this, encode in each node its offset inside the
parent. This can be stored in the unused upper bits of the same
member that stores the node's height at no extra space cost.
2. The number of shadow entries needs to be counted in addition to the
regular entries, to quickly detect when the node is ready to go to
the shadow node LRU list. The current entry count is an unsigned
int but the maximum number of entries is 64, so a shadow counter
can easily be stored in the unused upper bits.
3. Tree modification needs tree lock and tree root, which are located
in the address space, so store an address_space backpointer in the
node. The parent pointer of the node is in a union with the 2-word
rcu_head, so the backpointer comes at no extra cost as well.
4. The node needs to be linked to an LRU list, which requires a list
head inside the node. This does increase the size of the node, but
it does not change the number of objects that fit into a slab page.
[akpm@linux-foundation.org: export the right function]
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Rik van Riel <riel@redhat.com>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Bob Liu <bob.liu@oracle.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jan Kara <jack@suse.cz>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Luigi Semenzato <semenzato@google.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Metin Doslu <metin@citusdata.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Ozgun Erdogan <ozgun@citusdata.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Roman Gushchin <klamm@yandex-team.ru>
Cc: Ryan Mallon <rmallon@gmail.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-04-04 01:47:56 +04:00
radix_tree_node_ctor ( void * arg )
2005-04-17 02:20:36 +04:00
{
mm: keep page cache radix tree nodes in check
Previously, page cache radix tree nodes were freed after reclaim emptied
out their page pointers. But now reclaim stores shadow entries in their
place, which are only reclaimed when the inodes themselves are
reclaimed. This is problematic for bigger files that are still in use
after they have a significant amount of their cache reclaimed, without
any of those pages actually refaulting. The shadow entries will just
sit there and waste memory. In the worst case, the shadow entries will
accumulate until the machine runs out of memory.
To get this under control, the VM will track radix tree nodes
exclusively containing shadow entries on a per-NUMA node list. Per-NUMA
rather than global because we expect the radix tree nodes themselves to
be allocated node-locally and we want to reduce cross-node references of
otherwise independent cache workloads. A simple shrinker will then
reclaim these nodes on memory pressure.
A few things need to be stored in the radix tree node to implement the
shadow node LRU and allow tree deletions coming from the list:
1. There is no index available that would describe the reverse path
from the node up to the tree root, which is needed to perform a
deletion. To solve this, encode in each node its offset inside the
parent. This can be stored in the unused upper bits of the same
member that stores the node's height at no extra space cost.
2. The number of shadow entries needs to be counted in addition to the
regular entries, to quickly detect when the node is ready to go to
the shadow node LRU list. The current entry count is an unsigned
int but the maximum number of entries is 64, so a shadow counter
can easily be stored in the unused upper bits.
3. Tree modification needs tree lock and tree root, which are located
in the address space, so store an address_space backpointer in the
node. The parent pointer of the node is in a union with the 2-word
rcu_head, so the backpointer comes at no extra cost as well.
4. The node needs to be linked to an LRU list, which requires a list
head inside the node. This does increase the size of the node, but
it does not change the number of objects that fit into a slab page.
[akpm@linux-foundation.org: export the right function]
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Rik van Riel <riel@redhat.com>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Bob Liu <bob.liu@oracle.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jan Kara <jack@suse.cz>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Luigi Semenzato <semenzato@google.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Metin Doslu <metin@citusdata.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Ozgun Erdogan <ozgun@citusdata.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Roman Gushchin <klamm@yandex-team.ru>
Cc: Ryan Mallon <rmallon@gmail.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-04-04 01:47:56 +04:00
struct radix_tree_node * node = arg ;
memset ( node , 0 , sizeof ( * node ) ) ;
INIT_LIST_HEAD ( & node - > private_list ) ;
2005-04-17 02:20:36 +04:00
}
2016-11-03 17:50:01 +03:00
static int radix_tree_cpu_dead ( unsigned int cpu )
2005-04-17 02:20:36 +04:00
{
2016-05-21 03:03:04 +03:00
struct radix_tree_preload * rtp ;
struct radix_tree_node * node ;
/* Free per-cpu pool of preloaded nodes */
2016-11-03 17:50:01 +03:00
rtp = & per_cpu ( radix_tree_preloads , cpu ) ;
while ( rtp - > nr ) {
node = rtp - > nodes ;
2017-01-17 00:41:29 +03:00
rtp - > nodes = node - > parent ;
2016-11-03 17:50:01 +03:00
kmem_cache_free ( radix_tree_node_cachep , node ) ;
rtp - > nr - - ;
2016-05-21 03:03:04 +03:00
}
2016-11-03 17:50:01 +03:00
return 0 ;
2005-04-17 02:20:36 +04:00
}
void __init radix_tree_init ( void )
{
2016-11-03 17:50:01 +03:00
int ret ;
2017-05-04 00:53:09 +03:00
BUILD_BUG_ON ( RADIX_TREE_MAX_TAGS + __GFP_BITS_SHIFT > 32 ) ;
radix tree: use GFP_ZONEMASK bits of gfp_t for flags
Patch series "XArray", v9. (First part thereof).
This patchset is, I believe, appropriate for merging for 4.17. It
contains the XArray implementation, to eventually replace the radix
tree, and converts the page cache to use it.
This conversion keeps the radix tree and XArray data structures in sync
at all times. That allows us to convert the page cache one function at
a time and should allow for easier bisection. Other than renaming some
elements of the structures, the data structures are fundamentally
unchanged; a radix tree walk and an XArray walk will touch the same
number of cachelines. I have changes planned to the XArray data
structure, but those will happen in future patches.
Improvements the XArray has over the radix tree:
- The radix tree provides operations like other trees do; 'insert' and
'delete'. But what most users really want is an automatically
resizing array, and so it makes more sense to give users an API that
is like an array -- 'load' and 'store'. We still have an 'insert'
operation for users that really want that semantic.
- The XArray considers locking as part of its API. This simplifies a
lot of users who formerly had to manage their own locking just for
the radix tree. It also improves code generation as we can now tell
RCU that we're holding a lock and it doesn't need to generate as much
fencing code. The other advantage is that tree nodes can be moved
(not yet implemented).
- GFP flags are now parameters to calls which may need to allocate
memory. The radix tree forced users to decide what the allocation
flags would be at creation time. It's much clearer to specify them at
allocation time.
- Memory is not preloaded; we don't tie up dozens of pages on the off
chance that the slab allocator fails. Instead, we drop the lock,
allocate a new node and retry the operation. We have to convert all
the radix tree, IDA and IDR preload users before we can realise this
benefit, but I have not yet found a user which cannot be converted.
- The XArray provides a cmpxchg operation. The radix tree forces users
to roll their own (and at least four have).
- Iterators take a 'max' parameter. That simplifies many users and will
reduce the amount of iteration done.
- Iteration can proceed backwards. We only have one user for this, but
since it's called as part of the pagefault readahead algorithm, that
seemed worth mentioning.
- RCU-protected pointers are not exposed as part of the API. There are
some fun bugs where the page cache forgets to use rcu_dereference()
in the current codebase.
- Value entries gain an extra bit compared to radix tree exceptional
entries. That gives us the extra bit we need to put huge page swap
entries in the page cache.
- Some iterators now take a 'filter' argument instead of having
separate iterators for tagged/untagged iterations.
The page cache is improved by this:
- Shorter, easier to read code
- More efficient iterations
- Reduction in size of struct address_space
- Fewer walks from the top of the data structure; the XArray API
encourages staying at the leaf node and conducting operations there.
This patch (of 8):
None of these bits may be used for slab allocations, so we can use them
as radix tree flags as long as we mask them off before passing them to
the slab allocator. Move the IDR flag from the high bits to the
GFP_ZONEMASK bits.
Link: http://lkml.kernel.org/r/20180313132639.17387-3-willy@infradead.org
Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
Acked-by: Jeff Layton <jlayton@kernel.org>
Cc: Darrick J. Wong <darrick.wong@oracle.com>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-04-11 02:36:28 +03:00
BUILD_BUG_ON ( ROOT_IS_IDR & ~ GFP_ZONEMASK ) ;
2017-11-04 06:09:45 +03:00
BUILD_BUG_ON ( XA_CHUNK_SIZE > 255 ) ;
2005-04-17 02:20:36 +04:00
radix_tree_node_cachep = kmem_cache_create ( " radix_tree_node " ,
sizeof ( struct radix_tree_node ) , 0 ,
2008-04-28 13:12:05 +04:00
SLAB_PANIC | SLAB_RECLAIM_ACCOUNT ,
radix_tree_node_ctor ) ;
2016-11-03 17:50:01 +03:00
ret = cpuhp_setup_state_nocalls ( CPUHP_RADIX_DEAD , " lib/radix:dead " ,
NULL , radix_tree_cpu_dead ) ;
WARN_ON ( ret < 0 ) ;
2005-04-17 02:20:36 +04:00
}