From: "David Hildenbrand (Arm)" <david@kernel.org>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>,
Rich Felker <dalias@libc.org>,
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
Jiri Olsa <jolsa@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Lorenzo Stoakes <ljs@kernel.org>,
Vlastimil Babka <vbabka@kernel.org>,
Mike Rapoport <rppt@kernel.org>,
Suren Baghdasaryan <surenb@google.com>,
Michal Hocko <mhocko@suse.com>, Rik van Riel <riel@surriel.com>,
Harry Yoo <harry@kernel.org>, Jann Horn <jannh@google.com>,
Matthew Wilcox <willy@infradead.org>,
"Liam R. Howlett" <liam@infradead.org>,
linux-sh@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
bpf <bpf@vger.kernel.org>, linux-mm <linux-mm@kvack.org>,
Ryan Roberts <Ryan.Roberts@arm.com>
Subject: Re: [PATCH 0/3] mm: remove page_mapped()
Date: Tue, 28 Apr 2026 07:37:00 +0200 [thread overview]
Message-ID: <06d11ed8-8532-4748-8ce2-6715c4665dc5@kernel.org> (raw)
In-Reply-To: <CAADnVQ+t549-aWEXq=ZUN79H-M=std3-Q8w3fU+dyNhF7mNjyA@mail.gmail.com>
On 4/27/26 23:38, Alexei Starovoitov wrote:
> On Mon, Apr 27, 2026 at 9:59 PM David Hildenbrand (Arm)
> <david@kernel.org> wrote:
>>
>> On 4/27/26 13:43, David Hildenbrand (Arm) wrote:
>>> While preparing my slides for an LSF/MM talk, I realized that I did not
>>> yet remove page_mapped().
>>>
>>> So let's do that. In the BPF arena code it's unclear which memdesc we
>>> would want to allocate in the future: certainly something with a
>>> refcount, but likely none with a mapcount. So let's just rely on
>>> the page refcount instead to decide whether we want to try zapping the
>>> page from user page tables.
>>>
>>> Signed-off-by: David Hildenbrand (Arm) <david@kernel.org>
>>> ---
>>
>> I scanned AI review and I think it founds something that is not related to this
>> patch.
>>
>> We use the page_mapped()->page_ref_count() check as an optimization to avoid
>> calling zap_vma_range(). We must be able to call it even without that optimization.
>>
>> Just like the bulk zap call earlier
>>
>> if (page_cnt > 1)
>> /* bulk zap if multiple pages being freed */
>> zap_pages(arena, full_uaddr, page_cnt);
>>
>> It talks about concurrent "munmap(), unmap_region() executes unmap_vmas()"
>> racing with our zap_vma_range().
>>
>> Looking into the details, arena_map_mmap() calls remember_vma(). We reject
>> mremap and VMA split. arena_vm_close() removes the VMA from the list. The
>> arena->lock protects our VMA list.
>>
>> So in zap_pages, the VMA cannot go away. If we find a VMA, ->close could not
>> have been called yet.
>>
>> In vma.c, we call remove_vma() after vms_clear_pte(). So after unmapping the
>> pages and freeing the page tables.
>>
>> So munmap() can indeed race with zap_vma_range(), and the page_mapped() check
>> would not have changed anything about that really.
>>
>>
>> @BPF folks: does BPF take anywhere the mmap lock in read mode before calling
>> zap_vma_range()? It should do that.
>
> Yes, but do NOT.
In general, do NOT talk to me like that.
As I discussed recently with Ryan, we should update the locking requirements for
zap_vma_range().
I assume friendly BPF folks will take care of fixing this.
--
Cheers,
David
prev parent reply other threads:[~2026-04-28 5:37 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-27 11:43 [PATCH 0/3] mm: remove page_mapped() David Hildenbrand (Arm)
2026-04-27 11:43 ` [PATCH 1/3] sh: use folio_mapped() instead of page_mapped() in sh4_flush_cache_page() David Hildenbrand (Arm)
2026-04-27 12:43 ` Matthew Wilcox
2026-04-27 11:43 ` [PATCH 2/3] bpf: arena: use page_ref_count() instead of page_mapped() in arena_free_pages() David Hildenbrand (Arm)
2026-04-27 12:17 ` Andrew Morton
2026-04-27 15:00 ` Alexei Starovoitov
2026-04-27 15:15 ` Andrew Morton
2026-04-27 15:27 ` Alexei Starovoitov
2026-04-28 8:16 ` David Hildenbrand (Arm)
2026-04-28 16:58 ` Alexei Starovoitov
2026-04-28 19:38 ` David Hildenbrand (Arm)
2026-04-28 8:44 ` Vlastimil Babka (SUSE)
2026-04-27 13:00 ` Matthew Wilcox
2026-04-27 20:14 ` sashiko-bot
2026-04-27 11:43 ` [PATCH 3/3] mm: remove page_mapped() David Hildenbrand (Arm)
2026-04-27 13:12 ` Matthew Wilcox
2026-04-27 13:21 ` Andrew Morton
2026-04-27 13:23 ` David Hildenbrand (Arm)
2026-04-27 14:42 ` Breno Leitao
2026-04-27 14:59 ` Matthew Wilcox
2026-04-27 20:59 ` [PATCH 0/3] " David Hildenbrand (Arm)
2026-04-27 21:38 ` Alexei Starovoitov
2026-04-28 5:37 ` David Hildenbrand (Arm) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=06d11ed8-8532-4748-8ce2-6715c4665dc5@kernel.org \
--to=david@kernel.org \
--cc=Ryan.Roberts@arm.com \
--cc=akpm@linux-foundation.org \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=dalias@libc.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=glaubitz@physik.fu-berlin.de \
--cc=harry@kernel.org \
--cc=jannh@google.com \
--cc=jolsa@kernel.org \
--cc=liam@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-sh@vger.kernel.org \
--cc=ljs@kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=mhocko@suse.com \
--cc=riel@surriel.com \
--cc=rppt@kernel.org \
--cc=song@kernel.org \
--cc=surenb@google.com \
--cc=vbabka@kernel.org \
--cc=willy@infradead.org \
--cc=yonghong.song@linux.dev \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.