Re: [PATCH v10 0/4] mm/vmalloc: free unused pages on vrealloc() shrink

[Uladzislau Rezki <urezki@gmail.com>]

On Tue, Apr 14, 2026 at 04:57:55PM +0000, Alice Ryhl wrote:
> On Tue, Apr 14, 2026 at 02:09:09PM +0530, Shivam Kalra wrote:
> > On 04/04/26 14:06, Shivam Kalra via B4 Relay wrote:
> > > This series implements the TODO in vrealloc() to unmap and free unused
> > > pages when shrinking across a page boundary.
> > > 
> > > Problem:
> > > When vrealloc() shrinks an allocation, it updates bookkeeping
> > > (requested_size, KASAN shadow) but does not free the underlying physical
> > > pages. This wastes memory for the lifetime of the allocation.
> > > 
> > > Solution:
> > > - Patch 1: Extracts a vm_area_free_pages(vm, start_idx, end_idx) helper
> > >   from vfree() that frees a range of pages with memcg and nr_vmalloc_pages
> > >   accounting. Freed page pointers are set to NULL to prevent stale
> > >   references.
> > > - Patch 2: Update the grow-in-place check in vrealloc() to compare the
> > >   requested size against the actual physical page count (vm->nr_pages) 
> > >   rather than the virtual area sizes. This is a prerequisite for shrinking.
> > > - Patch 3: Uses the helper to free tail pages when vrealloc() shrinks
> > >   across a page boundary. 
> > > - Patch 4: Adds a vrealloc test case to lib/test_vmalloc that exercises
> > >   grow-realloc, shrink-across-boundary, shrink-within-page, and
> > >   grow-in-place paths.
> > > 
> > > The virtual address reservation is kept intact to preserve the range
> > > for potential future grow-in-place support.
> > > A concrete user is the Rust binder driver's KVVec::shrink_to [1], which
> > > performs explicit vrealloc() shrinks for memory reclamation.
> > > 
> > > Tested:
> > > - KASAN KUnit (vmalloc_oob passes)
> > > - lib/test_vmalloc stress tests (3/3, 1M iterations each)
> > > - checkpatch, sparse, W=1, allmodconfig, coccicheck clean
> > > 
> > > [1] https://lore.kernel.org/all/20260216-binder-shrink-vec-v3-v6-0-ece8e8593e53@zohomail.in/
> > > 
> > > Suggested-by: Danilo Krummrich <dakr@kernel.org>
> > > Signed-off-by: Shivam Kalra <shivamkalra98@zohomail.in>
> > > ---
> > > Changes in v10:
> > > - Reorder vm->nr_pages to the beginning (Alice Ryhl)
> > > - Link to v9: https://lore.kernel.org/r/20260401-vmalloc-shrink-v9-0-bf58dfb997d8@zohomail.in
> > > 
> > > Changes in v9:
> > > - Remove READ_ONCE, WRITE_ONCE and drop commit
> > >   about show_numa_info. (Uladzislau Rezki)
> > > - Update the commit message in Patch 2. (Alice Ryhl)
> > > - Remove zero newly exposed memory commit.
> > > - Link to v8: https://lore.kernel.org/r/20260327-vmalloc-shrink-v8-0-cc6b57059ed7@zohomail.in
> > > 
> > > Changes in v8:
> > > - Strip the KASAN tag from the pointer before addr_to_node()
> > >   to avoid acquiring the wrong node lock (Sashiko).
> > > - Rebase to latest mm-new.
> > > - Link to v7: https://lore.kernel.org/r/20260324-vmalloc-shrink-v7-0-c0e62b8e5d83@zohomail.in
> > > 
> > > Changes in v7:
> > > - Fix NULL pointer dereference in shrink path (Sashiko)
> > > - Acquire vn->busy.lock when updating vm->nr_pages to synchronize 
> > >   with concurrent readers (Uladzislau Rezki)
> > > - Use READ_ONCE in vmalloc_dump_obj (Sashiko)
> > > - Skip shrink path on GFP_NIO or GFP_NOFS. (Sashiko)
> > > - Fix Overflow issue for large allocations. (Sashiko)
> > > - Use vrealloc instead of vmalloc in vrealloc test.  
> > > - Link to v6: https://lore.kernel.org/r/20260321-vmalloc-shrink-v6-0-062ca7b7ceb2@zohomail.in
> > > 
> > > Changes in v6:
> > > - Fix VM_USERMAP crash by explicitly bypassing early in the shrink path if the flag is set.(Sashiko)
> > > - Fix Kmemleak scanner panic by calling kmemleak_free_part() to update tracking on shrink.(Sashiko)
> > > - Fix /proc/vmallocinfo race condition by protecting vm->nr_pages access with 
> > >   READ_ONCE()/WRITE_ONCE() for concurrent readers.(Sashiko)
> > > - Fix stale data leak on grow-after-shrink by enforcing mandatory zeroing of the newly exposed memory.(Sashiko)
> > > - Fix memory leaks in vrealloc_test() by using a temporary pointer to preserve and 
> > >   free the original allocation upon failure.(Sashiko)
> > > - Rename vmalloc_free_pages parameters from start/end to start_idx/end_idx for better clarity.(Uladzislau Rezki)
> > > - Link to v5: https://lore.kernel.org/r/20260317-vmalloc-shrink-v5-0-bbfbf54c5265@zohomail.in
> > > - Link to Sashiko: https://sashiko.dev/#/patchset/20260317-vmalloc-shrink-v5-0-bbfbf54c5265%40zohomail.in
> > > 
> > > Changes in v5:
> > > - Skip vrealloc shrink for VM_FLUSH_RESET_PERMS (Uladzislau Rezki)
> > > - Link to v4: https://lore.kernel.org/r/20260314-vmalloc-shrink-v4-0-c1e2e0bb5455@zohomail.in
> > > 
> > > Changes in v4:
> > > - Rename vmalloc_free_pages() to vm_area_free_pages() to align with
> > >   vm_area_alloc_pages() (Uladzislau Rezki)
> > > - NULL out freed vm->pages[] entries to prevent stale pointers (Alice Ryhl)
> > > - Remove redundant if (vm->nr_pages) guard in vfree() (Uladzislau Rezki)
> > > - Add vrealloc test case to lib/test_vmalloc (new patch 3/3)
> > > - Link to v3: https://lore.kernel.org/r/20260309-vmalloc-shrink-v3-0-5590fd8de2eb@zohomail.in
> > > 
> > > Changes in v3:
> > > - Restore the comment.
> > > - Rebase to the latest mm-new 
> > > - Link to v2: https://lore.kernel.org/r/20260304-vmalloc-shrink-v2-0-28c291d60100@zohomail.in
> > > 
> > > Changes in v2:
> > > - Updated the base-commit to mm-new
> > > - Fix conflicts after rebase
> > > - Ran `clang-format` on the changes made
> > > - Use a single `kasan_vrealloc` (Alice Ryhl)
> > > - Link to v1: https://lore.kernel.org/r/20260302-vmalloc-shrink-v1-0-46deff465b7e@zohomail.in
> > > 
> > > ---
> > > Shivam Kalra (4):
> > >       mm/vmalloc: extract vm_area_free_pages() helper from vfree()
> > >       mm/vmalloc: use physical page count for vrealloc() grow-in-place check
> > >       mm/vmalloc: free unused pages on vrealloc() shrink
> > >       lib/test_vmalloc: add vrealloc test case
> > > 
> > >  lib/test_vmalloc.c |  62 ++++++++++++++++++++++++++++++
> > >  mm/vmalloc.c       | 111 ++++++++++++++++++++++++++++++++++++++++++++---------
> > >  2 files changed, 154 insertions(+), 19 deletions(-)
> > > ---
> > > base-commit: b47b4fa4c232ee36aae58630e9d6520e35d33f3a
> > > change-id: 20260302-vmalloc-shrink-04b2fa688a14
> > > 
> > > Best regards,
> > Hey Ulad, Andrew
> > A gentle thread bump. Will we include this in this merge window?
> > Let me know if you have any suggestions, I will resolve them
> > asap.
> 
> If you mean the merge window that opened yesterday, then it's too late
> for that, and I believe we agreed to not include it there anyway in [1].
> 
> I can try to look at it again. I guess the main difficult thing is
> interactions with other parts of the kernel, of which sashiko claims to
> have found another one [2]. I can't help but wonder if it would be
> better to reduce the vma size to avoid issues with other codepaths using
> get_vm_area_size(vm) and assuming that all pages in that range are
> mapped.
> 
> [1]: https://lore.kernel.org/lkml/20260327113758.75f04588310a707b4d4b1aac@linux-foundation.org/
> [2]: https://sashiko.dev/#/patchset/20260404-vmalloc-shrink-v10-0-335759165dfa%40zohomail.in
>
Yep, the problem reported by Sashiko regarding area->size and vread_iter()
is correct. V10 does not address this. 

I am not sure that reducing vma size is a good approach here. It is
widely used and we might end up with fixing even more corner cases.

vread_iter() and vm-size calculation there should be fixed.

--
Uladzislau Rezki