From: Dev Jain <dev.jain@arm.com>
To: akpm@linux-foundation.org, david@redhat.com,
catalin.marinas@arm.com, will@kernel.org
Cc: lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com,
vbabka@suse.cz, rppt@kernel.org, surenb@google.com,
mhocko@suse.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, suzuki.poulose@arm.com,
steven.price@arm.com, gshan@redhat.com,
linux-arm-kernel@lists.infradead.org,
yang@os.amperecomputing.com, ryan.roberts@arm.com,
anshuman.khandual@arm.com, Dev Jain <dev.jain@arm.com>
Subject: [PATCH v2 1/2] mm: Allow lockless kernel pagetable walking
Date: Tue, 10 Jun 2025 17:14:00 +0530 [thread overview]
Message-ID: <20250610114401.7097-2-dev.jain@arm.com> (raw)
In-Reply-To: <20250610114401.7097-1-dev.jain@arm.com>
arm64 currently changes permissions on vmalloc objects locklessly, via
apply_to_page_range. Patch 2 moves away from this to use the pagewalk API,
since a limitation of the former is to deny changing permissions for block
mappings. However, the API currently enforces the init_mm.mmap_lock to be
held. To avoid the unnecessary bottleneck of the mmap_lock for our usecase,
this patch extends this generic API to be used locklessly, so as to retain
the existing behaviour for changing permissions. Apart from this reason,
it is noted at [1] that KFENCE can manipulate kernel pgtable entries during
softirqs. It does this by calling set_memory_valid() -> __change_memory_common().
This being a non-sleepable context, we cannot take the init_mm mmap lock.
Since such extension can potentially be dangerous for other callers
consuming the pagewalk API, explicitly disallow lockless traversal for
userspace pagetables by returning EINVAL. Add comments to highlight the
conditions under which we can use the API locklessly - no underlying VMA,
and the user having exclusive control over the range, thus guaranteeing no
concurrent access.
Signed-off-by: Dev Jain <dev.jain@arm.com>
---
include/linux/pagewalk.h | 7 +++++++
mm/pagewalk.c | 23 ++++++++++++++++++-----
2 files changed, 25 insertions(+), 5 deletions(-)
diff --git a/include/linux/pagewalk.h b/include/linux/pagewalk.h
index 8ac2f6d6d2a3..5efd6541239b 100644
--- a/include/linux/pagewalk.h
+++ b/include/linux/pagewalk.h
@@ -14,6 +14,13 @@ enum page_walk_lock {
PGWALK_WRLOCK = 1,
/* vma is expected to be already write-locked during the walk */
PGWALK_WRLOCK_VERIFY = 2,
+ /*
+ * Walk without any lock. Use of this is only meant for the
+ * case where there is no underlying VMA, and the user has
+ * exclusive control over the range, guaranteeing no concurrent
+ * access. For example, changing permissions of vmalloc objects.
+ */
+ PGWALK_NOLOCK = 3,
};
/**
diff --git a/mm/pagewalk.c b/mm/pagewalk.c
index ff5299eca687..d55d933f84ec 100644
--- a/mm/pagewalk.c
+++ b/mm/pagewalk.c
@@ -417,13 +417,17 @@ static int __walk_page_range(unsigned long start, unsigned long end,
return err;
}
-static inline void process_mm_walk_lock(struct mm_struct *mm,
+static inline bool process_mm_walk_lock(struct mm_struct *mm,
enum page_walk_lock walk_lock)
{
+ if (walk_lock == PGWALK_NOLOCK)
+ return 1;
+
if (walk_lock == PGWALK_RDLOCK)
mmap_assert_locked(mm);
else
mmap_assert_write_locked(mm);
+ return 0;
}
static inline void process_vma_walk_lock(struct vm_area_struct *vma,
@@ -440,6 +444,8 @@ static inline void process_vma_walk_lock(struct vm_area_struct *vma,
case PGWALK_RDLOCK:
/* PGWALK_RDLOCK is handled by process_mm_walk_lock */
break;
+ case PGWALK_NOLOCK:
+ break;
}
#endif
}
@@ -470,7 +476,8 @@ int walk_page_range_mm(struct mm_struct *mm, unsigned long start,
if (!walk.mm)
return -EINVAL;
- process_mm_walk_lock(walk.mm, ops->walk_lock);
+ if (process_mm_walk_lock(walk.mm, ops->walk_lock))
+ return -EINVAL;
vma = find_vma(walk.mm, start);
do {
@@ -626,8 +633,12 @@ int walk_kernel_page_table_range(unsigned long start, unsigned long end,
* to prevent the intermediate kernel pages tables belonging to the
* specified address range from being freed. The caller should take
* other actions to prevent this race.
+ *
+ * If the caller can guarantee that it has exclusive access to the
+ * specified address range, only then it can use PGWALK_NOLOCK.
*/
- mmap_assert_locked(mm);
+ if (ops->walk_lock != PGWALK_NOLOCK)
+ mmap_assert_locked(mm);
return walk_pgd_range(start, end, &walk);
}
@@ -699,7 +710,8 @@ int walk_page_range_vma(struct vm_area_struct *vma, unsigned long start,
if (!check_ops_valid(ops))
return -EINVAL;
- process_mm_walk_lock(walk.mm, ops->walk_lock);
+ if (process_mm_walk_lock(walk.mm, ops->walk_lock))
+ return -EINVAL;
process_vma_walk_lock(vma, ops->walk_lock);
return __walk_page_range(start, end, &walk);
}
@@ -719,7 +731,8 @@ int walk_page_vma(struct vm_area_struct *vma, const struct mm_walk_ops *ops,
if (!check_ops_valid(ops))
return -EINVAL;
- process_mm_walk_lock(walk.mm, ops->walk_lock);
+ if (process_mm_walk_lock(walk.mm, ops->walk_lock))
+ return -EINVAL;
process_vma_walk_lock(vma, ops->walk_lock);
return __walk_page_range(vma->vm_start, vma->vm_end, &walk);
}
--
2.30.2
next prev parent reply other threads:[~2025-06-10 11:44 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 11:43 [PATCH v2 0/2] Enable permission change on arm64 kernel block mappings Dev Jain
2025-06-10 11:44 ` Dev Jain [this message]
2025-06-10 12:07 ` [PATCH v2 1/2] mm: Allow lockless kernel pagetable walking Lorenzo Stoakes
2025-06-10 12:40 ` Dev Jain
2025-06-10 12:57 ` Lorenzo Stoakes
2025-06-11 3:43 ` Dev Jain
2025-06-10 13:24 ` David Hildenbrand
2025-06-10 13:25 ` David Hildenbrand
2025-06-10 13:27 ` Lorenzo Stoakes
2025-06-10 13:31 ` David Hildenbrand
2025-06-10 13:35 ` Lorenzo Stoakes
2025-06-10 13:44 ` David Hildenbrand
2025-06-11 3:45 ` Dev Jain
2025-06-10 11:44 ` [PATCH v2 2/2] arm64: pageattr: Use walk_page_range_novma() to change memory permissions Dev Jain
2025-06-10 13:14 ` David Hildenbrand
2025-06-10 14:41 ` Ryan Roberts
2025-06-11 4:01 ` Dev Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250610114401.7097-2-dev.jain@arm.com \
--to=dev.jain@arm.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=anshuman.khandual@arm.com \
--cc=catalin.marinas@arm.com \
--cc=david@redhat.com \
--cc=gshan@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mhocko@suse.com \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=steven.price@arm.com \
--cc=surenb@google.com \
--cc=suzuki.poulose@arm.com \
--cc=vbabka@suse.cz \
--cc=will@kernel.org \
--cc=yang@os.amperecomputing.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).