From: Alice Ryhl <aliceryhl@google.com>
To: "David Hildenbrand (Arm)" <david@kernel.org>
Cc: "Jason Gunthorpe" <jgg@ziepe.ca>,
linux-kernel@vger.kernel.org,
"linux-mm @ kvack . org" <linux-mm@kvack.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Lorenzo Stoakes" <lorenzo.stoakes@oracle.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
"Vlastimil Babka" <vbabka@kernel.org>,
"Mike Rapoport" <rppt@kernel.org>,
"Suren Baghdasaryan" <surenb@google.com>,
"Michal Hocko" <mhocko@suse.com>, "Jann Horn" <jannh@google.com>,
"Pedro Falcato" <pfalcato@suse.de>,
"David Rientjes" <rientjes@google.com>,
"Shakeel Butt" <shakeel.butt@linux.dev>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
"Madhavan Srinivasan" <maddy@linux.ibm.com>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Janosch Frank" <frankja@linux.ibm.com>,
"Claudio Imbrenda" <imbrenda@linux.ibm.com>,
"Alexander Gordeev" <agordeev@linux.ibm.com>,
"Gerald Schaefer" <gerald.schaefer@linux.ibm.com>,
"Heiko Carstens" <hca@linux.ibm.com>,
"Vasily Gorbik" <gor@linux.ibm.com>,
"Jarkko Sakkinen" <jarkko@kernel.org>,
"Thomas Gleixner" <tglx@kernel.org>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Christian Brauner" <brauner@kernel.org>,
"Carlos Llamas" <cmllamas@google.com>,
"Ian Abbott" <abbotti@mev.co.uk>,
"H Hartley Sweeten" <hsweeten@visionengravers.com>,
"Jani Nikula" <jani.nikula@linux.intel.com>,
"Joonas Lahtinen" <joonas.lahtinen@linux.intel.com>,
"Rodrigo Vivi" <rodrigo.vivi@intel.com>,
"Tvrtko Ursulin" <tursulin@ursulin.net>,
"David Airlie" <airlied@gmail.com>,
"Simona Vetter" <simona@ffwll.ch>,
"Leon Romanovsky" <leon@kernel.org>,
"Dimitri Sivanich" <dimitri.sivanich@hpe.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Peter Zijlstra" <peterz@infradead.org>,
"Arnaldo Carvalho de Melo" <acme@kernel.org>,
"Namhyung Kim" <namhyung@kernel.org>,
"Andy Lutomirski" <luto@kernel.org>,
"Vincenzo Frascino" <vincenzo.frascino@arm.com>,
"Eric Dumazet" <edumazet@google.com>,
"Neal Cardwell" <ncardwell@google.com>,
"David S. Miller" <davem@davemloft.net>,
"David Ahern" <dsahern@kernel.org>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org,
linux-s390@vger.kernel.org, linux-sgx@vger.kernel.org,
intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-rdma@vger.kernel.org, bpf@vger.kernel.org,
linux-perf-users@vger.kernel.org, linux-fsdevel@vger.kernel.org,
netdev@vger.kernel.org, rust-for-linux@vger.kernel.org,
x86@kernel.org
Subject: Re: [PATCH v1 16/16] mm/memory: support VM_MIXEDMAP in zap_special_vma_range()
Date: Wed, 11 Mar 2026 09:38:45 +0000 [thread overview]
Message-ID: <abE4JYo223OxWCBQ@google.com> (raw)
In-Reply-To: <61df6369-333c-430a-bd18-c5b1acae68ea@kernel.org>
On Wed, Mar 11, 2026 at 10:15:12AM +0100, David Hildenbrand (Arm) wrote:
> On 3/9/26 15:29, Jason Gunthorpe wrote:
> > On Fri, Feb 27, 2026 at 09:08:47PM +0100, David Hildenbrand (Arm) wrote:
> >> There is demand for also zapping page table entries by drivers in
> >> VM_MIXEDMAP VMAs[1].
> >>
> >> Nothing really speaks against supporting VM_MIXEDMAP for driver use. We
> >> just don't want arbitrary drivers to zap in ordinary (non-special) VMAs.
> >>
> >> [1] https://lore.kernel.org/r/aYSKyr7StGpGKNqW@google.com
> >
> > Are we sure about this?
>
> Yes, I don't think relaxing this for drivers to use it on VM_MIXEDMAP is
> a problem.
>
> >
> > This whole function seems like a hack to support drivers that are not
> > using an address_space.
>
> I assume, then using
> unmap_mapping_folio()/unmap_mapping_pages()/unmap_mapping_range() instead.
>
> >
> > I say that as one of the five driver authors who have made this
> > mistake.
> >
> > The locking to safely use this function is really hard to do properly,
> > IDK if binder can shift to use address_space ??
> I cannot really tell.
>
> Skimming over the code, it looks like it really always handles "single
> VMA" stuff ("Since a binder_alloc can only be mapped once, we ensure the
> vma corresponds to this mapping by checking whether the binder_alloc is
> still mapped"), which makes the locking rather trivial.
>
> It does seem to mostly allocate/free pages in a single VMA, where I
> think the existing usage of zap_vma_range() makes sense.
>
> So I'm not sure if using address_space would really be an improvement there.
>
> Having that said, maybe binder folks can be motivated to look into that.
> But I would consider that future work.
It doesn't really make sense to have multiple binder VMAs. What happens
with Rust Binder is that process A is receiving transactions and has the
VMA mapped once.
* Process B sends a transaction to process A, and the ioctl (running in
process B) will memcpy the message to A directly into the pages of A's
VMA.
* Then, B wakes up A, which causes A to return from the receive ioctl.
* The return value of the receive ioctl is a pointer, which points
somewhere inside A's VMA to the location containing the message from
B.
* Process A will deref the pointer to read the message from B.
* Once Process A is done handling the transaction, it invokes another
ioctl to tell the kernel that it is done with this transaction, that
is, it is not safe for the kernel to reuse that subset of the VMA for
new incoming transactions.
When Binder returns from its ioctl and gives you a pointer, it needs to
know where the VMA is mapped, because otherwise it can't really give you
a pointer into the VMA.
It's generally not safe for userspace to touch its Binder VMA unless it
has been told that there is a message there. Pages that do not contain
any messages may be entirely missing, and trying to read them leads to
segfault. (Though such pages may also be present if there was previously
a message in the page. The unused pages are kept around to reuse them
for future messages, unless there is memory pressure.)
Alice
next prev parent reply other threads:[~2026-03-11 9:38 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-27 20:08 [PATCH v1 00/16] mm: cleanups around unmapping / zapping David Hildenbrand (Arm)
2026-02-27 20:08 ` [PATCH v1 01/16] mm/madvise: drop range checks in madvise_free_single_vma() David Hildenbrand (Arm)
2026-03-06 12:03 ` Lorenzo Stoakes (Oracle)
2026-02-27 20:08 ` [PATCH v1 02/16] mm/memory: remove "zap_details" parameter from zap_page_range_single() David Hildenbrand (Arm)
2026-02-28 12:38 ` Alice Ryhl
2026-03-02 8:18 ` David Hildenbrand (Arm)
2026-03-02 10:01 ` Alice Ryhl
2026-03-02 10:27 ` David Hildenbrand (Arm)
2026-03-02 10:33 ` Alice Ryhl
2026-03-02 15:01 ` David Hildenbrand (Arm)
2026-03-02 15:41 ` Alice Ryhl
2026-03-03 20:49 ` Miguel Ojeda
2026-03-04 8:47 ` David Hildenbrand (Arm)
2026-03-06 12:06 ` Lorenzo Stoakes (Oracle)
2026-03-09 16:44 ` Puranjay Mohan
2026-02-27 20:08 ` [PATCH v1 03/16] mm/memory: inline unmap_mapping_range_vma() into unmap_mapping_range_tree() David Hildenbrand (Arm)
2026-03-06 12:07 ` Lorenzo Stoakes (Oracle)
2026-02-27 20:08 ` [PATCH v1 04/16] mm/memory: simplify calculation in unmap_mapping_range_tree() David Hildenbrand (Arm)
2026-03-06 12:12 ` Lorenzo Stoakes (Oracle)
2026-03-11 8:09 ` David Hildenbrand (Arm)
2026-02-27 20:08 ` [PATCH v1 05/16] mm/oom_kill: use MMU_NOTIFY_CLEAR in __oom_reap_task_mm() David Hildenbrand (Arm)
2026-03-06 12:14 ` Lorenzo Stoakes (Oracle)
2026-02-27 20:08 ` [PATCH v1 06/16] mm/oom_kill: factor out zapping of VMA into zap_vma_for_reaping() David Hildenbrand (Arm)
2026-03-06 12:17 ` Lorenzo Stoakes (Oracle)
2026-02-27 20:08 ` [PATCH v1 07/16] mm/memory: rename unmap_single_vma() to __zap_vma_range() David Hildenbrand (Arm)
2026-03-06 12:17 ` Lorenzo Stoakes (Oracle)
2026-02-27 20:08 ` [PATCH v1 08/16] mm/memory: move adjusting of address range to unmap_vmas() David Hildenbrand (Arm)
2026-03-06 12:40 ` Lorenzo Stoakes (Oracle)
2026-02-27 20:08 ` [PATCH v1 09/16] mm/memory: convert details->even_cows into details->skip_cows David Hildenbrand (Arm)
2026-03-06 12:21 ` Lorenzo Stoakes (Oracle)
2026-03-11 8:28 ` David Hildenbrand (Arm)
2026-02-27 20:08 ` [PATCH v1 10/16] mm/memory: use __zap_vma_range() in zap_vma_for_reaping() David Hildenbrand (Arm)
2026-03-06 12:26 ` Lorenzo Stoakes (Oracle)
2026-03-11 8:18 ` David Hildenbrand (Arm)
2026-02-27 20:08 ` [PATCH v1 11/16] mm/memory: inline unmap_page_range() into __zap_vma_range() David Hildenbrand (Arm)
2026-03-06 12:29 ` Lorenzo Stoakes (Oracle)
2026-03-06 13:16 ` David Hildenbrand (Arm)
2026-03-09 13:46 ` Lorenzo Stoakes (Oracle)
2026-03-11 9:20 ` David Hildenbrand (Arm)
2026-02-27 20:08 ` [PATCH v1 12/16] mm: rename zap_vma_pages() to zap_vma() David Hildenbrand (Arm)
2026-03-06 12:30 ` Lorenzo Stoakes (Oracle)
2026-02-27 20:08 ` [PATCH v1 13/16] mm: rename zap_page_range_single_batched() to zap_vma_range_batched() David Hildenbrand (Arm)
2026-03-06 12:31 ` Lorenzo Stoakes (Oracle)
2026-02-27 20:08 ` [PATCH v1 14/16] mm: rename zap_page_range_single() to zap_vma_range() David Hildenbrand (Arm)
2026-02-28 12:44 ` Alice Ryhl
2026-03-02 8:22 ` David Hildenbrand (Arm)
2026-03-06 12:32 ` Lorenzo Stoakes (Oracle)
2026-03-09 16:46 ` Puranjay Mohan
2026-02-27 20:08 ` [PATCH v1 15/16] mm: rename zap_vma_ptes() to zap_special_vma_range() David Hildenbrand (Arm)
2026-03-04 15:26 ` Leon Romanovsky
2026-03-06 12:41 ` Lorenzo Stoakes (Oracle)
2026-03-11 8:20 ` David Hildenbrand (Arm)
2026-02-27 20:08 ` [PATCH v1 16/16] mm/memory: support VM_MIXEDMAP in zap_special_vma_range() David Hildenbrand (Arm)
2026-03-06 12:43 ` Lorenzo Stoakes (Oracle)
2026-03-09 14:29 ` Jason Gunthorpe
2026-03-11 9:15 ` David Hildenbrand (Arm)
2026-03-11 9:38 ` Alice Ryhl [this message]
2026-03-11 12:04 ` Jason Gunthorpe
2026-03-11 16:01 ` Alice Ryhl
2026-03-02 23:29 ` [PATCH v1 00/16] mm: cleanups around unmapping / zapping Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abE4JYo223OxWCBQ@google.com \
--to=aliceryhl@google.com \
--cc=Liam.Howlett@oracle.com \
--cc=abbotti@mev.co.uk \
--cc=acme@kernel.org \
--cc=agordeev@linux.ibm.com \
--cc=airlied@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andrii@kernel.org \
--cc=arnd@arndb.de \
--cc=arve@android.com \
--cc=ast@kernel.org \
--cc=borntraeger@linux.ibm.com \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=david@kernel.org \
--cc=dimitri.sivanich@hpe.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=frankja@linux.ibm.com \
--cc=gerald.schaefer@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=hca@linux.ibm.com \
--cc=hsweeten@visionengravers.com \
--cc=imbrenda@linux.ibm.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jani.nikula@linux.intel.com \
--cc=jannh@google.com \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=joonas.lahtinen@linux.intel.com \
--cc=kuba@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=leon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=luto@kernel.org \
--cc=maddy@linux.ibm.com \
--cc=mhocko@suse.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=namhyung@kernel.org \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=pabeni@redhat.com \
--cc=peterz@infradead.org \
--cc=pfalcato@suse.de \
--cc=rientjes@google.com \
--cc=rodrigo.vivi@intel.com \
--cc=rppt@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=shakeel.butt@linux.dev \
--cc=simona@ffwll.ch \
--cc=surenb@google.com \
--cc=tglx@kernel.org \
--cc=tkjos@android.com \
--cc=tursulin@ursulin.net \
--cc=vbabka@kernel.org \
--cc=vincenzo.frascino@arm.com \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox