Sched_ext development
 help / color / mirror / Atom feed
* [PATCH bpf-next] bpf: Overwrite scratch PTE when allocating arena pages
@ 2026-05-31 16:58 Tejun Heo
  2026-05-31 17:08 ` sashiko-bot
  2026-05-31 17:35 ` bot+bpf-ci
  0 siblings, 2 replies; 3+ messages in thread
From: Tejun Heo @ 2026-05-31 16:58 UTC (permalink / raw)
  To: ast, andrii, daniel, martin.lau
  Cc: memxor, david, emil, bpf, sched-ext, linux-kernel

apply_range_set_cb() maps the pages for a new arena allocation. It returned
-EBUSY when the target PTE was already populated.

Kernel-fault recovery can leave the per-arena scratch page in an otherwise
unallocated arena PTE: a BPF program that touched an unallocated address
gets the scratch page installed there. A later bpf_arena_alloc_pages()
covering that page then finds the PTE populated, returns -EBUSY, and leaves
the scratch page in place. Every subsequent allocation of that page fails
the same way.

Drop the must-be-empty check so set_pte_at() installs the real page
unconditionally, overwriting a scratch (or empty) PTE.

Suggested-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: David Hildenbrand <david@kernel.org>
---
 kernel/bpf/arena.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/kernel/bpf/arena.c
+++ b/kernel/bpf/arena.c
@@ -131,15 +131,13 @@ static int apply_range_set_cb(pte_t *pte
 
 	if (!data)
 		return 0;
-	/* sanity check */
-	if (unlikely(!pte_none(ptep_get(pte))))
-		return -EBUSY;
 
 	page = d->pages[d->i];
 	/* paranoia, similar to vmap_pages_pte_range() */
 	if (WARN_ON_ONCE(!pfn_valid(page_to_pfn(page))))
 		return -EINVAL;
 
+	/* May be none or the scratch page, overwrite either way */
 	set_pte_at(&init_mm, addr, pte, mk_pte(page, PAGE_KERNEL));
 	d->i++;
 	return 0;

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-05-31 17:35 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-31 16:58 [PATCH bpf-next] bpf: Overwrite scratch PTE when allocating arena pages Tejun Heo
2026-05-31 17:08 ` sashiko-bot
2026-05-31 17:35 ` bot+bpf-ci

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox