Re: [PATCH v4 07/15] mm: pgtable: introduce pagetable_dtor()

[Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx>]

On 2025/1/6 18:34, Alexander Gordeev wrote:
> On Mon, Dec 30, 2024 at 05:07:42PM +0800, Qi Zheng wrote:
> > The pagetable_p*_dtor() are exactly the same except for the handling of
> > ptlock. If we make ptlock_free() handle the case where ptdesc->ptl is
> > NULL and remove VM_BUG_ON_PAGE() from pmd_ptlock_free(), we can unify
> > pagetable_p*_dtor() into one function. Let's introduce pagetable_dtor()
> > to do this.
> >
> > Later, pagetable_dtor() will be moved to tlb_remove_ptdesc(), so that
> > ptlock and page table pages can be freed together (regardless of whether
> > RCU is used). This prevents the use-after-free problem where the ptlock
> > is freed immediately but the page table pages is freed later via RCU.
> >
> > Signed-off-by: Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx>
> > Originally-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
> ...
> > diff --git a/include/linux/mm.h b/include/linux/mm.h
> > index 5d82f42ddd5cc..cad11fa10c192 100644
> > --- a/include/linux/mm.h
> > +++ b/include/linux/mm.h
> > @@ -2992,6 +2992,15 @@ static inline bool ptlock_init(struct ptdesc *ptdesc) { return true; }
> >   static inline void ptlock_free(struct ptdesc *ptdesc) {}
> >   #endif /* defined(CONFIG_SPLIT_PTE_PTLOCKS) */
> >   
> > +static inline void pagetable_dtor(struct ptdesc *ptdesc)
> > +{
> > +	struct folio *folio = ptdesc_folio(ptdesc);
> > +
> > +	ptlock_free(ptdesc);
> > +	__folio_clear_pgtable(folio);
> > +	lruvec_stat_sub_folio(folio, NR_PAGETABLE);
> > +}
> > +
>
> If I am not mistaken, it is just pagetable_pte_dtor() rename.
> What is the point in moving the code around?

No, this is to unify pagetable_p*_dtor() into pagetable_dtor(), so
that we can move pagetable_dtor() to __tlb_remove_table(), and then
ptlock and PTE page can be freed together through RCU, which is
also the main purpose of this patch series.

Thanks!

> >   static inline bool pagetable_pte_ctor(struct ptdesc *ptdesc)
> >   {
> >   	struct folio *folio = ptdesc_folio(ptdesc);
> > @@ -3003,15 +3012,6 @@ static inline bool pagetable_pte_ctor(struct ptdesc *ptdesc)
> >   	return true;
> >   }
> >   
> > -static inline void pagetable_pte_dtor(struct ptdesc *ptdesc)
> > -{
> > -	struct folio *folio = ptdesc_folio(ptdesc);
> > -
> > -	ptlock_free(ptdesc);
> > -	__folio_clear_pgtable(folio);
> > -	lruvec_stat_sub_folio(folio, NR_PAGETABLE);
> > -}
> > -
> >   pte_t *___pte_offset_map(pmd_t *pmd, unsigned long addr, pmd_t *pmdvalp);
> >   static inline pte_t *__pte_offset_map(pmd_t *pmd, unsigned long addr,
> >   			pmd_t *pmdvalp)