The patch titled Subject: Revert "mm: pgtable: make ptlock be freed by RCU" has been added to the -mm mm-unstable branch. Its filename is revert-mm-pgtable-make-ptlock-be-freed-by-rcu.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/revert-mm-pgtable-make-ptlock-be-freed-by-rcu.patch This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx> Subject: Revert "mm: pgtable: make ptlock be freed by RCU" Date: Mon, 23 Dec 2024 17:40:47 +0800 Patch series "move pagetable_*_dtor() to __tlb_remove_table()", v3. As proposed by Peter Zijlstra[1], this patch series aims to move pagetable_*_dtor() into __tlb_remove_table(). This will clean up pagetable_*_dtor() a bit and more gracefully fix the UAF issue [2] reported by syzbot. [1]. https://lore.kernel.org/all/20241211133433.GC12500@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ [2]. https://lore.kernel.org/all/67548279.050a0220.a30f1.015b.GAE@xxxxxxxxxx/ This patch (of 17): This reverts commit 2f3443770437e49abc39af26962d293851cbab6d. Link: https://lkml.kernel.org/r/cover.1734945104.git.zhengqi.arch@xxxxxxxxxxxxx Link: https://lkml.kernel.org/r/b59adb960b2075822a6e57efc7a52e7eb7780068.1734945104.git.zhengqi.arch@xxxxxxxxxxxxx Signed-off-by: Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx> Cc: Alexander Gordeev <agordeev@xxxxxxxxxxxxx> Cc: Aneesh Kumar K.V (Arm) <aneesh.kumar@xxxxxxxxxx> Cc: Arnd Bergmann <arnd@xxxxxxxx> Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> Cc: David Hildenbrand <david@xxxxxxxxxx> Cc: David Rientjes <rientjes@xxxxxxxxxx> Cc: Hugh Dickins <hughd@xxxxxxxxxx> Cc: Jann Horn <jannh@xxxxxxxxxx> Cc: Kevin Brodsky <kevin.brodsky@xxxxxxx> Cc: Lorenzo Stoakes <lorenzo.stoakes@xxxxxxxxxx> Cc: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx> Cc: Mike Rapoport (Microsoft) <rppt@xxxxxxxxxx> Cc: Muchun Song <muchun.song@xxxxxxxxx> Cc: Nicholas Piggin <npiggin@xxxxxxxxx> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> Cc: Ryan Roberts <ryan.roberts@xxxxxxx> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: Vishal Moola (Oracle) <vishal.moola@xxxxxxxxx> Cc: Will Deacon <will@xxxxxxxxxx> Cc: Yu Zhao <yuzhao@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- include/linux/mm.h | 2 +- include/linux/mm_types.h | 9 +-------- mm/memory.c | 22 ++++++---------------- 3 files changed, 8 insertions(+), 25 deletions(-) --- a/include/linux/mm.h~revert-mm-pgtable-make-ptlock-be-freed-by-rcu +++ a/include/linux/mm.h @@ -2925,7 +2925,7 @@ void ptlock_free(struct ptdesc *ptdesc); static inline spinlock_t *ptlock_ptr(struct ptdesc *ptdesc) { - return &(ptdesc->ptl->ptl); + return ptdesc->ptl; } #else /* ALLOC_SPLIT_PTLOCKS */ static inline void ptlock_cache_init(void) --- a/include/linux/mm_types.h~revert-mm-pgtable-make-ptlock-be-freed-by-rcu +++ a/include/linux/mm_types.h @@ -434,13 +434,6 @@ FOLIO_MATCH(flags, _flags_2a); FOLIO_MATCH(compound_head, _head_2a); #undef FOLIO_MATCH -#if ALLOC_SPLIT_PTLOCKS -struct pt_lock { - spinlock_t ptl; - struct rcu_head rcu; -}; -#endif - /** * struct ptdesc - Memory descriptor for page tables. * @__page_flags: Same as page flags. Powerpc only. @@ -489,7 +482,7 @@ struct ptdesc { union { unsigned long _pt_pad_2; #if ALLOC_SPLIT_PTLOCKS - struct pt_lock *ptl; + spinlock_t *ptl; #else spinlock_t ptl; #endif --- a/mm/memory.c~revert-mm-pgtable-make-ptlock-be-freed-by-rcu +++ a/mm/memory.c @@ -7014,34 +7014,24 @@ static struct kmem_cache *page_ptl_cache void __init ptlock_cache_init(void) { - page_ptl_cachep = kmem_cache_create("page->ptl", sizeof(struct pt_lock), 0, + page_ptl_cachep = kmem_cache_create("page->ptl", sizeof(spinlock_t), 0, SLAB_PANIC, NULL); } bool ptlock_alloc(struct ptdesc *ptdesc) { - struct pt_lock *pt_lock; + spinlock_t *ptl; - pt_lock = kmem_cache_alloc(page_ptl_cachep, GFP_KERNEL); - if (!pt_lock) + ptl = kmem_cache_alloc(page_ptl_cachep, GFP_KERNEL); + if (!ptl) return false; - ptdesc->ptl = pt_lock; + ptdesc->ptl = ptl; return true; } -static void ptlock_free_rcu(struct rcu_head *head) -{ - struct pt_lock *pt_lock; - - pt_lock = container_of(head, struct pt_lock, rcu); - kmem_cache_free(page_ptl_cachep, pt_lock); -} - void ptlock_free(struct ptdesc *ptdesc) { - struct pt_lock *pt_lock = ptdesc->ptl; - - call_rcu(&pt_lock->rcu, ptlock_free_rcu); + kmem_cache_free(page_ptl_cachep, ptdesc->ptl); } #endif _ Patches currently in -mm which might be from zhengqi.arch@xxxxxxxxxxxxx are mm-pgtable-make-ptep_clear-non-atomic.patch mm-khugepaged-recheck-pmd-state-in-retract_page_tables.patch mm-userfaultfd-recheck-dst_pmd-entry-in-move_pages_pte.patch mm-userfaultfd-recheck-dst_pmd-entry-in-move_pages_pte-fix.patch mm-introduce-zap_nonpresent_ptes.patch mm-introduce-do_zap_pte_range.patch mm-skip-over-all-consecutive-none-ptes-in-do_zap_pte_range.patch mm-zap_install_uffd_wp_if_needed-return-whether-uffd-wp-pte-has-been-re-installed.patch mm-do_zap_pte_range-return-any_skipped-information-to-the-caller.patch mm-make-zap_pte_range-handle-full-within-pmd-range.patch mm-pgtable-reclaim-empty-pte-page-in-madvisemadv_dontneed.patch mm-pgtable-reclaim-empty-pte-page-in-madvisemadv_dontneed-fix.patch x86-mm-free-page-table-pages-by-rcu-instead-of-semi-rcu.patch mm-pgtable-make-ptlock-be-freed-by-rcu.patch x86-select-arch_supports_pt_reclaim-if-x86_64.patch revert-mm-pgtable-make-ptlock-be-freed-by-rcu.patch mm-pgtable-add-statistics-for-p4d-level-page-table.patch arm64-pgtable-use-mmu-gather-to-free-p4d-level-page-table.patch s390-pgtable-add-statistics-for-pud-and-p4d-level-page-table.patch mm-pgtable-introduce-pagetable_dtor.patch arm-pgtable-move-pagetable_dtor-to-__tlb_remove_table.patch arm64-pgtable-move-pagetable_dtor-to-__tlb_remove_table.patch riscv-pgtable-move-pagetable_dtor-to-__tlb_remove_table.patch x86-pgtable-move-pagetable_dtor-to-__tlb_remove_table.patch s390-pgtable-also-move-pagetable_dtor-of-pxd-to-__tlb_remove_table.patch mm-pgtable-introduce-generic-__tlb_remove_table.patch mm-pgtable-move-__tlb_remove_table_one-in-x86-to-generic-file.patch mm-pgtable-remove-tlb_remove_page_ptdesc.patch mm-pgtable-remove-tlb_remove_ptdesc.patch mm-pgtable-introduce-generic-pagetable_dtor_free.patch