| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <121a0947-88cd-4515-bf14-a2af9b69eb0b@linux.dev>
Date: Mon, 15 Sep 2025 22:42:00 +0800
From: Lance Yang <lance.yang@...ux.dev>
To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
Cc: akpm@...ux-foundation.org, david@...hat.com, ziy@...dia.com,
baolin.wang@...ux.alibaba.com, Liam.Howlett@...cle.com, npache@...hat.com,
ryan.roberts@....com, dev.jain@....com, baohua@...nel.org,
ioworker0@...il.com, linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCH mm-new 3/3] mm/khugepaged: abort collapse scan on guard
PTEs
On 2025/9/15 22:08, Lorenzo Stoakes wrote:
> On Sun, Sep 14, 2025 at 10:35:47PM +0800, Lance Yang wrote:
>> From: Lance Yang <lance.yang@...ux.dev>
>>
>> Guard PTE markers are installed via MADV_GUARD_INSTALL to create
>> lightweight guard regions.
>>
>> Currently, any collapse path (khugepaged or MADV_COLLAPSE) will fail when
>> encountering such a range.
>>
>> MADV_COLLAPSE fails deep inside the collapse logic when trying to swap-in
>> the special marker in __collapse_huge_page_swapin().
>>
>> hpage_collapse_scan_pmd()
>> `- collapse_huge_page()
>> `- __collapse_huge_page_swapin() -> fails!
>>
>> khugepaged's behavior is slightly different due to its max_ptes_swap limit
>> (default 64). It won't fail as deep, but it will still needlessly scan up
>> to 64 swap entries before bailing out.
>>
>> IMHO, we can and should detect this much earlier ;)
>
> No smileys in commit messages please... :)
Got it. Apparently, I'm a bit too fond of them ... Will remove it in v2.
>
>>
>> This patch adds a check directly inside the PTE scan loop. If a guard
>> marker is found, the scan is aborted immediately with a new SCAN_PTE_GUARD
>> status, avoiding wasted work.
>>
>> Signed-off-by: Lance Yang <lance.yang@...ux.dev>
>> ---
>> mm/khugepaged.c | 12 ++++++++++++
>> 1 file changed, 12 insertions(+)
>>
>> diff --git a/mm/khugepaged.c b/mm/khugepaged.c
>> index e54f99bb0b57..910a6f2ec8a9 100644
>> --- a/mm/khugepaged.c
>> +++ b/mm/khugepaged.c
>> @@ -59,6 +59,7 @@ enum scan_result {
>> SCAN_STORE_FAILED,
>> SCAN_COPY_MC,
>> SCAN_PAGE_FILLED,
>> + SCAN_PTE_GUARD,
>
> I wonder if we really need to have it literally called out though, can we just
> use:
>
> SCAN_PTE_NON_PRESENT
>
> Instead?
>
> As it is, indeed, non-present :)
Makes sense to me. A guard PTE is indeed a special non-present case.
So, let's reuse SCAN_PTE_NON_PRESENT for that case ;)
Cheers,
Lance
>
>> };
>>
>> #define CREATE_TRACE_POINTS
>> @@ -1317,6 +1318,16 @@ static int hpage_collapse_scan_pmd(struct mm_struct *mm,
>> result = SCAN_PTE_UFFD_WP;
>> goto out_unmap;
>> }
>> + /*
>> + * Guard PTE markers are installed by
>> + * MADV_GUARD_INSTALL. Any collapse path must
>> + * not touch them, so abort the scan immediately
>> + * if one is found.
>> + */
>> + if (is_guard_pte_marker(pteval)) {
>> + result = SCAN_PTE_GUARD;
>> + goto out_unmap;
>> + }
>> continue;
>> } else {
>> result = SCAN_EXCEED_SWAP_PTE;
>> @@ -2860,6 +2871,7 @@ int madvise_collapse(struct vm_area_struct *vma, unsigned long start,
>> case SCAN_PAGE_COMPOUND:
>> case SCAN_PAGE_LRU:
>> case SCAN_DEL_PAGE_LRU:
>> + case SCAN_PTE_GUARD:
>> last_fail = result;
>> break;
>> default:
>> --
>> 2.49.0
>>
>
> Cheers, Lorenzo
Powered by blists - more mailing lists