lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1eaf4156-9c8b-4a59-88e5-1f04fbebfa10@lucifer.local>
Date: Thu, 18 Sep 2025 15:48:15 +0100
From: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
To: Kalesh Singh <kaleshsingh@...gle.com>
Cc: akpm@...ux-foundation.org, minchan@...nel.org, david@...hat.com,
        Liam.Howlett@...cle.com, rppt@...nel.org, pfalcato@...e.de,
        kernel-team@...roid.com, android-mm@...gle.com,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
        Kees Cook <kees@...nel.org>, Vlastimil Babka <vbabka@...e.cz>,
        Suren Baghdasaryan <surenb@...gle.com>, Michal Hocko <mhocko@...e.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        Ingo Molnar <mingo@...hat.com>, Peter Zijlstra <peterz@...radead.org>,
        Juri Lelli <juri.lelli@...hat.com>,
        Vincent Guittot <vincent.guittot@...aro.org>,
        Dietmar Eggemann <dietmar.eggemann@....com>,
        Ben Segall <bsegall@...gle.com>, Mel Gorman <mgorman@...e.de>,
        Valentin Schneider <vschneid@...hat.com>, Jann Horn <jannh@...gle.com>,
        Shuah Khan <shuah@...nel.org>, linux-kernel@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
        linux-trace-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH v2 4/7] mm: rename mm_struct::map_count to vma_count

On Mon, Sep 15, 2025 at 09:36:35AM -0700, Kalesh Singh wrote:
> A mechanical rename of the mm_struct->map_count field to
> vma_count; no functional change is intended.
>
> The name "map_count" is ambiguous within the memory management subsystem,
> as it can be confused with the folio/page->_mapcount field, which tracks
> PTE references.
>
> The new name, vma_count, is more precise as this field has always
> counted the number of vm_area_structs associated with an mm_struct.
>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: David Hildenbrand <david@...hat.com>
> Cc: "Liam R. Howlett" <Liam.Howlett@...cle.com>
> Cc: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
> Cc: Mike Rapoport <rppt@...nel.org>
> Cc: Minchan Kim <minchan@...nel.org>
> Cc: Pedro Falcato <pfalcato@...e.de>
> Signed-off-by: Kalesh Singh <kaleshsingh@...gle.com>

Yeah this is nice thanks, LGTM so:

Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>

One small comment below, but I think that change can wait for another series
probably.

> ---
>
>  Changes in v2:
>   - map_count is easily confused with _mapcount rename to vma_count, per David
>
>  fs/binfmt_elf.c                  |  2 +-
>  fs/coredump.c                    |  2 +-
>  include/linux/mm_types.h         |  2 +-
>  kernel/fork.c                    |  2 +-
>  mm/debug.c                       |  2 +-
>  mm/mmap.c                        |  6 +++---
>  mm/nommu.c                       |  6 +++---
>  mm/vma.c                         | 24 ++++++++++++------------
>  tools/testing/vma/vma.c          | 32 ++++++++++++++++----------------
>  tools/testing/vma/vma_internal.h |  6 +++---
>  10 files changed, 42 insertions(+), 42 deletions(-)
>
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index 264fba0d44bd..52449dec12cb 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -1643,7 +1643,7 @@ static int fill_files_note(struct memelfnote *note, struct coredump_params *cprm
>  	data[0] = count;
>  	data[1] = PAGE_SIZE;
>  	/*
> -	 * Count usually is less than mm->map_count,
> +	 * Count usually is less than mm->vma_count,
>  	 * we need to move filenames down.
>  	 */
>  	n = cprm->vma_count - count;
> diff --git a/fs/coredump.c b/fs/coredump.c
> index 60bc9685e149..8881459c53d9 100644
> --- a/fs/coredump.c
> +++ b/fs/coredump.c
> @@ -1731,7 +1731,7 @@ static bool dump_vma_snapshot(struct coredump_params *cprm)
>
>  	cprm->vma_data_size = 0;
>  	gate_vma = get_gate_vma(mm);
> -	cprm->vma_count = mm->map_count + (gate_vma ? 1 : 0);
> +	cprm->vma_count = mm->vma_count + (gate_vma ? 1 : 0);
>
>  	cprm->vma_meta = kvmalloc_array(cprm->vma_count, sizeof(*cprm->vma_meta), GFP_KERNEL);
>  	if (!cprm->vma_meta) {
> diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
> index 08bc2442db93..4343be2f9e85 100644
> --- a/include/linux/mm_types.h
> +++ b/include/linux/mm_types.h
> @@ -1020,7 +1020,7 @@ struct mm_struct {
>  #ifdef CONFIG_MMU
>  		atomic_long_t pgtables_bytes;	/* size of all page tables */
>  #endif
> -		int map_count;			/* number of VMAs */
> +		int vma_count;			/* number of VMAs */
>
>  		spinlock_t page_table_lock; /* Protects page tables and some
>  					     * counters
> diff --git a/kernel/fork.c b/kernel/fork.c
> index c4ada32598bd..8fcbbf947579 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1037,7 +1037,7 @@ static struct mm_struct *mm_init(struct mm_struct *mm, struct task_struct *p,
>  	mmap_init_lock(mm);
>  	INIT_LIST_HEAD(&mm->mmlist);
>  	mm_pgtables_bytes_init(mm);
> -	mm->map_count = 0;
> +	mm->vma_count = 0;
>  	mm->locked_vm = 0;
>  	atomic64_set(&mm->pinned_vm, 0);
>  	memset(&mm->rss_stat, 0, sizeof(mm->rss_stat));
> diff --git a/mm/debug.c b/mm/debug.c
> index b4388f4dcd4d..40fc9425a84a 100644
> --- a/mm/debug.c
> +++ b/mm/debug.c
> @@ -204,7 +204,7 @@ void dump_mm(const struct mm_struct *mm)
>  		mm->pgd, atomic_read(&mm->mm_users),
>  		atomic_read(&mm->mm_count),
>  		mm_pgtables_bytes(mm),
> -		mm->map_count,
> +		mm->vma_count,
>  		mm->hiwater_rss, mm->hiwater_vm, mm->total_vm, mm->locked_vm,
>  		(u64)atomic64_read(&mm->pinned_vm),
>  		mm->data_vm, mm->exec_vm, mm->stack_vm,
> diff --git a/mm/mmap.c b/mm/mmap.c
> index af88ce1fbb5f..c6769394a174 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -1308,7 +1308,7 @@ void exit_mmap(struct mm_struct *mm)
>  		vma = vma_next(&vmi);
>  	} while (vma && likely(!xa_is_zero(vma)));
>
> -	BUG_ON(count != mm->map_count);
> +	BUG_ON(count != mm->vma_count);

Be nice to switch this to a WARN_ON_ONCE()... think David mentioned it though.

But maybe not one for this series...

>
>  	trace_exit_mmap(mm);
>  destroy:
> @@ -1517,7 +1517,7 @@ static int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
>   */
>  int vma_count_remaining(const struct mm_struct *mm)
>  {
> -	const int map_count = mm->map_count;
> +	const int map_count = mm->vma_count;
>  	const int max_count = sysctl_max_map_count;
>
>  	return (max_count > map_count) ? (max_count - map_count) : 0;
> @@ -1828,7 +1828,7 @@ __latent_entropy int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
>  		 */
>  		vma_iter_bulk_store(&vmi, tmp);
>
> -		mm->map_count++;
> +		mm->vma_count++;
>
>  		if (tmp->vm_ops && tmp->vm_ops->open)
>  			tmp->vm_ops->open(tmp);
> diff --git a/mm/nommu.c b/mm/nommu.c
> index dd75f2334812..9ab2e5ca736d 100644
> --- a/mm/nommu.c
> +++ b/mm/nommu.c
> @@ -576,7 +576,7 @@ static void setup_vma_to_mm(struct vm_area_struct *vma, struct mm_struct *mm)
>
>  static void cleanup_vma_from_mm(struct vm_area_struct *vma)
>  {
> -	vma->vm_mm->map_count--;
> +	vma->vm_mm->vma_count--;
>  	/* remove the VMA from the mapping */
>  	if (vma->vm_file) {
>  		struct address_space *mapping;
> @@ -1198,7 +1198,7 @@ unsigned long do_mmap(struct file *file,
>  		goto error_just_free;
>
>  	setup_vma_to_mm(vma, current->mm);
> -	current->mm->map_count++;
> +	current->mm->vma_count++;
>  	/* add the VMA to the tree */
>  	vma_iter_store_new(&vmi, vma);
>
> @@ -1366,7 +1366,7 @@ static int split_vma(struct vma_iterator *vmi, struct vm_area_struct *vma,
>  	setup_vma_to_mm(vma, mm);
>  	setup_vma_to_mm(new, mm);
>  	vma_iter_store_new(vmi, new);
> -	mm->map_count++;
> +	mm->vma_count++;
>  	return 0;
>
>  err_vmi_preallocate:
> diff --git a/mm/vma.c b/mm/vma.c
> index df0e8409f63d..64f4e7c867c3 100644
> --- a/mm/vma.c
> +++ b/mm/vma.c
> @@ -352,7 +352,7 @@ static void vma_complete(struct vma_prepare *vp, struct vma_iterator *vmi,
>  		 * (it may either follow vma or precede it).
>  		 */
>  		vma_iter_store_new(vmi, vp->insert);
> -		mm->map_count++;
> +		mm->vma_count++;
>  	}
>
>  	if (vp->anon_vma) {
> @@ -383,7 +383,7 @@ static void vma_complete(struct vma_prepare *vp, struct vma_iterator *vmi,
>  		}
>  		if (vp->remove->anon_vma)
>  			anon_vma_merge(vp->vma, vp->remove);
> -		mm->map_count--;
> +		mm->vma_count--;
>  		mpol_put(vma_policy(vp->remove));
>  		if (!vp->remove2)
>  			WARN_ON_ONCE(vp->vma->vm_end < vp->remove->vm_end);
> @@ -683,13 +683,13 @@ void validate_mm(struct mm_struct *mm)
>  		}
>  #endif
>  		/* Check for a infinite loop */
> -		if (++i > mm->map_count + 10) {
> +		if (++i > mm->vma_count + 10) {
>  			i = -1;
>  			break;
>  		}
>  	}
> -	if (i != mm->map_count) {
> -		pr_emerg("map_count %d vma iterator %d\n", mm->map_count, i);
> +	if (i != mm->vma_count) {
> +		pr_emerg("vma_count %d vma iterator %d\n", mm->vma_count, i);
>  		bug = 1;
>  	}
>  	VM_BUG_ON_MM(bug, mm);
> @@ -1266,7 +1266,7 @@ static void vms_complete_munmap_vmas(struct vma_munmap_struct *vms,
>  	struct mm_struct *mm;
>
>  	mm = current->mm;
> -	mm->map_count -= vms->vma_count;
> +	mm->vma_count -= vms->vma_count;
>  	mm->locked_vm -= vms->locked_vm;
>  	if (vms->unlock)
>  		mmap_write_downgrade(mm);
> @@ -1340,14 +1340,14 @@ static int vms_gather_munmap_vmas(struct vma_munmap_struct *vms,
>  	if (vms->start > vms->vma->vm_start) {
>
>  		/*
> -		 * Make sure that map_count on return from munmap() will
> +		 * Make sure that vma_count on return from munmap() will
>  		 * not exceed its limit; but let map_count go just above
>  		 * its limit temporarily, to help free resources as expected.
>  		 */
>  		if (vms->end < vms->vma->vm_end &&
>  		    !vma_count_remaining(vms->vma->vm_mm)) {
>  			error = -ENOMEM;
> -			goto map_count_exceeded;
> +			goto vma_count_exceeded;
>  		}
>
>  		/* Don't bother splitting the VMA if we can't unmap it anyway */
> @@ -1461,7 +1461,7 @@ static int vms_gather_munmap_vmas(struct vma_munmap_struct *vms,
>  modify_vma_failed:
>  	reattach_vmas(mas_detach);
>  start_split_failed:
> -map_count_exceeded:
> +vma_count_exceeded:
>  	return error;
>  }
>
> @@ -1795,7 +1795,7 @@ int vma_link(struct mm_struct *mm, struct vm_area_struct *vma)
>  	vma_start_write(vma);
>  	vma_iter_store_new(&vmi, vma);
>  	vma_link_file(vma);
> -	mm->map_count++;
> +	mm->vma_count++;
>  	validate_mm(mm);
>  	return 0;
>  }
> @@ -2495,7 +2495,7 @@ static int __mmap_new_vma(struct mmap_state *map, struct vm_area_struct **vmap)
>  	/* Lock the VMA since it is modified after insertion into VMA tree */
>  	vma_start_write(vma);
>  	vma_iter_store_new(vmi, vma);
> -	map->mm->map_count++;
> +	map->mm->vma_count++;
>  	vma_link_file(vma);
>
>  	/*
> @@ -2810,7 +2810,7 @@ int do_brk_flags(struct vma_iterator *vmi, struct vm_area_struct *vma,
>  	if (vma_iter_store_gfp(vmi, vma, GFP_KERNEL))
>  		goto mas_store_fail;
>
> -	mm->map_count++;
> +	mm->vma_count++;
>  	validate_mm(mm);
>  out:
>  	perf_event_mmap(vma);
> diff --git a/tools/testing/vma/vma.c b/tools/testing/vma/vma.c
> index 656e1c75b711..69fa7d14a6c2 100644
> --- a/tools/testing/vma/vma.c
> +++ b/tools/testing/vma/vma.c
> @@ -261,7 +261,7 @@ static int cleanup_mm(struct mm_struct *mm, struct vma_iterator *vmi)
>  	}
>
>  	mtree_destroy(&mm->mm_mt);
> -	mm->map_count = 0;
> +	mm->vma_count = 0;
>  	return count;
>  }
>
> @@ -500,7 +500,7 @@ static bool test_merge_new(void)
>  	INIT_LIST_HEAD(&vma_d->anon_vma_chain);
>  	list_add(&dummy_anon_vma_chain_d.same_vma, &vma_d->anon_vma_chain);
>  	ASSERT_FALSE(merged);
> -	ASSERT_EQ(mm.map_count, 4);
> +	ASSERT_EQ(mm.vma_count, 4);
>
>  	/*
>  	 * Merge BOTH sides.
> @@ -519,7 +519,7 @@ static bool test_merge_new(void)
>  	ASSERT_EQ(vma->vm_pgoff, 0);
>  	ASSERT_EQ(vma->anon_vma, &dummy_anon_vma);
>  	ASSERT_TRUE(vma_write_started(vma));
> -	ASSERT_EQ(mm.map_count, 3);
> +	ASSERT_EQ(mm.vma_count, 3);
>
>  	/*
>  	 * Merge to PREVIOUS VMA.
> @@ -536,7 +536,7 @@ static bool test_merge_new(void)
>  	ASSERT_EQ(vma->vm_pgoff, 0);
>  	ASSERT_EQ(vma->anon_vma, &dummy_anon_vma);
>  	ASSERT_TRUE(vma_write_started(vma));
> -	ASSERT_EQ(mm.map_count, 3);
> +	ASSERT_EQ(mm.vma_count, 3);
>
>  	/*
>  	 * Merge to NEXT VMA.
> @@ -555,7 +555,7 @@ static bool test_merge_new(void)
>  	ASSERT_EQ(vma->vm_pgoff, 6);
>  	ASSERT_EQ(vma->anon_vma, &dummy_anon_vma);
>  	ASSERT_TRUE(vma_write_started(vma));
> -	ASSERT_EQ(mm.map_count, 3);
> +	ASSERT_EQ(mm.vma_count, 3);
>
>  	/*
>  	 * Merge BOTH sides.
> @@ -573,7 +573,7 @@ static bool test_merge_new(void)
>  	ASSERT_EQ(vma->vm_pgoff, 0);
>  	ASSERT_EQ(vma->anon_vma, &dummy_anon_vma);
>  	ASSERT_TRUE(vma_write_started(vma));
> -	ASSERT_EQ(mm.map_count, 2);
> +	ASSERT_EQ(mm.vma_count, 2);
>
>  	/*
>  	 * Merge to NEXT VMA.
> @@ -591,7 +591,7 @@ static bool test_merge_new(void)
>  	ASSERT_EQ(vma->vm_pgoff, 0xa);
>  	ASSERT_EQ(vma->anon_vma, &dummy_anon_vma);
>  	ASSERT_TRUE(vma_write_started(vma));
> -	ASSERT_EQ(mm.map_count, 2);
> +	ASSERT_EQ(mm.vma_count, 2);
>
>  	/*
>  	 * Merge BOTH sides.
> @@ -608,7 +608,7 @@ static bool test_merge_new(void)
>  	ASSERT_EQ(vma->vm_pgoff, 0);
>  	ASSERT_EQ(vma->anon_vma, &dummy_anon_vma);
>  	ASSERT_TRUE(vma_write_started(vma));
> -	ASSERT_EQ(mm.map_count, 1);
> +	ASSERT_EQ(mm.vma_count, 1);
>
>  	/*
>  	 * Final state.
> @@ -967,7 +967,7 @@ static bool test_vma_merge_new_with_close(void)
>  	ASSERT_EQ(vma->vm_pgoff, 0);
>  	ASSERT_EQ(vma->vm_ops, &vm_ops);
>  	ASSERT_TRUE(vma_write_started(vma));
> -	ASSERT_EQ(mm.map_count, 2);
> +	ASSERT_EQ(mm.vma_count, 2);
>
>  	cleanup_mm(&mm, &vmi);
>  	return true;
> @@ -1017,7 +1017,7 @@ static bool test_merge_existing(void)
>  	ASSERT_EQ(vma->vm_pgoff, 2);
>  	ASSERT_TRUE(vma_write_started(vma));
>  	ASSERT_TRUE(vma_write_started(vma_next));
> -	ASSERT_EQ(mm.map_count, 2);
> +	ASSERT_EQ(mm.vma_count, 2);
>
>  	/* Clear down and reset. */
>  	ASSERT_EQ(cleanup_mm(&mm, &vmi), 2);
> @@ -1045,7 +1045,7 @@ static bool test_merge_existing(void)
>  	ASSERT_EQ(vma_next->vm_pgoff, 2);
>  	ASSERT_EQ(vma_next->anon_vma, &dummy_anon_vma);
>  	ASSERT_TRUE(vma_write_started(vma_next));
> -	ASSERT_EQ(mm.map_count, 1);
> +	ASSERT_EQ(mm.vma_count, 1);
>
>  	/* Clear down and reset. We should have deleted vma. */
>  	ASSERT_EQ(cleanup_mm(&mm, &vmi), 1);
> @@ -1079,7 +1079,7 @@ static bool test_merge_existing(void)
>  	ASSERT_EQ(vma->vm_pgoff, 6);
>  	ASSERT_TRUE(vma_write_started(vma_prev));
>  	ASSERT_TRUE(vma_write_started(vma));
> -	ASSERT_EQ(mm.map_count, 2);
> +	ASSERT_EQ(mm.vma_count, 2);
>
>  	/* Clear down and reset. */
>  	ASSERT_EQ(cleanup_mm(&mm, &vmi), 2);
> @@ -1108,7 +1108,7 @@ static bool test_merge_existing(void)
>  	ASSERT_EQ(vma_prev->vm_pgoff, 0);
>  	ASSERT_EQ(vma_prev->anon_vma, &dummy_anon_vma);
>  	ASSERT_TRUE(vma_write_started(vma_prev));
> -	ASSERT_EQ(mm.map_count, 1);
> +	ASSERT_EQ(mm.vma_count, 1);
>
>  	/* Clear down and reset. We should have deleted vma. */
>  	ASSERT_EQ(cleanup_mm(&mm, &vmi), 1);
> @@ -1138,7 +1138,7 @@ static bool test_merge_existing(void)
>  	ASSERT_EQ(vma_prev->vm_pgoff, 0);
>  	ASSERT_EQ(vma_prev->anon_vma, &dummy_anon_vma);
>  	ASSERT_TRUE(vma_write_started(vma_prev));
> -	ASSERT_EQ(mm.map_count, 1);
> +	ASSERT_EQ(mm.vma_count, 1);
>
>  	/* Clear down and reset. We should have deleted prev and next. */
>  	ASSERT_EQ(cleanup_mm(&mm, &vmi), 1);
> @@ -1540,7 +1540,7 @@ static bool test_merge_extend(void)
>  	ASSERT_EQ(vma->vm_end, 0x4000);
>  	ASSERT_EQ(vma->vm_pgoff, 0);
>  	ASSERT_TRUE(vma_write_started(vma));
> -	ASSERT_EQ(mm.map_count, 1);
> +	ASSERT_EQ(mm.vma_count, 1);
>
>  	cleanup_mm(&mm, &vmi);
>  	return true;
> @@ -1652,7 +1652,7 @@ static bool test_mmap_region_basic(void)
>  			     0x24d, NULL);
>  	ASSERT_EQ(addr, 0x24d000);
>
> -	ASSERT_EQ(mm.map_count, 2);
> +	ASSERT_EQ(mm.vma_count, 2);
>
>  	for_each_vma(vmi, vma) {
>  		if (vma->vm_start == 0x300000) {
> diff --git a/tools/testing/vma/vma_internal.h b/tools/testing/vma/vma_internal.h
> index 52cd7ddc73f4..15525b86145d 100644
> --- a/tools/testing/vma/vma_internal.h
> +++ b/tools/testing/vma/vma_internal.h
> @@ -251,7 +251,7 @@ struct mutex {};
>
>  struct mm_struct {
>  	struct maple_tree mm_mt;
> -	int map_count;			/* number of VMAs */
> +	int vma_count;			/* number of VMAs */
>  	unsigned long total_vm;	   /* Total pages mapped */
>  	unsigned long locked_vm;   /* Pages that have PG_mlocked set */
>  	unsigned long data_vm;	   /* VM_WRITE & ~VM_SHARED & ~VM_STACK */
> @@ -1520,10 +1520,10 @@ static inline vm_flags_t ksm_vma_flags(const struct mm_struct *, const struct fi
>  /* Helper to get VMA count capacity */
>  static int vma_count_remaining(const struct mm_struct *mm)
>  {
> -	const int map_count = mm->map_count;
> +	const int vma_count = mm->vma_count;
>  	const int max_count = sysctl_max_map_count;
>
> -	return (max_count > map_count) ? (max_count - map_count) : 0;
> +	return (max_count > vma_count) ? (max_count - vma_count) : 0;
>  }
>
>  #endif	/* __MM_VMA_INTERNAL_H */
> --
> 2.51.0.384.g4c02a37b29-goog
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ