* [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures @ 2025-11-03 6:37 Dev Jain 2025-11-03 7:03 ` Qi Zheng 0 siblings, 1 reply; 9+ messages in thread From: Dev Jain @ 2025-11-03 6:37 UTC (permalink / raw) To: tglx, mingo, bp, dave.hansen, x86, catalin.marinas, will, akpm, david, hannes Cc: ryan.roberts, hpa, lorenzo.stoakes, Liam.Howlett, vbabka, ppt, surenb, mhocko, zhengqi.arch, shakeel.butt, linux-kernel, linux-mm, Dev Jain The implementation of CONFIG_PT_RECLAIM is completely contained in generic mm code. It depends on the RCU callback which will reclaim the pagetables - there is nothing arch-specific about that. So, enable this config for all architectures. Signed-off-by: Dev Jain <dev.jain@arm.com> --- arch/x86/Kconfig | 1 - mm/Kconfig | 5 +---- mm/pt_reclaim.c | 2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index fa3b616af03a..5681308a5650 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -327,7 +327,6 @@ config X86 select FUNCTION_ALIGNMENT_4B imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE - select ARCH_SUPPORTS_PT_RECLAIM if X86_64 select ARCH_SUPPORTS_SCHED_SMT if SMP select SCHED_SMT if SMP select ARCH_SUPPORTS_SCHED_CLUSTER if SMP diff --git a/mm/Kconfig b/mm/Kconfig index 0e26f4fc8717..903c37d02555 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK The architecture has hardware support for userspace shadow call stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). -config ARCH_SUPPORTS_PT_RECLAIM - def_bool n - config PT_RECLAIM bool "reclaim empty user page table pages" default y - depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP + depends on MMU && SMP select MMU_GATHER_RCU_TABLE_FREE help Try to reclaim empty user page table pages in paths other than munmap diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c index 7e9455a18aae..049e17f08c6a 100644 --- a/mm/pt_reclaim.c +++ b/mm/pt_reclaim.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 #include <linux/hugetlb.h> -#include <asm-generic/tlb.h> +#include <asm/tlb.h> #include <asm/pgalloc.h> #include "internal.h" -- 2.30.2 ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures 2025-11-03 6:37 [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures Dev Jain @ 2025-11-03 7:03 ` Qi Zheng 2025-11-03 8:43 ` Dev Jain 0 siblings, 1 reply; 9+ messages in thread From: Qi Zheng @ 2025-11-03 7:03 UTC (permalink / raw) To: Dev Jain, tglx, mingo, bp, dave.hansen, x86, catalin.marinas, will, akpm, david, hannes Cc: ryan.roberts, hpa, lorenzo.stoakes, Liam.Howlett, vbabka, ppt, surenb, mhocko, shakeel.butt, linux-kernel, linux-mm Hi Dev, On 11/3/25 2:37 PM, Dev Jain wrote: > The implementation of CONFIG_PT_RECLAIM is completely contained in generic > mm code. It depends on the RCU callback which will reclaim the pagetables - > there is nothing arch-specific about that. So, enable this config for > all architectures. Thanks for doing this! But unfortunately, not all architectures call tlb_remove_ptdesc() in __pte_free_tlb(). Some architectures directly call pte_free() to free PTE pages (without RCU). We need to modify these architectures first, otherwise it will lead to UAF. This approach is feasible because Hugh provides similar support in pte_free_defer(). Enabling PT_RECLAIM on all architecture has always been on my TODO list, but it's been blocked by other things. :( Thanks, Qi > > Signed-off-by: Dev Jain <dev.jain@arm.com> > --- > arch/x86/Kconfig | 1 - > mm/Kconfig | 5 +---- > mm/pt_reclaim.c | 2 +- > 3 files changed, 2 insertions(+), 6 deletions(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index fa3b616af03a..5681308a5650 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -327,7 +327,6 @@ config X86 > select FUNCTION_ALIGNMENT_4B > imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI > select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE > - select ARCH_SUPPORTS_PT_RECLAIM if X86_64 > select ARCH_SUPPORTS_SCHED_SMT if SMP > select SCHED_SMT if SMP > select ARCH_SUPPORTS_SCHED_CLUSTER if SMP > diff --git a/mm/Kconfig b/mm/Kconfig > index 0e26f4fc8717..903c37d02555 100644 > --- a/mm/Kconfig > +++ b/mm/Kconfig > @@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK > The architecture has hardware support for userspace shadow call > stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). > > -config ARCH_SUPPORTS_PT_RECLAIM > - def_bool n > - > config PT_RECLAIM > bool "reclaim empty user page table pages" > default y > - depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP > + depends on MMU && SMP > select MMU_GATHER_RCU_TABLE_FREE > help > Try to reclaim empty user page table pages in paths other than munmap > diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c > index 7e9455a18aae..049e17f08c6a 100644 > --- a/mm/pt_reclaim.c > +++ b/mm/pt_reclaim.c > @@ -1,6 +1,6 @@ > // SPDX-License-Identifier: GPL-2.0 > #include <linux/hugetlb.h> > -#include <asm-generic/tlb.h> > +#include <asm/tlb.h> > #include <asm/pgalloc.h> > > #include "internal.h" ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures 2025-11-03 7:03 ` Qi Zheng @ 2025-11-03 8:43 ` Dev Jain 2025-11-03 9:07 ` Qi Zheng 0 siblings, 1 reply; 9+ messages in thread From: Dev Jain @ 2025-11-03 8:43 UTC (permalink / raw) To: Qi Zheng, tglx, mingo, bp, dave.hansen, x86, catalin.marinas, will, akpm, david, hannes Cc: ryan.roberts, hpa, lorenzo.stoakes, Liam.Howlett, vbabka, ppt, surenb, mhocko, shakeel.butt, linux-kernel, linux-mm On 03/11/25 12:33 pm, Qi Zheng wrote: > Hi Dev, > > On 11/3/25 2:37 PM, Dev Jain wrote: >> The implementation of CONFIG_PT_RECLAIM is completely contained in >> generic >> mm code. It depends on the RCU callback which will reclaim the >> pagetables - >> there is nothing arch-specific about that. So, enable this config for >> all architectures. > > Thanks for doing this! > > But unfortunately, not all architectures call tlb_remove_ptdesc() in > __pte_free_tlb(). Some architectures directly call pte_free() to > free PTE pages (without RCU). Thanks! This was not obvious to figure out. Is there an arch bottleneck because of which they do this? I mean to say, is something stopping us from simply redirecting __pte_free_tlb to tlb_remove_ptdesc or pte_free_defer? I am looking to enable this config at least on arm64 by default, I believe it will be legal to do this at least here. > > We need to modify these architectures first, otherwise it will > lead to UAF. This approach is feasible because Hugh provides similar > support in pte_free_defer(). > > Enabling PT_RECLAIM on all architecture has always been on my > TODO list, but it's been blocked by other things. :( > > Thanks, > Qi > >> >> Signed-off-by: Dev Jain <dev.jain@arm.com> >> --- >> arch/x86/Kconfig | 1 - >> mm/Kconfig | 5 +---- >> mm/pt_reclaim.c | 2 +- >> 3 files changed, 2 insertions(+), 6 deletions(-) >> >> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >> index fa3b616af03a..5681308a5650 100644 >> --- a/arch/x86/Kconfig >> +++ b/arch/x86/Kconfig >> @@ -327,7 +327,6 @@ config X86 >> select FUNCTION_ALIGNMENT_4B >> imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI >> select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE >> - select ARCH_SUPPORTS_PT_RECLAIM if X86_64 >> select ARCH_SUPPORTS_SCHED_SMT if SMP >> select SCHED_SMT if SMP >> select ARCH_SUPPORTS_SCHED_CLUSTER if SMP >> diff --git a/mm/Kconfig b/mm/Kconfig >> index 0e26f4fc8717..903c37d02555 100644 >> --- a/mm/Kconfig >> +++ b/mm/Kconfig >> @@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK >> The architecture has hardware support for userspace shadow call >> stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). >> -config ARCH_SUPPORTS_PT_RECLAIM >> - def_bool n >> - >> config PT_RECLAIM >> bool "reclaim empty user page table pages" >> default y >> - depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP >> + depends on MMU && SMP >> select MMU_GATHER_RCU_TABLE_FREE >> help >> Try to reclaim empty user page table pages in paths other >> than munmap >> diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c >> index 7e9455a18aae..049e17f08c6a 100644 >> --- a/mm/pt_reclaim.c >> +++ b/mm/pt_reclaim.c >> @@ -1,6 +1,6 @@ >> // SPDX-License-Identifier: GPL-2.0 >> #include <linux/hugetlb.h> >> -#include <asm-generic/tlb.h> >> +#include <asm/tlb.h> >> #include <asm/pgalloc.h> >> #include "internal.h" > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures 2025-11-03 8:43 ` Dev Jain @ 2025-11-03 9:07 ` Qi Zheng 2025-11-04 4:02 ` Dev Jain 0 siblings, 1 reply; 9+ messages in thread From: Qi Zheng @ 2025-11-03 9:07 UTC (permalink / raw) To: Dev Jain, tglx, mingo, bp, dave.hansen, x86, catalin.marinas, will, akpm, david, hannes Cc: ryan.roberts, hpa, lorenzo.stoakes, Liam.Howlett, vbabka, ppt, surenb, mhocko, shakeel.butt, linux-kernel, linux-mm Hi Dev, On 11/3/25 4:43 PM, Dev Jain wrote: > > On 03/11/25 12:33 pm, Qi Zheng wrote: >> Hi Dev, >> >> On 11/3/25 2:37 PM, Dev Jain wrote: >>> The implementation of CONFIG_PT_RECLAIM is completely contained in >>> generic >>> mm code. It depends on the RCU callback which will reclaim the >>> pagetables - >>> there is nothing arch-specific about that. So, enable this config for >>> all architectures. >> >> Thanks for doing this! >> >> But unfortunately, not all architectures call tlb_remove_ptdesc() in >> __pte_free_tlb(). Some architectures directly call pte_free() to >> free PTE pages (without RCU). > > Thanks! This was not obvious to figure out. > > Is there an arch bottleneck because of which they do this? I mean to say, > > is something stopping us from simply redirecting __pte_free_tlb to > tlb_remove_ptdesc Some architectures have special handling in __pte_free_tlb(), and cannot simple redirect __pte_free_tlb() to tlb_remove_ptdesc(), such as m68k, powerpc, etc. For those architectures that call pte_free() in __pte_free_tlb(), it should be easy to modify them. If you're not in a rush, I can take the time to finish the above tasks. > > or pte_free_defer? > > > I am looking to enable this config at least on arm64 by default, I > believe it will be legal > > to do this at least here. IIRC, arm64 can directly enable CONFIG_PT_RECLAIM, as it is supported at the architecture level. Thanks, Qi > > >> >> We need to modify these architectures first, otherwise it will >> lead to UAF. This approach is feasible because Hugh provides similar >> support in pte_free_defer(). >> >> Enabling PT_RECLAIM on all architecture has always been on my >> TODO list, but it's been blocked by other things. :( >> >> Thanks, >> Qi >> >>> >>> Signed-off-by: Dev Jain <dev.jain@arm.com> >>> --- >>> arch/x86/Kconfig | 1 - >>> mm/Kconfig | 5 +---- >>> mm/pt_reclaim.c | 2 +- >>> 3 files changed, 2 insertions(+), 6 deletions(-) >>> >>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >>> index fa3b616af03a..5681308a5650 100644 >>> --- a/arch/x86/Kconfig >>> +++ b/arch/x86/Kconfig >>> @@ -327,7 +327,6 @@ config X86 >>> select FUNCTION_ALIGNMENT_4B >>> imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI >>> select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE >>> - select ARCH_SUPPORTS_PT_RECLAIM if X86_64 >>> select ARCH_SUPPORTS_SCHED_SMT if SMP >>> select SCHED_SMT if SMP >>> select ARCH_SUPPORTS_SCHED_CLUSTER if SMP >>> diff --git a/mm/Kconfig b/mm/Kconfig >>> index 0e26f4fc8717..903c37d02555 100644 >>> --- a/mm/Kconfig >>> +++ b/mm/Kconfig >>> @@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK >>> The architecture has hardware support for userspace shadow call >>> stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). >>> -config ARCH_SUPPORTS_PT_RECLAIM >>> - def_bool n >>> - >>> config PT_RECLAIM >>> bool "reclaim empty user page table pages" >>> default y >>> - depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP >>> + depends on MMU && SMP >>> select MMU_GATHER_RCU_TABLE_FREE >>> help >>> Try to reclaim empty user page table pages in paths other >>> than munmap >>> diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c >>> index 7e9455a18aae..049e17f08c6a 100644 >>> --- a/mm/pt_reclaim.c >>> +++ b/mm/pt_reclaim.c >>> @@ -1,6 +1,6 @@ >>> // SPDX-License-Identifier: GPL-2.0 >>> #include <linux/hugetlb.h> >>> -#include <asm-generic/tlb.h> >>> +#include <asm/tlb.h> >>> #include <asm/pgalloc.h> >>> #include "internal.h" >> ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures 2025-11-03 9:07 ` Qi Zheng @ 2025-11-04 4:02 ` Dev Jain 2025-11-04 6:33 ` Qi Zheng 0 siblings, 1 reply; 9+ messages in thread From: Dev Jain @ 2025-11-04 4:02 UTC (permalink / raw) To: Qi Zheng, tglx, mingo, bp, dave.hansen, x86, catalin.marinas, will, akpm, david, hannes Cc: ryan.roberts, hpa, lorenzo.stoakes, Liam.Howlett, vbabka, ppt, surenb, mhocko, shakeel.butt, linux-kernel, linux-mm On 03/11/25 2:37 pm, Qi Zheng wrote: > Hi Dev, > > On 11/3/25 4:43 PM, Dev Jain wrote: >> >> On 03/11/25 12:33 pm, Qi Zheng wrote: >>> Hi Dev, >>> >>> On 11/3/25 2:37 PM, Dev Jain wrote: >>>> The implementation of CONFIG_PT_RECLAIM is completely contained in >>>> generic >>>> mm code. It depends on the RCU callback which will reclaim the >>>> pagetables - >>>> there is nothing arch-specific about that. So, enable this config for >>>> all architectures. >>> >>> Thanks for doing this! >>> >>> But unfortunately, not all architectures call tlb_remove_ptdesc() in >>> __pte_free_tlb(). Some architectures directly call pte_free() to >>> free PTE pages (without RCU). >> >> Thanks! This was not obvious to figure out. >> >> Is there an arch bottleneck because of which they do this? I mean to >> say, >> >> is something stopping us from simply redirecting __pte_free_tlb to >> tlb_remove_ptdesc > > Some architectures have special handling in __pte_free_tlb(), and cannot > simple redirect __pte_free_tlb() to tlb_remove_ptdesc(), such as m68k, > powerpc, etc. > > For those architectures that call pte_free() in __pte_free_tlb(), it > should be easy to modify them. > > If you're not in a rush, I can take the time to finish the above tasks. Right then, I'll leave that up to you! > >> >> or pte_free_defer? >> >> >> I am looking to enable this config at least on arm64 by default, I >> believe it will be legal >> >> to do this at least here. > > IIRC, arm64 can directly enable CONFIG_PT_RECLAIM, as it is supported > at the architecture level. > > Thanks, > Qi > >> >> >>> >>> We need to modify these architectures first, otherwise it will >>> lead to UAF. This approach is feasible because Hugh provides similar >>> support in pte_free_defer(). >>> >>> Enabling PT_RECLAIM on all architecture has always been on my >>> TODO list, but it's been blocked by other things. :( >>> >>> Thanks, >>> Qi >>> >>>> >>>> Signed-off-by: Dev Jain <dev.jain@arm.com> >>>> --- >>>> arch/x86/Kconfig | 1 - >>>> mm/Kconfig | 5 +---- >>>> mm/pt_reclaim.c | 2 +- >>>> 3 files changed, 2 insertions(+), 6 deletions(-) >>>> >>>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >>>> index fa3b616af03a..5681308a5650 100644 >>>> --- a/arch/x86/Kconfig >>>> +++ b/arch/x86/Kconfig >>>> @@ -327,7 +327,6 @@ config X86 >>>> select FUNCTION_ALIGNMENT_4B >>>> imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI >>>> select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE >>>> - select ARCH_SUPPORTS_PT_RECLAIM if X86_64 >>>> select ARCH_SUPPORTS_SCHED_SMT if SMP >>>> select SCHED_SMT if SMP >>>> select ARCH_SUPPORTS_SCHED_CLUSTER if SMP >>>> diff --git a/mm/Kconfig b/mm/Kconfig >>>> index 0e26f4fc8717..903c37d02555 100644 >>>> --- a/mm/Kconfig >>>> +++ b/mm/Kconfig >>>> @@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK >>>> The architecture has hardware support for userspace shadow >>>> call >>>> stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). >>>> -config ARCH_SUPPORTS_PT_RECLAIM >>>> - def_bool n >>>> - >>>> config PT_RECLAIM >>>> bool "reclaim empty user page table pages" >>>> default y >>>> - depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP >>>> + depends on MMU && SMP >>>> select MMU_GATHER_RCU_TABLE_FREE >>>> help >>>> Try to reclaim empty user page table pages in paths other >>>> than munmap >>>> diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c >>>> index 7e9455a18aae..049e17f08c6a 100644 >>>> --- a/mm/pt_reclaim.c >>>> +++ b/mm/pt_reclaim.c >>>> @@ -1,6 +1,6 @@ >>>> // SPDX-License-Identifier: GPL-2.0 >>>> #include <linux/hugetlb.h> >>>> -#include <asm-generic/tlb.h> >>>> +#include <asm/tlb.h> >>>> #include <asm/pgalloc.h> >>>> #include "internal.h" >>> > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures 2025-11-04 4:02 ` Dev Jain @ 2025-11-04 6:33 ` Qi Zheng 2025-11-04 13:13 ` Lance Yang 2025-11-04 13:15 ` Lance Yang 0 siblings, 2 replies; 9+ messages in thread From: Qi Zheng @ 2025-11-04 6:33 UTC (permalink / raw) To: Dev Jain, tglx, mingo, bp, dave.hansen, x86, catalin.marinas, will, akpm, david, hannes Cc: ryan.roberts, hpa, lorenzo.stoakes, Liam.Howlett, vbabka, ppt, surenb, mhocko, shakeel.butt, linux-kernel, linux-mm On 11/4/25 12:02 PM, Dev Jain wrote: > > On 03/11/25 2:37 pm, Qi Zheng wrote: >> Hi Dev, >> >> On 11/3/25 4:43 PM, Dev Jain wrote: >>> >>> On 03/11/25 12:33 pm, Qi Zheng wrote: >>>> Hi Dev, >>>> >>>> On 11/3/25 2:37 PM, Dev Jain wrote: >>>>> The implementation of CONFIG_PT_RECLAIM is completely contained in >>>>> generic >>>>> mm code. It depends on the RCU callback which will reclaim the >>>>> pagetables - >>>>> there is nothing arch-specific about that. So, enable this config for >>>>> all architectures. >>>> >>>> Thanks for doing this! >>>> >>>> But unfortunately, not all architectures call tlb_remove_ptdesc() in >>>> __pte_free_tlb(). Some architectures directly call pte_free() to >>>> free PTE pages (without RCU). >>> >>> Thanks! This was not obvious to figure out. >>> >>> Is there an arch bottleneck because of which they do this? I mean to >>> say, >>> >>> is something stopping us from simply redirecting __pte_free_tlb to >>> tlb_remove_ptdesc >> >> Some architectures have special handling in __pte_free_tlb(), and cannot >> simple redirect __pte_free_tlb() to tlb_remove_ptdesc(), such as m68k, >> powerpc, etc. >> >> For those architectures that call pte_free() in __pte_free_tlb(), it >> should be easy to modify them. >> >> If you're not in a rush, I can take the time to finish the above tasks. > > Right then, I'll leave that up to you! OK, I will do it ASAP. > > >> >>> >>> or pte_free_defer? >>> >>> >>> I am looking to enable this config at least on arm64 by default, I >>> believe it will be legal >>> >>> to do this at least here. >> >> IIRC, arm64 can directly enable CONFIG_PT_RECLAIM, as it is supported >> at the architecture level. >> >> Thanks, >> Qi >> >>> >>> >>>> >>>> We need to modify these architectures first, otherwise it will >>>> lead to UAF. This approach is feasible because Hugh provides similar >>>> support in pte_free_defer(). >>>> >>>> Enabling PT_RECLAIM on all architecture has always been on my >>>> TODO list, but it's been blocked by other things. :( >>>> >>>> Thanks, >>>> Qi >>>> >>>>> >>>>> Signed-off-by: Dev Jain <dev.jain@arm.com> >>>>> --- >>>>> arch/x86/Kconfig | 1 - >>>>> mm/Kconfig | 5 +---- >>>>> mm/pt_reclaim.c | 2 +- >>>>> 3 files changed, 2 insertions(+), 6 deletions(-) >>>>> >>>>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >>>>> index fa3b616af03a..5681308a5650 100644 >>>>> --- a/arch/x86/Kconfig >>>>> +++ b/arch/x86/Kconfig >>>>> @@ -327,7 +327,6 @@ config X86 >>>>> select FUNCTION_ALIGNMENT_4B >>>>> imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI >>>>> select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE >>>>> - select ARCH_SUPPORTS_PT_RECLAIM if X86_64 >>>>> select ARCH_SUPPORTS_SCHED_SMT if SMP >>>>> select SCHED_SMT if SMP >>>>> select ARCH_SUPPORTS_SCHED_CLUSTER if SMP >>>>> diff --git a/mm/Kconfig b/mm/Kconfig >>>>> index 0e26f4fc8717..903c37d02555 100644 >>>>> --- a/mm/Kconfig >>>>> +++ b/mm/Kconfig >>>>> @@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK >>>>> The architecture has hardware support for userspace shadow >>>>> call >>>>> stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). >>>>> -config ARCH_SUPPORTS_PT_RECLAIM >>>>> - def_bool n >>>>> - >>>>> config PT_RECLAIM >>>>> bool "reclaim empty user page table pages" >>>>> default y >>>>> - depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP >>>>> + depends on MMU && SMP >>>>> select MMU_GATHER_RCU_TABLE_FREE >>>>> help >>>>> Try to reclaim empty user page table pages in paths other >>>>> than munmap >>>>> diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c >>>>> index 7e9455a18aae..049e17f08c6a 100644 >>>>> --- a/mm/pt_reclaim.c >>>>> +++ b/mm/pt_reclaim.c >>>>> @@ -1,6 +1,6 @@ >>>>> // SPDX-License-Identifier: GPL-2.0 >>>>> #include <linux/hugetlb.h> >>>>> -#include <asm-generic/tlb.h> >>>>> +#include <asm/tlb.h> >>>>> #include <asm/pgalloc.h> >>>>> #include "internal.h" >>>> >> ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures 2025-11-04 6:33 ` Qi Zheng @ 2025-11-04 13:13 ` Lance Yang 2025-11-04 13:21 ` Dev Jain 2025-11-04 13:15 ` Lance Yang 1 sibling, 1 reply; 9+ messages in thread From: Lance Yang @ 2025-11-04 13:13 UTC (permalink / raw) To: zhengqi.arch, dev.jain Cc: Liam.Howlett, akpm, bp, catalin.marinas, dave.hansen, david, hannes, hpa, linux-kernel, linux-mm, lorenzo.stoakes, mhocko, mingo, ppt, ryan.roberts, shakeel.butt, surenb, tglx, vbabka, will, x86, Lance Yang From: Lance Yang <lance.yang@linux.dev> On Tue, 4 Nov 2025 14:33:00 +0800, Qi Zheng wrote: > > > On 11/4/25 12:02 PM, Dev Jain wrote: > > > > On 03/11/25 2:37 pm, Qi Zheng wrote: > >> Hi Dev, > >> > >> On 11/3/25 4:43 PM, Dev Jain wrote: > >>> > >>> On 03/11/25 12:33 pm, Qi Zheng wrote: > >>>> Hi Dev, > >>>> > >>>> On 11/3/25 2:37 PM, Dev Jain wrote: > >>>>> The implementation of CONFIG_PT_RECLAIM is completely contained in > >>>>> generic > >>>>> mm code. It depends on the RCU callback which will reclaim the > >>>>> pagetables - > >>>>> there is nothing arch-specific about that. So, enable this config for > >>>>> all architectures. > >>>> > >>>> Thanks for doing this! > >>>> > >>>> But unfortunately, not all architectures call tlb_remove_ptdesc() in > >>>> __pte_free_tlb(). Some architectures directly call pte_free() to > >>>> free PTE pages (without RCU). > >>> > >>> Thanks! This was not obvious to figure out. > >>> > >>> Is there an arch bottleneck because of which they do this? I mean to > >>> say, > >>> > >>> is something stopping us from simply redirecting __pte_free_tlb to > >>> tlb_remove_ptdesc > >> > >> Some architectures have special handling in __pte_free_tlb(), and cannot > >> simple redirect __pte_free_tlb() to tlb_remove_ptdesc(), such as m68k, > >> powerpc, etc. > >> > >> For those architectures that call pte_free() in __pte_free_tlb(), it > >> should be easy to modify them. > >> > >> If you're not in a rush, I can take the time to finish the above tasks. > > > > Right then, I'll leave that up to you! > > OK, I will do it ASAP. Cool! Looking forward to seeing that land ;p Cheers, Lance > > > > > > >> > >>> > >>> or pte_free_defer? > >>> > >>> > >>> I am looking to enable this config at least on arm64 by default, I > >>> believe it will be legal Great proposal, Dev! That looks like a very useful feature. Let's make it happen on arm64 ;) > >>> > >>> to do this at least here. > >> > >> IIRC, arm64 can directly enable CONFIG_PT_RECLAIM, as it is supported > >> at the architecture level. > >> > >> Thanks, > >> Qi > >> > >>> > >>> > >>>> > >>>> We need to modify these architectures first, otherwise it will > >>>> lead to UAF. This approach is feasible because Hugh provides similar > >>>> support in pte_free_defer(). > >>>> > >>>> Enabling PT_RECLAIM on all architecture has always been on my > >>>> TODO list, but it's been blocked by other things. :( > >>>> > >>>> Thanks, > >>>> Qi > >>>> > >>>>> > >>>>> Signed-off-by: Dev Jain <dev.jain@arm.com> > >>>>> --- > >>>>> arch/x86/Kconfig | 1 - > >>>>> mm/Kconfig | 5 +---- > >>>>> mm/pt_reclaim.c | 2 +- > >>>>> 3 files changed, 2 insertions(+), 6 deletions(-) > >>>>> > >>>>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > >>>>> index fa3b616af03a..5681308a5650 100644 > >>>>> --- a/arch/x86/Kconfig > >>>>> +++ b/arch/x86/Kconfig > >>>>> @@ -327,7 +327,6 @@ config X86 > >>>>> select FUNCTION_ALIGNMENT_4B > >>>>> imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI > >>>>> select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE > >>>>> - select ARCH_SUPPORTS_PT_RECLAIM if X86_64 > >>>>> select ARCH_SUPPORTS_SCHED_SMT if SMP > >>>>> select SCHED_SMT if SMP > >>>>> select ARCH_SUPPORTS_SCHED_CLUSTER if SMP > >>>>> diff --git a/mm/Kconfig b/mm/Kconfig > >>>>> index 0e26f4fc8717..903c37d02555 100644 > >>>>> --- a/mm/Kconfig > >>>>> +++ b/mm/Kconfig > >>>>> @@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK > >>>>> The architecture has hardware support for userspace shadow > >>>>> call > >>>>> stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). > >>>>> -config ARCH_SUPPORTS_PT_RECLAIM > >>>>> - def_bool n > >>>>> - > >>>>> config PT_RECLAIM > >>>>> bool "reclaim empty user page table pages" > >>>>> default y > >>>>> - depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP > >>>>> + depends on MMU && SMP > >>>>> select MMU_GATHER_RCU_TABLE_FREE > >>>>> help > >>>>> Try to reclaim empty user page table pages in paths other > >>>>> than munmap > >>>>> diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c > >>>>> index 7e9455a18aae..049e17f08c6a 100644 > >>>>> --- a/mm/pt_reclaim.c > >>>>> +++ b/mm/pt_reclaim.c > >>>>> @@ -1,6 +1,6 @@ > >>>>> // SPDX-License-Identifier: GPL-2.0 > >>>>> #include <linux/hugetlb.h> > >>>>> -#include <asm-generic/tlb.h> > >>>>> +#include <asm/tlb.h> > >>>>> #include <asm/pgalloc.h> > >>>>> #include "internal.h" > >>>> > >> > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures 2025-11-04 13:13 ` Lance Yang @ 2025-11-04 13:21 ` Dev Jain 0 siblings, 0 replies; 9+ messages in thread From: Dev Jain @ 2025-11-04 13:21 UTC (permalink / raw) To: Lance Yang, zhengqi.arch Cc: Liam.Howlett, akpm, bp, catalin.marinas, dave.hansen, david, hannes, hpa, linux-kernel, linux-mm, lorenzo.stoakes, mhocko, mingo, ppt, ryan.roberts, shakeel.butt, surenb, tglx, vbabka, will, x86, Lance Yang On 04/11/25 6:43 pm, Lance Yang wrote: > From: Lance Yang <lance.yang@linux.dev> > > > On Tue, 4 Nov 2025 14:33:00 +0800, Qi Zheng wrote: >> >> On 11/4/25 12:02 PM, Dev Jain wrote: >>> On 03/11/25 2:37 pm, Qi Zheng wrote: >>>> Hi Dev, >>>> >>>> On 11/3/25 4:43 PM, Dev Jain wrote: >>>>> On 03/11/25 12:33 pm, Qi Zheng wrote: >>>>>> Hi Dev, >>>>>> >>>>>> On 11/3/25 2:37 PM, Dev Jain wrote: >>>>>>> The implementation of CONFIG_PT_RECLAIM is completely contained in >>>>>>> generic >>>>>>> mm code. It depends on the RCU callback which will reclaim the >>>>>>> pagetables - >>>>>>> there is nothing arch-specific about that. So, enable this config for >>>>>>> all architectures. >>>>>> Thanks for doing this! >>>>>> >>>>>> But unfortunately, not all architectures call tlb_remove_ptdesc() in >>>>>> __pte_free_tlb(). Some architectures directly call pte_free() to >>>>>> free PTE pages (without RCU). >>>>> Thanks! This was not obvious to figure out. >>>>> >>>>> Is there an arch bottleneck because of which they do this? I mean to >>>>> say, >>>>> >>>>> is something stopping us from simply redirecting __pte_free_tlb to >>>>> tlb_remove_ptdesc >>>> Some architectures have special handling in __pte_free_tlb(), and cannot >>>> simple redirect __pte_free_tlb() to tlb_remove_ptdesc(), such as m68k, >>>> powerpc, etc. >>>> >>>> For those architectures that call pte_free() in __pte_free_tlb(), it >>>> should be easy to modify them. >>>> >>>> If you're not in a rush, I can take the time to finish the above tasks. >>> Right then, I'll leave that up to you! >> OK, I will do it ASAP. > Cool! Looking forward to seeing that land ;p > > Cheers, > Lance > >>> >>>>> or pte_free_defer? >>>>> >>>>> >>>>> I am looking to enable this config at least on arm64 by default, I >>>>> believe it will be legal > Great proposal, Dev! That looks like a very useful feature. Let's make it > happen on arm64 ;) Yup, but not sure whether an arm64 enabling patch, only for that to go away when Qi implements the feature generically, is worth the trouble! > >>>>> to do this at least here. >>>> IIRC, arm64 can directly enable CONFIG_PT_RECLAIM, as it is supported >>>> at the architecture level. >>>> >>>> Thanks, >>>> Qi >>>> >>>>> >>>>>> We need to modify these architectures first, otherwise it will >>>>>> lead to UAF. This approach is feasible because Hugh provides similar >>>>>> support in pte_free_defer(). >>>>>> >>>>>> Enabling PT_RECLAIM on all architecture has always been on my >>>>>> TODO list, but it's been blocked by other things. :( >>>>>> >>>>>> Thanks, >>>>>> Qi >>>>>> >>>>>>> Signed-off-by: Dev Jain <dev.jain@arm.com> >>>>>>> --- >>>>>>> arch/x86/Kconfig | 1 - >>>>>>> mm/Kconfig | 5 +---- >>>>>>> mm/pt_reclaim.c | 2 +- >>>>>>> 3 files changed, 2 insertions(+), 6 deletions(-) >>>>>>> >>>>>>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >>>>>>> index fa3b616af03a..5681308a5650 100644 >>>>>>> --- a/arch/x86/Kconfig >>>>>>> +++ b/arch/x86/Kconfig >>>>>>> @@ -327,7 +327,6 @@ config X86 >>>>>>> select FUNCTION_ALIGNMENT_4B >>>>>>> imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI >>>>>>> select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE >>>>>>> - select ARCH_SUPPORTS_PT_RECLAIM if X86_64 >>>>>>> select ARCH_SUPPORTS_SCHED_SMT if SMP >>>>>>> select SCHED_SMT if SMP >>>>>>> select ARCH_SUPPORTS_SCHED_CLUSTER if SMP >>>>>>> diff --git a/mm/Kconfig b/mm/Kconfig >>>>>>> index 0e26f4fc8717..903c37d02555 100644 >>>>>>> --- a/mm/Kconfig >>>>>>> +++ b/mm/Kconfig >>>>>>> @@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK >>>>>>> The architecture has hardware support for userspace shadow >>>>>>> call >>>>>>> stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). >>>>>>> -config ARCH_SUPPORTS_PT_RECLAIM >>>>>>> - def_bool n >>>>>>> - >>>>>>> config PT_RECLAIM >>>>>>> bool "reclaim empty user page table pages" >>>>>>> default y >>>>>>> - depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP >>>>>>> + depends on MMU && SMP >>>>>>> select MMU_GATHER_RCU_TABLE_FREE >>>>>>> help >>>>>>> Try to reclaim empty user page table pages in paths other >>>>>>> than munmap >>>>>>> diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c >>>>>>> index 7e9455a18aae..049e17f08c6a 100644 >>>>>>> --- a/mm/pt_reclaim.c >>>>>>> +++ b/mm/pt_reclaim.c >>>>>>> @@ -1,6 +1,6 @@ >>>>>>> // SPDX-License-Identifier: GPL-2.0 >>>>>>> #include <linux/hugetlb.h> >>>>>>> -#include <asm-generic/tlb.h> >>>>>>> +#include <asm/tlb.h> >>>>>>> #include <asm/pgalloc.h> >>>>>>> #include "internal.h" >> ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures 2025-11-04 6:33 ` Qi Zheng 2025-11-04 13:13 ` Lance Yang @ 2025-11-04 13:15 ` Lance Yang 1 sibling, 0 replies; 9+ messages in thread From: Lance Yang @ 2025-11-04 13:15 UTC (permalink / raw) To: zhengqi.arch, dev.jain Cc: Liam.Howlett, akpm, bp, catalin.marinas, dave.hansen, david, hannes, hpa, linux-kernel, linux-mm, lorenzo.stoakes, mhocko, mingo, ppt, ryan.roberts, shakeel.butt, surenb, tglx, vbabka, will, x86, Lance Yang From: Lance Yang <lance.yang@linux.dev> On Tue, 4 Nov 2025 14:33:00 +0800, Qi Zheng wrote: > > > On 11/4/25 12:02 PM, Dev Jain wrote: > > > > On 03/11/25 2:37 pm, Qi Zheng wrote: > >> Hi Dev, > >> > >> On 11/3/25 4:43 PM, Dev Jain wrote: > >>> > >>> On 03/11/25 12:33 pm, Qi Zheng wrote: > >>>> Hi Dev, > >>>> > >>>> On 11/3/25 2:37 PM, Dev Jain wrote: > >>>>> The implementation of CONFIG_PT_RECLAIM is completely contained in > >>>>> generic > >>>>> mm code. It depends on the RCU callback which will reclaim the > >>>>> pagetables - > >>>>> there is nothing arch-specific about that. So, enable this config for > >>>>> all architectures. > >>>> > >>>> Thanks for doing this! > >>>> > >>>> But unfortunately, not all architectures call tlb_remove_ptdesc() in > >>>> __pte_free_tlb(). Some architectures directly call pte_free() to > >>>> free PTE pages (without RCU). > >>> > >>> Thanks! This was not obvious to figure out. > >>> > >>> Is there an arch bottleneck because of which they do this? I mean to > >>> say, > >>> > >>> is something stopping us from simply redirecting __pte_free_tlb to > >>> tlb_remove_ptdesc > >> > >> Some architectures have special handling in __pte_free_tlb(), and cannot > >> simple redirect __pte_free_tlb() to tlb_remove_ptdesc(), such as m68k, > >> powerpc, etc. > >> > >> For those architectures that call pte_free() in __pte_free_tlb(), it > >> should be easy to modify them. > >> > >> If you're not in a rush, I can take the time to finish the above tasks. > > > > Right then, I'll leave that up to you! > > OK, I will do it ASAP. Cool! Looking forward to seeing that land ;p > > > > > > >> > >>> > >>> or pte_free_defer? > >>> > >>> > >>> I am looking to enable this config at least on arm64 by default, I > >>> believe it will be legal Great proposal, Dev! That looks like a very useful feature. Let's make it happen on arm64 ;) > >>> > >>> to do this at least here. > >> > >> IIRC, arm64 can directly enable CONFIG_PT_RECLAIM, as it is supported > >> at the architecture level. > >> > >> Thanks, > >> Qi > >> > >>> > >>> > >>>> > >>>> We need to modify these architectures first, otherwise it will > >>>> lead to UAF. This approach is feasible because Hugh provides similar > >>>> support in pte_free_defer(). > >>>> > >>>> Enabling PT_RECLAIM on all architecture has always been on my > >>>> TODO list, but it's been blocked by other things. :( > >>>> > >>>> Thanks, > >>>> Qi > >>>> > >>>>> > >>>>> Signed-off-by: Dev Jain <dev.jain@arm.com> > >>>>> --- > >>>>> arch/x86/Kconfig | 1 - > >>>>> mm/Kconfig | 5 +---- > >>>>> mm/pt_reclaim.c | 2 +- > >>>>> 3 files changed, 2 insertions(+), 6 deletions(-) > >>>>> > >>>>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > >>>>> index fa3b616af03a..5681308a5650 100644 > >>>>> --- a/arch/x86/Kconfig > >>>>> +++ b/arch/x86/Kconfig > >>>>> @@ -327,7 +327,6 @@ config X86 > >>>>> select FUNCTION_ALIGNMENT_4B > >>>>> imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI > >>>>> select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE > >>>>> - select ARCH_SUPPORTS_PT_RECLAIM if X86_64 > >>>>> select ARCH_SUPPORTS_SCHED_SMT if SMP > >>>>> select SCHED_SMT if SMP > >>>>> select ARCH_SUPPORTS_SCHED_CLUSTER if SMP > >>>>> diff --git a/mm/Kconfig b/mm/Kconfig > >>>>> index 0e26f4fc8717..903c37d02555 100644 > >>>>> --- a/mm/Kconfig > >>>>> +++ b/mm/Kconfig > >>>>> @@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK > >>>>> The architecture has hardware support for userspace shadow > >>>>> call > >>>>> stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). > >>>>> -config ARCH_SUPPORTS_PT_RECLAIM > >>>>> - def_bool n > >>>>> - > >>>>> config PT_RECLAIM > >>>>> bool "reclaim empty user page table pages" > >>>>> default y > >>>>> - depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP > >>>>> + depends on MMU && SMP > >>>>> select MMU_GATHER_RCU_TABLE_FREE > >>>>> help > >>>>> Try to reclaim empty user page table pages in paths other > >>>>> than munmap > >>>>> diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c > >>>>> index 7e9455a18aae..049e17f08c6a 100644 > >>>>> --- a/mm/pt_reclaim.c > >>>>> +++ b/mm/pt_reclaim.c > >>>>> @@ -1,6 +1,6 @@ > >>>>> // SPDX-License-Identifier: GPL-2.0 > >>>>> #include <linux/hugetlb.h> > >>>>> -#include <asm-generic/tlb.h> > >>>>> +#include <asm/tlb.h> > >>>>> #include <asm/pgalloc.h> > >>>>> #include "internal.h" > >>>> > >> > > ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2025-11-04 13:21 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2025-11-03 6:37 [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures Dev Jain 2025-11-03 7:03 ` Qi Zheng 2025-11-03 8:43 ` Dev Jain 2025-11-03 9:07 ` Qi Zheng 2025-11-04 4:02 ` Dev Jain 2025-11-04 6:33 ` Qi Zheng 2025-11-04 13:13 ` Lance Yang 2025-11-04 13:21 ` Dev Jain 2025-11-04 13:15 ` Lance Yang
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox