From: Deepanshu Kartikey <kartikey406@gmail.com>
To: Ackerley Tng <ackerleytng@google.com>
Cc: "David Hildenbrand (Arm)" <david@kernel.org>,
akpm@linux-foundation.org, lorenzo.stoakes@oracle.com,
baolin.wang@linux.alibaba.com, Liam.Howlett@oracle.com,
npache@redhat.com, ryan.roberts@arm.com, dev.jain@arm.com,
baohua@kernel.org, seanjc@google.com, pbonzini@redhat.com,
michael.roth@amd.com, vannapurve@google.com, ziy@nvidia.com,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
syzbot+33a04338019ac7e43a44@syzkaller.appspotmail.com
Subject: Re: [PATCH] mm: thp: Deny THP for guest_memfd and secretmem in file_thp_enabled()
Date: Wed, 11 Feb 2026 07:29:23 +0530 [thread overview]
Message-ID: <CADhLXY6PxJ3q5Q_aqMPSKcPQVA66T0+6Eud4ghv3AQH2ZdMV6g@mail.gmail.com> (raw)
In-Reply-To: <CAEvNRgGg245-TQn2HFSadZ7gmz-FxsAQ6=N14BUgiYGHhZeLeQ@mail.gmail.com>
On Wed, Feb 11, 2026 at 4:30 AM Ackerley Tng <ackerleytng@google.com> wrote:
>
> "David Hildenbrand (Arm)" <david@kernel.org> writes:
>
> >>> BUT, something just occurred to me.
> >>>
> >>> We added the mc-handling in
> >>>
> >>> commit 98c76c9f1ef7599b39bfd4bd99b8a760d4a8cd3b
> >>> Author: Jiaqi Yan <jiaqiyan@google.com>
> >>> Date: Wed Mar 29 08:11:19 2023 -0700
> >>>
> >>> mm/khugepaged: recover from poisoned anonymous memory
> >>>
> >>> ..
> >>>
> >>> So I assume kernels before that would crash when collapsing?
> >>>
> >>> Looking at 5.15.199, it does not contain 98c76c9f1e [1].
> >>>
> >>> So I suspect we need a fix+stable backport.
> >>>
> >>> Who volunteers to try a secretmem reproducer on a stable kernel? :)
> >>>
> >>
> >> I could give this a shot. 5.15.199 doesn't have AS_INACCESSIBLE. Should
> >> we backport AS_INACCESSIBLE there or could the fix for 5.15.199 just be
> >> special-casing secretmem like you suggested below?
> >
> > Yes. If there is no guest_memfd we wouldn't need it.
> >
>
> Seems like on 5.15.199 there's a hugepage_vma_check(), which will return
> false since secretmem has vma->vm_ops defined [1], so secretmem VMAs are
> skipped.
>
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/mm/khugepaged.c?h=v5.15.199#n469
>
> >>
> >>>
> >>> The following is a bit nasty as well but should do the trick until we rip
> >>> out the CONFIG_READ_ONLY_THP_FOR_FS stuff.
> >>>
> >>>
> >>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> >>> index 03886d4ccecc..4ac1cb36b861 100644
> >>> --- a/mm/huge_memory.c
> >>> +++ b/mm/huge_memory.c
> >>> @@ -40,6 +40,7 @@
> >>> #include <linux/pgalloc.h>
> >>> #include <linux/pgalloc_tag.h>
> >>> #include <linux/pagewalk.h>
> >>> +#include <linux/secretmem.h>
> >>>
> >>> #include <asm/tlb.h>
> >>> #include "internal.h"
> >>> @@ -94,6 +95,10 @@ static inline bool file_thp_enabled(struct vm_area_struct *vma)
> >>>
> >>> inode = file_inode(vma->vm_file);
> >>>
> >>> + if (mapping_inaccessible(inode->i_mapping) ||
> >>> + secretmem_mapping(inode->i_mapping))
> >>> + return false;
> >>> +
>
> Regarding checking mapping, is there any chance of racing with inode
> release? (Might the mapping be freed?)
>
> >>
I don't think so. file_thp_enabled() is called from
__thp_vma_allowable_orders(), which is reached via khugepaged,
MADV_COLLAPSE, or page faults. All these paths hold mmap_lock and
operate on a valid VMA. The VMA holds a reference to the file
(vma->vm_file), which holds a reference on the inode, so the inode
and its mapping cannot be freed while we are checking it..
next prev parent reply other threads:[~2026-02-11 1:59 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-09 3:35 Deepanshu Kartikey
2026-02-09 10:24 ` David Hildenbrand (Arm)
2026-02-09 10:41 ` David Hildenbrand (Arm)
2026-02-09 13:06 ` Deepanshu Kartikey
2026-02-09 18:22 ` Ackerley Tng
2026-02-09 19:45 ` David Hildenbrand (Arm)
2026-02-09 20:13 ` David Hildenbrand (Arm)
2026-02-09 21:31 ` Ackerley Tng
2026-02-10 9:33 ` David Hildenbrand (Arm)
2026-02-10 23:00 ` Ackerley Tng
2026-02-11 0:58 ` Ackerley Tng
2026-02-11 2:01 ` Deepanshu Kartikey
2026-02-11 9:29 ` David Hildenbrand (Arm)
2026-02-11 16:16 ` Ackerley Tng
2026-02-11 16:35 ` David Hildenbrand (Arm)
2026-02-11 16:44 ` David Hildenbrand (Arm)
2026-02-11 1:59 ` Deepanshu Kartikey [this message]
2026-02-11 9:28 ` David Hildenbrand (Arm)
2026-02-11 14:50 ` Deepanshu Kartikey
2026-02-11 15:38 ` Ackerley Tng
2026-02-11 16:45 ` David Hildenbrand (Arm)
2026-02-12 22:19 ` Ackerley Tng
2026-02-13 5:02 ` Deepanshu Kartikey
2026-02-13 9:06 ` David Hildenbrand (Arm)
2026-02-21 4:37 ` Deepanshu Kartikey
2026-02-10 1:51 ` Deepanshu Kartikey
2026-02-10 9:33 ` David Hildenbrand (Arm)
2026-02-09 23:37 ` kernel test robot
2026-02-10 17:51 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CADhLXY6PxJ3q5Q_aqMPSKcPQVA66T0+6Eud4ghv3AQH2ZdMV6g@mail.gmail.com \
--to=kartikey406@gmail.com \
--cc=Liam.Howlett@oracle.com \
--cc=ackerleytng@google.com \
--cc=akpm@linux-foundation.org \
--cc=baohua@kernel.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=david@kernel.org \
--cc=dev.jain@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=michael.roth@amd.com \
--cc=npache@redhat.com \
--cc=pbonzini@redhat.com \
--cc=ryan.roberts@arm.com \
--cc=seanjc@google.com \
--cc=syzbot+33a04338019ac7e43a44@syzkaller.appspotmail.com \
--cc=vannapurve@google.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox