Re: [PATCH bpf-next] bpf: Replace scratch PTE atomically when allocating arena pages

Next message: John Groves: "Re: [PATCH V6 0/2] daxctl: Add support for famfs mode"
Previous message: Barry Song: "Re: [PATCH 0/15] mm: introduce ANON_VMA_LAZY for deferred anon_vma creation"
In reply to: Catalin Marinas: "Re: [PATCH bpf-next] bpf: Replace scratch PTE atomically when allocating arena pages"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH bpf-next] bpf: Replace scratch PTE atomically when allocating arena pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kumar Kartikeya Dwivedi

Date: Tue Jun 02 2026 - 18:32:14 EST

On Mon Jun 1, 2026 at 8:37 PM CEST, Tejun Heo wrote:
> apply_range_set_cb() maps the pages for a new arena allocation and returned
> -EBUSY when the target PTE was already populated. Kernel-fault recovery
> leaves the per-arena scratch page in unallocated arena PTEs, so a later
> bpf_arena_alloc_pages() over such a page hits that -EBUSY, and every
> subsequent allocation of it fails the same way. Allocation must install the
> real page over scratch instead.
>
> Overwriting the scratch PTE in place is a valid->valid change, which arm64
> forbids without break-before-make. Route through an invalid entry instead:
> ptep_try_set() fills only a none slot, so the PTE goes scratch->none->page.
> On finding scratch, clear it and flush_tlb_before_set() before retrying. The
> new flush_tlb_before_set() is a no-op except on arches like arm64 that need
> the break-before-make TLB invalidate. The loop also copes with a concurrent
> fault re-scratching the slot.
>
> Arches without ptep_try_set() never install the scratch page, so keep the
> must-be-empty check and set_pte_at() for them.
>
> Fixes: dc11a4dba246 ("bpf: Recover arena kernel faults with scratch page")
> Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
> Cc: Alexei Starovoitov <ast@xxxxxxxxxx>
> Cc: David Hildenbrand <david@xxxxxxxxxx>
> ---
>

Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>