Re: [RFC PATCH] mm: Enable CONFIG_PT_RECLAIM on all architectures

From: Qi Zheng
Date: Tue Nov 04 2025 - 01:33:24 EST



On 11/4/25 12:02 PM, Dev Jain wrote:

On 03/11/25 2:37 pm, Qi Zheng wrote:
Hi Dev,

On 11/3/25 4:43 PM, Dev Jain wrote:

On 03/11/25 12:33 pm, Qi Zheng wrote:
Hi Dev,

On 11/3/25 2:37 PM, Dev Jain wrote:
The implementation of CONFIG_PT_RECLAIM is completely contained in generic
mm code. It depends on the RCU callback which will reclaim the pagetables -
there is nothing arch-specific about that. So, enable this config for
all architectures.

Thanks for doing this!

But unfortunately, not all architectures call tlb_remove_ptdesc() in
__pte_free_tlb(). Some architectures directly call pte_free() to
free PTE pages (without RCU).

Thanks! This was not obvious to figure out.

Is there an arch bottleneck because of which they do this? I mean to say,

is something stopping us from simply redirecting __pte_free_tlb to tlb_remove_ptdesc

Some architectures have special handling in __pte_free_tlb(), and cannot
simple redirect __pte_free_tlb() to tlb_remove_ptdesc(), such as m68k,
powerpc, etc.

For those architectures that call pte_free() in __pte_free_tlb(), it
should be easy to modify them.

If you're not in a rush, I can take the time to finish the above tasks.

Right then, I'll leave that up to you!

OK, I will do it ASAP.





or pte_free_defer?


I am looking to enable this config at least on arm64 by default, I believe it will be legal

to do this at least here.

IIRC, arm64 can directly enable CONFIG_PT_RECLAIM, as it is supported
at the architecture level.

Thanks,
Qi




We need to modify these architectures first, otherwise it will
lead to UAF. This approach is feasible because Hugh provides similar
support in pte_free_defer().

Enabling PT_RECLAIM on all architecture has always been on my
TODO list, but it's been blocked by other things. :(

Thanks,
Qi


Signed-off-by: Dev Jain <dev.jain@xxxxxxx>
---
  arch/x86/Kconfig | 1 -
  mm/Kconfig       | 5 +----
  mm/pt_reclaim.c  | 2 +-
  3 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index fa3b616af03a..5681308a5650 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -327,7 +327,6 @@ config X86
      select FUNCTION_ALIGNMENT_4B
      imply IMA_SECURE_AND_OR_TRUSTED_BOOT    if EFI
      select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
-    select ARCH_SUPPORTS_PT_RECLAIM        if X86_64
      select ARCH_SUPPORTS_SCHED_SMT        if SMP
      select SCHED_SMT            if SMP
      select ARCH_SUPPORTS_SCHED_CLUSTER    if SMP
diff --git a/mm/Kconfig b/mm/Kconfig
index 0e26f4fc8717..903c37d02555 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -1355,13 +1355,10 @@ config ARCH_HAS_USER_SHADOW_STACK
        The architecture has hardware support for userspace shadow call
            stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss).
  -config ARCH_SUPPORTS_PT_RECLAIM
-    def_bool n
-
  config PT_RECLAIM
      bool "reclaim empty user page table pages"
      default y
-    depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP
+    depends on MMU && SMP
      select MMU_GATHER_RCU_TABLE_FREE
      help
        Try to reclaim empty user page table pages in paths other than munmap
diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c
index 7e9455a18aae..049e17f08c6a 100644
--- a/mm/pt_reclaim.c
+++ b/mm/pt_reclaim.c
@@ -1,6 +1,6 @@
  // SPDX-License-Identifier: GPL-2.0
  #include <linux/hugetlb.h>
-#include <asm-generic/tlb.h>
+#include <asm/tlb.h>
  #include <asm/pgalloc.h>
    #include "internal.h"