[PATCH 2/8] bpf: Recover arena kernel faults with scratch page
David Hildenbrand (Arm)
david at kernel.org
Sun May 31 11:58:51 PDT 2026
On 5/31/26 19:47, Tejun Heo wrote:
> Hello,
>
> I posted the check removal [1], and Sashiko's review flagged a
> break-before-make problem with it [2] that I think is real.
Yeah, and as I raised previously, this is very questionable locking design :)
Either everybody works with atomics or nobody.
>
> The scratch page is a present PAGE_KERNEL mapping, so having
> apply_range_set_cb() overwrite it via set_pte_at() during
> bpf_arena_alloc_pages() is a valid->valid PFN change. I'm not familiar with
> arm at all. David, my understanding is that's a break-before-make violation
> on arm64, and that on any arch the stale TLB entry keeps resolving to the
> shared scratch page until it's flushed, so a later access can hit scratch
> instead of the new page. Is that what you were worried about?
>
> So instead of just dropping the check, the install should route through an
> invalid entry rather than overwrite in place:
>
> while (!ptep_try_set(pte, mk_pte(page, PAGE_KERNEL))) {
> old = ptep_get(pte);
> if (pte_none(old))
> continue;
> if (WARN_ON_ONCE(pte_page(old) != arena->scratch_page))
> return -EBUSY;
> ptep_get_and_clear(&init_mm, addr, pte);
> broke_scratch = true;
> }
We have to handle architectures where ptep_try_set() is not implemented (as I
tried with my variant).
--
Cheers,
David
More information about the linux-arm-kernel
mailing list