[PATCH 2/8] bpf: Recover arena kernel faults with scratch page
Alexei Starovoitov
alexei.starovoitov at gmail.com
Sun May 31 17:16:27 PDT 2026
On Sun May 31, 2026 at 10:47 AM PDT, Tejun Heo wrote:
> Hello,
>
> I posted the check removal [1], and Sashiko's review flagged a
> break-before-make problem with it [2] that I think is real.
ohh. interesting.
> So instead of just dropping the check, the install should route through an
> invalid entry rather than overwrite in place:
>
> while (!ptep_try_set(pte, mk_pte(page, PAGE_KERNEL))) {
> old = ptep_get(pte);
> if (pte_none(old))
> continue;
> if (WARN_ON_ONCE(pte_page(old) != arena->scratch_page))
> return -EBUSY;
> ptep_get_and_clear(&init_mm, addr, pte);
> broke_scratch = true;
> }
>
> ptep_try_set() only fills a none slot, so the slot goes scratch->none->page
> and never valid->valid, and the loop copes with a concurrent fault
> re-scratching it. This also closes the set_pte_at()-vs-ptep_try_set() race
> I raised earlier, since both sides are now cmpxchg. A broken scratch entry
> was live, so the caller flush_tlb_kernel_range()s those pages when
> broke_scratch is set, like arena_free_pages() already does after clearing.
Makes sense to me.
More information about the linux-arm-kernel
mailing list