On 2/5/26 18:06, David Hildenbrand (Arm) wrote:
On 2/5/26 17:48, Matthew Wilcox wrote:
On Fri, Feb 06, 2026 at 12:30:56AM +0800, Lance Yang wrote:
The issue is we're about to free the page table (e.g.
pmdp_collapse_flush()).
We have to ensure no walker is still doing a lockless page-table walk
when the page directories are freed, otherwise we get use-after-free.
But can't we RCU-free the page table? Why do we need to wait for the
RCU readers to finish?
For unsharing hugetlb PMD tables the problem is not the freeing but the
reuse of the PMD table for other purposes in the last remaining user.
It's complicated.
For page table freeing, we only do it if we fail to allocate memory --
if we cannot use RCU IIRC.
khugepaged, no idea.
Now that I had dinner my memory comes back: for khugepaged, we have to
make sure there is no concurrent GUP-fast before collapsing and
(possibly) freeing the page table / re-depositing it.
--
Cheers,
David
