On Mon, Jun 08, 2026 at 08:39:10PM +0200, David Hildenbrand (Arm) wrote:
> On 6/8/26 17:27, Zi Yan wrote:
> > On 8 Jun 2026, at 7:08, David Hildenbrand (Arm) wrote:
> >
> > Or should we defer zeroing after a page is returned from allocator? So that
> > user_addr does not need to be passed through irrelevant allocation APIs.
> > Something like:
> >
> > alloc_page_wrapper(gfp, order, user_addr)
> > {
> > page = alloc_pages();
> > if (gfp & __GFP_ZERO)
> > clear_page(page);
> > }
> >
>
> Not really sure what's best here. I think we'd want to limit the lifting to
> some
> internal API, so it cannot easily be messed up by random kernel code calling
> into the wrong API and not getting pages cleared.
>
We're a bit in circles on this. We discussed explicit interfaces a few
months back and the trade off was:
a) add user_addr to the existing API and cause churn
or
b) add special interface like above
increase the buddy surface
leaves open the ability for users to get it wrong easily
If we forget VMs for a moment and break this step out separately, the
core question is whether page_alloc.c is the right place to be calling
the folio_user_zero() or whatever it is.
We seem to have agreed "yes", which necessitates the plumbing of the
address into the allocator. The question is whether it should churn the
existing interface for have its own explicit interface.
The implications of getting it wrong are: a user page doesn't get
zeroed. *oof*
I think that's why we thought the churn was better. But considering
we're already in the same state now (callers are responsible for calling
folio_user_zero() or whatever), maybe that's not horrid?
~Gregory
