Re: [PATCH v2 6/7] mm: add assertion for VMA count limit

Wed, 17 Sep 2025 09:20:08 -0700 

On 15.09.25 18:36, Kalesh Singh wrote:

Building on the vma_count helpers, add a VM_WARN_ON_ONCE() to detect
cases where the VMA count exceeds the sysctl_max_map_count limit.

This check will help catch future bugs or regressions where
the VMAs are allocated exceeding the limit.

The warning is placed in the main vma_count_*() helpers, while the
internal *_nocheck variants bypass it. _nocheck helpers are used to
ensure that the assertion does not trigger a false positive in
the legitimate case of a temporary VMA increase past the limit
by a VMA split in munmap().

Cc: Andrew Morton <a...@linux-foundation.org>
Cc: David Hildenbrand <da...@redhat.com>
Cc: "Liam R. Howlett" <liam.howl...@oracle.com>
Cc: Lorenzo Stoakes <lorenzo.stoa...@oracle.com>
Cc: Mike Rapoport <r...@kernel.org>
Cc: Minchan Kim <minc...@kernel.org>
Cc: Pedro Falcato <pfalc...@suse.de>
Signed-off-by: Kalesh Singh <kaleshsi...@google.com>
---

Changes in v2:
   - Add assertions if exceeding max_vma_count limit, per Pedro

  include/linux/mm.h               | 12 ++++++--
  mm/internal.h                    |  1 -
  mm/vma.c                         | 49 +++++++++++++++++++++++++-------
  tools/testing/vma/vma_internal.h |  7 ++++-
  4 files changed, 55 insertions(+), 14 deletions(-)

diff --git a/include/linux/mm.h b/include/linux/mm.h
index 8bad1454984c..3a3749d7015c 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -4219,19 +4219,27 @@ static inline bool snapshot_page_is_faithful(const 
struct page_snapshot *ps)
void snapshot_page(struct page_snapshot *ps, const struct page *page); +int vma_count_remaining(const struct mm_struct *mm); 
+
  static inline void vma_count_init(struct mm_struct *mm)
  {
        ACCESS_PRIVATE(mm, __vma_count) = 0;
  }
-static inline void vma_count_add(struct mm_struct *mm, int nr_vmas) 
+static inline void __vma_count_add_nocheck(struct mm_struct *mm, int nr_vmas)
  {
        ACCESS_PRIVATE(mm, __vma_count) += nr_vmas;
  }
+static inline void vma_count_add(struct mm_struct *mm, int nr_vmas) 
+{
+       VM_WARN_ON_ONCE(!vma_count_remaining(mm));
Can't that fire when changing the max count from user space at just the wrong time?
I assume we'll have to tolerated that and might just want to drop this patch from the series. 

--
Cheers

David / dhildenb

Reply via email to