Re: [PATCH v2 5/6] s390/mm: Batch PTE updates in lazy MMU mode

Next message: Hans de Goede: "Re: Linux 7.1-rc1"
Previous message: Kairui Song: "Re: [BUG] KASAN: user-memory-access in free_pgtables"
In reply to: Heiko Carstens: "Re: [PATCH v2 5/6] s390/mm: Batch PTE updates in lazy MMU mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexander Gordeev

Date: Wed Apr 29 2026 - 04:46:39 EST

On Thu, Apr 23, 2026 at 02:28:24PM +0200, Heiko Carstens wrote:
> > With this change, the system calls do:
> >
> > lazy_mmu_mode_enable_pte()
> > ...
> > <store new PTE values in the per-CPU cache>
> > ...
> > lazy_mmu_mode_disable() // apply cache with one multi-IPTE
>
> I think what is not necessarily immediately obvious: this approach must assure
> that within such a lazy mmu section there is not a single occurrence of code
> which doesn't use the above mentioned modified primitives to dereference page
> table entry pointers.

So ideally I would do something like __private for pte_t, but I did not
manage to circumvent sparse false positives neither with a scalar pte_t,
nor with a struct. It is as well-known sparse limitation, if I am not
mistaken.

> Directly dereferencing such pointers would bypass the cache and lead to
> incorrect results. Therefore we do need some mechanism which makes sure this
> cannot happen. Preferebly that would happen at compile time with static code
> analysis. Alternatively your Kasan implementation would be helpful to find
> something like that after-the-fact.

So it appears the only solution ;(

> However in any case we need something to address this problem.

Thanks!