Re: [PATCH bpf-next] arm64: mm: Complete the PTE store in ptep_try_set()

Next message: syzbot: "[syzbot] Monthly kvm report (Jun 2026)"
Previous message: Dmitry Baryshkov: "Re: [PATCH v2 1/2] media: qcom: iris: Add gop size support for gen1 encoder"
In reply to: Tejun Heo: "Re: [PATCH bpf-next] arm64: mm: Complete the PTE store in ptep_try_set()"
Next in thread: Kumar Kartikeya Dwivedi: "Re: [PATCH bpf-next] bpf: Replace scratch PTE atomically when allocating arena pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Catalin Marinas

Date: Sun Jun 07 2026 - 16:32:04 EST

On Sun, Jun 07, 2026 at 10:04:19AM -1000, Tejun Heo wrote:
> > Can this path actually loop, or is the deferred barrier guaranteed to be
> > flushed before the faulting instruction is retried?
>
> I don't know the arm64 paths well enough to say. What I can see is that
> ptep_try_set() only runs as an apply_to_page_range() callback, and
> apply_to_pte_range() brackets it with lazy_mmu_mode_enable()/disable(), with
> the disable() flushing TIF_LAZY_MMU_PENDING before returning. The barriers
> would land before the access is retried. It also looks like the same
> queue_pte_barriers() path __set_pte() already uses. I'd defer to Catalin and
> the arm64 folks on whether that actually closes the case.

I don't fully understand the BPF parts but I think the bots have a
point. If a BPF kprobe fires while we are in lazy mmu mode,
__set_pte_complete() will defer issuing the barriers.

I think better to just call emit_pte_barriers() directly. If
ptep_try_set() is always called with valid kernel ptes, we can skip the
if (pte_valid_not_user()) check as well (which was just an optimisation
anyway).

--
Catalin