Create the new function tear_down_vmas() to remove a range of vmas.
exit_mmap() will be removing all the vmas.
This is necessary for future patches.
No functional changes intended.
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---
mm/mmap.c | 37 ++++++++++++++++++++++++-------------
1 file changed, 24 insertions(+), 13 deletions(-)
diff --git a/mm/mmap.c b/mm/mmap.c
index c4c315b480af7..0995a48b46d59 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1250,6 +1250,29 @@ int vm_brk_flags(unsigned long addr, unsigned long request, vm_flags_t vm_flags)
}
EXPORT_SYMBOL(vm_brk_flags);
+static inline
+unsigned long tear_down_vmas(struct mm_struct *mm, struct vma_iterator *vmi,
+ struct vm_area_struct *vma, unsigned long max)
+{
+ unsigned long nr_accounted = 0;
+ int count = 0;
+
+ mmap_assert_write_locked(mm);
+ vma_iter_set(vmi, vma->vm_end);
+ do {
+ if (vma->vm_flags & VM_ACCOUNT)
+ nr_accounted += vma_pages(vma);
+ vma_mark_detached(vma);
+ remove_vma(vma);
+ count++;
+ cond_resched();
+ vma = vma_next(vmi);
+ } while (vma && vma->vm_end <= max);
+
+ BUG_ON(count != mm->map_count);
+ return nr_accounted;
+}
+
/* Release all mmaps. */
void exit_mmap(struct mm_struct *mm)
{
@@ -1257,7 +1280,6 @@ void exit_mmap(struct mm_struct *mm)
struct vm_area_struct *vma;
unsigned long nr_accounted = 0;
VMA_ITERATOR(vmi, mm, 0);
- int count = 0;
/* mm's last user has gone, and its about to be pulled down */
mmu_notifier_release(mm);
@@ -1297,18 +1319,7 @@ void exit_mmap(struct mm_struct *mm)
* enabled, without holding any MM locks besides the unreachable
* mmap_write_lock.
*/
- vma_iter_set(&vmi, vma->vm_end);
- do {
- if (vma->vm_flags & VM_ACCOUNT)
- nr_accounted += vma_pages(vma);
- vma_mark_detached(vma);
- remove_vma(vma);
- count++;
- cond_resched();
- vma = vma_next(&vmi);
- } while (vma && likely(!xa_is_zero(vma)));
-
- BUG_ON(count != mm->map_count);
+ nr_accounted = tear_down_vmas(mm, &vmi, vma, ULONG_MAX);
destroy:
__mt_destroy(&mm->mm_mt);
--
2.47.2On Fri, Aug 15, 2025 at 03:10:27PM -0400, Liam R. Howlett wrote:
> Create the new function tear_down_vmas() to remove a range of vmas.
> exit_mmap() will be removing all the vmas.
>
> This is necessary for future patches.
>
> No functional changes intended.
>
> Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
This function is pure and complete insanity, but this change looks
good. Couple nits below.
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
> ---
> mm/mmap.c | 37 ++++++++++++++++++++++++-------------
> 1 file changed, 24 insertions(+), 13 deletions(-)
>
> diff --git a/mm/mmap.c b/mm/mmap.c
> index c4c315b480af7..0995a48b46d59 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -1250,6 +1250,29 @@ int vm_brk_flags(unsigned long addr, unsigned long request, vm_flags_t vm_flags)
> }
> EXPORT_SYMBOL(vm_brk_flags);
>
> +static inline
> +unsigned long tear_down_vmas(struct mm_struct *mm, struct vma_iterator *vmi,
> + struct vm_area_struct *vma, unsigned long max)
> +{
> + unsigned long nr_accounted = 0;
> + int count = 0;
> +
> + mmap_assert_write_locked(mm);
> + vma_iter_set(vmi, vma->vm_end);
> + do {
> + if (vma->vm_flags & VM_ACCOUNT)
> + nr_accounted += vma_pages(vma);
> + vma_mark_detached(vma);
> + remove_vma(vma);
> + count++;
> + cond_resched();
> + vma = vma_next(vmi);
> + } while (vma && vma->vm_end <= max);
> +
> + BUG_ON(count != mm->map_count);
Can we make this a WARN_ON() or WARN_ON_ONCE() while we're at it?
> + return nr_accounted;
> +}
> +
> /* Release all mmaps. */
> void exit_mmap(struct mm_struct *mm)
> {
> @@ -1257,7 +1280,6 @@ void exit_mmap(struct mm_struct *mm)
> struct vm_area_struct *vma;
> unsigned long nr_accounted = 0;
No need to initialise this to 0 any more.
> VMA_ITERATOR(vmi, mm, 0);
> - int count = 0;
>
> /* mm's last user has gone, and its about to be pulled down */
> mmu_notifier_release(mm);
> @@ -1297,18 +1319,7 @@ void exit_mmap(struct mm_struct *mm)
> * enabled, without holding any MM locks besides the unreachable
> * mmap_write_lock.
> */
> - vma_iter_set(&vmi, vma->vm_end);
> - do {
> - if (vma->vm_flags & VM_ACCOUNT)
> - nr_accounted += vma_pages(vma);
> - vma_mark_detached(vma);
> - remove_vma(vma);
> - count++;
> - cond_resched();
> - vma = vma_next(&vmi);
> - } while (vma && likely(!xa_is_zero(vma)));
> -
> - BUG_ON(count != mm->map_count);
> + nr_accounted = tear_down_vmas(mm, &vmi, vma, ULONG_MAX);
>
> destroy:
> __mt_destroy(&mm->mm_mt);
> --
> 2.47.2
>
* Lorenzo Stoakes <lorenzo.stoakes@oracle.com> [250819 14:38]:
> On Fri, Aug 15, 2025 at 03:10:27PM -0400, Liam R. Howlett wrote:
> > Create the new function tear_down_vmas() to remove a range of vmas.
> > exit_mmap() will be removing all the vmas.
> >
> > This is necessary for future patches.
> >
> > No functional changes intended.
> >
> > Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
>
> This function is pure and complete insanity, but this change looks
> good. Couple nits below.
>
> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
>
> > ---
> > mm/mmap.c | 37 ++++++++++++++++++++++++-------------
> > 1 file changed, 24 insertions(+), 13 deletions(-)
> >
> > diff --git a/mm/mmap.c b/mm/mmap.c
> > index c4c315b480af7..0995a48b46d59 100644
> > --- a/mm/mmap.c
> > +++ b/mm/mmap.c
> > @@ -1250,6 +1250,29 @@ int vm_brk_flags(unsigned long addr, unsigned long request, vm_flags_t vm_flags)
> > }
> > EXPORT_SYMBOL(vm_brk_flags);
> >
> > +static inline
> > +unsigned long tear_down_vmas(struct mm_struct *mm, struct vma_iterator *vmi,
> > + struct vm_area_struct *vma, unsigned long max)
> > +{
> > + unsigned long nr_accounted = 0;
> > + int count = 0;
> > +
> > + mmap_assert_write_locked(mm);
> > + vma_iter_set(vmi, vma->vm_end);
> > + do {
> > + if (vma->vm_flags & VM_ACCOUNT)
> > + nr_accounted += vma_pages(vma);
> > + vma_mark_detached(vma);
> > + remove_vma(vma);
> > + count++;
> > + cond_resched();
> > + vma = vma_next(vmi);
> > + } while (vma && vma->vm_end <= max);
> > +
> > + BUG_ON(count != mm->map_count);
>
> Can we make this a WARN_ON() or WARN_ON_ONCE() while we're at it?
Sure!
>
> > + return nr_accounted;
> > +}
> > +
> > /* Release all mmaps. */
> > void exit_mmap(struct mm_struct *mm)
> > {
> > @@ -1257,7 +1280,6 @@ void exit_mmap(struct mm_struct *mm)
> > struct vm_area_struct *vma;
> > unsigned long nr_accounted = 0;
>
> No need to initialise this to 0 any more.
There is a goto label below that skips calling the tear down, so this is
still needed.
Thanks,
Liam
On Wed, Sep 03, 2025 at 03:56:03PM -0400, Liam R. Howlett wrote:
> * Lorenzo Stoakes <lorenzo.stoakes@oracle.com> [250819 14:38]:
> > On Fri, Aug 15, 2025 at 03:10:27PM -0400, Liam R. Howlett wrote:
> > > Create the new function tear_down_vmas() to remove a range of vmas.
> > > exit_mmap() will be removing all the vmas.
> > >
> > > This is necessary for future patches.
> > >
> > > No functional changes intended.
> > >
> > > Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
> >
> > This function is pure and complete insanity, but this change looks
> > good. Couple nits below.
> >
> > Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
> >
> > > ---
> > > mm/mmap.c | 37 ++++++++++++++++++++++++-------------
> > > 1 file changed, 24 insertions(+), 13 deletions(-)
> > >
> > > diff --git a/mm/mmap.c b/mm/mmap.c
> > > index c4c315b480af7..0995a48b46d59 100644
> > > --- a/mm/mmap.c
> > > +++ b/mm/mmap.c
> > > @@ -1250,6 +1250,29 @@ int vm_brk_flags(unsigned long addr, unsigned long request, vm_flags_t vm_flags)
> > > }
> > > EXPORT_SYMBOL(vm_brk_flags);
> > >
> > > +static inline
> > > +unsigned long tear_down_vmas(struct mm_struct *mm, struct vma_iterator *vmi,
> > > + struct vm_area_struct *vma, unsigned long max)
> > > +{
> > > + unsigned long nr_accounted = 0;
> > > + int count = 0;
> > > +
> > > + mmap_assert_write_locked(mm);
> > > + vma_iter_set(vmi, vma->vm_end);
> > > + do {
> > > + if (vma->vm_flags & VM_ACCOUNT)
> > > + nr_accounted += vma_pages(vma);
> > > + vma_mark_detached(vma);
> > > + remove_vma(vma);
> > > + count++;
> > > + cond_resched();
> > > + vma = vma_next(vmi);
> > > + } while (vma && vma->vm_end <= max);
> > > +
> > > + BUG_ON(count != mm->map_count);
> >
> > Can we make this a WARN_ON() or WARN_ON_ONCE() while we're at it?
>
> Sure!
Thanks :)
>
> >
> > > + return nr_accounted;
> > > +}
> > > +
> > > /* Release all mmaps. */
> > > void exit_mmap(struct mm_struct *mm)
> > > {
> > > @@ -1257,7 +1280,6 @@ void exit_mmap(struct mm_struct *mm)
> > > struct vm_area_struct *vma;
> > > unsigned long nr_accounted = 0;
> >
> > No need to initialise this to 0 any more.
>
> There is a goto label below that skips calling the tear down, so this is
> still needed.
Ah yeah, sorry missed the goto destroy there. No worries then :)
>
> Thanks,
> Liam
© 2016 - 2026 Red Hat, Inc.