From: Shivam Kalra <shivamkalra98@zohomail.in>
Extract the page-freeing loop and NR_VMALLOC stat accounting from
vfree() into a reusable vm_area_free_pages() helper. The helper operates
on a range [start, end) of pages from a vm_struct, making it suitable
for both full free (vfree) and partial free (upcoming vrealloc shrink).
Freed page pointers in vm->pages[] are set to NULL to prevent stale
references when the vm_struct outlives the free (as in vrealloc shrink).
Signed-off-by: Shivam Kalra <shivamkalra98@zohomail.in>
---
mm/vmalloc.c | 47 +++++++++++++++++++++++++++++++++--------------
1 file changed, 33 insertions(+), 14 deletions(-)
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index c607307c657a..b29bf58c0e3f 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -3416,6 +3416,38 @@ void vfree_atomic(const void *addr)
schedule_work(&p->wq);
}
+/*
+ * vm_area_free_pages - free a range of pages from a vmalloc allocation
+ * @vm: the vm_struct containing the pages
+ * @start: first page index to free (inclusive)
+ * @end: last page index to free (exclusive)
+ *
+ * Free pages [start, end) updating NR_VMALLOC stat accounting.
+ * Freed vm->pages[] entries are set to NULL.
+ * Caller is responsible for unmapping (vunmap_range) and KASAN
+ * poisoning before calling this.
+ */
+static void vm_area_free_pages(struct vm_struct *vm, unsigned int start,
+ unsigned int end)
+{
+ unsigned int i;
+
+ for (i = start; i < end; i++) {
+ struct page *page = vm->pages[i];
+
+ BUG_ON(!page);
+ /*
+ * High-order allocs for huge vmallocs are split, so
+ * can be freed as an array of order-0 allocations
+ */
+ if (!(vm->flags & VM_MAP_PUT_PAGES))
+ mod_lruvec_page_state(page, NR_VMALLOC, -1);
+ __free_page(page);
+ vm->pages[i] = NULL;
+ cond_resched();
+ }
+}
+
/**
* vfree - Release memory allocated by vmalloc()
* @addr: Memory base address
@@ -3436,7 +3468,6 @@ void vfree_atomic(const void *addr)
void vfree(const void *addr)
{
struct vm_struct *vm;
- int i;
if (unlikely(in_interrupt())) {
vfree_atomic(addr);
@@ -3459,19 +3490,7 @@ void vfree(const void *addr)
if (unlikely(vm->flags & VM_FLUSH_RESET_PERMS))
vm_reset_perms(vm);
- for (i = 0; i < vm->nr_pages; i++) {
- struct page *page = vm->pages[i];
-
- BUG_ON(!page);
- /*
- * High-order allocs for huge vmallocs are split, so
- * can be freed as an array of order-0 allocations
- */
- if (!(vm->flags & VM_MAP_PUT_PAGES))
- mod_lruvec_page_state(page, NR_VMALLOC, -1);
- __free_page(page);
- cond_resched();
- }
+ vm_area_free_pages(vm, 0, vm->nr_pages);
kvfree(vm->pages);
kfree(vm);
}
--
2.43.0On Tue, Mar 17, 2026 at 01:47:33PM +0530, Shivam Kalra via B4 Relay wrote:
> From: Shivam Kalra <shivamkalra98@zohomail.in>
>
> Extract the page-freeing loop and NR_VMALLOC stat accounting from
> vfree() into a reusable vm_area_free_pages() helper. The helper operates
> on a range [start, end) of pages from a vm_struct, making it suitable
> for both full free (vfree) and partial free (upcoming vrealloc shrink).
>
> Freed page pointers in vm->pages[] are set to NULL to prevent stale
> references when the vm_struct outlives the free (as in vrealloc shrink).
>
> Signed-off-by: Shivam Kalra <shivamkalra98@zohomail.in>
> ---
> mm/vmalloc.c | 47 +++++++++++++++++++++++++++++++++--------------
> 1 file changed, 33 insertions(+), 14 deletions(-)
>
> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> index c607307c657a..b29bf58c0e3f 100644
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -3416,6 +3416,38 @@ void vfree_atomic(const void *addr)
> schedule_work(&p->wq);
> }
>
> +/*
> + * vm_area_free_pages - free a range of pages from a vmalloc allocation
> + * @vm: the vm_struct containing the pages
> + * @start: first page index to free (inclusive)
> + * @end: last page index to free (exclusive)
> + *
> + * Free pages [start, end) updating NR_VMALLOC stat accounting.
> + * Freed vm->pages[] entries are set to NULL.
> + * Caller is responsible for unmapping (vunmap_range) and KASAN
> + * poisoning before calling this.
> + */
> +static void vm_area_free_pages(struct vm_struct *vm, unsigned int start,
> + unsigned int end)
> +{
> + unsigned int i;
> +
> + for (i = start; i < end; i++) {
> + struct page *page = vm->pages[i];
> +
> + BUG_ON(!page);
> + /*
> + * High-order allocs for huge vmallocs are split, so
> + * can be freed as an array of order-0 allocations
> + */
> + if (!(vm->flags & VM_MAP_PUT_PAGES))
> + mod_lruvec_page_state(page, NR_VMALLOC, -1);
> + __free_page(page);
> + vm->pages[i] = NULL;
> + cond_resched();
> + }
> +}
> +
>
Since you will update second patch, probably you can also improve this
one. To me start/end variables sound like a VA range whereas it is
indices in the array.
Any thoughts?
--
Uladzislau Rezki
On 18/03/26 23:23, Uladzislau Rezki wrote:
> On Tue, Mar 17, 2026 at 01:47:33PM +0530, Shivam Kalra via B4 Relay wrote:
>> From: Shivam Kalra <shivamkalra98@zohomail.in>
>>
>> Extract the page-freeing loop and NR_VMALLOC stat accounting from
>> vfree() into a reusable vm_area_free_pages() helper. The helper operates
>> on a range [start, end) of pages from a vm_struct, making it suitable
>> for both full free (vfree) and partial free (upcoming vrealloc shrink).
>>
>> Freed page pointers in vm->pages[] are set to NULL to prevent stale
>> references when the vm_struct outlives the free (as in vrealloc shrink).
>>
>> Signed-off-by: Shivam Kalra <shivamkalra98@zohomail.in>
>> ---
>> mm/vmalloc.c | 47 +++++++++++++++++++++++++++++++++--------------
>> 1 file changed, 33 insertions(+), 14 deletions(-)
>>
>> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
>> index c607307c657a..b29bf58c0e3f 100644
>> --- a/mm/vmalloc.c
>> +++ b/mm/vmalloc.c
>> @@ -3416,6 +3416,38 @@ void vfree_atomic(const void *addr)
>> schedule_work(&p->wq);
>> }
>>
>> +/*
>> + * vm_area_free_pages - free a range of pages from a vmalloc allocation
>> + * @vm: the vm_struct containing the pages
>> + * @start: first page index to free (inclusive)
>> + * @end: last page index to free (exclusive)
>> + *
>> + * Free pages [start, end) updating NR_VMALLOC stat accounting.
>> + * Freed vm->pages[] entries are set to NULL.
>> + * Caller is responsible for unmapping (vunmap_range) and KASAN
>> + * poisoning before calling this.
>> + */
>> +static void vm_area_free_pages(struct vm_struct *vm, unsigned int start,
>> + unsigned int end)
>> +{
>> + unsigned int i;
>> +
>> + for (i = start; i < end; i++) {
>> + struct page *page = vm->pages[i];
>> +
>> + BUG_ON(!page);
>> + /*
>> + * High-order allocs for huge vmallocs are split, so
>> + * can be freed as an array of order-0 allocations
>> + */
>> + if (!(vm->flags & VM_MAP_PUT_PAGES))
>> + mod_lruvec_page_state(page, NR_VMALLOC, -1);
>> + __free_page(page);
>> + vm->pages[i] = NULL;
>> + cond_resched();
>> + }
>> +}
>> +
>>
> Since you will update second patch, probably you can also improve this
> one. To me start/end variables sound like a VA range whereas it is
> indices in the array.
>
> Any thoughts?
>
> --
> Uladzislau Rezki
Oops, replied to the wrong thread! But regarding start/end, yes you're
absolutely right. I will rename them to start_idx and end_idx to make it
clear they are array indices in the next version
On 18/03/26 23:23, Uladzislau Rezki wrote:
> On Tue, Mar 17, 2026 at 01:47:33PM +0530, Shivam Kalra via B4 Relay wrote:
>> From: Shivam Kalra <shivamkalra98@zohomail.in>
>>
>> Extract the page-freeing loop and NR_VMALLOC stat accounting from
>> vfree() into a reusable vm_area_free_pages() helper. The helper operates
>> on a range [start, end) of pages from a vm_struct, making it suitable
>> for both full free (vfree) and partial free (upcoming vrealloc shrink).
>>
>> Freed page pointers in vm->pages[] are set to NULL to prevent stale
>> references when the vm_struct outlives the free (as in vrealloc shrink).
>>
>> Signed-off-by: Shivam Kalra <shivamkalra98@zohomail.in>
>> ---
>> mm/vmalloc.c | 47 +++++++++++++++++++++++++++++++++--------------
>> 1 file changed, 33 insertions(+), 14 deletions(-)
>>
>> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
>> index c607307c657a..b29bf58c0e3f 100644
>> --- a/mm/vmalloc.c
>> +++ b/mm/vmalloc.c
>> @@ -3416,6 +3416,38 @@ void vfree_atomic(const void *addr)
>> schedule_work(&p->wq);
>> }
>>
>> +/*
>> + * vm_area_free_pages - free a range of pages from a vmalloc allocation
>> + * @vm: the vm_struct containing the pages
>> + * @start: first page index to free (inclusive)
>> + * @end: last page index to free (exclusive)
>> + *
>> + * Free pages [start, end) updating NR_VMALLOC stat accounting.
>> + * Freed vm->pages[] entries are set to NULL.
>> + * Caller is responsible for unmapping (vunmap_range) and KASAN
>> + * poisoning before calling this.
>> + */
>> +static void vm_area_free_pages(struct vm_struct *vm, unsigned int start,
>> + unsigned int end)
>> +{
>> + unsigned int i;
>> +
>> + for (i = start; i < end; i++) {
>> + struct page *page = vm->pages[i];
>> +
>> + BUG_ON(!page);
>> + /*
>> + * High-order allocs for huge vmallocs are split, so
>> + * can be freed as an array of order-0 allocations
>> + */
>> + if (!(vm->flags & VM_MAP_PUT_PAGES))
>> + mod_lruvec_page_state(page, NR_VMALLOC, -1);
>> + __free_page(page);
>> + vm->pages[i] = NULL;
>> + cond_resched();
>> + }
>> +}
>> +
>>
> Since you will update second patch, probably you can also improve this
> one. To me start/end variables sound like a VA range whereas it is
> indices in the array.
>
> Any thoughts?
>
> --
> Uladzislau Rezki
I see that's where the confusion began. I have a better picture of
the situation. Will post my questions in the RFC soon.
On Tue, Mar 17, 2026 at 01:47:33PM +0530, Shivam Kalra wrote: > Extract the page-freeing loop and NR_VMALLOC stat accounting from > vfree() into a reusable vm_area_free_pages() helper. The helper operates > on a range [start, end) of pages from a vm_struct, making it suitable > for both full free (vfree) and partial free (upcoming vrealloc shrink). > > Freed page pointers in vm->pages[] are set to NULL to prevent stale > references when the vm_struct outlives the free (as in vrealloc shrink). > > Signed-off-by: Shivam Kalra <shivamkalra98@zohomail.in> Reviewed-by: Alice Ryhl <aliceryhl@google.com>
© 2016 - 2026 Red Hat, Inc.