From nobody Sun Jun 14 20:22:18 2026
Received: from sender-pp-o93.zoho.in (sender-pp-o93.zoho.in [103.117.158.93])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 671A32D836D
	for <linux-kernel@vger.kernel.org>; Fri, 24 Apr 2026 09:23:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=pass smtp.client-ip=103.117.158.93
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777022628; cv=pass;
 b=m3OEMHb5soeHX7HnIlMRyKBwCqDXOyB+ZsQWRtyNORL3fe2AVKybIHgZ/v8QrSmXqutDN35WjPMNdVeuGZNg6EAJkyMLZ77d3V9ruMZ7E7Dce2OeU7X/X8Dls+JKuVAuowueM732+aIRWhoJKKp7kKCKlELJdDBRL7rpxaY11ck=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777022628; c=relaxed/simple;
	bh=6SJJ938qDJhXB0k2/tjlaODbiJ4+cR+VhofqSZhIXio=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
 b=ZhrBCd+h7GmggzlP7jDpugcqGTEp1su0wCdUAlxme0mvxoR42z6KOU/6C2KdpMYja+c/GyqXEYbYWMY1PcygRtaeizPe4uMCzbTxlcfLlOhnaTaNOicN0RqIn2TE7gvFRTFDs0FaQUlGlAyRFjR/jYUP0DbfP6a3rAi6Ayxr/xc=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=zohomail.in;
 spf=pass smtp.mailfrom=zohomail.in;
 dkim=pass (1024-bit key) header.d=zohomail.in header.i=adi.sharma@zohomail.in
 header.b=rtIERuUY; arc=pass smtp.client-ip=103.117.158.93
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=zohomail.in
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=zohomail.in
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=zohomail.in header.i=adi.sharma@zohomail.in
 header.b="rtIERuUY"
ARC-Seal: i=1; a=rsa-sha256; t=1777022598; cv=none;
	d=zohomail.in; s=zohoarc;
	b=J7DUkWFqFmqyKoeE0Du6wqO2tC6enX3KXX1ntnmPdxRTcSCoPMiWiIjlsmpQ7vQGLnTaKfhuza7iSE9Ctoco7WRW83qOAgayqmRWD2Yljmx4m9yTmxlPMr0yuWAR2H1y3B1fWjhiiQee/Hl9wciGDVjX/7kgZRtAC/ScEykyAh4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in;
 s=zohoarc;
	t=1777022598;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=tQ8JWfpO9xD8Zh3e6LE/YGI3e6p3A9zZvIzDas0gdfI=;
	b=QeC0dDVYvW6mcoZvUgHb82N8RslrOd7mHAxiiS8vDI60+8/K06t5UoOrjUJIfxcvBSni455IODZ5urXoysPaCa9+roDPu0PQikxCI2ufVbTdWrkJjZMfC30046qHmkLenh1Ir0BZQGe2S61SJldCU9UTwBDFlGeS0FFb8X6GLzg=
ARC-Authentication-Results: i=1; mx.zohomail.in;
	dkim=pass  header.i=zohomail.in;
	spf=pass  smtp.mailfrom=adi.sharma@zohomail.in;
	dmarc=pass header.from=<adi.sharma@zohomail.in>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1777022598;
	s=zoho; d=zohomail.in; i=adi.sharma@zohomail.in;
	h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:MIME-Version:Content-Transfer-Encoding:Reply-To;
	bh=tQ8JWfpO9xD8Zh3e6LE/YGI3e6p3A9zZvIzDas0gdfI=;
	b=rtIERuUYXODbqrGJ1kE7bCtGx8PPiM6SLI3/F5qaUBOZDR1INoKEGA1YgdYzaC67
	jlvQV14E/05+UASOmw85PGZTFiT6A5mg0JFQNmgRXKdiQwg25xSlNdjozzYdpX2Xpqq
	2tsmtfyzwKZj0r2EgIbOOzxnuW7qhBu6p9T8NQC8=
Received: by mx.zoho.in with SMTPS id 1777022594995823.6057481970303;
	Fri, 24 Apr 2026 14:53:14 +0530 (IST)
From: Aditya Sharma <adi.sharma@zohomail.in>
To: linux-mm@kvack.org
Cc: akpm@linux-foundation.org,
	david@kernel.org,
	ljs@kernel.org,
	Liam.Howlett@oracle.com,
	vbabka@kernel.org,
	rppt@kernel.org,
	surenb@google.com,
	mhocko@suse.com,
	linux-kernel@vger.kernel.org,
	Aditya Sharma <adi.sharma@zohomail.in>
Subject: [PATCH v4] mm/memory: update stale locking comments for fault
 handlers
Date: Fri, 24 Apr 2026 14:52:17 +0530
Message-Id: <20260424092217.263648-1-adi.sharma@zohomail.in>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
Content-Type: text/plain; charset="utf-8"

Update the comments for wp_page_copy(), do_wp_page(), do_swap_page(),
do_anonymous_page(), __do_fault(), do_fault(), handle_pte_fault(),
__handle_mm_fault(), and handle_mm_fault() to concisely clarify that
they can be entered holding either the mmap_lock or the VMA lock,
and that the lock may be released upon returning VM_FAULT_RETRY.

Additionally, make the following corrections:
- In do_anonymous_page(), correct the outdated claim that the function
  is entered with the PTE "mapped but not yet locked". Since
  handle_pte_fault() unmaps the empty PTE before routing to
  do_pte_missing(), the comment now correctly states it is entered
  with the PTE unmapped and unlocked.
- In __do_fault(), update the stale reference from __lock_page_retry()
  to __folio_lock_or_retry().

Signed-off-by: Aditya Sharma <adi.sharma@zohomail.in>
Acked-by: David Hildenbrand (Arm) <david@kernel.org>
---
v4:
- Rephrased the do_swap_page() return-lock comment to match the
  style used elsewhere in the patch (per David Hildenbrand).
- Added "(see FAULT_FLAG_VMA_LOCK)" reference to the __do_fault()
  comment for consistency (per David Hildenbrand).

v3:
- Rephrased the lock state to explicitly say "held" (e.g., "either the VMA=20
  lock or the mmap_lock held").
- Shortened the FAULT_FLAG_VMA_LOCK explanation to "(see FAULT_FLAG_VMA_LOC=
K)"=20
  across all updated comments (per David Hildenbrand).

v2:
- Simplified the comment to concisely state "either the VMA lock or=20
  the mmap_lock" instead of a verbose explanation (per David Hildenbrand).
- Expanded the scope to cover 8 other fault handlers in mm/memory.c=20
  that suffered from the same stale mmap_lock comments.
- Fixed an additional historical inaccuracy in do_anonymous_page()=20
  regarding the PTE mapping state on entry.
- Updated a stale reference in __do_fault() from __lock_page_retry()=20
  to __folio_lock_or_retry().


 mm/memory.c | 55 ++++++++++++++++++++++++++++-------------------------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/mm/memory.c b/mm/memory.c
index c65e82c86..f94e16ecc 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3742,8 +3742,8 @@ vm_fault_t __vmf_anon_prepare(struct vm_fault *vmf)
  * Handle the case of a page which we actually need to copy to a new page,
  * either due to COW or unsharing.
  *
- * Called with mmap_lock locked and the old page referenced, but
- * without the ptl held.
+ * Called with either the VMA lock or the mmap_lock held (see FAULT_FLAG_V=
MA_LOCK)
+ * and the old page referenced, but without the ptl held.
  *
  * High level logic flow:
  *
@@ -4142,9 +4142,9 @@ static bool wp_can_reuse_anon_folio(struct folio *fol=
io,
  * though the page will change only once the write actually happens. This
  * avoids a few races, and potentially makes it more efficient.
  *
- * We enter with non-exclusive mmap_lock (to exclude vma changes,
- * but allow concurrent faults), with pte both mapped and locked.
- * We return with mmap_lock still held, but pte unmapped and unlocked.
+ * We enter with either the VMA lock or the mmap_lock held (see
+ * FAULT_FLAG_VMA_LOCK) and pte both mapped and locked. We return with
+ * the same lock still held, but pte unmapped and unlocked.
  */
 static vm_fault_t do_wp_page(struct vm_fault *vmf)
 	__releases(vmf->ptl)
@@ -4696,12 +4696,12 @@ static void check_swap_exclusive(struct folio *foli=
o, swp_entry_t entry,
 }
=20
 /*
- * We enter with non-exclusive mmap_lock (to exclude vma changes,
- * but allow concurrent faults), and pte mapped but not yet locked.
+ * We enter with either the VMA lock or the mmap_lock held (see
+ * FAULT_FLAG_VMA_LOCK), and pte mapped but not yet locked.
  * We return with pte unmapped and unlocked.
  *
- * We return with the mmap_lock locked or unlocked in the same cases
- * as does filemap_fault().
+ * When returning, the lock may have been released in the same cases
+ * as done by filemap_fault().
  */
 vm_fault_t do_swap_page(struct vm_fault *vmf)
 {
@@ -5210,9 +5210,10 @@ static struct folio *alloc_anon_folio(struct vm_faul=
t *vmf)
 }
=20
 /*
- * We enter with non-exclusive mmap_lock (to exclude vma changes,
- * but allow concurrent faults), and pte mapped but not yet locked.
- * We return with mmap_lock still held, but pte unmapped and unlocked.
+ * We enter with either the VMA lock or the mmap_lock held (see
+ * FAULT_FLAG_VMA_LOCK), and pte unmapped and unlocked.
+ * We return with the lock still held, but pte unmapped and unlocked.
+ * If VM_FAULT_RETRY is returned, the lock may have been released.
  */
 static vm_fault_t do_anonymous_page(struct vm_fault *vmf)
 {
@@ -5330,9 +5331,10 @@ static vm_fault_t do_anonymous_page(struct vm_fault =
*vmf)
 }
=20
 /*
- * The mmap_lock must have been held on entry, and may have been
- * released depending on flags and vma->vm_ops->fault() return value.
- * See filemap_fault() and __lock_page_retry().
+ * Either the VMA lock or the mmap_lock must have been held on entry
+ * (see FAULT_FLAG_VMA_LOCK) and may have been released depending on
+ * flags and vma->vm_ops->fault() return value.
+ * See filemap_fault() and __folio_lock_or_retry().
  */
 static vm_fault_t __do_fault(struct vm_fault *vmf)
 {
@@ -5893,11 +5895,11 @@ static vm_fault_t do_shared_fault(struct vm_fault *=
vmf)
 }
=20
 /*
- * We enter with non-exclusive mmap_lock (to exclude vma changes,
- * but allow concurrent faults).
- * The mmap_lock may have been released depending on flags and our
+ * We enter with either the VMA lock or the mmap_lock held (see
+ * FAULT_FLAG_VMA_LOCK).
+ * The lock may have been released depending on flags and our
  * return value.  See filemap_fault() and __folio_lock_or_retry().
- * If mmap_lock is released, vma may become invalid (for example
+ * If the lock is released, vma may become invalid (for example
  * by other thread calling munmap()).
  */
 static vm_fault_t do_fault(struct vm_fault *vmf)
@@ -6264,10 +6266,11 @@ static void fix_spurious_fault(struct vm_fault *vmf,
  * with external mmu caches can use to update those (ie the Sparc or
  * PowerPC hashed page tables that act as extended TLBs).
  *
- * We enter with non-exclusive mmap_lock (to exclude vma changes, but allow
- * concurrent faults).
+ * On entry, we hold either the VMA lock or the mmap_lock
+ * (see FAULT_FLAG_VMA_LOCK).
  *
- * The mmap_lock may have been released depending on flags and our return =
value.
+ * The mmap_lock or VMA lock may have been released depending on flags
+ * and our return value.
  * See filemap_fault() and __folio_lock_or_retry().
  */
 static vm_fault_t handle_pte_fault(struct vm_fault *vmf)
@@ -6348,8 +6351,8 @@ static vm_fault_t handle_pte_fault(struct vm_fault *v=
mf)
=20
 /*
  * On entry, we hold either the VMA lock or the mmap_lock
- * (FAULT_FLAG_VMA_LOCK tells you which).  If VM_FAULT_RETRY is set in
- * the result, the mmap_lock is not held on exit.  See filemap_fault()
+ * (see FAULT_FLAG_VMA_LOCK).  If VM_FAULT_RETRY is set in
+ * the result, the lock is not held on exit.  See filemap_fault()
  * and __folio_lock_or_retry().
  */
 static vm_fault_t __handle_mm_fault(struct vm_area_struct *vma,
@@ -6581,9 +6584,9 @@ static vm_fault_t sanitize_fault_flags(struct vm_area=
_struct *vma,
=20
 /*
  * By the time we get here, we already hold either the VMA lock or the
- * mmap_lock (FAULT_FLAG_VMA_LOCK tells you which).
+ * mmap_lock (see FAULT_FLAG_VMA_LOCK).
  *
- * The mmap_lock may have been released depending on flags and our
+ * The lock may have been released depending on flags and our
  * return value.  See filemap_fault() and __folio_lock_or_retry().
  */
 vm_fault_t handle_mm_fault(struct vm_area_struct *vma, unsigned long addre=
ss,
--=20
2.34.1