[PATCH 1/1] mm/ksm: fix spurious soft-dirty bit on zero-filled page merging

[PATCH 1/1] mm/ksm: fix spurious soft-dirty bit on zero-filled page merging

[Lance Yang]

From: Lance Yang <lance.yang@linux.dev>

When KSM merges a zero-filled page with the shared zeropage, it uses
pte_mkdirty() to mark the new PTE for internal accounting. However,
pte_mkdirty() unconditionally sets both the hardware dirty bit and the
soft-dirty bit.

This behavior causes false positives in userspace tools like CRIU that
rely on the soft-dirty mechanism for tracking memory changes.

So, preserve the correct state by reading the old PTE under the page
table lock and explicitly clearing the soft-dirty bit from the new PTE
if the original was not soft-dirty.

Fixes: 79271476b336 ("ksm: support unsharing KSM-placed zero pages")
Signed-off-by: Lance Yang <lance.yang@linux.dev>
---
 mm/ksm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mm/ksm.c b/mm/ksm.c
index 04019a15b25d..e34516b8fbe4 100644
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -1403,6 +1403,9 @@ static int replace_page(struct vm_area_struct *vma, struct page *page,
 		 * the dirty bit in zero page's PTE is set.
 		 */
 		newpte = pte_mkdirty(pte_mkspecial(pfn_pte(page_to_pfn(kpage), vma->vm_page_prot)));
+		if (!pte_soft_dirty(ptep_get(ptep)))
+			newpte = pte_clear_soft_dirty(newpte);
+
 		ksm_map_zero_page(mm);
 		/*
 		 * We're replacing an anonymous page with a zero page, which is
-- 
2.49.0

Re: [PATCH 1/1] mm/ksm: fix spurious soft-dirty bit on zero-filled page merging

[David Hildenbrand]

On 28.09.25 06:52, Lance Yang wrote:
> From: Lance Yang <lance.yang@linux.dev>
> 
> When KSM merges a zero-filled page with the shared zeropage, it uses
> pte_mkdirty() to mark the new PTE for internal accounting. However,
> pte_mkdirty() unconditionally sets both the hardware dirty bit and the
> soft-dirty bit.
> 

Right, that's one think we should clean up at one point.

> This behavior causes false positives in userspace tools like CRIU that
> rely on the soft-dirty mechanism for tracking memory changes.

IIRC, false positives are not a problem. We get them all of the time 
when merging VMAs etc.

So I am not sure if this here is really worth fixing. Soft-dirty is not, 
and never will be false-positive free.

-- 
Cheers

David / dhildenb

Re: [PATCH 1/1] mm/ksm: fix spurious soft-dirty bit on zero-filled page merging

[Lance Yang]

On 2025/9/29 16:25, David Hildenbrand wrote:
> On 28.09.25 06:52, Lance Yang wrote:
>> From: Lance Yang <lance.yang@linux.dev>
>>
>> When KSM merges a zero-filled page with the shared zeropage, it uses
>> pte_mkdirty() to mark the new PTE for internal accounting. However,
>> pte_mkdirty() unconditionally sets both the hardware dirty bit and the
>> soft-dirty bit.
>>
> 
> Right, that's one think we should clean up at one point.

Got it. I’ll take a look when I get a chance ;)

> 
>> This behavior causes false positives in userspace tools like CRIU that
>> rely on the soft-dirty mechanism for tracking memory changes.
> 
> IIRC, false positives are not a problem. We get them all of the time 
> when merging VMAs etc.

Right, Indeed.

> So I am not sure if this here is really worth fixing. Soft-dirty is not, 
> and never will be false-positive free.

Makes sense to me. It doesn’t seem worth the trouble to fix. Let’s go 
ahead and drop it.

Thanks,
Lance

Re: [PATCH 1/1] mm/ksm: fix spurious soft-dirty bit on zero-filled page merging

[David Hildenbrand]

On 29.09.25 12:08, Lance Yang wrote:
> 
> 
> On 2025/9/29 16:25, David Hildenbrand wrote:
>> On 28.09.25 06:52, Lance Yang wrote:
>>> From: Lance Yang <lance.yang@linux.dev>
>>>
>>> When KSM merges a zero-filled page with the shared zeropage, it uses
>>> pte_mkdirty() to mark the new PTE for internal accounting. However,
>>> pte_mkdirty() unconditionally sets both the hardware dirty bit and the
>>> soft-dirty bit.
>>>
>>
>> Right, that's one think we should clean up at one point.
> 
> Got it. I’ll take a look when I get a chance ;)
> 
>>
>>> This behavior causes false positives in userspace tools like CRIU that
>>> rely on the soft-dirty mechanism for tracking memory changes.
>>
>> IIRC, false positives are not a problem. We get them all of the time
>> when merging VMAs etc.
> 
> Right, Indeed.
> 
>> So I am not sure if this here is really worth fixing. Soft-dirty is not,
>> and never will be false-positive free.
> 
> Makes sense to me. It doesn’t seem worth the trouble to fix. Let’s go
> ahead and drop it.

Yeah, I would prefer if we can just decouple soft-dirty from dirty 
handling at some point. I recall I had a use case around 
PageAnonExclusive at some point.

-- 
Cheers

David / dhildenb

Re: [PATCH 1/1] mm/ksm: fix spurious soft-dirty bit on zero-filled page merging

[Lance Yang]

On 2025/9/30 15:32, David Hildenbrand wrote:
> On 29.09.25 12:08, Lance Yang wrote:
>>
>>
>> On 2025/9/29 16:25, David Hildenbrand wrote:
>>> On 28.09.25 06:52, Lance Yang wrote:
>>>> From: Lance Yang <lance.yang@linux.dev>
>>>>
>>>> When KSM merges a zero-filled page with the shared zeropage, it uses
>>>> pte_mkdirty() to mark the new PTE for internal accounting. However,
>>>> pte_mkdirty() unconditionally sets both the hardware dirty bit and the
>>>> soft-dirty bit.
>>>>
>>>
>>> Right, that's one think we should clean up at one point.
>>
>> Got it. I’ll take a look when I get a chance ;)
>>
>>>
>>>> This behavior causes false positives in userspace tools like CRIU that
>>>> rely on the soft-dirty mechanism for tracking memory changes.
>>>
>>> IIRC, false positives are not a problem. We get them all of the time
>>> when merging VMAs etc.
>>
>> Right, Indeed.
>>
>>> So I am not sure if this here is really worth fixing. Soft-dirty is not,
>>> and never will be false-positive free.
>>
>> Makes sense to me. It doesn’t seem worth the trouble to fix. Let’s go
>> ahead and drop it.
> 
> Yeah, I would prefer if we can just decouple soft-dirty from dirty 
> handling at some point. I recall I had a use case around 
> PageAnonExclusive at some point.

Cool. I'll give it a try ;)