From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C49B2C83F1A for ; Mon, 21 Jul 2025 08:15:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5640B6B008A; Mon, 21 Jul 2025 04:15:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 515026B008C; Mon, 21 Jul 2025 04:15:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 42A8B6B0093; Mon, 21 Jul 2025 04:15:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 2F7EA6B008A for ; Mon, 21 Jul 2025 04:15:36 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id A8E798066A for ; Mon, 21 Jul 2025 08:15:35 +0000 (UTC) X-FDA: 83687562630.09.A486FE1 Received: from szxga06-in.huawei.com (szxga06-in.huawei.com [45.249.212.32]) by imf02.hostedemail.com (Postfix) with ESMTP id EB5C480008 for ; Mon, 21 Jul 2025 08:15:32 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=none; spf=pass (imf02.hostedemail.com: domain of tujinjiang@huawei.com designates 45.249.212.32 as permitted sender) smtp.mailfrom=tujinjiang@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1753085734; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=UZfi3XxD6j1BmfqCFpkrzrN2or5JtHDQe6+xizsdfIs=; b=w3g31uvI9QUE/b5uSOHrVAKQY8UPcU32KIbATuxRF5nioywyoy9mfDifQ4bYp967M/jvI+ x/wS1Rzs+Sn8vdCEu/G2OxYx22QKDLmIrZyTeYPPKXOw8yYu2SOjPcE4StuGFaeL1V1IIS 8r9N5DGBoRQSQgzU5zo5LtiE3sAhru8= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=none; spf=pass (imf02.hostedemail.com: domain of tujinjiang@huawei.com designates 45.249.212.32 as permitted sender) smtp.mailfrom=tujinjiang@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1753085734; a=rsa-sha256; cv=none; b=7ua7BkCa4LLjd6pX3f7ec2Ypnh39xqJNKq6Pl/vf3eE29eRqmRQxAm93L+bX1fjon6uXCk yLm1NXzwYkXe2IYFFjc8NvKfbmRsIU67EqGOKpcx54cr3Fg81VZ69UWYlH4LynexZ55HIq dafjWxLWyUmKPGkyhfBbCEW/X2+iKl0= Received: from mail.maildlp.com (unknown [172.19.162.112]) by szxga06-in.huawei.com (SkyGuard) with ESMTP id 4bltXD1ps4z27j3K; Mon, 21 Jul 2025 16:16:28 +0800 (CST) Received: from kwepemo200002.china.huawei.com (unknown [7.202.195.209]) by mail.maildlp.com (Postfix) with ESMTPS id 5C7FD1400D4; Mon, 21 Jul 2025 16:15:28 +0800 (CST) Received: from huawei.com (10.175.124.71) by kwepemo200002.china.huawei.com (7.202.195.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Mon, 21 Jul 2025 16:15:27 +0800 From: Jinjiang Tu To: , , , , , , , , , , , , , , , CC: , , Subject: [PATCH] smaps: fix BUG_ON in smaps_hugetlb_range Date: Mon, 21 Jul 2025 16:14:43 +0800 Message-ID: <20250721081444.277183-1-tujinjiang@huawei.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.175.124.71] X-ClientProxiedBy: kwepems500001.china.huawei.com (7.221.188.70) To kwepemo200002.china.huawei.com (7.202.195.209) X-Stat-Signature: aigst5kn5wno3bz71fbdmcnuqcae97pf X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: EB5C480008 X-Rspam-User: X-HE-Tag: 1753085732-415161 X-HE-Meta: U2FsdGVkX19B99PbSbW97U+aNdeXABFmtITombnhZBJqypRkwzbbXIOjEJiYWkIw8Fc6BkjBuNGckMH1dP2NcBbuoif9BDwzaQu6aBs3sWuwiOhbIThfUHg4XmYLIQy6FhQF7P+LekR43OjZ0CkEqjVLs+FhZG3XfAK/Tu+giYpAK8//zTrgqPOIhm25gnQjNrT8OFpT1iENPiWidEEVxSk0UqsfVdE/90vLKRw6HXtALJx46uJDlJGdVPHJC09tqd7YktOAk4iitbP4jXrtB/PsoGD901UCP/g9Z4WsO8LDrkcc9fmO3NddFVe9brnzt7NqfjXNMEWEyd5pYAI5Yp6sf0wHX/8/suSQ1hRC6+qIRGYc4FPz9gZslrAtkdE26QPS0AZseMWt5JVeC9Njz7imhEykwytawkjjpmaBDYOfghvhJdnCHx0uPLCMiM+cW/pp24qVvHlMIQfnrDkECQnG1tb88z1BKnL02An3iUzw7Gy4e/QK+s3ORBApZ4m0lWNB47IwX0KqMKckymzUnqBtZVxpcp4R9BL0ZlUlT1LuUR43W9HqFI24S43GNaVrMX7kVa45r7RQ/MvOpLdp3QY2UsNFpg60LBVhVdkopgZuVMIp7ZrMAXsW1Hay32P4im4U8CPjrhccPlA+FfjltY40aTMaavA+GHRXWG00fEmUFT2zaLj5dT7COAHsHFtPu/EtK3ekk8XDVQbFYttsdIqICqTT6tIdVD6wJbmkuAj0SfwOpOTWkF70JhUhxym4QgVgNDShkt+mVes1zrLu2rNXwrPUBODAkKepT6hNSL3ACYS1vYO0joQXt7hOZUgCcxBwPBF9fP5UHXsFllw4TpiahYrrSYmRWUa6qRl0TnbqPhZ1VmsUrbU6jQ0e6o70OlUE+8ZkptKigbxF73uqzP5EJlw4JOC4l0ojSQ02x4MR4QWWRucc6DLZGXARTEndx5014wksGNz2j9VX54L /ImIw/nh mdcEXLgVJtN/1JqME03bafRgQinyAUiTe6NxzdlqtusGQZ8ZNmEw0ZzB+CN/GUyhyBIWK X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: smaps_hugetlb_range() handles the pte without holdling ptl, and may be concurrenct with migration, leaing to BUG_ON in pfn_swap_entry_to_page(). The race is as follows. smaps_hugetlb_range migrate_pages huge_ptep_get remove_migration_ptes folio_unlock pfn_swap_entry_folio BUG_ON To fix it, hold ptl lock in smaps_hugetlb_range(). Fixes: 25ee01a2fca0 ("mm: hugetlb: proc: add hugetlb-related fields to /proc/PID/smaps") Signed-off-by: Jinjiang Tu --- fs/proc/task_mmu.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 751479eb128f..0102ab3aaec1 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -1020,10 +1020,13 @@ static int smaps_hugetlb_range(pte_t *pte, unsigned long hmask, { struct mem_size_stats *mss = walk->private; struct vm_area_struct *vma = walk->vma; - pte_t ptent = huge_ptep_get(walk->mm, addr, pte); struct folio *folio = NULL; bool present = false; + spinlock_t *ptl; + pte_t ptent; + ptl = huge_pte_lock(hstate_vma(vma), walk->mm, pte); + ptent = huge_ptep_get(walk->mm, addr, pte); if (pte_present(ptent)) { folio = page_folio(pte_page(ptent)); present = true; @@ -1042,6 +1045,7 @@ static int smaps_hugetlb_range(pte_t *pte, unsigned long hmask, else mss->private_hugetlb += huge_page_size(hstate_vma(vma)); } + spin_unlock(ptl); return 0; } #else -- 2.43.0