* [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
@ 2025-11-05 16:29 Zi Yan
2025-11-05 16:31 ` David Hildenbrand (Red Hat)
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Zi Yan @ 2025-11-05 16:29 UTC (permalink / raw)
To: Andrew Morton, David Hildenbrand, Wei Yang
Cc: Lorenzo Stoakes, Zi Yan, Baolin Wang, Liam R. Howlett,
Nico Pache, Ryan Roberts, Dev Jain, Barry Song, Lance Yang,
linux-mm, linux-kernel, stable
Both uniform and non uniform split check missed the check to prevent
splitting anon folios in swapcache to non-zero order. Fix the check.
Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
Cc: stable@vger.kernel.org
Signed-off-by: Zi Yan <ziy@nvidia.com>
---
mm/huge_memory.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 36fc4ff002c9..595811c78f42 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -3674,7 +3674,8 @@ bool non_uniform_split_supported(struct folio *folio, unsigned int new_order,
/* order-1 is not supported for anonymous THP. */
VM_WARN_ONCE(warns && new_order == 1,
"Cannot split to order-1 folio");
- return new_order != 1;
+ if (new_order == 1)
+ return false;
} else if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) &&
!mapping_large_folio_support(folio->mapping)) {
/*
@@ -3705,7 +3706,8 @@ bool uniform_split_supported(struct folio *folio, unsigned int new_order,
if (folio_test_anon(folio)) {
VM_WARN_ONCE(warns && new_order == 1,
"Cannot split to order-1 folio");
- return new_order != 1;
+ if (new_order == 1)
+ return false;
} else if (new_order) {
if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) &&
!mapping_large_folio_support(folio->mapping)) {
--
2.51.0
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
2025-11-05 16:29 [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache Zi Yan
@ 2025-11-05 16:31 ` David Hildenbrand (Red Hat)
2025-11-05 23:57 ` Andrew Morton
2025-11-06 1:44 ` Wei Yang
2 siblings, 0 replies; 5+ messages in thread
From: David Hildenbrand (Red Hat) @ 2025-11-05 16:31 UTC (permalink / raw)
To: Zi Yan, Andrew Morton, Wei Yang
Cc: Lorenzo Stoakes, Baolin Wang, Liam R. Howlett, Nico Pache,
Ryan Roberts, Dev Jain, Barry Song, Lance Yang, linux-mm,
linux-kernel, stable
On 05.11.25 17:29, Zi Yan wrote:
Nit: drop trailing "." in subject.
I'm sure Andrew can fix that up :)
> Both uniform and non uniform split check missed the check to prevent
> splitting anon folios in swapcache to non-zero order. Fix the check.
>
> Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
> Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
> Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
> Cc: stable@vger.kernel.org
> Signed-off-by: Zi Yan <ziy@nvidia.com>
> ---
Thanks!
Acked-by: David Hildenbrand (Red Hat) <david@kernel.org>
--
Cheers
David
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
2025-11-05 16:29 [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache Zi Yan
2025-11-05 16:31 ` David Hildenbrand (Red Hat)
@ 2025-11-05 23:57 ` Andrew Morton
2025-11-06 0:19 ` Zi Yan
2025-11-06 1:44 ` Wei Yang
2 siblings, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2025-11-05 23:57 UTC (permalink / raw)
To: Zi Yan
Cc: David Hildenbrand, Wei Yang, Lorenzo Stoakes, Baolin Wang,
Liam R. Howlett, Nico Pache, Ryan Roberts, Dev Jain, Barry Song,
Lance Yang, linux-mm, linux-kernel, stable
On Wed, 5 Nov 2025 11:29:10 -0500 Zi Yan <ziy@nvidia.com> wrote:
> Both uniform and non uniform split check missed the check to prevent
> splitting anon folios in swapcache to non-zero order. Fix the check.
Please describe the possible userspace-visible effects of the bug
especially when proposing a -stable backport.
> Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
> Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
> Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
I was hopeful, but that's "from code inspection".
> Cc: stable@vger.kernel.org
> Signed-off-by: Zi Yan <ziy@nvidia.com>
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
2025-11-05 23:57 ` Andrew Morton
@ 2025-11-06 0:19 ` Zi Yan
0 siblings, 0 replies; 5+ messages in thread
From: Zi Yan @ 2025-11-06 0:19 UTC (permalink / raw)
To: Andrew Morton
Cc: David Hildenbrand, Wei Yang, Lorenzo Stoakes, Baolin Wang,
Liam R. Howlett, Nico Pache, Ryan Roberts, Dev Jain, Barry Song,
Lance Yang, linux-mm, linux-kernel, stable
On 5 Nov 2025, at 18:57, Andrew Morton wrote:
> On Wed, 5 Nov 2025 11:29:10 -0500 Zi Yan <ziy@nvidia.com> wrote:
>
>> Both uniform and non uniform split check missed the check to prevent
>> splitting anon folios in swapcache to non-zero order. Fix the check.
>
> Please describe the possible userspace-visible effects of the bug
> especially when proposing a -stable backport.
Splitting anon folios in swapcache to non-zero order can cause data
corruption since swapcache only support PMD order and order-0 entries.
This can happen when one use split_huge_pages under debugfs to split
anon folios in swapcache.
>
>> Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
>> Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
>> Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
>
> I was hopeful, but that's "from code inspection".
In-tree callers do not perform such an illegal operation. Only debugfs
interface could trigger it. I will put adding a test case on my TODO
list.
>
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Zi Yan <ziy@nvidia.com>
Best Regards,
Yan, Zi
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
2025-11-05 16:29 [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache Zi Yan
2025-11-05 16:31 ` David Hildenbrand (Red Hat)
2025-11-05 23:57 ` Andrew Morton
@ 2025-11-06 1:44 ` Wei Yang
2 siblings, 0 replies; 5+ messages in thread
From: Wei Yang @ 2025-11-06 1:44 UTC (permalink / raw)
To: Zi Yan
Cc: Andrew Morton, David Hildenbrand, Wei Yang, Lorenzo Stoakes,
Baolin Wang, Liam R. Howlett, Nico Pache, Ryan Roberts, Dev Jain,
Barry Song, Lance Yang, linux-mm, linux-kernel, stable
On Wed, Nov 05, 2025 at 11:29:10AM -0500, Zi Yan wrote:
>Both uniform and non uniform split check missed the check to prevent
>splitting anon folios in swapcache to non-zero order. Fix the check.
>
>Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
>Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
>Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
>Cc: stable@vger.kernel.org
>Signed-off-by: Zi Yan <ziy@nvidia.com>
Reviewed-by: Wei Yang <richard.weiyang@gmail.com>
--
Wei Yang
Help you, Help me
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-11-06 1:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-05 16:29 [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache Zi Yan
2025-11-05 16:31 ` David Hildenbrand (Red Hat)
2025-11-05 23:57 ` Andrew Morton
2025-11-06 0:19 ` Zi Yan
2025-11-06 1:44 ` Wei Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox