* [PATCH] mm/migrate_device: fix double unlock and remove dead code @ 2026-04-13 13:09 Sunny Patel 2026-04-13 19:38 ` David Hildenbrand (Arm) 2026-04-13 23:30 ` Matthew Brost 0 siblings, 2 replies; 8+ messages in thread From: Sunny Patel @ 2026-04-13 13:09 UTC (permalink / raw) To: Andrew Morton, David Hildenbrand Cc: Zi Yan, Matthew Brost, Joshua Hahn, Rakie Kim, Byungchul Park, Gregory Price, Ying Huang, Alistair Popple, linux-mm, linux-kernel, Sunny Patel Fix two bugs in device migration paths: 1) migrate_vma_collect_huge_pmd() calls spin_unlock after softleaf_entry_wait_on_locked(), which already releases the ptl. 2) migrate_vma_insert_huge_pmd_page() has a dead else-if branch and this branch is always unreachable. Signed-off-by: Sunny Patel <nueralspacetech@gmail.com> --- mm/migrate_device.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/mm/migrate_device.c b/mm/migrate_device.c index 8079676c8f1f..0e005c26ee88 100644 --- a/mm/migrate_device.c +++ b/mm/migrate_device.c @@ -177,7 +177,6 @@ static int migrate_vma_collect_huge_pmd(pmd_t *pmdp, unsigned long start, if (softleaf_is_migration(entry)) { softleaf_entry_wait_on_locked(entry, ptl); - spin_unlock(ptl); return -EAGAIN; } @@ -869,8 +868,7 @@ static int migrate_vma_insert_huge_pmd_page(struct migrate_vma *migrate, if (!is_huge_zero_pmd(*pmdp)) goto unlock_abort; flush = true; - } else if (!pmd_none(*pmdp)) - goto unlock_abort; + } add_mm_counter(vma->vm_mm, MM_ANONPAGES, HPAGE_PMD_NR); folio_add_new_anon_rmap(folio, vma, addr, RMAP_EXCLUSIVE); -- 2.43.0 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm/migrate_device: fix double unlock and remove dead code 2026-04-13 13:09 [PATCH] mm/migrate_device: fix double unlock and remove dead code Sunny Patel @ 2026-04-13 19:38 ` David Hildenbrand (Arm) 2026-04-13 20:03 ` Zi Yan 2026-04-13 22:21 ` Sunny Patel 2026-04-13 23:30 ` Matthew Brost 1 sibling, 2 replies; 8+ messages in thread From: David Hildenbrand (Arm) @ 2026-04-13 19:38 UTC (permalink / raw) To: Sunny Patel, Andrew Morton Cc: Zi Yan, Matthew Brost, Joshua Hahn, Rakie Kim, Byungchul Park, Gregory Price, Ying Huang, Alistair Popple, linux-mm, linux-kernel, Balbir Singh On 4/13/26 15:09, Sunny Patel wrote: > Fix two bugs in device migration paths: > > 1) migrate_vma_collect_huge_pmd() calls spin_unlock after > softleaf_entry_wait_on_locked(), which already releases the ptl. > > 2) migrate_vma_insert_huge_pmd_page() has a dead else-if branch and this > branch is always unreachable. > Can you move 1) into a separate patch, add a Fixes: tag an CC stable? I think it is Fixes: a30b48bf1b24 ("mm/migrate_device: implement THP migration of zone device pages") 2) will then be a pure cleanup patch. Thanks! > Signed-off-by: Sunny Patel <nueralspacetech@gmail.com> > --- > mm/migrate_device.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/mm/migrate_device.c b/mm/migrate_device.c > index 8079676c8f1f..0e005c26ee88 100644 > --- a/mm/migrate_device.c > +++ b/mm/migrate_device.c > @@ -177,7 +177,6 @@ static int migrate_vma_collect_huge_pmd(pmd_t *pmdp, unsigned long start, > > if (softleaf_is_migration(entry)) { > softleaf_entry_wait_on_locked(entry, ptl); > - spin_unlock(ptl); Yes, that looks correct to me. > return -EAGAIN; > } > > @@ -869,8 +868,7 @@ static int migrate_vma_insert_huge_pmd_page(struct migrate_vma *migrate, > if (!is_huge_zero_pmd(*pmdp)) > goto unlock_abort; > flush = true; > - } else if (!pmd_none(*pmdp)) > - goto unlock_abort; > + } Huh, how did that happen. I hope that it's not a typo and we wanted to check for something else. -- Cheers, David ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm/migrate_device: fix double unlock and remove dead code 2026-04-13 19:38 ` David Hildenbrand (Arm) @ 2026-04-13 20:03 ` Zi Yan 2026-04-14 9:51 ` David Hildenbrand (Arm) 2026-04-13 22:21 ` Sunny Patel 1 sibling, 1 reply; 8+ messages in thread From: Zi Yan @ 2026-04-13 20:03 UTC (permalink / raw) To: David Hildenbrand (Arm) Cc: Sunny Patel, Andrew Morton, Matthew Brost, Joshua Hahn, Rakie Kim, Byungchul Park, Gregory Price, Ying Huang, Alistair Popple, linux-mm, linux-kernel, Balbir Singh On 13 Apr 2026, at 15:38, David Hildenbrand (Arm) wrote: > On 4/13/26 15:09, Sunny Patel wrote: >> Fix two bugs in device migration paths: >> >> 1) migrate_vma_collect_huge_pmd() calls spin_unlock after >> softleaf_entry_wait_on_locked(), which already releases the ptl. >> >> 2) migrate_vma_insert_huge_pmd_page() has a dead else-if branch and this >> branch is always unreachable. >> > > Can you move 1) into a separate patch, add a Fixes: tag an CC stable? > > I think it is > > Fixes: a30b48bf1b24 ("mm/migrate_device: implement THP migration of zone > device pages") > > 2) will then be a pure cleanup patch. > > Thanks! > >> Signed-off-by: Sunny Patel <nueralspacetech@gmail.com> >> --- >> mm/migrate_device.c | 4 +--- >> 1 file changed, 1 insertion(+), 3 deletions(-) >> >> diff --git a/mm/migrate_device.c b/mm/migrate_device.c >> index 8079676c8f1f..0e005c26ee88 100644 >> --- a/mm/migrate_device.c >> +++ b/mm/migrate_device.c >> @@ -177,7 +177,6 @@ static int migrate_vma_collect_huge_pmd(pmd_t *pmdp, unsigned long start, >> >> if (softleaf_is_migration(entry)) { >> softleaf_entry_wait_on_locked(entry, ptl); >> - spin_unlock(ptl); > > > Yes, that looks correct to me. > >> return -EAGAIN; >> } >> >> @@ -869,8 +868,7 @@ static int migrate_vma_insert_huge_pmd_page(struct migrate_vma *migrate, >> if (!is_huge_zero_pmd(*pmdp)) >> goto unlock_abort; >> flush = true; >> - } else if (!pmd_none(*pmdp)) >> - goto unlock_abort; >> + } > > Huh, how did that happen. I hope that it's not a typo and we wanted to > check for something else. > Looking at the function and trying to figure this out, but find VM_WARN_ON_FOLIO(!folio, folio) at the top, where folio is from page_folio(page). It is either a nop or a zero dereferencing. It should be removed. VM_WARN_ON_ONCE(!pmd_none(*pmdp) && !is_huge_zero_pmd(*pmdp)) can be removed too, since the above ifs takes !pmd_none(*pmdp) && !is_huge_zero_pmd(*pmdp) to unlock_abort. Back to the above code: if (!pmd_none(*pmdp)) { if (!is_huge_zero_pmd(*pmdp)) goto unlock_abort; flush = true; } else if (!pmd_none(*pmdp)) goto unlock_abort; It seems to me that the first if should be removed, since if pmdp is not pmd_none(), others filled pmd entry before us, so no further action should be taken, otherwise, the function will overwrite some valid pmd entry. OK, look at migrate_vma_insert_page(), which does PTE level work, the above code might be intended to do: if (pmd_present(*pmdp)) { if (!is_huge_zero_pmd(*pmdp)) goto unlock_abort; flush = true; } else if (!pmd_none(*pmdp)) goto unlock_abort; Best Regards, Yan, Zi ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm/migrate_device: fix double unlock and remove dead code 2026-04-13 20:03 ` Zi Yan @ 2026-04-14 9:51 ` David Hildenbrand (Arm) 2026-04-14 14:21 ` Sunny Patel 0 siblings, 1 reply; 8+ messages in thread From: David Hildenbrand (Arm) @ 2026-04-14 9:51 UTC (permalink / raw) To: Zi Yan Cc: Sunny Patel, Andrew Morton, Matthew Brost, Joshua Hahn, Rakie Kim, Byungchul Park, Gregory Price, Ying Huang, Alistair Popple, linux-mm, linux-kernel, Balbir Singh On 4/13/26 22:03, Zi Yan wrote: > On 13 Apr 2026, at 15:38, David Hildenbrand (Arm) wrote: > >> On 4/13/26 15:09, Sunny Patel wrote: >>> Fix two bugs in device migration paths: >>> >>> 1) migrate_vma_collect_huge_pmd() calls spin_unlock after >>> softleaf_entry_wait_on_locked(), which already releases the ptl. >>> >>> 2) migrate_vma_insert_huge_pmd_page() has a dead else-if branch and this >>> branch is always unreachable. >>> >> >> Can you move 1) into a separate patch, add a Fixes: tag an CC stable? >> >> I think it is >> >> Fixes: a30b48bf1b24 ("mm/migrate_device: implement THP migration of zone >> device pages") >> >> 2) will then be a pure cleanup patch. >> >> Thanks! >> >>> Signed-off-by: Sunny Patel <nueralspacetech@gmail.com> >>> --- >>> mm/migrate_device.c | 4 +--- >>> 1 file changed, 1 insertion(+), 3 deletions(-) >>> >>> diff --git a/mm/migrate_device.c b/mm/migrate_device.c >>> index 8079676c8f1f..0e005c26ee88 100644 >>> --- a/mm/migrate_device.c >>> +++ b/mm/migrate_device.c >>> @@ -177,7 +177,6 @@ static int migrate_vma_collect_huge_pmd(pmd_t *pmdp, unsigned long start, >>> >>> if (softleaf_is_migration(entry)) { >>> softleaf_entry_wait_on_locked(entry, ptl); >>> - spin_unlock(ptl); >> >> >> Yes, that looks correct to me. >> >>> return -EAGAIN; >>> } >>> >>> @@ -869,8 +868,7 @@ static int migrate_vma_insert_huge_pmd_page(struct migrate_vma *migrate, >>> if (!is_huge_zero_pmd(*pmdp)) >>> goto unlock_abort; >>> flush = true; >>> - } else if (!pmd_none(*pmdp)) >>> - goto unlock_abort; >>> + } >> >> Huh, how did that happen. I hope that it's not a typo and we wanted to >> check for something else. >> > > > Looking at the function and trying to figure this out, but find > VM_WARN_ON_FOLIO(!folio, folio) at the top, where folio is from page_folio(page). > It is either a nop or a zero dereferencing. It should be removed. Heh, VM_WARN_ON_FOLIO(!folio, folio) itself is completely odd. Dump NULL if NULL. Agreed that this should be removed. Or replaced by a VM_WARN_ON_ONCE(page); > > VM_WARN_ON_ONCE(!pmd_none(*pmdp) && !is_huge_zero_pmd(*pmdp)) can be removed > too, since the above ifs takes !pmd_none(*pmdp) && !is_huge_zero_pmd(*pmdp) > to unlock_abort. Right, and if that's an unexpected case, we should warn on that path instead. Like if (WARN_ON_ONCE(!is_huge_zero_pmd(*pmdp))) goto unlock_abort; > > Back to the above code: > > if (!pmd_none(*pmdp)) { > if (!is_huge_zero_pmd(*pmdp)) > goto unlock_abort; > flush = true; > } else if (!pmd_none(*pmdp)) > goto unlock_abort; > > It seems to me that the first if should be removed, since if pmdp is > not pmd_none(), others filled pmd entry before us, so no further > action should be taken, otherwise, the function will overwrite > some valid pmd entry. > > OK, look at migrate_vma_insert_page(), which does PTE level work, > the above code might be intended to do: > > if (pmd_present(*pmdp)) { > if (!is_huge_zero_pmd(*pmdp)) > goto unlock_abort; > flush = true; > } else if (!pmd_none(*pmdp)) > goto unlock_abort; Agreed, that makes more sense. Thanks! -- Cheers, David ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm/migrate_device: fix double unlock and remove dead code 2026-04-14 9:51 ` David Hildenbrand (Arm) @ 2026-04-14 14:21 ` Sunny Patel 0 siblings, 0 replies; 8+ messages in thread From: Sunny Patel @ 2026-04-14 14:21 UTC (permalink / raw) To: david Cc: akpm, apopple, balbirs, byungchul, gourry, joshua.hahnjy, linux-kernel, linux-mm, matthew.brost, nueralspacetech, rakie.kim, ying.huang, ziy Please refer to below new cleanup Patch as discussed. https://lore.kernel.org/linux-mm/20260414141344.29949-1-nueralspacetech@gmail.com/T/#u Thanks, Sunny Patel ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm/migrate_device: fix double unlock and remove dead code 2026-04-13 19:38 ` David Hildenbrand (Arm) 2026-04-13 20:03 ` Zi Yan @ 2026-04-13 22:21 ` Sunny Patel 1 sibling, 0 replies; 8+ messages in thread From: Sunny Patel @ 2026-04-13 22:21 UTC (permalink / raw) To: David Hildenbrand Cc: Zi Yan, Matthew Brost, Joshua Hahn, Rakie Kim, Byungchul Park, Gregory Price, Ying Huang, Alistair Popple, Balbir Singh, linux-mm, linux-kernel, Andrew Morton On Mon, 13 Apr 2026 15:09:00 +0000, David Hildenbrand wrote: > Can you move 1) into a separate patch, add a Fixes: tag and CC stable? > I think it is > Fixes: a30b48bf1b24 ("mm/migrate_device: implement THP migration of > zone device pages") Agreed, and please refer below link for new patch https://lore.kernel.org/linux-mm/20260413211559.20969-1-nueralspacetech@gmail.com/T/#u > 2) will then be a pure cleanup patch. Will send cleanup patch shortly. Thanks, Sunny Patel ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm/migrate_device: fix double unlock and remove dead code 2026-04-13 13:09 [PATCH] mm/migrate_device: fix double unlock and remove dead code Sunny Patel 2026-04-13 19:38 ` David Hildenbrand (Arm) @ 2026-04-13 23:30 ` Matthew Brost 2026-04-14 9:46 ` David Hildenbrand (Arm) 1 sibling, 1 reply; 8+ messages in thread From: Matthew Brost @ 2026-04-13 23:30 UTC (permalink / raw) To: Sunny Patel Cc: Andrew Morton, David Hildenbrand, Zi Yan, Joshua Hahn, Rakie Kim, Byungchul Park, Gregory Price, Ying Huang, Alistair Popple, linux-mm, linux-kernel On Mon, Apr 13, 2026 at 06:39:23PM +0530, Sunny Patel wrote: > Fix two bugs in device migration paths: > > 1) migrate_vma_collect_huge_pmd() calls spin_unlock after > softleaf_entry_wait_on_locked(), which already releases the ptl. > > 2) migrate_vma_insert_huge_pmd_page() has a dead else-if branch and this > branch is always unreachable. > > Signed-off-by: Sunny Patel <nueralspacetech@gmail.com> > --- > mm/migrate_device.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/mm/migrate_device.c b/mm/migrate_device.c > index 8079676c8f1f..0e005c26ee88 100644 > --- a/mm/migrate_device.c > +++ b/mm/migrate_device.c > @@ -177,7 +177,6 @@ static int migrate_vma_collect_huge_pmd(pmd_t *pmdp, unsigned long start, > > if (softleaf_is_migration(entry)) { > softleaf_entry_wait_on_locked(entry, ptl); > - spin_unlock(ptl); > return -EAGAIN; > } This entire if statement is dead code, since we bail out and collect a skip on !softleaf_is_device_private immediately above. I thought we already had a patch from Davidlohr Bueso 'mm/migrate_device: remove dead migration entry check in migrate_vma_collect_huge_pmd()' that removed this whole if statement. I even have an email from Andrew pulling this patch, but it looks like the code is still present in 7.0. I found this link via a google search which contains the above patch too: https://kernel.googlesource.com/pub/scm/linux/kernel/git/akpm/25-new/+/f405e7bc5d93a541cf11663b2424baf0a03b496f%5E%21/ Look like this change got lost somehow? Matt > > @@ -869,8 +868,7 @@ static int migrate_vma_insert_huge_pmd_page(struct migrate_vma *migrate, > if (!is_huge_zero_pmd(*pmdp)) > goto unlock_abort; > flush = true; > - } else if (!pmd_none(*pmdp)) > - goto unlock_abort; > + } > > add_mm_counter(vma->vm_mm, MM_ANONPAGES, HPAGE_PMD_NR); > folio_add_new_anon_rmap(folio, vma, addr, RMAP_EXCLUSIVE); > -- > 2.43.0 > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm/migrate_device: fix double unlock and remove dead code 2026-04-13 23:30 ` Matthew Brost @ 2026-04-14 9:46 ` David Hildenbrand (Arm) 0 siblings, 0 replies; 8+ messages in thread From: David Hildenbrand (Arm) @ 2026-04-14 9:46 UTC (permalink / raw) To: Matthew Brost, Sunny Patel Cc: Andrew Morton, Zi Yan, Joshua Hahn, Rakie Kim, Byungchul Park, Gregory Price, Ying Huang, Alistair Popple, linux-mm, linux-kernel On 4/14/26 01:30, Matthew Brost wrote: > On Mon, Apr 13, 2026 at 06:39:23PM +0530, Sunny Patel wrote: >> Fix two bugs in device migration paths: >> >> 1) migrate_vma_collect_huge_pmd() calls spin_unlock after >> softleaf_entry_wait_on_locked(), which already releases the ptl. >> >> 2) migrate_vma_insert_huge_pmd_page() has a dead else-if branch and this >> branch is always unreachable. >> >> Signed-off-by: Sunny Patel <nueralspacetech@gmail.com> >> --- >> mm/migrate_device.c | 4 +--- >> 1 file changed, 1 insertion(+), 3 deletions(-) >> >> diff --git a/mm/migrate_device.c b/mm/migrate_device.c >> index 8079676c8f1f..0e005c26ee88 100644 >> --- a/mm/migrate_device.c >> +++ b/mm/migrate_device.c >> @@ -177,7 +177,6 @@ static int migrate_vma_collect_huge_pmd(pmd_t *pmdp, unsigned long start, >> >> if (softleaf_is_migration(entry)) { >> softleaf_entry_wait_on_locked(entry, ptl); >> - spin_unlock(ptl); >> return -EAGAIN; >> } > > This entire if statement is dead code, since we bail out and collect a > skip on !softleaf_is_device_private immediately above. I thought we > already had a patch from Davidlohr Bueso 'mm/migrate_device: remove dead > migration entry check in migrate_vma_collect_huge_pmd()' that removed > this whole if statement. I even have an email from Andrew pulling this > patch, but it looks like the code is still present in 7.0. > > I found this link via a google search which contains the above patch > too: > > https://kernel.googlesource.com/pub/scm/linux/kernel/git/akpm/25-new/+/f405e7bc5d93a541cf11663b2424baf0a03b496f%5E%21/ > > Look like this change got lost somehow? Oh, even better, then we don't even need a Fixes: -- Cheers, David ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2026-04-14 14:21 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2026-04-13 13:09 [PATCH] mm/migrate_device: fix double unlock and remove dead code Sunny Patel 2026-04-13 19:38 ` David Hildenbrand (Arm) 2026-04-13 20:03 ` Zi Yan 2026-04-14 9:51 ` David Hildenbrand (Arm) 2026-04-14 14:21 ` Sunny Patel 2026-04-13 22:21 ` Sunny Patel 2026-04-13 23:30 ` Matthew Brost 2026-04-14 9:46 ` David Hildenbrand (Arm)
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox