From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B94F1C369AB for ; Fri, 18 Apr 2025 11:48:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DF280280005; Fri, 18 Apr 2025 07:48:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D964C6B00A7; Fri, 18 Apr 2025 07:48:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B9929280005; Fri, 18 Apr 2025 07:48:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 9A7646B00A6 for ; Fri, 18 Apr 2025 07:48:10 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 4018CC1B05 for ; Fri, 18 Apr 2025 11:48:11 +0000 (UTC) X-FDA: 83346991182.21.114F548 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2084.outbound.protection.outlook.com [40.107.92.84]) by imf27.hostedemail.com (Postfix) with ESMTP id 9109C40008 for ; Fri, 18 Apr 2025 11:48:08 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=RlYYazZ7; dmarc=pass (policy=reject) header.from=nvidia.com; spf=pass (imf27.hostedemail.com: domain of ziy@nvidia.com designates 40.107.92.84 as permitted sender) smtp.mailfrom=ziy@nvidia.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744976888; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mUrO7FNeWe59qBs9iNVOZoHW1JeCGbl7PMaKpGvjNzA=; b=4OZfZSgyOwzK+prQPQUhUbdC1rWtsSwc28nQYKW7dmNeDkVqhJXrwBykjTcDMCmIiuOg/R G5aROpPsHgwpmx3xVujh3TbvhhmyzYazfyTcYqZ48x0+OrtNAWbulq0tJwpwLdhn1Ezxes fD6eorVbGMo3hqj/GE8IofU3CGvM8ec= ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1744976888; a=rsa-sha256; cv=pass; b=oretOTTMnORO+ifxIhzOhpo5DAZa/lNDkH/T8RkkhwBwvowVyMnUy7kaRK+ySt8hN09WHL T/fOSCCkN3UlNkZDyW+ah5uc8Egv/EQ+2HnvAnxT3E4fah7zsedr18usXToNDXbuZzXSN2 az1pLiMXVPiPCPpH9/mJiT/EqcNkGYE= ARC-Authentication-Results: i=2; imf27.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=RlYYazZ7; dmarc=pass (policy=reject) header.from=nvidia.com; spf=pass (imf27.hostedemail.com: domain of ziy@nvidia.com designates 40.107.92.84 as permitted sender) smtp.mailfrom=ziy@nvidia.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=bOfn53IfE3GmZ4m4JTHU7LKCzwKlWPlvlWZJDXy+D0fhSfCTLxmlmqRoX+s1CKt1g518vzFR7Ye/tH3hkPeZpEOGR+HRtXx4mz6LmZN0bhYxOPezYMQ1d5BIvvkFx1yGhORycw5xcQk8kzNZGJDFoW222dlMOZzdPGaNwyIN1QJHAZnLirZzoKkfDb4o1g3qnzpcHSkEadzdhqZfiqPjlgZbh/cr84XDeBaNtOUMeu2cdqbJewXRsc5pLKj9k8z5MyYsNWIG+OPp92mhRveuQ3tLXP7qPMYW8xb7nkYrdCznkyfuRLelRVsg3jcVbv49gEwEOUZQtLPWo+9hOIfMdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mUrO7FNeWe59qBs9iNVOZoHW1JeCGbl7PMaKpGvjNzA=; b=o1n18VkrfcsIWv8lAgD8bJsg8Ywlz2cwIQcmSHEvU+euASHcWcwmb9Le1BIRT6u2wD0jUiwRkmXUrdzSzEwrwhxSvbXcAAmMWDLLKTYvTrn69YsfUyRA+E5+OxfSLTVid4l7KUJEEaSPwQoCxUC8s5D7kBlAjjqdZ/KgVWpS677paWflZidAKNlM3zpytO7QySX7dv4YwCOf7bM84Qi1fxUkMhosS93Zj0Nt5T2Zz9RunGKonLC5LxzJ+4G8tsXcnXUyYVQXxDWGzuO499oS3d8GbcTytOT6sN/BwQyb0X+SJJE63ebKo37WSdt/mnIuG59NJTDnACPDTORmsqj98Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mUrO7FNeWe59qBs9iNVOZoHW1JeCGbl7PMaKpGvjNzA=; b=RlYYazZ7tNr4H/orpi7gHkCB47Y+cWi05HR2un57gw5fsuiq/JSJCMqU6HSb/M9RWfSr84v4JpY52R2E13NTu/FOES3bt6Lrmi/GLPsD5EpH9lqpadn9Ld86QGybFHHhDbVwIc0j9EibFPM2bN+OBzkAL/eUIdLy3lljRkOwdbnzK3sjdDHzFCddXD9s+XChZ/2zyAs/JXhNVJDTsfriFAKdg2ozUjTDIYNydeahIKqb4N5uG7f95lZOWKkbFpnv/SDOH2IN2L7+SO88yuxqkcp9rC4TdvuQGR3sFldvdv55QMt+7uMXBgO+Gqow4xH/uy/87sKxlnD48vAz/1PWpA== Received: from DS7PR12MB9473.namprd12.prod.outlook.com (2603:10b6:8:252::5) by DS0PR12MB7851.namprd12.prod.outlook.com (2603:10b6:8:14a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8655.25; Fri, 18 Apr 2025 11:48:03 +0000 Received: from DS7PR12MB9473.namprd12.prod.outlook.com ([fe80::5189:ecec:d84a:133a]) by DS7PR12MB9473.namprd12.prod.outlook.com ([fe80::5189:ecec:d84a:133a%5]) with mapi id 15.20.8632.040; Fri, 18 Apr 2025 11:48:03 +0000 From: Zi Yan To: Gavin Guo Cc: david@redhat.com, willy@infradead.org, linmiaohe@huawei.com, hughd@google.com, revest@google.com, kernel-dev@igalia.com, linux-kernel@vger.kernel.org, stable@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org Subject: Re: [PATCH v2] mm/huge_memory: fix dereferencing invalid pmd migration entry Date: Fri, 18 Apr 2025 07:48:01 -0400 X-Mailer: MailMate (2.0r6245) Message-ID: In-Reply-To: <983ba47e-ab95-4a43-bca2-97b75c3c90d0@igalia.com> References: <20250418085802.2973519-1-gavinguo@igalia.com> <983ba47e-ab95-4a43-bca2-97b75c3c90d0@igalia.com> Content-Type: text/plain Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BL1PR13CA0379.namprd13.prod.outlook.com (2603:10b6:208:2c0::24) To DS7PR12MB9473.namprd12.prod.outlook.com (2603:10b6:8:252::5) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS7PR12MB9473:EE_|DS0PR12MB7851:EE_ X-MS-Office365-Filtering-Correlation-Id: ad68288d-ff1d-4981-f188-08dd7e6ee05a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|366016|7053199007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?SBpLzj4JFYZDhKZhxCA8pHoe+Tbt95Rkj4LZBoiKIgUhUcLcASYZc2bZEvrU?= =?us-ascii?Q?7QXWX8PwiQ7cJg1OLavQkTGbolNQjiWwP84LFnOdxMiuPiQKab2GnBoCUvd4?= =?us-ascii?Q?6Pc8DPk3kjNZ+AfpGDq2ILnvqIj7EysSp5egxgi3tB4x+RZtAgqDp9eMmgHU?= =?us-ascii?Q?p1hsAzrGb47nVM++67qLFWsANbQJJKbdxpNdCKFSbeEHfuOvZbgZhmaZJEAf?= =?us-ascii?Q?3AyXKvozsL1bU1EJafHSuQgfSl453JnKVQLNS175mrlJ/FVx8Jyi+mKp3UzU?= =?us-ascii?Q?TFF1tI3PVixtr7mv8UgVBUT4PdeHo0SusrHfaxe3+LpCk7vaefvTf4iMBx5j?= =?us-ascii?Q?5fUPbAgZCRiqKU1OmbyWbVWvmIu8dn8cQdlFeKMFMGhk5dD59rRTlh9Q0aIA?= =?us-ascii?Q?xcnNlCKiEMPDuBmXotQRslZ4uTkBibDIISoqTogEDLqD5SufU6swWVDV5CHm?= =?us-ascii?Q?uiXnrA+t7KH6hOaPZ+EQOn3Tpywneo1LT2GLCu/iE6PesD/lXpjcpJbb9VQC?= =?us-ascii?Q?W7eVyG2n71yCR5vIAma2frk8yKe7iMAnidZDcv8Cwl4vwABHLnyP76NVRvWv?= =?us-ascii?Q?oPQ+8B30tMngDM7j94/b+7h79jccF2J3zieqb4yH/R2sqc+LcRBncmNMJSHz?= =?us-ascii?Q?XLnGK+IolHGH07euGEk10C+tteXf4ZdnsjrGLrysobLPVLKmOaj0YHvdNnoX?= =?us-ascii?Q?XjKbe95w0nlNbO1nzQ3U8r9EC2FDFOH1gNwmlVMpCfemULaqSZ0mqpUh7v7E?= =?us-ascii?Q?H6zHEl/wj/i+wCS+r8ylQ7bbQp3IIxlbqsLxINHT4C59odV1qoA1tKgoq9EC?= =?us-ascii?Q?gu1dqeeBxgdH/Sq050APtqO3W/ZDtp/r8O7djT14KmNIYfiTfgSGW24VQfzN?= =?us-ascii?Q?CiwoIoh552yKdj8XxD99gWNP1dXrWyB0hceoKRxXfrg+SB4aYuzdReW5aCMK?= =?us-ascii?Q?JuxtmZVimWKIyRdp9m8I7geBlvozO1c/8sm0o6kWQju7RDAi1IJ04vAS14JY?= =?us-ascii?Q?8UqJl8wY5xGb+y+3bwVTGqf7+hWWWQuR0Z0mdggYUJ1wbz2deOOpCsK6KO25?= =?us-ascii?Q?8n7eueiiKBflJmcg+8Qk4cffDXe48ZCafyozNWrOV8corOMQhKFqse1NdXOm?= =?us-ascii?Q?rOsE/fN2CYyLT39+Hm6CfpioNLvEiVi3vxE/eWMeJU25HnQ2hXgN2c/yl78B?= =?us-ascii?Q?syzEuTfSAJjuUNrFP+tP8edNF0MrWGVxPg2Bm1ZlJrr2LUGaeC/4haoDtJnN?= =?us-ascii?Q?Z+bXI2tBoNm6ovAXbwhU3dcxIh9G5UE5LYD/blKvHN9J6w+kwPK92MDw6xHU?= =?us-ascii?Q?22te1E762Ipu7ZDWYrJD9y9BrpM22vkZKfocucbzm99YIUYE0LwCDuXiCl55?= =?us-ascii?Q?JMfv3A9BA9x56SrIJflIDjANFBmP7Jzbts9SzVeOb2gDheWmEi3p0I4/LK1n?= =?us-ascii?Q?QloAXpBXhjc=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR12MB9473.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(366016)(7053199007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?lnq/fGlYQ+lyRGGrJqqO8e0kkEjC18cD4UA+NJiCMyqKyX9KdFeUeZl0HdHm?= =?us-ascii?Q?8LMah0JxRnNVkwG3Qi3155pt4DY5nHwUi4yERLOZ8VPeyGvQT90LKX5rXrsa?= =?us-ascii?Q?iQ+KynOouUMFLPqozGz+06TzXsaUKcqt+NaAqDuGzkMgkTruY8XvTm6hWv3P?= =?us-ascii?Q?QHHOLQYQ8kHHeRF06IoQBuX+WgQug7zuGBJ7FNI7Mpc/1+3QY9azydlgzUT/?= =?us-ascii?Q?/ce83OLIzsX3jSiiMQWCyS7ouclTsV2kGBhdqzLsAjkhoBZcNDVwRC42Rucb?= =?us-ascii?Q?Rqcclt0o/fSgXXWOJvszoodFjYap3KI0wIgvTHLye6iB/DcXsia2qWMCDQ0N?= =?us-ascii?Q?Q3qU6JKXNs3bLTIv0YfBLGdg1aqGbb1raAvCFBjs26cCM31aNlNVNGCdUN7Q?= =?us-ascii?Q?aAAEdzJXG6cts4BLvkTcVRqPQpcdKn/vfp1OFohxH3CEYur1wW43qmLsx21G?= =?us-ascii?Q?VEFCL05D5smFWo42N2LLYxejdOCobxonAn14nZsNIV8EYReEfMclvJ2oobaL?= =?us-ascii?Q?sxi5BKwVfhjbMsxKmCHpfNLQCeSmodBR3mlf1ztVu2zGiKQ6NLSZ1hw5Onbm?= =?us-ascii?Q?CY748uhPZttrQ8owPf/+WBPSGLrq2SQqawHY1SMFbMuEiD+JB02gMwsZMBLT?= =?us-ascii?Q?eHmSbJ73ql+floImC4gsPZsMU2zEf2gBU7jyx2YgyQPjTZnVV/XHOJEzmA3J?= =?us-ascii?Q?wnxNIh63SYIVmiNiPBBmy+KxSFgb82plBzO1RdmUux26FQyaFc9bKfv8z1o4?= =?us-ascii?Q?OwVEe5TdzrvQmA+F1of/EjDsKeBDI9TAA9IX+Y16KWB0nF3rctfo/Uua1qqi?= =?us-ascii?Q?v2UvqjHWOHYUEt+Tx0K9xjmAdtvdctm5aZUjGUz17C2Tu/fMBVm3s+5zc64w?= =?us-ascii?Q?hFspTSlfFYnI9N27sh+o06wniEdkfHZQkdHDnZUOJhR0w3czcSyR1Czgwv5t?= =?us-ascii?Q?sAMYv0PS1jsKaLO8VHJ0yofutX1413E41mOx6wrpkgCOGT+SNDTmPK1SkiMD?= =?us-ascii?Q?bn9UDENBvVJV1guNv0yLcYwUjyEirqOVg1T0Ju7m5r2Qj90i9Pct9a3bncje?= =?us-ascii?Q?rULG7ACGufggIax43niO+Q7fQgcq1Sqq6L7oM9+mFqz+FkhPFzKsc/mMqLvT?= =?us-ascii?Q?b4Gxck8EMY8gNQan+1BFXFqPKVG4kVmKKdpwiguIwhfkNGi1hJyuMvM31MIa?= =?us-ascii?Q?Env3uMA5jgyHJFrAJtQmf1ufvlVJ0CEv88e8tsXGAo0hY9ERKgqDfdNx0VmI?= =?us-ascii?Q?MXtkNSRh/iQyisv7Otp/PZguoTSyNuhcEcUr1SGBhy/GOztwNDFdW7u6Uyvy?= =?us-ascii?Q?MYCAGAdv2EJw1ZRe+K4I9U/TfD5wqvA9G/fK80rZ4/kxNIEVzq9rqrEQ75NK?= =?us-ascii?Q?evgvmyU/4aPB3Xfzii930NVcIrfy/1KnXyXw/umWd+pLXkBSV9nk9+AOfLt4?= =?us-ascii?Q?LUn7aOwZj2ADEn5rs3QZiOLh7CyG8Pz3WaVhsWRHW77ITq6xO2ajfdAYSyHw?= =?us-ascii?Q?m5gnNOx+MQvzzwe/oUEENMVOpohQIeeBsSo5uw4dKJGvFCBASXIEMhRa95Hb?= =?us-ascii?Q?50/EFeiRPafKzhCYVe842Nq6SAk0jBpk1WxSe7Df?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad68288d-ff1d-4981-f188-08dd7e6ee05a X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB9473.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2025 11:48:03.3795 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5SFF/3jMZb3MsixSrlc+AYnaUNcA8B+CvB3OAHGRaskN6AINqXoADBj2wDnUs7eB X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7851 X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 9109C40008 X-Rspam-User: X-Stat-Signature: hf114hq7qewraxm8ojmfz7nz6nzpgjff X-HE-Tag: 1744976888-239864 X-HE-Meta: U2FsdGVkX1+dbHFq9PngP7Ph2lQeAvZiWFpLeniUCQi4/l4DaDIIw/o4Q99l/WGNC6axC3KZGp/YooeG7kJQjgvEsoO3RVKthS3gTtbzXFcyn1ujdTvH7P15z4Qivbyvi7zAgW8+Ty6ktn6EE1pVLjzIKHvkTrtzE7Ap5ipZhHTsNujXDNJDrm9HRPO3dAcRWbRlNZVct/I1Mashzo19bzn5n6V12lirXT9cItTr85Ru6b5c1kKPe62QG6iitx3inPh371Ae3gckUt1cKpPlV+tZuhoSB3QLeaKLQ/GZtnnVumURVtiVagQPMmYAtf84Eh3jkotU2/2eoIL7i1PHGCF5ImrUTdnnPHd5yHEJT4FGLnhEGY7NHwst3vJDDwKEEO6/QHZ965V87cBoUCCOJem+/Zohy0Pia6J1JhpnlHVjc3mmKaFV/hqpjmjDCzHAMIkxBvMLs+PHuhoF4S0Merk2pVCpZDVEYUviILqKydZpIDddTGtEtOc2VFUirfEWPaKiqmGyJx9qzf2NkN+0eTd2VNmefqJWbnv74bUULVaDFKtqlHhCXJdlQviZABQ7GUvb4U5+oO0/gaVWV/FUTmXEjgCF/1BEOud0m43fJO8EVJRzjx0M1va/Zs9yF0DiqCSJcRz7nTgl6oeX2cw7anKrng3Uhvb2UEYv+UXcdMOi+B4AvJXZZCNpus4tGfn6VC5SVn874iIc+oZ9t/wCr2YhwtwNE15a+W1qlJ0wX3CnzteWCwMOXJB6MH2UT6wLdwwThtNuf9p+b1VuM4P/r+nH/FLwJFqotd+849fn21sjcRiwOx3Av2GyKTVS9lcZHsxY0L1M/gWwf6dMnZs/rQ1xpMbdqYJmtWIuzLeYuzpx3pBlO61PhCeTr11TBLxmN0rILiHgJx4mN40HeBtvTQWa61YgN1jNSwB3TTIsEyQem/De5mxZzRe7xYeMx8wRkbriTTOd0z1gOfXkhMx +sjWZVIJ 3pN09JWFMjtQo0+c= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 18 Apr 2025, at 5:03, Gavin Guo wrote: > On 4/18/25 16:58, Gavin Guo wrote: >> When migrating a THP, concurrent access to the PMD migration entry >> during a deferred split scan can lead to a invalid address access, as >> illustrated below. To prevent this page fault, it is necessary to chec= k >> the PMD migration entry and return early. In this context, there is no= >> need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the >> equality of the target folio. Since the PMD migration entry is locked,= >> it cannot be served as the target. >> >> Mailing list discussion and explanation from Hugh Dickins: >> "An anon_vma lookup points to a location which may contain the folio o= f >> interest, but might instead contain another folio: and weeding out tho= se >> other folios is precisely what the "folio !=3D pmd_folio((*pmd)" check= >> (and the "risk of replacing the wrong folio" comment a few lines above= >> it) is for." >> >> BUG: unable to handle page fault for address: ffffea60001db008 >> CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE >> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian= -1.16.3-2 04/01/2014 >> RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 >> Call Trace: >> >> try_to_migrate_one+0x28c/0x3730 >> rmap_walk_anon+0x4f6/0x770 >> unmap_folio+0x196/0x1f0 >> split_huge_page_to_list_to_order+0x9f6/0x1560 >> deferred_split_scan+0xac5/0x12a0 >> shrinker_debugfs_scan_write+0x376/0x470 >> full_proxy_write+0x15c/0x220 >> vfs_write+0x2fc/0xcb0 >> ksys_write+0x146/0x250 >> do_syscall_64+0x6a/0x120 >> entry_SYSCALL_64_after_hwframe+0x76/0x7e >> >> The bug is found by syzkaller on an internal kernel, then confirmed on= >> upstream. >> >> Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common pat= h") >> Cc: stable@vger.kernel.org >> Signed-off-by: Gavin Guo >> Acked-by: David Hildenbrand >> Acked-by: Hugh Dickins >> Acked-by: Zi Yan >> Link: https://lore.kernel.org/all/20250414072737.1698513-1-gavinguo@ig= alia.com/ >> --- >> V1 -> V2: Add explanation from Hugh and correct the wording from page >> fault to invalid address access. >> >> mm/huge_memory.c | 18 ++++++++++++++---- >> 1 file changed, 14 insertions(+), 4 deletions(-) >> >> diff --git a/mm/huge_memory.c b/mm/huge_memory.c >> index 2a47682d1ab7..0cb9547dcff2 100644 >> --- a/mm/huge_memory.c >> +++ b/mm/huge_memory.c >> @@ -3075,6 +3075,8 @@ static void __split_huge_pmd_locked(struct vm_ar= ea_struct *vma, pmd_t *pmd, >> void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long= address, >> pmd_t *pmd, bool freeze, struct folio *folio) >> { >> + bool pmd_migration =3D is_pmd_migration_entry(*pmd); >> + >> VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); >> VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); >> VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); >> @@ -3085,10 +3087,18 @@ void split_huge_pmd_locked(struct vm_area_stru= ct *vma, unsigned long address, >> * require a folio to check the PMD against. Otherwise, there >> * is a risk of replacing the wrong folio. >> */ >> - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || >> - is_pmd_migration_entry(*pmd)) { >> - if (folio && folio !=3D pmd_folio(*pmd)) >> - return; >> + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { >> + if (folio) { >> + /* >> + * Do not apply pmd_folio() to a migration entry; and >> + * folio lock guarantees that it must be of the wrong >> + * folio anyway. >> + */ >> + if (pmd_migration) >> + return; >> + if (folio !=3D pmd_folio(*pmd)) >> + return; >> + } >> __split_huge_pmd_locked(vma, pmd, address, freeze); >> } >> } >> >> base-commit: a24588245776dafc227243a01bfbeb8a59bafba9 > > Hi Zi, I've carefully reviewed the mailing list and observed that the i= ndentation is not a strong concern from the reviews. And the cleanup sugg= estion from David will override the modification in this patch. I have de= cided to keep the original version (the unindented one). Let me know if y= ou have any feedback with the v2 patch. Thank you! No problem. Thank you for the fix. Best Regards, Yan, Zi