[PATCH v2 0/3] mm/huge_memory: Fix move_pages_huge

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2 0/3] mm/huge_memory: Fix move_pages_huge_pmd() for huge zero pages
@ 2026-02-26 14:15 Chris Down
  0 siblings, 0 replies; only message in thread
From: Chris Down @ 2026-02-26 14:15 UTC (permalink / raw)
  To: Andrew Morton
  Cc: David Hildenbrand, Matthew Wilcox, kernel-team, linux-mm,
	linux-kernel, stable

Changes since v1:

- Reworked patch 2 per David's feedback to stop reconstructing the huge
  zero PMD and instead preserve PMD state from src_pmdval, then apply
  move_soft_dirty_pmd() and clear_uffd_wp_pmd().
- Added regression tests.
- As a side note, I've kept the two mm fixes split intentionally for
  stable backports, even though patch one immediately gets superseded by
  patch two. The reason is they track back to different commits, so
  although patch 2 rewrites the same branch in newer trees, keeping the
  fixes separate preserves the correct Fixes: annotations and lets
  stable pick the applicable fix for a given tree.

---

Two fixes for the huge zero page path in move_pages_huge_pmd()
(UFFDIO_MOVE).

Patch 1 fixes a use of NULL folio introduced by the folio_mk_pmd()
conversion in commit e3981db444a0 ("mm: add folio_mk_pmd()"), which
replaced mk_huge_pmd(src_page, ...) with folio_mk_pmd(src_folio, ...) in
the huge zero page branch where src_folio is explicitly NULL. With
SPARSEMEM_VMEMMAP this silently produces a PMD with a bogus PFN, on
other memory models it is a NULL deref.

Patch 2 fixes huge zeropage refcount corruption after commit
d82d09e48219 ("mm/huge_memory: mark PMD mappings of the huge zero folio
special") by preserving the moved huge zero PMD state instead of
reconstructing the destination PMD from the folio. This keeps the PMD
special bit intact on CONFIG_ARCH_HAS_PTE_SPECIAL architectures and
avoids vm_normal_page_pmd() misclassifying the moved huge zeropage PMD
as a normal page.

Chris Down (3):
  mm/huge_memory: Fix use of NULL folio in move_pages_huge_pmd()
  mm/huge_memory: Prevent huge zeropage refcount corruption in PMD move
  selftests/mm: Add UFFDIO_MOVE huge zeropage PMD regression test

 mm/huge_memory.c                             |   3 +-
 tools/testing/selftests/mm/uffd-unit-tests.c | 176 +++++++++++++++++++
 2 files changed, 178 insertions(+), 1 deletion(-)

-- 
2.51.2

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-02-26 14:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-02-26 14:15 [PATCH v2 0/3] mm/huge_memory: Fix move_pages_huge_pmd() for huge zero pages Chris Down

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox