* [merged mm-hotfixes-stable] mm-smaps-fix-race-between-smaps_hugetlb_range-and-migration.patch removed from -mm tree
@ 2025-08-05 20:39 Andrew Morton
0 siblings, 0 replies; only message in thread
From: Andrew Morton @ 2025-08-05 20:39 UTC (permalink / raw)
To: mm-commits, wangkefeng.wang, thiago.bauermann, ryan.roberts,
rientjes, mhocko, lorenzo.stoakes, joern, hughd, dev.jain, david,
christophe.leroy, catalin.marinas, brahmajit.xyz, baolin.wang,
avagin, andrii, tujinjiang, akpm
The quilt patch titled
Subject: mm/smaps: fix race between smaps_hugetlb_range and migration
has been removed from the -mm tree. Its filename was
mm-smaps-fix-race-between-smaps_hugetlb_range-and-migration.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Jinjiang Tu <tujinjiang@huawei.com>
Subject: mm/smaps: fix race between smaps_hugetlb_range and migration
Date: Thu, 24 Jul 2025 17:09:56 +0800
smaps_hugetlb_range() handles the pte without holdling ptl, and may be
concurrenct with migration, leaing to BUG_ON in pfn_swap_entry_to_page().
The race is as follows.
smaps_hugetlb_range migrate_pages
huge_ptep_get
remove_migration_ptes
folio_unlock
pfn_swap_entry_folio
BUG_ON
To fix it, hold ptl lock in smaps_hugetlb_range().
Link: https://lkml.kernel.org/r/20250724090958.455887-1-tujinjiang@huawei.com
Link: https://lkml.kernel.org/r/20250724090958.455887-2-tujinjiang@huawei.com
Fixes: 25ee01a2fca0 ("mm: hugetlb: proc: add hugetlb-related fields to /proc/PID/smaps")
Signed-off-by: Jinjiang Tu <tujinjiang@huawei.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Andrii Nakryiko <andrii@kernel.org>
Cc: Baolin Wang <baolin.wang@linux.alibaba.com>
Cc: Brahmajit Das <brahmajit.xyz@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: David Rientjes <rientjes@google.com>
Cc: Dev Jain <dev.jain@arm.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Joern Engel <joern@logfs.org>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Ryan Roberts <ryan.roberts@arm.com>
Cc: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
fs/proc/task_mmu.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/fs/proc/task_mmu.c~mm-smaps-fix-race-between-smaps_hugetlb_range-and-migration
+++ a/fs/proc/task_mmu.c
@@ -1148,10 +1148,13 @@ static int smaps_hugetlb_range(pte_t *pt
{
struct mem_size_stats *mss = walk->private;
struct vm_area_struct *vma = walk->vma;
- pte_t ptent = huge_ptep_get(walk->mm, addr, pte);
struct folio *folio = NULL;
bool present = false;
+ spinlock_t *ptl;
+ pte_t ptent;
+ ptl = huge_pte_lock(hstate_vma(vma), walk->mm, pte);
+ ptent = huge_ptep_get(walk->mm, addr, pte);
if (pte_present(ptent)) {
folio = page_folio(pte_page(ptent));
present = true;
@@ -1170,6 +1173,7 @@ static int smaps_hugetlb_range(pte_t *pt
else
mss->private_hugetlb += huge_page_size(hstate_vma(vma));
}
+ spin_unlock(ptl);
return 0;
}
#else
_
Patches currently in -mm which might be from tujinjiang@huawei.com are
mm-memory_hotplug-fix-hwpoisoned-large-folio-handling-in-do_migrate_range.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-08-05 20:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-05 20:39 [merged mm-hotfixes-stable] mm-smaps-fix-race-between-smaps_hugetlb_range-and-migration.patch removed from -mm tree Andrew Morton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.