From: Muchun Song <muchun.song@linux.dev>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Muchun Song <songmuchun@bytedance.com>,
Oscar Salvador <osalvador@suse.de>,
David Hildenbrand <david@kernel.org>,
Kiryl Shutsemau <kas@kernel.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] mm/hugetlb_vmemmap: fix incorrect vmemmap restore in rollback
Date: Tue, 26 May 2026 10:01:30 +0800 [thread overview]
Message-ID: <FB43864F-28ED-417F-98AD-D6726FBB067F@linux.dev> (raw)
In-Reply-To: <20260525144948.15e51eb81151e498cc2af999@linux-foundation.org>
> On May 26, 2026, at 05:49, Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Mon, 25 May 2026 10:52:13 +0800 Muchun Song <songmuchun@bytedance.com> wrote:
>
>> vmemmap_restore_pte() rebuilds restored vmemmap pages from a
>> tail-page template derived from compound_head(). This is wrong when the
>> current PTE already maps a page whose contents are not tail-page
>> metadata.
>>
>> In the rollback path of vmemmap_remap_free(), the first restored PTE is
>> backed by vmemmap_head and contains head-page metadata. Reconstructing
>> that page from a tail-page template overwrites the head-page state and
>> corrupts the restored vmemmap page.
>>
>> Fix this by copying the full page from the page currently mapped by the
>> PTE. Also pass vmemmap_tail to the rollback walk so only PTEs backed by
>> the shared tail page are restored, while the head PTE remains mapped to
>> vmemmap_head. Add VM_WARN_ON_ONCE() checks for unexpected cases.
>
> Queued in mm-hotfixes, thanks.
>
>> Fixes: c0b495b91a47 ("mm/hugetlb: refactor code around vmemmap_walk")
>
> A "refactoring" patch caused a regression? Ouch.
Yes.
>
> This patch caused Sashiko to identify a possible pre-existing mem
> hotplug race:
> https://sashiko.dev/#/patchset/20260525025213.2229628-1-songmuchun@bytedance.com
I think it is a false positive since hugetlb pages cannot be freed to
buddy allocator, we cannot race with memory hot remove.
Muchun,
Thanks.
prev parent reply other threads:[~2026-05-26 2:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-25 2:52 [PATCH] mm/hugetlb_vmemmap: fix incorrect vmemmap restore in rollback Muchun Song
2026-05-25 15:52 ` Kiryl Shutsemau
2026-05-25 17:04 ` Oscar Salvador (SUSE)
2026-05-25 21:49 ` Andrew Morton
2026-05-26 2:01 ` Muchun Song [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=FB43864F-28ED-417F-98AD-D6726FBB067F@linux.dev \
--to=muchun.song@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=david@kernel.org \
--cc=kas@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=osalvador@suse.de \
--cc=songmuchun@bytedance.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.