[PATCH v5] selftests/mm: add folio_split() and filemap_get_entry() race test

[PATCH v5] selftests/mm: add folio_split() and filemap_get_entry() race test

[Zi Yan]

The added folio_split_race_test is a modified C port of the race condition
test from [1]. The test creates shmem huge pages, where the main thread
punches holes in the shmem to cause folio_split() in the kernel and
a set of 16 threads reads the shmem to cause filemap_get_entry() in the
kernel. filemap_get_entry() reads the folio and xarray split by
folio_split() locklessly. The original test[2] is written in rust and uses
memfd (shmem backed). This C port uses shmem directly and use a single
process.

Note: the initial rust to C conversion is done by Cursor.

Link: https://lore.kernel.org/all/CAKNNEtw5_kZomhkugedKMPOG-sxs5Q5OLumWJdiWXv+C9Yct0w@mail.gmail.com/ [1]
Link: https://github.com/dfinity/thp-madv-remove-test [2]
Co-developed-by: Bas van Dijk <bas@dfinity.org>
Signed-off-by: Bas van Dijk <bas@dfinity.org>
Co-developed-by: Adam Bratschi-Kaye <adam.bratschikaye@dfinity.org>
Signed-off-by: Adam Bratschi-Kaye <adam.bratschikaye@dfinity.org>
Signed-off-by: Zi Yan <ziy@nvidia.com>
---
From V4:
1. added missing .gitignore entry.
2. used PRIu64 for all uint64_t.
3. added pthread_barrier_t to ensure main thread starts to punch holes when
   all reader threads are spawned.
4. converted size_t to uint64_t.
5. used thp_availabe() instead of thp_is_enabled().
6. added a check on read_pmd_pagesize() to skip the test if pmd_pagesize
   is 0.
7. removed static test information.
8. started iter from 0 instead of 1.
9. simplified test failure checking code.
10. added missing Co-developed-by.

From V3:
1. fixed for loop stepping issue
2. used PRIu64 instead of %zu for uint64_t.

From V2:
1. simplied the program by removing fork.

From V1:
1. added prctl(PR_SET_PDEATHSIG, SIGTERM) to avoid child looping
   forever.
2. removed page_idx % PUNCH_INTERVAL >= 0, since it is a nop. Added a
   comment.
3. added a child process status check to prevent parent looping forever
   and record that as a failure.
4. used ksft_exit_skip() instead of ksft_finished() when the program is
   not running as root.
5. restored THP settings properly when the program exits abnormally.

 tools/testing/selftests/mm/.gitignore         |   1 +
 tools/testing/selftests/mm/Makefile           |   1 +
 .../selftests/mm/folio_split_race_test.c      | 297 ++++++++++++++++++
 tools/testing/selftests/mm/run_vmtests.sh     |   2 +
 4 files changed, 301 insertions(+)
 create mode 100644 tools/testing/selftests/mm/folio_split_race_test.c

diff --git a/tools/testing/selftests/mm/.gitignore b/tools/testing/selftests/mm/.gitignore
index 83ad9454dd9d1..b0c30c5ee9e30 100644
--- a/tools/testing/selftests/mm/.gitignore
+++ b/tools/testing/selftests/mm/.gitignore
@@ -61,3 +61,4 @@ guard-regions
 merge
 prctl_thp_disable
 rmap
+folio_split_race_test
diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile
index 7a5de4e9bf520..cd24596cdd27e 100644
--- a/tools/testing/selftests/mm/Makefile
+++ b/tools/testing/selftests/mm/Makefile
@@ -105,6 +105,7 @@ TEST_GEN_FILES += droppable
 TEST_GEN_FILES += guard-regions
 TEST_GEN_FILES += merge
 TEST_GEN_FILES += rmap
+TEST_GEN_FILES += folio_split_race_test
 
 ifneq ($(ARCH),arm64)
 TEST_GEN_FILES += soft-dirty
diff --git a/tools/testing/selftests/mm/folio_split_race_test.c b/tools/testing/selftests/mm/folio_split_race_test.c
new file mode 100644
index 0000000000000..ff026f183ac7e
--- /dev/null
+++ b/tools/testing/selftests/mm/folio_split_race_test.c
@@ -0,0 +1,297 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * The test creates shmem PMD huge pages, fills all pages with known patterns,
+ * then continuously verifies non-punched pages with 16 threads. Meanwhile, the
+ * main thread punches holes via MADV_REMOVE on the shmem.
+ *
+ * It tests the race condition between folio_split() and filemap_get_entry(),
+ * where the hole punches on shmem lead to folio_split() and reading the shmem
+ * lead to filemap_get_entry().
+ */
+
+#define _GNU_SOURCE
+#include <errno.h>
+#include <inttypes.h>
+#include <linux/mman.h>
+#include <pthread.h>
+#include <stdatomic.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <signal.h>
+#include <unistd.h>
+#include "vm_util.h"
+#include "kselftest.h"
+#include "thp_settings.h"
+
+uint64_t page_size;
+uint64_t pmd_pagesize;
+#define NR_PMD_PAGE 5
+#define FILE_SIZE (pmd_pagesize * NR_PMD_PAGE)
+#define TOTAL_PAGES (FILE_SIZE / page_size)
+
+/* Every N-th to N+M-th pages are punched; not aligned with huge page boundaries. */
+#define PUNCH_INTERVAL 50 /* N */
+#define PUNCH_SIZE_FACTOR 3 /* M */
+
+#define NUM_READER_THREADS 16
+#define FILL_BYTE 0xAF
+#define NUM_ITERATIONS 100
+
+/* Shared control block: control reading threads and record stats */
+struct shared_ctl {
+	atomic_uint_fast32_t stop;
+	atomic_uint_fast64_t reader_failures;
+	atomic_uint_fast64_t reader_verified;
+	pthread_barrier_t barrier;
+};
+
+static void fill_page(unsigned char *base, size_t page_idx)
+{
+	unsigned char *page_ptr = base + page_idx * page_size;
+	uint64_t idx = (uint64_t)page_idx;
+
+	memset(page_ptr, FILL_BYTE, page_size);
+	memcpy(page_ptr, &idx, sizeof(idx));
+}
+
+/* Returns true if valid, false if corrupted. */
+static bool check_page(unsigned char *base, uint64_t page_idx)
+{
+	unsigned char *page_ptr = base + page_idx * page_size;
+	uint64_t expected_idx = (uint64_t)page_idx;
+	uint64_t got_idx;
+
+	memcpy(&got_idx, page_ptr, 8);
+
+	if (got_idx != expected_idx) {
+		uint64_t off;
+		int all_zero = 1;
+
+		for (off = 0; off < page_size; off++) {
+			if (page_ptr[off] != 0) {
+				all_zero = 0;
+				break;
+			}
+		}
+		if (all_zero) {
+			ksft_print_msg("CORRUPTED: page %" PRIu64
+				       " (huge page %" PRIu64
+				       ") is ALL ZEROS\n",
+				       page_idx,
+				       (page_idx * page_size) / pmd_pagesize);
+		} else {
+			ksft_print_msg("CORRUPTED: page %" PRIu64
+				       " (huge page %" PRIu64
+				       "): expected idx %" PRIu64
+				       ", got %" PRIu64 "\n",
+				       page_idx,
+				       (page_idx * page_size) / pmd_pagesize,
+				       page_idx, got_idx);
+		}
+		return false;
+	}
+	return true;
+}
+
+struct reader_arg {
+	unsigned char *base;
+	struct shared_ctl *ctl;
+	int tid;
+	atomic_uint_fast64_t *failures;
+	atomic_uint_fast64_t *verified;
+};
+
+static void *reader_thread(void *arg)
+{
+	struct reader_arg *ra = (struct reader_arg *)arg;
+	unsigned char *base = ra->base;
+	struct shared_ctl *ctl = ra->ctl;
+	int tid = ra->tid;
+	atomic_uint_fast64_t *failures = ra->failures;
+	atomic_uint_fast64_t *verified = ra->verified;
+	uint64_t page_idx;
+
+	pthread_barrier_wait(&ctl->barrier);
+
+	while (atomic_load_explicit(&ctl->stop, memory_order_acquire) == 0) {
+		for (page_idx = (size_t)tid; page_idx < TOTAL_PAGES;
+		     page_idx += NUM_READER_THREADS) {
+			/*
+			 * page_idx % PUNCH_INTERVAL is in [0, PUNCH_INTERVAL),
+			 * skip [0, PUNCH_SIZE_FACTOR)
+			 */
+			if (page_idx % PUNCH_INTERVAL < PUNCH_SIZE_FACTOR)
+				continue;
+			if (check_page(base, page_idx))
+				atomic_fetch_add_explicit(verified, 1,
+							  memory_order_relaxed);
+			else
+				atomic_fetch_add_explicit(failures, 1,
+							  memory_order_relaxed);
+		}
+		if (atomic_load_explicit(failures, memory_order_relaxed) > 0)
+			break;
+	}
+
+	return NULL;
+}
+
+static void create_readers(pthread_t *threads, struct reader_arg *args,
+			   unsigned char *base, struct shared_ctl *ctl)
+{
+	int i;
+
+	for (i = 0; i < NUM_READER_THREADS; i++) {
+		args[i].base = base;
+		args[i].ctl = ctl;
+		args[i].tid = i;
+		args[i].failures = &ctl->reader_failures;
+		args[i].verified = &ctl->reader_verified;
+		if (pthread_create(&threads[i], NULL, reader_thread,
+				   &args[i]) != 0)
+			ksft_exit_fail_msg("pthread_create failed\n");
+	}
+}
+
+/* Run a single iteration. Returns total number of corrupted pages. */
+static uint64_t run_iteration(void)
+{
+	uint64_t reader_failures, reader_verified;
+	struct reader_arg args[NUM_READER_THREADS];
+	pthread_t threads[NUM_READER_THREADS];
+	unsigned char *mmap_base;
+	struct shared_ctl ctl;
+	uint64_t i;
+
+	memset(&ctl, 0, sizeof(struct shared_ctl));
+
+	mmap_base = mmap(NULL, FILE_SIZE, PROT_READ | PROT_WRITE,
+			 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
+
+	if (mmap_base == MAP_FAILED)
+		ksft_exit_fail_msg("mmap failed: %d\n", errno);
+
+	if (madvise(mmap_base, FILE_SIZE, MADV_HUGEPAGE) != 0)
+		ksft_exit_fail_msg("madvise(MADV_HUGEPAGE) failed: %d\n",
+				   errno);
+
+	for (i = 0; i < TOTAL_PAGES; i++)
+		fill_page(mmap_base, i);
+
+	if (!check_huge_shmem(mmap_base, NR_PMD_PAGE, pmd_pagesize))
+		ksft_exit_fail_msg("No shmem THP is allocated\n");
+
+	if (pthread_barrier_init(&ctl.barrier, NULL, NUM_READER_THREADS + 1) != 0)
+		ksft_exit_fail_msg("pthread_barrier_init failed\n");
+
+	create_readers(threads, args, mmap_base, &ctl);
+
+	/* Wait for all reader threads to be ready before punching holes. */
+	pthread_barrier_wait(&ctl.barrier);
+
+	for (i = 0; i < TOTAL_PAGES; i++) {
+		if (i % PUNCH_INTERVAL != 0)
+			continue;
+		if (madvise(mmap_base + i * page_size,
+			    PUNCH_SIZE_FACTOR * page_size, MADV_REMOVE) != 0) {
+			ksft_exit_fail_msg(
+				"madvise(MADV_REMOVE) failed on page %" PRIu64 ": %d\n",
+				i, errno);
+		}
+
+		i += PUNCH_SIZE_FACTOR - 1;
+	}
+
+	atomic_store_explicit(&ctl.stop, 1, memory_order_release);
+
+	for (i = 0; i < NUM_READER_THREADS; i++)
+		pthread_join(threads[i], NULL);
+
+	pthread_barrier_destroy(&ctl.barrier);
+
+	reader_failures = atomic_load_explicit(&ctl.reader_failures,
+					       memory_order_acquire);
+	reader_verified = atomic_load_explicit(&ctl.reader_verified,
+					       memory_order_acquire);
+	if (reader_failures)
+		ksft_print_msg("Child: %" PRIu64 " pages verified, %" PRIu64 " failures\n",
+			       reader_verified, reader_failures);
+
+	munmap(mmap_base, FILE_SIZE);
+
+	return reader_failures;
+}
+
+static void thp_cleanup_handler(int signum)
+{
+	thp_restore_settings();
+	/*
+	 * Restore default handler and re-raise the signal to exit.
+	 * This is to ensure the test process exits with the correct
+	 * status code corresponding to the signal.
+	 */
+	signal(signum, SIG_DFL);
+	raise(signum);
+}
+
+static void thp_settings_cleanup(void)
+{
+	thp_restore_settings();
+}
+
+int main(void)
+{
+	struct thp_settings current_settings;
+	uint64_t corrupted_pages;
+	uint64_t iter;
+
+	ksft_print_header();
+
+	page_size = getpagesize();
+	pmd_pagesize = read_pmd_pagesize();
+
+	if (!thp_available() || !pmd_pagesize)
+		ksft_exit_skip("Transparent Hugepages not available\n");
+
+	if (geteuid() != 0)
+		ksft_exit_skip("Please run the test as root\n");
+
+	thp_save_settings();
+	/* make sure thp settings are restored */
+	if (atexit(thp_settings_cleanup) != 0)
+		ksft_exit_fail_msg("atexit failed\n");
+
+	signal(SIGINT, thp_cleanup_handler);
+	signal(SIGTERM, thp_cleanup_handler);
+
+	thp_read_settings(&current_settings);
+	current_settings.shmem_enabled = SHMEM_ADVISE;
+	thp_write_settings(&current_settings);
+
+	ksft_set_plan(1);
+
+	ksft_print_msg("folio split race test\n");
+
+	for (iter = 0; iter < NUM_ITERATIONS; iter++) {
+		corrupted_pages = run_iteration();
+		if (corrupted_pages > 0)
+			break;
+	}
+
+	if (iter < NUM_ITERATIONS)
+		ksft_test_result_fail("FAILED on iteration %" PRIu64
+				      ": %" PRIu64
+				      " pages corrupted by MADV_REMOVE!\n",
+				      iter, corrupted_pages);
+	else
+		ksft_test_result_pass("All %d iterations passed\n",
+				      NUM_ITERATIONS);
+
+	ksft_exit(iter == NUM_ITERATIONS);
+
+	return 0;
+}
diff --git a/tools/testing/selftests/mm/run_vmtests.sh b/tools/testing/selftests/mm/run_vmtests.sh
index 606558cc3b098..530980fdf3227 100755
--- a/tools/testing/selftests/mm/run_vmtests.sh
+++ b/tools/testing/selftests/mm/run_vmtests.sh
@@ -553,6 +553,8 @@ if [ -n "${MOUNTED_XFS}" ]; then
     rm -f ${XFS_IMG}
 fi
 
+CATEGORY="thp" run_test ./folio_split_race_test
+
 CATEGORY="migration" run_test ./migration
 
 CATEGORY="mkdirty" run_test ./mkdirty
-- 
2.53.0

Re: [PATCH v5] selftests/mm: add folio_split() and filemap_get_entry() race test

[Zi Yan]

Hi Andrew,

In case you missed this v5. It addressed David comments on v4.

In terms of sashiko review[1] on this one,

1. the false sharing one can be ignored, I can use this test to reliably
reproduce the issue in the old kernels.

2. the thp_cleanup_handler() one has been addressed before and
the chance of causing an issue should be very low.

Thanks.


[1] https://sashiko.dev/#/patchset/20260323163717.184107-1-ziy%40nvidia.com

On 23 Mar 2026, at 12:37, Zi Yan wrote:

> The added folio_split_race_test is a modified C port of the race condition
> test from [1]. The test creates shmem huge pages, where the main thread
> punches holes in the shmem to cause folio_split() in the kernel and
> a set of 16 threads reads the shmem to cause filemap_get_entry() in the
> kernel. filemap_get_entry() reads the folio and xarray split by
> folio_split() locklessly. The original test[2] is written in rust and uses
> memfd (shmem backed). This C port uses shmem directly and use a single
> process.
>
> Note: the initial rust to C conversion is done by Cursor.
>
> Link: https://lore.kernel.org/all/CAKNNEtw5_kZomhkugedKMPOG-sxs5Q5OLumWJdiWXv+C9Yct0w@mail.gmail.com/ [1]
> Link: https://github.com/dfinity/thp-madv-remove-test [2]
> Co-developed-by: Bas van Dijk <bas@dfinity.org>
> Signed-off-by: Bas van Dijk <bas@dfinity.org>
> Co-developed-by: Adam Bratschi-Kaye <adam.bratschikaye@dfinity.org>
> Signed-off-by: Adam Bratschi-Kaye <adam.bratschikaye@dfinity.org>
> Signed-off-by: Zi Yan <ziy@nvidia.com>
> ---
> From V4:
> 1. added missing .gitignore entry.
> 2. used PRIu64 for all uint64_t.
> 3. added pthread_barrier_t to ensure main thread starts to punch holes when
>    all reader threads are spawned.
> 4. converted size_t to uint64_t.
> 5. used thp_availabe() instead of thp_is_enabled().
> 6. added a check on read_pmd_pagesize() to skip the test if pmd_pagesize
>    is 0.
> 7. removed static test information.
> 8. started iter from 0 instead of 1.
> 9. simplified test failure checking code.
> 10. added missing Co-developed-by.
>
> From V3:
> 1. fixed for loop stepping issue
> 2. used PRIu64 instead of %zu for uint64_t.
>
> From V2:
> 1. simplied the program by removing fork.
>
> From V1:
> 1. added prctl(PR_SET_PDEATHSIG, SIGTERM) to avoid child looping
>    forever.
> 2. removed page_idx % PUNCH_INTERVAL >= 0, since it is a nop. Added a
>    comment.
> 3. added a child process status check to prevent parent looping forever
>    and record that as a failure.
> 4. used ksft_exit_skip() instead of ksft_finished() when the program is
>    not running as root.
> 5. restored THP settings properly when the program exits abnormally.
>
>  tools/testing/selftests/mm/.gitignore         |   1 +
>  tools/testing/selftests/mm/Makefile           |   1 +
>  .../selftests/mm/folio_split_race_test.c      | 297 ++++++++++++++++++
>  tools/testing/selftests/mm/run_vmtests.sh     |   2 +
>  4 files changed, 301 insertions(+)
>  create mode 100644 tools/testing/selftests/mm/folio_split_race_test.c
>
> diff --git a/tools/testing/selftests/mm/.gitignore b/tools/testing/selftests/mm/.gitignore
> index 83ad9454dd9d1..b0c30c5ee9e30 100644
> --- a/tools/testing/selftests/mm/.gitignore
> +++ b/tools/testing/selftests/mm/.gitignore
> @@ -61,3 +61,4 @@ guard-regions
>  merge
>  prctl_thp_disable
>  rmap
> +folio_split_race_test
> diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile
> index 7a5de4e9bf520..cd24596cdd27e 100644
> --- a/tools/testing/selftests/mm/Makefile
> +++ b/tools/testing/selftests/mm/Makefile
> @@ -105,6 +105,7 @@ TEST_GEN_FILES += droppable
>  TEST_GEN_FILES += guard-regions
>  TEST_GEN_FILES += merge
>  TEST_GEN_FILES += rmap
> +TEST_GEN_FILES += folio_split_race_test
>
>  ifneq ($(ARCH),arm64)
>  TEST_GEN_FILES += soft-dirty
> diff --git a/tools/testing/selftests/mm/folio_split_race_test.c b/tools/testing/selftests/mm/folio_split_race_test.c
> new file mode 100644
> index 0000000000000..ff026f183ac7e
> --- /dev/null
> +++ b/tools/testing/selftests/mm/folio_split_race_test.c
> @@ -0,0 +1,297 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * The test creates shmem PMD huge pages, fills all pages with known patterns,
> + * then continuously verifies non-punched pages with 16 threads. Meanwhile, the
> + * main thread punches holes via MADV_REMOVE on the shmem.
> + *
> + * It tests the race condition between folio_split() and filemap_get_entry(),
> + * where the hole punches on shmem lead to folio_split() and reading the shmem
> + * lead to filemap_get_entry().
> + */
> +
> +#define _GNU_SOURCE
> +#include <errno.h>
> +#include <inttypes.h>
> +#include <linux/mman.h>
> +#include <pthread.h>
> +#include <stdatomic.h>
> +#include <stdbool.h>
> +#include <stdint.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <sys/mman.h>
> +#include <signal.h>
> +#include <unistd.h>
> +#include "vm_util.h"
> +#include "kselftest.h"
> +#include "thp_settings.h"
> +
> +uint64_t page_size;
> +uint64_t pmd_pagesize;
> +#define NR_PMD_PAGE 5
> +#define FILE_SIZE (pmd_pagesize * NR_PMD_PAGE)
> +#define TOTAL_PAGES (FILE_SIZE / page_size)
> +
> +/* Every N-th to N+M-th pages are punched; not aligned with huge page boundaries. */
> +#define PUNCH_INTERVAL 50 /* N */
> +#define PUNCH_SIZE_FACTOR 3 /* M */
> +
> +#define NUM_READER_THREADS 16
> +#define FILL_BYTE 0xAF
> +#define NUM_ITERATIONS 100
> +
> +/* Shared control block: control reading threads and record stats */
> +struct shared_ctl {
> +	atomic_uint_fast32_t stop;
> +	atomic_uint_fast64_t reader_failures;
> +	atomic_uint_fast64_t reader_verified;
> +	pthread_barrier_t barrier;
> +};
> +
> +static void fill_page(unsigned char *base, size_t page_idx)
> +{
> +	unsigned char *page_ptr = base + page_idx * page_size;
> +	uint64_t idx = (uint64_t)page_idx;
> +
> +	memset(page_ptr, FILL_BYTE, page_size);
> +	memcpy(page_ptr, &idx, sizeof(idx));
> +}
> +
> +/* Returns true if valid, false if corrupted. */
> +static bool check_page(unsigned char *base, uint64_t page_idx)
> +{
> +	unsigned char *page_ptr = base + page_idx * page_size;
> +	uint64_t expected_idx = (uint64_t)page_idx;
> +	uint64_t got_idx;
> +
> +	memcpy(&got_idx, page_ptr, 8);
> +
> +	if (got_idx != expected_idx) {
> +		uint64_t off;
> +		int all_zero = 1;
> +
> +		for (off = 0; off < page_size; off++) {
> +			if (page_ptr[off] != 0) {
> +				all_zero = 0;
> +				break;
> +			}
> +		}
> +		if (all_zero) {
> +			ksft_print_msg("CORRUPTED: page %" PRIu64
> +				       " (huge page %" PRIu64
> +				       ") is ALL ZEROS\n",
> +				       page_idx,
> +				       (page_idx * page_size) / pmd_pagesize);
> +		} else {
> +			ksft_print_msg("CORRUPTED: page %" PRIu64
> +				       " (huge page %" PRIu64
> +				       "): expected idx %" PRIu64
> +				       ", got %" PRIu64 "\n",
> +				       page_idx,
> +				       (page_idx * page_size) / pmd_pagesize,
> +				       page_idx, got_idx);
> +		}
> +		return false;
> +	}
> +	return true;
> +}
> +
> +struct reader_arg {
> +	unsigned char *base;
> +	struct shared_ctl *ctl;
> +	int tid;
> +	atomic_uint_fast64_t *failures;
> +	atomic_uint_fast64_t *verified;
> +};
> +
> +static void *reader_thread(void *arg)
> +{
> +	struct reader_arg *ra = (struct reader_arg *)arg;
> +	unsigned char *base = ra->base;
> +	struct shared_ctl *ctl = ra->ctl;
> +	int tid = ra->tid;
> +	atomic_uint_fast64_t *failures = ra->failures;
> +	atomic_uint_fast64_t *verified = ra->verified;
> +	uint64_t page_idx;
> +
> +	pthread_barrier_wait(&ctl->barrier);
> +
> +	while (atomic_load_explicit(&ctl->stop, memory_order_acquire) == 0) {
> +		for (page_idx = (size_t)tid; page_idx < TOTAL_PAGES;
> +		     page_idx += NUM_READER_THREADS) {
> +			/*
> +			 * page_idx % PUNCH_INTERVAL is in [0, PUNCH_INTERVAL),
> +			 * skip [0, PUNCH_SIZE_FACTOR)
> +			 */
> +			if (page_idx % PUNCH_INTERVAL < PUNCH_SIZE_FACTOR)
> +				continue;
> +			if (check_page(base, page_idx))
> +				atomic_fetch_add_explicit(verified, 1,
> +							  memory_order_relaxed);
> +			else
> +				atomic_fetch_add_explicit(failures, 1,
> +							  memory_order_relaxed);
> +		}
> +		if (atomic_load_explicit(failures, memory_order_relaxed) > 0)
> +			break;
> +	}
> +
> +	return NULL;
> +}
> +
> +static void create_readers(pthread_t *threads, struct reader_arg *args,
> +			   unsigned char *base, struct shared_ctl *ctl)
> +{
> +	int i;
> +
> +	for (i = 0; i < NUM_READER_THREADS; i++) {
> +		args[i].base = base;
> +		args[i].ctl = ctl;
> +		args[i].tid = i;
> +		args[i].failures = &ctl->reader_failures;
> +		args[i].verified = &ctl->reader_verified;
> +		if (pthread_create(&threads[i], NULL, reader_thread,
> +				   &args[i]) != 0)
> +			ksft_exit_fail_msg("pthread_create failed\n");
> +	}
> +}
> +
> +/* Run a single iteration. Returns total number of corrupted pages. */
> +static uint64_t run_iteration(void)
> +{
> +	uint64_t reader_failures, reader_verified;
> +	struct reader_arg args[NUM_READER_THREADS];
> +	pthread_t threads[NUM_READER_THREADS];
> +	unsigned char *mmap_base;
> +	struct shared_ctl ctl;
> +	uint64_t i;
> +
> +	memset(&ctl, 0, sizeof(struct shared_ctl));
> +
> +	mmap_base = mmap(NULL, FILE_SIZE, PROT_READ | PROT_WRITE,
> +			 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
> +
> +	if (mmap_base == MAP_FAILED)
> +		ksft_exit_fail_msg("mmap failed: %d\n", errno);
> +
> +	if (madvise(mmap_base, FILE_SIZE, MADV_HUGEPAGE) != 0)
> +		ksft_exit_fail_msg("madvise(MADV_HUGEPAGE) failed: %d\n",
> +				   errno);
> +
> +	for (i = 0; i < TOTAL_PAGES; i++)
> +		fill_page(mmap_base, i);
> +
> +	if (!check_huge_shmem(mmap_base, NR_PMD_PAGE, pmd_pagesize))
> +		ksft_exit_fail_msg("No shmem THP is allocated\n");
> +
> +	if (pthread_barrier_init(&ctl.barrier, NULL, NUM_READER_THREADS + 1) != 0)
> +		ksft_exit_fail_msg("pthread_barrier_init failed\n");
> +
> +	create_readers(threads, args, mmap_base, &ctl);
> +
> +	/* Wait for all reader threads to be ready before punching holes. */
> +	pthread_barrier_wait(&ctl.barrier);
> +
> +	for (i = 0; i < TOTAL_PAGES; i++) {
> +		if (i % PUNCH_INTERVAL != 0)
> +			continue;
> +		if (madvise(mmap_base + i * page_size,
> +			    PUNCH_SIZE_FACTOR * page_size, MADV_REMOVE) != 0) {
> +			ksft_exit_fail_msg(
> +				"madvise(MADV_REMOVE) failed on page %" PRIu64 ": %d\n",
> +				i, errno);
> +		}
> +
> +		i += PUNCH_SIZE_FACTOR - 1;
> +	}
> +
> +	atomic_store_explicit(&ctl.stop, 1, memory_order_release);
> +
> +	for (i = 0; i < NUM_READER_THREADS; i++)
> +		pthread_join(threads[i], NULL);
> +
> +	pthread_barrier_destroy(&ctl.barrier);
> +
> +	reader_failures = atomic_load_explicit(&ctl.reader_failures,
> +					       memory_order_acquire);
> +	reader_verified = atomic_load_explicit(&ctl.reader_verified,
> +					       memory_order_acquire);
> +	if (reader_failures)
> +		ksft_print_msg("Child: %" PRIu64 " pages verified, %" PRIu64 " failures\n",
> +			       reader_verified, reader_failures);
> +
> +	munmap(mmap_base, FILE_SIZE);
> +
> +	return reader_failures;
> +}
> +
> +static void thp_cleanup_handler(int signum)
> +{
> +	thp_restore_settings();
> +	/*
> +	 * Restore default handler and re-raise the signal to exit.
> +	 * This is to ensure the test process exits with the correct
> +	 * status code corresponding to the signal.
> +	 */
> +	signal(signum, SIG_DFL);
> +	raise(signum);
> +}
> +
> +static void thp_settings_cleanup(void)
> +{
> +	thp_restore_settings();
> +}
> +
> +int main(void)
> +{
> +	struct thp_settings current_settings;
> +	uint64_t corrupted_pages;
> +	uint64_t iter;
> +
> +	ksft_print_header();
> +
> +	page_size = getpagesize();
> +	pmd_pagesize = read_pmd_pagesize();
> +
> +	if (!thp_available() || !pmd_pagesize)
> +		ksft_exit_skip("Transparent Hugepages not available\n");
> +
> +	if (geteuid() != 0)
> +		ksft_exit_skip("Please run the test as root\n");
> +
> +	thp_save_settings();
> +	/* make sure thp settings are restored */
> +	if (atexit(thp_settings_cleanup) != 0)
> +		ksft_exit_fail_msg("atexit failed\n");
> +
> +	signal(SIGINT, thp_cleanup_handler);
> +	signal(SIGTERM, thp_cleanup_handler);
> +
> +	thp_read_settings(&current_settings);
> +	current_settings.shmem_enabled = SHMEM_ADVISE;
> +	thp_write_settings(&current_settings);
> +
> +	ksft_set_plan(1);
> +
> +	ksft_print_msg("folio split race test\n");
> +
> +	for (iter = 0; iter < NUM_ITERATIONS; iter++) {
> +		corrupted_pages = run_iteration();
> +		if (corrupted_pages > 0)
> +			break;
> +	}
> +
> +	if (iter < NUM_ITERATIONS)
> +		ksft_test_result_fail("FAILED on iteration %" PRIu64
> +				      ": %" PRIu64
> +				      " pages corrupted by MADV_REMOVE!\n",
> +				      iter, corrupted_pages);
> +	else
> +		ksft_test_result_pass("All %d iterations passed\n",
> +				      NUM_ITERATIONS);
> +
> +	ksft_exit(iter == NUM_ITERATIONS);
> +
> +	return 0;
> +}
> diff --git a/tools/testing/selftests/mm/run_vmtests.sh b/tools/testing/selftests/mm/run_vmtests.sh
> index 606558cc3b098..530980fdf3227 100755
> --- a/tools/testing/selftests/mm/run_vmtests.sh
> +++ b/tools/testing/selftests/mm/run_vmtests.sh
> @@ -553,6 +553,8 @@ if [ -n "${MOUNTED_XFS}" ]; then
>      rm -f ${XFS_IMG}
>  fi
>
> +CATEGORY="thp" run_test ./folio_split_race_test
> +
>  CATEGORY="migration" run_test ./migration
>
>  CATEGORY="mkdirty" run_test ./mkdirty
> -- 
> 2.53.0


Best Regards,
Yan, Zi

Re: [PATCH v5] selftests/mm: add folio_split() and filemap_get_entry() race test

[Andrew Morton]

On Mon, 23 Mar 2026 12:37:17 -0400 Zi Yan <ziy@nvidia.com> wrote:

> The added folio_split_race_test is a modified C port of the race condition
> test from [1]. The test creates shmem huge pages, where the main thread
> punches holes in the shmem to cause folio_split() in the kernel and
> a set of 16 threads reads the shmem to cause filemap_get_entry() in the
> kernel. filemap_get_entry() reads the folio and xarray split by
> folio_split() locklessly. The original test[2] is written in rust and uses
> memfd (shmem backed). This C port uses shmem directly and use a single
> process.
> 
> Note: the initial rust to C conversion is done by Cursor.

Thanks for the poke, I did indeed miss this.

I'll toss the previous version and its three -fixes.  {lease check that
those -fixes were incorporated here.

Here's how v5 alters mm.git.  It's quite a large update.


 tools/testing/selftests/mm/folio_split_race_test.c |   95 +++++------
 1 file changed, 44 insertions(+), 51 deletions(-)

--- a/tools/testing/selftests/mm/folio_split_race_test.c~a
+++ a/tools/testing/selftests/mm/folio_split_race_test.c
@@ -44,8 +44,8 @@ uint64_t pmd_pagesize;
 /* Shared control block: control reading threads and record stats */
 struct shared_ctl {
 	atomic_uint_fast32_t stop;
-	atomic_size_t reader_failures;
-	atomic_size_t reader_verified;
+	atomic_uint_fast64_t reader_failures;
+	atomic_uint_fast64_t reader_verified;
 	pthread_barrier_t barrier;
 };
 
@@ -59,7 +59,7 @@ static void fill_page(unsigned char *bas
 }
 
 /* Returns true if valid, false if corrupted. */
-static bool check_page(unsigned char *base, size_t page_idx)
+static bool check_page(unsigned char *base, uint64_t page_idx)
 {
 	unsigned char *page_ptr = base + page_idx * page_size;
 	uint64_t expected_idx = (uint64_t)page_idx;
@@ -68,7 +68,7 @@ static bool check_page(unsigned char *ba
 	memcpy(&got_idx, page_ptr, 8);
 
 	if (got_idx != expected_idx) {
-		size_t off;
+		uint64_t off;
 		int all_zero = 1;
 
 		for (off = 0; off < page_size; off++) {
@@ -78,15 +78,19 @@ static bool check_page(unsigned char *ba
 			}
 		}
 		if (all_zero) {
-			ksft_print_msg(
-				"CORRUPTED: page %zu (huge page %" PRIu64 ") is ALL ZEROS\n",
-				page_idx,
-				(page_idx * page_size) / pmd_pagesize);
+			ksft_print_msg("CORRUPTED: page %" PRIu64
+				       " (huge page %" PRIu64
+				       ") is ALL ZEROS\n",
+				       page_idx,
+				       (page_idx * page_size) / pmd_pagesize);
 		} else {
-			ksft_print_msg(
-				"CORRUPTED: page %zu (huge page %" PRIu64 "): expected idx %zu, got %" PRIu64 "\n",
-				page_idx, (page_idx * page_size) / pmd_pagesize,
-				page_idx, got_idx);
+			ksft_print_msg("CORRUPTED: page %" PRIu64
+				       " (huge page %" PRIu64
+				       "): expected idx %" PRIu64
+				       ", got %" PRIu64 "\n",
+				       page_idx,
+				       (page_idx * page_size) / pmd_pagesize,
+				       page_idx, got_idx);
 		}
 		return false;
 	}
@@ -97,8 +101,8 @@ struct reader_arg {
 	unsigned char *base;
 	struct shared_ctl *ctl;
 	int tid;
-	atomic_size_t *failures;
-	atomic_size_t *verified;
+	atomic_uint_fast64_t *failures;
+	atomic_uint_fast64_t *verified;
 };
 
 static void *reader_thread(void *arg)
@@ -107,9 +111,9 @@ static void *reader_thread(void *arg)
 	unsigned char *base = ra->base;
 	struct shared_ctl *ctl = ra->ctl;
 	int tid = ra->tid;
-	atomic_size_t *failures = ra->failures;
-	atomic_size_t *verified = ra->verified;
-	size_t page_idx;
+	atomic_uint_fast64_t *failures = ra->failures;
+	atomic_uint_fast64_t *verified = ra->verified;
+	uint64_t page_idx;
 
 	pthread_barrier_wait(&ctl->barrier);
 
@@ -154,14 +158,14 @@ static void create_readers(pthread_t *th
 }
 
 /* Run a single iteration. Returns total number of corrupted pages. */
-static size_t run_iteration(void)
+static uint64_t run_iteration(void)
 {
-	size_t reader_failures, reader_verified;
+	uint64_t reader_failures, reader_verified;
 	struct reader_arg args[NUM_READER_THREADS];
 	pthread_t threads[NUM_READER_THREADS];
 	unsigned char *mmap_base;
 	struct shared_ctl ctl;
-	size_t i;
+	uint64_t i;
 
 	memset(&ctl, 0, sizeof(struct shared_ctl));
 
@@ -195,7 +199,7 @@ static size_t run_iteration(void)
 		if (madvise(mmap_base + i * page_size,
 			    PUNCH_SIZE_FACTOR * page_size, MADV_REMOVE) != 0) {
 			ksft_exit_fail_msg(
-				"madvise(MADV_REMOVE) failed on page %zu: %d\n",
+				"madvise(MADV_REMOVE) failed on page %" PRIu64 ": %d\n",
 				i, errno);
 		}
 
@@ -214,7 +218,7 @@ static size_t run_iteration(void)
 	reader_verified = atomic_load_explicit(&ctl.reader_verified,
 					       memory_order_acquire);
 	if (reader_failures)
-		ksft_print_msg("Child: %zu pages verified, %zu failures\n",
+		ksft_print_msg("Child: %" PRIu64 " pages verified, %" PRIu64 " failures\n",
 			       reader_verified, reader_failures);
 
 	munmap(mmap_base, FILE_SIZE);
@@ -242,13 +246,15 @@ static void thp_settings_cleanup(void)
 int main(void)
 {
 	struct thp_settings current_settings;
-	bool failed = false;
-	size_t failures;
-	size_t iter;
+	uint64_t corrupted_pages;
+	uint64_t iter;
 
 	ksft_print_header();
 
-	if (!thp_is_enabled())
+	page_size = getpagesize();
+	pmd_pagesize = read_pmd_pagesize();
+
+	if (!thp_available() || !pmd_pagesize)
 		ksft_exit_skip("Transparent Hugepages not available\n");
 
 	if (geteuid() != 0)
@@ -268,37 +274,24 @@ int main(void)
 
 	ksft_set_plan(1);
 
-	page_size = getpagesize();
-	pmd_pagesize = read_pmd_pagesize();
-
 	ksft_print_msg("folio split race test\n");
-	ksft_print_msg("===================================================\n");
-	ksft_print_msg("Shmem size:       %" PRIu64 " MiB\n", FILE_SIZE / 1024 / 1024);
-	ksft_print_msg("Total pages:     %" PRIu64 "\n", TOTAL_PAGES);
-	ksft_print_msg("Child readers:   %d\n", NUM_READER_THREADS);
-	ksft_print_msg("Punching every %dth to %dth page\n", PUNCH_INTERVAL,
-		       PUNCH_INTERVAL + PUNCH_SIZE_FACTOR);
-	ksft_print_msg("Iterations:      %d\n", NUM_ITERATIONS);
-
-	for (iter = 1; iter <= NUM_ITERATIONS; iter++) {
-		failures = run_iteration();
-		if (failures > 0) {
-			failed = true;
-			ksft_print_msg(
-				"FAILED on iteration %zu: %zu pages corrupted by MADV_REMOVE!\n",
-				iter, failures);
+
+	for (iter = 0; iter < NUM_ITERATIONS; iter++) {
+		corrupted_pages = run_iteration();
+		if (corrupted_pages > 0)
 			break;
-		}
 	}
 
-	if (failed) {
-		ksft_test_result_fail("Test failed\n");
-		ksft_exit_fail();
-	} else {
+	if (iter < NUM_ITERATIONS)
+		ksft_test_result_fail("FAILED on iteration %" PRIu64
+				      ": %" PRIu64
+				      " pages corrupted by MADV_REMOVE!\n",
+				      iter, corrupted_pages);
+	else
 		ksft_test_result_pass("All %d iterations passed\n",
 				      NUM_ITERATIONS);
-		ksft_exit_pass();
-	}
+
+	ksft_exit(iter == NUM_ITERATIONS);
 
 	return 0;
 }
_

Re: [PATCH v5] selftests/mm: add folio_split() and filemap_get_entry() race test

[Zi Yan]

On 25 Mar 2026, at 21:47, Andrew Morton wrote:

> On Mon, 23 Mar 2026 12:37:17 -0400 Zi Yan <ziy@nvidia.com> wrote:
>
>> The added folio_split_race_test is a modified C port of the race condition
>> test from [1]. The test creates shmem huge pages, where the main thread
>> punches holes in the shmem to cause folio_split() in the kernel and
>> a set of 16 threads reads the shmem to cause filemap_get_entry() in the
>> kernel. filemap_get_entry() reads the folio and xarray split by
>> folio_split() locklessly. The original test[2] is written in rust and uses
>> memfd (shmem backed). This C port uses shmem directly and use a single
>> process.
>>
>> Note: the initial rust to C conversion is done by Cursor.
>
> Thanks for the poke, I did indeed miss this.
>
> I'll toss the previous version and its three -fixes.  {lease check that
> those -fixes were incorporated here.
>
Thanks.

> Here's how v5 alters mm.git.  It's quite a large update.

Explanations are below.

>
>
>  tools/testing/selftests/mm/folio_split_race_test.c |   95 +++++------
>  1 file changed, 44 insertions(+), 51 deletions(-)
>
> --- a/tools/testing/selftests/mm/folio_split_race_test.c~a
> +++ a/tools/testing/selftests/mm/folio_split_race_test.c
> @@ -44,8 +44,8 @@ uint64_t pmd_pagesize;
>  /* Shared control block: control reading threads and record stats */
>  struct shared_ctl {
>  	atomic_uint_fast32_t stop;
> -	atomic_size_t reader_failures;
> -	atomic_size_t reader_verified;
> +	atomic_uint_fast64_t reader_failures;
> +	atomic_uint_fast64_t reader_verified;

I changed all size_t to uint64_t to match the existing uint64_t. This
atomic type change matches size_t to uint64_t.

>  	pthread_barrier_t barrier;
>  };
>
> @@ -59,7 +59,7 @@ static void fill_page(unsigned char *bas
>  }
>
>  /* Returns true if valid, false if corrupted. */
> -static bool check_page(unsigned char *base, size_t page_idx)
> +static bool check_page(unsigned char *base, uint64_t page_idx)
>  {
>  	unsigned char *page_ptr = base + page_idx * page_size;
>  	uint64_t expected_idx = (uint64_t)page_idx;
> @@ -68,7 +68,7 @@ static bool check_page(unsigned char *ba
>  	memcpy(&got_idx, page_ptr, 8);
>
>  	if (got_idx != expected_idx) {
> -		size_t off;
> +		uint64_t off;
>  		int all_zero = 1;
>
>  		for (off = 0; off < page_size; off++) {
> @@ -78,15 +78,19 @@ static bool check_page(unsigned char *ba
>  			}
>  		}
>  		if (all_zero) {
> -			ksft_print_msg(
> -				"CORRUPTED: page %zu (huge page %" PRIu64 ") is ALL ZEROS\n",
> -				page_idx,
> -				(page_idx * page_size) / pmd_pagesize);
> +			ksft_print_msg("CORRUPTED: page %" PRIu64
> +				       " (huge page %" PRIu64
> +				       ") is ALL ZEROS\n",
> +				       page_idx,
> +				       (page_idx * page_size) / pmd_pagesize);
>  		} else {
> -			ksft_print_msg(
> -				"CORRUPTED: page %zu (huge page %" PRIu64 "): expected idx %zu, got %" PRIu64 "\n",
> -				page_idx, (page_idx * page_size) / pmd_pagesize,
> -				page_idx, got_idx);
> +			ksft_print_msg("CORRUPTED: page %" PRIu64
> +				       " (huge page %" PRIu64
> +				       "): expected idx %" PRIu64
> +				       ", got %" PRIu64 "\n",
> +				       page_idx,
> +				       (page_idx * page_size) / pmd_pagesize,
> +				       page_idx, got_idx);

The above two are printf format change from %zu to PRIu64 for size_t -> uint64_t
change. Code is reformatted as well.

>  		}
>  		return false;
>  	}
> @@ -97,8 +101,8 @@ struct reader_arg {
>  	unsigned char *base;
>  	struct shared_ctl *ctl;
>  	int tid;
> -	atomic_size_t *failures;
> -	atomic_size_t *verified;
> +	atomic_uint_fast64_t *failures;
> +	atomic_uint_fast64_t *verified;
>  };
>
>  static void *reader_thread(void *arg)
> @@ -107,9 +111,9 @@ static void *reader_thread(void *arg)
>  	unsigned char *base = ra->base;
>  	struct shared_ctl *ctl = ra->ctl;
>  	int tid = ra->tid;
> -	atomic_size_t *failures = ra->failures;
> -	atomic_size_t *verified = ra->verified;
> -	size_t page_idx;
> +	atomic_uint_fast64_t *failures = ra->failures;
> +	atomic_uint_fast64_t *verified = ra->verified;
> +	uint64_t page_idx;
>
>  	pthread_barrier_wait(&ctl->barrier);
>
> @@ -154,14 +158,14 @@ static void create_readers(pthread_t *th
>  }
>
>  /* Run a single iteration. Returns total number of corrupted pages. */
> -static size_t run_iteration(void)
> +static uint64_t run_iteration(void)
>  {
> -	size_t reader_failures, reader_verified;
> +	uint64_t reader_failures, reader_verified;
>  	struct reader_arg args[NUM_READER_THREADS];
>  	pthread_t threads[NUM_READER_THREADS];
>  	unsigned char *mmap_base;
>  	struct shared_ctl ctl;
> -	size_t i;
> +	uint64_t i;
>
>  	memset(&ctl, 0, sizeof(struct shared_ctl));
>
> @@ -195,7 +199,7 @@ static size_t run_iteration(void)
>  		if (madvise(mmap_base + i * page_size,
>  			    PUNCH_SIZE_FACTOR * page_size, MADV_REMOVE) != 0) {
>  			ksft_exit_fail_msg(
> -				"madvise(MADV_REMOVE) failed on page %zu: %d\n",
> +				"madvise(MADV_REMOVE) failed on page %" PRIu64 ": %d\n",
>  				i, errno);
>  		}
>
> @@ -214,7 +218,7 @@ static size_t run_iteration(void)
>  	reader_verified = atomic_load_explicit(&ctl.reader_verified,
>  					       memory_order_acquire);
>  	if (reader_failures)
> -		ksft_print_msg("Child: %zu pages verified, %zu failures\n",
> +		ksft_print_msg("Child: %" PRIu64 " pages verified, %" PRIu64 " failures\n",
>  			       reader_verified, reader_failures);
>
>  	munmap(mmap_base, FILE_SIZE);
> @@ -242,13 +246,15 @@ static void thp_settings_cleanup(void)
>  int main(void)
>  {
>  	struct thp_settings current_settings;
> -	bool failed = false;
> -	size_t failures;
> -	size_t iter;
> +	uint64_t corrupted_pages;
> +	uint64_t iter;

The above changes are all about size_t to uint64_t change and related
printf format change.

>
>  	ksft_print_header();
>
> -	if (!thp_is_enabled())
> +	page_size = getpagesize();
> +	pmd_pagesize = read_pmd_pagesize();
> +
> +	if (!thp_available() || !pmd_pagesize)
>  		ksft_exit_skip("Transparent Hugepages not available\n");

This addresses David's comment on thp_is_enable() vs thp_available()
and pmd_pagesize can be zero when THP is not available.

>
>  	if (geteuid() != 0)
> @@ -268,37 +274,24 @@ int main(void)
>
>  	ksft_set_plan(1);
>
> -	page_size = getpagesize();
> -	pmd_pagesize = read_pmd_pagesize();
> -
>  	ksft_print_msg("folio split race test\n");
> -	ksft_print_msg("===================================================\n");
> -	ksft_print_msg("Shmem size:       %" PRIu64 " MiB\n", FILE_SIZE / 1024 / 1024);
> -	ksft_print_msg("Total pages:     %" PRIu64 "\n", TOTAL_PAGES);
> -	ksft_print_msg("Child readers:   %d\n", NUM_READER_THREADS);
> -	ksft_print_msg("Punching every %dth to %dth page\n", PUNCH_INTERVAL,
> -		       PUNCH_INTERVAL + PUNCH_SIZE_FACTOR);
> -	ksft_print_msg("Iterations:      %d\n", NUM_ITERATIONS);

Removed based on David's feedback.

> -
> -	for (iter = 1; iter <= NUM_ITERATIONS; iter++) {
> -		failures = run_iteration();
> -		if (failures > 0) {
> -			failed = true;
> -			ksft_print_msg(
> -				"FAILED on iteration %zu: %zu pages corrupted by MADV_REMOVE!\n",
> -				iter, failures);
> +
> +	for (iter = 0; iter < NUM_ITERATIONS; iter++) {
> +		corrupted_pages = run_iteration();
> +		if (corrupted_pages > 0)
>  			break;
> -		}
>  	}
>
> -	if (failed) {
> -		ksft_test_result_fail("Test failed\n");
> -		ksft_exit_fail();
> -	} else {
> +	if (iter < NUM_ITERATIONS)
> +		ksft_test_result_fail("FAILED on iteration %" PRIu64
> +				      ": %" PRIu64
> +				      " pages corrupted by MADV_REMOVE!\n",
> +				      iter, corrupted_pages);
> +	else
>  		ksft_test_result_pass("All %d iterations passed\n",
>  				      NUM_ITERATIONS);
> -		ksft_exit_pass();
> -	}
> +
> +	ksft_exit(iter == NUM_ITERATIONS);

Simplification based on David's feedback. No function change.

>
>  	return 0;
>  }
> _


--
Best Regards,
Yan, Zi