[PATCH v3] mm/khugepaged: fix inconsistent MMF_VM_HUGEPAGE flag due to allocation failure order

Linux-mm Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Ye Liu <ye.liu@linux.dev>
To: Andrew Morton <akpm@linux-foundation.org>,
	David Hildenbrand <david@kernel.org>,
	Lorenzo Stoakes <ljs@kernel.org>,
	Xin Hao <xhao@linux.alibaba.com>
Cc: Ye Liu <liuye@kylinos.cn>, Zi Yan <ziy@nvidia.com>,
	Baolin Wang <baolin.wang@linux.alibaba.com>,
	"Liam R. Howlett" <liam@infradead.org>,
	Nico Pache <npache@redhat.com>,
	Ryan Roberts <ryan.roberts@arm.com>, Dev Jain <dev.jain@arm.com>,
	Barry Song <baohua@kernel.org>, Lance Yang <lance.yang@linux.dev>,
	Andrew Morton <akpm@linux-foudation.org>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: [PATCH v3] mm/khugepaged: fix inconsistent MMF_VM_HUGEPAGE flag due to allocation failure order
Date: Mon, 11 May 2026 10:54:07 +0800	[thread overview]
Message-ID: <20260511025408.54035-1-ye.liu@linux.dev> (raw)

From: Ye Liu <liuye@kylinos.cn>

__khugepaged_enter() sets MMF_VM_HUGEPAGE before allocating the
corresponding mm_slot.  If mm_slot_alloc() fails, the function
returns with the flag set but without inserting the mm into the
khugepaged tracking structures, leaving the mm in an inconsistent
state where future registration attempts are skipped.

Fix this by reordering: allocate the mm_slot first, then check and
set the flag.  If the flag is already set, free the allocated slot
and return.  This ensures the flag is only set when the mm is
successfully registered in the khugepaged tracking structures.

Fixes: 16618670276a ("mm: khugepaged: avoid pointless allocation for "struct mm_slot"")
Suggested-by: David Hildenbrand <david@kernel.org>
Signed-off-by: Ye Liu <liuye@kylinos.cn>
---
Changes since v2:
- Reorder to allocate mm_slot first, free it when flag already set,
  as suggested by David, Dev Jain and Lance Yang
- Update the subject line to better match the patch.
- Link: https://lore.kernel.org/all/20260506012130.9306-1-ye.liu@linux.dev/

Changes since v1:
- Add Fixes tag as suggested by Dev Jain and Lance Yang
- Link: https://lore.kernel.org/all/20260501075708.327217-1-ye.liu@linux.dev/

 mm/khugepaged.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 5f4e009593e0..78735f34250a 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -437,13 +437,16 @@ void __khugepaged_enter(struct mm_struct *mm)
 
 	/* __khugepaged_exit() must not run from under us */
 	VM_BUG_ON_MM(collapse_test_exit(mm), mm);
-	if (unlikely(mm_flags_test_and_set(MMF_VM_HUGEPAGE, mm)))
-		return;
 
 	slot = mm_slot_alloc(mm_slot_cache);
 	if (!slot)
 		return;
 
+	if (unlikely(mm_flags_test_and_set(MMF_VM_HUGEPAGE, mm))) {
+		mm_slot_free(mm_slot_cache, slot);
+		return;
+	}
+
 	spin_lock(&khugepaged_mm_lock);
 	mm_slot_insert(mm_slots_hash, mm, slot);
 	/*
-- 
2.43.0

next             reply	other threads:[~2026-05-11  2:54 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-11  2:54 Ye Liu [this message]
2026-05-11  3:11 ` [PATCH v3] mm/khugepaged: fix inconsistent MMF_VM_HUGEPAGE flag due to allocation failure order Lance Yang
2026-05-11  5:41 ` David Hildenbrand (Arm)
2026-05-11  5:45 ` Dev Jain

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5f4e009593e dfblob:78735f34250 )
 OR (
bs:"[PATCH v3] mm/khugepaged: fix inconsistent MMF_VM_HUGEPAGE flag due to allocation failure order" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260511025408.54035-1-ye.liu@linux.dev \
    --to=ye.liu@linux.dev \
    --cc=akpm@linux-foudation.org \
    --cc=akpm@linux-foundation.org \
    --cc=baohua@kernel.org \
    --cc=baolin.wang@linux.alibaba.com \
    --cc=david@kernel.org \
    --cc=dev.jain@arm.com \
    --cc=lance.yang@linux.dev \
    --cc=liam@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=liuye@kylinos.cn \
    --cc=ljs@kernel.org \
    --cc=npache@redhat.com \
    --cc=ryan.roberts@arm.com \
    --cc=xhao@linux.alibaba.com \
    --cc=ziy@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox