public inbox for linux-mm@kvack.org
 help / color / mirror / Atom feed
From: Usama Arif <usama.arif@linux.dev>
To: "David Hildenbrand (Arm)" <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	npache@redhat.com, ziy@nvidia.com, linux-mm@kvack.org,
	mpenttil@redhat.com, balbirs@nvidia.com
Cc: matthew.brost@intel.com, joshua.hahnjy@gmail.com,
	hannes@cmpxchg.org, rakie.kim@sk.com, byungchul@sk.com,
	gourry@gourry.net, ying.huang@linux.alibaba.com,
	apopple@nvidia.com, riel@surriel.com, shakeel.butt@linux.dev,
	kas@kernel.org, linux-kernel@vger.kernel.org,
	kernel-team@meta.com
Subject: Re: [PATCH] mm/migrate_device: document folio_get requirement before frozen PMD split
Date: Mon, 9 Mar 2026 22:11:20 +0300	[thread overview]
Message-ID: <a9404db2-d8de-440f-b407-fdc489b00f7b@linux.dev> (raw)
In-Reply-To: <c74e3941-f977-4b19-9d71-972bd9ed5c60@kernel.org>



On 09/03/2026 18:18, David Hildenbrand (Arm) wrote:
> On 3/6/26 11:44, Usama Arif wrote:
>> split_huge_pmd_address() with freeze=true splits a PMD migration entry
>> into PTE migration entries, consuming one folio reference in the
>> process.  The folio_get() before it provides this reference.
>>
>> Add a comment explaining this relationship and a VM_WARN_ON_ONCE to
>> catch an unexpected refcount != 1 entry state.
>>
>> Suggested-by: Zi Yan <ziy@nvidia.com>
>> Signed-off-by: Usama Arif <usama.arif@linux.dev>
>> ---
>>  mm/migrate_device.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/mm/migrate_device.c b/mm/migrate_device.c
>> index 78c7acf024615..6fa2878848a7e 100644
>> --- a/mm/migrate_device.c
>> +++ b/mm/migrate_device.c
>> @@ -908,6 +908,11 @@ static int migrate_vma_split_unmapped_folio(struct migrate_vma *migrate,
>>  	unsigned long flags;
>>  	int ret = 0;
>>  
>> +	VM_WARN_ON_ONCE(folio_ref_count(folio) != 1);
> 
> Can't we have speculative references here? In general, asserting that
> the refcount has an exact value (besides 0) is often shaky.


I hope not at this point in code.

At this point, the folio is locked and unmapped (both done in migrate_vma_collect_huge_pmd()),
and the present PMD was set to migration entry. It is isolated from LRU in
migrate_device_unmap(). So the folio should not be visible to GUP or reclaim/compaction.
Only anon, non-swapcache folios should reach here. So it won't run into any folio_try_get
in page cache or swap cache.

The folio_get() done in migrate_vma_split_unmapped_folio() is consumed by
split_huge_pmd_address(), and folio_split_unmapped() expects a folio_reference
of 1 after this [1].

If its not considered good to assert a non zero refcount value, I can change the
warning to a comment, but I think refcount should be 1 at this point, otherwise
folio_split_unmapped will fail.

[1] https://elixir.bootlin.com/linux/v6.19.6/source/mm/huge_memory.c#L4137

> 
>> +	/*
>> +	 * take a reference, since split_huge_pmd_address() with freeze = true
>> +	 * drops a reference at the end.
>> +	 */
>>  	folio_get(folio);
>>  	split_huge_pmd_address(migrate->vma, addr, true);
>>  	ret = folio_split_unmapped(folio, 0);
> 
> 



  reply	other threads:[~2026-03-09 19:11 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-06 10:44 [PATCH] mm/migrate_device: document folio_get requirement before frozen PMD split Usama Arif
2026-03-06 12:18 ` Zi Yan
2026-03-09 15:11 ` Nico Pache
2026-03-09 15:18 ` David Hildenbrand (Arm)
2026-03-09 19:11   ` Usama Arif [this message]
2026-03-09 20:22     ` David Hildenbrand (Arm)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a9404db2-d8de-440f-b407-fdc489b00f7b@linux.dev \
    --to=usama.arif@linux.dev \
    --cc=akpm@linux-foundation.org \
    --cc=apopple@nvidia.com \
    --cc=balbirs@nvidia.com \
    --cc=byungchul@sk.com \
    --cc=david@kernel.org \
    --cc=gourry@gourry.net \
    --cc=hannes@cmpxchg.org \
    --cc=joshua.hahnjy@gmail.com \
    --cc=kas@kernel.org \
    --cc=kernel-team@meta.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=matthew.brost@intel.com \
    --cc=mpenttil@redhat.com \
    --cc=npache@redhat.com \
    --cc=rakie.kim@sk.com \
    --cc=riel@surriel.com \
    --cc=shakeel.butt@linux.dev \
    --cc=ying.huang@linux.alibaba.com \
    --cc=ziy@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox