* Re: [Patch v2] mm/page_vma_mapped: revalidate and do proper check before return device-private pmd
[not found] <20260616063436.20455-1-richard.weiyang@gmail.com>
@ 2026-06-16 12:30 ` Lance Yang
2026-06-16 23:50 ` Wei Yang
[not found] ` <666dc40b-e37a-46eb-af55-7a81bc1643f1@kernel.org>
0 siblings, 2 replies; 5+ messages in thread
From: Lance Yang @ 2026-06-16 12:30 UTC (permalink / raw)
To: richard.weiyang
Cc: akpm, david, ljs, riel, liam, vbabka, harry, jannh, balbirs, ziy,
sj, linux-mm, lorenzo.stoakes, stable, Lance Yang
On Tue, Jun 16, 2026 at 06:34:36AM +0000, Wei Yang wrote:
[...]
>diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c
>index 2ccbabfb2cc1..21635fab209c 100644
>--- a/mm/page_vma_mapped.c
>+++ b/mm/page_vma_mapped.c
>@@ -243,40 +243,28 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
> */
> pmde = pmdp_get_lockless(pvmw->pmd);
>
>- if (pmd_trans_huge(pmde) || pmd_is_migration_entry(pmde)) {
>- pvmw->ptl = pmd_lock(mm, pvmw->pmd);
>- pmde = *pvmw->pmd;
>- if (!pmd_present(pmde)) {
>- softleaf_t entry;
>-
>- if (!thp_migration_supported() ||
>- !(pvmw->flags & PVMW_MIGRATION))
>- return not_found(pvmw);
>- entry = softleaf_from_pmd(pmde);
>-
>- if (!softleaf_is_migration(entry) ||
>- !check_pmd(softleaf_to_pfn(entry), pvmw))
>- return not_found(pvmw);
>- return true;
>- }
>- if (likely(pmd_trans_huge(pmde))) {
>- if (pvmw->flags & PVMW_MIGRATION)
>- return not_found(pvmw);
>- if (!check_pmd(pmd_pfn(pmde), pvmw))
>- return not_found(pvmw);
>- return true;
>- }
>- /* THP pmd was split under us: handle on pte level */
>- spin_unlock(pvmw->ptl);
>- pvmw->ptl = NULL;
>- } else if (!pmd_present(pmde)) {
>- const softleaf_t entry = softleaf_from_pmd(pmde);
>-
>- if (softleaf_is_device_private(entry)) {
>- pvmw->ptl = pmd_lock(mm, pvmw->pmd);
>- return true;
>- }
>+ if (pmd_present(pmde)) {
>+ if (!pmd_leaf(pmde))
>+ goto pte_table;
>+ if (pvmw->flags & PVMW_MIGRATION)
>+ return not_found(pvmw);
>+ if (!check_pmd(pmd_pfn(pmde), pvmw))
>+ return not_found(pvmw);
>+ } else if (pmd_is_migration_entry(pmde)) {
>+ softleaf_t entry = softleaf_from_pmd(pmde);
>+
>+ if (!(pvmw->flags & PVMW_MIGRATION))
>+ return not_found(pvmw);
Looked at history a bit, and I wonder if this changed something old
here ...
Since 616b8371539a ("mm: thp: enable thp migration in generic path"), PMD
migration handling took PTL before doing PVMW_MIGRATION/PFN checks,
including not_found() cases. So lockless PMD read was just a filter ...
With this fix, true case gets final pmd_same() check, but this
not_found() case happens before taking PTL.
So a !PVMW_MIGRATION walker could race with someone, e.g.
remove_migration_pmd(): we make the not_found() decision from old PMD
value that still says "migration", while real *pvmw->pmd may already be
present again. We return without ever taking PTL :)
Not sure about practical fallout, but should these PMD-level not_found()
cases also take PTL and restart if PMD changed?
>+ if (!check_pmd(softleaf_to_pfn(entry), pvmw))
>+ return not_found(pvmw);
>+ } else if (pmd_is_device_private_entry(pmde)) {
>+ softleaf_t entry = softleaf_from_pmd(pmde);
>
>+ if (pvmw->flags & PVMW_MIGRATION)
>+ return not_found(pvmw);
>+ if (!check_pmd(softleaf_to_pfn(entry), pvmw))
>+ return not_found(pvmw);
>+ } else {
> if ((pvmw->flags & PVMW_SYNC) &&
> thp_vma_suitable_order(vma, pvmw->address,
> PMD_ORDER) &&
>@@ -286,6 +274,15 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
> step_forward(pvmw, PMD_SIZE);
> continue;
> }
>+
>+ /* Double-check under PTL that the PMD didn't change. */
>+ pvmw->ptl = pmd_lock(mm, pvmw->pmd);
>+ if (pmd_same(pmde, pmdp_get(pvmw->pmd)))
>+ return true;
>+ spin_unlock(pvmw->ptl);
>+ pvmw->ptl = NULL;
>+ goto restart;
>+pte_table:
> if (!map_pte(pvmw, &pmde, &ptl)) {
> if (!pvmw->pte)
> goto restart;
>--
>2.34.1
>
Cheers, Lance
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Patch v2] mm/page_vma_mapped: revalidate and do proper check before return device-private pmd
2026-06-16 12:30 ` [Patch v2] mm/page_vma_mapped: revalidate and do proper check before return device-private pmd Lance Yang
@ 2026-06-16 23:50 ` Wei Yang
2026-06-17 2:32 ` Lance Yang
[not found] ` <666dc40b-e37a-46eb-af55-7a81bc1643f1@kernel.org>
1 sibling, 1 reply; 5+ messages in thread
From: Wei Yang @ 2026-06-16 23:50 UTC (permalink / raw)
To: Lance Yang
Cc: richard.weiyang, akpm, david, ljs, riel, liam, vbabka, harry,
jannh, balbirs, ziy, sj, linux-mm, lorenzo.stoakes, stable
On Tue, Jun 16, 2026 at 08:30:01PM +0800, Lance Yang wrote:
>
>On Tue, Jun 16, 2026 at 06:34:36AM +0000, Wei Yang wrote:
>[...]
>>diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c
>>index 2ccbabfb2cc1..21635fab209c 100644
>>--- a/mm/page_vma_mapped.c
>>+++ b/mm/page_vma_mapped.c
>>@@ -243,40 +243,28 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
>> */
>> pmde = pmdp_get_lockless(pvmw->pmd);
>>
>>- if (pmd_trans_huge(pmde) || pmd_is_migration_entry(pmde)) {
>>- pvmw->ptl = pmd_lock(mm, pvmw->pmd);
>>- pmde = *pvmw->pmd;
>>- if (!pmd_present(pmde)) {
>>- softleaf_t entry;
>>-
>>- if (!thp_migration_supported() ||
>>- !(pvmw->flags & PVMW_MIGRATION))
>>- return not_found(pvmw);
>>- entry = softleaf_from_pmd(pmde);
>>-
>>- if (!softleaf_is_migration(entry) ||
>>- !check_pmd(softleaf_to_pfn(entry), pvmw))
>>- return not_found(pvmw);
>>- return true;
>>- }
>>- if (likely(pmd_trans_huge(pmde))) {
>>- if (pvmw->flags & PVMW_MIGRATION)
>>- return not_found(pvmw);
>>- if (!check_pmd(pmd_pfn(pmde), pvmw))
>>- return not_found(pvmw);
>>- return true;
>>- }
>>- /* THP pmd was split under us: handle on pte level */
>>- spin_unlock(pvmw->ptl);
>>- pvmw->ptl = NULL;
>>- } else if (!pmd_present(pmde)) {
>>- const softleaf_t entry = softleaf_from_pmd(pmde);
>>-
>>- if (softleaf_is_device_private(entry)) {
>>- pvmw->ptl = pmd_lock(mm, pvmw->pmd);
>>- return true;
>>- }
>>+ if (pmd_present(pmde)) {
>>+ if (!pmd_leaf(pmde))
>>+ goto pte_table;
>>+ if (pvmw->flags & PVMW_MIGRATION)
>>+ return not_found(pvmw);
>>+ if (!check_pmd(pmd_pfn(pmde), pvmw))
>>+ return not_found(pvmw);
>>+ } else if (pmd_is_migration_entry(pmde)) {
>>+ softleaf_t entry = softleaf_from_pmd(pmde);
>>+
>>+ if (!(pvmw->flags & PVMW_MIGRATION))
>>+ return not_found(pvmw);
>
>Looked at history a bit, and I wonder if this changed something old
>here ...
>
>Since 616b8371539a ("mm: thp: enable thp migration in generic path"), PMD
>migration handling took PTL before doing PVMW_MIGRATION/PFN checks,
>including not_found() cases. So lockless PMD read was just a filter ...
>
>With this fix, true case gets final pmd_same() check, but this
>not_found() case happens before taking PTL.
>
>So a !PVMW_MIGRATION walker could race with someone, e.g.
>remove_migration_pmd(): we make the not_found() decision from old PMD
>value that still says "migration", while real *pvmw->pmd may already be
>present again. We return without ever taking PTL :)
>
Hi, Lance
Thanks for take a look.
I am trying to understand the scenario you mentioned. Let's say A migrate a
pmd and B want to unmap the pmd.
A B
try to migrate a pmd
pmd is set to migration entry
unmap the pmd ...
managed to finish migration
...still see migration entry,
so skipped and unmap fail
Would this be a timing case? Even B grab the PTL, it still could see migration
entry if B visit pmd before A finish migration.
Maybe I miss something, look forward your insight.
>Not sure about practical fallout, but should these PMD-level not_found()
>cases also take PTL and restart if PMD changed?
>
--
Wei Yang
Help you, Help me
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Patch v2] mm/page_vma_mapped: revalidate and do proper check before return device-private pmd
[not found] ` <666dc40b-e37a-46eb-af55-7a81bc1643f1@kernel.org>
@ 2026-06-17 2:11 ` Balbir Singh
2026-06-17 3:14 ` Lance Yang
0 siblings, 1 reply; 5+ messages in thread
From: Balbir Singh @ 2026-06-17 2:11 UTC (permalink / raw)
To: David Hildenbrand (Arm)
Cc: Lance Yang, richard.weiyang, akpm, ljs, riel, liam, vbabka, harry,
jannh, ziy, sj, linux-mm, lorenzo.stoakes, stable
On Tue, Jun 16, 2026 at 03:07:53PM +0200, David Hildenbrand (Arm) wrote:
> On 6/16/26 14:30, Lance Yang wrote:
> >
> > On Tue, Jun 16, 2026 at 06:34:36AM +0000, Wei Yang wrote:
> > [...]
> >> diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c
> >> index 2ccbabfb2cc1..21635fab209c 100644
> >> --- a/mm/page_vma_mapped.c
> >> +++ b/mm/page_vma_mapped.c
> >> @@ -243,40 +243,28 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
> >> */
> >> pmde = pmdp_get_lockless(pvmw->pmd);
> >>
> >> - if (pmd_trans_huge(pmde) || pmd_is_migration_entry(pmde)) {
> >> - pvmw->ptl = pmd_lock(mm, pvmw->pmd);
> >> - pmde = *pvmw->pmd;
> >> - if (!pmd_present(pmde)) {
> >> - softleaf_t entry;
> >> -
> >> - if (!thp_migration_supported() ||
> >> - !(pvmw->flags & PVMW_MIGRATION))
> >> - return not_found(pvmw);
> >> - entry = softleaf_from_pmd(pmde);
> >> -
> >> - if (!softleaf_is_migration(entry) ||
> >> - !check_pmd(softleaf_to_pfn(entry), pvmw))
> >> - return not_found(pvmw);
> >> - return true;
> >> - }
> >> - if (likely(pmd_trans_huge(pmde))) {
> >> - if (pvmw->flags & PVMW_MIGRATION)
> >> - return not_found(pvmw);
> >> - if (!check_pmd(pmd_pfn(pmde), pvmw))
> >> - return not_found(pvmw);
> >> - return true;
> >> - }
> >> - /* THP pmd was split under us: handle on pte level */
> >> - spin_unlock(pvmw->ptl);
> >> - pvmw->ptl = NULL;
> >> - } else if (!pmd_present(pmde)) {
> >> - const softleaf_t entry = softleaf_from_pmd(pmde);
> >> -
> >> - if (softleaf_is_device_private(entry)) {
> >> - pvmw->ptl = pmd_lock(mm, pvmw->pmd);
> >> - return true;
> >> - }
> >> + if (pmd_present(pmde)) {
> >> + if (!pmd_leaf(pmde))
> >> + goto pte_table;
> >> + if (pvmw->flags & PVMW_MIGRATION)
> >> + return not_found(pvmw);
> >> + if (!check_pmd(pmd_pfn(pmde), pvmw))
> >> + return not_found(pvmw);
> >> + } else if (pmd_is_migration_entry(pmde)) {
> >> + softleaf_t entry = softleaf_from_pmd(pmde);
> >> +
> >> + if (!(pvmw->flags & PVMW_MIGRATION))
> >> + return not_found(pvmw);
> >
> > Looked at history a bit, and I wonder if this changed something old
> > here ...
> >
> > Since 616b8371539a ("mm: thp: enable thp migration in generic path"), PMD
> > migration handling took PTL before doing PVMW_MIGRATION/PFN checks,
> > including not_found() cases. So lockless PMD read was just a filter ...
> >
> > With this fix, true case gets final pmd_same() check, but this
> > not_found() case happens before taking PTL.
> >
> > So a !PVMW_MIGRATION walker could race with someone, e.g.
> > remove_migration_pmd(): we make the not_found() decision from old PMD
> > value that still says "migration", while real *pvmw->pmd may already be
> > present again. We return without ever taking PTL :)
> >
> > Not sure about practical fallout, but should these PMD-level not_found()
> > cases also take PTL and restart if PMD changed?
> I was hoping that we could so something similar to the PTE case.
>
> In map_pte(), we check whether the PMD changed, which is slightly different.
>
> The actual check happens in check_pte() after grabbing the PTL.
>
> For the case you describe, map_pte() would find !pte_none(ptent) ...
> !pte_present(ptent) and !is_migration, and effectively grab the lock and proceed
> to check_pte().
>
> In check_pte() we re-check under lock indeed.
>
Thinking of the practical fallout, not finding the PMD for a non
migration worker should be OK. Is there a case where it's not OK to
report the old state.
Balbir
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Patch v2] mm/page_vma_mapped: revalidate and do proper check before return device-private pmd
2026-06-16 23:50 ` Wei Yang
@ 2026-06-17 2:32 ` Lance Yang
0 siblings, 0 replies; 5+ messages in thread
From: Lance Yang @ 2026-06-17 2:32 UTC (permalink / raw)
To: richard.weiyang
Cc: lance.yang, akpm, david, ljs, riel, liam, vbabka, harry, jannh,
balbirs, ziy, sj, linux-mm, lorenzo.stoakes, stable
On Tue, Jun 16, 2026 at 11:50:22PM +0000, Wei Yang wrote:
>On Tue, Jun 16, 2026 at 08:30:01PM +0800, Lance Yang wrote:
>>
>>On Tue, Jun 16, 2026 at 06:34:36AM +0000, Wei Yang wrote:
>>[...]
>>>diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c
>>>index 2ccbabfb2cc1..21635fab209c 100644
>>>--- a/mm/page_vma_mapped.c
>>>+++ b/mm/page_vma_mapped.c
>>>@@ -243,40 +243,28 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
>>> */
>>> pmde = pmdp_get_lockless(pvmw->pmd);
>>>
>>>- if (pmd_trans_huge(pmde) || pmd_is_migration_entry(pmde)) {
>>>- pvmw->ptl = pmd_lock(mm, pvmw->pmd);
>>>- pmde = *pvmw->pmd;
>>>- if (!pmd_present(pmde)) {
>>>- softleaf_t entry;
>>>-
>>>- if (!thp_migration_supported() ||
>>>- !(pvmw->flags & PVMW_MIGRATION))
>>>- return not_found(pvmw);
>>>- entry = softleaf_from_pmd(pmde);
>>>-
>>>- if (!softleaf_is_migration(entry) ||
>>>- !check_pmd(softleaf_to_pfn(entry), pvmw))
>>>- return not_found(pvmw);
>>>- return true;
>>>- }
>>>- if (likely(pmd_trans_huge(pmde))) {
>>>- if (pvmw->flags & PVMW_MIGRATION)
>>>- return not_found(pvmw);
>>>- if (!check_pmd(pmd_pfn(pmde), pvmw))
>>>- return not_found(pvmw);
>>>- return true;
>>>- }
>>>- /* THP pmd was split under us: handle on pte level */
>>>- spin_unlock(pvmw->ptl);
>>>- pvmw->ptl = NULL;
>>>- } else if (!pmd_present(pmde)) {
>>>- const softleaf_t entry = softleaf_from_pmd(pmde);
>>>-
>>>- if (softleaf_is_device_private(entry)) {
>>>- pvmw->ptl = pmd_lock(mm, pvmw->pmd);
>>>- return true;
>>>- }
>>>+ if (pmd_present(pmde)) {
>>>+ if (!pmd_leaf(pmde))
>>>+ goto pte_table;
>>>+ if (pvmw->flags & PVMW_MIGRATION)
>>>+ return not_found(pvmw);
>>>+ if (!check_pmd(pmd_pfn(pmde), pvmw))
>>>+ return not_found(pvmw);
>>>+ } else if (pmd_is_migration_entry(pmde)) {
>>>+ softleaf_t entry = softleaf_from_pmd(pmde);
>>>+
>>>+ if (!(pvmw->flags & PVMW_MIGRATION))
>>>+ return not_found(pvmw);
>>
>>Looked at history a bit, and I wonder if this changed something old
>>here ...
>>
>>Since 616b8371539a ("mm: thp: enable thp migration in generic path"), PMD
>>migration handling took PTL before doing PVMW_MIGRATION/PFN checks,
>>including not_found() cases. So lockless PMD read was just a filter ...
>>
>>With this fix, true case gets final pmd_same() check, but this
>>not_found() case happens before taking PTL.
>>
>>So a !PVMW_MIGRATION walker could race with someone, e.g.
>>remove_migration_pmd(): we make the not_found() decision from old PMD
>>value that still says "migration", while real *pvmw->pmd may already be
>>present again. We return without ever taking PTL :)
>>
>
>Hi, Lance
>
>Thanks for take a look.
>
>I am trying to understand the scenario you mentioned. Let's say A migrate a
>pmd and B want to unmap the pmd.
>
> A B
>
> try to migrate a pmd
> pmd is set to migration entry
> unmap the pmd ...
> managed to finish migration
> ...still see migration entry,
> so skipped and unmap fail
>
>Would this be a timing case? Even B grab the PTL, it still could see migration
>entry if B visit pmd before A finish migration.
>
>Maybe I miss something, look forward your insight.
Right, seeing migration entry while migration is still ongoing is fine.
What I meant was this ordering:
CPU 0: pmde = pmdp_get_lockless(...); /* migration */
CPU 1: remove_migration_pmd() restores PMD to present
CPU 0: returns not_found() from old pmde, without ever taking PTL and
rechecking *pvmw->pmd
So issue is not seeing migration entry itself, but making final
not_found() decision from stale lockless PMD value ...
Before this patch, PMD migration case took PTL before making that
decision ...
>>Not sure about practical fallout, but should these PMD-level not_found()
>>cases also take PTL and restart if PMD changed?
>>
>
>--
>Wei Yang
>Help you, Help me
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Patch v2] mm/page_vma_mapped: revalidate and do proper check before return device-private pmd
2026-06-17 2:11 ` Balbir Singh
@ 2026-06-17 3:14 ` Lance Yang
0 siblings, 0 replies; 5+ messages in thread
From: Lance Yang @ 2026-06-17 3:14 UTC (permalink / raw)
To: balbirs
Cc: david, lance.yang, richard.weiyang, akpm, ljs, riel, liam, vbabka,
harry, jannh, ziy, sj, linux-mm, lorenzo.stoakes, stable
On Wed, Jun 17, 2026 at 12:11:14PM +1000, Balbir Singh wrote:
>On Tue, Jun 16, 2026 at 03:07:53PM +0200, David Hildenbrand (Arm) wrote:
>> On 6/16/26 14:30, Lance Yang wrote:
>> >
>> > On Tue, Jun 16, 2026 at 06:34:36AM +0000, Wei Yang wrote:
>> > [...]
>> >> diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c
>> >> index 2ccbabfb2cc1..21635fab209c 100644
>> >> --- a/mm/page_vma_mapped.c
>> >> +++ b/mm/page_vma_mapped.c
>> >> @@ -243,40 +243,28 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
>> >> */
>> >> pmde = pmdp_get_lockless(pvmw->pmd);
>> >>
>> >> - if (pmd_trans_huge(pmde) || pmd_is_migration_entry(pmde)) {
>> >> - pvmw->ptl = pmd_lock(mm, pvmw->pmd);
>> >> - pmde = *pvmw->pmd;
>> >> - if (!pmd_present(pmde)) {
>> >> - softleaf_t entry;
>> >> -
>> >> - if (!thp_migration_supported() ||
>> >> - !(pvmw->flags & PVMW_MIGRATION))
>> >> - return not_found(pvmw);
>> >> - entry = softleaf_from_pmd(pmde);
>> >> -
>> >> - if (!softleaf_is_migration(entry) ||
>> >> - !check_pmd(softleaf_to_pfn(entry), pvmw))
>> >> - return not_found(pvmw);
>> >> - return true;
>> >> - }
>> >> - if (likely(pmd_trans_huge(pmde))) {
>> >> - if (pvmw->flags & PVMW_MIGRATION)
>> >> - return not_found(pvmw);
>> >> - if (!check_pmd(pmd_pfn(pmde), pvmw))
>> >> - return not_found(pvmw);
>> >> - return true;
>> >> - }
>> >> - /* THP pmd was split under us: handle on pte level */
>> >> - spin_unlock(pvmw->ptl);
>> >> - pvmw->ptl = NULL;
>> >> - } else if (!pmd_present(pmde)) {
>> >> - const softleaf_t entry = softleaf_from_pmd(pmde);
>> >> -
>> >> - if (softleaf_is_device_private(entry)) {
>> >> - pvmw->ptl = pmd_lock(mm, pvmw->pmd);
>> >> - return true;
>> >> - }
>> >> + if (pmd_present(pmde)) {
>> >> + if (!pmd_leaf(pmde))
>> >> + goto pte_table;
>> >> + if (pvmw->flags & PVMW_MIGRATION)
>> >> + return not_found(pvmw);
>> >> + if (!check_pmd(pmd_pfn(pmde), pvmw))
>> >> + return not_found(pvmw);
>> >> + } else if (pmd_is_migration_entry(pmde)) {
>> >> + softleaf_t entry = softleaf_from_pmd(pmde);
>> >> +
>> >> + if (!(pvmw->flags & PVMW_MIGRATION))
>> >> + return not_found(pvmw);
>> >
>> > Looked at history a bit, and I wonder if this changed something old
>> > here ...
>> >
>> > Since 616b8371539a ("mm: thp: enable thp migration in generic path"), PMD
>> > migration handling took PTL before doing PVMW_MIGRATION/PFN checks,
>> > including not_found() cases. So lockless PMD read was just a filter ...
>> >
>> > With this fix, true case gets final pmd_same() check, but this
>> > not_found() case happens before taking PTL.
>> >
>> > So a !PVMW_MIGRATION walker could race with someone, e.g.
>> > remove_migration_pmd(): we make the not_found() decision from old PMD
>> > value that still says "migration", while real *pvmw->pmd may already be
>> > present again. We return without ever taking PTL :)
>> >
>> > Not sure about practical fallout, but should these PMD-level not_found()
>> > cases also take PTL and restart if PMD changed?
>> I was hoping that we could so something similar to the PTE case.
>>
>> In map_pte(), we check whether the PMD changed, which is slightly different.
>>
>> The actual check happens in check_pte() after grabbing the PTL.
>>
>> For the case you describe, map_pte() would find !pte_none(ptent) ...
>> !pte_present(ptent) and !is_migration, and effectively grab the lock and proceed
>> to check_pte().
>>
>> In check_pte() we re-check under lock indeed.
>>
>
>Thinking of the practical fallout, not finding the PMD for a non
>migration worker should be OK. Is there a case where it's not OK to
>report the old state.
I was thinking the lockless value should only be used as a first filter,
to see whether entry looks worth checking.
PTE side is roughly lockless filter + PTL/check_pte().
PMD true case now gets PTL/pmd_same(), but some PMD not_found() cases
still come straight from lockless "pmde".
That mismatch felt odd to me ...
Cheers, Lance
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-06-17 3:15 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20260616063436.20455-1-richard.weiyang@gmail.com>
2026-06-16 12:30 ` [Patch v2] mm/page_vma_mapped: revalidate and do proper check before return device-private pmd Lance Yang
2026-06-16 23:50 ` Wei Yang
2026-06-17 2:32 ` Lance Yang
[not found] ` <666dc40b-e37a-46eb-af55-7a81bc1643f1@kernel.org>
2026-06-17 2:11 ` Balbir Singh
2026-06-17 3:14 ` Lance Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox