From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F9C7282F18 for ; Mon, 27 Apr 2026 06:37:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.41 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777271862; cv=none; b=OMycCMLwaI8cyIzCDCM9lAWegz6SAIF3jAX7LGU41sVhVgCukOHgls5I255O3Ocj/iliZ5dO2Day+pxPdziYvJv+pjaZLiG60RdGekhH8hRTdHmmKhuRxIyNWNsosYgsw3nR2zFN3Fvy1IiwwLDzNSSYsoj+vNbH6xYv2ou3rNM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777271862; c=relaxed/simple; bh=J8tE5rXp1zJNYo2C7Y+o8Z31E+VDzqt41K4oVS8qKlg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=h+MinQ90RxRiqhcAUIjUZFP9XoD77SVrw5BHrdokFezeFEFgkx++B0XL4/2Q+3EP/+nzkDn6Iy2Uw612/9nl0OrPR/MUdVLuVeP7P4SYDXLuvNTrVQ7rQeJ4+WZpDHuDluFjxmTSSFVXidRqDGkWkfpbxiLuagR72cLKWFxqQQw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BWGLGZnI; arc=none smtp.client-ip=209.85.216.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BWGLGZnI" Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-35d965648a2so8734625a91.0 for ; Sun, 26 Apr 2026 23:37:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777271861; x=1777876661; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=571oaXZgb1cM9wv4JKckLJbRvYiZhpmMD/AGdOnoXi4=; b=BWGLGZnI1SDg1h0+OHRh69FPI52ig8IQa1pc62NhtV6D1EaiyNY1zwqu/8CiXT2NrQ wrrCvy6UFdj6XWKJTRlFLhnRd1fflL3LLMeL7Wn9FHHFFwmBmx6c8YkrCTn8HOU8GnCj iEkCslH93H9fBYUuAFiCxBRVlSb0qp5SWWGVUV4jHsgUoMooQPccCipW42AXu9SMCiMW BEiULrvk6cQE5WlgjIvraWotozk1DMrpvQ2Q7W8oolDnWPRxjq7LnaRSnx8zqhXMomXe st+8VaelTEMrRrJhalHb8Z459Eshq/5dCvg3fBG8oSMP3u9OGAC1EL12h2A+Rfh9jsF5 Oo+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777271861; x=1777876661; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=571oaXZgb1cM9wv4JKckLJbRvYiZhpmMD/AGdOnoXi4=; b=Yts+YXzz94CvarDZJlFpKuOvspiD/45dxlhioUxNDqrzQV1bVFRxl6WT9QcMARZe/7 F0l/uauNrUGKk+CqeCoFgj3S9tVsZjTks0svIQySu9Iet2bqcDbWm+dQ7uybl9XlEkuU xuQbsnpU0QlIi7NMn7egT0trrPDenIi8qPrtsAjGi0SVIOQoZi2nxZw+VTwBuNi04uj/ A6ygP9KY41A7wBz7wwjrKCC948gg/Uq/D7JoB2a/VdaNZj9rcvI36AsKgcV+yh/mRy5k uP/5rh8kaKCV7jIeaUxD508RbOPuWPgvGmk1a4A4tEN3cQg+5WfIFKgtUlGWTscod1z+ yefw== X-Forwarded-Encrypted: i=1; AFNElJ+w7Os1e9WfZS3s6Y029XLuXQxzP3vNr3VpcUO29N1LUSPNuTInD2NMXpscn+oMUxlCMCc1O0ecIXriitA=@vger.kernel.org X-Gm-Message-State: AOJu0YxJmwwO8CDlLL2bu46dwOMW9oKH5AzceBiOkwOMn0c5Q1MI0GEX 3y+rB74W0u6DdjXj1OHn4iiskXgOfAghfWzXq7ipkr8v0+jd3/bbsD/c X-Gm-Gg: AeBDievtFuBSKi+UWwZRw93ewW56W/6FekL0BwWzsGzjrzMUNZIUwqtkPIeoLBkQgRf +v1WM75V8tJaTLrtNVNFfoioOXx5nltVcanMysP3JlvkhetlL+ewcF3o32VkAn1F5U7/0C4/XMg eDmu/xLjN6qKImVXvQDxNwfuFo3MwB9Adi3vWzy7eLAOZIDYJhu8UEApcc/kznI2RAJ94yir6ah hW+TcivjREn2OTwKzCm3o7U0dekdkyKlg70xaRAihIHiBCy9LhVme2YuCLf+q02+qlRfcuOXR8f dIqjIAlAPt+M2MVW3TqMqOcdLyO5q3xyPaDpOJmWx8nxBFI/uZZyqA9I2TyY8XClxMbxlvEWBhz 9/tMg/1uIXJ0nlXYMFIKTo/RGLCBAm0sf69hf8Wt8Tm3tz00qxRXfVlwNRb1b7yczxpZ4l3H4t5 Rf9yDjO50RiPOVFXLycUpDVHNsw84FpHR2kvLPjOH4vRKZkijfMuz4L47m X-Received: by 2002:a17:902:ce0c:b0:2b0:51f6:d46e with SMTP id d9443c01a7336-2b5f9f009b2mr451730915ad.15.1777271860705; Sun, 26 Apr 2026 23:37:40 -0700 (PDT) Received: from tech-Alienware-m15-R6.. ([122.171.21.105]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b5fab0db13sm315231825ad.53.2026.04.26.23.37.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Apr 2026 23:37:40 -0700 (PDT) From: Sunny Patel To: Andrew Morton , David Hildenbrand Cc: Zi Yan , Matthew Brost , Joshua Hahn , Rakie Kim , Byungchul Park , Gregory Price , Ying Huang , Alistair Popple , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Sunny Patel Subject: [PATCH v2] mm/migrate_device: fix pgtable leak in migrate_vma_insert_huge_pmd_page Date: Mon, 27 Apr 2026 12:07:22 +0530 Message-ID: <20260427063729.17294-1-nueralspacetech@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When migrate_vma_insert_huge_pmd_page() jumps to unlock_abort due to a PMD check failure, the pgtable allocated earlier via pte_alloc_one() is never freed, causing a memory leak. Add a pte_free() call in the unlock_abort error path to release the pgtable before returning.Also included before goto abort in the folio check path. Signed-off-by: Sunny Patel --- Changes in v2: - Added pte_free() before goto abort in the folio_is_zone_device() check path. The lock is not taken at this point so goto unlock_abort would be incorrect here. - v1 only fixed the unlock_abort path, this version fixes both leak locations. mm/migrate_device.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/migrate_device.c b/mm/migrate_device.c index fbfe5715f635..7e132196856b 100644 --- a/mm/migrate_device.c +++ b/mm/migrate_device.c @@ -840,6 +840,7 @@ static int migrate_vma_insert_huge_pmd_page(struct migrate_vma *migrate, } else { if (folio_is_zone_device(folio) && !folio_is_device_coherent(folio)) { + pte_free(vma->vm_mm, pgtable); goto abort; } entry = folio_mk_pmd(folio, vma->vm_page_prot); @@ -893,6 +894,7 @@ static int migrate_vma_insert_huge_pmd_page(struct migrate_vma *migrate, unlock_abort: spin_unlock(ptl); + pte_free(vma->vm_mm, pgtable); abort: for (i = 0; i < HPAGE_PMD_NR; i++) src[i] &= ~MIGRATE_PFN_MIGRATE; -- 2.43.0