From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D92535F619 for ; Wed, 1 Jul 2026 14:52:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782917573; cv=none; b=RH8ja4D1ytnp+o/yu3lm0La81+o3k1Q0g8rsLCQurCHyU7U1oXXmFVDeaAFjcO5jtxQir2bIyyfCvLbQja5QILAeFDhfWp17+iQQAHdmC7e9IWACwYsrVtKCapbiqjCUKNHdz2hjd/ZEQsLNa6IyfiV3xpMm1E+OMg4e/Fn2dk8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782917573; c=relaxed/simple; bh=kJcMdoFOAtxq88KDroO/6rIvkVx0HjROpvXaNLESXHg=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=muM1QlBLX66vkJ5vD4aTWGs+9P+9ukCmUnxfiHCGhDLvlHNzPHV0qwL3TCOxOe3AY4K5pz6W2iJmGv8/fQ34J3sYc0hddqSB5bxuQcPLTG35lXXPclXjjvqYNeTfK4+TzMP7j7LSOUtG7aNRHcWBR2Kp4uQ8s+vpBArXSz4L6tw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=I+voNpCR; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="I+voNpCR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C59BF1F000E9; Wed, 1 Jul 2026 14:52:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782917569; bh=3PMuOMB8oQMmED+VTExnHBYgDYKgq3h680UUULi7v7E=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=I+voNpCR/OqqBEbboBbDgUgzg6w4E8OX8t8BJTRz5LxscDmx14gIg/I+GTT6Go5En xx2WzMwLjKG3JNp6q4LBxu6tdzFx4KlJ5XBdV2I0QIu25zFI6yIT+YDI6V9HvJvH54 rrwWWOxGiT/mXdpoXHWZLZDHD+ifZBOtNQ9HJ7ijbKe/IWJNoxK39ao5l58GHwg4m1 4V0HEmZzX67RlkSyc1YSIOZdh4HRKHfcnA7+Mx6rIpbMVU5ekq3jcHW9KzQ9OI8ugN /ezRHMhgA/qgykeOF39lwG0X/4hBHUi/p5RB7YXXmWvKpQxTfFmWNGvaeXuC5EasgC 7RMG5tbjD6v2A== Date: Wed, 1 Jul 2026 15:52:39 +0100 From: Lorenzo Stoakes To: Rik van Riel Cc: linux-kernel@vger.kernel.org, kernel-team@meta.com, linux-mm@kvack.org, akpm@linux-foundation.org, david@kernel.org, ziy@nvidia.com, baolin.wang@linux.alibaba.com, liam@infradead.org, npache@redhat.com, ryan.roberts@arm.com, dev.jain@arm.com, baohua@kernel.org, lance.yang@linux.dev, yang@os.amperecomputing.com Subject: Re: [PATCH] mm/huge_memory: set PG_has_hwpoisoned only after new folio head is established Message-ID: References: <20260701134622.3152896-1-riel@surriel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260701134622.3152896-1-riel@surriel.com> On Wed, Jul 01, 2026 at 09:46:22AM -0400, Rik van Riel wrote: > __split_folio_to_order() copies the hwpoison state onto each new > sub-folio while splitting a folio to a non-zero order. It did so via > > if (handle_hwpoison && page_range_has_hwpoisoned(new_head, new_nr_pages)) > folio_set_has_hwpoisoned(new_folio); > > *before* clear_compound_head(new_head)/prep_compound_page(new_head, ...) > turn @new_head from a tail page into a proper folio head. > > PG_has_hwpoisoned is a FOLIO_SECOND_PAGE flag, so folio_set_has_hwpoisoned() > resolves to folio_flags(folio, 1). With the new compound_info-based > page-flags layout, folio_flags() asserts the page is not a tail: > > VM_BUG_ON_PGFLAGS(page->compound_info & 1, page); > VM_BUG_ON_PGFLAGS(n > 0 && !test_bit(PG_head, &page->flags.f), page); > > At the original call site @new_head still has the tail marker > (compound_info bit 0 set, PG_head clear), so on CONFIG_DEBUG_VM kernels > this hits: > > kernel BUG at include/linux/page-flags.h:354 > folio_flags+0x82 > folio_set_has_hwpoisoned > __split_folio_to_order > __split_unmapped_folio > __folio_split > truncate_inode_partial_folio (shmem hole-punch / MADV_REMOVE) > > Reproduced by syzkaller: hwpoison-inject a few subpages of a large shmem > folio, then MADV_REMOVE (fallocate punch hole) on the same range, which > splits the partial folio to a non-zero order. > > Move the folio_set_has_hwpoisoned() call to after > clear_compound_head()/prep_compound_page(), where @new_folio is a real > order-new_order head folio (handle_hwpoison implies new_order != 0, so a > second page always exists). The flag still lands on the same struct page > (page[1] of the new folio); only the ordering relative to compound-head > setup changes, satisfying the FOLIO_SECOND_PAGE precondition. > > Signed-off-by: Rik van Riel > Assisted-by: Claude:claude-opus-4-8 > Fixes: fa5a06170036 ("mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order") > --- > mm/huge_memory.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c > index 2bccb0a53a0a..ee7ecb3b45c6 100644 > --- a/mm/huge_memory.c > +++ b/mm/huge_memory.c > @@ -3587,10 +3587,6 @@ static void __split_folio_to_order(struct folio *folio, int old_order, > (1L << PG_dropbehind) | > LRU_GEN_MASK | LRU_REFS_MASK)); > > - if (handle_hwpoison && > - page_range_has_hwpoisoned(new_head, new_nr_pages)) > - folio_set_has_hwpoisoned(new_folio); > - > new_folio->mapping = folio->mapping; > new_folio->index = folio->index + i; > > @@ -3612,6 +3608,18 @@ static void __split_folio_to_order(struct folio *folio, int old_order, > folio_set_large_rmappable(new_folio); > } > > + /* > + * PG_has_hwpoisoned is a FOLIO_SECOND_PAGE flag, so it can only > + * be set once @new_folio is a real (head) folio. Defer setting > + * it until after clear_compound_head()/prep_compound_page() have > + * turned @new_head from a tail page into a proper folio head; > + * otherwise folio_flags() trips on (page->compound_info & 1). > + * handle_hwpoison implies new_order != 0. > + */ This reads like an LLM comment...! A ton of noise and unnecessary detail. How about: /* * PG_has_hwpoisoned is on the 2nd page, so set it after * compound head prepped. */ ? > + if (handle_hwpoison && > + page_range_has_hwpoisoned(new_head, new_nr_pages)) > + folio_set_has_hwpoisoned(new_folio); > + > if (folio_test_young(folio)) > folio_set_young(new_folio); > if (folio_test_idle(folio)) > -- > 2.53.0-Meta > Thanks, Lorenzo