From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 06530306483 for ; Wed, 18 Feb 2026 13:06:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771419970; cv=none; b=tRRON82wYGp5cDblszc3ZFV7oAFn4mmS+DtSDhToFEL6r4Lvbks+dNg3R9hx/g+ppSizh6BrZU5chCoSbUGSPFTEyUHB8FepFZJZVmt38cPmeImDy90jIJM+b79MgQtcT7onDHepB5M4OfXP6/mzyFK6+uwfmoaq5ehqDPJLQUs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771419970; c=relaxed/simple; bh=yPQ64QWQ9T5wbUESH7R0G/IVUMAoQRQgu3/n5Wr6IrI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PW2UqA4sWhfzBj8Y2wGoVkjwIdgXdMa3v4fuurw8ozQpwKAcqwTKp8FK6l9oiAduXCTILgYMha40JuvtnuZqVJANk1ptbc5z5vRTl4GgvAP6cWb8ItwRqfzXMxCY5Mo8gr7X2rOsq/Mov4E5PnRNaMlrVDIFg+rDdezq5PuatMo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kKWrxb4U; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kKWrxb4U" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7F87EC19421; Wed, 18 Feb 2026 13:06:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1771419969; bh=yPQ64QWQ9T5wbUESH7R0G/IVUMAoQRQgu3/n5Wr6IrI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kKWrxb4UfOYype6XihUVGv5QYEukedHvuEXBMMTmSdtlZK+u8xZTaUY5RUTnI1Nl/ gc2cW0K/elejz0o99g0cUUpJs4fLpD8yzFtMBuqEYcNmb8OX6OQW/11eTkngH7HUAt X7/LhU/ydvmeposd4O3TjVtgVJTjTkrmNPO1Z8oJZZhgt8N4O8NpwKr7IfuF50JuDH 5RTnz1UmZM4JebcnLs5zMboRLHa3Ds2mamNBRaHaXflJ+pz4G/4qWmn2SmrD+kmGpA /UIr8wFhCkY+TVoyyyCVA11M8RUeQdBErLp/igtmOGrQbMo0ktUoCNrbQWeKvTTSFZ xiLJfW1AjA5bQ== From: "David Hildenbrand (Arm)" To: stable@vger.kernel.org Cc: linux-mm@kvack.org, "David Hildenbrand (Arm)" , Jane Chu , Harry Yoo , Oscar Salvador , Jann Horn , Liu Shixin , Muchun Song , Andrew Morton , Rik van Riel , Laurence Oberman , Lance Yang , Miaohe Lin , James Houghton , Lukas Bulwahn , Mike Kravetz , Muchun Song Subject: [PATCH 5.10.y 2/7] mm/hugetlb: make detecting shared pte more reliable Date: Wed, 18 Feb 2026 14:05:47 +0100 Message-ID: <20260218130552.55727-3-david@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260218130552.55727-1-david@kernel.org> References: <2026012610-absolve-ducktail-3c64@gregkh> <20260218130552.55727-1-david@kernel.org> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Miaohe Lin If the pagetables are shared, we shouldn't copy or take references. Since src could have unshared and dst shares with another vma, huge_pte_none() is thus used to determine whether dst_pte is shared. But this check isn't reliable. A shared pte could have pte none in pagetable in fact. The page count of ptep page should be checked here in order to reliably determine whether pte is shared. [lukas.bulwahn@gmail.com: remove unused local variable dst_entry in copy_hugetlb_page_range()] Link: https://lkml.kernel.org/r/20220822082525.26071-1-lukas.bulwahn@gmail.com Link: https://lkml.kernel.org/r/20220816130553.31406-7-linmiaohe@huawei.com Signed-off-by: Miaohe Lin Signed-off-by: Lukas Bulwahn Reviewed-by: Mike Kravetz Cc: Muchun Song Signed-off-by: Andrew Morton (cherry picked from commit 3aa4ed8040e1535d95c03cef8b52cf11bf0d8546) [ David: We don't have 4eae4efa2c29 ("hugetlb: do early cow when page pinned on src mm", so there are some contextual conflicts. ] Signed-off-by: David Hildenbrand (Arm) --- mm/hugetlb.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 99a71943c1f6..a2cab8f2190f 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3827,7 +3827,7 @@ static bool is_hugetlb_entry_hwpoisoned(pte_t pte) int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src, struct vm_area_struct *vma) { - pte_t *src_pte, *dst_pte, entry, dst_entry; + pte_t *src_pte, *dst_pte, entry; struct page *ptepage; unsigned long addr; int cow; @@ -3867,27 +3867,22 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src, /* * If the pagetables are shared don't copy or take references. - * dst_pte == src_pte is the common case of src/dest sharing. * + * dst_pte == src_pte is the common case of src/dest sharing. * However, src could have 'unshared' and dst shares with - * another vma. If dst_pte !none, this implies sharing. - * Check here before taking page table lock, and once again - * after taking the lock below. + * another vma. So page_count of ptep page is checked instead + * to reliably determine whether pte is shared. */ - dst_entry = huge_ptep_get(dst_pte); - if ((dst_pte == src_pte) || !huge_pte_none(dst_entry)) + if (page_count(virt_to_page(dst_pte)) > 1) continue; dst_ptl = huge_pte_lock(h, dst, dst_pte); src_ptl = huge_pte_lockptr(h, src, src_pte); spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); entry = huge_ptep_get(src_pte); - dst_entry = huge_ptep_get(dst_pte); - if (huge_pte_none(entry) || !huge_pte_none(dst_entry)) { + if (huge_pte_none(entry)) { /* - * Skip if src entry none. Also, skip in the - * unlikely case dst entry !none as this implies - * sharing with another vma. + * Skip if src entry none. */ ; } else if (unlikely(is_hugetlb_entry_migration(entry) || -- 2.43.0