From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 17A57306D26
	for <stable@vger.kernel.org>; Fri,  8 May 2026 21:51:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1778277083; cv=none; b=GdImAnNMD/S0gvdgktSDi6xZU6nUZoXBBGdpj2+6mOFWWwe7BSpJlKaPMOv2lhIzM+JnwTljc6gS1YvprW4aBv7Q/YjIH/tvOONSflWSVHzJrzfD7/FwF6hLz3arekfajodHLsLc1sVkAp3tZ9mrH+Ujzpntw2RR6wnVnAdWqug=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1778277083; c=relaxed/simple;
	bh=C9QhXNau5H10Vsv2I9QSQcs5z5pQXQI4hTBlKbEYUdM=;
	h=Date:From:To:Cc:Subject:Message-Id:In-Reply-To:References:
	 Mime-Version:Content-Type; b=qRi9lsRbREniNH6a3kl242VlQoFuMtRODaDBrtSz9wKY8pIYeQFXitu5QAtR/g6dWX+g76QjEK5fKYO/LWd4QtOugmYS/36QTxvBKnPMvo5UEYKl6g/s3xnq6aFwp+v2WDnJ2FsPFNBDf81hZUe/02uL79KrenKur6crDSuo+UU=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=WmGqQ8vj; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="WmGqQ8vj"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 35131C2BCB0;
	Fri,  8 May 2026 21:51:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
	s=korg; t=1778277082;
	bh=C9QhXNau5H10Vsv2I9QSQcs5z5pQXQI4hTBlKbEYUdM=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=WmGqQ8vjDV4ZvaVH0iE/01aNlECAJH5GwTvX/6N/C9UCOON+ZhEYc3GRFoVdtqlVP
	 Pe+U4KcjjA2eNCttCtcX40ltu8dhR7FldWOGqSFoLE1Y5FpKD43ejXBYFmSltjxCVA
	 Qhd2mi7zwjvAAky8ZGiu9TKD+Qp1A66NHbqKgQRY=
Date: Fri, 8 May 2026 14:51:21 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: Wei Yang <richard.weiyang@gmail.com>
Cc: david@kernel.org, ljs@kernel.org, riel@surriel.com, liam@infradead.org,
 vbabka@kernel.org, harry@kernel.org, jannh@google.com, sj@kernel.org,
 ziy@nvidia.com, balbirs@nvidia.com, linux-mm@kvack.org, Lorenzo Stoakes
 <lorenzo.stoakes@oracle.com>, stable@vger.kernel.org
Subject: Re: [PATCH] mm/page_vma_mapped: revalidate and do proper check
 before return device-private pmd
Message-Id: <20260508145121.35e2552d403b94ea6f748b90@linux-foundation.org>
In-Reply-To: <20260508013728.21285-1-richard.weiyang@gmail.com>
References: <20260508013728.21285-1-richard.weiyang@gmail.com>
X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Precedence: bulk
X-Mailing-List: stable@vger.kernel.org
List-Id: <stable.vger.kernel.org>
List-Subscribe: <mailto:stable+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:stable+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Fri,  8 May 2026 01:37:28 +0000 Wei Yang <richard.weiyang@gmail.com> wrote:

> For pmd_trans_huge() and pmd_is_migration_entry(), we does following
> before return the pmd entry:
> 
>   * re-validate pmd entry
>   * check PVMW_MIGRATION
>   * check_pmd()
>   * handle on pte level if split under us
> 
> But for device-private pmd, we just return after pmd_lock(). This may
> lead to inproper situation.

What is "improper situation"?

> This patch fixes commit 65edfda6f3f2 ("mm/rmap: extend rmap and migration
> support device-private entries") by following the same pattern as
> pmd_trans_huge() and pmd_is_migration_entry().
> 
> Fixes: 65edfda6f3f2 ("mm/rmap: extend rmap and migration support device-private entries")
> Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
> Cc: David Hildenbrand <david@kernel.org>
> Cc: Balbir Singh <balbirs@nvidia.com>
> Cc: SeongJae Park <sj@kernel.org>
> Cc: Zi Yan <ziy@nvidia.com>
> Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
> Cc: <stable@vger.kernel.org>

If we're to propose a fix for -stable backporting I believe we should
fully explain to -stable maintainers *why* we're making that proposal.

IOW, and not for the first time(!), what are the worst-case
userspace-visible effects of this bug?