* [PATCH] mm/huge_memory: update file PUD counter before folio_put()
@ 2026-05-26 10:13 Yin Tirui
2026-05-26 10:47 ` Lorenzo Stoakes
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Yin Tirui @ 2026-05-26 10:13 UTC (permalink / raw)
To: Andrew Morton
Cc: David Hildenbrand, Lorenzo Stoakes, Zi Yan, Baolin Wang,
Liam R . Howlett, Nico Pache, Ryan Roberts, Dev Jain, Barry Song,
Lance Yang, Dan Williams, Alistair Popple, wangkefeng.wang,
chenjun102, yintirui, linux-mm, linux-kernel, stable
__split_huge_pud_locked() updates the file/shmem RSS counter after
dropping the PUD mapping's folio reference. If folio_put() drops the
last reference, mm_counter_file() can later read freed folio state via
folio_test_swapbacked().
Move the counter update before folio_put().
Fixes: dbe54153296d ("mm/huge_memory: add vmf_insert_folio_pud()")
Cc: <stable@vger.kernel.org>
Signed-off-by: Yin Tirui <yintirui@huawei.com>
---
mm/huge_memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index a5f4a48b7b77..9832ee910d5e 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -3027,9 +3027,9 @@ static void __split_huge_pud_locked(struct vm_area_struct *vma, pud_t *pud,
if (!folio_test_referenced(folio) && pud_young(old_pud))
folio_set_referenced(folio);
folio_remove_rmap_pud(folio, page, vma);
- folio_put(folio);
add_mm_counter(vma->vm_mm, mm_counter_file(folio),
-HPAGE_PUD_NR);
+ folio_put(folio);
}
void __split_huge_pud(struct vm_area_struct *vma, pud_t *pud,
--
2.43.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] mm/huge_memory: update file PUD counter before folio_put()
2026-05-26 10:13 [PATCH] mm/huge_memory: update file PUD counter before folio_put() Yin Tirui
@ 2026-05-26 10:47 ` Lorenzo Stoakes
2026-05-26 10:53 ` Yin Tirui
2026-05-26 12:51 ` David Hildenbrand (Arm)
2026-05-26 12:53 ` Lance Yang
2 siblings, 1 reply; 6+ messages in thread
From: Lorenzo Stoakes @ 2026-05-26 10:47 UTC (permalink / raw)
To: Yin Tirui
Cc: Andrew Morton, David Hildenbrand, Zi Yan, Baolin Wang,
Liam R . Howlett, Nico Pache, Ryan Roberts, Dev Jain, Barry Song,
Lance Yang, Dan Williams, Alistair Popple, wangkefeng.wang,
chenjun102, linux-mm, linux-kernel, stable
You sent this twice :)
On Tue, May 26, 2026 at 06:13:55PM +0800, Yin Tirui wrote:
> __split_huge_pud_locked() updates the file/shmem RSS counter after
> dropping the PUD mapping's folio reference. If folio_put() drops the
> last reference, mm_counter_file() can later read freed folio state via
> folio_test_swapbacked().
>
> Move the counter update before folio_put().
>
> Fixes: dbe54153296d ("mm/huge_memory: add vmf_insert_folio_pud()")
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Yin Tirui <yintirui@huawei.com>
Patch looks sane to me, so:
Reviewed-by: Lorenzo Stoakes <ljs@kernel.org>
There seems to be an identical problem in __split_huge_pmd_locked() - could you
do the same fix there?
Thanks, Lorenzo
> ---
> mm/huge_memory.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index a5f4a48b7b77..9832ee910d5e 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -3027,9 +3027,9 @@ static void __split_huge_pud_locked(struct vm_area_struct *vma, pud_t *pud,
> if (!folio_test_referenced(folio) && pud_young(old_pud))
> folio_set_referenced(folio);
> folio_remove_rmap_pud(folio, page, vma);
> - folio_put(folio);
> add_mm_counter(vma->vm_mm, mm_counter_file(folio),
> -HPAGE_PUD_NR);
> + folio_put(folio);
> }
>
> void __split_huge_pud(struct vm_area_struct *vma, pud_t *pud,
> --
> 2.43.0
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] mm/huge_memory: update file PUD counter before folio_put()
2026-05-26 10:47 ` Lorenzo Stoakes
@ 2026-05-26 10:53 ` Yin Tirui
2026-05-26 10:55 ` Lorenzo Stoakes
0 siblings, 1 reply; 6+ messages in thread
From: Yin Tirui @ 2026-05-26 10:53 UTC (permalink / raw)
To: Lorenzo Stoakes
Cc: Andrew Morton, David Hildenbrand, Zi Yan, Baolin Wang,
Liam R . Howlett, Nico Pache, Ryan Roberts, Dev Jain, Barry Song,
Lance Yang, Dan Williams, Alistair Popple, wangkefeng.wang,
chenjun102, linux-mm, linux-kernel, stable
On 5/26/2026 6:47 PM, Lorenzo Stoakes wrote:
> You sent this twice :)
>
> On Tue, May 26, 2026 at 06:13:55PM +0800, Yin Tirui wrote:
>> __split_huge_pud_locked() updates the file/shmem RSS counter after
>> dropping the PUD mapping's folio reference. If folio_put() drops the
>> last reference, mm_counter_file() can later read freed folio state via
>> folio_test_swapbacked().
>>
>> Move the counter update before folio_put().
>>
>> Fixes: dbe54153296d ("mm/huge_memory: add vmf_insert_folio_pud()")
>> Cc: <stable@vger.kernel.org>
>> Signed-off-by: Yin Tirui <yintirui@huawei.com>
> Patch looks sane to me, so:
>
> Reviewed-by: Lorenzo Stoakes <ljs@kernel.org>
>
> There seems to be an identical problem in __split_huge_pmd_locked() - could you
> do the same fix there?
I have already sent it as another separate patch.
https://lore.kernel.org/linux-mm/20260526101337.1984081-1-yintirui@huawei.com/T/#u
>
> Thanks, Lorenzo
>
>> ---
>> mm/huge_memory.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>> index a5f4a48b7b77..9832ee910d5e 100644
>> --- a/mm/huge_memory.c
>> +++ b/mm/huge_memory.c
>> @@ -3027,9 +3027,9 @@ static void __split_huge_pud_locked(struct vm_area_struct *vma, pud_t *pud,
>> if (!folio_test_referenced(folio) && pud_young(old_pud))
>> folio_set_referenced(folio);
>> folio_remove_rmap_pud(folio, page, vma);
>> - folio_put(folio);
>> add_mm_counter(vma->vm_mm, mm_counter_file(folio),
>> -HPAGE_PUD_NR);
>> + folio_put(folio);
>> }
>>
>> void __split_huge_pud(struct vm_area_struct *vma, pud_t *pud,
>> --
>> 2.43.0
>>
--
Yin Tirui
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] mm/huge_memory: update file PUD counter before folio_put()
2026-05-26 10:53 ` Yin Tirui
@ 2026-05-26 10:55 ` Lorenzo Stoakes
0 siblings, 0 replies; 6+ messages in thread
From: Lorenzo Stoakes @ 2026-05-26 10:55 UTC (permalink / raw)
To: Yin Tirui
Cc: Andrew Morton, David Hildenbrand, Zi Yan, Baolin Wang,
Liam R . Howlett, Nico Pache, Ryan Roberts, Dev Jain, Barry Song,
Lance Yang, Dan Williams, Alistair Popple, wangkefeng.wang,
chenjun102, linux-mm, linux-kernel, stable
On Tue, May 26, 2026 at 06:53:05PM +0800, Yin Tirui wrote:
>
> On 5/26/2026 6:47 PM, Lorenzo Stoakes wrote:
> > You sent this twice :)
Yeah oops you didn't, that was just the PMD part!
(Also my mail client may now, ironically, duplicate a reply...)
> >
> > On Tue, May 26, 2026 at 06:13:55PM +0800, Yin Tirui wrote:
> > > __split_huge_pud_locked() updates the file/shmem RSS counter after
> > > dropping the PUD mapping's folio reference. If folio_put() drops the
> > > last reference, mm_counter_file() can later read freed folio state via
> > > folio_test_swapbacked().
> > >
> > > Move the counter update before folio_put().
> > >
> > > Fixes: dbe54153296d ("mm/huge_memory: add vmf_insert_folio_pud()")
> > > Cc: <stable@vger.kernel.org>
> > > Signed-off-by: Yin Tirui <yintirui@huawei.com>
> > Patch looks sane to me, so:
> >
> > Reviewed-by: Lorenzo Stoakes <ljs@kernel.org>
> >
> > There seems to be an identical problem in __split_huge_pmd_locked() - could you
> > do the same fix there?
>
> I have already sent it as another separate patch.
>
> https://lore.kernel.org/linux-mm/20260526101337.1984081-1-yintirui@huawei.com/T/#u
Yup, inevitably hit send and only then notice this :)
Cheers, Lorenzo
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] mm/huge_memory: update file PUD counter before folio_put()
2026-05-26 10:13 [PATCH] mm/huge_memory: update file PUD counter before folio_put() Yin Tirui
2026-05-26 10:47 ` Lorenzo Stoakes
@ 2026-05-26 12:51 ` David Hildenbrand (Arm)
2026-05-26 12:53 ` Lance Yang
2 siblings, 0 replies; 6+ messages in thread
From: David Hildenbrand (Arm) @ 2026-05-26 12:51 UTC (permalink / raw)
To: Yin Tirui, Andrew Morton
Cc: Lorenzo Stoakes, Zi Yan, Baolin Wang, Liam R . Howlett,
Nico Pache, Ryan Roberts, Dev Jain, Barry Song, Lance Yang,
Dan Williams, Alistair Popple, wangkefeng.wang, chenjun102,
linux-mm, linux-kernel, stable
On 5/26/26 12:13, Yin Tirui wrote:
> __split_huge_pud_locked() updates the file/shmem RSS counter after
> dropping the PUD mapping's folio reference. If folio_put() drops the
> last reference, mm_counter_file() can later read freed folio state via
> folio_test_swapbacked().
>
> Move the counter update before folio_put().
>
> Fixes: dbe54153296d ("mm/huge_memory: add vmf_insert_folio_pud()")
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Yin Tirui <yintirui@huawei.com>
> ---
Acked-by: David Hildenbrand (arm) <david@kernel.org>
--
Cheers,
David
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] mm/huge_memory: update file PUD counter before folio_put()
2026-05-26 10:13 [PATCH] mm/huge_memory: update file PUD counter before folio_put() Yin Tirui
2026-05-26 10:47 ` Lorenzo Stoakes
2026-05-26 12:51 ` David Hildenbrand (Arm)
@ 2026-05-26 12:53 ` Lance Yang
2 siblings, 0 replies; 6+ messages in thread
From: Lance Yang @ 2026-05-26 12:53 UTC (permalink / raw)
To: yintirui
Cc: akpm, david, ljs, ziy, baolin.wang, liam, npache, ryan.roberts,
dev.jain, baohua, lance.yang, djbw, apopple, wangkefeng.wang,
chenjun102, linux-mm, linux-kernel, stable
On Tue, May 26, 2026 at 06:13:55PM +0800, Yin Tirui wrote:
>__split_huge_pud_locked() updates the file/shmem RSS counter after
>dropping the PUD mapping's folio reference. If folio_put() drops the
>last reference, mm_counter_file() can later read freed folio state via
>folio_test_swapbacked().
>
>Move the counter update before folio_put().
>
>Fixes: dbe54153296d ("mm/huge_memory: add vmf_insert_folio_pud()")
>Cc: <stable@vger.kernel.org>
>Signed-off-by: Yin Tirui <yintirui@huawei.com>
>---
Thanks! Feel free to add:
Reviewed-by: Lance Yang <lance.yang@linux.dev>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-05-26 12:54 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-26 10:13 [PATCH] mm/huge_memory: update file PUD counter before folio_put() Yin Tirui
2026-05-26 10:47 ` Lorenzo Stoakes
2026-05-26 10:53 ` Yin Tirui
2026-05-26 10:55 ` Lorenzo Stoakes
2026-05-26 12:51 ` David Hildenbrand (Arm)
2026-05-26 12:53 ` Lance Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox