Re: [PATCH] mm/huge_memory: fix override of entry in remove_migration_pmd

Fri, 14 Nov 2025 01:23:17 -0800 

On 14.11.25 02:21, Balbir Singh wrote:

Recent changes exposed a BUG in remove_migration_pmd() where the
migration entry was being overridden when the folio is device private.

Use scope local entry for creating the device private pmde. Make the
pmde writable if the migration entry is writable by moving the check
is_migration_write() prior to creating the device private entry.

Cc: Andrew Morton <[email protected]>
Cc: David Hildenbrand <[email protected]>
Cc: Zi Yan <[email protected]>
Cc: Joshua Hahn <[email protected]>
Cc: Rakie Kim <[email protected]>
Cc: Byungchul Park <[email protected]>
Cc: Gregory Price <[email protected]>
Cc: Ying Huang <[email protected]>
Cc: Alistair Popple <[email protected]>
Cc: Oscar Salvador <[email protected]>
Cc: Lorenzo Stoakes <[email protected]>
Cc: Baolin Wang <[email protected]>
Cc: "Liam R. Howlett" <[email protected]>
Cc: Nico Pache <[email protected]>
Cc: Ryan Roberts <[email protected]>
Cc: Dev Jain <[email protected]>
Cc: Barry Song <[email protected]>
Cc: Lyude Paul <[email protected]>
Cc: Danilo Krummrich <[email protected]>
Cc: David Airlie <[email protected]>
Cc: Simona Vetter <[email protected]>
Cc: Ralph Campbell <[email protected]>
Cc: Mika Penttilä <[email protected]>
Cc: Matthew Brost <[email protected]>
Cc: Francois Dugast <[email protected]>

Signed-off-by: Balbir Singh <[email protected]>
Reviewed-by: Lorenzo Stoakes <[email protected]>
---
  mm/huge_memory.c | 7 +++++--
  1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 9dda8c48daca..df93768a6e15 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -4698,7 +4698,12 @@ void remove_migration_pmd(struct page_vma_mapped_walk 
*pvmw, struct page *new)
        folio_get(folio);
        pmde = folio_mk_pmd(folio, READ_ONCE(vma->vm_page_prot));
+ if (is_writable_migration_entry(entry)) 
+               pmde = pmd_mkwrite(pmde, vma);
+
        if (folio_is_device_private(folio)) {
+               swp_entry_t entry;
+
                if (pmd_write(pmde))
                        entry = make_writable_device_private_entry(
                                                        page_to_pfn(new));
@@ -4710,8 +4715,6 @@ void remove_migration_pmd(struct page_vma_mapped_walk 
*pvmw, struct page *new)
if (pmd_swp_soft_dirty(*pvmw->pmd)) 
                pmde = pmd_mksoft_dirty(pmde);
-       if (is_writable_migration_entry(entry))
-               pmde = pmd_mkwrite(pmde, vma);
        if (pmd_swp_uffd_wp(*pvmw->pmd))
                pmde = pmd_mkuffd_wp(pmde);
        if (!is_migration_entry_young(entry))
There are more problems here: you cannot call pmd_mksoft_dirty() etc on something that is not a present pmd! We have pmd_swp_mksoft_dirty() and friends for that. 

So you'll have to completely split both paths.

--
Cheers

David

Reply via email to