Re: [PATCH v2] mm/userfaultfd: fix hugetlb fault mutex hash calculation

Next message: JB Tsai: "[PATCH] linux-firmware: update firmware for MT7922 WiFi device"
Previous message: Lance Yang: "[PATCH v7 1/2] mm/mmu_gather: prepare to skip redundant sync IPIs"
Next in thread: Jianhui Zhou: "Re: [PATCH v2] mm/userfaultfd: fix hugetlb fault mutex hash calculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hugh Dickins

Date: Sun Mar 08 2026 - 22:09:13 EST

On Sat, 7 Mar 2026, Jianhui Zhou wrote:

> In mfill_atomic_hugetlb(), linear_page_index() is used to calculate the
> page index for hugetlb_fault_mutex_hash(). However, linear_page_index()
> returns the index in PAGE_SIZE units, while hugetlb_fault_mutex_hash()
> expects the index in huge page units (as calculated by
> vma_hugecache_offset()). This mismatch means that different addresses
> within the same huge page can produce different hash values, leading to
> the use of different mutexes for the same huge page. This can cause
> races between faulting threads, which can corrupt the reservation map
> and trigger the BUG_ON in resv_map_release().
>
> Fix this by replacing linear_page_index() with vma_hugecache_offset()
> and applying huge_page_mask() to align the address properly. To make
> vma_hugecache_offset() available outside of mm/hugetlb.c, move it to
> include/linux/hugetlb.h as a static inline function.
>
> Fixes: 60d4d2d2b40e ("userfaultfd: hugetlbfs: add __mcopy_atomic_hugetlb for huge page UFFDIO_COPY")

I have not thought it through, nor checked (someone else please do so
before this might reach stable trees); but I believe it's very likely
that that Fixes attribution to a 4.11 commit is wrong - more likely 6.7's
a08c7193e4f1 ("mm/filemap: remove hugetlb special casing in filemap.c").

Hugh