Re: [PATCH] mm/migrate_device: document folio_get requirement before frozen PMD split

Next message: David Hildenbrand (Arm): "[PATCH v2 0/4] mm: move vma_(kernel|mmu)_pagesize() out of hugetlb.c"
Previous message: Alexandre Courbot: "[PATCH v8 03/10] rust: num: add `into_bool` method to `Bounded`"
In reply to: Nico Pache: "Re: [PATCH] mm/migrate_device: document folio_get requirement before frozen PMD split"
Next in thread: Usama Arif: "Re: [PATCH] mm/migrate_device: document folio_get requirement before frozen PMD split"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hildenbrand (Arm)

Date: Mon Mar 09 2026 - 11:23:54 EST

On 3/6/26 11:44, Usama Arif wrote:
> split_huge_pmd_address() with freeze=true splits a PMD migration entry
> into PTE migration entries, consuming one folio reference in the
> process. The folio_get() before it provides this reference.
>
> Add a comment explaining this relationship and a VM_WARN_ON_ONCE to
> catch an unexpected refcount != 1 entry state.
>
> Suggested-by: Zi Yan <ziy@xxxxxxxxxx>
> Signed-off-by: Usama Arif <usama.arif@xxxxxxxxx>
> ---
> mm/migrate_device.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/mm/migrate_device.c b/mm/migrate_device.c
> index 78c7acf024615..6fa2878848a7e 100644
> --- a/mm/migrate_device.c
> +++ b/mm/migrate_device.c
> @@ -908,6 +908,11 @@ static int migrate_vma_split_unmapped_folio(struct migrate_vma *migrate,
> unsigned long flags;
> int ret = 0;
>
> + VM_WARN_ON_ONCE(folio_ref_count(folio) != 1);

Can't we have speculative references here? In general, asserting that
the refcount has an exact value (besides 0) is often shaky.

> + /*
> + * take a reference, since split_huge_pmd_address() with freeze = true
> + * drops a reference at the end.
> + */
> folio_get(folio);
> split_huge_pmd_address(migrate->vma, addr, true);
> ret = folio_split_unmapped(folio, 0);

--
Cheers,

David