Re: [PATCH] mm/migrate_device: fix spinlock leak in migrate_vma_insert_huge_pmd_page

Next message: Sagar Taunk: "[PATCH] rust: workqueue: fix SAFETY comment Arc refs in Pin&lt;KBox&lt;T&gt;&gt;"
Previous message: Sunny Patel: "Re: [PATCH v2] mm/migrate_device: Cleanup up PMD Checks and warnings"
In reply to: Sunny Patel: "[PATCH] mm/migrate_device: fix spinlock leak in migrate_vma_insert_huge_pmd_page"
Next in thread: Balbir Singh: "Re: [PATCH] mm/migrate_device: fix spinlock leak in migrate_vma_insert_huge_pmd_page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton

Date: Sat Apr 25 2026 - 09:54:19 EST

On Sat, 25 Apr 2026 19:05:27 +0530 Sunny Patel <nueralspacetech@xxxxxxxxx> wrote:

> When check_stable_address_space() fails after the PMD spinlock has
> been acquired via pmd_lock(), the code jumps directly to the abort
> label, bypassing the spin_unlock() call in unlock_abort. This causes
> the PMD spinlock to be permanently held, leading to a deadlock.
>
> Change the goto target from abort to unlock_abort to ensure the
> spinlock is always released on this error path.
>
> ...
>
> --- a/mm/migrate_device.c
> +++ b/mm/migrate_device.c
> @@ -850,7 +850,7 @@ static int migrate_vma_insert_huge_pmd_page(struct migrate_vma *migrate,
> ptl = pmd_lock(vma->vm_mm, pmdp);
> csa_ret = check_stable_address_space(vma->vm_mm);
> if (csa_ret)
> - goto abort;
> + goto unlock_abort;
>
> /*
> * Check for userfaultfd but do not deliver the fault. Instead,

whoops.

Fixes: a30b48bf1b24 ("mm/migrate_device: implement THP migration of zone device pages")
Cc: <stable@xxxxxxxxxxxxxxx>