Re: [PATCH] mm/hugetlb_vmemmap: fix incorrect vmemmap restore in rollback

Next message: Sanjay Chitroda: "Re: [PATCH v4 35/36] iio: pressure: hid-sensor-press: drop hid_sensor_remove_trigger() using devm API"
Previous message: Karl Mehltretter: "[PATCH] tracing: Disable KCOV instrumentation for trace_irqsoff.o"
In reply to: Kiryl Shutsemau: "Re: [PATCH] mm/hugetlb_vmemmap: fix incorrect vmemmap restore in rollback"
Next in thread: Andrew Morton: "Re: [PATCH] mm/hugetlb_vmemmap: fix incorrect vmemmap restore in rollback"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Oscar Salvador (SUSE)

Date: Mon May 25 2026 - 13:05:16 EST

On Mon, May 25, 2026 at 10:52:13AM +0800, Muchun Song wrote:
> vmemmap_restore_pte() rebuilds restored vmemmap pages from a
> tail-page template derived from compound_head(). This is wrong when the
> current PTE already maps a page whose contents are not tail-page
> metadata.
>
> In the rollback path of vmemmap_remap_free(), the first restored PTE is
> backed by vmemmap_head and contains head-page metadata. Reconstructing
> that page from a tail-page template overwrites the head-page state and
> corrupts the restored vmemmap page.
>
> Fix this by copying the full page from the page currently mapped by the
> PTE. Also pass vmemmap_tail to the rollback walk so only PTEs backed by
> the shared tail page are restored, while the head PTE remains mapped to
> vmemmap_head. Add VM_WARN_ON_ONCE() checks for unexpected cases.
>
> Fixes: c0b495b91a47 ("mm/hugetlb: refactor code around vmemmap_walk")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>

Acked-by: Oscar Salvador (SUSE) <osalvador@xxxxxxxxxx>

--
Oscar Salvador
SUSE Labs