Re: [PATCH v5 2/2] mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn
From: Miaohe Lin
Date: Thu Jan 15 2026 - 02:36:56 EST
On 2026/1/15 5:37, Jane Chu wrote:
> When a hugetlb folio is being poisoned again, try_memory_failure_hugetlb()
> passed head pfn to kill_accessing_process(), that is not right.
> The precise pfn of the poisoned page should be used in order to
> determine the precise vaddr as the SIGBUS payload.
>
> This issue has already been taken care of in the normal path, that is,
> hwpoison_user_mappings(), see [1][2]. Further more, for [3] to work
> correctly in the hugetlb repoisoning case, it's essential to inform
> VM the precise poisoned page, not the head page.
>
> [1] https://lkml.kernel.org/r/20231218135837.3310403-1-willy@xxxxxxxxxxxxx
> [2] https://lkml.kernel.org/r/20250224211445.2663312-1-jane.chu@xxxxxxxxxx
> [3] https://lore.kernel.org/lkml/20251116013223.1557158-1-jiaqiyan@xxxxxxxxxx/
>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Jane Chu <jane.chu@xxxxxxxxxx>
> Reviewed-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
> ---
> v5, v4: No change.
> v2 -> v3:
> incorporated suggestions from Miaohe and Matthew.
> v1 -> v2:
> pickup R-B, add stable to cc list.
> ---
> mm/memory-failure.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
> index 2563718c34c6..f6b806499caa 100644
> --- a/mm/memory-failure.c
> +++ b/mm/memory-failure.c
> @@ -692,6 +692,8 @@ static int check_hwpoisoned_entry(pte_t pte, unsigned long addr, short shift,
> unsigned long poisoned_pfn, struct to_kill *tk)
> {
> unsigned long pfn = 0;
> + unsigned long hwpoison_vaddr;
> + unsigned long mask;
>
> if (pte_present(pte)) {
> pfn = pte_pfn(pte);
> @@ -702,10 +704,12 @@ static int check_hwpoisoned_entry(pte_t pte, unsigned long addr, short shift,
> pfn = softleaf_to_pfn(entry);
> }
>
> - if (!pfn || pfn != poisoned_pfn)
> + mask = ~((1UL << (shift - PAGE_SHIFT)) - 1);
> + if (!pfn || ((pfn & mask) != (poisoned_pfn & mask)))
> return 0;
Nit: Maybe "(!pfn || pfn != (poisoned_pfn & mask))" is enough?
Acked-by: Miaohe Lin <linmiaohe@xxxxxxxxxx>
Thanks.
.