Re: [PATCH 04/13] mm/huge_memory: move softleaf_to_folio() inside migration branch

Next message: Bjorn Andersson: "Re: [PATCH] arm64: dts: qcom: lemans: Enable eud support"
Previous message: Tejun Heo: "Re: [RFC PATCH v5 20/29] sched/deadline: Allow deeper hierarchies of RT cgroups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hildenbrand (Arm)

Date: Wed May 13 2026 - 15:26:00 EST

On 4/27/26 12:01, Usama Arif wrote:
> change_non_present_huge_pmd() calls softleaf_to_folio() unconditionally
> at the top of the function. softleaf_to_folio() extracts a PFN from
> the entry and converts it to a folio pointer, which is only meaningful
> for migration and device_private entries that encode a real PFN.
>
> A swap entry encodes a swap offset instead, so softleaf_to_folio()
> would produce a bogus pointer and crash on mprotect() when a PMD swap
> entry is present.
>
> Move the call into the migration_write branch where the folio is
> actually used, so the function is safe for any non-present PMD type.
>
> Signed-off-by: Usama Arif <usama.arif@xxxxxxxxx>
> ---
> mm/huge_memory.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 49da0746b8ca..d82a19b5e276 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -2619,11 +2619,12 @@ static void change_non_present_huge_pmd(struct mm_struct *mm,
> bool uffd_wp_resolve)
> {
> softleaf_t entry = softleaf_from_pmd(*pmd);
> - const struct folio *folio = softleaf_to_folio(entry);
> pmd_t newpmd;
>
> VM_WARN_ON(!pmd_is_valid_softleaf(*pmd));
> if (softleaf_is_migration_write(entry)) {
> + const struct folio *folio = softleaf_to_folio(entry);
> +
> /*
> * A protection check is difficult so
> * just be safe and disable write

Right, and the folio is only required on that path

Acked-by: David Hildenbrand (Arm) <david@xxxxxxxxxx>

--
Cheers,

David