Re: [v2 05/16] mm/migrate_device: move softleaf_to_folio() inside device-private branch

[Zi Yan]

On 2 Jun 2026, at 10:24, Usama Arif wrote:

> migrate_vma_collect_pmd() calls softleaf_to_folio() on a non-present
> PMD before checking the entry's type.  softleaf_to_folio() converts
> the entry's offset to a PFN, which is only meaningful for migration
> or device-private entries.
>
> A PMD swap entry's offset is a swap offset, not a PFN, so the
> lookup would either return a bogus folio pointer or trip pfn_to_page
> validation on a debug kernel.  In the non-device-private path the
> returned folio is then unused (the OR short-circuits to
> migrate_vma_collect_skip()), but the lookup itself is already
> unsafe.
>
> Move the softleaf_to_folio() call inside the device-private branch
> where the folio is actually needed, mirroring the equivalent
> change_non_present_huge_pmd() fix.
>
> Signed-off-by: Usama Arif <usama.arif@xxxxxxxxx>
> ---
>  mm/migrate_device.c | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/mm/migrate_device.c b/mm/migrate_device.c
> index ab93a8d11b70..87f079b64265 100644
> --- a/mm/migrate_device.c
> +++ b/mm/migrate_device.c
> @@ -166,11 +166,14 @@ static int migrate_vma_collect_huge_pmd(pmd_t *pmdp, unsigned long start,
>  	} else if (!pmd_present(*pmdp)) {
>  		const softleaf_t entry = softleaf_from_pmd(*pmdp);
>
> -		folio = softleaf_to_folio(entry);
> -
>  		if (!softleaf_is_device_private(entry) ||
> -			!(migrate->flags & MIGRATE_VMA_SELECT_DEVICE_PRIVATE) ||
> -			(folio->pgmap->owner != migrate->pgmap_owner)) {
> +		    !(migrate->flags & MIGRATE_VMA_SELECT_DEVICE_PRIVATE)) {
> +			spin_unlock(ptl);
> +			return migrate_vma_collect_skip(start, end, walk);
> +		}
> +
> +		folio = softleaf_to_folio(entry);
> +		if (folio->pgmap->owner != migrate->pgmap_owner) {
>  			spin_unlock(ptl);
>  			return migrate_vma_collect_skip(start, end, walk);
>  		}
> -- 
> 2.52.0

Is the patch below a simpler alternative?

diff --git a/mm/migrate_device.c b/mm/migrate_device.c
index 554754eb26ff2..bdf1db67ccae3 100644
--- a/mm/migrate_device.c
+++ b/mm/migrate_device.c
@@ -166,11 +166,14 @@ static int migrate_vma_collect_huge_pmd(pmd_t *pmdp, unsigned long start,
 	} else if (!pmd_present(*pmdp)) {
 		const softleaf_t entry = softleaf_from_pmd(*pmdp);

-		folio = softleaf_to_folio(entry);
+		folio = NULL;

-		if (!softleaf_is_device_private(entry) ||
-			!(migrate->flags & MIGRATE_VMA_SELECT_DEVICE_PRIVATE) ||
-			(folio->pgmap->owner != migrate->pgmap_owner)) {
+		if (softleaf_is_device_private(entry))
+			folio = softleaf_to_folio(entry);
+
+		if (!folio ||
+		    !(migrate->flags & MIGRATE_VMA_SELECT_DEVICE_PRIVATE) ||
+		    (folio->pgmap->owner != migrate->pgmap_owner)) {
 			spin_unlock(ptl);
 			return migrate_vma_collect_skip(start, end, walk);
 		}

I have no strong opinion here. No matter what you choose, feel free
to add:

Reviewed-by: Zi Yan <ziy@xxxxxxxxxx>

--
Best Regards,
Yan, Zi