Re: [Patch mm-hotfixes v4] mm/page_vma_mapped: fix device-private PMD handling

From: Lance Yang

Date: Thu Jun 25 2026 - 07:26:20 EST




On 2026/6/25 18:37, David Hildenbrand (Arm) wrote:

CPU0: pmde = pmdp_get_lockless(); // sees PMD migration entry

CPU1: remove_migration_ptes(src, dst /* device-private */)
... via rmap_walk(dst) ...
page_vma_mapped_walk(&pvmw /* src, PVMW_MIGRATION */)
returns with PTL held for the PMD migration entry
remove_migration_pmd(new = dst page)
installs a device-private PMD
next page_vma_mapped_walk()
drops PTL via not_found()

CPU0: takes PTL
pmde = *pvmw->pmd; // now device-private PMD

So when PVMW_MIGRATION is not set, current code can return not_found()
before we even decode the locked PMD as a device-private entry.

Commit 65edfda6f3f2 ("mm/rmap: extend rmap and migration support
device-private entries") made the

device-private PMD <-> PMD migration

transition possible.

Doesn't the folio lock help here already?

Ah, yeah, I was too focused on the PTL and missed the folio lock ...
Don't have a caller like that :) Went over the fix again, nothing
else jumped out.