Re: [PATCH 2/5] mm/rmap: use huge_ptep_get() in try_to_migrate_one()

Next message: Reinette Chatre: "Re: [PATCH v3 1/3] selftests/resctrl: Skip L3_CAT when no exclusive cache portion exists"
Previous message: Hui Zhu: "[PATCH v7] mm: assert exclusive nid/zonenum bits at the page/folio access sites"
In reply to: Dev Jain: "[PATCH 2/5] mm/rmap: use huge_ptep_get() in try_to_migrate_one()"
Next in thread: Dev Jain: "[PATCH 4/5] mm/page_vma_mapped: use huge_ptep_get() for hugetlb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Muchun Song

Date: Thu Jun 25 2026 - 23:25:29 EST

> On Jun 25, 2026, at 19:29, Dev Jain <dev.jain@xxxxxxx> wrote:
>
> try_to_migrate_one() is used by folio migration to replace a present
> mapping with a migration entry. For hugetlb folios, page_vma_mapped_walk()
> returns the pte pointer to the hugetlb folio in pvmw.pte, but the code
> reads the huge pte entry with ptep_get().
>
> On arches which provide their own huge_ptep_get() to dereference a huge
> pte pointer, accessing via ptep_get() would cause pte_pfn(), pte_present()
> etc to misbehave.
>
> It is not clear whether this has a trivially visible effect to userspace.
>
> Use huge_ptep_get() to dereference a huge pte pointer.
>
> Commit a98a2f0c8ce1 copied the bug from try_to_unmap_one into
> try_to_migrate_one.
>
> Fixes: a98a2f0c8ce1 ("mm/rmap: split migration into its own function")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Dev Jain <dev.jain@xxxxxxx>

Acked-by: Muchun Song <muchun.song@xxxxxxxxx>

Thanks.