Re: [External] Re: [RESEND PATCH] riscv: mm: exclude invalid THP PMDs from page table check
From: yunhui cui
Date: Tue Jun 30 2026 - 00:43:11 EST
Hi Andrew,
On Tue, Jun 30, 2026 at 12:04 PM Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> On Sat, 23 May 2026 12:20:52 +0800 Yunhui Cui <cuiyunhui@xxxxxxxxxxxxx> wrote:
>
> > RISC-V THP splitting uses a temporary invalid PMD state where
> > pmd_mkinvalid() clears _PAGE_PRESENT and _PAGE_PROT_NONE but leaves
> > _PAGE_LEAF set so the MM code can still recognize the PMD as a THP split
> > in-progress entry.
> >
> > That temporary state no longer describes a user-accessible mapping, but
> > page_table_check currently treats it as one because the RISC-V PMD
> > user-accessibility test only checks whether the PMD is a leaf and has
> > user permissions.
> >
> > As a result, when a PMD-sized anonymous THP is split during a COW fault,
> > page_table_check can account the invalid intermediate PMD as a live PMD
> > mapping, and then account the replacement PTE mappings again when the
> > split installs the PTE table. This leaves stale PMD accounting behind and
> > later triggers page_table_check failures such as a non-zero
> > anon_map_count when the folio is freed.
> >
> > Fix this by tightening pmd_user_accessible_page() so PMD page-table-check
> > accounting only considers leaf PMDs that still carry either
> > _PAGE_PRESENT or _PAGE_PROT_NONE. This preserves the THP split semantics
> > required by the MM code while preventing page_table_check from treating
> > invalid split PMDs as live user mappings.
> >
> > With CONFIG_PAGE_TABLE_CHECK=y and CONFIG_PAGE_TABLE_CHECK_ENFORCED=y,
> > tools/testing/selftests/mm/cow completes successfully on RISC-V after
> > this change.
>
> Thanks. This seems to have slipped through cracks.
>
> AI review appears to have found a couple of related and serious issues
> in this code.
>
> https://sashiko.dev/#/patchset/20260523042052.35476-1-cuiyunhui@xxxxxxxxxxxxx
>
> perhaps you have time to take a look?
Thanks Andrew, I looked into the Sashiko findings.
Both findings are pre-existing and do not appear to be regressions
introduced by this patch. This patch only changes
pmd_user_accessible_page() for page_table_check accounting.
The pmd_present() / _PAGE_LEAF / swap soft-dirty interaction looks worth
checking separately, especially with CONFIG_MEM_SOFT_DIRTY enabled. The
pud_present() / _PAGE_PROT_NONE case also looks like a pre-existing helper
inconsistency for PUD-size huge mappings.
I will investigate both separately and send follow-up fixes if they turn
out to be real issues.
>
> > Fixes: 3fee229a8eb9 ("riscv/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK")
> > Cc: stable@xxxxxxxxxxxxxxx
> > Signed-off-by: Yunhui Cui <cuiyunhui@xxxxxxxxxxxxx>
> > ---
> > arch/riscv/include/asm/pgtable.h | 9 ++++++++-
> > 1 file changed, 8 insertions(+), 1 deletion(-)
>
> I'm not even slightly a riscv maintainer, but I'll queue this up for
> some linux-next testing and so I can keep an eye on the issue, thanks.
>
>
>
Thanks,
Yunhui