Skip to content

Commit 2a1f366

Browse files
tujinjiang11gregkh
tujinjiang11
authored and
gregkh
committed
mm/smaps: fix race between smaps_hugetlb_range and migration
[ Upstream commit 45d19b4 ] smaps_hugetlb_range() handles the pte without holdling ptl, and may be concurrenct with migration, leaing to BUG_ON in pfn_swap_entry_to_page(). The race is as follows. smaps_hugetlb_range migrate_pages huge_ptep_get remove_migration_ptes folio_unlock pfn_swap_entry_folio BUG_ON To fix it, hold ptl lock in smaps_hugetlb_range(). Link: https://lkml.kernel.org/r/20250724090958.455887-1-tujinjiang@huawei.com Link: https://lkml.kernel.org/r/20250724090958.455887-2-tujinjiang@huawei.com Fixes: 25ee01a ("mm: hugetlb: proc: add hugetlb-related fields to /proc/PID/smaps") Signed-off-by: Jinjiang Tu <tujinjiang@huawei.com> Acked-by: David Hildenbrand <david@redhat.com> Cc: Andrei Vagin <avagin@gmail.com> Cc: Andrii Nakryiko <andrii@kernel.org> Cc: Baolin Wang <baolin.wang@linux.alibaba.com> Cc: Brahmajit Das <brahmajit.xyz@gmail.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Cc: David Rientjes <rientjes@google.com> Cc: Dev Jain <dev.jain@arm.com> Cc: Hugh Dickins <hughd@google.com> Cc: Joern Engel <joern@logfs.org> Cc: Kefeng Wang <wangkefeng.wang@huawei.com> Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> Cc: Michal Hocko <mhocko@suse.com> Cc: Ryan Roberts <ryan.roberts@arm.com> Cc: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
1 parent c078867 commit 2a1f366

1 file changed

Lines changed: 5 additions & 1 deletion

File tree

fs/proc/task_mmu.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1007,10 +1007,13 @@ static int smaps_hugetlb_range(pte_t *pte, unsigned long hmask,
10071007
{
10081008
struct mem_size_stats *mss = walk->private;
10091009
struct vm_area_struct *vma = walk->vma;
1010-
pte_t ptent = huge_ptep_get(walk->mm, addr, pte);
10111010
struct folio *folio = NULL;
10121011
bool present = false;
1012+
spinlock_t *ptl;
1013+
pte_t ptent;
10131014

1015+
ptl = huge_pte_lock(hstate_vma(vma), walk->mm, pte);
1016+
ptent = huge_ptep_get(walk->mm, addr, pte);
10141017
if (pte_present(ptent)) {
10151018
folio = page_folio(pte_page(ptent));
10161019
present = true;
@@ -1029,6 +1032,7 @@ static int smaps_hugetlb_range(pte_t *pte, unsigned long hmask,
10291032
else
10301033
mss->private_hugetlb += huge_page_size(hstate_vma(vma));
10311034
}
1035+
spin_unlock(ptl);
10321036
return 0;
10331037
}
10341038
#else

0 commit comments

Comments
 (0)