Skip to content

Commit b625883

Browse files
tujinjiang11gregkh
tujinjiang11
authored and
gregkh
committed
mm/smaps: fix race between smaps_hugetlb_range and migration
[ Upstream commit 45d19b4 ] smaps_hugetlb_range() handles the pte without holdling ptl, and may be concurrenct with migration, leaing to BUG_ON in pfn_swap_entry_to_page(). The race is as follows. smaps_hugetlb_range migrate_pages huge_ptep_get remove_migration_ptes folio_unlock pfn_swap_entry_folio BUG_ON To fix it, hold ptl lock in smaps_hugetlb_range(). Link: https://lkml.kernel.org/r/20250724090958.455887-1-tujinjiang@huawei.com Link: https://lkml.kernel.org/r/20250724090958.455887-2-tujinjiang@huawei.com Fixes: 25ee01a ("mm: hugetlb: proc: add hugetlb-related fields to /proc/PID/smaps") Signed-off-by: Jinjiang Tu <tujinjiang@huawei.com> Acked-by: David Hildenbrand <david@redhat.com> Cc: Andrei Vagin <avagin@gmail.com> Cc: Andrii Nakryiko <andrii@kernel.org> Cc: Baolin Wang <baolin.wang@linux.alibaba.com> Cc: Brahmajit Das <brahmajit.xyz@gmail.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Cc: David Rientjes <rientjes@google.com> Cc: Dev Jain <dev.jain@arm.com> Cc: Hugh Dickins <hughd@google.com> Cc: Joern Engel <joern@logfs.org> Cc: Kefeng Wang <wangkefeng.wang@huawei.com> Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> Cc: Michal Hocko <mhocko@suse.com> Cc: Ryan Roberts <ryan.roberts@arm.com> Cc: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
1 parent 55c232d commit b625883

1 file changed

Lines changed: 5 additions & 1 deletion

File tree

fs/proc/task_mmu.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1020,10 +1020,13 @@ static int smaps_hugetlb_range(pte_t *pte, unsigned long hmask,
10201020
{
10211021
struct mem_size_stats *mss = walk->private;
10221022
struct vm_area_struct *vma = walk->vma;
1023-
pte_t ptent = huge_ptep_get(walk->mm, addr, pte);
10241023
struct folio *folio = NULL;
10251024
bool present = false;
1025+
spinlock_t *ptl;
1026+
pte_t ptent;
10261027

1028+
ptl = huge_pte_lock(hstate_vma(vma), walk->mm, pte);
1029+
ptent = huge_ptep_get(walk->mm, addr, pte);
10271030
if (pte_present(ptent)) {
10281031
folio = page_folio(pte_page(ptent));
10291032
present = true;
@@ -1042,6 +1045,7 @@ static int smaps_hugetlb_range(pte_t *pte, unsigned long hmask,
10421045
else
10431046
mss->private_hugetlb += huge_page_size(hstate_vma(vma));
10441047
}
1048+
spin_unlock(ptl);
10451049
return 0;
10461050
}
10471051
#else

0 commit comments

Comments
 (0)