is_zero_pfn() does not work for the huge zero folio. Fix it by using
is_huge_zero_pmd().

Found by code inspection.

Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs")
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
---

Probably we should Cc stable, thoughts?

We should also extend the pagemap_ioctl selftest to cover this case, but I
don't have time for that right now. @Muhammad ?

---
 fs/proc/task_mmu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 27972c0749e78..4be91eb6ea5ca 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -2182,7 +2182,7 @@ static unsigned long pagemap_thp_category(struct pagemap_scan_private *p,
 				categories |= PAGE_IS_FILE;
 		}
 
-		if (is_zero_pfn(pmd_pfn(pmd)))
+		if (is_huge_zero_pmd(pmd))
 			categories |= PAGE_IS_PFNZERO;
 		if (pmd_soft_dirty(pmd))
 			categories |= PAGE_IS_SOFT_DIRTY;
-- 
2.49.0

On 6/17/25 7:35 PM, David Hildenbrand wrote:
> is_zero_pfn() does not work for the huge zero folio. Fix it by using
> is_huge_zero_pmd().
> 
> Found by code inspection.
> 
> Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs")
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
> 
> Probably we should Cc stable, thoughts?
> 
> We should also extend the pagemap_ioctl selftest to cover this case, but I
> don't have time for that right now. @Muhammad ?
Currently, we don't have any test case covering zero pfn. I'm trying to write
a few test cases. But I'm not able to get ZERO PFN. I've tried to allocate a
read only memory and then read it. Is there a trick to how to create ZERO PFN
memory from userspace?

> 
> ---
>  fs/proc/task_mmu.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
> index 27972c0749e78..4be91eb6ea5ca 100644
> --- a/fs/proc/task_mmu.c
> +++ b/fs/proc/task_mmu.c
> @@ -2182,7 +2182,7 @@ static unsigned long pagemap_thp_category(struct pagemap_scan_private *p,
>  				categories |= PAGE_IS_FILE;
>  		}
>  
> -		if (is_zero_pfn(pmd_pfn(pmd)))
> +		if (is_huge_zero_pmd(pmd))
>  			categories |= PAGE_IS_PFNZERO;
>  		if (pmd_soft_dirty(pmd))
>  			categories |= PAGE_IS_SOFT_DIRTY;

On 30.06.25 07:18, Muhammad Usama Anjum wrote:
> On 6/17/25 7:35 PM, David Hildenbrand wrote:
>> is_zero_pfn() does not work for the huge zero folio. Fix it by using
>> is_huge_zero_pmd().
>>
>> Found by code inspection.
>>
>> Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs")
>> Cc: Andrew Morton <akpm@linux-foundation.org>
>> Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
>> Signed-off-by: David Hildenbrand <david@redhat.com>
>> ---
>>
>> Probably we should Cc stable, thoughts?
>>
>> We should also extend the pagemap_ioctl selftest to cover this case, but I
>> don't have time for that right now. @Muhammad ?
> Currently, we don't have any test case covering zero pfn. I'm trying to write
> a few test cases. But I'm not able to get ZERO PFN. I've tried to allocate a
> read only memory and then read it. Is there a trick to how to create ZERO PFN
> memory from userspace?

You need a MAP_ANON | MAP_PRIVATE mapping and have to make sure that the 
compiler does not optimize out the read.

E.g.,

char *mem =  mmap(...);
char tmp = *mem;

asm volatile("" : "+r" (tmp))

or

char *mem =  mmap(...);

*(volatile char *)mem;


To get the shared huge zero folio, you need a suitably aligned VMA. See 
run_with_huge_zeropage() in in tools/testing/selftests/mm/cow.c as one 
example.

-- 
Cheers,

David / dhildenb

On Tue, 17 Jun 2025 16:35:32 +0200 David Hildenbrand <david@redhat.com> wrote:

> is_zero_pfn() does not work for the huge zero folio. Fix it by using
> is_huge_zero_pmd().
> 
> Found by code inspection.
> 
> Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs")
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
> 
> Probably we should Cc stable, thoughts?

Depends on the userspace effects.  I'm thinking these are "This can
cause the PAGEMAP_SCAN ioctl against /proc/pid/pagemap to omit pages"
so yup, cc:stable.

On 18.06.25 01:34, Andrew Morton wrote:
> On Tue, 17 Jun 2025 16:35:32 +0200 David Hildenbrand <david@redhat.com> wrote:
> 
>> is_zero_pfn() does not work for the huge zero folio. Fix it by using
>> is_huge_zero_pmd().
>>
>> Found by code inspection.
>>
>> Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs")
>> Cc: Andrew Morton <akpm@linux-foundation.org>
>> Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
>> Signed-off-by: David Hildenbrand <david@redhat.com>
>> ---
>>
>> Probably we should Cc stable, thoughts?
> 
> Depends on the userspace effects.  I'm thinking these are "This can
> cause the PAGEMAP_SCAN ioctl against /proc/pid/pagemap to omit pages"
> so yup, cc:stable.

I think it will be included as PAGE_IS_PRESENT, but not as 
PAGE_IS_PFNZERO. That makes it a bit harder to judge the impact.

In any case, it's a simple patch and backporting should not really be 
hard (automatic).

-- 
Cheers,

David / dhildenb