1. Patchew
  2. linux
  3. View series

[PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.

Zi Yan posted 1 patch 1 month, 1 week ago 
mm/huge_memory.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
[PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
Posted by Zi Yan 1 month, 1 week ago 
Both uniform and non uniform split check missed the check to prevent
splitting anon folios in swapcache to non-zero order. Fix the check.

Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
Cc: stable@vger.kernel.org
Signed-off-by: Zi Yan <ziy@nvidia.com>
---
 mm/huge_memory.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 36fc4ff002c9..595811c78f42 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -3674,7 +3674,8 @@ bool non_uniform_split_supported(struct folio *folio, unsigned int new_order,
 		/* order-1 is not supported for anonymous THP. */
 		VM_WARN_ONCE(warns && new_order == 1,
 				"Cannot split to order-1 folio");
-		return new_order != 1;
+		if (new_order == 1)
+			return false;
 	} else if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) &&
 	    !mapping_large_folio_support(folio->mapping)) {
 		/*
@@ -3705,7 +3706,8 @@ bool uniform_split_supported(struct folio *folio, unsigned int new_order,
 	if (folio_test_anon(folio)) {
 		VM_WARN_ONCE(warns && new_order == 1,
 				"Cannot split to order-1 folio");
-		return new_order != 1;
+		if (new_order == 1)
+			return false;
 	} else  if (new_order) {
 		if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) &&
 		    !mapping_large_folio_support(folio->mapping)) {
-- 
2.51.0
Re: [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
Posted by Wei Yang 1 month, 1 week ago 
On Wed, Nov 05, 2025 at 11:29:10AM -0500, Zi Yan wrote:
>Both uniform and non uniform split check missed the check to prevent
>splitting anon folios in swapcache to non-zero order. Fix the check.
>
>Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
>Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
>Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
>Cc: stable@vger.kernel.org
>Signed-off-by: Zi Yan <ziy@nvidia.com>

Reviewed-by: Wei Yang <richard.weiyang@gmail.com>

-- 
Wei Yang
Help you, Help me
Re: [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
Posted by Andrew Morton 1 month, 1 week ago 
On Wed,  5 Nov 2025 11:29:10 -0500 Zi Yan <ziy@nvidia.com> wrote:

> Both uniform and non uniform split check missed the check to prevent
> splitting anon folios in swapcache to non-zero order. Fix the check.

Please describe the possible userspace-visible effects of the bug
especially when proposing a -stable backport.

> Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
> Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
> Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/

I was hopeful, but that's "from code inspection".

> Cc: stable@vger.kernel.org
> Signed-off-by: Zi Yan <ziy@nvidia.com>
Re: [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
Posted by Zi Yan 1 month, 1 week ago 
On 5 Nov 2025, at 18:57, Andrew Morton wrote:

> On Wed,  5 Nov 2025 11:29:10 -0500 Zi Yan <ziy@nvidia.com> wrote:
>
>> Both uniform and non uniform split check missed the check to prevent
>> splitting anon folios in swapcache to non-zero order. Fix the check.
>
> Please describe the possible userspace-visible effects of the bug
> especially when proposing a -stable backport.

Splitting anon folios in swapcache to non-zero order can cause data
corruption since swapcache only support PMD order and order-0 entries.
This can happen when one use split_huge_pages under debugfs to split
anon folios in swapcache.

>
>> Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
>> Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
>> Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
>
> I was hopeful, but that's "from code inspection".

In-tree callers do not perform such an illegal operation. Only debugfs
interface could trigger it. I will put adding a test case on my TODO
list.

>
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Zi Yan <ziy@nvidia.com>


Best Regards,
Yan, Zi
Re: [PATCH] mm/huge_memory: fix folio split check for anon folios in swapcache.
Posted by David Hildenbrand (Red Hat) 1 month, 1 week ago 
On 05.11.25 17:29, Zi Yan wrote:

Nit: drop trailing "." in subject.

I'm sure Andrew can fix that up :)

> Both uniform and non uniform split check missed the check to prevent
> splitting anon folios in swapcache to non-zero order. Fix the check.
> 
> Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
> Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
> Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
> Cc: stable@vger.kernel.org
> Signed-off-by: Zi Yan <ziy@nvidia.com>
> ---

Thanks!

Acked-by: David Hildenbrand (Red Hat) <david@kernel.org>

-- 
Cheers

David

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.