On Tue, Jun 08, 2021 at 09:08:09PM -0700, Hugh Dickins wrote: > Most callers of is_huge_zero_pmd() supply a pmd already verified present; > but a few (notably zap_huge_pmd()) do not - it might be a pmd migration > entry, in which the pfn is encoded differently from a present pmd: which > might pass the is_huge_zero_pmd() test (though not on x86, since L1TF > forced us to protect against that); or perhaps even crash in pmd_page() > applied to a swap-like entry. > > Make it safe by adding pmd_present() check into is_huge_zero_pmd() itself; > and make it quicker by saving huge_zero_pfn, so that is_huge_zero_pmd() > will not need to do that pmd_page() lookup each time. > > __split_huge_pmd_locked() checked pmd_trans_huge() before: that worked, > but is unnecessary now that is_huge_zero_pmd() checks present. > > Fixes: e71769ae5260 ("mm: enable thp migration for shmem thp") > Signed-off-by: Hugh Dickins <hughd@xxxxxxxxxx> > Cc: <stable@xxxxxxxxxxxxxxx> Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> -- Kirill A. Shutemov