The patch titled Subject: mm/hugetlb: separate path for hwpoison entry in copy_hugetlb_page_range() has been added to the -mm mm-unstable branch. Its filename is mm-hugetlb-separate-path-for-hwpoison-entry-in-copy_hugetlb_page_range.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-hugetlb-separate-path-for-hwpoison-entry-in-copy_hugetlb_page_range.patch This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Naoya Horiguchi <naoya.horiguchi@xxxxxxx> Subject: mm/hugetlb: separate path for hwpoison entry in copy_hugetlb_page_range() Date: Thu, 30 Jun 2022 11:27:48 +0900 Originally copy_hugetlb_page_range() handles migration entries and hwpoisoned entries in similar manner. But recently the related code path has more code for migration entries, and when is_writable_migration_entry() was converted to !is_readable_migration_entry(), hwpoison entries on source processes got to be unexpectedly updated (which is legitimate for migration entries, but not for hwpoison entries). This results in unexpected serious issues like kernel panic when forking processes with hwpoison entries in pmd. Separate the if branch into one for hwpoison entries and one for migration entries. Link: https://lkml.kernel.org/r/20220630022755.3362349-3-naoya.horiguchi@xxxxxxxxx Fixes: 6c287605fd56 ("mm: remember exclusively mapped anonymous pages with PG_anon_exclusive") Signed-off-by: Naoya Horiguchi <naoya.horiguchi@xxxxxxx> Reviewed-by: Miaohe Lin <linmiaohe@xxxxxxxxxx> Reviewed-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx> Reviewed-by: Muchun Song <songmuchun@xxxxxxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> # 5.18 Cc: David Hildenbrand <david@xxxxxxxxxx> Cc: Liu Shixin <liushixin2@xxxxxxxxxx> Cc: Oscar Salvador <osalvador@xxxxxxx> Cc: Yang Shi <shy828301@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/hugetlb.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-separate-path-for-hwpoison-entry-in-copy_hugetlb_page_range +++ a/mm/hugetlb.c @@ -4803,8 +4803,13 @@ again: * sharing with another vma. */ ; - } else if (unlikely(is_hugetlb_entry_migration(entry) || - is_hugetlb_entry_hwpoisoned(entry))) { + } else if (unlikely(is_hugetlb_entry_hwpoisoned(entry))) { + bool uffd_wp = huge_pte_uffd_wp(entry); + + if (!userfaultfd_wp(dst_vma) && uffd_wp) + entry = huge_pte_clear_uffd_wp(entry); + set_huge_swap_pte_at(dst, addr, dst_pte, entry, sz); + } else if (unlikely(is_hugetlb_entry_migration(entry))) { swp_entry_t swp_entry = pte_to_swp_entry(entry); bool uffd_wp = huge_pte_uffd_wp(entry); _ Patches currently in -mm which might be from naoya.horiguchi@xxxxxxx are mm-hugetlb-check-gigantic_page_runtime_supported-in-return_unused_surplus_pages.patch mm-hugetlb-separate-path-for-hwpoison-entry-in-copy_hugetlb_page_range.patch mm-hugetlb-make-pud_huge-and-follow_huge_pud-aware-of-non-present-pud-entry.patch mm-hwpoison-hugetlb-support-saving-mechanism-of-raw-error-pages.patch mm-hwpoison-make-unpoison-aware-of-raw-error-info-in-hwpoisoned-hugepage.patch mm-hwpoison-set-pg_hwpoison-for-busy-hugetlb-pages.patch mm-hwpoison-make-__page_handle_poison-returns-int.patch mm-hwpoison-skip-raw-hwpoison-page-in-freeing-1gb-hugepage.patch mm-hwpoison-enable-memory-error-handling-on-1gb-hugepage.patch