git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Muchun Song <songmuchun@bytedance.com>
	Mon, 25 May 2026 02:52:13 +0000 (10:52 +0800)
committer	Andrew Morton <akpm@linux-foundation.org>
	Mon, 1 Jun 2026 04:50:24 +0000 (21:50 -0700)
commit	c7bde43f6daf70e05a64fbca7efdf6fa93e057dc
tree	8668bd2d973ca042d525d06188a384c090209aab	tree \| snapshot
parent	d6b8b02a27b3dd09ec12144322b3dac46d9bc9ef	commit \| diff

mm/hugetlb_vmemmap: fix incorrect vmemmap restore in rollback

vmemmap_restore_pte() rebuilds restored vmemmap pages from a tail-page
template derived from compound_head().  This is wrong when the current PTE
already maps a page whose contents are not tail-page metadata.

In the rollback path of vmemmap_remap_free(), the first restored PTE is
backed by vmemmap_head and contains head-page metadata.  Reconstructing
that page from a tail-page template overwrites the head-page state and
corrupts the restored vmemmap page.

Fix this by copying the full page from the page currently mapped by the
PTE.  Also pass vmemmap_tail to the rollback walk so only PTEs backed by
the shared tail page are restored, while the head PTE remains mapped to
vmemmap_head.  Add VM_WARN_ON_ONCE() checks for unexpected cases.

Link: https://lore.kernel.org/20260525025213.2229628-1-songmuchun@bytedance.com
Fixes: c0b495b91a47 ("mm/hugetlb: refactor code around vmemmap_walk")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Kiryl Shutsemau <kas@kernel.org>
Acked-by: Oscar Salvador (SUSE) <osalvador@kernel.org>
Cc: David Hildenbrand <david@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>