[PATCH v3 0/3] mm/memfd: Reserve hugetlb folios before allocation

Vivek Kasireddy vivek.kasireddy at intel.com
Wed May 21 05:19:34 UTC 2025 

There are cases where we try to pin a folio but discover that it has
not been faulted-in. So, we try to allocate it in memfd_alloc_folio()
but there is a chance that we might encounter a crash/failure
(VM_BUG_ON(!h->resv_huge_pages)) if there are no active reservations
at that instant. This issue was reported by syzbot.

Therefore, to avoid this situation and fix this issue, we just need
to make a reservation (by calling hugetlb_reserve_pages()) before
we try to allocate the folio. This will ensure that we are properly
doing region/subpool accounting associated with our allocation.

-----------------------------

Patchset overview:

Patch 1: Return nr of updated entries from hugetlb_reserve_pages()
Patch 2: Fix for VM_BUG_ON(!h->resv_huge_pages) crash reported by syzbot
Patch 3: New udmabuf selftest to invoke memfd_alloc_folio()

This series is tested by running the new udmabuf selftest introduced
in patch #3 along with the other selftests.

Changelog:
v2 -> v3:
- Call hugetlb_unreserve_pages() only if the reservation was actively
  (and successfully) made from memfd_alloc_folio() (David)

v1 -> v2:
- Replace VM_BUG_ON() with WARN_ON_ONCE() in the function
  alloc_hugetlb_folio_reserve() (David)
- Move the inline function subpool_inode() from hugetlb.c into the
  relevant header (hugetlb.h)
- Call hugetlb_unreserve_pages() if the folio cannot be added to
  the page cache as well
- Added a new udmabuf selftest to exercise the same path as that
  of syzbot

Cc: Gerd Hoffmann <kraxel at redhat.com>
Cc: Steve Sistare <steven.sistare at oracle.com>
Cc: Muchun Song <muchun.song at linux.dev>
Cc: David Hildenbrand <david at redhat.com>
Cc: Andrew Morton <akpm at linux-foundation.org>

Vivek Kasireddy (3):
  mm/hugetlb: Make hugetlb_reserve_pages() return nr of entries updated
  mm/memfd: Reserve hugetlb folios before allocation
  selftests/udmabuf: Add a test to pin first before writing to memfd

 fs/hugetlbfs/inode.c                          |  8 ++---
 include/linux/hugetlb.h                       |  7 +++-
 mm/hugetlb.c                                  | 33 +++++++++++--------
 mm/memfd.c                                    | 17 ++++++++--
 .../selftests/drivers/dma-buf/udmabuf.c       | 20 ++++++++++-
 5 files changed, 62 insertions(+), 23 deletions(-)

-- 
2.49.0

More information about the dri-devel mailing list