Re: [PATCH v8] hugetlbfs: move lock assertions after early returns in huge_pmd_unshare()

[David Hildenbrand]

On 14.10.25 13:33, Deepanshu Kartikey wrote:
> When hugetlb_vmdelete_list() processes VMAs during truncate operations,
> it may encounter VMAs where huge_pmd_unshare() is called without the
> required shareable lock. This triggers an assertion failure in
> hugetlb_vma_assert_locked().
>
> The previous fix in commit dd83609b8898 ("hugetlbfs: skip VMAs without
> shareable locks in hugetlb_vmdelete_list") skipped entire VMAs without
> shareable locks to avoid the assertion. However, this prevented pages
> from being unmapped and freed, causing a regression in fallocate(PUNCH_HOLE)
> operations where pages were not freed immediately, as reported by Mark Brown.
>
> Instead of checking locks in the caller or skipping VMAs, move the lock
> assertions in huge_pmd_unshare() to after the early return checks. The
> assertions are only needed when actual PMD unsharing work will be performed.
> If the function returns early because sz != PMD_SIZE or the PMD is not
> shared, no locks are required and assertions should not fire.
>
> This approach reverts the VMA skipping logic from commit dd83609b8898
> ("hugetlbfs: skip VMAs without shareable locks in hugetlb_vmdelete_list")
> while moving the assertions to avoid the assertion failure, keeping all the
> logic within huge_pmd_unshare() itself and allowing page unmapping and
> freeing to proceed for all VMAs.
>
> Reported-by: syzbot+f26d7c75c26ec19790e7@xxxxxxxxxxxxxxxxxxxxxxxxx
> Reported-by: Mark Brown <broonie@xxxxxxxxxx>
> Closes: https://syzkaller.appspot.com/bug?extid=f26d7c75c26ec19790e7
> Fixes: dd83609b8898 ("hugetlbfs: skip VMAs without shareable locks in hugetlb_vmdelete_list")
> Suggested-by: David Hildenbrand <david@xxxxxxxxxx>
> Suggested-by: Oscar Salvador <osalvador@xxxxxxx>
> Tested-by: syzbot+f26d7c75c26ec19790e7@xxxxxxxxxxxxxxxxxxxxxxxxx
> Link: https://lore.kernel.org/mm-commits/20250925203504.7BE02C4CEF7@xxxxxxxxxxxxxxx/ [v1]
> Link: https://lore.kernel.org/mm-commits/20250928185232.BEDB6C4CEF0@xxxxxxxxxxxxxxx/ [v2]
> Link: https://lore.kernel.org/linux-mm/20251003174553.3078839-1-kartikey406@xxxxxxxxx/ [v3]
> Link: https://lore.kernel.org/linux-mm/20251008052759.469714-1-kartikey406@xxxxxxxxx/ [v4]
> Link: https://lore.kernel.org/linux-mm/CADhLXY72yEVDjXWfxBUXfXhNfb8MWqwJmcb1daEHmDeFW+DRGw@xxxxxxxxxxxxxx/ [v5]
> Link: https://lore.kernel.org/linux-mm/e6bb05f7-8f05-409f-9d87-2d25f66942a9@xxxxxxxxxx/ [v6]
> Link: https://lore.kernel.org/linux-mm/CADhLXY4WPxzvzuiZPJmhS-9xMqRZ_qf7ZcFf5MXPgXbgB3_Xzg@xxxxxxxxxxxxxx/ [v7]
> Signed-off-by: Deepanshu Kartikey <kartikey406@xxxxxxxxx>
> ---


Acked-by: David Hildenbrand <david@xxxxxxxxxx>

--
Cheers

David / dhildenb