Commit 39928984 authored Apr 10, 2026 by Matthew Brost Committed by Andrew Morton Apr 18, 2026

mm/zone_device: do not touch device folio after calling ->folio_free()

The contents of a device folio can immediately change after calling
->folio_free(), as the folio may be reallocated by a driver with a
different order.  Instead of touching the folio again to extract the
pgmap, use the local stack variable when calling percpu_ref_put_many().

Link: https://lore.kernel.org/20260410230346.4009855-1-matthew.brost@intel.com


Fixes: d245f9b4 ("mm/zone_device: support large zone device private folios")
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Balbir Singh <balbirs@nvidia.com>
Reviewed-by: Vishal Moola <vishal.moola@gmail.com>
Reviewed-by: Alistair Popple <apopple@nvidia.com>
Cc: David Hildenbrand <david@kernel.org>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

parent 8bbde987

mm/memremap.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -454,7 +454,7 @@ void free_zone_device_folio(struct folio *folio)
		if (WARN_ON_ONCE(!pgmap->ops \|\| !pgmap->ops->folio_free))
		break;
		pgmap->ops->folio_free(folio);
		percpu_ref_put_many(&folio->pgmap->ref, nr);
		percpu_ref_put_many(&pgmap->ref, nr);
		break;

		case MEMORY_DEVICE_GENERIC: