mm/thp: make is_huge_zero_pmd() safe and quicker

Most callers of is_huge_zero_pmd() supply a pmd already verified
present; but a few (notably zap_huge_pmd()) do not - it might be a pmd
migration entry, in which the pfn is encoded differently from a present
pmd: which might pass the is_huge_zero_pmd() test (though not on x86,
since L1TF forced us to protect against that); or perhaps even crash in
pmd_page() applied to a swap-like entry.

Make it safe by adding pmd_present() check into is_huge_zero_pmd()
itself; and make it quicker by saving huge_zero_pfn, so that
is_huge_zero_pmd() will not need to do that pmd_page() lookup each time.

__split_huge_pmd_locked() checked pmd_trans_huge() before: that worked,
but is unnecessary now that is_huge_zero_pmd() checks present.

Fixes: e71769ae5260 ("mm: enable thp migration for shmem thp")
Signed-off-by: Hugh Dickins <>
Acked-by: Kirill A. Shutemov <>
Reviewed-by: Yang Shi <>
Cc: Alistair Popple <>
Cc: Jan Kara <>
Cc: Jue Wang <>
Cc: "Matthew Wilcox (Oracle)" <>
Cc: Miaohe Lin <>
Cc: Minchan Kim <>
Cc: Naoya Horiguchi <>
Cc: Oscar Salvador <>
Cc: Peter Xu <>
Cc: Ralph Campbell <>
Cc: Shakeel Butt <>
Cc: Wang Yugui <>
Cc: Zi Yan <>
Cc: <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
2 files changed