{"id":"CVE-2024-40950","summary":"mm: huge_memory: fix misused mapping_large_folio_support() for anon folios","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: fix misused mapping_large_folio_support() for anon folios\n\nWhen I did a large folios split test, a WARNING \"[ 5059.122759][ T166]\nCannot split file folio to non-0 order\" was triggered.  But the test cases\nare only for anonmous folios.  while mapping_large_folio_support() is only\nreasonable for page cache folios.\n\nIn split_huge_page_to_list_to_order(), the folio passed to\nmapping_large_folio_support() maybe anonmous folio.  The folio_test_anon()\ncheck is missing.  So the split of the anonmous THP is failed.  This is\nalso the same for shmem_mapping().  We'd better add a check for both.  But\nthe shmem_mapping() in __split_huge_page() is not involved, as for\nanonmous folios, the end parameter is set to -1, so (head[i].index \u003e= end)\nis always false.  shmem_mapping() is not called.\n\nAlso add a VM_WARN_ON_ONCE() in mapping_large_folio_support() for anon\nmapping, So we can detect the wrong use more easily.\n\nTHP folios maybe exist in the pagecache even the file system doesn't\nsupport large folio, it is because when CONFIG_TRANSPARENT_HUGEPAGE is\nenabled, khugepaged will try to collapse read-only file-backed pages to\nTHP.  But the mapping does not actually support multi order large folios\nproperly.\n\nUsing /sys/kernel/debug/split_huge_pages to verify this, with this patch,\nlarge anon THP is successfully split and the warning is ceased.","modified":"2026-03-20T12:37:24.918291Z","published":"2024-07-12T12:31:54.815Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40950.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5df493a99fcf887133cf01d23cd4bebb6d385d3c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6a50c9b512f7734bc356f4bd47885a6f7c98491a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40950.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40950"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c010d47f107f609b9f4d6a103b6dfc53889049e9"},{"fixed":"5df493a99fcf887133cf01d23cd4bebb6d385d3c"},{"fixed":"6a50c9b512f7734bc356f4bd47885a6f7c98491a"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40950.json"}}],"schema_version":"1.7.5"}