On 12/5/25 08:58, Kalyazin, Nikita wrote:
> +static void kvm_gmem_folio_restore_direct_map(struct folio *folio)
> +{
> + /*
> + * Direct map restoration cannot fail, as the only error condition
> + * for direct map manipulation is failure to allocate page tables
> + * when splitting huge pages, but this split would have already
> + * happened in set_direct_map_invalid_noflush() in
> kvm_gmem_folio_zap_direct_map().
> + * Thus set_direct_map_valid_noflush() here only updates prot bits.
> + */
> + if (kvm_gmem_folio_no_direct_map(folio))
> + set_direct_map_valid_noflush(folio_page(folio, 0),
> folio_nr_pages(folio),
> + true);
> +}
This is rather hopeful programming.
I can think of a number of ways that this assumption might become invalid.
This at *least* check for set_direct_map_valid_noflush() failures (or
whatever interface you end up using)?
A WARN_ON_ONCE() would be fine.
