tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'mm-hotfixes-stable-2026-03-28-10-45' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull misc fixes from Andrew Morton:
"10 hotfixes. 8 are cc:stable. 9 are for MM.

There's a 3-patch series of DAMON fixes from Josh Law and SeongJae
Park. The rest are singletons - please see the changelogs for details"

* tag 'mm-hotfixes-stable-2026-03-28-10-45' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
mm/mseal: update VMA end correctly on merge
bug: avoid format attribute warning for clang as well
mm/pagewalk: fix race between concurrent split and refault
mm/memory: fix PMD/PUD checks in follow_pfnmap_start()
mm/damon/sysfs: check contexts->nr in repeat_call_fn
mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure
mm/swap: fix swap cache memcg accounting
MAINTAINERS, mailmap: update email address for Harry Yoo
mm/huge_memory: fix folio isn't locked in softleaf_to_folio()

Linus Torvalds 0bcb517f cbfffcca

+77 -32
+1
.mailmap
··· 316 316 Hans Verkuil <hverkuil@kernel.org> <hansverk@cisco.com> 317 317 Hao Ge <hao.ge@linux.dev> <gehao@kylinos.cn> 318 318 Harry Yoo <harry.yoo@oracle.com> <42.hyeyoo@gmail.com> 319 + Harry Yoo <harry@kernel.org> <harry.yoo@oracle.com> 319 320 Heiko Carstens <hca@linux.ibm.com> <h.carstens@de.ibm.com> 320 321 Heiko Carstens <hca@linux.ibm.com> <heiko.carstens@de.ibm.com> 321 322 Heiko Stuebner <heiko@sntech.de> <heiko.stuebner@bqreaders.com>
+2 -2
MAINTAINERS
··· 16883 16883 R: Rik van Riel <riel@surriel.com> 16884 16884 R: Liam R. Howlett <Liam.Howlett@oracle.com> 16885 16885 R: Vlastimil Babka <vbabka@kernel.org> 16886 - R: Harry Yoo <harry.yoo@oracle.com> 16886 + R: Harry Yoo <harry@kernel.org> 16887 16887 R: Jann Horn <jannh@google.com> 16888 16888 L: linux-mm@kvack.org 16889 16889 S: Maintained ··· 24349 24349 24350 24350 SLAB ALLOCATOR 24351 24351 M: Vlastimil Babka <vbabka@kernel.org> 24352 - M: Harry Yoo <harry.yoo@oracle.com> 24352 + M: Harry Yoo <harry@kernel.org> 24353 24353 M: Andrew Morton <akpm@linux-foundation.org> 24354 24354 R: Hao Li <hao.li@linux.dev> 24355 24355 R: Christoph Lameter <cl@gentwo.org>
+21 -11
include/linux/leafops.h
··· 363 363 return swp_offset(entry) & SWP_PFN_MASK; 364 364 } 365 365 366 + static inline void softleaf_migration_sync(softleaf_t entry, 367 + struct folio *folio) 368 + { 369 + /* 370 + * Ensure we do not race with split, which might alter tail pages into new 371 + * folios and thus result in observing an unlocked folio. 372 + * This matches the write barrier in __split_folio_to_order(). 373 + */ 374 + smp_rmb(); 375 + 376 + /* 377 + * Any use of migration entries may only occur while the 378 + * corresponding page is locked 379 + */ 380 + VM_WARN_ON_ONCE(!folio_test_locked(folio)); 381 + } 382 + 366 383 /** 367 384 * softleaf_to_page() - Obtains struct page for PFN encoded within leaf entry. 368 385 * @entry: Leaf entry, softleaf_has_pfn(@entry) must return true. ··· 391 374 struct page *page = pfn_to_page(softleaf_to_pfn(entry)); 392 375 393 376 VM_WARN_ON_ONCE(!softleaf_has_pfn(entry)); 394 - /* 395 - * Any use of migration entries may only occur while the 396 - * corresponding page is locked 397 - */ 398 - VM_WARN_ON_ONCE(softleaf_is_migration(entry) && !PageLocked(page)); 377 + if (softleaf_is_migration(entry)) 378 + softleaf_migration_sync(entry, page_folio(page)); 399 379 400 380 return page; 401 381 } ··· 408 394 struct folio *folio = pfn_folio(softleaf_to_pfn(entry)); 409 395 410 396 VM_WARN_ON_ONCE(!softleaf_has_pfn(entry)); 411 - /* 412 - * Any use of migration entries may only occur while the 413 - * corresponding folio is locked. 414 - */ 415 - VM_WARN_ON_ONCE(softleaf_is_migration(entry) && 416 - !folio_test_locked(folio)); 397 + if (softleaf_is_migration(entry)) 398 + softleaf_migration_sync(entry, folio); 417 399 418 400 return folio; 419 401 }
+2 -5
lib/bug.c
··· 173 173 return module_find_bug(bugaddr); 174 174 } 175 175 176 - __diag_push(); 177 - __diag_ignore(GCC, all, "-Wsuggest-attribute=format", 178 - "Not a valid __printf() conversion candidate."); 179 - static void __warn_printf(const char *fmt, struct pt_regs *regs) 176 + static __printf(1, 0) 177 + void __warn_printf(const char *fmt, struct pt_regs *regs) 180 178 { 181 179 if (!fmt) 182 180 return; ··· 193 195 194 196 printk("%s", fmt); 195 197 } 196 - __diag_pop(); 197 198 198 199 static enum bug_trap_type __report_bug(struct bug_entry *bug, unsigned long bugaddr, struct pt_regs *regs) 199 200 {
+9 -1
mm/damon/sysfs.c
··· 1524 1524 if (IS_ERR(param_ctx)) 1525 1525 return PTR_ERR(param_ctx); 1526 1526 test_ctx = damon_sysfs_new_test_ctx(kdamond->damon_ctx); 1527 - if (!test_ctx) 1527 + if (!test_ctx) { 1528 + damon_destroy_ctx(param_ctx); 1528 1529 return -ENOMEM; 1530 + } 1529 1531 err = damon_commit_ctx(test_ctx, param_ctx); 1530 1532 if (err) 1531 1533 goto out; ··· 1620 1618 1621 1619 if (!mutex_trylock(&damon_sysfs_lock)) 1622 1620 return 0; 1621 + if (sysfs_kdamond->contexts->nr != 1) 1622 + goto out; 1623 1623 damon_sysfs_upd_tuned_intervals(sysfs_kdamond); 1624 1624 damon_sysfs_upd_schemes_stats(sysfs_kdamond); 1625 1625 damon_sysfs_upd_schemes_effective_quotas(sysfs_kdamond); 1626 + out: 1626 1627 mutex_unlock(&damon_sysfs_lock); 1627 1628 return 0; 1628 1629 } ··· 1752 1747 static int damon_sysfs_handle_cmd(enum damon_sysfs_cmd cmd, 1753 1748 struct damon_sysfs_kdamond *kdamond) 1754 1749 { 1750 + if (cmd != DAMON_SYSFS_CMD_OFF && kdamond->contexts->nr != 1) 1751 + return -EINVAL; 1752 + 1755 1753 switch (cmd) { 1756 1754 case DAMON_SYSFS_CMD_ON: 1757 1755 return damon_sysfs_turn_damon_on(kdamond);
+15 -3
mm/memory.c
··· 6815 6815 6816 6816 pudp = pud_offset(p4dp, address); 6817 6817 pud = pudp_get(pudp); 6818 - if (pud_none(pud)) 6818 + if (!pud_present(pud)) 6819 6819 goto out; 6820 6820 if (pud_leaf(pud)) { 6821 6821 lock = pud_lock(mm, pudp); 6822 - if (!unlikely(pud_leaf(pud))) { 6822 + pud = pudp_get(pudp); 6823 + 6824 + if (unlikely(!pud_present(pud))) { 6825 + spin_unlock(lock); 6826 + goto out; 6827 + } else if (unlikely(!pud_leaf(pud))) { 6823 6828 spin_unlock(lock); 6824 6829 goto retry; 6825 6830 } ··· 6836 6831 6837 6832 pmdp = pmd_offset(pudp, address); 6838 6833 pmd = pmdp_get_lockless(pmdp); 6834 + if (!pmd_present(pmd)) 6835 + goto out; 6839 6836 if (pmd_leaf(pmd)) { 6840 6837 lock = pmd_lock(mm, pmdp); 6841 - if (!unlikely(pmd_leaf(pmd))) { 6838 + pmd = pmdp_get(pmdp); 6839 + 6840 + if (unlikely(!pmd_present(pmd))) { 6841 + spin_unlock(lock); 6842 + goto out; 6843 + } else if (unlikely(!pmd_leaf(pmd))) { 6842 6844 spin_unlock(lock); 6843 6845 goto retry; 6844 6846 }
+1 -2
mm/mseal.c
··· 56 56 unsigned long start, unsigned long end) 57 57 { 58 58 struct vm_area_struct *vma, *prev; 59 - unsigned long curr_start = start; 60 59 VMA_ITERATOR(vmi, mm, start); 61 60 62 61 /* We know there are no gaps so this will be non-NULL. */ ··· 65 66 prev = vma; 66 67 67 68 for_each_vma_range(vmi, vma, end) { 69 + const unsigned long curr_start = MAX(vma->vm_start, start); 68 70 const unsigned long curr_end = MIN(vma->vm_end, end); 69 71 70 72 if (!(vma->vm_flags & VM_SEALED)) { ··· 79 79 } 80 80 81 81 prev = vma; 82 - curr_start = curr_end; 83 82 } 84 83 85 84 return 0;
+22 -3
mm/pagewalk.c
··· 97 97 static int walk_pmd_range(pud_t *pud, unsigned long addr, unsigned long end, 98 98 struct mm_walk *walk) 99 99 { 100 + pud_t pudval = pudp_get(pud); 100 101 pmd_t *pmd; 101 102 unsigned long next; 102 103 const struct mm_walk_ops *ops = walk->ops; ··· 105 104 bool has_install = ops->install_pte; 106 105 int err = 0; 107 106 int depth = real_depth(3); 107 + 108 + /* 109 + * For PTE handling, pte_offset_map_lock() takes care of checking 110 + * whether there actually is a page table. But it also has to be 111 + * very careful about concurrent page table reclaim. 112 + * 113 + * Similarly, we have to be careful here - a PUD entry that points 114 + * to a PMD table cannot go away, so we can just walk it. But if 115 + * it's something else, we need to ensure we didn't race something, 116 + * so need to retry. 117 + * 118 + * A pertinent example of this is a PUD refault after PUD split - 119 + * we will need to split again or risk accessing invalid memory. 120 + */ 121 + if (!pud_present(pudval) || pud_leaf(pudval)) { 122 + walk->action = ACTION_AGAIN; 123 + return 0; 124 + } 108 125 109 126 pmd = pmd_offset(pud, addr); 110 127 do { ··· 237 218 else if (pud_leaf(*pud) || !pud_present(*pud)) 238 219 continue; /* Nothing to do. */ 239 220 240 - if (pud_none(*pud)) 241 - goto again; 242 - 243 221 err = walk_pmd_range(pud, addr, next, walk); 244 222 if (err) 245 223 break; 224 + 225 + if (walk->action == ACTION_AGAIN) 226 + goto again; 246 227 } while (pud++, addr = next, addr != end); 247 228 248 229 return err;
+4 -5
mm/swap_state.c
··· 494 494 495 495 __folio_set_locked(folio); 496 496 __folio_set_swapbacked(folio); 497 + 498 + if (!charged && mem_cgroup_swapin_charge_folio(folio, NULL, gfp, entry)) 499 + goto failed; 500 + 497 501 for (;;) { 498 502 ret = swap_cache_add_folio(folio, entry, &shadow); 499 503 if (!ret) ··· 516 512 swapcache = swap_cache_get_folio(entry); 517 513 if (swapcache) 518 514 goto failed; 519 - } 520 - 521 - if (!charged && mem_cgroup_swapin_charge_folio(folio, NULL, gfp, entry)) { 522 - swap_cache_del_folio(folio); 523 - goto failed; 524 515 } 525 516 526 517 memcg1_swapin(entry, folio_nr_pages(folio));