Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'mm-hotfixes-stable-2025-10-22-12-43' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull hotfixes from Andrew Morton:
"17 hotfixes. 12 are cc:stable and 14 are for MM.
There's a two-patch DAMON series from SeongJae Park which addresses a
missed check and possible memory leak. Apart from that it's all
singletons - please see the changelogs for details"
* tag 'mm-hotfixes-stable-2025-10-22-12-43' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
csky: abiv2: adapt to new folio flags field
mm/damon/core: use damos_commit_quota_goal() for new goal commit
mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme
hugetlbfs: move lock assertions after early returns in huge_pmd_unshare()
vmw_balloon: indicate success when effectively deflating during migration
mm/damon/core: fix list_add_tail() call on damon_call()
mm/mremap: correctly account old mapping after MREMAP_DONTUNMAP remap
mm: prevent poison consumption when splitting THP
ocfs2: clear extent cache after moving/defragmenting extents
mm: don't spin in add_stack_record when gfp flags don't allow
dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC
mm/damon/sysfs: dealloc commit test ctx always
mm/damon/sysfs: catch commit test ctx alloc failure
hung_task: fix warnings caused by unaligned lock pointers
+45
-39
+1
-1
arch/csky/abiv2/cacheflush.c
+1
-1
arch/csky/abiv2/cacheflush.c
+2
-2
arch/csky/abiv2/inc/abi/cacheflush.h
+2
-2
arch/csky/abiv2/inc/abi/cacheflush.h
···
20
20
21
21
static inline void flush_dcache_folio(struct folio *folio)
22
22
{
23
-
if (test_bit(PG_dcache_clean, &folio->flags))
24
-
clear_bit(PG_dcache_clean, &folio->flags);
23
+
if (test_bit(PG_dcache_clean, &folio->flags.f))
24
+
clear_bit(PG_dcache_clean, &folio->flags.f);
25
25
}
26
26
#define flush_dcache_folio flush_dcache_folio
27
27
+3
-5
drivers/misc/vmw_balloon.c
+3
-5
drivers/misc/vmw_balloon.c
···
1737
1737
{
1738
1738
unsigned long status, flags;
1739
1739
struct vmballoon *b;
1740
-
int ret;
1740
+
int ret = 0;
1741
1741
1742
1742
b = container_of(b_dev_info, struct vmballoon, b_dev_info);
1743
1743
···
1796
1796
* A failure happened. While we can deflate the page we just
1797
1797
* inflated, this deflation can also encounter an error. Instead
1798
1798
* we will decrease the size of the balloon to reflect the
1799
-
* change and report failure.
1799
+
* change.
1800
1800
*/
1801
1801
atomic64_dec(&b->size);
1802
-
ret = -EBUSY;
1803
1802
} else {
1804
1803
/*
1805
1804
* Success. Take a reference for the page, and we will add it to
1806
1805
* the list after acquiring the lock.
1807
1806
*/
1808
1807
get_page(newpage);
1809
-
ret = 0;
1810
1808
}
1811
1809
1812
1810
/* Update the balloon list under the @pages_lock */
···
1815
1817
* If we succeed just insert it to the list and update the statistics
1816
1818
* under the lock.
1817
1819
*/
1818
-
if (!ret) {
1820
+
if (status == VMW_BALLOON_SUCCESS) {
1819
1821
balloon_page_insert(&b->b_dev_info, newpage);
1820
1822
__count_vm_event(BALLOON_MIGRATE);
1821
1823
}
-9
fs/hugetlbfs/inode.c
-9
fs/hugetlbfs/inode.c
···
478
478
if (!hugetlb_vma_trylock_write(vma))
479
479
continue;
480
480
481
-
/*
482
-
* Skip VMAs without shareable locks. Per the design in commit
483
-
* 40549ba8f8e0, these will be handled by remove_inode_hugepages()
484
-
* called after this function with proper locking.
485
-
*/
486
-
if (!__vma_shareable_lock(vma))
487
-
goto skip;
488
-
489
481
v_start = vma_offset_start(vma, start);
490
482
v_end = vma_offset_end(vma, end);
491
483
···
488
496
* vmas. Therefore, lock is not held when calling
489
497
* unmap_hugepage_range for private vmas.
490
498
*/
491
-
skip:
492
499
hugetlb_vma_unlock_write(vma);
493
500
}
494
501
}
+5
fs/ocfs2/move_extents.c
+5
fs/ocfs2/move_extents.c
···
867
867
mlog_errno(ret);
868
868
goto out;
869
869
}
870
+
/*
871
+
* Invalidate extent cache after moving/defragging to prevent
872
+
* stale cached data with outdated extent flags.
873
+
*/
874
+
ocfs2_extent_map_trunc(inode, cpos);
870
875
871
876
context->clusters_moved += alloc_size;
872
877
next:
+5
-3
include/linux/hung_task.h
+5
-3
include/linux/hung_task.h
···
20
20
* always zero. So we can use these bits to encode the specific blocking
21
21
* type.
22
22
*
23
+
* Note that on architectures where this is not guaranteed, or for any
24
+
* unaligned lock, this tracking mechanism is silently skipped for that
25
+
* lock.
26
+
*
23
27
* Type encoding:
24
28
* 00 - Blocked on mutex (BLOCKER_TYPE_MUTEX)
25
29
* 01 - Blocked on semaphore (BLOCKER_TYPE_SEM)
···
49
45
* If the lock pointer matches the BLOCKER_TYPE_MASK, return
50
46
* without writing anything.
51
47
*/
52
-
if (WARN_ON_ONCE(lock_ptr & BLOCKER_TYPE_MASK))
48
+
if (lock_ptr & BLOCKER_TYPE_MASK)
53
49
return;
54
50
55
51
WRITE_ONCE(current->blocker, lock_ptr | type);
···
57
53
58
54
static inline void hung_task_clear_blocker(void)
59
55
{
60
-
WARN_ON_ONCE(!READ_ONCE(current->blocker));
61
-
62
56
WRITE_ONCE(current->blocker, 0UL);
63
57
}
64
58
+4
-1
kernel/dma/debug.c
+4
-1
kernel/dma/debug.c
···
23
23
#include <linux/ctype.h>
24
24
#include <linux/list.h>
25
25
#include <linux/slab.h>
26
+
#include <linux/swiotlb.h>
26
27
#include <asm/sections.h>
27
28
#include "debug.h"
28
29
···
595
594
if (rc == -ENOMEM) {
596
595
pr_err_once("cacheline tracking ENOMEM, dma-debug disabled\n");
597
596
global_disable = true;
598
-
} else if (rc == -EEXIST && !(attrs & DMA_ATTR_SKIP_CPU_SYNC)) {
597
+
} else if (rc == -EEXIST && !(attrs & DMA_ATTR_SKIP_CPU_SYNC) &&
598
+
!(IS_ENABLED(CONFIG_DMA_BOUNCE_UNALIGNED_KMALLOC) &&
599
+
is_swiotlb_active(entry->dev))) {
599
600
err_printk(entry->dev, entry,
600
601
"cacheline tracking EEXIST, overlapping mappings aren't supported\n");
601
602
}
+5
-2
mm/damon/core.c
+5
-2
mm/damon/core.c
···
452
452
damos_for_each_filter_safe(f, next, s)
453
453
damos_destroy_filter(f);
454
454
455
+
damos_for_each_ops_filter_safe(f, next, s)
456
+
damos_destroy_filter(f);
457
+
455
458
kfree(s->migrate_dests.node_id_arr);
456
459
kfree(s->migrate_dests.weight_arr);
457
460
damon_del_scheme(s);
···
835
832
src_goal->metric, src_goal->target_value);
836
833
if (!new_goal)
837
834
return -ENOMEM;
838
-
damos_commit_quota_goal_union(new_goal, src_goal);
835
+
damos_commit_quota_goal(new_goal, src_goal);
839
836
damos_add_quota_goal(dst, new_goal);
840
837
}
841
838
return 0;
···
1453
1450
INIT_LIST_HEAD(&control->list);
1454
1451
1455
1452
mutex_lock(&ctx->call_controls_lock);
1456
-
list_add_tail(&ctx->call_controls, &control->list);
1453
+
list_add_tail(&control->list, &ctx->call_controls);
1457
1454
mutex_unlock(&ctx->call_controls_lock);
1458
1455
if (!damon_is_running(ctx))
1459
1456
return -EINVAL;
+4
-3
mm/damon/sysfs.c
+4
-3
mm/damon/sysfs.c
···
1473
1473
if (IS_ERR(param_ctx))
1474
1474
return PTR_ERR(param_ctx);
1475
1475
test_ctx = damon_new_ctx();
1476
+
if (!test_ctx)
1477
+
return -ENOMEM;
1476
1478
err = damon_commit_ctx(test_ctx, param_ctx);
1477
-
if (err) {
1478
-
damon_destroy_ctx(test_ctx);
1479
+
if (err)
1479
1480
goto out;
1480
-
}
1481
1481
err = damon_commit_ctx(kdamond->damon_ctx, param_ctx);
1482
1482
out:
1483
+
damon_destroy_ctx(test_ctx);
1483
1484
damon_destroy_ctx(param_ctx);
1484
1485
return err;
1485
1486
}
+3
mm/huge_memory.c
+3
mm/huge_memory.c
···
4109
4109
if (khugepaged_max_ptes_none == HPAGE_PMD_NR - 1)
4110
4110
return false;
4111
4111
4112
+
if (folio_contain_hwpoisoned_page(folio))
4113
+
return false;
4114
+
4112
4115
for (i = 0; i < folio_nr_pages(folio); i++) {
4113
4116
if (pages_identical(folio_page(folio, i), ZERO_PAGE(0))) {
4114
4117
if (++num_zero_pages > khugepaged_max_ptes_none)
+2
-3
mm/hugetlb.c
+2
-3
mm/hugetlb.c
···
7614
7614
p4d_t *p4d = p4d_offset(pgd, addr);
7615
7615
pud_t *pud = pud_offset(p4d, addr);
7616
7616
7617
-
i_mmap_assert_write_locked(vma->vm_file->f_mapping);
7618
-
hugetlb_vma_assert_locked(vma);
7619
7617
if (sz != PMD_SIZE)
7620
7618
return 0;
7621
7619
if (!ptdesc_pmd_is_shared(virt_to_ptdesc(ptep)))
7622
7620
return 0;
7623
-
7621
+
i_mmap_assert_write_locked(vma->vm_file->f_mapping);
7622
+
hugetlb_vma_assert_locked(vma);
7624
7623
pud_clear(pud);
7625
7624
/*
7626
7625
* Once our caller drops the rmap lock, some other process might be
+2
-1
mm/migrate.c
+2
-1
mm/migrate.c
···
301
301
struct page *page = folio_page(folio, idx);
302
302
pte_t newpte;
303
303
304
-
if (PageCompound(page))
304
+
if (PageCompound(page) || PageHWPoison(page))
305
305
return false;
306
+
306
307
VM_BUG_ON_PAGE(!PageAnon(page), page);
307
308
VM_BUG_ON_PAGE(!PageLocked(page), page);
308
309
VM_BUG_ON_PAGE(pte_present(old_pte), page);
+6
-9
mm/mremap.c
+6
-9
mm/mremap.c
···
1237
1237
}
1238
1238
1239
1239
/*
1240
-
* Perform final tasks for MADV_DONTUNMAP operation, clearing mlock() and
1241
-
* account flags on remaining VMA by convention (it cannot be mlock()'d any
1242
-
* longer, as pages in range are no longer mapped), and removing anon_vma_chain
1243
-
* links from it (if the entire VMA was copied over).
1240
+
* Perform final tasks for MADV_DONTUNMAP operation, clearing mlock() flag on
1241
+
* remaining VMA by convention (it cannot be mlock()'d any longer, as pages in
1242
+
* range are no longer mapped), and removing anon_vma_chain links from it if the
1243
+
* entire VMA was copied over.
1244
1244
*/
1245
1245
static void dontunmap_complete(struct vma_remap_struct *vrm,
1246
1246
struct vm_area_struct *new_vma)
···
1250
1250
unsigned long old_start = vrm->vma->vm_start;
1251
1251
unsigned long old_end = vrm->vma->vm_end;
1252
1252
1253
-
/*
1254
-
* We always clear VM_LOCKED[ONFAULT] | VM_ACCOUNT on the old
1255
-
* vma.
1256
-
*/
1257
-
vm_flags_clear(vrm->vma, VM_LOCKED_MASK | VM_ACCOUNT);
1253
+
/* We always clear VM_LOCKED[ONFAULT] on the old VMA. */
1254
+
vm_flags_clear(vrm->vma, VM_LOCKED_MASK);
1258
1255
1259
1256
/*
1260
1257
* anon_vma links of the old vma is no longer needed after its page