Merge tag 'mm-hotfixes-stable-2026-04-06-15-27' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

+10

fs/ocfs2/inode.c

··· 1505 1505 goto bail; 1506 1506 } 1507 1507 1508 + if (le16_to_cpu(data->id_count) > 1509 + ocfs2_max_inline_data_with_xattr(sb, di)) { 1510 + rc = ocfs2_error(sb, 1511 + "Invalid dinode #%llu: inline data id_count %u exceeds max %d\n", 1512 + (unsigned long long)bh->b_blocknr, 1513 + le16_to_cpu(data->id_count), 1514 + ocfs2_max_inline_data_with_xattr(sb, di)); 1515 + goto bail; 1516 + } 1517 + 1508 1518 if (le64_to_cpu(di->i_size) > le16_to_cpu(data->id_count)) { 1509 1519 rc = ocfs2_error(sb, 1510 1520 "Invalid dinode #%llu: inline data i_size %llu exceeds id_count %u\n",

+7 -2

kernel/liveupdate/luo_session.c

··· 558 558 } 559 559 560 560 scoped_guard(mutex, &session->mutex) { 561 - luo_file_deserialize(&session->file_set, 562 - &sh->ser[i].file_set_ser); 561 + err = luo_file_deserialize(&session->file_set, 562 + &sh->ser[i].file_set_ser); 563 + } 564 + if (err) { 565 + pr_warn("Failed to deserialize files for session [%s] %pe\n", 566 + session->name, ERR_PTR(err)); 567 + return err; 563 568 } 564 569 } 565 570

+7

mm/damon/stat.c

··· 245 245 { 246 246 int err; 247 247 248 + if (damon_stat_context) { 249 + if (damon_is_running(damon_stat_context)) 250 + return -EAGAIN; 251 + damon_destroy_ctx(damon_stat_context); 252 + } 253 + 248 254 damon_stat_context = damon_stat_build_ctx(); 249 255 if (!damon_stat_context) 250 256 return -ENOMEM; ··· 267 261 { 268 262 damon_stop(&damon_stat_context, 1); 269 263 damon_destroy_ctx(damon_stat_context); 264 + damon_stat_context = NULL; 270 265 } 271 266 272 267 static int damon_stat_enabled_store(

+2 -1

mm/damon/sysfs.c

··· 1670 1670 repeat_call_control->data = kdamond; 1671 1671 repeat_call_control->repeat = true; 1672 1672 repeat_call_control->dealloc_on_cancel = true; 1673 - damon_call(ctx, repeat_call_control); 1673 + if (damon_call(ctx, repeat_call_control)) 1674 + kfree(repeat_call_control); 1674 1675 return err; 1675 1676 } 1676 1677

+8 -3

mm/filemap.c

··· 3883 3883 unsigned int nr_pages = 0, folio_type; 3884 3884 unsigned short mmap_miss = 0, mmap_miss_saved; 3885 3885 3886 + /* 3887 + * Recalculate end_pgoff based on file_end before calling 3888 + * next_uptodate_folio() to avoid races with concurrent 3889 + * truncation. 3890 + */ 3891 + file_end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE) - 1; 3892 + end_pgoff = min(end_pgoff, file_end); 3893 + 3886 3894 rcu_read_lock(); 3887 3895 folio = next_uptodate_folio(&xas, mapping, end_pgoff); 3888 3896 if (!folio) 3889 3897 goto out; 3890 - 3891 - file_end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE) - 1; 3892 - end_pgoff = min(end_pgoff, file_end); 3893 3898 3894 3899 /* 3895 3900 * Do not allow to map with PMD across i_size to preserve

+20

mm/memory_hotplug.c

··· 1209 1209 1210 1210 if (node_arg.nid >= 0) 1211 1211 node_set_state(nid, N_MEMORY); 1212 + /* 1213 + * Check whether we are adding normal memory to the node for the first 1214 + * time. 1215 + */ 1216 + if (!node_state(nid, N_NORMAL_MEMORY) && zone_idx(zone) <= ZONE_NORMAL) 1217 + node_set_state(nid, N_NORMAL_MEMORY); 1218 + 1212 1219 if (need_zonelists_rebuild) 1213 1220 build_all_zonelists(NULL); 1214 1221 ··· 1915 1908 unsigned long flags; 1916 1909 char *reason; 1917 1910 int ret; 1911 + unsigned long normal_pages = 0; 1912 + enum zone_type zt; 1918 1913 1919 1914 /* 1920 1915 * {on,off}lining is constrained to full memory sections (or more ··· 2064 2055 /* reinitialise watermarks and update pcp limits */ 2065 2056 init_per_zone_wmark_min(); 2066 2057 2058 + /* 2059 + * Check whether this operation removes the last normal memory from 2060 + * the node. We do this before clearing N_MEMORY to avoid the possible 2061 + * transient "!N_MEMORY && N_NORMAL_MEMORY" state. 2062 + */ 2063 + if (zone_idx(zone) <= ZONE_NORMAL) { 2064 + for (zt = 0; zt <= ZONE_NORMAL; zt++) 2065 + normal_pages += pgdat->node_zones[zt].present_pages; 2066 + if (!normal_pages) 2067 + node_clear_state(node, N_NORMAL_MEMORY); 2068 + } 2067 2069 /* 2068 2070 * Make sure to mark the node as memory-less before rebuilding the zone 2069 2071 * list. Otherwise this node would still appear in the fallback lists.

+21

mm/page-writeback.c

··· 1858 1858 break; 1859 1859 } 1860 1860 1861 + /* 1862 + * Unconditionally start background writeback if it's not 1863 + * already in progress. We need to do this because the global 1864 + * dirty threshold check above (nr_dirty > gdtc->bg_thresh) 1865 + * doesn't account for these cases: 1866 + * 1867 + * a) strictlimit BDIs: throttling is calculated using per-wb 1868 + * thresholds. The per-wb threshold can be exceeded even when 1869 + * nr_dirty < gdtc->bg_thresh 1870 + * 1871 + * b) memcg-based throttling: memcg uses its own dirty count and 1872 + * thresholds and can trigger throttling even when global 1873 + * nr_dirty < gdtc->bg_thresh 1874 + * 1875 + * Writeback needs to be started else the writer stalls in the 1876 + * throttle loop waiting for dirty pages to be written back 1877 + * while no writeback is running. 1878 + */ 1879 + if (unlikely(!writeback_in_progress(wb))) 1880 + wb_start_background_writeback(wb); 1881 + 1861 1882 mem_cgroup_flush_foreign(wb); 1862 1883 1863 1884 /*

+7

mm/vma.c

··· 2781 2781 if (map.charged) 2782 2782 vm_unacct_memory(map.charged); 2783 2783 abort_munmap: 2784 + /* 2785 + * This indicates that .mmap_prepare has set a new file, differing from 2786 + * desc->vm_file. But since we're aborting the operation, only the 2787 + * original file will be cleaned up. Ensure we clean up both. 2788 + */ 2789 + if (map.file_doesnt_need_get) 2790 + fput(map.file); 2784 2791 vms_abort_munmap_vmas(&map.vms, &map.mas_detach); 2785 2792 return error; 2786 2793 }

Configure Feed

Configure Feed