averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-06-21 15:43:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0ca59beb5252ea2bd4fdaef009d003dedc2030e
linux-stable-mirror/mm
T
History
Muchun Song c0ca59beb5 mm/cma_debug: fix invalid accesses for inactive CMA areas 
cma_activate_area() can fail after allocating range bitmaps.  Its cleanup
path frees those bitmaps, but only clears cma->count and
cma->available_count.  It leaves cma->nranges and each range's count in
place, so cma_debugfs_init() can still register debugfs files for an area
that never activated successfully.

That exposes two problems.  Reading the bitmap file can make debugfs walk
a freed range bitmap and trigger an invalid memory access.  Reading
maxchunk can also take cma->lock even though that lock is initialized only
on the successful activation path.

Fix this by creating debugfs entries only for CMA areas that reached
CMA_ACTIVATED.

c009da4258 introduced the invalid access to bitmap file.  2e32b94760
introduced the invalid access to cma->lock.  This change applies to both
issues.  So I added two Fixes tags.

Link: https://lore.kernel.org/20260520061025.3971821-1-songmuchun@bytedance.com
Fixes: c009da4258 ("mm, cma: support multiple contiguous ranges, if requested")
Fixes: 2e32b94760 ("mm: cma: add functions to get region pages counters")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Acked-by: Oscar Salvador (SUSE) <osalvador@kernel.org>
Acked-by: David Hildenbrand (Arm) <david@kernel.org>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: Frank van der Linden <fvdl@google.com>
Cc: Liam R. Howlett <liam@infradead.org>
Cc: Lorenzo Stoakes <ljs@kernel.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Michal Nazarewicz <mina86@mina86.com>
Cc: Stefan Strogin <stefan.strogin@gmail.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Vlastimil Babka <vbabka@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2026-05-28 20:50:33 -07:00
..
damon
mm/damon/sysfs-schemes: delete tried region in regions_rmdirs()
2026-05-21 19:06:12 -07:00
kasan
kasan: fix bug type classification for SW_TAGS mode
2026-04-05 13:53:18 -07:00
kfence
Merge tag 'memblock-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock
2026-04-18 11:29:14 -07:00
kmsan
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
tests
sparc/mm: export symbols for lazy_mmu_mode KUnit tests
2026-01-31 14:22:40 -08:00
backing-dev.c
mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
2026-04-18 23:24:27 -07:00
balloon.c
mm: rename CONFIG_BALLOON_COMPACTION to CONFIG_BALLOON_MIGRATION
2026-01-31 14:22:36 -08:00
bootmem_info.c
mm/bootmem_info: avoid using sparse_decode_mem_map()
2026-04-05 13:53:32 -07:00
bpf_memcontrol.c
bpf: Revert "bpf: drop KF_ACQUIRE flag on BPF kfunc bpf_get_root_mem_cgroup()"
2026-01-21 09:38:16 -08:00
cma_debug.c
mm/cma_debug: fix invalid accesses for inactive CMA areas
2026-05-28 20:50:33 -07:00
cma_sysfs.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
cma.c
Merge tag 'dma-mapping-7.1-2026-04-16' of git://git.kernel.org/pub/scm/linux/kernel/git/mszyprowski/linux
2026-04-17 11:12:42 -07:00
cma.h
compaction.c
mm: memcontrol: prepare for reparenting LRU pages for lruvec lock
2026-04-18 00:10:46 -07:00
debug_page_alloc.c
debug_page_ref.c
debug_vm_pgtable.c
mm/debug_vm_pgtable: replace WRITE_ONCE() with pxd_clear()
2026-04-05 13:53:11 -07:00
debug.c
mm: constify __dump_folio() arguments
2025-11-20 13:43:57 -08:00
dmapool_test.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
dmapool.c
early_ioremap.c
mm/early_ioremap: clean up the use of WARN() for debugging
2026-01-26 20:02:26 -08:00
execmem.c
mm/execmem: make the populate and alloc atomic
2026-04-05 13:53:34 -07:00
fadvise.c
mm/fadvise: validate offset in generic_fadvise
2026-04-05 13:52:53 -07:00
fail_page_alloc.c
failslab.c
filemap.c
Merge tag 'mm-hotfixes-stable-2026-04-19-00-14' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-19 14:45:37 -07:00
folio-compat.c
mm: add SPDX id lines to some mm source files
2026-02-06 15:47:16 -08:00
gup_test.c
mm: add SPDX id lines to some mm source files
2026-02-06 15:47:16 -08:00
gup_test.h
gup.c
folio_batch: rename pagevec.h to folio_batch.h
2026-04-05 13:53:07 -07:00
highmem.c
mm/highmem: fix __kmap_to_page() build error
2026-01-31 14:22:38 -08:00
hmm.c
mm/hmm: Indicate that HMM requires DMA coherency
2026-03-20 12:05:56 +01:00
huge_memory.c
mm: thp: prevent memory cgroup release in folio_split_queue_lock{_irqsave}()
2026-04-18 00:10:46 -07:00
hugetlb_cgroup.c
Convert 'alloc_flex' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
hugetlb_cma.c
mm/hugetlb_cma: round up per_node before logging it
2026-04-27 05:54:24 -07:00
hugetlb_cma.h
mm: hugetlb: allocate frozen pages for gigantic allocation
2026-01-26 20:02:28 -08:00
hugetlb_internal.h
mm/hugetlb: extract sysctl into hugetlb_sysctl.c
2025-11-20 13:43:57 -08:00
hugetlb_sysctl.c
mm, hugetlb: implement movable_gigantic_pages sysctl
2026-01-20 19:24:50 -08:00
hugetlb_sysfs.c
mm/hugetlb: extract sysfs into hugetlb_sysfs.c
2025-11-20 13:43:57 -08:00
hugetlb_vmemmap.c
mm/hugetlb: remove hugetlb_optimize_vmemmap_key static key
2026-04-05 13:53:09 -07:00
hugetlb_vmemmap.h
hugetlb.c
mm/hugetlb: avoid false positive lockdep assertion
2026-05-28 20:50:33 -07:00
hwpoison-inject.c
mm/hwpoison: decouple hwpoison_filter from mm/memory-failure.c
2025-09-21 14:22:21 -07:00
init-mm.c
mm: rename cpu_bitmap field to flexible_array
2026-01-19 12:30:00 -08:00
internal.h
Merge tag 'mm-hotfixes-stable-2026-04-19-00-14' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-19 14:45:37 -07:00
interval_tree.c
mm/memory: simplify calculation in unmap_mapping_range_tree()
2026-04-05 13:53:13 -07:00
ioremap.c
Kconfig
Merge tag 'uml-for-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux
2026-04-20 16:36:46 -07:00
Kconfig.debug
mm: kmemleak: add CONFIG_DEBUG_KMEMLEAK_VERBOSE build option
2026-04-18 00:10:48 -07:00
khugepaged.c
mm/khugepaged: fix issue with tracking lock
2026-04-05 13:53:47 -07:00
kmemleak.c
mm: kmemleak: add CONFIG_DEBUG_KMEMLEAK_VERBOSE build option
2026-04-18 00:10:48 -07:00
ksm.c
mm: convert do_brk_flags() to use vma_flags_t
2026-04-05 13:53:40 -07:00
list_lru.c
ttm/pool: port to list_lru. (v2)
2026-04-08 06:52:47 +10:00
maccess.c
madvise.c
mm/vma: convert vma_modify_flags[_uffd]() to use vma_flags_t
2026-04-05 13:53:41 -07:00
Makefile
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
mapping_dirty_helpers.c
mm/dirty: replace READ_ONCE() with pudp_get()
2025-11-16 17:27:58 -08:00
memblock.c
Merge tag 'mm-stable-2026-04-18-02-14' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-19 08:01:17 -07:00
memcontrol-v1.c
mm: memcontrol: eliminate the problem of dying memory cgroup for LRU folios
2026-04-18 00:10:47 -07:00
memcontrol-v1.h
mm: memcontrol: prepare for reparenting non-hierarchical stats
2026-04-18 00:10:47 -07:00
memcontrol.c
memcg: use round-robin victim selection in refill_stock
2026-05-28 20:50:33 -07:00
memfd_luo.c
mm/memfd_luo: document preservation of file seals
2026-05-04 14:03:16 +00:00
memfd.c
memfd: deny writeable mappings when implying SEAL_WRITE
2026-05-21 19:06:11 -07:00
memory_hotplug.c
mm/memory_hotplug: fix memory block reference leak on remove
2026-05-13 17:40:03 -07:00
memory-failure.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
memory-tiers.c
mm: introduce CONFIG_NUMA_MIGRATION and simplify CONFIG_MIGRATION
2026-04-05 13:53:33 -07:00
memory.c
mm/memory: fix spurious warning when unmapping device-private/exclusive pages
2026-05-13 17:40:03 -07:00
mempolicy.c
Merge tag 'mm-hotfixes-stable-2026-04-19-00-14' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-19 14:45:37 -07:00
mempool.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
memremap.c
mm/zone_device: do not touch device folio after calling ->folio_free()
2026-04-18 23:24:27 -07:00
memtest.c
mm/memtest: add underflow detection for size calculation
2026-01-09 11:53:51 +02:00
migrate_device.c
mm/migrate_device: fix pgtable leak in migrate_vma_insert_huge_pmd_page
2026-05-21 19:06:13 -07:00
migrate.c
mm: migrate: prevent memory cgroup release in folio_migrate_mapping()
2026-04-18 00:10:45 -07:00
mincore.c
mm: replace remaining pte_to_swp_entry() with softleaf_from_pte()
2025-11-24 15:08:52 -08:00
mlock.c
mm: rename unlock_page_lruvec_irq and its variants
2026-04-18 00:10:44 -07:00
mm_init.c
Merge tag 'memblock-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock
2026-04-18 11:29:14 -07:00
mm_slot.h
mmap_lock.c
mm/vma: improve and document __is_vma_write_locked()
2026-01-31 14:22:51 -08:00
mmap.c
mm: convert do_brk_flags() to use vma_flags_t
2026-04-05 13:53:40 -07:00
mmu_gather.c
mm/mmu_gather: replace IPI with synchronize_rcu() when batch allocation fails
2026-04-05 13:53:05 -07:00
mmu_notifier.c
Merge tag 'mm-stable-2026-04-13-21-45' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-15 12:59:16 -07:00
mmzone.c
mm: introduce memdesc_flags_t
2025-09-13 16:55:07 -07:00
mprotect.c
mm/mprotect: special-case small folios when applying permissions
2026-04-18 00:10:55 -07:00
mremap.c
mm: convert do_brk_flags() to use vma_flags_t
2026-04-05 13:53:40 -07:00
mseal.c
mm/vma: convert vma_modify_flags[_uffd]() to use vma_flags_t
2026-04-05 13:53:41 -07:00
msync.c
nommu.c
mm: abstract reading sysctl_max_map_count, and READ_ONCE()
2026-04-05 13:53:28 -07:00
numa_emulation.c
numa_memblks.c
Merge tag 'fixes-2026-02-21' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock
2026-02-21 09:58:22 -08:00
numa.c
oom_kill.c
mm/oom_kill.c: simpilfy rcu call with guard(rcu)
2026-04-05 13:53:17 -07:00
page_alloc.c
Revert "mm: introduce a new page type for page pool in page type"
2026-05-21 19:06:13 -07:00
page_counter.c
page_ext.c
mm/page_ext: Add page_ext_get_from_phys()
2026-01-21 12:51:48 +01:00
page_frag_cache.c
page_idle.c
mm/page_idle.c: remove redundant mmu notifier in aging code
2026-04-05 13:53:02 -07:00
page_io.c
mm/page_io: use sio->len for PSWPIN accounting in sio_read_complete()
2026-04-18 00:10:55 -07:00
page_isolation.c
mm: page_isolation: introduce page_is_unmovable()
2026-01-31 14:22:42 -08:00
page_owner.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
page_poison.c
page_reporting.c
mm/page_reporting: change page_reporting_order to PAGE_REPORTING_ORDER_UNSPECIFIED
2026-04-05 13:53:17 -07:00
page_reporting.h
page_table_check.c
mm/page_table_check: Pass mm_struct to pxx_user_accessible_page()
2026-03-13 00:07:47 +01:00
page_vma_mapped.c
mm: centralize+fix comments about compound_mapcount() in new sync_with_folio_pmd_zap()
2026-04-05 13:53:03 -07:00
page-writeback.c
mm: start background writeback based on per-wb threshold for strictlimit BDIs
2026-04-27 05:54:24 -07:00
pagewalk.c
mm/pagewalk: fix race between concurrent split and refault
2026-04-05 13:53:37 -07:00
percpu-internal.h
percpu-km.c
mm/mm/percpu-km: drop nth_page() usage within single allocation
2025-09-21 14:22:04 -07:00
percpu-stats.c
percpu-vm.c
kmsan: remove hard-coded GFP_KERNEL flags
2025-11-16 17:27:54 -08:00
percpu.c
mm: memcontrol: return root object cgroup for root memory cgroup
2026-04-18 00:10:44 -07:00
pgalloc-track.h
pgtable-generic.c
mm: change to return bool for pmdp_clear_flush_young()
2026-04-05 13:53:35 -07:00
process_vm_access.c
ptdump.c
mm/ptdump: replace READ_ONCE() with standard page table accessors
2025-11-16 17:27:52 -08:00
readahead.c
Merge tag 'mm-stable-2026-02-11-19-22' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 11:32:37 -08:00
rmap.c
mm/rmap: initialize nr_pages to 1 at loop start in try_to_unmap_one
2026-05-21 19:06:12 -07:00
rodata_test.c
secretmem.c
mm: rename VMA flag helpers to be more readable
2026-04-05 13:53:18 -07:00
shmem_quota.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
shmem.c
Merge tag 'mm-stable-2026-04-18-02-14' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-19 08:01:17 -07:00
show_mem.c
mm: add gpu active/reclaim per-node stat counters (v2)
2026-04-08 06:52:47 +10:00
shrinker_debug.c
memcg: rename mem_cgroup_ino() to mem_cgroup_id()
2026-01-26 20:02:25 -08:00
shrinker.c
mm: memcontrol: remove dead code of checking parent memory cgroup
2026-04-18 00:10:44 -07:00
shuffle.c
shuffle.h
slab_common.c
mm/slub: hold cpus_read_lock around flush_rcu_sheaves_on_cache()
2026-05-14 14:56:58 +02:00
slab.h
Merge tag 'mm-stable-2026-04-13-21-45' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-15 12:59:16 -07:00
slub.c
Merge tag 'slab-for-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab
2026-05-22 06:23:56 -07:00
sparse-vmemmap.c
mm: mark early-init static variables with __meminitdata
2026-04-05 13:53:34 -07:00
sparse.c
mm/sparse: fix preinited section_mem_map clobbering on failure path
2026-04-18 00:10:52 -07:00
swap_cgroup.c
swap_state.c
mm/swap: fix swap cache memcg accounting
2026-04-05 13:53:37 -07:00
swap_table.h
mm, swap: use the swap table to track the swap count
2026-04-05 13:52:59 -07:00
swap.c
mm: vmscan: prepare for reparenting traditional LRU folios
2026-04-18 00:10:46 -07:00
swap.h
mm, swap: no need to clear the shadow explicitly
2026-04-05 13:52:59 -07:00
swapfile.c
Merge tag 'mm-stable-2026-04-13-21-45' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-15 12:59:16 -07:00
truncate.c
Merge tag 'mm-hotfixes-stable-2026-04-19-00-14' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-19 14:45:37 -07:00
usercopy.c
usercopy: Remove folio references from check_heap_object()
2025-11-13 11:01:08 +01:00
userfaultfd.c
mm/userfaultfd: detect VMA type change after copy retry in mfill_copy_folio_retry()
2026-04-27 05:54:27 -07:00
util.c
mm/vma: do not try to unmap a VMA if mmap_prepare() invoked from mmap()
2026-04-27 05:54:24 -07:00
vma_exec.c
mm: convert do_brk_flags() to use vma_flags_t
2026-04-05 13:53:40 -07:00
vma_init.c
Merge tag 'mm-stable-2025-10-01-19-00' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-10-02 18:18:33 -07:00
vma_internal.h
mm: relocate the page table ceiling and floor definitions
2026-02-12 15:42:53 -08:00
vma.c
mm/vma: do not try to unmap a VMA if mmap_prepare() invoked from mmap()
2026-04-27 05:54:24 -07:00
vma.h
mm: allow handling of stacked mmap_prepare hooks in more drivers
2026-04-05 13:53:44 -07:00
vmalloc.c
mm/vmalloc: do not trigger BUG() on BH disabled context
2026-05-21 19:06:13 -07:00
vmpressure.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
vmscan.c
mm/vmscan: avoid false-positive -Wuninitialized warning
2026-04-18 00:10:56 -07:00
vmstat.c
Merge tag 'mm-stable-2026-04-18-02-14' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-19 08:01:17 -07:00
workingset.c
mm: workingset: use lruvec_lru_size() to get the number of lru pages
2026-04-18 00:10:47 -07:00
zpdesc.h
mm: zpdesc: minor naming and comment corrections
2025-09-21 14:21:59 -07:00
zsmalloc.c
mm/zsmalloc: copy KMSAN metadata in zs_page_migrate()
2026-04-05 13:53:34 -07:00
zswap.c
mm: zswap: tie per-CPU acomp_ctx lifetime to the pool
2026-04-18 00:10:50 -07:00