From nobody Sun Feb  8 05:23:15 2026
Received: from smtpout.efficios.com (smtpout.efficios.com [158.69.130.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C295D2765ED;
	Sun, 21 Dec 2025 23:29:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=158.69.130.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1766359794; cv=none;
 b=TMkIAX9NnGGKjid+hdEpnpP50A85ydKkhaluROJwSkrccso7RIYEwBmyHfN9s3zqnTOFSdFkAAYuYc37kp+vjns/8eihm2deDDnQh2kMSBbMYQ3lDaINaQk8kAQ5g/iGaxxtqQwYT3kPE/ozF9QzE7ACuhFxu2HeN8Kai+RVuNo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1766359794; c=relaxed/simple;
	bh=Ogk/dngzVOmKb1C80LeAS2BE01H8MPAYx/arFDCFiok=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=AW3UNh9FfB1+IDi9Lhg1jRRd9MFDnTAx/tjXW7CJoVvC9pH7mhwQwqtROJEjJKCxuk5BuPkhaKWHfs7BCRowl1/O/2NjWJ1Qp8XL9RCmXivnREK0vlMzHiTqEuh1UT5skQqqOiVeAWo1gDfkSJLi0Y71oo+H9D9D08C45uZuGK0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com;
 spf=pass smtp.mailfrom=efficios.com;
 dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b=YNn1W6LL; arc=none smtp.client-ip=158.69.130.18
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b="YNn1W6LL"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com;
	s=smtpout1; t=1766359786;
	bh=Mq4W7sDg/Agh00nn/sSC9HgKzw4XSoLV+yJE0vShXuM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=YNn1W6LLVQr7r81fgVrE3iNKt1NbFU1kaCmp41f1sr3h67Na+MJcI6xiUNS/yf9zp
	 VkeHEXt1ZmtVZVS2CEuqTCeQH48lrGG8jrtI8lnMVc20Co8UZho3SC4D373TD/SJrX
	 A/fasWo/5zs6dywhjCNWiinaPJKgo59T75k91mbbLOfwb/xcnDeF3R0G+AtwX8c9qY
	 02HNkcn5w0M++hHJLUyABFY0rNbaqp+c0jXbKUANKkMPg+58+jQwIG7kAy603gQg8Z
	 CdRlGvUD2nW9jaO4APDzwk68vlYWVextGyqAZD/yG8PR5lRk8Bz5eB6n8hDE8tHr1n
	 4sgCmvYJbvonA==
Received: from thinkos.internal.efficios.com (unknown
 [IPv6:2606:6d00:100:4000:6450:b8a1:16cf:5ecf])
	by smtpout.efficios.com (Postfix) with ESMTPSA id 4dZHYQ0bfbzd8N;
	Sun, 21 Dec 2025 18:29:46 -0500 (EST)
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Mark Brown <broonie@kernel.org>,
	linux-mm@kvack.org,
	Thomas Gleixner <tglx@linutronix.de>,
	stable@vger.kernel.org
Subject: [PATCH v1 1/5] mm: Add missing static initializer for
 init_mm::mm_cid.lock
Date: Sun, 21 Dec 2025 18:29:22 -0500
Message-Id: <20251221232926.450602-2-mathieu.desnoyers@efficios.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
References: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Initialize the mm_cid.lock struct member of init_mm.

Fixes: 8cea569ca785 ("sched/mmcid: Use proper data structures")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Cc: linux-mm@kvack.org
---
 mm/init-mm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mm/init-mm.c b/mm/init-mm.c
index 4600e7605cab..a514f8ce47e3 100644
--- a/mm/init-mm.c
+++ b/mm/init-mm.c
@@ -44,6 +44,9 @@ struct mm_struct init_mm =3D {
 	.mm_lock_seq	=3D SEQCNT_ZERO(init_mm.mm_lock_seq),
 #endif
 	.user_ns	=3D &init_user_ns,
+#ifdef CONFIG_SCHED_MM_CID
+	.mm_cid.lock =3D __RAW_SPIN_LOCK_UNLOCKED(init_mm.mm_cid.lock),
+#endif
 	.cpu_bitmap	=3D CPU_BITS_NONE,
 	INIT_MM_CONTEXT(init_mm)
 };
--=20
2.39.5
From nobody Sun Feb  8 05:23:15 2026
Received: from smtpout.efficios.com (smtpout.efficios.com [158.69.130.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE614262FFF
	for <linux-kernel@vger.kernel.org>; Sun, 21 Dec 2025 23:29:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=158.69.130.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1766359794; cv=none;
 b=ZKFmHu2J5xRpyNE73ymkT7xyg7S1LeKOxZZXP9Byal9KShzFfF73uJfdCOrJ3lxvNV7HeXAMblyyHNEnY4idx12HZA0kVBJIoWETkSdXm+h8SiyDfW1fjorybyEbjk+/9xwL4XGqdY3yhAkqpB4NavVqkJqNtV5gaUHFMv/M9vw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1766359794; c=relaxed/simple;
	bh=97Bba2IVpIiZDuW5qVn6n2hCZ28cMWY6G+U8FCejAAY=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=DJOQMEIf+Z9Nq+fDEnqgQ99aao2VeLfwqZzdwIioEi+1Clen60Db4fSm0nW6oVkYzKwWKTuUMEaAU9F9N/se80xz7Ru4PVppltjhOYIFtGVP1pVqOZH4Nhnd2sDU1XboQhlvTkGoVETpCudtFrYHQuDo2LIQEe+wdsVVWaPPH4Q=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com;
 spf=pass smtp.mailfrom=efficios.com;
 dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b=cnc5f6qK; arc=none smtp.client-ip=158.69.130.18
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b="cnc5f6qK"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com;
	s=smtpout1; t=1766359786;
	bh=bggeet/K7f/LykaY9i5CXV4NsffNnOWo1S/CrVN1N6M=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=cnc5f6qKjNWTp5CYe3FtMEqXjaEtwaL5KnWMM06i0PVH+WPEPspj9cYDBTvZjbAPl
	 LzhO4ykoMqjew6uDzSWYAvjT8sxTLGeysoAT8/VuHK8OtbbJhFcglGCLLqg6OM/ZkN
	 tvdwIJRnC5/3tsUuE7EGMICCVIIMcQ9G/qN7IPcE3YGzNsCiCPLx2qF4E8Udx0p2A+
	 PweF6eTwZbqfCL1RTbXB3X3iGZMNYbMtwpkC5bWW1IvClcXM2Hm6U9NyHK/jREt4e+
	 up7IXK3+ZoobM0LaQmmelFCWFxr5h46TnAOOrWVS5lDZTwNHt8mgMKVRphjb1MvLTe
	 JYWkOBKaZF2aA==
Received: from thinkos.internal.efficios.com (unknown
 [IPv6:2606:6d00:100:4000:6450:b8a1:16cf:5ecf])
	by smtpout.efficios.com (Postfix) with ESMTPSA id 4dZHYQ1VJHzdCd;
	Sun, 21 Dec 2025 18:29:46 -0500 (EST)
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Mark Brown <broonie@kernel.org>,
	linux-mm@kvack.org
Subject: [PATCH v1 2/5] mm: Rename cpu_bitmap field to flexible_array
Date: Sun, 21 Dec 2025 18:29:23 -0500
Message-Id: <20251221232926.450602-3-mathieu.desnoyers@efficios.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
References: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The cpu_bitmap flexible array now contains more than just the
cpu_bitmap. In preparation for changing the static mm_struct
definitions to cover for the additional space required, change the
cpu_bitmap type from "unsigned long" to "char", require an unsigned long
alignment of the flexible array, and rename the field from "cpu_bitmap"
to "flexible_array".

Introduce the MM_STRUCT_FLEXIBLE_ARRAY_INIT macro to statically
initialize the flexible array. This covers the init_mm and efi_mm
static definitions.

This is a preparation step for fixing the missing mm_cid size for static
mm_struct definitions.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Brown <broonie@kernel.org>
Cc: linux-mm@kvack.org
---
 drivers/firmware/efi/efi.c |  2 +-
 include/linux/mm.h         |  2 +-
 include/linux/mm_types.h   | 13 +++++++++----
 mm/init-mm.c               |  2 +-
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index a9070d00b833..3f5c2ae50024 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -73,10 +73,10 @@ struct mm_struct efi_mm =3D {
 	MMAP_LOCK_INITIALIZER(efi_mm)
 	.page_table_lock	=3D __SPIN_LOCK_UNLOCKED(efi_mm.page_table_lock),
 	.mmlist			=3D LIST_HEAD_INIT(efi_mm.mmlist),
-	.cpu_bitmap		=3D { [BITS_TO_LONGS(NR_CPUS)] =3D 0},
 #ifdef CONFIG_SCHED_MM_CID
 	.mm_cid.lock		=3D __RAW_SPIN_LOCK_UNLOCKED(efi_mm.mm_cid.lock),
 #endif
+	.flexible_array		=3D MM_STRUCT_FLEXIBLE_ARRAY_INIT,
 };
=20
 struct workqueue_struct *efi_rts_wq;
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 890dab720f75..8d9e3239d2cc 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -2853,7 +2853,7 @@ static inline struct percpu_counter_tree_level_item *=
get_rss_stat_items(struct m
 {
 	unsigned long ptr =3D (unsigned long)mm;
=20
-	ptr +=3D offsetof(struct mm_struct, cpu_bitmap);
+	ptr +=3D offsetof(struct mm_struct, flexible_array);
 	/* Skip cpu_bitmap */
 	ptr +=3D cpumask_size();
 	/* Skip mm_cidmask */
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index a6287d07efb7..1531df8cda52 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -1329,7 +1329,7 @@ struct mm_struct {
 	 * The mm_cpumask needs to be at the end of mm_struct, because it
 	 * is dynamically sized based on nr_cpu_ids.
 	 */
-	unsigned long cpu_bitmap[];
+	char flexible_array[] __aligned(__alignof__(unsigned long));
 };
=20
 /* Copy value to the first system word of mm flags, non-atomically. */
@@ -1366,19 +1366,24 @@ static inline void __mm_flags_set_mask_bits_word(st=
ruct mm_struct *mm,
 			 MT_FLAGS_USE_RCU)
 extern struct mm_struct init_mm;
=20
+#define MM_STRUCT_FLEXIBLE_ARRAY_INIT				\
+{								\
+	[0 ... sizeof(cpumask_t)-1] =3D 0				\
+}
+
 /* Pointer magic because the dynamic array size confuses some compilers. */
 static inline void mm_init_cpumask(struct mm_struct *mm)
 {
 	unsigned long cpu_bitmap =3D (unsigned long)mm;
=20
-	cpu_bitmap +=3D offsetof(struct mm_struct, cpu_bitmap);
+	cpu_bitmap +=3D offsetof(struct mm_struct, flexible_array);
 	cpumask_clear((struct cpumask *)cpu_bitmap);
 }
=20
 /* Future-safe accessor for struct mm_struct's cpu_vm_mask. */
 static inline cpumask_t *mm_cpumask(struct mm_struct *mm)
 {
-	return (struct cpumask *)&mm->cpu_bitmap;
+	return (struct cpumask *)&mm->flexible_array;
 }
=20
 #ifdef CONFIG_LRU_GEN
@@ -1469,7 +1474,7 @@ static inline cpumask_t *mm_cpus_allowed(struct mm_st=
ruct *mm)
 {
 	unsigned long bitmap =3D (unsigned long)mm;
=20
-	bitmap +=3D offsetof(struct mm_struct, cpu_bitmap);
+	bitmap +=3D offsetof(struct mm_struct, flexible_array);
 	/* Skip cpu_bitmap */
 	bitmap +=3D cpumask_size();
 	return (struct cpumask *)bitmap;
diff --git a/mm/init-mm.c b/mm/init-mm.c
index a514f8ce47e3..c5556bb9d5f0 100644
--- a/mm/init-mm.c
+++ b/mm/init-mm.c
@@ -47,7 +47,7 @@ struct mm_struct init_mm =3D {
 #ifdef CONFIG_SCHED_MM_CID
 	.mm_cid.lock =3D __RAW_SPIN_LOCK_UNLOCKED(init_mm.mm_cid.lock),
 #endif
-	.cpu_bitmap	=3D CPU_BITS_NONE,
+	.flexible_array	=3D MM_STRUCT_FLEXIBLE_ARRAY_INIT,
 	INIT_MM_CONTEXT(init_mm)
 };
=20
--=20
2.39.5
From nobody Sun Feb  8 05:23:15 2026
Received: from smtpout.efficios.com (smtpout.efficios.com [158.69.130.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BFD38274B59;
	Sun, 21 Dec 2025 23:29:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=158.69.130.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1766359794; cv=none;
 b=catG8duNQ/MleOD6luOLRhJ+fsMRAm49QhDd9nXWzGy964gQiJ7JGYgWhBIIMKhXU7I33Qcx7ptmhGWxmX5KR6pWjL1kNrWrWj9TGf3VStMmwWv/qqP5KKvP8TyMWEEKZVoMyhw+eQkrNYtqePNzllnNTWHH50x21pWW5VEEhW8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1766359794; c=relaxed/simple;
	bh=Qu/8yBXNwPGMsne8fZEEcokOzBlM9xcKPglJ5w2Mfm8=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=NRyvwpvfFCz0LYYlt4UhGaGC/zYvslpVSiC+8n/APKJNYJbaG94jTf5bi86tR6N6hFKwRlgYSAZtSBbfcmdvrrTTDXFATvdExuz6DGJ6b6INqICZX65vxMZzUoZNaRrFS8mplIx8CRG8pkq4UdK4prtrL3z5bPm4HkhNXFK0hTc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com;
 spf=pass smtp.mailfrom=efficios.com;
 dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b=BDynJwA1; arc=none smtp.client-ip=158.69.130.18
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b="BDynJwA1"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com;
	s=smtpout1; t=1766359786;
	bh=BwRzldu+F4s2f+1UG2tsdvjihgMmQTawixFjZ+I2lJY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=BDynJwA1o3ZkMUeveOgh/2mXgYNsnF7uNZY8CLwxVzfhteYUMZoapgvSgZ0Kh42Vg
	 mgTr5QfA/KJ8+E6xtp387SpJ+iazYrgmw89GHzNJ8w6vjRahtEJNI3HHzMYKgVkglE
	 gJOxN1R2zDSTgte0OaARVZCfKcdAwQYMAF3gkaY7gjiBZHdSE/VAcg1xjztTSuuzen
	 tIE/eOp9HEujiaosjuoYtZc6a9b1S4chzDKhNHwmWNXWNPwVKKuahiIL/NXW476z1W
	 0580dy9d++YNzEfeJtwMzM4zVjh3GvKWLiKuK1kd0ncVpBHiKhYl7YzGqL2Gv4RjzH
	 JDYiy0VryddCg==
Received: from thinkos.internal.efficios.com (unknown
 [IPv6:2606:6d00:100:4000:6450:b8a1:16cf:5ecf])
	by smtpout.efficios.com (Postfix) with ESMTPSA id 4dZHYQ2Lrjzd8P;
	Sun, 21 Dec 2025 18:29:46 -0500 (EST)
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Mark Brown <broonie@kernel.org>,
	linux-mm@kvack.org,
	Thomas Gleixner <tglx@linutronix.de>,
	stable@vger.kernel.org
Subject: [PATCH v1 3/5] mm: Take into account mm_cid size for mm_struct static
 definitions
Date: Sun, 21 Dec 2025 18:29:24 -0500
Message-Id: <20251221232926.450602-4-mathieu.desnoyers@efficios.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
References: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Both init_mm and efi_mm static definitions need to make room for the
2 mm_cid cpumasks.

This fixes possible out-of-bounds accesses to init_mm and efi_mm.

Fixes: af7f588d8f73 ("sched: Introduce per-memory-map concurrency ID")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Cc: linux-mm@kvack.org
---
 include/linux/mm_types.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index 1531df8cda52..aefa64db3499 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -1368,7 +1368,7 @@ extern struct mm_struct init_mm;
=20
 #define MM_STRUCT_FLEXIBLE_ARRAY_INIT				\
 {								\
-	[0 ... sizeof(cpumask_t)-1] =3D 0				\
+	[0 ... sizeof(cpumask_t) + MM_CID_STATIC_SIZE - 1] =3D 0	\
 }
=20
 /* Pointer magic because the dynamic array size confuses some compilers. */
@@ -1500,7 +1500,7 @@ static inline int mm_alloc_cid_noprof(struct mm_struc=
t *mm, struct task_struct *
 	mm_init_cid(mm, p);
 	return 0;
 }
-#define mm_alloc_cid(...)	alloc_hooks(mm_alloc_cid_noprof(__VA_ARGS__))
+# define mm_alloc_cid(...)	alloc_hooks(mm_alloc_cid_noprof(__VA_ARGS__))
=20
 static inline void mm_destroy_cid(struct mm_struct *mm)
 {
@@ -1514,6 +1514,8 @@ static inline unsigned int mm_cid_size(void)
 	return cpumask_size() + bitmap_size(num_possible_cpus());
 }
=20
+/* Use NR_CPUS as worse case for static allocation. */
+# define MM_CID_STATIC_SIZE	(2 * sizeof(cpumask_t))
 #else /* CONFIG_SCHED_MM_CID */
 static inline void mm_init_cid(struct mm_struct *mm, struct task_struct *p=
) { }
 static inline int mm_alloc_cid(struct mm_struct *mm, struct task_struct *p=
) { return 0; }
@@ -1522,6 +1524,7 @@ static inline unsigned int mm_cid_size(void)
 {
 	return 0;
 }
+# define MM_CID_STATIC_SIZE	0
 #endif /* CONFIG_SCHED_MM_CID */
=20
 struct mmu_gather;
--=20
2.39.5
From nobody Sun Feb  8 05:23:15 2026
Received: from smtpout.efficios.com (smtpout.efficios.com [158.69.130.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C13DA274FD0
	for <linux-kernel@vger.kernel.org>; Sun, 21 Dec 2025 23:29:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=158.69.130.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1766359795; cv=none;
 b=kuZInmiMpVx7UUBai6Se4WDPjqtw7ymMvY1p9AcTsjYqdWJtxb81kfe72+hSTxO9w+Nxf2nGUpqwnM4zoHk0cXUZ4sC8PTeo2qw8qqW9E5lyI5YHJfI3PvaOHXlbWCgJLINpptGvW3rVqvQ69EoYjex7Uk8nFiROCej7c3684QI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1766359795; c=relaxed/simple;
	bh=jsRL1lzCYtFAABNL7DZrYU73lahEQRMvKPD5KlQgUR4=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=PCM6QiDZKQUBE7J5tabhlu2zsnQ/WbCvO5ucE+nwH1piDZ1Iq9vRIKUC9mNFYAJ32Sjw5ssckytM4l1K/46oo3S26CEPGuOvwv0SK9sbPRKzL20gulQzDNtYpII0H0mW4OgUIEI2E6i+zxnxO1EUsngAbBeYbqP7plRTj/X5Ovc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com;
 spf=pass smtp.mailfrom=efficios.com;
 dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b=OOTm0N9Q; arc=none smtp.client-ip=158.69.130.18
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b="OOTm0N9Q"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com;
	s=smtpout1; t=1766359786;
	bh=v7Y9Jpp91tliTBnX3yTO+/rJorulikI8K3gXOhRJ/5I=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=OOTm0N9QKa8v9m4VWiu2o+fqq181KmnELB4psxxqAEB0zXvuFUJZZxE7KUFKys2pd
	 h/bjuWvBGwIRsw6ca+9e4wPohsv9V7yQdW5dzufgdSzzCH/L0mHE9PVJX6Bpyte10e
	 713DTDSOs8Np0TN/AkGttfNNpC+v60uU0oD/9mb7uveuup16nvMMhjniwyGtb9df6q
	 ucdPJDnzKZpBbX+BrdCHdUub5uMr1/uatB1vdpag54wmnalERafvRUVVFHT/q1plez
	 3T6CsujturCb8OwUzGZbDBqpLClrB3ynH6chxMKkPbXoB61BV4UJIAHcRvrP1+eGPF
	 aD8rKkZeUpxjg==
Received: from thinkos.internal.efficios.com (unknown
 [IPv6:2606:6d00:100:4000:6450:b8a1:16cf:5ecf])
	by smtpout.efficios.com (Postfix) with ESMTPSA id 4dZHYQ3CMRzdCf;
	Sun, 21 Dec 2025 18:29:46 -0500 (EST)
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Mark Brown <broonie@kernel.org>,
	linux-mm@kvack.org
Subject: [PATCH v1 4/5] mm: Take into account hierarchical percpu tree items
 for static mm_struct definitions
Date: Sun, 21 Dec 2025 18:29:25 -0500
Message-Id: <20251221232926.450602-5-mathieu.desnoyers@efficios.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
References: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Both init_mm and efi_mm static definitions need to make room for the
hierarchical percpu counters items.

This fixes possible out-of-bounds accesses to init_mm and efi_mm.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Brown <broonie@kernel.org>
Cc: linux-mm@kvack.org
---
 include/linux/mm_types.h            |  6 ++--
 include/linux/percpu_counter_tree.h | 51 +++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index aefa64db3499..234374c46b71 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -1366,9 +1366,9 @@ static inline void __mm_flags_set_mask_bits_word(stru=
ct mm_struct *mm,
 			 MT_FLAGS_USE_RCU)
 extern struct mm_struct init_mm;
=20
-#define MM_STRUCT_FLEXIBLE_ARRAY_INIT				\
-{								\
-	[0 ... sizeof(cpumask_t) + MM_CID_STATIC_SIZE - 1] =3D 0	\
+#define MM_STRUCT_FLEXIBLE_ARRAY_INIT									\
+{													\
+	[0 ... sizeof(cpumask_t) + MM_CID_STATIC_SIZE + PERCPU_COUNTER_TREE_ITEMS=
_STATIC_SIZE - 1] =3D 0	\
 }
=20
 /* Pointer magic because the dynamic array size confuses some compilers. */
diff --git a/include/linux/percpu_counter_tree.h b/include/linux/percpu_cou=
nter_tree.h
index 0daf09e08111..2e8b1ce5cd13 100644
--- a/include/linux/percpu_counter_tree.h
+++ b/include/linux/percpu_counter_tree.h
@@ -10,6 +10,52 @@
=20
 #ifdef CONFIG_SMP
=20
+#if NR_CPUS =3D=3D (1U << 0)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	0
+#elif NR_CPUS <=3D (1U << 1)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	1
+#elif NR_CPUS <=3D (1U << 2)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	3
+#elif NR_CPUS <=3D (1U << 3)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	7
+#elif NR_CPUS <=3D (1U << 4)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	7
+#elif NR_CPUS <=3D (1U << 5)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	11
+#elif NR_CPUS <=3D (1U << 6)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	21
+#elif NR_CPUS <=3D (1U << 7)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	21
+#elif NR_CPUS <=3D (1U << 8)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	37
+#elif NR_CPUS <=3D (1U << 9)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	73
+#elif NR_CPUS <=3D (1U << 10)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	149
+#elif NR_CPUS <=3D (1U << 11)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	293
+#elif NR_CPUS <=3D (1U << 12)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	585
+#elif NR_CPUS <=3D (1U << 13)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	1173
+#elif NR_CPUS <=3D (1U << 14)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	2341
+#elif NR_CPUS <=3D (1U << 15)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	4681
+#elif NR_CPUS <=3D (1U << 16)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	4681
+#elif NR_CPUS <=3D (1U << 17)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	8777
+#elif NR_CPUS <=3D (1U << 18)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	17481
+#elif NR_CPUS <=3D (1U << 19)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	34953
+#elif NR_CPUS <=3D (1U << 20)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	69905
+#else
+# error "Unsupported number of CPUs."
+#endif
+
 struct percpu_counter_tree_level_item {
 	atomic_t count;			/*
 					 * Count the number of carry fort this tree item.
@@ -18,6 +64,9 @@ struct percpu_counter_tree_level_item {
 					 */
 } ____cacheline_aligned_in_smp;
=20
+#define PERCPU_COUNTER_TREE_ITEMS_STATIC_SIZE	\
+	(PERCPU_COUNTER_TREE_STATIC_NR_ITEMS * sizeof(struct percpu_counter_tree_=
level_item))
+
 struct percpu_counter_tree {
 	/* Fast-path fields. */
 	unsigned int __percpu *level0;	/* Pointer to per-CPU split counters (tree=
 level 0). */
@@ -92,6 +141,8 @@ int percpu_counter_tree_approximate_sum(struct percpu_co=
unter_tree *counter)
=20
 #else	/* !CONFIG_SMP */
=20
+#define PERCPU_COUNTER_TREE_ITEMS_STATIC_SIZE	0
+
 struct percpu_counter_tree_level_item;
=20
 struct percpu_counter_tree {
--=20
2.39.5
From nobody Sun Feb  8 05:23:15 2026
Received: from smtpout.efficios.com (smtpout.efficios.com [158.69.130.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 567BB27E05A
	for <linux-kernel@vger.kernel.org>; Sun, 21 Dec 2025 23:29:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=158.69.130.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1766359796; cv=none;
 b=DmgcWGSbdnkQHDPib/Hfa3GoR2tTz4GIUuWUvCxvDvtvGjBD9QBt44TgUG2tbIhpnaSHfavLOpUotX8t1ccAmdL6gaMOnkcXntlQnu/yjQVL0vIWx7a61Lk4Ffa/nCeAvWAWiEqcXg3sEbGK3iGcVPpNV8vrlmKrO/Iqf6z33Dg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1766359796; c=relaxed/simple;
	bh=YyBuFGysnlGk6QkasmTb9UZ3Q8qqhsfrWdFqLi9lNpg=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=BZV9rp5ku8/1CjpSVNXyYNeGWvAMqrkiR+zWH7b9dMiPdJlVuzMRf1QHnw/G+9OKh7E63ABAi0etSmCgIlOyA6IXEsO87Njcs799595jmZ2piyjAWbtjqsrv8dbvBW+yqjnkzjxL0eJqy/p2hZwucC6b9RsXZnBf7cY1nNtw1qg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com;
 spf=pass smtp.mailfrom=efficios.com;
 dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b=PgvMIKuY; arc=none smtp.client-ip=158.69.130.18
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b="PgvMIKuY"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com;
	s=smtpout1; t=1766359786;
	bh=1MzIdp3++EW9jR4viQGn26PxJ/MrNC9X0AWB2R5jbVg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=PgvMIKuYdwYykqjiye99wCEJvGuExeaBUNDMjDguc7hFesZEMFSdm/2nW/1SSChe9
	 5Z0i342gnbxzO16o5nyWloqRENbS7jfJHEwdlgrSDwoFr0d2+QsnyHMAuyOAlIVeJA
	 ROintfIlZR7cXHH9Za4jX7CklcshWfGwMBQaftb35GItWNVX/Du0sgbktalF5yc1UV
	 6X6WJu8UdmobHf62Yx4cPbBZtN6hQN6PUkgaZZHj1AtsleHeLj5atxEG9RJiML6BPp
	 X3wm9zUK9kRTDTNiWGr7bQILaBg6IBHRL8Wls0hLCFV8FqVPrazBcNIJ7bjdaha2qd
	 gdI8ZqE/DqG7A==
Received: from thinkos.internal.efficios.com (unknown
 [IPv6:2606:6d00:100:4000:6450:b8a1:16cf:5ecf])
	by smtpout.efficios.com (Postfix) with ESMTPSA id 4dZHYQ43gczcBx;
	Sun, 21 Dec 2025 18:29:46 -0500 (EST)
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Mark Brown <broonie@kernel.org>,
	linux-mm@kvack.org
Subject: [PATCH v1 5/5] tsacct: Skip all kernel threads
Date: Sun, 21 Dec 2025 18:29:26 -0500
Message-Id: <20251221232926.450602-6-mathieu.desnoyers@efficios.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
References: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When we hit acct_account_cputime within a irq handler over a kthread
that happens to use a userspace mm, we end up summing up the mm's RSS
into the tsk acct_rss_mem1, which eventually decays.

I don't see a good rationale behind tracking the mm's rss in that way
when a kthread use a userspace mm temporarily through use_mm.

It causes issues with init_mm and efi_mm which only partially initialize
their mm_struct.

Skip all kernel threads in acct_account_cputime(), not just those that
happen to have a NULL mm.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Brown <broonie@kernel.org>
Cc: linux-mm@kvack.org
---
 kernel/tsacct.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/tsacct.c b/kernel/tsacct.c
index 6ea2f6363b90..3ef149b1245d 100644
--- a/kernel/tsacct.c
+++ b/kernel/tsacct.c
@@ -125,7 +125,7 @@ static void __acct_update_integrals(struct task_struct =
*tsk,
 {
 	u64 time, delta;
=20
-	if (!likely(tsk->mm))
+	if (!tsk->mm || (tsk->flags & PF_KTHREAD))
 		return;
=20
 	time =3D stime + utime;
--=20
2.39.5