From nobody Mon Feb  9 08:28:38 2026
Received: from smtpout.efficios.com (smtpout.efficios.com [158.69.130.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C13DA274FD0
	for <linux-kernel@vger.kernel.org>; Sun, 21 Dec 2025 23:29:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=158.69.130.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1766359795; cv=none;
 b=kuZInmiMpVx7UUBai6Se4WDPjqtw7ymMvY1p9AcTsjYqdWJtxb81kfe72+hSTxO9w+Nxf2nGUpqwnM4zoHk0cXUZ4sC8PTeo2qw8qqW9E5lyI5YHJfI3PvaOHXlbWCgJLINpptGvW3rVqvQ69EoYjex7Uk8nFiROCej7c3684QI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1766359795; c=relaxed/simple;
	bh=jsRL1lzCYtFAABNL7DZrYU73lahEQRMvKPD5KlQgUR4=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=PCM6QiDZKQUBE7J5tabhlu2zsnQ/WbCvO5ucE+nwH1piDZ1Iq9vRIKUC9mNFYAJ32Sjw5ssckytM4l1K/46oo3S26CEPGuOvwv0SK9sbPRKzL20gulQzDNtYpII0H0mW4OgUIEI2E6i+zxnxO1EUsngAbBeYbqP7plRTj/X5Ovc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com;
 spf=pass smtp.mailfrom=efficios.com;
 dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b=OOTm0N9Q; arc=none smtp.client-ip=158.69.130.18
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=efficios.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com
 header.b="OOTm0N9Q"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com;
	s=smtpout1; t=1766359786;
	bh=v7Y9Jpp91tliTBnX3yTO+/rJorulikI8K3gXOhRJ/5I=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=OOTm0N9QKa8v9m4VWiu2o+fqq181KmnELB4psxxqAEB0zXvuFUJZZxE7KUFKys2pd
	 h/bjuWvBGwIRsw6ca+9e4wPohsv9V7yQdW5dzufgdSzzCH/L0mHE9PVJX6Bpyte10e
	 713DTDSOs8Np0TN/AkGttfNNpC+v60uU0oD/9mb7uveuup16nvMMhjniwyGtb9df6q
	 ucdPJDnzKZpBbX+BrdCHdUub5uMr1/uatB1vdpag54wmnalERafvRUVVFHT/q1plez
	 3T6CsujturCb8OwUzGZbDBqpLClrB3ynH6chxMKkPbXoB61BV4UJIAHcRvrP1+eGPF
	 aD8rKkZeUpxjg==
Received: from thinkos.internal.efficios.com (unknown
 [IPv6:2606:6d00:100:4000:6450:b8a1:16cf:5ecf])
	by smtpout.efficios.com (Postfix) with ESMTPSA id 4dZHYQ3CMRzdCf;
	Sun, 21 Dec 2025 18:29:46 -0500 (EST)
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Mark Brown <broonie@kernel.org>,
	linux-mm@kvack.org
Subject: [PATCH v1 4/5] mm: Take into account hierarchical percpu tree items
 for static mm_struct definitions
Date: Sun, 21 Dec 2025 18:29:25 -0500
Message-Id: <20251221232926.450602-5-mathieu.desnoyers@efficios.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
References: <20251221232926.450602-1-mathieu.desnoyers@efficios.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Both init_mm and efi_mm static definitions need to make room for the
hierarchical percpu counters items.

This fixes possible out-of-bounds accesses to init_mm and efi_mm.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Brown <broonie@kernel.org>
Cc: linux-mm@kvack.org
---
 include/linux/mm_types.h            |  6 ++--
 include/linux/percpu_counter_tree.h | 51 +++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index aefa64db3499..234374c46b71 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -1366,9 +1366,9 @@ static inline void __mm_flags_set_mask_bits_word(stru=
ct mm_struct *mm,
 			 MT_FLAGS_USE_RCU)
 extern struct mm_struct init_mm;
=20
-#define MM_STRUCT_FLEXIBLE_ARRAY_INIT				\
-{								\
-	[0 ... sizeof(cpumask_t) + MM_CID_STATIC_SIZE - 1] =3D 0	\
+#define MM_STRUCT_FLEXIBLE_ARRAY_INIT									\
+{													\
+	[0 ... sizeof(cpumask_t) + MM_CID_STATIC_SIZE + PERCPU_COUNTER_TREE_ITEMS=
_STATIC_SIZE - 1] =3D 0	\
 }
=20
 /* Pointer magic because the dynamic array size confuses some compilers. */
diff --git a/include/linux/percpu_counter_tree.h b/include/linux/percpu_cou=
nter_tree.h
index 0daf09e08111..2e8b1ce5cd13 100644
--- a/include/linux/percpu_counter_tree.h
+++ b/include/linux/percpu_counter_tree.h
@@ -10,6 +10,52 @@
=20
 #ifdef CONFIG_SMP
=20
+#if NR_CPUS =3D=3D (1U << 0)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	0
+#elif NR_CPUS <=3D (1U << 1)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	1
+#elif NR_CPUS <=3D (1U << 2)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	3
+#elif NR_CPUS <=3D (1U << 3)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	7
+#elif NR_CPUS <=3D (1U << 4)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	7
+#elif NR_CPUS <=3D (1U << 5)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	11
+#elif NR_CPUS <=3D (1U << 6)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	21
+#elif NR_CPUS <=3D (1U << 7)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	21
+#elif NR_CPUS <=3D (1U << 8)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	37
+#elif NR_CPUS <=3D (1U << 9)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	73
+#elif NR_CPUS <=3D (1U << 10)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	149
+#elif NR_CPUS <=3D (1U << 11)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	293
+#elif NR_CPUS <=3D (1U << 12)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	585
+#elif NR_CPUS <=3D (1U << 13)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	1173
+#elif NR_CPUS <=3D (1U << 14)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	2341
+#elif NR_CPUS <=3D (1U << 15)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	4681
+#elif NR_CPUS <=3D (1U << 16)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	4681
+#elif NR_CPUS <=3D (1U << 17)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	8777
+#elif NR_CPUS <=3D (1U << 18)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	17481
+#elif NR_CPUS <=3D (1U << 19)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	34953
+#elif NR_CPUS <=3D (1U << 20)
+# define PERCPU_COUNTER_TREE_STATIC_NR_ITEMS	69905
+#else
+# error "Unsupported number of CPUs."
+#endif
+
 struct percpu_counter_tree_level_item {
 	atomic_t count;			/*
 					 * Count the number of carry fort this tree item.
@@ -18,6 +64,9 @@ struct percpu_counter_tree_level_item {
 					 */
 } ____cacheline_aligned_in_smp;
=20
+#define PERCPU_COUNTER_TREE_ITEMS_STATIC_SIZE	\
+	(PERCPU_COUNTER_TREE_STATIC_NR_ITEMS * sizeof(struct percpu_counter_tree_=
level_item))
+
 struct percpu_counter_tree {
 	/* Fast-path fields. */
 	unsigned int __percpu *level0;	/* Pointer to per-CPU split counters (tree=
 level 0). */
@@ -92,6 +141,8 @@ int percpu_counter_tree_approximate_sum(struct percpu_co=
unter_tree *counter)
=20
 #else	/* !CONFIG_SMP */
=20
+#define PERCPU_COUNTER_TREE_ITEMS_STATIC_SIZE	0
+
 struct percpu_counter_tree_level_item;
=20
 struct percpu_counter_tree {
--=20
2.39.5