From nobody Sun Feb 8 12:19:53 2026 Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A1F8318B9E for ; Tue, 13 Jan 2026 20:54:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768337692; cv=none; b=UkTG4/FeEjdQ1iZm5QpbI2Ab2BK+uIql/XB8QZLCXEuWpYEpcpw3x5UNnPWOVNlrahKsP16pRlSiAKSm8Z72wdwndx1jNHDwQ5u+UoVWojGWeJEISlCAEUg0xh5o6pbJdJvezC4sPj93F7vXUnUQW3ORGA/wryAJiY0yFUs/iOQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768337692; c=relaxed/simple; bh=wTOWbVc1YyBI4F/q7d7dsO7dLJYBNCPPntGicxlsL4g=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=AwK7gNRaXL+A9clvf9dZa42Et90gN3EcZZgzNtJAMpVt1e7mKyvpNkRkXaVyqfnlADU2G1tX3+CeBWK1q2TBo3CxnAFfbqBQEAeAkFzOgElEarW/zoyZZ8gyEyVFwacM8B2qvsIbMjMIMxR4cDEVLHlZWifbOz8g5YjtMlwLAFs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=delta-utec.com; spf=none smtp.mailfrom=delta-utec.com; dkim=pass (2048-bit key) header.d=delta-utec-com.20230601.gappssmtp.com header.i=@delta-utec-com.20230601.gappssmtp.com header.b=Bp9rJMsJ; arc=none smtp.client-ip=209.85.208.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=delta-utec.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=delta-utec.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=delta-utec-com.20230601.gappssmtp.com header.i=@delta-utec-com.20230601.gappssmtp.com header.b="Bp9rJMsJ" Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-652fdd043f9so2430088a12.1 for ; Tue, 13 Jan 2026 12:54:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delta-utec-com.20230601.gappssmtp.com; s=20230601; t=1768337689; x=1768942489; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=iBXCI1NxCm0VpYg1PG7P3767JpLF5L8JaV0ecrmcQTM=; b=Bp9rJMsJvHtdDxWKv+Qjs9M3FQLSAWw+tr62xr+ajjA/3HeeqWDcxJPBsnT9Fs+FKU Zk3/WSVuin5iw/vPQQhvtWZ75OZ73WIUAmc0CM0kIdIe+2QITsIRbecknTx6SV626D++ FQOy+ACDRGORWnBF8vIUVH1oOaYuTacDEPn3nW5COGe79VpfRYfKpi0MvfqEuaRPQcBE qZVR/L1BderHWF/G0JBFwa3ida0PhRUkLJwwD3a1sHB+078zRJZ8F4DzE8Hnu2fD2pKK pBJtfoSwmstrWXmGQ7igESl/fvL9OB7ro94y3vfISv92Joth9QbFu86zRPVzxA8av9E5 QiFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768337689; x=1768942489; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=iBXCI1NxCm0VpYg1PG7P3767JpLF5L8JaV0ecrmcQTM=; b=COwcqvcnPhq0lEQ1z4p5sVZGBp0dkLexZFsMUA+9PoQjAySS8cKo0DgH9SJV9SneOm FsKs1Lbr6Rd8fPy0aYNUHYTimtjqLisQeHyPtHntZnyvhUjPjbljM3PGc0u0IjS7SKqa 1ZYVJy2BUAg+yiHQ39bi1dwNRcyZ9J6UOxuDXmFVK+5lJ9ci91qeZp/qF7yUyHNKOxcF XmnWa3Fdcb2l8aPNyUGqocTjIW5FmNL3gR9uYid3JC82EnOjMHhTu+tBy1yq5fobaAQ+ PxE4AnE/u69jJIeQzAHIKhWpQAr1zdYK2FyFJmSfBSAlzKbBShTgNjcG7c2oD7RMLzXC A6PA== X-Forwarded-Encrypted: i=1; AJvYcCV2YpsoKiNimkYkugWvDIx4SSMxry5o/ZZWJtd5ouVhKmT8Y86Bh3/q3xghgeiuwj6S10MYmaPtyWpCBC0=@vger.kernel.org X-Gm-Message-State: AOJu0YyUppyFg/14WfG2VLZWtPNBkVjbvqwswmcDuvkfPpCaE7GLAo/t zMLw3flQ9Xda51BfqF3RDqg5z15DMJwNZ6J05KZcaSw6Dl5kLIQ/hCCkPEumoYzeWA== X-Gm-Gg: AY/fxX4XDi5U7tjC6qh6WrgZa7od2Ag47m4q8OBJkp993bv8dT/i3Iy5c60+A64onts DM5RhL8Koll253OzdoYKoygGWW0EKyb/WiTzyz2PN205Fe5nIXwCR41cVru9t6vpdUyHC+FsWQC ZjXqHhpDIErzh7yiFRCgnZLbvI5KPCaUs2wOCvBFfktzJ6wVPULMCNRuKrpRfmE8c3YT/YrReE3 lL8ugi0DDs2ZXxP/L/ebqzxskq30yMT54PTJb63Vx3uTDvlfM1KE07cePdOJa9eHsk8/wHxqrhh RzASmE0k25s/PzmZPkscj5PSzAlyCf7UBr8V/W1XjRgBOnUpFKdQoNqFFByQJa4PtF28pnj2n12 HoZV6YXOK3lxyMLyp5FSV8HjtHwEJFQ/jSFX3xrPzcoGx8Oji9a/UhRh9+3K9Juz5ODOECL3DEa 8yIicVEV/GbK2L8tu7xCvoGPSKoMstThAJbRtUTFzPotYYku8dJGmFTIkyzPHpzjEy4Z8xEuOVa o5h+3HpRKT3PuQ/RC7o1b36hFJJf7CxXqG5AsP+ X-Received: by 2002:a05:6402:2695:b0:64b:48b4:d71f with SMTP id 4fb4d7f45d1cf-653ec109310mr251481a12.7.1768337688812; Tue, 13 Jan 2026 12:54:48 -0800 (PST) Received: from localhost.localdomain (2001-1c00-3405-d100-2712-2470-a5e7-f14a.cable.dynamic.v6.ziggo.nl. [2001:1c00:3405:d100:2712:2470:a5e7:f14a]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-6507b8c4484sm21227673a12.7.2026.01.13.12.54.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jan 2026 12:54:48 -0800 (PST) From: Boudewijn van der Heide To: Andrew Morton Cc: Vlastimil Babka , Suren Baghdasaryan , Michal Hocko , Brendan Jackman , Johannes Weiner , Zi Yan , Naoya Horiguchi , Oscar Salvador , linux-mm@kvack.org, linux-kernel@vger.kernel.org, boudewijn@delta-utec.com Subject: [PATCH] mm/page_alloc: Fix freeing of failed-split poisoned compound pages Date: Tue, 13 Jan 2026 21:54:41 +0100 Message-ID: <20260113205441.506897-1-boudewijn@delta-utec.com> X-Mailer: git-send-email 2.47.3 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" free_pages_prepare() only handles poisoned order-0 pages. In memory_failure() (hard offline), pages are poisoned before attempting to split huge pages. If the split fails, the page remains a compound (order > 0) but is already poisoned. However, Soft-offline pages are always poisoned as order-0 after migration, so they are unaffected. The '!order' check causes these poisoned compound pages to skip poison handling, leaving them in the buddy allocator. Worst case, a poisoned compound page could be reallocated, potentially leading to crashes, silent data corruption, or unwanted memory containment actions before the poison bit is detected. This patch removes the '&& !order' restriction. Cleanup functions in the poison-handling block correctly handle non-zero order pages, making this change safe. Fixes: 79f5f8fab482 ("mm,hwpoison: rework soft offline for in-use pages") Signed-off-by: Boudewijn van der Heide --- mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index c380f063e8b7..64d15e56706c 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -1344,7 +1344,7 @@ __always_inline bool free_pages_prepare(struct page *= page, count_vm_events(UNEVICTABLE_PGCLEARED, nr_pages); } =20 - if (unlikely(PageHWPoison(page)) && !order) { + if (unlikely(PageHWPoison(page))) { /* Do not let hwpoison pages hit pcplists/buddy */ reset_page_owner(page, order); page_table_check_free(page, order); --=20 2.47.3