From nobody Thu Apr 9 14:59:19 2026 Received: from mail-dy1-f202.google.com (mail-dy1-f202.google.com [74.125.82.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAB023BB48 for ; Tue, 3 Mar 2026 05:25:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772515542; cv=none; b=OoIDQeteQN+959Cf0LrnJYCgfRUpv/jgtjZyD1n0GpPIPJcfDJcCBos/9nE9NQKeLiDyWWe/aNeegAWmXMObGWKngAvCCBRzeU4vFDHSTKGf4Dh4HEWcnR5MGcLO0mvCnVXcM6QDp9Ts6TsVt/SY7YYEopHIO942TiCVnvx64hM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772515542; c=relaxed/simple; bh=mLU2pHmrgvmSHWL4Pa5MGnLzSDiGXrUAT+19LT2zQGE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=G+n4iTipcdzAahXfG9IVKJiqwezRRbXdaoOZVj3cctOKQ58qoL/RyqREBgjNyGHEN6aGytyu2ePWXIZrb1UXTEBe4HeFk+A/dJqV2whFyz5WVDbU23cxRRpENPch9a/X7pVaRVNhq4OgDmzFRu3fHXuicZBs1J/Zk9OiVGHvWe4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--bingjiao.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=IFQjs0ih; arc=none smtp.client-ip=74.125.82.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--bingjiao.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="IFQjs0ih" Received: by mail-dy1-f202.google.com with SMTP id 5a478bee46e88-2bdff07d8f4so3118314eec.1 for ; Mon, 02 Mar 2026 21:25:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1772515540; x=1773120340; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=k6P9Cvc5u0BaqZ0ifWcq/2P9uYbL+PXFQEz5HrmvWPE=; b=IFQjs0ihoy5jh3ll60J68IAPC2SPrFravIdwbXyZ9g6J0tnvgCE9jOenpivgibA4OG XRTTx5Mm9pPpIrqzjXx4oF27yY713Il0kx3btRceBlEGErlW3L0ZJ0zLtyoKBTkTdbap mi+RxXlIx61TSWxAtHz2Jnqvmk6UBMs6B6ea4PWl4orlcJbI/E9AKxRAD/QawRjIdXDq d+79ZcyGwY2HNheAxY8EU8IqXh6Dxs8AIKU2RLGT8K6q+CoV8B3tN3bTOsWWZlFuphCD STOzYSav5NHw1s7aRCm6da2sU/HNbDD6oN3WtzZPhhyjy1zcFLtl9VkNZTFfIqrWjRve r21w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772515540; x=1773120340; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=k6P9Cvc5u0BaqZ0ifWcq/2P9uYbL+PXFQEz5HrmvWPE=; b=H3lF/QO06zfwRhUwed0bSTZYrjXDsKt3/m9EYFMrylTP0FqKO8q38RhoYq8WuTvfSZ 2pKBG2GvhzTmI80T1UAN0LI/fjVXAWkHQUklsPJp26UwYRjtgymtzG5U/ZEe+EaM5PYV sZO4Fqa2JW5bzvvSugMdmSJ5v1bQCL0cbLL99GvO5wBOcCr/WCJWNJjXAiAzEloBPmOs 1sIGgOIWh+2dgOJ+K1fDKxyZJcnk57qtuh28YYqF7me4664fMAp6g0GUUxKl7jsm6c+k dJCr8lsMootiZHZxSVJSUUh8MoHfZhxlWVE9On7rduVIx4zgBWnUrOXP42Vg1e0iQpVR nluA== X-Forwarded-Encrypted: i=1; AJvYcCVcaE0Jsc7mubN8kAj8SzTgcEwl3aAwiGSTl4mh8YeAEbFLgiTrevQ7JJYiNXe4vgQV1+wDLL5IY8URnlU=@vger.kernel.org X-Gm-Message-State: AOJu0YyHrPMuKuUISrwQL3wfrXhPOBTccthDF9lcJl9IhnttRTUGEbjj Qf+a0u2ulsrP8WPJkuEDfhrNrC/eX93cIWvG46qAGd2kLWPRcgmgy32NOGSAt442n87ZpOsE524 Ix7iKp9X0yXBhzA== X-Received: from dlbpd8.prod.google.com ([2002:a05:7022:1408:b0:127:8d0d:ba17]) (user=bingjiao job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7022:248a:b0:124:b11f:67ec with SMTP id a92af1059eb24-1278fc6f217mr5778394c88.39.1772515539799; Mon, 02 Mar 2026 21:25:39 -0800 (PST) Date: Tue, 3 Mar 2026 05:25:17 +0000 In-Reply-To: <20260302070351.3465439-1-bingjiao@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260302070351.3465439-1-bingjiao@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260303052519.109244-1-bingjiao@google.com> Subject: [PATCH v2] mm/vmscan: fix unintended mtc->nmask mutation in alloc_demote_folio() From: Bing Jiao To: bingjiao@google.com Cc: akpm@linux-foundation.org, axelrasmussen@google.com, david@kernel.org, hannes@cmpxchg.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, mhocko@kernel.org, shakeel.butt@linux.dev, weixugc@google.com, yuanchu@google.com, zhengqi.arch@bytedance.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In alloc_demote_folio(), mtc->nmask is set to NULL for the first allocation. If that succeeds, it returns without restoring mtc->nmask to allowed_mask. For subsequent allocations from the migrate_pages() batch, mtc->nmask will be NULL. If the target node then becomes full, the fallback allocation will use nmask =3D NULL, allocating from any node allowed by the task cpuset, which for kswapd is all nodes. To address this issue, use a local copy of the mtc structure with nmask =3D NULL for the first allocation attempt specifically, ensuring the original mtc remains unmodified. Fixes: 320080272892 ("mm/demotion: demote pages according to allocation fal= lback order") Signed-off-by: Bing Jiao Acked-by: David Hildenbrand (Arm) Reviewed-by: Lorenzo Stoakes --- mm/vmscan.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/mm/vmscan.c b/mm/vmscan.c index cbffc0a27824..c4e0ce737e03 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -966,13 +966,11 @@ static void folio_check_dirty_writeback(struct folio = *folio, static struct folio *alloc_demote_folio(struct folio *src, unsigned long private) { + struct migration_target_control *mtc, target_nid_mtc; struct folio *dst; - nodemask_t *allowed_mask; - struct migration_target_control *mtc; mtc =3D (struct migration_target_control *)private; - allowed_mask =3D mtc->nmask; /* * make sure we allocate from the target node first also trying to * demote or reclaim pages from the target node via kswapd if we are @@ -982,15 +980,13 @@ static struct folio *alloc_demote_folio(struct folio = *src, * a demotion of cold pages from the target memtier. This can result * in the kernel placing hot pages in slower(lower) memory tiers. */ - mtc->nmask =3D NULL; - mtc->gfp_mask |=3D __GFP_THISNODE; - dst =3D alloc_migration_target(src, (unsigned long)mtc); + target_nid_mtc =3D *mtc; + target_nid_mtc.nmask =3D NULL; + target_nid_mtc.gfp_mask |=3D __GFP_THISNODE; + dst =3D alloc_migration_target(src, (unsigned long)&target_nid_mtc); if (dst) return dst; - mtc->gfp_mask &=3D ~__GFP_THISNODE; - mtc->nmask =3D allowed_mask; - return alloc_migration_target(src, (unsigned long)mtc); } -- 2.53.0.473.g4a7958ca14-goog