From: Shivam Kalra <shivamkalra98@zohomail.in>

Fix the grow-in-place check in vrealloc() to compare the requested size
against the actual physical page count (vm->nr_pages) rather than the
virtual area size (alloced_size, derived from get_vm_area_size()).

The virtual reservation size (get_vm_area_size()) does not decrease when
pages are freed during a shrink operation. Consequently, without this fix,
a subsequent grow-in-place operation after a shrink would incorrectly
succeed and attempt to access freed pages. Correcting this check is a
prerequisite for the upcoming vrealloc() shrink functionality.

Signed-off-by: Shivam Kalra <shivamkalra98@zohomail.in>
---
 mm/vmalloc.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 79a57955345d..133c3b0418fe 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -4343,6 +4343,12 @@ void *vrealloc_node_align_noprof(const void *p, size_t size, unsigned long align
 		if (unlikely(flags & __GFP_THISNODE) && nid != NUMA_NO_NODE &&
 			     nid != page_to_nid(vmalloc_to_page(p)))
 			goto need_realloc;
+	} else {
+		/*
+		 * If p is NULL, vrealloc behaves exactly like vmalloc.
+		 * Skip the shrink and in-place grow paths.
+		 */
+		goto need_realloc;
 	}
 
 	/*
@@ -4361,7 +4367,7 @@ void *vrealloc_node_align_noprof(const void *p, size_t size, unsigned long align
 	/*
 	 * We already have the bytes available in the allocation; use them.
 	 */
-	if (size <= alloced_size) {
+	if (size <= (size_t)vm->nr_pages << PAGE_SHIFT) {
 		/*
 		 * No need to zero memory here, as unused memory will have
 		 * already been zeroed at initial allocation time or during

-- 
2.43.0

On Tue, Mar 24, 2026 at 03:30:27PM +0530, Shivam Kalra via B4 Relay wrote:
> From: Shivam Kalra <shivamkalra98@zohomail.in>
> 
> Fix the grow-in-place check in vrealloc() to compare the requested size
> against the actual physical page count (vm->nr_pages) rather than the
> virtual area size (alloced_size, derived from get_vm_area_size()).
> 
> The virtual reservation size (get_vm_area_size()) does not decrease when
> pages are freed during a shrink operation. Consequently, without this fix,
> a subsequent grow-in-place operation after a shrink would incorrectly
> succeed and attempt to access freed pages. Correcting this check is a
> prerequisite for the upcoming vrealloc() shrink functionality.
> 
> Signed-off-by: Shivam Kalra <shivamkalra98@zohomail.in>

This commit is titled 'fix', but is it actually a fix for a bug that
exists today? Or is it just a refactor to support the follow-up
shrinking logic?

Alice

On 24/03/26 16:31, Alice Ryhl wrote:
> On Tue, Mar 24, 2026 at 03:30:27PM +0530, Shivam Kalra via B4 Relay wrote:
>> From: Shivam Kalra <shivamkalra98@zohomail.in>
>>
>> Fix the grow-in-place check in vrealloc() to compare the requested size
>> against the actual physical page count (vm->nr_pages) rather than the
>> virtual area size (alloced_size, derived from get_vm_area_size()).
>>
>> The virtual reservation size (get_vm_area_size()) does not decrease when
>> pages are freed during a shrink operation. Consequently, without this fix,
>> a subsequent grow-in-place operation after a shrink would incorrectly
>> succeed and attempt to access freed pages. Correcting this check is a
>> prerequisite for the upcoming vrealloc() shrink functionality.
>>
>> Signed-off-by: Shivam Kalra <shivamkalra98@zohomail.in>
> 
> This commit is titled 'fix', but is it actually a fix for a bug that
> exists today? Or is it just a refactor to support the follow-up
> shrinking logic?
> 
> Alice
You're right, this is not a fix for a bug that exists today. Currently
get_vm_area_size() and vm->nr_pages << PAGE_SHIFT always return the same
value because no code frees tail pages from a live vmalloc allocation.

The two expressions only diverge once the shrink patch (patch 5/6) is
applied, which reduces nr_pages while keeping vm->size unchanged.

I'll retitle this to something like:

mm/vmalloc: base vrealloc() grow-in-place check on nr_pages

and rephrase the commit message to describe it as a preparatory change
rather than a fix.

Thanks for catching this.