From nobody Fri Jun 12 18:55:15 2026 Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E1CA1DE3B7 for ; Wed, 13 May 2026 05:54:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.193 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778651679; cv=none; b=qBeKEyl/8mAFWpU1zHXFttB75h1YSTNSGmtm4N9OkVoo1BhHptlOJ4NvQ4xVeh8VKIIFcWErqU3F9AzLA6tuxEvNZtU4CVJ7arFO6ZZP+ilZZIcSq7llyDyt+VUfo93fSl29scsYMsgTq7G1SW6uIeu0djLDSS4LiubXI5g9v8E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778651679; c=relaxed/simple; bh=KZoq6esay09uZMmKlqtj1XqADf8F00AHewVSNrWIg0I=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=Bt6+E2r45mVQCtmfAMPI/dj5HMwZ09puDixUJ6SJplxlEc4gTwxy+ngXfdISUsPOkphPGSuNumSdqncwPoXuaXyTyVw6WmxHYAssCmaIqKAKo0z4PQU+XccV0lWyoayLepLmYozNTw2RDMYSl4+4uNgvUn8IN4mmfjuX+b8JqRM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=aDtCJ70H; arc=none smtp.client-ip=209.85.214.193 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aDtCJ70H" Received: by mail-pl1-f193.google.com with SMTP id d9443c01a7336-2b9ec9443c2so39164185ad.1 for ; Tue, 12 May 2026 22:54:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778651678; x=1779256478; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=6h70PACfeGxFdas58NKRpLs1f9lUrNEWlfzoFG+VXoo=; b=aDtCJ70HJ/NzKxlLPWjPayloLdxL4vf3ojixXTd9f/32rFrw7Erg5AiL7mI3zZzUmv FmSSrJAGX6Ul/vJtl+dqwNYUpVTLRDQiJ2+Rez8ufWy3v8iM7760nh1mrz3Wk31NfLt3 ePdcmOi1oy1IfFv68ckLKT+07PgbUoJkkeZHekZjC41X3LcSlOkYR3NEiaakDyKLBhQa FAMYoi0wYqEcntbDKqh7qCAvt/Ue7rZcUla3HlVXU+eutCvY1msobvAdPOFqQ1QvbQCK E2cmtoyKTlE58ibghqLAEBWYaKeOYEXHeQSdKyCH1mglE91scuYBu117eoNipGxR4+Ka LXJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778651678; x=1779256478; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=6h70PACfeGxFdas58NKRpLs1f9lUrNEWlfzoFG+VXoo=; b=aS27wwehspuH6t2Z5RLfGnq2MVIRC9oSLHKH0ZH+9blschoYOfYd+WkyUjGXuru/VF XaahY2mTJr6sgSIPfsXGBg3ChVYcdi1poDFLLoSHDcUmbNy5jYdfzgk0aRLFv1YTg049 vcrT8nuzhxPd3HY7r2fXPQ5wxuFzYCJ4L1SJbW3nSDr0k93eMVs2M808ieYvfQs+y9c6 cHSsFXa8gaj3L4r24s1U3nio3OkZIyOC166KxbynH4jsRIJ2DH8K1nSGIZ/QMDIHDenv wbzg5Dyyw17gYm8zNlR0XdyrRSp9lZN0bYRS2O4B31SyitVTXYQSaWVzMGRKfdDLhKjV uN8Q== X-Forwarded-Encrypted: i=1; AFNElJ8tubtefwL7zHybGVB1+PVpMcEiE3Jat3KDuSf58bjipD4pbRqMSIfc8VfbYCiCLP8LbSinQgGPEdEf6v0=@vger.kernel.org X-Gm-Message-State: AOJu0YyyAvfhaxAHN770TtPzeiOVCUBrtevV8RFeXKTX/llCmo8dGaKc FKLQTANe+HiA5ildzh2KlHtXnhpQVTqmp+hIgaNOrC8YQt4lyrxoVIqI X-Gm-Gg: Acq92OFOaiAu3p9pr045g4Z5YYWFwDA9UelgKjZEvM3Y+lgUtUgJcCjjtfpjDfFtobz XdSKTy2IuckcbWQirzbQUvkd37CIsbQKumisNbt3GCcUG4J+CUr7jxqZff5kzmCLyuPvp4Wuexr JxSYhEfR9yeyESBpvYzxndNCfKFW72lnyLChjud0EE27rc2oLqp6mL45u/QaDH8xtU96KZdfif7 0oDX9VofgETtYy7l7Es0gO4+utIE08UW9OP8wNAhTCQLRYBAOj6z/N2MevhpywfZpamwHnycpmF VAZzJjKG00x6hmLlSRCPv161xC6gF9oRWdt5sShSWMlqdNoSlwZftbbRUnczHTtilGikkVFv5Cv d/1Y+29qsDQzLmIri8umWcriAgHeRZeEzB2VkAlGgN28lVtX0PVcL2LBfDmRSzz2JSbsofXHyma 9m+ebuW7cYTU41gi/cbFl78trGH0bNimLYsxrZVw== X-Received: by 2002:a17:903:1b2c:b0:2b2:4fc1:f653 with SMTP id d9443c01a7336-2bd270fb751mr18218605ad.3.1778651677756; Tue, 12 May 2026 22:54:37 -0700 (PDT) Received: from intel.company.local ([210.184.73.204]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2baf1d4050dsm146718735ad.31.2026.05.12.22.54.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 May 2026 22:54:37 -0700 (PDT) From: Wandun Chen X-Google-Original-From: Wandun Chen To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: akpm@linux-foundation.org, david@kernel.org, ljs@kernel.org, ziy@nvidia.com, baolin.wang@linux.alibaba.com, liam@infradead.org, npache@redhat.com, ryan.roberts@arm.com, dev.jain@arm.com, baohua@kernel.org, lance.yang@linux.dev Subject: [PATCH v3] mm/khugepaged: avoid underflow in madvise_collapse for sub-PMD MADV_COLLAPSE Date: Wed, 13 May 2026 13:54:28 +0800 Message-ID: <20260513055428.1664898-1-chenwandun@lixiang.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Chen Wandun madvise_collapse() computes the THP-aligned window: hstart =3D ALIGN(start, HPAGE_PMD_SIZE); /* round up */ hend =3D ALIGN_DOWN(end, HPAGE_PMD_SIZE); /* round down */ The following case will cause hstart > hend, and result in underflow in the return statement, avoid it by returning zero early when hstart > hend. The return value is due to input is valid to madvise(), and there is nothing to collapse. madvise(PMD-aligned + PAGE_SIZE, PAGE_SIZE, MADV_COLLAPSE); In addition, kmalloc_obj(), mmgrab() and lru_add_drain_all() are unnecessary when hstart =3D=3D hend, so skip these operations by returning early too. Signed-off-by: Chen Wandun Acked-by: David Hildenbrand (Arm) Reviewed-by: Lorenzo Stoakes --- v2 --> v3: - Return 0 when hstart > hend, suggested by David and Lorenzo. v1 --> v2: - Rebase and resolve code conflict. - Return -EINVAL when hstart > hend, suggested by Lorenzo. - Drop Fixes tag, suggested by David and Lorenzo. - Updated commit message to be more explicit, suggested by Lorenzo. --- mm/khugepaged.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index 28a843f30b32..fd7e893c998d 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -2837,6 +2837,12 @@ int madvise_collapse(struct vm_area_struct *vma, uns= igned long start, if (!thp_vma_allowable_order(vma, vma->vm_flags, TVA_FORCED_COLLAPSE, PMD= _ORDER)) return -EINVAL; =20 + hstart =3D ALIGN(start, HPAGE_PMD_SIZE); + hend =3D ALIGN_DOWN(end, HPAGE_PMD_SIZE); + + if (hstart >=3D hend) + return 0; + cc =3D kmalloc_obj(*cc); if (!cc) return -ENOMEM; @@ -2846,9 +2852,6 @@ int madvise_collapse(struct vm_area_struct *vma, unsi= gned long start, mmgrab(mm); lru_add_drain_all(); =20 - hstart =3D ALIGN(start, HPAGE_PMD_SIZE); - hend =3D ALIGN_DOWN(end, HPAGE_PMD_SIZE); - for (addr =3D hstart; addr < hend; addr +=3D HPAGE_PMD_SIZE) { enum scan_result result =3D SCAN_FAIL; =20 --=20 2.43.0