Commit c25f2fb1 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'mm-hotfixes-stable-2026-01-20-13-09' of... 

Merge tag 'mm-hotfixes-stable-2026-01-20-13-09' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull misc fixes from Andrew Morton:

 - A patch series from David Hildenbrand which fixes a few things
   related to hugetlb PMD sharing

 - The remainder are singletons, please see their changelogs for details

* tag 'mm-hotfixes-stable-2026-01-20-13-09' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
  mm: restore per-memcg proactive reclaim with !CONFIG_NUMA
  mm/kfence: fix potential deadlock in reboot notifier
  Docs/mm/allocation-profiling: describe sysctrl limitations in debug mode
  mm: do not copy page tables unnecessarily for VM_UFFD_WP
  mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather
  mm/rmap: fix two comments related to huge_pmd_unshare()
  mm/hugetlb: fix two comments related to huge_pmd_unshare()
  mm/hugetlb: fix hugetlb_pmd_shared()
  mm: remove unnecessary and incorrect mmap lock assert
  x86/kfence: avoid writing L1TF-vulnerable PTEs
  mm/vma: do not leak memory when .mmap_prepare swaps the file
  migrate: correct lock ordering for hugetlb file folios
  panic: only warn about deprecated panic_print on write access
  fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes()
  mm: take into account mm_cid size for mm_struct static definitions
  mm: rename cpu_bitmap field to flexible_array
  mm: add missing static initializer for init_mm::mm_cid.lock
parents c03e9c42 16aca2c9

Documentation/admin-guide/sysctl/vm.rst

+4 −0
Original line number Diff line number Diff line
@@ -494,6 +494,10 @@ memory allocations. 


The default value depends on CONFIG_MEM_ALLOC_PROFILING_ENABLED_BY_DEFAULT.



When CONFIG_MEM_ALLOC_PROFILING_DEBUG=y, this control is read-only to avoid

warnings produced by allocations made while profiling is disabled and freed

when it's enabled.





memory_failure_early_kill

=========================

Documentation/mm/allocation-profiling.rst

+10 −0
Original line number Diff line number Diff line
@@ -33,6 +33,16 @@ Boot parameter: 
sysctl:

  /proc/sys/vm/mem_profiling



  1: Enable memory profiling.



  0: Disable memory profiling.



  The default value depends on CONFIG_MEM_ALLOC_PROFILING_ENABLED_BY_DEFAULT.



  When CONFIG_MEM_ALLOC_PROFILING_DEBUG=y, this control is read-only to avoid

  warnings produced by allocations made while profiling is disabled and freed

  when it's enabled.



Runtime info:

  /proc/allocinfo

arch/x86/include/asm/kfence.h

+24 −5
Original line number Diff line number Diff line
@@ -42,10 +42,34 @@ static inline bool kfence_protect_page(unsigned long addr, bool protect) 
{

	unsigned int level;

	pte_t *pte = lookup_address(addr, &level);

	pteval_t val;



	if (WARN_ON(!pte || level != PG_LEVEL_4K))

		return false;



	val = pte_val(*pte);



	/*

	 * protect requires making the page not-present.  If the PTE is

	 * already in the right state, there's nothing to do.

	 */

	if (protect != !!(val & _PAGE_PRESENT))

		return true;



	/*

	 * Otherwise, invert the entire PTE.  This avoids writing out an

	 * L1TF-vulnerable PTE (not present, without the high address bits

	 * set).

	 */

	set_pte(pte, __pte(~val));



	/*

	 * If the page was protected (non-present) and we're making it

	 * present, there is no need to flush the TLB at all.

	 */

	if (!protect)

		return true;



	/*

	 * We need to avoid IPIs, as we may get KFENCE allocations or faults

	 * with interrupts disabled. Therefore, the below is best-effort, and
@@ -53,11 +77,6 @@ static inline bool kfence_protect_page(unsigned long addr, bool protect) 
	 * lazy fault handling takes care of faults after the page is PRESENT.

	 */



	if (protect)

		set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT));

	else

		set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT));



	/*

	 * Flush this CPU's TLB, assuming whoever did the allocation/free is

	 * likely to continue running on this CPU.

drivers/firmware/efi/efi.c

+1 −1
Original line number Diff line number Diff line
@@ -74,10 +74,10 @@ struct mm_struct efi_mm = { 
	.page_table_lock	= __SPIN_LOCK_UNLOCKED(efi_mm.page_table_lock),

	.mmlist			= LIST_HEAD_INIT(efi_mm.mmlist),

	.user_ns		= &init_user_ns,

	.cpu_bitmap		= { [BITS_TO_LONGS(NR_CPUS)] = 0},

#ifdef CONFIG_SCHED_MM_CID

	.mm_cid.lock		= __RAW_SPIN_LOCK_UNLOCKED(efi_mm.mm_cid.lock),

#endif

	.flexible_array		= MM_STRUCT_FLEXIBLE_ARRAY_INIT,

};



struct workqueue_struct *efi_rts_wq;

fs/fs-writeback.c

+6 −1
Original line number Diff line number Diff line
@@ -2750,8 +2750,13 @@ static void wait_sb_inodes(struct super_block *sb) 
		 * The mapping can appear untagged while still on-list since we

		 * do not have the mapping lock. Skip it here, wb completion

		 * will remove it.

		 *

		 * If the mapping does not have data integrity semantics,

		 * there's no need to wait for the writeout to complete, as the

		 * mapping cannot guarantee that data is persistently stored.

		 */

		if (!mapping_tagged(mapping, PAGECACHE_TAG_WRITEBACK))

		if (!mapping_tagged(mapping, PAGECACHE_TAG_WRITEBACK) ||

		    mapping_no_data_integrity(mapping))

			continue;



		spin_unlock_irq(&sb->s_inode_wblist_lock);