From: Bing Jiao <bingjiao@google.com>
To: bingjiao@google.com
Cc: akpm@linux-foundation.org, axelrasmussen@google.com,
david@kernel.org, hannes@cmpxchg.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
lorenzo.stoakes@oracle.com, mhocko@kernel.org,
shakeel.butt@linux.dev, weixugc@google.com, yuanchu@google.com,
zhengqi.arch@bytedance.com
Subject: [PATCH v2] mm/vmscan: fix unintended mtc->nmask mutation in alloc_demote_folio()
Date: Tue, 3 Mar 2026 05:25:17 +0000 [thread overview]
Message-ID: <20260303052519.109244-1-bingjiao@google.com> (raw)
In-Reply-To: <20260302070351.3465439-1-bingjiao@google.com>
In alloc_demote_folio(), mtc->nmask is set to NULL for the first
allocation. If that succeeds, it returns without restoring mtc->nmask
to allowed_mask. For subsequent allocations from the migrate_pages()
batch, mtc->nmask will be NULL. If the target node then becomes full,
the fallback allocation will use nmask = NULL, allocating from any
node allowed by the task cpuset, which for kswapd is all nodes.
To address this issue, use a local copy of the mtc structure with
nmask = NULL for the first allocation attempt specifically, ensuring
the original mtc remains unmodified.
Fixes: 320080272892 ("mm/demotion: demote pages according to allocation fallback order")
Signed-off-by: Bing Jiao <bingjiao@google.com>
---
mm/vmscan.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/mm/vmscan.c b/mm/vmscan.c
index cbffc0a27824..c4e0ce737e03 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -966,13 +966,11 @@ static void folio_check_dirty_writeback(struct folio *folio,
static struct folio *alloc_demote_folio(struct folio *src,
unsigned long private)
{
+ struct migration_target_control *mtc, target_nid_mtc;
struct folio *dst;
- nodemask_t *allowed_mask;
- struct migration_target_control *mtc;
mtc = (struct migration_target_control *)private;
- allowed_mask = mtc->nmask;
/*
* make sure we allocate from the target node first also trying to
* demote or reclaim pages from the target node via kswapd if we are
@@ -982,15 +980,13 @@ static struct folio *alloc_demote_folio(struct folio *src,
* a demotion of cold pages from the target memtier. This can result
* in the kernel placing hot pages in slower(lower) memory tiers.
*/
- mtc->nmask = NULL;
- mtc->gfp_mask |= __GFP_THISNODE;
- dst = alloc_migration_target(src, (unsigned long)mtc);
+ target_nid_mtc = *mtc;
+ target_nid_mtc.nmask = NULL;
+ target_nid_mtc.gfp_mask |= __GFP_THISNODE;
+ dst = alloc_migration_target(src, (unsigned long)&target_nid_mtc);
if (dst)
return dst;
- mtc->gfp_mask &= ~__GFP_THISNODE;
- mtc->nmask = allowed_mask;
-
return alloc_migration_target(src, (unsigned long)mtc);
}
--
2.53.0.473.g4a7958ca14-goog
prev parent reply other threads:[~2026-03-03 5:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-02 7:03 [PATCH] mm/vmscan: restore allowed mask " Bing Jiao
2026-03-02 8:00 ` David Hildenbrand (Arm)
2026-03-02 19:18 ` Bing Jiao
2026-03-03 5:25 ` Bing Jiao [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260303052519.109244-1-bingjiao@google.com \
--to=bingjiao@google.com \
--cc=akpm@linux-foundation.org \
--cc=axelrasmussen@google.com \
--cc=david@kernel.org \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mhocko@kernel.org \
--cc=shakeel.butt@linux.dev \
--cc=weixugc@google.com \
--cc=yuanchu@google.com \
--cc=zhengqi.arch@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox