From: Qi Zheng <qi.zheng@linux.dev>
To: hannes@cmpxchg.org, hughd@google.com, mhocko@suse.com,
roman.gushchin@linux.dev, shakeel.butt@linux.dev,
muchun.song@linux.dev, david@kernel.org, ljs@kernel.org,
ziy@nvidia.com, harry.yoo@oracle.com, yosry.ahmed@linux.dev,
imran.f.khan@oracle.com, kamalesh.babulal@oracle.com,
axelrasmussen@google.com, yuanchu@google.com, weixugc@google.com,
chenridong@huaweicloud.com, mkoutny@suse.com,
akpm@linux-foundation.org, hamzamahfooz@linux.microsoft.com,
apais@linux.microsoft.com, lance.yang@linux.dev, bhe@redhat.com,
usamaarif642@gmail.com
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Qi Zheng <zhengqi.arch@bytedance.com>
Subject: [PATCH v2 3/4] mm: memcontrol: correct the nr_pages parameter type of mem_cgroup_update_lru_size()
Date: Wed, 25 Mar 2026 22:13:24 +0800 [thread overview]
Message-ID: <c5b169a3056ee634f6a38cc8cb349d6be541df6d.1774447069.git.zhengqi.arch@bytedance.com> (raw)
In-Reply-To: <cover.1774447069.git.zhengqi.arch@bytedance.com>
From: Qi Zheng <zhengqi.arch@bytedance.com>
The nr_pages parameter of mem_cgroup_update_lru_size() represents a page
count. During the reparenting of LRU folios, the value passed to it can
potentially exceed the maximum value of a 32-bit integer. It should be
declared as long instead of int to match the types used in lruvec size
accounting and to prevent possible overflow.
Update the parameter type to long to ensure correctness.
Reviewed-by: Lorenzo Stoakes (Oracle) <ljs@kernel.org>
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
---
include/linux/memcontrol.h | 2 +-
mm/memcontrol.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
index 0861589695298..dc3fa687759b4 100644
--- a/include/linux/memcontrol.h
+++ b/include/linux/memcontrol.h
@@ -878,7 +878,7 @@ static inline bool mem_cgroup_online(struct mem_cgroup *memcg)
}
void mem_cgroup_update_lru_size(struct lruvec *lruvec, enum lru_list lru,
- int zid, int nr_pages);
+ int zid, long nr_pages);
static inline
unsigned long mem_cgroup_get_zone_lru_size(struct lruvec *lruvec,
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 4a78550f6174e..04076a139dbe3 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1466,7 +1466,7 @@ struct lruvec *folio_lruvec_lock_irqsave(struct folio *folio,
* to or just after a page is removed from an lru list.
*/
void mem_cgroup_update_lru_size(struct lruvec *lruvec, enum lru_list lru,
- int zid, int nr_pages)
+ int zid, long nr_pages)
{
struct mem_cgroup_per_node *mz;
unsigned long *lru_size;
@@ -1483,7 +1483,7 @@ void mem_cgroup_update_lru_size(struct lruvec *lruvec, enum lru_list lru,
size = *lru_size;
if (WARN_ONCE(size < 0,
- "%s(%p, %d, %d): lru_size %ld\n",
+ "%s(%p, %d, %ld): lru_size %ld\n",
__func__, lruvec, lru, nr_pages, size)) {
VM_BUG_ON(1);
*lru_size = 0;
--
2.20.1
next prev parent reply other threads:[~2026-03-25 14:14 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-25 14:13 [PATCH v2 0/4] fix unexpected type conversions and potential overflows Qi Zheng
2026-03-25 14:13 ` [PATCH v2 1/4] mm: memcontrol: correct the type of stats_updates to unsigned long Qi Zheng
2026-03-25 15:28 ` Lorenzo Stoakes (Oracle)
2026-03-26 2:32 ` Qi Zheng
2026-03-26 8:05 ` Lorenzo Stoakes (Oracle)
2026-03-26 8:19 ` Harry Yoo (Oracle)
2026-03-26 8:20 ` Qi Zheng
2026-03-25 14:13 ` [PATCH v2 2/4] mm: memcontrol: change val type to long in __mod_memcg_{lruvec_}state() Qi Zheng
2026-03-26 9:19 ` Lorenzo Stoakes (Oracle)
2026-03-26 14:37 ` David Laight
2026-03-27 2:37 ` Qi Zheng
2026-03-25 14:13 ` Qi Zheng [this message]
2026-03-25 14:13 ` [PATCH v2 4/4] mm: memcontrol: fix unexpected massive positive number in memcg_state_val_in_pages() Qi Zheng
2026-03-26 9:16 ` Lorenzo Stoakes (Oracle)
2026-03-26 9:21 ` Lorenzo Stoakes (Oracle)
2026-03-26 9:32 ` Qi Zheng
2026-03-26 9:38 ` Lorenzo Stoakes (Oracle)
2026-03-27 0:06 ` Andrew Morton
2026-03-27 2:42 ` Qi Zheng
2026-03-27 3:13 ` Andrew Morton
2026-03-27 7:51 ` Lorenzo Stoakes (Oracle)
2026-03-25 14:24 ` [PATCH v2 0/4] fix unexpected type conversions and potential overflows Qi Zheng
2026-03-25 23:57 ` Andrew Morton
2026-03-26 0:28 ` Andrew Morton
2026-03-26 2:30 ` Qi Zheng
2026-03-26 3:27 ` Andrew Morton
2026-03-26 7:14 ` Michal Hocko
2026-03-26 7:51 ` Harry Yoo (Oracle)
2026-03-26 8:18 ` Michal Hocko
2026-03-26 9:22 ` Lorenzo Stoakes (Oracle)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c5b169a3056ee634f6a38cc8cb349d6be541df6d.1774447069.git.zhengqi.arch@bytedance.com \
--to=qi.zheng@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=apais@linux.microsoft.com \
--cc=axelrasmussen@google.com \
--cc=bhe@redhat.com \
--cc=chenridong@huaweicloud.com \
--cc=david@kernel.org \
--cc=hamzamahfooz@linux.microsoft.com \
--cc=hannes@cmpxchg.org \
--cc=harry.yoo@oracle.com \
--cc=hughd@google.com \
--cc=imran.f.khan@oracle.com \
--cc=kamalesh.babulal@oracle.com \
--cc=lance.yang@linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=ljs@kernel.org \
--cc=mhocko@suse.com \
--cc=mkoutny@suse.com \
--cc=muchun.song@linux.dev \
--cc=roman.gushchin@linux.dev \
--cc=shakeel.butt@linux.dev \
--cc=usamaarif642@gmail.com \
--cc=weixugc@google.com \
--cc=yosry.ahmed@linux.dev \
--cc=yuanchu@google.com \
--cc=zhengqi.arch@bytedance.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox