--- /dev/null
+From hsiangkao@linux.alibaba.com Tue Jul 22 12:00:48 2025
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+Date: Tue, 22 Jul 2025 18:00:29 +0800
+Subject: erofs: address D-cache aliasing
+To: stable@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Jan Kiszka <jan.kiszka@siemens.com>, Stefan Kerkmann <s.kerkmann@pengutronix.de>
+Cc: linux-erofs@lists.ozlabs.org, LKML <linux-kernel@vger.kernel.org>, Gao Xiang <hsiangkao@linux.alibaba.com>
+Message-ID: <20250722100029.3052177-6-hsiangkao@linux.alibaba.com>
+
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+
+commit 27917e8194f91dffd8b4825350c63cb68e98ce58 upstream.
+
+Flush the D-cache before unlocking folios for compressed inodes, as
+they are dirtied during decompression.
+
+Avoid calling flush_dcache_folio() on every CPU write, since it's more
+like playing whack-a-mole without real benefit.
+
+It has no impact on x86 and arm64/risc-v: on x86, flush_dcache_folio()
+is a no-op, and on arm64/risc-v, PG_dcache_clean (PG_arch_1) is clear
+for new page cache folios. However, certain ARM boards are affected,
+as reported.
+
+Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
+Closes: https://lore.kernel.org/r/c1e51e16-6cc6-49d0-a63e-4e9ff6c4dd53@pengutronix.de
+Closes: https://lore.kernel.org/r/38d43fae-1182-4155-9c5b-ffc7382d9917@siemens.com
+Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
+Tested-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
+Link: https://lore.kernel.org/r/20250709034614.2780117-2-hsiangkao@linux.alibaba.com
+Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/erofs/decompressor.c | 6 ++----
+ fs/erofs/zdata.c | 32 +++++++++++++++++++-------------
+ 2 files changed, 21 insertions(+), 17 deletions(-)
+
+--- a/fs/erofs/decompressor.c
++++ b/fs/erofs/decompressor.c
+@@ -342,14 +342,12 @@ static int z_erofs_transform_plain(struc
+
+ if (outpages > inpages) {
+ DBG_BUGON(!rq->out[outpages - 1]);
+- if (rq->out[outpages - 1] != rq->in[inpages - 1]) {
++ if (rq->out[outpages - 1] != rq->in[inpages - 1])
+ memcpy_to_page(rq->out[outpages - 1], 0, src +
+ (interlaced_offset ? 0 : righthalf),
+ lefthalf);
+- } else if (!interlaced_offset) {
++ else if (!interlaced_offset)
+ memmove(src, src + righthalf, lefthalf);
+- flush_dcache_page(rq->in[inpages - 1]);
+- }
+ }
+ kunmap_local(src);
+ return 0;
+--- a/fs/erofs/zdata.c
++++ b/fs/erofs/zdata.c
+@@ -123,9 +123,11 @@ static inline unsigned int z_erofs_pclus
+
+ /*
+ * bit 30: I/O error occurred on this page
++ * bit 29: CPU has dirty data in D-cache (needs aliasing handling);
+ * bit 0 - 29: remaining parts to complete this page
+ */
+-#define Z_EROFS_PAGE_EIO (1 << 30)
++#define Z_EROFS_ONLINEPAGE_EIO 30
++#define Z_EROFS_ONLINEPAGE_DIRTY 29
+
+ static inline void z_erofs_onlinepage_init(struct page *page)
+ {
+@@ -144,7 +146,7 @@ static inline void z_erofs_onlinepage_sp
+ atomic_inc((atomic_t *)&page->private);
+ }
+
+-static void z_erofs_onlinepage_endio(struct page *page, int err)
++static void z_erofs_onlinepage_end(struct page *page, int err, bool dirty)
+ {
+ int orig, v;
+
+@@ -152,16 +154,20 @@ static void z_erofs_onlinepage_endio(str
+
+ do {
+ orig = atomic_read((atomic_t *)&page->private);
+- v = (orig - 1) | (err ? Z_EROFS_PAGE_EIO : 0);
++ DBG_BUGON(orig <= 0);
++ v = dirty << Z_EROFS_ONLINEPAGE_DIRTY;
++ v |= (orig - 1) | (!!err << Z_EROFS_ONLINEPAGE_EIO);
+ } while (atomic_cmpxchg((atomic_t *)&page->private, orig, v) != orig);
+
+- if (!(v & ~Z_EROFS_PAGE_EIO)) {
+- set_page_private(page, 0);
+- ClearPagePrivate(page);
+- if (!(v & Z_EROFS_PAGE_EIO))
+- SetPageUptodate(page);
+- unlock_page(page);
+- }
++ if (v & (BIT(Z_EROFS_ONLINEPAGE_DIRTY) - 1))
++ return;
++ set_page_private(page, 0);
++ ClearPagePrivate(page);
++ if (v & BIT(Z_EROFS_ONLINEPAGE_DIRTY))
++ flush_dcache_page(page);
++ if (!(v & BIT(Z_EROFS_ONLINEPAGE_EIO)))
++ SetPageUptodate(page);
++ unlock_page(page);
+ }
+
+ #define Z_EROFS_ONSTACK_PAGES 32
+@@ -925,7 +931,7 @@ next_part:
+ goto repeat;
+
+ out:
+- z_erofs_onlinepage_endio(page, err);
++ z_erofs_onlinepage_end(page, err, false);
+ return err;
+ }
+
+@@ -1028,7 +1034,7 @@ static void z_erofs_fill_other_copies(st
+ cur += len;
+ }
+ kunmap_local(dst);
+- z_erofs_onlinepage_endio(bvi->bvec.page, err);
++ z_erofs_onlinepage_end(bvi->bvec.page, err, true);
+ list_del(p);
+ kfree(bvi);
+ }
+@@ -1196,7 +1202,7 @@ out:
+ /* recycle all individual short-lived pages */
+ if (z_erofs_put_shortlivedpage(be->pagepool, page))
+ continue;
+- z_erofs_onlinepage_endio(page, err);
++ z_erofs_onlinepage_end(page, err, true);
+ }
+
+ if (be->decompressed_pages != be->onstack_pages)
--- /dev/null
+From hsiangkao@linux.alibaba.com Tue Jul 22 12:00:46 2025
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+Date: Tue, 22 Jul 2025 18:00:27 +0800
+Subject: erofs: drop z_erofs_page_mark_eio()
+To: stable@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Jan Kiszka <jan.kiszka@siemens.com>, Stefan Kerkmann <s.kerkmann@pengutronix.de>
+Cc: linux-erofs@lists.ozlabs.org, LKML <linux-kernel@vger.kernel.org>, Gao Xiang <hsiangkao@linux.alibaba.com>, Yue Hu <huyue2@coolpad.com>, Chao Yu <chao@kernel.org>
+Message-ID: <20250722100029.3052177-4-hsiangkao@linux.alibaba.com>
+
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+
+commit 9a05c6a8bc26138d34e87b39e6a815603bc2a66c upstream.
+
+It can be folded into z_erofs_onlinepage_endio() to simplify the code.
+
+Reviewed-by: Yue Hu <huyue2@coolpad.com>
+Reviewed-by: Chao Yu <chao@kernel.org>
+Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
+Link: https://lore.kernel.org/r/20230817082813.81180-5-hsiangkao@linux.alibaba.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/erofs/zdata.c | 29 +++++++++--------------------
+ 1 file changed, 9 insertions(+), 20 deletions(-)
+
+--- a/fs/erofs/zdata.c
++++ b/fs/erofs/zdata.c
+@@ -144,22 +144,17 @@ static inline void z_erofs_onlinepage_sp
+ atomic_inc((atomic_t *)&page->private);
+ }
+
+-static inline void z_erofs_page_mark_eio(struct page *page)
++static void z_erofs_onlinepage_endio(struct page *page, int err)
+ {
+- int orig;
++ int orig, v;
++
++ DBG_BUGON(!PagePrivate(page));
+
+ do {
+ orig = atomic_read((atomic_t *)&page->private);
+- } while (atomic_cmpxchg((atomic_t *)&page->private, orig,
+- orig | Z_EROFS_PAGE_EIO) != orig);
+-}
+-
+-static inline void z_erofs_onlinepage_endio(struct page *page)
+-{
+- unsigned int v;
++ v = (orig - 1) | (err ? Z_EROFS_PAGE_EIO : 0);
++ } while (atomic_cmpxchg((atomic_t *)&page->private, orig, v) != orig);
+
+- DBG_BUGON(!PagePrivate(page));
+- v = atomic_dec_return((atomic_t *)&page->private);
+ if (!(v & ~Z_EROFS_PAGE_EIO)) {
+ set_page_private(page, 0);
+ ClearPagePrivate(page);
+@@ -930,9 +925,7 @@ next_part:
+ goto repeat;
+
+ out:
+- if (err)
+- z_erofs_page_mark_eio(page);
+- z_erofs_onlinepage_endio(page);
++ z_erofs_onlinepage_endio(page, err);
+ return err;
+ }
+
+@@ -1035,9 +1028,7 @@ static void z_erofs_fill_other_copies(st
+ cur += len;
+ }
+ kunmap_local(dst);
+- if (err)
+- z_erofs_page_mark_eio(bvi->bvec.page);
+- z_erofs_onlinepage_endio(bvi->bvec.page);
++ z_erofs_onlinepage_endio(bvi->bvec.page, err);
+ list_del(p);
+ kfree(bvi);
+ }
+@@ -1205,9 +1196,7 @@ out:
+ /* recycle all individual short-lived pages */
+ if (z_erofs_put_shortlivedpage(be->pagepool, page))
+ continue;
+- if (err)
+- z_erofs_page_mark_eio(page);
+- z_erofs_onlinepage_endio(page);
++ z_erofs_onlinepage_endio(page, err);
+ }
+
+ if (be->decompressed_pages != be->onstack_pages)
--- /dev/null
+From stable+bounces-163683-greg=kroah.com@vger.kernel.org Tue Jul 22 12:04:24 2025
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+Date: Tue, 22 Jul 2025 18:00:25 +0800
+Subject: erofs: get rid of debug_one_dentry()
+To: stable@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Jan Kiszka <jan.kiszka@siemens.com>, Stefan Kerkmann <s.kerkmann@pengutronix.de>
+Cc: linux-erofs@lists.ozlabs.org, LKML <linux-kernel@vger.kernel.org>, Gao Xiang <hsiangkao@linux.alibaba.com>, Yue Hu <huyue2@coolpad.com>, Jingbo Xu <jefflexu@linux.alibaba.com>, Chao Yu <chao@kernel.org>
+Message-ID: <20250722100029.3052177-2-hsiangkao@linux.alibaba.com>
+
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+
+commit e324eaa9790614577c93e819651e0a83963dac79 upstream.
+
+Since erofsdump is available, no need to keep this debugging
+functionality at all.
+
+Also drop a useless comment since it's the VFS behavior.
+
+Link: https://lore.kernel.org/r/20230114125746.399253-1-xiang@kernel.org
+Reviewed-by: Yue Hu <huyue2@coolpad.com>
+Reviewed-by: Jingbo Xu <jefflexu@linux.alibaba.com>
+Reviewed-by: Chao Yu <chao@kernel.org>
+Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/erofs/dir.c | 17 -----------------
+ 1 file changed, 17 deletions(-)
+
+--- a/fs/erofs/dir.c
++++ b/fs/erofs/dir.c
+@@ -6,21 +6,6 @@
+ */
+ #include "internal.h"
+
+-static void debug_one_dentry(unsigned char d_type, const char *de_name,
+- unsigned int de_namelen)
+-{
+-#ifdef CONFIG_EROFS_FS_DEBUG
+- /* since the on-disk name could not have the trailing '\0' */
+- unsigned char dbg_namebuf[EROFS_NAME_LEN + 1];
+-
+- memcpy(dbg_namebuf, de_name, de_namelen);
+- dbg_namebuf[de_namelen] = '\0';
+-
+- erofs_dbg("found dirent %s de_len %u d_type %d", dbg_namebuf,
+- de_namelen, d_type);
+-#endif
+-}
+-
+ static int erofs_fill_dentries(struct inode *dir, struct dir_context *ctx,
+ void *dentry_blk, struct erofs_dirent *de,
+ unsigned int nameoff, unsigned int maxsize)
+@@ -52,10 +37,8 @@ static int erofs_fill_dentries(struct in
+ return -EFSCORRUPTED;
+ }
+
+- debug_one_dentry(d_type, de_name, de_namelen);
+ if (!dir_emit(ctx, de_name, de_namelen,
+ le64_to_cpu(de->nid), d_type))
+- /* stopped by some reason */
+ return 1;
+ ++de;
+ ctx->pos += sizeof(struct erofs_dirent);
--- /dev/null
+From stable+bounces-163684-greg=kroah.com@vger.kernel.org Tue Jul 22 12:04:46 2025
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+Date: Tue, 22 Jul 2025 18:00:28 +0800
+Subject: erofs: simplify z_erofs_transform_plain()
+To: stable@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Jan Kiszka <jan.kiszka@siemens.com>, Stefan Kerkmann <s.kerkmann@pengutronix.de>
+Cc: linux-erofs@lists.ozlabs.org, LKML <linux-kernel@vger.kernel.org>, Gao Xiang <hsiangkao@linux.alibaba.com>, Yue Hu <huyue2@coolpad.com>, Chao Yu <chao@kernel.org>
+Message-ID: <20250722100029.3052177-5-hsiangkao@linux.alibaba.com>
+
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+
+commit c5539762f32e97c5e16215fa1336e32095b8b0fd upstream.
+
+Use memcpy_to_page() instead of open-coding them.
+
+In addition, add a missing flush_dcache_page() even though almost all
+modern architectures clear `PG_dcache_clean` flag for new file cache
+pages so that it doesn't change anything in practice.
+
+Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
+Reviewed-by: Yue Hu <huyue2@coolpad.com>
+Reviewed-by: Chao Yu <chao@kernel.org>
+Link: https://lore.kernel.org/r/20230627161240.331-2-hsiangkao@linux.alibaba.com
+Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/erofs/decompressor.c | 19 ++++++++-----------
+ 1 file changed, 8 insertions(+), 11 deletions(-)
+
+--- a/fs/erofs/decompressor.c
++++ b/fs/erofs/decompressor.c
+@@ -323,7 +323,7 @@ static int z_erofs_transform_plain(struc
+ const unsigned int lefthalf = rq->outputsize - righthalf;
+ const unsigned int interlaced_offset =
+ rq->alg == Z_EROFS_COMPRESSION_SHIFTED ? 0 : rq->pageofs_out;
+- unsigned char *src, *dst;
++ u8 *src;
+
+ if (outpages > 2 && rq->alg == Z_EROFS_COMPRESSION_SHIFTED) {
+ DBG_BUGON(1);
+@@ -336,22 +336,19 @@ static int z_erofs_transform_plain(struc
+ }
+
+ src = kmap_local_page(rq->in[inpages - 1]) + rq->pageofs_in;
+- if (rq->out[0]) {
+- dst = kmap_local_page(rq->out[0]);
+- memcpy(dst + rq->pageofs_out, src + interlaced_offset,
+- righthalf);
+- kunmap_local(dst);
+- }
++ if (rq->out[0])
++ memcpy_to_page(rq->out[0], rq->pageofs_out,
++ src + interlaced_offset, righthalf);
+
+ if (outpages > inpages) {
+ DBG_BUGON(!rq->out[outpages - 1]);
+ if (rq->out[outpages - 1] != rq->in[inpages - 1]) {
+- dst = kmap_local_page(rq->out[outpages - 1]);
+- memcpy(dst, interlaced_offset ? src :
+- (src + righthalf), lefthalf);
+- kunmap_local(dst);
++ memcpy_to_page(rq->out[outpages - 1], 0, src +
++ (interlaced_offset ? 0 : righthalf),
++ lefthalf);
+ } else if (!interlaced_offset) {
+ memmove(src, src + righthalf, lefthalf);
++ flush_dcache_page(rq->in[inpages - 1]);
+ }
+ }
+ kunmap_local(src);
--- /dev/null
+From hsiangkao@linux.alibaba.com Tue Jul 22 12:00:54 2025
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+Date: Tue, 22 Jul 2025 18:00:26 +0800
+Subject: erofs: sunset erofs_dbg()
+To: stable@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Jan Kiszka <jan.kiszka@siemens.com>, Stefan Kerkmann <s.kerkmann@pengutronix.de>
+Cc: linux-erofs@lists.ozlabs.org, LKML <linux-kernel@vger.kernel.org>, Gao Xiang <hsiangkao@linux.alibaba.com>, Chao Yu <chao@kernel.org>
+Message-ID: <20250722100029.3052177-3-hsiangkao@linux.alibaba.com>
+
+From: Gao Xiang <hsiangkao@linux.alibaba.com>
+
+commit 10656f9ca60ed85f4cfc06bcbe1f240ee310fa8c upstream.
+
+Such debug messages are rarely used now. Let's get rid of these,
+and revert locally if they are needed for debugging.
+
+Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
+Reviewed-by: Chao Yu <chao@kernel.org>
+Link: https://lore.kernel.org/r/20230414083027.12307-1-hsiangkao@linux.alibaba.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/erofs/inode.c | 3 ---
+ fs/erofs/internal.h | 2 --
+ fs/erofs/namei.c | 9 +++------
+ fs/erofs/zdata.c | 5 -----
+ fs/erofs/zmap.c | 3 ---
+ 5 files changed, 3 insertions(+), 19 deletions(-)
+
+--- a/fs/erofs/inode.c
++++ b/fs/erofs/inode.c
+@@ -26,9 +26,6 @@ static void *erofs_read_inode(struct ero
+ blkaddr = erofs_blknr(sb, inode_loc);
+ *ofs = erofs_blkoff(sb, inode_loc);
+
+- erofs_dbg("%s, reading inode nid %llu at %u of blkaddr %u",
+- __func__, vi->nid, *ofs, blkaddr);
+-
+ kaddr = erofs_read_metabuf(buf, sb, blkaddr, EROFS_KMAP);
+ if (IS_ERR(kaddr)) {
+ erofs_err(sb, "failed to get inode (nid: %llu) page, err %ld",
+--- a/fs/erofs/internal.h
++++ b/fs/erofs/internal.h
+@@ -32,10 +32,8 @@ __printf(3, 4) void _erofs_info(struct s
+ #define erofs_info(sb, fmt, ...) \
+ _erofs_info(sb, __func__, fmt "\n", ##__VA_ARGS__)
+ #ifdef CONFIG_EROFS_FS_DEBUG
+-#define erofs_dbg(x, ...) pr_debug(x "\n", ##__VA_ARGS__)
+ #define DBG_BUGON BUG_ON
+ #else
+-#define erofs_dbg(x, ...) ((void)0)
+ #define DBG_BUGON(x) ((void)(x))
+ #endif /* !CONFIG_EROFS_FS_DEBUG */
+
+--- a/fs/erofs/namei.c
++++ b/fs/erofs/namei.c
+@@ -203,16 +203,13 @@ static struct dentry *erofs_lookup(struc
+
+ err = erofs_namei(dir, &dentry->d_name, &nid, &d_type);
+
+- if (err == -ENOENT) {
++ if (err == -ENOENT)
+ /* negative dentry */
+ inode = NULL;
+- } else if (err) {
++ else if (err)
+ inode = ERR_PTR(err);
+- } else {
+- erofs_dbg("%s, %pd (nid %llu) found, d_type %u", __func__,
+- dentry, nid, d_type);
++ else
+ inode = erofs_iget(dir->i_sb, nid);
+- }
+ return d_splice_alias(inode, dentry);
+ }
+
+--- a/fs/erofs/zdata.c
++++ b/fs/erofs/zdata.c
+@@ -818,8 +818,6 @@ repeat:
+
+ if (offset + cur < map->m_la ||
+ offset + cur >= map->m_la + map->m_llen) {
+- erofs_dbg("out-of-range map @ pos %llu", offset + cur);
+-
+ if (z_erofs_collector_end(fe))
+ fe->backmost = false;
+ map->m_la = offset + cur;
+@@ -935,9 +933,6 @@ out:
+ if (err)
+ z_erofs_page_mark_eio(page);
+ z_erofs_onlinepage_endio(page);
+-
+- erofs_dbg("%s, finish page: %pK spiltted: %u map->m_llen %llu",
+- __func__, page, spiltted, map->m_llen);
+ return err;
+ }
+
+--- a/fs/erofs/zmap.c
++++ b/fs/erofs/zmap.c
+@@ -603,9 +603,6 @@ static int z_erofs_do_map_blocks(struct
+
+ unmap_out:
+ erofs_unmap_metabuf(&m.map->buf);
+- erofs_dbg("%s, m_la %llu m_pa %llu m_llen %llu m_plen %llu m_flags 0%o",
+- __func__, map->m_la, map->m_pa,
+- map->m_llen, map->m_plen, map->m_flags);
+ return err;
+ }
+
--- /dev/null
+From f1897f2f08b28ae59476d8b73374b08f856973af Mon Sep 17 00:00:00 2001
+From: Liu Shixin <liushixin2@huawei.com>
+Date: Sat, 11 Jan 2025 11:45:11 +0800
+Subject: mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma
+
+From: Liu Shixin <liushixin2@huawei.com>
+
+commit f1897f2f08b28ae59476d8b73374b08f856973af upstream.
+
+syzkaller reported such a BUG_ON():
+
+ ------------[ cut here ]------------
+ kernel BUG at mm/khugepaged.c:1835!
+ Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
+ ...
+ CPU: 6 UID: 0 PID: 8009 Comm: syz.15.106 Kdump: loaded Tainted: G W 6.13.0-rc6 #22
+ Tainted: [W]=WARN
+ Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
+ pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : collapse_file+0xa44/0x1400
+ lr : collapse_file+0x88/0x1400
+ sp : ffff80008afe3a60
+ ...
+ Call trace:
+ collapse_file+0xa44/0x1400 (P)
+ hpage_collapse_scan_file+0x278/0x400
+ madvise_collapse+0x1bc/0x678
+ madvise_vma_behavior+0x32c/0x448
+ madvise_walk_vmas.constprop.0+0xbc/0x140
+ do_madvise.part.0+0xdc/0x2c8
+ __arm64_sys_madvise+0x68/0x88
+ invoke_syscall+0x50/0x120
+ el0_svc_common.constprop.0+0xc8/0xf0
+ do_el0_svc+0x24/0x38
+ el0_svc+0x34/0x128
+ el0t_64_sync_handler+0xc8/0xd0
+ el0t_64_sync+0x190/0x198
+
+This indicates that the pgoff is unaligned. After analysis, I confirm the
+vma is mapped to /dev/zero. Such a vma certainly has vm_file, but it is
+set to anonymous by mmap_zero(). So even if it's mmapped by 2m-unaligned,
+it can pass the check in thp_vma_allowable_order() as it is an
+anonymous-mmap, but then be collapsed as a file-mmap.
+
+It seems the problem has existed for a long time, but actually, since we
+have khugepaged_max_ptes_none check before, we will skip collapse it as it
+is /dev/zero and so has no present page. But commit d8ea7cc8547c limit
+the check for only khugepaged, so the BUG_ON() can be triggered by
+madvise_collapse().
+
+Add vma_is_anonymous() check to make such vma be processed by
+hpage_collapse_scan_pmd().
+
+Link: https://lkml.kernel.org/r/20250111034511.2223353-1-liushixin2@huawei.com
+Fixes: d8ea7cc8547c ("mm/khugepaged: add flag to predicate khugepaged-only behavior")
+Signed-off-by: Liu Shixin <liushixin2@huawei.com>
+Reviewed-by: Yang Shi <yang@os.amperecomputing.com>
+Acked-by: David Hildenbrand <david@redhat.com>
+Cc: Chengming Zhou <chengming.zhou@linux.dev>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
+Cc: Mattew Wilcox <willy@infradead.org>
+Cc: Muchun Song <muchun.song@linux.dev>
+Cc: Nanyong Sun <sunnanyong@huawei.com>
+Cc: Qi Zheng <zhengqi.arch@bytedance.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+[acsjakub: backport, clean apply]
+Signed-off-by: Jakub Acs <acsjakub@amazon.de>
+Cc: linux-mm@kvack.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/khugepaged.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/mm/khugepaged.c
++++ b/mm/khugepaged.c
+@@ -2345,7 +2345,7 @@ skip:
+ VM_BUG_ON(khugepaged_scan.address < hstart ||
+ khugepaged_scan.address + HPAGE_PMD_SIZE >
+ hend);
+- if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) {
++ if (IS_ENABLED(CONFIG_SHMEM) && !vma_is_anonymous(vma)) {
+ struct file *file = get_file(vma->vm_file);
+ pgoff_t pgoff = linear_page_index(vma,
+ khugepaged_scan.address);
+@@ -2694,7 +2694,7 @@ int madvise_collapse(struct vm_area_stru
+ mmap_assert_locked(mm);
+ memset(cc->node_load, 0, sizeof(cc->node_load));
+ nodes_clear(cc->alloc_nmask);
+- if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) {
++ if (IS_ENABLED(CONFIG_SHMEM) && !vma_is_anonymous(vma)) {
+ struct file *file = get_file(vma->vm_file);
+ pgoff_t pgoff = linear_page_index(vma, addr);
+
alsa-hda-tegra-add-tegra264-support.patch
alsa-hda-add-missing-nvidia-hda-codec-ids.patch
drm-i915-dp-fix-2.7-gbps-dp_link_bw-value-on-g4x.patch
+mm-khugepaged-fix-call-hpage_collapse_scan_file-for-anonymous-vma.patch
+erofs-get-rid-of-debug_one_dentry.patch
+erofs-sunset-erofs_dbg.patch
+erofs-drop-z_erofs_page_mark_eio.patch
+erofs-simplify-z_erofs_transform_plain.patch
+erofs-address-d-cache-aliasing.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
