From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-173.mta0.migadu.com (out-173.mta0.migadu.com [91.218.175.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 284023A63EB for ; Wed, 25 Mar 2026 14:13:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774448034; cv=none; b=hrq1+04jOYwoQulL/NgzwrRzvWfduq7Lz3f901i6N/DFRXOK2TN8+VceBwCoP0t8b0raTHEbQdfdE5QDPOmLBUT9A/WVtf6wYNyxS7ABGt+H3RRI5IU6PAAznr3GVDskA48HDecNgRif+O70EMkalWf7EKL/26u6m8ZnALWLm54= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774448034; c=relaxed/simple; bh=lYU+lY1hdVqWybtpdT5nDjoT1+K28DUzI6lOr9VCKBA=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=Ct2zJP1l5eaio94wSC064bq9DH1g4kuukKaYryYbnHtqHLa9TSYq/y5QstnfGiO4igIOeBxEIDzCd4Vcyajqy5RVXkXM7eESacb+FvP1lw19BJ4DsQ/A9JPuyKbOqLJ2Ds7bw/3G1XCbSPtRKziv1jTV/DLBMda0+ib9RTVekxg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=vpHIGM3v; arc=none smtp.client-ip=91.218.175.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="vpHIGM3v" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1774448031; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=saGG4Qei2/D9ljTHLKXPOXlFFn9u3Nykrh8s/nvHDvM=; b=vpHIGM3vD8Cj3t5gomLzRm9u+inuYL6O4YHakNxqmTlftLBTERNxXAYsa+cUz1OpMc9H0Q NXMTAcwx2RZSNoo9lFWrxv9lHTdCx1dH2NhQTcKQIMLEkLTzI7ZgLQSZ1A0DzgNaXS9N+x bat6cR4ITfGma3axr7DekT55xNXc/Sc= From: Qi Zheng To: hannes@cmpxchg.org, hughd@google.com, mhocko@suse.com, roman.gushchin@linux.dev, shakeel.butt@linux.dev, muchun.song@linux.dev, david@kernel.org, ljs@kernel.org, ziy@nvidia.com, harry.yoo@oracle.com, yosry.ahmed@linux.dev, imran.f.khan@oracle.com, kamalesh.babulal@oracle.com, axelrasmussen@google.com, yuanchu@google.com, weixugc@google.com, chenridong@huaweicloud.com, mkoutny@suse.com, akpm@linux-foundation.org, hamzamahfooz@linux.microsoft.com, apais@linux.microsoft.com, lance.yang@linux.dev, bhe@redhat.com, usamaarif642@gmail.com Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Qi Zheng Subject: [PATCH v2 0/4] fix unexpected type conversions and potential overflows Date: Wed, 25 Mar 2026 22:13:21 +0800 Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT From: Qi Zheng Hi all, As Harry Yoo pointed out [1], in scenarios where massive state updates occur (e.g., during the reparenting of LRU folios), the values passed to memcg stat update functions can accumulate and exceed the upper limit of a 32-bit integer. If the parameter types are not large enough (like 'int') or are handled incorrectly, it can lead to severe truncation, potential overflow issues, and unexpected type conversion bugs. This series aims to address these issues by correcting the parameter types in the relevant functions, and fixing an implicit conversion bug in memcg_state_val_in_pages(). This series is based on the next-20260323. Comments and suggestions are welcome! Thanks, Qi [1]. https://lore.kernel.org/all/acDxaEgnqPI-Z4be@hyeyoo/ Qi Zheng (4): mm: memcontrol: correct the type of stats_updates to unsigned long mm: memcontrol: change val type to long in __mod_memcg_{lruvec_}state() mm: memcontrol: correct the nr_pages parameter type of mem_cgroup_update_lru_size() mm: memcontrol: fix unexpected massive positive number in memcg_state_val_in_pages() include/linux/memcontrol.h | 2 +- include/trace/events/memcg.h | 10 +++++----- mm/memcontrol.c | 37 +++++++++++++++++++----------------- 3 files changed, 26 insertions(+), 23 deletions(-) -- 2.20.1