From: Shivam Kalra Fix the grow-in-place check in vrealloc() to compare the requested size against the actual physical page count (vm->nr_pages) rather than the virtual area size (alloced_size, derived from get_vm_area_size()). The virtual reservation size (get_vm_area_size()) does not decrease when pages are freed during a shrink operation. Consequently, without this fix, a subsequent grow-in-place operation after a shrink would incorrectly succeed and attempt to access freed pages. Correcting this check is a prerequisite for the upcoming vrealloc() shrink functionality. Signed-off-by: Shivam Kalra --- mm/vmalloc.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 79a57955345d..133c3b0418fe 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4343,6 +4343,12 @@ void *vrealloc_node_align_noprof(const void *p, size_t size, unsigned long align if (unlikely(flags & __GFP_THISNODE) && nid != NUMA_NO_NODE && nid != page_to_nid(vmalloc_to_page(p))) goto need_realloc; + } else { + /* + * If p is NULL, vrealloc behaves exactly like vmalloc. + * Skip the shrink and in-place grow paths. + */ + goto need_realloc; } /* @@ -4361,7 +4367,7 @@ void *vrealloc_node_align_noprof(const void *p, size_t size, unsigned long align /* * We already have the bytes available in the allocation; use them. */ - if (size <= alloced_size) { + if (size <= (size_t)vm->nr_pages << PAGE_SHIFT) { /* * No need to zero memory here, as unused memory will have * already been zeroed at initial allocation time or during -- 2.43.0