From 024a62fb322957b945a2d690fb3e39da983904c0 Mon Sep 17 00:00:00 2001
From: Jiangtian Feng <jiangtianf97@163.com>
Date: Mon, 1 Jun 2026 20:27:51 +0800
Subject: [PATCH] anolis: mm: readahead: fix potential max_order overflow in
 select_new_order

ANBZ: #36706

In page_cache_ra_order(), ilog2(ra->size) is passed as the max_order to
select_new_order(). When ra->size is 0, ilog2() returns -1 (or
UINT_MAX depending on the implementation), which causes:

  orders &= BIT(max_order + 1) - 1;

to evaluate BIT(0) - 1 = 0, zeroing orders and triggering the
VM_WARN_ON(!orders) immediately below.

Clamp max_order to [0, MAX_PAGECACHE_ORDER] before use, falling back
to min(old_order, MAX_PAGECACHE_ORDER) when out of range. This is the
6.6 equivalent of the fix in commit 93f8daa4cae2 ("anolis: mm:
readahead: fix potential max_order overflow") on devel-7.0.

Fixes: d5282eb85aa0 ("mm: mTHP user controls to configure pagecache large folio sizes")
Signed-off-by: Jiangtian Feng <jiangtianf97@163.com>
---
 mm/readahead.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mm/readahead.c b/mm/readahead.c
index 3ee6de8b33a6..e8f5637c8a44 100644
--- a/mm/readahead.c
+++ b/mm/readahead.c
@@ -511,6 +511,9 @@ static int select_new_order(int old_order, int max_order, unsigned long orders)
 	 * behaviour is intended to allow ramping up to large folios quickly.
 	 */
 
+	if (max_order < 0 || max_order > MAX_PAGECACHE_ORDER)
+		max_order = min(old_order, MAX_PAGECACHE_ORDER);
+
 	orders &= BIT(max_order + 1) - 1;
 	VM_WARN_ON(!orders);
 	hi_orders = orders & ~(BIT(old_order + 1) - 1);
-- 
Gitee