Commit ec05f51f1e65 for kernel

commit ec05f51f1e65bce95528543eb73fda56fd201d94
Author: Uladzislau Rezki (Sony) <urezki@gmail.com>
Date:   Mon Apr 13 21:26:46 2026 +0200

    mm/vmalloc: take vmap_purge_lock in shrinker

    decay_va_pool_node() can be invoked concurrently from two paths:
    __purge_vmap_area_lazy() when pools are being purged, and the shrinker via
    vmap_node_shrink_scan().

    However, decay_va_pool_node() is not safe to run concurrently, and the
    shrinker path currently lacks serialization, leading to races and possible
    leaks.

    Protect decay_va_pool_node() by taking vmap_purge_lock in the shrinker
    path to ensure serialization with purge users.

    Link: https://lore.kernel.org/20260413192646.14683-1-urezki@gmail.com
    Fixes: 7679ba6b36db ("mm: vmalloc: add a shrinker to drain vmap pools")
    Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
    Reviewed-by: Baoquan He <baoquan.he@linux.dev>
    Cc: chenyichong <chenyichong@uniontech.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 61caa55a4402..676851d5cfe7 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -5416,6 +5416,7 @@ vmap_node_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
 {
 	struct vmap_node *vn;

+	guard(mutex)(&vmap_purge_lock);
 	for_each_vmap_node(vn)
 		decay_va_pool_node(vn, true);