In the Linux kernel, the following vulnerability has been resolved:
mm/mglru: fix div-by-zero in vmpressurecalclevel()
evictfolios() uses a second pass to reclaim folios that have gone through page writeback and become clean before it finishes the first pass, since foliorotate_reclaimable() cannot handle those folios due to the isolation.
The second pass tries to avoid potential double counting by deducting scancontrol->nrscanned. However, this can result in underflow of nrscanned, under a condition where shrinkfoliolist() does not increment nrscanned, i.e., when folio_trylock() fails.
The underflow can cause the divisor, i.e., scale=scanned+reclaimed in vmpressurecalclevel(), to become zero, resulting in the following crash:
[exception RIP: vmpressureworkfn+101] processonework at ffffffffa3313f2b
Since scancontrol->nrscanned has no established semantics, the potential double counting has minimal risks. Therefore, fix the problem by not deducting scancontrol->nrscanned in evict_folios().