From: SeongJae Park <sj@kernel.org>
To: Josh Law <objecting@objecting.org>
Cc: SeongJae Park <sj@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
damon@lists.linux.dev, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm/damon/core: document damos_commit_dests() failure semantics
Date: Thu, 19 Mar 2026 07:31:14 -0700 [thread overview]
Message-ID: <20260319143116.82849-1-sj@kernel.org> (raw)
In-Reply-To: <20260319071332.114595-1-objecting@objecting.org>
Hello Josh,
On Thu, 19 Mar 2026 07:13:32 +0000 Josh Law <objecting@objecting.org> wrote:
> Add a kernel-doc comment to damos_commit_dests() documenting its
> allocation failure contract: on -ENOMEM, the destination structure is
> left in a partially torn-down state that is safe to deallocate via
> damon_destroy_scheme(), but must not be reused for further commits.
Nice patch. We intentionally do not use kernel-doc comment for static
functions, to not encourage API document readers use the non-public functions.
We still use kernel-doc like comment for static functions, to help developers.
That is, starting the comment with '/*' instead of '/**'. Maybe 'damon_call()'
is an example.
>
> This was unclear from the code alone and led to a separate patch
> attempting to reset nr_dests on failure.
Good point. Adding a link [1] would be nice.
> Make the intended usage
> explicit so future readers do not repeat the confusion.
>
> Signed-off-by: Josh Law <objecting@objecting.org>
Other than the above trivial things,
Reviewed-by: SeongJae Park <sj@kernel.org>
I added this patch to my tree, after addressing my above comments. If you
don't mind, I will post it tomorrow as a v2, for mm.git inclusion. If you have
different opinions to my comments or you prefer to post v2 on your own, please
feel free to do so :)
> ---
> mm/damon/core.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/mm/damon/core.c b/mm/damon/core.c
> index e233eb84a2d5..c884bb31c9b8 100644
> --- a/mm/damon/core.c
> +++ b/mm/damon/core.c
> @@ -1054,6 +1054,23 @@ static void damos_set_filters_default_reject(struct damos *s)
> damos_filters_default_reject(&s->ops_filters);
> }
>
> +/**
> + * damos_commit_dests() - Copy migration destinations from @src to @dst.
> + * @dst: Destination structure to update.
> + * @src: Source structure to copy from.
> + *
> + * If the number of destinations has changed, the old arrays in @dst are freed
> + * and new ones are allocated. On success, @dst contains a full copy of
> + * @src's arrays and count.
> + *
> + * On allocation failure, @dst is left in a partially torn-down state: its
> + * arrays may be NULL and @nr_dests may not reflect the actual allocation
> + * sizes. The structure remains safe to deallocate via damon_destroy_scheme(),
> + * but callers must not reuse @dst for further commits — it should be
> + * discarded.
> + *
> + * Return: 0 on success, -ENOMEM on allocation failure.
> + */
> static int damos_commit_dests(struct damos_migrate_dests *dst,
> struct damos_migrate_dests *src)
> {
> --
> 2.34.1
And Sashiko comment [2]. TL; DR: Good finding. We aware the issue and working
on the fix. Nonetheless, that's out of the scope of this patch.
: Does leaving dst in a torn-down state cause a NULL pointer dereference in
: the background kdamond thread?
:
: If damon_commit_ctx() fails during damos_commit_dests(), the sysfs update
: aborts. However, the broken scheme remains active in kdamond->damon_ctx
: because damon_commit_schemes() does not remove or destroy dst_scheme on
: error.
:
: When the background thread calls kdamond_apply_schemes() and invokes
: damos_va_migrate_dests_add(), it iterates based on the unmodified nr_dests:
:
: for (i = 0; i < dests->nr_dests; i++)
: weight_total += dests->weight_arr[i];
:
: Since weight_arr is NULL but nr_dests retains its old non-zero value, will
: this unconditionally dereference the NULL pointer? It appears the previous
: patch attempting to reset nr_dests on failure might be necessary to prevent
: this crash.
Nice catch. We actually figured out [3] this issue from the discussion on
Josh's previous patch that motivated this one. And I'm working on it. Because
the issue is arguably orthogonal to this patch, I think this patch is good to
go.
[1] https://lore.kernel.org/20260318214939.36100-1-objecting@objecting.org
[2] review url: https://sashiko.dev/#/patchset/20260319071332.114595-1-objecting@objecting.org
[3] https://lore.kernel.org/20260319043309.97966-1-sj@kernel.org
Thanks,
SJ
[...]
next prev parent reply other threads:[~2026-03-19 14:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-19 7:13 [PATCH] mm/damon/core: document damos_commit_dests() failure semantics Josh Law
2026-03-19 14:31 ` SeongJae Park [this message]
2026-03-19 15:24 ` SeongJae Park
2026-03-19 15:26 ` Josh Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260319143116.82849-1-sj@kernel.org \
--to=sj@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=damon@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=objecting@objecting.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.