From: Josh Law <objecting@objecting.org>
To: sj@kernel.org, akpm@linux-foundation.org
Cc: damon@lists.linux.dev, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, Josh Law <objecting@objecting.org>
Subject: [PATCH 3/4] mm/damon/sysfs: check contexts->nr in update_schemes_tried_regions
Date: Thu, 19 Mar 2026 15:57:41 +0000 [thread overview]
Message-ID: <20260319155742.186627-4-objecting@objecting.org> (raw)
In-Reply-To: <20260319155742.186627-1-objecting@objecting.org>
damon_sysfs_update_schemes_tried_regions() and its callback
damon_sysfs_schemes_tried_regions_upd_one() access contexts_arr[0]
without verifying nr_contexts >= 1. This can NULL deref if damon_ctx is
non-NULL (preserved after stop) but nr_contexts has been set to 0. Add
the missing check.
Signed-off-by: Josh Law <objecting@objecting.org>
---
mm/damon/sysfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mm/damon/sysfs.c b/mm/damon/sysfs.c
index 36ad2e8956c9..ddcdc4e35b27 100644
--- a/mm/damon/sysfs.c
+++ b/mm/damon/sysfs.c
@@ -1731,6 +1731,8 @@ static int damon_sysfs_update_schemes_tried_regions(
if (!ctx)
return -EINVAL;
+ if (sysfs_kdamond->contexts->nr != 1)
+ return -EINVAL;
damon_sysfs_schemes_clear_regions(
sysfs_kdamond->contexts->contexts_arr[0]->schemes);
--
2.34.1
next prev parent reply other threads:[~2026-03-19 15:57 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-19 15:57 [PATCH 0/4] mm/damon/sysfs: fix resource leak and NULL pointer dereferences Josh Law
2026-03-19 15:57 ` [PATCH 1/4] mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure Josh Law
2026-03-20 2:00 ` SeongJae Park
2026-03-19 15:57 ` [PATCH 2/4] mm/damon/sysfs: check contexts->nr before clear_schemes_tried_regions Josh Law
2026-03-20 2:13 ` SeongJae Park
2026-03-20 7:06 ` Josh Law
2026-03-20 14:47 ` SeongJae Park
2026-03-20 15:14 ` Josh Law
2026-03-20 15:51 ` SeongJae Park
2026-03-20 15:56 ` Josh Law
2026-03-19 15:57 ` Josh Law [this message]
2026-03-20 2:15 ` [PATCH 3/4] mm/damon/sysfs: check contexts->nr in update_schemes_tried_regions SeongJae Park
2026-03-19 15:57 ` [PATCH 4/4] mm/damon/sysfs: check contexts->nr in repeat_call_fn Josh Law
2026-03-20 2:06 ` SeongJae Park
2026-03-19 19:24 ` [PATCH 0/4] mm/damon/sysfs: fix resource leak and NULL pointer dereferences Josh Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260319155742.186627-4-objecting@objecting.org \
--to=objecting@objecting.org \
--cc=akpm@linux-foundation.org \
--cc=damon@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=sj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.