From: sashiko-bot@kernel.org
To: "Liew Rui Yan" <aethernet65535@gmail.com>
Cc: damon@lists.linux.dev
Subject: Re: [PATCH v5 1/2] mm/damon/lru_sort: validate min_region_size to be power of 2
Date: Fri, 01 May 2026 02:16:43 +0000 [thread overview]
Message-ID: <20260501021643.9CBAFC2BCB3@smtp.kernel.org> (raw)
In-Reply-To: <20260501013750.71704-2-aethernet65535@gmail.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] A Time-of-Check to Time-of-Use (TOCTOU) race condition exists between the validation of `damon_lru_sort_mon_attrs.sample_interval` and its subsequent use, leading to a division-by-zero kernel panic.
--
commit 27c4642b5b420a4c1731c9385273b591e05b5b4c
Author: Liew Rui Yan <aethernet65535@gmail.com>
mm/damon/lru_sort: validate min_region_size to be power of 2
This commit adds early validation for the min_region_sz parameter to ensure
it is a power of 2. It prevents kdamond from incorrectly terminating with
the maybe_corrupted flag when a user simply sets an invalid addr_unit.
> diff --git a/mm/damon/lru_sort.c b/mm/damon/lru_sort.c
> index 2eb559d913b62..eca88ed941b32 100644
> --- a/mm/damon/lru_sort.c
> +++ b/mm/damon/lru_sort.c
> @@ -286,6 +286,11 @@ static int damon_lru_sort_apply_parameters(void)
> param_ctx->addr_unit = addr_unit;
> param_ctx->min_region_sz = max(DAMON_MIN_REGION_SZ / addr_unit, 1);
>
> + if (!is_power_of_2(param_ctx->min_region_sz)) {
> + err = -EINVAL;
> + goto out;
> + }
> +
> if (!damon_lru_sort_mon_attrs.sample_interval) {
This isn't a regression introduced by this patch, but can a time-of-check
to time-of-use (TOCTOU) race condition happen here?
Because damon_lru_sort_mon_attrs is exposed as a module parameter, it can
be modified concurrently. If a user concurrently writes 0 to sample_interval
immediately after this check passes, the local attrs struct would copy the
new zero value:
attrs = damon_lru_sort_mon_attrs;
Later in the function, damon_max_nr_accesses(&attrs) evaluates
attrs.aggr_interval / attrs.sample_interval. Since sample_interval would
be 0, could this trigger a divide-by-zero exception?
> err = -EINVAL;
> goto out;
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260501013750.71704-1-aethernet65535@gmail.com?part=1
next prev parent reply other threads:[~2026-05-01 2:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-01 1:37 [PATCH v5 0/2] mm/damon: validate min_region_size to be power of 2 Liew Rui Yan
2026-05-01 1:37 ` [PATCH v5 1/2] mm/damon/lru_sort: " Liew Rui Yan
2026-05-01 2:16 ` sashiko-bot [this message]
2026-05-02 1:50 ` SeongJae Park
2026-05-02 1:51 ` SeongJae Park
2026-05-01 1:37 ` [PATCH v5 2/2] mm/damon/reclaim: " Liew Rui Yan
2026-05-02 1:52 ` SeongJae Park
2026-05-12 3:36 ` [PATCH v5 0/2] mm/damon: " SeongJae Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260501021643.9CBAFC2BCB3@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=aethernet65535@gmail.com \
--cc=damon@lists.linux.dev \
--cc=sashiko@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.