From: sashiko-bot@kernel.org
To: "SeongJae Park" <sj@kernel.org>
Cc: damon@lists.linux.dev
Subject: Re: [RFC PATCH v1.1 02/14] mm/damon/core: do not use region out of a loop in damon_set_regions()
Date: Thu, 21 May 2026 04:19:49 +0000 [thread overview]
Message-ID: <20260521041949.9E5AF1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260521035349.87565-3-sj@kernel.org>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [High] Integer overflow in ALIGN() can result in region with ar.end = 0
--
commit d65dcd33c6063ed27bd90da3803c482628ebbc88
Author: SeongJae Park <sj@kernel.org>
mm/damon/core: do not use region out of a loop in damon_set_regions()
This commit cleans up damon_set_regions() to explicitly track if a region
should be inserted before another, avoiding reliance on undocumented
iterator behavior. No behavioral changes are intended.
> diff --git a/mm/damon/core.c b/mm/damon/core.c
> index d0bdf6e01dff8..669fd13776ea2 100644
> --- a/mm/damon/core.c
> +++ b/mm/damon/core.c
[ ... ]
> @@ -394,7 +397,11 @@ int damon_set_regions(struct damon_target *t, struct damon_addr_range *ranges,
> ALIGN(range->end, min_region_sz));
[Severity: High]
This is a pre-existing issue, but can this ALIGN() macro overflow if
userspace provides ULONG_MAX as the region end via the sysfs interface?
If range->end is ULONG_MAX and min_region_sz is 4096, the ALIGN() macro
would evaluate to 0, resulting in a region where ar.end is 0.
When damon_sz_region() subsequently calculates the size using
r->ar.end - r->ar.start, the unsigned arithmetic would underflow to a
massive size.
This could cause the while (damon_sz_region(r) > max_region_sz) loop in
damon_apply_min_nr_regions() to iterate nearly endlessly, allocating new
regions until memory is exhausted.
> if (!newr)
> return -ENOMEM;
> - damon_insert_region(newr, damon_prev_region(r), r, t);
> + if (insert_before_r)
> + damon_insert_region(newr, damon_prev_region(r),
> + r, t);
> + else
> + damon_add_region(newr, t);
> } else {
> /* resize intersecting regions to fit in this range */
> first->ar.start = ALIGN_DOWN(range->start,
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260521035349.87565-1-sj@kernel.org?part=2
next prev parent reply other threads:[~2026-05-21 4:19 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 3:53 [RFC PATCH v1.1 00/14] mm/damon: minor improvements for code readability and tests SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 01/14] mm/damon/core: safely handle no region case in damon_set_regions() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 02/14] mm/damon/core: do not use region out of a loop " SeongJae Park
2026-05-21 4:19 ` sashiko-bot [this message]
2026-05-21 6:05 ` SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 03/14] samples/damon/mtier: replace damon_add_region() with damon_set_regions() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 04/14] mm/damon/tests/vaddr-kunit: " SeongJae Park
2026-05-21 4:05 ` sashiko-bot
2026-05-21 5:24 ` SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 05/14] mm/damon/core: hide damon_add_region() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 06/14] mm/damon/core: hide damon_insert_region() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 07/14] mm/damon/core: hide damon_destroy_region() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 08/14] mm/damon/core: add kdamond_call() debug_sanity check SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 09/14] mm/damon/core: remove damon_verify_nr_regions() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 10/14] mm/damon/tests/core-kunit: add damon_set_regions() test cases SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 11/14] selftests/damon/sysfs.py: stop kdamonds before failing SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 12/14] selftests/damon/sysfs.sh: test monitoring intervals goal dir SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 13/14] selftests/damon/sysfs.sh: test addr_unit file existence SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 14/14] selftests/damon/sysfs.sh: test pause " SeongJae Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260521041949.9E5AF1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=damon@lists.linux.dev \
--cc=sashiko-reviews@lists.linux.dev \
--cc=sj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.