From: SeongJae Park <sj@kernel.org>
To: SeongJae Park <sj@kernel.org>
Cc: sashiko-bot@kernel.org, damon@lists.linux.dev
Subject: Re: [RFC PATCH v1.2 01/14] mm/damon/core: safely handle no region case in damon_set_regions()
Date: Wed, 10 Jun 2026 22:01:42 -0700 [thread overview]
Message-ID: <20260611050142.62825-1-sj@kernel.org> (raw)
In-Reply-To: <20260522021642.87089-1-sj@kernel.org>
On Thu, 21 May 2026 19:16:42 -0700 SeongJae Park <sj@kernel.org> wrote:
> On Thu, 21 May 2026 15:19:28 +0000 sashiko-bot@kernel.org wrote:
>
> > Thank you for your contribution! Sashiko AI review found 4 potential issue(s) to consider:
> >
> > Pre-existing issues:
> > - [Critical] The ALIGN() macro can overflow when processing malicious or overly large user-provided region 'end' values, creating invalid regions where start > end.
> > - [High] min_region_sz can be a non-power-of-2 value, which corrupts region boundary calculations when passed to ALIGN() and ALIGN_DOWN().
> > - [High] Userspace can maliciously trigger a kernel warning (WARN_ONCE) by providing a region where start == end via sysfs.
> > - [High] A memory allocation failure during region creation results in a partial state update without a rollback, potentially leaving the running DAMON context corrupted.
>
> No one is caused by this patch, so no blocker for this patch.
>
> The last finding seems worthy to separately work for. I will work on it.
>
> Please read below for more details.
>
> > --
> >
> > commit fa588352eaf7b151171cca8c2acb0bb710a71c75
> > Author: SeongJae Park <sj@kernel.org>
> >
> > mm/damon/core: safely handle no region case in damon_set_regions()
> >
> > This commit refactors damon_set_regions() to explicitly handle the empty
> > region list case without depending on the internal implementation of
> > list_first_entry().
> >
> > > diff --git a/mm/damon/core.c b/mm/damon/core.c
> > > index 4e223857a0f99..d0bdf6e01dff8 100644
> > > --- a/mm/damon/core.c
> > > +++ b/mm/damon/core.c
> > > @@ -356,6 +356,19 @@ int damon_set_regions(struct damon_target *t, struct damon_addr_range *ranges,
[...]
> > > + if (!r)
> > > + return -ENOMEM;
> >
> > [Severity: High]
> > This is a pre-existing issue, but does this allocation failure leave the
> > DAMON context in a corrupted state?
> >
> > If damon_new_region() returns NULL due to memory pressure, the function
> > immediately returns -ENOMEM without rolling back the regions that were
> > already removed or added in the previous loop.
> >
> > Could this leave the running kdamond thread with a partially modified list
> > of regions?
>
> Yes, and the caller should do damon_destroy_ctx() of the ctx. And DAMON_SYSFS
> does that, while vaddr doesn't. I will work on this.
Hmm, but the vaddr's damon_set_regions() calls are only for the automated
mapping detection based monitoring target address rangs setup. In the mode,
the monitoring target address ranges setup is only the best effort, and
continuously retried for every operation set update interval. Hence, ignoring
the error is actually intentional and fine. So this is not a real issue and
therefore no fix is needed.
Let me know if I'm missing something, though.
Thanks,
SJ
[...]
next prev parent reply other threads:[~2026-06-11 5:01 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 14:34 [RFC PATCH v1.2 00/14] mm/damon: minor improvements for code readability and tests SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 01/14] mm/damon/core: safely handle no region case in damon_set_regions() SeongJae Park
2026-05-21 15:19 ` sashiko-bot
2026-05-22 2:16 ` SeongJae Park
2026-06-11 5:01 ` SeongJae Park [this message]
2026-05-21 14:34 ` [RFC PATCH v1.2 02/14] mm/damon/core: do not use region out of a loop " SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 03/14] samples/damon/mtier: replace damon_add_region() with damon_set_regions() SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 04/14] mm/damon/tests/vaddr-kunit: " SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 05/14] mm/damon/core: hide damon_add_region() SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 06/14] mm/damon/core: hide damon_insert_region() SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 07/14] mm/damon/core: hide damon_destroy_region() SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 08/14] mm/damon/core: add kdamond_call() debug_sanity check SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 09/14] mm/damon/core: remove damon_verify_nr_regions() SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 10/14] mm/damon/tests/core-kunit: add damon_set_regions() test cases SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 11/14] selftests/damon/sysfs.py: stop kdamonds before failing SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 12/14] selftests/damon/sysfs.sh: test monitoring intervals goal dir SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 13/14] selftests/damon/sysfs.sh: test addr_unit file existence SeongJae Park
2026-05-21 14:34 ` [RFC PATCH v1.2 14/14] selftests/damon/sysfs.sh: test pause " SeongJae Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260611050142.62825-1-sj@kernel.org \
--to=sj@kernel.org \
--cc=damon@lists.linux.dev \
--cc=sashiko-bot@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.