* [RFC PATCH v1.1 0/2] mm/damon/sysfs-schemes: fix wrong directories put orders in error paths
@ 2026-06-17 13:55 SeongJae Park
2026-06-17 13:55 ` [RFC PATCH v1.1 1/2] mm/damon/sysfs-schemes: fix dir put orders in access_pattern_add_dirs() SeongJae Park
2026-06-17 13:55 ` [RFC PATCH v1.1 2/2] mm/damon/sysfs-schemes: put stats for scheme_add_dirs() internal error SeongJae Park
0 siblings, 2 replies; 3+ messages in thread
From: SeongJae Park @ 2026-06-17 13:55 UTC (permalink / raw)
Cc: SeongJae Park, # 5 . 18 . x, Andrew Morton, damon, linux-kernel,
linux-mm
Error paths of damon_sysfs_access_pattern_add_dirs() and
damon_sysfs_scheme_add_dirs() functions put references to directories in
wrong orders. As a result, uninitialized memory dereference and/or
memory leak can happen. Fix those.
Changes from RFC v1
- RFC v1: https://lore.kernel.org/20260617053308.83200-1-sj@kernel.org
- Add damon_sysfs_access_pattern_add_dirs() fix.
SeongJae Park (2):
mm/damon/sysfs-schemes: fix dir put orders in
access_pattern_add_dirs()
mm/damon/sysfs-schemes: put stats for scheme_add_dirs() internal error
mm/damon/sysfs-schemes.c | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
base-commit: 7590ff339c62226d7e1eeff03918b8d27eff0872
--
2.47.3
^ permalink raw reply [flat|nested] 3+ messages in thread
* [RFC PATCH v1.1 1/2] mm/damon/sysfs-schemes: fix dir put orders in access_pattern_add_dirs()
2026-06-17 13:55 [RFC PATCH v1.1 0/2] mm/damon/sysfs-schemes: fix wrong directories put orders in error paths SeongJae Park
@ 2026-06-17 13:55 ` SeongJae Park
2026-06-17 13:55 ` [RFC PATCH v1.1 2/2] mm/damon/sysfs-schemes: put stats for scheme_add_dirs() internal error SeongJae Park
1 sibling, 0 replies; 3+ messages in thread
From: SeongJae Park @ 2026-06-17 13:55 UTC (permalink / raw)
Cc: SeongJae Park, # 5 . 18 . x, Andrew Morton, damon, linux-kernel,
linux-mm
In access_pattern_add_dirs(), error handling path puts references
starting from setup failed directories. If the failure happpened from
the initial allication in the setup functions, uninitialized memory
dereference happen. The allocation failures will not commonly happen,
but the consequence is quite bad. Fix the wrong reference put orders.
The issue was discovered [1] by Sashiko.
[1] https://lore.kernel.org/20260617060005.86852-1-sj@kernel.org
Fixes: 7e84b1f8212a ("mm/damon/sysfs: support DAMON-based Operation Schemes")
Cc: <stable@vger.kernel.org> # 5.18.x
Signed-off-by: SeongJae Park <sj@kernel.org>
---
mm/damon/sysfs-schemes.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/mm/damon/sysfs-schemes.c b/mm/damon/sysfs-schemes.c
index 329cfd0bbe9f3..7c00aa78b2f50 100644
--- a/mm/damon/sysfs-schemes.c
+++ b/mm/damon/sysfs-schemes.c
@@ -1993,22 +1993,19 @@ static int damon_sysfs_access_pattern_add_dirs(
err = damon_sysfs_access_pattern_add_range_dir(access_pattern,
&access_pattern->sz, "sz");
if (err)
- goto put_sz_out;
+ return err;
err = damon_sysfs_access_pattern_add_range_dir(access_pattern,
&access_pattern->nr_accesses, "nr_accesses");
if (err)
- goto put_nr_accesses_sz_out;
+ goto put_sz_out;
err = damon_sysfs_access_pattern_add_range_dir(access_pattern,
&access_pattern->age, "age");
if (err)
- goto put_age_nr_accesses_sz_out;
+ goto put_nr_accesses_sz_out;
return 0;
-put_age_nr_accesses_sz_out:
- kobject_put(&access_pattern->age->kobj);
- access_pattern->age = NULL;
put_nr_accesses_sz_out:
kobject_put(&access_pattern->nr_accesses->kobj);
access_pattern->nr_accesses = NULL;
--
2.47.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [RFC PATCH v1.1 2/2] mm/damon/sysfs-schemes: put stats for scheme_add_dirs() internal error
2026-06-17 13:55 [RFC PATCH v1.1 0/2] mm/damon/sysfs-schemes: fix wrong directories put orders in error paths SeongJae Park
2026-06-17 13:55 ` [RFC PATCH v1.1 1/2] mm/damon/sysfs-schemes: fix dir put orders in access_pattern_add_dirs() SeongJae Park
@ 2026-06-17 13:55 ` SeongJae Park
1 sibling, 0 replies; 3+ messages in thread
From: SeongJae Park @ 2026-06-17 13:55 UTC (permalink / raw)
Cc: SeongJae Park, # 6 . 2 . x, Andrew Morton, damon, linux-kernel,
linux-mm
damon_sysfs_scheme_add_dirs() setup the tried_regions directory after
the stats directory setup is completed. When the tried_regions
directory setup is failed, the setup function ensures the reference for
the tried regions directory is released. Hence the error path should
put references on setup succeeded directory objects, starting from the
stats directory. However, the error path is putting the tried_regions
directory instead of the stats directory.
As a direct result, the stats directory object is leaked. Worse yet, if
the tried_regions directory setup failed from the initial allocation,
the scheme->tried_regions field remains uninitialized. The following
kobject_put(&scheme->tried_regions->kobj) call in the error path will
dereference the uninitialized memory. The setup failures should not be
common. But once it happens, the consequence is quite bad.
Fix this issue by correctly putting the stats directory instead of the
tried_regions directory.
The issue was discovered [1] by Sashiko.
[1] https://lore.kernel.org/20260617005223.96813-1-sj@kernel.org
Fixes: 5181b75f438d ("mm/damon/sysfs-schemes: implement schemes/tried_regions directory")
Cc: <stable@vger.kernel.org> # 6.2.x
Signed-off-by: SeongJae Park <sj@kernel.org>
---
mm/damon/sysfs-schemes.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/mm/damon/sysfs-schemes.c b/mm/damon/sysfs-schemes.c
index 7c00aa78b2f50..0134111c3c1ff 100644
--- a/mm/damon/sysfs-schemes.c
+++ b/mm/damon/sysfs-schemes.c
@@ -2513,12 +2513,12 @@ static int damon_sysfs_scheme_add_dirs(struct damon_sysfs_scheme *scheme)
goto put_filters_watermarks_quotas_access_pattern_out;
err = damon_sysfs_scheme_set_tried_regions(scheme);
if (err)
- goto put_tried_regions_out;
+ goto put_stats_out;
return 0;
-put_tried_regions_out:
- kobject_put(&scheme->tried_regions->kobj);
- scheme->tried_regions = NULL;
+put_stats_out:
+ kobject_put(&scheme->stats->kobj);
+ scheme->stats = NULL;
put_filters_watermarks_quotas_access_pattern_out:
kobject_put(&scheme->ops_filters->kobj);
scheme->ops_filters = NULL;
--
2.47.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-06-17 13:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-17 13:55 [RFC PATCH v1.1 0/2] mm/damon/sysfs-schemes: fix wrong directories put orders in error paths SeongJae Park
2026-06-17 13:55 ` [RFC PATCH v1.1 1/2] mm/damon/sysfs-schemes: fix dir put orders in access_pattern_add_dirs() SeongJae Park
2026-06-17 13:55 ` [RFC PATCH v1.1 2/2] mm/damon/sysfs-schemes: put stats for scheme_add_dirs() internal error SeongJae Park
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.