Re: [RFC PATCH v1.1 03/11] mm/damon/sysfs-schemes: kobject_del() scheme dirs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "SeongJae Park" <sj@kernel.org>
Cc: damon@lists.linux.dev
Subject: Re: [RFC PATCH v1.1 03/11] mm/damon/sysfs-schemes: kobject_del() scheme dirs
Date: Wed, 17 Jun 2026 15:07:10 +0000	[thread overview]
Message-ID: <20260617150710.E9EDB1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260617144807.91441-4-sj@kernel.org>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] Missing `kobject_del()` on error path in `damon_sysfs_schemes_add_dirs()` leads to `-EEXIST` sysfs directory creation failures
--

commit 9080a7ab1bab654c1e6a9f081551a9609de62cbf
Author: SeongJae Park <sj@kernel.org>

mm/damon/sysfs-schemes: kobject_del() scheme dirs

On CONFIG_DEBUG_KOBJECT_RELEASE enabled kernel, lack of kobject_del()
could cause directories creation failures due to the name conflicts. Fix
those issues for scheme directories by adding kobject_del() calls.

> diff --git a/mm/damon/sysfs-schemes.c b/mm/damon/sysfs-schemes.c
> index 329cfd0bbe9f3..37cf6edb54f17 100644
> --- a/mm/damon/sysfs-schemes.c
> +++ b/mm/damon/sysfs-schemes.c
> @@ -2686,6 +2686,7 @@ void damon_sysfs_schemes_rm_dirs(struct damon_sysfs_schemes *schemes)
>  
>  	for (i = 0; i < schemes->nr; i++) {
>  		damon_sysfs_scheme_rm_dirs(schemes_arr[i]);
> +		kobject_del(&schemes_arr[i]->kobj);
>  		kobject_put(&schemes_arr[i]->kobj);
>  	}
>  	schemes->nr = 0;

[Severity: High]
This isn't a bug introduced by this patch, but it appears a similar issue
might still exist in damon_sysfs_schemes_add_dirs() on the error path.

While subsequent patches in this series successfully fixed this exact pattern
for other arrays, it seems damon_sysfs_schemes_add_dirs() might have been
missed.

If kobject_init_and_add() succeeds for a new scheme, but child directory
creation via damon_sysfs_scheme_add_dirs() fails, the code branches to the
out label:

mm/damon/sysfs-schemes.c:damon_sysfs_schemes_add_dirs() {
    ...
		err = kobject_init_and_add(&scheme->kobj,
				&damon_sysfs_scheme_ktype, &schemes->kobj,
				"%d", i);
		if (err)
			goto out;
		err = damon_sysfs_scheme_add_dirs(scheme);
		if (err)
			goto out;
    ...
out:
	damon_sysfs_schemes_rm_dirs(schemes);
	kobject_put(&scheme->kobj);
	return err;
}

Can this lead to the scheme directory lingering in sysfs because kobject_del()
is missing before kobject_put()?

If CONFIG_DEBUG_KOBJECT_RELEASE is enabled, kobject_cleanup() is delayed.
Since the parent persistent schemes directory survives, could a subsequent user
write to resize the array attempt to recreate a directory with the same
numerical ID and result in an -EEXIST conflict?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260617144807.91441-1-sj@kernel.org?part=3

next prev parent reply	other threads:[~2026-06-17 15:07 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-17 14:47 [RFC PATCH v1.1 00/11] mm/damon/sysfs: kobject_del() directories that users can create/remove SeongJae Park
2026-06-17 14:47 ` [RFC PATCH v1.1 01/11] mm/damon/sysfs: kobject_del() target (normal), context and kdamond dirs SeongJae Park
2026-06-17 15:09   ` sashiko-bot
2026-06-17 14:47 ` [RFC PATCH v1.1 02/11] mm/damon/sysfs: kobject_del() region and target (error) dirs SeongJae Park
2026-06-17 15:06   ` sashiko-bot
2026-06-17 14:47 ` [RFC PATCH v1.1 03/11] mm/damon/sysfs-schemes: kobject_del() scheme dirs SeongJae Park
2026-06-17 15:07   ` sashiko-bot [this message]
2026-06-17 14:47 ` [RFC PATCH v1.1 04/11] mm/damon/sysfs-schemes: kobject_del() scheme region dirs SeongJae Park
2026-06-17 15:11   ` sashiko-bot
2026-06-17 14:47 ` [RFC PATCH v1.1 05/11] mm/damon/sysfs-schemes: kobject_del() scheme filter dirs SeongJae Park
2026-06-17 15:03   ` sashiko-bot
2026-06-17 14:48 ` [RFC PATCH v1.1 06/11] mm/damon/sysfs-schemes: kobject_del() scheme quota goal dirs SeongJae Park
2026-06-17 15:12   ` sashiko-bot
2026-06-17 14:48 ` [RFC PATCH v1.1 07/11] mm/damon/sysfs-schemes: kobject_del() scheme action destination dirs SeongJae Park
2026-06-17 15:15   ` sashiko-bot
2026-06-17 14:48 ` [RFC PATCH v1.1 08/11] mm/damon/sysfs: kobject_del() probe dirs SeongJae Park
2026-06-17 15:08   ` sashiko-bot
2026-06-17 14:48 ` [RFC PATCH v1.1 09/11] mm/damon/sysfs: kobject_del() probe filter dirs SeongJae Park
2026-06-17 14:48 ` [RFC PATCH v1.1 10/11] mm/damon/sysfs: kobject_del() probe dirs in probes_addd_dir error path SeongJae Park
2026-06-17 15:25   ` sashiko-bot
2026-06-17 14:48 ` [RFC PATCH v1.1 11/11] mm/damon/sysfs-schemes: kobject_del() region for populate_region error SeongJae Park
2026-06-17 15:23   ` sashiko-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260617150710.E9EDB1F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=damon@lists.linux.dev \
    --cc=sashiko-reviews@lists.linux.dev \
    --cc=sj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.