From: SeongJae Park <sj@kernel.org>
To: sashiko-bot@kernel.org
Cc: SeongJae Park <sj@kernel.org>, damon@lists.linux.dev
Subject: Re: [RFC PATCH 01/13] mm/damon: introduce damon_nr_accesses_mvsum()
Date: Fri, 19 Jun 2026 12:52:31 -0700 [thread overview]
Message-ID: <20260619195232.26053-1-sj@kernel.org> (raw)
In-Reply-To: <20260619194428.7A3BA1F000E9@smtp.kernel.org>
On Fri, 19 Jun 2026 19:44:28 +0000 sashiko-bot@kernel.org wrote:
> Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
> - [High] Kernel panic due to division by zero in `damon_nr_accesses_mvsum()` when `aggr_interval` is configured to 0.
> - [Medium] Integer overflow in `mult_frac()` leading to severely incorrect access scoring on 32-bit systems when `window_len` is large.
> --
>
> commit 0c6de91631a66fe41c1e81f68011cf31d86b4825
> Author: SeongJae Park <sj@kernel.org>
>
> mm/damon: introduce damon_nr_accesses_mvsum()
>
> This commit introduces damon_nr_accesses_mvsum() to calculate a pseudo
> moving sum of a given region's nr_accesses for the last aggregation
> interval. The function is designed to be executed on-demand rather than
> at every sampling interval.
>
> > diff --git a/mm/damon/core.c b/mm/damon/core.c
> > --- a/mm/damon/core.c
> > +++ b/mm/damon/core.c
> [ ... ]
> > +unsigned int damon_nr_accesses_mvsum(struct damon_region *r,
> > + struct damon_ctx *ctx)
> > +{
> > + unsigned long sample_interval, window_len, left_window, left_window_bp;
> > +
> > + sample_interval = ctx->attrs.sample_interval ? : 1;
> > + window_len = ctx->attrs.aggr_interval / sample_interval;
> > + left_window = ctx->next_aggregation_sis - ctx->passed_sample_intervals;
> > + left_window_bp = mult_frac(left_window, 10000, window_len);
>
> [Severity: High]
> What happens here if aggr_interval is configured to 0?
>
> If userspace configures both aggr_interval and sample_interval to 0
> via sysfs, sample_interval evaluates to 1 through the fallback, but
> window_len becomes 0.
>
> When window_len is passed as the denominator to mult_frac(), does this
> result in a divide-by-zero kernel panic?
Good catch. I will add a handling of the case in the next revision.
>
> [Severity: Medium]
> Is there a risk of an integer overflow here on 32-bit systems?
>
> The mult_frac(x, n, d) macro evaluates the fractional part using the type
> of x, which is an unsigned long here. On 32-bit architectures, this has
> a maximum value of ~4.29 billion.
>
> If a 5-second aggregation interval and 1-microsecond sample interval are
> configured, window_len and left_window could reach 5,000,000.
>
> The intermediate multiplication in mult_frac():
> (left_window % window_len) * 10000
>
> could evaluate to around 50,000,000,000, which overflows a 32-bit
> unsigned long. Could this lead to inaccurate access frequency calculations?
I don't think that's a sane input that need a support. We can revisit if a
real user report from this is made.
Thanks,
SJ
[...]
next prev parent reply other threads:[~2026-06-19 19:52 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-19 19:33 [RFC PATCH 00/13] mm/damon: optimize out nr_accesses_bp SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 01/13] mm/damon: introduce damon_nr_accesses_mvsum() SeongJae Park
2026-06-19 19:44 ` sashiko-bot
2026-06-19 19:52 ` SeongJae Park [this message]
2026-06-19 19:33 ` [RFC PATCH 02/13] mm/damon/tests/core-kunit: test damon_mvsum() SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 03/13] mm/damon/core: use damon_nr_accesses_mvsum() in __damos_valid_target() SeongJae Park
2026-06-19 19:49 ` sashiko-bot
2026-06-19 19:33 ` [RFC PATCH 04/13] mm/damon/core: use damon_nr_accesses_mvsum() for damos region tracing SeongJae Park
2026-06-19 19:51 ` sashiko-bot
2026-06-19 20:17 ` SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 05/13] mm/damon/sysfs-schemes: use damon_nr_accesses_mvsum() for damo regions SeongJae Park
2026-06-19 19:47 ` sashiko-bot
2026-06-19 19:55 ` SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 06/13] mm/damon/core: remove damon_warn_fix_nr_accesses_corruption() SeongJae Park
2026-06-19 19:47 ` sashiko-bot
2026-06-19 19:56 ` SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 07/13] mm/damon/core: remove damon_verify_reset_aggregated() SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 08/13] mm/damon/core: remove damon_verify_merge_regions_of() SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 09/13] mm/damon/tests/core-kunit: remove nr_accesses_bp setup and tests SeongJae Park
2026-06-19 19:52 ` sashiko-bot
2026-06-19 20:24 ` SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 10/13] selftests/damon/drgn_dump_damon_status: do not dump nr_accesses_bp SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 11/13] mm/damon/core: remove nr_accesses_bp setups and updates SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 12/13] mm/damon/core: remove damon_moving_sum() and its unit test SeongJae Park
2026-06-19 19:33 ` [RFC PATCH 13/13] mm/damon: remove damon_region->nr_accesses_bp SeongJae Park
2026-06-19 19:49 ` sashiko-bot
2026-06-19 20:36 ` SeongJae Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260619195232.26053-1-sj@kernel.org \
--to=sj@kernel.org \
--cc=damon@lists.linux.dev \
--cc=sashiko-bot@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.