Re: [RFC PATCH v1.3 01/18] mm/damon: introduce damon_nr_accesses_mvsum()

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Potential 32-bit integer overflow in `damon_nr_accesses_mvsum()` when calculating `left_window_bp` using `mult_frac()` for large interval ratios.
--

commit e0ac3f6397c85ca0b28c3db5a3bfa0bbe79402ee
Author: SeongJae Park <sj@kernel.org>

mm/damon: introduce damon_nr_accesses_mvsum()

This commit introduces a new DAMON core function, damon_nr_accesses_mvsum(),
which returns a pseudo moving sum value of a given region's nr_accesses for
the last aggregation interval.

> diff --git a/mm/damon/core.c b/mm/damon/core.c
> --- a/mm/damon/core.c
> +++ b/mm/damon/core.c

[ ... ]

> @@ -210,6 +210,68 @@ static struct damon_probe *damon_nth_probe(int n, struct damon_ctx *ctx)

[ ... ]

> +unsigned int damon_nr_accesses_mvsum(struct damon_region *r,
> +		struct damon_ctx *ctx)
> +{
> +	unsigned long sample_interval, aggr_interval;
> +	unsigned long window_len, left_window, left_window_bp;
> +
> +	sample_interval = ctx->attrs.sample_interval ? : 1;
> +	aggr_interval = ctx->attrs.aggr_interval ? : 1;
> +	window_len = aggr_interval / sample_interval;
> +	if (time_after_eq(ctx->passed_sample_intervals,
> +				ctx->next_aggregation_sis))
> +		left_window = 0;
> +	else
> +		left_window = ctx->next_aggregation_sis -
> +			ctx->passed_sample_intervals;
> +	left_window_bp = mult_frac(left_window, 10000, window_len);

[Severity: Medium]
Can this cause a 32-bit integer overflow on 32-bit architectures?

The mult_frac(x, n, d) macro internally computes the remainder multiplied by n
using the native type of x. Since left_window is an unsigned long, it will be
32 bits on 32-bit architectures.

If window_len (and thus left_window) exceeds 429,496, the multiplication
left_window * 10000 will overflow the 32-bit integer maximum (~4.29 billion)
before division.

This easily occurs if a user configures a long aggregation interval via sysfs.
For example, a 1 hour aggregation interval (3,600,000,000 us) with a 5,000 us
sampling interval gives a window_len of 720,000.

This overflow would result in an incorrect left_window_bp and consequently an
inaccurate pseudo moving sum access score, which could improperly drive DAMOS
policies.

> +
> +	return damon_mvsum(r->nr_accesses, r->last_nr_accesses,
> +			left_window_bp);
> +}

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260622142139.30269-1-sj@kernel.org?part=1