From: SeongJae Park <sj@kernel.org>
To: SeongJae Park <sj@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Yang Yingliang <yangyingliang@huawei.com>,
damon@lists.linux.dev, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, stable@vger.kernel.org
Subject: Re: [RFC PATCH] mm/damon/core: validate ranges in damon_set_regions()
Date: Sat, 27 Jun 2026 10:26:31 -0700 [thread overview]
Message-ID: <20260627172631.3923-1-sj@kernel.org> (raw)
In-Reply-To: <20260627170057.1867-1-sj@kernel.org>
On Sat, 27 Jun 2026 10:00:56 -0700 SeongJae Park <sj@kernel.org> wrote:
> DAMON core logic assumes zero length regions don't exist. However, a
> few DAMON API callers including DAMON_SYSFS, DAMON_RECLAIM and
> DAMON_LRU_SORT allow users to set empty monitoring target regions. This
> could result in WARN_ONCE() on CONFIG_DAMON_DEBUG_SANITY enabled kernel,
> and divide-by-zero from damon_merge_two_regions().
>
> For example, the WANR_ONCE() can be triggered like below.
>
> # grep DAMON_DEBUG_SANITY /boot/config-$(uname -r)
> # CONFIG_DAMON_DEBUG_SANITY=y
> # damo start
> # cd /sys/kernel/mm/damon/admin/kdamonds/0
> # echo 0 > contexts/0/targets/0/regions/0/start
> # echo 0 > contexts/0/targets/0/regions/0/end
> # echo commit > state
> # dmesg
> [....]
> [ 73.705780] ------------[ cut here ]------------
> [ 73.707552] start 0 >= end 0
> [ 73.708452] WARNING: mm/damon/core.c:359 at damon_new_region+0x6e/0x80, CPU#1: kdamond.0/758
> [...]
>
> Disallow empty region user inputs by updating the validation logic.
The above description is wrong, since this is not updating an existing
validation but adding a new validation.
>
> Fixes: 43b0536cb471 ("mm/damon: introduce DAMON-based Reclamation (DAMON_RECLAIM)")
> Cc: <stable@vger.kernel.org> # 5.16.x
> Signed-off-by: SeongJae Park <sj@kernel.org>
> ---
> mm/damon/core.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/mm/damon/core.c b/mm/damon/core.c
> index 7e4b9affc5b06..b3100d7fa5596 100644
> --- a/mm/damon/core.c
> +++ b/mm/damon/core.c
> @@ -358,6 +358,11 @@ int damon_set_regions(struct damon_target *t, struct damon_addr_range *ranges,
> unsigned int i;
> int err;
>
> + for (i = 0; i < nr_ranges; i++) {
> + if (ranges[i].start >= ranges[i].end)
> + return -EINVAL;
> + }
> +
Sashiko found [1] this is not complete, since eventually this function uses
aligned addresses. I will address that in the next revision by doing the
validation with the aligned addresses.
[1] https://lore.kernel.org/20260627172406.3794-1-sj@kernel.org
Thanks,
SJ
[...]
prev parent reply other threads:[~2026-06-27 17:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-27 17:00 [RFC PATCH] mm/damon/core: validate ranges in damon_set_regions() SeongJae Park
2026-06-27 17:19 ` sashiko-bot
2026-06-27 17:24 ` SeongJae Park
2026-06-27 17:26 ` SeongJae Park [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260627172631.3923-1-sj@kernel.org \
--to=sj@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=damon@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=stable@vger.kernel.org \
--cc=yangyingliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.