From: SeongJae Park <sj@kernel.org>
To: sashiko-bot@kernel.org
Cc: SeongJae Park <sj@kernel.org>, damon@lists.linux.dev
Subject: Re: [PATCH 03/11] mm/damon/core: introduce failed region quota charge ratio
Date: Mon, 27 Apr 2026 20:38:32 -0700 [thread overview]
Message-ID: <20260428033833.115866-1-sj@kernel.org> (raw)
In-Reply-To: <20260428030059.18A2EC19425@smtp.kernel.org>
On Tue, 28 Apr 2026 03:00:58 +0000 sashiko-bot@kernel.org wrote:
> Sashiko AI review found 2 potential issue(s):
> - [High] Pathological region fragmentation causing catastrophic CPU overhead when actions fail.
> - [Medium] Silent 32-bit integer overflow in `mult_frac()` for unbounded charge ratio parameters.
No blocker in my opinion. Please read below for details.
> --
>
> commit 4805d0ecef06fc0ab3681758cf2d692b37ed9b70
> Author: SeongJae Park <sj@kernel.org>
>
> mm/damon/core: introduce failed region quota charge ratio
>
> This commit introduces a mechanism to charge action-failed memory at a
> different ratio than action-successful memory. It allows API callers to
> specify the ratio flexibly by setting a numerator and denominator for the
> failed region charge rate.
>
> > diff --git a/mm/damon/core.c b/mm/damon/core.c
> > index 19ec9919b5ca..87cd4f0d14f3 100644
> > --- a/mm/damon/core.c
> > +++ b/mm/damon/core.c
>
> [ ... ]
>
> > @@ -2046,6 +2048,23 @@ static void damos_walk_cancel(struct damon_ctx *ctx)
> > mutex_unlock(&ctx->walk_control_lock);
> > }
> >
> > +static void damos_charge_quota(struct damos_quota *quota,
> > + unsigned long sz_region, unsigned long sz_applied)
> > +{
> > + /*
> > + * sz_applied could be bigger than sz_region, depending on ops
> > + * implementation of the action, e.g., damos_pa_pageout(). Charge only
> > + * the region size in the case.
> > + */
> > + if (!quota->fail_charge_denom || sz_applied > sz_region)
> > + quota->charged_sz += sz_region;
> > + else
> > + quota->charged_sz += sz_applied + mult_frac(
> > + (sz_region - sz_applied),
> > + quota->fail_charge_num,
> > + quota->fail_charge_denom);
>
> Can this silently overflow on 32-bit architectures?
>
> The mult_frac(x, n, d) macro evaluates (x / d) * n + (x % d) * n / d. Since
> sz_region is unsigned long, on 32-bit systems the intermediate remainder
> (x % d) is a 32-bit integer. The variables fail_charge_num and
> fail_charge_denom are declared as unsigned int and could be set to
> arbitrarily large values (up to UINT_MAX) without bounds checking.
>
> If large inputs are provided, does the (x % d) * n multiplication silently
> wrap around before division, causing an incorrectly small charged amount
> and undermining the quota enforcement?
Yes, the overflow could happen, but the user impact should be negligible. The
user could also set addr_unit accordingly. Let's keep this as is for now. We
can revisit if this becomes a real issue.
>
> > +}
> > +
>
> [ ... ]
>
> > @@ -2116,7 +2135,7 @@ static void damos_apply_scheme(struct damon_ctx *c, struct damon_target *t,
> > ktime_get_coarse_ts64(&end);
> > quota->total_charged_ns += timespec64_to_ns(&end) -
> > timespec64_to_ns(&begin);
> > - quota->charged_sz += sz;
> > + damos_charge_quota(quota, sz, sz_applied);
>
> Could this cause pathological region fragmentation and massive CPU overhead
> if the action fails?
>
> Earlier in damos_apply_scheme(), if the remaining quota is small, the
> region is split to fit:
>
> if (damos_quota_is_set(quota) &&
> quota->charged_sz + sz > quota->esz) {
> sz = ALIGN_DOWN(quota->esz - quota->charged_sz,
> c->min_region_sz);
> if (!sz)
> goto update_stat;
> damon_split_region_at(t, r, sz);
> }
>
> If the action then fails, sz_applied could be 0. When damos_charge_quota()
> is called, if fail_charge_num is also small or 0, charged_sz doesn't
> increase by sz. This leaves the remaining quota unchanged.
>
> In the next iteration, the remainder of the previously split region is
> processed. Since the remaining quota is exactly the same, it calculates the
> same sz and splits the region again. This process repeats, dividing the
> entire remaining address space into tiny min_region_sz chunks, potentially
> triggering millions of loops and pegging the kdamond thread at 100% CPU.
Sashiko's analysis is correct. But the user impact is expected to be minimal.
That's because the region split is not expensive. It is anyway supposed to be
much smaller than the successful DAMOS action. Also the second patch of this
series prevented unconditionally increasing the number of regions in this
scenario.
And after all, the user should set the ratio based on the recommendation
(1/PAGE_SIZE), or after testing. I think the user impact of this scenario
under the recommended configuration should be reasonable.
Thanks,
SJ
[...]
next prev parent reply other threads:[~2026-04-28 3:38 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-28 1:33 [PATCH 00/11] mm/damon: introduce DAMOS failed region quota charge ratio SeongJae Park
2026-04-28 1:33 ` [PATCH 01/11] mm/damon/core: handle <min_region_sz remaining quota as empty SeongJae Park
2026-04-28 2:00 ` sashiko-bot
2026-04-28 3:23 ` SeongJae Park
2026-04-28 1:33 ` [PATCH 02/11] mm/damon/core: merge regions after applying DAMOS schemes SeongJae Park
2026-04-28 1:33 ` [PATCH 03/11] mm/damon/core: introduce failed region quota charge ratio SeongJae Park
2026-04-28 3:00 ` sashiko-bot
2026-04-28 3:38 ` SeongJae Park [this message]
2026-04-28 1:33 ` [PATCH 04/11] mm/damon/sysfs-schemes: implement fail_charge_{num,denom} files SeongJae Park
2026-04-28 1:54 ` sashiko-bot
2026-04-28 3:41 ` SeongJae Park
2026-04-28 1:33 ` [PATCH 05/11] Docs/mm/damon/design: document fail_charge_{num,denom} SeongJae Park
2026-04-28 1:33 ` [PATCH 06/11] Docs/admin-guide/mm/damon/usage: document fail_charge_{num,denom} files SeongJae Park
2026-04-28 1:33 ` [PATCH 07/11] Docs/ABI/damon: document fail_charge_{num,denom} SeongJae Park
2026-04-28 1:33 ` [PATCH 08/11] mm/damon/tests/core-kunit: test fail_charge_{num,denom} committing SeongJae Park
2026-04-28 1:33 ` [PATCH 09/11] selftests/damon/_damon_sysfs: support failed region quota charge ratio SeongJae Park
2026-04-28 1:33 ` [PATCH 10/11] selftests/damon/drgn_dump_damon_status: " SeongJae Park
2026-04-28 1:34 ` [PATCH 11/11] selftests/damon/sysfs.py: test " SeongJae Park
2026-04-28 14:48 ` [PATCH 00/11] mm/damon: introduce DAMOS " Andrew Morton
2026-04-28 15:24 ` SeongJae Park
2026-05-01 1:56 ` SeongJae Park
2026-05-01 6:49 ` David Hildenbrand (Arm)
2026-05-02 1:56 ` SeongJae Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260428033833.115866-1-sj@kernel.org \
--to=sj@kernel.org \
--cc=damon@lists.linux.dev \
--cc=sashiko-bot@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox