From: sashiko-bot@kernel.org
To: "SeongJae Park" <sj@kernel.org>
Cc: damon@lists.linux.dev
Subject: Re: [RFC PATCH v2.2 07/28] mm/damon/core: do data attributes monitoring
Date: Fri, 15 May 2026 01:05:00 +0000 [thread overview]
Message-ID: <20260515010501.3ECFAC2BCB3@smtp.kernel.org> (raw)
In-Reply-To: <20260515004433.128933-8-sj@kernel.org>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [Medium] The `probe_hits` statistics are dropped or corrupted when DAMON regions are merged or split.
- [Medium] The `probe_hits` array is defined as `unsigned char` and is susceptible to integer overflow.
--
commit b280c3cfd980db677209be247ad602d23aa561f9
Author: SeongJae Park <sj@kernel.org>
mm/damon/core: do data attributes monitoring
Implement the data attributes monitoring execution. Update kdamond to
invoke the probes application callback, and reset the aggregated number
of per-region per-probe positive samples for every aggregation interval.
> diff --git a/mm/damon/core.c b/mm/damon/core.c
> index f6b4beb4b8ecd..1c9d2fb69f98d 100644
> --- a/mm/damon/core.c
> +++ b/mm/damon/core.c
> @@ -1886,10 +1886,14 @@ static void kdamond_reset_aggregated(struct damon_ctx *c)
> struct damon_region *r;
>
> damon_for_each_region(r, t) {
> + int i;
> +
> trace_damon_aggregated(ti, r, damon_nr_regions(t));
> damon_warn_fix_nr_accesses_corruption(r);
> r->last_nr_accesses = r->nr_accesses;
> r->nr_accesses = 0;
> + for (i = 0; i < DAMON_MAX_PROBES; i++)
> + r->probe_hits[i] = 0;
Is it possible for the probe_hits array values to wrap around?
The probe_hits array is defined as unsigned char in struct damon_region. It
holds the count of positive probe hits over an aggregation interval, and gets
incremented every sample interval.
Since the maximum number of samples per aggregation is dictated by
attrs.aggr_interval / attrs.sample_interval, and this is fully configurable by
users, what happens if the number of samples per aggregation exceeds 255?
Could the unsigned char array elements overflow and wrap around, yielding
truncated hit counts for high-frequency sampling configurations?
[ ... ]
> @@ -3172,6 +3176,8 @@ static int kdamond_fn(void *data)
>
> if (ctx->ops.check_accesses)
> max_nr_accesses = ctx->ops.check_accesses(ctx);
> + if (ctx->ops.apply_probes)
> + ctx->ops.apply_probes(ctx);
>
> if (time_after_eq(ctx->passed_sample_intervals,
> next_aggregation_sis)) {
Does this miss updating probe_hits when regions are merged or split?
Looking at damon_merge_two_regions(), it averages nr_accesses and age when
merging adjacent regions, but ignores the probe_hits array. This leaves the
left region's array unmodified and discards the right region's hits.
Similarly, damon_split_region_at() creates a new sub-region but does not
appear to copy the probe_hits from the parent, leaving the newly split
right half initialized to zero.
Since splitting and merging execute at the end of an aggregation interval,
will the probe_hits statistics be under-reported or corrupted?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260515004433.128933-1-sj@kernel.org?part=7
next prev parent reply other threads:[~2026-05-15 1:05 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 0:44 [RFC PATCH v2.2 00/28] mm/damon: introduce data attributes monitoring SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 01/28] mm/damon/core: introduce struct damon_probe SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 02/28] mm/damon/core: embed damon_probe objects in damon_ctx SeongJae Park
2026-05-15 1:17 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 03/28] mm/damon/core: introduce damon_filter SeongJae Park
2026-05-15 1:14 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 04/28] mm/damon/core: commit probes SeongJae Park
2026-05-15 1:05 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 05/28] mm/damon/core: introduce damon_region->probe_hits SeongJae Park
2026-05-15 0:54 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 06/28] mm/damon/core: introduce damon_ops->apply_probes SeongJae Park
2026-05-15 0:53 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 07/28] mm/damon/core: do data attributes monitoring SeongJae Park
2026-05-15 1:05 ` sashiko-bot [this message]
2026-05-15 0:44 ` [RFC PATCH v2.2 08/28] mm/damon/paddr: support " SeongJae Park
2026-05-15 1:29 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 09/28] mm/damon/sysfs: implement probes dir SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 10/28] mm/damon/sysfs: implement probe dir SeongJae Park
2026-05-15 1:08 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 11/28] mm/damon/sysfs: implement filters directory SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 12/28] mm/damon/sysfs: implement filter dir SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 13/28] mm/damon/sysfs: implement filter dir files SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 14/28] mm/damon/sysfs: setup probes on DAMON core API parameters SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 15/28] mm/damon/sysfs-schemes: implement tried_regions/<r>/probes/ SeongJae Park
2026-05-15 1:27 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 16/28] mm/damon/sysfs-schemes: implement probe dir SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 17/28] mm/damon/sysfs-schemes: implement probe/hits file SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 18/28] mm/damon: trace probe_hits SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 19/28] selftests/damon/sysfs.sh: test probes dir SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 20/28] Docs/mm/damon/design: document data attributes monitoring SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 21/28] Docs/admin-guide/mm/damon/usage: " SeongJae Park
2026-05-15 1:06 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 22/28] mm/damon/core: introduce DAMON_FILTER_TYPE_MEMCG SeongJae Park
2026-05-15 1:22 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 23/28] mm/damon/paddr: support DAMON_FILTER_TYPE_MEMCG SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 24/28] mm/damon/sysfs: add filters/<F>/path file SeongJae Park
2026-05-15 1:35 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 25/28] mm/damon/sysfs-schemes: move memcg_path_to_id() to sysfs-common SeongJae Park
2026-05-15 1:24 ` sashiko-bot
2026-05-15 0:44 ` [RFC PATCH v2.2 26/28] mm/damon/sysfs: setup damon_filter->memcg_id from path SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 27/28] Docs/mm/damon/design: update for memcg damon filter SeongJae Park
2026-05-15 0:44 ` [RFC PATCH v2.2 28/28] Docs/admin-guide/mm/damon/usage: " SeongJae Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260515010501.3ECFAC2BCB3@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=damon@lists.linux.dev \
--cc=sashiko-reviews@lists.linux.dev \
--cc=sj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox