DAMON development mailing list
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "SJ Park" <sj@kernel.org>
Cc: damon@lists.linux.dev
Subject: Re: [PATCH 16/18] mm/damon/vaddr: remove attrs param from __damon_va_check_access()
Date: Tue, 30 Jun 2026 04:22:14 +0000	[thread overview]
Message-ID: <20260630042214.A6C3A1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260630040812.149729-17-sj@kernel.org>

Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:

Pre-existing issues:
- [High] Thread-unsafe static state in access check functions leads to memory access rate corruption across processes.
- [High] Incorrect PTE advancement for large folios in DAMON operations causes skipped memory.
--

commit 126a430836c56a402d2fefdf82a9e58aed70a6d7
Author: SJ Park <sj@kernel.org>

mm/damon/vaddr: remove attrs param from __damon_va_check_access()

The function is not using attrs parameter. Remove it.

> diff --git a/mm/damon/vaddr.c b/mm/damon/vaddr.c
> index 2eaced0765e26..2058db9c01d52 100644
> --- a/mm/damon/vaddr.c
> +++ b/mm/damon/vaddr.c
> @@ -493,8 +493,7 @@ static bool damon_va_young(struct mm_struct *mm, unsigned long addr,
>   * r	the region to be checked
>   */
>  static void __damon_va_check_access(struct mm_struct *mm,
> -				struct damon_region *r, bool same_target,
> -				struct damon_attrs *attrs)
> +				struct damon_region *r, bool same_target)
>  {
>  	static unsigned long last_addr;
>  	static unsigned long last_folio_sz = PAGE_SIZE;
>  	static bool last_accessed;

[Severity: High]
This isn't a bug introduced by this patch, but does using static variables
here cause a cross-thread data race?

If multiple DAMON contexts (running in separate kdamond threads) monitor
virtual addresses simultaneously, a thread processing one process's virtual
address might read values just written by another thread.

Could this lead to incorrect reuse of the last_accessed result and corrupt
access rate statistics across different processes? A similar pattern appears
to exist in mm/damon/paddr.c:__damon_pa_check_access() as well.

[ ... ]

Additionally, while reviewing this file, I noticed another pre-existing
issue in damos_va_stat_pmd_entry() and damos_va_migrate_pmd_entry():

mm/damon/vaddr.c:damos_va_stat_pmd_entry() {
        ...
        nr = folio_nr_pages(folio);
        s->last_applied = folio;
        ...
}

[Severity: High]
This is a pre-existing issue, but does advancing the PTE by
folio_nr_pages() overshoot the loop bounds when the start address falls
in the middle of a large folio?

Because the address is not necessarily aligned to the start of the large
folio, advancing by the entire folio size might overshoot the end of the
folio and inadvertently skip subsequent PTEs that belong to unrelated
memory. Should the advancement step account for the subpage offset?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260630040812.149729-1-sj@kernel.org?part=16

  reply	other threads:[~2026-06-30  4:22 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-30  4:07 [PATCH 00/18] mm/damon: optimize out nr_accesses_bp SJ Park
2026-06-30  4:07 ` [PATCH 01/18] mm/damon/core: introduce damon_nr_accesses_mvsum() SJ Park
2026-06-30  4:19   ` sashiko-bot
2026-06-30  4:28     ` SJ Park
2026-06-30  4:07 ` [PATCH 02/18] mm/damon/tests/core-kunit: test damon_mvsum() SJ Park
2026-06-30  4:07 ` [PATCH 03/18] mm/damon/core: always update ->last_nr_accesses for intervals change SJ Park
2026-06-30  4:21   ` sashiko-bot
2026-06-30  4:30     ` SJ Park
2026-06-30  4:07 ` [PATCH 04/18] mm/damon/core: handle unreset nr_accesses in damon_nr_accesses_mvsum() SJ Park
2026-06-30  4:23   ` sashiko-bot
2026-06-30  4:33     ` SJ Park
2026-06-30  4:07 ` [PATCH 05/18] mm/damon/core: use damon_nr_accesses_mvsum() in __damos_valid_target() SJ Park
2026-06-30  4:25   ` sashiko-bot
2026-06-30  4:34     ` SJ Park
2026-06-30  4:07 ` [PATCH 06/18] mm/damon/core: use damon_nr_accesses_mvsum() for damos region tracing SJ Park
2026-06-30  4:08 ` [PATCH 07/18] mm/damon/sysfs-schemes: use damon_nr_accesses_mvsum() for damo regions SJ Park
2026-06-30  4:08 ` [PATCH 08/18] mm/damon/core: remove damon_warn_fix_nr_accesses_corruption() SJ Park
2026-06-30  4:08 ` [PATCH 09/18] mm/damon/core: remove damon_verify_reset_aggregated() SJ Park
2026-06-30  4:08 ` [PATCH 10/18] mm/damon/core: remove damon_verify_merge_regions_of() SJ Park
2026-06-30  4:08 ` [PATCH 11/18] mm/damon/tests/core-kunit: remove nr_accesses_bp setup and tests SJ Park
2026-06-30  4:08 ` [PATCH 12/18] selftests/damon/drgn_dump_damon_status: do not dump nr_accesses_bp SJ Park
2026-06-30  4:08 ` [PATCH 13/18] mm/damon/core: remove nr_accesses_bp setups and updates SJ Park
2026-06-30  4:08 ` [PATCH 14/18] mm/damon/core: remove attrs param from damon_update_region_access_rate() SJ Park
2026-06-30  4:19   ` sashiko-bot
2026-06-30  4:39     ` SJ Park
2026-06-30  4:48   ` SJ Park
2026-07-02  0:22     ` Andrew Morton
2026-06-30  4:08 ` [PATCH 15/18] mm/damon/paddr: remove attrs param from __damon_pa_check_access() SJ Park
2026-06-30  4:08 ` [PATCH 16/18] mm/damon/vaddr: remove attrs param from __damon_va_check_access() SJ Park
2026-06-30  4:22   ` sashiko-bot [this message]
2026-06-30  4:45     ` SJ Park
2026-06-30  4:08 ` [PATCH 17/18] mm/damon/core: remove damon_moving_sum() and its unit test SJ Park
2026-06-30  4:08 ` [PATCH 18/18] mm/damon/core: remove damon_region->nr_accesses_bp SJ Park
2026-06-30  4:52 ` [PATCH 00/18] mm/damon: optimize out nr_accesses_bp SJ Park

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260630042214.A6C3A1F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=damon@lists.linux.dev \
    --cc=sashiko-reviews@lists.linux.dev \
    --cc=sj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox