[PATCH 0/6] mm/damon: fix misc bugs in DAMON modules

[PATCH 0/6] mm/damon: fix misc bugs in DAMON modules

[SeongJae Park]

From manual code review, I found below bugs in DAMON modules.

DAMON sample modules crash if those are enabled at boot time, via kernel
command line.  A similar issue was found and fixed on DAMON non-sample
modules in the past, but we didn't check that for sample modules.

DAMON non-sample modules are not setting 'enabled' parameters
accordingly when real enabling is failed.  Honggyu found and fixed[1]
this type of bugs in DAMON sample modules, and my inspection was
motivated by the great work.  Kudos to Honggyu.

Finally, DAMON_RECLIAM is mistakenly losing scheme internal status due
to misuse of damon_commit_ctx().  DAMON_LRU_SORT has a similar misuse,
but fortunately it is not causing real status loss.

Fix the bugs.  Since these are similar patterns of bugs that were found
in the past, it would be better to add tests or refactor the code, in
future.

Note that the fix of the second bug for DAMON_STAT is sent
separately[2], since it is a fix for a bug in mm-unstable tree at the
moment.  Also as mentioned above, DAMON_LRU_SORT also has a misuse of
damon_commit_ctx(), but it is not causing a real issue, hence the fix is
not included in this series.  I will post it later.

[1] https://lore.kernel.org/20250702000205.1921-1-honggyu.kim@sk.com
[2] https://lore.kernel.org/20250706184750.36588-1-sj@kernel.org

SeongJae Park (6):
  samples/damon/wsse: fix boot time enable handling
  samples/damon/prcl: fix boot time enable crash
  samples/damon/mtier: support boot time enable setup
  mm/damon/reclaim: reset enabled when DAMON start failed
  mm/damon/lru_sort: reset enabled when DAMON start failed
  mm/damon/reclaim: use parameter context correctly

 mm/damon/lru_sort.c   |  5 ++++-
 mm/damon/reclaim.c    |  9 ++++++---
 samples/damon/mtier.c | 13 +++++++++++++
 samples/damon/prcl.c  | 13 +++++++++++++
 samples/damon/wsse.c  | 15 ++++++++++++++-
 5 files changed, 50 insertions(+), 5 deletions(-)


base-commit: a555ad24c884e9f4ee2f2a0184f5b7b89c8d4a6e
-- 
2.39.5

[PATCH 1/6] samples/damon/wsse: fix boot time enable handling

[SeongJae Park]

If 'enable' parameter of the 'wsse' DAMON sample module is set at boot
time via the kernel command line, memory allocation is tried before the
slab is initialized.  As a result kernel NULL pointer dereference BUG
can happen.  Fix it by checking the initialization status.

Fixes: b757c6cfc696 ("samples/damon/wsse: start and stop DAMON as the user requests")
Cc: stable@vger.kernel.org
Signed-off-by: SeongJae Park <sj@kernel.org>
---
 samples/damon/wsse.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/samples/damon/wsse.c b/samples/damon/wsse.c
index e20238a249e7..15e2683fe5f3 100644
--- a/samples/damon/wsse.c
+++ b/samples/damon/wsse.c
@@ -89,6 +89,8 @@ static void damon_sample_wsse_stop(void)
 		put_pid(target_pidp);
 }
 
+static bool init_called;
+
 static int damon_sample_wsse_enable_store(
 		const char *val, const struct kernel_param *kp)
 {
@@ -103,6 +105,9 @@ static int damon_sample_wsse_enable_store(
 		return 0;
 
 	if (enable) {
+		if (!init_called)
+			return 0;
+
 		err = damon_sample_wsse_start();
 		if (err)
 			enable = false;
@@ -114,7 +119,15 @@ static int damon_sample_wsse_enable_store(
 
 static int __init damon_sample_wsse_init(void)
 {
-	return 0;
+	int err = 0;
+
+	init_called = true;
+	if (enable) {
+		err = damon_sample_wsse_start();
+		if (err)
+			enable = false;
+	}
+	return err;
 }
 
 module_init(damon_sample_wsse_init);
-- 
2.39.5

[PATCH 2/6] samples/damon/prcl: fix boot time enable crash

[SeongJae Park]

If 'enable' parameter of the 'prcl' DAMON sample module is set at boot
time via the kernel command line, memory allocation is tried before the
slab is initialized.  As a result kernel NULL pointer dereference BUG
can happen.  Fix it by checking the initialization status.

Fixes: 2aca254620a8 ("samples/damon: introduce a skeleton of a smaple DAMON module for proactive reclamation")
Signed-off-by: SeongJae Park <sj@kernel.org>
---
 samples/damon/prcl.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/samples/damon/prcl.c b/samples/damon/prcl.c
index 5597e6a08ab2..f04a18a8626a 100644
--- a/samples/damon/prcl.c
+++ b/samples/damon/prcl.c
@@ -109,6 +109,8 @@ static void damon_sample_prcl_stop(void)
 		put_pid(target_pidp);
 }
 
+static bool init_called;
+
 static int damon_sample_prcl_enable_store(
 		const char *val, const struct kernel_param *kp)
 {
@@ -122,6 +124,9 @@ static int damon_sample_prcl_enable_store(
 	if (enable == enabled)
 		return 0;
 
+	if (!init_called)
+		return 0;
+
 	if (enable) {
 		err = damon_sample_prcl_start();
 		if (err)
@@ -134,6 +139,14 @@ static int damon_sample_prcl_enable_store(
 
 static int __init damon_sample_prcl_init(void)
 {
+	int err = 0;
+
+	init_called = true;
+	if (enable) {
+		err = damon_sample_prcl_start();
+		if (err)
+			enable = false;
+	}
 	return 0;
 }
 
-- 
2.39.5

[PATCH 3/6] samples/damon/mtier: support boot time enable setup

[SeongJae Park]

If 'enable' parameter of the 'mtier' DAMON sample module is set at boot
time via the kernel command line, memory allocation is tried before the
slab is initialized.  As a result kernel NULL pointer dereference BUG
can happen.  Fix it by checking the initialization status.

Fixes: 82a08bde3cf7 ("samples/damon: implement a DAMON module for memory tiering")
Cc: stable@vger.kernel.org
Signed-off-by: SeongJae Park <sj@kernel.org>
---
 samples/damon/mtier.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/samples/damon/mtier.c b/samples/damon/mtier.c
index 97892ade7f31..20c3102242ec 100644
--- a/samples/damon/mtier.c
+++ b/samples/damon/mtier.c
@@ -157,6 +157,8 @@ static void damon_sample_mtier_stop(void)
 	damon_destroy_ctx(ctxs[1]);
 }
 
+static bool init_called;
+
 static int damon_sample_mtier_enable_store(
 		const char *val, const struct kernel_param *kp)
 {
@@ -170,6 +172,9 @@ static int damon_sample_mtier_enable_store(
 	if (enable == enabled)
 		return 0;
 
+	if (!init_called)
+		return 0;
+
 	if (enable) {
 		err = damon_sample_mtier_start();
 		if (err)
@@ -182,6 +187,14 @@ static int damon_sample_mtier_enable_store(
 
 static int __init damon_sample_mtier_init(void)
 {
+	int err = 0;
+
+	init_called = true;
+	if (enable) {
+		err = damon_sample_mtier_start();
+		if (err)
+			enable = false;
+	}
 	return 0;
 }
 
-- 
2.39.5

[PATCH 4/6] mm/damon/reclaim: reset enabled when DAMON start failed

[SeongJae Park]

When the startup fails, 'enabled' parameter is not reset.  As a result,
users show the parameter 'Y' while it is not really working.  Fix it by
resetting 'enabled' to 'false' when the work is failed.

Fixes: 04e98764befa ("mm/damon/reclaim: enable and disable synchronously")
Signed-off-by: SeongJae Park <sj@kernel.org>
---
 mm/damon/reclaim.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mm/damon/reclaim.c b/mm/damon/reclaim.c
index a675150965e0..c91098d8aa51 100644
--- a/mm/damon/reclaim.c
+++ b/mm/damon/reclaim.c
@@ -329,7 +329,7 @@ static int __init damon_reclaim_init(void)
 	int err = damon_modules_new_paddr_ctx_target(&ctx, &target);
 
 	if (err)
-		return err;
+		goto out;
 
 	ctx->callback.after_wmarks_check = damon_reclaim_after_wmarks_check;
 	ctx->callback.after_aggregation = damon_reclaim_after_aggregation;
@@ -338,6 +338,9 @@ static int __init damon_reclaim_init(void)
 	if (enabled)
 		err = damon_reclaim_turn(true);
 
+out:
+	if (err && enabled)
+		enabled = false;
 	return err;
 }
 
-- 
2.39.5

[PATCH 5/6] mm/damon/lru_sort: reset enabled when DAMON start failed

[SeongJae Park]

When the startup fails, 'enabled' parameter is not reset.  As a result,
users show the parameter 'Y' while it is not really working.  Fix it by
resetting 'enabled' to 'false' when the work is failed.

Fixes: 7a034fbba336 ("mm/damon/lru_sort: enable and disable synchronously")
Signed-off-by: SeongJae Park <sj@kernel.org>
---
 mm/damon/lru_sort.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mm/damon/lru_sort.c b/mm/damon/lru_sort.c
index 4af8fd4a390b..9bd8a1a115e0 100644
--- a/mm/damon/lru_sort.c
+++ b/mm/damon/lru_sort.c
@@ -325,7 +325,7 @@ static int __init damon_lru_sort_init(void)
 	int err = damon_modules_new_paddr_ctx_target(&ctx, &target);
 
 	if (err)
-		return err;
+		goto out;
 
 	ctx->callback.after_wmarks_check = damon_lru_sort_after_wmarks_check;
 	ctx->callback.after_aggregation = damon_lru_sort_after_aggregation;
@@ -334,6 +334,9 @@ static int __init damon_lru_sort_init(void)
 	if (enabled)
 		err = damon_lru_sort_turn(true);
 
+out:
+	if (err && enabled)
+		enabled = false;
 	return err;
 }
 
-- 
2.39.5

[PATCH 6/6] mm/damon/reclaim: use parameter context correctly

[SeongJae Park]

damon_reclaim_apply_parameters() allocates a new DAMON context, stages
user-specified DAMON parameters on it, and commits to running DAMON
context at once, using damon_commit_ctx().  The code is mistakenly
over-writing the monitoring attributes and the reclaim scheme on the
running context.  It is not causing a real problem for monitoring
attributes, but the scheme overwriting can remove scheme's internal
status such as charged quota.  Fix the wrong use of the parameter
context.

Fixes: 11ddcfc257a3 ("mm/damon/reclaim: use damon_commit_ctx()")
Signed-off-by: SeongJae Park <sj@kernel.org>
---
 mm/damon/reclaim.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mm/damon/reclaim.c b/mm/damon/reclaim.c
index c91098d8aa51..0fe8996328b8 100644
--- a/mm/damon/reclaim.c
+++ b/mm/damon/reclaim.c
@@ -194,7 +194,7 @@ static int damon_reclaim_apply_parameters(void)
 	if (err)
 		return err;
 
-	err = damon_set_attrs(ctx, &damon_reclaim_mon_attrs);
+	err = damon_set_attrs(param_ctx, &damon_reclaim_mon_attrs);
 	if (err)
 		goto out;
 
@@ -202,7 +202,7 @@ static int damon_reclaim_apply_parameters(void)
 	scheme = damon_reclaim_new_scheme();
 	if (!scheme)
 		goto out;
-	damon_set_schemes(ctx, &scheme, 1);
+	damon_set_schemes(param_ctx, &scheme, 1);
 
 	if (quota_mem_pressure_us) {
 		goal = damos_new_quota_goal(DAMOS_QUOTA_SOME_MEM_PSI_US,
-- 
2.39.5