* [PATCH] mm/damon/core: avoid destroyed target reference from DAMOS quota
@ 2025-05-17 14:18 Akinobu Mita
2025-05-17 15:56 ` SeongJae Park
0 siblings, 1 reply; 2+ messages in thread
From: Akinobu Mita @ 2025-05-17 14:18 UTC (permalink / raw)
To: damon; +Cc: linux-mm, akpm, akinobu.mita, SeongJae Park
When the number of the monitoring targets in running contexts is reduced,
there may be DAMOS quotas referencing the targets that will be destroyed.
Applying the scheme action for such DAMOS scheme will be skipped forever
looking for the starting part of the region for the destroyed monitoring
target.
To fix this issue, when the monitoring target is destroyed, reset the
starting part for all DAMOS quotas that reference the target.
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: SeongJae Park <sj@kernel.org>
---
mm/damon/core.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/mm/damon/core.c b/mm/damon/core.c
index 587fb9a4fef8..6df13586155b 100644
--- a/mm/damon/core.c
+++ b/mm/damon/core.c
@@ -1093,9 +1093,17 @@ static int damon_commit_targets(
if (err)
return err;
} else {
+ struct damos *s;
+
if (damon_target_has_pid(dst))
put_pid(dst_target->pid);
damon_destroy_target(dst_target);
+ damon_for_each_scheme(s, dst) {
+ if (s->quota.charge_target_from == dst_target) {
+ s->quota.charge_target_from = NULL;
+ s->quota.charge_addr_from = 0;
+ }
+ }
}
}
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] mm/damon/core: avoid destroyed target reference from DAMOS quota
2025-05-17 14:18 [PATCH] mm/damon/core: avoid destroyed target reference from DAMOS quota Akinobu Mita
@ 2025-05-17 15:56 ` SeongJae Park
0 siblings, 0 replies; 2+ messages in thread
From: SeongJae Park @ 2025-05-17 15:56 UTC (permalink / raw)
To: Akinobu Mita; +Cc: SeongJae Park, damon, linux-mm, akpm
On Sat, 17 May 2025 23:18:52 +0900 Akinobu Mita <akinobu.mita@gmail.com> wrote:
> When the number of the monitoring targets in running contexts is reduced,
> there may be DAMOS quotas referencing the targets that will be destroyed.
>
> Applying the scheme action for such DAMOS scheme will be skipped forever
> looking for the starting part of the region for the destroyed monitoring
> target.
Nice catch!
>
> To fix this issue, when the monitoring target is destroyed, reset the
> starting part for all DAMOS quotas that reference the target.
>
I think this deserves below Fixes: tag?
Fixes: da87878010e5 ("mm/damon/sysfs: support online inputs update")
For a clarification. The worst scenario consequence of this issue is DAMOS
unexpectedly doing less or zero works under certain setups. No horrible
problems such as a use after free will happen, though, since quota handling
code references quota.charge_target_from, but does not de-reference it.
So I don't think this deserves Cc-ing stable@, but I'll let stable@ maintainers
decide, as usual.
> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
> Cc: SeongJae Park <sj@kernel.org>
Reviewed-by: SeongJae Park <sj@kernel.org>
Thanks,
SJ
[...]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-05-17 15:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-05-17 14:18 [PATCH] mm/damon/core: avoid destroyed target reference from DAMOS quota Akinobu Mita
2025-05-17 15:56 ` SeongJae Park
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox