Commit 1b247cd
mm/damon/core: avoid use of half-online-committed context
commit 26f775a upstream.
One major usage of damon_call() is online DAMON parameters update. It is
done by calling damon_commit_ctx() inside the damon_call() callback
function. damon_commit_ctx() can fail for two reasons: 1) invalid
parameters and 2) internal memory allocation failures. In case of
failures, the damon_ctx that attempted to be updated (commit destination)
can be partially updated (or, corrupted from a perspective), and therefore
shouldn't be used anymore. The function only ensures the damon_ctx object
can safely deallocated using damon_destroy_ctx().
The API callers are, however, calling damon_commit_ctx() only after
asserting the parameters are valid, to avoid damon_commit_ctx() fails due
to invalid input parameters. But it can still theoretically fail if the
internal memory allocation fails. In the case, DAMON may run with the
partially updated damon_ctx. This can result in unexpected behaviors
including even NULL pointer dereference in case of damos_commit_dests()
failure [1]. Such allocation failure is arguably too small to fail, so
the real world impact would be rare. But, given the bad consequence, this
needs to be fixed.
Avoid such partially-committed (maybe-corrupted) damon_ctx use by saving
the damon_commit_ctx() failure on the damon_ctx object. For this,
introduce damon_ctx->maybe_corrupted field. damon_commit_ctx() sets it
when it is failed. kdamond_call() checks if the field is set after each
damon_call_control->fn() is executed. If it is set, ignore remaining
callback requests and return. All kdamond_call() callers including
kdamond_fn() also check the maybe_corrupted field right after
kdamond_call() invocations. If the field is set, break the kdamond_fn()
main loop so that DAMON sill doesn't use the context that might be
corrupted.
[sj@kernel.org: let kdamond_call() with cancel regardless of maybe_corrupted]
Link: https://lkml.kernel.org/r/20260320031553.2479-1-sj@kernel.org
Link: https://sashiko.dev/#/patchset/20260319145218.86197-1-sj%40kernel.org
Link: https://lkml.kernel.org/r/20260319145218.86197-1-sj@kernel.org
Link: https://lore.kernel.org/20260319043309.97966-1-sj@kernel.org [1]
Fixes: 3301f18 ("mm/damon/sysfs: handle commit command using damon_call()")
Signed-off-by: SeongJae Park <sj@kernel.org>
Cc: <stable@vger.kernel.org> [6.15+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: SeongJae Park <sj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>1 parent 4d8d713 commit 1b247cd
2 files changed
Lines changed: 15 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
806 | 806 | | |
807 | 807 | | |
808 | 808 | | |
| 809 | + | |
| 810 | + | |
| 811 | + | |
| 812 | + | |
| 813 | + | |
| 814 | + | |
809 | 815 | | |
| 816 | + | |
810 | 817 | | |
811 | 818 | | |
812 | 819 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1241 | 1241 | | |
1242 | 1242 | | |
1243 | 1243 | | |
| 1244 | + | |
1244 | 1245 | | |
1245 | 1246 | | |
1246 | 1247 | | |
| |||
1266 | 1267 | | |
1267 | 1268 | | |
1268 | 1269 | | |
| 1270 | + | |
1269 | 1271 | | |
1270 | 1272 | | |
1271 | 1273 | | |
| |||
2610 | 2612 | | |
2611 | 2613 | | |
2612 | 2614 | | |
2613 | | - | |
2614 | 2615 | | |
2615 | 2616 | | |
2616 | 2617 | | |
| 2618 | + | |
| 2619 | + | |
2617 | 2620 | | |
2618 | 2621 | | |
2619 | 2622 | | |
| |||
2646 | 2649 | | |
2647 | 2650 | | |
2648 | 2651 | | |
| 2652 | + | |
| 2653 | + | |
2649 | 2654 | | |
2650 | 2655 | | |
2651 | 2656 | | |
| |||
2731 | 2736 | | |
2732 | 2737 | | |
2733 | 2738 | | |
| 2739 | + | |
| 2740 | + | |
2734 | 2741 | | |
2735 | 2742 | | |
2736 | 2743 | | |
| |||
0 commit comments