From nobody Mon Apr 6 10:31:31 2026 Received: from sender-of-o55.zoho.eu (sender-of-o55.zoho.eu [136.143.169.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77A8D3EAC87 for ; Thu, 19 Mar 2026 15:58:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.169.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773935883; cv=pass; b=aPNSJaXDLvUD6E/CzOIgswI3eSRkrxmLARpyoeO8jcnogvv0NIZPahuNP43po/0YdTQgsdalLs7Pz6r9R1jZ9UpXJb8V8BDCu3zQh27cWcUyUF6x8P1YW6pYkW96YnrFGfrCxJU9SVe4RT8dMdkkoxryav+Xap0B4LCZ/8w7yjM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773935883; c=relaxed/simple; bh=xRmcDZvQqgD5v1yHwnP54SSUG7hojGDE1sN5Iyg9fy4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=N8k6upSHBB769yMAg6NBGVFx30LhmutACLoonyzuWnzyW6zO8+y326cueeuEl1X7frD5QPKqB1xX4LUlB+EXwuku5r19hMopn/JwIgBQHBDn6SEZOZt6g0mIdQZORnBJyIVTnU+M3NPC5G7GMDKd8ZTOBDnCtink5Y7oUS5bcS0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org; spf=pass smtp.mailfrom=objecting.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b=JVCDBSfA; arc=pass smtp.client-ip=136.143.169.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=objecting.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b="JVCDBSfA" ARC-Seal: i=1; a=rsa-sha256; t=1773935866; cv=none; d=zohomail.eu; s=zohoarc; b=GRatP3d9VlCUG70BsMCn+vXrEYY6ePXsuhRMhOrtaHeJIxDIlpbqqpV0uEeToDuih4Z/C2Eposf22r0wYxK1QAwO7fT5m6FFh8gETb10RzqRlx//aUszSy+VCgu7jUfc17GjK5x3hRTQPNC04Z0gAr+BSUe5pWw8EIdVqHRKDm0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1773935866; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=v5AmYxxKHBGd/h651de89e6e2kJ78xirvBMwkGyS3mk=; b=HLXvfFaBe1yN5XE8N/YilHHHLadNleS6Uyg7HhD3F6XuN6C5QdDu7g+wQvI2lTHsu/3V7NY92+6CDJFYDuzNkCuYQcTdXuoPp8syzgUzQSAx1X98o6hcvfXP3/nAjtBbN3BD8Qu11EasO+hIxexkIqfCVxhIX/nNevmi2E4VguI= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=objecting.org; spf=pass smtp.mailfrom=objecting@objecting.org; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1773935866; s=zmail; d=objecting.org; i=objecting@objecting.org; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=v5AmYxxKHBGd/h651de89e6e2kJ78xirvBMwkGyS3mk=; b=JVCDBSfAiVHrSuC+3mrtKDb3s9WsLv/TB2XPrVOzeSSN3bIjQNnhGKx5KA8DEjE9 MVazrdud5+ssU3Zsg9+mL8v/DxLSY/f0/X5BOfijQpY77Z0fG1V/ZrPr/F5Mgy/QgiH sASkwAYOBZ5TfTuBGSjxvLw+et6CioUMv4f3IV9Y= Received: by mx.zoho.eu with SMTPS id 1773935864833351.06425221152233; Thu, 19 Mar 2026 16:57:44 +0100 (CET) From: Josh Law To: sj@kernel.org, akpm@linux-foundation.org Cc: damon@lists.linux.dev, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Josh Law Subject: [PATCH 1/4] mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure Date: Thu, 19 Mar 2026 15:57:39 +0000 Message-Id: <20260319155742.186627-2-objecting@objecting.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260319155742.186627-1-objecting@objecting.org> References: <20260319155742.186627-1-objecting@objecting.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External Content-Type: text/plain; charset="utf-8" When damon_sysfs_new_test_ctx() fails in damon_sysfs_commit_input(), param_ctx is leaked because the early return skips the cleanup at the out label. Destroy param_ctx before returning. Signed-off-by: Josh Law Reviewed-by: SeongJae Park --- mm/damon/sysfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mm/damon/sysfs.c b/mm/damon/sysfs.c index 576d1ddd736b..b573b9d60784 100644 --- a/mm/damon/sysfs.c +++ b/mm/damon/sysfs.c @@ -1524,8 +1524,10 @@ static int damon_sysfs_commit_input(void *data) if (IS_ERR(param_ctx)) return PTR_ERR(param_ctx); test_ctx =3D damon_sysfs_new_test_ctx(kdamond->damon_ctx); - if (!test_ctx) + if (!test_ctx) { + damon_destroy_ctx(param_ctx); return -ENOMEM; + } err =3D damon_commit_ctx(test_ctx, param_ctx); if (err) goto out; --=20 2.34.1 From nobody Mon Apr 6 10:31:31 2026 Received: from sender-of-o55.zoho.eu (sender-of-o55.zoho.eu [136.143.169.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98D873F0AB3 for ; Thu, 19 Mar 2026 15:58:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.169.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773935886; cv=pass; b=ow35s9CNbyU42DaYW6AIKd5OBtWofpCB8RrJhiLtwUQ3GiB6NQKeYXM3qBiIXCT0/9myMBHwcLdouDPKIQR7ArTCyk0Lt0MH093h9sJ3mHL9K+Z9DK7v1MvWQiBGDB4jg/csIGZn/dBU8bAzqOHiAufcW8qJMbyWFaCD/HF7eEg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773935886; c=relaxed/simple; bh=JwbG40T0+NjSJqHxSwdAXN46+ePaQd8chNYzGTyPLxM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AWyLPOKMzprg1eG2xTOa4al3HO8VhKhV+FQ+FLRU/dfi53oywxAfG3gzdaS2v7RqBnmH4wSQoSMHd78PTyHluAbu6WPND2wh+OlvCTukYiHaQzz1V7cpt7bia0e2RpgJ/X8EGW0pK7NeiH5jJRscGe9Sh5begvzVWk5+fKEsrFo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org; spf=pass smtp.mailfrom=objecting.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b=W5gcWnu/; arc=pass smtp.client-ip=136.143.169.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=objecting.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b="W5gcWnu/" ARC-Seal: i=1; a=rsa-sha256; t=1773935868; cv=none; d=zohomail.eu; s=zohoarc; b=c+tKqOHY9UPTynVSBbutAl+9RnHzVGguG2Um28Y7dXBKuOWFS1y7jnvi/52w0+QfEFHdrddMrknOOSKHCqwIPHWZ8rbXdPIpMDbWxrAfmjz/KCSue4h2kGYKHBIR7Hk4/IMRjluq4REqhbGoKI5bFDblcOHUpg00ic5bwaNZzKY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1773935868; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=IqBZZsdChXPych6lUYI4fPOHNYXnLYcU1he98Py/HTM=; b=KguRJssY07DB9GtFnwQrBywG8WzY9Lmd0r4H5hR8QwsvyKAPEdOHNw2SOGaAC3HIgANTnmR8ZgK6od0S4UJm8Ss/ezcAimhUnaYlcsIguxpzIa07UGBQVS9lRUla70oo6WCIrOYprQw4vRigydSfUFfc6rWlaI5QiB6XsYBLxjo= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=objecting.org; spf=pass smtp.mailfrom=objecting@objecting.org; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1773935868; s=zmail; d=objecting.org; i=objecting@objecting.org; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=IqBZZsdChXPych6lUYI4fPOHNYXnLYcU1he98Py/HTM=; b=W5gcWnu/w4EL90obqxJ2PnFbcQYOeauhiDKhqN1sO6UBQ5uZBb1ofNh0Wz5t1uOf h+AJCppag9NSvtLfHBWi3q/8E2SsGvP0NypykQuMnJYa/zBqOxy1b+v5dR76b1wBvVI eWIE3hzRkPLnt9EtTICS2CbkErWJ80esNjmkU4YY= Received: by mx.zoho.eu with SMTPS id 1773935865417260.7882034743719; Thu, 19 Mar 2026 16:57:45 +0100 (CET) From: Josh Law To: sj@kernel.org, akpm@linux-foundation.org Cc: damon@lists.linux.dev, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Josh Law Subject: [PATCH 2/4] mm/damon/sysfs: check contexts->nr before clear_schemes_tried_regions Date: Thu, 19 Mar 2026 15:57:40 +0000 Message-Id: <20260319155742.186627-3-objecting@objecting.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260319155742.186627-1-objecting@objecting.org> References: <20260319155742.186627-1-objecting@objecting.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External Content-Type: text/plain; charset="utf-8" The CLEAR_SCHEMES_TRIED_REGIONS command accesses contexts_arr[0] without verifying nr_contexts >=3D 1, causing a NULL pointer dereference when no context is configured. Add the missing check. Signed-off-by: Josh Law --- mm/damon/sysfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/damon/sysfs.c b/mm/damon/sysfs.c index b573b9d60784..36ad2e8956c9 100644 --- a/mm/damon/sysfs.c +++ b/mm/damon/sysfs.c @@ -1769,6 +1769,8 @@ static int damon_sysfs_handle_cmd(enum damon_sysfs_cm= d cmd, case DAMON_SYSFS_CMD_UPDATE_SCHEMES_TRIED_REGIONS: return damon_sysfs_update_schemes_tried_regions(kdamond, false); case DAMON_SYSFS_CMD_CLEAR_SCHEMES_TRIED_REGIONS: + if (kdamond->contexts->nr !=3D 1) + return -EINVAL; return damon_sysfs_schemes_clear_regions( kdamond->contexts->contexts_arr[0]->schemes); case DAMON_SYSFS_CMD_UPDATE_SCHEMES_EFFECTIVE_QUOTAS: --=20 2.34.1 From nobody Mon Apr 6 10:31:31 2026 Received: from sender-of-o55.zoho.eu (sender-of-o55.zoho.eu [136.143.169.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77B283EBF16 for ; Thu, 19 Mar 2026 15:58:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.169.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773935883; cv=pass; b=ZZnXuYGPMTnVWCtwO/B2DayqnjnwOV7gZjRW4zjcImK/2D1PTH/4qK0pma5X4FvvPKNOtgoZ2ktJAgWBdXjkZ2tI9QMRCRqNtkjFIYV75MzmYQoTeT//PHtKA0epylduu3tXEPtoI1u4pQGfzkQOzv2fNDiYxlQoBPLyN5hErtw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773935883; c=relaxed/simple; bh=47Ps4uc1aNE8vYAe60YuDpBgoZTPi8UZ64vuMeXP3YU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lgum7Y9pJF4GqvZT+TlLvd4rHmDmjw1dZzh5fnu8Iql4injA66GE9g9bzn0MvVhTAqTD0B6JRGzLdT3HfTPXpTqG2/r8llUQLmfdaL1SuQ1xN1ecn/USE4q7MqdyoRbqix6rRQXFg5Db5TlO3p1EoNM93p/aERuDseVfVGyFVGM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org; spf=pass smtp.mailfrom=objecting.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b=jziCpude; arc=pass smtp.client-ip=136.143.169.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=objecting.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b="jziCpude" ARC-Seal: i=1; a=rsa-sha256; t=1773935866; cv=none; d=zohomail.eu; s=zohoarc; b=cZWR/Rkxj1mC+DXgVZG57Be1vldOsmajFeB0+WgVBbAWDLVaEyJUWS0DssGHHobkV9JlaC9yQZMWmCEKGNcWNvSH8xbtdsIZ7kOi7oXEBQMtvJcKYTydh6nr25mQUNGwzAaw7+/uYT94NMGQO08X/kepJtyDARH+8uqjjPlHVKo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1773935866; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=VCdnk7LCAdQl2Oinq44p2WouG2Ln6vJSbhR4GoqiOIc=; b=FpY9eFVneWtMNhwTt6wg/IjSOUw9LAVw7w2LP5frop0WtrtvhVW1APRu6QcLEZNZgFB60nQvfGy6qEG1M7ReqtYcbkupjKnT23hvijoWc8TdMK9eXx7a+rxiO7glkQYICGGFnaS5j31doVRRzGK2ctk/QgqwujH96ahDPH0YSU8= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=objecting.org; spf=pass smtp.mailfrom=objecting@objecting.org; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1773935866; s=zmail; d=objecting.org; i=objecting@objecting.org; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=VCdnk7LCAdQl2Oinq44p2WouG2Ln6vJSbhR4GoqiOIc=; b=jziCpudeDNVDmPyr3561UEvWdaVDVwTSd95V9uGmdiN1TUKpqm+em7I5nGHSKs3g fF40Zk/ylVrPhxFQ6vJwZzd8A7iuGK/uT0TCMvDULjT98mBA39e8wG7ZfidoAJonY3d aDy0amaHOZSDFGU9bCZ+zWvyKBW3o8zILKvv1ORE= Received: by mx.zoho.eu with SMTPS id 1773935865996405.19165630086957; Thu, 19 Mar 2026 16:57:45 +0100 (CET) From: Josh Law To: sj@kernel.org, akpm@linux-foundation.org Cc: damon@lists.linux.dev, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Josh Law Subject: [PATCH 3/4] mm/damon/sysfs: check contexts->nr in update_schemes_tried_regions Date: Thu, 19 Mar 2026 15:57:41 +0000 Message-Id: <20260319155742.186627-4-objecting@objecting.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260319155742.186627-1-objecting@objecting.org> References: <20260319155742.186627-1-objecting@objecting.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External Content-Type: text/plain; charset="utf-8" damon_sysfs_update_schemes_tried_regions() and its callback damon_sysfs_schemes_tried_regions_upd_one() access contexts_arr[0] without verifying nr_contexts >=3D 1. This can NULL deref if damon_ctx is non-NULL (preserved after stop) but nr_contexts has been set to 0. Add the missing check. Signed-off-by: Josh Law --- mm/damon/sysfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/damon/sysfs.c b/mm/damon/sysfs.c index 36ad2e8956c9..ddcdc4e35b27 100644 --- a/mm/damon/sysfs.c +++ b/mm/damon/sysfs.c @@ -1731,6 +1731,8 @@ static int damon_sysfs_update_schemes_tried_regions( =20 if (!ctx) return -EINVAL; + if (sysfs_kdamond->contexts->nr !=3D 1) + return -EINVAL; =20 damon_sysfs_schemes_clear_regions( sysfs_kdamond->contexts->contexts_arr[0]->schemes); --=20 2.34.1 From nobody Mon Apr 6 10:31:31 2026 Received: from sender-of-o55.zoho.eu (sender-of-o55.zoho.eu [136.143.169.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB0D33E9582 for ; Thu, 19 Mar 2026 15:58:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.169.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773935884; cv=pass; b=mYdUYtb6wBLBl2N7kJCLLyMSrmky0pwC0Kr2EzdN6RsYG9brOKbEaG2nnSHTdbGExeVvpF9OBcafWkXUVfhfmmt/BJtoxMOOpOt90F0QIhXMYaBhs1dAmmW6BvL6Kmuz5bqQzt2DVS5XEmajn1tFDOEA3qR/u6ta14tUiqz9g7I= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773935884; c=relaxed/simple; bh=HNOP+AY8Je/ylVxnYb9OPN9PISdxkUDu1/hSxGJc1L8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Ga0MBBBtIee6Ue2mFLHdCPi8yrl4986dO6nwTinjAoMlv0C5zdsqWp9g/bcD5EjhUMHraCHlnA6n2bbFLYx28wvF6i+eAzwnNTuFbcdis3SGSwfk0VNmXi8S9nWBtI9Y+D+WG6iqorVgaoxMBLKwBowoCKiOjC7r5ywL3MR+KxU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org; spf=pass smtp.mailfrom=objecting.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b=J0IrkYMM; arc=pass smtp.client-ip=136.143.169.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=objecting.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b="J0IrkYMM" ARC-Seal: i=1; a=rsa-sha256; t=1773935868; cv=none; d=zohomail.eu; s=zohoarc; b=CI9a1WdQDHNBO5LmDiXZ+zHg1T9l5jwDZAg9PiwfQxq60i/JHTriM5qT08U8oPIcxQD26D8OssOazDGQh8+5JiLTVu1Tyx6aEdtVVYlEJA+ja2bMOz6vlOKOzKYXwsDeJBi8e0oOlw6MT4bbE90irrgA3wW9+b1t0KMkGuLg/Ao= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1773935868; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=yqwjs8HCz1qaJbZTaGQP4LkV0ZgUX/+x9dm2bkSNu3k=; b=WWwwFzjHBE33VKmmHAu1r8RiQU+XbxBxfobcBz34crIsg3KHmQGau1yDNyvcWPI6xTvJkBwPqKmN2rdJy9RW6ZfGhVFS0x0hRkxws3Z+gu2ypOzg66auQRUXUrI8nGmWqgNYTHTApj5kNEVrzXxnlgM4CSQm4KWC2OdL+kCeOaY= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=objecting.org; spf=pass smtp.mailfrom=objecting@objecting.org; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1773935868; s=zmail; d=objecting.org; i=objecting@objecting.org; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=yqwjs8HCz1qaJbZTaGQP4LkV0ZgUX/+x9dm2bkSNu3k=; b=J0IrkYMMDk78IqYe33PNM3IEF1/Ei8kjFJj8ruD+Q6IEByNziVn+7nB6vKUwWBjS 4ZJV6b9ItM3eFui+GVQDebf0Ry0MLpXpJM2PH1tR5sLIPfGP0DWtQ9kCYAU8xftu9BF u5FQxWjWJvZ8nSD7wt6LmItfc6hVnTBIzdV9eh/Y= Received: by mx.zoho.eu with SMTPS id 1773935866558314.7705252149991; Thu, 19 Mar 2026 16:57:46 +0100 (CET) From: Josh Law To: sj@kernel.org, akpm@linux-foundation.org Cc: damon@lists.linux.dev, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Josh Law Subject: [PATCH 4/4] mm/damon/sysfs: check contexts->nr in repeat_call_fn Date: Thu, 19 Mar 2026 15:57:42 +0000 Message-Id: <20260319155742.186627-5-objecting@objecting.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260319155742.186627-1-objecting@objecting.org> References: <20260319155742.186627-1-objecting@objecting.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External Content-Type: text/plain; charset="utf-8" damon_sysfs_repeat_call_fn() accesses contexts_arr[0] in upd_tuned_intervals, upd_schemes_stats, and upd_schemes_effective_quotas without checking nr_contexts. A user can set nr_contexts to 0 via sysfs while DAMON is running, causing a NULL pointer dereference in the repeat callback. Add a guard under the lock. Signed-off-by: Josh Law Reviewed-by: SeongJae Park --- mm/damon/sysfs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/damon/sysfs.c b/mm/damon/sysfs.c index ddcdc4e35b27..d982f2dc7a2b 100644 --- a/mm/damon/sysfs.c +++ b/mm/damon/sysfs.c @@ -1620,9 +1620,12 @@ static int damon_sysfs_repeat_call_fn(void *data) =20 if (!mutex_trylock(&damon_sysfs_lock)) return 0; + if (sysfs_kdamond->contexts->nr !=3D 1) + goto out; damon_sysfs_upd_tuned_intervals(sysfs_kdamond); damon_sysfs_upd_schemes_stats(sysfs_kdamond); damon_sysfs_upd_schemes_effective_quotas(sysfs_kdamond); +out: mutex_unlock(&damon_sysfs_lock); return 0; } --=20 2.34.1