1. Patchew
  2. linux
  3. View series

[PATCH] mm/cma_sysfs: Skip inactive CMA areas in sysfs

Kaitao Cheng posted 1 patch 2 days, 4 hours ago
There is a newer version of this series
mm/cma_sysfs.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
[PATCH] mm/cma_sysfs: Skip inactive CMA areas in sysfs
Posted by Kaitao Cheng 2 days, 4 hours ago 
From: Kaitao Cheng <chengkaitao@kylinos.cn>

cma_activate_area() can fail after a CMA area has already been added to
cma_areas[].  In that case the area is left in the global array, but it
does not reach the point where CMA_ACTIVATED is set.

cma_sysfs_init() currently walks all cma_area_count entries and creates
sysfs files for every area, including ones that failed activation.  These
areas are not usable CMA areas and should not be exposed to userspace as
valid CMA regions.

Skip CMA areas that did not reach CMA_ACTIVATED when creating the sysfs
objects.  Since inactive entries can now be skipped, make the error
unwind tolerate entries that never had cma_kobj initialized.

Fixes: 43ca106fa8ec ("mm: cma: support sysfs")
Reported-by: David Hildenbrand (Arm) <david@kernel.org>
Reported-by: Muchun Song <songmuchun@bytedance.com>
Closes: https://lore.kernel.org/linux-mm/55481a8b-dcfc-4bef-ba59-aa0b43dca88b@kernel.org/
Signed-off-by: Kaitao Cheng <chengkaitao@kylinos.cn>
---
 mm/cma_sysfs.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/mm/cma_sysfs.c b/mm/cma_sysfs.c
index f52b696bc46d..d5bf792c6245 100644
--- a/mm/cma_sysfs.c
+++ b/mm/cma_sysfs.c
@@ -117,13 +117,16 @@ static int __init cma_sysfs_init(void)
 		return -ENOMEM;
 
 	for (i = 0; i < cma_area_count; i++) {
+		cma = &cma_areas[i];
+		if (!test_bit(CMA_ACTIVATED, &cma->flags))
+			continue;
+
 		cma_kobj = kzalloc_obj(*cma_kobj);
 		if (!cma_kobj) {
 			err = -ENOMEM;
 			goto out;
 		}
 
-		cma = &cma_areas[i];
 		cma->cma_kobj = cma_kobj;
 		cma_kobj->cma = cma;
 		err = kobject_init_and_add(&cma_kobj->kobj, &cma_ktype,
@@ -138,7 +141,8 @@ static int __init cma_sysfs_init(void)
 out:
 	while (--i >= 0) {
 		cma = &cma_areas[i];
-		kobject_put(&cma->cma_kobj->kobj);
+		if (cma->cma_kobj)
+			kobject_put(&cma->cma_kobj->kobj);
 	}
 	kobject_put(cma_kobj_root);
 
-- 
2.50.1 (Apple Git-155)
Re: [PATCH] mm/cma_sysfs: Skip inactive CMA areas in sysfs
Posted by Muchun Song 2 days, 4 hours ago 
On Fri, May 22, 2026 at 9:15 PM Kaitao Cheng <kaitao.cheng@linux.dev> wrote:
>
> From: Kaitao Cheng <chengkaitao@kylinos.cn>
>
> cma_activate_area() can fail after a CMA area has already been added to
> cma_areas[].  In that case the area is left in the global array, but it
> does not reach the point where CMA_ACTIVATED is set.
>
> cma_sysfs_init() currently walks all cma_area_count entries and creates
> sysfs files for every area, including ones that failed activation.  These
> areas are not usable CMA areas and should not be exposed to userspace as
> valid CMA regions.
>
> Skip CMA areas that did not reach CMA_ACTIVATED when creating the sysfs
> objects.  Since inactive entries can now be skipped, make the error
> unwind tolerate entries that never had cma_kobj initialized.
>
> Fixes: 43ca106fa8ec ("mm: cma: support sysfs")

Actually, this is not a fix since there is no serious issue when accessing those
sysfs files. I think it is an improvement.

> Reported-by: David Hildenbrand (Arm) <david@kernel.org>
> Reported-by: Muchun Song <songmuchun@bytedance.com>
> Closes: https://lore.kernel.org/linux-mm/55481a8b-dcfc-4bef-ba59-aa0b43dca88b@kernel.org/
> Signed-off-by: Kaitao Cheng <chengkaitao@kylinos.cn>

Acked-by: Muchun Song <muchun.song@linux.dev>

Thanks.
Re: [PATCH] mm/cma_sysfs: Skip inactive CMA areas in sysfs
Posted by Andrew Morton 1 day, 14 hours ago 
On Fri, 22 May 2026 21:26:59 +0800 Muchun Song <songmuchun@bytedance.com> wrote:

> On Fri, May 22, 2026 at 9:15 PM Kaitao Cheng <kaitao.cheng@linux.dev> wrote:
> >
> > From: Kaitao Cheng <chengkaitao@kylinos.cn>
> >
> > cma_activate_area() can fail after a CMA area has already been added to
> > cma_areas[].  In that case the area is left in the global array, but it
> > does not reach the point where CMA_ACTIVATED is set.
> >
> > cma_sysfs_init() currently walks all cma_area_count entries and creates
> > sysfs files for every area, including ones that failed activation.  These
> > areas are not usable CMA areas and should not be exposed to userspace as
> > valid CMA regions.
> >
> > Skip CMA areas that did not reach CMA_ACTIVATED when creating the sysfs
> > objects.  Since inactive entries can now be skipped, make the error
> > unwind tolerate entries that never had cma_kobj initialized.
> >
> > Fixes: 43ca106fa8ec ("mm: cma: support sysfs")
> 
> Actually, this is not a fix since there is no serious issue when accessing those
> sysfs files. I think it is an improvement.

I find it hard to say because the changelog doesn't have a clear
description of the userspace-visible impact of the bug.

> > Reported-by: David Hildenbrand (Arm) <david@kernel.org>
> > Reported-by: Muchun Song <songmuchun@bytedance.com>
> > Closes: https://lore.kernel.org/linux-mm/55481a8b-dcfc-4bef-ba59-aa0b43dca88b@kernel.org/

That says "Reading the bitmap file can make debugfs walk a freed range
bitmap and trigger an invalid memory access".   Maybe it oopses?

So Kaitao, can you please send us a clear and complete description of
how this bug affects downstream users?
Re: Re: [PATCH] mm/cma_sysfs: Skip inactive CMA areas in sysfs
Posted by Muchun Song 1 day, 11 hours ago 
On Sat, May 23, 2026 at 10:49 AM Andrew Morton
<akpm@linux-foundation.org> wrote:
>
> On Fri, 22 May 2026 21:26:59 +0800 Muchun Song <songmuchun@bytedance.com> wrote:
>
> > On Fri, May 22, 2026 at 9:15 PM Kaitao Cheng <kaitao.cheng@linux.dev> wrote:
> > >
> > > From: Kaitao Cheng <chengkaitao@kylinos.cn>
> > >
> > > cma_activate_area() can fail after a CMA area has already been added to
> > > cma_areas[].  In that case the area is left in the global array, but it
> > > does not reach the point where CMA_ACTIVATED is set.
> > >
> > > cma_sysfs_init() currently walks all cma_area_count entries and creates
> > > sysfs files for every area, including ones that failed activation.  These
> > > areas are not usable CMA areas and should not be exposed to userspace as
> > > valid CMA regions.
> > >
> > > Skip CMA areas that did not reach CMA_ACTIVATED when creating the sysfs
> > > objects.  Since inactive entries can now be skipped, make the error
> > > unwind tolerate entries that never had cma_kobj initialized.
> > >
> > > Fixes: 43ca106fa8ec ("mm: cma: support sysfs")
> >
> > Actually, this is not a fix since there is no serious issue when accessing those
> > sysfs files. I think it is an improvement.
>
> I find it hard to say because the changelog doesn't have a clear
> description of the userspace-visible impact of the bug.
>
> > > Reported-by: David Hildenbrand (Arm) <david@kernel.org>
> > > Reported-by: Muchun Song <songmuchun@bytedance.com>
> > > Closes: https://lore.kernel.org/linux-mm/55481a8b-dcfc-4bef-ba59-aa0b43dca88b@kernel.org/
>
> That says "Reading the bitmap file can make debugfs walk a freed range
> bitmap and trigger an invalid memory access".   Maybe it oopses?

I think the Closes tag should not be added here since the commit in
the link actually fixes
a bug when accessing debugfs files. But this commit tried to hide
inactive CMA from sysfs
files. It is a suggestion from David in the linked commit.

>
> So Kaitao, can you please send us a clear and complete description of
> how this bug affects downstream users?

It will be clearer if Kaitao could resend a new version with a clear
commit message.

Muchun,
Thanks.

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.