tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

mm/damon/sysfs: check contexts->nr in repeat_call_fn

damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(),
damon_sysfs_upd_schemes_stats(), and
damon_sysfs_upd_schemes_effective_quotas() without checking contexts->nr.
If nr_contexts is set to 0 via sysfs while DAMON is running, these
functions dereference contexts_arr[0] and cause a NULL pointer
dereference. Add the missing check.

For example, the issue can be reproduced using DAMON sysfs interface and
DAMON user-space tool (damo) [1] like below.

$ sudo damo start --refresh_interval 1s
$ echo 0 | sudo tee \
/sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts

Link: https://patch.msgid.link/20260320163559.178101-3-objecting@objecting.org
Link: https://lkml.kernel.org/r/20260321175427.86000-4-sj@kernel.org
Link: https://github.com/damonitor/damo [1]
Fixes: d809a7c64ba8 ("mm/damon/sysfs: implement refresh_ms file internal work")
Signed-off-by: Josh Law <objecting@objecting.org>
Reviewed-by: SeongJae Park <sj@kernel.org>
Signed-off-by: SeongJae Park <sj@kernel.org>
Cc: <stable@vger.kernel.org> [6.17+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Josh Law and committed by
Andrew Morton 6557004a 1bfe9fb5

+3
+3
mm/damon/sysfs.c
··· 1620 1620 1621 1621 if (!mutex_trylock(&damon_sysfs_lock)) 1622 1622 return 0; 1623 + if (sysfs_kdamond->contexts->nr != 1) 1624 + goto out; 1623 1625 damon_sysfs_upd_tuned_intervals(sysfs_kdamond); 1624 1626 damon_sysfs_upd_schemes_stats(sysfs_kdamond); 1625 1627 damon_sysfs_upd_schemes_effective_quotas(sysfs_kdamond); 1628 + out: 1626 1629 mutex_unlock(&damon_sysfs_lock); 1627 1630 return 0; 1628 1631 }