damos_new_filter() is not initializing the list field of newly allocated
filter object. However, DAMON sysfs interface and DAMON_RECLAIM are not
initializing it after calling damos_new_filter(). As a result,
accessing uninitialized memory is possible. Actually, adding multiple
DAMOS filters via DAMON sysfs interface caused NULL pointer
dereferencing. Initialize the field just after the allocation from
damos_new_filter().
Fixes: 98def236f63c ("mm/damon/core: implement damos filter")
Cc: stable@xxxxxxxxxxxxxxx # 6.3.x-
Signed-off-by: SeongJae Park <sj@xxxxxxxxxx>
---
mm/damon/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/damon/core.c b/mm/damon/core.c
index 91cff7f2997e..eb9580942a5c 100644
--- a/mm/damon/core.c
+++ b/mm/damon/core.c
@@ -273,6 +273,7 @@ struct damos_filter *damos_new_filter(enum damos_filter_type type,
return NULL;
filter->type = type;
filter->matching = matching;
+ INIT_LIST_HEAD(&filter->list);
return filter;
}
--
2.25.1
