This is a note to let you know that I've just added the patch titled
mm/damon: implement a function for max nr_accesses safe calculation
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
mm-damon-implement-a-function-for-max-nr_accesses-safe-calculation.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 35f5d94187a6a3a8df2cba54beccca1c2379edb8 Mon Sep 17 00:00:00 2001
From: SeongJae Park <sj@xxxxxxxxxx>
Date: Thu, 19 Oct 2023 19:49:20 +0000
Subject: mm/damon: implement a function for max nr_accesses safe calculation
From: SeongJae Park <sj@xxxxxxxxxx>
commit 35f5d94187a6a3a8df2cba54beccca1c2379edb8 upstream.
Patch series "avoid divide-by-zero due to max_nr_accesses overflow".
The maximum nr_accesses of given DAMON context can be calculated by
dividing the aggregation interval by the sampling interval. Some logics
in DAMON uses the maximum nr_accesses as a divisor. Hence, the value
shouldn't be zero. Such case is avoided since DAMON avoids setting the
agregation interval as samller than the sampling interval. However, since
nr_accesses is unsigned int while the intervals are unsigned long, the
maximum nr_accesses could be zero while casting.
Avoid the divide-by-zero by implementing a function that handles the
corner case (first patch), and replaces the vulnerable direct max
nr_accesses calculations (remaining patches).
Note that the patches for the replacements are divided for broken commits,
to make backporting on required tres easier. Especially, the last patch
is for a patch that not yet merged into the mainline but in mm tree.
This patch (of 4):
The maximum nr_accesses of given DAMON context can be calculated by
dividing the aggregation interval by the sampling interval. Some logics
in DAMON uses the maximum nr_accesses as a divisor. Hence, the value
shouldn't be zero. Such case is avoided since DAMON avoids setting the
agregation interval as samller than the sampling interval. However, since
nr_accesses is unsigned int while the intervals are unsigned long, the
maximum nr_accesses could be zero while casting. Implement a function
that handles the corner case.
Note that this commit is not fixing the real issue since this is only
introducing the safe function that will replaces the problematic
divisions. The replacements will be made by followup commits, to make
backporting on stable series easier.
Link: https://lkml.kernel.org/r/20231019194924.100347-1-sj@xxxxxxxxxx
Link: https://lkml.kernel.org/r/20231019194924.100347-2-sj@xxxxxxxxxx
Fixes: 198f0f4c58b9 ("mm/damon/vaddr,paddr: support pageout prioritization")
Signed-off-by: SeongJae Park <sj@xxxxxxxxxx>
Reported-by: Jakub Acs <acsjakub@xxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> [5.16+]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
include/linux/damon.h | 7 +++++++
1 file changed, 7 insertions(+)
--- a/include/linux/damon.h
+++ b/include/linux/damon.h
@@ -642,6 +642,13 @@ static inline bool damon_target_has_pid(
return ctx->ops.id == DAMON_OPS_VADDR || ctx->ops.id == DAMON_OPS_FVADDR;
}
+static inline unsigned int damon_max_nr_accesses(const struct damon_attrs *attrs)
+{
+ /* {aggr,sample}_interval are unsigned long, hence could overflow */
+ return min(attrs->aggr_interval / attrs->sample_interval,
+ (unsigned long)UINT_MAX);
+}
+
int damon_start(struct damon_ctx **ctxs, int nr_ctxs, bool exclusive);
int damon_stop(struct damon_ctx **ctxs, int nr_ctxs);
Patches currently in stable-queue which might be from sj@xxxxxxxxxx are
queue-6.6/mm-damon-implement-a-function-for-max-nr_accesses-safe-calculation.patch
queue-6.6/mm-damon-ops-common-avoid-divide-by-zero-during-region-hotness-calculation.patch
queue-6.6/mm-damon-sysfs-check-error-from-damon_sysfs_update_target.patch
queue-6.6/mm-damon-lru_sort-avoid-divide-by-zero-in-hot-threshold-calculation.patch
queue-6.6/mm-damon-core-avoid-divide-by-zero-during-monitoring-results-update.patch
queue-6.6/mm-damon-sysfs-schemes-handle-tried-region-directory-allocation-failure.patch
queue-6.6/mm-damon-sysfs-update-monitoring-target-regions-for-online-input-commit.patch
queue-6.6/mm-damon-sysfs-schemes-handle-tried-regions-sysfs-directory-allocation-failure.patch
queue-6.6/mm-damon-sysfs-remove-requested-targets-when-online-commit-inputs.patch
queue-6.6/mm-damon-core.c-avoid-unintentional-filtering-out-of-schemes.patch
