This is a note to let you know that I've just added the patch titled mm/damon: implement a function for max nr_accesses safe calculation to the 6.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: mm-damon-implement-a-function-for-max-nr_accesses-safe-calculation.patch and it can be found in the queue-6.6 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 35f5d94187a6a3a8df2cba54beccca1c2379edb8 Mon Sep 17 00:00:00 2001 From: SeongJae Park <sj@xxxxxxxxxx> Date: Thu, 19 Oct 2023 19:49:20 +0000 Subject: mm/damon: implement a function for max nr_accesses safe calculation From: SeongJae Park <sj@xxxxxxxxxx> commit 35f5d94187a6a3a8df2cba54beccca1c2379edb8 upstream. Patch series "avoid divide-by-zero due to max_nr_accesses overflow". The maximum nr_accesses of given DAMON context can be calculated by dividing the aggregation interval by the sampling interval. Some logics in DAMON uses the maximum nr_accesses as a divisor. Hence, the value shouldn't be zero. Such case is avoided since DAMON avoids setting the agregation interval as samller than the sampling interval. However, since nr_accesses is unsigned int while the intervals are unsigned long, the maximum nr_accesses could be zero while casting. Avoid the divide-by-zero by implementing a function that handles the corner case (first patch), and replaces the vulnerable direct max nr_accesses calculations (remaining patches). Note that the patches for the replacements are divided for broken commits, to make backporting on required tres easier. Especially, the last patch is for a patch that not yet merged into the mainline but in mm tree. This patch (of 4): The maximum nr_accesses of given DAMON context can be calculated by dividing the aggregation interval by the sampling interval. Some logics in DAMON uses the maximum nr_accesses as a divisor. Hence, the value shouldn't be zero. Such case is avoided since DAMON avoids setting the agregation interval as samller than the sampling interval. However, since nr_accesses is unsigned int while the intervals are unsigned long, the maximum nr_accesses could be zero while casting. Implement a function that handles the corner case. Note that this commit is not fixing the real issue since this is only introducing the safe function that will replaces the problematic divisions. The replacements will be made by followup commits, to make backporting on stable series easier. Link: https://lkml.kernel.org/r/20231019194924.100347-1-sj@xxxxxxxxxx Link: https://lkml.kernel.org/r/20231019194924.100347-2-sj@xxxxxxxxxx Fixes: 198f0f4c58b9 ("mm/damon/vaddr,paddr: support pageout prioritization") Signed-off-by: SeongJae Park <sj@xxxxxxxxxx> Reported-by: Jakub Acs <acsjakub@xxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> [5.16+] Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- include/linux/damon.h | 7 +++++++ 1 file changed, 7 insertions(+) --- a/include/linux/damon.h +++ b/include/linux/damon.h @@ -642,6 +642,13 @@ static inline bool damon_target_has_pid( return ctx->ops.id == DAMON_OPS_VADDR || ctx->ops.id == DAMON_OPS_FVADDR; } +static inline unsigned int damon_max_nr_accesses(const struct damon_attrs *attrs) +{ + /* {aggr,sample}_interval are unsigned long, hence could overflow */ + return min(attrs->aggr_interval / attrs->sample_interval, + (unsigned long)UINT_MAX); +} + int damon_start(struct damon_ctx **ctxs, int nr_ctxs, bool exclusive); int damon_stop(struct damon_ctx **ctxs, int nr_ctxs); Patches currently in stable-queue which might be from sj@xxxxxxxxxx are queue-6.6/mm-damon-implement-a-function-for-max-nr_accesses-safe-calculation.patch queue-6.6/mm-damon-ops-common-avoid-divide-by-zero-during-region-hotness-calculation.patch queue-6.6/mm-damon-sysfs-check-error-from-damon_sysfs_update_target.patch queue-6.6/mm-damon-lru_sort-avoid-divide-by-zero-in-hot-threshold-calculation.patch queue-6.6/mm-damon-core-avoid-divide-by-zero-during-monitoring-results-update.patch queue-6.6/mm-damon-sysfs-schemes-handle-tried-region-directory-allocation-failure.patch queue-6.6/mm-damon-sysfs-update-monitoring-target-regions-for-online-input-commit.patch queue-6.6/mm-damon-sysfs-schemes-handle-tried-regions-sysfs-directory-allocation-failure.patch queue-6.6/mm-damon-sysfs-remove-requested-targets-when-online-commit-inputs.patch queue-6.6/mm-damon-core.c-avoid-unintentional-filtering-out-of-schemes.patch