[PATCH 4/4] mm/damon/sysfs: check contexts->nr in repeat_call_fn

Next message: John Madieu: "[PATCH 21/22] arm64: dts: renesas: rzg3e-smarc-som: add audio pinmux definitions"
Previous message: Stefano Radaelli: "Re: [PATCH v3 03/11] arm64: dts: freescale: imx8mm-var-som: Update FEC support with MaxLinear PHY"
In reply to: SeongJae Park: "Re: [PATCH 3/4] mm/damon/sysfs: check contexts-&gt;nr in update_schemes_tried_regions"
Next in thread: SeongJae Park: "Re: [PATCH 4/4] mm/damon/sysfs: check contexts-&gt;nr in repeat_call_fn"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Josh Law

Date: Thu Mar 19 2026 - 12:09:50 EST

damon_sysfs_repeat_call_fn() accesses contexts_arr[0] in
upd_tuned_intervals, upd_schemes_stats, and upd_schemes_effective_quotas
without checking nr_contexts. A user can set nr_contexts to 0 via sysfs
while DAMON is running, causing a NULL pointer dereference in the
repeat callback. Add a guard under the lock.

Signed-off-by: Josh Law <objecting@xxxxxxxxxxxxx>
---
mm/damon/sysfs.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/mm/damon/sysfs.c b/mm/damon/sysfs.c
index ddcdc4e35b27..d982f2dc7a2b 100644
--- a/mm/damon/sysfs.c
+++ b/mm/damon/sysfs.c
@@ -1620,9 +1620,12 @@ static int damon_sysfs_repeat_call_fn(void *data)

if (!mutex_trylock(&damon_sysfs_lock))
return 0;
+ if (sysfs_kdamond->contexts->nr != 1)
+ goto out;
damon_sysfs_upd_tuned_intervals(sysfs_kdamond);
damon_sysfs_upd_schemes_stats(sysfs_kdamond);
damon_sysfs_upd_schemes_effective_quotas(sysfs_kdamond);
+out:
mutex_unlock(&damon_sysfs_lock);
return 0;
}
--
2.34.1