Re: (sashiko review) [RFC PATCH v5 02/11] mm/damon/core: merge quota-sliced regions back

[SeongJae Park]

TL; DR: sashiko found an issue.  I will address that in the next revision.

Forwarding sashiko review in a reply format with my inline
comments below, for details of my view and doing discussions
via mails if needed.

> # review url: https://sashiko.dev/#/patchset/20260410142034.83798-3-sj@xxxxxxxxxx
> # start of sashiko.dev inline review
> commit ae9f581463db42127fa24541161baf201709d5f9
> Author: SeongJae Park <sj@xxxxxxxxxx>
> 
> mm/damon/core: merge quota-sliced regions back
> 
> This commit merges quota-sliced regions back together to reduce overhead.
> It avoids merging regions if their age is non-zero, meaning no scheme
> action was applied to them.
> 
> > diff --git a/mm/damon/core.c b/mm/damon/core.c
> > index 8dbc365bb8e97..97b375c720251 100644
> > --- a/mm/damon/core.c
> > +++ b/mm/damon/core.c
> 
> [ ... ]
> 
> > +static void damos_apply_target(struct damon_ctx *c, struct damon_target *t)
> > +{
> > +	struct damon_region *r, *orig_region = NULL;
> > +	unsigned long orig_end_addr;
> > +
> > +	damon_for_each_region(r, t) {
> > +		/*
> > +		 * damon_do_apply_schemes() could split the region for the
> > +		 * quota.  Keeping the new slices is an overhead.  Merge back
> > +		 * the slices into the original region if there is no reason to
> > +		 * keep those.
> > +		 */
> > +		if (!orig_region || orig_end_addr <= r->ar.start) {
> > +			orig_region = r;
> > +			orig_end_addr = r->ar.end;
> > +		}
> > +		damon_do_apply_schemes(c, t, r);
> > +		if (r == orig_region)
> > +			continue;
> > +		/*
> > +		 * If no scheme was applied to the sliced region, the age of
> > +		 * the slice ain't be reset.  Don't merge that back.
> > +		 * Otherwise, the monitored information of the region is lost.
> > +		 */
> > +		if (r->age) {
> > +			orig_region = NULL;
> > +			continue;
> > +		}
> > +		orig_region->ar.end = r->ar.end;
> > +		damon_destroy_region(r, t);
> > +		r = orig_region;
> > +	}
> > +}
> 
> Does this logic safely handle cases where orig_region and r have differing
> ages?
> 
> If a scheme applies to slice r (resetting r->age to 0), but was skipped
> for orig_region (leaving orig_region->age > 0), the check if (r->age)
> will be false. The slice r will then be merged into orig_region, and
> the reset age of r will be lost because it structurally inherits the
> non-zero age of orig_region.
> 
> Could this cause age-based rate-limiting to be bypassed, allowing schemes
> to erroneously apply to the same memory regions repeatedly in subsequent
> intervals?
> 
> Additionally, if both orig_region and r have the same non-zero age
> (e.g., both were skipped), if (r->age) evaluates to true, setting
> orig_region = NULL and skipping the merge entirely.
> 
> Should the merge condition verify that the contiguous slices share identical
> state before merging, perhaps by checking if (orig_region->age != r->age)?

Good finding.  I was thinking the scheme will anyway be applied, once the
quota-split is happened.  But I was wrong, since DAMOS core filter is applied
after the split operation.  Also, age is not reset if the action is DAMOS_STAT.

I will address this in the next revision, like below.

'''
--- a/mm/damon/core.c
+++ b/mm/damon/core.c
@@ -2439,35 +2439,32 @@ static void damon_do_apply_schemes(struct damon_ctx *c,

 static void damos_apply_target(struct damon_ctx *c, struct damon_target *t)
 {
-       struct damon_region *r, *orig_region = NULL;
-       unsigned long orig_end_addr;
+       struct damon_region *r;

        damon_for_each_region(r, t) {
+               struct damon_region *prev_r;
+
+               damon_do_apply_schemes(c, t, r);
                /*
-                * damon_do_apply_schemes() could split the region for the
+                * damon_do_apply_scheems() could split the region for the
                 * quota.  Keeping the new slices is an overhead.  Merge back
-                * the slices into the original region if there is no reason to
-                * keep those.
+                * the slices into the previous region if it doesn't lose any
+                * information.
                 */
-               if (!orig_region || orig_end_addr <= r->ar.start) {
-                       orig_region = r;
-                       orig_end_addr = r->ar.end;
-               }
-               damon_do_apply_schemes(c, t, r);
-               if (r == orig_region)
+               if (damon_first_region(t) == r)
                        continue;
-               /*
-                * If no scheme was applied to the sliced region, the age of
-                * the slice ain't be reset.  Don't merge that back.
-                * Otherwise, the monitored information of the region is lost.
-                */
-               if (r->age) {
-                       orig_region = NULL;
+               prev_r = damon_prev_region(r);
+               if (prev_r->ar.end != r->ar.start)
                        continue;
-               }
-               orig_region->ar.end = r->ar.end;
+               if (prev_r->age != r->age)
+                       continue;
+               if (prev_r->last_nr_accesses != r->last_nr_accesses)
+                       continue;
+               if (prev_r->nr_accesses != r->nr_accesses)
+                       continue;
+               prev_r->ar.end = r->ar.end;
                damon_destroy_region(r, t);
-               r = orig_region;
+               r = prev_r;
        }
 }
'''

> 
> 
> # end of sashiko.dev inline review
> # review url: https://sashiko.dev/#/patchset/20260410142034.83798-3-sj@xxxxxxxxxx


Thanks,
SJ

# hkml [1] generated a draft of this mail.  You can regenerate
# this using below command:
#
#     hkml patch sashiko_dev --for_forwarding \
#             20260410142034.83798-3-sj@xxxxxxxxxx
#
# [1] https://github.com/sjp38/hackermail