Re: [PATCH] mm/cma_debug: fix invalid accesses for inactive CMA areas

[Muchun Song]

> On May 20, 2026, at 15:27, Oscar Salvador (SUSE) <osalvador@xxxxxxxxxx> wrote:
> 
> On Wed, May 20, 2026 at 02:10:25PM +0800, Muchun Song wrote:
>> cma_activate_area() can fail after allocating range bitmaps. Its cleanup
>> path frees those bitmaps, but only clears cma->count and
>> cma->available_count. It leaves cma->nranges and each range's count in
>> place, so cma_debugfs_init() can still register debugfs files for an area
>> that never activated successfully.
>> 
>> That exposes two problems. Reading the bitmap file can make debugfs walk a
>> freed range bitmap and trigger an invalid memory access. Reading maxchunk
>> can also take cma->lock even though that lock is initialized only on the
>> successful activation path.
>> 
>> Fix this by creating debugfs entries only for CMA areas that reached
>> CMA_ACTIVATED.
>> 
>> Fixes: c009da4258f9 ("mm, cma: support multiple contiguous ranges, if requested")
>> Fixes: 2e32b947606d ("mm: cma: add functions to get region pages counters")
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>
> 
> For the change:
> 
> Acked-by: Oscar Salvador (SUSE) <osalvador@xxxxxxxxxx>
> 
> About Fixes, does this mean that before c009da4258f9 ("mm, cma: support
> multiple contiguous ranges, if requested"), this was already triggerable
> after 2e32b947606d?

c009da4258f9 introduced the invalid access to bitmap file. 2e32b947606d introduced
the invalid access to cma->lock.

This change applies to both issues. So I added two Fixes tags.

Thanks.

> 
> 
> -- 
> Oscar Salvador
> SUSE Labs