Re: [PATCH] mm/cma_debug: fix invalid accesses for inactive CMA areas

Next message: Daniel Machon: "[PATCH net-next v5 10/13] net: lan966x: add PCIe FDMA MTU change support"
Previous message: Daniel Machon: "[PATCH net-next v5 07/13] net: lan966x: clear FDMA interrupt stickies after switch reset"
In reply to: Muchun Song: "Re: [PATCH] mm/cma_debug: fix invalid accesses for inactive CMA areas"
Next in thread: Muchun Song: "Re: [PATCH] mm/cma_debug: fix invalid accesses for inactive CMA areas"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hildenbrand (Arm)

Date: Wed May 20 2026 - 04:26:22 EST

On 5/20/26 08:10, Muchun Song wrote:
> cma_activate_area() can fail after allocating range bitmaps. Its cleanup
> path frees those bitmaps, but only clears cma->count and
> cma->available_count. It leaves cma->nranges and each range's count in
> place, so cma_debugfs_init() can still register debugfs files for an area
> that never activated successfully.
>
> That exposes two problems. Reading the bitmap file can make debugfs walk a
> freed range bitmap and trigger an invalid memory access. Reading maxchunk
> can also take cma->lock even though that lock is initialized only on the
> successful activation path.
>
> Fix this by creating debugfs entries only for CMA areas that reached
> CMA_ACTIVATED.
>
> Fixes: c009da4258f9 ("mm, cma: support multiple contiguous ranges, if requested")
> Fixes: 2e32b947606d ("mm: cma: add functions to get region pages counters")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>
> ---

Acked-by: David Hildenbrand (Arm) <david@xxxxxxxxxx>

cma_sysfs_init() also traverses all cma_area_count. Does it make sense to expose
them there?

--
Cheers,

David