Re: [PATCH] mm/cma_debug: fix invalid accesses for inactive CMA areas

Next message: Rakesh Kota: "[PATCH 2/2] regulator: qcom_usb_vbus: add support for qcom,pm4125-vbus-reg"
Previous message: Rakesh Kota: "[PATCH 0/2] regulator: qcom_usb_vbus: add pm4125 VBUS regulator support"
In reply to: David Hildenbrand (Arm): "Re: [PATCH] mm/cma_debug: fix invalid accesses for inactive CMA areas"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Muchun Song

Date: Wed May 20 2026 - 05:08:09 EST

> On May 20, 2026, at 16:19, David Hildenbrand (Arm) <david@xxxxxxxxxx> wrote:
>
> On 5/20/26 08:10, Muchun Song wrote:
>> cma_activate_area() can fail after allocating range bitmaps. Its cleanup
>> path frees those bitmaps, but only clears cma->count and
>> cma->available_count. It leaves cma->nranges and each range's count in
>> place, so cma_debugfs_init() can still register debugfs files for an area
>> that never activated successfully.
>>
>> That exposes two problems. Reading the bitmap file can make debugfs walk a
>> freed range bitmap and trigger an invalid memory access. Reading maxchunk
>> can also take cma->lock even though that lock is initialized only on the
>> successful activation path.
>>
>> Fix this by creating debugfs entries only for CMA areas that reached
>> CMA_ACTIVATED.
>>
>> Fixes: c009da4258f9 ("mm, cma: support multiple contiguous ranges, if requested")
>> Fixes: 2e32b947606d ("mm: cma: add functions to get region pages counters")
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>
>> ---
>
> Acked-by: David Hildenbrand (Arm) <david@xxxxxxxxxx>

Thanks.

>
> cma_sysfs_init() also traverses all cma_area_count. Does it make sense to expose
> them there?

It is better to hide them from users. A separate cleanup patch is better since
there is no critical issue when accessing those sysfs files.

Thanks,
Muhcun

>
> --
> Cheers,
>
> David