<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-next.git/samples, branch master</title>
<subtitle>Linux kernel latest source</subtitle>
<id>http://mirrors.hust.edu.cn/git/linux-next.git/atom?h=master</id>
<link rel='self' href='http://mirrors.hust.edu.cn/git/linux-next.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/'/>
<updated>2026-07-03T14:03:42+00:00</updated>
<entry>
<title>Merge branch 'mm-unstable' of https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm</title>
<updated>2026-07-03T14:03:42+00:00</updated>
<author>
<name>Mark Brown</name>
<email>broonie@kernel.org</email>
</author>
<published>2026-07-03T14:03:42+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=c2ba419b97b74027d54fd319f5f97015018c002f'/>
<id>urn:sha1:c2ba419b97b74027d54fd319f5f97015018c002f</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Merge branch 'mm-stable' of https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm</title>
<updated>2026-07-03T13:46:01+00:00</updated>
<author>
<name>Mark Brown</name>
<email>broonie@kernel.org</email>
</author>
<published>2026-07-03T13:46:01+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=fec2d935311b2d3eae84837261a2e2d2cdb26079'/>
<id>urn:sha1:fec2d935311b2d3eae84837261a2e2d2cdb26079</id>
<content type='text'>
</content>
</entry>
<entry>
<title>samples/damon: fix typos in Kconfig help text</title>
<updated>2026-07-03T06:27:17+00:00</updated>
<author>
<name>Asier Gutierrez</name>
<email>gutierrez.asier@huawei-partners.com</email>
</author>
<published>2026-06-29T14:55:35+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=9abaae42a679dc927875d92d32bf304d9845690a'/>
<id>urn:sha1:9abaae42a679dc927875d92d32bf304d9845690a</id>
<content type='text'>
Fix a couple  of typos in samples/damon/Kconfig help text. Change "Thps"
to "This", and "tierign" to "tiering".

Link: https://lore.kernel.org/20260629145538.134832-5-sj@kernel.org
Signed-off-by: Asier Gutierrez &lt;gutierrez.asier@huawei-partners.com&gt;
Signed-off-by: SJ Park &lt;sj@kernel.org&gt;
Reviewed-by: SJ Park &lt;sj@kernel.org&gt;
Cc: Akinobu Mita &lt;akinobu.mita@gmail.com&gt;
Cc: Brendan Higgins &lt;brendan.higgins@linux.dev&gt;
Cc: David Hildenbrand &lt;david@kernel.org&gt;
Cc: Doehyun Baek &lt;doehyunbaek@gmail.com&gt;
Cc: Jonathan Corbet &lt;corbet@lwn.net&gt;
Cc: "Liam R. Howlett" &lt;liam@infradead.org&gt;
Cc: Lorenzo Stoakes &lt;ljs@kernel.org&gt;
Cc: Michal Hocko &lt;mhocko@suse.com&gt;
Cc: Mike Rapoport &lt;rppt@kernel.org&gt;
Cc: Philippe Laferriere &lt;plafer@proton.me&gt;
Cc: Sailesh Nandanavanam &lt;saileshnandanavanam@gmail.com&gt;
Cc: Shuah Khan &lt;skhan@linuxfoundation.org&gt;
Cc: SJ Park &lt;sj@kkernel.org&gt;
Cc: Suren Baghdasaryan &lt;surenb@google.com&gt;
Cc: Vlastimil Babka &lt;vbabka@kernel.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>samples/damon/prcl: stop and free damon ctx when damon_call() fails</title>
<updated>2026-07-03T06:27:11+00:00</updated>
<author>
<name>SJ Park</name>
<email>sj@kernel.org</email>
</author>
<published>2026-06-28T21:54:45+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=966359cf3130975d428ec3c9f81f2603d4bfac70'/>
<id>urn:sha1:966359cf3130975d428ec3c9f81f2603d4bfac70</id>
<content type='text'>
damon_sample_prcl_start() calls damon_call() right after damon_start() is
succeeded.  The kdamond that has started by the damon_start() could be
terminated by itself before or in the middle of the damon_call()
execution.  There could be multiple reasons for such a stop including
monitoring target process termination and kdamond_fn() internal memory
allocation failures.  In the case, damon_call() will fail and return an
error without cleaning up the DAMON context object.  The
damon_sample_prcl_start() caller assumes it would clean up the object,
though.  When the user requests to start DAMON again,
damon_sample_prcl_start() is called again, allocates a new DAMON context
object and overwrites the pointer for the previous object.  As a result,
the previous context object is leaked.

Safely stop the kdamond and deallocate the context object when the failure
is returned.  Note that the kdamond should be stopped first, because
damon_call() failure means not complete termination of the kdamond but
only the fact that the termination process has started.

The user impact shouldn't be that significant because the race is not easy
to happen, and only up to one DAMON context object can be leaked per race.

The issue was discovered [1] by Sashiko.

Link: https://lore.kernel.org/20260628215447.96166-7-sj@kernel.org
Link: https://lore.kernel.org/20260610035214.4850-1-sj@kernel.org [1]
Fixes: a6c33f1054e3 ("samples/damon/prcl: use damon_call() repeat mode instead of damon_callback")
Signed-off-by: SJ Park &lt;sj@kernel.org&gt;
Reviewed-by: Zenghui Yu &lt;zenghui.yu@linux.dev&gt;
Cc: &lt;stable@vger.kernel.org&gt; # 6.17.x
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>samples/damon/wsse: stop and free damon ctx when damon_call() fails</title>
<updated>2026-07-03T06:27:10+00:00</updated>
<author>
<name>SJ Park</name>
<email>sj@kernel.org</email>
</author>
<published>2026-06-28T21:54:44+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=a1b371238208700f8a0b16cfc8ff2e30501ca41e'/>
<id>urn:sha1:a1b371238208700f8a0b16cfc8ff2e30501ca41e</id>
<content type='text'>
damon_sample_wsse_start() calls damon_call() right after damon_start() is
succeeded.  The kdamond that has started by the damon_start() could be
terminated by itself before or in the middle of the damon_call()
execution.  There could be multiple reasons for such a stop including
monitoring target process termination and kdamond_fn() internal memory
allocation failures.  In the case, damon_call() will fail and return an
error without cleaning up the DAMON context object.  The
damon_sample_wsse_start() caller assumes it would clean up the object,
though.  When the user requests to start DAMON again,
damon_sample_wsse_start() is called again, allocates a new DAMON context
object and overwrites the pointer for the previous object.  As a result,
the previous context object is leaked.

Safely stop the kdamond and deallocate the context object when the failure
is returned.  Note that the kdamond should be stopped first, because
damon_call() failure means not complete termination of the kdamond but
only the fact that the termination process has started.

The user impact shouldn't be that significant because the race is not easy
to happen, and only up to one DAMON context object can be leaked per race.

The issue was discovered [1] by Sashiko.

Link: https://lore.kernel.org/20260628215447.96166-6-sj@kernel.org
Link: https://lore.kernel.org/20260610034828.4632-1-sj@kernel.org [1]
Fixes: cc9c1b8c205b ("samples/damon/wsse: use damon_call() repeat mode instead of damon_callback")
Signed-off-by: SJ Park &lt;sj@kernel.org&gt;
Reviewed-by: Zenghui Yu &lt;zenghui.yu@linux.dev&gt;
Cc: &lt;stable@vger.kernel.org&gt; # 6.17.x
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>samples/damon/mtier: handle damon_stop() failure</title>
<updated>2026-07-03T06:27:10+00:00</updated>
<author>
<name>SJ Park</name>
<email>sj@kernel.org</email>
</author>
<published>2026-06-28T21:54:43+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=61d46d24b4632de5eb62d44ffbf9ce6e12967e81'/>
<id>urn:sha1:61d46d24b4632de5eb62d44ffbf9ce6e12967e81</id>
<content type='text'>
damon_sample_mtier_stop() assumes its damon_stop() call will always
successfully stops the two DAMON contexts.  Hence it deallocates the two
DAMON contexts after the damon_stop() call.  However, if a given context
is already stopped, damon_stop() fails and returns an error while letting
the DAMON contexts that have not yet stopped keep running.  This kind of
unexpected early DAMON context stops could happen due to memory allocation
failures in kdamond_fn().  Because damon_sample_mtier_stop() just
deallocates all DAMON contexts with damon_target and damon_region objects
that are linked to the contexts, the execution of the unstopped DAMON
context (kdamond) ends up using the memory that freed (use-after-free). 
Fix the issue by separating the damon_stop() to be invoked per context.

Note that DAMON_SYSFS also allows multiple DAMON contexts execution.  But,
it calls damon_stop() for each context one by one.  Hence this issue is
only in mtier.

For the long term, it would be better to refactor damon_stop() to always
ensure stopping all contexts regardless of the failures in the middle. 
Make this fix in the current way, though, to keep it simple and easy to
backport.  I will do the refactoring later.

The issue was discovered [1] by Sashiko.

Link: https://lore.kernel.org/20260628215447.96166-5-sj@kernel.org
Link: https://lore.kernel.org/20260609014219.3013-1-sj@kernel.org [1]
Fixes: 82a08bde3cf7 ("samples/damon: implement a DAMON module for memory tiering")
Signed-off-by: SJ Park &lt;sj@kernel.org&gt;
Reviewed-by: Zenghui Yu &lt;zenghui.yu@linux.dev&gt;
Cc: &lt;stable@vger.kernel.org&gt; # 6.16.x
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>samples/damon/mtier: handle damon_start() failure</title>
<updated>2026-07-03T06:27:10+00:00</updated>
<author>
<name>SJ Park</name>
<email>sj@kernel.org</email>
</author>
<published>2026-06-28T21:54:42+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=1a8a5b92b9413ddd2e779e215964997ed608a46f'/>
<id>urn:sha1:1a8a5b92b9413ddd2e779e215964997ed608a46f</id>
<content type='text'>
damon_sample_mtier_start() callers assume it will clean up resources when
it fails.  And the function does the cleanup for context buildup failures.
However, it is not doing the cleanup for damon_start() failure.

As a result, when damon_start() fails, it could leak the memory for DAMON
context.  Also, if damon_start() fails for only the second context, the
first context will indefinitely run, and avoid starting other DAMON
contexts since it is running in the exclusive mode.  Stop possibly started
DAMON context and free the contexts in case of the failure to fix the
issues.

Note that the issue can reliably be reproduced because the module calls
damon_start() in the exclusive mode.  For example,

    $ sudo damo start
    $ echo Y | sudo tee /sys/module/damon_sample_mtier/parameters/enabled
    $ sudo cat /proc/allocinfo | grep damon_new_ctx

Because the first command is running another DAMON instance, the second
command fails the damon_start() call because the new DAMON instance cannot
exclusively run.  And without this fix, by repeating the second and the
third commands above, we can show the memory consumption is only
increasing due to the leaks.  It requires the sudo permission though.

The issue was discovered [1] by Sashiko.

Link: https://lore.kernel.org/20260628215447.96166-4-sj@kernel.org
Link: https://lore.kernel.org/20260608112455.274231F00893@smtp.kernel.org [1]
Fixes: 82a08bde3cf7 ("samples/damon: implement a DAMON module for memory tiering")
Signed-off-by: SJ Park &lt;sj@kernel.org&gt;
Reviewed-by: Zenghui Yu &lt;zenghui.yu@linux.dev&gt;
Cc: &lt;stable@vger.kernel.org&gt; # 6.16.x
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>samples/damon/prcl: handle damon_start() failure</title>
<updated>2026-07-03T06:27:10+00:00</updated>
<author>
<name>SJ Park</name>
<email>sj@kernel.org</email>
</author>
<published>2026-06-28T21:54:41+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=4037eaadec51e822e853a8050f596803a57cb740'/>
<id>urn:sha1:4037eaadec51e822e853a8050f596803a57cb740</id>
<content type='text'>
damon_sample_prcl_start() callers assume it will clean up resources when
it fails.  And the function does the cleanup for context buildup failures.
However, it is not doing the cleanup for damon_start() failure.  As a
result, when damon_start() fails, it leaks the memory for DAMON context. 
Free the context in case of the failure to fix the issues.

Note that the issue can reliably be reproduced because the module calls
damon_start() in the exclusive mode.  For example,

    $ sudo damo start
    $ echo $$ | sudo tee /sys/module/damon_sample_prcl/parameters/target_pid
    $ echo Y | sudo tee /sys/module/damon_sample_prcl/parameters/enabled
    $ sudo cat /proc/allocinfo | grep damon_new_ctx

Because the first command is running another DAMON instance, the third
command fails the damon_start() call because the new DAMON instance cannot
exclusively run.  And without this fix, by repeating the third and the
fourth commands above, we can show the memory consumption is only
increasing due to the leaks.  It requires the sudo permission though.

The issue was discovered [1] by Sashiko.

Link: https://lore.kernel.org/20260628215447.96166-3-sj@kernel.org
Link: https://lore.kernel.org/20260609145814.70163-1-sj@kernel.org [1]
Fixes: 2aca254620a8 ("samples/damon: introduce a skeleton of a smaple DAMON module for proactive reclamation")
Signed-off-by: SJ Park &lt;sj@kernel.org&gt;
Reviewed-by: Zenghui Yu &lt;zenghui.yu@linux.dev&gt;
Cc: &lt;stable@vger.kernel.org&gt; # 6.14.x
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>samples/damon/wsse: handle damon_start() failure</title>
<updated>2026-07-03T06:27:09+00:00</updated>
<author>
<name>SJ Park</name>
<email>sj@kernel.org</email>
</author>
<published>2026-06-28T21:54:40+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=9ccf7522bb5a572e2524598c121d85596e592dfe'/>
<id>urn:sha1:9ccf7522bb5a572e2524598c121d85596e592dfe</id>
<content type='text'>
Patch series "samples/damon: handle damon_{start,stop}() failures".

All DAMON sample modules are not correctly handling failures from
damon_start().  Among those, mtier also has an additional problem for
handling of damon_stop() failures.  wsse and prcl also have a problem in
their damon_call() failure handling.  As a result, memory leaks, next
DAMON operation disruptions, and use-after-free can happen.  Fix those.

Note that only the damon_start() failure caused issues can reliably be
reproduced.  Reproducing those issues require the admin permission,
though.


This patch (of 6):

damon_sample_wsse_start() callers assume it will clean up resources when
it fails.  And the function does the cleanup for context buildup failures.
However, it is not doing the cleanup for damon_start() failure.  As a
result, when damon_start() fails, it leaks the memory for DAMON context. 
Free the context in case of the failure to fix the issues.

Note that the issue can reliably be reproduced because the module calls
damon_start() in the exclusive mode.  For example,

    $ sudo damo start
    $ echo $$ | sudo tee /sys/module/damon_sample_wsse/parameters/target_pid
    $ echo Y | sudo tee /sys/module/damon_sample_wsse/parameters/enabled
    $ sudo cat /proc/allocinfo | grep damon_new_ctx

Because the first command is running another DAMON instance, the third
command fails the damon_start() call because the new DAMON instance cannot
exclusively run.  And without this fix, by repeating the third and the
fourth commands above, we can show the memory consumption is only
increasing due to the leaks.  It requires the sudo permission though.

The issue was discovered [1] by Sashiko.

Link: https://lore.kernel.org/20260628215447.96166-2-sj@kernel.org
Link: https://lore.kernel.org/20260609145814.70163-1-sj@kernel.org [1]
Fixes: b757c6cfc696 ("samples/damon/wsse: start and stop DAMON as the user requests")
Signed-off-by: SJ Park &lt;sj@kernel.org&gt;
Reviewed-by: Zenghui Yu &lt;zenghui.yu@linux.dev&gt;
Cc: &lt;stable@vger.kernel.org&gt; # 6.14.x
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>samples/damon/mtier: fail early if address range parameters are invalid</title>
<updated>2026-07-02T02:02:56+00:00</updated>
<author>
<name>Zenghui Yu</name>
<email>yuzenghui@huawei.com</email>
</author>
<published>2026-06-29T14:44:31+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=7746d72c64054976887928d64d2caf25c5a6dcc0'/>
<id>urn:sha1:7746d72c64054976887928d64d2caf25c5a6dcc0</id>
<content type='text'>
The comment on top of `struct damon_region` clearly says that

    For any use case, @ar should be non-zero positive size.

which is now verified in damon_verify_new_region() if the kernel is built
with DAMON_DEBUG_SANITY.

The WARN_ONCE() can be triggered if the mtier sample module is enabled
before node{0,1}_{start,end}_addr have been properly initialized, which is
obviously not good.

 ------------[ cut here ]------------
 start 0 &gt;= end 0
 WARNING: mm/damon/core.c:217 at damon_new_region+0xf4/0x118, CPU#59: bash/341468
 Call trace:
  damon_new_region+0xf4/0x118 (P)
  damon_set_regions+0xfc/0x3c0
  damon_sample_mtier_build_ctx+0xe8/0x3a8
  damon_sample_mtier_start+0x1c/0x90
  damon_sample_mtier_enable_store+0x98/0xb0
  param_attr_store+0xb4/0x128
  module_attr_store+0x2c/0x50
  sysfs_kf_write+0x58/0x90
  kernfs_fop_write_iter+0x16c/0x238
  vfs_write+0x2c0/0x370
  ksys_write+0x74/0x118
  __arm64_sys_write+0x24/0x38
  invoke_syscall+0xa8/0x118
  el0_svc_common.constprop.0+0x48/0xf0
  do_el0_svc+0x24/0x38
  el0_svc+0x54/0x370
  el0t_64_sync_handler+0xa0/0xe8
  el0t_64_sync+0x1ac/0x1b0
 ---[ end trace 0000000000000000 ]---

Note that the same issue can happen if detect_node_addresses is true, and
node 0 or 1 is memoryless.  Fix it together by checking the validity of
parameters right before damon_new_region() and fail early if they're
invalid.

Link: https://lore.kernel.org/20260629144432.133962-1-sj@kernel.org
Fixes: 82a08bde3cf7 ("samples/damon: implement a DAMON module for memory tiering")
Signed-off-by: Zenghui Yu &lt;yuzenghui@huawei.com&gt;
Signed-off-by: SJ Park &lt;sj@kernel.org&gt;
Reviewed-by: SJ Park &lt;sj@kernel.org&gt;
Cc: &lt;stable@vger.kernel.org&gt; # 6.16.x
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</content>
</entry>
</feed>
