[RFC PATCH 1/5] mm/damon/core: fix nr_accesses_bp underflow in damon_moving_sum

Next message: Ravi Jonnalagadda: "[RFC PATCH 2/5] mm/damon/core: cap effective quota size to total monitored memory"
Previous message: Ravi Jonnalagadda: "[RFC PATCH 0/5] mm/damon: DAMOS quota controller and paddr migration walk fixes"
In reply to: Ravi Jonnalagadda: "[RFC PATCH 0/5] mm/damon: DAMOS quota controller and paddr migration walk fixes"
Next in thread: SeongJae Park: "Re: [RFC PATCH 1/5] mm/damon/core: fix nr_accesses_bp underflow in damon_moving_sum"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ravi Jonnalagadda

Date: Sat May 16 2026 - 17:04:13 EST

Guard against unsigned integer underflow when nomvsum/len_window
exceeds mvsum. When that subtraction wraps, the moving sum returns a
near-ULONG_MAX value and corrupts nr_accesses_bp.

If subtrahend > mvsum, return new_value: this clamps the moving-sum
estimate to the current observation rather than wrapping.

Signed-off-by: Ravi Jonnalagadda <ravis.opensrc@xxxxxxxxx>
---
mm/damon/core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mm/damon/core.c b/mm/damon/core.c
index 3a8725e400c6b..9975f3d9ebfe9 100644
--- a/mm/damon/core.c
+++ b/mm/damon/core.c
@@ -3449,7 +3449,11 @@ int damon_set_region_system_rams_default(struct damon_target *t,
static unsigned int damon_moving_sum(unsigned int mvsum, unsigned int nomvsum,
unsigned int len_window, unsigned int new_value)
{
- return mvsum - nomvsum / len_window + new_value;
+ unsigned int subtrahend = nomvsum / len_window;
+
+ if (subtrahend > mvsum)
+ return new_value;
+ return mvsum - subtrahend + new_value;
}

/**
--
2.43.0