Re: [PATCH] mm/cma_debug: fix invalid accesses for inactive CMA areas

Next message: Yi Liu: "Re: [PATCH v5 5/9] iommufd: Add an ioctl to query PA from IOVA for noiommu mode"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v3 1/3] regulator: dt-bindings: Add Unisoc SC2730 PMIC"
In reply to: Mike Rapoport: "Re: [PATCH] mm/cma_debug: fix invalid accesses for inactive CMA areas"
Next in thread: Muchun Song: "Re: [PATCH] mm/cma_debug: fix invalid accesses for inactive CMA areas"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Oscar Salvador (SUSE)

Date: Wed May 20 2026 - 03:28:20 EST

On Wed, May 20, 2026 at 02:10:25PM +0800, Muchun Song wrote:
> cma_activate_area() can fail after allocating range bitmaps. Its cleanup
> path frees those bitmaps, but only clears cma->count and
> cma->available_count. It leaves cma->nranges and each range's count in
> place, so cma_debugfs_init() can still register debugfs files for an area
> that never activated successfully.
>
> That exposes two problems. Reading the bitmap file can make debugfs walk a
> freed range bitmap and trigger an invalid memory access. Reading maxchunk
> can also take cma->lock even though that lock is initialized only on the
> successful activation path.
>
> Fix this by creating debugfs entries only for CMA areas that reached
> CMA_ACTIVATED.
>
> Fixes: c009da4258f9 ("mm, cma: support multiple contiguous ranges, if requested")
> Fixes: 2e32b947606d ("mm: cma: add functions to get region pages counters")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>

For the change:

Acked-by: Oscar Salvador (SUSE) <osalvador@xxxxxxxxxx>

About Fixes, does this mean that before c009da4258f9 ("mm, cma: support
multiple contiguous ranges, if requested"), this was already triggerable
after 2e32b947606d?

--
Oscar Salvador
SUSE Labs