mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails

sjp38 · akpm00 · commit 0199390a6b92 · 2026-04-06T11:13:42.000-07:00
damon_call() for repeat_call_control of DAMON_SYSFS could fail if somehow the kdamond is stopped before the damon_call(). It could happen, for example, when te damon context was made for monitroing of a virtual address processes, and the process is terminated immediately, before the damon_call() invocation. In the case, the dyanmically allocated repeat_call_control is not deallocated and leaked. Fix the leak by deallocating the repeat_call_control under the damon_call() failure. This issue is discovered by sashiko [1]. Link: https://lkml.kernel.org/r/20260327003224.55752-1-sj@kernel.org Link: https://lore.kernel.org/20260320020630.962-1-sj@kernel.org [1] Fixes: 04a06b1 ("mm/damon/sysfs: use dynamically allocated repeat mode damon_call_control") Signed-off-by: SeongJae Park <sj@kernel.org> Cc: <stable@vger.kernel.org> [6.17+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
diff --git a/mm/damon/sysfs.c b/mm/damon/sysfs.c
@@ -1670,7 +1670,8 @@ static int damon_sysfs_turn_damon_on(struct damon_sysfs_kdamond *kdamond)
 	repeat_call_control->data = kdamond;
 	repeat_call_control->repeat = true;
 	repeat_call_control->dealloc_on_cancel = true;
-	damon_call(ctx, repeat_call_control);
+	if (damon_call(ctx, repeat_call_control))
+		kfree(repeat_call_control);
 	return err;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1670,7 +1670,8 @@ static int damon_sysfs_turn_damon_on(struct damon_sysfs_kdamond *kdamond)`
`1670`	`1670`	`repeat_call_control->data = kdamond;`
`1671`	`1671`	`repeat_call_control->repeat = true;`
`1672`	`1672`	`repeat_call_control->dealloc_on_cancel = true;`
`1673`		`- damon_call(ctx, repeat_call_control);`
	`1673`	`+ if (damon_call(ctx, repeat_call_control))`
	`1674`	`+ kfree(repeat_call_control);`
`1674`	`1675`	`return err;`
`1675`	`1676`	`}`
`1676`	`1677`