[lvc-project] [PATCH 6.1] mm/damon: get rid of overlapping areas

Markov Gleb markov.gi at npc-ksb.ru
Tue Jun 23 12:43:47 MSK 2026


From: Gleb Markov <markov.gi at npc-ksb.ru>

sscanf() function is used to remove whitespaces and save the first
token.

Using sscanf() where the source and destination are the same can
cause these areas to overlap.

Change sscanf() function to avoid possible overlap situation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 4bc05954d007 ("mm/damon: implement a debugfs-based user space interface")
Signed-off-by: Gleb Markov <markov.gi at npc-ksb.ru>
---
 mm/damon/dbgfs.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/mm/damon/dbgfs.c b/mm/damon/dbgfs.c
index b3f454a5c682..59a5407be002 100644
--- a/mm/damon/dbgfs.c
+++ b/mm/damon/dbgfs.c
@@ -1003,19 +1003,27 @@ static ssize_t dbgfs_monitor_on_write(struct file *file,
 {
 	ssize_t ret;
 	char *kbuf;
+	char *token;
+	char *temp_buf;
 
 	kbuf = user_input_str(buf, count, ppos);
 	if (IS_ERR(kbuf))
 		return PTR_ERR(kbuf);
 
-	/* Remove white space */
-	if (sscanf(kbuf, "%s", kbuf) != 1) {
+	/* Will use temporary to avoid problems with original */
+	temp_buf = kbuf;
+
+	do {
+		token = strsep(&temp_buf, " \t\r\n\v\f");
+	} while (token && *token == '\0');
+
+	if (!token) {
 		kfree(kbuf);
 		return -EINVAL;
 	}
 
 	mutex_lock(&damon_dbgfs_lock);
-	if (!strncmp(kbuf, "on", count)) {
+	if (!strcmp(token, "on")) {
 		int i;
 
 		for (i = 0; i < dbgfs_nr_ctxs; i++) {
@@ -1026,7 +1034,7 @@ static ssize_t dbgfs_monitor_on_write(struct file *file,
 			}
 		}
 		ret = damon_start(dbgfs_ctxs, dbgfs_nr_ctxs, true);
-	} else if (!strncmp(kbuf, "off", count)) {
+	} else if (!strcmp(token, "off")) {
 		ret = damon_stop(dbgfs_ctxs, dbgfs_nr_ctxs);
 	} else {
 		ret = -EINVAL;
-- 
2.43.0




More information about the lvc-project mailing list