[lvc-project] [PATCH 6.1] mm/damon: get rid of overlapping areas

Markov Gleb markov.gi at npc-ksb.ru
Fri Jun 26 09:23:55 MSK 2026


From: Gleb Markov <markov.gi at npc-ksb.ru>

sscanf() function is used to remove whitespaces and save the first
token.

Using sscanf() where the source and destination are the same can
cause these areas to overlap.

Replace sscanf() function to avoid possible overlap situation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 4bc05954d007 ("mm/damon: implement a debugfs-based user space interface")
Signed-off-by: Gleb Markov <markov.gi at npc-ksb.ru>
---
 mm/damon/dbgfs.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/mm/damon/dbgfs.c b/mm/damon/dbgfs.c
index b3f454a5c682..a681ad31b2f0 100644
--- a/mm/damon/dbgfs.c
+++ b/mm/damon/dbgfs.c
@@ -1003,19 +1003,20 @@ static ssize_t dbgfs_monitor_on_write(struct file *file,
 {
 	ssize_t ret;
 	char *kbuf;
+	char *sd_kbuf;
 
 	kbuf = user_input_str(buf, count, ppos);
 	if (IS_ERR(kbuf))
 		return PTR_ERR(kbuf);
 
-	/* Remove white space */
-	if (sscanf(kbuf, "%s", kbuf) != 1) {
+	sd_kbuf = strim(kbuf);
+	if (*sd_kbuf == '\0') {
 		kfree(kbuf);
 		return -EINVAL;
 	}
 
 	mutex_lock(&damon_dbgfs_lock);
-	if (!strncmp(kbuf, "on", count)) {
+	if (!strncmp(sd_kbuf, "on", count)) {
 		int i;
 
 		for (i = 0; i < dbgfs_nr_ctxs; i++) {
@@ -1026,7 +1027,7 @@ static ssize_t dbgfs_monitor_on_write(struct file *file,
 			}
 		}
 		ret = damon_start(dbgfs_ctxs, dbgfs_nr_ctxs, true);
-	} else if (!strncmp(kbuf, "off", count)) {
+	} else if (!strncmp(sd_kbuf, "off", count)) {
 		ret = damon_stop(dbgfs_ctxs, dbgfs_nr_ctxs);
 	} else {
 		ret = -EINVAL;
-- 
2.43.0




More information about the lvc-project mailing list