git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	SeongJae Park <sj@kernel.org>
	Sat, 17 Jan 2026 17:52:50 +0000 (09:52 -0800)
committer	Andrew Morton <akpm@linux-foundation.org>
	Sat, 31 Jan 2026 22:22:45 +0000 (14:22 -0800)
commit	69714a74c19f5ae8b21e25558d62d893d48a3f18
tree	df0c7773fafb709128c3913b5bffd4b10ba94cf1	tree
parent	1736047a4e9606f11e044431dfe61516e3a7600b	commit \| diff

mm/damon/core: cancel damos_walk() before damon_ctx->kdamond reset

damos_walk() request is canceled after damon_ctx->kdamond is reset.  This
can make weird situations where damon_is_running() returns false but the
DAMON context has the damos_walk() request linked.  There was a similar
situation for damon_call() requests handling [1], which _was_ able to
cause a racy use-after-free bug.  Unlike the case of damon_call(), because
damos_walk() is always synchronously handled and allows only single
request at time, there is no such problematic race cases.  But, keeping it
as is could stem another subtle race condition bug in future.

Avoid that by cancelling the requests before the ->kdamond reset.  Note
that this change also makes all damon_ctx dependent resource cleanups
consistently done before the damon_ctx->kdamond reset.

Link: https://lkml.kernel.org/r/20260117175256.82826-4-sj@kernel.org
Link: https://lore.kernel.org/20251230014532.47563-1-sj@kernel.org
Signed-off-by: SeongJae Park <sj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>