tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

mm/damon/core: cancel damos_walk() before damon_ctx->kdamond reset

damos_walk() request is canceled after damon_ctx->kdamond is reset. This
can make weird situations where damon_is_running() returns false but the
DAMON context has the damos_walk() request linked. There was a similar
situation for damon_call() requests handling [1], which _was_ able to
cause a racy use-after-free bug. Unlike the case of damon_call(), because
damos_walk() is always synchronously handled and allows only single
request at time, there is no such problematic race cases. But, keeping it
as is could stem another subtle race condition bug in future.

Avoid that by cancelling the requests before the ->kdamond reset. Note
that this change also makes all damon_ctx dependent resource cleanups
consistently done before the damon_ctx->kdamond reset.

Link: https://lkml.kernel.org/r/20260117175256.82826-4-sj@kernel.org
Link: https://lore.kernel.org/20251230014532.47563-1-sj@kernel.org [1]
Signed-off-by: SeongJae Park <sj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

SeongJae Park and committed by
Andrew Morton 69714a74 1736047a

+1 -2
+1 -2
mm/damon/core.c
··· 2856 2856 2857 2857 kfree(ctx->regions_score_histogram); 2858 2858 kdamond_call(ctx, true); 2859 + damos_walk_cancel(ctx); 2859 2860 2860 2861 pr_debug("kdamond (%d) finishes\n", current->pid); 2861 2862 mutex_lock(&ctx->kdamond_lock); 2862 2863 ctx->kdamond = NULL; 2863 2864 mutex_unlock(&ctx->kdamond_lock); 2864 - 2865 - damos_walk_cancel(ctx); 2866 2865 2867 2866 mutex_lock(&damon_lock); 2868 2867 nr_running_ctxs--;