summaryrefslogtreecommitdiff
path: root/lib/dynamic_debug.c
diff options
context:
space:
mode:
authorSebastian Andrzej Siewior <bigeasy@linutronix.de>2025-06-02 14:00:27 +0300
committerPeter Zijlstra <peterz@infradead.org>2025-06-11 18:24:09 +0300
commit69a14d146f3b87819f3fb73ed5d1de3e1fa680c1 (patch)
tree49742c79777d1780cf11f8d4f24c5bdc4aac3e47 /lib/dynamic_debug.c
parent8337204c58899fe422db765b481711eb2d95eb0b (diff)
downloadlinux-69a14d146f3b87819f3fb73ed5d1de3e1fa680c1.tar.xz
futex: Verify under the lock if hash can be replaced
Once the global hash is requested there is no way back to switch back to the per-task private hash. This is checked at the begin of the function. It is possible that two threads simultaneously request the global hash and both pass the initial check and block later on the mm::futex_hash_lock. In this case the first thread performs the switch to the global hash. The second thread will also attempt to switch to the global hash and while doing so, accessing the nonexisting slot 1 of the struct futex_private_hash. The same applies if the hash is made immutable: There is no reference counting and the hash must not be replaced. Verify under mm_struct::futex_phash that neither the global hash nor an immutable hash in use. Tested-by: "Lai, Yi" <yi1.lai@linux.intel.com> Reported-by: "Lai, Yi" <yi1.lai@linux.intel.com> Closes: https://lore.kernel.org/all/aDwDw9Aygqo6oAx+@ly-workstation/ Fixes: bd54df5ea7cad ("futex: Allow to resize the private local hash") Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lore.kernel.org/all/20250610104400.1077266-5-bigeasy@linutronix.de/
Diffstat (limited to 'lib/dynamic_debug.c')
0 files changed, 0 insertions, 0 deletions