tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'locking-urgent-2025-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull locking fixes from Ingo Molnar:
"Fix a PI-futexes race, and fix a copy_process() futex cleanup bug"

* tag 'locking-urgent-2025-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
futex: Use correct exit on failure from futex_hash_allocate_default()
futex: Prevent use-after-free during requeue-PI

Linus Torvalds 2cea0ed9 8b07f74c

+5 -3
+1 -1
kernel/fork.c
··· 2295 2295 if (need_futex_hash_allocate_default(clone_flags)) { 2296 2296 retval = futex_hash_allocate_default(); 2297 2297 if (retval) 2298 - goto bad_fork_core_free; 2298 + goto bad_fork_cancel_cgroup; 2299 2299 /* 2300 2300 * If we fail beyond this point we don't free the allocated 2301 2301 * futex hash map. We assume that another thread will be created
+4 -2
kernel/futex/requeue.c
··· 230 230 void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key, 231 231 struct futex_hash_bucket *hb) 232 232 { 233 - q->key = *key; 233 + struct task_struct *task; 234 234 235 + q->key = *key; 235 236 __futex_unqueue(q); 236 237 237 238 WARN_ON(!q->rt_waiter); ··· 244 243 futex_hash_get(hb); 245 244 q->drop_hb_ref = true; 246 245 q->lock_ptr = &hb->lock; 246 + task = READ_ONCE(q->task); 247 247 248 248 /* Signal locked state to the waiter */ 249 249 futex_requeue_pi_complete(q, 1); 250 - wake_up_state(q->task, TASK_NORMAL); 250 + wake_up_state(task, TASK_NORMAL); 251 251 } 252 252 253 253 /**