lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2bj2ncq7bkgmbmfi2fqwdv3w5adufivi73dzvfewn24yfn4eaa@ahftyvf6ff6z>
Date: Thu, 21 Aug 2025 10:39:49 -0700
From: Breno Leitao <leitao@...ian.org>
To: tglx@...utronix.de
Cc: linux-tip-commits@...r.kernel.org, andre.draszik@...aro.org, 
	Thomas Gleixner <tglx@...utronix.de>, x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [tip: locking/urgent] futex: Move futex cleanup to __mmdrop()

On Sat, Aug 02, 2025 at 01:22:10PM +0000, tip-bot2 for Thomas Gleixner wrote:
> The following commit has been merged into the locking/urgent branch of tip:
> 
> Commit-ID:     e703b7e247503b8bf87b62c02a4392749b09eca8
> Gitweb:        https://git.kernel.org/tip/e703b7e247503b8bf87b62c02a4392749b09eca8
> Author:        Thomas Gleixner <tglx@...utronix.de>
> AuthorDate:    Wed, 30 Jul 2025 21:44:55 +02:00
> Committer:     Thomas Gleixner <tglx@...utronix.de>
> CommitterDate: Sat, 02 Aug 2025 15:11:52 +02:00
> 
> futex: Move futex cleanup to __mmdrop()
> 
> Futex hash allocations are done in mm_init() and the cleanup happens in
> __mmput(). That works most of the time, but there are mm instances which
> are instantiated via mm_alloc() and freed via mmdrop(), which causes the
> futex hash to be leaked.
> 
> Move the cleanup to __mmdrop().
> 
> Fixes: 56180dd20c19 ("futex: Use RCU-based per-CPU reference counting instead of rcuref_t")
> Reported-by: André Draszik <andre.draszik@...aro.org>
> Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> Tested-by: André Draszik <andre.draszik@...aro.org>
> Link: https://lore.kernel.org/all/87ldo5ihu0.ffs@tglx
> Closes: https://lore.kernel.org/all/0c8cc83bb73abf080faf584f319008b67d0931db.camel@linaro.org

Thomas,

it seems this change caused the bug being reported here:

https://lore.kernel.org/all/20250818131902.5039-1-hdanton@sina.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ