From nobody Sat Oct 11 12:12:42 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 729F628C2C8 for ; Tue, 10 Jun 2025 10:44:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749552260; cv=none; b=NoMCNfaRYtueqzzAkoJIV3awN0XLAymOHz81VKVelM3e+GEfz+rneTrKX/cG6AD1FRyHdtKER5T/9u/nO4IpyHjMHCPKaBxqctTT7oUucB5DCE/my7W2wIpxxAaA+vS6LGBP+lg06DXK+80Kur3jwSJSlfKV+ESr69+Fw7aSpIQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749552260; c=relaxed/simple; bh=1il/dB19ylyruXfeVF0bzVE5iRhTAf5MNLxEdiYkhO4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Jo7559/Rr2Dak3hJQkghWnpV8apqhxjjtZn2MFsvl+OFjXwELzNhAlwt7IQ6dnMYNm3tA1XzONd9+WJVI+lp7DAcHk8XGMg6cXkvSoeoTPtI6hEqzOlMzJFi0IlinqN+lqP5ikwFNqwxRcHy9pEiIbaglIIzLesgwTfs1Bak/+Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=Z268rKnD; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=OOgzqmqZ; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="Z268rKnD"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="OOgzqmqZ" From: Sebastian Andrzej Siewior DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1749552251; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bq4F0YaCcYiesX5BYOqiqK340+o2Iuxu8rVBteNA9h0=; b=Z268rKnDUxE8qCLU8uIvJkehgEcHk8vGWTfYqaCtEkJpZYHVgy6+SYqjJMr6vFngCf8cOi ua7Nv5B2gUM0ctDq7LT1YVtp3KOImWIvVCLUUv2YIXvwJXtx/+4EsuWjFHjOo7F9iRuqjr foh2Jh5whfKY3OW2PP1rjqDO1MJqVbpnQ8/FRATAOAhpXCxw1zT3fchxAMGj8G2ZpO+wdF 54lli8rDoEbqDxiIqPyYujlg6DbSqshzXps0+Eq4sNpUMCsdAoJ+DayearU1Jh7G7cslMx rVETM9QSkAUlXLp6CCQXhFibQpe7k6BYkFQRQ4i52XiYtPCiifYBl+rF5psW/w== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1749552251; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bq4F0YaCcYiesX5BYOqiqK340+o2Iuxu8rVBteNA9h0=; b=OOgzqmqZ+ReFEWOeJEEvHEoK01GWT79r320ar+e5v//mkKyIDiSeediMVyphiYTtowwgi9 wTTi0g5uMJ4UDlDw== To: linux-kernel@vger.kernel.org Cc: =?UTF-8?q?Andr=C3=A9=20Almeida?= , Darren Hart , Davidlohr Bueso , Ingo Molnar , Juri Lelli , Peter Zijlstra , Thomas Gleixner , Valentin Schneider , Waiman Long , Sebastian Andrzej Siewior , Mark Brown Subject: [PATCH v2 1/4] selftests/futex: getopt() requires int as return value. Date: Tue, 10 Jun 2025 12:43:57 +0200 Message-ID: <20250610104400.1077266-2-bigeasy@linutronix.de> In-Reply-To: <20250610104400.1077266-1-bigeasy@linutronix.de> References: <20250610104400.1077266-1-bigeasy@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Mark reported that futex_priv_hash fails on ARM64. It turns out that the command line parsing does not terminate properly and ends in the default case assuming an invalid option was passed. Use an int as the return type for getopt(). Reported-by: Mark Brown Closes: https://lore.kernel.org/all/31869a69-063f-44a3-a079-ba71b2506cce@si= rena.org.uk/ Fixes: 3163369407baf ("selftests/futex: Add futex_numa_mpol") Fixes: cda95faef7bcf ("selftests/futex: Add futex_priv_hash") Signed-off-by: Sebastian Andrzej Siewior --- tools/testing/selftests/futex/functional/futex_numa_mpol.c | 2 +- tools/testing/selftests/futex/functional/futex_priv_hash.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/futex/functional/futex_numa_mpol.c b/t= ools/testing/selftests/futex/functional/futex_numa_mpol.c index 20a9d3ecf7433..564dbd02d2f46 100644 --- a/tools/testing/selftests/futex/functional/futex_numa_mpol.c +++ b/tools/testing/selftests/futex/functional/futex_numa_mpol.c @@ -144,7 +144,7 @@ int main(int argc, char *argv[]) struct futex32_numa *futex_numa; int mem_size, i; void *futex_ptr; - char c; + int c; =20 while ((c =3D getopt(argc, argv, "chv:")) !=3D -1) { switch (c) { diff --git a/tools/testing/selftests/futex/functional/futex_priv_hash.c b/t= ools/testing/selftests/futex/functional/futex_priv_hash.c index 2dca18fefedcd..24a92dc94eb86 100644 --- a/tools/testing/selftests/futex/functional/futex_priv_hash.c +++ b/tools/testing/selftests/futex/functional/futex_priv_hash.c @@ -130,7 +130,7 @@ int main(int argc, char *argv[]) pthread_mutexattr_t mutex_attr_pi; int use_global_hash =3D 0; int ret; - char c; + int c; =20 while ((c =3D getopt(argc, argv, "cghv:")) !=3D -1) { switch (c) { --=20 2.49.0 From nobody Sat Oct 11 12:12:42 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72AC528CF44 for ; Tue, 10 Jun 2025 10:44:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749552260; cv=none; b=RCr8EL9UuXlC3se09AcQQW3hJUGERlKVVG1Y1yrLncFJjsxZkt8kW8KkMDCZvgCWC//L/jDZ2Xed3y6+fakXuAXEJArLfeDRoSlEtPO55Z8WSAAHv2zmDN9uRGD8AyiQLUxM9X69NHd5bIfJMNyxX97upJFuPRbhohC4OqCNDV0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749552260; c=relaxed/simple; bh=ZgnsrQ43S4L70fg/UsiHrN3kFf5lABAXCfemPqc403o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=i33dGrnW0CpAx16dCIJkQtJpL2M5Urf+r8OGX/isOec/CrExEPfSWrfvAwJoDWy/ZYJRCPeVmEA7RcaI4Qc711zINAOM2yzYzLFV/V1gqNeZTLUxltKeTrVk+KRFTh35xJ0cSBcd/yj9ArcDFtTaB4EEHJpAkPmNrNTvflzTB14= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=hSvbOCDP; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=SZv3vWoW; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="hSvbOCDP"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="SZv3vWoW" From: Sebastian Andrzej Siewior DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1749552251; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tnE55vTMy7qpHVnuymQd+6282kdfSCrwu3U5LR8Xz3c=; b=hSvbOCDPxCHQ/4h4xHalIasiGLr6fhm+Yt63Ncw/rSXe3TaBkO7w9F9JOn9UPQjT3IMqs6 AntW6NObwv6xFZQK+05Ff+cYb4tczjZFPPiZ9WFU0VvcdTNGeLWuFiojq0oxu1vM/171xK Cfvbstb4fpl9aX9i012iSP7XSYEeJDoUYw/4GWTZNWgzIdpchXsmsT8h6XHuneTECZDVNB qTBX6LsvgtD1kbJjOrp+VzYo9a7LGInYJQzafi2AarOvUJXtRCiy5j/MJ0eIYo/xs1Y5dU BNG3UKhAQnvdDxU2W+a8XIP9IBFNTjuLVwsTkxgmqz8nclZdJb/Zkk1+MUgOhg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1749552251; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tnE55vTMy7qpHVnuymQd+6282kdfSCrwu3U5LR8Xz3c=; b=SZv3vWoWL6cvSDw0kPG1I6WBW5MM2CoKO+cbPjJIJLeC8RAMrHPgAKbkYefZxmSXz+WEN9 OmgZ0HkJStb7e2Ag== To: linux-kernel@vger.kernel.org Cc: =?UTF-8?q?Andr=C3=A9=20Almeida?= , Darren Hart , Davidlohr Bueso , Ingo Molnar , Juri Lelli , Peter Zijlstra , Thomas Gleixner , Valentin Schneider , Waiman Long , Sebastian Andrzej Siewior , Vlastimil Babka Subject: [PATCH v2 2/4] selftests/futex: Set the home_node in futex_numa_mpol Date: Tue, 10 Jun 2025 12:43:58 +0200 Message-ID: <20250610104400.1077266-3-bigeasy@linutronix.de> In-Reply-To: <20250610104400.1077266-1-bigeasy@linutronix.de> References: <20250610104400.1077266-1-bigeasy@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The test fails at the MPOL step if multiple nodes are available. The reason is that mbind() sets the policy but the home_node, which is retrieved by the futex code, is not set. This causes to retrieve the current node and with multiple nodes it fails on one of the iterations. Use numa_set_mempolicy_home_node() to set the expected node. Use ksft_exit_fail_msg() to fail and exit in order not to confuse ktap. Fixes: 3163369407baf ("selftests/futex: Add futex_numa_mpol") Suggested-by: Vlastimil Babka Signed-off-by: Sebastian Andrzej Siewior --- .../testing/selftests/futex/functional/futex_numa_mpol.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/futex/functional/futex_numa_mpol.c b/t= ools/testing/selftests/futex/functional/futex_numa_mpol.c index 564dbd02d2f46..a9ecfb2d3932a 100644 --- a/tools/testing/selftests/futex/functional/futex_numa_mpol.c +++ b/tools/testing/selftests/futex/functional/futex_numa_mpol.c @@ -210,6 +210,10 @@ int main(int argc, char *argv[]) ret =3D mbind(futex_ptr, mem_size, MPOL_BIND, &nodemask, sizeof(nodemask) * 8, 0); if (ret =3D=3D 0) { + ret =3D numa_set_mempolicy_home_node(futex_ptr, mem_size, i, 0); + if (ret !=3D 0) + ksft_exit_fail_msg("Failed to set home node: %m, %d\n", errno); + ksft_print_msg("Node %d test\n", i); futex_numa->futex =3D 0; futex_numa->numa =3D FUTEX_NO_NODE; @@ -220,8 +224,8 @@ int main(int argc, char *argv[]) if (0) test_futex_mpol(futex_numa, 0); if (futex_numa->numa !=3D i) { - ksft_test_result_fail("Returned NUMA node is %d expected %d\n", - futex_numa->numa, i); + ksft_exit_fail_msg("Returned NUMA node is %d expected %d\n", + futex_numa->numa, i); } } } --=20 2.49.0 From nobody Sat Oct 11 12:12:42 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26DCF280A2C for ; Tue, 10 Jun 2025 10:44:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749552260; cv=none; b=BjNRdjt2G23N9Nz6Xymt6SipkA2axT75sTlxXc1XGxgP4Ddcd1nffzaTYXYGy7/VYGaprz0rRaN1Ur+AhojuQMYLCbz7ih4lFxBKuSUHijN5ytI0YJesUVic+Svwv8Glp/J5iCqwazmlYqD75s8yf6Uy8kmJXxUqej32KkiTEDo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749552260; c=relaxed/simple; bh=KFMsaCdCvJb3q2FQocRMQdyM00taIuspYZSsHgfUdPk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=J0MFqV5Oa6q0yLwf9o4ExHPMQSwa/8GjEv/nWtTlbLyKg3kHUZMsbT7872g5RCz+8WtFv7EfAcQfsiGZXu+9DX/AbUWiafbZ3wx03kFhPzCFCuFTCSrk2n+P0mJHpl/1Q6r0FYOLQRN3ROsCtsKuPn3zqOAKuaijh8TwrO0nIqQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=0+8mAkOX; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=c6vVbmaN; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="0+8mAkOX"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="c6vVbmaN" From: Sebastian Andrzej Siewior DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1749552251; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bMlr6vHZDVDhBXQFB0RwxiPu4nhdh71Fe9TrcXNAn8w=; b=0+8mAkOXYgTnk3cu+78HLPUO9+UaoDSFMhOOFsTSNQ4xVqEUNiV7G5UxfjrOr5R45ceDbk s1ZEpfb/Nz8N3lDNccfI552+3OI0sMMCOWZTP5c2hYEn8mropHOOxiebE/4geyIi1ULQ3u peNttt6X05eV3rweFYTwDf0gEB4zq+rJyHJv9hUNSAgi1HtDxUiOt7wH8pmqhNACq0Wec1 O508A9JbUiOigKSV3WuHScIgLywx+cH/tAHARhIw+zZ/eLZp/AFaL8U30wcG0+n/GI8WQH hEiqcJkFBiSHQsYDkjQmz/DDxNQ22+6F1EiOPx9yMX9K16ZTVKcS7iKyAQT7Qg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1749552251; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bMlr6vHZDVDhBXQFB0RwxiPu4nhdh71Fe9TrcXNAn8w=; b=c6vVbmaNivWadEYQ6bQ6zv7K8CTK/EBpkBf3X/wNAFYeJzhbARLNgbW6co63kGWdx8xO8Y 7OobeFybxApShZDA== To: linux-kernel@vger.kernel.org Cc: =?UTF-8?q?Andr=C3=A9=20Almeida?= , Darren Hart , Davidlohr Bueso , Ingo Molnar , Juri Lelli , Peter Zijlstra , Thomas Gleixner , Valentin Schneider , Waiman Long , syzbot+9afaf6749e3a7aa1bdf3@syzkaller.appspotmail.com, Sebastian Andrzej Siewior Subject: [PATCH v2 3/4] futex: Handle invalid node numbers supplied by user Date: Tue, 10 Jun 2025 12:43:59 +0200 Message-ID: <20250610104400.1077266-4-bigeasy@linutronix.de> In-Reply-To: <20250610104400.1077266-1-bigeasy@linutronix.de> References: <20250610104400.1077266-1-bigeasy@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Zijlstra syzbot used a negative node number which was not rejected early and led to invalid memory access in node_possible(). Reject negative node numbers except for FUTEX_NO_NODE. [bigeasy: Keep the FUTEX_NO_NODE check] Reported-by: syzbot+9afaf6749e3a7aa1bdf3@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/6835bfe3.a70a0220.253bc2.00b5.GAE@googl= e.com/ Fixes: cec199c5e39bd ("futex: Implement FUTEX2_NUMA") Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Sebastian Andrzej Siewior --- kernel/futex/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/futex/core.c b/kernel/futex/core.c index 565f9717c6caa..b652d2f60c409 100644 --- a/kernel/futex/core.c +++ b/kernel/futex/core.c @@ -583,8 +583,8 @@ int get_futex_key(u32 __user *uaddr, unsigned int flags= , union futex_key *key, if (futex_get_value(&node, naddr)) return -EFAULT; =20 - if (node !=3D FUTEX_NO_NODE && - (node >=3D MAX_NUMNODES || !node_possible(node))) + if ((node !=3D FUTEX_NO_NODE) && + ((unsigned int)node >=3D MAX_NUMNODES || !node_possible(node))) return -EINVAL; } =20 --=20 2.49.0 From nobody Sat Oct 11 12:12:42 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26E8028CF48 for ; Tue, 10 Jun 2025 10:44:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749552260; cv=none; b=q+QvjlnPaPAJGumRPpdRmYMF9GxJmYt47zigSSN/DEc8aPgUEkjSQGseIZ6AkE6t+qdaez/fT2/XqPdcuVHZpCl9eC2TMip/zf19Qj1cP7dB8BPB0LsVvX6bBWeKEA1T0PNMGj/iy07Np/r7uoLPEibUKL+d4zm35q7/zI6xgs8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749552260; c=relaxed/simple; bh=pzojnBlpuCAv1jCqzuN/yAm8U0WeR51Pvxgmr+qAb5o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gzoa4t5dmgPqBSF4jrowGqbWGXo2MZy7Xmot8Wfd0DVTmWAzCymWHlZrJfwg7SHc+r07/saH3Wv89B6n0iBJhvTGRbMJKyVen3a+vdcdqRvRaaPxPCBAEJ+eAxSd33i5QPc0wREr9F0gBDcNl1k2ypKnvM4m1jyxmahpmKBwWEM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=R+RLNRRR; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=v/RTPmpn; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="R+RLNRRR"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="v/RTPmpn" From: Sebastian Andrzej Siewior DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1749552252; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5UkjuLkdZjeNAuyxuby1t0CBGzkSiipELf6PxaIWyQI=; b=R+RLNRRRtcLzCdfQ500nm5UDwD2zrLAC39DgCBVmQUgYazxzFXCpPYv4uk0mu8Nx1dcgwG MH9mulJTH8gNPixFsuDH1L/r2xZoU4z7FQdZjCwInTcR3c7AQdrEPGo9tOfh+Hw7Kf2bEX oAaZ0e2NMLxK0AB3HFqjWaxf/YdHN5r0rXJi2KMAlI6tFJg9auYAm5QiBzc9xlQ3Ck1C8U ap0Krg6WtkXBw2pifWmyzFMMyU/91bhvcgDWEbeQ1AORMUlPf8X2ywoeEVwbIpbsZcAtw4 RTKuI0VTyr3qrIGLcSFeBmafIYBfjFossY/YfVQs+DP2EJMLYM82L50qczEAow== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1749552252; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5UkjuLkdZjeNAuyxuby1t0CBGzkSiipELf6PxaIWyQI=; b=v/RTPmpnYAb4iwwBjsdoZYYsUHaeUlIkuU8L+ssrmhkAXxOUit29jO/jERZLlMKhmess+X NhpXs1hokX/ZgnBQ== To: linux-kernel@vger.kernel.org Cc: =?UTF-8?q?Andr=C3=A9=20Almeida?= , Darren Hart , Davidlohr Bueso , Ingo Molnar , Juri Lelli , Peter Zijlstra , Thomas Gleixner , Valentin Schneider , Waiman Long , Sebastian Andrzej Siewior , "Lai, Yi" Subject: [PATCH v2 4/4] futex: Verify under the lock if hash can be replaced Date: Tue, 10 Jun 2025 12:44:00 +0200 Message-ID: <20250610104400.1077266-5-bigeasy@linutronix.de> In-Reply-To: <20250610104400.1077266-1-bigeasy@linutronix.de> References: <20250610104400.1077266-1-bigeasy@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Once the global hash is requested there is no way back to switch back to the per-task private hash. This is checked at the begin of the function. It is possible that two threads simultaneously request the global hash and both pass the initial check and block later on the mm::futex_hash_lock. In this case the first thread performs the switch to the global hash. The second thread will also attempt to switch to the global hash and while doing so, accessing the nonexisting slot 1 of the struct futex_private_hash. The same applies if the hash is made immutable: There is no reference counting and the hash must not be replaced. Verify under mm_struct::futex_phash that neither the global hash nor an immutable hash in use. Tested-by: "Lai, Yi" Reported-by: "Lai, Yi" Closes: https://lore.kernel.org/all/aDwDw9Aygqo6oAx+@ly-workstation/ Fixes: bd54df5ea7cad ("futex: Allow to resize the private local hash") Signed-off-by: Sebastian Andrzej Siewior --- kernel/futex/core.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/kernel/futex/core.c b/kernel/futex/core.c index b652d2f60c409..18804b2bf38e8 100644 --- a/kernel/futex/core.c +++ b/kernel/futex/core.c @@ -1629,6 +1629,16 @@ static int futex_hash_allocate(unsigned int hash_slo= ts, unsigned int flags) mm->futex_phash_new =3D NULL; =20 if (fph) { + if (cur && (!cur->hash_mask || cur->immutable)) { + /* + * If two threads simultaneously request a hash which + * can not be changed then the first one performs + * the switch, the second one returns here. + */ + free =3D fph; + mm->futex_phash_new =3D new; + return -EBUSY; + } if (cur && !new) { /* * If we have an existing hash, but do not yet have --=20 2.49.0