Re: [PATCH v2] futex: Use-after-free between futex_key_to_node_opt and vma_replace_policy

Next message: Tom&#xE1;s Pando: "[PATCH v3] docs: driver-api: fix 6 spelling typos in Documentation/driver-api"
Previous message: Simon Horman: "Re: [PATCH v7 net-next 5/5] octeontx2-af: npc: Support for custom KPU profile from filesystem"
In reply to: Hao-Yu Yang: "Re: [PATCH v2] futex: Use-after-free between futex_key_to_node_opt and vma_replace_policy"
Next in thread: Peter Zijlstra: "Re: [PATCH v2] futex: Use-after-free between futex_key_to_node_opt and vma_replace_policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Thomas Gleixner

Date: Tue Mar 24 2026 - 12:44:09 EST

On Tue, Mar 24 2026 at 15:00, Peter Zijlstra wrote:
> On Mon, Mar 23, 2026 at 06:24:42PM +0100, Thomas Gleixner wrote:
> Not to mention we don't actually need any of that here, because:
>
>> Especially the writer side is required so that the proper memory
>> barriers are inserted for architectures with a weakly ordered memory
>> model.
>
> The vma->vm_policy thing is written under mmap_lock held for writing,
> and the futex consumer is a speculative read lock. Specifically the
> ordering is through the associated seqcount.

Duh. Yes.

> All that is really needed is to extend the lifetime of the mpol to the
> associated RCU period. Which is exactly what this patch does.
>
> Want me to go write up a better Changelog?

And a comment in the code explaining the RCU magic perhaps?