Re: [PATCH v2] futex: Use-after-free between futex_key_to_node_opt and vma_replace_policy

Next message: Edward Adam Davis: "Re: [syzbot] [media?] INFO: trying to register non-static key in as102_dvb_dmx_start_feed"
Previous message: Nicolas Frattaroli: " Re: [PATCH v11 03/22] drm: Add new general DRM property &quot;color format&quot;"
In reply to: Eric Dumazet: "Re: [PATCH v2] futex: Use-after-free between futex_key_to_node_opt and vma_replace_policy"
Next in thread: David Hildenbrand (Arm): "Re: [PATCH v2] futex: Use-after-free between futex_key_to_node_opt and vma_replace_policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hao-Yu Yang

Date: Thu Mar 26 2026 - 08:50:15 EST

I need to send patch v3? If i need how i need to change about this patch?

On Wed, Mar 25, 2026 at 08:25:29AM -0700, Eric Dumazet wrote:
> On Wed, Mar 25, 2026 at 8:22 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> > Fair enough. Like so then..
> >
> > --- a/kernel/futex/core.c
> > +++ b/kernel/futex/core.c
> > @@ -342,7 +342,7 @@ static int __futex_key_to_node(struct mm
> > if (!vma)
> > return FUTEX_NO_NODE;
> >
> > - mpol = vma_policy(vma);
> > + mpol = READ_ONCE(vma->vm_policy);
> > if (!mpol)
> > return FUTEX_NO_NODE;
> >
> > --- a/mm/mempolicy.c
> > +++ b/mm/mempolicy.c
> > @@ -1026,7 +1026,7 @@ static int vma_replace_policy(struct vm_
> > }
> >
> > old = vma->vm_policy;
> > - vma->vm_policy = new; /* protected by mmap_lock */
> > + WRITE_ONCE(vma->vm_policy, new); /* protected by mmap_lock */
> > mpol_put(old);
> >
> > return 0;
>
> LGTM, thanks !
>
> Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>