github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-30 18:13:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

Fix an 'allocation from atomic context' regression in the futex vmalloc

Browse Source 
variant.
 
 Signed-off-by: Ingo Molnar <mingo@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmi9WmkRHG1pbmdvQGtl
 cm5lbC5vcmcACgkQEnMQ0APhK1h4ww/9FnZ2elqxUG2kfzmDMwMCEA+KDyVIfqLI
 DzNqB0oFOgHO1xcWx/DLWItWIycH/+XhwcQUpCRcBlrG1pzaRqrbD0ioYw0SZRFo
 JbNRIQVjPBKa72vcPUd5et1cJB0iB7irUEhEPDPxkQ5BeIQOwayLF/DSz4IsKvde
 os9W9D2QcXk/YlOvbT+eRMmkDCSrAeAufz7RzcoPgzBvtGAWZEyCaBBjWXiuE2Au
 T05aXf6y35/QPB+pq7+aLxaqP97Auj2ebmCSB7iKGq1XCYXqCFmo4vQzAU6zZgkK
 hriO3+YL1wgN524bWaGXPRm87zcCmLVOXFJXe0wbTm/9w3CWmMUE+LEhfEAM+9n9
 IZpoAEL540P3/ijYFxpie4GAz+ZjttUwLvh8f5xaM/2jPUq8bUXakR6dt5U5h3YA
 n4FG2/K215R3s9+wYV2KpNQ0gUqZn7EmqfMAkQ1N09rsW571ExUKWdrEr61TUOnx
 BTwC0nOti/M97sOHjajG/ylBmRaswc6mwiLVlVy3Gvi/kzAqjAVe+cRJnNKSd7hd
 kIUKUiPWrI4eSWi+0gmW0Xo5RcyEbMNf4iVGvlZ6aM5zoKjZo72TGPcqapxbaW6m
 hRRsFJdlXmBBOxKhB+Ne0EZIqQzk9ZK8tknN5voXp1UsupanubwS7H3YYppljCxg
 VdlccxGizuI=
 =rQLp
 -----END PGP SIGNATURE-----

Merge tag 'locking-urgent-2025-09-07' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull locking fix from Ingo Molnar:
 "Fix an 'allocation from atomic context' regression in the futex
  vmalloc variant"

* tag 'locking-urgent-2025-09-07' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  futex: Move futex_hash_free() back to __mmput()
This commit is contained in:
Linus Torvalds 2025-09-07 08:26:28 -07:00
commit b7369eb731
2 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/fork.c
View File

@ -689,7 +689,6 @@ void __mmdrop(struct mm_struct *mm)
mm_pasid_drop(mm);
mm_destroy_cid(mm);
percpu_counter_destroy_many(mm->rss_stat, NR_MM_COUNTERS);
futex_hash_free(mm);
free_mm(mm);
}
@ -1138,6 +1137,7 @@ static inline void __mmput(struct mm_struct *mm)
if (mm->binfmt)
module_put(mm->binfmt->module);
lru_gen_del_mm(mm);
futex_hash_free(mm);
mmdrop(mm);
}

16
kernel/futex/core.c
View File

@ -1722,12 +1722,9 @@ int futex_mm_init(struct mm_struct *mm)
RCU_INIT_POINTER(mm->futex_phash, NULL);
mm->futex_phash_new = NULL;
/* futex-ref */
mm->futex_ref = NULL;
atomic_long_set(&mm->futex_atomic, 0);
mm->futex_batches = get_state_synchronize_rcu();
mm->futex_ref = alloc_percpu(unsigned int);
if (!mm->futex_ref)
return -ENOMEM;
this_cpu_inc(*mm->futex_ref); /* 0 -> 1 */
return 0;
}
@ -1801,6 +1798,17 @@ static int futex_hash_allocate(unsigned int hash_slots, unsigned int flags)
}
}
if (!mm->futex_ref) {
/*
* This will always be allocated by the first thread and
* therefore requires no locking.
*/
mm->futex_ref = alloc_percpu(unsigned int);
if (!mm->futex_ref)
return -ENOMEM;
this_cpu_inc(*mm->futex_ref); /* 0 -> 1 */
}
fph = kvzalloc(struct_size(fph, queues, hash_slots),
GFP_KERNEL_ACCOUNT | __GFP_NOWARN);
if (!fph)