From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20A68381BF for ; Wed, 15 Nov 2023 20:53:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="kSjZMNOk" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BB9DCC4E77B; Wed, 15 Nov 2023 20:53:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1700081625; bh=19DyI3Sl4k+wPYLWt+F5l1h79Sw66jBezo/3jt8iuMs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kSjZMNOkWEIfeHvgrRDUwV9fgak65IondIN1Yh8U2TP2svCSmuVNYzOzJBLUOkkAp pAOPnZqnEJ5CxfkCFVQ7ACgBKxlSneiNcNIiZbnjiFM6tK8Xqb2z6/WaA+C48UzT+X Gb6CcUPj8PsaSELng7qN6TrcxqYN8iVgh71z9ycM= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Ben Wolsieffer , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Darren Hart , Davidlohr Bueso , =?UTF-8?q?Andr=C3=A9=20Almeida?= , Sasha Levin Subject: [PATCH 5.10 005/191] futex: Dont include process MM in futex key on no-MMU Date: Wed, 15 Nov 2023 15:44:40 -0500 Message-ID: <20231115204644.842650948@linuxfoundation.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231115204644.490636297@linuxfoundation.org> References: <20231115204644.490636297@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 5.10-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ben Wolsieffer [ Upstream commit c73801ae4f22b390228ebf471d55668e824198b6 ] On no-MMU, all futexes are treated as private because there is no need to map a virtual address to physical to match the futex across processes. This doesn't quite work though, because private futexes include the current process's mm_struct as part of their key. This makes it impossible for one process to wake up a shared futex being waited on in another process. Fix this bug by excluding the mm_struct from the key. With a single address space, the futex address is already a unique key. Fixes: 784bdf3bb694 ("futex: Assume all mappings are private on !MMU systems") Signed-off-by: Ben Wolsieffer Signed-off-by: Ingo Molnar Acked-by: Peter Zijlstra Cc: Thomas Gleixner Cc: Darren Hart Cc: Davidlohr Bueso Cc: André Almeida Link: https://lore.kernel.org/r/20231019204548.1236437-2-ben.wolsieffer@hefring.com Signed-off-by: Sasha Levin --- kernel/futex/core.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/kernel/futex/core.c b/kernel/futex/core.c index 8dd0bc50ac36d..cde0ca876b935 100644 --- a/kernel/futex/core.c +++ b/kernel/futex/core.c @@ -514,7 +514,17 @@ static int get_futex_key(u32 __user *uaddr, bool fshared, union futex_key *key, * but access_ok() should be faster than find_vma() */ if (!fshared) { - key->private.mm = mm; + /* + * On no-MMU, shared futexes are treated as private, therefore + * we must not include the current process in the key. Since + * there is only one address space, the address is a unique key + * on its own. + */ + if (IS_ENABLED(CONFIG_MMU)) + key->private.mm = mm; + else + key->private.mm = NULL; + key->private.address = address; return 0; } -- 2.42.0