From: Ingo Molnar <mingo@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Will Deacon <will@kernel.org>, Waiman Long <longman@redhat.com>,
Boqun Feng <boqun.feng@gmail.com>
Subject: [GIT PULL] locking updates for v7.2
Date: Sun, 14 Jun 2026 13:22:09 +0200 [thread overview]
Message-ID: <ai6O4a4UstIWIsFv@gmail.com> (raw)
Linus,
Please pull the latest locking/core Git tree from:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git locking-core-2026-06-14
for you to fetch changes up to 4f070ccb4dc4692e3b6757819fb80655f58b4f12:
Locking updates for v7.2:
Futex updates:
- Optimize futex hash bucket access patterns (Peter Zijlstra)
- Large series to address the robust futex unlock race for real,
by Thomas Gleixner:
"The robust futex unlock mechanism is racy in respect
to the clearing of the robust_list_head::list_op_pending
pointer because unlock and clearing the pointer are not
atomic. The race window is between the unlock and clearing the
pending op pointer. If the task is forced to exit in this
window, exit will access a potentially invalid pending op
pointer when cleaning up the robust list. That happens if
another task manages to unmap the object containing the lock
before the cleanup, which results in an UAF. In the worst case
this UAF can lead to memory corruption when unrelated content
has been mapped to the same address by the time the access
happens.
User space can't solve this problem without help from the kernel.
This series provides the kernel side infrastructure to help it
along:
1) Combined unlock, pointer clearing, wake-up for the
contended case
2) VDSO based unlock and pointer clearing helpers with a
fix-up function in the kernel when user space was interrupted
within the critical section.
... with help by André Almeida:
- Add a note about robust list race condition (André Almeida)
- Add self-tests for robust release operations (André Almeida)
Context analysis updates:
- Implement context analysis for 'struct rt_mutex'.
(Bart Van Assche)
- Bump required Clang version to 23 (Marco Elver)
Guard infrastructure updates:
- Series to remove NULL check from unconditional guards
(Dmitry Ilvokhin)
Lockdep updates:
- Restore self-test migrate_disable() and sched_rt_mutex
state on PREEMPT_RT (Karl Mehltretter)
Membarriers updates:
- Use per-CPU mutexes for targeted commands (Aniket Gattani)
- Modernize membarrier_global_expedited with cleanup guards
(Aniket Gattani)
- Add rseq stress test for CFS throttle interactions (Aniket Gattani)
percpu-rwsems updates:
- Extract __percpu_up_read() to optimize inlining overhead
(Dmitry Ilvokhin)
Seqlocks updates:
- Allow UBSAN_ALIGNMENT to fail optimizing (Heiko Carstens)
Lock tracing:
- Add contended_release tracepoint to sleepable locks
such as mutexes, percpu-rwsems, rtmutexes, rwsems
and semaphores. (Dmitry Ilvokhin)
MAINTAINERS updates:
- MAINTAINERS: Add RUST [SYNC] entry (Boqun Feng)
Misc updates and fixes by Randy Dunlap, YE WEI-HONG,
Fabricio Parra, Dmitry Ilvokhin and Peter Zijlstra.
Thanks,
Ingo
------------------>
André Almeida (2):
Documentation: futex: Add a note about robust list race condition
selftests: futex: Add tests for robust release operations
Aniket Gattani (3):
sched/membarrier: Use per-CPU mutexes for targeted commands
sched/membarrier: Modernize membarrier_global_expedited with cleanup guards
selftests/membarrier: Add rseq stress test for CFS throttle interactions
Bart Van Assche (1):
locking/rtmutex: Annotate API and implementation
Boqun Feng (1):
MAINTAINERS: Add RUST [SYNC] entry
Dmitry Ilvokhin (8):
nvdimm: Convert nvdimm_bus guard to class
genirq: Move NULL check into irqdesc_lock guard unlock expression
cleanup: Annotate guard constructors with nonnull
cleanup: Remove NULL check from unconditional guards
cleanup: Specify nonnull argument index
tracing/lock: Remove unnecessary linux/sched.h include
locking/percpu-rwsem: Extract __percpu_up_read()
locking: Add contended_release tracepoint to sleepable locks
Fabricio Parra (1):
rust: sync: completion: Mark inline complete_all and wait_for_completion
Heiko Carstens (1):
seqlock: Allow UBSAN_ALIGNMENT to fail optimizing
Karl Mehltretter (2):
lockdep/selftests: Restore migrate_disable() state on PREEMPT_RT
lockdep/selftests: Restore sched_rt_mutex state on PREEMPT_RT
Marco Elver (1):
compiler-context-analysis: Bump required Clang version to 23
Peter Zijlstra (1):
futex: Optimize futex hash bucket access patterns
Randy Dunlap (1):
locking/barrier: Use correct parameter names
Thomas Gleixner (13):
percpu: Sanitize __percpu_qual include hell
futex: Move futex task related data into a struct
futex: Make futex_mm_init() void
futex: Move futex related mm_struct data into a struct
futex: Provide UABI defines for robust list entry modifiers
uaccess: Provide unsafe_atomic_store_release_user()
x86: Select ARCH_MEMORY_ORDER_TSO
futex: Cleanup UAPI defines
futex: Add support for unlocking robust futexes
futex: Add robust futex unlock IP range
futex: Provide infrastructure to plug the non contended robust futex unlock race
x86/vdso: Prepare for robust futex unlock support
x86/vdso: Implement __vdso_futex_robust_try_unlock()
WEI-HONG, YE (1):
locking/qspinlock: Clarify pending field layout
Documentation/dev-tools/context-analysis.rst | 2 +-
Documentation/locking/robust-futex-ABI.rst | 44 +
Documentation/locking/robust-futexes.rst | 8 +-
MAINTAINERS | 14 +
arch/Kconfig | 4 +
arch/um/Makefile | 3 +-
arch/um/include/asm/Kbuild | 1 +
arch/x86/Kconfig | 2 +
arch/x86/entry/vdso/common/vfutex.c | 71 ++
arch/x86/entry/vdso/vdso32/Makefile | 5 +-
arch/x86/entry/vdso/vdso32/vdso32.lds.S | 3 +
arch/x86/entry/vdso/vdso32/vfutex.c | 1 +
arch/x86/entry/vdso/vdso64/Makefile | 7 +-
arch/x86/entry/vdso/vdso64/vdso64.lds.S | 7 +
arch/x86/entry/vdso/vdso64/vdsox32.lds.S | 7 +
arch/x86/entry/vdso/vdso64/vfutex.c | 1 +
arch/x86/entry/vdso/vma.c | 29 +
arch/x86/include/asm/futex_robust.h | 19 +
arch/x86/include/asm/percpu.h | 5 -
arch/x86/include/asm/percpu_types.h | 17 +
arch/x86/include/asm/vdso.h | 4 +
arch/x86/tools/vdso2c.c | 16 +-
drivers/nvdimm/nd.h | 7 +-
include/asm-generic/Kbuild | 1 +
include/asm-generic/barrier.h | 4 +-
include/asm-generic/percpu_types.h | 19 +
include/asm-generic/qspinlock_types.h | 3 +-
include/linux/cleanup.h | 8 +-
include/linux/compiler-context-analysis.h | 30 +-
include/linux/compiler_attributes.h | 9 +
include/linux/compiler_types.h | 3 +
include/linux/futex.h | 86 +-
include/linux/futex_types.h | 98 +++
include/linux/mm_types.h | 12 +-
include/linux/percpu-rwsem.h | 15 +-
include/linux/percpu.h | 9 +-
include/linux/rtmutex.h | 22 +-
include/linux/sched.h | 16 +-
include/linux/seqlock.h | 7 +-
include/linux/uaccess.h | 11 +
include/trace/events/lock.h | 18 +-
include/uapi/linux/futex.h | 60 +-
include/vdso/futex.h | 52 ++
init/Kconfig | 6 +
io_uring/futex.c | 2 +-
kernel/entry/common.c | 9 +-
kernel/exit.c | 4 +-
kernel/fork.c | 8 +-
kernel/futex/core.c | 460 +++++-----
kernel/futex/futex.h | 52 +-
kernel/futex/pi.c | 62 +-
kernel/futex/requeue.c | 20 +-
kernel/futex/syscalls.c | 36 +-
kernel/futex/waitwake.c | 47 +-
kernel/irq/internals.h | 2 +-
kernel/locking/mutex.c | 4 +
kernel/locking/percpu-rwsem.c | 29 +
kernel/locking/rtmutex.c | 5 +
kernel/locking/rtmutex_api.c | 31 +-
kernel/locking/rwbase_rt.c | 6 +
kernel/locking/rwsem.c | 10 +-
kernel/locking/semaphore.c | 4 +
kernel/sched/membarrier.c | 98 ++-
lib/Kconfig.debug | 4 +-
lib/locking-selftest.c | 7 +-
lib/test_context-analysis.c | 24 +
rust/kernel/sync/completion.rs | 2 +
.../selftests/futex/functional/robust_list.c | 239 ++++++
tools/testing/selftests/futex/include/futextest.h | 6 +
tools/testing/selftests/membarrier/Makefile | 5 +-
.../selftests/membarrier/membarrier_rseq_stress.c | 951 +++++++++++++++++++++
71 files changed, 2402 insertions(+), 491 deletions(-)
create mode 100644 arch/x86/entry/vdso/common/vfutex.c
create mode 100644 arch/x86/entry/vdso/vdso32/vfutex.c
create mode 100644 arch/x86/entry/vdso/vdso64/vfutex.c
create mode 100644 arch/x86/include/asm/futex_robust.h
create mode 100644 arch/x86/include/asm/percpu_types.h
create mode 100644 include/asm-generic/percpu_types.h
create mode 100644 include/linux/futex_types.h
create mode 100644 include/vdso/futex.h
create mode 100644 tools/testing/selftests/membarrier/membarrier_rseq_stress.c
reply other threads:[~2026-06-14 11:22 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ai6O4a4UstIWIsFv@gmail.com \
--to=mingo@kernel.org \
--cc=boqun.feng@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.