From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F273335F190 for ; Tue, 24 Mar 2026 16:36:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774370207; cv=none; b=bu/8XiCtNDKS8JhzvbuGTW7UmekfFlfDutEHtxKWj01XkJYEeiF/Z7fMPaT7QSZbldM0Gp8DJTLejLTVJ8EUVWmBNQlPJhd0/vgX7YUwBtVdgagCR0zb6qETYLevxOOw6FI3778kZACTGv/WvYKfpSOdCWdqEyKxfqnA9p0M5e8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774370207; c=relaxed/simple; bh=mSycPKbk2fdS+E5YCX4L+r5LFtmgi215LmLvriDP2vU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=XkwnT5GI7kLGn4Lzs6Ej27ejknurBPM4ZeKUXtU27956jK2xgrrZc+6M/0WfFWlYW1DLlmHFt4JDIpoZlTgHqIcdkMqLSdxOITqqOkXX6CvgZIBtVlqQb/OlKH/qHa5EjqT9kbgHDqKvzSRrG4Y3gvLKJi1e1Knab0axjIZkQok= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QndkqMCx; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QndkqMCx" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F1E10C19424; Tue, 24 Mar 2026 16:36:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774370206; bh=mSycPKbk2fdS+E5YCX4L+r5LFtmgi215LmLvriDP2vU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=QndkqMCxK1TeWqDkJY3Xr3u+beAQFaCzExSDnyjROfpnOQSf7l70VpJwfTJCuGdnF j67peCtt/5H0my3B5ITCB4HSiMCWCntjAvhxYlpGs1/oSfG5InVkbK8NShMAgAFIYr rQsw1xjH87dQkZE6IQci3tuUa2pyILrfU9+RrT7wd+L8mN+o/S7jkXq51bR675P11l hfU/eOWBHswnvbUXWr67rX9foP1NpibfBnSfNXkTg2TZz7g/v555sYClL8vV1AG7ZY r7S07bw6KTyVrCffSXxO8s3R/+sYR1ppC69d1zyINlTI9mUwicRhW5hEFlWw794qQP BxusL2gzAxyDQ== From: Thomas Gleixner To: Peter Zijlstra Cc: Hao-Yu Yang , mingo@redhat.com, linux-kernel@vger.kernel.org, Andrew Morton , David Hillenbrand , Eric Dumazet , linux-mm@kvack.org Subject: Re: [PATCH v2] futex: Use-after-free between futex_key_to_node_opt and vma_replace_policy In-Reply-To: <20260324140019.GE3738010@noisy.programming.kicks-ass.net> References: <20260313124756.52461-1-naup96721@gmail.com> <87a4vyihlx.ffs@tglx> <20260324140019.GE3738010@noisy.programming.kicks-ass.net> Date: Tue, 24 Mar 2026 17:36:42 +0100 Message-ID: <87fr5pgp5x.ffs@tglx> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain On Tue, Mar 24 2026 at 15:00, Peter Zijlstra wrote: > On Mon, Mar 23, 2026 at 06:24:42PM +0100, Thomas Gleixner wrote: > Not to mention we don't actually need any of that here, because: > >> Especially the writer side is required so that the proper memory >> barriers are inserted for architectures with a weakly ordered memory >> model. > > The vma->vm_policy thing is written under mmap_lock held for writing, > and the futex consumer is a speculative read lock. Specifically the > ordering is through the associated seqcount. Duh. Yes. > All that is really needed is to extend the lifetime of the mpol to the > associated RCU period. Which is exactly what this patch does. > > Want me to go write up a better Changelog? And a comment in the code explaining the RCU magic perhaps?