From: Sebastian Andrzej Siewior Date: Wed, 16 Apr 2025 16:29:08 +0000 (+0200) Subject: futex: Acquire a hash reference in futex_wait_multiple_setup() X-Git-Tag: v6.16-rc1~199^2^2~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3f6b233018af2a6fb449faa324d94a437e2e47ce;p=thirdparty%2Fkernel%2Flinux.git futex: Acquire a hash reference in futex_wait_multiple_setup() futex_wait_multiple_setup() changes task_struct::__state to !TASK_RUNNING and then enqueues on multiple futexes. Every futex_q_lock() acquires a reference on the global hash which is dropped later. If a rehash is in progress then the loop will block on mm_struct::futex_hash_bucket for the rehash to complete and this will lose the previously set task_struct::__state. Acquire a reference on the local hash to avoiding blocking on mm_struct::futex_hash_bucket. Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Peter Zijlstra (Intel) Link: https://lore.kernel.org/r/20250416162921.513656-9-bigeasy@linutronix.de --- diff --git a/kernel/futex/waitwake.c b/kernel/futex/waitwake.c index d52541bcc07e9..bd8fef0f8d180 100644 --- a/kernel/futex/waitwake.c +++ b/kernel/futex/waitwake.c @@ -406,6 +406,12 @@ int futex_wait_multiple_setup(struct futex_vector *vs, int count, int *woken) int ret, i; u32 uval; + /* + * Make sure to have a reference on the private_hash such that we + * don't block on rehash after changing the task state below. + */ + guard(private_hash)(); + /* * Enqueuing multiple futexes is tricky, because we need to enqueue * each futex on the list before dealing with the next one to avoid