Commit e703b7e2 authored Jul 30, 2025 by Thomas Gleixner

futex: Move futex cleanup to __mmdrop()



Futex hash allocations are done in mm_init() and the cleanup happens in
__mmput(). That works most of the time, but there are mm instances which
are instantiated via mm_alloc() and freed via mmdrop(), which causes the
futex hash to be leaked.

Move the cleanup to __mmdrop().

Fixes: 56180dd2 ("futex: Use RCU-based per-CPU reference counting instead of rcuref_t")
Reported-by: André Draszik <andre.draszik@linaro.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: André Draszik <andre.draszik@linaro.org>
Link: https://lore.kernel.org/all/87ldo5ihu0.ffs@tglx
Closes: https://lore.kernel.org/all/0c8cc83bb73abf080faf584f319008b67d0931db.camel@linaro.org

parent 98e8f2c0

kernel/fork.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -686,6 +686,7 @@ void __mmdrop(struct mm_struct *mm)
		mm_pasid_drop(mm);
		mm_destroy_cid(mm);
		percpu_counter_destroy_many(mm->rss_stat, NR_MM_COUNTERS);
		futex_hash_free(mm);

		free_mm(mm);
		}
		@@ -1133,7 +1134,6 @@ static inline void __mmput(struct mm_struct *mm)
		if (mm->binfmt)
		module_put(mm->binfmt->module);
		lru_gen_del_mm(mm);
		futex_hash_free(mm);
		mmdrop(mm);
		}