)]}'
{
  "commit": "ee9dce44362b2d8132c32964656ab6dff7dfbc6a",
  "tree": "92cefa9cd46e9e431ed6be5e88a8486d59ab064e",
  "parents": [
    "bb1d73f2cddccf717307e88c24cae619a9a80295"
  ],
  "author": {
    "name": "Davidlohr Bueso",
    "email": "dave@stgolabs.net",
    "time": "Fri May 01 12:41:23 2026 -0700"
  },
  "committer": {
    "name": "Linus Torvalds",
    "email": "torvalds@linux-foundation.org",
    "time": "Fri May 01 13:12:34 2026 -0700"
  },
  "message": "futex: Drop CLONE_THREAD requirement for private default hash alloc\n\nCurrently need_futex_hash_allocate_default() depends on strict pthread\nsemantics, abusing CLONE_THREAD.  This breaks the non-concurrency\nassumptions when doing the mm-\u003efutex_ref pcpu allocations, leading to\nbugs[0] when sharing the mm in other ways; ie:\n\n    BUG: KASAN: slab-use-after-free in futex_hash_put\n\n... where the +1 bias can end up on a percpu counter that mm-\u003efutex_ref\nno longer points at.\n\nLoosen the check to cover any CLONE_VM clone, except vfork().  Excluding\nvfork keeps the existing paths untouched (no overhead), and we can\u0027t\nrace in the first place: either the parent is suspended and the child\nruns alone, or mm-\u003efutex_ref is already allocated from an earlier\nCLONE_VM.\n\nLink: https://lore.kernel.org/all/CAL_bE8LsmCQ-FAtYDuwbJhOkt9p2wwYQwAbMh\u003dPifC\u003dVsiBM6A@mail.gmail.com/ [0]\nFixes: d9b05321e21e (\"futex: Move futex_hash_free() back to __mmput()\")\nReported-by: Yiming Qian \u003cyimingqian591@gmail.com\u003e\nSigned-off-by: Davidlohr Bueso \u003cdave@stgolabs.net\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "f1ad69c6dc2d4e60e08f07d1ed5a61211b16456c",
      "old_mode": 33188,
      "old_path": "kernel/fork.c",
      "new_id": "5f3fdfdb14c7c7d609917a8114a632c05a8dd234",
      "new_mode": 33188,
      "new_path": "kernel/fork.c"
    }
  ]
}