An unoptimized code of key handling for shared futexes was found in the Linux kernel in the form of unbounded contention time due to the page lock for real-time users. Before the fix the page lock was a heavy unnecessary lock for the futex path that protected too much. After the fix the page lock is only required in a specific corner case. References: https://source.android.com/security/bulletin/2018-07-01 https://marc.info/?w=2&r=1&s=futex%3A+Remove+requirement+for+lock_page&q=t (the discussions) https://lore.kernel.org/patchwork/patch/645516/ Upstream patches: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=65d8fc777f6dcfee12785c057a6b57f679641c90 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48fb6f4db940e92cfb16cd878cddd59ea6120d06
Notes: It does not look like this flaw can be exploited and even if it is really a security flaw at all. Probably, there is a confusion about the commit messages as it mentions "one rare race". Actually no race was addressed by the commit but the commit message could be interpreted so, as fixing a race related to shmem pages and a swapcache.