From bc5a058fc5e016ca316b6a465875500d5b9d1ff1 Mon Sep 17 00:00:00 2001
From: Zejun Zhao <jelly.zhao.42@gmail.com>
Date: Mon, 16 Dec 2024 11:55:55 +0800
Subject: [PATCH] Add TODO for a potential vulnerability in futex
 implementation

---
 kernel/src/process/posix_thread/futex.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/kernel/src/process/posix_thread/futex.rs b/kernel/src/process/posix_thread/futex.rs
index c44e9bebd..f79858f4c 100644
--- a/kernel/src/process/posix_thread/futex.rs
+++ b/kernel/src/process/posix_thread/futex.rs
@@ -74,6 +74,15 @@ pub fn futex_wait_bitset(
     drop(futex_bucket);
 
     waiter.pause_timeout(timeout)
+
+    // TODO: Ensure the futex item is dequeued and dropped.
+    //
+    // The enqueued futex item remain undequeued
+    // if the futex wait operation is interrupted by a signal or times out.
+    // In such cases, the `Box<FutexItem>` would persist in memory,
+    // leaving our implementation vulnerable to exploitation by user programs
+    // that could repeatedly issue futex wait operations
+    // to exhaust kernel memory.
 }
 
 /// Does futex wake