Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull futex fixes from Ingo Molnar:
 "A couple of futex fixes from Darren Hart: two bugs reported by Dave
  Jones (found with his trinity test) and Dan Carpenter through static
  analysis.  The third found while debugging the first two."

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi()
  futex: Fix bug in WARN_ON for NULL q.pi_state
  futex: Test for pi_mutex on fault in futex_wait_requeue_pi()
Linus Torvalds 13 years ago
parent
1ca0049f2c 6f7b0a2a5c
commit
c4e62d6785
1 changed files with 10 additions and 7 deletions
Split View Show Diff Stats
  1. 10 7
      kernel/futex.c

+ 10 - 7
kernel/futex.c
View File 

@@ -2231,11 +2231,11 @@ int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
 
  * @uaddr2:	the pi futex we will take prior to returning to user-space
 
  *
 
  * The caller will wait on uaddr and will be requeued by futex_requeue() to
 
- * uaddr2 which must be PI aware.  Normal wakeup will wake on uaddr2 and
 
- * complete the acquisition of the rt_mutex prior to returning to userspace.
 
- * This ensures the rt_mutex maintains an owner when it has waiters; without
 
- * one, the pi logic wouldn't know which task to boost/deboost, if there was a
 
- * need to.
 
+ * uaddr2 which must be PI aware and unique from uaddr.  Normal wakeup will wake
 
+ * on uaddr2 and complete the acquisition of the rt_mutex prior to returning to
 
+ * userspace.  This ensures the rt_mutex maintains an owner when it has waiters;
 
+ * without one, the pi logic would not know which task to boost/deboost, if
 
+ * there was a need to.
 
  *
 
  * We call schedule in futex_wait_queue_me() when we enqueue and return there
 
  * via the following:
 
@@ -2272,6 +2272,9 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
 
 	struct futex_q q = futex_q_init;
 
 	int res, ret;
 
 
+	if (uaddr == uaddr2)
 
+		return -EINVAL;
 
+
 
 	if (!bitset)
 
 		return -EINVAL;
 
 
@@ -2343,7 +2346,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
 
 		 * signal.  futex_unlock_pi() will not destroy the lock_ptr nor
 
 		 * the pi_state.
 
 		 */
 
-		WARN_ON(!&q.pi_state);
 
+		WARN_ON(!q.pi_state);
 
 		pi_mutex = &q.pi_state->pi_mutex;
 
 		ret = rt_mutex_finish_proxy_lock(pi_mutex, to, &rt_waiter, 1);
 
 		debug_rt_mutex_free_waiter(&rt_waiter);
 
@@ -2370,7 +2373,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
 
 	 * fault, unlock the rt_mutex and return the fault to userspace.
 
 	 */
 
 	if (ret == -EFAULT) {
 
-		if (rt_mutex_owner(pi_mutex) == current)
 
+		if (pi_mutex && rt_mutex_owner(pi_mutex) == current)
 
 			rt_mutex_unlock(pi_mutex);
 
 	} else if (ret == -EINTR) {
 
 		/*