diff options
author | Darren Hart <dvhltc@us.ibm.com> | 2009-03-12 08:55:46 +0100 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2009-03-12 11:20:56 +0100 |
commit | de87fcc124a5d4a171aa32707b3265608ebda6e7 (patch) | |
tree | 5ba695dc0b13c7613c8e9306f9703c1b61ef41fc /kernel/futex.c | |
parent | futex: update futex commentary (diff) | |
download | linux-de87fcc124a5d4a171aa32707b3265608ebda6e7.tar.xz linux-de87fcc124a5d4a171aa32707b3265608ebda6e7.zip |
futex: additional (get|put)_futex_key() fixes
Impact: fix races
futex_requeue and futex_lock_pi still had some bad
(get|put)_futex_key() usage. This patch adds the missing
put_futex_keys() and corrects a goto in futex_lock_pi() to avoid
a double get.
Build and boot tested on a 4 way Intel x86_64 workstation.
Passes basic pthread_mutex and PI tests out of
ltp/testcases/realtime.
Signed-off-by: Darren Hart <dvhltc@us.ibm.com>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
LKML-Reference: <20090312075545.9856.75152.stgit@Aeon>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to '')
-rw-r--r-- | kernel/futex.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/kernel/futex.c b/kernel/futex.c index e6a4d72bca3d..4000454e4d83 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -802,8 +802,10 @@ retry: ret = get_user(dummy, uaddr2); if (ret) - return ret; + goto out_put_keys; + put_futex_key(fshared, &key2); + put_futex_key(fshared, &key1); goto retryfull; } @@ -878,6 +880,9 @@ retry: if (hb1 != hb2) spin_unlock(&hb2->lock); + put_futex_key(fshared, &key2); + put_futex_key(fshared, &key1); + ret = get_user(curval, uaddr1); if (!ret) @@ -1453,6 +1458,7 @@ retry_locked: * exit to complete. */ queue_unlock(&q, hb); + put_futex_key(fshared, &q.key); cond_resched(); goto retry; @@ -1595,13 +1601,12 @@ uaddr_faulted: ret = get_user(uval, uaddr); if (!ret) - goto retry; + goto retry_unlocked; - if (to) - destroy_hrtimer_on_stack(&to->timer); - return ret; + goto out_put_key; } + /* * Userspace attempted a TID -> 0 atomic transition, and failed. * This is the in-kernel slowpath: we look up the PI state (if any), @@ -1705,6 +1710,7 @@ pi_faulted: } ret = get_user(uval, uaddr); + put_futex_key(fshared, &key); if (!ret) goto retry; |