提交 de87fcc1 编写于 作者: D Darren Hart 提交者: Ingo Molnar

futex: additional (get|put)_futex_key() fixes

Impact: fix races

futex_requeue and futex_lock_pi still had some bad
(get|put)_futex_key() usage. This patch adds the missing
put_futex_keys() and corrects a goto in futex_lock_pi() to avoid
a double get.

Build and boot tested on a 4 way Intel x86_64 workstation.
Passes basic pthread_mutex and PI tests out of
ltp/testcases/realtime.
Signed-off-by: NDarren Hart <dvhltc@us.ibm.com>
Acked-by: NPeter Zijlstra <peterz@infradead.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
LKML-Reference: <20090312075545.9856.75152.stgit@Aeon>
Signed-off-by: NIngo Molnar <mingo@elte.hu>
上级 b2d0994b
...@@ -802,8 +802,10 @@ futex_wake_op(u32 __user *uaddr1, int fshared, u32 __user *uaddr2, ...@@ -802,8 +802,10 @@ futex_wake_op(u32 __user *uaddr1, int fshared, u32 __user *uaddr2,
ret = get_user(dummy, uaddr2); ret = get_user(dummy, uaddr2);
if (ret) if (ret)
return ret; goto out_put_keys;
put_futex_key(fshared, &key2);
put_futex_key(fshared, &key1);
goto retryfull; goto retryfull;
} }
...@@ -878,6 +880,9 @@ static int futex_requeue(u32 __user *uaddr1, int fshared, u32 __user *uaddr2, ...@@ -878,6 +880,9 @@ static int futex_requeue(u32 __user *uaddr1, int fshared, u32 __user *uaddr2,
if (hb1 != hb2) if (hb1 != hb2)
spin_unlock(&hb2->lock); spin_unlock(&hb2->lock);
put_futex_key(fshared, &key2);
put_futex_key(fshared, &key1);
ret = get_user(curval, uaddr1); ret = get_user(curval, uaddr1);
if (!ret) if (!ret)
...@@ -1453,6 +1458,7 @@ static int futex_lock_pi(u32 __user *uaddr, int fshared, ...@@ -1453,6 +1458,7 @@ static int futex_lock_pi(u32 __user *uaddr, int fshared,
* exit to complete. * exit to complete.
*/ */
queue_unlock(&q, hb); queue_unlock(&q, hb);
put_futex_key(fshared, &q.key);
cond_resched(); cond_resched();
goto retry; goto retry;
...@@ -1595,13 +1601,12 @@ static int futex_lock_pi(u32 __user *uaddr, int fshared, ...@@ -1595,13 +1601,12 @@ static int futex_lock_pi(u32 __user *uaddr, int fshared,
ret = get_user(uval, uaddr); ret = get_user(uval, uaddr);
if (!ret) if (!ret)
goto retry; goto retry_unlocked;
if (to) goto out_put_key;
destroy_hrtimer_on_stack(&to->timer);
return ret;
} }
/* /*
* Userspace attempted a TID -> 0 atomic transition, and failed. * Userspace attempted a TID -> 0 atomic transition, and failed.
* This is the in-kernel slowpath: we look up the PI state (if any), * This is the in-kernel slowpath: we look up the PI state (if any),
...@@ -1705,6 +1710,7 @@ static int futex_unlock_pi(u32 __user *uaddr, int fshared) ...@@ -1705,6 +1710,7 @@ static int futex_unlock_pi(u32 __user *uaddr, int fshared)
} }
ret = get_user(uval, uaddr); ret = get_user(uval, uaddr);
put_futex_key(fshared, &key);
if (!ret) if (!ret)
goto retry; goto retry;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册