Commit 21778867 authored Mar 16, 2007 by Ingo Molnar Committed by Linus Torvalds Mar 16, 2007

[PATCH] futex: PI state locking fix

Testing of -rt by IBM uncovered a locking bug in wake_futex_pi(): the PI
state needs to be locked before we access it.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Chuck Ebbert <cebbert@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent d3a7b6df

kernel/futex.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -565,6 +565,7 @@ static int wake_futex_pi(u32 __user uaddr, u32 uval, struct futex_q this)
		if (!pi_state)
		return -EINVAL;

		spin_lock(&pi_state->pi_mutex.wait_lock);
		new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);

		/*
		@@ -604,6 +605,7 @@ static int wake_futex_pi(u32 __user uaddr, u32 uval, struct futex_q this)
		pi_state->owner = new_owner;
		spin_unlock_irq(&new_owner->pi_lock);

		spin_unlock(&pi_state->pi_mutex.wait_lock);
		rt_mutex_unlock(&pi_state->pi_mutex);

		return 0;

Admin message