Commit 921c7ebd authored by Mateusz Nosek's avatar Mateusz Nosek Committed by Thomas Gleixner
Browse files

futex: Fix incorrect should_fail_futex() handling 



If should_futex_fail() returns true in futex_wake_pi(), then the 'ret'
variable is set to -EFAULT and then immediately overwritten. So the failure
injection is non-functional.

Fix it by actually leaving the function and returning -EFAULT.

The Fixes tag is kinda blury because the initial commit which introduced
failure injection was already sloppy, but the below mentioned commit broke
it completely.

[ tglx: Massaged changelog ]

Fixes: 6b4f4bc9 ("locking/futex: Allow low-level atomic operations to return -EAGAIN")
Signed-off-by: default avatarMateusz Nosek <mateusznosek0@gmail.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20200927000858.24219-1-mateusznosek0@gmail.com
parent f8e48a3d

kernel/futex.c

+3 −1
Original line number Diff line number Diff line
@@ -1502,8 +1502,10 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_pi_state *pi_ 
	 */

	newval = FUTEX_WAITERS | task_pid_vnr(new_owner);



	if (unlikely(should_fail_futex(true)))

	if (unlikely(should_fail_futex(true))) {

		ret = -EFAULT;

		goto out_unlock;

	}



	ret = cmpxchg_futex_value_locked(&curval, uaddr, uval, newval);

	if (!ret && (curval != uval)) {

CRA Git | Maintained and supported by SUSTech CRA and CCSE