futex: additional (get|put)_futex_key() fixes
authorDarren Hart <dvhltc@us.ibm.com>
Thu, 12 Mar 2009 07:55:46 +0000 (00:55 -0700)
committerIngo Molnar <mingo@elte.hu>
Thu, 12 Mar 2009 10:20:56 +0000 (11:20 +0100)
Impact: fix races

futex_requeue and futex_lock_pi still had some bad
(get|put)_futex_key() usage. This patch adds the missing
put_futex_keys() and corrects a goto in futex_lock_pi() to avoid
a double get.

Build and boot tested on a 4 way Intel x86_64 workstation.
Passes basic pthread_mutex and PI tests out of
ltp/testcases/realtime.

Signed-off-by: Darren Hart <dvhltc@us.ibm.com>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
LKML-Reference: <20090312075545.9856.75152.stgit@Aeon>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
kernel/futex.c

index e6a4d72bca3dfe56c41b4e8512ffb335359939ab..4000454e4d8373f6128eb0735d0afd02ee583a6e 100644 (file)
@@ -802,8 +802,10 @@ retry:
 
                ret = get_user(dummy, uaddr2);
                if (ret)
-                       return ret;
+                       goto out_put_keys;
 
+               put_futex_key(fshared, &key2);
+               put_futex_key(fshared, &key1);
                goto retryfull;
        }
 
@@ -878,6 +880,9 @@ retry:
                        if (hb1 != hb2)
                                spin_unlock(&hb2->lock);
 
+                       put_futex_key(fshared, &key2);
+                       put_futex_key(fshared, &key1);
+
                        ret = get_user(curval, uaddr1);
 
                        if (!ret)
@@ -1453,6 +1458,7 @@ retry_locked:
                         * exit to complete.
                         */
                        queue_unlock(&q, hb);
+                       put_futex_key(fshared, &q.key);
                        cond_resched();
                        goto retry;
 
@@ -1595,13 +1601,12 @@ uaddr_faulted:
 
        ret = get_user(uval, uaddr);
        if (!ret)
-               goto retry;
+               goto retry_unlocked;
 
-       if (to)
-               destroy_hrtimer_on_stack(&to->timer);
-       return ret;
+       goto out_put_key;
 }
 
+
 /*
  * Userspace attempted a TID -> 0 atomic transition, and failed.
  * This is the in-kernel slowpath: we look up the PI state (if any),
@@ -1705,6 +1710,7 @@ pi_faulted:
        }
 
        ret = get_user(uval, uaddr);
+       put_futex_key(fshared, &key);
        if (!ret)
                goto retry;