that futex bug
Ben Collins
ben.collins at ubuntu.com
Sun Apr 22 15:17:37 UTC 2007
Thanks Fabio.
Phillip, can you go ahead and cherry pick this into feisty?
On Sun, 2007-04-22 at 09:15 +0200, Fabio Massimo Di Nitto wrote:
> > commit 21778867b1c8e0feb567addb6dc0a7e2ca6ecdec
> > Author: Ingo Molnar <mingo at elte.hu>
> > Date: Fri Mar 16 13:38:31 2007 -0800
> >
> > [PATCH] futex: PI state locking fix
> >
> > Testing of -rt by IBM uncovered a locking bug in
> wake_futex_pi(): the PI
> > state needs to be locked before we access it.
> >
> > Signed-off-by: Ingo Molnar <mingo at elte.hu>
> > Acked-by: Thomas Gleixner <tglx at linutronix.de>
> > Cc: Chuck Ebbert <cebbert at redhat.com>
> > Cc: <stable at kernel.org>
> > Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
> > Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
> >
> > diff --git a/kernel/futex.c b/kernel/futex.c
> > index e749e7d..5a270b5 100644
> > --- a/kernel/futex.c
> > +++ b/kernel/futex.c
> > @@ -565,6 +565,7 @@ static int wake_futex_pi(u32 __user *uaddr, u32
> uval, struct futex_q *this)
> > if (!pi_state)
> > return -EINVAL;
> >
> > + spin_lock(&pi_state->pi_mutex.wait_lock);
> > new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
> >
> > /*
> > @@ -604,6 +605,7 @@ static int wake_futex_pi(u32 __user *uaddr, u32
> uval, struct futex_q *this)
> > pi_state->owner = new_owner;
> > spin_unlock_irq(&new_owner->pi_lock);
> >
> > + spin_unlock(&pi_state->pi_mutex.wait_lock);
> > rt_mutex_unlock(&pi_state->pi_mutex);
> >
> > return 0;
>
>
--
Ubuntu: http://www.ubuntu.com/
Linux1394: http://www.linux1394.org/
More information about the kernel-team
mailing list