Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
futex: Fix errors in nested key ref-counting
+16
-15
kernel/futex.c
+16
-15
kernel/futex.c
···
1363
{
1364
struct futex_hash_bucket *hb;
1365
1366
-
get_futex_key_refs(&q->key);
1367
hb = hash_futex(&q->key);
1368
q->lock_ptr = &hb->lock;
1369
···
1374
queue_unlock(struct futex_q *q, struct futex_hash_bucket *hb)
1375
{
1376
spin_unlock(&hb->lock);
1377
-
drop_futex_key_refs(&q->key);
1378
}
1379
1380
/**
···
1478
q->pi_state = NULL;
1479
1480
spin_unlock(q->lock_ptr);
1481
-
1482
-
drop_futex_key_refs(&q->key);
1483
}
1484
1485
/*
···
1808
}
1809
1810
retry:
1811
-
/* Prepare to wait on uaddr. */
1812
ret = futex_wait_setup(uaddr, val, fshared, &q, &hb);
1813
if (ret)
1814
goto out;
···
1821
1822
/* If we were woken (and unqueued), we succeeded, whatever. */
1823
ret = 0;
1824
if (!unqueue_me(&q))
1825
-
goto out_put_key;
1826
ret = -ETIMEDOUT;
1827
if (to && !to->task)
1828
-
goto out_put_key;
1829
1830
/*
1831
* We expect signal_pending(current), but we might be the
1832
* victim of a spurious wakeup as well.
1833
*/
1834
-
if (!signal_pending(current)) {
1835
-
put_futex_key(fshared, &q.key);
1836
goto retry;
1837
-
}
1838
1839
ret = -ERESTARTSYS;
1840
if (!abs_time)
1841
-
goto out_put_key;
1842
1843
restart = ¤t_thread_info()->restart_block;
1844
restart->fn = futex_wait_restart;
···
1854
1855
ret = -ERESTART_RESTARTBLOCK;
1856
1857
-
out_put_key:
1858
-
put_futex_key(fshared, &q.key);
1859
out:
1860
if (to) {
1861
hrtimer_cancel(&to->timer);
···
2232
q.rt_waiter = &rt_waiter;
2233
q.requeue_pi_key = &key2;
2234
2235
-
/* Prepare to wait on uaddr. */
2236
ret = futex_wait_setup(uaddr, val, fshared, &q, &hb);
2237
if (ret)
2238
goto out_key2;
···
2253
* In order for us to be here, we know our q.key == key2, and since
2254
* we took the hb->lock above, we also know that futex_requeue() has
2255
* completed and we no longer have to concern ourselves with a wakeup
2256
-
* race with the atomic proxy lock acquition by the requeue code.
2257
*/
2258
2259
/* Check if the requeue code acquired the second futex for us. */
···
1363
{
1364
struct futex_hash_bucket *hb;
1365
1366
hb = hash_futex(&q->key);
1367
q->lock_ptr = &hb->lock;
1368
···
1375
queue_unlock(struct futex_q *q, struct futex_hash_bucket *hb)
1376
{
1377
spin_unlock(&hb->lock);
1378
}
1379
1380
/**
···
1480
q->pi_state = NULL;
1481
1482
spin_unlock(q->lock_ptr);
1483
}
1484
1485
/*
···
1812
}
1813
1814
retry:
1815
+
/*
1816
+
* Prepare to wait on uaddr. On success, holds hb lock and increments
1817
+
* q.key refs.
1818
+
*/
1819
ret = futex_wait_setup(uaddr, val, fshared, &q, &hb);
1820
if (ret)
1821
goto out;
···
1822
1823
/* If we were woken (and unqueued), we succeeded, whatever. */
1824
ret = 0;
1825
+
/* unqueue_me() drops q.key ref */
1826
if (!unqueue_me(&q))
1827
+
goto out;
1828
ret = -ETIMEDOUT;
1829
if (to && !to->task)
1830
+
goto out;
1831
1832
/*
1833
* We expect signal_pending(current), but we might be the
1834
* victim of a spurious wakeup as well.
1835
*/
1836
+
if (!signal_pending(current))
1837
goto retry;
1838
1839
ret = -ERESTARTSYS;
1840
if (!abs_time)
1841
+
goto out;
1842
1843
restart = ¤t_thread_info()->restart_block;
1844
restart->fn = futex_wait_restart;
···
1856
1857
ret = -ERESTART_RESTARTBLOCK;
1858
1859
out:
1860
if (to) {
1861
hrtimer_cancel(&to->timer);
···
2236
q.rt_waiter = &rt_waiter;
2237
q.requeue_pi_key = &key2;
2238
2239
+
/*
2240
+
* Prepare to wait on uaddr. On success, increments q.key (key1) ref
2241
+
* count.
2242
+
*/
2243
ret = futex_wait_setup(uaddr, val, fshared, &q, &hb);
2244
if (ret)
2245
goto out_key2;
···
2254
* In order for us to be here, we know our q.key == key2, and since
2255
* we took the hb->lock above, we also know that futex_requeue() has
2256
* completed and we no longer have to concern ourselves with a wakeup
2257
+
* race with the atomic proxy lock acquisition by the requeue code. The
2258
+
* futex_requeue dropped our key1 reference and incremented our key2
2259
+
* reference count.
2260
*/
2261
2262
/* Check if the requeue code acquired the second futex for us. */