commit 805f286907ace68bef37db20bbdfa8f4a1908ed9

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull locking fix from Thomas Gleixner:
"A fix for a state leak which was introduced in the recent rework of
futex/rtmutex interaction"

* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock()

Linus Torvalds 8 years ago 805f2869 d024baa5

+18 -6

1 changed file

expand all

unified split

kernel

locking

rtmutex.c

+18 -6

kernel/locking/rtmutex.c

··· 1785 int ret; 1786 1787 raw_spin_lock_irq(&lock->wait_lock); 1788 - 1789 - set_current_state(TASK_INTERRUPTIBLE); 1790 - 1791 /* sleep on the mutex */ 1792 ret = __rt_mutex_slowlock(lock, TASK_INTERRUPTIBLE, to, waiter); 1793 - 1794 raw_spin_unlock_irq(&lock->wait_lock); 1795 1796 return ret; ··· 1824 1825 raw_spin_lock_irq(&lock->wait_lock); 1826 /* 1827 * Unless we're the owner; we're still enqueued on the wait_list. 1828 * So check if we became owner, if not, take us off the wait_list. 1829 */ 1830 if (rt_mutex_owner(lock) != current) { 1831 remove_waiter(lock, waiter); 1832 - fixup_rt_mutex_waiters(lock); 1833 cleanup = true; 1834 } 1835 - 1836 /* 1837 * try_to_take_rt_mutex() sets the waiter bit unconditionally. We might 1838 * have to fix that up.

··· 1785 int ret; 1786 1787 raw_spin_lock_irq(&lock->wait_lock); 1788 /* sleep on the mutex */ 1789 + set_current_state(TASK_INTERRUPTIBLE); 1790 ret = __rt_mutex_slowlock(lock, TASK_INTERRUPTIBLE, to, waiter); 1791 + /* 1792 + * try_to_take_rt_mutex() sets the waiter bit unconditionally. We might 1793 + * have to fix that up. 1794 + */ 1795 + fixup_rt_mutex_waiters(lock); 1796 raw_spin_unlock_irq(&lock->wait_lock); 1797 1798 return ret; ··· 1822 1823 raw_spin_lock_irq(&lock->wait_lock); 1824 /* 1825 + * Do an unconditional try-lock, this deals with the lock stealing 1826 + * state where __rt_mutex_futex_unlock() -> mark_wakeup_next_waiter() 1827 + * sets a NULL owner. 1828 + * 1829 + * We're not interested in the return value, because the subsequent 1830 + * test on rt_mutex_owner() will infer that. If the trylock succeeded, 1831 + * we will own the lock and it will have removed the waiter. If we 1832 + * failed the trylock, we're still not owner and we need to remove 1833 + * ourselves. 1834 + */ 1835 + try_to_take_rt_mutex(lock, current, waiter); 1836 + /* 1837 * Unless we're the owner; we're still enqueued on the wait_list. 1838 * So check if we became owner, if not, take us off the wait_list. 1839 */ 1840 if (rt_mutex_owner(lock) != current) { 1841 remove_waiter(lock, waiter); 1842 cleanup = true; 1843 } 1844 /* 1845 * try_to_take_rt_mutex() sets the waiter bit unconditionally. We might 1846 * have to fix that up.