| From stable-bounces@linux.kernel.org Fri Mar 16 14:40:22 2007 |
| From: Ingo Molnar <mingo@elte.hu> |
| Date: Fri, 16 Mar 2007 13:38:31 -0800 |
| Subject: futex: PI state locking fix |
| To: torvalds@linux-foundation.org |
| Cc: akpm@linux-foundation.org, tglx@linutronix.de, mingo@elte.hu, cebbert@redhat.com, stable@kernel.org |
| Message-ID: <200703162138.l2GLcWjm022407@shell0.pdx.osdl.net> |
| |
| From: Ingo Molnar <mingo@elte.hu> |
| |
| Testing of -rt by IBM uncovered a locking bug in wake_futex_pi(): the PI |
| state needs to be locked before we access it. |
| |
| Signed-off-by: Ingo Molnar <mingo@elte.hu> |
| Acked-by: Thomas Gleixner <tglx@linutronix.de> |
| Cc: Chuck Ebbert <cebbert@redhat.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| kernel/futex.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/kernel/futex.c |
| +++ b/kernel/futex.c |
| @@ -565,6 +565,7 @@ static int wake_futex_pi(u32 __user *uad |
| if (!pi_state) |
| return -EINVAL; |
| |
| + spin_lock(&pi_state->pi_mutex.wait_lock); |
| new_owner = rt_mutex_next_owner(&pi_state->pi_mutex); |
| |
| /* |
| @@ -604,6 +605,7 @@ static int wake_futex_pi(u32 __user *uad |
| pi_state->owner = new_owner; |
| spin_unlock_irq(&new_owner->pi_lock); |
| |
| + spin_unlock(&pi_state->pi_mutex.wait_lock); |
| rt_mutex_unlock(&pi_state->pi_mutex); |
| |
| return 0; |
