| From fb75a4282d0d9a3c7c44d940582c2d226cf3acfb Mon Sep 17 00:00:00 2001 |
| From: Thomas Gleixner <tglx@linutronix.de> |
| Date: Sat, 19 Dec 2015 20:07:38 +0000 |
| Subject: futex: Drop refcount if requeue_pi() acquired the rtmutex |
| |
| From: Thomas Gleixner <tglx@linutronix.de> |
| |
| commit fb75a4282d0d9a3c7c44d940582c2d226cf3acfb upstream. |
| |
| If the proxy lock in the requeue loop acquires the rtmutex for a |
| waiter then it acquired also refcount on the pi_state related to the |
| futex, but the waiter side does not drop the reference count. |
| |
| Add the missing free_pi_state() call. |
| |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Cc: Peter Zijlstra <peterz@infradead.org> |
| Cc: Darren Hart <darren@dvhart.com> |
| Cc: Davidlohr Bueso <dave@stgolabs.net> |
| Cc: Bhuvanesh_Surachari@mentor.com |
| Cc: Andy Lowe <Andy_Lowe@mentor.com> |
| Link: http://lkml.kernel.org/r/20151219200607.178132067@linutronix.de |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| kernel/futex.c | 5 +++++ |
| 1 file changed, 5 insertions(+) |
| |
| --- a/kernel/futex.c |
| +++ b/kernel/futex.c |
| @@ -2648,6 +2648,11 @@ static int futex_wait_requeue_pi(u32 __u |
| if (q.pi_state && (q.pi_state->owner != current)) { |
| spin_lock(q.lock_ptr); |
| ret = fixup_pi_state_owner(uaddr2, &q, current); |
| + /* |
| + * Drop the reference to the pi state which |
| + * the requeue_pi() code acquired for us. |
| + */ |
| + free_pi_state(q.pi_state); |
| spin_unlock(q.lock_ptr); |
| } |
| } else { |
