diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-08-13 15:09:16 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-08-13 15:09:16 -0400 |
| commit | 919aa96a9cfc5071f037bf58718e05335562a6ac (patch) | |
| tree | 00f55468065e2f290aa3f24bdc61654f82da9dcc /kernel/futex.c | |
| parent | 1c2ffff407140adf75bb72ae375688480793a228 (diff) | |
| parent | 392741e0a4e17c82e3978b7fcbf04291294dc0a1 (diff) | |
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
futex: Fix handling of bad requeue syscall pairing
futex: Fix compat_futex to be same as futex for REQUEUE_PI
locking, sched: Give waitqueue spinlocks their own lockdep classes
futex: Update futex_q lock_ptr on requeue proxy lock
Diffstat (limited to 'kernel/futex.c')
| -rw-r--r-- | kernel/futex.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/kernel/futex.c b/kernel/futex.c index 0672ff88f159..e18cfbdc7190 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
| @@ -1010,15 +1010,19 @@ void requeue_futex(struct futex_q *q, struct futex_hash_bucket *hb1, | |||
| 1010 | * requeue_pi_wake_futex() - Wake a task that acquired the lock during requeue | 1010 | * requeue_pi_wake_futex() - Wake a task that acquired the lock during requeue |
| 1011 | * q: the futex_q | 1011 | * q: the futex_q |
| 1012 | * key: the key of the requeue target futex | 1012 | * key: the key of the requeue target futex |
| 1013 | * hb: the hash_bucket of the requeue target futex | ||
| 1013 | * | 1014 | * |
| 1014 | * During futex_requeue, with requeue_pi=1, it is possible to acquire the | 1015 | * During futex_requeue, with requeue_pi=1, it is possible to acquire the |
| 1015 | * target futex if it is uncontended or via a lock steal. Set the futex_q key | 1016 | * target futex if it is uncontended or via a lock steal. Set the futex_q key |
| 1016 | * to the requeue target futex so the waiter can detect the wakeup on the right | 1017 | * to the requeue target futex so the waiter can detect the wakeup on the right |
| 1017 | * futex, but remove it from the hb and NULL the rt_waiter so it can detect | 1018 | * futex, but remove it from the hb and NULL the rt_waiter so it can detect |
| 1018 | * atomic lock acquisition. Must be called with the q->lock_ptr held. | 1019 | * atomic lock acquisition. Set the q->lock_ptr to the requeue target hb->lock |
| 1020 | * to protect access to the pi_state to fixup the owner later. Must be called | ||
| 1021 | * with both q->lock_ptr and hb->lock held. | ||
| 1019 | */ | 1022 | */ |
| 1020 | static inline | 1023 | static inline |
| 1021 | void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key) | 1024 | void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key, |
| 1025 | struct futex_hash_bucket *hb) | ||
| 1022 | { | 1026 | { |
| 1023 | drop_futex_key_refs(&q->key); | 1027 | drop_futex_key_refs(&q->key); |
| 1024 | get_futex_key_refs(key); | 1028 | get_futex_key_refs(key); |
| @@ -1030,6 +1034,11 @@ void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key) | |||
| 1030 | WARN_ON(!q->rt_waiter); | 1034 | WARN_ON(!q->rt_waiter); |
| 1031 | q->rt_waiter = NULL; | 1035 | q->rt_waiter = NULL; |
| 1032 | 1036 | ||
| 1037 | q->lock_ptr = &hb->lock; | ||
| 1038 | #ifdef CONFIG_DEBUG_PI_LIST | ||
| 1039 | q->list.plist.lock = &hb->lock; | ||
| 1040 | #endif | ||
| 1041 | |||
| 1033 | wake_up_state(q->task, TASK_NORMAL); | 1042 | wake_up_state(q->task, TASK_NORMAL); |
| 1034 | } | 1043 | } |
| 1035 | 1044 | ||
| @@ -1088,7 +1097,7 @@ static int futex_proxy_trylock_atomic(u32 __user *pifutex, | |||
| 1088 | ret = futex_lock_pi_atomic(pifutex, hb2, key2, ps, top_waiter->task, | 1097 | ret = futex_lock_pi_atomic(pifutex, hb2, key2, ps, top_waiter->task, |
| 1089 | set_waiters); | 1098 | set_waiters); |
| 1090 | if (ret == 1) | 1099 | if (ret == 1) |
| 1091 | requeue_pi_wake_futex(top_waiter, key2); | 1100 | requeue_pi_wake_futex(top_waiter, key2, hb2); |
| 1092 | 1101 | ||
| 1093 | return ret; | 1102 | return ret; |
| 1094 | } | 1103 | } |
| @@ -1247,8 +1256,15 @@ retry_private: | |||
| 1247 | if (!match_futex(&this->key, &key1)) | 1256 | if (!match_futex(&this->key, &key1)) |
| 1248 | continue; | 1257 | continue; |
| 1249 | 1258 | ||
| 1250 | WARN_ON(!requeue_pi && this->rt_waiter); | 1259 | /* |
| 1251 | WARN_ON(requeue_pi && !this->rt_waiter); | 1260 | * FUTEX_WAIT_REQEUE_PI and FUTEX_CMP_REQUEUE_PI should always |
| 1261 | * be paired with each other and no other futex ops. | ||
| 1262 | */ | ||
| 1263 | if ((requeue_pi && !this->rt_waiter) || | ||
| 1264 | (!requeue_pi && this->rt_waiter)) { | ||
| 1265 | ret = -EINVAL; | ||
| 1266 | break; | ||
| 1267 | } | ||
| 1252 | 1268 | ||
| 1253 | /* | 1269 | /* |
| 1254 | * Wake nr_wake waiters. For requeue_pi, if we acquired the | 1270 | * Wake nr_wake waiters. For requeue_pi, if we acquired the |
| @@ -1273,7 +1289,7 @@ retry_private: | |||
| 1273 | this->task, 1); | 1289 | this->task, 1); |
| 1274 | if (ret == 1) { | 1290 | if (ret == 1) { |
| 1275 | /* We got the lock. */ | 1291 | /* We got the lock. */ |
| 1276 | requeue_pi_wake_futex(this, &key2); | 1292 | requeue_pi_wake_futex(this, &key2, hb2); |
| 1277 | continue; | 1293 | continue; |
| 1278 | } else if (ret) { | 1294 | } else if (ret) { |
| 1279 | /* -EDEADLK */ | 1295 | /* -EDEADLK */ |