aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-10-21 17:05:55 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2010-10-21 17:05:55 -0400
commit0575db881d18a4791013fc93ba756ad08b18fb48 (patch)
treefa0d9a789c1e74d4c94a2cda283b61bcc68ec7f9 /kernel
parentc029e405bd3d4e92d09fbbc97c03952585986ebe (diff)
parent7ada876a8703f23befbb20a7465a702ee39b1704 (diff)
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: futex: Fix errors in nested key ref-counting
Diffstat (limited to 'kernel')
-rw-r--r--kernel/futex.c31
1 files changed, 16 insertions, 15 deletions
diff --git a/kernel/futex.c b/kernel/futex.c
index 6a3a5fa1526d..e328f574c97c 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1363,7 +1363,6 @@ static inline struct futex_hash_bucket *queue_lock(struct futex_q *q)
1363{ 1363{
1364 struct futex_hash_bucket *hb; 1364 struct futex_hash_bucket *hb;
1365 1365
1366 get_futex_key_refs(&q->key);
1367 hb = hash_futex(&q->key); 1366 hb = hash_futex(&q->key);
1368 q->lock_ptr = &hb->lock; 1367 q->lock_ptr = &hb->lock;
1369 1368
@@ -1375,7 +1374,6 @@ static inline void
1375queue_unlock(struct futex_q *q, struct futex_hash_bucket *hb) 1374queue_unlock(struct futex_q *q, struct futex_hash_bucket *hb)
1376{ 1375{
1377 spin_unlock(&hb->lock); 1376 spin_unlock(&hb->lock);
1378 drop_futex_key_refs(&q->key);
1379} 1377}
1380 1378
1381/** 1379/**
@@ -1480,8 +1478,6 @@ static void unqueue_me_pi(struct futex_q *q)
1480 q->pi_state = NULL; 1478 q->pi_state = NULL;
1481 1479
1482 spin_unlock(q->lock_ptr); 1480 spin_unlock(q->lock_ptr);
1483
1484 drop_futex_key_refs(&q->key);
1485} 1481}
1486 1482
1487/* 1483/*
@@ -1812,7 +1808,10 @@ static int futex_wait(u32 __user *uaddr, int fshared,
1812 } 1808 }
1813 1809
1814retry: 1810retry:
1815 /* Prepare to wait on uaddr. */ 1811 /*
1812 * Prepare to wait on uaddr. On success, holds hb lock and increments
1813 * q.key refs.
1814 */
1816 ret = futex_wait_setup(uaddr, val, fshared, &q, &hb); 1815 ret = futex_wait_setup(uaddr, val, fshared, &q, &hb);
1817 if (ret) 1816 if (ret)
1818 goto out; 1817 goto out;
@@ -1822,24 +1821,23 @@ retry:
1822 1821
1823 /* If we were woken (and unqueued), we succeeded, whatever. */ 1822 /* If we were woken (and unqueued), we succeeded, whatever. */
1824 ret = 0; 1823 ret = 0;
1824 /* unqueue_me() drops q.key ref */
1825 if (!unqueue_me(&q)) 1825 if (!unqueue_me(&q))
1826 goto out_put_key; 1826 goto out;
1827 ret = -ETIMEDOUT; 1827 ret = -ETIMEDOUT;
1828 if (to && !to->task) 1828 if (to && !to->task)
1829 goto out_put_key; 1829 goto out;
1830 1830
1831 /* 1831 /*
1832 * We expect signal_pending(current), but we might be the 1832 * We expect signal_pending(current), but we might be the
1833 * victim of a spurious wakeup as well. 1833 * victim of a spurious wakeup as well.
1834 */ 1834 */
1835 if (!signal_pending(current)) { 1835 if (!signal_pending(current))
1836 put_futex_key(fshared, &q.key);
1837 goto retry; 1836 goto retry;
1838 }
1839 1837
1840 ret = -ERESTARTSYS; 1838 ret = -ERESTARTSYS;
1841 if (!abs_time) 1839 if (!abs_time)
1842 goto out_put_key; 1840 goto out;
1843 1841
1844 restart = &current_thread_info()->restart_block; 1842 restart = &current_thread_info()->restart_block;
1845 restart->fn = futex_wait_restart; 1843 restart->fn = futex_wait_restart;
@@ -1856,8 +1854,6 @@ retry:
1856 1854
1857 ret = -ERESTART_RESTARTBLOCK; 1855 ret = -ERESTART_RESTARTBLOCK;
1858 1856
1859out_put_key:
1860 put_futex_key(fshared, &q.key);
1861out: 1857out:
1862 if (to) { 1858 if (to) {
1863 hrtimer_cancel(&to->timer); 1859 hrtimer_cancel(&to->timer);
@@ -2236,7 +2232,10 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, int fshared,
2236 q.rt_waiter = &rt_waiter; 2232 q.rt_waiter = &rt_waiter;
2237 q.requeue_pi_key = &key2; 2233 q.requeue_pi_key = &key2;
2238 2234
2239 /* Prepare to wait on uaddr. */ 2235 /*
2236 * Prepare to wait on uaddr. On success, increments q.key (key1) ref
2237 * count.
2238 */
2240 ret = futex_wait_setup(uaddr, val, fshared, &q, &hb); 2239 ret = futex_wait_setup(uaddr, val, fshared, &q, &hb);
2241 if (ret) 2240 if (ret)
2242 goto out_key2; 2241 goto out_key2;
@@ -2254,7 +2253,9 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, int fshared,
2254 * In order for us to be here, we know our q.key == key2, and since 2253 * In order for us to be here, we know our q.key == key2, and since
2255 * we took the hb->lock above, we also know that futex_requeue() has 2254 * we took the hb->lock above, we also know that futex_requeue() has
2256 * completed and we no longer have to concern ourselves with a wakeup 2255 * completed and we no longer have to concern ourselves with a wakeup
2257 * race with the atomic proxy lock acquition by the requeue code. 2256 * race with the atomic proxy lock acquisition by the requeue code. The
2257 * futex_requeue dropped our key1 reference and incremented our key2
2258 * reference count.
2258 */ 2259 */
2259 2260
2260 /* Check if the requeue code acquired the second futex for us. */ 2261 /* Check if the requeue code acquired the second futex for us. */