diff options
-rw-r--r-- | kernel/futex.c | 83 |
1 files changed, 4 insertions, 79 deletions
diff --git a/kernel/futex.c b/kernel/futex.c index a4c39fa0a7a3..6a726684217e 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
@@ -123,24 +123,6 @@ struct futex_hash_bucket { | |||
123 | static struct futex_hash_bucket futex_queues[1<<FUTEX_HASHBITS]; | 123 | static struct futex_hash_bucket futex_queues[1<<FUTEX_HASHBITS]; |
124 | 124 | ||
125 | /* | 125 | /* |
126 | * Take mm->mmap_sem, when futex is shared | ||
127 | */ | ||
128 | static inline void futex_lock_mm(struct rw_semaphore *fshared) | ||
129 | { | ||
130 | if (fshared) | ||
131 | down_read(fshared); | ||
132 | } | ||
133 | |||
134 | /* | ||
135 | * Release mm->mmap_sem, when the futex is shared | ||
136 | */ | ||
137 | static inline void futex_unlock_mm(struct rw_semaphore *fshared) | ||
138 | { | ||
139 | if (fshared) | ||
140 | up_read(fshared); | ||
141 | } | ||
142 | |||
143 | /* | ||
144 | * We hash on the keys returned from get_futex_key (see below). | 126 | * We hash on the keys returned from get_futex_key (see below). |
145 | */ | 127 | */ |
146 | static struct futex_hash_bucket *hash_futex(union futex_key *key) | 128 | static struct futex_hash_bucket *hash_futex(union futex_key *key) |
@@ -250,7 +232,9 @@ static int get_futex_key(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
250 | } | 232 | } |
251 | 233 | ||
252 | again: | 234 | again: |
235 | down_read(&mm->mmap_sem); | ||
253 | err = get_user_pages(current, mm, address, 1, 0, 0, &page, NULL); | 236 | err = get_user_pages(current, mm, address, 1, 0, 0, &page, NULL); |
237 | up_read(&mm->mmap_sem); | ||
254 | if (err < 0) | 238 | if (err < 0) |
255 | return err; | 239 | return err; |
256 | 240 | ||
@@ -327,8 +311,7 @@ static int futex_handle_fault(unsigned long address, | |||
327 | if (attempt > 2) | 311 | if (attempt > 2) |
328 | return ret; | 312 | return ret; |
329 | 313 | ||
330 | if (!fshared) | 314 | down_read(&mm->mmap_sem); |
331 | down_read(&mm->mmap_sem); | ||
332 | vma = find_vma(mm, address); | 315 | vma = find_vma(mm, address); |
333 | if (vma && address >= vma->vm_start && | 316 | if (vma && address >= vma->vm_start && |
334 | (vma->vm_flags & VM_WRITE)) { | 317 | (vma->vm_flags & VM_WRITE)) { |
@@ -348,8 +331,7 @@ static int futex_handle_fault(unsigned long address, | |||
348 | current->min_flt++; | 331 | current->min_flt++; |
349 | } | 332 | } |
350 | } | 333 | } |
351 | if (!fshared) | 334 | up_read(&mm->mmap_sem); |
352 | up_read(&mm->mmap_sem); | ||
353 | return ret; | 335 | return ret; |
354 | } | 336 | } |
355 | 337 | ||
@@ -719,8 +701,6 @@ static int futex_wake(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
719 | if (!bitset) | 701 | if (!bitset) |
720 | return -EINVAL; | 702 | return -EINVAL; |
721 | 703 | ||
722 | futex_lock_mm(fshared); | ||
723 | |||
724 | ret = get_futex_key(uaddr, fshared, &key); | 704 | ret = get_futex_key(uaddr, fshared, &key); |
725 | if (unlikely(ret != 0)) | 705 | if (unlikely(ret != 0)) |
726 | goto out; | 706 | goto out; |
@@ -749,7 +729,6 @@ static int futex_wake(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
749 | spin_unlock(&hb->lock); | 729 | spin_unlock(&hb->lock); |
750 | out: | 730 | out: |
751 | put_futex_key(fshared, &key); | 731 | put_futex_key(fshared, &key); |
752 | futex_unlock_mm(fshared); | ||
753 | return ret; | 732 | return ret; |
754 | } | 733 | } |
755 | 734 | ||
@@ -769,8 +748,6 @@ futex_wake_op(u32 __user *uaddr1, struct rw_semaphore *fshared, | |||
769 | int ret, op_ret, attempt = 0; | 748 | int ret, op_ret, attempt = 0; |
770 | 749 | ||
771 | retryfull: | 750 | retryfull: |
772 | futex_lock_mm(fshared); | ||
773 | |||
774 | ret = get_futex_key(uaddr1, fshared, &key1); | 751 | ret = get_futex_key(uaddr1, fshared, &key1); |
775 | if (unlikely(ret != 0)) | 752 | if (unlikely(ret != 0)) |
776 | goto out; | 753 | goto out; |
@@ -821,12 +798,6 @@ retry: | |||
821 | goto retry; | 798 | goto retry; |
822 | } | 799 | } |
823 | 800 | ||
824 | /* | ||
825 | * If we would have faulted, release mmap_sem, | ||
826 | * fault it in and start all over again. | ||
827 | */ | ||
828 | futex_unlock_mm(fshared); | ||
829 | |||
830 | ret = get_user(dummy, uaddr2); | 801 | ret = get_user(dummy, uaddr2); |
831 | if (ret) | 802 | if (ret) |
832 | return ret; | 803 | return ret; |
@@ -864,7 +835,6 @@ retry: | |||
864 | out: | 835 | out: |
865 | put_futex_key(fshared, &key2); | 836 | put_futex_key(fshared, &key2); |
866 | put_futex_key(fshared, &key1); | 837 | put_futex_key(fshared, &key1); |
867 | futex_unlock_mm(fshared); | ||
868 | 838 | ||
869 | return ret; | 839 | return ret; |
870 | } | 840 | } |
@@ -884,8 +854,6 @@ static int futex_requeue(u32 __user *uaddr1, struct rw_semaphore *fshared, | |||
884 | int ret, drop_count = 0; | 854 | int ret, drop_count = 0; |
885 | 855 | ||
886 | retry: | 856 | retry: |
887 | futex_lock_mm(fshared); | ||
888 | |||
889 | ret = get_futex_key(uaddr1, fshared, &key1); | 857 | ret = get_futex_key(uaddr1, fshared, &key1); |
890 | if (unlikely(ret != 0)) | 858 | if (unlikely(ret != 0)) |
891 | goto out; | 859 | goto out; |
@@ -908,12 +876,6 @@ static int futex_requeue(u32 __user *uaddr1, struct rw_semaphore *fshared, | |||
908 | if (hb1 != hb2) | 876 | if (hb1 != hb2) |
909 | spin_unlock(&hb2->lock); | 877 | spin_unlock(&hb2->lock); |
910 | 878 | ||
911 | /* | ||
912 | * If we would have faulted, release mmap_sem, fault | ||
913 | * it in and start all over again. | ||
914 | */ | ||
915 | futex_unlock_mm(fshared); | ||
916 | |||
917 | ret = get_user(curval, uaddr1); | 879 | ret = get_user(curval, uaddr1); |
918 | 880 | ||
919 | if (!ret) | 881 | if (!ret) |
@@ -967,7 +929,6 @@ out_unlock: | |||
967 | out: | 929 | out: |
968 | put_futex_key(fshared, &key2); | 930 | put_futex_key(fshared, &key2); |
969 | put_futex_key(fshared, &key1); | 931 | put_futex_key(fshared, &key1); |
970 | futex_unlock_mm(fshared); | ||
971 | return ret; | 932 | return ret; |
972 | } | 933 | } |
973 | 934 | ||
@@ -1211,8 +1172,6 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1211 | q.pi_state = NULL; | 1172 | q.pi_state = NULL; |
1212 | q.bitset = bitset; | 1173 | q.bitset = bitset; |
1213 | retry: | 1174 | retry: |
1214 | futex_lock_mm(fshared); | ||
1215 | |||
1216 | q.key = FUTEX_KEY_INIT; | 1175 | q.key = FUTEX_KEY_INIT; |
1217 | ret = get_futex_key(uaddr, fshared, &q.key); | 1176 | ret = get_futex_key(uaddr, fshared, &q.key); |
1218 | if (unlikely(ret != 0)) | 1177 | if (unlikely(ret != 0)) |
@@ -1245,12 +1204,6 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1245 | if (unlikely(ret)) { | 1204 | if (unlikely(ret)) { |
1246 | queue_unlock(&q, hb); | 1205 | queue_unlock(&q, hb); |
1247 | 1206 | ||
1248 | /* | ||
1249 | * If we would have faulted, release mmap_sem, fault it in and | ||
1250 | * start all over again. | ||
1251 | */ | ||
1252 | futex_unlock_mm(fshared); | ||
1253 | |||
1254 | ret = get_user(uval, uaddr); | 1207 | ret = get_user(uval, uaddr); |
1255 | 1208 | ||
1256 | if (!ret) | 1209 | if (!ret) |
@@ -1265,12 +1218,6 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1265 | queue_me(&q, hb); | 1218 | queue_me(&q, hb); |
1266 | 1219 | ||
1267 | /* | 1220 | /* |
1268 | * Now the futex is queued and we have checked the data, we | ||
1269 | * don't want to hold mmap_sem while we sleep. | ||
1270 | */ | ||
1271 | futex_unlock_mm(fshared); | ||
1272 | |||
1273 | /* | ||
1274 | * There might have been scheduling since the queue_me(), as we | 1221 | * There might have been scheduling since the queue_me(), as we |
1275 | * cannot hold a spinlock across the get_user() in case it | 1222 | * cannot hold a spinlock across the get_user() in case it |
1276 | * faults, and we cannot just set TASK_INTERRUPTIBLE state when | 1223 | * faults, and we cannot just set TASK_INTERRUPTIBLE state when |
@@ -1355,7 +1302,6 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1355 | 1302 | ||
1356 | out_release_sem: | 1303 | out_release_sem: |
1357 | put_futex_key(fshared, &q.key); | 1304 | put_futex_key(fshared, &q.key); |
1358 | futex_unlock_mm(fshared); | ||
1359 | return ret; | 1305 | return ret; |
1360 | } | 1306 | } |
1361 | 1307 | ||
@@ -1404,8 +1350,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1404 | 1350 | ||
1405 | q.pi_state = NULL; | 1351 | q.pi_state = NULL; |
1406 | retry: | 1352 | retry: |
1407 | futex_lock_mm(fshared); | ||
1408 | |||
1409 | q.key = FUTEX_KEY_INIT; | 1353 | q.key = FUTEX_KEY_INIT; |
1410 | ret = get_futex_key(uaddr, fshared, &q.key); | 1354 | ret = get_futex_key(uaddr, fshared, &q.key); |
1411 | if (unlikely(ret != 0)) | 1355 | if (unlikely(ret != 0)) |
@@ -1495,7 +1439,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1495 | * exit to complete. | 1439 | * exit to complete. |
1496 | */ | 1440 | */ |
1497 | queue_unlock(&q, hb); | 1441 | queue_unlock(&q, hb); |
1498 | futex_unlock_mm(fshared); | ||
1499 | cond_resched(); | 1442 | cond_resched(); |
1500 | goto retry; | 1443 | goto retry; |
1501 | 1444 | ||
@@ -1527,12 +1470,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1527 | */ | 1470 | */ |
1528 | queue_me(&q, hb); | 1471 | queue_me(&q, hb); |
1529 | 1472 | ||
1530 | /* | ||
1531 | * Now the futex is queued and we have checked the data, we | ||
1532 | * don't want to hold mmap_sem while we sleep. | ||
1533 | */ | ||
1534 | futex_unlock_mm(fshared); | ||
1535 | |||
1536 | WARN_ON(!q.pi_state); | 1473 | WARN_ON(!q.pi_state); |
1537 | /* | 1474 | /* |
1538 | * Block on the PI mutex: | 1475 | * Block on the PI mutex: |
@@ -1545,7 +1482,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1545 | ret = ret ? 0 : -EWOULDBLOCK; | 1482 | ret = ret ? 0 : -EWOULDBLOCK; |
1546 | } | 1483 | } |
1547 | 1484 | ||
1548 | futex_lock_mm(fshared); | ||
1549 | spin_lock(q.lock_ptr); | 1485 | spin_lock(q.lock_ptr); |
1550 | 1486 | ||
1551 | if (!ret) { | 1487 | if (!ret) { |
@@ -1611,7 +1547,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1611 | 1547 | ||
1612 | /* Unqueue and drop the lock */ | 1548 | /* Unqueue and drop the lock */ |
1613 | unqueue_me_pi(&q); | 1549 | unqueue_me_pi(&q); |
1614 | futex_unlock_mm(fshared); | ||
1615 | 1550 | ||
1616 | if (to) | 1551 | if (to) |
1617 | destroy_hrtimer_on_stack(&to->timer); | 1552 | destroy_hrtimer_on_stack(&to->timer); |
@@ -1622,7 +1557,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1622 | 1557 | ||
1623 | out_release_sem: | 1558 | out_release_sem: |
1624 | put_futex_key(fshared, &q.key); | 1559 | put_futex_key(fshared, &q.key); |
1625 | futex_unlock_mm(fshared); | ||
1626 | if (to) | 1560 | if (to) |
1627 | destroy_hrtimer_on_stack(&to->timer); | 1561 | destroy_hrtimer_on_stack(&to->timer); |
1628 | return ret; | 1562 | return ret; |
@@ -1646,8 +1580,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared, | |||
1646 | goto retry_unlocked; | 1580 | goto retry_unlocked; |
1647 | } | 1581 | } |
1648 | 1582 | ||
1649 | futex_unlock_mm(fshared); | ||
1650 | |||
1651 | ret = get_user(uval, uaddr); | 1583 | ret = get_user(uval, uaddr); |
1652 | if (!ret && (uval != -EFAULT)) | 1584 | if (!ret && (uval != -EFAULT)) |
1653 | goto retry; | 1585 | goto retry; |
@@ -1679,10 +1611,6 @@ retry: | |||
1679 | */ | 1611 | */ |
1680 | if ((uval & FUTEX_TID_MASK) != task_pid_vnr(current)) | 1612 | if ((uval & FUTEX_TID_MASK) != task_pid_vnr(current)) |
1681 | return -EPERM; | 1613 | return -EPERM; |
1682 | /* | ||
1683 | * First take all the futex related locks: | ||
1684 | */ | ||
1685 | futex_lock_mm(fshared); | ||
1686 | 1614 | ||
1687 | ret = get_futex_key(uaddr, fshared, &key); | 1615 | ret = get_futex_key(uaddr, fshared, &key); |
1688 | if (unlikely(ret != 0)) | 1616 | if (unlikely(ret != 0)) |
@@ -1742,7 +1670,6 @@ out_unlock: | |||
1742 | spin_unlock(&hb->lock); | 1670 | spin_unlock(&hb->lock); |
1743 | out: | 1671 | out: |
1744 | put_futex_key(fshared, &key); | 1672 | put_futex_key(fshared, &key); |
1745 | futex_unlock_mm(fshared); | ||
1746 | 1673 | ||
1747 | return ret; | 1674 | return ret; |
1748 | 1675 | ||
@@ -1766,8 +1693,6 @@ pi_faulted: | |||
1766 | goto retry_unlocked; | 1693 | goto retry_unlocked; |
1767 | } | 1694 | } |
1768 | 1695 | ||
1769 | futex_unlock_mm(fshared); | ||
1770 | |||
1771 | ret = get_user(uval, uaddr); | 1696 | ret = get_user(uval, uaddr); |
1772 | if (!ret && (uval != -EFAULT)) | 1697 | if (!ret && (uval != -EFAULT)) |
1773 | goto retry; | 1698 | goto retry; |