1 files changed, 11 insertions, 7 deletions
diff --git a/kernel/futex.c b/kernel/futex.c
index c2b2e0b83abf..b9b8aea5389e 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -297,7 +297,7 @@ static int futex_handle_fault(unsigned long address, int attempt)
        struct vm_area_struct * vma;
        struct mm_struct *mm = current->mm;
-        if (attempt >= 2 || !(vma = find_vma(mm, address)) ||
+        if (attempt > 2 || !(vma = find_vma(mm, address)) ||
            vma->vm_start > address || !(vma->vm_flags & VM_WRITE))
                return -EFAULT;
@@ -397,7 +397,7 @@ static struct task_struct * futex_find_get_task(pid_t pid)
                p = NULL;
                goto out_unlock;
        }
-        if (p->state == EXIT_ZOMBIE || p->exit_state == EXIT_ZOMBIE) {
+        if (p->exit_state != 0) {
                p = NULL;
                goto out_unlock;
        }
@@ -747,8 +747,10 @@ retry:
                 */
                if (attempt++) {
                        if (futex_handle_fault((unsigned long)uaddr2,
-                                               attempt))
+                                                attempt)) {
+                                ret = -EFAULT;
                                goto out;
+                        }
                        goto retry;
                }
@@ -1322,9 +1324,10 @@ static int do_futex_lock_pi(u32 __user *uaddr, int detect, int trylock,
         * still holding the mmap_sem.
         */
        if (attempt++) {
-                if (futex_handle_fault((unsigned long)uaddr, attempt))
+                if (futex_handle_fault((unsigned long)uaddr, attempt)) {
+                        ret = -EFAULT;
                        goto out_unlock_release_sem;
+                }
                goto retry_locked;
        }
@@ -1506,9 +1509,10 @@ pi_faulted:
         * still holding the mmap_sem.
         */
        if (attempt++) {
-                if (futex_handle_fault((unsigned long)uaddr, attempt))
+                if (futex_handle_fault((unsigned long)uaddr, attempt)) {
+                        ret = -EFAULT;
                        goto out_unlock;
+                }
                goto retry_locked;
        }

diff --git a/kernel/futex.c b/kernel/futex.c index c2b2e0b83abf..b9b8aea5389e 100644 --- a/kernel/futex.c +++ b/kernel/futex.c
@@ -297,7 +297,7 @@ static int futex_handle_fault(unsigned long address, int attempt)
297	struct vm_area_struct * vma;	297	struct vm_area_struct * vma;
298	struct mm_struct *mm = current->mm;	298	struct mm_struct *mm = current->mm;
299		299
300	if (attempt >= 2 \|\| !(vma = find_vma(mm, address)) \|\|	300	if (attempt > 2 \|\| !(vma = find_vma(mm, address)) \|\|
301	vma->vm_start > address \|\| !(vma->vm_flags & VM_WRITE))	301	vma->vm_start > address \|\| !(vma->vm_flags & VM_WRITE))
302	return -EFAULT;	302	return -EFAULT;
303		303
@@ -397,7 +397,7 @@ static struct task_struct * futex_find_get_task(pid_t pid)
397	p = NULL;	397	p = NULL;
398	goto out_unlock;	398	goto out_unlock;
399	}	399	}
400	if (p->state == EXIT_ZOMBIE \|\| p->exit_state == EXIT_ZOMBIE) {	400	if (p->exit_state != 0) {
401	p = NULL;	401	p = NULL;
402	goto out_unlock;	402	goto out_unlock;
403	}	403	}
@@ -747,8 +747,10 @@ retry:
747	*/	747	*/
748	if (attempt++) {	748	if (attempt++) {
749	if (futex_handle_fault((unsigned long)uaddr2,	749	if (futex_handle_fault((unsigned long)uaddr2,
750	attempt))	750	attempt)) {
		751	ret = -EFAULT;
751	goto out;	752	goto out;
		753	}
752	goto retry;	754	goto retry;
753	}	755	}
754		756
@@ -1322,9 +1324,10 @@ static int do_futex_lock_pi(u32 __user *uaddr, int detect, int trylock,
1322	* still holding the mmap_sem.	1324	* still holding the mmap_sem.
1323	*/	1325	*/
1324	if (attempt++) {	1326	if (attempt++) {
1325	if (futex_handle_fault((unsigned long)uaddr, attempt))	1327	if (futex_handle_fault((unsigned long)uaddr, attempt)) {
		1328	ret = -EFAULT;
1326	goto out_unlock_release_sem;	1329	goto out_unlock_release_sem;
1327		1330	}
1328	goto retry_locked;	1331	goto retry_locked;
1329	}	1332	}
1330		1333
@@ -1506,9 +1509,10 @@ pi_faulted:
1506	* still holding the mmap_sem.	1509	* still holding the mmap_sem.
1507	*/	1510	*/
1508	if (attempt++) {	1511	if (attempt++) {
1509	if (futex_handle_fault((unsigned long)uaddr, attempt))	1512	if (futex_handle_fault((unsigned long)uaddr, attempt)) {
		1513	ret = -EFAULT;
1510	goto out_unlock;	1514	goto out_unlock;
1511		1515	}
1512	goto retry_locked;	1516	goto retry_locked;
1513	}	1517	}
1514		1518