• Darren Hart's avatar
    futex: Detect mismatched requeue targets · e43391f1
    Darren Hart authored
    commit 84bc4af5 upstream.
    
    There is currently no check to ensure that userspace uses the same
    futex requeue target (uaddr2) in futex_requeue() that the waiter used
    in futex_wait_requeue_pi().  A mismatch here could very unexpected
    results as the waiter assumes it either wakes on uaddr1 or uaddr2. We
    could detect this on wakeup in the waiter, but the cleanup is more
    intense after the improper requeue has occured.
    
    This patch stores the waiter's expected requeue target in a new
    requeue_pi_key pointer in the futex_q which futex_requeue() checks
    prior to attempting to do a proxy lock acquistion or a requeue when
    requeue_pi=1. If they don't match, return -EINVAL from futex_requeue,
    aborting the requeue of any remaining waiters.
    Signed-off-by: default avatarDarren Hart <dvhltc@us.ibm.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Eric Dumazet <eric.dumazet@gmail.com>
    Cc: John Kacur <jkacur@redhat.com>
    Cc: Dinakar Guniguntala <dino@in.ibm.com>
    Cc: John Stultz <johnstul@us.ibm.com>
    LKML-Reference: <20090814003650.14634.63916.stgit@Aeon>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
    e43391f1
futex.c 66.9 KB