* [PATCH v4.4.y] futex: Ensure the correct return value from futex_lock_pi()
@ 2021-03-02 19:47 Sharan Turlapati
2021-03-04 13:11 ` Greg KH
0 siblings, 1 reply; 2+ messages in thread
From: Sharan Turlapati @ 2021-03-02 19:47 UTC (permalink / raw)
To: stable
Cc: gregkh, lee.jones, srivatsab, srivatsa, amakhalov, srinidhir,
bvikas, anishs, vsirnapalli, akaher
From: Thomas Gleixner <tglx@linutronix.de>
commit 12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9 upstream
In case that futex_lock_pi() was aborted by a signal or a timeout and the
task returned without acquiring the rtmutex, but is the designated owner of
the futex due to a concurrent futex_unlock_pi() fixup_owner() is invoked to
establish consistent state. In that case it invokes fixup_pi_state_owner()
which in turn tries to acquire the rtmutex again. If that succeeds then it
does not propagate this success to fixup_owner() and futex_lock_pi()
returns -EINTR or -ETIMEOUT despite having the futex locked.
Return success from fixup_pi_state_owner() in all cases where the current
task owns the rtmutex and therefore the futex and propagate it correctly
through fixup_owner(). Fixup the other callsite which does not expect a
positive return value.
Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
[Sharan: Backported patch for kernel 4.4.y. Also folded in is a part
of the cleanup patch d7c5ed73b19c("futex: Remove needless goto's")]
Signed-off-by: Sharan Turlapati <sturlapati@vmware.com>
---
kernel/futex.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/kernel/futex.c b/kernel/futex.c
index 199e63c5b612..49cd9f6316e5 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2287,7 +2287,7 @@ retry:
}
if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) {
- /* We got the lock after all, nothing to fix. */
+ /* We got the lock. pi_state is correct. Tell caller */
return 1;
}
@@ -2329,7 +2329,7 @@ retry:
*/
pi_state_update_owner(pi_state, newowner);
- return 0;
+ return argowner == current;
/*
* To handle the page fault we need to drop the hash bucket
@@ -2412,8 +2412,6 @@ static long futex_wait_restart(struct restart_block *restart);
*/
static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
{
- int ret = 0;
-
if (locked) {
/*
* Got the lock. We might not be the anticipated owner if we
@@ -2424,8 +2422,8 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
* stable state, anything else needs more attention.
*/
if (q->pi_state->owner != current)
- ret = fixup_pi_state_owner(uaddr, q, current);
- goto out;
+ return fixup_pi_state_owner(uaddr, q, current);
+ return 1;
}
/*
@@ -2436,10 +2434,8 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
* Another speculative read; pi_state->owner == current is unstable
* but needs our attention.
*/
- if (q->pi_state->owner == current) {
- ret = fixup_pi_state_owner(uaddr, q, NULL);
- goto out;
- }
+ if (q->pi_state->owner == current)
+ return fixup_pi_state_owner(uaddr, q, NULL);
/*
* Paranoia check. If we did not take the lock, then we should not be
@@ -2448,8 +2444,7 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
if (WARN_ON_ONCE(rt_mutex_owner(&q->pi_state->pi_mutex) == current))
return fixup_pi_state_owner(uaddr, q, current);
-out:
- return ret ? ret : locked;
+ return 0;
}
/**
@@ -3071,6 +3066,11 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
*/
free_pi_state(q.pi_state);
spin_unlock(q.lock_ptr);
+ /*
+ * Adjust the return value. It's either -EFAULT or
+ * success (1) but the caller expects 0 for success.
+ */
+ ret = ret < 0 ? ret : 0;
}
} else {
struct rt_mutex *pi_mutex;
--
2.28.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v4.4.y] futex: Ensure the correct return value from futex_lock_pi()
2021-03-02 19:47 [PATCH v4.4.y] futex: Ensure the correct return value from futex_lock_pi() Sharan Turlapati
@ 2021-03-04 13:11 ` Greg KH
0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2021-03-04 13:11 UTC (permalink / raw)
To: Sharan Turlapati
Cc: stable, lee.jones, srivatsab, srivatsa, amakhalov, srinidhir,
bvikas, anishs, vsirnapalli, akaher
On Tue, Mar 02, 2021 at 11:47:49AM -0800, Sharan Turlapati wrote:
> From: Thomas Gleixner <tglx@linutronix.de>
>
> commit 12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9 upstream
>
> In case that futex_lock_pi() was aborted by a signal or a timeout and the
> task returned without acquiring the rtmutex, but is the designated owner of
> the futex due to a concurrent futex_unlock_pi() fixup_owner() is invoked to
> establish consistent state. In that case it invokes fixup_pi_state_owner()
> which in turn tries to acquire the rtmutex again. If that succeeds then it
> does not propagate this success to fixup_owner() and futex_lock_pi()
> returns -EINTR or -ETIMEOUT despite having the futex locked.
>
> Return success from fixup_pi_state_owner() in all cases where the current
> task owns the rtmutex and therefore the futex and propagate it correctly
> through fixup_owner(). Fixup the other callsite which does not expect a
> positive return value.
>
> Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> Cc: stable@vger.kernel.org
> [Sharan: Backported patch for kernel 4.4.y. Also folded in is a part
> of the cleanup patch d7c5ed73b19c("futex: Remove needless goto's")]
> Signed-off-by: Sharan Turlapati <sturlapati@vmware.com>
> ---
> kernel/futex.c | 24 ++++++++++++------------
> 1 file changed, 12 insertions(+), 12 deletions(-)
Now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-04 13:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-02 19:47 [PATCH v4.4.y] futex: Ensure the correct return value from futex_lock_pi() Sharan Turlapati
2021-03-04 13:11 ` Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.