From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755426AbaFUUep (ORCPT ); Sat, 21 Jun 2014 16:34:45 -0400 Received: from terminus.zytor.com ([198.137.202.10]:34850 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755295AbaFUUen (ORCPT ); Sat, 21 Jun 2014 16:34:43 -0400 Date: Sat, 21 Jun 2014 13:33:43 -0700 From: tip-bot for Thomas Gleixner Message-ID: Cc: linux-kernel@vger.kernel.org, hpa@zytor.com, mingo@kernel.org, peterz@infradead.org, darren@dvhart.com, kees@outflux.net, tglx@linutronix.de, davidlohr@hp.com Reply-To: mingo@kernel.org, hpa@zytor.com, linux-kernel@vger.kernel.org, darren@dvhart.com, peterz@infradead.org, kees@outflux.net, tglx@linutronix.de, davidlohr@hp.com In-Reply-To: <20140611204237.180458410@linutronix.de> References: <20140611204237.180458410@linutronix.de> To: linux-tip-commits@vger.kernel.org Subject: [tip:locking/core] futex: Split out the waiter check from lookup_pi_state() Git-Commit-ID: e60cbc5ceaa518d630ab8f35a7d05cee1c752648 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: e60cbc5ceaa518d630ab8f35a7d05cee1c752648 Gitweb: http://git.kernel.org/tip/e60cbc5ceaa518d630ab8f35a7d05cee1c752648 Author: Thomas Gleixner AuthorDate: Wed, 11 Jun 2014 20:45:39 +0000 Committer: Thomas Gleixner CommitDate: Sat, 21 Jun 2014 22:26:23 +0200 futex: Split out the waiter check from lookup_pi_state() We want to be a bit more clever in futex_lock_pi_atomic() and separate the possible states. Split out the waiter verification into a separate function. No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Darren Hart Cc: Peter Zijlstra Cc: Davidlohr Bueso Cc: Kees Cook Cc: wad@chromium.org Link: http://lkml.kernel.org/r/20140611204237.180458410@linutronix.de Signed-off-by: Thomas Gleixner --- kernel/futex.c | 138 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 71 insertions(+), 67 deletions(-) diff --git a/kernel/futex.c b/kernel/futex.c index fff1ed9..db0c686 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -792,92 +792,96 @@ void exit_pi_state_list(struct task_struct *curr) * [10] There is no transient state which leaves owner and user space * TID out of sync. */ -static int -lookup_pi_state(u32 uval, struct futex_hash_bucket *hb, - union futex_key *key, struct futex_pi_state **ps) + +/* + * Validate that the existing waiter has a pi_state and sanity check + * the pi_state against the user space value. If correct, attach to + * it. + */ +static int attach_to_pi_state(u32 uval, struct futex_pi_state *pi_state, + struct futex_pi_state **ps) { - struct futex_q *match = futex_top_waiter(hb, key); - struct futex_pi_state *pi_state = NULL; - struct task_struct *p; pid_t pid = uval & FUTEX_TID_MASK; - if (match) { - /* - * Sanity check the waiter before increasing the - * refcount and attaching to it. - */ - pi_state = match->pi_state; - /* - * Userspace might have messed up non-PI and PI - * futexes [3] - */ - if (unlikely(!pi_state)) - return -EINVAL; + /* + * Userspace might have messed up non-PI and PI futexes [3] + */ + if (unlikely(!pi_state)) + return -EINVAL; - WARN_ON(!atomic_read(&pi_state->refcount)); + WARN_ON(!atomic_read(&pi_state->refcount)); + /* + * Handle the owner died case: + */ + if (uval & FUTEX_OWNER_DIED) { /* - * Handle the owner died case: + * exit_pi_state_list sets owner to NULL and wakes the + * topmost waiter. The task which acquires the + * pi_state->rt_mutex will fixup owner. */ - if (uval & FUTEX_OWNER_DIED) { + if (!pi_state->owner) { /* - * exit_pi_state_list sets owner to NULL and - * wakes the topmost waiter. The task which - * acquires the pi_state->rt_mutex will fixup - * owner. + * No pi state owner, but the user space TID + * is not 0. Inconsistent state. [5] */ - if (!pi_state->owner) { - /* - * No pi state owner, but the user - * space TID is not 0. Inconsistent - * state. [5] - */ - if (pid) - return -EINVAL; - /* - * Take a ref on the state and - * return. [4] - */ - goto out_state; - } - - /* - * If TID is 0, then either the dying owner - * has not yet executed exit_pi_state_list() - * or some waiter acquired the rtmutex in the - * pi state, but did not yet fixup the TID in - * user space. - * - * Take a ref on the state and return. [6] - */ - if (!pid) - goto out_state; - } else { + if (pid) + return -EINVAL; /* - * If the owner died bit is not set, - * then the pi_state must have an - * owner. [7] + * Take a ref on the state and return success. [4] */ - if (!pi_state->owner) - return -EINVAL; + goto out_state; } /* - * Bail out if user space manipulated the - * futex value. If pi state exists then the - * owner TID must be the same as the user - * space TID. [9/10] + * If TID is 0, then either the dying owner has not + * yet executed exit_pi_state_list() or some waiter + * acquired the rtmutex in the pi state, but did not + * yet fixup the TID in user space. + * + * Take a ref on the state and return success. [6] */ - if (pid != task_pid_vnr(pi_state->owner)) + if (!pid) + goto out_state; + } else { + /* + * If the owner died bit is not set, then the pi_state + * must have an owner. [7] + */ + if (!pi_state->owner) return -EINVAL; - - out_state: - atomic_inc(&pi_state->refcount); - *ps = pi_state; - return 0; } /* + * Bail out if user space manipulated the futex value. If pi + * state exists then the owner TID must be the same as the + * user space TID. [9/10] + */ + if (pid != task_pid_vnr(pi_state->owner)) + return -EINVAL; +out_state: + atomic_inc(&pi_state->refcount); + *ps = pi_state; + return 0; +} + +static int +lookup_pi_state(u32 uval, struct futex_hash_bucket *hb, + union futex_key *key, struct futex_pi_state **ps) +{ + struct futex_q *match = futex_top_waiter(hb, key); + struct futex_pi_state *pi_state = NULL; + struct task_struct *p; + pid_t pid = uval & FUTEX_TID_MASK; + + /* + * If there is a waiter on that futex, validate it and + * attach to the pi_state when the validation succeeds. + */ + if (match) + return attach_to_pi_state(uval, match->pi_state, ps); + + /* * We are the first waiter - try to look up the real owner and attach * the new pi_state to it, but bail out when TID = 0 [1] */