futex: Detect mismatched requeue targets
commite43391f135ddf1cefc305bed9ce18d34b07bdcdd
authorDarren Hart <dvhltc@us.ibm.com>
Fri, 14 Aug 2009 00:36:53 +0000 (13 17:36 -0700)
committerGreg Kroah-Hartman <gregkh@suse.de>
Thu, 22 Oct 2009 22:11:52 +0000 (22 15:11 -0700)
treeb74a31188ea6aac45dc69f3cc3c68ad4304f28af
parentaf0ce40996ee98e12357f2a4775d6a65a7f54734
futex: Detect mismatched requeue targets

commit 84bc4af59081ee974dd80210e694ab59ebe51ce8 upstream.

There is currently no check to ensure that userspace uses the same
futex requeue target (uaddr2) in futex_requeue() that the waiter used
in futex_wait_requeue_pi().  A mismatch here could very unexpected
results as the waiter assumes it either wakes on uaddr1 or uaddr2. We
could detect this on wakeup in the waiter, but the cleanup is more
intense after the improper requeue has occured.

This patch stores the waiter's expected requeue target in a new
requeue_pi_key pointer in the futex_q which futex_requeue() checks
prior to attempting to do a proxy lock acquistion or a requeue when
requeue_pi=1. If they don't match, return -EINVAL from futex_requeue,
aborting the requeue of any remaining waiters.

Signed-off-by: Darren Hart <dvhltc@us.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: John Kacur <jkacur@redhat.com>
Cc: Dinakar Guniguntala <dino@in.ibm.com>
Cc: John Stultz <johnstul@us.ibm.com>
LKML-Reference: <20090814003650.14634.63916.stgit@Aeon>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
kernel/futex.c