diff options
| author | Brian Silverman <[email protected]> | 2014-10-25 20:20:37 -0400 |
|---|---|---|
| committer | Thomas Gleixner <[email protected]> | 2014-10-26 16:16:18 +0100 |
| commit | 30a6b8031fe14031ab27c1fa3483cb9780e7f63c (patch) | |
| tree | da56baddfc24fef71ca5b6f123c947e784527d87 /include/linux/crash_dump.h | |
| parent | 993b2ff221999066fcff231590593d0b98f45d32 (diff) | |
futex: Fix a race condition between REQUEUE_PI and task death
free_pi_state and exit_pi_state_list both clean up futex_pi_state's.
exit_pi_state_list takes the hb lock first, and most callers of
free_pi_state do too. requeue_pi doesn't, which means free_pi_state
can free the pi_state out from under exit_pi_state_list. For example:
task A | task B
exit_pi_state_list |
pi_state = |
curr->pi_state_list->next |
| futex_requeue(requeue_pi=1)
| // pi_state is the same as
| // the one in task A
| free_pi_state(pi_state)
| list_del_init(&pi_state->list)
| kfree(pi_state)
list_del_init(&pi_state->list) |
Move the free_pi_state calls in requeue_pi to before it drops the hb
locks which it's already holding.
[ tglx: Removed a pointless free_pi_state() call and the hb->lock held
debugging. The latter comes via a seperate patch ]
Signed-off-by: Brian Silverman <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Thomas Gleixner <[email protected]>
Diffstat (limited to 'include/linux/crash_dump.h')
0 files changed, 0 insertions, 0 deletions