diff options
| author | Thomas Gleixner <[email protected]> | 2014-06-03 12:27:06 +0000 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2014-06-05 12:31:07 -0700 |
| commit | b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270 (patch) | |
| tree | e5ce59530597f9d35a3792f5b17d043be7de9d43 /tools/perf/util/scripting-engines/trace-event-python.c | |
| parent | e9c243a5a6de0be8e584c604d353412584b592f8 (diff) | |
futex: Validate atomic acquisition in futex_lock_pi_atomic()
We need to protect the atomic acquisition in the kernel against rogue
user space which sets the user space futex to 0, so the kernel side
acquisition succeeds while there is existing state in the kernel
associated to the real owner.
Verify whether the futex has waiters associated with kernel state. If
it has, return -EINVAL. The state is corrupted already, so no point in
cleaning it up. Subsequent calls will fail as well. Not our problem.
[ tglx: Use futex_top_waiter() and explain why we do not need to try
restoring the already corrupted user space state. ]
Signed-off-by: Darren Hart <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Will Drewry <[email protected]>
Cc: [email protected]
Signed-off-by: Thomas Gleixner <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/util/scripting-engines/trace-event-python.c')
0 files changed, 0 insertions, 0 deletions