diff options
| author | Thomas Gleixner <tglx@linutronix.de> | 2021-09-02 11:48:48 +0200 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2021-09-02 22:07:18 +0200 |
| commit | 4f07ec0d76f242d4ca0f0c0c6f7293c28254a554 (patch) | |
| tree | 3b1b8d7ef6f04d3c813f2ceeb3641da8f66132db /scripts | |
| parent | a974b54036f79dd5e395e9f6c80c3decb4661a14 (diff) | |
| download | linux-4f07ec0d76f242d4ca0f0c0c6f7293c28254a554.tar.bz2 | |
futex: Prevent inconsistent state and exit race
The recent rework of the requeue PI code introduced a possibility for
going back to user space in inconsistent state:
CPU 0 CPU 1
requeue_futex()
if (lock_pifutex_user()) {
dequeue_waiter();
wake_waiter(task);
sched_in(task);
return_from_futex_syscall();
---> Inconsistent state because PI state is not established
It becomes worse if the woken up task immediately exits:
sys_exit();
attach_pistate(vpid); <--- FAIL
Attach the pi state before dequeuing and waking the waiter. If the waiter
gets a spurious wakeup before the dequeue operation it will wait in
futex_requeue_pi_wakeup_sync() and therefore cannot return and exit.
Fixes: 07d91ef510fb ("futex: Prevent requeue_pi() lock nesting issue on RT")
Reported-by: syzbot+4d1bd0725ef09168e1a0@syzkaller.appspotmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20210902094414.558914045@linutronix.de
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions