From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 26/52] futex: Fix (possible) missed wakeup
Date: Mon, 4 Mar 2019 09:22:24 +0100 [thread overview]
Message-ID: <20190304081618.710941797@linuxfoundation.org> (raw)
In-Reply-To: <20190304081617.159014799@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit b061c38bef43406df8e73c5be06cbfacad5ee6ad ]
We must not rely on wake_q_add() to delay the wakeup; in particular
commit:
1d0dcb3ad9d3 ("futex: Implement lockless wakeups")
moved wake_q_add() before smp_store_release(&q->lock_ptr, NULL), which
could result in futex_wait() waking before observing ->lock_ptr ==
NULL and going back to sleep again.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 1d0dcb3ad9d3 ("futex: Implement lockless wakeups")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/futex.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/kernel/futex.c b/kernel/futex.c
index 29d708d0b3d19..22f83064abb35 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1462,11 +1462,7 @@ static void mark_wake_futex(struct wake_q_head *wake_q, struct futex_q *q)
if (WARN(q->pi_state || q->rt_waiter, "refusing to wake PI futex\n"))
return;
- /*
- * Queue the task for later wakeup for after we've released
- * the hb->lock. wake_q_add() grabs reference to p.
- */
- wake_q_add(wake_q, p);
+ get_task_struct(p);
__unqueue_futex(q);
/*
* The waiting task can free the futex_q as soon as q->lock_ptr = NULL
@@ -1476,6 +1472,13 @@ static void mark_wake_futex(struct wake_q_head *wake_q, struct futex_q *q)
* plist_del in __unqueue_futex().
*/
smp_store_release(&q->lock_ptr, NULL);
+
+ /*
+ * Queue the task for later wakeup for after we've released
+ * the hb->lock. wake_q_add() grabs reference to p.
+ */
+ wake_q_add(wake_q, p);
+ put_task_struct(p);
}
/*
--
2.19.1
next prev parent reply other threads:[~2019-03-04 8:26 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-04 8:21 [PATCH 4.14 00/52] 4.14.105-stable review Greg Kroah-Hartman
2019-03-04 8:21 ` [PATCH 4.14 01/52] Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 02/52] Revert "loop: Get rid of loop_index_mutex" Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 03/52] Revert "loop: Fold __loop_release into loop_release" Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 04/52] net: stmmac: Fix reception of Broadcom switches tags Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 05/52] net: stmmac: Disable ACS Feature for GMAC >= 4 Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 06/52] scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 07/52] drm/msm: Unblock writer if reader closes file Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 08/52] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 09/52] ALSA: compress: prevent potential divide by zero bugs Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 10/52] ASoC: Variable "val" in function rt274_i2c_probe() could be uninitialized Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 11/52] clk: vc5: Abort clock configuration without upstream clock Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 12/52] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 13/52] usb: dwc3: gadget: synchronize_irq dwc irq in suspend Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 14/52] usb: dwc3: gadget: Fix the uninitialized link_state when udc starts Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 15/52] usb: gadget: Potential NULL dereference on allocation error Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 16/52] genirq: Make sure the initial affinity is not empty Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 17/52] ASoC: dapm: change snprintf to scnprintf for possible overflow Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 18/52] ASoC: imx-audmux: " Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 19/52] selftests: seccomp: use LDLIBS instead of LDFLAGS Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 20/52] selftests: gpio-mockup-chardev: Check asprintf() for error Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 21/52] ARC: fix __ffs return value to avoid build warnings Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 22/52] drivers: thermal: int340x_thermal: Fix sysfs race condition Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 23/52] staging: rtl8723bs: Fix build error with Clang when inlining is disabled Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 24/52] mac80211: fix miscounting of ttl-dropped frames Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 25/52] sched/wait: Fix rcuwait_wake_up() ordering Greg Kroah-Hartman
2019-03-04 8:22 ` Greg Kroah-Hartman [this message]
2019-03-04 8:22 ` [PATCH 4.14 27/52] locking/rwsem: Fix (possible) missed wakeup Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 28/52] drm/amd/powerplay: OD setting fix on Vega10 Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 29/52] serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 30/52] staging: android: ion: Support cpu access during dma_buf_detach Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 31/52] direct-io: allow direct writes to empty inodes Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 32/52] writeback: synchronize sync(2) against cgroup writeback membership switches Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 33/52] scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 34/52] net: altera_tse: fix connect_local_phy error path Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 35/52] hv_netvsc: Fix ethtool change hash key error Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 36/52] net: usb: asix: ax88772_bind return error when hw_reset fail Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 37/52] net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 38/52] ibmveth: Do not process frames after calling napi_reschedule Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 39/52] mac80211: dont initiate TDLS connection if station is not associated to AP Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 40/52] mac80211: Add attribute aligned(2) to struct action Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 41/52] cfg80211: extend range deviation for DMG Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 42/52] svm: Fix AVIC incomplete IPI emulation Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 43/52] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 44/52] powerpc: Always initialize input array when calling epapr_hypercall() Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 45/52] mmc: spi: Fix card detection during probe Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 46/52] mmc: tmio_mmc_core: dont claim spurious interrupts Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 47/52] mmc: tmio: fix access width of Block Count Register Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 48/52] mmc: sdhci-esdhc-imx: correct the fix of ERR004536 Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 49/52] mm: enforce min addr even if capable() in expand_downwards() Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 50/52] MIPS: fix truncation in __cmpxchg_small for short values Greg Kroah-Hartman
2019-03-04 8:22 ` Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 51/52] MIPS: eBPF: Fix icache flush end address Greg Kroah-Hartman
2019-03-04 8:22 ` [PATCH 4.14 52/52] x86/uaccess: Dont leak the AC flag into __put_user() value evaluation Greg Kroah-Hartman
2019-03-04 18:42 ` [PATCH 4.14 00/52] 4.14.105-stable review Naresh Kamboju
2019-03-05 3:38 ` Guenter Roeck
2019-03-05 14:06 ` Jon Hunter
2019-03-05 14:06 ` Jon Hunter
2019-03-05 16:11 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190304081618.710941797@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.