From: tip-bot for Thomas Gleixner <tglx@linutronix.de>
To: linux-tip-commits@vger.kernel.org
Cc: mingo@redhat.com, torvalds@linux-foundation.org,
schwidefsky@de.ibm.com, peterz@infradead.org,
cmetcalf@tilera.com, tony.luck@intel.com, ralf@linux-mips.org,
monstr@monstr.eu, linux@arm.linux.org.uk, tglx@linutronix.de,
linux-kernel@vger.kernel.org, hpa@zytor.com, darren@dvhart.com,
lethal@linux-sh.org, davem@davemloft.net, dhowells@redhat.com,
benh@kernel.crashing.org, mattst88@gmail.com,
jejb@parisc-linux.org, walken@google.com
Subject: [tip:core/futexes] futex: Deobfuscate handle_futex_death()
Date: Mon, 14 Mar 2011 20:15:46 GMT [thread overview]
Message-ID: <tip-6e0aa9f8a8190e0879a29bd67aa606b51734a122@git.kernel.org> (raw)
In-Reply-To: <alpine.LFD.2.00.1103141126590.2787@localhost6.localdomain6>
Commit-ID: 6e0aa9f8a8190e0879a29bd67aa606b51734a122
Gitweb: http://git.kernel.org/tip/6e0aa9f8a8190e0879a29bd67aa606b51734a122
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Mon, 14 Mar 2011 10:34:35 +0100
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Mon, 14 Mar 2011 21:08:47 +0100
futex: Deobfuscate handle_futex_death()
handle_futex_death() uses futex_atomic_cmpxchg_inatomic() without
disabling page faults. That's ok, but totally non obvious.
We don't hold locks so we actually can and want to fault here, because
the get_user() before futex_atomic_cmpxchg_inatomic() does not
guarantee a R/W mapping.
We could just add a big fat comment to explain this, but actually
changing the code so that the functionality is entirely clear is
better.
Use the helper function which disables page faults around the
futex_atomic_cmpxchg_inatomic() and handle a fault with a call to
fault_in_user_writeable() as all other places in the futex code do as
well.
Pointed-out-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Darren Hart <darren@dvhart.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: David Howells <dhowells@redhat.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Michal Simek <monstr@monstr.eu>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Chris Metcalf <cmetcalf@tilera.com>
LKML-Reference: <alpine.LFD.2.00.1103141126590.2787@localhost6.localdomain6>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
kernel/futex.c | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/kernel/futex.c b/kernel/futex.c
index c6bef6e..e9251d9 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2458,9 +2458,20 @@ retry:
* userspace.
*/
mval = (uval & FUTEX_WAITERS) | FUTEX_OWNER_DIED;
- if (futex_atomic_cmpxchg_inatomic(&nval, uaddr, uval, mval))
- return -1;
-
+ /*
+ * We are not holding a lock here, but we want to have
+ * the pagefault_disable/enable() protection because
+ * we want to handle the fault gracefully. If the
+ * access fails we try to fault in the futex with R/W
+ * verification via get_user_pages. get_user() above
+ * does not guarantee R/W access. If that fails we
+ * give up and leave the futex locked.
+ */
+ if (cmpxchg_futex_value_locked(&nval, uaddr, uval, mval)) {
+ if (fault_in_user_writeable(uaddr))
+ return -1;
+ goto retry;
+ }
if (nval != uval)
goto retry;
next prev parent reply other threads:[~2011-03-14 20:17 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-07 2:11 [PATCH] futex: cmpxchg_futex_value_locked API change Michel Lespinasse
2011-03-07 8:54 ` Martin Schwidefsky
2011-03-07 14:25 ` Chris Metcalf
2011-03-07 21:58 ` Luck, Tony
2011-03-08 20:17 ` Thomas Gleixner
2011-03-09 11:25 ` Michel Lespinasse
2011-03-09 15:04 ` Thomas Gleixner
2011-03-09 15:08 ` Martin Schwidefsky
2011-03-09 22:17 ` Michel Lespinasse
2011-03-09 17:50 ` Darren Hart
2011-03-10 18:55 ` Thomas Gleixner
2011-03-11 2:16 ` Michel Lespinasse
2011-03-11 2:47 ` [PATCH 1/3] futex: do not pagefault_disable in futex_atomic_cmpxchg_inatomic() Michel Lespinasse
2011-03-11 11:31 ` [tip:core/futexes] futex: Remove redundant " tip-bot for Michel Lespinasse
2011-03-13 22:49 ` [PATCH 1/3] futex: do not " Linus Torvalds
2011-03-14 0:55 ` Darren Hart
2011-03-14 1:15 ` Darren Hart
2011-03-14 9:13 ` Peter Zijlstra
2011-03-14 9:13 ` Thomas Gleixner
2011-03-14 13:56 ` Thomas Gleixner
2011-03-14 20:07 ` Darren Hart
2011-03-14 20:15 ` tip-bot for Thomas Gleixner [this message]
2011-03-14 20:16 ` [tip:core/futexes] arm: Remove bogus comment " tip-bot for Thomas Gleixner
2011-03-14 9:15 ` [PATCH 1/3] futex: do not pagefault_disable " Michel Lespinasse
2011-03-11 2:48 ` [PATCH 2/3] futex: cmpxchg_futex_value_locked API change Michel Lespinasse
2011-03-11 11:31 ` [tip:core/futexes] futex: Sanitize cmpxchg_futex_value_locked API tip-bot for Michel Lespinasse
2012-03-05 0:01 ` [regression] Re: [PATCH 2/3] " Jonathan Nieder
2012-03-05 0:01 ` Jonathan Nieder
2012-03-05 23:21 ` Luck, Tony
2012-03-05 23:21 ` Luck, Tony
2012-03-05 23:42 ` Jonathan Nieder
2012-03-05 23:42 ` Jonathan Nieder
2012-03-08 20:59 ` Émeric Maschino
2012-03-08 20:59 ` Émeric Maschino
2012-03-08 21:12 ` Émeric Maschino
2012-03-08 21:12 ` Émeric Maschino
2012-04-15 21:35 ` Émeric Maschino
2012-04-15 21:35 ` Émeric Maschino
2011-03-11 2:50 ` [PATCH 3/3] futex: fix futex operation types Michel Lespinasse
2011-03-11 11:32 ` [tip:core/futexes] futex: Sanitize futex ops argument types tip-bot for Michel Lespinasse
2011-03-09 11:08 ` [PATCH] futex: cmpxchg_futex_value_locked API change Michal Simek
2011-03-09 12:41 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-6e0aa9f8a8190e0879a29bd67aa606b51734a122@git.kernel.org \
--to=tglx@linutronix.de \
--cc=benh@kernel.crashing.org \
--cc=cmetcalf@tilera.com \
--cc=darren@dvhart.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=hpa@zytor.com \
--cc=jejb@parisc-linux.org \
--cc=lethal@linux-sh.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=linux@arm.linux.org.uk \
--cc=mattst88@gmail.com \
--cc=mingo@redhat.com \
--cc=monstr@monstr.eu \
--cc=peterz@infradead.org \
--cc=ralf@linux-mips.org \
--cc=schwidefsky@de.ibm.com \
--cc=tony.luck@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=walken@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.