From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF302C4360C for ; Fri, 5 Mar 2021 12:43:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D0B1365046 for ; Fri, 5 Mar 2021 12:43:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233590AbhCEMnb (ORCPT ); Fri, 5 Mar 2021 07:43:31 -0500 Received: from mail.kernel.org ([198.145.29.99]:59262 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233969AbhCEMmo (ORCPT ); Fri, 5 Mar 2021 07:42:44 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 50D526501C; Fri, 5 Mar 2021 12:42:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1614948163; bh=vzY59AsVcYNSkxyYZWudX+pbUH5YpjnkbP8NvJPrFVE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IZG9qycNVXF0S/ezO3zP9UV9tUhq7eT7dvu/l85agUiVK95VxKakeZ5U9fqoYyIgh kvW4rMsxesdoBTn9L5csp5yHJPUDKkrz/L/gbQh7MEwWJX/zxbxPcRm/3HSEGwUF4D WaKXv1pgtzEs9BohaRlVMogTpjM3YfuN1Fx0+IaM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Gleixner , "Peter Zijlstra (Intel)" , Sharan Turlapati Subject: [PATCH 4.4 01/30] futex: Ensure the correct return value from futex_lock_pi() Date: Fri, 5 Mar 2021 13:22:30 +0100 Message-Id: <20210305120849.460186580@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210305120849.381261651@linuxfoundation.org> References: <20210305120849.381261651@linuxfoundation.org> User-Agent: quilt/0.66 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Gleixner commit 12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9 upstream. In case that futex_lock_pi() was aborted by a signal or a timeout and the task returned without acquiring the rtmutex, but is the designated owner of the futex due to a concurrent futex_unlock_pi() fixup_owner() is invoked to establish consistent state. In that case it invokes fixup_pi_state_owner() which in turn tries to acquire the rtmutex again. If that succeeds then it does not propagate this success to fixup_owner() and futex_lock_pi() returns -EINTR or -ETIMEOUT despite having the futex locked. Return success from fixup_pi_state_owner() in all cases where the current task owns the rtmutex and therefore the futex and propagate it correctly through fixup_owner(). Fixup the other callsite which does not expect a positive return value. Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex") Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) [Sharan: Backported patch for kernel 4.4.y. Also folded in is a part of the cleanup patch d7c5ed73b19c("futex: Remove needless goto's")] Signed-off-by: Sharan Turlapati Signed-off-by: Greg Kroah-Hartman --- kernel/futex.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) --- a/kernel/futex.c +++ b/kernel/futex.c @@ -2283,7 +2283,7 @@ retry: } if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) { - /* We got the lock after all, nothing to fix. */ + /* We got the lock. pi_state is correct. Tell caller */ return 1; } @@ -2328,7 +2328,7 @@ retry: */ pi_state_update_owner(pi_state, newowner); - return 0; + return argowner == current; /* * To handle the page fault we need to drop the hash bucket @@ -2411,8 +2411,6 @@ static long futex_wait_restart(struct re */ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) { - int ret = 0; - if (locked) { /* * Got the lock. We might not be the anticipated owner if we @@ -2423,8 +2421,8 @@ static int fixup_owner(u32 __user *uaddr * stable state, anything else needs more attention. */ if (q->pi_state->owner != current) - ret = fixup_pi_state_owner(uaddr, q, current); - goto out; + return fixup_pi_state_owner(uaddr, q, current); + return 1; } /* @@ -2435,10 +2433,8 @@ static int fixup_owner(u32 __user *uaddr * Another speculative read; pi_state->owner == current is unstable * but needs our attention. */ - if (q->pi_state->owner == current) { - ret = fixup_pi_state_owner(uaddr, q, NULL); - goto out; - } + if (q->pi_state->owner == current) + return fixup_pi_state_owner(uaddr, q, NULL); /* * Paranoia check. If we did not take the lock, then we should not be @@ -2447,8 +2443,7 @@ static int fixup_owner(u32 __user *uaddr if (WARN_ON_ONCE(rt_mutex_owner(&q->pi_state->pi_mutex) == current)) return fixup_pi_state_owner(uaddr, q, current); -out: - return ret ? ret : locked; + return 0; } /** @@ -3070,6 +3065,11 @@ static int futex_wait_requeue_pi(u32 __u */ free_pi_state(q.pi_state); spin_unlock(q.lock_ptr); + /* + * Adjust the return value. It's either -EFAULT or + * success (1) but the caller expects 0 for success. + */ + ret = ret < 0 ? ret : 0; } } else { struct rt_mutex *pi_mutex;