git.baikalelectronics.ru Git - kernel.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Wed, 25 Aug 2021 10:33:14 +0000 (12:33 +0200)
committer	Peter Zijlstra <peterz@infradead.org>
	Wed, 25 Aug 2021 13:42:33 +0000 (15:42 +0200)
commit	01e4172733957911909d30c3f5723f2b56a4ea92
tree	8c86061bf1bc62bf51bd51dffe7feb419031ab2a	tree \| snapshot
parent	da048d94ddeee8670551154442f5b7433c76cf7f	commit \| diff

locking/rtmutex: Dequeue waiter on ww_mutex deadlock

The rt_mutex based ww_mutex variant queues the new waiter first in the
lock's rbtree before evaluating the ww_mutex specific conditions which
might decide that the waiter should back out. This check and conditional
exit happens before the waiter is enqueued into the PI chain.

The failure handling at the call site assumes that the waiter, if it is the
top most waiter on the lock, is queued in the PI chain and then proceeds to
adjust the unmodified PI chain, which results in RB tree corruption.

Dequeue the waiter from the lock waiter list in the ww_mutex error exit
path to prevent this.

Fixes: 6dbffe5f3d63 ("locking/rtmutex: Extend the rtmutex core to support ww_mutex")
Reported-by: Sebastian Siewior <bigeasy@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20210825102454.042280541@linutronix.de