git.baikalelectronics.ru Git - kernel.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Thu, 2 Sep 2021 09:48:48 +0000 (11:48 +0200)
committer	Thomas Gleixner <tglx@linutronix.de>
	Thu, 2 Sep 2021 20:07:18 +0000 (22:07 +0200)
commit	f951db7b76b257b7e1e16bbd867d47f156eb76e1
tree	3b1b8d7ef6f04d3c813f2ceeb3641da8f66132db	tree \| snapshot
parent	b1e535d4a79ea39316266eea01faf2582dc02639	commit \| diff

futex: Prevent inconsistent state and exit race

The recent rework of the requeue PI code introduced a possibility for
going back to user space in inconsistent state:

CPU 0 CPU 1

requeue_futex()
  if (lock_pifutex_user()) {
      dequeue_waiter();
      wake_waiter(task);
sched_in(task);
      return_from_futex_syscall();

  ---> Inconsistent state because PI state is not established

It becomes worse if the woken up task immediately exits:

sys_exit();

      attach_pistate(vpid); <--- FAIL

Attach the pi state before dequeuing and waking the waiter. If the waiter
gets a spurious wakeup before the dequeue operation it will wait in
futex_requeue_pi_wakeup_sync() and therefore cannot return and exit.

Fixes: f00a538ff449 ("futex: Prevent requeue_pi() lock nesting issue on RT")
Reported-by: syzbot+4d1bd0725ef09168e1a0@syzkaller.appspotmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20210902094414.558914045@linutronix.de