]> git.baikalelectronics.ru Git - kernel.git/commit
futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi()
authorDarren Hart <dvhart@linux.intel.com>
Fri, 20 Jul 2012 18:53:31 +0000 (11:53 -0700)
committerThomas Gleixner <tglx@linutronix.de>
Tue, 24 Jul 2012 14:02:57 +0000 (16:02 +0200)
commitc6e78ffbb40bcfa04650c9cbc8f19fd142e0aa0f
tree23bf0f7ccfeea44ef9aa8057d53ade47b69a8a44
parent599af5c599feaa25db7e70f03819b6d90a0e9c41
futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi()

If uaddr == uaddr2, then we have broken the rule of only requeueing
from a non-pi futex to a pi futex with this call. If we attempt this,
as the trinity test suite manages to do, we miss early wakeups as
q.key is equal to key2 (because they are the same uaddr). We will then
attempt to dereference the pi_mutex (which would exist had the futex_q
been properly requeued to a pi futex) and trigger a NULL pointer
dereference.

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Dave Jones <davej@redhat.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/ad82bfe7f7d130247fbe2b5b4275654807774227.1342809673.git.dvhart@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
kernel/futex.c