Loading kernel/futex.c +18 −2 Original line number Diff line number Diff line Loading @@ -988,8 +988,7 @@ void exit_pi_state_list(struct task_struct *curr) * FUTEX_OWNER_DIED bit. See [4] * * [10] There is no transient state which leaves owner and user space * TID out of sync. Except one error case where the kernel is denied * write access to the user address, see fixup_pi_state_owner(). * TID out of sync. */ /* Loading Loading @@ -2654,6 +2653,13 @@ static int futex_lock_pi(u32 __user *uaddr, unsigned int flags, if (res) ret = (res < 0) ? res : 0; /* * If fixup_owner() faulted and was unable to handle the fault, unlock * it and return the fault to userspace. */ if (ret && (rt_mutex_owner(&q.pi_state->pi_mutex) == current)) rt_mutex_unlock(&q.pi_state->pi_mutex); /* Unqueue and drop the lock */ unqueue_me_pi(&q); Loading Loading @@ -2958,6 +2964,8 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, if (q.pi_state && (q.pi_state->owner != current)) { spin_lock(q.lock_ptr); ret = fixup_pi_state_owner(uaddr2, &q, current); if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current) rt_mutex_unlock(&q.pi_state->pi_mutex); /* * Drop the reference to the pi state which * the requeue_pi() code acquired for us. Loading Loading @@ -2994,6 +3002,14 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, if (res) ret = (res < 0) ? res : 0; /* * If fixup_pi_state_owner() faulted and was unable to handle * the fault, unlock the rt_mutex and return the fault to * userspace. */ if (ret && rt_mutex_owner(pi_mutex) == current) rt_mutex_unlock(pi_mutex); /* Unqueue and drop the lock. */ unqueue_me_pi(&q); } Loading Loading
kernel/futex.c +18 −2 Original line number Diff line number Diff line Loading @@ -988,8 +988,7 @@ void exit_pi_state_list(struct task_struct *curr) * FUTEX_OWNER_DIED bit. See [4] * * [10] There is no transient state which leaves owner and user space * TID out of sync. Except one error case where the kernel is denied * write access to the user address, see fixup_pi_state_owner(). * TID out of sync. */ /* Loading Loading @@ -2654,6 +2653,13 @@ static int futex_lock_pi(u32 __user *uaddr, unsigned int flags, if (res) ret = (res < 0) ? res : 0; /* * If fixup_owner() faulted and was unable to handle the fault, unlock * it and return the fault to userspace. */ if (ret && (rt_mutex_owner(&q.pi_state->pi_mutex) == current)) rt_mutex_unlock(&q.pi_state->pi_mutex); /* Unqueue and drop the lock */ unqueue_me_pi(&q); Loading Loading @@ -2958,6 +2964,8 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, if (q.pi_state && (q.pi_state->owner != current)) { spin_lock(q.lock_ptr); ret = fixup_pi_state_owner(uaddr2, &q, current); if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current) rt_mutex_unlock(&q.pi_state->pi_mutex); /* * Drop the reference to the pi state which * the requeue_pi() code acquired for us. Loading Loading @@ -2994,6 +3002,14 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, if (res) ret = (res < 0) ? res : 0; /* * If fixup_pi_state_owner() faulted and was unable to handle * the fault, unlock the rt_mutex and return the fault to * userspace. */ if (ret && rt_mutex_owner(pi_mutex) == current) rt_mutex_unlock(pi_mutex); /* Unqueue and drop the lock. */ unqueue_me_pi(&q); } Loading
