Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

	struct futex_q *this, *next;

	DEFINE_WAKE_Q(wake_q);

	if (nr_wake < 0 || nr_requeue < 0)

		return -EINVAL;

	/*

	 * When PI not supported: return -ENOSYS if requeue_pi is true,

	 * consequently the compiler knows requeue_pi is always false past

	spin_unlock(q->lock_ptr);

}

/*

 * Fixup the pi_state owner with the new owner.

 *

 * Must be called with hash bucket lock held and mm->sem held for non

 * private futexes.

 */

static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,

				struct task_struct *newowner)

				struct task_struct *argowner)

{

	u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;

	struct futex_pi_state *pi_state = q->pi_state;

	u32 uval, uninitialized_var(curval), newval;

	struct task_struct *oldowner;

	struct task_struct *oldowner, *newowner;

	u32 newtid;

	int ret;

	lockdep_assert_held(q->lock_ptr);

	raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);

	oldowner = pi_state->owner;

		newtid |= FUTEX_OWNER_DIED;

	/*

	 * We are here either because we stole the rtmutex from the

	 * previous highest priority waiter or we are the highest priority

	 * waiter but have failed to get the rtmutex the first time.

	 * We are here because either:

	 *

	 *  - we stole the lock and pi_state->owner needs updating to reflect

	 *    that (@argowner == current),

	 *

	 * or:

	 *

	 *  - someone stole our lock and we need to fix things to point to the

	 *    new owner (@argowner == NULL).

	 *

	 * We have to replace the newowner TID in the user space variable.

	 * Either way, we have to replace the TID in the user space variable.

	 * This must be atomic as we have to preserve the owner died bit here.

	 *

	 * Note: We write the user space value _before_ changing the pi_state

	 * in the PID check in lookup_pi_state.

	 */

retry:

	if (!argowner) {

		if (oldowner != current) {

			/*

			 * We raced against a concurrent self; things are

			 * already fixed up. Nothing to do.

			 */

			ret = 0;

			goto out_unlock;

		}

		if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) {

			/* We got the lock after all, nothing to fix. */

			ret = 0;

			goto out_unlock;

		}

		/*

		 * Since we just failed the trylock; there must be an owner.

		 */

		newowner = rt_mutex_owner(&pi_state->pi_mutex);

		BUG_ON(!newowner);

	} else {

		WARN_ON_ONCE(argowner != current);

		if (oldowner == current) {

			/*

			 * We raced against a concurrent self; things are

			 * already fixed up. Nothing to do.

			 */

			ret = 0;

			goto out_unlock;

		}

		newowner = argowner;

	}

	newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;

	if (get_futex_value_locked(&uval, uaddr))

		goto handle_fault;

		 * Got the lock. We might not be the anticipated owner if we

		 * did a lock-steal - fix up the PI-state in that case:

		 *

		 * We can safely read pi_state->owner without holding wait_lock

		 * because we now own the rt_mutex, only the owner will attempt

		 * to change it.

		 * Speculative pi_state->owner read (we don't hold wait_lock);

		 * since we own the lock pi_state->owner == current is the

		 * stable state, anything else needs more attention.

		 */

		if (q->pi_state->owner != current)

			ret = fixup_pi_state_owner(uaddr, q, current);

		goto out;

	}

	/*

	 * If we didn't get the lock; check if anybody stole it from us. In

	 * that case, we need to fix up the uval to point to them instead of

	 * us, otherwise bad things happen. [10]

	 *

	 * Another speculative read; pi_state->owner == current is unstable

	 * but needs our attention.

	 */

	if (q->pi_state->owner == current) {

		ret = fixup_pi_state_owner(uaddr, q, NULL);

		goto out;

	}

	/*

	 * Paranoia check. If we did not take the lock, then we should not be

	 * the owner of the rt_mutex.

	return ret;

}

static inline int __rt_mutex_slowtrylock(struct rt_mutex *lock)

{

	int ret = try_to_take_rt_mutex(lock, current, NULL);

	/*

	 * try_to_take_rt_mutex() sets the lock waiters bit

	 * unconditionally. Clean this up.

	 */

	fixup_rt_mutex_waiters(lock);

	return ret;

}

/*

 * Slow path try-lock function:

 */

	 */

	raw_spin_lock_irqsave(&lock->wait_lock, flags);

	ret = try_to_take_rt_mutex(lock, current, NULL);

	/*

	 * try_to_take_rt_mutex() sets the lock waiters bit

	 * unconditionally. Clean this up.

	 */

	fixup_rt_mutex_waiters(lock);

	ret = __rt_mutex_slowtrylock(lock);

	raw_spin_unlock_irqrestore(&lock->wait_lock, flags);

	return rt_mutex_slowtrylock(lock);

}

int __sched __rt_mutex_futex_trylock(struct rt_mutex *lock)

{

	return __rt_mutex_slowtrylock(lock);

}

/**

 * rt_mutex_timed_lock - lock a rt_mutex interruptible

 *			the timeout structure is provided

				 struct rt_mutex_waiter *waiter);

extern int rt_mutex_futex_trylock(struct rt_mutex *l);

extern int __rt_mutex_futex_trylock(struct rt_mutex *l);

extern void rt_mutex_futex_unlock(struct rt_mutex *lock);

extern bool __rt_mutex_futex_unlock(struct rt_mutex *lock,