diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2024-02-01 14:33:26 -0800 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2024-02-01 15:12:37 -0800 |
| commit | cf244463a286ea57ea7e63c33614d302f776e62e (patch) | |
| tree | caa068596cbfea621376822e30ab545c6516b2c7 /kernel/futex/core.c | |
| parent | cacfd6bfc381ce0e71dfb4ab902ca0fb0e1abe0f (diff) | |
| parent | 41b9fb381a486360b2daaec0c7480f8e3ff72bc7 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Cross-merge networking fixes after downstream PR.
No conflicts or adjacent changes.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'kernel/futex/core.c')
| -rw-r--r-- | kernel/futex/core.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/kernel/futex/core.c b/kernel/futex/core.c index e0e853412c15..1e78ef24321e 100644 --- a/kernel/futex/core.c +++ b/kernel/futex/core.c @@ -627,12 +627,21 @@ retry: } /* - * PI futexes can not be requeued and must remove themselves from the - * hash bucket. The hash bucket lock (i.e. lock_ptr) is held. + * PI futexes can not be requeued and must remove themselves from the hash + * bucket. The hash bucket lock (i.e. lock_ptr) is held. */ void futex_unqueue_pi(struct futex_q *q) { - __futex_unqueue(q); + /* + * If the lock was not acquired (due to timeout or signal) then the + * rt_waiter is removed before futex_q is. If this is observed by + * an unlocker after dropping the rtmutex wait lock and before + * acquiring the hash bucket lock, then the unlocker dequeues the + * futex_q from the hash bucket list to guarantee consistent state + * vs. userspace. Therefore the dequeue here must be conditional. + */ + if (!plist_node_empty(&q->list)) + __futex_unqueue(q); BUG_ON(!q->pi_state); put_pi_state(q->pi_state); |