futex: Add mutex around futex exit

[mirror_ubuntu-bionic-kernel.git] / kernel / futex.c

diff --git a/kernel/futex.c b/kernel/futex.c
index 1857bb50b6cb92036d9b9e9b5343181740aa3be4..959af4463c408121f00a4c05a01bfb2dc6a02370 100644 (file)
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -3721,11 +3721,22 @@ static void futex_cleanup(struct task_struct *tsk)
  */
 void futex_exit_recursive(struct task_struct *tsk)
 {
+       /* If the state is FUTEX_STATE_EXITING then futex_exit_mutex is held */
+       if (tsk->futex_state == FUTEX_STATE_EXITING)
+               mutex_unlock(&tsk->futex_exit_mutex);
        tsk->futex_state = FUTEX_STATE_DEAD;
 }
 
 static void futex_cleanup_begin(struct task_struct *tsk)
 {
+       /*
+        * Prevent various race issues against a concurrent incoming waiter
+        * including live locks by forcing the waiter to block on
+        * tsk->futex_exit_mutex when it observes FUTEX_STATE_EXITING in
+        * attach_to_pi_owner().
+        */
+       mutex_lock(&tsk->futex_exit_mutex);
+
        /*
         * Switch the state to FUTEX_STATE_EXITING under tsk->pi_lock.
         *
@@ -3749,6 +3760,11 @@ static void futex_cleanup_end(struct task_struct *tsk, int state)
         * take another loop until it becomes visible.
         */
        tsk->futex_state = state;
+       /*
+        * Drop the exit protection. This unblocks waiters which observed
+        * FUTEX_STATE_EXITING to reevaluate the state.
+        */
+       mutex_unlock(&tsk->futex_exit_mutex);
 }
 
 void futex_exec_release(struct task_struct *tsk)