Commit bd1dbcc6 authored by Thomas Gleixner's avatar Thomas Gleixner

futex: Use futex_top_waiter() in lookup_pi_state()

No point in open coding the same function again.
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Reviewed-by: default avatarDarren Hart <darren@dvhart.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Davidlohr Bueso <davidlohr@hp.com>
Cc: Kees Cook <kees@outflux.net>
Cc: wad@chromium.org
Link: http://lkml.kernel.org/r/20140611204237.092947239@linutronix.deSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
parent ccf9e6a8
...@@ -796,87 +796,85 @@ static int ...@@ -796,87 +796,85 @@ static int
lookup_pi_state(u32 uval, struct futex_hash_bucket *hb, lookup_pi_state(u32 uval, struct futex_hash_bucket *hb,
union futex_key *key, struct futex_pi_state **ps) union futex_key *key, struct futex_pi_state **ps)
{ {
struct futex_q *match = futex_top_waiter(hb, key);
struct futex_pi_state *pi_state = NULL; struct futex_pi_state *pi_state = NULL;
struct futex_q *this, *next;
struct task_struct *p; struct task_struct *p;
pid_t pid = uval & FUTEX_TID_MASK; pid_t pid = uval & FUTEX_TID_MASK;
plist_for_each_entry_safe(this, next, &hb->chain, list) { if (match) {
if (match_futex(&this->key, key)) { /*
/* * Sanity check the waiter before increasing the
* Sanity check the waiter before increasing * refcount and attaching to it.
* the refcount and attaching to it. */
*/ pi_state = match->pi_state;
pi_state = this->pi_state; /*
/* * Userspace might have messed up non-PI and PI
* Userspace might have messed up non-PI and * futexes [3]
* PI futexes [3] */
*/ if (unlikely(!pi_state))
if (unlikely(!pi_state)) return -EINVAL;
return -EINVAL;
WARN_ON(!atomic_read(&pi_state->refcount)); WARN_ON(!atomic_read(&pi_state->refcount));
/*
* Handle the owner died case:
*/
if (uval & FUTEX_OWNER_DIED) {
/* /*
* Handle the owner died case: * exit_pi_state_list sets owner to NULL and
* wakes the topmost waiter. The task which
* acquires the pi_state->rt_mutex will fixup
* owner.
*/ */
if (uval & FUTEX_OWNER_DIED) { if (!pi_state->owner) {
/* /*
* exit_pi_state_list sets owner to NULL and * No pi state owner, but the user
* wakes the topmost waiter. The task which * space TID is not 0. Inconsistent
* acquires the pi_state->rt_mutex will fixup * state. [5]
* owner.
*/ */
if (!pi_state->owner) { if (pid)
/* return -EINVAL;
* No pi state owner, but the user
* space TID is not 0. Inconsistent
* state. [5]
*/
if (pid)
return -EINVAL;
/*
* Take a ref on the state and
* return. [4]
*/
goto out_state;
}
/*
* If TID is 0, then either the dying owner
* has not yet executed exit_pi_state_list()
* or some waiter acquired the rtmutex in the
* pi state, but did not yet fixup the TID in
* user space.
*
* Take a ref on the state and return. [6]
*/
if (!pid)
goto out_state;
} else {
/* /*
* If the owner died bit is not set, * Take a ref on the state and
* then the pi_state must have an * return. [4]
* owner. [7]
*/ */
if (!pi_state->owner) goto out_state;
return -EINVAL;
} }
/* /*
* Bail out if user space manipulated the * If TID is 0, then either the dying owner
* futex value. If pi state exists then the * has not yet executed exit_pi_state_list()
* owner TID must be the same as the user * or some waiter acquired the rtmutex in the
* space TID. [9/10] * pi state, but did not yet fixup the TID in
* user space.
*
* Take a ref on the state and return. [6]
*/
if (!pid)
goto out_state;
} else {
/*
* If the owner died bit is not set,
* then the pi_state must have an
* owner. [7]
*/ */
if (pid != task_pid_vnr(pi_state->owner)) if (!pi_state->owner)
return -EINVAL; return -EINVAL;
out_state:
atomic_inc(&pi_state->refcount);
*ps = pi_state;
return 0;
} }
/*
* Bail out if user space manipulated the
* futex value. If pi state exists then the
* owner TID must be the same as the user
* space TID. [9/10]
*/
if (pid != task_pid_vnr(pi_state->owner))
return -EINVAL;
out_state:
atomic_inc(&pi_state->refcount);
*ps = pi_state;
return 0;
} }
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment