From 8367b3f2def4d1b741f20676651efc212443bfbc Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Mon, 14 Mar 2011 10:34:35 +0100 Subject: [PATCH] --- yaml --- r: 234308 b: refs/heads/master c: 6e0aa9f8a8190e0879a29bd67aa606b51734a122 h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/kernel/futex.c | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/[refs] b/[refs] index a501bd6c73d5..46a7407f92ad 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 995612178c88407d8330f580ba6572cb8b284dd8 +refs/heads/master: 6e0aa9f8a8190e0879a29bd67aa606b51734a122 diff --git a/trunk/kernel/futex.c b/trunk/kernel/futex.c index c6bef6e404fe..e9251d934f7d 100644 --- a/trunk/kernel/futex.c +++ b/trunk/kernel/futex.c @@ -2458,9 +2458,20 @@ int handle_futex_death(u32 __user *uaddr, struct task_struct *curr, int pi) * userspace. */ mval = (uval & FUTEX_WAITERS) | FUTEX_OWNER_DIED; - if (futex_atomic_cmpxchg_inatomic(&nval, uaddr, uval, mval)) - return -1; - + /* + * We are not holding a lock here, but we want to have + * the pagefault_disable/enable() protection because + * we want to handle the fault gracefully. If the + * access fails we try to fault in the futex with R/W + * verification via get_user_pages. get_user() above + * does not guarantee R/W access. If that fails we + * give up and leave the futex locked. + */ + if (cmpxchg_futex_value_locked(&nval, uaddr, uval, mval)) { + if (fault_in_user_writeable(uaddr)) + return -1; + goto retry; + } if (nval != uval) goto retry;