torvalds/linux
3
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-03-30 19:27:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
4f07ec0d76f242d4ca0f0c0c6f7293c28254a554
linux/kernel
History
Thomas Gleixner 4f07ec0d76 futex: Prevent inconsistent state and exit race 
The recent rework of the requeue PI code introduced a possibility for
going back to user space in inconsistent state:

CPU 0				CPU 1

requeue_futex()
  if (lock_pifutex_user()) {
      dequeue_waiter();
      wake_waiter(task);
				sched_in(task);
     				return_from_futex_syscall();

  ---> Inconsistent state because PI state is not established

It becomes worse if the woken up task immediately exits:

				sys_exit();
				
      attach_pistate(vpid);	<--- FAIL


Attach the pi state before dequeuing and waking the waiter. If the waiter
gets a spurious wakeup before the dequeue operation it will wait in
futex_requeue_pi_wakeup_sync() and therefore cannot return and exit.

Fixes: 07d91ef510 ("futex: Prevent requeue_pi() lock nesting issue on RT")
Reported-by: syzbot+4d1bd0725ef09168e1a0@syzkaller.appspotmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20210902094414.558914045@linutronix.de
2021-09-02 22:07:18 +02:00
..
bpf
bpf: Fix ringbuf helper function compatibility
2021-08-23 23:09:10 +02:00
cgroup
Merge tag 'sched-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-08-30 13:42:10 -07:00
configs
drivers/char: remove /dev/kmem for good
2021-05-07 00:26:34 -07:00
debug
kernel: debug: Fix unreachable code in gdb_serial_stub()
2021-07-12 11:03:35 -05:00
dma
dma-mapping: handle vmalloc addresses in dma_common_{mmap,get_sgtable}
2021-07-16 11:30:26 +02:00
entry
tick/nohz: Only check for RCU deferred wakeup on user/guest entry when needed
2021-05-31 10:14:49 +02:00
events
perf/hw_breakpoint: Replace deprecated CPU-hotplug functions
2021-08-26 09:14:36 +02:00
gcov
Kconfig: Introduce ARCH_WANTS_NO_INSTR and CC_HAS_NO_PROFILE_FN_ATTR
2021-06-22 11:07:18 -07:00
irq
Merge tag 'irq-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-08-30 14:38:37 -07:00
kcsan
kcsan: use u64 instead of cycles_t
2021-07-30 17:09:02 +02:00
livepatch
Merge tag 'livepatching-for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching
2021-04-27 18:14:38 -07:00
locking
locking/rwsem: Add missing __init_rwsem() for PREEMPT_RT
2021-09-02 22:07:17 +02:00
power
PM: hibernate: disable when there are active secretmem users
2021-07-08 11:48:21 -07:00
printk
Merge tag 'printk-for-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux
2021-06-29 12:07:18 -07:00
rcu
Merge tag 'locking-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-08-30 14:26:36 -07:00
sched
Merge tag 'locking-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-08-30 14:26:36 -07:00
time
clocksource: Make clocksource watchdog test safe for slow-HZ systems
2021-08-28 17:01:32 +02:00
trace
Merge tag 's390-5.15-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
2021-08-30 13:07:15 -07:00
.gitignore
.gitignore: prefix local generated files with a slash
2021-05-02 00:43:35 +09:00
acct.c
kernel/acct.c: use #elif instead of #end and #elif
2020-12-15 22:46:15 -08:00
async.c
kernel/async.c: remove async_unregister_domain()
2021-05-07 00:26:33 -07:00
audit_fsnotify.c
audit_alloc_mark(): don't open-code ERR_CAST()
2021-02-23 10:25:27 -05:00
audit_tree.c
audit: Use list_move instead of list_del/list_add
2021-06-08 22:18:35 -04:00
audit_watch.c
fsnotify: generalize handle_inode_event()
2020-12-03 14:58:35 +01:00
audit.c
lsm: separate security_task_getsecid() into subjective and objective variants
2021-03-22 15:23:32 -04:00
audit.h
audit: remove trailing spaces and tabs
2021-06-10 20:59:05 -04:00
auditfilter.c
lsm: separate security_task_getsecid() into subjective and objective variants
2021-03-22 15:23:32 -04:00
auditsc.c
audit: remove trailing spaces and tabs
2021-06-10 20:59:05 -04:00
backtracetest.c
bounds.c
capability.c
capability: handle idmapped mounts
2021-01-24 14:27:16 +01:00
cfi.c
cfi: Use rcu_read_{un}lock_sched_notrace
2021-08-11 13:11:12 -07:00
compat.c
configs.c
context_tracking.c
cpu_pm.c
cpu.c
cpu/hotplug: Add debug printks for hotplug callback failures
2021-08-10 18:31:32 +02:00
crash_core.c
kdump: use vmlinux_build_id to simplify
2021-07-08 11:48:22 -07:00
crash_dump.c
cred.c
ucounts: Increase ucounts reference counter before the security hook
2021-08-23 16:13:04 -05:00
delayacct.c
delayacct: Add sysctl to enable at runtime
2021-05-12 11:43:25 +02:00
dma.c
exec_domain.c
exit.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2021-06-28 20:39:26 -07:00
extable.c
fail_function.c
fault-injection: handle EI_ETYPE_TRUE
2020-12-15 22:46:19 -08:00
fork.c
Merge tag 'sched-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-08-30 13:42:10 -07:00
freezer.c
sched: Add get_current_state()
2021-06-18 11:43:08 +02:00
futex.c
futex: Prevent inconsistent state and exit race
2021-09-02 22:07:18 +02:00
gen_kheaders.sh
kbuild: clean up ${quiet} checks in shell scripts
2021-05-27 04:01:50 +09:00
groups.c
groups: simplify struct group_info allocation
2021-02-26 09:41:03 -08:00
hung_task.c
Merge branch 'akpm' (patches from Andrew)
2021-07-02 12:08:10 -07:00
iomem.c
irq_work.c
irq_work: Make irq_work_queue() NMI-safe again
2021-06-10 10:00:08 +02:00
jump_label.c
jump_label: Fix jump_label_text_reserved() vs __init
2021-07-05 10:46:20 +02:00
kallsyms.c
module: add printk formats to add module build ID to stacktraces
2021-07-08 11:48:22 -07:00
kcmp.c
Merge branch 'exec-update-lock-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-12-15 19:36:48 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
locking/rwlock: Provide RT variant
2021-08-17 17:50:51 +02:00
Kconfig.preempt
sched/core: Disable CONFIG_SCHED_CORE by default
2021-06-28 22:43:05 +02:00
kcov.c
kernel: make kcov_common_handle consider the current context
2020-11-02 18:00:20 -08:00
kexec_core.c
kernel.h: split out panic and oops helpers
2021-07-01 11:06:04 -07:00
kexec_elf.c
kexec_file.c
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
2021-05-07 00:26:32 -07:00
kexec_internal.h
kexec: move machine_kexec_post_load() to public interface
2021-02-22 12:33:26 +00:00
kexec.c
LSM: Introduce kernel_post_load_data() hook
2020-10-05 13:37:03 +02:00
kheaders.c
kmod.c
modules: add CONFIG_MODPROBE_PATH
2021-05-07 00:26:33 -07:00
kprobes.c
Merge tag 'locking-urgent-2021-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-07-11 11:06:09 -07:00
ksysfs.c
kthread.c
Merge branch 'akpm' (patches from Andrew)
2021-06-29 17:29:11 -07:00
latencytop.c
Makefile
kbuild: update config_data.gz only when the content of .config is changed
2021-05-02 00:43:35 +09:00
module_signature.c
module: harden ELF info handling
2021-01-19 10:24:45 +01:00
module_signing.c
module: harden ELF info handling
2021-01-19 10:24:45 +01:00
module-internal.h
module.c
module: add printk formats to add module build ID to stacktraces
2021-07-08 11:48:22 -07:00
notifier.c
nsproxy.c
Merge tag 'fixes-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
2020-12-14 16:40:27 -08:00
padata.c
padata: Remove repeated verbose license text
2021-08-27 16:30:18 +08:00
panic.c
kernel.h: split out panic and oops helpers
2021-07-01 11:06:04 -07:00
params.c
Merge tag 'modules-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux
2020-12-17 13:01:31 -08:00
pid_namespace.c
Merge tag 'fixes-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
2020-12-14 16:40:27 -08:00
pid.c
kernel/pid.c: implement additional checks upon pidfd_create() parameters
2021-08-10 12:53:07 +02:00
profile.c
kernel: Initialize cpumask before parsing
2021-04-10 13:35:54 +02:00
ptrace.c
sched: Change task_struct::state
2021-06-18 11:43:09 +02:00
range.c
kernel.h: split out min()/max() et al. helpers
2020-10-16 11:11:19 -07:00
reboot.c
reboot: Add hardware protection power-off
2021-06-21 13:08:36 +01:00
regset.c
relay.c
relay: allow the use of const callback structs
2020-12-15 22:46:18 -08:00
resource_kunit.c
resource: provide meaningful MODULE_LICENSE() in test suite
2020-11-25 18:52:35 +01:00
resource.c
kernel/resource: fix return code check in __request_free_mem_region
2021-05-14 19:41:32 -07:00
rseq.c
rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs()
2021-04-14 18:04:09 +02:00
scftorture.c
scftorture: Avoid NULL pointer exception on early exit
2021-07-27 11:39:30 -07:00
scs.c
scs: switch to vmapped shadow stacks
2020-12-01 10:30:28 +00:00
seccomp.c
seccomp: Fix setting loaded filter count during TSYNC
2021-08-11 11:48:28 -07:00
signal.c
posix-cpu-timers: Assert task sighand is locked while starting cputime counter
2021-08-10 17:09:58 +02:00
smp.c
smp: Fix all kernel-doc warnings
2021-08-11 14:47:16 +02:00
smpboot.c
smpboot: Replace deprecated CPU-hotplug functions.
2021-08-10 14:57:42 +02:00
smpboot.h
softirq.c
genirq: Change force_irqthreads to a static key
2021-08-10 22:50:07 +02:00
stackleak.c
stacktrace.c
static_call.c
static_call: Fix static_call_text_reserved() vs __init
2021-07-05 10:46:33 +02:00
stop_machine.c
stop_machine: Add caller debug info to queue_stop_cpus_work
2021-03-23 16:01:58 +01:00
sys_ni.c
mm: introduce memfd_secret system call to create "secret" memory areas
2021-07-08 11:48:21 -07:00
sys.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2021-06-28 20:39:26 -07:00
sysctl-test.c
kernel/sysctl-test: Remove some casts which are no-longer required
2021-06-23 16:41:24 -06:00
sysctl.c
Merge branch 'akpm' (patches from Andrew)
2021-07-02 12:08:10 -07:00
task_work.c
kasan: record task_work_add() call stack
2021-04-30 11:20:42 -07:00
taskstats.c
treewide: rename nla_strlcpy to nla_strscpy.
2020-11-16 08:08:54 -08:00
test_kprobes.c
torture.c
torture: Replace deprecated CPU-hotplug functions.
2021-08-10 10:48:07 -07:00
tracepoint.c
tracepoint: Use rcu get state and cond sync for static call updates
2021-08-06 10:54:41 -04:00
tsacct.c
ucount.c
ucounts: add missing data type changes
2021-08-09 15:45:02 -05:00
uid16.c
uid16.h
umh.c
kernel/umh.c: fix some spelling mistakes
2021-05-07 00:26:34 -07:00
up.c
Merge tag 'locking-urgent-2021-05-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-05-09 13:07:03 -07:00
user_namespace.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2021-06-28 20:39:26 -07:00
user-return-notifier.c
user.c
Reimplement RLIMIT_MEMLOCK on top of ucounts
2021-04-30 14:14:02 -05:00
usermode_driver.c
Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2021-07-03 11:41:14 -07:00
utsname_sysctl.c
utsname.c
watch_queue.c
watch_queue: rectify kernel-doc for init_watch()
2021-01-26 11:16:34 +00:00
watchdog_hld.c
watchdog.c
kernel: watchdog: modify the explanation related to watchdog thread
2021-06-29 10:53:46 -07:00
workqueue_internal.h
workqueue.c
workqueue: fix UAF in pwq_unbound_release_workfn()
2021-07-21 06:42:31 -10:00