futex: PI state locking fix

Testing of -rt by IBM uncovered a locking bug in wake_futex_pi(): the PI state needs to be locked before we access it. Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Thomas Gleixner <tglx@linutronix.de> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Ingo Molnar <mingo@elte.hu> 2007-03-16 13:38:31 -0800
committer: Greg Kroah-Hartman <gregkh@suse.de> 2007-03-23 12:49:23 -0700
commit: 120d6d2e32028348c630abb1aa4a68a83dfe6d8e (patch)
tree: 0f91aab962512de1d66b9893505b4726850ab38e
parent: 2e84657dbb433207cac7edfa45f755c8312fb15b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/futex.c b/kernel/futex.c
index 5a737de857d3..1df411e6be33 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -565,6 +565,7 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this)
 	if (!pi_state)
 		return -EINVAL;
 
+	spin_lock(&pi_state->pi_mutex.wait_lock);
 	new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
 
 	/*
@@ -604,6 +605,7 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this)
 	pi_state->owner = new_owner;
 	spin_unlock_irq(&new_owner->pi_lock);
 
+	spin_unlock(&pi_state->pi_mutex.wait_lock);
 	rt_mutex_unlock(&pi_state->pi_mutex);
 
 	return 0;
author	Ingo Molnar <mingo@elte.hu>	2007-03-16 13:38:31 -0800
committer	Greg Kroah-Hartman <gregkh@suse.de>	2007-03-23 12:49:23 -0700
commit	120d6d2e32028348c630abb1aa4a68a83dfe6d8e (patch)
tree	0f91aab962512de1d66b9893505b4726850ab38e
parent	2e84657dbb433207cac7edfa45f755c8312fb15b (diff)