linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 13:55:32 +00:00

No description

Find a file

Peter Zijlstra 1352130fe6 futex: Avoid violating the 10th rule of futex commit `c1e2f0eaf0` upstream. Julia reported futex state corruption in the following scenario: waiter waker stealer (prio > waiter) futex(WAIT_REQUEUE_PI, uaddr, uaddr2, timeout=[N ms]) futex_wait_requeue_pi() futex_wait_queue_me() freezable_schedule() <scheduled out> futex(LOCK_PI, uaddr2) futex(CMP_REQUEUE_PI, uaddr, uaddr2, 1, 0) /* requeues waiter to uaddr2 / futex(UNLOCK_PI, uaddr2) wake_futex_pi() cmp_futex_value_locked(uaddr2, waiter) wake_up_q() <woken by waker> <hrtimer_wakeup() fires, clears sleeper->task> futex(LOCK_PI, uaddr2) __rt_mutex_start_proxy_lock() try_to_take_rt_mutex() / steals lock / rt_mutex_set_owner(lock, stealer) <preempted> <scheduled in> rt_mutex_wait_proxy_lock() __rt_mutex_slowlock() try_to_take_rt_mutex() / fails, lock held by stealer / if (timeout && !timeout->task) return -ETIMEDOUT; fixup_owner() / lock wasn't acquired, so, fixup_pi_state_owner skipped / return -ETIMEDOUT; / At this point, we've returned -ETIMEDOUT to userspace, but the * futex word shows waiter to be the owner, and the pi_mutex has * stealer as the owner */ futex_lock(LOCK_PI, uaddr2) -> bails with EDEADLK, futex word says we're owner. And suggested that what commit: `73d786bd04` ("futex: Rework inconsistent rt_mutex/futex_q state") removes from fixup_owner() looks to be just what is needed. And indeed it is -- I completely missed that requeue_pi could also result in this case. So we need to restore that, except that subsequent patches, like commit: `16ffa12d74` ("futex: Pull rt_mutex_futex_unlock() out from under hb->lock") changed all the locking rules. Even without that, the sequence: - if (rt_mutex_futex_trylock(&q->pi_state->pi_mutex)) { - locked = 1; - goto out; - } - raw_spin_lock_irq(&q->pi_state->pi_mutex.wait_lock); - owner = rt_mutex_owner(&q->pi_state->pi_mutex); - if (!owner) - owner = rt_mutex_next_owner(&q->pi_state->pi_mutex); - raw_spin_unlock_irq(&q->pi_state->pi_mutex.wait_lock); - ret = fixup_pi_state_owner(uaddr, q, owner); already suggests there were races; otherwise we'd never have to look at next_owner. So instead of doing 3 consecutive wait_lock sections with who knows what races, we do it all in a single section. Additionally, the usage of pi_state->owner in fixup_owner() was only safe because only the rt_mutex owner would modify it, which this additional case wrecks. Luckily the values can only change away and not to the value we're testing, this means we can do a speculative test and double check once we have the wait_lock. Fixes: `73d786bd04` ("futex: Rework inconsistent rt_mutex/futex_q state") Reported-by: Julia Cartwright <julia@ni.com> Reported-by: Gratian Crisan <gratian.crisan@ni.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Tested-by: Julia Cartwright <julia@ni.com> Tested-by: Gratian Crisan <gratian.crisan@ni.com> Cc: Darren Hart <dvhart@infradead.org> Link: https://lkml.kernel.org/r/20171208124939.7livp7no2ov65rrc@hirez.programming.kicks-ass.net Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2018-01-23 19:58:11 +01:00
arch	powerpc/powernv: Check device-tree for RFI flush settings	2018-01-23 19:58:11 +01:00
block	block: don't let passthrough IO go into .make_request_fn()	2018-01-02 20:31:05 +01:00
certs	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
crypto	crypto: algapi - fix NULL dereference in crypto_remove_spawns()	2018-01-17 09:45:23 +01:00
Documentation	x86/spectre: Add boot time option to select Spectre v2 mitigation	2018-01-17 09:45:29 +01:00
drivers	drm/nouveau/disp/gf119: add missing drive vfunc ptr	2018-01-23 19:58:09 +01:00
firmware	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
fs	x86 / CPU: Always show current CPU frequency in /proc/cpuinfo	2018-01-10 09:31:20 +01:00
include	sysfs/cpu: Add vulnerability folder	2018-01-17 09:45:27 +01:00
init	x86/mm/pti: Add infrastructure for page table isolation	2018-01-02 20:30:56 +01:00
ipc	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
kernel	futex: Avoid violating the 10th rule of futex	2018-01-23 19:58:11 +01:00
lib	x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*'	2017-12-25 14:26:13 +01:00
mm	mm/sparse.c: wrong allocation for mem_section	2018-01-10 09:31:17 +01:00
net	Bluetooth: Prevent stack info leak from the EFS element.	2018-01-17 09:45:26 +01:00
samples	samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1	2017-12-20 10:10:31 +01:00
scripts	linux/compiler.h: Split into compiler.h and compiler_types.h	2017-12-25 14:26:33 +01:00
security	security/Kconfig: Correct the Documentation reference for PTI	2018-01-17 09:45:30 +01:00
sound	ALSA: aloop: Fix racy hw constraints adjustment	2018-01-17 09:45:20 +01:00
tools	objtool: Fix seg fault caused by missing parameter	2018-01-23 19:58:09 +01:00
usr	initramfs: fix initramfs rebuilds w/ compression after disabling	2017-11-03 07:39:19 -07:00
virt	KVM: Fix stack-out-of-bounds read in write_mmio	2018-01-17 09:45:17 +01:00
.cocciconfig
.get_maintainer.ignore
.gitattributes	.gitattributes: set git diff driver for C source code files	2016-10-07 18:46:30 -07:00
.gitignore	kbuild: Add support to generate LLVM assembly files	2017-04-25 08:13:52 +09:00
.mailmap	.mailmap: Add Maciej W. Rozycki's Imagination e-mail address	2017-11-10 12:16:15 -08:00
COPYING
CREDITS	MAINTAINERS: update TPM driver infrastructure changes	2017-11-09 17:58:40 -08:00
Kbuild	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
Kconfig	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
MAINTAINERS	Merge branch 'akpm' (patches from Andrew)	2017-11-09 18:26:51 -08:00
Makefile	Linux 4.14.14	2018-01-17 09:45:30 +01:00
README	README: add a new README file, pointing to the Documentation/	2016-10-24 08:12:35 -02:00

README

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.