[PATCH] futex: PI state locking fix Testing of -rt by IBM uncovered a locking bug in wake_futex_pi(): the PI state needs to be locked before we access it. Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Thomas Gleixner <tglx@linutronix.de> Cc: Chuck Ebbert <cebbert@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 21778867b1c8e0feb567addb6dc0a7e2ca6ecdec [log] [tgz]
author: Ingo Molnar <mingo@elte.hu> Fri Mar 16 13:38:31 2007 -0800
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> Fri Mar 16 19:25:06 2007 -0700
tree: a88a1a8f9a469f0b9e94a2025a6d1990ee9fc407
parent: d3a7b6df4951170079252402fd0c2dc70cb0ca2a [diff]
diff --git a/kernel/futex.c b/kernel/futex.c
index e749e7d..5a270b5 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c

@@ -565,6 +565,7 @@
 	if (!pi_state)
 		return -EINVAL;
 
+	spin_lock(&pi_state->pi_mutex.wait_lock);
 	new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
 
 	/*
@@ -604,6 +605,7 @@
 	pi_state->owner = new_owner;
 	spin_unlock_irq(&new_owner->pi_lock);
 
+	spin_unlock(&pi_state->pi_mutex.wait_lock);
 	rt_mutex_unlock(&pi_state->pi_mutex);
 
 	return 0;
commit	21778867b1c8e0feb567addb6dc0a7e2ca6ecdec	[log] [tgz]
author	Ingo Molnar <mingo@elte.hu>	Fri Mar 16 13:38:31 2007 -0800
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	Fri Mar 16 19:25:06 2007 -0700
tree	a88a1a8f9a469f0b9e94a2025a6d1990ee9fc407
parent	d3a7b6df4951170079252402fd0c2dc70cb0ca2a [diff]