On Wed, 24 Feb 2021, Xiaoming Ni wrote:
The handle_exit_race() function is defined in commit 9c3f39860367 ("futex: Cure exit race"), which never returns -EBUSY. This results in a small piece of dead code in the attach_to_pi_owner() function:
int ret = handle_exit_race(uaddr, uval, p); /* Never return -EBUSY */ ... if (ret == -EBUSY) *exiting = p; /* dead code */
The return value -EBUSY is added to handle_exit_race() in upsteam commit ac31c7ff8624409 ("futex: Provide distinct return value when owner is exiting"). This commit was incorporated into v4.9.255, before the function handle_exit_race() was introduced, whitout Modify handle_exit_race().
To fix dead code, extract the change of handle_exit_race() from commit ac31c7ff8624409 ("futex: Provide distinct return value when owner is exiting"), re-incorporated.
Fixes: 9c3f39860367 ("futex: Cure exit race") Cc: stable@vger.kernel.org # v4.9.258 Signed-off-by: Xiaoming Ni nixiaoming@huawei.com
kernel/futex.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
To clarify, this is not a wholesale back-port from Mainline.
It takes the remaining functional snippet of:
ac31c7ff8624409 ("futex: Provide distinct return value when owner is exiting")
... and is the correct fix for this issue.
Reviewed-by: Lee Jones lee.jones@linaro.org
diff --git a/kernel/futex.c b/kernel/futex.c index b65dbb5d60bb..0fd785410150 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -1207,11 +1207,11 @@ static int handle_exit_race(u32 __user *uaddr, u32 uval, u32 uval2; /*
* If the futex exit state is not yet FUTEX_STATE_DEAD, wait* for it to finish.
* If the futex exit state is not yet FUTEX_STATE_DEAD, tell the* caller that the alleged owner is busy.
return -EAGAIN;
return -EBUSY;/* * Reread the user space value to handle the following situation: