diff options
| author | Max Krummenacher <max.krummenacher@toradex.com> | 2018-03-13 11:32:58 +0100 |
|---|---|---|
| committer | Max Krummenacher <max.krummenacher@toradex.com> | 2018-03-13 11:32:58 +0100 |
| commit | 6fb9f3c8a4992f67dcb3ce413df2e22e96b2d400 (patch) | |
| tree | 6e3071b2f179a62b027669ac2a238383293bf941 /kernel/futex.c | |
| parent | a126a5e5dc2fcc5cb36af14c89b440cc8e3bab30 (diff) | |
| parent | 8b5ab55d254f36e89b1b53aeac7223d2d102483e (diff) | |
Merge tag 'v4.4.121' into toradex_vf_4.4-nextColibri-VF_LXDE-Image_2.8b2.97-20180331
This is the 4.4.121 stable release
Diffstat (limited to 'kernel/futex.c')
| -rw-r--r-- | kernel/futex.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/kernel/futex.c b/kernel/futex.c index 3057dabf726f..1fce19fc824c 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -1621,6 +1621,9 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags, struct futex_q *this, *next; WAKE_Q(wake_q); + if (nr_wake < 0 || nr_requeue < 0) + return -EINVAL; + if (requeue_pi) { /* * Requeue PI only works on two distinct uaddrs. This @@ -1939,8 +1942,12 @@ static int unqueue_me(struct futex_q *q) /* In the common case we don't take the spinlock, which is nice. */ retry: - lock_ptr = q->lock_ptr; - barrier(); + /* + * q->lock_ptr can change between this read and the following spin_lock. + * Use READ_ONCE to forbid the compiler from reloading q->lock_ptr and + * optimizing lock_ptr out of the logic below. + */ + lock_ptr = READ_ONCE(q->lock_ptr); if (lock_ptr != NULL) { spin_lock(lock_ptr); /* |