korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 12:28:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

[PATCH] pi-futex: Validate futex type instead of oopsing

Browse Source 
Calling futex_lock_pi is called with a reference to a non PI futex and
waiters exist already, lookup_pi_state() oopses due to pi_state == NULL.
Check this condition and return -EINVAL to userspace.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Jakub Jelinek <jakub@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Thomas Gleixner 2006-07-10 04:44:30 -07:00 committed by Linus Torvalds
parent bed936f7ea
commit 06a9ec291b
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
kernel/futex.c
View File

@ -476,6 +476,12 @@ lookup_pi_state(u32 uval, struct futex_hash_bucket *hb, struct futex_q *me)
* the refcount and return its pi_state:
*/
pi_state = this->pi_state;
/*
* Userspace might have messed up non PI and PI futexes
*/
if (unlikely(!pi_state))
return -EINVAL;
atomic_inc(&pi_state->refcount);
me->pi_state = pi_state;