Darren Hart 183308db76 futex: Fix errors in nested key ref-counting ... commit 7ada876a87 upstream. futex_wait() is leaking key references due to futex_wait_setup() acquiring an additional reference via the queue_lock() routine. The nested key ref-counting has been masking bugs and complicating code analysis. queue_lock() is only called with a previously ref-counted key, so remove the additional ref-counting from the queue_(un)lock() functions. Also futex_wait_requeue_pi() drops one key reference too many in unqueue_me_pi(). Remove the key reference handling from unqueue_me_pi(). This was paired with a queue_lock() in futex_lock_pi(), so the count remains unchanged. Document remaining nested key ref-counting sites. Signed-off-by: Darren Hart <dvhart@linux.intel.com> Reported-and-tested-by: Matthieu Fertré<matthieu.fertre@kerlabs.com> Reported-by: Louis Rilling<louis.rilling@kerlabs.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: John Kacur <jkacur@redhat.com> Cc: Rusty Russell <rusty@rustcorp.com.au> LKML-Reference: <4CBB17A8.70401@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>		2010-11-22 10:47:31 -08:00
..
gcov	gcov: fix null-pointer dereference for certain module types	2010-09-20 13:17:53 -07:00
irq	irq: Add new IRQ flag IRQF_NO_SUSPEND	2010-08-13 13:19:50 -07:00
power	Freezer: Fix buggy resume test for tasks frozen with cgroup freezer	2010-04-26 07:41:17 -07:00
time	timekeeping: Fix clock_gettime vsyscall time warp	2010-08-13 13:20:13 -07:00
trace	ring-buffer: Fix typo of time extends per page	2010-10-28 21:44:00 -07:00
.gitignore
acct.c	bsdacct: fix uid/gid misreporting	2009-12-18 14:03:52 -08:00
async.c
audit_tree.c	fix more leaks in audit_tree.c tag_chunk()	2010-01-18 10:19:50 -08:00
audit_watch.c
audit.c
audit.h
auditfilter.c
auditsc.c
backtracetest.c
bounds.c
capability.c
cgroup_freezer.c	Freezer: Fix buggy resume test for tasks frozen with cgroup freezer	2010-04-26 07:41:17 -07:00
cgroup.c	cgroups: fix 2.6.32 regression causing BUG_ON() in cgroup_diput()	2010-01-18 10:19:32 -08:00
compat.c	compat: Make compat_alloc_user_space() incorporate the access_ok()	2010-09-20 13:17:57 -07:00
configs.c
cpu.c	sched: _cpu_down(): Don't play with current->cpus_allowed	2010-09-20 13:18:08 -07:00
cpuset.c	sched: Make select_fallback_rq() cpuset friendly	2010-09-20 13:18:08 -07:00
cred-internals.h
cred.c	CRED: Fix a race in creds_are_invalid() in credentials debugging	2010-05-12 14:57:10 -07:00
delayacct.c
dma.c
exec_domain.c
exit.c	Fix unprotected access to task credentials in waitid()	2010-09-26 17:21:35 -07:00
extable.c
fork.c	sched: Fix fork vs hotplug vs cpuset namespaces	2010-09-20 13:18:02 -07:00
freezer.c
futex_compat.c
futex.c	futex: Fix errors in nested key ref-counting	2010-11-22 10:47:31 -08:00
groups.c	kernel/groups.c: fix integer overflow in groups_search	2010-09-20 13:17:54 -07:00
hrtimer.c	hrtimer: Preserve timer state in remove_hrtimer()	2010-10-28 21:44:01 -07:00
hung_task.c
itimer.c
kallsyms.c
Kconfig.freezer
Kconfig.hz
Kconfig.preempt
kexec.c
kfifo.c
kgdb.c
kmod.c
kprobes.c
ksysfs.c
kthread.c	cpuset: fix the problem that cpuset_mem_spread_node() returns an offline node	2010-04-01 15:58:46 -07:00
latencytop.c
lockdep_internals.h
lockdep_proc.c
lockdep_states.h
lockdep.c	Revert "lockdep: fix incorrect percpu usage"	2010-06-01 09:45:46 -07:00
Makefile
module.c	dynamic debug: move ddebug_remove_module() down into free_module()	2010-08-02 10:20:47 -07:00
mutex-debug.c
mutex-debug.h
mutex.c	mutex: Fix optimistic spinning vs. BKL	2010-07-05 11:10:31 -07:00
mutex.h
notifier.c
ns_cgroup.c
nsproxy.c
panic.c
params.c
perf_event.c	Fix racy use of anon_inode_getfd() in perf_event.c	2010-07-05 11:10:30 -07:00
pid_namespace.c
pid.c
pm_qos_params.c
posix-cpu-timers.c
posix-timers.c	posix_timer: Fix error path in timer_create	2010-07-05 11:10:30 -07:00
printk.c
profile.c	profile: fix stats and data leakage	2010-05-26 14:29:18 -07:00
ptrace.c
rcupdate.c
rcutorture.c
rcutree_plugin.h	rcu: Remove inline from forward-referenced functions	2009-12-18 14:03:04 -08:00
rcutree_trace.c
rcutree.c	rcu: Fix note_new_gpnum() uses of ->gpnum	2009-12-18 14:03:01 -08:00
rcutree.h	rcu: Remove inline from forward-referenced functions	2009-12-18 14:03:04 -08:00
relay.c
res_counter.c
resource.c
rtmutex_common.h
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c
rtmutex.c
rtmutex.h
rwsem.c
sched_clock.c	sched: Fix cpu_clock() in NMIs, on !CONFIG_HAVE_UNSTABLE_SCHED_CLOCK	2010-01-22 15:18:30 -08:00
sched_cpupri.c
sched_cpupri.h
sched_debug.c	sched: Remove forced2_migrations stats	2010-09-20 13:17:59 -07:00
sched_fair.c	sched: Fix select_idle_sibling() logic in select_task_rq_fair()	2010-09-20 13:18:12 -07:00
sched_features.h
sched_idletask.c	sched: Fix TASK_WAKING vs fork deadlock	2010-09-20 13:18:09 -07:00
sched_rt.c	sched: Fix TASK_WAKING vs fork deadlock	2010-09-20 13:18:09 -07:00
sched_stats.h
sched.c	sched: Fix string comparison in /proc/sched_features	2010-11-22 10:47:30 -08:00
seccomp.c
semaphore.c
signal.c	signals: check_kill_permission(): don't check creds if same_thread_group()	2010-07-05 11:10:56 -07:00
slow-work-debugfs.c
slow-work.c	slow-work: use get_ref wrapper instead of directly calling get_ref	2010-08-10 10:20:45 -07:00
slow-work.h
smp.c
softirq.c
softlockup.c	softlockup: Stop spurious softlockup messages due to overflow	2010-04-01 15:58:47 -07:00
spinlock.c
srcu.c
stacktrace.c
stop_machine.c
sys_ni.c
sys.c	pid: make setpgid() system call use RCU read-side critical section	2010-09-26 17:21:25 -07:00
sysctl_check.c	NET: fix oops at bootime in sysctl code	2010-02-09 04:51:02 -08:00
sysctl.c	kernel/sysctl.c: fix stable merge error in NOMMU mmap_min_addr	2010-01-18 10:19:49 -08:00
taskstats.c
test_kprobes.c
time.c
timeconst.pl
timer.c
tracepoint.c
tsacct.c
uid16.c
up.c
user_namespace.c
user.c
utsname_sysctl.c
utsname.c
wait.c
workqueue.c