From: Darren Hart <dvhltc@us.ibm.com>
Date: Wed, 7 Oct 2009 18:46:54 +0000 (-0700)
Subject: futex: fix requeue_pi key imbalance
X-Git-Tag: v2.6.31.4~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9cb696b8f6a4b034d2a0323aaf81a878c60199a5;p=thirdparty%2Fkernel%2Fstable.git

futex: fix requeue_pi key imbalance

commit da085681014fb43d67d9bf6d14bc068e9254bd49 upstream.

If futex_wait_requeue_pi() wakes prior to requeue, we drop the
reference to the source futex_key twice, once in
handle_early_requeue_pi_wakeup() and once on our way out.

Remove the drop from the handle_early_requeue_pi_wakeup() and keep
the get/drops together in futex_wait_requeue_pi().

Reported-by: Helge Bahmann <hcb@chaoticmind.net>
Signed-off-by: Darren Hart <dvhltc@us.ibm.com>
Cc: Helge Bahmann <hcb@chaoticmind.net>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Dinakar Guniguntala <dino@in.ibm.com>
Cc: John Stultz <johnstul@us.ibm.com>
LKML-Reference: <4ACCE21E.5030805@us.ibm.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/kernel/futex.c b/kernel/futex.c
index e18cfbdc71904..7a2994d59e69c 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2087,7 +2087,6 @@ int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
 		 * Unqueue the futex_q and determine which it was.
 		 */
 		plist_del(&q->list, &q->list.plist);
-		drop_futex_key_refs(&q->key);
 
 		if (timeout && !timeout->task)
 			ret = -ETIMEDOUT;