futex: Don't enable IRQs unconditionally in put_pi_state()

From: Dan Carpenter <dan.carpenter@oracle.com>

commit 1e106aa3509b86738769775969822ffc1ec21bf4 upstream.

The exit_pi_state_list() function calls put_pi_state() with IRQs disabled
and is not expecting that IRQs will be enabled inside the function.

Use the _irqsave() variant so that IRQs are restored to the original state
instead of being enabled unconditionally.

Fixes: 153fbd1226fb ("futex: Fix more put_pi_state() vs. exit_pi_state_list() races")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20201106085205.GA1159983@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[bwh: Backported to 4.9: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/kernel/futex.c b/kernel/futex.c
index 855dae277f830ec03c4427d7763e803bc5165798..0015c14ac2c04db54038e336aafff28228aaa28b 100644 (file)
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -882,10 +882,12 @@ static void put_pi_state(struct futex_pi_state *pi_state)
         * and has cleaned up the pi_state already
         */
        if (pi_state->owner) {
-               raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
+               unsigned long flags;
+
+               raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags);
                pi_state_update_owner(pi_state, NULL);
                rt_mutex_proxy_unlock(&pi_state->pi_mutex);
-               raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
+               raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags);
        }
 
        if (current->pi_state_cache) {