Merge tag 'locking_urgent_for_v6.8_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

}

/*

 * PI futexes can not be requeued and must remove themselves from the

 * hash bucket. The hash bucket lock (i.e. lock_ptr) is held.

 * PI futexes can not be requeued and must remove themselves from the hash

 * bucket. The hash bucket lock (i.e. lock_ptr) is held.

 */

void futex_unqueue_pi(struct futex_q *q)

{

	/*

	 * If the lock was not acquired (due to timeout or signal) then the

	 * rt_waiter is removed before futex_q is. If this is observed by

	 * an unlocker after dropping the rtmutex wait lock and before

	 * acquiring the hash bucket lock, then the unlocker dequeues the

	 * futex_q from the hash bucket list to guarantee consistent state

	 * vs. userspace. Therefore the dequeue here must be conditional.

	 */

	if (!plist_node_empty(&q->list))

		__futex_unqueue(q);

	BUG_ON(!q->pi_state);

	hb = futex_hash(&key);

	spin_lock(&hb->lock);

retry_hb:

	/*

	 * Check waiters first. We do not trust user space values at

		/*

		 * Futex vs rt_mutex waiter state -- if there are no rt_mutex

		 * waiters even though futex thinks there are, then the waiter

		 * is leaving and the uncontended path is safe to take.

		 * is leaving. The entry needs to be removed from the list so a

		 * new futex_lock_pi() is not using this stale PI-state while

		 * the futex is available in user space again.

		 * There can be more than one task on its way out so it needs

		 * to retry.

		 */

		rt_waiter = rt_mutex_top_waiter(&pi_state->pi_mutex);

		if (!rt_waiter) {

			__futex_unqueue(top_waiter);

			raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);

			goto do_uncontended;

			goto retry_hb;

		}

		get_pi_state(pi_state);

		return ret;

	}

do_uncontended:

	/*

	 * We have no kernel internal state, i.e. no waiters in the

	 * kernel. Waiters which are about to queue themselves are stuck