Commit c9bd1568 authored Nov 14, 2023 by Peter Zijlstra Committed by Ingo Molnar Nov 15, 2023

futex: Fix hardcoded flags



Xi reported that commit 5694289c ("futex: Flag conversion") broke
glibc's robust futex tests.

This was narrowed down to the change of FLAGS_SHARED from 0x01 to
0x10, at which point Florian noted that handle_futex_death() has a
hardcoded flags argument of 1.

Change this to: FLAGS_SIZE_32 | FLAGS_SHARED, matching how
futex_to_flags() unconditionally sets FLAGS_SIZE_32 for all legacy
futex ops.

Reported-by: Xi Ruoyao <xry111@xry111.site>
Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lkml.kernel.org/r/20231114201402.GA25315@noisy.programming.kicks-ass.net
Fixes: 5694289c ("futex: Flag conversion")
Cc: <stable@vger.kernel.org>

parent b85ea95d

kernel/futex/core.c

+6 −3

Original line number	Diff line number	Diff line
		@@ -700,7 +700,8 @@ static int handle_futex_death(u32 __user uaddr, struct task_struct curr,
		owner = uval & FUTEX_TID_MASK;

		if (pending_op && !pi && !owner) {
		futex_wake(uaddr, 1, 1, FUTEX_BITSET_MATCH_ANY);
		futex_wake(uaddr, FLAGS_SIZE_32 \| FLAGS_SHARED, 1,
		FUTEX_BITSET_MATCH_ANY);
		return 0;
		}

		@@ -752,8 +753,10 @@ static int handle_futex_death(u32 __user uaddr, struct task_struct curr,
		* Wake robust non-PI futexes here. The wakeup of
		* PI futexes happens in exit_pi_state():
		*/
		if (!pi && (uval & FUTEX_WAITERS))
		futex_wake(uaddr, 1, 1, FUTEX_BITSET_MATCH_ANY);
		if (!pi && (uval & FUTEX_WAITERS)) {
		futex_wake(uaddr, FLAGS_SIZE_32 \| FLAGS_SHARED, 1,
		FUTEX_BITSET_MATCH_ANY);
		}

		return 0;
		}