UPSTREAM: futex: Always cleanup owner tid in unlock_pi
If the owner died bit is set at futex_unlock_pi, we currently do not
cleanup the user space futex. So the owner TID of the current owner
(the unlocker) persists. That's observable inconsistant state,
especially when the ownership of the pi state got transferred.
Clean it up unconditionally.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Drewry <wad@chromium.org>
Cc: Darren Hart <dvhart@linux.intel.com>
Cc: stable@vger.kernel.org
BUG=chromium:377392
TEST=nyan build & boot
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/202666
Reviewed-by: Will Drewry <wad@chromium.org>
(cherry picked from ToT commit 03a29d580571d67a51c83db5eeac30e333cb1c01)
Signed-off-by: Kees Cook <keescook@chromium.org>
Change-Id: I56373b54d876bd82f3e32467f31aec4d436a4eb1
Reviewed-on: https://chromium-review.googlesource.com/202932
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Kees Cook <keescook@chromium.org>
1 file changed
