UPSTREAM: futex: Always cleanup owner tid in unlock_pi
If the owner died bit is set at futex_unlock_pi, we currently do not
cleanup the user space futex. So the owner TID of the current owner
(the unlocker) persists. That's observable inconsistant state,
especially when the ownership of the pi state got transferred.
Clean it up unconditionally.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Drewry <wad@chromium.org>
Cc: Darren Hart <dvhart@linux.intel.com>
Cc: stable@vger.kernel.org
BUG=chromium:377392
TEST=x86-alex build & boot
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/202734
Reviewed-by: Will Drewry <wad@chromium.org>
(cherry picked from ToT commit 19065919bd53ef49bd7da16bcf09f2da69df55d6)
Signed-off-by: Kees Cook <keescook@chromium.org>
Change-Id: I198f314f5e85a02c14e009732b4d7d52b646cf5a
Reviewed-on: https://chromium-review.googlesource.com/202946
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Kees Cook <keescook@chromium.org>
1 file changed
