lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 16 Dec 2010 18:23:19 +0800
From:	Lai Jiangshan <laijs@...fujitsu.com>
To:	Peter Zijlstra <peterz@...radead.org>,
	John Kacur <jkacur@...hat.com>,
	James Bottomley <James.Bottomley@...e.de>,
	Ingo Molnar <mingo@...e.hu>, "Rafael J. Wysocki" <rjw@...k.pl>,
	Thomas Gleixner <tglx@...utronix.de>,
	Darren Hart <dvhart@...ux.intel.com>,
	Namhyung Kim <namhyung@...il.com>, linux-kernel@...r.kernel.org
Subject: [PATCH 1/3] plist: pass the real plist_head to plist_del()

These patches shrink the struct plist_head. After it is shrinked
plist_del() required a real plist_head passed into.

My tests did not cover all paths.

Subject: plist: pass the real plist_head to plist_del()


Some plist_del()s in kernel/futex.c are passed a faked plist_head.

It can work because current code does not require real plist_head
in plist_del(). But it is an undocumented usage, it is not good.

Signed-off-by:  Lai Jiangshan <laijs@...fujitsu.com>
---
diff --git a/kernel/futex.c b/kernel/futex.c
index 6c683b3..6c4f67a 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -158,6 +158,15 @@ static inline int match_futex(union futex_key *key1, union futex_key *key2)
 }
 
 /*
+ * find the bucket of a futex entry.
+ * the same as hash_futex(&q->key) but a little more effcient
+ */
+static struct futex_hash_bucket *futex_bucket(struct futex_q *q)
+{
+	return container_of(q->lock_ptr, struct futex_hash_bucket, lock);
+}
+
+/*
  * Take a reference to the resource addressed by a key.
  * Can be called while holding spinlocks.
  *
@@ -744,7 +753,7 @@ static void wake_futex(struct futex_q *q)
 	 */
 	get_task_struct(p);
 
-	plist_del(&q->list, &q->list.plist);
+	plist_del(&q->list, &futex_bucket(q)->chain);
 	/*
 	 * The waiting task can free the futex_q as soon as
 	 * q->lock_ptr = NULL is written, without taking any locks. A
@@ -1053,7 +1062,7 @@ void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key,
 	q->key = *key;
 
 	WARN_ON(plist_node_empty(&q->list));
-	plist_del(&q->list, &q->list.plist);
+	plist_del(&q->list, &futex_bucket(q)->chain);
 
 	WARN_ON(!q->rt_waiter);
 	q->rt_waiter = NULL;
@@ -1457,7 +1466,7 @@ retry:
 			goto retry;
 		}
 		WARN_ON(plist_node_empty(&q->list));
-		plist_del(&q->list, &q->list.plist);
+		plist_del(&q->list, &futex_bucket(q)->chain);
 
 		BUG_ON(q->pi_state);
 
@@ -1478,7 +1487,7 @@ static void unqueue_me_pi(struct futex_q *q)
 	__releases(q->lock_ptr)
 {
 	WARN_ON(plist_node_empty(&q->list));
-	plist_del(&q->list, &q->list.plist);
+	plist_del(&q->list, &futex_bucket(q)->chain);
 
 	BUG_ON(!q->pi_state);
 	free_pi_state(q->pi_state);
@@ -2145,7 +2154,7 @@ int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
 		 * We were woken prior to requeue by a timeout or a signal.
 		 * Unqueue the futex_q and determine which it was.
 		 */
-		plist_del(&q->list, &q->list.plist);
+		plist_del(&q->list, &hb->chain);
 
 		/* Handle spurious wakeups gracefully */
 		ret = -EWOULDBLOCK;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ