Name: Copy-from-user FUTEX bugfix
Author: Rusty Russell
Status: Tested on 2.5.20
D: This patch handles the case where copy_from_user fails (it could
D: have been unmapped from this address space by another thread).
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.5.20.18383/kernel/futex.c linux-2.5.20.18383.updated/kernel/futex.c
--- linux-2.5.20.18383/kernel/futex.c Sat May 25 14:35:00 2002
+++ linux-2.5.20.18383.updated/kernel/futex.c Wed Jun 5 19:00:47 2002
@@ -155,13 +155,14 @@
set_current_state(TASK_INTERRUPTIBLE);
queue_me(head, &q, page, offset);
- /* Page is pinned, can't fail */
- if (get_user(curval, uaddr) != 0)
- BUG();
+ /* Page is pinned, but may no longer be in this address space. */
+ if (get_user(curval, uaddr) != 0) {
+ ret = -EFAULT;
+ goto out;
+ }
if (curval != val) {
ret = -EWOULDBLOCK;
- set_current_state(TASK_RUNNING);
goto out;
}
time = schedule_timeout(time);
@@ -174,6 +175,7 @@
goto out;
}
out:
+ set_current_state(TASK_RUNNING);
/* Were we woken up anyway? */
if (!unqueue_me(&q))
return 0;
-- Anyone who quotes me in their sig is an idiot. -- Rusty Russell. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/