futex: fix requeue_pi key imbalance

If futex_wait_requeue_pi() wakes prior to requeue, we drop the
reference to the source futex_key twice, once in
handle_early_requeue_pi_wakeup() and once on our way out.

Remove the drop from the handle_early_requeue_pi_wakeup() and keep
the get/drops together in futex_wait_requeue_pi().

Reported-by: Helge Bahmann <[email protected]>
Signed-off-by: Darren Hart <[email protected]>
Cc: Helge Bahmann <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Eric Dumazet <[email protected]>
Cc: Dinakar Guniguntala <[email protected]>
Cc: John Stultz <[email protected]>
Cc: stable-2.6.31 <[email protected]>
LKML-Reference: <4ACCE21E.5030805@us.ibm.com>
Signed-off-by: Thomas Gleixner <[email protected]>

diff --git a/kernel/futex.c b/kernel/futex.c
index 1e176f3ab26cfc2200ed793a369cbaeb68241d05..c3bb2fce11ba2cb10bd69550f8cfc48b9638623c 100644 (file)
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2111,7 +2111,6 @@ int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
                 * Unqueue the futex_q and determine which it was.
                 */
                plist_del(&q->list, &q->list.plist);
-               drop_futex_key_refs(&q->key);
 
                if (timeout && !timeout->task)
                        ret = -ETIMEDOUT;