[PATCH] Fix semundo lock leakage

Fri, 05 Aug 2005 18:03:51 -0700 

tree f1d1043d7d02ad6bde3b158807b28bcfdafa21f6
parent ba02508248e90a9d696aebd18b48a3290235b53c
author Ingo Molnar <[EMAIL PROTECTED]> Fri, 05 Aug 2005 23:05:27 +0200
committer Linus Torvalds <[EMAIL PROTECTED]> Sat, 06 Aug 2005 05:56:41 -0700

[PATCH] Fix semundo lock leakage

semundo->lock can leak if semundo->refcount goes from 2 to 1 while
another thread has it locked.  This causes major problems for PREEMPT
kernels.

The simplest fix for now is to undo the single-thread optimization.

This bug was found via relentless testing by Dominik Karall.

Signed-off-by: Ingo Molnar <[EMAIL PROTECTED]>
Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>

 ipc/sem.c |   10 +++-------
 1 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/ipc/sem.c b/ipc/sem.c
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -895,7 +895,7 @@ static inline void lock_semundo(void)
        struct sem_undo_list *undo_list;
 
        undo_list = current->sysvsem.undo_list;
-       if ((undo_list != NULL) && (atomic_read(&undo_list->refcnt) != 1))
+       if (undo_list)
                spin_lock(&undo_list->lock);
 }
 
@@ -915,7 +915,7 @@ static inline void unlock_semundo(void)
        struct sem_undo_list *undo_list;
 
        undo_list = current->sysvsem.undo_list;
-       if ((undo_list != NULL) && (atomic_read(&undo_list->refcnt) != 1))
+       if (undo_list)
                spin_unlock(&undo_list->lock);
 }
 
@@ -943,9 +943,7 @@ static inline int get_undo_list(struct s
                if (undo_list == NULL)
                        return -ENOMEM;
                memset(undo_list, 0, size);
-               /* don't initialize unodhd->lock here.  It's done
-                * in copy_semundo() instead.
-                */
+               spin_lock_init(&undo_list->lock);
                atomic_set(&undo_list->refcnt, 1);
                current->sysvsem.undo_list = undo_list;
        }
@@ -1231,8 +1229,6 @@ int copy_semundo(unsigned long clone_fla
                error = get_undo_list(&undo_list);
                if (error)
                        return error;
-               if (atomic_read(&undo_list->refcnt) == 1)
-                       spin_lock_init(&undo_list->lock);
                atomic_inc(&undo_list->refcnt);
                tsk->sysvsem.undo_list = undo_list;
        } else 
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to