CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/22 17:10:05
Modified files:
sys/kern : sysv_sem.c
sys/sys : sem.h
Log message:
Introduce reference counters for SysV semaphores to fix the context
switch use-after-free after tsleep in sys_semget().
sys___semctl() has no such problems, because we do complete reload and
re-check of semaphore stuff, however I like to replace all of them
with the only "semaptr != sema[ix]" check. The semaphore was changed, go
to the beginning of sys___semctl() and acquire it again.
Note, seminfo.semmni only grows, so even if `sema' array was
re-allocated, the sema[ix] is still valid.
"go for it" from deraadt
