d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Relock the sema_mtxp unconditionally after copyin() for SETALL case in

Browse Source 
kern_semctl. Otherwise, later mtx_unlock() can operate on unlocked mutex.

Submitted by:	rdivacky
MFC after:	3 days
Approved by:	re (kensmith)
This commit is contained in:
kib 2007-07-03 15:58:47 +00:00
parent 95fb0fdd49
commit e711aeee1e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/kern/sysv_sem.c
View File

@ -826,9 +826,9 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd,
mtx_unlock(sema_mtxp);
array = malloc(sizeof(*array) * count, M_TEMP, M_WAITOK);
error = copyin(arg->array, array, count * sizeof(*array));
mtx_lock(sema_mtxp);
if (error)
break;
mtx_lock(sema_mtxp);
if ((error = semvalid(semid, semakptr)) != 0)
goto done2;
KASSERT(count == semakptr->u.sem_nsems, ("nsems changed"));