UBUNTU: SAUCE: suspicious unlocked ->status reading and writing in ipc/sem.c

author Andy Whitcroft <apw@canonical.com>

Tue, 17 Dec 2013 11:50:04 +0000 (11:50 +0000)

committer Tim Gardner <tim.gardner@canonical.com>

Fri, 26 Feb 2016 02:44:02 +0000 (19:44 -0700)
author Andy Whitcroft <apw@canonical.com>
Tue, 17 Dec 2013 11:50:04 +0000 (11:50 +0000)
committer Tim Gardner <tim.gardner@canonical.com>
Fri, 26 Feb 2016 02:44:02 +0000 (19:44 -0700)
diff --git a/ipc/sem.c b/ipc/sem.c

index b471e5a3863ddbca70f2bf4dee22f40df0345fbe..99eee5187073cb21960d6465bb5df85ba0c9cb67 100644 (file)
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -1983,6 +1983,14 @@ sleep_again:
          */
         error = get_queue_result(&queue);
  
+       /*
+        * wake_up_sem_queue_do operates on queue without locking, so we
+        * need a barrier here to order our read of queue.status and the
+        * subsequent reuse of queue (queue is on the stack so will be
+        * most likely reused in the next function call).
+        */
+       smp_mb();
+
         /*
          * Array removed? If yes, leave without sem_unlock().
          */
author	Andy Whitcroft <apw@canonical.com>
	Tue, 17 Dec 2013 11:50:04 +0000 (11:50 +0000)
committer	Tim Gardner <tim.gardner@canonical.com>
	Fri, 26 Feb 2016 02:44:02 +0000 (19:44 -0700)