• Andrew Morton's avatar
    [PATCH] sysv semundo fixes · 1327ca85
    Andrew Morton authored
    From: Manfred Spraul <manfred@colorfullife.com>
    
    The CLONE_SYSVSEM implementation is racy: it does an (atomic_read(->refcnt)
    ==1) instead of atomic_dec_and_test calls in the exit handling.  The patch
    fixes that.
    
    Additionally, the patch contains the following changes:
    
    - lock_undo() locks the list of undo structures.  The lock is held
      throughout the semop() syscall, but that's unnecessary - we can drop it
      immediately after the lookup.
    
    - undo structures are only allocated when necessary.  The need for undo
      structures is only noticed in the middle of the semop operation, while
      holding the semaphore array spinlock.  The result is a convoluted
      unlock&revalidate implementation.  I've reordered the code, and now the
      undo allocation can happen before acquiring the semaphore array spinlock.
       As a bonus, less code runs under the semaphore array spinlock.
    
    - sysvsem.sleep_list looks like code to handle oopses: if an oops kills a
      thread that sleeps in sys_timedsemop(), then sem_exit tries to recover.
      I've removed that - too fragile.
    1327ca85
fork.c 29 KB