[PATCH] ipc,sem: prevent releasing RCU read lock twice in semctl_main

Sasha Levin Sun, 31 Mar 2013 19:38:37 -0700

We will release RCU read lock twice if the sem id passed from userspace is
not within the legal range in semctl_main.


Reviewed-by: Rik van Riel <r...@redhat.com>
Reviewed-by: Davidlohr Bueso <davidlohr.bu...@hp.com>
Signed-off-by: Sasha Levin <sasha.le...@oracle.com>
---
 ipc/sem.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ipc/sem.c b/ipc/sem.c
index 6e109ef..ac36671 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -1333,8 +1333,10 @@ static int semctl_main(struct ipc_namespace *ns, int 
semid, int semnum,
        /* GETVAL, GETPID, GETNCTN, GETZCNT: fall-through */
        }
        err = -EINVAL;
-       if(semnum < 0 || semnum >= nsems)
-               goto out_unlock;
+       if(semnum < 0 || semnum >= nsems) {
+               rcu_read_unlock();
+               goto out_wakeup;
+       }
 
        sem_lock(sma, NULL, -1);
        curr = &sma->sem_base[semnum];
-- 
1.8.1.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] ipc,sem: prevent releasing RCU read lock twice in semctl_main

Reply via email to