UBUNTU: SAUCE: suspicious unlocked ->status reading and writing in ipc/sem.c

Signed-off-by: Andy Whitcroft <apw@canonical.com>

UBUNTU: SAUCE: suspicious unlocked ->status reading and writing in ipc/sem.c
Signed-off-by: Andy Whitcroft <apw@canonical.com>
355e371a · Andy Whitcroft · Tim Gardner · b15b441d · 355e371a
Commit 355e371a authored Dec 17, 2013 by Andy Whitcroft Committed by Tim Gardner Feb 25, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

ipc/sem.c ipc/sem.c +8 -0

No files found.
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -1983,6 +1983,14 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
 	 */
 	error = get_queue_result(&queue);
+	/*
+	 * wake_up_sem_queue_do operates on queue without locking, so we
+	 * need a barrier here to order our read of queue.status and the
+	 * subsequent reuse of queue (queue is on the stack so will be
+	 * most likely reused in the next function call).
+	 */
+	smp_mb();
 	/*
 	 * Array removed? If yes, leave without sem_unlock().
 	 */