Bug 61351

Summary: ipc/sem.c: Insuffcient synchronization within sem_lock
Product: Other Reporter: Manfred Spraul (manfred)
Component: OtherAssignee: other_other
Status: RESOLVED CODE_FIX    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
URL: http://marc.info/?l=linux-kernel&m=137919453307294
Kernel Version: Subsystem:
Regression: Yes Bisected commit-id:
Bug Depends on:    
Bug Blocks: 62061, 62081    

Description Manfred Spraul 2013-09-15 10:56:59 UTC 
The order between testing complex_count and spin_is_locked() is the wrong way around.

This means unsynchronized read/write access to the linked lists within a semaphore array may happen, which would leak to memory corruptions.

Affected: 3.0.10, 3.0.11, current head

Details:
See the link:
http://marc.info/?l=linux-kernel&m=137919453307294
Comment 1 Manfred Spraul 2013-09-25 07:27:22 UTC 
Fix is in -mm tree

http://marc.info/?l=linux-mm-commits&m=137997045831779
Comment 2 Manfred Spraul 2013-10-02 07:18:35 UTC 
Fixed

5e9d527591421ccdb16acb8c23662231135d8686 ipc/sem.c: fix race in sem_lock()