[PATCH] add missing memory barriers to ipc/sem.c
Manfred Spraul [Fri, 23 Dec 2005 22:57:41 +0000 (23:57 +0100)]
Two smp_wmb() statements are missing in the sysv sem code: This could
cause stack corruptions.

The attached patch adds them.

Signed-Off-By: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

ipc/sem.c

index 19af028..6a16f8e 100644 (file)
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -381,6 +381,7 @@ static void update_queue (struct sem_array * sma)
                        /* hands-off: q will disappear immediately after
                         * writing q->status.
                         */
+                       smb_wmb();
                        q->status = error;
                        q = n;
                } else {
@@ -461,6 +462,7 @@ static void freeary (struct sem_array *sma, int id)
                n = q->next;
                q->status = IN_WAKEUP;
                wake_up_process(q->sleeper); /* doesn't sleep */
+               smp_wmb();
                q->status = -EIDRM;     /* hands-off q */
                q = n;
        }