MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-04-19 01:30:09 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
git.kernel.org/linux-stable/linux-2.6.35.y
linux-imx/ipc
History
Manfred Spraul ef652fd1d5 ipc/sem.c: fix race with concurrent semtimedop() timeouts 
[ upstream commit d694ad62bf ]
 and IPC_RMID

If a semaphore array is removed and in parallel a sleeping task is woken
up (signal or timeout, does not matter), then the woken up task does not
wait until wake_up_sem_queue_do() is completed.  This will cause crashes,
because wake_up_sem_queue_do() will read from a stale pointer.

The fix is simple: Regardless of anything, always call get_queue_result().
This function waits until wake_up_sem_queue_do() has finished it's task.

Addresses https://bugzilla.kernel.org/show_bug.cgi?id=27142

Reported-by: Yuriy Yevtukhov <yuriy@ucoz.com>
Reported-by: Harald Laabs <kernel@dasr.de>
Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: <stable@kernel.org>		[2.6.35+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
2011-08-01 13:55:00 -07:00
..
compat_mq.c ipc: initialize structure memory to zero for compat functions 2010-12-14 23:40:07 +01:00
compat.c ipc: initialize structure memory to zero for compat functions 2010-12-14 23:40:07 +01:00
ipc_sysctl.c sysctl ipc: Remove dead binary sysctl support code. 2009-11-12 02:04:54 -08:00
ipcns_notifier.c ipc: do not use a negative value to re-enable msgmni automatic recomputing 2008-07-25 10:53:42 -07:00
Makefile Add generic sys_ipc wrapper 2010-03-12 15:52:32 -08:00
mq_sysctl.c sysctl ipc: Remove dead binary sysctl support code. 2009-11-12 02:04:54 -08:00
mqueue.c mqueue doesn't need make_bad_inode() 2010-06-04 17:16:27 -04:00
msg.c kernel-wide: replace USHORT_MAX, SHORT_MAX and SHORT_MIN with USHRT_MAX, SHRT_MAX and SHRT_MIN 2010-05-25 08:07:02 -07:00
msgutil.c namespaces: ipc namespaces: implement support for posix msqueues 2009-04-07 08:31:09 -07:00
namespace.c ipcns: make free_ipc_ns() static 2009-06-18 13:03:56 -07:00
sem.c ipc/sem.c: fix race with concurrent semtimedop() timeouts 2011-08-01 13:55:00 -07:00
shm.c ipc: shm: fix information leak to userland 2010-12-14 23:40:07 +01:00
syscall.c ppc64 sys_ipc breakage in 2.6.34-rc2 2010-03-22 09:57:19 -07:00
util.c kernel-wide: replace USHORT_MAX, SHORT_MAX and SHORT_MIN with USHRT_MAX, SHRT_MAX and SHRT_MIN 2010-05-25 08:07:02 -07:00
util.h ipc: unbreak 32-bit shmctl/semctl/msgctl 2009-06-21 12:48:43 -07:00