diff options
author | kib <kib@FreeBSD.org> | 2007-07-03 15:58:47 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2007-07-03 15:58:47 +0000 |
commit | e711aeee1e917cbb6158fb8c6acd203b13f521df (patch) | |
tree | 4c0f6ee7769bc7f7e73f74da584cdd55aea8b827 /sys | |
parent | 95fb0fdd492bc1c720ace9d1545dc8bb5262605f (diff) | |
download | FreeBSD-src-e711aeee1e917cbb6158fb8c6acd203b13f521df.zip FreeBSD-src-e711aeee1e917cbb6158fb8c6acd203b13f521df.tar.gz |
Relock the sema_mtxp unconditionally after copyin() for SETALL case in
kern_semctl. Otherwise, later mtx_unlock() can operate on unlocked mutex.
Submitted by: rdivacky
MFC after: 3 days
Approved by: re (kensmith)
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/sysv_sem.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c index e7d1c5a..48548a2 100644 --- a/sys/kern/sysv_sem.c +++ b/sys/kern/sysv_sem.c @@ -826,9 +826,9 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd, mtx_unlock(sema_mtxp); array = malloc(sizeof(*array) * count, M_TEMP, M_WAITOK); error = copyin(arg->array, array, count * sizeof(*array)); + mtx_lock(sema_mtxp); if (error) break; - mtx_lock(sema_mtxp); if ((error = semvalid(semid, semakptr)) != 0) goto done2; KASSERT(count == semakptr->u.sem_nsems, ("nsems changed")); |