From e711aeee1e917cbb6158fb8c6acd203b13f521df Mon Sep 17 00:00:00 2001 From: kib Date: Tue, 3 Jul 2007 15:58:47 +0000 Subject: Relock the sema_mtxp unconditionally after copyin() for SETALL case in kern_semctl. Otherwise, later mtx_unlock() can operate on unlocked mutex. Submitted by: rdivacky MFC after: 3 days Approved by: re (kensmith) --- sys/kern/sysv_sem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c index e7d1c5a..48548a2 100644 --- a/sys/kern/sysv_sem.c +++ b/sys/kern/sysv_sem.c @@ -826,9 +826,9 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd, mtx_unlock(sema_mtxp); array = malloc(sizeof(*array) * count, M_TEMP, M_WAITOK); error = copyin(arg->array, array, count * sizeof(*array)); + mtx_lock(sema_mtxp); if (error) break; - mtx_lock(sema_mtxp); if ((error = semvalid(semid, semakptr)) != 0) goto done2; KASSERT(count == semakptr->u.sem_nsems, ("nsems changed")); -- cgit v1.1