ipc: fix double sem unlock in semctl error path

Fix another ipc locking buglet introduced by the scalability patches: when semctl_down() was changed to delay the semaphore locking, one error path for security_sem_semctl() went through the semaphore unlock logic even though the semaphore had never been locked. Introduced by commit 16df3674ef ("ipc,sem: do not hold ipc lock more than necessary") Acked-by: Davidlohr Bueso <davidlohr.bueso@hp.com> Cc: Rik van Riel <riel@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-11-28 06:34:12 +08:00 · 2013-05-04 10:25:11 -07:00 · 2013-05-04 10:25:11 -07:00 · fbfd1d2862
commit fbfd1d2862
parent 4091fd942e
1 changed files with 1 additions and 1 deletions
--- a/ipc/sem.c
+++ b/ipc/sem.c
@ -1280,7 +1280,7 @@ static int semctl_down(struct ipc_namespace *ns, int semid,
 	err = security_sem_semctl(sma, cmd);
 	if (err) {
 		rcu_read_unlock();
-		goto out_unlock;
+		goto out_up;
 	}

 	switch(cmd){