Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 18 Nov 2007 19:59:29 +0300
From:      "Ivan Shcheklein" <shcheklein@gmail.com>
To:        freebsd-bugs@freebsd.org
Subject:   Bug in semop() in multiprocess environment?
Message-ID:  <3034886f0711180859r1c9d8c17n82d2f89158197d9b@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Hi All,

It seems to me that there is a bug in the semop() code:

After wakeup we see the following:

        /*
         * The semaphore is still alive.  Readjust the count of
         * waiting processes.
         */
        if (sopptr->sem_op == 0)
            semptr->semzcnt--;
        else
            semptr->semncnt--;

It seems to me that "semptr" can be invalid after wakeup. For example,
semaphore's base can be changed after remove called on another previously
created semaphore.

I think semptr must be renewed after wakeup.

Ivan Shcheklein



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3034886f0711180859r1c9d8c17n82d2f89158197d9b>