From 1994862dc9c16f360a9169a4d27200d15ba29713 Mon Sep 17 00:00:00 2001 From: Manfred Spraul Date: Fri, 6 Jun 2014 14:37:47 -0700 Subject: [PATCH] ipc/sem.c: bugfix for semctl(,,GETZCNT) GETZCNT is supposed to return the number of threads that wait until a semaphore value becomes 0. The current implementation overlooks complex operations that contain both wait-for-zero operation and operations that alter at least one semaphore. The patch fixes that. It's intentionally copy&paste, this will be cleaned up in the next patch. Signed-off-by: Manfred Spraul Cc: Davidlohr Bueso Cc: Michael Kerrisk Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- ipc/sem.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ipc/sem.c b/ipc/sem.c index fe0928a3d08b..4321fa420fe1 100644 --- a/ipc/sem.c +++ b/ipc/sem.c @@ -1047,6 +1047,16 @@ static int count_semzcnt(struct sem_array *sma, ushort semnum) && !(sops[i].sem_flg & IPC_NOWAIT)) semzcnt++; } + list_for_each_entry(q, &sma->pending_alter, list) { + struct sembuf *sops = q->sops; + int nsops = q->nsops; + int i; + for (i = 0; i < nsops; i++) + if (sops[i].sem_num == semnum + && (sops[i].sem_op == 0) + && !(sops[i].sem_flg & IPC_NOWAIT)) + semzcnt++; + } return semzcnt; } -- 2.34.1