Hello,

On 10/21/19 10:35 AM, kernel test robot wrote:
FYI, we noticed the following commit (built with gcc-7):

commit: 6394de3b868537a90dd9128607192b0e97109f6b ("[PATCH 4/5] ipc/sem.c: Document 
and update memory barriers")
url: 
https://github.com/0day-ci/linux/commits/Manfred-Spraul/wake_q-Cleanup-Documentation-update/20191014-055627

Yes, known issue:

@@ -2148,9 +2176,11 @@ static long do_semtimedop(int semid, struct sembuf __user *tsops,
        }

        do {
-               WRITE_ONCE(queue.status, -EINTR);
+               /* memory ordering ensured by the lock in sem_lock() */
+               queue.status = EINTR;
                queue.sleeper = current;

+               /* memory ordering is ensured by the lock in sem_lock() */
                __set_current_state(TASK_INTERRUPTIBLE);
                sem_unlock(sma, locknum);
                rcu_read_unlock();
It must be "-EINTR", not "EINTR".

If there is a timeout or a spurious wakeup, then the do_semtimedop() returns to user space without unlinking everything properly.

I was able to reproduce the issue: V1 of the series ends up with the shown error.

V3 as now merged doesn't fail.

--

    Manfred


Reply via email to