From: Manfred Spraul <manfred@colorfullife.com>
Date: Thu, 22 May 2014 00:44:19 +0000 (+1000)
Subject: ipc/sem.c: bugfix for semctl(,,GETZCNT)
X-Git-Tag: next-20140530~2^2~10
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=3e39eb60b8ec1e2cd6c23a4f162bdb7e21f212a7;p=karo-tx-linux.git

ipc/sem.c: bugfix for semctl(,,GETZCNT)

GETZCNT is supposed to return the number of threads that wait until a
semaphore value becomes 0.

The current implementation overlooks complex operations that contain both
wait-for-zero operation and operations that alter at least one semaphore.

The patch fixes that.  It's intentionally copy&paste, this will be cleaned
up in the next patch.

Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Cc: Davidlohr Bueso <davidlohr.bueso@hp.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

diff --git a/ipc/sem.c b/ipc/sem.c
index fe0928a3d08b..4321fa420fe1 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -1047,6 +1047,16 @@ static int count_semzcnt(struct sem_array *sma, ushort semnum)
 			    && !(sops[i].sem_flg & IPC_NOWAIT))
 				semzcnt++;
 	}
+	list_for_each_entry(q, &sma->pending_alter, list) {
+		struct sembuf *sops = q->sops;
+		int nsops = q->nsops;
+		int i;
+		for (i = 0; i < nsops; i++)
+			if (sops[i].sem_num == semnum
+			    && (sops[i].sem_op == 0)
+			    && !(sops[i].sem_flg & IPC_NOWAIT))
+				semzcnt++;
+	}
 	return semzcnt;
 }