ipc: fix double sem unlock in semctl error path

Fix another ipc locking buglet introduced by the scalability patches:
when semctl_down() was changed to delay the semaphore locking, one error
path for security_sem_semctl() went through the semaphore unlock logic
even though the semaphore had never been locked.

Introduced by commit 16df3674efe3 ("ipc,sem: do not hold ipc lock more
than necessary")

Acked-by: Davidlohr Bueso <[email protected]>
Cc: Rik van Riel <[email protected]>
Cc: Al Viro <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

diff --git a/ipc/sem.c b/ipc/sem.c
index 8f5aa34f8d30d4495a84fdcfeef83f3f9ed9fa5c..1f8f01a542de2ba52c83b71b8d550ee0eeec81fb 100644 (file)
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -1280,7 +1280,7 @@ static int semctl_down(struct ipc_namespace *ns, int semid,
        err = security_sem_semctl(sma, cmd);
        if (err) {
                rcu_read_unlock();
-               goto out_unlock;
+               goto out_up;
        }
 
        switch(cmd){