From: Manfred Spraul <manfred@colorfullife.com>

sem_revalidate checks that a semaphore array didn't disappear while the
code was running without the semaphore array spinlock.  If the array
disappeared, then it will return without holding a lock.  find_undo calls
sem_revalidate and then sem_unlock, even if sem_revalidate failed.  The
sem_unlock call must be removed.

Mingming Cao reported a spinlock deadlock with sysv semaphores.  A
superflous unlock doesn't explain the deadlock, but it's obviously a bug. 


---

 ipc/sem.c |    1 -
 1 files changed, 1 deletion(-)

diff -puN ipc/sem.c~ipc-sem-extra-sem_unlock ipc/sem.c
--- 25/ipc/sem.c~ipc-sem-extra-sem_unlock	2004-03-06 01:12:38.000000000 -0800
+++ 25-akpm/ipc/sem.c	2004-03-06 01:12:38.000000000 -0800
@@ -993,7 +993,6 @@ static struct sem_undo *find_undo(int se
 	}
 	error = sem_revalidate(semid, sma, nsems, 0);
 	if (error) {
-		sem_unlock(sma);
 		unlock_semundo();
 		kfree(new);
 		un = ERR_PTR(error);

_