fix sem_close unmapping of still-referenced semaphore

sem_open is required to return the same sem_t pointer for all
references to the same named semaphore when it's opened more than once
in the same process. thus we keep a table of all the mapped semaphores
and their reference counts. the code path for sem_close checked the
reference count, but then proceeded to unmap the semaphore regardless
of whether the count had reached zero.

add an immediate unlock-and-return for the nonzero refcnt case so the
property of performing the munmap syscall after releasing the lock can
be preserved.

diff --git a/src/thread/sem_open.c b/src/thread/sem_open.c
index de8555c..6fb0c5b 100644 (file)
--- a/src/thread/sem_open.c
+++ b/src/thread/sem_open.c
@@ -163,10 +163,12 @@ int sem_close(sem_t *sem)
        int i;
        LOCK(lock);
        for (i=0; i<SEM_NSEMS_MAX && semtab[i].sem != sem; i++);
-       if (!--semtab[i].refcnt) {
-               semtab[i].sem = 0;
-               semtab[i].ino = 0;
+       if (--semtab[i].refcnt) {
+               UNLOCK(lock);
+               return 0;
        }
+       semtab[i].sem = 0;
+       semtab[i].ino = 0;
        UNLOCK(lock);
        munmap(sem, sizeof *sem);
        return 0;