From 512ae52f6afbf1d7f461e78b2959a6add414e15b Mon Sep 17 00:00:00 2001
From: Rik van Riel <riel@redhat.com>
Date: Thu, 9 May 2013 16:53:28 -0400
Subject: [PATCH] ipc,sem: fix semctl(..., GETZCNT)

The semctl GETZCNT returns the number of semops waiting for the
specified semaphore to become zero.  After commit 256ec5b5b9cf
("ipc,sem: have only one list in struct sem_queue"), the semops waiting
on just one semaphore are waiting on that semaphore's list.

In order to return the correct count, we have to walk that list too, in
addition to the sem_array's list for complex operations.

This bug broke dbench; it works again with this patch applied.

Signed-off-by: Rik van Riel <riel@redhat.com>
Reported-by: Kent Overstreet <koverstreet@google.com>
Tested-by: Kent Overstreet <koverstreet@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 ipc/sem.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ipc/sem.c b/ipc/sem.c
index 899b598b63be3..04b264dbf141d 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -815,6 +815,13 @@ static int count_semzcnt (struct sem_array * sma, ushort semnum)
 	struct sem_queue * q;
 
 	semzcnt = 0;
+	list_for_each_entry(q, &sma->sem_base[semnum].sem_pending, list) {
+		struct sembuf * sops = q->sops;
+		BUG_ON(sops->sem_num != semnum);
+		if ((sops->sem_op == 0) && !(sops->sem_flg & IPC_NOWAIT))
+			semzcnt++;
+	}
+
 	list_for_each_entry(q, &sma->sem_pending, list) {
 		struct sembuf * sops = q->sops;
 		int nsops = q->nsops;
-- 
2.39.5