From 8774fddf30cd8955b69fd4eb90862c3101cc659a Mon Sep 17 00:00:00 2001
From: Joel Sherrill <joel.sherrill@OARcorp.com>
Date: Thu, 28 May 2009 21:04:29 +0000
Subject: 2009-05-28	Joel Sherrill <joel.sherrill@OARcorp.com>

	PR 1415/cpukit
	* rtems/src/semcreate.c, rtems/src/semtranslatereturncode.c,
	score/include/rtems/score/coremutex.h,
	score/inline/rtems/score/coremutex.inl, score/src/coremutex.c:
	Address two paths where a task with a priority above the ceiling
	could obtain a priority ceiling mutex.
---
 cpukit/ChangeLog                              |  9 +++++++++
 cpukit/rtems/src/semcreate.c                  | 20 +++++++++++---------
 cpukit/rtems/src/semtranslatereturncode.c     |  4 ++--
 cpukit/score/include/rtems/score/coremutex.h  |  6 ++++--
 cpukit/score/inline/rtems/score/coremutex.inl |  3 ++-
 cpukit/score/src/coremutex.c                  |  9 +++++++--
 6 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/cpukit/ChangeLog b/cpukit/ChangeLog
index e846fafd3d..b7efc5e9bd 100644
--- a/cpukit/ChangeLog
+++ b/cpukit/ChangeLog
@@ -1,3 +1,12 @@
+2009-05-28	Joel Sherrill <joel.sherrill@OARcorp.com>
+
+	PR 1415/cpukit
+	* rtems/src/semcreate.c, rtems/src/semtranslatereturncode.c,
+	score/include/rtems/score/coremutex.h,
+	score/inline/rtems/score/coremutex.inl, score/src/coremutex.c:
+	Address two paths where a task with a priority above the ceiling
+	could obtain a priority ceiling mutex.
+
 2009-05-21	Joel Sherrill <joel.sherrill@OARcorp.com>
 
 	PR 1414/cpukit
diff --git a/cpukit/rtems/src/semcreate.c b/cpukit/rtems/src/semcreate.c
index d7827c116c..9950aecb4a 100644
--- a/cpukit/rtems/src/semcreate.c
+++ b/cpukit/rtems/src/semcreate.c
@@ -80,7 +80,6 @@ rtems_status_code rtems_semaphore_create(
   register Semaphore_Control *the_semaphore;
   CORE_mutex_Attributes       the_mutex_attributes;
   CORE_semaphore_Attributes   the_semaphore_attributes;
-  uint32_t                    lock;
 
   if ( !rtems_is_name_valid( name ) )
     return RTEMS_INVALID_NAME;
@@ -146,6 +145,8 @@ rtems_status_code rtems_semaphore_create(
    */
 
   if ( !_Attributes_Is_counting_semaphore( attribute_set ) ) {
+    CORE_mutex_Status mutex_status;
+
     if ( _Attributes_Is_inherit_priority( attribute_set ) )
       the_mutex_attributes.discipline = CORE_MUTEX_DISCIPLINES_PRIORITY_INHERIT;
     else if ( _Attributes_Is_priority_ceiling( attribute_set ) )
@@ -176,16 +177,17 @@ rtems_status_code rtems_semaphore_create(
 
     the_mutex_attributes.priority_ceiling = priority_ceiling;
 
-    if ( count == 1 )
-      lock = CORE_MUTEX_UNLOCKED;
-    else
-      lock = CORE_MUTEX_LOCKED;
-
-    _CORE_mutex_Initialize(
+    mutex_status = _CORE_mutex_Initialize(
       &the_semaphore->Core_control.mutex,
       &the_mutex_attributes,
-      lock
-    );
+      (count == 1) ? CORE_MUTEX_UNLOCKED : CORE_MUTEX_LOCKED
+     ); 
+
+     if ( mutex_status == CORE_MUTEX_STATUS_CEILING_VIOLATED ) {
+       _Semaphore_Free( the_semaphore );
+       _Thread_Enable_dispatch();
+       return RTEMS_INVALID_PRIORITY;
+     }
   } else {
     if ( _Attributes_Is_priority( attribute_set ) )
       the_semaphore_attributes.discipline = CORE_SEMAPHORE_DISCIPLINES_PRIORITY;
diff --git a/cpukit/rtems/src/semtranslatereturncode.c b/cpukit/rtems/src/semtranslatereturncode.c
index 87999d3cc9..3baead1f0e 100644
--- a/cpukit/rtems/src/semtranslatereturncode.c
+++ b/cpukit/rtems/src/semtranslatereturncode.c
@@ -15,7 +15,7 @@
  *     + acquire a semaphore
  *     + release a semaphore
  *
- *  COPYRIGHT (c) 1989-1999.
+ *  COPYRIGHT (c) 1989-2008.
  *  On-Line Applications Research Corporation (OAR).
  *
  *  The license and distribution terms for this file may be
@@ -68,7 +68,7 @@ rtems_status_code _Semaphore_Translate_core_mutex_return_code_[] = {
   RTEMS_NOT_OWNER_OF_RESOURCE, /* CORE_MUTEX_STATUS_NOT_OWNER_OF_RESOURCE */
   RTEMS_OBJECT_WAS_DELETED, /* CORE_MUTEX_WAS_DELETED */
   RTEMS_TIMEOUT,            /* CORE_MUTEX_TIMEOUT */
-  RTEMS_INTERNAL_ERROR,     /* CORE_MUTEX_STATUS_CEILING_VIOLATED */
+  RTEMS_INVALID_PRIORITY    /* CORE_MUTEX_STATUS_CEILING_VIOLATED */
 };
 
 
diff --git a/cpukit/score/include/rtems/score/coremutex.h b/cpukit/score/include/rtems/score/coremutex.h
index 1d2d38db59..db92717d01 100644
--- a/cpukit/score/include/rtems/score/coremutex.h
+++ b/cpukit/score/include/rtems/score/coremutex.h
@@ -8,7 +8,7 @@
  */
 
 /*
- *  COPYRIGHT (c) 1989-2006.
+ *  COPYRIGHT (c) 1989-2009.
  *  On-Line Applications Research Corporation (OAR).
  *
  *  The license and distribution terms for this file may be
@@ -216,8 +216,10 @@ typedef struct {
  *  @param[in] the_mutex_attributes is the attributes associated with this
  *         mutex instance
  *  @param[in] initial_lock is the initial value of the mutex
+ *
+ *  @return This method returns CORE_MUTEX_STATUS_SUCCESSFUL if successful.
  */
-void _CORE_mutex_Initialize(
+CORE_mutex_Status _CORE_mutex_Initialize(
   CORE_mutex_Control           *the_mutex,
   CORE_mutex_Attributes        *the_mutex_attributes,
   uint32_t                      initial_lock
diff --git a/cpukit/score/inline/rtems/score/coremutex.inl b/cpukit/score/inline/rtems/score/coremutex.inl
index 342428ccbb..605742685c 100644
--- a/cpukit/score/inline/rtems/score/coremutex.inl
+++ b/cpukit/score/inline/rtems/score/coremutex.inl
@@ -6,7 +6,7 @@
  */
 
 /*
- *  COPYRIGHT (c) 1989-2006.
+ *  COPYRIGHT (c) 1989-2009.
  *  On-Line Applications Research Corporation (OAR).
  *
  *  The license and distribution terms for this file may be
@@ -172,6 +172,7 @@ RTEMS_INLINE_ROUTINE int _CORE_mutex_Seize_interrupt_trylock(
       }
       /* if ( current < ceiling ) */ {
         executing->Wait.return_code = CORE_MUTEX_STATUS_CEILING_VIOLATED;
+        the_mutex->lock       = CORE_MUTEX_UNLOCKED;
         the_mutex->nest_count = 0;     /* undo locking above */
         executing->resource_count--;   /* undo locking above */
         _ISR_Enable( level );
diff --git a/cpukit/score/src/coremutex.c b/cpukit/score/src/coremutex.c
index 173418ffc0..4782af01e7 100644
--- a/cpukit/score/src/coremutex.c
+++ b/cpukit/score/src/coremutex.c
@@ -6,7 +6,7 @@
  *  This package is the implementation of the Mutex Handler.
  *  This handler provides synchronization and mutual exclusion capabilities.
  *
- *  COPYRIGHT (c) 1989-1999.
+ *  COPYRIGHT (c) 1989-2009.
  *  On-Line Applications Research Corporation (OAR).
  *
  *  The license and distribution terms for this file may be
@@ -42,7 +42,7 @@
  *  Output parameters:  NONE
  */
 
-void _CORE_mutex_Initialize(
+CORE_mutex_Status _CORE_mutex_Initialize(
   CORE_mutex_Control           *the_mutex,
   CORE_mutex_Attributes        *the_mutex_attributes,
   uint32_t                      initial_lock
@@ -64,6 +64,9 @@ void _CORE_mutex_Initialize(
     the_mutex->holder_id  = _Thread_Executing->Object.id;
     if ( _CORE_mutex_Is_inherit_priority( &the_mutex->Attributes ) ||
          _CORE_mutex_Is_priority_ceiling( &the_mutex->Attributes ) )
+       if ( _Thread_Executing->current_priority < 
+              the_mutex->Attributes.priority_ceiling )
+        return CORE_MUTEX_STATUS_CEILING_VIOLATED;
       _Thread_Executing->resource_count++;
   } else {
     the_mutex->nest_count = 0;
@@ -78,4 +81,6 @@ void _CORE_mutex_Initialize(
     STATES_WAITING_FOR_MUTEX,
     CORE_MUTEX_TIMEOUT
   );
+
+  return CORE_MUTEX_STATUS_SUCCESSFUL;
 }
-- 
cgit v1.2.3