From 75e34b3c2615c5c6c933fb7163b44c7369b494ee Mon Sep 17 00:00:00 2001
From: Marian Buschsieweke <marian.buschsieweke@ovgu.de>
Date: Tue, 22 Nov 2022 22:35:13 +0100
Subject: [PATCH] core/mbox: fix race condition

The mbox code contains a race condition in `mbox_put()`: When it
waits for a slot in the queue to become available, it is woken up with
IRQs enabled. It disables IRQs again as first thing, but by then
another thread may already have preempted the running thread and filled
the queue back up. In this case, a message in the queue would be
silently overwritten.

(cherry picked from commit 42b933478412d1f42d009cd558e39d393d29bf7c)
---
 core/mbox.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/mbox.c b/core/mbox.c
index a1d9ddebd44ce..dce9140cf6c35 100644
--- a/core/mbox.c
+++ b/core/mbox.c
@@ -73,7 +73,7 @@ int _mbox_put(mbox_t *mbox, msg_t *msg, int blocking)
         return 1;
     }
     else {
-        if (cib_full(&mbox->cib)) {
+        while (cib_full(&mbox->cib)) {
             if (blocking) {
                 _wait(&mbox->writers, irqstate);
                 irqstate = irq_disable();