From 42b933478412d1f42d009cd558e39d393d29bf7c Mon Sep 17 00:00:00 2001
From: Marian Buschsieweke <marian.buschsieweke@ovgu.de>
Date: Tue, 22 Nov 2022 22:35:13 +0100
Subject: [PATCH] core/mbox: fix race condition

The mbox code contains a race condition in `mbox_put()`: When it
waits for a slot in the queue to become available, it is woken up with
IRQs enabled. It disables IRQs again as first thing, but by then
another thread may already have preempted the running thread and filled
the queue back up. In this case, a message in the queue would be
silently overwritten.
---
 core/mbox.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/mbox.c b/core/mbox.c
index a1d9ddebd44c..dce9140cf6c3 100644
--- a/core/mbox.c
+++ b/core/mbox.c
@@ -73,7 +73,7 @@ int _mbox_put(mbox_t *mbox, msg_t *msg, int blocking)
         return 1;
     }
     else {
-        if (cib_full(&mbox->cib)) {
+        while (cib_full(&mbox->cib)) {
             if (blocking) {
                 _wait(&mbox->writers, irqstate);
                 irqstate = irq_disable();