Page MenuHomeFreeBSD
Files F151108606

D23694.id68350.diff
No OneTemporary
Actions

D23694.id68350.diff
View Options

Index: sys/kern/sysv_sem.c
===================================================================
--- sys/kern/sysv_sem.c
+++ sys/kern/sysv_sem.c
@@ -198,15 +198,15 @@
* semaphore info struct
*/
struct seminfo seminfo = {
- SEMMNI, /* # of semaphore identifiers */
- SEMMNS, /* # of semaphores in system */
- SEMMNU, /* # of undo structures in system */
- SEMMSL, /* max # of semaphores per id */
- SEMOPM, /* max # of operations per semop call */
- SEMUME, /* max # of undo entries per process */
- SEMUSZ, /* size in bytes of undo structure */
- SEMVMX, /* semaphore maximum value */
- SEMAEM /* adjust on exit max value */
+ .semmni = SEMMNI, /* # of semaphore identifiers */
+ .semmns = SEMMNS, /* # of semaphores in system */
+ .semmnu = SEMMNU, /* # of undo structures in system */
+ .semmsl = SEMMSL, /* max # of semaphores per id */
+ .semopm = SEMOPM, /* max # of operations per semop call */
+ .semume = SEMUME, /* max # of undo entries per process */
+ .semusz = SEMUSZ, /* size in bytes of undo structure */
+ .semvmx = SEMVMX, /* semaphore maximum value */
+ .semaem = SEMAEM, /* adjust on exit max value */
};
SYSCTL_INT(_kern_ipc, OID_AUTO, semmni, CTLFLAG_RDTUN, &seminfo.semmni, 0,
@@ -558,8 +558,14 @@
int i;
KASSERT(semidx >= 0 && semidx < seminfo.semmni,
- ("semidx out of bounds"));
+ ("semidx out of bounds"));
+ mtx_assert(&sem_mtx, MA_OWNED);
semakptr = &sema[semidx];
+ KASSERT(semakptr->u.__sem_base - sem + semakptr->u.sem_nsems <= semtot,
+ ("sem_remove: sema %d corrupted sem pointer %p %p %d %d",
+ semidx, semakptr->u.__sem_base, sem, semakptr->u.sem_nsems,
+ semtot));
+
semakptr->u.sem_perm.cuid = cred ? cred->cr_uid : 0;
semakptr->u.sem_perm.uid = cred ? cred->cr_uid : 0;
semakptr->u.sem_perm.mode = 0;
@@ -578,8 +584,9 @@
sema[i].u.__sem_base > semakptr->u.__sem_base)
mtx_lock_flags(&sema_mtx[i], LOP_DUPOK);
}
- for (i = semakptr->u.__sem_base - sem; i < semtot; i++)
- sem[i] = sem[i + semakptr->u.sem_nsems];
+ for (i = semakptr->u.__sem_base - sem + semakptr->u.sem_nsems;
+ i < semtot; i++)
+ sem[i - semakptr->u.sem_nsems] = sem[i];
for (i = 0; i < seminfo.semmni; i++) {
if ((sema[i].u.sem_perm.mode & SEM_ALLOC) &&
sema[i].u.__sem_base > semakptr->u.__sem_base) {

File Metadata

Mime Type
text/plain
Expires
Tue, Apr 7, 3:19 AM (10 h, 45 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31008285
Default Alt Text
D23694.id68350.diff (2 KB)

Event Timeline