From owner-freebsd-hackers@FreeBSD.ORG  Wed Jul 26 07:59:35 2006
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD64B16A4E1
	for <freebsd-hackers@freebsd.org>; Wed, 26 Jul 2006 07:59:35 +0000 (UTC)
	(envelope-from maxim@macomnet.ru)
Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4CAC743D53
	for <freebsd-hackers@freebsd.org>; Wed, 26 Jul 2006 07:59:34 +0000 (GMT)
	(envelope-from maxim@macomnet.ru)
Received: from localhost (localhost.int.ru [127.0.0.1] (may be forged))
	by mp2.macomnet.net (8.13.7/8.13.3) with ESMTP id k6Q7xXml022629;
	Wed, 26 Jul 2006 11:59:33 +0400 (MSD)
	(envelope-from maxim@macomnet.ru)
Date: Wed, 26 Jul 2006 11:59:32 +0400 (MSD)
From: Maxim Konovalov <maxim@macomnet.ru>
To: =?GB2312?B?wO7J0L3c?= <shangjie.li@gmail.com>
In-Reply-To: <de71d27b0607260050g47f95d2fsb3c8e83d721b4a3b@mail.gmail.com>
Message-ID: <20060726115840.K62591@mp2.macomnet.net>
References: <de71d27b0607260050g47f95d2fsb3c8e83d721b4a3b@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=KOI8-R
Content-Transfer-Encoding: 8BIT
Cc: freebsd-hackers@freebsd.org
Subject: Re: A bug in semctl()
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2006 07:59:35 -0000

On Wed, 26 Jul 2006, 15:50+0800, ÀîÉÐ½Ü wrote:

> In file kern/sysv_sem.c:
> 554 __semctl(td, uap)
> 555         struct thread *td;
> 556         struct __semctl_args *uap;
> 557 {
> 558         int semid = uap->semid; <<<here 1
> 559         int semnum = uap->semnum;
> 560         int cmd = uap->cmd;
> 561         u_short *array;
> 562         union semun *arg = uap->arg;
> 563         union semun real_arg;
> 564         struct ucred *cred = td->td_ucred;
> 565         int i, rval, error;
> 566         struct semid_ds sbuf;
> 567         struct semid_kernel *semakptr;
> 568         struct mtx *sema_mtxp;
> 569         u_short usval, count;
> 570
> 571         DPRINTF(("call to semctl(%d, %d, %d, 0x%x)\n",
> 572             semid, semnum, cmd, arg));
> 573         if (!jail_sysvipc_allowed && jailed(td->td_ucred))
> 574                 return (ENOSYS);
> 575
> 576         array = NULL;
> 577
> 578         switch(cmd) {
> 579         case SEM_STAT:
> 580                 if (semid < 0 || semid >= seminfo.semmni) <<<here 2
> 581                         return (EINVAL);
> 582                 if ((error = copyin(arg, &real_arg, sizeof(real_arg))) !=
> 0)
> 583                         return (error);
> 584                 semakptr = &sema[semid];<<<here 3
>
> >From line 558 to line 578, there must be a mechism to convert the
> sem_id to the internal sema array index. In fact, it was missing,
> which make the semctl syscall not work well.

What version of the file do you read?  We have a different code in
HEAD.

-- 
Maxim Konovalov