Date: Wed, 26 Jul 2006 16:27:06 +0800 From: "=?GB2312?B?wO7J0L3c?=" <shangjie.li@gmail.com> To: "Maxim Konovalov" <maxim@macomnet.ru>, freebsd-hackers@freebsd.org Subject: Re: A bug in semctl() Message-ID: <de71d27b0607260127g4e308fcau3a7398d6ebb1baa7@mail.gmail.com> In-Reply-To: <de71d27b0607260105r5585973vbee2106695f04e82@mail.gmail.com> References: <de71d27b0607260050g47f95d2fsb3c8e83d721b4a3b@mail.gmail.com> <20060726115840.K62591@mp2.macomnet.net> <de71d27b0607260105r5585973vbee2106695f04e82@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry! I am working FB/6.0. But I have checked the 6.1 code, this
prolbem exists too.
in __semctl():
error = kern_semctl(td, uap->semid, uap->semnum, uap->cmd, &semun,
&rval);
but in kern_semctl() there is no convertion
ÔÚ 06-7-26£¬ÀîÉнÜ<shangjie.li@gmail.com> дµÀ£º
> Freebsd/6.1 kernel code
>
> 2006/7/26, Maxim Konovalov <maxim@macomnet.ru>:
> > On Wed, 26 Jul 2006, 15:50+0800, §ð§¯§Ú§á¨o§ï wrote:
> >
> > > In file kern/sysv_sem.c:
> > > 554 __semctl(td, uap)
> > > 555 struct thread *td;
> > > 556 struct __semctl_args *uap;
> > > 557 {
> > > 558 int semid = uap->semid; <<<here 1
> > > 559 int semnum = uap->semnum;
> > > 560 int cmd = uap->cmd;
> > > 561 u_short *array;
> > > 562 union semun *arg = uap->arg;
> > > 563 union semun real_arg;
> > > 564 struct ucred *cred = td->td_ucred;
> > > 565 int i, rval, error;
> > > 566 struct semid_ds sbuf;
> > > 567 struct semid_kernel *semakptr;
> > > 568 struct mtx *sema_mtxp;
> > > 569 u_short usval, count;
> > > 570
> > > 571 DPRINTF(("call to semctl(%d, %d, %d, 0x%x)\n",
> > > 572 semid, semnum, cmd, arg));
> > > 573 if (!jail_sysvipc_allowed && jailed(td->td_ucred))
> > > 574 return (ENOSYS);
> > > 575
> > > 576 array = NULL;
> > > 577
> > > 578 switch(cmd) {
> > > 579 case SEM_STAT:
> > > 580 if (semid < 0 || semid >= seminfo.semmni) <<<here 2
> > > 581 return (EINVAL);
> > > 582 if ((error = copyin(arg, &real_arg, sizeof(real_arg))) !=
> > > 0)
> > > 583 return (error);
> > > 584 semakptr = &sema[semid];<<<here 3
> > >
> > > >From line 558 to line 578, there must be a mechism to convert the
> > > sem_id to the internal sema array index. In fact, it was missing,
> > > which make the semctl syscall not work well.
> >
> > What version of the file do you read? We have a different code in
> > HEAD.
> >
> > --
> > Maxim Konovalov
> >
>
>
> --
> --
> |Best regards.
> |Shangjie, Li (Ph.D candidate)
> |Institute of Software, Chinese Academy of Sciences,
> |P.O. Box 8718, Beijing 100080, CHINA
> |Phone: (8610)62561197/62635158-1008(O), 82680528(H)
> |Email: shangjie02@ios.cn
> >---------------------------------------------------<
>
--
--
|Best regards.
|Shangjie, Li (Ph.D candidate)
|Institute of Software, Chinese Academy of Sciences,
|P.O. Box 8718, Beijing 100080, CHINA
|Phone: (8610)62561197/62635158-1008(O), 82680528(H)
|Email: shangjie02@ios.cn
>---------------------------------------------------<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?de71d27b0607260127g4e308fcau3a7398d6ebb1baa7>