Date: Sat, 15 Feb 2020 23:18:03 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r357983 - head/sys/kern Message-ID: <202002152318.01FNI3MO030923@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Sat Feb 15 23:18:02 2020 New Revision: 357983 URL: https://svnweb.freebsd.org/changeset/base/357983 Log: sem_remove(): add some asserts. Assert that sema[idx] allocation from sem[] is sane. Also assert that sem_mtx is owned, it protects the SEM_ALLOC flag. Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation (kib) MFC after: 1 week Differential revision: https://reviews.freebsd.org/D23694 Modified: head/sys/kern/sysv_sem.c Modified: head/sys/kern/sysv_sem.c ============================================================================== --- head/sys/kern/sysv_sem.c Sat Feb 15 23:15:42 2020 (r357982) +++ head/sys/kern/sysv_sem.c Sat Feb 15 23:18:02 2020 (r357983) @@ -558,8 +558,14 @@ sem_remove(int semidx, struct ucred *cred) int i; KASSERT(semidx >= 0 && semidx < seminfo.semmni, - ("semidx out of bounds")); + ("semidx out of bounds")); + mtx_assert(&sem_mtx, MA_OWNED); semakptr = &sema[semidx]; + KASSERT(semakptr->u.__sem_base - sem + semakptr->u.sem_nsems <= semtot, + ("sem_remove: sema %d corrupted sem pointer %p %p %d %d", + semidx, semakptr->u.__sem_base, sem, semakptr->u.sem_nsems, + semtot)); + semakptr->u.sem_perm.cuid = cred ? cred->cr_uid : 0; semakptr->u.sem_perm.uid = cred ? cred->cr_uid : 0; semakptr->u.sem_perm.mode = 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002152318.01FNI3MO030923>