Date: Thu, 27 Jul 2006 11:41:00 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-hackers@freebsd.org Cc: =?utf-8?q?=E6=9D=8E=E5=B0=9A=E6=9D=B0?= <shangjie.li@gmail.com> Subject: Re: A bug in semctl() Message-ID: <200607271141.01285.jhb@freebsd.org> In-Reply-To: <de71d27b0607260050g47f95d2fsb3c8e83d721b4a3b@mail.gmail.com> References: <de71d27b0607260050g47f95d2fsb3c8e83d721b4a3b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 26 July 2006 03:50, =E6=9D=8E=E5=B0=9A=E6=9D=B0 wrote:
> In file kern/sysv_sem.c:
> 554 __semctl(td, uap)
> 555 struct thread *td;
> 556 struct __semctl_args *uap;
> 557 {
> 558 int semid =3D uap->semid; <<<here 1
> 559 int semnum =3D uap->semnum;
> 560 int cmd =3D uap->cmd;
> 561 u_short *array;
> 562 union semun *arg =3D uap->arg;
> 563 union semun real_arg;
> 564 struct ucred *cred =3D td->td_ucred;
> 565 int i, rval, error;
> 566 struct semid_ds sbuf;
> 567 struct semid_kernel *semakptr;
> 568 struct mtx *sema_mtxp;
> 569 u_short usval, count;
> 570
> 571 DPRINTF(("call to semctl(%d, %d, %d, 0x%x)\n",
> 572 semid, semnum, cmd, arg));
> 573 if (!jail_sysvipc_allowed && jailed(td->td_ucred))
> 574 return (ENOSYS);
> 575
> 576 array =3D NULL;
> 577
> 578 switch(cmd) {
> 579 case SEM_STAT:
> 580 if (semid < 0 || semid >=3D seminfo.semmni) <<<here 2
> 581 return (EINVAL);
> 582 if ((error =3D copyin(arg, &real_arg,=20
sizeof(real_arg))) !=3D 0)
> 583 return (error);
> 584 semakptr =3D &sema[semid];<<<here 3
>=20
> >From line 558 to line 578, there must be a mechism to convert the
> sem_id to the internal sema array index. In fact, it was missing,
> which make the semctl syscall not work well.
Actually, this is on purpose. SEM_STAT is just used for Linux binaries, an=
d=20
they apparently specify a kernel semid rather than a user one for this=20
specific request.
=2D-=20
John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607271141.01285.jhb>