Date: Wed, 26 Jul 2006 15:50:16 +0800 From: "=?GB2312?B?wO7J0L3c?=" <shangjie.li@gmail.com> To: freebsd-hackers@freebsd.org Subject: A bug in semctl() Message-ID: <de71d27b0607260050g47f95d2fsb3c8e83d721b4a3b@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
In file kern/sysv_sem.c:
554 __semctl(td, uap)
555 struct thread *td;
556 struct __semctl_args *uap;
557 {
558 int semid = uap->semid; <<<here 1
559 int semnum = uap->semnum;
560 int cmd = uap->cmd;
561 u_short *array;
562 union semun *arg = uap->arg;
563 union semun real_arg;
564 struct ucred *cred = td->td_ucred;
565 int i, rval, error;
566 struct semid_ds sbuf;
567 struct semid_kernel *semakptr;
568 struct mtx *sema_mtxp;
569 u_short usval, count;
570
571 DPRINTF(("call to semctl(%d, %d, %d, 0x%x)\n",
572 semid, semnum, cmd, arg));
573 if (!jail_sysvipc_allowed && jailed(td->td_ucred))
574 return (ENOSYS);
575
576 array = NULL;
577
578 switch(cmd) {
579 case SEM_STAT:
580 if (semid < 0 || semid >= seminfo.semmni) <<<here 2
581 return (EINVAL);
582 if ((error = copyin(arg, &real_arg, sizeof(real_arg))) != 0)
583 return (error);
584 semakptr = &sema[semid];<<<here 3
>From line 558 to line 578, there must be a mechism to convert the
sem_id to the internal sema array index. In fact, it was missing,
which make the semctl syscall not work well.
--
--
|Best regards.
|Shangjie, Li (Ph.D candidate)
|Institute of Software, Chinese Academy of Sciences,
|P.O. Box 8718, Beijing 100080, CHINA
|Phone: (8610)62561197/62635158-1008(O), 82680528(H)
|Email: shangjie02@ios.cn
>---------------------------------------------------<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?de71d27b0607260050g47f95d2fsb3c8e83d721b4a3b>