svn commit: r357983 - head/sys/kern
Konstantin Belousov
kib at FreeBSD.org
Sat Feb 15 23:18:03 UTC 2020
Author: kib
Date: Sat Feb 15 23:18:02 2020
New Revision: 357983
URL: https://svnweb.freebsd.org/changeset/base/357983
Log:
sem_remove(): add some asserts.
Assert that sema[idx] allocation from sem[] is sane.
Also assert that sem_mtx is owned, it protects the SEM_ALLOC flag.
Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation (kib)
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D23694
Modified:
head/sys/kern/sysv_sem.c
Modified: head/sys/kern/sysv_sem.c
==============================================================================
--- head/sys/kern/sysv_sem.c Sat Feb 15 23:15:42 2020 (r357982)
+++ head/sys/kern/sysv_sem.c Sat Feb 15 23:18:02 2020 (r357983)
@@ -558,8 +558,14 @@ sem_remove(int semidx, struct ucred *cred)
int i;
KASSERT(semidx >= 0 && semidx < seminfo.semmni,
- ("semidx out of bounds"));
+ ("semidx out of bounds"));
+ mtx_assert(&sem_mtx, MA_OWNED);
semakptr = &sema[semidx];
+ KASSERT(semakptr->u.__sem_base - sem + semakptr->u.sem_nsems <= semtot,
+ ("sem_remove: sema %d corrupted sem pointer %p %p %d %d",
+ semidx, semakptr->u.__sem_base, sem, semakptr->u.sem_nsems,
+ semtot));
+
semakptr->u.sem_perm.cuid = cred ? cred->cr_uid : 0;
semakptr->u.sem_perm.uid = cred ? cred->cr_uid : 0;
semakptr->u.sem_perm.mode = 0;
More information about the svn-src-head
mailing list