>Number: 6547 >Category: kernel >Synopsis: semctl(2): SETVAL with value > semvmx should return error >Confidential: yes >Severity: serious >Priority: medium >Responsible: bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Sat Jan 22 03:00:01 GMT 2011 >Closed-Date: >Last-Modified: >Originator: >Release: >Organization: >Environment: B B B B System B B B : OpenBSD 4.8 B B B B Details B B : OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC B B B B Architecture: OpenBSD.i386 B B B B Machine B B : i386 >Description: B B B (This is a resend to [email protected] so it gets logged and doesn't fall off the radar) semctl(2) should return -1 and set errno to ERANGE when the SETVAL or B B B B SETALL commands are used, and the semval is greater than semvmx. See B B B B http://www.opengroup.org/onlinepubs/009695399/functions/semctl.html B B B B The range check was apparently added to NetBSD 5.0: B B B B http://netbsd.gw.com/cgi-bin/man-cgi?semctl++NetBSD-5.0 >How-To-Repeat: Example code: ######################################## /* semtest.c */ #include <stdio.h> #include <stdlib.h> #include <sys/sem.h> #include <sys/stat.h> int main(void) { B B int semid; B B if ((semid = semget(IPC_PRIVATE, 1, IPC_CREAT | S_IRUSR | S_IWUSR)) == -1) { B B B B perror("semget"); B B B B exit(EXIT_FAILURE); B B } B B union semun { B B B B int val; B B B B struct semid_ds *buf; B B B B unsigned short B *array; B B } arg; B B arg.val = 32768; B B if (semctl(semid, 0, SETVAL, arg) == -1) { B B B B perror("semctl SETVAL"); B B B B exit(EXIT_FAILURE); B B } B B int semval; B B if ((semval = semctl(semid, 0, GETVAL, arg) == -1)) { B B B B perror("semctl GETVAL"); B B B B exit(EXIT_FAILURE); B B } B B printf("%i\n", semval); B B return 0; } ######################################## FreeBSD 8.1: ######################################## $ sysctl kern.ipc.semvmx kern.ipc.semvmx: 32767 $ cc -o semtest semtest.c $ ./semtest semctl SETVAL: Result too large ######################################## OpenBSD 4.8: ######################################## $ sysctl kern.seminfo.semvmx kern.seminfo.semvmx=32767 $ cc -o semtest semtest.c $ ./semtest 0 ######################################## >Fix: B B B B <how to correct or work around the problem, if known (multiple lines)> SENDBUG: Run sendbug as root if this is an ACPI report! SENDBUG: dmesg and usbdevs are attached. SENDBUG: Feel free to delete or use the -D flag if they contain sensitive information. dmesg: OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010 B B [email protected]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz ("GenuineIntel" 686-class) 2.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MM X,FXSR,SSE,SSE2,SSE3,MWAIT,SSSE3 real mem B = 1073246208 (1023MB) avail mem = 1045729280 (997MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xfc0f0, SMBIOS rev. 2.5 @ 0xe1000 (5 entries) bios0: vendor innotek GmbH version "VirtualBox" date 12/01/2006 bios0: innotek GmbH VirtualBox acpi0 at bios0: rev 2 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP SSDT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpiprt0 at acpi0: bus 0 (PCI0) acpibat0 at acpi0: BAT0 not present acpiac0 at acpi0: AC unit online bios0: ROM list: 0xc0000/0x9000 0xe2000/0x1000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: <VBOX HARDDISK> wd0: 128-sector PIO, LBA, 8192MB, 16777216 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) vga1 at pci0 dev 2 function 0 "InnoTek VirtualBox Graphics Adapter" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em0 at pci0 dev 3 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: irq 10, address 08:00:27:a4:00:db "InnoTek VirtualBox Guest Service" rev 0x00 at pci0 dev 4 function 0 not configured piixpm0 at pci0 dev 7 function 0 "Intel 82371AB Power" rev 0x08: SMBus disabled isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask e9fd netmask edfd ttymask ffff mtrr: CPU supports MTRRs but not enabled softraid0 at root root on wd0a swap on wd0b dump on wd0b usbdevs: usbdevs: no USB controllers found -- Nathan Weeks >Release-Note: >Audit-Trail: >Unformatted:
