Author: kib Date: Sat Feb 15 23:18:02 2020 New Revision: 357983 URL: https://svnweb.freebsd.org/changeset/base/357983
Log: sem_remove(): add some asserts. Assert that sema[idx] allocation from sem[] is sane. Also assert that sem_mtx is owned, it protects the SEM_ALLOC flag. Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation (kib) MFC after: 1 week Differential revision: https://reviews.freebsd.org/D23694 Modified: head/sys/kern/sysv_sem.c Modified: head/sys/kern/sysv_sem.c ============================================================================== --- head/sys/kern/sysv_sem.c Sat Feb 15 23:15:42 2020 (r357982) +++ head/sys/kern/sysv_sem.c Sat Feb 15 23:18:02 2020 (r357983) @@ -558,8 +558,14 @@ sem_remove(int semidx, struct ucred *cred) int i; KASSERT(semidx >= 0 && semidx < seminfo.semmni, - ("semidx out of bounds")); + ("semidx out of bounds")); + mtx_assert(&sem_mtx, MA_OWNED); semakptr = &sema[semidx]; + KASSERT(semakptr->u.__sem_base - sem + semakptr->u.sem_nsems <= semtot, + ("sem_remove: sema %d corrupted sem pointer %p %p %d %d", + semidx, semakptr->u.__sem_base, sem, semakptr->u.sem_nsems, + semtot)); + semakptr->u.sem_perm.cuid = cred ? cred->cr_uid : 0; semakptr->u.sem_perm.uid = cred ? cred->cr_uid : 0; semakptr->u.sem_perm.mode = 0; _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
