diff options
| author | jhb <jhb@FreeBSD.org> | 2002-03-05 18:57:36 +0000 |
|---|---|---|
| committer | jhb <jhb@FreeBSD.org> | 2002-03-05 18:57:36 +0000 |
| commit | 3a1d17e45b65f471a48cabb1b46335480f777c36 (patch) | |
| tree | 7e1937b212c5be424e36cf0162f689d568fe1325 /sys/kern/sysv_sem.c | |
| parent | 679afc69e30f49b444a094dee93fd3d00543507a (diff) | |
| download | FreeBSD-src-3a1d17e45b65f471a48cabb1b46335480f777c36.zip FreeBSD-src-3a1d17e45b65f471a48cabb1b46335480f777c36.tar.gz | |
- Use td_ucred for jail checks.
- Move jail checks and some other checks involving constants and stack
variables out from under Giant. This isn't perfectly safe atm because
jail_sysvipc_allowed is read w/o a lock meaning that its value could be
stale. This global variable will soon become a per-jail flag, however,
at which time it will either not need a lock or will use the prison lock.
Diffstat (limited to 'sys/kern/sysv_sem.c')
| -rw-r--r-- | sys/kern/sysv_sem.c | 39 |
1 files changed, 14 insertions, 25 deletions
diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c index 1b3c827..2b2e227 100644 --- a/sys/kern/sysv_sem.c +++ b/sys/kern/sysv_sem.c @@ -261,17 +261,12 @@ semsys(td, uap) { int error; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0])) + return (EINVAL); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0])) { - error = EINVAL; - goto done2; - } error = (*semcalls[uap->which])(td, &uap->a2); -done2: mtx_unlock(&Giant); return (error); } @@ -485,12 +480,10 @@ __semctl(td, uap) #ifdef SEM_DEBUG printf("call to semctl(%d, %d, %d, 0x%x)\n", semid, semnum, cmd, arg); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); switch(cmd) { case SEM_STAT: if (semid < 0 || semid >= seminfo.semmsl) @@ -693,17 +686,15 @@ semget(td, uap) int key = uap->key; int nsems = uap->nsems; int semflg = uap->semflg; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; #ifdef SEM_DEBUG printf("semget(0x%x, %d, 0%o)\n", key, nsems, semflg); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); if (key != IPC_PRIVATE) { for (semid = 0; semid < seminfo.semmni; semid++) { if ((sema[semid].sem_perm.mode & SEM_ALLOC) && @@ -834,12 +825,10 @@ semop(td, uap) printf("call to semop(%d, 0x%x, %u)\n", semid, sops, nsops); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); semid = IPCID_TO_IX(semid); /* Convert back to zero origin */ if (semid < 0 || semid >= seminfo.semmsl) { |
