From 5e8693a9761d7a5f4bb3b200c9218a2ad3223215 Mon Sep 17 00:00:00 2001
From: jhb <jhb@FreeBSD.org>
Date: Sat, 8 Jul 2006 19:51:38 +0000
Subject: Rework kern_semctl a bit to always assume the UIO_SYSSPACE case. 
 This mostly consists of pushing a few copyin's and copyout's up into
 __semctl() as all the other callers were already doing the UIO_SYSSPACE case.
  This also changes kern_semctl() to set the return value in a passed in
 pointer to a register_t rather than td->td_retval[0] directly so that callers
 can only set td->td_retval[0] if all the various copyout's succeed.

As a result of these changes, kern_semctl() no longer does copyin/copyout
(except for GETALL/SETALL) so simplify the locking to acquire the semakptr
mutex before the MAC check and hold it all the way until the end of the
big switch statement.  The GETALL/SETALL cases have to temporarily drop it
while they do copyin/malloc and copyout.  Also, simplify the SETALL case to
remove handling for a non-existent race condition.
---
 sys/compat/svr4/svr4_ipc.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

(limited to 'sys/compat/svr4')

diff --git a/sys/compat/svr4/svr4_ipc.c b/sys/compat/svr4/svr4_ipc.c
index ad1fb0f..317239c 100644
--- a/sys/compat/svr4/svr4_ipc.c
+++ b/sys/compat/svr4/svr4_ipc.c
@@ -209,6 +209,7 @@ svr4_semctl(td, v)
 	struct svr4_semid_ds ss;
 	struct semid_ds bs;
 	union semun semun;
+	register_t rval;
 	int cmd, error;
 
 	switch (uap->cmd) {
@@ -244,21 +245,24 @@ svr4_semctl(td, v)
 		cmd = IPC_STAT;
 		semun.buf = &bs;
 		error = kern_semctl(td, uap->semid, uap->semnum, cmd, &semun,
-		    UIO_SYSSPACE);
+		    &rval);
 		if (error)
-                        return error;
+                        return (error);
                 bsd_to_svr4_semid_ds(&bs, &ss);
-		return copyout(&ss, uap->arg.buf, sizeof(ss));
+		error = copyout(&ss, uap->arg.buf, sizeof(ss));
+		if (error == 0)
+			td->td_retval[0] = rval;
+		return (error);
 
 	case SVR4_IPC_SET:
 		cmd = IPC_SET;
 		error = copyin(uap->arg.buf, (caddr_t) &ss, sizeof ss);
                 if (error)
-                        return error;
+                        return (error);
                 svr4_to_bsd_semid_ds(&ss, &bs);
 		semun.buf = &bs;
-		return kern_semctl(td, uap->semid, uap->semnum, cmd, &semun,
-		    UIO_SYSSPACE);
+		return (kern_semctl(td, uap->semid, uap->semnum, cmd, &semun,
+		    td->td_retval));
 
 	case SVR4_IPC_RMID:
 		cmd = IPC_RMID;
@@ -268,8 +272,8 @@ svr4_semctl(td, v)
 		return EINVAL;
 	}
 
-	return kern_semctl(td, uap->semid, uap->semnum, cmd, &uap->arg,
-	    UIO_USERSPACE);
+	return (kern_semctl(td, uap->semid, uap->semnum, cmd, &uap->arg,
+	    td->td_retval));
 }
 
 struct svr4_sys_semget_args {
-- 
cgit v1.1