Date: 13 Dec 2002 18:26:12 -0000 From: Joe Kelsey <joek@zircon.staff.flyingcroc.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/46239: posix semaphore implementation errors Message-ID: <20021213182612.73922.qmail@zircon.staff.flyingcroc.net>
next in thread | raw e-mail | index | archive | help
>Number: 46239 >Category: kern >Synopsis: posix semaphore implementation errors >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 13 10:30:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Joe Kelsey >Release: FreeBSD 5.0 >Organization: >Environment: System: FreeBSD zircon.staff.flyingcroc.net 4.7-STABLE FreeBSD 4.7-STABLE #4: Mon Dec 2 10:11:39 PST 2002 joek@zircon.staff.flyingcroc.net:/usr/obj/usr/src/sys/ZIRCON i386 >Description: The new posix semaphore implementation in 5.0 has potential standards problems. >How-To-Repeat: By inspection of code. Looking at src/lib/libc/sys/sem.c: sem_t * sem_open(const char *name, int oflag, ...) { sem_t *sem; sem_t s; semid_t semid; mode_t mode; unsigned int value; mode = 0; value = 0; if ((oflag & O_CREAT) != 0) { va_list ap; va_start(ap, oflag); mode = va_arg(ap, int); value = va_arg(ap, unsigned int); va_end(ap); } /* * we can be lazy and let the kernel handle the "oflag", * we'll just merge duplicate IDs into our list. */ if (ksem_open(&semid, name, oflag, mode, value) == -1) return (SEM_FAILED); ... This clearly simply passes the name parameter to ksem_open. We then examine src/sys/kern/uipc_sem.c: static int sem_create(td, name, ksret, mode, value) struct thread *td; const char *name; struct ksem **ksret; mode_t mode; unsigned int value; { struct ksem *ret; struct proc *p; struct ucred *uc; size_t len; int error; DP(("sem_create\n")); p = td->td_proc; uc = p->p_ucred; if (value > SEM_VALUE_MAX) return (EINVAL); ret = malloc(sizeof(*ret), M_SEM, M_WAITOK | M_ZERO); if (name != NULL) { len = strlen(name); if (len > SEM_MAX_NAMELEN) { free(ret, M_SEM); return (ENAMETOOLONG); } /* name must start with a '/' but not contain one. */ if (*name != '/' || len < 2 || index(name + 1, '/') != NULL) { free(ret, M_SEM); return (EINVAL); } ret->ks_name = malloc(len + 1, M_SEM, M_WAITOK); strcpy(ret->ks_name, name); ... It appears that names are restricted to a fixed length (SEM_MAX_NAMELEN, manifestly 14) and *must* start with '/' and not contain '/'. This is in direct violation of the POSIX standard which says that the implementation must distinguish between names beginning or not beginning with '/', but otherwise the names must conform to pathname standards. The semaphore implementation should allow arbitrary pathnames as semaphore names. In the future, the implementation should create empty files to stand-in for semaphores and coordinate with the file system code somehow. For now, simply allowing longer semaphore names and not bothering with the whole '/' checking should suffice for POSIX. >Fix: Remove the SEM_MAX_NAMELEN check. Remove the whole '/' checking stuff. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021213182612.73922.qmail>