From nobody@FreeBSD.org  Fri Apr  6 21:06:43 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 225C81065672
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  6 Apr 2012 21:06:43 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 0CB7F8FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  6 Apr 2012 21:06:43 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q36L6g0O067778
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 6 Apr 2012 21:06:42 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q36L6gDC067777;
	Fri, 6 Apr 2012 21:06:42 GMT
	(envelope-from nobody)
Message-Id: <201204062106.q36L6gDC067777@red.freebsd.org>
Date: Fri, 6 Apr 2012 21:06:42 GMT
From: Ion Gaztaaga <igaztanaga@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: sem_open incorrectly returns the already opened named semaphore handle when O_EXCL is used
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         166706
>Category:       kern
>Synopsis:       [libc] sem_open(3) incorrectly returns the already opened named semaphore handle when O_EXCL is used [regression]
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    jilles
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 06 21:10:01 UTC 2012
>Closed-Date:    Fri May 04 20:49:11 UTC 2012
>Last-Modified:  Fri May  4 20:50:08 UTC 2012
>Originator:     Ion Gaztaaga
>Release:        9.0 RELEASE
>Organization:
>Environment:
FreeBSD pcbsd-5366 9.0 RELEASE FreeBSD 9.0 RELEASE (...) PCBSD amd64
>Description:
POSIX states that if O_EXCL and O_CREAT are set, sem_open() fails if the
semaphore name exists, even if the semaphore was already opened by the
current process. The following test case shows the problem:

#include <semaphore.h>
#include <fcntl.h>
#include <stdio.h>

#include <semaphore.h>
#include <fcntl.h>
#include <stdio.h>

int main()
{
   sem_t *sem1, *sem2;
   sem_unlink("/testsem");
   sem1 = sem_open("/testsem", O_CREAT|O_EXCL, 0644, 1);
   if(sem1 == SEM_FAILED){
      return 1;
   }
   
   sem2 = sem_open("/testsem", O_CREAT|O_EXCL, 0644, 1);
   if(sem2 != SEM_FAILED){
      printf("ERROR: semaphore already created O_EXCL should fail\n");
      sem_close(sem2);
      sem_unlink("/testsem");      
      return 1;
   }
   printf("OK: semaphore already created, O_EXCL has failed\n");
   sem_close(sem1);
   sem_unlink("/testsem");
   return 0;
}

In FreeBSD 9 the test fails, whereas in FreeBSD 8 (FreeBSD pcbsd-4080
8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2  (...) PCBSD i386) the test passes.

>How-To-Repeat:
Run the test case
>Fix:


>Release-Note:
>Audit-Trail:

From: Jilles Tjoelker <jilles@stack.nl>
To: bug-followup@FreeBSD.org, davidxu@freebsd.org
Cc: igaztanaga@gmail.com
Subject: Re: kern/166706: [libc] sem_open(3) incorrectly returns the already
 opened named semaphore handle when O_EXCL is used [regression]
Date: Sun, 8 Apr 2012 19:26:39 +0200

 > [sem_new.c may return success with O_CREAT|O_EXCL if the semaphore
 > already exists]
 
 The code in sem_new.c will happily add another reference to an already
 open semaphore, even if O_CREAT|O_EXCL were specified.
 
 The below patch fixes this by adding an extra check. It makes the
 submitter's test program pass again on head.
 
 What do you think?
 
 Index: lib/libc/gen/sem_new.c
 ===================================================================
 --- lib/libc/gen/sem_new.c	(revision 233702)
 +++ lib/libc/gen/sem_new.c	(working copy)
 @@ -162,10 +162,16 @@
  	_pthread_mutex_lock(&sem_llock);
  	LIST_FOREACH(ni, &sem_list, next) {
  		if (strcmp(name, ni->name) == 0) {
 -			ni->open_count++;
 -			sem = ni->sem;
 -			_pthread_mutex_unlock(&sem_llock);
 -			return (sem);
 +			if ((flags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL)) {
 +				_pthread_mutex_unlock(&sem_llock);
 +				errno = EEXIST;
 +				return (SEM_FAILED);
 +			} else {
 +				ni->open_count++;
 +				sem = ni->sem;
 +				_pthread_mutex_unlock(&sem_llock);
 +				return (sem);
 +			}
  		}
  	}
  
 
 -- 
 Jilles Tjoelker

From: David Xu <listlog2011@gmail.com>
To: Jilles Tjoelker <jilles@stack.nl>
Cc: bug-followup@FreeBSD.org, davidxu@FreeBSD.org, igaztanaga@gmail.com
Subject: Re: kern/166706: [libc] sem_open(3) incorrectly returns the already
 opened named semaphore handle when O_EXCL is used [regression]
Date: Mon, 09 Apr 2012 07:49:37 +0800

 On 2012/4/9 1:26, Jilles Tjoelker wrote:
 >> [sem_new.c may return success with O_CREAT|O_EXCL if the semaphore
 >> already exists]
 > The code in sem_new.c will happily add another reference to an already
 > open semaphore, even if O_CREAT|O_EXCL were specified.
 >
 > The below patch fixes this by adding an extra check. It makes the
 > submitter's test program pass again on head.
 >
 > What do you think?
 >
 > Index: lib/libc/gen/sem_new.c
 > ===================================================================
 > --- lib/libc/gen/sem_new.c	(revision 233702)
 > +++ lib/libc/gen/sem_new.c	(working copy)
 > @@ -162,10 +162,16 @@
 >   	_pthread_mutex_lock(&sem_llock);
 >   	LIST_FOREACH(ni,&sem_list, next) {
 >   		if (strcmp(name, ni->name) == 0) {
 > -			ni->open_count++;
 > -			sem = ni->sem;
 > -			_pthread_mutex_unlock(&sem_llock);
 > -			return (sem);
 > +			if ((flags&  (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL)) {
 > +				_pthread_mutex_unlock(&sem_llock);
 > +				errno = EEXIST;
 > +				return (SEM_FAILED);
 > +			} else {
 > +				ni->open_count++;
 > +				sem = ni->sem;
 > +				_pthread_mutex_unlock(&sem_llock);
 > +				return (sem);
 > +			}
 >   		}
 >   	}
 >
 The patch looks fine to me.
 
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/166706: commit references a PR
Date: Mon,  9 Apr 2012 14:17:32 +0000 (UTC)

 Author: jilles
 Date: Mon Apr  9 14:17:22 2012
 New Revision: 234057
 URL: http://svn.freebsd.org/changeset/base/234057
 
 Log:
   sem_open: Make sure to fail an O_CREAT|O_EXCL open, even if that semaphore
   is already open in this process.
   
   If the named semaphore is already open, sem_open() only increments a
   reference count and did not take the flags into account (which otherwise
   happens by passing them to open()). Add an extra check for O_CREAT|O_EXCL.
   
   PR:		kern/166706
   Reviewed by:	davidxu
   MFC after:	10 days
 
 Modified:
   head/lib/libc/gen/sem_new.c
 
 Modified: head/lib/libc/gen/sem_new.c
 ==============================================================================
 --- head/lib/libc/gen/sem_new.c	Mon Apr  9 14:16:24 2012	(r234056)
 +++ head/lib/libc/gen/sem_new.c	Mon Apr  9 14:17:22 2012	(r234057)
 @@ -162,10 +162,16 @@ _sem_open(const char *name, int flags, .
  	_pthread_mutex_lock(&sem_llock);
  	LIST_FOREACH(ni, &sem_list, next) {
  		if (strcmp(name, ni->name) == 0) {
 -			ni->open_count++;
 -			sem = ni->sem;
 -			_pthread_mutex_unlock(&sem_llock);
 -			return (sem);
 +			if ((flags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL)) {
 +				_pthread_mutex_unlock(&sem_llock);
 +				errno = EEXIST;
 +				return (SEM_FAILED);
 +			} else {
 +				ni->open_count++;
 +				sem = ni->sem;
 +				_pthread_mutex_unlock(&sem_llock);
 +				return (sem);
 +			}
  		}
  	}
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: jilles 
State-Changed-When: Mon Apr 9 14:33:51 UTC 2012 
State-Changed-Why:  
Fixed in 10-current. 


Responsible-Changed-From-To: freebsd-bugs->jilles 
Responsible-Changed-By: jilles 
Responsible-Changed-When: Mon Apr 9 14:33:51 UTC 2012 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166706 
State-Changed-From-To: patched->closed 
State-Changed-By: jilles 
State-Changed-When: Fri May 4 20:48:23 UTC 2012 
State-Changed-Why:  
Fixed in 10-current and 9-stable. 
The incorrect code was not merged to earlier branches. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166706 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/166706: commit references a PR
Date: Fri,  4 May 2012 20:46:15 +0000 (UTC)

 Author: jilles
 Date: Fri May  4 20:45:53 2012
 New Revision: 235035
 URL: http://svn.freebsd.org/changeset/base/235035
 
 Log:
   MFC r234057: sem_open: Make sure to fail an O_CREAT|O_EXCL open, even if
   that semaphore is already open in this process.
   
   If the named semaphore is already open, sem_open() only increments a
   reference count and did not take the flags into account (which otherwise
   happens by passing them to open()). Add an extra check for O_CREAT|O_EXCL.
   
   PR:		kern/166706
 
 Modified:
   stable/9/lib/libc/gen/sem_new.c
 Directory Properties:
   stable/9/lib/libc/   (props changed)
 
 Modified: stable/9/lib/libc/gen/sem_new.c
 ==============================================================================
 --- stable/9/lib/libc/gen/sem_new.c	Fri May  4 20:31:27 2012	(r235034)
 +++ stable/9/lib/libc/gen/sem_new.c	Fri May  4 20:45:53 2012	(r235035)
 @@ -162,10 +162,16 @@ _sem_open(const char *name, int flags, .
  	_pthread_mutex_lock(&sem_llock);
  	LIST_FOREACH(ni, &sem_list, next) {
  		if (strcmp(name, ni->name) == 0) {
 -			ni->open_count++;
 -			sem = ni->sem;
 -			_pthread_mutex_unlock(&sem_llock);
 -			return (sem);
 +			if ((flags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL)) {
 +				_pthread_mutex_unlock(&sem_llock);
 +				errno = EEXIST;
 +				return (SEM_FAILED);
 +			} else {
 +				ni->open_count++;
 +				sem = ni->sem;
 +				_pthread_mutex_unlock(&sem_llock);
 +				return (sem);
 +			}
  		}
  	}
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
