From a84c51f26258270ff7c0a1176f948c52ccaca8f5 Mon Sep 17 00:00:00 2001
From: jilles <jilles@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Sat, 9 Apr 2016 13:32:42 +0000
Subject: [PATCH] MFC r295385: semget(): Check for [EEXIST] error first.

Although POSIX literally permits failing with [EINVAL] if IPC_CREAT and
IPC_EXCL were both passed, the semaphore set already exists and has fewer
semaphores than nsems, this does not allow an application to retry safely:
if the [EINVAL] is actually because of the semmsl limit, an infinite loop
would result.

PR:		206927


git-svn-id: svn://svn.freebsd.org/base/stable/10@297747 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/kern/sysv_sem.c                | 10 +++++-----
 tools/regression/sysvsem/semtest.c |  9 +++++++++
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c
index 441cbfcd5..4337d4dbb 100644
--- a/sys/kern/sysv_sem.c
+++ b/sys/kern/sysv_sem.c
@@ -877,6 +877,11 @@ sys_semget(struct thread *td, struct semget_args *uap)
 		}
 		if (semid < seminfo.semmni) {
 			DPRINTF(("found public key\n"));
+			if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) {
+				DPRINTF(("not exclusive\n"));
+				error = EEXIST;
+				goto done2;
+			}
 			if ((error = ipcperm(td, &sema[semid].u.sem_perm,
 			    semflg & 0700))) {
 				goto done2;
@@ -886,11 +891,6 @@ sys_semget(struct thread *td, struct semget_args *uap)
 				error = EINVAL;
 				goto done2;
 			}
-			if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) {
-				DPRINTF(("not exclusive\n"));
-				error = EEXIST;
-				goto done2;
-			}
 #ifdef MAC
 			error = mac_sysvsem_check_semget(cred, &sema[semid]);
 			if (error != 0)
diff --git a/tools/regression/sysvsem/semtest.c b/tools/regression/sysvsem/semtest.c
index 8a997d0bf..39c416403 100644
--- a/tools/regression/sysvsem/semtest.c
+++ b/tools/regression/sysvsem/semtest.c
@@ -152,6 +152,15 @@ main(int argc, char *argv[])
 
 	print_semid_ds(&s_ds, 0600);
 
+	errno = 0;
+	if (semget(semkey, 1, IPC_CREAT | IPC_EXCL | 0600) != -1 ||
+	    errno != EEXIST)
+		err(1, "semget IPC_EXCL 1 did not fail with [EEXIST]");
+	errno = 0;
+	if (semget(semkey, 2, IPC_CREAT | IPC_EXCL | 0600) != -1 ||
+	    errno != EEXIST)
+		err(1, "semget IPC_EXCL 2 did not fail with [EEXIST]");
+
 	for (child_count = 0; child_count < 5; child_count++) {
 		switch ((child_pid = fork())) {
 		case -1:
-- 
2.45.0