- Use td_ucred for jail checks.

- Move jail checks and some other checks involving constants and stack
  variables out from under Giant.  This isn't perfectly safe atm because
  jail_sysvipc_allowed is read w/o a lock meaning that its value could be
  stale.  This global variable will soon become a per-jail flag, however,
  at which time it will either not need a lock or will use the prison lock.

sys/kern/sysv_msg.c

@@ -288,17 +288,12 @@ msgsys(td, uap)
 {
 	int error;
 
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
+	if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0]))
+		return (EINVAL);
 	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
-	if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0])) {
-		error = EINVAL;
-		goto done2;
-	}
 	error = (*msgcalls[uap->which])(td, &uap->a2);
-done2:
 	mtx_unlock(&Giant);
 	return (error);
 }
@@ -353,12 +348,10 @@ msgctl(td, uap)
 #ifdef MSG_DEBUG_OK
 	printf("call to msgctl(%d, %d, 0x%x)\n", msqid, cmd, user_msqptr);
 #endif
-	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 
+	mtx_lock(&Giant);
 	msqid = IPCID_TO_IX(msqid);
 
 	if (msqid < 0 || msqid >= msginfo.msgmni) {
@@ -498,19 +491,17 @@ msgget(td, uap)
 	int msqid, error = 0;
 	int key = uap->key;
 	int msgflg = uap->msgflg;
-	struct ucred *cred = td->td_proc->p_ucred;
+	struct ucred *cred = td->td_ucred;
 	register struct msqid_ds *msqptr = NULL;
 
 #ifdef MSG_DEBUG_OK
 	printf("msgget(0x%x, 0%o)\n", key, msgflg);
 #endif
 
-	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 
+	mtx_lock(&Giant);
 	if (key != IPC_PRIVATE) {
 		for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
 			msqptr = &msqids[msqid];
@@ -630,12 +621,10 @@ msgsnd(td, uap)
 	printf("call to msgsnd(%d, 0x%x, %d, %d)\n", msqid, user_msgp, msgsz,
 	    msgflg);
 #endif
-	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 
+	mtx_lock(&Giant);
 	msqid = IPCID_TO_IX(msqid);
 
 	if (msqid < 0 || msqid >= msginfo.msgmni) {
@@ -974,12 +963,10 @@ msgrcv(td, uap)
 	    msgsz, msgtyp, msgflg);
 #endif
 
-	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 
+	mtx_lock(&Giant);
 	msqid = IPCID_TO_IX(msqid);
 
 	if (msqid < 0 || msqid >= msginfo.msgmni) {

sys/kern/sysv_sem.c

@@ -261,17 +261,12 @@ semsys(td, uap)
 {
 	int error;
 
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
+	if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0]))
+		return (EINVAL);
 	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
-	if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0])) {
-		error = EINVAL;
-		goto done2;
-	}
 	error = (*semcalls[uap->which])(td, &uap->a2);
-done2:
 	mtx_unlock(&Giant);
 	return (error);
 }
@@ -485,12 +480,10 @@ __semctl(td, uap)
 #ifdef SEM_DEBUG
 	printf("call to semctl(%d, %d, %d, 0x%x)\n", semid, semnum, cmd, arg);
 #endif
-	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 
+	mtx_lock(&Giant);
 	switch(cmd) {
 	case SEM_STAT:
 		if (semid < 0 || semid >= seminfo.semmsl)
@@ -693,17 +686,15 @@ semget(td, uap)
 	int key = uap->key;
 	int nsems = uap->nsems;
 	int semflg = uap->semflg;
-	struct ucred *cred = td->td_proc->p_ucred;
+	struct ucred *cred = td->td_ucred;
 
 #ifdef SEM_DEBUG
 	printf("semget(0x%x, %d, 0%o)\n", key, nsems, semflg);
 #endif
-	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 
+	mtx_lock(&Giant);
 	if (key != IPC_PRIVATE) {
 		for (semid = 0; semid < seminfo.semmni; semid++) {
 			if ((sema[semid].sem_perm.mode & SEM_ALLOC) &&
@@ -834,12 +825,10 @@ semop(td, uap)
 	printf("call to semop(%d, 0x%x, %u)\n", semid, sops, nsops);
 #endif
 
-	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 
+	mtx_lock(&Giant);
 	semid = IPCID_TO_IX(semid);	/* Convert back to zero origin */
 
 	if (semid < 0 || semid >= seminfo.semmsl) {

sys/kern/sysv_shm.c

@@ -260,11 +260,9 @@ shmdt(td, uap)
 	int i;
 	int error = 0;
 
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(p->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
 	shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm;
  	if (shmmap_s == NULL) {
 		error = EINVAL;
@@ -313,11 +311,9 @@ shmat(td, uap)
 	int rv;
 	int error = 0;
 
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(p->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
 	shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm;
 	if (shmmap_s == NULL) {
 		size = shminfo.shmseg * sizeof(struct shmmap_state);
@@ -425,11 +421,9 @@ oshmctl(td, uap)
 	struct shmid_ds *shmseg;
 	struct oshmid_ds outbuf;
 
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
 	shmseg = shm_find_segment_by_shmid(uap->shmid);
 	if (shmseg == NULL) {
 		error = EINVAL;
@@ -486,11 +480,9 @@ shmctl(td, uap)
 	struct shmid_ds inbuf;
 	struct shmid_ds *shmseg;
 
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
 	switch (uap->cmd) {
 	case IPC_INFO:
 		error = copyout( (caddr_t)&shminfo, uap->buf, sizeof( shminfo ) );
@@ -706,11 +698,9 @@ shmget(td, uap)
 	int segnum, mode;
 	int error;
 
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
 	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
 	mode = uap->shmflg & ACCESSPERMS;
 	if (uap->key != IPC_PRIVATE) {
 	again:
@@ -748,17 +738,12 @@ shmsys(td, uap)
 {
 	int error;
 
+	if (!jail_sysvipc_allowed && jailed(td->td_ucred))
+		return (ENOSYS);
+	if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0]))
+		return (EINVAL);
 	mtx_lock(&Giant);
-	if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) {
-		error = ENOSYS;
-		goto done2;
-	}
-	if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0])) {
-		error = EINVAL;
-		goto done2;
-	}
 	error = (*shmcalls[uap->which])(td, &uap->a2);
-done2:
 	mtx_unlock(&Giant);
 	return (error);
 }