From f00fb5457ebf5907055e420d803ac67fb098109e Mon Sep 17 00:00:00 2001
From: Jilles Tjoelker <jilles@FreeBSD.org>
Date: Sun, 7 Feb 2016 22:12:39 +0000
Subject: [PATCH] semget(): Check for [EEXIST] error first.

Although POSIX literally permits failing with [EINVAL] if IPC_CREAT and
IPC_EXCL were both passed, the semaphore set already exists and has fewer
semaphores than nsems, this does not allow an application to retry safely:
if the [EINVAL] is actually because of the semmsl limit, an infinite loop
would result.

PR:		206927
---
 sys/kern/sysv_sem.c                | 10 +++++-----
 tools/regression/sysvsem/semtest.c |  9 +++++++++
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c
index d9324f46d0df..22616b988d88 100644
--- a/sys/kern/sysv_sem.c
+++ b/sys/kern/sysv_sem.c
@@ -867,6 +867,11 @@ sys_semget(struct thread *td, struct semget_args *uap)
 		}
 		if (semid < seminfo.semmni) {
 			DPRINTF(("found public key\n"));
+			if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) {
+				DPRINTF(("not exclusive\n"));
+				error = EEXIST;
+				goto done2;
+			}
 			if ((error = ipcperm(td, &sema[semid].u.sem_perm,
 			    semflg & 0700))) {
 				goto done2;
@@ -876,11 +881,6 @@ sys_semget(struct thread *td, struct semget_args *uap)
 				error = EINVAL;
 				goto done2;
 			}
-			if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) {
-				DPRINTF(("not exclusive\n"));
-				error = EEXIST;
-				goto done2;
-			}
 #ifdef MAC
 			error = mac_sysvsem_check_semget(cred, &sema[semid]);
 			if (error != 0)
diff --git a/tools/regression/sysvsem/semtest.c b/tools/regression/sysvsem/semtest.c
index 8a997d0bf6a4..39c416403c63 100644
--- a/tools/regression/sysvsem/semtest.c
+++ b/tools/regression/sysvsem/semtest.c
@@ -152,6 +152,15 @@ main(int argc, char *argv[])
 
 	print_semid_ds(&s_ds, 0600);
 
+	errno = 0;
+	if (semget(semkey, 1, IPC_CREAT | IPC_EXCL | 0600) != -1 ||
+	    errno != EEXIST)
+		err(1, "semget IPC_EXCL 1 did not fail with [EEXIST]");
+	errno = 0;
+	if (semget(semkey, 2, IPC_CREAT | IPC_EXCL | 0600) != -1 ||
+	    errno != EEXIST)
+		err(1, "semget IPC_EXCL 2 did not fail with [EEXIST]");
+
 	for (child_count = 0; child_count < 5; child_count++) {
 		switch ((child_pid = fork())) {
 		case -1: