From 92e5c3777e09a6fcc69672aaaa92e078e302ccb5 Mon Sep 17 00:00:00 2001
From: kib <kib@FreeBSD.org>
Date: Thu, 15 Jan 2009 12:15:46 +0000
Subject: [PATCH] Lock the semaphore identifier lock during semaphore
 initialization to guarantee atomicity of the operation for other semaphore
 consumers. In particular, this should guard against access to the semaphore
 with not done or partially done MAC label assignment.

Reviewed by:	rwatson
MFC after:	1 month
---
 sys/kern/sysv_sem.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c
index 46a307f4f29d..0112a042088c 100644
--- a/sys/kern/sysv_sem.c
+++ b/sys/kern/sysv_sem.c
@@ -914,6 +914,9 @@ semget(struct thread *td, struct semget_args *uap)
 			goto done2;
 		}
 		DPRINTF(("semid %d is available\n", semid));
+		mtx_lock(&sema_mtx[semid]);
+		KASSERT((sema[semid].u.sem_perm.mode & SEM_ALLOC) == 0,
+		    ("Lost semaphore %d", semid));
 		sema[semid].u.sem_perm.key = key;
 		sema[semid].u.sem_perm.cuid = cred->cr_uid;
 		sema[semid].u.sem_perm.uid = cred->cr_uid;
@@ -932,6 +935,7 @@ semget(struct thread *td, struct semget_args *uap)
 #ifdef MAC
 		mac_sysvsem_create(cred, &sema[semid]);
 #endif
+		mtx_unlock(&sema_mtx[semid]);
 		DPRINTF(("sembase = %p, next = %p\n",
 		    sema[semid].u.sem_base, &sem[semtot]));
 	} else {