Tue Jul 21 00:23:01 2009 UTC ()

Pull up following revision(s) (requested by rmind in ticket #857):
	sys/kern/sys_mqueue.c: revision 1.21 via patch
mq_send/mq_receive: while permission may allow that, return EBADF if sending
to read-only queue, or receiving from write-only queue.
From Stathis Kamperis, thanks!


(snj)

diff -r1.12.4.3 -r1.12.4.4 src/sys/kern/sys_mqueue.c

--- src/sys/kern/sys_mqueue.c 2009/05/27 21:32:05	1.12.4.3
+++ src/sys/kern/sys_mqueue.c 2009/07/21 00:23:01	1.12.4.4

 @@ -1,14 +1,14 @@
-/*	$NetBSD: sys_mqueue.c,v 1.12.4.3 2009/05/27 21:32:05 snj Exp $	*/
+/*	$NetBSD: sys_mqueue.c,v 1.12.4.4 2009/07/21 00:23:01 snj Exp $	*/
 /*
  * Copyright (c) 2007, 2008 Mindaugas Rasiukevicius <rmind at NetBSD org>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -32,27 +32,27 @@
+ *
  * Locking
+ *
  * Global list of message queues (mqueue_head) and proc_t::p_mqueue_cnt
  * counter are protected by mqlist_mtx lock.  The very message queue and
  * its members are protected by mqueue::mq_mtx.
+ *
  * Lock order:
  * 	mqlist_mtx
  * 	  -> mqueue::mq_mtx
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.12.4.3 2009/05/27 21:32:05 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.12.4.4 2009/07/21 00:23:01 snj Exp $");
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/condvar.h>
 #include <sys/errno.h>
 #include <sys/fcntl.h>
 #include <sys/file.h>
 #include <sys/filedesc.h>
 #include <sys/kauth.h>
 #include <sys/kernel.h>
 #include <sys/kmem.h>
 #include <sys/lwp.h>
 #include <sys/mqueue.h>
 @@ -472,29 +472,34 @@ sys_mq_close(struct lwp *l, const struct
  * Primary mq_receive1() function.
  */
 static int
 mq_receive1(struct lwp *l, mqd_t mqdes, void *msg_ptr, size_t msg_len,
     unsigned *msg_prio, int t, ssize_t *mlen)
+{
 	file_t *fp = NULL;
 	struct mqueue *mq;
 	struct mq_msg *msg = NULL;
 	int error;
 	/* Get the message queue */
 	error = mqueue_get(mqdes, &fp);
-	if (error)
+	if (error) {
 		return error;
+	}
 	mq = fp->f_data;
 	if ((fp->f_flag & FREAD) == 0) {
 		error = EBADF;
 		goto error;
+	}
 	/* Check the message size limits */
 	if (msg_len < mq->mq_attrib.mq_msgsize) {
 		error = EMSGSIZE;
 		goto error;
+	}
 	/* Check if queue is empty */
 	while (TAILQ_EMPTY(&mq->mq_head)) {
 		if (mq->mq_attrib.mq_flags & O_NONBLOCK) {
 			error = EAGAIN;
 			goto error;
+		}
 @@ -632,26 +637,30 @@ mq_send1(struct lwp *l, mqd_t mqdes, con
 		mqueue_freemsg(msg, size);
 		return error;
+	}
 	msg->msg_len = msg_len;
 	msg->msg_prio = msg_prio;
 	/* Get the mqueue */
 	error = mqueue_get(mqdes, &fp);
 	if (error) {
 		mqueue_freemsg(msg, size);
 		return error;
+	}
 	mq = fp->f_data;
 	if ((fp->f_flag & FWRITE) == 0) {
 		error = EBADF;
 		goto error;
+	}
 	/* Check the message size limit */
 	if (msg_len <= 0 || msg_len > mq->mq_attrib.mq_msgsize) {
 		error = EMSGSIZE;
 		goto error;
+	}
 	/* Check if queue is full */
 	while (mq->mq_attrib.mq_curmsgs >= mq->mq_attrib.mq_maxmsg) {
 		if (mq->mq_attrib.mq_flags & O_NONBLOCK) {
 			error = EAGAIN;
 			goto error;
+		}