From 3d0a9300050ad9a72d452ec862827e35e3f38dcc Mon Sep 17 00:00:00 2001
From: Rahat Mahmood <rahat@google.com>
Date: Fri, 23 Jul 2021 13:34:24 -0700
Subject: Don't panic on user-controlled state in semaphore syscalls.

Reported-by: syzbot+beb099a67f670386a367@syzkaller.appspotmail.com
PiperOrigin-RevId: 386521361
---
 test/syscalls/linux/semaphore.cc | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'test')

diff --git a/test/syscalls/linux/semaphore.cc b/test/syscalls/linux/semaphore.cc
index f72957f89..87b66aa98 100644
--- a/test/syscalls/linux/semaphore.cc
+++ b/test/syscalls/linux/semaphore.cc
@@ -1019,6 +1019,17 @@ TEST(SemaphoreTest, SemInfo) {
   EXPECT_EQ(info.semvmx, kSemVmx);
 }
 
+TEST(SempahoreTest, RemoveNonExistentSemaphore) {
+  EXPECT_THAT(semctl(-1, 0, IPC_RMID), SyscallFailsWithErrno(EINVAL));
+}
+
+TEST(SempahoreTest, RemoveDeletedSemaphore) {
+  int id;
+  EXPECT_THAT(id = semget(IPC_PRIVATE, 1, 0), SyscallSucceeds());
+  EXPECT_THAT(semctl(id, 0, IPC_RMID), SyscallSucceeds());
+  EXPECT_THAT(semctl(id, 0, IPC_RMID), SyscallFailsWithErrno(EINVAL));
+}
+
 }  // namespace
 }  // namespace testing
 }  // namespace gvisor
-- 
cgit v1.2.3