Use copyin32(9) to atomically copy the futex from user space.

On !MULTIPROCESSOR kernels we still fall back on copyin(9), but that is
fine.  This will break m88k MULTIPROCESSOR kernels.

ok deraadt@, mpi@, visa@

1 files changed, 11 insertions, 4 deletions

diff --git a/sys/kern/sys_futex.c b/sys/kern/sys_futex.c
index 9d2af79da22..139468411f5 100644
--- a/sys/kern/sys_futex.c
+++ b/sys/kern/sys_futex.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sys_futex.c,v 1.2 2017/04/30 10:10:21 mpi Exp $ */
+/*	$OpenBSD: sys_futex.c,v 1.3 2017/05/27 16:42:41 kettenis Exp $ */
 
 /*
  * Copyright (c) 2016-2017 Martin Pieuchot
@@ -32,6 +32,15 @@
 #endif
 
 /*
+ * Atomicity is only needed on MULTIPROCESSOR kernels.  Fall back on
+ * copyin(9) until non-MULTIPROCESSOR architectures have a copyin32(9)
+ * implementation.
+ */
+#ifndef MULTIPROCESSOR
+#define copyin32(uaddr, kaddr)	copyin((uaddr), (kaddr), sizeof(uint32_t))
+#endif
+
+/*
  * Kernel representation of a futex.
  */
 struct futex {
@@ -187,10 +196,8 @@ futex_wait(uint32_t *uaddr, uint32_t val, const struct timespec *timeout)
 
 	/*
 	 * Read user space futex value
-	 *
-	 * XXX copyin(9) is not guaranteed to be atomic.
 	 */
-	if ((error = copyin(uaddr, &cval, sizeof(cval))))
+	if ((error = copyin32(uaddr, &cval)))
 		return error;
 
 	/* If the value changed, stop here. */