kern/50475: sys_issetugid is missing locking

[dholland%netbsd.org@localhost]

>Number:         50475
>Category:       kern
>Synopsis:       sys_issetugid is missing locking
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 26 03:00:00 +0000 2015
>Originator:     David A. Holland
>Release:        NetBSD 7.99.21 (20151118)
>Organization:
>Environment:
System: NetBSD valkyrie 7.99.1 NetBSD 7.99.1 (VALKYRIE) #17: Wed Oct 14 03:21:03 EDT 2015  dholland@valkyrie:/usr/src/sys/arch/amd64/compile/VALKYRIE amd64
Architecture: x86_64
Machine: amd64
>Description:

   sys_issetugid() reads curproc->p_flag without taking any locks, but
   sys/proc.h says p_flag is supposed to be protected by p_lock.

   Granted reading ints is atomic on normal platforms, but it's wrong,
   and also other code is entitled to assume that it can temporarily
   leave invalid values in p_flag while it holds p_lock.

   If the behavior of sys_issetugid() is intended, it should be
   documented in proc.h.

>How-To-Repeat:
   code inspection
>Fix:
   Take the mutex in sys_issetugid(); the cost of doing so in a call
   that's not on anything's critical path isn't worth stressing about.

   Alternatively, update the locking documentation in sys/proc.h.
   Preferably also find other similar cases at the same time.

   Hopefully, don't spend a week arguing about locking overhead.