]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/sysv_shm.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-792.18.15.tar.gz
[apple/xnu.git] / bsd / kern / sysv_shm.c
CommitLineData
1c79356b 1/*
5d5c5d0d
A		 2 * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
3 *
8f6c56a5 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
1c79356b 5 *
8f6c56a5
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
8ad349bb 24 * limitations under the License.
8f6c56a5
A		 25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
1c79356b
A		 27 */
28/* $NetBSD: sysv_shm.c,v 1.23 1994/07/04 23:25:12 glass Exp $ */
29
30/*
31 * Copyright (c) 1994 Adam Glass and Charles Hannum. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. All advertising materials mentioning features or use of this software
42 * must display the following acknowledgement:
43 * This product includes software developed by Adam Glass and Charles
44 * Hannum.
45 * 4. The names of the authors may not be used to endorse or promote products
46 * derived from this software without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
49 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
50 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
51 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
52 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
53 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
54 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
55 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
56 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
57 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
58 */
59
60
9bccf70c 61#include <sys/appleapiopts.h>
1c79356b
A		 62#include <sys/param.h>
63#include <sys/systm.h>
64#include <sys/kernel.h>
91447636
A		 65#include <sys/shm_internal.h>
66#include <sys/proc_internal.h>
67#include <sys/kauth.h>
1c79356b
A		 68#include <sys/malloc.h>
69#include <sys/mman.h>
70#include <sys/stat.h>
9bccf70c 71#include <sys/sysctl.h>
91447636
A		 72#include <sys/ipcs.h>
73#include <sys/sysent.h>
74#include <sys/sysproto.h>
e5568f75
A		 75
76#include <bsm/audit_kernel.h>
1c79356b
A		 77
78#include <mach/mach_types.h>
79#include <mach/vm_inherit.h>
91447636
A		 80#include <mach/vm_map.h>
81
82#include <mach/mach_vm.h>
83
1c79356b 84#include <vm/vm_map.h>
91447636
A		 85#include <vm/vm_shared_memory_server.h>
86#include <vm/vm_protos.h>
1c79356b 87
91447636 88#include <kern/locks.h>
1c79356b 89
91447636 90static void shminit(void *);
1c79356b 91#if 0
1c79356b
A		 92SYSINIT(sysv_shm, SI_SUB_SYSV_SHM, SI_ORDER_FIRST, shminit, NULL)
93#endif 0
94
91447636
A		 95static lck_grp_t *sysv_shm_subsys_lck_grp;
96static lck_grp_attr_t *sysv_shm_subsys_lck_grp_attr;
97static lck_attr_t *sysv_shm_subsys_lck_attr;
98static lck_mtx_t sysv_shm_subsys_mutex;
1c79356b 99
91447636
A		 100#define SYSV_SHM_SUBSYS_LOCK() lck_mtx_lock(&sysv_shm_subsys_mutex)
101#define SYSV_SHM_SUBSYS_UNLOCK() lck_mtx_unlock(&sysv_shm_subsys_mutex)
102
103static int oshmctl(void *p, void *uap, void *retval);
104static int shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, int * retval);
105static int shmget_existing(struct shmget_args *uap, int mode, int segnum, int * retval);
106static void shmid_ds_64to32(struct user_shmid_ds *in, struct shmid_ds *out);
107static void shmid_ds_32to64(struct shmid_ds *in, struct user_shmid_ds *out);
1c79356b
A		 108
109/* XXX casting to (sy_call_t *) is bogus, as usual. */
110static sy_call_t *shmcalls[] = {
111 (sy_call_t *)shmat, (sy_call_t *)oshmctl,
112 (sy_call_t *)shmdt, (sy_call_t *)shmget,
113 (sy_call_t *)shmctl
114};
115
116#define SHMSEG_FREE 0x0200
117#define SHMSEG_REMOVED 0x0400
118#define SHMSEG_ALLOCATED 0x0800
119#define SHMSEG_WANTED 0x1000
120
121static int shm_last_free, shm_nused, shm_committed;
91447636 122struct user_shmid_ds *shmsegs; /* 64 bit version */
9bccf70c 123static int shm_inited = 0;
1c79356b
A		 124
125struct shm_handle {
91447636 126 void * shm_object; /* vm_offset_t kva; */
1c79356b
A		 127};
128
129struct shmmap_state {
91447636
A		 130 mach_vm_address_t va; /* user address */
131 int shmid; /* segment id */
1c79356b
A		 132};
133
91447636
A		 134static void shm_deallocate_segment(struct user_shmid_ds *);
135static int shm_find_segment_by_key(key_t);
136static struct user_shmid_ds *shm_find_segment_by_shmid(int);
137static int shm_delete_mapping(struct proc *, struct shmmap_state *, int);
1c79356b 138
9bccf70c
A		 139#ifdef __APPLE_API_PRIVATE
140struct shminfo shminfo = {
141 -1, /* SHMMAX 4096 *1024 */
142 -1, /* SHMMIN = 1 */
143 -1, /* SHMMNI = 1 */
144 -1, /* SHMSEG = 8 */
145 -1 /* SHMALL = 1024 */
146};
147#endif /* __APPLE_API_PRIVATE */
148
91447636
A		 149void sysv_shm_lock_init(void);
150
151static __inline__ time_t
152sysv_shmtime(void)
153{
154 struct timeval tv;
155 microtime(&tv);
156 return (tv.tv_sec);
157}
158
159/*
160 * This conversion is safe, since if we are converting for a 32 bit process,
161 * then it's value of (struct shmid_ds)->shm_segsz will never exceed 4G.
162 *
163 * NOTE: Source and target may *NOT* overlap! (target is smaller)
164 */
165static void
166shmid_ds_64to32(struct user_shmid_ds *in, struct shmid_ds *out)
167{
168 out->shm_perm = in->shm_perm;
169 out->shm_segsz = (size_t)in->shm_segsz;
170 out->shm_lpid = in->shm_lpid;
171 out->shm_cpid = in->shm_cpid;
172 out->shm_nattch = in->shm_nattch;
173 out->shm_atime = in->shm_atime;
174 out->shm_dtime = in->shm_dtime;
175 out->shm_ctime = in->shm_ctime;
176 out->shm_internal = CAST_DOWN(void *,in->shm_internal);
177}
178
179/*
180 * NOTE: Source and target may are permitted to overlap! (source is smaller);
181 * this works because we copy fields in order from the end of the struct to
182 * the beginning.
183 */
184static void
185shmid_ds_32to64(struct shmid_ds *in, struct user_shmid_ds *out)
186{
187 out->shm_internal = CAST_USER_ADDR_T(in->shm_internal);
188 out->shm_ctime = in->shm_ctime;
189 out->shm_dtime = in->shm_dtime;
190 out->shm_atime = in->shm_atime;
191 out->shm_nattch = in->shm_nattch;
192 out->shm_cpid = in->shm_cpid;
193 out->shm_lpid = in->shm_lpid;
194 out->shm_segsz = (user_size_t)in->shm_segsz;
195 out->shm_perm = in->shm_perm;
196}
197
198
1c79356b 199static int
91447636 200shm_find_segment_by_key(key_t key)
1c79356b
A		 201{
202 int i;
203
204 for (i = 0; i < shminfo.shmmni; i++)
205 if ((shmsegs[i].shm_perm.mode & SHMSEG_ALLOCATED) &&
206 shmsegs[i].shm_perm.key == key)
207 return i;
208 return -1;
209}
210
91447636
A		 211static struct user_shmid_ds *
212shm_find_segment_by_shmid(int shmid)
1c79356b
A		 213{
214 int segnum;
91447636 215 struct user_shmid_ds *shmseg;
1c79356b
A		 216
217 segnum = IPCID_TO_IX(shmid);
218 if (segnum < 0 || segnum >= shminfo.shmmni)
219 return NULL;
220 shmseg = &shmsegs[segnum];
221 if ((shmseg->shm_perm.mode & (SHMSEG_ALLOCATED | SHMSEG_REMOVED))
222 != SHMSEG_ALLOCATED ||
223 shmseg->shm_perm.seq != IPCID_TO_SEQ(shmid))
224 return NULL;
225 return shmseg;
226}
227
228static void
91447636 229shm_deallocate_segment(struct user_shmid_ds *shmseg)
1c79356b
A		 230{
231 struct shm_handle *shm_handle;
91447636 232 mach_vm_size_t size;
1c79356b 233
91447636
A		 234 shm_handle = CAST_DOWN(void *,shmseg->shm_internal); /* tunnel */
235 size = mach_vm_round_page(shmseg->shm_segsz);
236 mach_memory_entry_port_release(shm_handle->shm_object);
237 shm_handle->shm_object = NULL;
1c79356b 238 FREE((caddr_t)shm_handle, M_SHM);
91447636 239 shmseg->shm_internal = USER_ADDR_NULL; /* tunnel */
1c79356b
A		 240 shm_committed -= btoc(size);
241 shm_nused--;
242 shmseg->shm_perm.mode = SHMSEG_FREE;
243}
244
245static int
91447636
A		 246shm_delete_mapping(__unused struct proc *p, struct shmmap_state *shmmap_s,
247 int deallocate)
1c79356b 248{
91447636 249 struct user_shmid_ds *shmseg;
1c79356b 250 int segnum, result;
91447636 251 mach_vm_size_t size;
1c79356b
A		 252
253 segnum = IPCID_TO_IX(shmmap_s->shmid);
254 shmseg = &shmsegs[segnum];
91447636 255 size = mach_vm_round_page(shmseg->shm_segsz); /* XXX done for us? */
55e303ae 256 if (deallocate) {
91447636 257 result = mach_vm_deallocate(current_map(), shmmap_s->va, size);
1c79356b
A		 258 if (result != KERN_SUCCESS)
259 return EINVAL;
55e303ae 260 }
1c79356b 261 shmmap_s->shmid = -1;
91447636 262 shmseg->shm_dtime = sysv_shmtime();
1c79356b
A		 263 if ((--shmseg->shm_nattch <= 0) &&
264 (shmseg->shm_perm.mode & SHMSEG_REMOVED)) {
265 shm_deallocate_segment(shmseg);
266 shm_last_free = segnum;
267 }
268 return 0;
269}
270
1c79356b 271int
91447636 272shmdt(struct proc *p, struct shmdt_args *uap, register_t *retval)
1c79356b
A		 273{
274 struct shmmap_state *shmmap_s;
275 int i;
91447636
A		 276 int shmdtret = 0;
277
278 // LP64todo - fix this
279 AUDIT_ARG(svipc_addr, CAST_DOWN(void *,uap->shmaddr));
280
281 SYSV_SHM_SUBSYS_LOCK();
1c79356b 282
91447636
A		 283 if (!shm_inited) {
284 shmdtret = EINVAL;
285 goto shmdt_out;
286 }
1c79356b 287 shmmap_s = (struct shmmap_state *)p->vm_shm;
91447636
A		 288 if (shmmap_s == NULL) {
289 shmdtret = EINVAL;
290 goto shmdt_out;
291 }
292
1c79356b
A		 293 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
294 if (shmmap_s->shmid != -1 &&
91447636 295 shmmap_s->va == (mach_vm_offset_t)uap->shmaddr)
1c79356b 296 break;
91447636
A		 297 if (i == shminfo.shmseg) {
298 shmdtret = EINVAL;
299 goto shmdt_out;
300 }
301 i = shm_delete_mapping(p, shmmap_s, 1);
302
303 if (i == 0)
304 *retval = 0;
305 shmdtret = i;
306shmdt_out:
307 SYSV_SHM_SUBSYS_UNLOCK();
308 return shmdtret;
1c79356b
A		 309}
310
1c79356b 311int
91447636 312shmat(struct proc *p, struct shmat_args *uap, register_t *retval)
1c79356b
A		 313{
314 int error, i, flags;
91447636
A		 315 struct user_shmid_ds *shmseg;
316 struct shmmap_state *shmmap_s = NULL;
317 struct shm_handle *shm_handle;
318 mach_vm_address_t attach_va; /* attach address in/out */
319 mach_vm_size_t map_size; /* size of map entry */
320 vm_prot_t prot;
321 size_t size;
322 kern_return_t rv;
323 int shmat_ret = 0;
1c79356b 324
55e303ae 325 AUDIT_ARG(svipc_id, uap->shmid);
91447636
A		 326 // LP64todo - fix this
327 AUDIT_ARG(svipc_addr, CAST_DOWN(void *,uap->shmaddr));
328
329 SYSV_SHM_SUBSYS_LOCK();
330
331 if (!shm_inited) {
332 shmat_ret = EINVAL;
333 goto shmat_out;
334 }
335
1c79356b 336 shmmap_s = (struct shmmap_state *)p->vm_shm;
91447636 337
1c79356b
A		 338 if (shmmap_s == NULL) {
339 size = shminfo.shmseg * sizeof(struct shmmap_state);
91447636
A		 340 MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK);
341 if (shmmap_s == NULL) {
342 shmat_ret = ENOMEM;
343 goto shmat_out;
344 }
1c79356b
A		 345 for (i = 0; i < shminfo.shmseg; i++)
346 shmmap_s[i].shmid = -1;
347 p->vm_shm = (caddr_t)shmmap_s;
348 }
349 shmseg = shm_find_segment_by_shmid(uap->shmid);
91447636
A		 350 if (shmseg == NULL) {
351 shmat_ret = EINVAL;
352 goto shmat_out;
353 }
55e303ae
A		 354
355 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
91447636 356 error = ipcperm(kauth_cred_get(), &shmseg->shm_perm,
1c79356b 357 (uap->shmflg & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W);
91447636
A		 358 if (error) {
359 shmat_ret = error;
360 goto shmat_out;
361 }
362
1c79356b
A		 363 for (i = 0; i < shminfo.shmseg; i++) {
364 if (shmmap_s->shmid == -1)
365 break;
366 shmmap_s++;
367 }
91447636
A		 368 if (i >= shminfo.shmseg) {
369 shmat_ret = EMFILE;
370 goto shmat_out;
371 }
372
373 map_size = mach_vm_round_page(shmseg->shm_segsz);
1c79356b
A		 374 prot = VM_PROT_READ;
375 if ((uap->shmflg & SHM_RDONLY) == 0)
376 prot |= VM_PROT_WRITE;
377 flags = MAP_ANON | MAP_SHARED;
91447636 378 if (uap->shmaddr)
1c79356b 379 flags |= MAP_FIXED;
91447636
A		 380
381 attach_va = (mach_vm_address_t)uap->shmaddr;
382 if (uap->shmflg & SHM_RND)
383 attach_va &= ~(SHMLBA-1);
384 else if ((attach_va & (SHMLBA-1)) != 0) {
385 shmat_ret = EINVAL;
386 goto shmat_out;
387 }
388
389 shm_handle = CAST_DOWN(void *, shmseg->shm_internal); /* tunnel */
390
391 rv = mach_vm_map(current_map(), /* process map */
392 &attach_va, /* attach address */
393 map_size, /* segment size */
394 (mach_vm_offset_t)0, /* alignment mask */
395 (flags & MAP_FIXED)? VM_FLAGS_FIXED: VM_FLAGS_ANYWHERE,
396 shm_handle->shm_object,
397 (mach_vm_offset_t)0,
398 FALSE,
399 prot,
400 prot,
401 VM_INHERIT_DEFAULT);
1c79356b
A		 402 if (rv != KERN_SUCCESS)
403 goto out;
91447636
A		 404
405 rv = mach_vm_inherit(current_map(), attach_va, map_size, VM_INHERIT_SHARE);
1c79356b 406 if (rv != KERN_SUCCESS) {
91447636 407 (void)mach_vm_deallocate(current_map(), attach_va, map_size);
1c79356b
A		 408 goto out;
409 }
410
411 shmmap_s->va = attach_va;
412 shmmap_s->shmid = uap->shmid;
413 shmseg->shm_lpid = p->p_pid;
91447636 414 shmseg->shm_atime = sysv_shmtime();
1c79356b 415 shmseg->shm_nattch++;
91447636
A		 416 *retval = attach_va; /* XXX return -1 on error */
417 shmat_ret = 0;
418 goto shmat_out;
1c79356b
A		 419out:
420 switch (rv) {
421 case KERN_INVALID_ADDRESS:
422 case KERN_NO_SPACE:
91447636 423 shmat_ret = ENOMEM;
1c79356b 424 case KERN_PROTECTION_FAILURE:
91447636 425 shmat_ret = EACCES;
1c79356b 426 default:
91447636 427 shmat_ret = EINVAL;
1c79356b 428 }
91447636
A		 429shmat_out:
430 SYSV_SHM_SUBSYS_UNLOCK();
431 return shmat_ret;
1c79356b
A		 432}
433
1c79356b 434static int
91447636 435oshmctl(__unused void *p, __unused void *uap, __unused void *retval)
1c79356b 436{
1c79356b 437 return EINVAL;
1c79356b
A		 438}
439
1c79356b 440int
91447636 441shmctl(__unused struct proc *p, struct shmctl_args *uap, register_t *retval)
1c79356b
A		 442{
443 int error;
91447636
A		 444 kauth_cred_t cred = kauth_cred_get();
445 struct user_shmid_ds inbuf;
446 struct user_shmid_ds *shmseg;
447 size_t shmid_ds_sz = sizeof(struct user_shmid_ds);
448
449 int shmctl_ret = 0;
1c79356b 450
55e303ae
A		 451 AUDIT_ARG(svipc_cmd, uap->cmd);
452 AUDIT_ARG(svipc_id, uap->shmid);
91447636
A		 453
454 SYSV_SHM_SUBSYS_LOCK();
455
456 if (!shm_inited) {
457 shmctl_ret = EINVAL;
458 goto shmctl_out;
459 }
460
461 if (!IS_64BIT_PROCESS(p))
462 shmid_ds_sz = sizeof(struct shmid_ds);
463
1c79356b 464 shmseg = shm_find_segment_by_shmid(uap->shmid);
91447636
A		 465 if (shmseg == NULL) {
466 shmctl_ret = EINVAL;
467 goto shmctl_out;
468 }
469
55e303ae
A		 470 /* XXAUDIT: This is the perms BEFORE any change by this call. This
471 * may not be what is desired.
472 */
473 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
474
1c79356b
A		 475 switch (uap->cmd) {
476 case IPC_STAT:
477 error = ipcperm(cred, &shmseg->shm_perm, IPC_R);
91447636
A		 478 if (error) {
479 shmctl_ret = error;
480 goto shmctl_out;
481 }
482
483 if (IS_64BIT_PROCESS(p)) {
484 error = copyout(shmseg, uap->buf, sizeof(struct user_shmid_ds));
485 } else {
486 struct shmid_ds shmid_ds32;
487 shmid_ds_64to32(shmseg, &shmid_ds32);
488 error = copyout(&shmid_ds32, uap->buf, sizeof(struct shmid_ds));
489 }
490 if (error) {
491 shmctl_ret = error;
492 goto shmctl_out;
493 }
1c79356b
A		 494 break;
495 case IPC_SET:
496 error = ipcperm(cred, &shmseg->shm_perm, IPC_M);
91447636
A		 497 if (error) {
498 shmctl_ret = error;
499 goto shmctl_out;
500 }
501 if (IS_64BIT_PROCESS(p)) {
502 error = copyin(uap->buf, &inbuf, sizeof(struct user_shmid_ds));
503 } else {
504 error = copyin(uap->buf, &inbuf, sizeof(struct shmid_ds));
505 /* convert in place; ugly, but safe */
506 shmid_ds_32to64((struct shmid_ds *)&inbuf, &inbuf);
507 }
508 if (error) {
509 shmctl_ret = error;
510 goto shmctl_out;
511 }
1c79356b
A		 512 shmseg->shm_perm.uid = inbuf.shm_perm.uid;
513 shmseg->shm_perm.gid = inbuf.shm_perm.gid;
514 shmseg->shm_perm.mode =
515 (shmseg->shm_perm.mode & ~ACCESSPERMS) |
516 (inbuf.shm_perm.mode & ACCESSPERMS);
91447636 517 shmseg->shm_ctime = sysv_shmtime();
1c79356b
A		 518 break;
519 case IPC_RMID:
520 error = ipcperm(cred, &shmseg->shm_perm, IPC_M);
91447636
A		 521 if (error) {
522 shmctl_ret = error;
523 goto shmctl_out;
524 }
1c79356b
A		 525 shmseg->shm_perm.key = IPC_PRIVATE;
526 shmseg->shm_perm.mode |= SHMSEG_REMOVED;
527 if (shmseg->shm_nattch <= 0) {
528 shm_deallocate_segment(shmseg);
529 shm_last_free = IPCID_TO_IX(uap->shmid);
530 }
531 break;
532#if 0
533 case SHM_LOCK:
534 case SHM_UNLOCK:
535#endif
536 default:
91447636
A		 537 shmctl_ret = EINVAL;
538 goto shmctl_out;
1c79356b 539 }
91447636
A		 540 *retval = 0;
541 shmctl_ret = 0;
542shmctl_out:
543 SYSV_SHM_SUBSYS_UNLOCK();
544 return shmctl_ret;
1c79356b
A		 545}
546
1c79356b 547static int
91447636 548shmget_existing(struct shmget_args *uap, int mode, int segnum, int *retval)
1c79356b 549{
91447636 550 struct user_shmid_ds *shmseg;
1c79356b
A		 551 int error;
552
553 shmseg = &shmsegs[segnum];
554 if (shmseg->shm_perm.mode & SHMSEG_REMOVED) {
555 /*
556 * This segment is in the process of being allocated. Wait
557 * until it's done, and look the key up again (in case the
558 * allocation failed or it was freed).
559 */
560 shmseg->shm_perm.mode |= SHMSEG_WANTED;
561 error = tsleep((caddr_t)shmseg, PLOCK | PCATCH, "shmget", 0);
562 if (error)
563 return error;
564 return EAGAIN;
565 }
91447636 566 error = ipcperm(kauth_cred_get(), &shmseg->shm_perm, mode);
1c79356b
A		 567 if (error)
568 return error;
569 if (uap->size && uap->size > shmseg->shm_segsz)
570 return EINVAL;
571 if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
572 return EEXIST;
573 *retval = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
574 return 0;
575}
576
577static int
91447636
A		 578shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode,
579 int *retval)
1c79356b
A		 580{
581 int i, segnum, shmid, size;
91447636
A		 582 kauth_cred_t cred = kauth_cred_get();
583 struct user_shmid_ds *shmseg;
1c79356b
A		 584 struct shm_handle *shm_handle;
585 kern_return_t kret;
586 vm_offset_t user_addr;
587 void * mem_object;
588
91447636
A		 589 if (uap->size < (user_size_t)shminfo.shmmin ||
590 uap->size > (user_size_t)shminfo.shmmax)
1c79356b
A		 591 return EINVAL;
592 if (shm_nused >= shminfo.shmmni) /* any shmids left? */
593 return ENOSPC;
91447636 594 size = mach_vm_round_page(uap->size);
1c79356b
A		 595 if (shm_committed + btoc(size) > shminfo.shmall)
596 return ENOMEM;
597 if (shm_last_free < 0) {
598 for (i = 0; i < shminfo.shmmni; i++)
599 if (shmsegs[i].shm_perm.mode & SHMSEG_FREE)
600 break;
601 if (i == shminfo.shmmni)
602 panic("shmseg free count inconsistent");
603 segnum = i;
604 } else {
605 segnum = shm_last_free;
606 shm_last_free = -1;
607 }
608 shmseg = &shmsegs[segnum];
609 /*
610 * In case we sleep in malloc(), mark the segment present but deleted
611 * so that noone else tries to create the same key.
612 */
91447636 613 kret = vm_allocate(current_map(), &user_addr, size, VM_FLAGS_ANYWHERE);
1c79356b
A		 614 if (kret != KERN_SUCCESS)
615 goto out;
616
91447636
A		 617 kret = mach_make_memory_entry (current_map(), &size, user_addr,
618 VM_PROT_DEFAULT, (mem_entry_name_port_t *)&mem_object, 0);
1c79356b
A		 619
620 if (kret != KERN_SUCCESS)
621 goto out;
91447636
A		 622
623 vm_deallocate(current_map(), user_addr, size);
624
1c79356b
A		 625 shmseg->shm_perm.mode = SHMSEG_ALLOCATED | SHMSEG_REMOVED;
626 shmseg->shm_perm.key = uap->key;
627 shmseg->shm_perm.seq = (shmseg->shm_perm.seq + 1) & 0x7fff;
91447636
A		 628 MALLOC(shm_handle, struct shm_handle *, sizeof(struct shm_handle), M_SHM, M_WAITOK);
629 if (shm_handle == NULL) {
630 kret = KERN_NO_SPACE;
631 mach_memory_entry_port_release(mem_object);
632 mem_object = NULL;
633 goto out;
634 }
1c79356b
A		 635 shm_handle->shm_object = mem_object;
636 shmid = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
637
91447636
A		 638 shmseg->shm_internal = CAST_USER_ADDR_T(shm_handle); /* tunnel */
639 shmseg->shm_perm.cuid = shmseg->shm_perm.uid = kauth_cred_getuid(cred);
1c79356b
A		 640 shmseg->shm_perm.cgid = shmseg->shm_perm.gid = cred->cr_gid;
641 shmseg->shm_perm.mode = (shmseg->shm_perm.mode & SHMSEG_WANTED) |
642 (mode & ACCESSPERMS) | SHMSEG_ALLOCATED;
643 shmseg->shm_segsz = uap->size;
644 shmseg->shm_cpid = p->p_pid;
645 shmseg->shm_lpid = shmseg->shm_nattch = 0;
646 shmseg->shm_atime = shmseg->shm_dtime = 0;
91447636 647 shmseg->shm_ctime = sysv_shmtime();
1c79356b
A		 648 shm_committed += btoc(size);
649 shm_nused++;
55e303ae 650 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
1c79356b
A		 651 if (shmseg->shm_perm.mode & SHMSEG_WANTED) {
652 /*
653 * Somebody else wanted this key while we were asleep. Wake
654 * them up now.
655 */
656 shmseg->shm_perm.mode &= ~SHMSEG_WANTED;
657 wakeup((caddr_t)shmseg);
658 }
659 *retval = shmid;
55e303ae 660 AUDIT_ARG(svipc_id, shmid);
1c79356b
A		 661 return 0;
662out:
663 switch (kret) {
664 case KERN_INVALID_ADDRESS:
665 case KERN_NO_SPACE:
666 return (ENOMEM);
667 case KERN_PROTECTION_FAILURE:
668 return (EACCES);
669 default:
670 return (EINVAL);
671 }
672
673}
674
675int
91447636 676shmget(struct proc *p, struct shmget_args *uap, register_t *retval)
1c79356b
A		 677{
678 int segnum, mode, error;
91447636
A		 679 int shmget_ret = 0;
680
55e303ae 681 /* Auditing is actually done in shmget_allocate_segment() */
91447636
A		 682
683 SYSV_SHM_SUBSYS_LOCK();
684
685 if (!shm_inited) {
686 shmget_ret = EINVAL;
687 goto shmget_out;
688 }
9bccf70c 689
1c79356b
A		 690 mode = uap->shmflg & ACCESSPERMS;
691 if (uap->key != IPC_PRIVATE) {
692 again:
693 segnum = shm_find_segment_by_key(uap->key);
694 if (segnum >= 0) {
91447636 695 error = shmget_existing(uap, mode, segnum, retval);
1c79356b
A		 696 if (error == EAGAIN)
697 goto again;
91447636
A		 698 shmget_ret = error;
699 goto shmget_out;
700 }
701 if ((uap->shmflg & IPC_CREAT) == 0) {
702 shmget_ret = ENOENT;
703 goto shmget_out;
1c79356b 704 }
1c79356b 705 }
91447636
A		 706 shmget_ret = shmget_allocate_segment(p, uap, mode, retval);
707shmget_out:
708 SYSV_SHM_SUBSYS_UNLOCK();
709 return shmget_ret;
1c79356b
A		 710 /*NOTREACHED*/
711
712}
713
91447636 714/* XXX actually varargs. */
1c79356b 715int
91447636 716shmsys(struct proc *p, struct shmsys_args *uap, register_t *retval)
1c79356b
A		 717{
718
91447636 719 /* The routine that we are dispatching already does this */
9bccf70c 720
1c79356b
A		 721 if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0]))
722 return EINVAL;
723 return ((*shmcalls[uap->which])(p, &uap->a2, retval));
724}
725
91447636
A		 726/*
727 * Return 0 on success, 1 on failure.
728 */
729int
730shmfork(struct proc *p1, struct proc *p2)
1c79356b
A		 731{
732 struct shmmap_state *shmmap_s;
733 size_t size;
734 int i;
91447636 735 int shmfork_ret = 0;
1c79356b 736
91447636
A		 737 SYSV_SHM_SUBSYS_LOCK();
738
739 if (!shm_inited) {
740 shmfork_ret = 0;
741 goto shmfork_out;
742 }
743
1c79356b 744 size = shminfo.shmseg * sizeof(struct shmmap_state);
91447636
A		 745 MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK);
746 if (shmmap_s != NULL) {
747 bcopy((caddr_t)p1->vm_shm, (caddr_t)shmmap_s, size);
748 p2->vm_shm = (caddr_t)shmmap_s;
749 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
750 if (shmmap_s->shmid != -1)
751 shmsegs[IPCID_TO_IX(shmmap_s->shmid)].shm_nattch++;
752 shmfork_ret = 0;
753 goto shmfork_out;
754 }
755
756 shmfork_ret = 1; /* failed to copy to child - ENOMEM */
757shmfork_out:
758 SYSV_SHM_SUBSYS_UNLOCK();
759 return shmfork_ret;
1c79356b
A		 760}
761
762void
91447636 763shmexit(struct proc *p)
1c79356b
A		 764{
765 struct shmmap_state *shmmap_s;
766 int i;
767
768 shmmap_s = (struct shmmap_state *)p->vm_shm;
91447636
A		 769
770 SYSV_SHM_SUBSYS_LOCK();
1c79356b
A		 771 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
772 if (shmmap_s->shmid != -1)
55e303ae
A		 773 shm_delete_mapping(p, shmmap_s, 1);
774 FREE((caddr_t)p->vm_shm, M_SHM);
775 p->vm_shm = NULL;
91447636 776 SYSV_SHM_SUBSYS_UNLOCK();
55e303ae
A		 777}
778
779/*
780 * shmexec() is like shmexit(), only it doesn't delete the mappings,
781 * since the old address space has already been destroyed and the new
782 * one instantiated. Instead, it just does the housekeeping work we
783 * need to do to keep the System V shared memory subsystem sane.
784 */
785__private_extern__ void
91447636 786shmexec(struct proc *p)
55e303ae
A		 787{
788 struct shmmap_state *shmmap_s;
789 int i;
790
791 shmmap_s = (struct shmmap_state *)p->vm_shm;
91447636 792 SYSV_SHM_SUBSYS_LOCK();
55e303ae
A		 793 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
794 if (shmmap_s->shmid != -1)
795 shm_delete_mapping(p, shmmap_s, 0);
1c79356b
A		 796 FREE((caddr_t)p->vm_shm, M_SHM);
797 p->vm_shm = NULL;
91447636 798 SYSV_SHM_SUBSYS_UNLOCK();
1c79356b
A		 799}
800
801void
91447636 802shminit(__unused void *dummy)
1c79356b
A		 803{
804 int i;
805 int s;
806
9bccf70c 807 if (!shm_inited) {
91447636
A		 808 /*
809 * we store internally 64 bit, since if we didn't, we would
810 * be unable to represent a segment size in excess of 32 bits
811 * with the (struct shmid_ds)->shm_segsz field; also, POSIX
812 * dictates this filed be a size_t, which is 64 bits when
813 * running 64 bit binaries.
814 */
815 s = sizeof(struct user_shmid_ds) * shminfo.shmmni;
9bccf70c 816
91447636
A		 817 MALLOC(shmsegs, struct user_shmid_ds *, s, M_SHM, M_WAITOK);
818 if (shmsegs == NULL) {
819 /* XXX fail safely: leave shared memory uninited */
820 return;
821 }
9bccf70c
A		 822 for (i = 0; i < shminfo.shmmni; i++) {
823 shmsegs[i].shm_perm.mode = SHMSEG_FREE;
824 shmsegs[i].shm_perm.seq = 0;
825 }
826 shm_last_free = 0;
827 shm_nused = 0;
828 shm_committed = 0;
829 shm_inited = 1;
830 }
831}
91447636
A		 832/* Initialize the mutex governing access to the SysV shm subsystem */
833__private_extern__ void
834sysv_shm_lock_init( void )
835{
836
837 sysv_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init();
91447636
A		 838
839 sysv_shm_subsys_lck_grp = lck_grp_alloc_init("sysv_shm_subsys_lock", sysv_shm_subsys_lck_grp_attr);
840
841 sysv_shm_subsys_lck_attr = lck_attr_alloc_init();
91447636
A		 842 lck_mtx_init(&sysv_shm_subsys_mutex, sysv_shm_subsys_lck_grp, sysv_shm_subsys_lck_attr);
843}
9bccf70c
A		 844
845/* (struct sysctl_oid *oidp, void *arg1, int arg2, \
846 struct sysctl_req *req) */
847static int
91447636
A		 848sysctl_shminfo(__unused struct sysctl_oid *oidp, void *arg1,
849 __unused int arg2, struct sysctl_req *req)
9bccf70c
A		 850{
851 int error = 0;
91447636 852 int sysctl_shminfo_ret = 0;
9bccf70c 853
89b3af67 854 error = SYSCTL_OUT(req, arg1, sizeof(int64_t));
91447636 855 if (error || req->newptr == USER_ADDR_NULL)
9bccf70c 856 return(error);
1c79356b 857
91447636 858 SYSV_SHM_SUBSYS_LOCK();
9bccf70c
A		 859 /* Set the values only if shared memory is not initialised */
860 if (!shm_inited) {
89b3af67 861 if ((error = SYSCTL_IN(req, arg1, sizeof(int64_t)))
91447636
A		 862 != 0) {
863 sysctl_shminfo_ret = error;
864 goto sysctl_shminfo_out;
865 }
866
9bccf70c 867 if (arg1 == &shminfo.shmmax) {
91447636 868 if (shminfo.shmmax & PAGE_MASK_64) {
89b3af67 869 shminfo.shmmax = (int64_t)-1;
91447636
A		 870 sysctl_shminfo_ret = EINVAL;
871 goto sysctl_shminfo_out;
9bccf70c
A		 872 }
873 }
874
875 /* Initialize only when all values are set */
89b3af67
A		 876 if ((shminfo.shmmax != (int64_t)-1) &&
877 (shminfo.shmmin != (int64_t)-1) &&
878 (shminfo.shmmni != (int64_t)-1) &&
879 (shminfo.shmseg != (int64_t)-1) &&
880 (shminfo.shmall != (int64_t)-1)) {
55e303ae 881 shminit(NULL);
9bccf70c 882 }
1c79356b 883 }
91447636
A		 884 sysctl_shminfo_ret = 0;
885sysctl_shminfo_out:
886 SYSV_SHM_SUBSYS_UNLOCK();
887 return sysctl_shminfo_ret;
888}
889
890static int
891IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1,
892 __unused int arg2, struct sysctl_req *req)
893{
894 int error;
895 int cursor;
896 union {
897 struct IPCS_command u32;
898 struct user_IPCS_command u64;
899 } ipcs;
900 struct shmid_ds shmid_ds32; /* post conversion, 32 bit version */
901 void *shmid_dsp;
902 size_t ipcs_sz = sizeof(struct user_IPCS_command);
903 size_t shmid_ds_sz = sizeof(struct user_shmid_ds);
904 struct proc *p = current_proc();
905
906 int ipcs__shminfo_ret = 0;
907
908 SYSV_SHM_SUBSYS_LOCK();
909
910 if (!shm_inited) {
911 error = EINVAL;
912 goto ipcs_shm_sysctl_out;
913 }
914
915 if (!IS_64BIT_PROCESS(p)) {
916 ipcs_sz = sizeof(struct IPCS_command);
917 shmid_ds_sz = sizeof(struct shmid_ds);
918 }
919
920 /* Copy in the command structure */
921 if ((error = SYSCTL_IN(req, &ipcs, ipcs_sz)) != 0) {
922 goto ipcs_shm_sysctl_out;
923 }
924
925 if (!IS_64BIT_PROCESS(p)) /* convert in place */
926 ipcs.u64.ipcs_data = CAST_USER_ADDR_T(ipcs.u32.ipcs_data);
927
928 /* Let us version this interface... */
929 if (ipcs.u64.ipcs_magic != IPCS_MAGIC) {
930 error = EINVAL;
931 goto ipcs_shm_sysctl_out;
932 }
933
934 switch(ipcs.u64.ipcs_op) {
935 case IPCS_SHM_CONF: /* Obtain global configuration data */
936 if (ipcs.u64.ipcs_datalen != sizeof(struct shminfo)) {
937 if (ipcs.u64.ipcs_cursor != 0) { /* fwd. compat. */
938 error = ENOMEM;
939 break;
940 }
941 error = ERANGE;
942 break;
943 }
944 error = copyout(&shminfo, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen);
945 break;
946
947 case IPCS_SHM_ITER: /* Iterate over existing segments */
948 cursor = ipcs.u64.ipcs_cursor;
949 if (cursor < 0 || cursor >= shminfo.shmmni) {
950 error = ERANGE;
951 break;
952 }
953 if (ipcs.u64.ipcs_datalen != (int)shmid_ds_sz) {
954 error = ENOMEM;
955 break;
956 }
957 for( ; cursor < shminfo.shmmni; cursor++) {
958 if (shmsegs[cursor].shm_perm.mode & SHMSEG_ALLOCATED)
959 break;
960 continue;
961 }
962 if (cursor == shminfo.shmmni) {
963 error = ENOENT;
964 break;
965 }
966
967 shmid_dsp = &shmsegs[cursor]; /* default: 64 bit */
968
969 /*
970 * If necessary, convert the 64 bit kernel segment
971 * descriptor to a 32 bit user one.
972 */
973 if (!IS_64BIT_PROCESS(p)) {
974 shmid_ds_64to32(shmid_dsp, &shmid_ds32);
975 shmid_dsp = &shmid_ds32;
976 }
977 error = copyout(shmid_dsp, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen);
978 if (!error) {
979 /* update cursor */
980 ipcs.u64.ipcs_cursor = cursor + 1;
981
982 if (!IS_64BIT_PROCESS(p)) /* convert in place */
983 ipcs.u32.ipcs_data = CAST_DOWN(void *,ipcs.u64.ipcs_data);
984 error = SYSCTL_OUT(req, &ipcs, ipcs_sz);
985 }
986 break;
987
988 default:
989 error = EINVAL;
990 break;
991 }
992ipcs_shm_sysctl_out:
993 SYSV_SHM_SUBSYS_UNLOCK();
994 return(error);
1c79356b 995}
9bccf70c
A		 996
997SYSCTL_NODE(_kern, KERN_SYSV, sysv, CTLFLAG_RW, 0, "SYSV");
998
91447636
A		 999SYSCTL_PROC(_kern_sysv, KSYSV_SHMMAX, shmmax, CTLTYPE_QUAD | CTLFLAG_RW,
1000 &shminfo.shmmax, 0, &sysctl_shminfo ,"Q","shmmax");
9bccf70c 1001
91447636
A		 1002SYSCTL_PROC(_kern_sysv, KSYSV_SHMMIN, shmmin, CTLTYPE_QUAD | CTLFLAG_RW,
1003 &shminfo.shmmin, 0, &sysctl_shminfo ,"Q","shmmin");
9bccf70c 1004
91447636
A		 1005SYSCTL_PROC(_kern_sysv, KSYSV_SHMMNI, shmmni, CTLTYPE_QUAD | CTLFLAG_RW,
1006 &shminfo.shmmni, 0, &sysctl_shminfo ,"Q","shmmni");
9bccf70c 1007
91447636
A		 1008SYSCTL_PROC(_kern_sysv, KSYSV_SHMSEG, shmseg, CTLTYPE_QUAD | CTLFLAG_RW,
1009 &shminfo.shmseg, 0, &sysctl_shminfo ,"Q","shmseg");
9bccf70c 1010
91447636
A		 1011SYSCTL_PROC(_kern_sysv, KSYSV_SHMALL, shmall, CTLTYPE_QUAD | CTLFLAG_RW,
1012 &shminfo.shmall, 0, &sysctl_shminfo ,"Q","shmall");
9bccf70c 1013
91447636 1014SYSCTL_NODE(_kern_sysv, OID_AUTO, ipcs, CTLFLAG_RW, 0, "SYSVIPCS");
9bccf70c 1015
91447636
A		 1016SYSCTL_PROC(_kern_sysv_ipcs, OID_AUTO, shm, CTLFLAG_RW|CTLFLAG_ANYBODY,
1017 0, 0, IPCS_shm_sysctl,
1018 "S,IPCS_shm_command",
1019 "ipcs shm command interface");
mirror of XNU