]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/posix_shm.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-4903.241.1.tar.gz
[apple/xnu.git] / bsd / kern / posix_shm.c
CommitLineData
1c79356b 1/*
2d21ac55 2 * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
5d5c5d0d 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
1c79356b 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
8f6c56a5 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A		 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A		 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
8f6c56a5 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
1c79356b
A		 27 */
28/*
29 * Copyright (c) 1990, 1996-1998 Apple Computer, Inc.
30 * All Rights Reserved.
31 */
32/*
9bccf70c 33 * posix_shm.c : Support for POSIX shared memory APIs
1c79356b
A		 34 *
35 * File: posix_shm.c
36 * Author: Ananthakrishna Ramesh
37 *
38 * HISTORY
39 * 2-Sep-1999 A.Ramesh
40 * Created for MacOSX
41 *
42 */
2d21ac55
A		 43/*
44 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
45 * support for mandatory and extensible security protections. This notice
46 * is included in support of clause 2.2 (b) of the Apple Public License,
47 * Version 2.0.
48 */
1c79356b
A		 49
50#include <sys/cdefs.h>
51#include <sys/param.h>
52#include <sys/systm.h>
53#include <sys/kernel.h>
91447636 54#include <sys/file_internal.h>
1c79356b
A		 55#include <sys/filedesc.h>
56#include <sys/stat.h>
91447636
A		 57#include <sys/proc_internal.h>
58#include <sys/kauth.h>
1c79356b
A		 59#include <sys/mount.h>
60#include <sys/namei.h>
61#include <sys/vnode.h>
2d21ac55 62#include <sys/vnode_internal.h>
1c79356b
A		 63#include <sys/ioctl.h>
64#include <sys/tty.h>
65#include <sys/malloc.h>
66#include <sys/mman.h>
91447636
A		 67#include <sys/stat.h>
68#include <sys/sysproto.h>
0c530ab8 69#include <sys/proc_info.h>
b0d623f7 70#include <security/audit/audit.h>
e5568f75 71
2d21ac55
A		 72#if CONFIG_MACF
73#include <security/mac_framework.h>
74#endif
75
1c79356b 76#include <mach/mach_types.h>
91447636
A		 77#include <mach/mach_vm.h>
78#include <mach/vm_map.h>
1c79356b
A		 79#include <mach/vm_prot.h>
80#include <mach/vm_inherit.h>
81#include <mach/kern_return.h>
82#include <mach/memory_object_control.h>
83
91447636
A		 84#include <vm/vm_map.h>
85#include <vm/vm_protos.h>
1c79356b 86
91447636 87#define f_flag f_fglob->fg_flag
39236c6e 88#define f_type f_fglob->fg_ops->fo_type
91447636
A		 89#define f_msgcount f_fglob->fg_msgcount
90#define f_cred f_fglob->fg_cred
91#define f_ops f_fglob->fg_ops
92#define f_offset f_fglob->fg_offset
93#define f_data f_fglob->fg_data
1c79356b
A		 94#define PSHMNAMLEN 31 /* maximum name segment length we bother with */
95
b0d623f7
A		 96struct pshmobj {
97 void * pshmo_memobject;
98 memory_object_size_t pshmo_size;
99 struct pshmobj * pshmo_next;
100};
101
1c79356b
A		 102struct pshminfo {
103 unsigned int pshm_flags;
104 unsigned int pshm_usecount;
105 off_t pshm_length;
106 mode_t pshm_mode;
107 uid_t pshm_uid;
108 gid_t pshm_gid;
109 char pshm_name[PSHMNAMLEN + 1]; /* segment name */
b0d623f7 110 struct pshmobj *pshm_memobjects;
1c79356b
A		 111#if DIAGNOSTIC
112 unsigned int pshm_readcount;
113 unsigned int pshm_writecount;
2d21ac55 114 proc_t pshm_proc;
1c79356b 115#endif /* DIAGNOSTIC */
2d21ac55 116 struct label* pshm_label;
1c79356b
A		 117};
118#define PSHMINFO_NULL (struct pshminfo *)0
119
b0d623f7
A		 120#define PSHM_NONE 0x001
121#define PSHM_DEFINED 0x002
122#define PSHM_ALLOCATED 0x004
123#define PSHM_MAPPED 0x008
124#define PSHM_INUSE 0x010
125#define PSHM_REMOVED 0x020
126#define PSHM_INCREATE 0x040
127#define PSHM_INDELETE 0x080
128#define PSHM_ALLOCATING 0x100
1c79356b
A		 129
130struct pshmcache {
131 LIST_ENTRY(pshmcache) pshm_hash; /* hash chain */
132 struct pshminfo *pshminfo; /* vnode the name refers to */
133 int pshm_nlen; /* length of name */
134 char pshm_name[PSHMNAMLEN + 1]; /* segment name */
135};
136#define PSHMCACHE_NULL (struct pshmcache *)0
137
490019cf
A		 138#define PSHMCACHE_NOTFOUND (0)
139#define PSHMCACHE_FOUND (-1)
140#define PSHMCACHE_NEGATIVE (ENOENT)
141
1c79356b
A		 142struct pshmstats {
143 long goodhits; /* hits that we can really use */
144 long neghits; /* negative hits that we can use */
145 long badhits; /* hits we must drop */
146 long falsehits; /* hits with id mismatch */
147 long miss; /* misses */
148 long longnames; /* long names that ignore cache */
149};
150
151struct pshmname {
152 char *pshm_nameptr; /* pointer to looked up name */
153 long pshm_namelen; /* length of looked up component */
154 u_long pshm_hash; /* hash value of looked up name */
155};
156
157struct pshmnode {
91447636 158 off_t mapp_addr;
b0d623f7 159 user_size_t map_size; /* XXX unused ? */
1c79356b
A		 160 struct pshminfo *pinfo;
161 unsigned int pshm_usecount;
162#if DIAGNOSTIC
163 unsigned int readcnt;
164 unsigned int writecnt;
165#endif
166};
167#define PSHMNODE_NULL (struct pshmnode *)0
168
169
170#define PSHMHASH(pnp) \
171 (&pshmhashtbl[(pnp)->pshm_hash & pshmhash])
91447636 172
1c79356b
A		 173LIST_HEAD(pshmhashhead, pshmcache) *pshmhashtbl; /* Hash Table */
174u_long pshmhash; /* size of hash table - 1 */
175long pshmnument; /* number of cache entries allocated */
176struct pshmstats pshmstats; /* cache effectiveness statistics */
177
91447636 178static int pshm_read (struct fileproc *fp, struct uio *uio,
5ba3f43e 179 int flags, vfs_context_t ctx);
91447636 180static int pshm_write (struct fileproc *fp, struct uio *uio,
5ba3f43e 181 int flags, vfs_context_t ctx);
91447636 182static int pshm_ioctl (struct fileproc *fp, u_long com,
5ba3f43e 183 caddr_t data, vfs_context_t ctx);
2d21ac55 184static int pshm_select (struct fileproc *fp, int which, void *wql, vfs_context_t ctx);
6d2010ae 185static int pshm_close(struct pshminfo *pinfo, int dropref);
2d21ac55 186static int pshm_closefile (struct fileglob *fg, vfs_context_t ctx);
91447636 187
5ba3f43e
A		 188static int pshm_kqfilter(struct fileproc *fp, struct knote *kn,
189 struct kevent_internal_s *kev, vfs_context_t ctx);
91447636 190
2d21ac55 191int pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, proc_t p);
490019cf
A		 192int pshm_cache_purge_all(proc_t p);
193
91447636
A		 194static int pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *pcp);
195static void pshm_cache_delete(struct pshmcache *pcp);
91447636 196static int pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp,
6d2010ae 197 struct pshmcache **pcache, int addref);
490019cf 198static int pshm_unlink_internal(struct pshminfo *pinfo, struct pshmcache *pcache);
55e303ae 199
39236c6e 200static const struct fileops pshmops = {
39037602
A		 201 .fo_type = DTYPE_PSXSHM,
202 .fo_read = pshm_read,
203 .fo_write = pshm_write,
204 .fo_ioctl = pshm_ioctl,
205 .fo_select = pshm_select,
206 .fo_close = pshm_closefile,
207 .fo_kqfilter = pshm_kqfilter,
208 .fo_drain = NULL,
39236c6e 209};
91447636
A		 210
211static lck_grp_t *psx_shm_subsys_lck_grp;
212static lck_grp_attr_t *psx_shm_subsys_lck_grp_attr;
213static lck_attr_t *psx_shm_subsys_lck_attr;
214static lck_mtx_t psx_shm_subsys_mutex;
215
216#define PSHM_SUBSYS_LOCK() lck_mtx_lock(& psx_shm_subsys_mutex)
217#define PSHM_SUBSYS_UNLOCK() lck_mtx_unlock(& psx_shm_subsys_mutex)
39037602 218#define PSHM_SUBSYS_ASSERT_HELD() LCK_MTX_ASSERT(&psx_shm_subsys_mutex, LCK_MTX_ASSERT_OWNED)
91447636
A		 219
220
221/* Initialize the mutex governing access to the posix shm subsystem */
222__private_extern__ void
223pshm_lock_init( void )
224{
225
226 psx_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init();
91447636
A		 227
228 psx_shm_subsys_lck_grp = lck_grp_alloc_init("posix shared memory", psx_shm_subsys_lck_grp_attr);
229
230 psx_shm_subsys_lck_attr = lck_attr_alloc_init();
91447636
A		 231 lck_mtx_init(& psx_shm_subsys_mutex, psx_shm_subsys_lck_grp, psx_shm_subsys_lck_attr);
232}
1c79356b 233
1c79356b
A		 234/*
235 * Lookup an entry in the cache
236 *
237 *
238 * status of -1 is returned if matches
239 * If the lookup determines that the name does not exist
240 * (negative cacheing), a status of ENOENT is returned. If the lookup
241 * fails, a status of zero is returned.
242 */
243
91447636
A		 244static int
245pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp,
6d2010ae 246 struct pshmcache **pcache, int addref)
1c79356b 247{
91447636
A		 248 struct pshmcache *pcp, *nnp;
249 struct pshmhashhead *pcpp;
1c79356b
A		 250
251 if (pnp->pshm_namelen > PSHMNAMLEN) {
252 pshmstats.longnames++;
490019cf 253 return PSHMCACHE_NOTFOUND;
1c79356b
A		 254 }
255
256 pcpp = PSHMHASH(pnp);
257 for (pcp = pcpp->lh_first; pcp != 0; pcp = nnp) {
258 nnp = pcp->pshm_hash.le_next;
259 if (pcp->pshm_nlen == pnp->pshm_namelen &&
260 !bcmp(pcp->pshm_name, pnp->pshm_nameptr, (u_int)pcp-> pshm_nlen))
261 break;
262 }
263
264 if (pcp == 0) {
265 pshmstats.miss++;
490019cf 266 return PSHMCACHE_NOTFOUND;
1c79356b
A		 267 }
268
269 /* We found a "positive" match, return the vnode */
270 if (pcp->pshminfo) {
271 pshmstats.goodhits++;
272 /* TOUCH(ncp); */
273 *pshmp = pcp->pshminfo;
274 *pcache = pcp;
6d2010ae
A		 275 if (addref)
276 pcp->pshminfo->pshm_usecount++;
490019cf 277 return PSHMCACHE_FOUND;
1c79356b
A		 278 }
279
280 /*
281 * We found a "negative" match, ENOENT notifies client of this match.
1c79356b
A		 282 */
283 pshmstats.neghits++;
490019cf 284 return PSHMCACHE_NEGATIVE;
1c79356b
A		 285}
286
287/*
288 * Add an entry to the cache.
91447636 289 * XXX should be static?
1c79356b 290 */
91447636
A		 291static int
292pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *pcp)
1c79356b 293{
91447636 294 struct pshmhashhead *pcpp;
55e303ae
A		 295 struct pshminfo *dpinfo;
296 struct pshmcache *dpcp;
1c79356b
A		 297
298#if DIAGNOSTIC
2d21ac55 299 if (pnp->pshm_namelen > PSHMNAMLEN)
1c79356b
A		 300 panic("cache_enter: name too long");
301#endif
302
91447636 303
1c79356b 304 /* if the entry has already been added by some one else return */
490019cf
A		 305 if (pshm_cache_search(&dpinfo, pnp, &dpcp, 0) == PSHMCACHE_FOUND) {
306 return EEXIST;
1c79356b
A		 307 }
308 pshmnument++;
309
1c79356b
A		 310 /*
311 * Fill in cache info, if vp is NULL this is a "negative" cache entry.
1c79356b
A		 312 */
313 pcp->pshminfo = pshmp;
314 pcp->pshm_nlen = pnp->pshm_namelen;
315 bcopy(pnp->pshm_nameptr, pcp->pshm_name, (unsigned)pcp->pshm_nlen);
316 pcpp = PSHMHASH(pnp);
317#if DIAGNOSTIC
318 {
91447636 319 struct pshmcache *p;
1c79356b
A		 320
321 for (p = pcpp->lh_first; p != 0; p = p->pshm_hash.le_next)
322 if (p == pcp)
323 panic("cache_enter: duplicate");
324 }
325#endif
326 LIST_INSERT_HEAD(pcpp, pcp, pshm_hash);
490019cf 327 return 0;
1c79356b
A		 328}
329
330/*
331 * Name cache initialization, from vfs_init() when we are booting
332 */
333void
91447636 334pshm_cache_init(void)
1c79356b 335{
2d21ac55 336 pshmhashtbl = hashinit(desiredvnodes / 8, M_SHM, &pshmhash);
1c79356b
A		 337}
338
339/*
490019cf
A		 340 * Invalidate all entries and delete all objects associated with it. Entire
341 * non Kernel entries are going away. Just dump'em all
342 *
1c79356b
A		 343 * We actually just increment the v_id, that will do it. The entries will
344 * be purged by lookup as they get found. If the v_id wraps around, we
345 * need to ditch the entire cache, to avoid confusion. No valid vnode will
346 * ever have (v_id == 0).
347 */
490019cf
A		 348int
349pshm_cache_purge_all(__unused proc_t p)
1c79356b 350{
490019cf 351 struct pshmcache *pcp, *tmppcp;
1c79356b 352 struct pshmhashhead *pcpp;
490019cf
A		 353 int error = 0;
354
355 if (kauth_cred_issuser(kauth_cred_get()) == 0)
356 return EPERM;
1c79356b 357
490019cf 358 PSHM_SUBSYS_LOCK();
1c79356b 359 for (pcpp = &pshmhashtbl[pshmhash]; pcpp >= pshmhashtbl; pcpp--) {
490019cf
A		 360 LIST_FOREACH_SAFE(pcp, pcpp, pshm_hash, tmppcp) {
361 assert(pcp->pshm_nlen);
362 error = pshm_unlink_internal(pcp->pshminfo, pcp);
363 if (error)
364 goto out;
365 }
1c79356b 366 }
490019cf
A		 367 assert(pshmnument == 0);
368
369out:
370 PSHM_SUBSYS_UNLOCK();
371
372 if (error)
373 printf("%s: Error %d removing shm cache: %ld remain!\n",
374 __func__, error, pshmnument);
375 return error;
1c79356b
A		 376}
377
91447636
A		 378static void
379pshm_cache_delete(struct pshmcache *pcp)
1c79356b
A		 380{
381#if DIAGNOSTIC
382 if (pcp->pshm_hash.le_prev == 0)
383 panic("namecache purge le_prev");
384 if (pcp->pshm_hash.le_next == pcp)
385 panic("namecache purge le_next");
386#endif /* DIAGNOSTIC */
387 LIST_REMOVE(pcp, pshm_hash);
388 pcp->pshm_hash.le_prev = 0;
389 pshmnument--;
390}
391
392
1c79356b 393int
b0d623f7 394shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval)
1c79356b 395{
91447636 396 size_t i;
91447636 397 int indx, error;
1c79356b
A		 398 struct pshmname nd;
399 struct pshminfo *pinfo;
b0d623f7
A		 400 struct fileproc *fp = NULL;
401 char *pnbuf = NULL;
402 struct pshminfo *new_pinfo = PSHMINFO_NULL;
403 struct pshmnode *new_pnode = PSHMNODE_NULL;
404 struct pshmcache *pcache = PSHMCACHE_NULL; /* ignored on return */
1c79356b
A		 405 char * nameptr;
406 char * cp;
407 size_t pathlen, plen;
408 int fmode ;
409 int cmode = uap->mode;
410 int incache = 0;
b0d623f7 411 struct pshmcache *pcp = NULL;
1c79356b 412
e5568f75
A		 413 AUDIT_ARG(fflags, uap->oflag);
414 AUDIT_ARG(mode, uap->mode);
91447636 415
1c79356b
A		 416 pinfo = PSHMINFO_NULL;
417
b0d623f7
A		 418 /*
419 * Preallocate everything we might need up front to avoid taking
420 * and dropping the lock, opening us up to race conditions.
421 */
91447636
A		 422 MALLOC_ZONE(pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
423 if (pnbuf == NULL) {
b0d623f7
A		 424 error = ENOSPC;
425 goto bad;
91447636
A		 426 }
427
1c79356b 428 pathlen = MAXPATHLEN;
91447636 429 error = copyinstr(uap->name, (void *)pnbuf, MAXPATHLEN, &pathlen);
1c79356b
A		 430 if (error) {
431 goto bad;
432 }
e5568f75 433 AUDIT_ARG(text, pnbuf);
1c79356b
A		 434 if (pathlen > PSHMNAMLEN) {
435 error = ENAMETOOLONG;
436 goto bad;
437 }
1c79356b
A		 438#ifdef PSXSHM_NAME_RESTRICT
439 nameptr = pnbuf;
440 if (*nameptr == '/') {
441 while (*(nameptr++) == '/') {
442 plen--;
443 error = EINVAL;
444 goto bad;
445 }
2d21ac55 446 } else {
1c79356b
A		 447 error = EINVAL;
448 goto bad;
449 }
450#endif /* PSXSHM_NAME_RESTRICT */
451
452 plen = pathlen;
453 nameptr = pnbuf;
454 nd.pshm_nameptr = nameptr;
455 nd.pshm_namelen = plen;
456 nd. pshm_hash =0;
457
2d21ac55
A		 458 for (cp = nameptr, i=1; *cp != 0 && i <= plen; i++, cp++) {
459 nd.pshm_hash += (unsigned char)*cp * i;
1c79356b
A		 460 }
461
b0d623f7
A		 462 /*
463 * attempt to allocate a new fp; if unsuccessful, the fp will be
464 * left unmodified (NULL).
465 */
466 error = falloc(p, &fp, &indx, vfs_context_current());
467 if (error)
468 goto bad;
469
6d2010ae
A		 470 cmode &= ALLPERMS;
471
472 fmode = FFLAGS(uap->oflag);
473 if ((fmode & (FREAD | FWRITE)) == 0) {
474 error = EINVAL;
475 goto bad;
476 }
477
b0d623f7
A		 478 /*
479 * We allocate a new entry if we are less than the maximum
480 * allowed and the one at the front of the LRU list is in use.
481 * Otherwise we use the one at the front of the LRU list.
482 */
483 MALLOC(pcp, struct pshmcache *, sizeof(struct pshmcache), M_SHM, M_WAITOK|M_ZERO);
484 if (pcp == NULL) {
485 error = ENOSPC;
486 goto bad;
487 }
488
489 MALLOC(new_pinfo, struct pshminfo *, sizeof(struct pshminfo), M_SHM, M_WAITOK|M_ZERO);
490 if (new_pinfo == PSHMINFO_NULL) {
491 error = ENOSPC;
492 goto bad;
493 }
494#if CONFIG_MACF
495 mac_posixshm_label_init(new_pinfo);
496#endif
497
498 MALLOC(new_pnode, struct pshmnode *, sizeof(struct pshmnode), M_SHM, M_WAITOK|M_ZERO);
499 if (new_pnode == PSHMNODE_NULL) {
500 error = ENOSPC;
501 goto bad;
502 }
503
91447636 504 PSHM_SUBSYS_LOCK();
b0d623f7 505
6d2010ae
A		 506 /*
507 * If we find the entry in the cache, this will take a reference,
508 * allowing us to unlock it for the permissions check.
509 */
510 error = pshm_cache_search(&pinfo, &nd, &pcache, 1);
511
512 PSHM_SUBSYS_UNLOCK();
1c79356b 513
490019cf 514 if (error == PSHMCACHE_NEGATIVE) {
1c79356b 515 error = EINVAL;
6d2010ae 516 goto bad;
1c79356b 517 }
6d2010ae 518
490019cf 519 if (error == PSHMCACHE_NOTFOUND) {
1c79356b 520 incache = 0;
6d2010ae
A		 521 if (fmode & O_CREAT) {
522 /* create a new one (commit the allocation) */
523 pinfo = new_pinfo;
524 pinfo->pshm_flags = PSHM_DEFINED | PSHM_INCREATE;
525 pinfo->pshm_usecount = 1; /* existence reference */
526 pinfo->pshm_mode = cmode;
527 pinfo->pshm_uid = kauth_getuid();
528 pinfo->pshm_gid = kauth_getgid();
316670eb
A		 529 bcopy(pnbuf, &pinfo->pshm_name[0], pathlen);
530 pinfo->pshm_name[pathlen]=0;
6d2010ae
A		 531#if CONFIG_MACF
532 error = mac_posixshm_check_create(kauth_cred_get(), nameptr);
533 if (error) {
534 goto bad;
535 }
536 mac_posixshm_label_associate(kauth_cred_get(), pinfo, nameptr);
537#endif
538 }
539 } else {
1c79356b 540 incache = 1;
6d2010ae 541 if (fmode & O_CREAT) {
b0d623f7
A		 542 /* already exists */
543 if ((fmode & O_EXCL)) {
544 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid,
545 pinfo->pshm_gid,
546 pinfo->pshm_mode);
547
548 /* shm obj exists and opened O_EXCL */
549 error = EEXIST;
6d2010ae 550 goto bad;
b0d623f7
A		 551 }
552
553 if( pinfo->pshm_flags & PSHM_INDELETE) {
554 error = ENOENT;
6d2010ae 555 goto bad;
b0d623f7 556 }
e5568f75 557 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid,
2d21ac55 558 pinfo->pshm_gid, pinfo->pshm_mode);
b0d623f7 559#if CONFIG_MACF
316670eb 560 if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) {
6d2010ae 561 goto bad;
2d21ac55 562 }
b0d623f7
A		 563#endif
564 if ( (error = pshm_access(pinfo, fmode, kauth_cred_get(), p)) ) {
6d2010ae 565 goto bad;
2d21ac55 566 }
2d21ac55 567 }
6d2010ae
A		 568 }
569 if (!(fmode & O_CREAT)) {
1c79356b 570 if (!incache) {
b0d623f7 571 /* O_CREAT is not set and the object does not exist */
1c79356b 572 error = ENOENT;
6d2010ae 573 goto bad;
1c79356b
A		 574 }
575 if( pinfo->pshm_flags & PSHM_INDELETE) {
576 error = ENOENT;
6d2010ae 577 goto bad;
1c79356b 578 }
2d21ac55 579#if CONFIG_MACF
316670eb 580 if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) {
6d2010ae 581 goto bad;
2d21ac55
A		 582 }
583#endif
584
b0d623f7 585 if ((error = pshm_access(pinfo, fmode, kauth_cred_get(), p))) {
6d2010ae 586 goto bad;
91447636 587 }
1c79356b
A		 588 }
589 if (fmode & O_TRUNC) {
590 error = EINVAL;
6d2010ae 591 goto bad;
1c79356b 592 }
6d2010ae
A		 593
594
595 PSHM_SUBSYS_LOCK();
596
1c79356b
A		 597#if DIAGNOSTIC
598 if (fmode & FWRITE)
599 pinfo->pshm_writecount++;
600 if (fmode & FREAD)
601 pinfo->pshm_readcount++;
602#endif
1c79356b 603 if (!incache) {
b0d623f7 604 /* if successful, this will consume the pcp */
91447636 605 if ( (error = pshm_cache_add(pinfo, &nd, pcp)) ) {
b0d623f7 606 goto bad_locked;
1c79356b 607 }
6d2010ae
A		 608 /*
609 * add reference for the new entry; otherwise, we obtained
610 * one from the cache hit earlier.
611 */
612 pinfo->pshm_usecount++;
1c79356b
A		 613 }
614 pinfo->pshm_flags &= ~PSHM_INCREATE;
b0d623f7 615 new_pnode->pinfo = pinfo;
91447636
A		 616
617 PSHM_SUBSYS_UNLOCK();
b0d623f7
A		 618
619 /*
620 * if incache, we did not use the new pcp or new_pinfo and must
621 * free them
622 */
623 if (incache) {
624 FREE(pcp, M_SHM);
625
626 if (new_pinfo != PSHMINFO_NULL) {
627#if CONFIG_MACF
628 mac_posixshm_label_destroy(new_pinfo);
629#endif
630 FREE(new_pinfo, M_SHM);
631 }
632 }
633
91447636 634 proc_fdlock(p);
1c79356b 635 fp->f_flag = fmode & FMASK;
1c79356b 636 fp->f_ops = &pshmops;
b0d623f7 637 fp->f_data = (caddr_t)new_pnode;
2d21ac55 638 *fdflags(p, indx) |= UF_EXCLOSE;
6601e61a 639 procfdtbl_releasefd(p, indx, NULL);
91447636
A		 640 fp_drop(p, indx, fp, 1);
641 proc_fdunlock(p);
642
1c79356b 643 *retval = indx;
55e303ae 644 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI);
1c79356b 645 return (0);
2d21ac55 646
b0d623f7
A		 647bad_locked:
648 PSHM_SUBSYS_UNLOCK();
649bad:
6d2010ae
A		 650 /*
651 * If we obtained the entry from the cache, we need to drop the
652 * reference; holding the reference may have prevented unlinking,
653 * so we need to call pshm_close() to get the full effect.
654 */
655 if (incache) {
656 PSHM_SUBSYS_LOCK();
657 pshm_close(pinfo, 1);
658 PSHM_SUBSYS_UNLOCK();
659 }
660
b0d623f7
A		 661 if (pcp != NULL)
662 FREE(pcp, M_SHM);
663
664 if (new_pnode != PSHMNODE_NULL)
665 FREE(new_pnode, M_SHM);
666
667 if (fp != NULL)
668 fp_free(p, indx, fp);
669
670 if (new_pinfo != PSHMINFO_NULL) {
2d21ac55 671#if CONFIG_MACF
b0d623f7 672 mac_posixshm_label_destroy(new_pinfo);
2d21ac55 673#endif
b0d623f7 674 FREE(new_pinfo, M_SHM);
2d21ac55 675 }
b0d623f7
A		 676 if (pnbuf != NULL)
677 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI);
1c79356b
A		 678 return (error);
679}
680
681
1c79356b 682int
2d21ac55 683pshm_truncate(__unused proc_t p, struct fileproc *fp, __unused int fd,
b0d623f7 684 off_t length, __unused int32_t *retval)
1c79356b
A		 685{
686 struct pshminfo * pinfo;
687 struct pshmnode * pnode ;
688 kern_return_t kret;
91447636 689 mem_entry_name_port_t mem_object;
6d2010ae
A		 690 mach_vm_size_t total_size, alloc_size;
691 memory_object_size_t mosize;
b0d623f7 692 struct pshmobj *pshmobj, *pshmobj_next, **pshmobj_next_p;
39236c6e 693 vm_map_t user_map;
2d21ac55
A		 694#if CONFIG_MACF
695 int error;
696#endif
1c79356b 697
39236c6e
A		 698 user_map = current_map();
699
1c79356b
A		 700 if (fp->f_type != DTYPE_PSXSHM) {
701 return(EINVAL);
702 }
703
704
705 if (((pnode = (struct pshmnode *)fp->f_data)) == PSHMNODE_NULL )
706 return(EINVAL);
707
91447636
A		 708 PSHM_SUBSYS_LOCK();
709 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL) {
710 PSHM_SUBSYS_UNLOCK();
1c79356b 711 return(EINVAL);
91447636 712 }
b0d623f7 713 if ((pinfo->pshm_flags & (PSHM_DEFINED|PSHM_ALLOCATING|PSHM_ALLOCATED))
1c79356b 714 != PSHM_DEFINED) {
91447636 715 PSHM_SUBSYS_UNLOCK();
1c79356b
A		 716 return(EINVAL);
717 }
2d21ac55 718#if CONFIG_MACF
6d2010ae 719 error = mac_posixshm_check_truncate(kauth_cred_get(), pinfo, length);
2d21ac55
A		 720 if (error) {
721 PSHM_SUBSYS_UNLOCK();
722 return(error);
723 }
724#endif
1c79356b 725
b0d623f7 726 pinfo->pshm_flags |= PSHM_ALLOCATING;
39236c6e
A		 727 total_size = vm_map_round_page(length,
728 vm_map_page_mask(user_map));
b0d623f7 729 pshmobj_next_p = &pinfo->pshm_memobjects;
1c79356b 730
b0d623f7
A		 731 for (alloc_size = 0;
732 alloc_size < total_size;
6d2010ae 733 alloc_size += mosize) {
1c79356b 734
b0d623f7
A		 735 PSHM_SUBSYS_UNLOCK();
736
6d2010ae 737 mosize = MIN(total_size - alloc_size, ANON_MAX_SIZE);
b0d623f7
A		 738 kret = mach_make_memory_entry_64(
739 VM_MAP_NULL,
6d2010ae 740 &mosize,
b0d623f7
A		 741 0,
742 MAP_MEM_NAMED_CREATE | VM_PROT_DEFAULT,
743 &mem_object,
744 0);
745
746 if (kret != KERN_SUCCESS)
747 goto out;
748
749 MALLOC(pshmobj, struct pshmobj *, sizeof (struct pshmobj),
750 M_SHM, M_WAITOK);
751 if (pshmobj == NULL) {
752 kret = KERN_NO_SPACE;
753 mach_memory_entry_port_release(mem_object);
754 mem_object = NULL;
755 goto out;
756 }
757
758 PSHM_SUBSYS_LOCK();
759
760 pshmobj->pshmo_memobject = (void *) mem_object;
6d2010ae 761 pshmobj->pshmo_size = mosize;
b0d623f7
A		 762 pshmobj->pshmo_next = NULL;
763
764 *pshmobj_next_p = pshmobj;
765 pshmobj_next_p = &pshmobj->pshmo_next;
766 }
767
3e170ce0
A		 768 pinfo->pshm_flags |= PSHM_ALLOCATED;
769 pinfo->pshm_flags &= ~(PSHM_ALLOCATING);
b0d623f7 770 pinfo->pshm_length = total_size;
91447636 771 PSHM_SUBSYS_UNLOCK();
1c79356b
A		 772 return(0);
773
774out:
b0d623f7
A		 775 PSHM_SUBSYS_LOCK();
776 for (pshmobj = pinfo->pshm_memobjects;
777 pshmobj != NULL;
778 pshmobj = pshmobj_next) {
779 pshmobj_next = pshmobj->pshmo_next;
780 mach_memory_entry_port_release(pshmobj->pshmo_memobject);
781 FREE(pshmobj, M_SHM);
782 }
783 pinfo->pshm_memobjects = NULL;
784 pinfo->pshm_flags &= ~PSHM_ALLOCATING;
785 PSHM_SUBSYS_UNLOCK();
786
1c79356b
A		 787 switch (kret) {
788 case KERN_INVALID_ADDRESS:
789 case KERN_NO_SPACE:
790 return (ENOMEM);
791 case KERN_PROTECTION_FAILURE:
792 return (EACCES);
793 default:
794 return (EINVAL);
795
796 }
797}
798
799int
2d21ac55 800pshm_stat(struct pshmnode *pnode, void *ub, int isstat64)
1c79356b 801{
2d21ac55
A		 802 struct stat *sb = (struct stat *)0; /* warning avoidance ; protected by isstat64 */
803 struct stat64 * sb64 = (struct stat64 *)0; /* warning avoidance ; protected by isstat64 */
1c79356b 804 struct pshminfo *pinfo;
2d21ac55
A		 805#if CONFIG_MACF
806 int error;
807#endif
1c79356b 808
91447636
A		 809 PSHM_SUBSYS_LOCK();
810 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL){
811 PSHM_SUBSYS_UNLOCK();
1c79356b 812 return(EINVAL);
91447636 813 }
1c79356b 814
2d21ac55
A		 815#if CONFIG_MACF
816 error = mac_posixshm_check_stat(kauth_cred_get(), pinfo);
817 if (error) {
818 PSHM_SUBSYS_UNLOCK();
819 return(error);
820 }
821#endif
822
823 if (isstat64 != 0) {
824 sb64 = (struct stat64 *)ub;
825 bzero(sb64, sizeof(struct stat64));
826 sb64->st_mode = pinfo->pshm_mode;
827 sb64->st_uid = pinfo->pshm_uid;
828 sb64->st_gid = pinfo->pshm_gid;
829 sb64->st_size = pinfo->pshm_length;
830 } else {
831 sb = (struct stat *)ub;
832 bzero(sb, sizeof(struct stat));
833 sb->st_mode = pinfo->pshm_mode;
834 sb->st_uid = pinfo->pshm_uid;
835 sb->st_gid = pinfo->pshm_gid;
836 sb->st_size = pinfo->pshm_length;
837 }
91447636 838 PSHM_SUBSYS_UNLOCK();
1c79356b
A		 839
840 return(0);
841}
842
91447636
A		 843/*
844 * This is called only from shm_open which holds pshm_lock();
845 * XXX This code is repeated many times
846 */
1c79356b 847int
2d21ac55 848pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, __unused proc_t p)
1c79356b 849{
6d2010ae
A		 850 int mode_req = ((mode & FREAD) ? S_IRUSR : 0) |
851 ((mode & FWRITE) ? S_IWUSR : 0);
1c79356b
A		 852
853 /* Otherwise, user id 0 always gets access. */
91447636 854 if (!suser(cred, NULL))
1c79356b
A		 855 return (0);
856
6d2010ae 857 return(posix_cred_access(cred, pinfo->pshm_uid, pinfo->pshm_gid, pinfo->pshm_mode, mode_req));
1c79356b 858}
9bccf70c 859
1c79356b 860int
2d21ac55 861pshm_mmap(__unused proc_t p, struct mmap_args *uap, user_addr_t *retval, struct fileproc *fp, off_t pageoff)
1c79356b 862{
316670eb
A		 863 vm_map_offset_t user_addr = (vm_map_offset_t)uap->addr;
864 vm_map_size_t user_size = (vm_map_size_t)uap->len ;
865 vm_map_offset_t user_start_addr;
866 vm_map_size_t map_size, mapped_size;
1c79356b 867 int prot = uap->prot;
e8c3f781 868 int max_prot = VM_PROT_DEFAULT;
1c79356b
A		 869 int flags = uap->flags;
870 vm_object_offset_t file_pos = (vm_object_offset_t)uap->pos;
b0d623f7 871 vm_object_offset_t map_pos;
1c79356b 872 vm_map_t user_map;
91447636 873 int alloc_flags;
5ba3f43e 874 vm_map_kernel_flags_t vmk_flags;
91447636 875 boolean_t docow;
1c79356b
A		 876 kern_return_t kret;
877 struct pshminfo * pinfo;
878 struct pshmnode * pnode;
b0d623f7 879 struct pshmobj * pshmobj;
2d21ac55
A		 880#if CONFIG_MACF
881 int error;
882#endif
1c79356b
A		 883
884 if (user_size == 0)
885 return(0);
886
887 if ((flags & MAP_SHARED) == 0)
888 return(EINVAL);
889
890
e8c3f781
A		 891 /* Can't allow write permission if the shm_open() didn't */
892 if (!(fp->f_flag & FWRITE)) {
893 if (prot & VM_PROT_WRITE) {
894 return EPERM;
895 }
896 max_prot &= ~VM_PROT_WRITE;
1c79356b
A		 897 }
898
899 if (((pnode = (struct pshmnode *)fp->f_data)) == PSHMNODE_NULL )
900 return(EINVAL);
901
91447636
A		 902 PSHM_SUBSYS_LOCK();
903 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL) {
904 PSHM_SUBSYS_UNLOCK();
1c79356b 905 return(EINVAL);
91447636 906 }
1c79356b
A		 907
908 if ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED) {
91447636 909 PSHM_SUBSYS_UNLOCK();
1c79356b
A		 910 return(EINVAL);
911 }
5c9f4661 912 if (user_size > (vm_map_size_t)pinfo->pshm_length) {
91447636 913 PSHM_SUBSYS_UNLOCK();
1c79356b
A		 914 return(EINVAL);
915 }
5c9f4661
A		 916 vm_map_size_t end_pos = 0;
917 if (os_add_overflow(user_size, file_pos, &end_pos)) {
918 PSHM_SUBSYS_UNLOCK();
919 return(EINVAL);
920 }
921 if (end_pos > (vm_map_size_t)pinfo->pshm_length) {
91447636 922 PSHM_SUBSYS_UNLOCK();
1c79356b
A		 923 return(EINVAL);
924 }
b0d623f7 925 if ((pshmobj = pinfo->pshm_memobjects) == NULL) {
91447636 926 PSHM_SUBSYS_UNLOCK();
1c79356b
A		 927 return(EINVAL);
928 }
929
2d21ac55
A		 930#if CONFIG_MACF
931 error = mac_posixshm_check_mmap(kauth_cred_get(), pinfo, prot, flags);
932 if (error) {
933 PSHM_SUBSYS_UNLOCK();
934 return(error);
935 }
936#endif
91447636
A		 937
938 PSHM_SUBSYS_UNLOCK();
1c79356b
A		 939 user_map = current_map();
940
941 if ((flags & MAP_FIXED) == 0) {
91447636 942 alloc_flags = VM_FLAGS_ANYWHERE;
39236c6e
A		 943 user_addr = vm_map_round_page(user_addr,
944 vm_map_page_mask(user_map));
1c79356b 945 } else {
39236c6e
A		 946 if (user_addr != vm_map_round_page(user_addr,
947 vm_map_page_mask(user_map)))
1c79356b 948 return (EINVAL);
91447636
A		 949 /*
950 * We do not get rid of the existing mappings here because
951 * it wouldn't be atomic (see comment in mmap()). We let
952 * Mach VM know that we want it to replace any existing
953 * mapping with the new one.
954 */
955 alloc_flags = VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE;
1c79356b
A		 956 }
957 docow = FALSE;
958
b0d623f7 959 mapped_size = 0;
5ba3f43e
A		 960 vmk_flags = VM_MAP_KERNEL_FLAGS_NONE;
961 /* reserve the entire space first... */
b0d623f7
A		 962 kret = vm_map_enter_mem_object(user_map,
963 &user_addr,
964 user_size,
965 0,
966 alloc_flags,
5ba3f43e
A		 967 vmk_flags,
968 VM_KERN_MEMORY_NONE,
b0d623f7
A		 969 IPC_PORT_NULL,
970 0,
971 FALSE,
972 VM_PROT_NONE,
973 VM_PROT_NONE,
974 VM_INHERIT_NONE);
975 user_start_addr = user_addr;
1c79356b 976 if (kret != KERN_SUCCESS) {
1c79356b
A		 977 goto out;
978 }
b0d623f7
A		 979
980 /* ... and overwrite with the real mappings */
981 for (map_pos = 0, pshmobj = pinfo->pshm_memobjects;
982 user_size != 0;
983 map_pos += pshmobj->pshmo_size, pshmobj = pshmobj->pshmo_next) {
984 if (pshmobj == NULL) {
985 /* nothing there to map !? */
986 goto out;
987 }
988 if (file_pos >= map_pos + pshmobj->pshmo_size) {
989 continue;
990 }
991 map_size = pshmobj->pshmo_size - (file_pos - map_pos);
992 if (map_size > user_size) {
993 map_size = user_size;
994 }
5ba3f43e 995 vmk_flags = VM_MAP_KERNEL_FLAGS_NONE;
b0d623f7
A		 996 kret = vm_map_enter_mem_object(
997 user_map,
998 &user_addr,
999 map_size,
1000 0,
1001 VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE,
5ba3f43e
A		 1002 vmk_flags,
1003 VM_KERN_MEMORY_NONE,
b0d623f7
A		 1004 pshmobj->pshmo_memobject,
1005 file_pos - map_pos,
1006 docow,
1007 prot,
e8c3f781 1008 max_prot,
b0d623f7
A		 1009 VM_INHERIT_SHARE);
1010 if (kret != KERN_SUCCESS)
1011 goto out;
1012
1013 user_addr += map_size;
1014 user_size -= map_size;
1015 mapped_size += map_size;
1016 file_pos += map_size;
1017 }
1018
91447636 1019 PSHM_SUBSYS_LOCK();
b0d623f7
A		 1020 pnode->mapp_addr = user_start_addr;
1021 pnode->map_size = mapped_size;
1c79356b 1022 pinfo->pshm_flags |= (PSHM_MAPPED | PSHM_INUSE);
91447636 1023 PSHM_SUBSYS_UNLOCK();
1c79356b 1024out:
b0d623f7
A		 1025 if (kret != KERN_SUCCESS) {
1026 if (mapped_size != 0) {
1027 (void) mach_vm_deallocate(current_map(),
1028 user_start_addr,
1029 mapped_size);
1030 }
1031 }
1032
1c79356b
A		 1033 switch (kret) {
1034 case KERN_SUCCESS:
b0d623f7 1035 *retval = (user_start_addr + pageoff);
1c79356b
A		 1036 return (0);
1037 case KERN_INVALID_ADDRESS:
1038 case KERN_NO_SPACE:
1039 return (ENOMEM);
1040 case KERN_PROTECTION_FAILURE:
1041 return (EACCES);
1042 default:
1043 return (EINVAL);
1044 }
1045
1046}
1047
490019cf
A		 1048static int
1049pshm_unlink_internal(struct pshminfo *pinfo, struct pshmcache *pcache)
1050{
1051 struct pshmobj *pshmobj, *pshmobj_next;
1052
1053 PSHM_SUBSYS_ASSERT_HELD();
1054
1055 if (!pinfo || !pcache)
1056 return EINVAL;
1057
1058 if ((pinfo->pshm_flags & (PSHM_DEFINED | PSHM_ALLOCATED)) == 0)
1059 return EINVAL;
1060
1061 if (pinfo->pshm_flags & PSHM_INDELETE)
1062 return 0;
1063
1064 pinfo->pshm_flags |= PSHM_INDELETE;
1065 pinfo->pshm_usecount--;
1066
1067 pshm_cache_delete(pcache);
1068 pinfo->pshm_flags |= PSHM_REMOVED;
1069
1070 /* release the existence reference */
1071 if (!pinfo->pshm_usecount) {
1072#if CONFIG_MACF
1073 mac_posixshm_label_destroy(pinfo);
1074#endif
1075 /*
1076 * If this is the last reference going away on the object,
1077 * then we need to destroy the backing object. The name
1078 * has an implied but uncounted reference on the object,
1079 * once it's created, since it's used as a rendezvous, and
1080 * therefore may be subsequently reopened.
1081 */
1082 for (pshmobj = pinfo->pshm_memobjects;
1083 pshmobj != NULL;
1084 pshmobj = pshmobj_next) {
1085 mach_memory_entry_port_release(pshmobj->pshmo_memobject);
1086 pshmobj_next = pshmobj->pshmo_next;
1087 FREE(pshmobj, M_SHM);
1088 }
1089 FREE(pinfo,M_SHM);
1090 }
1091
1092 FREE(pcache, M_SHM);
1093
1094 return 0;
1095}
1096
1c79356b 1097int
490019cf 1098shm_unlink(proc_t p, struct shm_unlink_args *uap, __unused int32_t *retval)
1c79356b 1099{
91447636 1100 size_t i;
490019cf
A		 1101 char * pnbuf;
1102 size_t pathlen;
1103 int error = 0;
1104
1c79356b
A		 1105 struct pshmname nd;
1106 struct pshminfo *pinfo;
1c79356b
A		 1107 char * nameptr;
1108 char * cp;
1c79356b 1109 struct pshmcache *pcache = PSHMCACHE_NULL;
1c79356b
A		 1110
1111 pinfo = PSHMINFO_NULL;
1112
490019cf 1113
91447636
A		 1114 MALLOC_ZONE(pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
1115 if (pnbuf == NULL) {
1116 return(ENOSPC); /* XXX non-standard */
1117 }
1c79356b 1118 pathlen = MAXPATHLEN;
91447636 1119 error = copyinstr(uap->name, (void *)pnbuf, MAXPATHLEN, &pathlen);
1c79356b
A		 1120 if (error) {
1121 goto bad;
1122 }
e5568f75 1123 AUDIT_ARG(text, pnbuf);
1c79356b
A		 1124 if (pathlen > PSHMNAMLEN) {
1125 error = ENAMETOOLONG;
1126 goto bad;
1127 }
1128
490019cf 1129 nameptr = pnbuf;
1c79356b
A		 1130
1131#ifdef PSXSHM_NAME_RESTRICT
1c79356b
A		 1132 if (*nameptr == '/') {
1133 while (*(nameptr++) == '/') {
490019cf 1134 pathlen--;
1c79356b
A		 1135 error = EINVAL;
1136 goto bad;
1137 }
1138 } else {
1139 error = EINVAL;
1140 goto bad;
1141 }
1142#endif /* PSXSHM_NAME_RESTRICT */
1143
1c79356b 1144 nd.pshm_nameptr = nameptr;
490019cf
A		 1145 nd.pshm_namelen = pathlen;
1146 nd.pshm_hash = 0;
1c79356b 1147
490019cf 1148 for (cp = nameptr, i=1; *cp != 0 && i <= pathlen; i++, cp++) {
1c79356b
A		 1149 nd.pshm_hash += (unsigned char)*cp * i;
1150 }
1151
91447636 1152 PSHM_SUBSYS_LOCK();
6d2010ae 1153 error = pshm_cache_search(&pinfo, &nd, &pcache, 0);
1c79356b 1154
39236c6e 1155 /* During unlink lookup failure also implies ENOENT */
490019cf 1156 if (error != PSHMCACHE_FOUND) {
91447636 1157 PSHM_SUBSYS_UNLOCK();
39236c6e 1158 error = ENOENT;
1c79356b 1159 goto bad;
490019cf
A		 1160
1161 }
1c79356b
A		 1162
1163 if ((pinfo->pshm_flags & (PSHM_DEFINED | PSHM_ALLOCATED))==0) {
91447636 1164 PSHM_SUBSYS_UNLOCK();
2d21ac55
A		 1165 error = EINVAL;
1166 goto bad;
1c79356b
A		 1167 }
1168
b0d623f7
A		 1169 if (pinfo->pshm_flags & PSHM_ALLOCATING) {
1170 /* XXX should we wait for flag to clear and then proceed ? */
1171 PSHM_SUBSYS_UNLOCK();
1172 error = EAGAIN;
1173 goto bad;
1174 }
1175
1c79356b 1176 if (pinfo->pshm_flags & PSHM_INDELETE) {
91447636 1177 PSHM_SUBSYS_UNLOCK();
1c79356b
A		 1178 error = 0;
1179 goto bad;
1180 }
490019cf 1181
2d21ac55
A		 1182#if CONFIG_MACF
1183 error = mac_posixshm_check_unlink(kauth_cred_get(), pinfo, nameptr);
1184 if (error) {
1185 PSHM_SUBSYS_UNLOCK();
1186 goto bad;
1187 }
1188#endif
1c79356b 1189
e5568f75
A		 1190 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, pinfo->pshm_gid,
1191 pinfo->pshm_mode);
91447636 1192
316670eb 1193 /*
490019cf
A		 1194 * following file semantics, unlink should be allowed
1195 * for users with write permission only.
91447636 1196 */
316670eb
A		 1197 if ( (error = pshm_access(pinfo, FWRITE, kauth_cred_get(), p)) ) {
1198 PSHM_SUBSYS_UNLOCK();
1199 goto bad;
1200 }
91447636 1201
490019cf
A		 1202 error = pshm_unlink_internal(pinfo, pcache);
1203 PSHM_SUBSYS_UNLOCK();
1204
1c79356b 1205bad:
55e303ae 1206 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI);
490019cf 1207 return error;
1c79356b 1208}
1c79356b 1209
91447636
A		 1210/* already called locked */
1211static int
6d2010ae 1212pshm_close(struct pshminfo *pinfo, int dropref)
1c79356b 1213{
6d2010ae 1214 int error = 0;
b0d623f7 1215 struct pshmobj *pshmobj, *pshmobj_next;
1c79356b 1216
6d2010ae
A		 1217 /*
1218 * If we are dropping the reference we took on the cache object, don't
1219 * enforce the allocation requirement.
1220 */
1221 if ( !dropref && ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED)) {
1c79356b
A		 1222 return(EINVAL);
1223 }
1224#if DIAGNOSTIC
1225 if(!pinfo->pshm_usecount) {
1226 kprintf("negative usecount in pshm_close\n");
1227 }
1228#endif /* DIAGNOSTIC */
91447636 1229 pinfo->pshm_usecount--; /* release this fd's reference */
1c79356b
A		 1230
1231 if ((pinfo->pshm_flags & PSHM_REMOVED) && !pinfo->pshm_usecount) {
b0d623f7
A		 1232#if CONFIG_MACF
1233 mac_posixshm_label_destroy(pinfo);
1234#endif
91447636
A		 1235 PSHM_SUBSYS_UNLOCK();
1236 /*
1237 * If this is the last reference going away on the object,
1238 * then we need to destroy the backing object.
1239 */
b0d623f7
A		 1240 for (pshmobj = pinfo->pshm_memobjects;
1241 pshmobj != NULL;
1242 pshmobj = pshmobj_next) {
1243 mach_memory_entry_port_release(pshmobj->pshmo_memobject);
1244 pshmobj_next = pshmobj->pshmo_next;
1245 FREE(pshmobj, M_SHM);
1246 }
91447636
A		 1247 PSHM_SUBSYS_LOCK();
1248 FREE(pinfo,M_SHM);
1249 }
1c79356b
A		 1250 return (error);
1251}
9bccf70c 1252
2d21ac55 1253/* vfs_context_t passed to match prototype for struct fileops */
9bccf70c 1254static int
2d21ac55 1255pshm_closefile(struct fileglob *fg, __unused vfs_context_t ctx)
9bccf70c 1256{
6d2010ae
A		 1257 int error = EINVAL;
1258 struct pshmnode *pnode;
91447636
A		 1259
1260 PSHM_SUBSYS_LOCK();
6d2010ae
A		 1261
1262 if ((pnode = (struct pshmnode *)fg->fg_data) != NULL) {
1263 if (pnode->pinfo != PSHMINFO_NULL) {
1264 error = pshm_close(pnode->pinfo, 0);
1265 }
1266 FREE(pnode, M_SHM);
1267 }
1268
91447636 1269 PSHM_SUBSYS_UNLOCK();
6d2010ae 1270
91447636 1271 return(error);
9bccf70c
A		 1272}
1273
1274static int
5ba3f43e
A		 1275pshm_read(__unused struct fileproc *fp, __unused struct uio *uio,
1276 __unused int flags, __unused vfs_context_t ctx)
1c79356b 1277{
91447636 1278 return(ENOTSUP);
1c79356b 1279}
9bccf70c
A		 1280
1281static int
5ba3f43e
A		 1282pshm_write(__unused struct fileproc *fp, __unused struct uio *uio,
1283 __unused int flags, __unused vfs_context_t ctx)
1c79356b 1284{
91447636 1285 return(ENOTSUP);
1c79356b 1286}
9bccf70c
A		 1287
1288static int
5ba3f43e
A		 1289pshm_ioctl(__unused struct fileproc *fp, __unused u_long com,
1290 __unused caddr_t data, __unused vfs_context_t ctx)
1c79356b 1291{
91447636 1292 return(ENOTSUP);
1c79356b 1293}
9bccf70c
A		 1294
1295static int
5ba3f43e
A		 1296pshm_select(__unused struct fileproc *fp, __unused int which, __unused void *wql,
1297 __unused vfs_context_t ctx)
1c79356b 1298{
91447636 1299 return(ENOTSUP);
1c79356b 1300}
55e303ae
A		 1301
1302static int
39037602 1303pshm_kqfilter(__unused struct fileproc *fp, struct knote *kn,
5ba3f43e 1304 __unused struct kevent_internal_s *kev, __unused vfs_context_t ctx)
55e303ae 1305{
39037602
A		 1306 kn->kn_flags = EV_ERROR;
1307 kn->kn_data = ENOTSUP;
1308 return 0;
55e303ae 1309}
0c530ab8
A		 1310
1311int
1312fill_pshminfo(struct pshmnode * pshm, struct pshm_info * info)
1313{
1314 struct pshminfo *pinfo;
2d21ac55 1315 struct vinfo_stat *sb;
0c530ab8
A		 1316
1317 PSHM_SUBSYS_LOCK();
1318 if ((pinfo = pshm->pinfo) == PSHMINFO_NULL){
1319 PSHM_SUBSYS_UNLOCK();
1320 return(EINVAL);
1321 }
1322
1323 sb = &info->pshm_stat;
1324
2d21ac55
A		 1325 bzero(sb, sizeof(struct vinfo_stat));
1326 sb->vst_mode = pinfo->pshm_mode;
1327 sb->vst_uid = pinfo->pshm_uid;
1328 sb->vst_gid = pinfo->pshm_gid;
1329 sb->vst_size = pinfo->pshm_length;
0c530ab8
A		 1330
1331 info->pshm_mappaddr = pshm->mapp_addr;
1332 bcopy(&pinfo->pshm_name[0], &info->pshm_name[0], PSHMNAMLEN+1);
1333
1334 PSHM_SUBSYS_UNLOCK();
1335 return(0);
1336}
1337
2d21ac55
A		 1338#if CONFIG_MACF
1339void
1340pshm_label_associate(struct fileproc *fp, struct vnode *vp, vfs_context_t ctx)
1341{
1342 struct pshmnode *pnode;
1343 struct pshminfo *pshm;
0c530ab8 1344
2d21ac55
A		 1345 PSHM_SUBSYS_LOCK();
1346 pnode = (struct pshmnode *)fp->f_fglob->fg_data;
1347 if (pnode != NULL) {
1348 pshm = pnode->pinfo;
1349 if (pshm != NULL)
1350 mac_posixshm_vnode_label_associate(
1351 vfs_context_ucred(ctx), pshm, pshm->pshm_label,
1352 vp, vp->v_label);
1353 }
1354 PSHM_SUBSYS_UNLOCK();
1355}
1356#endif
mirror of XNU