]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/sysv_shm.c
xnu-792.1.5.tar.gz
[apple/xnu.git] / bsd / kern / sysv_shm.c
CommitLineData
1c79356b 1/*
e5568f75 2 * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
1c79356b
A
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
e5568f75
A
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
1c79356b 11 *
e5568f75
A
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
1c79356b
A
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
e5568f75
A
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
18 * under the License.
1c79356b
A
19 *
20 * @APPLE_LICENSE_HEADER_END@
21 */
22/* $NetBSD: sysv_shm.c,v 1.23 1994/07/04 23:25:12 glass Exp $ */
23
24/*
25 * Copyright (c) 1994 Adam Glass and Charles Hannum. All rights reserved.
26 *
27 * Redistribution and use in source and binary forms, with or without
28 * modification, are permitted provided that the following conditions
29 * are met:
30 * 1. Redistributions of source code must retain the above copyright
31 * notice, this list of conditions and the following disclaimer.
32 * 2. Redistributions in binary form must reproduce the above copyright
33 * notice, this list of conditions and the following disclaimer in the
34 * documentation and/or other materials provided with the distribution.
35 * 3. All advertising materials mentioning features or use of this software
36 * must display the following acknowledgement:
37 * This product includes software developed by Adam Glass and Charles
38 * Hannum.
39 * 4. The names of the authors may not be used to endorse or promote products
40 * derived from this software without specific prior written permission.
41 *
42 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
43 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
44 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
45 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
46 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
48 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
49 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
50 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
51 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
52 */
53
54
9bccf70c 55#include <sys/appleapiopts.h>
1c79356b
A
56#include <sys/param.h>
57#include <sys/systm.h>
58#include <sys/kernel.h>
91447636
A
59#include <sys/shm_internal.h>
60#include <sys/proc_internal.h>
61#include <sys/kauth.h>
1c79356b
A
62#include <sys/malloc.h>
63#include <sys/mman.h>
64#include <sys/stat.h>
9bccf70c 65#include <sys/sysctl.h>
91447636
A
66#include <sys/ipcs.h>
67#include <sys/sysent.h>
68#include <sys/sysproto.h>
e5568f75
A
69
70#include <bsm/audit_kernel.h>
1c79356b
A
71
72#include <mach/mach_types.h>
73#include <mach/vm_inherit.h>
91447636
A
74#include <mach/vm_map.h>
75
76#include <mach/mach_vm.h>
77
1c79356b 78#include <vm/vm_map.h>
91447636
A
79#include <vm/vm_shared_memory_server.h>
80#include <vm/vm_protos.h>
1c79356b 81
91447636 82#include <kern/locks.h>
1c79356b 83
91447636 84static void shminit(void *);
1c79356b 85#if 0
1c79356b
A
86SYSINIT(sysv_shm, SI_SUB_SYSV_SHM, SI_ORDER_FIRST, shminit, NULL)
87#endif 0
88
91447636
A
89static lck_grp_t *sysv_shm_subsys_lck_grp;
90static lck_grp_attr_t *sysv_shm_subsys_lck_grp_attr;
91static lck_attr_t *sysv_shm_subsys_lck_attr;
92static lck_mtx_t sysv_shm_subsys_mutex;
1c79356b 93
91447636
A
94#define SYSV_SHM_SUBSYS_LOCK() lck_mtx_lock(&sysv_shm_subsys_mutex)
95#define SYSV_SHM_SUBSYS_UNLOCK() lck_mtx_unlock(&sysv_shm_subsys_mutex)
96
97static int oshmctl(void *p, void *uap, void *retval);
98static int shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, int * retval);
99static int shmget_existing(struct shmget_args *uap, int mode, int segnum, int * retval);
100static void shmid_ds_64to32(struct user_shmid_ds *in, struct shmid_ds *out);
101static void shmid_ds_32to64(struct shmid_ds *in, struct user_shmid_ds *out);
1c79356b
A
102
103/* XXX casting to (sy_call_t *) is bogus, as usual. */
104static sy_call_t *shmcalls[] = {
105 (sy_call_t *)shmat, (sy_call_t *)oshmctl,
106 (sy_call_t *)shmdt, (sy_call_t *)shmget,
107 (sy_call_t *)shmctl
108};
109
110#define SHMSEG_FREE 0x0200
111#define SHMSEG_REMOVED 0x0400
112#define SHMSEG_ALLOCATED 0x0800
113#define SHMSEG_WANTED 0x1000
114
115static int shm_last_free, shm_nused, shm_committed;
91447636 116struct user_shmid_ds *shmsegs; /* 64 bit version */
9bccf70c 117static int shm_inited = 0;
1c79356b
A
118
119struct shm_handle {
91447636 120 void * shm_object; /* vm_offset_t kva; */
1c79356b
A
121};
122
123struct shmmap_state {
91447636
A
124 mach_vm_address_t va; /* user address */
125 int shmid; /* segment id */
1c79356b
A
126};
127
91447636
A
128static void shm_deallocate_segment(struct user_shmid_ds *);
129static int shm_find_segment_by_key(key_t);
130static struct user_shmid_ds *shm_find_segment_by_shmid(int);
131static int shm_delete_mapping(struct proc *, struct shmmap_state *, int);
1c79356b 132
9bccf70c
A
133#ifdef __APPLE_API_PRIVATE
134struct shminfo shminfo = {
135 -1, /* SHMMAX 4096 *1024 */
136 -1, /* SHMMIN = 1 */
137 -1, /* SHMMNI = 1 */
138 -1, /* SHMSEG = 8 */
139 -1 /* SHMALL = 1024 */
140};
141#endif /* __APPLE_API_PRIVATE */
142
91447636
A
143void sysv_shm_lock_init(void);
144
145static __inline__ time_t
146sysv_shmtime(void)
147{
148 struct timeval tv;
149 microtime(&tv);
150 return (tv.tv_sec);
151}
152
153/*
154 * This conversion is safe, since if we are converting for a 32 bit process,
155 * then it's value of (struct shmid_ds)->shm_segsz will never exceed 4G.
156 *
157 * NOTE: Source and target may *NOT* overlap! (target is smaller)
158 */
159static void
160shmid_ds_64to32(struct user_shmid_ds *in, struct shmid_ds *out)
161{
162 out->shm_perm = in->shm_perm;
163 out->shm_segsz = (size_t)in->shm_segsz;
164 out->shm_lpid = in->shm_lpid;
165 out->shm_cpid = in->shm_cpid;
166 out->shm_nattch = in->shm_nattch;
167 out->shm_atime = in->shm_atime;
168 out->shm_dtime = in->shm_dtime;
169 out->shm_ctime = in->shm_ctime;
170 out->shm_internal = CAST_DOWN(void *,in->shm_internal);
171}
172
173/*
174 * NOTE: Source and target may are permitted to overlap! (source is smaller);
175 * this works because we copy fields in order from the end of the struct to
176 * the beginning.
177 */
178static void
179shmid_ds_32to64(struct shmid_ds *in, struct user_shmid_ds *out)
180{
181 out->shm_internal = CAST_USER_ADDR_T(in->shm_internal);
182 out->shm_ctime = in->shm_ctime;
183 out->shm_dtime = in->shm_dtime;
184 out->shm_atime = in->shm_atime;
185 out->shm_nattch = in->shm_nattch;
186 out->shm_cpid = in->shm_cpid;
187 out->shm_lpid = in->shm_lpid;
188 out->shm_segsz = (user_size_t)in->shm_segsz;
189 out->shm_perm = in->shm_perm;
190}
191
192
1c79356b 193static int
91447636 194shm_find_segment_by_key(key_t key)
1c79356b
A
195{
196 int i;
197
198 for (i = 0; i < shminfo.shmmni; i++)
199 if ((shmsegs[i].shm_perm.mode & SHMSEG_ALLOCATED) &&
200 shmsegs[i].shm_perm.key == key)
201 return i;
202 return -1;
203}
204
91447636
A
205static struct user_shmid_ds *
206shm_find_segment_by_shmid(int shmid)
1c79356b
A
207{
208 int segnum;
91447636 209 struct user_shmid_ds *shmseg;
1c79356b
A
210
211 segnum = IPCID_TO_IX(shmid);
212 if (segnum < 0 || segnum >= shminfo.shmmni)
213 return NULL;
214 shmseg = &shmsegs[segnum];
215 if ((shmseg->shm_perm.mode & (SHMSEG_ALLOCATED | SHMSEG_REMOVED))
216 != SHMSEG_ALLOCATED ||
217 shmseg->shm_perm.seq != IPCID_TO_SEQ(shmid))
218 return NULL;
219 return shmseg;
220}
221
222static void
91447636 223shm_deallocate_segment(struct user_shmid_ds *shmseg)
1c79356b
A
224{
225 struct shm_handle *shm_handle;
91447636 226 mach_vm_size_t size;
1c79356b 227
91447636
A
228 shm_handle = CAST_DOWN(void *,shmseg->shm_internal); /* tunnel */
229 size = mach_vm_round_page(shmseg->shm_segsz);
230 mach_memory_entry_port_release(shm_handle->shm_object);
231 shm_handle->shm_object = NULL;
1c79356b 232 FREE((caddr_t)shm_handle, M_SHM);
91447636 233 shmseg->shm_internal = USER_ADDR_NULL; /* tunnel */
1c79356b
A
234 shm_committed -= btoc(size);
235 shm_nused--;
236 shmseg->shm_perm.mode = SHMSEG_FREE;
237}
238
239static int
91447636
A
240shm_delete_mapping(__unused struct proc *p, struct shmmap_state *shmmap_s,
241 int deallocate)
1c79356b 242{
91447636 243 struct user_shmid_ds *shmseg;
1c79356b 244 int segnum, result;
91447636 245 mach_vm_size_t size;
1c79356b
A
246
247 segnum = IPCID_TO_IX(shmmap_s->shmid);
248 shmseg = &shmsegs[segnum];
91447636 249 size = mach_vm_round_page(shmseg->shm_segsz); /* XXX done for us? */
55e303ae 250 if (deallocate) {
91447636 251 result = mach_vm_deallocate(current_map(), shmmap_s->va, size);
1c79356b
A
252 if (result != KERN_SUCCESS)
253 return EINVAL;
55e303ae 254 }
1c79356b 255 shmmap_s->shmid = -1;
91447636 256 shmseg->shm_dtime = sysv_shmtime();
1c79356b
A
257 if ((--shmseg->shm_nattch <= 0) &&
258 (shmseg->shm_perm.mode & SHMSEG_REMOVED)) {
259 shm_deallocate_segment(shmseg);
260 shm_last_free = segnum;
261 }
262 return 0;
263}
264
1c79356b 265int
91447636 266shmdt(struct proc *p, struct shmdt_args *uap, register_t *retval)
1c79356b
A
267{
268 struct shmmap_state *shmmap_s;
269 int i;
91447636
A
270 int shmdtret = 0;
271
272 // LP64todo - fix this
273 AUDIT_ARG(svipc_addr, CAST_DOWN(void *,uap->shmaddr));
274
275 SYSV_SHM_SUBSYS_LOCK();
1c79356b 276
91447636
A
277 if (!shm_inited) {
278 shmdtret = EINVAL;
279 goto shmdt_out;
280 }
1c79356b 281 shmmap_s = (struct shmmap_state *)p->vm_shm;
91447636
A
282 if (shmmap_s == NULL) {
283 shmdtret = EINVAL;
284 goto shmdt_out;
285 }
286
1c79356b
A
287 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
288 if (shmmap_s->shmid != -1 &&
91447636 289 shmmap_s->va == (mach_vm_offset_t)uap->shmaddr)
1c79356b 290 break;
91447636
A
291 if (i == shminfo.shmseg) {
292 shmdtret = EINVAL;
293 goto shmdt_out;
294 }
295 i = shm_delete_mapping(p, shmmap_s, 1);
296
297 if (i == 0)
298 *retval = 0;
299 shmdtret = i;
300shmdt_out:
301 SYSV_SHM_SUBSYS_UNLOCK();
302 return shmdtret;
1c79356b
A
303}
304
1c79356b 305int
91447636 306shmat(struct proc *p, struct shmat_args *uap, register_t *retval)
1c79356b
A
307{
308 int error, i, flags;
91447636
A
309 struct user_shmid_ds *shmseg;
310 struct shmmap_state *shmmap_s = NULL;
311 struct shm_handle *shm_handle;
312 mach_vm_address_t attach_va; /* attach address in/out */
313 mach_vm_size_t map_size; /* size of map entry */
314 vm_prot_t prot;
315 size_t size;
316 kern_return_t rv;
317 int shmat_ret = 0;
1c79356b 318
55e303ae 319 AUDIT_ARG(svipc_id, uap->shmid);
91447636
A
320 // LP64todo - fix this
321 AUDIT_ARG(svipc_addr, CAST_DOWN(void *,uap->shmaddr));
322
323 SYSV_SHM_SUBSYS_LOCK();
324
325 if (!shm_inited) {
326 shmat_ret = EINVAL;
327 goto shmat_out;
328 }
329
1c79356b 330 shmmap_s = (struct shmmap_state *)p->vm_shm;
91447636 331
1c79356b
A
332 if (shmmap_s == NULL) {
333 size = shminfo.shmseg * sizeof(struct shmmap_state);
91447636
A
334 MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK);
335 if (shmmap_s == NULL) {
336 shmat_ret = ENOMEM;
337 goto shmat_out;
338 }
1c79356b
A
339 for (i = 0; i < shminfo.shmseg; i++)
340 shmmap_s[i].shmid = -1;
341 p->vm_shm = (caddr_t)shmmap_s;
342 }
343 shmseg = shm_find_segment_by_shmid(uap->shmid);
91447636
A
344 if (shmseg == NULL) {
345 shmat_ret = EINVAL;
346 goto shmat_out;
347 }
55e303ae
A
348
349 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
91447636 350 error = ipcperm(kauth_cred_get(), &shmseg->shm_perm,
1c79356b 351 (uap->shmflg & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W);
91447636
A
352 if (error) {
353 shmat_ret = error;
354 goto shmat_out;
355 }
356
1c79356b
A
357 for (i = 0; i < shminfo.shmseg; i++) {
358 if (shmmap_s->shmid == -1)
359 break;
360 shmmap_s++;
361 }
91447636
A
362 if (i >= shminfo.shmseg) {
363 shmat_ret = EMFILE;
364 goto shmat_out;
365 }
366
367 map_size = mach_vm_round_page(shmseg->shm_segsz);
1c79356b
A
368 prot = VM_PROT_READ;
369 if ((uap->shmflg & SHM_RDONLY) == 0)
370 prot |= VM_PROT_WRITE;
371 flags = MAP_ANON | MAP_SHARED;
91447636 372 if (uap->shmaddr)
1c79356b 373 flags |= MAP_FIXED;
91447636
A
374
375 attach_va = (mach_vm_address_t)uap->shmaddr;
376 if (uap->shmflg & SHM_RND)
377 attach_va &= ~(SHMLBA-1);
378 else if ((attach_va & (SHMLBA-1)) != 0) {
379 shmat_ret = EINVAL;
380 goto shmat_out;
381 }
382
383 shm_handle = CAST_DOWN(void *, shmseg->shm_internal); /* tunnel */
384
385 rv = mach_vm_map(current_map(), /* process map */
386 &attach_va, /* attach address */
387 map_size, /* segment size */
388 (mach_vm_offset_t)0, /* alignment mask */
389 (flags & MAP_FIXED)? VM_FLAGS_FIXED: VM_FLAGS_ANYWHERE,
390 shm_handle->shm_object,
391 (mach_vm_offset_t)0,
392 FALSE,
393 prot,
394 prot,
395 VM_INHERIT_DEFAULT);
1c79356b
A
396 if (rv != KERN_SUCCESS)
397 goto out;
91447636
A
398
399 rv = mach_vm_inherit(current_map(), attach_va, map_size, VM_INHERIT_SHARE);
1c79356b 400 if (rv != KERN_SUCCESS) {
91447636 401 (void)mach_vm_deallocate(current_map(), attach_va, map_size);
1c79356b
A
402 goto out;
403 }
404
405 shmmap_s->va = attach_va;
406 shmmap_s->shmid = uap->shmid;
407 shmseg->shm_lpid = p->p_pid;
91447636 408 shmseg->shm_atime = sysv_shmtime();
1c79356b 409 shmseg->shm_nattch++;
91447636
A
410 *retval = attach_va; /* XXX return -1 on error */
411 shmat_ret = 0;
412 goto shmat_out;
1c79356b
A
413out:
414 switch (rv) {
415 case KERN_INVALID_ADDRESS:
416 case KERN_NO_SPACE:
91447636 417 shmat_ret = ENOMEM;
1c79356b 418 case KERN_PROTECTION_FAILURE:
91447636 419 shmat_ret = EACCES;
1c79356b 420 default:
91447636 421 shmat_ret = EINVAL;
1c79356b 422 }
91447636
A
423shmat_out:
424 SYSV_SHM_SUBSYS_UNLOCK();
425 return shmat_ret;
1c79356b
A
426}
427
1c79356b 428static int
91447636 429oshmctl(__unused void *p, __unused void *uap, __unused void *retval)
1c79356b 430{
1c79356b 431 return EINVAL;
1c79356b
A
432}
433
1c79356b 434int
91447636 435shmctl(__unused struct proc *p, struct shmctl_args *uap, register_t *retval)
1c79356b
A
436{
437 int error;
91447636
A
438 kauth_cred_t cred = kauth_cred_get();
439 struct user_shmid_ds inbuf;
440 struct user_shmid_ds *shmseg;
441 size_t shmid_ds_sz = sizeof(struct user_shmid_ds);
442
443 int shmctl_ret = 0;
1c79356b 444
55e303ae
A
445 AUDIT_ARG(svipc_cmd, uap->cmd);
446 AUDIT_ARG(svipc_id, uap->shmid);
91447636
A
447
448 SYSV_SHM_SUBSYS_LOCK();
449
450 if (!shm_inited) {
451 shmctl_ret = EINVAL;
452 goto shmctl_out;
453 }
454
455 if (!IS_64BIT_PROCESS(p))
456 shmid_ds_sz = sizeof(struct shmid_ds);
457
1c79356b 458 shmseg = shm_find_segment_by_shmid(uap->shmid);
91447636
A
459 if (shmseg == NULL) {
460 shmctl_ret = EINVAL;
461 goto shmctl_out;
462 }
463
55e303ae
A
464 /* XXAUDIT: This is the perms BEFORE any change by this call. This
465 * may not be what is desired.
466 */
467 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
468
1c79356b
A
469 switch (uap->cmd) {
470 case IPC_STAT:
471 error = ipcperm(cred, &shmseg->shm_perm, IPC_R);
91447636
A
472 if (error) {
473 shmctl_ret = error;
474 goto shmctl_out;
475 }
476
477 if (IS_64BIT_PROCESS(p)) {
478 error = copyout(shmseg, uap->buf, sizeof(struct user_shmid_ds));
479 } else {
480 struct shmid_ds shmid_ds32;
481 shmid_ds_64to32(shmseg, &shmid_ds32);
482 error = copyout(&shmid_ds32, uap->buf, sizeof(struct shmid_ds));
483 }
484 if (error) {
485 shmctl_ret = error;
486 goto shmctl_out;
487 }
1c79356b
A
488 break;
489 case IPC_SET:
490 error = ipcperm(cred, &shmseg->shm_perm, IPC_M);
91447636
A
491 if (error) {
492 shmctl_ret = error;
493 goto shmctl_out;
494 }
495 if (IS_64BIT_PROCESS(p)) {
496 error = copyin(uap->buf, &inbuf, sizeof(struct user_shmid_ds));
497 } else {
498 error = copyin(uap->buf, &inbuf, sizeof(struct shmid_ds));
499 /* convert in place; ugly, but safe */
500 shmid_ds_32to64((struct shmid_ds *)&inbuf, &inbuf);
501 }
502 if (error) {
503 shmctl_ret = error;
504 goto shmctl_out;
505 }
1c79356b
A
506 shmseg->shm_perm.uid = inbuf.shm_perm.uid;
507 shmseg->shm_perm.gid = inbuf.shm_perm.gid;
508 shmseg->shm_perm.mode =
509 (shmseg->shm_perm.mode & ~ACCESSPERMS) |
510 (inbuf.shm_perm.mode & ACCESSPERMS);
91447636 511 shmseg->shm_ctime = sysv_shmtime();
1c79356b
A
512 break;
513 case IPC_RMID:
514 error = ipcperm(cred, &shmseg->shm_perm, IPC_M);
91447636
A
515 if (error) {
516 shmctl_ret = error;
517 goto shmctl_out;
518 }
1c79356b
A
519 shmseg->shm_perm.key = IPC_PRIVATE;
520 shmseg->shm_perm.mode |= SHMSEG_REMOVED;
521 if (shmseg->shm_nattch <= 0) {
522 shm_deallocate_segment(shmseg);
523 shm_last_free = IPCID_TO_IX(uap->shmid);
524 }
525 break;
526#if 0
527 case SHM_LOCK:
528 case SHM_UNLOCK:
529#endif
530 default:
91447636
A
531 shmctl_ret = EINVAL;
532 goto shmctl_out;
1c79356b 533 }
91447636
A
534 *retval = 0;
535 shmctl_ret = 0;
536shmctl_out:
537 SYSV_SHM_SUBSYS_UNLOCK();
538 return shmctl_ret;
1c79356b
A
539}
540
1c79356b 541static int
91447636 542shmget_existing(struct shmget_args *uap, int mode, int segnum, int *retval)
1c79356b 543{
91447636 544 struct user_shmid_ds *shmseg;
1c79356b
A
545 int error;
546
547 shmseg = &shmsegs[segnum];
548 if (shmseg->shm_perm.mode & SHMSEG_REMOVED) {
549 /*
550 * This segment is in the process of being allocated. Wait
551 * until it's done, and look the key up again (in case the
552 * allocation failed or it was freed).
553 */
554 shmseg->shm_perm.mode |= SHMSEG_WANTED;
555 error = tsleep((caddr_t)shmseg, PLOCK | PCATCH, "shmget", 0);
556 if (error)
557 return error;
558 return EAGAIN;
559 }
91447636 560 error = ipcperm(kauth_cred_get(), &shmseg->shm_perm, mode);
1c79356b
A
561 if (error)
562 return error;
563 if (uap->size && uap->size > shmseg->shm_segsz)
564 return EINVAL;
565 if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
566 return EEXIST;
567 *retval = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
568 return 0;
569}
570
571static int
91447636
A
572shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode,
573 int *retval)
1c79356b
A
574{
575 int i, segnum, shmid, size;
91447636
A
576 kauth_cred_t cred = kauth_cred_get();
577 struct user_shmid_ds *shmseg;
1c79356b
A
578 struct shm_handle *shm_handle;
579 kern_return_t kret;
580 vm_offset_t user_addr;
581 void * mem_object;
582
91447636
A
583 if (uap->size < (user_size_t)shminfo.shmmin ||
584 uap->size > (user_size_t)shminfo.shmmax)
1c79356b
A
585 return EINVAL;
586 if (shm_nused >= shminfo.shmmni) /* any shmids left? */
587 return ENOSPC;
91447636 588 size = mach_vm_round_page(uap->size);
1c79356b
A
589 if (shm_committed + btoc(size) > shminfo.shmall)
590 return ENOMEM;
591 if (shm_last_free < 0) {
592 for (i = 0; i < shminfo.shmmni; i++)
593 if (shmsegs[i].shm_perm.mode & SHMSEG_FREE)
594 break;
595 if (i == shminfo.shmmni)
596 panic("shmseg free count inconsistent");
597 segnum = i;
598 } else {
599 segnum = shm_last_free;
600 shm_last_free = -1;
601 }
602 shmseg = &shmsegs[segnum];
603 /*
604 * In case we sleep in malloc(), mark the segment present but deleted
605 * so that noone else tries to create the same key.
606 */
91447636 607 kret = vm_allocate(current_map(), &user_addr, size, VM_FLAGS_ANYWHERE);
1c79356b
A
608 if (kret != KERN_SUCCESS)
609 goto out;
610
91447636
A
611 kret = mach_make_memory_entry (current_map(), &size, user_addr,
612 VM_PROT_DEFAULT, (mem_entry_name_port_t *)&mem_object, 0);
1c79356b
A
613
614 if (kret != KERN_SUCCESS)
615 goto out;
91447636
A
616
617 vm_deallocate(current_map(), user_addr, size);
618
1c79356b
A
619 shmseg->shm_perm.mode = SHMSEG_ALLOCATED | SHMSEG_REMOVED;
620 shmseg->shm_perm.key = uap->key;
621 shmseg->shm_perm.seq = (shmseg->shm_perm.seq + 1) & 0x7fff;
91447636
A
622 MALLOC(shm_handle, struct shm_handle *, sizeof(struct shm_handle), M_SHM, M_WAITOK);
623 if (shm_handle == NULL) {
624 kret = KERN_NO_SPACE;
625 mach_memory_entry_port_release(mem_object);
626 mem_object = NULL;
627 goto out;
628 }
1c79356b
A
629 shm_handle->shm_object = mem_object;
630 shmid = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
631
91447636
A
632 shmseg->shm_internal = CAST_USER_ADDR_T(shm_handle); /* tunnel */
633 shmseg->shm_perm.cuid = shmseg->shm_perm.uid = kauth_cred_getuid(cred);
1c79356b
A
634 shmseg->shm_perm.cgid = shmseg->shm_perm.gid = cred->cr_gid;
635 shmseg->shm_perm.mode = (shmseg->shm_perm.mode & SHMSEG_WANTED) |
636 (mode & ACCESSPERMS) | SHMSEG_ALLOCATED;
637 shmseg->shm_segsz = uap->size;
638 shmseg->shm_cpid = p->p_pid;
639 shmseg->shm_lpid = shmseg->shm_nattch = 0;
640 shmseg->shm_atime = shmseg->shm_dtime = 0;
91447636 641 shmseg->shm_ctime = sysv_shmtime();
1c79356b
A
642 shm_committed += btoc(size);
643 shm_nused++;
55e303ae 644 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
1c79356b
A
645 if (shmseg->shm_perm.mode & SHMSEG_WANTED) {
646 /*
647 * Somebody else wanted this key while we were asleep. Wake
648 * them up now.
649 */
650 shmseg->shm_perm.mode &= ~SHMSEG_WANTED;
651 wakeup((caddr_t)shmseg);
652 }
653 *retval = shmid;
55e303ae 654 AUDIT_ARG(svipc_id, shmid);
1c79356b
A
655 return 0;
656out:
657 switch (kret) {
658 case KERN_INVALID_ADDRESS:
659 case KERN_NO_SPACE:
660 return (ENOMEM);
661 case KERN_PROTECTION_FAILURE:
662 return (EACCES);
663 default:
664 return (EINVAL);
665 }
666
667}
668
669int
91447636 670shmget(struct proc *p, struct shmget_args *uap, register_t *retval)
1c79356b
A
671{
672 int segnum, mode, error;
91447636
A
673 int shmget_ret = 0;
674
55e303ae 675 /* Auditing is actually done in shmget_allocate_segment() */
91447636
A
676
677 SYSV_SHM_SUBSYS_LOCK();
678
679 if (!shm_inited) {
680 shmget_ret = EINVAL;
681 goto shmget_out;
682 }
9bccf70c 683
1c79356b
A
684 mode = uap->shmflg & ACCESSPERMS;
685 if (uap->key != IPC_PRIVATE) {
686 again:
687 segnum = shm_find_segment_by_key(uap->key);
688 if (segnum >= 0) {
91447636 689 error = shmget_existing(uap, mode, segnum, retval);
1c79356b
A
690 if (error == EAGAIN)
691 goto again;
91447636
A
692 shmget_ret = error;
693 goto shmget_out;
694 }
695 if ((uap->shmflg & IPC_CREAT) == 0) {
696 shmget_ret = ENOENT;
697 goto shmget_out;
1c79356b 698 }
1c79356b 699 }
91447636
A
700 shmget_ret = shmget_allocate_segment(p, uap, mode, retval);
701shmget_out:
702 SYSV_SHM_SUBSYS_UNLOCK();
703 return shmget_ret;
1c79356b
A
704 /*NOTREACHED*/
705
706}
707
91447636 708/* XXX actually varargs. */
1c79356b 709int
91447636 710shmsys(struct proc *p, struct shmsys_args *uap, register_t *retval)
1c79356b
A
711{
712
91447636 713 /* The routine that we are dispatching already does this */
9bccf70c 714
1c79356b
A
715 if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0]))
716 return EINVAL;
717 return ((*shmcalls[uap->which])(p, &uap->a2, retval));
718}
719
91447636
A
720/*
721 * Return 0 on success, 1 on failure.
722 */
723int
724shmfork(struct proc *p1, struct proc *p2)
1c79356b
A
725{
726 struct shmmap_state *shmmap_s;
727 size_t size;
728 int i;
91447636 729 int shmfork_ret = 0;
1c79356b 730
91447636
A
731 SYSV_SHM_SUBSYS_LOCK();
732
733 if (!shm_inited) {
734 shmfork_ret = 0;
735 goto shmfork_out;
736 }
737
1c79356b 738 size = shminfo.shmseg * sizeof(struct shmmap_state);
91447636
A
739 MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK);
740 if (shmmap_s != NULL) {
741 bcopy((caddr_t)p1->vm_shm, (caddr_t)shmmap_s, size);
742 p2->vm_shm = (caddr_t)shmmap_s;
743 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
744 if (shmmap_s->shmid != -1)
745 shmsegs[IPCID_TO_IX(shmmap_s->shmid)].shm_nattch++;
746 shmfork_ret = 0;
747 goto shmfork_out;
748 }
749
750 shmfork_ret = 1; /* failed to copy to child - ENOMEM */
751shmfork_out:
752 SYSV_SHM_SUBSYS_UNLOCK();
753 return shmfork_ret;
1c79356b
A
754}
755
756void
91447636 757shmexit(struct proc *p)
1c79356b
A
758{
759 struct shmmap_state *shmmap_s;
760 int i;
761
762 shmmap_s = (struct shmmap_state *)p->vm_shm;
91447636
A
763
764 SYSV_SHM_SUBSYS_LOCK();
1c79356b
A
765 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
766 if (shmmap_s->shmid != -1)
55e303ae
A
767 shm_delete_mapping(p, shmmap_s, 1);
768 FREE((caddr_t)p->vm_shm, M_SHM);
769 p->vm_shm = NULL;
91447636 770 SYSV_SHM_SUBSYS_UNLOCK();
55e303ae
A
771}
772
773/*
774 * shmexec() is like shmexit(), only it doesn't delete the mappings,
775 * since the old address space has already been destroyed and the new
776 * one instantiated. Instead, it just does the housekeeping work we
777 * need to do to keep the System V shared memory subsystem sane.
778 */
779__private_extern__ void
91447636 780shmexec(struct proc *p)
55e303ae
A
781{
782 struct shmmap_state *shmmap_s;
783 int i;
784
785 shmmap_s = (struct shmmap_state *)p->vm_shm;
91447636 786 SYSV_SHM_SUBSYS_LOCK();
55e303ae
A
787 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
788 if (shmmap_s->shmid != -1)
789 shm_delete_mapping(p, shmmap_s, 0);
1c79356b
A
790 FREE((caddr_t)p->vm_shm, M_SHM);
791 p->vm_shm = NULL;
91447636 792 SYSV_SHM_SUBSYS_UNLOCK();
1c79356b
A
793}
794
795void
91447636 796shminit(__unused void *dummy)
1c79356b
A
797{
798 int i;
799 int s;
800
9bccf70c 801 if (!shm_inited) {
91447636
A
802 /*
803 * we store internally 64 bit, since if we didn't, we would
804 * be unable to represent a segment size in excess of 32 bits
805 * with the (struct shmid_ds)->shm_segsz field; also, POSIX
806 * dictates this filed be a size_t, which is 64 bits when
807 * running 64 bit binaries.
808 */
809 s = sizeof(struct user_shmid_ds) * shminfo.shmmni;
9bccf70c 810
91447636
A
811 MALLOC(shmsegs, struct user_shmid_ds *, s, M_SHM, M_WAITOK);
812 if (shmsegs == NULL) {
813 /* XXX fail safely: leave shared memory uninited */
814 return;
815 }
9bccf70c
A
816 for (i = 0; i < shminfo.shmmni; i++) {
817 shmsegs[i].shm_perm.mode = SHMSEG_FREE;
818 shmsegs[i].shm_perm.seq = 0;
819 }
820 shm_last_free = 0;
821 shm_nused = 0;
822 shm_committed = 0;
823 shm_inited = 1;
824 }
825}
91447636
A
826/* Initialize the mutex governing access to the SysV shm subsystem */
827__private_extern__ void
828sysv_shm_lock_init( void )
829{
830
831 sysv_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init();
832 lck_grp_attr_setstat(sysv_shm_subsys_lck_grp_attr);
833
834 sysv_shm_subsys_lck_grp = lck_grp_alloc_init("sysv_shm_subsys_lock", sysv_shm_subsys_lck_grp_attr);
835
836 sysv_shm_subsys_lck_attr = lck_attr_alloc_init();
837 /* lck_attr_setdebug(sysv_shm_subsys_lck_attr); */
838 lck_mtx_init(&sysv_shm_subsys_mutex, sysv_shm_subsys_lck_grp, sysv_shm_subsys_lck_attr);
839}
9bccf70c
A
840
841/* (struct sysctl_oid *oidp, void *arg1, int arg2, \
842 struct sysctl_req *req) */
843static int
91447636
A
844sysctl_shminfo(__unused struct sysctl_oid *oidp, void *arg1,
845 __unused int arg2, struct sysctl_req *req)
9bccf70c
A
846{
847 int error = 0;
91447636 848 int sysctl_shminfo_ret = 0;
9bccf70c 849
91447636
A
850 error = SYSCTL_OUT(req, arg1, sizeof(user_ssize_t));
851 if (error || req->newptr == USER_ADDR_NULL)
9bccf70c 852 return(error);
1c79356b 853
91447636 854 SYSV_SHM_SUBSYS_LOCK();
9bccf70c
A
855 /* Set the values only if shared memory is not initialised */
856 if (!shm_inited) {
91447636
A
857 if ((error = SYSCTL_IN(req, arg1, sizeof(user_ssize_t)))
858 != 0) {
859 sysctl_shminfo_ret = error;
860 goto sysctl_shminfo_out;
861 }
862
9bccf70c 863 if (arg1 == &shminfo.shmmax) {
91447636
A
864 if (shminfo.shmmax & PAGE_MASK_64) {
865 shminfo.shmmax = (user_ssize_t)-1;
866 sysctl_shminfo_ret = EINVAL;
867 goto sysctl_shminfo_out;
9bccf70c
A
868 }
869 }
870
871 /* Initialize only when all values are set */
91447636
A
872 if ((shminfo.shmmax != (user_ssize_t)-1) &&
873 (shminfo.shmmin != (user_ssize_t)-1) &&
874 (shminfo.shmmni != (user_ssize_t)-1) &&
875 (shminfo.shmseg != (user_ssize_t)-1) &&
876 (shminfo.shmall != (user_ssize_t)-1)) {
55e303ae 877 shminit(NULL);
9bccf70c 878 }
1c79356b 879 }
91447636
A
880 sysctl_shminfo_ret = 0;
881sysctl_shminfo_out:
882 SYSV_SHM_SUBSYS_UNLOCK();
883 return sysctl_shminfo_ret;
884}
885
886static int
887IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1,
888 __unused int arg2, struct sysctl_req *req)
889{
890 int error;
891 int cursor;
892 union {
893 struct IPCS_command u32;
894 struct user_IPCS_command u64;
895 } ipcs;
896 struct shmid_ds shmid_ds32; /* post conversion, 32 bit version */
897 void *shmid_dsp;
898 size_t ipcs_sz = sizeof(struct user_IPCS_command);
899 size_t shmid_ds_sz = sizeof(struct user_shmid_ds);
900 struct proc *p = current_proc();
901
902 int ipcs__shminfo_ret = 0;
903
904 SYSV_SHM_SUBSYS_LOCK();
905
906 if (!shm_inited) {
907 error = EINVAL;
908 goto ipcs_shm_sysctl_out;
909 }
910
911 if (!IS_64BIT_PROCESS(p)) {
912 ipcs_sz = sizeof(struct IPCS_command);
913 shmid_ds_sz = sizeof(struct shmid_ds);
914 }
915
916 /* Copy in the command structure */
917 if ((error = SYSCTL_IN(req, &ipcs, ipcs_sz)) != 0) {
918 goto ipcs_shm_sysctl_out;
919 }
920
921 if (!IS_64BIT_PROCESS(p)) /* convert in place */
922 ipcs.u64.ipcs_data = CAST_USER_ADDR_T(ipcs.u32.ipcs_data);
923
924 /* Let us version this interface... */
925 if (ipcs.u64.ipcs_magic != IPCS_MAGIC) {
926 error = EINVAL;
927 goto ipcs_shm_sysctl_out;
928 }
929
930 switch(ipcs.u64.ipcs_op) {
931 case IPCS_SHM_CONF: /* Obtain global configuration data */
932 if (ipcs.u64.ipcs_datalen != sizeof(struct shminfo)) {
933 if (ipcs.u64.ipcs_cursor != 0) { /* fwd. compat. */
934 error = ENOMEM;
935 break;
936 }
937 error = ERANGE;
938 break;
939 }
940 error = copyout(&shminfo, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen);
941 break;
942
943 case IPCS_SHM_ITER: /* Iterate over existing segments */
944 cursor = ipcs.u64.ipcs_cursor;
945 if (cursor < 0 || cursor >= shminfo.shmmni) {
946 error = ERANGE;
947 break;
948 }
949 if (ipcs.u64.ipcs_datalen != (int)shmid_ds_sz) {
950 error = ENOMEM;
951 break;
952 }
953 for( ; cursor < shminfo.shmmni; cursor++) {
954 if (shmsegs[cursor].shm_perm.mode & SHMSEG_ALLOCATED)
955 break;
956 continue;
957 }
958 if (cursor == shminfo.shmmni) {
959 error = ENOENT;
960 break;
961 }
962
963 shmid_dsp = &shmsegs[cursor]; /* default: 64 bit */
964
965 /*
966 * If necessary, convert the 64 bit kernel segment
967 * descriptor to a 32 bit user one.
968 */
969 if (!IS_64BIT_PROCESS(p)) {
970 shmid_ds_64to32(shmid_dsp, &shmid_ds32);
971 shmid_dsp = &shmid_ds32;
972 }
973 error = copyout(shmid_dsp, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen);
974 if (!error) {
975 /* update cursor */
976 ipcs.u64.ipcs_cursor = cursor + 1;
977
978 if (!IS_64BIT_PROCESS(p)) /* convert in place */
979 ipcs.u32.ipcs_data = CAST_DOWN(void *,ipcs.u64.ipcs_data);
980 error = SYSCTL_OUT(req, &ipcs, ipcs_sz);
981 }
982 break;
983
984 default:
985 error = EINVAL;
986 break;
987 }
988ipcs_shm_sysctl_out:
989 SYSV_SHM_SUBSYS_UNLOCK();
990 return(error);
1c79356b 991}
9bccf70c
A
992
993SYSCTL_NODE(_kern, KERN_SYSV, sysv, CTLFLAG_RW, 0, "SYSV");
994
91447636
A
995SYSCTL_PROC(_kern_sysv, KSYSV_SHMMAX, shmmax, CTLTYPE_QUAD | CTLFLAG_RW,
996 &shminfo.shmmax, 0, &sysctl_shminfo ,"Q","shmmax");
9bccf70c 997
91447636
A
998SYSCTL_PROC(_kern_sysv, KSYSV_SHMMIN, shmmin, CTLTYPE_QUAD | CTLFLAG_RW,
999 &shminfo.shmmin, 0, &sysctl_shminfo ,"Q","shmmin");
9bccf70c 1000
91447636
A
1001SYSCTL_PROC(_kern_sysv, KSYSV_SHMMNI, shmmni, CTLTYPE_QUAD | CTLFLAG_RW,
1002 &shminfo.shmmni, 0, &sysctl_shminfo ,"Q","shmmni");
9bccf70c 1003
91447636
A
1004SYSCTL_PROC(_kern_sysv, KSYSV_SHMSEG, shmseg, CTLTYPE_QUAD | CTLFLAG_RW,
1005 &shminfo.shmseg, 0, &sysctl_shminfo ,"Q","shmseg");
9bccf70c 1006
91447636
A
1007SYSCTL_PROC(_kern_sysv, KSYSV_SHMALL, shmall, CTLTYPE_QUAD | CTLFLAG_RW,
1008 &shminfo.shmall, 0, &sysctl_shminfo ,"Q","shmall");
9bccf70c 1009
91447636 1010SYSCTL_NODE(_kern_sysv, OID_AUTO, ipcs, CTLFLAG_RW, 0, "SYSVIPCS");
9bccf70c 1011
91447636
A
1012SYSCTL_PROC(_kern_sysv_ipcs, OID_AUTO, shm, CTLFLAG_RW|CTLFLAG_ANYBODY,
1013 0, 0, IPCS_shm_sysctl,
1014 "S,IPCS_shm_command",
1015 "ipcs shm command interface");