]>
Commit | Line | Data |
---|---|---|
1c79356b | 1 | /* |
cb323159 | 2 | * Copyright (c) 2000-2019 Apple Inc. All rights reserved. |
5d5c5d0d | 3 | * |
2d21ac55 | 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
0a7de745 | 5 | * |
2d21ac55 A |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. The rights granted to you under the License | |
10 | * may not be used to create, or enable the creation or redistribution of, | |
11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
12 | * circumvent, violate, or enable the circumvention or violation of, any | |
13 | * terms of an Apple operating system software license agreement. | |
0a7de745 | 14 | * |
2d21ac55 A |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
0a7de745 | 17 | * |
2d21ac55 A |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
8f6c56a5 A |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
2d21ac55 A |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and | |
24 | * limitations under the License. | |
0a7de745 | 25 | * |
2d21ac55 | 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
1c79356b A |
27 | */ |
28 | /* $NetBSD: sysv_shm.c,v 1.23 1994/07/04 23:25:12 glass Exp $ */ | |
29 | ||
30 | /* | |
31 | * Copyright (c) 1994 Adam Glass and Charles Hannum. All rights reserved. | |
32 | * | |
33 | * Redistribution and use in source and binary forms, with or without | |
34 | * modification, are permitted provided that the following conditions | |
35 | * are met: | |
36 | * 1. Redistributions of source code must retain the above copyright | |
37 | * notice, this list of conditions and the following disclaimer. | |
38 | * 2. Redistributions in binary form must reproduce the above copyright | |
39 | * notice, this list of conditions and the following disclaimer in the | |
40 | * documentation and/or other materials provided with the distribution. | |
41 | * 3. All advertising materials mentioning features or use of this software | |
42 | * must display the following acknowledgement: | |
43 | * This product includes software developed by Adam Glass and Charles | |
44 | * Hannum. | |
45 | * 4. The names of the authors may not be used to endorse or promote products | |
46 | * derived from this software without specific prior written permission. | |
47 | * | |
48 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR | |
49 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
50 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
51 | * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, | |
52 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
53 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
54 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
55 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
56 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
57 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
58 | */ | |
2d21ac55 A |
59 | /* |
60 | * NOTICE: This file was modified by McAfee Research in 2004 to introduce | |
61 | * support for mandatory and extensible security protections. This notice | |
62 | * is included in support of clause 2.2 (b) of the Apple Public License, | |
63 | * Version 2.0. | |
64 | * Copyright (c) 2005-2006 SPARTA, Inc. | |
0a7de745 | 65 | */ |
1c79356b A |
66 | |
67 | ||
9bccf70c | 68 | #include <sys/appleapiopts.h> |
1c79356b A |
69 | #include <sys/param.h> |
70 | #include <sys/systm.h> | |
71 | #include <sys/kernel.h> | |
91447636 A |
72 | #include <sys/shm_internal.h> |
73 | #include <sys/proc_internal.h> | |
74 | #include <sys/kauth.h> | |
1c79356b A |
75 | #include <sys/malloc.h> |
76 | #include <sys/mman.h> | |
77 | #include <sys/stat.h> | |
9bccf70c | 78 | #include <sys/sysctl.h> |
91447636 A |
79 | #include <sys/ipcs.h> |
80 | #include <sys/sysent.h> | |
81 | #include <sys/sysproto.h> | |
2d21ac55 A |
82 | #if CONFIG_MACF |
83 | #include <security/mac_framework.h> | |
84 | #endif | |
e5568f75 | 85 | |
b0d623f7 | 86 | #include <security/audit/audit.h> |
1c79356b A |
87 | |
88 | #include <mach/mach_types.h> | |
89 | #include <mach/vm_inherit.h> | |
91447636 A |
90 | #include <mach/vm_map.h> |
91 | ||
92 | #include <mach/mach_vm.h> | |
93 | ||
1c79356b | 94 | #include <vm/vm_map.h> |
91447636 | 95 | #include <vm/vm_protos.h> |
3e170ce0 | 96 | #include <vm/vm_kern.h> |
1c79356b | 97 | |
91447636 | 98 | #include <kern/locks.h> |
39037602 | 99 | #include <os/overflow.h> |
1c79356b | 100 | |
2d21ac55 A |
101 | /* Uncomment this line to see MAC debugging output. */ |
102 | /* #define MAC_DEBUG */ | |
103 | #if CONFIG_MACF_DEBUG | |
0a7de745 | 104 | #define MPRINTF(a) printf a |
2d21ac55 | 105 | #else |
0a7de745 | 106 | #define MPRINTF(a) |
2d21ac55 A |
107 | #endif |
108 | ||
109 | #if SYSV_SHM | |
39037602 | 110 | static int shminit(void); |
1c79356b | 111 | |
91447636 A |
112 | static lck_grp_t *sysv_shm_subsys_lck_grp; |
113 | static lck_grp_attr_t *sysv_shm_subsys_lck_grp_attr; | |
114 | static lck_attr_t *sysv_shm_subsys_lck_attr; | |
115 | static lck_mtx_t sysv_shm_subsys_mutex; | |
1c79356b | 116 | |
91447636 A |
117 | #define SYSV_SHM_SUBSYS_LOCK() lck_mtx_lock(&sysv_shm_subsys_mutex) |
118 | #define SYSV_SHM_SUBSYS_UNLOCK() lck_mtx_unlock(&sysv_shm_subsys_mutex) | |
119 | ||
120 | static int oshmctl(void *p, void *uap, void *retval); | |
121 | static int shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, int * retval); | |
122 | static int shmget_existing(struct shmget_args *uap, int mode, int segnum, int * retval); | |
b0d623f7 A |
123 | static void shmid_ds_64to32(struct user_shmid_ds *in, struct user32_shmid_ds *out); |
124 | static void shmid_ds_32to64(struct user32_shmid_ds *in, struct user_shmid_ds *out); | |
1c79356b A |
125 | |
126 | /* XXX casting to (sy_call_t *) is bogus, as usual. */ | |
cb323159 | 127 | static sy_call_t* const shmcalls[] = { |
1c79356b A |
128 | (sy_call_t *)shmat, (sy_call_t *)oshmctl, |
129 | (sy_call_t *)shmdt, (sy_call_t *)shmget, | |
130 | (sy_call_t *)shmctl | |
131 | }; | |
132 | ||
0a7de745 A |
133 | #define SHMSEG_FREE 0x0200 |
134 | #define SHMSEG_REMOVED 0x0400 | |
135 | #define SHMSEG_ALLOCATED 0x0800 | |
136 | #define SHMSEG_WANTED 0x1000 | |
1c79356b A |
137 | |
138 | static int shm_last_free, shm_nused, shm_committed; | |
0a7de745 | 139 | struct shmid_kernel *shmsegs; /* 64 bit version */ |
9bccf70c | 140 | static int shm_inited = 0; |
1c79356b | 141 | |
b0d623f7 A |
142 | /* |
143 | * Since anonymous memory chunks are limited to ANON_MAX_SIZE bytes, | |
144 | * we have to keep a list of chunks when we want to handle a shared memory | |
145 | * segment bigger than ANON_MAX_SIZE. | |
146 | * Each chunk points to a VM named entry of up to ANON_MAX_SIZE bytes | |
147 | * of anonymous memory. | |
148 | */ | |
1c79356b | 149 | struct shm_handle { |
0a7de745 A |
150 | void * shm_object; /* named entry for this chunk*/ |
151 | memory_object_size_t shm_handle_size; /* size of this chunk */ | |
152 | struct shm_handle *shm_handle_next; /* next chunk */ | |
1c79356b A |
153 | }; |
154 | ||
155 | struct shmmap_state { | |
0a7de745 A |
156 | mach_vm_address_t va; /* user address */ |
157 | int shmid; /* segment id */ | |
1c79356b A |
158 | }; |
159 | ||
2d21ac55 | 160 | static void shm_deallocate_segment(struct shmid_kernel *); |
91447636 | 161 | static int shm_find_segment_by_key(key_t); |
2d21ac55 | 162 | static struct shmid_kernel *shm_find_segment_by_shmid(int); |
91447636 | 163 | static int shm_delete_mapping(struct proc *, struct shmmap_state *, int); |
1c79356b | 164 | |
9bccf70c | 165 | #ifdef __APPLE_API_PRIVATE |
0a7de745 A |
166 | #define DEFAULT_SHMMAX (4 * 1024 * 1024) |
167 | #define DEFAULT_SHMMIN 1 | |
168 | #define DEFAULT_SHMMNI 32 | |
169 | #define DEFAULT_SHMSEG 8 | |
170 | #define DEFAULT_SHMALL 1024 | |
3e170ce0 | 171 | |
39037602 | 172 | struct shminfo shminfo = { |
cb323159 A |
173 | .shmmax = DEFAULT_SHMMAX, |
174 | .shmmin = DEFAULT_SHMMIN, | |
175 | .shmmni = DEFAULT_SHMMNI, | |
176 | .shmseg = DEFAULT_SHMSEG, | |
177 | .shmall = DEFAULT_SHMALL | |
9bccf70c | 178 | }; |
39037602 A |
179 | |
180 | #define SHMID_IS_VALID(x) ((x) >= 0) | |
181 | #define SHMID_UNALLOCATED (-1) | |
182 | #define SHMID_SENTINEL (-2) | |
183 | ||
9bccf70c A |
184 | #endif /* __APPLE_API_PRIVATE */ |
185 | ||
91447636 A |
186 | void sysv_shm_lock_init(void); |
187 | ||
188 | static __inline__ time_t | |
189 | sysv_shmtime(void) | |
190 | { | |
0a7de745 | 191 | struct timeval tv; |
91447636 | 192 | microtime(&tv); |
0a7de745 | 193 | return tv.tv_sec; |
91447636 A |
194 | } |
195 | ||
196 | /* | |
197 | * This conversion is safe, since if we are converting for a 32 bit process, | |
198 | * then it's value of (struct shmid_ds)->shm_segsz will never exceed 4G. | |
199 | * | |
200 | * NOTE: Source and target may *NOT* overlap! (target is smaller) | |
201 | */ | |
202 | static void | |
b0d623f7 | 203 | shmid_ds_64to32(struct user_shmid_ds *in, struct user32_shmid_ds *out) |
91447636 A |
204 | { |
205 | out->shm_perm = in->shm_perm; | |
b0d623f7 | 206 | out->shm_segsz = in->shm_segsz; |
91447636 A |
207 | out->shm_lpid = in->shm_lpid; |
208 | out->shm_cpid = in->shm_cpid; | |
209 | out->shm_nattch = in->shm_nattch; | |
210 | out->shm_atime = in->shm_atime; | |
211 | out->shm_dtime = in->shm_dtime; | |
212 | out->shm_ctime = in->shm_ctime; | |
0a7de745 | 213 | out->shm_internal = CAST_DOWN_EXPLICIT(int, in->shm_internal); |
91447636 A |
214 | } |
215 | ||
216 | /* | |
217 | * NOTE: Source and target may are permitted to overlap! (source is smaller); | |
218 | * this works because we copy fields in order from the end of the struct to | |
219 | * the beginning. | |
220 | */ | |
221 | static void | |
b0d623f7 | 222 | shmid_ds_32to64(struct user32_shmid_ds *in, struct user_shmid_ds *out) |
91447636 | 223 | { |
b0d623f7 | 224 | out->shm_internal = in->shm_internal; |
91447636 A |
225 | out->shm_ctime = in->shm_ctime; |
226 | out->shm_dtime = in->shm_dtime; | |
227 | out->shm_atime = in->shm_atime; | |
228 | out->shm_nattch = in->shm_nattch; | |
229 | out->shm_cpid = in->shm_cpid; | |
230 | out->shm_lpid = in->shm_lpid; | |
b0d623f7 | 231 | out->shm_segsz = in->shm_segsz; |
91447636 A |
232 | out->shm_perm = in->shm_perm; |
233 | } | |
234 | ||
235 | ||
1c79356b | 236 | static int |
91447636 | 237 | shm_find_segment_by_key(key_t key) |
1c79356b A |
238 | { |
239 | int i; | |
240 | ||
0a7de745 | 241 | for (i = 0; i < shminfo.shmmni; i++) { |
2d21ac55 | 242 | if ((shmsegs[i].u.shm_perm.mode & SHMSEG_ALLOCATED) && |
0a7de745 | 243 | shmsegs[i].u.shm_perm._key == key) { |
1c79356b | 244 | return i; |
0a7de745 A |
245 | } |
246 | } | |
1c79356b A |
247 | return -1; |
248 | } | |
249 | ||
2d21ac55 | 250 | static struct shmid_kernel * |
91447636 | 251 | shm_find_segment_by_shmid(int shmid) |
1c79356b A |
252 | { |
253 | int segnum; | |
2d21ac55 | 254 | struct shmid_kernel *shmseg; |
1c79356b A |
255 | |
256 | segnum = IPCID_TO_IX(shmid); | |
0a7de745 | 257 | if (segnum < 0 || segnum >= shminfo.shmmni) { |
1c79356b | 258 | return NULL; |
0a7de745 | 259 | } |
1c79356b | 260 | shmseg = &shmsegs[segnum]; |
2d21ac55 | 261 | if ((shmseg->u.shm_perm.mode & (SHMSEG_ALLOCATED | SHMSEG_REMOVED)) |
1c79356b | 262 | != SHMSEG_ALLOCATED || |
0a7de745 | 263 | shmseg->u.shm_perm._seq != IPCID_TO_SEQ(shmid)) { |
1c79356b | 264 | return NULL; |
0a7de745 | 265 | } |
1c79356b A |
266 | return shmseg; |
267 | } | |
268 | ||
269 | static void | |
2d21ac55 | 270 | shm_deallocate_segment(struct shmid_kernel *shmseg) |
1c79356b | 271 | { |
b0d623f7 | 272 | struct shm_handle *shm_handle, *shm_handle_next; |
91447636 | 273 | mach_vm_size_t size; |
1c79356b | 274 | |
0a7de745 A |
275 | for (shm_handle = CAST_DOWN(void *, shmseg->u.shm_internal); /* tunnel */ |
276 | shm_handle != NULL; | |
277 | shm_handle = shm_handle_next) { | |
b0d623f7 A |
278 | shm_handle_next = shm_handle->shm_handle_next; |
279 | mach_memory_entry_port_release(shm_handle->shm_object); | |
0a7de745 | 280 | FREE(shm_handle, M_SHM); |
b0d623f7 | 281 | } |
0a7de745 | 282 | shmseg->u.shm_internal = USER_ADDR_NULL; /* tunnel */ |
b0d623f7 | 283 | size = mach_vm_round_page(shmseg->u.shm_segsz); |
1c79356b A |
284 | shm_committed -= btoc(size); |
285 | shm_nused--; | |
2d21ac55 A |
286 | shmseg->u.shm_perm.mode = SHMSEG_FREE; |
287 | #if CONFIG_MACF | |
288 | /* Reset the MAC label */ | |
289 | mac_sysvshm_label_recycle(shmseg); | |
290 | #endif | |
1c79356b A |
291 | } |
292 | ||
293 | static int | |
91447636 | 294 | shm_delete_mapping(__unused struct proc *p, struct shmmap_state *shmmap_s, |
0a7de745 | 295 | int deallocate) |
1c79356b | 296 | { |
2d21ac55 | 297 | struct shmid_kernel *shmseg; |
1c79356b | 298 | int segnum, result; |
91447636 | 299 | mach_vm_size_t size; |
1c79356b A |
300 | |
301 | segnum = IPCID_TO_IX(shmmap_s->shmid); | |
302 | shmseg = &shmsegs[segnum]; | |
0a7de745 | 303 | size = mach_vm_round_page(shmseg->u.shm_segsz); /* XXX done for us? */ |
55e303ae | 304 | if (deallocate) { |
0a7de745 A |
305 | result = mach_vm_deallocate(current_map(), shmmap_s->va, size); |
306 | if (result != KERN_SUCCESS) { | |
307 | return EINVAL; | |
308 | } | |
55e303ae | 309 | } |
39037602 | 310 | shmmap_s->shmid = SHMID_UNALLOCATED; |
2d21ac55 A |
311 | shmseg->u.shm_dtime = sysv_shmtime(); |
312 | if ((--shmseg->u.shm_nattch <= 0) && | |
313 | (shmseg->u.shm_perm.mode & SHMSEG_REMOVED)) { | |
1c79356b A |
314 | shm_deallocate_segment(shmseg); |
315 | shm_last_free = segnum; | |
316 | } | |
317 | return 0; | |
318 | } | |
319 | ||
1c79356b | 320 | int |
b0d623f7 | 321 | shmdt(struct proc *p, struct shmdt_args *uap, int32_t *retval) |
1c79356b | 322 | { |
2d21ac55 A |
323 | #if CONFIG_MACF |
324 | struct shmid_kernel *shmsegptr; | |
325 | #endif | |
1c79356b A |
326 | struct shmmap_state *shmmap_s; |
327 | int i; | |
91447636 A |
328 | int shmdtret = 0; |
329 | ||
2d21ac55 | 330 | AUDIT_ARG(svipc_addr, uap->shmaddr); |
91447636 A |
331 | |
332 | SYSV_SHM_SUBSYS_LOCK(); | |
1c79356b | 333 | |
39037602 A |
334 | if ((shmdtret = shminit())) { |
335 | goto shmdt_out; | |
91447636 | 336 | } |
39037602 | 337 | |
1c79356b | 338 | shmmap_s = (struct shmmap_state *)p->vm_shm; |
0a7de745 | 339 | if (shmmap_s == NULL) { |
91447636 A |
340 | shmdtret = EINVAL; |
341 | goto shmdt_out; | |
342 | } | |
343 | ||
39037602 A |
344 | for (; shmmap_s->shmid != SHMID_SENTINEL; shmmap_s++) { |
345 | if (SHMID_IS_VALID(shmmap_s->shmid) && | |
346 | shmmap_s->va == (mach_vm_offset_t)uap->shmaddr) { | |
1c79356b | 347 | break; |
39037602 A |
348 | } |
349 | } | |
350 | ||
351 | if (!SHMID_IS_VALID(shmmap_s->shmid)) { | |
91447636 A |
352 | shmdtret = EINVAL; |
353 | goto shmdt_out; | |
354 | } | |
39037602 | 355 | |
2d21ac55 A |
356 | #if CONFIG_MACF |
357 | /* | |
358 | * XXX: It might be useful to move this into the shm_delete_mapping | |
359 | * function | |
360 | */ | |
361 | shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)]; | |
362 | shmdtret = mac_sysvshm_check_shmdt(kauth_cred_get(), shmsegptr); | |
0a7de745 | 363 | if (shmdtret) { |
2d21ac55 | 364 | goto shmdt_out; |
0a7de745 | 365 | } |
2d21ac55 | 366 | #endif |
91447636 A |
367 | i = shm_delete_mapping(p, shmmap_s, 1); |
368 | ||
0a7de745 | 369 | if (i == 0) { |
91447636 | 370 | *retval = 0; |
0a7de745 | 371 | } |
91447636 A |
372 | shmdtret = i; |
373 | shmdt_out: | |
374 | SYSV_SHM_SUBSYS_UNLOCK(); | |
375 | return shmdtret; | |
1c79356b A |
376 | } |
377 | ||
1c79356b | 378 | int |
2d21ac55 | 379 | shmat(struct proc *p, struct shmat_args *uap, user_addr_t *retval) |
1c79356b A |
380 | { |
381 | int error, i, flags; | |
0a7de745 A |
382 | struct shmid_kernel *shmseg; |
383 | struct shmmap_state *shmmap_s = NULL; | |
384 | struct shm_handle *shm_handle; | |
385 | mach_vm_address_t attach_va; /* attach address in/out */ | |
386 | mach_vm_size_t map_size; /* size of map entry */ | |
387 | mach_vm_size_t mapped_size; | |
3e170ce0 | 388 | vm_prot_t prot; |
0a7de745 A |
389 | size_t size; |
390 | kern_return_t rv; | |
391 | int shmat_ret; | |
392 | int vm_flags; | |
b0d623f7 A |
393 | |
394 | shmat_ret = 0; | |
1c79356b | 395 | |
55e303ae | 396 | AUDIT_ARG(svipc_id, uap->shmid); |
2d21ac55 | 397 | AUDIT_ARG(svipc_addr, uap->shmaddr); |
91447636 A |
398 | |
399 | SYSV_SHM_SUBSYS_LOCK(); | |
400 | ||
39037602 A |
401 | if ((shmat_ret = shminit())) { |
402 | goto shmat_out; | |
91447636 A |
403 | } |
404 | ||
1c79356b A |
405 | shmmap_s = (struct shmmap_state *)p->vm_shm; |
406 | if (shmmap_s == NULL) { | |
39037602 A |
407 | /* lazily allocate the shm map */ |
408 | ||
409 | int nsegs = shminfo.shmseg; | |
410 | if (nsegs <= 0) { | |
411 | shmat_ret = EMFILE; | |
412 | goto shmat_out; | |
413 | } | |
414 | ||
415 | /* +1 for the sentinel */ | |
416 | if (os_add_and_mul_overflow(nsegs, 1, sizeof(struct shmmap_state), &size)) { | |
0a7de745 A |
417 | shmat_ret = ENOMEM; |
418 | goto shmat_out; | |
39037602 A |
419 | } |
420 | ||
813fb2f6 | 421 | MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK | M_NULL); |
91447636 A |
422 | if (shmmap_s == NULL) { |
423 | shmat_ret = ENOMEM; | |
424 | goto shmat_out; | |
425 | } | |
39037602 A |
426 | |
427 | /* initialize the entries */ | |
428 | for (i = 0; i < nsegs; i++) { | |
429 | shmmap_s[i].shmid = SHMID_UNALLOCATED; | |
430 | } | |
431 | shmmap_s[i].shmid = SHMID_SENTINEL; | |
432 | ||
1c79356b A |
433 | p->vm_shm = (caddr_t)shmmap_s; |
434 | } | |
39037602 | 435 | |
1c79356b | 436 | shmseg = shm_find_segment_by_shmid(uap->shmid); |
91447636 A |
437 | if (shmseg == NULL) { |
438 | shmat_ret = EINVAL; | |
439 | goto shmat_out; | |
440 | } | |
55e303ae | 441 | |
2d21ac55 A |
442 | AUDIT_ARG(svipc_perm, &shmseg->u.shm_perm); |
443 | error = ipcperm(kauth_cred_get(), &shmseg->u.shm_perm, | |
0a7de745 | 444 | (uap->shmflg & SHM_RDONLY) ? IPC_R : IPC_R | IPC_W); |
91447636 A |
445 | if (error) { |
446 | shmat_ret = error; | |
447 | goto shmat_out; | |
448 | } | |
449 | ||
2d21ac55 A |
450 | #if CONFIG_MACF |
451 | error = mac_sysvshm_check_shmat(kauth_cred_get(), shmseg, uap->shmflg); | |
452 | if (error) { | |
453 | shmat_ret = error; | |
454 | goto shmat_out; | |
455 | } | |
456 | #endif | |
39037602 A |
457 | |
458 | /* find a free shmid */ | |
459 | while (SHMID_IS_VALID(shmmap_s->shmid)) { | |
1c79356b A |
460 | shmmap_s++; |
461 | } | |
39037602 A |
462 | if (shmmap_s->shmid != SHMID_UNALLOCATED) { |
463 | /* no free shmids */ | |
91447636 A |
464 | shmat_ret = EMFILE; |
465 | goto shmat_out; | |
466 | } | |
467 | ||
2d21ac55 | 468 | map_size = mach_vm_round_page(shmseg->u.shm_segsz); |
1c79356b | 469 | prot = VM_PROT_READ; |
0a7de745 | 470 | if ((uap->shmflg & SHM_RDONLY) == 0) { |
1c79356b | 471 | prot |= VM_PROT_WRITE; |
0a7de745 | 472 | } |
1c79356b | 473 | flags = MAP_ANON | MAP_SHARED; |
0a7de745 | 474 | if (uap->shmaddr) { |
1c79356b | 475 | flags |= MAP_FIXED; |
0a7de745 | 476 | } |
91447636 A |
477 | |
478 | attach_va = (mach_vm_address_t)uap->shmaddr; | |
0a7de745 A |
479 | if (uap->shmflg & SHM_RND) { |
480 | attach_va &= ~(SHMLBA - 1); | |
481 | } else if ((attach_va & (SHMLBA - 1)) != 0) { | |
91447636 A |
482 | shmat_ret = EINVAL; |
483 | goto shmat_out; | |
484 | } | |
485 | ||
b0d623f7 A |
486 | if (flags & MAP_FIXED) { |
487 | vm_flags = VM_FLAGS_FIXED; | |
488 | } else { | |
489 | vm_flags = VM_FLAGS_ANYWHERE; | |
490 | } | |
491 | ||
492 | mapped_size = 0; | |
493 | ||
494 | /* first reserve enough space... */ | |
5ba3f43e | 495 | rv = mach_vm_map_kernel(current_map(), |
0a7de745 A |
496 | &attach_va, |
497 | map_size, | |
498 | 0, | |
499 | vm_flags, | |
500 | VM_MAP_KERNEL_FLAGS_NONE, | |
501 | VM_KERN_MEMORY_NONE, | |
502 | IPC_PORT_NULL, | |
503 | 0, | |
504 | FALSE, | |
505 | VM_PROT_NONE, | |
506 | VM_PROT_NONE, | |
507 | VM_INHERIT_NONE); | |
b0d623f7 A |
508 | if (rv != KERN_SUCCESS) { |
509 | goto out; | |
510 | } | |
91447636 | 511 | |
b0d623f7 A |
512 | shmmap_s->va = attach_va; |
513 | ||
514 | /* ... then map the shared memory over the reserved space */ | |
515 | for (shm_handle = CAST_DOWN(void *, shmseg->u.shm_internal);/* tunnel */ | |
0a7de745 A |
516 | shm_handle != NULL; |
517 | shm_handle = shm_handle->shm_handle_next) { | |
b0d623f7 | 518 | rv = vm_map_enter_mem_object( |
0a7de745 A |
519 | current_map(), /* process map */ |
520 | &attach_va, /* attach address */ | |
b0d623f7 | 521 | shm_handle->shm_handle_size, /* segment size */ |
0a7de745 | 522 | (mach_vm_offset_t)0, /* alignment mask */ |
b0d623f7 | 523 | VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE, |
5ba3f43e A |
524 | VM_MAP_KERNEL_FLAGS_NONE, |
525 | VM_KERN_MEMORY_NONE, | |
91447636 A |
526 | shm_handle->shm_object, |
527 | (mach_vm_offset_t)0, | |
528 | FALSE, | |
529 | prot, | |
530 | prot, | |
b0d623f7 | 531 | VM_INHERIT_SHARE); |
0a7de745 | 532 | if (rv != KERN_SUCCESS) { |
1c79356b | 533 | goto out; |
0a7de745 | 534 | } |
91447636 | 535 | |
b0d623f7 A |
536 | mapped_size += shm_handle->shm_handle_size; |
537 | attach_va = attach_va + shm_handle->shm_handle_size; | |
1c79356b A |
538 | } |
539 | ||
1c79356b | 540 | shmmap_s->shmid = uap->shmid; |
2d21ac55 A |
541 | shmseg->u.shm_lpid = p->p_pid; |
542 | shmseg->u.shm_atime = sysv_shmtime(); | |
543 | shmseg->u.shm_nattch++; | |
0a7de745 | 544 | *retval = shmmap_s->va; /* XXX return -1 on error */ |
91447636 A |
545 | shmat_ret = 0; |
546 | goto shmat_out; | |
1c79356b | 547 | out: |
b0d623f7 A |
548 | if (mapped_size > 0) { |
549 | (void) mach_vm_deallocate(current_map(), | |
0a7de745 A |
550 | shmmap_s->va, |
551 | mapped_size); | |
b0d623f7 | 552 | } |
1c79356b A |
553 | switch (rv) { |
554 | case KERN_INVALID_ADDRESS: | |
555 | case KERN_NO_SPACE: | |
91447636 | 556 | shmat_ret = ENOMEM; |
b0d623f7 | 557 | break; |
1c79356b | 558 | case KERN_PROTECTION_FAILURE: |
91447636 | 559 | shmat_ret = EACCES; |
b0d623f7 | 560 | break; |
1c79356b | 561 | default: |
91447636 | 562 | shmat_ret = EINVAL; |
b0d623f7 | 563 | break; |
1c79356b | 564 | } |
91447636 A |
565 | shmat_out: |
566 | SYSV_SHM_SUBSYS_UNLOCK(); | |
567 | return shmat_ret; | |
1c79356b A |
568 | } |
569 | ||
1c79356b | 570 | static int |
91447636 | 571 | oshmctl(__unused void *p, __unused void *uap, __unused void *retval) |
1c79356b | 572 | { |
1c79356b | 573 | return EINVAL; |
1c79356b A |
574 | } |
575 | ||
2d21ac55 A |
576 | /* |
577 | * Returns: 0 Success | |
578 | * EINVAL | |
579 | * copyout:EFAULT | |
580 | * copyin:EFAULT | |
581 | * ipcperm:EPERM | |
582 | * ipcperm:EACCES | |
583 | */ | |
1c79356b | 584 | int |
b0d623f7 | 585 | shmctl(__unused struct proc *p, struct shmctl_args *uap, int32_t *retval) |
1c79356b A |
586 | { |
587 | int error; | |
91447636 A |
588 | kauth_cred_t cred = kauth_cred_get(); |
589 | struct user_shmid_ds inbuf; | |
2d21ac55 | 590 | struct shmid_kernel *shmseg; |
91447636 A |
591 | |
592 | int shmctl_ret = 0; | |
1c79356b | 593 | |
55e303ae A |
594 | AUDIT_ARG(svipc_cmd, uap->cmd); |
595 | AUDIT_ARG(svipc_id, uap->shmid); | |
91447636 A |
596 | |
597 | SYSV_SHM_SUBSYS_LOCK(); | |
598 | ||
39037602 A |
599 | if ((shmctl_ret = shminit())) { |
600 | goto shmctl_out; | |
91447636 A |
601 | } |
602 | ||
1c79356b | 603 | shmseg = shm_find_segment_by_shmid(uap->shmid); |
91447636 A |
604 | if (shmseg == NULL) { |
605 | shmctl_ret = EINVAL; | |
606 | goto shmctl_out; | |
607 | } | |
608 | ||
0a7de745 | 609 | /* XXAUDIT: This is the perms BEFORE any change by this call. This |
55e303ae A |
610 | * may not be what is desired. |
611 | */ | |
2d21ac55 | 612 | AUDIT_ARG(svipc_perm, &shmseg->u.shm_perm); |
55e303ae | 613 | |
2d21ac55 A |
614 | #if CONFIG_MACF |
615 | error = mac_sysvshm_check_shmctl(cred, shmseg, uap->cmd); | |
616 | if (error) { | |
617 | shmctl_ret = error; | |
618 | goto shmctl_out; | |
619 | } | |
620 | #endif | |
1c79356b A |
621 | switch (uap->cmd) { |
622 | case IPC_STAT: | |
2d21ac55 | 623 | error = ipcperm(cred, &shmseg->u.shm_perm, IPC_R); |
91447636 A |
624 | if (error) { |
625 | shmctl_ret = error; | |
626 | goto shmctl_out; | |
627 | } | |
628 | ||
629 | if (IS_64BIT_PROCESS(p)) { | |
e8c3f781 | 630 | struct user_shmid_ds shmid_ds = {}; |
22ba694c | 631 | memcpy(&shmid_ds, &shmseg->u, sizeof(struct user_shmid_ds)); |
0a7de745 | 632 | |
22ba694c A |
633 | /* Clear kernel reserved pointer before copying to user space */ |
634 | shmid_ds.shm_internal = USER_ADDR_NULL; | |
0a7de745 | 635 | |
22ba694c | 636 | error = copyout(&shmid_ds, uap->buf, sizeof(shmid_ds)); |
91447636 | 637 | } else { |
5ba3f43e | 638 | struct user32_shmid_ds shmid_ds32 = {}; |
2d21ac55 | 639 | shmid_ds_64to32(&shmseg->u, &shmid_ds32); |
0a7de745 | 640 | |
22ba694c A |
641 | /* Clear kernel reserved pointer before copying to user space */ |
642 | shmid_ds32.shm_internal = (user32_addr_t)0; | |
0a7de745 | 643 | |
b0d623f7 | 644 | error = copyout(&shmid_ds32, uap->buf, sizeof(shmid_ds32)); |
91447636 A |
645 | } |
646 | if (error) { | |
647 | shmctl_ret = error; | |
648 | goto shmctl_out; | |
649 | } | |
1c79356b A |
650 | break; |
651 | case IPC_SET: | |
2d21ac55 | 652 | error = ipcperm(cred, &shmseg->u.shm_perm, IPC_M); |
91447636 A |
653 | if (error) { |
654 | shmctl_ret = error; | |
655 | goto shmctl_out; | |
656 | } | |
657 | if (IS_64BIT_PROCESS(p)) { | |
658 | error = copyin(uap->buf, &inbuf, sizeof(struct user_shmid_ds)); | |
659 | } else { | |
b0d623f7 A |
660 | struct user32_shmid_ds shmid_ds32; |
661 | error = copyin(uap->buf, &shmid_ds32, sizeof(shmid_ds32)); | |
91447636 | 662 | /* convert in place; ugly, but safe */ |
b0d623f7 | 663 | shmid_ds_32to64(&shmid_ds32, &inbuf); |
91447636 A |
664 | } |
665 | if (error) { | |
666 | shmctl_ret = error; | |
667 | goto shmctl_out; | |
668 | } | |
2d21ac55 A |
669 | shmseg->u.shm_perm.uid = inbuf.shm_perm.uid; |
670 | shmseg->u.shm_perm.gid = inbuf.shm_perm.gid; | |
671 | shmseg->u.shm_perm.mode = | |
672 | (shmseg->u.shm_perm.mode & ~ACCESSPERMS) | | |
1c79356b | 673 | (inbuf.shm_perm.mode & ACCESSPERMS); |
2d21ac55 | 674 | shmseg->u.shm_ctime = sysv_shmtime(); |
1c79356b A |
675 | break; |
676 | case IPC_RMID: | |
2d21ac55 | 677 | error = ipcperm(cred, &shmseg->u.shm_perm, IPC_M); |
91447636 A |
678 | if (error) { |
679 | shmctl_ret = error; | |
680 | goto shmctl_out; | |
681 | } | |
2d21ac55 A |
682 | shmseg->u.shm_perm._key = IPC_PRIVATE; |
683 | shmseg->u.shm_perm.mode |= SHMSEG_REMOVED; | |
684 | if (shmseg->u.shm_nattch <= 0) { | |
1c79356b A |
685 | shm_deallocate_segment(shmseg); |
686 | shm_last_free = IPCID_TO_IX(uap->shmid); | |
687 | } | |
688 | break; | |
689 | #if 0 | |
690 | case SHM_LOCK: | |
691 | case SHM_UNLOCK: | |
692 | #endif | |
693 | default: | |
91447636 A |
694 | shmctl_ret = EINVAL; |
695 | goto shmctl_out; | |
1c79356b | 696 | } |
91447636 A |
697 | *retval = 0; |
698 | shmctl_ret = 0; | |
699 | shmctl_out: | |
700 | SYSV_SHM_SUBSYS_UNLOCK(); | |
701 | return shmctl_ret; | |
1c79356b A |
702 | } |
703 | ||
1c79356b | 704 | static int |
91447636 | 705 | shmget_existing(struct shmget_args *uap, int mode, int segnum, int *retval) |
1c79356b | 706 | { |
2d21ac55 A |
707 | struct shmid_kernel *shmseg; |
708 | int error = 0; | |
1c79356b A |
709 | |
710 | shmseg = &shmsegs[segnum]; | |
2d21ac55 | 711 | if (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) { |
1c79356b A |
712 | /* |
713 | * This segment is in the process of being allocated. Wait | |
714 | * until it's done, and look the key up again (in case the | |
715 | * allocation failed or it was freed). | |
716 | */ | |
2d21ac55 | 717 | shmseg->u.shm_perm.mode |= SHMSEG_WANTED; |
1c79356b | 718 | error = tsleep((caddr_t)shmseg, PLOCK | PCATCH, "shmget", 0); |
0a7de745 | 719 | if (error) { |
1c79356b | 720 | return error; |
0a7de745 | 721 | } |
1c79356b A |
722 | return EAGAIN; |
723 | } | |
2d21ac55 A |
724 | |
725 | /* | |
726 | * The low 9 bits of shmflag are the mode bits being requested, which | |
727 | * are the actual mode bits desired on the segment, and not in IPC_R | |
728 | * form; therefore it would be incorrect to call ipcperm() to validate | |
729 | * them; instead, we AND the existing mode with the requested mode, and | |
730 | * verify that it matches the requested mode; otherwise, we fail with | |
731 | * EACCES (access denied). | |
732 | */ | |
0a7de745 | 733 | if ((shmseg->u.shm_perm.mode & mode) != mode) { |
2d21ac55 | 734 | return EACCES; |
0a7de745 | 735 | } |
2d21ac55 A |
736 | |
737 | #if CONFIG_MACF | |
738 | error = mac_sysvshm_check_shmget(kauth_cred_get(), shmseg, uap->shmflg); | |
0a7de745 A |
739 | if (error) { |
740 | return error; | |
741 | } | |
2d21ac55 A |
742 | #endif |
743 | ||
0a7de745 | 744 | if (uap->size && uap->size > shmseg->u.shm_segsz) { |
1c79356b | 745 | return EINVAL; |
0a7de745 | 746 | } |
2d21ac55 | 747 | |
0a7de745 | 748 | if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL)) { |
1c79356b | 749 | return EEXIST; |
0a7de745 | 750 | } |
2d21ac55 A |
751 | |
752 | *retval = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm); | |
1c79356b A |
753 | return 0; |
754 | } | |
755 | ||
756 | static int | |
91447636 | 757 | shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, |
0a7de745 | 758 | int *retval) |
1c79356b | 759 | { |
2d21ac55 | 760 | int i, segnum, shmid; |
91447636 | 761 | kauth_cred_t cred = kauth_cred_get(); |
2d21ac55 | 762 | struct shmid_kernel *shmseg; |
1c79356b A |
763 | struct shm_handle *shm_handle; |
764 | kern_return_t kret; | |
b0d623f7 | 765 | mach_vm_size_t total_size, size, alloc_size; |
1c79356b | 766 | void * mem_object; |
b0d623f7 | 767 | struct shm_handle *shm_handle_next, **shm_handle_next_p; |
1c79356b | 768 | |
39037602 | 769 | if (uap->size <= 0 || |
0a7de745 A |
770 | uap->size < (user_size_t)shminfo.shmmin || |
771 | uap->size > (user_size_t)shminfo.shmmax) { | |
1c79356b | 772 | return EINVAL; |
39037602 | 773 | } |
0a7de745 | 774 | if (shm_nused >= shminfo.shmmni) { /* any shmids left? */ |
1c79356b | 775 | return ENOSPC; |
0a7de745 | 776 | } |
39037602 A |
777 | if (mach_vm_round_page_overflow(uap->size, &total_size)) { |
778 | return EINVAL; | |
779 | } | |
0a7de745 | 780 | if ((user_ssize_t)(shm_committed + btoc(total_size)) > shminfo.shmall) { |
1c79356b | 781 | return ENOMEM; |
0a7de745 | 782 | } |
1c79356b | 783 | if (shm_last_free < 0) { |
0a7de745 A |
784 | for (i = 0; i < shminfo.shmmni; i++) { |
785 | if (shmsegs[i].u.shm_perm.mode & SHMSEG_FREE) { | |
1c79356b | 786 | break; |
0a7de745 A |
787 | } |
788 | } | |
789 | if (i == shminfo.shmmni) { | |
1c79356b | 790 | panic("shmseg free count inconsistent"); |
0a7de745 | 791 | } |
1c79356b | 792 | segnum = i; |
0a7de745 | 793 | } else { |
1c79356b A |
794 | segnum = shm_last_free; |
795 | shm_last_free = -1; | |
796 | } | |
797 | shmseg = &shmsegs[segnum]; | |
b0d623f7 | 798 | |
1c79356b A |
799 | /* |
800 | * In case we sleep in malloc(), mark the segment present but deleted | |
801 | * so that noone else tries to create the same key. | |
b0d623f7 | 802 | * XXX but we don't release the global lock !? |
1c79356b | 803 | */ |
2d21ac55 A |
804 | shmseg->u.shm_perm.mode = SHMSEG_ALLOCATED | SHMSEG_REMOVED; |
805 | shmseg->u.shm_perm._key = uap->key; | |
806 | shmseg->u.shm_perm._seq = (shmseg->u.shm_perm._seq + 1) & 0x7fff; | |
b0d623f7 A |
807 | |
808 | shm_handle_next_p = NULL; | |
809 | for (alloc_size = 0; | |
0a7de745 A |
810 | alloc_size < total_size; |
811 | alloc_size += size) { | |
b0d623f7 A |
812 | size = MIN(total_size - alloc_size, ANON_MAX_SIZE); |
813 | kret = mach_make_memory_entry_64( | |
814 | VM_MAP_NULL, | |
815 | (memory_object_size_t *) &size, | |
816 | (memory_object_offset_t) 0, | |
817 | MAP_MEM_NAMED_CREATE | VM_PROT_DEFAULT, | |
818 | (ipc_port_t *) &mem_object, 0); | |
0a7de745 | 819 | if (kret != KERN_SUCCESS) { |
b0d623f7 | 820 | goto out; |
0a7de745 A |
821 | } |
822 | ||
b0d623f7 A |
823 | MALLOC(shm_handle, struct shm_handle *, sizeof(struct shm_handle), M_SHM, M_WAITOK); |
824 | if (shm_handle == NULL) { | |
825 | kret = KERN_NO_SPACE; | |
826 | mach_memory_entry_port_release(mem_object); | |
827 | mem_object = NULL; | |
828 | goto out; | |
829 | } | |
830 | shm_handle->shm_object = mem_object; | |
831 | shm_handle->shm_handle_size = size; | |
832 | shm_handle->shm_handle_next = NULL; | |
833 | if (shm_handle_next_p == NULL) { | |
834 | shmseg->u.shm_internal = CAST_USER_ADDR_T(shm_handle);/* tunnel */ | |
835 | } else { | |
836 | *shm_handle_next_p = shm_handle; | |
837 | } | |
838 | shm_handle_next_p = &shm_handle->shm_handle_next; | |
91447636 | 839 | } |
b0d623f7 | 840 | |
2d21ac55 | 841 | shmid = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm); |
1c79356b | 842 | |
2d21ac55 | 843 | shmseg->u.shm_perm.cuid = shmseg->u.shm_perm.uid = kauth_cred_getuid(cred); |
6d2010ae | 844 | shmseg->u.shm_perm.cgid = shmseg->u.shm_perm.gid = kauth_cred_getgid(cred); |
2d21ac55 | 845 | shmseg->u.shm_perm.mode = (shmseg->u.shm_perm.mode & SHMSEG_WANTED) | |
1c79356b | 846 | (mode & ACCESSPERMS) | SHMSEG_ALLOCATED; |
2d21ac55 A |
847 | shmseg->u.shm_segsz = uap->size; |
848 | shmseg->u.shm_cpid = p->p_pid; | |
849 | shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0; | |
850 | shmseg->u.shm_atime = shmseg->u.shm_dtime = 0; | |
851 | #if CONFIG_MACF | |
852 | mac_sysvshm_label_associate(cred, shmseg); | |
853 | #endif | |
854 | shmseg->u.shm_ctime = sysv_shmtime(); | |
1c79356b A |
855 | shm_committed += btoc(size); |
856 | shm_nused++; | |
2d21ac55 A |
857 | AUDIT_ARG(svipc_perm, &shmseg->u.shm_perm); |
858 | if (shmseg->u.shm_perm.mode & SHMSEG_WANTED) { | |
1c79356b A |
859 | /* |
860 | * Somebody else wanted this key while we were asleep. Wake | |
861 | * them up now. | |
862 | */ | |
2d21ac55 | 863 | shmseg->u.shm_perm.mode &= ~SHMSEG_WANTED; |
1c79356b A |
864 | wakeup((caddr_t)shmseg); |
865 | } | |
866 | *retval = shmid; | |
55e303ae | 867 | AUDIT_ARG(svipc_id, shmid); |
1c79356b | 868 | return 0; |
0a7de745 | 869 | out: |
b0d623f7 | 870 | if (kret != KERN_SUCCESS) { |
0a7de745 A |
871 | for (shm_handle = CAST_DOWN(void *, shmseg->u.shm_internal); /* tunnel */ |
872 | shm_handle != NULL; | |
873 | shm_handle = shm_handle_next) { | |
b0d623f7 A |
874 | shm_handle_next = shm_handle->shm_handle_next; |
875 | mach_memory_entry_port_release(shm_handle->shm_object); | |
0a7de745 | 876 | FREE(shm_handle, M_SHM); |
b0d623f7 A |
877 | } |
878 | shmseg->u.shm_internal = USER_ADDR_NULL; /* tunnel */ | |
879 | } | |
880 | ||
1c79356b A |
881 | switch (kret) { |
882 | case KERN_INVALID_ADDRESS: | |
883 | case KERN_NO_SPACE: | |
0a7de745 | 884 | return ENOMEM; |
1c79356b | 885 | case KERN_PROTECTION_FAILURE: |
0a7de745 | 886 | return EACCES; |
1c79356b | 887 | default: |
0a7de745 | 888 | return EINVAL; |
1c79356b | 889 | } |
1c79356b A |
890 | } |
891 | ||
892 | int | |
b0d623f7 | 893 | shmget(struct proc *p, struct shmget_args *uap, int32_t *retval) |
1c79356b A |
894 | { |
895 | int segnum, mode, error; | |
91447636 | 896 | int shmget_ret = 0; |
39037602 | 897 | |
55e303ae | 898 | /* Auditing is actually done in shmget_allocate_segment() */ |
91447636 A |
899 | |
900 | SYSV_SHM_SUBSYS_LOCK(); | |
901 | ||
39037602 A |
902 | if ((shmget_ret = shminit())) { |
903 | goto shmget_out; | |
91447636 | 904 | } |
9bccf70c | 905 | |
1c79356b A |
906 | mode = uap->shmflg & ACCESSPERMS; |
907 | if (uap->key != IPC_PRIVATE) { | |
0a7de745 | 908 | again: |
1c79356b A |
909 | segnum = shm_find_segment_by_key(uap->key); |
910 | if (segnum >= 0) { | |
91447636 | 911 | error = shmget_existing(uap, mode, segnum, retval); |
0a7de745 | 912 | if (error == EAGAIN) { |
1c79356b | 913 | goto again; |
0a7de745 | 914 | } |
91447636 A |
915 | shmget_ret = error; |
916 | goto shmget_out; | |
917 | } | |
918 | if ((uap->shmflg & IPC_CREAT) == 0) { | |
919 | shmget_ret = ENOENT; | |
920 | goto shmget_out; | |
1c79356b | 921 | } |
1c79356b | 922 | } |
91447636 A |
923 | shmget_ret = shmget_allocate_segment(p, uap, mode, retval); |
924 | shmget_out: | |
925 | SYSV_SHM_SUBSYS_UNLOCK(); | |
926 | return shmget_ret; | |
1c79356b A |
927 | } |
928 | ||
b0d623f7 A |
929 | /* |
930 | * shmsys | |
931 | * | |
932 | * Entry point for all SHM calls: shmat, oshmctl, shmdt, shmget, shmctl | |
933 | * | |
934 | * Parameters: p Process requesting the call | |
0a7de745 A |
935 | * uap User argument descriptor (see below) |
936 | * retval Return value of the selected shm call | |
b0d623f7 A |
937 | * |
938 | * Indirect parameters: uap->which msg call to invoke (index in array of shm calls) | |
0a7de745 A |
939 | * uap->a2 User argument descriptor |
940 | * | |
b0d623f7 | 941 | * Returns: 0 Success |
0a7de745 | 942 | * !0 Not success |
b0d623f7 A |
943 | * |
944 | * Implicit returns: retval Return value of the selected shm call | |
945 | * | |
0a7de745 A |
946 | * DEPRECATED: This interface should not be used to call the other SHM |
947 | * functions (shmat, oshmctl, shmdt, shmget, shmctl). The correct | |
948 | * usage is to call the other SHM functions directly. | |
b0d623f7 | 949 | */ |
1c79356b | 950 | int |
b0d623f7 | 951 | shmsys(struct proc *p, struct shmsys_args *uap, int32_t *retval) |
1c79356b | 952 | { |
91447636 | 953 | /* The routine that we are dispatching already does this */ |
9bccf70c | 954 | |
0a7de745 | 955 | if (uap->which >= sizeof(shmcalls) / sizeof(shmcalls[0])) { |
1c79356b | 956 | return EINVAL; |
0a7de745 A |
957 | } |
958 | return (*shmcalls[uap->which])(p, &uap->a2, retval); | |
1c79356b A |
959 | } |
960 | ||
91447636 A |
961 | /* |
962 | * Return 0 on success, 1 on failure. | |
963 | */ | |
964 | int | |
965 | shmfork(struct proc *p1, struct proc *p2) | |
1c79356b A |
966 | { |
967 | struct shmmap_state *shmmap_s; | |
39037602 A |
968 | size_t size; |
969 | int nsegs = 0; | |
970 | int ret = 0; | |
1c79356b | 971 | |
91447636 A |
972 | SYSV_SHM_SUBSYS_LOCK(); |
973 | ||
39037602 A |
974 | if (shminit()) { |
975 | ret = 1; | |
976 | goto shmfork_out; | |
977 | } | |
978 | ||
979 | struct shmmap_state *src = (struct shmmap_state *)p1->vm_shm; | |
980 | assert(src); | |
981 | ||
982 | /* count number of shmid entries in src */ | |
983 | for (struct shmmap_state *s = src; s->shmid != SHMID_SENTINEL; s++) { | |
984 | nsegs++; | |
985 | } | |
986 | ||
987 | if (os_add_and_mul_overflow(nsegs, 1, sizeof(struct shmmap_state), &size)) { | |
988 | ret = 1; | |
989 | goto shmfork_out; | |
91447636 | 990 | } |
91447636 | 991 | MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK); |
39037602 A |
992 | if (shmmap_s == NULL) { |
993 | ret = 1; | |
91447636 A |
994 | goto shmfork_out; |
995 | } | |
996 | ||
39037602 A |
997 | bcopy(src, (caddr_t)shmmap_s, size); |
998 | p2->vm_shm = (caddr_t)shmmap_s; | |
999 | for (; shmmap_s->shmid != SHMID_SENTINEL; shmmap_s++) { | |
1000 | if (SHMID_IS_VALID(shmmap_s->shmid)) { | |
1001 | shmsegs[IPCID_TO_IX(shmmap_s->shmid)].u.shm_nattch++; | |
1002 | } | |
1003 | } | |
1004 | ||
91447636 A |
1005 | shmfork_out: |
1006 | SYSV_SHM_SUBSYS_UNLOCK(); | |
39037602 | 1007 | return ret; |
1c79356b A |
1008 | } |
1009 | ||
39037602 A |
1010 | static void |
1011 | shmcleanup(struct proc *p, int deallocate) | |
1c79356b A |
1012 | { |
1013 | struct shmmap_state *shmmap_s; | |
91447636 A |
1014 | |
1015 | SYSV_SHM_SUBSYS_LOCK(); | |
39037602 A |
1016 | |
1017 | shmmap_s = (struct shmmap_state *)p->vm_shm; | |
1018 | for (; shmmap_s->shmid != SHMID_SENTINEL; shmmap_s++) { | |
1019 | if (SHMID_IS_VALID(shmmap_s->shmid)) { | |
2d21ac55 A |
1020 | /* |
1021 | * XXX: Should the MAC framework enforce | |
1022 | * check here as well. | |
1023 | */ | |
39037602 A |
1024 | shm_delete_mapping(p, shmmap_s, deallocate); |
1025 | } | |
1026 | } | |
1027 | ||
0a7de745 | 1028 | FREE(p->vm_shm, M_SHM); |
55e303ae | 1029 | p->vm_shm = NULL; |
91447636 | 1030 | SYSV_SHM_SUBSYS_UNLOCK(); |
55e303ae A |
1031 | } |
1032 | ||
39037602 A |
1033 | void |
1034 | shmexit(struct proc *p) | |
1035 | { | |
1036 | shmcleanup(p, 1); | |
1037 | } | |
1038 | ||
55e303ae A |
1039 | /* |
1040 | * shmexec() is like shmexit(), only it doesn't delete the mappings, | |
1041 | * since the old address space has already been destroyed and the new | |
1042 | * one instantiated. Instead, it just does the housekeeping work we | |
1043 | * need to do to keep the System V shared memory subsystem sane. | |
1044 | */ | |
1045 | __private_extern__ void | |
91447636 | 1046 | shmexec(struct proc *p) |
55e303ae | 1047 | { |
39037602 | 1048 | shmcleanup(p, 0); |
1c79356b A |
1049 | } |
1050 | ||
39037602 A |
1051 | int |
1052 | shminit(void) | |
1c79356b | 1053 | { |
39037602 | 1054 | size_t sz; |
1c79356b | 1055 | int i; |
1c79356b | 1056 | |
9bccf70c | 1057 | if (!shm_inited) { |
91447636 A |
1058 | /* |
1059 | * we store internally 64 bit, since if we didn't, we would | |
1060 | * be unable to represent a segment size in excess of 32 bits | |
1061 | * with the (struct shmid_ds)->shm_segsz field; also, POSIX | |
1062 | * dictates this filed be a size_t, which is 64 bits when | |
1063 | * running 64 bit binaries. | |
1064 | */ | |
39037602 A |
1065 | if (os_mul_overflow(shminfo.shmmni, sizeof(struct shmid_kernel), &sz)) { |
1066 | return ENOMEM; | |
1067 | } | |
9bccf70c | 1068 | |
e8c3f781 | 1069 | MALLOC(shmsegs, struct shmid_kernel *, sz, M_SHM, M_WAITOK | M_ZERO); |
91447636 | 1070 | if (shmsegs == NULL) { |
39037602 | 1071 | return ENOMEM; |
91447636 | 1072 | } |
9bccf70c | 1073 | for (i = 0; i < shminfo.shmmni; i++) { |
2d21ac55 A |
1074 | shmsegs[i].u.shm_perm.mode = SHMSEG_FREE; |
1075 | shmsegs[i].u.shm_perm._seq = 0; | |
1076 | #if CONFIG_MACF | |
1077 | mac_sysvshm_label_init(&shmsegs[i]); | |
1078 | #endif | |
9bccf70c A |
1079 | } |
1080 | shm_last_free = 0; | |
1081 | shm_nused = 0; | |
1082 | shm_committed = 0; | |
1083 | shm_inited = 1; | |
1084 | } | |
39037602 A |
1085 | |
1086 | return 0; | |
9bccf70c | 1087 | } |
39037602 | 1088 | |
91447636 A |
1089 | /* Initialize the mutex governing access to the SysV shm subsystem */ |
1090 | __private_extern__ void | |
1091 | sysv_shm_lock_init( void ) | |
1092 | { | |
91447636 | 1093 | sysv_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init(); |
0a7de745 | 1094 | |
91447636 | 1095 | sysv_shm_subsys_lck_grp = lck_grp_alloc_init("sysv_shm_subsys_lock", sysv_shm_subsys_lck_grp_attr); |
0a7de745 | 1096 | |
91447636 | 1097 | sysv_shm_subsys_lck_attr = lck_attr_alloc_init(); |
91447636 A |
1098 | lck_mtx_init(&sysv_shm_subsys_mutex, sysv_shm_subsys_lck_grp, sysv_shm_subsys_lck_attr); |
1099 | } | |
9bccf70c A |
1100 | |
1101 | /* (struct sysctl_oid *oidp, void *arg1, int arg2, \ | |
0a7de745 | 1102 | * struct sysctl_req *req) */ |
9bccf70c | 1103 | static int |
91447636 | 1104 | sysctl_shminfo(__unused struct sysctl_oid *oidp, void *arg1, |
0a7de745 | 1105 | __unused int arg2, struct sysctl_req *req) |
9bccf70c A |
1106 | { |
1107 | int error = 0; | |
91447636 | 1108 | int sysctl_shminfo_ret = 0; |
0a7de745 A |
1109 | int64_t saved_shmmax; |
1110 | int64_t saved_shmmin; | |
39037602 A |
1111 | int64_t saved_shmseg; |
1112 | int64_t saved_shmmni; | |
1113 | int64_t saved_shmall; | |
9bccf70c | 1114 | |
0c530ab8 | 1115 | error = SYSCTL_OUT(req, arg1, sizeof(int64_t)); |
0a7de745 A |
1116 | if (error || req->newptr == USER_ADDR_NULL) { |
1117 | return error; | |
1118 | } | |
1c79356b | 1119 | |
91447636 | 1120 | SYSV_SHM_SUBSYS_LOCK(); |
91447636 | 1121 | |
2d21ac55 A |
1122 | /* shmmni can not be changed after SysV SHM has been initialized */ |
1123 | if (shm_inited && arg1 == &shminfo.shmmni) { | |
1124 | sysctl_shminfo_ret = EPERM; | |
1125 | goto sysctl_shminfo_out; | |
1126 | } | |
0a7de745 A |
1127 | saved_shmmax = shminfo.shmmax; |
1128 | saved_shmmin = shminfo.shmmin; | |
1129 | saved_shmseg = shminfo.shmseg; | |
1130 | saved_shmmni = shminfo.shmmni; | |
1131 | saved_shmall = shminfo.shmall; | |
9bccf70c | 1132 | |
2d21ac55 A |
1133 | if ((error = SYSCTL_IN(req, arg1, sizeof(int64_t))) != 0) { |
1134 | sysctl_shminfo_ret = error; | |
1135 | goto sysctl_shminfo_out; | |
1136 | } | |
1137 | ||
1138 | if (arg1 == &shminfo.shmmax) { | |
1139 | /* shmmax needs to be page-aligned */ | |
39037602 | 1140 | if (shminfo.shmmax & PAGE_MASK_64 || shminfo.shmmax < 0) { |
2d21ac55 A |
1141 | shminfo.shmmax = saved_shmmax; |
1142 | sysctl_shminfo_ret = EINVAL; | |
1143 | goto sysctl_shminfo_out; | |
9bccf70c | 1144 | } |
0a7de745 | 1145 | } else if (arg1 == &shminfo.shmmin) { |
39037602 A |
1146 | if (shminfo.shmmin < 0) { |
1147 | shminfo.shmmin = saved_shmmin; | |
1148 | sysctl_shminfo_ret = EINVAL; | |
1149 | goto sysctl_shminfo_out; | |
1150 | } | |
0a7de745 A |
1151 | } else if (arg1 == &shminfo.shmseg) { |
1152 | /* add a sanity check - 20847256 */ | |
1153 | if (shminfo.shmseg > INT32_MAX || shminfo.shmseg < 0) { | |
1154 | shminfo.shmseg = saved_shmseg; | |
1155 | sysctl_shminfo_ret = EINVAL; | |
1156 | goto sysctl_shminfo_out; | |
1157 | } | |
1158 | } else if (arg1 == &shminfo.shmmni) { | |
1159 | /* add a sanity check - 20847256 */ | |
1160 | if (shminfo.shmmni > INT32_MAX || shminfo.shmmni < 0) { | |
1161 | shminfo.shmmni = saved_shmmni; | |
1162 | sysctl_shminfo_ret = EINVAL; | |
1163 | goto sysctl_shminfo_out; | |
1164 | } | |
1165 | } else if (arg1 == &shminfo.shmall) { | |
1166 | /* add a sanity check - 20847256 */ | |
1167 | if (shminfo.shmall > INT32_MAX || shminfo.shmall < 0) { | |
1168 | shminfo.shmall = saved_shmall; | |
1169 | sysctl_shminfo_ret = EINVAL; | |
1170 | goto sysctl_shminfo_out; | |
1171 | } | |
39037602 | 1172 | } |
91447636 A |
1173 | sysctl_shminfo_ret = 0; |
1174 | sysctl_shminfo_out: | |
1175 | SYSV_SHM_SUBSYS_UNLOCK(); | |
1176 | return sysctl_shminfo_ret; | |
1177 | } | |
1178 | ||
1179 | static int | |
1180 | IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, | |
0a7de745 | 1181 | __unused int arg2, struct sysctl_req *req) |
91447636 A |
1182 | { |
1183 | int error; | |
1184 | int cursor; | |
1185 | union { | |
b0d623f7 | 1186 | struct user32_IPCS_command u32; |
91447636 A |
1187 | struct user_IPCS_command u64; |
1188 | } ipcs; | |
0a7de745 A |
1189 | struct user32_shmid_ds shmid_ds32 = {}; /* post conversion, 32 bit version */ |
1190 | struct user_shmid_ds shmid_ds; /* 64 bit version */ | |
91447636 A |
1191 | void *shmid_dsp; |
1192 | size_t ipcs_sz = sizeof(struct user_IPCS_command); | |
1193 | size_t shmid_ds_sz = sizeof(struct user_shmid_ds); | |
1194 | struct proc *p = current_proc(); | |
1195 | ||
91447636 A |
1196 | SYSV_SHM_SUBSYS_LOCK(); |
1197 | ||
39037602 A |
1198 | if ((error = shminit())) { |
1199 | goto ipcs_shm_sysctl_out; | |
91447636 A |
1200 | } |
1201 | ||
1202 | if (!IS_64BIT_PROCESS(p)) { | |
b0d623f7 A |
1203 | ipcs_sz = sizeof(struct user32_IPCS_command); |
1204 | shmid_ds_sz = sizeof(struct user32_shmid_ds); | |
91447636 A |
1205 | } |
1206 | ||
1207 | /* Copy in the command structure */ | |
1208 | if ((error = SYSCTL_IN(req, &ipcs, ipcs_sz)) != 0) { | |
1209 | goto ipcs_shm_sysctl_out; | |
1210 | } | |
1211 | ||
0a7de745 | 1212 | if (!IS_64BIT_PROCESS(p)) { /* convert in place */ |
91447636 | 1213 | ipcs.u64.ipcs_data = CAST_USER_ADDR_T(ipcs.u32.ipcs_data); |
0a7de745 | 1214 | } |
91447636 A |
1215 | |
1216 | /* Let us version this interface... */ | |
1217 | if (ipcs.u64.ipcs_magic != IPCS_MAGIC) { | |
1218 | error = EINVAL; | |
1219 | goto ipcs_shm_sysctl_out; | |
1220 | } | |
1221 | ||
0a7de745 A |
1222 | switch (ipcs.u64.ipcs_op) { |
1223 | case IPCS_SHM_CONF: /* Obtain global configuration data */ | |
91447636 A |
1224 | if (ipcs.u64.ipcs_datalen != sizeof(struct shminfo)) { |
1225 | if (ipcs.u64.ipcs_cursor != 0) { /* fwd. compat. */ | |
1226 | error = ENOMEM; | |
1227 | break; | |
1228 | } | |
1229 | error = ERANGE; | |
1230 | break; | |
1231 | } | |
1232 | error = copyout(&shminfo, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen); | |
1233 | break; | |
1234 | ||
0a7de745 | 1235 | case IPCS_SHM_ITER: /* Iterate over existing segments */ |
91447636 A |
1236 | cursor = ipcs.u64.ipcs_cursor; |
1237 | if (cursor < 0 || cursor >= shminfo.shmmni) { | |
1238 | error = ERANGE; | |
1239 | break; | |
1240 | } | |
1241 | if (ipcs.u64.ipcs_datalen != (int)shmid_ds_sz) { | |
2d21ac55 | 1242 | error = EINVAL; |
91447636 A |
1243 | break; |
1244 | } | |
0a7de745 A |
1245 | for (; cursor < shminfo.shmmni; cursor++) { |
1246 | if (shmsegs[cursor].u.shm_perm.mode & SHMSEG_ALLOCATED) { | |
91447636 | 1247 | break; |
0a7de745 | 1248 | } |
91447636 A |
1249 | continue; |
1250 | } | |
1251 | if (cursor == shminfo.shmmni) { | |
1252 | error = ENOENT; | |
1253 | break; | |
1254 | } | |
1255 | ||
0a7de745 | 1256 | shmid_dsp = &shmsegs[cursor]; /* default: 64 bit */ |
91447636 A |
1257 | |
1258 | /* | |
1259 | * If necessary, convert the 64 bit kernel segment | |
1260 | * descriptor to a 32 bit user one. | |
1261 | */ | |
1262 | if (!IS_64BIT_PROCESS(p)) { | |
1263 | shmid_ds_64to32(shmid_dsp, &shmid_ds32); | |
0a7de745 | 1264 | |
22ba694c A |
1265 | /* Clear kernel reserved pointer before copying to user space */ |
1266 | shmid_ds32.shm_internal = (user32_addr_t)0; | |
0a7de745 | 1267 | |
91447636 | 1268 | shmid_dsp = &shmid_ds32; |
22ba694c A |
1269 | } else { |
1270 | memcpy(&shmid_ds, shmid_dsp, sizeof(shmid_ds)); | |
1271 | ||
1272 | /* Clear kernel reserved pointer before copying to user space */ | |
1273 | shmid_ds.shm_internal = USER_ADDR_NULL; | |
0a7de745 | 1274 | |
22ba694c | 1275 | shmid_dsp = &shmid_ds; |
91447636 A |
1276 | } |
1277 | error = copyout(shmid_dsp, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen); | |
1278 | if (!error) { | |
1279 | /* update cursor */ | |
1280 | ipcs.u64.ipcs_cursor = cursor + 1; | |
1281 | ||
0a7de745 A |
1282 | if (!IS_64BIT_PROCESS(p)) { /* convert in place */ |
1283 | ipcs.u32.ipcs_data = CAST_DOWN_EXPLICIT(user32_addr_t, ipcs.u64.ipcs_data); | |
1284 | } | |
b0d623f7 | 1285 | |
0a7de745 | 1286 | error = SYSCTL_OUT(req, &ipcs, ipcs_sz); |
91447636 A |
1287 | } |
1288 | break; | |
1289 | ||
1290 | default: | |
1291 | error = EINVAL; | |
1292 | break; | |
1293 | } | |
1294 | ipcs_shm_sysctl_out: | |
1295 | SYSV_SHM_SUBSYS_UNLOCK(); | |
0a7de745 | 1296 | return error; |
1c79356b | 1297 | } |
9bccf70c | 1298 | |
6d2010ae | 1299 | SYSCTL_NODE(_kern, KERN_SYSV, sysv, CTLFLAG_RW | CTLFLAG_LOCKED | CTLFLAG_ANYBODY, 0, "SYSV"); |
9bccf70c | 1300 | |
6d2010ae | 1301 | SYSCTL_PROC(_kern_sysv, OID_AUTO, shmmax, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, |
0a7de745 | 1302 | &shminfo.shmmax, 0, &sysctl_shminfo, "Q", "shmmax"); |
9bccf70c | 1303 | |
6d2010ae | 1304 | SYSCTL_PROC(_kern_sysv, OID_AUTO, shmmin, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, |
0a7de745 | 1305 | &shminfo.shmmin, 0, &sysctl_shminfo, "Q", "shmmin"); |
9bccf70c | 1306 | |
6d2010ae | 1307 | SYSCTL_PROC(_kern_sysv, OID_AUTO, shmmni, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, |
0a7de745 | 1308 | &shminfo.shmmni, 0, &sysctl_shminfo, "Q", "shmmni"); |
9bccf70c | 1309 | |
6d2010ae | 1310 | SYSCTL_PROC(_kern_sysv, OID_AUTO, shmseg, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, |
0a7de745 | 1311 | &shminfo.shmseg, 0, &sysctl_shminfo, "Q", "shmseg"); |
9bccf70c | 1312 | |
6d2010ae | 1313 | SYSCTL_PROC(_kern_sysv, OID_AUTO, shmall, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, |
0a7de745 | 1314 | &shminfo.shmall, 0, &sysctl_shminfo, "Q", "shmall"); |
9bccf70c | 1315 | |
6d2010ae | 1316 | SYSCTL_NODE(_kern_sysv, OID_AUTO, ipcs, CTLFLAG_RW | CTLFLAG_LOCKED | CTLFLAG_ANYBODY, 0, "SYSVIPCS"); |
9bccf70c | 1317 | |
6d2010ae | 1318 | SYSCTL_PROC(_kern_sysv_ipcs, OID_AUTO, shm, CTLFLAG_RW | CTLFLAG_ANYBODY | CTLFLAG_LOCKED, |
0a7de745 A |
1319 | 0, 0, IPCS_shm_sysctl, |
1320 | "S,IPCS_shm_command", | |
1321 | "ipcs shm command interface"); | |
2d21ac55 A |
1322 | #endif /* SYSV_SHM */ |
1323 | ||
1324 | /* DSEP Review Done pl-20051108-v02 @2743,@2908,@2913,@3009 */ |