]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/posix_shm.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-792.6.22.tar.gz
[apple/xnu.git] / bsd / kern / posix_shm.c
1 /*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
11 *
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
18 * under the License.
19 *
20 * @APPLE_LICENSE_HEADER_END@
21 */
22 /*
23 * Copyright (c) 1990, 1996-1998 Apple Computer, Inc.
24 * All Rights Reserved.
25 */
26 /*
27 * posix_shm.c : Support for POSIX shared memory APIs
28 *
29 * File: posix_shm.c
30 * Author: Ananthakrishna Ramesh
31 *
32 * HISTORY
33 * 2-Sep-1999 A.Ramesh
34 * Created for MacOSX
35 *
36 */
37
38 #include <sys/cdefs.h>
39 #include <sys/param.h>
40 #include <sys/systm.h>
41 #include <sys/kernel.h>
42 #include <sys/file_internal.h>
43 #include <sys/filedesc.h>
44 #include <sys/stat.h>
45 #include <sys/proc_internal.h>
46 #include <sys/kauth.h>
47 #include <sys/mount.h>
48 #include <sys/namei.h>
49 #include <sys/vnode.h>
50 #include <sys/ioctl.h>
51 #include <sys/tty.h>
52 #include <sys/malloc.h>
53 #include <sys/mman.h>
54 #include <sys/stat.h>
55 #include <sys/sysproto.h>
56
57 #include <bsm/audit_kernel.h>
58
59 #include <mach/mach_types.h>
60 #include <mach/mach_vm.h>
61 #include <mach/vm_map.h>
62 #include <mach/vm_prot.h>
63 #include <mach/vm_inherit.h>
64 #include <mach/kern_return.h>
65 #include <mach/memory_object_control.h>
66
67 #include <vm/vm_map.h>
68 #include <vm/vm_protos.h>
69 #include <vm/vm_shared_memory_server.h>
70
71 #if KTRACE
72 #include <sys/ktrace.h>
73 #endif
74
75 #define f_flag f_fglob->fg_flag
76 #define f_type f_fglob->fg_type
77 #define f_msgcount f_fglob->fg_msgcount
78 #define f_cred f_fglob->fg_cred
79 #define f_ops f_fglob->fg_ops
80 #define f_offset f_fglob->fg_offset
81 #define f_data f_fglob->fg_data
82 #define PSHMNAMLEN 31 /* maximum name segment length we bother with */
83
84 struct pshminfo {
85 unsigned int pshm_flags;
86 unsigned int pshm_usecount;
87 off_t pshm_length;
88 mode_t pshm_mode;
89 uid_t pshm_uid;
90 gid_t pshm_gid;
91 char pshm_name[PSHMNAMLEN + 1]; /* segment name */
92 void * pshm_memobject;
93 #if DIAGNOSTIC
94 unsigned int pshm_readcount;
95 unsigned int pshm_writecount;
96 struct proc * pshm_proc;
97 #endif /* DIAGNOSTIC */
98 };
99 #define PSHMINFO_NULL (struct pshminfo *)0
100
101 #define PSHM_NONE 1
102 #define PSHM_DEFINED 2
103 #define PSHM_ALLOCATED 4
104 #define PSHM_MAPPED 8
105 #define PSHM_INUSE 0x10
106 #define PSHM_REMOVED 0x20
107 #define PSHM_INCREATE 0x40
108 #define PSHM_INDELETE 0x80
109
110 struct pshmcache {
111 LIST_ENTRY(pshmcache) pshm_hash; /* hash chain */
112 struct pshminfo *pshminfo; /* vnode the name refers to */
113 int pshm_nlen; /* length of name */
114 char pshm_name[PSHMNAMLEN + 1]; /* segment name */
115 };
116 #define PSHMCACHE_NULL (struct pshmcache *)0
117
118 struct pshmstats {
119 long goodhits; /* hits that we can really use */
120 long neghits; /* negative hits that we can use */
121 long badhits; /* hits we must drop */
122 long falsehits; /* hits with id mismatch */
123 long miss; /* misses */
124 long longnames; /* long names that ignore cache */
125 };
126
127 struct pshmname {
128 char *pshm_nameptr; /* pointer to looked up name */
129 long pshm_namelen; /* length of looked up component */
130 u_long pshm_hash; /* hash value of looked up name */
131 };
132
133 struct pshmnode {
134 off_t mapp_addr;
135 user_size_t map_size;
136 struct pshminfo *pinfo;
137 unsigned int pshm_usecount;
138 #if DIAGNOSTIC
139 unsigned int readcnt;
140 unsigned int writecnt;
141 #endif
142 };
143 #define PSHMNODE_NULL (struct pshmnode *)0
144
145
146 #define PSHMHASH(pnp) \
147 (&pshmhashtbl[(pnp)->pshm_hash & pshmhash])
148
149 LIST_HEAD(pshmhashhead, pshmcache) *pshmhashtbl; /* Hash Table */
150 u_long pshmhash; /* size of hash table - 1 */
151 long pshmnument; /* number of cache entries allocated */
152 struct pshmstats pshmstats; /* cache effectiveness statistics */
153
154 static int pshm_read (struct fileproc *fp, struct uio *uio,
155 kauth_cred_t cred, int flags, struct proc *p);
156 static int pshm_write (struct fileproc *fp, struct uio *uio,
157 kauth_cred_t cred, int flags, struct proc *p);
158 static int pshm_ioctl (struct fileproc *fp, u_long com,
159 caddr_t data, struct proc *p);
160 static int pshm_select (struct fileproc *fp, int which, void *wql, struct proc *p);
161 static int pshm_close(struct pshmnode *pnode);
162 static int pshm_closefile (struct fileglob *fg, struct proc *p);
163
164 static int pshm_kqfilter(struct fileproc *fp, struct knote *kn, struct proc *p);
165
166 int pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, struct proc *p);
167 static int pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *pcp);
168 static void pshm_cache_delete(struct pshmcache *pcp);
169 #if NOT_USED
170 static void pshm_cache_purge(void);
171 #endif /* NOT_USED */
172 static int pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp,
173 struct pshmcache **pcache);
174
175 struct fileops pshmops =
176 { pshm_read, pshm_write, pshm_ioctl, pshm_select, pshm_closefile, pshm_kqfilter, 0 };
177
178 static lck_grp_t *psx_shm_subsys_lck_grp;
179 static lck_grp_attr_t *psx_shm_subsys_lck_grp_attr;
180 static lck_attr_t *psx_shm_subsys_lck_attr;
181 static lck_mtx_t psx_shm_subsys_mutex;
182
183 #define PSHM_SUBSYS_LOCK() lck_mtx_lock(& psx_shm_subsys_mutex)
184 #define PSHM_SUBSYS_UNLOCK() lck_mtx_unlock(& psx_shm_subsys_mutex)
185
186
187 /* Initialize the mutex governing access to the posix shm subsystem */
188 __private_extern__ void
189 pshm_lock_init( void )
190 {
191
192 psx_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init();
193 lck_grp_attr_setstat(psx_shm_subsys_lck_grp_attr);
194
195 psx_shm_subsys_lck_grp = lck_grp_alloc_init("posix shared memory", psx_shm_subsys_lck_grp_attr);
196
197 psx_shm_subsys_lck_attr = lck_attr_alloc_init();
198 /* lck_attr_setdebug(psx_shm_subsys_lck_attr); */
199 lck_mtx_init(& psx_shm_subsys_mutex, psx_shm_subsys_lck_grp, psx_shm_subsys_lck_attr);
200 }
201
202 /*
203 * Lookup an entry in the cache
204 *
205 *
206 * status of -1 is returned if matches
207 * If the lookup determines that the name does not exist
208 * (negative cacheing), a status of ENOENT is returned. If the lookup
209 * fails, a status of zero is returned.
210 */
211
212 static int
213 pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp,
214 struct pshmcache **pcache)
215 {
216 struct pshmcache *pcp, *nnp;
217 struct pshmhashhead *pcpp;
218
219 if (pnp->pshm_namelen > PSHMNAMLEN) {
220 pshmstats.longnames++;
221 return (0);
222 }
223
224 pcpp = PSHMHASH(pnp);
225 for (pcp = pcpp->lh_first; pcp != 0; pcp = nnp) {
226 nnp = pcp->pshm_hash.le_next;
227 if (pcp->pshm_nlen == pnp->pshm_namelen &&
228 !bcmp(pcp->pshm_name, pnp->pshm_nameptr, (u_int)pcp-> pshm_nlen))
229 break;
230 }
231
232 if (pcp == 0) {
233 pshmstats.miss++;
234 return (0);
235 }
236
237 /* We found a "positive" match, return the vnode */
238 if (pcp->pshminfo) {
239 pshmstats.goodhits++;
240 /* TOUCH(ncp); */
241 *pshmp = pcp->pshminfo;
242 *pcache = pcp;
243 return (-1);
244 }
245
246 /*
247 * We found a "negative" match, ENOENT notifies client of this match.
248 * The nc_vpid field records whether this is a whiteout.
249 */
250 pshmstats.neghits++;
251 return (ENOENT);
252 }
253
254 /*
255 * Add an entry to the cache.
256 * XXX should be static?
257 */
258 static int
259 pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *pcp)
260 {
261 struct pshmhashhead *pcpp;
262 struct pshminfo *dpinfo;
263 struct pshmcache *dpcp;
264
265 #if DIAGNOSTIC
266 if (pnp->pshm_namelen > NCHNAMLEN)
267 panic("cache_enter: name too long");
268 #endif
269
270
271 /* if the entry has already been added by some one else return */
272 if (pshm_cache_search(&dpinfo, pnp, &dpcp) == -1) {
273 return(EEXIST);
274 }
275 pshmnument++;
276
277 /*
278 * Fill in cache info, if vp is NULL this is a "negative" cache entry.
279 * For negative entries, we have to record whether it is a whiteout.
280 * the whiteout flag is stored in the nc_vpid field which is
281 * otherwise unused.
282 */
283 pcp->pshminfo = pshmp;
284 pcp->pshm_nlen = pnp->pshm_namelen;
285 bcopy(pnp->pshm_nameptr, pcp->pshm_name, (unsigned)pcp->pshm_nlen);
286 pcpp = PSHMHASH(pnp);
287 #if DIAGNOSTIC
288 {
289 struct pshmcache *p;
290
291 for (p = pcpp->lh_first; p != 0; p = p->pshm_hash.le_next)
292 if (p == pcp)
293 panic("cache_enter: duplicate");
294 }
295 #endif
296 LIST_INSERT_HEAD(pcpp, pcp, pshm_hash);
297 return(0);
298 }
299
300 /*
301 * Name cache initialization, from vfs_init() when we are booting
302 */
303 void
304 pshm_cache_init(void)
305 {
306 pshmhashtbl = hashinit(desiredvnodes, M_SHM, &pshmhash);
307 }
308
309 #if NOT_USED
310 /*
311 * Invalidate a all entries to particular vnode.
312 *
313 * We actually just increment the v_id, that will do it. The entries will
314 * be purged by lookup as they get found. If the v_id wraps around, we
315 * need to ditch the entire cache, to avoid confusion. No valid vnode will
316 * ever have (v_id == 0).
317 */
318 static void
319 pshm_cache_purge(void)
320 {
321 struct pshmcache *pcp;
322 struct pshmhashhead *pcpp;
323
324 for (pcpp = &pshmhashtbl[pshmhash]; pcpp >= pshmhashtbl; pcpp--) {
325 while ( (pcp = pcpp->lh_first) )
326 pshm_cache_delete(pcp);
327 }
328 }
329 #endif /* NOT_USED */
330
331 static void
332 pshm_cache_delete(struct pshmcache *pcp)
333 {
334 #if DIAGNOSTIC
335 if (pcp->pshm_hash.le_prev == 0)
336 panic("namecache purge le_prev");
337 if (pcp->pshm_hash.le_next == pcp)
338 panic("namecache purge le_next");
339 #endif /* DIAGNOSTIC */
340 LIST_REMOVE(pcp, pshm_hash);
341 pcp->pshm_hash.le_prev = 0;
342 pshmnument--;
343 }
344
345
346 int
347 shm_open(struct proc *p, struct shm_open_args *uap, register_t *retval)
348 {
349 struct fileproc *fp;
350 size_t i;
351 struct fileproc *nfp;
352 int indx, error;
353 struct pshmname nd;
354 struct pshminfo *pinfo;
355 char * pnbuf;
356 char * nameptr;
357 char * cp;
358 size_t pathlen, plen;
359 int fmode ;
360 int cmode = uap->mode;
361 int incache = 0;
362 struct pshmnode * pnode = PSHMNODE_NULL;
363 struct pshmcache * pcache = PSHMCACHE_NULL;
364 struct pshmcache *pcp;
365 int pinfo_alloc=0;
366
367 AUDIT_ARG(fflags, uap->oflag);
368 AUDIT_ARG(mode, uap->mode);
369
370 pinfo = PSHMINFO_NULL;
371
372 MALLOC_ZONE(pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
373 if (pnbuf == NULL) {
374 return(ENOSPC);
375 }
376
377 pathlen = MAXPATHLEN;
378 error = copyinstr(uap->name, (void *)pnbuf, MAXPATHLEN, &pathlen);
379 if (error) {
380 goto bad;
381 }
382 AUDIT_ARG(text, pnbuf);
383 if (pathlen > PSHMNAMLEN) {
384 error = ENAMETOOLONG;
385 goto bad;
386 }
387
388
389 #ifdef PSXSHM_NAME_RESTRICT
390 nameptr = pnbuf;
391 if (*nameptr == '/') {
392 while (*(nameptr++) == '/') {
393 plen--;
394 error = EINVAL;
395 goto bad;
396 }
397 } else {
398 error = EINVAL;
399 goto bad;
400 }
401 #endif /* PSXSHM_NAME_RESTRICT */
402
403 plen = pathlen;
404 nameptr = pnbuf;
405 nd.pshm_nameptr = nameptr;
406 nd.pshm_namelen = plen;
407 nd. pshm_hash =0;
408
409 for (cp = nameptr, i=1; *cp != 0 && i <= plen; i++, cp++) {
410 nd.pshm_hash += (unsigned char)*cp * i;
411 }
412
413 #if KTRACE
414 if (KTRPOINT(p, KTR_NAMEI))
415 ktrnamei(p->p_tracep, nameptr);
416 #endif
417
418 PSHM_SUBSYS_LOCK();
419 error = pshm_cache_search(&pinfo, &nd, &pcache);
420
421 if (error == ENOENT) {
422 PSHM_SUBSYS_UNLOCK();
423 error = EINVAL;
424 goto bad;
425
426 }
427 if (!error) {
428 incache = 0;
429 } else
430 incache = 1;
431 fmode = FFLAGS(uap->oflag);
432 if ((fmode & (FREAD | FWRITE))==0) {
433 PSHM_SUBSYS_UNLOCK();
434 error = EINVAL;
435 goto bad;
436 }
437
438 /*
439 * XXXXXXXXXX TBD XXXXXXXXXX
440 * There is a race that existed with the funnels as well.
441 * Need to be fixed later
442 */
443 PSHM_SUBSYS_UNLOCK();
444 error = falloc(p, &nfp, &indx);
445 if (error )
446 goto bad;
447 PSHM_SUBSYS_LOCK();
448
449 fp = nfp;
450
451 cmode &= ALLPERMS;
452
453 if (fmode & O_CREAT) {
454 if ((fmode & O_EXCL) && incache) {
455 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid,
456 pinfo->pshm_gid, pinfo->pshm_mode);
457
458 /* shm obj exists and opened O_EXCL */
459 #if notyet
460 if (pinfo->pshm_flags & PSHM_INDELETE) {
461 }
462 #endif
463 error = EEXIST;
464 PSHM_SUBSYS_UNLOCK();
465 goto bad1;
466 }
467 if (!incache) {
468 PSHM_SUBSYS_UNLOCK();
469 /* create a new one */
470 MALLOC(pinfo, struct pshminfo *, sizeof(struct pshminfo), M_SHM, M_WAITOK|M_ZERO);
471 if (pinfo == NULL) {
472 error = ENOSPC;
473 goto bad1;
474 }
475 PSHM_SUBSYS_LOCK();
476 pinfo_alloc = 1;
477 pinfo->pshm_flags = PSHM_DEFINED | PSHM_INCREATE;
478 pinfo->pshm_usecount = 1; /* existence reference */
479 pinfo->pshm_mode = cmode;
480 pinfo->pshm_uid = kauth_cred_getuid(kauth_cred_get());
481 pinfo->pshm_gid = kauth_cred_get()->cr_gid;
482 } else {
483 /* already exists */
484 if( pinfo->pshm_flags & PSHM_INDELETE) {
485 PSHM_SUBSYS_UNLOCK();
486 error = ENOENT;
487 goto bad1;
488 }
489 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid,
490 pinfo->pshm_gid, pinfo->pshm_mode);
491 if ( (error = pshm_access(pinfo, fmode, kauth_cred_get(), p)) ) {
492 PSHM_SUBSYS_UNLOCK();
493 goto bad1;
494 }
495 }
496 } else {
497 if (!incache) {
498 /* O_CREAT is not set and the shm obecj does not exist */
499 PSHM_SUBSYS_UNLOCK();
500 error = ENOENT;
501 goto bad1;
502 }
503 if( pinfo->pshm_flags & PSHM_INDELETE) {
504 PSHM_SUBSYS_UNLOCK();
505 error = ENOENT;
506 goto bad1;
507 }
508 if ( (error = pshm_access(pinfo, fmode, kauth_cred_get(), p)) ) {
509 PSHM_SUBSYS_UNLOCK();
510 goto bad1;
511 }
512 }
513 if (fmode & O_TRUNC) {
514 PSHM_SUBSYS_UNLOCK();
515 error = EINVAL;
516 goto bad2;
517 }
518 #if DIAGNOSTIC
519 if (fmode & FWRITE)
520 pinfo->pshm_writecount++;
521 if (fmode & FREAD)
522 pinfo->pshm_readcount++;
523 #endif
524 PSHM_SUBSYS_UNLOCK();
525 MALLOC(pnode, struct pshmnode *, sizeof(struct pshmnode), M_SHM, M_WAITOK|M_ZERO);
526 if (pnode == NULL) {
527 error = ENOSPC;
528 goto bad2;
529 }
530 if (!incache) {
531 /*
532 * We allocate a new entry if we are less than the maximum
533 * allowed and the one at the front of the LRU list is in use.
534 * Otherwise we use the one at the front of the LRU list.
535 */
536 MALLOC(pcp, struct pshmcache *, sizeof(struct pshmcache), M_SHM, M_WAITOK|M_ZERO);
537 if (pcp == NULL) {
538 error = ENOSPC;
539 goto bad2;
540 }
541
542 }
543 PSHM_SUBSYS_LOCK();
544
545 if (!incache) {
546 if ( (error = pshm_cache_add(pinfo, &nd, pcp)) ) {
547 PSHM_SUBSYS_UNLOCK();
548 FREE(pcp, M_SHM);
549 goto bad3;
550 }
551 }
552 pinfo->pshm_flags &= ~PSHM_INCREATE;
553 pinfo->pshm_usecount++; /* extra reference for the new fd */
554 pnode->pinfo = pinfo;
555
556 PSHM_SUBSYS_UNLOCK();
557 proc_fdlock(p);
558 fp->f_flag = fmode & FMASK;
559 fp->f_type = DTYPE_PSXSHM;
560 fp->f_ops = &pshmops;
561 fp->f_data = (caddr_t)pnode;
562 *fdflags(p, indx) &= ~UF_RESERVED;
563 fp_drop(p, indx, fp, 1);
564 proc_fdunlock(p);
565
566 *retval = indx;
567 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI);
568 return (0);
569 bad3:
570 FREE(pnode, M_SHM);
571
572 bad2:
573 if (pinfo_alloc)
574 FREE(pinfo, M_SHM);
575 bad1:
576 fp_free(p, indx, fp);
577 bad:
578 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI);
579 return (error);
580 }
581
582
583 int
584 pshm_truncate(__unused struct proc *p, struct fileproc *fp, __unused int fd,
585 off_t length, __unused register_t *retval)
586 {
587 struct pshminfo * pinfo;
588 struct pshmnode * pnode ;
589 kern_return_t kret;
590 vm_offset_t user_addr;
591 mem_entry_name_port_t mem_object;
592 vm_size_t size;
593
594 if (fp->f_type != DTYPE_PSXSHM) {
595 return(EINVAL);
596 }
597
598
599 if (((pnode = (struct pshmnode *)fp->f_data)) == PSHMNODE_NULL )
600 return(EINVAL);
601
602 PSHM_SUBSYS_LOCK();
603 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL) {
604 PSHM_SUBSYS_UNLOCK();
605 return(EINVAL);
606 }
607 if ((pinfo->pshm_flags & (PSHM_DEFINED | PSHM_ALLOCATED))
608 != PSHM_DEFINED) {
609 PSHM_SUBSYS_UNLOCK();
610 return(EINVAL);
611 }
612
613 PSHM_SUBSYS_UNLOCK();
614 size = round_page_64(length);
615 kret = vm_allocate(current_map(), &user_addr, size, VM_FLAGS_ANYWHERE);
616 if (kret != KERN_SUCCESS)
617 goto out;
618
619 kret = mach_make_memory_entry (current_map(), &size,
620 user_addr, VM_PROT_DEFAULT, &mem_object, 0);
621
622 if (kret != KERN_SUCCESS)
623 goto out;
624
625 vm_deallocate(current_map(), user_addr, size);
626
627 PSHM_SUBSYS_LOCK();
628 pinfo->pshm_flags &= ~PSHM_DEFINED;
629 pinfo->pshm_flags = PSHM_ALLOCATED;
630 pinfo->pshm_memobject = (void *)mem_object;
631 pinfo->pshm_length = size;
632 PSHM_SUBSYS_UNLOCK();
633 return(0);
634
635 out:
636 switch (kret) {
637 case KERN_INVALID_ADDRESS:
638 case KERN_NO_SPACE:
639 return (ENOMEM);
640 case KERN_PROTECTION_FAILURE:
641 return (EACCES);
642 default:
643 return (EINVAL);
644
645 }
646 }
647
648 int
649 pshm_stat(struct pshmnode *pnode, struct stat *sb)
650 {
651 struct pshminfo *pinfo;
652
653 PSHM_SUBSYS_LOCK();
654 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL){
655 PSHM_SUBSYS_UNLOCK();
656 return(EINVAL);
657 }
658
659 bzero(sb, sizeof(struct stat));
660 sb->st_mode = pinfo->pshm_mode;
661 sb->st_uid = pinfo->pshm_uid;
662 sb->st_gid = pinfo->pshm_gid;
663 sb->st_size = pinfo->pshm_length;
664 PSHM_SUBSYS_UNLOCK();
665
666 return(0);
667 }
668
669 /*
670 * This is called only from shm_open which holds pshm_lock();
671 * XXX This code is repeated many times
672 */
673 int
674 pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, __unused struct proc *p)
675 {
676 mode_t mask;
677 int is_member;
678
679 /* Otherwise, user id 0 always gets access. */
680 if (!suser(cred, NULL))
681 return (0);
682
683 mask = 0;
684
685 /* Otherwise, check the owner. */
686 if (kauth_cred_getuid(cred) == pinfo->pshm_uid) {
687 if (mode & FREAD)
688 mask |= S_IRUSR;
689 if (mode & FWRITE)
690 mask |= S_IWUSR;
691 return ((pinfo->pshm_mode & mask) == mask ? 0 : EACCES);
692 }
693
694 /* Otherwise, check the groups. */
695 if (kauth_cred_ismember_gid(cred, pinfo->pshm_gid, &is_member) == 0 && is_member) {
696 if (mode & FREAD)
697 mask |= S_IRGRP;
698 if (mode & FWRITE)
699 mask |= S_IWGRP;
700 return ((pinfo->pshm_mode & mask) == mask ? 0 : EACCES);
701 }
702
703 /* Otherwise, check everyone else. */
704 if (mode & FREAD)
705 mask |= S_IROTH;
706 if (mode & FWRITE)
707 mask |= S_IWOTH;
708 return ((pinfo->pshm_mode & mask) == mask ? 0 : EACCES);
709 }
710
711 int
712 pshm_mmap(struct proc *p, struct mmap_args *uap, user_addr_t *retval, struct fileproc *fp, off_t pageoff)
713 {
714 mach_vm_offset_t user_addr = (mach_vm_offset_t)uap->addr;
715 mach_vm_size_t user_size = (mach_vm_size_t)uap->len ;
716 int prot = uap->prot;
717 int flags = uap->flags;
718 vm_object_offset_t file_pos = (vm_object_offset_t)uap->pos;
719 int fd = uap->fd;
720 vm_map_t user_map;
721 int alloc_flags;
722 boolean_t docow;
723 kern_return_t kret;
724 struct pshminfo * pinfo;
725 struct pshmnode * pnode;
726 void * mem_object;
727
728 if (user_size == 0)
729 return(0);
730
731 if ((flags & MAP_SHARED) == 0)
732 return(EINVAL);
733
734
735 if ((prot & PROT_WRITE) && ((fp->f_flag & FWRITE) == 0)) {
736 return(EPERM);
737 }
738
739 if (((pnode = (struct pshmnode *)fp->f_data)) == PSHMNODE_NULL )
740 return(EINVAL);
741
742 PSHM_SUBSYS_LOCK();
743 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL) {
744 PSHM_SUBSYS_UNLOCK();
745 return(EINVAL);
746 }
747
748 if ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED) {
749 PSHM_SUBSYS_UNLOCK();
750 return(EINVAL);
751 }
752 if ((off_t)user_size > pinfo->pshm_length) {
753 PSHM_SUBSYS_UNLOCK();
754 return(EINVAL);
755 }
756 if ((off_t)(user_size + file_pos) > pinfo->pshm_length) {
757 PSHM_SUBSYS_UNLOCK();
758 return(EINVAL);
759 }
760 if ((mem_object = pinfo->pshm_memobject) == NULL) {
761 PSHM_SUBSYS_UNLOCK();
762 return(EINVAL);
763 }
764
765
766 PSHM_SUBSYS_UNLOCK();
767 user_map = current_map();
768
769 if ((flags & MAP_FIXED) == 0) {
770 alloc_flags = VM_FLAGS_ANYWHERE;
771 user_addr = mach_vm_round_page(user_addr);
772 } else {
773 if (user_addr != mach_vm_trunc_page(user_addr))
774 return (EINVAL);
775 /*
776 * We do not get rid of the existing mappings here because
777 * it wouldn't be atomic (see comment in mmap()). We let
778 * Mach VM know that we want it to replace any existing
779 * mapping with the new one.
780 */
781 alloc_flags = VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE;
782 }
783 docow = FALSE;
784
785 kret = mach_vm_map(user_map, &user_addr, user_size,
786 0, alloc_flags, pinfo->pshm_memobject, file_pos, docow,
787 prot, VM_PROT_DEFAULT,
788 VM_INHERIT_SHARE);
789 if (kret != KERN_SUCCESS)
790 goto out;
791 /* LP64todo - this should be superfluous at this point */
792 kret = mach_vm_inherit(user_map, user_addr, user_size,
793 VM_INHERIT_SHARE);
794 if (kret != KERN_SUCCESS) {
795 (void) mach_vm_deallocate(user_map, user_addr, user_size);
796 goto out;
797 }
798 PSHM_SUBSYS_LOCK();
799 pnode->mapp_addr = user_addr;
800 pnode->map_size = user_size;
801 pinfo->pshm_flags |= (PSHM_MAPPED | PSHM_INUSE);
802 PSHM_SUBSYS_UNLOCK();
803 out:
804 switch (kret) {
805 case KERN_SUCCESS:
806 *retval = (user_addr + pageoff);
807 return (0);
808 case KERN_INVALID_ADDRESS:
809 case KERN_NO_SPACE:
810 return (ENOMEM);
811 case KERN_PROTECTION_FAILURE:
812 return (EACCES);
813 default:
814 return (EINVAL);
815 }
816
817 }
818
819 int
820 shm_unlink(__unused struct proc *p, struct shm_unlink_args *uap,
821 __unused register_t *retval)
822 {
823 size_t i;
824 int error=0;
825 struct pshmname nd;
826 struct pshminfo *pinfo;
827 char * pnbuf;
828 char * nameptr;
829 char * cp;
830 size_t pathlen, plen;
831 int incache = 0;
832 struct pshmcache *pcache = PSHMCACHE_NULL;
833
834 pinfo = PSHMINFO_NULL;
835
836 MALLOC_ZONE(pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
837 if (pnbuf == NULL) {
838 return(ENOSPC); /* XXX non-standard */
839 }
840 pathlen = MAXPATHLEN;
841 error = copyinstr(uap->name, (void *)pnbuf, MAXPATHLEN, &pathlen);
842 if (error) {
843 goto bad;
844 }
845 AUDIT_ARG(text, pnbuf);
846 if (pathlen > PSHMNAMLEN) {
847 error = ENAMETOOLONG;
848 goto bad;
849 }
850
851
852 #ifdef PSXSHM_NAME_RESTRICT
853 nameptr = pnbuf;
854 if (*nameptr == '/') {
855 while (*(nameptr++) == '/') {
856 plen--;
857 error = EINVAL;
858 goto bad;
859 }
860 } else {
861 error = EINVAL;
862 goto bad;
863 }
864 #endif /* PSXSHM_NAME_RESTRICT */
865
866 plen = pathlen;
867 nameptr = pnbuf;
868 nd.pshm_nameptr = nameptr;
869 nd.pshm_namelen = plen;
870 nd. pshm_hash =0;
871
872 for (cp = nameptr, i=1; *cp != 0 && i <= plen; i++, cp++) {
873 nd.pshm_hash += (unsigned char)*cp * i;
874 }
875
876 PSHM_SUBSYS_LOCK();
877 error = pshm_cache_search(&pinfo, &nd, &pcache);
878
879 if (error == ENOENT) {
880 PSHM_SUBSYS_UNLOCK();
881 error = EINVAL;
882 goto bad;
883
884 }
885 if (!error) {
886 PSHM_SUBSYS_UNLOCK();
887 error = EINVAL;
888 goto bad;
889 } else
890 incache = 1;
891
892 if ((pinfo->pshm_flags & (PSHM_DEFINED | PSHM_ALLOCATED))==0) {
893 PSHM_SUBSYS_UNLOCK();
894 return (EINVAL);
895 }
896
897 if (pinfo->pshm_flags & PSHM_INDELETE) {
898 PSHM_SUBSYS_UNLOCK();
899 error = 0;
900 goto bad;
901 }
902
903 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, pinfo->pshm_gid,
904 pinfo->pshm_mode);
905
906 /*
907 * JMM - How should permissions be checked?
908 */
909
910 pinfo->pshm_flags |= PSHM_INDELETE;
911 pshm_cache_delete(pcache);
912 pinfo->pshm_flags |= PSHM_REMOVED;
913 /* release the existence reference */
914 if (!--pinfo->pshm_usecount) {
915 PSHM_SUBSYS_UNLOCK();
916 /*
917 * If this is the last reference going away on the object,
918 * then we need to destroy the backing object. The name
919 * has an implied but uncounted reference on the object,
920 * once it's created, since it's used as a rendesvous, and
921 * therefore may be subsequently reopened.
922 */
923 if (pinfo->pshm_memobject != NULL)
924 mach_memory_entry_port_release(pinfo->pshm_memobject);
925 PSHM_SUBSYS_LOCK();
926 FREE(pinfo,M_SHM);
927 }
928 PSHM_SUBSYS_UNLOCK();
929 FREE(pcache, M_SHM);
930 error = 0;
931 bad:
932 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI);
933 return (error);
934 }
935
936 /* already called locked */
937 static int
938 pshm_close(struct pshmnode *pnode)
939 {
940 int error=0;
941 struct pshminfo *pinfo;
942
943 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL)
944 return(EINVAL);
945
946 if ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED) {
947 return(EINVAL);
948 }
949 #if DIAGNOSTIC
950 if(!pinfo->pshm_usecount) {
951 kprintf("negative usecount in pshm_close\n");
952 }
953 #endif /* DIAGNOSTIC */
954 pinfo->pshm_usecount--; /* release this fd's reference */
955
956 if ((pinfo->pshm_flags & PSHM_REMOVED) && !pinfo->pshm_usecount) {
957 PSHM_SUBSYS_UNLOCK();
958 /*
959 * If this is the last reference going away on the object,
960 * then we need to destroy the backing object.
961 */
962 if (pinfo->pshm_memobject != NULL)
963 mach_memory_entry_port_release(pinfo->pshm_memobject);
964 PSHM_SUBSYS_LOCK();
965 FREE(pinfo,M_SHM);
966 }
967 FREE(pnode, M_SHM);
968 return (error);
969 }
970
971 /* struct proc passed to match prototype for struct fileops */
972 static int
973 pshm_closefile(struct fileglob *fg, __unused struct proc *p)
974 {
975 int error;
976
977 PSHM_SUBSYS_LOCK();
978 error = pshm_close(((struct pshmnode *)fg->fg_data));
979 PSHM_SUBSYS_UNLOCK();
980 return(error);
981 }
982
983 static int
984 pshm_read(__unused struct fileproc *fp, __unused struct uio *uio,
985 __unused kauth_cred_t cred, __unused int flags,
986 __unused struct proc *p)
987 {
988 return(ENOTSUP);
989 }
990
991 static int
992 pshm_write(__unused struct fileproc *fp, __unused struct uio *uio,
993 __unused kauth_cred_t cred, __unused int flags,
994 __unused struct proc *p)
995 {
996 return(ENOTSUP);
997 }
998
999 static int
1000 pshm_ioctl(__unused struct fileproc *fp, __unused u_long com,
1001 __unused caddr_t data, __unused struct proc *p)
1002 {
1003 return(ENOTSUP);
1004 }
1005
1006 static int
1007 pshm_select(__unused struct fileproc *fp, __unused int which, __unused void *wql,
1008 __unused struct proc *p)
1009 {
1010 return(ENOTSUP);
1011 }
1012
1013 static int
1014 pshm_kqfilter(__unused struct fileproc *fp, __unused struct knote *kn,
1015 __unused struct proc *p)
1016 {
1017 return(ENOTSUP);
1018 }
mirror of XNU