]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/sysv_shm.c
projects / apple / xnu.git / blob
? search:


42ff9c687ec244daf1fc15d5ce0b2963a24029de
[apple/xnu.git] / bsd / kern / sysv_shm.c
1 /*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_OSREFERENCE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the
10 * License may not be used to create, or enable the creation or
11 * redistribution of, unlawful or unlicensed copies of an Apple operating
12 * system, or to circumvent, violate, or enable the circumvention or
13 * violation of, any terms of an Apple operating system software license
14 * agreement.
15 *
16 * Please obtain a copy of the License at
17 * http://www.opensource.apple.com/apsl/ and read it before using this
18 * file.
19 *
20 * The Original Code and all software distributed under the License are
21 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
22 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
23 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
24 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
25 * Please see the License for the specific language governing rights and
26 * limitations under the License.
27 *
28 * @APPLE_LICENSE_OSREFERENCE_HEADER_END@
29 */
30 /* $NetBSD: sysv_shm.c,v 1.23 1994/07/04 23:25:12 glass Exp $ */
31
32 /*
33 * Copyright (c) 1994 Adam Glass and Charles Hannum. All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. All advertising materials mentioning features or use of this software
44 * must display the following acknowledgement:
45 * This product includes software developed by Adam Glass and Charles
46 * Hannum.
47 * 4. The names of the authors may not be used to endorse or promote products
48 * derived from this software without specific prior written permission.
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
51 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
52 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
53 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
54 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
55 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
56 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
57 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
58 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
59 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
60 */
61
62
63 #include <sys/appleapiopts.h>
64 #include <sys/param.h>
65 #include <sys/systm.h>
66 #include <sys/kernel.h>
67 #include <sys/shm_internal.h>
68 #include <sys/proc_internal.h>
69 #include <sys/kauth.h>
70 #include <sys/malloc.h>
71 #include <sys/mman.h>
72 #include <sys/stat.h>
73 #include <sys/sysctl.h>
74 #include <sys/ipcs.h>
75 #include <sys/sysent.h>
76 #include <sys/sysproto.h>
77
78 #include <bsm/audit_kernel.h>
79
80 #include <mach/mach_types.h>
81 #include <mach/vm_inherit.h>
82 #include <mach/vm_map.h>
83
84 #include <mach/mach_vm.h>
85
86 #include <vm/vm_map.h>
87 #include <vm/vm_shared_memory_server.h>
88 #include <vm/vm_protos.h>
89
90 #include <kern/locks.h>
91
92 static void shminit(void *);
93 #if 0
94 SYSINIT(sysv_shm, SI_SUB_SYSV_SHM, SI_ORDER_FIRST, shminit, NULL)
95 #endif 0
96
97 static lck_grp_t *sysv_shm_subsys_lck_grp;
98 static lck_grp_attr_t *sysv_shm_subsys_lck_grp_attr;
99 static lck_attr_t *sysv_shm_subsys_lck_attr;
100 static lck_mtx_t sysv_shm_subsys_mutex;
101
102 #define SYSV_SHM_SUBSYS_LOCK() lck_mtx_lock(&sysv_shm_subsys_mutex)
103 #define SYSV_SHM_SUBSYS_UNLOCK() lck_mtx_unlock(&sysv_shm_subsys_mutex)
104
105 static int oshmctl(void *p, void *uap, void *retval);
106 static int shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, int * retval);
107 static int shmget_existing(struct shmget_args *uap, int mode, int segnum, int * retval);
108 static void shmid_ds_64to32(struct user_shmid_ds *in, struct shmid_ds *out);
109 static void shmid_ds_32to64(struct shmid_ds *in, struct user_shmid_ds *out);
110
111 /* XXX casting to (sy_call_t *) is bogus, as usual. */
112 static sy_call_t *shmcalls[] = {
113 (sy_call_t *)shmat, (sy_call_t *)oshmctl,
114 (sy_call_t *)shmdt, (sy_call_t *)shmget,
115 (sy_call_t *)shmctl
116 };
117
118 #define SHMSEG_FREE 0x0200
119 #define SHMSEG_REMOVED 0x0400
120 #define SHMSEG_ALLOCATED 0x0800
121 #define SHMSEG_WANTED 0x1000
122
123 static int shm_last_free, shm_nused, shm_committed;
124 struct user_shmid_ds *shmsegs; /* 64 bit version */
125 static int shm_inited = 0;
126
127 struct shm_handle {
128 void * shm_object; /* vm_offset_t kva; */
129 };
130
131 struct shmmap_state {
132 mach_vm_address_t va; /* user address */
133 int shmid; /* segment id */
134 };
135
136 static void shm_deallocate_segment(struct user_shmid_ds *);
137 static int shm_find_segment_by_key(key_t);
138 static struct user_shmid_ds *shm_find_segment_by_shmid(int);
139 static int shm_delete_mapping(struct proc *, struct shmmap_state *, int);
140
141 #ifdef __APPLE_API_PRIVATE
142 struct shminfo shminfo = {
143 -1, /* SHMMAX 4096 *1024 */
144 -1, /* SHMMIN = 1 */
145 -1, /* SHMMNI = 1 */
146 -1, /* SHMSEG = 8 */
147 -1 /* SHMALL = 1024 */
148 };
149 #endif /* __APPLE_API_PRIVATE */
150
151 void sysv_shm_lock_init(void);
152
153 static __inline__ time_t
154 sysv_shmtime(void)
155 {
156 struct timeval tv;
157 microtime(&tv);
158 return (tv.tv_sec);
159 }
160
161 /*
162 * This conversion is safe, since if we are converting for a 32 bit process,
163 * then it's value of (struct shmid_ds)->shm_segsz will never exceed 4G.
164 *
165 * NOTE: Source and target may *NOT* overlap! (target is smaller)
166 */
167 static void
168 shmid_ds_64to32(struct user_shmid_ds *in, struct shmid_ds *out)
169 {
170 out->shm_perm = in->shm_perm;
171 out->shm_segsz = (size_t)in->shm_segsz;
172 out->shm_lpid = in->shm_lpid;
173 out->shm_cpid = in->shm_cpid;
174 out->shm_nattch = in->shm_nattch;
175 out->shm_atime = in->shm_atime;
176 out->shm_dtime = in->shm_dtime;
177 out->shm_ctime = in->shm_ctime;
178 out->shm_internal = CAST_DOWN(void *,in->shm_internal);
179 }
180
181 /*
182 * NOTE: Source and target may are permitted to overlap! (source is smaller);
183 * this works because we copy fields in order from the end of the struct to
184 * the beginning.
185 */
186 static void
187 shmid_ds_32to64(struct shmid_ds *in, struct user_shmid_ds *out)
188 {
189 out->shm_internal = CAST_USER_ADDR_T(in->shm_internal);
190 out->shm_ctime = in->shm_ctime;
191 out->shm_dtime = in->shm_dtime;
192 out->shm_atime = in->shm_atime;
193 out->shm_nattch = in->shm_nattch;
194 out->shm_cpid = in->shm_cpid;
195 out->shm_lpid = in->shm_lpid;
196 out->shm_segsz = (user_size_t)in->shm_segsz;
197 out->shm_perm = in->shm_perm;
198 }
199
200
201 static int
202 shm_find_segment_by_key(key_t key)
203 {
204 int i;
205
206 for (i = 0; i < shminfo.shmmni; i++)
207 if ((shmsegs[i].shm_perm.mode & SHMSEG_ALLOCATED) &&
208 shmsegs[i].shm_perm.key == key)
209 return i;
210 return -1;
211 }
212
213 static struct user_shmid_ds *
214 shm_find_segment_by_shmid(int shmid)
215 {
216 int segnum;
217 struct user_shmid_ds *shmseg;
218
219 segnum = IPCID_TO_IX(shmid);
220 if (segnum < 0 || segnum >= shminfo.shmmni)
221 return NULL;
222 shmseg = &shmsegs[segnum];
223 if ((shmseg->shm_perm.mode & (SHMSEG_ALLOCATED | SHMSEG_REMOVED))
224 != SHMSEG_ALLOCATED ||
225 shmseg->shm_perm.seq != IPCID_TO_SEQ(shmid))
226 return NULL;
227 return shmseg;
228 }
229
230 static void
231 shm_deallocate_segment(struct user_shmid_ds *shmseg)
232 {
233 struct shm_handle *shm_handle;
234 mach_vm_size_t size;
235
236 shm_handle = CAST_DOWN(void *,shmseg->shm_internal); /* tunnel */
237 size = mach_vm_round_page(shmseg->shm_segsz);
238 mach_memory_entry_port_release(shm_handle->shm_object);
239 shm_handle->shm_object = NULL;
240 FREE((caddr_t)shm_handle, M_SHM);
241 shmseg->shm_internal = USER_ADDR_NULL; /* tunnel */
242 shm_committed -= btoc(size);
243 shm_nused--;
244 shmseg->shm_perm.mode = SHMSEG_FREE;
245 }
246
247 static int
248 shm_delete_mapping(__unused struct proc *p, struct shmmap_state *shmmap_s,
249 int deallocate)
250 {
251 struct user_shmid_ds *shmseg;
252 int segnum, result;
253 mach_vm_size_t size;
254
255 segnum = IPCID_TO_IX(shmmap_s->shmid);
256 shmseg = &shmsegs[segnum];
257 size = mach_vm_round_page(shmseg->shm_segsz); /* XXX done for us? */
258 if (deallocate) {
259 result = mach_vm_deallocate(current_map(), shmmap_s->va, size);
260 if (result != KERN_SUCCESS)
261 return EINVAL;
262 }
263 shmmap_s->shmid = -1;
264 shmseg->shm_dtime = sysv_shmtime();
265 if ((--shmseg->shm_nattch <= 0) &&
266 (shmseg->shm_perm.mode & SHMSEG_REMOVED)) {
267 shm_deallocate_segment(shmseg);
268 shm_last_free = segnum;
269 }
270 return 0;
271 }
272
273 int
274 shmdt(struct proc *p, struct shmdt_args *uap, register_t *retval)
275 {
276 struct shmmap_state *shmmap_s;
277 int i;
278 int shmdtret = 0;
279
280 // LP64todo - fix this
281 AUDIT_ARG(svipc_addr, CAST_DOWN(void *,uap->shmaddr));
282
283 SYSV_SHM_SUBSYS_LOCK();
284
285 if (!shm_inited) {
286 shmdtret = EINVAL;
287 goto shmdt_out;
288 }
289 shmmap_s = (struct shmmap_state *)p->vm_shm;
290 if (shmmap_s == NULL) {
291 shmdtret = EINVAL;
292 goto shmdt_out;
293 }
294
295 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
296 if (shmmap_s->shmid != -1 &&
297 shmmap_s->va == (mach_vm_offset_t)uap->shmaddr)
298 break;
299 if (i == shminfo.shmseg) {
300 shmdtret = EINVAL;
301 goto shmdt_out;
302 }
303 i = shm_delete_mapping(p, shmmap_s, 1);
304
305 if (i == 0)
306 *retval = 0;
307 shmdtret = i;
308 shmdt_out:
309 SYSV_SHM_SUBSYS_UNLOCK();
310 return shmdtret;
311 }
312
313 int
314 shmat(struct proc *p, struct shmat_args *uap, register_t *retval)
315 {
316 int error, i, flags;
317 struct user_shmid_ds *shmseg;
318 struct shmmap_state *shmmap_s = NULL;
319 struct shm_handle *shm_handle;
320 mach_vm_address_t attach_va; /* attach address in/out */
321 mach_vm_size_t map_size; /* size of map entry */
322 vm_prot_t prot;
323 size_t size;
324 kern_return_t rv;
325 int shmat_ret = 0;
326
327 AUDIT_ARG(svipc_id, uap->shmid);
328 // LP64todo - fix this
329 AUDIT_ARG(svipc_addr, CAST_DOWN(void *,uap->shmaddr));
330
331 SYSV_SHM_SUBSYS_LOCK();
332
333 if (!shm_inited) {
334 shmat_ret = EINVAL;
335 goto shmat_out;
336 }
337
338 shmmap_s = (struct shmmap_state *)p->vm_shm;
339
340 if (shmmap_s == NULL) {
341 size = shminfo.shmseg * sizeof(struct shmmap_state);
342 MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK);
343 if (shmmap_s == NULL) {
344 shmat_ret = ENOMEM;
345 goto shmat_out;
346 }
347 for (i = 0; i < shminfo.shmseg; i++)
348 shmmap_s[i].shmid = -1;
349 p->vm_shm = (caddr_t)shmmap_s;
350 }
351 shmseg = shm_find_segment_by_shmid(uap->shmid);
352 if (shmseg == NULL) {
353 shmat_ret = EINVAL;
354 goto shmat_out;
355 }
356
357 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
358 error = ipcperm(kauth_cred_get(), &shmseg->shm_perm,
359 (uap->shmflg & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W);
360 if (error) {
361 shmat_ret = error;
362 goto shmat_out;
363 }
364
365 for (i = 0; i < shminfo.shmseg; i++) {
366 if (shmmap_s->shmid == -1)
367 break;
368 shmmap_s++;
369 }
370 if (i >= shminfo.shmseg) {
371 shmat_ret = EMFILE;
372 goto shmat_out;
373 }
374
375 map_size = mach_vm_round_page(shmseg->shm_segsz);
376 prot = VM_PROT_READ;
377 if ((uap->shmflg & SHM_RDONLY) == 0)
378 prot |= VM_PROT_WRITE;
379 flags = MAP_ANON | MAP_SHARED;
380 if (uap->shmaddr)
381 flags |= MAP_FIXED;
382
383 attach_va = (mach_vm_address_t)uap->shmaddr;
384 if (uap->shmflg & SHM_RND)
385 attach_va &= ~(SHMLBA-1);
386 else if ((attach_va & (SHMLBA-1)) != 0) {
387 shmat_ret = EINVAL;
388 goto shmat_out;
389 }
390
391 shm_handle = CAST_DOWN(void *, shmseg->shm_internal); /* tunnel */
392
393 rv = mach_vm_map(current_map(), /* process map */
394 &attach_va, /* attach address */
395 map_size, /* segment size */
396 (mach_vm_offset_t)0, /* alignment mask */
397 (flags & MAP_FIXED)? VM_FLAGS_FIXED: VM_FLAGS_ANYWHERE,
398 shm_handle->shm_object,
399 (mach_vm_offset_t)0,
400 FALSE,
401 prot,
402 prot,
403 VM_INHERIT_DEFAULT);
404 if (rv != KERN_SUCCESS)
405 goto out;
406
407 rv = mach_vm_inherit(current_map(), attach_va, map_size, VM_INHERIT_SHARE);
408 if (rv != KERN_SUCCESS) {
409 (void)mach_vm_deallocate(current_map(), attach_va, map_size);
410 goto out;
411 }
412
413 shmmap_s->va = attach_va;
414 shmmap_s->shmid = uap->shmid;
415 shmseg->shm_lpid = p->p_pid;
416 shmseg->shm_atime = sysv_shmtime();
417 shmseg->shm_nattch++;
418 *retval = attach_va; /* XXX return -1 on error */
419 shmat_ret = 0;
420 goto shmat_out;
421 out:
422 switch (rv) {
423 case KERN_INVALID_ADDRESS:
424 case KERN_NO_SPACE:
425 shmat_ret = ENOMEM;
426 case KERN_PROTECTION_FAILURE:
427 shmat_ret = EACCES;
428 default:
429 shmat_ret = EINVAL;
430 }
431 shmat_out:
432 SYSV_SHM_SUBSYS_UNLOCK();
433 return shmat_ret;
434 }
435
436 static int
437 oshmctl(__unused void *p, __unused void *uap, __unused void *retval)
438 {
439 return EINVAL;
440 }
441
442 int
443 shmctl(__unused struct proc *p, struct shmctl_args *uap, register_t *retval)
444 {
445 int error;
446 kauth_cred_t cred = kauth_cred_get();
447 struct user_shmid_ds inbuf;
448 struct user_shmid_ds *shmseg;
449 size_t shmid_ds_sz = sizeof(struct user_shmid_ds);
450
451 int shmctl_ret = 0;
452
453 AUDIT_ARG(svipc_cmd, uap->cmd);
454 AUDIT_ARG(svipc_id, uap->shmid);
455
456 SYSV_SHM_SUBSYS_LOCK();
457
458 if (!shm_inited) {
459 shmctl_ret = EINVAL;
460 goto shmctl_out;
461 }
462
463 if (!IS_64BIT_PROCESS(p))
464 shmid_ds_sz = sizeof(struct shmid_ds);
465
466 shmseg = shm_find_segment_by_shmid(uap->shmid);
467 if (shmseg == NULL) {
468 shmctl_ret = EINVAL;
469 goto shmctl_out;
470 }
471
472 /* XXAUDIT: This is the perms BEFORE any change by this call. This
473 * may not be what is desired.
474 */
475 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
476
477 switch (uap->cmd) {
478 case IPC_STAT:
479 error = ipcperm(cred, &shmseg->shm_perm, IPC_R);
480 if (error) {
481 shmctl_ret = error;
482 goto shmctl_out;
483 }
484
485 if (IS_64BIT_PROCESS(p)) {
486 error = copyout(shmseg, uap->buf, sizeof(struct user_shmid_ds));
487 } else {
488 struct shmid_ds shmid_ds32;
489 shmid_ds_64to32(shmseg, &shmid_ds32);
490 error = copyout(&shmid_ds32, uap->buf, sizeof(struct shmid_ds));
491 }
492 if (error) {
493 shmctl_ret = error;
494 goto shmctl_out;
495 }
496 break;
497 case IPC_SET:
498 error = ipcperm(cred, &shmseg->shm_perm, IPC_M);
499 if (error) {
500 shmctl_ret = error;
501 goto shmctl_out;
502 }
503 if (IS_64BIT_PROCESS(p)) {
504 error = copyin(uap->buf, &inbuf, sizeof(struct user_shmid_ds));
505 } else {
506 error = copyin(uap->buf, &inbuf, sizeof(struct shmid_ds));
507 /* convert in place; ugly, but safe */
508 shmid_ds_32to64((struct shmid_ds *)&inbuf, &inbuf);
509 }
510 if (error) {
511 shmctl_ret = error;
512 goto shmctl_out;
513 }
514 shmseg->shm_perm.uid = inbuf.shm_perm.uid;
515 shmseg->shm_perm.gid = inbuf.shm_perm.gid;
516 shmseg->shm_perm.mode =
517 (shmseg->shm_perm.mode & ~ACCESSPERMS) |
518 (inbuf.shm_perm.mode & ACCESSPERMS);
519 shmseg->shm_ctime = sysv_shmtime();
520 break;
521 case IPC_RMID:
522 error = ipcperm(cred, &shmseg->shm_perm, IPC_M);
523 if (error) {
524 shmctl_ret = error;
525 goto shmctl_out;
526 }
527 shmseg->shm_perm.key = IPC_PRIVATE;
528 shmseg->shm_perm.mode |= SHMSEG_REMOVED;
529 if (shmseg->shm_nattch <= 0) {
530 shm_deallocate_segment(shmseg);
531 shm_last_free = IPCID_TO_IX(uap->shmid);
532 }
533 break;
534 #if 0
535 case SHM_LOCK:
536 case SHM_UNLOCK:
537 #endif
538 default:
539 shmctl_ret = EINVAL;
540 goto shmctl_out;
541 }
542 *retval = 0;
543 shmctl_ret = 0;
544 shmctl_out:
545 SYSV_SHM_SUBSYS_UNLOCK();
546 return shmctl_ret;
547 }
548
549 static int
550 shmget_existing(struct shmget_args *uap, int mode, int segnum, int *retval)
551 {
552 struct user_shmid_ds *shmseg;
553 int error;
554
555 shmseg = &shmsegs[segnum];
556 if (shmseg->shm_perm.mode & SHMSEG_REMOVED) {
557 /*
558 * This segment is in the process of being allocated. Wait
559 * until it's done, and look the key up again (in case the
560 * allocation failed or it was freed).
561 */
562 shmseg->shm_perm.mode |= SHMSEG_WANTED;
563 error = tsleep((caddr_t)shmseg, PLOCK | PCATCH, "shmget", 0);
564 if (error)
565 return error;
566 return EAGAIN;
567 }
568 error = ipcperm(kauth_cred_get(), &shmseg->shm_perm, mode);
569 if (error)
570 return error;
571 if (uap->size && uap->size > shmseg->shm_segsz)
572 return EINVAL;
573 if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
574 return EEXIST;
575 *retval = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
576 return 0;
577 }
578
579 static int
580 shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode,
581 int *retval)
582 {
583 int i, segnum, shmid, size;
584 kauth_cred_t cred = kauth_cred_get();
585 struct user_shmid_ds *shmseg;
586 struct shm_handle *shm_handle;
587 kern_return_t kret;
588 vm_offset_t user_addr;
589 void * mem_object;
590
591 if (uap->size < (user_size_t)shminfo.shmmin ||
592 uap->size > (user_size_t)shminfo.shmmax)
593 return EINVAL;
594 if (shm_nused >= shminfo.shmmni) /* any shmids left? */
595 return ENOSPC;
596 size = mach_vm_round_page(uap->size);
597 if (shm_committed + btoc(size) > shminfo.shmall)
598 return ENOMEM;
599 if (shm_last_free < 0) {
600 for (i = 0; i < shminfo.shmmni; i++)
601 if (shmsegs[i].shm_perm.mode & SHMSEG_FREE)
602 break;
603 if (i == shminfo.shmmni)
604 panic("shmseg free count inconsistent");
605 segnum = i;
606 } else {
607 segnum = shm_last_free;
608 shm_last_free = -1;
609 }
610 shmseg = &shmsegs[segnum];
611 /*
612 * In case we sleep in malloc(), mark the segment present but deleted
613 * so that noone else tries to create the same key.
614 */
615 kret = vm_allocate(current_map(), &user_addr, size, VM_FLAGS_ANYWHERE);
616 if (kret != KERN_SUCCESS)
617 goto out;
618
619 kret = mach_make_memory_entry (current_map(), &size, user_addr,
620 VM_PROT_DEFAULT, (mem_entry_name_port_t *)&mem_object, 0);
621
622 if (kret != KERN_SUCCESS)
623 goto out;
624
625 vm_deallocate(current_map(), user_addr, size);
626
627 shmseg->shm_perm.mode = SHMSEG_ALLOCATED | SHMSEG_REMOVED;
628 shmseg->shm_perm.key = uap->key;
629 shmseg->shm_perm.seq = (shmseg->shm_perm.seq + 1) & 0x7fff;
630 MALLOC(shm_handle, struct shm_handle *, sizeof(struct shm_handle), M_SHM, M_WAITOK);
631 if (shm_handle == NULL) {
632 kret = KERN_NO_SPACE;
633 mach_memory_entry_port_release(mem_object);
634 mem_object = NULL;
635 goto out;
636 }
637 shm_handle->shm_object = mem_object;
638 shmid = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
639
640 shmseg->shm_internal = CAST_USER_ADDR_T(shm_handle); /* tunnel */
641 shmseg->shm_perm.cuid = shmseg->shm_perm.uid = kauth_cred_getuid(cred);
642 shmseg->shm_perm.cgid = shmseg->shm_perm.gid = cred->cr_gid;
643 shmseg->shm_perm.mode = (shmseg->shm_perm.mode & SHMSEG_WANTED) |
644 (mode & ACCESSPERMS) | SHMSEG_ALLOCATED;
645 shmseg->shm_segsz = uap->size;
646 shmseg->shm_cpid = p->p_pid;
647 shmseg->shm_lpid = shmseg->shm_nattch = 0;
648 shmseg->shm_atime = shmseg->shm_dtime = 0;
649 shmseg->shm_ctime = sysv_shmtime();
650 shm_committed += btoc(size);
651 shm_nused++;
652 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
653 if (shmseg->shm_perm.mode & SHMSEG_WANTED) {
654 /*
655 * Somebody else wanted this key while we were asleep. Wake
656 * them up now.
657 */
658 shmseg->shm_perm.mode &= ~SHMSEG_WANTED;
659 wakeup((caddr_t)shmseg);
660 }
661 *retval = shmid;
662 AUDIT_ARG(svipc_id, shmid);
663 return 0;
664 out:
665 switch (kret) {
666 case KERN_INVALID_ADDRESS:
667 case KERN_NO_SPACE:
668 return (ENOMEM);
669 case KERN_PROTECTION_FAILURE:
670 return (EACCES);
671 default:
672 return (EINVAL);
673 }
674
675 }
676
677 int
678 shmget(struct proc *p, struct shmget_args *uap, register_t *retval)
679 {
680 int segnum, mode, error;
681 int shmget_ret = 0;
682
683 /* Auditing is actually done in shmget_allocate_segment() */
684
685 SYSV_SHM_SUBSYS_LOCK();
686
687 if (!shm_inited) {
688 shmget_ret = EINVAL;
689 goto shmget_out;
690 }
691
692 mode = uap->shmflg & ACCESSPERMS;
693 if (uap->key != IPC_PRIVATE) {
694 again:
695 segnum = shm_find_segment_by_key(uap->key);
696 if (segnum >= 0) {
697 error = shmget_existing(uap, mode, segnum, retval);
698 if (error == EAGAIN)
699 goto again;
700 shmget_ret = error;
701 goto shmget_out;
702 }
703 if ((uap->shmflg & IPC_CREAT) == 0) {
704 shmget_ret = ENOENT;
705 goto shmget_out;
706 }
707 }
708 shmget_ret = shmget_allocate_segment(p, uap, mode, retval);
709 shmget_out:
710 SYSV_SHM_SUBSYS_UNLOCK();
711 return shmget_ret;
712 /*NOTREACHED*/
713
714 }
715
716 /* XXX actually varargs. */
717 int
718 shmsys(struct proc *p, struct shmsys_args *uap, register_t *retval)
719 {
720
721 /* The routine that we are dispatching already does this */
722
723 if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0]))
724 return EINVAL;
725 return ((*shmcalls[uap->which])(p, &uap->a2, retval));
726 }
727
728 /*
729 * Return 0 on success, 1 on failure.
730 */
731 int
732 shmfork(struct proc *p1, struct proc *p2)
733 {
734 struct shmmap_state *shmmap_s;
735 size_t size;
736 int i;
737 int shmfork_ret = 0;
738
739 SYSV_SHM_SUBSYS_LOCK();
740
741 if (!shm_inited) {
742 shmfork_ret = 0;
743 goto shmfork_out;
744 }
745
746 size = shminfo.shmseg * sizeof(struct shmmap_state);
747 MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK);
748 if (shmmap_s != NULL) {
749 bcopy((caddr_t)p1->vm_shm, (caddr_t)shmmap_s, size);
750 p2->vm_shm = (caddr_t)shmmap_s;
751 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
752 if (shmmap_s->shmid != -1)
753 shmsegs[IPCID_TO_IX(shmmap_s->shmid)].shm_nattch++;
754 shmfork_ret = 0;
755 goto shmfork_out;
756 }
757
758 shmfork_ret = 1; /* failed to copy to child - ENOMEM */
759 shmfork_out:
760 SYSV_SHM_SUBSYS_UNLOCK();
761 return shmfork_ret;
762 }
763
764 void
765 shmexit(struct proc *p)
766 {
767 struct shmmap_state *shmmap_s;
768 int i;
769
770 shmmap_s = (struct shmmap_state *)p->vm_shm;
771
772 SYSV_SHM_SUBSYS_LOCK();
773 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
774 if (shmmap_s->shmid != -1)
775 shm_delete_mapping(p, shmmap_s, 1);
776 FREE((caddr_t)p->vm_shm, M_SHM);
777 p->vm_shm = NULL;
778 SYSV_SHM_SUBSYS_UNLOCK();
779 }
780
781 /*
782 * shmexec() is like shmexit(), only it doesn't delete the mappings,
783 * since the old address space has already been destroyed and the new
784 * one instantiated. Instead, it just does the housekeeping work we
785 * need to do to keep the System V shared memory subsystem sane.
786 */
787 __private_extern__ void
788 shmexec(struct proc *p)
789 {
790 struct shmmap_state *shmmap_s;
791 int i;
792
793 shmmap_s = (struct shmmap_state *)p->vm_shm;
794 SYSV_SHM_SUBSYS_LOCK();
795 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
796 if (shmmap_s->shmid != -1)
797 shm_delete_mapping(p, shmmap_s, 0);
798 FREE((caddr_t)p->vm_shm, M_SHM);
799 p->vm_shm = NULL;
800 SYSV_SHM_SUBSYS_UNLOCK();
801 }
802
803 void
804 shminit(__unused void *dummy)
805 {
806 int i;
807 int s;
808
809 if (!shm_inited) {
810 /*
811 * we store internally 64 bit, since if we didn't, we would
812 * be unable to represent a segment size in excess of 32 bits
813 * with the (struct shmid_ds)->shm_segsz field; also, POSIX
814 * dictates this filed be a size_t, which is 64 bits when
815 * running 64 bit binaries.
816 */
817 s = sizeof(struct user_shmid_ds) * shminfo.shmmni;
818
819 MALLOC(shmsegs, struct user_shmid_ds *, s, M_SHM, M_WAITOK);
820 if (shmsegs == NULL) {
821 /* XXX fail safely: leave shared memory uninited */
822 return;
823 }
824 for (i = 0; i < shminfo.shmmni; i++) {
825 shmsegs[i].shm_perm.mode = SHMSEG_FREE;
826 shmsegs[i].shm_perm.seq = 0;
827 }
828 shm_last_free = 0;
829 shm_nused = 0;
830 shm_committed = 0;
831 shm_inited = 1;
832 }
833 }
834 /* Initialize the mutex governing access to the SysV shm subsystem */
835 __private_extern__ void
836 sysv_shm_lock_init( void )
837 {
838
839 sysv_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init();
840
841 sysv_shm_subsys_lck_grp = lck_grp_alloc_init("sysv_shm_subsys_lock", sysv_shm_subsys_lck_grp_attr);
842
843 sysv_shm_subsys_lck_attr = lck_attr_alloc_init();
844 lck_mtx_init(&sysv_shm_subsys_mutex, sysv_shm_subsys_lck_grp, sysv_shm_subsys_lck_attr);
845 }
846
847 /* (struct sysctl_oid *oidp, void *arg1, int arg2, \
848 struct sysctl_req *req) */
849 static int
850 sysctl_shminfo(__unused struct sysctl_oid *oidp, void *arg1,
851 __unused int arg2, struct sysctl_req *req)
852 {
853 int error = 0;
854 int sysctl_shminfo_ret = 0;
855
856 error = SYSCTL_OUT(req, arg1, sizeof(int64_t));
857 if (error || req->newptr == USER_ADDR_NULL)
858 return(error);
859
860 SYSV_SHM_SUBSYS_LOCK();
861 /* Set the values only if shared memory is not initialised */
862 if (!shm_inited) {
863 if ((error = SYSCTL_IN(req, arg1, sizeof(int64_t)))
864 != 0) {
865 sysctl_shminfo_ret = error;
866 goto sysctl_shminfo_out;
867 }
868
869 if (arg1 == &shminfo.shmmax) {
870 if (shminfo.shmmax & PAGE_MASK_64) {
871 shminfo.shmmax = (int64_t)-1;
872 sysctl_shminfo_ret = EINVAL;
873 goto sysctl_shminfo_out;
874 }
875 }
876
877 /* Initialize only when all values are set */
878 if ((shminfo.shmmax != (int64_t)-1) &&
879 (shminfo.shmmin != (int64_t)-1) &&
880 (shminfo.shmmni != (int64_t)-1) &&
881 (shminfo.shmseg != (int64_t)-1) &&
882 (shminfo.shmall != (int64_t)-1)) {
883 shminit(NULL);
884 }
885 }
886 sysctl_shminfo_ret = 0;
887 sysctl_shminfo_out:
888 SYSV_SHM_SUBSYS_UNLOCK();
889 return sysctl_shminfo_ret;
890 }
891
892 static int
893 IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1,
894 __unused int arg2, struct sysctl_req *req)
895 {
896 int error;
897 int cursor;
898 union {
899 struct IPCS_command u32;
900 struct user_IPCS_command u64;
901 } ipcs;
902 struct shmid_ds shmid_ds32; /* post conversion, 32 bit version */
903 void *shmid_dsp;
904 size_t ipcs_sz = sizeof(struct user_IPCS_command);
905 size_t shmid_ds_sz = sizeof(struct user_shmid_ds);
906 struct proc *p = current_proc();
907
908 int ipcs__shminfo_ret = 0;
909
910 SYSV_SHM_SUBSYS_LOCK();
911
912 if (!shm_inited) {
913 error = EINVAL;
914 goto ipcs_shm_sysctl_out;
915 }
916
917 if (!IS_64BIT_PROCESS(p)) {
918 ipcs_sz = sizeof(struct IPCS_command);
919 shmid_ds_sz = sizeof(struct shmid_ds);
920 }
921
922 /* Copy in the command structure */
923 if ((error = SYSCTL_IN(req, &ipcs, ipcs_sz)) != 0) {
924 goto ipcs_shm_sysctl_out;
925 }
926
927 if (!IS_64BIT_PROCESS(p)) /* convert in place */
928 ipcs.u64.ipcs_data = CAST_USER_ADDR_T(ipcs.u32.ipcs_data);
929
930 /* Let us version this interface... */
931 if (ipcs.u64.ipcs_magic != IPCS_MAGIC) {
932 error = EINVAL;
933 goto ipcs_shm_sysctl_out;
934 }
935
936 switch(ipcs.u64.ipcs_op) {
937 case IPCS_SHM_CONF: /* Obtain global configuration data */
938 if (ipcs.u64.ipcs_datalen != sizeof(struct shminfo)) {
939 if (ipcs.u64.ipcs_cursor != 0) { /* fwd. compat. */
940 error = ENOMEM;
941 break;
942 }
943 error = ERANGE;
944 break;
945 }
946 error = copyout(&shminfo, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen);
947 break;
948
949 case IPCS_SHM_ITER: /* Iterate over existing segments */
950 cursor = ipcs.u64.ipcs_cursor;
951 if (cursor < 0 || cursor >= shminfo.shmmni) {
952 error = ERANGE;
953 break;
954 }
955 if (ipcs.u64.ipcs_datalen != (int)shmid_ds_sz) {
956 error = ENOMEM;
957 break;
958 }
959 for( ; cursor < shminfo.shmmni; cursor++) {
960 if (shmsegs[cursor].shm_perm.mode & SHMSEG_ALLOCATED)
961 break;
962 continue;
963 }
964 if (cursor == shminfo.shmmni) {
965 error = ENOENT;
966 break;
967 }
968
969 shmid_dsp = &shmsegs[cursor]; /* default: 64 bit */
970
971 /*
972 * If necessary, convert the 64 bit kernel segment
973 * descriptor to a 32 bit user one.
974 */
975 if (!IS_64BIT_PROCESS(p)) {
976 shmid_ds_64to32(shmid_dsp, &shmid_ds32);
977 shmid_dsp = &shmid_ds32;
978 }
979 error = copyout(shmid_dsp, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen);
980 if (!error) {
981 /* update cursor */
982 ipcs.u64.ipcs_cursor = cursor + 1;
983
984 if (!IS_64BIT_PROCESS(p)) /* convert in place */
985 ipcs.u32.ipcs_data = CAST_DOWN(void *,ipcs.u64.ipcs_data);
986 error = SYSCTL_OUT(req, &ipcs, ipcs_sz);
987 }
988 break;
989
990 default:
991 error = EINVAL;
992 break;
993 }
994 ipcs_shm_sysctl_out:
995 SYSV_SHM_SUBSYS_UNLOCK();
996 return(error);
997 }
998
999 SYSCTL_NODE(_kern, KERN_SYSV, sysv, CTLFLAG_RW, 0, "SYSV");
1000
1001 SYSCTL_PROC(_kern_sysv, KSYSV_SHMMAX, shmmax, CTLTYPE_QUAD | CTLFLAG_RW,
1002 &shminfo.shmmax, 0, &sysctl_shminfo ,"Q","shmmax");
1003
1004 SYSCTL_PROC(_kern_sysv, KSYSV_SHMMIN, shmmin, CTLTYPE_QUAD | CTLFLAG_RW,
1005 &shminfo.shmmin, 0, &sysctl_shminfo ,"Q","shmmin");
1006
1007 SYSCTL_PROC(_kern_sysv, KSYSV_SHMMNI, shmmni, CTLTYPE_QUAD | CTLFLAG_RW,
1008 &shminfo.shmmni, 0, &sysctl_shminfo ,"Q","shmmni");
1009
1010 SYSCTL_PROC(_kern_sysv, KSYSV_SHMSEG, shmseg, CTLTYPE_QUAD | CTLFLAG_RW,
1011 &shminfo.shmseg, 0, &sysctl_shminfo ,"Q","shmseg");
1012
1013 SYSCTL_PROC(_kern_sysv, KSYSV_SHMALL, shmall, CTLTYPE_QUAD | CTLFLAG_RW,
1014 &shminfo.shmall, 0, &sysctl_shminfo ,"Q","shmall");
1015
1016 SYSCTL_NODE(_kern_sysv, OID_AUTO, ipcs, CTLFLAG_RW, 0, "SYSVIPCS");
1017
1018 SYSCTL_PROC(_kern_sysv_ipcs, OID_AUTO, shm, CTLFLAG_RW|CTLFLAG_ANYBODY,
1019 0, 0, IPCS_shm_sysctl,
1020 "S,IPCS_shm_command",
1021 "ipcs shm command interface");
mirror of XNU