]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/posix_shm.c
xnu-2422.110.17.tar.gz
[apple/xnu.git] / bsd / kern / posix_shm.c
1 /*
2 * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1990, 1996-1998 Apple Computer, Inc.
30 * All Rights Reserved.
31 */
32 /*
33 * posix_shm.c : Support for POSIX shared memory APIs
34 *
35 * File: posix_shm.c
36 * Author: Ananthakrishna Ramesh
37 *
38 * HISTORY
39 * 2-Sep-1999 A.Ramesh
40 * Created for MacOSX
41 *
42 */
43 /*
44 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
45 * support for mandatory and extensible security protections. This notice
46 * is included in support of clause 2.2 (b) of the Apple Public License,
47 * Version 2.0.
48 */
49
50 #include <sys/cdefs.h>
51 #include <sys/param.h>
52 #include <sys/systm.h>
53 #include <sys/kernel.h>
54 #include <sys/file_internal.h>
55 #include <sys/filedesc.h>
56 #include <sys/stat.h>
57 #include <sys/proc_internal.h>
58 #include <sys/kauth.h>
59 #include <sys/mount.h>
60 #include <sys/namei.h>
61 #include <sys/vnode.h>
62 #include <sys/vnode_internal.h>
63 #include <sys/ioctl.h>
64 #include <sys/tty.h>
65 #include <sys/malloc.h>
66 #include <sys/mman.h>
67 #include <sys/stat.h>
68 #include <sys/sysproto.h>
69 #include <sys/proc_info.h>
70 #include <security/audit/audit.h>
71
72 #if CONFIG_MACF
73 #include <security/mac_framework.h>
74 #endif
75
76 #include <mach/mach_types.h>
77 #include <mach/mach_vm.h>
78 #include <mach/vm_map.h>
79 #include <mach/vm_prot.h>
80 #include <mach/vm_inherit.h>
81 #include <mach/kern_return.h>
82 #include <mach/memory_object_control.h>
83
84 #include <vm/vm_map.h>
85 #include <vm/vm_protos.h>
86
87 #define f_flag f_fglob->fg_flag
88 #define f_type f_fglob->fg_ops->fo_type
89 #define f_msgcount f_fglob->fg_msgcount
90 #define f_cred f_fglob->fg_cred
91 #define f_ops f_fglob->fg_ops
92 #define f_offset f_fglob->fg_offset
93 #define f_data f_fglob->fg_data
94 #define PSHMNAMLEN 31 /* maximum name segment length we bother with */
95
96 struct pshmobj {
97 void * pshmo_memobject;
98 memory_object_size_t pshmo_size;
99 struct pshmobj * pshmo_next;
100 };
101
102 struct pshminfo {
103 unsigned int pshm_flags;
104 unsigned int pshm_usecount;
105 off_t pshm_length;
106 mode_t pshm_mode;
107 uid_t pshm_uid;
108 gid_t pshm_gid;
109 char pshm_name[PSHMNAMLEN + 1]; /* segment name */
110 struct pshmobj *pshm_memobjects;
111 #if DIAGNOSTIC
112 unsigned int pshm_readcount;
113 unsigned int pshm_writecount;
114 proc_t pshm_proc;
115 #endif /* DIAGNOSTIC */
116 struct label* pshm_label;
117 };
118 #define PSHMINFO_NULL (struct pshminfo *)0
119
120 #define PSHM_NONE 0x001
121 #define PSHM_DEFINED 0x002
122 #define PSHM_ALLOCATED 0x004
123 #define PSHM_MAPPED 0x008
124 #define PSHM_INUSE 0x010
125 #define PSHM_REMOVED 0x020
126 #define PSHM_INCREATE 0x040
127 #define PSHM_INDELETE 0x080
128 #define PSHM_ALLOCATING 0x100
129
130 struct pshmcache {
131 LIST_ENTRY(pshmcache) pshm_hash; /* hash chain */
132 struct pshminfo *pshminfo; /* vnode the name refers to */
133 int pshm_nlen; /* length of name */
134 char pshm_name[PSHMNAMLEN + 1]; /* segment name */
135 };
136 #define PSHMCACHE_NULL (struct pshmcache *)0
137
138 struct pshmstats {
139 long goodhits; /* hits that we can really use */
140 long neghits; /* negative hits that we can use */
141 long badhits; /* hits we must drop */
142 long falsehits; /* hits with id mismatch */
143 long miss; /* misses */
144 long longnames; /* long names that ignore cache */
145 };
146
147 struct pshmname {
148 char *pshm_nameptr; /* pointer to looked up name */
149 long pshm_namelen; /* length of looked up component */
150 u_long pshm_hash; /* hash value of looked up name */
151 };
152
153 struct pshmnode {
154 off_t mapp_addr;
155 user_size_t map_size; /* XXX unused ? */
156 struct pshminfo *pinfo;
157 unsigned int pshm_usecount;
158 #if DIAGNOSTIC
159 unsigned int readcnt;
160 unsigned int writecnt;
161 #endif
162 };
163 #define PSHMNODE_NULL (struct pshmnode *)0
164
165
166 #define PSHMHASH(pnp) \
167 (&pshmhashtbl[(pnp)->pshm_hash & pshmhash])
168
169 LIST_HEAD(pshmhashhead, pshmcache) *pshmhashtbl; /* Hash Table */
170 u_long pshmhash; /* size of hash table - 1 */
171 long pshmnument; /* number of cache entries allocated */
172 struct pshmstats pshmstats; /* cache effectiveness statistics */
173
174 static int pshm_read (struct fileproc *fp, struct uio *uio,
175 int flags, vfs_context_t ctx);
176 static int pshm_write (struct fileproc *fp, struct uio *uio,
177 int flags, vfs_context_t ctx);
178 static int pshm_ioctl (struct fileproc *fp, u_long com,
179 caddr_t data, vfs_context_t ctx);
180 static int pshm_select (struct fileproc *fp, int which, void *wql, vfs_context_t ctx);
181 static int pshm_close(struct pshminfo *pinfo, int dropref);
182 static int pshm_closefile (struct fileglob *fg, vfs_context_t ctx);
183
184 static int pshm_kqfilter(struct fileproc *fp, struct knote *kn, vfs_context_t ctx);
185
186 int pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, proc_t p);
187 static int pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *pcp);
188 static void pshm_cache_delete(struct pshmcache *pcp);
189 #if NOT_USED
190 static void pshm_cache_purge(void);
191 #endif /* NOT_USED */
192 static int pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp,
193 struct pshmcache **pcache, int addref);
194
195 static const struct fileops pshmops = {
196 DTYPE_PSXSHM,
197 pshm_read,
198 pshm_write,
199 pshm_ioctl,
200 pshm_select,
201 pshm_closefile,
202 pshm_kqfilter,
203 0
204 };
205
206 static lck_grp_t *psx_shm_subsys_lck_grp;
207 static lck_grp_attr_t *psx_shm_subsys_lck_grp_attr;
208 static lck_attr_t *psx_shm_subsys_lck_attr;
209 static lck_mtx_t psx_shm_subsys_mutex;
210
211 #define PSHM_SUBSYS_LOCK() lck_mtx_lock(& psx_shm_subsys_mutex)
212 #define PSHM_SUBSYS_UNLOCK() lck_mtx_unlock(& psx_shm_subsys_mutex)
213
214
215 /* Initialize the mutex governing access to the posix shm subsystem */
216 __private_extern__ void
217 pshm_lock_init( void )
218 {
219
220 psx_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init();
221
222 psx_shm_subsys_lck_grp = lck_grp_alloc_init("posix shared memory", psx_shm_subsys_lck_grp_attr);
223
224 psx_shm_subsys_lck_attr = lck_attr_alloc_init();
225 lck_mtx_init(& psx_shm_subsys_mutex, psx_shm_subsys_lck_grp, psx_shm_subsys_lck_attr);
226 }
227
228 /*
229 * Lookup an entry in the cache
230 *
231 *
232 * status of -1 is returned if matches
233 * If the lookup determines that the name does not exist
234 * (negative cacheing), a status of ENOENT is returned. If the lookup
235 * fails, a status of zero is returned.
236 */
237
238 static int
239 pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp,
240 struct pshmcache **pcache, int addref)
241 {
242 struct pshmcache *pcp, *nnp;
243 struct pshmhashhead *pcpp;
244
245 if (pnp->pshm_namelen > PSHMNAMLEN) {
246 pshmstats.longnames++;
247 return (0);
248 }
249
250 pcpp = PSHMHASH(pnp);
251 for (pcp = pcpp->lh_first; pcp != 0; pcp = nnp) {
252 nnp = pcp->pshm_hash.le_next;
253 if (pcp->pshm_nlen == pnp->pshm_namelen &&
254 !bcmp(pcp->pshm_name, pnp->pshm_nameptr, (u_int)pcp-> pshm_nlen))
255 break;
256 }
257
258 if (pcp == 0) {
259 pshmstats.miss++;
260 return (0);
261 }
262
263 /* We found a "positive" match, return the vnode */
264 if (pcp->pshminfo) {
265 pshmstats.goodhits++;
266 /* TOUCH(ncp); */
267 *pshmp = pcp->pshminfo;
268 *pcache = pcp;
269 if (addref)
270 pcp->pshminfo->pshm_usecount++;
271 return (-1);
272 }
273
274 /*
275 * We found a "negative" match, ENOENT notifies client of this match.
276 * The nc_vpid field records whether this is a whiteout.
277 */
278 pshmstats.neghits++;
279 return (ENOENT);
280 }
281
282 /*
283 * Add an entry to the cache.
284 * XXX should be static?
285 */
286 static int
287 pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *pcp)
288 {
289 struct pshmhashhead *pcpp;
290 struct pshminfo *dpinfo;
291 struct pshmcache *dpcp;
292
293 #if DIAGNOSTIC
294 if (pnp->pshm_namelen > PSHMNAMLEN)
295 panic("cache_enter: name too long");
296 #endif
297
298
299 /* if the entry has already been added by some one else return */
300 if (pshm_cache_search(&dpinfo, pnp, &dpcp, 0) == -1) {
301 return(EEXIST);
302 }
303 pshmnument++;
304
305 /*
306 * Fill in cache info, if vp is NULL this is a "negative" cache entry.
307 * For negative entries, we have to record whether it is a whiteout.
308 * the whiteout flag is stored in the nc_vpid field which is
309 * otherwise unused.
310 */
311 pcp->pshminfo = pshmp;
312 pcp->pshm_nlen = pnp->pshm_namelen;
313 bcopy(pnp->pshm_nameptr, pcp->pshm_name, (unsigned)pcp->pshm_nlen);
314 pcpp = PSHMHASH(pnp);
315 #if DIAGNOSTIC
316 {
317 struct pshmcache *p;
318
319 for (p = pcpp->lh_first; p != 0; p = p->pshm_hash.le_next)
320 if (p == pcp)
321 panic("cache_enter: duplicate");
322 }
323 #endif
324 LIST_INSERT_HEAD(pcpp, pcp, pshm_hash);
325 return(0);
326 }
327
328 /*
329 * Name cache initialization, from vfs_init() when we are booting
330 */
331 void
332 pshm_cache_init(void)
333 {
334 pshmhashtbl = hashinit(desiredvnodes / 8, M_SHM, &pshmhash);
335 }
336
337 #if NOT_USED
338 /*
339 * Invalidate a all entries to particular vnode.
340 *
341 * We actually just increment the v_id, that will do it. The entries will
342 * be purged by lookup as they get found. If the v_id wraps around, we
343 * need to ditch the entire cache, to avoid confusion. No valid vnode will
344 * ever have (v_id == 0).
345 */
346 static void
347 pshm_cache_purge(void)
348 {
349 struct pshmcache *pcp;
350 struct pshmhashhead *pcpp;
351
352 for (pcpp = &pshmhashtbl[pshmhash]; pcpp >= pshmhashtbl; pcpp--) {
353 while ( (pcp = pcpp->lh_first) )
354 pshm_cache_delete(pcp);
355 }
356 }
357 #endif /* NOT_USED */
358
359 static void
360 pshm_cache_delete(struct pshmcache *pcp)
361 {
362 #if DIAGNOSTIC
363 if (pcp->pshm_hash.le_prev == 0)
364 panic("namecache purge le_prev");
365 if (pcp->pshm_hash.le_next == pcp)
366 panic("namecache purge le_next");
367 #endif /* DIAGNOSTIC */
368 LIST_REMOVE(pcp, pshm_hash);
369 pcp->pshm_hash.le_prev = 0;
370 pshmnument--;
371 }
372
373
374 int
375 shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval)
376 {
377 size_t i;
378 int indx, error;
379 struct pshmname nd;
380 struct pshminfo *pinfo;
381 struct fileproc *fp = NULL;
382 char *pnbuf = NULL;
383 struct pshminfo *new_pinfo = PSHMINFO_NULL;
384 struct pshmnode *new_pnode = PSHMNODE_NULL;
385 struct pshmcache *pcache = PSHMCACHE_NULL; /* ignored on return */
386 char * nameptr;
387 char * cp;
388 size_t pathlen, plen;
389 int fmode ;
390 int cmode = uap->mode;
391 int incache = 0;
392 struct pshmcache *pcp = NULL;
393
394 AUDIT_ARG(fflags, uap->oflag);
395 AUDIT_ARG(mode, uap->mode);
396
397 pinfo = PSHMINFO_NULL;
398
399 /*
400 * Preallocate everything we might need up front to avoid taking
401 * and dropping the lock, opening us up to race conditions.
402 */
403 MALLOC_ZONE(pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
404 if (pnbuf == NULL) {
405 error = ENOSPC;
406 goto bad;
407 }
408
409 pathlen = MAXPATHLEN;
410 error = copyinstr(uap->name, (void *)pnbuf, MAXPATHLEN, &pathlen);
411 if (error) {
412 goto bad;
413 }
414 AUDIT_ARG(text, pnbuf);
415 if (pathlen > PSHMNAMLEN) {
416 error = ENAMETOOLONG;
417 goto bad;
418 }
419 #ifdef PSXSHM_NAME_RESTRICT
420 nameptr = pnbuf;
421 if (*nameptr == '/') {
422 while (*(nameptr++) == '/') {
423 plen--;
424 error = EINVAL;
425 goto bad;
426 }
427 } else {
428 error = EINVAL;
429 goto bad;
430 }
431 #endif /* PSXSHM_NAME_RESTRICT */
432
433 plen = pathlen;
434 nameptr = pnbuf;
435 nd.pshm_nameptr = nameptr;
436 nd.pshm_namelen = plen;
437 nd. pshm_hash =0;
438
439 for (cp = nameptr, i=1; *cp != 0 && i <= plen; i++, cp++) {
440 nd.pshm_hash += (unsigned char)*cp * i;
441 }
442
443 /*
444 * attempt to allocate a new fp; if unsuccessful, the fp will be
445 * left unmodified (NULL).
446 */
447 error = falloc(p, &fp, &indx, vfs_context_current());
448 if (error)
449 goto bad;
450
451 cmode &= ALLPERMS;
452
453 fmode = FFLAGS(uap->oflag);
454 if ((fmode & (FREAD | FWRITE)) == 0) {
455 error = EINVAL;
456 goto bad;
457 }
458
459 /*
460 * We allocate a new entry if we are less than the maximum
461 * allowed and the one at the front of the LRU list is in use.
462 * Otherwise we use the one at the front of the LRU list.
463 */
464 MALLOC(pcp, struct pshmcache *, sizeof(struct pshmcache), M_SHM, M_WAITOK|M_ZERO);
465 if (pcp == NULL) {
466 error = ENOSPC;
467 goto bad;
468 }
469
470 MALLOC(new_pinfo, struct pshminfo *, sizeof(struct pshminfo), M_SHM, M_WAITOK|M_ZERO);
471 if (new_pinfo == PSHMINFO_NULL) {
472 error = ENOSPC;
473 goto bad;
474 }
475 #if CONFIG_MACF
476 mac_posixshm_label_init(new_pinfo);
477 #endif
478
479 MALLOC(new_pnode, struct pshmnode *, sizeof(struct pshmnode), M_SHM, M_WAITOK|M_ZERO);
480 if (new_pnode == PSHMNODE_NULL) {
481 error = ENOSPC;
482 goto bad;
483 }
484
485 PSHM_SUBSYS_LOCK();
486
487 /*
488 * If we find the entry in the cache, this will take a reference,
489 * allowing us to unlock it for the permissions check.
490 */
491 error = pshm_cache_search(&pinfo, &nd, &pcache, 1);
492
493 PSHM_SUBSYS_UNLOCK();
494
495 if (error == ENOENT) {
496 error = EINVAL;
497 goto bad;
498 }
499
500 if (!error) {
501 incache = 0;
502 if (fmode & O_CREAT) {
503 /* create a new one (commit the allocation) */
504 pinfo = new_pinfo;
505 pinfo->pshm_flags = PSHM_DEFINED | PSHM_INCREATE;
506 pinfo->pshm_usecount = 1; /* existence reference */
507 pinfo->pshm_mode = cmode;
508 pinfo->pshm_uid = kauth_getuid();
509 pinfo->pshm_gid = kauth_getgid();
510 bcopy(pnbuf, &pinfo->pshm_name[0], pathlen);
511 pinfo->pshm_name[pathlen]=0;
512 #if CONFIG_MACF
513 error = mac_posixshm_check_create(kauth_cred_get(), nameptr);
514 if (error) {
515 goto bad;
516 }
517 mac_posixshm_label_associate(kauth_cred_get(), pinfo, nameptr);
518 #endif
519 }
520 } else {
521 incache = 1;
522 if (fmode & O_CREAT) {
523 /* already exists */
524 if ((fmode & O_EXCL)) {
525 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid,
526 pinfo->pshm_gid,
527 pinfo->pshm_mode);
528
529 /* shm obj exists and opened O_EXCL */
530 error = EEXIST;
531 goto bad;
532 }
533
534 if( pinfo->pshm_flags & PSHM_INDELETE) {
535 error = ENOENT;
536 goto bad;
537 }
538 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid,
539 pinfo->pshm_gid, pinfo->pshm_mode);
540 #if CONFIG_MACF
541 if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) {
542 goto bad;
543 }
544 #endif
545 if ( (error = pshm_access(pinfo, fmode, kauth_cred_get(), p)) ) {
546 goto bad;
547 }
548 }
549 }
550 if (!(fmode & O_CREAT)) {
551 if (!incache) {
552 /* O_CREAT is not set and the object does not exist */
553 error = ENOENT;
554 goto bad;
555 }
556 if( pinfo->pshm_flags & PSHM_INDELETE) {
557 error = ENOENT;
558 goto bad;
559 }
560 #if CONFIG_MACF
561 if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) {
562 goto bad;
563 }
564 #endif
565
566 if ((error = pshm_access(pinfo, fmode, kauth_cred_get(), p))) {
567 goto bad;
568 }
569 }
570 if (fmode & O_TRUNC) {
571 error = EINVAL;
572 goto bad;
573 }
574
575
576 PSHM_SUBSYS_LOCK();
577
578 #if DIAGNOSTIC
579 if (fmode & FWRITE)
580 pinfo->pshm_writecount++;
581 if (fmode & FREAD)
582 pinfo->pshm_readcount++;
583 #endif
584 if (!incache) {
585 /* if successful, this will consume the pcp */
586 if ( (error = pshm_cache_add(pinfo, &nd, pcp)) ) {
587 goto bad_locked;
588 }
589 /*
590 * add reference for the new entry; otherwise, we obtained
591 * one from the cache hit earlier.
592 */
593 pinfo->pshm_usecount++;
594 }
595 pinfo->pshm_flags &= ~PSHM_INCREATE;
596 new_pnode->pinfo = pinfo;
597
598 PSHM_SUBSYS_UNLOCK();
599
600 /*
601 * if incache, we did not use the new pcp or new_pinfo and must
602 * free them
603 */
604 if (incache) {
605 FREE(pcp, M_SHM);
606
607 if (new_pinfo != PSHMINFO_NULL) {
608 #if CONFIG_MACF
609 mac_posixshm_label_destroy(new_pinfo);
610 #endif
611 FREE(new_pinfo, M_SHM);
612 }
613 }
614
615 proc_fdlock(p);
616 fp->f_flag = fmode & FMASK;
617 fp->f_ops = &pshmops;
618 fp->f_data = (caddr_t)new_pnode;
619 *fdflags(p, indx) |= UF_EXCLOSE;
620 procfdtbl_releasefd(p, indx, NULL);
621 fp_drop(p, indx, fp, 1);
622 proc_fdunlock(p);
623
624 *retval = indx;
625 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI);
626 return (0);
627
628 bad_locked:
629 PSHM_SUBSYS_UNLOCK();
630 bad:
631 /*
632 * If we obtained the entry from the cache, we need to drop the
633 * reference; holding the reference may have prevented unlinking,
634 * so we need to call pshm_close() to get the full effect.
635 */
636 if (incache) {
637 PSHM_SUBSYS_LOCK();
638 pshm_close(pinfo, 1);
639 PSHM_SUBSYS_UNLOCK();
640 }
641
642 if (pcp != NULL)
643 FREE(pcp, M_SHM);
644
645 if (new_pnode != PSHMNODE_NULL)
646 FREE(new_pnode, M_SHM);
647
648 if (fp != NULL)
649 fp_free(p, indx, fp);
650
651 if (new_pinfo != PSHMINFO_NULL) {
652 #if CONFIG_MACF
653 mac_posixshm_label_destroy(new_pinfo);
654 #endif
655 FREE(new_pinfo, M_SHM);
656 }
657 if (pnbuf != NULL)
658 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI);
659 return (error);
660 }
661
662
663 int
664 pshm_truncate(__unused proc_t p, struct fileproc *fp, __unused int fd,
665 off_t length, __unused int32_t *retval)
666 {
667 struct pshminfo * pinfo;
668 struct pshmnode * pnode ;
669 kern_return_t kret;
670 mem_entry_name_port_t mem_object;
671 mach_vm_size_t total_size, alloc_size;
672 memory_object_size_t mosize;
673 struct pshmobj *pshmobj, *pshmobj_next, **pshmobj_next_p;
674 vm_map_t user_map;
675 #if CONFIG_MACF
676 int error;
677 #endif
678
679 user_map = current_map();
680
681 if (fp->f_type != DTYPE_PSXSHM) {
682 return(EINVAL);
683 }
684
685
686 if (((pnode = (struct pshmnode *)fp->f_data)) == PSHMNODE_NULL )
687 return(EINVAL);
688
689 PSHM_SUBSYS_LOCK();
690 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL) {
691 PSHM_SUBSYS_UNLOCK();
692 return(EINVAL);
693 }
694 if ((pinfo->pshm_flags & (PSHM_DEFINED|PSHM_ALLOCATING|PSHM_ALLOCATED))
695 != PSHM_DEFINED) {
696 PSHM_SUBSYS_UNLOCK();
697 return(EINVAL);
698 }
699 #if CONFIG_MACF
700 error = mac_posixshm_check_truncate(kauth_cred_get(), pinfo, length);
701 if (error) {
702 PSHM_SUBSYS_UNLOCK();
703 return(error);
704 }
705 #endif
706
707 pinfo->pshm_flags |= PSHM_ALLOCATING;
708 total_size = vm_map_round_page(length,
709 vm_map_page_mask(user_map));
710 pshmobj_next_p = &pinfo->pshm_memobjects;
711
712 for (alloc_size = 0;
713 alloc_size < total_size;
714 alloc_size += mosize) {
715
716 PSHM_SUBSYS_UNLOCK();
717
718 mosize = MIN(total_size - alloc_size, ANON_MAX_SIZE);
719 kret = mach_make_memory_entry_64(
720 VM_MAP_NULL,
721 &mosize,
722 0,
723 MAP_MEM_NAMED_CREATE | VM_PROT_DEFAULT,
724 &mem_object,
725 0);
726
727 if (kret != KERN_SUCCESS)
728 goto out;
729
730 MALLOC(pshmobj, struct pshmobj *, sizeof (struct pshmobj),
731 M_SHM, M_WAITOK);
732 if (pshmobj == NULL) {
733 kret = KERN_NO_SPACE;
734 mach_memory_entry_port_release(mem_object);
735 mem_object = NULL;
736 goto out;
737 }
738
739 PSHM_SUBSYS_LOCK();
740
741 pshmobj->pshmo_memobject = (void *) mem_object;
742 pshmobj->pshmo_size = mosize;
743 pshmobj->pshmo_next = NULL;
744
745 *pshmobj_next_p = pshmobj;
746 pshmobj_next_p = &pshmobj->pshmo_next;
747 }
748
749 pinfo->pshm_flags = PSHM_ALLOCATED;
750 pinfo->pshm_length = total_size;
751 PSHM_SUBSYS_UNLOCK();
752 return(0);
753
754 out:
755 PSHM_SUBSYS_LOCK();
756 for (pshmobj = pinfo->pshm_memobjects;
757 pshmobj != NULL;
758 pshmobj = pshmobj_next) {
759 pshmobj_next = pshmobj->pshmo_next;
760 mach_memory_entry_port_release(pshmobj->pshmo_memobject);
761 FREE(pshmobj, M_SHM);
762 }
763 pinfo->pshm_memobjects = NULL;
764 pinfo->pshm_flags &= ~PSHM_ALLOCATING;
765 PSHM_SUBSYS_UNLOCK();
766
767 switch (kret) {
768 case KERN_INVALID_ADDRESS:
769 case KERN_NO_SPACE:
770 return (ENOMEM);
771 case KERN_PROTECTION_FAILURE:
772 return (EACCES);
773 default:
774 return (EINVAL);
775
776 }
777 }
778
779 int
780 pshm_stat(struct pshmnode *pnode, void *ub, int isstat64)
781 {
782 struct stat *sb = (struct stat *)0; /* warning avoidance ; protected by isstat64 */
783 struct stat64 * sb64 = (struct stat64 *)0; /* warning avoidance ; protected by isstat64 */
784 struct pshminfo *pinfo;
785 #if CONFIG_MACF
786 int error;
787 #endif
788
789 PSHM_SUBSYS_LOCK();
790 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL){
791 PSHM_SUBSYS_UNLOCK();
792 return(EINVAL);
793 }
794
795 #if CONFIG_MACF
796 error = mac_posixshm_check_stat(kauth_cred_get(), pinfo);
797 if (error) {
798 PSHM_SUBSYS_UNLOCK();
799 return(error);
800 }
801 #endif
802
803 if (isstat64 != 0) {
804 sb64 = (struct stat64 *)ub;
805 bzero(sb64, sizeof(struct stat64));
806 sb64->st_mode = pinfo->pshm_mode;
807 sb64->st_uid = pinfo->pshm_uid;
808 sb64->st_gid = pinfo->pshm_gid;
809 sb64->st_size = pinfo->pshm_length;
810 } else {
811 sb = (struct stat *)ub;
812 bzero(sb, sizeof(struct stat));
813 sb->st_mode = pinfo->pshm_mode;
814 sb->st_uid = pinfo->pshm_uid;
815 sb->st_gid = pinfo->pshm_gid;
816 sb->st_size = pinfo->pshm_length;
817 }
818 PSHM_SUBSYS_UNLOCK();
819
820 return(0);
821 }
822
823 /*
824 * This is called only from shm_open which holds pshm_lock();
825 * XXX This code is repeated many times
826 */
827 int
828 pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, __unused proc_t p)
829 {
830 int mode_req = ((mode & FREAD) ? S_IRUSR : 0) |
831 ((mode & FWRITE) ? S_IWUSR : 0);
832
833 /* Otherwise, user id 0 always gets access. */
834 if (!suser(cred, NULL))
835 return (0);
836
837 return(posix_cred_access(cred, pinfo->pshm_uid, pinfo->pshm_gid, pinfo->pshm_mode, mode_req));
838 }
839
840 int
841 pshm_mmap(__unused proc_t p, struct mmap_args *uap, user_addr_t *retval, struct fileproc *fp, off_t pageoff)
842 {
843 vm_map_offset_t user_addr = (vm_map_offset_t)uap->addr;
844 vm_map_size_t user_size = (vm_map_size_t)uap->len ;
845 vm_map_offset_t user_start_addr;
846 vm_map_size_t map_size, mapped_size;
847 int prot = uap->prot;
848 int flags = uap->flags;
849 vm_object_offset_t file_pos = (vm_object_offset_t)uap->pos;
850 vm_object_offset_t map_pos;
851 vm_map_t user_map;
852 int alloc_flags;
853 boolean_t docow;
854 kern_return_t kret;
855 struct pshminfo * pinfo;
856 struct pshmnode * pnode;
857 struct pshmobj * pshmobj;
858 #if CONFIG_MACF
859 int error;
860 #endif
861
862 if (user_size == 0)
863 return(0);
864
865 if ((flags & MAP_SHARED) == 0)
866 return(EINVAL);
867
868
869 if ((prot & PROT_WRITE) && ((fp->f_flag & FWRITE) == 0)) {
870 return(EPERM);
871 }
872
873 if (((pnode = (struct pshmnode *)fp->f_data)) == PSHMNODE_NULL )
874 return(EINVAL);
875
876 PSHM_SUBSYS_LOCK();
877 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL) {
878 PSHM_SUBSYS_UNLOCK();
879 return(EINVAL);
880 }
881
882 if ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED) {
883 PSHM_SUBSYS_UNLOCK();
884 return(EINVAL);
885 }
886 if ((off_t)user_size > pinfo->pshm_length) {
887 PSHM_SUBSYS_UNLOCK();
888 return(EINVAL);
889 }
890 if ((off_t)(user_size + file_pos) > pinfo->pshm_length) {
891 PSHM_SUBSYS_UNLOCK();
892 return(EINVAL);
893 }
894 if ((pshmobj = pinfo->pshm_memobjects) == NULL) {
895 PSHM_SUBSYS_UNLOCK();
896 return(EINVAL);
897 }
898
899 #if CONFIG_MACF
900 error = mac_posixshm_check_mmap(kauth_cred_get(), pinfo, prot, flags);
901 if (error) {
902 PSHM_SUBSYS_UNLOCK();
903 return(error);
904 }
905 #endif
906
907 PSHM_SUBSYS_UNLOCK();
908 user_map = current_map();
909
910 if ((flags & MAP_FIXED) == 0) {
911 alloc_flags = VM_FLAGS_ANYWHERE;
912 user_addr = vm_map_round_page(user_addr,
913 vm_map_page_mask(user_map));
914 } else {
915 if (user_addr != vm_map_round_page(user_addr,
916 vm_map_page_mask(user_map)))
917 return (EINVAL);
918 /*
919 * We do not get rid of the existing mappings here because
920 * it wouldn't be atomic (see comment in mmap()). We let
921 * Mach VM know that we want it to replace any existing
922 * mapping with the new one.
923 */
924 alloc_flags = VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE;
925 }
926 docow = FALSE;
927
928 mapped_size = 0;
929
930 /* reserver the entire space first... */
931 kret = vm_map_enter_mem_object(user_map,
932 &user_addr,
933 user_size,
934 0,
935 alloc_flags,
936 IPC_PORT_NULL,
937 0,
938 FALSE,
939 VM_PROT_NONE,
940 VM_PROT_NONE,
941 VM_INHERIT_NONE);
942 user_start_addr = user_addr;
943 if (kret != KERN_SUCCESS) {
944 goto out;
945 }
946
947 /* ... and overwrite with the real mappings */
948 for (map_pos = 0, pshmobj = pinfo->pshm_memobjects;
949 user_size != 0;
950 map_pos += pshmobj->pshmo_size, pshmobj = pshmobj->pshmo_next) {
951 if (pshmobj == NULL) {
952 /* nothing there to map !? */
953 goto out;
954 }
955 if (file_pos >= map_pos + pshmobj->pshmo_size) {
956 continue;
957 }
958 map_size = pshmobj->pshmo_size - (file_pos - map_pos);
959 if (map_size > user_size) {
960 map_size = user_size;
961 }
962 kret = vm_map_enter_mem_object(
963 user_map,
964 &user_addr,
965 map_size,
966 0,
967 VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE,
968 pshmobj->pshmo_memobject,
969 file_pos - map_pos,
970 docow,
971 prot,
972 VM_PROT_DEFAULT,
973 VM_INHERIT_SHARE);
974 if (kret != KERN_SUCCESS)
975 goto out;
976
977 user_addr += map_size;
978 user_size -= map_size;
979 mapped_size += map_size;
980 file_pos += map_size;
981 }
982
983 PSHM_SUBSYS_LOCK();
984 pnode->mapp_addr = user_start_addr;
985 pnode->map_size = mapped_size;
986 pinfo->pshm_flags |= (PSHM_MAPPED | PSHM_INUSE);
987 PSHM_SUBSYS_UNLOCK();
988 out:
989 if (kret != KERN_SUCCESS) {
990 if (mapped_size != 0) {
991 (void) mach_vm_deallocate(current_map(),
992 user_start_addr,
993 mapped_size);
994 }
995 }
996
997 switch (kret) {
998 case KERN_SUCCESS:
999 *retval = (user_start_addr + pageoff);
1000 return (0);
1001 case KERN_INVALID_ADDRESS:
1002 case KERN_NO_SPACE:
1003 return (ENOMEM);
1004 case KERN_PROTECTION_FAILURE:
1005 return (EACCES);
1006 default:
1007 return (EINVAL);
1008 }
1009
1010 }
1011
1012 int
1013 shm_unlink(__unused proc_t p, struct shm_unlink_args *uap,
1014 __unused int32_t *retval)
1015 {
1016 size_t i;
1017 int error=0;
1018 struct pshmname nd;
1019 struct pshminfo *pinfo;
1020 char * pnbuf;
1021 char * nameptr;
1022 char * cp;
1023 size_t pathlen, plen;
1024 int incache = 0;
1025 struct pshmcache *pcache = PSHMCACHE_NULL;
1026 struct pshmobj *pshmobj, *pshmobj_next;
1027
1028 pinfo = PSHMINFO_NULL;
1029
1030 MALLOC_ZONE(pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
1031 if (pnbuf == NULL) {
1032 return(ENOSPC); /* XXX non-standard */
1033 }
1034 pathlen = MAXPATHLEN;
1035 error = copyinstr(uap->name, (void *)pnbuf, MAXPATHLEN, &pathlen);
1036 if (error) {
1037 goto bad;
1038 }
1039 AUDIT_ARG(text, pnbuf);
1040 if (pathlen > PSHMNAMLEN) {
1041 error = ENAMETOOLONG;
1042 goto bad;
1043 }
1044
1045
1046 #ifdef PSXSHM_NAME_RESTRICT
1047 nameptr = pnbuf;
1048 if (*nameptr == '/') {
1049 while (*(nameptr++) == '/') {
1050 plen--;
1051 error = EINVAL;
1052 goto bad;
1053 }
1054 } else {
1055 error = EINVAL;
1056 goto bad;
1057 }
1058 #endif /* PSXSHM_NAME_RESTRICT */
1059
1060 plen = pathlen;
1061 nameptr = pnbuf;
1062 nd.pshm_nameptr = nameptr;
1063 nd.pshm_namelen = plen;
1064 nd. pshm_hash =0;
1065
1066 for (cp = nameptr, i=1; *cp != 0 && i <= plen; i++, cp++) {
1067 nd.pshm_hash += (unsigned char)*cp * i;
1068 }
1069
1070 PSHM_SUBSYS_LOCK();
1071 error = pshm_cache_search(&pinfo, &nd, &pcache, 0);
1072
1073 if (error == ENOENT) {
1074 PSHM_SUBSYS_UNLOCK();
1075 goto bad;
1076
1077 }
1078 /* During unlink lookup failure also implies ENOENT */
1079 if (!error) {
1080 PSHM_SUBSYS_UNLOCK();
1081 error = ENOENT;
1082 goto bad;
1083 } else
1084 incache = 1;
1085
1086 if ((pinfo->pshm_flags & (PSHM_DEFINED | PSHM_ALLOCATED))==0) {
1087 PSHM_SUBSYS_UNLOCK();
1088 error = EINVAL;
1089 goto bad;
1090 }
1091
1092 if (pinfo->pshm_flags & PSHM_ALLOCATING) {
1093 /* XXX should we wait for flag to clear and then proceed ? */
1094 PSHM_SUBSYS_UNLOCK();
1095 error = EAGAIN;
1096 goto bad;
1097 }
1098
1099 if (pinfo->pshm_flags & PSHM_INDELETE) {
1100 PSHM_SUBSYS_UNLOCK();
1101 error = 0;
1102 goto bad;
1103 }
1104 #if CONFIG_MACF
1105 error = mac_posixshm_check_unlink(kauth_cred_get(), pinfo, nameptr);
1106 if (error) {
1107 PSHM_SUBSYS_UNLOCK();
1108 goto bad;
1109 }
1110 #endif
1111
1112 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, pinfo->pshm_gid,
1113 pinfo->pshm_mode);
1114
1115 /*
1116 * following file semantics, unlink should be allowed
1117 * for users with write permission only.
1118 */
1119 if ( (error = pshm_access(pinfo, FWRITE, kauth_cred_get(), p)) ) {
1120 PSHM_SUBSYS_UNLOCK();
1121 goto bad;
1122 }
1123
1124 pinfo->pshm_flags |= PSHM_INDELETE;
1125 pshm_cache_delete(pcache);
1126 pinfo->pshm_flags |= PSHM_REMOVED;
1127 /* release the existence reference */
1128 if (!--pinfo->pshm_usecount) {
1129 #if CONFIG_MACF
1130 mac_posixshm_label_destroy(pinfo);
1131 #endif
1132 PSHM_SUBSYS_UNLOCK();
1133 /*
1134 * If this is the last reference going away on the object,
1135 * then we need to destroy the backing object. The name
1136 * has an implied but uncounted reference on the object,
1137 * once it's created, since it's used as a rendezvous, and
1138 * therefore may be subsequently reopened.
1139 */
1140 for (pshmobj = pinfo->pshm_memobjects;
1141 pshmobj != NULL;
1142 pshmobj = pshmobj_next) {
1143 mach_memory_entry_port_release(pshmobj->pshmo_memobject);
1144 pshmobj_next = pshmobj->pshmo_next;
1145 FREE(pshmobj, M_SHM);
1146 }
1147 FREE(pinfo,M_SHM);
1148 } else {
1149 PSHM_SUBSYS_UNLOCK();
1150 }
1151 FREE(pcache, M_SHM);
1152 error = 0;
1153 bad:
1154 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI);
1155 return (error);
1156 }
1157
1158 /* already called locked */
1159 static int
1160 pshm_close(struct pshminfo *pinfo, int dropref)
1161 {
1162 int error = 0;
1163 struct pshmobj *pshmobj, *pshmobj_next;
1164
1165 /*
1166 * If we are dropping the reference we took on the cache object, don't
1167 * enforce the allocation requirement.
1168 */
1169 if ( !dropref && ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED)) {
1170 return(EINVAL);
1171 }
1172 #if DIAGNOSTIC
1173 if(!pinfo->pshm_usecount) {
1174 kprintf("negative usecount in pshm_close\n");
1175 }
1176 #endif /* DIAGNOSTIC */
1177 pinfo->pshm_usecount--; /* release this fd's reference */
1178
1179 if ((pinfo->pshm_flags & PSHM_REMOVED) && !pinfo->pshm_usecount) {
1180 #if CONFIG_MACF
1181 mac_posixshm_label_destroy(pinfo);
1182 #endif
1183 PSHM_SUBSYS_UNLOCK();
1184 /*
1185 * If this is the last reference going away on the object,
1186 * then we need to destroy the backing object.
1187 */
1188 for (pshmobj = pinfo->pshm_memobjects;
1189 pshmobj != NULL;
1190 pshmobj = pshmobj_next) {
1191 mach_memory_entry_port_release(pshmobj->pshmo_memobject);
1192 pshmobj_next = pshmobj->pshmo_next;
1193 FREE(pshmobj, M_SHM);
1194 }
1195 PSHM_SUBSYS_LOCK();
1196 FREE(pinfo,M_SHM);
1197 }
1198 return (error);
1199 }
1200
1201 /* vfs_context_t passed to match prototype for struct fileops */
1202 static int
1203 pshm_closefile(struct fileglob *fg, __unused vfs_context_t ctx)
1204 {
1205 int error = EINVAL;
1206 struct pshmnode *pnode;
1207
1208 PSHM_SUBSYS_LOCK();
1209
1210 if ((pnode = (struct pshmnode *)fg->fg_data) != NULL) {
1211 if (pnode->pinfo != PSHMINFO_NULL) {
1212 error = pshm_close(pnode->pinfo, 0);
1213 }
1214 FREE(pnode, M_SHM);
1215 }
1216
1217 PSHM_SUBSYS_UNLOCK();
1218
1219 return(error);
1220 }
1221
1222 static int
1223 pshm_read(__unused struct fileproc *fp, __unused struct uio *uio,
1224 __unused int flags, __unused vfs_context_t ctx)
1225 {
1226 return(ENOTSUP);
1227 }
1228
1229 static int
1230 pshm_write(__unused struct fileproc *fp, __unused struct uio *uio,
1231 __unused int flags, __unused vfs_context_t ctx)
1232 {
1233 return(ENOTSUP);
1234 }
1235
1236 static int
1237 pshm_ioctl(__unused struct fileproc *fp, __unused u_long com,
1238 __unused caddr_t data, __unused vfs_context_t ctx)
1239 {
1240 return(ENOTSUP);
1241 }
1242
1243 static int
1244 pshm_select(__unused struct fileproc *fp, __unused int which, __unused void *wql,
1245 __unused vfs_context_t ctx)
1246 {
1247 return(ENOTSUP);
1248 }
1249
1250 static int
1251 pshm_kqfilter(__unused struct fileproc *fp, __unused struct knote *kn,
1252 __unused vfs_context_t ctx)
1253 {
1254 return(ENOTSUP);
1255 }
1256
1257 int
1258 fill_pshminfo(struct pshmnode * pshm, struct pshm_info * info)
1259 {
1260 struct pshminfo *pinfo;
1261 struct vinfo_stat *sb;
1262
1263 PSHM_SUBSYS_LOCK();
1264 if ((pinfo = pshm->pinfo) == PSHMINFO_NULL){
1265 PSHM_SUBSYS_UNLOCK();
1266 return(EINVAL);
1267 }
1268
1269 sb = &info->pshm_stat;
1270
1271 bzero(sb, sizeof(struct vinfo_stat));
1272 sb->vst_mode = pinfo->pshm_mode;
1273 sb->vst_uid = pinfo->pshm_uid;
1274 sb->vst_gid = pinfo->pshm_gid;
1275 sb->vst_size = pinfo->pshm_length;
1276
1277 info->pshm_mappaddr = pshm->mapp_addr;
1278 bcopy(&pinfo->pshm_name[0], &info->pshm_name[0], PSHMNAMLEN+1);
1279
1280 PSHM_SUBSYS_UNLOCK();
1281 return(0);
1282 }
1283
1284 #if CONFIG_MACF
1285 void
1286 pshm_label_associate(struct fileproc *fp, struct vnode *vp, vfs_context_t ctx)
1287 {
1288 struct pshmnode *pnode;
1289 struct pshminfo *pshm;
1290
1291 PSHM_SUBSYS_LOCK();
1292 pnode = (struct pshmnode *)fp->f_fglob->fg_data;
1293 if (pnode != NULL) {
1294 pshm = pnode->pinfo;
1295 if (pshm != NULL)
1296 mac_posixshm_vnode_label_associate(
1297 vfs_context_ucred(ctx), pshm, pshm->pshm_label,
1298 vp, vp->v_label);
1299 }
1300 PSHM_SUBSYS_UNLOCK();
1301 }
1302 #endif