]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/sysv_shm.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-792.10.96.tar.gz
[apple/xnu.git] / bsd / kern / sysv_shm.c
1 /*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
11 *
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
18 * under the License.
19 *
20 * @APPLE_LICENSE_HEADER_END@
21 */
22 /* $NetBSD: sysv_shm.c,v 1.23 1994/07/04 23:25:12 glass Exp $ */
23
24 /*
25 * Copyright (c) 1994 Adam Glass and Charles Hannum. All rights reserved.
26 *
27 * Redistribution and use in source and binary forms, with or without
28 * modification, are permitted provided that the following conditions
29 * are met:
30 * 1. Redistributions of source code must retain the above copyright
31 * notice, this list of conditions and the following disclaimer.
32 * 2. Redistributions in binary form must reproduce the above copyright
33 * notice, this list of conditions and the following disclaimer in the
34 * documentation and/or other materials provided with the distribution.
35 * 3. All advertising materials mentioning features or use of this software
36 * must display the following acknowledgement:
37 * This product includes software developed by Adam Glass and Charles
38 * Hannum.
39 * 4. The names of the authors may not be used to endorse or promote products
40 * derived from this software without specific prior written permission.
41 *
42 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
43 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
44 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
45 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
46 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
48 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
49 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
50 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
51 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
52 */
53
54
55 #include <sys/appleapiopts.h>
56 #include <sys/param.h>
57 #include <sys/systm.h>
58 #include <sys/kernel.h>
59 #include <sys/shm_internal.h>
60 #include <sys/proc_internal.h>
61 #include <sys/kauth.h>
62 #include <sys/malloc.h>
63 #include <sys/mman.h>
64 #include <sys/stat.h>
65 #include <sys/sysctl.h>
66 #include <sys/ipcs.h>
67 #include <sys/sysent.h>
68 #include <sys/sysproto.h>
69
70 #include <bsm/audit_kernel.h>
71
72 #include <mach/mach_types.h>
73 #include <mach/vm_inherit.h>
74 #include <mach/vm_map.h>
75
76 #include <mach/mach_vm.h>
77
78 #include <vm/vm_map.h>
79 #include <vm/vm_shared_memory_server.h>
80 #include <vm/vm_protos.h>
81
82 #include <kern/locks.h>
83
84 static void shminit(void *);
85 #if 0
86 SYSINIT(sysv_shm, SI_SUB_SYSV_SHM, SI_ORDER_FIRST, shminit, NULL)
87 #endif 0
88
89 static lck_grp_t *sysv_shm_subsys_lck_grp;
90 static lck_grp_attr_t *sysv_shm_subsys_lck_grp_attr;
91 static lck_attr_t *sysv_shm_subsys_lck_attr;
92 static lck_mtx_t sysv_shm_subsys_mutex;
93
94 #define SYSV_SHM_SUBSYS_LOCK() lck_mtx_lock(&sysv_shm_subsys_mutex)
95 #define SYSV_SHM_SUBSYS_UNLOCK() lck_mtx_unlock(&sysv_shm_subsys_mutex)
96
97 static int oshmctl(void *p, void *uap, void *retval);
98 static int shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, int * retval);
99 static int shmget_existing(struct shmget_args *uap, int mode, int segnum, int * retval);
100 static void shmid_ds_64to32(struct user_shmid_ds *in, struct shmid_ds *out);
101 static void shmid_ds_32to64(struct shmid_ds *in, struct user_shmid_ds *out);
102
103 /* XXX casting to (sy_call_t *) is bogus, as usual. */
104 static sy_call_t *shmcalls[] = {
105 (sy_call_t *)shmat, (sy_call_t *)oshmctl,
106 (sy_call_t *)shmdt, (sy_call_t *)shmget,
107 (sy_call_t *)shmctl
108 };
109
110 #define SHMSEG_FREE 0x0200
111 #define SHMSEG_REMOVED 0x0400
112 #define SHMSEG_ALLOCATED 0x0800
113 #define SHMSEG_WANTED 0x1000
114
115 static int shm_last_free, shm_nused, shm_committed;
116 struct user_shmid_ds *shmsegs; /* 64 bit version */
117 static int shm_inited = 0;
118
119 struct shm_handle {
120 void * shm_object; /* vm_offset_t kva; */
121 };
122
123 struct shmmap_state {
124 mach_vm_address_t va; /* user address */
125 int shmid; /* segment id */
126 };
127
128 static void shm_deallocate_segment(struct user_shmid_ds *);
129 static int shm_find_segment_by_key(key_t);
130 static struct user_shmid_ds *shm_find_segment_by_shmid(int);
131 static int shm_delete_mapping(struct proc *, struct shmmap_state *, int);
132
133 #ifdef __APPLE_API_PRIVATE
134 struct shminfo shminfo = {
135 -1, /* SHMMAX 4096 *1024 */
136 -1, /* SHMMIN = 1 */
137 -1, /* SHMMNI = 1 */
138 -1, /* SHMSEG = 8 */
139 -1 /* SHMALL = 1024 */
140 };
141 #endif /* __APPLE_API_PRIVATE */
142
143 void sysv_shm_lock_init(void);
144
145 static __inline__ time_t
146 sysv_shmtime(void)
147 {
148 struct timeval tv;
149 microtime(&tv);
150 return (tv.tv_sec);
151 }
152
153 /*
154 * This conversion is safe, since if we are converting for a 32 bit process,
155 * then it's value of (struct shmid_ds)->shm_segsz will never exceed 4G.
156 *
157 * NOTE: Source and target may *NOT* overlap! (target is smaller)
158 */
159 static void
160 shmid_ds_64to32(struct user_shmid_ds *in, struct shmid_ds *out)
161 {
162 out->shm_perm = in->shm_perm;
163 out->shm_segsz = (size_t)in->shm_segsz;
164 out->shm_lpid = in->shm_lpid;
165 out->shm_cpid = in->shm_cpid;
166 out->shm_nattch = in->shm_nattch;
167 out->shm_atime = in->shm_atime;
168 out->shm_dtime = in->shm_dtime;
169 out->shm_ctime = in->shm_ctime;
170 out->shm_internal = CAST_DOWN(void *,in->shm_internal);
171 }
172
173 /*
174 * NOTE: Source and target may are permitted to overlap! (source is smaller);
175 * this works because we copy fields in order from the end of the struct to
176 * the beginning.
177 */
178 static void
179 shmid_ds_32to64(struct shmid_ds *in, struct user_shmid_ds *out)
180 {
181 out->shm_internal = CAST_USER_ADDR_T(in->shm_internal);
182 out->shm_ctime = in->shm_ctime;
183 out->shm_dtime = in->shm_dtime;
184 out->shm_atime = in->shm_atime;
185 out->shm_nattch = in->shm_nattch;
186 out->shm_cpid = in->shm_cpid;
187 out->shm_lpid = in->shm_lpid;
188 out->shm_segsz = (user_size_t)in->shm_segsz;
189 out->shm_perm = in->shm_perm;
190 }
191
192
193 static int
194 shm_find_segment_by_key(key_t key)
195 {
196 int i;
197
198 for (i = 0; i < shminfo.shmmni; i++)
199 if ((shmsegs[i].shm_perm.mode & SHMSEG_ALLOCATED) &&
200 shmsegs[i].shm_perm.key == key)
201 return i;
202 return -1;
203 }
204
205 static struct user_shmid_ds *
206 shm_find_segment_by_shmid(int shmid)
207 {
208 int segnum;
209 struct user_shmid_ds *shmseg;
210
211 segnum = IPCID_TO_IX(shmid);
212 if (segnum < 0 || segnum >= shminfo.shmmni)
213 return NULL;
214 shmseg = &shmsegs[segnum];
215 if ((shmseg->shm_perm.mode & (SHMSEG_ALLOCATED | SHMSEG_REMOVED))
216 != SHMSEG_ALLOCATED ||
217 shmseg->shm_perm.seq != IPCID_TO_SEQ(shmid))
218 return NULL;
219 return shmseg;
220 }
221
222 static void
223 shm_deallocate_segment(struct user_shmid_ds *shmseg)
224 {
225 struct shm_handle *shm_handle;
226 mach_vm_size_t size;
227
228 shm_handle = CAST_DOWN(void *,shmseg->shm_internal); /* tunnel */
229 size = mach_vm_round_page(shmseg->shm_segsz);
230 mach_memory_entry_port_release(shm_handle->shm_object);
231 shm_handle->shm_object = NULL;
232 FREE((caddr_t)shm_handle, M_SHM);
233 shmseg->shm_internal = USER_ADDR_NULL; /* tunnel */
234 shm_committed -= btoc(size);
235 shm_nused--;
236 shmseg->shm_perm.mode = SHMSEG_FREE;
237 }
238
239 static int
240 shm_delete_mapping(__unused struct proc *p, struct shmmap_state *shmmap_s,
241 int deallocate)
242 {
243 struct user_shmid_ds *shmseg;
244 int segnum, result;
245 mach_vm_size_t size;
246
247 segnum = IPCID_TO_IX(shmmap_s->shmid);
248 shmseg = &shmsegs[segnum];
249 size = mach_vm_round_page(shmseg->shm_segsz); /* XXX done for us? */
250 if (deallocate) {
251 result = mach_vm_deallocate(current_map(), shmmap_s->va, size);
252 if (result != KERN_SUCCESS)
253 return EINVAL;
254 }
255 shmmap_s->shmid = -1;
256 shmseg->shm_dtime = sysv_shmtime();
257 if ((--shmseg->shm_nattch <= 0) &&
258 (shmseg->shm_perm.mode & SHMSEG_REMOVED)) {
259 shm_deallocate_segment(shmseg);
260 shm_last_free = segnum;
261 }
262 return 0;
263 }
264
265 int
266 shmdt(struct proc *p, struct shmdt_args *uap, register_t *retval)
267 {
268 struct shmmap_state *shmmap_s;
269 int i;
270 int shmdtret = 0;
271
272 // LP64todo - fix this
273 AUDIT_ARG(svipc_addr, CAST_DOWN(void *,uap->shmaddr));
274
275 SYSV_SHM_SUBSYS_LOCK();
276
277 if (!shm_inited) {
278 shmdtret = EINVAL;
279 goto shmdt_out;
280 }
281 shmmap_s = (struct shmmap_state *)p->vm_shm;
282 if (shmmap_s == NULL) {
283 shmdtret = EINVAL;
284 goto shmdt_out;
285 }
286
287 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
288 if (shmmap_s->shmid != -1 &&
289 shmmap_s->va == (mach_vm_offset_t)uap->shmaddr)
290 break;
291 if (i == shminfo.shmseg) {
292 shmdtret = EINVAL;
293 goto shmdt_out;
294 }
295 i = shm_delete_mapping(p, shmmap_s, 1);
296
297 if (i == 0)
298 *retval = 0;
299 shmdtret = i;
300 shmdt_out:
301 SYSV_SHM_SUBSYS_UNLOCK();
302 return shmdtret;
303 }
304
305 int
306 shmat(struct proc *p, struct shmat_args *uap, register_t *retval)
307 {
308 int error, i, flags;
309 struct user_shmid_ds *shmseg;
310 struct shmmap_state *shmmap_s = NULL;
311 struct shm_handle *shm_handle;
312 mach_vm_address_t attach_va; /* attach address in/out */
313 mach_vm_size_t map_size; /* size of map entry */
314 vm_prot_t prot;
315 size_t size;
316 kern_return_t rv;
317 int shmat_ret = 0;
318
319 AUDIT_ARG(svipc_id, uap->shmid);
320 // LP64todo - fix this
321 AUDIT_ARG(svipc_addr, CAST_DOWN(void *,uap->shmaddr));
322
323 SYSV_SHM_SUBSYS_LOCK();
324
325 if (!shm_inited) {
326 shmat_ret = EINVAL;
327 goto shmat_out;
328 }
329
330 shmmap_s = (struct shmmap_state *)p->vm_shm;
331
332 if (shmmap_s == NULL) {
333 size = shminfo.shmseg * sizeof(struct shmmap_state);
334 MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK);
335 if (shmmap_s == NULL) {
336 shmat_ret = ENOMEM;
337 goto shmat_out;
338 }
339 for (i = 0; i < shminfo.shmseg; i++)
340 shmmap_s[i].shmid = -1;
341 p->vm_shm = (caddr_t)shmmap_s;
342 }
343 shmseg = shm_find_segment_by_shmid(uap->shmid);
344 if (shmseg == NULL) {
345 shmat_ret = EINVAL;
346 goto shmat_out;
347 }
348
349 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
350 error = ipcperm(kauth_cred_get(), &shmseg->shm_perm,
351 (uap->shmflg & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W);
352 if (error) {
353 shmat_ret = error;
354 goto shmat_out;
355 }
356
357 for (i = 0; i < shminfo.shmseg; i++) {
358 if (shmmap_s->shmid == -1)
359 break;
360 shmmap_s++;
361 }
362 if (i >= shminfo.shmseg) {
363 shmat_ret = EMFILE;
364 goto shmat_out;
365 }
366
367 map_size = mach_vm_round_page(shmseg->shm_segsz);
368 prot = VM_PROT_READ;
369 if ((uap->shmflg & SHM_RDONLY) == 0)
370 prot |= VM_PROT_WRITE;
371 flags = MAP_ANON | MAP_SHARED;
372 if (uap->shmaddr)
373 flags |= MAP_FIXED;
374
375 attach_va = (mach_vm_address_t)uap->shmaddr;
376 if (uap->shmflg & SHM_RND)
377 attach_va &= ~(SHMLBA-1);
378 else if ((attach_va & (SHMLBA-1)) != 0) {
379 shmat_ret = EINVAL;
380 goto shmat_out;
381 }
382
383 shm_handle = CAST_DOWN(void *, shmseg->shm_internal); /* tunnel */
384
385 rv = mach_vm_map(current_map(), /* process map */
386 &attach_va, /* attach address */
387 map_size, /* segment size */
388 (mach_vm_offset_t)0, /* alignment mask */
389 (flags & MAP_FIXED)? VM_FLAGS_FIXED: VM_FLAGS_ANYWHERE,
390 shm_handle->shm_object,
391 (mach_vm_offset_t)0,
392 FALSE,
393 prot,
394 prot,
395 VM_INHERIT_DEFAULT);
396 if (rv != KERN_SUCCESS)
397 goto out;
398
399 rv = mach_vm_inherit(current_map(), attach_va, map_size, VM_INHERIT_SHARE);
400 if (rv != KERN_SUCCESS) {
401 (void)mach_vm_deallocate(current_map(), attach_va, map_size);
402 goto out;
403 }
404
405 shmmap_s->va = attach_va;
406 shmmap_s->shmid = uap->shmid;
407 shmseg->shm_lpid = p->p_pid;
408 shmseg->shm_atime = sysv_shmtime();
409 shmseg->shm_nattch++;
410 *retval = attach_va; /* XXX return -1 on error */
411 shmat_ret = 0;
412 goto shmat_out;
413 out:
414 switch (rv) {
415 case KERN_INVALID_ADDRESS:
416 case KERN_NO_SPACE:
417 shmat_ret = ENOMEM;
418 case KERN_PROTECTION_FAILURE:
419 shmat_ret = EACCES;
420 default:
421 shmat_ret = EINVAL;
422 }
423 shmat_out:
424 SYSV_SHM_SUBSYS_UNLOCK();
425 return shmat_ret;
426 }
427
428 static int
429 oshmctl(__unused void *p, __unused void *uap, __unused void *retval)
430 {
431 return EINVAL;
432 }
433
434 int
435 shmctl(__unused struct proc *p, struct shmctl_args *uap, register_t *retval)
436 {
437 int error;
438 kauth_cred_t cred = kauth_cred_get();
439 struct user_shmid_ds inbuf;
440 struct user_shmid_ds *shmseg;
441 size_t shmid_ds_sz = sizeof(struct user_shmid_ds);
442
443 int shmctl_ret = 0;
444
445 AUDIT_ARG(svipc_cmd, uap->cmd);
446 AUDIT_ARG(svipc_id, uap->shmid);
447
448 SYSV_SHM_SUBSYS_LOCK();
449
450 if (!shm_inited) {
451 shmctl_ret = EINVAL;
452 goto shmctl_out;
453 }
454
455 if (!IS_64BIT_PROCESS(p))
456 shmid_ds_sz = sizeof(struct shmid_ds);
457
458 shmseg = shm_find_segment_by_shmid(uap->shmid);
459 if (shmseg == NULL) {
460 shmctl_ret = EINVAL;
461 goto shmctl_out;
462 }
463
464 /* XXAUDIT: This is the perms BEFORE any change by this call. This
465 * may not be what is desired.
466 */
467 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
468
469 switch (uap->cmd) {
470 case IPC_STAT:
471 error = ipcperm(cred, &shmseg->shm_perm, IPC_R);
472 if (error) {
473 shmctl_ret = error;
474 goto shmctl_out;
475 }
476
477 if (IS_64BIT_PROCESS(p)) {
478 error = copyout(shmseg, uap->buf, sizeof(struct user_shmid_ds));
479 } else {
480 struct shmid_ds shmid_ds32;
481 shmid_ds_64to32(shmseg, &shmid_ds32);
482 error = copyout(&shmid_ds32, uap->buf, sizeof(struct shmid_ds));
483 }
484 if (error) {
485 shmctl_ret = error;
486 goto shmctl_out;
487 }
488 break;
489 case IPC_SET:
490 error = ipcperm(cred, &shmseg->shm_perm, IPC_M);
491 if (error) {
492 shmctl_ret = error;
493 goto shmctl_out;
494 }
495 if (IS_64BIT_PROCESS(p)) {
496 error = copyin(uap->buf, &inbuf, sizeof(struct user_shmid_ds));
497 } else {
498 error = copyin(uap->buf, &inbuf, sizeof(struct shmid_ds));
499 /* convert in place; ugly, but safe */
500 shmid_ds_32to64((struct shmid_ds *)&inbuf, &inbuf);
501 }
502 if (error) {
503 shmctl_ret = error;
504 goto shmctl_out;
505 }
506 shmseg->shm_perm.uid = inbuf.shm_perm.uid;
507 shmseg->shm_perm.gid = inbuf.shm_perm.gid;
508 shmseg->shm_perm.mode =
509 (shmseg->shm_perm.mode & ~ACCESSPERMS) |
510 (inbuf.shm_perm.mode & ACCESSPERMS);
511 shmseg->shm_ctime = sysv_shmtime();
512 break;
513 case IPC_RMID:
514 error = ipcperm(cred, &shmseg->shm_perm, IPC_M);
515 if (error) {
516 shmctl_ret = error;
517 goto shmctl_out;
518 }
519 shmseg->shm_perm.key = IPC_PRIVATE;
520 shmseg->shm_perm.mode |= SHMSEG_REMOVED;
521 if (shmseg->shm_nattch <= 0) {
522 shm_deallocate_segment(shmseg);
523 shm_last_free = IPCID_TO_IX(uap->shmid);
524 }
525 break;
526 #if 0
527 case SHM_LOCK:
528 case SHM_UNLOCK:
529 #endif
530 default:
531 shmctl_ret = EINVAL;
532 goto shmctl_out;
533 }
534 *retval = 0;
535 shmctl_ret = 0;
536 shmctl_out:
537 SYSV_SHM_SUBSYS_UNLOCK();
538 return shmctl_ret;
539 }
540
541 static int
542 shmget_existing(struct shmget_args *uap, int mode, int segnum, int *retval)
543 {
544 struct user_shmid_ds *shmseg;
545 int error;
546
547 shmseg = &shmsegs[segnum];
548 if (shmseg->shm_perm.mode & SHMSEG_REMOVED) {
549 /*
550 * This segment is in the process of being allocated. Wait
551 * until it's done, and look the key up again (in case the
552 * allocation failed or it was freed).
553 */
554 shmseg->shm_perm.mode |= SHMSEG_WANTED;
555 error = tsleep((caddr_t)shmseg, PLOCK | PCATCH, "shmget", 0);
556 if (error)
557 return error;
558 return EAGAIN;
559 }
560 error = ipcperm(kauth_cred_get(), &shmseg->shm_perm, mode);
561 if (error)
562 return error;
563 if (uap->size && uap->size > shmseg->shm_segsz)
564 return EINVAL;
565 if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
566 return EEXIST;
567 *retval = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
568 return 0;
569 }
570
571 static int
572 shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode,
573 int *retval)
574 {
575 int i, segnum, shmid, size;
576 kauth_cred_t cred = kauth_cred_get();
577 struct user_shmid_ds *shmseg;
578 struct shm_handle *shm_handle;
579 kern_return_t kret;
580 vm_offset_t user_addr;
581 void * mem_object;
582
583 if (uap->size < (user_size_t)shminfo.shmmin ||
584 uap->size > (user_size_t)shminfo.shmmax)
585 return EINVAL;
586 if (shm_nused >= shminfo.shmmni) /* any shmids left? */
587 return ENOSPC;
588 size = mach_vm_round_page(uap->size);
589 if (shm_committed + btoc(size) > shminfo.shmall)
590 return ENOMEM;
591 if (shm_last_free < 0) {
592 for (i = 0; i < shminfo.shmmni; i++)
593 if (shmsegs[i].shm_perm.mode & SHMSEG_FREE)
594 break;
595 if (i == shminfo.shmmni)
596 panic("shmseg free count inconsistent");
597 segnum = i;
598 } else {
599 segnum = shm_last_free;
600 shm_last_free = -1;
601 }
602 shmseg = &shmsegs[segnum];
603 /*
604 * In case we sleep in malloc(), mark the segment present but deleted
605 * so that noone else tries to create the same key.
606 */
607 kret = vm_allocate(current_map(), &user_addr, size, VM_FLAGS_ANYWHERE);
608 if (kret != KERN_SUCCESS)
609 goto out;
610
611 kret = mach_make_memory_entry (current_map(), &size, user_addr,
612 VM_PROT_DEFAULT, (mem_entry_name_port_t *)&mem_object, 0);
613
614 if (kret != KERN_SUCCESS)
615 goto out;
616
617 vm_deallocate(current_map(), user_addr, size);
618
619 shmseg->shm_perm.mode = SHMSEG_ALLOCATED | SHMSEG_REMOVED;
620 shmseg->shm_perm.key = uap->key;
621 shmseg->shm_perm.seq = (shmseg->shm_perm.seq + 1) & 0x7fff;
622 MALLOC(shm_handle, struct shm_handle *, sizeof(struct shm_handle), M_SHM, M_WAITOK);
623 if (shm_handle == NULL) {
624 kret = KERN_NO_SPACE;
625 mach_memory_entry_port_release(mem_object);
626 mem_object = NULL;
627 goto out;
628 }
629 shm_handle->shm_object = mem_object;
630 shmid = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
631
632 shmseg->shm_internal = CAST_USER_ADDR_T(shm_handle); /* tunnel */
633 shmseg->shm_perm.cuid = shmseg->shm_perm.uid = kauth_cred_getuid(cred);
634 shmseg->shm_perm.cgid = shmseg->shm_perm.gid = cred->cr_gid;
635 shmseg->shm_perm.mode = (shmseg->shm_perm.mode & SHMSEG_WANTED) |
636 (mode & ACCESSPERMS) | SHMSEG_ALLOCATED;
637 shmseg->shm_segsz = uap->size;
638 shmseg->shm_cpid = p->p_pid;
639 shmseg->shm_lpid = shmseg->shm_nattch = 0;
640 shmseg->shm_atime = shmseg->shm_dtime = 0;
641 shmseg->shm_ctime = sysv_shmtime();
642 shm_committed += btoc(size);
643 shm_nused++;
644 AUDIT_ARG(svipc_perm, &shmseg->shm_perm);
645 if (shmseg->shm_perm.mode & SHMSEG_WANTED) {
646 /*
647 * Somebody else wanted this key while we were asleep. Wake
648 * them up now.
649 */
650 shmseg->shm_perm.mode &= ~SHMSEG_WANTED;
651 wakeup((caddr_t)shmseg);
652 }
653 *retval = shmid;
654 AUDIT_ARG(svipc_id, shmid);
655 return 0;
656 out:
657 switch (kret) {
658 case KERN_INVALID_ADDRESS:
659 case KERN_NO_SPACE:
660 return (ENOMEM);
661 case KERN_PROTECTION_FAILURE:
662 return (EACCES);
663 default:
664 return (EINVAL);
665 }
666
667 }
668
669 int
670 shmget(struct proc *p, struct shmget_args *uap, register_t *retval)
671 {
672 int segnum, mode, error;
673 int shmget_ret = 0;
674
675 /* Auditing is actually done in shmget_allocate_segment() */
676
677 SYSV_SHM_SUBSYS_LOCK();
678
679 if (!shm_inited) {
680 shmget_ret = EINVAL;
681 goto shmget_out;
682 }
683
684 mode = uap->shmflg & ACCESSPERMS;
685 if (uap->key != IPC_PRIVATE) {
686 again:
687 segnum = shm_find_segment_by_key(uap->key);
688 if (segnum >= 0) {
689 error = shmget_existing(uap, mode, segnum, retval);
690 if (error == EAGAIN)
691 goto again;
692 shmget_ret = error;
693 goto shmget_out;
694 }
695 if ((uap->shmflg & IPC_CREAT) == 0) {
696 shmget_ret = ENOENT;
697 goto shmget_out;
698 }
699 }
700 shmget_ret = shmget_allocate_segment(p, uap, mode, retval);
701 shmget_out:
702 SYSV_SHM_SUBSYS_UNLOCK();
703 return shmget_ret;
704 /*NOTREACHED*/
705
706 }
707
708 /* XXX actually varargs. */
709 int
710 shmsys(struct proc *p, struct shmsys_args *uap, register_t *retval)
711 {
712
713 /* The routine that we are dispatching already does this */
714
715 if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0]))
716 return EINVAL;
717 return ((*shmcalls[uap->which])(p, &uap->a2, retval));
718 }
719
720 /*
721 * Return 0 on success, 1 on failure.
722 */
723 int
724 shmfork(struct proc *p1, struct proc *p2)
725 {
726 struct shmmap_state *shmmap_s;
727 size_t size;
728 int i;
729 int shmfork_ret = 0;
730
731 SYSV_SHM_SUBSYS_LOCK();
732
733 if (!shm_inited) {
734 shmfork_ret = 0;
735 goto shmfork_out;
736 }
737
738 size = shminfo.shmseg * sizeof(struct shmmap_state);
739 MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK);
740 if (shmmap_s != NULL) {
741 bcopy((caddr_t)p1->vm_shm, (caddr_t)shmmap_s, size);
742 p2->vm_shm = (caddr_t)shmmap_s;
743 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
744 if (shmmap_s->shmid != -1)
745 shmsegs[IPCID_TO_IX(shmmap_s->shmid)].shm_nattch++;
746 shmfork_ret = 0;
747 goto shmfork_out;
748 }
749
750 shmfork_ret = 1; /* failed to copy to child - ENOMEM */
751 shmfork_out:
752 SYSV_SHM_SUBSYS_UNLOCK();
753 return shmfork_ret;
754 }
755
756 void
757 shmexit(struct proc *p)
758 {
759 struct shmmap_state *shmmap_s;
760 int i;
761
762 shmmap_s = (struct shmmap_state *)p->vm_shm;
763
764 SYSV_SHM_SUBSYS_LOCK();
765 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
766 if (shmmap_s->shmid != -1)
767 shm_delete_mapping(p, shmmap_s, 1);
768 FREE((caddr_t)p->vm_shm, M_SHM);
769 p->vm_shm = NULL;
770 SYSV_SHM_SUBSYS_UNLOCK();
771 }
772
773 /*
774 * shmexec() is like shmexit(), only it doesn't delete the mappings,
775 * since the old address space has already been destroyed and the new
776 * one instantiated. Instead, it just does the housekeeping work we
777 * need to do to keep the System V shared memory subsystem sane.
778 */
779 __private_extern__ void
780 shmexec(struct proc *p)
781 {
782 struct shmmap_state *shmmap_s;
783 int i;
784
785 shmmap_s = (struct shmmap_state *)p->vm_shm;
786 SYSV_SHM_SUBSYS_LOCK();
787 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
788 if (shmmap_s->shmid != -1)
789 shm_delete_mapping(p, shmmap_s, 0);
790 FREE((caddr_t)p->vm_shm, M_SHM);
791 p->vm_shm = NULL;
792 SYSV_SHM_SUBSYS_UNLOCK();
793 }
794
795 void
796 shminit(__unused void *dummy)
797 {
798 int i;
799 int s;
800
801 if (!shm_inited) {
802 /*
803 * we store internally 64 bit, since if we didn't, we would
804 * be unable to represent a segment size in excess of 32 bits
805 * with the (struct shmid_ds)->shm_segsz field; also, POSIX
806 * dictates this filed be a size_t, which is 64 bits when
807 * running 64 bit binaries.
808 */
809 s = sizeof(struct user_shmid_ds) * shminfo.shmmni;
810
811 MALLOC(shmsegs, struct user_shmid_ds *, s, M_SHM, M_WAITOK);
812 if (shmsegs == NULL) {
813 /* XXX fail safely: leave shared memory uninited */
814 return;
815 }
816 for (i = 0; i < shminfo.shmmni; i++) {
817 shmsegs[i].shm_perm.mode = SHMSEG_FREE;
818 shmsegs[i].shm_perm.seq = 0;
819 }
820 shm_last_free = 0;
821 shm_nused = 0;
822 shm_committed = 0;
823 shm_inited = 1;
824 }
825 }
826 /* Initialize the mutex governing access to the SysV shm subsystem */
827 __private_extern__ void
828 sysv_shm_lock_init( void )
829 {
830
831 sysv_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init();
832
833 sysv_shm_subsys_lck_grp = lck_grp_alloc_init("sysv_shm_subsys_lock", sysv_shm_subsys_lck_grp_attr);
834
835 sysv_shm_subsys_lck_attr = lck_attr_alloc_init();
836 lck_mtx_init(&sysv_shm_subsys_mutex, sysv_shm_subsys_lck_grp, sysv_shm_subsys_lck_attr);
837 }
838
839 /* (struct sysctl_oid *oidp, void *arg1, int arg2, \
840 struct sysctl_req *req) */
841 static int
842 sysctl_shminfo(__unused struct sysctl_oid *oidp, void *arg1,
843 __unused int arg2, struct sysctl_req *req)
844 {
845 int error = 0;
846 int sysctl_shminfo_ret = 0;
847
848 error = SYSCTL_OUT(req, arg1, sizeof(int64_t));
849 if (error || req->newptr == USER_ADDR_NULL)
850 return(error);
851
852 SYSV_SHM_SUBSYS_LOCK();
853 /* Set the values only if shared memory is not initialised */
854 if (!shm_inited) {
855 if ((error = SYSCTL_IN(req, arg1, sizeof(int64_t)))
856 != 0) {
857 sysctl_shminfo_ret = error;
858 goto sysctl_shminfo_out;
859 }
860
861 if (arg1 == &shminfo.shmmax) {
862 if (shminfo.shmmax & PAGE_MASK_64) {
863 shminfo.shmmax = (int64_t)-1;
864 sysctl_shminfo_ret = EINVAL;
865 goto sysctl_shminfo_out;
866 }
867 }
868
869 /* Initialize only when all values are set */
870 if ((shminfo.shmmax != (int64_t)-1) &&
871 (shminfo.shmmin != (int64_t)-1) &&
872 (shminfo.shmmni != (int64_t)-1) &&
873 (shminfo.shmseg != (int64_t)-1) &&
874 (shminfo.shmall != (int64_t)-1)) {
875 shminit(NULL);
876 }
877 }
878 sysctl_shminfo_ret = 0;
879 sysctl_shminfo_out:
880 SYSV_SHM_SUBSYS_UNLOCK();
881 return sysctl_shminfo_ret;
882 }
883
884 static int
885 IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1,
886 __unused int arg2, struct sysctl_req *req)
887 {
888 int error;
889 int cursor;
890 union {
891 struct IPCS_command u32;
892 struct user_IPCS_command u64;
893 } ipcs;
894 struct shmid_ds shmid_ds32; /* post conversion, 32 bit version */
895 void *shmid_dsp;
896 size_t ipcs_sz = sizeof(struct user_IPCS_command);
897 size_t shmid_ds_sz = sizeof(struct user_shmid_ds);
898 struct proc *p = current_proc();
899
900 int ipcs__shminfo_ret = 0;
901
902 SYSV_SHM_SUBSYS_LOCK();
903
904 if (!shm_inited) {
905 error = EINVAL;
906 goto ipcs_shm_sysctl_out;
907 }
908
909 if (!IS_64BIT_PROCESS(p)) {
910 ipcs_sz = sizeof(struct IPCS_command);
911 shmid_ds_sz = sizeof(struct shmid_ds);
912 }
913
914 /* Copy in the command structure */
915 if ((error = SYSCTL_IN(req, &ipcs, ipcs_sz)) != 0) {
916 goto ipcs_shm_sysctl_out;
917 }
918
919 if (!IS_64BIT_PROCESS(p)) /* convert in place */
920 ipcs.u64.ipcs_data = CAST_USER_ADDR_T(ipcs.u32.ipcs_data);
921
922 /* Let us version this interface... */
923 if (ipcs.u64.ipcs_magic != IPCS_MAGIC) {
924 error = EINVAL;
925 goto ipcs_shm_sysctl_out;
926 }
927
928 switch(ipcs.u64.ipcs_op) {
929 case IPCS_SHM_CONF: /* Obtain global configuration data */
930 if (ipcs.u64.ipcs_datalen != sizeof(struct shminfo)) {
931 if (ipcs.u64.ipcs_cursor != 0) { /* fwd. compat. */
932 error = ENOMEM;
933 break;
934 }
935 error = ERANGE;
936 break;
937 }
938 error = copyout(&shminfo, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen);
939 break;
940
941 case IPCS_SHM_ITER: /* Iterate over existing segments */
942 cursor = ipcs.u64.ipcs_cursor;
943 if (cursor < 0 || cursor >= shminfo.shmmni) {
944 error = ERANGE;
945 break;
946 }
947 if (ipcs.u64.ipcs_datalen != (int)shmid_ds_sz) {
948 error = ENOMEM;
949 break;
950 }
951 for( ; cursor < shminfo.shmmni; cursor++) {
952 if (shmsegs[cursor].shm_perm.mode & SHMSEG_ALLOCATED)
953 break;
954 continue;
955 }
956 if (cursor == shminfo.shmmni) {
957 error = ENOENT;
958 break;
959 }
960
961 shmid_dsp = &shmsegs[cursor]; /* default: 64 bit */
962
963 /*
964 * If necessary, convert the 64 bit kernel segment
965 * descriptor to a 32 bit user one.
966 */
967 if (!IS_64BIT_PROCESS(p)) {
968 shmid_ds_64to32(shmid_dsp, &shmid_ds32);
969 shmid_dsp = &shmid_ds32;
970 }
971 error = copyout(shmid_dsp, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen);
972 if (!error) {
973 /* update cursor */
974 ipcs.u64.ipcs_cursor = cursor + 1;
975
976 if (!IS_64BIT_PROCESS(p)) /* convert in place */
977 ipcs.u32.ipcs_data = CAST_DOWN(void *,ipcs.u64.ipcs_data);
978 error = SYSCTL_OUT(req, &ipcs, ipcs_sz);
979 }
980 break;
981
982 default:
983 error = EINVAL;
984 break;
985 }
986 ipcs_shm_sysctl_out:
987 SYSV_SHM_SUBSYS_UNLOCK();
988 return(error);
989 }
990
991 SYSCTL_NODE(_kern, KERN_SYSV, sysv, CTLFLAG_RW, 0, "SYSV");
992
993 SYSCTL_PROC(_kern_sysv, KSYSV_SHMMAX, shmmax, CTLTYPE_QUAD | CTLFLAG_RW,
994 &shminfo.shmmax, 0, &sysctl_shminfo ,"Q","shmmax");
995
996 SYSCTL_PROC(_kern_sysv, KSYSV_SHMMIN, shmmin, CTLTYPE_QUAD | CTLFLAG_RW,
997 &shminfo.shmmin, 0, &sysctl_shminfo ,"Q","shmmin");
998
999 SYSCTL_PROC(_kern_sysv, KSYSV_SHMMNI, shmmni, CTLTYPE_QUAD | CTLFLAG_RW,
1000 &shminfo.shmmni, 0, &sysctl_shminfo ,"Q","shmmni");
1001
1002 SYSCTL_PROC(_kern_sysv, KSYSV_SHMSEG, shmseg, CTLTYPE_QUAD | CTLFLAG_RW,
1003 &shminfo.shmseg, 0, &sysctl_shminfo ,"Q","shmseg");
1004
1005 SYSCTL_PROC(_kern_sysv, KSYSV_SHMALL, shmall, CTLTYPE_QUAD | CTLFLAG_RW,
1006 &shminfo.shmall, 0, &sysctl_shminfo ,"Q","shmall");
1007
1008 SYSCTL_NODE(_kern_sysv, OID_AUTO, ipcs, CTLFLAG_RW, 0, "SYSVIPCS");
1009
1010 SYSCTL_PROC(_kern_sysv_ipcs, OID_AUTO, shm, CTLFLAG_RW|CTLFLAG_ANYBODY,
1011 0, 0, IPCS_shm_sysctl,
1012 "S,IPCS_shm_command",
1013 "ipcs shm command interface");
mirror of XNU