]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/sysv_msg.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-344.21.73.tar.gz
[apple/xnu.git] / bsd / kern / sysv_msg.c
1 /*
2 * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
7 *
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * file.
14 *
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
22 *
23 * @APPLE_LICENSE_HEADER_END@
24 */
25 /*
26 * Implementation of SVID messages
27 *
28 * Author: Daniel Boulet
29 *
30 * Copyright 1993 Daniel Boulet and RTMX Inc.
31 *
32 * This system call was implemented by Daniel Boulet under contract from RTMX.
33 *
34 * Redistribution and use in source forms, with and without modification,
35 * are permitted provided that this entire comment appears intact.
36 *
37 * Redistribution in binary form may occur without any restrictions.
38 * Obviously, it would be nice if you gave credit where credit is due
39 * but requiring it would be too onerous.
40 *
41 * This software is provided ``AS IS'' without any warranties of any kind.
42 */
43
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/sysproto.h>
47 #include <sys/kernel.h>
48 #include <sys/proc.h>
49 #include <sys/msg.h>
50 #include <sys/sysent.h>
51
52 static void msginit __P((void *));
53 SYSINIT(sysv_msg, SI_SUB_SYSV_MSG, SI_ORDER_FIRST, msginit, NULL)
54
55 #define MSG_DEBUG
56 #undef MSG_DEBUG_OK
57
58 #ifndef _SYS_SYSPROTO_H_
59 struct msgctl_args;
60 int msgctl __P((struct proc *p, struct msgctl_args *uap));
61 struct msgget_args;
62 int msgget __P((struct proc *p, struct msgget_args *uap));
63 struct msgsnd_args;
64 int msgsnd __P((struct proc *p, struct msgsnd_args *uap));
65 struct msgrcv_args;
66 int msgrcv __P((struct proc *p, struct msgrcv_args *uap));
67 #endif
68 static void msg_freehdr __P((struct msg *msghdr));
69
70 /* XXX casting to (sy_call_t *) is bogus, as usual. */
71 static sy_call_t *msgcalls[] = {
72 (sy_call_t *)msgctl, (sy_call_t *)msgget,
73 (sy_call_t *)msgsnd, (sy_call_t *)msgrcv
74 };
75
76 static int nfree_msgmaps; /* # of free map entries */
77 static short free_msgmaps; /* head of linked list of free map entries */
78 static struct msg *free_msghdrs; /* list of free msg headers */
79 char *msgpool; /* MSGMAX byte long msg buffer pool */
80 struct msgmap *msgmaps; /* MSGSEG msgmap structures */
81 struct msg *msghdrs; /* MSGTQL msg headers */
82 struct msqid_ds *msqids; /* MSGMNI msqid_ds struct's */
83
84 void
85 msginit(dummy)
86 void *dummy;
87 {
88 register int i;
89
90 /*
91 * msginfo.msgssz should be a power of two for efficiency reasons.
92 * It is also pretty silly if msginfo.msgssz is less than 8
93 * or greater than about 256 so ...
94 */
95
96 i = 8;
97 while (i < 1024 && i != msginfo.msgssz)
98 i <<= 1;
99 if (i != msginfo.msgssz) {
100 printf("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz,
101 msginfo.msgssz);
102 panic("msginfo.msgssz not a small power of 2");
103 }
104
105 if (msginfo.msgseg > 32767) {
106 printf("msginfo.msgseg=%d\n", msginfo.msgseg);
107 panic("msginfo.msgseg > 32767");
108 }
109
110 if (msgmaps == NULL)
111 panic("msgmaps is NULL");
112
113 for (i = 0; i < msginfo.msgseg; i++) {
114 if (i > 0)
115 msgmaps[i-1].next = i;
116 msgmaps[i].next = -1; /* implies entry is available */
117 }
118 free_msgmaps = 0;
119 nfree_msgmaps = msginfo.msgseg;
120
121 if (msghdrs == NULL)
122 panic("msghdrs is NULL");
123
124 for (i = 0; i < msginfo.msgtql; i++) {
125 msghdrs[i].msg_type = 0;
126 if (i > 0)
127 msghdrs[i-1].msg_next = &msghdrs[i];
128 msghdrs[i].msg_next = NULL;
129 }
130 free_msghdrs = &msghdrs[0];
131
132 if (msqids == NULL)
133 panic("msqids is NULL");
134
135 for (i = 0; i < msginfo.msgmni; i++) {
136 msqids[i].msg_qbytes = 0; /* implies entry is available */
137 msqids[i].msg_perm.seq = 0; /* reset to a known value */
138 }
139 }
140
141 /*
142 * Entry point for all MSG calls
143 */
144 int
145 msgsys(p, uap)
146 struct proc *p;
147 /* XXX actually varargs. */
148 struct msgsys_args /* {
149 u_int which;
150 int a2;
151 int a3;
152 int a4;
153 int a5;
154 int a6;
155 } */ *uap;
156 {
157
158 if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0]))
159 return (EINVAL);
160 return ((*msgcalls[uap->which])(p, &uap->a2));
161 }
162
163 static void
164 msg_freehdr(msghdr)
165 struct msg *msghdr;
166 {
167 while (msghdr->msg_ts > 0) {
168 short next;
169 if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg)
170 panic("msghdr->msg_spot out of range");
171 next = msgmaps[msghdr->msg_spot].next;
172 msgmaps[msghdr->msg_spot].next = free_msgmaps;
173 free_msgmaps = msghdr->msg_spot;
174 nfree_msgmaps++;
175 msghdr->msg_spot = next;
176 if (msghdr->msg_ts >= msginfo.msgssz)
177 msghdr->msg_ts -= msginfo.msgssz;
178 else
179 msghdr->msg_ts = 0;
180 }
181 if (msghdr->msg_spot != -1)
182 panic("msghdr->msg_spot != -1");
183 msghdr->msg_next = free_msghdrs;
184 free_msghdrs = msghdr;
185 }
186
187 #ifndef _SYS_SYSPROTO_H_
188 struct msgctl_args {
189 int msqid;
190 int cmd;
191 struct msqid_ds *buf;
192 };
193 #endif
194
195 int
196 msgctl(p, uap)
197 struct proc *p;
198 register struct msgctl_args *uap;
199 {
200 int msqid = uap->msqid;
201 int cmd = uap->cmd;
202 struct msqid_ds *user_msqptr = uap->buf;
203 struct ucred *cred = p->p_ucred;
204 int rval, eval;
205 struct msqid_ds msqbuf;
206 register struct msqid_ds *msqptr;
207
208 #ifdef MSG_DEBUG_OK
209 printf("call to msgctl(%d, %d, 0x%x)\n", msqid, cmd, user_msqptr);
210 #endif
211
212 msqid = IPCID_TO_IX(msqid);
213
214 if (msqid < 0 || msqid >= msginfo.msgmni) {
215 #ifdef MSG_DEBUG_OK
216 printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
217 msginfo.msgmni);
218 #endif
219 return(EINVAL);
220 }
221
222 msqptr = &msqids[msqid];
223
224 if (msqptr->msg_qbytes == 0) {
225 #ifdef MSG_DEBUG_OK
226 printf("no such msqid\n");
227 #endif
228 return(EINVAL);
229 }
230 if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
231 #ifdef MSG_DEBUG_OK
232 printf("wrong sequence number\n");
233 #endif
234 return(EINVAL);
235 }
236
237 eval = 0;
238 rval = 0;
239
240 switch (cmd) {
241
242 case IPC_RMID:
243 {
244 struct msg *msghdr;
245 if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_M)))
246 return(eval);
247 /* Free the message headers */
248 msghdr = msqptr->msg_first;
249 while (msghdr != NULL) {
250 struct msg *msghdr_tmp;
251
252 /* Free the segments of each message */
253 msqptr->msg_cbytes -= msghdr->msg_ts;
254 msqptr->msg_qnum--;
255 msghdr_tmp = msghdr;
256 msghdr = msghdr->msg_next;
257 msg_freehdr(msghdr_tmp);
258 }
259
260 if (msqptr->msg_cbytes != 0)
261 panic("msg_cbytes is messed up");
262 if (msqptr->msg_qnum != 0)
263 panic("msg_qnum is messed up");
264
265 msqptr->msg_qbytes = 0; /* Mark it as free */
266
267 wakeup((caddr_t)msqptr);
268 }
269
270 break;
271
272 case IPC_SET:
273 if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_M)))
274 return(eval);
275 if ((eval = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0)
276 return(eval);
277 if (msqbuf.msg_qbytes > msqptr->msg_qbytes) {
278 eval = suser(cred, &p->p_acflag);
279 if (eval)
280 return(eval);
281 }
282 if (msqbuf.msg_qbytes > msginfo.msgmnb) {
283 #ifdef MSG_DEBUG_OK
284 printf("can't increase msg_qbytes beyond %d (truncating)\n",
285 msginfo.msgmnb);
286 #endif
287 msqbuf.msg_qbytes = msginfo.msgmnb; /* silently restrict qbytes to system limit */
288 }
289 if (msqbuf.msg_qbytes == 0) {
290 #ifdef MSG_DEBUG_OK
291 printf("can't reduce msg_qbytes to 0\n");
292 #endif
293 return(EINVAL); /* non-standard errno! */
294 }
295 msqptr->msg_perm.uid = msqbuf.msg_perm.uid; /* change the owner */
296 msqptr->msg_perm.gid = msqbuf.msg_perm.gid; /* change the owner */
297 msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) |
298 (msqbuf.msg_perm.mode & 0777);
299 msqptr->msg_qbytes = msqbuf.msg_qbytes;
300 msqptr->msg_ctime = time_second;
301 break;
302
303 case IPC_STAT:
304 if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_R))) {
305 #ifdef MSG_DEBUG_OK
306 printf("requester doesn't have read access\n");
307 #endif
308 return(eval);
309 }
310 eval = copyout((caddr_t)msqptr, user_msqptr,
311 sizeof(struct msqid_ds));
312 break;
313
314 default:
315 #ifdef MSG_DEBUG_OK
316 printf("invalid command %d\n", cmd);
317 #endif
318 return(EINVAL);
319 }
320
321 if (eval == 0)
322 p->p_retval[0] = rval;
323 return(eval);
324 }
325
326 #ifndef _SYS_SYSPROTO_H_
327 struct msgget_args {
328 key_t key;
329 int msgflg;
330 };
331 #endif
332
333 int
334 msgget(p, uap)
335 struct proc *p;
336 register struct msgget_args *uap;
337 {
338 int msqid, eval;
339 int key = uap->key;
340 int msgflg = uap->msgflg;
341 struct ucred *cred = p->p_ucred;
342 register struct msqid_ds *msqptr = NULL;
343
344 #ifdef MSG_DEBUG_OK
345 printf("msgget(0x%x, 0%o)\n", key, msgflg);
346 #endif
347
348 if (key != IPC_PRIVATE) {
349 for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
350 msqptr = &msqids[msqid];
351 if (msqptr->msg_qbytes != 0 &&
352 msqptr->msg_perm.key == key)
353 break;
354 }
355 if (msqid < msginfo.msgmni) {
356 #ifdef MSG_DEBUG_OK
357 printf("found public key\n");
358 #endif
359 if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) {
360 #ifdef MSG_DEBUG_OK
361 printf("not exclusive\n");
362 #endif
363 return(EEXIST);
364 }
365 if ((eval = ipcperm(cred, &msqptr->msg_perm, msgflg & 0700 ))) {
366 #ifdef MSG_DEBUG_OK
367 printf("requester doesn't have 0%o access\n",
368 msgflg & 0700);
369 #endif
370 return(eval);
371 }
372 goto found;
373 }
374 }
375
376 #ifdef MSG_DEBUG_OK
377 printf("need to allocate the msqid_ds\n");
378 #endif
379 if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) {
380 for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
381 /*
382 * Look for an unallocated and unlocked msqid_ds.
383 * msqid_ds's can be locked by msgsnd or msgrcv while
384 * they are copying the message in/out. We can't
385 * re-use the entry until they release it.
386 */
387 msqptr = &msqids[msqid];
388 if (msqptr->msg_qbytes == 0 &&
389 (msqptr->msg_perm.mode & MSG_LOCKED) == 0)
390 break;
391 }
392 if (msqid == msginfo.msgmni) {
393 #ifdef MSG_DEBUG_OK
394 printf("no more msqid_ds's available\n");
395 #endif
396 return(ENOSPC);
397 }
398 #ifdef MSG_DEBUG_OK
399 printf("msqid %d is available\n", msqid);
400 #endif
401 msqptr->msg_perm.key = key;
402 msqptr->msg_perm.cuid = cred->cr_uid;
403 msqptr->msg_perm.uid = cred->cr_uid;
404 msqptr->msg_perm.cgid = cred->cr_gid;
405 msqptr->msg_perm.gid = cred->cr_gid;
406 msqptr->msg_perm.mode = (msgflg & 0777);
407 /* Make sure that the returned msqid is unique */
408 msqptr->msg_perm.seq++;
409 msqptr->msg_first = NULL;
410 msqptr->msg_last = NULL;
411 msqptr->msg_cbytes = 0;
412 msqptr->msg_qnum = 0;
413 msqptr->msg_qbytes = msginfo.msgmnb;
414 msqptr->msg_lspid = 0;
415 msqptr->msg_lrpid = 0;
416 msqptr->msg_stime = 0;
417 msqptr->msg_rtime = 0;
418 msqptr->msg_ctime = time_second;
419 } else {
420 #ifdef MSG_DEBUG_OK
421 printf("didn't find it and wasn't asked to create it\n");
422 #endif
423 return(ENOENT);
424 }
425
426 found:
427 /* Construct the unique msqid */
428 p->p_retval[0] = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm);
429 return(0);
430 }
431
432 #ifndef _SYS_SYSPROTO_H_
433 struct msgsnd_args {
434 int msqid;
435 void *msgp;
436 size_t msgsz;
437 int msgflg;
438 };
439 #endif
440
441 int
442 msgsnd(p, uap)
443 struct proc *p;
444 register struct msgsnd_args *uap;
445 {
446 int msqid = uap->msqid;
447 void *user_msgp = uap->msgp;
448 size_t msgsz = uap->msgsz;
449 int msgflg = uap->msgflg;
450 int segs_needed, eval;
451 struct ucred *cred = p->p_ucred;
452 register struct msqid_ds *msqptr;
453 register struct msg *msghdr;
454 short next;
455
456 #ifdef MSG_DEBUG_OK
457 printf("call to msgsnd(%d, 0x%x, %d, %d)\n", msqid, user_msgp, msgsz,
458 msgflg);
459 #endif
460
461 msqid = IPCID_TO_IX(msqid);
462
463 if (msqid < 0 || msqid >= msginfo.msgmni) {
464 #ifdef MSG_DEBUG_OK
465 printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
466 msginfo.msgmni);
467 #endif
468 return(EINVAL);
469 }
470
471 msqptr = &msqids[msqid];
472 if (msqptr->msg_qbytes == 0) {
473 #ifdef MSG_DEBUG_OK
474 printf("no such message queue id\n");
475 #endif
476 return(EINVAL);
477 }
478 if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
479 #ifdef MSG_DEBUG_OK
480 printf("wrong sequence number\n");
481 #endif
482 return(EINVAL);
483 }
484
485 if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_W))) {
486 #ifdef MSG_DEBUG_OK
487 printf("requester doesn't have write access\n");
488 #endif
489 return(eval);
490 }
491
492 segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz;
493 #ifdef MSG_DEBUG_OK
494 printf("msgsz=%d, msgssz=%d, segs_needed=%d\n", msgsz, msginfo.msgssz,
495 segs_needed);
496 #endif
497 for (;;) {
498 int need_more_resources = 0;
499
500 /*
501 * check msgsz
502 * (inside this loop in case msg_qbytes changes while we sleep)
503 */
504
505 if (msgsz > msqptr->msg_qbytes) {
506 #ifdef MSG_DEBUG_OK
507 printf("msgsz > msqptr->msg_qbytes\n");
508 #endif
509 return(EINVAL);
510 }
511
512 if (msqptr->msg_perm.mode & MSG_LOCKED) {
513 #ifdef MSG_DEBUG_OK
514 printf("msqid is locked\n");
515 #endif
516 need_more_resources = 1;
517 }
518 if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes) {
519 #ifdef MSG_DEBUG_OK
520 printf("msgsz + msg_cbytes > msg_qbytes\n");
521 #endif
522 need_more_resources = 1;
523 }
524 if (segs_needed > nfree_msgmaps) {
525 #ifdef MSG_DEBUG_OK
526 printf("segs_needed > nfree_msgmaps\n");
527 #endif
528 need_more_resources = 1;
529 }
530 if (free_msghdrs == NULL) {
531 #ifdef MSG_DEBUG_OK
532 printf("no more msghdrs\n");
533 #endif
534 need_more_resources = 1;
535 }
536
537 if (need_more_resources) {
538 int we_own_it;
539
540 if ((msgflg & IPC_NOWAIT) != 0) {
541 #ifdef MSG_DEBUG_OK
542 printf("need more resources but caller doesn't want to wait\n");
543 #endif
544 return(EAGAIN);
545 }
546
547 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) {
548 #ifdef MSG_DEBUG_OK
549 printf("we don't own the msqid_ds\n");
550 #endif
551 we_own_it = 0;
552 } else {
553 /* Force later arrivals to wait for our
554 request */
555 #ifdef MSG_DEBUG_OK
556 printf("we own the msqid_ds\n");
557 #endif
558 msqptr->msg_perm.mode |= MSG_LOCKED;
559 we_own_it = 1;
560 }
561 #ifdef MSG_DEBUG_OK
562 printf("goodnight\n");
563 #endif
564 eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH,
565 "msgwait", 0);
566 #ifdef MSG_DEBUG_OK
567 printf("good morning, eval=%d\n", eval);
568 #endif
569 if (we_own_it)
570 msqptr->msg_perm.mode &= ~MSG_LOCKED;
571 if (eval != 0) {
572 #ifdef MSG_DEBUG_OK
573 printf("msgsnd: interrupted system call\n");
574 #endif
575 return(EINTR);
576 }
577
578 /*
579 * Make sure that the msq queue still exists
580 */
581
582 if (msqptr->msg_qbytes == 0) {
583 #ifdef MSG_DEBUG_OK
584 printf("msqid deleted\n");
585 #endif
586 /* The SVID says to return EIDRM. */
587 #ifdef EIDRM
588 return(EIDRM);
589 #else
590 /* Unfortunately, BSD doesn't define that code
591 yet! */
592 return(EINVAL);
593 #endif
594 }
595
596 } else {
597 #ifdef MSG_DEBUG_OK
598 printf("got all the resources that we need\n");
599 #endif
600 break;
601 }
602 }
603
604 /*
605 * We have the resources that we need.
606 * Make sure!
607 */
608
609 if (msqptr->msg_perm.mode & MSG_LOCKED)
610 panic("msg_perm.mode & MSG_LOCKED");
611 if (segs_needed > nfree_msgmaps)
612 panic("segs_needed > nfree_msgmaps");
613 if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes)
614 panic("msgsz + msg_cbytes > msg_qbytes");
615 if (free_msghdrs == NULL)
616 panic("no more msghdrs");
617
618 /*
619 * Re-lock the msqid_ds in case we page-fault when copying in the
620 * message
621 */
622
623 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0)
624 panic("msqid_ds is already locked");
625 msqptr->msg_perm.mode |= MSG_LOCKED;
626
627 /*
628 * Allocate a message header
629 */
630
631 msghdr = free_msghdrs;
632 free_msghdrs = msghdr->msg_next;
633 msghdr->msg_spot = -1;
634 msghdr->msg_ts = msgsz;
635
636 /*
637 * Allocate space for the message
638 */
639
640 while (segs_needed > 0) {
641 if (nfree_msgmaps <= 0)
642 panic("not enough msgmaps");
643 if (free_msgmaps == -1)
644 panic("nil free_msgmaps");
645 next = free_msgmaps;
646 if (next <= -1)
647 panic("next too low #1");
648 if (next >= msginfo.msgseg)
649 panic("next out of range #1");
650 #ifdef MSG_DEBUG_OK
651 printf("allocating segment %d to message\n", next);
652 #endif
653 free_msgmaps = msgmaps[next].next;
654 nfree_msgmaps--;
655 msgmaps[next].next = msghdr->msg_spot;
656 msghdr->msg_spot = next;
657 segs_needed--;
658 }
659
660 /*
661 * Copy in the message type
662 */
663
664 if ((eval = copyin(user_msgp, &msghdr->msg_type,
665 sizeof(msghdr->msg_type))) != 0) {
666 #ifdef MSG_DEBUG_OK
667 printf("error %d copying the message type\n", eval);
668 #endif
669 msg_freehdr(msghdr);
670 msqptr->msg_perm.mode &= ~MSG_LOCKED;
671 wakeup((caddr_t)msqptr);
672 return(eval);
673 }
674 user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type);
675
676 /*
677 * Validate the message type
678 */
679
680 if (msghdr->msg_type < 1) {
681 msg_freehdr(msghdr);
682 msqptr->msg_perm.mode &= ~MSG_LOCKED;
683 wakeup((caddr_t)msqptr);
684 #ifdef MSG_DEBUG_OK
685 printf("mtype (%d) < 1\n", msghdr->msg_type);
686 #endif
687 return(EINVAL);
688 }
689
690 /*
691 * Copy in the message body
692 */
693
694 next = msghdr->msg_spot;
695 while (msgsz > 0) {
696 size_t tlen;
697 if (msgsz > msginfo.msgssz)
698 tlen = msginfo.msgssz;
699 else
700 tlen = msgsz;
701 if (next <= -1)
702 panic("next too low #2");
703 if (next >= msginfo.msgseg)
704 panic("next out of range #2");
705 if ((eval = copyin(user_msgp, &msgpool[next * msginfo.msgssz],
706 tlen)) != 0) {
707 #ifdef MSG_DEBUG_OK
708 printf("error %d copying in message segment\n", eval);
709 #endif
710 msg_freehdr(msghdr);
711 msqptr->msg_perm.mode &= ~MSG_LOCKED;
712 wakeup((caddr_t)msqptr);
713 return(eval);
714 }
715 msgsz -= tlen;
716 user_msgp = (char *)user_msgp + tlen;
717 next = msgmaps[next].next;
718 }
719 if (next != -1)
720 panic("didn't use all the msg segments");
721
722 /*
723 * We've got the message. Unlock the msqid_ds.
724 */
725
726 msqptr->msg_perm.mode &= ~MSG_LOCKED;
727
728 /*
729 * Make sure that the msqid_ds is still allocated.
730 */
731
732 if (msqptr->msg_qbytes == 0) {
733 msg_freehdr(msghdr);
734 wakeup((caddr_t)msqptr);
735 /* The SVID says to return EIDRM. */
736 #ifdef EIDRM
737 return(EIDRM);
738 #else
739 /* Unfortunately, BSD doesn't define that code yet! */
740 return(EINVAL);
741 #endif
742 }
743
744 /*
745 * Put the message into the queue
746 */
747
748 if (msqptr->msg_first == NULL) {
749 msqptr->msg_first = msghdr;
750 msqptr->msg_last = msghdr;
751 } else {
752 msqptr->msg_last->msg_next = msghdr;
753 msqptr->msg_last = msghdr;
754 }
755 msqptr->msg_last->msg_next = NULL;
756
757 msqptr->msg_cbytes += msghdr->msg_ts;
758 msqptr->msg_qnum++;
759 msqptr->msg_lspid = p->p_pid;
760 msqptr->msg_stime = time_second;
761
762 wakeup((caddr_t)msqptr);
763 p->p_retval[0] = 0;
764 return(0);
765 }
766
767 #ifndef _SYS_SYSPROTO_H_
768 struct msgrcv_args {
769 int msqid;
770 void *msgp;
771 size_t msgsz;
772 long msgtyp;
773 int msgflg;
774 };
775 #endif
776
777 int
778 msgrcv(p, uap)
779 struct proc *p;
780 register struct msgrcv_args *uap;
781 {
782 int msqid = uap->msqid;
783 void *user_msgp = uap->msgp;
784 size_t msgsz = uap->msgsz;
785 long msgtyp = uap->msgtyp;
786 int msgflg = uap->msgflg;
787 size_t len;
788 struct ucred *cred = p->p_ucred;
789 register struct msqid_ds *msqptr;
790 register struct msg *msghdr;
791 int eval;
792 short next;
793
794 #ifdef MSG_DEBUG_OK
795 printf("call to msgrcv(%d, 0x%x, %d, %ld, %d)\n", msqid, user_msgp,
796 msgsz, msgtyp, msgflg);
797 #endif
798
799 msqid = IPCID_TO_IX(msqid);
800
801 if (msqid < 0 || msqid >= msginfo.msgmni) {
802 #ifdef MSG_DEBUG_OK
803 printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
804 msginfo.msgmni);
805 #endif
806 return(EINVAL);
807 }
808
809 msqptr = &msqids[msqid];
810 if (msqptr->msg_qbytes == 0) {
811 #ifdef MSG_DEBUG_OK
812 printf("no such message queue id\n");
813 #endif
814 return(EINVAL);
815 }
816 if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
817 #ifdef MSG_DEBUG_OK
818 printf("wrong sequence number\n");
819 #endif
820 return(EINVAL);
821 }
822
823 if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_R))) {
824 #ifdef MSG_DEBUG_OK
825 printf("requester doesn't have read access\n");
826 #endif
827 return(eval);
828 }
829
830 msghdr = NULL;
831 while (msghdr == NULL) {
832 if (msgtyp == 0) {
833 msghdr = msqptr->msg_first;
834 if (msghdr != NULL) {
835 if (msgsz < msghdr->msg_ts &&
836 (msgflg & MSG_NOERROR) == 0) {
837 #ifdef MSG_DEBUG_OK
838 printf("first message on the queue is too big (want %d, got %d)\n",
839 msgsz, msghdr->msg_ts);
840 #endif
841 return(E2BIG);
842 }
843 if (msqptr->msg_first == msqptr->msg_last) {
844 msqptr->msg_first = NULL;
845 msqptr->msg_last = NULL;
846 } else {
847 msqptr->msg_first = msghdr->msg_next;
848 if (msqptr->msg_first == NULL)
849 panic("msg_first/last messed up #1");
850 }
851 }
852 } else {
853 struct msg *previous;
854 struct msg **prev;
855
856 previous = NULL;
857 prev = &(msqptr->msg_first);
858 while ((msghdr = *prev) != NULL) {
859 /*
860 * Is this message's type an exact match or is
861 * this message's type less than or equal to
862 * the absolute value of a negative msgtyp?
863 * Note that the second half of this test can
864 * NEVER be true if msgtyp is positive since
865 * msg_type is always positive!
866 */
867
868 if (msgtyp == msghdr->msg_type ||
869 msghdr->msg_type <= -msgtyp) {
870 #ifdef MSG_DEBUG_OK
871 printf("found message type %d, requested %d\n",
872 msghdr->msg_type, msgtyp);
873 #endif
874 if (msgsz < msghdr->msg_ts &&
875 (msgflg & MSG_NOERROR) == 0) {
876 #ifdef MSG_DEBUG_OK
877 printf("requested message on the queue is too big (want %d, got %d)\n",
878 msgsz, msghdr->msg_ts);
879 #endif
880 return(E2BIG);
881 }
882 *prev = msghdr->msg_next;
883 if (msghdr == msqptr->msg_last) {
884 if (previous == NULL) {
885 if (prev !=
886 &msqptr->msg_first)
887 panic("msg_first/last messed up #2");
888 msqptr->msg_first =
889 NULL;
890 msqptr->msg_last =
891 NULL;
892 } else {
893 if (prev ==
894 &msqptr->msg_first)
895 panic("msg_first/last messed up #3");
896 msqptr->msg_last =
897 previous;
898 }
899 }
900 break;
901 }
902 previous = msghdr;
903 prev = &(msghdr->msg_next);
904 }
905 }
906
907 /*
908 * We've either extracted the msghdr for the appropriate
909 * message or there isn't one.
910 * If there is one then bail out of this loop.
911 */
912
913 if (msghdr != NULL)
914 break;
915
916 /*
917 * Hmph! No message found. Does the user want to wait?
918 */
919
920 if ((msgflg & IPC_NOWAIT) != 0) {
921 #ifdef MSG_DEBUG_OK
922 printf("no appropriate message found (msgtyp=%d)\n",
923 msgtyp);
924 #endif
925 /* The SVID says to return ENOMSG. */
926 #ifdef ENOMSG
927 return(ENOMSG);
928 #else
929 /* Unfortunately, BSD doesn't define that code yet! */
930 return(EAGAIN);
931 #endif
932 }
933
934 /*
935 * Wait for something to happen
936 */
937
938 #ifdef MSG_DEBUG_OK
939 printf("msgrcv: goodnight\n");
940 #endif
941 eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, "msgwait",
942 0);
943 #ifdef MSG_DEBUG_OK
944 printf("msgrcv: good morning (eval=%d)\n", eval);
945 #endif
946
947 if (eval != 0) {
948 #ifdef MSG_DEBUG_OK
949 printf("msgsnd: interrupted system call\n");
950 #endif
951 return(EINTR);
952 }
953
954 /*
955 * Make sure that the msq queue still exists
956 */
957
958 if (msqptr->msg_qbytes == 0 ||
959 msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
960 #ifdef MSG_DEBUG_OK
961 printf("msqid deleted\n");
962 #endif
963 /* The SVID says to return EIDRM. */
964 #ifdef EIDRM
965 return(EIDRM);
966 #else
967 /* Unfortunately, BSD doesn't define that code yet! */
968 return(EINVAL);
969 #endif
970 }
971 }
972
973 /*
974 * Return the message to the user.
975 *
976 * First, do the bookkeeping (before we risk being interrupted).
977 */
978
979 msqptr->msg_cbytes -= msghdr->msg_ts;
980 msqptr->msg_qnum--;
981 msqptr->msg_lrpid = p->p_pid;
982 msqptr->msg_rtime = time_second;
983
984 /*
985 * Make msgsz the actual amount that we'll be returning.
986 * Note that this effectively truncates the message if it is too long
987 * (since msgsz is never increased).
988 */
989
990 #ifdef MSG_DEBUG_OK
991 printf("found a message, msgsz=%d, msg_ts=%d\n", msgsz,
992 msghdr->msg_ts);
993 #endif
994 if (msgsz > msghdr->msg_ts)
995 msgsz = msghdr->msg_ts;
996
997 /*
998 * Return the type to the user.
999 */
1000
1001 eval = copyout((caddr_t)&(msghdr->msg_type), user_msgp,
1002 sizeof(msghdr->msg_type));
1003 if (eval != 0) {
1004 #ifdef MSG_DEBUG_OK
1005 printf("error (%d) copying out message type\n", eval);
1006 #endif
1007 msg_freehdr(msghdr);
1008 wakeup((caddr_t)msqptr);
1009 return(eval);
1010 }
1011 user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type);
1012
1013 /*
1014 * Return the segments to the user
1015 */
1016
1017 next = msghdr->msg_spot;
1018 for (len = 0; len < msgsz; len += msginfo.msgssz) {
1019 size_t tlen;
1020
1021 if (msgsz > msginfo.msgssz)
1022 tlen = msginfo.msgssz;
1023 else
1024 tlen = msgsz;
1025 if (next <= -1)
1026 panic("next too low #3");
1027 if (next >= msginfo.msgseg)
1028 panic("next out of range #3");
1029 eval = copyout((caddr_t)&msgpool[next * msginfo.msgssz],
1030 user_msgp, tlen);
1031 if (eval != 0) {
1032 #ifdef MSG_DEBUG_OK
1033 printf("error (%d) copying out message segment\n",
1034 eval);
1035 #endif
1036 msg_freehdr(msghdr);
1037 wakeup((caddr_t)msqptr);
1038 return(eval);
1039 }
1040 user_msgp = (char *)user_msgp + tlen;
1041 next = msgmaps[next].next;
1042 }
1043
1044 /*
1045 * Done, return the actual number of bytes copied out.
1046 */
1047
1048 msg_freehdr(msghdr);
1049 wakeup((caddr_t)msqptr);
1050 p->p_retval[0] = msgsz;
1051 return(0);
1052 }
mirror of XNU