xnu-2782.40.9.tar.gz

[apple/xnu.git] / bsd / kern / posix_shm.c

diff --git a/bsd/kern/posix_shm.c b/bsd/kern/posix_shm.c
index 617d1dc9f7672ac134bcbfcac29ed6aeac10e6f9..4a0a848a2227b3f59852268cbe7fc565641fffc4 100644 (file)
--- a/bsd/kern/posix_shm.c
+++ b/bsd/kern/posix_shm.c
@@ -85,7 +85,7 @@
 #include <vm/vm_protos.h>
 
 #define f_flag f_fglob->fg_flag
-#define f_type f_fglob->fg_type
+#define f_type f_fglob->fg_ops->fo_type
 #define f_msgcount f_fglob->fg_msgcount
 #define f_cred f_fglob->fg_cred
 #define f_ops f_fglob->fg_ops
@@ -192,8 +192,16 @@ static void pshm_cache_purge(void);
 static int pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp,
        struct pshmcache **pcache, int addref);
 
-struct         fileops pshmops =
-       { pshm_read, pshm_write, pshm_ioctl, pshm_select, pshm_closefile, pshm_kqfilter, 0 };
+static const struct fileops pshmops = {
+       DTYPE_PSXSHM,
+       pshm_read,
+       pshm_write,
+       pshm_ioctl,
+       pshm_select,
+       pshm_closefile,
+       pshm_kqfilter,
+       0
+};
 
 static lck_grp_t       *psx_shm_subsys_lck_grp;
 static lck_grp_attr_t  *psx_shm_subsys_lck_grp_attr;
@@ -265,7 +273,6 @@ pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp,
 
        /*
         * We found a "negative" match, ENOENT notifies client of this match.
-        * The nc_vpid field records whether this is a whiteout.
         */
        pshmstats.neghits++;
        return (ENOENT);
@@ -296,9 +303,6 @@ pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *p
 
        /*
         * Fill in cache info, if vp is NULL this is a "negative" cache entry.
-        * For negative entries, we have to record whether it is a whiteout.
-        * the whiteout flag is stored in the nc_vpid field which is
-        * otherwise unused.
         */
        pcp->pshminfo = pshmp;
        pcp->pshm_nlen = pnp->pshm_namelen;
@@ -499,8 +503,8 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval)
                        pinfo->pshm_mode = cmode;
                        pinfo->pshm_uid = kauth_getuid();
                        pinfo->pshm_gid = kauth_getgid();
-                       bcopy(pnbuf, &pinfo->pshm_name[0], PSHMNAMLEN);
-                       pinfo->pshm_name[PSHMNAMLEN]=0;
+                       bcopy(pnbuf, &pinfo->pshm_name[0], pathlen);
+                       pinfo->pshm_name[pathlen]=0;
 #if CONFIG_MACF
                        error = mac_posixshm_check_create(kauth_cred_get(), nameptr);
                        if (error) {
@@ -530,7 +534,7 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval)
                        AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid,
                                        pinfo->pshm_gid, pinfo->pshm_mode);
 #if CONFIG_MACF        
-                       if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo))) {
+                       if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) {
                                goto bad;
                        }
 #endif
@@ -550,7 +554,7 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval)
                        goto bad;
                }       
 #if CONFIG_MACF        
-               if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo))) {
+               if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) {
                        goto bad;
                }
 #endif
@@ -606,7 +610,6 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval)
 
        proc_fdlock(p);
        fp->f_flag = fmode & FMASK;
-       fp->f_type = DTYPE_PSXSHM;
        fp->f_ops = &pshmops;
        fp->f_data = (caddr_t)new_pnode;
        *fdflags(p, indx) |= UF_EXCLOSE;
@@ -664,10 +667,13 @@ pshm_truncate(__unused proc_t p, struct fileproc *fp, __unused int fd,
        mach_vm_size_t total_size, alloc_size;
        memory_object_size_t mosize;
        struct pshmobj *pshmobj, *pshmobj_next, **pshmobj_next_p;
+       vm_map_t        user_map;
 #if CONFIG_MACF
        int error;
 #endif
 
+       user_map = current_map();
+
        if (fp->f_type != DTYPE_PSXSHM) {
                return(EINVAL);
        }
@@ -695,7 +701,8 @@ pshm_truncate(__unused proc_t p, struct fileproc *fp, __unused int fd,
 #endif
 
        pinfo->pshm_flags |= PSHM_ALLOCATING;
-       total_size = round_page_64(length);
+       total_size = vm_map_round_page(length,
+                                      vm_map_page_mask(user_map));
        pshmobj_next_p = &pinfo->pshm_memobjects;
 
        for (alloc_size = 0;
@@ -829,10 +836,10 @@ pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, __unused proc_t
 int
 pshm_mmap(__unused proc_t p, struct mmap_args *uap, user_addr_t *retval, struct fileproc *fp, off_t pageoff) 
 {
-       mach_vm_offset_t        user_addr = (mach_vm_offset_t)uap->addr;
-       mach_vm_size_t          user_size = (mach_vm_size_t)uap->len ;
-       mach_vm_offset_t        user_start_addr;
-       mach_vm_size_t          map_size, mapped_size;
+       vm_map_offset_t user_addr = (vm_map_offset_t)uap->addr;
+       vm_map_size_t   user_size = (vm_map_size_t)uap->len ;
+       vm_map_offset_t user_start_addr;
+       vm_map_size_t   map_size, mapped_size;
        int prot = uap->prot;
        int flags = uap->flags;
        vm_object_offset_t file_pos = (vm_object_offset_t)uap->pos;
@@ -898,9 +905,11 @@ pshm_mmap(__unused proc_t p, struct mmap_args *uap, user_addr_t *retval, struct
 
        if ((flags & MAP_FIXED) == 0) {
                alloc_flags = VM_FLAGS_ANYWHERE;
-               user_addr = mach_vm_round_page(user_addr); 
+               user_addr = vm_map_round_page(user_addr,
+                                             vm_map_page_mask(user_map)); 
        } else {
-               if (user_addr != mach_vm_trunc_page(user_addr))
+               if (user_addr != vm_map_round_page(user_addr,
+                                                  vm_map_page_mask(user_map)))
                        return (EINVAL);
                /*
                 * We do not get rid of the existing mappings here because
@@ -1059,13 +1068,13 @@ shm_unlink(__unused proc_t p, struct shm_unlink_args *uap,
 
        if (error == ENOENT) {
                PSHM_SUBSYS_UNLOCK();
-               error = EINVAL;
                goto bad;
 
        }
+       /* During unlink lookup failure also implies ENOENT */ 
        if (!error) {
                PSHM_SUBSYS_UNLOCK();
-               error = EINVAL;
+               error = ENOENT;
                goto bad;
        } else
                incache = 1;
@@ -1099,15 +1108,23 @@ shm_unlink(__unused proc_t p, struct shm_unlink_args *uap,
        AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, pinfo->pshm_gid,
                  pinfo->pshm_mode);
 
-       /*
-        * JMM - How should permissions be checked?
+       /* 
+        * following file semantics, unlink should be allowed 
+        * for users with write permission only. 
         */
+       if ( (error = pshm_access(pinfo, FWRITE, kauth_cred_get(), p)) ) {
+               PSHM_SUBSYS_UNLOCK();
+               goto bad;
+       }
 
        pinfo->pshm_flags |= PSHM_INDELETE;
        pshm_cache_delete(pcache);
        pinfo->pshm_flags |= PSHM_REMOVED;
        /* release the existence reference */
        if (!--pinfo->pshm_usecount) {
+#if CONFIG_MACF
+               mac_posixshm_label_destroy(pinfo);
+#endif
                PSHM_SUBSYS_UNLOCK();
                /*
                 * If this is the last reference going away on the object,