X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/5ba3f43ea354af8ad55bea84372a2bc834d8757c..c6bf4f310a33a9262d455ea4d3f0630b1255e3fe:/bsd/kern/sysv_shm.c?ds=sidebyside diff --git a/bsd/kern/sysv_shm.c b/bsd/kern/sysv_shm.c index a962e9ab1..d31d1f57b 100644 --- a/bsd/kern/sysv_shm.c +++ b/bsd/kern/sysv_shm.c @@ -1,8 +1,8 @@ /* - * Copyright (c) 2000-2007 Apple Inc. All rights reserved. + * Copyright (c) 2000-2019 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in @@ -11,10 +11,10 @@ * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. - * + * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -22,7 +22,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* $NetBSD: sysv_shm.c,v 1.23 1994/07/04 23:25:12 glass Exp $ */ @@ -62,7 +62,7 @@ * is included in support of clause 2.2 (b) of the Apple Public License, * Version 2.0. * Copyright (c) 2005-2006 SPARTA, Inc. -*/ + */ #include @@ -101,9 +101,9 @@ /* Uncomment this line to see MAC debugging output. */ /* #define MAC_DEBUG */ #if CONFIG_MACF_DEBUG -#define MPRINTF(a) printf a +#define MPRINTF(a) printf a #else -#define MPRINTF(a) +#define MPRINTF(a) #endif #if SYSV_SHM @@ -124,19 +124,19 @@ static void shmid_ds_64to32(struct user_shmid_ds *in, struct user32_shmid_ds *ou static void shmid_ds_32to64(struct user32_shmid_ds *in, struct user_shmid_ds *out); /* XXX casting to (sy_call_t *) is bogus, as usual. */ -static sy_call_t *shmcalls[] = { +static sy_call_t* const shmcalls[] = { (sy_call_t *)shmat, (sy_call_t *)oshmctl, (sy_call_t *)shmdt, (sy_call_t *)shmget, (sy_call_t *)shmctl }; -#define SHMSEG_FREE 0x0200 -#define SHMSEG_REMOVED 0x0400 -#define SHMSEG_ALLOCATED 0x0800 -#define SHMSEG_WANTED 0x1000 +#define SHMSEG_FREE 0x0200 +#define SHMSEG_REMOVED 0x0400 +#define SHMSEG_ALLOCATED 0x0800 +#define SHMSEG_WANTED 0x1000 static int shm_last_free, shm_nused, shm_committed; -struct shmid_kernel *shmsegs; /* 64 bit version */ +struct shmid_kernel *shmsegs; /* 64 bit version */ static int shm_inited = 0; /* @@ -147,14 +147,14 @@ static int shm_inited = 0; * of anonymous memory. */ struct shm_handle { - void * shm_object; /* named entry for this chunk*/ - memory_object_size_t shm_handle_size; /* size of this chunk */ - struct shm_handle *shm_handle_next; /* next chunk */ + void * shm_object; /* named entry for this chunk*/ + memory_object_size_t shm_handle_size; /* size of this chunk */ + struct shm_handle *shm_handle_next; /* next chunk */ }; struct shmmap_state { - mach_vm_address_t va; /* user address */ - int shmid; /* segment id */ + mach_vm_address_t va; /* user address */ + int shmid; /* segment id */ }; static void shm_deallocate_segment(struct shmid_kernel *); @@ -163,18 +163,18 @@ static struct shmid_kernel *shm_find_segment_by_shmid(int); static int shm_delete_mapping(struct proc *, struct shmmap_state *, int); #ifdef __APPLE_API_PRIVATE -#define DEFAULT_SHMMAX (4 * 1024 * 1024) -#define DEFAULT_SHMMIN 1 -#define DEFAULT_SHMMNI 32 -#define DEFAULT_SHMSEG 8 -#define DEFAULT_SHMALL 1024 +#define DEFAULT_SHMMAX (4 * 1024 * 1024) +#define DEFAULT_SHMMIN 1 +#define DEFAULT_SHMMNI 32 +#define DEFAULT_SHMSEG 8 +#define DEFAULT_SHMALL 1024 struct shminfo shminfo = { - DEFAULT_SHMMAX, - DEFAULT_SHMMIN, - DEFAULT_SHMMNI, - DEFAULT_SHMSEG, - DEFAULT_SHMALL + .shmmax = DEFAULT_SHMMAX, + .shmmin = DEFAULT_SHMMIN, + .shmmni = DEFAULT_SHMMNI, + .shmseg = DEFAULT_SHMSEG, + .shmall = DEFAULT_SHMALL }; #define SHMID_IS_VALID(x) ((x) >= 0) @@ -188,9 +188,9 @@ void sysv_shm_lock_init(void); static __inline__ time_t sysv_shmtime(void) { - struct timeval tv; + struct timeval tv; microtime(&tv); - return (tv.tv_sec); + return tv.tv_sec; } /* @@ -210,7 +210,7 @@ shmid_ds_64to32(struct user_shmid_ds *in, struct user32_shmid_ds *out) out->shm_atime = in->shm_atime; out->shm_dtime = in->shm_dtime; out->shm_ctime = in->shm_ctime; - out->shm_internal = CAST_DOWN_EXPLICIT(int,in->shm_internal); + out->shm_internal = CAST_DOWN_EXPLICIT(int, in->shm_internal); } /* @@ -238,10 +238,12 @@ shm_find_segment_by_key(key_t key) { int i; - for (i = 0; i < shminfo.shmmni; i++) + for (i = 0; i < shminfo.shmmni; i++) { if ((shmsegs[i].u.shm_perm.mode & SHMSEG_ALLOCATED) && - shmsegs[i].u.shm_perm._key == key) + shmsegs[i].u.shm_perm._key == key) { return i; + } + } return -1; } @@ -252,13 +254,15 @@ shm_find_segment_by_shmid(int shmid) struct shmid_kernel *shmseg; segnum = IPCID_TO_IX(shmid); - if (segnum < 0 || segnum >= shminfo.shmmni) + if (segnum < 0 || segnum >= shminfo.shmmni) { return NULL; + } shmseg = &shmsegs[segnum]; if ((shmseg->u.shm_perm.mode & (SHMSEG_ALLOCATED | SHMSEG_REMOVED)) != SHMSEG_ALLOCATED || - shmseg->u.shm_perm._seq != IPCID_TO_SEQ(shmid)) + shmseg->u.shm_perm._seq != IPCID_TO_SEQ(shmid)) { return NULL; + } return shmseg; } @@ -268,14 +272,14 @@ shm_deallocate_segment(struct shmid_kernel *shmseg) struct shm_handle *shm_handle, *shm_handle_next; mach_vm_size_t size; - for (shm_handle = CAST_DOWN(void *,shmseg->u.shm_internal); /* tunnel */ - shm_handle != NULL; - shm_handle = shm_handle_next) { + for (shm_handle = CAST_DOWN(void *, shmseg->u.shm_internal); /* tunnel */ + shm_handle != NULL; + shm_handle = shm_handle_next) { shm_handle_next = shm_handle->shm_handle_next; mach_memory_entry_port_release(shm_handle->shm_object); - FREE((caddr_t) shm_handle, M_SHM); + FREE(shm_handle, M_SHM); } - shmseg->u.shm_internal = USER_ADDR_NULL; /* tunnel */ + shmseg->u.shm_internal = USER_ADDR_NULL; /* tunnel */ size = mach_vm_round_page(shmseg->u.shm_segsz); shm_committed -= btoc(size); shm_nused--; @@ -288,7 +292,7 @@ shm_deallocate_segment(struct shmid_kernel *shmseg) static int shm_delete_mapping(__unused struct proc *p, struct shmmap_state *shmmap_s, - int deallocate) + int deallocate) { struct shmid_kernel *shmseg; int segnum, result; @@ -296,11 +300,12 @@ shm_delete_mapping(__unused struct proc *p, struct shmmap_state *shmmap_s, segnum = IPCID_TO_IX(shmmap_s->shmid); shmseg = &shmsegs[segnum]; - size = mach_vm_round_page(shmseg->u.shm_segsz); /* XXX done for us? */ + size = mach_vm_round_page(shmseg->u.shm_segsz); /* XXX done for us? */ if (deallocate) { - result = mach_vm_deallocate(current_map(), shmmap_s->va, size); - if (result != KERN_SUCCESS) - return EINVAL; + result = mach_vm_deallocate(current_map(), shmmap_s->va, size); + if (result != KERN_SUCCESS) { + return EINVAL; + } } shmmap_s->shmid = SHMID_UNALLOCATED; shmseg->u.shm_dtime = sysv_shmtime(); @@ -331,7 +336,7 @@ shmdt(struct proc *p, struct shmdt_args *uap, int32_t *retval) } shmmap_s = (struct shmmap_state *)p->vm_shm; - if (shmmap_s == NULL) { + if (shmmap_s == NULL) { shmdtret = EINVAL; goto shmdt_out; } @@ -355,13 +360,15 @@ shmdt(struct proc *p, struct shmdt_args *uap, int32_t *retval) */ shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)]; shmdtret = mac_sysvshm_check_shmdt(kauth_cred_get(), shmsegptr); - if (shmdtret) + if (shmdtret) { goto shmdt_out; + } #endif i = shm_delete_mapping(p, shmmap_s, 1); - if (i == 0) + if (i == 0) { *retval = 0; + } shmdtret = i; shmdt_out: SYSV_SHM_SUBSYS_UNLOCK(); @@ -372,17 +379,17 @@ int shmat(struct proc *p, struct shmat_args *uap, user_addr_t *retval) { int error, i, flags; - struct shmid_kernel *shmseg; - struct shmmap_state *shmmap_s = NULL; - struct shm_handle *shm_handle; - mach_vm_address_t attach_va; /* attach address in/out */ - mach_vm_size_t map_size; /* size of map entry */ - mach_vm_size_t mapped_size; + struct shmid_kernel *shmseg; + struct shmmap_state *shmmap_s = NULL; + struct shm_handle *shm_handle; + mach_vm_address_t attach_va; /* attach address in/out */ + mach_vm_size_t map_size; /* size of map entry */ + mach_vm_size_t mapped_size; vm_prot_t prot; - size_t size; - kern_return_t rv; - int shmat_ret; - int vm_flags; + size_t size; + kern_return_t rv; + int shmat_ret; + int vm_flags; shmat_ret = 0; @@ -407,8 +414,8 @@ shmat(struct proc *p, struct shmat_args *uap, user_addr_t *retval) /* +1 for the sentinel */ if (os_add_and_mul_overflow(nsegs, 1, sizeof(struct shmmap_state), &size)) { - shmat_ret = ENOMEM; - goto shmat_out; + shmat_ret = ENOMEM; + goto shmat_out; } MALLOC(shmmap_s, struct shmmap_state *, size, M_SHM, M_WAITOK | M_NULL); @@ -434,7 +441,7 @@ shmat(struct proc *p, struct shmat_args *uap, user_addr_t *retval) AUDIT_ARG(svipc_perm, &shmseg->u.shm_perm); error = ipcperm(kauth_cred_get(), &shmseg->u.shm_perm, - (uap->shmflg & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W); + (uap->shmflg & SHM_RDONLY) ? IPC_R : IPC_R | IPC_W); if (error) { shmat_ret = error; goto shmat_out; @@ -460,16 +467,18 @@ shmat(struct proc *p, struct shmat_args *uap, user_addr_t *retval) map_size = mach_vm_round_page(shmseg->u.shm_segsz); prot = VM_PROT_READ; - if ((uap->shmflg & SHM_RDONLY) == 0) + if ((uap->shmflg & SHM_RDONLY) == 0) { prot |= VM_PROT_WRITE; + } flags = MAP_ANON | MAP_SHARED; - if (uap->shmaddr) + if (uap->shmaddr) { flags |= MAP_FIXED; + } attach_va = (mach_vm_address_t)uap->shmaddr; - if (uap->shmflg & SHM_RND) - attach_va &= ~(SHMLBA-1); - else if ((attach_va & (SHMLBA-1)) != 0) { + if (uap->shmflg & SHM_RND) { + attach_va &= ~(SHMLBA - 1); + } else if ((attach_va & (SHMLBA - 1)) != 0) { shmat_ret = EINVAL; goto shmat_out; } @@ -484,17 +493,18 @@ shmat(struct proc *p, struct shmat_args *uap, user_addr_t *retval) /* first reserve enough space... */ rv = mach_vm_map_kernel(current_map(), - &attach_va, - map_size, - 0, - vm_flags, - VM_KERN_MEMORY_NONE, - IPC_PORT_NULL, - 0, - FALSE, - VM_PROT_NONE, - VM_PROT_NONE, - VM_INHERIT_NONE); + &attach_va, + map_size, + 0, + vm_flags, + VM_MAP_KERNEL_FLAGS_NONE, + VM_KERN_MEMORY_NONE, + IPC_PORT_NULL, + 0, + FALSE, + VM_PROT_NONE, + VM_PROT_NONE, + VM_INHERIT_NONE); if (rv != KERN_SUCCESS) { goto out; } @@ -503,14 +513,13 @@ shmat(struct proc *p, struct shmat_args *uap, user_addr_t *retval) /* ... then map the shared memory over the reserved space */ for (shm_handle = CAST_DOWN(void *, shmseg->u.shm_internal);/* tunnel */ - shm_handle != NULL; - shm_handle = shm_handle->shm_handle_next) { - + shm_handle != NULL; + shm_handle = shm_handle->shm_handle_next) { rv = vm_map_enter_mem_object( - current_map(), /* process map */ - &attach_va, /* attach address */ + current_map(), /* process map */ + &attach_va, /* attach address */ shm_handle->shm_handle_size, /* segment size */ - (mach_vm_offset_t)0, /* alignment mask */ + (mach_vm_offset_t)0, /* alignment mask */ VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE, VM_MAP_KERNEL_FLAGS_NONE, VM_KERN_MEMORY_NONE, @@ -520,8 +529,9 @@ shmat(struct proc *p, struct shmat_args *uap, user_addr_t *retval) prot, prot, VM_INHERIT_SHARE); - if (rv != KERN_SUCCESS) + if (rv != KERN_SUCCESS) { goto out; + } mapped_size += shm_handle->shm_handle_size; attach_va = attach_va + shm_handle->shm_handle_size; @@ -531,14 +541,14 @@ shmat(struct proc *p, struct shmat_args *uap, user_addr_t *retval) shmseg->u.shm_lpid = p->p_pid; shmseg->u.shm_atime = sysv_shmtime(); shmseg->u.shm_nattch++; - *retval = shmmap_s->va; /* XXX return -1 on error */ + *retval = shmmap_s->va; /* XXX return -1 on error */ shmat_ret = 0; goto shmat_out; out: if (mapped_size > 0) { (void) mach_vm_deallocate(current_map(), - shmmap_s->va, - mapped_size); + shmmap_s->va, + mapped_size); } switch (rv) { case KERN_INVALID_ADDRESS: @@ -596,7 +606,7 @@ shmctl(__unused struct proc *p, struct shmctl_args *uap, int32_t *retval) goto shmctl_out; } - /* XXAUDIT: This is the perms BEFORE any change by this call. This + /* XXAUDIT: This is the perms BEFORE any change by this call. This * may not be what is desired. */ AUDIT_ARG(svipc_perm, &shmseg->u.shm_perm); @@ -617,20 +627,20 @@ shmctl(__unused struct proc *p, struct shmctl_args *uap, int32_t *retval) } if (IS_64BIT_PROCESS(p)) { - struct user_shmid_ds shmid_ds; + struct user_shmid_ds shmid_ds = {}; memcpy(&shmid_ds, &shmseg->u, sizeof(struct user_shmid_ds)); - + /* Clear kernel reserved pointer before copying to user space */ shmid_ds.shm_internal = USER_ADDR_NULL; - + error = copyout(&shmid_ds, uap->buf, sizeof(shmid_ds)); } else { struct user32_shmid_ds shmid_ds32 = {}; shmid_ds_64to32(&shmseg->u, &shmid_ds32); - + /* Clear kernel reserved pointer before copying to user space */ shmid_ds32.shm_internal = (user32_addr_t)0; - + error = copyout(&shmid_ds32, uap->buf, sizeof(shmid_ds32)); } if (error) { @@ -706,8 +716,9 @@ shmget_existing(struct shmget_args *uap, int mode, int segnum, int *retval) */ shmseg->u.shm_perm.mode |= SHMSEG_WANTED; error = tsleep((caddr_t)shmseg, PLOCK | PCATCH, "shmget", 0); - if (error) + if (error) { return error; + } return EAGAIN; } @@ -719,20 +730,24 @@ shmget_existing(struct shmget_args *uap, int mode, int segnum, int *retval) * verify that it matches the requested mode; otherwise, we fail with * EACCES (access denied). */ - if ((shmseg->u.shm_perm.mode & mode) != mode) + if ((shmseg->u.shm_perm.mode & mode) != mode) { return EACCES; + } #if CONFIG_MACF error = mac_sysvshm_check_shmget(kauth_cred_get(), shmseg, uap->shmflg); - if (error) - return (error); + if (error) { + return error; + } #endif - if (uap->size && uap->size > shmseg->u.shm_segsz) + if (uap->size && uap->size > shmseg->u.shm_segsz) { return EINVAL; + } - if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL)) + if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL)) { return EEXIST; + } *retval = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm); return 0; @@ -740,7 +755,7 @@ shmget_existing(struct shmget_args *uap, int mode, int segnum, int *retval) static int shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, - int *retval) + int *retval) { int i, segnum, shmid; kauth_cred_t cred = kauth_cred_get(); @@ -752,25 +767,30 @@ shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, struct shm_handle *shm_handle_next, **shm_handle_next_p; if (uap->size <= 0 || - uap->size < (user_size_t)shminfo.shmmin || - uap->size > (user_size_t)shminfo.shmmax) { + uap->size < (user_size_t)shminfo.shmmin || + uap->size > (user_size_t)shminfo.shmmax) { return EINVAL; } - if (shm_nused >= shminfo.shmmni) /* any shmids left? */ + if (shm_nused >= shminfo.shmmni) { /* any shmids left? */ return ENOSPC; + } if (mach_vm_round_page_overflow(uap->size, &total_size)) { return EINVAL; } - if ((user_ssize_t)(shm_committed + btoc(total_size)) > shminfo.shmall) + if ((user_ssize_t)(shm_committed + btoc(total_size)) > shminfo.shmall) { return ENOMEM; + } if (shm_last_free < 0) { - for (i = 0; i < shminfo.shmmni; i++) - if (shmsegs[i].u.shm_perm.mode & SHMSEG_FREE) + for (i = 0; i < shminfo.shmmni; i++) { + if (shmsegs[i].u.shm_perm.mode & SHMSEG_FREE) { break; - if (i == shminfo.shmmni) + } + } + if (i == shminfo.shmmni) { panic("shmseg free count inconsistent"); + } segnum = i; - } else { + } else { segnum = shm_last_free; shm_last_free = -1; } @@ -787,8 +807,8 @@ shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, shm_handle_next_p = NULL; for (alloc_size = 0; - alloc_size < total_size; - alloc_size += size) { + alloc_size < total_size; + alloc_size += size) { size = MIN(total_size - alloc_size, ANON_MAX_SIZE); kret = mach_make_memory_entry_64( VM_MAP_NULL, @@ -796,9 +816,10 @@ shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, (memory_object_offset_t) 0, MAP_MEM_NAMED_CREATE | VM_PROT_DEFAULT, (ipc_port_t *) &mem_object, 0); - if (kret != KERN_SUCCESS) + if (kret != KERN_SUCCESS) { goto out; - + } + MALLOC(shm_handle, struct shm_handle *, sizeof(struct shm_handle), M_SHM, M_WAITOK); if (shm_handle == NULL) { kret = KERN_NO_SPACE; @@ -845,14 +866,14 @@ shmget_allocate_segment(struct proc *p, struct shmget_args *uap, int mode, *retval = shmid; AUDIT_ARG(svipc_id, shmid); return 0; -out: +out: if (kret != KERN_SUCCESS) { - for (shm_handle = CAST_DOWN(void *,shmseg->u.shm_internal); /* tunnel */ - shm_handle != NULL; - shm_handle = shm_handle_next) { + for (shm_handle = CAST_DOWN(void *, shmseg->u.shm_internal); /* tunnel */ + shm_handle != NULL; + shm_handle = shm_handle_next) { shm_handle_next = shm_handle->shm_handle_next; mach_memory_entry_port_release(shm_handle->shm_object); - FREE((caddr_t) shm_handle, M_SHM); + FREE(shm_handle, M_SHM); } shmseg->u.shm_internal = USER_ADDR_NULL; /* tunnel */ } @@ -860,13 +881,12 @@ out: switch (kret) { case KERN_INVALID_ADDRESS: case KERN_NO_SPACE: - return (ENOMEM); + return ENOMEM; case KERN_PROTECTION_FAILURE: - return (EACCES); + return EACCES; default: - return (EINVAL); + return EINVAL; } - } int @@ -885,12 +905,13 @@ shmget(struct proc *p, struct shmget_args *uap, int32_t *retval) mode = uap->shmflg & ACCESSPERMS; if (uap->key != IPC_PRIVATE) { - again: +again: segnum = shm_find_segment_by_key(uap->key); if (segnum >= 0) { error = shmget_existing(uap, mode, segnum, retval); - if (error == EAGAIN) + if (error == EAGAIN) { goto again; + } shmget_ret = error; goto shmget_out; } @@ -911,30 +932,30 @@ shmget_out: * Entry point for all SHM calls: shmat, oshmctl, shmdt, shmget, shmctl * * Parameters: p Process requesting the call - * uap User argument descriptor (see below) - * retval Return value of the selected shm call + * uap User argument descriptor (see below) + * retval Return value of the selected shm call * * Indirect parameters: uap->which msg call to invoke (index in array of shm calls) - * uap->a2 User argument descriptor - * + * uap->a2 User argument descriptor + * * Returns: 0 Success - * !0 Not success + * !0 Not success * * Implicit returns: retval Return value of the selected shm call * - * DEPRECATED: This interface should not be used to call the other SHM - * functions (shmat, oshmctl, shmdt, shmget, shmctl). The correct - * usage is to call the other SHM functions directly. + * DEPRECATED: This interface should not be used to call the other SHM + * functions (shmat, oshmctl, shmdt, shmget, shmctl). The correct + * usage is to call the other SHM functions directly. */ int shmsys(struct proc *p, struct shmsys_args *uap, int32_t *retval) { - /* The routine that we are dispatching already does this */ - if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0])) + if (uap->which >= sizeof(shmcalls) / sizeof(shmcalls[0])) { return EINVAL; - return ((*shmcalls[uap->which])(p, &uap->a2, retval)); + } + return (*shmcalls[uap->which])(p, &uap->a2, retval); } /* @@ -1004,7 +1025,7 @@ shmcleanup(struct proc *p, int deallocate) } } - FREE((caddr_t)p->vm_shm, M_SHM); + FREE(p->vm_shm, M_SHM); p->vm_shm = NULL; SYSV_SHM_SUBSYS_UNLOCK(); } @@ -1045,7 +1066,7 @@ shminit(void) return ENOMEM; } - MALLOC(shmsegs, struct shmid_kernel *, sz, M_SHM, M_WAITOK); + MALLOC(shmsegs, struct shmid_kernel *, sz, M_SHM, M_WAITOK | M_ZERO); if (shmsegs == NULL) { return ENOMEM; } @@ -1069,32 +1090,32 @@ shminit(void) __private_extern__ void sysv_shm_lock_init( void ) { - sysv_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init(); - + sysv_shm_subsys_lck_grp = lck_grp_alloc_init("sysv_shm_subsys_lock", sysv_shm_subsys_lck_grp_attr); - + sysv_shm_subsys_lck_attr = lck_attr_alloc_init(); lck_mtx_init(&sysv_shm_subsys_mutex, sysv_shm_subsys_lck_grp, sysv_shm_subsys_lck_attr); } /* (struct sysctl_oid *oidp, void *arg1, int arg2, \ - struct sysctl_req *req) */ + * struct sysctl_req *req) */ static int sysctl_shminfo(__unused struct sysctl_oid *oidp, void *arg1, - __unused int arg2, struct sysctl_req *req) + __unused int arg2, struct sysctl_req *req) { int error = 0; int sysctl_shminfo_ret = 0; - int64_t saved_shmmax; - int64_t saved_shmmin; + int64_t saved_shmmax; + int64_t saved_shmmin; int64_t saved_shmseg; int64_t saved_shmmni; int64_t saved_shmall; error = SYSCTL_OUT(req, arg1, sizeof(int64_t)); - if (error || req->newptr == USER_ADDR_NULL) - return(error); + if (error || req->newptr == USER_ADDR_NULL) { + return error; + } SYSV_SHM_SUBSYS_LOCK(); @@ -1103,11 +1124,11 @@ sysctl_shminfo(__unused struct sysctl_oid *oidp, void *arg1, sysctl_shminfo_ret = EPERM; goto sysctl_shminfo_out; } - saved_shmmax = shminfo.shmmax; - saved_shmmin = shminfo.shmmin; - saved_shmseg = shminfo.shmseg; - saved_shmmni = shminfo.shmmni; - saved_shmall = shminfo.shmall; + saved_shmmax = shminfo.shmmax; + saved_shmmin = shminfo.shmmin; + saved_shmseg = shminfo.shmseg; + saved_shmmni = shminfo.shmmni; + saved_shmall = shminfo.shmall; if ((error = SYSCTL_IN(req, arg1, sizeof(int64_t))) != 0) { sysctl_shminfo_ret = error; @@ -1121,38 +1142,34 @@ sysctl_shminfo(__unused struct sysctl_oid *oidp, void *arg1, sysctl_shminfo_ret = EINVAL; goto sysctl_shminfo_out; } - } - else if (arg1 == &shminfo.shmmin) { + } else if (arg1 == &shminfo.shmmin) { if (shminfo.shmmin < 0) { shminfo.shmmin = saved_shmmin; sysctl_shminfo_ret = EINVAL; goto sysctl_shminfo_out; } + } else if (arg1 == &shminfo.shmseg) { + /* add a sanity check - 20847256 */ + if (shminfo.shmseg > INT32_MAX || shminfo.shmseg < 0) { + shminfo.shmseg = saved_shmseg; + sysctl_shminfo_ret = EINVAL; + goto sysctl_shminfo_out; + } + } else if (arg1 == &shminfo.shmmni) { + /* add a sanity check - 20847256 */ + if (shminfo.shmmni > INT32_MAX || shminfo.shmmni < 0) { + shminfo.shmmni = saved_shmmni; + sysctl_shminfo_ret = EINVAL; + goto sysctl_shminfo_out; + } + } else if (arg1 == &shminfo.shmall) { + /* add a sanity check - 20847256 */ + if (shminfo.shmall > INT32_MAX || shminfo.shmall < 0) { + shminfo.shmall = saved_shmall; + sysctl_shminfo_ret = EINVAL; + goto sysctl_shminfo_out; + } } - else if (arg1 == &shminfo.shmseg) { - /* add a sanity check - 20847256 */ - if (shminfo.shmseg > INT32_MAX || shminfo.shmseg < 0) { - shminfo.shmseg = saved_shmseg; - sysctl_shminfo_ret = EINVAL; - goto sysctl_shminfo_out; - } - } - else if (arg1 == &shminfo.shmmni) { - /* add a sanity check - 20847256 */ - if (shminfo.shmmni > INT32_MAX || shminfo.shmmni < 0) { - shminfo.shmmni = saved_shmmni; - sysctl_shminfo_ret = EINVAL; - goto sysctl_shminfo_out; - } - } - else if (arg1 == &shminfo.shmall) { - /* add a sanity check - 20847256 */ - if (shminfo.shmall > INT32_MAX || shminfo.shmall < 0) { - shminfo.shmall = saved_shmall; - sysctl_shminfo_ret = EINVAL; - goto sysctl_shminfo_out; - } - } sysctl_shminfo_ret = 0; sysctl_shminfo_out: SYSV_SHM_SUBSYS_UNLOCK(); @@ -1161,7 +1178,7 @@ sysctl_shminfo_out: static int IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, - __unused int arg2, struct sysctl_req *req) + __unused int arg2, struct sysctl_req *req) { int error; int cursor; @@ -1169,8 +1186,8 @@ IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, struct user32_IPCS_command u32; struct user_IPCS_command u64; } ipcs; - struct user32_shmid_ds shmid_ds32 = {}; /* post conversion, 32 bit version */ - struct user_shmid_ds shmid_ds; /* 64 bit version */ + struct user32_shmid_ds shmid_ds32 = {}; /* post conversion, 32 bit version */ + struct user_shmid_ds shmid_ds; /* 64 bit version */ void *shmid_dsp; size_t ipcs_sz = sizeof(struct user_IPCS_command); size_t shmid_ds_sz = sizeof(struct user_shmid_ds); @@ -1192,8 +1209,9 @@ IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, goto ipcs_shm_sysctl_out; } - if (!IS_64BIT_PROCESS(p)) /* convert in place */ + if (!IS_64BIT_PROCESS(p)) { /* convert in place */ ipcs.u64.ipcs_data = CAST_USER_ADDR_T(ipcs.u32.ipcs_data); + } /* Let us version this interface... */ if (ipcs.u64.ipcs_magic != IPCS_MAGIC) { @@ -1201,8 +1219,8 @@ IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, goto ipcs_shm_sysctl_out; } - switch(ipcs.u64.ipcs_op) { - case IPCS_SHM_CONF: /* Obtain global configuration data */ + switch (ipcs.u64.ipcs_op) { + case IPCS_SHM_CONF: /* Obtain global configuration data */ if (ipcs.u64.ipcs_datalen != sizeof(struct shminfo)) { if (ipcs.u64.ipcs_cursor != 0) { /* fwd. compat. */ error = ENOMEM; @@ -1214,7 +1232,7 @@ IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, error = copyout(&shminfo, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen); break; - case IPCS_SHM_ITER: /* Iterate over existing segments */ + case IPCS_SHM_ITER: /* Iterate over existing segments */ cursor = ipcs.u64.ipcs_cursor; if (cursor < 0 || cursor >= shminfo.shmmni) { error = ERANGE; @@ -1224,9 +1242,10 @@ IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, error = EINVAL; break; } - for( ; cursor < shminfo.shmmni; cursor++) { - if (shmsegs[cursor].u.shm_perm.mode & SHMSEG_ALLOCATED) + for (; cursor < shminfo.shmmni; cursor++) { + if (shmsegs[cursor].u.shm_perm.mode & SHMSEG_ALLOCATED) { break; + } continue; } if (cursor == shminfo.shmmni) { @@ -1234,7 +1253,7 @@ IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, break; } - shmid_dsp = &shmsegs[cursor]; /* default: 64 bit */ + shmid_dsp = &shmsegs[cursor]; /* default: 64 bit */ /* * If necessary, convert the 64 bit kernel segment @@ -1242,17 +1261,17 @@ IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, */ if (!IS_64BIT_PROCESS(p)) { shmid_ds_64to32(shmid_dsp, &shmid_ds32); - + /* Clear kernel reserved pointer before copying to user space */ shmid_ds32.shm_internal = (user32_addr_t)0; - + shmid_dsp = &shmid_ds32; } else { memcpy(&shmid_ds, shmid_dsp, sizeof(shmid_ds)); /* Clear kernel reserved pointer before copying to user space */ shmid_ds.shm_internal = USER_ADDR_NULL; - + shmid_dsp = &shmid_ds; } error = copyout(shmid_dsp, ipcs.u64.ipcs_data, ipcs.u64.ipcs_datalen); @@ -1260,10 +1279,11 @@ IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, /* update cursor */ ipcs.u64.ipcs_cursor = cursor + 1; - if (!IS_64BIT_PROCESS(p)) /* convert in place */ - ipcs.u32.ipcs_data = CAST_DOWN_EXPLICIT(user32_addr_t,ipcs.u64.ipcs_data); + if (!IS_64BIT_PROCESS(p)) { /* convert in place */ + ipcs.u32.ipcs_data = CAST_DOWN_EXPLICIT(user32_addr_t, ipcs.u64.ipcs_data); + } - error = SYSCTL_OUT(req, &ipcs, ipcs_sz); + error = SYSCTL_OUT(req, &ipcs, ipcs_sz); } break; @@ -1273,32 +1293,32 @@ IPCS_shm_sysctl(__unused struct sysctl_oid *oidp, __unused void *arg1, } ipcs_shm_sysctl_out: SYSV_SHM_SUBSYS_UNLOCK(); - return(error); + return error; } SYSCTL_NODE(_kern, KERN_SYSV, sysv, CTLFLAG_RW | CTLFLAG_LOCKED | CTLFLAG_ANYBODY, 0, "SYSV"); SYSCTL_PROC(_kern_sysv, OID_AUTO, shmmax, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, - &shminfo.shmmax, 0, &sysctl_shminfo ,"Q","shmmax"); + &shminfo.shmmax, 0, &sysctl_shminfo, "Q", "shmmax"); SYSCTL_PROC(_kern_sysv, OID_AUTO, shmmin, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, - &shminfo.shmmin, 0, &sysctl_shminfo ,"Q","shmmin"); + &shminfo.shmmin, 0, &sysctl_shminfo, "Q", "shmmin"); SYSCTL_PROC(_kern_sysv, OID_AUTO, shmmni, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, - &shminfo.shmmni, 0, &sysctl_shminfo ,"Q","shmmni"); + &shminfo.shmmni, 0, &sysctl_shminfo, "Q", "shmmni"); SYSCTL_PROC(_kern_sysv, OID_AUTO, shmseg, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, - &shminfo.shmseg, 0, &sysctl_shminfo ,"Q","shmseg"); + &shminfo.shmseg, 0, &sysctl_shminfo, "Q", "shmseg"); SYSCTL_PROC(_kern_sysv, OID_AUTO, shmall, CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, - &shminfo.shmall, 0, &sysctl_shminfo ,"Q","shmall"); + &shminfo.shmall, 0, &sysctl_shminfo, "Q", "shmall"); SYSCTL_NODE(_kern_sysv, OID_AUTO, ipcs, CTLFLAG_RW | CTLFLAG_LOCKED | CTLFLAG_ANYBODY, 0, "SYSVIPCS"); SYSCTL_PROC(_kern_sysv_ipcs, OID_AUTO, shm, CTLFLAG_RW | CTLFLAG_ANYBODY | CTLFLAG_LOCKED, - 0, 0, IPCS_shm_sysctl, - "S,IPCS_shm_command", - "ipcs shm command interface"); + 0, 0, IPCS_shm_sysctl, + "S,IPCS_shm_command", + "ipcs shm command interface"); #endif /* SYSV_SHM */ /* DSEP Review Done pl-20051108-v02 @2743,@2908,@2913,@3009 */