X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/b0d623f7f2ae71ed96e60569f61f9a9a27016e80..490019cf9519204c5fb36b2fba54ceb983bb6b72:/bsd/kern/posix_shm.c diff --git a/bsd/kern/posix_shm.c b/bsd/kern/posix_shm.c index 985538e69..38faf2939 100644 --- a/bsd/kern/posix_shm.c +++ b/bsd/kern/posix_shm.c @@ -85,7 +85,7 @@ #include #define f_flag f_fglob->fg_flag -#define f_type f_fglob->fg_type +#define f_type f_fglob->fg_ops->fo_type #define f_msgcount f_fglob->fg_msgcount #define f_cred f_fglob->fg_cred #define f_ops f_fglob->fg_ops @@ -135,6 +135,10 @@ struct pshmcache { }; #define PSHMCACHE_NULL (struct pshmcache *)0 +#define PSHMCACHE_NOTFOUND (0) +#define PSHMCACHE_FOUND (-1) +#define PSHMCACHE_NEGATIVE (ENOENT) + struct pshmstats { long goodhits; /* hits that we can really use */ long neghits; /* negative hits that we can use */ @@ -178,22 +182,30 @@ static int pshm_write (struct fileproc *fp, struct uio *uio, static int pshm_ioctl (struct fileproc *fp, u_long com, caddr_t data, vfs_context_t ctx); static int pshm_select (struct fileproc *fp, int which, void *wql, vfs_context_t ctx); -static int pshm_close(struct pshmnode *pnode); +static int pshm_close(struct pshminfo *pinfo, int dropref); static int pshm_closefile (struct fileglob *fg, vfs_context_t ctx); static int pshm_kqfilter(struct fileproc *fp, struct knote *kn, vfs_context_t ctx); int pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, proc_t p); +int pshm_cache_purge_all(proc_t p); + static int pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *pcp); static void pshm_cache_delete(struct pshmcache *pcp); -#if NOT_USED -static void pshm_cache_purge(void); -#endif /* NOT_USED */ static int pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp, - struct pshmcache **pcache); - -struct fileops pshmops = - { pshm_read, pshm_write, pshm_ioctl, pshm_select, pshm_closefile, pshm_kqfilter, 0 }; + struct pshmcache **pcache, int addref); +static int pshm_unlink_internal(struct pshminfo *pinfo, struct pshmcache *pcache); + +static const struct fileops pshmops = { + DTYPE_PSXSHM, + pshm_read, + pshm_write, + pshm_ioctl, + pshm_select, + pshm_closefile, + pshm_kqfilter, + 0 +}; static lck_grp_t *psx_shm_subsys_lck_grp; static lck_grp_attr_t *psx_shm_subsys_lck_grp_attr; @@ -202,6 +214,7 @@ static lck_mtx_t psx_shm_subsys_mutex; #define PSHM_SUBSYS_LOCK() lck_mtx_lock(& psx_shm_subsys_mutex) #define PSHM_SUBSYS_UNLOCK() lck_mtx_unlock(& psx_shm_subsys_mutex) +#define PSHM_SUBSYS_ASSERT_HELD() lck_mtx_assert(&psx_shm_subsys_mutex, LCK_MTX_ASSERT_OWNED) /* Initialize the mutex governing access to the posix shm subsystem */ @@ -229,14 +242,14 @@ pshm_lock_init( void ) static int pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp, - struct pshmcache **pcache) + struct pshmcache **pcache, int addref) { struct pshmcache *pcp, *nnp; struct pshmhashhead *pcpp; if (pnp->pshm_namelen > PSHMNAMLEN) { pshmstats.longnames++; - return (0); + return PSHMCACHE_NOTFOUND; } pcpp = PSHMHASH(pnp); @@ -249,7 +262,7 @@ pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp, if (pcp == 0) { pshmstats.miss++; - return (0); + return PSHMCACHE_NOTFOUND; } /* We found a "positive" match, return the vnode */ @@ -258,15 +271,16 @@ pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp, /* TOUCH(ncp); */ *pshmp = pcp->pshminfo; *pcache = pcp; - return (-1); + if (addref) + pcp->pshminfo->pshm_usecount++; + return PSHMCACHE_FOUND; } /* * We found a "negative" match, ENOENT notifies client of this match. - * The nc_vpid field records whether this is a whiteout. */ pshmstats.neghits++; - return (ENOENT); + return PSHMCACHE_NEGATIVE; } /* @@ -287,16 +301,13 @@ pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *p /* if the entry has already been added by some one else return */ - if (pshm_cache_search(&dpinfo, pnp, &dpcp) == -1) { - return(EEXIST); + if (pshm_cache_search(&dpinfo, pnp, &dpcp, 0) == PSHMCACHE_FOUND) { + return EEXIST; } pshmnument++; /* * Fill in cache info, if vp is NULL this is a "negative" cache entry. - * For negative entries, we have to record whether it is a whiteout. - * the whiteout flag is stored in the nc_vpid field which is - * otherwise unused. */ pcp->pshminfo = pshmp; pcp->pshm_nlen = pnp->pshm_namelen; @@ -312,7 +323,7 @@ pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *p } #endif LIST_INSERT_HEAD(pcpp, pcp, pshm_hash); - return(0); + return 0; } /* @@ -324,27 +335,44 @@ pshm_cache_init(void) pshmhashtbl = hashinit(desiredvnodes / 8, M_SHM, &pshmhash); } -#if NOT_USED /* - * Invalidate a all entries to particular vnode. - * + * Invalidate all entries and delete all objects associated with it. Entire + * non Kernel entries are going away. Just dump'em all + * * We actually just increment the v_id, that will do it. The entries will * be purged by lookup as they get found. If the v_id wraps around, we * need to ditch the entire cache, to avoid confusion. No valid vnode will * ever have (v_id == 0). */ -static void -pshm_cache_purge(void) +int +pshm_cache_purge_all(__unused proc_t p) { - struct pshmcache *pcp; + struct pshmcache *pcp, *tmppcp; struct pshmhashhead *pcpp; + int error = 0; + + if (kauth_cred_issuser(kauth_cred_get()) == 0) + return EPERM; + PSHM_SUBSYS_LOCK(); for (pcpp = &pshmhashtbl[pshmhash]; pcpp >= pshmhashtbl; pcpp--) { - while ( (pcp = pcpp->lh_first) ) - pshm_cache_delete(pcp); + LIST_FOREACH_SAFE(pcp, pcpp, pshm_hash, tmppcp) { + assert(pcp->pshm_nlen); + error = pshm_unlink_internal(pcp->pshminfo, pcp); + if (error) + goto out; + } } + assert(pshmnument == 0); + +out: + PSHM_SUBSYS_UNLOCK(); + + if (error) + printf("%s: Error %d removing shm cache: %ld remain!\n", + __func__, error, pshmnument); + return error; } -#endif /* NOT_USED */ static void pshm_cache_delete(struct pshmcache *pcp) @@ -438,6 +466,14 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval) if (error) goto bad; + cmode &= ALLPERMS; + + fmode = FFLAGS(uap->oflag); + if ((fmode & (FREAD | FWRITE)) == 0) { + error = EINVAL; + goto bad; + } + /* * We allocate a new entry if we are less than the maximum * allowed and the one at the front of the LRU list is in use. @@ -466,27 +502,42 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval) PSHM_SUBSYS_LOCK(); - error = pshm_cache_search(&pinfo, &nd, &pcache); + /* + * If we find the entry in the cache, this will take a reference, + * allowing us to unlock it for the permissions check. + */ + error = pshm_cache_search(&pinfo, &nd, &pcache, 1); - if (error == ENOENT) { - error = EINVAL; - goto bad_locked; + PSHM_SUBSYS_UNLOCK(); - } - if (!error) { - incache = 0; - } else - incache = 1; - fmode = FFLAGS(uap->oflag); - if ((fmode & (FREAD | FWRITE))==0) { + if (error == PSHMCACHE_NEGATIVE) { error = EINVAL; - goto bad_locked; + goto bad; } - cmode &= ALLPERMS; - - if (fmode & O_CREAT) { - if (incache) { + if (error == PSHMCACHE_NOTFOUND) { + incache = 0; + if (fmode & O_CREAT) { + /* create a new one (commit the allocation) */ + pinfo = new_pinfo; + pinfo->pshm_flags = PSHM_DEFINED | PSHM_INCREATE; + pinfo->pshm_usecount = 1; /* existence reference */ + pinfo->pshm_mode = cmode; + pinfo->pshm_uid = kauth_getuid(); + pinfo->pshm_gid = kauth_getgid(); + bcopy(pnbuf, &pinfo->pshm_name[0], pathlen); + pinfo->pshm_name[pathlen]=0; +#if CONFIG_MACF + error = mac_posixshm_check_create(kauth_cred_get(), nameptr); + if (error) { + goto bad; + } + mac_posixshm_label_associate(kauth_cred_get(), pinfo, nameptr); +#endif + } + } else { + incache = 1; + if (fmode & O_CREAT) { /* already exists */ if ((fmode & O_EXCL)) { AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, @@ -495,65 +546,53 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval) /* shm obj exists and opened O_EXCL */ error = EEXIST; - goto bad_locked; + goto bad; } if( pinfo->pshm_flags & PSHM_INDELETE) { error = ENOENT; - goto bad_locked; + goto bad; } AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, pinfo->pshm_gid, pinfo->pshm_mode); #if CONFIG_MACF - if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo))) { - goto bad_locked; + if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) { + goto bad; } #endif if ( (error = pshm_access(pinfo, fmode, kauth_cred_get(), p)) ) { - goto bad_locked; - } - } else { - /* create a new one (commit the allocation) */ - pinfo = new_pinfo; - pinfo->pshm_flags = PSHM_DEFINED | PSHM_INCREATE; - pinfo->pshm_usecount = 1; /* existence reference */ - pinfo->pshm_mode = cmode; - pinfo->pshm_uid = kauth_cred_getuid(kauth_cred_get()); - pinfo->pshm_gid = kauth_cred_get()->cr_gid; - bcopy(pnbuf, &pinfo->pshm_name[0], PSHMNAMLEN); - pinfo->pshm_name[PSHMNAMLEN]=0; -#if CONFIG_MACF - error = mac_posixshm_check_create(kauth_cred_get(), nameptr); - if (error) { - goto bad_locked; + goto bad; } - mac_posixshm_label_associate(kauth_cred_get(), pinfo, nameptr); -#endif } - } else { + } + if (!(fmode & O_CREAT)) { if (!incache) { /* O_CREAT is not set and the object does not exist */ error = ENOENT; - goto bad_locked; + goto bad; } if( pinfo->pshm_flags & PSHM_INDELETE) { error = ENOENT; - goto bad_locked; + goto bad; } #if CONFIG_MACF - if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo))) { - goto bad_locked; + if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) { + goto bad; } #endif if ((error = pshm_access(pinfo, fmode, kauth_cred_get(), p))) { - goto bad_locked; + goto bad; } } if (fmode & O_TRUNC) { error = EINVAL; - goto bad_locked; + goto bad; } + + + PSHM_SUBSYS_LOCK(); + #if DIAGNOSTIC if (fmode & FWRITE) pinfo->pshm_writecount++; @@ -565,9 +604,13 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval) if ( (error = pshm_cache_add(pinfo, &nd, pcp)) ) { goto bad_locked; } + /* + * add reference for the new entry; otherwise, we obtained + * one from the cache hit earlier. + */ + pinfo->pshm_usecount++; } pinfo->pshm_flags &= ~PSHM_INCREATE; - pinfo->pshm_usecount++; /* extra reference for the new fd */ new_pnode->pinfo = pinfo; PSHM_SUBSYS_UNLOCK(); @@ -589,7 +632,6 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval) proc_fdlock(p); fp->f_flag = fmode & FMASK; - fp->f_type = DTYPE_PSXSHM; fp->f_ops = &pshmops; fp->f_data = (caddr_t)new_pnode; *fdflags(p, indx) |= UF_EXCLOSE; @@ -604,6 +646,17 @@ shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval) bad_locked: PSHM_SUBSYS_UNLOCK(); bad: + /* + * If we obtained the entry from the cache, we need to drop the + * reference; holding the reference may have prevented unlinking, + * so we need to call pshm_close() to get the full effect. + */ + if (incache) { + PSHM_SUBSYS_LOCK(); + pshm_close(pinfo, 1); + PSHM_SUBSYS_UNLOCK(); + } + if (pcp != NULL) FREE(pcp, M_SHM); @@ -633,12 +686,16 @@ pshm_truncate(__unused proc_t p, struct fileproc *fp, __unused int fd, struct pshmnode * pnode ; kern_return_t kret; mem_entry_name_port_t mem_object; - mach_vm_size_t size, total_size, alloc_size; + mach_vm_size_t total_size, alloc_size; + memory_object_size_t mosize; struct pshmobj *pshmobj, *pshmobj_next, **pshmobj_next_p; + vm_map_t user_map; #if CONFIG_MACF int error; #endif + user_map = current_map(); + if (fp->f_type != DTYPE_PSXSHM) { return(EINVAL); } @@ -658,7 +715,7 @@ pshm_truncate(__unused proc_t p, struct fileproc *fp, __unused int fd, return(EINVAL); } #if CONFIG_MACF - error = mac_posixshm_check_truncate(kauth_cred_get(), pinfo, size); + error = mac_posixshm_check_truncate(kauth_cred_get(), pinfo, length); if (error) { PSHM_SUBSYS_UNLOCK(); return(error); @@ -666,19 +723,20 @@ pshm_truncate(__unused proc_t p, struct fileproc *fp, __unused int fd, #endif pinfo->pshm_flags |= PSHM_ALLOCATING; - total_size = round_page_64(length); + total_size = vm_map_round_page(length, + vm_map_page_mask(user_map)); pshmobj_next_p = &pinfo->pshm_memobjects; for (alloc_size = 0; alloc_size < total_size; - alloc_size += size) { + alloc_size += mosize) { PSHM_SUBSYS_UNLOCK(); - size = MIN(total_size - alloc_size, ANON_MAX_SIZE); + mosize = MIN(total_size - alloc_size, ANON_MAX_SIZE); kret = mach_make_memory_entry_64( VM_MAP_NULL, - &size, + &mosize, 0, MAP_MEM_NAMED_CREATE | VM_PROT_DEFAULT, &mem_object, @@ -699,14 +757,15 @@ pshm_truncate(__unused proc_t p, struct fileproc *fp, __unused int fd, PSHM_SUBSYS_LOCK(); pshmobj->pshmo_memobject = (void *) mem_object; - pshmobj->pshmo_size = size; + pshmobj->pshmo_size = mosize; pshmobj->pshmo_next = NULL; *pshmobj_next_p = pshmobj; pshmobj_next_p = &pshmobj->pshmo_next; } - pinfo->pshm_flags = PSHM_ALLOCATED; + pinfo->pshm_flags |= PSHM_ALLOCATED; + pinfo->pshm_flags &= ~(PSHM_ALLOCATING); pinfo->pshm_length = total_size; PSHM_SUBSYS_UNLOCK(); return(0); @@ -787,48 +846,23 @@ pshm_stat(struct pshmnode *pnode, void *ub, int isstat64) int pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, __unused proc_t p) { - mode_t mask; - int is_member; + int mode_req = ((mode & FREAD) ? S_IRUSR : 0) | + ((mode & FWRITE) ? S_IWUSR : 0); /* Otherwise, user id 0 always gets access. */ if (!suser(cred, NULL)) return (0); - mask = 0; - - /* Otherwise, check the owner. */ - if (kauth_cred_getuid(cred) == pinfo->pshm_uid) { - if (mode & FREAD) - mask |= S_IRUSR; - if (mode & FWRITE) - mask |= S_IWUSR; - return ((pinfo->pshm_mode & mask) == mask ? 0 : EACCES); - } - - /* Otherwise, check the groups. */ - if (kauth_cred_ismember_gid(cred, pinfo->pshm_gid, &is_member) == 0 && is_member) { - if (mode & FREAD) - mask |= S_IRGRP; - if (mode & FWRITE) - mask |= S_IWGRP; - return ((pinfo->pshm_mode & mask) == mask ? 0 : EACCES); - } - - /* Otherwise, check everyone else. */ - if (mode & FREAD) - mask |= S_IROTH; - if (mode & FWRITE) - mask |= S_IWOTH; - return ((pinfo->pshm_mode & mask) == mask ? 0 : EACCES); + return(posix_cred_access(cred, pinfo->pshm_uid, pinfo->pshm_gid, pinfo->pshm_mode, mode_req)); } int pshm_mmap(__unused proc_t p, struct mmap_args *uap, user_addr_t *retval, struct fileproc *fp, off_t pageoff) { - mach_vm_offset_t user_addr = (mach_vm_offset_t)uap->addr; - mach_vm_size_t user_size = (mach_vm_size_t)uap->len ; - mach_vm_offset_t user_start_addr; - mach_vm_size_t map_size, mapped_size; + vm_map_offset_t user_addr = (vm_map_offset_t)uap->addr; + vm_map_size_t user_size = (vm_map_size_t)uap->len ; + vm_map_offset_t user_start_addr; + vm_map_size_t map_size, mapped_size; int prot = uap->prot; int flags = uap->flags; vm_object_offset_t file_pos = (vm_object_offset_t)uap->pos; @@ -894,9 +928,11 @@ pshm_mmap(__unused proc_t p, struct mmap_args *uap, user_addr_t *retval, struct if ((flags & MAP_FIXED) == 0) { alloc_flags = VM_FLAGS_ANYWHERE; - user_addr = mach_vm_round_page(user_addr); + user_addr = vm_map_round_page(user_addr, + vm_map_page_mask(user_map)); } else { - if (user_addr != mach_vm_trunc_page(user_addr)) + if (user_addr != vm_map_round_page(user_addr, + vm_map_page_mask(user_map))) return (EINVAL); /* * We do not get rid of the existing mappings here because @@ -992,24 +1028,72 @@ out: } +static int +pshm_unlink_internal(struct pshminfo *pinfo, struct pshmcache *pcache) +{ + struct pshmobj *pshmobj, *pshmobj_next; + + PSHM_SUBSYS_ASSERT_HELD(); + + if (!pinfo || !pcache) + return EINVAL; + + if ((pinfo->pshm_flags & (PSHM_DEFINED | PSHM_ALLOCATED)) == 0) + return EINVAL; + + if (pinfo->pshm_flags & PSHM_INDELETE) + return 0; + + pinfo->pshm_flags |= PSHM_INDELETE; + pinfo->pshm_usecount--; + + pshm_cache_delete(pcache); + pinfo->pshm_flags |= PSHM_REMOVED; + + /* release the existence reference */ + if (!pinfo->pshm_usecount) { +#if CONFIG_MACF + mac_posixshm_label_destroy(pinfo); +#endif + /* + * If this is the last reference going away on the object, + * then we need to destroy the backing object. The name + * has an implied but uncounted reference on the object, + * once it's created, since it's used as a rendezvous, and + * therefore may be subsequently reopened. + */ + for (pshmobj = pinfo->pshm_memobjects; + pshmobj != NULL; + pshmobj = pshmobj_next) { + mach_memory_entry_port_release(pshmobj->pshmo_memobject); + pshmobj_next = pshmobj->pshmo_next; + FREE(pshmobj, M_SHM); + } + FREE(pinfo,M_SHM); + } + + FREE(pcache, M_SHM); + + return 0; +} + int -shm_unlink(__unused proc_t p, struct shm_unlink_args *uap, - __unused int32_t *retval) +shm_unlink(proc_t p, struct shm_unlink_args *uap, __unused int32_t *retval) { size_t i; - int error=0; + char * pnbuf; + size_t pathlen; + int error = 0; + struct pshmname nd; struct pshminfo *pinfo; - char * pnbuf; char * nameptr; char * cp; - size_t pathlen, plen; - int incache = 0; struct pshmcache *pcache = PSHMCACHE_NULL; - struct pshmobj *pshmobj, *pshmobj_next; pinfo = PSHMINFO_NULL; + MALLOC_ZONE(pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK); if (pnbuf == NULL) { return(ENOSPC); /* XXX non-standard */ @@ -1025,12 +1109,12 @@ shm_unlink(__unused proc_t p, struct shm_unlink_args *uap, goto bad; } + nameptr = pnbuf; #ifdef PSXSHM_NAME_RESTRICT - nameptr = pnbuf; if (*nameptr == '/') { while (*(nameptr++) == '/') { - plen--; + pathlen--; error = EINVAL; goto bad; } @@ -1040,31 +1124,24 @@ shm_unlink(__unused proc_t p, struct shm_unlink_args *uap, } #endif /* PSXSHM_NAME_RESTRICT */ - plen = pathlen; - nameptr = pnbuf; nd.pshm_nameptr = nameptr; - nd.pshm_namelen = plen; - nd. pshm_hash =0; + nd.pshm_namelen = pathlen; + nd.pshm_hash = 0; - for (cp = nameptr, i=1; *cp != 0 && i <= plen; i++, cp++) { + for (cp = nameptr, i=1; *cp != 0 && i <= pathlen; i++, cp++) { nd.pshm_hash += (unsigned char)*cp * i; } PSHM_SUBSYS_LOCK(); - error = pshm_cache_search(&pinfo, &nd, &pcache); + error = pshm_cache_search(&pinfo, &nd, &pcache, 0); - if (error == ENOENT) { + /* During unlink lookup failure also implies ENOENT */ + if (error != PSHMCACHE_FOUND) { PSHM_SUBSYS_UNLOCK(); - error = EINVAL; + error = ENOENT; goto bad; } - if (!error) { - PSHM_SUBSYS_UNLOCK(); - error = EINVAL; - goto bad; - } else - incache = 1; if ((pinfo->pshm_flags & (PSHM_DEFINED | PSHM_ALLOCATED))==0) { PSHM_SUBSYS_UNLOCK(); @@ -1084,6 +1161,7 @@ shm_unlink(__unused proc_t p, struct shm_unlink_args *uap, error = 0; goto bad; } + #if CONFIG_MACF error = mac_posixshm_check_unlink(kauth_cred_get(), pinfo, nameptr); if (error) { @@ -1095,53 +1173,35 @@ shm_unlink(__unused proc_t p, struct shm_unlink_args *uap, AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, pinfo->pshm_gid, pinfo->pshm_mode); - /* - * JMM - How should permissions be checked? + /* + * following file semantics, unlink should be allowed + * for users with write permission only. */ - - pinfo->pshm_flags |= PSHM_INDELETE; - pshm_cache_delete(pcache); - pinfo->pshm_flags |= PSHM_REMOVED; - /* release the existence reference */ - if (!--pinfo->pshm_usecount) { - PSHM_SUBSYS_UNLOCK(); - /* - * If this is the last reference going away on the object, - * then we need to destroy the backing object. The name - * has an implied but uncounted reference on the object, - * once it's created, since it's used as a rendezvous, and - * therefore may be subsequently reopened. - */ - for (pshmobj = pinfo->pshm_memobjects; - pshmobj != NULL; - pshmobj = pshmobj_next) { - mach_memory_entry_port_release(pshmobj->pshmo_memobject); - pshmobj_next = pshmobj->pshmo_next; - FREE(pshmobj, M_SHM); - } - FREE(pinfo,M_SHM); - } else { + if ( (error = pshm_access(pinfo, FWRITE, kauth_cred_get(), p)) ) { PSHM_SUBSYS_UNLOCK(); + goto bad; } - FREE(pcache, M_SHM); - error = 0; + + error = pshm_unlink_internal(pinfo, pcache); + PSHM_SUBSYS_UNLOCK(); + bad: FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI); - return (error); + return error; } /* already called locked */ static int -pshm_close(struct pshmnode *pnode) +pshm_close(struct pshminfo *pinfo, int dropref) { - int error=0; - struct pshminfo *pinfo; + int error = 0; struct pshmobj *pshmobj, *pshmobj_next; - if ((pinfo = pnode->pinfo) == PSHMINFO_NULL) - return(EINVAL); - - if ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED) { + /* + * If we are dropping the reference we took on the cache object, don't + * enforce the allocation requirement. + */ + if ( !dropref && ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED)) { return(EINVAL); } #if DIAGNOSTIC @@ -1170,7 +1230,6 @@ pshm_close(struct pshmnode *pnode) PSHM_SUBSYS_LOCK(); FREE(pinfo,M_SHM); } - FREE(pnode, M_SHM); return (error); } @@ -1178,11 +1237,20 @@ pshm_close(struct pshmnode *pnode) static int pshm_closefile(struct fileglob *fg, __unused vfs_context_t ctx) { - int error; + int error = EINVAL; + struct pshmnode *pnode; PSHM_SUBSYS_LOCK(); - error = pshm_close(((struct pshmnode *)fg->fg_data)); + + if ((pnode = (struct pshmnode *)fg->fg_data) != NULL) { + if (pnode->pinfo != PSHMINFO_NULL) { + error = pshm_close(pnode->pinfo, 0); + } + FREE(pnode, M_SHM); + } + PSHM_SUBSYS_UNLOCK(); + return(error); }