Deleted Added
sdiff udiff text old ( 80670 ) new ( 82607 )
full compact
1/* $FreeBSD: head/sys/kern/sysv_msg.c 80670 2001-07-30 19:28:02Z asmodai $ */
1/* $FreeBSD: head/sys/kern/sysv_msg.c 82607 2001-08-31 00:02:18Z dillon $ */
2
3/*
4 * Implementation of SVID messages
5 *
6 * Author: Daniel Boulet
7 *
8 * Copyright 1993 Daniel Boulet and RTMX Inc.
9 *
10 * This system call was implemented by Daniel Boulet under contract from RTMX.
11 *
12 * Redistribution and use in source forms, with and without modification,
13 * are permitted provided that this entire comment appears intact.
14 *
15 * Redistribution in binary form may occur without any restrictions.
16 * Obviously, it would be nice if you gave credit where credit is due
17 * but requiring it would be too onerous.
18 *
19 * This software is provided ``AS IS'' without any warranties of any kind.
20 */
21
22#include "opt_sysvipc.h"
23
24#include <sys/param.h>
25#include <sys/systm.h>
26#include <sys/sysproto.h>
27#include <sys/kernel.h>
28#include <sys/proc.h>
29#include <sys/lock.h>
30#include <sys/mutex.h>
31#include <sys/msg.h>
32#include <sys/syscall.h>
33#include <sys/sysent.h>
34#include <sys/sysctl.h>
35#include <sys/malloc.h>
36#include <sys/jail.h>
37
38static MALLOC_DEFINE(M_MSG, "msg", "SVID compatible message queues");
39
40static void msginit __P((void));
41static int msgunload __P((void));
42static int sysvmsg_modload __P((struct module *, int, void *));
43
44#define MSG_DEBUG
45#undef MSG_DEBUG_OK
46
47static void msg_freehdr __P((struct msg *msghdr));
48
49/* XXX casting to (sy_call_t *) is bogus, as usual. */
50static sy_call_t *msgcalls[] = {
51 (sy_call_t *)msgctl, (sy_call_t *)msgget,
52 (sy_call_t *)msgsnd, (sy_call_t *)msgrcv
53};
54
55struct msg {
56 struct msg *msg_next; /* next msg in the chain */
57 long msg_type; /* type of this message */
58 /* >0 -> type of this message */
59 /* 0 -> free header */
60 u_short msg_ts; /* size of this message */
61 short msg_spot; /* location of start of msg in buffer */
62};
63
64
65#ifndef MSGSSZ
66#define MSGSSZ 8 /* Each segment must be 2^N long */
67#endif
68#ifndef MSGSEG
69#define MSGSEG 2048 /* must be less than 32767 */
70#endif
71#define MSGMAX (MSGSSZ*MSGSEG)
72#ifndef MSGMNB
73#define MSGMNB 2048 /* max # of bytes in a queue */
74#endif
75#ifndef MSGMNI
76#define MSGMNI 40
77#endif
78#ifndef MSGTQL
79#define MSGTQL 40
80#endif
81
82/*
83 * Based on the configuration parameters described in an SVR2 (yes, two)
84 * config(1m) man page.
85 *
86 * Each message is broken up and stored in segments that are msgssz bytes
87 * long. For efficiency reasons, this should be a power of two. Also,
88 * it doesn't make sense if it is less than 8 or greater than about 256.
89 * Consequently, msginit in kern/sysv_msg.c checks that msgssz is a power of
90 * two between 8 and 1024 inclusive (and panic's if it isn't).
91 */
92struct msginfo msginfo = {
93 MSGMAX, /* max chars in a message */
94 MSGMNI, /* # of message queue identifiers */
95 MSGMNB, /* max chars in a queue */
96 MSGTQL, /* max messages in system */
97 MSGSSZ, /* size of a message segment */
98 /* (must be small power of 2 greater than 4) */
99 MSGSEG /* number of message segments */
100};
101
102/*
103 * macros to convert between msqid_ds's and msqid's.
104 * (specific to this implementation)
105 */
106#define MSQID(ix,ds) ((ix) & 0xffff | (((ds).msg_perm.seq << 16) & 0xffff0000))
107#define MSQID_IX(id) ((id) & 0xffff)
108#define MSQID_SEQ(id) (((id) >> 16) & 0xffff)
109
110/*
111 * The rest of this file is specific to this particular implementation.
112 */
113
114struct msgmap {
115 short next; /* next segment in buffer */
116 /* -1 -> available */
117 /* 0..(MSGSEG-1) -> index of next segment */
118};
119
120#define MSG_LOCKED 01000 /* Is this msqid_ds locked? */
121
122static int nfree_msgmaps; /* # of free map entries */
123static short free_msgmaps; /* head of linked list of free map entries */
124static struct msg *free_msghdrs;/* list of free msg headers */
125static char *msgpool; /* MSGMAX byte long msg buffer pool */
126static struct msgmap *msgmaps; /* MSGSEG msgmap structures */
127static struct msg *msghdrs; /* MSGTQL msg headers */
128static struct msqid_ds *msqids; /* MSGMNI msqid_ds struct's */
129
130static void
131msginit()
132{
133 register int i;
134
135 msgpool = malloc(msginfo.msgmax, M_MSG, M_WAITOK);
136 if (msgpool == NULL)
137 panic("msgpool is NULL");
138 msgmaps = malloc(sizeof(struct msgmap) * msginfo.msgseg, M_MSG, M_WAITOK);
139 if (msgmaps == NULL)
140 panic("msgmaps is NULL");
141 msghdrs = malloc(sizeof(struct msg) * msginfo.msgtql, M_MSG, M_WAITOK);
142 if (msghdrs == NULL)
143 panic("msghdrs is NULL");
144 msqids = malloc(sizeof(struct msqid_ds) * msginfo.msgmni, M_MSG, M_WAITOK);
145 if (msqids == NULL)
146 panic("msqids is NULL");
147
148 /*
149 * msginfo.msgssz should be a power of two for efficiency reasons.
150 * It is also pretty silly if msginfo.msgssz is less than 8
151 * or greater than about 256 so ...
152 */
153
154 i = 8;
155 while (i < 1024 && i != msginfo.msgssz)
156 i <<= 1;
157 if (i != msginfo.msgssz) {
158 printf("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz,
159 msginfo.msgssz);
160 panic("msginfo.msgssz not a small power of 2");
161 }
162
163 if (msginfo.msgseg > 32767) {
164 printf("msginfo.msgseg=%d\n", msginfo.msgseg);
165 panic("msginfo.msgseg > 32767");
166 }
167
168 if (msgmaps == NULL)
169 panic("msgmaps is NULL");
170
171 for (i = 0; i < msginfo.msgseg; i++) {
172 if (i > 0)
173 msgmaps[i-1].next = i;
174 msgmaps[i].next = -1; /* implies entry is available */
175 }
176 free_msgmaps = 0;
177 nfree_msgmaps = msginfo.msgseg;
178
179 if (msghdrs == NULL)
180 panic("msghdrs is NULL");
181
182 for (i = 0; i < msginfo.msgtql; i++) {
183 msghdrs[i].msg_type = 0;
184 if (i > 0)
185 msghdrs[i-1].msg_next = &msghdrs[i];
186 msghdrs[i].msg_next = NULL;
187 }
188 free_msghdrs = &msghdrs[0];
189
190 if (msqids == NULL)
191 panic("msqids is NULL");
192
193 for (i = 0; i < msginfo.msgmni; i++) {
194 msqids[i].msg_qbytes = 0; /* implies entry is available */
195 msqids[i].msg_perm.seq = 0; /* reset to a known value */
196 msqids[i].msg_perm.mode = 0;
197 }
198}
199
200static int
201msgunload()
202{
203 struct msqid_ds *msqptr;
204 int msqid;
205
206 for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
207 /*
208 * Look for an unallocated and unlocked msqid_ds.
209 * msqid_ds's can be locked by msgsnd or msgrcv while
210 * they are copying the message in/out. We can't
211 * re-use the entry until they release it.
212 */
213 msqptr = &msqids[msqid];
214 if (msqptr->msg_qbytes != 0 ||
215 (msqptr->msg_perm.mode & MSG_LOCKED) != 0)
216 break;
217 }
218 if (msqid != msginfo.msgmni)
219 return (EBUSY);
220
221 free(msgpool, M_MSG);
222 free(msgmaps, M_MSG);
223 free(msghdrs, M_MSG);
224 free(msqids, M_MSG);
225 return (0);
226}
227
228
229static int
230sysvmsg_modload(struct module *module, int cmd, void *arg)
231{
232 int error = 0;
233
234 switch (cmd) {
235 case MOD_LOAD:
236 msginit();
237 break;
238 case MOD_UNLOAD:
239 error = msgunload();
240 break;
241 case MOD_SHUTDOWN:
242 break;
243 default:
244 error = EINVAL;
245 break;
246 }
247 return (error);
248}
249
250static moduledata_t sysvmsg_mod = {
251 "sysvmsg",
252 &sysvmsg_modload,
253 NULL
254};
255
256SYSCALL_MODULE_HELPER(msgsys, 6);
257SYSCALL_MODULE_HELPER(msgctl, 3);
258SYSCALL_MODULE_HELPER(msgget, 2);
259SYSCALL_MODULE_HELPER(msgsnd, 4);
260SYSCALL_MODULE_HELPER(msgrcv, 5);
261
262DECLARE_MODULE(sysvmsg, sysvmsg_mod,
263 SI_SUB_SYSV_MSG, SI_ORDER_FIRST);
264MODULE_VERSION(sysvmsg, 1);
265
266/*
267 * Entry point for all MSG calls
268 *
269 * MPSAFE
270 */
271int
272msgsys(p, uap)
273 struct proc *p;
274 /* XXX actually varargs. */
275 struct msgsys_args /* {
276 u_int which;
277 int a2;
278 int a3;
279 int a4;
280 int a5;
281 int a6;
282 } */ *uap;
283{
284 int error;
285
281 if (!jail_sysvipc_allowed && jailed(p->p_ucred))
282 return (ENOSYS);
286 mtx_lock(&Giant);
287
284 if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0]))
285 return (EINVAL);
286 return ((*msgcalls[uap->which])(p, &uap->a2));
288 if (!jail_sysvipc_allowed && jailed(p->p_ucred)) {
289 error = ENOSYS;
290 goto done2;
291 }
292 if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0])) {
293 error = EINVAL;
294 goto done2;
295 }
296 error = (*msgcalls[uap->which])(p, &uap->a2);
297done2:
298 mtx_unlock(&Giant);
299 return (error);
300}
301
302static void
303msg_freehdr(msghdr)
304 struct msg *msghdr;
305{
306 while (msghdr->msg_ts > 0) {
307 short next;
308 if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg)
309 panic("msghdr->msg_spot out of range");
310 next = msgmaps[msghdr->msg_spot].next;
311 msgmaps[msghdr->msg_spot].next = free_msgmaps;
312 free_msgmaps = msghdr->msg_spot;
313 nfree_msgmaps++;
314 msghdr->msg_spot = next;
315 if (msghdr->msg_ts >= msginfo.msgssz)
316 msghdr->msg_ts -= msginfo.msgssz;
317 else
318 msghdr->msg_ts = 0;
319 }
320 if (msghdr->msg_spot != -1)
321 panic("msghdr->msg_spot != -1");
322 msghdr->msg_next = free_msghdrs;
323 free_msghdrs = msghdr;
324}
325
326#ifndef _SYS_SYSPROTO_H_
327struct msgctl_args {
328 int msqid;
329 int cmd;
330 struct msqid_ds *buf;
331};
332#endif
333
334/*
335 * MPSAFE
336 */
337int
338msgctl(p, uap)
339 struct proc *p;
340 register struct msgctl_args *uap;
341{
342 int msqid = uap->msqid;
343 int cmd = uap->cmd;
344 struct msqid_ds *user_msqptr = uap->buf;
329 int rval, eval;
345 int rval, error;
346 struct msqid_ds msqbuf;
347 register struct msqid_ds *msqptr;
348
349#ifdef MSG_DEBUG_OK
350 printf("call to msgctl(%d, %d, 0x%x)\n", msqid, cmd, user_msqptr);
351#endif
352 mtx_lock(&Giant);
353
337 if (!jail_sysvipc_allowed && jailed(p->p_ucred))
338 return (ENOSYS);
354 if (!jail_sysvipc_allowed && jailed(p->p_ucred)) {
355 error = ENOSYS;
356 goto done2;
357 }
358
359 msqid = IPCID_TO_IX(msqid);
360
361 if (msqid < 0 || msqid >= msginfo.msgmni) {
362#ifdef MSG_DEBUG_OK
363 printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
364 msginfo.msgmni);
365#endif
347 return(EINVAL);
366 error = EINVAL;
367 goto done2;
368 }
369
370 msqptr = &msqids[msqid];
371
372 if (msqptr->msg_qbytes == 0) {
373#ifdef MSG_DEBUG_OK
374 printf("no such msqid\n");
375#endif
356 return(EINVAL);
376 error = EINVAL;
377 goto done2;
378 }
379 if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
380#ifdef MSG_DEBUG_OK
381 printf("wrong sequence number\n");
382#endif
362 return(EINVAL);
383 error = EINVAL;
384 goto done2;
385 }
386
365 eval = 0;
387 error = 0;
388 rval = 0;
389
390 switch (cmd) {
391
392 case IPC_RMID:
393 {
394 struct msg *msghdr;
373 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_M)))
374 return(eval);
395 if ((error = ipcperm(p, &msqptr->msg_perm, IPC_M)))
396 goto done2;
397 /* Free the message headers */
398 msghdr = msqptr->msg_first;
399 while (msghdr != NULL) {
400 struct msg *msghdr_tmp;
401
402 /* Free the segments of each message */
403 msqptr->msg_cbytes -= msghdr->msg_ts;
404 msqptr->msg_qnum--;
405 msghdr_tmp = msghdr;
406 msghdr = msghdr->msg_next;
407 msg_freehdr(msghdr_tmp);
408 }
409
410 if (msqptr->msg_cbytes != 0)
411 panic("msg_cbytes is screwed up");
412 if (msqptr->msg_qnum != 0)
413 panic("msg_qnum is screwed up");
414
415 msqptr->msg_qbytes = 0; /* Mark it as free */
416
417 wakeup((caddr_t)msqptr);
418 }
419
420 break;
421
422 case IPC_SET:
401 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_M)))
402 return(eval);
403 if ((eval = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0)
404 return(eval);
423 if ((error = ipcperm(p, &msqptr->msg_perm, IPC_M)))
424 goto done2;
425 if ((error = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0)
426 goto done2;
427 if (msqbuf.msg_qbytes > msqptr->msg_qbytes) {
406 eval = suser(p);
407 if (eval)
408 return(eval);
428 error = suser(p);
429 if (error)
430 goto done2;
431 }
432 if (msqbuf.msg_qbytes > msginfo.msgmnb) {
433#ifdef MSG_DEBUG_OK
434 printf("can't increase msg_qbytes beyond %d (truncating)\n",
435 msginfo.msgmnb);
436#endif
437 msqbuf.msg_qbytes = msginfo.msgmnb; /* silently restrict qbytes to system limit */
438 }
439 if (msqbuf.msg_qbytes == 0) {
440#ifdef MSG_DEBUG_OK
441 printf("can't reduce msg_qbytes to 0\n");
442#endif
421 return(EINVAL); /* non-standard errno! */
443 error = EINVAL; /* non-standard errno! */
444 goto done2;
445 }
446 msqptr->msg_perm.uid = msqbuf.msg_perm.uid; /* change the owner */
447 msqptr->msg_perm.gid = msqbuf.msg_perm.gid; /* change the owner */
448 msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) |
449 (msqbuf.msg_perm.mode & 0777);
450 msqptr->msg_qbytes = msqbuf.msg_qbytes;
451 msqptr->msg_ctime = time_second;
452 break;
453
454 case IPC_STAT:
432 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_R))) {
455 if ((error = ipcperm(p, &msqptr->msg_perm, IPC_R))) {
456#ifdef MSG_DEBUG_OK
457 printf("requester doesn't have read access\n");
458#endif
436 return(eval);
459 goto done2;
460 }
438 eval = copyout((caddr_t)msqptr, user_msqptr,
461 error = copyout((caddr_t)msqptr, user_msqptr,
462 sizeof(struct msqid_ds));
463 break;
464
465 default:
466#ifdef MSG_DEBUG_OK
467 printf("invalid command %d\n", cmd);
468#endif
446 return(EINVAL);
469 error = EINVAL;
470 goto done2;
471 }
472
449 if (eval == 0)
473 if (error == 0)
474 p->p_retval[0] = rval;
451 return(eval);
475done2:
476 mtx_unlock(&Giant);
477 return(error);
478}
479
480#ifndef _SYS_SYSPROTO_H_
481struct msgget_args {
482 key_t key;
483 int msgflg;
484};
485#endif
486
487/*
488 * MPSAFE
489 */
490int
491msgget(p, uap)
492 struct proc *p;
493 register struct msgget_args *uap;
494{
466 int msqid, eval;
495 int msqid, error = 0;
496 int key = uap->key;
497 int msgflg = uap->msgflg;
498 struct ucred *cred = p->p_ucred;
499 register struct msqid_ds *msqptr = NULL;
500
501#ifdef MSG_DEBUG_OK
502 printf("msgget(0x%x, 0%o)\n", key, msgflg);
503#endif
504
476 if (!jail_sysvipc_allowed && jailed(p->p_ucred))
477 return (ENOSYS);
505 mtx_lock(&Giant);
506
507 if (!jail_sysvipc_allowed && jailed(p->p_ucred)) {
508 error = ENOSYS;
509 goto done2;
510 }
511
512 if (key != IPC_PRIVATE) {
513 for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
514 msqptr = &msqids[msqid];
515 if (msqptr->msg_qbytes != 0 &&
516 msqptr->msg_perm.key == key)
517 break;
518 }
519 if (msqid < msginfo.msgmni) {
520#ifdef MSG_DEBUG_OK
521 printf("found public key\n");
522#endif
523 if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) {
524#ifdef MSG_DEBUG_OK
525 printf("not exclusive\n");
526#endif
494 return(EEXIST);
527 error = EEXIST;
528 goto done2;
529 }
496 if ((eval = ipcperm(p, &msqptr->msg_perm, msgflg & 0700 ))) {
530 if ((error = ipcperm(p, &msqptr->msg_perm, msgflg & 0700 ))) {
531#ifdef MSG_DEBUG_OK
532 printf("requester doesn't have 0%o access\n",
533 msgflg & 0700);
534#endif
501 return(eval);
535 goto done2;
536 }
537 goto found;
538 }
539 }
540
541#ifdef MSG_DEBUG_OK
542 printf("need to allocate the msqid_ds\n");
543#endif
544 if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) {
545 for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
546 /*
547 * Look for an unallocated and unlocked msqid_ds.
548 * msqid_ds's can be locked by msgsnd or msgrcv while
549 * they are copying the message in/out. We can't
550 * re-use the entry until they release it.
551 */
552 msqptr = &msqids[msqid];
553 if (msqptr->msg_qbytes == 0 &&
554 (msqptr->msg_perm.mode & MSG_LOCKED) == 0)
555 break;
556 }
557 if (msqid == msginfo.msgmni) {
558#ifdef MSG_DEBUG_OK
559 printf("no more msqid_ds's available\n");
560#endif
527 return(ENOSPC);
561 error = ENOSPC;
562 goto done2;
563 }
564#ifdef MSG_DEBUG_OK
565 printf("msqid %d is available\n", msqid);
566#endif
567 msqptr->msg_perm.key = key;
568 msqptr->msg_perm.cuid = cred->cr_uid;
569 msqptr->msg_perm.uid = cred->cr_uid;
570 msqptr->msg_perm.cgid = cred->cr_gid;
571 msqptr->msg_perm.gid = cred->cr_gid;
572 msqptr->msg_perm.mode = (msgflg & 0777);
573 /* Make sure that the returned msqid is unique */
574 msqptr->msg_perm.seq++;
575 msqptr->msg_first = NULL;
576 msqptr->msg_last = NULL;
577 msqptr->msg_cbytes = 0;
578 msqptr->msg_qnum = 0;
579 msqptr->msg_qbytes = msginfo.msgmnb;
580 msqptr->msg_lspid = 0;
581 msqptr->msg_lrpid = 0;
582 msqptr->msg_stime = 0;
583 msqptr->msg_rtime = 0;
584 msqptr->msg_ctime = time_second;
585 } else {
586#ifdef MSG_DEBUG_OK
587 printf("didn't find it and wasn't asked to create it\n");
588#endif
554 return(ENOENT);
589 error = ENOENT;
590 goto done2;
591 }
592
593found:
594 /* Construct the unique msqid */
595 p->p_retval[0] = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm);
560 return(0);
596done2:
597 mtx_unlock(&Giant);
598 return (error);
599}
600
601#ifndef _SYS_SYSPROTO_H_
602struct msgsnd_args {
603 int msqid;
604 void *msgp;
605 size_t msgsz;
606 int msgflg;
607};
608#endif
609
610/*
611 * MPSAFE
612 */
613int
614msgsnd(p, uap)
615 struct proc *p;
616 register struct msgsnd_args *uap;
617{
618 int msqid = uap->msqid;
619 void *user_msgp = uap->msgp;
620 size_t msgsz = uap->msgsz;
621 int msgflg = uap->msgflg;
581 int segs_needed, eval;
622 int segs_needed, error = 0;
623 register struct msqid_ds *msqptr;
624 register struct msg *msghdr;
625 short next;
626
627#ifdef MSG_DEBUG_OK
628 printf("call to msgsnd(%d, 0x%x, %d, %d)\n", msqid, user_msgp, msgsz,
629 msgflg);
630#endif
631 mtx_lock(&Giant);
632
591 if (!jail_sysvipc_allowed && jailed(p->p_ucred))
592 return (ENOSYS);
633 if (!jail_sysvipc_allowed && jailed(p->p_ucred)) {
634 error = ENOSYS;
635 goto done2;
636 }
637
638 msqid = IPCID_TO_IX(msqid);
639
640 if (msqid < 0 || msqid >= msginfo.msgmni) {
641#ifdef MSG_DEBUG_OK
642 printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
643 msginfo.msgmni);
644#endif
601 return(EINVAL);
645 error = EINVAL;
646 goto done2;
647 }
648
649 msqptr = &msqids[msqid];
650 if (msqptr->msg_qbytes == 0) {
651#ifdef MSG_DEBUG_OK
652 printf("no such message queue id\n");
653#endif
609 return(EINVAL);
654 error = EINVAL;
655 goto done2;
656 }
657 if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
658#ifdef MSG_DEBUG_OK
659 printf("wrong sequence number\n");
660#endif
615 return(EINVAL);
661 error = EINVAL;
662 goto done2;
663 }
664
618 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_W))) {
665 if ((error = ipcperm(p, &msqptr->msg_perm, IPC_W))) {
666#ifdef MSG_DEBUG_OK
667 printf("requester doesn't have write access\n");
668#endif
622 return(eval);
669 goto done2;
670 }
671
672 segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz;
673#ifdef MSG_DEBUG_OK
674 printf("msgsz=%d, msgssz=%d, segs_needed=%d\n", msgsz, msginfo.msgssz,
675 segs_needed);
676#endif
677 for (;;) {
678 int need_more_resources = 0;
679
680 /*
681 * check msgsz
682 * (inside this loop in case msg_qbytes changes while we sleep)
683 */
684
685 if (msgsz > msqptr->msg_qbytes) {
686#ifdef MSG_DEBUG_OK
687 printf("msgsz > msqptr->msg_qbytes\n");
688#endif
642 return(EINVAL);
689 error = EINVAL;
690 goto done2;
691 }
692
693 if (msqptr->msg_perm.mode & MSG_LOCKED) {
694#ifdef MSG_DEBUG_OK
695 printf("msqid is locked\n");
696#endif
697 need_more_resources = 1;
698 }
699 if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes) {
700#ifdef MSG_DEBUG_OK
701 printf("msgsz + msg_cbytes > msg_qbytes\n");
702#endif
703 need_more_resources = 1;
704 }
705 if (segs_needed > nfree_msgmaps) {
706#ifdef MSG_DEBUG_OK
707 printf("segs_needed > nfree_msgmaps\n");
708#endif
709 need_more_resources = 1;
710 }
711 if (free_msghdrs == NULL) {
712#ifdef MSG_DEBUG_OK
713 printf("no more msghdrs\n");
714#endif
715 need_more_resources = 1;
716 }
717
718 if (need_more_resources) {
719 int we_own_it;
720
721 if ((msgflg & IPC_NOWAIT) != 0) {
722#ifdef MSG_DEBUG_OK
723 printf("need more resources but caller doesn't want to wait\n");
724#endif
677 return(EAGAIN);
725 error = EAGAIN;
726 goto done2;
727 }
728
729 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) {
730#ifdef MSG_DEBUG_OK
731 printf("we don't own the msqid_ds\n");
732#endif
733 we_own_it = 0;
734 } else {
735 /* Force later arrivals to wait for our
736 request */
737#ifdef MSG_DEBUG_OK
738 printf("we own the msqid_ds\n");
739#endif
740 msqptr->msg_perm.mode |= MSG_LOCKED;
741 we_own_it = 1;
742 }
743#ifdef MSG_DEBUG_OK
744 printf("goodnight\n");
745#endif
697 eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH,
746 error = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH,
747 "msgwait", 0);
748#ifdef MSG_DEBUG_OK
700 printf("good morning, eval=%d\n", eval);
749 printf("good morning, error=%d\n", error);
750#endif
751 if (we_own_it)
752 msqptr->msg_perm.mode &= ~MSG_LOCKED;
704 if (eval != 0) {
753 if (error != 0) {
754#ifdef MSG_DEBUG_OK
755 printf("msgsnd: interrupted system call\n");
756#endif
708 return(EINTR);
757 error = EINTR;
758 goto done2;
759 }
760
761 /*
762 * Make sure that the msq queue still exists
763 */
764
765 if (msqptr->msg_qbytes == 0) {
766#ifdef MSG_DEBUG_OK
767 printf("msqid deleted\n");
768#endif
719 return(EIDRM);
769 error = EIDRM;
770 goto done2;
771 }
772
773 } else {
774#ifdef MSG_DEBUG_OK
775 printf("got all the resources that we need\n");
776#endif
777 break;
778 }
779 }
780
781 /*
782 * We have the resources that we need.
783 * Make sure!
784 */
785
786 if (msqptr->msg_perm.mode & MSG_LOCKED)
787 panic("msg_perm.mode & MSG_LOCKED");
788 if (segs_needed > nfree_msgmaps)
789 panic("segs_needed > nfree_msgmaps");
790 if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes)
791 panic("msgsz + msg_cbytes > msg_qbytes");
792 if (free_msghdrs == NULL)
793 panic("no more msghdrs");
794
795 /*
796 * Re-lock the msqid_ds in case we page-fault when copying in the
797 * message
798 */
799
800 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0)
801 panic("msqid_ds is already locked");
802 msqptr->msg_perm.mode |= MSG_LOCKED;
803
804 /*
805 * Allocate a message header
806 */
807
808 msghdr = free_msghdrs;
809 free_msghdrs = msghdr->msg_next;
810 msghdr->msg_spot = -1;
811 msghdr->msg_ts = msgsz;
812
813 /*
814 * Allocate space for the message
815 */
816
817 while (segs_needed > 0) {
818 if (nfree_msgmaps <= 0)
819 panic("not enough msgmaps");
820 if (free_msgmaps == -1)
821 panic("nil free_msgmaps");
822 next = free_msgmaps;
823 if (next <= -1)
824 panic("next too low #1");
825 if (next >= msginfo.msgseg)
826 panic("next out of range #1");
827#ifdef MSG_DEBUG_OK
828 printf("allocating segment %d to message\n", next);
829#endif
830 free_msgmaps = msgmaps[next].next;
831 nfree_msgmaps--;
832 msgmaps[next].next = msghdr->msg_spot;
833 msghdr->msg_spot = next;
834 segs_needed--;
835 }
836
837 /*
838 * Copy in the message type
839 */
840
790 if ((eval = copyin(user_msgp, &msghdr->msg_type,
841 if ((error = copyin(user_msgp, &msghdr->msg_type,
842 sizeof(msghdr->msg_type))) != 0) {
843#ifdef MSG_DEBUG_OK
793 printf("error %d copying the message type\n", eval);
844 printf("error %d copying the message type\n", error);
845#endif
846 msg_freehdr(msghdr);
847 msqptr->msg_perm.mode &= ~MSG_LOCKED;
848 wakeup((caddr_t)msqptr);
798 return(eval);
849 goto done2;
850 }
851 user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type);
852
853 /*
854 * Validate the message type
855 */
856
857 if (msghdr->msg_type < 1) {
858 msg_freehdr(msghdr);
859 msqptr->msg_perm.mode &= ~MSG_LOCKED;
860 wakeup((caddr_t)msqptr);
861#ifdef MSG_DEBUG_OK
862 printf("mtype (%d) < 1\n", msghdr->msg_type);
863#endif
813 return(EINVAL);
864 error = EINVAL;
865 goto done2;
866 }
867
868 /*
869 * Copy in the message body
870 */
871
872 next = msghdr->msg_spot;
873 while (msgsz > 0) {
874 size_t tlen;
875 if (msgsz > msginfo.msgssz)
876 tlen = msginfo.msgssz;
877 else
878 tlen = msgsz;
879 if (next <= -1)
880 panic("next too low #2");
881 if (next >= msginfo.msgseg)
882 panic("next out of range #2");
831 if ((eval = copyin(user_msgp, &msgpool[next * msginfo.msgssz],
883 if ((error = copyin(user_msgp, &msgpool[next * msginfo.msgssz],
884 tlen)) != 0) {
885#ifdef MSG_DEBUG_OK
834 printf("error %d copying in message segment\n", eval);
886 printf("error %d copying in message segment\n", error);
887#endif
888 msg_freehdr(msghdr);
889 msqptr->msg_perm.mode &= ~MSG_LOCKED;
890 wakeup((caddr_t)msqptr);
839 return(eval);
891 goto done2;
892 }
893 msgsz -= tlen;
894 user_msgp = (char *)user_msgp + tlen;
895 next = msgmaps[next].next;
896 }
897 if (next != -1)
898 panic("didn't use all the msg segments");
899
900 /*
901 * We've got the message. Unlock the msqid_ds.
902 */
903
904 msqptr->msg_perm.mode &= ~MSG_LOCKED;
905
906 /*
907 * Make sure that the msqid_ds is still allocated.
908 */
909
910 if (msqptr->msg_qbytes == 0) {
911 msg_freehdr(msghdr);
912 wakeup((caddr_t)msqptr);
861 return(EIDRM);
913 error = EIDRM;
914 goto done2;
915 }
916
917 /*
918 * Put the message into the queue
919 */
920
921 if (msqptr->msg_first == NULL) {
922 msqptr->msg_first = msghdr;
923 msqptr->msg_last = msghdr;
924 } else {
925 msqptr->msg_last->msg_next = msghdr;
926 msqptr->msg_last = msghdr;
927 }
928 msqptr->msg_last->msg_next = NULL;
929
930 msqptr->msg_cbytes += msghdr->msg_ts;
931 msqptr->msg_qnum++;
932 msqptr->msg_lspid = p->p_pid;
933 msqptr->msg_stime = time_second;
934
935 wakeup((caddr_t)msqptr);
936 p->p_retval[0] = 0;
884 return(0);
937done2:
938 mtx_unlock(&Giant);
939 return (error);
940}
941
942#ifndef _SYS_SYSPROTO_H_
943struct msgrcv_args {
944 int msqid;
945 void *msgp;
946 size_t msgsz;
947 long msgtyp;
948 int msgflg;
949};
950#endif
951
952/*
953 * MPSAFE
954 */
955int
956msgrcv(p, uap)
957 struct proc *p;
958 register struct msgrcv_args *uap;
959{
960 int msqid = uap->msqid;
961 void *user_msgp = uap->msgp;
962 size_t msgsz = uap->msgsz;
963 long msgtyp = uap->msgtyp;
964 int msgflg = uap->msgflg;
965 size_t len;
966 register struct msqid_ds *msqptr;
967 register struct msg *msghdr;
910 int eval;
968 int error = 0;
969 short next;
970
971#ifdef MSG_DEBUG_OK
972 printf("call to msgrcv(%d, 0x%x, %d, %ld, %d)\n", msqid, user_msgp,
973 msgsz, msgtyp, msgflg);
974#endif
975
918 if (!jail_sysvipc_allowed && jailed(p->p_ucred))
919 return (ENOSYS);
976 mtx_lock(&Giant);
977
978 if (!jail_sysvipc_allowed && jailed(p->p_ucred)) {
979 error = ENOSYS;
980 goto done2;
981 }
982
983 msqid = IPCID_TO_IX(msqid);
984
985 if (msqid < 0 || msqid >= msginfo.msgmni) {
986#ifdef MSG_DEBUG_OK
987 printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
988 msginfo.msgmni);
989#endif
928 return(EINVAL);
990 error = EINVAL;
991 goto done2;
992 }
993
994 msqptr = &msqids[msqid];
995 if (msqptr->msg_qbytes == 0) {
996#ifdef MSG_DEBUG_OK
997 printf("no such message queue id\n");
998#endif
936 return(EINVAL);
999 error = EINVAL;
1000 goto done2;
1001 }
1002 if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
1003#ifdef MSG_DEBUG_OK
1004 printf("wrong sequence number\n");
1005#endif
942 return(EINVAL);
1006 error = EINVAL;
1007 goto done2;
1008 }
1009
945 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_R))) {
1010 if ((error = ipcperm(p, &msqptr->msg_perm, IPC_R))) {
1011#ifdef MSG_DEBUG_OK
1012 printf("requester doesn't have read access\n");
1013#endif
949 return(eval);
1014 goto done2;
1015 }
1016
1017 msghdr = NULL;
1018 while (msghdr == NULL) {
1019 if (msgtyp == 0) {
1020 msghdr = msqptr->msg_first;
1021 if (msghdr != NULL) {
1022 if (msgsz < msghdr->msg_ts &&
1023 (msgflg & MSG_NOERROR) == 0) {
1024#ifdef MSG_DEBUG_OK
1025 printf("first message on the queue is too big (want %d, got %d)\n",
1026 msgsz, msghdr->msg_ts);
1027#endif
963 return(E2BIG);
1028 error = E2BIG;
1029 goto done2;
1030 }
1031 if (msqptr->msg_first == msqptr->msg_last) {
1032 msqptr->msg_first = NULL;
1033 msqptr->msg_last = NULL;
1034 } else {
1035 msqptr->msg_first = msghdr->msg_next;
1036 if (msqptr->msg_first == NULL)
1037 panic("msg_first/last screwed up #1");
1038 }
1039 }
1040 } else {
1041 struct msg *previous;
1042 struct msg **prev;
1043
1044 previous = NULL;
1045 prev = &(msqptr->msg_first);
1046 while ((msghdr = *prev) != NULL) {
1047 /*
1048 * Is this message's type an exact match or is
1049 * this message's type less than or equal to
1050 * the absolute value of a negative msgtyp?
1051 * Note that the second half of this test can
1052 * NEVER be true if msgtyp is positive since
1053 * msg_type is always positive!
1054 */
1055
1056 if (msgtyp == msghdr->msg_type ||
1057 msghdr->msg_type <= -msgtyp) {
1058#ifdef MSG_DEBUG_OK
1059 printf("found message type %d, requested %d\n",
1060 msghdr->msg_type, msgtyp);
1061#endif
1062 if (msgsz < msghdr->msg_ts &&
1063 (msgflg & MSG_NOERROR) == 0) {
1064#ifdef MSG_DEBUG_OK
1065 printf("requested message on the queue is too big (want %d, got %d)\n",
1066 msgsz, msghdr->msg_ts);
1067#endif
1002 return(E2BIG);
1068 error = E2BIG;
1069 goto done2;
1070 }
1071 *prev = msghdr->msg_next;
1072 if (msghdr == msqptr->msg_last) {
1073 if (previous == NULL) {
1074 if (prev !=
1075 &msqptr->msg_first)
1076 panic("msg_first/last screwed up #2");
1077 msqptr->msg_first =
1078 NULL;
1079 msqptr->msg_last =
1080 NULL;
1081 } else {
1082 if (prev ==
1083 &msqptr->msg_first)
1084 panic("msg_first/last screwed up #3");
1085 msqptr->msg_last =
1086 previous;
1087 }
1088 }
1089 break;
1090 }
1091 previous = msghdr;
1092 prev = &(msghdr->msg_next);
1093 }
1094 }
1095
1096 /*
1097 * We've either extracted the msghdr for the appropriate
1098 * message or there isn't one.
1099 * If there is one then bail out of this loop.
1100 */
1101
1102 if (msghdr != NULL)
1103 break;
1104
1105 /*
1106 * Hmph! No message found. Does the user want to wait?
1107 */
1108
1109 if ((msgflg & IPC_NOWAIT) != 0) {
1110#ifdef MSG_DEBUG_OK
1111 printf("no appropriate message found (msgtyp=%d)\n",
1112 msgtyp);
1113#endif
1114 /* The SVID says to return ENOMSG. */
1048 return(ENOMSG);
1115 error = ENOMSG;
1116 goto done2;
1117 }
1118
1119 /*
1120 * Wait for something to happen
1121 */
1122
1123#ifdef MSG_DEBUG_OK
1124 printf("msgrcv: goodnight\n");
1125#endif
1058 eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, "msgwait",
1126 error = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, "msgwait",
1127 0);
1128#ifdef MSG_DEBUG_OK
1061 printf("msgrcv: good morning (eval=%d)\n", eval);
1129 printf("msgrcv: good morning (error=%d)\n", error);
1130#endif
1131
1064 if (eval != 0) {
1132 if (error != 0) {
1133#ifdef MSG_DEBUG_OK
1134 printf("msgsnd: interrupted system call\n");
1135#endif
1068 return(EINTR);
1136 error = EINTR;
1137 goto done2;
1138 }
1139
1140 /*
1141 * Make sure that the msq queue still exists
1142 */
1143
1144 if (msqptr->msg_qbytes == 0 ||
1145 msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
1146#ifdef MSG_DEBUG_OK
1147 printf("msqid deleted\n");
1148#endif
1080 return(EIDRM);
1149 error = EIDRM;
1150 goto done2;
1151 }
1152 }
1153
1154 /*
1155 * Return the message to the user.
1156 *
1157 * First, do the bookkeeping (before we risk being interrupted).
1158 */
1159
1160 msqptr->msg_cbytes -= msghdr->msg_ts;
1161 msqptr->msg_qnum--;
1162 msqptr->msg_lrpid = p->p_pid;
1163 msqptr->msg_rtime = time_second;
1164
1165 /*
1166 * Make msgsz the actual amount that we'll be returning.
1167 * Note that this effectively truncates the message if it is too long
1168 * (since msgsz is never increased).
1169 */
1170
1171#ifdef MSG_DEBUG_OK
1172 printf("found a message, msgsz=%d, msg_ts=%d\n", msgsz,
1173 msghdr->msg_ts);
1174#endif
1175 if (msgsz > msghdr->msg_ts)
1176 msgsz = msghdr->msg_ts;
1177
1178 /*
1179 * Return the type to the user.
1180 */
1181
1112 eval = copyout((caddr_t)&(msghdr->msg_type), user_msgp,
1182 error = copyout((caddr_t)&(msghdr->msg_type), user_msgp,
1183 sizeof(msghdr->msg_type));
1114 if (eval != 0) {
1184 if (error != 0) {
1185#ifdef MSG_DEBUG_OK
1116 printf("error (%d) copying out message type\n", eval);
1186 printf("error (%d) copying out message type\n", error);
1187#endif
1188 msg_freehdr(msghdr);
1189 wakeup((caddr_t)msqptr);
1120 return(eval);
1190 goto done2;
1191 }
1192 user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type);
1193
1194 /*
1195 * Return the segments to the user
1196 */
1197
1198 next = msghdr->msg_spot;
1199 for (len = 0; len < msgsz; len += msginfo.msgssz) {
1200 size_t tlen;
1201
1202 if (msgsz - len > msginfo.msgssz)
1203 tlen = msginfo.msgssz;
1204 else
1205 tlen = msgsz - len;
1206 if (next <= -1)
1207 panic("next too low #3");
1208 if (next >= msginfo.msgseg)
1209 panic("next out of range #3");
1140 eval = copyout((caddr_t)&msgpool[next * msginfo.msgssz],
1210 error = copyout((caddr_t)&msgpool[next * msginfo.msgssz],
1211 user_msgp, tlen);
1142 if (eval != 0) {
1212 if (error != 0) {
1213#ifdef MSG_DEBUG_OK
1214 printf("error (%d) copying out message segment\n",
1145 eval);
1215 error);
1216#endif
1217 msg_freehdr(msghdr);
1218 wakeup((caddr_t)msqptr);
1149 return(eval);
1219 goto done2;
1220 }
1221 user_msgp = (char *)user_msgp + tlen;
1222 next = msgmaps[next].next;
1223 }
1224
1225 /*
1226 * Done, return the actual number of bytes copied out.
1227 */
1228
1229 msg_freehdr(msghdr);
1230 wakeup((caddr_t)msqptr);
1231 p->p_retval[0] = msgsz;
1162 return(0);
1232done2:
1233 mtx_unlock(&Giant);
1234 return (error);
1235}
1236
1237static int
1238sysctl_msqids(SYSCTL_HANDLER_ARGS)
1239{
1240
1241 return (SYSCTL_OUT(req, msqids,
1242 sizeof(struct msqid_ds) * msginfo.msgmni));
1243}
1244
1245SYSCTL_DECL(_kern_ipc);
1246SYSCTL_INT(_kern_ipc, OID_AUTO, msgmax, CTLFLAG_RD, &msginfo.msgmax, 0, "");
1247SYSCTL_INT(_kern_ipc, OID_AUTO, msgmni, CTLFLAG_RD, &msginfo.msgmni, 0, "");
1248SYSCTL_INT(_kern_ipc, OID_AUTO, msgmnb, CTLFLAG_RD, &msginfo.msgmnb, 0, "");
1249SYSCTL_INT(_kern_ipc, OID_AUTO, msgtql, CTLFLAG_RD, &msginfo.msgtql, 0, "");
1250SYSCTL_INT(_kern_ipc, OID_AUTO, msgssz, CTLFLAG_RD, &msginfo.msgssz, 0, "");
1251SYSCTL_INT(_kern_ipc, OID_AUTO, msgseg, CTLFLAG_RD, &msginfo.msgseg, 0, "")
1252SYSCTL_PROC(_kern_ipc, OID_AUTO, msqids, CTLFLAG_RD,
1253 NULL, 0, sysctl_msqids, "", "Message queue IDs");