1/* 2 * Copyright (c) 2000-2007 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28/* 29 * Copyright (c) 1990, 1996-1998 Apple Computer, Inc. 30 * All Rights Reserved. 31 */ 32/* 33 * posix_shm.c : Support for POSIX shared memory APIs 34 * 35 * File: posix_shm.c 36 * Author: Ananthakrishna Ramesh 37 * 38 * HISTORY 39 * 2-Sep-1999 A.Ramesh 40 * Created for MacOSX 41 * 42 */ 43/* 44 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce 45 * support for mandatory and extensible security protections. This notice 46 * is included in support of clause 2.2 (b) of the Apple Public License, 47 * Version 2.0. 48 */ 49 50#include <sys/cdefs.h> 51#include <sys/param.h> 52#include <sys/systm.h> 53#include <sys/kernel.h> 54#include <sys/file_internal.h> 55#include <sys/filedesc.h> 56#include <sys/stat.h> 57#include <sys/proc_internal.h> 58#include <sys/kauth.h> 59#include <sys/mount.h> 60#include <sys/namei.h> 61#include <sys/vnode.h> 62#include <sys/vnode_internal.h> 63#include <sys/ioctl.h> 64#include <sys/tty.h> 65#include <sys/malloc.h> 66#include <sys/mman.h> 67#include <sys/stat.h> 68#include <sys/sysproto.h> 69#include <sys/proc_info.h> 70#include <security/audit/audit.h> 71 72#if CONFIG_MACF 73#include <security/mac_framework.h> 74#endif 75 76#include <mach/mach_types.h> 77#include <mach/mach_vm.h> 78#include <mach/vm_map.h> 79#include <mach/vm_prot.h> 80#include <mach/vm_inherit.h> 81#include <mach/kern_return.h> 82#include <mach/memory_object_control.h> 83 84#include <vm/vm_map.h> 85#include <vm/vm_protos.h> 86 87#define f_flag f_fglob->fg_flag 88#define f_type f_fglob->fg_type 89#define f_msgcount f_fglob->fg_msgcount 90#define f_cred f_fglob->fg_cred 91#define f_ops f_fglob->fg_ops 92#define f_offset f_fglob->fg_offset 93#define f_data f_fglob->fg_data 94#define PSHMNAMLEN 31 /* maximum name segment length we bother with */ 95 96struct pshmobj { 97 void * pshmo_memobject; 98 memory_object_size_t pshmo_size; 99 struct pshmobj * pshmo_next; 100}; 101 102struct pshminfo { 103 unsigned int pshm_flags; 104 unsigned int pshm_usecount; 105 off_t pshm_length; 106 mode_t pshm_mode; 107 uid_t pshm_uid; 108 gid_t pshm_gid; 109 char pshm_name[PSHMNAMLEN + 1]; /* segment name */ 110 struct pshmobj *pshm_memobjects; 111#if DIAGNOSTIC 112 unsigned int pshm_readcount; 113 unsigned int pshm_writecount; 114 proc_t pshm_proc; 115#endif /* DIAGNOSTIC */ 116 struct label* pshm_label; 117}; 118#define PSHMINFO_NULL (struct pshminfo *)0 119 120#define PSHM_NONE 0x001 121#define PSHM_DEFINED 0x002 122#define PSHM_ALLOCATED 0x004 123#define PSHM_MAPPED 0x008 124#define PSHM_INUSE 0x010 125#define PSHM_REMOVED 0x020 126#define PSHM_INCREATE 0x040 127#define PSHM_INDELETE 0x080 128#define PSHM_ALLOCATING 0x100 129 130struct pshmcache { 131 LIST_ENTRY(pshmcache) pshm_hash; /* hash chain */ 132 struct pshminfo *pshminfo; /* vnode the name refers to */ 133 int pshm_nlen; /* length of name */ 134 char pshm_name[PSHMNAMLEN + 1]; /* segment name */ 135}; 136#define PSHMCACHE_NULL (struct pshmcache *)0 137 138struct pshmstats { 139 long goodhits; /* hits that we can really use */ 140 long neghits; /* negative hits that we can use */ 141 long badhits; /* hits we must drop */ 142 long falsehits; /* hits with id mismatch */ 143 long miss; /* misses */ 144 long longnames; /* long names that ignore cache */ 145}; 146 147struct pshmname { 148 char *pshm_nameptr; /* pointer to looked up name */ 149 long pshm_namelen; /* length of looked up component */ 150 u_long pshm_hash; /* hash value of looked up name */ 151}; 152 153struct pshmnode { 154 off_t mapp_addr; 155 user_size_t map_size; /* XXX unused ? */ 156 struct pshminfo *pinfo; 157 unsigned int pshm_usecount; 158#if DIAGNOSTIC 159 unsigned int readcnt; 160 unsigned int writecnt; 161#endif 162}; 163#define PSHMNODE_NULL (struct pshmnode *)0 164 165 166#define PSHMHASH(pnp) \ 167 (&pshmhashtbl[(pnp)->pshm_hash & pshmhash]) 168 169LIST_HEAD(pshmhashhead, pshmcache) *pshmhashtbl; /* Hash Table */ 170u_long pshmhash; /* size of hash table - 1 */ 171long pshmnument; /* number of cache entries allocated */ 172struct pshmstats pshmstats; /* cache effectiveness statistics */ 173 174static int pshm_read (struct fileproc *fp, struct uio *uio, 175 int flags, vfs_context_t ctx); 176static int pshm_write (struct fileproc *fp, struct uio *uio, 177 int flags, vfs_context_t ctx); 178static int pshm_ioctl (struct fileproc *fp, u_long com, 179 caddr_t data, vfs_context_t ctx); 180static int pshm_select (struct fileproc *fp, int which, void *wql, vfs_context_t ctx); 181static int pshm_close(struct pshminfo *pinfo, int dropref); 182static int pshm_closefile (struct fileglob *fg, vfs_context_t ctx); 183 184static int pshm_kqfilter(struct fileproc *fp, struct knote *kn, vfs_context_t ctx); 185 186int pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, proc_t p); 187static int pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *pcp); 188static void pshm_cache_delete(struct pshmcache *pcp); 189#if NOT_USED 190static void pshm_cache_purge(void); 191#endif /* NOT_USED */ 192static int pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp, 193 struct pshmcache **pcache, int addref); 194 195struct fileops pshmops = 196 { pshm_read, pshm_write, pshm_ioctl, pshm_select, pshm_closefile, pshm_kqfilter, 0 }; 197 198static lck_grp_t *psx_shm_subsys_lck_grp; 199static lck_grp_attr_t *psx_shm_subsys_lck_grp_attr; 200static lck_attr_t *psx_shm_subsys_lck_attr; 201static lck_mtx_t psx_shm_subsys_mutex; 202 203#define PSHM_SUBSYS_LOCK() lck_mtx_lock(& psx_shm_subsys_mutex) 204#define PSHM_SUBSYS_UNLOCK() lck_mtx_unlock(& psx_shm_subsys_mutex) 205 206 207/* Initialize the mutex governing access to the posix shm subsystem */ 208__private_extern__ void 209pshm_lock_init( void ) 210{ 211 212 psx_shm_subsys_lck_grp_attr = lck_grp_attr_alloc_init(); 213 214 psx_shm_subsys_lck_grp = lck_grp_alloc_init("posix shared memory", psx_shm_subsys_lck_grp_attr); 215 216 psx_shm_subsys_lck_attr = lck_attr_alloc_init(); 217 lck_mtx_init(& psx_shm_subsys_mutex, psx_shm_subsys_lck_grp, psx_shm_subsys_lck_attr); 218} 219 220/* 221 * Lookup an entry in the cache 222 * 223 * 224 * status of -1 is returned if matches 225 * If the lookup determines that the name does not exist 226 * (negative cacheing), a status of ENOENT is returned. If the lookup 227 * fails, a status of zero is returned. 228 */ 229 230static int 231pshm_cache_search(struct pshminfo **pshmp, struct pshmname *pnp, 232 struct pshmcache **pcache, int addref) 233{ 234 struct pshmcache *pcp, *nnp; 235 struct pshmhashhead *pcpp; 236 237 if (pnp->pshm_namelen > PSHMNAMLEN) { 238 pshmstats.longnames++; 239 return (0); 240 } 241 242 pcpp = PSHMHASH(pnp); 243 for (pcp = pcpp->lh_first; pcp != 0; pcp = nnp) { 244 nnp = pcp->pshm_hash.le_next; 245 if (pcp->pshm_nlen == pnp->pshm_namelen && 246 !bcmp(pcp->pshm_name, pnp->pshm_nameptr, (u_int)pcp-> pshm_nlen)) 247 break; 248 } 249 250 if (pcp == 0) { 251 pshmstats.miss++; 252 return (0); 253 } 254 255 /* We found a "positive" match, return the vnode */ 256 if (pcp->pshminfo) { 257 pshmstats.goodhits++; 258 /* TOUCH(ncp); */ 259 *pshmp = pcp->pshminfo; 260 *pcache = pcp; 261 if (addref) 262 pcp->pshminfo->pshm_usecount++; 263 return (-1); 264 } 265 266 /* 267 * We found a "negative" match, ENOENT notifies client of this match. 268 * The nc_vpid field records whether this is a whiteout. 269 */ 270 pshmstats.neghits++; 271 return (ENOENT); 272} 273 274/* 275 * Add an entry to the cache. 276 * XXX should be static? 277 */ 278static int 279pshm_cache_add(struct pshminfo *pshmp, struct pshmname *pnp, struct pshmcache *pcp) 280{ 281 struct pshmhashhead *pcpp; 282 struct pshminfo *dpinfo; 283 struct pshmcache *dpcp; 284 285#if DIAGNOSTIC 286 if (pnp->pshm_namelen > PSHMNAMLEN) 287 panic("cache_enter: name too long"); 288#endif 289 290 291 /* if the entry has already been added by some one else return */ 292 if (pshm_cache_search(&dpinfo, pnp, &dpcp, 0) == -1) { 293 return(EEXIST); 294 } 295 pshmnument++; 296 297 /* 298 * Fill in cache info, if vp is NULL this is a "negative" cache entry. 299 * For negative entries, we have to record whether it is a whiteout. 300 * the whiteout flag is stored in the nc_vpid field which is 301 * otherwise unused. 302 */ 303 pcp->pshminfo = pshmp; 304 pcp->pshm_nlen = pnp->pshm_namelen; 305 bcopy(pnp->pshm_nameptr, pcp->pshm_name, (unsigned)pcp->pshm_nlen); 306 pcpp = PSHMHASH(pnp); 307#if DIAGNOSTIC 308 { 309 struct pshmcache *p; 310 311 for (p = pcpp->lh_first; p != 0; p = p->pshm_hash.le_next) 312 if (p == pcp) 313 panic("cache_enter: duplicate"); 314 } 315#endif 316 LIST_INSERT_HEAD(pcpp, pcp, pshm_hash); 317 return(0); 318} 319 320/* 321 * Name cache initialization, from vfs_init() when we are booting 322 */ 323void 324pshm_cache_init(void) 325{ 326 pshmhashtbl = hashinit(desiredvnodes / 8, M_SHM, &pshmhash); 327} 328 329#if NOT_USED 330/* 331 * Invalidate a all entries to particular vnode. 332 * 333 * We actually just increment the v_id, that will do it. The entries will 334 * be purged by lookup as they get found. If the v_id wraps around, we 335 * need to ditch the entire cache, to avoid confusion. No valid vnode will 336 * ever have (v_id == 0). 337 */ 338static void 339pshm_cache_purge(void) 340{ 341 struct pshmcache *pcp; 342 struct pshmhashhead *pcpp; 343 344 for (pcpp = &pshmhashtbl[pshmhash]; pcpp >= pshmhashtbl; pcpp--) { 345 while ( (pcp = pcpp->lh_first) ) 346 pshm_cache_delete(pcp); 347 } 348} 349#endif /* NOT_USED */ 350 351static void 352pshm_cache_delete(struct pshmcache *pcp) 353{ 354#if DIAGNOSTIC 355 if (pcp->pshm_hash.le_prev == 0) 356 panic("namecache purge le_prev"); 357 if (pcp->pshm_hash.le_next == pcp) 358 panic("namecache purge le_next"); 359#endif /* DIAGNOSTIC */ 360 LIST_REMOVE(pcp, pshm_hash); 361 pcp->pshm_hash.le_prev = 0; 362 pshmnument--; 363} 364 365 366int 367shm_open(proc_t p, struct shm_open_args *uap, int32_t *retval) 368{ 369 size_t i; 370 int indx, error; 371 struct pshmname nd; 372 struct pshminfo *pinfo; 373 struct fileproc *fp = NULL; 374 char *pnbuf = NULL; 375 struct pshminfo *new_pinfo = PSHMINFO_NULL; 376 struct pshmnode *new_pnode = PSHMNODE_NULL; 377 struct pshmcache *pcache = PSHMCACHE_NULL; /* ignored on return */ 378 char * nameptr; 379 char * cp; 380 size_t pathlen, plen; 381 int fmode ; 382 int cmode = uap->mode; 383 int incache = 0; 384 struct pshmcache *pcp = NULL; 385 386 AUDIT_ARG(fflags, uap->oflag); 387 AUDIT_ARG(mode, uap->mode); 388 389 pinfo = PSHMINFO_NULL; 390 391 /* 392 * Preallocate everything we might need up front to avoid taking 393 * and dropping the lock, opening us up to race conditions. 394 */ 395 MALLOC_ZONE(pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK); 396 if (pnbuf == NULL) { 397 error = ENOSPC; 398 goto bad; 399 } 400 401 pathlen = MAXPATHLEN; 402 error = copyinstr(uap->name, (void *)pnbuf, MAXPATHLEN, &pathlen); 403 if (error) { 404 goto bad; 405 } 406 AUDIT_ARG(text, pnbuf); 407 if (pathlen > PSHMNAMLEN) { 408 error = ENAMETOOLONG; 409 goto bad; 410 } 411#ifdef PSXSHM_NAME_RESTRICT 412 nameptr = pnbuf; 413 if (*nameptr == '/') { 414 while (*(nameptr++) == '/') { 415 plen--; 416 error = EINVAL; 417 goto bad; 418 } 419 } else { 420 error = EINVAL; 421 goto bad; 422 } 423#endif /* PSXSHM_NAME_RESTRICT */ 424 425 plen = pathlen; 426 nameptr = pnbuf; 427 nd.pshm_nameptr = nameptr; 428 nd.pshm_namelen = plen; 429 nd. pshm_hash =0; 430 431 for (cp = nameptr, i=1; *cp != 0 && i <= plen; i++, cp++) { 432 nd.pshm_hash += (unsigned char)*cp * i; 433 } 434 435 /* 436 * attempt to allocate a new fp; if unsuccessful, the fp will be 437 * left unmodified (NULL). 438 */ 439 error = falloc(p, &fp, &indx, vfs_context_current()); 440 if (error) 441 goto bad; 442 443 cmode &= ALLPERMS; 444 445 fmode = FFLAGS(uap->oflag); 446 if ((fmode & (FREAD | FWRITE)) == 0) { 447 error = EINVAL; 448 goto bad; 449 } 450 451 /* 452 * We allocate a new entry if we are less than the maximum 453 * allowed and the one at the front of the LRU list is in use. 454 * Otherwise we use the one at the front of the LRU list. 455 */ 456 MALLOC(pcp, struct pshmcache *, sizeof(struct pshmcache), M_SHM, M_WAITOK|M_ZERO); 457 if (pcp == NULL) { 458 error = ENOSPC; 459 goto bad; 460 } 461 462 MALLOC(new_pinfo, struct pshminfo *, sizeof(struct pshminfo), M_SHM, M_WAITOK|M_ZERO); 463 if (new_pinfo == PSHMINFO_NULL) { 464 error = ENOSPC; 465 goto bad; 466 } 467#if CONFIG_MACF 468 mac_posixshm_label_init(new_pinfo); 469#endif 470 471 MALLOC(new_pnode, struct pshmnode *, sizeof(struct pshmnode), M_SHM, M_WAITOK|M_ZERO); 472 if (new_pnode == PSHMNODE_NULL) { 473 error = ENOSPC; 474 goto bad; 475 } 476 477 PSHM_SUBSYS_LOCK(); 478 479 /* 480 * If we find the entry in the cache, this will take a reference, 481 * allowing us to unlock it for the permissions check. 482 */ 483 error = pshm_cache_search(&pinfo, &nd, &pcache, 1); 484 485 PSHM_SUBSYS_UNLOCK(); 486 487 if (error == ENOENT) { 488 error = EINVAL; 489 goto bad; 490 } 491 492 if (!error) { 493 incache = 0; 494 if (fmode & O_CREAT) { 495 /* create a new one (commit the allocation) */ 496 pinfo = new_pinfo; 497 pinfo->pshm_flags = PSHM_DEFINED | PSHM_INCREATE; 498 pinfo->pshm_usecount = 1; /* existence reference */ 499 pinfo->pshm_mode = cmode; 500 pinfo->pshm_uid = kauth_getuid(); 501 pinfo->pshm_gid = kauth_getgid(); 502 bcopy(pnbuf, &pinfo->pshm_name[0], pathlen); 503 pinfo->pshm_name[pathlen]=0; 504#if CONFIG_MACF 505 error = mac_posixshm_check_create(kauth_cred_get(), nameptr); 506 if (error) { 507 goto bad; 508 } 509 mac_posixshm_label_associate(kauth_cred_get(), pinfo, nameptr); 510#endif 511 } 512 } else { 513 incache = 1; 514 if (fmode & O_CREAT) { 515 /* already exists */ 516 if ((fmode & O_EXCL)) { 517 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, 518 pinfo->pshm_gid, 519 pinfo->pshm_mode); 520 521 /* shm obj exists and opened O_EXCL */ 522 error = EEXIST; 523 goto bad; 524 } 525 526 if( pinfo->pshm_flags & PSHM_INDELETE) { 527 error = ENOENT; 528 goto bad; 529 } 530 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, 531 pinfo->pshm_gid, pinfo->pshm_mode); 532#if CONFIG_MACF 533 if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) { 534 goto bad; 535 } 536#endif 537 if ( (error = pshm_access(pinfo, fmode, kauth_cred_get(), p)) ) { 538 goto bad; 539 } 540 } 541 } 542 if (!(fmode & O_CREAT)) { 543 if (!incache) { 544 /* O_CREAT is not set and the object does not exist */ 545 error = ENOENT; 546 goto bad; 547 } 548 if( pinfo->pshm_flags & PSHM_INDELETE) { 549 error = ENOENT; 550 goto bad; 551 } 552#if CONFIG_MACF 553 if ((error = mac_posixshm_check_open(kauth_cred_get(), pinfo, fmode))) { 554 goto bad; 555 } 556#endif 557 558 if ((error = pshm_access(pinfo, fmode, kauth_cred_get(), p))) { 559 goto bad; 560 } 561 } 562 if (fmode & O_TRUNC) { 563 error = EINVAL; 564 goto bad; 565 } 566 567 568 PSHM_SUBSYS_LOCK(); 569 570#if DIAGNOSTIC 571 if (fmode & FWRITE) 572 pinfo->pshm_writecount++; 573 if (fmode & FREAD) 574 pinfo->pshm_readcount++; 575#endif 576 if (!incache) { 577 /* if successful, this will consume the pcp */ 578 if ( (error = pshm_cache_add(pinfo, &nd, pcp)) ) { 579 goto bad_locked; 580 } 581 /* 582 * add reference for the new entry; otherwise, we obtained 583 * one from the cache hit earlier. 584 */ 585 pinfo->pshm_usecount++; 586 } 587 pinfo->pshm_flags &= ~PSHM_INCREATE; 588 new_pnode->pinfo = pinfo; 589 590 PSHM_SUBSYS_UNLOCK(); 591 592 /* 593 * if incache, we did not use the new pcp or new_pinfo and must 594 * free them 595 */ 596 if (incache) { 597 FREE(pcp, M_SHM); 598 599 if (new_pinfo != PSHMINFO_NULL) { 600#if CONFIG_MACF 601 mac_posixshm_label_destroy(new_pinfo); 602#endif 603 FREE(new_pinfo, M_SHM); 604 } 605 } 606 607 proc_fdlock(p); 608 fp->f_flag = fmode & FMASK; 609 fp->f_type = DTYPE_PSXSHM; 610 fp->f_ops = &pshmops; 611 fp->f_data = (caddr_t)new_pnode; 612 *fdflags(p, indx) |= UF_EXCLOSE; 613 procfdtbl_releasefd(p, indx, NULL); 614 fp_drop(p, indx, fp, 1); 615 proc_fdunlock(p); 616 617 *retval = indx; 618 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI); 619 return (0); 620 621bad_locked: 622 PSHM_SUBSYS_UNLOCK(); 623bad: 624 /* 625 * If we obtained the entry from the cache, we need to drop the 626 * reference; holding the reference may have prevented unlinking, 627 * so we need to call pshm_close() to get the full effect. 628 */ 629 if (incache) { 630 PSHM_SUBSYS_LOCK(); 631 pshm_close(pinfo, 1); 632 PSHM_SUBSYS_UNLOCK(); 633 } 634 635 if (pcp != NULL) 636 FREE(pcp, M_SHM); 637 638 if (new_pnode != PSHMNODE_NULL) 639 FREE(new_pnode, M_SHM); 640 641 if (fp != NULL) 642 fp_free(p, indx, fp); 643 644 if (new_pinfo != PSHMINFO_NULL) { 645#if CONFIG_MACF 646 mac_posixshm_label_destroy(new_pinfo); 647#endif 648 FREE(new_pinfo, M_SHM); 649 } 650 if (pnbuf != NULL) 651 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI); 652 return (error); 653} 654 655 656int 657pshm_truncate(__unused proc_t p, struct fileproc *fp, __unused int fd, 658 off_t length, __unused int32_t *retval) 659{ 660 struct pshminfo * pinfo; 661 struct pshmnode * pnode ; 662 kern_return_t kret; 663 mem_entry_name_port_t mem_object; 664 mach_vm_size_t total_size, alloc_size; 665 memory_object_size_t mosize; 666 struct pshmobj *pshmobj, *pshmobj_next, **pshmobj_next_p; 667#if CONFIG_MACF 668 int error; 669#endif 670 671 if (fp->f_type != DTYPE_PSXSHM) { 672 return(EINVAL); 673 } 674 675 676 if (((pnode = (struct pshmnode *)fp->f_data)) == PSHMNODE_NULL ) 677 return(EINVAL); 678 679 PSHM_SUBSYS_LOCK(); 680 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL) { 681 PSHM_SUBSYS_UNLOCK(); 682 return(EINVAL); 683 } 684 if ((pinfo->pshm_flags & (PSHM_DEFINED|PSHM_ALLOCATING|PSHM_ALLOCATED)) 685 != PSHM_DEFINED) { 686 PSHM_SUBSYS_UNLOCK(); 687 return(EINVAL); 688 } 689#if CONFIG_MACF 690 error = mac_posixshm_check_truncate(kauth_cred_get(), pinfo, length); 691 if (error) { 692 PSHM_SUBSYS_UNLOCK(); 693 return(error); 694 } 695#endif 696 697 pinfo->pshm_flags |= PSHM_ALLOCATING; 698 total_size = round_page_64(length); 699 pshmobj_next_p = &pinfo->pshm_memobjects; 700 701 for (alloc_size = 0; 702 alloc_size < total_size; 703 alloc_size += mosize) { 704 705 PSHM_SUBSYS_UNLOCK(); 706 707 mosize = MIN(total_size - alloc_size, ANON_MAX_SIZE); 708 kret = mach_make_memory_entry_64( 709 VM_MAP_NULL, 710 &mosize, 711 0, 712 MAP_MEM_NAMED_CREATE | VM_PROT_DEFAULT, 713 &mem_object, 714 0); 715 716 if (kret != KERN_SUCCESS) 717 goto out; 718 719 MALLOC(pshmobj, struct pshmobj *, sizeof (struct pshmobj), 720 M_SHM, M_WAITOK); 721 if (pshmobj == NULL) { 722 kret = KERN_NO_SPACE; 723 mach_memory_entry_port_release(mem_object); 724 mem_object = NULL; 725 goto out; 726 } 727 728 PSHM_SUBSYS_LOCK(); 729 730 pshmobj->pshmo_memobject = (void *) mem_object; 731 pshmobj->pshmo_size = mosize; 732 pshmobj->pshmo_next = NULL; 733 734 *pshmobj_next_p = pshmobj; 735 pshmobj_next_p = &pshmobj->pshmo_next; 736 } 737 738 pinfo->pshm_flags = PSHM_ALLOCATED; 739 pinfo->pshm_length = total_size; 740 PSHM_SUBSYS_UNLOCK(); 741 return(0); 742 743out: 744 PSHM_SUBSYS_LOCK(); 745 for (pshmobj = pinfo->pshm_memobjects; 746 pshmobj != NULL; 747 pshmobj = pshmobj_next) { 748 pshmobj_next = pshmobj->pshmo_next; 749 mach_memory_entry_port_release(pshmobj->pshmo_memobject); 750 FREE(pshmobj, M_SHM); 751 } 752 pinfo->pshm_memobjects = NULL; 753 pinfo->pshm_flags &= ~PSHM_ALLOCATING; 754 PSHM_SUBSYS_UNLOCK(); 755 756 switch (kret) { 757 case KERN_INVALID_ADDRESS: 758 case KERN_NO_SPACE: 759 return (ENOMEM); 760 case KERN_PROTECTION_FAILURE: 761 return (EACCES); 762 default: 763 return (EINVAL); 764 765 } 766} 767 768int 769pshm_stat(struct pshmnode *pnode, void *ub, int isstat64) 770{ 771 struct stat *sb = (struct stat *)0; /* warning avoidance ; protected by isstat64 */ 772 struct stat64 * sb64 = (struct stat64 *)0; /* warning avoidance ; protected by isstat64 */ 773 struct pshminfo *pinfo; 774#if CONFIG_MACF 775 int error; 776#endif 777 778 PSHM_SUBSYS_LOCK(); 779 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL){ 780 PSHM_SUBSYS_UNLOCK(); 781 return(EINVAL); 782 } 783 784#if CONFIG_MACF 785 error = mac_posixshm_check_stat(kauth_cred_get(), pinfo); 786 if (error) { 787 PSHM_SUBSYS_UNLOCK(); 788 return(error); 789 } 790#endif 791 792 if (isstat64 != 0) { 793 sb64 = (struct stat64 *)ub; 794 bzero(sb64, sizeof(struct stat64)); 795 sb64->st_mode = pinfo->pshm_mode; 796 sb64->st_uid = pinfo->pshm_uid; 797 sb64->st_gid = pinfo->pshm_gid; 798 sb64->st_size = pinfo->pshm_length; 799 } else { 800 sb = (struct stat *)ub; 801 bzero(sb, sizeof(struct stat)); 802 sb->st_mode = pinfo->pshm_mode; 803 sb->st_uid = pinfo->pshm_uid; 804 sb->st_gid = pinfo->pshm_gid; 805 sb->st_size = pinfo->pshm_length; 806 } 807 PSHM_SUBSYS_UNLOCK(); 808 809 return(0); 810} 811 812/* 813 * This is called only from shm_open which holds pshm_lock(); 814 * XXX This code is repeated many times 815 */ 816int 817pshm_access(struct pshminfo *pinfo, int mode, kauth_cred_t cred, __unused proc_t p) 818{ 819 int mode_req = ((mode & FREAD) ? S_IRUSR : 0) | 820 ((mode & FWRITE) ? S_IWUSR : 0); 821 822 /* Otherwise, user id 0 always gets access. */ 823 if (!suser(cred, NULL)) 824 return (0); 825 826 return(posix_cred_access(cred, pinfo->pshm_uid, pinfo->pshm_gid, pinfo->pshm_mode, mode_req)); 827} 828 829int 830pshm_mmap(__unused proc_t p, struct mmap_args *uap, user_addr_t *retval, struct fileproc *fp, off_t pageoff) 831{ 832 vm_map_offset_t user_addr = (vm_map_offset_t)uap->addr; 833 vm_map_size_t user_size = (vm_map_size_t)uap->len ; 834 vm_map_offset_t user_start_addr; 835 vm_map_size_t map_size, mapped_size; 836 int prot = uap->prot; 837 int flags = uap->flags; 838 vm_object_offset_t file_pos = (vm_object_offset_t)uap->pos; 839 vm_object_offset_t map_pos; 840 vm_map_t user_map; 841 int alloc_flags; 842 boolean_t docow; 843 kern_return_t kret; 844 struct pshminfo * pinfo; 845 struct pshmnode * pnode; 846 struct pshmobj * pshmobj; 847#if CONFIG_MACF 848 int error; 849#endif 850 851 if (user_size == 0) 852 return(0); 853 854 if ((flags & MAP_SHARED) == 0) 855 return(EINVAL); 856 857 858 if ((prot & PROT_WRITE) && ((fp->f_flag & FWRITE) == 0)) { 859 return(EPERM); 860 } 861 862 if (((pnode = (struct pshmnode *)fp->f_data)) == PSHMNODE_NULL ) 863 return(EINVAL); 864 865 PSHM_SUBSYS_LOCK(); 866 if ((pinfo = pnode->pinfo) == PSHMINFO_NULL) { 867 PSHM_SUBSYS_UNLOCK(); 868 return(EINVAL); 869 } 870 871 if ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED) { 872 PSHM_SUBSYS_UNLOCK(); 873 return(EINVAL); 874 } 875 if ((off_t)user_size > pinfo->pshm_length) { 876 PSHM_SUBSYS_UNLOCK(); 877 return(EINVAL); 878 } 879 if ((off_t)(user_size + file_pos) > pinfo->pshm_length) { 880 PSHM_SUBSYS_UNLOCK(); 881 return(EINVAL); 882 } 883 if ((pshmobj = pinfo->pshm_memobjects) == NULL) { 884 PSHM_SUBSYS_UNLOCK(); 885 return(EINVAL); 886 } 887 888#if CONFIG_MACF 889 error = mac_posixshm_check_mmap(kauth_cred_get(), pinfo, prot, flags); 890 if (error) { 891 PSHM_SUBSYS_UNLOCK(); 892 return(error); 893 } 894#endif 895 896 PSHM_SUBSYS_UNLOCK(); 897 user_map = current_map(); 898 899 if ((flags & MAP_FIXED) == 0) { 900 alloc_flags = VM_FLAGS_ANYWHERE; 901 user_addr = vm_map_round_page(user_addr); 902 } else { 903 if (user_addr != vm_map_round_page(user_addr)) 904 return (EINVAL); 905 /* 906 * We do not get rid of the existing mappings here because 907 * it wouldn't be atomic (see comment in mmap()). We let 908 * Mach VM know that we want it to replace any existing 909 * mapping with the new one. 910 */ 911 alloc_flags = VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE; 912 } 913 docow = FALSE; 914 915 mapped_size = 0; 916 917 /* reserver the entire space first... */ 918 kret = vm_map_enter_mem_object(user_map, 919 &user_addr, 920 user_size, 921 0, 922 alloc_flags, 923 IPC_PORT_NULL, 924 0, 925 FALSE, 926 VM_PROT_NONE, 927 VM_PROT_NONE, 928 VM_INHERIT_NONE); 929 user_start_addr = user_addr; 930 if (kret != KERN_SUCCESS) { 931 goto out; 932 } 933 934 /* ... and overwrite with the real mappings */ 935 for (map_pos = 0, pshmobj = pinfo->pshm_memobjects; 936 user_size != 0; 937 map_pos += pshmobj->pshmo_size, pshmobj = pshmobj->pshmo_next) { 938 if (pshmobj == NULL) { 939 /* nothing there to map !? */ 940 goto out; 941 } 942 if (file_pos >= map_pos + pshmobj->pshmo_size) { 943 continue; 944 } 945 map_size = pshmobj->pshmo_size - (file_pos - map_pos); 946 if (map_size > user_size) { 947 map_size = user_size; 948 } 949 kret = vm_map_enter_mem_object( 950 user_map, 951 &user_addr, 952 map_size, 953 0, 954 VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE, 955 pshmobj->pshmo_memobject, 956 file_pos - map_pos, 957 docow, 958 prot, 959 VM_PROT_DEFAULT, 960 VM_INHERIT_SHARE); 961 if (kret != KERN_SUCCESS) 962 goto out; 963 964 user_addr += map_size; 965 user_size -= map_size; 966 mapped_size += map_size; 967 file_pos += map_size; 968 } 969 970 PSHM_SUBSYS_LOCK(); 971 pnode->mapp_addr = user_start_addr; 972 pnode->map_size = mapped_size; 973 pinfo->pshm_flags |= (PSHM_MAPPED | PSHM_INUSE); 974 PSHM_SUBSYS_UNLOCK(); 975out: 976 if (kret != KERN_SUCCESS) { 977 if (mapped_size != 0) { 978 (void) mach_vm_deallocate(current_map(), 979 user_start_addr, 980 mapped_size); 981 } 982 } 983 984 switch (kret) { 985 case KERN_SUCCESS: 986 *retval = (user_start_addr + pageoff); 987 return (0); 988 case KERN_INVALID_ADDRESS: 989 case KERN_NO_SPACE: 990 return (ENOMEM); 991 case KERN_PROTECTION_FAILURE: 992 return (EACCES); 993 default: 994 return (EINVAL); 995 } 996 997} 998 999int 1000shm_unlink(__unused proc_t p, struct shm_unlink_args *uap, 1001 __unused int32_t *retval) 1002{ 1003 size_t i; 1004 int error=0; 1005 struct pshmname nd; 1006 struct pshminfo *pinfo; 1007 char * pnbuf; 1008 char * nameptr; 1009 char * cp; 1010 size_t pathlen, plen; 1011 int incache = 0; 1012 struct pshmcache *pcache = PSHMCACHE_NULL; 1013 struct pshmobj *pshmobj, *pshmobj_next; 1014 1015 pinfo = PSHMINFO_NULL; 1016 1017 MALLOC_ZONE(pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK); 1018 if (pnbuf == NULL) { 1019 return(ENOSPC); /* XXX non-standard */ 1020 } 1021 pathlen = MAXPATHLEN; 1022 error = copyinstr(uap->name, (void *)pnbuf, MAXPATHLEN, &pathlen); 1023 if (error) { 1024 goto bad; 1025 } 1026 AUDIT_ARG(text, pnbuf); 1027 if (pathlen > PSHMNAMLEN) { 1028 error = ENAMETOOLONG; 1029 goto bad; 1030 } 1031 1032 1033#ifdef PSXSHM_NAME_RESTRICT 1034 nameptr = pnbuf; 1035 if (*nameptr == '/') { 1036 while (*(nameptr++) == '/') { 1037 plen--; 1038 error = EINVAL; 1039 goto bad; 1040 } 1041 } else { 1042 error = EINVAL; 1043 goto bad; 1044 } 1045#endif /* PSXSHM_NAME_RESTRICT */ 1046 1047 plen = pathlen; 1048 nameptr = pnbuf; 1049 nd.pshm_nameptr = nameptr; 1050 nd.pshm_namelen = plen; 1051 nd. pshm_hash =0; 1052 1053 for (cp = nameptr, i=1; *cp != 0 && i <= plen; i++, cp++) { 1054 nd.pshm_hash += (unsigned char)*cp * i; 1055 } 1056 1057 PSHM_SUBSYS_LOCK(); 1058 error = pshm_cache_search(&pinfo, &nd, &pcache, 0); 1059 1060 if (error == ENOENT) { 1061 PSHM_SUBSYS_UNLOCK(); 1062 error = EINVAL; 1063 goto bad; 1064 1065 } 1066 if (!error) { 1067 PSHM_SUBSYS_UNLOCK(); 1068 error = EINVAL; 1069 goto bad; 1070 } else 1071 incache = 1; 1072 1073 if ((pinfo->pshm_flags & (PSHM_DEFINED | PSHM_ALLOCATED))==0) { 1074 PSHM_SUBSYS_UNLOCK(); 1075 error = EINVAL; 1076 goto bad; 1077 } 1078 1079 if (pinfo->pshm_flags & PSHM_ALLOCATING) { 1080 /* XXX should we wait for flag to clear and then proceed ? */ 1081 PSHM_SUBSYS_UNLOCK(); 1082 error = EAGAIN; 1083 goto bad; 1084 } 1085 1086 if (pinfo->pshm_flags & PSHM_INDELETE) { 1087 PSHM_SUBSYS_UNLOCK(); 1088 error = 0; 1089 goto bad; 1090 } 1091#if CONFIG_MACF 1092 error = mac_posixshm_check_unlink(kauth_cred_get(), pinfo, nameptr); 1093 if (error) { 1094 PSHM_SUBSYS_UNLOCK(); 1095 goto bad; 1096 } 1097#endif 1098 1099 AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, pinfo->pshm_gid, 1100 pinfo->pshm_mode); 1101 1102 /* 1103 * following file semantics, unlink should be allowed 1104 * for users with write permission only. 1105 */ 1106 if ( (error = pshm_access(pinfo, FWRITE, kauth_cred_get(), p)) ) { 1107 PSHM_SUBSYS_UNLOCK(); 1108 goto bad; 1109 } 1110 1111 pinfo->pshm_flags |= PSHM_INDELETE; 1112 pshm_cache_delete(pcache); 1113 pinfo->pshm_flags |= PSHM_REMOVED; 1114 /* release the existence reference */ 1115 if (!--pinfo->pshm_usecount) { 1116#if CONFIG_MACF 1117 mac_posixshm_label_destroy(pinfo); 1118#endif 1119 PSHM_SUBSYS_UNLOCK(); 1120 /* 1121 * If this is the last reference going away on the object, 1122 * then we need to destroy the backing object. The name 1123 * has an implied but uncounted reference on the object, 1124 * once it's created, since it's used as a rendezvous, and 1125 * therefore may be subsequently reopened. 1126 */ 1127 for (pshmobj = pinfo->pshm_memobjects; 1128 pshmobj != NULL; 1129 pshmobj = pshmobj_next) { 1130 mach_memory_entry_port_release(pshmobj->pshmo_memobject); 1131 pshmobj_next = pshmobj->pshmo_next; 1132 FREE(pshmobj, M_SHM); 1133 } 1134 FREE(pinfo,M_SHM); 1135 } else { 1136 PSHM_SUBSYS_UNLOCK(); 1137 } 1138 FREE(pcache, M_SHM); 1139 error = 0; 1140bad: 1141 FREE_ZONE(pnbuf, MAXPATHLEN, M_NAMEI); 1142 return (error); 1143} 1144 1145/* already called locked */ 1146static int 1147pshm_close(struct pshminfo *pinfo, int dropref) 1148{ 1149 int error = 0; 1150 struct pshmobj *pshmobj, *pshmobj_next; 1151 1152 /* 1153 * If we are dropping the reference we took on the cache object, don't 1154 * enforce the allocation requirement. 1155 */ 1156 if ( !dropref && ((pinfo->pshm_flags & PSHM_ALLOCATED) != PSHM_ALLOCATED)) { 1157 return(EINVAL); 1158 } 1159#if DIAGNOSTIC 1160 if(!pinfo->pshm_usecount) { 1161 kprintf("negative usecount in pshm_close\n"); 1162 } 1163#endif /* DIAGNOSTIC */ 1164 pinfo->pshm_usecount--; /* release this fd's reference */ 1165 1166 if ((pinfo->pshm_flags & PSHM_REMOVED) && !pinfo->pshm_usecount) { 1167#if CONFIG_MACF 1168 mac_posixshm_label_destroy(pinfo); 1169#endif 1170 PSHM_SUBSYS_UNLOCK(); 1171 /* 1172 * If this is the last reference going away on the object, 1173 * then we need to destroy the backing object. 1174 */ 1175 for (pshmobj = pinfo->pshm_memobjects; 1176 pshmobj != NULL; 1177 pshmobj = pshmobj_next) { 1178 mach_memory_entry_port_release(pshmobj->pshmo_memobject); 1179 pshmobj_next = pshmobj->pshmo_next; 1180 FREE(pshmobj, M_SHM); 1181 } 1182 PSHM_SUBSYS_LOCK(); 1183 FREE(pinfo,M_SHM); 1184 } 1185 return (error); 1186} 1187 1188/* vfs_context_t passed to match prototype for struct fileops */ 1189static int 1190pshm_closefile(struct fileglob *fg, __unused vfs_context_t ctx) 1191{ 1192 int error = EINVAL; 1193 struct pshmnode *pnode; 1194 1195 PSHM_SUBSYS_LOCK(); 1196 1197 if ((pnode = (struct pshmnode *)fg->fg_data) != NULL) { 1198 if (pnode->pinfo != PSHMINFO_NULL) { 1199 error = pshm_close(pnode->pinfo, 0); 1200 } 1201 FREE(pnode, M_SHM); 1202 } 1203 1204 PSHM_SUBSYS_UNLOCK(); 1205 1206 return(error); 1207} 1208 1209static int 1210pshm_read(__unused struct fileproc *fp, __unused struct uio *uio, 1211 __unused int flags, __unused vfs_context_t ctx) 1212{ 1213 return(ENOTSUP); 1214} 1215 1216static int 1217pshm_write(__unused struct fileproc *fp, __unused struct uio *uio, 1218 __unused int flags, __unused vfs_context_t ctx) 1219{ 1220 return(ENOTSUP); 1221} 1222 1223static int 1224pshm_ioctl(__unused struct fileproc *fp, __unused u_long com, 1225 __unused caddr_t data, __unused vfs_context_t ctx) 1226{ 1227 return(ENOTSUP); 1228} 1229 1230static int 1231pshm_select(__unused struct fileproc *fp, __unused int which, __unused void *wql, 1232 __unused vfs_context_t ctx) 1233{ 1234 return(ENOTSUP); 1235} 1236 1237static int 1238pshm_kqfilter(__unused struct fileproc *fp, __unused struct knote *kn, 1239 __unused vfs_context_t ctx) 1240{ 1241 return(ENOTSUP); 1242} 1243 1244int 1245fill_pshminfo(struct pshmnode * pshm, struct pshm_info * info) 1246{ 1247 struct pshminfo *pinfo; 1248 struct vinfo_stat *sb; 1249 1250 PSHM_SUBSYS_LOCK(); 1251 if ((pinfo = pshm->pinfo) == PSHMINFO_NULL){ 1252 PSHM_SUBSYS_UNLOCK(); 1253 return(EINVAL); 1254 } 1255 1256 sb = &info->pshm_stat; 1257 1258 bzero(sb, sizeof(struct vinfo_stat)); 1259 sb->vst_mode = pinfo->pshm_mode; 1260 sb->vst_uid = pinfo->pshm_uid; 1261 sb->vst_gid = pinfo->pshm_gid; 1262 sb->vst_size = pinfo->pshm_length; 1263 1264 info->pshm_mappaddr = pshm->mapp_addr; 1265 bcopy(&pinfo->pshm_name[0], &info->pshm_name[0], PSHMNAMLEN+1); 1266 1267 PSHM_SUBSYS_UNLOCK(); 1268 return(0); 1269} 1270 1271#if CONFIG_MACF 1272void 1273pshm_label_associate(struct fileproc *fp, struct vnode *vp, vfs_context_t ctx) 1274{ 1275 struct pshmnode *pnode; 1276 struct pshminfo *pshm; 1277 1278 PSHM_SUBSYS_LOCK(); 1279 pnode = (struct pshmnode *)fp->f_fglob->fg_data; 1280 if (pnode != NULL) { 1281 pshm = pnode->pinfo; 1282 if (pshm != NULL) 1283 mac_posixshm_vnode_label_associate( 1284 vfs_context_ucred(ctx), pshm, pshm->pshm_label, 1285 vp, vp->v_label); 1286 } 1287 PSHM_SUBSYS_UNLOCK(); 1288} 1289#endif 1290