uipc_shm.c revision 269495
1175164Sjhb/*- 2225344Srwatson * Copyright (c) 2006, 2011 Robert N. M. Watson 3175164Sjhb * All rights reserved. 4175164Sjhb * 5175164Sjhb * Redistribution and use in source and binary forms, with or without 6175164Sjhb * modification, are permitted provided that the following conditions 7175164Sjhb * are met: 8175164Sjhb * 1. Redistributions of source code must retain the above copyright 9175164Sjhb * notice, this list of conditions and the following disclaimer. 10175164Sjhb * 2. Redistributions in binary form must reproduce the above copyright 11175164Sjhb * notice, this list of conditions and the following disclaimer in the 12175164Sjhb * documentation and/or other materials provided with the distribution. 13175164Sjhb * 14175164Sjhb * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15175164Sjhb * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16175164Sjhb * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17175164Sjhb * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18175164Sjhb * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19175164Sjhb * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20175164Sjhb * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21175164Sjhb * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22175164Sjhb * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23175164Sjhb * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24175164Sjhb * SUCH DAMAGE. 25175164Sjhb */ 26175164Sjhb 27175164Sjhb/* 28175164Sjhb * Support for shared swap-backed anonymous memory objects via 29175164Sjhb * shm_open(2) and shm_unlink(2). While most of the implementation is 30175164Sjhb * here, vm_mmap.c contains mapping logic changes. 31175164Sjhb * 32175164Sjhb * TODO: 33175164Sjhb * 34225344Srwatson * (1) Need to export data to a userland tool via a sysctl. Should ipcs(1) 35175164Sjhb * and ipcrm(1) be expanded or should new tools to manage both POSIX 36175164Sjhb * kernel semaphores and POSIX shared memory be written? 37175164Sjhb * 38225344Srwatson * (2) Add support for this file type to fstat(1). 39175164Sjhb * 40225344Srwatson * (3) Resource limits? Does this need its own resource limits or are the 41175164Sjhb * existing limits in mmap(2) sufficient? 42175164Sjhb */ 43175164Sjhb 44175164Sjhb#include <sys/cdefs.h> 45175164Sjhb__FBSDID("$FreeBSD: stable/10/sys/kern/uipc_shm.c 269495 2014-08-04 01:14:27Z kib $"); 46175164Sjhb 47223692Sjonathan#include "opt_capsicum.h" 48223692Sjonathan 49175164Sjhb#include <sys/param.h> 50223692Sjonathan#include <sys/capability.h> 51175164Sjhb#include <sys/fcntl.h> 52175164Sjhb#include <sys/file.h> 53175164Sjhb#include <sys/filedesc.h> 54175164Sjhb#include <sys/fnv_hash.h> 55175164Sjhb#include <sys/kernel.h> 56175164Sjhb#include <sys/lock.h> 57175164Sjhb#include <sys/malloc.h> 58175164Sjhb#include <sys/mman.h> 59175164Sjhb#include <sys/mutex.h> 60224914Skib#include <sys/priv.h> 61175164Sjhb#include <sys/proc.h> 62175164Sjhb#include <sys/refcount.h> 63175164Sjhb#include <sys/resourcevar.h> 64248084Sattilio#include <sys/rwlock.h> 65175164Sjhb#include <sys/stat.h> 66175164Sjhb#include <sys/sysctl.h> 67175164Sjhb#include <sys/sysproto.h> 68175164Sjhb#include <sys/systm.h> 69175164Sjhb#include <sys/sx.h> 70175164Sjhb#include <sys/time.h> 71175164Sjhb#include <sys/vnode.h> 72254603Skib#include <sys/unistd.h> 73175164Sjhb 74175164Sjhb#include <security/mac/mac_framework.h> 75175164Sjhb 76175164Sjhb#include <vm/vm.h> 77175164Sjhb#include <vm/vm_param.h> 78175164Sjhb#include <vm/pmap.h> 79228533Sjhb#include <vm/vm_extern.h> 80175164Sjhb#include <vm/vm_map.h> 81228509Sjhb#include <vm/vm_kern.h> 82175164Sjhb#include <vm/vm_object.h> 83175164Sjhb#include <vm/vm_page.h> 84229821Salc#include <vm/vm_pageout.h> 85175164Sjhb#include <vm/vm_pager.h> 86175164Sjhb#include <vm/swap_pager.h> 87175164Sjhb 88175164Sjhbstruct shm_mapping { 89175164Sjhb char *sm_path; 90175164Sjhb Fnv32_t sm_fnv; 91175164Sjhb struct shmfd *sm_shmfd; 92175164Sjhb LIST_ENTRY(shm_mapping) sm_link; 93175164Sjhb}; 94175164Sjhb 95175164Sjhbstatic MALLOC_DEFINE(M_SHMFD, "shmfd", "shared memory file descriptor"); 96175164Sjhbstatic LIST_HEAD(, shm_mapping) *shm_dictionary; 97175164Sjhbstatic struct sx shm_dict_lock; 98175164Sjhbstatic struct mtx shm_timestamp_lock; 99175164Sjhbstatic u_long shm_hash; 100175164Sjhb 101175164Sjhb#define SHM_HASH(fnv) (&shm_dictionary[(fnv) & shm_hash]) 102175164Sjhb 103175164Sjhbstatic int shm_access(struct shmfd *shmfd, struct ucred *ucred, int flags); 104175164Sjhbstatic struct shmfd *shm_alloc(struct ucred *ucred, mode_t mode); 105175164Sjhbstatic void shm_dict_init(void *arg); 106175164Sjhbstatic void shm_drop(struct shmfd *shmfd); 107175164Sjhbstatic struct shmfd *shm_hold(struct shmfd *shmfd); 108175164Sjhbstatic void shm_insert(char *path, Fnv32_t fnv, struct shmfd *shmfd); 109175164Sjhbstatic struct shmfd *shm_lookup(char *path, Fnv32_t fnv); 110175164Sjhbstatic int shm_remove(char *path, Fnv32_t fnv, struct ucred *ucred); 111194766Skibstatic int shm_dotruncate(struct shmfd *shmfd, off_t length); 112175164Sjhb 113175164Sjhbstatic fo_rdwr_t shm_read; 114175164Sjhbstatic fo_rdwr_t shm_write; 115175164Sjhbstatic fo_truncate_t shm_truncate; 116175164Sjhbstatic fo_ioctl_t shm_ioctl; 117175164Sjhbstatic fo_poll_t shm_poll; 118175164Sjhbstatic fo_kqfilter_t shm_kqfilter; 119175164Sjhbstatic fo_stat_t shm_stat; 120175164Sjhbstatic fo_close_t shm_close; 121224914Skibstatic fo_chmod_t shm_chmod; 122224914Skibstatic fo_chown_t shm_chown; 123254603Skibstatic fo_seek_t shm_seek; 124175164Sjhb 125175164Sjhb/* File descriptor operations. */ 126175164Sjhbstatic struct fileops shm_ops = { 127175164Sjhb .fo_read = shm_read, 128175164Sjhb .fo_write = shm_write, 129175164Sjhb .fo_truncate = shm_truncate, 130175164Sjhb .fo_ioctl = shm_ioctl, 131175164Sjhb .fo_poll = shm_poll, 132175164Sjhb .fo_kqfilter = shm_kqfilter, 133175164Sjhb .fo_stat = shm_stat, 134175164Sjhb .fo_close = shm_close, 135224914Skib .fo_chmod = shm_chmod, 136224914Skib .fo_chown = shm_chown, 137255467Skib .fo_sendfile = vn_sendfile, 138254603Skib .fo_seek = shm_seek, 139254603Skib .fo_flags = DFLAG_PASSABLE | DFLAG_SEEKABLE 140175164Sjhb}; 141175164Sjhb 142175164SjhbFEATURE(posix_shm, "POSIX shared memory"); 143175164Sjhb 144175164Sjhbstatic int 145254601Skibuiomove_object_page(vm_object_t obj, size_t len, struct uio *uio) 146254601Skib{ 147254601Skib vm_page_t m; 148254601Skib vm_pindex_t idx; 149254601Skib size_t tlen; 150254601Skib int error, offset, rv; 151254601Skib 152254601Skib idx = OFF_TO_IDX(uio->uio_offset); 153254601Skib offset = uio->uio_offset & PAGE_MASK; 154254601Skib tlen = MIN(PAGE_SIZE - offset, len); 155254601Skib 156254601Skib VM_OBJECT_WLOCK(obj); 157254601Skib 158254601Skib /* 159254601Skib * Parallel reads of the page content from disk are prevented 160254601Skib * by exclusive busy. 161254601Skib * 162254601Skib * Although the tmpfs vnode lock is held here, it is 163254601Skib * nonetheless safe to sleep waiting for a free page. The 164254601Skib * pageout daemon does not need to acquire the tmpfs vnode 165254601Skib * lock to page out tobj's pages because tobj is a OBJT_SWAP 166254601Skib * type object. 167254601Skib */ 168254649Skib m = vm_page_grab(obj, idx, VM_ALLOC_NORMAL); 169254601Skib if (m->valid != VM_PAGE_BITS_ALL) { 170254601Skib if (vm_pager_has_page(obj, idx, NULL, NULL)) { 171254601Skib rv = vm_pager_get_pages(obj, &m, 1, 0); 172254601Skib m = vm_page_lookup(obj, idx); 173254601Skib if (m == NULL) { 174254601Skib printf( 175254601Skib "uiomove_object: vm_obj %p idx %jd null lookup rv %d\n", 176254601Skib obj, idx, rv); 177254601Skib VM_OBJECT_WUNLOCK(obj); 178254601Skib return (EIO); 179254601Skib } 180254601Skib if (rv != VM_PAGER_OK) { 181254601Skib printf( 182254601Skib "uiomove_object: vm_obj %p idx %jd valid %x pager error %d\n", 183254601Skib obj, idx, m->valid, rv); 184254601Skib vm_page_lock(m); 185254601Skib vm_page_free(m); 186254601Skib vm_page_unlock(m); 187254601Skib VM_OBJECT_WUNLOCK(obj); 188254601Skib return (EIO); 189254601Skib } 190254601Skib } else 191254601Skib vm_page_zero_invalid(m, TRUE); 192254601Skib } 193254601Skib vm_page_xunbusy(m); 194254601Skib vm_page_lock(m); 195254601Skib vm_page_hold(m); 196254601Skib vm_page_unlock(m); 197254601Skib VM_OBJECT_WUNLOCK(obj); 198254601Skib error = uiomove_fromphys(&m, offset, tlen, uio); 199254601Skib if (uio->uio_rw == UIO_WRITE && error == 0) { 200254601Skib VM_OBJECT_WLOCK(obj); 201254601Skib vm_page_dirty(m); 202269495Skib vm_pager_page_unswapped(m); 203254601Skib VM_OBJECT_WUNLOCK(obj); 204254601Skib } 205254601Skib vm_page_lock(m); 206254601Skib vm_page_unhold(m); 207254601Skib if (m->queue == PQ_NONE) { 208254601Skib vm_page_deactivate(m); 209254601Skib } else { 210254601Skib /* Requeue to maintain LRU ordering. */ 211254601Skib vm_page_requeue(m); 212254601Skib } 213254601Skib vm_page_unlock(m); 214254601Skib 215254601Skib return (error); 216254601Skib} 217254601Skib 218254601Skibint 219254601Skibuiomove_object(vm_object_t obj, off_t obj_size, struct uio *uio) 220254601Skib{ 221254601Skib ssize_t resid; 222254601Skib size_t len; 223254601Skib int error; 224254601Skib 225254601Skib error = 0; 226254601Skib while ((resid = uio->uio_resid) > 0) { 227254601Skib if (obj_size <= uio->uio_offset) 228254601Skib break; 229254601Skib len = MIN(obj_size - uio->uio_offset, resid); 230254601Skib if (len == 0) 231254601Skib break; 232254601Skib error = uiomove_object_page(obj, len, uio); 233254601Skib if (error != 0 || resid == uio->uio_resid) 234254601Skib break; 235254601Skib } 236254601Skib return (error); 237254601Skib} 238254601Skib 239254601Skibstatic int 240254603Skibshm_seek(struct file *fp, off_t offset, int whence, struct thread *td) 241254603Skib{ 242254603Skib struct shmfd *shmfd; 243254603Skib off_t foffset; 244254603Skib int error; 245254603Skib 246254603Skib shmfd = fp->f_data; 247254603Skib foffset = foffset_lock(fp, 0); 248254603Skib error = 0; 249254603Skib switch (whence) { 250254603Skib case L_INCR: 251254603Skib if (foffset < 0 || 252254603Skib (offset > 0 && foffset > OFF_MAX - offset)) { 253254603Skib error = EOVERFLOW; 254254603Skib break; 255254603Skib } 256254603Skib offset += foffset; 257254603Skib break; 258254603Skib case L_XTND: 259254603Skib if (offset > 0 && shmfd->shm_size > OFF_MAX - offset) { 260254603Skib error = EOVERFLOW; 261254603Skib break; 262254603Skib } 263254603Skib offset += shmfd->shm_size; 264254603Skib break; 265254603Skib case L_SET: 266254603Skib break; 267254603Skib default: 268254603Skib error = EINVAL; 269254603Skib } 270254603Skib if (error == 0) { 271254603Skib if (offset < 0 || offset > shmfd->shm_size) 272254603Skib error = EINVAL; 273254603Skib else 274254603Skib *(off_t *)(td->td_retval) = offset; 275254603Skib } 276254603Skib foffset_unlock(fp, offset, error != 0 ? FOF_NOUPDATE : 0); 277254603Skib return (error); 278254603Skib} 279254603Skib 280254603Skibstatic int 281175164Sjhbshm_read(struct file *fp, struct uio *uio, struct ucred *active_cred, 282175164Sjhb int flags, struct thread *td) 283175164Sjhb{ 284254603Skib struct shmfd *shmfd; 285254603Skib void *rl_cookie; 286254603Skib int error; 287175164Sjhb 288254603Skib shmfd = fp->f_data; 289254603Skib foffset_lock_uio(fp, uio, flags); 290254603Skib rl_cookie = rangelock_rlock(&shmfd->shm_rl, uio->uio_offset, 291254603Skib uio->uio_offset + uio->uio_resid, &shmfd->shm_mtx); 292254603Skib#ifdef MAC 293254603Skib error = mac_posixshm_check_read(active_cred, fp->f_cred, shmfd); 294254603Skib if (error) 295254603Skib return (error); 296254603Skib#endif 297254603Skib error = uiomove_object(shmfd->shm_object, shmfd->shm_size, uio); 298254603Skib rangelock_unlock(&shmfd->shm_rl, rl_cookie, &shmfd->shm_mtx); 299254603Skib foffset_unlock_uio(fp, uio, flags); 300254603Skib return (error); 301175164Sjhb} 302175164Sjhb 303175164Sjhbstatic int 304175164Sjhbshm_write(struct file *fp, struct uio *uio, struct ucred *active_cred, 305175164Sjhb int flags, struct thread *td) 306175164Sjhb{ 307254603Skib struct shmfd *shmfd; 308254603Skib void *rl_cookie; 309254603Skib int error; 310175164Sjhb 311254603Skib shmfd = fp->f_data; 312254603Skib#ifdef MAC 313254603Skib error = mac_posixshm_check_write(active_cred, fp->f_cred, shmfd); 314254603Skib if (error) 315254603Skib return (error); 316254603Skib#endif 317254603Skib foffset_lock_uio(fp, uio, flags); 318254603Skib if ((flags & FOF_OFFSET) == 0) { 319254603Skib rl_cookie = rangelock_wlock(&shmfd->shm_rl, 0, OFF_MAX, 320254603Skib &shmfd->shm_mtx); 321254603Skib } else { 322254603Skib rl_cookie = rangelock_wlock(&shmfd->shm_rl, uio->uio_offset, 323254603Skib uio->uio_offset + uio->uio_resid, &shmfd->shm_mtx); 324254603Skib } 325254603Skib 326254603Skib error = uiomove_object(shmfd->shm_object, shmfd->shm_size, uio); 327254603Skib rangelock_unlock(&shmfd->shm_rl, rl_cookie, &shmfd->shm_mtx); 328254603Skib foffset_unlock_uio(fp, uio, flags); 329254603Skib return (error); 330175164Sjhb} 331175164Sjhb 332175164Sjhbstatic int 333175164Sjhbshm_truncate(struct file *fp, off_t length, struct ucred *active_cred, 334175164Sjhb struct thread *td) 335175164Sjhb{ 336175164Sjhb struct shmfd *shmfd; 337175164Sjhb#ifdef MAC 338175164Sjhb int error; 339175164Sjhb#endif 340175164Sjhb 341175164Sjhb shmfd = fp->f_data; 342175164Sjhb#ifdef MAC 343175164Sjhb error = mac_posixshm_check_truncate(active_cred, fp->f_cred, shmfd); 344175164Sjhb if (error) 345175164Sjhb return (error); 346175164Sjhb#endif 347194766Skib return (shm_dotruncate(shmfd, length)); 348175164Sjhb} 349175164Sjhb 350175164Sjhbstatic int 351175164Sjhbshm_ioctl(struct file *fp, u_long com, void *data, 352175164Sjhb struct ucred *active_cred, struct thread *td) 353175164Sjhb{ 354175164Sjhb 355175164Sjhb return (EOPNOTSUPP); 356175164Sjhb} 357175164Sjhb 358175164Sjhbstatic int 359175164Sjhbshm_poll(struct file *fp, int events, struct ucred *active_cred, 360175164Sjhb struct thread *td) 361175164Sjhb{ 362175164Sjhb 363175164Sjhb return (EOPNOTSUPP); 364175164Sjhb} 365175164Sjhb 366175164Sjhbstatic int 367175164Sjhbshm_kqfilter(struct file *fp, struct knote *kn) 368175164Sjhb{ 369175164Sjhb 370175164Sjhb return (EOPNOTSUPP); 371175164Sjhb} 372175164Sjhb 373175164Sjhbstatic int 374175164Sjhbshm_stat(struct file *fp, struct stat *sb, struct ucred *active_cred, 375175164Sjhb struct thread *td) 376175164Sjhb{ 377175164Sjhb struct shmfd *shmfd; 378175164Sjhb#ifdef MAC 379175164Sjhb int error; 380175164Sjhb#endif 381175164Sjhb 382175164Sjhb shmfd = fp->f_data; 383175164Sjhb 384175164Sjhb#ifdef MAC 385175164Sjhb error = mac_posixshm_check_stat(active_cred, fp->f_cred, shmfd); 386175164Sjhb if (error) 387175164Sjhb return (error); 388175164Sjhb#endif 389175164Sjhb 390175164Sjhb /* 391175164Sjhb * Attempt to return sanish values for fstat() on a memory file 392175164Sjhb * descriptor. 393175164Sjhb */ 394175164Sjhb bzero(sb, sizeof(*sb)); 395175164Sjhb sb->st_blksize = PAGE_SIZE; 396175164Sjhb sb->st_size = shmfd->shm_size; 397175164Sjhb sb->st_blocks = (sb->st_size + sb->st_blksize - 1) / sb->st_blksize; 398224914Skib mtx_lock(&shm_timestamp_lock); 399205792Sed sb->st_atim = shmfd->shm_atime; 400205792Sed sb->st_ctim = shmfd->shm_ctime; 401205792Sed sb->st_mtim = shmfd->shm_mtime; 402224914Skib sb->st_birthtim = shmfd->shm_birthtime; 403224914Skib sb->st_mode = S_IFREG | shmfd->shm_mode; /* XXX */ 404175164Sjhb sb->st_uid = shmfd->shm_uid; 405175164Sjhb sb->st_gid = shmfd->shm_gid; 406224914Skib mtx_unlock(&shm_timestamp_lock); 407175164Sjhb 408175164Sjhb return (0); 409175164Sjhb} 410175164Sjhb 411175164Sjhbstatic int 412175164Sjhbshm_close(struct file *fp, struct thread *td) 413175164Sjhb{ 414175164Sjhb struct shmfd *shmfd; 415175164Sjhb 416175164Sjhb shmfd = fp->f_data; 417175164Sjhb fp->f_data = NULL; 418175164Sjhb shm_drop(shmfd); 419175164Sjhb 420175164Sjhb return (0); 421175164Sjhb} 422175164Sjhb 423194766Skibstatic int 424175164Sjhbshm_dotruncate(struct shmfd *shmfd, off_t length) 425175164Sjhb{ 426175164Sjhb vm_object_t object; 427229821Salc vm_page_t m, ma[1]; 428229821Salc vm_pindex_t idx, nobjsize; 429194766Skib vm_ooffset_t delta; 430229821Salc int base, rv; 431175164Sjhb 432175164Sjhb object = shmfd->shm_object; 433248084Sattilio VM_OBJECT_WLOCK(object); 434175164Sjhb if (length == shmfd->shm_size) { 435248084Sattilio VM_OBJECT_WUNLOCK(object); 436194766Skib return (0); 437175164Sjhb } 438175164Sjhb nobjsize = OFF_TO_IDX(length + PAGE_MASK); 439175164Sjhb 440175164Sjhb /* Are we shrinking? If so, trim the end. */ 441175164Sjhb if (length < shmfd->shm_size) { 442228509Sjhb /* 443228509Sjhb * Disallow any requests to shrink the size if this 444228509Sjhb * object is mapped into the kernel. 445228509Sjhb */ 446228509Sjhb if (shmfd->shm_kmappings > 0) { 447248084Sattilio VM_OBJECT_WUNLOCK(object); 448228509Sjhb return (EBUSY); 449228509Sjhb } 450229821Salc 451229821Salc /* 452229821Salc * Zero the truncated part of the last page. 453229821Salc */ 454229821Salc base = length & PAGE_MASK; 455229821Salc if (base != 0) { 456229821Salc idx = OFF_TO_IDX(length); 457229821Salcretry: 458229821Salc m = vm_page_lookup(object, idx); 459229821Salc if (m != NULL) { 460254138Sattilio if (vm_page_sleep_if_busy(m, "shmtrc")) 461229821Salc goto retry; 462229821Salc } else if (vm_pager_has_page(object, idx, NULL, NULL)) { 463229821Salc m = vm_page_alloc(object, idx, VM_ALLOC_NORMAL); 464229821Salc if (m == NULL) { 465248084Sattilio VM_OBJECT_WUNLOCK(object); 466229821Salc VM_WAIT; 467248084Sattilio VM_OBJECT_WLOCK(object); 468229821Salc goto retry; 469229821Salc } else if (m->valid != VM_PAGE_BITS_ALL) { 470229821Salc ma[0] = m; 471229821Salc rv = vm_pager_get_pages(object, ma, 1, 472229821Salc 0); 473229821Salc m = vm_page_lookup(object, idx); 474229821Salc } else 475229821Salc /* A cached page was reactivated. */ 476229821Salc rv = VM_PAGER_OK; 477229821Salc vm_page_lock(m); 478229821Salc if (rv == VM_PAGER_OK) { 479229821Salc vm_page_deactivate(m); 480229821Salc vm_page_unlock(m); 481254138Sattilio vm_page_xunbusy(m); 482229821Salc } else { 483229821Salc vm_page_free(m); 484229821Salc vm_page_unlock(m); 485248084Sattilio VM_OBJECT_WUNLOCK(object); 486229821Salc return (EIO); 487229821Salc } 488229821Salc } 489229821Salc if (m != NULL) { 490229821Salc pmap_zero_page_area(m, base, PAGE_SIZE - base); 491229821Salc KASSERT(m->valid == VM_PAGE_BITS_ALL, 492229821Salc ("shm_dotruncate: page %p is invalid", m)); 493229821Salc vm_page_dirty(m); 494229821Salc vm_pager_page_unswapped(m); 495229821Salc } 496229821Salc } 497194766Skib delta = ptoa(object->size - nobjsize); 498194766Skib 499175164Sjhb /* Toss in memory pages. */ 500175164Sjhb if (nobjsize < object->size) 501175164Sjhb vm_object_page_remove(object, nobjsize, object->size, 502223677Salc 0); 503175164Sjhb 504175164Sjhb /* Toss pages from swap. */ 505175164Sjhb if (object->type == OBJT_SWAP) 506194766Skib swap_pager_freespace(object, nobjsize, delta); 507175164Sjhb 508194766Skib /* Free the swap accounted for shm */ 509216128Strasz swap_release_by_cred(delta, object->cred); 510194766Skib object->charge -= delta; 511194766Skib } else { 512194766Skib /* Attempt to reserve the swap */ 513194766Skib delta = ptoa(nobjsize - object->size); 514216128Strasz if (!swap_reserve_by_cred(delta, object->cred)) { 515248084Sattilio VM_OBJECT_WUNLOCK(object); 516194766Skib return (ENOMEM); 517194766Skib } 518194766Skib object->charge += delta; 519175164Sjhb } 520175164Sjhb shmfd->shm_size = length; 521175164Sjhb mtx_lock(&shm_timestamp_lock); 522175164Sjhb vfs_timestamp(&shmfd->shm_ctime); 523175164Sjhb shmfd->shm_mtime = shmfd->shm_ctime; 524175164Sjhb mtx_unlock(&shm_timestamp_lock); 525175164Sjhb object->size = nobjsize; 526248084Sattilio VM_OBJECT_WUNLOCK(object); 527194766Skib return (0); 528175164Sjhb} 529175164Sjhb 530175164Sjhb/* 531175164Sjhb * shmfd object management including creation and reference counting 532175164Sjhb * routines. 533175164Sjhb */ 534175164Sjhbstatic struct shmfd * 535175164Sjhbshm_alloc(struct ucred *ucred, mode_t mode) 536175164Sjhb{ 537175164Sjhb struct shmfd *shmfd; 538175164Sjhb 539175164Sjhb shmfd = malloc(sizeof(*shmfd), M_SHMFD, M_WAITOK | M_ZERO); 540175164Sjhb shmfd->shm_size = 0; 541175164Sjhb shmfd->shm_uid = ucred->cr_uid; 542175164Sjhb shmfd->shm_gid = ucred->cr_gid; 543175164Sjhb shmfd->shm_mode = mode; 544175164Sjhb shmfd->shm_object = vm_pager_allocate(OBJT_DEFAULT, NULL, 545194766Skib shmfd->shm_size, VM_PROT_DEFAULT, 0, ucred); 546175164Sjhb KASSERT(shmfd->shm_object != NULL, ("shm_create: vm_pager_allocate")); 547248084Sattilio VM_OBJECT_WLOCK(shmfd->shm_object); 548178181Salc vm_object_clear_flag(shmfd->shm_object, OBJ_ONEMAPPING); 549178181Salc vm_object_set_flag(shmfd->shm_object, OBJ_NOSPLIT); 550248084Sattilio VM_OBJECT_WUNLOCK(shmfd->shm_object); 551175164Sjhb vfs_timestamp(&shmfd->shm_birthtime); 552175164Sjhb shmfd->shm_atime = shmfd->shm_mtime = shmfd->shm_ctime = 553175164Sjhb shmfd->shm_birthtime; 554175164Sjhb refcount_init(&shmfd->shm_refs, 1); 555254603Skib mtx_init(&shmfd->shm_mtx, "shmrl", NULL, MTX_DEF); 556254603Skib rangelock_init(&shmfd->shm_rl); 557175164Sjhb#ifdef MAC 558175164Sjhb mac_posixshm_init(shmfd); 559175164Sjhb mac_posixshm_create(ucred, shmfd); 560175164Sjhb#endif 561175164Sjhb 562175164Sjhb return (shmfd); 563175164Sjhb} 564175164Sjhb 565175164Sjhbstatic struct shmfd * 566175164Sjhbshm_hold(struct shmfd *shmfd) 567175164Sjhb{ 568175164Sjhb 569175164Sjhb refcount_acquire(&shmfd->shm_refs); 570175164Sjhb return (shmfd); 571175164Sjhb} 572175164Sjhb 573175164Sjhbstatic void 574175164Sjhbshm_drop(struct shmfd *shmfd) 575175164Sjhb{ 576175164Sjhb 577175164Sjhb if (refcount_release(&shmfd->shm_refs)) { 578175164Sjhb#ifdef MAC 579175164Sjhb mac_posixshm_destroy(shmfd); 580175164Sjhb#endif 581254603Skib rangelock_destroy(&shmfd->shm_rl); 582254603Skib mtx_destroy(&shmfd->shm_mtx); 583175164Sjhb vm_object_deallocate(shmfd->shm_object); 584175164Sjhb free(shmfd, M_SHMFD); 585175164Sjhb } 586175164Sjhb} 587175164Sjhb 588175164Sjhb/* 589175164Sjhb * Determine if the credentials have sufficient permissions for a 590175164Sjhb * specified combination of FREAD and FWRITE. 591175164Sjhb */ 592175164Sjhbstatic int 593175164Sjhbshm_access(struct shmfd *shmfd, struct ucred *ucred, int flags) 594175164Sjhb{ 595184413Strasz accmode_t accmode; 596224914Skib int error; 597175164Sjhb 598184413Strasz accmode = 0; 599175164Sjhb if (flags & FREAD) 600184413Strasz accmode |= VREAD; 601175164Sjhb if (flags & FWRITE) 602184413Strasz accmode |= VWRITE; 603224914Skib mtx_lock(&shm_timestamp_lock); 604224914Skib error = vaccess(VREG, shmfd->shm_mode, shmfd->shm_uid, shmfd->shm_gid, 605224914Skib accmode, ucred, NULL); 606224914Skib mtx_unlock(&shm_timestamp_lock); 607224914Skib return (error); 608175164Sjhb} 609175164Sjhb 610175164Sjhb/* 611175164Sjhb * Dictionary management. We maintain an in-kernel dictionary to map 612175164Sjhb * paths to shmfd objects. We use the FNV hash on the path to store 613175164Sjhb * the mappings in a hash table. 614175164Sjhb */ 615175164Sjhbstatic void 616175164Sjhbshm_dict_init(void *arg) 617175164Sjhb{ 618175164Sjhb 619175164Sjhb mtx_init(&shm_timestamp_lock, "shm timestamps", NULL, MTX_DEF); 620175164Sjhb sx_init(&shm_dict_lock, "shm dictionary"); 621175164Sjhb shm_dictionary = hashinit(1024, M_SHMFD, &shm_hash); 622175164Sjhb} 623175164SjhbSYSINIT(shm_dict_init, SI_SUB_SYSV_SHM, SI_ORDER_ANY, shm_dict_init, NULL); 624175164Sjhb 625175164Sjhbstatic struct shmfd * 626175164Sjhbshm_lookup(char *path, Fnv32_t fnv) 627175164Sjhb{ 628175164Sjhb struct shm_mapping *map; 629175164Sjhb 630175164Sjhb LIST_FOREACH(map, SHM_HASH(fnv), sm_link) { 631175164Sjhb if (map->sm_fnv != fnv) 632175164Sjhb continue; 633175164Sjhb if (strcmp(map->sm_path, path) == 0) 634175164Sjhb return (map->sm_shmfd); 635175164Sjhb } 636175164Sjhb 637175164Sjhb return (NULL); 638175164Sjhb} 639175164Sjhb 640175164Sjhbstatic void 641175164Sjhbshm_insert(char *path, Fnv32_t fnv, struct shmfd *shmfd) 642175164Sjhb{ 643175164Sjhb struct shm_mapping *map; 644175164Sjhb 645175164Sjhb map = malloc(sizeof(struct shm_mapping), M_SHMFD, M_WAITOK); 646175164Sjhb map->sm_path = path; 647175164Sjhb map->sm_fnv = fnv; 648175164Sjhb map->sm_shmfd = shm_hold(shmfd); 649233760Sjhb shmfd->shm_path = path; 650175164Sjhb LIST_INSERT_HEAD(SHM_HASH(fnv), map, sm_link); 651175164Sjhb} 652175164Sjhb 653175164Sjhbstatic int 654175164Sjhbshm_remove(char *path, Fnv32_t fnv, struct ucred *ucred) 655175164Sjhb{ 656175164Sjhb struct shm_mapping *map; 657175164Sjhb int error; 658175164Sjhb 659175164Sjhb LIST_FOREACH(map, SHM_HASH(fnv), sm_link) { 660175164Sjhb if (map->sm_fnv != fnv) 661175164Sjhb continue; 662175164Sjhb if (strcmp(map->sm_path, path) == 0) { 663175164Sjhb#ifdef MAC 664175164Sjhb error = mac_posixshm_check_unlink(ucred, map->sm_shmfd); 665175164Sjhb if (error) 666175164Sjhb return (error); 667175164Sjhb#endif 668175164Sjhb error = shm_access(map->sm_shmfd, ucred, 669175164Sjhb FREAD | FWRITE); 670175164Sjhb if (error) 671175164Sjhb return (error); 672233760Sjhb map->sm_shmfd->shm_path = NULL; 673175164Sjhb LIST_REMOVE(map, sm_link); 674175164Sjhb shm_drop(map->sm_shmfd); 675175164Sjhb free(map->sm_path, M_SHMFD); 676175164Sjhb free(map, M_SHMFD); 677175164Sjhb return (0); 678175164Sjhb } 679175164Sjhb } 680175164Sjhb 681175164Sjhb return (ENOENT); 682175164Sjhb} 683175164Sjhb 684175164Sjhb/* System calls. */ 685175164Sjhbint 686225617Skmacysys_shm_open(struct thread *td, struct shm_open_args *uap) 687175164Sjhb{ 688175164Sjhb struct filedesc *fdp; 689175164Sjhb struct shmfd *shmfd; 690175164Sjhb struct file *fp; 691175164Sjhb char *path; 692175164Sjhb Fnv32_t fnv; 693175164Sjhb mode_t cmode; 694175164Sjhb int fd, error; 695175164Sjhb 696223692Sjonathan#ifdef CAPABILITY_MODE 697223692Sjonathan /* 698223692Sjonathan * shm_open(2) is only allowed for anonymous objects. 699223692Sjonathan */ 700223692Sjonathan if (IN_CAPABILITY_MODE(td) && (uap->path != SHM_ANON)) 701223692Sjonathan return (ECAPMODE); 702223692Sjonathan#endif 703223692Sjonathan 704175164Sjhb if ((uap->flags & O_ACCMODE) != O_RDONLY && 705175164Sjhb (uap->flags & O_ACCMODE) != O_RDWR) 706175164Sjhb return (EINVAL); 707175164Sjhb 708261329Srmh if ((uap->flags & ~(O_ACCMODE | O_CREAT | O_EXCL | O_TRUNC | O_CLOEXEC)) != 0) 709175164Sjhb return (EINVAL); 710175164Sjhb 711175164Sjhb fdp = td->td_proc->p_fd; 712175164Sjhb cmode = (uap->mode & ~fdp->fd_cmask) & ACCESSPERMS; 713175164Sjhb 714249233Sjilles error = falloc(td, &fp, &fd, O_CLOEXEC); 715175164Sjhb if (error) 716175164Sjhb return (error); 717175164Sjhb 718175164Sjhb /* A SHM_ANON path pointer creates an anonymous object. */ 719175164Sjhb if (uap->path == SHM_ANON) { 720175164Sjhb /* A read-only anonymous object is pointless. */ 721175164Sjhb if ((uap->flags & O_ACCMODE) == O_RDONLY) { 722175164Sjhb fdclose(fdp, fp, fd, td); 723175164Sjhb fdrop(fp, td); 724175164Sjhb return (EINVAL); 725175164Sjhb } 726175164Sjhb shmfd = shm_alloc(td->td_ucred, cmode); 727175164Sjhb } else { 728175164Sjhb path = malloc(MAXPATHLEN, M_SHMFD, M_WAITOK); 729175164Sjhb error = copyinstr(uap->path, path, MAXPATHLEN, NULL); 730175164Sjhb 731175164Sjhb /* Require paths to start with a '/' character. */ 732175164Sjhb if (error == 0 && path[0] != '/') 733175164Sjhb error = EINVAL; 734175164Sjhb if (error) { 735175164Sjhb fdclose(fdp, fp, fd, td); 736175164Sjhb fdrop(fp, td); 737175164Sjhb free(path, M_SHMFD); 738175164Sjhb return (error); 739175164Sjhb } 740175164Sjhb 741175164Sjhb fnv = fnv_32_str(path, FNV1_32_INIT); 742175164Sjhb sx_xlock(&shm_dict_lock); 743175164Sjhb shmfd = shm_lookup(path, fnv); 744175164Sjhb if (shmfd == NULL) { 745175164Sjhb /* Object does not yet exist, create it if requested. */ 746175164Sjhb if (uap->flags & O_CREAT) { 747225344Srwatson#ifdef MAC 748225344Srwatson error = mac_posixshm_check_create(td->td_ucred, 749225344Srwatson path); 750225344Srwatson if (error == 0) { 751225344Srwatson#endif 752225344Srwatson shmfd = shm_alloc(td->td_ucred, cmode); 753225344Srwatson shm_insert(path, fnv, shmfd); 754225344Srwatson#ifdef MAC 755225344Srwatson } 756225344Srwatson#endif 757175164Sjhb } else { 758175164Sjhb free(path, M_SHMFD); 759175164Sjhb error = ENOENT; 760175164Sjhb } 761175164Sjhb } else { 762175164Sjhb /* 763175164Sjhb * Object already exists, obtain a new 764175164Sjhb * reference if requested and permitted. 765175164Sjhb */ 766175164Sjhb free(path, M_SHMFD); 767175164Sjhb if ((uap->flags & (O_CREAT | O_EXCL)) == 768175164Sjhb (O_CREAT | O_EXCL)) 769175164Sjhb error = EEXIST; 770175164Sjhb else { 771175164Sjhb#ifdef MAC 772175164Sjhb error = mac_posixshm_check_open(td->td_ucred, 773225344Srwatson shmfd, FFLAGS(uap->flags & O_ACCMODE)); 774175164Sjhb if (error == 0) 775175164Sjhb#endif 776175164Sjhb error = shm_access(shmfd, td->td_ucred, 777175164Sjhb FFLAGS(uap->flags & O_ACCMODE)); 778175164Sjhb } 779175164Sjhb 780175164Sjhb /* 781175164Sjhb * Truncate the file back to zero length if 782175164Sjhb * O_TRUNC was specified and the object was 783175164Sjhb * opened with read/write. 784175164Sjhb */ 785175164Sjhb if (error == 0 && 786175164Sjhb (uap->flags & (O_ACCMODE | O_TRUNC)) == 787175164Sjhb (O_RDWR | O_TRUNC)) { 788175164Sjhb#ifdef MAC 789175164Sjhb error = mac_posixshm_check_truncate( 790175164Sjhb td->td_ucred, fp->f_cred, shmfd); 791175164Sjhb if (error == 0) 792175164Sjhb#endif 793175164Sjhb shm_dotruncate(shmfd, 0); 794175164Sjhb } 795175164Sjhb if (error == 0) 796175164Sjhb shm_hold(shmfd); 797175164Sjhb } 798175164Sjhb sx_xunlock(&shm_dict_lock); 799175164Sjhb 800175164Sjhb if (error) { 801175164Sjhb fdclose(fdp, fp, fd, td); 802175164Sjhb fdrop(fp, td); 803175164Sjhb return (error); 804175164Sjhb } 805175164Sjhb } 806175164Sjhb 807175164Sjhb finit(fp, FFLAGS(uap->flags & O_ACCMODE), DTYPE_SHM, shmfd, &shm_ops); 808175164Sjhb 809175164Sjhb td->td_retval[0] = fd; 810175164Sjhb fdrop(fp, td); 811175164Sjhb 812175164Sjhb return (0); 813175164Sjhb} 814175164Sjhb 815175164Sjhbint 816225617Skmacysys_shm_unlink(struct thread *td, struct shm_unlink_args *uap) 817175164Sjhb{ 818175164Sjhb char *path; 819175164Sjhb Fnv32_t fnv; 820175164Sjhb int error; 821175164Sjhb 822175164Sjhb path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); 823175164Sjhb error = copyinstr(uap->path, path, MAXPATHLEN, NULL); 824175164Sjhb if (error) { 825175164Sjhb free(path, M_TEMP); 826175164Sjhb return (error); 827175164Sjhb } 828175164Sjhb 829175164Sjhb fnv = fnv_32_str(path, FNV1_32_INIT); 830175164Sjhb sx_xlock(&shm_dict_lock); 831175164Sjhb error = shm_remove(path, fnv, td->td_ucred); 832175164Sjhb sx_xunlock(&shm_dict_lock); 833175164Sjhb free(path, M_TEMP); 834175164Sjhb 835175164Sjhb return (error); 836175164Sjhb} 837175164Sjhb 838175164Sjhb/* 839175164Sjhb * mmap() helper to validate mmap() requests against shm object state 840175164Sjhb * and give mmap() the vm_object to use for the mapping. 841175164Sjhb */ 842175164Sjhbint 843175164Sjhbshm_mmap(struct shmfd *shmfd, vm_size_t objsize, vm_ooffset_t foff, 844175164Sjhb vm_object_t *obj) 845175164Sjhb{ 846175164Sjhb 847175164Sjhb /* 848175164Sjhb * XXXRW: This validation is probably insufficient, and subject to 849175164Sjhb * sign errors. It should be fixed. 850175164Sjhb */ 851185533Skan if (foff >= shmfd->shm_size || 852185533Skan foff + objsize > round_page(shmfd->shm_size)) 853175164Sjhb return (EINVAL); 854175164Sjhb 855175164Sjhb mtx_lock(&shm_timestamp_lock); 856175164Sjhb vfs_timestamp(&shmfd->shm_atime); 857175164Sjhb mtx_unlock(&shm_timestamp_lock); 858175164Sjhb vm_object_reference(shmfd->shm_object); 859175164Sjhb *obj = shmfd->shm_object; 860175164Sjhb return (0); 861175164Sjhb} 862224914Skib 863224914Skibstatic int 864224914Skibshm_chmod(struct file *fp, mode_t mode, struct ucred *active_cred, 865224914Skib struct thread *td) 866224914Skib{ 867224914Skib struct shmfd *shmfd; 868224914Skib int error; 869224914Skib 870224914Skib error = 0; 871224914Skib shmfd = fp->f_data; 872224914Skib mtx_lock(&shm_timestamp_lock); 873224914Skib /* 874224914Skib * SUSv4 says that x bits of permission need not be affected. 875224914Skib * Be consistent with our shm_open there. 876224914Skib */ 877224914Skib#ifdef MAC 878224914Skib error = mac_posixshm_check_setmode(active_cred, shmfd, mode); 879224914Skib if (error != 0) 880224914Skib goto out; 881224914Skib#endif 882224914Skib error = vaccess(VREG, shmfd->shm_mode, shmfd->shm_uid, 883224914Skib shmfd->shm_gid, VADMIN, active_cred, NULL); 884224914Skib if (error != 0) 885224914Skib goto out; 886224914Skib shmfd->shm_mode = mode & ACCESSPERMS; 887224914Skibout: 888224914Skib mtx_unlock(&shm_timestamp_lock); 889224914Skib return (error); 890224914Skib} 891224914Skib 892224914Skibstatic int 893224914Skibshm_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred, 894224914Skib struct thread *td) 895224914Skib{ 896224914Skib struct shmfd *shmfd; 897224914Skib int error; 898224914Skib 899224935Skib error = 0; 900224914Skib shmfd = fp->f_data; 901224914Skib mtx_lock(&shm_timestamp_lock); 902224914Skib#ifdef MAC 903224914Skib error = mac_posixshm_check_setowner(active_cred, shmfd, uid, gid); 904224914Skib if (error != 0) 905224914Skib goto out; 906224914Skib#endif 907224914Skib if (uid == (uid_t)-1) 908224914Skib uid = shmfd->shm_uid; 909224914Skib if (gid == (gid_t)-1) 910224914Skib gid = shmfd->shm_gid; 911224914Skib if (((uid != shmfd->shm_uid && uid != active_cred->cr_uid) || 912224914Skib (gid != shmfd->shm_gid && !groupmember(gid, active_cred))) && 913224914Skib (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0))) 914224914Skib goto out; 915224914Skib shmfd->shm_uid = uid; 916224914Skib shmfd->shm_gid = gid; 917224914Skibout: 918224914Skib mtx_unlock(&shm_timestamp_lock); 919224914Skib return (error); 920224914Skib} 921228509Sjhb 922228509Sjhb/* 923228509Sjhb * Helper routines to allow the backing object of a shared memory file 924228509Sjhb * descriptor to be mapped in the kernel. 925228509Sjhb */ 926228509Sjhbint 927228509Sjhbshm_map(struct file *fp, size_t size, off_t offset, void **memp) 928228509Sjhb{ 929228509Sjhb struct shmfd *shmfd; 930228509Sjhb vm_offset_t kva, ofs; 931228509Sjhb vm_object_t obj; 932228509Sjhb int rv; 933228509Sjhb 934228509Sjhb if (fp->f_type != DTYPE_SHM) 935228509Sjhb return (EINVAL); 936228509Sjhb shmfd = fp->f_data; 937228509Sjhb obj = shmfd->shm_object; 938248084Sattilio VM_OBJECT_WLOCK(obj); 939228509Sjhb /* 940228509Sjhb * XXXRW: This validation is probably insufficient, and subject to 941228509Sjhb * sign errors. It should be fixed. 942228509Sjhb */ 943228509Sjhb if (offset >= shmfd->shm_size || 944228509Sjhb offset + size > round_page(shmfd->shm_size)) { 945248084Sattilio VM_OBJECT_WUNLOCK(obj); 946228509Sjhb return (EINVAL); 947228509Sjhb } 948228509Sjhb 949228509Sjhb shmfd->shm_kmappings++; 950228509Sjhb vm_object_reference_locked(obj); 951248084Sattilio VM_OBJECT_WUNLOCK(obj); 952228509Sjhb 953228509Sjhb /* Map the object into the kernel_map and wire it. */ 954228509Sjhb kva = vm_map_min(kernel_map); 955228509Sjhb ofs = offset & PAGE_MASK; 956228509Sjhb offset = trunc_page(offset); 957228509Sjhb size = round_page(size + ofs); 958255426Sjhb rv = vm_map_find(kernel_map, obj, offset, &kva, size, 0, 959253620Sjhb VMFS_OPTIMAL_SPACE, VM_PROT_READ | VM_PROT_WRITE, 960228509Sjhb VM_PROT_READ | VM_PROT_WRITE, 0); 961228509Sjhb if (rv == KERN_SUCCESS) { 962228509Sjhb rv = vm_map_wire(kernel_map, kva, kva + size, 963228509Sjhb VM_MAP_WIRE_SYSTEM | VM_MAP_WIRE_NOHOLES); 964228509Sjhb if (rv == KERN_SUCCESS) { 965228509Sjhb *memp = (void *)(kva + ofs); 966228509Sjhb return (0); 967228509Sjhb } 968228509Sjhb vm_map_remove(kernel_map, kva, kva + size); 969228509Sjhb } else 970228509Sjhb vm_object_deallocate(obj); 971228509Sjhb 972228509Sjhb /* On failure, drop our mapping reference. */ 973248084Sattilio VM_OBJECT_WLOCK(obj); 974228509Sjhb shmfd->shm_kmappings--; 975248084Sattilio VM_OBJECT_WUNLOCK(obj); 976228509Sjhb 977228533Sjhb return (vm_mmap_to_errno(rv)); 978228509Sjhb} 979228509Sjhb 980228509Sjhb/* 981228509Sjhb * We require the caller to unmap the entire entry. This allows us to 982228509Sjhb * safely decrement shm_kmappings when a mapping is removed. 983228509Sjhb */ 984228509Sjhbint 985228509Sjhbshm_unmap(struct file *fp, void *mem, size_t size) 986228509Sjhb{ 987228509Sjhb struct shmfd *shmfd; 988228509Sjhb vm_map_entry_t entry; 989228509Sjhb vm_offset_t kva, ofs; 990228509Sjhb vm_object_t obj; 991228509Sjhb vm_pindex_t pindex; 992228509Sjhb vm_prot_t prot; 993228509Sjhb boolean_t wired; 994228509Sjhb vm_map_t map; 995228509Sjhb int rv; 996228509Sjhb 997228509Sjhb if (fp->f_type != DTYPE_SHM) 998228509Sjhb return (EINVAL); 999228509Sjhb shmfd = fp->f_data; 1000228509Sjhb kva = (vm_offset_t)mem; 1001228509Sjhb ofs = kva & PAGE_MASK; 1002228509Sjhb kva = trunc_page(kva); 1003228509Sjhb size = round_page(size + ofs); 1004228509Sjhb map = kernel_map; 1005228509Sjhb rv = vm_map_lookup(&map, kva, VM_PROT_READ | VM_PROT_WRITE, &entry, 1006228509Sjhb &obj, &pindex, &prot, &wired); 1007228509Sjhb if (rv != KERN_SUCCESS) 1008228509Sjhb return (EINVAL); 1009228509Sjhb if (entry->start != kva || entry->end != kva + size) { 1010228509Sjhb vm_map_lookup_done(map, entry); 1011228509Sjhb return (EINVAL); 1012228509Sjhb } 1013228509Sjhb vm_map_lookup_done(map, entry); 1014228509Sjhb if (obj != shmfd->shm_object) 1015228509Sjhb return (EINVAL); 1016228509Sjhb vm_map_remove(map, kva, kva + size); 1017248084Sattilio VM_OBJECT_WLOCK(obj); 1018228509Sjhb KASSERT(shmfd->shm_kmappings > 0, ("shm_unmap: object not mapped")); 1019228509Sjhb shmfd->shm_kmappings--; 1020248084Sattilio VM_OBJECT_WUNLOCK(obj); 1021228509Sjhb return (0); 1022228509Sjhb} 1023233760Sjhb 1024233760Sjhbvoid 1025233760Sjhbshm_path(struct shmfd *shmfd, char *path, size_t size) 1026233760Sjhb{ 1027233760Sjhb 1028233760Sjhb if (shmfd->shm_path == NULL) 1029233760Sjhb return; 1030233760Sjhb sx_slock(&shm_dict_lock); 1031233760Sjhb if (shmfd->shm_path != NULL) 1032233760Sjhb strlcpy(path, shmfd->shm_path, size); 1033233760Sjhb sx_sunlock(&shm_dict_lock); 1034233760Sjhb} 1035