sysv_msg.c revision 68024
150477Speter/* $FreeBSD: head/sys/kern/sysv_msg.c 68024 2000-10-31 01:34:00Z rwatson $ */ 22729Sdfr 32729Sdfr/* 42729Sdfr * Implementation of SVID messages 52729Sdfr * 62729Sdfr * Author: Daniel Boulet 72729Sdfr * 82729Sdfr * Copyright 1993 Daniel Boulet and RTMX Inc. 92729Sdfr * 102729Sdfr * This system call was implemented by Daniel Boulet under contract from RTMX. 112729Sdfr * 122729Sdfr * Redistribution and use in source forms, with and without modification, 132729Sdfr * are permitted provided that this entire comment appears intact. 142729Sdfr * 152729Sdfr * Redistribution in binary form may occur without any restrictions. 162729Sdfr * Obviously, it would be nice if you gave credit where credit is due 172729Sdfr * but requiring it would be too onerous. 182729Sdfr * 192729Sdfr * This software is provided ``AS IS'' without any warranties of any kind. 202729Sdfr */ 212729Sdfr 2259839Speter#include "opt_sysvipc.h" 2359839Speter 242729Sdfr#include <sys/param.h> 252729Sdfr#include <sys/systm.h> 2611626Sbde#include <sys/sysproto.h> 272729Sdfr#include <sys/kernel.h> 282729Sdfr#include <sys/proc.h> 292729Sdfr#include <sys/msg.h> 3011626Sbde#include <sys/sysent.h> 3159839Speter#include <sys/sysctl.h> 3259839Speter#include <sys/malloc.h> 3368024Srwatson#include <sys/jail.h> 342729Sdfr 3559839Speterstatic MALLOC_DEFINE(M_MSG, "msg", "SVID compatible message queues"); 3659839Speter 3710653Sdgstatic void msginit __P((void *)); 3810358Sjulian 392729Sdfr#define MSG_DEBUG 402729Sdfr#undef MSG_DEBUG_OK 412729Sdfr 4211626Sbdestatic void msg_freehdr __P((struct msg *msghdr)); 432729Sdfr 4411626Sbde/* XXX casting to (sy_call_t *) is bogus, as usual. */ 4512819Sphkstatic sy_call_t *msgcalls[] = { 4611626Sbde (sy_call_t *)msgctl, (sy_call_t *)msgget, 4711626Sbde (sy_call_t *)msgsnd, (sy_call_t *)msgrcv 4811626Sbde}; 492729Sdfr 5059839Speterstruct msg { 5159839Speter struct msg *msg_next; /* next msg in the chain */ 5259839Speter long msg_type; /* type of this message */ 5359839Speter /* >0 -> type of this message */ 5459839Speter /* 0 -> free header */ 5559839Speter u_short msg_ts; /* size of this message */ 5659839Speter short msg_spot; /* location of start of msg in buffer */ 5759839Speter}; 5859839Speter 5959839Speter 6059839Speter#ifndef MSGSSZ 6159839Speter#define MSGSSZ 8 /* Each segment must be 2^N long */ 6259839Speter#endif 6359839Speter#ifndef MSGSEG 6459839Speter#define MSGSEG 2048 /* must be less than 32767 */ 6559839Speter#endif 6659839Speter#define MSGMAX (MSGSSZ*MSGSEG) 6759839Speter#ifndef MSGMNB 6859839Speter#define MSGMNB 2048 /* max # of bytes in a queue */ 6959839Speter#endif 7059839Speter#ifndef MSGMNI 7159839Speter#define MSGMNI 40 7259839Speter#endif 7359839Speter#ifndef MSGTQL 7459839Speter#define MSGTQL 40 7559839Speter#endif 7659839Speter 7759839Speter/* 7859839Speter * Based on the configuration parameters described in an SVR2 (yes, two) 7959839Speter * config(1m) man page. 8059839Speter * 8159839Speter * Each message is broken up and stored in segments that are msgssz bytes 8259839Speter * long. For efficiency reasons, this should be a power of two. Also, 8359839Speter * it doesn't make sense if it is less than 8 or greater than about 256. 8459839Speter * Consequently, msginit in kern/sysv_msg.c checks that msgssz is a power of 8559839Speter * two between 8 and 1024 inclusive (and panic's if it isn't). 8659839Speter */ 8759839Speterstruct msginfo msginfo = { 8859839Speter MSGMAX, /* max chars in a message */ 8959839Speter MSGMNI, /* # of message queue identifiers */ 9059839Speter MSGMNB, /* max chars in a queue */ 9159839Speter MSGTQL, /* max messages in system */ 9259839Speter MSGSSZ, /* size of a message segment */ 9359839Speter /* (must be small power of 2 greater than 4) */ 9459839Speter MSGSEG /* number of message segments */ 9559839Speter}; 9659839Speter 9759839Speter/* 9859839Speter * macros to convert between msqid_ds's and msqid's. 9959839Speter * (specific to this implementation) 10059839Speter */ 10159839Speter#define MSQID(ix,ds) ((ix) & 0xffff | (((ds).msg_perm.seq << 16) & 0xffff0000)) 10259839Speter#define MSQID_IX(id) ((id) & 0xffff) 10359839Speter#define MSQID_SEQ(id) (((id) >> 16) & 0xffff) 10459839Speter 10559839Speter/* 10659839Speter * The rest of this file is specific to this particular implementation. 10759839Speter */ 10859839Speter 10959839Speterstruct msgmap { 11059839Speter short next; /* next segment in buffer */ 11159839Speter /* -1 -> available */ 11259839Speter /* 0..(MSGSEG-1) -> index of next segment */ 11359839Speter}; 11459839Speter 11559839Speter#define MSG_LOCKED 01000 /* Is this msqid_ds locked? */ 11659839Speter 11712819Sphkstatic int nfree_msgmaps; /* # of free map entries */ 11812819Sphkstatic short free_msgmaps; /* head of linked list of free map entries */ 11959839Speterstatic struct msg *free_msghdrs;/* list of free msg headers */ 12059839Speterstatic char *msgpool; /* MSGMAX byte long msg buffer pool */ 12159839Speterstatic struct msgmap *msgmaps; /* MSGSEG msgmap structures */ 12259839Speterstatic struct msg *msghdrs; /* MSGTQL msg headers */ 12359839Speterstatic struct msqid_ds *msqids; /* MSGMNI msqid_ds struct's */ 1242729Sdfr 12559839Speterstatic void 12611626Sbdemsginit(dummy) 12711626Sbde void *dummy; 1282729Sdfr{ 1292729Sdfr register int i; 1302729Sdfr 13159839Speter msgpool = malloc(msginfo.msgmax, M_MSG, M_WAITOK); 13259839Speter if (msgpool == NULL) 13359839Speter panic("msgpool is NULL"); 13459839Speter msgmaps = malloc(sizeof(struct msgmap) * msginfo.msgseg, M_MSG, M_WAITOK); 13559839Speter if (msgmaps == NULL) 13659839Speter panic("msgmaps is NULL"); 13759839Speter msghdrs = malloc(sizeof(struct msg) * msginfo.msgtql, M_MSG, M_WAITOK); 13859839Speter if (msghdrs == NULL) 13959839Speter panic("msghdrs is NULL"); 14059839Speter msqids = malloc(sizeof(struct msqid_ds) * msginfo.msgmni, M_MSG, M_WAITOK); 14159839Speter if (msqids == NULL) 14259839Speter panic("msqids is NULL"); 14359839Speter 1442729Sdfr /* 1452729Sdfr * msginfo.msgssz should be a power of two for efficiency reasons. 1462729Sdfr * It is also pretty silly if msginfo.msgssz is less than 8 1472729Sdfr * or greater than about 256 so ... 1482729Sdfr */ 1492729Sdfr 1502729Sdfr i = 8; 1512729Sdfr while (i < 1024 && i != msginfo.msgssz) 1522729Sdfr i <<= 1; 1532729Sdfr if (i != msginfo.msgssz) { 1542729Sdfr printf("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz, 1552729Sdfr msginfo.msgssz); 1562729Sdfr panic("msginfo.msgssz not a small power of 2"); 1572729Sdfr } 1582729Sdfr 1592729Sdfr if (msginfo.msgseg > 32767) { 1602729Sdfr printf("msginfo.msgseg=%d\n", msginfo.msgseg); 1612729Sdfr panic("msginfo.msgseg > 32767"); 1622729Sdfr } 1632729Sdfr 1642729Sdfr if (msgmaps == NULL) 1652729Sdfr panic("msgmaps is NULL"); 1662729Sdfr 1672729Sdfr for (i = 0; i < msginfo.msgseg; i++) { 1682729Sdfr if (i > 0) 1692729Sdfr msgmaps[i-1].next = i; 1702729Sdfr msgmaps[i].next = -1; /* implies entry is available */ 1712729Sdfr } 1722729Sdfr free_msgmaps = 0; 1732729Sdfr nfree_msgmaps = msginfo.msgseg; 1742729Sdfr 1752729Sdfr if (msghdrs == NULL) 1762729Sdfr panic("msghdrs is NULL"); 1772729Sdfr 1782729Sdfr for (i = 0; i < msginfo.msgtql; i++) { 1792729Sdfr msghdrs[i].msg_type = 0; 1802729Sdfr if (i > 0) 1812729Sdfr msghdrs[i-1].msg_next = &msghdrs[i]; 1822729Sdfr msghdrs[i].msg_next = NULL; 1832729Sdfr } 1842729Sdfr free_msghdrs = &msghdrs[0]; 1852729Sdfr 1862729Sdfr if (msqids == NULL) 1872729Sdfr panic("msqids is NULL"); 1882729Sdfr 1892729Sdfr for (i = 0; i < msginfo.msgmni; i++) { 1902729Sdfr msqids[i].msg_qbytes = 0; /* implies entry is available */ 1912729Sdfr msqids[i].msg_perm.seq = 0; /* reset to a known value */ 19266085Speter msqids[i].msg_perm.mode = 0; 1932729Sdfr } 1942729Sdfr} 19559839SpeterSYSINIT(sysv_msg, SI_SUB_SYSV_MSG, SI_ORDER_FIRST, msginit, NULL) 1962729Sdfr 1972729Sdfr/* 1982729Sdfr * Entry point for all MSG calls 1992729Sdfr */ 2002729Sdfrint 20130994Sphkmsgsys(p, uap) 20211626Sbde struct proc *p; 20311626Sbde /* XXX actually varargs. */ 20411626Sbde struct msgsys_args /* { 20511626Sbde u_int which; 20611626Sbde int a2; 20711626Sbde int a3; 20811626Sbde int a4; 20911626Sbde int a5; 21011626Sbde int a6; 21111626Sbde } */ *uap; 2122729Sdfr{ 2132729Sdfr 21468024Srwatson if (!jail_sysvipc_allowed && p->p_prison != NULL) 21568024Srwatson return (ENOSYS); 21668024Srwatson 2172729Sdfr if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0])) 2182729Sdfr return (EINVAL); 21930994Sphk return ((*msgcalls[uap->which])(p, &uap->a2)); 2202729Sdfr} 2212729Sdfr 2222729Sdfrstatic void 2232729Sdfrmsg_freehdr(msghdr) 2242729Sdfr struct msg *msghdr; 2252729Sdfr{ 2262729Sdfr while (msghdr->msg_ts > 0) { 2272729Sdfr short next; 2282729Sdfr if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg) 2292729Sdfr panic("msghdr->msg_spot out of range"); 2302729Sdfr next = msgmaps[msghdr->msg_spot].next; 2312729Sdfr msgmaps[msghdr->msg_spot].next = free_msgmaps; 2322729Sdfr free_msgmaps = msghdr->msg_spot; 2332729Sdfr nfree_msgmaps++; 2342729Sdfr msghdr->msg_spot = next; 2352729Sdfr if (msghdr->msg_ts >= msginfo.msgssz) 2362729Sdfr msghdr->msg_ts -= msginfo.msgssz; 2372729Sdfr else 2382729Sdfr msghdr->msg_ts = 0; 2392729Sdfr } 2402729Sdfr if (msghdr->msg_spot != -1) 2412729Sdfr panic("msghdr->msg_spot != -1"); 2422729Sdfr msghdr->msg_next = free_msghdrs; 2432729Sdfr free_msghdrs = msghdr; 2442729Sdfr} 2452729Sdfr 24612866Speter#ifndef _SYS_SYSPROTO_H_ 2472729Sdfrstruct msgctl_args { 2482729Sdfr int msqid; 2492729Sdfr int cmd; 25012866Speter struct msqid_ds *buf; 2512729Sdfr}; 25212866Speter#endif 2532729Sdfr 25412866Speterint 25530994Sphkmsgctl(p, uap) 2562729Sdfr struct proc *p; 2572729Sdfr register struct msgctl_args *uap; 2582729Sdfr{ 2592729Sdfr int msqid = uap->msqid; 2602729Sdfr int cmd = uap->cmd; 26112866Speter struct msqid_ds *user_msqptr = uap->buf; 2623308Sphk int rval, eval; 2632729Sdfr struct msqid_ds msqbuf; 2642729Sdfr register struct msqid_ds *msqptr; 2652729Sdfr 2662729Sdfr#ifdef MSG_DEBUG_OK 2672729Sdfr printf("call to msgctl(%d, %d, 0x%x)\n", msqid, cmd, user_msqptr); 2682729Sdfr#endif 2692729Sdfr 27068024Srwatson if (!jail_sysvipc_allowed && p->p_prison != NULL) 27168024Srwatson return (ENOSYS); 27268024Srwatson 2732729Sdfr msqid = IPCID_TO_IX(msqid); 2742729Sdfr 2752729Sdfr if (msqid < 0 || msqid >= msginfo.msgmni) { 2762729Sdfr#ifdef MSG_DEBUG_OK 2772729Sdfr printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 2782729Sdfr msginfo.msgmni); 2792729Sdfr#endif 2802729Sdfr return(EINVAL); 2812729Sdfr } 2822729Sdfr 2832729Sdfr msqptr = &msqids[msqid]; 2842729Sdfr 2852729Sdfr if (msqptr->msg_qbytes == 0) { 2862729Sdfr#ifdef MSG_DEBUG_OK 2872729Sdfr printf("no such msqid\n"); 2882729Sdfr#endif 2892729Sdfr return(EINVAL); 2902729Sdfr } 2912729Sdfr if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 2922729Sdfr#ifdef MSG_DEBUG_OK 2932729Sdfr printf("wrong sequence number\n"); 2942729Sdfr#endif 2952729Sdfr return(EINVAL); 2962729Sdfr } 2972729Sdfr 2982729Sdfr eval = 0; 2992729Sdfr rval = 0; 3002729Sdfr 3012729Sdfr switch (cmd) { 3022729Sdfr 3032729Sdfr case IPC_RMID: 3042729Sdfr { 3052729Sdfr struct msg *msghdr; 30646116Sphk if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_M))) 3072729Sdfr return(eval); 3082729Sdfr /* Free the message headers */ 3092729Sdfr msghdr = msqptr->msg_first; 3102729Sdfr while (msghdr != NULL) { 3112729Sdfr struct msg *msghdr_tmp; 3122729Sdfr 3132729Sdfr /* Free the segments of each message */ 3142729Sdfr msqptr->msg_cbytes -= msghdr->msg_ts; 3152729Sdfr msqptr->msg_qnum--; 3162729Sdfr msghdr_tmp = msghdr; 3172729Sdfr msghdr = msghdr->msg_next; 3182729Sdfr msg_freehdr(msghdr_tmp); 3192729Sdfr } 3202729Sdfr 3212729Sdfr if (msqptr->msg_cbytes != 0) 3222729Sdfr panic("msg_cbytes is screwed up"); 3232729Sdfr if (msqptr->msg_qnum != 0) 3242729Sdfr panic("msg_qnum is screwed up"); 3252729Sdfr 3262729Sdfr msqptr->msg_qbytes = 0; /* Mark it as free */ 3272729Sdfr 3282729Sdfr wakeup((caddr_t)msqptr); 3292729Sdfr } 3302729Sdfr 3312729Sdfr break; 3322729Sdfr 3332729Sdfr case IPC_SET: 33446116Sphk if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_M))) 3352729Sdfr return(eval); 3362729Sdfr if ((eval = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0) 3372729Sdfr return(eval); 33843426Sphk if (msqbuf.msg_qbytes > msqptr->msg_qbytes) { 33946116Sphk eval = suser(p); 34043426Sphk if (eval) 34143426Sphk return(eval); 34243426Sphk } 3432729Sdfr if (msqbuf.msg_qbytes > msginfo.msgmnb) { 3442729Sdfr#ifdef MSG_DEBUG_OK 3452729Sdfr printf("can't increase msg_qbytes beyond %d (truncating)\n", 3462729Sdfr msginfo.msgmnb); 3472729Sdfr#endif 3482729Sdfr msqbuf.msg_qbytes = msginfo.msgmnb; /* silently restrict qbytes to system limit */ 3492729Sdfr } 3502729Sdfr if (msqbuf.msg_qbytes == 0) { 3512729Sdfr#ifdef MSG_DEBUG_OK 3522729Sdfr printf("can't reduce msg_qbytes to 0\n"); 3532729Sdfr#endif 3542729Sdfr return(EINVAL); /* non-standard errno! */ 3552729Sdfr } 3562729Sdfr msqptr->msg_perm.uid = msqbuf.msg_perm.uid; /* change the owner */ 3572729Sdfr msqptr->msg_perm.gid = msqbuf.msg_perm.gid; /* change the owner */ 3582729Sdfr msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) | 3592729Sdfr (msqbuf.msg_perm.mode & 0777); 3602729Sdfr msqptr->msg_qbytes = msqbuf.msg_qbytes; 36134961Sphk msqptr->msg_ctime = time_second; 3622729Sdfr break; 3632729Sdfr 3642729Sdfr case IPC_STAT: 36546116Sphk if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_R))) { 3662729Sdfr#ifdef MSG_DEBUG_OK 3672729Sdfr printf("requester doesn't have read access\n"); 3682729Sdfr#endif 3692729Sdfr return(eval); 3702729Sdfr } 3712729Sdfr eval = copyout((caddr_t)msqptr, user_msqptr, 3722729Sdfr sizeof(struct msqid_ds)); 3732729Sdfr break; 3742729Sdfr 3752729Sdfr default: 3762729Sdfr#ifdef MSG_DEBUG_OK 3772729Sdfr printf("invalid command %d\n", cmd); 3782729Sdfr#endif 3792729Sdfr return(EINVAL); 3802729Sdfr } 3812729Sdfr 3822729Sdfr if (eval == 0) 38330994Sphk p->p_retval[0] = rval; 3842729Sdfr return(eval); 3852729Sdfr} 3862729Sdfr 38712866Speter#ifndef _SYS_SYSPROTO_H_ 3882729Sdfrstruct msgget_args { 3892729Sdfr key_t key; 3902729Sdfr int msgflg; 3912729Sdfr}; 39212866Speter#endif 3932729Sdfr 39412866Speterint 39530994Sphkmsgget(p, uap) 3962729Sdfr struct proc *p; 3972729Sdfr register struct msgget_args *uap; 3982729Sdfr{ 3992729Sdfr int msqid, eval; 4002729Sdfr int key = uap->key; 4012729Sdfr int msgflg = uap->msgflg; 4022729Sdfr struct ucred *cred = p->p_ucred; 4032836Sdg register struct msqid_ds *msqptr = NULL; 4042729Sdfr 4052729Sdfr#ifdef MSG_DEBUG_OK 4062729Sdfr printf("msgget(0x%x, 0%o)\n", key, msgflg); 4072729Sdfr#endif 4082729Sdfr 40968024Srwatson if (!jail_sysvipc_allowed && p->p_prison != NULL) 41068024Srwatson return (ENOSYS); 41168024Srwatson 4122729Sdfr if (key != IPC_PRIVATE) { 4132729Sdfr for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 4142729Sdfr msqptr = &msqids[msqid]; 4152729Sdfr if (msqptr->msg_qbytes != 0 && 4162729Sdfr msqptr->msg_perm.key == key) 4172729Sdfr break; 4182729Sdfr } 4192729Sdfr if (msqid < msginfo.msgmni) { 4202729Sdfr#ifdef MSG_DEBUG_OK 4212729Sdfr printf("found public key\n"); 4222729Sdfr#endif 4232729Sdfr if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) { 4242729Sdfr#ifdef MSG_DEBUG_OK 4252729Sdfr printf("not exclusive\n"); 4262729Sdfr#endif 4272729Sdfr return(EEXIST); 4282729Sdfr } 42946116Sphk if ((eval = ipcperm(p, &msqptr->msg_perm, msgflg & 0700 ))) { 4302729Sdfr#ifdef MSG_DEBUG_OK 4312729Sdfr printf("requester doesn't have 0%o access\n", 4322729Sdfr msgflg & 0700); 4332729Sdfr#endif 4342729Sdfr return(eval); 4352729Sdfr } 4362729Sdfr goto found; 4372729Sdfr } 4382729Sdfr } 4392729Sdfr 4402729Sdfr#ifdef MSG_DEBUG_OK 4412729Sdfr printf("need to allocate the msqid_ds\n"); 4422729Sdfr#endif 4432729Sdfr if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) { 4442729Sdfr for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 4452729Sdfr /* 4462729Sdfr * Look for an unallocated and unlocked msqid_ds. 4472729Sdfr * msqid_ds's can be locked by msgsnd or msgrcv while 4482729Sdfr * they are copying the message in/out. We can't 4492729Sdfr * re-use the entry until they release it. 4502729Sdfr */ 4512729Sdfr msqptr = &msqids[msqid]; 4522729Sdfr if (msqptr->msg_qbytes == 0 && 4532729Sdfr (msqptr->msg_perm.mode & MSG_LOCKED) == 0) 4542729Sdfr break; 4552729Sdfr } 4562729Sdfr if (msqid == msginfo.msgmni) { 4572729Sdfr#ifdef MSG_DEBUG_OK 4582729Sdfr printf("no more msqid_ds's available\n"); 4592729Sdfr#endif 4608876Srgrimes return(ENOSPC); 4612729Sdfr } 4622729Sdfr#ifdef MSG_DEBUG_OK 4632729Sdfr printf("msqid %d is available\n", msqid); 4642729Sdfr#endif 4652729Sdfr msqptr->msg_perm.key = key; 4662729Sdfr msqptr->msg_perm.cuid = cred->cr_uid; 4672729Sdfr msqptr->msg_perm.uid = cred->cr_uid; 4682729Sdfr msqptr->msg_perm.cgid = cred->cr_gid; 4692729Sdfr msqptr->msg_perm.gid = cred->cr_gid; 4702729Sdfr msqptr->msg_perm.mode = (msgflg & 0777); 4712729Sdfr /* Make sure that the returned msqid is unique */ 4722729Sdfr msqptr->msg_perm.seq++; 4732729Sdfr msqptr->msg_first = NULL; 4742729Sdfr msqptr->msg_last = NULL; 4752729Sdfr msqptr->msg_cbytes = 0; 4762729Sdfr msqptr->msg_qnum = 0; 4772729Sdfr msqptr->msg_qbytes = msginfo.msgmnb; 4782729Sdfr msqptr->msg_lspid = 0; 4792729Sdfr msqptr->msg_lrpid = 0; 4802729Sdfr msqptr->msg_stime = 0; 4812729Sdfr msqptr->msg_rtime = 0; 48234961Sphk msqptr->msg_ctime = time_second; 4832729Sdfr } else { 4842729Sdfr#ifdef MSG_DEBUG_OK 4852729Sdfr printf("didn't find it and wasn't asked to create it\n"); 4862729Sdfr#endif 4872729Sdfr return(ENOENT); 4882729Sdfr } 4892729Sdfr 4902729Sdfrfound: 4912729Sdfr /* Construct the unique msqid */ 49230994Sphk p->p_retval[0] = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm); 4932729Sdfr return(0); 4942729Sdfr} 4952729Sdfr 49612866Speter#ifndef _SYS_SYSPROTO_H_ 4972729Sdfrstruct msgsnd_args { 4982729Sdfr int msqid; 49912866Speter void *msgp; 5002729Sdfr size_t msgsz; 5012729Sdfr int msgflg; 5022729Sdfr}; 50312866Speter#endif 5042729Sdfr 50512866Speterint 50630994Sphkmsgsnd(p, uap) 5072729Sdfr struct proc *p; 5082729Sdfr register struct msgsnd_args *uap; 5092729Sdfr{ 5102729Sdfr int msqid = uap->msqid; 51112866Speter void *user_msgp = uap->msgp; 5122729Sdfr size_t msgsz = uap->msgsz; 5132729Sdfr int msgflg = uap->msgflg; 5142729Sdfr int segs_needed, eval; 5152729Sdfr register struct msqid_ds *msqptr; 5162729Sdfr register struct msg *msghdr; 5172729Sdfr short next; 5182729Sdfr 5192729Sdfr#ifdef MSG_DEBUG_OK 5202729Sdfr printf("call to msgsnd(%d, 0x%x, %d, %d)\n", msqid, user_msgp, msgsz, 5212729Sdfr msgflg); 5222729Sdfr#endif 5232729Sdfr 52468024Srwatson if (!jail_sysvipc_allowed && p->p_prison != NULL) 52568024Srwatson return (ENOSYS); 52668024Srwatson 5272729Sdfr msqid = IPCID_TO_IX(msqid); 5282729Sdfr 5292729Sdfr if (msqid < 0 || msqid >= msginfo.msgmni) { 5302729Sdfr#ifdef MSG_DEBUG_OK 5312729Sdfr printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 5322729Sdfr msginfo.msgmni); 5332729Sdfr#endif 5342729Sdfr return(EINVAL); 5352729Sdfr } 5362729Sdfr 5372729Sdfr msqptr = &msqids[msqid]; 5382729Sdfr if (msqptr->msg_qbytes == 0) { 5392729Sdfr#ifdef MSG_DEBUG_OK 5402729Sdfr printf("no such message queue id\n"); 5412729Sdfr#endif 5422729Sdfr return(EINVAL); 5432729Sdfr } 5442729Sdfr if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 5452729Sdfr#ifdef MSG_DEBUG_OK 5462729Sdfr printf("wrong sequence number\n"); 5472729Sdfr#endif 5482729Sdfr return(EINVAL); 5492729Sdfr } 5502729Sdfr 55146116Sphk if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_W))) { 5522729Sdfr#ifdef MSG_DEBUG_OK 5532729Sdfr printf("requester doesn't have write access\n"); 5542729Sdfr#endif 5552729Sdfr return(eval); 5562729Sdfr } 5572729Sdfr 5582729Sdfr segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz; 5592729Sdfr#ifdef MSG_DEBUG_OK 5602729Sdfr printf("msgsz=%d, msgssz=%d, segs_needed=%d\n", msgsz, msginfo.msgssz, 5612729Sdfr segs_needed); 5622729Sdfr#endif 5632729Sdfr for (;;) { 5642729Sdfr int need_more_resources = 0; 5652729Sdfr 5662729Sdfr /* 5672729Sdfr * check msgsz 5682729Sdfr * (inside this loop in case msg_qbytes changes while we sleep) 5692729Sdfr */ 5702729Sdfr 5712836Sdg if (msgsz > msqptr->msg_qbytes) { 5722729Sdfr#ifdef MSG_DEBUG_OK 5732729Sdfr printf("msgsz > msqptr->msg_qbytes\n"); 5742729Sdfr#endif 5752729Sdfr return(EINVAL); 5762729Sdfr } 5772729Sdfr 5782729Sdfr if (msqptr->msg_perm.mode & MSG_LOCKED) { 5792729Sdfr#ifdef MSG_DEBUG_OK 5802729Sdfr printf("msqid is locked\n"); 5812729Sdfr#endif 5822729Sdfr need_more_resources = 1; 5832729Sdfr } 5842729Sdfr if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes) { 5852729Sdfr#ifdef MSG_DEBUG_OK 5862729Sdfr printf("msgsz + msg_cbytes > msg_qbytes\n"); 5872729Sdfr#endif 5882729Sdfr need_more_resources = 1; 5892729Sdfr } 5902729Sdfr if (segs_needed > nfree_msgmaps) { 5912729Sdfr#ifdef MSG_DEBUG_OK 5922729Sdfr printf("segs_needed > nfree_msgmaps\n"); 5932729Sdfr#endif 5942729Sdfr need_more_resources = 1; 5952729Sdfr } 5962729Sdfr if (free_msghdrs == NULL) { 5972729Sdfr#ifdef MSG_DEBUG_OK 5982729Sdfr printf("no more msghdrs\n"); 5992729Sdfr#endif 6002729Sdfr need_more_resources = 1; 6012729Sdfr } 6022729Sdfr 6032729Sdfr if (need_more_resources) { 6042729Sdfr int we_own_it; 6052729Sdfr 6062729Sdfr if ((msgflg & IPC_NOWAIT) != 0) { 6072729Sdfr#ifdef MSG_DEBUG_OK 6082729Sdfr printf("need more resources but caller doesn't want to wait\n"); 6092729Sdfr#endif 6102729Sdfr return(EAGAIN); 6112729Sdfr } 6122729Sdfr 6132729Sdfr if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) { 6142729Sdfr#ifdef MSG_DEBUG_OK 6152729Sdfr printf("we don't own the msqid_ds\n"); 6162729Sdfr#endif 6172729Sdfr we_own_it = 0; 6182729Sdfr } else { 6192729Sdfr /* Force later arrivals to wait for our 6202729Sdfr request */ 6212729Sdfr#ifdef MSG_DEBUG_OK 6222729Sdfr printf("we own the msqid_ds\n"); 6232729Sdfr#endif 6242729Sdfr msqptr->msg_perm.mode |= MSG_LOCKED; 6252729Sdfr we_own_it = 1; 6262729Sdfr } 6272729Sdfr#ifdef MSG_DEBUG_OK 6282729Sdfr printf("goodnight\n"); 6292729Sdfr#endif 6302729Sdfr eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, 6312729Sdfr "msgwait", 0); 6322729Sdfr#ifdef MSG_DEBUG_OK 6332729Sdfr printf("good morning, eval=%d\n", eval); 6342729Sdfr#endif 6352729Sdfr if (we_own_it) 6362729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 6372729Sdfr if (eval != 0) { 6382729Sdfr#ifdef MSG_DEBUG_OK 6392729Sdfr printf("msgsnd: interrupted system call\n"); 6402729Sdfr#endif 6412729Sdfr return(EINTR); 6422729Sdfr } 6432729Sdfr 6442729Sdfr /* 6452729Sdfr * Make sure that the msq queue still exists 6462729Sdfr */ 6472729Sdfr 6482729Sdfr if (msqptr->msg_qbytes == 0) { 6492729Sdfr#ifdef MSG_DEBUG_OK 6502729Sdfr printf("msqid deleted\n"); 6512729Sdfr#endif 6522729Sdfr return(EIDRM); 6532729Sdfr } 6542729Sdfr 6552729Sdfr } else { 6562729Sdfr#ifdef MSG_DEBUG_OK 6572729Sdfr printf("got all the resources that we need\n"); 6582729Sdfr#endif 6592729Sdfr break; 6602729Sdfr } 6612729Sdfr } 6622729Sdfr 6632729Sdfr /* 6642729Sdfr * We have the resources that we need. 6652729Sdfr * Make sure! 6662729Sdfr */ 6672729Sdfr 6682729Sdfr if (msqptr->msg_perm.mode & MSG_LOCKED) 6692729Sdfr panic("msg_perm.mode & MSG_LOCKED"); 6702729Sdfr if (segs_needed > nfree_msgmaps) 6712729Sdfr panic("segs_needed > nfree_msgmaps"); 6722729Sdfr if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes) 6732729Sdfr panic("msgsz + msg_cbytes > msg_qbytes"); 6742729Sdfr if (free_msghdrs == NULL) 6752729Sdfr panic("no more msghdrs"); 6762729Sdfr 6772729Sdfr /* 6782729Sdfr * Re-lock the msqid_ds in case we page-fault when copying in the 6792729Sdfr * message 6802729Sdfr */ 6812729Sdfr 6822729Sdfr if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) 6832729Sdfr panic("msqid_ds is already locked"); 6842729Sdfr msqptr->msg_perm.mode |= MSG_LOCKED; 6852729Sdfr 6862729Sdfr /* 6872729Sdfr * Allocate a message header 6882729Sdfr */ 6892729Sdfr 6902729Sdfr msghdr = free_msghdrs; 6912729Sdfr free_msghdrs = msghdr->msg_next; 6922729Sdfr msghdr->msg_spot = -1; 6932729Sdfr msghdr->msg_ts = msgsz; 6942729Sdfr 6952729Sdfr /* 6962729Sdfr * Allocate space for the message 6972729Sdfr */ 6982729Sdfr 6992729Sdfr while (segs_needed > 0) { 7002729Sdfr if (nfree_msgmaps <= 0) 7012729Sdfr panic("not enough msgmaps"); 7022729Sdfr if (free_msgmaps == -1) 7032729Sdfr panic("nil free_msgmaps"); 7042729Sdfr next = free_msgmaps; 7052729Sdfr if (next <= -1) 7062729Sdfr panic("next too low #1"); 7072729Sdfr if (next >= msginfo.msgseg) 7082729Sdfr panic("next out of range #1"); 7092729Sdfr#ifdef MSG_DEBUG_OK 7102729Sdfr printf("allocating segment %d to message\n", next); 7112729Sdfr#endif 7122729Sdfr free_msgmaps = msgmaps[next].next; 7132729Sdfr nfree_msgmaps--; 7142729Sdfr msgmaps[next].next = msghdr->msg_spot; 7152729Sdfr msghdr->msg_spot = next; 7162729Sdfr segs_needed--; 7172729Sdfr } 7182729Sdfr 7192729Sdfr /* 7202729Sdfr * Copy in the message type 7212729Sdfr */ 7222729Sdfr 7232729Sdfr if ((eval = copyin(user_msgp, &msghdr->msg_type, 7242729Sdfr sizeof(msghdr->msg_type))) != 0) { 7252729Sdfr#ifdef MSG_DEBUG_OK 7262729Sdfr printf("error %d copying the message type\n", eval); 7272729Sdfr#endif 7282729Sdfr msg_freehdr(msghdr); 7292729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 7302729Sdfr wakeup((caddr_t)msqptr); 7312729Sdfr return(eval); 7322729Sdfr } 73317971Sbde user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type); 7342729Sdfr 7352729Sdfr /* 7362729Sdfr * Validate the message type 7372729Sdfr */ 7382729Sdfr 7392729Sdfr if (msghdr->msg_type < 1) { 7402729Sdfr msg_freehdr(msghdr); 7412729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 7422729Sdfr wakeup((caddr_t)msqptr); 7432729Sdfr#ifdef MSG_DEBUG_OK 7442729Sdfr printf("mtype (%d) < 1\n", msghdr->msg_type); 7452729Sdfr#endif 7462729Sdfr return(EINVAL); 7472729Sdfr } 7482729Sdfr 7492729Sdfr /* 7502729Sdfr * Copy in the message body 7512729Sdfr */ 7522729Sdfr 7532729Sdfr next = msghdr->msg_spot; 7542729Sdfr while (msgsz > 0) { 7552729Sdfr size_t tlen; 7562729Sdfr if (msgsz > msginfo.msgssz) 7572729Sdfr tlen = msginfo.msgssz; 7582729Sdfr else 7592729Sdfr tlen = msgsz; 7602729Sdfr if (next <= -1) 7612729Sdfr panic("next too low #2"); 7622729Sdfr if (next >= msginfo.msgseg) 7632729Sdfr panic("next out of range #2"); 7642729Sdfr if ((eval = copyin(user_msgp, &msgpool[next * msginfo.msgssz], 7652729Sdfr tlen)) != 0) { 7662729Sdfr#ifdef MSG_DEBUG_OK 7672729Sdfr printf("error %d copying in message segment\n", eval); 7682729Sdfr#endif 7692729Sdfr msg_freehdr(msghdr); 7702729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 7712729Sdfr wakeup((caddr_t)msqptr); 7722729Sdfr return(eval); 7732729Sdfr } 7742729Sdfr msgsz -= tlen; 77517971Sbde user_msgp = (char *)user_msgp + tlen; 7762729Sdfr next = msgmaps[next].next; 7772729Sdfr } 7782729Sdfr if (next != -1) 7792729Sdfr panic("didn't use all the msg segments"); 7802729Sdfr 7812729Sdfr /* 7822729Sdfr * We've got the message. Unlock the msqid_ds. 7832729Sdfr */ 7842729Sdfr 7852729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 7862729Sdfr 7872729Sdfr /* 7882729Sdfr * Make sure that the msqid_ds is still allocated. 7892729Sdfr */ 7902729Sdfr 7912729Sdfr if (msqptr->msg_qbytes == 0) { 7922729Sdfr msg_freehdr(msghdr); 7932729Sdfr wakeup((caddr_t)msqptr); 7942729Sdfr return(EIDRM); 7952729Sdfr } 7962729Sdfr 7972729Sdfr /* 7982729Sdfr * Put the message into the queue 7992729Sdfr */ 8002729Sdfr 8012729Sdfr if (msqptr->msg_first == NULL) { 8022729Sdfr msqptr->msg_first = msghdr; 8032729Sdfr msqptr->msg_last = msghdr; 8042729Sdfr } else { 8052729Sdfr msqptr->msg_last->msg_next = msghdr; 8062729Sdfr msqptr->msg_last = msghdr; 8072729Sdfr } 8082729Sdfr msqptr->msg_last->msg_next = NULL; 8092729Sdfr 8102729Sdfr msqptr->msg_cbytes += msghdr->msg_ts; 8112729Sdfr msqptr->msg_qnum++; 8122729Sdfr msqptr->msg_lspid = p->p_pid; 81334961Sphk msqptr->msg_stime = time_second; 8142729Sdfr 8152729Sdfr wakeup((caddr_t)msqptr); 81630994Sphk p->p_retval[0] = 0; 8172729Sdfr return(0); 8182729Sdfr} 8192729Sdfr 82012866Speter#ifndef _SYS_SYSPROTO_H_ 8212729Sdfrstruct msgrcv_args { 8222729Sdfr int msqid; 8232729Sdfr void *msgp; 8242729Sdfr size_t msgsz; 8252729Sdfr long msgtyp; 8262729Sdfr int msgflg; 8272729Sdfr}; 82812866Speter#endif 8292729Sdfr 83012866Speterint 83130994Sphkmsgrcv(p, uap) 8322729Sdfr struct proc *p; 8332729Sdfr register struct msgrcv_args *uap; 8342729Sdfr{ 8352729Sdfr int msqid = uap->msqid; 8362729Sdfr void *user_msgp = uap->msgp; 8372729Sdfr size_t msgsz = uap->msgsz; 8382729Sdfr long msgtyp = uap->msgtyp; 8392729Sdfr int msgflg = uap->msgflg; 8402729Sdfr size_t len; 8412729Sdfr register struct msqid_ds *msqptr; 8422729Sdfr register struct msg *msghdr; 8432729Sdfr int eval; 8442729Sdfr short next; 8452729Sdfr 8462729Sdfr#ifdef MSG_DEBUG_OK 8472729Sdfr printf("call to msgrcv(%d, 0x%x, %d, %ld, %d)\n", msqid, user_msgp, 8482729Sdfr msgsz, msgtyp, msgflg); 8492729Sdfr#endif 8502729Sdfr 85168024Srwatson if (!jail_sysvipc_allowed && p->p_prison != NULL) 85268024Srwatson return (ENOSYS); 85368024Srwatson 8542729Sdfr msqid = IPCID_TO_IX(msqid); 8552729Sdfr 8562729Sdfr if (msqid < 0 || msqid >= msginfo.msgmni) { 8572729Sdfr#ifdef MSG_DEBUG_OK 8582729Sdfr printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 8592729Sdfr msginfo.msgmni); 8602729Sdfr#endif 8612729Sdfr return(EINVAL); 8622729Sdfr } 8632729Sdfr 8642729Sdfr msqptr = &msqids[msqid]; 8652729Sdfr if (msqptr->msg_qbytes == 0) { 8662729Sdfr#ifdef MSG_DEBUG_OK 8672729Sdfr printf("no such message queue id\n"); 8682729Sdfr#endif 8692729Sdfr return(EINVAL); 8702729Sdfr } 8712729Sdfr if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 8722729Sdfr#ifdef MSG_DEBUG_OK 8732729Sdfr printf("wrong sequence number\n"); 8742729Sdfr#endif 8752729Sdfr return(EINVAL); 8762729Sdfr } 8772729Sdfr 87846116Sphk if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_R))) { 8792729Sdfr#ifdef MSG_DEBUG_OK 8802729Sdfr printf("requester doesn't have read access\n"); 8812729Sdfr#endif 8822729Sdfr return(eval); 8832729Sdfr } 8842729Sdfr 8852729Sdfr msghdr = NULL; 8862729Sdfr while (msghdr == NULL) { 8872729Sdfr if (msgtyp == 0) { 8882729Sdfr msghdr = msqptr->msg_first; 8892729Sdfr if (msghdr != NULL) { 8902729Sdfr if (msgsz < msghdr->msg_ts && 8912729Sdfr (msgflg & MSG_NOERROR) == 0) { 8922729Sdfr#ifdef MSG_DEBUG_OK 8932729Sdfr printf("first message on the queue is too big (want %d, got %d)\n", 8942729Sdfr msgsz, msghdr->msg_ts); 8952729Sdfr#endif 8962729Sdfr return(E2BIG); 8972729Sdfr } 8982729Sdfr if (msqptr->msg_first == msqptr->msg_last) { 8992729Sdfr msqptr->msg_first = NULL; 9002729Sdfr msqptr->msg_last = NULL; 9012729Sdfr } else { 9022729Sdfr msqptr->msg_first = msghdr->msg_next; 9032729Sdfr if (msqptr->msg_first == NULL) 9042729Sdfr panic("msg_first/last screwed up #1"); 9052729Sdfr } 9062729Sdfr } 9072729Sdfr } else { 9082729Sdfr struct msg *previous; 9092729Sdfr struct msg **prev; 9102729Sdfr 9112729Sdfr previous = NULL; 9122729Sdfr prev = &(msqptr->msg_first); 9132729Sdfr while ((msghdr = *prev) != NULL) { 9142729Sdfr /* 9152729Sdfr * Is this message's type an exact match or is 9162729Sdfr * this message's type less than or equal to 9172729Sdfr * the absolute value of a negative msgtyp? 9182729Sdfr * Note that the second half of this test can 9192729Sdfr * NEVER be true if msgtyp is positive since 9202729Sdfr * msg_type is always positive! 9212729Sdfr */ 9222729Sdfr 9232729Sdfr if (msgtyp == msghdr->msg_type || 9242729Sdfr msghdr->msg_type <= -msgtyp) { 9252729Sdfr#ifdef MSG_DEBUG_OK 9262729Sdfr printf("found message type %d, requested %d\n", 9272729Sdfr msghdr->msg_type, msgtyp); 9282729Sdfr#endif 9292729Sdfr if (msgsz < msghdr->msg_ts && 9302729Sdfr (msgflg & MSG_NOERROR) == 0) { 9312729Sdfr#ifdef MSG_DEBUG_OK 9322729Sdfr printf("requested message on the queue is too big (want %d, got %d)\n", 9332729Sdfr msgsz, msghdr->msg_ts); 9342729Sdfr#endif 9352729Sdfr return(E2BIG); 9362729Sdfr } 9372729Sdfr *prev = msghdr->msg_next; 9382729Sdfr if (msghdr == msqptr->msg_last) { 9392729Sdfr if (previous == NULL) { 9402729Sdfr if (prev != 9412729Sdfr &msqptr->msg_first) 9422729Sdfr panic("msg_first/last screwed up #2"); 9432729Sdfr msqptr->msg_first = 9442729Sdfr NULL; 9452729Sdfr msqptr->msg_last = 9462729Sdfr NULL; 9472729Sdfr } else { 9482729Sdfr if (prev == 9492729Sdfr &msqptr->msg_first) 9502729Sdfr panic("msg_first/last screwed up #3"); 9512729Sdfr msqptr->msg_last = 9522729Sdfr previous; 9532729Sdfr } 9542729Sdfr } 9552729Sdfr break; 9562729Sdfr } 9572729Sdfr previous = msghdr; 9582729Sdfr prev = &(msghdr->msg_next); 9592729Sdfr } 9602729Sdfr } 9612729Sdfr 9622729Sdfr /* 9632729Sdfr * We've either extracted the msghdr for the appropriate 9642729Sdfr * message or there isn't one. 9652729Sdfr * If there is one then bail out of this loop. 9662729Sdfr */ 9672729Sdfr 9682729Sdfr if (msghdr != NULL) 9692729Sdfr break; 9702729Sdfr 9712729Sdfr /* 9722729Sdfr * Hmph! No message found. Does the user want to wait? 9732729Sdfr */ 9742729Sdfr 9752729Sdfr if ((msgflg & IPC_NOWAIT) != 0) { 9762729Sdfr#ifdef MSG_DEBUG_OK 9772729Sdfr printf("no appropriate message found (msgtyp=%d)\n", 9782729Sdfr msgtyp); 9792729Sdfr#endif 9802729Sdfr /* The SVID says to return ENOMSG. */ 9812729Sdfr#ifdef ENOMSG 9822729Sdfr return(ENOMSG); 9832729Sdfr#else 9842729Sdfr /* Unfortunately, BSD doesn't define that code yet! */ 9852729Sdfr return(EAGAIN); 9862729Sdfr#endif 9872729Sdfr } 9882729Sdfr 9892729Sdfr /* 9902729Sdfr * Wait for something to happen 9912729Sdfr */ 9922729Sdfr 9932729Sdfr#ifdef MSG_DEBUG_OK 9942729Sdfr printf("msgrcv: goodnight\n"); 9952729Sdfr#endif 9962729Sdfr eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, "msgwait", 9972729Sdfr 0); 9982729Sdfr#ifdef MSG_DEBUG_OK 9992729Sdfr printf("msgrcv: good morning (eval=%d)\n", eval); 10002729Sdfr#endif 10012729Sdfr 10022729Sdfr if (eval != 0) { 10032729Sdfr#ifdef MSG_DEBUG_OK 10042729Sdfr printf("msgsnd: interrupted system call\n"); 10052729Sdfr#endif 10062729Sdfr return(EINTR); 10072729Sdfr } 10082729Sdfr 10092729Sdfr /* 10102729Sdfr * Make sure that the msq queue still exists 10112729Sdfr */ 10122729Sdfr 10132729Sdfr if (msqptr->msg_qbytes == 0 || 10142729Sdfr msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 10152729Sdfr#ifdef MSG_DEBUG_OK 10162729Sdfr printf("msqid deleted\n"); 10172729Sdfr#endif 10182729Sdfr return(EIDRM); 10192729Sdfr } 10202729Sdfr } 10212729Sdfr 10222729Sdfr /* 10232729Sdfr * Return the message to the user. 10242729Sdfr * 10252729Sdfr * First, do the bookkeeping (before we risk being interrupted). 10262729Sdfr */ 10272729Sdfr 10282729Sdfr msqptr->msg_cbytes -= msghdr->msg_ts; 10292729Sdfr msqptr->msg_qnum--; 10302729Sdfr msqptr->msg_lrpid = p->p_pid; 103134961Sphk msqptr->msg_rtime = time_second; 10322729Sdfr 10332729Sdfr /* 10342729Sdfr * Make msgsz the actual amount that we'll be returning. 10352729Sdfr * Note that this effectively truncates the message if it is too long 10362729Sdfr * (since msgsz is never increased). 10372729Sdfr */ 10382729Sdfr 10392729Sdfr#ifdef MSG_DEBUG_OK 10402729Sdfr printf("found a message, msgsz=%d, msg_ts=%d\n", msgsz, 10412729Sdfr msghdr->msg_ts); 10422729Sdfr#endif 10432729Sdfr if (msgsz > msghdr->msg_ts) 10442729Sdfr msgsz = msghdr->msg_ts; 10452729Sdfr 10462729Sdfr /* 10472729Sdfr * Return the type to the user. 10482729Sdfr */ 10492729Sdfr 10502729Sdfr eval = copyout((caddr_t)&(msghdr->msg_type), user_msgp, 10512729Sdfr sizeof(msghdr->msg_type)); 10522729Sdfr if (eval != 0) { 10532729Sdfr#ifdef MSG_DEBUG_OK 10542729Sdfr printf("error (%d) copying out message type\n", eval); 10552729Sdfr#endif 10562729Sdfr msg_freehdr(msghdr); 10572729Sdfr wakeup((caddr_t)msqptr); 10582729Sdfr return(eval); 10592729Sdfr } 106017971Sbde user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type); 10612729Sdfr 10622729Sdfr /* 10632729Sdfr * Return the segments to the user 10642729Sdfr */ 10652729Sdfr 10662729Sdfr next = msghdr->msg_spot; 10672729Sdfr for (len = 0; len < msgsz; len += msginfo.msgssz) { 10682729Sdfr size_t tlen; 10692729Sdfr 107045921Ssada if (msgsz - len > msginfo.msgssz) 10712729Sdfr tlen = msginfo.msgssz; 10722729Sdfr else 107345921Ssada tlen = msgsz - len; 10742729Sdfr if (next <= -1) 10752729Sdfr panic("next too low #3"); 10762729Sdfr if (next >= msginfo.msgseg) 10772729Sdfr panic("next out of range #3"); 10782729Sdfr eval = copyout((caddr_t)&msgpool[next * msginfo.msgssz], 10792729Sdfr user_msgp, tlen); 10802729Sdfr if (eval != 0) { 10812729Sdfr#ifdef MSG_DEBUG_OK 10822729Sdfr printf("error (%d) copying out message segment\n", 10832729Sdfr eval); 10842729Sdfr#endif 10852729Sdfr msg_freehdr(msghdr); 10862729Sdfr wakeup((caddr_t)msqptr); 10872729Sdfr return(eval); 10882729Sdfr } 108917971Sbde user_msgp = (char *)user_msgp + tlen; 10902729Sdfr next = msgmaps[next].next; 10912729Sdfr } 10922729Sdfr 10932729Sdfr /* 10942729Sdfr * Done, return the actual number of bytes copied out. 10952729Sdfr */ 10962729Sdfr 10972729Sdfr msg_freehdr(msghdr); 10982729Sdfr wakeup((caddr_t)msqptr); 109930994Sphk p->p_retval[0] = msgsz; 11002729Sdfr return(0); 11012729Sdfr} 1102