sysv_msg.c revision 83765
150477Speter/* $FreeBSD: head/sys/kern/sysv_msg.c 83765 2001-09-21 09:25:17Z mr $ */ 22729Sdfr 32729Sdfr/* 42729Sdfr * Implementation of SVID messages 52729Sdfr * 62729Sdfr * Author: Daniel Boulet 72729Sdfr * 82729Sdfr * Copyright 1993 Daniel Boulet and RTMX Inc. 92729Sdfr * 102729Sdfr * This system call was implemented by Daniel Boulet under contract from RTMX. 112729Sdfr * 122729Sdfr * Redistribution and use in source forms, with and without modification, 132729Sdfr * are permitted provided that this entire comment appears intact. 142729Sdfr * 152729Sdfr * Redistribution in binary form may occur without any restrictions. 162729Sdfr * Obviously, it would be nice if you gave credit where credit is due 172729Sdfr * but requiring it would be too onerous. 182729Sdfr * 192729Sdfr * This software is provided ``AS IS'' without any warranties of any kind. 202729Sdfr */ 212729Sdfr 2259839Speter#include "opt_sysvipc.h" 2359839Speter 242729Sdfr#include <sys/param.h> 252729Sdfr#include <sys/systm.h> 2611626Sbde#include <sys/sysproto.h> 272729Sdfr#include <sys/kernel.h> 282729Sdfr#include <sys/proc.h> 292729Sdfr#include <sys/lock.h> 3011626Sbde#include <sys/mutex.h> 3159839Speter#include <sys/msg.h> 3259839Speter#include <sys/syscall.h> 3368024Srwatson#include <sys/sysent.h> 342729Sdfr#include <sys/sysctl.h> 3559839Speter#include <sys/malloc.h> 3659839Speter#include <sys/jail.h> 3710653Sdg 3810358Sjulianstatic MALLOC_DEFINE(M_MSG, "msg", "SVID compatible message queues"); 392729Sdfr 402729Sdfrstatic void msginit __P((void)); 412729Sdfrstatic int msgunload __P((void)); 4211626Sbdestatic int sysvmsg_modload __P((struct module *, int, void *)); 432729Sdfr 4411626Sbde#define MSG_DEBUG 4512819Sphk#undef MSG_DEBUG_OK 4611626Sbde 4711626Sbdestatic void msg_freehdr __P((struct msg *msghdr)); 4811626Sbde 492729Sdfr/* XXX casting to (sy_call_t *) is bogus, as usual. */ 5059839Speterstatic sy_call_t *msgcalls[] = { 5159839Speter (sy_call_t *)msgctl, (sy_call_t *)msgget, 5259839Speter (sy_call_t *)msgsnd, (sy_call_t *)msgrcv 5359839Speter}; 5459839Speter 5559839Speterstruct msg { 5659839Speter struct msg *msg_next; /* next msg in the chain */ 5759839Speter long msg_type; /* type of this message */ 5859839Speter /* >0 -> type of this message */ 5959839Speter /* 0 -> free header */ 6059839Speter u_short msg_ts; /* size of this message */ 6159839Speter short msg_spot; /* location of start of msg in buffer */ 6259839Speter}; 6359839Speter 6459839Speter 6559839Speter#ifndef MSGSSZ 6659839Speter#define MSGSSZ 8 /* Each segment must be 2^N long */ 6759839Speter#endif 6859839Speter#ifndef MSGSEG 6959839Speter#define MSGSEG 2048 /* must be less than 32767 */ 7059839Speter#endif 7159839Speter#define MSGMAX (MSGSSZ*MSGSEG) 7259839Speter#ifndef MSGMNB 7359839Speter#define MSGMNB 2048 /* max # of bytes in a queue */ 7459839Speter#endif 7559839Speter#ifndef MSGMNI 7659839Speter#define MSGMNI 40 7759839Speter#endif 7859839Speter#ifndef MSGTQL 7959839Speter#define MSGTQL 40 8059839Speter#endif 8159839Speter 8259839Speter/* 8359839Speter * Based on the configuration parameters described in an SVR2 (yes, two) 8459839Speter * config(1m) man page. 8559839Speter * 8659839Speter * Each message is broken up and stored in segments that are msgssz bytes 8759839Speter * long. For efficiency reasons, this should be a power of two. Also, 8859839Speter * it doesn't make sense if it is less than 8 or greater than about 256. 8959839Speter * Consequently, msginit in kern/sysv_msg.c checks that msgssz is a power of 9059839Speter * two between 8 and 1024 inclusive (and panic's if it isn't). 9159839Speter */ 9259839Speterstruct msginfo msginfo = { 9359839Speter MSGMAX, /* max chars in a message */ 9459839Speter MSGMNI, /* # of message queue identifiers */ 9559839Speter MSGMNB, /* max chars in a queue */ 9659839Speter MSGTQL, /* max messages in system */ 9759839Speter MSGSSZ, /* size of a message segment */ 9859839Speter /* (must be small power of 2 greater than 4) */ 9959839Speter MSGSEG /* number of message segments */ 10059839Speter}; 10159839Speter 10259839Speter/* 10359839Speter * macros to convert between msqid_ds's and msqid's. 10459839Speter * (specific to this implementation) 10559839Speter */ 10659839Speter#define MSQID(ix,ds) ((ix) & 0xffff | (((ds).msg_perm.seq << 16) & 0xffff0000)) 10759839Speter#define MSQID_IX(id) ((id) & 0xffff) 10859839Speter#define MSQID_SEQ(id) (((id) >> 16) & 0xffff) 10959839Speter 11059839Speter/* 11159839Speter * The rest of this file is specific to this particular implementation. 11259839Speter */ 11359839Speter 11459839Speterstruct msgmap { 11559839Speter short next; /* next segment in buffer */ 11659839Speter /* -1 -> available */ 11712819Sphk /* 0..(MSGSEG-1) -> index of next segment */ 11812819Sphk}; 11959839Speter 12059839Speter#define MSG_LOCKED 01000 /* Is this msqid_ds locked? */ 12159839Speter 12259839Speterstatic int nfree_msgmaps; /* # of free map entries */ 12359839Speterstatic short free_msgmaps; /* head of linked list of free map entries */ 1242729Sdfrstatic struct msg *free_msghdrs;/* list of free msg headers */ 12559839Speterstatic char *msgpool; /* MSGMAX byte long msg buffer pool */ 12611626Sbdestatic struct msgmap *msgmaps; /* MSGSEG msgmap structures */ 12711626Sbdestatic struct msg *msghdrs; /* MSGTQL msg headers */ 1282729Sdfrstatic struct msqid_ds *msqids; /* MSGMNI msqid_ds struct's */ 1292729Sdfr 1302729Sdfrstatic void 13159839Spetermsginit() 13259839Speter{ 13359839Speter register int i; 13459839Speter 13559839Speter TUNABLE_INT_FETCH("kern.ipc.msgseg", &msginfo.msgseg); 13659839Speter TUNABLE_INT_FETCH("kern.ipc.msgssz", &msginfo.msgssz); 13759839Speter msginfo.msgmax = msginfo.msgseg * msginfo.msgssz; 13859839Speter TUNABLE_INT_FETCH("kern.ipc.msgmni", &msginfo.msgmni); 13959839Speter 14059839Speter msgpool = malloc(msginfo.msgmax, M_MSG, M_WAITOK); 14159839Speter if (msgpool == NULL) 14259839Speter panic("msgpool is NULL"); 14359839Speter msgmaps = malloc(sizeof(struct msgmap) * msginfo.msgseg, M_MSG, M_WAITOK); 1442729Sdfr if (msgmaps == NULL) 1452729Sdfr panic("msgmaps is NULL"); 1462729Sdfr msghdrs = malloc(sizeof(struct msg) * msginfo.msgtql, M_MSG, M_WAITOK); 1472729Sdfr if (msghdrs == NULL) 1482729Sdfr panic("msghdrs is NULL"); 1492729Sdfr msqids = malloc(sizeof(struct msqid_ds) * msginfo.msgmni, M_MSG, M_WAITOK); 1502729Sdfr if (msqids == NULL) 1512729Sdfr panic("msqids is NULL"); 1522729Sdfr 1532729Sdfr /* 1542729Sdfr * msginfo.msgssz should be a power of two for efficiency reasons. 1552729Sdfr * It is also pretty silly if msginfo.msgssz is less than 8 1562729Sdfr * or greater than about 256 so ... 1572729Sdfr */ 1582729Sdfr 1592729Sdfr i = 8; 1602729Sdfr while (i < 1024 && i != msginfo.msgssz) 1612729Sdfr i <<= 1; 1622729Sdfr if (i != msginfo.msgssz) { 1632729Sdfr printf("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz, 1642729Sdfr msginfo.msgssz); 1652729Sdfr panic("msginfo.msgssz not a small power of 2"); 1662729Sdfr } 1672729Sdfr 1682729Sdfr if (msginfo.msgseg > 32767) { 1692729Sdfr printf("msginfo.msgseg=%d\n", msginfo.msgseg); 1702729Sdfr panic("msginfo.msgseg > 32767"); 1712729Sdfr } 1722729Sdfr 1732729Sdfr if (msgmaps == NULL) 1742729Sdfr panic("msgmaps is NULL"); 1752729Sdfr 1762729Sdfr for (i = 0; i < msginfo.msgseg; i++) { 1772729Sdfr if (i > 0) 1782729Sdfr msgmaps[i-1].next = i; 1792729Sdfr msgmaps[i].next = -1; /* implies entry is available */ 1802729Sdfr } 1812729Sdfr free_msgmaps = 0; 1822729Sdfr nfree_msgmaps = msginfo.msgseg; 1832729Sdfr 1842729Sdfr if (msghdrs == NULL) 1852729Sdfr panic("msghdrs is NULL"); 1862729Sdfr 1872729Sdfr for (i = 0; i < msginfo.msgtql; i++) { 1882729Sdfr msghdrs[i].msg_type = 0; 1892729Sdfr if (i > 0) 1902729Sdfr msghdrs[i-1].msg_next = &msghdrs[i]; 1912729Sdfr msghdrs[i].msg_next = NULL; 19266085Speter } 1932729Sdfr free_msghdrs = &msghdrs[0]; 1942729Sdfr 19559839Speter if (msqids == NULL) 1962729Sdfr panic("msqids is NULL"); 1972729Sdfr 1982729Sdfr for (i = 0; i < msginfo.msgmni; i++) { 1992729Sdfr msqids[i].msg_qbytes = 0; /* implies entry is available */ 2002729Sdfr msqids[i].msg_perm.seq = 0; /* reset to a known value */ 20130994Sphk msqids[i].msg_perm.mode = 0; 20211626Sbde } 20311626Sbde} 20411626Sbde 20511626Sbdestatic int 20611626Sbdemsgunload() 20711626Sbde{ 20811626Sbde struct msqid_ds *msqptr; 20911626Sbde int msqid; 21011626Sbde 21111626Sbde for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 2122729Sdfr /* 2132729Sdfr * Look for an unallocated and unlocked msqid_ds. 21468024Srwatson * msqid_ds's can be locked by msgsnd or msgrcv while 21568024Srwatson * they are copying the message in/out. We can't 21668024Srwatson * re-use the entry until they release it. 2172729Sdfr */ 2182729Sdfr msqptr = &msqids[msqid]; 21930994Sphk if (msqptr->msg_qbytes != 0 || 2202729Sdfr (msqptr->msg_perm.mode & MSG_LOCKED) != 0) 2212729Sdfr break; 2222729Sdfr } 2232729Sdfr if (msqid != msginfo.msgmni) 2242729Sdfr return (EBUSY); 2252729Sdfr 2262729Sdfr free(msgpool, M_MSG); 2272729Sdfr free(msgmaps, M_MSG); 2282729Sdfr free(msghdrs, M_MSG); 2292729Sdfr free(msqids, M_MSG); 2302729Sdfr return (0); 2312729Sdfr} 2322729Sdfr 2332729Sdfr 2342729Sdfrstatic int 2352729Sdfrsysvmsg_modload(struct module *module, int cmd, void *arg) 2362729Sdfr{ 2372729Sdfr int error = 0; 2382729Sdfr 2392729Sdfr switch (cmd) { 2402729Sdfr case MOD_LOAD: 2412729Sdfr msginit(); 2422729Sdfr break; 2432729Sdfr case MOD_UNLOAD: 2442729Sdfr error = msgunload(); 2452729Sdfr break; 24612866Speter case MOD_SHUTDOWN: 2472729Sdfr break; 2482729Sdfr default: 2492729Sdfr error = EINVAL; 25012866Speter break; 2512729Sdfr } 25212866Speter return (error); 2532729Sdfr} 25412866Speter 25530994Sphkstatic moduledata_t sysvmsg_mod = { 2562729Sdfr "sysvmsg", 2572729Sdfr &sysvmsg_modload, 2582729Sdfr NULL 2592729Sdfr}; 2602729Sdfr 26112866SpeterSYSCALL_MODULE_HELPER(msgsys, 6); 2623308SphkSYSCALL_MODULE_HELPER(msgctl, 3); 2632729SdfrSYSCALL_MODULE_HELPER(msgget, 2); 2642729SdfrSYSCALL_MODULE_HELPER(msgsnd, 4); 2652729SdfrSYSCALL_MODULE_HELPER(msgrcv, 5); 2662729Sdfr 2672729SdfrDECLARE_MODULE(sysvmsg, sysvmsg_mod, 2682729Sdfr SI_SUB_SYSV_MSG, SI_ORDER_FIRST); 2692729SdfrMODULE_VERSION(sysvmsg, 1); 27068024Srwatson 27168024Srwatson/* 27268024Srwatson * Entry point for all MSG calls 2732729Sdfr * 2742729Sdfr * MPSAFE 2752729Sdfr */ 2762729Sdfrint 2772729Sdfrmsgsys(td, uap) 2782729Sdfr struct thread *td; 2792729Sdfr /* XXX actually varargs. */ 2802729Sdfr struct msgsys_args /* { 2812729Sdfr u_int which; 2822729Sdfr int a2; 2832729Sdfr int a3; 2842729Sdfr int a4; 2852729Sdfr int a5; 2862729Sdfr int a6; 2872729Sdfr } */ *uap; 2882729Sdfr{ 2892729Sdfr int error; 2902729Sdfr 2912729Sdfr mtx_lock(&Giant); 2922729Sdfr if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { 2932729Sdfr error = ENOSYS; 2942729Sdfr goto done2; 2952729Sdfr } 2962729Sdfr if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0])) { 2972729Sdfr error = EINVAL; 2982729Sdfr goto done2; 2992729Sdfr } 3002729Sdfr error = (*msgcalls[uap->which])(td, &uap->a2); 3012729Sdfrdone2: 3022729Sdfr mtx_unlock(&Giant); 3032729Sdfr return (error); 3042729Sdfr} 3052729Sdfr 30646116Sphkstatic void 3072729Sdfrmsg_freehdr(msghdr) 3082729Sdfr struct msg *msghdr; 3092729Sdfr{ 3102729Sdfr while (msghdr->msg_ts > 0) { 3112729Sdfr short next; 3122729Sdfr if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg) 3132729Sdfr panic("msghdr->msg_spot out of range"); 3142729Sdfr next = msgmaps[msghdr->msg_spot].next; 3152729Sdfr msgmaps[msghdr->msg_spot].next = free_msgmaps; 3162729Sdfr free_msgmaps = msghdr->msg_spot; 3172729Sdfr nfree_msgmaps++; 3182729Sdfr msghdr->msg_spot = next; 3192729Sdfr if (msghdr->msg_ts >= msginfo.msgssz) 3202729Sdfr msghdr->msg_ts -= msginfo.msgssz; 3212729Sdfr else 3222729Sdfr msghdr->msg_ts = 0; 3232729Sdfr } 3242729Sdfr if (msghdr->msg_spot != -1) 3252729Sdfr panic("msghdr->msg_spot != -1"); 3262729Sdfr msghdr->msg_next = free_msghdrs; 3272729Sdfr free_msghdrs = msghdr; 3282729Sdfr} 3292729Sdfr 3302729Sdfr#ifndef _SYS_SYSPROTO_H_ 3312729Sdfrstruct msgctl_args { 3322729Sdfr int msqid; 3332729Sdfr int cmd; 33446116Sphk struct msqid_ds *buf; 3352729Sdfr}; 3362729Sdfr#endif 3372729Sdfr 33843426Sphk/* 33946116Sphk * MPSAFE 34043426Sphk */ 34143426Sphkint 34243426Sphkmsgctl(td, uap) 3432729Sdfr struct thread *td; 3442729Sdfr register struct msgctl_args *uap; 3452729Sdfr{ 3462729Sdfr int msqid = uap->msqid; 3472729Sdfr int cmd = uap->cmd; 3482729Sdfr struct msqid_ds *user_msqptr = uap->buf; 3492729Sdfr int rval, error; 3502729Sdfr struct msqid_ds msqbuf; 3512729Sdfr register struct msqid_ds *msqptr; 3522729Sdfr 3532729Sdfr#ifdef MSG_DEBUG_OK 3542729Sdfr printf("call to msgctl(%d, %d, 0x%x)\n", msqid, cmd, user_msqptr); 3552729Sdfr#endif 3562729Sdfr mtx_lock(&Giant); 3572729Sdfr if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { 3582729Sdfr error = ENOSYS; 3592729Sdfr goto done2; 3602729Sdfr } 36134961Sphk 3622729Sdfr msqid = IPCID_TO_IX(msqid); 3632729Sdfr 3642729Sdfr if (msqid < 0 || msqid >= msginfo.msgmni) { 36546116Sphk#ifdef MSG_DEBUG_OK 3662729Sdfr printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 3672729Sdfr msginfo.msgmni); 3682729Sdfr#endif 3692729Sdfr error = EINVAL; 3702729Sdfr goto done2; 3712729Sdfr } 3722729Sdfr 3732729Sdfr msqptr = &msqids[msqid]; 3742729Sdfr 3752729Sdfr if (msqptr->msg_qbytes == 0) { 3762729Sdfr#ifdef MSG_DEBUG_OK 3772729Sdfr printf("no such msqid\n"); 3782729Sdfr#endif 3792729Sdfr error = EINVAL; 3802729Sdfr goto done2; 3812729Sdfr } 3822729Sdfr if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 38330994Sphk#ifdef MSG_DEBUG_OK 3842729Sdfr printf("wrong sequence number\n"); 3852729Sdfr#endif 3862729Sdfr error = EINVAL; 38712866Speter goto done2; 3882729Sdfr } 3892729Sdfr 3902729Sdfr error = 0; 3912729Sdfr rval = 0; 39212866Speter 3932729Sdfr switch (cmd) { 39412866Speter 39530994Sphk case IPC_RMID: 3962729Sdfr { 3972729Sdfr struct msg *msghdr; 3982729Sdfr if ((error = ipcperm(td, &msqptr->msg_perm, IPC_M))) 3992729Sdfr goto done2; 4002729Sdfr /* Free the message headers */ 4012729Sdfr msghdr = msqptr->msg_first; 4022729Sdfr while (msghdr != NULL) { 4032836Sdg struct msg *msghdr_tmp; 4042729Sdfr 4052729Sdfr /* Free the segments of each message */ 4062729Sdfr msqptr->msg_cbytes -= msghdr->msg_ts; 4072729Sdfr msqptr->msg_qnum--; 4082729Sdfr msghdr_tmp = msghdr; 40968024Srwatson msghdr = msghdr->msg_next; 41068024Srwatson msg_freehdr(msghdr_tmp); 41168024Srwatson } 4122729Sdfr 4132729Sdfr if (msqptr->msg_cbytes != 0) 4142729Sdfr panic("msg_cbytes is screwed up"); 4152729Sdfr if (msqptr->msg_qnum != 0) 4162729Sdfr panic("msg_qnum is screwed up"); 4172729Sdfr 4182729Sdfr msqptr->msg_qbytes = 0; /* Mark it as free */ 4192729Sdfr 4202729Sdfr wakeup((caddr_t)msqptr); 4212729Sdfr } 4222729Sdfr 4232729Sdfr break; 4242729Sdfr 4252729Sdfr case IPC_SET: 4262729Sdfr if ((error = ipcperm(td, &msqptr->msg_perm, IPC_M))) 4272729Sdfr goto done2; 4282729Sdfr if ((error = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0) 42946116Sphk goto done2; 4302729Sdfr if (msqbuf.msg_qbytes > msqptr->msg_qbytes) { 4312729Sdfr error = suser_td(td); 4322729Sdfr if (error) 4332729Sdfr goto done2; 4342729Sdfr } 4352729Sdfr if (msqbuf.msg_qbytes > msginfo.msgmnb) { 4362729Sdfr#ifdef MSG_DEBUG_OK 4372729Sdfr printf("can't increase msg_qbytes beyond %d (truncating)\n", 4382729Sdfr msginfo.msgmnb); 4392729Sdfr#endif 4402729Sdfr msqbuf.msg_qbytes = msginfo.msgmnb; /* silently restrict qbytes to system limit */ 4412729Sdfr } 4422729Sdfr if (msqbuf.msg_qbytes == 0) { 4432729Sdfr#ifdef MSG_DEBUG_OK 4442729Sdfr printf("can't reduce msg_qbytes to 0\n"); 4452729Sdfr#endif 4462729Sdfr error = EINVAL; /* non-standard errno! */ 4472729Sdfr goto done2; 4482729Sdfr } 4492729Sdfr msqptr->msg_perm.uid = msqbuf.msg_perm.uid; /* change the owner */ 4502729Sdfr msqptr->msg_perm.gid = msqbuf.msg_perm.gid; /* change the owner */ 4512729Sdfr msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) | 4522729Sdfr (msqbuf.msg_perm.mode & 0777); 4532729Sdfr msqptr->msg_qbytes = msqbuf.msg_qbytes; 4542729Sdfr msqptr->msg_ctime = time_second; 4552729Sdfr break; 4562729Sdfr 4572729Sdfr case IPC_STAT: 4582729Sdfr if ((error = ipcperm(td, &msqptr->msg_perm, IPC_R))) { 4592729Sdfr#ifdef MSG_DEBUG_OK 4608876Srgrimes printf("requester doesn't have read access\n"); 4612729Sdfr#endif 4622729Sdfr goto done2; 4632729Sdfr } 4642729Sdfr error = copyout((caddr_t)msqptr, user_msqptr, 4652729Sdfr sizeof(struct msqid_ds)); 4662729Sdfr break; 4672729Sdfr 4682729Sdfr default: 4692729Sdfr#ifdef MSG_DEBUG_OK 4702729Sdfr printf("invalid command %d\n", cmd); 4712729Sdfr#endif 4722729Sdfr error = EINVAL; 4732729Sdfr goto done2; 4742729Sdfr } 4752729Sdfr 4762729Sdfr if (error == 0) 4772729Sdfr td->td_retval[0] = rval; 4782729Sdfrdone2: 4792729Sdfr mtx_unlock(&Giant); 4802729Sdfr return(error); 4812729Sdfr} 48234961Sphk 4832729Sdfr#ifndef _SYS_SYSPROTO_H_ 4842729Sdfrstruct msgget_args { 4852729Sdfr key_t key; 4862729Sdfr int msgflg; 4872729Sdfr}; 4882729Sdfr#endif 4892729Sdfr 4902729Sdfr/* 4912729Sdfr * MPSAFE 49230994Sphk */ 4932729Sdfrint 4942729Sdfrmsgget(td, uap) 4952729Sdfr struct thread *td; 49612866Speter register struct msgget_args *uap; 4972729Sdfr{ 4982729Sdfr int msqid, error = 0; 49912866Speter int key = uap->key; 5002729Sdfr int msgflg = uap->msgflg; 5012729Sdfr struct ucred *cred = td->td_proc->p_ucred; 5022729Sdfr register struct msqid_ds *msqptr = NULL; 50312866Speter 5042729Sdfr#ifdef MSG_DEBUG_OK 50512866Speter printf("msgget(0x%x, 0%o)\n", key, msgflg); 50630994Sphk#endif 5072729Sdfr 5082729Sdfr mtx_lock(&Giant); 5092729Sdfr if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { 5102729Sdfr error = ENOSYS; 51112866Speter goto done2; 5122729Sdfr } 5132729Sdfr 5142729Sdfr if (key != IPC_PRIVATE) { 5152729Sdfr for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 5162729Sdfr msqptr = &msqids[msqid]; 5172729Sdfr if (msqptr->msg_qbytes != 0 && 5182729Sdfr msqptr->msg_perm.key == key) 5192729Sdfr break; 5202729Sdfr } 5212729Sdfr if (msqid < msginfo.msgmni) { 5222729Sdfr#ifdef MSG_DEBUG_OK 5232729Sdfr printf("found public key\n"); 52468024Srwatson#endif 52568024Srwatson if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) { 52668024Srwatson#ifdef MSG_DEBUG_OK 5272729Sdfr printf("not exclusive\n"); 5282729Sdfr#endif 5292729Sdfr error = EEXIST; 5302729Sdfr goto done2; 5312729Sdfr } 5322729Sdfr if ((error = ipcperm(td, &msqptr->msg_perm, msgflg & 0700 ))) { 5332729Sdfr#ifdef MSG_DEBUG_OK 5342729Sdfr printf("requester doesn't have 0%o access\n", 5352729Sdfr msgflg & 0700); 5362729Sdfr#endif 5372729Sdfr goto done2; 5382729Sdfr } 5392729Sdfr goto found; 5402729Sdfr } 5412729Sdfr } 5422729Sdfr 5432729Sdfr#ifdef MSG_DEBUG_OK 5442729Sdfr printf("need to allocate the msqid_ds\n"); 5452729Sdfr#endif 5462729Sdfr if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) { 5472729Sdfr for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 5482729Sdfr /* 5492729Sdfr * Look for an unallocated and unlocked msqid_ds. 5502729Sdfr * msqid_ds's can be locked by msgsnd or msgrcv while 55146116Sphk * they are copying the message in/out. We can't 5522729Sdfr * re-use the entry until they release it. 5532729Sdfr */ 5542729Sdfr msqptr = &msqids[msqid]; 5552729Sdfr if (msqptr->msg_qbytes == 0 && 5562729Sdfr (msqptr->msg_perm.mode & MSG_LOCKED) == 0) 5572729Sdfr break; 5582729Sdfr } 5592729Sdfr if (msqid == msginfo.msgmni) { 5602729Sdfr#ifdef MSG_DEBUG_OK 5612729Sdfr printf("no more msqid_ds's available\n"); 5622729Sdfr#endif 5632729Sdfr error = ENOSPC; 5642729Sdfr goto done2; 5652729Sdfr } 5662729Sdfr#ifdef MSG_DEBUG_OK 5672729Sdfr printf("msqid %d is available\n", msqid); 5682729Sdfr#endif 5692729Sdfr msqptr->msg_perm.key = key; 5702729Sdfr msqptr->msg_perm.cuid = cred->cr_uid; 5712836Sdg msqptr->msg_perm.uid = cred->cr_uid; 5722729Sdfr msqptr->msg_perm.cgid = cred->cr_gid; 5732729Sdfr msqptr->msg_perm.gid = cred->cr_gid; 5742729Sdfr msqptr->msg_perm.mode = (msgflg & 0777); 5752729Sdfr /* Make sure that the returned msqid is unique */ 5762729Sdfr msqptr->msg_perm.seq++; 5772729Sdfr msqptr->msg_first = NULL; 5782729Sdfr msqptr->msg_last = NULL; 5792729Sdfr msqptr->msg_cbytes = 0; 5802729Sdfr msqptr->msg_qnum = 0; 5812729Sdfr msqptr->msg_qbytes = msginfo.msgmnb; 5822729Sdfr msqptr->msg_lspid = 0; 5832729Sdfr msqptr->msg_lrpid = 0; 5842729Sdfr msqptr->msg_stime = 0; 5852729Sdfr msqptr->msg_rtime = 0; 5862729Sdfr msqptr->msg_ctime = time_second; 5872729Sdfr } else { 5882729Sdfr#ifdef MSG_DEBUG_OK 5892729Sdfr printf("didn't find it and wasn't asked to create it\n"); 5902729Sdfr#endif 5912729Sdfr error = ENOENT; 5922729Sdfr goto done2; 5932729Sdfr } 5942729Sdfr 5952729Sdfrfound: 5962729Sdfr /* Construct the unique msqid */ 5972729Sdfr td->td_retval[0] = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm); 5982729Sdfrdone2: 5992729Sdfr mtx_unlock(&Giant); 6002729Sdfr return (error); 6012729Sdfr} 6022729Sdfr 6032729Sdfr#ifndef _SYS_SYSPROTO_H_ 6042729Sdfrstruct msgsnd_args { 6052729Sdfr int msqid; 6062729Sdfr void *msgp; 6072729Sdfr size_t msgsz; 6082729Sdfr int msgflg; 6092729Sdfr}; 6102729Sdfr#endif 6112729Sdfr 6122729Sdfr/* 6132729Sdfr * MPSAFE 6142729Sdfr */ 6152729Sdfrint 6162729Sdfrmsgsnd(td, uap) 6172729Sdfr struct thread *td; 6182729Sdfr register struct msgsnd_args *uap; 6192729Sdfr{ 6202729Sdfr int msqid = uap->msqid; 6212729Sdfr void *user_msgp = uap->msgp; 6222729Sdfr size_t msgsz = uap->msgsz; 6232729Sdfr int msgflg = uap->msgflg; 6242729Sdfr int segs_needed, error = 0; 6252729Sdfr register struct msqid_ds *msqptr; 6262729Sdfr register struct msg *msghdr; 6272729Sdfr short next; 6282729Sdfr 6292729Sdfr#ifdef MSG_DEBUG_OK 6302729Sdfr printf("call to msgsnd(%d, 0x%x, %d, %d)\n", msqid, user_msgp, msgsz, 6312729Sdfr msgflg); 6322729Sdfr#endif 6332729Sdfr mtx_lock(&Giant); 6342729Sdfr if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { 6352729Sdfr error = ENOSYS; 6362729Sdfr goto done2; 6372729Sdfr } 6382729Sdfr 6392729Sdfr msqid = IPCID_TO_IX(msqid); 6402729Sdfr 6412729Sdfr if (msqid < 0 || msqid >= msginfo.msgmni) { 6422729Sdfr#ifdef MSG_DEBUG_OK 6432729Sdfr printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 6442729Sdfr msginfo.msgmni); 6452729Sdfr#endif 6462729Sdfr error = EINVAL; 6472729Sdfr goto done2; 6482729Sdfr } 6492729Sdfr 6502729Sdfr msqptr = &msqids[msqid]; 6512729Sdfr if (msqptr->msg_qbytes == 0) { 6522729Sdfr#ifdef MSG_DEBUG_OK 6532729Sdfr printf("no such message queue id\n"); 6542729Sdfr#endif 6552729Sdfr error = EINVAL; 6562729Sdfr goto done2; 6572729Sdfr } 6582729Sdfr if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 6592729Sdfr#ifdef MSG_DEBUG_OK 6602729Sdfr printf("wrong sequence number\n"); 6612729Sdfr#endif 6622729Sdfr error = EINVAL; 6632729Sdfr goto done2; 6642729Sdfr } 6652729Sdfr 6662729Sdfr if ((error = ipcperm(td, &msqptr->msg_perm, IPC_W))) { 6672729Sdfr#ifdef MSG_DEBUG_OK 6682729Sdfr printf("requester doesn't have write access\n"); 6692729Sdfr#endif 6702729Sdfr goto done2; 6712729Sdfr } 6722729Sdfr 6732729Sdfr segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz; 6742729Sdfr#ifdef MSG_DEBUG_OK 6752729Sdfr printf("msgsz=%d, msgssz=%d, segs_needed=%d\n", msgsz, msginfo.msgssz, 6762729Sdfr segs_needed); 6772729Sdfr#endif 6782729Sdfr for (;;) { 6792729Sdfr int need_more_resources = 0; 6802729Sdfr 6812729Sdfr /* 6822729Sdfr * check msgsz 6832729Sdfr * (inside this loop in case msg_qbytes changes while we sleep) 6842729Sdfr */ 6852729Sdfr 6862729Sdfr if (msgsz > msqptr->msg_qbytes) { 6872729Sdfr#ifdef MSG_DEBUG_OK 6882729Sdfr printf("msgsz > msqptr->msg_qbytes\n"); 6892729Sdfr#endif 6902729Sdfr error = EINVAL; 6912729Sdfr goto done2; 6922729Sdfr } 6932729Sdfr 6942729Sdfr if (msqptr->msg_perm.mode & MSG_LOCKED) { 6952729Sdfr#ifdef MSG_DEBUG_OK 6962729Sdfr printf("msqid is locked\n"); 6972729Sdfr#endif 6982729Sdfr need_more_resources = 1; 6992729Sdfr } 7002729Sdfr if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes) { 7012729Sdfr#ifdef MSG_DEBUG_OK 7022729Sdfr printf("msgsz + msg_cbytes > msg_qbytes\n"); 7032729Sdfr#endif 7042729Sdfr need_more_resources = 1; 7052729Sdfr } 7062729Sdfr if (segs_needed > nfree_msgmaps) { 7072729Sdfr#ifdef MSG_DEBUG_OK 7082729Sdfr printf("segs_needed > nfree_msgmaps\n"); 7092729Sdfr#endif 7102729Sdfr need_more_resources = 1; 7112729Sdfr } 7122729Sdfr if (free_msghdrs == NULL) { 7132729Sdfr#ifdef MSG_DEBUG_OK 7142729Sdfr printf("no more msghdrs\n"); 7152729Sdfr#endif 7162729Sdfr need_more_resources = 1; 7172729Sdfr } 7182729Sdfr 7192729Sdfr if (need_more_resources) { 7202729Sdfr int we_own_it; 7212729Sdfr 7222729Sdfr if ((msgflg & IPC_NOWAIT) != 0) { 7232729Sdfr#ifdef MSG_DEBUG_OK 7242729Sdfr printf("need more resources but caller doesn't want to wait\n"); 7252729Sdfr#endif 7262729Sdfr error = EAGAIN; 7272729Sdfr goto done2; 7282729Sdfr } 7292729Sdfr 7302729Sdfr if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) { 7312729Sdfr#ifdef MSG_DEBUG_OK 7322729Sdfr printf("we don't own the msqid_ds\n"); 73317971Sbde#endif 7342729Sdfr we_own_it = 0; 7352729Sdfr } else { 7362729Sdfr /* Force later arrivals to wait for our 7372729Sdfr request */ 7382729Sdfr#ifdef MSG_DEBUG_OK 7392729Sdfr printf("we own the msqid_ds\n"); 7402729Sdfr#endif 7412729Sdfr msqptr->msg_perm.mode |= MSG_LOCKED; 7422729Sdfr we_own_it = 1; 7432729Sdfr } 7442729Sdfr#ifdef MSG_DEBUG_OK 7452729Sdfr printf("goodnight\n"); 7462729Sdfr#endif 7472729Sdfr error = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, 7482729Sdfr "msgwait", 0); 7492729Sdfr#ifdef MSG_DEBUG_OK 7502729Sdfr printf("good morning, error=%d\n", error); 7512729Sdfr#endif 7522729Sdfr if (we_own_it) 7532729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 7542729Sdfr if (error != 0) { 7552729Sdfr#ifdef MSG_DEBUG_OK 7562729Sdfr printf("msgsnd: interrupted system call\n"); 7572729Sdfr#endif 7582729Sdfr error = EINTR; 7592729Sdfr goto done2; 7602729Sdfr } 7612729Sdfr 7622729Sdfr /* 7632729Sdfr * Make sure that the msq queue still exists 7642729Sdfr */ 7652729Sdfr 7662729Sdfr if (msqptr->msg_qbytes == 0) { 7672729Sdfr#ifdef MSG_DEBUG_OK 7682729Sdfr printf("msqid deleted\n"); 7692729Sdfr#endif 7702729Sdfr error = EIDRM; 7712729Sdfr goto done2; 7722729Sdfr } 7732729Sdfr 7742729Sdfr } else { 77517971Sbde#ifdef MSG_DEBUG_OK 7762729Sdfr printf("got all the resources that we need\n"); 7772729Sdfr#endif 7782729Sdfr break; 7792729Sdfr } 7802729Sdfr } 7812729Sdfr 7822729Sdfr /* 7832729Sdfr * We have the resources that we need. 7842729Sdfr * Make sure! 7852729Sdfr */ 7862729Sdfr 7872729Sdfr if (msqptr->msg_perm.mode & MSG_LOCKED) 7882729Sdfr panic("msg_perm.mode & MSG_LOCKED"); 7892729Sdfr if (segs_needed > nfree_msgmaps) 7902729Sdfr panic("segs_needed > nfree_msgmaps"); 7912729Sdfr if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes) 7922729Sdfr panic("msgsz + msg_cbytes > msg_qbytes"); 7932729Sdfr if (free_msghdrs == NULL) 7942729Sdfr panic("no more msghdrs"); 7952729Sdfr 7962729Sdfr /* 7972729Sdfr * Re-lock the msqid_ds in case we page-fault when copying in the 7982729Sdfr * message 7992729Sdfr */ 8002729Sdfr 8012729Sdfr if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) 8022729Sdfr panic("msqid_ds is already locked"); 8032729Sdfr msqptr->msg_perm.mode |= MSG_LOCKED; 8042729Sdfr 8052729Sdfr /* 8062729Sdfr * Allocate a message header 8072729Sdfr */ 8082729Sdfr 8092729Sdfr msghdr = free_msghdrs; 8102729Sdfr free_msghdrs = msghdr->msg_next; 8112729Sdfr msghdr->msg_spot = -1; 8122729Sdfr msghdr->msg_ts = msgsz; 81334961Sphk 8142729Sdfr /* 8152729Sdfr * Allocate space for the message 81630994Sphk */ 8172729Sdfr 8182729Sdfr while (segs_needed > 0) { 8192729Sdfr if (nfree_msgmaps <= 0) 82012866Speter panic("not enough msgmaps"); 8212729Sdfr if (free_msgmaps == -1) 8222729Sdfr panic("nil free_msgmaps"); 8232729Sdfr next = free_msgmaps; 8242729Sdfr if (next <= -1) 8252729Sdfr panic("next too low #1"); 8262729Sdfr if (next >= msginfo.msgseg) 8272729Sdfr panic("next out of range #1"); 82812866Speter#ifdef MSG_DEBUG_OK 8292729Sdfr printf("allocating segment %d to message\n", next); 83012866Speter#endif 83130994Sphk free_msgmaps = msgmaps[next].next; 8322729Sdfr nfree_msgmaps--; 8332729Sdfr msgmaps[next].next = msghdr->msg_spot; 8342729Sdfr msghdr->msg_spot = next; 8352729Sdfr segs_needed--; 8362729Sdfr } 8372729Sdfr 8382729Sdfr /* 8392729Sdfr * Copy in the message type 8402729Sdfr */ 8412729Sdfr 8422729Sdfr if ((error = copyin(user_msgp, &msghdr->msg_type, 8432729Sdfr sizeof(msghdr->msg_type))) != 0) { 8442729Sdfr#ifdef MSG_DEBUG_OK 8452729Sdfr printf("error %d copying the message type\n", error); 8462729Sdfr#endif 8472729Sdfr msg_freehdr(msghdr); 8482729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 8492729Sdfr wakeup((caddr_t)msqptr); 8502729Sdfr goto done2; 85168024Srwatson } 85268024Srwatson user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type); 85368024Srwatson 8542729Sdfr /* 8552729Sdfr * Validate the message type 8562729Sdfr */ 8572729Sdfr 8582729Sdfr if (msghdr->msg_type < 1) { 8592729Sdfr msg_freehdr(msghdr); 8602729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 8612729Sdfr wakeup((caddr_t)msqptr); 8622729Sdfr#ifdef MSG_DEBUG_OK 8632729Sdfr printf("mtype (%d) < 1\n", msghdr->msg_type); 8642729Sdfr#endif 8652729Sdfr error = EINVAL; 8662729Sdfr goto done2; 8672729Sdfr } 8682729Sdfr 8692729Sdfr /* 8702729Sdfr * Copy in the message body 8712729Sdfr */ 8722729Sdfr 8732729Sdfr next = msghdr->msg_spot; 8742729Sdfr while (msgsz > 0) { 8752729Sdfr size_t tlen; 8762729Sdfr if (msgsz > msginfo.msgssz) 8772729Sdfr tlen = msginfo.msgssz; 87846116Sphk else 8792729Sdfr tlen = msgsz; 8802729Sdfr if (next <= -1) 8812729Sdfr panic("next too low #2"); 8822729Sdfr if (next >= msginfo.msgseg) 8832729Sdfr panic("next out of range #2"); 8842729Sdfr if ((error = copyin(user_msgp, &msgpool[next * msginfo.msgssz], 8852729Sdfr tlen)) != 0) { 8862729Sdfr#ifdef MSG_DEBUG_OK 8872729Sdfr printf("error %d copying in message segment\n", error); 8882729Sdfr#endif 8892729Sdfr msg_freehdr(msghdr); 8902729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 8912729Sdfr wakeup((caddr_t)msqptr); 8922729Sdfr goto done2; 8932729Sdfr } 8942729Sdfr msgsz -= tlen; 8952729Sdfr user_msgp = (char *)user_msgp + tlen; 8962729Sdfr next = msgmaps[next].next; 8972729Sdfr } 8982729Sdfr if (next != -1) 8992729Sdfr panic("didn't use all the msg segments"); 9002729Sdfr 9012729Sdfr /* 9022729Sdfr * We've got the message. Unlock the msqid_ds. 9032729Sdfr */ 9042729Sdfr 9052729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 9062729Sdfr 9072729Sdfr /* 9082729Sdfr * Make sure that the msqid_ds is still allocated. 9092729Sdfr */ 9102729Sdfr 9112729Sdfr if (msqptr->msg_qbytes == 0) { 9122729Sdfr msg_freehdr(msghdr); 9132729Sdfr wakeup((caddr_t)msqptr); 9142729Sdfr error = EIDRM; 9152729Sdfr goto done2; 9162729Sdfr } 9172729Sdfr 9182729Sdfr /* 9192729Sdfr * Put the message into the queue 9202729Sdfr */ 9212729Sdfr 9222729Sdfr if (msqptr->msg_first == NULL) { 9232729Sdfr msqptr->msg_first = msghdr; 9242729Sdfr msqptr->msg_last = msghdr; 9252729Sdfr } else { 9262729Sdfr msqptr->msg_last->msg_next = msghdr; 9272729Sdfr msqptr->msg_last = msghdr; 9282729Sdfr } 9292729Sdfr msqptr->msg_last->msg_next = NULL; 9302729Sdfr 9312729Sdfr msqptr->msg_cbytes += msghdr->msg_ts; 9322729Sdfr msqptr->msg_qnum++; 9332729Sdfr msqptr->msg_lspid = td->td_proc->p_pid; 9342729Sdfr msqptr->msg_stime = time_second; 9352729Sdfr 9362729Sdfr wakeup((caddr_t)msqptr); 9372729Sdfr td->td_retval[0] = 0; 9382729Sdfrdone2: 9392729Sdfr mtx_unlock(&Giant); 9402729Sdfr return (error); 9412729Sdfr} 9422729Sdfr 9432729Sdfr#ifndef _SYS_SYSPROTO_H_ 9442729Sdfrstruct msgrcv_args { 9452729Sdfr int msqid; 9462729Sdfr void *msgp; 9472729Sdfr size_t msgsz; 9482729Sdfr long msgtyp; 9492729Sdfr int msgflg; 9502729Sdfr}; 9512729Sdfr#endif 9522729Sdfr 9532729Sdfr/* 9542729Sdfr * MPSAFE 9552729Sdfr */ 9562729Sdfrint 9572729Sdfrmsgrcv(td, uap) 9582729Sdfr struct thread *td; 9592729Sdfr register struct msgrcv_args *uap; 9602729Sdfr{ 9612729Sdfr int msqid = uap->msqid; 9622729Sdfr void *user_msgp = uap->msgp; 9632729Sdfr size_t msgsz = uap->msgsz; 9642729Sdfr long msgtyp = uap->msgtyp; 9652729Sdfr int msgflg = uap->msgflg; 9662729Sdfr size_t len; 9672729Sdfr register struct msqid_ds *msqptr; 9682729Sdfr register struct msg *msghdr; 9692729Sdfr int error = 0; 9702729Sdfr short next; 9712729Sdfr 9722729Sdfr#ifdef MSG_DEBUG_OK 9732729Sdfr printf("call to msgrcv(%d, 0x%x, %d, %ld, %d)\n", msqid, user_msgp, 9742729Sdfr msgsz, msgtyp, msgflg); 9752729Sdfr#endif 9762729Sdfr 9772729Sdfr mtx_lock(&Giant); 9782729Sdfr if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { 9792729Sdfr error = ENOSYS; 9802729Sdfr goto done2; 9812729Sdfr } 9822729Sdfr 9832729Sdfr msqid = IPCID_TO_IX(msqid); 9842729Sdfr 9852729Sdfr if (msqid < 0 || msqid >= msginfo.msgmni) { 9862729Sdfr#ifdef MSG_DEBUG_OK 9872729Sdfr printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 9882729Sdfr msginfo.msgmni); 9892729Sdfr#endif 9902729Sdfr error = EINVAL; 9912729Sdfr goto done2; 9922729Sdfr } 9932729Sdfr 9942729Sdfr msqptr = &msqids[msqid]; 9952729Sdfr if (msqptr->msg_qbytes == 0) { 9962729Sdfr#ifdef MSG_DEBUG_OK 9972729Sdfr printf("no such message queue id\n"); 9982729Sdfr#endif 9992729Sdfr error = EINVAL; 10002729Sdfr goto done2; 10012729Sdfr } 10022729Sdfr if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 10032729Sdfr#ifdef MSG_DEBUG_OK 10042729Sdfr printf("wrong sequence number\n"); 10052729Sdfr#endif 10062729Sdfr error = EINVAL; 10072729Sdfr goto done2; 10082729Sdfr } 10092729Sdfr 10102729Sdfr if ((error = ipcperm(td, &msqptr->msg_perm, IPC_R))) { 10112729Sdfr#ifdef MSG_DEBUG_OK 10122729Sdfr printf("requester doesn't have read access\n"); 10132729Sdfr#endif 10142729Sdfr goto done2; 10152729Sdfr } 10162729Sdfr 10172729Sdfr msghdr = NULL; 10182729Sdfr while (msghdr == NULL) { 10192729Sdfr if (msgtyp == 0) { 10202729Sdfr msghdr = msqptr->msg_first; 10212729Sdfr if (msghdr != NULL) { 10222729Sdfr if (msgsz < msghdr->msg_ts && 10232729Sdfr (msgflg & MSG_NOERROR) == 0) { 10242729Sdfr#ifdef MSG_DEBUG_OK 10252729Sdfr printf("first message on the queue is too big (want %d, got %d)\n", 10262729Sdfr msgsz, msghdr->msg_ts); 10272729Sdfr#endif 10282729Sdfr error = E2BIG; 10292729Sdfr goto done2; 10302729Sdfr } 103134961Sphk if (msqptr->msg_first == msqptr->msg_last) { 10322729Sdfr msqptr->msg_first = NULL; 10332729Sdfr msqptr->msg_last = NULL; 10342729Sdfr } else { 10352729Sdfr msqptr->msg_first = msghdr->msg_next; 10362729Sdfr if (msqptr->msg_first == NULL) 10372729Sdfr panic("msg_first/last screwed up #1"); 10382729Sdfr } 10392729Sdfr } 10402729Sdfr } else { 10412729Sdfr struct msg *previous; 10422729Sdfr struct msg **prev; 10432729Sdfr 10442729Sdfr previous = NULL; 10452729Sdfr prev = &(msqptr->msg_first); 10462729Sdfr while ((msghdr = *prev) != NULL) { 10472729Sdfr /* 10482729Sdfr * Is this message's type an exact match or is 10492729Sdfr * this message's type less than or equal to 10502729Sdfr * the absolute value of a negative msgtyp? 10512729Sdfr * Note that the second half of this test can 10522729Sdfr * NEVER be true if msgtyp is positive since 10532729Sdfr * msg_type is always positive! 10542729Sdfr */ 10552729Sdfr 10562729Sdfr if (msgtyp == msghdr->msg_type || 10572729Sdfr msghdr->msg_type <= -msgtyp) { 10582729Sdfr#ifdef MSG_DEBUG_OK 10592729Sdfr printf("found message type %d, requested %d\n", 106017971Sbde msghdr->msg_type, msgtyp); 10612729Sdfr#endif 10622729Sdfr if (msgsz < msghdr->msg_ts && 10632729Sdfr (msgflg & MSG_NOERROR) == 0) { 10642729Sdfr#ifdef MSG_DEBUG_OK 10652729Sdfr printf("requested message on the queue is too big (want %d, got %d)\n", 10662729Sdfr msgsz, msghdr->msg_ts); 10672729Sdfr#endif 10682729Sdfr error = E2BIG; 10692729Sdfr goto done2; 107045921Ssada } 10712729Sdfr *prev = msghdr->msg_next; 10722729Sdfr if (msghdr == msqptr->msg_last) { 107345921Ssada if (previous == NULL) { 10742729Sdfr if (prev != 10752729Sdfr &msqptr->msg_first) 10762729Sdfr panic("msg_first/last screwed up #2"); 10772729Sdfr msqptr->msg_first = 10782729Sdfr NULL; 10792729Sdfr msqptr->msg_last = 10802729Sdfr NULL; 10812729Sdfr } else { 10822729Sdfr if (prev == 10832729Sdfr &msqptr->msg_first) 10842729Sdfr panic("msg_first/last screwed up #3"); 10852729Sdfr msqptr->msg_last = 10862729Sdfr previous; 10872729Sdfr } 10882729Sdfr } 108917971Sbde break; 10902729Sdfr } 10912729Sdfr previous = msghdr; 10922729Sdfr prev = &(msghdr->msg_next); 10932729Sdfr } 10942729Sdfr } 10952729Sdfr 10962729Sdfr /* 10972729Sdfr * We've either extracted the msghdr for the appropriate 10982729Sdfr * message or there isn't one. 109930994Sphk * If there is one then bail out of this loop. 11002729Sdfr */ 11012729Sdfr 1102 if (msghdr != NULL) 1103 break; 1104 1105 /* 1106 * Hmph! No message found. Does the user want to wait? 1107 */ 1108 1109 if ((msgflg & IPC_NOWAIT) != 0) { 1110#ifdef MSG_DEBUG_OK 1111 printf("no appropriate message found (msgtyp=%d)\n", 1112 msgtyp); 1113#endif 1114 /* The SVID says to return ENOMSG. */ 1115 error = ENOMSG; 1116 goto done2; 1117 } 1118 1119 /* 1120 * Wait for something to happen 1121 */ 1122 1123#ifdef MSG_DEBUG_OK 1124 printf("msgrcv: goodnight\n"); 1125#endif 1126 error = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, "msgwait", 1127 0); 1128#ifdef MSG_DEBUG_OK 1129 printf("msgrcv: good morning (error=%d)\n", error); 1130#endif 1131 1132 if (error != 0) { 1133#ifdef MSG_DEBUG_OK 1134 printf("msgsnd: interrupted system call\n"); 1135#endif 1136 error = EINTR; 1137 goto done2; 1138 } 1139 1140 /* 1141 * Make sure that the msq queue still exists 1142 */ 1143 1144 if (msqptr->msg_qbytes == 0 || 1145 msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 1146#ifdef MSG_DEBUG_OK 1147 printf("msqid deleted\n"); 1148#endif 1149 error = EIDRM; 1150 goto done2; 1151 } 1152 } 1153 1154 /* 1155 * Return the message to the user. 1156 * 1157 * First, do the bookkeeping (before we risk being interrupted). 1158 */ 1159 1160 msqptr->msg_cbytes -= msghdr->msg_ts; 1161 msqptr->msg_qnum--; 1162 msqptr->msg_lrpid = td->td_proc->p_pid; 1163 msqptr->msg_rtime = time_second; 1164 1165 /* 1166 * Make msgsz the actual amount that we'll be returning. 1167 * Note that this effectively truncates the message if it is too long 1168 * (since msgsz is never increased). 1169 */ 1170 1171#ifdef MSG_DEBUG_OK 1172 printf("found a message, msgsz=%d, msg_ts=%d\n", msgsz, 1173 msghdr->msg_ts); 1174#endif 1175 if (msgsz > msghdr->msg_ts) 1176 msgsz = msghdr->msg_ts; 1177 1178 /* 1179 * Return the type to the user. 1180 */ 1181 1182 error = copyout((caddr_t)&(msghdr->msg_type), user_msgp, 1183 sizeof(msghdr->msg_type)); 1184 if (error != 0) { 1185#ifdef MSG_DEBUG_OK 1186 printf("error (%d) copying out message type\n", error); 1187#endif 1188 msg_freehdr(msghdr); 1189 wakeup((caddr_t)msqptr); 1190 goto done2; 1191 } 1192 user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type); 1193 1194 /* 1195 * Return the segments to the user 1196 */ 1197 1198 next = msghdr->msg_spot; 1199 for (len = 0; len < msgsz; len += msginfo.msgssz) { 1200 size_t tlen; 1201 1202 if (msgsz - len > msginfo.msgssz) 1203 tlen = msginfo.msgssz; 1204 else 1205 tlen = msgsz - len; 1206 if (next <= -1) 1207 panic("next too low #3"); 1208 if (next >= msginfo.msgseg) 1209 panic("next out of range #3"); 1210 error = copyout((caddr_t)&msgpool[next * msginfo.msgssz], 1211 user_msgp, tlen); 1212 if (error != 0) { 1213#ifdef MSG_DEBUG_OK 1214 printf("error (%d) copying out message segment\n", 1215 error); 1216#endif 1217 msg_freehdr(msghdr); 1218 wakeup((caddr_t)msqptr); 1219 goto done2; 1220 } 1221 user_msgp = (char *)user_msgp + tlen; 1222 next = msgmaps[next].next; 1223 } 1224 1225 /* 1226 * Done, return the actual number of bytes copied out. 1227 */ 1228 1229 msg_freehdr(msghdr); 1230 wakeup((caddr_t)msqptr); 1231 td->td_retval[0] = msgsz; 1232done2: 1233 mtx_unlock(&Giant); 1234 return (error); 1235} 1236 1237static int 1238sysctl_msqids(SYSCTL_HANDLER_ARGS) 1239{ 1240 1241 return (SYSCTL_OUT(req, msqids, 1242 sizeof(struct msqid_ds) * msginfo.msgmni)); 1243} 1244 1245SYSCTL_DECL(_kern_ipc); 1246SYSCTL_INT(_kern_ipc, OID_AUTO, msgmax, CTLFLAG_RD, &msginfo.msgmax, 0, ""); 1247SYSCTL_INT(_kern_ipc, OID_AUTO, msgmni, CTLFLAG_RD, &msginfo.msgmni, 0, ""); 1248SYSCTL_INT(_kern_ipc, OID_AUTO, msgmnb, CTLFLAG_RD, &msginfo.msgmnb, 0, ""); 1249SYSCTL_INT(_kern_ipc, OID_AUTO, msgtql, CTLFLAG_RD, &msginfo.msgtql, 0, ""); 1250SYSCTL_INT(_kern_ipc, OID_AUTO, msgssz, CTLFLAG_RD, &msginfo.msgssz, 0, ""); 1251SYSCTL_INT(_kern_ipc, OID_AUTO, msgseg, CTLFLAG_RD, &msginfo.msgseg, 0, "") 1252SYSCTL_PROC(_kern_ipc, OID_AUTO, msqids, CTLFLAG_RD, 1253 NULL, 0, sysctl_msqids, "", "Message queue IDs"); 1254