sysv_msg.c revision 10358
110358Sjulian/* $Id: sysv_msg.c,v 1.5 1995/07/29 11:40:13 bde Exp $ */ 22729Sdfr 32729Sdfr/* 42729Sdfr * Implementation of SVID messages 52729Sdfr * 62729Sdfr * Author: Daniel Boulet 72729Sdfr * 82729Sdfr * Copyright 1993 Daniel Boulet and RTMX Inc. 92729Sdfr * 102729Sdfr * This system call was implemented by Daniel Boulet under contract from RTMX. 112729Sdfr * 122729Sdfr * Redistribution and use in source forms, with and without modification, 132729Sdfr * are permitted provided that this entire comment appears intact. 142729Sdfr * 152729Sdfr * Redistribution in binary form may occur without any restrictions. 162729Sdfr * Obviously, it would be nice if you gave credit where credit is due 172729Sdfr * but requiring it would be too onerous. 182729Sdfr * 192729Sdfr * This software is provided ``AS IS'' without any warranties of any kind. 202729Sdfr */ 212729Sdfr 222729Sdfr#include <sys/param.h> 232729Sdfr#include <sys/systm.h> 242729Sdfr#include <sys/kernel.h> 252729Sdfr#include <sys/proc.h> 262729Sdfr#include <sys/msg.h> 272729Sdfr#include <sys/malloc.h> 282729Sdfr 2910358Sjulian/* 3010358Sjulian * System initialization 3110358Sjulian */ 3210358Sjulian 3310358Sjulianextern void msginit(); /* should be static*/ 3410358SjulianSYSINIT(sysv_msg, SI_SUB_SYSV_MSG, SI_ORDER_FIRST, msginit, NULL) 3510358Sjulian 362729Sdfr#define MSG_DEBUG 372729Sdfr#undef MSG_DEBUG_OK 382729Sdfr 392729Sdfrstatic int msgctl(), msgget(), msgsnd(), msgrcv(); 402729Sdfr 412729Sdfrint (*msgcalls[])() = { msgctl, msgget, msgsnd, msgrcv }; 422729Sdfr 432729Sdfrint nfree_msgmaps; /* # of free map entries */ 442729Sdfrshort free_msgmaps; /* head of linked list of free map entries */ 452729Sdfrstruct msg *free_msghdrs; /* list of free msg headers */ 469759Sbdechar *msgpool; /* MSGMAX byte long msg buffer pool */ 479759Sbdestruct msgmap *msgmaps; /* MSGSEG msgmap structures */ 489759Sbdestruct msg *msghdrs; /* MSGTQL msg headers */ 499759Sbdestruct msqid_ds *msqids; /* MSGMNI msqid_ds struct's */ 502729Sdfr 512836Sdgvoid 522729Sdfrmsginit() 532729Sdfr{ 542729Sdfr register int i; 552729Sdfr 562729Sdfr /* 572729Sdfr * msginfo.msgssz should be a power of two for efficiency reasons. 582729Sdfr * It is also pretty silly if msginfo.msgssz is less than 8 592729Sdfr * or greater than about 256 so ... 602729Sdfr */ 612729Sdfr 622729Sdfr i = 8; 632729Sdfr while (i < 1024 && i != msginfo.msgssz) 642729Sdfr i <<= 1; 652729Sdfr if (i != msginfo.msgssz) { 662729Sdfr printf("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz, 672729Sdfr msginfo.msgssz); 682729Sdfr panic("msginfo.msgssz not a small power of 2"); 692729Sdfr } 702729Sdfr 712729Sdfr if (msginfo.msgseg > 32767) { 722729Sdfr printf("msginfo.msgseg=%d\n", msginfo.msgseg); 732729Sdfr panic("msginfo.msgseg > 32767"); 742729Sdfr } 752729Sdfr 762729Sdfr if (msgmaps == NULL) 772729Sdfr panic("msgmaps is NULL"); 782729Sdfr 792729Sdfr for (i = 0; i < msginfo.msgseg; i++) { 802729Sdfr if (i > 0) 812729Sdfr msgmaps[i-1].next = i; 822729Sdfr msgmaps[i].next = -1; /* implies entry is available */ 832729Sdfr } 842729Sdfr free_msgmaps = 0; 852729Sdfr nfree_msgmaps = msginfo.msgseg; 862729Sdfr 872729Sdfr if (msghdrs == NULL) 882729Sdfr panic("msghdrs is NULL"); 892729Sdfr 902729Sdfr for (i = 0; i < msginfo.msgtql; i++) { 912729Sdfr msghdrs[i].msg_type = 0; 922729Sdfr if (i > 0) 932729Sdfr msghdrs[i-1].msg_next = &msghdrs[i]; 942729Sdfr msghdrs[i].msg_next = NULL; 952729Sdfr } 962729Sdfr free_msghdrs = &msghdrs[0]; 972729Sdfr 982729Sdfr if (msqids == NULL) 992729Sdfr panic("msqids is NULL"); 1002729Sdfr 1012729Sdfr for (i = 0; i < msginfo.msgmni; i++) { 1022729Sdfr msqids[i].msg_qbytes = 0; /* implies entry is available */ 1032729Sdfr msqids[i].msg_perm.seq = 0; /* reset to a known value */ 1042729Sdfr } 1052729Sdfr} 1062729Sdfr 1072729Sdfr/* 1082729Sdfr * Entry point for all MSG calls 1092729Sdfr */ 1102729Sdfr 1112729Sdfrstruct msgsys_args { 1122729Sdfr u_int which; 1132729Sdfr}; 1142729Sdfr 1152729Sdfrint 1162729Sdfrmsgsys(p, uap, retval) 1172729Sdfr struct caller *p; 1182729Sdfr struct msgsys_args *uap; 1192729Sdfr int *retval; 1202729Sdfr{ 1212729Sdfr 1222729Sdfr if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0])) 1232729Sdfr return (EINVAL); 1242729Sdfr return ((*msgcalls[uap->which])(p, &uap[1], retval)); 1252729Sdfr} 1262729Sdfr 1272729Sdfrstatic void 1282729Sdfrmsg_freehdr(msghdr) 1292729Sdfr struct msg *msghdr; 1302729Sdfr{ 1312729Sdfr while (msghdr->msg_ts > 0) { 1322729Sdfr short next; 1332729Sdfr if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg) 1342729Sdfr panic("msghdr->msg_spot out of range"); 1352729Sdfr next = msgmaps[msghdr->msg_spot].next; 1362729Sdfr msgmaps[msghdr->msg_spot].next = free_msgmaps; 1372729Sdfr free_msgmaps = msghdr->msg_spot; 1382729Sdfr nfree_msgmaps++; 1392729Sdfr msghdr->msg_spot = next; 1402729Sdfr if (msghdr->msg_ts >= msginfo.msgssz) 1412729Sdfr msghdr->msg_ts -= msginfo.msgssz; 1422729Sdfr else 1432729Sdfr msghdr->msg_ts = 0; 1442729Sdfr } 1452729Sdfr if (msghdr->msg_spot != -1) 1462729Sdfr panic("msghdr->msg_spot != -1"); 1472729Sdfr msghdr->msg_next = free_msghdrs; 1482729Sdfr free_msghdrs = msghdr; 1492729Sdfr} 1502729Sdfr 1512729Sdfrstruct msgctl_args { 1522729Sdfr int msqid; 1532729Sdfr int cmd; 1542729Sdfr struct msqid_ds *user_msqptr; 1552729Sdfr}; 1562729Sdfr 1572729Sdfrint 1582729Sdfrmsgctl(p, uap, retval) 1592729Sdfr struct proc *p; 1602729Sdfr register struct msgctl_args *uap; 1612729Sdfr int *retval; 1622729Sdfr{ 1632729Sdfr int msqid = uap->msqid; 1642729Sdfr int cmd = uap->cmd; 1652729Sdfr struct msqid_ds *user_msqptr = uap->user_msqptr; 1662729Sdfr struct ucred *cred = p->p_ucred; 1673308Sphk int rval, eval; 1682729Sdfr struct msqid_ds msqbuf; 1692729Sdfr register struct msqid_ds *msqptr; 1702729Sdfr 1712729Sdfr#ifdef MSG_DEBUG_OK 1722729Sdfr printf("call to msgctl(%d, %d, 0x%x)\n", msqid, cmd, user_msqptr); 1732729Sdfr#endif 1742729Sdfr 1752729Sdfr msqid = IPCID_TO_IX(msqid); 1762729Sdfr 1772729Sdfr if (msqid < 0 || msqid >= msginfo.msgmni) { 1782729Sdfr#ifdef MSG_DEBUG_OK 1792729Sdfr printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 1802729Sdfr msginfo.msgmni); 1812729Sdfr#endif 1822729Sdfr return(EINVAL); 1832729Sdfr } 1842729Sdfr 1852729Sdfr msqptr = &msqids[msqid]; 1862729Sdfr 1872729Sdfr if (msqptr->msg_qbytes == 0) { 1882729Sdfr#ifdef MSG_DEBUG_OK 1892729Sdfr printf("no such msqid\n"); 1902729Sdfr#endif 1912729Sdfr return(EINVAL); 1922729Sdfr } 1932729Sdfr if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 1942729Sdfr#ifdef MSG_DEBUG_OK 1952729Sdfr printf("wrong sequence number\n"); 1962729Sdfr#endif 1972729Sdfr return(EINVAL); 1982729Sdfr } 1992729Sdfr 2002729Sdfr eval = 0; 2012729Sdfr rval = 0; 2022729Sdfr 2032729Sdfr switch (cmd) { 2042729Sdfr 2052729Sdfr case IPC_RMID: 2062729Sdfr { 2072729Sdfr struct msg *msghdr; 2082729Sdfr if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_M))) 2092729Sdfr return(eval); 2102729Sdfr /* Free the message headers */ 2112729Sdfr msghdr = msqptr->msg_first; 2122729Sdfr while (msghdr != NULL) { 2132729Sdfr struct msg *msghdr_tmp; 2142729Sdfr 2152729Sdfr /* Free the segments of each message */ 2162729Sdfr msqptr->msg_cbytes -= msghdr->msg_ts; 2172729Sdfr msqptr->msg_qnum--; 2182729Sdfr msghdr_tmp = msghdr; 2192729Sdfr msghdr = msghdr->msg_next; 2202729Sdfr msg_freehdr(msghdr_tmp); 2212729Sdfr } 2222729Sdfr 2232729Sdfr if (msqptr->msg_cbytes != 0) 2242729Sdfr panic("msg_cbytes is screwed up"); 2252729Sdfr if (msqptr->msg_qnum != 0) 2262729Sdfr panic("msg_qnum is screwed up"); 2272729Sdfr 2282729Sdfr msqptr->msg_qbytes = 0; /* Mark it as free */ 2292729Sdfr 2302729Sdfr wakeup((caddr_t)msqptr); 2312729Sdfr } 2322729Sdfr 2332729Sdfr break; 2342729Sdfr 2352729Sdfr case IPC_SET: 2362729Sdfr if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_M))) 2372729Sdfr return(eval); 2382729Sdfr if ((eval = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0) 2392729Sdfr return(eval); 2402729Sdfr if (msqbuf.msg_qbytes > msqptr->msg_qbytes && cred->cr_uid != 0) 2412729Sdfr return(EPERM); 2422729Sdfr if (msqbuf.msg_qbytes > msginfo.msgmnb) { 2432729Sdfr#ifdef MSG_DEBUG_OK 2442729Sdfr printf("can't increase msg_qbytes beyond %d (truncating)\n", 2452729Sdfr msginfo.msgmnb); 2462729Sdfr#endif 2472729Sdfr msqbuf.msg_qbytes = msginfo.msgmnb; /* silently restrict qbytes to system limit */ 2482729Sdfr } 2492729Sdfr if (msqbuf.msg_qbytes == 0) { 2502729Sdfr#ifdef MSG_DEBUG_OK 2512729Sdfr printf("can't reduce msg_qbytes to 0\n"); 2522729Sdfr#endif 2532729Sdfr return(EINVAL); /* non-standard errno! */ 2542729Sdfr } 2552729Sdfr msqptr->msg_perm.uid = msqbuf.msg_perm.uid; /* change the owner */ 2562729Sdfr msqptr->msg_perm.gid = msqbuf.msg_perm.gid; /* change the owner */ 2572729Sdfr msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) | 2582729Sdfr (msqbuf.msg_perm.mode & 0777); 2592729Sdfr msqptr->msg_qbytes = msqbuf.msg_qbytes; 2602729Sdfr msqptr->msg_ctime = time.tv_sec; 2612729Sdfr break; 2622729Sdfr 2632729Sdfr case IPC_STAT: 2642729Sdfr if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 2652729Sdfr#ifdef MSG_DEBUG_OK 2662729Sdfr printf("requester doesn't have read access\n"); 2672729Sdfr#endif 2682729Sdfr return(eval); 2692729Sdfr } 2702729Sdfr eval = copyout((caddr_t)msqptr, user_msqptr, 2712729Sdfr sizeof(struct msqid_ds)); 2722729Sdfr break; 2732729Sdfr 2742729Sdfr default: 2752729Sdfr#ifdef MSG_DEBUG_OK 2762729Sdfr printf("invalid command %d\n", cmd); 2772729Sdfr#endif 2782729Sdfr return(EINVAL); 2792729Sdfr } 2802729Sdfr 2812729Sdfr if (eval == 0) 2822729Sdfr *retval = rval; 2832729Sdfr return(eval); 2842729Sdfr} 2852729Sdfr 2862729Sdfrstruct msgget_args { 2872729Sdfr key_t key; 2882729Sdfr int msgflg; 2892729Sdfr}; 2902729Sdfr 2912729Sdfrint 2922729Sdfrmsgget(p, uap, retval) 2932729Sdfr struct proc *p; 2942729Sdfr register struct msgget_args *uap; 2952729Sdfr int *retval; 2962729Sdfr{ 2972729Sdfr int msqid, eval; 2982729Sdfr int key = uap->key; 2992729Sdfr int msgflg = uap->msgflg; 3002729Sdfr struct ucred *cred = p->p_ucred; 3012836Sdg register struct msqid_ds *msqptr = NULL; 3022729Sdfr 3032729Sdfr#ifdef MSG_DEBUG_OK 3042729Sdfr printf("msgget(0x%x, 0%o)\n", key, msgflg); 3052729Sdfr#endif 3062729Sdfr 3072729Sdfr if (key != IPC_PRIVATE) { 3082729Sdfr for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 3092729Sdfr msqptr = &msqids[msqid]; 3102729Sdfr if (msqptr->msg_qbytes != 0 && 3112729Sdfr msqptr->msg_perm.key == key) 3122729Sdfr break; 3132729Sdfr } 3142729Sdfr if (msqid < msginfo.msgmni) { 3152729Sdfr#ifdef MSG_DEBUG_OK 3162729Sdfr printf("found public key\n"); 3172729Sdfr#endif 3182729Sdfr if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) { 3192729Sdfr#ifdef MSG_DEBUG_OK 3202729Sdfr printf("not exclusive\n"); 3212729Sdfr#endif 3222729Sdfr return(EEXIST); 3232729Sdfr } 3242729Sdfr if ((eval = ipcperm(cred, &msqptr->msg_perm, msgflg & 0700 ))) { 3252729Sdfr#ifdef MSG_DEBUG_OK 3262729Sdfr printf("requester doesn't have 0%o access\n", 3272729Sdfr msgflg & 0700); 3282729Sdfr#endif 3292729Sdfr return(eval); 3302729Sdfr } 3312729Sdfr goto found; 3322729Sdfr } 3332729Sdfr } 3342729Sdfr 3352729Sdfr#ifdef MSG_DEBUG_OK 3362729Sdfr printf("need to allocate the msqid_ds\n"); 3372729Sdfr#endif 3382729Sdfr if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) { 3392729Sdfr for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 3402729Sdfr /* 3412729Sdfr * Look for an unallocated and unlocked msqid_ds. 3422729Sdfr * msqid_ds's can be locked by msgsnd or msgrcv while 3432729Sdfr * they are copying the message in/out. We can't 3442729Sdfr * re-use the entry until they release it. 3452729Sdfr */ 3462729Sdfr msqptr = &msqids[msqid]; 3472729Sdfr if (msqptr->msg_qbytes == 0 && 3482729Sdfr (msqptr->msg_perm.mode & MSG_LOCKED) == 0) 3492729Sdfr break; 3502729Sdfr } 3512729Sdfr if (msqid == msginfo.msgmni) { 3522729Sdfr#ifdef MSG_DEBUG_OK 3532729Sdfr printf("no more msqid_ds's available\n"); 3542729Sdfr#endif 3558876Srgrimes return(ENOSPC); 3562729Sdfr } 3572729Sdfr#ifdef MSG_DEBUG_OK 3582729Sdfr printf("msqid %d is available\n", msqid); 3592729Sdfr#endif 3602729Sdfr msqptr->msg_perm.key = key; 3612729Sdfr msqptr->msg_perm.cuid = cred->cr_uid; 3622729Sdfr msqptr->msg_perm.uid = cred->cr_uid; 3632729Sdfr msqptr->msg_perm.cgid = cred->cr_gid; 3642729Sdfr msqptr->msg_perm.gid = cred->cr_gid; 3652729Sdfr msqptr->msg_perm.mode = (msgflg & 0777); 3662729Sdfr /* Make sure that the returned msqid is unique */ 3672729Sdfr msqptr->msg_perm.seq++; 3682729Sdfr msqptr->msg_first = NULL; 3692729Sdfr msqptr->msg_last = NULL; 3702729Sdfr msqptr->msg_cbytes = 0; 3712729Sdfr msqptr->msg_qnum = 0; 3722729Sdfr msqptr->msg_qbytes = msginfo.msgmnb; 3732729Sdfr msqptr->msg_lspid = 0; 3742729Sdfr msqptr->msg_lrpid = 0; 3752729Sdfr msqptr->msg_stime = 0; 3762729Sdfr msqptr->msg_rtime = 0; 3772729Sdfr msqptr->msg_ctime = time.tv_sec; 3782729Sdfr } else { 3792729Sdfr#ifdef MSG_DEBUG_OK 3802729Sdfr printf("didn't find it and wasn't asked to create it\n"); 3812729Sdfr#endif 3822729Sdfr return(ENOENT); 3832729Sdfr } 3842729Sdfr 3852729Sdfrfound: 3862729Sdfr /* Construct the unique msqid */ 3872729Sdfr *retval = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm); 3882729Sdfr return(0); 3892729Sdfr} 3902729Sdfr 3912729Sdfrstruct msgsnd_args { 3922729Sdfr int msqid; 3932729Sdfr void *user_msgp; 3942729Sdfr size_t msgsz; 3952729Sdfr int msgflg; 3962729Sdfr}; 3972729Sdfr 3982729Sdfrint 3992729Sdfrmsgsnd(p, uap, retval) 4002729Sdfr struct proc *p; 4012729Sdfr register struct msgsnd_args *uap; 4022729Sdfr int *retval; 4032729Sdfr{ 4042729Sdfr int msqid = uap->msqid; 4052729Sdfr void *user_msgp = uap->user_msgp; 4062729Sdfr size_t msgsz = uap->msgsz; 4072729Sdfr int msgflg = uap->msgflg; 4082729Sdfr int segs_needed, eval; 4092729Sdfr struct ucred *cred = p->p_ucred; 4102729Sdfr register struct msqid_ds *msqptr; 4112729Sdfr register struct msg *msghdr; 4122729Sdfr short next; 4132729Sdfr 4142729Sdfr#ifdef MSG_DEBUG_OK 4152729Sdfr printf("call to msgsnd(%d, 0x%x, %d, %d)\n", msqid, user_msgp, msgsz, 4162729Sdfr msgflg); 4172729Sdfr#endif 4182729Sdfr 4192729Sdfr msqid = IPCID_TO_IX(msqid); 4202729Sdfr 4212729Sdfr if (msqid < 0 || msqid >= msginfo.msgmni) { 4222729Sdfr#ifdef MSG_DEBUG_OK 4232729Sdfr printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 4242729Sdfr msginfo.msgmni); 4252729Sdfr#endif 4262729Sdfr return(EINVAL); 4272729Sdfr } 4282729Sdfr 4292729Sdfr msqptr = &msqids[msqid]; 4302729Sdfr if (msqptr->msg_qbytes == 0) { 4312729Sdfr#ifdef MSG_DEBUG_OK 4322729Sdfr printf("no such message queue id\n"); 4332729Sdfr#endif 4342729Sdfr return(EINVAL); 4352729Sdfr } 4362729Sdfr if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 4372729Sdfr#ifdef MSG_DEBUG_OK 4382729Sdfr printf("wrong sequence number\n"); 4392729Sdfr#endif 4402729Sdfr return(EINVAL); 4412729Sdfr } 4422729Sdfr 4432729Sdfr if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_W))) { 4442729Sdfr#ifdef MSG_DEBUG_OK 4452729Sdfr printf("requester doesn't have write access\n"); 4462729Sdfr#endif 4472729Sdfr return(eval); 4482729Sdfr } 4492729Sdfr 4502729Sdfr segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz; 4512729Sdfr#ifdef MSG_DEBUG_OK 4522729Sdfr printf("msgsz=%d, msgssz=%d, segs_needed=%d\n", msgsz, msginfo.msgssz, 4532729Sdfr segs_needed); 4542729Sdfr#endif 4552729Sdfr for (;;) { 4562729Sdfr int need_more_resources = 0; 4572729Sdfr 4582729Sdfr /* 4592729Sdfr * check msgsz 4602729Sdfr * (inside this loop in case msg_qbytes changes while we sleep) 4612729Sdfr */ 4622729Sdfr 4632836Sdg if (msgsz > msqptr->msg_qbytes) { 4642729Sdfr#ifdef MSG_DEBUG_OK 4652729Sdfr printf("msgsz > msqptr->msg_qbytes\n"); 4662729Sdfr#endif 4672729Sdfr return(EINVAL); 4682729Sdfr } 4692729Sdfr 4702729Sdfr if (msqptr->msg_perm.mode & MSG_LOCKED) { 4712729Sdfr#ifdef MSG_DEBUG_OK 4722729Sdfr printf("msqid is locked\n"); 4732729Sdfr#endif 4742729Sdfr need_more_resources = 1; 4752729Sdfr } 4762729Sdfr if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes) { 4772729Sdfr#ifdef MSG_DEBUG_OK 4782729Sdfr printf("msgsz + msg_cbytes > msg_qbytes\n"); 4792729Sdfr#endif 4802729Sdfr need_more_resources = 1; 4812729Sdfr } 4822729Sdfr if (segs_needed > nfree_msgmaps) { 4832729Sdfr#ifdef MSG_DEBUG_OK 4842729Sdfr printf("segs_needed > nfree_msgmaps\n"); 4852729Sdfr#endif 4862729Sdfr need_more_resources = 1; 4872729Sdfr } 4882729Sdfr if (free_msghdrs == NULL) { 4892729Sdfr#ifdef MSG_DEBUG_OK 4902729Sdfr printf("no more msghdrs\n"); 4912729Sdfr#endif 4922729Sdfr need_more_resources = 1; 4932729Sdfr } 4942729Sdfr 4952729Sdfr if (need_more_resources) { 4962729Sdfr int we_own_it; 4972729Sdfr 4982729Sdfr if ((msgflg & IPC_NOWAIT) != 0) { 4992729Sdfr#ifdef MSG_DEBUG_OK 5002729Sdfr printf("need more resources but caller doesn't want to wait\n"); 5012729Sdfr#endif 5022729Sdfr return(EAGAIN); 5032729Sdfr } 5042729Sdfr 5052729Sdfr if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) { 5062729Sdfr#ifdef MSG_DEBUG_OK 5072729Sdfr printf("we don't own the msqid_ds\n"); 5082729Sdfr#endif 5092729Sdfr we_own_it = 0; 5102729Sdfr } else { 5112729Sdfr /* Force later arrivals to wait for our 5122729Sdfr request */ 5132729Sdfr#ifdef MSG_DEBUG_OK 5142729Sdfr printf("we own the msqid_ds\n"); 5152729Sdfr#endif 5162729Sdfr msqptr->msg_perm.mode |= MSG_LOCKED; 5172729Sdfr we_own_it = 1; 5182729Sdfr } 5192729Sdfr#ifdef MSG_DEBUG_OK 5202729Sdfr printf("goodnight\n"); 5212729Sdfr#endif 5222729Sdfr eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, 5232729Sdfr "msgwait", 0); 5242729Sdfr#ifdef MSG_DEBUG_OK 5252729Sdfr printf("good morning, eval=%d\n", eval); 5262729Sdfr#endif 5272729Sdfr if (we_own_it) 5282729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 5292729Sdfr if (eval != 0) { 5302729Sdfr#ifdef MSG_DEBUG_OK 5312729Sdfr printf("msgsnd: interrupted system call\n"); 5322729Sdfr#endif 5332729Sdfr return(EINTR); 5342729Sdfr } 5352729Sdfr 5362729Sdfr /* 5372729Sdfr * Make sure that the msq queue still exists 5382729Sdfr */ 5392729Sdfr 5402729Sdfr if (msqptr->msg_qbytes == 0) { 5412729Sdfr#ifdef MSG_DEBUG_OK 5422729Sdfr printf("msqid deleted\n"); 5432729Sdfr#endif 5442729Sdfr /* The SVID says to return EIDRM. */ 5452729Sdfr#ifdef EIDRM 5462729Sdfr return(EIDRM); 5472729Sdfr#else 5482729Sdfr /* Unfortunately, BSD doesn't define that code 5492729Sdfr yet! */ 5502729Sdfr return(EINVAL); 5512729Sdfr#endif 5522729Sdfr } 5532729Sdfr 5542729Sdfr } else { 5552729Sdfr#ifdef MSG_DEBUG_OK 5562729Sdfr printf("got all the resources that we need\n"); 5572729Sdfr#endif 5582729Sdfr break; 5592729Sdfr } 5602729Sdfr } 5612729Sdfr 5622729Sdfr /* 5632729Sdfr * We have the resources that we need. 5642729Sdfr * Make sure! 5652729Sdfr */ 5662729Sdfr 5672729Sdfr if (msqptr->msg_perm.mode & MSG_LOCKED) 5682729Sdfr panic("msg_perm.mode & MSG_LOCKED"); 5692729Sdfr if (segs_needed > nfree_msgmaps) 5702729Sdfr panic("segs_needed > nfree_msgmaps"); 5712729Sdfr if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes) 5722729Sdfr panic("msgsz + msg_cbytes > msg_qbytes"); 5732729Sdfr if (free_msghdrs == NULL) 5742729Sdfr panic("no more msghdrs"); 5752729Sdfr 5762729Sdfr /* 5772729Sdfr * Re-lock the msqid_ds in case we page-fault when copying in the 5782729Sdfr * message 5792729Sdfr */ 5802729Sdfr 5812729Sdfr if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) 5822729Sdfr panic("msqid_ds is already locked"); 5832729Sdfr msqptr->msg_perm.mode |= MSG_LOCKED; 5842729Sdfr 5852729Sdfr /* 5862729Sdfr * Allocate a message header 5872729Sdfr */ 5882729Sdfr 5892729Sdfr msghdr = free_msghdrs; 5902729Sdfr free_msghdrs = msghdr->msg_next; 5912729Sdfr msghdr->msg_spot = -1; 5922729Sdfr msghdr->msg_ts = msgsz; 5932729Sdfr 5942729Sdfr /* 5952729Sdfr * Allocate space for the message 5962729Sdfr */ 5972729Sdfr 5982729Sdfr while (segs_needed > 0) { 5992729Sdfr if (nfree_msgmaps <= 0) 6002729Sdfr panic("not enough msgmaps"); 6012729Sdfr if (free_msgmaps == -1) 6022729Sdfr panic("nil free_msgmaps"); 6032729Sdfr next = free_msgmaps; 6042729Sdfr if (next <= -1) 6052729Sdfr panic("next too low #1"); 6062729Sdfr if (next >= msginfo.msgseg) 6072729Sdfr panic("next out of range #1"); 6082729Sdfr#ifdef MSG_DEBUG_OK 6092729Sdfr printf("allocating segment %d to message\n", next); 6102729Sdfr#endif 6112729Sdfr free_msgmaps = msgmaps[next].next; 6122729Sdfr nfree_msgmaps--; 6132729Sdfr msgmaps[next].next = msghdr->msg_spot; 6142729Sdfr msghdr->msg_spot = next; 6152729Sdfr segs_needed--; 6162729Sdfr } 6172729Sdfr 6182729Sdfr /* 6192729Sdfr * Copy in the message type 6202729Sdfr */ 6212729Sdfr 6222729Sdfr if ((eval = copyin(user_msgp, &msghdr->msg_type, 6232729Sdfr sizeof(msghdr->msg_type))) != 0) { 6242729Sdfr#ifdef MSG_DEBUG_OK 6252729Sdfr printf("error %d copying the message type\n", eval); 6262729Sdfr#endif 6272729Sdfr msg_freehdr(msghdr); 6282729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 6292729Sdfr wakeup((caddr_t)msqptr); 6302729Sdfr return(eval); 6312729Sdfr } 6322729Sdfr user_msgp += sizeof(msghdr->msg_type); 6332729Sdfr 6342729Sdfr /* 6352729Sdfr * Validate the message type 6362729Sdfr */ 6372729Sdfr 6382729Sdfr if (msghdr->msg_type < 1) { 6392729Sdfr msg_freehdr(msghdr); 6402729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 6412729Sdfr wakeup((caddr_t)msqptr); 6422729Sdfr#ifdef MSG_DEBUG_OK 6432729Sdfr printf("mtype (%d) < 1\n", msghdr->msg_type); 6442729Sdfr#endif 6452729Sdfr return(EINVAL); 6462729Sdfr } 6472729Sdfr 6482729Sdfr /* 6492729Sdfr * Copy in the message body 6502729Sdfr */ 6512729Sdfr 6522729Sdfr next = msghdr->msg_spot; 6532729Sdfr while (msgsz > 0) { 6542729Sdfr size_t tlen; 6552729Sdfr if (msgsz > msginfo.msgssz) 6562729Sdfr tlen = msginfo.msgssz; 6572729Sdfr else 6582729Sdfr tlen = msgsz; 6592729Sdfr if (next <= -1) 6602729Sdfr panic("next too low #2"); 6612729Sdfr if (next >= msginfo.msgseg) 6622729Sdfr panic("next out of range #2"); 6632729Sdfr if ((eval = copyin(user_msgp, &msgpool[next * msginfo.msgssz], 6642729Sdfr tlen)) != 0) { 6652729Sdfr#ifdef MSG_DEBUG_OK 6662729Sdfr printf("error %d copying in message segment\n", eval); 6672729Sdfr#endif 6682729Sdfr msg_freehdr(msghdr); 6692729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 6702729Sdfr wakeup((caddr_t)msqptr); 6712729Sdfr return(eval); 6722729Sdfr } 6732729Sdfr msgsz -= tlen; 6742729Sdfr user_msgp += tlen; 6752729Sdfr next = msgmaps[next].next; 6762729Sdfr } 6772729Sdfr if (next != -1) 6782729Sdfr panic("didn't use all the msg segments"); 6792729Sdfr 6802729Sdfr /* 6812729Sdfr * We've got the message. Unlock the msqid_ds. 6822729Sdfr */ 6832729Sdfr 6842729Sdfr msqptr->msg_perm.mode &= ~MSG_LOCKED; 6852729Sdfr 6862729Sdfr /* 6872729Sdfr * Make sure that the msqid_ds is still allocated. 6882729Sdfr */ 6892729Sdfr 6902729Sdfr if (msqptr->msg_qbytes == 0) { 6912729Sdfr msg_freehdr(msghdr); 6922729Sdfr wakeup((caddr_t)msqptr); 6932729Sdfr /* The SVID says to return EIDRM. */ 6942729Sdfr#ifdef EIDRM 6952729Sdfr return(EIDRM); 6962729Sdfr#else 6972729Sdfr /* Unfortunately, BSD doesn't define that code yet! */ 6982729Sdfr return(EINVAL); 6992729Sdfr#endif 7002729Sdfr } 7012729Sdfr 7022729Sdfr /* 7032729Sdfr * Put the message into the queue 7042729Sdfr */ 7052729Sdfr 7062729Sdfr if (msqptr->msg_first == NULL) { 7072729Sdfr msqptr->msg_first = msghdr; 7082729Sdfr msqptr->msg_last = msghdr; 7092729Sdfr } else { 7102729Sdfr msqptr->msg_last->msg_next = msghdr; 7112729Sdfr msqptr->msg_last = msghdr; 7122729Sdfr } 7132729Sdfr msqptr->msg_last->msg_next = NULL; 7142729Sdfr 7152729Sdfr msqptr->msg_cbytes += msghdr->msg_ts; 7162729Sdfr msqptr->msg_qnum++; 7172729Sdfr msqptr->msg_lspid = p->p_pid; 7182729Sdfr msqptr->msg_stime = time.tv_sec; 7192729Sdfr 7202729Sdfr wakeup((caddr_t)msqptr); 7212729Sdfr *retval = 0; 7222729Sdfr return(0); 7232729Sdfr} 7242729Sdfr 7252729Sdfrstruct msgrcv_args { 7262729Sdfr int msqid; 7272729Sdfr void *msgp; 7282729Sdfr size_t msgsz; 7292729Sdfr long msgtyp; 7302729Sdfr int msgflg; 7312729Sdfr}; 7322729Sdfr 7332729Sdfrint 7342729Sdfrmsgrcv(p, uap, retval) 7352729Sdfr struct proc *p; 7362729Sdfr register struct msgrcv_args *uap; 7372729Sdfr int *retval; 7382729Sdfr{ 7392729Sdfr int msqid = uap->msqid; 7402729Sdfr void *user_msgp = uap->msgp; 7412729Sdfr size_t msgsz = uap->msgsz; 7422729Sdfr long msgtyp = uap->msgtyp; 7432729Sdfr int msgflg = uap->msgflg; 7442729Sdfr size_t len; 7452729Sdfr struct ucred *cred = p->p_ucred; 7462729Sdfr register struct msqid_ds *msqptr; 7472729Sdfr register struct msg *msghdr; 7482729Sdfr int eval; 7492729Sdfr short next; 7502729Sdfr 7512729Sdfr#ifdef MSG_DEBUG_OK 7522729Sdfr printf("call to msgrcv(%d, 0x%x, %d, %ld, %d)\n", msqid, user_msgp, 7532729Sdfr msgsz, msgtyp, msgflg); 7542729Sdfr#endif 7552729Sdfr 7562729Sdfr msqid = IPCID_TO_IX(msqid); 7572729Sdfr 7582729Sdfr if (msqid < 0 || msqid >= msginfo.msgmni) { 7592729Sdfr#ifdef MSG_DEBUG_OK 7602729Sdfr printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 7612729Sdfr msginfo.msgmni); 7622729Sdfr#endif 7632729Sdfr return(EINVAL); 7642729Sdfr } 7652729Sdfr 7662729Sdfr msqptr = &msqids[msqid]; 7672729Sdfr if (msqptr->msg_qbytes == 0) { 7682729Sdfr#ifdef MSG_DEBUG_OK 7692729Sdfr printf("no such message queue id\n"); 7702729Sdfr#endif 7712729Sdfr return(EINVAL); 7722729Sdfr } 7732729Sdfr if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 7742729Sdfr#ifdef MSG_DEBUG_OK 7752729Sdfr printf("wrong sequence number\n"); 7762729Sdfr#endif 7772729Sdfr return(EINVAL); 7782729Sdfr } 7792729Sdfr 7802729Sdfr if ((eval = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 7812729Sdfr#ifdef MSG_DEBUG_OK 7822729Sdfr printf("requester doesn't have read access\n"); 7832729Sdfr#endif 7842729Sdfr return(eval); 7852729Sdfr } 7862729Sdfr 7872729Sdfr msghdr = NULL; 7882729Sdfr while (msghdr == NULL) { 7892729Sdfr if (msgtyp == 0) { 7902729Sdfr msghdr = msqptr->msg_first; 7912729Sdfr if (msghdr != NULL) { 7922729Sdfr if (msgsz < msghdr->msg_ts && 7932729Sdfr (msgflg & MSG_NOERROR) == 0) { 7942729Sdfr#ifdef MSG_DEBUG_OK 7952729Sdfr printf("first message on the queue is too big (want %d, got %d)\n", 7962729Sdfr msgsz, msghdr->msg_ts); 7972729Sdfr#endif 7982729Sdfr return(E2BIG); 7992729Sdfr } 8002729Sdfr if (msqptr->msg_first == msqptr->msg_last) { 8012729Sdfr msqptr->msg_first = NULL; 8022729Sdfr msqptr->msg_last = NULL; 8032729Sdfr } else { 8042729Sdfr msqptr->msg_first = msghdr->msg_next; 8052729Sdfr if (msqptr->msg_first == NULL) 8062729Sdfr panic("msg_first/last screwed up #1"); 8072729Sdfr } 8082729Sdfr } 8092729Sdfr } else { 8102729Sdfr struct msg *previous; 8112729Sdfr struct msg **prev; 8122729Sdfr 8132729Sdfr previous = NULL; 8142729Sdfr prev = &(msqptr->msg_first); 8152729Sdfr while ((msghdr = *prev) != NULL) { 8162729Sdfr /* 8172729Sdfr * Is this message's type an exact match or is 8182729Sdfr * this message's type less than or equal to 8192729Sdfr * the absolute value of a negative msgtyp? 8202729Sdfr * Note that the second half of this test can 8212729Sdfr * NEVER be true if msgtyp is positive since 8222729Sdfr * msg_type is always positive! 8232729Sdfr */ 8242729Sdfr 8252729Sdfr if (msgtyp == msghdr->msg_type || 8262729Sdfr msghdr->msg_type <= -msgtyp) { 8272729Sdfr#ifdef MSG_DEBUG_OK 8282729Sdfr printf("found message type %d, requested %d\n", 8292729Sdfr msghdr->msg_type, msgtyp); 8302729Sdfr#endif 8312729Sdfr if (msgsz < msghdr->msg_ts && 8322729Sdfr (msgflg & MSG_NOERROR) == 0) { 8332729Sdfr#ifdef MSG_DEBUG_OK 8342729Sdfr printf("requested message on the queue is too big (want %d, got %d)\n", 8352729Sdfr msgsz, msghdr->msg_ts); 8362729Sdfr#endif 8372729Sdfr return(E2BIG); 8382729Sdfr } 8392729Sdfr *prev = msghdr->msg_next; 8402729Sdfr if (msghdr == msqptr->msg_last) { 8412729Sdfr if (previous == NULL) { 8422729Sdfr if (prev != 8432729Sdfr &msqptr->msg_first) 8442729Sdfr panic("msg_first/last screwed up #2"); 8452729Sdfr msqptr->msg_first = 8462729Sdfr NULL; 8472729Sdfr msqptr->msg_last = 8482729Sdfr NULL; 8492729Sdfr } else { 8502729Sdfr if (prev == 8512729Sdfr &msqptr->msg_first) 8522729Sdfr panic("msg_first/last screwed up #3"); 8532729Sdfr msqptr->msg_last = 8542729Sdfr previous; 8552729Sdfr } 8562729Sdfr } 8572729Sdfr break; 8582729Sdfr } 8592729Sdfr previous = msghdr; 8602729Sdfr prev = &(msghdr->msg_next); 8612729Sdfr } 8622729Sdfr } 8632729Sdfr 8642729Sdfr /* 8652729Sdfr * We've either extracted the msghdr for the appropriate 8662729Sdfr * message or there isn't one. 8672729Sdfr * If there is one then bail out of this loop. 8682729Sdfr */ 8692729Sdfr 8702729Sdfr if (msghdr != NULL) 8712729Sdfr break; 8722729Sdfr 8732729Sdfr /* 8742729Sdfr * Hmph! No message found. Does the user want to wait? 8752729Sdfr */ 8762729Sdfr 8772729Sdfr if ((msgflg & IPC_NOWAIT) != 0) { 8782729Sdfr#ifdef MSG_DEBUG_OK 8792729Sdfr printf("no appropriate message found (msgtyp=%d)\n", 8802729Sdfr msgtyp); 8812729Sdfr#endif 8822729Sdfr /* The SVID says to return ENOMSG. */ 8832729Sdfr#ifdef ENOMSG 8842729Sdfr return(ENOMSG); 8852729Sdfr#else 8862729Sdfr /* Unfortunately, BSD doesn't define that code yet! */ 8872729Sdfr return(EAGAIN); 8882729Sdfr#endif 8892729Sdfr } 8902729Sdfr 8912729Sdfr /* 8922729Sdfr * Wait for something to happen 8932729Sdfr */ 8942729Sdfr 8952729Sdfr#ifdef MSG_DEBUG_OK 8962729Sdfr printf("msgrcv: goodnight\n"); 8972729Sdfr#endif 8982729Sdfr eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, "msgwait", 8992729Sdfr 0); 9002729Sdfr#ifdef MSG_DEBUG_OK 9012729Sdfr printf("msgrcv: good morning (eval=%d)\n", eval); 9022729Sdfr#endif 9032729Sdfr 9042729Sdfr if (eval != 0) { 9052729Sdfr#ifdef MSG_DEBUG_OK 9062729Sdfr printf("msgsnd: interrupted system call\n"); 9072729Sdfr#endif 9082729Sdfr return(EINTR); 9092729Sdfr } 9102729Sdfr 9112729Sdfr /* 9122729Sdfr * Make sure that the msq queue still exists 9132729Sdfr */ 9142729Sdfr 9152729Sdfr if (msqptr->msg_qbytes == 0 || 9162729Sdfr msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) { 9172729Sdfr#ifdef MSG_DEBUG_OK 9182729Sdfr printf("msqid deleted\n"); 9192729Sdfr#endif 9202729Sdfr /* The SVID says to return EIDRM. */ 9212729Sdfr#ifdef EIDRM 9222729Sdfr return(EIDRM); 9232729Sdfr#else 9242729Sdfr /* Unfortunately, BSD doesn't define that code yet! */ 9252729Sdfr return(EINVAL); 9262729Sdfr#endif 9272729Sdfr } 9282729Sdfr } 9292729Sdfr 9302729Sdfr /* 9312729Sdfr * Return the message to the user. 9322729Sdfr * 9332729Sdfr * First, do the bookkeeping (before we risk being interrupted). 9342729Sdfr */ 9352729Sdfr 9362729Sdfr msqptr->msg_cbytes -= msghdr->msg_ts; 9372729Sdfr msqptr->msg_qnum--; 9382729Sdfr msqptr->msg_lrpid = p->p_pid; 9392729Sdfr msqptr->msg_rtime = time.tv_sec; 9402729Sdfr 9412729Sdfr /* 9422729Sdfr * Make msgsz the actual amount that we'll be returning. 9432729Sdfr * Note that this effectively truncates the message if it is too long 9442729Sdfr * (since msgsz is never increased). 9452729Sdfr */ 9462729Sdfr 9472729Sdfr#ifdef MSG_DEBUG_OK 9482729Sdfr printf("found a message, msgsz=%d, msg_ts=%d\n", msgsz, 9492729Sdfr msghdr->msg_ts); 9502729Sdfr#endif 9512729Sdfr if (msgsz > msghdr->msg_ts) 9522729Sdfr msgsz = msghdr->msg_ts; 9532729Sdfr 9542729Sdfr /* 9552729Sdfr * Return the type to the user. 9562729Sdfr */ 9572729Sdfr 9582729Sdfr eval = copyout((caddr_t)&(msghdr->msg_type), user_msgp, 9592729Sdfr sizeof(msghdr->msg_type)); 9602729Sdfr if (eval != 0) { 9612729Sdfr#ifdef MSG_DEBUG_OK 9622729Sdfr printf("error (%d) copying out message type\n", eval); 9632729Sdfr#endif 9642729Sdfr msg_freehdr(msghdr); 9652729Sdfr wakeup((caddr_t)msqptr); 9662729Sdfr return(eval); 9672729Sdfr } 9682729Sdfr user_msgp += sizeof(msghdr->msg_type); 9692729Sdfr 9702729Sdfr /* 9712729Sdfr * Return the segments to the user 9722729Sdfr */ 9732729Sdfr 9742729Sdfr next = msghdr->msg_spot; 9752729Sdfr for (len = 0; len < msgsz; len += msginfo.msgssz) { 9762729Sdfr size_t tlen; 9772729Sdfr 9782729Sdfr if (msgsz > msginfo.msgssz) 9792729Sdfr tlen = msginfo.msgssz; 9802729Sdfr else 9812729Sdfr tlen = msgsz; 9822729Sdfr if (next <= -1) 9832729Sdfr panic("next too low #3"); 9842729Sdfr if (next >= msginfo.msgseg) 9852729Sdfr panic("next out of range #3"); 9862729Sdfr eval = copyout((caddr_t)&msgpool[next * msginfo.msgssz], 9872729Sdfr user_msgp, tlen); 9882729Sdfr if (eval != 0) { 9892729Sdfr#ifdef MSG_DEBUG_OK 9902729Sdfr printf("error (%d) copying out message segment\n", 9912729Sdfr eval); 9922729Sdfr#endif 9932729Sdfr msg_freehdr(msghdr); 9942729Sdfr wakeup((caddr_t)msqptr); 9952729Sdfr return(eval); 9962729Sdfr } 9972729Sdfr user_msgp += tlen; 9982729Sdfr next = msgmaps[next].next; 9992729Sdfr } 10002729Sdfr 10012729Sdfr /* 10022729Sdfr * Done, return the actual number of bytes copied out. 10032729Sdfr */ 10042729Sdfr 10052729Sdfr msg_freehdr(msghdr); 10062729Sdfr wakeup((caddr_t)msqptr); 10072729Sdfr *retval = msgsz; 10082729Sdfr return(0); 10092729Sdfr} 1010