sys/kern/sysv_sem.c

139804Simp/*-
2729Sdfr * Implementation of SVID semaphores
2729Sdfr *
2729Sdfr * Author:  Daniel Boulet
2729Sdfr *
2729Sdfr * This software is provided ``AS IS'' without any warranties of any kind.
2729Sdfr */
140615Srwatson/*-
140615Srwatson * Copyright (c) 2003-2005 McAfee, Inc.
140615Srwatson * All rights reserved.
140615Srwatson *
140615Srwatson * This software was developed for the FreeBSD Project in part by McAfee
140615Srwatson * Research, the Security Research Division of McAfee, Inc under DARPA/SPAWAR
140615Srwatson * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
140615Srwatson * program.
140615Srwatson *
140615Srwatson * Redistribution and use in source and binary forms, with or without
140615Srwatson * modification, are permitted provided that the following conditions
140615Srwatson * are met:
140615Srwatson * 1. Redistributions of source code must retain the above copyright
140615Srwatson *    notice, this list of conditions and the following disclaimer.
140615Srwatson * 2. Redistributions in binary form must reproduce the above copyright
140615Srwatson *    notice, this list of conditions and the following disclaimer in the
140615Srwatson *    documentation and/or other materials provided with the distribution.
140615Srwatson *
140615Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
140615Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
140615Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
140615Srwatson * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
140615Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
140615Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
140615Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
140615Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
140615Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
140615Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
140615Srwatson * SUCH DAMAGE.
140615Srwatson */
2729Sdfr
116182Sobrien#include <sys/cdefs.h>
116182Sobrien__FBSDID("$FreeBSD: releng/11.0/sys/kern/sysv_sem.c 298819 2016-04-29 22:15:33Z pfg $");
116182Sobrien
194894Sjhb#include "opt_compat.h"
59839Speter#include "opt_sysvipc.h"
59839Speter
2729Sdfr#include <sys/param.h>
2729Sdfr#include <sys/systm.h>
11626Sbde#include <sys/sysproto.h>
112564Sjhb#include <sys/eventhandler.h>
2729Sdfr#include <sys/kernel.h>
2729Sdfr#include <sys/proc.h>
82607Sdillon#include <sys/lock.h>
129882Sphk#include <sys/module.h>
82607Sdillon#include <sys/mutex.h>
220398Strasz#include <sys/racct.h>
2729Sdfr#include <sys/sem.h>
298585Sjamie#include <sys/sx.h>
69449Salfred#include <sys/syscall.h>
159991Sjhb#include <sys/syscallsubr.h>
11626Sbde#include <sys/sysent.h>
59839Speter#include <sys/sysctl.h>
159991Sjhb#include <sys/uio.h>
59839Speter#include <sys/malloc.h>
68024Srwatson#include <sys/jail.h>
2729Sdfr
163606Srwatson#include <security/mac/mac_framework.h>
163606Srwatson
219028SnetchildFEATURE(sysv_sem, "System V semaphores support");
219028Snetchild
59839Speterstatic MALLOC_DEFINE(M_SEM, "sem", "SVID compatible semaphores");
59839Speter
100523Salfred#ifdef SEM_DEBUG
100523Salfred#define DPRINTF(a)	printf a
100523Salfred#else
100523Salfred#define DPRINTF(a)
100523Salfred#endif
100523Salfred
205323Skibstatic int seminit(void);
92723Salfredstatic int sysvsem_modload(struct module *, int, void *);
92723Salfredstatic int semunload(void);
112564Sjhbstatic void semexit_myhook(void *arg, struct proc *p);
92723Salfredstatic int sysctl_sema(SYSCTL_HANDLER_ARGS);
298585Sjamiestatic int semvalid(int semid, struct prison *rpr,
298585Sjamie    struct semid_kernel *semakptr);
298585Sjamiestatic void sem_remove(int semidx, struct ucred *cred);
298585Sjamiestatic struct prison *sem_find_prison(struct ucred *);
298585Sjamiestatic int sem_prison_cansee(struct prison *, struct semid_kernel *);
298585Sjamiestatic int sem_prison_check(void *, void *);
298585Sjamiestatic int sem_prison_set(void *, void *);
298585Sjamiestatic int sem_prison_get(void *, void *);
298585Sjamiestatic int sem_prison_remove(void *, void *);
298585Sjamiestatic void sem_prison_cleanup(struct prison *);
10358Sjulian
12866Speter#ifndef _SYS_SYSPROTO_H_
12866Speterstruct __semctl_args;
92723Salfredint __semctl(struct thread *td, struct __semctl_args *uap);
11626Sbdestruct semget_args;
92723Salfredint semget(struct thread *td, struct semget_args *uap);
11626Sbdestruct semop_args;
92723Salfredint semop(struct thread *td, struct semop_args *uap);
12866Speter#endif
11626Sbde
92723Salfredstatic struct sem_undo *semu_alloc(struct thread *td);
122201Srwatsonstatic int semundo_adjust(struct thread *td, struct sem_undo **supptr,
187223Skib    int semid, int semseq, int semnum, int adjval);
92723Salfredstatic void semundo_clear(int semid, int semnum);
11626Sbde
101774Salfredstatic struct mtx	sem_mtx;	/* semaphore global lock */
187223Skibstatic struct mtx sem_undo_mtx;
12819Sphkstatic int	semtot = 0;
137613Srwatsonstatic struct semid_kernel *sema;	/* semaphore id pool */
101774Salfredstatic struct mtx *sema_mtx;	/* semaphore id pool mutexes*/
59839Speterstatic struct sem *sem;		/* semaphore pool */
187223SkibLIST_HEAD(, sem_undo) semu_list;	/* list of active undo structures */
187223SkibLIST_HEAD(, sem_undo) semu_free_list;	/* list of free undo structures */
59839Speterstatic int	*semu;		/* undo structure pool */
112564Sjhbstatic eventhandler_tag semexit_tag;
298585Sjamiestatic unsigned sem_prison_slot;	/* prison OSD slot */
2729Sdfr
187223Skib#define SEMUNDO_MTX		sem_undo_mtx
101774Salfred#define SEMUNDO_LOCK()		mtx_lock(&SEMUNDO_MTX);
101774Salfred#define SEMUNDO_UNLOCK()	mtx_unlock(&SEMUNDO_MTX);
101774Salfred#define SEMUNDO_LOCKASSERT(how)	mtx_assert(&SEMUNDO_MTX, (how));
101774Salfred
59839Speterstruct sem {
59839Speter	u_short	semval;		/* semaphore value */
59839Speter	pid_t	sempid;		/* pid of last operation */
59839Speter	u_short	semncnt;	/* # awaiting semval > cval */
59839Speter	u_short	semzcnt;	/* # awaiting semval = 0 */
59839Speter};
59839Speter
59839Speter/*
59839Speter * Undo structure (one per process)
59839Speter */
59839Speterstruct sem_undo {
187223Skib	LIST_ENTRY(sem_undo) un_next;	/* ptr to next active undo structure */
59839Speter	struct	proc *un_proc;		/* owner of this structure */
59839Speter	short	un_cnt;			/* # of active entries */
59839Speter	struct undo {
59839Speter		short	un_adjval;	/* adjust on exit values */
59839Speter		short	un_num;		/* semaphore # */
59839Speter		int	un_id;		/* semid */
187223Skib		unsigned short un_seq;
59839Speter	} un_ent[1];			/* undo entries */
59839Speter};
59839Speter
59839Speter/*
59839Speter * Configuration parameters
59839Speter */
59839Speter#ifndef SEMMNI
209037Sivoras#define SEMMNI	50		/* # of semaphore identifiers */
59839Speter#endif
59839Speter#ifndef SEMMNS
209037Sivoras#define SEMMNS	340		/* # of semaphores in system */
59839Speter#endif
59839Speter#ifndef SEMUME
209037Sivoras#define SEMUME	50		/* max # of undo entries per process */
59839Speter#endif
59839Speter#ifndef SEMMNU
209037Sivoras#define SEMMNU	150		/* # of undo structures in system */
59839Speter#endif
59839Speter
59839Speter/* shouldn't need tuning */
59839Speter#ifndef SEMMSL
59839Speter#define SEMMSL	SEMMNS		/* max # of semaphores per id */
59839Speter#endif
59839Speter#ifndef SEMOPM
59839Speter#define SEMOPM	100		/* max # of operations per semop call */
59839Speter#endif
59839Speter
59839Speter#define SEMVMX	32767		/* semaphore maximum value */
59839Speter#define SEMAEM	16384		/* adjust on exit max value */
59839Speter
59839Speter/*
59839Speter * Due to the way semaphore memory is allocated, we have to ensure that
59839Speter * SEMUSZ is properly aligned.
59839Speter */
59839Speter
298433Spfg#define	SEM_ALIGN(bytes) roundup2(bytes, sizeof(long))
59839Speter
59839Speter/* actual size of an undo structure */
59839Speter#define SEMUSZ	SEM_ALIGN(offsetof(struct sem_undo, un_ent[SEMUME]))
59839Speter
59839Speter/*
59839Speter * Macro to find a particular sem_undo vector
59839Speter */
101350Salfred#define SEMU(ix) \
101350Salfred	((struct sem_undo *)(((intptr_t)semu)+ix * seminfo.semusz))
59839Speter
59839Speter/*
59839Speter * semaphore info struct
59839Speter */
59839Speterstruct seminfo seminfo = {
59839Speter                SEMMNI,         /* # of semaphore identifiers */
59839Speter                SEMMNS,         /* # of semaphores in system */
59839Speter                SEMMNU,         /* # of undo structures in system */
59839Speter                SEMMSL,         /* max # of semaphores per id */
59839Speter                SEMOPM,         /* max # of operations per semop call */
59839Speter                SEMUME,         /* max # of undo entries per process */
59839Speter                SEMUSZ,         /* size in bytes of undo structure */
59839Speter                SEMVMX,         /* semaphore maximum value */
59839Speter                SEMAEM          /* adjust on exit max value */
59839Speter};
59839Speter
141710ScsjpSYSCTL_INT(_kern_ipc, OID_AUTO, semmni, CTLFLAG_RDTUN, &seminfo.semmni, 0,
141710Scsjp    "Number of semaphore identifiers");
141710ScsjpSYSCTL_INT(_kern_ipc, OID_AUTO, semmns, CTLFLAG_RDTUN, &seminfo.semmns, 0,
141710Scsjp    "Maximum number of semaphores in the system");
141710ScsjpSYSCTL_INT(_kern_ipc, OID_AUTO, semmnu, CTLFLAG_RDTUN, &seminfo.semmnu, 0,
141710Scsjp    "Maximum number of undo structures in the system");
267992ShselaskySYSCTL_INT(_kern_ipc, OID_AUTO, semmsl, CTLFLAG_RWTUN, &seminfo.semmsl, 0,
141710Scsjp    "Max semaphores per id");
141710ScsjpSYSCTL_INT(_kern_ipc, OID_AUTO, semopm, CTLFLAG_RDTUN, &seminfo.semopm, 0,
141710Scsjp    "Max operations per semop call");
141710ScsjpSYSCTL_INT(_kern_ipc, OID_AUTO, semume, CTLFLAG_RDTUN, &seminfo.semume, 0,
141710Scsjp    "Max undo entries per process");
141710ScsjpSYSCTL_INT(_kern_ipc, OID_AUTO, semusz, CTLFLAG_RDTUN, &seminfo.semusz, 0,
141710Scsjp    "Size in bytes of undo structure");
267992ShselaskySYSCTL_INT(_kern_ipc, OID_AUTO, semvmx, CTLFLAG_RWTUN, &seminfo.semvmx, 0,
141710Scsjp    "Semaphore maximum value");
267992ShselaskySYSCTL_INT(_kern_ipc, OID_AUTO, semaem, CTLFLAG_RWTUN, &seminfo.semaem, 0,
141710Scsjp    "Adjust on exit max value");
298656SjamieSYSCTL_PROC(_kern_ipc, OID_AUTO, sema,
298656Sjamie    CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE,
215281Sbrucec    NULL, 0, sysctl_sema, "", "Semaphore id pool");
59839Speter
205323Skibstatic struct syscall_helper_data sem_syscalls[] = {
205323Skib	SYSCALL_INIT_HELPER(__semctl),
205323Skib	SYSCALL_INIT_HELPER(semget),
205323Skib	SYSCALL_INIT_HELPER(semop),
205323Skib#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
205323Skib    defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
205323Skib	SYSCALL_INIT_HELPER(semsys),
225617Skmacy	SYSCALL_INIT_HELPER_COMPAT(freebsd7___semctl),
205323Skib#endif
205323Skib	SYSCALL_INIT_LAST
205323Skib};
205323Skib
205323Skib#ifdef COMPAT_FREEBSD32
205323Skib#include <compat/freebsd32/freebsd32.h>
205323Skib#include <compat/freebsd32/freebsd32_ipc.h>
205323Skib#include <compat/freebsd32/freebsd32_proto.h>
205323Skib#include <compat/freebsd32/freebsd32_signal.h>
205323Skib#include <compat/freebsd32/freebsd32_syscall.h>
205323Skib#include <compat/freebsd32/freebsd32_util.h>
205323Skib
205323Skibstatic struct syscall_helper_data sem32_syscalls[] = {
205323Skib	SYSCALL32_INIT_HELPER(freebsd32_semctl),
225617Skmacy	SYSCALL32_INIT_HELPER_COMPAT(semget),
225617Skmacy	SYSCALL32_INIT_HELPER_COMPAT(semop),
205323Skib	SYSCALL32_INIT_HELPER(freebsd32_semsys),
205323Skib#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
205323Skib    defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
205323Skib	SYSCALL32_INIT_HELPER(freebsd7_freebsd32_semctl),
205323Skib#endif
205323Skib	SYSCALL_INIT_LAST
205323Skib};
205323Skib#endif
205323Skib
205323Skibstatic int
69449Salfredseminit(void)
2729Sdfr{
298585Sjamie	struct prison *pr;
298661Scem	void **rsv;
205323Skib	int i, error;
298585Sjamie	osd_method_t methods[PR_MAXMETHOD] = {
298585Sjamie	    [PR_METHOD_CHECK] =		sem_prison_check,
298585Sjamie	    [PR_METHOD_SET] =		sem_prison_set,
298585Sjamie	    [PR_METHOD_GET] =		sem_prison_get,
298585Sjamie	    [PR_METHOD_REMOVE] =	sem_prison_remove,
298585Sjamie	};
2729Sdfr
111119Simp	sem = malloc(sizeof(struct sem) * seminfo.semmns, M_SEM, M_WAITOK);
137613Srwatson	sema = malloc(sizeof(struct semid_kernel) * seminfo.semmni, M_SEM,
111119Simp	    M_WAITOK);
101774Salfred	sema_mtx = malloc(sizeof(struct mtx) * seminfo.semmni, M_SEM,
111119Simp	    M_WAITOK | M_ZERO);
111119Simp	semu = malloc(seminfo.semmnu * seminfo.semusz, M_SEM, M_WAITOK);
2729Sdfr
2729Sdfr	for (i = 0; i < seminfo.semmni; i++) {
137613Srwatson		sema[i].u.sem_base = 0;
137613Srwatson		sema[i].u.sem_perm.mode = 0;
137613Srwatson		sema[i].u.sem_perm.seq = 0;
140615Srwatson#ifdef MAC
172930Srwatson		mac_sysvsem_init(&sema[i]);
140615Srwatson#endif
2729Sdfr	}
101774Salfred	for (i = 0; i < seminfo.semmni; i++)
101774Salfred		mtx_init(&sema_mtx[i], "semid", NULL, MTX_DEF);
187223Skib	LIST_INIT(&semu_free_list);
2729Sdfr	for (i = 0; i < seminfo.semmnu; i++) {
101350Salfred		struct sem_undo *suptr = SEMU(i);
2729Sdfr		suptr->un_proc = NULL;
187223Skib		LIST_INSERT_HEAD(&semu_free_list, suptr, un_next);
2729Sdfr	}
187223Skib	LIST_INIT(&semu_list);
101774Salfred	mtx_init(&sem_mtx, "sem", NULL, MTX_DEF);
187223Skib	mtx_init(&sem_undo_mtx, "semu", NULL, MTX_DEF);
112564Sjhb	semexit_tag = EVENTHANDLER_REGISTER(process_exit, semexit_myhook, NULL,
112564Sjhb	    EVENTHANDLER_PRI_ANY);
205323Skib
298585Sjamie	/* Set current prisons according to their allow.sysvipc. */
298585Sjamie	sem_prison_slot = osd_jail_register(NULL, methods);
298585Sjamie	rsv = osd_reserve(sem_prison_slot);
298585Sjamie	prison_lock(&prison0);
298585Sjamie	(void)osd_jail_set_reserved(&prison0, sem_prison_slot, rsv, &prison0);
298585Sjamie	prison_unlock(&prison0);
298585Sjamie	rsv = NULL;
298585Sjamie	sx_slock(&allprison_lock);
298585Sjamie	TAILQ_FOREACH(pr, &allprison, pr_list) {
298585Sjamie		if (rsv == NULL)
298585Sjamie			rsv = osd_reserve(sem_prison_slot);
298585Sjamie		prison_lock(pr);
298585Sjamie		if ((pr->pr_allow & PR_ALLOW_SYSVIPC) && pr->pr_ref > 0) {
298585Sjamie			(void)osd_jail_set_reserved(pr, sem_prison_slot, rsv,
298585Sjamie			    &prison0);
298585Sjamie			rsv = NULL;
298585Sjamie		}
298585Sjamie		prison_unlock(pr);
298585Sjamie	}
298585Sjamie	if (rsv != NULL)
298585Sjamie		osd_free_reserved(rsv);
298585Sjamie	sx_sunlock(&allprison_lock);
298585Sjamie
273707Smjg	error = syscall_helper_register(sem_syscalls, SY_THR_STATIC_KLD);
205323Skib	if (error != 0)
205323Skib		return (error);
205323Skib#ifdef COMPAT_FREEBSD32
273707Smjg	error = syscall32_helper_register(sem32_syscalls, SY_THR_STATIC_KLD);
205323Skib	if (error != 0)
205323Skib		return (error);
205323Skib#endif
205323Skib	return (0);
2729Sdfr}
2729Sdfr
69449Salfredstatic int
69449Salfredsemunload(void)
69449Salfred{
101774Salfred	int i;
69449Salfred
187223Skib	/* XXXKIB */
69449Salfred	if (semtot != 0)
69449Salfred		return (EBUSY);
69449Salfred
205323Skib#ifdef COMPAT_FREEBSD32
205323Skib	syscall32_helper_unregister(sem32_syscalls);
205323Skib#endif
205323Skib	syscall_helper_unregister(sem_syscalls);
112564Sjhb	EVENTHANDLER_DEREGISTER(process_exit, semexit_tag);
298585Sjamie	if (sem_prison_slot != 0)
298585Sjamie		osd_jail_deregister(sem_prison_slot);
140615Srwatson#ifdef MAC
140615Srwatson	for (i = 0; i < seminfo.semmni; i++)
172930Srwatson		mac_sysvsem_destroy(&sema[i]);
140615Srwatson#endif
69449Salfred	free(sem, M_SEM);
69449Salfred	free(sema, M_SEM);
69449Salfred	free(semu, M_SEM);
101774Salfred	for (i = 0; i < seminfo.semmni; i++)
101774Salfred		mtx_destroy(&sema_mtx[i]);
190557Sbrueffer	free(sema_mtx, M_SEM);
101774Salfred	mtx_destroy(&sem_mtx);
187223Skib	mtx_destroy(&sem_undo_mtx);
69449Salfred	return (0);
69449Salfred}
69449Salfred
69449Salfredstatic int
69449Salfredsysvsem_modload(struct module *module, int cmd, void *arg)
69449Salfred{
69449Salfred	int error = 0;
69449Salfred
69449Salfred	switch (cmd) {
69449Salfred	case MOD_LOAD:
205323Skib		error = seminit();
205323Skib		if (error != 0)
205323Skib			semunload();
69449Salfred		break;
69449Salfred	case MOD_UNLOAD:
69449Salfred		error = semunload();
69449Salfred		break;
69449Salfred	case MOD_SHUTDOWN:
69449Salfred		break;
69449Salfred	default:
69449Salfred		error = EINVAL;
69449Salfred		break;
69449Salfred	}
69449Salfred	return (error);
69449Salfred}
69449Salfred
71038Sdesstatic moduledata_t sysvsem_mod = {
71038Sdes	"sysvsem",
69449Salfred	&sysvsem_modload,
69449Salfred	NULL
69449Salfred};
69449Salfred
194832SjhbDECLARE_MODULE(sysvsem, sysvsem_mod, SI_SUB_SYSV_SEM, SI_ORDER_FIRST);
71038SdesMODULE_VERSION(sysvsem, 1);
69449Salfred
2729Sdfr/*
2729Sdfr * Allocate a new sem_undo structure for a process
2729Sdfr * (returns ptr to structure or NULL if no more room)
2729Sdfr */
2729Sdfr
12819Sphkstatic struct sem_undo *
187223Skibsemu_alloc(struct thread *td)
2729Sdfr{
101350Salfred	struct sem_undo *suptr;
2729Sdfr
101774Salfred	SEMUNDO_LOCKASSERT(MA_OWNED);
187223Skib	if ((suptr = LIST_FIRST(&semu_free_list)) == NULL)
187223Skib		return (NULL);
187223Skib	LIST_REMOVE(suptr, un_next);
187223Skib	LIST_INSERT_HEAD(&semu_list, suptr, un_next);
187223Skib	suptr->un_cnt = 0;
187223Skib	suptr->un_proc = td->td_proc;
187223Skib	return (suptr);
187223Skib}
2729Sdfr
187223Skibstatic int
187223Skibsemu_try_free(struct sem_undo *suptr)
187223Skib{
2729Sdfr
187223Skib	SEMUNDO_LOCKASSERT(MA_OWNED);
2729Sdfr
187223Skib	if (suptr->un_cnt != 0)
187223Skib		return (0);
187223Skib	LIST_REMOVE(suptr, un_next);
187223Skib	LIST_INSERT_HEAD(&semu_free_list, suptr, un_next);
187223Skib	return (1);
2729Sdfr}
2729Sdfr
2729Sdfr/*
2729Sdfr * Adjust a particular entry for a particular proc
2729Sdfr */
2729Sdfr
12819Sphkstatic int
187223Skibsemundo_adjust(struct thread *td, struct sem_undo **supptr, int semid,
187223Skib    int semseq, int semnum, int adjval)
2729Sdfr{
83366Sjulian	struct proc *p = td->td_proc;
101350Salfred	struct sem_undo *suptr;
101350Salfred	struct undo *sunptr;
2729Sdfr	int i;
2729Sdfr
101774Salfred	SEMUNDO_LOCKASSERT(MA_OWNED);
2729Sdfr	/* Look for and remember the sem_undo if the caller doesn't provide
2729Sdfr	   it */
2729Sdfr
2729Sdfr	suptr = *supptr;
2729Sdfr	if (suptr == NULL) {
187223Skib		LIST_FOREACH(suptr, &semu_list, un_next) {
2729Sdfr			if (suptr->un_proc == p) {
2729Sdfr				*supptr = suptr;
2729Sdfr				break;
2729Sdfr			}
2729Sdfr		}
2729Sdfr		if (suptr == NULL) {
2729Sdfr			if (adjval == 0)
2729Sdfr				return(0);
83366Sjulian			suptr = semu_alloc(td);
2729Sdfr			if (suptr == NULL)
187223Skib				return (ENOSPC);
2729Sdfr			*supptr = suptr;
2729Sdfr		}
2729Sdfr	}
2729Sdfr
2729Sdfr	/*
2729Sdfr	 * Look for the requested entry and adjust it (delete if adjval becomes
2729Sdfr	 * 0).
2729Sdfr	 */
2729Sdfr	sunptr = &suptr->un_ent[0];
2729Sdfr	for (i = 0; i < suptr->un_cnt; i++, sunptr++) {
2729Sdfr		if (sunptr->un_id != semid || sunptr->un_num != semnum)
2729Sdfr			continue;
84789Smr		if (adjval != 0) {
84789Smr			adjval += sunptr->un_adjval;
84789Smr			if (adjval > seminfo.semaem || adjval < -seminfo.semaem)
84789Smr				return (ERANGE);
84789Smr		}
84789Smr		sunptr->un_adjval = adjval;
2729Sdfr		if (sunptr->un_adjval == 0) {
2729Sdfr			suptr->un_cnt--;
2729Sdfr			if (i < suptr->un_cnt)
2729Sdfr				suptr->un_ent[i] =
2729Sdfr				    suptr->un_ent[suptr->un_cnt];
187223Skib			if (suptr->un_cnt == 0)
187223Skib				semu_try_free(suptr);
2729Sdfr		}
187223Skib		return (0);
2729Sdfr	}
2729Sdfr
2729Sdfr	/* Didn't find the right entry - create it */
2729Sdfr	if (adjval == 0)
187223Skib		return (0);
84789Smr	if (adjval > seminfo.semaem || adjval < -seminfo.semaem)
84789Smr		return (ERANGE);
41774Sdillon	if (suptr->un_cnt != seminfo.semume) {
2729Sdfr		sunptr = &suptr->un_ent[suptr->un_cnt];
2729Sdfr		suptr->un_cnt++;
2729Sdfr		sunptr->un_adjval = adjval;
187223Skib		sunptr->un_id = semid;
187223Skib		sunptr->un_num = semnum;
187223Skib		sunptr->un_seq = semseq;
2729Sdfr	} else
187223Skib		return (EINVAL);
187223Skib	return (0);
2729Sdfr}
2729Sdfr
12819Sphkstatic void
187223Skibsemundo_clear(int semid, int semnum)
2729Sdfr{
187223Skib	struct sem_undo *suptr, *suptr1;
187223Skib	struct undo *sunptr;
187223Skib	int i;
2729Sdfr
101774Salfred	SEMUNDO_LOCKASSERT(MA_OWNED);
187223Skib	LIST_FOREACH_SAFE(suptr, &semu_list, un_next, suptr1) {
187223Skib		sunptr = &suptr->un_ent[0];
187223Skib		for (i = 0; i < suptr->un_cnt; i++, sunptr++) {
187223Skib			if (sunptr->un_id != semid)
187223Skib				continue;
187223Skib			if (semnum == -1 || sunptr->un_num == semnum) {
187223Skib				suptr->un_cnt--;
187223Skib				if (i < suptr->un_cnt) {
187223Skib					suptr->un_ent[i] =
187223Skib					    suptr->un_ent[suptr->un_cnt];
187223Skib					continue;
2729Sdfr				}
187223Skib				semu_try_free(suptr);
2729Sdfr			}
187223Skib			if (semnum != -1)
187223Skib				break;
2729Sdfr		}
2729Sdfr	}
2729Sdfr}
2729Sdfr
101774Salfredstatic int
298585Sjamiesemvalid(int semid, struct prison *rpr, struct semid_kernel *semakptr)
101774Salfred{
101774Salfred
137613Srwatson	return ((semakptr->u.sem_perm.mode & SEM_ALLOC) == 0 ||
298585Sjamie	    semakptr->u.sem_perm.seq != IPCID_TO_SEQ(semid) ||
298585Sjamie	    sem_prison_cansee(rpr, semakptr) ? EINVAL : 0);
101774Salfred}
101774Salfred
298585Sjamiestatic void
298585Sjamiesem_remove(int semidx, struct ucred *cred)
298585Sjamie{
298585Sjamie	struct semid_kernel *semakptr;
298585Sjamie	int i;
298585Sjamie
298585Sjamie	KASSERT(semidx >= 0 && semidx < seminfo.semmni,
298585Sjamie		("semidx out of bounds"));
298585Sjamie	semakptr = &sema[semidx];
298585Sjamie	semakptr->u.sem_perm.cuid = cred ? cred->cr_uid : 0;
298585Sjamie	semakptr->u.sem_perm.uid = cred ? cred->cr_uid : 0;
298585Sjamie	semakptr->u.sem_perm.mode = 0;
298585Sjamie	racct_sub_cred(semakptr->cred, RACCT_NSEM, semakptr->u.sem_nsems);
298585Sjamie	crfree(semakptr->cred);
298585Sjamie	semakptr->cred = NULL;
298585Sjamie	SEMUNDO_LOCK();
298585Sjamie	semundo_clear(semidx, -1);
298585Sjamie	SEMUNDO_UNLOCK();
298585Sjamie#ifdef MAC
298585Sjamie	mac_sysvsem_cleanup(semakptr);
298585Sjamie#endif
298585Sjamie	wakeup(semakptr);
298585Sjamie	for (i = 0; i < seminfo.semmni; i++) {
298585Sjamie		if ((sema[i].u.sem_perm.mode & SEM_ALLOC) &&
298585Sjamie		    sema[i].u.sem_base > semakptr->u.sem_base)
298585Sjamie			mtx_lock_flags(&sema_mtx[i], LOP_DUPOK);
298585Sjamie	}
298585Sjamie	for (i = semakptr->u.sem_base - sem; i < semtot; i++)
298585Sjamie		sem[i] = sem[i + semakptr->u.sem_nsems];
298585Sjamie	for (i = 0; i < seminfo.semmni; i++) {
298585Sjamie		if ((sema[i].u.sem_perm.mode & SEM_ALLOC) &&
298585Sjamie		    sema[i].u.sem_base > semakptr->u.sem_base) {
298585Sjamie			sema[i].u.sem_base -= semakptr->u.sem_nsems;
298585Sjamie			mtx_unlock(&sema_mtx[i]);
298585Sjamie		}
298585Sjamie	}
298585Sjamie	semtot -= semakptr->u.sem_nsems;
298585Sjamie}
298585Sjamie
298585Sjamiestatic struct prison *
298585Sjamiesem_find_prison(struct ucred *cred)
298585Sjamie{
298585Sjamie	struct prison *pr, *rpr;
298585Sjamie
298585Sjamie	pr = cred->cr_prison;
298585Sjamie	prison_lock(pr);
298585Sjamie	rpr = osd_jail_get(pr, sem_prison_slot);
298585Sjamie	prison_unlock(pr);
298585Sjamie	return rpr;
298585Sjamie}
298585Sjamie
298585Sjamiestatic int
298585Sjamiesem_prison_cansee(struct prison *rpr, struct semid_kernel *semakptr)
298585Sjamie{
298585Sjamie
298585Sjamie	if (semakptr->cred == NULL ||
298585Sjamie	    !(rpr == semakptr->cred->cr_prison ||
298585Sjamie	      prison_ischild(rpr, semakptr->cred->cr_prison)))
298585Sjamie		return (EINVAL);
298585Sjamie	return (0);
298585Sjamie}
298585Sjamie
12866Speter/*
167211Srwatson * Note that the user-mode half of this passes a union, not a pointer.
12866Speter */
12866Speter#ifndef _SYS_SYSPROTO_H_
12866Speterstruct __semctl_args {
2729Sdfr	int	semid;
2729Sdfr	int	semnum;
2729Sdfr	int	cmd;
2729Sdfr	union	semun *arg;
2729Sdfr};
12866Speter#endif
12866Speterint
225617Skmacysys___semctl(struct thread *td, struct __semctl_args *uap)
2729Sdfr{
160187Sjhb	struct semid_ds dsbuf;
160187Sjhb	union semun arg, semun;
160187Sjhb	register_t rval;
159991Sjhb	int error;
159991Sjhb
159991Sjhb	switch (uap->cmd) {
159991Sjhb	case SEM_STAT:
159991Sjhb	case IPC_SET:
159991Sjhb	case IPC_STAT:
159991Sjhb	case GETALL:
159991Sjhb	case SETVAL:
159991Sjhb	case SETALL:
160187Sjhb		error = copyin(uap->arg, &arg, sizeof(arg));
159991Sjhb		if (error)
159991Sjhb			return (error);
159991Sjhb		break;
160187Sjhb	}
160187Sjhb
160187Sjhb	switch (uap->cmd) {
160187Sjhb	case SEM_STAT:
160187Sjhb	case IPC_STAT:
160187Sjhb		semun.buf = &dsbuf;
159991Sjhb		break;
160187Sjhb	case IPC_SET:
160187Sjhb		error = copyin(arg.buf, &dsbuf, sizeof(dsbuf));
160187Sjhb		if (error)
160187Sjhb			return (error);
160187Sjhb		semun.buf = &dsbuf;
160187Sjhb		break;
160187Sjhb	case GETALL:
160187Sjhb	case SETALL:
160187Sjhb		semun.array = arg.array;
160187Sjhb		break;
160187Sjhb	case SETVAL:
160187Sjhb		semun.val = arg.val;
160187Sjhb		break;
159991Sjhb	}
160187Sjhb
160187Sjhb	error = kern_semctl(td, uap->semid, uap->semnum, uap->cmd, &semun,
160187Sjhb	    &rval);
160187Sjhb	if (error)
160187Sjhb		return (error);
160187Sjhb
160187Sjhb	switch (uap->cmd) {
160187Sjhb	case SEM_STAT:
160187Sjhb	case IPC_STAT:
160187Sjhb		error = copyout(&dsbuf, arg.buf, sizeof(dsbuf));
160187Sjhb		break;
160187Sjhb	}
160187Sjhb
160187Sjhb	if (error == 0)
160187Sjhb		td->td_retval[0] = rval;
160187Sjhb	return (error);
159991Sjhb}
159991Sjhb
159991Sjhbint
160187Sjhbkern_semctl(struct thread *td, int semid, int semnum, int cmd,
160187Sjhb    union semun *arg, register_t *rval)
159991Sjhb{
101774Salfred	u_short *array;
91406Sjhb	struct ucred *cred = td->td_ucred;
160187Sjhb	int i, error;
298585Sjamie	struct prison *rpr;
160187Sjhb	struct semid_ds *sbuf;
137613Srwatson	struct semid_kernel *semakptr;
101774Salfred	struct mtx *sema_mtxp;
101774Salfred	u_short usval, count;
160028Sjhb	int semidx;
2729Sdfr
160293Skib	DPRINTF(("call to semctl(%d, %d, %d, 0x%p)\n",
100523Salfred	    semid, semnum, cmd, arg));
298585Sjamie
298585Sjamie	rpr = sem_find_prison(td->td_ucred);
298585Sjamie	if (sem == NULL)
91703Sjhb		return (ENOSYS);
91703Sjhb
101774Salfred	array = NULL;
101774Salfred
83414Smr	switch(cmd) {
83414Smr	case SEM_STAT:
160028Sjhb		/*
160028Sjhb		 * For this command we assume semid is an array index
160028Sjhb		 * rather than an IPC id.
160028Sjhb		 */
91744Smaxim		if (semid < 0 || semid >= seminfo.semmni)
101774Salfred			return (EINVAL);
137613Srwatson		semakptr = &sema[semid];
101774Salfred		sema_mtxp = &sema_mtx[semid];
101774Salfred		mtx_lock(sema_mtxp);
137613Srwatson		if ((semakptr->u.sem_perm.mode & SEM_ALLOC) == 0) {
101774Salfred			error = EINVAL;
101774Salfred			goto done2;
101774Salfred		}
298585Sjamie		if ((error = sem_prison_cansee(rpr, semakptr)))
298585Sjamie			goto done2;
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R)))
101774Salfred			goto done2;
140615Srwatson#ifdef MAC
172930Srwatson		error = mac_sysvsem_check_semctl(cred, semakptr, cmd);
162468Srwatson		if (error != 0)
140615Srwatson			goto done2;
140615Srwatson#endif
160187Sjhb		bcopy(&semakptr->u, arg->buf, sizeof(struct semid_ds));
298585Sjamie		if (cred->cr_prison != semakptr->cred->cr_prison)
298585Sjamie			arg->buf->sem_perm.key = IPC_PRIVATE;
160187Sjhb		*rval = IXSEQ_TO_IPCID(semid, semakptr->u.sem_perm);
101774Salfred		mtx_unlock(sema_mtxp);
160187Sjhb		return (0);
83414Smr	}
83414Smr
160028Sjhb	semidx = IPCID_TO_IX(semid);
160028Sjhb	if (semidx < 0 || semidx >= seminfo.semmni)
101774Salfred		return (EINVAL);
2729Sdfr
160028Sjhb	semakptr = &sema[semidx];
160028Sjhb	sema_mtxp = &sema_mtx[semidx];
187223Skib	if (cmd == IPC_RMID)
187223Skib		mtx_lock(&sem_mtx);
160187Sjhb	mtx_lock(sema_mtxp);
298585Sjamie
140615Srwatson#ifdef MAC
172930Srwatson	error = mac_sysvsem_check_semctl(cred, semakptr, cmd);
162468Srwatson	if (error != 0)
160187Sjhb		goto done2;
140615Srwatson#endif
145230Srwatson
82607Sdillon	error = 0;
160187Sjhb	*rval = 0;
2729Sdfr
2729Sdfr	switch (cmd) {
2729Sdfr	case IPC_RMID:
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_M)))
82607Sdillon			goto done2;
298585Sjamie		sem_remove(semidx, cred);
2729Sdfr		break;
2729Sdfr
2729Sdfr	case IPC_SET:
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_M)))
101774Salfred			goto done2;
160187Sjhb		sbuf = arg->buf;
160187Sjhb		semakptr->u.sem_perm.uid = sbuf->sem_perm.uid;
160187Sjhb		semakptr->u.sem_perm.gid = sbuf->sem_perm.gid;
137613Srwatson		semakptr->u.sem_perm.mode = (semakptr->u.sem_perm.mode &
160187Sjhb		    ~0777) | (sbuf->sem_perm.mode & 0777);
137613Srwatson		semakptr->u.sem_ctime = time_second;
2729Sdfr		break;
2729Sdfr
2729Sdfr	case IPC_STAT:
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R)))
82607Sdillon			goto done2;
160187Sjhb		bcopy(&semakptr->u, arg->buf, sizeof(struct semid_ds));
298585Sjamie		if (cred->cr_prison != semakptr->cred->cr_prison)
298585Sjamie			arg->buf->sem_perm.key = IPC_PRIVATE;
2729Sdfr		break;
2729Sdfr
2729Sdfr	case GETNCNT:
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R)))
82607Sdillon			goto done2;
137613Srwatson		if (semnum < 0 || semnum >= semakptr->u.sem_nsems) {
82607Sdillon			error = EINVAL;
82607Sdillon			goto done2;
82607Sdillon		}
160187Sjhb		*rval = semakptr->u.sem_base[semnum].semncnt;
2729Sdfr		break;
2729Sdfr
2729Sdfr	case GETPID:
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R)))
82607Sdillon			goto done2;
137613Srwatson		if (semnum < 0 || semnum >= semakptr->u.sem_nsems) {
82607Sdillon			error = EINVAL;
82607Sdillon			goto done2;
82607Sdillon		}
160187Sjhb		*rval = semakptr->u.sem_base[semnum].sempid;
2729Sdfr		break;
2729Sdfr
2729Sdfr	case GETVAL:
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R)))
82607Sdillon			goto done2;
137613Srwatson		if (semnum < 0 || semnum >= semakptr->u.sem_nsems) {
82607Sdillon			error = EINVAL;
82607Sdillon			goto done2;
82607Sdillon		}
160187Sjhb		*rval = semakptr->u.sem_base[semnum].semval;
2729Sdfr		break;
2729Sdfr
2729Sdfr	case GETALL:
159991Sjhb		/*
160187Sjhb		 * Unfortunately, callers of this function don't know
160187Sjhb		 * in advance how many semaphores are in this set.
160187Sjhb		 * While we could just allocate the maximum size array
160187Sjhb		 * and pass the actual size back to the caller, that
160187Sjhb		 * won't work for SETALL since we can't copyin() more
160187Sjhb		 * data than the user specified as we may return a
160187Sjhb		 * spurious EFAULT.
160187Sjhb		 *
160187Sjhb		 * Note that the number of semaphores in a set is
160187Sjhb		 * fixed for the life of that set.  The only way that
160187Sjhb		 * the 'count' could change while are blocked in
160187Sjhb		 * malloc() is if this semaphore set were destroyed
160187Sjhb		 * and a new one created with the same index.
160187Sjhb		 * However, semvalid() will catch that due to the
160187Sjhb		 * sequence number unless exactly 0x8000 (or a
160187Sjhb		 * multiple thereof) semaphore sets for the same index
160187Sjhb		 * are created and destroyed while we are in malloc!
160187Sjhb		 *
159991Sjhb		 */
160187Sjhb		count = semakptr->u.sem_nsems;
160187Sjhb		mtx_unlock(sema_mtxp);
160187Sjhb		array = malloc(sizeof(*array) * count, M_TEMP, M_WAITOK);
101774Salfred		mtx_lock(sema_mtxp);
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
160187Sjhb		KASSERT(count == semakptr->u.sem_nsems, ("nsems changed"));
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R)))
82607Sdillon			goto done2;
137613Srwatson		for (i = 0; i < semakptr->u.sem_nsems; i++)
137613Srwatson			array[i] = semakptr->u.sem_base[i].semval;
101774Salfred		mtx_unlock(sema_mtxp);
160187Sjhb		error = copyout(array, arg->array, count * sizeof(*array));
160187Sjhb		mtx_lock(sema_mtxp);
2729Sdfr		break;
2729Sdfr
2729Sdfr	case GETZCNT:
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R)))
82607Sdillon			goto done2;
137613Srwatson		if (semnum < 0 || semnum >= semakptr->u.sem_nsems) {
82607Sdillon			error = EINVAL;
82607Sdillon			goto done2;
82607Sdillon		}
160187Sjhb		*rval = semakptr->u.sem_base[semnum].semzcnt;
2729Sdfr		break;
2729Sdfr
2729Sdfr	case SETVAL:
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_W)))
82607Sdillon			goto done2;
137613Srwatson		if (semnum < 0 || semnum >= semakptr->u.sem_nsems) {
82607Sdillon			error = EINVAL;
82607Sdillon			goto done2;
82607Sdillon		}
159991Sjhb		if (arg->val < 0 || arg->val > seminfo.semvmx) {
84789Smr			error = ERANGE;
84789Smr			goto done2;
84789Smr		}
159991Sjhb		semakptr->u.sem_base[semnum].semval = arg->val;
101774Salfred		SEMUNDO_LOCK();
160028Sjhb		semundo_clear(semidx, semnum);
101774Salfred		SEMUNDO_UNLOCK();
137613Srwatson		wakeup(semakptr);
2729Sdfr		break;
2729Sdfr
2729Sdfr	case SETALL:
159991Sjhb		/*
160187Sjhb		 * See comment on GETALL for why 'count' shouldn't change
160187Sjhb		 * and why we require a userland buffer.
159991Sjhb		 */
137613Srwatson		count = semakptr->u.sem_nsems;
160187Sjhb		mtx_unlock(sema_mtxp);
111119Simp		array = malloc(sizeof(*array) * count, M_TEMP, M_WAITOK);
159991Sjhb		error = copyin(arg->array, array, count * sizeof(*array));
171179Skib		mtx_lock(sema_mtxp);
101774Salfred		if (error)
101774Salfred			break;
298585Sjamie		if ((error = semvalid(semid, rpr, semakptr)) != 0)
101774Salfred			goto done2;
160187Sjhb		KASSERT(count == semakptr->u.sem_nsems, ("nsems changed"));
137613Srwatson		if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_W)))
101774Salfred			goto done2;
137613Srwatson		for (i = 0; i < semakptr->u.sem_nsems; i++) {
101774Salfred			usval = array[i];
84789Smr			if (usval > seminfo.semvmx) {
84789Smr				error = ERANGE;
84789Smr				break;
84789Smr			}
137613Srwatson			semakptr->u.sem_base[i].semval = usval;
2729Sdfr		}
101774Salfred		SEMUNDO_LOCK();
160028Sjhb		semundo_clear(semidx, -1);
101774Salfred		SEMUNDO_UNLOCK();
137613Srwatson		wakeup(semakptr);
2729Sdfr		break;
2729Sdfr
2729Sdfr	default:
82607Sdillon		error = EINVAL;
82607Sdillon		break;
2729Sdfr	}
2729Sdfr
82607Sdillondone2:
160187Sjhb	mtx_unlock(sema_mtxp);
187223Skib	if (cmd == IPC_RMID)
187223Skib		mtx_unlock(&sem_mtx);
101774Salfred	if (array != NULL)
101774Salfred		free(array, M_TEMP);
82607Sdillon	return(error);
2729Sdfr}
2729Sdfr
12866Speter#ifndef _SYS_SYSPROTO_H_
2729Sdfrstruct semget_args {
2729Sdfr	key_t	key;
2729Sdfr	int	nsems;
2729Sdfr	int	semflg;
2729Sdfr};
12866Speter#endif
12866Speterint
225617Skmacysys_semget(struct thread *td, struct semget_args *uap)
2729Sdfr{
82607Sdillon	int semid, error = 0;
2729Sdfr	int key = uap->key;
2729Sdfr	int nsems = uap->nsems;
2729Sdfr	int semflg = uap->semflg;
91703Sjhb	struct ucred *cred = td->td_ucred;
2729Sdfr
100523Salfred	DPRINTF(("semget(0x%x, %d, 0%o)\n", key, nsems, semflg));
298585Sjamie
298585Sjamie	if (sem_find_prison(cred) == NULL)
91703Sjhb		return (ENOSYS);
91703Sjhb
187223Skib	mtx_lock(&sem_mtx);
2729Sdfr	if (key != IPC_PRIVATE) {
2729Sdfr		for (semid = 0; semid < seminfo.semmni; semid++) {
137613Srwatson			if ((sema[semid].u.sem_perm.mode & SEM_ALLOC) &&
298585Sjamie			    sema[semid].cred != NULL &&
298585Sjamie			    sema[semid].cred->cr_prison == cred->cr_prison &&
137613Srwatson			    sema[semid].u.sem_perm.key == key)
2729Sdfr				break;
2729Sdfr		}
2729Sdfr		if (semid < seminfo.semmni) {
100523Salfred			DPRINTF(("found public key\n"));
295385Sjilles			if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) {
295385Sjilles				DPRINTF(("not exclusive\n"));
295385Sjilles				error = EEXIST;
295385Sjilles				goto done2;
295385Sjilles			}
137613Srwatson			if ((error = ipcperm(td, &sema[semid].u.sem_perm,
82607Sdillon			    semflg & 0700))) {
82607Sdillon				goto done2;
82607Sdillon			}
137613Srwatson			if (nsems > 0 && sema[semid].u.sem_nsems < nsems) {
100523Salfred				DPRINTF(("too small\n"));
82607Sdillon				error = EINVAL;
82607Sdillon				goto done2;
2729Sdfr			}
140615Srwatson#ifdef MAC
172930Srwatson			error = mac_sysvsem_check_semget(cred, &sema[semid]);
162468Srwatson			if (error != 0)
140615Srwatson				goto done2;
140615Srwatson#endif
2729Sdfr			goto found;
2729Sdfr		}
2729Sdfr	}
2729Sdfr
137613Srwatson	DPRINTF(("need to allocate the semid_kernel\n"));
2729Sdfr	if (key == IPC_PRIVATE || (semflg & IPC_CREAT)) {
2729Sdfr		if (nsems <= 0 || nsems > seminfo.semmsl) {
100523Salfred			DPRINTF(("nsems out of range (0<%d<=%d)\n", nsems,
100523Salfred			    seminfo.semmsl));
82607Sdillon			error = EINVAL;
82607Sdillon			goto done2;
2729Sdfr		}
2729Sdfr		if (nsems > seminfo.semmns - semtot) {
100523Salfred			DPRINTF((
100523Salfred			    "not enough semaphores left (need %d, got %d)\n",
100523Salfred			    nsems, seminfo.semmns - semtot));
82607Sdillon			error = ENOSPC;
82607Sdillon			goto done2;
2729Sdfr		}
2729Sdfr		for (semid = 0; semid < seminfo.semmni; semid++) {
137613Srwatson			if ((sema[semid].u.sem_perm.mode & SEM_ALLOC) == 0)
2729Sdfr				break;
2729Sdfr		}
2729Sdfr		if (semid == seminfo.semmni) {
137613Srwatson			DPRINTF(("no more semid_kernel's available\n"));
82607Sdillon			error = ENOSPC;
82607Sdillon			goto done2;
2729Sdfr		}
223825Strasz#ifdef RACCT
282213Strasz		if (racct_enable) {
282213Strasz			PROC_LOCK(td->td_proc);
282213Strasz			error = racct_add(td->td_proc, RACCT_NSEM, nsems);
282213Strasz			PROC_UNLOCK(td->td_proc);
282213Strasz			if (error != 0) {
282213Strasz				error = ENOSPC;
282213Strasz				goto done2;
282213Strasz			}
220398Strasz		}
223825Strasz#endif
100523Salfred		DPRINTF(("semid %d is available\n", semid));
187298Skib		mtx_lock(&sema_mtx[semid]);
187298Skib		KASSERT((sema[semid].u.sem_perm.mode & SEM_ALLOC) == 0,
187298Skib		    ("Lost semaphore %d", semid));
137613Srwatson		sema[semid].u.sem_perm.key = key;
137613Srwatson		sema[semid].u.sem_perm.cuid = cred->cr_uid;
137613Srwatson		sema[semid].u.sem_perm.uid = cred->cr_uid;
137613Srwatson		sema[semid].u.sem_perm.cgid = cred->cr_gid;
137613Srwatson		sema[semid].u.sem_perm.gid = cred->cr_gid;
137613Srwatson		sema[semid].u.sem_perm.mode = (semflg & 0777) | SEM_ALLOC;
220399Strasz		sema[semid].cred = crhold(cred);
137613Srwatson		sema[semid].u.sem_perm.seq =
137613Srwatson		    (sema[semid].u.sem_perm.seq + 1) & 0x7fff;
137613Srwatson		sema[semid].u.sem_nsems = nsems;
137613Srwatson		sema[semid].u.sem_otime = 0;
137613Srwatson		sema[semid].u.sem_ctime = time_second;
137613Srwatson		sema[semid].u.sem_base = &sem[semtot];
2729Sdfr		semtot += nsems;
137613Srwatson		bzero(sema[semid].u.sem_base,
137613Srwatson		    sizeof(sema[semid].u.sem_base[0])*nsems);
140615Srwatson#ifdef MAC
172930Srwatson		mac_sysvsem_create(cred, &sema[semid]);
140615Srwatson#endif
187298Skib		mtx_unlock(&sema_mtx[semid]);
160293Skib		DPRINTF(("sembase = %p, next = %p\n",
137613Srwatson		    sema[semid].u.sem_base, &sem[semtot]));
2729Sdfr	} else {
100523Salfred		DPRINTF(("didn't find it and wasn't asked to create it\n"));
82607Sdillon		error = ENOENT;
82607Sdillon		goto done2;
2729Sdfr	}
2729Sdfr
2729Sdfrfound:
137613Srwatson	td->td_retval[0] = IXSEQ_TO_IPCID(semid, sema[semid].u.sem_perm);
82607Sdillondone2:
187223Skib	mtx_unlock(&sem_mtx);
82607Sdillon	return (error);
2729Sdfr}
2729Sdfr
12866Speter#ifndef _SYS_SYSPROTO_H_
2729Sdfrstruct semop_args {
2729Sdfr	int	semid;
2729Sdfr	struct	sembuf *sops;
109829Salfred	size_t	nsops;
2729Sdfr};
12866Speter#endif
12866Speterint
225617Skmacysys_semop(struct thread *td, struct semop_args *uap)
2729Sdfr{
123667Stjr#define SMALL_SOPS	8
123667Stjr	struct sembuf small_sops[SMALL_SOPS];
2729Sdfr	int semid = uap->semid;
109829Salfred	size_t nsops = uap->nsops;
298585Sjamie	struct prison *rpr;
105429Salfred	struct sembuf *sops;
137613Srwatson	struct semid_kernel *semakptr;
298069Spfg	struct sembuf *sopptr = NULL;
298069Spfg	struct sem *semptr = NULL;
84789Smr	struct sem_undo *suptr;
101774Salfred	struct mtx *sema_mtxp;
110040Stjr	size_t i, j, k;
109829Salfred	int error;
3308Sphk	int do_wakeup, do_undos;
187223Skib	unsigned short seq;
2729Sdfr
160293Skib#ifdef SEM_DEBUG
160293Skib	sops = NULL;
160293Skib#endif
160293Skib	DPRINTF(("call to semop(%d, %p, %u)\n", semid, sops, nsops));
2729Sdfr
298585Sjamie	rpr = sem_find_prison(td->td_ucred);
298585Sjamie	if (sem == NULL)
91703Sjhb		return (ENOSYS);
91703Sjhb
2729Sdfr	semid = IPCID_TO_IX(semid);	/* Convert back to zero origin */
2729Sdfr
101774Salfred	if (semid < 0 || semid >= seminfo.semmni)
137644Srwatson		return (EINVAL);
101774Salfred
101774Salfred	/* Allocate memory for sem_ops */
123667Stjr	if (nsops <= SMALL_SOPS)
123667Stjr		sops = small_sops;
220398Strasz	else if (nsops > seminfo.semopm) {
101774Salfred		DPRINTF(("too many sops (max=%d, nsops=%d)\n", seminfo.semopm,
101774Salfred		    nsops));
101774Salfred		return (E2BIG);
220398Strasz	} else {
223825Strasz#ifdef RACCT
282213Strasz		if (racct_enable) {
282213Strasz			PROC_LOCK(td->td_proc);
282213Strasz			if (nsops >
282213Strasz			    racct_get_available(td->td_proc, RACCT_NSEMOP)) {
282213Strasz				PROC_UNLOCK(td->td_proc);
282213Strasz				return (E2BIG);
282213Strasz			}
220398Strasz			PROC_UNLOCK(td->td_proc);
220398Strasz		}
223825Strasz#endif
220398Strasz
220398Strasz		sops = malloc(nsops * sizeof(*sops), M_TEMP, M_WAITOK);
82607Sdillon	}
101774Salfred	if ((error = copyin(uap->sops, sops, nsops * sizeof(sops[0]))) != 0) {
160293Skib		DPRINTF(("error = %d from copyin(%p, %p, %d)\n", error,
101774Salfred		    uap->sops, sops, nsops * sizeof(sops[0])));
123667Stjr		if (sops != small_sops)
123667Stjr			free(sops, M_SEM);
101774Salfred		return (error);
101774Salfred	}
2729Sdfr
137613Srwatson	semakptr = &sema[semid];
101774Salfred	sema_mtxp = &sema_mtx[semid];
101774Salfred	mtx_lock(sema_mtxp);
137613Srwatson	if ((semakptr->u.sem_perm.mode & SEM_ALLOC) == 0) {
82607Sdillon		error = EINVAL;
82607Sdillon		goto done2;
82607Sdillon	}
187223Skib	seq = semakptr->u.sem_perm.seq;
187223Skib	if (seq != IPCID_TO_SEQ(uap->semid)) {
82607Sdillon		error = EINVAL;
82607Sdillon		goto done2;
82607Sdillon	}
298585Sjamie	if ((error = sem_prison_cansee(rpr, semakptr)) != 0)
298585Sjamie		goto done2;
84789Smr	/*
298819Spfg	 * Initial pass through sops to see what permissions are needed.
84789Smr	 * Also perform any checks that don't need repeating on each
84789Smr	 * attempt to satisfy the request vector.
84789Smr	 */
84789Smr	j = 0;		/* permission needed */
84789Smr	do_undos = 0;
84789Smr	for (i = 0; i < nsops; i++) {
84789Smr		sopptr = &sops[i];
137613Srwatson		if (sopptr->sem_num >= semakptr->u.sem_nsems) {
84789Smr			error = EFBIG;
84789Smr			goto done2;
84789Smr		}
84789Smr		if (sopptr->sem_flg & SEM_UNDO && sopptr->sem_op != 0)
84789Smr			do_undos = 1;
84789Smr		j |= (sopptr->sem_op == 0) ? SEM_R : SEM_A;
84789Smr	}
84789Smr
137613Srwatson	if ((error = ipcperm(td, &semakptr->u.sem_perm, j))) {
100523Salfred		DPRINTF(("error = %d from ipaccess\n", error));
82607Sdillon		goto done2;
2729Sdfr	}
140615Srwatson#ifdef MAC
172930Srwatson	error = mac_sysvsem_check_semop(td->td_ucred, semakptr, j);
162468Srwatson	if (error != 0)
140615Srwatson		goto done2;
140615Srwatson#endif
2729Sdfr
8876Srgrimes	/*
2729Sdfr	 * Loop trying to satisfy the vector of requests.
2729Sdfr	 * If we reach a point where we must wait, any requests already
2729Sdfr	 * performed are rolled back and we go to sleep until some other
2729Sdfr	 * process wakes us up.  At this point, we start all over again.
2729Sdfr	 *
2729Sdfr	 * This ensures that from the perspective of other tasks, a set
2729Sdfr	 * of requests is atomic (never partially satisfied).
2729Sdfr	 */
2729Sdfr	for (;;) {
2729Sdfr		do_wakeup = 0;
84789Smr		error = 0;	/* error return if necessary */
2729Sdfr
2729Sdfr		for (i = 0; i < nsops; i++) {
2729Sdfr			sopptr = &sops[i];
137613Srwatson			semptr = &semakptr->u.sem_base[sopptr->sem_num];
2729Sdfr
100523Salfred			DPRINTF((
160293Skib			    "semop:  semakptr=%p, sem_base=%p, "
160293Skib			    "semptr=%p, sem[%d]=%d : op=%d, flag=%s\n",
137613Srwatson			    semakptr, semakptr->u.sem_base, semptr,
2729Sdfr			    sopptr->sem_num, semptr->semval, sopptr->sem_op,
100523Salfred			    (sopptr->sem_flg & IPC_NOWAIT) ?
100523Salfred			    "nowait" : "wait"));
2729Sdfr
2729Sdfr			if (sopptr->sem_op < 0) {
2729Sdfr				if (semptr->semval + sopptr->sem_op < 0) {
100523Salfred					DPRINTF(("semop:  can't do it now\n"));
2729Sdfr					break;
2729Sdfr				} else {
2729Sdfr					semptr->semval += sopptr->sem_op;
2729Sdfr					if (semptr->semval == 0 &&
2729Sdfr					    semptr->semzcnt > 0)
2729Sdfr						do_wakeup = 1;
2729Sdfr				}
2729Sdfr			} else if (sopptr->sem_op == 0) {
84789Smr				if (semptr->semval != 0) {
100523Salfred					DPRINTF(("semop:  not zero now\n"));
2729Sdfr					break;
2729Sdfr				}
84789Smr			} else if (semptr->semval + sopptr->sem_op >
84789Smr			    seminfo.semvmx) {
84789Smr				error = ERANGE;
84789Smr				break;
2729Sdfr			} else {
2729Sdfr				if (semptr->semncnt > 0)
2729Sdfr					do_wakeup = 1;
2729Sdfr				semptr->semval += sopptr->sem_op;
2729Sdfr			}
2729Sdfr		}
2729Sdfr
2729Sdfr		/*
2729Sdfr		 * Did we get through the entire vector?
2729Sdfr		 */
2729Sdfr		if (i >= nsops)
2729Sdfr			goto done;
2729Sdfr
2729Sdfr		/*
2729Sdfr		 * No ... rollback anything that we've already done
2729Sdfr		 */
100523Salfred		DPRINTF(("semop:  rollback 0 through %d\n", i-1));
2729Sdfr		for (j = 0; j < i; j++)
137613Srwatson			semakptr->u.sem_base[sops[j].sem_num].semval -=
2729Sdfr			    sops[j].sem_op;
2729Sdfr
84789Smr		/* If we detected an error, return it */
84789Smr		if (error != 0)
84789Smr			goto done2;
84789Smr
2729Sdfr		/*
2729Sdfr		 * If the request that we couldn't satisfy has the
2729Sdfr		 * NOWAIT flag set then return with EAGAIN.
2729Sdfr		 */
82607Sdillon		if (sopptr->sem_flg & IPC_NOWAIT) {
82607Sdillon			error = EAGAIN;
82607Sdillon			goto done2;
82607Sdillon		}
2729Sdfr
2729Sdfr		if (sopptr->sem_op == 0)
2729Sdfr			semptr->semzcnt++;
2729Sdfr		else
2729Sdfr			semptr->semncnt++;
2729Sdfr
100523Salfred		DPRINTF(("semop:  good night!\n"));
137613Srwatson		error = msleep(semakptr, sema_mtxp, (PZERO - 4) | PCATCH,
101774Salfred		    "semwait", 0);
100523Salfred		DPRINTF(("semop:  good morning (error=%d)!\n", error));
127108Scperciva		/* return code is checked below, after sem[nz]cnt-- */
2729Sdfr
2729Sdfr		/*
2729Sdfr		 * Make sure that the semaphore still exists
2729Sdfr		 */
187223Skib		seq = semakptr->u.sem_perm.seq;
137613Srwatson		if ((semakptr->u.sem_perm.mode & SEM_ALLOC) == 0 ||
187223Skib		    seq != IPCID_TO_SEQ(uap->semid)) {
82607Sdillon			error = EIDRM;
82607Sdillon			goto done2;
82607Sdillon		}
2729Sdfr
2729Sdfr		/*
179879Sgonzo		 * Renew the semaphore's pointer after wakeup since
179879Sgonzo		 * during msleep sem_base may have been modified and semptr
179879Sgonzo		 * is not valid any more
179879Sgonzo		 */
179879Sgonzo		semptr = &semakptr->u.sem_base[sopptr->sem_num];
179879Sgonzo
179879Sgonzo		/*
2729Sdfr		 * The semaphore is still alive.  Readjust the count of
2729Sdfr		 * waiting processes.
2729Sdfr		 */
2729Sdfr		if (sopptr->sem_op == 0)
2729Sdfr			semptr->semzcnt--;
2729Sdfr		else
2729Sdfr			semptr->semncnt--;
127108Scperciva
127108Scperciva		/*
127108Scperciva		 * Is it really morning, or was our sleep interrupted?
127108Scperciva		 * (Delayed check of msleep() return code because we
127108Scperciva		 * need to decrement sem[nz]cnt either way.)
127108Scperciva		 */
127108Scperciva		if (error != 0) {
127108Scperciva			error = EINTR;
127108Scperciva			goto done2;
127108Scperciva		}
127108Scperciva		DPRINTF(("semop:  good morning!\n"));
2729Sdfr	}
2729Sdfr
2729Sdfrdone:
2729Sdfr	/*
2729Sdfr	 * Process any SEM_UNDO requests.
2729Sdfr	 */
2729Sdfr	if (do_undos) {
101774Salfred		SEMUNDO_LOCK();
84789Smr		suptr = NULL;
2729Sdfr		for (i = 0; i < nsops; i++) {
2729Sdfr			/*
2729Sdfr			 * We only need to deal with SEM_UNDO's for non-zero
2729Sdfr			 * op's.
2729Sdfr			 */
2729Sdfr			int adjval;
2729Sdfr
2729Sdfr			if ((sops[i].sem_flg & SEM_UNDO) == 0)
2729Sdfr				continue;
2729Sdfr			adjval = sops[i].sem_op;
2729Sdfr			if (adjval == 0)
2729Sdfr				continue;
187223Skib			error = semundo_adjust(td, &suptr, semid, seq,
2729Sdfr			    sops[i].sem_num, -adjval);
82607Sdillon			if (error == 0)
2729Sdfr				continue;
2729Sdfr
2729Sdfr			/*
2729Sdfr			 * Oh-Oh!  We ran out of either sem_undo's or undo's.
2729Sdfr			 * Rollback the adjustments to this point and then
2729Sdfr			 * rollback the semaphore ups and down so we can return
2729Sdfr			 * with an error with all structures restored.  We
2729Sdfr			 * rollback the undo's in the exact reverse order that
2729Sdfr			 * we applied them.  This guarantees that we won't run
2729Sdfr			 * out of space as we roll things back out.
2729Sdfr			 */
110040Stjr			for (j = 0; j < i; j++) {
110040Stjr				k = i - j - 1;
110040Stjr				if ((sops[k].sem_flg & SEM_UNDO) == 0)
2729Sdfr					continue;
110040Stjr				adjval = sops[k].sem_op;
2729Sdfr				if (adjval == 0)
2729Sdfr					continue;
187223Skib				if (semundo_adjust(td, &suptr, semid, seq,
110040Stjr				    sops[k].sem_num, adjval) != 0)
2729Sdfr					panic("semop - can't undo undos");
2729Sdfr			}
2729Sdfr
2729Sdfr			for (j = 0; j < nsops; j++)
137613Srwatson				semakptr->u.sem_base[sops[j].sem_num].semval -=
2729Sdfr				    sops[j].sem_op;
2729Sdfr
100523Salfred			DPRINTF(("error = %d from semundo_adjust\n", error));
101774Salfred			SEMUNDO_UNLOCK();
82607Sdillon			goto done2;
2729Sdfr		} /* loop through the sops */
101774Salfred		SEMUNDO_UNLOCK();
2729Sdfr	} /* if (do_undos) */
2729Sdfr
84789Smr	/* We're definitely done - set the sempid's and time */
2729Sdfr	for (i = 0; i < nsops; i++) {
2729Sdfr		sopptr = &sops[i];
137613Srwatson		semptr = &semakptr->u.sem_base[sopptr->sem_num];
83366Sjulian		semptr->sempid = td->td_proc->p_pid;
2729Sdfr	}
137613Srwatson	semakptr->u.sem_otime = time_second;
2729Sdfr
84789Smr	/*
84789Smr	 * Do a wakeup if any semaphore was up'd whilst something was
84789Smr	 * sleeping on it.
84789Smr	 */
2729Sdfr	if (do_wakeup) {
100523Salfred		DPRINTF(("semop:  doing wakeup\n"));
137613Srwatson		wakeup(semakptr);
100523Salfred		DPRINTF(("semop:  back from wakeup\n"));
2729Sdfr	}
100523Salfred	DPRINTF(("semop:  done\n"));
83366Sjulian	td->td_retval[0] = 0;
82607Sdillondone2:
101774Salfred	mtx_unlock(sema_mtxp);
123667Stjr	if (sops != small_sops)
123667Stjr		free(sops, M_SEM);
82607Sdillon	return (error);
2729Sdfr}
2729Sdfr
2729Sdfr/*
2729Sdfr * Go through the undo structures for this process and apply the adjustments to
2729Sdfr * semaphores.
2729Sdfr */
69449Salfredstatic void
187223Skibsemexit_myhook(void *arg, struct proc *p)
2729Sdfr{
101350Salfred	struct sem_undo *suptr;
187223Skib	struct semid_kernel *semakptr;
187223Skib	struct mtx *sema_mtxp;
187223Skib	int semid, semnum, adjval, ix;
187223Skib	unsigned short seq;
2729Sdfr
2729Sdfr	/*
2729Sdfr	 * Go through the chain of undo vectors looking for one
2729Sdfr	 * associated with this process.
2729Sdfr	 */
101774Salfred	SEMUNDO_LOCK();
187223Skib	LIST_FOREACH(suptr, &semu_list, un_next) {
187223Skib		if (suptr->un_proc == p)
2729Sdfr			break;
2729Sdfr	}
187223Skib	if (suptr == NULL) {
187223Skib		SEMUNDO_UNLOCK();
59828Speter		return;
187223Skib	}
187223Skib	LIST_REMOVE(suptr, un_next);
2729Sdfr
160293Skib	DPRINTF(("proc @%p has undo structure with %d entries\n", p,
100523Salfred	    suptr->un_cnt));
2729Sdfr
2729Sdfr	/*
2729Sdfr	 * If there are any active undo elements then process them.
2729Sdfr	 */
2729Sdfr	if (suptr->un_cnt > 0) {
187223Skib		SEMUNDO_UNLOCK();
2729Sdfr		for (ix = 0; ix < suptr->un_cnt; ix++) {
187223Skib			semid = suptr->un_ent[ix].un_id;
187223Skib			semnum = suptr->un_ent[ix].un_num;
187223Skib			adjval = suptr->un_ent[ix].un_adjval;
187223Skib			seq = suptr->un_ent[ix].un_seq;
137613Srwatson			semakptr = &sema[semid];
101774Salfred			sema_mtxp = &sema_mtx[semid];
187223Skib
101774Salfred			mtx_lock(sema_mtxp);
187223Skib			if ((semakptr->u.sem_perm.mode & SEM_ALLOC) == 0 ||
187223Skib			    (semakptr->u.sem_perm.seq != seq)) {
187223Skib				mtx_unlock(sema_mtxp);
187223Skib				continue;
187223Skib			}
137613Srwatson			if (semnum >= semakptr->u.sem_nsems)
2729Sdfr				panic("semexit - semnum out of range");
2729Sdfr
100523Salfred			DPRINTF((
160293Skib			    "semexit:  %p id=%d num=%d(adj=%d) ; sem=%d\n",
2729Sdfr			    suptr->un_proc, suptr->un_ent[ix].un_id,
2729Sdfr			    suptr->un_ent[ix].un_num,
2729Sdfr			    suptr->un_ent[ix].un_adjval,
137613Srwatson			    semakptr->u.sem_base[semnum].semval));
2729Sdfr
187223Skib			if (adjval < 0 && semakptr->u.sem_base[semnum].semval <
187223Skib			    -adjval)
187223Skib				semakptr->u.sem_base[semnum].semval = 0;
187223Skib			else
137613Srwatson				semakptr->u.sem_base[semnum].semval += adjval;
2729Sdfr
137613Srwatson			wakeup(semakptr);
100523Salfred			DPRINTF(("semexit:  back from wakeup\n"));
101774Salfred			mtx_unlock(sema_mtxp);
2729Sdfr		}
187223Skib		SEMUNDO_LOCK();
2729Sdfr	}
2729Sdfr
2729Sdfr	/*
2729Sdfr	 * Deallocate the undo vector.
2729Sdfr	 */
100523Salfred	DPRINTF(("removing vector\n"));
2729Sdfr	suptr->un_proc = NULL;
187223Skib	suptr->un_cnt = 0;
187223Skib	LIST_INSERT_HEAD(&semu_free_list, suptr, un_next);
167904Semaste	SEMUNDO_UNLOCK();
2729Sdfr}
77461Sdd
77461Sddstatic int
77461Sddsysctl_sema(SYSCTL_HANDLER_ARGS)
77461Sdd{
298656Sjamie	struct prison *pr, *rpr;
298656Sjamie	struct semid_kernel tsemak;
298585Sjamie	int error, i;
77461Sdd
298656Sjamie	pr = req->td->td_ucred->cr_prison;
298585Sjamie	rpr = sem_find_prison(req->td->td_ucred);
298656Sjamie	error = 0;
298585Sjamie	for (i = 0; i < seminfo.semmni; i++) {
298656Sjamie		mtx_lock(&sema_mtx[i]);
298656Sjamie		if ((sema[i].u.sem_perm.mode & SEM_ALLOC) == 0 ||
298656Sjamie		    rpr == NULL || sem_prison_cansee(rpr, &sema[i]) != 0)
298656Sjamie			bzero(&tsemak, sizeof(tsemak));
298656Sjamie		else {
298656Sjamie			tsemak = sema[i];
298656Sjamie			if (tsemak.cred->cr_prison != pr)
298656Sjamie				tsemak.u.sem_perm.key = IPC_PRIVATE;
298585Sjamie		}
298656Sjamie		mtx_unlock(&sema_mtx[i]);
298656Sjamie		error = SYSCTL_OUT(req, &tsemak, sizeof(tsemak));
298656Sjamie		if (error != 0)
298656Sjamie			break;
298585Sjamie	}
298585Sjamie	return (error);
77461Sdd}
194894Sjhb
298585Sjamiestatic int
298585Sjamiesem_prison_check(void *obj, void *data)
298585Sjamie{
298585Sjamie	struct prison *pr = obj;
298585Sjamie	struct prison *prpr;
298585Sjamie	struct vfsoptlist *opts = data;
298585Sjamie	int error, jsys;
298585Sjamie
298585Sjamie	/*
298585Sjamie	 * sysvsem is a jailsys integer.
298585Sjamie	 * It must be "disable" if the parent jail is disabled.
298585Sjamie	 */
298585Sjamie	error = vfs_copyopt(opts, "sysvsem", &jsys, sizeof(jsys));
298585Sjamie	if (error != ENOENT) {
298585Sjamie		if (error != 0)
298585Sjamie			return (error);
298585Sjamie		switch (jsys) {
298585Sjamie		case JAIL_SYS_DISABLE:
298585Sjamie			break;
298585Sjamie		case JAIL_SYS_NEW:
298585Sjamie		case JAIL_SYS_INHERIT:
298585Sjamie			prison_lock(pr->pr_parent);
298585Sjamie			prpr = osd_jail_get(pr->pr_parent, sem_prison_slot);
298585Sjamie			prison_unlock(pr->pr_parent);
298585Sjamie			if (prpr == NULL)
298585Sjamie				return (EPERM);
298585Sjamie			break;
298585Sjamie		default:
298585Sjamie			return (EINVAL);
298585Sjamie		}
298585Sjamie	}
298585Sjamie
298585Sjamie	return (0);
298585Sjamie}
298585Sjamie
298585Sjamiestatic int
298585Sjamiesem_prison_set(void *obj, void *data)
298585Sjamie{
298585Sjamie	struct prison *pr = obj;
298585Sjamie	struct prison *tpr, *orpr, *nrpr, *trpr;
298585Sjamie	struct vfsoptlist *opts = data;
298585Sjamie	void *rsv;
298585Sjamie	int jsys, descend;
298585Sjamie
298585Sjamie	/*
298585Sjamie	 * sysvsem controls which jail is the root of the associated sems (this
298585Sjamie	 * jail or same as the parent), or if the feature is available at all.
298585Sjamie	 */
298585Sjamie	if (vfs_copyopt(opts, "sysvsem", &jsys, sizeof(jsys)) == ENOENT)
298585Sjamie		jsys = vfs_flagopt(opts, "allow.sysvipc", NULL, 0)
298585Sjamie		    ? JAIL_SYS_INHERIT
298585Sjamie		    : vfs_flagopt(opts, "allow.nosysvipc", NULL, 0)
298585Sjamie		    ? JAIL_SYS_DISABLE
298585Sjamie		    : -1;
298585Sjamie	if (jsys == JAIL_SYS_DISABLE) {
298585Sjamie		prison_lock(pr);
298585Sjamie		orpr = osd_jail_get(pr, sem_prison_slot);
298585Sjamie		if (orpr != NULL)
298585Sjamie			osd_jail_del(pr, sem_prison_slot);
298585Sjamie		prison_unlock(pr);
298585Sjamie		if (orpr != NULL) {
298585Sjamie			if (orpr == pr)
298585Sjamie				sem_prison_cleanup(pr);
298585Sjamie			/* Disable all child jails as well. */
298585Sjamie			FOREACH_PRISON_DESCENDANT(pr, tpr, descend) {
298585Sjamie				prison_lock(tpr);
298585Sjamie				trpr = osd_jail_get(tpr, sem_prison_slot);
298585Sjamie				if (trpr != NULL) {
298585Sjamie					osd_jail_del(tpr, sem_prison_slot);
298585Sjamie					prison_unlock(tpr);
298585Sjamie					if (trpr == tpr)
298585Sjamie						sem_prison_cleanup(tpr);
298585Sjamie				} else {
298585Sjamie					prison_unlock(tpr);
298585Sjamie					descend = 0;
298585Sjamie				}
298585Sjamie			}
298585Sjamie		}
298585Sjamie	} else if (jsys != -1) {
298585Sjamie		if (jsys == JAIL_SYS_NEW)
298585Sjamie			nrpr = pr;
298585Sjamie		else {
298585Sjamie			prison_lock(pr->pr_parent);
298585Sjamie			nrpr = osd_jail_get(pr->pr_parent, sem_prison_slot);
298585Sjamie			prison_unlock(pr->pr_parent);
298585Sjamie		}
298585Sjamie		rsv = osd_reserve(sem_prison_slot);
298585Sjamie		prison_lock(pr);
298585Sjamie		orpr = osd_jail_get(pr, sem_prison_slot);
298585Sjamie		if (orpr != nrpr)
298585Sjamie			(void)osd_jail_set_reserved(pr, sem_prison_slot, rsv,
298585Sjamie			    nrpr);
298585Sjamie		else
298585Sjamie			osd_free_reserved(rsv);
298585Sjamie		prison_unlock(pr);
298585Sjamie		if (orpr != nrpr) {
298585Sjamie			if (orpr == pr)
298585Sjamie				sem_prison_cleanup(pr);
298585Sjamie			if (orpr != NULL) {
298585Sjamie				/* Change child jails matching the old root, */
298585Sjamie				FOREACH_PRISON_DESCENDANT(pr, tpr, descend) {
298585Sjamie					prison_lock(tpr);
298585Sjamie					trpr = osd_jail_get(tpr,
298585Sjamie					    sem_prison_slot);
298585Sjamie					if (trpr == orpr) {
298585Sjamie						(void)osd_jail_set(tpr,
298585Sjamie						    sem_prison_slot, nrpr);
298585Sjamie						prison_unlock(tpr);
298585Sjamie						if (trpr == tpr)
298585Sjamie							sem_prison_cleanup(tpr);
298585Sjamie					} else {
298585Sjamie						prison_unlock(tpr);
298585Sjamie						descend = 0;
298585Sjamie					}
298585Sjamie				}
298585Sjamie			}
298585Sjamie		}
298585Sjamie	}
298585Sjamie
298585Sjamie	return (0);
298585Sjamie}
298585Sjamie
298585Sjamiestatic int
298585Sjamiesem_prison_get(void *obj, void *data)
298585Sjamie{
298585Sjamie	struct prison *pr = obj;
298585Sjamie	struct prison *rpr;
298585Sjamie	struct vfsoptlist *opts = data;
298585Sjamie	int error, jsys;
298585Sjamie
298585Sjamie	/* Set sysvsem based on the jail's root prison. */
298585Sjamie	prison_lock(pr);
298585Sjamie	rpr = osd_jail_get(pr, sem_prison_slot);
298585Sjamie	prison_unlock(pr);
298585Sjamie	jsys = rpr == NULL ? JAIL_SYS_DISABLE
298585Sjamie	    : rpr == pr ? JAIL_SYS_NEW : JAIL_SYS_INHERIT;
298585Sjamie	error = vfs_setopt(opts, "sysvsem", &jsys, sizeof(jsys));
298585Sjamie	if (error == ENOENT)
298585Sjamie		error = 0;
298585Sjamie	return (error);
298585Sjamie}
298585Sjamie
298585Sjamiestatic int
298585Sjamiesem_prison_remove(void *obj, void *data __unused)
298585Sjamie{
298585Sjamie	struct prison *pr = obj;
298585Sjamie	struct prison *rpr;
298585Sjamie
298585Sjamie	prison_lock(pr);
298585Sjamie	rpr = osd_jail_get(pr, sem_prison_slot);
298585Sjamie	prison_unlock(pr);
298585Sjamie	if (rpr == pr)
298585Sjamie		sem_prison_cleanup(pr);
298585Sjamie	return (0);
298585Sjamie}
298585Sjamie
298585Sjamiestatic void
298585Sjamiesem_prison_cleanup(struct prison *pr)
298585Sjamie{
298585Sjamie	int i;
298585Sjamie
298585Sjamie	/* Remove any sems that belong to this jail. */
298585Sjamie	mtx_lock(&sem_mtx);
298585Sjamie	for (i = 0; i < seminfo.semmni; i++) {
298585Sjamie		if ((sema[i].u.sem_perm.mode & SEM_ALLOC) &&
298585Sjamie		    sema[i].cred != NULL && sema[i].cred->cr_prison == pr) {
298585Sjamie			mtx_lock(&sema_mtx[i]);
298585Sjamie			sem_remove(i, NULL);
298585Sjamie			mtx_unlock(&sema_mtx[i]);
298585Sjamie		}
298585Sjamie	}
298585Sjamie	mtx_unlock(&sem_mtx);
298585Sjamie}
298585Sjamie
298585SjamieSYSCTL_JAIL_PARAM_SYS_NODE(sysvsem, CTLFLAG_RW, "SYSV semaphores");
298585Sjamie
194894Sjhb#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
194894Sjhb    defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
194894Sjhb
194894Sjhb/* XXX casting to (sy_call_t *) is bogus, as usual. */
194894Sjhbstatic sy_call_t *semcalls[] = {
225617Skmacy	(sy_call_t *)freebsd7___semctl, (sy_call_t *)sys_semget,
225617Skmacy	(sy_call_t *)sys_semop
194894Sjhb};
194894Sjhb
194894Sjhb/*
194894Sjhb * Entry point for all SEM calls.
194894Sjhb */
194894Sjhbint
225617Skmacysys_semsys(td, uap)
194894Sjhb	struct thread *td;
194894Sjhb	/* XXX actually varargs. */
194894Sjhb	struct semsys_args /* {
194894Sjhb		int	which;
194894Sjhb		int	a2;
194894Sjhb		int	a3;
194894Sjhb		int	a4;
194894Sjhb		int	a5;
194894Sjhb	} */ *uap;
194894Sjhb{
194894Sjhb	int error;
194894Sjhb
298354Spfg	if (uap->which < 0 || uap->which >= nitems(semcalls))
194894Sjhb		return (EINVAL);
194894Sjhb	error = (*semcalls[uap->which])(td, &uap->a2);
194894Sjhb	return (error);
194894Sjhb}
194910Sjhb
205323Skib#ifndef CP
194910Sjhb#define CP(src, dst, fld)	do { (dst).fld = (src).fld; } while (0)
205323Skib#endif
194910Sjhb
194910Sjhb#ifndef _SYS_SYSPROTO_H_
194910Sjhbstruct freebsd7___semctl_args {
194910Sjhb	int	semid;
194910Sjhb	int	semnum;
194910Sjhb	int	cmd;
194910Sjhb	union	semun_old *arg;
194910Sjhb};
194910Sjhb#endif
194910Sjhbint
194910Sjhbfreebsd7___semctl(struct thread *td, struct freebsd7___semctl_args *uap)
194910Sjhb{
194910Sjhb	struct semid_ds_old dsold;
194910Sjhb	struct semid_ds dsbuf;
194910Sjhb	union semun_old arg;
194910Sjhb	union semun semun;
194910Sjhb	register_t rval;
194910Sjhb	int error;
194910Sjhb
194910Sjhb	switch (uap->cmd) {
194910Sjhb	case SEM_STAT:
194910Sjhb	case IPC_SET:
194910Sjhb	case IPC_STAT:
194910Sjhb	case GETALL:
194910Sjhb	case SETVAL:
194910Sjhb	case SETALL:
194910Sjhb		error = copyin(uap->arg, &arg, sizeof(arg));
194910Sjhb		if (error)
194910Sjhb			return (error);
194910Sjhb		break;
194910Sjhb	}
194910Sjhb
194910Sjhb	switch (uap->cmd) {
194910Sjhb	case SEM_STAT:
194910Sjhb	case IPC_STAT:
194910Sjhb		semun.buf = &dsbuf;
194910Sjhb		break;
194910Sjhb	case IPC_SET:
194910Sjhb		error = copyin(arg.buf, &dsold, sizeof(dsold));
194910Sjhb		if (error)
194910Sjhb			return (error);
194910Sjhb		ipcperm_old2new(&dsold.sem_perm, &dsbuf.sem_perm);
194910Sjhb		CP(dsold, dsbuf, sem_base);
194910Sjhb		CP(dsold, dsbuf, sem_nsems);
194910Sjhb		CP(dsold, dsbuf, sem_otime);
194910Sjhb		CP(dsold, dsbuf, sem_ctime);
194910Sjhb		semun.buf = &dsbuf;
194910Sjhb		break;
194910Sjhb	case GETALL:
194910Sjhb	case SETALL:
194910Sjhb		semun.array = arg.array;
194910Sjhb		break;
194910Sjhb	case SETVAL:
194910Sjhb		semun.val = arg.val;
194910Sjhb		break;
194910Sjhb	}
194910Sjhb
194910Sjhb	error = kern_semctl(td, uap->semid, uap->semnum, uap->cmd, &semun,
194910Sjhb	    &rval);
194910Sjhb	if (error)
194910Sjhb		return (error);
194910Sjhb
194910Sjhb	switch (uap->cmd) {
194910Sjhb	case SEM_STAT:
194910Sjhb	case IPC_STAT:
194910Sjhb		bzero(&dsold, sizeof(dsold));
194910Sjhb		ipcperm_new2old(&dsbuf.sem_perm, &dsold.sem_perm);
194910Sjhb		CP(dsbuf, dsold, sem_base);
194910Sjhb		CP(dsbuf, dsold, sem_nsems);
194910Sjhb		CP(dsbuf, dsold, sem_otime);
194910Sjhb		CP(dsbuf, dsold, sem_ctime);
194910Sjhb		error = copyout(&dsold, arg.buf, sizeof(dsold));
194910Sjhb		break;
194910Sjhb	}
194910Sjhb
194910Sjhb	if (error == 0)
194910Sjhb		td->td_retval[0] = rval;
194910Sjhb	return (error);
194910Sjhb}
194910Sjhb
205323Skib#endif /* COMPAT_FREEBSD{4,5,6,7} */
194910Sjhb
205323Skib#ifdef COMPAT_FREEBSD32
205323Skib
205323Skibint
205323Skibfreebsd32_semsys(struct thread *td, struct freebsd32_semsys_args *uap)
205323Skib{
205323Skib
205323Skib#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
205323Skib    defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
205323Skib	switch (uap->which) {
205323Skib	case 0:
205323Skib		return (freebsd7_freebsd32_semctl(td,
205323Skib		    (struct freebsd7_freebsd32_semctl_args *)&uap->a2));
205323Skib	default:
225617Skmacy		return (sys_semsys(td, (struct semsys_args *)uap));
205323Skib	}
205323Skib#else
205323Skib	return (nosys(td, NULL));
205323Skib#endif
205323Skib}
205323Skib
205323Skib#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
205323Skib    defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
205323Skibint
205323Skibfreebsd7_freebsd32_semctl(struct thread *td,
205323Skib    struct freebsd7_freebsd32_semctl_args *uap)
205323Skib{
205323Skib	struct semid_ds32_old dsbuf32;
205323Skib	struct semid_ds dsbuf;
205323Skib	union semun semun;
205323Skib	union semun32 arg;
205323Skib	register_t rval;
205323Skib	int error;
205323Skib
205323Skib	switch (uap->cmd) {
205323Skib	case SEM_STAT:
205323Skib	case IPC_SET:
205323Skib	case IPC_STAT:
205323Skib	case GETALL:
205323Skib	case SETVAL:
205323Skib	case SETALL:
205323Skib		error = copyin(uap->arg, &arg, sizeof(arg));
205323Skib		if (error)
205323Skib			return (error);
205323Skib		break;
205323Skib	}
205323Skib
205323Skib	switch (uap->cmd) {
205323Skib	case SEM_STAT:
205323Skib	case IPC_STAT:
205323Skib		semun.buf = &dsbuf;
205323Skib		break;
205323Skib	case IPC_SET:
205323Skib		error = copyin(PTRIN(arg.buf), &dsbuf32, sizeof(dsbuf32));
205323Skib		if (error)
205323Skib			return (error);
205323Skib		freebsd32_ipcperm_old_in(&dsbuf32.sem_perm, &dsbuf.sem_perm);
205323Skib		PTRIN_CP(dsbuf32, dsbuf, sem_base);
205323Skib		CP(dsbuf32, dsbuf, sem_nsems);
205323Skib		CP(dsbuf32, dsbuf, sem_otime);
205323Skib		CP(dsbuf32, dsbuf, sem_ctime);
205323Skib		semun.buf = &dsbuf;
205323Skib		break;
205323Skib	case GETALL:
205323Skib	case SETALL:
205323Skib		semun.array = PTRIN(arg.array);
205323Skib		break;
205323Skib	case SETVAL:
205323Skib		semun.val = arg.val;
205323Skib		break;
205323Skib	}
205323Skib
205323Skib	error = kern_semctl(td, uap->semid, uap->semnum, uap->cmd, &semun,
205323Skib	    &rval);
205323Skib	if (error)
205323Skib		return (error);
205323Skib
205323Skib	switch (uap->cmd) {
205323Skib	case SEM_STAT:
205323Skib	case IPC_STAT:
205323Skib		bzero(&dsbuf32, sizeof(dsbuf32));
205323Skib		freebsd32_ipcperm_old_out(&dsbuf.sem_perm, &dsbuf32.sem_perm);
205323Skib		PTROUT_CP(dsbuf, dsbuf32, sem_base);
205323Skib		CP(dsbuf, dsbuf32, sem_nsems);
205323Skib		CP(dsbuf, dsbuf32, sem_otime);
205323Skib		CP(dsbuf, dsbuf32, sem_ctime);
205323Skib		error = copyout(&dsbuf32, PTRIN(arg.buf), sizeof(dsbuf32));
205323Skib		break;
205323Skib	}
205323Skib
205323Skib	if (error == 0)
205323Skib		td->td_retval[0] = rval;
205323Skib	return (error);
205323Skib}
205323Skib#endif
205323Skib
205323Skibint
205323Skibfreebsd32_semctl(struct thread *td, struct freebsd32_semctl_args *uap)
205323Skib{
205323Skib	struct semid_ds32 dsbuf32;
205323Skib	struct semid_ds dsbuf;
205323Skib	union semun semun;
205323Skib	union semun32 arg;
205323Skib	register_t rval;
205323Skib	int error;
205323Skib
205323Skib	switch (uap->cmd) {
205323Skib	case SEM_STAT:
205323Skib	case IPC_SET:
205323Skib	case IPC_STAT:
205323Skib	case GETALL:
205323Skib	case SETVAL:
205323Skib	case SETALL:
205323Skib		error = copyin(uap->arg, &arg, sizeof(arg));
205323Skib		if (error)
205323Skib			return (error);
205323Skib		break;
205323Skib	}
205323Skib
205323Skib	switch (uap->cmd) {
205323Skib	case SEM_STAT:
205323Skib	case IPC_STAT:
205323Skib		semun.buf = &dsbuf;
205323Skib		break;
205323Skib	case IPC_SET:
205323Skib		error = copyin(PTRIN(arg.buf), &dsbuf32, sizeof(dsbuf32));
205323Skib		if (error)
205323Skib			return (error);
205323Skib		freebsd32_ipcperm_in(&dsbuf32.sem_perm, &dsbuf.sem_perm);
205323Skib		PTRIN_CP(dsbuf32, dsbuf, sem_base);
205323Skib		CP(dsbuf32, dsbuf, sem_nsems);
205323Skib		CP(dsbuf32, dsbuf, sem_otime);
205323Skib		CP(dsbuf32, dsbuf, sem_ctime);
205323Skib		semun.buf = &dsbuf;
205323Skib		break;
205323Skib	case GETALL:
205323Skib	case SETALL:
205323Skib		semun.array = PTRIN(arg.array);
205323Skib		break;
205323Skib	case SETVAL:
205323Skib		semun.val = arg.val;
205323Skib		break;
205323Skib	}
205323Skib
205323Skib	error = kern_semctl(td, uap->semid, uap->semnum, uap->cmd, &semun,
205323Skib	    &rval);
205323Skib	if (error)
205323Skib		return (error);
205323Skib
205323Skib	switch (uap->cmd) {
205323Skib	case SEM_STAT:
205323Skib	case IPC_STAT:
205323Skib		bzero(&dsbuf32, sizeof(dsbuf32));
205323Skib		freebsd32_ipcperm_out(&dsbuf.sem_perm, &dsbuf32.sem_perm);
205323Skib		PTROUT_CP(dsbuf, dsbuf32, sem_base);
205323Skib		CP(dsbuf, dsbuf32, sem_nsems);
205323Skib		CP(dsbuf, dsbuf32, sem_otime);
205323Skib		CP(dsbuf, dsbuf32, sem_ctime);
205323Skib		error = copyout(&dsbuf32, PTRIN(arg.buf), sizeof(dsbuf32));
205323Skib		break;
205323Skib	}
205323Skib
205323Skib	if (error == 0)
205323Skib		td->td_retval[0] = rval;
205323Skib	return (error);
205323Skib}
205323Skib
205323Skib#endif /* COMPAT_FREEBSD32 */