sysv_shm.c revision 273707
1/* $NetBSD: sysv_shm.c,v 1.23 1994/07/04 23:25:12 glass Exp $ */ 2/*- 3 * Copyright (c) 1994 Adam Glass and Charles Hannum. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Adam Glass and Charles 16 * Hannum. 17 * 4. The names of the authors may not be used to endorse or promote products 18 * derived from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31/*- 32 * Copyright (c) 2003-2005 McAfee, Inc. 33 * All rights reserved. 34 * 35 * This software was developed for the FreeBSD Project in part by McAfee 36 * Research, the Security Research Division of McAfee, Inc under DARPA/SPAWAR 37 * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research 38 * program. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 */ 61 62#include <sys/cdefs.h> 63__FBSDID("$FreeBSD: head/sys/kern/sysv_shm.c 273707 2014-10-26 19:42:44Z mjg $"); 64 65#include "opt_compat.h" 66#include "opt_sysvipc.h" 67 68#include <sys/param.h> 69#include <sys/systm.h> 70#include <sys/kernel.h> 71#include <sys/limits.h> 72#include <sys/lock.h> 73#include <sys/sysctl.h> 74#include <sys/shm.h> 75#include <sys/proc.h> 76#include <sys/malloc.h> 77#include <sys/mman.h> 78#include <sys/module.h> 79#include <sys/mutex.h> 80#include <sys/racct.h> 81#include <sys/resourcevar.h> 82#include <sys/rwlock.h> 83#include <sys/stat.h> 84#include <sys/syscall.h> 85#include <sys/syscallsubr.h> 86#include <sys/sysent.h> 87#include <sys/sysproto.h> 88#include <sys/jail.h> 89 90#include <security/mac/mac_framework.h> 91 92#include <vm/vm.h> 93#include <vm/vm_param.h> 94#include <vm/pmap.h> 95#include <vm/vm_object.h> 96#include <vm/vm_map.h> 97#include <vm/vm_page.h> 98#include <vm/vm_pager.h> 99 100FEATURE(sysv_shm, "System V shared memory segments support"); 101 102static MALLOC_DEFINE(M_SHM, "shm", "SVID compatible shared memory segments"); 103 104static int shmget_allocate_segment(struct thread *td, 105 struct shmget_args *uap, int mode); 106static int shmget_existing(struct thread *td, struct shmget_args *uap, 107 int mode, int segnum); 108 109#define SHMSEG_FREE 0x0200 110#define SHMSEG_REMOVED 0x0400 111#define SHMSEG_ALLOCATED 0x0800 112#define SHMSEG_WANTED 0x1000 113 114static int shm_last_free, shm_nused, shmalloced; 115vm_size_t shm_committed; 116static struct shmid_kernel *shmsegs; 117 118struct shmmap_state { 119 vm_offset_t va; 120 int shmid; 121}; 122 123static void shm_deallocate_segment(struct shmid_kernel *); 124static int shm_find_segment_by_key(key_t); 125static struct shmid_kernel *shm_find_segment_by_shmid(int); 126static struct shmid_kernel *shm_find_segment_by_shmidx(int); 127static int shm_delete_mapping(struct vmspace *vm, struct shmmap_state *); 128static void shmrealloc(void); 129static int shminit(void); 130static int sysvshm_modload(struct module *, int, void *); 131static int shmunload(void); 132static void shmexit_myhook(struct vmspace *vm); 133static void shmfork_myhook(struct proc *p1, struct proc *p2); 134static int sysctl_shmsegs(SYSCTL_HANDLER_ARGS); 135 136/* 137 * Tuneable values. 138 */ 139#ifndef SHMMAXPGS 140#define SHMMAXPGS 131072 /* Note: sysv shared memory is swap backed. */ 141#endif 142#ifndef SHMMAX 143#define SHMMAX (SHMMAXPGS*PAGE_SIZE) 144#endif 145#ifndef SHMMIN 146#define SHMMIN 1 147#endif 148#ifndef SHMMNI 149#define SHMMNI 192 150#endif 151#ifndef SHMSEG 152#define SHMSEG 128 153#endif 154#ifndef SHMALL 155#define SHMALL (SHMMAXPGS) 156#endif 157 158struct shminfo shminfo = { 159 .shmmax = SHMMAX, 160 .shmmin = SHMMIN, 161 .shmmni = SHMMNI, 162 .shmseg = SHMSEG, 163 .shmall = SHMALL 164}; 165 166static int shm_use_phys; 167static int shm_allow_removed; 168 169SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmax, CTLFLAG_RWTUN, &shminfo.shmmax, 0, 170 "Maximum shared memory segment size"); 171SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmin, CTLFLAG_RWTUN, &shminfo.shmmin, 0, 172 "Minimum shared memory segment size"); 173SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmni, CTLFLAG_RDTUN, &shminfo.shmmni, 0, 174 "Number of shared memory identifiers"); 175SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmseg, CTLFLAG_RDTUN, &shminfo.shmseg, 0, 176 "Number of segments per process"); 177SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmall, CTLFLAG_RWTUN, &shminfo.shmall, 0, 178 "Maximum number of pages available for shared memory"); 179SYSCTL_INT(_kern_ipc, OID_AUTO, shm_use_phys, CTLFLAG_RWTUN, 180 &shm_use_phys, 0, "Enable/Disable locking of shared memory pages in core"); 181SYSCTL_INT(_kern_ipc, OID_AUTO, shm_allow_removed, CTLFLAG_RWTUN, 182 &shm_allow_removed, 0, 183 "Enable/Disable attachment to attached segments marked for removal"); 184SYSCTL_PROC(_kern_ipc, OID_AUTO, shmsegs, CTLTYPE_OPAQUE | CTLFLAG_RD, 185 NULL, 0, sysctl_shmsegs, "", 186 "Current number of shared memory segments allocated"); 187 188static int 189shm_find_segment_by_key(key) 190 key_t key; 191{ 192 int i; 193 194 for (i = 0; i < shmalloced; i++) 195 if ((shmsegs[i].u.shm_perm.mode & SHMSEG_ALLOCATED) && 196 shmsegs[i].u.shm_perm.key == key) 197 return (i); 198 return (-1); 199} 200 201static struct shmid_kernel * 202shm_find_segment_by_shmid(int shmid) 203{ 204 int segnum; 205 struct shmid_kernel *shmseg; 206 207 segnum = IPCID_TO_IX(shmid); 208 if (segnum < 0 || segnum >= shmalloced) 209 return (NULL); 210 shmseg = &shmsegs[segnum]; 211 if ((shmseg->u.shm_perm.mode & SHMSEG_ALLOCATED) == 0 || 212 (!shm_allow_removed && 213 (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) != 0) || 214 shmseg->u.shm_perm.seq != IPCID_TO_SEQ(shmid)) 215 return (NULL); 216 return (shmseg); 217} 218 219static struct shmid_kernel * 220shm_find_segment_by_shmidx(int segnum) 221{ 222 struct shmid_kernel *shmseg; 223 224 if (segnum < 0 || segnum >= shmalloced) 225 return (NULL); 226 shmseg = &shmsegs[segnum]; 227 if ((shmseg->u.shm_perm.mode & SHMSEG_ALLOCATED) == 0 || 228 (!shm_allow_removed && 229 (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) != 0)) 230 return (NULL); 231 return (shmseg); 232} 233 234static void 235shm_deallocate_segment(shmseg) 236 struct shmid_kernel *shmseg; 237{ 238 vm_size_t size; 239 240 GIANT_REQUIRED; 241 242 vm_object_deallocate(shmseg->object); 243 shmseg->object = NULL; 244 size = round_page(shmseg->u.shm_segsz); 245 shm_committed -= btoc(size); 246 shm_nused--; 247 shmseg->u.shm_perm.mode = SHMSEG_FREE; 248#ifdef MAC 249 mac_sysvshm_cleanup(shmseg); 250#endif 251 racct_sub_cred(shmseg->cred, RACCT_NSHM, 1); 252 racct_sub_cred(shmseg->cred, RACCT_SHMSIZE, size); 253 crfree(shmseg->cred); 254 shmseg->cred = NULL; 255} 256 257static int 258shm_delete_mapping(struct vmspace *vm, struct shmmap_state *shmmap_s) 259{ 260 struct shmid_kernel *shmseg; 261 int segnum, result; 262 vm_size_t size; 263 264 GIANT_REQUIRED; 265 266 segnum = IPCID_TO_IX(shmmap_s->shmid); 267 shmseg = &shmsegs[segnum]; 268 size = round_page(shmseg->u.shm_segsz); 269 result = vm_map_remove(&vm->vm_map, shmmap_s->va, shmmap_s->va + size); 270 if (result != KERN_SUCCESS) 271 return (EINVAL); 272 shmmap_s->shmid = -1; 273 shmseg->u.shm_dtime = time_second; 274 if ((--shmseg->u.shm_nattch <= 0) && 275 (shmseg->u.shm_perm.mode & SHMSEG_REMOVED)) { 276 shm_deallocate_segment(shmseg); 277 shm_last_free = segnum; 278 } 279 return (0); 280} 281 282#ifndef _SYS_SYSPROTO_H_ 283struct shmdt_args { 284 const void *shmaddr; 285}; 286#endif 287int 288sys_shmdt(td, uap) 289 struct thread *td; 290 struct shmdt_args *uap; 291{ 292 struct proc *p = td->td_proc; 293 struct shmmap_state *shmmap_s; 294#ifdef MAC 295 struct shmid_kernel *shmsegptr; 296#endif 297 int i; 298 int error = 0; 299 300 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC)) 301 return (ENOSYS); 302 mtx_lock(&Giant); 303 shmmap_s = p->p_vmspace->vm_shm; 304 if (shmmap_s == NULL) { 305 error = EINVAL; 306 goto done2; 307 } 308 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) { 309 if (shmmap_s->shmid != -1 && 310 shmmap_s->va == (vm_offset_t)uap->shmaddr) { 311 break; 312 } 313 } 314 if (i == shminfo.shmseg) { 315 error = EINVAL; 316 goto done2; 317 } 318#ifdef MAC 319 shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)]; 320 error = mac_sysvshm_check_shmdt(td->td_ucred, shmsegptr); 321 if (error != 0) 322 goto done2; 323#endif 324 error = shm_delete_mapping(p->p_vmspace, shmmap_s); 325done2: 326 mtx_unlock(&Giant); 327 return (error); 328} 329 330#ifndef _SYS_SYSPROTO_H_ 331struct shmat_args { 332 int shmid; 333 const void *shmaddr; 334 int shmflg; 335}; 336#endif 337int 338kern_shmat(td, shmid, shmaddr, shmflg) 339 struct thread *td; 340 int shmid; 341 const void *shmaddr; 342 int shmflg; 343{ 344 struct proc *p = td->td_proc; 345 int i; 346 struct shmid_kernel *shmseg; 347 struct shmmap_state *shmmap_s = NULL; 348 vm_offset_t attach_va; 349 vm_prot_t prot; 350 vm_size_t size; 351 int rv; 352 int error = 0; 353 354 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC)) 355 return (ENOSYS); 356 mtx_lock(&Giant); 357 shmmap_s = p->p_vmspace->vm_shm; 358 if (shmmap_s == NULL) { 359 shmmap_s = malloc(shminfo.shmseg * sizeof(struct shmmap_state), 360 M_SHM, M_WAITOK); 361 for (i = 0; i < shminfo.shmseg; i++) 362 shmmap_s[i].shmid = -1; 363 p->p_vmspace->vm_shm = shmmap_s; 364 } 365 shmseg = shm_find_segment_by_shmid(shmid); 366 if (shmseg == NULL) { 367 error = EINVAL; 368 goto done2; 369 } 370 error = ipcperm(td, &shmseg->u.shm_perm, 371 (shmflg & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W); 372 if (error) 373 goto done2; 374#ifdef MAC 375 error = mac_sysvshm_check_shmat(td->td_ucred, shmseg, shmflg); 376 if (error != 0) 377 goto done2; 378#endif 379 for (i = 0; i < shminfo.shmseg; i++) { 380 if (shmmap_s->shmid == -1) 381 break; 382 shmmap_s++; 383 } 384 if (i >= shminfo.shmseg) { 385 error = EMFILE; 386 goto done2; 387 } 388 size = round_page(shmseg->u.shm_segsz); 389 prot = VM_PROT_READ; 390 if ((shmflg & SHM_RDONLY) == 0) 391 prot |= VM_PROT_WRITE; 392 if (shmaddr) { 393 if (shmflg & SHM_RND) { 394 attach_va = (vm_offset_t)shmaddr & ~(SHMLBA-1); 395 } else if (((vm_offset_t)shmaddr & (SHMLBA-1)) == 0) { 396 attach_va = (vm_offset_t)shmaddr; 397 } else { 398 error = EINVAL; 399 goto done2; 400 } 401 } else { 402 /* 403 * This is just a hint to vm_map_find() about where to 404 * put it. 405 */ 406 PROC_LOCK(p); 407 attach_va = round_page((vm_offset_t)p->p_vmspace->vm_daddr + 408 lim_max(p, RLIMIT_DATA)); 409 PROC_UNLOCK(p); 410 } 411 412 vm_object_reference(shmseg->object); 413 rv = vm_map_find(&p->p_vmspace->vm_map, shmseg->object, 0, &attach_va, 414 size, 0, shmaddr != NULL ? VMFS_NO_SPACE : VMFS_OPTIMAL_SPACE, 415 prot, prot, MAP_INHERIT_SHARE | MAP_PREFAULT_PARTIAL); 416 if (rv != KERN_SUCCESS) { 417 vm_object_deallocate(shmseg->object); 418 error = ENOMEM; 419 goto done2; 420 } 421 422 shmmap_s->va = attach_va; 423 shmmap_s->shmid = shmid; 424 shmseg->u.shm_lpid = p->p_pid; 425 shmseg->u.shm_atime = time_second; 426 shmseg->u.shm_nattch++; 427 td->td_retval[0] = attach_va; 428done2: 429 mtx_unlock(&Giant); 430 return (error); 431} 432 433int 434sys_shmat(td, uap) 435 struct thread *td; 436 struct shmat_args *uap; 437{ 438 return kern_shmat(td, uap->shmid, uap->shmaddr, uap->shmflg); 439} 440 441int 442kern_shmctl(td, shmid, cmd, buf, bufsz) 443 struct thread *td; 444 int shmid; 445 int cmd; 446 void *buf; 447 size_t *bufsz; 448{ 449 int error = 0; 450 struct shmid_kernel *shmseg; 451 452 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC)) 453 return (ENOSYS); 454 455 mtx_lock(&Giant); 456 switch (cmd) { 457 /* 458 * It is possible that kern_shmctl is being called from the Linux ABI 459 * layer, in which case, we will need to implement IPC_INFO. It should 460 * be noted that other shmctl calls will be funneled through here for 461 * Linix binaries as well. 462 * 463 * NB: The Linux ABI layer will convert this data to structure(s) more 464 * consistent with the Linux ABI. 465 */ 466 case IPC_INFO: 467 memcpy(buf, &shminfo, sizeof(shminfo)); 468 if (bufsz) 469 *bufsz = sizeof(shminfo); 470 td->td_retval[0] = shmalloced; 471 goto done2; 472 case SHM_INFO: { 473 struct shm_info shm_info; 474 shm_info.used_ids = shm_nused; 475 shm_info.shm_rss = 0; /*XXX where to get from ? */ 476 shm_info.shm_tot = 0; /*XXX where to get from ? */ 477 shm_info.shm_swp = 0; /*XXX where to get from ? */ 478 shm_info.swap_attempts = 0; /*XXX where to get from ? */ 479 shm_info.swap_successes = 0; /*XXX where to get from ? */ 480 memcpy(buf, &shm_info, sizeof(shm_info)); 481 if (bufsz) 482 *bufsz = sizeof(shm_info); 483 td->td_retval[0] = shmalloced; 484 goto done2; 485 } 486 } 487 if (cmd == SHM_STAT) 488 shmseg = shm_find_segment_by_shmidx(shmid); 489 else 490 shmseg = shm_find_segment_by_shmid(shmid); 491 if (shmseg == NULL) { 492 error = EINVAL; 493 goto done2; 494 } 495#ifdef MAC 496 error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, cmd); 497 if (error != 0) 498 goto done2; 499#endif 500 switch (cmd) { 501 case SHM_STAT: 502 case IPC_STAT: 503 error = ipcperm(td, &shmseg->u.shm_perm, IPC_R); 504 if (error) 505 goto done2; 506 memcpy(buf, &shmseg->u, sizeof(struct shmid_ds)); 507 if (bufsz) 508 *bufsz = sizeof(struct shmid_ds); 509 if (cmd == SHM_STAT) 510 td->td_retval[0] = IXSEQ_TO_IPCID(shmid, shmseg->u.shm_perm); 511 break; 512 case IPC_SET: { 513 struct shmid_ds *shmid; 514 515 shmid = (struct shmid_ds *)buf; 516 error = ipcperm(td, &shmseg->u.shm_perm, IPC_M); 517 if (error) 518 goto done2; 519 shmseg->u.shm_perm.uid = shmid->shm_perm.uid; 520 shmseg->u.shm_perm.gid = shmid->shm_perm.gid; 521 shmseg->u.shm_perm.mode = 522 (shmseg->u.shm_perm.mode & ~ACCESSPERMS) | 523 (shmid->shm_perm.mode & ACCESSPERMS); 524 shmseg->u.shm_ctime = time_second; 525 break; 526 } 527 case IPC_RMID: 528 error = ipcperm(td, &shmseg->u.shm_perm, IPC_M); 529 if (error) 530 goto done2; 531 shmseg->u.shm_perm.key = IPC_PRIVATE; 532 shmseg->u.shm_perm.mode |= SHMSEG_REMOVED; 533 if (shmseg->u.shm_nattch <= 0) { 534 shm_deallocate_segment(shmseg); 535 shm_last_free = IPCID_TO_IX(shmid); 536 } 537 break; 538#if 0 539 case SHM_LOCK: 540 case SHM_UNLOCK: 541#endif 542 default: 543 error = EINVAL; 544 break; 545 } 546done2: 547 mtx_unlock(&Giant); 548 return (error); 549} 550 551#ifndef _SYS_SYSPROTO_H_ 552struct shmctl_args { 553 int shmid; 554 int cmd; 555 struct shmid_ds *buf; 556}; 557#endif 558int 559sys_shmctl(td, uap) 560 struct thread *td; 561 struct shmctl_args *uap; 562{ 563 int error = 0; 564 struct shmid_ds buf; 565 size_t bufsz; 566 567 /* 568 * The only reason IPC_INFO, SHM_INFO, SHM_STAT exists is to support 569 * Linux binaries. If we see the call come through the FreeBSD ABI, 570 * return an error back to the user since we do not to support this. 571 */ 572 if (uap->cmd == IPC_INFO || uap->cmd == SHM_INFO || 573 uap->cmd == SHM_STAT) 574 return (EINVAL); 575 576 /* IPC_SET needs to copyin the buffer before calling kern_shmctl */ 577 if (uap->cmd == IPC_SET) { 578 if ((error = copyin(uap->buf, &buf, sizeof(struct shmid_ds)))) 579 goto done; 580 } 581 582 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&buf, &bufsz); 583 if (error) 584 goto done; 585 586 /* Cases in which we need to copyout */ 587 switch (uap->cmd) { 588 case IPC_STAT: 589 error = copyout(&buf, uap->buf, bufsz); 590 break; 591 } 592 593done: 594 if (error) { 595 /* Invalidate the return value */ 596 td->td_retval[0] = -1; 597 } 598 return (error); 599} 600 601 602static int 603shmget_existing(td, uap, mode, segnum) 604 struct thread *td; 605 struct shmget_args *uap; 606 int mode; 607 int segnum; 608{ 609 struct shmid_kernel *shmseg; 610 int error; 611 612 shmseg = &shmsegs[segnum]; 613 if (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) { 614 /* 615 * This segment is in the process of being allocated. Wait 616 * until it's done, and look the key up again (in case the 617 * allocation failed or it was freed). 618 */ 619 shmseg->u.shm_perm.mode |= SHMSEG_WANTED; 620 error = tsleep(shmseg, PLOCK | PCATCH, "shmget", 0); 621 if (error) 622 return (error); 623 return (EAGAIN); 624 } 625 if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL)) 626 return (EEXIST); 627#ifdef MAC 628 error = mac_sysvshm_check_shmget(td->td_ucred, shmseg, uap->shmflg); 629 if (error != 0) 630 return (error); 631#endif 632 if (uap->size != 0 && uap->size > shmseg->u.shm_segsz) 633 return (EINVAL); 634 td->td_retval[0] = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm); 635 return (0); 636} 637 638static int 639shmget_allocate_segment(td, uap, mode) 640 struct thread *td; 641 struct shmget_args *uap; 642 int mode; 643{ 644 int i, segnum, shmid; 645 size_t size; 646 struct ucred *cred = td->td_ucred; 647 struct shmid_kernel *shmseg; 648 vm_object_t shm_object; 649 650 GIANT_REQUIRED; 651 652 if (uap->size < shminfo.shmmin || uap->size > shminfo.shmmax) 653 return (EINVAL); 654 if (shm_nused >= shminfo.shmmni) /* Any shmids left? */ 655 return (ENOSPC); 656 size = round_page(uap->size); 657 if (shm_committed + btoc(size) > shminfo.shmall) 658 return (ENOMEM); 659 if (shm_last_free < 0) { 660 shmrealloc(); /* Maybe expand the shmsegs[] array. */ 661 for (i = 0; i < shmalloced; i++) 662 if (shmsegs[i].u.shm_perm.mode & SHMSEG_FREE) 663 break; 664 if (i == shmalloced) 665 return (ENOSPC); 666 segnum = i; 667 } else { 668 segnum = shm_last_free; 669 shm_last_free = -1; 670 } 671 shmseg = &shmsegs[segnum]; 672#ifdef RACCT 673 PROC_LOCK(td->td_proc); 674 if (racct_add(td->td_proc, RACCT_NSHM, 1)) { 675 PROC_UNLOCK(td->td_proc); 676 return (ENOSPC); 677 } 678 if (racct_add(td->td_proc, RACCT_SHMSIZE, size)) { 679 racct_sub(td->td_proc, RACCT_NSHM, 1); 680 PROC_UNLOCK(td->td_proc); 681 return (ENOMEM); 682 } 683 PROC_UNLOCK(td->td_proc); 684#endif 685 /* 686 * In case we sleep in malloc(), mark the segment present but deleted 687 * so that noone else tries to create the same key. 688 */ 689 shmseg->u.shm_perm.mode = SHMSEG_ALLOCATED | SHMSEG_REMOVED; 690 shmseg->u.shm_perm.key = uap->key; 691 shmseg->u.shm_perm.seq = (shmseg->u.shm_perm.seq + 1) & 0x7fff; 692 shmid = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm); 693 694 /* 695 * We make sure that we have allocated a pager before we need 696 * to. 697 */ 698 shm_object = vm_pager_allocate(shm_use_phys ? OBJT_PHYS : OBJT_SWAP, 699 0, size, VM_PROT_DEFAULT, 0, cred); 700 if (shm_object == NULL) { 701#ifdef RACCT 702 PROC_LOCK(td->td_proc); 703 racct_sub(td->td_proc, RACCT_NSHM, 1); 704 racct_sub(td->td_proc, RACCT_SHMSIZE, size); 705 PROC_UNLOCK(td->td_proc); 706#endif 707 return (ENOMEM); 708 } 709 VM_OBJECT_WLOCK(shm_object); 710 vm_object_clear_flag(shm_object, OBJ_ONEMAPPING); 711 vm_object_set_flag(shm_object, OBJ_NOSPLIT); 712 VM_OBJECT_WUNLOCK(shm_object); 713 714 shmseg->object = shm_object; 715 shmseg->u.shm_perm.cuid = shmseg->u.shm_perm.uid = cred->cr_uid; 716 shmseg->u.shm_perm.cgid = shmseg->u.shm_perm.gid = cred->cr_gid; 717 shmseg->u.shm_perm.mode = (shmseg->u.shm_perm.mode & SHMSEG_WANTED) | 718 (mode & ACCESSPERMS) | SHMSEG_ALLOCATED; 719 shmseg->cred = crhold(cred); 720 shmseg->u.shm_segsz = uap->size; 721 shmseg->u.shm_cpid = td->td_proc->p_pid; 722 shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0; 723 shmseg->u.shm_atime = shmseg->u.shm_dtime = 0; 724#ifdef MAC 725 mac_sysvshm_create(cred, shmseg); 726#endif 727 shmseg->u.shm_ctime = time_second; 728 shm_committed += btoc(size); 729 shm_nused++; 730 if (shmseg->u.shm_perm.mode & SHMSEG_WANTED) { 731 /* 732 * Somebody else wanted this key while we were asleep. Wake 733 * them up now. 734 */ 735 shmseg->u.shm_perm.mode &= ~SHMSEG_WANTED; 736 wakeup(shmseg); 737 } 738 td->td_retval[0] = shmid; 739 return (0); 740} 741 742#ifndef _SYS_SYSPROTO_H_ 743struct shmget_args { 744 key_t key; 745 size_t size; 746 int shmflg; 747}; 748#endif 749int 750sys_shmget(td, uap) 751 struct thread *td; 752 struct shmget_args *uap; 753{ 754 int segnum, mode; 755 int error; 756 757 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC)) 758 return (ENOSYS); 759 mtx_lock(&Giant); 760 mode = uap->shmflg & ACCESSPERMS; 761 if (uap->key != IPC_PRIVATE) { 762 again: 763 segnum = shm_find_segment_by_key(uap->key); 764 if (segnum >= 0) { 765 error = shmget_existing(td, uap, mode, segnum); 766 if (error == EAGAIN) 767 goto again; 768 goto done2; 769 } 770 if ((uap->shmflg & IPC_CREAT) == 0) { 771 error = ENOENT; 772 goto done2; 773 } 774 } 775 error = shmget_allocate_segment(td, uap, mode); 776done2: 777 mtx_unlock(&Giant); 778 return (error); 779} 780 781static void 782shmfork_myhook(p1, p2) 783 struct proc *p1, *p2; 784{ 785 struct shmmap_state *shmmap_s; 786 size_t size; 787 int i; 788 789 mtx_lock(&Giant); 790 size = shminfo.shmseg * sizeof(struct shmmap_state); 791 shmmap_s = malloc(size, M_SHM, M_WAITOK); 792 bcopy(p1->p_vmspace->vm_shm, shmmap_s, size); 793 p2->p_vmspace->vm_shm = shmmap_s; 794 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) 795 if (shmmap_s->shmid != -1) 796 shmsegs[IPCID_TO_IX(shmmap_s->shmid)].u.shm_nattch++; 797 mtx_unlock(&Giant); 798} 799 800static void 801shmexit_myhook(struct vmspace *vm) 802{ 803 struct shmmap_state *base, *shm; 804 int i; 805 806 if ((base = vm->vm_shm) != NULL) { 807 vm->vm_shm = NULL; 808 mtx_lock(&Giant); 809 for (i = 0, shm = base; i < shminfo.shmseg; i++, shm++) { 810 if (shm->shmid != -1) 811 shm_delete_mapping(vm, shm); 812 } 813 mtx_unlock(&Giant); 814 free(base, M_SHM); 815 } 816} 817 818static void 819shmrealloc(void) 820{ 821 int i; 822 struct shmid_kernel *newsegs; 823 824 if (shmalloced >= shminfo.shmmni) 825 return; 826 827 newsegs = malloc(shminfo.shmmni * sizeof(*newsegs), M_SHM, M_WAITOK); 828 if (newsegs == NULL) 829 return; 830 for (i = 0; i < shmalloced; i++) 831 bcopy(&shmsegs[i], &newsegs[i], sizeof(newsegs[0])); 832 for (; i < shminfo.shmmni; i++) { 833 shmsegs[i].u.shm_perm.mode = SHMSEG_FREE; 834 shmsegs[i].u.shm_perm.seq = 0; 835#ifdef MAC 836 mac_sysvshm_init(&shmsegs[i]); 837#endif 838 } 839 free(shmsegs, M_SHM); 840 shmsegs = newsegs; 841 shmalloced = shminfo.shmmni; 842} 843 844static struct syscall_helper_data shm_syscalls[] = { 845 SYSCALL_INIT_HELPER(shmat), 846 SYSCALL_INIT_HELPER(shmctl), 847 SYSCALL_INIT_HELPER(shmdt), 848 SYSCALL_INIT_HELPER(shmget), 849#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 850 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 851 SYSCALL_INIT_HELPER_COMPAT(freebsd7_shmctl), 852#endif 853#if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43)) 854 SYSCALL_INIT_HELPER(shmsys), 855#endif 856 SYSCALL_INIT_LAST 857}; 858 859#ifdef COMPAT_FREEBSD32 860#include <compat/freebsd32/freebsd32.h> 861#include <compat/freebsd32/freebsd32_ipc.h> 862#include <compat/freebsd32/freebsd32_proto.h> 863#include <compat/freebsd32/freebsd32_signal.h> 864#include <compat/freebsd32/freebsd32_syscall.h> 865#include <compat/freebsd32/freebsd32_util.h> 866 867static struct syscall_helper_data shm32_syscalls[] = { 868 SYSCALL32_INIT_HELPER_COMPAT(shmat), 869 SYSCALL32_INIT_HELPER_COMPAT(shmdt), 870 SYSCALL32_INIT_HELPER_COMPAT(shmget), 871 SYSCALL32_INIT_HELPER(freebsd32_shmsys), 872 SYSCALL32_INIT_HELPER(freebsd32_shmctl), 873#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 874 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 875 SYSCALL32_INIT_HELPER(freebsd7_freebsd32_shmctl), 876#endif 877 SYSCALL_INIT_LAST 878}; 879#endif 880 881static int 882shminit() 883{ 884 int i, error; 885 886#ifndef BURN_BRIDGES 887 if (TUNABLE_ULONG_FETCH("kern.ipc.shmmaxpgs", &shminfo.shmall) != 0) 888 printf("kern.ipc.shmmaxpgs is now called kern.ipc.shmall!\n"); 889#endif 890 if (shminfo.shmmax == SHMMAX) { 891 /* Initialize shmmax dealing with possible overflow. */ 892 for (i = PAGE_SIZE; i != 0; i--) { 893 shminfo.shmmax = shminfo.shmall * i; 894 if ((shminfo.shmmax / shminfo.shmall) == (u_long)i) 895 break; 896 } 897 } 898 shmalloced = shminfo.shmmni; 899 shmsegs = malloc(shmalloced * sizeof(shmsegs[0]), M_SHM, M_WAITOK); 900 for (i = 0; i < shmalloced; i++) { 901 shmsegs[i].u.shm_perm.mode = SHMSEG_FREE; 902 shmsegs[i].u.shm_perm.seq = 0; 903#ifdef MAC 904 mac_sysvshm_init(&shmsegs[i]); 905#endif 906 } 907 shm_last_free = 0; 908 shm_nused = 0; 909 shm_committed = 0; 910 shmexit_hook = &shmexit_myhook; 911 shmfork_hook = &shmfork_myhook; 912 913 error = syscall_helper_register(shm_syscalls, SY_THR_STATIC_KLD); 914 if (error != 0) 915 return (error); 916#ifdef COMPAT_FREEBSD32 917 error = syscall32_helper_register(shm32_syscalls, SY_THR_STATIC_KLD); 918 if (error != 0) 919 return (error); 920#endif 921 return (0); 922} 923 924static int 925shmunload() 926{ 927 int i; 928 929 if (shm_nused > 0) 930 return (EBUSY); 931 932#ifdef COMPAT_FREEBSD32 933 syscall32_helper_unregister(shm32_syscalls); 934#endif 935 syscall_helper_unregister(shm_syscalls); 936 937 for (i = 0; i < shmalloced; i++) { 938#ifdef MAC 939 mac_sysvshm_destroy(&shmsegs[i]); 940#endif 941 /* 942 * Objects might be still mapped into the processes 943 * address spaces. Actual free would happen on the 944 * last mapping destruction. 945 */ 946 if (shmsegs[i].u.shm_perm.mode != SHMSEG_FREE) 947 vm_object_deallocate(shmsegs[i].object); 948 } 949 free(shmsegs, M_SHM); 950 shmexit_hook = NULL; 951 shmfork_hook = NULL; 952 return (0); 953} 954 955static int 956sysctl_shmsegs(SYSCTL_HANDLER_ARGS) 957{ 958 959 return (SYSCTL_OUT(req, shmsegs, shmalloced * sizeof(shmsegs[0]))); 960} 961 962#if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43)) 963struct oshmid_ds { 964 struct ipc_perm_old shm_perm; /* operation perms */ 965 int shm_segsz; /* size of segment (bytes) */ 966 u_short shm_cpid; /* pid, creator */ 967 u_short shm_lpid; /* pid, last operation */ 968 short shm_nattch; /* no. of current attaches */ 969 time_t shm_atime; /* last attach time */ 970 time_t shm_dtime; /* last detach time */ 971 time_t shm_ctime; /* last change time */ 972 void *shm_handle; /* internal handle for shm segment */ 973}; 974 975struct oshmctl_args { 976 int shmid; 977 int cmd; 978 struct oshmid_ds *ubuf; 979}; 980 981static int 982oshmctl(struct thread *td, struct oshmctl_args *uap) 983{ 984#ifdef COMPAT_43 985 int error = 0; 986 struct shmid_kernel *shmseg; 987 struct oshmid_ds outbuf; 988 989 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC)) 990 return (ENOSYS); 991 mtx_lock(&Giant); 992 shmseg = shm_find_segment_by_shmid(uap->shmid); 993 if (shmseg == NULL) { 994 error = EINVAL; 995 goto done2; 996 } 997 switch (uap->cmd) { 998 case IPC_STAT: 999 error = ipcperm(td, &shmseg->u.shm_perm, IPC_R); 1000 if (error) 1001 goto done2; 1002#ifdef MAC 1003 error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, uap->cmd); 1004 if (error != 0) 1005 goto done2; 1006#endif 1007 ipcperm_new2old(&shmseg->u.shm_perm, &outbuf.shm_perm); 1008 outbuf.shm_segsz = shmseg->u.shm_segsz; 1009 outbuf.shm_cpid = shmseg->u.shm_cpid; 1010 outbuf.shm_lpid = shmseg->u.shm_lpid; 1011 outbuf.shm_nattch = shmseg->u.shm_nattch; 1012 outbuf.shm_atime = shmseg->u.shm_atime; 1013 outbuf.shm_dtime = shmseg->u.shm_dtime; 1014 outbuf.shm_ctime = shmseg->u.shm_ctime; 1015 outbuf.shm_handle = shmseg->object; 1016 error = copyout(&outbuf, uap->ubuf, sizeof(outbuf)); 1017 if (error) 1018 goto done2; 1019 break; 1020 default: 1021 error = freebsd7_shmctl(td, (struct freebsd7_shmctl_args *)uap); 1022 break; 1023 } 1024done2: 1025 mtx_unlock(&Giant); 1026 return (error); 1027#else 1028 return (EINVAL); 1029#endif 1030} 1031 1032/* XXX casting to (sy_call_t *) is bogus, as usual. */ 1033static sy_call_t *shmcalls[] = { 1034 (sy_call_t *)sys_shmat, (sy_call_t *)oshmctl, 1035 (sy_call_t *)sys_shmdt, (sy_call_t *)sys_shmget, 1036 (sy_call_t *)freebsd7_shmctl 1037}; 1038 1039int 1040sys_shmsys(td, uap) 1041 struct thread *td; 1042 /* XXX actually varargs. */ 1043 struct shmsys_args /* { 1044 int which; 1045 int a2; 1046 int a3; 1047 int a4; 1048 } */ *uap; 1049{ 1050 int error; 1051 1052 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC)) 1053 return (ENOSYS); 1054 if (uap->which < 0 || 1055 uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0])) 1056 return (EINVAL); 1057 mtx_lock(&Giant); 1058 error = (*shmcalls[uap->which])(td, &uap->a2); 1059 mtx_unlock(&Giant); 1060 return (error); 1061} 1062 1063#endif /* i386 && (COMPAT_FREEBSD4 || COMPAT_43) */ 1064 1065#ifdef COMPAT_FREEBSD32 1066 1067int 1068freebsd32_shmsys(struct thread *td, struct freebsd32_shmsys_args *uap) 1069{ 1070 1071#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 1072 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 1073 switch (uap->which) { 1074 case 0: { /* shmat */ 1075 struct shmat_args ap; 1076 1077 ap.shmid = uap->a2; 1078 ap.shmaddr = PTRIN(uap->a3); 1079 ap.shmflg = uap->a4; 1080 return (sysent[SYS_shmat].sy_call(td, &ap)); 1081 } 1082 case 2: { /* shmdt */ 1083 struct shmdt_args ap; 1084 1085 ap.shmaddr = PTRIN(uap->a2); 1086 return (sysent[SYS_shmdt].sy_call(td, &ap)); 1087 } 1088 case 3: { /* shmget */ 1089 struct shmget_args ap; 1090 1091 ap.key = uap->a2; 1092 ap.size = uap->a3; 1093 ap.shmflg = uap->a4; 1094 return (sysent[SYS_shmget].sy_call(td, &ap)); 1095 } 1096 case 4: { /* shmctl */ 1097 struct freebsd7_freebsd32_shmctl_args ap; 1098 1099 ap.shmid = uap->a2; 1100 ap.cmd = uap->a3; 1101 ap.buf = PTRIN(uap->a4); 1102 return (freebsd7_freebsd32_shmctl(td, &ap)); 1103 } 1104 case 1: /* oshmctl */ 1105 default: 1106 return (EINVAL); 1107 } 1108#else 1109 return (nosys(td, NULL)); 1110#endif 1111} 1112 1113#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 1114 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 1115int 1116freebsd7_freebsd32_shmctl(struct thread *td, 1117 struct freebsd7_freebsd32_shmctl_args *uap) 1118{ 1119 int error = 0; 1120 union { 1121 struct shmid_ds shmid_ds; 1122 struct shm_info shm_info; 1123 struct shminfo shminfo; 1124 } u; 1125 union { 1126 struct shmid_ds32_old shmid_ds32; 1127 struct shm_info32 shm_info32; 1128 struct shminfo32 shminfo32; 1129 } u32; 1130 size_t sz; 1131 1132 if (uap->cmd == IPC_SET) { 1133 if ((error = copyin(uap->buf, &u32.shmid_ds32, 1134 sizeof(u32.shmid_ds32)))) 1135 goto done; 1136 freebsd32_ipcperm_old_in(&u32.shmid_ds32.shm_perm, 1137 &u.shmid_ds.shm_perm); 1138 CP(u32.shmid_ds32, u.shmid_ds, shm_segsz); 1139 CP(u32.shmid_ds32, u.shmid_ds, shm_lpid); 1140 CP(u32.shmid_ds32, u.shmid_ds, shm_cpid); 1141 CP(u32.shmid_ds32, u.shmid_ds, shm_nattch); 1142 CP(u32.shmid_ds32, u.shmid_ds, shm_atime); 1143 CP(u32.shmid_ds32, u.shmid_ds, shm_dtime); 1144 CP(u32.shmid_ds32, u.shmid_ds, shm_ctime); 1145 } 1146 1147 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&u, &sz); 1148 if (error) 1149 goto done; 1150 1151 /* Cases in which we need to copyout */ 1152 switch (uap->cmd) { 1153 case IPC_INFO: 1154 CP(u.shminfo, u32.shminfo32, shmmax); 1155 CP(u.shminfo, u32.shminfo32, shmmin); 1156 CP(u.shminfo, u32.shminfo32, shmmni); 1157 CP(u.shminfo, u32.shminfo32, shmseg); 1158 CP(u.shminfo, u32.shminfo32, shmall); 1159 error = copyout(&u32.shminfo32, uap->buf, 1160 sizeof(u32.shminfo32)); 1161 break; 1162 case SHM_INFO: 1163 CP(u.shm_info, u32.shm_info32, used_ids); 1164 CP(u.shm_info, u32.shm_info32, shm_rss); 1165 CP(u.shm_info, u32.shm_info32, shm_tot); 1166 CP(u.shm_info, u32.shm_info32, shm_swp); 1167 CP(u.shm_info, u32.shm_info32, swap_attempts); 1168 CP(u.shm_info, u32.shm_info32, swap_successes); 1169 error = copyout(&u32.shm_info32, uap->buf, 1170 sizeof(u32.shm_info32)); 1171 break; 1172 case SHM_STAT: 1173 case IPC_STAT: 1174 freebsd32_ipcperm_old_out(&u.shmid_ds.shm_perm, 1175 &u32.shmid_ds32.shm_perm); 1176 if (u.shmid_ds.shm_segsz > INT32_MAX) 1177 u32.shmid_ds32.shm_segsz = INT32_MAX; 1178 else 1179 CP(u.shmid_ds, u32.shmid_ds32, shm_segsz); 1180 CP(u.shmid_ds, u32.shmid_ds32, shm_lpid); 1181 CP(u.shmid_ds, u32.shmid_ds32, shm_cpid); 1182 CP(u.shmid_ds, u32.shmid_ds32, shm_nattch); 1183 CP(u.shmid_ds, u32.shmid_ds32, shm_atime); 1184 CP(u.shmid_ds, u32.shmid_ds32, shm_dtime); 1185 CP(u.shmid_ds, u32.shmid_ds32, shm_ctime); 1186 u32.shmid_ds32.shm_internal = 0; 1187 error = copyout(&u32.shmid_ds32, uap->buf, 1188 sizeof(u32.shmid_ds32)); 1189 break; 1190 } 1191 1192done: 1193 if (error) { 1194 /* Invalidate the return value */ 1195 td->td_retval[0] = -1; 1196 } 1197 return (error); 1198} 1199#endif 1200 1201int 1202freebsd32_shmctl(struct thread *td, struct freebsd32_shmctl_args *uap) 1203{ 1204 int error = 0; 1205 union { 1206 struct shmid_ds shmid_ds; 1207 struct shm_info shm_info; 1208 struct shminfo shminfo; 1209 } u; 1210 union { 1211 struct shmid_ds32 shmid_ds32; 1212 struct shm_info32 shm_info32; 1213 struct shminfo32 shminfo32; 1214 } u32; 1215 size_t sz; 1216 1217 if (uap->cmd == IPC_SET) { 1218 if ((error = copyin(uap->buf, &u32.shmid_ds32, 1219 sizeof(u32.shmid_ds32)))) 1220 goto done; 1221 freebsd32_ipcperm_in(&u32.shmid_ds32.shm_perm, 1222 &u.shmid_ds.shm_perm); 1223 CP(u32.shmid_ds32, u.shmid_ds, shm_segsz); 1224 CP(u32.shmid_ds32, u.shmid_ds, shm_lpid); 1225 CP(u32.shmid_ds32, u.shmid_ds, shm_cpid); 1226 CP(u32.shmid_ds32, u.shmid_ds, shm_nattch); 1227 CP(u32.shmid_ds32, u.shmid_ds, shm_atime); 1228 CP(u32.shmid_ds32, u.shmid_ds, shm_dtime); 1229 CP(u32.shmid_ds32, u.shmid_ds, shm_ctime); 1230 } 1231 1232 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&u, &sz); 1233 if (error) 1234 goto done; 1235 1236 /* Cases in which we need to copyout */ 1237 switch (uap->cmd) { 1238 case IPC_INFO: 1239 CP(u.shminfo, u32.shminfo32, shmmax); 1240 CP(u.shminfo, u32.shminfo32, shmmin); 1241 CP(u.shminfo, u32.shminfo32, shmmni); 1242 CP(u.shminfo, u32.shminfo32, shmseg); 1243 CP(u.shminfo, u32.shminfo32, shmall); 1244 error = copyout(&u32.shminfo32, uap->buf, 1245 sizeof(u32.shminfo32)); 1246 break; 1247 case SHM_INFO: 1248 CP(u.shm_info, u32.shm_info32, used_ids); 1249 CP(u.shm_info, u32.shm_info32, shm_rss); 1250 CP(u.shm_info, u32.shm_info32, shm_tot); 1251 CP(u.shm_info, u32.shm_info32, shm_swp); 1252 CP(u.shm_info, u32.shm_info32, swap_attempts); 1253 CP(u.shm_info, u32.shm_info32, swap_successes); 1254 error = copyout(&u32.shm_info32, uap->buf, 1255 sizeof(u32.shm_info32)); 1256 break; 1257 case SHM_STAT: 1258 case IPC_STAT: 1259 freebsd32_ipcperm_out(&u.shmid_ds.shm_perm, 1260 &u32.shmid_ds32.shm_perm); 1261 if (u.shmid_ds.shm_segsz > INT32_MAX) 1262 u32.shmid_ds32.shm_segsz = INT32_MAX; 1263 else 1264 CP(u.shmid_ds, u32.shmid_ds32, shm_segsz); 1265 CP(u.shmid_ds, u32.shmid_ds32, shm_lpid); 1266 CP(u.shmid_ds, u32.shmid_ds32, shm_cpid); 1267 CP(u.shmid_ds, u32.shmid_ds32, shm_nattch); 1268 CP(u.shmid_ds, u32.shmid_ds32, shm_atime); 1269 CP(u.shmid_ds, u32.shmid_ds32, shm_dtime); 1270 CP(u.shmid_ds, u32.shmid_ds32, shm_ctime); 1271 error = copyout(&u32.shmid_ds32, uap->buf, 1272 sizeof(u32.shmid_ds32)); 1273 break; 1274 } 1275 1276done: 1277 if (error) { 1278 /* Invalidate the return value */ 1279 td->td_retval[0] = -1; 1280 } 1281 return (error); 1282} 1283#endif 1284 1285#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 1286 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 1287 1288#ifndef CP 1289#define CP(src, dst, fld) do { (dst).fld = (src).fld; } while (0) 1290#endif 1291 1292#ifndef _SYS_SYSPROTO_H_ 1293struct freebsd7_shmctl_args { 1294 int shmid; 1295 int cmd; 1296 struct shmid_ds_old *buf; 1297}; 1298#endif 1299int 1300freebsd7_shmctl(td, uap) 1301 struct thread *td; 1302 struct freebsd7_shmctl_args *uap; 1303{ 1304 int error = 0; 1305 struct shmid_ds_old old; 1306 struct shmid_ds buf; 1307 size_t bufsz; 1308 1309 /* 1310 * The only reason IPC_INFO, SHM_INFO, SHM_STAT exists is to support 1311 * Linux binaries. If we see the call come through the FreeBSD ABI, 1312 * return an error back to the user since we do not to support this. 1313 */ 1314 if (uap->cmd == IPC_INFO || uap->cmd == SHM_INFO || 1315 uap->cmd == SHM_STAT) 1316 return (EINVAL); 1317 1318 /* IPC_SET needs to copyin the buffer before calling kern_shmctl */ 1319 if (uap->cmd == IPC_SET) { 1320 if ((error = copyin(uap->buf, &old, sizeof(old)))) 1321 goto done; 1322 ipcperm_old2new(&old.shm_perm, &buf.shm_perm); 1323 CP(old, buf, shm_segsz); 1324 CP(old, buf, shm_lpid); 1325 CP(old, buf, shm_cpid); 1326 CP(old, buf, shm_nattch); 1327 CP(old, buf, shm_atime); 1328 CP(old, buf, shm_dtime); 1329 CP(old, buf, shm_ctime); 1330 } 1331 1332 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&buf, &bufsz); 1333 if (error) 1334 goto done; 1335 1336 /* Cases in which we need to copyout */ 1337 switch (uap->cmd) { 1338 case IPC_STAT: 1339 ipcperm_new2old(&buf.shm_perm, &old.shm_perm); 1340 if (buf.shm_segsz > INT_MAX) 1341 old.shm_segsz = INT_MAX; 1342 else 1343 CP(buf, old, shm_segsz); 1344 CP(buf, old, shm_lpid); 1345 CP(buf, old, shm_cpid); 1346 if (buf.shm_nattch > SHRT_MAX) 1347 old.shm_nattch = SHRT_MAX; 1348 else 1349 CP(buf, old, shm_nattch); 1350 CP(buf, old, shm_atime); 1351 CP(buf, old, shm_dtime); 1352 CP(buf, old, shm_ctime); 1353 old.shm_internal = NULL; 1354 error = copyout(&old, uap->buf, sizeof(old)); 1355 break; 1356 } 1357 1358done: 1359 if (error) { 1360 /* Invalidate the return value */ 1361 td->td_retval[0] = -1; 1362 } 1363 return (error); 1364} 1365 1366#endif /* COMPAT_FREEBSD4 || COMPAT_FREEBSD5 || COMPAT_FREEBSD6 || 1367 COMPAT_FREEBSD7 */ 1368 1369static int 1370sysvshm_modload(struct module *module, int cmd, void *arg) 1371{ 1372 int error = 0; 1373 1374 switch (cmd) { 1375 case MOD_LOAD: 1376 error = shminit(); 1377 if (error != 0) 1378 shmunload(); 1379 break; 1380 case MOD_UNLOAD: 1381 error = shmunload(); 1382 break; 1383 case MOD_SHUTDOWN: 1384 break; 1385 default: 1386 error = EINVAL; 1387 break; 1388 } 1389 return (error); 1390} 1391 1392static moduledata_t sysvshm_mod = { 1393 "sysvshm", 1394 &sysvshm_modload, 1395 NULL 1396}; 1397 1398DECLARE_MODULE(sysvshm, sysvshm_mod, SI_SUB_SYSV_SHM, SI_ORDER_FIRST); 1399MODULE_VERSION(sysvshm, 1); 1400