13d903220SDoug Rabson /* $NetBSD: sysv_shm.c,v 1.23 1994/07/04 23:25:12 glass Exp $ */ 29454b2d8SWarner Losh /*- 3*8a36da99SPedro F. Giffuni * SPDX-License-Identifier: BSD-4-Clause AND BSD-2-Clause-FreeBSD 4*8a36da99SPedro F. Giffuni * 53d903220SDoug Rabson * Copyright (c) 1994 Adam Glass and Charles Hannum. All rights reserved. 63d903220SDoug Rabson * 73d903220SDoug Rabson * Redistribution and use in source and binary forms, with or without 83d903220SDoug Rabson * modification, are permitted provided that the following conditions 93d903220SDoug Rabson * are met: 103d903220SDoug Rabson * 1. Redistributions of source code must retain the above copyright 113d903220SDoug Rabson * notice, this list of conditions and the following disclaimer. 123d903220SDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright 133d903220SDoug Rabson * notice, this list of conditions and the following disclaimer in the 143d903220SDoug Rabson * documentation and/or other materials provided with the distribution. 153d903220SDoug Rabson * 3. All advertising materials mentioning features or use of this software 163d903220SDoug Rabson * must display the following acknowledgement: 173d903220SDoug Rabson * This product includes software developed by Adam Glass and Charles 183d903220SDoug Rabson * Hannum. 193d903220SDoug Rabson * 4. The names of the authors may not be used to endorse or promote products 203d903220SDoug Rabson * derived from this software without specific prior written permission. 213d903220SDoug Rabson * 223d903220SDoug Rabson * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR 233d903220SDoug Rabson * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 243d903220SDoug Rabson * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 253d903220SDoug Rabson * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, 263d903220SDoug Rabson * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 273d903220SDoug Rabson * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 283d903220SDoug Rabson * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 293d903220SDoug Rabson * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 303d903220SDoug Rabson * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 313d903220SDoug Rabson * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 323d903220SDoug Rabson */ 3314cedfc8SRobert Watson /*- 3414cedfc8SRobert Watson * Copyright (c) 2003-2005 McAfee, Inc. 351c2da029SRobert Watson * Copyright (c) 2016-2017 Robert N. M. Watson 3614cedfc8SRobert Watson * All rights reserved. 3714cedfc8SRobert Watson * 3814cedfc8SRobert Watson * This software was developed for the FreeBSD Project in part by McAfee 3914cedfc8SRobert Watson * Research, the Security Research Division of McAfee, Inc under DARPA/SPAWAR 4014cedfc8SRobert Watson * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research 4114cedfc8SRobert Watson * program. 4214cedfc8SRobert Watson * 431c2da029SRobert Watson * Portions of this software were developed by BAE Systems, the University of 441c2da029SRobert Watson * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL 451c2da029SRobert Watson * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent 461c2da029SRobert Watson * Computing (TC) research program. 471c2da029SRobert Watson * 4814cedfc8SRobert Watson * Redistribution and use in source and binary forms, with or without 4914cedfc8SRobert Watson * modification, are permitted provided that the following conditions 5014cedfc8SRobert Watson * are met: 5114cedfc8SRobert Watson * 1. Redistributions of source code must retain the above copyright 5214cedfc8SRobert Watson * notice, this list of conditions and the following disclaimer. 5314cedfc8SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 5414cedfc8SRobert Watson * notice, this list of conditions and the following disclaimer in the 5514cedfc8SRobert Watson * documentation and/or other materials provided with the distribution. 5614cedfc8SRobert Watson * 5714cedfc8SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 5814cedfc8SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 5914cedfc8SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 6014cedfc8SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 6114cedfc8SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 6214cedfc8SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 6314cedfc8SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 6414cedfc8SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 6514cedfc8SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 6614cedfc8SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 6714cedfc8SRobert Watson * SUCH DAMAGE. 6814cedfc8SRobert Watson */ 693d903220SDoug Rabson 70677b542eSDavid E. O'Brien #include <sys/cdefs.h> 71677b542eSDavid E. O'Brien __FBSDID("$FreeBSD$"); 72677b542eSDavid E. O'Brien 735591b823SEivind Eklund #include "opt_compat.h" 74255108f3SPeter Wemm #include "opt_sysvipc.h" 75511b67b7SGarrett Wollman 763d903220SDoug Rabson #include <sys/param.h> 77725db531SBruce Evans #include <sys/systm.h> 783d903220SDoug Rabson #include <sys/kernel.h> 79b648d480SJohn Baldwin #include <sys/limits.h> 80fb919e4dSMark Murray #include <sys/lock.h> 81255108f3SPeter Wemm #include <sys/sysctl.h> 823d903220SDoug Rabson #include <sys/shm.h> 833d903220SDoug Rabson #include <sys/proc.h> 843d903220SDoug Rabson #include <sys/malloc.h> 853d903220SDoug Rabson #include <sys/mman.h> 8677409fe1SPoul-Henning Kamp #include <sys/module.h> 879dceb26bSJohn Baldwin #include <sys/mutex.h> 883bcf7445SEdward Tomasz Napierala #include <sys/racct.h> 8968ba7a1dSTim J. Robbins #include <sys/resourcevar.h> 9089f6b863SAttilio Rao #include <sys/rwlock.h> 913d903220SDoug Rabson #include <sys/stat.h> 9278525ce3SAlfred Perlstein #include <sys/syscall.h> 93f130dcf2SMartin Blapp #include <sys/syscallsubr.h> 94725db531SBruce Evans #include <sys/sysent.h> 95fb919e4dSMark Murray #include <sys/sysproto.h> 96cb1f0db9SRobert Watson #include <sys/jail.h> 97aed55708SRobert Watson 98b7830259SRobert Watson #include <security/audit/audit.h> 99aed55708SRobert Watson #include <security/mac/mac_framework.h> 1003d903220SDoug Rabson 1013d903220SDoug Rabson #include <vm/vm.h> 102efeaf95aSDavid Greenman #include <vm/vm_param.h> 103efeaf95aSDavid Greenman #include <vm/pmap.h> 104a51f7119SJohn Dyson #include <vm/vm_object.h> 1053d903220SDoug Rabson #include <vm/vm_map.h> 1061c7c3c6aSMatthew Dillon #include <vm/vm_page.h> 107ae9b8c3aSJohn Dyson #include <vm/vm_pager.h> 1083d903220SDoug Rabson 109de5b1952SAlexander Leidinger FEATURE(sysv_shm, "System V shared memory segments support"); 110de5b1952SAlexander Leidinger 111a1c995b6SPoul-Henning Kamp static MALLOC_DEFINE(M_SHM, "shm", "SVID compatible shared memory segments"); 11255166637SPoul-Henning Kamp 1134d77a549SAlfred Perlstein static int shmget_allocate_segment(struct thread *td, 1144d77a549SAlfred Perlstein struct shmget_args *uap, int mode); 1154d77a549SAlfred Perlstein static int shmget_existing(struct thread *td, struct shmget_args *uap, 1164d77a549SAlfred Perlstein int mode, int segnum); 117725db531SBruce Evans 1183d903220SDoug Rabson #define SHMSEG_FREE 0x0200 1193d903220SDoug Rabson #define SHMSEG_REMOVED 0x0400 1203d903220SDoug Rabson #define SHMSEG_ALLOCATED 0x0800 1213d903220SDoug Rabson 12265067cc8SKonstantin Belousov static int shm_last_free, shm_nused, shmalloced; 12345329b60SKonstantin Belousov vm_size_t shm_committed; 124921d05b9SRobert Watson static struct shmid_kernel *shmsegs; 12552a510acSJamie Gritton static unsigned shm_prison_slot; 1263d903220SDoug Rabson 1273d903220SDoug Rabson struct shmmap_state { 1283d903220SDoug Rabson vm_offset_t va; 1293d903220SDoug Rabson int shmid; 1303d903220SDoug Rabson }; 1313d903220SDoug Rabson 132921d05b9SRobert Watson static void shm_deallocate_segment(struct shmid_kernel *); 13352a510acSJamie Gritton static int shm_find_segment_by_key(struct prison *, key_t); 13452a510acSJamie Gritton static struct shmid_kernel *shm_find_segment(struct prison *, int, bool); 1353db161e0SMatthew Dillon static int shm_delete_mapping(struct vmspace *vm, struct shmmap_state *); 1364d77a549SAlfred Perlstein static void shmrealloc(void); 13775d633cbSKonstantin Belousov static int shminit(void); 1384d77a549SAlfred Perlstein static int sysvshm_modload(struct module *, int, void *); 1394d77a549SAlfred Perlstein static int shmunload(void); 1403db161e0SMatthew Dillon static void shmexit_myhook(struct vmspace *vm); 1414d77a549SAlfred Perlstein static void shmfork_myhook(struct proc *p1, struct proc *p2); 1424d77a549SAlfred Perlstein static int sysctl_shmsegs(SYSCTL_HANDLER_ARGS); 14352a510acSJamie Gritton static void shm_remove(struct shmid_kernel *, int); 14452a510acSJamie Gritton static struct prison *shm_find_prison(struct ucred *); 14552a510acSJamie Gritton static int shm_prison_cansee(struct prison *, struct shmid_kernel *); 14652a510acSJamie Gritton static int shm_prison_check(void *, void *); 14752a510acSJamie Gritton static int shm_prison_set(void *, void *); 14852a510acSJamie Gritton static int shm_prison_get(void *, void *); 14952a510acSJamie Gritton static int shm_prison_remove(void *, void *); 15052a510acSJamie Gritton static void shm_prison_cleanup(struct prison *); 151255108f3SPeter Wemm 152255108f3SPeter Wemm /* 153028f979dSDima Dorfman * Tuneable values. 154255108f3SPeter Wemm */ 155255108f3SPeter Wemm #ifndef SHMMAXPGS 156c1e34abfSIvan Voras #define SHMMAXPGS 131072 /* Note: sysv shared memory is swap backed. */ 157255108f3SPeter Wemm #endif 158255108f3SPeter Wemm #ifndef SHMMAX 159255108f3SPeter Wemm #define SHMMAX (SHMMAXPGS*PAGE_SIZE) 160255108f3SPeter Wemm #endif 161255108f3SPeter Wemm #ifndef SHMMIN 162255108f3SPeter Wemm #define SHMMIN 1 163255108f3SPeter Wemm #endif 164255108f3SPeter Wemm #ifndef SHMMNI 1651766b2e5SMatthew Dillon #define SHMMNI 192 166255108f3SPeter Wemm #endif 167255108f3SPeter Wemm #ifndef SHMSEG 1681766b2e5SMatthew Dillon #define SHMSEG 128 169255108f3SPeter Wemm #endif 170255108f3SPeter Wemm #ifndef SHMALL 171255108f3SPeter Wemm #define SHMALL (SHMMAXPGS) 172255108f3SPeter Wemm #endif 173255108f3SPeter Wemm 174255108f3SPeter Wemm struct shminfo shminfo = { 175af3b2549SHans Petter Selasky .shmmax = SHMMAX, 176af3b2549SHans Petter Selasky .shmmin = SHMMIN, 177af3b2549SHans Petter Selasky .shmmni = SHMMNI, 178af3b2549SHans Petter Selasky .shmseg = SHMSEG, 179af3b2549SHans Petter Selasky .shmall = SHMALL 180255108f3SPeter Wemm }; 181255108f3SPeter Wemm 1828b03c8edSMatthew Dillon static int shm_use_phys; 18392001b94SEdward Tomasz Napierala static int shm_allow_removed = 1; 1848b03c8edSMatthew Dillon 185af3b2549SHans Petter Selasky SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmax, CTLFLAG_RWTUN, &shminfo.shmmax, 0, 18684f85aedSChristian S.J. Peron "Maximum shared memory segment size"); 187af3b2549SHans Petter Selasky SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmin, CTLFLAG_RWTUN, &shminfo.shmmin, 0, 18884f85aedSChristian S.J. Peron "Minimum shared memory segment size"); 1899baea4b4SChristian S.J. Peron SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmni, CTLFLAG_RDTUN, &shminfo.shmmni, 0, 19084f85aedSChristian S.J. Peron "Number of shared memory identifiers"); 1919baea4b4SChristian S.J. Peron SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmseg, CTLFLAG_RDTUN, &shminfo.shmseg, 0, 19284f85aedSChristian S.J. Peron "Number of segments per process"); 193af3b2549SHans Petter Selasky SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmall, CTLFLAG_RWTUN, &shminfo.shmall, 0, 19484f85aedSChristian S.J. Peron "Maximum number of pages available for shared memory"); 195af3b2549SHans Petter Selasky SYSCTL_INT(_kern_ipc, OID_AUTO, shm_use_phys, CTLFLAG_RWTUN, 19684f85aedSChristian S.J. Peron &shm_use_phys, 0, "Enable/Disable locking of shared memory pages in core"); 197af3b2549SHans Petter Selasky SYSCTL_INT(_kern_ipc, OID_AUTO, shm_allow_removed, CTLFLAG_RWTUN, 19884f85aedSChristian S.J. Peron &shm_allow_removed, 0, 19984f85aedSChristian S.J. Peron "Enable/Disable attachment to attached segments marked for removal"); 2000555fb35SKonstantin Belousov SYSCTL_PROC(_kern_ipc, OID_AUTO, shmsegs, CTLTYPE_OPAQUE | CTLFLAG_RD | 2010555fb35SKonstantin Belousov CTLFLAG_MPSAFE, NULL, 0, sysctl_shmsegs, "", 20284f85aedSChristian S.J. Peron "Current number of shared memory segments allocated"); 2033d903220SDoug Rabson 2040555fb35SKonstantin Belousov static struct sx sysvshmsx; 2050555fb35SKonstantin Belousov #define SYSVSHM_LOCK() sx_xlock(&sysvshmsx) 2060555fb35SKonstantin Belousov #define SYSVSHM_UNLOCK() sx_xunlock(&sysvshmsx) 2070555fb35SKonstantin Belousov #define SYSVSHM_ASSERT_LOCKED() sx_assert(&sysvshmsx, SA_XLOCKED) 2080555fb35SKonstantin Belousov 2093d903220SDoug Rabson static int 21052a510acSJamie Gritton shm_find_segment_by_key(struct prison *pr, key_t key) 2113d903220SDoug Rabson { 2123d903220SDoug Rabson int i; 2133d903220SDoug Rabson 214255108f3SPeter Wemm for (i = 0; i < shmalloced; i++) 215921d05b9SRobert Watson if ((shmsegs[i].u.shm_perm.mode & SHMSEG_ALLOCATED) && 21652a510acSJamie Gritton shmsegs[i].cred != NULL && 21752a510acSJamie Gritton shmsegs[i].cred->cr_prison == pr && 218921d05b9SRobert Watson shmsegs[i].u.shm_perm.key == key) 219b618bb96SAlfred Perlstein return (i); 220b618bb96SAlfred Perlstein return (-1); 2213d903220SDoug Rabson } 2223d903220SDoug Rabson 2230555fb35SKonstantin Belousov /* 2240555fb35SKonstantin Belousov * Finds segment either by shmid if is_shmid is true, or by segnum if 2250555fb35SKonstantin Belousov * is_shmid is false. 2260555fb35SKonstantin Belousov */ 227921d05b9SRobert Watson static struct shmid_kernel * 22852a510acSJamie Gritton shm_find_segment(struct prison *rpr, int arg, bool is_shmid) 2293d903220SDoug Rabson { 230921d05b9SRobert Watson struct shmid_kernel *shmseg; 2310555fb35SKonstantin Belousov int segnum; 2323d903220SDoug Rabson 2330555fb35SKonstantin Belousov segnum = is_shmid ? IPCID_TO_IX(arg) : arg; 234255108f3SPeter Wemm if (segnum < 0 || segnum >= shmalloced) 235b618bb96SAlfred Perlstein return (NULL); 2363d903220SDoug Rabson shmseg = &shmsegs[segnum]; 237921d05b9SRobert Watson if ((shmseg->u.shm_perm.mode & SHMSEG_ALLOCATED) == 0 || 2382332251cSMax Khon (!shm_allow_removed && 239921d05b9SRobert Watson (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) != 0) || 24052a510acSJamie Gritton (is_shmid && shmseg->u.shm_perm.seq != IPCID_TO_SEQ(arg)) || 2410bfd7a26SJamie Gritton shm_prison_cansee(rpr, shmseg) != 0) 242b618bb96SAlfred Perlstein return (NULL); 243b618bb96SAlfred Perlstein return (shmseg); 244491dec93SMichael Reifenberger } 245491dec93SMichael Reifenberger 2463d903220SDoug Rabson static void 2470555fb35SKonstantin Belousov shm_deallocate_segment(struct shmid_kernel *shmseg) 2483d903220SDoug Rabson { 24945329b60SKonstantin Belousov vm_size_t size; 2503d903220SDoug Rabson 2510555fb35SKonstantin Belousov SYSVSHM_ASSERT_LOCKED(); 2520cddd8f0SMatthew Dillon 253b648d480SJohn Baldwin vm_object_deallocate(shmseg->object); 254b648d480SJohn Baldwin shmseg->object = NULL; 255b648d480SJohn Baldwin size = round_page(shmseg->u.shm_segsz); 2563d903220SDoug Rabson shm_committed -= btoc(size); 2573d903220SDoug Rabson shm_nused--; 258921d05b9SRobert Watson shmseg->u.shm_perm.mode = SHMSEG_FREE; 25914cedfc8SRobert Watson #ifdef MAC 26030d239bcSRobert Watson mac_sysvshm_cleanup(shmseg); 26114cedfc8SRobert Watson #endif 2623bcf7445SEdward Tomasz Napierala racct_sub_cred(shmseg->cred, RACCT_NSHM, 1); 2633bcf7445SEdward Tomasz Napierala racct_sub_cred(shmseg->cred, RACCT_SHMSIZE, size); 2648caddd81SEdward Tomasz Napierala crfree(shmseg->cred); 2658caddd81SEdward Tomasz Napierala shmseg->cred = NULL; 2663d903220SDoug Rabson } 2673d903220SDoug Rabson 2683d903220SDoug Rabson static int 2693db161e0SMatthew Dillon shm_delete_mapping(struct vmspace *vm, struct shmmap_state *shmmap_s) 2703d903220SDoug Rabson { 271921d05b9SRobert Watson struct shmid_kernel *shmseg; 2723d903220SDoug Rabson int segnum, result; 27345329b60SKonstantin Belousov vm_size_t size; 2743d903220SDoug Rabson 2750555fb35SKonstantin Belousov SYSVSHM_ASSERT_LOCKED(); 2763d903220SDoug Rabson segnum = IPCID_TO_IX(shmmap_s->shmid); 2770555fb35SKonstantin Belousov KASSERT(segnum >= 0 && segnum < shmalloced, 2780555fb35SKonstantin Belousov ("segnum %d shmalloced %d", segnum, shmalloced)); 2790555fb35SKonstantin Belousov 2803d903220SDoug Rabson shmseg = &shmsegs[segnum]; 281b648d480SJohn Baldwin size = round_page(shmseg->u.shm_segsz); 2823db161e0SMatthew Dillon result = vm_map_remove(&vm->vm_map, shmmap_s->va, shmmap_s->va + size); 2833d903220SDoug Rabson if (result != KERN_SUCCESS) 284b618bb96SAlfred Perlstein return (EINVAL); 2853d903220SDoug Rabson shmmap_s->shmid = -1; 286921d05b9SRobert Watson shmseg->u.shm_dtime = time_second; 287f63cd251SEd Schouten if (--shmseg->u.shm_nattch == 0 && 288921d05b9SRobert Watson (shmseg->u.shm_perm.mode & SHMSEG_REMOVED)) { 2893d903220SDoug Rabson shm_deallocate_segment(shmseg); 2903d903220SDoug Rabson shm_last_free = segnum; 2913d903220SDoug Rabson } 292b618bb96SAlfred Perlstein return (0); 2933d903220SDoug Rabson } 2943d903220SDoug Rabson 29552a510acSJamie Gritton static void 29652a510acSJamie Gritton shm_remove(struct shmid_kernel *shmseg, int segnum) 29752a510acSJamie Gritton { 29852a510acSJamie Gritton 29952a510acSJamie Gritton shmseg->u.shm_perm.key = IPC_PRIVATE; 30052a510acSJamie Gritton shmseg->u.shm_perm.mode |= SHMSEG_REMOVED; 301f63cd251SEd Schouten if (shmseg->u.shm_nattch == 0) { 30252a510acSJamie Gritton shm_deallocate_segment(shmseg); 30352a510acSJamie Gritton shm_last_free = segnum; 30452a510acSJamie Gritton } 30552a510acSJamie Gritton } 30652a510acSJamie Gritton 30752a510acSJamie Gritton static struct prison * 30852a510acSJamie Gritton shm_find_prison(struct ucred *cred) 30952a510acSJamie Gritton { 31052a510acSJamie Gritton struct prison *pr, *rpr; 31152a510acSJamie Gritton 31252a510acSJamie Gritton pr = cred->cr_prison; 31352a510acSJamie Gritton prison_lock(pr); 31452a510acSJamie Gritton rpr = osd_jail_get(pr, shm_prison_slot); 31552a510acSJamie Gritton prison_unlock(pr); 31652a510acSJamie Gritton return rpr; 31752a510acSJamie Gritton } 31852a510acSJamie Gritton 31952a510acSJamie Gritton static int 32052a510acSJamie Gritton shm_prison_cansee(struct prison *rpr, struct shmid_kernel *shmseg) 32152a510acSJamie Gritton { 32252a510acSJamie Gritton 32352a510acSJamie Gritton if (shmseg->cred == NULL || 32452a510acSJamie Gritton !(rpr == shmseg->cred->cr_prison || 32552a510acSJamie Gritton prison_ischild(rpr, shmseg->cred->cr_prison))) 32652a510acSJamie Gritton return (EINVAL); 32752a510acSJamie Gritton return (0); 32852a510acSJamie Gritton } 32952a510acSJamie Gritton 3300555fb35SKonstantin Belousov static int 3310555fb35SKonstantin Belousov kern_shmdt_locked(struct thread *td, const void *shmaddr) 3323d903220SDoug Rabson { 333b40ce416SJulian Elischer struct proc *p = td->td_proc; 3343d903220SDoug Rabson struct shmmap_state *shmmap_s; 3351c2da029SRobert Watson #if defined(AUDIT) || defined(MAC) 33614cedfc8SRobert Watson struct shmid_kernel *shmsegptr; 3371c2da029SRobert Watson #endif 3381c2da029SRobert Watson #ifdef MAC 339e2f5418eSMateusz Guzik int error; 34014cedfc8SRobert Watson #endif 341e2f5418eSMateusz Guzik int i; 3423d903220SDoug Rabson 3430555fb35SKonstantin Belousov SYSVSHM_ASSERT_LOCKED(); 34452a510acSJamie Gritton if (shm_find_prison(td->td_ucred) == NULL) 345c6f55f33SJohn Baldwin return (ENOSYS); 3468209f090SAlfred Perlstein shmmap_s = p->p_vmspace->vm_shm; 3470555fb35SKonstantin Belousov if (shmmap_s == NULL) 3480555fb35SKonstantin Belousov return (EINVAL); 3491c2da029SRobert Watson AUDIT_ARG_SVIPC_ID(shmmap_s->shmid); 350b6a4b4f9SMatthew Dillon for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) { 3513d903220SDoug Rabson if (shmmap_s->shmid != -1 && 3520555fb35SKonstantin Belousov shmmap_s->va == (vm_offset_t)shmaddr) { 3533d903220SDoug Rabson break; 354b6a4b4f9SMatthew Dillon } 355b6a4b4f9SMatthew Dillon } 3560555fb35SKonstantin Belousov if (i == shminfo.shmseg) 3570555fb35SKonstantin Belousov return (EINVAL); 3581c2da029SRobert Watson #if (defined(AUDIT) && defined(KDTRACE_HOOKS)) || defined(MAC) 35914cedfc8SRobert Watson shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)]; 3601c2da029SRobert Watson #endif 3611c2da029SRobert Watson #ifdef MAC 36230d239bcSRobert Watson error = mac_sysvshm_check_shmdt(td->td_ucred, shmsegptr); 363f50c4fd8SRobert Watson if (error != 0) 3640555fb35SKonstantin Belousov return (error); 36514cedfc8SRobert Watson #endif 366e2f5418eSMateusz Guzik return (shm_delete_mapping(p->p_vmspace, shmmap_s)); 3673d903220SDoug Rabson } 3683d903220SDoug Rabson 369b5d5c0c9SPeter Wemm #ifndef _SYS_SYSPROTO_H_ 3700555fb35SKonstantin Belousov struct shmdt_args { 371e1d7d0bbSAlfred Perlstein const void *shmaddr; 3723d903220SDoug Rabson }; 373b5d5c0c9SPeter Wemm #endif 3743d903220SDoug Rabson int 3750555fb35SKonstantin Belousov sys_shmdt(struct thread *td, struct shmdt_args *uap) 3760555fb35SKonstantin Belousov { 3770555fb35SKonstantin Belousov int error; 3780555fb35SKonstantin Belousov 3790555fb35SKonstantin Belousov SYSVSHM_LOCK(); 3800555fb35SKonstantin Belousov error = kern_shmdt_locked(td, uap->shmaddr); 3810555fb35SKonstantin Belousov SYSVSHM_UNLOCK(); 3820555fb35SKonstantin Belousov return (error); 3830555fb35SKonstantin Belousov } 3840555fb35SKonstantin Belousov 3850555fb35SKonstantin Belousov static int 3860555fb35SKonstantin Belousov kern_shmat_locked(struct thread *td, int shmid, const void *shmaddr, 3870555fb35SKonstantin Belousov int shmflg) 3883d903220SDoug Rabson { 38952a510acSJamie Gritton struct prison *rpr; 390b40ce416SJulian Elischer struct proc *p = td->td_proc; 391921d05b9SRobert Watson struct shmid_kernel *shmseg; 3920122d251SKonstantin Belousov struct shmmap_state *shmmap_s; 3933d903220SDoug Rabson vm_offset_t attach_va; 3943d903220SDoug Rabson vm_prot_t prot; 3953d903220SDoug Rabson vm_size_t size; 3960555fb35SKonstantin Belousov int error, i, rv; 3973d903220SDoug Rabson 3981c2da029SRobert Watson AUDIT_ARG_SVIPC_ID(shmid); 3991c2da029SRobert Watson AUDIT_ARG_VALUE(shmflg); 4001c2da029SRobert Watson 4010555fb35SKonstantin Belousov SYSVSHM_ASSERT_LOCKED(); 40252a510acSJamie Gritton rpr = shm_find_prison(td->td_ucred); 40352a510acSJamie Gritton if (rpr == NULL) 404c6f55f33SJohn Baldwin return (ENOSYS); 4058209f090SAlfred Perlstein shmmap_s = p->p_vmspace->vm_shm; 4063d903220SDoug Rabson if (shmmap_s == NULL) { 40745329b60SKonstantin Belousov shmmap_s = malloc(shminfo.shmseg * sizeof(struct shmmap_state), 40845329b60SKonstantin Belousov M_SHM, M_WAITOK); 4093d903220SDoug Rabson for (i = 0; i < shminfo.shmseg; i++) 4103d903220SDoug Rabson shmmap_s[i].shmid = -1; 4110555fb35SKonstantin Belousov KASSERT(p->p_vmspace->vm_shm == NULL, ("raced")); 4122cc593fdSAlfred Perlstein p->p_vmspace->vm_shm = shmmap_s; 4133d903220SDoug Rabson } 41452a510acSJamie Gritton shmseg = shm_find_segment(rpr, shmid, true); 4150555fb35SKonstantin Belousov if (shmseg == NULL) 4160555fb35SKonstantin Belousov return (EINVAL); 417921d05b9SRobert Watson error = ipcperm(td, &shmseg->u.shm_perm, 418f130dcf2SMartin Blapp (shmflg & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W); 4190555fb35SKonstantin Belousov if (error != 0) 4200555fb35SKonstantin Belousov return (error); 42114cedfc8SRobert Watson #ifdef MAC 42230d239bcSRobert Watson error = mac_sysvshm_check_shmat(td->td_ucred, shmseg, shmflg); 423f50c4fd8SRobert Watson if (error != 0) 4240555fb35SKonstantin Belousov return (error); 42514cedfc8SRobert Watson #endif 4263d903220SDoug Rabson for (i = 0; i < shminfo.shmseg; i++) { 4273d903220SDoug Rabson if (shmmap_s->shmid == -1) 4283d903220SDoug Rabson break; 4293d903220SDoug Rabson shmmap_s++; 4303d903220SDoug Rabson } 4310555fb35SKonstantin Belousov if (i >= shminfo.shmseg) 4320555fb35SKonstantin Belousov return (EMFILE); 433b648d480SJohn Baldwin size = round_page(shmseg->u.shm_segsz); 4343d903220SDoug Rabson prot = VM_PROT_READ; 435f130dcf2SMartin Blapp if ((shmflg & SHM_RDONLY) == 0) 4363d903220SDoug Rabson prot |= VM_PROT_WRITE; 4370555fb35SKonstantin Belousov if (shmaddr != NULL) { 4380555fb35SKonstantin Belousov if ((shmflg & SHM_RND) != 0) 439d9c9c81cSPedro F. Giffuni attach_va = rounddown2((vm_offset_t)shmaddr, SHMLBA); 4400555fb35SKonstantin Belousov else if (((vm_offset_t)shmaddr & (SHMLBA-1)) == 0) 441f130dcf2SMartin Blapp attach_va = (vm_offset_t)shmaddr; 4420555fb35SKonstantin Belousov else 4430555fb35SKonstantin Belousov return (EINVAL); 4443d903220SDoug Rabson } else { 445028f979dSDima Dorfman /* 446028f979dSDima Dorfman * This is just a hint to vm_map_find() about where to 447028f979dSDima Dorfman * put it. 448028f979dSDima Dorfman */ 44968ba7a1dSTim J. Robbins attach_va = round_page((vm_offset_t)p->p_vmspace->vm_daddr + 45077a26248SMateusz Guzik lim_max(td, RLIMIT_DATA)); 4513d903220SDoug Rabson } 452a51f7119SJohn Dyson 453b648d480SJohn Baldwin vm_object_reference(shmseg->object); 45401a8fb7dSAlan Cox rv = vm_map_find(&p->p_vmspace->vm_map, shmseg->object, 0, &attach_va, 45501a8fb7dSAlan Cox size, 0, shmaddr != NULL ? VMFS_NO_SPACE : VMFS_OPTIMAL_SPACE, 45601a8fb7dSAlan Cox prot, prot, MAP_INHERIT_SHARE | MAP_PREFAULT_PARTIAL); 457a51f7119SJohn Dyson if (rv != KERN_SUCCESS) { 458b648d480SJohn Baldwin vm_object_deallocate(shmseg->object); 4590555fb35SKonstantin Belousov return (ENOMEM); 460a51f7119SJohn Dyson } 4610463028cSJohn Dyson 4623d903220SDoug Rabson shmmap_s->va = attach_va; 463f130dcf2SMartin Blapp shmmap_s->shmid = shmid; 464921d05b9SRobert Watson shmseg->u.shm_lpid = p->p_pid; 465921d05b9SRobert Watson shmseg->u.shm_atime = time_second; 466921d05b9SRobert Watson shmseg->u.shm_nattch++; 467b40ce416SJulian Elischer td->td_retval[0] = attach_va; 468b6a4b4f9SMatthew Dillon return (error); 4693d903220SDoug Rabson } 4703d903220SDoug Rabson 471f130dcf2SMartin Blapp int 4720555fb35SKonstantin Belousov kern_shmat(struct thread *td, int shmid, const void *shmaddr, int shmflg) 473f130dcf2SMartin Blapp { 4740555fb35SKonstantin Belousov int error; 4750555fb35SKonstantin Belousov 4760555fb35SKonstantin Belousov SYSVSHM_LOCK(); 4770555fb35SKonstantin Belousov error = kern_shmat_locked(td, shmid, shmaddr, shmflg); 4780555fb35SKonstantin Belousov SYSVSHM_UNLOCK(); 4790555fb35SKonstantin Belousov return (error); 480f130dcf2SMartin Blapp } 481f130dcf2SMartin Blapp 4820555fb35SKonstantin Belousov #ifndef _SYS_SYSPROTO_H_ 4830555fb35SKonstantin Belousov struct shmat_args { 484f130dcf2SMartin Blapp int shmid; 4850555fb35SKonstantin Belousov const void *shmaddr; 4860555fb35SKonstantin Belousov int shmflg; 4870555fb35SKonstantin Belousov }; 4880555fb35SKonstantin Belousov #endif 4890555fb35SKonstantin Belousov int 4900555fb35SKonstantin Belousov sys_shmat(struct thread *td, struct shmat_args *uap) 4913d903220SDoug Rabson { 4920555fb35SKonstantin Belousov 4930555fb35SKonstantin Belousov return (kern_shmat(td, uap->shmid, uap->shmaddr, uap->shmflg)); 4940555fb35SKonstantin Belousov } 4950555fb35SKonstantin Belousov 4960555fb35SKonstantin Belousov static int 4970555fb35SKonstantin Belousov kern_shmctl_locked(struct thread *td, int shmid, int cmd, void *buf, 4980555fb35SKonstantin Belousov size_t *bufsz) 4990555fb35SKonstantin Belousov { 50052a510acSJamie Gritton struct prison *rpr; 501921d05b9SRobert Watson struct shmid_kernel *shmseg; 5020555fb35SKonstantin Belousov struct shmid_ds *shmidp; 5030555fb35SKonstantin Belousov struct shm_info shm_info; 5040555fb35SKonstantin Belousov int error; 5050555fb35SKonstantin Belousov 5060555fb35SKonstantin Belousov SYSVSHM_ASSERT_LOCKED(); 5073d903220SDoug Rabson 50852a510acSJamie Gritton rpr = shm_find_prison(td->td_ucred); 50952a510acSJamie Gritton if (rpr == NULL) 510c6f55f33SJohn Baldwin return (ENOSYS); 511f130dcf2SMartin Blapp 5121c2da029SRobert Watson AUDIT_ARG_SVIPC_ID(shmid); 5131c2da029SRobert Watson AUDIT_ARG_SVIPC_CMD(cmd); 5141c2da029SRobert Watson 515f130dcf2SMartin Blapp switch (cmd) { 5164f18813fSChristian S.J. Peron /* 5174f18813fSChristian S.J. Peron * It is possible that kern_shmctl is being called from the Linux ABI 5184f18813fSChristian S.J. Peron * layer, in which case, we will need to implement IPC_INFO. It should 5194f18813fSChristian S.J. Peron * be noted that other shmctl calls will be funneled through here for 5204f18813fSChristian S.J. Peron * Linix binaries as well. 5214f18813fSChristian S.J. Peron * 5224f18813fSChristian S.J. Peron * NB: The Linux ABI layer will convert this data to structure(s) more 5234f18813fSChristian S.J. Peron * consistent with the Linux ABI. 5244f18813fSChristian S.J. Peron */ 525491dec93SMichael Reifenberger case IPC_INFO: 526f130dcf2SMartin Blapp memcpy(buf, &shminfo, sizeof(shminfo)); 527f130dcf2SMartin Blapp if (bufsz) 528f130dcf2SMartin Blapp *bufsz = sizeof(shminfo); 529491dec93SMichael Reifenberger td->td_retval[0] = shmalloced; 5300555fb35SKonstantin Belousov return (0); 531491dec93SMichael Reifenberger case SHM_INFO: { 532491dec93SMichael Reifenberger shm_info.used_ids = shm_nused; 533491dec93SMichael Reifenberger shm_info.shm_rss = 0; /*XXX where to get from ? */ 534491dec93SMichael Reifenberger shm_info.shm_tot = 0; /*XXX where to get from ? */ 535491dec93SMichael Reifenberger shm_info.shm_swp = 0; /*XXX where to get from ? */ 536491dec93SMichael Reifenberger shm_info.swap_attempts = 0; /*XXX where to get from ? */ 537491dec93SMichael Reifenberger shm_info.swap_successes = 0; /*XXX where to get from ? */ 538f130dcf2SMartin Blapp memcpy(buf, &shm_info, sizeof(shm_info)); 5390555fb35SKonstantin Belousov if (bufsz != NULL) 540f130dcf2SMartin Blapp *bufsz = sizeof(shm_info); 541491dec93SMichael Reifenberger td->td_retval[0] = shmalloced; 5420555fb35SKonstantin Belousov return (0); 543491dec93SMichael Reifenberger } 544491dec93SMichael Reifenberger } 54552a510acSJamie Gritton shmseg = shm_find_segment(rpr, shmid, cmd != SHM_STAT); 5460555fb35SKonstantin Belousov if (shmseg == NULL) 5470555fb35SKonstantin Belousov return (EINVAL); 54814cedfc8SRobert Watson #ifdef MAC 54930d239bcSRobert Watson error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, cmd); 550f50c4fd8SRobert Watson if (error != 0) 5510555fb35SKonstantin Belousov return (error); 55214cedfc8SRobert Watson #endif 553f130dcf2SMartin Blapp switch (cmd) { 554491dec93SMichael Reifenberger case SHM_STAT: 5553d903220SDoug Rabson case IPC_STAT: 55652a510acSJamie Gritton shmidp = (struct shmid_ds *)buf; 557921d05b9SRobert Watson error = ipcperm(td, &shmseg->u.shm_perm, IPC_R); 5580555fb35SKonstantin Belousov if (error != 0) 5590555fb35SKonstantin Belousov return (error); 56052a510acSJamie Gritton memcpy(shmidp, &shmseg->u, sizeof(struct shmid_ds)); 56152a510acSJamie Gritton if (td->td_ucred->cr_prison != shmseg->cred->cr_prison) 56252a510acSJamie Gritton shmidp->shm_perm.key = IPC_PRIVATE; 5630555fb35SKonstantin Belousov if (bufsz != NULL) 564f130dcf2SMartin Blapp *bufsz = sizeof(struct shmid_ds); 5650555fb35SKonstantin Belousov if (cmd == SHM_STAT) { 5660555fb35SKonstantin Belousov td->td_retval[0] = IXSEQ_TO_IPCID(shmid, 5670555fb35SKonstantin Belousov shmseg->u.shm_perm); 5680555fb35SKonstantin Belousov } 5693d903220SDoug Rabson break; 5700555fb35SKonstantin Belousov case IPC_SET: 5710555fb35SKonstantin Belousov shmidp = (struct shmid_ds *)buf; 5721c2da029SRobert Watson AUDIT_ARG_SVIPC_PERM(&shmidp->shm_perm); 573921d05b9SRobert Watson error = ipcperm(td, &shmseg->u.shm_perm, IPC_M); 5740555fb35SKonstantin Belousov if (error != 0) 5750555fb35SKonstantin Belousov return (error); 5760555fb35SKonstantin Belousov shmseg->u.shm_perm.uid = shmidp->shm_perm.uid; 5770555fb35SKonstantin Belousov shmseg->u.shm_perm.gid = shmidp->shm_perm.gid; 578921d05b9SRobert Watson shmseg->u.shm_perm.mode = 579921d05b9SRobert Watson (shmseg->u.shm_perm.mode & ~ACCESSPERMS) | 5800555fb35SKonstantin Belousov (shmidp->shm_perm.mode & ACCESSPERMS); 581921d05b9SRobert Watson shmseg->u.shm_ctime = time_second; 5823d903220SDoug Rabson break; 5833d903220SDoug Rabson case IPC_RMID: 584921d05b9SRobert Watson error = ipcperm(td, &shmseg->u.shm_perm, IPC_M); 5850555fb35SKonstantin Belousov if (error != 0) 5860555fb35SKonstantin Belousov return (error); 58752a510acSJamie Gritton shm_remove(shmseg, IPCID_TO_IX(shmid)); 5883d903220SDoug Rabson break; 5893d903220SDoug Rabson #if 0 5903d903220SDoug Rabson case SHM_LOCK: 5913d903220SDoug Rabson case SHM_UNLOCK: 5923d903220SDoug Rabson #endif 5933d903220SDoug Rabson default: 594b6a4b4f9SMatthew Dillon error = EINVAL; 595b6a4b4f9SMatthew Dillon break; 5963d903220SDoug Rabson } 597b6a4b4f9SMatthew Dillon return (error); 5983d903220SDoug Rabson } 5993d903220SDoug Rabson 6000555fb35SKonstantin Belousov int 6010555fb35SKonstantin Belousov kern_shmctl(struct thread *td, int shmid, int cmd, void *buf, size_t *bufsz) 6020555fb35SKonstantin Belousov { 6030555fb35SKonstantin Belousov int error; 6040555fb35SKonstantin Belousov 6050555fb35SKonstantin Belousov SYSVSHM_LOCK(); 6060555fb35SKonstantin Belousov error = kern_shmctl_locked(td, shmid, cmd, buf, bufsz); 6070555fb35SKonstantin Belousov SYSVSHM_UNLOCK(); 6080555fb35SKonstantin Belousov return (error); 6090555fb35SKonstantin Belousov } 6100555fb35SKonstantin Belousov 6110555fb35SKonstantin Belousov 61271361470SJohn Baldwin #ifndef _SYS_SYSPROTO_H_ 61371361470SJohn Baldwin struct shmctl_args { 61471361470SJohn Baldwin int shmid; 61571361470SJohn Baldwin int cmd; 61671361470SJohn Baldwin struct shmid_ds *buf; 61771361470SJohn Baldwin }; 61871361470SJohn Baldwin #endif 619f130dcf2SMartin Blapp int 6200555fb35SKonstantin Belousov sys_shmctl(struct thread *td, struct shmctl_args *uap) 621f130dcf2SMartin Blapp { 622e2f5418eSMateusz Guzik int error; 623f130dcf2SMartin Blapp struct shmid_ds buf; 624f130dcf2SMartin Blapp size_t bufsz; 625f130dcf2SMartin Blapp 6264f18813fSChristian S.J. Peron /* 6274f18813fSChristian S.J. Peron * The only reason IPC_INFO, SHM_INFO, SHM_STAT exists is to support 6284f18813fSChristian S.J. Peron * Linux binaries. If we see the call come through the FreeBSD ABI, 6294f18813fSChristian S.J. Peron * return an error back to the user since we do not to support this. 6304f18813fSChristian S.J. Peron */ 6314f18813fSChristian S.J. Peron if (uap->cmd == IPC_INFO || uap->cmd == SHM_INFO || 6324f18813fSChristian S.J. Peron uap->cmd == SHM_STAT) 6334f18813fSChristian S.J. Peron return (EINVAL); 6344f18813fSChristian S.J. Peron 635f130dcf2SMartin Blapp /* IPC_SET needs to copyin the buffer before calling kern_shmctl */ 636f130dcf2SMartin Blapp if (uap->cmd == IPC_SET) { 637f130dcf2SMartin Blapp if ((error = copyin(uap->buf, &buf, sizeof(struct shmid_ds)))) 638f130dcf2SMartin Blapp goto done; 639f130dcf2SMartin Blapp } 640f130dcf2SMartin Blapp 6412332251cSMax Khon error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&buf, &bufsz); 642f130dcf2SMartin Blapp if (error) 643f130dcf2SMartin Blapp goto done; 644f130dcf2SMartin Blapp 645f130dcf2SMartin Blapp /* Cases in which we need to copyout */ 646f130dcf2SMartin Blapp switch (uap->cmd) { 647f130dcf2SMartin Blapp case IPC_STAT: 648f130dcf2SMartin Blapp error = copyout(&buf, uap->buf, bufsz); 649f130dcf2SMartin Blapp break; 650f130dcf2SMartin Blapp } 651f130dcf2SMartin Blapp 652f130dcf2SMartin Blapp done: 653f130dcf2SMartin Blapp if (error) { 654f130dcf2SMartin Blapp /* Invalidate the return value */ 655f130dcf2SMartin Blapp td->td_retval[0] = -1; 656f130dcf2SMartin Blapp } 657f130dcf2SMartin Blapp return (error); 658f130dcf2SMartin Blapp } 659f130dcf2SMartin Blapp 660f130dcf2SMartin Blapp 6613d903220SDoug Rabson static int 6620555fb35SKonstantin Belousov shmget_existing(struct thread *td, struct shmget_args *uap, int mode, 6630555fb35SKonstantin Belousov int segnum) 6643d903220SDoug Rabson { 665921d05b9SRobert Watson struct shmid_kernel *shmseg; 666d8d2f476SOlivier Houchard #ifdef MAC 6673d903220SDoug Rabson int error; 668d8d2f476SOlivier Houchard #endif 6693d903220SDoug Rabson 6700555fb35SKonstantin Belousov SYSVSHM_ASSERT_LOCKED(); 6710555fb35SKonstantin Belousov KASSERT(segnum >= 0 && segnum < shmalloced, 6720555fb35SKonstantin Belousov ("segnum %d shmalloced %d", segnum, shmalloced)); 6733d903220SDoug Rabson shmseg = &shmsegs[segnum]; 674dc92aa57SAlan Cox if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL)) 675b618bb96SAlfred Perlstein return (EEXIST); 67614cedfc8SRobert Watson #ifdef MAC 67730d239bcSRobert Watson error = mac_sysvshm_check_shmget(td->td_ucred, shmseg, uap->shmflg); 678f50c4fd8SRobert Watson if (error != 0) 6797723d5edSRobert Watson return (error); 68014cedfc8SRobert Watson #endif 681b648d480SJohn Baldwin if (uap->size != 0 && uap->size > shmseg->u.shm_segsz) 682b618bb96SAlfred Perlstein return (EINVAL); 683921d05b9SRobert Watson td->td_retval[0] = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm); 684b618bb96SAlfred Perlstein return (0); 6853d903220SDoug Rabson } 6863d903220SDoug Rabson 6873d903220SDoug Rabson static int 6880555fb35SKonstantin Belousov shmget_allocate_segment(struct thread *td, struct shmget_args *uap, int mode) 6893d903220SDoug Rabson { 690a854ed98SJohn Baldwin struct ucred *cred = td->td_ucred; 691921d05b9SRobert Watson struct shmid_kernel *shmseg; 6920049f8b2SAlan Cox vm_object_t shm_object; 6930555fb35SKonstantin Belousov int i, segnum; 6940555fb35SKonstantin Belousov size_t size; 6953d903220SDoug Rabson 6960555fb35SKonstantin Belousov SYSVSHM_ASSERT_LOCKED(); 6970cddd8f0SMatthew Dillon 6983d903220SDoug Rabson if (uap->size < shminfo.shmmin || uap->size > shminfo.shmmax) 699b618bb96SAlfred Perlstein return (EINVAL); 700028f979dSDima Dorfman if (shm_nused >= shminfo.shmmni) /* Any shmids left? */ 701b618bb96SAlfred Perlstein return (ENOSPC); 7029e609ddeSJoerg Wunsch size = round_page(uap->size); 7033d903220SDoug Rabson if (shm_committed + btoc(size) > shminfo.shmall) 704b618bb96SAlfred Perlstein return (ENOMEM); 7053d903220SDoug Rabson if (shm_last_free < 0) { 706028f979dSDima Dorfman shmrealloc(); /* Maybe expand the shmsegs[] array. */ 707255108f3SPeter Wemm for (i = 0; i < shmalloced; i++) 708921d05b9SRobert Watson if (shmsegs[i].u.shm_perm.mode & SHMSEG_FREE) 7093d903220SDoug Rabson break; 710255108f3SPeter Wemm if (i == shmalloced) 711b618bb96SAlfred Perlstein return (ENOSPC); 7123d903220SDoug Rabson segnum = i; 7133d903220SDoug Rabson } else { 7143d903220SDoug Rabson segnum = shm_last_free; 7153d903220SDoug Rabson shm_last_free = -1; 7163d903220SDoug Rabson } 7170555fb35SKonstantin Belousov KASSERT(segnum >= 0 && segnum < shmalloced, 7180555fb35SKonstantin Belousov ("segnum %d shmalloced %d", segnum, shmalloced)); 7193d903220SDoug Rabson shmseg = &shmsegs[segnum]; 720afcc55f3SEdward Tomasz Napierala #ifdef RACCT 7214b5c9cf6SEdward Tomasz Napierala if (racct_enable) { 7223bcf7445SEdward Tomasz Napierala PROC_LOCK(td->td_proc); 7233bcf7445SEdward Tomasz Napierala if (racct_add(td->td_proc, RACCT_NSHM, 1)) { 7243bcf7445SEdward Tomasz Napierala PROC_UNLOCK(td->td_proc); 7253bcf7445SEdward Tomasz Napierala return (ENOSPC); 7263bcf7445SEdward Tomasz Napierala } 7273bcf7445SEdward Tomasz Napierala if (racct_add(td->td_proc, RACCT_SHMSIZE, size)) { 7283bcf7445SEdward Tomasz Napierala racct_sub(td->td_proc, RACCT_NSHM, 1); 7293bcf7445SEdward Tomasz Napierala PROC_UNLOCK(td->td_proc); 7303bcf7445SEdward Tomasz Napierala return (ENOMEM); 7313bcf7445SEdward Tomasz Napierala } 7323bcf7445SEdward Tomasz Napierala PROC_UNLOCK(td->td_proc); 7334b5c9cf6SEdward Tomasz Napierala } 734afcc55f3SEdward Tomasz Napierala #endif 735a51f7119SJohn Dyson 736ae9b8c3aSJohn Dyson /* 737ae9b8c3aSJohn Dyson * We make sure that we have allocated a pager before we need 738ae9b8c3aSJohn Dyson * to. 739ae9b8c3aSJohn Dyson */ 7403364c323SKonstantin Belousov shm_object = vm_pager_allocate(shm_use_phys ? OBJT_PHYS : OBJT_SWAP, 7413364c323SKonstantin Belousov 0, size, VM_PROT_DEFAULT, 0, cred); 7423bcf7445SEdward Tomasz Napierala if (shm_object == NULL) { 743afcc55f3SEdward Tomasz Napierala #ifdef RACCT 7444b5c9cf6SEdward Tomasz Napierala if (racct_enable) { 7453bcf7445SEdward Tomasz Napierala PROC_LOCK(td->td_proc); 7463bcf7445SEdward Tomasz Napierala racct_sub(td->td_proc, RACCT_NSHM, 1); 7473bcf7445SEdward Tomasz Napierala racct_sub(td->td_proc, RACCT_SHMSIZE, size); 7483bcf7445SEdward Tomasz Napierala PROC_UNLOCK(td->td_proc); 7494b5c9cf6SEdward Tomasz Napierala } 750afcc55f3SEdward Tomasz Napierala #endif 7513364c323SKonstantin Belousov return (ENOMEM); 7523bcf7445SEdward Tomasz Napierala } 753c2d5d3eeSAlan Cox shm_object->pg_color = 0; 75489f6b863SAttilio Rao VM_OBJECT_WLOCK(shm_object); 7550049f8b2SAlan Cox vm_object_clear_flag(shm_object, OBJ_ONEMAPPING); 756c2d5d3eeSAlan Cox vm_object_set_flag(shm_object, OBJ_COLORED | OBJ_NOSPLIT); 75789f6b863SAttilio Rao VM_OBJECT_WUNLOCK(shm_object); 758cbd8ec09SJohn Dyson 759b648d480SJohn Baldwin shmseg->object = shm_object; 760921d05b9SRobert Watson shmseg->u.shm_perm.cuid = shmseg->u.shm_perm.uid = cred->cr_uid; 761921d05b9SRobert Watson shmseg->u.shm_perm.cgid = shmseg->u.shm_perm.gid = cred->cr_gid; 7620555fb35SKonstantin Belousov shmseg->u.shm_perm.mode = (mode & ACCESSPERMS) | SHMSEG_ALLOCATED; 7630555fb35SKonstantin Belousov shmseg->u.shm_perm.key = uap->key; 7640555fb35SKonstantin Belousov shmseg->u.shm_perm.seq = (shmseg->u.shm_perm.seq + 1) & 0x7fff; 765b1fb5f9cSEdward Tomasz Napierala shmseg->cred = crhold(cred); 766921d05b9SRobert Watson shmseg->u.shm_segsz = uap->size; 767921d05b9SRobert Watson shmseg->u.shm_cpid = td->td_proc->p_pid; 768921d05b9SRobert Watson shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0; 769921d05b9SRobert Watson shmseg->u.shm_atime = shmseg->u.shm_dtime = 0; 77014cedfc8SRobert Watson #ifdef MAC 77130d239bcSRobert Watson mac_sysvshm_create(cred, shmseg); 77214cedfc8SRobert Watson #endif 773921d05b9SRobert Watson shmseg->u.shm_ctime = time_second; 7743d903220SDoug Rabson shm_committed += btoc(size); 7753d903220SDoug Rabson shm_nused++; 7760555fb35SKonstantin Belousov td->td_retval[0] = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm); 7770555fb35SKonstantin Belousov 778b618bb96SAlfred Perlstein return (0); 7793d903220SDoug Rabson } 7803d903220SDoug Rabson 78171361470SJohn Baldwin #ifndef _SYS_SYSPROTO_H_ 78271361470SJohn Baldwin struct shmget_args { 78371361470SJohn Baldwin key_t key; 78471361470SJohn Baldwin size_t size; 78571361470SJohn Baldwin int shmflg; 78671361470SJohn Baldwin }; 78771361470SJohn Baldwin #endif 7883d903220SDoug Rabson int 7890555fb35SKonstantin Belousov sys_shmget(struct thread *td, struct shmget_args *uap) 7903d903220SDoug Rabson { 791b6a4b4f9SMatthew Dillon int segnum, mode; 792b6a4b4f9SMatthew Dillon int error; 7933d903220SDoug Rabson 79452a510acSJamie Gritton if (shm_find_prison(td->td_ucred) == NULL) 795c6f55f33SJohn Baldwin return (ENOSYS); 7963d903220SDoug Rabson mode = uap->shmflg & ACCESSPERMS; 7970555fb35SKonstantin Belousov SYSVSHM_LOCK(); 7980555fb35SKonstantin Belousov if (uap->key == IPC_PRIVATE) { 799b40ce416SJulian Elischer error = shmget_allocate_segment(td, uap, mode); 8000555fb35SKonstantin Belousov } else { 80152a510acSJamie Gritton segnum = shm_find_segment_by_key(td->td_ucred->cr_prison, 80252a510acSJamie Gritton uap->key); 8030555fb35SKonstantin Belousov if (segnum >= 0) 8040555fb35SKonstantin Belousov error = shmget_existing(td, uap, mode, segnum); 8050555fb35SKonstantin Belousov else if ((uap->shmflg & IPC_CREAT) == 0) 8060555fb35SKonstantin Belousov error = ENOENT; 8070555fb35SKonstantin Belousov else 8080555fb35SKonstantin Belousov error = shmget_allocate_segment(td, uap, mode); 8090555fb35SKonstantin Belousov } 8100555fb35SKonstantin Belousov SYSVSHM_UNLOCK(); 811b6a4b4f9SMatthew Dillon return (error); 8123d903220SDoug Rabson } 8133d903220SDoug Rabson 81478525ce3SAlfred Perlstein static void 8150555fb35SKonstantin Belousov shmfork_myhook(struct proc *p1, struct proc *p2) 8163d903220SDoug Rabson { 8173d903220SDoug Rabson struct shmmap_state *shmmap_s; 8183d903220SDoug Rabson size_t size; 8193d903220SDoug Rabson int i; 8203d903220SDoug Rabson 8210555fb35SKonstantin Belousov SYSVSHM_LOCK(); 8223d903220SDoug Rabson size = shminfo.shmseg * sizeof(struct shmmap_state); 823a163d034SWarner Losh shmmap_s = malloc(size, M_SHM, M_WAITOK); 8242cc593fdSAlfred Perlstein bcopy(p1->p_vmspace->vm_shm, shmmap_s, size); 8252cc593fdSAlfred Perlstein p2->p_vmspace->vm_shm = shmmap_s; 8260555fb35SKonstantin Belousov for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) { 8270555fb35SKonstantin Belousov if (shmmap_s->shmid != -1) { 8280555fb35SKonstantin Belousov KASSERT(IPCID_TO_IX(shmmap_s->shmid) >= 0 && 8290555fb35SKonstantin Belousov IPCID_TO_IX(shmmap_s->shmid) < shmalloced, 8300555fb35SKonstantin Belousov ("segnum %d shmalloced %d", 8310555fb35SKonstantin Belousov IPCID_TO_IX(shmmap_s->shmid), shmalloced)); 832921d05b9SRobert Watson shmsegs[IPCID_TO_IX(shmmap_s->shmid)].u.shm_nattch++; 8330555fb35SKonstantin Belousov } 8340555fb35SKonstantin Belousov } 8350555fb35SKonstantin Belousov SYSVSHM_UNLOCK(); 8363d903220SDoug Rabson } 8373d903220SDoug Rabson 83878525ce3SAlfred Perlstein static void 8393db161e0SMatthew Dillon shmexit_myhook(struct vmspace *vm) 8403d903220SDoug Rabson { 8413db161e0SMatthew Dillon struct shmmap_state *base, *shm; 8423d903220SDoug Rabson int i; 8433d903220SDoug Rabson 8440555fb35SKonstantin Belousov base = vm->vm_shm; 8450555fb35SKonstantin Belousov if (base != NULL) { 8463db161e0SMatthew Dillon vm->vm_shm = NULL; 8470555fb35SKonstantin Belousov SYSVSHM_LOCK(); 8483db161e0SMatthew Dillon for (i = 0, shm = base; i < shminfo.shmseg; i++, shm++) { 8493db161e0SMatthew Dillon if (shm->shmid != -1) 8503db161e0SMatthew Dillon shm_delete_mapping(vm, shm); 8513db161e0SMatthew Dillon } 8520555fb35SKonstantin Belousov SYSVSHM_UNLOCK(); 8533db161e0SMatthew Dillon free(base, M_SHM); 8543db161e0SMatthew Dillon } 8553d903220SDoug Rabson } 8563d903220SDoug Rabson 857255108f3SPeter Wemm static void 858255108f3SPeter Wemm shmrealloc(void) 859255108f3SPeter Wemm { 860921d05b9SRobert Watson struct shmid_kernel *newsegs; 8610555fb35SKonstantin Belousov int i; 8620555fb35SKonstantin Belousov 8630555fb35SKonstantin Belousov SYSVSHM_ASSERT_LOCKED(); 864255108f3SPeter Wemm 865255108f3SPeter Wemm if (shmalloced >= shminfo.shmmni) 866255108f3SPeter Wemm return; 867255108f3SPeter Wemm 868a163d034SWarner Losh newsegs = malloc(shminfo.shmmni * sizeof(*newsegs), M_SHM, M_WAITOK); 869255108f3SPeter Wemm for (i = 0; i < shmalloced; i++) 870255108f3SPeter Wemm bcopy(&shmsegs[i], &newsegs[i], sizeof(newsegs[0])); 871255108f3SPeter Wemm for (; i < shminfo.shmmni; i++) { 8720be3a191SMateusz Guzik newsegs[i].u.shm_perm.mode = SHMSEG_FREE; 8730be3a191SMateusz Guzik newsegs[i].u.shm_perm.seq = 0; 87414cedfc8SRobert Watson #ifdef MAC 8750be3a191SMateusz Guzik mac_sysvshm_init(&newsegs[i]); 87614cedfc8SRobert Watson #endif 877255108f3SPeter Wemm } 878255108f3SPeter Wemm free(shmsegs, M_SHM); 879255108f3SPeter Wemm shmsegs = newsegs; 880255108f3SPeter Wemm shmalloced = shminfo.shmmni; 881255108f3SPeter Wemm } 882255108f3SPeter Wemm 88375d633cbSKonstantin Belousov static struct syscall_helper_data shm_syscalls[] = { 88475d633cbSKonstantin Belousov SYSCALL_INIT_HELPER(shmat), 88575d633cbSKonstantin Belousov SYSCALL_INIT_HELPER(shmctl), 88675d633cbSKonstantin Belousov SYSCALL_INIT_HELPER(shmdt), 88775d633cbSKonstantin Belousov SYSCALL_INIT_HELPER(shmget), 88875d633cbSKonstantin Belousov #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 88975d633cbSKonstantin Belousov defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 8908451d0ddSKip Macy SYSCALL_INIT_HELPER_COMPAT(freebsd7_shmctl), 89175d633cbSKonstantin Belousov #endif 89275d633cbSKonstantin Belousov #if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43)) 89375d633cbSKonstantin Belousov SYSCALL_INIT_HELPER(shmsys), 89475d633cbSKonstantin Belousov #endif 89575d633cbSKonstantin Belousov SYSCALL_INIT_LAST 89675d633cbSKonstantin Belousov }; 89775d633cbSKonstantin Belousov 89875d633cbSKonstantin Belousov #ifdef COMPAT_FREEBSD32 89975d633cbSKonstantin Belousov #include <compat/freebsd32/freebsd32.h> 90075d633cbSKonstantin Belousov #include <compat/freebsd32/freebsd32_ipc.h> 90175d633cbSKonstantin Belousov #include <compat/freebsd32/freebsd32_proto.h> 90275d633cbSKonstantin Belousov #include <compat/freebsd32/freebsd32_signal.h> 90375d633cbSKonstantin Belousov #include <compat/freebsd32/freebsd32_syscall.h> 90475d633cbSKonstantin Belousov #include <compat/freebsd32/freebsd32_util.h> 90575d633cbSKonstantin Belousov 90675d633cbSKonstantin Belousov static struct syscall_helper_data shm32_syscalls[] = { 9078451d0ddSKip Macy SYSCALL32_INIT_HELPER_COMPAT(shmat), 9088451d0ddSKip Macy SYSCALL32_INIT_HELPER_COMPAT(shmdt), 9098451d0ddSKip Macy SYSCALL32_INIT_HELPER_COMPAT(shmget), 91075d633cbSKonstantin Belousov SYSCALL32_INIT_HELPER(freebsd32_shmsys), 91175d633cbSKonstantin Belousov SYSCALL32_INIT_HELPER(freebsd32_shmctl), 91275d633cbSKonstantin Belousov #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 91375d633cbSKonstantin Belousov defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 91475d633cbSKonstantin Belousov SYSCALL32_INIT_HELPER(freebsd7_freebsd32_shmctl), 91575d633cbSKonstantin Belousov #endif 91675d633cbSKonstantin Belousov SYSCALL_INIT_LAST 91775d633cbSKonstantin Belousov }; 91875d633cbSKonstantin Belousov #endif 91975d633cbSKonstantin Belousov 92075d633cbSKonstantin Belousov static int 9210555fb35SKonstantin Belousov shminit(void) 9223d903220SDoug Rabson { 92352a510acSJamie Gritton struct prison *pr; 924aa90aec2SConrad Meyer void **rsv; 92575d633cbSKonstantin Belousov int i, error; 92652a510acSJamie Gritton osd_method_t methods[PR_MAXMETHOD] = { 92752a510acSJamie Gritton [PR_METHOD_CHECK] = shm_prison_check, 92852a510acSJamie Gritton [PR_METHOD_SET] = shm_prison_set, 92952a510acSJamie Gritton [PR_METHOD_GET] = shm_prison_get, 93052a510acSJamie Gritton [PR_METHOD_REMOVE] = shm_prison_remove, 93152a510acSJamie Gritton }; 932255108f3SPeter Wemm 9334d9d1e82SRuslan Ermilov #ifndef BURN_BRIDGES 9344d9d1e82SRuslan Ermilov if (TUNABLE_ULONG_FETCH("kern.ipc.shmmaxpgs", &shminfo.shmall) != 0) 9354d9d1e82SRuslan Ermilov printf("kern.ipc.shmmaxpgs is now called kern.ipc.shmall!\n"); 9364d9d1e82SRuslan Ermilov #endif 937af3b2549SHans Petter Selasky if (shminfo.shmmax == SHMMAX) { 9384d9d1e82SRuslan Ermilov /* Initialize shmmax dealing with possible overflow. */ 939af3b2549SHans Petter Selasky for (i = PAGE_SIZE; i != 0; i--) { 940a4c24c66SJohn Baldwin shminfo.shmmax = shminfo.shmall * i; 941af3b2549SHans Petter Selasky if ((shminfo.shmmax / shminfo.shmall) == (u_long)i) 9425015c68aSAlfred Perlstein break; 9435015c68aSAlfred Perlstein } 94412075c09SPawel Jakub Dawidek } 945255108f3SPeter Wemm shmalloced = shminfo.shmmni; 946a163d034SWarner Losh shmsegs = malloc(shmalloced * sizeof(shmsegs[0]), M_SHM, M_WAITOK); 947255108f3SPeter Wemm for (i = 0; i < shmalloced; i++) { 948921d05b9SRobert Watson shmsegs[i].u.shm_perm.mode = SHMSEG_FREE; 949921d05b9SRobert Watson shmsegs[i].u.shm_perm.seq = 0; 95014cedfc8SRobert Watson #ifdef MAC 95130d239bcSRobert Watson mac_sysvshm_init(&shmsegs[i]); 95214cedfc8SRobert Watson #endif 9533d903220SDoug Rabson } 9543d903220SDoug Rabson shm_last_free = 0; 9553d903220SDoug Rabson shm_nused = 0; 9563d903220SDoug Rabson shm_committed = 0; 9570555fb35SKonstantin Belousov sx_init(&sysvshmsx, "sysvshmsx"); 95878525ce3SAlfred Perlstein shmexit_hook = &shmexit_myhook; 95978525ce3SAlfred Perlstein shmfork_hook = &shmfork_myhook; 96075d633cbSKonstantin Belousov 96152a510acSJamie Gritton /* Set current prisons according to their allow.sysvipc. */ 96252a510acSJamie Gritton shm_prison_slot = osd_jail_register(NULL, methods); 96352a510acSJamie Gritton rsv = osd_reserve(shm_prison_slot); 96452a510acSJamie Gritton prison_lock(&prison0); 96552a510acSJamie Gritton (void)osd_jail_set_reserved(&prison0, shm_prison_slot, rsv, &prison0); 96652a510acSJamie Gritton prison_unlock(&prison0); 96752a510acSJamie Gritton rsv = NULL; 96852a510acSJamie Gritton sx_slock(&allprison_lock); 96952a510acSJamie Gritton TAILQ_FOREACH(pr, &allprison, pr_list) { 97052a510acSJamie Gritton if (rsv == NULL) 97152a510acSJamie Gritton rsv = osd_reserve(shm_prison_slot); 97252a510acSJamie Gritton prison_lock(pr); 97352a510acSJamie Gritton if ((pr->pr_allow & PR_ALLOW_SYSVIPC) && pr->pr_ref > 0) { 97452a510acSJamie Gritton (void)osd_jail_set_reserved(pr, shm_prison_slot, rsv, 97552a510acSJamie Gritton &prison0); 97652a510acSJamie Gritton rsv = NULL; 97752a510acSJamie Gritton } 97852a510acSJamie Gritton prison_unlock(pr); 97952a510acSJamie Gritton } 98052a510acSJamie Gritton if (rsv != NULL) 98152a510acSJamie Gritton osd_free_reserved(rsv); 98252a510acSJamie Gritton sx_sunlock(&allprison_lock); 98352a510acSJamie Gritton 984e015b1abSMateusz Guzik error = syscall_helper_register(shm_syscalls, SY_THR_STATIC_KLD); 98575d633cbSKonstantin Belousov if (error != 0) 98675d633cbSKonstantin Belousov return (error); 98775d633cbSKonstantin Belousov #ifdef COMPAT_FREEBSD32 988e015b1abSMateusz Guzik error = syscall32_helper_register(shm32_syscalls, SY_THR_STATIC_KLD); 98975d633cbSKonstantin Belousov if (error != 0) 99075d633cbSKonstantin Belousov return (error); 99175d633cbSKonstantin Belousov #endif 99275d633cbSKonstantin Belousov return (0); 9933d903220SDoug Rabson } 99478525ce3SAlfred Perlstein 99578525ce3SAlfred Perlstein static int 9960555fb35SKonstantin Belousov shmunload(void) 99778525ce3SAlfred Perlstein { 99814cedfc8SRobert Watson int i; 99978525ce3SAlfred Perlstein 100078525ce3SAlfred Perlstein if (shm_nused > 0) 100178525ce3SAlfred Perlstein return (EBUSY); 100278525ce3SAlfred Perlstein 100375d633cbSKonstantin Belousov #ifdef COMPAT_FREEBSD32 100475d633cbSKonstantin Belousov syscall32_helper_unregister(shm32_syscalls); 100575d633cbSKonstantin Belousov #endif 100675d633cbSKonstantin Belousov syscall_helper_unregister(shm_syscalls); 100752a510acSJamie Gritton if (shm_prison_slot != 0) 100852a510acSJamie Gritton osd_jail_deregister(shm_prison_slot); 100975d633cbSKonstantin Belousov 10100d9d996dSKonstantin Belousov for (i = 0; i < shmalloced; i++) { 101114cedfc8SRobert Watson #ifdef MAC 101230d239bcSRobert Watson mac_sysvshm_destroy(&shmsegs[i]); 101314cedfc8SRobert Watson #endif 10140d9d996dSKonstantin Belousov /* 10150d9d996dSKonstantin Belousov * Objects might be still mapped into the processes 10160d9d996dSKonstantin Belousov * address spaces. Actual free would happen on the 10170d9d996dSKonstantin Belousov * last mapping destruction. 10180d9d996dSKonstantin Belousov */ 10190d9d996dSKonstantin Belousov if (shmsegs[i].u.shm_perm.mode != SHMSEG_FREE) 10200d9d996dSKonstantin Belousov vm_object_deallocate(shmsegs[i].object); 10210d9d996dSKonstantin Belousov } 102278525ce3SAlfred Perlstein free(shmsegs, M_SHM); 102378525ce3SAlfred Perlstein shmexit_hook = NULL; 102478525ce3SAlfred Perlstein shmfork_hook = NULL; 10250555fb35SKonstantin Belousov sx_destroy(&sysvshmsx); 102678525ce3SAlfred Perlstein return (0); 102778525ce3SAlfred Perlstein } 102878525ce3SAlfred Perlstein 102978525ce3SAlfred Perlstein static int 1030a723c4e1SDima Dorfman sysctl_shmsegs(SYSCTL_HANDLER_ARGS) 1031a723c4e1SDima Dorfman { 10325579267bSJamie Gritton struct shmid_kernel tshmseg; 10335579267bSJamie Gritton struct prison *pr, *rpr; 103452a510acSJamie Gritton int error, i; 1035a723c4e1SDima Dorfman 10360555fb35SKonstantin Belousov SYSVSHM_LOCK(); 10375579267bSJamie Gritton pr = req->td->td_ucred->cr_prison; 103852a510acSJamie Gritton rpr = shm_find_prison(req->td->td_ucred); 10395579267bSJamie Gritton error = 0; 104052a510acSJamie Gritton for (i = 0; i < shmalloced; i++) { 10415579267bSJamie Gritton if ((shmsegs[i].u.shm_perm.mode & SHMSEG_ALLOCATED) == 0 || 104252a510acSJamie Gritton rpr == NULL || shm_prison_cansee(rpr, &shmsegs[i]) != 0) { 10435579267bSJamie Gritton bzero(&tshmseg, sizeof(tshmseg)); 10445579267bSJamie Gritton tshmseg.u.shm_perm.mode = SHMSEG_FREE; 10455579267bSJamie Gritton } else { 10465579267bSJamie Gritton tshmseg = shmsegs[i]; 10475579267bSJamie Gritton if (tshmseg.cred->cr_prison != pr) 10485579267bSJamie Gritton tshmseg.u.shm_perm.key = IPC_PRIVATE; 104952a510acSJamie Gritton } 10505579267bSJamie Gritton error = SYSCTL_OUT(req, &tshmseg, sizeof(tshmseg)); 10515579267bSJamie Gritton if (error != 0) 10525579267bSJamie Gritton break; 105352a510acSJamie Gritton } 10540555fb35SKonstantin Belousov SYSVSHM_UNLOCK(); 10550555fb35SKonstantin Belousov return (error); 1056a723c4e1SDima Dorfman } 1057a723c4e1SDima Dorfman 105852a510acSJamie Gritton static int 105952a510acSJamie Gritton shm_prison_check(void *obj, void *data) 106052a510acSJamie Gritton { 106152a510acSJamie Gritton struct prison *pr = obj; 106252a510acSJamie Gritton struct prison *prpr; 106352a510acSJamie Gritton struct vfsoptlist *opts = data; 106452a510acSJamie Gritton int error, jsys; 106552a510acSJamie Gritton 106652a510acSJamie Gritton /* 106752a510acSJamie Gritton * sysvshm is a jailsys integer. 106852a510acSJamie Gritton * It must be "disable" if the parent jail is disabled. 106952a510acSJamie Gritton */ 107052a510acSJamie Gritton error = vfs_copyopt(opts, "sysvshm", &jsys, sizeof(jsys)); 107152a510acSJamie Gritton if (error != ENOENT) { 107252a510acSJamie Gritton if (error != 0) 107352a510acSJamie Gritton return (error); 107452a510acSJamie Gritton switch (jsys) { 107552a510acSJamie Gritton case JAIL_SYS_DISABLE: 107652a510acSJamie Gritton break; 107752a510acSJamie Gritton case JAIL_SYS_NEW: 107852a510acSJamie Gritton case JAIL_SYS_INHERIT: 107952a510acSJamie Gritton prison_lock(pr->pr_parent); 108052a510acSJamie Gritton prpr = osd_jail_get(pr->pr_parent, shm_prison_slot); 108152a510acSJamie Gritton prison_unlock(pr->pr_parent); 108252a510acSJamie Gritton if (prpr == NULL) 108352a510acSJamie Gritton return (EPERM); 108452a510acSJamie Gritton break; 108552a510acSJamie Gritton default: 108652a510acSJamie Gritton return (EINVAL); 108752a510acSJamie Gritton } 108852a510acSJamie Gritton } 108952a510acSJamie Gritton 109052a510acSJamie Gritton return (0); 109152a510acSJamie Gritton } 109252a510acSJamie Gritton 109352a510acSJamie Gritton static int 109452a510acSJamie Gritton shm_prison_set(void *obj, void *data) 109552a510acSJamie Gritton { 109652a510acSJamie Gritton struct prison *pr = obj; 109752a510acSJamie Gritton struct prison *tpr, *orpr, *nrpr, *trpr; 109852a510acSJamie Gritton struct vfsoptlist *opts = data; 109952a510acSJamie Gritton void *rsv; 110052a510acSJamie Gritton int jsys, descend; 110152a510acSJamie Gritton 110252a510acSJamie Gritton /* 110352a510acSJamie Gritton * sysvshm controls which jail is the root of the associated segments 110452a510acSJamie Gritton * (this jail or same as the parent), or if the feature is available 110552a510acSJamie Gritton * at all. 110652a510acSJamie Gritton */ 110752a510acSJamie Gritton if (vfs_copyopt(opts, "sysvshm", &jsys, sizeof(jsys)) == ENOENT) 110852a510acSJamie Gritton jsys = vfs_flagopt(opts, "allow.sysvipc", NULL, 0) 110952a510acSJamie Gritton ? JAIL_SYS_INHERIT 111052a510acSJamie Gritton : vfs_flagopt(opts, "allow.nosysvipc", NULL, 0) 111152a510acSJamie Gritton ? JAIL_SYS_DISABLE 111252a510acSJamie Gritton : -1; 111352a510acSJamie Gritton if (jsys == JAIL_SYS_DISABLE) { 111452a510acSJamie Gritton prison_lock(pr); 111552a510acSJamie Gritton orpr = osd_jail_get(pr, shm_prison_slot); 111652a510acSJamie Gritton if (orpr != NULL) 111752a510acSJamie Gritton osd_jail_del(pr, shm_prison_slot); 111852a510acSJamie Gritton prison_unlock(pr); 111952a510acSJamie Gritton if (orpr != NULL) { 112052a510acSJamie Gritton if (orpr == pr) 112152a510acSJamie Gritton shm_prison_cleanup(pr); 112252a510acSJamie Gritton /* Disable all child jails as well. */ 112352a510acSJamie Gritton FOREACH_PRISON_DESCENDANT(pr, tpr, descend) { 112452a510acSJamie Gritton prison_lock(tpr); 112552a510acSJamie Gritton trpr = osd_jail_get(tpr, shm_prison_slot); 112652a510acSJamie Gritton if (trpr != NULL) { 112752a510acSJamie Gritton osd_jail_del(tpr, shm_prison_slot); 112852a510acSJamie Gritton prison_unlock(tpr); 112952a510acSJamie Gritton if (trpr == tpr) 113052a510acSJamie Gritton shm_prison_cleanup(tpr); 113152a510acSJamie Gritton } else { 113252a510acSJamie Gritton prison_unlock(tpr); 113352a510acSJamie Gritton descend = 0; 113452a510acSJamie Gritton } 113552a510acSJamie Gritton } 113652a510acSJamie Gritton } 113752a510acSJamie Gritton } else if (jsys != -1) { 113852a510acSJamie Gritton if (jsys == JAIL_SYS_NEW) 113952a510acSJamie Gritton nrpr = pr; 114052a510acSJamie Gritton else { 114152a510acSJamie Gritton prison_lock(pr->pr_parent); 114252a510acSJamie Gritton nrpr = osd_jail_get(pr->pr_parent, shm_prison_slot); 114352a510acSJamie Gritton prison_unlock(pr->pr_parent); 114452a510acSJamie Gritton } 114552a510acSJamie Gritton rsv = osd_reserve(shm_prison_slot); 114652a510acSJamie Gritton prison_lock(pr); 114752a510acSJamie Gritton orpr = osd_jail_get(pr, shm_prison_slot); 114852a510acSJamie Gritton if (orpr != nrpr) 114952a510acSJamie Gritton (void)osd_jail_set_reserved(pr, shm_prison_slot, rsv, 115052a510acSJamie Gritton nrpr); 115152a510acSJamie Gritton else 115252a510acSJamie Gritton osd_free_reserved(rsv); 115352a510acSJamie Gritton prison_unlock(pr); 115452a510acSJamie Gritton if (orpr != nrpr) { 115552a510acSJamie Gritton if (orpr == pr) 115652a510acSJamie Gritton shm_prison_cleanup(pr); 115752a510acSJamie Gritton if (orpr != NULL) { 115852a510acSJamie Gritton /* Change child jails matching the old root, */ 115952a510acSJamie Gritton FOREACH_PRISON_DESCENDANT(pr, tpr, descend) { 116052a510acSJamie Gritton prison_lock(tpr); 116152a510acSJamie Gritton trpr = osd_jail_get(tpr, 116252a510acSJamie Gritton shm_prison_slot); 116352a510acSJamie Gritton if (trpr == orpr) { 116452a510acSJamie Gritton (void)osd_jail_set(tpr, 116552a510acSJamie Gritton shm_prison_slot, nrpr); 116652a510acSJamie Gritton prison_unlock(tpr); 116752a510acSJamie Gritton if (trpr == tpr) 116852a510acSJamie Gritton shm_prison_cleanup(tpr); 116952a510acSJamie Gritton } else { 117052a510acSJamie Gritton prison_unlock(tpr); 117152a510acSJamie Gritton descend = 0; 117252a510acSJamie Gritton } 117352a510acSJamie Gritton } 117452a510acSJamie Gritton } 117552a510acSJamie Gritton } 117652a510acSJamie Gritton } 117752a510acSJamie Gritton 117852a510acSJamie Gritton return (0); 117952a510acSJamie Gritton } 118052a510acSJamie Gritton 118152a510acSJamie Gritton static int 118252a510acSJamie Gritton shm_prison_get(void *obj, void *data) 118352a510acSJamie Gritton { 118452a510acSJamie Gritton struct prison *pr = obj; 118552a510acSJamie Gritton struct prison *rpr; 118652a510acSJamie Gritton struct vfsoptlist *opts = data; 118752a510acSJamie Gritton int error, jsys; 118852a510acSJamie Gritton 118952a510acSJamie Gritton /* Set sysvshm based on the jail's root prison. */ 119052a510acSJamie Gritton prison_lock(pr); 119152a510acSJamie Gritton rpr = osd_jail_get(pr, shm_prison_slot); 119252a510acSJamie Gritton prison_unlock(pr); 119352a510acSJamie Gritton jsys = rpr == NULL ? JAIL_SYS_DISABLE 119452a510acSJamie Gritton : rpr == pr ? JAIL_SYS_NEW : JAIL_SYS_INHERIT; 119552a510acSJamie Gritton error = vfs_setopt(opts, "sysvshm", &jsys, sizeof(jsys)); 119652a510acSJamie Gritton if (error == ENOENT) 119752a510acSJamie Gritton error = 0; 119852a510acSJamie Gritton return (error); 119952a510acSJamie Gritton } 120052a510acSJamie Gritton 120152a510acSJamie Gritton static int 120252a510acSJamie Gritton shm_prison_remove(void *obj, void *data __unused) 120352a510acSJamie Gritton { 120452a510acSJamie Gritton struct prison *pr = obj; 120552a510acSJamie Gritton struct prison *rpr; 120652a510acSJamie Gritton 120752a510acSJamie Gritton SYSVSHM_LOCK(); 120852a510acSJamie Gritton prison_lock(pr); 120952a510acSJamie Gritton rpr = osd_jail_get(pr, shm_prison_slot); 121052a510acSJamie Gritton prison_unlock(pr); 121152a510acSJamie Gritton if (rpr == pr) 121252a510acSJamie Gritton shm_prison_cleanup(pr); 121352a510acSJamie Gritton SYSVSHM_UNLOCK(); 121452a510acSJamie Gritton return (0); 121552a510acSJamie Gritton } 121652a510acSJamie Gritton 121752a510acSJamie Gritton static void 121852a510acSJamie Gritton shm_prison_cleanup(struct prison *pr) 121952a510acSJamie Gritton { 122052a510acSJamie Gritton struct shmid_kernel *shmseg; 122152a510acSJamie Gritton int i; 122252a510acSJamie Gritton 122352a510acSJamie Gritton /* Remove any segments that belong to this jail. */ 122452a510acSJamie Gritton for (i = 0; i < shmalloced; i++) { 122552a510acSJamie Gritton shmseg = &shmsegs[i]; 122652a510acSJamie Gritton if ((shmseg->u.shm_perm.mode & SHMSEG_ALLOCATED) && 122752a510acSJamie Gritton shmseg->cred != NULL && shmseg->cred->cr_prison == pr) { 122852a510acSJamie Gritton shm_remove(shmseg, i); 122952a510acSJamie Gritton } 123052a510acSJamie Gritton } 123152a510acSJamie Gritton } 123252a510acSJamie Gritton 123352a510acSJamie Gritton SYSCTL_JAIL_PARAM_SYS_NODE(sysvshm, CTLFLAG_RW, "SYSV shared memory"); 123452a510acSJamie Gritton 123545f48220SJohn Baldwin #if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43)) 123645f48220SJohn Baldwin struct oshmid_ds { 123745f48220SJohn Baldwin struct ipc_perm_old shm_perm; /* operation perms */ 123845f48220SJohn Baldwin int shm_segsz; /* size of segment (bytes) */ 123945f48220SJohn Baldwin u_short shm_cpid; /* pid, creator */ 124045f48220SJohn Baldwin u_short shm_lpid; /* pid, last operation */ 124145f48220SJohn Baldwin short shm_nattch; /* no. of current attaches */ 124245f48220SJohn Baldwin time_t shm_atime; /* last attach time */ 124345f48220SJohn Baldwin time_t shm_dtime; /* last detach time */ 124445f48220SJohn Baldwin time_t shm_ctime; /* last change time */ 124545f48220SJohn Baldwin void *shm_handle; /* internal handle for shm segment */ 124645f48220SJohn Baldwin }; 124745f48220SJohn Baldwin 124845f48220SJohn Baldwin struct oshmctl_args { 124945f48220SJohn Baldwin int shmid; 125045f48220SJohn Baldwin int cmd; 125145f48220SJohn Baldwin struct oshmid_ds *ubuf; 125245f48220SJohn Baldwin }; 125345f48220SJohn Baldwin 125445f48220SJohn Baldwin static int 1255ca998284SJohn Baldwin oshmctl(struct thread *td, struct oshmctl_args *uap) 125645f48220SJohn Baldwin { 125745f48220SJohn Baldwin #ifdef COMPAT_43 125845f48220SJohn Baldwin int error = 0; 125952a510acSJamie Gritton struct prison *rpr; 126045f48220SJohn Baldwin struct shmid_kernel *shmseg; 126145f48220SJohn Baldwin struct oshmid_ds outbuf; 126245f48220SJohn Baldwin 126352a510acSJamie Gritton rpr = shm_find_prison(td->td_ucred); 126452a510acSJamie Gritton if (rpr == NULL) 126545f48220SJohn Baldwin return (ENOSYS); 1266f16f8610SKonstantin Belousov if (uap->cmd != IPC_STAT) { 1267f16f8610SKonstantin Belousov return (freebsd7_shmctl(td, 1268f16f8610SKonstantin Belousov (struct freebsd7_shmctl_args *)uap)); 1269f16f8610SKonstantin Belousov } 12700555fb35SKonstantin Belousov SYSVSHM_LOCK(); 127152a510acSJamie Gritton shmseg = shm_find_segment(rpr, uap->shmid, true); 127245f48220SJohn Baldwin if (shmseg == NULL) { 12730555fb35SKonstantin Belousov SYSVSHM_UNLOCK(); 12744cfc037cSKonstantin Belousov return (EINVAL); 127545f48220SJohn Baldwin } 127645f48220SJohn Baldwin error = ipcperm(td, &shmseg->u.shm_perm, IPC_R); 1277f16f8610SKonstantin Belousov if (error != 0) { 1278f16f8610SKonstantin Belousov SYSVSHM_UNLOCK(); 1279f16f8610SKonstantin Belousov return (error); 1280f16f8610SKonstantin Belousov } 12810555fb35SKonstantin Belousov #ifdef MAC 1282f16f8610SKonstantin Belousov error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, uap->cmd); 1283f16f8610SKonstantin Belousov if (error != 0) { 1284f16f8610SKonstantin Belousov SYSVSHM_UNLOCK(); 1285f16f8610SKonstantin Belousov return (error); 1286f16f8610SKonstantin Belousov } 128745f48220SJohn Baldwin #endif 128845f48220SJohn Baldwin ipcperm_new2old(&shmseg->u.shm_perm, &outbuf.shm_perm); 128945f48220SJohn Baldwin outbuf.shm_segsz = shmseg->u.shm_segsz; 129045f48220SJohn Baldwin outbuf.shm_cpid = shmseg->u.shm_cpid; 129145f48220SJohn Baldwin outbuf.shm_lpid = shmseg->u.shm_lpid; 129245f48220SJohn Baldwin outbuf.shm_nattch = shmseg->u.shm_nattch; 129345f48220SJohn Baldwin outbuf.shm_atime = shmseg->u.shm_atime; 129445f48220SJohn Baldwin outbuf.shm_dtime = shmseg->u.shm_dtime; 129545f48220SJohn Baldwin outbuf.shm_ctime = shmseg->u.shm_ctime; 129645f48220SJohn Baldwin outbuf.shm_handle = shmseg->object; 12970555fb35SKonstantin Belousov SYSVSHM_UNLOCK(); 1298e2f5418eSMateusz Guzik return (copyout(&outbuf, uap->ubuf, sizeof(outbuf))); 129945f48220SJohn Baldwin #else 130045f48220SJohn Baldwin return (EINVAL); 130145f48220SJohn Baldwin #endif 130245f48220SJohn Baldwin } 130345f48220SJohn Baldwin 130445f48220SJohn Baldwin /* XXX casting to (sy_call_t *) is bogus, as usual. */ 130545f48220SJohn Baldwin static sy_call_t *shmcalls[] = { 13068451d0ddSKip Macy (sy_call_t *)sys_shmat, (sy_call_t *)oshmctl, 13078451d0ddSKip Macy (sy_call_t *)sys_shmdt, (sy_call_t *)sys_shmget, 1308b648d480SJohn Baldwin (sy_call_t *)freebsd7_shmctl 130945f48220SJohn Baldwin }; 131045f48220SJohn Baldwin 13110555fb35SKonstantin Belousov #ifndef _SYS_SYSPROTO_H_ 131245f48220SJohn Baldwin /* XXX actually varargs. */ 13130555fb35SKonstantin Belousov struct shmsys_args { 131445f48220SJohn Baldwin int which; 131545f48220SJohn Baldwin int a2; 131645f48220SJohn Baldwin int a3; 131745f48220SJohn Baldwin int a4; 13180555fb35SKonstantin Belousov }; 13190555fb35SKonstantin Belousov #endif 13200555fb35SKonstantin Belousov int 13210555fb35SKonstantin Belousov sys_shmsys(struct thread *td, struct shmsys_args *uap) 132245f48220SJohn Baldwin { 132345f48220SJohn Baldwin 1324b7830259SRobert Watson AUDIT_ARG_SVIPC_WHICH(uap->which); 13250555fb35SKonstantin Belousov if (uap->which < 0 || uap->which >= nitems(shmcalls)) 132645f48220SJohn Baldwin return (EINVAL); 1327e2f5418eSMateusz Guzik return ((*shmcalls[uap->which])(td, &uap->a2)); 132845f48220SJohn Baldwin } 132945f48220SJohn Baldwin 133045f48220SJohn Baldwin #endif /* i386 && (COMPAT_FREEBSD4 || COMPAT_43) */ 133145f48220SJohn Baldwin 133275d633cbSKonstantin Belousov #ifdef COMPAT_FREEBSD32 133375d633cbSKonstantin Belousov 133475d633cbSKonstantin Belousov int 133575d633cbSKonstantin Belousov freebsd32_shmsys(struct thread *td, struct freebsd32_shmsys_args *uap) 133675d633cbSKonstantin Belousov { 133775d633cbSKonstantin Belousov 133875d633cbSKonstantin Belousov #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 133975d633cbSKonstantin Belousov defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 1340b7830259SRobert Watson AUDIT_ARG_SVIPC_WHICH(uap->which); 134175d633cbSKonstantin Belousov switch (uap->which) { 134275d633cbSKonstantin Belousov case 0: { /* shmat */ 134375d633cbSKonstantin Belousov struct shmat_args ap; 134475d633cbSKonstantin Belousov 134575d633cbSKonstantin Belousov ap.shmid = uap->a2; 134675d633cbSKonstantin Belousov ap.shmaddr = PTRIN(uap->a3); 134775d633cbSKonstantin Belousov ap.shmflg = uap->a4; 134875d633cbSKonstantin Belousov return (sysent[SYS_shmat].sy_call(td, &ap)); 134975d633cbSKonstantin Belousov } 135075d633cbSKonstantin Belousov case 2: { /* shmdt */ 135175d633cbSKonstantin Belousov struct shmdt_args ap; 135275d633cbSKonstantin Belousov 135375d633cbSKonstantin Belousov ap.shmaddr = PTRIN(uap->a2); 135475d633cbSKonstantin Belousov return (sysent[SYS_shmdt].sy_call(td, &ap)); 135575d633cbSKonstantin Belousov } 135675d633cbSKonstantin Belousov case 3: { /* shmget */ 135775d633cbSKonstantin Belousov struct shmget_args ap; 135875d633cbSKonstantin Belousov 135975d633cbSKonstantin Belousov ap.key = uap->a2; 136075d633cbSKonstantin Belousov ap.size = uap->a3; 136175d633cbSKonstantin Belousov ap.shmflg = uap->a4; 136275d633cbSKonstantin Belousov return (sysent[SYS_shmget].sy_call(td, &ap)); 136375d633cbSKonstantin Belousov } 136475d633cbSKonstantin Belousov case 4: { /* shmctl */ 136575d633cbSKonstantin Belousov struct freebsd7_freebsd32_shmctl_args ap; 136675d633cbSKonstantin Belousov 136775d633cbSKonstantin Belousov ap.shmid = uap->a2; 136875d633cbSKonstantin Belousov ap.cmd = uap->a3; 136975d633cbSKonstantin Belousov ap.buf = PTRIN(uap->a4); 137075d633cbSKonstantin Belousov return (freebsd7_freebsd32_shmctl(td, &ap)); 137175d633cbSKonstantin Belousov } 137275d633cbSKonstantin Belousov case 1: /* oshmctl */ 137375d633cbSKonstantin Belousov default: 137475d633cbSKonstantin Belousov return (EINVAL); 137575d633cbSKonstantin Belousov } 137675d633cbSKonstantin Belousov #else 137775d633cbSKonstantin Belousov return (nosys(td, NULL)); 137875d633cbSKonstantin Belousov #endif 137975d633cbSKonstantin Belousov } 138075d633cbSKonstantin Belousov 138175d633cbSKonstantin Belousov #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 138275d633cbSKonstantin Belousov defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 138375d633cbSKonstantin Belousov int 138475d633cbSKonstantin Belousov freebsd7_freebsd32_shmctl(struct thread *td, 138575d633cbSKonstantin Belousov struct freebsd7_freebsd32_shmctl_args *uap) 138675d633cbSKonstantin Belousov { 1387e2f5418eSMateusz Guzik int error; 138875d633cbSKonstantin Belousov union { 138975d633cbSKonstantin Belousov struct shmid_ds shmid_ds; 139075d633cbSKonstantin Belousov struct shm_info shm_info; 139175d633cbSKonstantin Belousov struct shminfo shminfo; 139275d633cbSKonstantin Belousov } u; 139375d633cbSKonstantin Belousov union { 139475d633cbSKonstantin Belousov struct shmid_ds32_old shmid_ds32; 139575d633cbSKonstantin Belousov struct shm_info32 shm_info32; 139675d633cbSKonstantin Belousov struct shminfo32 shminfo32; 139775d633cbSKonstantin Belousov } u32; 139875d633cbSKonstantin Belousov size_t sz; 139975d633cbSKonstantin Belousov 140075d633cbSKonstantin Belousov if (uap->cmd == IPC_SET) { 140175d633cbSKonstantin Belousov if ((error = copyin(uap->buf, &u32.shmid_ds32, 140275d633cbSKonstantin Belousov sizeof(u32.shmid_ds32)))) 140375d633cbSKonstantin Belousov goto done; 140475d633cbSKonstantin Belousov freebsd32_ipcperm_old_in(&u32.shmid_ds32.shm_perm, 140575d633cbSKonstantin Belousov &u.shmid_ds.shm_perm); 140675d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_segsz); 140775d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_lpid); 140875d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_cpid); 140975d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_nattch); 141075d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_atime); 141175d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_dtime); 141275d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_ctime); 141375d633cbSKonstantin Belousov } 141475d633cbSKonstantin Belousov 141575d633cbSKonstantin Belousov error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&u, &sz); 141675d633cbSKonstantin Belousov if (error) 141775d633cbSKonstantin Belousov goto done; 141875d633cbSKonstantin Belousov 141975d633cbSKonstantin Belousov /* Cases in which we need to copyout */ 142075d633cbSKonstantin Belousov switch (uap->cmd) { 142175d633cbSKonstantin Belousov case IPC_INFO: 142275d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmmax); 142375d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmmin); 142475d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmmni); 142575d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmseg); 142675d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmall); 142775d633cbSKonstantin Belousov error = copyout(&u32.shminfo32, uap->buf, 142875d633cbSKonstantin Belousov sizeof(u32.shminfo32)); 142975d633cbSKonstantin Belousov break; 143075d633cbSKonstantin Belousov case SHM_INFO: 143175d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, used_ids); 143275d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, shm_rss); 143375d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, shm_tot); 143475d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, shm_swp); 143575d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, swap_attempts); 143675d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, swap_successes); 143775d633cbSKonstantin Belousov error = copyout(&u32.shm_info32, uap->buf, 143875d633cbSKonstantin Belousov sizeof(u32.shm_info32)); 143975d633cbSKonstantin Belousov break; 144075d633cbSKonstantin Belousov case SHM_STAT: 144175d633cbSKonstantin Belousov case IPC_STAT: 144275d633cbSKonstantin Belousov freebsd32_ipcperm_old_out(&u.shmid_ds.shm_perm, 144375d633cbSKonstantin Belousov &u32.shmid_ds32.shm_perm); 144475d633cbSKonstantin Belousov if (u.shmid_ds.shm_segsz > INT32_MAX) 144575d633cbSKonstantin Belousov u32.shmid_ds32.shm_segsz = INT32_MAX; 144675d633cbSKonstantin Belousov else 144775d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_segsz); 144875d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_lpid); 144975d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_cpid); 145075d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_nattch); 145175d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_atime); 145275d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_dtime); 145375d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_ctime); 145475d633cbSKonstantin Belousov u32.shmid_ds32.shm_internal = 0; 145575d633cbSKonstantin Belousov error = copyout(&u32.shmid_ds32, uap->buf, 145675d633cbSKonstantin Belousov sizeof(u32.shmid_ds32)); 145775d633cbSKonstantin Belousov break; 145875d633cbSKonstantin Belousov } 145975d633cbSKonstantin Belousov 146075d633cbSKonstantin Belousov done: 146175d633cbSKonstantin Belousov if (error) { 146275d633cbSKonstantin Belousov /* Invalidate the return value */ 146375d633cbSKonstantin Belousov td->td_retval[0] = -1; 146475d633cbSKonstantin Belousov } 146575d633cbSKonstantin Belousov return (error); 146675d633cbSKonstantin Belousov } 146775d633cbSKonstantin Belousov #endif 146875d633cbSKonstantin Belousov 146975d633cbSKonstantin Belousov int 147075d633cbSKonstantin Belousov freebsd32_shmctl(struct thread *td, struct freebsd32_shmctl_args *uap) 147175d633cbSKonstantin Belousov { 1472e2f5418eSMateusz Guzik int error; 147375d633cbSKonstantin Belousov union { 147475d633cbSKonstantin Belousov struct shmid_ds shmid_ds; 147575d633cbSKonstantin Belousov struct shm_info shm_info; 147675d633cbSKonstantin Belousov struct shminfo shminfo; 147775d633cbSKonstantin Belousov } u; 147875d633cbSKonstantin Belousov union { 147975d633cbSKonstantin Belousov struct shmid_ds32 shmid_ds32; 148075d633cbSKonstantin Belousov struct shm_info32 shm_info32; 148175d633cbSKonstantin Belousov struct shminfo32 shminfo32; 148275d633cbSKonstantin Belousov } u32; 148375d633cbSKonstantin Belousov size_t sz; 148475d633cbSKonstantin Belousov 148575d633cbSKonstantin Belousov if (uap->cmd == IPC_SET) { 148675d633cbSKonstantin Belousov if ((error = copyin(uap->buf, &u32.shmid_ds32, 148775d633cbSKonstantin Belousov sizeof(u32.shmid_ds32)))) 148875d633cbSKonstantin Belousov goto done; 148975d633cbSKonstantin Belousov freebsd32_ipcperm_in(&u32.shmid_ds32.shm_perm, 149075d633cbSKonstantin Belousov &u.shmid_ds.shm_perm); 149175d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_segsz); 149275d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_lpid); 149375d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_cpid); 149475d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_nattch); 149575d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_atime); 149675d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_dtime); 149775d633cbSKonstantin Belousov CP(u32.shmid_ds32, u.shmid_ds, shm_ctime); 149875d633cbSKonstantin Belousov } 149975d633cbSKonstantin Belousov 150075d633cbSKonstantin Belousov error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&u, &sz); 150175d633cbSKonstantin Belousov if (error) 150275d633cbSKonstantin Belousov goto done; 150375d633cbSKonstantin Belousov 150475d633cbSKonstantin Belousov /* Cases in which we need to copyout */ 150575d633cbSKonstantin Belousov switch (uap->cmd) { 150675d633cbSKonstantin Belousov case IPC_INFO: 150775d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmmax); 150875d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmmin); 150975d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmmni); 151075d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmseg); 151175d633cbSKonstantin Belousov CP(u.shminfo, u32.shminfo32, shmall); 151275d633cbSKonstantin Belousov error = copyout(&u32.shminfo32, uap->buf, 151375d633cbSKonstantin Belousov sizeof(u32.shminfo32)); 151475d633cbSKonstantin Belousov break; 151575d633cbSKonstantin Belousov case SHM_INFO: 151675d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, used_ids); 151775d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, shm_rss); 151875d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, shm_tot); 151975d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, shm_swp); 152075d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, swap_attempts); 152175d633cbSKonstantin Belousov CP(u.shm_info, u32.shm_info32, swap_successes); 152275d633cbSKonstantin Belousov error = copyout(&u32.shm_info32, uap->buf, 152375d633cbSKonstantin Belousov sizeof(u32.shm_info32)); 152475d633cbSKonstantin Belousov break; 152575d633cbSKonstantin Belousov case SHM_STAT: 152675d633cbSKonstantin Belousov case IPC_STAT: 152775d633cbSKonstantin Belousov freebsd32_ipcperm_out(&u.shmid_ds.shm_perm, 152875d633cbSKonstantin Belousov &u32.shmid_ds32.shm_perm); 152975d633cbSKonstantin Belousov if (u.shmid_ds.shm_segsz > INT32_MAX) 153075d633cbSKonstantin Belousov u32.shmid_ds32.shm_segsz = INT32_MAX; 153175d633cbSKonstantin Belousov else 153275d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_segsz); 153375d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_lpid); 153475d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_cpid); 153575d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_nattch); 153675d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_atime); 153775d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_dtime); 153875d633cbSKonstantin Belousov CP(u.shmid_ds, u32.shmid_ds32, shm_ctime); 153975d633cbSKonstantin Belousov error = copyout(&u32.shmid_ds32, uap->buf, 154075d633cbSKonstantin Belousov sizeof(u32.shmid_ds32)); 154175d633cbSKonstantin Belousov break; 154275d633cbSKonstantin Belousov } 154375d633cbSKonstantin Belousov 154475d633cbSKonstantin Belousov done: 154575d633cbSKonstantin Belousov if (error) { 154675d633cbSKonstantin Belousov /* Invalidate the return value */ 154775d633cbSKonstantin Belousov td->td_retval[0] = -1; 154875d633cbSKonstantin Belousov } 154975d633cbSKonstantin Belousov return (error); 155075d633cbSKonstantin Belousov } 155175d633cbSKonstantin Belousov #endif 155275d633cbSKonstantin Belousov 1553b648d480SJohn Baldwin #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 1554b648d480SJohn Baldwin defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 1555b648d480SJohn Baldwin 155675d633cbSKonstantin Belousov #ifndef CP 1557b648d480SJohn Baldwin #define CP(src, dst, fld) do { (dst).fld = (src).fld; } while (0) 155875d633cbSKonstantin Belousov #endif 1559b648d480SJohn Baldwin 1560b648d480SJohn Baldwin #ifndef _SYS_SYSPROTO_H_ 1561b648d480SJohn Baldwin struct freebsd7_shmctl_args { 1562b648d480SJohn Baldwin int shmid; 1563b648d480SJohn Baldwin int cmd; 1564b648d480SJohn Baldwin struct shmid_ds_old *buf; 1565b648d480SJohn Baldwin }; 1566b648d480SJohn Baldwin #endif 1567b648d480SJohn Baldwin int 15680555fb35SKonstantin Belousov freebsd7_shmctl(struct thread *td, struct freebsd7_shmctl_args *uap) 1569b648d480SJohn Baldwin { 1570e2f5418eSMateusz Guzik int error; 1571b648d480SJohn Baldwin struct shmid_ds_old old; 1572b648d480SJohn Baldwin struct shmid_ds buf; 1573b648d480SJohn Baldwin size_t bufsz; 1574b648d480SJohn Baldwin 1575b648d480SJohn Baldwin /* 1576b648d480SJohn Baldwin * The only reason IPC_INFO, SHM_INFO, SHM_STAT exists is to support 1577b648d480SJohn Baldwin * Linux binaries. If we see the call come through the FreeBSD ABI, 1578b648d480SJohn Baldwin * return an error back to the user since we do not to support this. 1579b648d480SJohn Baldwin */ 1580b648d480SJohn Baldwin if (uap->cmd == IPC_INFO || uap->cmd == SHM_INFO || 1581b648d480SJohn Baldwin uap->cmd == SHM_STAT) 1582b648d480SJohn Baldwin return (EINVAL); 1583b648d480SJohn Baldwin 1584b648d480SJohn Baldwin /* IPC_SET needs to copyin the buffer before calling kern_shmctl */ 1585b648d480SJohn Baldwin if (uap->cmd == IPC_SET) { 1586b648d480SJohn Baldwin if ((error = copyin(uap->buf, &old, sizeof(old)))) 1587b648d480SJohn Baldwin goto done; 1588b648d480SJohn Baldwin ipcperm_old2new(&old.shm_perm, &buf.shm_perm); 1589b648d480SJohn Baldwin CP(old, buf, shm_segsz); 1590b648d480SJohn Baldwin CP(old, buf, shm_lpid); 1591b648d480SJohn Baldwin CP(old, buf, shm_cpid); 1592b648d480SJohn Baldwin CP(old, buf, shm_nattch); 1593b648d480SJohn Baldwin CP(old, buf, shm_atime); 1594b648d480SJohn Baldwin CP(old, buf, shm_dtime); 1595b648d480SJohn Baldwin CP(old, buf, shm_ctime); 1596b648d480SJohn Baldwin } 1597b648d480SJohn Baldwin 1598b648d480SJohn Baldwin error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&buf, &bufsz); 1599b648d480SJohn Baldwin if (error) 1600b648d480SJohn Baldwin goto done; 1601b648d480SJohn Baldwin 1602b648d480SJohn Baldwin /* Cases in which we need to copyout */ 1603b648d480SJohn Baldwin switch (uap->cmd) { 1604b648d480SJohn Baldwin case IPC_STAT: 1605b648d480SJohn Baldwin ipcperm_new2old(&buf.shm_perm, &old.shm_perm); 1606b648d480SJohn Baldwin if (buf.shm_segsz > INT_MAX) 1607b648d480SJohn Baldwin old.shm_segsz = INT_MAX; 1608b648d480SJohn Baldwin else 1609b648d480SJohn Baldwin CP(buf, old, shm_segsz); 1610b648d480SJohn Baldwin CP(buf, old, shm_lpid); 1611b648d480SJohn Baldwin CP(buf, old, shm_cpid); 1612b648d480SJohn Baldwin if (buf.shm_nattch > SHRT_MAX) 1613b648d480SJohn Baldwin old.shm_nattch = SHRT_MAX; 1614b648d480SJohn Baldwin else 1615b648d480SJohn Baldwin CP(buf, old, shm_nattch); 1616b648d480SJohn Baldwin CP(buf, old, shm_atime); 1617b648d480SJohn Baldwin CP(buf, old, shm_dtime); 1618b648d480SJohn Baldwin CP(buf, old, shm_ctime); 1619b648d480SJohn Baldwin old.shm_internal = NULL; 1620b648d480SJohn Baldwin error = copyout(&old, uap->buf, sizeof(old)); 1621b648d480SJohn Baldwin break; 1622b648d480SJohn Baldwin } 1623b648d480SJohn Baldwin 1624b648d480SJohn Baldwin done: 1625b648d480SJohn Baldwin if (error) { 1626b648d480SJohn Baldwin /* Invalidate the return value */ 1627b648d480SJohn Baldwin td->td_retval[0] = -1; 1628b648d480SJohn Baldwin } 1629b648d480SJohn Baldwin return (error); 1630b648d480SJohn Baldwin } 1631b648d480SJohn Baldwin 1632b648d480SJohn Baldwin #endif /* COMPAT_FREEBSD4 || COMPAT_FREEBSD5 || COMPAT_FREEBSD6 || 1633b648d480SJohn Baldwin COMPAT_FREEBSD7 */ 1634b648d480SJohn Baldwin 1635a723c4e1SDima Dorfman static int 163678525ce3SAlfred Perlstein sysvshm_modload(struct module *module, int cmd, void *arg) 163778525ce3SAlfred Perlstein { 163878525ce3SAlfred Perlstein int error = 0; 163978525ce3SAlfred Perlstein 164078525ce3SAlfred Perlstein switch (cmd) { 164178525ce3SAlfred Perlstein case MOD_LOAD: 164275d633cbSKonstantin Belousov error = shminit(); 164375d633cbSKonstantin Belousov if (error != 0) 164475d633cbSKonstantin Belousov shmunload(); 164578525ce3SAlfred Perlstein break; 164678525ce3SAlfred Perlstein case MOD_UNLOAD: 164778525ce3SAlfred Perlstein error = shmunload(); 164878525ce3SAlfred Perlstein break; 164978525ce3SAlfred Perlstein case MOD_SHUTDOWN: 165078525ce3SAlfred Perlstein break; 165178525ce3SAlfred Perlstein default: 165278525ce3SAlfred Perlstein error = EINVAL; 165378525ce3SAlfred Perlstein break; 165478525ce3SAlfred Perlstein } 165578525ce3SAlfred Perlstein return (error); 165678525ce3SAlfred Perlstein } 165778525ce3SAlfred Perlstein 1658faa784b7SDag-Erling Smørgrav static moduledata_t sysvshm_mod = { 1659faa784b7SDag-Erling Smørgrav "sysvshm", 166078525ce3SAlfred Perlstein &sysvshm_modload, 166178525ce3SAlfred Perlstein NULL 166278525ce3SAlfred Perlstein }; 166378525ce3SAlfred Perlstein 166471361470SJohn Baldwin DECLARE_MODULE(sysvshm, sysvshm_mod, SI_SUB_SYSV_SHM, SI_ORDER_FIRST); 1665faa784b7SDag-Erling Smørgrav MODULE_VERSION(sysvshm, 1); 1666