xref: /freebsd/sys/kern/uipc_mqueue.c (revision 52dba105d232ce9242216382127d77d6f8e06ff1)
1 /*-
2  * Copyright (c) 2005 David Xu <davidxu@freebsd.org>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  */
27 
28 /*
29  * POSIX message queue implementation.
30  *
31  * 1) A mqueue filesystem can be mounted, each message queue appears
32  *    in mounted directory, user can change queue's permission and
33  *    ownership, or remove a queue. Manually creating a file in the
34  *    directory causes a message queue to be created in the kernel with
35  *    default message queue attributes applied and same name used, this
36  *    method is not advocated since mq_open syscall allows user to specify
37  *    different attributes. Also the file system can be mounted multiple
38  *    times at different mount points but shows same contents.
39  *
40  * 2) Standard POSIX message queue API. The syscalls do not use vfs layer,
41  *    but directly operate on internal data structure, this allows user to
42  *    use the IPC facility without having to mount mqueue file system.
43  */
44 
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
47 
48 #include "opt_compat.h"
49 
50 #include <sys/param.h>
51 #include <sys/kernel.h>
52 #include <sys/systm.h>
53 #include <sys/limits.h>
54 #include <sys/buf.h>
55 #include <sys/capability.h>
56 #include <sys/dirent.h>
57 #include <sys/event.h>
58 #include <sys/eventhandler.h>
59 #include <sys/fcntl.h>
60 #include <sys/file.h>
61 #include <sys/filedesc.h>
62 #include <sys/lock.h>
63 #include <sys/malloc.h>
64 #include <sys/module.h>
65 #include <sys/mount.h>
66 #include <sys/mqueue.h>
67 #include <sys/mutex.h>
68 #include <sys/namei.h>
69 #include <sys/posix4.h>
70 #include <sys/poll.h>
71 #include <sys/priv.h>
72 #include <sys/proc.h>
73 #include <sys/queue.h>
74 #include <sys/sysproto.h>
75 #include <sys/stat.h>
76 #include <sys/syscall.h>
77 #include <sys/syscallsubr.h>
78 #include <sys/sysent.h>
79 #include <sys/sx.h>
80 #include <sys/sysctl.h>
81 #include <sys/taskqueue.h>
82 #include <sys/unistd.h>
83 #include <sys/vnode.h>
84 #include <machine/atomic.h>
85 
86 FEATURE(p1003_1b_mqueue, "POSIX P1003.1B message queues support");
87 
88 /*
89  * Limits and constants
90  */
91 #define	MQFS_NAMELEN		NAME_MAX
92 #define MQFS_DELEN		(8 + MQFS_NAMELEN)
93 
94 /* node types */
95 typedef enum {
96 	mqfstype_none = 0,
97 	mqfstype_root,
98 	mqfstype_dir,
99 	mqfstype_this,
100 	mqfstype_parent,
101 	mqfstype_file,
102 	mqfstype_symlink,
103 } mqfs_type_t;
104 
105 struct mqfs_node;
106 
107 /*
108  * mqfs_info: describes a mqfs instance
109  */
110 struct mqfs_info {
111 	struct sx		mi_lock;
112 	struct mqfs_node	*mi_root;
113 	struct unrhdr		*mi_unrhdr;
114 };
115 
116 struct mqfs_vdata {
117 	LIST_ENTRY(mqfs_vdata)	mv_link;
118 	struct mqfs_node	*mv_node;
119 	struct vnode		*mv_vnode;
120 	struct task		mv_task;
121 };
122 
123 /*
124  * mqfs_node: describes a node (file or directory) within a mqfs
125  */
126 struct mqfs_node {
127 	char			mn_name[MQFS_NAMELEN+1];
128 	struct mqfs_info	*mn_info;
129 	struct mqfs_node	*mn_parent;
130 	LIST_HEAD(,mqfs_node)	mn_children;
131 	LIST_ENTRY(mqfs_node)	mn_sibling;
132 	LIST_HEAD(,mqfs_vdata)	mn_vnodes;
133 	int			mn_refcount;
134 	mqfs_type_t		mn_type;
135 	int			mn_deleted;
136 	uint32_t		mn_fileno;
137 	void			*mn_data;
138 	struct timespec		mn_birth;
139 	struct timespec		mn_ctime;
140 	struct timespec		mn_atime;
141 	struct timespec		mn_mtime;
142 	uid_t			mn_uid;
143 	gid_t			mn_gid;
144 	int			mn_mode;
145 };
146 
147 #define	VTON(vp)	(((struct mqfs_vdata *)((vp)->v_data))->mv_node)
148 #define VTOMQ(vp) 	((struct mqueue *)(VTON(vp)->mn_data))
149 #define	VFSTOMQFS(m)	((struct mqfs_info *)((m)->mnt_data))
150 #define	FPTOMQ(fp)	((struct mqueue *)(((struct mqfs_node *) \
151 				(fp)->f_data)->mn_data))
152 
153 TAILQ_HEAD(msgq, mqueue_msg);
154 
155 struct mqueue;
156 
157 struct mqueue_notifier {
158 	LIST_ENTRY(mqueue_notifier)	nt_link;
159 	struct sigevent			nt_sigev;
160 	ksiginfo_t			nt_ksi;
161 	struct proc			*nt_proc;
162 };
163 
164 struct mqueue {
165 	struct mtx	mq_mutex;
166 	int		mq_flags;
167 	long		mq_maxmsg;
168 	long		mq_msgsize;
169 	long		mq_curmsgs;
170 	long		mq_totalbytes;
171 	struct msgq	mq_msgq;
172 	int		mq_receivers;
173 	int		mq_senders;
174 	struct selinfo	mq_rsel;
175 	struct selinfo	mq_wsel;
176 	struct mqueue_notifier	*mq_notifier;
177 };
178 
179 #define	MQ_RSEL		0x01
180 #define	MQ_WSEL		0x02
181 
182 struct mqueue_msg {
183 	TAILQ_ENTRY(mqueue_msg)	msg_link;
184 	unsigned int	msg_prio;
185 	unsigned int	msg_size;
186 	/* following real data... */
187 };
188 
189 static SYSCTL_NODE(_kern, OID_AUTO, mqueue, CTLFLAG_RW, 0,
190 	"POSIX real time message queue");
191 
192 static int	default_maxmsg  = 10;
193 static int	default_msgsize = 1024;
194 
195 static int	maxmsg = 100;
196 SYSCTL_INT(_kern_mqueue, OID_AUTO, maxmsg, CTLFLAG_RW,
197     &maxmsg, 0, "Default maximum messages in queue");
198 static int	maxmsgsize = 16384;
199 SYSCTL_INT(_kern_mqueue, OID_AUTO, maxmsgsize, CTLFLAG_RW,
200     &maxmsgsize, 0, "Default maximum message size");
201 static int	maxmq = 100;
202 SYSCTL_INT(_kern_mqueue, OID_AUTO, maxmq, CTLFLAG_RW,
203     &maxmq, 0, "maximum message queues");
204 static int	curmq = 0;
205 SYSCTL_INT(_kern_mqueue, OID_AUTO, curmq, CTLFLAG_RW,
206     &curmq, 0, "current message queue number");
207 static int	unloadable = 0;
208 static MALLOC_DEFINE(M_MQUEUEDATA, "mqdata", "mqueue data");
209 
210 static eventhandler_tag exit_tag;
211 
212 /* Only one instance per-system */
213 static struct mqfs_info		mqfs_data;
214 static uma_zone_t		mqnode_zone;
215 static uma_zone_t		mqueue_zone;
216 static uma_zone_t		mvdata_zone;
217 static uma_zone_t		mqnoti_zone;
218 static struct vop_vector	mqfs_vnodeops;
219 static struct fileops		mqueueops;
220 
221 /*
222  * Directory structure construction and manipulation
223  */
224 #ifdef notyet
225 static struct mqfs_node	*mqfs_create_dir(struct mqfs_node *parent,
226 	const char *name, int namelen, struct ucred *cred, int mode);
227 static struct mqfs_node	*mqfs_create_link(struct mqfs_node *parent,
228 	const char *name, int namelen, struct ucred *cred, int mode);
229 #endif
230 
231 static struct mqfs_node	*mqfs_create_file(struct mqfs_node *parent,
232 	const char *name, int namelen, struct ucred *cred, int mode);
233 static int	mqfs_destroy(struct mqfs_node *mn);
234 static void	mqfs_fileno_alloc(struct mqfs_info *mi, struct mqfs_node *mn);
235 static void	mqfs_fileno_free(struct mqfs_info *mi, struct mqfs_node *mn);
236 static int	mqfs_allocv(struct mount *mp, struct vnode **vpp, struct mqfs_node *pn);
237 
238 /*
239  * Message queue construction and maniplation
240  */
241 static struct mqueue	*mqueue_alloc(const struct mq_attr *attr);
242 static void	mqueue_free(struct mqueue *mq);
243 static int	mqueue_send(struct mqueue *mq, const char *msg_ptr,
244 			size_t msg_len, unsigned msg_prio, int waitok,
245 			const struct timespec *abs_timeout);
246 static int	mqueue_receive(struct mqueue *mq, char *msg_ptr,
247 			size_t msg_len, unsigned *msg_prio, int waitok,
248 			const struct timespec *abs_timeout);
249 static int	_mqueue_send(struct mqueue *mq, struct mqueue_msg *msg,
250 			int timo);
251 static int	_mqueue_recv(struct mqueue *mq, struct mqueue_msg **msg,
252 			int timo);
253 static void	mqueue_send_notification(struct mqueue *mq);
254 static void	mqueue_fdclose(struct thread *td, int fd, struct file *fp);
255 static void	mq_proc_exit(void *arg, struct proc *p);
256 
257 /*
258  * kqueue filters
259  */
260 static void	filt_mqdetach(struct knote *kn);
261 static int	filt_mqread(struct knote *kn, long hint);
262 static int	filt_mqwrite(struct knote *kn, long hint);
263 
264 struct filterops mq_rfiltops = {
265 	.f_isfd = 1,
266 	.f_detach = filt_mqdetach,
267 	.f_event = filt_mqread,
268 };
269 struct filterops mq_wfiltops = {
270 	.f_isfd = 1,
271 	.f_detach = filt_mqdetach,
272 	.f_event = filt_mqwrite,
273 };
274 
275 /*
276  * Initialize fileno bitmap
277  */
278 static void
279 mqfs_fileno_init(struct mqfs_info *mi)
280 {
281 	struct unrhdr *up;
282 
283 	up = new_unrhdr(1, INT_MAX, NULL);
284 	mi->mi_unrhdr = up;
285 }
286 
287 /*
288  * Tear down fileno bitmap
289  */
290 static void
291 mqfs_fileno_uninit(struct mqfs_info *mi)
292 {
293 	struct unrhdr *up;
294 
295 	up = mi->mi_unrhdr;
296 	mi->mi_unrhdr = NULL;
297 	delete_unrhdr(up);
298 }
299 
300 /*
301  * Allocate a file number
302  */
303 static void
304 mqfs_fileno_alloc(struct mqfs_info *mi, struct mqfs_node *mn)
305 {
306 	/* make sure our parent has a file number */
307 	if (mn->mn_parent && !mn->mn_parent->mn_fileno)
308 		mqfs_fileno_alloc(mi, mn->mn_parent);
309 
310 	switch (mn->mn_type) {
311 	case mqfstype_root:
312 	case mqfstype_dir:
313 	case mqfstype_file:
314 	case mqfstype_symlink:
315 		mn->mn_fileno = alloc_unr(mi->mi_unrhdr);
316 		break;
317 	case mqfstype_this:
318 		KASSERT(mn->mn_parent != NULL,
319 		    ("mqfstype_this node has no parent"));
320 		mn->mn_fileno = mn->mn_parent->mn_fileno;
321 		break;
322 	case mqfstype_parent:
323 		KASSERT(mn->mn_parent != NULL,
324 		    ("mqfstype_parent node has no parent"));
325 		if (mn->mn_parent == mi->mi_root) {
326 			mn->mn_fileno = mn->mn_parent->mn_fileno;
327 			break;
328 		}
329 		KASSERT(mn->mn_parent->mn_parent != NULL,
330 		    ("mqfstype_parent node has no grandparent"));
331 		mn->mn_fileno = mn->mn_parent->mn_parent->mn_fileno;
332 		break;
333 	default:
334 		KASSERT(0,
335 		    ("mqfs_fileno_alloc() called for unknown type node: %d",
336 			mn->mn_type));
337 		break;
338 	}
339 }
340 
341 /*
342  * Release a file number
343  */
344 static void
345 mqfs_fileno_free(struct mqfs_info *mi, struct mqfs_node *mn)
346 {
347 	switch (mn->mn_type) {
348 	case mqfstype_root:
349 	case mqfstype_dir:
350 	case mqfstype_file:
351 	case mqfstype_symlink:
352 		free_unr(mi->mi_unrhdr, mn->mn_fileno);
353 		break;
354 	case mqfstype_this:
355 	case mqfstype_parent:
356 		/* ignore these, as they don't "own" their file number */
357 		break;
358 	default:
359 		KASSERT(0,
360 		    ("mqfs_fileno_free() called for unknown type node: %d",
361 			mn->mn_type));
362 		break;
363 	}
364 }
365 
366 static __inline struct mqfs_node *
367 mqnode_alloc(void)
368 {
369 	return uma_zalloc(mqnode_zone, M_WAITOK | M_ZERO);
370 }
371 
372 static __inline void
373 mqnode_free(struct mqfs_node *node)
374 {
375 	uma_zfree(mqnode_zone, node);
376 }
377 
378 static __inline void
379 mqnode_addref(struct mqfs_node *node)
380 {
381 	atomic_fetchadd_int(&node->mn_refcount, 1);
382 }
383 
384 static __inline void
385 mqnode_release(struct mqfs_node *node)
386 {
387 	struct mqfs_info *mqfs;
388 	int old, exp;
389 
390 	mqfs = node->mn_info;
391 	old = atomic_fetchadd_int(&node->mn_refcount, -1);
392 	if (node->mn_type == mqfstype_dir ||
393 	    node->mn_type == mqfstype_root)
394 		exp = 3; /* include . and .. */
395 	else
396 		exp = 1;
397 	if (old == exp) {
398 		int locked = sx_xlocked(&mqfs->mi_lock);
399 		if (!locked)
400 			sx_xlock(&mqfs->mi_lock);
401 		mqfs_destroy(node);
402 		if (!locked)
403 			sx_xunlock(&mqfs->mi_lock);
404 	}
405 }
406 
407 /*
408  * Add a node to a directory
409  */
410 static int
411 mqfs_add_node(struct mqfs_node *parent, struct mqfs_node *node)
412 {
413 	KASSERT(parent != NULL, ("%s(): parent is NULL", __func__));
414 	KASSERT(parent->mn_info != NULL,
415 	    ("%s(): parent has no mn_info", __func__));
416 	KASSERT(parent->mn_type == mqfstype_dir ||
417 	    parent->mn_type == mqfstype_root,
418 	    ("%s(): parent is not a directory", __func__));
419 
420 	node->mn_info = parent->mn_info;
421 	node->mn_parent = parent;
422 	LIST_INIT(&node->mn_children);
423 	LIST_INIT(&node->mn_vnodes);
424 	LIST_INSERT_HEAD(&parent->mn_children, node, mn_sibling);
425 	mqnode_addref(parent);
426 	return (0);
427 }
428 
429 static struct mqfs_node *
430 mqfs_create_node(const char *name, int namelen, struct ucred *cred, int mode,
431 	int nodetype)
432 {
433 	struct mqfs_node *node;
434 
435 	node = mqnode_alloc();
436 	strncpy(node->mn_name, name, namelen);
437 	node->mn_type = nodetype;
438 	node->mn_refcount = 1;
439 	vfs_timestamp(&node->mn_birth);
440 	node->mn_ctime = node->mn_atime = node->mn_mtime
441 		= node->mn_birth;
442 	node->mn_uid = cred->cr_uid;
443 	node->mn_gid = cred->cr_gid;
444 	node->mn_mode = mode;
445 	return (node);
446 }
447 
448 /*
449  * Create a file
450  */
451 static struct mqfs_node *
452 mqfs_create_file(struct mqfs_node *parent, const char *name, int namelen,
453 	struct ucred *cred, int mode)
454 {
455 	struct mqfs_node *node;
456 
457 	node = mqfs_create_node(name, namelen, cred, mode, mqfstype_file);
458 	if (mqfs_add_node(parent, node) != 0) {
459 		mqnode_free(node);
460 		return (NULL);
461 	}
462 	return (node);
463 }
464 
465 /*
466  * Add . and .. to a directory
467  */
468 static int
469 mqfs_fixup_dir(struct mqfs_node *parent)
470 {
471 	struct mqfs_node *dir;
472 
473 	dir = mqnode_alloc();
474 	dir->mn_name[0] = '.';
475 	dir->mn_type = mqfstype_this;
476 	dir->mn_refcount = 1;
477 	if (mqfs_add_node(parent, dir) != 0) {
478 		mqnode_free(dir);
479 		return (-1);
480 	}
481 
482 	dir = mqnode_alloc();
483 	dir->mn_name[0] = dir->mn_name[1] = '.';
484 	dir->mn_type = mqfstype_parent;
485 	dir->mn_refcount = 1;
486 
487 	if (mqfs_add_node(parent, dir) != 0) {
488 		mqnode_free(dir);
489 		return (-1);
490 	}
491 
492 	return (0);
493 }
494 
495 #ifdef notyet
496 
497 /*
498  * Create a directory
499  */
500 static struct mqfs_node *
501 mqfs_create_dir(struct mqfs_node *parent, const char *name, int namelen,
502 	struct ucred *cred, int mode)
503 {
504 	struct mqfs_node *node;
505 
506 	node = mqfs_create_node(name, namelen, cred, mode, mqfstype_dir);
507 	if (mqfs_add_node(parent, node) != 0) {
508 		mqnode_free(node);
509 		return (NULL);
510 	}
511 
512 	if (mqfs_fixup_dir(node) != 0) {
513 		mqfs_destroy(node);
514 		return (NULL);
515 	}
516 	return (node);
517 }
518 
519 /*
520  * Create a symlink
521  */
522 static struct mqfs_node *
523 mqfs_create_link(struct mqfs_node *parent, const char *name, int namelen,
524 	struct ucred *cred, int mode)
525 {
526 	struct mqfs_node *node;
527 
528 	node = mqfs_create_node(name, namelen, cred, mode, mqfstype_symlink);
529 	if (mqfs_add_node(parent, node) != 0) {
530 		mqnode_free(node);
531 		return (NULL);
532 	}
533 	return (node);
534 }
535 
536 #endif
537 
538 /*
539  * Destroy a node or a tree of nodes
540  */
541 static int
542 mqfs_destroy(struct mqfs_node *node)
543 {
544 	struct mqfs_node *parent;
545 
546 	KASSERT(node != NULL,
547 	    ("%s(): node is NULL", __func__));
548 	KASSERT(node->mn_info != NULL,
549 	    ("%s(): node has no mn_info", __func__));
550 
551 	/* destroy children */
552 	if (node->mn_type == mqfstype_dir || node->mn_type == mqfstype_root)
553 		while (! LIST_EMPTY(&node->mn_children))
554 			mqfs_destroy(LIST_FIRST(&node->mn_children));
555 
556 	/* unlink from parent */
557 	if ((parent = node->mn_parent) != NULL) {
558 		KASSERT(parent->mn_info == node->mn_info,
559 		    ("%s(): parent has different mn_info", __func__));
560 		LIST_REMOVE(node, mn_sibling);
561 	}
562 
563 	if (node->mn_fileno != 0)
564 		mqfs_fileno_free(node->mn_info, node);
565 	if (node->mn_data != NULL)
566 		mqueue_free(node->mn_data);
567 	mqnode_free(node);
568 	return (0);
569 }
570 
571 /*
572  * Mount a mqfs instance
573  */
574 static int
575 mqfs_mount(struct mount *mp)
576 {
577 	struct statfs *sbp;
578 
579 	if (mp->mnt_flag & MNT_UPDATE)
580 		return (EOPNOTSUPP);
581 
582 	mp->mnt_data = &mqfs_data;
583 	MNT_ILOCK(mp);
584 	mp->mnt_flag |= MNT_LOCAL;
585 	mp->mnt_kern_flag |= MNTK_MPSAFE;
586 	MNT_IUNLOCK(mp);
587 	vfs_getnewfsid(mp);
588 
589 	sbp = &mp->mnt_stat;
590 	vfs_mountedfrom(mp, "mqueue");
591 	sbp->f_bsize = PAGE_SIZE;
592 	sbp->f_iosize = PAGE_SIZE;
593 	sbp->f_blocks = 1;
594 	sbp->f_bfree = 0;
595 	sbp->f_bavail = 0;
596 	sbp->f_files = 1;
597 	sbp->f_ffree = 0;
598 	return (0);
599 }
600 
601 /*
602  * Unmount a mqfs instance
603  */
604 static int
605 mqfs_unmount(struct mount *mp, int mntflags)
606 {
607 	int error;
608 
609 	error = vflush(mp, 0, (mntflags & MNT_FORCE) ?  FORCECLOSE : 0,
610 	    curthread);
611 	return (error);
612 }
613 
614 /*
615  * Return a root vnode
616  */
617 static int
618 mqfs_root(struct mount *mp, int flags, struct vnode **vpp)
619 {
620 	struct mqfs_info *mqfs;
621 	int ret;
622 
623 	mqfs = VFSTOMQFS(mp);
624 	ret = mqfs_allocv(mp, vpp, mqfs->mi_root);
625 	return (ret);
626 }
627 
628 /*
629  * Return filesystem stats
630  */
631 static int
632 mqfs_statfs(struct mount *mp, struct statfs *sbp)
633 {
634 	/* XXX update statistics */
635 	return (0);
636 }
637 
638 /*
639  * Initialize a mqfs instance
640  */
641 static int
642 mqfs_init(struct vfsconf *vfc)
643 {
644 	struct mqfs_node *root;
645 	struct mqfs_info *mi;
646 
647 	mqnode_zone = uma_zcreate("mqnode", sizeof(struct mqfs_node),
648 		NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
649 	mqueue_zone = uma_zcreate("mqueue", sizeof(struct mqueue),
650 		NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
651 	mvdata_zone = uma_zcreate("mvdata",
652 		sizeof(struct mqfs_vdata), NULL, NULL, NULL,
653 		NULL, UMA_ALIGN_PTR, 0);
654 	mqnoti_zone = uma_zcreate("mqnotifier", sizeof(struct mqueue_notifier),
655 		NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
656 	mi = &mqfs_data;
657 	sx_init(&mi->mi_lock, "mqfs lock");
658 	/* set up the root diretory */
659 	root = mqfs_create_node("/", 1, curthread->td_ucred, 01777,
660 		mqfstype_root);
661 	root->mn_info = mi;
662 	LIST_INIT(&root->mn_children);
663 	LIST_INIT(&root->mn_vnodes);
664 	mi->mi_root = root;
665 	mqfs_fileno_init(mi);
666 	mqfs_fileno_alloc(mi, root);
667 	mqfs_fixup_dir(root);
668 	exit_tag = EVENTHANDLER_REGISTER(process_exit, mq_proc_exit, NULL,
669 	    EVENTHANDLER_PRI_ANY);
670 	mq_fdclose = mqueue_fdclose;
671 	p31b_setcfg(CTL_P1003_1B_MESSAGE_PASSING, _POSIX_MESSAGE_PASSING);
672 	return (0);
673 }
674 
675 /*
676  * Destroy a mqfs instance
677  */
678 static int
679 mqfs_uninit(struct vfsconf *vfc)
680 {
681 	struct mqfs_info *mi;
682 
683 	if (!unloadable)
684 		return (EOPNOTSUPP);
685 	EVENTHANDLER_DEREGISTER(process_exit, exit_tag);
686 	mi = &mqfs_data;
687 	mqfs_destroy(mi->mi_root);
688 	mi->mi_root = NULL;
689 	mqfs_fileno_uninit(mi);
690 	sx_destroy(&mi->mi_lock);
691 	uma_zdestroy(mqnode_zone);
692 	uma_zdestroy(mqueue_zone);
693 	uma_zdestroy(mvdata_zone);
694 	uma_zdestroy(mqnoti_zone);
695 	return (0);
696 }
697 
698 /*
699  * task routine
700  */
701 static void
702 do_recycle(void *context, int pending __unused)
703 {
704 	struct vnode *vp = (struct vnode *)context;
705 
706 	vrecycle(vp);
707 	vdrop(vp);
708 }
709 
710 /*
711  * Allocate a vnode
712  */
713 static int
714 mqfs_allocv(struct mount *mp, struct vnode **vpp, struct mqfs_node *pn)
715 {
716 	struct mqfs_vdata *vd;
717 	struct mqfs_info  *mqfs;
718 	struct vnode *newvpp;
719 	int error;
720 
721 	mqfs = pn->mn_info;
722 	*vpp = NULL;
723 	sx_xlock(&mqfs->mi_lock);
724 	LIST_FOREACH(vd, &pn->mn_vnodes, mv_link) {
725 		if (vd->mv_vnode->v_mount == mp) {
726 			vhold(vd->mv_vnode);
727 			break;
728 		}
729 	}
730 
731 	if (vd != NULL) {
732 found:
733 		*vpp = vd->mv_vnode;
734 		sx_xunlock(&mqfs->mi_lock);
735 		error = vget(*vpp, LK_RETRY | LK_EXCLUSIVE, curthread);
736 		vdrop(*vpp);
737 		return (error);
738 	}
739 	sx_xunlock(&mqfs->mi_lock);
740 
741 	error = getnewvnode("mqueue", mp, &mqfs_vnodeops, &newvpp);
742 	if (error)
743 		return (error);
744 	vn_lock(newvpp, LK_EXCLUSIVE | LK_RETRY);
745 	error = insmntque(newvpp, mp);
746 	if (error != 0)
747 		return (error);
748 
749 	sx_xlock(&mqfs->mi_lock);
750 	/*
751 	 * Check if it has already been allocated
752 	 * while we were blocked.
753 	 */
754 	LIST_FOREACH(vd, &pn->mn_vnodes, mv_link) {
755 		if (vd->mv_vnode->v_mount == mp) {
756 			vhold(vd->mv_vnode);
757 			sx_xunlock(&mqfs->mi_lock);
758 
759 			vgone(newvpp);
760 			vput(newvpp);
761 			goto found;
762 		}
763 	}
764 
765 	*vpp = newvpp;
766 
767 	vd = uma_zalloc(mvdata_zone, M_WAITOK);
768 	(*vpp)->v_data = vd;
769 	vd->mv_vnode = *vpp;
770 	vd->mv_node = pn;
771 	TASK_INIT(&vd->mv_task, 0, do_recycle, *vpp);
772 	LIST_INSERT_HEAD(&pn->mn_vnodes, vd, mv_link);
773 	mqnode_addref(pn);
774 	switch (pn->mn_type) {
775 	case mqfstype_root:
776 		(*vpp)->v_vflag = VV_ROOT;
777 		/* fall through */
778 	case mqfstype_dir:
779 	case mqfstype_this:
780 	case mqfstype_parent:
781 		(*vpp)->v_type = VDIR;
782 		break;
783 	case mqfstype_file:
784 		(*vpp)->v_type = VREG;
785 		break;
786 	case mqfstype_symlink:
787 		(*vpp)->v_type = VLNK;
788 		break;
789 	case mqfstype_none:
790 		KASSERT(0, ("mqfs_allocf called for null node\n"));
791 	default:
792 		panic("%s has unexpected type: %d", pn->mn_name, pn->mn_type);
793 	}
794 	sx_xunlock(&mqfs->mi_lock);
795 	return (0);
796 }
797 
798 /*
799  * Search a directory entry
800  */
801 static struct mqfs_node *
802 mqfs_search(struct mqfs_node *pd, const char *name, int len)
803 {
804 	struct mqfs_node *pn;
805 
806 	sx_assert(&pd->mn_info->mi_lock, SX_LOCKED);
807 	LIST_FOREACH(pn, &pd->mn_children, mn_sibling) {
808 		if (strncmp(pn->mn_name, name, len) == 0 &&
809 		    pn->mn_name[len] == '\0')
810 			return (pn);
811 	}
812 	return (NULL);
813 }
814 
815 /*
816  * Look up a file or directory.
817  */
818 static int
819 mqfs_lookupx(struct vop_cachedlookup_args *ap)
820 {
821 	struct componentname *cnp;
822 	struct vnode *dvp, **vpp;
823 	struct mqfs_node *pd;
824 	struct mqfs_node *pn;
825 	struct mqfs_info *mqfs;
826 	int nameiop, flags, error, namelen;
827 	char *pname;
828 	struct thread *td;
829 
830 	cnp = ap->a_cnp;
831 	vpp = ap->a_vpp;
832 	dvp = ap->a_dvp;
833 	pname = cnp->cn_nameptr;
834 	namelen = cnp->cn_namelen;
835 	td = cnp->cn_thread;
836 	flags = cnp->cn_flags;
837 	nameiop = cnp->cn_nameiop;
838 	pd = VTON(dvp);
839 	pn = NULL;
840 	mqfs = pd->mn_info;
841 	*vpp = NULLVP;
842 
843 	if (dvp->v_type != VDIR)
844 		return (ENOTDIR);
845 
846 	error = VOP_ACCESS(dvp, VEXEC, cnp->cn_cred, cnp->cn_thread);
847 	if (error)
848 		return (error);
849 
850 	/* shortcut: check if the name is too long */
851 	if (cnp->cn_namelen >= MQFS_NAMELEN)
852 		return (ENOENT);
853 
854 	/* self */
855 	if (namelen == 1 && pname[0] == '.') {
856 		if ((flags & ISLASTCN) && nameiop != LOOKUP)
857 			return (EINVAL);
858 		pn = pd;
859 		*vpp = dvp;
860 		VREF(dvp);
861 		return (0);
862 	}
863 
864 	/* parent */
865 	if (cnp->cn_flags & ISDOTDOT) {
866 		if (dvp->v_vflag & VV_ROOT)
867 			return (EIO);
868 		if ((flags & ISLASTCN) && nameiop != LOOKUP)
869 			return (EINVAL);
870 		VOP_UNLOCK(dvp, 0);
871 		KASSERT(pd->mn_parent, ("non-root directory has no parent"));
872 		pn = pd->mn_parent;
873 		error = mqfs_allocv(dvp->v_mount, vpp, pn);
874 		vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY);
875 		return (error);
876 	}
877 
878 	/* named node */
879 	sx_xlock(&mqfs->mi_lock);
880 	pn = mqfs_search(pd, pname, namelen);
881 	if (pn != NULL)
882 		mqnode_addref(pn);
883 	sx_xunlock(&mqfs->mi_lock);
884 
885 	/* found */
886 	if (pn != NULL) {
887 		/* DELETE */
888 		if (nameiop == DELETE && (flags & ISLASTCN)) {
889 			error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred, td);
890 			if (error) {
891 				mqnode_release(pn);
892 				return (error);
893 			}
894 			if (*vpp == dvp) {
895 				VREF(dvp);
896 				*vpp = dvp;
897 				mqnode_release(pn);
898 				return (0);
899 			}
900 		}
901 
902 		/* allocate vnode */
903 		error = mqfs_allocv(dvp->v_mount, vpp, pn);
904 		mqnode_release(pn);
905 		if (error == 0 && cnp->cn_flags & MAKEENTRY)
906 			cache_enter(dvp, *vpp, cnp);
907 		return (error);
908 	}
909 
910 	/* not found */
911 
912 	/* will create a new entry in the directory ? */
913 	if ((nameiop == CREATE || nameiop == RENAME) && (flags & LOCKPARENT)
914 	    && (flags & ISLASTCN)) {
915 		error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred, td);
916 		if (error)
917 			return (error);
918 		cnp->cn_flags |= SAVENAME;
919 		return (EJUSTRETURN);
920 	}
921 	return (ENOENT);
922 }
923 
924 #if 0
925 struct vop_lookup_args {
926 	struct vop_generic_args a_gen;
927 	struct vnode *a_dvp;
928 	struct vnode **a_vpp;
929 	struct componentname *a_cnp;
930 };
931 #endif
932 
933 /*
934  * vnode lookup operation
935  */
936 static int
937 mqfs_lookup(struct vop_cachedlookup_args *ap)
938 {
939 	int rc;
940 
941 	rc = mqfs_lookupx(ap);
942 	return (rc);
943 }
944 
945 #if 0
946 struct vop_create_args {
947 	struct vnode *a_dvp;
948 	struct vnode **a_vpp;
949 	struct componentname *a_cnp;
950 	struct vattr *a_vap;
951 };
952 #endif
953 
954 /*
955  * vnode creation operation
956  */
957 static int
958 mqfs_create(struct vop_create_args *ap)
959 {
960 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_dvp->v_mount);
961 	struct componentname *cnp = ap->a_cnp;
962 	struct mqfs_node *pd;
963 	struct mqfs_node *pn;
964 	struct mqueue *mq;
965 	int error;
966 
967 	pd = VTON(ap->a_dvp);
968 	if (pd->mn_type != mqfstype_root && pd->mn_type != mqfstype_dir)
969 		return (ENOTDIR);
970 	mq = mqueue_alloc(NULL);
971 	if (mq == NULL)
972 		return (EAGAIN);
973 	sx_xlock(&mqfs->mi_lock);
974 	if ((cnp->cn_flags & HASBUF) == 0)
975 		panic("%s: no name", __func__);
976 	pn = mqfs_create_file(pd, cnp->cn_nameptr, cnp->cn_namelen,
977 		cnp->cn_cred, ap->a_vap->va_mode);
978 	if (pn == NULL) {
979 		sx_xunlock(&mqfs->mi_lock);
980 		error = ENOSPC;
981 	} else {
982 		mqnode_addref(pn);
983 		sx_xunlock(&mqfs->mi_lock);
984 		error = mqfs_allocv(ap->a_dvp->v_mount, ap->a_vpp, pn);
985 		mqnode_release(pn);
986 		if (error)
987 			mqfs_destroy(pn);
988 		else
989 			pn->mn_data = mq;
990 	}
991 	if (error)
992 		mqueue_free(mq);
993 	return (error);
994 }
995 
996 /*
997  * Remove an entry
998  */
999 static
1000 int do_unlink(struct mqfs_node *pn, struct ucred *ucred)
1001 {
1002 	struct mqfs_node *parent;
1003 	struct mqfs_vdata *vd;
1004 	int error = 0;
1005 
1006 	sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
1007 
1008 	if (ucred->cr_uid != pn->mn_uid &&
1009 	    (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0)
1010 		error = EACCES;
1011 	else if (!pn->mn_deleted) {
1012 		parent = pn->mn_parent;
1013 		pn->mn_parent = NULL;
1014 		pn->mn_deleted = 1;
1015 		LIST_REMOVE(pn, mn_sibling);
1016 		LIST_FOREACH(vd, &pn->mn_vnodes, mv_link) {
1017 			cache_purge(vd->mv_vnode);
1018 			vhold(vd->mv_vnode);
1019 			taskqueue_enqueue(taskqueue_thread, &vd->mv_task);
1020 		}
1021 		mqnode_release(pn);
1022 		mqnode_release(parent);
1023 	} else
1024 		error = ENOENT;
1025 	return (error);
1026 }
1027 
1028 #if 0
1029 struct vop_remove_args {
1030 	struct vnode *a_dvp;
1031 	struct vnode *a_vp;
1032 	struct componentname *a_cnp;
1033 };
1034 #endif
1035 
1036 /*
1037  * vnode removal operation
1038  */
1039 static int
1040 mqfs_remove(struct vop_remove_args *ap)
1041 {
1042 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_dvp->v_mount);
1043 	struct mqfs_node *pn;
1044 	int error;
1045 
1046 	if (ap->a_vp->v_type == VDIR)
1047                 return (EPERM);
1048 	pn = VTON(ap->a_vp);
1049 	sx_xlock(&mqfs->mi_lock);
1050 	error = do_unlink(pn, ap->a_cnp->cn_cred);
1051 	sx_xunlock(&mqfs->mi_lock);
1052 	return (error);
1053 }
1054 
1055 #if 0
1056 struct vop_inactive_args {
1057 	struct vnode *a_vp;
1058 	struct thread *a_td;
1059 };
1060 #endif
1061 
1062 static int
1063 mqfs_inactive(struct vop_inactive_args *ap)
1064 {
1065 	struct mqfs_node *pn = VTON(ap->a_vp);
1066 
1067 	if (pn->mn_deleted)
1068 		vrecycle(ap->a_vp);
1069 	return (0);
1070 }
1071 
1072 #if 0
1073 struct vop_reclaim_args {
1074 	struct vop_generic_args a_gen;
1075 	struct vnode *a_vp;
1076 	struct thread *a_td;
1077 };
1078 #endif
1079 
1080 static int
1081 mqfs_reclaim(struct vop_reclaim_args *ap)
1082 {
1083 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_vp->v_mount);
1084 	struct vnode *vp = ap->a_vp;
1085 	struct mqfs_node *pn;
1086 	struct mqfs_vdata *vd;
1087 
1088 	vd = vp->v_data;
1089 	pn = vd->mv_node;
1090 	sx_xlock(&mqfs->mi_lock);
1091 	vp->v_data = NULL;
1092 	LIST_REMOVE(vd, mv_link);
1093 	uma_zfree(mvdata_zone, vd);
1094 	mqnode_release(pn);
1095 	sx_xunlock(&mqfs->mi_lock);
1096 	return (0);
1097 }
1098 
1099 #if 0
1100 struct vop_open_args {
1101 	struct vop_generic_args a_gen;
1102 	struct vnode *a_vp;
1103 	int a_mode;
1104 	struct ucred *a_cred;
1105 	struct thread *a_td;
1106 	struct file *a_fp;
1107 };
1108 #endif
1109 
1110 static int
1111 mqfs_open(struct vop_open_args *ap)
1112 {
1113 	return (0);
1114 }
1115 
1116 #if 0
1117 struct vop_close_args {
1118 	struct vop_generic_args a_gen;
1119 	struct vnode *a_vp;
1120 	int a_fflag;
1121 	struct ucred *a_cred;
1122 	struct thread *a_td;
1123 };
1124 #endif
1125 
1126 static int
1127 mqfs_close(struct vop_close_args *ap)
1128 {
1129 	return (0);
1130 }
1131 
1132 #if 0
1133 struct vop_access_args {
1134 	struct vop_generic_args a_gen;
1135 	struct vnode *a_vp;
1136 	accmode_t a_accmode;
1137 	struct ucred *a_cred;
1138 	struct thread *a_td;
1139 };
1140 #endif
1141 
1142 /*
1143  * Verify permissions
1144  */
1145 static int
1146 mqfs_access(struct vop_access_args *ap)
1147 {
1148 	struct vnode *vp = ap->a_vp;
1149 	struct vattr vattr;
1150 	int error;
1151 
1152 	error = VOP_GETATTR(vp, &vattr, ap->a_cred);
1153 	if (error)
1154 		return (error);
1155 	error = vaccess(vp->v_type, vattr.va_mode, vattr.va_uid,
1156 	    vattr.va_gid, ap->a_accmode, ap->a_cred, NULL);
1157 	return (error);
1158 }
1159 
1160 #if 0
1161 struct vop_getattr_args {
1162 	struct vop_generic_args a_gen;
1163 	struct vnode *a_vp;
1164 	struct vattr *a_vap;
1165 	struct ucred *a_cred;
1166 };
1167 #endif
1168 
1169 /*
1170  * Get file attributes
1171  */
1172 static int
1173 mqfs_getattr(struct vop_getattr_args *ap)
1174 {
1175 	struct vnode *vp = ap->a_vp;
1176 	struct mqfs_node *pn = VTON(vp);
1177 	struct vattr *vap = ap->a_vap;
1178 	int error = 0;
1179 
1180 	vap->va_type = vp->v_type;
1181 	vap->va_mode = pn->mn_mode;
1182 	vap->va_nlink = 1;
1183 	vap->va_uid = pn->mn_uid;
1184 	vap->va_gid = pn->mn_gid;
1185 	vap->va_fsid = vp->v_mount->mnt_stat.f_fsid.val[0];
1186 	vap->va_fileid = pn->mn_fileno;
1187 	vap->va_size = 0;
1188 	vap->va_blocksize = PAGE_SIZE;
1189 	vap->va_bytes = vap->va_size = 0;
1190 	vap->va_atime = pn->mn_atime;
1191 	vap->va_mtime = pn->mn_mtime;
1192 	vap->va_ctime = pn->mn_ctime;
1193 	vap->va_birthtime = pn->mn_birth;
1194 	vap->va_gen = 0;
1195 	vap->va_flags = 0;
1196 	vap->va_rdev = NODEV;
1197 	vap->va_bytes = 0;
1198 	vap->va_filerev = 0;
1199 	return (error);
1200 }
1201 
1202 #if 0
1203 struct vop_setattr_args {
1204 	struct vop_generic_args a_gen;
1205 	struct vnode *a_vp;
1206 	struct vattr *a_vap;
1207 	struct ucred *a_cred;
1208 };
1209 #endif
1210 /*
1211  * Set attributes
1212  */
1213 static int
1214 mqfs_setattr(struct vop_setattr_args *ap)
1215 {
1216 	struct mqfs_node *pn;
1217 	struct vattr *vap;
1218 	struct vnode *vp;
1219 	struct thread *td;
1220 	int c, error;
1221 	uid_t uid;
1222 	gid_t gid;
1223 
1224 	td = curthread;
1225 	vap = ap->a_vap;
1226 	vp = ap->a_vp;
1227 	if ((vap->va_type != VNON) ||
1228 	    (vap->va_nlink != VNOVAL) ||
1229 	    (vap->va_fsid != VNOVAL) ||
1230 	    (vap->va_fileid != VNOVAL) ||
1231 	    (vap->va_blocksize != VNOVAL) ||
1232 	    (vap->va_flags != VNOVAL && vap->va_flags != 0) ||
1233 	    (vap->va_rdev != VNOVAL) ||
1234 	    ((int)vap->va_bytes != VNOVAL) ||
1235 	    (vap->va_gen != VNOVAL)) {
1236 		return (EINVAL);
1237 	}
1238 
1239 	pn = VTON(vp);
1240 
1241 	error = c = 0;
1242 	if (vap->va_uid == (uid_t)VNOVAL)
1243 		uid = pn->mn_uid;
1244 	else
1245 		uid = vap->va_uid;
1246 	if (vap->va_gid == (gid_t)VNOVAL)
1247 		gid = pn->mn_gid;
1248 	else
1249 		gid = vap->va_gid;
1250 
1251 	if (uid != pn->mn_uid || gid != pn->mn_gid) {
1252 		/*
1253 		 * To modify the ownership of a file, must possess VADMIN
1254 		 * for that file.
1255 		 */
1256 		if ((error = VOP_ACCESS(vp, VADMIN, ap->a_cred, td)))
1257 			return (error);
1258 
1259 		/*
1260 		 * XXXRW: Why is there a privilege check here: shouldn't the
1261 		 * check in VOP_ACCESS() be enough?  Also, are the group bits
1262 		 * below definitely right?
1263 		 */
1264 		if (((ap->a_cred->cr_uid != pn->mn_uid) || uid != pn->mn_uid ||
1265 		    (gid != pn->mn_gid && !groupmember(gid, ap->a_cred))) &&
1266 		    (error = priv_check(td, PRIV_MQ_ADMIN)) != 0)
1267 			return (error);
1268 		pn->mn_uid = uid;
1269 		pn->mn_gid = gid;
1270 		c = 1;
1271 	}
1272 
1273 	if (vap->va_mode != (mode_t)VNOVAL) {
1274 		if ((ap->a_cred->cr_uid != pn->mn_uid) &&
1275 		    (error = priv_check(td, PRIV_MQ_ADMIN)))
1276 			return (error);
1277 		pn->mn_mode = vap->va_mode;
1278 		c = 1;
1279 	}
1280 
1281 	if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
1282 		/* See the comment in ufs_vnops::ufs_setattr(). */
1283 		if ((error = VOP_ACCESS(vp, VADMIN, ap->a_cred, td)) &&
1284 		    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
1285 		    (error = VOP_ACCESS(vp, VWRITE, ap->a_cred, td))))
1286 			return (error);
1287 		if (vap->va_atime.tv_sec != VNOVAL) {
1288 			pn->mn_atime = vap->va_atime;
1289 		}
1290 		if (vap->va_mtime.tv_sec != VNOVAL) {
1291 			pn->mn_mtime = vap->va_mtime;
1292 		}
1293 		c = 1;
1294 	}
1295 	if (c) {
1296 		vfs_timestamp(&pn->mn_ctime);
1297 	}
1298 	return (0);
1299 }
1300 
1301 #if 0
1302 struct vop_read_args {
1303 	struct vop_generic_args a_gen;
1304 	struct vnode *a_vp;
1305 	struct uio *a_uio;
1306 	int a_ioflag;
1307 	struct ucred *a_cred;
1308 };
1309 #endif
1310 
1311 /*
1312  * Read from a file
1313  */
1314 static int
1315 mqfs_read(struct vop_read_args *ap)
1316 {
1317 	char buf[80];
1318 	struct vnode *vp = ap->a_vp;
1319 	struct uio *uio = ap->a_uio;
1320 	struct mqfs_node *pn;
1321 	struct mqueue *mq;
1322 	int len, error;
1323 
1324 	if (vp->v_type != VREG)
1325 		return (EINVAL);
1326 
1327 	pn = VTON(vp);
1328 	mq = VTOMQ(vp);
1329 	snprintf(buf, sizeof(buf),
1330 		"QSIZE:%-10ld MAXMSG:%-10ld CURMSG:%-10ld MSGSIZE:%-10ld\n",
1331 		mq->mq_totalbytes,
1332 		mq->mq_maxmsg,
1333 		mq->mq_curmsgs,
1334 		mq->mq_msgsize);
1335 	buf[sizeof(buf)-1] = '\0';
1336 	len = strlen(buf);
1337 	error = uiomove_frombuf(buf, len, uio);
1338 	return (error);
1339 }
1340 
1341 #if 0
1342 struct vop_readdir_args {
1343 	struct vop_generic_args a_gen;
1344 	struct vnode *a_vp;
1345 	struct uio *a_uio;
1346 	struct ucred *a_cred;
1347 	int *a_eofflag;
1348 	int *a_ncookies;
1349 	u_long **a_cookies;
1350 };
1351 #endif
1352 
1353 /*
1354  * Return directory entries.
1355  */
1356 static int
1357 mqfs_readdir(struct vop_readdir_args *ap)
1358 {
1359 	struct vnode *vp;
1360 	struct mqfs_info *mi;
1361 	struct mqfs_node *pd;
1362 	struct mqfs_node *pn;
1363 	struct dirent entry;
1364 	struct uio *uio;
1365 	int *tmp_ncookies = NULL;
1366 	off_t offset;
1367 	int error, i;
1368 
1369 	vp = ap->a_vp;
1370 	mi = VFSTOMQFS(vp->v_mount);
1371 	pd = VTON(vp);
1372 	uio = ap->a_uio;
1373 
1374 	if (vp->v_type != VDIR)
1375 		return (ENOTDIR);
1376 
1377 	if (uio->uio_offset < 0)
1378 		return (EINVAL);
1379 
1380 	if (ap->a_ncookies != NULL) {
1381 		tmp_ncookies = ap->a_ncookies;
1382 		*ap->a_ncookies = 0;
1383 		ap->a_ncookies = NULL;
1384         }
1385 
1386 	error = 0;
1387 	offset = 0;
1388 
1389 	sx_xlock(&mi->mi_lock);
1390 
1391 	LIST_FOREACH(pn, &pd->mn_children, mn_sibling) {
1392 		entry.d_reclen = sizeof(entry);
1393 		if (!pn->mn_fileno)
1394 			mqfs_fileno_alloc(mi, pn);
1395 		entry.d_fileno = pn->mn_fileno;
1396 		for (i = 0; i < MQFS_NAMELEN - 1 && pn->mn_name[i] != '\0'; ++i)
1397 			entry.d_name[i] = pn->mn_name[i];
1398 		entry.d_name[i] = 0;
1399 		entry.d_namlen = i;
1400 		switch (pn->mn_type) {
1401 		case mqfstype_root:
1402 		case mqfstype_dir:
1403 		case mqfstype_this:
1404 		case mqfstype_parent:
1405 			entry.d_type = DT_DIR;
1406 			break;
1407 		case mqfstype_file:
1408 			entry.d_type = DT_REG;
1409 			break;
1410 		case mqfstype_symlink:
1411 			entry.d_type = DT_LNK;
1412 			break;
1413 		default:
1414 			panic("%s has unexpected node type: %d", pn->mn_name,
1415 				pn->mn_type);
1416 		}
1417 		if (entry.d_reclen > uio->uio_resid)
1418                         break;
1419 		if (offset >= uio->uio_offset) {
1420 			error = vfs_read_dirent(ap, &entry, offset);
1421                         if (error)
1422                                 break;
1423                 }
1424                 offset += entry.d_reclen;
1425 	}
1426 	sx_xunlock(&mi->mi_lock);
1427 
1428 	uio->uio_offset = offset;
1429 
1430 	if (tmp_ncookies != NULL)
1431 		ap->a_ncookies = tmp_ncookies;
1432 
1433 	return (error);
1434 }
1435 
1436 #ifdef notyet
1437 
1438 #if 0
1439 struct vop_mkdir_args {
1440 	struct vnode *a_dvp;
1441 	struvt vnode **a_vpp;
1442 	struvt componentname *a_cnp;
1443 	struct vattr *a_vap;
1444 };
1445 #endif
1446 
1447 /*
1448  * Create a directory.
1449  */
1450 static int
1451 mqfs_mkdir(struct vop_mkdir_args *ap)
1452 {
1453 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_dvp->v_mount);
1454 	struct componentname *cnp = ap->a_cnp;
1455 	struct mqfs_node *pd = VTON(ap->a_dvp);
1456 	struct mqfs_node *pn;
1457 	int error;
1458 
1459 	if (pd->mn_type != mqfstype_root && pd->mn_type != mqfstype_dir)
1460 		return (ENOTDIR);
1461 	sx_xlock(&mqfs->mi_lock);
1462 	if ((cnp->cn_flags & HASBUF) == 0)
1463 		panic("%s: no name", __func__);
1464 	pn = mqfs_create_dir(pd, cnp->cn_nameptr, cnp->cn_namelen,
1465 		ap->a_vap->cn_cred, ap->a_vap->va_mode);
1466 	if (pn != NULL)
1467 		mqnode_addref(pn);
1468 	sx_xunlock(&mqfs->mi_lock);
1469 	if (pn == NULL) {
1470 		error = ENOSPC;
1471 	} else {
1472 		error = mqfs_allocv(ap->a_dvp->v_mount, ap->a_vpp, pn);
1473 		mqnode_release(pn);
1474 	}
1475 	return (error);
1476 }
1477 
1478 #if 0
1479 struct vop_rmdir_args {
1480 	struct vnode *a_dvp;
1481 	struct vnode *a_vp;
1482 	struct componentname *a_cnp;
1483 };
1484 #endif
1485 
1486 /*
1487  * Remove a directory.
1488  */
1489 static int
1490 mqfs_rmdir(struct vop_rmdir_args *ap)
1491 {
1492 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_dvp->v_mount);
1493 	struct mqfs_node *pn = VTON(ap->a_vp);
1494 	struct mqfs_node *pt;
1495 
1496 	if (pn->mn_type != mqfstype_dir)
1497 		return (ENOTDIR);
1498 
1499 	sx_xlock(&mqfs->mi_lock);
1500 	if (pn->mn_deleted) {
1501 		sx_xunlock(&mqfs->mi_lock);
1502 		return (ENOENT);
1503 	}
1504 
1505 	pt = LIST_FIRST(&pn->mn_children);
1506 	pt = LIST_NEXT(pt, mn_sibling);
1507 	pt = LIST_NEXT(pt, mn_sibling);
1508 	if (pt != NULL) {
1509 		sx_xunlock(&mqfs->mi_lock);
1510 		return (ENOTEMPTY);
1511 	}
1512 	pt = pn->mn_parent;
1513 	pn->mn_parent = NULL;
1514 	pn->mn_deleted = 1;
1515 	LIST_REMOVE(pn, mn_sibling);
1516 	mqnode_release(pn);
1517 	mqnode_release(pt);
1518 	sx_xunlock(&mqfs->mi_lock);
1519 	cache_purge(ap->a_vp);
1520 	return (0);
1521 }
1522 
1523 #endif /* notyet */
1524 
1525 /*
1526  * Allocate a message queue
1527  */
1528 static struct mqueue *
1529 mqueue_alloc(const struct mq_attr *attr)
1530 {
1531 	struct mqueue *mq;
1532 
1533 	if (curmq >= maxmq)
1534 		return (NULL);
1535 	mq = uma_zalloc(mqueue_zone, M_WAITOK | M_ZERO);
1536 	TAILQ_INIT(&mq->mq_msgq);
1537 	if (attr != NULL) {
1538 		mq->mq_maxmsg = attr->mq_maxmsg;
1539 		mq->mq_msgsize = attr->mq_msgsize;
1540 	} else {
1541 		mq->mq_maxmsg = default_maxmsg;
1542 		mq->mq_msgsize = default_msgsize;
1543 	}
1544 	mtx_init(&mq->mq_mutex, "mqueue lock", NULL, MTX_DEF);
1545 	knlist_init_mtx(&mq->mq_rsel.si_note, &mq->mq_mutex);
1546 	knlist_init_mtx(&mq->mq_wsel.si_note, &mq->mq_mutex);
1547 	atomic_add_int(&curmq, 1);
1548 	return (mq);
1549 }
1550 
1551 /*
1552  * Destroy a message queue
1553  */
1554 static void
1555 mqueue_free(struct mqueue *mq)
1556 {
1557 	struct mqueue_msg *msg;
1558 
1559 	while ((msg = TAILQ_FIRST(&mq->mq_msgq)) != NULL) {
1560 		TAILQ_REMOVE(&mq->mq_msgq, msg, msg_link);
1561 		free(msg, M_MQUEUEDATA);
1562 	}
1563 
1564 	mtx_destroy(&mq->mq_mutex);
1565 	seldrain(&mq->mq_rsel);
1566 	seldrain(&mq->mq_wsel);
1567 	knlist_destroy(&mq->mq_rsel.si_note);
1568 	knlist_destroy(&mq->mq_wsel.si_note);
1569 	uma_zfree(mqueue_zone, mq);
1570 	atomic_add_int(&curmq, -1);
1571 }
1572 
1573 /*
1574  * Load a message from user space
1575  */
1576 static struct mqueue_msg *
1577 mqueue_loadmsg(const char *msg_ptr, size_t msg_size, int msg_prio)
1578 {
1579 	struct mqueue_msg *msg;
1580 	size_t len;
1581 	int error;
1582 
1583 	len = sizeof(struct mqueue_msg) + msg_size;
1584 	msg = malloc(len, M_MQUEUEDATA, M_WAITOK);
1585 	error = copyin(msg_ptr, ((char *)msg) + sizeof(struct mqueue_msg),
1586 	    msg_size);
1587 	if (error) {
1588 		free(msg, M_MQUEUEDATA);
1589 		msg = NULL;
1590 	} else {
1591 		msg->msg_size = msg_size;
1592 		msg->msg_prio = msg_prio;
1593 	}
1594 	return (msg);
1595 }
1596 
1597 /*
1598  * Save a message to user space
1599  */
1600 static int
1601 mqueue_savemsg(struct mqueue_msg *msg, char *msg_ptr, int *msg_prio)
1602 {
1603 	int error;
1604 
1605 	error = copyout(((char *)msg) + sizeof(*msg), msg_ptr,
1606 		msg->msg_size);
1607 	if (error == 0 && msg_prio != NULL)
1608 		error = copyout(&msg->msg_prio, msg_prio, sizeof(int));
1609 	return (error);
1610 }
1611 
1612 /*
1613  * Free a message's memory
1614  */
1615 static __inline void
1616 mqueue_freemsg(struct mqueue_msg *msg)
1617 {
1618 	free(msg, M_MQUEUEDATA);
1619 }
1620 
1621 /*
1622  * Send a message. if waitok is false, thread will not be
1623  * blocked if there is no data in queue, otherwise, absolute
1624  * time will be checked.
1625  */
1626 int
1627 mqueue_send(struct mqueue *mq, const char *msg_ptr,
1628 	size_t msg_len, unsigned msg_prio, int waitok,
1629 	const struct timespec *abs_timeout)
1630 {
1631 	struct mqueue_msg *msg;
1632 	struct timespec ts, ts2;
1633 	struct timeval tv;
1634 	int error;
1635 
1636 	if (msg_prio >= MQ_PRIO_MAX)
1637 		return (EINVAL);
1638 	if (msg_len > mq->mq_msgsize)
1639 		return (EMSGSIZE);
1640 	msg = mqueue_loadmsg(msg_ptr, msg_len, msg_prio);
1641 	if (msg == NULL)
1642 		return (EFAULT);
1643 
1644 	/* O_NONBLOCK case */
1645 	if (!waitok) {
1646 		error = _mqueue_send(mq, msg, -1);
1647 		if (error)
1648 			goto bad;
1649 		return (0);
1650 	}
1651 
1652 	/* we allow a null timeout (wait forever) */
1653 	if (abs_timeout == NULL) {
1654 		error = _mqueue_send(mq, msg, 0);
1655 		if (error)
1656 			goto bad;
1657 		return (0);
1658 	}
1659 
1660 	/* send it before checking time */
1661 	error = _mqueue_send(mq, msg, -1);
1662 	if (error == 0)
1663 		return (0);
1664 
1665 	if (error != EAGAIN)
1666 		goto bad;
1667 
1668 	if (abs_timeout->tv_nsec >= 1000000000 || abs_timeout->tv_nsec < 0) {
1669 		error = EINVAL;
1670 		goto bad;
1671 	}
1672 	for (;;) {
1673 		ts2 = *abs_timeout;
1674 		getnanotime(&ts);
1675 		timespecsub(&ts2, &ts);
1676 		if (ts2.tv_sec < 0 || (ts2.tv_sec == 0 && ts2.tv_nsec <= 0)) {
1677 			error = ETIMEDOUT;
1678 			break;
1679 		}
1680 		TIMESPEC_TO_TIMEVAL(&tv, &ts2);
1681 		error = _mqueue_send(mq, msg, tvtohz(&tv));
1682 		if (error != ETIMEDOUT)
1683 			break;
1684 	}
1685 	if (error == 0)
1686 		return (0);
1687 bad:
1688 	mqueue_freemsg(msg);
1689 	return (error);
1690 }
1691 
1692 /*
1693  * Common routine to send a message
1694  */
1695 static int
1696 _mqueue_send(struct mqueue *mq, struct mqueue_msg *msg, int timo)
1697 {
1698 	struct mqueue_msg *msg2;
1699 	int error = 0;
1700 
1701 	mtx_lock(&mq->mq_mutex);
1702 	while (mq->mq_curmsgs >= mq->mq_maxmsg && error == 0) {
1703 		if (timo < 0) {
1704 			mtx_unlock(&mq->mq_mutex);
1705 			return (EAGAIN);
1706 		}
1707 		mq->mq_senders++;
1708 		error = msleep(&mq->mq_senders, &mq->mq_mutex,
1709 			    PCATCH, "mqsend", timo);
1710 		mq->mq_senders--;
1711 		if (error == EAGAIN)
1712 			error = ETIMEDOUT;
1713 	}
1714 	if (mq->mq_curmsgs >= mq->mq_maxmsg) {
1715 		mtx_unlock(&mq->mq_mutex);
1716 		return (error);
1717 	}
1718 	error = 0;
1719 	if (TAILQ_EMPTY(&mq->mq_msgq)) {
1720 		TAILQ_INSERT_HEAD(&mq->mq_msgq, msg, msg_link);
1721 	} else {
1722 		if (msg->msg_prio <= TAILQ_LAST(&mq->mq_msgq, msgq)->msg_prio) {
1723 			TAILQ_INSERT_TAIL(&mq->mq_msgq, msg, msg_link);
1724 		} else {
1725 			TAILQ_FOREACH(msg2, &mq->mq_msgq, msg_link) {
1726 				if (msg2->msg_prio < msg->msg_prio)
1727 					break;
1728 			}
1729 			TAILQ_INSERT_BEFORE(msg2, msg, msg_link);
1730 		}
1731 	}
1732 	mq->mq_curmsgs++;
1733 	mq->mq_totalbytes += msg->msg_size;
1734 	if (mq->mq_receivers)
1735 		wakeup_one(&mq->mq_receivers);
1736 	else if (mq->mq_notifier != NULL)
1737 		mqueue_send_notification(mq);
1738 	if (mq->mq_flags & MQ_RSEL) {
1739 		mq->mq_flags &= ~MQ_RSEL;
1740 		selwakeup(&mq->mq_rsel);
1741 	}
1742 	KNOTE_LOCKED(&mq->mq_rsel.si_note, 0);
1743 	mtx_unlock(&mq->mq_mutex);
1744 	return (0);
1745 }
1746 
1747 /*
1748  * Send realtime a signal to process which registered itself
1749  * successfully by mq_notify.
1750  */
1751 static void
1752 mqueue_send_notification(struct mqueue *mq)
1753 {
1754 	struct mqueue_notifier *nt;
1755 	struct thread *td;
1756 	struct proc *p;
1757 	int error;
1758 
1759 	mtx_assert(&mq->mq_mutex, MA_OWNED);
1760 	nt = mq->mq_notifier;
1761 	if (nt->nt_sigev.sigev_notify != SIGEV_NONE) {
1762 		p = nt->nt_proc;
1763 		error = sigev_findtd(p, &nt->nt_sigev, &td);
1764 		if (error) {
1765 			mq->mq_notifier = NULL;
1766 			return;
1767 		}
1768 		if (!KSI_ONQ(&nt->nt_ksi)) {
1769 			ksiginfo_set_sigev(&nt->nt_ksi, &nt->nt_sigev);
1770 			tdsendsignal(p, td, nt->nt_ksi.ksi_signo, &nt->nt_ksi);
1771 		}
1772 		PROC_UNLOCK(p);
1773 	}
1774 	mq->mq_notifier = NULL;
1775 }
1776 
1777 /*
1778  * Get a message. if waitok is false, thread will not be
1779  * blocked if there is no data in queue, otherwise, absolute
1780  * time will be checked.
1781  */
1782 int
1783 mqueue_receive(struct mqueue *mq, char *msg_ptr,
1784 	size_t msg_len, unsigned *msg_prio, int waitok,
1785 	const struct timespec *abs_timeout)
1786 {
1787 	struct mqueue_msg *msg;
1788 	struct timespec ts, ts2;
1789 	struct timeval tv;
1790 	int error;
1791 
1792 	if (msg_len < mq->mq_msgsize)
1793 		return (EMSGSIZE);
1794 
1795 	/* O_NONBLOCK case */
1796 	if (!waitok) {
1797 		error = _mqueue_recv(mq, &msg, -1);
1798 		if (error)
1799 			return (error);
1800 		goto received;
1801 	}
1802 
1803 	/* we allow a null timeout (wait forever). */
1804 	if (abs_timeout == NULL) {
1805 		error = _mqueue_recv(mq, &msg, 0);
1806 		if (error)
1807 			return (error);
1808 		goto received;
1809 	}
1810 
1811 	/* try to get a message before checking time */
1812 	error = _mqueue_recv(mq, &msg, -1);
1813 	if (error == 0)
1814 		goto received;
1815 
1816 	if (error != EAGAIN)
1817 		return (error);
1818 
1819 	if (abs_timeout->tv_nsec >= 1000000000 || abs_timeout->tv_nsec < 0) {
1820 		error = EINVAL;
1821 		return (error);
1822 	}
1823 
1824 	for (;;) {
1825 		ts2 = *abs_timeout;
1826 		getnanotime(&ts);
1827 		timespecsub(&ts2, &ts);
1828 		if (ts2.tv_sec < 0 || (ts2.tv_sec == 0 && ts2.tv_nsec <= 0)) {
1829 			error = ETIMEDOUT;
1830 			return (error);
1831 		}
1832 		TIMESPEC_TO_TIMEVAL(&tv, &ts2);
1833 		error = _mqueue_recv(mq, &msg, tvtohz(&tv));
1834 		if (error == 0)
1835 			break;
1836 		if (error != ETIMEDOUT)
1837 			return (error);
1838 	}
1839 
1840 received:
1841 	error = mqueue_savemsg(msg, msg_ptr, msg_prio);
1842 	if (error == 0) {
1843 		curthread->td_retval[0] = msg->msg_size;
1844 		curthread->td_retval[1] = 0;
1845 	}
1846 	mqueue_freemsg(msg);
1847 	return (error);
1848 }
1849 
1850 /*
1851  * Common routine to receive a message
1852  */
1853 static int
1854 _mqueue_recv(struct mqueue *mq, struct mqueue_msg **msg, int timo)
1855 {
1856 	int error = 0;
1857 
1858 	mtx_lock(&mq->mq_mutex);
1859 	while ((*msg = TAILQ_FIRST(&mq->mq_msgq)) == NULL && error == 0) {
1860 		if (timo < 0) {
1861 			mtx_unlock(&mq->mq_mutex);
1862 			return (EAGAIN);
1863 		}
1864 		mq->mq_receivers++;
1865 		error = msleep(&mq->mq_receivers, &mq->mq_mutex,
1866 			    PCATCH, "mqrecv", timo);
1867 		mq->mq_receivers--;
1868 		if (error == EAGAIN)
1869 			error = ETIMEDOUT;
1870 	}
1871 	if (*msg != NULL) {
1872 		error = 0;
1873 		TAILQ_REMOVE(&mq->mq_msgq, *msg, msg_link);
1874 		mq->mq_curmsgs--;
1875 		mq->mq_totalbytes -= (*msg)->msg_size;
1876 		if (mq->mq_senders)
1877 			wakeup_one(&mq->mq_senders);
1878 		if (mq->mq_flags & MQ_WSEL) {
1879 			mq->mq_flags &= ~MQ_WSEL;
1880 			selwakeup(&mq->mq_wsel);
1881 		}
1882 		KNOTE_LOCKED(&mq->mq_wsel.si_note, 0);
1883 	}
1884 	if (mq->mq_notifier != NULL && mq->mq_receivers == 0 &&
1885 	    !TAILQ_EMPTY(&mq->mq_msgq)) {
1886 		mqueue_send_notification(mq);
1887 	}
1888 	mtx_unlock(&mq->mq_mutex);
1889 	return (error);
1890 }
1891 
1892 static __inline struct mqueue_notifier *
1893 notifier_alloc(void)
1894 {
1895 	return (uma_zalloc(mqnoti_zone, M_WAITOK | M_ZERO));
1896 }
1897 
1898 static __inline void
1899 notifier_free(struct mqueue_notifier *p)
1900 {
1901 	uma_zfree(mqnoti_zone, p);
1902 }
1903 
1904 static struct mqueue_notifier *
1905 notifier_search(struct proc *p, int fd)
1906 {
1907 	struct mqueue_notifier *nt;
1908 
1909 	LIST_FOREACH(nt, &p->p_mqnotifier, nt_link) {
1910 		if (nt->nt_ksi.ksi_mqd == fd)
1911 			break;
1912 	}
1913 	return (nt);
1914 }
1915 
1916 static __inline void
1917 notifier_insert(struct proc *p, struct mqueue_notifier *nt)
1918 {
1919 	LIST_INSERT_HEAD(&p->p_mqnotifier, nt, nt_link);
1920 }
1921 
1922 static __inline void
1923 notifier_delete(struct proc *p, struct mqueue_notifier *nt)
1924 {
1925 	LIST_REMOVE(nt, nt_link);
1926 	notifier_free(nt);
1927 }
1928 
1929 static void
1930 notifier_remove(struct proc *p, struct mqueue *mq, int fd)
1931 {
1932 	struct mqueue_notifier *nt;
1933 
1934 	mtx_assert(&mq->mq_mutex, MA_OWNED);
1935 	PROC_LOCK(p);
1936 	nt = notifier_search(p, fd);
1937 	if (nt != NULL) {
1938 		if (mq->mq_notifier == nt)
1939 			mq->mq_notifier = NULL;
1940 		sigqueue_take(&nt->nt_ksi);
1941 		notifier_delete(p, nt);
1942 	}
1943 	PROC_UNLOCK(p);
1944 }
1945 
1946 static int
1947 kern_kmq_open(struct thread *td, const char *upath, int flags, mode_t mode,
1948     const struct mq_attr *attr)
1949 {
1950 	char path[MQFS_NAMELEN + 1];
1951 	struct mqfs_node *pn;
1952 	struct filedesc *fdp;
1953 	struct file *fp;
1954 	struct mqueue *mq;
1955 	int fd, error, len, cmode;
1956 
1957 	fdp = td->td_proc->p_fd;
1958 	cmode = (((mode & ~fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT);
1959 	mq = NULL;
1960 	if ((flags & O_CREAT) != 0 && attr != NULL) {
1961 		if (attr->mq_maxmsg <= 0 || attr->mq_maxmsg > maxmsg)
1962 			return (EINVAL);
1963 		if (attr->mq_msgsize <= 0 || attr->mq_msgsize > maxmsgsize)
1964 			return (EINVAL);
1965 	}
1966 
1967 	error = copyinstr(upath, path, MQFS_NAMELEN + 1, NULL);
1968         if (error)
1969 		return (error);
1970 
1971 	/*
1972 	 * The first character of name must be a slash  (/) character
1973 	 * and the remaining characters of name cannot include any slash
1974 	 * characters.
1975 	 */
1976 	len = strlen(path);
1977 	if (len < 2 || path[0] != '/' || strchr(path + 1, '/') != NULL)
1978 		return (EINVAL);
1979 
1980 	error = falloc(td, &fp, &fd, 0);
1981 	if (error)
1982 		return (error);
1983 
1984 	sx_xlock(&mqfs_data.mi_lock);
1985 	pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1);
1986 	if (pn == NULL) {
1987 		if (!(flags & O_CREAT)) {
1988 			error = ENOENT;
1989 		} else {
1990 			mq = mqueue_alloc(attr);
1991 			if (mq == NULL) {
1992 				error = ENFILE;
1993 			} else {
1994 				pn = mqfs_create_file(mqfs_data.mi_root,
1995 				         path + 1, len - 1, td->td_ucred,
1996 					 cmode);
1997 				if (pn == NULL) {
1998 					error = ENOSPC;
1999 					mqueue_free(mq);
2000 				}
2001 			}
2002 		}
2003 
2004 		if (error == 0) {
2005 			pn->mn_data = mq;
2006 		}
2007 	} else {
2008 		if ((flags & (O_CREAT | O_EXCL)) == (O_CREAT | O_EXCL)) {
2009 			error = EEXIST;
2010 		} else {
2011 			accmode_t accmode = 0;
2012 
2013 			if (flags & FREAD)
2014 				accmode |= VREAD;
2015 			if (flags & FWRITE)
2016 				accmode |= VWRITE;
2017 			error = vaccess(VREG, pn->mn_mode, pn->mn_uid,
2018 				    pn->mn_gid, accmode, td->td_ucred, NULL);
2019 		}
2020 	}
2021 
2022 	if (error) {
2023 		sx_xunlock(&mqfs_data.mi_lock);
2024 		fdclose(fdp, fp, fd, td);
2025 		fdrop(fp, td);
2026 		return (error);
2027 	}
2028 
2029 	mqnode_addref(pn);
2030 	sx_xunlock(&mqfs_data.mi_lock);
2031 
2032 	finit(fp, flags & (FREAD | FWRITE | O_NONBLOCK), DTYPE_MQUEUE, pn,
2033 	    &mqueueops);
2034 
2035 	FILEDESC_XLOCK(fdp);
2036 	if (fdp->fd_ofiles[fd] == fp)
2037 		fdp->fd_ofileflags[fd] |= UF_EXCLOSE;
2038 	FILEDESC_XUNLOCK(fdp);
2039 	td->td_retval[0] = fd;
2040 	fdrop(fp, td);
2041 	return (0);
2042 }
2043 
2044 /*
2045  * Syscall to open a message queue.
2046  */
2047 int
2048 sys_kmq_open(struct thread *td, struct kmq_open_args *uap)
2049 {
2050 	struct mq_attr attr;
2051 	int flags, error;
2052 
2053 	if ((uap->flags & O_ACCMODE) == O_ACCMODE)
2054 		return (EINVAL);
2055 	flags = FFLAGS(uap->flags);
2056 	if ((flags & O_CREAT) != 0 && uap->attr != NULL) {
2057 		error = copyin(uap->attr, &attr, sizeof(attr));
2058 		if (error)
2059 			return (error);
2060 	}
2061 	return (kern_kmq_open(td, uap->path, flags, uap->mode,
2062 	    uap->attr != NULL ? &attr : NULL));
2063 }
2064 
2065 /*
2066  * Syscall to unlink a message queue.
2067  */
2068 int
2069 sys_kmq_unlink(struct thread *td, struct kmq_unlink_args *uap)
2070 {
2071 	char path[MQFS_NAMELEN+1];
2072 	struct mqfs_node *pn;
2073 	int error, len;
2074 
2075 	error = copyinstr(uap->path, path, MQFS_NAMELEN + 1, NULL);
2076         if (error)
2077 		return (error);
2078 
2079 	len = strlen(path);
2080 	if (len < 2 || path[0] != '/' || strchr(path + 1, '/') != NULL)
2081 		return (EINVAL);
2082 
2083 	sx_xlock(&mqfs_data.mi_lock);
2084 	pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1);
2085 	if (pn != NULL)
2086 		error = do_unlink(pn, td->td_ucred);
2087 	else
2088 		error = ENOENT;
2089 	sx_xunlock(&mqfs_data.mi_lock);
2090 	return (error);
2091 }
2092 
2093 typedef int (*_fgetf)(struct thread *, int, cap_rights_t, struct file **);
2094 
2095 /*
2096  * Get message queue by giving file slot
2097  */
2098 static int
2099 _getmq(struct thread *td, int fd, cap_rights_t rights, _fgetf func,
2100        struct file **fpp, struct mqfs_node **ppn, struct mqueue **pmq)
2101 {
2102 	struct mqfs_node *pn;
2103 	int error;
2104 
2105 	error = func(td, fd, rights, fpp);
2106 	if (error)
2107 		return (error);
2108 	if (&mqueueops != (*fpp)->f_ops) {
2109 		fdrop(*fpp, td);
2110 		return (EBADF);
2111 	}
2112 	pn = (*fpp)->f_data;
2113 	if (ppn)
2114 		*ppn = pn;
2115 	if (pmq)
2116 		*pmq = pn->mn_data;
2117 	return (0);
2118 }
2119 
2120 static __inline int
2121 getmq(struct thread *td, int fd, struct file **fpp, struct mqfs_node **ppn,
2122 	struct mqueue **pmq)
2123 {
2124 	return _getmq(td, fd, CAP_POLL_EVENT, fget, fpp, ppn, pmq);
2125 }
2126 
2127 static __inline int
2128 getmq_read(struct thread *td, int fd, struct file **fpp,
2129 	 struct mqfs_node **ppn, struct mqueue **pmq)
2130 {
2131 	return _getmq(td, fd, CAP_READ, fget_read, fpp, ppn, pmq);
2132 }
2133 
2134 static __inline int
2135 getmq_write(struct thread *td, int fd, struct file **fpp,
2136 	struct mqfs_node **ppn, struct mqueue **pmq)
2137 {
2138 	return _getmq(td, fd, CAP_WRITE, fget_write, fpp, ppn, pmq);
2139 }
2140 
2141 static int
2142 kern_kmq_setattr(struct thread *td, int mqd, const struct mq_attr *attr,
2143     struct mq_attr *oattr)
2144 {
2145 	struct mqueue *mq;
2146 	struct file *fp;
2147 	u_int oflag, flag;
2148 	int error;
2149 
2150 	if (attr != NULL && (attr->mq_flags & ~O_NONBLOCK) != 0)
2151 		return (EINVAL);
2152 	error = getmq(td, mqd, &fp, NULL, &mq);
2153 	if (error)
2154 		return (error);
2155 	oattr->mq_maxmsg  = mq->mq_maxmsg;
2156 	oattr->mq_msgsize = mq->mq_msgsize;
2157 	oattr->mq_curmsgs = mq->mq_curmsgs;
2158 	if (attr != NULL) {
2159 		do {
2160 			oflag = flag = fp->f_flag;
2161 			flag &= ~O_NONBLOCK;
2162 			flag |= (attr->mq_flags & O_NONBLOCK);
2163 		} while (atomic_cmpset_int(&fp->f_flag, oflag, flag) == 0);
2164 	} else
2165 		oflag = fp->f_flag;
2166 	oattr->mq_flags = (O_NONBLOCK & oflag);
2167 	fdrop(fp, td);
2168 	return (error);
2169 }
2170 
2171 int
2172 sys_kmq_setattr(struct thread *td, struct kmq_setattr_args *uap)
2173 {
2174 	struct mq_attr attr, oattr;
2175 	int error;
2176 
2177 	if (uap->attr != NULL) {
2178 		error = copyin(uap->attr, &attr, sizeof(attr));
2179 		if (error != 0)
2180 			return (error);
2181 	}
2182 	error = kern_kmq_setattr(td, uap->mqd, uap->attr != NULL ? &attr : NULL,
2183 	    &oattr);
2184 	if (error != 0)
2185 		return (error);
2186 	if (uap->oattr != NULL)
2187 		error = copyout(&oattr, uap->oattr, sizeof(oattr));
2188 	return (error);
2189 }
2190 
2191 int
2192 sys_kmq_timedreceive(struct thread *td, struct kmq_timedreceive_args *uap)
2193 {
2194 	struct mqueue *mq;
2195 	struct file *fp;
2196 	struct timespec *abs_timeout, ets;
2197 	int error;
2198 	int waitok;
2199 
2200 	error = getmq_read(td, uap->mqd, &fp, NULL, &mq);
2201 	if (error)
2202 		return (error);
2203 	if (uap->abs_timeout != NULL) {
2204 		error = copyin(uap->abs_timeout, &ets, sizeof(ets));
2205 		if (error != 0)
2206 			return (error);
2207 		abs_timeout = &ets;
2208 	} else
2209 		abs_timeout = NULL;
2210 	waitok = !(fp->f_flag & O_NONBLOCK);
2211 	error = mqueue_receive(mq, uap->msg_ptr, uap->msg_len,
2212 		uap->msg_prio, waitok, abs_timeout);
2213 	fdrop(fp, td);
2214 	return (error);
2215 }
2216 
2217 int
2218 sys_kmq_timedsend(struct thread *td, struct kmq_timedsend_args *uap)
2219 {
2220 	struct mqueue *mq;
2221 	struct file *fp;
2222 	struct timespec *abs_timeout, ets;
2223 	int error, waitok;
2224 
2225 	error = getmq_write(td, uap->mqd, &fp, NULL, &mq);
2226 	if (error)
2227 		return (error);
2228 	if (uap->abs_timeout != NULL) {
2229 		error = copyin(uap->abs_timeout, &ets, sizeof(ets));
2230 		if (error != 0)
2231 			return (error);
2232 		abs_timeout = &ets;
2233 	} else
2234 		abs_timeout = NULL;
2235 	waitok = !(fp->f_flag & O_NONBLOCK);
2236 	error = mqueue_send(mq, uap->msg_ptr, uap->msg_len,
2237 		uap->msg_prio, waitok, abs_timeout);
2238 	fdrop(fp, td);
2239 	return (error);
2240 }
2241 
2242 int
2243 sys_kmq_notify(struct thread *td, struct kmq_notify_args *uap)
2244 {
2245 	struct sigevent ev;
2246 	struct filedesc *fdp;
2247 	struct proc *p;
2248 	struct mqueue *mq;
2249 	struct file *fp, *fp2;
2250 	struct mqueue_notifier *nt, *newnt = NULL;
2251 	int error;
2252 
2253 	p = td->td_proc;
2254 	fdp = td->td_proc->p_fd;
2255 	if (uap->sigev) {
2256 		error = copyin(uap->sigev, &ev, sizeof(ev));
2257 		if (error)
2258 			return (error);
2259 		if (ev.sigev_notify != SIGEV_SIGNAL &&
2260 		    ev.sigev_notify != SIGEV_THREAD_ID &&
2261 		    ev.sigev_notify != SIGEV_NONE)
2262 			return (EINVAL);
2263 		if ((ev.sigev_notify == SIGEV_SIGNAL ||
2264 		     ev.sigev_notify == SIGEV_THREAD_ID) &&
2265 			!_SIG_VALID(ev.sigev_signo))
2266 			return (EINVAL);
2267 	}
2268 	error = getmq(td, uap->mqd, &fp, NULL, &mq);
2269 	if (error)
2270 		return (error);
2271 again:
2272 	FILEDESC_SLOCK(fdp);
2273 	fp2 = fget_locked(fdp, uap->mqd);
2274 	if (fp2 == NULL) {
2275 		FILEDESC_SUNLOCK(fdp);
2276 		error = EBADF;
2277 		goto out;
2278 	}
2279 	error = cap_funwrap(fp2, CAP_POLL_EVENT, &fp2);
2280 	if (error) {
2281 		FILEDESC_SUNLOCK(fdp);
2282 		goto out;
2283 	}
2284 	if (fp2 != fp) {
2285 		FILEDESC_SUNLOCK(fdp);
2286 		error = EBADF;
2287 		goto out;
2288 	}
2289 	mtx_lock(&mq->mq_mutex);
2290 	FILEDESC_SUNLOCK(fdp);
2291 	if (uap->sigev != NULL) {
2292 		if (mq->mq_notifier != NULL) {
2293 			error = EBUSY;
2294 		} else {
2295 			PROC_LOCK(p);
2296 			nt = notifier_search(p, uap->mqd);
2297 			if (nt == NULL) {
2298 				if (newnt == NULL) {
2299 					PROC_UNLOCK(p);
2300 					mtx_unlock(&mq->mq_mutex);
2301 					newnt = notifier_alloc();
2302 					goto again;
2303 				}
2304 			}
2305 
2306 			if (nt != NULL) {
2307 				sigqueue_take(&nt->nt_ksi);
2308 				if (newnt != NULL) {
2309 					notifier_free(newnt);
2310 					newnt = NULL;
2311 				}
2312 			} else {
2313 				nt = newnt;
2314 				newnt = NULL;
2315 				ksiginfo_init(&nt->nt_ksi);
2316 				nt->nt_ksi.ksi_flags |= KSI_INS | KSI_EXT;
2317 				nt->nt_ksi.ksi_code = SI_MESGQ;
2318 				nt->nt_proc = p;
2319 				nt->nt_ksi.ksi_mqd = uap->mqd;
2320 				notifier_insert(p, nt);
2321 			}
2322 			nt->nt_sigev = ev;
2323 			mq->mq_notifier = nt;
2324 			PROC_UNLOCK(p);
2325 			/*
2326 			 * if there is no receivers and message queue
2327 			 * is not empty, we should send notification
2328 			 * as soon as possible.
2329 			 */
2330 			if (mq->mq_receivers == 0 &&
2331 			    !TAILQ_EMPTY(&mq->mq_msgq))
2332 				mqueue_send_notification(mq);
2333 		}
2334 	} else {
2335 		notifier_remove(p, mq, uap->mqd);
2336 	}
2337 	mtx_unlock(&mq->mq_mutex);
2338 
2339 out:
2340 	fdrop(fp, td);
2341 	if (newnt != NULL)
2342 		notifier_free(newnt);
2343 	return (error);
2344 }
2345 
2346 static void
2347 mqueue_fdclose(struct thread *td, int fd, struct file *fp)
2348 {
2349 	struct filedesc *fdp;
2350 	struct mqueue *mq;
2351 
2352 	fdp = td->td_proc->p_fd;
2353 	FILEDESC_LOCK_ASSERT(fdp);
2354 
2355 	if (fp->f_ops == &mqueueops) {
2356 		mq = FPTOMQ(fp);
2357 		mtx_lock(&mq->mq_mutex);
2358 		notifier_remove(td->td_proc, mq, fd);
2359 
2360 		/* have to wakeup thread in same process */
2361 		if (mq->mq_flags & MQ_RSEL) {
2362 			mq->mq_flags &= ~MQ_RSEL;
2363 			selwakeup(&mq->mq_rsel);
2364 		}
2365 		if (mq->mq_flags & MQ_WSEL) {
2366 			mq->mq_flags &= ~MQ_WSEL;
2367 			selwakeup(&mq->mq_wsel);
2368 		}
2369 		mtx_unlock(&mq->mq_mutex);
2370 	}
2371 }
2372 
2373 static void
2374 mq_proc_exit(void *arg __unused, struct proc *p)
2375 {
2376 	struct filedesc *fdp;
2377 	struct file *fp;
2378 	struct mqueue *mq;
2379 	int i;
2380 
2381 	fdp = p->p_fd;
2382 	FILEDESC_SLOCK(fdp);
2383 	for (i = 0; i < fdp->fd_nfiles; ++i) {
2384 		fp = fget_locked(fdp, i);
2385 		if (fp != NULL && fp->f_ops == &mqueueops) {
2386 			mq = FPTOMQ(fp);
2387 			mtx_lock(&mq->mq_mutex);
2388 			notifier_remove(p, FPTOMQ(fp), i);
2389 			mtx_unlock(&mq->mq_mutex);
2390 		}
2391 	}
2392 	FILEDESC_SUNLOCK(fdp);
2393 	KASSERT(LIST_EMPTY(&p->p_mqnotifier), ("mq notifiers left"));
2394 }
2395 
2396 static int
2397 mqf_read(struct file *fp, struct uio *uio, struct ucred *active_cred,
2398 	int flags, struct thread *td)
2399 {
2400 	return (EOPNOTSUPP);
2401 }
2402 
2403 static int
2404 mqf_write(struct file *fp, struct uio *uio, struct ucred *active_cred,
2405 	int flags, struct thread *td)
2406 {
2407 	return (EOPNOTSUPP);
2408 }
2409 
2410 static int
2411 mqf_truncate(struct file *fp, off_t length, struct ucred *active_cred,
2412     struct thread *td)
2413 {
2414 
2415 	return (EINVAL);
2416 }
2417 
2418 static int
2419 mqf_ioctl(struct file *fp, u_long cmd, void *data,
2420 	struct ucred *active_cred, struct thread *td)
2421 {
2422 	return (ENOTTY);
2423 }
2424 
2425 static int
2426 mqf_poll(struct file *fp, int events, struct ucred *active_cred,
2427 	struct thread *td)
2428 {
2429 	struct mqueue *mq = FPTOMQ(fp);
2430 	int revents = 0;
2431 
2432 	mtx_lock(&mq->mq_mutex);
2433 	if (events & (POLLIN | POLLRDNORM)) {
2434 		if (mq->mq_curmsgs) {
2435 			revents |= events & (POLLIN | POLLRDNORM);
2436 		} else {
2437 			mq->mq_flags |= MQ_RSEL;
2438 			selrecord(td, &mq->mq_rsel);
2439  		}
2440 	}
2441 	if (events & POLLOUT) {
2442 		if (mq->mq_curmsgs < mq->mq_maxmsg)
2443 			revents |= POLLOUT;
2444 		else {
2445 			mq->mq_flags |= MQ_WSEL;
2446 			selrecord(td, &mq->mq_wsel);
2447 		}
2448 	}
2449 	mtx_unlock(&mq->mq_mutex);
2450 	return (revents);
2451 }
2452 
2453 static int
2454 mqf_close(struct file *fp, struct thread *td)
2455 {
2456 	struct mqfs_node *pn;
2457 
2458 	fp->f_ops = &badfileops;
2459 	pn = fp->f_data;
2460 	fp->f_data = NULL;
2461 	sx_xlock(&mqfs_data.mi_lock);
2462 	mqnode_release(pn);
2463 	sx_xunlock(&mqfs_data.mi_lock);
2464 	return (0);
2465 }
2466 
2467 static int
2468 mqf_stat(struct file *fp, struct stat *st, struct ucred *active_cred,
2469 	struct thread *td)
2470 {
2471 	struct mqfs_node *pn = fp->f_data;
2472 
2473 	bzero(st, sizeof *st);
2474 	sx_xlock(&mqfs_data.mi_lock);
2475 	st->st_atim = pn->mn_atime;
2476 	st->st_mtim = pn->mn_mtime;
2477 	st->st_ctim = pn->mn_ctime;
2478 	st->st_birthtim = pn->mn_birth;
2479 	st->st_uid = pn->mn_uid;
2480 	st->st_gid = pn->mn_gid;
2481 	st->st_mode = S_IFIFO | pn->mn_mode;
2482 	sx_xunlock(&mqfs_data.mi_lock);
2483 	return (0);
2484 }
2485 
2486 static int
2487 mqf_chmod(struct file *fp, mode_t mode, struct ucred *active_cred,
2488     struct thread *td)
2489 {
2490 	struct mqfs_node *pn;
2491 	int error;
2492 
2493 	error = 0;
2494 	pn = fp->f_data;
2495 	sx_xlock(&mqfs_data.mi_lock);
2496 	error = vaccess(VREG, pn->mn_mode, pn->mn_uid, pn->mn_gid, VADMIN,
2497 	    active_cred, NULL);
2498 	if (error != 0)
2499 		goto out;
2500 	pn->mn_mode = mode & ACCESSPERMS;
2501 out:
2502 	sx_xunlock(&mqfs_data.mi_lock);
2503 	return (error);
2504 }
2505 
2506 static int
2507 mqf_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
2508     struct thread *td)
2509 {
2510 	struct mqfs_node *pn;
2511 	int error;
2512 
2513 	error = 0;
2514 	pn = fp->f_data;
2515 	sx_xlock(&mqfs_data.mi_lock);
2516 	if (uid == (uid_t)-1)
2517 		uid = pn->mn_uid;
2518 	if (gid == (gid_t)-1)
2519 		gid = pn->mn_gid;
2520 	if (((uid != pn->mn_uid && uid != active_cred->cr_uid) ||
2521 	    (gid != pn->mn_gid && !groupmember(gid, active_cred))) &&
2522 	    (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
2523 		goto out;
2524 	pn->mn_uid = uid;
2525 	pn->mn_gid = gid;
2526 out:
2527 	sx_xunlock(&mqfs_data.mi_lock);
2528 	return (error);
2529 }
2530 
2531 static int
2532 mqf_kqfilter(struct file *fp, struct knote *kn)
2533 {
2534 	struct mqueue *mq = FPTOMQ(fp);
2535 	int error = 0;
2536 
2537 	if (kn->kn_filter == EVFILT_READ) {
2538 		kn->kn_fop = &mq_rfiltops;
2539 		knlist_add(&mq->mq_rsel.si_note, kn, 0);
2540 	} else if (kn->kn_filter == EVFILT_WRITE) {
2541 		kn->kn_fop = &mq_wfiltops;
2542 		knlist_add(&mq->mq_wsel.si_note, kn, 0);
2543 	} else
2544 		error = EINVAL;
2545 	return (error);
2546 }
2547 
2548 static void
2549 filt_mqdetach(struct knote *kn)
2550 {
2551 	struct mqueue *mq = FPTOMQ(kn->kn_fp);
2552 
2553 	if (kn->kn_filter == EVFILT_READ)
2554 		knlist_remove(&mq->mq_rsel.si_note, kn, 0);
2555 	else if (kn->kn_filter == EVFILT_WRITE)
2556 		knlist_remove(&mq->mq_wsel.si_note, kn, 0);
2557 	else
2558 		panic("filt_mqdetach");
2559 }
2560 
2561 static int
2562 filt_mqread(struct knote *kn, long hint)
2563 {
2564 	struct mqueue *mq = FPTOMQ(kn->kn_fp);
2565 
2566 	mtx_assert(&mq->mq_mutex, MA_OWNED);
2567 	return (mq->mq_curmsgs != 0);
2568 }
2569 
2570 static int
2571 filt_mqwrite(struct knote *kn, long hint)
2572 {
2573 	struct mqueue *mq = FPTOMQ(kn->kn_fp);
2574 
2575 	mtx_assert(&mq->mq_mutex, MA_OWNED);
2576 	return (mq->mq_curmsgs < mq->mq_maxmsg);
2577 }
2578 
2579 static struct fileops mqueueops = {
2580 	.fo_read		= mqf_read,
2581 	.fo_write		= mqf_write,
2582 	.fo_truncate		= mqf_truncate,
2583 	.fo_ioctl		= mqf_ioctl,
2584 	.fo_poll		= mqf_poll,
2585 	.fo_kqfilter		= mqf_kqfilter,
2586 	.fo_stat		= mqf_stat,
2587 	.fo_chmod		= mqf_chmod,
2588 	.fo_chown		= mqf_chown,
2589 	.fo_close		= mqf_close
2590 };
2591 
2592 static struct vop_vector mqfs_vnodeops = {
2593 	.vop_default 		= &default_vnodeops,
2594 	.vop_access		= mqfs_access,
2595 	.vop_cachedlookup	= mqfs_lookup,
2596 	.vop_lookup		= vfs_cache_lookup,
2597 	.vop_reclaim		= mqfs_reclaim,
2598 	.vop_create		= mqfs_create,
2599 	.vop_remove		= mqfs_remove,
2600 	.vop_inactive		= mqfs_inactive,
2601 	.vop_open		= mqfs_open,
2602 	.vop_close		= mqfs_close,
2603 	.vop_getattr		= mqfs_getattr,
2604 	.vop_setattr		= mqfs_setattr,
2605 	.vop_read		= mqfs_read,
2606 	.vop_write		= VOP_EOPNOTSUPP,
2607 	.vop_readdir		= mqfs_readdir,
2608 	.vop_mkdir		= VOP_EOPNOTSUPP,
2609 	.vop_rmdir		= VOP_EOPNOTSUPP
2610 };
2611 
2612 static struct vfsops mqfs_vfsops = {
2613 	.vfs_init 		= mqfs_init,
2614 	.vfs_uninit		= mqfs_uninit,
2615 	.vfs_mount		= mqfs_mount,
2616 	.vfs_unmount		= mqfs_unmount,
2617 	.vfs_root		= mqfs_root,
2618 	.vfs_statfs		= mqfs_statfs,
2619 };
2620 
2621 static struct vfsconf mqueuefs_vfsconf = {
2622 	.vfc_version = VFS_VERSION,
2623 	.vfc_name = "mqueuefs",
2624 	.vfc_vfsops = &mqfs_vfsops,
2625 	.vfc_typenum = -1,
2626 	.vfc_flags = VFCF_SYNTHETIC
2627 };
2628 
2629 static struct syscall_helper_data mq_syscalls[] = {
2630 	SYSCALL_INIT_HELPER(kmq_open),
2631 	SYSCALL_INIT_HELPER(kmq_setattr),
2632 	SYSCALL_INIT_HELPER(kmq_timedsend),
2633 	SYSCALL_INIT_HELPER(kmq_timedreceive),
2634 	SYSCALL_INIT_HELPER(kmq_notify),
2635 	SYSCALL_INIT_HELPER(kmq_unlink),
2636 	SYSCALL_INIT_LAST
2637 };
2638 
2639 #ifdef COMPAT_FREEBSD32
2640 #include <compat/freebsd32/freebsd32.h>
2641 #include <compat/freebsd32/freebsd32_proto.h>
2642 #include <compat/freebsd32/freebsd32_syscall.h>
2643 #include <compat/freebsd32/freebsd32_util.h>
2644 
2645 static void
2646 mq_attr_from32(const struct mq_attr32 *from, struct mq_attr *to)
2647 {
2648 
2649 	to->mq_flags = from->mq_flags;
2650 	to->mq_maxmsg = from->mq_maxmsg;
2651 	to->mq_msgsize = from->mq_msgsize;
2652 	to->mq_curmsgs = from->mq_curmsgs;
2653 }
2654 
2655 static void
2656 mq_attr_to32(const struct mq_attr *from, struct mq_attr32 *to)
2657 {
2658 
2659 	to->mq_flags = from->mq_flags;
2660 	to->mq_maxmsg = from->mq_maxmsg;
2661 	to->mq_msgsize = from->mq_msgsize;
2662 	to->mq_curmsgs = from->mq_curmsgs;
2663 }
2664 
2665 int
2666 freebsd32_kmq_open(struct thread *td, struct freebsd32_kmq_open_args *uap)
2667 {
2668 	struct mq_attr attr;
2669 	struct mq_attr32 attr32;
2670 	int flags, error;
2671 
2672 	if ((uap->flags & O_ACCMODE) == O_ACCMODE)
2673 		return (EINVAL);
2674 	flags = FFLAGS(uap->flags);
2675 	if ((flags & O_CREAT) != 0 && uap->attr != NULL) {
2676 		error = copyin(uap->attr, &attr32, sizeof(attr32));
2677 		if (error)
2678 			return (error);
2679 		mq_attr_from32(&attr32, &attr);
2680 	}
2681 	return (kern_kmq_open(td, uap->path, flags, uap->mode,
2682 	    uap->attr != NULL ? &attr : NULL));
2683 }
2684 
2685 int
2686 freebsd32_kmq_setattr(struct thread *td, struct freebsd32_kmq_setattr_args *uap)
2687 {
2688 	struct mq_attr attr, oattr;
2689 	struct mq_attr32 attr32, oattr32;
2690 	int error;
2691 
2692 	if (uap->attr != NULL) {
2693 		error = copyin(uap->attr, &attr32, sizeof(attr32));
2694 		if (error != 0)
2695 			return (error);
2696 		mq_attr_from32(&attr32, &attr);
2697 	}
2698 	error = kern_kmq_setattr(td, uap->mqd, uap->attr != NULL ? &attr : NULL,
2699 	    &oattr);
2700 	if (error != 0)
2701 		return (error);
2702 	if (uap->oattr != NULL) {
2703 		mq_attr_to32(&oattr, &oattr32);
2704 		error = copyout(&oattr32, uap->oattr, sizeof(oattr32));
2705 	}
2706 	return (error);
2707 }
2708 
2709 int
2710 freebsd32_kmq_timedsend(struct thread *td,
2711     struct freebsd32_kmq_timedsend_args *uap)
2712 {
2713 	struct mqueue *mq;
2714 	struct file *fp;
2715 	struct timespec32 ets32;
2716 	struct timespec *abs_timeout, ets;
2717 	int error;
2718 	int waitok;
2719 
2720 	error = getmq_write(td, uap->mqd, &fp, NULL, &mq);
2721 	if (error)
2722 		return (error);
2723 	if (uap->abs_timeout != NULL) {
2724 		error = copyin(uap->abs_timeout, &ets32, sizeof(ets32));
2725 		if (error != 0)
2726 			return (error);
2727 		CP(ets32, ets, tv_sec);
2728 		CP(ets32, ets, tv_nsec);
2729 		abs_timeout = &ets;
2730 	} else
2731 		abs_timeout = NULL;
2732 	waitok = !(fp->f_flag & O_NONBLOCK);
2733 	error = mqueue_send(mq, uap->msg_ptr, uap->msg_len,
2734 		uap->msg_prio, waitok, abs_timeout);
2735 	fdrop(fp, td);
2736 	return (error);
2737 }
2738 
2739 int
2740 freebsd32_kmq_timedreceive(struct thread *td,
2741     struct freebsd32_kmq_timedreceive_args *uap)
2742 {
2743 	struct mqueue *mq;
2744 	struct file *fp;
2745 	struct timespec32 ets32;
2746 	struct timespec *abs_timeout, ets;
2747 	int error, waitok;
2748 
2749 	error = getmq_read(td, uap->mqd, &fp, NULL, &mq);
2750 	if (error)
2751 		return (error);
2752 	if (uap->abs_timeout != NULL) {
2753 		error = copyin(uap->abs_timeout, &ets32, sizeof(ets32));
2754 		if (error != 0)
2755 			return (error);
2756 		CP(ets32, ets, tv_sec);
2757 		CP(ets32, ets, tv_nsec);
2758 		abs_timeout = &ets;
2759 	} else
2760 		abs_timeout = NULL;
2761 	waitok = !(fp->f_flag & O_NONBLOCK);
2762 	error = mqueue_receive(mq, uap->msg_ptr, uap->msg_len,
2763 		uap->msg_prio, waitok, abs_timeout);
2764 	fdrop(fp, td);
2765 	return (error);
2766 }
2767 
2768 static struct syscall_helper_data mq32_syscalls[] = {
2769 	SYSCALL32_INIT_HELPER(freebsd32_kmq_open),
2770 	SYSCALL32_INIT_HELPER(freebsd32_kmq_setattr),
2771 	SYSCALL32_INIT_HELPER(freebsd32_kmq_timedsend),
2772 	SYSCALL32_INIT_HELPER(freebsd32_kmq_timedreceive),
2773 	SYSCALL32_INIT_HELPER_COMPAT(kmq_notify),
2774 	SYSCALL32_INIT_HELPER_COMPAT(kmq_unlink),
2775 	SYSCALL_INIT_LAST
2776 };
2777 #endif
2778 
2779 static int
2780 mqinit(void)
2781 {
2782 	int error;
2783 
2784 	error = syscall_helper_register(mq_syscalls);
2785 	if (error != 0)
2786 		return (error);
2787 #ifdef COMPAT_FREEBSD32
2788 	error = syscall32_helper_register(mq32_syscalls);
2789 	if (error != 0)
2790 		return (error);
2791 #endif
2792 	return (0);
2793 }
2794 
2795 static int
2796 mqunload(void)
2797 {
2798 
2799 #ifdef COMPAT_FREEBSD32
2800 	syscall32_helper_unregister(mq32_syscalls);
2801 #endif
2802 	syscall_helper_unregister(mq_syscalls);
2803 	return (0);
2804 }
2805 
2806 static int
2807 mq_modload(struct module *module, int cmd, void *arg)
2808 {
2809 	int error = 0;
2810 
2811 	error = vfs_modevent(module, cmd, arg);
2812 	if (error != 0)
2813 		return (error);
2814 
2815 	switch (cmd) {
2816 	case MOD_LOAD:
2817 		error = mqinit();
2818 		if (error != 0)
2819 			mqunload();
2820 		break;
2821 	case MOD_UNLOAD:
2822 		error = mqunload();
2823 		break;
2824 	default:
2825 		break;
2826 	}
2827 	return (error);
2828 }
2829 
2830 static moduledata_t mqueuefs_mod = {
2831 	"mqueuefs",
2832 	mq_modload,
2833 	&mqueuefs_vfsconf
2834 };
2835 DECLARE_MODULE(mqueuefs, mqueuefs_mod, SI_SUB_VFS, SI_ORDER_MIDDLE);
2836 MODULE_VERSION(mqueuefs, 1);
2837