xref: /freebsd/sys/kern/uipc_mqueue.c (revision d940bfec8c329dd82d8d54efebd81c8aa420503b)
1 /*-
2  * Copyright (c) 2005 David Xu <davidxu@freebsd.org>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  */
27 
28 /*
29  * POSIX message queue implementation.
30  *
31  * 1) A mqueue filesystem can be mounted, each message queue appears
32  *    in mounted directory, user can change queue's permission and
33  *    ownership, or remove a queue. Manually creating a file in the
34  *    directory causes a message queue to be created in the kernel with
35  *    default message queue attributes applied and same name used, this
36  *    method is not advocated since mq_open syscall allows user to specify
37  *    different attributes. Also the file system can be mounted multiple
38  *    times at different mount points but shows same contents.
39  *
40  * 2) Standard POSIX message queue API. The syscalls do not use vfs layer,
41  *    but directly operate on internal data structure, this allows user to
42  *    use the IPC facility without having to mount mqueue file system.
43  */
44 
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
47 
48 #include "opt_capsicum.h"
49 #include "opt_compat.h"
50 
51 #include <sys/param.h>
52 #include <sys/kernel.h>
53 #include <sys/systm.h>
54 #include <sys/limits.h>
55 #include <sys/buf.h>
56 #include <sys/capability.h>
57 #include <sys/dirent.h>
58 #include <sys/event.h>
59 #include <sys/eventhandler.h>
60 #include <sys/fcntl.h>
61 #include <sys/file.h>
62 #include <sys/filedesc.h>
63 #include <sys/lock.h>
64 #include <sys/malloc.h>
65 #include <sys/module.h>
66 #include <sys/mount.h>
67 #include <sys/mqueue.h>
68 #include <sys/mutex.h>
69 #include <sys/namei.h>
70 #include <sys/posix4.h>
71 #include <sys/poll.h>
72 #include <sys/priv.h>
73 #include <sys/proc.h>
74 #include <sys/queue.h>
75 #include <sys/sysproto.h>
76 #include <sys/stat.h>
77 #include <sys/syscall.h>
78 #include <sys/syscallsubr.h>
79 #include <sys/sysent.h>
80 #include <sys/sx.h>
81 #include <sys/sysctl.h>
82 #include <sys/taskqueue.h>
83 #include <sys/unistd.h>
84 #include <sys/vnode.h>
85 #include <machine/atomic.h>
86 
87 FEATURE(p1003_1b_mqueue, "POSIX P1003.1B message queues support");
88 
89 /*
90  * Limits and constants
91  */
92 #define	MQFS_NAMELEN		NAME_MAX
93 #define MQFS_DELEN		(8 + MQFS_NAMELEN)
94 
95 /* node types */
96 typedef enum {
97 	mqfstype_none = 0,
98 	mqfstype_root,
99 	mqfstype_dir,
100 	mqfstype_this,
101 	mqfstype_parent,
102 	mqfstype_file,
103 	mqfstype_symlink,
104 } mqfs_type_t;
105 
106 struct mqfs_node;
107 
108 /*
109  * mqfs_info: describes a mqfs instance
110  */
111 struct mqfs_info {
112 	struct sx		mi_lock;
113 	struct mqfs_node	*mi_root;
114 	struct unrhdr		*mi_unrhdr;
115 };
116 
117 struct mqfs_vdata {
118 	LIST_ENTRY(mqfs_vdata)	mv_link;
119 	struct mqfs_node	*mv_node;
120 	struct vnode		*mv_vnode;
121 	struct task		mv_task;
122 };
123 
124 /*
125  * mqfs_node: describes a node (file or directory) within a mqfs
126  */
127 struct mqfs_node {
128 	char			mn_name[MQFS_NAMELEN+1];
129 	struct mqfs_info	*mn_info;
130 	struct mqfs_node	*mn_parent;
131 	LIST_HEAD(,mqfs_node)	mn_children;
132 	LIST_ENTRY(mqfs_node)	mn_sibling;
133 	LIST_HEAD(,mqfs_vdata)	mn_vnodes;
134 	int			mn_refcount;
135 	mqfs_type_t		mn_type;
136 	int			mn_deleted;
137 	uint32_t		mn_fileno;
138 	void			*mn_data;
139 	struct timespec		mn_birth;
140 	struct timespec		mn_ctime;
141 	struct timespec		mn_atime;
142 	struct timespec		mn_mtime;
143 	uid_t			mn_uid;
144 	gid_t			mn_gid;
145 	int			mn_mode;
146 };
147 
148 #define	VTON(vp)	(((struct mqfs_vdata *)((vp)->v_data))->mv_node)
149 #define VTOMQ(vp) 	((struct mqueue *)(VTON(vp)->mn_data))
150 #define	VFSTOMQFS(m)	((struct mqfs_info *)((m)->mnt_data))
151 #define	FPTOMQ(fp)	((struct mqueue *)(((struct mqfs_node *) \
152 				(fp)->f_data)->mn_data))
153 
154 TAILQ_HEAD(msgq, mqueue_msg);
155 
156 struct mqueue;
157 
158 struct mqueue_notifier {
159 	LIST_ENTRY(mqueue_notifier)	nt_link;
160 	struct sigevent			nt_sigev;
161 	ksiginfo_t			nt_ksi;
162 	struct proc			*nt_proc;
163 };
164 
165 struct mqueue {
166 	struct mtx	mq_mutex;
167 	int		mq_flags;
168 	long		mq_maxmsg;
169 	long		mq_msgsize;
170 	long		mq_curmsgs;
171 	long		mq_totalbytes;
172 	struct msgq	mq_msgq;
173 	int		mq_receivers;
174 	int		mq_senders;
175 	struct selinfo	mq_rsel;
176 	struct selinfo	mq_wsel;
177 	struct mqueue_notifier	*mq_notifier;
178 };
179 
180 #define	MQ_RSEL		0x01
181 #define	MQ_WSEL		0x02
182 
183 struct mqueue_msg {
184 	TAILQ_ENTRY(mqueue_msg)	msg_link;
185 	unsigned int	msg_prio;
186 	unsigned int	msg_size;
187 	/* following real data... */
188 };
189 
190 static SYSCTL_NODE(_kern, OID_AUTO, mqueue, CTLFLAG_RW, 0,
191 	"POSIX real time message queue");
192 
193 static int	default_maxmsg  = 10;
194 static int	default_msgsize = 1024;
195 
196 static int	maxmsg = 100;
197 SYSCTL_INT(_kern_mqueue, OID_AUTO, maxmsg, CTLFLAG_RW,
198     &maxmsg, 0, "Default maximum messages in queue");
199 static int	maxmsgsize = 16384;
200 SYSCTL_INT(_kern_mqueue, OID_AUTO, maxmsgsize, CTLFLAG_RW,
201     &maxmsgsize, 0, "Default maximum message size");
202 static int	maxmq = 100;
203 SYSCTL_INT(_kern_mqueue, OID_AUTO, maxmq, CTLFLAG_RW,
204     &maxmq, 0, "maximum message queues");
205 static int	curmq = 0;
206 SYSCTL_INT(_kern_mqueue, OID_AUTO, curmq, CTLFLAG_RW,
207     &curmq, 0, "current message queue number");
208 static int	unloadable = 0;
209 static MALLOC_DEFINE(M_MQUEUEDATA, "mqdata", "mqueue data");
210 
211 static eventhandler_tag exit_tag;
212 
213 /* Only one instance per-system */
214 static struct mqfs_info		mqfs_data;
215 static uma_zone_t		mqnode_zone;
216 static uma_zone_t		mqueue_zone;
217 static uma_zone_t		mvdata_zone;
218 static uma_zone_t		mqnoti_zone;
219 static struct vop_vector	mqfs_vnodeops;
220 static struct fileops		mqueueops;
221 
222 /*
223  * Directory structure construction and manipulation
224  */
225 #ifdef notyet
226 static struct mqfs_node	*mqfs_create_dir(struct mqfs_node *parent,
227 	const char *name, int namelen, struct ucred *cred, int mode);
228 static struct mqfs_node	*mqfs_create_link(struct mqfs_node *parent,
229 	const char *name, int namelen, struct ucred *cred, int mode);
230 #endif
231 
232 static struct mqfs_node	*mqfs_create_file(struct mqfs_node *parent,
233 	const char *name, int namelen, struct ucred *cred, int mode);
234 static int	mqfs_destroy(struct mqfs_node *mn);
235 static void	mqfs_fileno_alloc(struct mqfs_info *mi, struct mqfs_node *mn);
236 static void	mqfs_fileno_free(struct mqfs_info *mi, struct mqfs_node *mn);
237 static int	mqfs_allocv(struct mount *mp, struct vnode **vpp, struct mqfs_node *pn);
238 
239 /*
240  * Message queue construction and maniplation
241  */
242 static struct mqueue	*mqueue_alloc(const struct mq_attr *attr);
243 static void	mqueue_free(struct mqueue *mq);
244 static int	mqueue_send(struct mqueue *mq, const char *msg_ptr,
245 			size_t msg_len, unsigned msg_prio, int waitok,
246 			const struct timespec *abs_timeout);
247 static int	mqueue_receive(struct mqueue *mq, char *msg_ptr,
248 			size_t msg_len, unsigned *msg_prio, int waitok,
249 			const struct timespec *abs_timeout);
250 static int	_mqueue_send(struct mqueue *mq, struct mqueue_msg *msg,
251 			int timo);
252 static int	_mqueue_recv(struct mqueue *mq, struct mqueue_msg **msg,
253 			int timo);
254 static void	mqueue_send_notification(struct mqueue *mq);
255 static void	mqueue_fdclose(struct thread *td, int fd, struct file *fp);
256 static void	mq_proc_exit(void *arg, struct proc *p);
257 
258 /*
259  * kqueue filters
260  */
261 static void	filt_mqdetach(struct knote *kn);
262 static int	filt_mqread(struct knote *kn, long hint);
263 static int	filt_mqwrite(struct knote *kn, long hint);
264 
265 struct filterops mq_rfiltops = {
266 	.f_isfd = 1,
267 	.f_detach = filt_mqdetach,
268 	.f_event = filt_mqread,
269 };
270 struct filterops mq_wfiltops = {
271 	.f_isfd = 1,
272 	.f_detach = filt_mqdetach,
273 	.f_event = filt_mqwrite,
274 };
275 
276 /*
277  * Initialize fileno bitmap
278  */
279 static void
280 mqfs_fileno_init(struct mqfs_info *mi)
281 {
282 	struct unrhdr *up;
283 
284 	up = new_unrhdr(1, INT_MAX, NULL);
285 	mi->mi_unrhdr = up;
286 }
287 
288 /*
289  * Tear down fileno bitmap
290  */
291 static void
292 mqfs_fileno_uninit(struct mqfs_info *mi)
293 {
294 	struct unrhdr *up;
295 
296 	up = mi->mi_unrhdr;
297 	mi->mi_unrhdr = NULL;
298 	delete_unrhdr(up);
299 }
300 
301 /*
302  * Allocate a file number
303  */
304 static void
305 mqfs_fileno_alloc(struct mqfs_info *mi, struct mqfs_node *mn)
306 {
307 	/* make sure our parent has a file number */
308 	if (mn->mn_parent && !mn->mn_parent->mn_fileno)
309 		mqfs_fileno_alloc(mi, mn->mn_parent);
310 
311 	switch (mn->mn_type) {
312 	case mqfstype_root:
313 	case mqfstype_dir:
314 	case mqfstype_file:
315 	case mqfstype_symlink:
316 		mn->mn_fileno = alloc_unr(mi->mi_unrhdr);
317 		break;
318 	case mqfstype_this:
319 		KASSERT(mn->mn_parent != NULL,
320 		    ("mqfstype_this node has no parent"));
321 		mn->mn_fileno = mn->mn_parent->mn_fileno;
322 		break;
323 	case mqfstype_parent:
324 		KASSERT(mn->mn_parent != NULL,
325 		    ("mqfstype_parent node has no parent"));
326 		if (mn->mn_parent == mi->mi_root) {
327 			mn->mn_fileno = mn->mn_parent->mn_fileno;
328 			break;
329 		}
330 		KASSERT(mn->mn_parent->mn_parent != NULL,
331 		    ("mqfstype_parent node has no grandparent"));
332 		mn->mn_fileno = mn->mn_parent->mn_parent->mn_fileno;
333 		break;
334 	default:
335 		KASSERT(0,
336 		    ("mqfs_fileno_alloc() called for unknown type node: %d",
337 			mn->mn_type));
338 		break;
339 	}
340 }
341 
342 /*
343  * Release a file number
344  */
345 static void
346 mqfs_fileno_free(struct mqfs_info *mi, struct mqfs_node *mn)
347 {
348 	switch (mn->mn_type) {
349 	case mqfstype_root:
350 	case mqfstype_dir:
351 	case mqfstype_file:
352 	case mqfstype_symlink:
353 		free_unr(mi->mi_unrhdr, mn->mn_fileno);
354 		break;
355 	case mqfstype_this:
356 	case mqfstype_parent:
357 		/* ignore these, as they don't "own" their file number */
358 		break;
359 	default:
360 		KASSERT(0,
361 		    ("mqfs_fileno_free() called for unknown type node: %d",
362 			mn->mn_type));
363 		break;
364 	}
365 }
366 
367 static __inline struct mqfs_node *
368 mqnode_alloc(void)
369 {
370 	return uma_zalloc(mqnode_zone, M_WAITOK | M_ZERO);
371 }
372 
373 static __inline void
374 mqnode_free(struct mqfs_node *node)
375 {
376 	uma_zfree(mqnode_zone, node);
377 }
378 
379 static __inline void
380 mqnode_addref(struct mqfs_node *node)
381 {
382 	atomic_fetchadd_int(&node->mn_refcount, 1);
383 }
384 
385 static __inline void
386 mqnode_release(struct mqfs_node *node)
387 {
388 	struct mqfs_info *mqfs;
389 	int old, exp;
390 
391 	mqfs = node->mn_info;
392 	old = atomic_fetchadd_int(&node->mn_refcount, -1);
393 	if (node->mn_type == mqfstype_dir ||
394 	    node->mn_type == mqfstype_root)
395 		exp = 3; /* include . and .. */
396 	else
397 		exp = 1;
398 	if (old == exp) {
399 		int locked = sx_xlocked(&mqfs->mi_lock);
400 		if (!locked)
401 			sx_xlock(&mqfs->mi_lock);
402 		mqfs_destroy(node);
403 		if (!locked)
404 			sx_xunlock(&mqfs->mi_lock);
405 	}
406 }
407 
408 /*
409  * Add a node to a directory
410  */
411 static int
412 mqfs_add_node(struct mqfs_node *parent, struct mqfs_node *node)
413 {
414 	KASSERT(parent != NULL, ("%s(): parent is NULL", __func__));
415 	KASSERT(parent->mn_info != NULL,
416 	    ("%s(): parent has no mn_info", __func__));
417 	KASSERT(parent->mn_type == mqfstype_dir ||
418 	    parent->mn_type == mqfstype_root,
419 	    ("%s(): parent is not a directory", __func__));
420 
421 	node->mn_info = parent->mn_info;
422 	node->mn_parent = parent;
423 	LIST_INIT(&node->mn_children);
424 	LIST_INIT(&node->mn_vnodes);
425 	LIST_INSERT_HEAD(&parent->mn_children, node, mn_sibling);
426 	mqnode_addref(parent);
427 	return (0);
428 }
429 
430 static struct mqfs_node *
431 mqfs_create_node(const char *name, int namelen, struct ucred *cred, int mode,
432 	int nodetype)
433 {
434 	struct mqfs_node *node;
435 
436 	node = mqnode_alloc();
437 	strncpy(node->mn_name, name, namelen);
438 	node->mn_type = nodetype;
439 	node->mn_refcount = 1;
440 	vfs_timestamp(&node->mn_birth);
441 	node->mn_ctime = node->mn_atime = node->mn_mtime
442 		= node->mn_birth;
443 	node->mn_uid = cred->cr_uid;
444 	node->mn_gid = cred->cr_gid;
445 	node->mn_mode = mode;
446 	return (node);
447 }
448 
449 /*
450  * Create a file
451  */
452 static struct mqfs_node *
453 mqfs_create_file(struct mqfs_node *parent, const char *name, int namelen,
454 	struct ucred *cred, int mode)
455 {
456 	struct mqfs_node *node;
457 
458 	node = mqfs_create_node(name, namelen, cred, mode, mqfstype_file);
459 	if (mqfs_add_node(parent, node) != 0) {
460 		mqnode_free(node);
461 		return (NULL);
462 	}
463 	return (node);
464 }
465 
466 /*
467  * Add . and .. to a directory
468  */
469 static int
470 mqfs_fixup_dir(struct mqfs_node *parent)
471 {
472 	struct mqfs_node *dir;
473 
474 	dir = mqnode_alloc();
475 	dir->mn_name[0] = '.';
476 	dir->mn_type = mqfstype_this;
477 	dir->mn_refcount = 1;
478 	if (mqfs_add_node(parent, dir) != 0) {
479 		mqnode_free(dir);
480 		return (-1);
481 	}
482 
483 	dir = mqnode_alloc();
484 	dir->mn_name[0] = dir->mn_name[1] = '.';
485 	dir->mn_type = mqfstype_parent;
486 	dir->mn_refcount = 1;
487 
488 	if (mqfs_add_node(parent, dir) != 0) {
489 		mqnode_free(dir);
490 		return (-1);
491 	}
492 
493 	return (0);
494 }
495 
496 #ifdef notyet
497 
498 /*
499  * Create a directory
500  */
501 static struct mqfs_node *
502 mqfs_create_dir(struct mqfs_node *parent, const char *name, int namelen,
503 	struct ucred *cred, int mode)
504 {
505 	struct mqfs_node *node;
506 
507 	node = mqfs_create_node(name, namelen, cred, mode, mqfstype_dir);
508 	if (mqfs_add_node(parent, node) != 0) {
509 		mqnode_free(node);
510 		return (NULL);
511 	}
512 
513 	if (mqfs_fixup_dir(node) != 0) {
514 		mqfs_destroy(node);
515 		return (NULL);
516 	}
517 	return (node);
518 }
519 
520 /*
521  * Create a symlink
522  */
523 static struct mqfs_node *
524 mqfs_create_link(struct mqfs_node *parent, const char *name, int namelen,
525 	struct ucred *cred, int mode)
526 {
527 	struct mqfs_node *node;
528 
529 	node = mqfs_create_node(name, namelen, cred, mode, mqfstype_symlink);
530 	if (mqfs_add_node(parent, node) != 0) {
531 		mqnode_free(node);
532 		return (NULL);
533 	}
534 	return (node);
535 }
536 
537 #endif
538 
539 /*
540  * Destroy a node or a tree of nodes
541  */
542 static int
543 mqfs_destroy(struct mqfs_node *node)
544 {
545 	struct mqfs_node *parent;
546 
547 	KASSERT(node != NULL,
548 	    ("%s(): node is NULL", __func__));
549 	KASSERT(node->mn_info != NULL,
550 	    ("%s(): node has no mn_info", __func__));
551 
552 	/* destroy children */
553 	if (node->mn_type == mqfstype_dir || node->mn_type == mqfstype_root)
554 		while (! LIST_EMPTY(&node->mn_children))
555 			mqfs_destroy(LIST_FIRST(&node->mn_children));
556 
557 	/* unlink from parent */
558 	if ((parent = node->mn_parent) != NULL) {
559 		KASSERT(parent->mn_info == node->mn_info,
560 		    ("%s(): parent has different mn_info", __func__));
561 		LIST_REMOVE(node, mn_sibling);
562 	}
563 
564 	if (node->mn_fileno != 0)
565 		mqfs_fileno_free(node->mn_info, node);
566 	if (node->mn_data != NULL)
567 		mqueue_free(node->mn_data);
568 	mqnode_free(node);
569 	return (0);
570 }
571 
572 /*
573  * Mount a mqfs instance
574  */
575 static int
576 mqfs_mount(struct mount *mp)
577 {
578 	struct statfs *sbp;
579 
580 	if (mp->mnt_flag & MNT_UPDATE)
581 		return (EOPNOTSUPP);
582 
583 	mp->mnt_data = &mqfs_data;
584 	MNT_ILOCK(mp);
585 	mp->mnt_flag |= MNT_LOCAL;
586 	MNT_IUNLOCK(mp);
587 	vfs_getnewfsid(mp);
588 
589 	sbp = &mp->mnt_stat;
590 	vfs_mountedfrom(mp, "mqueue");
591 	sbp->f_bsize = PAGE_SIZE;
592 	sbp->f_iosize = PAGE_SIZE;
593 	sbp->f_blocks = 1;
594 	sbp->f_bfree = 0;
595 	sbp->f_bavail = 0;
596 	sbp->f_files = 1;
597 	sbp->f_ffree = 0;
598 	return (0);
599 }
600 
601 /*
602  * Unmount a mqfs instance
603  */
604 static int
605 mqfs_unmount(struct mount *mp, int mntflags)
606 {
607 	int error;
608 
609 	error = vflush(mp, 0, (mntflags & MNT_FORCE) ?  FORCECLOSE : 0,
610 	    curthread);
611 	return (error);
612 }
613 
614 /*
615  * Return a root vnode
616  */
617 static int
618 mqfs_root(struct mount *mp, int flags, struct vnode **vpp)
619 {
620 	struct mqfs_info *mqfs;
621 	int ret;
622 
623 	mqfs = VFSTOMQFS(mp);
624 	ret = mqfs_allocv(mp, vpp, mqfs->mi_root);
625 	return (ret);
626 }
627 
628 /*
629  * Return filesystem stats
630  */
631 static int
632 mqfs_statfs(struct mount *mp, struct statfs *sbp)
633 {
634 	/* XXX update statistics */
635 	return (0);
636 }
637 
638 /*
639  * Initialize a mqfs instance
640  */
641 static int
642 mqfs_init(struct vfsconf *vfc)
643 {
644 	struct mqfs_node *root;
645 	struct mqfs_info *mi;
646 
647 	mqnode_zone = uma_zcreate("mqnode", sizeof(struct mqfs_node),
648 		NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
649 	mqueue_zone = uma_zcreate("mqueue", sizeof(struct mqueue),
650 		NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
651 	mvdata_zone = uma_zcreate("mvdata",
652 		sizeof(struct mqfs_vdata), NULL, NULL, NULL,
653 		NULL, UMA_ALIGN_PTR, 0);
654 	mqnoti_zone = uma_zcreate("mqnotifier", sizeof(struct mqueue_notifier),
655 		NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
656 	mi = &mqfs_data;
657 	sx_init(&mi->mi_lock, "mqfs lock");
658 	/* set up the root diretory */
659 	root = mqfs_create_node("/", 1, curthread->td_ucred, 01777,
660 		mqfstype_root);
661 	root->mn_info = mi;
662 	LIST_INIT(&root->mn_children);
663 	LIST_INIT(&root->mn_vnodes);
664 	mi->mi_root = root;
665 	mqfs_fileno_init(mi);
666 	mqfs_fileno_alloc(mi, root);
667 	mqfs_fixup_dir(root);
668 	exit_tag = EVENTHANDLER_REGISTER(process_exit, mq_proc_exit, NULL,
669 	    EVENTHANDLER_PRI_ANY);
670 	mq_fdclose = mqueue_fdclose;
671 	p31b_setcfg(CTL_P1003_1B_MESSAGE_PASSING, _POSIX_MESSAGE_PASSING);
672 	return (0);
673 }
674 
675 /*
676  * Destroy a mqfs instance
677  */
678 static int
679 mqfs_uninit(struct vfsconf *vfc)
680 {
681 	struct mqfs_info *mi;
682 
683 	if (!unloadable)
684 		return (EOPNOTSUPP);
685 	EVENTHANDLER_DEREGISTER(process_exit, exit_tag);
686 	mi = &mqfs_data;
687 	mqfs_destroy(mi->mi_root);
688 	mi->mi_root = NULL;
689 	mqfs_fileno_uninit(mi);
690 	sx_destroy(&mi->mi_lock);
691 	uma_zdestroy(mqnode_zone);
692 	uma_zdestroy(mqueue_zone);
693 	uma_zdestroy(mvdata_zone);
694 	uma_zdestroy(mqnoti_zone);
695 	return (0);
696 }
697 
698 /*
699  * task routine
700  */
701 static void
702 do_recycle(void *context, int pending __unused)
703 {
704 	struct vnode *vp = (struct vnode *)context;
705 
706 	vrecycle(vp);
707 	vdrop(vp);
708 }
709 
710 /*
711  * Allocate a vnode
712  */
713 static int
714 mqfs_allocv(struct mount *mp, struct vnode **vpp, struct mqfs_node *pn)
715 {
716 	struct mqfs_vdata *vd;
717 	struct mqfs_info  *mqfs;
718 	struct vnode *newvpp;
719 	int error;
720 
721 	mqfs = pn->mn_info;
722 	*vpp = NULL;
723 	sx_xlock(&mqfs->mi_lock);
724 	LIST_FOREACH(vd, &pn->mn_vnodes, mv_link) {
725 		if (vd->mv_vnode->v_mount == mp) {
726 			vhold(vd->mv_vnode);
727 			break;
728 		}
729 	}
730 
731 	if (vd != NULL) {
732 found:
733 		*vpp = vd->mv_vnode;
734 		sx_xunlock(&mqfs->mi_lock);
735 		error = vget(*vpp, LK_RETRY | LK_EXCLUSIVE, curthread);
736 		vdrop(*vpp);
737 		return (error);
738 	}
739 	sx_xunlock(&mqfs->mi_lock);
740 
741 	error = getnewvnode("mqueue", mp, &mqfs_vnodeops, &newvpp);
742 	if (error)
743 		return (error);
744 	vn_lock(newvpp, LK_EXCLUSIVE | LK_RETRY);
745 	error = insmntque(newvpp, mp);
746 	if (error != 0)
747 		return (error);
748 
749 	sx_xlock(&mqfs->mi_lock);
750 	/*
751 	 * Check if it has already been allocated
752 	 * while we were blocked.
753 	 */
754 	LIST_FOREACH(vd, &pn->mn_vnodes, mv_link) {
755 		if (vd->mv_vnode->v_mount == mp) {
756 			vhold(vd->mv_vnode);
757 			sx_xunlock(&mqfs->mi_lock);
758 
759 			vgone(newvpp);
760 			vput(newvpp);
761 			goto found;
762 		}
763 	}
764 
765 	*vpp = newvpp;
766 
767 	vd = uma_zalloc(mvdata_zone, M_WAITOK);
768 	(*vpp)->v_data = vd;
769 	vd->mv_vnode = *vpp;
770 	vd->mv_node = pn;
771 	TASK_INIT(&vd->mv_task, 0, do_recycle, *vpp);
772 	LIST_INSERT_HEAD(&pn->mn_vnodes, vd, mv_link);
773 	mqnode_addref(pn);
774 	switch (pn->mn_type) {
775 	case mqfstype_root:
776 		(*vpp)->v_vflag = VV_ROOT;
777 		/* fall through */
778 	case mqfstype_dir:
779 	case mqfstype_this:
780 	case mqfstype_parent:
781 		(*vpp)->v_type = VDIR;
782 		break;
783 	case mqfstype_file:
784 		(*vpp)->v_type = VREG;
785 		break;
786 	case mqfstype_symlink:
787 		(*vpp)->v_type = VLNK;
788 		break;
789 	case mqfstype_none:
790 		KASSERT(0, ("mqfs_allocf called for null node\n"));
791 	default:
792 		panic("%s has unexpected type: %d", pn->mn_name, pn->mn_type);
793 	}
794 	sx_xunlock(&mqfs->mi_lock);
795 	return (0);
796 }
797 
798 /*
799  * Search a directory entry
800  */
801 static struct mqfs_node *
802 mqfs_search(struct mqfs_node *pd, const char *name, int len)
803 {
804 	struct mqfs_node *pn;
805 
806 	sx_assert(&pd->mn_info->mi_lock, SX_LOCKED);
807 	LIST_FOREACH(pn, &pd->mn_children, mn_sibling) {
808 		if (strncmp(pn->mn_name, name, len) == 0 &&
809 		    pn->mn_name[len] == '\0')
810 			return (pn);
811 	}
812 	return (NULL);
813 }
814 
815 /*
816  * Look up a file or directory.
817  */
818 static int
819 mqfs_lookupx(struct vop_cachedlookup_args *ap)
820 {
821 	struct componentname *cnp;
822 	struct vnode *dvp, **vpp;
823 	struct mqfs_node *pd;
824 	struct mqfs_node *pn;
825 	struct mqfs_info *mqfs;
826 	int nameiop, flags, error, namelen;
827 	char *pname;
828 	struct thread *td;
829 
830 	cnp = ap->a_cnp;
831 	vpp = ap->a_vpp;
832 	dvp = ap->a_dvp;
833 	pname = cnp->cn_nameptr;
834 	namelen = cnp->cn_namelen;
835 	td = cnp->cn_thread;
836 	flags = cnp->cn_flags;
837 	nameiop = cnp->cn_nameiop;
838 	pd = VTON(dvp);
839 	pn = NULL;
840 	mqfs = pd->mn_info;
841 	*vpp = NULLVP;
842 
843 	if (dvp->v_type != VDIR)
844 		return (ENOTDIR);
845 
846 	error = VOP_ACCESS(dvp, VEXEC, cnp->cn_cred, cnp->cn_thread);
847 	if (error)
848 		return (error);
849 
850 	/* shortcut: check if the name is too long */
851 	if (cnp->cn_namelen >= MQFS_NAMELEN)
852 		return (ENOENT);
853 
854 	/* self */
855 	if (namelen == 1 && pname[0] == '.') {
856 		if ((flags & ISLASTCN) && nameiop != LOOKUP)
857 			return (EINVAL);
858 		pn = pd;
859 		*vpp = dvp;
860 		VREF(dvp);
861 		return (0);
862 	}
863 
864 	/* parent */
865 	if (cnp->cn_flags & ISDOTDOT) {
866 		if (dvp->v_vflag & VV_ROOT)
867 			return (EIO);
868 		if ((flags & ISLASTCN) && nameiop != LOOKUP)
869 			return (EINVAL);
870 		VOP_UNLOCK(dvp, 0);
871 		KASSERT(pd->mn_parent, ("non-root directory has no parent"));
872 		pn = pd->mn_parent;
873 		error = mqfs_allocv(dvp->v_mount, vpp, pn);
874 		vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY);
875 		return (error);
876 	}
877 
878 	/* named node */
879 	sx_xlock(&mqfs->mi_lock);
880 	pn = mqfs_search(pd, pname, namelen);
881 	if (pn != NULL)
882 		mqnode_addref(pn);
883 	sx_xunlock(&mqfs->mi_lock);
884 
885 	/* found */
886 	if (pn != NULL) {
887 		/* DELETE */
888 		if (nameiop == DELETE && (flags & ISLASTCN)) {
889 			error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred, td);
890 			if (error) {
891 				mqnode_release(pn);
892 				return (error);
893 			}
894 			if (*vpp == dvp) {
895 				VREF(dvp);
896 				*vpp = dvp;
897 				mqnode_release(pn);
898 				return (0);
899 			}
900 		}
901 
902 		/* allocate vnode */
903 		error = mqfs_allocv(dvp->v_mount, vpp, pn);
904 		mqnode_release(pn);
905 		if (error == 0 && cnp->cn_flags & MAKEENTRY)
906 			cache_enter(dvp, *vpp, cnp);
907 		return (error);
908 	}
909 
910 	/* not found */
911 
912 	/* will create a new entry in the directory ? */
913 	if ((nameiop == CREATE || nameiop == RENAME) && (flags & LOCKPARENT)
914 	    && (flags & ISLASTCN)) {
915 		error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred, td);
916 		if (error)
917 			return (error);
918 		cnp->cn_flags |= SAVENAME;
919 		return (EJUSTRETURN);
920 	}
921 	return (ENOENT);
922 }
923 
924 #if 0
925 struct vop_lookup_args {
926 	struct vop_generic_args a_gen;
927 	struct vnode *a_dvp;
928 	struct vnode **a_vpp;
929 	struct componentname *a_cnp;
930 };
931 #endif
932 
933 /*
934  * vnode lookup operation
935  */
936 static int
937 mqfs_lookup(struct vop_cachedlookup_args *ap)
938 {
939 	int rc;
940 
941 	rc = mqfs_lookupx(ap);
942 	return (rc);
943 }
944 
945 #if 0
946 struct vop_create_args {
947 	struct vnode *a_dvp;
948 	struct vnode **a_vpp;
949 	struct componentname *a_cnp;
950 	struct vattr *a_vap;
951 };
952 #endif
953 
954 /*
955  * vnode creation operation
956  */
957 static int
958 mqfs_create(struct vop_create_args *ap)
959 {
960 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_dvp->v_mount);
961 	struct componentname *cnp = ap->a_cnp;
962 	struct mqfs_node *pd;
963 	struct mqfs_node *pn;
964 	struct mqueue *mq;
965 	int error;
966 
967 	pd = VTON(ap->a_dvp);
968 	if (pd->mn_type != mqfstype_root && pd->mn_type != mqfstype_dir)
969 		return (ENOTDIR);
970 	mq = mqueue_alloc(NULL);
971 	if (mq == NULL)
972 		return (EAGAIN);
973 	sx_xlock(&mqfs->mi_lock);
974 	if ((cnp->cn_flags & HASBUF) == 0)
975 		panic("%s: no name", __func__);
976 	pn = mqfs_create_file(pd, cnp->cn_nameptr, cnp->cn_namelen,
977 		cnp->cn_cred, ap->a_vap->va_mode);
978 	if (pn == NULL) {
979 		sx_xunlock(&mqfs->mi_lock);
980 		error = ENOSPC;
981 	} else {
982 		mqnode_addref(pn);
983 		sx_xunlock(&mqfs->mi_lock);
984 		error = mqfs_allocv(ap->a_dvp->v_mount, ap->a_vpp, pn);
985 		mqnode_release(pn);
986 		if (error)
987 			mqfs_destroy(pn);
988 		else
989 			pn->mn_data = mq;
990 	}
991 	if (error)
992 		mqueue_free(mq);
993 	return (error);
994 }
995 
996 /*
997  * Remove an entry
998  */
999 static
1000 int do_unlink(struct mqfs_node *pn, struct ucred *ucred)
1001 {
1002 	struct mqfs_node *parent;
1003 	struct mqfs_vdata *vd;
1004 	int error = 0;
1005 
1006 	sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
1007 
1008 	if (ucred->cr_uid != pn->mn_uid &&
1009 	    (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0)
1010 		error = EACCES;
1011 	else if (!pn->mn_deleted) {
1012 		parent = pn->mn_parent;
1013 		pn->mn_parent = NULL;
1014 		pn->mn_deleted = 1;
1015 		LIST_REMOVE(pn, mn_sibling);
1016 		LIST_FOREACH(vd, &pn->mn_vnodes, mv_link) {
1017 			cache_purge(vd->mv_vnode);
1018 			vhold(vd->mv_vnode);
1019 			taskqueue_enqueue(taskqueue_thread, &vd->mv_task);
1020 		}
1021 		mqnode_release(pn);
1022 		mqnode_release(parent);
1023 	} else
1024 		error = ENOENT;
1025 	return (error);
1026 }
1027 
1028 #if 0
1029 struct vop_remove_args {
1030 	struct vnode *a_dvp;
1031 	struct vnode *a_vp;
1032 	struct componentname *a_cnp;
1033 };
1034 #endif
1035 
1036 /*
1037  * vnode removal operation
1038  */
1039 static int
1040 mqfs_remove(struct vop_remove_args *ap)
1041 {
1042 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_dvp->v_mount);
1043 	struct mqfs_node *pn;
1044 	int error;
1045 
1046 	if (ap->a_vp->v_type == VDIR)
1047                 return (EPERM);
1048 	pn = VTON(ap->a_vp);
1049 	sx_xlock(&mqfs->mi_lock);
1050 	error = do_unlink(pn, ap->a_cnp->cn_cred);
1051 	sx_xunlock(&mqfs->mi_lock);
1052 	return (error);
1053 }
1054 
1055 #if 0
1056 struct vop_inactive_args {
1057 	struct vnode *a_vp;
1058 	struct thread *a_td;
1059 };
1060 #endif
1061 
1062 static int
1063 mqfs_inactive(struct vop_inactive_args *ap)
1064 {
1065 	struct mqfs_node *pn = VTON(ap->a_vp);
1066 
1067 	if (pn->mn_deleted)
1068 		vrecycle(ap->a_vp);
1069 	return (0);
1070 }
1071 
1072 #if 0
1073 struct vop_reclaim_args {
1074 	struct vop_generic_args a_gen;
1075 	struct vnode *a_vp;
1076 	struct thread *a_td;
1077 };
1078 #endif
1079 
1080 static int
1081 mqfs_reclaim(struct vop_reclaim_args *ap)
1082 {
1083 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_vp->v_mount);
1084 	struct vnode *vp = ap->a_vp;
1085 	struct mqfs_node *pn;
1086 	struct mqfs_vdata *vd;
1087 
1088 	vd = vp->v_data;
1089 	pn = vd->mv_node;
1090 	sx_xlock(&mqfs->mi_lock);
1091 	vp->v_data = NULL;
1092 	LIST_REMOVE(vd, mv_link);
1093 	uma_zfree(mvdata_zone, vd);
1094 	mqnode_release(pn);
1095 	sx_xunlock(&mqfs->mi_lock);
1096 	return (0);
1097 }
1098 
1099 #if 0
1100 struct vop_open_args {
1101 	struct vop_generic_args a_gen;
1102 	struct vnode *a_vp;
1103 	int a_mode;
1104 	struct ucred *a_cred;
1105 	struct thread *a_td;
1106 	struct file *a_fp;
1107 };
1108 #endif
1109 
1110 static int
1111 mqfs_open(struct vop_open_args *ap)
1112 {
1113 	return (0);
1114 }
1115 
1116 #if 0
1117 struct vop_close_args {
1118 	struct vop_generic_args a_gen;
1119 	struct vnode *a_vp;
1120 	int a_fflag;
1121 	struct ucred *a_cred;
1122 	struct thread *a_td;
1123 };
1124 #endif
1125 
1126 static int
1127 mqfs_close(struct vop_close_args *ap)
1128 {
1129 	return (0);
1130 }
1131 
1132 #if 0
1133 struct vop_access_args {
1134 	struct vop_generic_args a_gen;
1135 	struct vnode *a_vp;
1136 	accmode_t a_accmode;
1137 	struct ucred *a_cred;
1138 	struct thread *a_td;
1139 };
1140 #endif
1141 
1142 /*
1143  * Verify permissions
1144  */
1145 static int
1146 mqfs_access(struct vop_access_args *ap)
1147 {
1148 	struct vnode *vp = ap->a_vp;
1149 	struct vattr vattr;
1150 	int error;
1151 
1152 	error = VOP_GETATTR(vp, &vattr, ap->a_cred);
1153 	if (error)
1154 		return (error);
1155 	error = vaccess(vp->v_type, vattr.va_mode, vattr.va_uid,
1156 	    vattr.va_gid, ap->a_accmode, ap->a_cred, NULL);
1157 	return (error);
1158 }
1159 
1160 #if 0
1161 struct vop_getattr_args {
1162 	struct vop_generic_args a_gen;
1163 	struct vnode *a_vp;
1164 	struct vattr *a_vap;
1165 	struct ucred *a_cred;
1166 };
1167 #endif
1168 
1169 /*
1170  * Get file attributes
1171  */
1172 static int
1173 mqfs_getattr(struct vop_getattr_args *ap)
1174 {
1175 	struct vnode *vp = ap->a_vp;
1176 	struct mqfs_node *pn = VTON(vp);
1177 	struct vattr *vap = ap->a_vap;
1178 	int error = 0;
1179 
1180 	vap->va_type = vp->v_type;
1181 	vap->va_mode = pn->mn_mode;
1182 	vap->va_nlink = 1;
1183 	vap->va_uid = pn->mn_uid;
1184 	vap->va_gid = pn->mn_gid;
1185 	vap->va_fsid = vp->v_mount->mnt_stat.f_fsid.val[0];
1186 	vap->va_fileid = pn->mn_fileno;
1187 	vap->va_size = 0;
1188 	vap->va_blocksize = PAGE_SIZE;
1189 	vap->va_bytes = vap->va_size = 0;
1190 	vap->va_atime = pn->mn_atime;
1191 	vap->va_mtime = pn->mn_mtime;
1192 	vap->va_ctime = pn->mn_ctime;
1193 	vap->va_birthtime = pn->mn_birth;
1194 	vap->va_gen = 0;
1195 	vap->va_flags = 0;
1196 	vap->va_rdev = NODEV;
1197 	vap->va_bytes = 0;
1198 	vap->va_filerev = 0;
1199 	return (error);
1200 }
1201 
1202 #if 0
1203 struct vop_setattr_args {
1204 	struct vop_generic_args a_gen;
1205 	struct vnode *a_vp;
1206 	struct vattr *a_vap;
1207 	struct ucred *a_cred;
1208 };
1209 #endif
1210 /*
1211  * Set attributes
1212  */
1213 static int
1214 mqfs_setattr(struct vop_setattr_args *ap)
1215 {
1216 	struct mqfs_node *pn;
1217 	struct vattr *vap;
1218 	struct vnode *vp;
1219 	struct thread *td;
1220 	int c, error;
1221 	uid_t uid;
1222 	gid_t gid;
1223 
1224 	td = curthread;
1225 	vap = ap->a_vap;
1226 	vp = ap->a_vp;
1227 	if ((vap->va_type != VNON) ||
1228 	    (vap->va_nlink != VNOVAL) ||
1229 	    (vap->va_fsid != VNOVAL) ||
1230 	    (vap->va_fileid != VNOVAL) ||
1231 	    (vap->va_blocksize != VNOVAL) ||
1232 	    (vap->va_flags != VNOVAL && vap->va_flags != 0) ||
1233 	    (vap->va_rdev != VNOVAL) ||
1234 	    ((int)vap->va_bytes != VNOVAL) ||
1235 	    (vap->va_gen != VNOVAL)) {
1236 		return (EINVAL);
1237 	}
1238 
1239 	pn = VTON(vp);
1240 
1241 	error = c = 0;
1242 	if (vap->va_uid == (uid_t)VNOVAL)
1243 		uid = pn->mn_uid;
1244 	else
1245 		uid = vap->va_uid;
1246 	if (vap->va_gid == (gid_t)VNOVAL)
1247 		gid = pn->mn_gid;
1248 	else
1249 		gid = vap->va_gid;
1250 
1251 	if (uid != pn->mn_uid || gid != pn->mn_gid) {
1252 		/*
1253 		 * To modify the ownership of a file, must possess VADMIN
1254 		 * for that file.
1255 		 */
1256 		if ((error = VOP_ACCESS(vp, VADMIN, ap->a_cred, td)))
1257 			return (error);
1258 
1259 		/*
1260 		 * XXXRW: Why is there a privilege check here: shouldn't the
1261 		 * check in VOP_ACCESS() be enough?  Also, are the group bits
1262 		 * below definitely right?
1263 		 */
1264 		if (((ap->a_cred->cr_uid != pn->mn_uid) || uid != pn->mn_uid ||
1265 		    (gid != pn->mn_gid && !groupmember(gid, ap->a_cred))) &&
1266 		    (error = priv_check(td, PRIV_MQ_ADMIN)) != 0)
1267 			return (error);
1268 		pn->mn_uid = uid;
1269 		pn->mn_gid = gid;
1270 		c = 1;
1271 	}
1272 
1273 	if (vap->va_mode != (mode_t)VNOVAL) {
1274 		if ((ap->a_cred->cr_uid != pn->mn_uid) &&
1275 		    (error = priv_check(td, PRIV_MQ_ADMIN)))
1276 			return (error);
1277 		pn->mn_mode = vap->va_mode;
1278 		c = 1;
1279 	}
1280 
1281 	if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
1282 		/* See the comment in ufs_vnops::ufs_setattr(). */
1283 		if ((error = VOP_ACCESS(vp, VADMIN, ap->a_cred, td)) &&
1284 		    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
1285 		    (error = VOP_ACCESS(vp, VWRITE, ap->a_cred, td))))
1286 			return (error);
1287 		if (vap->va_atime.tv_sec != VNOVAL) {
1288 			pn->mn_atime = vap->va_atime;
1289 		}
1290 		if (vap->va_mtime.tv_sec != VNOVAL) {
1291 			pn->mn_mtime = vap->va_mtime;
1292 		}
1293 		c = 1;
1294 	}
1295 	if (c) {
1296 		vfs_timestamp(&pn->mn_ctime);
1297 	}
1298 	return (0);
1299 }
1300 
1301 #if 0
1302 struct vop_read_args {
1303 	struct vop_generic_args a_gen;
1304 	struct vnode *a_vp;
1305 	struct uio *a_uio;
1306 	int a_ioflag;
1307 	struct ucred *a_cred;
1308 };
1309 #endif
1310 
1311 /*
1312  * Read from a file
1313  */
1314 static int
1315 mqfs_read(struct vop_read_args *ap)
1316 {
1317 	char buf[80];
1318 	struct vnode *vp = ap->a_vp;
1319 	struct uio *uio = ap->a_uio;
1320 	struct mqfs_node *pn;
1321 	struct mqueue *mq;
1322 	int len, error;
1323 
1324 	if (vp->v_type != VREG)
1325 		return (EINVAL);
1326 
1327 	pn = VTON(vp);
1328 	mq = VTOMQ(vp);
1329 	snprintf(buf, sizeof(buf),
1330 		"QSIZE:%-10ld MAXMSG:%-10ld CURMSG:%-10ld MSGSIZE:%-10ld\n",
1331 		mq->mq_totalbytes,
1332 		mq->mq_maxmsg,
1333 		mq->mq_curmsgs,
1334 		mq->mq_msgsize);
1335 	buf[sizeof(buf)-1] = '\0';
1336 	len = strlen(buf);
1337 	error = uiomove_frombuf(buf, len, uio);
1338 	return (error);
1339 }
1340 
1341 #if 0
1342 struct vop_readdir_args {
1343 	struct vop_generic_args a_gen;
1344 	struct vnode *a_vp;
1345 	struct uio *a_uio;
1346 	struct ucred *a_cred;
1347 	int *a_eofflag;
1348 	int *a_ncookies;
1349 	u_long **a_cookies;
1350 };
1351 #endif
1352 
1353 /*
1354  * Return directory entries.
1355  */
1356 static int
1357 mqfs_readdir(struct vop_readdir_args *ap)
1358 {
1359 	struct vnode *vp;
1360 	struct mqfs_info *mi;
1361 	struct mqfs_node *pd;
1362 	struct mqfs_node *pn;
1363 	struct dirent entry;
1364 	struct uio *uio;
1365 	int *tmp_ncookies = NULL;
1366 	off_t offset;
1367 	int error, i;
1368 
1369 	vp = ap->a_vp;
1370 	mi = VFSTOMQFS(vp->v_mount);
1371 	pd = VTON(vp);
1372 	uio = ap->a_uio;
1373 
1374 	if (vp->v_type != VDIR)
1375 		return (ENOTDIR);
1376 
1377 	if (uio->uio_offset < 0)
1378 		return (EINVAL);
1379 
1380 	if (ap->a_ncookies != NULL) {
1381 		tmp_ncookies = ap->a_ncookies;
1382 		*ap->a_ncookies = 0;
1383 		ap->a_ncookies = NULL;
1384         }
1385 
1386 	error = 0;
1387 	offset = 0;
1388 
1389 	sx_xlock(&mi->mi_lock);
1390 
1391 	LIST_FOREACH(pn, &pd->mn_children, mn_sibling) {
1392 		entry.d_reclen = sizeof(entry);
1393 		if (!pn->mn_fileno)
1394 			mqfs_fileno_alloc(mi, pn);
1395 		entry.d_fileno = pn->mn_fileno;
1396 		for (i = 0; i < MQFS_NAMELEN - 1 && pn->mn_name[i] != '\0'; ++i)
1397 			entry.d_name[i] = pn->mn_name[i];
1398 		entry.d_name[i] = 0;
1399 		entry.d_namlen = i;
1400 		switch (pn->mn_type) {
1401 		case mqfstype_root:
1402 		case mqfstype_dir:
1403 		case mqfstype_this:
1404 		case mqfstype_parent:
1405 			entry.d_type = DT_DIR;
1406 			break;
1407 		case mqfstype_file:
1408 			entry.d_type = DT_REG;
1409 			break;
1410 		case mqfstype_symlink:
1411 			entry.d_type = DT_LNK;
1412 			break;
1413 		default:
1414 			panic("%s has unexpected node type: %d", pn->mn_name,
1415 				pn->mn_type);
1416 		}
1417 		if (entry.d_reclen > uio->uio_resid)
1418                         break;
1419 		if (offset >= uio->uio_offset) {
1420 			error = vfs_read_dirent(ap, &entry, offset);
1421                         if (error)
1422                                 break;
1423                 }
1424                 offset += entry.d_reclen;
1425 	}
1426 	sx_xunlock(&mi->mi_lock);
1427 
1428 	uio->uio_offset = offset;
1429 
1430 	if (tmp_ncookies != NULL)
1431 		ap->a_ncookies = tmp_ncookies;
1432 
1433 	return (error);
1434 }
1435 
1436 #ifdef notyet
1437 
1438 #if 0
1439 struct vop_mkdir_args {
1440 	struct vnode *a_dvp;
1441 	struvt vnode **a_vpp;
1442 	struvt componentname *a_cnp;
1443 	struct vattr *a_vap;
1444 };
1445 #endif
1446 
1447 /*
1448  * Create a directory.
1449  */
1450 static int
1451 mqfs_mkdir(struct vop_mkdir_args *ap)
1452 {
1453 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_dvp->v_mount);
1454 	struct componentname *cnp = ap->a_cnp;
1455 	struct mqfs_node *pd = VTON(ap->a_dvp);
1456 	struct mqfs_node *pn;
1457 	int error;
1458 
1459 	if (pd->mn_type != mqfstype_root && pd->mn_type != mqfstype_dir)
1460 		return (ENOTDIR);
1461 	sx_xlock(&mqfs->mi_lock);
1462 	if ((cnp->cn_flags & HASBUF) == 0)
1463 		panic("%s: no name", __func__);
1464 	pn = mqfs_create_dir(pd, cnp->cn_nameptr, cnp->cn_namelen,
1465 		ap->a_vap->cn_cred, ap->a_vap->va_mode);
1466 	if (pn != NULL)
1467 		mqnode_addref(pn);
1468 	sx_xunlock(&mqfs->mi_lock);
1469 	if (pn == NULL) {
1470 		error = ENOSPC;
1471 	} else {
1472 		error = mqfs_allocv(ap->a_dvp->v_mount, ap->a_vpp, pn);
1473 		mqnode_release(pn);
1474 	}
1475 	return (error);
1476 }
1477 
1478 #if 0
1479 struct vop_rmdir_args {
1480 	struct vnode *a_dvp;
1481 	struct vnode *a_vp;
1482 	struct componentname *a_cnp;
1483 };
1484 #endif
1485 
1486 /*
1487  * Remove a directory.
1488  */
1489 static int
1490 mqfs_rmdir(struct vop_rmdir_args *ap)
1491 {
1492 	struct mqfs_info *mqfs = VFSTOMQFS(ap->a_dvp->v_mount);
1493 	struct mqfs_node *pn = VTON(ap->a_vp);
1494 	struct mqfs_node *pt;
1495 
1496 	if (pn->mn_type != mqfstype_dir)
1497 		return (ENOTDIR);
1498 
1499 	sx_xlock(&mqfs->mi_lock);
1500 	if (pn->mn_deleted) {
1501 		sx_xunlock(&mqfs->mi_lock);
1502 		return (ENOENT);
1503 	}
1504 
1505 	pt = LIST_FIRST(&pn->mn_children);
1506 	pt = LIST_NEXT(pt, mn_sibling);
1507 	pt = LIST_NEXT(pt, mn_sibling);
1508 	if (pt != NULL) {
1509 		sx_xunlock(&mqfs->mi_lock);
1510 		return (ENOTEMPTY);
1511 	}
1512 	pt = pn->mn_parent;
1513 	pn->mn_parent = NULL;
1514 	pn->mn_deleted = 1;
1515 	LIST_REMOVE(pn, mn_sibling);
1516 	mqnode_release(pn);
1517 	mqnode_release(pt);
1518 	sx_xunlock(&mqfs->mi_lock);
1519 	cache_purge(ap->a_vp);
1520 	return (0);
1521 }
1522 
1523 #endif /* notyet */
1524 
1525 /*
1526  * Allocate a message queue
1527  */
1528 static struct mqueue *
1529 mqueue_alloc(const struct mq_attr *attr)
1530 {
1531 	struct mqueue *mq;
1532 
1533 	if (curmq >= maxmq)
1534 		return (NULL);
1535 	mq = uma_zalloc(mqueue_zone, M_WAITOK | M_ZERO);
1536 	TAILQ_INIT(&mq->mq_msgq);
1537 	if (attr != NULL) {
1538 		mq->mq_maxmsg = attr->mq_maxmsg;
1539 		mq->mq_msgsize = attr->mq_msgsize;
1540 	} else {
1541 		mq->mq_maxmsg = default_maxmsg;
1542 		mq->mq_msgsize = default_msgsize;
1543 	}
1544 	mtx_init(&mq->mq_mutex, "mqueue lock", NULL, MTX_DEF);
1545 	knlist_init_mtx(&mq->mq_rsel.si_note, &mq->mq_mutex);
1546 	knlist_init_mtx(&mq->mq_wsel.si_note, &mq->mq_mutex);
1547 	atomic_add_int(&curmq, 1);
1548 	return (mq);
1549 }
1550 
1551 /*
1552  * Destroy a message queue
1553  */
1554 static void
1555 mqueue_free(struct mqueue *mq)
1556 {
1557 	struct mqueue_msg *msg;
1558 
1559 	while ((msg = TAILQ_FIRST(&mq->mq_msgq)) != NULL) {
1560 		TAILQ_REMOVE(&mq->mq_msgq, msg, msg_link);
1561 		free(msg, M_MQUEUEDATA);
1562 	}
1563 
1564 	mtx_destroy(&mq->mq_mutex);
1565 	seldrain(&mq->mq_rsel);
1566 	seldrain(&mq->mq_wsel);
1567 	knlist_destroy(&mq->mq_rsel.si_note);
1568 	knlist_destroy(&mq->mq_wsel.si_note);
1569 	uma_zfree(mqueue_zone, mq);
1570 	atomic_add_int(&curmq, -1);
1571 }
1572 
1573 /*
1574  * Load a message from user space
1575  */
1576 static struct mqueue_msg *
1577 mqueue_loadmsg(const char *msg_ptr, size_t msg_size, int msg_prio)
1578 {
1579 	struct mqueue_msg *msg;
1580 	size_t len;
1581 	int error;
1582 
1583 	len = sizeof(struct mqueue_msg) + msg_size;
1584 	msg = malloc(len, M_MQUEUEDATA, M_WAITOK);
1585 	error = copyin(msg_ptr, ((char *)msg) + sizeof(struct mqueue_msg),
1586 	    msg_size);
1587 	if (error) {
1588 		free(msg, M_MQUEUEDATA);
1589 		msg = NULL;
1590 	} else {
1591 		msg->msg_size = msg_size;
1592 		msg->msg_prio = msg_prio;
1593 	}
1594 	return (msg);
1595 }
1596 
1597 /*
1598  * Save a message to user space
1599  */
1600 static int
1601 mqueue_savemsg(struct mqueue_msg *msg, char *msg_ptr, int *msg_prio)
1602 {
1603 	int error;
1604 
1605 	error = copyout(((char *)msg) + sizeof(*msg), msg_ptr,
1606 		msg->msg_size);
1607 	if (error == 0 && msg_prio != NULL)
1608 		error = copyout(&msg->msg_prio, msg_prio, sizeof(int));
1609 	return (error);
1610 }
1611 
1612 /*
1613  * Free a message's memory
1614  */
1615 static __inline void
1616 mqueue_freemsg(struct mqueue_msg *msg)
1617 {
1618 	free(msg, M_MQUEUEDATA);
1619 }
1620 
1621 /*
1622  * Send a message. if waitok is false, thread will not be
1623  * blocked if there is no data in queue, otherwise, absolute
1624  * time will be checked.
1625  */
1626 int
1627 mqueue_send(struct mqueue *mq, const char *msg_ptr,
1628 	size_t msg_len, unsigned msg_prio, int waitok,
1629 	const struct timespec *abs_timeout)
1630 {
1631 	struct mqueue_msg *msg;
1632 	struct timespec ts, ts2;
1633 	struct timeval tv;
1634 	int error;
1635 
1636 	if (msg_prio >= MQ_PRIO_MAX)
1637 		return (EINVAL);
1638 	if (msg_len > mq->mq_msgsize)
1639 		return (EMSGSIZE);
1640 	msg = mqueue_loadmsg(msg_ptr, msg_len, msg_prio);
1641 	if (msg == NULL)
1642 		return (EFAULT);
1643 
1644 	/* O_NONBLOCK case */
1645 	if (!waitok) {
1646 		error = _mqueue_send(mq, msg, -1);
1647 		if (error)
1648 			goto bad;
1649 		return (0);
1650 	}
1651 
1652 	/* we allow a null timeout (wait forever) */
1653 	if (abs_timeout == NULL) {
1654 		error = _mqueue_send(mq, msg, 0);
1655 		if (error)
1656 			goto bad;
1657 		return (0);
1658 	}
1659 
1660 	/* send it before checking time */
1661 	error = _mqueue_send(mq, msg, -1);
1662 	if (error == 0)
1663 		return (0);
1664 
1665 	if (error != EAGAIN)
1666 		goto bad;
1667 
1668 	if (abs_timeout->tv_nsec >= 1000000000 || abs_timeout->tv_nsec < 0) {
1669 		error = EINVAL;
1670 		goto bad;
1671 	}
1672 	for (;;) {
1673 		ts2 = *abs_timeout;
1674 		getnanotime(&ts);
1675 		timespecsub(&ts2, &ts);
1676 		if (ts2.tv_sec < 0 || (ts2.tv_sec == 0 && ts2.tv_nsec <= 0)) {
1677 			error = ETIMEDOUT;
1678 			break;
1679 		}
1680 		TIMESPEC_TO_TIMEVAL(&tv, &ts2);
1681 		error = _mqueue_send(mq, msg, tvtohz(&tv));
1682 		if (error != ETIMEDOUT)
1683 			break;
1684 	}
1685 	if (error == 0)
1686 		return (0);
1687 bad:
1688 	mqueue_freemsg(msg);
1689 	return (error);
1690 }
1691 
1692 /*
1693  * Common routine to send a message
1694  */
1695 static int
1696 _mqueue_send(struct mqueue *mq, struct mqueue_msg *msg, int timo)
1697 {
1698 	struct mqueue_msg *msg2;
1699 	int error = 0;
1700 
1701 	mtx_lock(&mq->mq_mutex);
1702 	while (mq->mq_curmsgs >= mq->mq_maxmsg && error == 0) {
1703 		if (timo < 0) {
1704 			mtx_unlock(&mq->mq_mutex);
1705 			return (EAGAIN);
1706 		}
1707 		mq->mq_senders++;
1708 		error = msleep(&mq->mq_senders, &mq->mq_mutex,
1709 			    PCATCH, "mqsend", timo);
1710 		mq->mq_senders--;
1711 		if (error == EAGAIN)
1712 			error = ETIMEDOUT;
1713 	}
1714 	if (mq->mq_curmsgs >= mq->mq_maxmsg) {
1715 		mtx_unlock(&mq->mq_mutex);
1716 		return (error);
1717 	}
1718 	error = 0;
1719 	if (TAILQ_EMPTY(&mq->mq_msgq)) {
1720 		TAILQ_INSERT_HEAD(&mq->mq_msgq, msg, msg_link);
1721 	} else {
1722 		if (msg->msg_prio <= TAILQ_LAST(&mq->mq_msgq, msgq)->msg_prio) {
1723 			TAILQ_INSERT_TAIL(&mq->mq_msgq, msg, msg_link);
1724 		} else {
1725 			TAILQ_FOREACH(msg2, &mq->mq_msgq, msg_link) {
1726 				if (msg2->msg_prio < msg->msg_prio)
1727 					break;
1728 			}
1729 			TAILQ_INSERT_BEFORE(msg2, msg, msg_link);
1730 		}
1731 	}
1732 	mq->mq_curmsgs++;
1733 	mq->mq_totalbytes += msg->msg_size;
1734 	if (mq->mq_receivers)
1735 		wakeup_one(&mq->mq_receivers);
1736 	else if (mq->mq_notifier != NULL)
1737 		mqueue_send_notification(mq);
1738 	if (mq->mq_flags & MQ_RSEL) {
1739 		mq->mq_flags &= ~MQ_RSEL;
1740 		selwakeup(&mq->mq_rsel);
1741 	}
1742 	KNOTE_LOCKED(&mq->mq_rsel.si_note, 0);
1743 	mtx_unlock(&mq->mq_mutex);
1744 	return (0);
1745 }
1746 
1747 /*
1748  * Send realtime a signal to process which registered itself
1749  * successfully by mq_notify.
1750  */
1751 static void
1752 mqueue_send_notification(struct mqueue *mq)
1753 {
1754 	struct mqueue_notifier *nt;
1755 	struct thread *td;
1756 	struct proc *p;
1757 	int error;
1758 
1759 	mtx_assert(&mq->mq_mutex, MA_OWNED);
1760 	nt = mq->mq_notifier;
1761 	if (nt->nt_sigev.sigev_notify != SIGEV_NONE) {
1762 		p = nt->nt_proc;
1763 		error = sigev_findtd(p, &nt->nt_sigev, &td);
1764 		if (error) {
1765 			mq->mq_notifier = NULL;
1766 			return;
1767 		}
1768 		if (!KSI_ONQ(&nt->nt_ksi)) {
1769 			ksiginfo_set_sigev(&nt->nt_ksi, &nt->nt_sigev);
1770 			tdsendsignal(p, td, nt->nt_ksi.ksi_signo, &nt->nt_ksi);
1771 		}
1772 		PROC_UNLOCK(p);
1773 	}
1774 	mq->mq_notifier = NULL;
1775 }
1776 
1777 /*
1778  * Get a message. if waitok is false, thread will not be
1779  * blocked if there is no data in queue, otherwise, absolute
1780  * time will be checked.
1781  */
1782 int
1783 mqueue_receive(struct mqueue *mq, char *msg_ptr,
1784 	size_t msg_len, unsigned *msg_prio, int waitok,
1785 	const struct timespec *abs_timeout)
1786 {
1787 	struct mqueue_msg *msg;
1788 	struct timespec ts, ts2;
1789 	struct timeval tv;
1790 	int error;
1791 
1792 	if (msg_len < mq->mq_msgsize)
1793 		return (EMSGSIZE);
1794 
1795 	/* O_NONBLOCK case */
1796 	if (!waitok) {
1797 		error = _mqueue_recv(mq, &msg, -1);
1798 		if (error)
1799 			return (error);
1800 		goto received;
1801 	}
1802 
1803 	/* we allow a null timeout (wait forever). */
1804 	if (abs_timeout == NULL) {
1805 		error = _mqueue_recv(mq, &msg, 0);
1806 		if (error)
1807 			return (error);
1808 		goto received;
1809 	}
1810 
1811 	/* try to get a message before checking time */
1812 	error = _mqueue_recv(mq, &msg, -1);
1813 	if (error == 0)
1814 		goto received;
1815 
1816 	if (error != EAGAIN)
1817 		return (error);
1818 
1819 	if (abs_timeout->tv_nsec >= 1000000000 || abs_timeout->tv_nsec < 0) {
1820 		error = EINVAL;
1821 		return (error);
1822 	}
1823 
1824 	for (;;) {
1825 		ts2 = *abs_timeout;
1826 		getnanotime(&ts);
1827 		timespecsub(&ts2, &ts);
1828 		if (ts2.tv_sec < 0 || (ts2.tv_sec == 0 && ts2.tv_nsec <= 0)) {
1829 			error = ETIMEDOUT;
1830 			return (error);
1831 		}
1832 		TIMESPEC_TO_TIMEVAL(&tv, &ts2);
1833 		error = _mqueue_recv(mq, &msg, tvtohz(&tv));
1834 		if (error == 0)
1835 			break;
1836 		if (error != ETIMEDOUT)
1837 			return (error);
1838 	}
1839 
1840 received:
1841 	error = mqueue_savemsg(msg, msg_ptr, msg_prio);
1842 	if (error == 0) {
1843 		curthread->td_retval[0] = msg->msg_size;
1844 		curthread->td_retval[1] = 0;
1845 	}
1846 	mqueue_freemsg(msg);
1847 	return (error);
1848 }
1849 
1850 /*
1851  * Common routine to receive a message
1852  */
1853 static int
1854 _mqueue_recv(struct mqueue *mq, struct mqueue_msg **msg, int timo)
1855 {
1856 	int error = 0;
1857 
1858 	mtx_lock(&mq->mq_mutex);
1859 	while ((*msg = TAILQ_FIRST(&mq->mq_msgq)) == NULL && error == 0) {
1860 		if (timo < 0) {
1861 			mtx_unlock(&mq->mq_mutex);
1862 			return (EAGAIN);
1863 		}
1864 		mq->mq_receivers++;
1865 		error = msleep(&mq->mq_receivers, &mq->mq_mutex,
1866 			    PCATCH, "mqrecv", timo);
1867 		mq->mq_receivers--;
1868 		if (error == EAGAIN)
1869 			error = ETIMEDOUT;
1870 	}
1871 	if (*msg != NULL) {
1872 		error = 0;
1873 		TAILQ_REMOVE(&mq->mq_msgq, *msg, msg_link);
1874 		mq->mq_curmsgs--;
1875 		mq->mq_totalbytes -= (*msg)->msg_size;
1876 		if (mq->mq_senders)
1877 			wakeup_one(&mq->mq_senders);
1878 		if (mq->mq_flags & MQ_WSEL) {
1879 			mq->mq_flags &= ~MQ_WSEL;
1880 			selwakeup(&mq->mq_wsel);
1881 		}
1882 		KNOTE_LOCKED(&mq->mq_wsel.si_note, 0);
1883 	}
1884 	if (mq->mq_notifier != NULL && mq->mq_receivers == 0 &&
1885 	    !TAILQ_EMPTY(&mq->mq_msgq)) {
1886 		mqueue_send_notification(mq);
1887 	}
1888 	mtx_unlock(&mq->mq_mutex);
1889 	return (error);
1890 }
1891 
1892 static __inline struct mqueue_notifier *
1893 notifier_alloc(void)
1894 {
1895 	return (uma_zalloc(mqnoti_zone, M_WAITOK | M_ZERO));
1896 }
1897 
1898 static __inline void
1899 notifier_free(struct mqueue_notifier *p)
1900 {
1901 	uma_zfree(mqnoti_zone, p);
1902 }
1903 
1904 static struct mqueue_notifier *
1905 notifier_search(struct proc *p, int fd)
1906 {
1907 	struct mqueue_notifier *nt;
1908 
1909 	LIST_FOREACH(nt, &p->p_mqnotifier, nt_link) {
1910 		if (nt->nt_ksi.ksi_mqd == fd)
1911 			break;
1912 	}
1913 	return (nt);
1914 }
1915 
1916 static __inline void
1917 notifier_insert(struct proc *p, struct mqueue_notifier *nt)
1918 {
1919 	LIST_INSERT_HEAD(&p->p_mqnotifier, nt, nt_link);
1920 }
1921 
1922 static __inline void
1923 notifier_delete(struct proc *p, struct mqueue_notifier *nt)
1924 {
1925 	LIST_REMOVE(nt, nt_link);
1926 	notifier_free(nt);
1927 }
1928 
1929 static void
1930 notifier_remove(struct proc *p, struct mqueue *mq, int fd)
1931 {
1932 	struct mqueue_notifier *nt;
1933 
1934 	mtx_assert(&mq->mq_mutex, MA_OWNED);
1935 	PROC_LOCK(p);
1936 	nt = notifier_search(p, fd);
1937 	if (nt != NULL) {
1938 		if (mq->mq_notifier == nt)
1939 			mq->mq_notifier = NULL;
1940 		sigqueue_take(&nt->nt_ksi);
1941 		notifier_delete(p, nt);
1942 	}
1943 	PROC_UNLOCK(p);
1944 }
1945 
1946 static int
1947 kern_kmq_open(struct thread *td, const char *upath, int flags, mode_t mode,
1948     const struct mq_attr *attr)
1949 {
1950 	char path[MQFS_NAMELEN + 1];
1951 	struct mqfs_node *pn;
1952 	struct filedesc *fdp;
1953 	struct file *fp;
1954 	struct mqueue *mq;
1955 	int fd, error, len, cmode;
1956 
1957 	fdp = td->td_proc->p_fd;
1958 	cmode = (((mode & ~fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT);
1959 	mq = NULL;
1960 	if ((flags & O_CREAT) != 0 && attr != NULL) {
1961 		if (attr->mq_maxmsg <= 0 || attr->mq_maxmsg > maxmsg)
1962 			return (EINVAL);
1963 		if (attr->mq_msgsize <= 0 || attr->mq_msgsize > maxmsgsize)
1964 			return (EINVAL);
1965 	}
1966 
1967 	error = copyinstr(upath, path, MQFS_NAMELEN + 1, NULL);
1968         if (error)
1969 		return (error);
1970 
1971 	/*
1972 	 * The first character of name must be a slash  (/) character
1973 	 * and the remaining characters of name cannot include any slash
1974 	 * characters.
1975 	 */
1976 	len = strlen(path);
1977 	if (len < 2 || path[0] != '/' || strchr(path + 1, '/') != NULL)
1978 		return (EINVAL);
1979 
1980 	error = falloc(td, &fp, &fd, O_CLOEXEC);
1981 	if (error)
1982 		return (error);
1983 
1984 	sx_xlock(&mqfs_data.mi_lock);
1985 	pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1);
1986 	if (pn == NULL) {
1987 		if (!(flags & O_CREAT)) {
1988 			error = ENOENT;
1989 		} else {
1990 			mq = mqueue_alloc(attr);
1991 			if (mq == NULL) {
1992 				error = ENFILE;
1993 			} else {
1994 				pn = mqfs_create_file(mqfs_data.mi_root,
1995 				         path + 1, len - 1, td->td_ucred,
1996 					 cmode);
1997 				if (pn == NULL) {
1998 					error = ENOSPC;
1999 					mqueue_free(mq);
2000 				}
2001 			}
2002 		}
2003 
2004 		if (error == 0) {
2005 			pn->mn_data = mq;
2006 		}
2007 	} else {
2008 		if ((flags & (O_CREAT | O_EXCL)) == (O_CREAT | O_EXCL)) {
2009 			error = EEXIST;
2010 		} else {
2011 			accmode_t accmode = 0;
2012 
2013 			if (flags & FREAD)
2014 				accmode |= VREAD;
2015 			if (flags & FWRITE)
2016 				accmode |= VWRITE;
2017 			error = vaccess(VREG, pn->mn_mode, pn->mn_uid,
2018 				    pn->mn_gid, accmode, td->td_ucred, NULL);
2019 		}
2020 	}
2021 
2022 	if (error) {
2023 		sx_xunlock(&mqfs_data.mi_lock);
2024 		fdclose(fdp, fp, fd, td);
2025 		fdrop(fp, td);
2026 		return (error);
2027 	}
2028 
2029 	mqnode_addref(pn);
2030 	sx_xunlock(&mqfs_data.mi_lock);
2031 
2032 	finit(fp, flags & (FREAD | FWRITE | O_NONBLOCK), DTYPE_MQUEUE, pn,
2033 	    &mqueueops);
2034 
2035 	td->td_retval[0] = fd;
2036 	fdrop(fp, td);
2037 	return (0);
2038 }
2039 
2040 /*
2041  * Syscall to open a message queue.
2042  */
2043 int
2044 sys_kmq_open(struct thread *td, struct kmq_open_args *uap)
2045 {
2046 	struct mq_attr attr;
2047 	int flags, error;
2048 
2049 	if ((uap->flags & O_ACCMODE) == O_ACCMODE || uap->flags & O_EXEC)
2050 		return (EINVAL);
2051 	flags = FFLAGS(uap->flags);
2052 	if ((flags & O_CREAT) != 0 && uap->attr != NULL) {
2053 		error = copyin(uap->attr, &attr, sizeof(attr));
2054 		if (error)
2055 			return (error);
2056 	}
2057 	return (kern_kmq_open(td, uap->path, flags, uap->mode,
2058 	    uap->attr != NULL ? &attr : NULL));
2059 }
2060 
2061 /*
2062  * Syscall to unlink a message queue.
2063  */
2064 int
2065 sys_kmq_unlink(struct thread *td, struct kmq_unlink_args *uap)
2066 {
2067 	char path[MQFS_NAMELEN+1];
2068 	struct mqfs_node *pn;
2069 	int error, len;
2070 
2071 	error = copyinstr(uap->path, path, MQFS_NAMELEN + 1, NULL);
2072         if (error)
2073 		return (error);
2074 
2075 	len = strlen(path);
2076 	if (len < 2 || path[0] != '/' || strchr(path + 1, '/') != NULL)
2077 		return (EINVAL);
2078 
2079 	sx_xlock(&mqfs_data.mi_lock);
2080 	pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1);
2081 	if (pn != NULL)
2082 		error = do_unlink(pn, td->td_ucred);
2083 	else
2084 		error = ENOENT;
2085 	sx_xunlock(&mqfs_data.mi_lock);
2086 	return (error);
2087 }
2088 
2089 typedef int (*_fgetf)(struct thread *, int, cap_rights_t, struct file **);
2090 
2091 /*
2092  * Get message queue by giving file slot
2093  */
2094 static int
2095 _getmq(struct thread *td, int fd, cap_rights_t rights, _fgetf func,
2096        struct file **fpp, struct mqfs_node **ppn, struct mqueue **pmq)
2097 {
2098 	struct mqfs_node *pn;
2099 	int error;
2100 
2101 	error = func(td, fd, rights, fpp);
2102 	if (error)
2103 		return (error);
2104 	if (&mqueueops != (*fpp)->f_ops) {
2105 		fdrop(*fpp, td);
2106 		return (EBADF);
2107 	}
2108 	pn = (*fpp)->f_data;
2109 	if (ppn)
2110 		*ppn = pn;
2111 	if (pmq)
2112 		*pmq = pn->mn_data;
2113 	return (0);
2114 }
2115 
2116 static __inline int
2117 getmq(struct thread *td, int fd, struct file **fpp, struct mqfs_node **ppn,
2118 	struct mqueue **pmq)
2119 {
2120 	return _getmq(td, fd, CAP_POLL_EVENT, fget, fpp, ppn, pmq);
2121 }
2122 
2123 static __inline int
2124 getmq_read(struct thread *td, int fd, struct file **fpp,
2125 	 struct mqfs_node **ppn, struct mqueue **pmq)
2126 {
2127 	return _getmq(td, fd, CAP_READ, fget_read, fpp, ppn, pmq);
2128 }
2129 
2130 static __inline int
2131 getmq_write(struct thread *td, int fd, struct file **fpp,
2132 	struct mqfs_node **ppn, struct mqueue **pmq)
2133 {
2134 	return _getmq(td, fd, CAP_WRITE, fget_write, fpp, ppn, pmq);
2135 }
2136 
2137 static int
2138 kern_kmq_setattr(struct thread *td, int mqd, const struct mq_attr *attr,
2139     struct mq_attr *oattr)
2140 {
2141 	struct mqueue *mq;
2142 	struct file *fp;
2143 	u_int oflag, flag;
2144 	int error;
2145 
2146 	if (attr != NULL && (attr->mq_flags & ~O_NONBLOCK) != 0)
2147 		return (EINVAL);
2148 	error = getmq(td, mqd, &fp, NULL, &mq);
2149 	if (error)
2150 		return (error);
2151 	oattr->mq_maxmsg  = mq->mq_maxmsg;
2152 	oattr->mq_msgsize = mq->mq_msgsize;
2153 	oattr->mq_curmsgs = mq->mq_curmsgs;
2154 	if (attr != NULL) {
2155 		do {
2156 			oflag = flag = fp->f_flag;
2157 			flag &= ~O_NONBLOCK;
2158 			flag |= (attr->mq_flags & O_NONBLOCK);
2159 		} while (atomic_cmpset_int(&fp->f_flag, oflag, flag) == 0);
2160 	} else
2161 		oflag = fp->f_flag;
2162 	oattr->mq_flags = (O_NONBLOCK & oflag);
2163 	fdrop(fp, td);
2164 	return (error);
2165 }
2166 
2167 int
2168 sys_kmq_setattr(struct thread *td, struct kmq_setattr_args *uap)
2169 {
2170 	struct mq_attr attr, oattr;
2171 	int error;
2172 
2173 	if (uap->attr != NULL) {
2174 		error = copyin(uap->attr, &attr, sizeof(attr));
2175 		if (error != 0)
2176 			return (error);
2177 	}
2178 	error = kern_kmq_setattr(td, uap->mqd, uap->attr != NULL ? &attr : NULL,
2179 	    &oattr);
2180 	if (error != 0)
2181 		return (error);
2182 	if (uap->oattr != NULL)
2183 		error = copyout(&oattr, uap->oattr, sizeof(oattr));
2184 	return (error);
2185 }
2186 
2187 int
2188 sys_kmq_timedreceive(struct thread *td, struct kmq_timedreceive_args *uap)
2189 {
2190 	struct mqueue *mq;
2191 	struct file *fp;
2192 	struct timespec *abs_timeout, ets;
2193 	int error;
2194 	int waitok;
2195 
2196 	error = getmq_read(td, uap->mqd, &fp, NULL, &mq);
2197 	if (error)
2198 		return (error);
2199 	if (uap->abs_timeout != NULL) {
2200 		error = copyin(uap->abs_timeout, &ets, sizeof(ets));
2201 		if (error != 0)
2202 			return (error);
2203 		abs_timeout = &ets;
2204 	} else
2205 		abs_timeout = NULL;
2206 	waitok = !(fp->f_flag & O_NONBLOCK);
2207 	error = mqueue_receive(mq, uap->msg_ptr, uap->msg_len,
2208 		uap->msg_prio, waitok, abs_timeout);
2209 	fdrop(fp, td);
2210 	return (error);
2211 }
2212 
2213 int
2214 sys_kmq_timedsend(struct thread *td, struct kmq_timedsend_args *uap)
2215 {
2216 	struct mqueue *mq;
2217 	struct file *fp;
2218 	struct timespec *abs_timeout, ets;
2219 	int error, waitok;
2220 
2221 	error = getmq_write(td, uap->mqd, &fp, NULL, &mq);
2222 	if (error)
2223 		return (error);
2224 	if (uap->abs_timeout != NULL) {
2225 		error = copyin(uap->abs_timeout, &ets, sizeof(ets));
2226 		if (error != 0)
2227 			return (error);
2228 		abs_timeout = &ets;
2229 	} else
2230 		abs_timeout = NULL;
2231 	waitok = !(fp->f_flag & O_NONBLOCK);
2232 	error = mqueue_send(mq, uap->msg_ptr, uap->msg_len,
2233 		uap->msg_prio, waitok, abs_timeout);
2234 	fdrop(fp, td);
2235 	return (error);
2236 }
2237 
2238 static int
2239 kern_kmq_notify(struct thread *td, int mqd, struct sigevent *sigev)
2240 {
2241 	struct filedesc *fdp;
2242 	struct proc *p;
2243 	struct mqueue *mq;
2244 	struct file *fp, *fp2;
2245 	struct mqueue_notifier *nt, *newnt = NULL;
2246 	int error;
2247 
2248 	if (sigev != NULL) {
2249 		if (sigev->sigev_notify != SIGEV_SIGNAL &&
2250 		    sigev->sigev_notify != SIGEV_THREAD_ID &&
2251 		    sigev->sigev_notify != SIGEV_NONE)
2252 			return (EINVAL);
2253 		if ((sigev->sigev_notify == SIGEV_SIGNAL ||
2254 		    sigev->sigev_notify == SIGEV_THREAD_ID) &&
2255 		    !_SIG_VALID(sigev->sigev_signo))
2256 			return (EINVAL);
2257 	}
2258 	p = td->td_proc;
2259 	fdp = td->td_proc->p_fd;
2260 	error = getmq(td, mqd, &fp, NULL, &mq);
2261 	if (error)
2262 		return (error);
2263 again:
2264 	FILEDESC_SLOCK(fdp);
2265 	fp2 = fget_locked(fdp, mqd);
2266 	if (fp2 == NULL) {
2267 		FILEDESC_SUNLOCK(fdp);
2268 		error = EBADF;
2269 		goto out;
2270 	}
2271 #ifdef CAPABILITIES
2272 	error = cap_check(cap_rights(fdp, mqd), CAP_POLL_EVENT);
2273 	if (error) {
2274 		FILEDESC_SUNLOCK(fdp);
2275 		goto out;
2276 	}
2277 #endif
2278 	if (fp2 != fp) {
2279 		FILEDESC_SUNLOCK(fdp);
2280 		error = EBADF;
2281 		goto out;
2282 	}
2283 	mtx_lock(&mq->mq_mutex);
2284 	FILEDESC_SUNLOCK(fdp);
2285 	if (sigev != NULL) {
2286 		if (mq->mq_notifier != NULL) {
2287 			error = EBUSY;
2288 		} else {
2289 			PROC_LOCK(p);
2290 			nt = notifier_search(p, mqd);
2291 			if (nt == NULL) {
2292 				if (newnt == NULL) {
2293 					PROC_UNLOCK(p);
2294 					mtx_unlock(&mq->mq_mutex);
2295 					newnt = notifier_alloc();
2296 					goto again;
2297 				}
2298 			}
2299 
2300 			if (nt != NULL) {
2301 				sigqueue_take(&nt->nt_ksi);
2302 				if (newnt != NULL) {
2303 					notifier_free(newnt);
2304 					newnt = NULL;
2305 				}
2306 			} else {
2307 				nt = newnt;
2308 				newnt = NULL;
2309 				ksiginfo_init(&nt->nt_ksi);
2310 				nt->nt_ksi.ksi_flags |= KSI_INS | KSI_EXT;
2311 				nt->nt_ksi.ksi_code = SI_MESGQ;
2312 				nt->nt_proc = p;
2313 				nt->nt_ksi.ksi_mqd = mqd;
2314 				notifier_insert(p, nt);
2315 			}
2316 			nt->nt_sigev = *sigev;
2317 			mq->mq_notifier = nt;
2318 			PROC_UNLOCK(p);
2319 			/*
2320 			 * if there is no receivers and message queue
2321 			 * is not empty, we should send notification
2322 			 * as soon as possible.
2323 			 */
2324 			if (mq->mq_receivers == 0 &&
2325 			    !TAILQ_EMPTY(&mq->mq_msgq))
2326 				mqueue_send_notification(mq);
2327 		}
2328 	} else {
2329 		notifier_remove(p, mq, mqd);
2330 	}
2331 	mtx_unlock(&mq->mq_mutex);
2332 
2333 out:
2334 	fdrop(fp, td);
2335 	if (newnt != NULL)
2336 		notifier_free(newnt);
2337 	return (error);
2338 }
2339 
2340 int
2341 sys_kmq_notify(struct thread *td, struct kmq_notify_args *uap)
2342 {
2343 	struct sigevent ev, *evp;
2344 	int error;
2345 
2346 	if (uap->sigev == NULL) {
2347 		evp = NULL;
2348 	} else {
2349 		error = copyin(uap->sigev, &ev, sizeof(ev));
2350 		if (error != 0)
2351 			return (error);
2352 		evp = &ev;
2353 	}
2354 	return (kern_kmq_notify(td, uap->mqd, evp));
2355 }
2356 
2357 static void
2358 mqueue_fdclose(struct thread *td, int fd, struct file *fp)
2359 {
2360 	struct filedesc *fdp;
2361 	struct mqueue *mq;
2362 
2363 	fdp = td->td_proc->p_fd;
2364 	FILEDESC_LOCK_ASSERT(fdp);
2365 
2366 	if (fp->f_ops == &mqueueops) {
2367 		mq = FPTOMQ(fp);
2368 		mtx_lock(&mq->mq_mutex);
2369 		notifier_remove(td->td_proc, mq, fd);
2370 
2371 		/* have to wakeup thread in same process */
2372 		if (mq->mq_flags & MQ_RSEL) {
2373 			mq->mq_flags &= ~MQ_RSEL;
2374 			selwakeup(&mq->mq_rsel);
2375 		}
2376 		if (mq->mq_flags & MQ_WSEL) {
2377 			mq->mq_flags &= ~MQ_WSEL;
2378 			selwakeup(&mq->mq_wsel);
2379 		}
2380 		mtx_unlock(&mq->mq_mutex);
2381 	}
2382 }
2383 
2384 static void
2385 mq_proc_exit(void *arg __unused, struct proc *p)
2386 {
2387 	struct filedesc *fdp;
2388 	struct file *fp;
2389 	struct mqueue *mq;
2390 	int i;
2391 
2392 	fdp = p->p_fd;
2393 	FILEDESC_SLOCK(fdp);
2394 	for (i = 0; i < fdp->fd_nfiles; ++i) {
2395 		fp = fget_locked(fdp, i);
2396 		if (fp != NULL && fp->f_ops == &mqueueops) {
2397 			mq = FPTOMQ(fp);
2398 			mtx_lock(&mq->mq_mutex);
2399 			notifier_remove(p, FPTOMQ(fp), i);
2400 			mtx_unlock(&mq->mq_mutex);
2401 		}
2402 	}
2403 	FILEDESC_SUNLOCK(fdp);
2404 	KASSERT(LIST_EMPTY(&p->p_mqnotifier), ("mq notifiers left"));
2405 }
2406 
2407 static int
2408 mqf_read(struct file *fp, struct uio *uio, struct ucred *active_cred,
2409 	int flags, struct thread *td)
2410 {
2411 	return (EOPNOTSUPP);
2412 }
2413 
2414 static int
2415 mqf_write(struct file *fp, struct uio *uio, struct ucred *active_cred,
2416 	int flags, struct thread *td)
2417 {
2418 	return (EOPNOTSUPP);
2419 }
2420 
2421 static int
2422 mqf_truncate(struct file *fp, off_t length, struct ucred *active_cred,
2423     struct thread *td)
2424 {
2425 
2426 	return (EINVAL);
2427 }
2428 
2429 static int
2430 mqf_ioctl(struct file *fp, u_long cmd, void *data,
2431 	struct ucred *active_cred, struct thread *td)
2432 {
2433 	return (ENOTTY);
2434 }
2435 
2436 static int
2437 mqf_poll(struct file *fp, int events, struct ucred *active_cred,
2438 	struct thread *td)
2439 {
2440 	struct mqueue *mq = FPTOMQ(fp);
2441 	int revents = 0;
2442 
2443 	mtx_lock(&mq->mq_mutex);
2444 	if (events & (POLLIN | POLLRDNORM)) {
2445 		if (mq->mq_curmsgs) {
2446 			revents |= events & (POLLIN | POLLRDNORM);
2447 		} else {
2448 			mq->mq_flags |= MQ_RSEL;
2449 			selrecord(td, &mq->mq_rsel);
2450  		}
2451 	}
2452 	if (events & POLLOUT) {
2453 		if (mq->mq_curmsgs < mq->mq_maxmsg)
2454 			revents |= POLLOUT;
2455 		else {
2456 			mq->mq_flags |= MQ_WSEL;
2457 			selrecord(td, &mq->mq_wsel);
2458 		}
2459 	}
2460 	mtx_unlock(&mq->mq_mutex);
2461 	return (revents);
2462 }
2463 
2464 static int
2465 mqf_close(struct file *fp, struct thread *td)
2466 {
2467 	struct mqfs_node *pn;
2468 
2469 	fp->f_ops = &badfileops;
2470 	pn = fp->f_data;
2471 	fp->f_data = NULL;
2472 	sx_xlock(&mqfs_data.mi_lock);
2473 	mqnode_release(pn);
2474 	sx_xunlock(&mqfs_data.mi_lock);
2475 	return (0);
2476 }
2477 
2478 static int
2479 mqf_stat(struct file *fp, struct stat *st, struct ucred *active_cred,
2480 	struct thread *td)
2481 {
2482 	struct mqfs_node *pn = fp->f_data;
2483 
2484 	bzero(st, sizeof *st);
2485 	sx_xlock(&mqfs_data.mi_lock);
2486 	st->st_atim = pn->mn_atime;
2487 	st->st_mtim = pn->mn_mtime;
2488 	st->st_ctim = pn->mn_ctime;
2489 	st->st_birthtim = pn->mn_birth;
2490 	st->st_uid = pn->mn_uid;
2491 	st->st_gid = pn->mn_gid;
2492 	st->st_mode = S_IFIFO | pn->mn_mode;
2493 	sx_xunlock(&mqfs_data.mi_lock);
2494 	return (0);
2495 }
2496 
2497 static int
2498 mqf_chmod(struct file *fp, mode_t mode, struct ucred *active_cred,
2499     struct thread *td)
2500 {
2501 	struct mqfs_node *pn;
2502 	int error;
2503 
2504 	error = 0;
2505 	pn = fp->f_data;
2506 	sx_xlock(&mqfs_data.mi_lock);
2507 	error = vaccess(VREG, pn->mn_mode, pn->mn_uid, pn->mn_gid, VADMIN,
2508 	    active_cred, NULL);
2509 	if (error != 0)
2510 		goto out;
2511 	pn->mn_mode = mode & ACCESSPERMS;
2512 out:
2513 	sx_xunlock(&mqfs_data.mi_lock);
2514 	return (error);
2515 }
2516 
2517 static int
2518 mqf_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
2519     struct thread *td)
2520 {
2521 	struct mqfs_node *pn;
2522 	int error;
2523 
2524 	error = 0;
2525 	pn = fp->f_data;
2526 	sx_xlock(&mqfs_data.mi_lock);
2527 	if (uid == (uid_t)-1)
2528 		uid = pn->mn_uid;
2529 	if (gid == (gid_t)-1)
2530 		gid = pn->mn_gid;
2531 	if (((uid != pn->mn_uid && uid != active_cred->cr_uid) ||
2532 	    (gid != pn->mn_gid && !groupmember(gid, active_cred))) &&
2533 	    (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
2534 		goto out;
2535 	pn->mn_uid = uid;
2536 	pn->mn_gid = gid;
2537 out:
2538 	sx_xunlock(&mqfs_data.mi_lock);
2539 	return (error);
2540 }
2541 
2542 static int
2543 mqf_kqfilter(struct file *fp, struct knote *kn)
2544 {
2545 	struct mqueue *mq = FPTOMQ(fp);
2546 	int error = 0;
2547 
2548 	if (kn->kn_filter == EVFILT_READ) {
2549 		kn->kn_fop = &mq_rfiltops;
2550 		knlist_add(&mq->mq_rsel.si_note, kn, 0);
2551 	} else if (kn->kn_filter == EVFILT_WRITE) {
2552 		kn->kn_fop = &mq_wfiltops;
2553 		knlist_add(&mq->mq_wsel.si_note, kn, 0);
2554 	} else
2555 		error = EINVAL;
2556 	return (error);
2557 }
2558 
2559 static void
2560 filt_mqdetach(struct knote *kn)
2561 {
2562 	struct mqueue *mq = FPTOMQ(kn->kn_fp);
2563 
2564 	if (kn->kn_filter == EVFILT_READ)
2565 		knlist_remove(&mq->mq_rsel.si_note, kn, 0);
2566 	else if (kn->kn_filter == EVFILT_WRITE)
2567 		knlist_remove(&mq->mq_wsel.si_note, kn, 0);
2568 	else
2569 		panic("filt_mqdetach");
2570 }
2571 
2572 static int
2573 filt_mqread(struct knote *kn, long hint)
2574 {
2575 	struct mqueue *mq = FPTOMQ(kn->kn_fp);
2576 
2577 	mtx_assert(&mq->mq_mutex, MA_OWNED);
2578 	return (mq->mq_curmsgs != 0);
2579 }
2580 
2581 static int
2582 filt_mqwrite(struct knote *kn, long hint)
2583 {
2584 	struct mqueue *mq = FPTOMQ(kn->kn_fp);
2585 
2586 	mtx_assert(&mq->mq_mutex, MA_OWNED);
2587 	return (mq->mq_curmsgs < mq->mq_maxmsg);
2588 }
2589 
2590 static struct fileops mqueueops = {
2591 	.fo_read		= mqf_read,
2592 	.fo_write		= mqf_write,
2593 	.fo_truncate		= mqf_truncate,
2594 	.fo_ioctl		= mqf_ioctl,
2595 	.fo_poll		= mqf_poll,
2596 	.fo_kqfilter		= mqf_kqfilter,
2597 	.fo_stat		= mqf_stat,
2598 	.fo_chmod		= mqf_chmod,
2599 	.fo_chown		= mqf_chown,
2600 	.fo_close		= mqf_close,
2601 	.fo_sendfile		= invfo_sendfile,
2602 };
2603 
2604 static struct vop_vector mqfs_vnodeops = {
2605 	.vop_default 		= &default_vnodeops,
2606 	.vop_access		= mqfs_access,
2607 	.vop_cachedlookup	= mqfs_lookup,
2608 	.vop_lookup		= vfs_cache_lookup,
2609 	.vop_reclaim		= mqfs_reclaim,
2610 	.vop_create		= mqfs_create,
2611 	.vop_remove		= mqfs_remove,
2612 	.vop_inactive		= mqfs_inactive,
2613 	.vop_open		= mqfs_open,
2614 	.vop_close		= mqfs_close,
2615 	.vop_getattr		= mqfs_getattr,
2616 	.vop_setattr		= mqfs_setattr,
2617 	.vop_read		= mqfs_read,
2618 	.vop_write		= VOP_EOPNOTSUPP,
2619 	.vop_readdir		= mqfs_readdir,
2620 	.vop_mkdir		= VOP_EOPNOTSUPP,
2621 	.vop_rmdir		= VOP_EOPNOTSUPP
2622 };
2623 
2624 static struct vfsops mqfs_vfsops = {
2625 	.vfs_init 		= mqfs_init,
2626 	.vfs_uninit		= mqfs_uninit,
2627 	.vfs_mount		= mqfs_mount,
2628 	.vfs_unmount		= mqfs_unmount,
2629 	.vfs_root		= mqfs_root,
2630 	.vfs_statfs		= mqfs_statfs,
2631 };
2632 
2633 static struct vfsconf mqueuefs_vfsconf = {
2634 	.vfc_version = VFS_VERSION,
2635 	.vfc_name = "mqueuefs",
2636 	.vfc_vfsops = &mqfs_vfsops,
2637 	.vfc_typenum = -1,
2638 	.vfc_flags = VFCF_SYNTHETIC
2639 };
2640 
2641 static struct syscall_helper_data mq_syscalls[] = {
2642 	SYSCALL_INIT_HELPER(kmq_open),
2643 	SYSCALL_INIT_HELPER(kmq_setattr),
2644 	SYSCALL_INIT_HELPER(kmq_timedsend),
2645 	SYSCALL_INIT_HELPER(kmq_timedreceive),
2646 	SYSCALL_INIT_HELPER(kmq_notify),
2647 	SYSCALL_INIT_HELPER(kmq_unlink),
2648 	SYSCALL_INIT_LAST
2649 };
2650 
2651 #ifdef COMPAT_FREEBSD32
2652 #include <compat/freebsd32/freebsd32.h>
2653 #include <compat/freebsd32/freebsd32_proto.h>
2654 #include <compat/freebsd32/freebsd32_signal.h>
2655 #include <compat/freebsd32/freebsd32_syscall.h>
2656 #include <compat/freebsd32/freebsd32_util.h>
2657 
2658 static void
2659 mq_attr_from32(const struct mq_attr32 *from, struct mq_attr *to)
2660 {
2661 
2662 	to->mq_flags = from->mq_flags;
2663 	to->mq_maxmsg = from->mq_maxmsg;
2664 	to->mq_msgsize = from->mq_msgsize;
2665 	to->mq_curmsgs = from->mq_curmsgs;
2666 }
2667 
2668 static void
2669 mq_attr_to32(const struct mq_attr *from, struct mq_attr32 *to)
2670 {
2671 
2672 	to->mq_flags = from->mq_flags;
2673 	to->mq_maxmsg = from->mq_maxmsg;
2674 	to->mq_msgsize = from->mq_msgsize;
2675 	to->mq_curmsgs = from->mq_curmsgs;
2676 }
2677 
2678 int
2679 freebsd32_kmq_open(struct thread *td, struct freebsd32_kmq_open_args *uap)
2680 {
2681 	struct mq_attr attr;
2682 	struct mq_attr32 attr32;
2683 	int flags, error;
2684 
2685 	if ((uap->flags & O_ACCMODE) == O_ACCMODE || uap->flags & O_EXEC)
2686 		return (EINVAL);
2687 	flags = FFLAGS(uap->flags);
2688 	if ((flags & O_CREAT) != 0 && uap->attr != NULL) {
2689 		error = copyin(uap->attr, &attr32, sizeof(attr32));
2690 		if (error)
2691 			return (error);
2692 		mq_attr_from32(&attr32, &attr);
2693 	}
2694 	return (kern_kmq_open(td, uap->path, flags, uap->mode,
2695 	    uap->attr != NULL ? &attr : NULL));
2696 }
2697 
2698 int
2699 freebsd32_kmq_setattr(struct thread *td, struct freebsd32_kmq_setattr_args *uap)
2700 {
2701 	struct mq_attr attr, oattr;
2702 	struct mq_attr32 attr32, oattr32;
2703 	int error;
2704 
2705 	if (uap->attr != NULL) {
2706 		error = copyin(uap->attr, &attr32, sizeof(attr32));
2707 		if (error != 0)
2708 			return (error);
2709 		mq_attr_from32(&attr32, &attr);
2710 	}
2711 	error = kern_kmq_setattr(td, uap->mqd, uap->attr != NULL ? &attr : NULL,
2712 	    &oattr);
2713 	if (error != 0)
2714 		return (error);
2715 	if (uap->oattr != NULL) {
2716 		mq_attr_to32(&oattr, &oattr32);
2717 		error = copyout(&oattr32, uap->oattr, sizeof(oattr32));
2718 	}
2719 	return (error);
2720 }
2721 
2722 int
2723 freebsd32_kmq_timedsend(struct thread *td,
2724     struct freebsd32_kmq_timedsend_args *uap)
2725 {
2726 	struct mqueue *mq;
2727 	struct file *fp;
2728 	struct timespec32 ets32;
2729 	struct timespec *abs_timeout, ets;
2730 	int error;
2731 	int waitok;
2732 
2733 	error = getmq_write(td, uap->mqd, &fp, NULL, &mq);
2734 	if (error)
2735 		return (error);
2736 	if (uap->abs_timeout != NULL) {
2737 		error = copyin(uap->abs_timeout, &ets32, sizeof(ets32));
2738 		if (error != 0)
2739 			return (error);
2740 		CP(ets32, ets, tv_sec);
2741 		CP(ets32, ets, tv_nsec);
2742 		abs_timeout = &ets;
2743 	} else
2744 		abs_timeout = NULL;
2745 	waitok = !(fp->f_flag & O_NONBLOCK);
2746 	error = mqueue_send(mq, uap->msg_ptr, uap->msg_len,
2747 		uap->msg_prio, waitok, abs_timeout);
2748 	fdrop(fp, td);
2749 	return (error);
2750 }
2751 
2752 int
2753 freebsd32_kmq_timedreceive(struct thread *td,
2754     struct freebsd32_kmq_timedreceive_args *uap)
2755 {
2756 	struct mqueue *mq;
2757 	struct file *fp;
2758 	struct timespec32 ets32;
2759 	struct timespec *abs_timeout, ets;
2760 	int error, waitok;
2761 
2762 	error = getmq_read(td, uap->mqd, &fp, NULL, &mq);
2763 	if (error)
2764 		return (error);
2765 	if (uap->abs_timeout != NULL) {
2766 		error = copyin(uap->abs_timeout, &ets32, sizeof(ets32));
2767 		if (error != 0)
2768 			return (error);
2769 		CP(ets32, ets, tv_sec);
2770 		CP(ets32, ets, tv_nsec);
2771 		abs_timeout = &ets;
2772 	} else
2773 		abs_timeout = NULL;
2774 	waitok = !(fp->f_flag & O_NONBLOCK);
2775 	error = mqueue_receive(mq, uap->msg_ptr, uap->msg_len,
2776 		uap->msg_prio, waitok, abs_timeout);
2777 	fdrop(fp, td);
2778 	return (error);
2779 }
2780 
2781 int
2782 freebsd32_kmq_notify(struct thread *td, struct freebsd32_kmq_notify_args *uap)
2783 {
2784 	struct sigevent ev, *evp;
2785 	struct sigevent32 ev32;
2786 	int error;
2787 
2788 	if (uap->sigev == NULL) {
2789 		evp = NULL;
2790 	} else {
2791 		error = copyin(uap->sigev, &ev32, sizeof(ev32));
2792 		if (error != 0)
2793 			return (error);
2794 		error = convert_sigevent32(&ev32, &ev);
2795 		if (error != 0)
2796 			return (error);
2797 		evp = &ev;
2798 	}
2799 	return (kern_kmq_notify(td, uap->mqd, evp));
2800 }
2801 
2802 static struct syscall_helper_data mq32_syscalls[] = {
2803 	SYSCALL32_INIT_HELPER(freebsd32_kmq_open),
2804 	SYSCALL32_INIT_HELPER(freebsd32_kmq_setattr),
2805 	SYSCALL32_INIT_HELPER(freebsd32_kmq_timedsend),
2806 	SYSCALL32_INIT_HELPER(freebsd32_kmq_timedreceive),
2807 	SYSCALL32_INIT_HELPER(freebsd32_kmq_notify),
2808 	SYSCALL32_INIT_HELPER_COMPAT(kmq_unlink),
2809 	SYSCALL_INIT_LAST
2810 };
2811 #endif
2812 
2813 static int
2814 mqinit(void)
2815 {
2816 	int error;
2817 
2818 	error = syscall_helper_register(mq_syscalls);
2819 	if (error != 0)
2820 		return (error);
2821 #ifdef COMPAT_FREEBSD32
2822 	error = syscall32_helper_register(mq32_syscalls);
2823 	if (error != 0)
2824 		return (error);
2825 #endif
2826 	return (0);
2827 }
2828 
2829 static int
2830 mqunload(void)
2831 {
2832 
2833 #ifdef COMPAT_FREEBSD32
2834 	syscall32_helper_unregister(mq32_syscalls);
2835 #endif
2836 	syscall_helper_unregister(mq_syscalls);
2837 	return (0);
2838 }
2839 
2840 static int
2841 mq_modload(struct module *module, int cmd, void *arg)
2842 {
2843 	int error = 0;
2844 
2845 	error = vfs_modevent(module, cmd, arg);
2846 	if (error != 0)
2847 		return (error);
2848 
2849 	switch (cmd) {
2850 	case MOD_LOAD:
2851 		error = mqinit();
2852 		if (error != 0)
2853 			mqunload();
2854 		break;
2855 	case MOD_UNLOAD:
2856 		error = mqunload();
2857 		break;
2858 	default:
2859 		break;
2860 	}
2861 	return (error);
2862 }
2863 
2864 static moduledata_t mqueuefs_mod = {
2865 	"mqueuefs",
2866 	mq_modload,
2867 	&mqueuefs_vfsconf
2868 };
2869 DECLARE_MODULE(mqueuefs, mqueuefs_mod, SI_SUB_VFS, SI_ORDER_MIDDLE);
2870 MODULE_VERSION(mqueuefs, 1);
2871