proc->thread stage 4: rework the VFS and DEVICE subsystems to take thread
[dragonfly.git] / sys / kern / sysv_msg.c
CommitLineData
984263bc 1/* $FreeBSD: src/sys/kern/sysv_msg.c,v 1.23.2.5 2002/12/31 08:54:53 maxim Exp $ */
dadab5e9 2/* $DragonFly: src/sys/kern/sysv_msg.c,v 1.4 2003/06/25 03:55:57 dillon Exp $ */
984263bc
MD
3
4/*
5 * Implementation of SVID messages
6 *
7 * Author: Daniel Boulet
8 *
9 * Copyright 1993 Daniel Boulet and RTMX Inc.
10 *
11 * This system call was implemented by Daniel Boulet under contract from RTMX.
12 *
13 * Redistribution and use in source forms, with and without modification,
14 * are permitted provided that this entire comment appears intact.
15 *
16 * Redistribution in binary form may occur without any restrictions.
17 * Obviously, it would be nice if you gave credit where credit is due
18 * but requiring it would be too onerous.
19 *
20 * This software is provided ``AS IS'' without any warranties of any kind.
21 */
22
23#include "opt_sysvipc.h"
24
25#include <sys/param.h>
26#include <sys/systm.h>
27#include <sys/sysproto.h>
28#include <sys/kernel.h>
29#include <sys/proc.h>
30#include <sys/msg.h>
31#include <sys/sysent.h>
32#include <sys/sysctl.h>
33#include <sys/malloc.h>
34#include <sys/jail.h>
35
36static MALLOC_DEFINE(M_MSG, "msg", "SVID compatible message queues");
37
38static void msginit __P((void *));
39
40#define MSG_DEBUG
41#undef MSG_DEBUG_OK
42
43static void msg_freehdr __P((struct msg *msghdr));
44
45/* XXX casting to (sy_call_t *) is bogus, as usual. */
46static sy_call_t *msgcalls[] = {
47 (sy_call_t *)msgctl, (sy_call_t *)msgget,
48 (sy_call_t *)msgsnd, (sy_call_t *)msgrcv
49};
50
51struct msg {
52 struct msg *msg_next; /* next msg in the chain */
53 long msg_type; /* type of this message */
54 /* >0 -> type of this message */
55 /* 0 -> free header */
56 u_short msg_ts; /* size of this message */
57 short msg_spot; /* location of start of msg in buffer */
58};
59
60
61#ifndef MSGSSZ
62#define MSGSSZ 8 /* Each segment must be 2^N long */
63#endif
64#ifndef MSGSEG
65#define MSGSEG 2048 /* must be less than 32767 */
66#endif
67#define MSGMAX (MSGSSZ*MSGSEG)
68#ifndef MSGMNB
69#define MSGMNB 2048 /* max # of bytes in a queue */
70#endif
71#ifndef MSGMNI
72#define MSGMNI 40
73#endif
74#ifndef MSGTQL
75#define MSGTQL 40
76#endif
77
78/*
79 * Based on the configuration parameters described in an SVR2 (yes, two)
80 * config(1m) man page.
81 *
82 * Each message is broken up and stored in segments that are msgssz bytes
83 * long. For efficiency reasons, this should be a power of two. Also,
84 * it doesn't make sense if it is less than 8 or greater than about 256.
85 * Consequently, msginit in kern/sysv_msg.c checks that msgssz is a power of
86 * two between 8 and 1024 inclusive (and panic's if it isn't).
87 */
88struct msginfo msginfo = {
89 MSGMAX, /* max chars in a message */
90 MSGMNI, /* # of message queue identifiers */
91 MSGMNB, /* max chars in a queue */
92 MSGTQL, /* max messages in system */
93 MSGSSZ, /* size of a message segment */
94 /* (must be small power of 2 greater than 4) */
95 MSGSEG /* number of message segments */
96};
97
98/*
99 * macros to convert between msqid_ds's and msqid's.
100 * (specific to this implementation)
101 */
102#define MSQID(ix,ds) ((ix) & 0xffff | (((ds).msg_perm.seq << 16) & 0xffff0000))
103#define MSQID_IX(id) ((id) & 0xffff)
104#define MSQID_SEQ(id) (((id) >> 16) & 0xffff)
105
106/*
107 * The rest of this file is specific to this particular implementation.
108 */
109
110struct msgmap {
111 short next; /* next segment in buffer */
112 /* -1 -> available */
113 /* 0..(MSGSEG-1) -> index of next segment */
114};
115
116#define MSG_LOCKED 01000 /* Is this msqid_ds locked? */
117
118static int nfree_msgmaps; /* # of free map entries */
119static short free_msgmaps; /* head of linked list of free map entries */
120static struct msg *free_msghdrs;/* list of free msg headers */
121static char *msgpool; /* MSGMAX byte long msg buffer pool */
122static struct msgmap *msgmaps; /* MSGSEG msgmap structures */
123static struct msg *msghdrs; /* MSGTQL msg headers */
124static struct msqid_ds *msqids; /* MSGMNI msqid_ds struct's */
125
126static void
127msginit(dummy)
128 void *dummy;
129{
130 register int i;
131
132 msginfo.msgmax = msginfo.msgseg * msginfo.msgssz;
133 msgpool = malloc(msginfo.msgmax, M_MSG, M_WAITOK);
134 if (msgpool == NULL)
135 panic("msgpool is NULL");
136 msgmaps = malloc(sizeof(struct msgmap) * msginfo.msgseg, M_MSG, M_WAITOK);
137 if (msgmaps == NULL)
138 panic("msgmaps is NULL");
139 msghdrs = malloc(sizeof(struct msg) * msginfo.msgtql, M_MSG, M_WAITOK);
140 if (msghdrs == NULL)
141 panic("msghdrs is NULL");
142 msqids = malloc(sizeof(struct msqid_ds) * msginfo.msgmni, M_MSG, M_WAITOK);
143 if (msqids == NULL)
144 panic("msqids is NULL");
145
146 /*
147 * msginfo.msgssz should be a power of two for efficiency reasons.
148 * It is also pretty silly if msginfo.msgssz is less than 8
149 * or greater than about 256 so ...
150 */
151
152 i = 8;
153 while (i < 1024 && i != msginfo.msgssz)
154 i <<= 1;
155 if (i != msginfo.msgssz) {
156 printf("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz,
157 msginfo.msgssz);
158 panic("msginfo.msgssz not a small power of 2");
159 }
160
161 if (msginfo.msgseg > 32767) {
162 printf("msginfo.msgseg=%d\n", msginfo.msgseg);
163 panic("msginfo.msgseg > 32767");
164 }
165
166 if (msgmaps == NULL)
167 panic("msgmaps is NULL");
168
169 for (i = 0; i < msginfo.msgseg; i++) {
170 if (i > 0)
171 msgmaps[i-1].next = i;
172 msgmaps[i].next = -1; /* implies entry is available */
173 }
174 free_msgmaps = 0;
175 nfree_msgmaps = msginfo.msgseg;
176
177 if (msghdrs == NULL)
178 panic("msghdrs is NULL");
179
180 for (i = 0; i < msginfo.msgtql; i++) {
181 msghdrs[i].msg_type = 0;
182 if (i > 0)
183 msghdrs[i-1].msg_next = &msghdrs[i];
184 msghdrs[i].msg_next = NULL;
185 }
186 free_msghdrs = &msghdrs[0];
187
188 if (msqids == NULL)
189 panic("msqids is NULL");
190
191 for (i = 0; i < msginfo.msgmni; i++) {
192 msqids[i].msg_qbytes = 0; /* implies entry is available */
193 msqids[i].msg_perm.seq = 0; /* reset to a known value */
194 msqids[i].msg_perm.mode = 0;
195 }
196}
197SYSINIT(sysv_msg, SI_SUB_SYSV_MSG, SI_ORDER_FIRST, msginit, NULL)
198
199/*
200 * Entry point for all MSG calls
41c20dac
MD
201 *
202 * msgsys_args(u_int which, int a2, ...) (VARARGS)
984263bc
MD
203 */
204int
41c20dac 205msgsys(struct msgsys_args *uap)
984263bc 206{
41c20dac 207 struct proc *p = curproc;
984263bc 208
41c20dac 209 if (!jail_sysvipc_allowed && p->p_ucred->cr_prison != NULL)
984263bc
MD
210 return (ENOSYS);
211
212 if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0]))
213 return (EINVAL);
41c20dac 214 return ((*msgcalls[uap->which])(&uap->a2));
984263bc
MD
215}
216
217static void
41c20dac 218msg_freehdr(struct msg *msghdr)
984263bc
MD
219{
220 while (msghdr->msg_ts > 0) {
221 short next;
222 if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg)
223 panic("msghdr->msg_spot out of range");
224 next = msgmaps[msghdr->msg_spot].next;
225 msgmaps[msghdr->msg_spot].next = free_msgmaps;
226 free_msgmaps = msghdr->msg_spot;
227 nfree_msgmaps++;
228 msghdr->msg_spot = next;
229 if (msghdr->msg_ts >= msginfo.msgssz)
230 msghdr->msg_ts -= msginfo.msgssz;
231 else
232 msghdr->msg_ts = 0;
233 }
234 if (msghdr->msg_spot != -1)
235 panic("msghdr->msg_spot != -1");
236 msghdr->msg_next = free_msghdrs;
237 free_msghdrs = msghdr;
238}
239
240#ifndef _SYS_SYSPROTO_H_
241struct msgctl_args {
242 int msqid;
243 int cmd;
244 struct msqid_ds *buf;
245};
246#endif
247
248int
41c20dac 249msgctl(struct msgctl_args *uap)
984263bc 250{
dadab5e9
MD
251 struct thread *td = curthread;
252 struct proc *p = td->td_proc;
984263bc
MD
253 int msqid = uap->msqid;
254 int cmd = uap->cmd;
255 struct msqid_ds *user_msqptr = uap->buf;
256 int rval, eval;
257 struct msqid_ds msqbuf;
258 register struct msqid_ds *msqptr;
259
260#ifdef MSG_DEBUG_OK
261 printf("call to msgctl(%d, %d, 0x%x)\n", msqid, cmd, user_msqptr);
262#endif
263
41c20dac 264 if (!jail_sysvipc_allowed && p->p_ucred->cr_prison != NULL)
984263bc
MD
265 return (ENOSYS);
266
267 msqid = IPCID_TO_IX(msqid);
268
269 if (msqid < 0 || msqid >= msginfo.msgmni) {
270#ifdef MSG_DEBUG_OK
271 printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
272 msginfo.msgmni);
273#endif
274 return(EINVAL);
275 }
276
277 msqptr = &msqids[msqid];
278
279 if (msqptr->msg_qbytes == 0) {
280#ifdef MSG_DEBUG_OK
281 printf("no such msqid\n");
282#endif
283 return(EINVAL);
284 }
285 if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
286#ifdef MSG_DEBUG_OK
287 printf("wrong sequence number\n");
288#endif
289 return(EINVAL);
290 }
291
292 eval = 0;
293 rval = 0;
294
295 switch (cmd) {
296
297 case IPC_RMID:
298 {
299 struct msg *msghdr;
300 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_M)))
301 return(eval);
302 /* Free the message headers */
303 msghdr = msqptr->msg_first;
304 while (msghdr != NULL) {
305 struct msg *msghdr_tmp;
306
307 /* Free the segments of each message */
308 msqptr->msg_cbytes -= msghdr->msg_ts;
309 msqptr->msg_qnum--;
310 msghdr_tmp = msghdr;
311 msghdr = msghdr->msg_next;
312 msg_freehdr(msghdr_tmp);
313 }
314
315 if (msqptr->msg_cbytes != 0)
316 panic("msg_cbytes is screwed up");
317 if (msqptr->msg_qnum != 0)
318 panic("msg_qnum is screwed up");
319
320 msqptr->msg_qbytes = 0; /* Mark it as free */
321
322 wakeup((caddr_t)msqptr);
323 }
324
325 break;
326
327 case IPC_SET:
328 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_M)))
329 return(eval);
330 if ((eval = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0)
331 return(eval);
332 if (msqbuf.msg_qbytes > msqptr->msg_qbytes) {
dadab5e9 333 eval = suser(td);
984263bc
MD
334 if (eval)
335 return(eval);
336 }
337 if (msqbuf.msg_qbytes > msginfo.msgmnb) {
338#ifdef MSG_DEBUG_OK
339 printf("can't increase msg_qbytes beyond %d (truncating)\n",
340 msginfo.msgmnb);
341#endif
342 msqbuf.msg_qbytes = msginfo.msgmnb; /* silently restrict qbytes to system limit */
343 }
344 if (msqbuf.msg_qbytes == 0) {
345#ifdef MSG_DEBUG_OK
346 printf("can't reduce msg_qbytes to 0\n");
347#endif
348 return(EINVAL); /* non-standard errno! */
349 }
350 msqptr->msg_perm.uid = msqbuf.msg_perm.uid; /* change the owner */
351 msqptr->msg_perm.gid = msqbuf.msg_perm.gid; /* change the owner */
352 msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) |
353 (msqbuf.msg_perm.mode & 0777);
354 msqptr->msg_qbytes = msqbuf.msg_qbytes;
355 msqptr->msg_ctime = time_second;
356 break;
357
358 case IPC_STAT:
359 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_R))) {
360#ifdef MSG_DEBUG_OK
361 printf("requester doesn't have read access\n");
362#endif
363 return(eval);
364 }
365 eval = copyout((caddr_t)msqptr, user_msqptr,
366 sizeof(struct msqid_ds));
367 break;
368
369 default:
370#ifdef MSG_DEBUG_OK
371 printf("invalid command %d\n", cmd);
372#endif
373 return(EINVAL);
374 }
375
376 if (eval == 0)
377 p->p_retval[0] = rval;
378 return(eval);
379}
380
381#ifndef _SYS_SYSPROTO_H_
382struct msgget_args {
383 key_t key;
384 int msgflg;
385};
386#endif
387
388int
41c20dac 389msgget(struct msgget_args *uap)
984263bc 390{
41c20dac 391 struct proc *p = curproc;
984263bc
MD
392 int msqid, eval;
393 int key = uap->key;
394 int msgflg = uap->msgflg;
395 struct ucred *cred = p->p_ucred;
396 register struct msqid_ds *msqptr = NULL;
397
398#ifdef MSG_DEBUG_OK
399 printf("msgget(0x%x, 0%o)\n", key, msgflg);
400#endif
401
41c20dac 402 if (!jail_sysvipc_allowed && p->p_ucred->cr_prison != NULL)
984263bc
MD
403 return (ENOSYS);
404
405 if (key != IPC_PRIVATE) {
406 for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
407 msqptr = &msqids[msqid];
408 if (msqptr->msg_qbytes != 0 &&
409 msqptr->msg_perm.key == key)
410 break;
411 }
412 if (msqid < msginfo.msgmni) {
413#ifdef MSG_DEBUG_OK
414 printf("found public key\n");
415#endif
416 if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) {
417#ifdef MSG_DEBUG_OK
418 printf("not exclusive\n");
419#endif
420 return(EEXIST);
421 }
422 if ((eval = ipcperm(p, &msqptr->msg_perm, msgflg & 0700 ))) {
423#ifdef MSG_DEBUG_OK
424 printf("requester doesn't have 0%o access\n",
425 msgflg & 0700);
426#endif
427 return(eval);
428 }
429 goto found;
430 }
431 }
432
433#ifdef MSG_DEBUG_OK
434 printf("need to allocate the msqid_ds\n");
435#endif
436 if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) {
437 for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
438 /*
439 * Look for an unallocated and unlocked msqid_ds.
440 * msqid_ds's can be locked by msgsnd or msgrcv while
441 * they are copying the message in/out. We can't
442 * re-use the entry until they release it.
443 */
444 msqptr = &msqids[msqid];
445 if (msqptr->msg_qbytes == 0 &&
446 (msqptr->msg_perm.mode & MSG_LOCKED) == 0)
447 break;
448 }
449 if (msqid == msginfo.msgmni) {
450#ifdef MSG_DEBUG_OK
451 printf("no more msqid_ds's available\n");
452#endif
453 return(ENOSPC);
454 }
455#ifdef MSG_DEBUG_OK
456 printf("msqid %d is available\n", msqid);
457#endif
458 msqptr->msg_perm.key = key;
459 msqptr->msg_perm.cuid = cred->cr_uid;
460 msqptr->msg_perm.uid = cred->cr_uid;
461 msqptr->msg_perm.cgid = cred->cr_gid;
462 msqptr->msg_perm.gid = cred->cr_gid;
463 msqptr->msg_perm.mode = (msgflg & 0777);
464 /* Make sure that the returned msqid is unique */
465 msqptr->msg_perm.seq = (msqptr->msg_perm.seq + 1) & 0x7fff;
466 msqptr->msg_first = NULL;
467 msqptr->msg_last = NULL;
468 msqptr->msg_cbytes = 0;
469 msqptr->msg_qnum = 0;
470 msqptr->msg_qbytes = msginfo.msgmnb;
471 msqptr->msg_lspid = 0;
472 msqptr->msg_lrpid = 0;
473 msqptr->msg_stime = 0;
474 msqptr->msg_rtime = 0;
475 msqptr->msg_ctime = time_second;
476 } else {
477#ifdef MSG_DEBUG_OK
478 printf("didn't find it and wasn't asked to create it\n");
479#endif
480 return(ENOENT);
481 }
482
483found:
484 /* Construct the unique msqid */
485 p->p_retval[0] = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm);
486 return(0);
487}
488
489#ifndef _SYS_SYSPROTO_H_
490struct msgsnd_args {
491 int msqid;
492 void *msgp;
493 size_t msgsz;
494 int msgflg;
495};
496#endif
497
498int
41c20dac 499msgsnd(struct msgsnd_args *uap)
984263bc 500{
41c20dac 501 struct proc *p = curproc;
984263bc
MD
502 int msqid = uap->msqid;
503 void *user_msgp = uap->msgp;
504 size_t msgsz = uap->msgsz;
505 int msgflg = uap->msgflg;
506 int segs_needed, eval;
507 register struct msqid_ds *msqptr;
508 register struct msg *msghdr;
509 short next;
510
511#ifdef MSG_DEBUG_OK
512 printf("call to msgsnd(%d, 0x%x, %d, %d)\n", msqid, user_msgp, msgsz,
513 msgflg);
514#endif
515
41c20dac 516 if (!jail_sysvipc_allowed && p->p_ucred->cr_prison != NULL)
984263bc
MD
517 return (ENOSYS);
518
519 msqid = IPCID_TO_IX(msqid);
520
521 if (msqid < 0 || msqid >= msginfo.msgmni) {
522#ifdef MSG_DEBUG_OK
523 printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
524 msginfo.msgmni);
525#endif
526 return(EINVAL);
527 }
528
529 msqptr = &msqids[msqid];
530 if (msqptr->msg_qbytes == 0) {
531#ifdef MSG_DEBUG_OK
532 printf("no such message queue id\n");
533#endif
534 return(EINVAL);
535 }
536 if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
537#ifdef MSG_DEBUG_OK
538 printf("wrong sequence number\n");
539#endif
540 return(EINVAL);
541 }
542
543 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_W))) {
544#ifdef MSG_DEBUG_OK
545 printf("requester doesn't have write access\n");
546#endif
547 return(eval);
548 }
549
550 segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz;
551#ifdef MSG_DEBUG_OK
552 printf("msgsz=%d, msgssz=%d, segs_needed=%d\n", msgsz, msginfo.msgssz,
553 segs_needed);
554#endif
555 for (;;) {
556 int need_more_resources = 0;
557
558 /*
559 * check msgsz
560 * (inside this loop in case msg_qbytes changes while we sleep)
561 */
562
563 if (msgsz > msqptr->msg_qbytes) {
564#ifdef MSG_DEBUG_OK
565 printf("msgsz > msqptr->msg_qbytes\n");
566#endif
567 return(EINVAL);
568 }
569
570 if (msqptr->msg_perm.mode & MSG_LOCKED) {
571#ifdef MSG_DEBUG_OK
572 printf("msqid is locked\n");
573#endif
574 need_more_resources = 1;
575 }
576 if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes) {
577#ifdef MSG_DEBUG_OK
578 printf("msgsz + msg_cbytes > msg_qbytes\n");
579#endif
580 need_more_resources = 1;
581 }
582 if (segs_needed > nfree_msgmaps) {
583#ifdef MSG_DEBUG_OK
584 printf("segs_needed > nfree_msgmaps\n");
585#endif
586 need_more_resources = 1;
587 }
588 if (free_msghdrs == NULL) {
589#ifdef MSG_DEBUG_OK
590 printf("no more msghdrs\n");
591#endif
592 need_more_resources = 1;
593 }
594
595 if (need_more_resources) {
596 int we_own_it;
597
598 if ((msgflg & IPC_NOWAIT) != 0) {
599#ifdef MSG_DEBUG_OK
600 printf("need more resources but caller doesn't want to wait\n");
601#endif
602 return(EAGAIN);
603 }
604
605 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) {
606#ifdef MSG_DEBUG_OK
607 printf("we don't own the msqid_ds\n");
608#endif
609 we_own_it = 0;
610 } else {
611 /* Force later arrivals to wait for our
612 request */
613#ifdef MSG_DEBUG_OK
614 printf("we own the msqid_ds\n");
615#endif
616 msqptr->msg_perm.mode |= MSG_LOCKED;
617 we_own_it = 1;
618 }
619#ifdef MSG_DEBUG_OK
620 printf("goodnight\n");
621#endif
622 eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH,
623 "msgwait", 0);
624#ifdef MSG_DEBUG_OK
625 printf("good morning, eval=%d\n", eval);
626#endif
627 if (we_own_it)
628 msqptr->msg_perm.mode &= ~MSG_LOCKED;
629 if (eval != 0) {
630#ifdef MSG_DEBUG_OK
631 printf("msgsnd: interrupted system call\n");
632#endif
633 return(EINTR);
634 }
635
636 /*
637 * Make sure that the msq queue still exists
638 */
639
640 if (msqptr->msg_qbytes == 0) {
641#ifdef MSG_DEBUG_OK
642 printf("msqid deleted\n");
643#endif
644 return(EIDRM);
645 }
646
647 } else {
648#ifdef MSG_DEBUG_OK
649 printf("got all the resources that we need\n");
650#endif
651 break;
652 }
653 }
654
655 /*
656 * We have the resources that we need.
657 * Make sure!
658 */
659
660 if (msqptr->msg_perm.mode & MSG_LOCKED)
661 panic("msg_perm.mode & MSG_LOCKED");
662 if (segs_needed > nfree_msgmaps)
663 panic("segs_needed > nfree_msgmaps");
664 if (msgsz + msqptr->msg_cbytes > msqptr->msg_qbytes)
665 panic("msgsz + msg_cbytes > msg_qbytes");
666 if (free_msghdrs == NULL)
667 panic("no more msghdrs");
668
669 /*
670 * Re-lock the msqid_ds in case we page-fault when copying in the
671 * message
672 */
673
674 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0)
675 panic("msqid_ds is already locked");
676 msqptr->msg_perm.mode |= MSG_LOCKED;
677
678 /*
679 * Allocate a message header
680 */
681
682 msghdr = free_msghdrs;
683 free_msghdrs = msghdr->msg_next;
684 msghdr->msg_spot = -1;
685 msghdr->msg_ts = msgsz;
686
687 /*
688 * Allocate space for the message
689 */
690
691 while (segs_needed > 0) {
692 if (nfree_msgmaps <= 0)
693 panic("not enough msgmaps");
694 if (free_msgmaps == -1)
695 panic("nil free_msgmaps");
696 next = free_msgmaps;
697 if (next <= -1)
698 panic("next too low #1");
699 if (next >= msginfo.msgseg)
700 panic("next out of range #1");
701#ifdef MSG_DEBUG_OK
702 printf("allocating segment %d to message\n", next);
703#endif
704 free_msgmaps = msgmaps[next].next;
705 nfree_msgmaps--;
706 msgmaps[next].next = msghdr->msg_spot;
707 msghdr->msg_spot = next;
708 segs_needed--;
709 }
710
711 /*
712 * Copy in the message type
713 */
714
715 if ((eval = copyin(user_msgp, &msghdr->msg_type,
716 sizeof(msghdr->msg_type))) != 0) {
717#ifdef MSG_DEBUG_OK
718 printf("error %d copying the message type\n", eval);
719#endif
720 msg_freehdr(msghdr);
721 msqptr->msg_perm.mode &= ~MSG_LOCKED;
722 wakeup((caddr_t)msqptr);
723 return(eval);
724 }
725 user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type);
726
727 /*
728 * Validate the message type
729 */
730
731 if (msghdr->msg_type < 1) {
732 msg_freehdr(msghdr);
733 msqptr->msg_perm.mode &= ~MSG_LOCKED;
734 wakeup((caddr_t)msqptr);
735#ifdef MSG_DEBUG_OK
736 printf("mtype (%d) < 1\n", msghdr->msg_type);
737#endif
738 return(EINVAL);
739 }
740
741 /*
742 * Copy in the message body
743 */
744
745 next = msghdr->msg_spot;
746 while (msgsz > 0) {
747 size_t tlen;
748 if (msgsz > msginfo.msgssz)
749 tlen = msginfo.msgssz;
750 else
751 tlen = msgsz;
752 if (next <= -1)
753 panic("next too low #2");
754 if (next >= msginfo.msgseg)
755 panic("next out of range #2");
756 if ((eval = copyin(user_msgp, &msgpool[next * msginfo.msgssz],
757 tlen)) != 0) {
758#ifdef MSG_DEBUG_OK
759 printf("error %d copying in message segment\n", eval);
760#endif
761 msg_freehdr(msghdr);
762 msqptr->msg_perm.mode &= ~MSG_LOCKED;
763 wakeup((caddr_t)msqptr);
764 return(eval);
765 }
766 msgsz -= tlen;
767 user_msgp = (char *)user_msgp + tlen;
768 next = msgmaps[next].next;
769 }
770 if (next != -1)
771 panic("didn't use all the msg segments");
772
773 /*
774 * We've got the message. Unlock the msqid_ds.
775 */
776
777 msqptr->msg_perm.mode &= ~MSG_LOCKED;
778
779 /*
780 * Make sure that the msqid_ds is still allocated.
781 */
782
783 if (msqptr->msg_qbytes == 0) {
784 msg_freehdr(msghdr);
785 wakeup((caddr_t)msqptr);
786 return(EIDRM);
787 }
788
789 /*
790 * Put the message into the queue
791 */
792
793 if (msqptr->msg_first == NULL) {
794 msqptr->msg_first = msghdr;
795 msqptr->msg_last = msghdr;
796 } else {
797 msqptr->msg_last->msg_next = msghdr;
798 msqptr->msg_last = msghdr;
799 }
800 msqptr->msg_last->msg_next = NULL;
801
802 msqptr->msg_cbytes += msghdr->msg_ts;
803 msqptr->msg_qnum++;
804 msqptr->msg_lspid = p->p_pid;
805 msqptr->msg_stime = time_second;
806
807 wakeup((caddr_t)msqptr);
808 p->p_retval[0] = 0;
809 return(0);
810}
811
812#ifndef _SYS_SYSPROTO_H_
813struct msgrcv_args {
814 int msqid;
815 void *msgp;
816 size_t msgsz;
817 long msgtyp;
818 int msgflg;
819};
820#endif
821
822int
41c20dac 823msgrcv(struct msgrcv_args *uap)
984263bc 824{
41c20dac 825 struct proc *p = curproc;
984263bc
MD
826 int msqid = uap->msqid;
827 void *user_msgp = uap->msgp;
828 size_t msgsz = uap->msgsz;
829 long msgtyp = uap->msgtyp;
830 int msgflg = uap->msgflg;
831 size_t len;
832 register struct msqid_ds *msqptr;
833 register struct msg *msghdr;
834 int eval;
835 short next;
836
837#ifdef MSG_DEBUG_OK
838 printf("call to msgrcv(%d, 0x%x, %d, %ld, %d)\n", msqid, user_msgp,
839 msgsz, msgtyp, msgflg);
840#endif
841
41c20dac 842 if (!jail_sysvipc_allowed && p->p_ucred->cr_prison != NULL)
984263bc
MD
843 return (ENOSYS);
844
845 msqid = IPCID_TO_IX(msqid);
846
847 if (msqid < 0 || msqid >= msginfo.msgmni) {
848#ifdef MSG_DEBUG_OK
849 printf("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
850 msginfo.msgmni);
851#endif
852 return(EINVAL);
853 }
854
855 msqptr = &msqids[msqid];
856 if (msqptr->msg_qbytes == 0) {
857#ifdef MSG_DEBUG_OK
858 printf("no such message queue id\n");
859#endif
860 return(EINVAL);
861 }
862 if (msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
863#ifdef MSG_DEBUG_OK
864 printf("wrong sequence number\n");
865#endif
866 return(EINVAL);
867 }
868
869 if ((eval = ipcperm(p, &msqptr->msg_perm, IPC_R))) {
870#ifdef MSG_DEBUG_OK
871 printf("requester doesn't have read access\n");
872#endif
873 return(eval);
874 }
875
876 msghdr = NULL;
877 while (msghdr == NULL) {
878 if (msgtyp == 0) {
879 msghdr = msqptr->msg_first;
880 if (msghdr != NULL) {
881 if (msgsz < msghdr->msg_ts &&
882 (msgflg & MSG_NOERROR) == 0) {
883#ifdef MSG_DEBUG_OK
884 printf("first message on the queue is too big (want %d, got %d)\n",
885 msgsz, msghdr->msg_ts);
886#endif
887 return(E2BIG);
888 }
889 if (msqptr->msg_first == msqptr->msg_last) {
890 msqptr->msg_first = NULL;
891 msqptr->msg_last = NULL;
892 } else {
893 msqptr->msg_first = msghdr->msg_next;
894 if (msqptr->msg_first == NULL)
895 panic("msg_first/last screwed up #1");
896 }
897 }
898 } else {
899 struct msg *previous;
900 struct msg **prev;
901
902 previous = NULL;
903 prev = &(msqptr->msg_first);
904 while ((msghdr = *prev) != NULL) {
905 /*
906 * Is this message's type an exact match or is
907 * this message's type less than or equal to
908 * the absolute value of a negative msgtyp?
909 * Note that the second half of this test can
910 * NEVER be true if msgtyp is positive since
911 * msg_type is always positive!
912 */
913
914 if (msgtyp == msghdr->msg_type ||
915 msghdr->msg_type <= -msgtyp) {
916#ifdef MSG_DEBUG_OK
917 printf("found message type %d, requested %d\n",
918 msghdr->msg_type, msgtyp);
919#endif
920 if (msgsz < msghdr->msg_ts &&
921 (msgflg & MSG_NOERROR) == 0) {
922#ifdef MSG_DEBUG_OK
923 printf("requested message on the queue is too big (want %d, got %d)\n",
924 msgsz, msghdr->msg_ts);
925#endif
926 return(E2BIG);
927 }
928 *prev = msghdr->msg_next;
929 if (msghdr == msqptr->msg_last) {
930 if (previous == NULL) {
931 if (prev !=
932 &msqptr->msg_first)
933 panic("msg_first/last screwed up #2");
934 msqptr->msg_first =
935 NULL;
936 msqptr->msg_last =
937 NULL;
938 } else {
939 if (prev ==
940 &msqptr->msg_first)
941 panic("msg_first/last screwed up #3");
942 msqptr->msg_last =
943 previous;
944 }
945 }
946 break;
947 }
948 previous = msghdr;
949 prev = &(msghdr->msg_next);
950 }
951 }
952
953 /*
954 * We've either extracted the msghdr for the appropriate
955 * message or there isn't one.
956 * If there is one then bail out of this loop.
957 */
958
959 if (msghdr != NULL)
960 break;
961
962 /*
963 * Hmph! No message found. Does the user want to wait?
964 */
965
966 if ((msgflg & IPC_NOWAIT) != 0) {
967#ifdef MSG_DEBUG_OK
968 printf("no appropriate message found (msgtyp=%d)\n",
969 msgtyp);
970#endif
971 /* The SVID says to return ENOMSG. */
972#ifdef ENOMSG
973 return(ENOMSG);
974#else
975 /* Unfortunately, BSD doesn't define that code yet! */
976 return(EAGAIN);
977#endif
978 }
979
980 /*
981 * Wait for something to happen
982 */
983
984#ifdef MSG_DEBUG_OK
985 printf("msgrcv: goodnight\n");
986#endif
987 eval = tsleep((caddr_t)msqptr, (PZERO - 4) | PCATCH, "msgwait",
988 0);
989#ifdef MSG_DEBUG_OK
990 printf("msgrcv: good morning (eval=%d)\n", eval);
991#endif
992
993 if (eval != 0) {
994#ifdef MSG_DEBUG_OK
995 printf("msgsnd: interrupted system call\n");
996#endif
997 return(EINTR);
998 }
999
1000 /*
1001 * Make sure that the msq queue still exists
1002 */
1003
1004 if (msqptr->msg_qbytes == 0 ||
1005 msqptr->msg_perm.seq != IPCID_TO_SEQ(uap->msqid)) {
1006#ifdef MSG_DEBUG_OK
1007 printf("msqid deleted\n");
1008#endif
1009 return(EIDRM);
1010 }
1011 }
1012
1013 /*
1014 * Return the message to the user.
1015 *
1016 * First, do the bookkeeping (before we risk being interrupted).
1017 */
1018
1019 msqptr->msg_cbytes -= msghdr->msg_ts;
1020 msqptr->msg_qnum--;
1021 msqptr->msg_lrpid = p->p_pid;
1022 msqptr->msg_rtime = time_second;
1023
1024 /*
1025 * Make msgsz the actual amount that we'll be returning.
1026 * Note that this effectively truncates the message if it is too long
1027 * (since msgsz is never increased).
1028 */
1029
1030#ifdef MSG_DEBUG_OK
1031 printf("found a message, msgsz=%d, msg_ts=%d\n", msgsz,
1032 msghdr->msg_ts);
1033#endif
1034 if (msgsz > msghdr->msg_ts)
1035 msgsz = msghdr->msg_ts;
1036
1037 /*
1038 * Return the type to the user.
1039 */
1040
1041 eval = copyout((caddr_t)&(msghdr->msg_type), user_msgp,
1042 sizeof(msghdr->msg_type));
1043 if (eval != 0) {
1044#ifdef MSG_DEBUG_OK
1045 printf("error (%d) copying out message type\n", eval);
1046#endif
1047 msg_freehdr(msghdr);
1048 wakeup((caddr_t)msqptr);
1049 return(eval);
1050 }
1051 user_msgp = (char *)user_msgp + sizeof(msghdr->msg_type);
1052
1053 /*
1054 * Return the segments to the user
1055 */
1056
1057 next = msghdr->msg_spot;
1058 for (len = 0; len < msgsz; len += msginfo.msgssz) {
1059 size_t tlen;
1060
1061 if (msgsz - len > msginfo.msgssz)
1062 tlen = msginfo.msgssz;
1063 else
1064 tlen = msgsz - len;
1065 if (next <= -1)
1066 panic("next too low #3");
1067 if (next >= msginfo.msgseg)
1068 panic("next out of range #3");
1069 eval = copyout((caddr_t)&msgpool[next * msginfo.msgssz],
1070 user_msgp, tlen);
1071 if (eval != 0) {
1072#ifdef MSG_DEBUG_OK
1073 printf("error (%d) copying out message segment\n",
1074 eval);
1075#endif
1076 msg_freehdr(msghdr);
1077 wakeup((caddr_t)msqptr);
1078 return(eval);
1079 }
1080 user_msgp = (char *)user_msgp + tlen;
1081 next = msgmaps[next].next;
1082 }
1083
1084 /*
1085 * Done, return the actual number of bytes copied out.
1086 */
1087
1088 msg_freehdr(msghdr);
1089 wakeup((caddr_t)msqptr);
1090 p->p_retval[0] = msgsz;
1091 return(0);
1092}
1093
1094static int
1095sysctl_msqids(SYSCTL_HANDLER_ARGS)
1096{
1097
1098 return (SYSCTL_OUT(req, msqids,
1099 sizeof(struct msqid_ds) * msginfo.msgmni));
1100}
1101
1102TUNABLE_INT("kern.ipc.msgseg", &msginfo.msgseg);
1103TUNABLE_INT("kern.ipc.msgssz", &msginfo.msgssz);
1104TUNABLE_INT("kern.ipc.msgmni", &msginfo.msgmni);
1105
1106SYSCTL_DECL(_kern_ipc);
1107SYSCTL_INT(_kern_ipc, OID_AUTO, msgmax, CTLFLAG_RD, &msginfo.msgmax, 0, "");
1108SYSCTL_INT(_kern_ipc, OID_AUTO, msgmni, CTLFLAG_RD, &msginfo.msgmni, 0, "");
1109SYSCTL_INT(_kern_ipc, OID_AUTO, msgmnb, CTLFLAG_RD, &msginfo.msgmnb, 0, "");
1110SYSCTL_INT(_kern_ipc, OID_AUTO, msgtql, CTLFLAG_RD, &msginfo.msgtql, 0, "");
1111SYSCTL_INT(_kern_ipc, OID_AUTO, msgssz, CTLFLAG_RD, &msginfo.msgssz, 0, "");
1112SYSCTL_INT(_kern_ipc, OID_AUTO, msgseg, CTLFLAG_RD, &msginfo.msgseg, 0, "");
1113SYSCTL_PROC(_kern_ipc, OID_AUTO, msqids, CTLFLAG_RD,
1114 NULL, 0, sysctl_msqids, "", "Message queue IDs");