FreeBSD kernel kern code
sysv_shm.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-4-Clause AND BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 1994 Adam Glass and Charles Hannum. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 * must display the following acknowledgement:
16 * This product includes software developed by Adam Glass and Charles
17 * Hannum.
18 * 4. The names of the authors may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 * $NetBSD: sysv_shm.c,v 1.39 1997/10/07 10:02:03 drochner Exp $
33 */
34/*-
35 * Copyright (c) 2003-2005 McAfee, Inc.
36 * Copyright (c) 2016-2017 Robert N. M. Watson
37 * All rights reserved.
38 *
39 * This software was developed for the FreeBSD Project in part by McAfee
40 * Research, the Security Research Division of McAfee, Inc under DARPA/SPAWAR
41 * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
42 * program.
43 *
44 * Portions of this software were developed by BAE Systems, the University of
45 * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
46 * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
47 * Computing (TC) research program.
48 *
49 * Redistribution and use in source and binary forms, with or without
50 * modification, are permitted provided that the following conditions
51 * are met:
52 * 1. Redistributions of source code must retain the above copyright
53 * notice, this list of conditions and the following disclaimer.
54 * 2. Redistributions in binary form must reproduce the above copyright
55 * notice, this list of conditions and the following disclaimer in the
56 * documentation and/or other materials provided with the distribution.
57 *
58 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
59 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
60 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
61 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
62 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
63 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
64 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
65 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
66 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
67 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
68 * SUCH DAMAGE.
69 */
70
71#include <sys/cdefs.h>
72__FBSDID("$FreeBSD$");
73
74#include "opt_sysvipc.h"
75
76#include <sys/param.h>
77#include <sys/systm.h>
78#include <sys/abi_compat.h>
79#include <sys/kernel.h>
80#include <sys/limits.h>
81#include <sys/lock.h>
82#include <sys/sysctl.h>
83#include <sys/shm.h>
84#include <sys/proc.h>
85#include <sys/malloc.h>
86#include <sys/mman.h>
87#include <sys/module.h>
88#include <sys/mutex.h>
89#include <sys/racct.h>
90#include <sys/resourcevar.h>
91#include <sys/rwlock.h>
92#include <sys/stat.h>
93#include <sys/syscall.h>
94#include <sys/syscallsubr.h>
95#include <sys/sysent.h>
96#include <sys/sysproto.h>
97#include <sys/jail.h>
98
99#include <security/audit/audit.h>
100#include <security/mac/mac_framework.h>
101
102#include <vm/vm.h>
103#include <vm/vm_param.h>
104#include <vm/pmap.h>
105#include <vm/vm_object.h>
106#include <vm/vm_map.h>
107#include <vm/vm_page.h>
108#include <vm/vm_pager.h>
109
110FEATURE(sysv_shm, "System V shared memory segments support");
111
112static MALLOC_DEFINE(M_SHM, "shm", "SVID compatible shared memory segments");
113
114#define SHMSEG_FREE 0x0200
115#define SHMSEG_REMOVED 0x0400
116#define SHMSEG_ALLOCATED 0x0800
117
118static int shm_last_free, shm_nused, shmalloced;
119vm_size_t shm_committed;
120static struct shmid_kernel *shmsegs;
121static unsigned shm_prison_slot;
122
123struct shmmap_state {
124 vm_offset_t va;
125 int shmid;
126};
127
128static void shm_deallocate_segment(struct shmid_kernel *);
129static int shm_find_segment_by_key(struct prison *, key_t);
130static struct shmid_kernel *shm_find_segment(struct prison *, int, bool);
131static int shm_delete_mapping(struct vmspace *vm, struct shmmap_state *);
132static int shmget_allocate_segment(struct thread *td, key_t key, size_t size,
133 int mode);
134static int shmget_existing(struct thread *td, size_t size, int shmflg,
135 int mode, int segnum);
136static void shmrealloc(void);
137static int shminit(void);
138static int sysvshm_modload(struct module *, int, void *);
139static int shmunload(void);
140#ifndef SYSVSHM
141static void shmexit_myhook(struct vmspace *vm);
142static void shmfork_myhook(struct proc *p1, struct proc *p2);
143#endif
144static int sysctl_shmsegs(SYSCTL_HANDLER_ARGS);
145static void shm_remove(struct shmid_kernel *, int);
146static struct prison *shm_find_prison(struct ucred *);
147static int shm_prison_cansee(struct prison *, struct shmid_kernel *);
148static int shm_prison_check(void *, void *);
149static int shm_prison_set(void *, void *);
150static int shm_prison_get(void *, void *);
151static int shm_prison_remove(void *, void *);
152static void shm_prison_cleanup(struct prison *);
153
154/*
155 * Tuneable values.
156 */
157#ifndef SHMMAXPGS
158#define SHMMAXPGS 131072 /* Note: sysv shared memory is swap backed. */
159#endif
160#ifndef SHMMAX
161#define SHMMAX (SHMMAXPGS*PAGE_SIZE)
162#endif
163#ifndef SHMMIN
164#define SHMMIN 1
165#endif
166#ifndef SHMMNI
167#define SHMMNI 192
168#endif
169#ifndef SHMSEG
170#define SHMSEG 128
171#endif
172#ifndef SHMALL
173#define SHMALL (SHMMAXPGS)
174#endif
175
176struct shminfo shminfo = {
177 .shmmax = SHMMAX,
178 .shmmin = SHMMIN,
179 .shmmni = SHMMNI,
180 .shmseg = SHMSEG,
181 .shmall = SHMALL
182};
183
184static int shm_use_phys;
185static int shm_allow_removed = 1;
186
187SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmax, CTLFLAG_RWTUN, &shminfo.shmmax, 0,
188 "Maximum shared memory segment size");
189SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmin, CTLFLAG_RWTUN, &shminfo.shmmin, 0,
190 "Minimum shared memory segment size");
191SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmni, CTLFLAG_RDTUN, &shminfo.shmmni, 0,
192 "Number of shared memory identifiers");
193SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmseg, CTLFLAG_RDTUN, &shminfo.shmseg, 0,
194 "Number of segments per process");
195SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmall, CTLFLAG_RWTUN, &shminfo.shmall, 0,
196 "Maximum number of pages available for shared memory");
197SYSCTL_INT(_kern_ipc, OID_AUTO, shm_use_phys, CTLFLAG_RWTUN,
198 &shm_use_phys, 0, "Enable/Disable locking of shared memory pages in core");
199SYSCTL_INT(_kern_ipc, OID_AUTO, shm_allow_removed, CTLFLAG_RWTUN,
200 &shm_allow_removed, 0,
201 "Enable/Disable attachment to attached segments marked for removal");
202SYSCTL_PROC(_kern_ipc, OID_AUTO, shmsegs, CTLTYPE_OPAQUE | CTLFLAG_RD |
203 CTLFLAG_MPSAFE, NULL, 0, sysctl_shmsegs, "",
204 "Array of struct shmid_kernel for each potential shared memory segment");
205
206static struct sx sysvshmsx;
207#define SYSVSHM_LOCK() sx_xlock(&sysvshmsx)
208#define SYSVSHM_UNLOCK() sx_xunlock(&sysvshmsx)
209#define SYSVSHM_ASSERT_LOCKED() sx_assert(&sysvshmsx, SA_XLOCKED)
210
211static int
212shm_find_segment_by_key(struct prison *pr, key_t key)
213{
214 int i;
215
216 for (i = 0; i < shmalloced; i++)
217 if ((shmsegs[i].u.shm_perm.mode & SHMSEG_ALLOCATED) &&
218 shmsegs[i].cred != NULL &&
219 shmsegs[i].cred->cr_prison == pr &&
220 shmsegs[i].u.shm_perm.key == key)
221 return (i);
222 return (-1);
223}
224
225/*
226 * Finds segment either by shmid if is_shmid is true, or by segnum if
227 * is_shmid is false.
228 */
229static struct shmid_kernel *
230shm_find_segment(struct prison *rpr, int arg, bool is_shmid)
231{
232 struct shmid_kernel *shmseg;
233 int segnum;
234
235 segnum = is_shmid ? IPCID_TO_IX(arg) : arg;
236 if (segnum < 0 || segnum >= shmalloced)
237 return (NULL);
238 shmseg = &shmsegs[segnum];
239 if ((shmseg->u.shm_perm.mode & SHMSEG_ALLOCATED) == 0 ||
240 (!shm_allow_removed &&
241 (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) != 0) ||
242 (is_shmid && shmseg->u.shm_perm.seq != IPCID_TO_SEQ(arg)) ||
243 shm_prison_cansee(rpr, shmseg) != 0)
244 return (NULL);
245 return (shmseg);
246}
247
248static void
249shm_deallocate_segment(struct shmid_kernel *shmseg)
250{
251 vm_size_t size;
252
253 SYSVSHM_ASSERT_LOCKED();
254
255 vm_object_deallocate(shmseg->object);
256 shmseg->object = NULL;
257 size = round_page(shmseg->u.shm_segsz);
258 shm_committed -= btoc(size);
259 shm_nused--;
260 shmseg->u.shm_perm.mode = SHMSEG_FREE;
261#ifdef MAC
262 mac_sysvshm_cleanup(shmseg);
263#endif
264 racct_sub_cred(shmseg->cred, RACCT_NSHM, 1);
265 racct_sub_cred(shmseg->cred, RACCT_SHMSIZE, size);
266 crfree(shmseg->cred);
267 shmseg->cred = NULL;
268}
269
270static int
271shm_delete_mapping(struct vmspace *vm, struct shmmap_state *shmmap_s)
272{
273 struct shmid_kernel *shmseg;
274 int segnum, result;
275 vm_size_t size;
276
277 SYSVSHM_ASSERT_LOCKED();
278 segnum = IPCID_TO_IX(shmmap_s->shmid);
279 KASSERT(segnum >= 0 && segnum < shmalloced,
280 ("segnum %d shmalloced %d", segnum, shmalloced));
281
282 shmseg = &shmsegs[segnum];
283 size = round_page(shmseg->u.shm_segsz);
284 result = vm_map_remove(&vm->vm_map, shmmap_s->va, shmmap_s->va + size);
285 if (result != KERN_SUCCESS)
286 return (EINVAL);
287 shmmap_s->shmid = -1;
288 shmseg->u.shm_dtime = time_second;
289 if (--shmseg->u.shm_nattch == 0 &&
290 (shmseg->u.shm_perm.mode & SHMSEG_REMOVED)) {
291 shm_deallocate_segment(shmseg);
292 shm_last_free = segnum;
293 }
294 return (0);
295}
296
297static void
298shm_remove(struct shmid_kernel *shmseg, int segnum)
299{
300
301 shmseg->u.shm_perm.key = IPC_PRIVATE;
302 shmseg->u.shm_perm.mode |= SHMSEG_REMOVED;
303 if (shmseg->u.shm_nattch == 0) {
304 shm_deallocate_segment(shmseg);
305 shm_last_free = segnum;
306 }
307}
308
309static struct prison *
310shm_find_prison(struct ucred *cred)
311{
312 struct prison *pr, *rpr;
313
314 pr = cred->cr_prison;
315 prison_lock(pr);
316 rpr = osd_jail_get(pr, shm_prison_slot);
317 prison_unlock(pr);
318 return rpr;
319}
320
321static int
322shm_prison_cansee(struct prison *rpr, struct shmid_kernel *shmseg)
323{
324
325 if (shmseg->cred == NULL ||
326 !(rpr == shmseg->cred->cr_prison ||
327 prison_ischild(rpr, shmseg->cred->cr_prison)))
328 return (EINVAL);
329 return (0);
330}
331
332static int
333kern_shmdt_locked(struct thread *td, const void *shmaddr)
334{
335 struct proc *p = td->td_proc;
336 struct shmmap_state *shmmap_s;
337#ifdef MAC
338 int error;
339#endif
340 int i;
341
342 SYSVSHM_ASSERT_LOCKED();
343 if (shm_find_prison(td->td_ucred) == NULL)
344 return (ENOSYS);
345 shmmap_s = p->p_vmspace->vm_shm;
346 if (shmmap_s == NULL)
347 return (EINVAL);
348 AUDIT_ARG_SVIPC_ID(shmmap_s->shmid);
349 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) {
350 if (shmmap_s->shmid != -1 &&
351 shmmap_s->va == (vm_offset_t)shmaddr) {
352 break;
353 }
354 }
355 if (i == shminfo.shmseg)
356 return (EINVAL);
357#ifdef MAC
358 error = mac_sysvshm_check_shmdt(td->td_ucred,
359 &shmsegs[IPCID_TO_IX(shmmap_s->shmid)]);
360 if (error != 0)
361 return (error);
362#endif
363 return (shm_delete_mapping(p->p_vmspace, shmmap_s));
364}
365
366#ifndef _SYS_SYSPROTO_H_
367struct shmdt_args {
368 const void *shmaddr;
369};
370#endif
371int
372sys_shmdt(struct thread *td, struct shmdt_args *uap)
373{
374 int error;
375
376 SYSVSHM_LOCK();
377 error = kern_shmdt_locked(td, uap->shmaddr);
378 SYSVSHM_UNLOCK();
379 return (error);
380}
381
382static int
383kern_shmat_locked(struct thread *td, int shmid, const void *shmaddr,
384 int shmflg)
385{
386 struct prison *rpr;
387 struct proc *p = td->td_proc;
388 struct shmid_kernel *shmseg;
389 struct shmmap_state *shmmap_s;
390 vm_offset_t attach_va;
391 vm_prot_t prot;
392 vm_size_t size;
393 int cow, error, find_space, i, rv;
394
395 AUDIT_ARG_SVIPC_ID(shmid);
396 AUDIT_ARG_VALUE(shmflg);
397
398 SYSVSHM_ASSERT_LOCKED();
399 rpr = shm_find_prison(td->td_ucred);
400 if (rpr == NULL)
401 return (ENOSYS);
402 shmmap_s = p->p_vmspace->vm_shm;
403 if (shmmap_s == NULL) {
404 shmmap_s = malloc(shminfo.shmseg * sizeof(struct shmmap_state),
405 M_SHM, M_WAITOK);
406 for (i = 0; i < shminfo.shmseg; i++)
407 shmmap_s[i].shmid = -1;
408 KASSERT(p->p_vmspace->vm_shm == NULL, ("raced"));
409 p->p_vmspace->vm_shm = shmmap_s;
410 }
411 shmseg = shm_find_segment(rpr, shmid, true);
412 if (shmseg == NULL)
413 return (EINVAL);
414 error = ipcperm(td, &shmseg->u.shm_perm,
415 (shmflg & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W);
416 if (error != 0)
417 return (error);
418#ifdef MAC
419 error = mac_sysvshm_check_shmat(td->td_ucred, shmseg, shmflg);
420 if (error != 0)
421 return (error);
422#endif
423 for (i = 0; i < shminfo.shmseg; i++) {
424 if (shmmap_s->shmid == -1)
425 break;
426 shmmap_s++;
427 }
428 if (i >= shminfo.shmseg)
429 return (EMFILE);
430 size = round_page(shmseg->u.shm_segsz);
431 prot = VM_PROT_READ;
432 cow = MAP_INHERIT_SHARE | MAP_PREFAULT_PARTIAL;
433 if ((shmflg & SHM_RDONLY) == 0)
434 prot |= VM_PROT_WRITE;
435 if (shmaddr != NULL) {
436 if ((shmflg & SHM_RND) != 0)
437 attach_va = rounddown2((vm_offset_t)shmaddr, SHMLBA);
438 else if (((vm_offset_t)shmaddr & (SHMLBA-1)) == 0)
439 attach_va = (vm_offset_t)shmaddr;
440 else
441 return (EINVAL);
442 if ((shmflg & SHM_REMAP) != 0)
443 cow |= MAP_REMAP;
444 find_space = VMFS_NO_SPACE;
445 } else {
446 /*
447 * This is just a hint to vm_map_find() about where to
448 * put it.
449 */
450 attach_va = round_page((vm_offset_t)p->p_vmspace->vm_daddr +
451 lim_max(td, RLIMIT_DATA));
452 find_space = VMFS_OPTIMAL_SPACE;
453 }
454
455 vm_object_reference(shmseg->object);
456 rv = vm_map_find(&p->p_vmspace->vm_map, shmseg->object, 0, &attach_va,
457 size, 0, find_space, prot, prot, cow);
458 if (rv != KERN_SUCCESS) {
459 vm_object_deallocate(shmseg->object);
460 return (ENOMEM);
461 }
462
463 shmmap_s->va = attach_va;
464 shmmap_s->shmid = shmid;
465 shmseg->u.shm_lpid = p->p_pid;
466 shmseg->u.shm_atime = time_second;
467 shmseg->u.shm_nattch++;
468 td->td_retval[0] = attach_va;
469 return (error);
470}
471
472int
473kern_shmat(struct thread *td, int shmid, const void *shmaddr, int shmflg)
474{
475 int error;
476
477 SYSVSHM_LOCK();
478 error = kern_shmat_locked(td, shmid, shmaddr, shmflg);
479 SYSVSHM_UNLOCK();
480 return (error);
481}
482
483#ifndef _SYS_SYSPROTO_H_
484struct shmat_args {
485 int shmid;
486 const void *shmaddr;
487 int shmflg;
488};
489#endif
490int
491sys_shmat(struct thread *td, struct shmat_args *uap)
492{
493
494 return (kern_shmat(td, uap->shmid, uap->shmaddr, uap->shmflg));
495}
496
497static int
498kern_shmctl_locked(struct thread *td, int shmid, int cmd, void *buf,
499 size_t *bufsz)
500{
501 struct prison *rpr;
502 struct shmid_kernel *shmseg;
503 struct shmid_ds *shmidp;
504 struct shm_info shm_info;
505 int error;
506
507 SYSVSHM_ASSERT_LOCKED();
508
509 rpr = shm_find_prison(td->td_ucred);
510 if (rpr == NULL)
511 return (ENOSYS);
512
513 AUDIT_ARG_SVIPC_ID(shmid);
514 AUDIT_ARG_SVIPC_CMD(cmd);
515
516 switch (cmd) {
517 /*
518 * It is possible that kern_shmctl is being called from the Linux ABI
519 * layer, in which case, we will need to implement IPC_INFO. It should
520 * be noted that other shmctl calls will be funneled through here for
521 * Linix binaries as well.
522 *
523 * NB: The Linux ABI layer will convert this data to structure(s) more
524 * consistent with the Linux ABI.
525 */
526 case IPC_INFO:
527 memcpy(buf, &shminfo, sizeof(shminfo));
528 if (bufsz)
529 *bufsz = sizeof(shminfo);
530 td->td_retval[0] = shmalloced;
531 return (0);
532 case SHM_INFO: {
533 shm_info.used_ids = shm_nused;
534 shm_info.shm_rss = 0; /*XXX where to get from ? */
535 shm_info.shm_tot = 0; /*XXX where to get from ? */
536 shm_info.shm_swp = 0; /*XXX where to get from ? */
537 shm_info.swap_attempts = 0; /*XXX where to get from ? */
538 shm_info.swap_successes = 0; /*XXX where to get from ? */
539 memcpy(buf, &shm_info, sizeof(shm_info));
540 if (bufsz != NULL)
541 *bufsz = sizeof(shm_info);
542 td->td_retval[0] = shmalloced;
543 return (0);
544 }
545 }
546 shmseg = shm_find_segment(rpr, shmid, cmd != SHM_STAT);
547 if (shmseg == NULL)
548 return (EINVAL);
549#ifdef MAC
550 error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, cmd);
551 if (error != 0)
552 return (error);
553#endif
554 switch (cmd) {
555 case SHM_STAT:
556 case IPC_STAT:
557 shmidp = (struct shmid_ds *)buf;
558 error = ipcperm(td, &shmseg->u.shm_perm, IPC_R);
559 if (error != 0)
560 return (error);
561 memcpy(shmidp, &shmseg->u, sizeof(struct shmid_ds));
562 if (td->td_ucred->cr_prison != shmseg->cred->cr_prison)
563 shmidp->shm_perm.key = IPC_PRIVATE;
564 if (bufsz != NULL)
565 *bufsz = sizeof(struct shmid_ds);
566 if (cmd == SHM_STAT) {
567 td->td_retval[0] = IXSEQ_TO_IPCID(shmid,
568 shmseg->u.shm_perm);
569 }
570 break;
571 case IPC_SET:
572 shmidp = (struct shmid_ds *)buf;
573 AUDIT_ARG_SVIPC_PERM(&shmidp->shm_perm);
574 error = ipcperm(td, &shmseg->u.shm_perm, IPC_M);
575 if (error != 0)
576 return (error);
577 shmseg->u.shm_perm.uid = shmidp->shm_perm.uid;
578 shmseg->u.shm_perm.gid = shmidp->shm_perm.gid;
579 shmseg->u.shm_perm.mode =
580 (shmseg->u.shm_perm.mode & ~ACCESSPERMS) |
581 (shmidp->shm_perm.mode & ACCESSPERMS);
582 shmseg->u.shm_ctime = time_second;
583 break;
584 case IPC_RMID:
585 error = ipcperm(td, &shmseg->u.shm_perm, IPC_M);
586 if (error != 0)
587 return (error);
588 shm_remove(shmseg, IPCID_TO_IX(shmid));
589 break;
590#if 0
591 case SHM_LOCK:
592 case SHM_UNLOCK:
593#endif
594 default:
595 error = EINVAL;
596 break;
597 }
598 return (error);
599}
600
601int
602kern_shmctl(struct thread *td, int shmid, int cmd, void *buf, size_t *bufsz)
603{
604 int error;
605
606 SYSVSHM_LOCK();
607 error = kern_shmctl_locked(td, shmid, cmd, buf, bufsz);
608 SYSVSHM_UNLOCK();
609 return (error);
610}
611
612#ifndef _SYS_SYSPROTO_H_
613struct shmctl_args {
614 int shmid;
615 int cmd;
616 struct shmid_ds *buf;
617};
618#endif
619int
620sys_shmctl(struct thread *td, struct shmctl_args *uap)
621{
622 int error;
623 struct shmid_ds buf;
624 size_t bufsz;
625
626 /*
627 * The only reason IPC_INFO, SHM_INFO, SHM_STAT exists is to support
628 * Linux binaries. If we see the call come through the FreeBSD ABI,
629 * return an error back to the user since we do not to support this.
630 */
631 if (uap->cmd == IPC_INFO || uap->cmd == SHM_INFO ||
632 uap->cmd == SHM_STAT)
633 return (EINVAL);
634
635 /* IPC_SET needs to copyin the buffer before calling kern_shmctl */
636 if (uap->cmd == IPC_SET) {
637 if ((error = copyin(uap->buf, &buf, sizeof(struct shmid_ds))))
638 goto done;
639 }
640
641 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&buf, &bufsz);
642 if (error)
643 goto done;
644
645 /* Cases in which we need to copyout */
646 switch (uap->cmd) {
647 case IPC_STAT:
648 error = copyout(&buf, uap->buf, bufsz);
649 break;
650 }
651
652done:
653 if (error) {
654 /* Invalidate the return value */
655 td->td_retval[0] = -1;
656 }
657 return (error);
658}
659
660static int
661shmget_existing(struct thread *td, size_t size, int shmflg, int mode,
662 int segnum)
663{
664 struct shmid_kernel *shmseg;
665#ifdef MAC
666 int error;
667#endif
668
669 SYSVSHM_ASSERT_LOCKED();
670 KASSERT(segnum >= 0 && segnum < shmalloced,
671 ("segnum %d shmalloced %d", segnum, shmalloced));
672 shmseg = &shmsegs[segnum];
673 if ((shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
674 return (EEXIST);
675#ifdef MAC
676 error = mac_sysvshm_check_shmget(td->td_ucred, shmseg, shmflg);
677 if (error != 0)
678 return (error);
679#endif
680 if (size != 0 && size > shmseg->u.shm_segsz)
681 return (EINVAL);
682 td->td_retval[0] = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm);
683 return (0);
684}
685
686static int
687shmget_allocate_segment(struct thread *td, key_t key, size_t size, int mode)
688{
689 struct ucred *cred = td->td_ucred;
690 struct shmid_kernel *shmseg;
691 vm_object_t shm_object;
692 int i, segnum;
693
694 SYSVSHM_ASSERT_LOCKED();
695
696 if (size < shminfo.shmmin || size > shminfo.shmmax)
697 return (EINVAL);
698 if (shm_nused >= shminfo.shmmni) /* Any shmids left? */
699 return (ENOSPC);
700 size = round_page(size);
701 if (shm_committed + btoc(size) > shminfo.shmall)
702 return (ENOMEM);
703 if (shm_last_free < 0) {
704 shmrealloc(); /* Maybe expand the shmsegs[] array. */
705 for (i = 0; i < shmalloced; i++)
706 if (shmsegs[i].u.shm_perm.mode & SHMSEG_FREE)
707 break;
708 if (i == shmalloced)
709 return (ENOSPC);
710 segnum = i;
711 } else {
712 segnum = shm_last_free;
713 shm_last_free = -1;
714 }
715 KASSERT(segnum >= 0 && segnum < shmalloced,
716 ("segnum %d shmalloced %d", segnum, shmalloced));
717 shmseg = &shmsegs[segnum];
718#ifdef RACCT
719 if (racct_enable) {
720 PROC_LOCK(td->td_proc);
721 if (racct_add(td->td_proc, RACCT_NSHM, 1)) {
722 PROC_UNLOCK(td->td_proc);
723 return (ENOSPC);
724 }
725 if (racct_add(td->td_proc, RACCT_SHMSIZE, size)) {
726 racct_sub(td->td_proc, RACCT_NSHM, 1);
727 PROC_UNLOCK(td->td_proc);
728 return (ENOMEM);
729 }
730 PROC_UNLOCK(td->td_proc);
731 }
732#endif
733
734 /*
735 * We make sure that we have allocated a pager before we need
736 * to.
737 */
738 shm_object = vm_pager_allocate(shm_use_phys ? OBJT_PHYS : OBJT_SWAP,
739 0, size, VM_PROT_DEFAULT, 0, cred);
740 if (shm_object == NULL) {
741#ifdef RACCT
742 if (racct_enable) {
743 PROC_LOCK(td->td_proc);
744 racct_sub(td->td_proc, RACCT_NSHM, 1);
745 racct_sub(td->td_proc, RACCT_SHMSIZE, size);
746 PROC_UNLOCK(td->td_proc);
747 }
748#endif
749 return (ENOMEM);
750 }
751
752 shmseg->object = shm_object;
753 shmseg->u.shm_perm.cuid = shmseg->u.shm_perm.uid = cred->cr_uid;
754 shmseg->u.shm_perm.cgid = shmseg->u.shm_perm.gid = cred->cr_gid;
755 shmseg->u.shm_perm.mode = (mode & ACCESSPERMS) | SHMSEG_ALLOCATED;
756 shmseg->u.shm_perm.key = key;
757 shmseg->u.shm_perm.seq = (shmseg->u.shm_perm.seq + 1) & 0x7fff;
758 shmseg->cred = crhold(cred);
759 shmseg->u.shm_segsz = size;
760 shmseg->u.shm_cpid = td->td_proc->p_pid;
761 shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0;
762 shmseg->u.shm_atime = shmseg->u.shm_dtime = 0;
763#ifdef MAC
764 mac_sysvshm_create(cred, shmseg);
765#endif
766 shmseg->u.shm_ctime = time_second;
767 shm_committed += btoc(size);
768 shm_nused++;
769 td->td_retval[0] = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm);
770
771 return (0);
772}
773
774#ifndef _SYS_SYSPROTO_H_
775struct shmget_args {
776 key_t key;
777 size_t size;
778 int shmflg;
779};
780#endif
781int
782sys_shmget(struct thread *td, struct shmget_args *uap)
783{
784 int segnum, mode;
785 int error;
786
787 if (shm_find_prison(td->td_ucred) == NULL)
788 return (ENOSYS);
789 mode = uap->shmflg & ACCESSPERMS;
790 SYSVSHM_LOCK();
791 if (uap->key == IPC_PRIVATE) {
792 error = shmget_allocate_segment(td, uap->key, uap->size, mode);
793 } else {
794 segnum = shm_find_segment_by_key(td->td_ucred->cr_prison,
795 uap->key);
796 if (segnum >= 0)
797 error = shmget_existing(td, uap->size, uap->shmflg,
798 mode, segnum);
799 else if ((uap->shmflg & IPC_CREAT) == 0)
800 error = ENOENT;
801 else
802 error = shmget_allocate_segment(td, uap->key,
803 uap->size, mode);
804 }
805 SYSVSHM_UNLOCK();
806 return (error);
807}
808
809#ifdef SYSVSHM
810void
811shmfork(struct proc *p1, struct proc *p2)
812#else
813static void
814shmfork_myhook(struct proc *p1, struct proc *p2)
815#endif
816{
817 struct shmmap_state *shmmap_s;
818 size_t size;
819 int i;
820
821 SYSVSHM_LOCK();
822 size = shminfo.shmseg * sizeof(struct shmmap_state);
823 shmmap_s = malloc(size, M_SHM, M_WAITOK);
824 bcopy(p1->p_vmspace->vm_shm, shmmap_s, size);
825 p2->p_vmspace->vm_shm = shmmap_s;
826 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) {
827 if (shmmap_s->shmid != -1) {
828 KASSERT(IPCID_TO_IX(shmmap_s->shmid) >= 0 &&
829 IPCID_TO_IX(shmmap_s->shmid) < shmalloced,
830 ("segnum %d shmalloced %d",
831 IPCID_TO_IX(shmmap_s->shmid), shmalloced));
832 shmsegs[IPCID_TO_IX(shmmap_s->shmid)].u.shm_nattch++;
833 }
834 }
835 SYSVSHM_UNLOCK();
836}
837
838#ifdef SYSVSHM
839void
840shmexit(struct vmspace *vm)
841#else
842static void
843shmexit_myhook(struct vmspace *vm)
844#endif
845{
846 struct shmmap_state *base, *shm;
847 int i;
848
849 base = vm->vm_shm;
850 if (base != NULL) {
851 vm->vm_shm = NULL;
852 SYSVSHM_LOCK();
853 for (i = 0, shm = base; i < shminfo.shmseg; i++, shm++) {
854 if (shm->shmid != -1)
855 shm_delete_mapping(vm, shm);
856 }
857 SYSVSHM_UNLOCK();
858 free(base, M_SHM);
859 }
860}
861
862static void
863shmrealloc(void)
864{
865 struct shmid_kernel *newsegs;
866 int i;
867
868 SYSVSHM_ASSERT_LOCKED();
869
870 if (shmalloced >= shminfo.shmmni)
871 return;
872
873 newsegs = malloc(shminfo.shmmni * sizeof(*newsegs), M_SHM,
874 M_WAITOK | M_ZERO);
875 for (i = 0; i < shmalloced; i++)
876 bcopy(&shmsegs[i], &newsegs[i], sizeof(newsegs[0]));
877 for (; i < shminfo.shmmni; i++) {
878 newsegs[i].u.shm_perm.mode = SHMSEG_FREE;
879 newsegs[i].u.shm_perm.seq = 0;
880#ifdef MAC
881 mac_sysvshm_init(&newsegs[i]);
882#endif
883 }
884 free(shmsegs, M_SHM);
885 shmsegs = newsegs;
886 shmalloced = shminfo.shmmni;
887}
888
889static struct syscall_helper_data shm_syscalls[] = {
890 SYSCALL_INIT_HELPER(shmat),
891 SYSCALL_INIT_HELPER(shmctl),
892 SYSCALL_INIT_HELPER(shmdt),
893 SYSCALL_INIT_HELPER(shmget),
894#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
895 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
896 SYSCALL_INIT_HELPER_COMPAT(freebsd7_shmctl),
897#endif
898#if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43))
899 SYSCALL_INIT_HELPER(shmsys),
900#endif
901 SYSCALL_INIT_LAST
902};
903
904#ifdef COMPAT_FREEBSD32
905#include <compat/freebsd32/freebsd32.h>
906#include <compat/freebsd32/freebsd32_ipc.h>
907#include <compat/freebsd32/freebsd32_proto.h>
908#include <compat/freebsd32/freebsd32_signal.h>
909#include <compat/freebsd32/freebsd32_syscall.h>
910#include <compat/freebsd32/freebsd32_util.h>
911
912static struct syscall_helper_data shm32_syscalls[] = {
913 SYSCALL32_INIT_HELPER_COMPAT(shmat),
914 SYSCALL32_INIT_HELPER_COMPAT(shmdt),
915 SYSCALL32_INIT_HELPER_COMPAT(shmget),
916 SYSCALL32_INIT_HELPER(freebsd32_shmsys),
917 SYSCALL32_INIT_HELPER(freebsd32_shmctl),
918#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
919 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
920 SYSCALL32_INIT_HELPER(freebsd7_freebsd32_shmctl),
921#endif
922 SYSCALL_INIT_LAST
923};
924#endif
925
926static int
927shminit(void)
928{
929 struct prison *pr;
930 void **rsv;
931 int i, error;
932 osd_method_t methods[PR_MAXMETHOD] = {
933 [PR_METHOD_CHECK] = shm_prison_check,
934 [PR_METHOD_SET] = shm_prison_set,
935 [PR_METHOD_GET] = shm_prison_get,
936 [PR_METHOD_REMOVE] = shm_prison_remove,
937 };
938
939#ifndef BURN_BRIDGES
940 if (TUNABLE_ULONG_FETCH("kern.ipc.shmmaxpgs", &shminfo.shmall) != 0)
941 printf("kern.ipc.shmmaxpgs is now called kern.ipc.shmall!\n");
942#endif
943 if (shminfo.shmmax == SHMMAX) {
944 /* Initialize shmmax dealing with possible overflow. */
945 for (i = PAGE_SIZE; i != 0; i--) {
946 shminfo.shmmax = shminfo.shmall * i;
947 if ((shminfo.shmmax / shminfo.shmall) == (u_long)i)
948 break;
949 }
950 }
951 shmalloced = shminfo.shmmni;
952 shmsegs = malloc(shmalloced * sizeof(shmsegs[0]), M_SHM,
953 M_WAITOK|M_ZERO);
954 for (i = 0; i < shmalloced; i++) {
955 shmsegs[i].u.shm_perm.mode = SHMSEG_FREE;
956 shmsegs[i].u.shm_perm.seq = 0;
957#ifdef MAC
958 mac_sysvshm_init(&shmsegs[i]);
959#endif
960 }
961 shm_last_free = 0;
962 shm_nused = 0;
963 shm_committed = 0;
964 sx_init(&sysvshmsx, "sysvshmsx");
965#ifndef SYSVSHM
966 shmexit_hook = &shmexit_myhook;
967 shmfork_hook = &shmfork_myhook;
968#endif
969
970 /* Set current prisons according to their allow.sysvipc. */
971 shm_prison_slot = osd_jail_register(NULL, methods);
972 rsv = osd_reserve(shm_prison_slot);
973 prison_lock(&prison0);
974 (void)osd_jail_set_reserved(&prison0, shm_prison_slot, rsv, &prison0);
975 prison_unlock(&prison0);
976 rsv = NULL;
977 sx_slock(&allprison_lock);
978 TAILQ_FOREACH(pr, &allprison, pr_list) {
979 if (rsv == NULL)
980 rsv = osd_reserve(shm_prison_slot);
981 prison_lock(pr);
982 if (pr->pr_allow & PR_ALLOW_SYSVIPC) {
983 (void)osd_jail_set_reserved(pr, shm_prison_slot, rsv,
984 &prison0);
985 rsv = NULL;
986 }
987 prison_unlock(pr);
988 }
989 if (rsv != NULL)
990 osd_free_reserved(rsv);
991 sx_sunlock(&allprison_lock);
992
993 error = syscall_helper_register(shm_syscalls, SY_THR_STATIC_KLD);
994 if (error != 0)
995 return (error);
996#ifdef COMPAT_FREEBSD32
997 error = syscall32_helper_register(shm32_syscalls, SY_THR_STATIC_KLD);
998 if (error != 0)
999 return (error);
1000#endif
1001 return (0);
1002}
1003
1004static int
1005shmunload(void)
1006{
1007 int i;
1008
1009 if (shm_nused > 0)
1010 return (EBUSY);
1011
1012#ifdef COMPAT_FREEBSD32
1013 syscall32_helper_unregister(shm32_syscalls);
1014#endif
1015 syscall_helper_unregister(shm_syscalls);
1016 if (shm_prison_slot != 0)
1017 osd_jail_deregister(shm_prison_slot);
1018
1019 for (i = 0; i < shmalloced; i++) {
1020#ifdef MAC
1021 mac_sysvshm_destroy(&shmsegs[i]);
1022#endif
1023 /*
1024 * Objects might be still mapped into the processes
1025 * address spaces. Actual free would happen on the
1026 * last mapping destruction.
1027 */
1028 if (shmsegs[i].u.shm_perm.mode != SHMSEG_FREE)
1029 vm_object_deallocate(shmsegs[i].object);
1030 }
1031 free(shmsegs, M_SHM);
1032#ifndef SYSVSHM
1033 shmexit_hook = NULL;
1034 shmfork_hook = NULL;
1035#endif
1036 sx_destroy(&sysvshmsx);
1037 return (0);
1038}
1039
1040static int
1041sysctl_shmsegs(SYSCTL_HANDLER_ARGS)
1042{
1043 struct shmid_kernel tshmseg;
1044#ifdef COMPAT_FREEBSD32
1045 struct shmid_kernel32 tshmseg32;
1046#endif
1047 struct prison *pr, *rpr;
1048 void *outaddr;
1049 size_t outsize;
1050 int error, i;
1051
1052 SYSVSHM_LOCK();
1053 pr = req->td->td_ucred->cr_prison;
1054 rpr = shm_find_prison(req->td->td_ucred);
1055 error = 0;
1056 for (i = 0; i < shmalloced; i++) {
1057 if ((shmsegs[i].u.shm_perm.mode & SHMSEG_ALLOCATED) == 0 ||
1058 rpr == NULL || shm_prison_cansee(rpr, &shmsegs[i]) != 0) {
1059 bzero(&tshmseg, sizeof(tshmseg));
1060 tshmseg.u.shm_perm.mode = SHMSEG_FREE;
1061 } else {
1062 tshmseg = shmsegs[i];
1063 if (tshmseg.cred->cr_prison != pr)
1064 tshmseg.u.shm_perm.key = IPC_PRIVATE;
1065 }
1066#ifdef COMPAT_FREEBSD32
1067 if (SV_CURPROC_FLAG(SV_ILP32)) {
1068 bzero(&tshmseg32, sizeof(tshmseg32));
1069 freebsd32_ipcperm_out(&tshmseg.u.shm_perm,
1070 &tshmseg32.u.shm_perm);
1071 CP(tshmseg, tshmseg32, u.shm_segsz);
1072 CP(tshmseg, tshmseg32, u.shm_lpid);
1073 CP(tshmseg, tshmseg32, u.shm_cpid);
1074 CP(tshmseg, tshmseg32, u.shm_nattch);
1075 CP(tshmseg, tshmseg32, u.shm_atime);
1076 CP(tshmseg, tshmseg32, u.shm_dtime);
1077 CP(tshmseg, tshmseg32, u.shm_ctime);
1078 /* Don't copy object, label, or cred */
1079 outaddr = &tshmseg32;
1080 outsize = sizeof(tshmseg32);
1081 } else
1082#endif
1083 {
1084 tshmseg.object = NULL;
1085 tshmseg.label = NULL;
1086 tshmseg.cred = NULL;
1087 outaddr = &tshmseg;
1088 outsize = sizeof(tshmseg);
1089 }
1090 error = SYSCTL_OUT(req, outaddr, outsize);
1091 if (error != 0)
1092 break;
1093 }
1094 SYSVSHM_UNLOCK();
1095 return (error);
1096}
1097
1098static int
1099shm_prison_check(void *obj, void *data)
1100{
1101 struct prison *pr = obj;
1102 struct prison *prpr;
1103 struct vfsoptlist *opts = data;
1104 int error, jsys;
1105
1106 /*
1107 * sysvshm is a jailsys integer.
1108 * It must be "disable" if the parent jail is disabled.
1109 */
1110 error = vfs_copyopt(opts, "sysvshm", &jsys, sizeof(jsys));
1111 if (error != ENOENT) {
1112 if (error != 0)
1113 return (error);
1114 switch (jsys) {
1115 case JAIL_SYS_DISABLE:
1116 break;
1117 case JAIL_SYS_NEW:
1118 case JAIL_SYS_INHERIT:
1119 prison_lock(pr->pr_parent);
1120 prpr = osd_jail_get(pr->pr_parent, shm_prison_slot);
1121 prison_unlock(pr->pr_parent);
1122 if (prpr == NULL)
1123 return (EPERM);
1124 break;
1125 default:
1126 return (EINVAL);
1127 }
1128 }
1129
1130 return (0);
1131}
1132
1133static int
1134shm_prison_set(void *obj, void *data)
1135{
1136 struct prison *pr = obj;
1137 struct prison *tpr, *orpr, *nrpr, *trpr;
1138 struct vfsoptlist *opts = data;
1139 void *rsv;
1140 int jsys, descend;
1141
1142 /*
1143 * sysvshm controls which jail is the root of the associated segments
1144 * (this jail or same as the parent), or if the feature is available
1145 * at all.
1146 */
1147 if (vfs_copyopt(opts, "sysvshm", &jsys, sizeof(jsys)) == ENOENT)
1148 jsys = vfs_flagopt(opts, "allow.sysvipc", NULL, 0)
1149 ? JAIL_SYS_INHERIT
1150 : vfs_flagopt(opts, "allow.nosysvipc", NULL, 0)
1151 ? JAIL_SYS_DISABLE
1152 : -1;
1153 if (jsys == JAIL_SYS_DISABLE) {
1154 prison_lock(pr);
1155 orpr = osd_jail_get(pr, shm_prison_slot);
1156 if (orpr != NULL)
1157 osd_jail_del(pr, shm_prison_slot);
1158 prison_unlock(pr);
1159 if (orpr != NULL) {
1160 if (orpr == pr)
1161 shm_prison_cleanup(pr);
1162 /* Disable all child jails as well. */
1163 FOREACH_PRISON_DESCENDANT(pr, tpr, descend) {
1164 prison_lock(tpr);
1165 trpr = osd_jail_get(tpr, shm_prison_slot);
1166 if (trpr != NULL) {
1167 osd_jail_del(tpr, shm_prison_slot);
1168 prison_unlock(tpr);
1169 if (trpr == tpr)
1170 shm_prison_cleanup(tpr);
1171 } else {
1172 prison_unlock(tpr);
1173 descend = 0;
1174 }
1175 }
1176 }
1177 } else if (jsys != -1) {
1178 if (jsys == JAIL_SYS_NEW)
1179 nrpr = pr;
1180 else {
1181 prison_lock(pr->pr_parent);
1182 nrpr = osd_jail_get(pr->pr_parent, shm_prison_slot);
1183 prison_unlock(pr->pr_parent);
1184 }
1185 rsv = osd_reserve(shm_prison_slot);
1186 prison_lock(pr);
1187 orpr = osd_jail_get(pr, shm_prison_slot);
1188 if (orpr != nrpr)
1189 (void)osd_jail_set_reserved(pr, shm_prison_slot, rsv,
1190 nrpr);
1191 else
1192 osd_free_reserved(rsv);
1193 prison_unlock(pr);
1194 if (orpr != nrpr) {
1195 if (orpr == pr)
1196 shm_prison_cleanup(pr);
1197 if (orpr != NULL) {
1198 /* Change child jails matching the old root, */
1199 FOREACH_PRISON_DESCENDANT(pr, tpr, descend) {
1200 prison_lock(tpr);
1201 trpr = osd_jail_get(tpr,
1202 shm_prison_slot);
1203 if (trpr == orpr) {
1204 (void)osd_jail_set(tpr,
1205 shm_prison_slot, nrpr);
1206 prison_unlock(tpr);
1207 if (trpr == tpr)
1208 shm_prison_cleanup(tpr);
1209 } else {
1210 prison_unlock(tpr);
1211 descend = 0;
1212 }
1213 }
1214 }
1215 }
1216 }
1217
1218 return (0);
1219}
1220
1221static int
1222shm_prison_get(void *obj, void *data)
1223{
1224 struct prison *pr = obj;
1225 struct prison *rpr;
1226 struct vfsoptlist *opts = data;
1227 int error, jsys;
1228
1229 /* Set sysvshm based on the jail's root prison. */
1230 prison_lock(pr);
1231 rpr = osd_jail_get(pr, shm_prison_slot);
1232 prison_unlock(pr);
1233 jsys = rpr == NULL ? JAIL_SYS_DISABLE
1234 : rpr == pr ? JAIL_SYS_NEW : JAIL_SYS_INHERIT;
1235 error = vfs_setopt(opts, "sysvshm", &jsys, sizeof(jsys));
1236 if (error == ENOENT)
1237 error = 0;
1238 return (error);
1239}
1240
1241static int
1242shm_prison_remove(void *obj, void *data __unused)
1243{
1244 struct prison *pr = obj;
1245 struct prison *rpr;
1246
1247 SYSVSHM_LOCK();
1248 prison_lock(pr);
1249 rpr = osd_jail_get(pr, shm_prison_slot);
1250 prison_unlock(pr);
1251 if (rpr == pr)
1252 shm_prison_cleanup(pr);
1253 SYSVSHM_UNLOCK();
1254 return (0);
1255}
1256
1257static void
1258shm_prison_cleanup(struct prison *pr)
1259{
1260 struct shmid_kernel *shmseg;
1261 int i;
1262
1263 /* Remove any segments that belong to this jail. */
1264 for (i = 0; i < shmalloced; i++) {
1265 shmseg = &shmsegs[i];
1266 if ((shmseg->u.shm_perm.mode & SHMSEG_ALLOCATED) &&
1267 shmseg->cred != NULL && shmseg->cred->cr_prison == pr) {
1268 shm_remove(shmseg, i);
1269 }
1270 }
1271}
1272
1273SYSCTL_JAIL_PARAM_SYS_NODE(sysvshm, CTLFLAG_RW, "SYSV shared memory");
1274
1275#if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43))
1276struct oshmid_ds {
1277 struct ipc_perm_old shm_perm; /* operation perms */
1278 int shm_segsz; /* size of segment (bytes) */
1279 u_short shm_cpid; /* pid, creator */
1280 u_short shm_lpid; /* pid, last operation */
1281 short shm_nattch; /* no. of current attaches */
1282 time_t shm_atime; /* last attach time */
1283 time_t shm_dtime; /* last detach time */
1284 time_t shm_ctime; /* last change time */
1285 void *shm_handle; /* internal handle for shm segment */
1286};
1287
1288struct oshmctl_args {
1289 int shmid;
1290 int cmd;
1291 struct oshmid_ds *ubuf;
1292};
1293
1294static int
1295oshmctl(struct thread *td, struct oshmctl_args *uap)
1296{
1297#ifdef COMPAT_43
1298 int error = 0;
1299 struct prison *rpr;
1300 struct shmid_kernel *shmseg;
1301 struct oshmid_ds outbuf;
1302
1303 rpr = shm_find_prison(td->td_ucred);
1304 if (rpr == NULL)
1305 return (ENOSYS);
1306 if (uap->cmd != IPC_STAT) {
1307 return (freebsd7_shmctl(td,
1308 (struct freebsd7_shmctl_args *)uap));
1309 }
1310 SYSVSHM_LOCK();
1311 shmseg = shm_find_segment(rpr, uap->shmid, true);
1312 if (shmseg == NULL) {
1313 SYSVSHM_UNLOCK();
1314 return (EINVAL);
1315 }
1316 error = ipcperm(td, &shmseg->u.shm_perm, IPC_R);
1317 if (error != 0) {
1318 SYSVSHM_UNLOCK();
1319 return (error);
1320 }
1321#ifdef MAC
1322 error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, uap->cmd);
1323 if (error != 0) {
1324 SYSVSHM_UNLOCK();
1325 return (error);
1326 }
1327#endif
1328 ipcperm_new2old(&shmseg->u.shm_perm, &outbuf.shm_perm);
1329 outbuf.shm_segsz = shmseg->u.shm_segsz;
1330 outbuf.shm_cpid = shmseg->u.shm_cpid;
1331 outbuf.shm_lpid = shmseg->u.shm_lpid;
1332 outbuf.shm_nattch = shmseg->u.shm_nattch;
1333 outbuf.shm_atime = shmseg->u.shm_atime;
1334 outbuf.shm_dtime = shmseg->u.shm_dtime;
1335 outbuf.shm_ctime = shmseg->u.shm_ctime;
1336 outbuf.shm_handle = shmseg->object;
1337 SYSVSHM_UNLOCK();
1338 return (copyout(&outbuf, uap->ubuf, sizeof(outbuf)));
1339#else
1340 return (EINVAL);
1341#endif
1342}
1343
1344/* XXX casting to (sy_call_t *) is bogus, as usual. */
1345static sy_call_t *shmcalls[] = {
1346 (sy_call_t *)sys_shmat, (sy_call_t *)oshmctl,
1347 (sy_call_t *)sys_shmdt, (sy_call_t *)sys_shmget,
1348 (sy_call_t *)freebsd7_shmctl
1349};
1350
1351#ifndef _SYS_SYSPROTO_H_
1352/* XXX actually varargs. */
1353struct shmsys_args {
1354 int which;
1355 int a2;
1356 int a3;
1357 int a4;
1358};
1359#endif
1360int
1361sys_shmsys(struct thread *td, struct shmsys_args *uap)
1362{
1363
1364 AUDIT_ARG_SVIPC_WHICH(uap->which);
1365 if (uap->which < 0 || uap->which >= nitems(shmcalls))
1366 return (EINVAL);
1367 return ((*shmcalls[uap->which])(td, &uap->a2));
1368}
1369
1370#endif /* i386 && (COMPAT_FREEBSD4 || COMPAT_43) */
1371
1372#ifdef COMPAT_FREEBSD32
1373
1374int
1375freebsd32_shmsys(struct thread *td, struct freebsd32_shmsys_args *uap)
1376{
1377
1378#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
1379 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
1380 AUDIT_ARG_SVIPC_WHICH(uap->which);
1381 switch (uap->which) {
1382 case 0: { /* shmat */
1383 struct shmat_args ap;
1384
1385 ap.shmid = uap->a2;
1386 ap.shmaddr = PTRIN(uap->a3);
1387 ap.shmflg = uap->a4;
1388 return (sysent[SYS_shmat].sy_call(td, &ap));
1389 }
1390 case 2: { /* shmdt */
1391 struct shmdt_args ap;
1392
1393 ap.shmaddr = PTRIN(uap->a2);
1394 return (sysent[SYS_shmdt].sy_call(td, &ap));
1395 }
1396 case 3: { /* shmget */
1397 struct shmget_args ap;
1398
1399 ap.key = uap->a2;
1400 ap.size = uap->a3;
1401 ap.shmflg = uap->a4;
1402 return (sysent[SYS_shmget].sy_call(td, &ap));
1403 }
1404 case 4: { /* shmctl */
1405 struct freebsd7_freebsd32_shmctl_args ap;
1406
1407 ap.shmid = uap->a2;
1408 ap.cmd = uap->a3;
1409 ap.buf = PTRIN(uap->a4);
1410 return (freebsd7_freebsd32_shmctl(td, &ap));
1411 }
1412 case 1: /* oshmctl */
1413 default:
1414 return (EINVAL);
1415 }
1416#else
1417 return (nosys(td, NULL));
1418#endif
1419}
1420
1421#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
1422 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
1423int
1424freebsd7_freebsd32_shmctl(struct thread *td,
1425 struct freebsd7_freebsd32_shmctl_args *uap)
1426{
1427 int error;
1428 union {
1429 struct shmid_ds shmid_ds;
1430 struct shm_info shm_info;
1431 struct shminfo shminfo;
1432 } u;
1433 union {
1434 struct shmid_ds_old32 shmid_ds32;
1435 struct shm_info32 shm_info32;
1436 struct shminfo32 shminfo32;
1437 } u32;
1438 size_t sz;
1439
1440 if (uap->cmd == IPC_SET) {
1441 if ((error = copyin(uap->buf, &u32.shmid_ds32,
1442 sizeof(u32.shmid_ds32))))
1443 goto done;
1444 freebsd32_ipcperm_old_in(&u32.shmid_ds32.shm_perm,
1445 &u.shmid_ds.shm_perm);
1446 CP(u32.shmid_ds32, u.shmid_ds, shm_segsz);
1447 CP(u32.shmid_ds32, u.shmid_ds, shm_lpid);
1448 CP(u32.shmid_ds32, u.shmid_ds, shm_cpid);
1449 CP(u32.shmid_ds32, u.shmid_ds, shm_nattch);
1450 CP(u32.shmid_ds32, u.shmid_ds, shm_atime);
1451 CP(u32.shmid_ds32, u.shmid_ds, shm_dtime);
1452 CP(u32.shmid_ds32, u.shmid_ds, shm_ctime);
1453 }
1454
1455 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&u, &sz);
1456 if (error)
1457 goto done;
1458
1459 /* Cases in which we need to copyout */
1460 switch (uap->cmd) {
1461 case IPC_INFO:
1462 CP(u.shminfo, u32.shminfo32, shmmax);
1463 CP(u.shminfo, u32.shminfo32, shmmin);
1464 CP(u.shminfo, u32.shminfo32, shmmni);
1465 CP(u.shminfo, u32.shminfo32, shmseg);
1466 CP(u.shminfo, u32.shminfo32, shmall);
1467 error = copyout(&u32.shminfo32, uap->buf,
1468 sizeof(u32.shminfo32));
1469 break;
1470 case SHM_INFO:
1471 CP(u.shm_info, u32.shm_info32, used_ids);
1472 CP(u.shm_info, u32.shm_info32, shm_rss);
1473 CP(u.shm_info, u32.shm_info32, shm_tot);
1474 CP(u.shm_info, u32.shm_info32, shm_swp);
1475 CP(u.shm_info, u32.shm_info32, swap_attempts);
1476 CP(u.shm_info, u32.shm_info32, swap_successes);
1477 error = copyout(&u32.shm_info32, uap->buf,
1478 sizeof(u32.shm_info32));
1479 break;
1480 case SHM_STAT:
1481 case IPC_STAT:
1482 memset(&u32.shmid_ds32, 0, sizeof(u32.shmid_ds32));
1483 freebsd32_ipcperm_old_out(&u.shmid_ds.shm_perm,
1484 &u32.shmid_ds32.shm_perm);
1485 if (u.shmid_ds.shm_segsz > INT32_MAX)
1486 u32.shmid_ds32.shm_segsz = INT32_MAX;
1487 else
1488 CP(u.shmid_ds, u32.shmid_ds32, shm_segsz);
1489 CP(u.shmid_ds, u32.shmid_ds32, shm_lpid);
1490 CP(u.shmid_ds, u32.shmid_ds32, shm_cpid);
1491 CP(u.shmid_ds, u32.shmid_ds32, shm_nattch);
1492 CP(u.shmid_ds, u32.shmid_ds32, shm_atime);
1493 CP(u.shmid_ds, u32.shmid_ds32, shm_dtime);
1494 CP(u.shmid_ds, u32.shmid_ds32, shm_ctime);
1495 u32.shmid_ds32.shm_internal = 0;
1496 error = copyout(&u32.shmid_ds32, uap->buf,
1497 sizeof(u32.shmid_ds32));
1498 break;
1499 }
1500
1501done:
1502 if (error) {
1503 /* Invalidate the return value */
1504 td->td_retval[0] = -1;
1505 }
1506 return (error);
1507}
1508#endif
1509
1510int
1511freebsd32_shmctl(struct thread *td, struct freebsd32_shmctl_args *uap)
1512{
1513 int error;
1514 union {
1515 struct shmid_ds shmid_ds;
1516 struct shm_info shm_info;
1517 struct shminfo shminfo;
1518 } u;
1519 union {
1520 struct shmid_ds32 shmid_ds32;
1521 struct shm_info32 shm_info32;
1522 struct shminfo32 shminfo32;
1523 } u32;
1524 size_t sz;
1525
1526 if (uap->cmd == IPC_SET) {
1527 if ((error = copyin(uap->buf, &u32.shmid_ds32,
1528 sizeof(u32.shmid_ds32))))
1529 goto done;
1530 freebsd32_ipcperm_in(&u32.shmid_ds32.shm_perm,
1531 &u.shmid_ds.shm_perm);
1532 CP(u32.shmid_ds32, u.shmid_ds, shm_segsz);
1533 CP(u32.shmid_ds32, u.shmid_ds, shm_lpid);
1534 CP(u32.shmid_ds32, u.shmid_ds, shm_cpid);
1535 CP(u32.shmid_ds32, u.shmid_ds, shm_nattch);
1536 CP(u32.shmid_ds32, u.shmid_ds, shm_atime);
1537 CP(u32.shmid_ds32, u.shmid_ds, shm_dtime);
1538 CP(u32.shmid_ds32, u.shmid_ds, shm_ctime);
1539 }
1540
1541 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&u, &sz);
1542 if (error)
1543 goto done;
1544
1545 /* Cases in which we need to copyout */
1546 switch (uap->cmd) {
1547 case IPC_INFO:
1548 CP(u.shminfo, u32.shminfo32, shmmax);
1549 CP(u.shminfo, u32.shminfo32, shmmin);
1550 CP(u.shminfo, u32.shminfo32, shmmni);
1551 CP(u.shminfo, u32.shminfo32, shmseg);
1552 CP(u.shminfo, u32.shminfo32, shmall);
1553 error = copyout(&u32.shminfo32, uap->buf,
1554 sizeof(u32.shminfo32));
1555 break;
1556 case SHM_INFO:
1557 CP(u.shm_info, u32.shm_info32, used_ids);
1558 CP(u.shm_info, u32.shm_info32, shm_rss);
1559 CP(u.shm_info, u32.shm_info32, shm_tot);
1560 CP(u.shm_info, u32.shm_info32, shm_swp);
1561 CP(u.shm_info, u32.shm_info32, swap_attempts);
1562 CP(u.shm_info, u32.shm_info32, swap_successes);
1563 error = copyout(&u32.shm_info32, uap->buf,
1564 sizeof(u32.shm_info32));
1565 break;
1566 case SHM_STAT:
1567 case IPC_STAT:
1568 freebsd32_ipcperm_out(&u.shmid_ds.shm_perm,
1569 &u32.shmid_ds32.shm_perm);
1570 if (u.shmid_ds.shm_segsz > INT32_MAX)
1571 u32.shmid_ds32.shm_segsz = INT32_MAX;
1572 else
1573 CP(u.shmid_ds, u32.shmid_ds32, shm_segsz);
1574 CP(u.shmid_ds, u32.shmid_ds32, shm_lpid);
1575 CP(u.shmid_ds, u32.shmid_ds32, shm_cpid);
1576 CP(u.shmid_ds, u32.shmid_ds32, shm_nattch);
1577 CP(u.shmid_ds, u32.shmid_ds32, shm_atime);
1578 CP(u.shmid_ds, u32.shmid_ds32, shm_dtime);
1579 CP(u.shmid_ds, u32.shmid_ds32, shm_ctime);
1580 error = copyout(&u32.shmid_ds32, uap->buf,
1581 sizeof(u32.shmid_ds32));
1582 break;
1583 }
1584
1585done:
1586 if (error) {
1587 /* Invalidate the return value */
1588 td->td_retval[0] = -1;
1589 }
1590 return (error);
1591}
1592#endif
1593
1594#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
1595 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
1596
1597#ifndef _SYS_SYSPROTO_H_
1598struct freebsd7_shmctl_args {
1599 int shmid;
1600 int cmd;
1601 struct shmid_ds_old *buf;
1602};
1603#endif
1604int
1605freebsd7_shmctl(struct thread *td, struct freebsd7_shmctl_args *uap)
1606{
1607 int error;
1608 struct shmid_ds_old old;
1609 struct shmid_ds buf;
1610 size_t bufsz;
1611
1612 /*
1613 * The only reason IPC_INFO, SHM_INFO, SHM_STAT exists is to support
1614 * Linux binaries. If we see the call come through the FreeBSD ABI,
1615 * return an error back to the user since we do not to support this.
1616 */
1617 if (uap->cmd == IPC_INFO || uap->cmd == SHM_INFO ||
1618 uap->cmd == SHM_STAT)
1619 return (EINVAL);
1620
1621 /* IPC_SET needs to copyin the buffer before calling kern_shmctl */
1622 if (uap->cmd == IPC_SET) {
1623 if ((error = copyin(uap->buf, &old, sizeof(old))))
1624 goto done;
1625 ipcperm_old2new(&old.shm_perm, &buf.shm_perm);
1626 CP(old, buf, shm_segsz);
1627 CP(old, buf, shm_lpid);
1628 CP(old, buf, shm_cpid);
1629 CP(old, buf, shm_nattch);
1630 CP(old, buf, shm_atime);
1631 CP(old, buf, shm_dtime);
1632 CP(old, buf, shm_ctime);
1633 }
1634
1635 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&buf, &bufsz);
1636 if (error)
1637 goto done;
1638
1639 /* Cases in which we need to copyout */
1640 switch (uap->cmd) {
1641 case IPC_STAT:
1642 memset(&old, 0, sizeof(old));
1643 ipcperm_new2old(&buf.shm_perm, &old.shm_perm);
1644 if (buf.shm_segsz > INT_MAX)
1645 old.shm_segsz = INT_MAX;
1646 else
1647 CP(buf, old, shm_segsz);
1648 CP(buf, old, shm_lpid);
1649 CP(buf, old, shm_cpid);
1650 if (buf.shm_nattch > SHRT_MAX)
1651 old.shm_nattch = SHRT_MAX;
1652 else
1653 CP(buf, old, shm_nattch);
1654 CP(buf, old, shm_atime);
1655 CP(buf, old, shm_dtime);
1656 CP(buf, old, shm_ctime);
1657 old.shm_internal = NULL;
1658 error = copyout(&old, uap->buf, sizeof(old));
1659 break;
1660 }
1661
1662done:
1663 if (error) {
1664 /* Invalidate the return value */
1665 td->td_retval[0] = -1;
1666 }
1667 return (error);
1668}
1669
1670#endif /* COMPAT_FREEBSD4 || COMPAT_FREEBSD5 || COMPAT_FREEBSD6 ||
1671 COMPAT_FREEBSD7 */
1672
1673static int
1674sysvshm_modload(struct module *module, int cmd, void *arg)
1675{
1676 int error = 0;
1677
1678 switch (cmd) {
1679 case MOD_LOAD:
1680 error = shminit();
1681 if (error != 0)
1682 shmunload();
1683 break;
1684 case MOD_UNLOAD:
1685 error = shmunload();
1686 break;
1687 case MOD_SHUTDOWN:
1688 break;
1689 default:
1690 error = EINVAL;
1691 break;
1692 }
1693 return (error);
1694}
1695
1696static moduledata_t sysvshm_mod = {
1697 "sysvshm",
1698 &sysvshm_modload,
1699 NULL
1700};
1701
1702DECLARE_MODULE(sysvshm, sysvshm_mod, SI_SUB_SYSV_SHM, SI_ORDER_FIRST);
1703MODULE_VERSION(sysvshm, 1);
sysent
struct sysent sysent[]
Definition: init_sysent.c:63
prison_ischild
int prison_ischild(struct prison *pr1, struct prison *pr2)
Definition: kern_jail.c:3389
allprison
struct prisonlist allprison
Definition: kern_jail.c:136
prison0
struct prison prison0
Definition: kern_jail.c:101
allprison_lock
struct sx allprison_lock
Definition: kern_jail.c:134
malloc
void *() malloc(size_t size, struct malloc_type *mtp, int flags)
Definition: kern_malloc.c:632
free
void free(void *addr, struct malloc_type *mtp)
Definition: kern_malloc.c:907
osd_free_reserved
void osd_free_reserved(void **rsv)
Definition: kern_osd.c:290
osd_reserve
void ** osd_reserve(u_int slot)
Definition: kern_osd.c:209
pr
static struct pollrec pr[POLL_LIST_LEN]
Definition: kern_poll.c:261
crhold
struct ucred * crhold(struct ucred *cr)
Definition: kern_prot.c:2014
crfree
void crfree(struct ucred *cr)
Definition: kern_prot.c:2035
lim_max
rlim_t lim_max(struct thread *td, int which)
Definition: kern_resource.c:1296
nosys
int nosys(struct thread *td, struct nosys_args *args)
Definition: kern_sig.c:4015
sx_destroy
void sx_destroy(struct sx *sx)
Definition: kern_sx.c:266
syscall_helper_unregister
int syscall_helper_unregister(struct syscall_helper_data *sd)
Definition: kern_syscalls.c:247
syscall_helper_register
int syscall_helper_register(struct syscall_helper_data *sd, int flags)
Definition: kern_syscalls.c:221
time_second
volatile time_t time_second
Definition: kern_tc.c:105
result
linker_file_t * result
Definition: linker_if.m:148
data
uint32_t * data
Definition: msi_if.m:90
shmat_args
Definition: sysv_shm.c:484
shmat_args::shmid
int shmid
Definition: sysv_shm.c:485
shmat_args::shmaddr
const void * shmaddr
Definition: sysv_shm.c:486
shmat_args::shmflg
int shmflg
Definition: sysv_shm.c:487
shmctl_args
Definition: sysv_shm.c:613
shmctl_args::shmid
int shmid
Definition: sysv_shm.c:614
shmctl_args::cmd
int cmd
Definition: sysv_shm.c:615
shmctl_args::buf
struct shmid_ds * buf
Definition: sysv_shm.c:616
shmdt_args
Definition: sysv_shm.c:367
shmdt_args::shmaddr
const void * shmaddr
Definition: sysv_shm.c:368
shmget_args
Definition: sysv_shm.c:775
shmget_args::key
key_t key
Definition: sysv_shm.c:776
shmget_args::size
size_t size
Definition: sysv_shm.c:777
shmget_args::shmflg
int shmflg
Definition: sysv_shm.c:778
shmmap_state
Definition: sysv_shm.c:123
shmmap_state::shmid
int shmid
Definition: sysv_shm.c:125
shmmap_state::va
vm_offset_t va
Definition: sysv_shm.c:124
printf
int printf(const char *fmt,...)
Definition: subr_prf.c:397
ipcperm
int ipcperm(struct thread *td, struct ipc_perm *perm, int acc_mode)
Definition: sysv_ipc.c:90
shmexit
void shmexit(struct vmspace *vm)
Definition: sysv_ipc.c:70
shmfork
void shmfork(struct proc *p1, struct proc *p2)
Definition: sysv_ipc.c:59
shmexit_hook
void(* shmexit_hook)(struct vmspace *)
Definition: sysv_ipc.c:55
shmfork_hook
void(* shmfork_hook)(struct proc *, struct proc *)
Definition: sysv_ipc.c:54
SHMSEG_REMOVED
#define SHMSEG_REMOVED
Definition: sysv_shm.c:115
shmsegs
static struct shmid_kernel * shmsegs
Definition: sysv_shm.c:120
sysvshm_modload
static int sysvshm_modload(struct module *, int, void *)
Definition: sysv_shm.c:1674
sysvshmsx
static struct sx sysvshmsx
Definition: sysv_shm.c:206
shm_delete_mapping
static int shm_delete_mapping(struct vmspace *vm, struct shmmap_state *)
Definition: sysv_shm.c:271
shm_prison_get
static int shm_prison_get(void *, void *)
Definition: sysv_shm.c:1222
shm_last_free
static int shm_last_free
Definition: sysv_shm.c:118
SYSVSHM_LOCK
#define SYSVSHM_LOCK()
Definition: sysv_shm.c:207
shm_prison_remove
static int shm_prison_remove(void *, void *)
shmunload
static int shmunload(void)
Definition: sysv_shm.c:1005
SHMMNI
#define SHMMNI
Definition: sysv_shm.c:167
shm_prison_cansee
static int shm_prison_cansee(struct prison *, struct shmid_kernel *)
Definition: sysv_shm.c:322
shmexit_myhook
static void shmexit_myhook(struct vmspace *vm)
Definition: sysv_shm.c:843
SHMSEG_FREE
#define SHMSEG_FREE
Definition: sysv_shm.c:114
shminit
static int shminit(void)
Definition: sysv_shm.c:927
SYSCTL_PROC
SYSCTL_PROC(_kern_ipc, OID_AUTO, shmsegs, CTLTYPE_OPAQUE|CTLFLAG_RD|CTLFLAG_MPSAFE, NULL, 0, sysctl_shmsegs, "", "Array of struct shmid_kernel for each potential shared memory segment")
shm_prison_set
static int shm_prison_set(void *, void *)
Definition: sysv_shm.c:1134
SHMSEG
#define SHMSEG
Definition: sysv_shm.c:170
DECLARE_MODULE
DECLARE_MODULE(sysvshm, sysvshm_mod, SI_SUB_SYSV_SHM, SI_ORDER_FIRST)
MODULE_VERSION
MODULE_VERSION(sysvshm, 1)
shmalloced
static int shmalloced
Definition: sysv_shm.c:118
shm_prison_cleanup
static void shm_prison_cleanup(struct prison *)
Definition: sysv_shm.c:1258
kern_shmat_locked
static int kern_shmat_locked(struct thread *td, int shmid, const void *shmaddr, int shmflg)
Definition: sysv_shm.c:383
sys_shmget
int sys_shmget(struct thread *td, struct shmget_args *uap)
Definition: sysv_shm.c:782
MALLOC_DEFINE
static MALLOC_DEFINE(M_SHM, "shm", "SVID compatible shared memory segments")
SHMMAX
#define SHMMAX
Definition: sysv_shm.c:161
shminfo
struct shminfo shminfo
Definition: sysv_shm.c:176
shmget_existing
static int shmget_existing(struct thread *td, size_t size, int shmflg, int mode, int segnum)
Definition: sysv_shm.c:661
shmrealloc
static void shmrealloc(void)
Definition: sysv_shm.c:863
SHMSEG_ALLOCATED
#define SHMSEG_ALLOCATED
Definition: sysv_shm.c:116
__FBSDID
__FBSDID("$FreeBSD$")
shmfork_myhook
static void shmfork_myhook(struct proc *p1, struct proc *p2)
Definition: sysv_shm.c:814
SYSCTL_INT
SYSCTL_INT(_kern_ipc, OID_AUTO, shm_use_phys, CTLFLAG_RWTUN, &shm_use_phys, 0, "Enable/Disable locking of shared memory pages in core")
SYSCTL_ULONG
SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmax, CTLFLAG_RWTUN, &shminfo.shmmax, 0, "Maximum shared memory segment size")
shm_use_phys
static int shm_use_phys
Definition: sysv_shm.c:184
shm_remove
static void shm_remove(struct shmid_kernel *, int)
Definition: sysv_shm.c:298
shm_find_segment_by_key
static int shm_find_segment_by_key(struct prison *, key_t)
Definition: sysv_shm.c:212
kern_shmat
int kern_shmat(struct thread *td, int shmid, const void *shmaddr, int shmflg)
Definition: sysv_shm.c:473
shm_allow_removed
static int shm_allow_removed
Definition: sysv_shm.c:185
SYSVSHM_ASSERT_LOCKED
#define SYSVSHM_ASSERT_LOCKED()
Definition: sysv_shm.c:209
kern_shmctl
int kern_shmctl(struct thread *td, int shmid, int cmd, void *buf, size_t *bufsz)
Definition: sysv_shm.c:602
shm_nused
static int shm_nused
Definition: sysv_shm.c:118
kern_shmctl_locked
static int kern_shmctl_locked(struct thread *td, int shmid, int cmd, void *buf, size_t *bufsz)
Definition: sysv_shm.c:498
shm_prison_check
static int shm_prison_check(void *, void *)
Definition: sysv_shm.c:1099
sys_shmat
int sys_shmat(struct thread *td, struct shmat_args *uap)
Definition: sysv_shm.c:491
SHMMIN
#define SHMMIN
Definition: sysv_shm.c:164
SHMALL
#define SHMALL
Definition: sysv_shm.c:173
sysvshm_mod
static moduledata_t sysvshm_mod
Definition: sysv_shm.c:1696
sysctl_shmsegs
static int sysctl_shmsegs(SYSCTL_HANDLER_ARGS)
Definition: sysv_shm.c:1041
kern_shmdt_locked
static int kern_shmdt_locked(struct thread *td, const void *shmaddr)
Definition: sysv_shm.c:333
shm_prison_slot
static unsigned shm_prison_slot
Definition: sysv_shm.c:121
SYSVSHM_UNLOCK
#define SYSVSHM_UNLOCK()
Definition: sysv_shm.c:208
shm_deallocate_segment
static void shm_deallocate_segment(struct shmid_kernel *)
Definition: sysv_shm.c:249
shm_committed
vm_size_t shm_committed
Definition: sysv_shm.c:119
SYSCTL_JAIL_PARAM_SYS_NODE
SYSCTL_JAIL_PARAM_SYS_NODE(sysvshm, CTLFLAG_RW, "SYSV shared memory")
sys_shmctl
int sys_shmctl(struct thread *td, struct shmctl_args *uap)
Definition: sysv_shm.c:620
shm_syscalls
static struct syscall_helper_data shm_syscalls[]
Definition: sysv_shm.c:889
FEATURE
FEATURE(sysv_shm, "System V shared memory segments support")
shm_find_prison
static struct prison * shm_find_prison(struct ucred *)
Definition: sysv_shm.c:310
shmget_allocate_segment
static int shmget_allocate_segment(struct thread *td, key_t key, size_t size, int mode)
Definition: sysv_shm.c:687
sys_shmdt
int sys_shmdt(struct thread *td, struct shmdt_args *uap)
Definition: sysv_shm.c:372
shm_find_segment
static struct shmid_kernel * shm_find_segment(struct prison *, int, bool)
Definition: sysv_shm.c:230
vfs_copyopt
int vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len)
Definition: vfs_mount.c:2593
vfs_flagopt
int vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w, uint64_t val)
Definition: vfs_mount.c:2480
vfs_setopt
int vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len)
Definition: vfs_mount.c:2524
buf
struct stat * buf
Definition: vfs_syscalls.c:2423
mode
mode_t mode
Definition: vfs_syscalls.c:2910