1 /* $NetBSD: sysv_shm.c,v 1.23 1994/07/04 23:25:12 glass Exp $ */
3 * Copyright (c) 1994 Adam Glass and Charles Hannum. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Adam Glass and Charles
17 * 4. The names of the authors may not be used to endorse or promote products
18 * derived from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * Copyright (c) 2003-2005 McAfee, Inc.
33 * All rights reserved.
35 * This software was developed for the FreeBSD Project in part by McAfee
36 * Research, the Security Research Division of McAfee, Inc under DARPA/SPAWAR
37 * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
40 * Redistribution and use in source and binary forms, with or without
41 * modification, are permitted provided that the following conditions
43 * 1. Redistributions of source code must retain the above copyright
44 * notice, this list of conditions and the following disclaimer.
45 * 2. Redistributions in binary form must reproduce the above copyright
46 * notice, this list of conditions and the following disclaimer in the
47 * documentation and/or other materials provided with the distribution.
49 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
62 #include <sys/cdefs.h>
63 __FBSDID("$FreeBSD$");
65 #include "opt_compat.h"
66 #include "opt_sysvipc.h"
68 #include <sys/param.h>
69 #include <sys/systm.h>
70 #include <sys/kernel.h>
71 #include <sys/limits.h>
73 #include <sys/sysctl.h>
76 #include <sys/malloc.h>
78 #include <sys/module.h>
79 #include <sys/mutex.h>
80 #include <sys/racct.h>
81 #include <sys/resourcevar.h>
82 #include <sys/rwlock.h>
84 #include <sys/syscall.h>
85 #include <sys/syscallsubr.h>
86 #include <sys/sysent.h>
87 #include <sys/sysproto.h>
90 #include <security/mac/mac_framework.h>
93 #include <vm/vm_param.h>
95 #include <vm/vm_object.h>
96 #include <vm/vm_map.h>
97 #include <vm/vm_page.h>
98 #include <vm/vm_pager.h>
100 FEATURE(sysv_shm, "System V shared memory segments support");
102 static MALLOC_DEFINE(M_SHM, "shm", "SVID compatible shared memory segments");
104 static int shmget_allocate_segment(struct thread *td,
105 struct shmget_args *uap, int mode);
106 static int shmget_existing(struct thread *td, struct shmget_args *uap,
107 int mode, int segnum);
109 #define SHMSEG_FREE 0x0200
110 #define SHMSEG_REMOVED 0x0400
111 #define SHMSEG_ALLOCATED 0x0800
112 #define SHMSEG_WANTED 0x1000
114 static int shm_last_free, shm_nused, shmalloced;
115 vm_size_t shm_committed;
116 static struct shmid_kernel *shmsegs;
118 struct shmmap_state {
123 static void shm_deallocate_segment(struct shmid_kernel *);
124 static int shm_find_segment_by_key(key_t);
125 static struct shmid_kernel *shm_find_segment_by_shmid(int);
126 static struct shmid_kernel *shm_find_segment_by_shmidx(int);
127 static int shm_delete_mapping(struct vmspace *vm, struct shmmap_state *);
128 static void shmrealloc(void);
129 static int shminit(void);
130 static int sysvshm_modload(struct module *, int, void *);
131 static int shmunload(void);
132 static void shmexit_myhook(struct vmspace *vm);
133 static void shmfork_myhook(struct proc *p1, struct proc *p2);
134 static int sysctl_shmsegs(SYSCTL_HANDLER_ARGS);
140 #define SHMMAXPGS 131072 /* Note: sysv shared memory is swap backed. */
143 #define SHMMAX (SHMMAXPGS*PAGE_SIZE)
155 #define SHMALL (SHMMAXPGS)
158 struct shminfo shminfo = {
166 static int shm_use_phys;
167 static int shm_allow_removed;
169 SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmax, CTLFLAG_RWTUN, &shminfo.shmmax, 0,
170 "Maximum shared memory segment size");
171 SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmin, CTLFLAG_RWTUN, &shminfo.shmmin, 0,
172 "Minimum shared memory segment size");
173 SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmmni, CTLFLAG_RDTUN, &shminfo.shmmni, 0,
174 "Number of shared memory identifiers");
175 SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmseg, CTLFLAG_RDTUN, &shminfo.shmseg, 0,
176 "Number of segments per process");
177 SYSCTL_ULONG(_kern_ipc, OID_AUTO, shmall, CTLFLAG_RWTUN, &shminfo.shmall, 0,
178 "Maximum number of pages available for shared memory");
179 SYSCTL_INT(_kern_ipc, OID_AUTO, shm_use_phys, CTLFLAG_RWTUN,
180 &shm_use_phys, 0, "Enable/Disable locking of shared memory pages in core");
181 SYSCTL_INT(_kern_ipc, OID_AUTO, shm_allow_removed, CTLFLAG_RWTUN,
182 &shm_allow_removed, 0,
183 "Enable/Disable attachment to attached segments marked for removal");
184 SYSCTL_PROC(_kern_ipc, OID_AUTO, shmsegs, CTLTYPE_OPAQUE | CTLFLAG_RD,
185 NULL, 0, sysctl_shmsegs, "",
186 "Current number of shared memory segments allocated");
189 shm_find_segment_by_key(key)
194 for (i = 0; i < shmalloced; i++)
195 if ((shmsegs[i].u.shm_perm.mode & SHMSEG_ALLOCATED) &&
196 shmsegs[i].u.shm_perm.key == key)
201 static struct shmid_kernel *
202 shm_find_segment_by_shmid(int shmid)
205 struct shmid_kernel *shmseg;
207 segnum = IPCID_TO_IX(shmid);
208 if (segnum < 0 || segnum >= shmalloced)
210 shmseg = &shmsegs[segnum];
211 if ((shmseg->u.shm_perm.mode & SHMSEG_ALLOCATED) == 0 ||
212 (!shm_allow_removed &&
213 (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) != 0) ||
214 shmseg->u.shm_perm.seq != IPCID_TO_SEQ(shmid))
219 static struct shmid_kernel *
220 shm_find_segment_by_shmidx(int segnum)
222 struct shmid_kernel *shmseg;
224 if (segnum < 0 || segnum >= shmalloced)
226 shmseg = &shmsegs[segnum];
227 if ((shmseg->u.shm_perm.mode & SHMSEG_ALLOCATED) == 0 ||
228 (!shm_allow_removed &&
229 (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) != 0))
235 shm_deallocate_segment(shmseg)
236 struct shmid_kernel *shmseg;
242 vm_object_deallocate(shmseg->object);
243 shmseg->object = NULL;
244 size = round_page(shmseg->u.shm_segsz);
245 shm_committed -= btoc(size);
247 shmseg->u.shm_perm.mode = SHMSEG_FREE;
249 mac_sysvshm_cleanup(shmseg);
251 racct_sub_cred(shmseg->cred, RACCT_NSHM, 1);
252 racct_sub_cred(shmseg->cred, RACCT_SHMSIZE, size);
253 crfree(shmseg->cred);
258 shm_delete_mapping(struct vmspace *vm, struct shmmap_state *shmmap_s)
260 struct shmid_kernel *shmseg;
266 segnum = IPCID_TO_IX(shmmap_s->shmid);
267 shmseg = &shmsegs[segnum];
268 size = round_page(shmseg->u.shm_segsz);
269 result = vm_map_remove(&vm->vm_map, shmmap_s->va, shmmap_s->va + size);
270 if (result != KERN_SUCCESS)
272 shmmap_s->shmid = -1;
273 shmseg->u.shm_dtime = time_second;
274 if ((--shmseg->u.shm_nattch <= 0) &&
275 (shmseg->u.shm_perm.mode & SHMSEG_REMOVED)) {
276 shm_deallocate_segment(shmseg);
277 shm_last_free = segnum;
282 #ifndef _SYS_SYSPROTO_H_
290 struct shmdt_args *uap;
292 struct proc *p = td->td_proc;
293 struct shmmap_state *shmmap_s;
295 struct shmid_kernel *shmsegptr;
300 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC))
303 shmmap_s = p->p_vmspace->vm_shm;
304 if (shmmap_s == NULL) {
308 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) {
309 if (shmmap_s->shmid != -1 &&
310 shmmap_s->va == (vm_offset_t)uap->shmaddr) {
314 if (i == shminfo.shmseg) {
319 shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)];
320 error = mac_sysvshm_check_shmdt(td->td_ucred, shmsegptr);
324 error = shm_delete_mapping(p->p_vmspace, shmmap_s);
330 #ifndef _SYS_SYSPROTO_H_
338 kern_shmat(td, shmid, shmaddr, shmflg)
344 struct proc *p = td->td_proc;
346 struct shmid_kernel *shmseg;
347 struct shmmap_state *shmmap_s = NULL;
348 vm_offset_t attach_va;
354 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC))
357 shmmap_s = p->p_vmspace->vm_shm;
358 if (shmmap_s == NULL) {
359 shmmap_s = malloc(shminfo.shmseg * sizeof(struct shmmap_state),
363 * If malloc() above sleeps, the Giant lock is
364 * temporarily dropped, which allows another thread to
365 * allocate shmmap_state and set vm_shm. Recheck
366 * vm_shm and free the new shmmap_state if another one
367 * is already allocated.
369 if (p->p_vmspace->vm_shm != NULL) {
370 free(shmmap_s, M_SHM);
371 shmmap_s = p->p_vmspace->vm_shm;
373 for (i = 0; i < shminfo.shmseg; i++)
374 shmmap_s[i].shmid = -1;
375 p->p_vmspace->vm_shm = shmmap_s;
378 shmseg = shm_find_segment_by_shmid(shmid);
379 if (shmseg == NULL) {
383 error = ipcperm(td, &shmseg->u.shm_perm,
384 (shmflg & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W);
388 error = mac_sysvshm_check_shmat(td->td_ucred, shmseg, shmflg);
392 for (i = 0; i < shminfo.shmseg; i++) {
393 if (shmmap_s->shmid == -1)
397 if (i >= shminfo.shmseg) {
401 size = round_page(shmseg->u.shm_segsz);
403 if ((shmflg & SHM_RDONLY) == 0)
404 prot |= VM_PROT_WRITE;
406 if (shmflg & SHM_RND) {
407 attach_va = (vm_offset_t)shmaddr & ~(SHMLBA-1);
408 } else if (((vm_offset_t)shmaddr & (SHMLBA-1)) == 0) {
409 attach_va = (vm_offset_t)shmaddr;
416 * This is just a hint to vm_map_find() about where to
420 attach_va = round_page((vm_offset_t)p->p_vmspace->vm_daddr +
421 lim_max(p, RLIMIT_DATA));
425 vm_object_reference(shmseg->object);
426 rv = vm_map_find(&p->p_vmspace->vm_map, shmseg->object, 0, &attach_va,
427 size, 0, shmaddr != NULL ? VMFS_NO_SPACE : VMFS_OPTIMAL_SPACE,
428 prot, prot, MAP_INHERIT_SHARE | MAP_PREFAULT_PARTIAL);
429 if (rv != KERN_SUCCESS) {
430 vm_object_deallocate(shmseg->object);
435 shmmap_s->va = attach_va;
436 shmmap_s->shmid = shmid;
437 shmseg->u.shm_lpid = p->p_pid;
438 shmseg->u.shm_atime = time_second;
439 shmseg->u.shm_nattch++;
440 td->td_retval[0] = attach_va;
449 struct shmat_args *uap;
451 return kern_shmat(td, uap->shmid, uap->shmaddr, uap->shmflg);
455 kern_shmctl(td, shmid, cmd, buf, bufsz)
463 struct shmid_kernel *shmseg;
465 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC))
471 * It is possible that kern_shmctl is being called from the Linux ABI
472 * layer, in which case, we will need to implement IPC_INFO. It should
473 * be noted that other shmctl calls will be funneled through here for
474 * Linix binaries as well.
476 * NB: The Linux ABI layer will convert this data to structure(s) more
477 * consistent with the Linux ABI.
480 memcpy(buf, &shminfo, sizeof(shminfo));
482 *bufsz = sizeof(shminfo);
483 td->td_retval[0] = shmalloced;
486 struct shm_info shm_info;
487 shm_info.used_ids = shm_nused;
488 shm_info.shm_rss = 0; /*XXX where to get from ? */
489 shm_info.shm_tot = 0; /*XXX where to get from ? */
490 shm_info.shm_swp = 0; /*XXX where to get from ? */
491 shm_info.swap_attempts = 0; /*XXX where to get from ? */
492 shm_info.swap_successes = 0; /*XXX where to get from ? */
493 memcpy(buf, &shm_info, sizeof(shm_info));
495 *bufsz = sizeof(shm_info);
496 td->td_retval[0] = shmalloced;
501 shmseg = shm_find_segment_by_shmidx(shmid);
503 shmseg = shm_find_segment_by_shmid(shmid);
504 if (shmseg == NULL) {
509 error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, cmd);
516 error = ipcperm(td, &shmseg->u.shm_perm, IPC_R);
519 memcpy(buf, &shmseg->u, sizeof(struct shmid_ds));
521 *bufsz = sizeof(struct shmid_ds);
523 td->td_retval[0] = IXSEQ_TO_IPCID(shmid, shmseg->u.shm_perm);
526 struct shmid_ds *shmid;
528 shmid = (struct shmid_ds *)buf;
529 error = ipcperm(td, &shmseg->u.shm_perm, IPC_M);
532 shmseg->u.shm_perm.uid = shmid->shm_perm.uid;
533 shmseg->u.shm_perm.gid = shmid->shm_perm.gid;
534 shmseg->u.shm_perm.mode =
535 (shmseg->u.shm_perm.mode & ~ACCESSPERMS) |
536 (shmid->shm_perm.mode & ACCESSPERMS);
537 shmseg->u.shm_ctime = time_second;
541 error = ipcperm(td, &shmseg->u.shm_perm, IPC_M);
544 shmseg->u.shm_perm.key = IPC_PRIVATE;
545 shmseg->u.shm_perm.mode |= SHMSEG_REMOVED;
546 if (shmseg->u.shm_nattch <= 0) {
547 shm_deallocate_segment(shmseg);
548 shm_last_free = IPCID_TO_IX(shmid);
564 #ifndef _SYS_SYSPROTO_H_
568 struct shmid_ds *buf;
574 struct shmctl_args *uap;
581 * The only reason IPC_INFO, SHM_INFO, SHM_STAT exists is to support
582 * Linux binaries. If we see the call come through the FreeBSD ABI,
583 * return an error back to the user since we do not to support this.
585 if (uap->cmd == IPC_INFO || uap->cmd == SHM_INFO ||
586 uap->cmd == SHM_STAT)
589 /* IPC_SET needs to copyin the buffer before calling kern_shmctl */
590 if (uap->cmd == IPC_SET) {
591 if ((error = copyin(uap->buf, &buf, sizeof(struct shmid_ds))))
595 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&buf, &bufsz);
599 /* Cases in which we need to copyout */
602 error = copyout(&buf, uap->buf, bufsz);
608 /* Invalidate the return value */
609 td->td_retval[0] = -1;
616 shmget_existing(td, uap, mode, segnum)
618 struct shmget_args *uap;
622 struct shmid_kernel *shmseg;
625 shmseg = &shmsegs[segnum];
626 if (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) {
628 * This segment is in the process of being allocated. Wait
629 * until it's done, and look the key up again (in case the
630 * allocation failed or it was freed).
632 shmseg->u.shm_perm.mode |= SHMSEG_WANTED;
633 error = tsleep(shmseg, PLOCK | PCATCH, "shmget", 0);
638 if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
641 error = mac_sysvshm_check_shmget(td->td_ucred, shmseg, uap->shmflg);
645 if (uap->size != 0 && uap->size > shmseg->u.shm_segsz)
647 td->td_retval[0] = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm);
652 shmget_allocate_segment(td, uap, mode)
654 struct shmget_args *uap;
657 int i, segnum, shmid;
659 struct ucred *cred = td->td_ucred;
660 struct shmid_kernel *shmseg;
661 vm_object_t shm_object;
665 if (uap->size < shminfo.shmmin || uap->size > shminfo.shmmax)
667 if (shm_nused >= shminfo.shmmni) /* Any shmids left? */
669 size = round_page(uap->size);
670 if (shm_committed + btoc(size) > shminfo.shmall)
672 if (shm_last_free < 0) {
673 shmrealloc(); /* Maybe expand the shmsegs[] array. */
674 for (i = 0; i < shmalloced; i++)
675 if (shmsegs[i].u.shm_perm.mode & SHMSEG_FREE)
681 segnum = shm_last_free;
684 shmseg = &shmsegs[segnum];
686 PROC_LOCK(td->td_proc);
687 if (racct_add(td->td_proc, RACCT_NSHM, 1)) {
688 PROC_UNLOCK(td->td_proc);
691 if (racct_add(td->td_proc, RACCT_SHMSIZE, size)) {
692 racct_sub(td->td_proc, RACCT_NSHM, 1);
693 PROC_UNLOCK(td->td_proc);
696 PROC_UNLOCK(td->td_proc);
699 * In case we sleep in malloc(), mark the segment present but deleted
700 * so that noone else tries to create the same key.
702 shmseg->u.shm_perm.mode = SHMSEG_ALLOCATED | SHMSEG_REMOVED;
703 shmseg->u.shm_perm.key = uap->key;
704 shmseg->u.shm_perm.seq = (shmseg->u.shm_perm.seq + 1) & 0x7fff;
705 shmid = IXSEQ_TO_IPCID(segnum, shmseg->u.shm_perm);
708 * We make sure that we have allocated a pager before we need
711 shm_object = vm_pager_allocate(shm_use_phys ? OBJT_PHYS : OBJT_SWAP,
712 0, size, VM_PROT_DEFAULT, 0, cred);
713 if (shm_object == NULL) {
715 PROC_LOCK(td->td_proc);
716 racct_sub(td->td_proc, RACCT_NSHM, 1);
717 racct_sub(td->td_proc, RACCT_SHMSIZE, size);
718 PROC_UNLOCK(td->td_proc);
722 shm_object->pg_color = 0;
723 VM_OBJECT_WLOCK(shm_object);
724 vm_object_clear_flag(shm_object, OBJ_ONEMAPPING);
725 vm_object_set_flag(shm_object, OBJ_COLORED | OBJ_NOSPLIT);
726 VM_OBJECT_WUNLOCK(shm_object);
728 shmseg->object = shm_object;
729 shmseg->u.shm_perm.cuid = shmseg->u.shm_perm.uid = cred->cr_uid;
730 shmseg->u.shm_perm.cgid = shmseg->u.shm_perm.gid = cred->cr_gid;
731 shmseg->u.shm_perm.mode = (shmseg->u.shm_perm.mode & SHMSEG_WANTED) |
732 (mode & ACCESSPERMS) | SHMSEG_ALLOCATED;
733 shmseg->cred = crhold(cred);
734 shmseg->u.shm_segsz = uap->size;
735 shmseg->u.shm_cpid = td->td_proc->p_pid;
736 shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0;
737 shmseg->u.shm_atime = shmseg->u.shm_dtime = 0;
739 mac_sysvshm_create(cred, shmseg);
741 shmseg->u.shm_ctime = time_second;
742 shm_committed += btoc(size);
744 if (shmseg->u.shm_perm.mode & SHMSEG_WANTED) {
746 * Somebody else wanted this key while we were asleep. Wake
749 shmseg->u.shm_perm.mode &= ~SHMSEG_WANTED;
752 td->td_retval[0] = shmid;
756 #ifndef _SYS_SYSPROTO_H_
766 struct shmget_args *uap;
771 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC))
774 mode = uap->shmflg & ACCESSPERMS;
775 if (uap->key != IPC_PRIVATE) {
777 segnum = shm_find_segment_by_key(uap->key);
779 error = shmget_existing(td, uap, mode, segnum);
784 if ((uap->shmflg & IPC_CREAT) == 0) {
789 error = shmget_allocate_segment(td, uap, mode);
796 shmfork_myhook(p1, p2)
797 struct proc *p1, *p2;
799 struct shmmap_state *shmmap_s;
804 size = shminfo.shmseg * sizeof(struct shmmap_state);
805 shmmap_s = malloc(size, M_SHM, M_WAITOK);
806 bcopy(p1->p_vmspace->vm_shm, shmmap_s, size);
807 p2->p_vmspace->vm_shm = shmmap_s;
808 for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
809 if (shmmap_s->shmid != -1)
810 shmsegs[IPCID_TO_IX(shmmap_s->shmid)].u.shm_nattch++;
815 shmexit_myhook(struct vmspace *vm)
817 struct shmmap_state *base, *shm;
820 if ((base = vm->vm_shm) != NULL) {
823 for (i = 0, shm = base; i < shminfo.shmseg; i++, shm++) {
824 if (shm->shmid != -1)
825 shm_delete_mapping(vm, shm);
836 struct shmid_kernel *newsegs;
838 if (shmalloced >= shminfo.shmmni)
841 newsegs = malloc(shminfo.shmmni * sizeof(*newsegs), M_SHM, M_WAITOK);
842 for (i = 0; i < shmalloced; i++)
843 bcopy(&shmsegs[i], &newsegs[i], sizeof(newsegs[0]));
844 for (; i < shminfo.shmmni; i++) {
845 shmsegs[i].u.shm_perm.mode = SHMSEG_FREE;
846 shmsegs[i].u.shm_perm.seq = 0;
848 mac_sysvshm_init(&shmsegs[i]);
851 free(shmsegs, M_SHM);
853 shmalloced = shminfo.shmmni;
856 static struct syscall_helper_data shm_syscalls[] = {
857 SYSCALL_INIT_HELPER(shmat),
858 SYSCALL_INIT_HELPER(shmctl),
859 SYSCALL_INIT_HELPER(shmdt),
860 SYSCALL_INIT_HELPER(shmget),
861 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
862 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
863 SYSCALL_INIT_HELPER_COMPAT(freebsd7_shmctl),
865 #if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43))
866 SYSCALL_INIT_HELPER(shmsys),
871 #ifdef COMPAT_FREEBSD32
872 #include <compat/freebsd32/freebsd32.h>
873 #include <compat/freebsd32/freebsd32_ipc.h>
874 #include <compat/freebsd32/freebsd32_proto.h>
875 #include <compat/freebsd32/freebsd32_signal.h>
876 #include <compat/freebsd32/freebsd32_syscall.h>
877 #include <compat/freebsd32/freebsd32_util.h>
879 static struct syscall_helper_data shm32_syscalls[] = {
880 SYSCALL32_INIT_HELPER_COMPAT(shmat),
881 SYSCALL32_INIT_HELPER_COMPAT(shmdt),
882 SYSCALL32_INIT_HELPER_COMPAT(shmget),
883 SYSCALL32_INIT_HELPER(freebsd32_shmsys),
884 SYSCALL32_INIT_HELPER(freebsd32_shmctl),
885 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
886 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
887 SYSCALL32_INIT_HELPER(freebsd7_freebsd32_shmctl),
899 if (TUNABLE_ULONG_FETCH("kern.ipc.shmmaxpgs", &shminfo.shmall) != 0)
900 printf("kern.ipc.shmmaxpgs is now called kern.ipc.shmall!\n");
902 if (shminfo.shmmax == SHMMAX) {
903 /* Initialize shmmax dealing with possible overflow. */
904 for (i = PAGE_SIZE; i != 0; i--) {
905 shminfo.shmmax = shminfo.shmall * i;
906 if ((shminfo.shmmax / shminfo.shmall) == (u_long)i)
910 shmalloced = shminfo.shmmni;
911 shmsegs = malloc(shmalloced * sizeof(shmsegs[0]), M_SHM, M_WAITOK);
912 for (i = 0; i < shmalloced; i++) {
913 shmsegs[i].u.shm_perm.mode = SHMSEG_FREE;
914 shmsegs[i].u.shm_perm.seq = 0;
916 mac_sysvshm_init(&shmsegs[i]);
922 shmexit_hook = &shmexit_myhook;
923 shmfork_hook = &shmfork_myhook;
925 error = syscall_helper_register(shm_syscalls, SY_THR_STATIC_KLD);
928 #ifdef COMPAT_FREEBSD32
929 error = syscall32_helper_register(shm32_syscalls, SY_THR_STATIC_KLD);
944 #ifdef COMPAT_FREEBSD32
945 syscall32_helper_unregister(shm32_syscalls);
947 syscall_helper_unregister(shm_syscalls);
949 for (i = 0; i < shmalloced; i++) {
951 mac_sysvshm_destroy(&shmsegs[i]);
954 * Objects might be still mapped into the processes
955 * address spaces. Actual free would happen on the
956 * last mapping destruction.
958 if (shmsegs[i].u.shm_perm.mode != SHMSEG_FREE)
959 vm_object_deallocate(shmsegs[i].object);
961 free(shmsegs, M_SHM);
968 sysctl_shmsegs(SYSCTL_HANDLER_ARGS)
971 return (SYSCTL_OUT(req, shmsegs, shmalloced * sizeof(shmsegs[0])));
974 #if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43))
976 struct ipc_perm_old shm_perm; /* operation perms */
977 int shm_segsz; /* size of segment (bytes) */
978 u_short shm_cpid; /* pid, creator */
979 u_short shm_lpid; /* pid, last operation */
980 short shm_nattch; /* no. of current attaches */
981 time_t shm_atime; /* last attach time */
982 time_t shm_dtime; /* last detach time */
983 time_t shm_ctime; /* last change time */
984 void *shm_handle; /* internal handle for shm segment */
987 struct oshmctl_args {
990 struct oshmid_ds *ubuf;
994 oshmctl(struct thread *td, struct oshmctl_args *uap)
998 struct shmid_kernel *shmseg;
999 struct oshmid_ds outbuf;
1001 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC))
1004 shmseg = shm_find_segment_by_shmid(uap->shmid);
1005 if (shmseg == NULL) {
1011 error = ipcperm(td, &shmseg->u.shm_perm, IPC_R);
1015 error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, uap->cmd);
1019 ipcperm_new2old(&shmseg->u.shm_perm, &outbuf.shm_perm);
1020 outbuf.shm_segsz = shmseg->u.shm_segsz;
1021 outbuf.shm_cpid = shmseg->u.shm_cpid;
1022 outbuf.shm_lpid = shmseg->u.shm_lpid;
1023 outbuf.shm_nattch = shmseg->u.shm_nattch;
1024 outbuf.shm_atime = shmseg->u.shm_atime;
1025 outbuf.shm_dtime = shmseg->u.shm_dtime;
1026 outbuf.shm_ctime = shmseg->u.shm_ctime;
1027 outbuf.shm_handle = shmseg->object;
1028 error = copyout(&outbuf, uap->ubuf, sizeof(outbuf));
1033 error = freebsd7_shmctl(td, (struct freebsd7_shmctl_args *)uap);
1044 /* XXX casting to (sy_call_t *) is bogus, as usual. */
1045 static sy_call_t *shmcalls[] = {
1046 (sy_call_t *)sys_shmat, (sy_call_t *)oshmctl,
1047 (sy_call_t *)sys_shmdt, (sy_call_t *)sys_shmget,
1048 (sy_call_t *)freebsd7_shmctl
1054 /* XXX actually varargs. */
1055 struct shmsys_args /* {
1064 if (!prison_allow(td->td_ucred, PR_ALLOW_SYSVIPC))
1066 if (uap->which < 0 ||
1067 uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0]))
1070 error = (*shmcalls[uap->which])(td, &uap->a2);
1075 #endif /* i386 && (COMPAT_FREEBSD4 || COMPAT_43) */
1077 #ifdef COMPAT_FREEBSD32
1080 freebsd32_shmsys(struct thread *td, struct freebsd32_shmsys_args *uap)
1083 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
1084 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
1085 switch (uap->which) {
1086 case 0: { /* shmat */
1087 struct shmat_args ap;
1090 ap.shmaddr = PTRIN(uap->a3);
1091 ap.shmflg = uap->a4;
1092 return (sysent[SYS_shmat].sy_call(td, &ap));
1094 case 2: { /* shmdt */
1095 struct shmdt_args ap;
1097 ap.shmaddr = PTRIN(uap->a2);
1098 return (sysent[SYS_shmdt].sy_call(td, &ap));
1100 case 3: { /* shmget */
1101 struct shmget_args ap;
1105 ap.shmflg = uap->a4;
1106 return (sysent[SYS_shmget].sy_call(td, &ap));
1108 case 4: { /* shmctl */
1109 struct freebsd7_freebsd32_shmctl_args ap;
1113 ap.buf = PTRIN(uap->a4);
1114 return (freebsd7_freebsd32_shmctl(td, &ap));
1116 case 1: /* oshmctl */
1121 return (nosys(td, NULL));
1125 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
1126 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
1128 freebsd7_freebsd32_shmctl(struct thread *td,
1129 struct freebsd7_freebsd32_shmctl_args *uap)
1133 struct shmid_ds shmid_ds;
1134 struct shm_info shm_info;
1135 struct shminfo shminfo;
1138 struct shmid_ds32_old shmid_ds32;
1139 struct shm_info32 shm_info32;
1140 struct shminfo32 shminfo32;
1144 if (uap->cmd == IPC_SET) {
1145 if ((error = copyin(uap->buf, &u32.shmid_ds32,
1146 sizeof(u32.shmid_ds32))))
1148 freebsd32_ipcperm_old_in(&u32.shmid_ds32.shm_perm,
1149 &u.shmid_ds.shm_perm);
1150 CP(u32.shmid_ds32, u.shmid_ds, shm_segsz);
1151 CP(u32.shmid_ds32, u.shmid_ds, shm_lpid);
1152 CP(u32.shmid_ds32, u.shmid_ds, shm_cpid);
1153 CP(u32.shmid_ds32, u.shmid_ds, shm_nattch);
1154 CP(u32.shmid_ds32, u.shmid_ds, shm_atime);
1155 CP(u32.shmid_ds32, u.shmid_ds, shm_dtime);
1156 CP(u32.shmid_ds32, u.shmid_ds, shm_ctime);
1159 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&u, &sz);
1163 /* Cases in which we need to copyout */
1166 CP(u.shminfo, u32.shminfo32, shmmax);
1167 CP(u.shminfo, u32.shminfo32, shmmin);
1168 CP(u.shminfo, u32.shminfo32, shmmni);
1169 CP(u.shminfo, u32.shminfo32, shmseg);
1170 CP(u.shminfo, u32.shminfo32, shmall);
1171 error = copyout(&u32.shminfo32, uap->buf,
1172 sizeof(u32.shminfo32));
1175 CP(u.shm_info, u32.shm_info32, used_ids);
1176 CP(u.shm_info, u32.shm_info32, shm_rss);
1177 CP(u.shm_info, u32.shm_info32, shm_tot);
1178 CP(u.shm_info, u32.shm_info32, shm_swp);
1179 CP(u.shm_info, u32.shm_info32, swap_attempts);
1180 CP(u.shm_info, u32.shm_info32, swap_successes);
1181 error = copyout(&u32.shm_info32, uap->buf,
1182 sizeof(u32.shm_info32));
1186 freebsd32_ipcperm_old_out(&u.shmid_ds.shm_perm,
1187 &u32.shmid_ds32.shm_perm);
1188 if (u.shmid_ds.shm_segsz > INT32_MAX)
1189 u32.shmid_ds32.shm_segsz = INT32_MAX;
1191 CP(u.shmid_ds, u32.shmid_ds32, shm_segsz);
1192 CP(u.shmid_ds, u32.shmid_ds32, shm_lpid);
1193 CP(u.shmid_ds, u32.shmid_ds32, shm_cpid);
1194 CP(u.shmid_ds, u32.shmid_ds32, shm_nattch);
1195 CP(u.shmid_ds, u32.shmid_ds32, shm_atime);
1196 CP(u.shmid_ds, u32.shmid_ds32, shm_dtime);
1197 CP(u.shmid_ds, u32.shmid_ds32, shm_ctime);
1198 u32.shmid_ds32.shm_internal = 0;
1199 error = copyout(&u32.shmid_ds32, uap->buf,
1200 sizeof(u32.shmid_ds32));
1206 /* Invalidate the return value */
1207 td->td_retval[0] = -1;
1214 freebsd32_shmctl(struct thread *td, struct freebsd32_shmctl_args *uap)
1218 struct shmid_ds shmid_ds;
1219 struct shm_info shm_info;
1220 struct shminfo shminfo;
1223 struct shmid_ds32 shmid_ds32;
1224 struct shm_info32 shm_info32;
1225 struct shminfo32 shminfo32;
1229 if (uap->cmd == IPC_SET) {
1230 if ((error = copyin(uap->buf, &u32.shmid_ds32,
1231 sizeof(u32.shmid_ds32))))
1233 freebsd32_ipcperm_in(&u32.shmid_ds32.shm_perm,
1234 &u.shmid_ds.shm_perm);
1235 CP(u32.shmid_ds32, u.shmid_ds, shm_segsz);
1236 CP(u32.shmid_ds32, u.shmid_ds, shm_lpid);
1237 CP(u32.shmid_ds32, u.shmid_ds, shm_cpid);
1238 CP(u32.shmid_ds32, u.shmid_ds, shm_nattch);
1239 CP(u32.shmid_ds32, u.shmid_ds, shm_atime);
1240 CP(u32.shmid_ds32, u.shmid_ds, shm_dtime);
1241 CP(u32.shmid_ds32, u.shmid_ds, shm_ctime);
1244 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&u, &sz);
1248 /* Cases in which we need to copyout */
1251 CP(u.shminfo, u32.shminfo32, shmmax);
1252 CP(u.shminfo, u32.shminfo32, shmmin);
1253 CP(u.shminfo, u32.shminfo32, shmmni);
1254 CP(u.shminfo, u32.shminfo32, shmseg);
1255 CP(u.shminfo, u32.shminfo32, shmall);
1256 error = copyout(&u32.shminfo32, uap->buf,
1257 sizeof(u32.shminfo32));
1260 CP(u.shm_info, u32.shm_info32, used_ids);
1261 CP(u.shm_info, u32.shm_info32, shm_rss);
1262 CP(u.shm_info, u32.shm_info32, shm_tot);
1263 CP(u.shm_info, u32.shm_info32, shm_swp);
1264 CP(u.shm_info, u32.shm_info32, swap_attempts);
1265 CP(u.shm_info, u32.shm_info32, swap_successes);
1266 error = copyout(&u32.shm_info32, uap->buf,
1267 sizeof(u32.shm_info32));
1271 freebsd32_ipcperm_out(&u.shmid_ds.shm_perm,
1272 &u32.shmid_ds32.shm_perm);
1273 if (u.shmid_ds.shm_segsz > INT32_MAX)
1274 u32.shmid_ds32.shm_segsz = INT32_MAX;
1276 CP(u.shmid_ds, u32.shmid_ds32, shm_segsz);
1277 CP(u.shmid_ds, u32.shmid_ds32, shm_lpid);
1278 CP(u.shmid_ds, u32.shmid_ds32, shm_cpid);
1279 CP(u.shmid_ds, u32.shmid_ds32, shm_nattch);
1280 CP(u.shmid_ds, u32.shmid_ds32, shm_atime);
1281 CP(u.shmid_ds, u32.shmid_ds32, shm_dtime);
1282 CP(u.shmid_ds, u32.shmid_ds32, shm_ctime);
1283 error = copyout(&u32.shmid_ds32, uap->buf,
1284 sizeof(u32.shmid_ds32));
1290 /* Invalidate the return value */
1291 td->td_retval[0] = -1;
1297 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
1298 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
1301 #define CP(src, dst, fld) do { (dst).fld = (src).fld; } while (0)
1304 #ifndef _SYS_SYSPROTO_H_
1305 struct freebsd7_shmctl_args {
1308 struct shmid_ds_old *buf;
1312 freebsd7_shmctl(td, uap)
1314 struct freebsd7_shmctl_args *uap;
1317 struct shmid_ds_old old;
1318 struct shmid_ds buf;
1322 * The only reason IPC_INFO, SHM_INFO, SHM_STAT exists is to support
1323 * Linux binaries. If we see the call come through the FreeBSD ABI,
1324 * return an error back to the user since we do not to support this.
1326 if (uap->cmd == IPC_INFO || uap->cmd == SHM_INFO ||
1327 uap->cmd == SHM_STAT)
1330 /* IPC_SET needs to copyin the buffer before calling kern_shmctl */
1331 if (uap->cmd == IPC_SET) {
1332 if ((error = copyin(uap->buf, &old, sizeof(old))))
1334 ipcperm_old2new(&old.shm_perm, &buf.shm_perm);
1335 CP(old, buf, shm_segsz);
1336 CP(old, buf, shm_lpid);
1337 CP(old, buf, shm_cpid);
1338 CP(old, buf, shm_nattch);
1339 CP(old, buf, shm_atime);
1340 CP(old, buf, shm_dtime);
1341 CP(old, buf, shm_ctime);
1344 error = kern_shmctl(td, uap->shmid, uap->cmd, (void *)&buf, &bufsz);
1348 /* Cases in which we need to copyout */
1351 ipcperm_new2old(&buf.shm_perm, &old.shm_perm);
1352 if (buf.shm_segsz > INT_MAX)
1353 old.shm_segsz = INT_MAX;
1355 CP(buf, old, shm_segsz);
1356 CP(buf, old, shm_lpid);
1357 CP(buf, old, shm_cpid);
1358 if (buf.shm_nattch > SHRT_MAX)
1359 old.shm_nattch = SHRT_MAX;
1361 CP(buf, old, shm_nattch);
1362 CP(buf, old, shm_atime);
1363 CP(buf, old, shm_dtime);
1364 CP(buf, old, shm_ctime);
1365 old.shm_internal = NULL;
1366 error = copyout(&old, uap->buf, sizeof(old));
1372 /* Invalidate the return value */
1373 td->td_retval[0] = -1;
1378 #endif /* COMPAT_FREEBSD4 || COMPAT_FREEBSD5 || COMPAT_FREEBSD6 ||
1382 sysvshm_modload(struct module *module, int cmd, void *arg)
1393 error = shmunload();
1404 static moduledata_t sysvshm_mod = {
1410 DECLARE_MODULE(sysvshm, sysvshm_mod, SI_SUB_SYSV_SHM, SI_ORDER_FIRST);
1411 MODULE_VERSION(sysvshm, 1);