2 * Copyright (c) 2002 Alfred Perlstein <alfred@FreeBSD.org>
3 * Copyright (c) 2003-2005 SPARTA, Inc.
4 * Copyright (c) 2005 Robert N. M. Watson
7 * This software was developed for the FreeBSD Project in part by Network
8 * Associates Laboratories, the Security Research Division of Network
9 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
10 * as part of the DARPA CHATS research program.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
38 #include "opt_posix.h"
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/sysproto.h>
43 #include <sys/eventhandler.h>
44 #include <sys/kernel.h>
48 #include <sys/posix4.h>
50 #include <sys/mutex.h>
51 #include <sys/module.h>
52 #include <sys/condvar.h>
55 #include <sys/semaphore.h>
56 #include <sys/syscall.h>
58 #include <sys/sysent.h>
59 #include <sys/sysctl.h>
61 #include <sys/malloc.h>
62 #include <sys/fcntl.h>
63 #include <sys/_semaphore.h>
65 #include <security/mac/mac_framework.h>
67 static int sem_count_proc(struct proc *p);
68 static struct ksem *sem_lookup_byname(const char *name);
69 static int sem_create(struct thread *td, const char *name,
70 struct ksem **ksret, mode_t mode, unsigned int value);
71 static void sem_free(struct ksem *ksnew);
72 static int sem_perm(struct thread *td, struct ksem *ks);
73 static void sem_enter(struct proc *p, struct ksem *ks);
74 static int sem_leave(struct proc *p, struct ksem *ks);
75 static void sem_exechook(void *arg, struct proc *p, struct image_params *imgp);
76 static void sem_exithook(void *arg, struct proc *p);
77 static void sem_forkhook(void *arg, struct proc *p1, struct proc *p2,
79 static int sem_hasopen(struct thread *td, struct ksem *ks);
81 static int kern_sem_close(struct thread *td, semid_t id);
82 static int kern_sem_post(struct thread *td, semid_t id);
83 static int kern_sem_wait(struct thread *td, semid_t id, int tryflag,
84 struct timespec *abstime);
85 static int kern_sem_init(struct thread *td, int dir, unsigned int value,
87 static int kern_sem_open(struct thread *td, int dir, const char *name,
88 int oflag, mode_t mode, unsigned int value, semid_t *idp);
89 static int kern_sem_unlink(struct thread *td, const char *name);
95 #define SEM_MAX_NAMELEN 14
97 #define SEM_TO_ID(x) ((intptr_t)(x))
98 #define ID_TO_SEM(x) id_to_sem(x)
101 * available semaphores go here, this includes sem_init and any semaphores
102 * created via sem_open that have not yet been unlinked.
104 LIST_HEAD(, ksem) ksem_head = LIST_HEAD_INITIALIZER(&ksem_head);
106 * semaphores still in use but have been sem_unlink()'d go here.
108 LIST_HEAD(, ksem) ksem_deadhead = LIST_HEAD_INITIALIZER(&ksem_deadhead);
110 static struct mtx sem_lock;
111 static MALLOC_DEFINE(M_SEM, "sems", "semaphore data");
113 static int nsems = 0;
114 SYSCTL_DECL(_p1003_1b);
115 SYSCTL_INT(_p1003_1b, OID_AUTO, nsems, CTLFLAG_RD, &nsems, 0, "");
117 static eventhandler_tag sem_exit_tag, sem_exec_tag, sem_fork_tag;
120 #define DP(x) printf x
127 sem_ref(struct ksem *ks)
130 mtx_assert(&sem_lock, MA_OWNED);
132 DP(("sem_ref: ks = %p, ref = %d\n", ks, ks->ks_ref));
137 sem_rel(struct ksem *ks)
140 mtx_assert(&sem_lock, MA_OWNED);
141 DP(("sem_rel: ks = %p, ref = %d\n", ks, ks->ks_ref - 1));
142 if (--ks->ks_ref == 0)
146 static __inline struct ksem *id_to_sem(semid_t id);
150 id_to_sem(semid_t id)
154 mtx_assert(&sem_lock, MA_OWNED);
155 DP(("id_to_sem: id = %0x,%p\n", id, (struct ksem *)id));
156 LIST_FOREACH(ks, &ksem_head, ks_entry) {
157 DP(("id_to_sem: ks = %p\n", ks));
158 if (ks == (struct ksem *)id)
165 sem_lookup_byname(const char *name)
169 mtx_assert(&sem_lock, MA_OWNED);
170 LIST_FOREACH(ks, &ksem_head, ks_entry)
171 if (ks->ks_name != NULL && strcmp(ks->ks_name, name) == 0)
177 sem_create(struct thread *td, const char *name, struct ksem **ksret,
178 mode_t mode, unsigned int value)
186 DP(("sem_create\n"));
189 if (value > SEM_VALUE_MAX)
191 ret = malloc(sizeof(*ret), M_SEM, M_WAITOK | M_ZERO);
194 if (len > SEM_MAX_NAMELEN) {
196 return (ENAMETOOLONG);
198 /* name must start with a '/' but not contain one. */
199 if (*name != '/' || len < 2 || index(name + 1, '/') != NULL) {
203 ret->ks_name = malloc(len + 1, M_SEM, M_WAITOK);
204 strcpy(ret->ks_name, name);
209 ret->ks_value = value;
212 ret->ks_uid = uc->cr_uid;
213 ret->ks_gid = uc->cr_gid;
215 cv_init(&ret->ks_cv, "sem");
216 LIST_INIT(&ret->ks_users);
218 mac_init_posix_sem(ret);
219 mac_create_posix_sem(uc, ret);
222 sem_enter(td->td_proc, ret);
225 if (nsems >= p31b_getcfg(CTL_P1003_1B_SEM_NSEMS_MAX)) {
226 sem_leave(td->td_proc, ret);
233 mtx_unlock(&sem_lock);
237 #ifndef _SYS_SYSPROTO_H_
238 struct ksem_init_args {
242 int ksem_init(struct thread *td, struct ksem_init_args *uap);
245 ksem_init(struct thread *td, struct ksem_init_args *uap)
249 error = kern_sem_init(td, UIO_USERSPACE, uap->value, uap->idp);
254 kern_sem_init(struct thread *td, int dir, unsigned int value, semid_t *idp)
260 error = sem_create(td, NULL, &ks, S_IRWXU | S_IRWXG, value);
264 if (dir == UIO_USERSPACE) {
265 error = copyout(&id, idp, sizeof(id));
269 mtx_unlock(&sem_lock);
276 LIST_INSERT_HEAD(&ksem_head, ks, ks_entry);
278 mtx_unlock(&sem_lock);
282 #ifndef _SYS_SYSPROTO_H_
283 struct ksem_open_args {
290 int ksem_open(struct thread *td, struct ksem_open_args *uap);
293 ksem_open(struct thread *td, struct ksem_open_args *uap)
295 char name[SEM_MAX_NAMELEN + 1];
299 error = copyinstr(uap->name, name, SEM_MAX_NAMELEN + 1, &done);
302 DP((">>> sem_open start\n"));
303 error = kern_sem_open(td, UIO_USERSPACE,
304 name, uap->oflag, uap->mode, uap->value, uap->idp);
305 DP(("<<< sem_open end\n"));
310 kern_sem_open(struct thread *td, int dir, const char *name, int oflag,
311 mode_t mode, unsigned int value, semid_t *idp)
313 struct ksem *ksnew, *ks;
319 ks = sem_lookup_byname(name);
321 * If we found it but O_EXCL is set, error.
323 if (ks != NULL && (oflag & O_EXCL) != 0) {
324 mtx_unlock(&sem_lock);
328 * If we didn't find it...
332 * didn't ask for creation? error.
334 if ((oflag & O_CREAT) == 0) {
335 mtx_unlock(&sem_lock);
339 * We may block during creation, so drop the lock.
341 mtx_unlock(&sem_lock);
342 error = sem_create(td, name, &ksnew, mode, value);
345 id = SEM_TO_ID(ksnew);
346 if (dir == UIO_USERSPACE) {
347 DP(("about to copyout! %d to %p\n", id, idp));
348 error = copyout(&id, idp, sizeof(id));
351 sem_leave(td->td_proc, ksnew);
353 mtx_unlock(&sem_lock);
357 DP(("about to set! %d to %p\n", id, idp));
361 * We need to make sure we haven't lost a race while
362 * allocating during creation.
365 ks = sem_lookup_byname(name);
368 sem_leave(td->td_proc, ksnew);
370 /* we lost and we can't loose... */
371 if ((oflag & O_EXCL) != 0) {
372 mtx_unlock(&sem_lock);
376 DP(("sem_create: about to add to list...\n"));
377 LIST_INSERT_HEAD(&ksem_head, ksnew, ks_entry);
378 DP(("sem_create: setting list bit...\n"));
379 ksnew->ks_onlist = 1;
380 DP(("sem_create: done, about to unlock...\n"));
384 error = mac_check_posix_sem_open(td->td_ucred, ks);
389 * if we aren't the creator, then enforce permissions.
391 error = sem_perm(td, ks);
395 mtx_unlock(&sem_lock);
397 if (dir == UIO_USERSPACE) {
398 error = copyout(&id, idp, sizeof(id));
402 mtx_unlock(&sem_lock);
408 sem_enter(td->td_proc, ks);
413 mtx_unlock(&sem_lock);
418 sem_perm(struct thread *td, struct ksem *ks)
423 * XXXRW: This permission routine appears to be incorrect. If the
424 * user matches, we shouldn't go on to the group if the user
425 * permissions don't allow the action? Not changed for now. To fix,
426 * change from a series of if (); if (); to if () else if () else...
429 DP(("sem_perm: uc(%d,%d) ks(%d,%d,%o)\n",
430 uc->cr_uid, uc->cr_gid,
431 ks->ks_uid, ks->ks_gid, ks->ks_mode));
432 if ((uc->cr_uid == ks->ks_uid) && (ks->ks_mode & S_IWUSR) != 0)
434 if ((uc->cr_gid == ks->ks_gid) && (ks->ks_mode & S_IWGRP) != 0)
436 if ((ks->ks_mode & S_IWOTH) != 0)
438 return (priv_check(td, PRIV_SEM_WRITE));
442 sem_free(struct ksem *ks)
447 LIST_REMOVE(ks, ks_entry);
448 if (ks->ks_name != NULL)
449 free(ks->ks_name, M_SEM);
450 cv_destroy(&ks->ks_cv);
454 static __inline struct kuser *sem_getuser(struct proc *p, struct ksem *ks);
456 static __inline struct kuser *
457 sem_getuser(struct proc *p, struct ksem *ks)
461 LIST_FOREACH(k, &ks->ks_users, ku_next)
462 if (k->ku_pid == p->p_pid)
468 sem_hasopen(struct thread *td, struct ksem *ks)
471 return ((ks->ks_name == NULL && sem_perm(td, ks) == 0)
472 || sem_getuser(td->td_proc, ks) != NULL);
476 sem_leave(struct proc *p, struct ksem *ks)
480 DP(("sem_leave: ks = %p\n", ks));
481 k = sem_getuser(p, ks);
482 DP(("sem_leave: ks = %p, k = %p\n", ks, k));
484 LIST_REMOVE(k, ku_next);
486 DP(("sem_leave: about to free k\n"));
488 DP(("sem_leave: returning\n"));
499 struct kuser *ku, *k;
501 ku = malloc(sizeof(*ku), M_SEM, M_WAITOK);
502 ku->ku_pid = p->p_pid;
504 k = sem_getuser(p, ks);
506 mtx_unlock(&sem_lock);
510 LIST_INSERT_HEAD(&ks->ks_users, ku, ku_next);
512 mtx_unlock(&sem_lock);
515 #ifndef _SYS_SYSPROTO_H_
516 struct ksem_unlink_args {
519 int ksem_unlink(struct thread *td, struct ksem_unlink_args *uap);
522 ksem_unlink(struct thread *td, struct ksem_unlink_args *uap)
524 char name[SEM_MAX_NAMELEN + 1];
528 error = copyinstr(uap->name, name, SEM_MAX_NAMELEN + 1, &done);
529 return (error ? error :
530 kern_sem_unlink(td, name));
534 kern_sem_unlink(struct thread *td, const char *name)
540 ks = sem_lookup_byname(name);
543 error = mac_check_posix_sem_unlink(td->td_ucred, ks);
545 mtx_unlock(&sem_lock);
549 error = sem_perm(td, ks);
552 DP(("sem_unlink: '%s' ks = %p, error = %d\n", name, ks, error));
554 LIST_REMOVE(ks, ks_entry);
555 LIST_INSERT_HEAD(&ksem_deadhead, ks, ks_entry);
558 mtx_unlock(&sem_lock);
562 #ifndef _SYS_SYSPROTO_H_
563 struct ksem_close_args {
566 int ksem_close(struct thread *td, struct ksem_close_args *uap);
569 ksem_close(struct thread *td, struct ksem_close_args *uap)
572 return (kern_sem_close(td, uap->id));
576 kern_sem_close(struct thread *td, semid_t id)
584 /* this is not a valid operation for unnamed sems */
585 if (ks != NULL && ks->ks_name != NULL)
586 error = sem_leave(td->td_proc, ks);
587 mtx_unlock(&sem_lock);
591 #ifndef _SYS_SYSPROTO_H_
592 struct ksem_post_args {
595 int ksem_post(struct thread *td, struct ksem_post_args *uap);
598 ksem_post(struct thread *td, struct ksem_post_args *uap)
601 return (kern_sem_post(td, uap->id));
605 kern_sem_post(struct thread *td, semid_t id)
612 if (ks == NULL || !sem_hasopen(td, ks)) {
617 error = mac_check_posix_sem_post(td->td_ucred, ks);
621 if (ks->ks_value == SEM_VALUE_MAX) {
626 if (ks->ks_waiters > 0)
627 cv_signal(&ks->ks_cv);
630 mtx_unlock(&sem_lock);
634 #ifndef _SYS_SYSPROTO_H_
635 struct ksem_wait_args {
638 int ksem_wait(struct thread *td, struct ksem_wait_args *uap);
641 ksem_wait(struct thread *td, struct ksem_wait_args *uap)
644 return (kern_sem_wait(td, uap->id, 0, NULL));
647 #ifndef _SYS_SYSPROTO_H_
648 struct ksem_timedwait_args {
650 const struct timespec *abstime;
652 int ksem_timedwait(struct thread *td, struct ksem_timedwait_args *uap);
655 ksem_timedwait(struct thread *td, struct ksem_timedwait_args *uap)
657 struct timespec abstime;
661 /* We allow a null timespec (wait forever). */
662 if (uap->abstime == NULL)
665 error = copyin(uap->abstime, &abstime, sizeof(abstime));
668 if (abstime.tv_nsec >= 1000000000 || abstime.tv_nsec < 0)
672 return (kern_sem_wait(td, uap->id, 0, ts));
675 #ifndef _SYS_SYSPROTO_H_
676 struct ksem_trywait_args {
679 int ksem_trywait(struct thread *td, struct ksem_trywait_args *uap);
682 ksem_trywait(struct thread *td, struct ksem_trywait_args *uap)
685 return (kern_sem_wait(td, uap->id, 1, NULL));
689 kern_sem_wait(struct thread *td, semid_t id, int tryflag,
690 struct timespec *abstime)
692 struct timespec ts1, ts2;
697 DP((">>> kern_sem_wait entered!\n"));
701 DP(("kern_sem_wait ks == NULL\n"));
706 if (!sem_hasopen(td, ks)) {
707 DP(("kern_sem_wait hasopen failed\n"));
712 error = mac_check_posix_sem_wait(td->td_ucred, ks);
714 DP(("kern_sem_wait mac failed\n"));
718 DP(("kern_sem_wait value = %d, tryflag %d\n", ks->ks_value, tryflag));
719 if (ks->ks_value == 0) {
723 else if (abstime == NULL)
724 error = cv_wait_sig(&ks->ks_cv, &sem_lock);
729 timespecsub(&ts1, &ts2);
730 TIMESPEC_TO_TIMEVAL(&tv, &ts1);
735 error = cv_timedwait_sig(&ks->ks_cv,
736 &sem_lock, tvtohz(&tv));
737 if (error != EWOULDBLOCK)
750 mtx_unlock(&sem_lock);
751 DP(("<<< kern_sem_wait leaving, error = %d\n", error));
755 #ifndef _SYS_SYSPROTO_H_
756 struct ksem_getvalue_args {
760 int ksem_getvalue(struct thread *td, struct ksem_getvalue_args *uap);
763 ksem_getvalue(struct thread *td, struct ksem_getvalue_args *uap)
769 ks = ID_TO_SEM(uap->id);
770 if (ks == NULL || !sem_hasopen(td, ks)) {
771 mtx_unlock(&sem_lock);
775 error = mac_check_posix_sem_getvalue(td->td_ucred, ks);
777 mtx_unlock(&sem_lock);
782 mtx_unlock(&sem_lock);
783 error = copyout(&val, uap->val, sizeof(val));
787 #ifndef _SYS_SYSPROTO_H_
788 struct ksem_destroy_args {
791 int ksem_destroy(struct thread *td, struct ksem_destroy_args *uap);
794 ksem_destroy(struct thread *td, struct ksem_destroy_args *uap)
800 ks = ID_TO_SEM(uap->id);
801 if (ks == NULL || !sem_hasopen(td, ks) ||
802 ks->ks_name != NULL) {
807 error = mac_check_posix_sem_destroy(td->td_ucred, ks);
811 if (ks->ks_waiters != 0) {
818 mtx_unlock(&sem_lock);
823 * Count the number of kusers associated with a proc, so as to guess at how
824 * many to allocate when forking.
827 sem_count_proc(struct proc *p)
833 mtx_assert(&sem_lock, MA_OWNED);
836 LIST_FOREACH(ks, &ksem_head, ks_entry) {
837 LIST_FOREACH(ku, &ks->ks_users, ku_next) {
838 if (ku->ku_pid == p->p_pid)
842 LIST_FOREACH(ks, &ksem_deadhead, ks_entry) {
843 LIST_FOREACH(ku, &ks->ks_users, ku_next) {
844 if (ku->ku_pid == p->p_pid)
852 * When a process forks, the child process must gain a reference to each open
853 * semaphore in the parent process, whether it is unlinked or not. This
854 * requires allocating a kuser structure for each semaphore reference in the
855 * new process. Because the set of semaphores in the parent can change while
856 * the fork is in progress, we have to handle races -- first we attempt to
857 * allocate enough storage to acquire references to each of the semaphores,
858 * then we enter the semaphores and release the temporary references.
861 sem_forkhook(void *arg, struct proc *p1, struct proc *p2, int flags)
863 struct ksem *ks, **sem_array;
864 int count, i, new_count;
868 count = sem_count_proc(p1);
870 mtx_unlock(&sem_lock);
874 mtx_assert(&sem_lock, MA_OWNED);
875 mtx_unlock(&sem_lock);
876 sem_array = malloc(sizeof(struct ksem *) * count, M_TEMP, M_WAITOK);
878 new_count = sem_count_proc(p1);
879 if (count < new_count) {
880 /* Lost race, repeat and allocate more storage. */
881 free(sem_array, M_TEMP);
886 * Given an array capable of storing an adequate number of semaphore
887 * references, now walk the list of semaphores and acquire a new
888 * reference for any semaphore opened by p1.
892 LIST_FOREACH(ks, &ksem_head, ks_entry) {
893 LIST_FOREACH(ku, &ks->ks_users, ku_next) {
894 if (ku->ku_pid == p1->p_pid) {
902 LIST_FOREACH(ks, &ksem_deadhead, ks_entry) {
903 LIST_FOREACH(ku, &ks->ks_users, ku_next) {
904 if (ku->ku_pid == p1->p_pid) {
912 mtx_unlock(&sem_lock);
913 KASSERT(i == count, ("sem_forkhook: i != count (%d, %d)", i, count));
915 * Now cause p2 to enter each of the referenced semaphores, then
916 * release our temporary reference. This is pretty inefficient.
917 * Finally, free our temporary array.
919 for (i = 0; i < count; i++) {
920 sem_enter(p2, sem_array[i]);
922 sem_rel(sem_array[i]);
923 mtx_unlock(&sem_lock);
925 free(sem_array, M_TEMP);
929 sem_exechook(void *arg, struct proc *p, struct image_params *imgp __unused)
931 sem_exithook(arg, p);
935 sem_exithook(void *arg, struct proc *p)
937 struct ksem *ks, *ksnext;
940 ks = LIST_FIRST(&ksem_head);
942 ksnext = LIST_NEXT(ks, ks_entry);
946 ks = LIST_FIRST(&ksem_deadhead);
948 ksnext = LIST_NEXT(ks, ks_entry);
952 mtx_unlock(&sem_lock);
956 sem_modload(struct module *module, int cmd, void *arg)
962 mtx_init(&sem_lock, "sem", "semaphore", MTX_DEF);
963 p31b_setcfg(CTL_P1003_1B_SEM_NSEMS_MAX, SEM_MAX);
964 p31b_setcfg(CTL_P1003_1B_SEM_VALUE_MAX, SEM_VALUE_MAX);
965 sem_exit_tag = EVENTHANDLER_REGISTER(process_exit, sem_exithook,
966 NULL, EVENTHANDLER_PRI_ANY);
967 sem_exec_tag = EVENTHANDLER_REGISTER(process_exec, sem_exechook,
968 NULL, EVENTHANDLER_PRI_ANY);
969 sem_fork_tag = EVENTHANDLER_REGISTER(process_fork, sem_forkhook, NULL, EVENTHANDLER_PRI_ANY);
976 EVENTHANDLER_DEREGISTER(process_exit, sem_exit_tag);
977 EVENTHANDLER_DEREGISTER(process_exec, sem_exec_tag);
978 EVENTHANDLER_DEREGISTER(process_fork, sem_fork_tag);
979 mtx_destroy(&sem_lock);
990 static moduledata_t sem_mod = {
996 SYSCALL_MODULE_HELPER(ksem_init);
997 SYSCALL_MODULE_HELPER(ksem_open);
998 SYSCALL_MODULE_HELPER(ksem_unlink);
999 SYSCALL_MODULE_HELPER(ksem_close);
1000 SYSCALL_MODULE_HELPER(ksem_post);
1001 SYSCALL_MODULE_HELPER(ksem_wait);
1002 SYSCALL_MODULE_HELPER(ksem_timedwait);
1003 SYSCALL_MODULE_HELPER(ksem_trywait);
1004 SYSCALL_MODULE_HELPER(ksem_getvalue);
1005 SYSCALL_MODULE_HELPER(ksem_destroy);
1007 DECLARE_MODULE(sem, sem_mod, SI_SUB_SYSV_SEM, SI_ORDER_FIRST);
1008 MODULE_VERSION(sem, 1);