1 /* $NetBSD: sysv_msg.c,v 1.32 2000/07/22 16:11:02 simonb Exp $ */ 2 3 /*- 4 * Copyright (c) 1999 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, 9 * NASA Ames Research Center. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed by the NetBSD 22 * Foundation, Inc. and its contributors. 23 * 4. Neither the name of The NetBSD Foundation nor the names of its 24 * contributors may be used to endorse or promote products derived 25 * from this software without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 28 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 31 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 37 * POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40 /* 41 * Implementation of SVID messages 42 * 43 * Author: Daniel Boulet 44 * 45 * Copyright 1993 Daniel Boulet and RTMX Inc. 46 * 47 * This system call was implemented by Daniel Boulet under contract from RTMX. 48 * 49 * Redistribution and use in source forms, with and without modification, 50 * are permitted provided that this entire comment appears intact. 51 * 52 * Redistribution in binary form may occur without any restrictions. 53 * Obviously, it would be nice if you gave credit where credit is due 54 * but requiring it would be too onerous. 55 * 56 * This software is provided ``AS IS'' without any warranties of any kind. 57 */ 58 59 #define SYSVMSG 60 61 #include <sys/param.h> 62 #include <sys/kernel.h> 63 #include <sys/msg.h> 64 #include <sys/sysctl.h> 65 #include <sys/mount.h> /* XXX for <sys/syscallargs.h> */ 66 #include <sys/syscallargs.h> 67 68 #define MSG_DEBUG 69 #undef MSG_DEBUG_OK 70 71 #ifdef MSG_DEBUG_OK 72 #define MSG_PRINTF(a) printf a 73 #else 74 #define MSG_PRINTF(a) 75 #endif 76 77 int nfree_msgmaps; /* # of free map entries */ 78 short free_msgmaps; /* head of linked list of free map entries */ 79 struct __msg *free_msghdrs; /* list of free msg headers */ 80 char *msgpool; /* MSGMAX byte long msg buffer pool */ 81 struct msgmap *msgmaps; /* MSGSEG msgmap structures */ 82 struct __msg *msghdrs; /* MSGTQL msg headers */ 83 struct msqid_ds *msqids; /* MSGMNI msqid_ds struct's */ 84 85 static void msg_freehdr __P((struct __msg *)); 86 87 void 88 msginit() 89 { 90 int i; 91 92 /* 93 * msginfo.msgssz should be a power of two for efficiency reasons. 94 * It is also pretty silly if msginfo.msgssz is less than 8 95 * or greater than about 256 so ... 96 */ 97 98 i = 8; 99 while (i < 1024 && i != msginfo.msgssz) 100 i <<= 1; 101 if (i != msginfo.msgssz) { 102 MSG_PRINTF(("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz, 103 msginfo.msgssz)); 104 panic("msginfo.msgssz not a small power of 2"); 105 } 106 107 if (msginfo.msgseg > 32767) { 108 MSG_PRINTF(("msginfo.msgseg=%d\n", msginfo.msgseg)); 109 panic("msginfo.msgseg > 32767"); 110 } 111 112 if (msgmaps == NULL) 113 panic("msgmaps is NULL"); 114 115 for (i = 0; i < msginfo.msgseg; i++) { 116 if (i > 0) 117 msgmaps[i-1].next = i; 118 msgmaps[i].next = -1; /* implies entry is available */ 119 } 120 free_msgmaps = 0; 121 nfree_msgmaps = msginfo.msgseg; 122 123 if (msghdrs == NULL) 124 panic("msghdrs is NULL"); 125 126 for (i = 0; i < msginfo.msgtql; i++) { 127 msghdrs[i].msg_type = 0; 128 if (i > 0) 129 msghdrs[i-1].msg_next = &msghdrs[i]; 130 msghdrs[i].msg_next = NULL; 131 } 132 free_msghdrs = &msghdrs[0]; 133 134 if (msqids == NULL) 135 panic("msqids is NULL"); 136 137 for (i = 0; i < msginfo.msgmni; i++) { 138 msqids[i].msg_qbytes = 0; /* implies entry is available */ 139 msqids[i].msg_perm._seq = 0; /* reset to a known value */ 140 } 141 } 142 143 static void 144 msg_freehdr(msghdr) 145 struct __msg *msghdr; 146 { 147 while (msghdr->msg_ts > 0) { 148 short next; 149 if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg) 150 panic("msghdr->msg_spot out of range"); 151 next = msgmaps[msghdr->msg_spot].next; 152 msgmaps[msghdr->msg_spot].next = free_msgmaps; 153 free_msgmaps = msghdr->msg_spot; 154 nfree_msgmaps++; 155 msghdr->msg_spot = next; 156 if (msghdr->msg_ts >= msginfo.msgssz) 157 msghdr->msg_ts -= msginfo.msgssz; 158 else 159 msghdr->msg_ts = 0; 160 } 161 if (msghdr->msg_spot != -1) 162 panic("msghdr->msg_spot != -1"); 163 msghdr->msg_next = free_msghdrs; 164 free_msghdrs = msghdr; 165 } 166 167 int 168 sys___msgctl13(p, v, retval) 169 struct proc *p; 170 void *v; 171 register_t *retval; 172 { 173 struct sys___msgctl13_args /* { 174 syscallarg(int) msqid; 175 syscallarg(int) cmd; 176 syscallarg(struct msqid_ds *) buf; 177 } */ *uap = v; 178 struct msqid_ds msqbuf; 179 int cmd, error; 180 181 cmd = SCARG(uap, cmd); 182 183 if (cmd == IPC_SET) { 184 error = copyin(SCARG(uap, buf), &msqbuf, sizeof(msqbuf)); 185 if (error) 186 return (error); 187 } 188 189 error = msgctl1(p, SCARG(uap, msqid), cmd, 190 (cmd == IPC_SET || cmd == IPC_STAT) ? &msqbuf : NULL); 191 192 if (error == 0 && cmd == IPC_STAT) 193 error = copyout(&msqbuf, SCARG(uap, buf), sizeof(msqbuf)); 194 195 return (error); 196 } 197 198 int 199 msgctl1(p, msqid, cmd, msqbuf) 200 struct proc *p; 201 int msqid; 202 int cmd; 203 struct msqid_ds *msqbuf; 204 { 205 struct ucred *cred = p->p_ucred; 206 struct msqid_ds *msqptr; 207 int error = 0, ix; 208 209 MSG_PRINTF(("call to msgctl1(%d, %d)\n", msqid, cmd)); 210 211 ix = IPCID_TO_IX(msqid); 212 213 if (ix < 0 || ix >= msginfo.msgmni) { 214 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", ix, 215 msginfo.msgmni)); 216 return (EINVAL); 217 } 218 219 msqptr = &msqids[ix]; 220 221 if (msqptr->msg_qbytes == 0) { 222 MSG_PRINTF(("no such msqid\n")); 223 return (EINVAL); 224 } 225 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(msqid)) { 226 MSG_PRINTF(("wrong sequence number\n")); 227 return (EINVAL); 228 } 229 230 switch (cmd) { 231 case IPC_RMID: 232 { 233 struct __msg *msghdr; 234 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)) != 0) 235 return (error); 236 /* Free the message headers */ 237 msghdr = msqptr->_msg_first; 238 while (msghdr != NULL) { 239 struct __msg *msghdr_tmp; 240 241 /* Free the segments of each message */ 242 msqptr->_msg_cbytes -= msghdr->msg_ts; 243 msqptr->msg_qnum--; 244 msghdr_tmp = msghdr; 245 msghdr = msghdr->msg_next; 246 msg_freehdr(msghdr_tmp); 247 } 248 249 if (msqptr->_msg_cbytes != 0) 250 panic("msg_cbytes is screwed up"); 251 if (msqptr->msg_qnum != 0) 252 panic("msg_qnum is screwed up"); 253 254 msqptr->msg_qbytes = 0; /* Mark it as free */ 255 256 wakeup(msqptr); 257 } 258 break; 259 260 case IPC_SET: 261 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M))) 262 return (error); 263 if (msqbuf->msg_qbytes > msqptr->msg_qbytes && cred->cr_uid != 0) 264 return (EPERM); 265 if (msqbuf->msg_qbytes > msginfo.msgmnb) { 266 MSG_PRINTF(("can't increase msg_qbytes beyond %d " 267 "(truncating)\n", msginfo.msgmnb)); 268 /* silently restrict qbytes to system limit */ 269 msqbuf->msg_qbytes = msginfo.msgmnb; 270 } 271 if (msqbuf->msg_qbytes == 0) { 272 MSG_PRINTF(("can't reduce msg_qbytes to 0\n")); 273 return (EINVAL); /* XXX non-standard errno! */ 274 } 275 msqptr->msg_perm.uid = msqbuf->msg_perm.uid; 276 msqptr->msg_perm.gid = msqbuf->msg_perm.gid; 277 msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) | 278 (msqbuf->msg_perm.mode & 0777); 279 msqptr->msg_qbytes = msqbuf->msg_qbytes; 280 msqptr->msg_ctime = time.tv_sec; 281 break; 282 283 case IPC_STAT: 284 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 285 MSG_PRINTF(("requester doesn't have read access\n")); 286 return (error); 287 } 288 memcpy(msqbuf, msqptr, sizeof(struct msqid_ds)); 289 break; 290 291 default: 292 MSG_PRINTF(("invalid command %d\n", cmd)); 293 return (EINVAL); 294 } 295 296 return (error); 297 } 298 299 int 300 sys_msgget(p, v, retval) 301 struct proc *p; 302 void *v; 303 register_t *retval; 304 { 305 struct sys_msgget_args /* { 306 syscallarg(key_t) key; 307 syscallarg(int) msgflg; 308 } */ *uap = v; 309 int msqid, error; 310 int key = SCARG(uap, key); 311 int msgflg = SCARG(uap, msgflg); 312 struct ucred *cred = p->p_ucred; 313 struct msqid_ds *msqptr = NULL; 314 315 MSG_PRINTF(("msgget(0x%x, 0%o)\n", key, msgflg)); 316 317 if (key != IPC_PRIVATE) { 318 for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 319 msqptr = &msqids[msqid]; 320 if (msqptr->msg_qbytes != 0 && 321 msqptr->msg_perm._key == key) 322 break; 323 } 324 if (msqid < msginfo.msgmni) { 325 MSG_PRINTF(("found public key\n")); 326 if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) { 327 MSG_PRINTF(("not exclusive\n")); 328 return(EEXIST); 329 } 330 if ((error = ipcperm(cred, &msqptr->msg_perm, 331 msgflg & 0700 ))) { 332 MSG_PRINTF(("requester doesn't have 0%o access\n", 333 msgflg & 0700)); 334 return (error); 335 } 336 goto found; 337 } 338 } 339 340 MSG_PRINTF(("need to allocate the msqid_ds\n")); 341 if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) { 342 for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 343 /* 344 * Look for an unallocated and unlocked msqid_ds. 345 * msqid_ds's can be locked by msgsnd or msgrcv while 346 * they are copying the message in/out. We can't 347 * re-use the entry until they release it. 348 */ 349 msqptr = &msqids[msqid]; 350 if (msqptr->msg_qbytes == 0 && 351 (msqptr->msg_perm.mode & MSG_LOCKED) == 0) 352 break; 353 } 354 if (msqid == msginfo.msgmni) { 355 MSG_PRINTF(("no more msqid_ds's available\n")); 356 return (ENOSPC); 357 } 358 MSG_PRINTF(("msqid %d is available\n", msqid)); 359 msqptr->msg_perm._key = key; 360 msqptr->msg_perm.cuid = cred->cr_uid; 361 msqptr->msg_perm.uid = cred->cr_uid; 362 msqptr->msg_perm.cgid = cred->cr_gid; 363 msqptr->msg_perm.gid = cred->cr_gid; 364 msqptr->msg_perm.mode = (msgflg & 0777); 365 /* Make sure that the returned msqid is unique */ 366 msqptr->msg_perm._seq++; 367 msqptr->_msg_first = NULL; 368 msqptr->_msg_last = NULL; 369 msqptr->_msg_cbytes = 0; 370 msqptr->msg_qnum = 0; 371 msqptr->msg_qbytes = msginfo.msgmnb; 372 msqptr->msg_lspid = 0; 373 msqptr->msg_lrpid = 0; 374 msqptr->msg_stime = 0; 375 msqptr->msg_rtime = 0; 376 msqptr->msg_ctime = time.tv_sec; 377 } else { 378 MSG_PRINTF(("didn't find it and wasn't asked to create it\n")); 379 return (ENOENT); 380 } 381 382 found: 383 /* Construct the unique msqid */ 384 *retval = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm); 385 return (0); 386 } 387 388 int 389 sys_msgsnd(p, v, retval) 390 struct proc *p; 391 void *v; 392 register_t *retval; 393 { 394 struct sys_msgsnd_args /* { 395 syscallarg(int) msqid; 396 syscallarg(const void *) msgp; 397 syscallarg(size_t) msgsz; 398 syscallarg(int) msgflg; 399 } */ *uap = v; 400 int msqid = SCARG(uap, msqid); 401 const char *user_msgp = SCARG(uap, msgp); 402 size_t msgsz = SCARG(uap, msgsz); 403 int msgflg = SCARG(uap, msgflg); 404 int segs_needed, error; 405 struct ucred *cred = p->p_ucred; 406 struct msqid_ds *msqptr; 407 struct __msg *msghdr; 408 short next; 409 410 MSG_PRINTF(("call to msgsnd(%d, %p, %d, %d)\n", msqid, user_msgp, msgsz, 411 msgflg)); 412 413 msqid = IPCID_TO_IX(msqid); 414 415 if (msqid < 0 || msqid >= msginfo.msgmni) { 416 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 417 msginfo.msgmni)); 418 return (EINVAL); 419 } 420 421 msqptr = &msqids[msqid]; 422 if (msqptr->msg_qbytes == 0) { 423 MSG_PRINTF(("no such message queue id\n")); 424 return (EINVAL); 425 } 426 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 427 MSG_PRINTF(("wrong sequence number\n")); 428 return (EINVAL); 429 } 430 431 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_W))) { 432 MSG_PRINTF(("requester doesn't have write access\n")); 433 return (error); 434 } 435 436 segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz; 437 MSG_PRINTF(("msgsz=%d, msgssz=%d, segs_needed=%d\n", msgsz, 438 msginfo.msgssz, segs_needed)); 439 for (;;) { 440 int need_more_resources = 0; 441 442 /* 443 * check msgsz [cannot be negative since it is unsigned] 444 * (inside this loop in case msg_qbytes changes while we sleep) 445 */ 446 447 if (msgsz > msqptr->msg_qbytes) { 448 MSG_PRINTF(("msgsz > msqptr->msg_qbytes\n")); 449 return (EINVAL); 450 } 451 452 if (msqptr->msg_perm.mode & MSG_LOCKED) { 453 MSG_PRINTF(("msqid is locked\n")); 454 need_more_resources = 1; 455 } 456 if (msgsz + msqptr->_msg_cbytes > msqptr->msg_qbytes) { 457 MSG_PRINTF(("msgsz + msg_cbytes > msg_qbytes\n")); 458 need_more_resources = 1; 459 } 460 if (segs_needed > nfree_msgmaps) { 461 MSG_PRINTF(("segs_needed > nfree_msgmaps\n")); 462 need_more_resources = 1; 463 } 464 if (free_msghdrs == NULL) { 465 MSG_PRINTF(("no more msghdrs\n")); 466 need_more_resources = 1; 467 } 468 469 if (need_more_resources) { 470 int we_own_it; 471 472 if ((msgflg & IPC_NOWAIT) != 0) { 473 MSG_PRINTF(("need more resources but caller " 474 "doesn't want to wait\n")); 475 return (EAGAIN); 476 } 477 478 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) { 479 MSG_PRINTF(("we don't own the msqid_ds\n")); 480 we_own_it = 0; 481 } else { 482 /* Force later arrivals to wait for our 483 request */ 484 MSG_PRINTF(("we own the msqid_ds\n")); 485 msqptr->msg_perm.mode |= MSG_LOCKED; 486 we_own_it = 1; 487 } 488 MSG_PRINTF(("goodnight\n")); 489 error = tsleep(msqptr, (PZERO - 4) | PCATCH, 490 "msgwait", 0); 491 MSG_PRINTF(("good morning, error=%d\n", error)); 492 if (we_own_it) 493 msqptr->msg_perm.mode &= ~MSG_LOCKED; 494 if (error != 0) { 495 MSG_PRINTF(("msgsnd: interrupted system " 496 "call\n")); 497 return (EINTR); 498 } 499 500 /* 501 * Make sure that the msq queue still exists 502 */ 503 504 if (msqptr->msg_qbytes == 0) { 505 MSG_PRINTF(("msqid deleted\n")); 506 return (EIDRM); 507 } 508 } else { 509 MSG_PRINTF(("got all the resources that we need\n")); 510 break; 511 } 512 } 513 514 /* 515 * We have the resources that we need. 516 * Make sure! 517 */ 518 519 if (msqptr->msg_perm.mode & MSG_LOCKED) 520 panic("msg_perm.mode & MSG_LOCKED"); 521 if (segs_needed > nfree_msgmaps) 522 panic("segs_needed > nfree_msgmaps"); 523 if (msgsz + msqptr->_msg_cbytes > msqptr->msg_qbytes) 524 panic("msgsz + msg_cbytes > msg_qbytes"); 525 if (free_msghdrs == NULL) 526 panic("no more msghdrs"); 527 528 /* 529 * Re-lock the msqid_ds in case we page-fault when copying in the 530 * message 531 */ 532 533 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) 534 panic("msqid_ds is already locked"); 535 msqptr->msg_perm.mode |= MSG_LOCKED; 536 537 /* 538 * Allocate a message header 539 */ 540 541 msghdr = free_msghdrs; 542 free_msghdrs = msghdr->msg_next; 543 msghdr->msg_spot = -1; 544 msghdr->msg_ts = msgsz; 545 546 /* 547 * Allocate space for the message 548 */ 549 550 while (segs_needed > 0) { 551 if (nfree_msgmaps <= 0) 552 panic("not enough msgmaps"); 553 if (free_msgmaps == -1) 554 panic("nil free_msgmaps"); 555 next = free_msgmaps; 556 if (next <= -1) 557 panic("next too low #1"); 558 if (next >= msginfo.msgseg) 559 panic("next out of range #1"); 560 MSG_PRINTF(("allocating segment %d to message\n", next)); 561 free_msgmaps = msgmaps[next].next; 562 nfree_msgmaps--; 563 msgmaps[next].next = msghdr->msg_spot; 564 msghdr->msg_spot = next; 565 segs_needed--; 566 } 567 568 /* 569 * Copy in the message type 570 */ 571 572 if ((error = copyin(user_msgp, &msghdr->msg_type, 573 sizeof(msghdr->msg_type))) != 0) { 574 MSG_PRINTF(("error %d copying the message type\n", error)); 575 msg_freehdr(msghdr); 576 msqptr->msg_perm.mode &= ~MSG_LOCKED; 577 wakeup(msqptr); 578 return (error); 579 } 580 user_msgp += sizeof(msghdr->msg_type); 581 582 /* 583 * Validate the message type 584 */ 585 586 if (msghdr->msg_type < 1) { 587 msg_freehdr(msghdr); 588 msqptr->msg_perm.mode &= ~MSG_LOCKED; 589 wakeup(msqptr); 590 MSG_PRINTF(("mtype (%d) < 1\n", msghdr->msg_type)); 591 return (EINVAL); 592 } 593 594 /* 595 * Copy in the message body 596 */ 597 598 next = msghdr->msg_spot; 599 while (msgsz > 0) { 600 size_t tlen; 601 if (msgsz > msginfo.msgssz) 602 tlen = msginfo.msgssz; 603 else 604 tlen = msgsz; 605 if (next <= -1) 606 panic("next too low #2"); 607 if (next >= msginfo.msgseg) 608 panic("next out of range #2"); 609 if ((error = copyin(user_msgp, &msgpool[next * msginfo.msgssz], 610 tlen)) != 0) { 611 MSG_PRINTF(("error %d copying in message segment\n", 612 error)); 613 msg_freehdr(msghdr); 614 msqptr->msg_perm.mode &= ~MSG_LOCKED; 615 wakeup(msqptr); 616 return (error); 617 } 618 msgsz -= tlen; 619 user_msgp += tlen; 620 next = msgmaps[next].next; 621 } 622 if (next != -1) 623 panic("didn't use all the msg segments"); 624 625 /* 626 * We've got the message. Unlock the msqid_ds. 627 */ 628 629 msqptr->msg_perm.mode &= ~MSG_LOCKED; 630 631 /* 632 * Make sure that the msqid_ds is still allocated. 633 */ 634 635 if (msqptr->msg_qbytes == 0) { 636 msg_freehdr(msghdr); 637 wakeup(msqptr); 638 return (EIDRM); 639 } 640 641 /* 642 * Put the message into the queue 643 */ 644 645 if (msqptr->_msg_first == NULL) { 646 msqptr->_msg_first = msghdr; 647 msqptr->_msg_last = msghdr; 648 } else { 649 msqptr->_msg_last->msg_next = msghdr; 650 msqptr->_msg_last = msghdr; 651 } 652 msqptr->_msg_last->msg_next = NULL; 653 654 msqptr->_msg_cbytes += msghdr->msg_ts; 655 msqptr->msg_qnum++; 656 msqptr->msg_lspid = p->p_pid; 657 msqptr->msg_stime = time.tv_sec; 658 659 wakeup(msqptr); 660 return (0); 661 } 662 663 int 664 sys_msgrcv(p, v, retval) 665 struct proc *p; 666 void *v; 667 register_t *retval; 668 { 669 struct sys_msgrcv_args /* { 670 syscallarg(int) msqid; 671 syscallarg(void *) msgp; 672 syscallarg(size_t) msgsz; 673 syscallarg(long) msgtyp; 674 syscallarg(int) msgflg; 675 } */ *uap = v; 676 int msqid = SCARG(uap, msqid); 677 char *user_msgp = SCARG(uap, msgp); 678 size_t msgsz = SCARG(uap, msgsz); 679 long msgtyp = SCARG(uap, msgtyp); 680 int msgflg = SCARG(uap, msgflg); 681 size_t len; 682 struct ucred *cred = p->p_ucred; 683 struct msqid_ds *msqptr; 684 struct __msg *msghdr; 685 int error; 686 short next; 687 688 MSG_PRINTF(("call to msgrcv(%d, %p, %d, %ld, %d)\n", msqid, user_msgp, 689 msgsz, msgtyp, msgflg)); 690 691 msqid = IPCID_TO_IX(msqid); 692 693 if (msqid < 0 || msqid >= msginfo.msgmni) { 694 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 695 msginfo.msgmni)); 696 return (EINVAL); 697 } 698 699 msqptr = &msqids[msqid]; 700 if (msqptr->msg_qbytes == 0) { 701 MSG_PRINTF(("no such message queue id\n")); 702 return (EINVAL); 703 } 704 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 705 MSG_PRINTF(("wrong sequence number\n")); 706 return (EINVAL); 707 } 708 709 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 710 MSG_PRINTF(("requester doesn't have read access\n")); 711 return (error); 712 } 713 714 #if 0 715 /* cannot happen, msgsz is unsigned */ 716 if (msgsz < 0) { 717 MSG_PRINTF(("msgsz < 0\n")); 718 return (EINVAL); 719 } 720 #endif 721 722 msghdr = NULL; 723 while (msghdr == NULL) { 724 if (msgtyp == 0) { 725 msghdr = msqptr->_msg_first; 726 if (msghdr != NULL) { 727 if (msgsz < msghdr->msg_ts && 728 (msgflg & MSG_NOERROR) == 0) { 729 MSG_PRINTF(("first message on the " 730 "queue is too big " 731 "(want %d, got %d)\n", 732 msgsz, msghdr->msg_ts)); 733 return (E2BIG); 734 } 735 if (msqptr->_msg_first == msqptr->_msg_last) { 736 msqptr->_msg_first = NULL; 737 msqptr->_msg_last = NULL; 738 } else { 739 msqptr->_msg_first = msghdr->msg_next; 740 if (msqptr->_msg_first == NULL) 741 panic("msg_first/last screwed " 742 "up #1"); 743 } 744 } 745 } else { 746 struct __msg *previous; 747 struct __msg **prev; 748 749 for (previous = NULL, prev = &msqptr->_msg_first; 750 (msghdr = *prev) != NULL; 751 previous = msghdr, prev = &msghdr->msg_next) { 752 /* 753 * Is this message's type an exact match or is 754 * this message's type less than or equal to 755 * the absolute value of a negative msgtyp? 756 * Note that the second half of this test can 757 * NEVER be true if msgtyp is positive since 758 * msg_type is always positive! 759 */ 760 761 if (msgtyp == msghdr->msg_type || 762 msghdr->msg_type <= -msgtyp) { 763 MSG_PRINTF(("found message type %d, " 764 "requested %d\n", 765 msghdr->msg_type, msgtyp)); 766 if (msgsz < msghdr->msg_ts && 767 (msgflg & MSG_NOERROR) == 0) { 768 MSG_PRINTF(("requested message " 769 "on the queue is too big " 770 "(want %d, got %d)\n", 771 msgsz, msghdr->msg_ts)); 772 return (E2BIG); 773 } 774 *prev = msghdr->msg_next; 775 if (msghdr == msqptr->_msg_last) { 776 if (previous == NULL) { 777 if (prev != 778 &msqptr->_msg_first) 779 panic("msg_first/last screwed up #2"); 780 msqptr->_msg_first = 781 NULL; 782 msqptr->_msg_last = 783 NULL; 784 } else { 785 if (prev == 786 &msqptr->_msg_first) 787 panic("msg_first/last screwed up #3"); 788 msqptr->_msg_last = 789 previous; 790 } 791 } 792 break; 793 } 794 } 795 } 796 797 /* 798 * We've either extracted the msghdr for the appropriate 799 * message or there isn't one. 800 * If there is one then bail out of this loop. 801 */ 802 803 if (msghdr != NULL) 804 break; 805 806 /* 807 * Hmph! No message found. Does the user want to wait? 808 */ 809 810 if ((msgflg & IPC_NOWAIT) != 0) { 811 MSG_PRINTF(("no appropriate message found (msgtyp=%d)\n", 812 msgtyp)); 813 /* The SVID says to return ENOMSG. */ 814 #ifdef ENOMSG 815 return (ENOMSG); 816 #else 817 /* Unfortunately, BSD doesn't define that code yet! */ 818 return (EAGAIN); 819 #endif 820 } 821 822 /* 823 * Wait for something to happen 824 */ 825 826 MSG_PRINTF(("msgrcv: goodnight\n")); 827 error = tsleep(msqptr, (PZERO - 4) | PCATCH, "msgwait", 828 0); 829 MSG_PRINTF(("msgrcv: good morning (error=%d)\n", error)); 830 831 if (error != 0) { 832 MSG_PRINTF(("msgsnd: interrupted system call\n")); 833 return (EINTR); 834 } 835 836 /* 837 * Make sure that the msq queue still exists 838 */ 839 840 if (msqptr->msg_qbytes == 0 || 841 msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 842 MSG_PRINTF(("msqid deleted\n")); 843 return (EIDRM); 844 } 845 } 846 847 /* 848 * Return the message to the user. 849 * 850 * First, do the bookkeeping (before we risk being interrupted). 851 */ 852 853 msqptr->_msg_cbytes -= msghdr->msg_ts; 854 msqptr->msg_qnum--; 855 msqptr->msg_lrpid = p->p_pid; 856 msqptr->msg_rtime = time.tv_sec; 857 858 /* 859 * Make msgsz the actual amount that we'll be returning. 860 * Note that this effectively truncates the message if it is too long 861 * (since msgsz is never increased). 862 */ 863 864 MSG_PRINTF(("found a message, msgsz=%d, msg_ts=%d\n", msgsz, 865 msghdr->msg_ts)); 866 if (msgsz > msghdr->msg_ts) 867 msgsz = msghdr->msg_ts; 868 869 /* 870 * Return the type to the user. 871 */ 872 873 error = copyout(&msghdr->msg_type, user_msgp, sizeof(msghdr->msg_type)); 874 if (error != 0) { 875 MSG_PRINTF(("error (%d) copying out message type\n", error)); 876 msg_freehdr(msghdr); 877 wakeup(msqptr); 878 return (error); 879 } 880 user_msgp += sizeof(msghdr->msg_type); 881 882 /* 883 * Return the segments to the user 884 */ 885 886 next = msghdr->msg_spot; 887 for (len = 0; len < msgsz; len += msginfo.msgssz) { 888 size_t tlen; 889 890 if (msgsz - len > msginfo.msgssz) 891 tlen = msginfo.msgssz; 892 else 893 tlen = msgsz - len; 894 if (next <= -1) 895 panic("next too low #3"); 896 if (next >= msginfo.msgseg) 897 panic("next out of range #3"); 898 error = copyout(&msgpool[next * msginfo.msgssz], 899 user_msgp, tlen); 900 if (error != 0) { 901 MSG_PRINTF(("error (%d) copying out message segment\n", 902 error)); 903 msg_freehdr(msghdr); 904 wakeup(msqptr); 905 return (error); 906 } 907 user_msgp += tlen; 908 next = msgmaps[next].next; 909 } 910 911 /* 912 * Done, return the actual number of bytes copied out. 913 */ 914 915 msg_freehdr(msghdr); 916 wakeup(msqptr); 917 *retval = msgsz; 918 return (0); 919 } 920