1 /* $NetBSD: sysv_msg.c,v 1.34 2002/03/05 23:28:58 nathanw Exp $ */ 2 3 /*- 4 * Copyright (c) 1999 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, 9 * NASA Ames Research Center. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed by the NetBSD 22 * Foundation, Inc. and its contributors. 23 * 4. Neither the name of The NetBSD Foundation nor the names of its 24 * contributors may be used to endorse or promote products derived 25 * from this software without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 28 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 31 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 37 * POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40 /* 41 * Implementation of SVID messages 42 * 43 * Author: Daniel Boulet 44 * 45 * Copyright 1993 Daniel Boulet and RTMX Inc. 46 * 47 * This system call was implemented by Daniel Boulet under contract from RTMX. 48 * 49 * Redistribution and use in source forms, with and without modification, 50 * are permitted provided that this entire comment appears intact. 51 * 52 * Redistribution in binary form may occur without any restrictions. 53 * Obviously, it would be nice if you gave credit where credit is due 54 * but requiring it would be too onerous. 55 * 56 * This software is provided ``AS IS'' without any warranties of any kind. 57 */ 58 59 #include <sys/cdefs.h> 60 __KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.34 2002/03/05 23:28:58 nathanw Exp $"); 61 62 #define SYSVMSG 63 64 #include <sys/param.h> 65 #include <sys/kernel.h> 66 #include <sys/msg.h> 67 #include <sys/sysctl.h> 68 #include <sys/mount.h> /* XXX for <sys/syscallargs.h> */ 69 #include <sys/syscallargs.h> 70 71 #define MSG_DEBUG 72 #undef MSG_DEBUG_OK 73 74 #ifdef MSG_DEBUG_OK 75 #define MSG_PRINTF(a) printf a 76 #else 77 #define MSG_PRINTF(a) 78 #endif 79 80 int nfree_msgmaps; /* # of free map entries */ 81 short free_msgmaps; /* head of linked list of free map entries */ 82 struct __msg *free_msghdrs; /* list of free msg headers */ 83 char *msgpool; /* MSGMAX byte long msg buffer pool */ 84 struct msgmap *msgmaps; /* MSGSEG msgmap structures */ 85 struct __msg *msghdrs; /* MSGTQL msg headers */ 86 struct msqid_ds *msqids; /* MSGMNI msqid_ds struct's */ 87 88 static void msg_freehdr __P((struct __msg *)); 89 90 void 91 msginit() 92 { 93 int i; 94 95 /* 96 * msginfo.msgssz should be a power of two for efficiency reasons. 97 * It is also pretty silly if msginfo.msgssz is less than 8 98 * or greater than about 256 so ... 99 */ 100 101 i = 8; 102 while (i < 1024 && i != msginfo.msgssz) 103 i <<= 1; 104 if (i != msginfo.msgssz) { 105 MSG_PRINTF(("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz, 106 msginfo.msgssz)); 107 panic("msginfo.msgssz not a small power of 2"); 108 } 109 110 if (msginfo.msgseg > 32767) { 111 MSG_PRINTF(("msginfo.msgseg=%d\n", msginfo.msgseg)); 112 panic("msginfo.msgseg > 32767"); 113 } 114 115 if (msgmaps == NULL) 116 panic("msgmaps is NULL"); 117 118 for (i = 0; i < msginfo.msgseg; i++) { 119 if (i > 0) 120 msgmaps[i-1].next = i; 121 msgmaps[i].next = -1; /* implies entry is available */ 122 } 123 free_msgmaps = 0; 124 nfree_msgmaps = msginfo.msgseg; 125 126 if (msghdrs == NULL) 127 panic("msghdrs is NULL"); 128 129 for (i = 0; i < msginfo.msgtql; i++) { 130 msghdrs[i].msg_type = 0; 131 if (i > 0) 132 msghdrs[i-1].msg_next = &msghdrs[i]; 133 msghdrs[i].msg_next = NULL; 134 } 135 free_msghdrs = &msghdrs[0]; 136 137 if (msqids == NULL) 138 panic("msqids is NULL"); 139 140 for (i = 0; i < msginfo.msgmni; i++) { 141 msqids[i].msg_qbytes = 0; /* implies entry is available */ 142 msqids[i].msg_perm._seq = 0; /* reset to a known value */ 143 } 144 } 145 146 static void 147 msg_freehdr(msghdr) 148 struct __msg *msghdr; 149 { 150 while (msghdr->msg_ts > 0) { 151 short next; 152 if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg) 153 panic("msghdr->msg_spot out of range"); 154 next = msgmaps[msghdr->msg_spot].next; 155 msgmaps[msghdr->msg_spot].next = free_msgmaps; 156 free_msgmaps = msghdr->msg_spot; 157 nfree_msgmaps++; 158 msghdr->msg_spot = next; 159 if (msghdr->msg_ts >= msginfo.msgssz) 160 msghdr->msg_ts -= msginfo.msgssz; 161 else 162 msghdr->msg_ts = 0; 163 } 164 if (msghdr->msg_spot != -1) 165 panic("msghdr->msg_spot != -1"); 166 msghdr->msg_next = free_msghdrs; 167 free_msghdrs = msghdr; 168 } 169 170 int 171 sys___msgctl13(p, v, retval) 172 struct proc *p; 173 void *v; 174 register_t *retval; 175 { 176 struct sys___msgctl13_args /* { 177 syscallarg(int) msqid; 178 syscallarg(int) cmd; 179 syscallarg(struct msqid_ds *) buf; 180 } */ *uap = v; 181 struct msqid_ds msqbuf; 182 int cmd, error; 183 184 cmd = SCARG(uap, cmd); 185 186 if (cmd == IPC_SET) { 187 error = copyin(SCARG(uap, buf), &msqbuf, sizeof(msqbuf)); 188 if (error) 189 return (error); 190 } 191 192 error = msgctl1(p, SCARG(uap, msqid), cmd, 193 (cmd == IPC_SET || cmd == IPC_STAT) ? &msqbuf : NULL); 194 195 if (error == 0 && cmd == IPC_STAT) 196 error = copyout(&msqbuf, SCARG(uap, buf), sizeof(msqbuf)); 197 198 return (error); 199 } 200 201 int 202 msgctl1(p, msqid, cmd, msqbuf) 203 struct proc *p; 204 int msqid; 205 int cmd; 206 struct msqid_ds *msqbuf; 207 { 208 struct ucred *cred = p->p_ucred; 209 struct msqid_ds *msqptr; 210 int error = 0, ix; 211 212 MSG_PRINTF(("call to msgctl1(%d, %d)\n", msqid, cmd)); 213 214 ix = IPCID_TO_IX(msqid); 215 216 if (ix < 0 || ix >= msginfo.msgmni) { 217 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", ix, 218 msginfo.msgmni)); 219 return (EINVAL); 220 } 221 222 msqptr = &msqids[ix]; 223 224 if (msqptr->msg_qbytes == 0) { 225 MSG_PRINTF(("no such msqid\n")); 226 return (EINVAL); 227 } 228 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(msqid)) { 229 MSG_PRINTF(("wrong sequence number\n")); 230 return (EINVAL); 231 } 232 233 switch (cmd) { 234 case IPC_RMID: 235 { 236 struct __msg *msghdr; 237 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)) != 0) 238 return (error); 239 /* Free the message headers */ 240 msghdr = msqptr->_msg_first; 241 while (msghdr != NULL) { 242 struct __msg *msghdr_tmp; 243 244 /* Free the segments of each message */ 245 msqptr->_msg_cbytes -= msghdr->msg_ts; 246 msqptr->msg_qnum--; 247 msghdr_tmp = msghdr; 248 msghdr = msghdr->msg_next; 249 msg_freehdr(msghdr_tmp); 250 } 251 252 if (msqptr->_msg_cbytes != 0) 253 panic("msg_cbytes is screwed up"); 254 if (msqptr->msg_qnum != 0) 255 panic("msg_qnum is screwed up"); 256 257 msqptr->msg_qbytes = 0; /* Mark it as free */ 258 259 wakeup(msqptr); 260 } 261 break; 262 263 case IPC_SET: 264 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M))) 265 return (error); 266 if (msqbuf->msg_qbytes > msqptr->msg_qbytes && cred->cr_uid != 0) 267 return (EPERM); 268 if (msqbuf->msg_qbytes > msginfo.msgmnb) { 269 MSG_PRINTF(("can't increase msg_qbytes beyond %d " 270 "(truncating)\n", msginfo.msgmnb)); 271 /* silently restrict qbytes to system limit */ 272 msqbuf->msg_qbytes = msginfo.msgmnb; 273 } 274 if (msqbuf->msg_qbytes == 0) { 275 MSG_PRINTF(("can't reduce msg_qbytes to 0\n")); 276 return (EINVAL); /* XXX non-standard errno! */ 277 } 278 msqptr->msg_perm.uid = msqbuf->msg_perm.uid; 279 msqptr->msg_perm.gid = msqbuf->msg_perm.gid; 280 msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) | 281 (msqbuf->msg_perm.mode & 0777); 282 msqptr->msg_qbytes = msqbuf->msg_qbytes; 283 msqptr->msg_ctime = time.tv_sec; 284 break; 285 286 case IPC_STAT: 287 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 288 MSG_PRINTF(("requester doesn't have read access\n")); 289 return (error); 290 } 291 memcpy(msqbuf, msqptr, sizeof(struct msqid_ds)); 292 break; 293 294 default: 295 MSG_PRINTF(("invalid command %d\n", cmd)); 296 return (EINVAL); 297 } 298 299 return (error); 300 } 301 302 int 303 sys_msgget(p, v, retval) 304 struct proc *p; 305 void *v; 306 register_t *retval; 307 { 308 struct sys_msgget_args /* { 309 syscallarg(key_t) key; 310 syscallarg(int) msgflg; 311 } */ *uap = v; 312 int msqid, error; 313 int key = SCARG(uap, key); 314 int msgflg = SCARG(uap, msgflg); 315 struct ucred *cred = p->p_ucred; 316 struct msqid_ds *msqptr = NULL; 317 318 MSG_PRINTF(("msgget(0x%x, 0%o)\n", key, msgflg)); 319 320 if (key != IPC_PRIVATE) { 321 for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 322 msqptr = &msqids[msqid]; 323 if (msqptr->msg_qbytes != 0 && 324 msqptr->msg_perm._key == key) 325 break; 326 } 327 if (msqid < msginfo.msgmni) { 328 MSG_PRINTF(("found public key\n")); 329 if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) { 330 MSG_PRINTF(("not exclusive\n")); 331 return(EEXIST); 332 } 333 if ((error = ipcperm(cred, &msqptr->msg_perm, 334 msgflg & 0700 ))) { 335 MSG_PRINTF(("requester doesn't have 0%o access\n", 336 msgflg & 0700)); 337 return (error); 338 } 339 goto found; 340 } 341 } 342 343 MSG_PRINTF(("need to allocate the msqid_ds\n")); 344 if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) { 345 for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 346 /* 347 * Look for an unallocated and unlocked msqid_ds. 348 * msqid_ds's can be locked by msgsnd or msgrcv while 349 * they are copying the message in/out. We can't 350 * re-use the entry until they release it. 351 */ 352 msqptr = &msqids[msqid]; 353 if (msqptr->msg_qbytes == 0 && 354 (msqptr->msg_perm.mode & MSG_LOCKED) == 0) 355 break; 356 } 357 if (msqid == msginfo.msgmni) { 358 MSG_PRINTF(("no more msqid_ds's available\n")); 359 return (ENOSPC); 360 } 361 MSG_PRINTF(("msqid %d is available\n", msqid)); 362 msqptr->msg_perm._key = key; 363 msqptr->msg_perm.cuid = cred->cr_uid; 364 msqptr->msg_perm.uid = cred->cr_uid; 365 msqptr->msg_perm.cgid = cred->cr_gid; 366 msqptr->msg_perm.gid = cred->cr_gid; 367 msqptr->msg_perm.mode = (msgflg & 0777); 368 /* Make sure that the returned msqid is unique */ 369 msqptr->msg_perm._seq++; 370 msqptr->_msg_first = NULL; 371 msqptr->_msg_last = NULL; 372 msqptr->_msg_cbytes = 0; 373 msqptr->msg_qnum = 0; 374 msqptr->msg_qbytes = msginfo.msgmnb; 375 msqptr->msg_lspid = 0; 376 msqptr->msg_lrpid = 0; 377 msqptr->msg_stime = 0; 378 msqptr->msg_rtime = 0; 379 msqptr->msg_ctime = time.tv_sec; 380 } else { 381 MSG_PRINTF(("didn't find it and wasn't asked to create it\n")); 382 return (ENOENT); 383 } 384 385 found: 386 /* Construct the unique msqid */ 387 *retval = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm); 388 return (0); 389 } 390 391 int 392 sys_msgsnd(p, v, retval) 393 struct proc *p; 394 void *v; 395 register_t *retval; 396 { 397 struct sys_msgsnd_args /* { 398 syscallarg(int) msqid; 399 syscallarg(const void *) msgp; 400 syscallarg(size_t) msgsz; 401 syscallarg(int) msgflg; 402 } */ *uap = v; 403 int msqid = SCARG(uap, msqid); 404 const char *user_msgp = SCARG(uap, msgp); 405 size_t msgsz = SCARG(uap, msgsz); 406 int msgflg = SCARG(uap, msgflg); 407 int segs_needed, error; 408 struct ucred *cred = p->p_ucred; 409 struct msqid_ds *msqptr; 410 struct __msg *msghdr; 411 short next; 412 413 MSG_PRINTF(("call to msgsnd(%d, %p, %lld, %d)\n", msqid, user_msgp, 414 (long long)msgsz, msgflg)); 415 416 msqid = IPCID_TO_IX(msqid); 417 418 if (msqid < 0 || msqid >= msginfo.msgmni) { 419 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 420 msginfo.msgmni)); 421 return (EINVAL); 422 } 423 424 msqptr = &msqids[msqid]; 425 if (msqptr->msg_qbytes == 0) { 426 MSG_PRINTF(("no such message queue id\n")); 427 return (EINVAL); 428 } 429 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 430 MSG_PRINTF(("wrong sequence number\n")); 431 return (EINVAL); 432 } 433 434 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_W))) { 435 MSG_PRINTF(("requester doesn't have write access\n")); 436 return (error); 437 } 438 439 segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz; 440 MSG_PRINTF(("msgsz=%lld, msgssz=%d, segs_needed=%d\n", 441 (long long)msgsz, msginfo.msgssz, segs_needed)); 442 for (;;) { 443 int need_more_resources = 0; 444 445 /* 446 * check msgsz [cannot be negative since it is unsigned] 447 * (inside this loop in case msg_qbytes changes while we sleep) 448 */ 449 450 if (msgsz > msqptr->msg_qbytes) { 451 MSG_PRINTF(("msgsz > msqptr->msg_qbytes\n")); 452 return (EINVAL); 453 } 454 455 if (msqptr->msg_perm.mode & MSG_LOCKED) { 456 MSG_PRINTF(("msqid is locked\n")); 457 need_more_resources = 1; 458 } 459 if (msgsz + msqptr->_msg_cbytes > msqptr->msg_qbytes) { 460 MSG_PRINTF(("msgsz + msg_cbytes > msg_qbytes\n")); 461 need_more_resources = 1; 462 } 463 if (segs_needed > nfree_msgmaps) { 464 MSG_PRINTF(("segs_needed > nfree_msgmaps\n")); 465 need_more_resources = 1; 466 } 467 if (free_msghdrs == NULL) { 468 MSG_PRINTF(("no more msghdrs\n")); 469 need_more_resources = 1; 470 } 471 472 if (need_more_resources) { 473 int we_own_it; 474 475 if ((msgflg & IPC_NOWAIT) != 0) { 476 MSG_PRINTF(("need more resources but caller " 477 "doesn't want to wait\n")); 478 return (EAGAIN); 479 } 480 481 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) { 482 MSG_PRINTF(("we don't own the msqid_ds\n")); 483 we_own_it = 0; 484 } else { 485 /* Force later arrivals to wait for our 486 request */ 487 MSG_PRINTF(("we own the msqid_ds\n")); 488 msqptr->msg_perm.mode |= MSG_LOCKED; 489 we_own_it = 1; 490 } 491 MSG_PRINTF(("goodnight\n")); 492 error = tsleep(msqptr, (PZERO - 4) | PCATCH, 493 "msgwait", 0); 494 MSG_PRINTF(("good morning, error=%d\n", error)); 495 if (we_own_it) 496 msqptr->msg_perm.mode &= ~MSG_LOCKED; 497 if (error != 0) { 498 MSG_PRINTF(("msgsnd: interrupted system " 499 "call\n")); 500 return (EINTR); 501 } 502 503 /* 504 * Make sure that the msq queue still exists 505 */ 506 507 if (msqptr->msg_qbytes == 0) { 508 MSG_PRINTF(("msqid deleted\n")); 509 return (EIDRM); 510 } 511 } else { 512 MSG_PRINTF(("got all the resources that we need\n")); 513 break; 514 } 515 } 516 517 /* 518 * We have the resources that we need. 519 * Make sure! 520 */ 521 522 if (msqptr->msg_perm.mode & MSG_LOCKED) 523 panic("msg_perm.mode & MSG_LOCKED"); 524 if (segs_needed > nfree_msgmaps) 525 panic("segs_needed > nfree_msgmaps"); 526 if (msgsz + msqptr->_msg_cbytes > msqptr->msg_qbytes) 527 panic("msgsz + msg_cbytes > msg_qbytes"); 528 if (free_msghdrs == NULL) 529 panic("no more msghdrs"); 530 531 /* 532 * Re-lock the msqid_ds in case we page-fault when copying in the 533 * message 534 */ 535 536 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) 537 panic("msqid_ds is already locked"); 538 msqptr->msg_perm.mode |= MSG_LOCKED; 539 540 /* 541 * Allocate a message header 542 */ 543 544 msghdr = free_msghdrs; 545 free_msghdrs = msghdr->msg_next; 546 msghdr->msg_spot = -1; 547 msghdr->msg_ts = msgsz; 548 549 /* 550 * Allocate space for the message 551 */ 552 553 while (segs_needed > 0) { 554 if (nfree_msgmaps <= 0) 555 panic("not enough msgmaps"); 556 if (free_msgmaps == -1) 557 panic("nil free_msgmaps"); 558 next = free_msgmaps; 559 if (next <= -1) 560 panic("next too low #1"); 561 if (next >= msginfo.msgseg) 562 panic("next out of range #1"); 563 MSG_PRINTF(("allocating segment %d to message\n", next)); 564 free_msgmaps = msgmaps[next].next; 565 nfree_msgmaps--; 566 msgmaps[next].next = msghdr->msg_spot; 567 msghdr->msg_spot = next; 568 segs_needed--; 569 } 570 571 /* 572 * Copy in the message type 573 */ 574 575 if ((error = copyin(user_msgp, &msghdr->msg_type, 576 sizeof(msghdr->msg_type))) != 0) { 577 MSG_PRINTF(("error %d copying the message type\n", error)); 578 msg_freehdr(msghdr); 579 msqptr->msg_perm.mode &= ~MSG_LOCKED; 580 wakeup(msqptr); 581 return (error); 582 } 583 user_msgp += sizeof(msghdr->msg_type); 584 585 /* 586 * Validate the message type 587 */ 588 589 if (msghdr->msg_type < 1) { 590 msg_freehdr(msghdr); 591 msqptr->msg_perm.mode &= ~MSG_LOCKED; 592 wakeup(msqptr); 593 MSG_PRINTF(("mtype (%ld) < 1\n", msghdr->msg_type)); 594 return (EINVAL); 595 } 596 597 /* 598 * Copy in the message body 599 */ 600 601 next = msghdr->msg_spot; 602 while (msgsz > 0) { 603 size_t tlen; 604 if (msgsz > msginfo.msgssz) 605 tlen = msginfo.msgssz; 606 else 607 tlen = msgsz; 608 if (next <= -1) 609 panic("next too low #2"); 610 if (next >= msginfo.msgseg) 611 panic("next out of range #2"); 612 if ((error = copyin(user_msgp, &msgpool[next * msginfo.msgssz], 613 tlen)) != 0) { 614 MSG_PRINTF(("error %d copying in message segment\n", 615 error)); 616 msg_freehdr(msghdr); 617 msqptr->msg_perm.mode &= ~MSG_LOCKED; 618 wakeup(msqptr); 619 return (error); 620 } 621 msgsz -= tlen; 622 user_msgp += tlen; 623 next = msgmaps[next].next; 624 } 625 if (next != -1) 626 panic("didn't use all the msg segments"); 627 628 /* 629 * We've got the message. Unlock the msqid_ds. 630 */ 631 632 msqptr->msg_perm.mode &= ~MSG_LOCKED; 633 634 /* 635 * Make sure that the msqid_ds is still allocated. 636 */ 637 638 if (msqptr->msg_qbytes == 0) { 639 msg_freehdr(msghdr); 640 wakeup(msqptr); 641 return (EIDRM); 642 } 643 644 /* 645 * Put the message into the queue 646 */ 647 648 if (msqptr->_msg_first == NULL) { 649 msqptr->_msg_first = msghdr; 650 msqptr->_msg_last = msghdr; 651 } else { 652 msqptr->_msg_last->msg_next = msghdr; 653 msqptr->_msg_last = msghdr; 654 } 655 msqptr->_msg_last->msg_next = NULL; 656 657 msqptr->_msg_cbytes += msghdr->msg_ts; 658 msqptr->msg_qnum++; 659 msqptr->msg_lspid = p->p_pid; 660 msqptr->msg_stime = time.tv_sec; 661 662 wakeup(msqptr); 663 return (0); 664 } 665 666 int 667 sys_msgrcv(p, v, retval) 668 struct proc *p; 669 void *v; 670 register_t *retval; 671 { 672 struct sys_msgrcv_args /* { 673 syscallarg(int) msqid; 674 syscallarg(void *) msgp; 675 syscallarg(size_t) msgsz; 676 syscallarg(long) msgtyp; 677 syscallarg(int) msgflg; 678 } */ *uap = v; 679 int msqid = SCARG(uap, msqid); 680 char *user_msgp = SCARG(uap, msgp); 681 size_t msgsz = SCARG(uap, msgsz); 682 long msgtyp = SCARG(uap, msgtyp); 683 int msgflg = SCARG(uap, msgflg); 684 size_t len; 685 struct ucred *cred = p->p_ucred; 686 struct msqid_ds *msqptr; 687 struct __msg *msghdr; 688 int error; 689 short next; 690 691 MSG_PRINTF(("call to msgrcv(%d, %p, %lld, %ld, %d)\n", msqid, 692 user_msgp, (long long)msgsz, msgtyp, msgflg)); 693 694 msqid = IPCID_TO_IX(msqid); 695 696 if (msqid < 0 || msqid >= msginfo.msgmni) { 697 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 698 msginfo.msgmni)); 699 return (EINVAL); 700 } 701 702 msqptr = &msqids[msqid]; 703 if (msqptr->msg_qbytes == 0) { 704 MSG_PRINTF(("no such message queue id\n")); 705 return (EINVAL); 706 } 707 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 708 MSG_PRINTF(("wrong sequence number\n")); 709 return (EINVAL); 710 } 711 712 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 713 MSG_PRINTF(("requester doesn't have read access\n")); 714 return (error); 715 } 716 717 #if 0 718 /* cannot happen, msgsz is unsigned */ 719 if (msgsz < 0) { 720 MSG_PRINTF(("msgsz < 0\n")); 721 return (EINVAL); 722 } 723 #endif 724 725 msghdr = NULL; 726 while (msghdr == NULL) { 727 if (msgtyp == 0) { 728 msghdr = msqptr->_msg_first; 729 if (msghdr != NULL) { 730 if (msgsz < msghdr->msg_ts && 731 (msgflg & MSG_NOERROR) == 0) { 732 MSG_PRINTF(("first message on the " 733 "queue is too big " 734 "(want %lld, got %d)\n", 735 (long long)msgsz, msghdr->msg_ts)); 736 return (E2BIG); 737 } 738 if (msqptr->_msg_first == msqptr->_msg_last) { 739 msqptr->_msg_first = NULL; 740 msqptr->_msg_last = NULL; 741 } else { 742 msqptr->_msg_first = msghdr->msg_next; 743 if (msqptr->_msg_first == NULL) 744 panic("msg_first/last screwed " 745 "up #1"); 746 } 747 } 748 } else { 749 struct __msg *previous; 750 struct __msg **prev; 751 752 for (previous = NULL, prev = &msqptr->_msg_first; 753 (msghdr = *prev) != NULL; 754 previous = msghdr, prev = &msghdr->msg_next) { 755 /* 756 * Is this message's type an exact match or is 757 * this message's type less than or equal to 758 * the absolute value of a negative msgtyp? 759 * Note that the second half of this test can 760 * NEVER be true if msgtyp is positive since 761 * msg_type is always positive! 762 */ 763 764 if (msgtyp == msghdr->msg_type || 765 msghdr->msg_type <= -msgtyp) { 766 MSG_PRINTF(("found message type %ld, " 767 "requested %ld\n", 768 msghdr->msg_type, msgtyp)); 769 if (msgsz < msghdr->msg_ts && 770 (msgflg & MSG_NOERROR) == 0) { 771 MSG_PRINTF(("requested message " 772 "on the queue is too big " 773 "(want %lld, got %d)\n", 774 (long long)msgsz, 775 msghdr->msg_ts)); 776 return (E2BIG); 777 } 778 *prev = msghdr->msg_next; 779 if (msghdr == msqptr->_msg_last) { 780 if (previous == NULL) { 781 if (prev != 782 &msqptr->_msg_first) 783 panic("msg_first/last screwed up #2"); 784 msqptr->_msg_first = 785 NULL; 786 msqptr->_msg_last = 787 NULL; 788 } else { 789 if (prev == 790 &msqptr->_msg_first) 791 panic("msg_first/last screwed up #3"); 792 msqptr->_msg_last = 793 previous; 794 } 795 } 796 break; 797 } 798 } 799 } 800 801 /* 802 * We've either extracted the msghdr for the appropriate 803 * message or there isn't one. 804 * If there is one then bail out of this loop. 805 */ 806 807 if (msghdr != NULL) 808 break; 809 810 /* 811 * Hmph! No message found. Does the user want to wait? 812 */ 813 814 if ((msgflg & IPC_NOWAIT) != 0) { 815 MSG_PRINTF(("no appropriate message found (msgtyp=%ld)\n", 816 msgtyp)); 817 /* The SVID says to return ENOMSG. */ 818 #ifdef ENOMSG 819 return (ENOMSG); 820 #else 821 /* Unfortunately, BSD doesn't define that code yet! */ 822 return (EAGAIN); 823 #endif 824 } 825 826 /* 827 * Wait for something to happen 828 */ 829 830 MSG_PRINTF(("msgrcv: goodnight\n")); 831 error = tsleep(msqptr, (PZERO - 4) | PCATCH, "msgwait", 832 0); 833 MSG_PRINTF(("msgrcv: good morning (error=%d)\n", error)); 834 835 if (error != 0) { 836 MSG_PRINTF(("msgsnd: interrupted system call\n")); 837 return (EINTR); 838 } 839 840 /* 841 * Make sure that the msq queue still exists 842 */ 843 844 if (msqptr->msg_qbytes == 0 || 845 msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 846 MSG_PRINTF(("msqid deleted\n")); 847 return (EIDRM); 848 } 849 } 850 851 /* 852 * Return the message to the user. 853 * 854 * First, do the bookkeeping (before we risk being interrupted). 855 */ 856 857 msqptr->_msg_cbytes -= msghdr->msg_ts; 858 msqptr->msg_qnum--; 859 msqptr->msg_lrpid = p->p_pid; 860 msqptr->msg_rtime = time.tv_sec; 861 862 /* 863 * Make msgsz the actual amount that we'll be returning. 864 * Note that this effectively truncates the message if it is too long 865 * (since msgsz is never increased). 866 */ 867 868 MSG_PRINTF(("found a message, msgsz=%lld, msg_ts=%d\n", 869 (long long)msgsz, msghdr->msg_ts)); 870 if (msgsz > msghdr->msg_ts) 871 msgsz = msghdr->msg_ts; 872 873 /* 874 * Return the type to the user. 875 */ 876 877 error = copyout(&msghdr->msg_type, user_msgp, sizeof(msghdr->msg_type)); 878 if (error != 0) { 879 MSG_PRINTF(("error (%d) copying out message type\n", error)); 880 msg_freehdr(msghdr); 881 wakeup(msqptr); 882 return (error); 883 } 884 user_msgp += sizeof(msghdr->msg_type); 885 886 /* 887 * Return the segments to the user 888 */ 889 890 next = msghdr->msg_spot; 891 for (len = 0; len < msgsz; len += msginfo.msgssz) { 892 size_t tlen; 893 894 if (msgsz - len > msginfo.msgssz) 895 tlen = msginfo.msgssz; 896 else 897 tlen = msgsz - len; 898 if (next <= -1) 899 panic("next too low #3"); 900 if (next >= msginfo.msgseg) 901 panic("next out of range #3"); 902 error = copyout(&msgpool[next * msginfo.msgssz], 903 user_msgp, tlen); 904 if (error != 0) { 905 MSG_PRINTF(("error (%d) copying out message segment\n", 906 error)); 907 msg_freehdr(msghdr); 908 wakeup(msqptr); 909 return (error); 910 } 911 user_msgp += tlen; 912 next = msgmaps[next].next; 913 } 914 915 /* 916 * Done, return the actual number of bytes copied out. 917 */ 918 919 msg_freehdr(msghdr); 920 wakeup(msqptr); 921 *retval = msgsz; 922 return (0); 923 } 924