1 /* $NetBSD: sysv_msg.c,v 1.26 1999/08/25 05:05:49 thorpej Exp $ */ 2 3 /*- 4 * Copyright (c) 1999 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, 9 * NASA Ames Research Center. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed by the NetBSD 22 * Foundation, Inc. and its contributors. 23 * 4. Neither the name of The NetBSD Foundation nor the names of its 24 * contributors may be used to endorse or promote products derived 25 * from this software without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 28 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 31 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 37 * POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40 /* 41 * Implementation of SVID messages 42 * 43 * Author: Daniel Boulet 44 * 45 * Copyright 1993 Daniel Boulet and RTMX Inc. 46 * 47 * This system call was implemented by Daniel Boulet under contract from RTMX. 48 * 49 * Redistribution and use in source forms, with and without modification, 50 * are permitted provided that this entire comment appears intact. 51 * 52 * Redistribution in binary form may occur without any restrictions. 53 * Obviously, it would be nice if you gave credit where credit is due 54 * but requiring it would be too onerous. 55 * 56 * This software is provided ``AS IS'' without any warranties of any kind. 57 */ 58 59 #define SYSVMSG 60 61 #include <sys/param.h> 62 #include <sys/systm.h> 63 #include <sys/kernel.h> 64 #include <sys/proc.h> 65 #include <sys/msg.h> 66 #include <sys/malloc.h> 67 68 #include <sys/mount.h> 69 #include <sys/syscallargs.h> 70 71 #define MSG_DEBUG 72 #undef MSG_DEBUG_OK 73 74 #ifdef MSG_DEBUG_OK 75 #define MSG_PRINTF(a) printf a 76 #else 77 #define MSG_PRINTF(a) 78 #endif 79 80 int nfree_msgmaps; /* # of free map entries */ 81 short free_msgmaps; /* head of linked list of free map entries */ 82 struct __msg *free_msghdrs; /* list of free msg headers */ 83 84 static void msg_freehdr __P((struct __msg *)); 85 86 void 87 msginit() 88 { 89 register int i; 90 91 /* 92 * msginfo.msgssz should be a power of two for efficiency reasons. 93 * It is also pretty silly if msginfo.msgssz is less than 8 94 * or greater than about 256 so ... 95 */ 96 97 i = 8; 98 while (i < 1024 && i != msginfo.msgssz) 99 i <<= 1; 100 if (i != msginfo.msgssz) { 101 MSG_PRINTF(("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz, 102 msginfo.msgssz)); 103 panic("msginfo.msgssz not a small power of 2"); 104 } 105 106 if (msginfo.msgseg > 32767) { 107 MSG_PRINTF(("msginfo.msgseg=%d\n", msginfo.msgseg)); 108 panic("msginfo.msgseg > 32767"); 109 } 110 111 if (msgmaps == NULL) 112 panic("msgmaps is NULL"); 113 114 for (i = 0; i < msginfo.msgseg; i++) { 115 if (i > 0) 116 msgmaps[i-1].next = i; 117 msgmaps[i].next = -1; /* implies entry is available */ 118 } 119 free_msgmaps = 0; 120 nfree_msgmaps = msginfo.msgseg; 121 122 if (msghdrs == NULL) 123 panic("msghdrs is NULL"); 124 125 for (i = 0; i < msginfo.msgtql; i++) { 126 msghdrs[i].msg_type = 0; 127 if (i > 0) 128 msghdrs[i-1].msg_next = &msghdrs[i]; 129 msghdrs[i].msg_next = NULL; 130 } 131 free_msghdrs = &msghdrs[0]; 132 133 if (msqids == NULL) 134 panic("msqids is NULL"); 135 136 for (i = 0; i < msginfo.msgmni; i++) { 137 msqids[i].msg_qbytes = 0; /* implies entry is available */ 138 msqids[i].msg_perm._seq = 0; /* reset to a known value */ 139 } 140 } 141 142 static void 143 msg_freehdr(msghdr) 144 struct __msg *msghdr; 145 { 146 while (msghdr->msg_ts > 0) { 147 short next; 148 if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg) 149 panic("msghdr->msg_spot out of range"); 150 next = msgmaps[msghdr->msg_spot].next; 151 msgmaps[msghdr->msg_spot].next = free_msgmaps; 152 free_msgmaps = msghdr->msg_spot; 153 nfree_msgmaps++; 154 msghdr->msg_spot = next; 155 if (msghdr->msg_ts >= msginfo.msgssz) 156 msghdr->msg_ts -= msginfo.msgssz; 157 else 158 msghdr->msg_ts = 0; 159 } 160 if (msghdr->msg_spot != -1) 161 panic("msghdr->msg_spot != -1"); 162 msghdr->msg_next = free_msghdrs; 163 free_msghdrs = msghdr; 164 } 165 166 int 167 sys___msgctl13(p, v, retval) 168 struct proc *p; 169 void *v; 170 register_t *retval; 171 { 172 struct sys___msgctl13_args /* { 173 syscallarg(int) msqid; 174 syscallarg(int) cmd; 175 syscallarg(struct msqid_ds *) buf; 176 } */ *uap = v; 177 struct msqid_ds msqbuf; 178 int cmd, error; 179 180 cmd = SCARG(uap, cmd); 181 182 if (cmd == IPC_SET) { 183 error = copyin(SCARG(uap, buf), &msqbuf, sizeof(msqbuf)); 184 if (error) 185 return (error); 186 } 187 188 error = msgctl1(p, SCARG(uap, msqid), cmd, 189 (cmd == IPC_SET || cmd == IPC_STAT) ? &msqbuf : NULL); 190 191 if (error == 0 && cmd == IPC_STAT) 192 error = copyout(&msqbuf, SCARG(uap, buf), sizeof(msqbuf)); 193 194 return (error); 195 } 196 197 int 198 msgctl1(p, msqid, cmd, msqbuf) 199 struct proc *p; 200 int msqid; 201 int cmd; 202 struct msqid_ds *msqbuf; 203 { 204 struct ucred *cred = p->p_ucred; 205 struct msqid_ds *msqptr; 206 int error = 0, ix; 207 208 MSG_PRINTF(("call to msgctl1(%d, %d)\n", msqid, cmd)); 209 210 ix = IPCID_TO_IX(msqid); 211 212 if (ix < 0 || ix >= msginfo.msgmni) { 213 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", ix, 214 msginfo.msgmni)); 215 return (EINVAL); 216 } 217 218 msqptr = &msqids[ix]; 219 220 if (msqptr->msg_qbytes == 0) { 221 MSG_PRINTF(("no such msqid\n")); 222 return (EINVAL); 223 } 224 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(msqid)) { 225 MSG_PRINTF(("wrong sequence number\n")); 226 return (EINVAL); 227 } 228 229 switch (cmd) { 230 case IPC_RMID: 231 { 232 struct __msg *msghdr; 233 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)) != 0) 234 return (error); 235 /* Free the message headers */ 236 msghdr = msqptr->_msg_first; 237 while (msghdr != NULL) { 238 struct __msg *msghdr_tmp; 239 240 /* Free the segments of each message */ 241 msqptr->_msg_cbytes -= msghdr->msg_ts; 242 msqptr->msg_qnum--; 243 msghdr_tmp = msghdr; 244 msghdr = msghdr->msg_next; 245 msg_freehdr(msghdr_tmp); 246 } 247 248 if (msqptr->_msg_cbytes != 0) 249 panic("msg_cbytes is screwed up"); 250 if (msqptr->msg_qnum != 0) 251 panic("msg_qnum is screwed up"); 252 253 msqptr->msg_qbytes = 0; /* Mark it as free */ 254 255 wakeup(msqptr); 256 } 257 break; 258 259 case IPC_SET: 260 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M))) 261 return (error); 262 if (msqbuf->msg_qbytes > msqptr->msg_qbytes && cred->cr_uid != 0) 263 return (EPERM); 264 if (msqbuf->msg_qbytes > msginfo.msgmnb) { 265 MSG_PRINTF(("can't increase msg_qbytes beyond %d " 266 "(truncating)\n", msginfo.msgmnb)); 267 /* silently restrict qbytes to system limit */ 268 msqbuf->msg_qbytes = msginfo.msgmnb; 269 } 270 if (msqbuf->msg_qbytes == 0) { 271 MSG_PRINTF(("can't reduce msg_qbytes to 0\n")); 272 return (EINVAL); /* XXX non-standard errno! */ 273 } 274 msqptr->msg_perm.uid = msqbuf->msg_perm.uid; 275 msqptr->msg_perm.gid = msqbuf->msg_perm.gid; 276 msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) | 277 (msqbuf->msg_perm.mode & 0777); 278 msqptr->msg_qbytes = msqbuf->msg_qbytes; 279 msqptr->msg_ctime = time.tv_sec; 280 break; 281 282 case IPC_STAT: 283 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 284 MSG_PRINTF(("requester doesn't have read access\n")); 285 return (error); 286 } 287 memcpy(msqbuf, msqptr, sizeof(struct msqid_ds)); 288 break; 289 290 default: 291 MSG_PRINTF(("invalid command %d\n", cmd)); 292 return (EINVAL); 293 } 294 295 return (error); 296 } 297 298 int 299 sys_msgget(p, v, retval) 300 struct proc *p; 301 void *v; 302 register_t *retval; 303 { 304 struct sys_msgget_args /* { 305 syscallarg(key_t) key; 306 syscallarg(int) msgflg; 307 } */ *uap = v; 308 int msqid, error; 309 int key = SCARG(uap, key); 310 int msgflg = SCARG(uap, msgflg); 311 struct ucred *cred = p->p_ucred; 312 struct msqid_ds *msqptr = NULL; 313 314 MSG_PRINTF(("msgget(0x%x, 0%o)\n", key, msgflg)); 315 316 if (key != IPC_PRIVATE) { 317 for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 318 msqptr = &msqids[msqid]; 319 if (msqptr->msg_qbytes != 0 && 320 msqptr->msg_perm._key == key) 321 break; 322 } 323 if (msqid < msginfo.msgmni) { 324 MSG_PRINTF(("found public key\n")); 325 if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) { 326 MSG_PRINTF(("not exclusive\n")); 327 return(EEXIST); 328 } 329 if ((error = ipcperm(cred, &msqptr->msg_perm, 330 msgflg & 0700 ))) { 331 MSG_PRINTF(("requester doesn't have 0%o access\n", 332 msgflg & 0700)); 333 return (error); 334 } 335 goto found; 336 } 337 } 338 339 MSG_PRINTF(("need to allocate the msqid_ds\n")); 340 if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) { 341 for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 342 /* 343 * Look for an unallocated and unlocked msqid_ds. 344 * msqid_ds's can be locked by msgsnd or msgrcv while 345 * they are copying the message in/out. We can't 346 * re-use the entry until they release it. 347 */ 348 msqptr = &msqids[msqid]; 349 if (msqptr->msg_qbytes == 0 && 350 (msqptr->msg_perm.mode & MSG_LOCKED) == 0) 351 break; 352 } 353 if (msqid == msginfo.msgmni) { 354 MSG_PRINTF(("no more msqid_ds's available\n")); 355 return (ENOSPC); 356 } 357 MSG_PRINTF(("msqid %d is available\n", msqid)); 358 msqptr->msg_perm._key = key; 359 msqptr->msg_perm.cuid = cred->cr_uid; 360 msqptr->msg_perm.uid = cred->cr_uid; 361 msqptr->msg_perm.cgid = cred->cr_gid; 362 msqptr->msg_perm.gid = cred->cr_gid; 363 msqptr->msg_perm.mode = (msgflg & 0777); 364 /* Make sure that the returned msqid is unique */ 365 msqptr->msg_perm._seq++; 366 msqptr->_msg_first = NULL; 367 msqptr->_msg_last = NULL; 368 msqptr->_msg_cbytes = 0; 369 msqptr->msg_qnum = 0; 370 msqptr->msg_qbytes = msginfo.msgmnb; 371 msqptr->msg_lspid = 0; 372 msqptr->msg_lrpid = 0; 373 msqptr->msg_stime = 0; 374 msqptr->msg_rtime = 0; 375 msqptr->msg_ctime = time.tv_sec; 376 } else { 377 MSG_PRINTF(("didn't find it and wasn't asked to create it\n")); 378 return (ENOENT); 379 } 380 381 found: 382 /* Construct the unique msqid */ 383 *retval = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm); 384 return (0); 385 } 386 387 int 388 sys_msgsnd(p, v, retval) 389 struct proc *p; 390 void *v; 391 register_t *retval; 392 { 393 struct sys_msgsnd_args /* { 394 syscallarg(int) msqid; 395 syscallarg(const void *) msgp; 396 syscallarg(size_t) msgsz; 397 syscallarg(int) msgflg; 398 } */ *uap = v; 399 int msqid = SCARG(uap, msqid); 400 const char *user_msgp = SCARG(uap, msgp); 401 size_t msgsz = SCARG(uap, msgsz); 402 int msgflg = SCARG(uap, msgflg); 403 int segs_needed, error; 404 struct ucred *cred = p->p_ucred; 405 struct msqid_ds *msqptr; 406 struct __msg *msghdr; 407 short next; 408 409 MSG_PRINTF(("call to msgsnd(%d, %p, %d, %d)\n", msqid, user_msgp, msgsz, 410 msgflg)); 411 412 msqid = IPCID_TO_IX(msqid); 413 414 if (msqid < 0 || msqid >= msginfo.msgmni) { 415 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 416 msginfo.msgmni)); 417 return (EINVAL); 418 } 419 420 msqptr = &msqids[msqid]; 421 if (msqptr->msg_qbytes == 0) { 422 MSG_PRINTF(("no such message queue id\n")); 423 return (EINVAL); 424 } 425 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 426 MSG_PRINTF(("wrong sequence number\n")); 427 return (EINVAL); 428 } 429 430 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_W))) { 431 MSG_PRINTF(("requester doesn't have write access\n")); 432 return (error); 433 } 434 435 segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz; 436 MSG_PRINTF(("msgsz=%d, msgssz=%d, segs_needed=%d\n", msgsz, 437 msginfo.msgssz, segs_needed)); 438 for (;;) { 439 int need_more_resources = 0; 440 441 /* 442 * check msgsz [cannot be negative since it is unsigned] 443 * (inside this loop in case msg_qbytes changes while we sleep) 444 */ 445 446 if (msgsz > msqptr->msg_qbytes) { 447 MSG_PRINTF(("msgsz > msqptr->msg_qbytes\n")); 448 return (EINVAL); 449 } 450 451 if (msqptr->msg_perm.mode & MSG_LOCKED) { 452 MSG_PRINTF(("msqid is locked\n")); 453 need_more_resources = 1; 454 } 455 if (msgsz + msqptr->_msg_cbytes > msqptr->msg_qbytes) { 456 MSG_PRINTF(("msgsz + msg_cbytes > msg_qbytes\n")); 457 need_more_resources = 1; 458 } 459 if (segs_needed > nfree_msgmaps) { 460 MSG_PRINTF(("segs_needed > nfree_msgmaps\n")); 461 need_more_resources = 1; 462 } 463 if (free_msghdrs == NULL) { 464 MSG_PRINTF(("no more msghdrs\n")); 465 need_more_resources = 1; 466 } 467 468 if (need_more_resources) { 469 int we_own_it; 470 471 if ((msgflg & IPC_NOWAIT) != 0) { 472 MSG_PRINTF(("need more resources but caller " 473 "doesn't want to wait\n")); 474 return (EAGAIN); 475 } 476 477 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) { 478 MSG_PRINTF(("we don't own the msqid_ds\n")); 479 we_own_it = 0; 480 } else { 481 /* Force later arrivals to wait for our 482 request */ 483 MSG_PRINTF(("we own the msqid_ds\n")); 484 msqptr->msg_perm.mode |= MSG_LOCKED; 485 we_own_it = 1; 486 } 487 MSG_PRINTF(("goodnight\n")); 488 error = tsleep(msqptr, (PZERO - 4) | PCATCH, 489 "msgwait", 0); 490 MSG_PRINTF(("good morning, error=%d\n", error)); 491 if (we_own_it) 492 msqptr->msg_perm.mode &= ~MSG_LOCKED; 493 if (error != 0) { 494 MSG_PRINTF(("msgsnd: interrupted system " 495 "call\n")); 496 return (EINTR); 497 } 498 499 /* 500 * Make sure that the msq queue still exists 501 */ 502 503 if (msqptr->msg_qbytes == 0) { 504 MSG_PRINTF(("msqid deleted\n")); 505 /* The SVID says to return EIDRM. */ 506 #ifdef EIDRM 507 return (EIDRM); 508 #else 509 /* Unfortunately, BSD doesn't define that code 510 yet! */ 511 return (EINVAL); 512 #endif 513 } 514 } else { 515 MSG_PRINTF(("got all the resources that we need\n")); 516 break; 517 } 518 } 519 520 /* 521 * We have the resources that we need. 522 * Make sure! 523 */ 524 525 if (msqptr->msg_perm.mode & MSG_LOCKED) 526 panic("msg_perm.mode & MSG_LOCKED"); 527 if (segs_needed > nfree_msgmaps) 528 panic("segs_needed > nfree_msgmaps"); 529 if (msgsz + msqptr->_msg_cbytes > msqptr->msg_qbytes) 530 panic("msgsz + msg_cbytes > msg_qbytes"); 531 if (free_msghdrs == NULL) 532 panic("no more msghdrs"); 533 534 /* 535 * Re-lock the msqid_ds in case we page-fault when copying in the 536 * message 537 */ 538 539 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) 540 panic("msqid_ds is already locked"); 541 msqptr->msg_perm.mode |= MSG_LOCKED; 542 543 /* 544 * Allocate a message header 545 */ 546 547 msghdr = free_msghdrs; 548 free_msghdrs = msghdr->msg_next; 549 msghdr->msg_spot = -1; 550 msghdr->msg_ts = msgsz; 551 552 /* 553 * Allocate space for the message 554 */ 555 556 while (segs_needed > 0) { 557 if (nfree_msgmaps <= 0) 558 panic("not enough msgmaps"); 559 if (free_msgmaps == -1) 560 panic("nil free_msgmaps"); 561 next = free_msgmaps; 562 if (next <= -1) 563 panic("next too low #1"); 564 if (next >= msginfo.msgseg) 565 panic("next out of range #1"); 566 MSG_PRINTF(("allocating segment %d to message\n", next)); 567 free_msgmaps = msgmaps[next].next; 568 nfree_msgmaps--; 569 msgmaps[next].next = msghdr->msg_spot; 570 msghdr->msg_spot = next; 571 segs_needed--; 572 } 573 574 /* 575 * Copy in the message type 576 */ 577 578 if ((error = copyin(user_msgp, &msghdr->msg_type, 579 sizeof(msghdr->msg_type))) != 0) { 580 MSG_PRINTF(("error %d copying the message type\n", error)); 581 msg_freehdr(msghdr); 582 msqptr->msg_perm.mode &= ~MSG_LOCKED; 583 wakeup(msqptr); 584 return (error); 585 } 586 user_msgp += sizeof(msghdr->msg_type); 587 588 /* 589 * Validate the message type 590 */ 591 592 if (msghdr->msg_type < 1) { 593 msg_freehdr(msghdr); 594 msqptr->msg_perm.mode &= ~MSG_LOCKED; 595 wakeup(msqptr); 596 MSG_PRINTF(("mtype (%d) < 1\n", msghdr->msg_type)); 597 return (EINVAL); 598 } 599 600 /* 601 * Copy in the message body 602 */ 603 604 next = msghdr->msg_spot; 605 while (msgsz > 0) { 606 size_t tlen; 607 if (msgsz > msginfo.msgssz) 608 tlen = msginfo.msgssz; 609 else 610 tlen = msgsz; 611 if (next <= -1) 612 panic("next too low #2"); 613 if (next >= msginfo.msgseg) 614 panic("next out of range #2"); 615 if ((error = copyin(user_msgp, &msgpool[next * msginfo.msgssz], 616 tlen)) != 0) { 617 MSG_PRINTF(("error %d copying in message segment\n", 618 error)); 619 msg_freehdr(msghdr); 620 msqptr->msg_perm.mode &= ~MSG_LOCKED; 621 wakeup(msqptr); 622 return (error); 623 } 624 msgsz -= tlen; 625 user_msgp += tlen; 626 next = msgmaps[next].next; 627 } 628 if (next != -1) 629 panic("didn't use all the msg segments"); 630 631 /* 632 * We've got the message. Unlock the msqid_ds. 633 */ 634 635 msqptr->msg_perm.mode &= ~MSG_LOCKED; 636 637 /* 638 * Make sure that the msqid_ds is still allocated. 639 */ 640 641 if (msqptr->msg_qbytes == 0) { 642 msg_freehdr(msghdr); 643 wakeup(msqptr); 644 /* The SVID says to return EIDRM. */ 645 #ifdef EIDRM 646 return (EIDRM); 647 #else 648 /* Unfortunately, BSD doesn't define that code yet! */ 649 return (EINVAL); 650 #endif 651 } 652 653 /* 654 * Put the message into the queue 655 */ 656 657 if (msqptr->_msg_first == NULL) { 658 msqptr->_msg_first = msghdr; 659 msqptr->_msg_last = msghdr; 660 } else { 661 msqptr->_msg_last->msg_next = msghdr; 662 msqptr->_msg_last = msghdr; 663 } 664 msqptr->_msg_last->msg_next = NULL; 665 666 msqptr->_msg_cbytes += msghdr->msg_ts; 667 msqptr->msg_qnum++; 668 msqptr->msg_lspid = p->p_pid; 669 msqptr->msg_stime = time.tv_sec; 670 671 wakeup(msqptr); 672 return (0); 673 } 674 675 int 676 sys_msgrcv(p, v, retval) 677 struct proc *p; 678 void *v; 679 register_t *retval; 680 { 681 register struct sys_msgrcv_args /* { 682 syscallarg(int) msqid; 683 syscallarg(void *) msgp; 684 syscallarg(size_t) msgsz; 685 syscallarg(long) msgtyp; 686 syscallarg(int) msgflg; 687 } */ *uap = v; 688 int msqid = SCARG(uap, msqid); 689 char *user_msgp = SCARG(uap, msgp); 690 size_t msgsz = SCARG(uap, msgsz); 691 long msgtyp = SCARG(uap, msgtyp); 692 int msgflg = SCARG(uap, msgflg); 693 size_t len; 694 struct ucred *cred = p->p_ucred; 695 register struct msqid_ds *msqptr; 696 register struct __msg *msghdr; 697 int error; 698 short next; 699 700 MSG_PRINTF(("call to msgrcv(%d, %p, %d, %ld, %d)\n", msqid, user_msgp, 701 msgsz, msgtyp, msgflg)); 702 703 msqid = IPCID_TO_IX(msqid); 704 705 if (msqid < 0 || msqid >= msginfo.msgmni) { 706 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 707 msginfo.msgmni)); 708 return (EINVAL); 709 } 710 711 msqptr = &msqids[msqid]; 712 if (msqptr->msg_qbytes == 0) { 713 MSG_PRINTF(("no such message queue id\n")); 714 return (EINVAL); 715 } 716 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 717 MSG_PRINTF(("wrong sequence number\n")); 718 return (EINVAL); 719 } 720 721 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 722 MSG_PRINTF(("requester doesn't have read access\n")); 723 return (error); 724 } 725 726 #if 0 727 /* cannot happen, msgsz is unsigned */ 728 if (msgsz < 0) { 729 MSG_PRINTF(("msgsz < 0\n")); 730 return (EINVAL); 731 } 732 #endif 733 734 msghdr = NULL; 735 while (msghdr == NULL) { 736 if (msgtyp == 0) { 737 msghdr = msqptr->_msg_first; 738 if (msghdr != NULL) { 739 if (msgsz < msghdr->msg_ts && 740 (msgflg & MSG_NOERROR) == 0) { 741 MSG_PRINTF(("first message on the " 742 "queue is too big " 743 "(want %d, got %d)\n", 744 msgsz, msghdr->msg_ts)); 745 return (E2BIG); 746 } 747 if (msqptr->_msg_first == msqptr->_msg_last) { 748 msqptr->_msg_first = NULL; 749 msqptr->_msg_last = NULL; 750 } else { 751 msqptr->_msg_first = msghdr->msg_next; 752 if (msqptr->_msg_first == NULL) 753 panic("msg_first/last screwed " 754 "up #1"); 755 } 756 } 757 } else { 758 struct __msg *previous; 759 struct __msg **prev; 760 761 for (previous = NULL, prev = &msqptr->_msg_first; 762 (msghdr = *prev) != NULL; 763 previous = msghdr, prev = &msghdr->msg_next) { 764 /* 765 * Is this message's type an exact match or is 766 * this message's type less than or equal to 767 * the absolute value of a negative msgtyp? 768 * Note that the second half of this test can 769 * NEVER be true if msgtyp is positive since 770 * msg_type is always positive! 771 */ 772 773 if (msgtyp == msghdr->msg_type || 774 msghdr->msg_type <= -msgtyp) { 775 MSG_PRINTF(("found message type %d, " 776 "requested %d\n", 777 msghdr->msg_type, msgtyp)); 778 if (msgsz < msghdr->msg_ts && 779 (msgflg & MSG_NOERROR) == 0) { 780 MSG_PRINTF(("requested message " 781 "on the queue is too big " 782 "(want %d, got %d)\n", 783 msgsz, msghdr->msg_ts)); 784 return (E2BIG); 785 } 786 *prev = msghdr->msg_next; 787 if (msghdr == msqptr->_msg_last) { 788 if (previous == NULL) { 789 if (prev != 790 &msqptr->_msg_first) 791 panic("msg_first/last screwed up #2"); 792 msqptr->_msg_first = 793 NULL; 794 msqptr->_msg_last = 795 NULL; 796 } else { 797 if (prev == 798 &msqptr->_msg_first) 799 panic("msg_first/last screwed up #3"); 800 msqptr->_msg_last = 801 previous; 802 } 803 } 804 break; 805 } 806 } 807 } 808 809 /* 810 * We've either extracted the msghdr for the appropriate 811 * message or there isn't one. 812 * If there is one then bail out of this loop. 813 */ 814 815 if (msghdr != NULL) 816 break; 817 818 /* 819 * Hmph! No message found. Does the user want to wait? 820 */ 821 822 if ((msgflg & IPC_NOWAIT) != 0) { 823 MSG_PRINTF(("no appropriate message found (msgtyp=%d)\n", 824 msgtyp)); 825 /* The SVID says to return ENOMSG. */ 826 #ifdef ENOMSG 827 return (ENOMSG); 828 #else 829 /* Unfortunately, BSD doesn't define that code yet! */ 830 return (EAGAIN); 831 #endif 832 } 833 834 /* 835 * Wait for something to happen 836 */ 837 838 MSG_PRINTF(("msgrcv: goodnight\n")); 839 error = tsleep(msqptr, (PZERO - 4) | PCATCH, "msgwait", 840 0); 841 MSG_PRINTF(("msgrcv: good morning (error=%d)\n", error)); 842 843 if (error != 0) { 844 MSG_PRINTF(("msgsnd: interrupted system call\n")); 845 return (EINTR); 846 } 847 848 /* 849 * Make sure that the msq queue still exists 850 */ 851 852 if (msqptr->msg_qbytes == 0 || 853 msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 854 MSG_PRINTF(("msqid deleted\n")); 855 /* The SVID says to return EIDRM. */ 856 #ifdef EIDRM 857 return (EIDRM); 858 #else 859 /* Unfortunately, BSD doesn't define that code yet! */ 860 return (EINVAL); 861 #endif 862 } 863 } 864 865 /* 866 * Return the message to the user. 867 * 868 * First, do the bookkeeping (before we risk being interrupted). 869 */ 870 871 msqptr->_msg_cbytes -= msghdr->msg_ts; 872 msqptr->msg_qnum--; 873 msqptr->msg_lrpid = p->p_pid; 874 msqptr->msg_rtime = time.tv_sec; 875 876 /* 877 * Make msgsz the actual amount that we'll be returning. 878 * Note that this effectively truncates the message if it is too long 879 * (since msgsz is never increased). 880 */ 881 882 MSG_PRINTF(("found a message, msgsz=%d, msg_ts=%d\n", msgsz, 883 msghdr->msg_ts)); 884 if (msgsz > msghdr->msg_ts) 885 msgsz = msghdr->msg_ts; 886 887 /* 888 * Return the type to the user. 889 */ 890 891 error = copyout(&msghdr->msg_type, user_msgp, sizeof(msghdr->msg_type)); 892 if (error != 0) { 893 MSG_PRINTF(("error (%d) copying out message type\n", error)); 894 msg_freehdr(msghdr); 895 wakeup(msqptr); 896 return (error); 897 } 898 user_msgp += sizeof(msghdr->msg_type); 899 900 /* 901 * Return the segments to the user 902 */ 903 904 next = msghdr->msg_spot; 905 for (len = 0; len < msgsz; len += msginfo.msgssz) { 906 size_t tlen; 907 908 if (msgsz - len > msginfo.msgssz) 909 tlen = msginfo.msgssz; 910 else 911 tlen = msgsz - len; 912 if (next <= -1) 913 panic("next too low #3"); 914 if (next >= msginfo.msgseg) 915 panic("next out of range #3"); 916 error = copyout(&msgpool[next * msginfo.msgssz], 917 user_msgp, tlen); 918 if (error != 0) { 919 MSG_PRINTF(("error (%d) copying out message segment\n", 920 error)); 921 msg_freehdr(msghdr); 922 wakeup(msqptr); 923 return (error); 924 } 925 user_msgp += tlen; 926 next = msgmaps[next].next; 927 } 928 929 /* 930 * Done, return the actual number of bytes copied out. 931 */ 932 933 msg_freehdr(msghdr); 934 wakeup(msqptr); 935 *retval = msgsz; 936 return (0); 937 } 938