1 /* $NetBSD: sysv_msg.c,v 1.35 2003/01/18 10:06:35 thorpej Exp $ */ 2 3 /*- 4 * Copyright (c) 1999 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, 9 * NASA Ames Research Center. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed by the NetBSD 22 * Foundation, Inc. and its contributors. 23 * 4. Neither the name of The NetBSD Foundation nor the names of its 24 * contributors may be used to endorse or promote products derived 25 * from this software without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 28 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 31 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 37 * POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40 /* 41 * Implementation of SVID messages 42 * 43 * Author: Daniel Boulet 44 * 45 * Copyright 1993 Daniel Boulet and RTMX Inc. 46 * 47 * This system call was implemented by Daniel Boulet under contract from RTMX. 48 * 49 * Redistribution and use in source forms, with and without modification, 50 * are permitted provided that this entire comment appears intact. 51 * 52 * Redistribution in binary form may occur without any restrictions. 53 * Obviously, it would be nice if you gave credit where credit is due 54 * but requiring it would be too onerous. 55 * 56 * This software is provided ``AS IS'' without any warranties of any kind. 57 */ 58 59 #include <sys/cdefs.h> 60 __KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.35 2003/01/18 10:06:35 thorpej Exp $"); 61 62 #define SYSVMSG 63 64 #include <sys/param.h> 65 #include <sys/kernel.h> 66 #include <sys/msg.h> 67 #include <sys/sysctl.h> 68 #include <sys/mount.h> /* XXX for <sys/syscallargs.h> */ 69 #include <sys/sa.h> 70 #include <sys/syscallargs.h> 71 72 #define MSG_DEBUG 73 #undef MSG_DEBUG_OK 74 75 #ifdef MSG_DEBUG_OK 76 #define MSG_PRINTF(a) printf a 77 #else 78 #define MSG_PRINTF(a) 79 #endif 80 81 int nfree_msgmaps; /* # of free map entries */ 82 short free_msgmaps; /* head of linked list of free map entries */ 83 struct __msg *free_msghdrs; /* list of free msg headers */ 84 char *msgpool; /* MSGMAX byte long msg buffer pool */ 85 struct msgmap *msgmaps; /* MSGSEG msgmap structures */ 86 struct __msg *msghdrs; /* MSGTQL msg headers */ 87 struct msqid_ds *msqids; /* MSGMNI msqid_ds struct's */ 88 89 static void msg_freehdr __P((struct __msg *)); 90 91 void 92 msginit() 93 { 94 int i; 95 96 /* 97 * msginfo.msgssz should be a power of two for efficiency reasons. 98 * It is also pretty silly if msginfo.msgssz is less than 8 99 * or greater than about 256 so ... 100 */ 101 102 i = 8; 103 while (i < 1024 && i != msginfo.msgssz) 104 i <<= 1; 105 if (i != msginfo.msgssz) { 106 MSG_PRINTF(("msginfo.msgssz=%d (0x%x)\n", msginfo.msgssz, 107 msginfo.msgssz)); 108 panic("msginfo.msgssz not a small power of 2"); 109 } 110 111 if (msginfo.msgseg > 32767) { 112 MSG_PRINTF(("msginfo.msgseg=%d\n", msginfo.msgseg)); 113 panic("msginfo.msgseg > 32767"); 114 } 115 116 if (msgmaps == NULL) 117 panic("msgmaps is NULL"); 118 119 for (i = 0; i < msginfo.msgseg; i++) { 120 if (i > 0) 121 msgmaps[i-1].next = i; 122 msgmaps[i].next = -1; /* implies entry is available */ 123 } 124 free_msgmaps = 0; 125 nfree_msgmaps = msginfo.msgseg; 126 127 if (msghdrs == NULL) 128 panic("msghdrs is NULL"); 129 130 for (i = 0; i < msginfo.msgtql; i++) { 131 msghdrs[i].msg_type = 0; 132 if (i > 0) 133 msghdrs[i-1].msg_next = &msghdrs[i]; 134 msghdrs[i].msg_next = NULL; 135 } 136 free_msghdrs = &msghdrs[0]; 137 138 if (msqids == NULL) 139 panic("msqids is NULL"); 140 141 for (i = 0; i < msginfo.msgmni; i++) { 142 msqids[i].msg_qbytes = 0; /* implies entry is available */ 143 msqids[i].msg_perm._seq = 0; /* reset to a known value */ 144 } 145 } 146 147 static void 148 msg_freehdr(msghdr) 149 struct __msg *msghdr; 150 { 151 while (msghdr->msg_ts > 0) { 152 short next; 153 if (msghdr->msg_spot < 0 || msghdr->msg_spot >= msginfo.msgseg) 154 panic("msghdr->msg_spot out of range"); 155 next = msgmaps[msghdr->msg_spot].next; 156 msgmaps[msghdr->msg_spot].next = free_msgmaps; 157 free_msgmaps = msghdr->msg_spot; 158 nfree_msgmaps++; 159 msghdr->msg_spot = next; 160 if (msghdr->msg_ts >= msginfo.msgssz) 161 msghdr->msg_ts -= msginfo.msgssz; 162 else 163 msghdr->msg_ts = 0; 164 } 165 if (msghdr->msg_spot != -1) 166 panic("msghdr->msg_spot != -1"); 167 msghdr->msg_next = free_msghdrs; 168 free_msghdrs = msghdr; 169 } 170 171 int 172 sys___msgctl13(l, v, retval) 173 struct lwp *l; 174 void *v; 175 register_t *retval; 176 { 177 struct sys___msgctl13_args /* { 178 syscallarg(int) msqid; 179 syscallarg(int) cmd; 180 syscallarg(struct msqid_ds *) buf; 181 } */ *uap = v; 182 struct proc *p = l->l_proc; 183 struct msqid_ds msqbuf; 184 int cmd, error; 185 186 cmd = SCARG(uap, cmd); 187 188 if (cmd == IPC_SET) { 189 error = copyin(SCARG(uap, buf), &msqbuf, sizeof(msqbuf)); 190 if (error) 191 return (error); 192 } 193 194 error = msgctl1(p, SCARG(uap, msqid), cmd, 195 (cmd == IPC_SET || cmd == IPC_STAT) ? &msqbuf : NULL); 196 197 if (error == 0 && cmd == IPC_STAT) 198 error = copyout(&msqbuf, SCARG(uap, buf), sizeof(msqbuf)); 199 200 return (error); 201 } 202 203 int 204 msgctl1(p, msqid, cmd, msqbuf) 205 struct proc *p; 206 int msqid; 207 int cmd; 208 struct msqid_ds *msqbuf; 209 { 210 struct ucred *cred = p->p_ucred; 211 struct msqid_ds *msqptr; 212 int error = 0, ix; 213 214 MSG_PRINTF(("call to msgctl1(%d, %d)\n", msqid, cmd)); 215 216 ix = IPCID_TO_IX(msqid); 217 218 if (ix < 0 || ix >= msginfo.msgmni) { 219 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", ix, 220 msginfo.msgmni)); 221 return (EINVAL); 222 } 223 224 msqptr = &msqids[ix]; 225 226 if (msqptr->msg_qbytes == 0) { 227 MSG_PRINTF(("no such msqid\n")); 228 return (EINVAL); 229 } 230 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(msqid)) { 231 MSG_PRINTF(("wrong sequence number\n")); 232 return (EINVAL); 233 } 234 235 switch (cmd) { 236 case IPC_RMID: 237 { 238 struct __msg *msghdr; 239 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)) != 0) 240 return (error); 241 /* Free the message headers */ 242 msghdr = msqptr->_msg_first; 243 while (msghdr != NULL) { 244 struct __msg *msghdr_tmp; 245 246 /* Free the segments of each message */ 247 msqptr->_msg_cbytes -= msghdr->msg_ts; 248 msqptr->msg_qnum--; 249 msghdr_tmp = msghdr; 250 msghdr = msghdr->msg_next; 251 msg_freehdr(msghdr_tmp); 252 } 253 254 if (msqptr->_msg_cbytes != 0) 255 panic("msg_cbytes is screwed up"); 256 if (msqptr->msg_qnum != 0) 257 panic("msg_qnum is screwed up"); 258 259 msqptr->msg_qbytes = 0; /* Mark it as free */ 260 261 wakeup(msqptr); 262 } 263 break; 264 265 case IPC_SET: 266 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M))) 267 return (error); 268 if (msqbuf->msg_qbytes > msqptr->msg_qbytes && cred->cr_uid != 0) 269 return (EPERM); 270 if (msqbuf->msg_qbytes > msginfo.msgmnb) { 271 MSG_PRINTF(("can't increase msg_qbytes beyond %d " 272 "(truncating)\n", msginfo.msgmnb)); 273 /* silently restrict qbytes to system limit */ 274 msqbuf->msg_qbytes = msginfo.msgmnb; 275 } 276 if (msqbuf->msg_qbytes == 0) { 277 MSG_PRINTF(("can't reduce msg_qbytes to 0\n")); 278 return (EINVAL); /* XXX non-standard errno! */ 279 } 280 msqptr->msg_perm.uid = msqbuf->msg_perm.uid; 281 msqptr->msg_perm.gid = msqbuf->msg_perm.gid; 282 msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) | 283 (msqbuf->msg_perm.mode & 0777); 284 msqptr->msg_qbytes = msqbuf->msg_qbytes; 285 msqptr->msg_ctime = time.tv_sec; 286 break; 287 288 case IPC_STAT: 289 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 290 MSG_PRINTF(("requester doesn't have read access\n")); 291 return (error); 292 } 293 memcpy(msqbuf, msqptr, sizeof(struct msqid_ds)); 294 break; 295 296 default: 297 MSG_PRINTF(("invalid command %d\n", cmd)); 298 return (EINVAL); 299 } 300 301 return (error); 302 } 303 304 int 305 sys_msgget(l, v, retval) 306 struct lwp *l; 307 void *v; 308 register_t *retval; 309 { 310 struct sys_msgget_args /* { 311 syscallarg(key_t) key; 312 syscallarg(int) msgflg; 313 } */ *uap = v; 314 struct proc *p = l->l_proc; 315 int msqid, error; 316 int key = SCARG(uap, key); 317 int msgflg = SCARG(uap, msgflg); 318 struct ucred *cred = p->p_ucred; 319 struct msqid_ds *msqptr = NULL; 320 321 MSG_PRINTF(("msgget(0x%x, 0%o)\n", key, msgflg)); 322 323 if (key != IPC_PRIVATE) { 324 for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 325 msqptr = &msqids[msqid]; 326 if (msqptr->msg_qbytes != 0 && 327 msqptr->msg_perm._key == key) 328 break; 329 } 330 if (msqid < msginfo.msgmni) { 331 MSG_PRINTF(("found public key\n")); 332 if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) { 333 MSG_PRINTF(("not exclusive\n")); 334 return(EEXIST); 335 } 336 if ((error = ipcperm(cred, &msqptr->msg_perm, 337 msgflg & 0700 ))) { 338 MSG_PRINTF(("requester doesn't have 0%o access\n", 339 msgflg & 0700)); 340 return (error); 341 } 342 goto found; 343 } 344 } 345 346 MSG_PRINTF(("need to allocate the msqid_ds\n")); 347 if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) { 348 for (msqid = 0; msqid < msginfo.msgmni; msqid++) { 349 /* 350 * Look for an unallocated and unlocked msqid_ds. 351 * msqid_ds's can be locked by msgsnd or msgrcv while 352 * they are copying the message in/out. We can't 353 * re-use the entry until they release it. 354 */ 355 msqptr = &msqids[msqid]; 356 if (msqptr->msg_qbytes == 0 && 357 (msqptr->msg_perm.mode & MSG_LOCKED) == 0) 358 break; 359 } 360 if (msqid == msginfo.msgmni) { 361 MSG_PRINTF(("no more msqid_ds's available\n")); 362 return (ENOSPC); 363 } 364 MSG_PRINTF(("msqid %d is available\n", msqid)); 365 msqptr->msg_perm._key = key; 366 msqptr->msg_perm.cuid = cred->cr_uid; 367 msqptr->msg_perm.uid = cred->cr_uid; 368 msqptr->msg_perm.cgid = cred->cr_gid; 369 msqptr->msg_perm.gid = cred->cr_gid; 370 msqptr->msg_perm.mode = (msgflg & 0777); 371 /* Make sure that the returned msqid is unique */ 372 msqptr->msg_perm._seq++; 373 msqptr->_msg_first = NULL; 374 msqptr->_msg_last = NULL; 375 msqptr->_msg_cbytes = 0; 376 msqptr->msg_qnum = 0; 377 msqptr->msg_qbytes = msginfo.msgmnb; 378 msqptr->msg_lspid = 0; 379 msqptr->msg_lrpid = 0; 380 msqptr->msg_stime = 0; 381 msqptr->msg_rtime = 0; 382 msqptr->msg_ctime = time.tv_sec; 383 } else { 384 MSG_PRINTF(("didn't find it and wasn't asked to create it\n")); 385 return (ENOENT); 386 } 387 388 found: 389 /* Construct the unique msqid */ 390 *retval = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm); 391 return (0); 392 } 393 394 int 395 sys_msgsnd(l, v, retval) 396 struct lwp *l; 397 void *v; 398 register_t *retval; 399 { 400 struct sys_msgsnd_args /* { 401 syscallarg(int) msqid; 402 syscallarg(const void *) msgp; 403 syscallarg(size_t) msgsz; 404 syscallarg(int) msgflg; 405 } */ *uap = v; 406 struct proc *p = l->l_proc; 407 int msqid = SCARG(uap, msqid); 408 const char *user_msgp = SCARG(uap, msgp); 409 size_t msgsz = SCARG(uap, msgsz); 410 int msgflg = SCARG(uap, msgflg); 411 int segs_needed, error; 412 struct ucred *cred = p->p_ucred; 413 struct msqid_ds *msqptr; 414 struct __msg *msghdr; 415 short next; 416 417 MSG_PRINTF(("call to msgsnd(%d, %p, %lld, %d)\n", msqid, user_msgp, 418 (long long)msgsz, msgflg)); 419 420 msqid = IPCID_TO_IX(msqid); 421 422 if (msqid < 0 || msqid >= msginfo.msgmni) { 423 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 424 msginfo.msgmni)); 425 return (EINVAL); 426 } 427 428 msqptr = &msqids[msqid]; 429 if (msqptr->msg_qbytes == 0) { 430 MSG_PRINTF(("no such message queue id\n")); 431 return (EINVAL); 432 } 433 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 434 MSG_PRINTF(("wrong sequence number\n")); 435 return (EINVAL); 436 } 437 438 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_W))) { 439 MSG_PRINTF(("requester doesn't have write access\n")); 440 return (error); 441 } 442 443 segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz; 444 MSG_PRINTF(("msgsz=%lld, msgssz=%d, segs_needed=%d\n", 445 (long long)msgsz, msginfo.msgssz, segs_needed)); 446 for (;;) { 447 int need_more_resources = 0; 448 449 /* 450 * check msgsz [cannot be negative since it is unsigned] 451 * (inside this loop in case msg_qbytes changes while we sleep) 452 */ 453 454 if (msgsz > msqptr->msg_qbytes) { 455 MSG_PRINTF(("msgsz > msqptr->msg_qbytes\n")); 456 return (EINVAL); 457 } 458 459 if (msqptr->msg_perm.mode & MSG_LOCKED) { 460 MSG_PRINTF(("msqid is locked\n")); 461 need_more_resources = 1; 462 } 463 if (msgsz + msqptr->_msg_cbytes > msqptr->msg_qbytes) { 464 MSG_PRINTF(("msgsz + msg_cbytes > msg_qbytes\n")); 465 need_more_resources = 1; 466 } 467 if (segs_needed > nfree_msgmaps) { 468 MSG_PRINTF(("segs_needed > nfree_msgmaps\n")); 469 need_more_resources = 1; 470 } 471 if (free_msghdrs == NULL) { 472 MSG_PRINTF(("no more msghdrs\n")); 473 need_more_resources = 1; 474 } 475 476 if (need_more_resources) { 477 int we_own_it; 478 479 if ((msgflg & IPC_NOWAIT) != 0) { 480 MSG_PRINTF(("need more resources but caller " 481 "doesn't want to wait\n")); 482 return (EAGAIN); 483 } 484 485 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) { 486 MSG_PRINTF(("we don't own the msqid_ds\n")); 487 we_own_it = 0; 488 } else { 489 /* Force later arrivals to wait for our 490 request */ 491 MSG_PRINTF(("we own the msqid_ds\n")); 492 msqptr->msg_perm.mode |= MSG_LOCKED; 493 we_own_it = 1; 494 } 495 MSG_PRINTF(("goodnight\n")); 496 error = tsleep(msqptr, (PZERO - 4) | PCATCH, 497 "msgwait", 0); 498 MSG_PRINTF(("good morning, error=%d\n", error)); 499 if (we_own_it) 500 msqptr->msg_perm.mode &= ~MSG_LOCKED; 501 if (error != 0) { 502 MSG_PRINTF(("msgsnd: interrupted system " 503 "call\n")); 504 return (EINTR); 505 } 506 507 /* 508 * Make sure that the msq queue still exists 509 */ 510 511 if (msqptr->msg_qbytes == 0) { 512 MSG_PRINTF(("msqid deleted\n")); 513 return (EIDRM); 514 } 515 } else { 516 MSG_PRINTF(("got all the resources that we need\n")); 517 break; 518 } 519 } 520 521 /* 522 * We have the resources that we need. 523 * Make sure! 524 */ 525 526 if (msqptr->msg_perm.mode & MSG_LOCKED) 527 panic("msg_perm.mode & MSG_LOCKED"); 528 if (segs_needed > nfree_msgmaps) 529 panic("segs_needed > nfree_msgmaps"); 530 if (msgsz + msqptr->_msg_cbytes > msqptr->msg_qbytes) 531 panic("msgsz + msg_cbytes > msg_qbytes"); 532 if (free_msghdrs == NULL) 533 panic("no more msghdrs"); 534 535 /* 536 * Re-lock the msqid_ds in case we page-fault when copying in the 537 * message 538 */ 539 540 if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) 541 panic("msqid_ds is already locked"); 542 msqptr->msg_perm.mode |= MSG_LOCKED; 543 544 /* 545 * Allocate a message header 546 */ 547 548 msghdr = free_msghdrs; 549 free_msghdrs = msghdr->msg_next; 550 msghdr->msg_spot = -1; 551 msghdr->msg_ts = msgsz; 552 553 /* 554 * Allocate space for the message 555 */ 556 557 while (segs_needed > 0) { 558 if (nfree_msgmaps <= 0) 559 panic("not enough msgmaps"); 560 if (free_msgmaps == -1) 561 panic("nil free_msgmaps"); 562 next = free_msgmaps; 563 if (next <= -1) 564 panic("next too low #1"); 565 if (next >= msginfo.msgseg) 566 panic("next out of range #1"); 567 MSG_PRINTF(("allocating segment %d to message\n", next)); 568 free_msgmaps = msgmaps[next].next; 569 nfree_msgmaps--; 570 msgmaps[next].next = msghdr->msg_spot; 571 msghdr->msg_spot = next; 572 segs_needed--; 573 } 574 575 /* 576 * Copy in the message type 577 */ 578 579 if ((error = copyin(user_msgp, &msghdr->msg_type, 580 sizeof(msghdr->msg_type))) != 0) { 581 MSG_PRINTF(("error %d copying the message type\n", error)); 582 msg_freehdr(msghdr); 583 msqptr->msg_perm.mode &= ~MSG_LOCKED; 584 wakeup(msqptr); 585 return (error); 586 } 587 user_msgp += sizeof(msghdr->msg_type); 588 589 /* 590 * Validate the message type 591 */ 592 593 if (msghdr->msg_type < 1) { 594 msg_freehdr(msghdr); 595 msqptr->msg_perm.mode &= ~MSG_LOCKED; 596 wakeup(msqptr); 597 MSG_PRINTF(("mtype (%ld) < 1\n", msghdr->msg_type)); 598 return (EINVAL); 599 } 600 601 /* 602 * Copy in the message body 603 */ 604 605 next = msghdr->msg_spot; 606 while (msgsz > 0) { 607 size_t tlen; 608 if (msgsz > msginfo.msgssz) 609 tlen = msginfo.msgssz; 610 else 611 tlen = msgsz; 612 if (next <= -1) 613 panic("next too low #2"); 614 if (next >= msginfo.msgseg) 615 panic("next out of range #2"); 616 if ((error = copyin(user_msgp, &msgpool[next * msginfo.msgssz], 617 tlen)) != 0) { 618 MSG_PRINTF(("error %d copying in message segment\n", 619 error)); 620 msg_freehdr(msghdr); 621 msqptr->msg_perm.mode &= ~MSG_LOCKED; 622 wakeup(msqptr); 623 return (error); 624 } 625 msgsz -= tlen; 626 user_msgp += tlen; 627 next = msgmaps[next].next; 628 } 629 if (next != -1) 630 panic("didn't use all the msg segments"); 631 632 /* 633 * We've got the message. Unlock the msqid_ds. 634 */ 635 636 msqptr->msg_perm.mode &= ~MSG_LOCKED; 637 638 /* 639 * Make sure that the msqid_ds is still allocated. 640 */ 641 642 if (msqptr->msg_qbytes == 0) { 643 msg_freehdr(msghdr); 644 wakeup(msqptr); 645 return (EIDRM); 646 } 647 648 /* 649 * Put the message into the queue 650 */ 651 652 if (msqptr->_msg_first == NULL) { 653 msqptr->_msg_first = msghdr; 654 msqptr->_msg_last = msghdr; 655 } else { 656 msqptr->_msg_last->msg_next = msghdr; 657 msqptr->_msg_last = msghdr; 658 } 659 msqptr->_msg_last->msg_next = NULL; 660 661 msqptr->_msg_cbytes += msghdr->msg_ts; 662 msqptr->msg_qnum++; 663 msqptr->msg_lspid = p->p_pid; 664 msqptr->msg_stime = time.tv_sec; 665 666 wakeup(msqptr); 667 return (0); 668 } 669 670 int 671 sys_msgrcv(l, v, retval) 672 struct lwp *l; 673 void *v; 674 register_t *retval; 675 { 676 struct sys_msgrcv_args /* { 677 syscallarg(int) msqid; 678 syscallarg(void *) msgp; 679 syscallarg(size_t) msgsz; 680 syscallarg(long) msgtyp; 681 syscallarg(int) msgflg; 682 } */ *uap = v; 683 struct proc *p = l->l_proc; 684 int msqid = SCARG(uap, msqid); 685 char *user_msgp = SCARG(uap, msgp); 686 size_t msgsz = SCARG(uap, msgsz); 687 long msgtyp = SCARG(uap, msgtyp); 688 int msgflg = SCARG(uap, msgflg); 689 size_t len; 690 struct ucred *cred = p->p_ucred; 691 struct msqid_ds *msqptr; 692 struct __msg *msghdr; 693 int error; 694 short next; 695 696 MSG_PRINTF(("call to msgrcv(%d, %p, %lld, %ld, %d)\n", msqid, 697 user_msgp, (long long)msgsz, msgtyp, msgflg)); 698 699 msqid = IPCID_TO_IX(msqid); 700 701 if (msqid < 0 || msqid >= msginfo.msgmni) { 702 MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid, 703 msginfo.msgmni)); 704 return (EINVAL); 705 } 706 707 msqptr = &msqids[msqid]; 708 if (msqptr->msg_qbytes == 0) { 709 MSG_PRINTF(("no such message queue id\n")); 710 return (EINVAL); 711 } 712 if (msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 713 MSG_PRINTF(("wrong sequence number\n")); 714 return (EINVAL); 715 } 716 717 if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) { 718 MSG_PRINTF(("requester doesn't have read access\n")); 719 return (error); 720 } 721 722 #if 0 723 /* cannot happen, msgsz is unsigned */ 724 if (msgsz < 0) { 725 MSG_PRINTF(("msgsz < 0\n")); 726 return (EINVAL); 727 } 728 #endif 729 730 msghdr = NULL; 731 while (msghdr == NULL) { 732 if (msgtyp == 0) { 733 msghdr = msqptr->_msg_first; 734 if (msghdr != NULL) { 735 if (msgsz < msghdr->msg_ts && 736 (msgflg & MSG_NOERROR) == 0) { 737 MSG_PRINTF(("first message on the " 738 "queue is too big " 739 "(want %lld, got %d)\n", 740 (long long)msgsz, msghdr->msg_ts)); 741 return (E2BIG); 742 } 743 if (msqptr->_msg_first == msqptr->_msg_last) { 744 msqptr->_msg_first = NULL; 745 msqptr->_msg_last = NULL; 746 } else { 747 msqptr->_msg_first = msghdr->msg_next; 748 if (msqptr->_msg_first == NULL) 749 panic("msg_first/last screwed " 750 "up #1"); 751 } 752 } 753 } else { 754 struct __msg *previous; 755 struct __msg **prev; 756 757 for (previous = NULL, prev = &msqptr->_msg_first; 758 (msghdr = *prev) != NULL; 759 previous = msghdr, prev = &msghdr->msg_next) { 760 /* 761 * Is this message's type an exact match or is 762 * this message's type less than or equal to 763 * the absolute value of a negative msgtyp? 764 * Note that the second half of this test can 765 * NEVER be true if msgtyp is positive since 766 * msg_type is always positive! 767 */ 768 769 if (msgtyp == msghdr->msg_type || 770 msghdr->msg_type <= -msgtyp) { 771 MSG_PRINTF(("found message type %ld, " 772 "requested %ld\n", 773 msghdr->msg_type, msgtyp)); 774 if (msgsz < msghdr->msg_ts && 775 (msgflg & MSG_NOERROR) == 0) { 776 MSG_PRINTF(("requested message " 777 "on the queue is too big " 778 "(want %lld, got %d)\n", 779 (long long)msgsz, 780 msghdr->msg_ts)); 781 return (E2BIG); 782 } 783 *prev = msghdr->msg_next; 784 if (msghdr == msqptr->_msg_last) { 785 if (previous == NULL) { 786 if (prev != 787 &msqptr->_msg_first) 788 panic("msg_first/last screwed up #2"); 789 msqptr->_msg_first = 790 NULL; 791 msqptr->_msg_last = 792 NULL; 793 } else { 794 if (prev == 795 &msqptr->_msg_first) 796 panic("msg_first/last screwed up #3"); 797 msqptr->_msg_last = 798 previous; 799 } 800 } 801 break; 802 } 803 } 804 } 805 806 /* 807 * We've either extracted the msghdr for the appropriate 808 * message or there isn't one. 809 * If there is one then bail out of this loop. 810 */ 811 812 if (msghdr != NULL) 813 break; 814 815 /* 816 * Hmph! No message found. Does the user want to wait? 817 */ 818 819 if ((msgflg & IPC_NOWAIT) != 0) { 820 MSG_PRINTF(("no appropriate message found (msgtyp=%ld)\n", 821 msgtyp)); 822 /* The SVID says to return ENOMSG. */ 823 #ifdef ENOMSG 824 return (ENOMSG); 825 #else 826 /* Unfortunately, BSD doesn't define that code yet! */ 827 return (EAGAIN); 828 #endif 829 } 830 831 /* 832 * Wait for something to happen 833 */ 834 835 MSG_PRINTF(("msgrcv: goodnight\n")); 836 error = tsleep(msqptr, (PZERO - 4) | PCATCH, "msgwait", 837 0); 838 MSG_PRINTF(("msgrcv: good morning (error=%d)\n", error)); 839 840 if (error != 0) { 841 MSG_PRINTF(("msgsnd: interrupted system call\n")); 842 return (EINTR); 843 } 844 845 /* 846 * Make sure that the msq queue still exists 847 */ 848 849 if (msqptr->msg_qbytes == 0 || 850 msqptr->msg_perm._seq != IPCID_TO_SEQ(SCARG(uap, msqid))) { 851 MSG_PRINTF(("msqid deleted\n")); 852 return (EIDRM); 853 } 854 } 855 856 /* 857 * Return the message to the user. 858 * 859 * First, do the bookkeeping (before we risk being interrupted). 860 */ 861 862 msqptr->_msg_cbytes -= msghdr->msg_ts; 863 msqptr->msg_qnum--; 864 msqptr->msg_lrpid = p->p_pid; 865 msqptr->msg_rtime = time.tv_sec; 866 867 /* 868 * Make msgsz the actual amount that we'll be returning. 869 * Note that this effectively truncates the message if it is too long 870 * (since msgsz is never increased). 871 */ 872 873 MSG_PRINTF(("found a message, msgsz=%lld, msg_ts=%d\n", 874 (long long)msgsz, msghdr->msg_ts)); 875 if (msgsz > msghdr->msg_ts) 876 msgsz = msghdr->msg_ts; 877 878 /* 879 * Return the type to the user. 880 */ 881 882 error = copyout(&msghdr->msg_type, user_msgp, sizeof(msghdr->msg_type)); 883 if (error != 0) { 884 MSG_PRINTF(("error (%d) copying out message type\n", error)); 885 msg_freehdr(msghdr); 886 wakeup(msqptr); 887 return (error); 888 } 889 user_msgp += sizeof(msghdr->msg_type); 890 891 /* 892 * Return the segments to the user 893 */ 894 895 next = msghdr->msg_spot; 896 for (len = 0; len < msgsz; len += msginfo.msgssz) { 897 size_t tlen; 898 899 if (msgsz - len > msginfo.msgssz) 900 tlen = msginfo.msgssz; 901 else 902 tlen = msgsz - len; 903 if (next <= -1) 904 panic("next too low #3"); 905 if (next >= msginfo.msgseg) 906 panic("next out of range #3"); 907 error = copyout(&msgpool[next * msginfo.msgssz], 908 user_msgp, tlen); 909 if (error != 0) { 910 MSG_PRINTF(("error (%d) copying out message segment\n", 911 error)); 912 msg_freehdr(msghdr); 913 wakeup(msqptr); 914 return (error); 915 } 916 user_msgp += tlen; 917 next = msgmaps[next].next; 918 } 919 920 /* 921 * Done, return the actual number of bytes copied out. 922 */ 923 924 msg_freehdr(msghdr); 925 wakeup(msqptr); 926 *retval = msgsz; 927 return (0); 928 } 929