10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 52565Sudpa * Common Development and Distribution License (the "License"). 62565Sudpa * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 222565Sudpa * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 270Sstevel@tonic-gate /* All Rights Reserved */ 280Sstevel@tonic-gate 290Sstevel@tonic-gate 300Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 310Sstevel@tonic-gate 320Sstevel@tonic-gate /* 330Sstevel@tonic-gate * Inter-Process Communication Message Facility. 340Sstevel@tonic-gate * 350Sstevel@tonic-gate * See os/ipc.c for a description of common IPC functionality. 360Sstevel@tonic-gate * 370Sstevel@tonic-gate * Resource controls 380Sstevel@tonic-gate * ----------------- 390Sstevel@tonic-gate * 40*2677Sml93401 * Control: zone.max-msg-ids (rc_zone_msgmni) 41*2677Sml93401 * Description: Maximum number of message queue ids allowed a zone. 42*2677Sml93401 * 43*2677Sml93401 * When msgget() is used to allocate a message queue, one id is 44*2677Sml93401 * allocated. If the id allocation doesn't succeed, msgget() fails 45*2677Sml93401 * and errno is set to ENOSPC. Upon successful msgctl(, IPC_RMID) 46*2677Sml93401 * the id is deallocated. 47*2677Sml93401 * 480Sstevel@tonic-gate * Control: project.max-msg-ids (rc_project_msgmni) 490Sstevel@tonic-gate * Description: Maximum number of message queue ids allowed a project. 500Sstevel@tonic-gate * 510Sstevel@tonic-gate * When msgget() is used to allocate a message queue, one id is 520Sstevel@tonic-gate * allocated. If the id allocation doesn't succeed, msgget() fails 530Sstevel@tonic-gate * and errno is set to ENOSPC. Upon successful msgctl(, IPC_RMID) 540Sstevel@tonic-gate * the id is deallocated. 550Sstevel@tonic-gate * 560Sstevel@tonic-gate * Control: process.max-msg-qbytes (rc_process_msgmnb) 570Sstevel@tonic-gate * Description: Maximum number of bytes of messages on a message queue. 580Sstevel@tonic-gate * 590Sstevel@tonic-gate * When msgget() successfully allocates a message queue, the minimum 600Sstevel@tonic-gate * enforced value of this limit is used to initialize msg_qbytes. 610Sstevel@tonic-gate * 620Sstevel@tonic-gate * Control: process.max-msg-messages (rc_process_msgtql) 630Sstevel@tonic-gate * Description: Maximum number of messages on a message queue. 640Sstevel@tonic-gate * 650Sstevel@tonic-gate * When msgget() successfully allocates a message queue, the minimum 660Sstevel@tonic-gate * enforced value of this limit is used to initialize a per-queue 670Sstevel@tonic-gate * limit on the number of messages. 680Sstevel@tonic-gate */ 690Sstevel@tonic-gate 700Sstevel@tonic-gate #include <sys/types.h> 710Sstevel@tonic-gate #include <sys/t_lock.h> 720Sstevel@tonic-gate #include <sys/param.h> 730Sstevel@tonic-gate #include <sys/cred.h> 740Sstevel@tonic-gate #include <sys/user.h> 750Sstevel@tonic-gate #include <sys/proc.h> 760Sstevel@tonic-gate #include <sys/time.h> 770Sstevel@tonic-gate #include <sys/ipc.h> 780Sstevel@tonic-gate #include <sys/ipc_impl.h> 790Sstevel@tonic-gate #include <sys/msg.h> 800Sstevel@tonic-gate #include <sys/msg_impl.h> 810Sstevel@tonic-gate #include <sys/list.h> 820Sstevel@tonic-gate #include <sys/systm.h> 830Sstevel@tonic-gate #include <sys/sysmacros.h> 840Sstevel@tonic-gate #include <sys/cpuvar.h> 850Sstevel@tonic-gate #include <sys/kmem.h> 860Sstevel@tonic-gate #include <sys/ddi.h> 870Sstevel@tonic-gate #include <sys/errno.h> 880Sstevel@tonic-gate #include <sys/cmn_err.h> 890Sstevel@tonic-gate #include <sys/debug.h> 900Sstevel@tonic-gate #include <sys/project.h> 910Sstevel@tonic-gate #include <sys/modctl.h> 920Sstevel@tonic-gate #include <sys/syscall.h> 930Sstevel@tonic-gate #include <sys/policy.h> 940Sstevel@tonic-gate #include <sys/zone.h> 950Sstevel@tonic-gate 960Sstevel@tonic-gate #include <c2/audit.h> 970Sstevel@tonic-gate 980Sstevel@tonic-gate /* 990Sstevel@tonic-gate * The following tunables are obsolete. Though for compatibility we 1000Sstevel@tonic-gate * still read and interpret msginfo_msgmnb, msginfo_msgmni, and 1010Sstevel@tonic-gate * msginfo_msgtql (see os/project.c and os/rctl_proc.c), the preferred 1020Sstevel@tonic-gate * mechanism for administrating the IPC Message facility is through the 1030Sstevel@tonic-gate * resource controls described at the top of this file. 1040Sstevel@tonic-gate */ 1050Sstevel@tonic-gate size_t msginfo_msgmax = 2048; /* (obsolete) */ 1060Sstevel@tonic-gate size_t msginfo_msgmnb = 4096; /* (obsolete) */ 1070Sstevel@tonic-gate int msginfo_msgmni = 50; /* (obsolete) */ 1080Sstevel@tonic-gate int msginfo_msgtql = 40; /* (obsolete) */ 1090Sstevel@tonic-gate int msginfo_msgssz = 8; /* (obsolete) */ 1100Sstevel@tonic-gate int msginfo_msgmap = 0; /* (obsolete) */ 1110Sstevel@tonic-gate ushort_t msginfo_msgseg = 1024; /* (obsolete) */ 1120Sstevel@tonic-gate 113*2677Sml93401 extern rctl_hndl_t rc_zone_msgmni; 1140Sstevel@tonic-gate extern rctl_hndl_t rc_project_msgmni; 1150Sstevel@tonic-gate extern rctl_hndl_t rc_process_msgmnb; 1160Sstevel@tonic-gate extern rctl_hndl_t rc_process_msgtql; 1170Sstevel@tonic-gate static ipc_service_t *msq_svc; 1180Sstevel@tonic-gate static zone_key_t msg_zone_key; 1190Sstevel@tonic-gate 1200Sstevel@tonic-gate static void msg_dtor(kipc_perm_t *); 1210Sstevel@tonic-gate static void msg_rmid(kipc_perm_t *); 1220Sstevel@tonic-gate static void msg_remove_zone(zoneid_t, void *); 1230Sstevel@tonic-gate 1240Sstevel@tonic-gate /* 1250Sstevel@tonic-gate * Module linkage information for the kernel. 1260Sstevel@tonic-gate */ 1270Sstevel@tonic-gate static ssize_t msgsys(int opcode, uintptr_t a0, uintptr_t a1, uintptr_t a2, 1280Sstevel@tonic-gate uintptr_t a4, uintptr_t a5); 1290Sstevel@tonic-gate 1300Sstevel@tonic-gate static struct sysent ipcmsg_sysent = { 1310Sstevel@tonic-gate 6, 1320Sstevel@tonic-gate #ifdef _LP64 1330Sstevel@tonic-gate SE_ARGC | SE_NOUNLOAD | SE_64RVAL, 1340Sstevel@tonic-gate #else 1350Sstevel@tonic-gate SE_ARGC | SE_NOUNLOAD | SE_32RVAL1, 1360Sstevel@tonic-gate #endif 1370Sstevel@tonic-gate (int (*)())msgsys 1380Sstevel@tonic-gate }; 1390Sstevel@tonic-gate 1400Sstevel@tonic-gate #ifdef _SYSCALL32_IMPL 1410Sstevel@tonic-gate static ssize32_t msgsys32(int opcode, uint32_t a0, uint32_t a1, uint32_t a2, 1420Sstevel@tonic-gate uint32_t a4, uint32_t a5); 1430Sstevel@tonic-gate 1440Sstevel@tonic-gate static struct sysent ipcmsg_sysent32 = { 1450Sstevel@tonic-gate 6, 1460Sstevel@tonic-gate SE_ARGC | SE_NOUNLOAD | SE_32RVAL1, 1470Sstevel@tonic-gate (int (*)())msgsys32 1480Sstevel@tonic-gate }; 1490Sstevel@tonic-gate #endif /* _SYSCALL32_IMPL */ 1500Sstevel@tonic-gate 1510Sstevel@tonic-gate static struct modlsys modlsys = { 1520Sstevel@tonic-gate &mod_syscallops, "System V message facility", &ipcmsg_sysent 1530Sstevel@tonic-gate }; 1540Sstevel@tonic-gate 1550Sstevel@tonic-gate #ifdef _SYSCALL32_IMPL 1560Sstevel@tonic-gate static struct modlsys modlsys32 = { 1570Sstevel@tonic-gate &mod_syscallops32, "32-bit System V message facility", &ipcmsg_sysent32 1580Sstevel@tonic-gate }; 1590Sstevel@tonic-gate #endif 1600Sstevel@tonic-gate 1610Sstevel@tonic-gate static struct modlinkage modlinkage = { 1620Sstevel@tonic-gate MODREV_1, 1630Sstevel@tonic-gate &modlsys, 1640Sstevel@tonic-gate #ifdef _SYSCALL32_IMPL 1650Sstevel@tonic-gate &modlsys32, 1660Sstevel@tonic-gate #endif 1670Sstevel@tonic-gate NULL 1680Sstevel@tonic-gate }; 1690Sstevel@tonic-gate 1700Sstevel@tonic-gate 1710Sstevel@tonic-gate int 1720Sstevel@tonic-gate _init(void) 1730Sstevel@tonic-gate { 1740Sstevel@tonic-gate int result; 1750Sstevel@tonic-gate 176*2677Sml93401 msq_svc = ipcs_create("msqids", rc_project_msgmni, rc_zone_msgmni, 177*2677Sml93401 sizeof (kmsqid_t), msg_dtor, msg_rmid, AT_IPC_MSG, 178*2677Sml93401 offsetof(ipc_rqty_t, ipcq_msgmni)); 1790Sstevel@tonic-gate zone_key_create(&msg_zone_key, NULL, msg_remove_zone, NULL); 1800Sstevel@tonic-gate 1810Sstevel@tonic-gate if ((result = mod_install(&modlinkage)) == 0) 1820Sstevel@tonic-gate return (0); 1830Sstevel@tonic-gate 1840Sstevel@tonic-gate (void) zone_key_delete(msg_zone_key); 1850Sstevel@tonic-gate ipcs_destroy(msq_svc); 1860Sstevel@tonic-gate 1870Sstevel@tonic-gate return (result); 1880Sstevel@tonic-gate } 1890Sstevel@tonic-gate 1900Sstevel@tonic-gate int 1910Sstevel@tonic-gate _fini(void) 1920Sstevel@tonic-gate { 1930Sstevel@tonic-gate return (EBUSY); 1940Sstevel@tonic-gate } 1950Sstevel@tonic-gate 1960Sstevel@tonic-gate int 1970Sstevel@tonic-gate _info(struct modinfo *modinfop) 1980Sstevel@tonic-gate { 1990Sstevel@tonic-gate return (mod_info(&modlinkage, modinfop)); 2000Sstevel@tonic-gate } 2010Sstevel@tonic-gate 2020Sstevel@tonic-gate static void 2030Sstevel@tonic-gate msg_dtor(kipc_perm_t *perm) 2040Sstevel@tonic-gate { 2050Sstevel@tonic-gate kmsqid_t *qp = (kmsqid_t *)perm; 2062565Sudpa int ii; 2070Sstevel@tonic-gate 2082565Sudpa for (ii = 0; ii < MAX_QNUM_CV; ii++) 2092565Sudpa ASSERT(qp->msg_rcv_cnt[ii] == 0); 2100Sstevel@tonic-gate ASSERT(qp->msg_snd_cnt == 0); 2110Sstevel@tonic-gate ASSERT(qp->msg_cbytes == 0); 2120Sstevel@tonic-gate list_destroy(&qp->msg_list); 2130Sstevel@tonic-gate } 2140Sstevel@tonic-gate 2150Sstevel@tonic-gate 2160Sstevel@tonic-gate #define msg_hold(mp) (mp)->msg_copycnt++ 2170Sstevel@tonic-gate 2180Sstevel@tonic-gate /* 2190Sstevel@tonic-gate * msg_rele - decrement the reference count on the message. When count 2200Sstevel@tonic-gate * reaches zero, free message header and contents. 2210Sstevel@tonic-gate */ 2220Sstevel@tonic-gate static void 2230Sstevel@tonic-gate msg_rele(struct msg *mp) 2240Sstevel@tonic-gate { 2250Sstevel@tonic-gate ASSERT(mp->msg_copycnt > 0); 2260Sstevel@tonic-gate if (mp->msg_copycnt-- == 1) { 2270Sstevel@tonic-gate if (mp->msg_addr) 2280Sstevel@tonic-gate kmem_free(mp->msg_addr, mp->msg_size); 2290Sstevel@tonic-gate kmem_free(mp, sizeof (struct msg)); 2300Sstevel@tonic-gate } 2310Sstevel@tonic-gate } 2320Sstevel@tonic-gate 2330Sstevel@tonic-gate /* 2340Sstevel@tonic-gate * msgunlink - Unlink msg from queue, decrement byte count and wake up anyone 2350Sstevel@tonic-gate * waiting for free bytes on queue. 2360Sstevel@tonic-gate * 2370Sstevel@tonic-gate * Called with queue locked. 2380Sstevel@tonic-gate */ 2390Sstevel@tonic-gate static void 2400Sstevel@tonic-gate msgunlink(kmsqid_t *qp, struct msg *mp) 2410Sstevel@tonic-gate { 2420Sstevel@tonic-gate list_remove(&qp->msg_list, mp); 2430Sstevel@tonic-gate qp->msg_qnum--; 2440Sstevel@tonic-gate qp->msg_cbytes -= mp->msg_size; 2450Sstevel@tonic-gate msg_rele(mp); 2460Sstevel@tonic-gate 2470Sstevel@tonic-gate /* Wake up waiting writers */ 2480Sstevel@tonic-gate if (qp->msg_snd_cnt) 2490Sstevel@tonic-gate cv_broadcast(&qp->msg_snd_cv); 2500Sstevel@tonic-gate } 2510Sstevel@tonic-gate 2520Sstevel@tonic-gate static void 2530Sstevel@tonic-gate msg_rmid(kipc_perm_t *perm) 2540Sstevel@tonic-gate { 2550Sstevel@tonic-gate kmsqid_t *qp = (kmsqid_t *)perm; 2560Sstevel@tonic-gate struct msg *mp; 2572565Sudpa int ii; 2580Sstevel@tonic-gate 2590Sstevel@tonic-gate 2600Sstevel@tonic-gate while ((mp = list_head(&qp->msg_list)) != NULL) 2610Sstevel@tonic-gate msgunlink(qp, mp); 2620Sstevel@tonic-gate ASSERT(qp->msg_cbytes == 0); 2630Sstevel@tonic-gate 2642565Sudpa for (ii = 0; ii < MAX_QNUM_CV; ii++) { 2652565Sudpa if (qp->msg_rcv_cnt[ii]) 2662565Sudpa cv_broadcast(&qp->msg_rcv_cv[ii]); 2672565Sudpa } 2680Sstevel@tonic-gate if (qp->msg_snd_cnt) 2690Sstevel@tonic-gate cv_broadcast(&qp->msg_snd_cv); 2700Sstevel@tonic-gate } 2710Sstevel@tonic-gate 2720Sstevel@tonic-gate /* 2730Sstevel@tonic-gate * msgctl system call. 2740Sstevel@tonic-gate * 2750Sstevel@tonic-gate * gets q lock (via ipc_lookup), releases before return. 2760Sstevel@tonic-gate * may call users of msg_lock 2770Sstevel@tonic-gate */ 2780Sstevel@tonic-gate static int 2790Sstevel@tonic-gate msgctl(int msgid, int cmd, void *arg) 2800Sstevel@tonic-gate { 2810Sstevel@tonic-gate STRUCT_DECL(msqid_ds, ds); /* SVR4 queue work area */ 2820Sstevel@tonic-gate kmsqid_t *qp; /* ptr to associated q */ 2832565Sudpa int error, ii; 2840Sstevel@tonic-gate struct cred *cr; 2850Sstevel@tonic-gate model_t mdl = get_udatamodel(); 2860Sstevel@tonic-gate struct msqid_ds64 ds64; 2870Sstevel@tonic-gate kmutex_t *lock; 2880Sstevel@tonic-gate proc_t *pp = curproc; 2890Sstevel@tonic-gate 2900Sstevel@tonic-gate STRUCT_INIT(ds, mdl); 2910Sstevel@tonic-gate cr = CRED(); 2920Sstevel@tonic-gate 2930Sstevel@tonic-gate /* 2940Sstevel@tonic-gate * Perform pre- or non-lookup actions (e.g. copyins, RMID). 2950Sstevel@tonic-gate */ 2960Sstevel@tonic-gate switch (cmd) { 2970Sstevel@tonic-gate case IPC_SET: 2980Sstevel@tonic-gate if (copyin(arg, STRUCT_BUF(ds), STRUCT_SIZE(ds))) 2990Sstevel@tonic-gate return (set_errno(EFAULT)); 3000Sstevel@tonic-gate break; 3010Sstevel@tonic-gate 3020Sstevel@tonic-gate case IPC_SET64: 3030Sstevel@tonic-gate if (copyin(arg, &ds64, sizeof (struct msqid_ds64))) 3040Sstevel@tonic-gate return (set_errno(EFAULT)); 3050Sstevel@tonic-gate break; 3060Sstevel@tonic-gate 3070Sstevel@tonic-gate case IPC_RMID: 3080Sstevel@tonic-gate if (error = ipc_rmid(msq_svc, msgid, cr)) 3090Sstevel@tonic-gate return (set_errno(error)); 3100Sstevel@tonic-gate return (0); 3110Sstevel@tonic-gate } 3120Sstevel@tonic-gate 3130Sstevel@tonic-gate /* 3140Sstevel@tonic-gate * get msqid_ds for this msgid 3150Sstevel@tonic-gate */ 3160Sstevel@tonic-gate if ((lock = ipc_lookup(msq_svc, msgid, (kipc_perm_t **)&qp)) == NULL) 3170Sstevel@tonic-gate return (set_errno(EINVAL)); 3180Sstevel@tonic-gate 3190Sstevel@tonic-gate switch (cmd) { 3200Sstevel@tonic-gate case IPC_SET: 3210Sstevel@tonic-gate if (STRUCT_FGET(ds, msg_qbytes) > qp->msg_qbytes && 3220Sstevel@tonic-gate secpolicy_ipc_config(cr) != 0) { 3230Sstevel@tonic-gate mutex_exit(lock); 3240Sstevel@tonic-gate return (set_errno(EPERM)); 3250Sstevel@tonic-gate } 3260Sstevel@tonic-gate if (error = ipcperm_set(msq_svc, cr, &qp->msg_perm, 3270Sstevel@tonic-gate &STRUCT_BUF(ds)->msg_perm, mdl)) { 3280Sstevel@tonic-gate mutex_exit(lock); 3290Sstevel@tonic-gate return (set_errno(error)); 3300Sstevel@tonic-gate } 3310Sstevel@tonic-gate qp->msg_qbytes = STRUCT_FGET(ds, msg_qbytes); 3320Sstevel@tonic-gate qp->msg_ctime = gethrestime_sec(); 3330Sstevel@tonic-gate break; 3340Sstevel@tonic-gate 3350Sstevel@tonic-gate case IPC_STAT: 3360Sstevel@tonic-gate if (error = ipcperm_access(&qp->msg_perm, MSG_R, cr)) { 3370Sstevel@tonic-gate mutex_exit(lock); 3380Sstevel@tonic-gate return (set_errno(error)); 3390Sstevel@tonic-gate } 3400Sstevel@tonic-gate 3412565Sudpa for (ii = 0; ii < MAX_QNUM_CV; ii++) { 3422565Sudpa if (qp->msg_rcv_cnt[ii]) { 3432565Sudpa qp->msg_perm.ipc_mode |= MSG_RWAIT; 3442565Sudpa break; 3452565Sudpa } 3462565Sudpa } 3470Sstevel@tonic-gate if (qp->msg_snd_cnt) 3480Sstevel@tonic-gate qp->msg_perm.ipc_mode |= MSG_WWAIT; 3490Sstevel@tonic-gate ipcperm_stat(&STRUCT_BUF(ds)->msg_perm, &qp->msg_perm, mdl); 3500Sstevel@tonic-gate qp->msg_perm.ipc_mode &= ~(MSG_RWAIT|MSG_WWAIT); 3510Sstevel@tonic-gate STRUCT_FSETP(ds, msg_first, NULL); /* kernel addr */ 3520Sstevel@tonic-gate STRUCT_FSETP(ds, msg_last, NULL); 3530Sstevel@tonic-gate STRUCT_FSET(ds, msg_cbytes, qp->msg_cbytes); 3540Sstevel@tonic-gate STRUCT_FSET(ds, msg_qnum, qp->msg_qnum); 3550Sstevel@tonic-gate STRUCT_FSET(ds, msg_qbytes, qp->msg_qbytes); 3560Sstevel@tonic-gate STRUCT_FSET(ds, msg_lspid, qp->msg_lspid); 3570Sstevel@tonic-gate STRUCT_FSET(ds, msg_lrpid, qp->msg_lrpid); 3580Sstevel@tonic-gate STRUCT_FSET(ds, msg_stime, qp->msg_stime); 3590Sstevel@tonic-gate STRUCT_FSET(ds, msg_rtime, qp->msg_rtime); 3600Sstevel@tonic-gate STRUCT_FSET(ds, msg_ctime, qp->msg_ctime); 3610Sstevel@tonic-gate break; 3620Sstevel@tonic-gate 3630Sstevel@tonic-gate case IPC_SET64: 3640Sstevel@tonic-gate mutex_enter(&pp->p_lock); 3650Sstevel@tonic-gate if ((ds64.msgx_qbytes > qp->msg_qbytes) && 3660Sstevel@tonic-gate secpolicy_ipc_config(cr) != 0 && 3670Sstevel@tonic-gate rctl_test(rc_process_msgmnb, pp->p_rctls, pp, 3680Sstevel@tonic-gate ds64.msgx_qbytes, RCA_SAFE) & RCT_DENY) { 3690Sstevel@tonic-gate mutex_exit(&pp->p_lock); 3700Sstevel@tonic-gate mutex_exit(lock); 3710Sstevel@tonic-gate return (set_errno(EPERM)); 3720Sstevel@tonic-gate } 3730Sstevel@tonic-gate mutex_exit(&pp->p_lock); 3740Sstevel@tonic-gate if (error = ipcperm_set64(msq_svc, cr, &qp->msg_perm, 3750Sstevel@tonic-gate &ds64.msgx_perm)) { 3760Sstevel@tonic-gate mutex_exit(lock); 3770Sstevel@tonic-gate return (set_errno(error)); 3780Sstevel@tonic-gate } 3790Sstevel@tonic-gate qp->msg_qbytes = ds64.msgx_qbytes; 3800Sstevel@tonic-gate qp->msg_ctime = gethrestime_sec(); 3810Sstevel@tonic-gate break; 3820Sstevel@tonic-gate 3830Sstevel@tonic-gate case IPC_STAT64: 3842565Sudpa for (ii = 0; ii < MAX_QNUM_CV; ii++) { 3852565Sudpa if (qp->msg_rcv_cnt[ii]) { 3862565Sudpa qp->msg_perm.ipc_mode |= MSG_RWAIT; 3872565Sudpa break; 3882565Sudpa } 3892565Sudpa } 3900Sstevel@tonic-gate if (qp->msg_snd_cnt) 3910Sstevel@tonic-gate qp->msg_perm.ipc_mode |= MSG_WWAIT; 3920Sstevel@tonic-gate ipcperm_stat64(&ds64.msgx_perm, &qp->msg_perm); 3930Sstevel@tonic-gate qp->msg_perm.ipc_mode &= ~(MSG_RWAIT|MSG_WWAIT); 3940Sstevel@tonic-gate ds64.msgx_cbytes = qp->msg_cbytes; 3950Sstevel@tonic-gate ds64.msgx_qnum = qp->msg_qnum; 3960Sstevel@tonic-gate ds64.msgx_qbytes = qp->msg_qbytes; 3970Sstevel@tonic-gate ds64.msgx_lspid = qp->msg_lspid; 3980Sstevel@tonic-gate ds64.msgx_lrpid = qp->msg_lrpid; 3990Sstevel@tonic-gate ds64.msgx_stime = qp->msg_stime; 4000Sstevel@tonic-gate ds64.msgx_rtime = qp->msg_rtime; 4010Sstevel@tonic-gate ds64.msgx_ctime = qp->msg_ctime; 4020Sstevel@tonic-gate break; 4030Sstevel@tonic-gate 4040Sstevel@tonic-gate default: 4050Sstevel@tonic-gate mutex_exit(lock); 4060Sstevel@tonic-gate return (set_errno(EINVAL)); 4070Sstevel@tonic-gate } 4080Sstevel@tonic-gate 4090Sstevel@tonic-gate mutex_exit(lock); 4100Sstevel@tonic-gate 4110Sstevel@tonic-gate /* 4120Sstevel@tonic-gate * Do copyout last (after releasing mutex). 4130Sstevel@tonic-gate */ 4140Sstevel@tonic-gate switch (cmd) { 4150Sstevel@tonic-gate case IPC_STAT: 4160Sstevel@tonic-gate if (copyout(STRUCT_BUF(ds), arg, STRUCT_SIZE(ds))) 4170Sstevel@tonic-gate return (set_errno(EFAULT)); 4180Sstevel@tonic-gate break; 4190Sstevel@tonic-gate 4200Sstevel@tonic-gate case IPC_STAT64: 4210Sstevel@tonic-gate if (copyout(&ds64, arg, sizeof (struct msqid_ds64))) 4220Sstevel@tonic-gate return (set_errno(EFAULT)); 4230Sstevel@tonic-gate break; 4240Sstevel@tonic-gate } 4250Sstevel@tonic-gate 4260Sstevel@tonic-gate return (0); 4270Sstevel@tonic-gate } 4280Sstevel@tonic-gate 4290Sstevel@tonic-gate /* 4300Sstevel@tonic-gate * Remove all message queues associated with a given zone. Called by 4310Sstevel@tonic-gate * zone_shutdown when the zone is halted. 4320Sstevel@tonic-gate */ 4330Sstevel@tonic-gate /*ARGSUSED1*/ 4340Sstevel@tonic-gate static void 4350Sstevel@tonic-gate msg_remove_zone(zoneid_t zoneid, void *arg) 4360Sstevel@tonic-gate { 4370Sstevel@tonic-gate ipc_remove_zone(msq_svc, zoneid); 4380Sstevel@tonic-gate } 4390Sstevel@tonic-gate 4400Sstevel@tonic-gate /* 4410Sstevel@tonic-gate * msgget system call. 4420Sstevel@tonic-gate */ 4430Sstevel@tonic-gate static int 4440Sstevel@tonic-gate msgget(key_t key, int msgflg) 4450Sstevel@tonic-gate { 4460Sstevel@tonic-gate kmsqid_t *qp; 4470Sstevel@tonic-gate kmutex_t *lock; 4480Sstevel@tonic-gate int id, error; 4492565Sudpa int ii; 4500Sstevel@tonic-gate proc_t *pp = curproc; 4510Sstevel@tonic-gate 4520Sstevel@tonic-gate top: 4530Sstevel@tonic-gate if (error = ipc_get(msq_svc, key, msgflg, (kipc_perm_t **)&qp, &lock)) 4540Sstevel@tonic-gate return (set_errno(error)); 4550Sstevel@tonic-gate 4560Sstevel@tonic-gate if (IPC_FREE(&qp->msg_perm)) { 4570Sstevel@tonic-gate mutex_exit(lock); 4580Sstevel@tonic-gate mutex_exit(&pp->p_lock); 4590Sstevel@tonic-gate 4600Sstevel@tonic-gate list_create(&qp->msg_list, sizeof (struct msg), 4610Sstevel@tonic-gate offsetof(struct msg, msg_node)); 4620Sstevel@tonic-gate qp->msg_qnum = 0; 4630Sstevel@tonic-gate qp->msg_lspid = qp->msg_lrpid = 0; 4640Sstevel@tonic-gate qp->msg_stime = qp->msg_rtime = 0; 4650Sstevel@tonic-gate qp->msg_ctime = gethrestime_sec(); 4662565Sudpa for (ii = 0; ii < MAX_QNUM_CV; ii++) 4672565Sudpa qp->msg_rcv_cnt[ii] = 0; 4682565Sudpa qp->msg_snd_cnt = 0; 4690Sstevel@tonic-gate 4700Sstevel@tonic-gate if (error = ipc_commit_begin(msq_svc, key, msgflg, 4710Sstevel@tonic-gate (kipc_perm_t *)qp)) { 4720Sstevel@tonic-gate if (error == EAGAIN) 4730Sstevel@tonic-gate goto top; 4740Sstevel@tonic-gate return (set_errno(error)); 4750Sstevel@tonic-gate } 4760Sstevel@tonic-gate qp->msg_qbytes = rctl_enforced_value(rc_process_msgmnb, 4770Sstevel@tonic-gate pp->p_rctls, pp); 4780Sstevel@tonic-gate qp->msg_qmax = rctl_enforced_value(rc_process_msgtql, 4790Sstevel@tonic-gate pp->p_rctls, pp); 4800Sstevel@tonic-gate lock = ipc_commit_end(msq_svc, &qp->msg_perm); 4810Sstevel@tonic-gate } 4820Sstevel@tonic-gate #ifdef C2_AUDIT 4830Sstevel@tonic-gate if (audit_active) 4840Sstevel@tonic-gate audit_ipcget(AT_IPC_MSG, (void *)qp); 4850Sstevel@tonic-gate #endif 4860Sstevel@tonic-gate id = qp->msg_perm.ipc_id; 4870Sstevel@tonic-gate mutex_exit(lock); 4880Sstevel@tonic-gate return (id); 4890Sstevel@tonic-gate } 4900Sstevel@tonic-gate 4910Sstevel@tonic-gate /* 4920Sstevel@tonic-gate * msgrcv system call. 4930Sstevel@tonic-gate */ 4940Sstevel@tonic-gate static ssize_t 4950Sstevel@tonic-gate msgrcv(int msqid, struct ipcmsgbuf *msgp, size_t msgsz, long msgtyp, int msgflg) 4960Sstevel@tonic-gate { 4970Sstevel@tonic-gate struct msg *mp; /* ptr to msg on q */ 4980Sstevel@tonic-gate struct msg *smp; /* ptr to best msg on q */ 4990Sstevel@tonic-gate kmsqid_t *qp; /* ptr to associated q */ 5000Sstevel@tonic-gate kmutex_t *lock; 5010Sstevel@tonic-gate size_t xtsz; /* transfer byte count */ 5020Sstevel@tonic-gate int error = 0, copyerror = 0; 5030Sstevel@tonic-gate int cvres; 5040Sstevel@tonic-gate STRUCT_HANDLE(ipcmsgbuf, umsgp); 5050Sstevel@tonic-gate model_t mdl = get_udatamodel(); 5060Sstevel@tonic-gate 5070Sstevel@tonic-gate CPU_STATS_ADDQ(CPU, sys, msg, 1); /* bump msg send/rcv count */ 5080Sstevel@tonic-gate STRUCT_SET_HANDLE(umsgp, mdl, msgp); 5090Sstevel@tonic-gate 5100Sstevel@tonic-gate if ((lock = ipc_lookup(msq_svc, msqid, (kipc_perm_t **)&qp)) == NULL) 5110Sstevel@tonic-gate return ((ssize_t)set_errno(EINVAL)); 5120Sstevel@tonic-gate ipc_hold(msq_svc, (kipc_perm_t *)qp); 5130Sstevel@tonic-gate 5140Sstevel@tonic-gate if (error = ipcperm_access(&qp->msg_perm, MSG_R, CRED())) 5150Sstevel@tonic-gate goto msgrcv_out; 5160Sstevel@tonic-gate 5170Sstevel@tonic-gate findmsg: 5180Sstevel@tonic-gate smp = NULL; 5190Sstevel@tonic-gate mp = list_head(&qp->msg_list); 5200Sstevel@tonic-gate if (msgtyp == 0) { 5210Sstevel@tonic-gate smp = mp; 5220Sstevel@tonic-gate } else { 5230Sstevel@tonic-gate for (; mp; mp = list_next(&qp->msg_list, mp)) { 5240Sstevel@tonic-gate if (msgtyp > 0) { 5250Sstevel@tonic-gate if (msgtyp != mp->msg_type) 5260Sstevel@tonic-gate continue; 5270Sstevel@tonic-gate smp = mp; 5280Sstevel@tonic-gate break; 5290Sstevel@tonic-gate } 5300Sstevel@tonic-gate if (mp->msg_type <= -msgtyp) { 5310Sstevel@tonic-gate if (smp && smp->msg_type <= mp->msg_type) 5320Sstevel@tonic-gate continue; 5330Sstevel@tonic-gate smp = mp; 5340Sstevel@tonic-gate } 5350Sstevel@tonic-gate } 5360Sstevel@tonic-gate } 5370Sstevel@tonic-gate 5380Sstevel@tonic-gate if (smp) { 5390Sstevel@tonic-gate /* 5400Sstevel@tonic-gate * Message found. 5410Sstevel@tonic-gate */ 5420Sstevel@tonic-gate if ((smp->msg_flags & MSG_RCVCOPY) == 0) { 5430Sstevel@tonic-gate /* 5440Sstevel@tonic-gate * No one else is copying this message. Copy it. 5450Sstevel@tonic-gate */ 5460Sstevel@tonic-gate if (msgsz < smp->msg_size) { 5470Sstevel@tonic-gate if ((msgflg & MSG_NOERROR) == 0) { 5480Sstevel@tonic-gate error = E2BIG; 5490Sstevel@tonic-gate goto msgrcv_out; 5500Sstevel@tonic-gate } else { 5510Sstevel@tonic-gate xtsz = msgsz; 5520Sstevel@tonic-gate } 5530Sstevel@tonic-gate } else { 5540Sstevel@tonic-gate xtsz = smp->msg_size; 5550Sstevel@tonic-gate } 5560Sstevel@tonic-gate 5570Sstevel@tonic-gate /* 5580Sstevel@tonic-gate * Mark message as being copied out. Release mutex 5590Sstevel@tonic-gate * while copying out. 5600Sstevel@tonic-gate */ 5610Sstevel@tonic-gate ASSERT((smp->msg_flags & MSG_RCVCOPY) == 0); 5620Sstevel@tonic-gate smp->msg_flags |= MSG_RCVCOPY; 5630Sstevel@tonic-gate msg_hold(smp); 5640Sstevel@tonic-gate mutex_exit(lock); 5650Sstevel@tonic-gate 5660Sstevel@tonic-gate if (mdl == DATAMODEL_NATIVE) { 5670Sstevel@tonic-gate copyerror = copyout(&smp->msg_type, msgp, 5680Sstevel@tonic-gate sizeof (smp->msg_type)); 5690Sstevel@tonic-gate } else { 5700Sstevel@tonic-gate /* 5710Sstevel@tonic-gate * 32-bit callers need an imploded msg type. 5720Sstevel@tonic-gate */ 5730Sstevel@tonic-gate int32_t msg_type32 = smp->msg_type; 5740Sstevel@tonic-gate 5750Sstevel@tonic-gate copyerror = copyout(&msg_type32, msgp, 5760Sstevel@tonic-gate sizeof (msg_type32)); 5770Sstevel@tonic-gate } 5780Sstevel@tonic-gate 5790Sstevel@tonic-gate if (copyerror == 0 && xtsz) 5800Sstevel@tonic-gate copyerror = copyout(smp->msg_addr, 5810Sstevel@tonic-gate STRUCT_FADDR(umsgp, mtext), xtsz); 5820Sstevel@tonic-gate 5830Sstevel@tonic-gate /* 5840Sstevel@tonic-gate * Reclaim mutex, make sure queue still exists, 5850Sstevel@tonic-gate * and remove message. 5860Sstevel@tonic-gate */ 5870Sstevel@tonic-gate lock = ipc_lock(msq_svc, qp->msg_perm.ipc_id); 5880Sstevel@tonic-gate ASSERT(smp->msg_flags & MSG_RCVCOPY); 5890Sstevel@tonic-gate smp->msg_flags &= ~MSG_RCVCOPY; 5900Sstevel@tonic-gate msg_rele(smp); 5910Sstevel@tonic-gate 5920Sstevel@tonic-gate if (IPC_FREE(&qp->msg_perm)) { 5930Sstevel@tonic-gate error = EIDRM; 5940Sstevel@tonic-gate goto msgrcv_out; 5950Sstevel@tonic-gate } 5962565Sudpa /* 5972565Sudpa * MSG_RCVCOPY was set while we dropped and reaquired 5982565Sudpa * the lock. A thread looking for same message type 5992565Sudpa * might have entered during that interval and seeing 6002565Sudpa * MSG_RCVCOPY set, would have landed up in the sleepq. 6012565Sudpa */ 6022565Sudpa cv_broadcast(&qp->msg_rcv_cv[MSG_QNUM(smp->msg_type)]); 6032565Sudpa cv_broadcast(&qp->msg_rcv_cv[0]); 6040Sstevel@tonic-gate 6050Sstevel@tonic-gate if (copyerror) { 6060Sstevel@tonic-gate error = EFAULT; 6070Sstevel@tonic-gate goto msgrcv_out; 6080Sstevel@tonic-gate } 6090Sstevel@tonic-gate qp->msg_lrpid = ttoproc(curthread)->p_pid; 6100Sstevel@tonic-gate qp->msg_rtime = gethrestime_sec(); 6110Sstevel@tonic-gate msgunlink(qp, smp); 6120Sstevel@tonic-gate goto msgrcv_out; 6130Sstevel@tonic-gate } 6140Sstevel@tonic-gate 6150Sstevel@tonic-gate } else { 6160Sstevel@tonic-gate /* 6170Sstevel@tonic-gate * No message found. 6180Sstevel@tonic-gate */ 6190Sstevel@tonic-gate if (msgflg & IPC_NOWAIT) { 6200Sstevel@tonic-gate error = ENOMSG; 6210Sstevel@tonic-gate goto msgrcv_out; 6220Sstevel@tonic-gate } 6230Sstevel@tonic-gate } 6240Sstevel@tonic-gate 6250Sstevel@tonic-gate /* Wait for new message */ 6262565Sudpa qp->msg_rcv_cnt[MSG_QNUM(msgtyp)]++; 6272565Sudpa cvres = cv_wait_sig(&qp->msg_rcv_cv[MSG_QNUM(msgtyp)], lock); 6280Sstevel@tonic-gate lock = ipc_relock(msq_svc, qp->msg_perm.ipc_id, lock); 6292565Sudpa qp->msg_rcv_cnt[MSG_QNUM(msgtyp)]--; 6300Sstevel@tonic-gate 6310Sstevel@tonic-gate if (IPC_FREE(&qp->msg_perm)) { 6320Sstevel@tonic-gate error = EIDRM; 6330Sstevel@tonic-gate goto msgrcv_out; 6340Sstevel@tonic-gate } 6350Sstevel@tonic-gate if (cvres == 0) { 6360Sstevel@tonic-gate error = EINTR; 6370Sstevel@tonic-gate goto msgrcv_out; 6380Sstevel@tonic-gate } 6390Sstevel@tonic-gate 6400Sstevel@tonic-gate goto findmsg; 6410Sstevel@tonic-gate 6420Sstevel@tonic-gate msgrcv_out: 6430Sstevel@tonic-gate ipc_rele(msq_svc, (kipc_perm_t *)qp); 6440Sstevel@tonic-gate if (error) 6450Sstevel@tonic-gate return ((ssize_t)set_errno(error)); 6460Sstevel@tonic-gate return ((ssize_t)xtsz); 6470Sstevel@tonic-gate } 6480Sstevel@tonic-gate 6490Sstevel@tonic-gate /* 6500Sstevel@tonic-gate * msgids system call. 6510Sstevel@tonic-gate */ 6520Sstevel@tonic-gate static int 6530Sstevel@tonic-gate msgids(int *buf, uint_t nids, uint_t *pnids) 6540Sstevel@tonic-gate { 6550Sstevel@tonic-gate int error; 6560Sstevel@tonic-gate 6570Sstevel@tonic-gate if (error = ipc_ids(msq_svc, buf, nids, pnids)) 6580Sstevel@tonic-gate return (set_errno(error)); 6590Sstevel@tonic-gate 6600Sstevel@tonic-gate return (0); 6610Sstevel@tonic-gate } 6620Sstevel@tonic-gate 6630Sstevel@tonic-gate #define RND(x) roundup((x), sizeof (size_t)) 6640Sstevel@tonic-gate #define RND32(x) roundup((x), sizeof (size32_t)) 6650Sstevel@tonic-gate 6660Sstevel@tonic-gate /* 6670Sstevel@tonic-gate * msgsnap system call. 6680Sstevel@tonic-gate */ 6690Sstevel@tonic-gate static int 6700Sstevel@tonic-gate msgsnap(int msqid, caddr_t buf, size_t bufsz, long msgtyp) 6710Sstevel@tonic-gate { 6720Sstevel@tonic-gate struct msg *mp; /* ptr to msg on q */ 6730Sstevel@tonic-gate kmsqid_t *qp; /* ptr to associated q */ 6740Sstevel@tonic-gate kmutex_t *lock; 6750Sstevel@tonic-gate size_t size; 6760Sstevel@tonic-gate size_t nmsg; 6770Sstevel@tonic-gate struct msg **snaplist; 6780Sstevel@tonic-gate int error, i; 6790Sstevel@tonic-gate model_t mdl = get_udatamodel(); 6800Sstevel@tonic-gate STRUCT_DECL(msgsnap_head, head); 6810Sstevel@tonic-gate STRUCT_DECL(msgsnap_mhead, mhead); 6820Sstevel@tonic-gate 6830Sstevel@tonic-gate STRUCT_INIT(head, mdl); 6840Sstevel@tonic-gate STRUCT_INIT(mhead, mdl); 6850Sstevel@tonic-gate 6860Sstevel@tonic-gate if (bufsz < STRUCT_SIZE(head)) 6870Sstevel@tonic-gate return (set_errno(EINVAL)); 6880Sstevel@tonic-gate 6890Sstevel@tonic-gate if ((lock = ipc_lookup(msq_svc, msqid, (kipc_perm_t **)&qp)) == NULL) 6900Sstevel@tonic-gate return (set_errno(EINVAL)); 6910Sstevel@tonic-gate 6920Sstevel@tonic-gate if (error = ipcperm_access(&qp->msg_perm, MSG_R, CRED())) { 6930Sstevel@tonic-gate mutex_exit(lock); 6940Sstevel@tonic-gate return (set_errno(error)); 6950Sstevel@tonic-gate } 6960Sstevel@tonic-gate ipc_hold(msq_svc, (kipc_perm_t *)qp); 6970Sstevel@tonic-gate 6980Sstevel@tonic-gate /* 6990Sstevel@tonic-gate * First compute the required buffer size and 7000Sstevel@tonic-gate * the number of messages on the queue. 7010Sstevel@tonic-gate */ 7020Sstevel@tonic-gate size = nmsg = 0; 7030Sstevel@tonic-gate for (mp = list_head(&qp->msg_list); mp; 7040Sstevel@tonic-gate mp = list_next(&qp->msg_list, mp)) { 7050Sstevel@tonic-gate if (msgtyp == 0 || 7060Sstevel@tonic-gate (msgtyp > 0 && msgtyp == mp->msg_type) || 7070Sstevel@tonic-gate (msgtyp < 0 && mp->msg_type <= -msgtyp)) { 7080Sstevel@tonic-gate nmsg++; 7090Sstevel@tonic-gate if (mdl == DATAMODEL_NATIVE) 7100Sstevel@tonic-gate size += RND(mp->msg_size); 7110Sstevel@tonic-gate else 7120Sstevel@tonic-gate size += RND32(mp->msg_size); 7130Sstevel@tonic-gate } 7140Sstevel@tonic-gate } 7150Sstevel@tonic-gate 7160Sstevel@tonic-gate size += STRUCT_SIZE(head) + nmsg * STRUCT_SIZE(mhead); 7170Sstevel@tonic-gate if (size > bufsz) 7180Sstevel@tonic-gate nmsg = 0; 7190Sstevel@tonic-gate 7200Sstevel@tonic-gate if (nmsg > 0) { 7210Sstevel@tonic-gate /* 7220Sstevel@tonic-gate * Mark the messages as being copied. 7230Sstevel@tonic-gate */ 7240Sstevel@tonic-gate snaplist = (struct msg **)kmem_alloc(nmsg * 7250Sstevel@tonic-gate sizeof (struct msg *), KM_SLEEP); 7260Sstevel@tonic-gate i = 0; 7270Sstevel@tonic-gate for (mp = list_head(&qp->msg_list); mp; 7280Sstevel@tonic-gate mp = list_next(&qp->msg_list, mp)) { 7290Sstevel@tonic-gate if (msgtyp == 0 || 7300Sstevel@tonic-gate (msgtyp > 0 && msgtyp == mp->msg_type) || 7310Sstevel@tonic-gate (msgtyp < 0 && mp->msg_type <= -msgtyp)) { 7320Sstevel@tonic-gate msg_hold(mp); 7330Sstevel@tonic-gate snaplist[i] = mp; 7340Sstevel@tonic-gate i++; 7350Sstevel@tonic-gate } 7360Sstevel@tonic-gate } 7370Sstevel@tonic-gate } 7380Sstevel@tonic-gate mutex_exit(lock); 7390Sstevel@tonic-gate 7400Sstevel@tonic-gate /* 7410Sstevel@tonic-gate * Copy out the buffer header. 7420Sstevel@tonic-gate */ 7430Sstevel@tonic-gate STRUCT_FSET(head, msgsnap_size, size); 7440Sstevel@tonic-gate STRUCT_FSET(head, msgsnap_nmsg, nmsg); 7450Sstevel@tonic-gate if (copyout(STRUCT_BUF(head), buf, STRUCT_SIZE(head))) 7460Sstevel@tonic-gate error = EFAULT; 7470Sstevel@tonic-gate 7480Sstevel@tonic-gate buf += STRUCT_SIZE(head); 7490Sstevel@tonic-gate 7500Sstevel@tonic-gate /* 7510Sstevel@tonic-gate * Now copy out the messages one by one. 7520Sstevel@tonic-gate */ 7530Sstevel@tonic-gate for (i = 0; i < nmsg; i++) { 7540Sstevel@tonic-gate mp = snaplist[i]; 7550Sstevel@tonic-gate if (error == 0) { 7560Sstevel@tonic-gate STRUCT_FSET(mhead, msgsnap_mlen, mp->msg_size); 7570Sstevel@tonic-gate STRUCT_FSET(mhead, msgsnap_mtype, mp->msg_type); 7580Sstevel@tonic-gate if (copyout(STRUCT_BUF(mhead), buf, STRUCT_SIZE(mhead))) 7590Sstevel@tonic-gate error = EFAULT; 7600Sstevel@tonic-gate buf += STRUCT_SIZE(mhead); 7610Sstevel@tonic-gate 7620Sstevel@tonic-gate if (error == 0 && 7630Sstevel@tonic-gate mp->msg_size != 0 && 7640Sstevel@tonic-gate copyout(mp->msg_addr, buf, mp->msg_size)) 7650Sstevel@tonic-gate error = EFAULT; 7660Sstevel@tonic-gate if (mdl == DATAMODEL_NATIVE) 7670Sstevel@tonic-gate buf += RND(mp->msg_size); 7680Sstevel@tonic-gate else 7690Sstevel@tonic-gate buf += RND32(mp->msg_size); 7700Sstevel@tonic-gate } 7710Sstevel@tonic-gate lock = ipc_lock(msq_svc, qp->msg_perm.ipc_id); 7720Sstevel@tonic-gate msg_rele(mp); 7730Sstevel@tonic-gate /* Check for msg q deleted or reallocated */ 7740Sstevel@tonic-gate if (IPC_FREE(&qp->msg_perm)) 7750Sstevel@tonic-gate error = EIDRM; 7760Sstevel@tonic-gate mutex_exit(lock); 7770Sstevel@tonic-gate } 7780Sstevel@tonic-gate 7790Sstevel@tonic-gate (void) ipc_lock(msq_svc, qp->msg_perm.ipc_id); 7800Sstevel@tonic-gate ipc_rele(msq_svc, (kipc_perm_t *)qp); 7810Sstevel@tonic-gate 7820Sstevel@tonic-gate if (nmsg > 0) 7830Sstevel@tonic-gate kmem_free(snaplist, nmsg * sizeof (struct msg *)); 7840Sstevel@tonic-gate 7850Sstevel@tonic-gate if (error) 7860Sstevel@tonic-gate return (set_errno(error)); 7870Sstevel@tonic-gate return (0); 7880Sstevel@tonic-gate } 7890Sstevel@tonic-gate 7900Sstevel@tonic-gate /* 7910Sstevel@tonic-gate * msgsnd system call. 7920Sstevel@tonic-gate */ 7930Sstevel@tonic-gate static int 7940Sstevel@tonic-gate msgsnd(int msqid, struct ipcmsgbuf *msgp, size_t msgsz, int msgflg) 7950Sstevel@tonic-gate { 7960Sstevel@tonic-gate kmsqid_t *qp; 7970Sstevel@tonic-gate kmutex_t *lock; 7980Sstevel@tonic-gate struct msg *mp = NULL; 7990Sstevel@tonic-gate long type; 8000Sstevel@tonic-gate int error = 0; 8010Sstevel@tonic-gate model_t mdl = get_udatamodel(); 8020Sstevel@tonic-gate STRUCT_HANDLE(ipcmsgbuf, umsgp); 8030Sstevel@tonic-gate 8040Sstevel@tonic-gate CPU_STATS_ADDQ(CPU, sys, msg, 1); /* bump msg send/rcv count */ 8050Sstevel@tonic-gate STRUCT_SET_HANDLE(umsgp, mdl, msgp); 8060Sstevel@tonic-gate 8070Sstevel@tonic-gate if (mdl == DATAMODEL_NATIVE) { 8080Sstevel@tonic-gate if (copyin(msgp, &type, sizeof (type))) 8090Sstevel@tonic-gate return (set_errno(EFAULT)); 8100Sstevel@tonic-gate } else { 8110Sstevel@tonic-gate int32_t type32; 8120Sstevel@tonic-gate if (copyin(msgp, &type32, sizeof (type32))) 8130Sstevel@tonic-gate return (set_errno(EFAULT)); 8140Sstevel@tonic-gate type = type32; 8150Sstevel@tonic-gate } 8160Sstevel@tonic-gate 8170Sstevel@tonic-gate if (type < 1) 8180Sstevel@tonic-gate return (set_errno(EINVAL)); 8190Sstevel@tonic-gate 8200Sstevel@tonic-gate if ((lock = ipc_lookup(msq_svc, msqid, (kipc_perm_t **)&qp)) == NULL) 8210Sstevel@tonic-gate return (set_errno(EINVAL)); 8220Sstevel@tonic-gate ipc_hold(msq_svc, (kipc_perm_t *)qp); 8230Sstevel@tonic-gate 8240Sstevel@tonic-gate if (msgsz > qp->msg_qbytes) { 8250Sstevel@tonic-gate error = EINVAL; 8260Sstevel@tonic-gate goto msgsnd_out; 8270Sstevel@tonic-gate } 8280Sstevel@tonic-gate 8290Sstevel@tonic-gate if (error = ipcperm_access(&qp->msg_perm, MSG_W, CRED())) 8300Sstevel@tonic-gate goto msgsnd_out; 8310Sstevel@tonic-gate 8320Sstevel@tonic-gate top: 8330Sstevel@tonic-gate /* 8340Sstevel@tonic-gate * Allocate space on q, message header, & buffer space. 8350Sstevel@tonic-gate */ 8360Sstevel@tonic-gate ASSERT(qp->msg_qnum <= qp->msg_qmax); 8370Sstevel@tonic-gate while ((msgsz > qp->msg_qbytes - qp->msg_cbytes) || 8380Sstevel@tonic-gate (qp->msg_qnum == qp->msg_qmax)) { 8390Sstevel@tonic-gate int cvres; 8400Sstevel@tonic-gate 8410Sstevel@tonic-gate if (msgflg & IPC_NOWAIT) { 8420Sstevel@tonic-gate error = EAGAIN; 8430Sstevel@tonic-gate goto msgsnd_out; 8440Sstevel@tonic-gate } 8450Sstevel@tonic-gate 8460Sstevel@tonic-gate qp->msg_snd_cnt++; 8470Sstevel@tonic-gate cvres = cv_wait_sig(&qp->msg_snd_cv, lock); 8480Sstevel@tonic-gate lock = ipc_relock(msq_svc, qp->msg_perm.ipc_id, lock); 8490Sstevel@tonic-gate qp->msg_snd_cnt--; 8500Sstevel@tonic-gate 8510Sstevel@tonic-gate if (IPC_FREE(&qp->msg_perm)) { 8520Sstevel@tonic-gate error = EIDRM; 8530Sstevel@tonic-gate goto msgsnd_out; 8540Sstevel@tonic-gate } 8550Sstevel@tonic-gate 8560Sstevel@tonic-gate if (cvres == 0) { 8570Sstevel@tonic-gate error = EINTR; 8580Sstevel@tonic-gate goto msgsnd_out; 8590Sstevel@tonic-gate } 8600Sstevel@tonic-gate } 8610Sstevel@tonic-gate 8620Sstevel@tonic-gate if (mp == NULL) { 8630Sstevel@tonic-gate int failure; 8640Sstevel@tonic-gate 8650Sstevel@tonic-gate mutex_exit(lock); 8660Sstevel@tonic-gate mp = kmem_zalloc(sizeof (struct msg), KM_SLEEP); 8670Sstevel@tonic-gate mp->msg_addr = kmem_zalloc(msgsz, KM_SLEEP); 8680Sstevel@tonic-gate mp->msg_size = msgsz; 8690Sstevel@tonic-gate mp->msg_copycnt = 1; 8700Sstevel@tonic-gate 8710Sstevel@tonic-gate failure = msgsz && (copyin(STRUCT_FADDR(umsgp, mtext), 8720Sstevel@tonic-gate mp->msg_addr, msgsz) == -1); 8730Sstevel@tonic-gate lock = ipc_lock(msq_svc, qp->msg_perm.ipc_id); 8740Sstevel@tonic-gate if (IPC_FREE(&qp->msg_perm)) { 8750Sstevel@tonic-gate error = EIDRM; 8760Sstevel@tonic-gate goto msgsnd_out; 8770Sstevel@tonic-gate } 8780Sstevel@tonic-gate if (failure) { 8790Sstevel@tonic-gate error = EFAULT; 8800Sstevel@tonic-gate goto msgsnd_out; 8810Sstevel@tonic-gate } 8820Sstevel@tonic-gate goto top; 8830Sstevel@tonic-gate } 8840Sstevel@tonic-gate 8850Sstevel@tonic-gate /* 8860Sstevel@tonic-gate * Everything is available, put msg on q. 8870Sstevel@tonic-gate */ 8880Sstevel@tonic-gate qp->msg_qnum++; 8890Sstevel@tonic-gate qp->msg_cbytes += msgsz; 8900Sstevel@tonic-gate qp->msg_lspid = curproc->p_pid; 8910Sstevel@tonic-gate qp->msg_stime = gethrestime_sec(); 8920Sstevel@tonic-gate mp->msg_type = type; 8930Sstevel@tonic-gate mp->msg_flags = 0; 8940Sstevel@tonic-gate list_insert_tail(&qp->msg_list, mp); 8952565Sudpa /* 8962565Sudpa * For all message type >= 1. 8972565Sudpa */ 8982565Sudpa if (qp->msg_rcv_cnt[MSG_QNUM(type)]) 8992565Sudpa cv_broadcast(&qp->msg_rcv_cv[MSG_QNUM(type)]); 9002565Sudpa /* 9012565Sudpa * For all message type < 1. 9022565Sudpa */ 9032565Sudpa if (qp->msg_rcv_cnt[0]) 9042565Sudpa cv_broadcast(&qp->msg_rcv_cv[0]); 9050Sstevel@tonic-gate 9060Sstevel@tonic-gate msgsnd_out: 9070Sstevel@tonic-gate ipc_rele(msq_svc, (kipc_perm_t *)qp); /* drops lock */ 9080Sstevel@tonic-gate 9090Sstevel@tonic-gate if (error) { 9100Sstevel@tonic-gate if (mp) 9110Sstevel@tonic-gate msg_rele(mp); 9120Sstevel@tonic-gate return (set_errno(error)); 9130Sstevel@tonic-gate } 9140Sstevel@tonic-gate 9150Sstevel@tonic-gate return (0); 9160Sstevel@tonic-gate } 9170Sstevel@tonic-gate 9180Sstevel@tonic-gate /* 9190Sstevel@tonic-gate * msgsys - System entry point for msgctl, msgget, msgrcv, and msgsnd 9200Sstevel@tonic-gate * system calls. 9210Sstevel@tonic-gate */ 9220Sstevel@tonic-gate static ssize_t 9230Sstevel@tonic-gate msgsys(int opcode, uintptr_t a1, uintptr_t a2, uintptr_t a3, 9240Sstevel@tonic-gate uintptr_t a4, uintptr_t a5) 9250Sstevel@tonic-gate { 9260Sstevel@tonic-gate ssize_t error; 9270Sstevel@tonic-gate 9280Sstevel@tonic-gate switch (opcode) { 9290Sstevel@tonic-gate case MSGGET: 9300Sstevel@tonic-gate error = msgget((key_t)a1, (int)a2); 9310Sstevel@tonic-gate break; 9320Sstevel@tonic-gate case MSGCTL: 9330Sstevel@tonic-gate error = msgctl((int)a1, (int)a2, (void *)a3); 9340Sstevel@tonic-gate break; 9350Sstevel@tonic-gate case MSGRCV: 9360Sstevel@tonic-gate error = msgrcv((int)a1, (struct ipcmsgbuf *)a2, 9370Sstevel@tonic-gate (size_t)a3, (long)a4, (int)a5); 9380Sstevel@tonic-gate break; 9390Sstevel@tonic-gate case MSGSND: 9400Sstevel@tonic-gate error = msgsnd((int)a1, (struct ipcmsgbuf *)a2, 9410Sstevel@tonic-gate (size_t)a3, (int)a4); 9420Sstevel@tonic-gate break; 9430Sstevel@tonic-gate case MSGIDS: 9440Sstevel@tonic-gate error = msgids((int *)a1, (uint_t)a2, (uint_t *)a3); 9450Sstevel@tonic-gate break; 9460Sstevel@tonic-gate case MSGSNAP: 9470Sstevel@tonic-gate error = msgsnap((int)a1, (caddr_t)a2, (size_t)a3, (long)a4); 9480Sstevel@tonic-gate break; 9490Sstevel@tonic-gate default: 9500Sstevel@tonic-gate error = set_errno(EINVAL); 9510Sstevel@tonic-gate break; 9520Sstevel@tonic-gate } 9530Sstevel@tonic-gate 9540Sstevel@tonic-gate return (error); 9550Sstevel@tonic-gate } 9560Sstevel@tonic-gate 9570Sstevel@tonic-gate #ifdef _SYSCALL32_IMPL 9580Sstevel@tonic-gate /* 9590Sstevel@tonic-gate * msgsys32 - System entry point for msgctl, msgget, msgrcv, and msgsnd 9600Sstevel@tonic-gate * system calls for 32-bit callers on LP64 kernel. 9610Sstevel@tonic-gate */ 9620Sstevel@tonic-gate static ssize32_t 9630Sstevel@tonic-gate msgsys32(int opcode, uint32_t a1, uint32_t a2, uint32_t a3, 9640Sstevel@tonic-gate uint32_t a4, uint32_t a5) 9650Sstevel@tonic-gate { 9660Sstevel@tonic-gate ssize_t error; 9670Sstevel@tonic-gate 9680Sstevel@tonic-gate switch (opcode) { 9690Sstevel@tonic-gate case MSGGET: 9700Sstevel@tonic-gate error = msgget((key_t)a1, (int)a2); 9710Sstevel@tonic-gate break; 9720Sstevel@tonic-gate case MSGCTL: 9730Sstevel@tonic-gate error = msgctl((int)a1, (int)a2, (void *)(uintptr_t)a3); 9740Sstevel@tonic-gate break; 9750Sstevel@tonic-gate case MSGRCV: 9760Sstevel@tonic-gate error = msgrcv((int)a1, (struct ipcmsgbuf *)(uintptr_t)a2, 9770Sstevel@tonic-gate (size_t)a3, (long)(int32_t)a4, (int)a5); 9780Sstevel@tonic-gate break; 9790Sstevel@tonic-gate case MSGSND: 9800Sstevel@tonic-gate error = msgsnd((int)a1, (struct ipcmsgbuf *)(uintptr_t)a2, 9810Sstevel@tonic-gate (size_t)(int32_t)a3, (int)a4); 9820Sstevel@tonic-gate break; 9830Sstevel@tonic-gate case MSGIDS: 9840Sstevel@tonic-gate error = msgids((int *)(uintptr_t)a1, (uint_t)a2, 9850Sstevel@tonic-gate (uint_t *)(uintptr_t)a3); 9860Sstevel@tonic-gate break; 9870Sstevel@tonic-gate case MSGSNAP: 9880Sstevel@tonic-gate error = msgsnap((int)a1, (caddr_t)(uintptr_t)a2, (size_t)a3, 9890Sstevel@tonic-gate (long)(int32_t)a4); 9900Sstevel@tonic-gate break; 9910Sstevel@tonic-gate default: 9920Sstevel@tonic-gate error = set_errno(EINVAL); 9930Sstevel@tonic-gate break; 9940Sstevel@tonic-gate } 9950Sstevel@tonic-gate 9960Sstevel@tonic-gate return (error); 9970Sstevel@tonic-gate } 9980Sstevel@tonic-gate #endif /* SYSCALL32_IMPL */ 999