1 /* $FreeBSD: src/sys/kern/sysv_sem.c,v 1.69 2004/03/17 09:37:13 cperciva Exp $ */ 2 /* $DragonFly: src/sys/kern/sysv_sem.c,v 1.19 2008/01/06 16:55:51 swildner Exp $ */ 3 4 /* 5 * Implementation of SVID semaphores 6 * 7 * Author: Daniel Boulet 8 * 9 * This software is provided ``AS IS'' without any warranties of any kind. 10 */ 11 12 #include "opt_sysvipc.h" 13 14 #include <sys/param.h> 15 #include <sys/systm.h> 16 #include <sys/sysproto.h> 17 #include <sys/kernel.h> 18 #include <sys/proc.h> 19 #include <sys/sem.h> 20 #include <sys/sysent.h> 21 #include <sys/sysctl.h> 22 #include <sys/malloc.h> 23 #include <sys/jail.h> 24 25 #include <sys/mplock2.h> 26 27 static MALLOC_DEFINE(M_SEM, "sem", "SVID compatible semaphores"); 28 29 static void seminit (void *); 30 31 static struct sem_undo *semu_alloc (struct proc *p); 32 static int semundo_adjust (struct proc *p, struct sem_undo **supptr, 33 int semid, int semnum, int adjval); 34 static void semundo_clear (int semid, int semnum); 35 36 /* XXX casting to (sy_call_t *) is bogus, as usual. */ 37 static sy_call_t *semcalls[] = { 38 (sy_call_t *)sys___semctl, (sy_call_t *)sys_semget, 39 (sy_call_t *)sys_semop 40 }; 41 42 static int semtot = 0; 43 static struct semid_ds *sema; /* semaphore id pool */ 44 static struct sem *sem; /* semaphore pool */ 45 static struct sem_undo *semu_list; /* list of active undo structures */ 46 static int *semu; /* undo structure pool */ 47 48 struct sem { 49 u_short semval; /* semaphore value */ 50 pid_t sempid; /* pid of last operation */ 51 u_short semncnt; /* # awaiting semval > cval */ 52 u_short semzcnt; /* # awaiting semval = 0 */ 53 }; 54 55 /* 56 * Undo structure (one per process) 57 */ 58 struct sem_undo { 59 struct sem_undo *un_next; /* ptr to next active undo structure */ 60 struct proc *un_proc; /* owner of this structure */ 61 short un_cnt; /* # of active entries */ 62 struct undo { 63 short un_adjval; /* adjust on exit values */ 64 short un_num; /* semaphore # */ 65 int un_id; /* semid */ 66 } un_ent[1]; /* undo entries */ 67 }; 68 69 /* 70 * Configuration parameters 71 */ 72 #ifndef SEMMNI 73 #define SEMMNI 10 /* # of semaphore identifiers */ 74 #endif 75 #ifndef SEMMNS 76 #define SEMMNS 60 /* # of semaphores in system */ 77 #endif 78 #ifndef SEMUME 79 #define SEMUME 10 /* max # of undo entries per process */ 80 #endif 81 #ifndef SEMMNU 82 #define SEMMNU 30 /* # of undo structures in system */ 83 #endif 84 85 /* shouldn't need tuning */ 86 #ifndef SEMMAP 87 #define SEMMAP 30 /* # of entries in semaphore map */ 88 #endif 89 #ifndef SEMMSL 90 #define SEMMSL SEMMNS /* max # of semaphores per id */ 91 #endif 92 #ifndef SEMOPM 93 #define SEMOPM 100 /* max # of operations per semop call */ 94 #endif 95 96 #define SEMVMX 32767 /* semaphore maximum value */ 97 #define SEMAEM 16384 /* adjust on exit max value */ 98 99 /* 100 * Due to the way semaphore memory is allocated, we have to ensure that 101 * SEMUSZ is properly aligned. 102 */ 103 104 #define SEM_ALIGN(bytes) (((bytes) + (sizeof(long) - 1)) & ~(sizeof(long) - 1)) 105 106 /* actual size of an undo structure */ 107 #define SEMUSZ SEM_ALIGN(offsetof(struct sem_undo, un_ent[SEMUME])) 108 109 /* 110 * Macro to find a particular sem_undo vector 111 */ 112 #define SEMU(ix) ((struct sem_undo *)(((intptr_t)semu)+ix * seminfo.semusz)) 113 114 /* 115 * semaphore info struct 116 */ 117 struct seminfo seminfo = { 118 SEMMAP, /* # of entries in semaphore map */ 119 SEMMNI, /* # of semaphore identifiers */ 120 SEMMNS, /* # of semaphores in system */ 121 SEMMNU, /* # of undo structures in system */ 122 SEMMSL, /* max # of semaphores per id */ 123 SEMOPM, /* max # of operations per semop call */ 124 SEMUME, /* max # of undo entries per process */ 125 SEMUSZ, /* size in bytes of undo structure */ 126 SEMVMX, /* semaphore maximum value */ 127 SEMAEM /* adjust on exit max value */ 128 }; 129 130 TUNABLE_INT("kern.ipc.semmap", &seminfo.semmap); 131 TUNABLE_INT("kern.ipc.semmni", &seminfo.semmni); 132 TUNABLE_INT("kern.ipc.semmns", &seminfo.semmns); 133 TUNABLE_INT("kern.ipc.semmnu", &seminfo.semmnu); 134 TUNABLE_INT("kern.ipc.semmsl", &seminfo.semmsl); 135 TUNABLE_INT("kern.ipc.semopm", &seminfo.semopm); 136 TUNABLE_INT("kern.ipc.semume", &seminfo.semume); 137 TUNABLE_INT("kern.ipc.semusz", &seminfo.semusz); 138 TUNABLE_INT("kern.ipc.semvmx", &seminfo.semvmx); 139 TUNABLE_INT("kern.ipc.semaem", &seminfo.semaem); 140 141 SYSCTL_INT(_kern_ipc, OID_AUTO, semmap, CTLFLAG_RW, &seminfo.semmap, 0, 142 "Number of entries in semaphore map"); 143 SYSCTL_INT(_kern_ipc, OID_AUTO, semmni, CTLFLAG_RD, &seminfo.semmni, 0, 144 "Number of semaphore identifiers"); 145 SYSCTL_INT(_kern_ipc, OID_AUTO, semmns, CTLFLAG_RD, &seminfo.semmns, 0, 146 "Total number of semaphores"); 147 SYSCTL_INT(_kern_ipc, OID_AUTO, semmnu, CTLFLAG_RD, &seminfo.semmnu, 0, 148 "Total number of undo structures"); 149 SYSCTL_INT(_kern_ipc, OID_AUTO, semmsl, CTLFLAG_RW, &seminfo.semmsl, 0, 150 "Max number of semaphores per id"); 151 SYSCTL_INT(_kern_ipc, OID_AUTO, semopm, CTLFLAG_RD, &seminfo.semopm, 0, 152 "Max number of operations per semop call"); 153 SYSCTL_INT(_kern_ipc, OID_AUTO, semume, CTLFLAG_RD, &seminfo.semume, 0, 154 "Max number of undo entries per process"); 155 SYSCTL_INT(_kern_ipc, OID_AUTO, semusz, CTLFLAG_RD, &seminfo.semusz, 0, 156 "Size in bytes of undo structure"); 157 SYSCTL_INT(_kern_ipc, OID_AUTO, semvmx, CTLFLAG_RW, &seminfo.semvmx, 0, 158 "Semaphore maximum value"); 159 SYSCTL_INT(_kern_ipc, OID_AUTO, semaem, CTLFLAG_RW, &seminfo.semaem, 0, 160 "Adjust on exit max value"); 161 162 #if 0 163 RO seminfo.semmap /* SEMMAP unused */ 164 RO seminfo.semmni 165 RO seminfo.semmns 166 RO seminfo.semmnu /* undo entries per system */ 167 RW seminfo.semmsl 168 RO seminfo.semopm /* SEMOPM unused */ 169 RO seminfo.semume 170 RO seminfo.semusz /* param - derived from SEMUME for per-proc sizeof */ 171 RO seminfo.semvmx /* SEMVMX unused - user param */ 172 RO seminfo.semaem /* SEMAEM unused - user param */ 173 #endif 174 175 static void 176 seminit(void *dummy) 177 { 178 int i; 179 180 sem = kmalloc(sizeof(struct sem) * seminfo.semmns, M_SEM, M_WAITOK); 181 sema = kmalloc(sizeof(struct semid_ds) * seminfo.semmni, M_SEM, M_WAITOK); 182 semu = kmalloc(seminfo.semmnu * seminfo.semusz, M_SEM, M_WAITOK); 183 184 for (i = 0; i < seminfo.semmni; i++) { 185 sema[i].sem_base = 0; 186 sema[i].sem_perm.mode = 0; 187 } 188 for (i = 0; i < seminfo.semmnu; i++) { 189 struct sem_undo *suptr = SEMU(i); 190 suptr->un_proc = NULL; 191 } 192 semu_list = NULL; 193 } 194 SYSINIT(sysv_sem, SI_SUB_SYSV_SEM, SI_ORDER_FIRST, seminit, NULL) 195 196 /* 197 * Entry point for all SEM calls 198 * 199 * semsys_args(int which, a2, a3, ...) (VARARGS) 200 * 201 * MPALMOSTSAFE 202 */ 203 int 204 sys_semsys(struct semsys_args *uap) 205 { 206 struct thread *td = curthread; 207 unsigned int which = (unsigned int)uap->which; 208 int error; 209 210 if (!jail_sysvipc_allowed && td->td_ucred->cr_prison != NULL) 211 return (ENOSYS); 212 213 if (which >= sizeof(semcalls)/sizeof(semcalls[0])) 214 return (EINVAL); 215 bcopy(&uap->a2, &uap->which, 216 sizeof(struct semsys_args) - offsetof(struct semsys_args, a2)); 217 get_mplock(); 218 error = (*semcalls[which])(uap); 219 rel_mplock(); 220 return (error); 221 } 222 223 /* 224 * Allocate a new sem_undo structure for a process 225 * (returns ptr to structure or NULL if no more room) 226 */ 227 228 static struct sem_undo * 229 semu_alloc(struct proc *p) 230 { 231 int i; 232 struct sem_undo *suptr; 233 struct sem_undo **supptr; 234 int attempt; 235 236 /* 237 * Try twice to allocate something. 238 * (we'll purge any empty structures after the first pass so 239 * two passes are always enough) 240 */ 241 242 for (attempt = 0; attempt < 2; attempt++) { 243 /* 244 * Look for a free structure. 245 * Fill it in and return it if we find one. 246 */ 247 248 for (i = 0; i < seminfo.semmnu; i++) { 249 suptr = SEMU(i); 250 if (suptr->un_proc == NULL) { 251 suptr->un_next = semu_list; 252 semu_list = suptr; 253 suptr->un_cnt = 0; 254 suptr->un_proc = p; 255 return(suptr); 256 } 257 } 258 259 /* 260 * We didn't find a free one, if this is the first attempt 261 * then try to free some structures. 262 */ 263 264 if (attempt == 0) { 265 /* All the structures are in use - try to free some */ 266 int did_something = 0; 267 268 supptr = &semu_list; 269 while ((suptr = *supptr) != NULL) { 270 if (suptr->un_cnt == 0) { 271 suptr->un_proc = NULL; 272 *supptr = suptr->un_next; 273 did_something = 1; 274 } else 275 supptr = &(suptr->un_next); 276 } 277 278 /* If we didn't free anything then just give-up */ 279 if (!did_something) 280 return(NULL); 281 } else { 282 /* 283 * The second pass failed even though we freed 284 * something after the first pass! 285 * This is IMPOSSIBLE! 286 */ 287 panic("semu_alloc - second attempt failed"); 288 } 289 } 290 return (NULL); 291 } 292 293 /* 294 * Adjust a particular entry for a particular proc 295 */ 296 297 static int 298 semundo_adjust(struct proc *p, struct sem_undo **supptr, int semid, int semnum, 299 int adjval) 300 { 301 struct sem_undo *suptr; 302 struct undo *sunptr; 303 int i; 304 305 /* Look for and remember the sem_undo if the caller doesn't provide 306 it */ 307 308 suptr = *supptr; 309 if (suptr == NULL) { 310 for (suptr = semu_list; suptr != NULL; 311 suptr = suptr->un_next) { 312 if (suptr->un_proc == p) { 313 *supptr = suptr; 314 break; 315 } 316 } 317 if (suptr == NULL) { 318 if (adjval == 0) 319 return(0); 320 suptr = semu_alloc(p); 321 if (suptr == NULL) 322 return(ENOSPC); 323 *supptr = suptr; 324 } 325 } 326 327 /* 328 * Look for the requested entry and adjust it (delete if adjval becomes 329 * 0). 330 */ 331 sunptr = &suptr->un_ent[0]; 332 for (i = 0; i < suptr->un_cnt; i++, sunptr++) { 333 if (sunptr->un_id != semid || sunptr->un_num != semnum) 334 continue; 335 if (adjval == 0) 336 sunptr->un_adjval = 0; 337 else 338 sunptr->un_adjval += adjval; 339 if (sunptr->un_adjval == 0) { 340 suptr->un_cnt--; 341 if (i < suptr->un_cnt) 342 suptr->un_ent[i] = 343 suptr->un_ent[suptr->un_cnt]; 344 } 345 return(0); 346 } 347 348 /* Didn't find the right entry - create it */ 349 if (adjval == 0) 350 return(0); 351 if (suptr->un_cnt != seminfo.semume) { 352 sunptr = &suptr->un_ent[suptr->un_cnt]; 353 suptr->un_cnt++; 354 sunptr->un_adjval = adjval; 355 sunptr->un_id = semid; sunptr->un_num = semnum; 356 } else 357 return(EINVAL); 358 return(0); 359 } 360 361 static void 362 semundo_clear(int semid, int semnum) 363 { 364 struct sem_undo *suptr; 365 366 for (suptr = semu_list; suptr != NULL; suptr = suptr->un_next) { 367 struct undo *sunptr = &suptr->un_ent[0]; 368 int i = 0; 369 370 while (i < suptr->un_cnt) { 371 if (sunptr->un_id == semid) { 372 if (semnum == -1 || sunptr->un_num == semnum) { 373 suptr->un_cnt--; 374 if (i < suptr->un_cnt) { 375 suptr->un_ent[i] = 376 suptr->un_ent[suptr->un_cnt]; 377 continue; 378 } 379 } 380 if (semnum != -1) 381 break; 382 } 383 i++, sunptr++; 384 } 385 } 386 } 387 388 /* 389 * Note that the user-mode half of this passes a union, not a pointer 390 * 391 * MPALMOSTSAFE 392 */ 393 int 394 sys___semctl(struct __semctl_args *uap) 395 { 396 struct thread *td = curthread; 397 int semid = uap->semid; 398 int semnum = uap->semnum; 399 int cmd = uap->cmd; 400 union semun *arg = uap->arg; 401 union semun real_arg; 402 struct ucred *cred = td->td_ucred; 403 int i, rval, eval; 404 struct semid_ds sbuf; 405 struct semid_ds *semaptr; 406 struct semid_ds *semakptr; 407 408 #ifdef SEM_DEBUG 409 kprintf("call to semctl(%d, %d, %d, 0x%x)\n", semid, semnum, cmd, arg); 410 #endif 411 412 if (!jail_sysvipc_allowed && cred->cr_prison != NULL) 413 return (ENOSYS); 414 415 get_mplock(); 416 switch (cmd) { 417 case SEM_STAT: 418 /* 419 * For this command we assume semid is an array index 420 * rather than an IPC id. 421 */ 422 if (semid < 0 || semid >= seminfo.semmni) { 423 eval = EINVAL; 424 break; 425 } 426 semakptr = &sema[semid]; 427 if ((semakptr->sem_perm.mode & SEM_ALLOC) == 0) { 428 eval = EINVAL; 429 break; 430 } 431 if ((eval = ipcperm(td->td_proc, &semakptr->sem_perm, IPC_R))) 432 break; 433 434 bcopy(&semakptr, arg->buf, sizeof(struct semid_ds)); 435 rval = IXSEQ_TO_IPCID(semid, semakptr->sem_perm); 436 break; 437 } 438 439 semid = IPCID_TO_IX(semid); 440 if (semid < 0 || semid >= seminfo.semmni) { 441 rel_mplock(); 442 return(EINVAL); 443 } 444 445 semaptr = &sema[semid]; 446 if ((semaptr->sem_perm.mode & SEM_ALLOC) == 0 || 447 semaptr->sem_perm.seq != IPCID_TO_SEQ(uap->semid)) { 448 rel_mplock(); 449 return(EINVAL); 450 } 451 452 eval = 0; 453 rval = 0; 454 455 switch (cmd) { 456 case IPC_RMID: 457 if ((eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_M)) != 0) 458 break; 459 semaptr->sem_perm.cuid = cred->cr_uid; 460 semaptr->sem_perm.uid = cred->cr_uid; 461 semtot -= semaptr->sem_nsems; 462 for (i = semaptr->sem_base - sem; i < semtot; i++) 463 sem[i] = sem[i + semaptr->sem_nsems]; 464 for (i = 0; i < seminfo.semmni; i++) { 465 if ((sema[i].sem_perm.mode & SEM_ALLOC) && 466 sema[i].sem_base > semaptr->sem_base) 467 sema[i].sem_base -= semaptr->sem_nsems; 468 } 469 semaptr->sem_perm.mode = 0; 470 semundo_clear(semid, -1); 471 wakeup((caddr_t)semaptr); 472 break; 473 474 case IPC_SET: 475 eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_M); 476 if (eval) 477 break; 478 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0) 479 break; 480 if ((eval = copyin(real_arg.buf, (caddr_t)&sbuf, 481 sizeof(sbuf))) != 0) { 482 break; 483 } 484 semaptr->sem_perm.uid = sbuf.sem_perm.uid; 485 semaptr->sem_perm.gid = sbuf.sem_perm.gid; 486 semaptr->sem_perm.mode = (semaptr->sem_perm.mode & ~0777) | 487 (sbuf.sem_perm.mode & 0777); 488 semaptr->sem_ctime = time_second; 489 break; 490 491 case IPC_STAT: 492 if ((eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_R))) 493 break; 494 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0) 495 break; 496 eval = copyout(semaptr, real_arg.buf, sizeof(struct semid_ds)); 497 break; 498 499 case GETNCNT: 500 eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_R); 501 if (eval) 502 break; 503 if (semnum < 0 || semnum >= semaptr->sem_nsems) { 504 eval = EINVAL; 505 break; 506 } 507 rval = semaptr->sem_base[semnum].semncnt; 508 break; 509 510 case GETPID: 511 eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_R); 512 if (eval) 513 break; 514 if (semnum < 0 || semnum >= semaptr->sem_nsems) { 515 eval = EINVAL; 516 break; 517 } 518 rval = semaptr->sem_base[semnum].sempid; 519 break; 520 521 case GETVAL: 522 eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_R); 523 if (eval) 524 break; 525 if (semnum < 0 || semnum >= semaptr->sem_nsems) { 526 eval = EINVAL; 527 break; 528 } 529 rval = semaptr->sem_base[semnum].semval; 530 break; 531 532 case GETALL: 533 eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_R); 534 if (eval) 535 break; 536 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0) 537 break; 538 for (i = 0; i < semaptr->sem_nsems; i++) { 539 eval = copyout(&semaptr->sem_base[i].semval, 540 &real_arg.array[i], 541 sizeof(real_arg.array[0])); 542 if (eval) 543 break; 544 } 545 break; 546 547 case GETZCNT: 548 eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_R); 549 if (eval) 550 break; 551 if (semnum < 0 || semnum >= semaptr->sem_nsems) { 552 eval = EINVAL; 553 break; 554 } 555 rval = semaptr->sem_base[semnum].semzcnt; 556 break; 557 558 case SETVAL: 559 eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_W); 560 if (eval) 561 break; 562 if (semnum < 0 || semnum >= semaptr->sem_nsems) { 563 eval = EINVAL; 564 break; 565 } 566 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0) 567 break; 568 semaptr->sem_base[semnum].semval = real_arg.val; 569 semundo_clear(semid, semnum); 570 wakeup((caddr_t)semaptr); 571 break; 572 573 case SETALL: 574 eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_W); 575 if (eval) 576 break; 577 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0) 578 break; 579 for (i = 0; i < semaptr->sem_nsems; i++) { 580 eval = copyin(&real_arg.array[i], 581 (caddr_t)&semaptr->sem_base[i].semval, 582 sizeof(real_arg.array[0])); 583 if (eval != 0) 584 break; 585 } 586 semundo_clear(semid, -1); 587 wakeup((caddr_t)semaptr); 588 break; 589 590 default: 591 eval = EINVAL; 592 break; 593 } 594 rel_mplock(); 595 596 if (eval == 0) 597 uap->sysmsg_result = rval; 598 return(eval); 599 } 600 601 /* 602 * MPALMOSTSAFE 603 */ 604 int 605 sys_semget(struct semget_args *uap) 606 { 607 struct thread *td = curthread; 608 int semid, eval; 609 int key = uap->key; 610 int nsems = uap->nsems; 611 int semflg = uap->semflg; 612 struct ucred *cred = td->td_ucred; 613 614 #ifdef SEM_DEBUG 615 kprintf("semget(0x%x, %d, 0%o)\n", key, nsems, semflg); 616 #endif 617 618 if (!jail_sysvipc_allowed && cred->cr_prison != NULL) 619 return (ENOSYS); 620 621 get_mplock(); 622 eval = 0; 623 624 if (key != IPC_PRIVATE) { 625 for (semid = 0; semid < seminfo.semmni; semid++) { 626 if ((sema[semid].sem_perm.mode & SEM_ALLOC) && 627 sema[semid].sem_perm.key == key) 628 break; 629 } 630 if (semid < seminfo.semmni) { 631 #ifdef SEM_DEBUG 632 kprintf("found public key\n"); 633 #endif 634 if ((eval = ipcperm(td->td_proc, 635 &sema[semid].sem_perm, 636 semflg & 0700))) { 637 goto done; 638 } 639 if (nsems > 0 && sema[semid].sem_nsems < nsems) { 640 #ifdef SEM_DEBUG 641 kprintf("too small\n"); 642 #endif 643 eval = EINVAL; 644 goto done; 645 } 646 if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) { 647 #ifdef SEM_DEBUG 648 kprintf("not exclusive\n"); 649 #endif 650 eval = EEXIST; 651 goto done; 652 } 653 goto done; 654 } 655 } 656 657 #ifdef SEM_DEBUG 658 kprintf("need to allocate the semid_ds\n"); 659 #endif 660 if (key == IPC_PRIVATE || (semflg & IPC_CREAT)) { 661 if (nsems <= 0 || nsems > seminfo.semmsl) { 662 #ifdef SEM_DEBUG 663 kprintf("nsems out of range (0<%d<=%d)\n", nsems, 664 seminfo.semmsl); 665 #endif 666 eval = EINVAL; 667 goto done; 668 } 669 if (nsems > seminfo.semmns - semtot) { 670 #ifdef SEM_DEBUG 671 kprintf("not enough semaphores left (need %d, got %d)\n", 672 nsems, seminfo.semmns - semtot); 673 #endif 674 eval = ENOSPC; 675 goto done; 676 } 677 for (semid = 0; semid < seminfo.semmni; semid++) { 678 if ((sema[semid].sem_perm.mode & SEM_ALLOC) == 0) 679 break; 680 } 681 if (semid == seminfo.semmni) { 682 #ifdef SEM_DEBUG 683 kprintf("no more semid_ds's available\n"); 684 #endif 685 eval = ENOSPC; 686 goto done; 687 } 688 #ifdef SEM_DEBUG 689 kprintf("semid %d is available\n", semid); 690 #endif 691 sema[semid].sem_perm.key = key; 692 sema[semid].sem_perm.cuid = cred->cr_uid; 693 sema[semid].sem_perm.uid = cred->cr_uid; 694 sema[semid].sem_perm.cgid = cred->cr_gid; 695 sema[semid].sem_perm.gid = cred->cr_gid; 696 sema[semid].sem_perm.mode = (semflg & 0777) | SEM_ALLOC; 697 sema[semid].sem_perm.seq = 698 (sema[semid].sem_perm.seq + 1) & 0x7fff; 699 sema[semid].sem_nsems = nsems; 700 sema[semid].sem_otime = 0; 701 sema[semid].sem_ctime = time_second; 702 sema[semid].sem_base = &sem[semtot]; 703 semtot += nsems; 704 bzero(sema[semid].sem_base, 705 sizeof(sema[semid].sem_base[0])*nsems); 706 #ifdef SEM_DEBUG 707 kprintf("sembase = 0x%x, next = 0x%x\n", sema[semid].sem_base, 708 &sem[semtot]); 709 #endif 710 } else { 711 #ifdef SEM_DEBUG 712 kprintf("didn't find it and wasn't asked to create it\n"); 713 #endif 714 eval = ENOENT; 715 } 716 717 done: 718 if (eval == 0) { 719 uap->sysmsg_result = IXSEQ_TO_IPCID(semid, 720 sema[semid].sem_perm); 721 } 722 rel_mplock(); 723 return(eval); 724 } 725 726 /* 727 * MPALMOSTSAFE 728 */ 729 int 730 sys_semop(struct semop_args *uap) 731 { 732 struct thread *td = curthread; 733 int semid = uap->semid; 734 u_int nsops = uap->nsops; 735 struct sembuf sops[MAX_SOPS]; 736 struct semid_ds *semaptr; 737 struct sembuf *sopptr; 738 struct sem *semptr; 739 struct sem_undo *suptr = NULL; 740 int i, j, eval; 741 int do_wakeup, do_undos; 742 743 #ifdef SEM_DEBUG 744 kprintf("call to semop(%d, 0x%x, %u)\n", semid, sops, nsops); 745 #endif 746 747 if (!jail_sysvipc_allowed && td->td_ucred->cr_prison != NULL) 748 return (ENOSYS); 749 750 get_mplock(); 751 semid = IPCID_TO_IX(semid); /* Convert back to zero origin */ 752 753 if (semid < 0 || semid >= seminfo.semmni) { 754 eval = EINVAL; 755 goto done; 756 } 757 758 semaptr = &sema[semid]; 759 if ((semaptr->sem_perm.mode & SEM_ALLOC) == 0) { 760 eval = EINVAL; 761 goto done; 762 } 763 if (semaptr->sem_perm.seq != IPCID_TO_SEQ(uap->semid)) { 764 eval = EINVAL; 765 goto done; 766 } 767 768 if ((eval = ipcperm(td->td_proc, &semaptr->sem_perm, IPC_W))) { 769 #ifdef SEM_DEBUG 770 kprintf("eval = %d from ipaccess\n", eval); 771 #endif 772 goto done; 773 } 774 775 if (nsops > MAX_SOPS) { 776 #ifdef SEM_DEBUG 777 kprintf("too many sops (max=%d, nsops=%u)\n", MAX_SOPS, nsops); 778 #endif 779 eval = E2BIG; 780 goto done; 781 } 782 783 if ((eval = copyin(uap->sops, &sops, nsops * sizeof(sops[0]))) != 0) { 784 #ifdef SEM_DEBUG 785 kprintf("eval = %d from copyin(%08x, %08x, %u)\n", eval, 786 uap->sops, &sops, nsops * sizeof(sops[0])); 787 #endif 788 goto done; 789 } 790 791 /* 792 * Loop trying to satisfy the vector of requests. 793 * If we reach a point where we must wait, any requests already 794 * performed are rolled back and we go to sleep until some other 795 * process wakes us up. At this point, we start all over again. 796 * 797 * This ensures that from the perspective of other tasks, a set 798 * of requests is atomic (never partially satisfied). 799 */ 800 do_undos = 0; 801 802 for (;;) { 803 do_wakeup = 0; 804 805 for (i = 0; i < nsops; i++) { 806 sopptr = &sops[i]; 807 808 if (sopptr->sem_num >= semaptr->sem_nsems) { 809 eval = EFBIG; 810 goto done; 811 } 812 813 semptr = &semaptr->sem_base[sopptr->sem_num]; 814 815 #ifdef SEM_DEBUG 816 kprintf("semop: semaptr=%x, sem_base=%x, semptr=%x, sem[%d]=%d : op=%d, flag=%s\n", 817 semaptr, semaptr->sem_base, semptr, 818 sopptr->sem_num, semptr->semval, sopptr->sem_op, 819 (sopptr->sem_flg & IPC_NOWAIT) ? "nowait" : "wait"); 820 #endif 821 822 if (sopptr->sem_op < 0) { 823 if (semptr->semval + sopptr->sem_op < 0) { 824 #ifdef SEM_DEBUG 825 kprintf("semop: can't do it now\n"); 826 #endif 827 break; 828 } else { 829 semptr->semval += sopptr->sem_op; 830 if (semptr->semval == 0 && 831 semptr->semzcnt > 0) 832 do_wakeup = 1; 833 } 834 if (sopptr->sem_flg & SEM_UNDO) 835 do_undos = 1; 836 } else if (sopptr->sem_op == 0) { 837 if (semptr->semval > 0) { 838 #ifdef SEM_DEBUG 839 kprintf("semop: not zero now\n"); 840 #endif 841 break; 842 } 843 } else { 844 if (semptr->semncnt > 0) 845 do_wakeup = 1; 846 semptr->semval += sopptr->sem_op; 847 if (sopptr->sem_flg & SEM_UNDO) 848 do_undos = 1; 849 } 850 } 851 852 /* 853 * Did we get through the entire vector? 854 */ 855 if (i >= nsops) 856 goto donex; 857 858 /* 859 * No ... rollback anything that we've already done 860 */ 861 #ifdef SEM_DEBUG 862 kprintf("semop: rollback 0 through %d\n", i-1); 863 #endif 864 for (j = 0; j < i; j++) 865 semaptr->sem_base[sops[j].sem_num].semval -= 866 sops[j].sem_op; 867 868 /* 869 * If the request that we couldn't satisfy has the 870 * NOWAIT flag set then return with EAGAIN. 871 */ 872 if (sopptr->sem_flg & IPC_NOWAIT) { 873 eval = EAGAIN; 874 goto done; 875 } 876 877 if (sopptr->sem_op == 0) 878 semptr->semzcnt++; 879 else 880 semptr->semncnt++; 881 882 #ifdef SEM_DEBUG 883 kprintf("semop: good night!\n"); 884 #endif 885 eval = tsleep((caddr_t)semaptr, PCATCH, "semwait", 0); 886 #ifdef SEM_DEBUG 887 kprintf("semop: good morning (eval=%d)!\n", eval); 888 #endif 889 890 suptr = NULL; /* sem_undo may have been reallocated */ 891 892 /* return code is checked below, after sem[nz]cnt-- */ 893 894 /* 895 * Make sure that the semaphore still exists 896 */ 897 if ((semaptr->sem_perm.mode & SEM_ALLOC) == 0 || 898 semaptr->sem_perm.seq != IPCID_TO_SEQ(uap->semid)) { 899 eval = EIDRM; 900 goto done; 901 } 902 903 /* 904 * The semaphore is still alive. Readjust the count of 905 * waiting processes. 906 */ 907 if (sopptr->sem_op == 0) 908 semptr->semzcnt--; 909 else 910 semptr->semncnt--; 911 912 /* 913 * Is it really morning, or was our sleep interrupted? 914 * (Delayed check of tsleep() return code because we 915 * need to decrement sem[nz]cnt either way.) 916 */ 917 if (eval) { 918 eval = EINTR; 919 goto done; 920 } 921 #ifdef SEM_DEBUG 922 kprintf("semop: good morning!\n"); 923 #endif 924 } 925 926 donex: 927 /* 928 * Process any SEM_UNDO requests. 929 */ 930 if (do_undos) { 931 for (i = 0; i < nsops; i++) { 932 /* 933 * We only need to deal with SEM_UNDO's for non-zero 934 * op's. 935 */ 936 int adjval; 937 938 if ((sops[i].sem_flg & SEM_UNDO) == 0) 939 continue; 940 adjval = sops[i].sem_op; 941 if (adjval == 0) 942 continue; 943 eval = semundo_adjust(td->td_proc, &suptr, semid, 944 sops[i].sem_num, -adjval); 945 if (eval == 0) 946 continue; 947 948 /* 949 * Oh-Oh! We ran out of either sem_undo's or undo's. 950 * Rollback the adjustments to this point and then 951 * rollback the semaphore ups and down so we can return 952 * with an error with all structures restored. We 953 * rollback the undo's in the exact reverse order that 954 * we applied them. This guarantees that we won't run 955 * out of space as we roll things back out. 956 */ 957 for (j = i - 1; j >= 0; j--) { 958 if ((sops[j].sem_flg & SEM_UNDO) == 0) 959 continue; 960 adjval = sops[j].sem_op; 961 if (adjval == 0) 962 continue; 963 if (semundo_adjust(td->td_proc, &suptr, semid, 964 sops[j].sem_num, adjval) != 0) 965 panic("semop - can't undo undos"); 966 } 967 968 for (j = 0; j < nsops; j++) 969 semaptr->sem_base[sops[j].sem_num].semval -= 970 sops[j].sem_op; 971 972 #ifdef SEM_DEBUG 973 kprintf("eval = %d from semundo_adjust\n", eval); 974 #endif 975 goto done; 976 } /* loop through the sops */ 977 } /* if (do_undos) */ 978 979 /* We're definitely done - set the sempid's */ 980 for (i = 0; i < nsops; i++) { 981 sopptr = &sops[i]; 982 semptr = &semaptr->sem_base[sopptr->sem_num]; 983 semptr->sempid = td->td_proc->p_pid; 984 } 985 986 /* Do a wakeup if any semaphore was up'd. */ 987 if (do_wakeup) { 988 #ifdef SEM_DEBUG 989 kprintf("semop: doing wakeup\n"); 990 #endif 991 wakeup((caddr_t)semaptr); 992 #ifdef SEM_DEBUG 993 kprintf("semop: back from wakeup\n"); 994 #endif 995 } 996 #ifdef SEM_DEBUG 997 kprintf("semop: done\n"); 998 #endif 999 uap->sysmsg_result = 0; 1000 eval = 0; 1001 done: 1002 rel_mplock(); 1003 return(eval); 1004 } 1005 1006 /* 1007 * Go through the undo structures for this process and apply the adjustments to 1008 * semaphores. 1009 */ 1010 void 1011 semexit(struct proc *p) 1012 { 1013 struct sem_undo *suptr; 1014 struct sem_undo **supptr; 1015 int did_something; 1016 1017 did_something = 0; 1018 1019 /* 1020 * Go through the chain of undo vectors looking for one 1021 * associated with this process. 1022 */ 1023 1024 for (supptr = &semu_list; (suptr = *supptr) != NULL; 1025 supptr = &suptr->un_next) { 1026 if (suptr->un_proc == p) 1027 break; 1028 } 1029 1030 if (suptr == NULL) 1031 return; 1032 1033 #ifdef SEM_DEBUG 1034 kprintf("proc @%08x has undo structure with %d entries\n", p, 1035 suptr->un_cnt); 1036 #endif 1037 1038 /* 1039 * If there are any active undo elements then process them. 1040 */ 1041 if (suptr->un_cnt > 0) { 1042 int ix; 1043 1044 for (ix = 0; ix < suptr->un_cnt; ix++) { 1045 int semid = suptr->un_ent[ix].un_id; 1046 int semnum = suptr->un_ent[ix].un_num; 1047 int adjval = suptr->un_ent[ix].un_adjval; 1048 struct semid_ds *semaptr; 1049 1050 semaptr = &sema[semid]; 1051 if ((semaptr->sem_perm.mode & SEM_ALLOC) == 0) 1052 panic("semexit - semid not allocated"); 1053 if (semnum >= semaptr->sem_nsems) 1054 panic("semexit - semnum out of range"); 1055 1056 #ifdef SEM_DEBUG 1057 kprintf("semexit: %08x id=%d num=%d(adj=%d) ; sem=%d\n", 1058 suptr->un_proc, suptr->un_ent[ix].un_id, 1059 suptr->un_ent[ix].un_num, 1060 suptr->un_ent[ix].un_adjval, 1061 semaptr->sem_base[semnum].semval); 1062 #endif 1063 1064 if (adjval < 0) { 1065 if (semaptr->sem_base[semnum].semval < -adjval) 1066 semaptr->sem_base[semnum].semval = 0; 1067 else 1068 semaptr->sem_base[semnum].semval += 1069 adjval; 1070 } else 1071 semaptr->sem_base[semnum].semval += adjval; 1072 1073 wakeup((caddr_t)semaptr); 1074 #ifdef SEM_DEBUG 1075 kprintf("semexit: back from wakeup\n"); 1076 #endif 1077 } 1078 } 1079 1080 /* 1081 * Deallocate the undo vector. 1082 */ 1083 #ifdef SEM_DEBUG 1084 kprintf("removing vector\n"); 1085 #endif 1086 suptr->un_proc = NULL; 1087 *supptr = suptr->un_next; 1088 } 1089