search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ed(1): Sync with FreeBSD.
[dragonfly.git] / sys / kern / sysv_sem.c
blob29df251617f7af22419b27dd2315b59fb145c8ea
1 /* $FreeBSD: src/sys/kern/sysv_sem.c,v 1.69 2004/03/17 09:37:13 cperciva Exp $ */
2
3 /*
4 * Implementation of SVID semaphores
5 *
6 * Author: Daniel Boulet
7 *
8 * This software is provided ``AS IS'' without any warranties of any kind.
9 */
10
11 #include "opt_sysvipc.h"
12
13 #include <sys/param.h>
14 #include <sys/systm.h>
15 #include <sys/sysproto.h>
16 #include <sys/kernel.h>
17 #include <sys/proc.h>
18 #include <sys/sem.h>
19 #include <sys/sysent.h>
20 #include <sys/sysctl.h>
21 #include <sys/malloc.h>
22 #include <sys/jail.h>
23 #include <sys/thread.h>
24
25 #include <sys/thread2.h>
26
27 static MALLOC_DEFINE(M_SEM, "sem", "SVID compatible semaphores");
28
29 static void seminit (void *);
30
31 static struct sem_undo *semu_alloc (struct proc *p);
32 static int semundo_adjust (struct proc *p, int semid, int semnum, int adjval);
33 static void semundo_clear (int semid, int semnum);
34
35 static struct lwkt_token semu_token = LWKT_TOKEN_INITIALIZER(semu_token);
36 static int semtot = 0;
37 static struct semid_pool *sema; /* semaphore id pool */
38 static TAILQ_HEAD(, sem_undo) semu_list = TAILQ_HEAD_INITIALIZER(semu_list);
39 static struct lock sema_lk;
40
41 struct sem {
42 u_short semval; /* semaphore value */
43 pid_t sempid; /* pid of last operation */
44 u_short semncnt; /* # awaiting semval > cval */
45 u_short semzcnt; /* # awaiting semval = 0 */
46 };
47
48 /*
49 * Undo structure (one per process)
50 */
51 struct sem_undo {
52 TAILQ_ENTRY(sem_undo) un_entry; /* linked list for semundo_clear() */
53 struct proc *un_proc; /* owner of this structure */
54 int un_refs; /* prevent unlink/kfree */
55 short un_cnt; /* # of active entries */
56 short un_unused;
57 struct undo {
58 short un_adjval; /* adjust on exit values */
59 short un_num; /* semaphore # */
60 int un_id; /* semid */
61 } un_ent[1]; /* undo entries */
62 };
63
64 /*
65 * Configuration parameters
66 */
67 #ifndef SEMMNI
68 #define SEMMNI 1024 /* # of semaphore identifiers */
69 #endif
70 #ifndef SEMMNS
71 #define SEMMNS 32767 /* # of semaphores in system */
72 #endif
73 #ifndef SEMUME
74 #define SEMUME 25 /* max # of undo entries per process */
75 #endif
76 #ifndef SEMMNU
77 #define SEMMNU 1024 /* # of undo structures in system */
78 /* NO LONGER USED */
79 #endif
80
81 /* shouldn't need tuning */
82 #ifndef SEMMAP
83 #define SEMMAP 128 /* # of entries in semaphore map */
84 #endif
85 #ifndef SEMMSL
86 #define SEMMSL SEMMNS /* max # of semaphores per id */
87 #endif
88 #ifndef SEMOPM
89 #define SEMOPM 100 /* max # of operations per semop call */
90 #endif
91
92 #define SEMVMX 32767 /* semaphore maximum value */
93 #define SEMAEM 16384 /* adjust on exit max value */
94
95 /*
96 * Due to the way semaphore memory is allocated, we have to ensure that
97 * SEMUSZ is properly aligned.
98 */
99
100 #define SEM_ALIGN(bytes) roundup2(bytes, sizeof(long))
101
102 /* actual size of an undo structure */
103 #define SEMUSZ(nent) SEM_ALIGN(offsetof(struct sem_undo, un_ent[nent]))
104
105 /*
106 * semaphore info struct
107 */
108 struct seminfo seminfo = {
109 SEMMAP, /* # of entries in semaphore map */
110 SEMMNI, /* # of semaphore identifiers */
111 SEMMNS, /* # of semaphores in system */
112 SEMMNU, /* # of undo structures in system */
113 SEMMSL, /* max # of semaphores per id */
114 SEMOPM, /* max # of operations per semop call */
115 SEMUME, /* max # of undo entries per process */
116 SEMUSZ(SEMUME), /* size in bytes of undo structure */
117 SEMVMX, /* semaphore maximum value */
118 SEMAEM /* adjust on exit max value */
119 };
120
121 TUNABLE_INT("kern.ipc.semmap", &seminfo.semmap);
122 TUNABLE_INT("kern.ipc.semmni", &seminfo.semmni);
123 TUNABLE_INT("kern.ipc.semmns", &seminfo.semmns);
124 TUNABLE_INT("kern.ipc.semmnu", &seminfo.semmnu);
125 TUNABLE_INT("kern.ipc.semmsl", &seminfo.semmsl);
126 TUNABLE_INT("kern.ipc.semopm", &seminfo.semopm);
127 TUNABLE_INT("kern.ipc.semume", &seminfo.semume);
128 TUNABLE_INT("kern.ipc.semusz", &seminfo.semusz);
129 TUNABLE_INT("kern.ipc.semvmx", &seminfo.semvmx);
130 TUNABLE_INT("kern.ipc.semaem", &seminfo.semaem);
131
132 SYSCTL_INT(_kern_ipc, OID_AUTO, semmap, CTLFLAG_RW, &seminfo.semmap, 0,
133 "Number of entries in semaphore map");
134 SYSCTL_INT(_kern_ipc, OID_AUTO, semmni, CTLFLAG_RD, &seminfo.semmni, 0,
135 "Number of semaphore identifiers");
136 SYSCTL_INT(_kern_ipc, OID_AUTO, semmns, CTLFLAG_RD, &seminfo.semmns, 0,
137 "Total number of semaphores");
138 SYSCTL_INT(_kern_ipc, OID_AUTO, semmnu, CTLFLAG_RD, &seminfo.semmnu, 0,
139 "Total number of undo structures");
140 SYSCTL_INT(_kern_ipc, OID_AUTO, semmsl, CTLFLAG_RW, &seminfo.semmsl, 0,
141 "Max number of semaphores per id");
142 SYSCTL_INT(_kern_ipc, OID_AUTO, semopm, CTLFLAG_RD, &seminfo.semopm, 0,
143 "Max number of operations per semop call");
144 SYSCTL_INT(_kern_ipc, OID_AUTO, semume, CTLFLAG_RD, &seminfo.semume, 0,
145 "Max number of undo entries per process");
146 SYSCTL_INT(_kern_ipc, OID_AUTO, semusz, CTLFLAG_RD, &seminfo.semusz, 0,
147 "Size in bytes of undo structure");
148 SYSCTL_INT(_kern_ipc, OID_AUTO, semvmx, CTLFLAG_RW, &seminfo.semvmx, 0,
149 "Semaphore maximum value");
150 SYSCTL_INT(_kern_ipc, OID_AUTO, semaem, CTLFLAG_RW, &seminfo.semaem, 0,
151 "Adjust on exit max value");
152
153 #if 0
154 RO seminfo.semmap /* SEMMAP unused */
155 RO seminfo.semmni
156 RO seminfo.semmns
157 RO seminfo.semmnu /* undo entries per system */
158 RW seminfo.semmsl
159 RO seminfo.semopm /* SEMOPM unused */
160 RO seminfo.semume
161 RO seminfo.semusz /* param - derived from SEMUME for per-proc sizeof */
162 RO seminfo.semvmx /* SEMVMX unused - user param */
163 RO seminfo.semaem /* SEMAEM unused - user param */
164 #endif
165
166 static void
167 seminit(void *dummy)
168 {
169 int i;
170
171 sema = kmalloc(sizeof(struct semid_pool) * seminfo.semmni,
172 M_SEM, M_WAITOK | M_ZERO);
173
174 lockinit(&sema_lk, "semglb", 0, 0);
175 for (i = 0; i < seminfo.semmni; i++) {
176 struct semid_pool *semaptr = &sema[i];
177
178 lockinit(&semaptr->lk, "semary", 0, 0);
179 semaptr->ds.sem_base = NULL;
180 semaptr->ds.sem_perm.mode = 0;
181 }
182 }
183 SYSINIT(sysv_sem, SI_SUB_SYSV_SEM, SI_ORDER_FIRST, seminit, NULL);
184
185 /*
186 * Allocate a new sem_undo structure for a process
187 * (returns ptr to structure or NULL if no more room)
188 */
189 static struct sem_undo *
190 semu_alloc(struct proc *p)
191 {
192 struct sem_undo *semu;
193
194 /*
195 * Allocate the semu structure and associate it with the process,
196 * as necessary.
197 */
198 while ((semu = p->p_sem_undo) == NULL) {
199 semu = kmalloc(SEMUSZ(seminfo.semume), M_SEM,
200 M_WAITOK | M_ZERO);
201 lwkt_gettoken(&semu_token);
202 lwkt_gettoken(&p->p_token);
203 if (p->p_sem_undo == NULL) {
204 p->p_sem_undo = semu;
205 p->p_flags |= P_SYSVSEM;
206 semu->un_proc = p;
207 TAILQ_INSERT_TAIL(&semu_list, semu, un_entry);
208 } else {
209 kfree(semu, M_SEM);
210 }
211 lwkt_reltoken(&p->p_token);
212 lwkt_reltoken(&semu_token);
213 }
214 return(semu);
215 }
216
217 /*
218 * Adjust a particular entry for a particular proc
219 */
220 static int
221 semundo_adjust(struct proc *p, int semid, int semnum, int adjval)
222 {
223 struct sem_undo *suptr;
224 struct undo *sunptr;
225 int i;
226 int error = 0;
227
228 /*
229 * Look for and remember the sem_undo if the caller doesn't
230 * provide it.
231 */
232 suptr = semu_alloc(p);
233 lwkt_gettoken(&p->p_token);
234
235 /*
236 * Look for the requested entry and adjust it (delete if adjval becomes
237 * 0).
238 */
239 sunptr = &suptr->un_ent[0];
240 for (i = 0; i < suptr->un_cnt; i++, sunptr++) {
241 if (sunptr->un_id != semid || sunptr->un_num != semnum)
242 continue;
243 if (adjval == 0)
244 sunptr->un_adjval = 0;
245 else
246 sunptr->un_adjval += adjval;
247 if (sunptr->un_adjval == 0) {
248 suptr->un_cnt--;
249 if (i < suptr->un_cnt)
250 suptr->un_ent[i] = suptr->un_ent[suptr->un_cnt];
251 }
252 goto done;
253 }
254
255 /* Didn't find the right entry - create it */
256 if (adjval == 0)
257 goto done;
258 if (suptr->un_cnt != seminfo.semume) {
259 sunptr = &suptr->un_ent[suptr->un_cnt];
260 suptr->un_cnt++;
261 sunptr->un_adjval = adjval;
262 sunptr->un_id = semid;
263 sunptr->un_num = semnum;
264 } else {
265 error = EINVAL;
266 }
267 done:
268 lwkt_reltoken(&p->p_token);
269
270 return (error);
271 }
272
273 /*
274 * This is rather expensive
275 */
276 static void
277 semundo_clear(int semid, int semnum)
278 {
279 struct proc *p;
280 struct sem_undo *suptr;
281 struct sem_undo *sunext;
282 struct undo *sunptr;
283 int i;
284
285 lwkt_gettoken(&semu_token);
286 sunext = TAILQ_FIRST(&semu_list);
287 while ((suptr = sunext) != NULL) {
288 if ((p = suptr->un_proc) == NULL) {
289 suptr = TAILQ_NEXT(suptr, un_entry);
290 continue;
291 }
292 ++suptr->un_refs;
293 PHOLD(p);
294 lwkt_gettoken(&p->p_token);
295
296 sunptr = &suptr->un_ent[0];
297 i = 0;
298
299 while (i < suptr->un_cnt) {
300 if (sunptr->un_id == semid) {
301 if (semnum == -1 || sunptr->un_num == semnum) {
302 suptr->un_cnt--;
303 if (i < suptr->un_cnt) {
304 suptr->un_ent[i] =
305 suptr->un_ent[suptr->un_cnt];
306 /*
307 * do not increment i
308 * or sunptr after copydown.
309 */
310 continue;
311 }
312 }
313 if (semnum != -1)
314 break;
315 }
316 ++i;
317 ++sunptr;
318 }
319
320 lwkt_reltoken(&p->p_token);
321 PRELE(p);
322
323 /*
324 * Handle deletion races
325 */
326 sunext = TAILQ_NEXT(suptr, un_entry);
327 if (--suptr->un_refs == 0 && suptr->un_proc == NULL) {
328 KKASSERT(suptr->un_cnt == 0);
329 TAILQ_REMOVE(&semu_list, suptr, un_entry);
330 kfree(suptr, M_SEM);
331 }
332 }
333 lwkt_reltoken(&semu_token);
334 }
335
336 /*
337 * Note that the user-mode half of this passes a union, not a pointer
338 *
339 * MPALMOSTSAFE
340 */
341 int
342 sys___semctl(struct __semctl_args *uap)
343 {
344 struct thread *td = curthread;
345 int semid = uap->semid;
346 int semnum = uap->semnum;
347 int cmd = uap->cmd;
348 union semun *arg = uap->arg;
349 union semun real_arg;
350 struct ucred *cred = td->td_ucred;
351 int i, rval, eval;
352 struct semid_ds sbuf;
353 struct semid_pool *semaptr;
354 struct semid_pool *semakptr;
355 struct sem *semptr;
356
357 #ifdef SEM_DEBUG
358 kprintf("call to semctl(%d, %d, %d, 0x%x)\n", semid, semnum, cmd, arg);
359 #endif
360
361 if (!jail_sysvipc_allowed && cred->cr_prison != NULL)
362 return (ENOSYS);
363
364 switch (cmd) {
365 case SEM_STAT:
366 /*
367 * For this command we assume semid is an array index
368 * rather than an IPC id.
369 */
370 if (semid < 0 || semid >= seminfo.semmni) {
371 eval = EINVAL;
372 break;
373 }
374 semakptr = &sema[semid];
375 lockmgr(&semakptr->lk, LK_EXCLUSIVE);
376 if ((semakptr->ds.sem_perm.mode & SEM_ALLOC) == 0) {
377 eval = EINVAL;
378 lockmgr(&semakptr->lk, LK_RELEASE);
379 break;
380 }
381 if ((eval = ipcperm(td->td_proc, &semakptr->ds.sem_perm, IPC_R))) {
382 lockmgr(&semakptr->lk, LK_RELEASE);
383 break;
384 }
385 bcopy(&semakptr->ds, arg->buf, sizeof(struct semid_ds));
386 rval = IXSEQ_TO_IPCID(semid, semakptr->ds.sem_perm);
387 lockmgr(&semakptr->lk, LK_RELEASE);
388 break;
389 }
390
391 semid = IPCID_TO_IX(semid);
392 if (semid < 0 || semid >= seminfo.semmni) {
393 return(EINVAL);
394 }
395 semaptr = &sema[semid];
396 lockmgr(&semaptr->lk, LK_EXCLUSIVE);
397
398 if ((semaptr->ds.sem_perm.mode & SEM_ALLOC) == 0 ||
399 semaptr->ds.sem_perm.seq != IPCID_TO_SEQ(uap->semid)) {
400 lockmgr(&semaptr->lk, LK_RELEASE);
401 return(EINVAL);
402 }
403
404 eval = 0;
405 rval = 0;
406
407 switch (cmd) {
408 case IPC_RMID:
409 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_M);
410 if (eval != 0)
411 break;
412 semaptr->ds.sem_perm.cuid = cred->cr_uid;
413 semaptr->ds.sem_perm.uid = cred->cr_uid;
414
415 /*
416 * NOTE: Nobody will be waiting on the semaphores since
417 * we have an exclusive lock on semaptr->lk).
418 */
419 lockmgr(&sema_lk, LK_EXCLUSIVE);
420 semtot -= semaptr->ds.sem_nsems;
421 kfree(semaptr->ds.sem_base, M_SEM);
422 semaptr->ds.sem_base = NULL;
423 semaptr->ds.sem_perm.mode = 0; /* clears SEM_ALLOC */
424 lockmgr(&sema_lk, LK_RELEASE);
425
426 semundo_clear(semid, -1);
427 break;
428
429 case IPC_SET:
430 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_M);
431 if (eval)
432 break;
433 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0)
434 break;
435 if ((eval = copyin(real_arg.buf, (caddr_t)&sbuf,
436 sizeof(sbuf))) != 0) {
437 break;
438 }
439 semaptr->ds.sem_perm.uid = sbuf.sem_perm.uid;
440 semaptr->ds.sem_perm.gid = sbuf.sem_perm.gid;
441 semaptr->ds.sem_perm.mode =
442 (semaptr->ds.sem_perm.mode & ~0777) |
443 (sbuf.sem_perm.mode & 0777);
444 semaptr->ds.sem_ctime = time_second;
445 break;
446
447 case IPC_STAT:
448 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_R);
449 if (eval)
450 break;
451 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0)
452 break;
453 eval = copyout(&semaptr->ds, real_arg.buf,
454 sizeof(struct semid_ds));
455 break;
456
457 case GETNCNT:
458 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_R);
459 if (eval)
460 break;
461 if (semnum < 0 || semnum >= semaptr->ds.sem_nsems) {
462 eval = EINVAL;
463 break;
464 }
465 rval = semaptr->ds.sem_base[semnum].semncnt;
466 break;
467
468 case GETPID:
469 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_R);
470 if (eval)
471 break;
472 if (semnum < 0 || semnum >= semaptr->ds.sem_nsems) {
473 eval = EINVAL;
474 break;
475 }
476 rval = semaptr->ds.sem_base[semnum].sempid;
477 break;
478
479 case GETVAL:
480 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_R);
481 if (eval)
482 break;
483 if (semnum < 0 || semnum >= semaptr->ds.sem_nsems) {
484 eval = EINVAL;
485 break;
486 }
487 rval = semaptr->ds.sem_base[semnum].semval;
488 break;
489
490 case GETALL:
491 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_R);
492 if (eval)
493 break;
494 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0)
495 break;
496 for (i = 0; i < semaptr->ds.sem_nsems; i++) {
497 eval = copyout(&semaptr->ds.sem_base[i].semval,
498 &real_arg.array[i],
499 sizeof(real_arg.array[0]));
500 if (eval)
501 break;
502 }
503 break;
504
505 case GETZCNT:
506 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_R);
507 if (eval)
508 break;
509 if (semnum < 0 || semnum >= semaptr->ds.sem_nsems) {
510 eval = EINVAL;
511 break;
512 }
513 rval = semaptr->ds.sem_base[semnum].semzcnt;
514 break;
515
516 case SETVAL:
517 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_W);
518 if (eval)
519 break;
520 if (semnum < 0 || semnum >= semaptr->ds.sem_nsems) {
521 eval = EINVAL;
522 break;
523 }
524 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0)
525 break;
526
527 /*
528 * Because we hold semaptr->lk exclusively we can safely
529 * modify any semptr content without acquiring its token.
530 */
531 semptr = &semaptr->ds.sem_base[semnum];
532 semptr->semval = real_arg.val;
533 semundo_clear(semid, semnum);
534 if (semptr->semzcnt || semptr->semncnt)
535 wakeup(semptr);
536 break;
537
538 case SETALL:
539 eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_W);
540 if (eval)
541 break;
542 if ((eval = copyin(arg, &real_arg, sizeof(real_arg))) != 0)
543 break;
544 /*
545 * Because we hold semaptr->lk exclusively we can safely
546 * modify any semptr content without acquiring its token.
547 */
548 for (i = 0; i < semaptr->ds.sem_nsems; i++) {
549 semptr = &semaptr->ds.sem_base[i];
550 eval = copyin(&real_arg.array[i],
551 (caddr_t)&semptr->semval,
552 sizeof(real_arg.array[0]));
553 if (semptr->semzcnt || semptr->semncnt)
554 wakeup(semptr);
555 if (eval != 0)
556 break;
557 }
558 semundo_clear(semid, -1);
559 break;
560
561 default:
562 eval = EINVAL;
563 break;
564 }
565 lockmgr(&semaptr->lk, LK_RELEASE);
566
567 if (eval == 0)
568 uap->sysmsg_result = rval;
569 return(eval);
570 }
571
572 /*
573 * MPALMOSTSAFE
574 */
575 int
576 sys_semget(struct semget_args *uap)
577 {
578 struct thread *td = curthread;
579 int semid, eval;
580 int key = uap->key;
581 int nsems = uap->nsems;
582 int semflg = uap->semflg;
583 struct ucred *cred = td->td_ucred;
584
585 #ifdef SEM_DEBUG
586 kprintf("semget(0x%x, %d, 0%o)\n", key, nsems, semflg);
587 #endif
588
589 if (!jail_sysvipc_allowed && cred->cr_prison != NULL)
590 return (ENOSYS);
591
592 eval = 0;
593
594 if (key != IPC_PRIVATE) {
595 for (semid = 0; semid < seminfo.semmni; semid++) {
596 if ((sema[semid].ds.sem_perm.mode & SEM_ALLOC) == 0 ||
597 sema[semid].ds.sem_perm.key != key) {
598 continue;
599 }
600 lockmgr(&sema[semid].lk, LK_EXCLUSIVE);
601 if ((sema[semid].ds.sem_perm.mode & SEM_ALLOC) == 0 ||
602 sema[semid].ds.sem_perm.key != key) {
603 lockmgr(&sema[semid].lk, LK_RELEASE);
604 continue;
605 }
606 break;
607 }
608 if (semid < seminfo.semmni) {
609 /* sema[semid].lk still locked from above */
610 #ifdef SEM_DEBUG
611 kprintf("found public key\n");
612 #endif
613 if ((eval = ipcperm(td->td_proc,
614 &sema[semid].ds.sem_perm,
615 semflg & 0700))) {
616 lockmgr(&sema[semid].lk, LK_RELEASE);
617 goto done;
618 }
619 if (nsems > 0 && sema[semid].ds.sem_nsems < nsems) {
620 #ifdef SEM_DEBUG
621 kprintf("too small\n");
622 #endif
623 eval = EINVAL;
624 lockmgr(&sema[semid].lk, LK_RELEASE);
625 goto done;
626 }
627 if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) {
628 #ifdef SEM_DEBUG
629 kprintf("not exclusive\n");
630 #endif
631 eval = EEXIST;
632 lockmgr(&sema[semid].lk, LK_RELEASE);
633 goto done;
634 }
635
636 /*
637 * Return this one.
638 */
639 lockmgr(&sema[semid].lk, LK_RELEASE);
640 goto done;
641 }
642 }
643
644 #ifdef SEM_DEBUG
645 kprintf("need to allocate the semid_ds\n");
646 #endif
647 if (key == IPC_PRIVATE || (semflg & IPC_CREAT)) {
648 if (nsems <= 0 || nsems > seminfo.semmsl) {
649 #ifdef SEM_DEBUG
650 kprintf("nsems out of range (0<%d<=%d)\n",
651 nsems, seminfo.semmsl);
652 #endif
653 eval = EINVAL;
654 goto done;
655 }
656
657 /*
658 * SEM_ALLOC flag cannot be set unless sema_lk is locked.
659 * semtot field also protected by sema_lk.
660 */
661 lockmgr(&sema_lk, LK_EXCLUSIVE);
662 if (nsems > seminfo.semmns - semtot) {
663 #ifdef SEM_DEBUG
664 kprintf("not enough semaphores left "
665 "(need %d, got %d)\n",
666 nsems, seminfo.semmns - semtot);
667 #endif
668 eval = ENOSPC;
669 lockmgr(&sema_lk, LK_RELEASE);
670 goto done;
671 }
672 for (semid = 0; semid < seminfo.semmni; semid++) {
673 if ((sema[semid].ds.sem_perm.mode & SEM_ALLOC) == 0)
674 break;
675 }
676 if (semid == seminfo.semmni) {
677 #ifdef SEM_DEBUG
678 kprintf("no more semid_ds's available\n");
679 #endif
680 eval = ENOSPC;
681 lockmgr(&sema_lk, LK_RELEASE);
682 goto done;
683 }
684 #ifdef SEM_DEBUG
685 kprintf("semid %d is available\n", semid);
686 #endif
687 lockmgr(&sema[semid].lk, LK_EXCLUSIVE);
688 sema[semid].ds.sem_perm.key = key;
689 sema[semid].ds.sem_perm.cuid = cred->cr_uid;
690 sema[semid].ds.sem_perm.uid = cred->cr_uid;
691 sema[semid].ds.sem_perm.cgid = cred->cr_gid;
692 sema[semid].ds.sem_perm.gid = cred->cr_gid;
693 sema[semid].ds.sem_perm.mode = (semflg & 0777) | SEM_ALLOC;
694 sema[semid].ds.sem_perm.seq =
695 (sema[semid].ds.sem_perm.seq + 1) & 0x7fff;
696 sema[semid].ds.sem_nsems = nsems;
697 sema[semid].ds.sem_otime = 0;
698 sema[semid].ds.sem_ctime = time_second;
699 sema[semid].ds.sem_base = kmalloc(sizeof(struct sem) * nsems,
700 M_SEM, M_WAITOK|M_ZERO);
701 semtot += nsems;
702 ++sema[semid].gen;
703 lockmgr(&sema[semid].lk, LK_RELEASE);
704 lockmgr(&sema_lk, LK_RELEASE);
705 #ifdef SEM_DEBUG
706 kprintf("sembase = 0x%x, next = 0x%x\n",
707 sema[semid].ds.sem_base, &sem[semtot]);
708 #endif
709 /* eval == 0 */
710 } else {
711 #ifdef SEM_DEBUG
712 kprintf("didn't find it and wasn't asked to create it\n");
713 #endif
714 eval = ENOENT;
715 }
716
717 done:
718 if (eval == 0) {
719 uap->sysmsg_result =
720 IXSEQ_TO_IPCID(semid, sema[semid].ds.sem_perm);
721 }
722 return(eval);
723 }
724
725 /*
726 * MPSAFE
727 */
728 int
729 sys_semop(struct semop_args *uap)
730 {
731 struct thread *td = curthread;
732 int semid = uap->semid;
733 u_int nsops = uap->nsops;
734 struct sembuf sops[MAX_SOPS];
735 struct semid_pool *semaptr;
736 struct sembuf *sopptr;
737 struct sem *semptr;
738 struct sem *xsemptr;
739 int i, j, eval;
740 int do_undos;
741
742 #ifdef SEM_DEBUG
743 kprintf("call to semop(%d, 0x%x, %u)\n", semid, sops, nsops);
744 #endif
745 if (!jail_sysvipc_allowed && td->td_ucred->cr_prison != NULL)
746 return (ENOSYS);
747
748 semid = IPCID_TO_IX(semid); /* Convert back to zero origin */
749
750 if (semid < 0 || semid >= seminfo.semmni) {
751 eval = EINVAL;
752 goto done2;
753 }
754
755 wakeup_start_delayed();
756 semaptr = &sema[semid];
757 lockmgr(&semaptr->lk, LK_SHARED);
758
759 if ((semaptr->ds.sem_perm.mode & SEM_ALLOC) == 0) {
760 eval = EINVAL;
761 goto done;
762 }
763 if (semaptr->ds.sem_perm.seq != IPCID_TO_SEQ(uap->semid)) {
764 eval = EINVAL;
765 goto done;
766 }
767
768 if ((eval = ipcperm(td->td_proc, &semaptr->ds.sem_perm, IPC_W))) {
769 #ifdef SEM_DEBUG
770 kprintf("eval = %d from ipaccess\n", eval);
771 #endif
772 goto done;
773 }
774
775 if (nsops > MAX_SOPS) {
776 #ifdef SEM_DEBUG
777 kprintf("too many sops (max=%d, nsops=%u)\n", MAX_SOPS, nsops);
778 #endif
779 eval = E2BIG;
780 goto done;
781 }
782
783 if ((eval = copyin(uap->sops, &sops, nsops * sizeof(sops[0]))) != 0) {
784 #ifdef SEM_DEBUG
785 kprintf("eval = %d from copyin(%08x, %08x, %u)\n", eval,
786 uap->sops, &sops, nsops * sizeof(sops[0]));
787 #endif
788 goto done;
789 }
790
791 /*
792 * Loop trying to satisfy the vector of requests.
793 * If we reach a point where we must wait, any requests already
794 * performed are rolled back and we go to sleep until some other
795 * process wakes us up. At this point, we start all over again.
796 *
797 * This ensures that from the perspective of other tasks, a set
798 * of requests is atomic (never partially satisfied).
799 */
800 do_undos = 0;
801
802 for (;;) {
803 long gen;
804
805 semptr = NULL;
806
807 for (i = 0; i < nsops; i++) {
808 sopptr = &sops[i];
809
810 if (sopptr->sem_num >= semaptr->ds.sem_nsems) {
811 eval = EFBIG;
812 goto done;
813 }
814
815 semptr = &semaptr->ds.sem_base[sopptr->sem_num];
816 lwkt_getpooltoken(semptr);
817
818 #ifdef SEM_DEBUG
819 kprintf("semop: semaptr=%x, sem_base=%x, semptr=%x, "
820 "sem[%d]=%d : op=%d, flag=%s\n",
821 semaptr, semaptr->ds.sem_base, semptr,
822 sopptr->sem_num, semptr->semval, sopptr->sem_op,
823 (sopptr->sem_flg & IPC_NOWAIT) ? "nowait" : "wait");
824 #endif
825
826 if (sopptr->sem_op < 0) {
827 if (semptr->semval + sopptr->sem_op < 0) {
828 #ifdef SEM_DEBUG
829 kprintf("semop: can't do it now\n");
830 #endif
831 break;
832 } else {
833 semptr->semval += sopptr->sem_op;
834 if (semptr->semval == 0 &&
835 semptr->semzcnt > 0) {
836 wakeup(semptr);
837 }
838 }
839 if (sopptr->sem_flg & SEM_UNDO)
840 do_undos = 1;
841 } else if (sopptr->sem_op == 0) {
842 if (semptr->semval > 0) {
843 #ifdef SEM_DEBUG
844 kprintf("semop: not zero now\n");
845 #endif
846 break;
847 }
848 } else {
849 semptr->semval += sopptr->sem_op;
850 if (sopptr->sem_flg & SEM_UNDO)
851 do_undos = 1;
852 if (semptr->semncnt > 0)
853 wakeup(semptr);
854 }
855 lwkt_relpooltoken(semptr);
856 }
857
858 /*
859 * Did we get through the entire vector?
860 */
861 if (i >= nsops)
862 goto donex;
863
864 /*
865 * No, protect the semaphore request which also flags that
866 * a wakeup is needed, then release semptr since we know
867 * another process is likely going to need to access it
868 * soon.
869 */
870 if (sopptr->sem_op == 0)
871 semptr->semzcnt++;
872 else
873 semptr->semncnt++;
874 tsleep_interlock(semptr, PCATCH);
875 lwkt_relpooltoken(semptr);
876
877 /*
878 * Rollback the semaphores we had acquired.
879 */
880 #ifdef SEM_DEBUG
881 kprintf("semop: rollback 0 through %d\n", i-1);
882 #endif
883 for (j = 0; j < i; j++) {
884 xsemptr = &semaptr->ds.sem_base[sops[j].sem_num];
885 lwkt_getpooltoken(xsemptr);
886 xsemptr->semval -= sops[j].sem_op;
887 if (xsemptr->semval == 0 && xsemptr->semzcnt > 0)
888 wakeup(xsemptr);
889 if (xsemptr->semval <= 0 && xsemptr->semncnt > 0)
890 wakeup(xsemptr);
891 lwkt_relpooltoken(xsemptr);
892 }
893
894 /*
895 * If the request that we couldn't satisfy has the
896 * NOWAIT flag set then return with EAGAIN.
897 */
898 if (sopptr->sem_flg & IPC_NOWAIT) {
899 eval = EAGAIN;
900 goto done;
901 }
902
903 /*
904 * Release semaptr->lk while sleeping, allowing other
905 * semops (like SETVAL, SETALL, etc), which require an
906 * exclusive lock and might wake us up.
907 *
908 * Reload and recheck the validity of semaptr on return.
909 * Note that semptr itself might have changed too, but
910 * we've already interlocked for semptr and that is what
911 * will be woken up if it wakes up the tsleep on a MP
912 * race.
913 *
914 * gen protects against destroy/re-create races where the
915 * creds match.
916 */
917 #ifdef SEM_DEBUG
918 kprintf("semop: good night!\n");
919 #endif
920 gen = semaptr->gen;
921 lockmgr(&semaptr->lk, LK_RELEASE);
922 eval = tsleep(semptr, PCATCH | PINTERLOCKED, "semwait", hz);
923 lockmgr(&semaptr->lk, LK_SHARED);
924 #ifdef SEM_DEBUG
925 kprintf("semop: good morning (eval=%d)!\n", eval);
926 #endif
927
928 /* return code is checked below, after sem[nz]cnt-- */
929
930 /*
931 * Make sure that the semaphore still exists
932 */
933 if (semaptr->gen != gen ||
934 (semaptr->ds.sem_perm.mode & SEM_ALLOC) == 0 ||
935 semaptr->ds.sem_perm.seq != IPCID_TO_SEQ(uap->semid)) {
936 eval = EIDRM;
937 goto done;
938 }
939
940 /*
941 * The semaphore is still alive. Readjust the count of
942 * waiting processes.
943 */
944 semptr = &semaptr->ds.sem_base[sopptr->sem_num];
945 lwkt_getpooltoken(semptr);
946 if (sopptr->sem_op == 0)
947 semptr->semzcnt--;
948 else
949 semptr->semncnt--;
950 lwkt_relpooltoken(semptr);
951
952 /*
953 * Is it really morning, or was our sleep interrupted?
954 * (Delayed check of tsleep() return code because we
955 * need to decrement sem[nz]cnt either way.)
956 */
957 if (eval) {
958 eval = EINTR;
959 goto done;
960 }
961 #ifdef SEM_DEBUG
962 kprintf("semop: good morning!\n");
963 #endif
964 /* RETRY LOOP */
965 }
966
967 donex:
968 /*
969 * Process any SEM_UNDO requests.
970 */
971 if (do_undos) {
972 for (i = 0; i < nsops; i++) {
973 /*
974 * We only need to deal with SEM_UNDO's for non-zero
975 * op's.
976 */
977 int adjval;
978
979 if ((sops[i].sem_flg & SEM_UNDO) == 0)
980 continue;
981 adjval = sops[i].sem_op;
982 if (adjval == 0)
983 continue;
984 eval = semundo_adjust(td->td_proc, semid,
985 sops[i].sem_num, -adjval);
986 if (eval == 0)
987 continue;
988
989 /*
990 * Oh-Oh! We ran out of either sem_undo's or undo's.
991 * Rollback the adjustments to this point and then
992 * rollback the semaphore ups and down so we can return
993 * with an error with all structures restored. We
994 * rollback the undo's in the exact reverse order that
995 * we applied them. This guarantees that we won't run
996 * out of space as we roll things back out.
997 */
998 for (j = i - 1; j >= 0; j--) {
999 if ((sops[j].sem_flg & SEM_UNDO) == 0)
1000 continue;
1001 adjval = sops[j].sem_op;
1002 if (adjval == 0)
1003 continue;
1004 if (semundo_adjust(td->td_proc, semid,
1005 sops[j].sem_num, adjval) != 0)
1006 panic("semop - can't undo undos");
1007 }
1008
1009 for (j = 0; j < nsops; j++) {
1010 xsemptr = &semaptr->ds.sem_base[
1011 sops[j].sem_num];
1012 lwkt_getpooltoken(xsemptr);
1013 xsemptr->semval -= sops[j].sem_op;
1014 if (xsemptr->semval == 0 &&
1015 xsemptr->semzcnt > 0)
1016 wakeup(xsemptr);
1017 if (xsemptr->semval <= 0 &&
1018 xsemptr->semncnt > 0)
1019 wakeup(xsemptr);
1020 lwkt_relpooltoken(xsemptr);
1021 }
1022
1023 #ifdef SEM_DEBUG
1024 kprintf("eval = %d from semundo_adjust\n", eval);
1025 #endif
1026 goto done;
1027 } /* loop through the sops */
1028 } /* if (do_undos) */
1029
1030 /* We're definitely done - set the sempid's */
1031 for (i = 0; i < nsops; i++) {
1032 sopptr = &sops[i];
1033 semptr = &semaptr->ds.sem_base[sopptr->sem_num];
1034 lwkt_getpooltoken(semptr);
1035 semptr->sempid = td->td_proc->p_pid;
1036 lwkt_relpooltoken(semptr);
1037 }
1038
1039 /* Do a wakeup if any semaphore was up'd. */
1040 #ifdef SEM_DEBUG
1041 kprintf("semop: done\n");
1042 #endif
1043 uap->sysmsg_result = 0;
1044 eval = 0;
1045 done:
1046 lockmgr(&semaptr->lk, LK_RELEASE);
1047 wakeup_end_delayed();
1048 done2:
1049 return(eval);
1050 }
1051
1052 /*
1053 * Go through the undo structures for this process and apply the adjustments to
1054 * semaphores.
1055 *
1056 * (p->p_token is held by the caller)
1057 */
1058 void
1059 semexit(struct proc *p)
1060 {
1061 struct sem_undo *suptr;
1062 struct sem *semptr;
1063
1064 /*
1065 * We're getting a global token, don't do it if we couldn't
1066 * possibly have any semaphores.
1067 */
1068 if ((p->p_flags & P_SYSVSEM) == 0)
1069 return;
1070 suptr = p->p_sem_undo;
1071 KKASSERT(suptr != NULL);
1072
1073 /*
1074 * Disconnect suptr from the process and increment un_refs to
1075 * prevent anyone else from being able to destroy the structure.
1076 * Do not remove it from the linked list until after we are through
1077 * scanning it as other semaphore calls might still effect it.
1078 */
1079 lwkt_gettoken(&semu_token);
1080 p->p_sem_undo = NULL;
1081 p->p_flags &= ~P_SYSVSEM;
1082 suptr->un_proc = NULL;
1083 ++suptr->un_refs;
1084 lwkt_reltoken(&semu_token);
1085
1086 while (suptr->un_cnt) {
1087 struct semid_pool *semaptr;
1088 int semid;
1089 int semnum;
1090 int adjval;
1091 int ix;
1092
1093 /*
1094 * These values are stable because we hold p->p_token.
1095 * However, they can get ripped out from under us when
1096 * we block or obtain other tokens so we have to re-check.
1097 */
1098 ix = suptr->un_cnt - 1;
1099 semid = suptr->un_ent[ix].un_id;
1100 semnum = suptr->un_ent[ix].un_num;
1101 adjval = suptr->un_ent[ix].un_adjval;
1102
1103 semaptr = &sema[semid];
1104
1105 /*
1106 * Recheck after locking, then execute the undo
1107 * operation. semptr remains valid due to the
1108 * semaptr->lk.
1109 */
1110 lockmgr(&semaptr->lk, LK_SHARED);
1111 semptr = &semaptr->ds.sem_base[semnum];
1112 lwkt_getpooltoken(semptr);
1113
1114 if (ix == suptr->un_cnt - 1 &&
1115 semid == suptr->un_ent[ix].un_id &&
1116 semnum == suptr->un_ent[ix].un_num &&
1117 adjval == suptr->un_ent[ix].un_adjval) {
1118 /*
1119 * Only do assertions when we aren't in a SMP race.
1120 */
1121 if ((semaptr->ds.sem_perm.mode & SEM_ALLOC) == 0)
1122 panic("semexit - semid not allocated");
1123 if (semnum >= semaptr->ds.sem_nsems)
1124 panic("semexit - semnum out of range");
1125 --suptr->un_cnt;
1126
1127 if (adjval < 0) {
1128 if (semptr->semval < -adjval)
1129 semptr->semval = 0;
1130 else
1131 semptr->semval += adjval;
1132 } else {
1133 semptr->semval += adjval;
1134 }
1135 wakeup(semptr);
1136 }
1137 lwkt_relpooltoken(semptr);
1138 lockmgr(&semaptr->lk, LK_RELEASE);
1139 }
1140
1141 /*
1142 * Final cleanup, remove from the list and deallocate on the
1143 * last ref only.
1144 */
1145 lwkt_gettoken(&semu_token);
1146 if (--suptr->un_refs == 0) {
1147 TAILQ_REMOVE(&semu_list, suptr, un_entry);
1148 KKASSERT(suptr->un_cnt == 0);
1149 kfree(suptr, M_SEM);
1150 }
1151 lwkt_reltoken(&semu_token);
1152 }
DragonFly BSD