summaryrefslogtreecommitdiffstats
path: root/sys/kern/sysv_sem.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove end-of-line tabs.rwatson2005-04-181-1/+1
| | | | MFC after: 3 days
* check copyin return valuesam2005-03-191-1/+1
| | | | Noticed by: Coverity Prevent analysis tool
* Add much needed descriptions for a number of the IPC related sysctl OIDs.csjp2005-02-121-10/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This information will be very useful for people who are tuning applications which have a dependence on IPC mechanisms. The following OIDs were documented: Message queues: kern.ipc.msgmax kern.ipc.msgmni kern.ipc.msgmnb kern.ipc.msgtlq kern.ipc.msgssz kern.ipc.msgseg Semaphores: kern.ipc.semmap kern.ipc.semmni kern.ipc.semmns kern.ipc.semmnu kern.ipc.semmsl kern.ipc.semopm kern.ipc.semume kern.ipc.semusz kern.ipc.semvmx kern.ipc.semaem Shared memory: kern.ipc.shmmax kern.ipc.shmmin kern.ipc.shmmni kern.ipc.shmseg kern.ipc.shmall kern.ipc.shm_use_phys kern.ipc.shm_allow_removed kern.ipc.shmsegs These new descriptions can be viewed using sysctl -d PR: kern/65219 Submitted by: Dan Nelson <dnelson at allantgroup dot com> (modified) No objections: developers@ Descriptions reviewed by: gnn MFC after: 1 week
* Invoke label initialization, creation, cleanup, and tear-down MACrwatson2005-01-221-0/+83
| | | | | | | | Framework entry points for System V IPC semaphores. Submitted by: Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net> Obtained from: TrustedBSD Project Sponsored by: DARPA, SPAWAR, McAfee Research
* /* -> /*- for copyright notices, minor format tweaks as necessaryimp2005-01-061-1/+1
|
* Correct two incorrectly merged changes introduced in sysv_sem.c:1.71:rwatson2004-11-131-2/+1
| | | | | | | | | | | return EINVAL rather than setting error, and don't free sops unconditionally. The first change was merged accidentally as part of the larger set of changes to introduce MAC labels and access control, and potentially lead to continued processing of a request even after it was determined to be invalid. The second change was due to changes in the semaphore code since the original work was performed. Pointed out by: truckman
* Second of several commits to allow kernel System V IPC data structuresrwatson2004-11-121-127/+130
| | | | | | | | | | | | | | | | to be modified and extended without breaking the user space ABI: Use _kernel variants on _ds structures for System V sempahores, message queues, and shared memory. When interfacing with userspace, export only the _ds subsets of the _kernel data structures. A lot of search and replace. Define the message structure in the _KERNEL portion of msg.h so that it can be used by other kernel consumers, but not exposed to user space. Submitted by: Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net> Obtained from: TrustedBSD Project Sponsored by: DARPA, SPAWAR, McAfee Research
* Add missing #include <sys/module.h>phk2004-05-301-0/+1
|
* Adjust the number of processes waiting on a semaphore properly if we'recperciva2004-03-171-6/+12
| | | | | | | | woken up in the middle of sleeping. PR: misc/64347 Reviewed by: tjr MFC after: 7 days
* Reduce the overhead of semop() by using the kernel stack instead oftjr2003-12-191-4/+11
| | | | | malloc'd memory to store the operations array if it is small enough to fit.
* Initialize sequence numbers to 0 in seminit() instead of using whatevertjr2003-11-151-0/+1
| | | | | garbage happens to be in memory. This did not seem to cause any problems except making semaphore ID's unpredictable (and ugly in ipcs(1) output).
* When there are no free sem_undo structs available in semu_alloc(), onlytjr2003-11-101-3/+4
| | | | | | | | | | | | | free one sem_undo with un_cnt == 0 instead of all of them. This is a temporary workaround until the SLIST_FOREACH_PREVPTR loop gets fixed so that it doesn't cause cycles in semu_list when removing multiple adjacent items. It might be easier to just use (doubly-linked) LISTs here instead of complicated SLIST code to achieve O(1) removals. This bug manifested itself as a complete lockup under heavy semaphore use by multiple processes with the SEM_UNDO flag set. PR: 58984
* Slight whitespace consistency improvement:rwatson2003-11-071-2/+2
| | | | | Trim trailing whitespace. Remove unmatched " " before ")".
* Change all SYSCTLS which are readonly and have a related TUNABLEsilby2003-10-211-6/+6
| | | | | from CTLFLAG_RD to CTLFLAG_RDTUN so that sysctl(8) can provide more useful error messages.
* Update some argument-documenting comments to match reality.nectar2003-08-071-2/+3
| | | | | Add an explicit range check to those same arguments to reduce risk of cardiac arrest in future code readers.
* Use __FBSDID().obrien2003-06-111-2/+3
|
* Replace the at_fork, at_exec, and at_exit functions with the slightly morejhb2003-03-241-4/+8
| | | | | | | | | flexible process_fork, process_exec, and process_exit eventhandlers. This reduces code duplication and also means that I don't have to go duplicate the eventhandler locking three more times for each of at_fork, at_exec, and at_exit. Reviewed by: phk, jake, almost complete silence on arch@
* Back out M_* changes, per decision of the TRB.imp2003-02-191-7/+7
| | | | Approved by: trb
* Fix two fatal signedness errors introduced when i and j in semop()tjr2003-01-291-5/+6
| | | | | | were changed from int to size_t in the previous revision. PR: 47625
* Bring semop() closer the the opengroup standards.alfred2003-01-251-3/+4
| | | | | PR: 47471 Submitted by: Craig Rodrigues <rodrigc@attbi.com>
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-211-7/+7
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* Don't leak memory in semop(2). (Fix a bug I introduced in rev 1.55.)alfred2002-10-191-1/+2
| | | | Detective work by: jake
* Make SYSVSEM mpsafe. Each semaphore set gets its own lock, howeveralfred2002-08-131-87/+172
| | | | | | | | | | | | | | | there is a global lock over the undo structures because of the way they are managed. Switch to using SLIST instead of rolling our own linked list. Fix several races where a permission check was done before a copyin/copyout, if the copy happened to fault it may have been possible to race for access to a semaphore set that one shouldn't have access to. Requested by: rwatson Tested by: NetBSD regression suite.
* Cleanup:alfred2002-08-051-28/+24
| | | | | | Fix line wrapping. Remove 'register'. malloc(9) with M_WAITOK can't fail, so remove checks for that.
* Cleanup:alfred2002-07-221-101/+51
| | | | | Define a debug printf macro rather than wrapping all calls to printf with #ifdefs.
* Remove caddr_t.alfred2002-07-221-14/+11
|
* Remove __P.alfred2002-03-191-12/+12
|
* Pacify gcc-3.1+, initialize two variables to avoid -Wuninitializedpeter2002-03-191-2/+2
| | | | warnings.
* Fix a typo, unbreak the world.maxim2002-03-061-1/+1
| | | | | Thanks to: mux Approved by: ru
* Maximum semid is seminfo.semmni not seminfo.semmsl.maxim2002-03-061-3/+3
| | | | | | | | PR: kern/34979 Submitted by: James Gritton <jamie@gritton.org> Reviewed by: alfred, ru Approved by: ru MFC after: 1 week
* - Use td_ucred for jail checks.jhb2002-03-051-25/+14
| | | | | | | | - Move jail checks and some other checks involving constants and stack variables out from under Giant. This isn't perfectly safe atm because jail_sysvipc_allowed is read w/o a lock meaning that its value could be stale. This global variable will soon become a per-jail flag, however, at which time it will either not need a lock or will use the prison lock.
* Fix Giant leakage in several error cases in __semctl().jhb2002-02-271-4/+4
|
* Simple p_ucred -> td_ucred changes to start using the per-thread ucredjhb2002-02-271-1/+1
| | | | reference.
* Rehash of 1.43: simply remove the comment, since it's highly redundantrwatson2002-02-181-13/+0
| | | | and only partially correct.
* style(9) prefers formatted comments in '/*' ... '*/' as opposed torwatson2002-02-181-12/+12
| | | | #if 0'd.
* Eliminate semexit_hook using at_exit(9) and rm_at_exit(9).alc2001-12-301-2/+2
| | | | Reviewed by: alfred
* Make AIO a loadable module.alfred2001-12-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | Remove the explicit call to aio_proc_rundown() from exit1(), instead AIO will use at_exit(9). Add functions at_exec(9), rm_at_exec(9) which function nearly the same as at_exec(9) and rm_at_exec(9), these functions are called on behalf of modules at the time of execve(2) after the image activator has run. Use a modified version of tegge's suggestion via at_exec(9) to close an exploitable race in AIO. Fix SYSCALL_MODULE_HELPER such that it's archetecuterally neutral, the problem was that one had to pass it a paramater indicating the number of arguments which were actually the number of "int". Fix it by using an inline version of the AS macro against the syscall arguments. (AS should be available globally but we'll get to that later.) Add a primative system for dynamically adding kqueue ops, it's really not as sophisticated as it should be, but I'll discuss with jlemon when he's around.
* Fix SysV Semaphore Handling.mr2001-10-111-38/+73
| | | | | | | | Updated by peter following KSE and Giant pushdown. I've running with this patch for two week with no ill side effects. PR: kern/12014: Fix SysV Semaphore handling Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
* PR: kern/29698 (part)mr2001-09-131-0/+19
| | | | | | Reviewed by: audit Implement SEM_STAT (like IPC_STAT but treats semid as sema-index). The linuxerator will need it.
* PR: kern/29698 (part)mr2001-09-131-0/+11
| | | | | | | Reviewed by: audit Add tunables for the sem* and shm* syscontrols for tuning on boottime until they become dynamic. SAP R/3 doesn't like the compiled in defaults.
* KSE Milestone 2julian2001-09-121-49/+45
| | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
* Correct a debugging message.dd2001-09-111-1/+1
|
* Make the `nsops' variable in `semop' unsigned. This prevents andd2001-09-101-5/+5
| | | | | | | | | | overflow if uap->nsops (which is already unsigned) is over INT_MAX; consequently, the bounds check below becomes valid. Previously, if a value over INT_MAX was passed in uap->nsops, the bounds check wouldn't catch it, and the value would be used to compute copyin()'s third argument. Obtained from: NetBSD
* Giant Pushdown: sysv shm, sem, and msg calls.dillon2001-08-311-109/+186
|
* Export via sysctl:dd2001-05-301-0/+11
| | | | | | | | | | | * all members of msginfo from sysv_msg.c; * msqids from sysv_msg.c; * sema from sysv_sem.c; and * shmsegs from sysv_shm.c; These will be used by ipcs(1) in non-kvm mode. Reviewed by: tmm
* o Move per-process jail pointer (p->pr_prison) to inside of the subjectrwatson2001-02-211-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use. Notes: o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure. Reviewed by: freebsd-arch Obtained from: TrustedBSD Project
* Use predictable internal names for the sysvipc modules, so we have ades2001-01-141-3/+4
| | | | chance of getting dependencies working.
* sysvipc loadable.alfred2000-12-011-6/+58
| | | | | | new syscall entry lkmressys - "reserved loadable syscall" Make syscall_register allow overwriting of such entries (lkmressys).
* o Deny access to System V IPC from within jail by default, as in therwatson2000-10-311-0/+13
| | | | | | | | | | | | current implementation, jail neither virtualizes the Sys V IPC namespace, nor provides inter-jail protections on IPC objects. o Support for System V IPC can be enabled by setting jail.sysvipc_allowed=1 using sysctl. o This is not the "real fix" which involves virtualizing the System V IPC namespace, but prevents processes within jail from influencing those outside of jail when not approved by the administrator. Reported by: Paulo Fragoso <paulo@nlink.com.br>
* Convert all users of fldoff() to offsetof(). fldoff() is badphk2000-10-271-4/+0
| | | | | | | | | | | | | | | | | | | | | | | because it only takes a struct tag which makes it impossible to use unions, typedefs etc. Define __offsetof() in <machine/ansi.h> Define offsetof() in terms of __offsetof() in <stddef.h> and <sys/types.h> Remove myriad of local offsetof() definitions. Remove includes of <stddef.h> in kernel code. NB: Kernelcode should *never* include from /usr/include ! Make <sys/queue.h> include <machine/ansi.h> to avoid polluting the API. Deprecate <struct.h> with a warning. The warning turns into an error on 01-12-2000 and the file gets removed entirely on 01-01-2001. Paritials reviews by: various. Significant brucifications by: bde
OpenPOWER on IntegriCloud