3 * Copyright (C) 1992, 1993 Krishna Balasubramanian
4 * Many improvements/fixes by Bruno Haible.
5 * Replaced `struct shm_desc' by `struct vm_area_struct', July 1994.
6 * Fixed the shm swap deallocation (shm_unuse()), August 1998 Andrea Arcangeli.
8 * /proc/sysvipc/shm support (c) 1999 Dragos Acostachioaie <dragos@iname.com>
9 * BIGMEM support, Andrea Arcangeli <andrea@suse.de>
10 * SMP thread shm, Jean-Luc Boyard <jean-luc.boyard@siemens.fr>
11 * HIGHMEM support, Ingo Molnar <mingo@redhat.com>
12 * Make shmmax, shmall, shmmni sysctl'able, Christoph Rohland <cr@sap.com>
13 * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com>
14 * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com>
16 * support for audit of ipc object properties and permission changes
17 * Dustin Kirkland <dustin.kirkland@us.ibm.com>
21 * Pavel Emelianov <xemul@openvz.org>
24 #include <linux/slab.h>
26 #include <linux/hugetlb.h>
27 #include <linux/shm.h>
28 #include <linux/init.h>
29 #include <linux/file.h>
30 #include <linux/mman.h>
31 #include <linux/shmem_fs.h>
32 #include <linux/security.h>
33 #include <linux/syscalls.h>
34 #include <linux/audit.h>
35 #include <linux/capability.h>
36 #include <linux/ptrace.h>
37 #include <linux/seq_file.h>
38 #include <linux/rwsem.h>
39 #include <linux/nsproxy.h>
40 #include <linux/mount.h>
41 #include <linux/ipc_namespace.h>
43 #include <asm/uaccess.h>
47 struct shm_file_data {
49 struct ipc_namespace *ns;
51 const struct vm_operations_struct *vm_ops;
54 #define shm_file_data(file) (*((struct shm_file_data **)&(file)->private_data))
56 static const struct file_operations shm_file_operations;
57 static const struct vm_operations_struct shm_vm_ops;
59 #define shm_ids(ns) ((ns)->ids[IPC_SHM_IDS])
61 #define shm_unlock(shp) \
62 ipc_unlock(&(shp)->shm_perm)
64 static int newseg(struct ipc_namespace *, struct ipc_params *);
65 static void shm_open(struct vm_area_struct *vma);
66 static void shm_close(struct vm_area_struct *vma);
67 static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
69 static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
72 void shm_init_ns(struct ipc_namespace *ns)
74 ns->shm_ctlmax = SHMMAX;
75 ns->shm_ctlall = SHMALL;
76 ns->shm_ctlmni = SHMMNI;
77 ns->shm_rmid_forced = 1;
81 * For init_ipc_ns shm_ids().rw_mutex is statically initialized
82 * as kernel threads should be able to use it in do_exit() before
83 * shm_init(), which is called on do_initcall()
85 if (ns == &init_ipc_ns)
86 __ipc_init_ids(&shm_ids(ns));
88 ipc_init_ids(&shm_ids(ns));
92 * Called with shm_ids.rw_mutex (writer) and the shp structure locked.
93 * Only shm_ids.rw_mutex remains locked on exit.
95 static void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
97 struct shmid_kernel *shp;
98 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
100 if (shp->shm_nattch){
101 shp->shm_perm.mode |= SHM_DEST;
102 /* Do not find it any more */
103 shp->shm_perm.key = IPC_PRIVATE;
106 shm_destroy(ns, shp);
110 void shm_exit_ns(struct ipc_namespace *ns)
112 free_ipcs(ns, &shm_ids(ns), do_shm_rmid);
113 idr_destroy(&ns->ids[IPC_SHM_IDS].ipcs_idr);
117 static int __init ipc_ns_init(void)
119 shm_init_ns(&init_ipc_ns);
123 pure_initcall(ipc_ns_init);
125 void __init shm_init (void)
127 ipc_init_proc_interface("sysvipc/shm",
128 #if BITS_PER_LONG <= 32
129 " key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime rss swap\n",
131 " key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime rss swap\n",
133 IPC_SHM_IDS, sysvipc_shm_proc_show);
137 * shm_lock_(check_) routines are called in the paths where the rw_mutex
138 * is not necessarily held.
140 static inline struct shmid_kernel *shm_lock(struct ipc_namespace *ns, int id)
142 struct kern_ipc_perm *ipcp = ipc_lock(&shm_ids(ns), id);
145 return (struct shmid_kernel *)ipcp;
147 return container_of(ipcp, struct shmid_kernel, shm_perm);
150 static inline void shm_lock_by_ptr(struct shmid_kernel *ipcp)
153 spin_lock(&ipcp->shm_perm.lock);
156 static inline struct shmid_kernel *shm_lock_check(struct ipc_namespace *ns,
159 struct kern_ipc_perm *ipcp = ipc_lock_check(&shm_ids(ns), id);
162 return (struct shmid_kernel *)ipcp;
164 return container_of(ipcp, struct shmid_kernel, shm_perm);
167 static inline void shm_rmid(struct ipc_namespace *ns, struct shmid_kernel *s)
169 ipc_rmid(&shm_ids(ns), &s->shm_perm);
173 /* This is called by fork, once for every shm attach. */
174 static void shm_open(struct vm_area_struct *vma)
176 struct file *file = vma->vm_file;
177 struct shm_file_data *sfd = shm_file_data(file);
178 struct shmid_kernel *shp;
180 shp = shm_lock(sfd->ns, sfd->id);
182 shp->shm_atim = get_seconds();
183 shp->shm_lprid = task_tgid_vnr(current);
189 * shm_destroy - free the struct shmid_kernel
192 * @shp: struct to free
194 * It has to be called with shp and shm_ids.rw_mutex (writer) locked,
195 * but returns with shp unlocked and freed.
197 static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
199 ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT;
202 if (!is_file_hugepages(shp->shm_file))
203 shmem_lock(shp->shm_file, 0, shp->mlock_user);
204 else if (shp->mlock_user)
205 user_shm_unlock(shp->shm_file->f_path.dentry->d_inode->i_size,
207 fput (shp->shm_file);
208 security_shm_free(shp);
213 * shm_may_destroy - identifies whether shm segment should be destroyed now
215 * Returns true if and only if there are no active users of the segment and
216 * one of the following is true:
218 * 1) shmctl(id, IPC_RMID, NULL) was called for this shp
220 * 2) sysctl kernel.shm_rmid_forced is set to 1.
222 static bool shm_may_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
224 return (shp->shm_nattch == 0) &&
225 (ns->shm_rmid_forced ||
226 (shp->shm_perm.mode & SHM_DEST));
230 * remove the attach descriptor vma.
231 * free memory for segment if it is marked destroyed.
232 * The descriptor has already been removed from the current->mm->mmap list
233 * and will later be kfree()d.
235 static void shm_close(struct vm_area_struct *vma)
237 struct file * file = vma->vm_file;
238 struct shm_file_data *sfd = shm_file_data(file);
239 struct shmid_kernel *shp;
240 struct ipc_namespace *ns = sfd->ns;
242 down_write(&shm_ids(ns).rw_mutex);
243 /* remove from the list of attaches of the shm segment */
244 shp = shm_lock(ns, sfd->id);
246 shp->shm_lprid = task_tgid_vnr(current);
247 shp->shm_dtim = get_seconds();
249 if (shm_may_destroy(ns, shp))
250 shm_destroy(ns, shp);
253 up_write(&shm_ids(ns).rw_mutex);
256 /* Called with ns->shm_ids(ns).rw_mutex locked */
257 static int shm_try_destroy_current(int id, void *p, void *data)
259 struct ipc_namespace *ns = data;
260 struct kern_ipc_perm *ipcp = p;
261 struct shmid_kernel *shp = container_of(ipcp, struct shmid_kernel, shm_perm);
263 if (shp->shm_creator != current)
267 * Mark it as orphaned to destroy the segment when
268 * kernel.shm_rmid_forced is changed.
269 * It is noop if the following shm_may_destroy() returns true.
271 shp->shm_creator = NULL;
274 * Don't even try to destroy it. If shm_rmid_forced=0 and IPC_RMID
275 * is not set, it shouldn't be deleted here.
277 if (!ns->shm_rmid_forced)
280 if (shm_may_destroy(ns, shp)) {
281 shm_lock_by_ptr(shp);
282 shm_destroy(ns, shp);
287 /* Called with ns->shm_ids(ns).rw_mutex locked */
288 static int shm_try_destroy_orphaned(int id, void *p, void *data)
290 struct ipc_namespace *ns = data;
291 struct kern_ipc_perm *ipcp = p;
292 struct shmid_kernel *shp = container_of(ipcp, struct shmid_kernel, shm_perm);
295 * We want to destroy segments without users and with already
296 * exit'ed originating process.
298 * As shp->* are changed under rw_mutex, it's safe to skip shp locking.
300 if (shp->shm_creator != NULL)
303 if (shm_may_destroy(ns, shp)) {
304 shm_lock_by_ptr(shp);
305 shm_destroy(ns, shp);
310 void shm_destroy_orphaned(struct ipc_namespace *ns)
312 down_write(&shm_ids(ns).rw_mutex);
313 if (shm_ids(ns).in_use)
314 idr_for_each(&shm_ids(ns).ipcs_idr, &shm_try_destroy_orphaned, ns);
315 up_write(&shm_ids(ns).rw_mutex);
319 void exit_shm(struct task_struct *task)
321 struct ipc_namespace *ns = task->nsproxy->ipc_ns;
323 if (shm_ids(ns).in_use == 0)
326 /* Destroy all already created segments, but not mapped yet */
327 down_write(&shm_ids(ns).rw_mutex);
328 if (shm_ids(ns).in_use)
329 idr_for_each(&shm_ids(ns).ipcs_idr, &shm_try_destroy_current, ns);
330 up_write(&shm_ids(ns).rw_mutex);
333 static int shm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
335 struct file *file = vma->vm_file;
336 struct shm_file_data *sfd = shm_file_data(file);
338 return sfd->vm_ops->fault(vma, vmf);
342 static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new)
344 struct file *file = vma->vm_file;
345 struct shm_file_data *sfd = shm_file_data(file);
347 if (sfd->vm_ops->set_policy)
348 err = sfd->vm_ops->set_policy(vma, new);
352 static struct mempolicy *shm_get_policy(struct vm_area_struct *vma,
355 struct file *file = vma->vm_file;
356 struct shm_file_data *sfd = shm_file_data(file);
357 struct mempolicy *pol = NULL;
359 if (sfd->vm_ops->get_policy)
360 pol = sfd->vm_ops->get_policy(vma, addr);
361 else if (vma->vm_policy)
362 pol = vma->vm_policy;
368 static int shm_mmap(struct file * file, struct vm_area_struct * vma)
370 struct shm_file_data *sfd = shm_file_data(file);
373 ret = sfd->file->f_op->mmap(sfd->file, vma);
376 sfd->vm_ops = vma->vm_ops;
378 BUG_ON(!sfd->vm_ops->fault);
380 vma->vm_ops = &shm_vm_ops;
386 static int shm_release(struct inode *ino, struct file *file)
388 struct shm_file_data *sfd = shm_file_data(file);
391 shm_file_data(file) = NULL;
396 static int shm_fsync(struct file *file, loff_t start, loff_t end, int datasync)
398 struct shm_file_data *sfd = shm_file_data(file);
400 if (!sfd->file->f_op->fsync)
402 return sfd->file->f_op->fsync(sfd->file, start, end, datasync);
405 static unsigned long shm_get_unmapped_area(struct file *file,
406 unsigned long addr, unsigned long len, unsigned long pgoff,
409 struct shm_file_data *sfd = shm_file_data(file);
410 return sfd->file->f_op->get_unmapped_area(sfd->file, addr, len,
414 static const struct file_operations shm_file_operations = {
417 .release = shm_release,
419 .get_unmapped_area = shm_get_unmapped_area,
421 .llseek = noop_llseek,
424 static const struct file_operations shm_file_operations_huge = {
427 .release = shm_release,
428 .get_unmapped_area = shm_get_unmapped_area,
429 .llseek = noop_llseek,
432 int is_file_shm_hugepages(struct file *file)
434 return file->f_op == &shm_file_operations_huge;
437 static const struct vm_operations_struct shm_vm_ops = {
438 .open = shm_open, /* callback for a new vm-area open */
439 .close = shm_close, /* callback for when the vm-area is released */
441 #if defined(CONFIG_NUMA)
442 .set_policy = shm_set_policy,
443 .get_policy = shm_get_policy,
448 * newseg - Create a new shared memory segment
450 * @params: ptr to the structure that contains key, size and shmflg
452 * Called with shm_ids.rw_mutex held as a writer.
455 static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
457 key_t key = params->key;
458 int shmflg = params->flg;
459 size_t size = params->u.size;
461 struct shmid_kernel *shp;
462 int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT;
466 vm_flags_t acctflag = 0;
468 if (size < SHMMIN || size > ns->shm_ctlmax)
471 if (ns->shm_tot + numpages > ns->shm_ctlall)
474 shp = ipc_rcu_alloc(sizeof(*shp));
478 shp->shm_perm.key = key;
479 shp->shm_perm.mode = (shmflg & S_IRWXUGO);
480 shp->mlock_user = NULL;
482 shp->shm_perm.security = NULL;
483 error = security_shm_alloc(shp);
489 sprintf (name, "SYSV%08x", key);
490 if (shmflg & SHM_HUGETLB) {
491 /* hugetlb_file_setup applies strict accounting */
492 if (shmflg & SHM_NORESERVE)
493 acctflag = VM_NORESERVE;
494 file = hugetlb_file_setup(name, size, acctflag,
495 &shp->mlock_user, HUGETLB_SHMFS_INODE);
498 * Do not allow no accounting for OVERCOMMIT_NEVER, even
501 if ((shmflg & SHM_NORESERVE) &&
502 sysctl_overcommit_memory != OVERCOMMIT_NEVER)
503 acctflag = VM_NORESERVE;
504 file = shmem_file_setup(name, size, acctflag);
506 error = PTR_ERR(file);
510 id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
516 shp->shm_cprid = task_tgid_vnr(current);
518 shp->shm_atim = shp->shm_dtim = 0;
519 shp->shm_ctim = get_seconds();
520 shp->shm_segsz = size;
522 shp->shm_file = file;
523 shp->shm_creator = current;
525 * shmid gets reported as "inode#" in /proc/pid/maps.
526 * proc-ps tools use this. Changing this will break them.
528 file->f_dentry->d_inode->i_ino = shp->shm_perm.id;
530 ns->shm_tot += numpages;
531 error = shp->shm_perm.id;
536 if (is_file_hugepages(file) && shp->mlock_user)
537 user_shm_unlock(size, shp->mlock_user);
540 security_shm_free(shp);
546 * Called with shm_ids.rw_mutex and ipcp locked.
548 static inline int shm_security(struct kern_ipc_perm *ipcp, int shmflg)
550 struct shmid_kernel *shp;
552 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
553 return security_shm_associate(shp, shmflg);
557 * Called with shm_ids.rw_mutex and ipcp locked.
559 static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
560 struct ipc_params *params)
562 struct shmid_kernel *shp;
564 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
565 if (shp->shm_segsz < params->u.size)
571 SYSCALL_DEFINE3(shmget, key_t, key, size_t, size, int, shmflg)
573 struct ipc_namespace *ns;
574 struct ipc_ops shm_ops;
575 struct ipc_params shm_params;
577 ns = current->nsproxy->ipc_ns;
579 shm_ops.getnew = newseg;
580 shm_ops.associate = shm_security;
581 shm_ops.more_checks = shm_more_checks;
583 shm_params.key = key;
584 shm_params.flg = shmflg;
585 shm_params.u.size = size;
587 return ipcget(ns, &shm_ids(ns), &shm_ops, &shm_params);
590 static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_ds *in, int version)
594 return copy_to_user(buf, in, sizeof(*in));
599 memset(&out, 0, sizeof(out));
600 ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
601 out.shm_segsz = in->shm_segsz;
602 out.shm_atime = in->shm_atime;
603 out.shm_dtime = in->shm_dtime;
604 out.shm_ctime = in->shm_ctime;
605 out.shm_cpid = in->shm_cpid;
606 out.shm_lpid = in->shm_lpid;
607 out.shm_nattch = in->shm_nattch;
609 return copy_to_user(buf, &out, sizeof(out));
616 static inline unsigned long
617 copy_shmid_from_user(struct shmid64_ds *out, void __user *buf, int version)
621 if (copy_from_user(out, buf, sizeof(*out)))
626 struct shmid_ds tbuf_old;
628 if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old)))
631 out->shm_perm.uid = tbuf_old.shm_perm.uid;
632 out->shm_perm.gid = tbuf_old.shm_perm.gid;
633 out->shm_perm.mode = tbuf_old.shm_perm.mode;
642 static inline unsigned long copy_shminfo_to_user(void __user *buf, struct shminfo64 *in, int version)
646 return copy_to_user(buf, in, sizeof(*in));
651 if(in->shmmax > INT_MAX)
652 out.shmmax = INT_MAX;
654 out.shmmax = (int)in->shmmax;
656 out.shmmin = in->shmmin;
657 out.shmmni = in->shmmni;
658 out.shmseg = in->shmseg;
659 out.shmall = in->shmall;
661 return copy_to_user(buf, &out, sizeof(out));
669 * Calculate and add used RSS and swap pages of a shm.
670 * Called with shm_ids.rw_mutex held as a reader
672 static void shm_add_rss_swap(struct shmid_kernel *shp,
673 unsigned long *rss_add, unsigned long *swp_add)
677 inode = shp->shm_file->f_path.dentry->d_inode;
679 if (is_file_hugepages(shp->shm_file)) {
680 struct address_space *mapping = inode->i_mapping;
681 struct hstate *h = hstate_file(shp->shm_file);
682 *rss_add += pages_per_huge_page(h) * mapping->nrpages;
685 struct shmem_inode_info *info = SHMEM_I(inode);
686 spin_lock(&info->lock);
687 *rss_add += inode->i_mapping->nrpages;
688 *swp_add += info->swapped;
689 spin_unlock(&info->lock);
691 *rss_add += inode->i_mapping->nrpages;
697 * Called with shm_ids.rw_mutex held as a reader
699 static void shm_get_stat(struct ipc_namespace *ns, unsigned long *rss,
708 in_use = shm_ids(ns).in_use;
710 for (total = 0, next_id = 0; total < in_use; next_id++) {
711 struct kern_ipc_perm *ipc;
712 struct shmid_kernel *shp;
714 ipc = idr_find(&shm_ids(ns).ipcs_idr, next_id);
717 shp = container_of(ipc, struct shmid_kernel, shm_perm);
719 shm_add_rss_swap(shp, rss, swp);
726 * This function handles some shmctl commands which require the rw_mutex
727 * to be held in write mode.
728 * NOTE: no locks must be held, the rw_mutex is taken inside this function.
730 static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd,
731 struct shmid_ds __user *buf, int version)
733 struct kern_ipc_perm *ipcp;
734 struct shmid64_ds shmid64;
735 struct shmid_kernel *shp;
738 if (cmd == IPC_SET) {
739 if (copy_shmid_from_user(&shmid64, buf, version))
743 ipcp = ipcctl_pre_down(ns, &shm_ids(ns), shmid, cmd,
744 &shmid64.shm_perm, 0);
746 return PTR_ERR(ipcp);
748 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
750 err = security_shm_shmctl(shp, cmd);
755 do_shm_rmid(ns, ipcp);
758 ipc_update_perm(&shmid64.shm_perm, ipcp);
759 shp->shm_ctim = get_seconds();
767 up_write(&shm_ids(ns).rw_mutex);
771 SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
773 struct shmid_kernel *shp;
775 struct ipc_namespace *ns;
777 if (cmd < 0 || shmid < 0) {
782 version = ipc_parse_version(&cmd);
783 ns = current->nsproxy->ipc_ns;
785 switch (cmd) { /* replace with proc interface ? */
788 struct shminfo64 shminfo;
790 err = security_shm_shmctl(NULL, cmd);
794 memset(&shminfo, 0, sizeof(shminfo));
795 shminfo.shmmni = shminfo.shmseg = ns->shm_ctlmni;
796 shminfo.shmmax = ns->shm_ctlmax;
797 shminfo.shmall = ns->shm_ctlall;
799 shminfo.shmmin = SHMMIN;
800 if(copy_shminfo_to_user (buf, &shminfo, version))
803 down_read(&shm_ids(ns).rw_mutex);
804 err = ipc_get_maxid(&shm_ids(ns));
805 up_read(&shm_ids(ns).rw_mutex);
813 struct shm_info shm_info;
815 err = security_shm_shmctl(NULL, cmd);
819 memset(&shm_info, 0, sizeof(shm_info));
820 down_read(&shm_ids(ns).rw_mutex);
821 shm_info.used_ids = shm_ids(ns).in_use;
822 shm_get_stat (ns, &shm_info.shm_rss, &shm_info.shm_swp);
823 shm_info.shm_tot = ns->shm_tot;
824 shm_info.swap_attempts = 0;
825 shm_info.swap_successes = 0;
826 err = ipc_get_maxid(&shm_ids(ns));
827 up_read(&shm_ids(ns).rw_mutex);
828 if (copy_to_user(buf, &shm_info, sizeof(shm_info))) {
833 err = err < 0 ? 0 : err;
839 struct shmid64_ds tbuf;
842 if (cmd == SHM_STAT) {
843 shp = shm_lock(ns, shmid);
848 result = shp->shm_perm.id;
850 shp = shm_lock_check(ns, shmid);
858 if (ipcperms(ns, &shp->shm_perm, S_IRUGO))
860 err = security_shm_shmctl(shp, cmd);
863 memset(&tbuf, 0, sizeof(tbuf));
864 kernel_to_ipc64_perm(&shp->shm_perm, &tbuf.shm_perm);
865 tbuf.shm_segsz = shp->shm_segsz;
866 tbuf.shm_atime = shp->shm_atim;
867 tbuf.shm_dtime = shp->shm_dtim;
868 tbuf.shm_ctime = shp->shm_ctim;
869 tbuf.shm_cpid = shp->shm_cprid;
870 tbuf.shm_lpid = shp->shm_lprid;
871 tbuf.shm_nattch = shp->shm_nattch;
873 if(copy_shmid_to_user (buf, &tbuf, version))
882 struct file *uninitialized_var(shm_file);
884 lru_add_drain_all(); /* drain pagevecs to lru lists */
886 shp = shm_lock_check(ns, shmid);
892 audit_ipc_obj(&(shp->shm_perm));
894 if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) {
895 uid_t euid = current_euid();
897 if (euid != shp->shm_perm.uid &&
898 euid != shp->shm_perm.cuid)
900 if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK))
904 err = security_shm_shmctl(shp, cmd);
909 struct user_struct *user = current_user();
910 if (!is_file_hugepages(shp->shm_file)) {
911 err = shmem_lock(shp->shm_file, 1, user);
912 if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){
913 shp->shm_perm.mode |= SHM_LOCKED;
914 shp->mlock_user = user;
917 } else if (!is_file_hugepages(shp->shm_file)) {
918 shmem_lock(shp->shm_file, 0, shp->mlock_user);
919 shp->shm_perm.mode &= ~SHM_LOCKED;
920 shp->mlock_user = NULL;
927 err = shmctl_down(ns, shmid, cmd, buf, version);
940 * Fix shmaddr, allocate descriptor, map shm, add attach descriptor to lists.
942 * NOTE! Despite the name, this is NOT a direct system call entrypoint. The
943 * "raddr" thing points to kernel space, and there has to be a wrapper around
946 long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
948 struct shmid_kernel *shp;
956 unsigned long user_addr;
957 struct ipc_namespace *ns;
958 struct shm_file_data *sfd;
965 else if ((addr = (ulong)shmaddr)) {
966 if (addr & (SHMLBA-1)) {
967 if (shmflg & SHM_RND)
968 addr &= ~(SHMLBA-1); /* round down */
970 #ifndef __ARCH_FORCE_SHMLBA
971 if (addr & ~PAGE_MASK)
975 flags = MAP_SHARED | MAP_FIXED;
977 if ((shmflg & SHM_REMAP))
983 if (shmflg & SHM_RDONLY) {
988 prot = PROT_READ | PROT_WRITE;
989 acc_mode = S_IRUGO | S_IWUGO;
990 f_mode = FMODE_READ | FMODE_WRITE;
992 if (shmflg & SHM_EXEC) {
998 * We cannot rely on the fs check since SYSV IPC does have an
999 * additional creator id...
1001 ns = current->nsproxy->ipc_ns;
1002 shp = shm_lock_check(ns, shmid);
1009 if (ipcperms(ns, &shp->shm_perm, acc_mode))
1012 err = security_shm_shmat(shp, shmaddr, shmflg);
1016 path = shp->shm_file->f_path;
1019 size = i_size_read(path.dentry->d_inode);
1023 sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);
1025 goto out_put_dentry;
1027 file = alloc_file(&path, f_mode,
1028 is_file_hugepages(shp->shm_file) ?
1029 &shm_file_operations_huge :
1030 &shm_file_operations);
1034 file->private_data = sfd;
1035 file->f_mapping = shp->shm_file->f_mapping;
1036 sfd->id = shp->shm_perm.id;
1037 sfd->ns = get_ipc_ns(ns);
1038 sfd->file = shp->shm_file;
1041 down_write(¤t->mm->mmap_sem);
1042 if (addr && !(shmflg & SHM_REMAP)) {
1044 if (find_vma_intersection(current->mm, addr, addr + size))
1047 * If shm segment goes below stack, make sure there is some
1048 * space left for the stack to grow (at least 4 pages).
1050 if (addr < current->mm->start_stack &&
1051 addr > current->mm->start_stack - size - PAGE_SIZE * 5)
1055 user_addr = do_mmap (file, addr, size, prot, flags, 0);
1058 if (IS_ERR_VALUE(user_addr))
1059 err = (long)user_addr;
1061 up_write(¤t->mm->mmap_sem);
1066 down_write(&shm_ids(ns).rw_mutex);
1067 shp = shm_lock(ns, shmid);
1068 BUG_ON(IS_ERR(shp));
1070 if (shm_may_destroy(ns, shp))
1071 shm_destroy(ns, shp);
1074 up_write(&shm_ids(ns).rw_mutex);
1090 SYSCALL_DEFINE3(shmat, int, shmid, char __user *, shmaddr, int, shmflg)
1095 err = do_shmat(shmid, shmaddr, shmflg, &ret);
1098 force_successful_syscall_return();
1103 * detach and kill segment if marked destroyed.
1104 * The work is done in shm_close.
1106 SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
1108 struct mm_struct *mm = current->mm;
1109 struct vm_area_struct *vma;
1110 unsigned long addr = (unsigned long)shmaddr;
1111 int retval = -EINVAL;
1114 struct vm_area_struct *next;
1117 if (addr & ~PAGE_MASK)
1120 down_write(&mm->mmap_sem);
1123 * This function tries to be smart and unmap shm segments that
1124 * were modified by partial mlock or munmap calls:
1125 * - It first determines the size of the shm segment that should be
1126 * unmapped: It searches for a vma that is backed by shm and that
1127 * started at address shmaddr. It records it's size and then unmaps
1129 * - Then it unmaps all shm vmas that started at shmaddr and that
1130 * are within the initially determined size.
1131 * Errors from do_munmap are ignored: the function only fails if
1132 * it's called with invalid parameters or if it's called to unmap
1133 * a part of a vma. Both calls in this function are for full vmas,
1134 * the parameters are directly copied from the vma itself and always
1135 * valid - therefore do_munmap cannot fail. (famous last words?)
1138 * If it had been mremap()'d, the starting address would not
1139 * match the usual checks anyway. So assume all vma's are
1140 * above the starting address given.
1142 vma = find_vma(mm, addr);
1146 next = vma->vm_next;
1149 * Check if the starting address would match, i.e. it's
1150 * a fragment created by mprotect() and/or munmap(), or it
1151 * otherwise it starts at this address with no hassles.
1153 if ((vma->vm_ops == &shm_vm_ops) &&
1154 (vma->vm_start - addr)/PAGE_SIZE == vma->vm_pgoff) {
1157 size = vma->vm_file->f_path.dentry->d_inode->i_size;
1158 do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start);
1160 * We discovered the size of the shm segment, so
1161 * break out of here and fall through to the next
1162 * loop that uses the size information to stop
1163 * searching for matching vma's.
1173 * We need look no further than the maximum address a fragment
1174 * could possibly have landed at. Also cast things to loff_t to
1175 * prevent overflows and make comparisons vs. equal-width types.
1177 size = PAGE_ALIGN(size);
1178 while (vma && (loff_t)(vma->vm_end - addr) <= size) {
1179 next = vma->vm_next;
1181 /* finding a matching vma now does not alter retval */
1182 if ((vma->vm_ops == &shm_vm_ops) &&
1183 (vma->vm_start - addr)/PAGE_SIZE == vma->vm_pgoff)
1185 do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start);
1189 #else /* CONFIG_MMU */
1190 /* under NOMMU conditions, the exact address to be destroyed must be
1193 if (vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) {
1194 do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start);
1200 up_write(&mm->mmap_sem);
1204 #ifdef CONFIG_PROC_FS
1205 static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
1207 struct shmid_kernel *shp = it;
1208 unsigned long rss = 0, swp = 0;
1210 shm_add_rss_swap(shp, &rss, &swp);
1212 #if BITS_PER_LONG <= 32
1213 #define SIZE_SPEC "%10lu"
1215 #define SIZE_SPEC "%21lu"
1218 return seq_printf(s,
1219 "%10d %10d %4o " SIZE_SPEC " %5u %5u "
1220 "%5lu %5u %5u %5u %5u %10lu %10lu %10lu "
1221 SIZE_SPEC " " SIZE_SPEC "\n",
projects / karo-tx-linux.git / blob