Home | History | Annotate | Line # | Download | only in kern
uipc_sem.c revision 1.46
      1 /*	$NetBSD: uipc_sem.c,v 1.45 2016/04/24 19:48:29 dholland Exp $	*/
      2 
      3 /*-
      4  * Copyright (c) 2011 The NetBSD Foundation, Inc.
      5  * All rights reserved.
      6  *
      7  * This code is derived from software contributed to The NetBSD Foundation
      8  * by Mindaugas Rasiukevicius.
      9  *
     10  * Redistribution and use in source and binary forms, with or without
     11  * modification, are permitted provided that the following conditions
     12  * are met:
     13  * 1. Redistributions of source code must retain the above copyright
     14  *    notice, this list of conditions and the following disclaimer.
     15  * 2. Redistributions in binary form must reproduce the above copyright
     16  *    notice, this list of conditions and the following disclaimer in the
     17  *    documentation and/or other materials provided with the distribution.
     18  *
     19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
     20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
     21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
     23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
     25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
     26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
     27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
     29  * POSSIBILITY OF SUCH DAMAGE.
     30  */
     31 
     32 /*
     33  * Copyright (c) 2002 Alfred Perlstein <alfred (at) FreeBSD.org>
     34  * All rights reserved.
     35  *
     36  * Redistribution and use in source and binary forms, with or without
     37  * modification, are permitted provided that the following conditions
     38  * are met:
     39  * 1. Redistributions of source code must retain the above copyright
     40  *    notice, this list of conditions and the following disclaimer.
     41  * 2. Redistributions in binary form must reproduce the above copyright
     42  *    notice, this list of conditions and the following disclaimer in the
     43  *    documentation and/or other materials provided with the distribution.
     44  *
     45  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
     46  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     47  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     48  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     49  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     50  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     51  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     52  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     53  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     54  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     55  * SUCH DAMAGE.
     56  */
     57 
     58 /*
     59  * Implementation of POSIX semaphore.
     60  */
     61 
     62 #include <sys/cdefs.h>
     63 __KERNEL_RCSID(0, "$NetBSD: uipc_sem.c,v 1.45 2016/04/24 19:48:29 dholland Exp $");
     64 
     65 #include <sys/param.h>
     66 #include <sys/kernel.h>
     67 
     68 #include <sys/atomic.h>
     69 #include <sys/proc.h>
     70 #include <sys/ksem.h>
     71 #include <sys/syscall.h>
     72 #include <sys/stat.h>
     73 #include <sys/kmem.h>
     74 #include <sys/fcntl.h>
     75 #include <sys/file.h>
     76 #include <sys/filedesc.h>
     77 #include <sys/kauth.h>
     78 #include <sys/module.h>
     79 #include <sys/mount.h>
     80 #include <sys/semaphore.h>
     81 #include <sys/syscall.h>
     82 #include <sys/syscallargs.h>
     83 #include <sys/syscallvar.h>
     84 #include <sys/sysctl.h>
     85 
     86 MODULE(MODULE_CLASS_MISC, ksem, NULL);
     87 
     88 #define	SEM_MAX_NAMELEN		14
     89 
     90 #define	SEM_NSEMS_MAX		256
     91 #define	KS_UNLINKED		0x01
     92 
     93 static kmutex_t		ksem_lock	__cacheline_aligned;
     94 static LIST_HEAD(,ksem)	ksem_head	__cacheline_aligned;
     95 static u_int		nsems_total	__cacheline_aligned;
     96 static u_int		nsems		__cacheline_aligned;
     97 
     98 static kauth_listener_t	ksem_listener;
     99 
    100 static int		ksem_sysinit(void);
    101 static int		ksem_sysfini(bool);
    102 static int		ksem_modcmd(modcmd_t, void *);
    103 static int		ksem_close_fop(file_t *);
    104 static int		ksem_stat_fop(file_t *, struct stat *);
    105 static int		ksem_read_fop(file_t *, off_t *, struct uio *,
    106     kauth_cred_t, int);
    107 
    108 static const struct fileops semops = {
    109 	.fo_read = ksem_read_fop,
    110 	.fo_write = fbadop_write,
    111 	.fo_ioctl = fbadop_ioctl,
    112 	.fo_fcntl = fnullop_fcntl,
    113 	.fo_poll = fnullop_poll,
    114 	.fo_stat = ksem_stat_fop,
    115 	.fo_close = ksem_close_fop,
    116 	.fo_kqfilter = fnullop_kqfilter,
    117 	.fo_restart = fnullop_restart,
    118 };
    119 
    120 static const struct syscall_package ksem_syscalls[] = {
    121 	{ SYS__ksem_init, 0, (sy_call_t *)sys__ksem_init },
    122 	{ SYS__ksem_open, 0, (sy_call_t *)sys__ksem_open },
    123 	{ SYS__ksem_unlink, 0, (sy_call_t *)sys__ksem_unlink },
    124 	{ SYS__ksem_close, 0, (sy_call_t *)sys__ksem_close },
    125 	{ SYS__ksem_post, 0, (sy_call_t *)sys__ksem_post },
    126 	{ SYS__ksem_wait, 0, (sy_call_t *)sys__ksem_wait },
    127 	{ SYS__ksem_trywait, 0, (sy_call_t *)sys__ksem_trywait },
    128 	{ SYS__ksem_getvalue, 0, (sy_call_t *)sys__ksem_getvalue },
    129 	{ SYS__ksem_destroy, 0, (sy_call_t *)sys__ksem_destroy },
    130 	{ SYS__ksem_timedwait, 0, (sy_call_t *)sys__ksem_timedwait },
    131 	{ 0, 0, NULL },
    132 };
    133 
    134 struct sysctllog *ksem_clog;
    135 int ksem_max;
    136 
    137 static int
    138 ksem_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
    139     void *arg0, void *arg1, void *arg2, void *arg3)
    140 {
    141 	ksem_t *ks;
    142 	mode_t mode;
    143 
    144 	if (action != KAUTH_SYSTEM_SEMAPHORE)
    145 		return KAUTH_RESULT_DEFER;
    146 
    147 	ks = arg1;
    148 	mode = ks->ks_mode;
    149 
    150 	if ((kauth_cred_geteuid(cred) == ks->ks_uid && (mode & S_IWUSR) != 0) ||
    151 	    (kauth_cred_getegid(cred) == ks->ks_gid && (mode & S_IWGRP) != 0) ||
    152 	    (mode & S_IWOTH) != 0)
    153 		return KAUTH_RESULT_ALLOW;
    154 
    155 	return KAUTH_RESULT_DEFER;
    156 }
    157 
    158 static int
    159 ksem_sysinit(void)
    160 {
    161 	int error;
    162 	const struct sysctlnode *rnode;
    163 
    164 	mutex_init(&ksem_lock, MUTEX_DEFAULT, IPL_NONE);
    165 	LIST_INIT(&ksem_head);
    166 	nsems_total = 0;
    167 	nsems = 0;
    168 
    169 	error = syscall_establish(NULL, ksem_syscalls);
    170 	if (error) {
    171 		(void)ksem_sysfini(false);
    172 	}
    173 
    174 	ksem_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
    175 	    ksem_listener_cb, NULL);
    176 
    177 	/* Define module-specific sysctl tree */
    178 
    179 	ksem_max = KSEM_MAX;
    180 	ksem_clog = NULL;
    181 
    182 	sysctl_createv(&ksem_clog, 0, NULL, &rnode,
    183 			CTLFLAG_PERMANENT,
    184 			CTLTYPE_NODE, "posix",
    185 			SYSCTL_DESCR("POSIX options"),
    186 			NULL, 0, NULL, 0,
    187 			CTL_KERN, CTL_CREATE, CTL_EOL);
    188 	sysctl_createv(&ksem_clog, 0, &rnode, NULL,
    189 			CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
    190 			CTLTYPE_INT, "semmax",
    191 			SYSCTL_DESCR("Maximal number of semaphores"),
    192 			NULL, 0, &ksem_max, 0,
    193 			CTL_CREATE, CTL_EOL);
    194 	sysctl_createv(&ksem_clog, 0, &rnode, NULL,
    195 			CTLFLAG_PERMANENT | CTLFLAG_READONLY,
    196 			CTLTYPE_INT, "semcnt",
    197 			SYSCTL_DESCR("Current number of semaphores"),
    198 			NULL, 0, &nsems, 0,
    199 			CTL_CREATE, CTL_EOL);
    200 
    201 	return error;
    202 }
    203 
    204 static int
    205 ksem_sysfini(bool interface)
    206 {
    207 	int error;
    208 
    209 	if (interface) {
    210 		error = syscall_disestablish(NULL, ksem_syscalls);
    211 		if (error != 0) {
    212 			return error;
    213 		}
    214 		/*
    215 		 * Make sure that no semaphores are in use.  Note: semops
    216 		 * must be unused at this point.
    217 		 */
    218 		if (nsems_total) {
    219 			error = syscall_establish(NULL, ksem_syscalls);
    220 			KASSERT(error == 0);
    221 			return EBUSY;
    222 		}
    223 	}
    224 	kauth_unlisten_scope(ksem_listener);
    225 	mutex_destroy(&ksem_lock);
    226 	sysctl_teardown(&ksem_clog);
    227 	return 0;
    228 }
    229 
    230 static int
    231 ksem_modcmd(modcmd_t cmd, void *arg)
    232 {
    233 
    234 	switch (cmd) {
    235 	case MODULE_CMD_INIT:
    236 		return ksem_sysinit();
    237 
    238 	case MODULE_CMD_FINI:
    239 		return ksem_sysfini(true);
    240 
    241 	default:
    242 		return ENOTTY;
    243 	}
    244 }
    245 
    246 static ksem_t *
    247 ksem_lookup(const char *name)
    248 {
    249 	ksem_t *ks;
    250 
    251 	KASSERT(mutex_owned(&ksem_lock));
    252 
    253 	LIST_FOREACH(ks, &ksem_head, ks_entry) {
    254 		if (strcmp(ks->ks_name, name) == 0) {
    255 			mutex_enter(&ks->ks_lock);
    256 			return ks;
    257 		}
    258 	}
    259 	return NULL;
    260 }
    261 
    262 static int
    263 ksem_perm(lwp_t *l, ksem_t *ks)
    264 {
    265 	kauth_cred_t uc = l->l_cred;
    266 
    267 	KASSERT(mutex_owned(&ks->ks_lock));
    268 
    269 	if (kauth_authorize_system(uc, KAUTH_SYSTEM_SEMAPHORE, 0, ks, NULL, NULL) != 0)
    270 		return EACCES;
    271 
    272 	return 0;
    273 }
    274 
    275 /*
    276  * ksem_get: get the semaphore from the descriptor.
    277  *
    278  * => locks the semaphore, if found.
    279  * => holds a reference on the file descriptor.
    280  */
    281 static int
    282 ksem_get(int fd, ksem_t **ksret)
    283 {
    284 	ksem_t *ks;
    285 	file_t *fp;
    286 
    287 	fp = fd_getfile(fd);
    288 	if (__predict_false(fp == NULL))
    289 		return EINVAL;
    290 	if (__predict_false(fp->f_type != DTYPE_SEM)) {
    291 		fd_putfile(fd);
    292 		return EINVAL;
    293 	}
    294 	ks = fp->f_ksem;
    295 	mutex_enter(&ks->ks_lock);
    296 
    297 	*ksret = ks;
    298 	return 0;
    299 }
    300 
    301 /*
    302  * ksem_create: allocate and setup a new semaphore structure.
    303  */
    304 static int
    305 ksem_create(lwp_t *l, const char *name, ksem_t **ksret, mode_t mode, u_int val)
    306 {
    307 	ksem_t *ks;
    308 	kauth_cred_t uc;
    309 	char *kname;
    310 	size_t len;
    311 
    312 	/* Pre-check for the limit. */
    313 	if (nsems >= ksem_max) {
    314 		return ENFILE;
    315 	}
    316 
    317 	if (val > SEM_VALUE_MAX) {
    318 		return EINVAL;
    319 	}
    320 
    321 	if (name != NULL) {
    322 		len = strlen(name);
    323 		if (len > SEM_MAX_NAMELEN) {
    324 			return ENAMETOOLONG;
    325 		}
    326 		/* Name must start with a '/' but not contain one. */
    327 		if (*name != '/' || len < 2 || strchr(name + 1, '/') != NULL) {
    328 			return EINVAL;
    329 		}
    330 		kname = kmem_alloc(++len, KM_SLEEP);
    331 		strlcpy(kname, name, len);
    332 	} else {
    333 		kname = NULL;
    334 		len = 0;
    335 	}
    336 
    337 	if (atomic_inc_uint_nv(&l->l_proc->p_nsems) > SEM_NSEMS_MAX) {
    338                atomic_dec_uint(&l->l_proc->p_nsems);
    339 		return -1;
    340        }
    341 
    342 	ks = kmem_zalloc(sizeof(ksem_t), KM_SLEEP);
    343 	mutex_init(&ks->ks_lock, MUTEX_DEFAULT, IPL_NONE);
    344 	cv_init(&ks->ks_cv, "psem");
    345 	ks->ks_name = kname;
    346 	ks->ks_namelen = len;
    347 	ks->ks_mode = mode;
    348 	ks->ks_value = val;
    349 	ks->ks_ref = 1;
    350 
    351 	uc = l->l_cred;
    352 	ks->ks_uid = kauth_cred_geteuid(uc);
    353 	ks->ks_gid = kauth_cred_getegid(uc);
    354 
    355 	atomic_inc_uint(&nsems_total);
    356 	*ksret = ks;
    357 	return 0;
    358 }
    359 
    360 static void
    361 ksem_free(ksem_t *ks)
    362 {
    363 
    364 	KASSERT(!cv_has_waiters(&ks->ks_cv));
    365 
    366 	if (ks->ks_name) {
    367 		KASSERT(ks->ks_namelen > 0);
    368 		kmem_free(ks->ks_name, ks->ks_namelen);
    369 	}
    370 	mutex_destroy(&ks->ks_lock);
    371 	cv_destroy(&ks->ks_cv);
    372 	kmem_free(ks, sizeof(ksem_t));
    373 
    374 	atomic_dec_uint(&nsems_total);
    375  	atomic_dec_uint(&curproc->p_nsems);
    376 }
    377 
    378 int
    379 sys__ksem_init(struct lwp *l, const struct sys__ksem_init_args *uap,
    380     register_t *retval)
    381 {
    382 	/* {
    383 		unsigned int value;
    384 		intptr_t *idp;
    385 	} */
    386 
    387 	return do_ksem_init(l, SCARG(uap, value), SCARG(uap, idp), copyout);
    388 }
    389 
    390 int
    391 do_ksem_init(lwp_t *l, u_int val, intptr_t *idp, copyout_t docopyout)
    392 {
    393 	proc_t *p = l->l_proc;
    394 	ksem_t *ks;
    395 	file_t *fp;
    396 	intptr_t id;
    397 	int fd, error;
    398 
    399 	error = fd_allocfile(&fp, &fd);
    400 	if (error) {
    401 		return error;
    402 	}
    403 	fp->f_type = DTYPE_SEM;
    404 	fp->f_flag = FREAD | FWRITE;
    405 	fp->f_ops = &semops;
    406 
    407 	id = (intptr_t)fd;
    408 	error = (*docopyout)(&id, idp, sizeof(*idp));
    409 	if (error) {
    410 		fd_abort(p, fp, fd);
    411 		return error;
    412 	}
    413 
    414 	/* Note the mode does not matter for anonymous semaphores. */
    415 	error = ksem_create(l, NULL, &ks, 0, val);
    416 	if (error) {
    417 		fd_abort(p, fp, fd);
    418 		return error;
    419 	}
    420 	fp->f_ksem = ks;
    421 	fd_affix(p, fp, fd);
    422 	return error;
    423 }
    424 
    425 int
    426 sys__ksem_open(struct lwp *l, const struct sys__ksem_open_args *uap,
    427     register_t *retval)
    428 {
    429 	/* {
    430 		const char *name;
    431 		int oflag;
    432 		mode_t mode;
    433 		unsigned int value;
    434 		intptr_t *idp;
    435 	} */
    436 
    437 	return do_ksem_open(l, SCARG(uap, name), SCARG(uap, oflag),
    438 	    SCARG(uap, mode), SCARG(uap, value), SCARG(uap, idp), copyout);
    439 }
    440 
    441 int
    442 do_ksem_open(struct lwp *l, const char *semname, int oflag, mode_t mode,
    443      unsigned int value, intptr_t *idp, copyout_t docopyout)
    444 {
    445 	char name[SEM_MAX_NAMELEN + 1];
    446 	proc_t *p = l->l_proc;
    447 	ksem_t *ksnew = NULL, *ks;
    448 	file_t *fp;
    449 	intptr_t id;
    450 	int fd, error;
    451 
    452 	error = copyinstr(semname, name, sizeof(name), NULL);
    453 	if (error) {
    454 		return error;
    455 	}
    456 	error = fd_allocfile(&fp, &fd);
    457 	if (error) {
    458 		return error;
    459 	}
    460 	fp->f_type = DTYPE_SEM;
    461 	fp->f_flag = FREAD | FWRITE;
    462 	fp->f_ops = &semops;
    463 
    464 	/*
    465 	 * The ID (file descriptor number) can be stored early.
    466 	 * Note that zero is a special value for libpthread.
    467 	 */
    468 	id = (intptr_t)fd;
    469 	error = (*docopyout)(&id, idp, sizeof(*idp));
    470 	if (error) {
    471 		goto err;
    472 	}
    473 
    474 	if (oflag & O_CREAT) {
    475 		/* Create a new semaphore. */
    476 		error = ksem_create(l, name, &ksnew, mode, value);
    477 		if (error) {
    478 			goto err;
    479 		}
    480 		KASSERT(ksnew != NULL);
    481 	}
    482 
    483 	/* Lookup for a semaphore with such name. */
    484 	mutex_enter(&ksem_lock);
    485 	ks = ksem_lookup(name);
    486 	if (ks) {
    487 		KASSERT(mutex_owned(&ks->ks_lock));
    488 		mutex_exit(&ksem_lock);
    489 
    490 		/* Check for exclusive create. */
    491 		if (oflag & O_EXCL) {
    492 			mutex_exit(&ks->ks_lock);
    493 			error = EEXIST;
    494 			goto err;
    495 		}
    496 		/*
    497 		 * Verify permissions.  If we can access it,
    498 		 * add the reference of this thread.
    499 		 */
    500 		error = ksem_perm(l, ks);
    501 		if (error == 0) {
    502 			ks->ks_ref++;
    503 		}
    504 		mutex_exit(&ks->ks_lock);
    505 		if (error) {
    506 			goto err;
    507 		}
    508 	} else {
    509 		/* Fail if not found and not creating. */
    510 		if ((oflag & O_CREAT) == 0) {
    511 			mutex_exit(&ksem_lock);
    512 			KASSERT(ksnew == NULL);
    513 			error = ENOENT;
    514 			goto err;
    515 		}
    516 
    517 		/* Check for the limit locked. */
    518 		if (nsems >= ksem_max) {
    519 			mutex_exit(&ksem_lock);
    520 			error = ENFILE;
    521 			goto err;
    522 		}
    523 
    524 		/*
    525 		 * Finally, insert semaphore into the list.
    526 		 * Note: it already has the initial reference.
    527 		 */
    528 		ks = ksnew;
    529 		LIST_INSERT_HEAD(&ksem_head, ks, ks_entry);
    530 		nsems++;
    531 		mutex_exit(&ksem_lock);
    532 
    533 		ksnew = NULL;
    534 	}
    535 	KASSERT(ks != NULL);
    536 	fp->f_ksem = ks;
    537 	fd_affix(p, fp, fd);
    538 err:
    539 	if (error) {
    540 		fd_abort(p, fp, fd);
    541 	}
    542 	if (ksnew) {
    543 		ksem_free(ksnew);
    544 	}
    545 	return error;
    546 }
    547 
    548 int
    549 sys__ksem_close(struct lwp *l, const struct sys__ksem_close_args *uap,
    550     register_t *retval)
    551 {
    552 	/* {
    553 		intptr_t id;
    554 	} */
    555 	int fd = (int)SCARG(uap, id);
    556 
    557 	if (fd_getfile(fd) == NULL) {
    558 		return EBADF;
    559 	}
    560 	return fd_close(fd);
    561 }
    562 
    563 static int
    564 ksem_read_fop(file_t *fp, off_t *offset, struct uio *uio, kauth_cred_t cred,
    565     int flags)
    566 {
    567 	size_t len;
    568 	char *name;
    569 	ksem_t *ks = fp->f_ksem;
    570 
    571 	mutex_enter(&ks->ks_lock);
    572 	len = ks->ks_namelen;
    573 	name = ks->ks_name;
    574 	mutex_exit(&ks->ks_lock);
    575 	if (name == NULL || len == 0)
    576 		return 0;
    577 	return uiomove(name, len, uio);
    578 }
    579 
    580 static int
    581 ksem_stat_fop(file_t *fp, struct stat *ub)
    582 {
    583 	ksem_t *ks = fp->f_ksem;
    584 
    585 	mutex_enter(&ks->ks_lock);
    586 
    587 	memset(ub, 0, sizeof(*ub));
    588 
    589 	ub->st_mode = ks->ks_mode | ((ks->ks_name && ks->ks_namelen)
    590 	    ? _S_IFLNK : _S_IFREG);
    591 	ub->st_uid = ks->ks_uid;
    592 	ub->st_gid = ks->ks_gid;
    593 	ub->st_size = ks->ks_value;
    594 	ub->st_blocks = (ub->st_size) ? 1 : 0;
    595 	ub->st_nlink = ks->ks_ref;
    596 	ub->st_blksize = 4096;
    597 
    598 	nanotime(&ub->st_atimespec);
    599 	ub->st_mtimespec = ub->st_ctimespec = ub->st_birthtimespec =
    600 	    ub->st_atimespec;
    601 
    602 	/*
    603 	 * Left as 0: st_dev, st_ino, st_rdev, st_flags, st_gen.
    604 	 * XXX (st_dev, st_ino) should be unique.
    605 	 */
    606 	mutex_exit(&ks->ks_lock);
    607 	return 0;
    608 }
    609 
    610 static int
    611 ksem_close_fop(file_t *fp)
    612 {
    613 	ksem_t *ks = fp->f_ksem;
    614 	bool destroy = false;
    615 
    616 	mutex_enter(&ks->ks_lock);
    617 	KASSERT(ks->ks_ref > 0);
    618 	if (--ks->ks_ref == 0) {
    619 		/*
    620 		 * Destroy if the last reference and semaphore is unnamed,
    621 		 * or unlinked (for named semaphore).
    622 		 */
    623 		destroy = (ks->ks_flags & KS_UNLINKED) || (ks->ks_name == NULL);
    624 	}
    625 	mutex_exit(&ks->ks_lock);
    626 
    627 	if (destroy) {
    628 		ksem_free(ks);
    629 	}
    630 	return 0;
    631 }
    632 
    633 int
    634 sys__ksem_unlink(struct lwp *l, const struct sys__ksem_unlink_args *uap,
    635     register_t *retval)
    636 {
    637 	/* {
    638 		const char *name;
    639 	} */
    640 	char name[SEM_MAX_NAMELEN + 1];
    641 	ksem_t *ks;
    642 	u_int refcnt;
    643 	int error;
    644 
    645 	error = copyinstr(SCARG(uap, name), name, sizeof(name), NULL);
    646 	if (error)
    647 		return error;
    648 
    649 	mutex_enter(&ksem_lock);
    650 	ks = ksem_lookup(name);
    651 	if (ks == NULL) {
    652 		mutex_exit(&ksem_lock);
    653 		return ENOENT;
    654 	}
    655 	KASSERT(mutex_owned(&ks->ks_lock));
    656 
    657 	/* Verify permissions. */
    658 	error = ksem_perm(l, ks);
    659 	if (error) {
    660 		mutex_exit(&ks->ks_lock);
    661 		mutex_exit(&ksem_lock);
    662 		return error;
    663 	}
    664 
    665 	/* Remove from the global list. */
    666 	LIST_REMOVE(ks, ks_entry);
    667 	nsems--;
    668 	mutex_exit(&ksem_lock);
    669 
    670 	refcnt = ks->ks_ref;
    671 	if (refcnt) {
    672 		/* Mark as unlinked, if there are references. */
    673 		ks->ks_flags |= KS_UNLINKED;
    674 	}
    675 	mutex_exit(&ks->ks_lock);
    676 
    677 	if (refcnt == 0) {
    678 		ksem_free(ks);
    679 	}
    680 	return 0;
    681 }
    682 
    683 int
    684 sys__ksem_post(struct lwp *l, const struct sys__ksem_post_args *uap,
    685     register_t *retval)
    686 {
    687 	/* {
    688 		intptr_t id;
    689 	} */
    690 	int fd = (int)SCARG(uap, id), error;
    691 	ksem_t *ks;
    692 
    693 	error = ksem_get(fd, &ks);
    694 	if (error) {
    695 		return error;
    696 	}
    697 	KASSERT(mutex_owned(&ks->ks_lock));
    698 	if (ks->ks_value == SEM_VALUE_MAX) {
    699 		error = EOVERFLOW;
    700 		goto out;
    701 	}
    702 	ks->ks_value++;
    703 	if (ks->ks_waiters) {
    704 		cv_broadcast(&ks->ks_cv);
    705 	}
    706 out:
    707 	mutex_exit(&ks->ks_lock);
    708 	fd_putfile(fd);
    709 	return error;
    710 }
    711 
    712 int
    713 do_ksem_wait(lwp_t *l, intptr_t id, bool try_p, struct timespec *abstime)
    714 {
    715 	int fd = (int)id, error, timeo;
    716 	ksem_t *ks;
    717 
    718 	error = ksem_get(fd, &ks);
    719 	if (error) {
    720 		return error;
    721 	}
    722 	KASSERT(mutex_owned(&ks->ks_lock));
    723 	while (ks->ks_value == 0) {
    724 		ks->ks_waiters++;
    725 		if (!try_p && abstime != NULL) {
    726 			error = ts2timo(CLOCK_REALTIME, TIMER_ABSTIME, abstime,
    727 			    &timeo, NULL);
    728 			if (error != 0)
    729 				goto out;
    730 		} else {
    731 			timeo = 0;
    732 		}
    733 		error = try_p ? EAGAIN : cv_timedwait_sig(&ks->ks_cv,
    734 		    &ks->ks_lock, timeo);
    735 		ks->ks_waiters--;
    736 		if (error)
    737 			goto out;
    738 	}
    739 	ks->ks_value--;
    740 out:
    741 	mutex_exit(&ks->ks_lock);
    742 	fd_putfile(fd);
    743 	return error;
    744 }
    745 
    746 int
    747 sys__ksem_wait(struct lwp *l, const struct sys__ksem_wait_args *uap,
    748     register_t *retval)
    749 {
    750 	/* {
    751 		intptr_t id;
    752 	} */
    753 
    754 	return do_ksem_wait(l, SCARG(uap, id), false, NULL);
    755 }
    756 
    757 int
    758 sys__ksem_timedwait(struct lwp *l, const struct sys__ksem_timedwait_args *uap,
    759     register_t *retval)
    760 {
    761 	/* {
    762 		intptr_t id;
    763 		const struct timespec *abstime;
    764 	} */
    765 	struct timespec ts;
    766 	int error;
    767 
    768 	error = copyin(SCARG(uap, abstime), &ts, sizeof(ts));
    769 	if (error != 0)
    770 		return error;
    771 
    772 	if (ts.tv_sec < 0 || ts.tv_nsec < 0 || ts.tv_nsec >= 1000000000)
    773 		return EINVAL;
    774 
    775 	error = do_ksem_wait(l, SCARG(uap, id), false, &ts);
    776 	if (error == EWOULDBLOCK)
    777 		error = ETIMEDOUT;
    778 	return error;
    779 }
    780 
    781 int
    782 sys__ksem_trywait(struct lwp *l, const struct sys__ksem_trywait_args *uap,
    783     register_t *retval)
    784 {
    785 	/* {
    786 		intptr_t id;
    787 	} */
    788 
    789 	return do_ksem_wait(l, SCARG(uap, id), true, NULL);
    790 }
    791 
    792 int
    793 sys__ksem_getvalue(struct lwp *l, const struct sys__ksem_getvalue_args *uap,
    794     register_t *retval)
    795 {
    796 	/* {
    797 		intptr_t id;
    798 		unsigned int *value;
    799 	} */
    800 	int fd = (int)SCARG(uap, id), error;
    801 	ksem_t *ks;
    802 	unsigned int val;
    803 
    804 	error = ksem_get(fd, &ks);
    805 	if (error) {
    806 		return error;
    807 	}
    808 	KASSERT(mutex_owned(&ks->ks_lock));
    809 	val = ks->ks_value;
    810 	mutex_exit(&ks->ks_lock);
    811 	fd_putfile(fd);
    812 
    813 	return copyout(&val, SCARG(uap, value), sizeof(val));
    814 }
    815 
    816 int
    817 sys__ksem_destroy(struct lwp *l, const struct sys__ksem_destroy_args *uap,
    818     register_t *retval)
    819 {
    820 	/* {
    821 		intptr_t id;
    822 	} */
    823 	int fd = (int)SCARG(uap, id), error;
    824 	ksem_t *ks;
    825 
    826 	error = ksem_get(fd, &ks);
    827 	if (error) {
    828 		return error;
    829 	}
    830 	KASSERT(mutex_owned(&ks->ks_lock));
    831 
    832 	/* Operation is only for unnamed semaphores. */
    833 	if (ks->ks_name != NULL) {
    834 		error = EINVAL;
    835 		goto out;
    836 	}
    837 	/* Cannot destroy if there are waiters. */
    838 	if (ks->ks_waiters) {
    839 		error = EBUSY;
    840 		goto out;
    841 	}
    842 out:
    843 	mutex_exit(&ks->ks_lock);
    844 	if (error) {
    845 		fd_putfile(fd);
    846 		return error;
    847 	}
    848 	return fd_close(fd);
    849 }
    850