 @@ -1,1278 +1,1279 @@
-/*	$NetBSD: sysv_msg.c,v 1.61 2009/01/28 00:59:03 njoly Exp $	*/
+/*	$NetBSD: sysv_msg.c,v 1.62 2011/07/30 06:19:02 uebayasi Exp $	*/
 /*-
  * Copyright (c) 1999, 2006, 2007 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
  * NASA Ames Research Center, and by Andrew Doran.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Implementation of SVID messages
+ *
  * Author: Daniel Boulet
+ *
  * Copyright 1993 Daniel Boulet and RTMX Inc.
+ *
  * This system call was implemented by Daniel Boulet under contract from RTMX.
+ *
  * Redistribution and use in source forms, with and without modification,
  * are permitted provided that this entire comment appears intact.
+ *
  * Redistribution in binary form may occur without any restrictions.
  * Obviously, it would be nice if you gave credit where credit is due
  * but requiring it would be too onerous.
+ *
  * This software is provided ``AS IS'' without any warranties of any kind.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.61 2009/01/28 00:59:03 njoly Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.62 2011/07/30 06:19:02 uebayasi Exp $");
 #define SYSVMSG
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/msg.h>
 #include <sys/sysctl.h>
 #include <sys/mount.h>		/* XXX for <sys/syscallargs.h> */
 #include <sys/syscallargs.h>
 #include <sys/kauth.h>
 #define MSG_DEBUG
 #undef MSG_DEBUG_OK
 #ifdef MSG_DEBUG_OK
 #define MSG_PRINTF(a)	printf a
 #else
 #define MSG_PRINTF(a)
 #endif
 static int	nfree_msgmaps;		/* # of free map entries */
 static short	free_msgmaps;	/* head of linked list of free map entries */
 static struct	__msg *free_msghdrs;	/* list of free msg headers */
 static char	*msgpool;		/* MSGMAX byte long msg buffer pool */
 static struct	msgmap *msgmaps;	/* MSGSEG msgmap structures */
 static struct __msg *msghdrs;		/* MSGTQL msg headers */
 kmsq_t	*msqs;				/* MSGMNI msqid_ds struct's */
 kmutex_t msgmutex;			/* subsystem lock */
 static u_int	msg_waiters = 0;	/* total number of msgrcv waiters */
 static bool	msg_realloc_state;
 static kcondvar_t msg_realloc_cv;
 static void msg_freehdr(struct __msg *);
 void
 msginit(void)
+{
 	int i, sz;
 	vaddr_t v;
 	/*
 	 * msginfo.msgssz should be a power of two for efficiency reasons.
 	 * It is also pretty silly if msginfo.msgssz is less than 8
 	 * or greater than about 256 so ...
 	 */
 	i = 8;
 	while (i < 1024 && i != msginfo.msgssz)
 		i <<= 1;
 	if (i != msginfo.msgssz) {
 		panic("msginfo.msgssz = %d, not a small power of 2",
 		    msginfo.msgssz);
+	}
 	if (msginfo.msgseg > 32767) {
 		panic("msginfo.msgseg = %d > 32767", msginfo.msgseg);
+	}
 	/* Allocate the wired memory for our structures */
 	sz = ALIGN(msginfo.msgmax) +
 	    ALIGN(msginfo.msgseg * sizeof(struct msgmap)) +
 	    ALIGN(msginfo.msgtql * sizeof(struct __msg)) +
 	    ALIGN(msginfo.msgmni * sizeof(kmsq_t));
-	v = uvm_km_alloc(kernel_map, round_page(sz), 0,
+	sz = round_page(sz);
-	    UVM_KMF_WIRED|UVM_KMF_ZERO);
+	v = uvm_km_alloc(kernel_map, sz, 0, UVM_KMF_WIRED|UVM_KMF_ZERO);
 	if (v == 0)
 		panic("sysv_msg: cannot allocate memory");
 	msgpool = (void *)v;
 	msgmaps = (void *)((uintptr_t)msgpool + ALIGN(msginfo.msgmax));
 	msghdrs = (void *)((uintptr_t)msgmaps +
 	    ALIGN(msginfo.msgseg * sizeof(struct msgmap)));
 	msqs = (void *)((uintptr_t)msghdrs +
 	    ALIGN(msginfo.msgtql * sizeof(struct __msg)));
 	for (i = 0; i < (msginfo.msgseg - 1); i++)
 		msgmaps[i].next = i + 1;
 	msgmaps[msginfo.msgseg - 1].next = -1;
 	free_msgmaps = 0;
 	nfree_msgmaps = msginfo.msgseg;
 	for (i = 0; i < (msginfo.msgtql - 1); i++) {
 		msghdrs[i].msg_type = 0;
 		msghdrs[i].msg_next = &msghdrs[i + 1];
+	}
 	i = msginfo.msgtql - 1;
 	msghdrs[i].msg_type = 0;
 	msghdrs[i].msg_next = NULL;
 	free_msghdrs = &msghdrs[0];
 	for (i = 0; i < msginfo.msgmni; i++) {
 		cv_init(&msqs[i].msq_cv, "msgwait");
 		/* Implies entry is available */
 		msqs[i].msq_u.msg_qbytes = 0;
 		/* Reset to a known value */
 		msqs[i].msq_u.msg_perm._seq = 0;
+	}
 	mutex_init(&msgmutex, MUTEX_DEFAULT, IPL_NONE);
 	cv_init(&msg_realloc_cv, "msgrealc");
 	msg_realloc_state = false;
+}
 static int
 msgrealloc(int newmsgmni, int newmsgseg)
+{
 	struct msgmap *new_msgmaps;
 	struct __msg *new_msghdrs, *new_free_msghdrs;
 	char *old_msgpool, *new_msgpool;
 	kmsq_t *new_msqs;
 	vaddr_t v;
 	int i, sz, msqid, newmsgmax, new_nfree_msgmaps;
 	short new_free_msgmaps;
 	if (newmsgmni < 1 || newmsgseg < 1)
 		return EINVAL;
 	/* Allocate the wired memory for our structures */
 	newmsgmax = msginfo.msgssz * newmsgseg;
 	sz = ALIGN(newmsgmax) +
 	    ALIGN(newmsgseg * sizeof(struct msgmap)) +
 	    ALIGN(msginfo.msgtql * sizeof(struct __msg)) +
 	    ALIGN(newmsgmni * sizeof(kmsq_t));
-	v = uvm_km_alloc(kernel_map, round_page(sz), 0,
+	sz = round_page(sz);
-	    UVM_KMF_WIRED|UVM_KMF_ZERO);
+	v = uvm_km_alloc(kernel_map, sz, 0, UVM_KMF_WIRED|UVM_KMF_ZERO);
 	if (v == 0)
 		return ENOMEM;
 	mutex_enter(&msgmutex);
 	if (msg_realloc_state) {
 		mutex_exit(&msgmutex);
 		uvm_km_free(kernel_map, v, sz, UVM_KMF_WIRED);
 		return EBUSY;
+	}
 	msg_realloc_state = true;
 	if (msg_waiters) {
 		/*
 		 * Mark reallocation state, wake-up all waiters,
 		 * and wait while they will all exit.
 		 */
 		for (i = 0; i < msginfo.msgmni; i++)
 			cv_broadcast(&msqs[i].msq_cv);
 		while (msg_waiters)
 			cv_wait(&msg_realloc_cv, &msgmutex);
+	}
 	old_msgpool = msgpool;
 	/* We cannot reallocate less memory than we use */
 	i = 0;
 	for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
 		struct msqid_ds *mptr;
 		kmsq_t *msq;
 		msq = &msqs[msqid];
 		mptr = &msq->msq_u;
 		if (mptr->msg_qbytes || (mptr->msg_perm.mode & MSG_LOCKED))
 			i = msqid;
+	}
 	if (i >= newmsgmni || (msginfo.msgseg - nfree_msgmaps) > newmsgseg) {
 		mutex_exit(&msgmutex);
 		uvm_km_free(kernel_map, v, sz, UVM_KMF_WIRED);
 		return EBUSY;
+	}
 	new_msgpool = (void *)v;
 	new_msgmaps = (void *)((uintptr_t)new_msgpool + ALIGN(newmsgmax));
 	new_msghdrs = (void *)((uintptr_t)new_msgmaps +
 	    ALIGN(newmsgseg * sizeof(struct msgmap)));
 	new_msqs = (void *)((uintptr_t)new_msghdrs +
 	    ALIGN(msginfo.msgtql * sizeof(struct __msg)));
 	/* Initialize the structures */
 	for (i = 0; i < (newmsgseg - 1); i++)
 		new_msgmaps[i].next = i + 1;
 	new_msgmaps[newmsgseg - 1].next = -1;
 	new_free_msgmaps = 0;
 	new_nfree_msgmaps = newmsgseg;
 	for (i = 0; i < (msginfo.msgtql - 1); i++) {
 		new_msghdrs[i].msg_type = 0;
 		new_msghdrs[i].msg_next = &new_msghdrs[i + 1];
+	}
 	i = msginfo.msgtql - 1;
 	new_msghdrs[i].msg_type = 0;
 	new_msghdrs[i].msg_next = NULL;
 	new_free_msghdrs = &new_msghdrs[0];
 	for (i = 0; i < newmsgmni; i++) {
 		new_msqs[i].msq_u.msg_qbytes = 0;
 		new_msqs[i].msq_u.msg_perm._seq = 0;
 		cv_init(&new_msqs[i].msq_cv, "msgwait");
+	}
 	/*
 	 * Copy all message queue identifiers, mesage headers and buffer
 	 * pools to the new memory location.
 	 */
 	for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
 		struct __msg *nmsghdr, *msghdr, *pmsghdr;
 		struct msqid_ds *nmptr, *mptr;
 		kmsq_t *nmsq, *msq;
 		msq = &msqs[msqid];
 		mptr = &msq->msq_u;
 		if (mptr->msg_qbytes == 0 &&
 		    (mptr->msg_perm.mode & MSG_LOCKED) == 0)
 			continue;
 		nmsq = &new_msqs[msqid];
 		nmptr = &nmsq->msq_u;
 		memcpy(nmptr, mptr, sizeof(struct msqid_ds));
 		/*
 		 * Go through the message headers, and and copy each
 		 * one by taking the new ones, and thus defragmenting.
 		 */
 		nmsghdr = pmsghdr = NULL;
 		msghdr = mptr->_msg_first;
 		while (msghdr) {
 			short nnext = 0, next;
 			u_short msgsz, segcnt;
 			/* Take an entry from the new list of free msghdrs */
 			nmsghdr = new_free_msghdrs;
 			KASSERT(nmsghdr != NULL);
 			new_free_msghdrs = nmsghdr->msg_next;
 			nmsghdr->msg_next = NULL;
 			if (pmsghdr) {
 				pmsghdr->msg_next = nmsghdr;
 			} else {
 				nmptr->_msg_first = nmsghdr;
 				pmsghdr = nmsghdr;
+			}
 			nmsghdr->msg_ts = msghdr->msg_ts;
 			nmsghdr->msg_spot = -1;
 			/* Compute the amount of segments and reserve them */
 			msgsz = msghdr->msg_ts;
 			segcnt = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz;
 			if (segcnt == 0)
 				continue;
 			while (segcnt--) {
 				nnext = new_free_msgmaps;
 				new_free_msgmaps = new_msgmaps[nnext].next;
 				new_nfree_msgmaps--;
 				new_msgmaps[nnext].next = nmsghdr->msg_spot;
 				nmsghdr->msg_spot = nnext;
+			}
 			/* Copy all segments */
 			KASSERT(nnext == nmsghdr->msg_spot);
 			next = msghdr->msg_spot;
 			while (msgsz > 0) {
 				size_t tlen;
 				if (msgsz >= msginfo.msgssz) {
 					tlen = msginfo.msgssz;
 					msgsz -= msginfo.msgssz;
 				} else {
 					tlen = msgsz;
 					msgsz = 0;
+				}
 				/* Copy the message buffer */
 				memcpy(&new_msgpool[nnext * msginfo.msgssz],
 				    &msgpool[next * msginfo.msgssz], tlen);
 				/* Next entry of the map */
 				nnext = msgmaps[nnext].next;
 				next = msgmaps[next].next;
+			}
 			/* Next message header */
 			msghdr = msghdr->msg_next;
+		}
 		nmptr->_msg_last = nmsghdr;
+	}
 	KASSERT((msginfo.msgseg - nfree_msgmaps) ==
 	    (newmsgseg - new_nfree_msgmaps));
 	sz = ALIGN(msginfo.msgmax) +
 	    ALIGN(msginfo.msgseg * sizeof(struct msgmap)) +
 	    ALIGN(msginfo.msgtql * sizeof(struct __msg)) +
 	    ALIGN(msginfo.msgmni * sizeof(kmsq_t));
 	sz = round_page(sz);
 	for (i = 0; i < msginfo.msgmni; i++)
 		cv_destroy(&msqs[i].msq_cv);
 	/* Set the pointers and update the new values */
 	msgpool = new_msgpool;
 	msgmaps = new_msgmaps;
 	msghdrs = new_msghdrs;
 	msqs = new_msqs;
 	free_msghdrs = new_free_msghdrs;
 	free_msgmaps = new_free_msgmaps;
 	nfree_msgmaps = new_nfree_msgmaps;
 	msginfo.msgmni = newmsgmni;
 	msginfo.msgseg = newmsgseg;
 	msginfo.msgmax = newmsgmax;
 	/* Reallocation completed - notify all waiters, if any */
 	msg_realloc_state = false;
 	cv_broadcast(&msg_realloc_cv);
 	mutex_exit(&msgmutex);
 	uvm_km_free(kernel_map, (vaddr_t)old_msgpool, sz, UVM_KMF_WIRED);
 	return 0;
+}
 static void
 msg_freehdr(struct __msg *msghdr)
+{
 	KASSERT(mutex_owned(&msgmutex));
 	while (msghdr->msg_ts > 0) {
 		short next;
 		KASSERT(msghdr->msg_spot >= 0);
 		KASSERT(msghdr->msg_spot < msginfo.msgseg);
 		next = msgmaps[msghdr->msg_spot].next;
 		msgmaps[msghdr->msg_spot].next = free_msgmaps;
 		free_msgmaps = msghdr->msg_spot;
 		nfree_msgmaps++;
 		msghdr->msg_spot = next;
 		if (msghdr->msg_ts >= msginfo.msgssz)
 			msghdr->msg_ts -= msginfo.msgssz;
 		else
 			msghdr->msg_ts = 0;
+	}
 	KASSERT(msghdr->msg_spot == -1);
 	msghdr->msg_next = free_msghdrs;
 	free_msghdrs = msghdr;
+}
 int
 sys___msgctl50(struct lwp *l, const struct sys___msgctl50_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) msqid;
 		syscallarg(int) cmd;
 		syscallarg(struct msqid_ds *) buf;
 	} */
 	struct msqid_ds msqbuf;
 	int cmd, error;
 	cmd = SCARG(uap, cmd);
 	if (cmd == IPC_SET) {
 		error = copyin(SCARG(uap, buf), &msqbuf, sizeof(msqbuf));
 		if (error)
 			return (error);
+	}
 	error = msgctl1(l, SCARG(uap, msqid), cmd,
 	    (cmd == IPC_SET || cmd == IPC_STAT) ? &msqbuf : NULL);
 	if (error == 0 && cmd == IPC_STAT)
 		error = copyout(&msqbuf, SCARG(uap, buf), sizeof(msqbuf));
 	return (error);
+}
 int
 msgctl1(struct lwp *l, int msqid, int cmd, struct msqid_ds *msqbuf)
+{
 	kauth_cred_t cred = l->l_cred;
 	struct msqid_ds *msqptr;
 	kmsq_t *msq;
 	int error = 0, ix;
 	MSG_PRINTF(("call to msgctl1(%d, %d)\n", msqid, cmd));
 	ix = IPCID_TO_IX(msqid);
 	mutex_enter(&msgmutex);
 	if (ix < 0 || ix >= msginfo.msgmni) {
 		MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", ix,
 		    msginfo.msgmni));
 		error = EINVAL;
 		goto unlock;
+	}
 	msq = &msqs[ix];
 	msqptr = &msq->msq_u;
 	if (msqptr->msg_qbytes == 0) {
 		MSG_PRINTF(("no such msqid\n"));
 		error = EINVAL;
 		goto unlock;
+	}
 	if (msqptr->msg_perm._seq != IPCID_TO_SEQ(msqid)) {
 		MSG_PRINTF(("wrong sequence number\n"));
 		error = EINVAL;
 		goto unlock;
+	}
 	switch (cmd) {
 	case IPC_RMID:
+	{
 		struct __msg *msghdr;
 		if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)) != 0)
 			break;
 		/* Free the message headers */
 		msghdr = msqptr->_msg_first;
 		while (msghdr != NULL) {
 			struct __msg *msghdr_tmp;
 			/* Free the segments of each message */
 			msqptr->_msg_cbytes -= msghdr->msg_ts;
 			msqptr->msg_qnum--;
 			msghdr_tmp = msghdr;
 			msghdr = msghdr->msg_next;
 			msg_freehdr(msghdr_tmp);
+		}
 		KASSERT(msqptr->_msg_cbytes == 0);
 		KASSERT(msqptr->msg_qnum == 0);
 		/* Mark it as free */
 		msqptr->msg_qbytes = 0;
 		cv_broadcast(&msq->msq_cv);
+	}
 		break;
 	case IPC_SET:
 		if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)))
 			break;
 		if (msqbuf->msg_qbytes > msqptr->msg_qbytes &&
 		    kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
 		    NULL) != 0) {
 			error = EPERM;
 			break;
+		}
 		if (msqbuf->msg_qbytes > msginfo.msgmnb) {
 			MSG_PRINTF(("can't increase msg_qbytes beyond %d "
 			    "(truncating)\n", msginfo.msgmnb));
 			/* silently restrict qbytes to system limit */
 			msqbuf->msg_qbytes = msginfo.msgmnb;
+		}
 		if (msqbuf->msg_qbytes == 0) {
 			MSG_PRINTF(("can't reduce msg_qbytes to 0\n"));
 			error = EINVAL;		/* XXX non-standard errno! */
 			break;
+		}
 		msqptr->msg_perm.uid = msqbuf->msg_perm.uid;
 		msqptr->msg_perm.gid = msqbuf->msg_perm.gid;
 		msqptr->msg_perm.mode = (msqptr->msg_perm.mode & ~0777) |
 		    (msqbuf->msg_perm.mode & 0777);
 		msqptr->msg_qbytes = msqbuf->msg_qbytes;
 		msqptr->msg_ctime = time_second;
 		break;
 	case IPC_STAT:
 		if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) {
 			MSG_PRINTF(("requester doesn't have read access\n"));
 			break;
+		}
 		memcpy(msqbuf, msqptr, sizeof(struct msqid_ds));
 		break;
 	default:
 		MSG_PRINTF(("invalid command %d\n", cmd));
 		error = EINVAL;
 		break;
+	}
 unlock:
 	mutex_exit(&msgmutex);
 	return (error);
+}
 int
 sys_msgget(struct lwp *l, const struct sys_msgget_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(key_t) key;
 		syscallarg(int) msgflg;
 	} */
 	int msqid, error = 0;
 	int key = SCARG(uap, key);
 	int msgflg = SCARG(uap, msgflg);
 	kauth_cred_t cred = l->l_cred;
 	struct msqid_ds *msqptr = NULL;
 	kmsq_t *msq;
 	mutex_enter(&msgmutex);
 	MSG_PRINTF(("msgget(0x%x, 0%o)\n", key, msgflg));
 	if (key != IPC_PRIVATE) {
 		for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
 			msq = &msqs[msqid];
 			msqptr = &msq->msq_u;
 			if (msqptr->msg_qbytes != 0 &&
 			    msqptr->msg_perm._key == key)
 				break;
+		}
 		if (msqid < msginfo.msgmni) {
 			MSG_PRINTF(("found public key\n"));
 			if ((msgflg & IPC_CREAT) && (msgflg & IPC_EXCL)) {
 				MSG_PRINTF(("not exclusive\n"));
 				error = EEXIST;
 				goto unlock;
+			}
 			if ((error = ipcperm(cred, &msqptr->msg_perm,
 			    msgflg & 0700 ))) {
 				MSG_PRINTF(("requester doesn't have 0%o access\n",
 				    msgflg & 0700));
 				goto unlock;
+			}
 			goto found;
+		}
+	}
 	MSG_PRINTF(("need to allocate the msqid_ds\n"));
 	if (key == IPC_PRIVATE || (msgflg & IPC_CREAT)) {
 		for (msqid = 0; msqid < msginfo.msgmni; msqid++) {
 			/*
 			 * Look for an unallocated and unlocked msqid_ds.
 			 * msqid_ds's can be locked by msgsnd or msgrcv while
 			 * they are copying the message in/out.  We can't
 			 * re-use the entry until they release it.
 			 */
 			msq = &msqs[msqid];
 			msqptr = &msq->msq_u;
 			if (msqptr->msg_qbytes == 0 &&
 			    (msqptr->msg_perm.mode & MSG_LOCKED) == 0)
 				break;
+		}
 		if (msqid == msginfo.msgmni) {
 			MSG_PRINTF(("no more msqid_ds's available\n"));
 			error = ENOSPC;
 			goto unlock;
+		}
 		MSG_PRINTF(("msqid %d is available\n", msqid));
 		msqptr->msg_perm._key = key;
 		msqptr->msg_perm.cuid = kauth_cred_geteuid(cred);
 		msqptr->msg_perm.uid = kauth_cred_geteuid(cred);
 		msqptr->msg_perm.cgid = kauth_cred_getegid(cred);
 		msqptr->msg_perm.gid = kauth_cred_getegid(cred);
 		msqptr->msg_perm.mode = (msgflg & 0777);
 		/* Make sure that the returned msqid is unique */
 		msqptr->msg_perm._seq++;
 		msqptr->_msg_first = NULL;
 		msqptr->_msg_last = NULL;
 		msqptr->_msg_cbytes = 0;
 		msqptr->msg_qnum = 0;
 		msqptr->msg_qbytes = msginfo.msgmnb;
 		msqptr->msg_lspid = 0;
 		msqptr->msg_lrpid = 0;
 		msqptr->msg_stime = 0;
 		msqptr->msg_rtime = 0;
 		msqptr->msg_ctime = time_second;
 	} else {
 		MSG_PRINTF(("didn't find it and wasn't asked to create it\n"));
 		error = ENOENT;
 		goto unlock;
+	}
 found:
 	/* Construct the unique msqid */
 	*retval = IXSEQ_TO_IPCID(msqid, msqptr->msg_perm);
 unlock:
 	mutex_exit(&msgmutex);
 	return (error);
+}
 int
 sys_msgsnd(struct lwp *l, const struct sys_msgsnd_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) msqid;
 		syscallarg(const void *) msgp;
 		syscallarg(size_t) msgsz;
 		syscallarg(int) msgflg;
 	} */
 	return msgsnd1(l, SCARG(uap, msqid), SCARG(uap, msgp),
 	    SCARG(uap, msgsz), SCARG(uap, msgflg), sizeof(long), copyin);
+}
 int
 msgsnd1(struct lwp *l, int msqidr, const char *user_msgp, size_t msgsz,
     int msgflg, size_t typesz, copyin_t fetch_type)
+{
 	int segs_needed, error = 0, msqid;
 	kauth_cred_t cred = l->l_cred;
 	struct msqid_ds *msqptr;
 	struct __msg *msghdr;
 	kmsq_t *msq;
 	short next;
 	MSG_PRINTF(("call to msgsnd(%d, %p, %lld, %d)\n", msqid, user_msgp,
 	    (long long)msgsz, msgflg));
 	if ((ssize_t)msgsz < 0)
 		return EINVAL;
 restart:
 	msqid = IPCID_TO_IX(msqidr);
 	mutex_enter(&msgmutex);
 	/* In case of reallocation, we will wait for completion */
 	while (__predict_false(msg_realloc_state))
 		cv_wait(&msg_realloc_cv, &msgmutex);
 	if (msqid < 0 || msqid >= msginfo.msgmni) {
 		MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
 		    msginfo.msgmni));
 		error = EINVAL;
 		goto unlock;
+	}
 	msq = &msqs[msqid];
 	msqptr = &msq->msq_u;
 	if (msqptr->msg_qbytes == 0) {
 		MSG_PRINTF(("no such message queue id\n"));
 		error = EINVAL;
 		goto unlock;
+	}
 	if (msqptr->msg_perm._seq != IPCID_TO_SEQ(msqidr)) {
 		MSG_PRINTF(("wrong sequence number\n"));
 		error = EINVAL;
 		goto unlock;
+	}
 	if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_W))) {
 		MSG_PRINTF(("requester doesn't have write access\n"));
 		goto unlock;
+	}
 	segs_needed = (msgsz + msginfo.msgssz - 1) / msginfo.msgssz;
 	MSG_PRINTF(("msgsz=%lld, msgssz=%d, segs_needed=%d\n",
 	    (long long)msgsz, msginfo.msgssz, segs_needed));
 	for (;;) {
 		int need_more_resources = 0;
 		/*
 		 * check msgsz [cannot be negative since it is unsigned]
 		 * (inside this loop in case msg_qbytes changes while we sleep)
 		 */
 		if (msgsz > msqptr->msg_qbytes) {
 			MSG_PRINTF(("msgsz > msqptr->msg_qbytes\n"));
 			error = EINVAL;
 			goto unlock;
+		}
 		if (msqptr->msg_perm.mode & MSG_LOCKED) {
 			MSG_PRINTF(("msqid is locked\n"));
 			need_more_resources = 1;
+		}
 		if (msgsz + msqptr->_msg_cbytes > msqptr->msg_qbytes) {
 			MSG_PRINTF(("msgsz + msg_cbytes > msg_qbytes\n"));
 			need_more_resources = 1;
+		}
 		if (segs_needed > nfree_msgmaps) {
 			MSG_PRINTF(("segs_needed > nfree_msgmaps\n"));
 			need_more_resources = 1;
+		}
 		if (free_msghdrs == NULL) {
 			MSG_PRINTF(("no more msghdrs\n"));
 			need_more_resources = 1;
+		}
 		if (need_more_resources) {
 			int we_own_it;
 			if ((msgflg & IPC_NOWAIT) != 0) {
 				MSG_PRINTF(("need more resources but caller "
 				    "doesn't want to wait\n"));
 				error = EAGAIN;
 				goto unlock;
+			}
 			if ((msqptr->msg_perm.mode & MSG_LOCKED) != 0) {
 				MSG_PRINTF(("we don't own the msqid_ds\n"));
 				we_own_it = 0;
 			} else {
 				/* Force later arrivals to wait for our
 				   request */
 				MSG_PRINTF(("we own the msqid_ds\n"));
 				msqptr->msg_perm.mode |= MSG_LOCKED;
 				we_own_it = 1;
+			}
 			msg_waiters++;
 			MSG_PRINTF(("goodnight\n"));
 			error = cv_wait_sig(&msq->msq_cv, &msgmutex);
 			MSG_PRINTF(("good morning, error=%d\n", error));
 			msg_waiters--;
 			if (we_own_it)
 				msqptr->msg_perm.mode &= ~MSG_LOCKED;
 			/*
 			 * In case of such state, notify reallocator and
 			 * restart the call.
 			 */
 			if (msg_realloc_state) {
 				cv_broadcast(&msg_realloc_cv);
 				mutex_exit(&msgmutex);
 				goto restart;
+			}
 			if (error != 0) {
 				MSG_PRINTF(("msgsnd: interrupted system "
 				    "call\n"));
 				error = EINTR;
 				goto unlock;
+			}
 			/*
 			 * Make sure that the msq queue still exists
 			 */
 			if (msqptr->msg_qbytes == 0) {
 				MSG_PRINTF(("msqid deleted\n"));
 				error = EIDRM;
 				goto unlock;
+			}
 		} else {
 			MSG_PRINTF(("got all the resources that we need\n"));
 			break;
+		}
+	}
 	/*
 	 * We have the resources that we need.
 	 * Make sure!
 	 */
 	KASSERT((msqptr->msg_perm.mode & MSG_LOCKED) == 0);
 	KASSERT(segs_needed <= nfree_msgmaps);
 	KASSERT(msgsz + msqptr->_msg_cbytes <= msqptr->msg_qbytes);
 	KASSERT(free_msghdrs != NULL);
 	/*
 	 * Re-lock the msqid_ds in case we page-fault when copying in the
 	 * message
 	 */
 	KASSERT((msqptr->msg_perm.mode & MSG_LOCKED) == 0);
 	msqptr->msg_perm.mode |= MSG_LOCKED;
 	/*
 	 * Allocate a message header
 	 */
 	msghdr = free_msghdrs;
 	free_msghdrs = msghdr->msg_next;
 	msghdr->msg_spot = -1;
 	msghdr->msg_ts = msgsz;
 	/*
 	 * Allocate space for the message
 	 */
 	while (segs_needed > 0) {
 		KASSERT(nfree_msgmaps > 0);
 		KASSERT(free_msgmaps != -1);
 		KASSERT(free_msgmaps < msginfo.msgseg);
 		next = free_msgmaps;
 		MSG_PRINTF(("allocating segment %d to message\n", next));
 		free_msgmaps = msgmaps[next].next;
 		nfree_msgmaps--;
 		msgmaps[next].next = msghdr->msg_spot;
 		msghdr->msg_spot = next;
 		segs_needed--;
+	}
 	/*
 	 * Copy in the message type
 	 */
 	mutex_exit(&msgmutex);
 	error = (*fetch_type)(user_msgp, &msghdr->msg_type, typesz);
 	mutex_enter(&msgmutex);
 	if (error != 0) {
 		MSG_PRINTF(("error %d copying the message type\n", error));
 		msg_freehdr(msghdr);
 		msqptr->msg_perm.mode &= ~MSG_LOCKED;
 		cv_broadcast(&msq->msq_cv);
 		goto unlock;
+	}
 	user_msgp += typesz;
 	/*
 	 * Validate the message type
 	 */
 	if (msghdr->msg_type < 1) {
 		msg_freehdr(msghdr);
 		msqptr->msg_perm.mode &= ~MSG_LOCKED;
 		cv_broadcast(&msq->msq_cv);
 		MSG_PRINTF(("mtype (%ld) < 1\n", msghdr->msg_type));
 		error = EINVAL;
 		goto unlock;
+	}
 	/*
 	 * Copy in the message body
 	 */
 	next = msghdr->msg_spot;
 	while (msgsz > 0) {
 		size_t tlen;
 		KASSERT(next > -1);
 		KASSERT(next < msginfo.msgseg);
 		if (msgsz > msginfo.msgssz)
 			tlen = msginfo.msgssz;
 		else
 			tlen = msgsz;
 		mutex_exit(&msgmutex);
 		error = copyin(user_msgp, &msgpool[next * msginfo.msgssz], tlen);
 		mutex_enter(&msgmutex);
 		if (error != 0) {
 			MSG_PRINTF(("error %d copying in message segment\n",
 			    error));
 			msg_freehdr(msghdr);
 			msqptr->msg_perm.mode &= ~MSG_LOCKED;
 			cv_broadcast(&msq->msq_cv);
 			goto unlock;
+		}
 		msgsz -= tlen;
 		user_msgp += tlen;
 		next = msgmaps[next].next;
+	}
 	KASSERT(next == -1);
 	/*
 	 * We've got the message.  Unlock the msqid_ds.
 	 */
 	msqptr->msg_perm.mode &= ~MSG_LOCKED;
 	/*
 	 * Make sure that the msqid_ds is still allocated.
 	 */
 	if (msqptr->msg_qbytes == 0) {
 		msg_freehdr(msghdr);
 		cv_broadcast(&msq->msq_cv);
 		error = EIDRM;
 		goto unlock;
+	}
 	/*
 	 * Put the message into the queue
 	 */
 	if (msqptr->_msg_first == NULL) {
 		msqptr->_msg_first = msghdr;
 		msqptr->_msg_last = msghdr;
 	} else {
 		msqptr->_msg_last->msg_next = msghdr;
 		msqptr->_msg_last = msghdr;
+	}
 	msqptr->_msg_last->msg_next = NULL;
 	msqptr->_msg_cbytes += msghdr->msg_ts;
 	msqptr->msg_qnum++;
 	msqptr->msg_lspid = l->l_proc->p_pid;
 	msqptr->msg_stime = time_second;
 	cv_broadcast(&msq->msq_cv);
 unlock:
 	mutex_exit(&msgmutex);
 	return error;
+}
 int
 sys_msgrcv(struct lwp *l, const struct sys_msgrcv_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) msqid;
 		syscallarg(void *) msgp;
 		syscallarg(size_t) msgsz;
 		syscallarg(long) msgtyp;
 		syscallarg(int) msgflg;
 	} */
 	return msgrcv1(l, SCARG(uap, msqid), SCARG(uap, msgp),
 	    SCARG(uap, msgsz), SCARG(uap, msgtyp), SCARG(uap, msgflg),
 	    sizeof(long), copyout, retval);
+}
 int
 msgrcv1(struct lwp *l, int msqidr, char *user_msgp, size_t msgsz, long msgtyp,
     int msgflg, size_t typesz, copyout_t put_type, register_t *retval)
+{
 	size_t len;
 	kauth_cred_t cred = l->l_cred;
 	struct msqid_ds *msqptr;
 	struct __msg *msghdr;
 	int error = 0, msqid;
 	kmsq_t *msq;
 	short next;
 	MSG_PRINTF(("call to msgrcv(%d, %p, %lld, %ld, %d)\n", msqid,
 	    user_msgp, (long long)msgsz, msgtyp, msgflg));
 	if ((ssize_t)msgsz < 0)
 		return EINVAL;
 restart:
 	msqid = IPCID_TO_IX(msqidr);
 	mutex_enter(&msgmutex);
 	/* In case of reallocation, we will wait for completion */
 	while (__predict_false(msg_realloc_state))
 		cv_wait(&msg_realloc_cv, &msgmutex);
 	if (msqid < 0 || msqid >= msginfo.msgmni) {
 		MSG_PRINTF(("msqid (%d) out of range (0<=msqid<%d)\n", msqid,
 		    msginfo.msgmni));
 		error = EINVAL;
 		goto unlock;
+	}
 	msq = &msqs[msqid];
 	msqptr = &msq->msq_u;
 	if (msqptr->msg_qbytes == 0) {
 		MSG_PRINTF(("no such message queue id\n"));
 		error = EINVAL;
 		goto unlock;
+	}
 	if (msqptr->msg_perm._seq != IPCID_TO_SEQ(msqidr)) {
 		MSG_PRINTF(("wrong sequence number\n"));
 		error = EINVAL;
 		goto unlock;
+	}
 	if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_R))) {
 		MSG_PRINTF(("requester doesn't have read access\n"));
 		goto unlock;
+	}
 	msghdr = NULL;
 	while (msghdr == NULL) {
 		if (msgtyp == 0) {
 			msghdr = msqptr->_msg_first;
 			if (msghdr != NULL) {
 				if (msgsz < msghdr->msg_ts &&
 				    (msgflg & MSG_NOERROR) == 0) {
 					MSG_PRINTF(("first msg on the queue "
 					    "is too big (want %lld, got %d)\n",
 					    (long long)msgsz, msghdr->msg_ts));
 					error = E2BIG;
 					goto unlock;
+				}
 				if (msqptr->_msg_first == msqptr->_msg_last) {
 					msqptr->_msg_first = NULL;
 					msqptr->_msg_last = NULL;
 				} else {
 					msqptr->_msg_first = msghdr->msg_next;
 					KASSERT(msqptr->_msg_first != NULL);
+				}
+			}
 		} else {
 			struct __msg *previous;
 			struct __msg **prev;
 			for (previous = NULL, prev = &msqptr->_msg_first;
 			     (msghdr = *prev) != NULL;
 			     previous = msghdr, prev = &msghdr->msg_next) {
 				/*
 				 * Is this message's type an exact match or is
 				 * this message's type less than or equal to
 				 * the absolute value of a negative msgtyp?
 				 * Note that the second half of this test can
 				 * NEVER be true if msgtyp is positive since
 				 * msg_type is always positive!
 				 */
 				if (msgtyp != msghdr->msg_type &&
 				    msghdr->msg_type > -msgtyp)
 					continue;
 				MSG_PRINTF(("found message type %ld, requested %ld\n",
 				    msghdr->msg_type, msgtyp));
 				if (msgsz < msghdr->msg_ts &&
 				     (msgflg & MSG_NOERROR) == 0) {
 					MSG_PRINTF(("requested message on the queue "
 					    "is too big (want %lld, got %d)\n",
 					    (long long)msgsz, msghdr->msg_ts));
 					error = E2BIG;
 					goto unlock;
+				}
 				*prev = msghdr->msg_next;
 				if (msghdr != msqptr->_msg_last)
 					break;
 				if (previous == NULL) {
 					KASSERT(prev == &msqptr->_msg_first);
 					msqptr->_msg_first = NULL;
 					msqptr->_msg_last = NULL;
 				} else {
 					KASSERT(prev != &msqptr->_msg_first);
 					msqptr->_msg_last = previous;
+				}
 				break;
+			}
+		}
 		/*
 		 * We've either extracted the msghdr for the appropriate
 		 * message or there isn't one.
 		 * If there is one then bail out of this loop.
 		 */
 		if (msghdr != NULL)
 			break;
 		/*
 		 * Hmph!  No message found.  Does the user want to wait?
 		 */
 		if ((msgflg & IPC_NOWAIT) != 0) {
 			MSG_PRINTF(("no appropriate message found (msgtyp=%ld)\n",
 			    msgtyp));
 			error = ENOMSG;
 			goto unlock;
+		}
 		/*
 		 * Wait for something to happen
 		 */
 		msg_waiters++;
 		MSG_PRINTF(("msgrcv:  goodnight\n"));
 		error = cv_wait_sig(&msq->msq_cv, &msgmutex);
 		MSG_PRINTF(("msgrcv: good morning (error=%d)\n", error));
 		msg_waiters--;
 		/*
 		 * In case of such state, notify reallocator and
 		 * restart the call.
 		 */
 		if (msg_realloc_state) {
 			cv_broadcast(&msg_realloc_cv);
 			mutex_exit(&msgmutex);
 			goto restart;
+		}
 		if (error != 0) {
 			MSG_PRINTF(("msgsnd: interrupted system call\n"));
 			error = EINTR;
 			goto unlock;
+		}
 		/*
 		 * Make sure that the msq queue still exists
 		 */
 		if (msqptr->msg_qbytes == 0 ||
 		    msqptr->msg_perm._seq != IPCID_TO_SEQ(msqidr)) {
 			MSG_PRINTF(("msqid deleted\n"));
 			error = EIDRM;
 			goto unlock;
+		}
+	}
 	/*
 	 * Return the message to the user.
+	 *
 	 * First, do the bookkeeping (before we risk being interrupted).
 	 */
 	msqptr->_msg_cbytes -= msghdr->msg_ts;
 	msqptr->msg_qnum--;
 	msqptr->msg_lrpid = l->l_proc->p_pid;
 	msqptr->msg_rtime = time_second;
 	/*
 	 * Make msgsz the actual amount that we'll be returning.
 	 * Note that this effectively truncates the message if it is too long
 	 * (since msgsz is never increased).
 	 */
 	MSG_PRINTF(("found a message, msgsz=%lld, msg_ts=%d\n",
 	    (long long)msgsz, msghdr->msg_ts));
 	if (msgsz > msghdr->msg_ts)
 		msgsz = msghdr->msg_ts;
 	/*
 	 * Return the type to the user.
 	 */
 	mutex_exit(&msgmutex);
 	error = (*put_type)(&msghdr->msg_type, user_msgp, typesz);
 	mutex_enter(&msgmutex);
 	if (error != 0) {
 		MSG_PRINTF(("error (%d) copying out message type\n", error));
 		msg_freehdr(msghdr);
 		cv_broadcast(&msq->msq_cv);
 		goto unlock;
+	}
 	user_msgp += typesz;
 	/*
 	 * Return the segments to the user
 	 */
 	next = msghdr->msg_spot;
 	for (len = 0; len < msgsz; len += msginfo.msgssz) {
 		size_t tlen;
 		KASSERT(next > -1);
 		KASSERT(next < msginfo.msgseg);
 		if (msgsz - len > msginfo.msgssz)
 			tlen = msginfo.msgssz;
 		else
 			tlen = msgsz - len;
 		mutex_exit(&msgmutex);
 		error = copyout(&msgpool[next * msginfo.msgssz],
 		    user_msgp, tlen);
 		mutex_enter(&msgmutex);
 		if (error != 0) {
 			MSG_PRINTF(("error (%d) copying out message segment\n",
 			    error));
 			msg_freehdr(msghdr);
 			cv_broadcast(&msq->msq_cv);
 			goto unlock;
+		}
 		user_msgp += tlen;
 		next = msgmaps[next].next;
+	}
 	/*
 	 * Done, return the actual number of bytes copied out.
 	 */
 	msg_freehdr(msghdr);
 	cv_broadcast(&msq->msq_cv);
 	*retval = msgsz;
 unlock:
 	mutex_exit(&msgmutex);
 	return error;
+}
 /*
  * Sysctl initialization and nodes.
  */
 static int
 sysctl_ipc_msgmni(SYSCTLFN_ARGS)
+{
 	int newsize, error;
 	struct sysctlnode node;
 	node = *rnode;
 	node.sysctl_data = &newsize;
 	newsize = msginfo.msgmni;
 	error = sysctl_lookup(SYSCTLFN_CALL(&node));
 	if (error || newp == NULL)
 		return error;
 	sysctl_unlock();
 	error = msgrealloc(newsize, msginfo.msgseg);
 	sysctl_relock();
 	return error;
+}
 static int
 sysctl_ipc_msgseg(SYSCTLFN_ARGS)
+{
 	int newsize, error;
 	struct sysctlnode node;
 	node = *rnode;
 	node.sysctl_data = &newsize;
 	newsize = msginfo.msgseg;
 	error = sysctl_lookup(SYSCTLFN_CALL(&node));
 	if (error || newp == NULL)
 		return error;
 	sysctl_unlock();
 	error = msgrealloc(msginfo.msgmni, newsize);
 	sysctl_relock();
 	return error;
+}
 SYSCTL_SETUP(sysctl_ipc_msg_setup, "sysctl kern.ipc subtree setup")
+{
 	const struct sysctlnode *node = NULL;
 	sysctl_createv(clog, 0, NULL, NULL,
 		CTLFLAG_PERMANENT,
 		CTLTYPE_NODE, "kern", NULL,
 		NULL, 0, NULL, 0,
 		CTL_KERN, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, &node,
 		CTLFLAG_PERMANENT,
 		CTLTYPE_NODE, "ipc",
 		SYSCTL_DESCR("SysV IPC options"),
 		NULL, 0, NULL, 0,
 		CTL_KERN, KERN_SYSVIPC, CTL_EOL);
 	if (node == NULL)
 		return;
 	sysctl_createv(clog, 0, &node, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_INT, "msgmni",
 		SYSCTL_DESCR("Max number of message queue identifiers"),
 		sysctl_ipc_msgmni, 0, &msginfo.msgmni, 0,
 		CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &node, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_INT, "msgseg",
 		SYSCTL_DESCR("Max number of number of message segments"),
 		sysctl_ipc_msgseg, 0, &msginfo.msgseg, 0,
 		CTL_CREATE, CTL_EOL);
+}

 @@ -1,1183 +1,1184 @@
-/*	$NetBSD: sysv_sem.c,v 1.87 2011/05/13 22:16:44 rmind Exp $	*/
+/*	$NetBSD: sysv_sem.c,v 1.88 2011/07/30 06:19:02 uebayasi Exp $	*/
 /*-
  * Copyright (c) 1999, 2007 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
  * NASA Ames Research Center, and by Andrew Doran.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Implementation of SVID semaphores
+ *
  * Author: Daniel Boulet
+ *
  * This software is provided ``AS IS'' without any warranties of any kind.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sysv_sem.c,v 1.87 2011/05/13 22:16:44 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sysv_sem.c,v 1.88 2011/07/30 06:19:02 uebayasi Exp $");
 #define SYSVSEM
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/sem.h>
 #include <sys/sysctl.h>
 #include <sys/kmem.h>
 #include <sys/mount.h>		/* XXX for <sys/syscallargs.h> */
 #include <sys/syscallargs.h>
 #include <sys/kauth.h>
 /*
  * Memory areas:
  *  1st: Pool of semaphore identifiers
  *  2nd: Semaphores
  *  3rd: Conditional variables
  *  4th: Undo structures
  */
 struct semid_ds *	sema			__read_mostly;
 static struct __sem *	sem			__read_mostly;
 static kcondvar_t *	semcv			__read_mostly;
 static int *		semu			__read_mostly;
 static kmutex_t		semlock			__cacheline_aligned;
 static bool		sem_realloc_state	__read_mostly;
 static kcondvar_t	sem_realloc_cv;
 /*
  * List of active undo structures, total number of semaphores,
  * and total number of semop waiters.
  */
 static struct sem_undo *semu_list		__read_mostly;
 static u_int		semtot			__cacheline_aligned;
 static u_int		sem_waiters		__cacheline_aligned;
 /* Macro to find a particular sem_undo vector */
 #define SEMU(s, ix)	((struct sem_undo *)(((long)s) + ix * seminfo.semusz))
 #ifdef SEM_DEBUG
 #define SEM_PRINTF(a) printf a
 #else
 #define SEM_PRINTF(a)
 #endif
 struct sem_undo *semu_alloc(struct proc *);
 int semundo_adjust(struct proc *, struct sem_undo **, int, int, int);
 void semundo_clear(int, int);
 void
 seminit(void)
+{
 	int i, sz;
 	vaddr_t v;
 	mutex_init(&semlock, MUTEX_DEFAULT, IPL_NONE);
 	cv_init(&sem_realloc_cv, "semrealc");
 	sem_realloc_state = false;
 	semtot = 0;
 	sem_waiters = 0;
 	/* Allocate the wired memory for our structures */
 	sz = ALIGN(seminfo.semmni * sizeof(struct semid_ds)) +
 	    ALIGN(seminfo.semmns * sizeof(struct __sem)) +
 	    ALIGN(seminfo.semmni * sizeof(kcondvar_t)) +
 	    ALIGN(seminfo.semmnu * seminfo.semusz);
-	v = uvm_km_alloc(kernel_map, round_page(sz), 0,
+	sz = round_page(sz);
-	    UVM_KMF_WIRED|UVM_KMF_ZERO);
+	v = uvm_km_alloc(kernel_map, sz, 0, UVM_KMF_WIRED|UVM_KMF_ZERO);
 	if (v == 0)
 		panic("sysv_sem: cannot allocate memory");
 	sema = (void *)v;
 	sem = (void *)((uintptr_t)sema +
 	    ALIGN(seminfo.semmni * sizeof(struct semid_ds)));
 	semcv = (void *)((uintptr_t)sem +
 	    ALIGN(seminfo.semmns * sizeof(struct __sem)));
 	semu = (void *)((uintptr_t)semcv +
 	    ALIGN(seminfo.semmni * sizeof(kcondvar_t)));
 	for (i = 0; i < seminfo.semmni; i++) {
 		sema[i]._sem_base = 0;
 		sema[i].sem_perm.mode = 0;
 		cv_init(&semcv[i], "semwait");
+	}
 	for (i = 0; i < seminfo.semmnu; i++) {
 		struct sem_undo *suptr = SEMU(semu, i);
 		suptr->un_proc = NULL;
+	}
 	semu_list = NULL;
 	exithook_establish(semexit, NULL);
+}
 static int
 semrealloc(int newsemmni, int newsemmns, int newsemmnu)
+{
 	struct semid_ds *new_sema, *old_sema;
 	struct __sem *new_sem;
 	struct sem_undo *new_semu_list, *suptr, *nsuptr;
 	int *new_semu;
 	kcondvar_t *new_semcv;
 	vaddr_t v;
 	int i, j, lsemid, nmnus, sz;
 	if (newsemmni < 1 || newsemmns < 1 || newsemmnu < 1)
 		return EINVAL;
 	/* Allocate the wired memory for our structures */
 	sz = ALIGN(newsemmni * sizeof(struct semid_ds)) +
 	    ALIGN(newsemmns * sizeof(struct __sem)) +
 	    ALIGN(newsemmni * sizeof(kcondvar_t)) +
 	    ALIGN(newsemmnu * seminfo.semusz);
-	v = uvm_km_alloc(kernel_map, round_page(sz), 0,
+	sz = round_page(sz);
-	    UVM_KMF_WIRED|UVM_KMF_ZERO);
+	v = uvm_km_alloc(kernel_map, sz, 0, UVM_KMF_WIRED|UVM_KMF_ZERO);
 	if (v == 0)
 		return ENOMEM;
 	mutex_enter(&semlock);
 	if (sem_realloc_state) {
 		mutex_exit(&semlock);
 		uvm_km_free(kernel_map, v, sz, UVM_KMF_WIRED);
 		return EBUSY;
+	}
 	sem_realloc_state = true;
 	if (sem_waiters) {
 		/*
 		 * Mark reallocation state, wake-up all waiters,
 		 * and wait while they will all exit.
 		 */
 		for (i = 0; i < seminfo.semmni; i++)
 			cv_broadcast(&semcv[i]);
 		while (sem_waiters)
 			cv_wait(&sem_realloc_cv, &semlock);
+	}
 	old_sema = sema;
 	/* Get the number of last slot */
 	lsemid = 0;
 	for (i = 0; i < seminfo.semmni; i++)
 		if (sema[i].sem_perm.mode & SEM_ALLOC)
 			lsemid = i;
 	/* Get the number of currently used undo structures */
 	nmnus = 0;
 	for (i = 0; i < seminfo.semmnu; i++) {
 		suptr = SEMU(semu, i);
 		if (suptr->un_proc == NULL)
 			continue;
 		nmnus++;
+	}
 	/* We cannot reallocate less memory than we use */
 	if (lsemid >= newsemmni || semtot > newsemmns || nmnus > newsemmnu) {
 		mutex_exit(&semlock);
 		uvm_km_free(kernel_map, v, sz, UVM_KMF_WIRED);
 		return EBUSY;
+	}
 	new_sema = (void *)v;
 	new_sem = (void *)((uintptr_t)new_sema +
 	    ALIGN(newsemmni * sizeof(struct semid_ds)));
 	new_semcv = (void *)((uintptr_t)new_sem +
 	    ALIGN(newsemmns * sizeof(struct __sem)));
 	new_semu = (void *)((uintptr_t)new_semcv +
 	    ALIGN(newsemmni * sizeof(kcondvar_t)));
 	/* Initialize all semaphore identifiers and condvars */
 	for (i = 0; i < newsemmni; i++) {
 		new_sema[i]._sem_base = 0;
 		new_sema[i].sem_perm.mode = 0;
 		cv_init(&new_semcv[i], "semwait");
+	}
 	for (i = 0; i < newsemmnu; i++) {
 		nsuptr = SEMU(new_semu, i);
 		nsuptr->un_proc = NULL;
+	}
 	/*
 	 * Copy all identifiers, semaphores and list of the
 	 * undo structures to the new memory allocation.
 	 */
 	j = 0;
 	for (i = 0; i <= lsemid; i++) {
 		if ((sema[i].sem_perm.mode & SEM_ALLOC) == 0)
 			continue;
 		memcpy(&new_sema[i], &sema[i], sizeof(struct semid_ds));
 		new_sema[i]._sem_base = &new_sem[j];
 		memcpy(new_sema[i]._sem_base, sema[i]._sem_base,
 		    (sizeof(struct __sem) * sema[i].sem_nsems));
 		j += sema[i].sem_nsems;
+	}
 	KASSERT(j == semtot);
 	j = 0;
 	new_semu_list = NULL;
 	for (suptr = semu_list; suptr != NULL; suptr = suptr->un_next) {
 		KASSERT(j < newsemmnu);
 		nsuptr = SEMU(new_semu, j);
 		memcpy(nsuptr, suptr, SEMUSZ);
 		nsuptr->un_next = new_semu_list;
 		new_semu_list = nsuptr;
 		j++;
+	}
 	for (i = 0; i < seminfo.semmni; i++) {
 		KASSERT(cv_has_waiters(&semcv[i]) == false);
 		cv_destroy(&semcv[i]);
+	}
 	sz = ALIGN(seminfo.semmni * sizeof(struct semid_ds)) +
 	    ALIGN(seminfo.semmns * sizeof(struct __sem)) +
 	    ALIGN(seminfo.semmni * sizeof(kcondvar_t)) +
 	    ALIGN(seminfo.semmnu * seminfo.semusz);
 	sz = round_page(sz);
 	/* Set the pointers and update the new values */
 	sema = new_sema;
 	sem = new_sem;
 	semcv = new_semcv;
 	semu = new_semu;
 	semu_list = new_semu_list;
 	seminfo.semmni = newsemmni;
 	seminfo.semmns = newsemmns;
 	seminfo.semmnu = newsemmnu;
 	/* Reallocation completed - notify all waiters, if any */
 	sem_realloc_state = false;
 	cv_broadcast(&sem_realloc_cv);
 	mutex_exit(&semlock);
 	uvm_km_free(kernel_map, (vaddr_t)old_sema, sz, UVM_KMF_WIRED);
 	return 0;
+}
 /*
  * Placebo.
  */
 int
 sys_semconfig(struct lwp *l, const struct sys_semconfig_args *uap, register_t *retval)
+{
 	*retval = 0;
 	return 0;
+}
 /*
  * Allocate a new sem_undo structure for a process.
  * => Returns NULL on failure.
  */
 struct sem_undo *
 semu_alloc(struct proc *p)
+{
 	struct sem_undo *suptr, **supptr;
 	bool attempted = false;
 	int i;
 	KASSERT(mutex_owned(&semlock));
 again:
 	/* Look for a free structure. */
 	for (i = 0; i < seminfo.semmnu; i++) {
 		suptr = SEMU(semu, i);
 		if (suptr->un_proc == NULL) {
 			/* Found.  Fill it in and return. */
 			suptr->un_next = semu_list;
 			semu_list = suptr;
 			suptr->un_cnt = 0;
 			suptr->un_proc = p;
 			return suptr;
+		}
+	}
 	/* Not found.  Attempt to free some structures. */
 	if (!attempted) {
 		bool freed = false;
 		attempted = true;
 		supptr = &semu_list;
 		while ((suptr = *supptr) != NULL) {
 			if (suptr->un_cnt == 0)  {
 				suptr->un_proc = NULL;
 				*supptr = suptr->un_next;
 				freed = true;
 			} else {
 				supptr = &suptr->un_next;
+			}
+		}
 		if (freed) {
 			goto again;
+		}
+	}
 	return NULL;
+}
 /*
  * Adjust a particular entry for a particular proc
  */
 int
 semundo_adjust(struct proc *p, struct sem_undo **supptr, int semid, int semnum,
     int adjval)
+{
 	struct sem_undo *suptr;
 	struct undo *sunptr;
 	int i;
 	KASSERT(mutex_owned(&semlock));
 	/*
 	 * Look for and remember the sem_undo if the caller doesn't
 	 * provide it
 	 */
 	suptr = *supptr;
 	if (suptr == NULL) {
 		for (suptr = semu_list; suptr != NULL; suptr = suptr->un_next)
 			if (suptr->un_proc == p)
 				break;
 		if (suptr == NULL) {
 			suptr = semu_alloc(p);
 			if (suptr == NULL)
 				return (ENOSPC);
+		}
 		*supptr = suptr;
+	}
 	/*
 	 * Look for the requested entry and adjust it (delete if
 	 * adjval becomes 0).
 	 */
 	sunptr = &suptr->un_ent[0];
 	for (i = 0; i < suptr->un_cnt; i++, sunptr++) {
 		if (sunptr->un_id != semid || sunptr->un_num != semnum)
 			continue;
 		sunptr->un_adjval += adjval;
 		if (sunptr->un_adjval == 0) {
 			suptr->un_cnt--;
 			if (i < suptr->un_cnt)
 				suptr->un_ent[i] =
 				    suptr->un_ent[suptr->un_cnt];
+		}
 		return (0);
+	}
 	/* Didn't find the right entry - create it */
 	if (suptr->un_cnt == SEMUME)
 		return (EINVAL);
 	sunptr = &suptr->un_ent[suptr->un_cnt];
 	suptr->un_cnt++;
 	sunptr->un_adjval = adjval;
 	sunptr->un_id = semid;
 	sunptr->un_num = semnum;
 	return (0);
+}
 void
 semundo_clear(int semid, int semnum)
+{
 	struct sem_undo *suptr;
 	struct undo *sunptr, *sunend;
 	KASSERT(mutex_owned(&semlock));
 	for (suptr = semu_list; suptr != NULL; suptr = suptr->un_next)
 		for (sunptr = &suptr->un_ent[0],
 		    sunend = sunptr + suptr->un_cnt; sunptr < sunend;) {
 			if (sunptr->un_id == semid) {
 				if (semnum == -1 || sunptr->un_num == semnum) {
 					suptr->un_cnt--;
 					sunend--;
 					if (sunptr != sunend)
 						*sunptr = *sunend;
 					if (semnum != -1)
 						break;
 					else
 						continue;
+				}
+			}
 			sunptr++;
+		}
+}
 int
 sys_____semctl50(struct lwp *l, const struct sys_____semctl50_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) semid;
 		syscallarg(int) semnum;
 		syscallarg(int) cmd;
 		syscallarg(union __semun *) arg;
 	} */
 	struct semid_ds sembuf;
 	int cmd, error;
 	void *pass_arg;
 	union __semun karg;
 	cmd = SCARG(uap, cmd);
 	pass_arg = get_semctl_arg(cmd, &sembuf, &karg);
 	if (pass_arg) {
 		error = copyin(SCARG(uap, arg), &karg, sizeof(karg));
 		if (error)
 			return error;
 		if (cmd == IPC_SET) {
 			error = copyin(karg.buf, &sembuf, sizeof(sembuf));
 			if (error)
 				return (error);
+		}
+	}
 	error = semctl1(l, SCARG(uap, semid), SCARG(uap, semnum), cmd,
 	    pass_arg, retval);
 	if (error == 0 && cmd == IPC_STAT)
 		error = copyout(&sembuf, karg.buf, sizeof(sembuf));
 	return (error);
+}
 int
 semctl1(struct lwp *l, int semid, int semnum, int cmd, void *v,
     register_t *retval)
+{
 	kauth_cred_t cred = l->l_cred;
 	union __semun *arg = v;
 	struct semid_ds *sembuf = v, *semaptr;
 	int i, error, ix;
 	SEM_PRINTF(("call to semctl(%d, %d, %d, %p)\n",
 	    semid, semnum, cmd, v));
 	mutex_enter(&semlock);
 	ix = IPCID_TO_IX(semid);
 	if (ix < 0 || ix >= seminfo.semmni) {
 		mutex_exit(&semlock);
 		return (EINVAL);
+	}
 	semaptr = &sema[ix];
 	if ((semaptr->sem_perm.mode & SEM_ALLOC) == 0 ||
 	    semaptr->sem_perm._seq != IPCID_TO_SEQ(semid)) {
 		mutex_exit(&semlock);
 		return (EINVAL);
+	}
 	switch (cmd) {
 	case IPC_RMID:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_M)) != 0)
 			break;
 		semaptr->sem_perm.cuid = kauth_cred_geteuid(cred);
 		semaptr->sem_perm.uid = kauth_cred_geteuid(cred);
 		semtot -= semaptr->sem_nsems;
 		for (i = semaptr->_sem_base - sem; i < semtot; i++)
 			sem[i] = sem[i + semaptr->sem_nsems];
 		for (i = 0; i < seminfo.semmni; i++) {
 			if ((sema[i].sem_perm.mode & SEM_ALLOC) &&
 			    sema[i]._sem_base > semaptr->_sem_base)
 				sema[i]._sem_base -= semaptr->sem_nsems;
+		}
 		semaptr->sem_perm.mode = 0;
 		semundo_clear(ix, -1);
 		cv_broadcast(&semcv[ix]);
 		break;
 	case IPC_SET:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_M)))
 			break;
 		KASSERT(sembuf != NULL);
 		semaptr->sem_perm.uid = sembuf->sem_perm.uid;
 		semaptr->sem_perm.gid = sembuf->sem_perm.gid;
 		semaptr->sem_perm.mode = (semaptr->sem_perm.mode & ~0777) |
 		    (sembuf->sem_perm.mode & 0777);
 		semaptr->sem_ctime = time_second;
 		break;
 	case IPC_STAT:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_R)))
 			break;
 		KASSERT(sembuf != NULL);
 		memcpy(sembuf, semaptr, sizeof(struct semid_ds));
 		sembuf->sem_perm.mode &= 0777;
 		break;
 	case GETNCNT:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_R)))
 			break;
 		if (semnum < 0 || semnum >= semaptr->sem_nsems) {
 			error = EINVAL;
 			break;
+		}
 		*retval = semaptr->_sem_base[semnum].semncnt;
 		break;
 	case GETPID:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_R)))
 			break;
 		if (semnum < 0 || semnum >= semaptr->sem_nsems) {
 			error = EINVAL;
 			break;
+		}
 		*retval = semaptr->_sem_base[semnum].sempid;
 		break;
 	case GETVAL:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_R)))
 			break;
 		if (semnum < 0 || semnum >= semaptr->sem_nsems) {
 			error = EINVAL;
 			break;
+		}
 		*retval = semaptr->_sem_base[semnum].semval;
 		break;
 	case GETALL:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_R)))
 			break;
 		KASSERT(arg != NULL);
 		for (i = 0; i < semaptr->sem_nsems; i++) {
 			error = copyout(&semaptr->_sem_base[i].semval,
 			    &arg->array[i], sizeof(arg->array[i]));
 			if (error != 0)
 				break;
+		}
 		break;
 	case GETZCNT:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_R)))
 			break;
 		if (semnum < 0 || semnum >= semaptr->sem_nsems) {
 			error = EINVAL;
 			break;
+		}
 		*retval = semaptr->_sem_base[semnum].semzcnt;
 		break;
 	case SETVAL:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_W)))
 			break;
 		if (semnum < 0 || semnum >= semaptr->sem_nsems) {
 			error = EINVAL;
 			break;
+		}
 		KASSERT(arg != NULL);
 		if ((unsigned int)arg->val > seminfo.semvmx) {
 			error = ERANGE;
 			break;
+		}
 		semaptr->_sem_base[semnum].semval = arg->val;
 		semundo_clear(ix, semnum);
 		cv_broadcast(&semcv[ix]);
 		break;
 	case SETALL:
 		if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_W)))
 			break;
 		KASSERT(arg != NULL);
 		for (i = 0; i < semaptr->sem_nsems; i++) {
 			unsigned short semval;
 			error = copyin(&arg->array[i], &semval,
 			    sizeof(arg->array[i]));
 			if (error != 0)
 				break;
 			if ((unsigned int)semval > seminfo.semvmx) {
 				error = ERANGE;
 				break;
+			}
 			semaptr->_sem_base[i].semval = semval;
+		}
 		semundo_clear(ix, -1);
 		cv_broadcast(&semcv[ix]);
 		break;
 	default:
 		error = EINVAL;
 		break;
+	}
 	mutex_exit(&semlock);
 	return (error);
+}
 int
 sys_semget(struct lwp *l, const struct sys_semget_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(key_t) key;
 		syscallarg(int) nsems;
 		syscallarg(int) semflg;
 	} */
 	int semid, error = 0;
 	int key = SCARG(uap, key);
 	int nsems = SCARG(uap, nsems);
 	int semflg = SCARG(uap, semflg);
 	kauth_cred_t cred = l->l_cred;
 	SEM_PRINTF(("semget(0x%x, %d, 0%o)\n", key, nsems, semflg));
 	mutex_enter(&semlock);
 	if (key != IPC_PRIVATE) {
 		for (semid = 0; semid < seminfo.semmni; semid++) {
 			if ((sema[semid].sem_perm.mode & SEM_ALLOC) &&
 			    sema[semid].sem_perm._key == key)
 				break;
+		}
 		if (semid < seminfo.semmni) {
 			SEM_PRINTF(("found public key\n"));
 			if ((error = ipcperm(cred, &sema[semid].sem_perm,
 			    semflg & 0700)))
 			    	goto out;
 			if (nsems > 0 && sema[semid].sem_nsems < nsems) {
 				SEM_PRINTF(("too small\n"));
 				error = EINVAL;
 				goto out;
+			}
 			if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) {
 				SEM_PRINTF(("not exclusive\n"));
 				error = EEXIST;
 				goto out;
+			}
 			goto found;
+		}
+	}
 	SEM_PRINTF(("need to allocate the semid_ds\n"));
 	if (key == IPC_PRIVATE || (semflg & IPC_CREAT)) {
 		if (nsems <= 0 || nsems > seminfo.semmsl) {
 			SEM_PRINTF(("nsems out of range (0<%d<=%d)\n", nsems,
 			    seminfo.semmsl));
 			error = EINVAL;
 			goto out;
+		}
 		if (nsems > seminfo.semmns - semtot) {
 			SEM_PRINTF(("not enough semaphores left "
 			    "(need %d, got %d)\n",
 			    nsems, seminfo.semmns - semtot));
 			error = ENOSPC;
 			goto out;
+		}
 		for (semid = 0; semid < seminfo.semmni; semid++) {
 			if ((sema[semid].sem_perm.mode & SEM_ALLOC) == 0)
 				break;
+		}
 		if (semid == seminfo.semmni) {
 			SEM_PRINTF(("no more semid_ds's available\n"));
 			error = ENOSPC;
 			goto out;
+		}
 		SEM_PRINTF(("semid %d is available\n", semid));
 		sema[semid].sem_perm._key = key;
 		sema[semid].sem_perm.cuid = kauth_cred_geteuid(cred);
 		sema[semid].sem_perm.uid = kauth_cred_geteuid(cred);
 		sema[semid].sem_perm.cgid = kauth_cred_getegid(cred);
 		sema[semid].sem_perm.gid = kauth_cred_getegid(cred);
 		sema[semid].sem_perm.mode = (semflg & 0777) | SEM_ALLOC;
 		sema[semid].sem_perm._seq =
 		    (sema[semid].sem_perm._seq + 1) & 0x7fff;
 		sema[semid].sem_nsems = nsems;
 		sema[semid].sem_otime = 0;
 		sema[semid].sem_ctime = time_second;
 		sema[semid]._sem_base = &sem[semtot];
 		semtot += nsems;
 		memset(sema[semid]._sem_base, 0,
 		    sizeof(sema[semid]._sem_base[0]) * nsems);
 		SEM_PRINTF(("sembase = %p, next = %p\n", sema[semid]._sem_base,
 		    &sem[semtot]));
 	} else {
 		SEM_PRINTF(("didn't find it and wasn't asked to create it\n"));
 		error = ENOENT;
 		goto out;
+	}
  found:
 	*retval = IXSEQ_TO_IPCID(semid, sema[semid].sem_perm);
  out:
 	mutex_exit(&semlock);
 	return (error);
+}
 #define SMALL_SOPS 8
 int
 sys_semop(struct lwp *l, const struct sys_semop_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) semid;
 		syscallarg(struct sembuf *) sops;
 		syscallarg(size_t) nsops;
 	} */
 	struct proc *p = l->l_proc;
 	int semid = SCARG(uap, semid), seq;
 	size_t nsops = SCARG(uap, nsops);
 	struct sembuf small_sops[SMALL_SOPS];
 	struct sembuf *sops;
 	struct semid_ds *semaptr;
 	struct sembuf *sopptr = NULL;
 	struct __sem *semptr = NULL;
 	struct sem_undo *suptr = NULL;
 	kauth_cred_t cred = l->l_cred;
 	int i, error;
 	int do_wakeup, do_undos;
 	SEM_PRINTF(("call to semop(%d, %p, %zd)\n", semid, SCARG(uap,sops), nsops));
 	if (__predict_false((p->p_flag & PK_SYSVSEM) == 0)) {
 		mutex_enter(p->p_lock);
 		p->p_flag |= PK_SYSVSEM;
 		mutex_exit(p->p_lock);
+	}
 restart:
 	if (nsops <= SMALL_SOPS) {
 		sops = small_sops;
 	} else if (nsops <= seminfo.semopm) {
 		sops = kmem_alloc(nsops * sizeof(*sops), KM_SLEEP);
 	} else {
 		SEM_PRINTF(("too many sops (max=%d, nsops=%zd)\n",
 		    seminfo.semopm, nsops));
 		return (E2BIG);
+	}
 	error = copyin(SCARG(uap, sops), sops, nsops * sizeof(sops[0]));
 	if (error) {
 		SEM_PRINTF(("error = %d from copyin(%p, %p, %zd)\n", error,
 		    SCARG(uap, sops), &sops, nsops * sizeof(sops[0])));
 		if (sops != small_sops)
 			kmem_free(sops, nsops * sizeof(*sops));
 		return error;
+	}
 	mutex_enter(&semlock);
 	/* In case of reallocation, we will wait for completion */
 	while (__predict_false(sem_realloc_state))
 		cv_wait(&sem_realloc_cv, &semlock);
 	semid = IPCID_TO_IX(semid);	/* Convert back to zero origin */
 	if (semid < 0 || semid >= seminfo.semmni) {
 		error = EINVAL;
 		goto out;
+	}
 	semaptr = &sema[semid];
 	seq = IPCID_TO_SEQ(SCARG(uap, semid));
 	if ((semaptr->sem_perm.mode & SEM_ALLOC) == 0 ||
 	    semaptr->sem_perm._seq != seq) {
 		error = EINVAL;
 		goto out;
+	}
 	if ((error = ipcperm(cred, &semaptr->sem_perm, IPC_W))) {
 		SEM_PRINTF(("error = %d from ipaccess\n", error));
 		goto out;
+	}
 	for (i = 0; i < nsops; i++)
 		if (sops[i].sem_num >= semaptr->sem_nsems) {
 			error = EFBIG;
 			goto out;
+		}
 	/*
 	 * Loop trying to satisfy the vector of requests.
 	 * If we reach a point where we must wait, any requests already
 	 * performed are rolled back and we go to sleep until some other
 	 * process wakes us up.  At this point, we start all over again.
+	 *
 	 * This ensures that from the perspective of other tasks, a set
 	 * of requests is atomic (never partially satisfied).
 	 */
 	do_undos = 0;
 	for (;;) {
 		do_wakeup = 0;
 		for (i = 0; i < nsops; i++) {
 			sopptr = &sops[i];
 			semptr = &semaptr->_sem_base[sopptr->sem_num];
 			SEM_PRINTF(("semop:  semaptr=%p, sem_base=%p, "
 			    "semptr=%p, sem[%d]=%d : op=%d, flag=%s\n",
 			    semaptr, semaptr->_sem_base, semptr,
 			    sopptr->sem_num, semptr->semval, sopptr->sem_op,
 			    (sopptr->sem_flg & IPC_NOWAIT) ?
 			    "nowait" : "wait"));
 			if (sopptr->sem_op < 0) {
 				if ((int)(semptr->semval +
 				    sopptr->sem_op) < 0) {
 					SEM_PRINTF(("semop:  "
 					    "can't do it now\n"));
 					break;
 				} else {
 					semptr->semval += sopptr->sem_op;
 					if (semptr->semval == 0 &&
 					    semptr->semzcnt > 0)
 						do_wakeup = 1;
+				}
 				if (sopptr->sem_flg & SEM_UNDO)
 					do_undos = 1;
 			} else if (sopptr->sem_op == 0) {
 				if (semptr->semval > 0) {
 					SEM_PRINTF(("semop:  not zero now\n"));
 					break;
+				}
 			} else {
 				if (semptr->semncnt > 0)
 					do_wakeup = 1;
 				semptr->semval += sopptr->sem_op;
 				if (sopptr->sem_flg & SEM_UNDO)
 					do_undos = 1;
+			}
+		}
 		/*
 		 * Did we get through the entire vector?
 		 */
 		if (i >= nsops)
 			goto done;
 		/*
 		 * No ... rollback anything that we've already done
 		 */
 		SEM_PRINTF(("semop:  rollback 0 through %d\n", i - 1));
 		while (i-- > 0)
 			semaptr->_sem_base[sops[i].sem_num].semval -=
 			    sops[i].sem_op;
 		/*
 		 * If the request that we couldn't satisfy has the
 		 * NOWAIT flag set then return with EAGAIN.
 		 */
 		if (sopptr->sem_flg & IPC_NOWAIT) {
 			error = EAGAIN;
 			goto out;
+		}
 		if (sopptr->sem_op == 0)
 			semptr->semzcnt++;
 		else
 			semptr->semncnt++;
 		sem_waiters++;
 		SEM_PRINTF(("semop:  good night!\n"));
 		error = cv_wait_sig(&semcv[semid], &semlock);
 		SEM_PRINTF(("semop:  good morning (error=%d)!\n", error));
 		sem_waiters--;
 		/* Notify reallocator, if it is waiting */
 		cv_broadcast(&sem_realloc_cv);
 		/*
 		 * Make sure that the semaphore still exists
 		 */
 		if ((semaptr->sem_perm.mode & SEM_ALLOC) == 0 ||
 		    semaptr->sem_perm._seq != seq) {
 			error = EIDRM;
 			goto out;
+		}
 		/*
 		 * The semaphore is still alive.  Readjust the count of
 		 * waiting processes.
 		 */
 		semptr = &semaptr->_sem_base[sopptr->sem_num];
 		if (sopptr->sem_op == 0)
 			semptr->semzcnt--;
 		else
 			semptr->semncnt--;
 		/* In case of such state, restart the call */
 		if (sem_realloc_state) {
 			mutex_exit(&semlock);
 			goto restart;
+		}
 		/* Is it really morning, or was our sleep interrupted? */
 		if (error != 0) {
 			error = EINTR;
 			goto out;
+		}
 		SEM_PRINTF(("semop:  good morning!\n"));
+	}
 done:
 	/*
 	 * Process any SEM_UNDO requests.
 	 */
 	if (do_undos) {
 		for (i = 0; i < nsops; i++) {
 			/*
 			 * We only need to deal with SEM_UNDO's for non-zero
 			 * op's.
 			 */
 			int adjval;
 			if ((sops[i].sem_flg & SEM_UNDO) == 0)
 				continue;
 			adjval = sops[i].sem_op;
 			if (adjval == 0)
 				continue;
 			error = semundo_adjust(p, &suptr, semid,
 			    sops[i].sem_num, -adjval);
 			if (error == 0)
 				continue;
 			/*
 			 * Oh-Oh!  We ran out of either sem_undo's or undo's.
 			 * Rollback the adjustments to this point and then
 			 * rollback the semaphore ups and down so we can return
 			 * with an error with all structures restored.  We
 			 * rollback the undo's in the exact reverse order that
 			 * we applied them.  This guarantees that we won't run
 			 * out of space as we roll things back out.
 			 */
 			while (i-- > 0) {
 				if ((sops[i].sem_flg & SEM_UNDO) == 0)
 					continue;
 				adjval = sops[i].sem_op;
 				if (adjval == 0)
 					continue;
 				if (semundo_adjust(p, &suptr, semid,
 				    sops[i].sem_num, adjval) != 0)
 					panic("semop - can't undo undos");
+			}
 			for (i = 0; i < nsops; i++)
 				semaptr->_sem_base[sops[i].sem_num].semval -=
 				    sops[i].sem_op;
 			SEM_PRINTF(("error = %d from semundo_adjust\n", error));
 			goto out;
 		} /* loop through the sops */
 	} /* if (do_undos) */
 	/* We're definitely done - set the sempid's */
 	for (i = 0; i < nsops; i++) {
 		sopptr = &sops[i];
 		semptr = &semaptr->_sem_base[sopptr->sem_num];
 		semptr->sempid = p->p_pid;
+	}
 	/* Update sem_otime */
 	semaptr->sem_otime = time_second;
 	/* Do a wakeup if any semaphore was up'd. */
 	if (do_wakeup) {
 		SEM_PRINTF(("semop:  doing wakeup\n"));
 		cv_broadcast(&semcv[semid]);
 		SEM_PRINTF(("semop:  back from wakeup\n"));
+	}
 	SEM_PRINTF(("semop:  done\n"));
 	*retval = 0;
  out:
 	mutex_exit(&semlock);
 	if (sops != small_sops)
 		kmem_free(sops, nsops * sizeof(*sops));
 	return error;
+}
 /*
  * Go through the undo structures for this process and apply the
  * adjustments to semaphores.
  */
 /*ARGSUSED*/
 void
 semexit(struct proc *p, void *v)
+{
 	struct sem_undo *suptr;
 	struct sem_undo **supptr;
 	if ((p->p_flag & PK_SYSVSEM) == 0)
 		return;
 	mutex_enter(&semlock);
 	/*
 	 * Go through the chain of undo vectors looking for one
 	 * associated with this process.
 	 */
 	for (supptr = &semu_list; (suptr = *supptr) != NULL;
 	    supptr = &suptr->un_next) {
 		if (suptr->un_proc == p)
 			break;
+	}
 	/*
 	 * If there is no undo vector, skip to the end.
 	 */
 	if (suptr == NULL) {
 		mutex_exit(&semlock);
 		return;
+	}
 	/*
 	 * We now have an undo vector for this process.
 	 */
 	SEM_PRINTF(("proc @%p has undo structure with %d entries\n", p,
 	    suptr->un_cnt));
 	/*
 	 * If there are any active undo elements then process them.
 	 */
 	if (suptr->un_cnt > 0) {
 		int ix;
 		for (ix = 0; ix < suptr->un_cnt; ix++) {
 			int semid = suptr->un_ent[ix].un_id;
 			int semnum = suptr->un_ent[ix].un_num;
 			int adjval = suptr->un_ent[ix].un_adjval;
 			struct semid_ds *semaptr;
 			semaptr = &sema[semid];
 			if ((semaptr->sem_perm.mode & SEM_ALLOC) == 0)
 				panic("semexit - semid not allocated");
 			if (semnum >= semaptr->sem_nsems)
 				panic("semexit - semnum out of range");
 			SEM_PRINTF(("semexit:  %p id=%d num=%d(adj=%d) ; "
 			    "sem=%d\n",
 			    suptr->un_proc, suptr->un_ent[ix].un_id,
 			    suptr->un_ent[ix].un_num,
 			    suptr->un_ent[ix].un_adjval,
 			    semaptr->_sem_base[semnum].semval));
 			if (adjval < 0 &&
 			    semaptr->_sem_base[semnum].semval < -adjval)
 				semaptr->_sem_base[semnum].semval = 0;
 			else
 				semaptr->_sem_base[semnum].semval += adjval;
 			cv_broadcast(&semcv[semid]);
 			SEM_PRINTF(("semexit:  back from wakeup\n"));
+		}
+	}
 	/*
 	 * Deallocate the undo vector.
 	 */
 	SEM_PRINTF(("removing vector\n"));
 	suptr->un_proc = NULL;
 	*supptr = suptr->un_next;
 	mutex_exit(&semlock);
+}
 /*
  * Sysctl initialization and nodes.
  */
 static int
 sysctl_ipc_semmni(SYSCTLFN_ARGS)
+{
 	int newsize, error;
 	struct sysctlnode node;
 	node = *rnode;
 	node.sysctl_data = &newsize;
 	newsize = seminfo.semmni;
 	error = sysctl_lookup(SYSCTLFN_CALL(&node));
 	if (error || newp == NULL)
 		return error;
 	return semrealloc(newsize, seminfo.semmns, seminfo.semmnu);
+}
 static int
 sysctl_ipc_semmns(SYSCTLFN_ARGS)
+{
 	int newsize, error;
 	struct sysctlnode node;
 	node = *rnode;
 	node.sysctl_data = &newsize;
 	newsize = seminfo.semmns;
 	error = sysctl_lookup(SYSCTLFN_CALL(&node));
 	if (error || newp == NULL)
 		return error;
 	return semrealloc(seminfo.semmni, newsize, seminfo.semmnu);
+}
 static int
 sysctl_ipc_semmnu(SYSCTLFN_ARGS)
+{
 	int newsize, error;
 	struct sysctlnode node;
 	node = *rnode;
 	node.sysctl_data = &newsize;
 	newsize = seminfo.semmnu;
 	error = sysctl_lookup(SYSCTLFN_CALL(&node));
 	if (error || newp == NULL)
 		return error;
 	return semrealloc(seminfo.semmni, seminfo.semmns, newsize);
+}
 SYSCTL_SETUP(sysctl_ipc_sem_setup, "sysctl kern.ipc subtree setup")
+{
 	const struct sysctlnode *node = NULL;
 	sysctl_createv(clog, 0, NULL, NULL,
 		CTLFLAG_PERMANENT,
 		CTLTYPE_NODE, "kern", NULL,
 		NULL, 0, NULL, 0,
 		CTL_KERN, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, &node,
 		CTLFLAG_PERMANENT,
 		CTLTYPE_NODE, "ipc",
 		SYSCTL_DESCR("SysV IPC options"),
 		NULL, 0, NULL, 0,
 		CTL_KERN, KERN_SYSVIPC, CTL_EOL);
 	if (node == NULL)
 		return;
 	sysctl_createv(clog, 0, &node, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_INT, "semmni",
 		SYSCTL_DESCR("Max number of number of semaphore identifiers"),
 		sysctl_ipc_semmni, 0, &seminfo.semmni, 0,
 		CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &node, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_INT, "semmns",
 		SYSCTL_DESCR("Max number of number of semaphores in system"),
 		sysctl_ipc_semmns, 0, &seminfo.semmns, 0,
 		CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &node, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_INT, "semmnu",
 		SYSCTL_DESCR("Max number of undo structures in system"),
 		sysctl_ipc_semmnu, 0, &seminfo.semmnu, 0,
 		CTL_CREATE, CTL_EOL);
+}

 @@ -1,1092 +1,1093 @@
-/*	$NetBSD: sysv_shm.c,v 1.120 2011/06/12 03:35:56 rmind Exp $	*/
+/*	$NetBSD: sysv_shm.c,v 1.121 2011/07/30 06:19:02 uebayasi Exp $	*/
 /*-
  * Copyright (c) 1999, 2007 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
  * NASA Ames Research Center, and by Mindaugas Rasiukevicius.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1994 Adam Glass and Charles M. Hannum.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
  *	This product includes software developed by Adam Glass and Charles M.
  *	Hannum.
  * 4. The names of the authors may not be used to endorse or promote products
  *    derived from this software without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sysv_shm.c,v 1.120 2011/06/12 03:35:56 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sysv_shm.c,v 1.121 2011/07/30 06:19:02 uebayasi Exp $");
 #define SYSVSHM
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kmem.h>
 #include <sys/shm.h>
 #include <sys/mutex.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/sysctl.h>
 #include <sys/mount.h>		/* XXX for <sys/syscallargs.h> */
 #include <sys/syscallargs.h>
 #include <sys/queue.h>
 #include <sys/kauth.h>
 #include <uvm/uvm_extern.h>
 #include <uvm/uvm_object.h>
 struct shmmap_entry {
 	SLIST_ENTRY(shmmap_entry) next;
 	vaddr_t va;
 	int shmid;
 };
 int			shm_nused		__cacheline_aligned;
 struct shmid_ds *	shmsegs			__read_mostly;
 static kmutex_t		shm_lock		__cacheline_aligned;
 static kcondvar_t *	shm_cv			__cacheline_aligned;
 static int		shm_last_free		__cacheline_aligned;
 static size_t		shm_committed		__cacheline_aligned;
 static int		shm_use_phys		__read_mostly;
 static kcondvar_t	shm_realloc_cv;
 static bool		shm_realloc_state;
 static u_int		shm_realloc_disable;
 struct shmmap_state {
 	unsigned int nitems;
 	unsigned int nrefs;
 	SLIST_HEAD(, shmmap_entry) entries;
 };
 #ifdef SHMDEBUG
 #define SHMPRINTF(a) printf a
 #else
 #define SHMPRINTF(a)
 #endif
 static int shmrealloc(int);
 /*
  * Find the shared memory segment by the identifier.
  *  => must be called with shm_lock held;
  */
 static struct shmid_ds *
 shm_find_segment_by_shmid(int shmid)
+{
 	int segnum;
 	struct shmid_ds *shmseg;
 	KASSERT(mutex_owned(&shm_lock));
 	segnum = IPCID_TO_IX(shmid);
 	if (segnum < 0 || segnum >= shminfo.shmmni)
 		return NULL;
 	shmseg = &shmsegs[segnum];
 	if ((shmseg->shm_perm.mode & SHMSEG_ALLOCATED) == 0)
 		return NULL;
 	if ((shmseg->shm_perm.mode &
 	    (SHMSEG_REMOVED|SHMSEG_RMLINGER)) == SHMSEG_REMOVED)
 		return NULL;
 	if (shmseg->shm_perm._seq != IPCID_TO_SEQ(shmid))
 		return NULL;
 	return shmseg;
+}
 /*
  * Free memory segment.
  *  => must be called with shm_lock held;
  */
 static void
 shm_free_segment(int segnum)
+{
 	struct shmid_ds *shmseg;
 	size_t size;
 	bool wanted;
 	KASSERT(mutex_owned(&shm_lock));
 	shmseg = &shmsegs[segnum];
 	SHMPRINTF(("shm freeing key 0x%lx seq 0x%x\n",
 	    shmseg->shm_perm._key, shmseg->shm_perm._seq));
 	size = (shmseg->shm_segsz + PGOFSET) & ~PGOFSET;
 	wanted = (shmseg->shm_perm.mode & SHMSEG_WANTED);
 	shmseg->_shm_internal = NULL;
 	shm_committed -= btoc(size);
 	shm_nused--;
 	shmseg->shm_perm.mode = SHMSEG_FREE;
 	shm_last_free = segnum;
 	if (wanted == true)
 		cv_broadcast(&shm_cv[segnum]);
+}
 /*
  * Delete entry from the shm map.
  *  => must be called with shm_lock held;
  */
 static struct uvm_object *
 shm_delete_mapping(struct shmmap_state *shmmap_s,
     struct shmmap_entry *shmmap_se)
+{
 	struct uvm_object *uobj = NULL;
 	struct shmid_ds *shmseg;
 	int segnum;
 	KASSERT(mutex_owned(&shm_lock));
 	segnum = IPCID_TO_IX(shmmap_se->shmid);
 	shmseg = &shmsegs[segnum];
 	SLIST_REMOVE(&shmmap_s->entries, shmmap_se, shmmap_entry, next);
 	shmmap_s->nitems--;
 	shmseg->shm_dtime = time_second;
 	if ((--shmseg->shm_nattch <= 0) &&
 	    (shmseg->shm_perm.mode & SHMSEG_REMOVED)) {
 		uobj = shmseg->_shm_internal;
 		shm_free_segment(segnum);
+	}
 	return uobj;
+}
 /*
  * Get a non-shared shm map for that vmspace.  Note, that memory
  * allocation might be performed with lock held.
  */
 static struct shmmap_state *
 shmmap_getprivate(struct proc *p)
+{
 	struct shmmap_state *oshmmap_s, *shmmap_s;
 	struct shmmap_entry *oshmmap_se, *shmmap_se;
 	KASSERT(mutex_owned(&shm_lock));
 	/* 1. A shm map with refcnt = 1, used by ourselves, thus return */
 	oshmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm;
 	if (oshmmap_s && oshmmap_s->nrefs == 1)
 		return oshmmap_s;
 	/* 2. No shm map preset - create a fresh one */
 	shmmap_s = kmem_zalloc(sizeof(struct shmmap_state), KM_SLEEP);
 	shmmap_s->nrefs = 1;
 	SLIST_INIT(&shmmap_s->entries);
 	p->p_vmspace->vm_shm = (void *)shmmap_s;
 	if (oshmmap_s == NULL)
 		return shmmap_s;
 	SHMPRINTF(("shmmap_getprivate: vm %p split (%d entries), was used by %d\n",
 	    p->p_vmspace, oshmmap_s->nitems, oshmmap_s->nrefs));
 	/* 3. A shared shm map, copy to a fresh one and adjust refcounts */
 	SLIST_FOREACH(oshmmap_se, &oshmmap_s->entries, next) {
 		shmmap_se = kmem_alloc(sizeof(struct shmmap_entry), KM_SLEEP);
 		shmmap_se->va = oshmmap_se->va;
 		shmmap_se->shmid = oshmmap_se->shmid;
 		SLIST_INSERT_HEAD(&shmmap_s->entries, shmmap_se, next);
+	}
 	shmmap_s->nitems = oshmmap_s->nitems;
 	oshmmap_s->nrefs--;
 	return shmmap_s;
+}
 /*
  * Lock/unlock the memory.
  *  => must be called with shm_lock held;
  *  => called from one place, thus, inline;
  */
 static inline int
 shm_memlock(struct lwp *l, struct shmid_ds *shmseg, int shmid, int cmd)
+{
 	struct proc *p = l->l_proc;
 	struct shmmap_entry *shmmap_se;
 	struct shmmap_state *shmmap_s;
 	size_t size;
 	int error;
 	KASSERT(mutex_owned(&shm_lock));
 	shmmap_s = shmmap_getprivate(p);
 	/* Find our shared memory address by shmid */
 	SLIST_FOREACH(shmmap_se, &shmmap_s->entries, next) {
 		if (shmmap_se->shmid != shmid)
 			continue;
 		size = (shmseg->shm_segsz + PGOFSET) & ~PGOFSET;
 		if (cmd == SHM_LOCK &&
 		    (shmseg->shm_perm.mode & SHMSEG_WIRED) == 0) {
 			/* Wire the object and map, then tag it */
 			error = uvm_obj_wirepages(shmseg->_shm_internal,
 , size);
 			if (error)
 				return EIO;
 			error = uvm_map_pageable(&p->p_vmspace->vm_map,
 			    shmmap_se->va, shmmap_se->va + size, false, 0);
 			if (error) {
 				uvm_obj_unwirepages(shmseg->_shm_internal,
 , size);
 				if (error == EFAULT)
 					error = ENOMEM;
 				return error;
+			}
 			shmseg->shm_perm.mode |= SHMSEG_WIRED;
 		} else if (cmd == SHM_UNLOCK &&
 		    (shmseg->shm_perm.mode & SHMSEG_WIRED) != 0) {
 			/* Unwire the object and map, then untag it */
 			uvm_obj_unwirepages(shmseg->_shm_internal, 0, size);
 			error = uvm_map_pageable(&p->p_vmspace->vm_map,
 			    shmmap_se->va, shmmap_se->va + size, true, 0);
 			if (error)
 				return EIO;
 			shmseg->shm_perm.mode &= ~SHMSEG_WIRED;
+		}
+	}
 	return 0;
+}
 /*
  * Unmap shared memory.
  */
 int
 sys_shmdt(struct lwp *l, const struct sys_shmdt_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const void *) shmaddr;
 	} */
 	struct proc *p = l->l_proc;
 	struct shmmap_state *shmmap_s1, *shmmap_s;
 	struct shmmap_entry *shmmap_se;
 	struct uvm_object *uobj;
 	struct shmid_ds *shmseg;
 	size_t size;
 	mutex_enter(&shm_lock);
 	/* In case of reallocation, we will wait for completion */
 	while (__predict_false(shm_realloc_state))
 		cv_wait(&shm_realloc_cv, &shm_lock);
 	shmmap_s1 = (struct shmmap_state *)p->p_vmspace->vm_shm;
 	if (shmmap_s1 == NULL) {
 		mutex_exit(&shm_lock);
 		return EINVAL;
+	}
 	/* Find the map entry */
 	SLIST_FOREACH(shmmap_se, &shmmap_s1->entries, next)
 		if (shmmap_se->va == (vaddr_t)SCARG(uap, shmaddr))
 			break;
 	if (shmmap_se == NULL) {
 		mutex_exit(&shm_lock);
 		return EINVAL;
+	}
 	shmmap_s = shmmap_getprivate(p);
 	if (shmmap_s != shmmap_s1) {
 		/* Map has been copied, lookup entry in new map */
 		SLIST_FOREACH(shmmap_se, &shmmap_s->entries, next)
 			if (shmmap_se->va == (vaddr_t)SCARG(uap, shmaddr))
 				break;
 		if (shmmap_se == NULL) {
 			mutex_exit(&shm_lock);
 			return EINVAL;
+		}
+	}
 	SHMPRINTF(("shmdt: vm %p: remove %d @%lx\n",
 	    p->p_vmspace, shmmap_se->shmid, shmmap_se->va));
 	/* Delete the entry from shm map */
 	uobj = shm_delete_mapping(shmmap_s, shmmap_se);
 	shmseg = &shmsegs[IPCID_TO_IX(shmmap_se->shmid)];
 	size = (shmseg->shm_segsz + PGOFSET) & ~PGOFSET;
 	mutex_exit(&shm_lock);
 	uvm_deallocate(&p->p_vmspace->vm_map, shmmap_se->va, size);
 	if (uobj != NULL) {
 		uao_detach(uobj);
+	}
 	kmem_free(shmmap_se, sizeof(struct shmmap_entry));
 	return 0;
+}
 /*
  * Map shared memory.
  */
 int
 sys_shmat(struct lwp *l, const struct sys_shmat_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) shmid;
 		syscallarg(const void *) shmaddr;
 		syscallarg(int) shmflg;
 	} */
 	int error, flags = 0;
 	struct proc *p = l->l_proc;
 	kauth_cred_t cred = l->l_cred;
 	struct shmid_ds *shmseg;
 	struct shmmap_state *shmmap_s;
 	struct shmmap_entry *shmmap_se;
 	struct uvm_object *uobj;
 	struct vmspace *vm;
 	vaddr_t attach_va;
 	vm_prot_t prot;
 	vsize_t size;
 	/* Allocate a new map entry and set it */
 	shmmap_se = kmem_alloc(sizeof(struct shmmap_entry), KM_SLEEP);
 	shmmap_se->shmid = SCARG(uap, shmid);
 	mutex_enter(&shm_lock);
 	/* In case of reallocation, we will wait for completion */
 	while (__predict_false(shm_realloc_state))
 		cv_wait(&shm_realloc_cv, &shm_lock);
 	shmseg = shm_find_segment_by_shmid(SCARG(uap, shmid));
 	if (shmseg == NULL) {
 		error = EINVAL;
 		goto err;
+	}
 	error = ipcperm(cred, &shmseg->shm_perm,
 	    (SCARG(uap, shmflg) & SHM_RDONLY) ? IPC_R : IPC_R|IPC_W);
 	if (error)
 		goto err;
 	vm = p->p_vmspace;
 	shmmap_s = (struct shmmap_state *)vm->vm_shm;
 	if (shmmap_s && shmmap_s->nitems >= shminfo.shmseg) {
 		error = EMFILE;
 		goto err;
+	}
 	size = (shmseg->shm_segsz + PGOFSET) & ~PGOFSET;
 	prot = VM_PROT_READ;
 	if ((SCARG(uap, shmflg) & SHM_RDONLY) == 0)
 		prot |= VM_PROT_WRITE;
 	if (SCARG(uap, shmaddr)) {
 		flags |= UVM_FLAG_FIXED;
 		if (SCARG(uap, shmflg) & SHM_RND)
 			attach_va =
 			    (vaddr_t)SCARG(uap, shmaddr) & ~(SHMLBA-1);
 		else if (((vaddr_t)SCARG(uap, shmaddr) & (SHMLBA-1)) == 0)
 			attach_va = (vaddr_t)SCARG(uap, shmaddr);
 		else {
 			error = EINVAL;
 			goto err;
+		}
 	} else {
 		/* This is just a hint to uvm_map() about where to put it. */
 		attach_va = p->p_emul->e_vm_default_addr(p,
 		    (vaddr_t)vm->vm_daddr, size);
+	}
 	/*
 	 * Create a map entry, add it to the list and increase the counters.
 	 * The lock will be dropped before the mapping, disable reallocation.
 	 */
 	shmmap_s = shmmap_getprivate(p);
 	SLIST_INSERT_HEAD(&shmmap_s->entries, shmmap_se, next);
 	shmmap_s->nitems++;
 	shmseg->shm_lpid = p->p_pid;
 	shmseg->shm_nattch++;
 	shm_realloc_disable++;
 	mutex_exit(&shm_lock);
 	/*
 	 * Add a reference to the memory object, map it to the
 	 * address space, and lock the memory, if needed.
 	 */
 	uobj = shmseg->_shm_internal;
 	uao_reference(uobj);
 	error = uvm_map(&vm->vm_map, &attach_va, size, uobj, 0, 0,
 	    UVM_MAPFLAG(prot, prot, UVM_INH_SHARE, UVM_ADV_RANDOM, flags));
 	if (error)
 		goto err_detach;
 	if (shm_use_phys || (shmseg->shm_perm.mode & SHMSEG_WIRED)) {
 		error = uvm_map_pageable(&vm->vm_map, attach_va,
 		    attach_va + size, false, 0);
 		if (error) {
 			if (error == EFAULT)
 				error = ENOMEM;
 			uvm_deallocate(&vm->vm_map, attach_va, size);
 			goto err_detach;
+		}
+	}
 	/* Set the new address, and update the time */
 	mutex_enter(&shm_lock);
 	shmmap_se->va = attach_va;
 	shmseg->shm_atime = time_second;
 	shm_realloc_disable--;
 	retval[0] = attach_va;
 	SHMPRINTF(("shmat: vm %p: add %d @%lx\n",
 	    p->p_vmspace, shmmap_se->shmid, attach_va));
 err:
 	cv_broadcast(&shm_realloc_cv);
 	mutex_exit(&shm_lock);
 	if (error && shmmap_se) {
 		kmem_free(shmmap_se, sizeof(struct shmmap_entry));
+	}
 	return error;
 err_detach:
 	uao_detach(uobj);
 	mutex_enter(&shm_lock);
 	uobj = shm_delete_mapping(shmmap_s, shmmap_se);
 	shm_realloc_disable--;
 	cv_broadcast(&shm_realloc_cv);
 	mutex_exit(&shm_lock);
 	if (uobj != NULL) {
 		uao_detach(uobj);
+	}
 	kmem_free(shmmap_se, sizeof(struct shmmap_entry));
 	return error;
+}
 /*
  * Shared memory control operations.
  */
 int
 sys___shmctl50(struct lwp *l, const struct sys___shmctl50_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) shmid;
 		syscallarg(int) cmd;
 		syscallarg(struct shmid_ds *) buf;
 	} */
 	struct shmid_ds shmbuf;
 	int cmd, error;
 	cmd = SCARG(uap, cmd);
 	if (cmd == IPC_SET) {
 		error = copyin(SCARG(uap, buf), &shmbuf, sizeof(shmbuf));
 		if (error)
 			return error;
+	}
 	error = shmctl1(l, SCARG(uap, shmid), cmd,
 	    (cmd == IPC_SET || cmd == IPC_STAT) ? &shmbuf : NULL);
 	if (error == 0 && cmd == IPC_STAT)
 		error = copyout(&shmbuf, SCARG(uap, buf), sizeof(shmbuf));
 	return error;
+}
 int
 shmctl1(struct lwp *l, int shmid, int cmd, struct shmid_ds *shmbuf)
+{
 	struct uvm_object *uobj = NULL;
 	kauth_cred_t cred = l->l_cred;
 	struct shmid_ds *shmseg;
 	int error = 0;
 	mutex_enter(&shm_lock);
 	/* In case of reallocation, we will wait for completion */
 	while (__predict_false(shm_realloc_state))
 		cv_wait(&shm_realloc_cv, &shm_lock);
 	shmseg = shm_find_segment_by_shmid(shmid);
 	if (shmseg == NULL) {
 		mutex_exit(&shm_lock);
 		return EINVAL;
+	}
 	switch (cmd) {
 	case IPC_STAT:
 		if ((error = ipcperm(cred, &shmseg->shm_perm, IPC_R)) != 0)
 			break;
 		memcpy(shmbuf, shmseg, sizeof(struct shmid_ds));
 		break;
 	case IPC_SET:
 		if ((error = ipcperm(cred, &shmseg->shm_perm, IPC_M)) != 0)
 			break;
 		shmseg->shm_perm.uid = shmbuf->shm_perm.uid;
 		shmseg->shm_perm.gid = shmbuf->shm_perm.gid;
 		shmseg->shm_perm.mode =
 		    (shmseg->shm_perm.mode & ~ACCESSPERMS) |
 		    (shmbuf->shm_perm.mode & ACCESSPERMS);
 		shmseg->shm_ctime = time_second;
 		break;
 	case IPC_RMID:
 		if ((error = ipcperm(cred, &shmseg->shm_perm, IPC_M)) != 0)
 			break;
 		shmseg->shm_perm._key = IPC_PRIVATE;
 		shmseg->shm_perm.mode |= SHMSEG_REMOVED;
 		if (shmseg->shm_nattch <= 0) {
 			uobj = shmseg->_shm_internal;
 			shm_free_segment(IPCID_TO_IX(shmid));
+		}
 		break;
 	case SHM_LOCK:
 	case SHM_UNLOCK:
 		if ((error = kauth_authorize_generic(cred,
 		    KAUTH_GENERIC_ISSUSER, NULL)) != 0)
 			break;
 		error = shm_memlock(l, shmseg, shmid, cmd);
 		break;
 	default:
 		error = EINVAL;
+	}
 	mutex_exit(&shm_lock);
 	if (uobj != NULL)
 		uao_detach(uobj);
 	return error;
+}
 /*
  * Try to take an already existing segment.
  *  => must be called with shm_lock held;
  *  => called from one place, thus, inline;
  */
 static inline int
 shmget_existing(struct lwp *l, const struct sys_shmget_args *uap, int mode,
     register_t *retval)
+{
 	struct shmid_ds *shmseg;
 	kauth_cred_t cred = l->l_cred;
 	int segnum, error;
 again:
 	KASSERT(mutex_owned(&shm_lock));
 	/* Find segment by key */
 	for (segnum = 0; segnum < shminfo.shmmni; segnum++)
 		if ((shmsegs[segnum].shm_perm.mode & SHMSEG_ALLOCATED) &&
 		    shmsegs[segnum].shm_perm._key == SCARG(uap, key))
 			break;
 	if (segnum == shminfo.shmmni) {
 		/* Not found */
 		return -1;
+	}
 	shmseg = &shmsegs[segnum];
 	if (shmseg->shm_perm.mode & SHMSEG_REMOVED) {
 		/*
 		 * This segment is in the process of being allocated.  Wait
 		 * until it's done, and look the key up again (in case the
 		 * allocation failed or it was freed).
 		 */
 		shmseg->shm_perm.mode |= SHMSEG_WANTED;
 		error = cv_wait_sig(&shm_cv[segnum], &shm_lock);
 		if (error)
 			return error;
 		goto again;
+	}
 	/*
 	 * First check the flags, to generate a useful error when a
 	 * segment already exists.
 	 */
 	if ((SCARG(uap, shmflg) & (IPC_CREAT | IPC_EXCL)) ==
 	    (IPC_CREAT | IPC_EXCL))
 		return EEXIST;
 	/* Check the permission and segment size. */
 	error = ipcperm(cred, &shmseg->shm_perm, mode);
 	if (error)
 		return error;
 	if (SCARG(uap, size) && SCARG(uap, size) > shmseg->shm_segsz)
 		return EINVAL;
 	*retval = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
 	return 0;
+}
 int
 sys_shmget(struct lwp *l, const struct sys_shmget_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(key_t) key;
 		syscallarg(size_t) size;
 		syscallarg(int) shmflg;
 	} */
 	struct shmid_ds *shmseg;
 	kauth_cred_t cred = l->l_cred;
 	key_t key = SCARG(uap, key);
 	size_t size;
 	int error, mode, segnum;
 	bool lockmem;
 	mode = SCARG(uap, shmflg) & ACCESSPERMS;
 	if (SCARG(uap, shmflg) & _SHM_RMLINGER)
 		mode |= SHMSEG_RMLINGER;
 	SHMPRINTF(("shmget: key 0x%lx size 0x%zx shmflg 0x%x mode 0x%x\n",
 	    SCARG(uap, key), SCARG(uap, size), SCARG(uap, shmflg), mode));
 	mutex_enter(&shm_lock);
 	/* In case of reallocation, we will wait for completion */
 	while (__predict_false(shm_realloc_state))
 		cv_wait(&shm_realloc_cv, &shm_lock);
 	if (key != IPC_PRIVATE) {
 		error = shmget_existing(l, uap, mode, retval);
 		if (error != -1) {
 			mutex_exit(&shm_lock);
 			return error;
+		}
 		if ((SCARG(uap, shmflg) & IPC_CREAT) == 0) {
 			mutex_exit(&shm_lock);
 			return ENOENT;
+		}
+	}
 	error = 0;
 	/*
 	 * Check the for the limits.
 	 */
 	size = SCARG(uap, size);
 	if (size < shminfo.shmmin || size > shminfo.shmmax) {
 		mutex_exit(&shm_lock);
 		return EINVAL;
+	}
 	if (shm_nused >= shminfo.shmmni) {
 		mutex_exit(&shm_lock);
 		return ENOSPC;
+	}
 	size = (size + PGOFSET) & ~PGOFSET;
 	if (shm_committed + btoc(size) > shminfo.shmall) {
 		mutex_exit(&shm_lock);
 		return ENOMEM;
+	}
 	/* Find the first available segment */
 	if (shm_last_free < 0) {
 		for (segnum = 0; segnum < shminfo.shmmni; segnum++)
 			if (shmsegs[segnum].shm_perm.mode & SHMSEG_FREE)
 				break;
 		KASSERT(segnum < shminfo.shmmni);
 	} else {
 		segnum = shm_last_free;
 		shm_last_free = -1;
+	}
 	/*
 	 * Initialize the segment.
 	 * We will drop the lock while allocating the memory, thus mark the
 	 * segment present, but removed, that no other thread could take it.
 	 * Also, disable reallocation, while lock is dropped.
 	 */
 	shmseg = &shmsegs[segnum];
 	shmseg->shm_perm.mode = SHMSEG_ALLOCATED | SHMSEG_REMOVED;
 	shm_committed += btoc(size);
 	shm_nused++;
 	lockmem = shm_use_phys;
 	shm_realloc_disable++;
 	mutex_exit(&shm_lock);
 	/* Allocate the memory object and lock it if needed */
 	shmseg->_shm_internal = uao_create(size, 0);
 	if (lockmem) {
 		/* Wire the pages and tag it */
 		error = uvm_obj_wirepages(shmseg->_shm_internal, 0, size);
 		if (error) {
 			uao_detach(shmseg->_shm_internal);
 			mutex_enter(&shm_lock);
 			shm_free_segment(segnum);
 			shm_realloc_disable--;
 			mutex_exit(&shm_lock);
 			return error;
+		}
+	}
 	/*
 	 * Please note, while segment is marked, there are no need to hold the
 	 * lock, while setting it (except shm_perm.mode).
 	 */
 	shmseg->shm_perm._key = SCARG(uap, key);
 	shmseg->shm_perm._seq = (shmseg->shm_perm._seq + 1) & 0x7fff;
 	*retval = IXSEQ_TO_IPCID(segnum, shmseg->shm_perm);
 	shmseg->shm_perm.cuid = shmseg->shm_perm.uid = kauth_cred_geteuid(cred);
 	shmseg->shm_perm.cgid = shmseg->shm_perm.gid = kauth_cred_getegid(cred);
 	shmseg->shm_segsz = SCARG(uap, size);
 	shmseg->shm_cpid = l->l_proc->p_pid;
 	shmseg->shm_lpid = shmseg->shm_nattch = 0;
 	shmseg->shm_atime = shmseg->shm_dtime = 0;
 	shmseg->shm_ctime = time_second;
 	/*
 	 * Segment is initialized.
 	 * Enter the lock, mark as allocated, and notify waiters (if any).
 	 * Also, unmark the state of reallocation.
 	 */
 	mutex_enter(&shm_lock);
 	shmseg->shm_perm.mode = (shmseg->shm_perm.mode & SHMSEG_WANTED) |
 	    (mode & (ACCESSPERMS | SHMSEG_RMLINGER)) |
 	    SHMSEG_ALLOCATED | (lockmem ? SHMSEG_WIRED : 0);
 	if (shmseg->shm_perm.mode & SHMSEG_WANTED) {
 		shmseg->shm_perm.mode &= ~SHMSEG_WANTED;
 		cv_broadcast(&shm_cv[segnum]);
+	}
 	shm_realloc_disable--;
 	cv_broadcast(&shm_realloc_cv);
 	mutex_exit(&shm_lock);
 	return error;
+}
 void
 shmfork(struct vmspace *vm1, struct vmspace *vm2)
+{
 	struct shmmap_state *shmmap_s;
 	struct shmmap_entry *shmmap_se;
 	SHMPRINTF(("shmfork %p->%p\n", vm1, vm2));
 	mutex_enter(&shm_lock);
 	vm2->vm_shm = vm1->vm_shm;
 	if (vm1->vm_shm) {
 		shmmap_s = (struct shmmap_state *)vm1->vm_shm;
 		SLIST_FOREACH(shmmap_se, &shmmap_s->entries, next)
 			shmsegs[IPCID_TO_IX(shmmap_se->shmid)].shm_nattch++;
 		shmmap_s->nrefs++;
+	}
 	mutex_exit(&shm_lock);
+}
 void
 shmexit(struct vmspace *vm)
+{
 	struct shmmap_state *shmmap_s;
 	struct shmmap_entry *shmmap_se;
 	mutex_enter(&shm_lock);
 	shmmap_s = (struct shmmap_state *)vm->vm_shm;
 	if (shmmap_s == NULL) {
 		mutex_exit(&shm_lock);
 		return;
+	}
 	vm->vm_shm = NULL;
 	if (--shmmap_s->nrefs > 0) {
 		SHMPRINTF(("shmexit: vm %p drop ref (%d entries), refs = %d\n",
 		    vm, shmmap_s->nitems, shmmap_s->nrefs));
 		SLIST_FOREACH(shmmap_se, &shmmap_s->entries, next) {
 			shmsegs[IPCID_TO_IX(shmmap_se->shmid)].shm_nattch--;
+		}
 		mutex_exit(&shm_lock);
 		return;
+	}
 	SHMPRINTF(("shmexit: vm %p cleanup (%d entries)\n", vm, shmmap_s->nitems));
 	if (shmmap_s->nitems == 0) {
 		mutex_exit(&shm_lock);
 		kmem_free(shmmap_s, sizeof(struct shmmap_state));
 		return;
+	}
 	/*
 	 * Delete the entry from shm map.
 	 */
 	for (;;) {
 		struct shmid_ds *shmseg;
 		struct uvm_object *uobj;
 		size_t sz;
 		shmmap_se = SLIST_FIRST(&shmmap_s->entries);
 		KASSERT(shmmap_se != NULL);
 		shmseg = &shmsegs[IPCID_TO_IX(shmmap_se->shmid)];
 		sz = (shmseg->shm_segsz + PGOFSET) & ~PGOFSET;
 		/* shm_delete_mapping() removes from the list. */
 		uobj = shm_delete_mapping(shmmap_s, shmmap_se);
 		mutex_exit(&shm_lock);
 		uvm_deallocate(&vm->vm_map, shmmap_se->va, sz);
 		if (uobj != NULL) {
 			uao_detach(uobj);
+		}
 		kmem_free(shmmap_se, sizeof(struct shmmap_entry));
 		if (SLIST_EMPTY(&shmmap_s->entries)) {
 			break;
+		}
 		mutex_enter(&shm_lock);
 		KASSERT(!SLIST_EMPTY(&shmmap_s->entries));
+	}
 	kmem_free(shmmap_s, sizeof(struct shmmap_state));
+}
 static int
 shmrealloc(int newshmni)
+{
 	vaddr_t v;
 	struct shmid_ds *oldshmsegs, *newshmsegs;
 	kcondvar_t *newshm_cv, *oldshm_cv;
 	size_t sz;
 	int i, lsegid, oldshmni;
 	if (newshmni < 1)
 		return EINVAL;
 	/* Allocate new memory area */
 	sz = ALIGN(newshmni * sizeof(struct shmid_ds)) +
 	    ALIGN(newshmni * sizeof(kcondvar_t));
-	v = uvm_km_alloc(kernel_map, round_page(sz), 0,
+	sz = round_page(sz);
-	    UVM_KMF_WIRED|UVM_KMF_ZERO);
+	v = uvm_km_alloc(kernel_map, sz, 0, UVM_KMF_WIRED|UVM_KMF_ZERO);
 	if (v == 0)
 		return ENOMEM;
 	mutex_enter(&shm_lock);
 	while (shm_realloc_state || shm_realloc_disable)
 		cv_wait(&shm_realloc_cv, &shm_lock);
 	/*
 	 * Get the number of last segment.  Fail we are trying to
 	 * reallocate less memory than we use.
 	 */
 	lsegid = 0;
 	for (i = 0; i < shminfo.shmmni; i++)
 		if ((shmsegs[i].shm_perm.mode & SHMSEG_FREE) == 0)
 			lsegid = i;
 	if (lsegid >= newshmni) {
 		mutex_exit(&shm_lock);
 		uvm_km_free(kernel_map, v, sz, UVM_KMF_WIRED);
 		return EBUSY;
+	}
 	shm_realloc_state = true;
 	newshmsegs = (void *)v;
 	newshm_cv = (void *)((uintptr_t)newshmsegs +
 	    ALIGN(newshmni * sizeof(struct shmid_ds)));
 	/* Copy all memory to the new area */
 	for (i = 0; i < shm_nused; i++)
 		(void)memcpy(&newshmsegs[i], &shmsegs[i],
 		    sizeof(newshmsegs[0]));
 	/* Mark as free all new segments, if there is any */
 	for (; i < newshmni; i++) {
 		cv_init(&newshm_cv[i], "shmwait");
 		newshmsegs[i].shm_perm.mode = SHMSEG_FREE;
 		newshmsegs[i].shm_perm._seq = 0;
+	}
 	oldshmsegs = shmsegs;
 	oldshmni = shminfo.shmmni;
 	shminfo.shmmni = newshmni;
 	shmsegs = newshmsegs;
 	shm_cv = newshm_cv;
 	/* Reallocation completed - notify all waiters, if any */
 	shm_realloc_state = false;
 	cv_broadcast(&shm_realloc_cv);
 	mutex_exit(&shm_lock);
 	/* Release now unused resources. */
 	oldshm_cv = (void *)((uintptr_t)oldshmsegs +
 	    ALIGN(oldshmni * sizeof(struct shmid_ds)));
 	for (i = 0; i < oldshmni; i++)
 		cv_destroy(&oldshm_cv[i]);
 	sz = ALIGN(oldshmni * sizeof(struct shmid_ds)) +
 	    ALIGN(oldshmni * sizeof(kcondvar_t));
 	sz = round_page(sz);
 	uvm_km_free(kernel_map, (vaddr_t)oldshmsegs, sz, UVM_KMF_WIRED);
 	return 0;
+}
 void
 shminit(void)
+{
 	vaddr_t v;
 	size_t sz;
 	int i;
 	mutex_init(&shm_lock, MUTEX_DEFAULT, IPL_NONE);
 	cv_init(&shm_realloc_cv, "shmrealc");
 	/* Allocate the wired memory for our structures */
 	sz = ALIGN(shminfo.shmmni * sizeof(struct shmid_ds)) +
 	    ALIGN(shminfo.shmmni * sizeof(kcondvar_t));
-	v = uvm_km_alloc(kernel_map, round_page(sz), 0,
+	sz = round_page(sz);
-	    UVM_KMF_WIRED|UVM_KMF_ZERO);
+	v = uvm_km_alloc(kernel_map, sz, 0, UVM_KMF_WIRED|UVM_KMF_ZERO);
 	if (v == 0)
 		panic("sysv_shm: cannot allocate memory");
 	shmsegs = (void *)v;
 	shm_cv = (void *)((uintptr_t)shmsegs +
 	    ALIGN(shminfo.shmmni * sizeof(struct shmid_ds)));
 	if (shminfo.shmmax == 0)
 		shminfo.shmmax = max(physmem / 4, 1024) * PAGE_SIZE;
 	else
 		shminfo.shmmax *= PAGE_SIZE;
 	shminfo.shmall = shminfo.shmmax / PAGE_SIZE;
 	for (i = 0; i < shminfo.shmmni; i++) {
 		cv_init(&shm_cv[i], "shmwait");
 		shmsegs[i].shm_perm.mode = SHMSEG_FREE;
 		shmsegs[i].shm_perm._seq = 0;
+	}
 	shm_last_free = 0;
 	shm_nused = 0;
 	shm_committed = 0;
 	shm_realloc_disable = 0;
 	shm_realloc_state = false;
+}
 static int
 sysctl_ipc_shmmni(SYSCTLFN_ARGS)
+{
 	int newsize, error;
 	struct sysctlnode node;
 	node = *rnode;
 	node.sysctl_data = &newsize;
 	newsize = shminfo.shmmni;
 	error = sysctl_lookup(SYSCTLFN_CALL(&node));
 	if (error || newp == NULL)
 		return error;
 	sysctl_unlock();
 	error = shmrealloc(newsize);
 	sysctl_relock();
 	return error;
+}
 static int
 sysctl_ipc_shmmaxpgs(SYSCTLFN_ARGS)
+{
 	uint32_t newsize;
 	int error;
 	struct sysctlnode node;
 	node = *rnode;
 	node.sysctl_data = &newsize;
 	newsize = shminfo.shmall;
 	error = sysctl_lookup(SYSCTLFN_CALL(&node));
 	if (error || newp == NULL)
 		return error;
 	if (newsize < 1)
 		return EINVAL;
 	shminfo.shmall = newsize;
 	shminfo.shmmax = (uint64_t)shminfo.shmall * PAGE_SIZE;
 	return 0;
+}
 static int
 sysctl_ipc_shmmax(SYSCTLFN_ARGS)
+{
 	uint64_t newsize;
 	int error;
 	struct sysctlnode node;
 	node = *rnode;
 	node.sysctl_data = &newsize;
 	newsize = shminfo.shmmax;
 	error = sysctl_lookup(SYSCTLFN_CALL(&node));
 	if (error || newp == NULL)
 		return error;
 	if (newsize < PAGE_SIZE)
 		return EINVAL;
 	shminfo.shmmax = round_page(newsize);
 	shminfo.shmall = shminfo.shmmax >> PAGE_SHIFT;
 	return 0;
+}
 SYSCTL_SETUP(sysctl_ipc_shm_setup, "sysctl kern.ipc subtree setup")
+{
 	sysctl_createv(clog, 0, NULL, NULL,
 		CTLFLAG_PERMANENT,
 		CTLTYPE_NODE, "kern", NULL,
 		NULL, 0, NULL, 0,
 		CTL_KERN, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		CTLFLAG_PERMANENT,
 		CTLTYPE_NODE, "ipc",
 		SYSCTL_DESCR("SysV IPC options"),
 		NULL, 0, NULL, 0,
 		CTL_KERN, KERN_SYSVIPC, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_QUAD, "shmmax",
 		SYSCTL_DESCR("Max shared memory segment size in bytes"),
 		sysctl_ipc_shmmax, 0, &shminfo.shmmax, 0,
 		CTL_KERN, KERN_SYSVIPC, KERN_SYSVIPC_SHMMAX, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_INT, "shmmni",
 		SYSCTL_DESCR("Max number of shared memory identifiers"),
 		sysctl_ipc_shmmni, 0, &shminfo.shmmni, 0,
 		CTL_KERN, KERN_SYSVIPC, KERN_SYSVIPC_SHMMNI, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_INT, "shmseg",
 		SYSCTL_DESCR("Max shared memory segments per process"),
 		NULL, 0, &shminfo.shmseg, 0,
 		CTL_KERN, KERN_SYSVIPC, KERN_SYSVIPC_SHMSEG, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_INT, "shmmaxpgs",
 		SYSCTL_DESCR("Max amount of shared memory in pages"),
 		sysctl_ipc_shmmaxpgs, 0, &shminfo.shmall, 0,
 		CTL_KERN, KERN_SYSVIPC, KERN_SYSVIPC_SHMMAXPGS, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 		CTLTYPE_INT, "shm_use_phys",
 		SYSCTL_DESCR("Enable/disable locking of shared memory in "
 		    "physical memory"), NULL, 0, &shm_use_phys, 0,
 		CTL_KERN, KERN_SYSVIPC, KERN_SYSVIPC_SHMUSEPHYS, CTL_EOL);
+}