xref: /netbsd-src/sys/kern/uipc_syscalls.c (revision 369bde8f44daf5ad74687d82554eae9c577ea65d) 
1 /*	$NetBSD: uipc_syscalls.c,v 1.214 2024/12/06 18:44:00 riastradh Exp $	*/
2 
3 /*-
4  * Copyright (c) 2008, 2009, 2023 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Andrew Doran.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 /*
33  * Copyright (c) 1982, 1986, 1989, 1990, 1993
34  *	The Regents of the University of California.  All rights reserved.
35  *
36  * Redistribution and use in source and binary forms, with or without
37  * modification, are permitted provided that the following conditions
38  * are met:
39  * 1. Redistributions of source code must retain the above copyright
40  *    notice, this list of conditions and the following disclaimer.
41  * 2. Redistributions in binary form must reproduce the above copyright
42  *    notice, this list of conditions and the following disclaimer in the
43  *    documentation and/or other materials provided with the distribution.
44  * 3. Neither the name of the University nor the names of its contributors
45  *    may be used to endorse or promote products derived from this software
46  *    without specific prior written permission.
47  *
48  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58  * SUCH DAMAGE.
59  *
60  *	@(#)uipc_syscalls.c	8.6 (Berkeley) 2/14/95
61  */
62 
63 #define MBUFTYPES
64 
65 #include <sys/cdefs.h>
66 __KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.214 2024/12/06 18:44:00 riastradh Exp $");
67 
68 #ifdef _KERNEL_OPT
69 #include "opt_pipe.h"
70 #include "opt_sctp.h"
71 #endif
72 
73 #include <sys/param.h>
74 #include <sys/types.h>
75 
76 #include <sys/atomic.h>
77 #include <sys/buf.h>
78 #include <sys/event.h>
79 #include <sys/file.h>
80 #include <sys/filedesc.h>
81 #include <sys/kauth.h>
82 #include <sys/ktrace.h>
83 #include <sys/mbuf.h>
84 #include <sys/mount.h>
85 #include <sys/proc.h>
86 #include <sys/protosw.h>
87 #include <sys/sdt.h>
88 #include <sys/signalvar.h>
89 #include <sys/socket.h>
90 #include <sys/socketvar.h>
91 #include <sys/syscallargs.h>
92 #include <sys/systm.h>
93 #include <sys/un.h>
94 
95 #ifdef SCTP
96 #include <netinet/sctp_peeloff.h>
97 #include <netinet/sctp_uio.h>
98 #endif
99 
100 /*
101  * System call interface to the socket abstraction.
102  */
103 extern const struct fileops socketops;
104 
105 static int	sockargs_sb(struct sockaddr_big *, const void *, socklen_t);
106 
107 int
108 sys___socket30(struct lwp *l, const struct sys___socket30_args *uap,
109     register_t *retval)
110 {
111 	/* {
112 		syscallarg(int)	domain;
113 		syscallarg(int)	type;
114 		syscallarg(int)	protocol;
115 	} */
116 	int fd, error;
117 	file_t *fp;
118 
119 	error = fsocreate(SCARG(uap, domain), NULL, SCARG(uap, type),
120 	    SCARG(uap, protocol), &fd, &fp, NULL);
121 	if (error == 0) {
122 		fd_affix(l->l_proc, fp, fd);
123 		*retval = fd;
124 	}
125 	return error;
126 }
127 
128 int
129 sys_bind(struct lwp *l, const struct sys_bind_args *uap, register_t *retval)
130 {
131 	/* {
132 		syscallarg(int)				s;
133 		syscallarg(const struct sockaddr *)	name;
134 		syscallarg(unsigned int)		namelen;
135 	} */
136 	int		error;
137 	struct sockaddr_big sb;
138 
139 	error = sockargs_sb(&sb, SCARG(uap, name), SCARG(uap, namelen));
140 	if (error)
141 		return error;
142 
143 	return do_sys_bind(l, SCARG(uap, s), (struct sockaddr *)&sb);
144 }
145 
146 int
147 do_sys_bind(struct lwp *l, int fd, struct sockaddr *nam)
148 {
149 	struct socket	*so;
150 	int		error;
151 
152 	if ((error = fd_getsock(fd, &so)) != 0)
153 		return error;
154 	error = sobind(so, nam, l);
155 	fd_putfile(fd);
156 	return error;
157 }
158 
159 int
160 sys_listen(struct lwp *l, const struct sys_listen_args *uap, register_t *retval)
161 {
162 	/* {
163 		syscallarg(int)	s;
164 		syscallarg(int)	backlog;
165 	} */
166 	struct socket	*so;
167 	int		error;
168 
169 	if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
170 		return (error);
171 	error = solisten(so, SCARG(uap, backlog), l);
172 	fd_putfile(SCARG(uap, s));
173 	return error;
174 }
175 
176 int
177 do_sys_accept(struct lwp *l, int sock, struct sockaddr *name,
178     register_t *new_sock, const sigset_t *mask, int flags, int clrflags)
179 {
180 	file_t		*fp, *fp2;
181 	int		error, fd;
182 	struct socket	*so, *so2;
183 	short		wakeup_state = 0;
184 
185 	if ((fp = fd_getfile(sock)) == NULL)
186 		return SET_ERROR(EBADF);
187 	if (fp->f_type != DTYPE_SOCKET) {
188 		fd_putfile(sock);
189 		return SET_ERROR(ENOTSOCK);
190 	}
191 	if ((error = fd_allocfile(&fp2, &fd)) != 0) {
192 		fd_putfile(sock);
193 		return error;
194 	}
195 	*new_sock = fd;
196 	so = fp->f_socket;
197 	solock(so);
198 
199 	if (__predict_false(mask))
200 		sigsuspendsetup(l, mask);
201 
202 	if (!(so->so_proto->pr_flags & PR_LISTEN)) {
203 		error = SET_ERROR(EOPNOTSUPP);
204 		goto bad;
205 	}
206 	if ((so->so_options & SO_ACCEPTCONN) == 0) {
207 		error = SET_ERROR(EINVAL);
208 		goto bad;
209 	}
210 	if ((so->so_state & SS_NBIO) && so->so_qlen == 0) {
211 		error = SET_ERROR(EWOULDBLOCK);
212 		goto bad;
213 	}
214 	while (so->so_qlen == 0 && so->so_error == 0) {
215 		if (so->so_state & SS_CANTRCVMORE) {
216 			so->so_error = SET_ERROR(ECONNABORTED);
217 			break;
218 		}
219 		if (wakeup_state & SS_RESTARTSYS) {
220 			error = SET_ERROR(ERESTART);
221 			goto bad;
222 		}
223 		error = sowait(so, true, 0);
224 		if (error) {
225 			goto bad;
226 		}
227 		wakeup_state = so->so_state;
228 	}
229 	if (so->so_error) {
230 		error = SET_ERROR(so->so_error);
231 		so->so_error = 0;
232 		goto bad;
233 	}
234 	/* connection has been removed from the listen queue */
235 	KNOTE(&so->so_rcv.sb_sel.sel_klist, NOTE_SUBMIT);
236 	so2 = TAILQ_FIRST(&so->so_q);
237 	if (soqremque(so2, 1) == 0)
238 		panic("accept");
239 	fp2->f_type = DTYPE_SOCKET;
240 	fp2->f_flag = (fp->f_flag & ~clrflags) |
241 	    ((flags & SOCK_NONBLOCK) ? FNONBLOCK : 0)|
242 	    ((flags & SOCK_NOSIGPIPE) ? FNOSIGPIPE : 0);
243 	fp2->f_ops = &socketops;
244 	fp2->f_socket = so2;
245 	if (fp2->f_flag & FNONBLOCK)
246 		so2->so_state |= SS_NBIO;
247 	else
248 		so2->so_state &= ~SS_NBIO;
249 	error = soaccept(so2, name);
250 	so2->so_cred = kauth_cred_hold(so->so_cred);
251 	sounlock(so);
252 	if (error) {
253 		/* an error occurred, free the file descriptor and mbuf */
254 		mutex_enter(&fp2->f_lock);
255 		fp2->f_count++;
256 		mutex_exit(&fp2->f_lock);
257 		closef(fp2);
258 		fd_abort(curproc, NULL, fd);
259 	} else {
260 		fd_set_exclose(l, fd, (flags & SOCK_CLOEXEC) != 0);
261 		fd_affix(curproc, fp2, fd);
262 	}
263 	fd_putfile(sock);
264 	if (__predict_false(mask))
265 		sigsuspendteardown(l);
266 	return error;
267  bad:
268 	sounlock(so);
269 	fd_putfile(sock);
270 	fd_abort(curproc, fp2, fd);
271 	if (__predict_false(mask))
272 		sigsuspendteardown(l);
273 	return error;
274 }
275 
276 int
277 sys_accept(struct lwp *l, const struct sys_accept_args *uap, register_t *retval)
278 {
279 	/* {
280 		syscallarg(int)			s;
281 		syscallarg(struct sockaddr *)	name;
282 		syscallarg(unsigned int *)	anamelen;
283 	} */
284 	int error, fd;
285 	struct sockaddr_big name;
286 
287 	name.sb_len = UCHAR_MAX;
288 	error = do_sys_accept(l, SCARG(uap, s), (struct sockaddr *)&name,
289 	    retval, NULL, 0, 0);
290 	if (error != 0)
291 		return error;
292 	error = copyout_sockname_sb(SCARG(uap, name), SCARG(uap, anamelen),
293 	    MSG_LENUSRSPACE, &name);
294 	if (error != 0) {
295 		fd = (int)*retval;
296 		if (fd_getfile(fd) != NULL)
297 			(void)fd_close(fd);
298 	}
299 	return error;
300 }
301 
302 int
303 sys_paccept(struct lwp *l, const struct sys_paccept_args *uap,
304     register_t *retval)
305 {
306 	/* {
307 		syscallarg(int)			s;
308 		syscallarg(struct sockaddr *)	name;
309 		syscallarg(unsigned int *)	anamelen;
310 		syscallarg(const sigset_t *)	mask;
311 		syscallarg(int)			flags;
312 	} */
313 	int error, fd;
314 	struct sockaddr_big name;
315 	sigset_t *mask, amask;
316 
317 	if (SCARG(uap, mask) != NULL) {
318 		error = copyin(SCARG(uap, mask), &amask, sizeof(amask));
319 		if (error)
320 			return error;
321 		mask = &amask;
322 	} else
323 		mask = NULL;
324 
325 	name.sb_len = UCHAR_MAX;
326 	error = do_sys_accept(l, SCARG(uap, s), (struct sockaddr *)&name,
327 	    retval, mask, SCARG(uap, flags), FNONBLOCK);
328 	if (error != 0)
329 		return error;
330 	error = copyout_sockname_sb(SCARG(uap, name), SCARG(uap, anamelen),
331 	    MSG_LENUSRSPACE, &name);
332 	if (error != 0) {
333 		fd = (int)*retval;
334 		if (fd_getfile(fd) != NULL)
335 			(void)fd_close(fd);
336 	}
337 	return error;
338 }
339 
340 int
341 sys_connect(struct lwp *l, const struct sys_connect_args *uap,
342     register_t *retval)
343 {
344 	/* {
345 		syscallarg(int)				s;
346 		syscallarg(const struct sockaddr *)	name;
347 		syscallarg(unsigned int)		namelen;
348 	} */
349 	int		error;
350 	struct sockaddr_big sbig;
351 
352 	error = sockargs_sb(&sbig, SCARG(uap, name), SCARG(uap, namelen));
353 	if (error)
354 		return error;
355 	return do_sys_connect(l, SCARG(uap, s), (struct sockaddr *)&sbig);
356 }
357 
358 int
359 do_sys_connect(struct lwp *l, int fd, struct sockaddr *nam)
360 {
361 	struct socket	*so;
362 	int		error;
363 	int		interrupted = 0;
364 
365 	if ((error = fd_getsock(fd, &so)) != 0) {
366 		return (error);
367 	}
368 	solock(so);
369 	if ((so->so_state & SS_ISCONNECTING) != 0) {
370 		error = SET_ERROR(EALREADY);
371 		goto out;
372 	}
373 
374 	error = soconnect(so, nam, l);
375 	if (error)
376 		goto bad;
377 	if ((so->so_state & (SS_NBIO|SS_ISCONNECTING)) ==
378 	    (SS_NBIO|SS_ISCONNECTING)) {
379 		error = SET_ERROR(EINPROGRESS);
380 		goto out;
381 	}
382 	while ((so->so_state & SS_ISCONNECTING) != 0 && so->so_error == 0) {
383 		error = sowait(so, true, 0);
384 		if (__predict_false((so->so_state & SS_ISABORTING) != 0)) {
385 			error = SET_ERROR(EPIPE);
386 			interrupted = 1;
387 			break;
388 		}
389 		if (error) {
390 			if (error == EINTR || error == ERESTART)
391 				interrupted = 1;
392 			break;
393 		}
394 	}
395 	if (error == 0) {
396 		error = SET_ERROR(so->so_error);
397 		so->so_error = 0;
398 	}
399  bad:
400 	if (!interrupted)
401 		so->so_state &= ~SS_ISCONNECTING;
402 	if (error == ERESTART)
403 		error = SET_ERROR(EINTR);
404  out:
405 	sounlock(so);
406 	fd_putfile(fd);
407 	return error;
408 }
409 
410 int
411 sys_socketpair(struct lwp *l, const struct sys_socketpair_args *uap,
412     register_t *retval)
413 {
414 	/* {
415 		syscallarg(int)		domain;
416 		syscallarg(int)		type;
417 		syscallarg(int)		protocol;
418 		syscallarg(int *)	rsv;
419 	} */
420 	file_t		*fp1, *fp2;
421 	struct socket	*so1, *so2;
422 	int		fd, error, sv[2];
423 	proc_t		*p = curproc;
424 	int		flags = SCARG(uap, type) & SOCK_FLAGS_MASK;
425 	int		type = SCARG(uap, type) & ~SOCK_FLAGS_MASK;
426 	int		domain = SCARG(uap, domain);
427 	int		proto = SCARG(uap, protocol);
428 
429 	error = fsocreate(domain, &so1, type|flags, proto, &fd, &fp1, NULL);
430 	if (error)
431 		return error;
432 	sv[0] = fd;
433 
434 	error = fsocreate(domain, &so2, type|flags, proto, &fd, &fp2, so1);
435 	if (error)
436 		goto out;
437 	sv[1] = fd;
438 
439 	solock(so1);
440 	error = soconnect2(so1, so2);
441 	if (error == 0 && type == SOCK_DGRAM) {
442 		/*
443 		 * Datagram socket connection is asymmetric.
444 		 */
445 		error = soconnect2(so2, so1);
446 	}
447 	sounlock(so1);
448 
449 	if (error == 0)
450 		error = copyout(sv, SCARG(uap, rsv), sizeof(sv));
451 	if (error == 0) {
452 		fd_affix(p, fp2, sv[1]);
453 		fd_affix(p, fp1, sv[0]);
454 		return 0;
455 	}
456 	fd_abort(p, fp2, sv[1]);
457 	(void)soclose(so2);
458 out:
459 	fd_abort(p, fp1, sv[0]);
460 	(void)soclose(so1);
461 	return error;
462 }
463 
464 int
465 sys_sendto(struct lwp *l, const struct sys_sendto_args *uap,
466     register_t *retval)
467 {
468 	/* {
469 		syscallarg(int)				s;
470 		syscallarg(const void *)		buf;
471 		syscallarg(size_t)			len;
472 		syscallarg(int)				flags;
473 		syscallarg(const struct sockaddr *)	to;
474 		syscallarg(unsigned int)		tolen;
475 	} */
476 	struct msghdr	msg = {0};
477 	struct iovec	aiov;
478 
479 	msg.msg_name = __UNCONST(SCARG(uap, to)); /* XXXUNCONST kills const */
480 	msg.msg_namelen = SCARG(uap, tolen);
481 	msg.msg_iov = &aiov;
482 	msg.msg_iovlen = 1;
483 	msg.msg_control = NULL;
484 	msg.msg_flags = 0;
485 	aiov.iov_base = __UNCONST(SCARG(uap, buf)); /* XXXUNCONST kills const */
486 	aiov.iov_len = SCARG(uap, len);
487 	return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags),
488 	    retval);
489 }
490 
491 int
492 sys_sendmsg(struct lwp *l, const struct sys_sendmsg_args *uap,
493     register_t *retval)
494 {
495 	/* {
496 		syscallarg(int)				s;
497 		syscallarg(const struct msghdr *)	msg;
498 		syscallarg(int)				flags;
499 	} */
500 	struct msghdr	msg;
501 	int		error;
502 
503 	error = copyin(SCARG(uap, msg), &msg, sizeof(msg));
504 	if (error)
505 		return (error);
506 
507 	msg.msg_flags = MSG_IOVUSRSPACE;
508 	return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags),
509 	    retval);
510 }
511 
512 int
513 do_sys_sendmsg_so(struct lwp *l, int s, struct socket *so, file_t *fp,
514     struct msghdr *mp, int flags, register_t *retsize)
515 {
516 
517 	struct iovec	aiov[UIO_SMALLIOV], *iov = aiov, *tiov, *ktriov = NULL;
518 	struct sockaddr *sa = NULL;
519 	struct mbuf	*to, *control;
520 	struct uio	auio;
521 	size_t		len, iovsz;
522 	int		i, error;
523 
524 	ktrkuser("msghdr", mp, sizeof(*mp));
525 
526 	/* If the caller passed us stuff in mbufs, we must free them. */
527 	to = (mp->msg_flags & MSG_NAMEMBUF) ? mp->msg_name : NULL;
528 	control = (mp->msg_flags & MSG_CONTROLMBUF) ? mp->msg_control : NULL;
529 	iovsz = mp->msg_iovlen * sizeof(struct iovec);
530 
531 	if (mp->msg_flags & MSG_IOVUSRSPACE) {
532 		if ((unsigned int)mp->msg_iovlen > UIO_SMALLIOV) {
533 			if ((unsigned int)mp->msg_iovlen > IOV_MAX) {
534 				error = SET_ERROR(EMSGSIZE);
535 				goto bad;
536 			}
537 			iov = kmem_alloc(iovsz, KM_SLEEP);
538 		}
539 		if (mp->msg_iovlen != 0) {
540 			error = copyin(mp->msg_iov, iov, iovsz);
541 			if (error)
542 				goto bad;
543 		}
544 		auio.uio_iov = iov;
545 	} else
546 		auio.uio_iov = mp->msg_iov;
547 
548 	auio.uio_iovcnt = mp->msg_iovlen;
549 	auio.uio_rw = UIO_WRITE;
550 	auio.uio_offset = 0;			/* XXX */
551 	auio.uio_resid = 0;
552 	KASSERT(l == curlwp);
553 	auio.uio_vmspace = l->l_proc->p_vmspace;
554 
555 	tiov = auio.uio_iov;
556 	for (i = 0; i < auio.uio_iovcnt; i++, tiov++) {
557 		/*
558 		 * Writes return ssize_t because -1 is returned on error.
559 		 * Therefore, we must restrict the length to SSIZE_MAX to
560 		 * avoid garbage return values.
561 		 */
562 		auio.uio_resid += tiov->iov_len;
563 		if (tiov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
564 			error = SET_ERROR(EINVAL);
565 			goto bad;
566 		}
567 	}
568 
569 	if (mp->msg_name && to == NULL) {
570 		error = sockargs(&to, mp->msg_name, mp->msg_namelen,
571 		    UIO_USERSPACE, MT_SONAME);
572 		if (error)
573 			goto bad;
574 	}
575 
576 	if (mp->msg_control) {
577 		if (mp->msg_controllen < CMSG_ALIGN(sizeof(struct cmsghdr))) {
578 			error = SET_ERROR(EINVAL);
579 			goto bad;
580 		}
581 		if (control == NULL) {
582 			error = sockargs(&control, mp->msg_control,
583 			    mp->msg_controllen, UIO_USERSPACE, MT_CONTROL);
584 			if (error)
585 				goto bad;
586 		}
587 	}
588 
589 	if (ktrpoint(KTR_GENIO) && iovsz > 0) {
590 		ktriov = kmem_alloc(iovsz, KM_SLEEP);
591 		memcpy(ktriov, auio.uio_iov, iovsz);
592 	}
593 
594 	if (mp->msg_name)
595 		MCLAIM(to, so->so_mowner);
596 	if (mp->msg_control)
597 		MCLAIM(control, so->so_mowner);
598 
599 	if (to) {
600 		sa = mtod(to, struct sockaddr *);
601 	}
602 
603 	len = auio.uio_resid;
604 	error = (*so->so_send)(so, sa, &auio, NULL, control, flags, l);
605 	/* Protocol is responsible for freeing 'control' */
606 	control = NULL;
607 
608 	if (error) {
609 		if (auio.uio_resid != len && (error == ERESTART ||
610 		    error == EINTR || error == EWOULDBLOCK))
611 			error = 0;
612 		if (error == EPIPE && (fp->f_flag & FNOSIGPIPE) == 0 &&
613 		    (flags & MSG_NOSIGNAL) == 0) {
614 			mutex_enter(&proc_lock);
615 			psignal(l->l_proc, SIGPIPE);
616 			mutex_exit(&proc_lock);
617 		}
618 	}
619 	if (error == 0)
620 		*retsize = len - auio.uio_resid;
621 
622 bad:
623 	if (ktriov != NULL) {
624 		ktrgeniov(s, UIO_WRITE, ktriov, *retsize, error);
625 		kmem_free(ktriov, iovsz);
626 	}
627 
628 	if (iov != aiov)
629 		kmem_free(iov, iovsz);
630 	m_freem(to);
631 	m_freem(control);
632 
633 	return error;
634 }
635 
636 int
637 do_sys_sendmsg(struct lwp *l, int s, struct msghdr *mp, int flags,
638     register_t *retsize)
639 {
640 	int		error;
641 	struct socket	*so;
642 	file_t		*fp;
643 
644 	if ((error = fd_getsock1(s, &so, &fp)) != 0) {
645 		/* We have to free msg_name and msg_control ourselves */
646 		if (mp->msg_flags & MSG_NAMEMBUF)
647 			m_freem(mp->msg_name);
648 		if (mp->msg_flags & MSG_CONTROLMBUF)
649 			m_freem(mp->msg_control);
650 		return error;
651 	}
652 	error = do_sys_sendmsg_so(l, s, so, fp, mp, flags, retsize);
653 	/* msg_name and msg_control freed */
654 	fd_putfile(s);
655 	return error;
656 }
657 
658 int
659 sys_recvfrom(struct lwp *l, const struct sys_recvfrom_args *uap,
660     register_t *retval)
661 {
662 	/* {
663 		syscallarg(int)			s;
664 		syscallarg(void *)		buf;
665 		syscallarg(size_t)		len;
666 		syscallarg(int)			flags;
667 		syscallarg(struct sockaddr *)	from;
668 		syscallarg(unsigned int *)	fromlenaddr;
669 	} */
670 	struct msghdr	msg = {0};
671 	struct iovec	aiov;
672 	int		error;
673 	struct mbuf	*from;
674 
675 	msg.msg_name = NULL;
676 	msg.msg_iov = &aiov;
677 	msg.msg_iovlen = 1;
678 	aiov.iov_base = SCARG(uap, buf);
679 	aiov.iov_len = SCARG(uap, len);
680 	msg.msg_control = NULL;
681 	msg.msg_flags = SCARG(uap, flags) & MSG_USERFLAGS;
682 
683 	error = do_sys_recvmsg(l, SCARG(uap, s), &msg, &from, NULL, retval);
684 	if (error != 0)
685 		return error;
686 
687 	error = copyout_sockname(SCARG(uap, from), SCARG(uap, fromlenaddr),
688 	    MSG_LENUSRSPACE, from);
689 	if (from != NULL)
690 		m_free(from);
691 	return error;
692 }
693 
694 int
695 sys_recvmsg(struct lwp *l, const struct sys_recvmsg_args *uap,
696     register_t *retval)
697 {
698 	/* {
699 		syscallarg(int)			s;
700 		syscallarg(struct msghdr *)	msg;
701 		syscallarg(int)			flags;
702 	} */
703 	struct msghdr	msg;
704 	int		error;
705 	struct mbuf	*from, *control;
706 
707 	error = copyin(SCARG(uap, msg), &msg, sizeof(msg));
708 	if (error)
709 		return error;
710 
711 	msg.msg_flags = (SCARG(uap, flags) & MSG_USERFLAGS) | MSG_IOVUSRSPACE;
712 
713 	error = do_sys_recvmsg(l, SCARG(uap, s), &msg, &from,
714 	    msg.msg_control != NULL ? &control : NULL, retval);
715 	if (error != 0)
716 		return error;
717 
718 	if (msg.msg_control != NULL)
719 		error = copyout_msg_control(l, &msg, control);
720 
721 	if (error == 0)
722 		error = copyout_sockname(msg.msg_name, &msg.msg_namelen, 0,
723 			from);
724 	if (from != NULL)
725 		m_free(from);
726 	if (error == 0) {
727 		ktrkuser("msghdr", &msg, sizeof(msg));
728 		error = copyout(&msg, SCARG(uap, msg), sizeof(msg));
729 	}
730 
731 	return error;
732 }
733 
734 int
735 sys_sendmmsg(struct lwp *l, const struct sys_sendmmsg_args *uap,
736     register_t *retval)
737 {
738 	/* {
739 		syscallarg(int)			s;
740 		syscallarg(struct mmsghdr *)	mmsg;
741 		syscallarg(unsigned int)	vlen;
742 		syscallarg(unsigned int)	flags;
743 	} */
744 	struct mmsghdr mmsg;
745 	struct socket *so;
746 	file_t *fp;
747 	struct msghdr *msg = &mmsg.msg_hdr;
748 	int error, s;
749 	unsigned int vlen, flags, dg;
750 
751 	s = SCARG(uap, s);
752 	if ((error = fd_getsock1(s, &so, &fp)) != 0)
753 		return error;
754 
755 	vlen = SCARG(uap, vlen);
756 	if (vlen > 1024)
757 		vlen = 1024;
758 
759 	flags = (SCARG(uap, flags) & MSG_USERFLAGS) | MSG_IOVUSRSPACE;
760 
761 	for (dg = 0; dg < vlen;) {
762 		error = copyin(SCARG(uap, mmsg) + dg, &mmsg, sizeof(mmsg));
763 		if (error)
764 			break;
765 
766 		msg->msg_flags = flags;
767 
768 		error = do_sys_sendmsg_so(l, s, so, fp, msg, flags, retval);
769 		if (error)
770 			break;
771 
772 		ktrkuser("msghdr", msg, sizeof(*msg));
773 		mmsg.msg_len = *retval;
774 		error = copyout(&mmsg, SCARG(uap, mmsg) + dg, sizeof(mmsg));
775 		if (error)
776 			break;
777 		dg++;
778 
779 	}
780 
781 	*retval = dg;
782 
783 	fd_putfile(s);
784 
785 	/*
786 	 * If we succeeded at least once, return 0.
787 	 */
788 	if (dg)
789 		return 0;
790 	return error;
791 }
792 
793 /*
794  * Adjust for a truncated SCM_RIGHTS control message.
795  *  This means closing any file descriptors that aren't present
796  *  in the returned buffer.
797  *  m is the mbuf holding the (already externalized) SCM_RIGHTS message.
798  */
799 static void
800 free_rights(struct mbuf *m)
801 {
802 	struct cmsghdr *cm;
803 	int *fdv;
804 	unsigned int nfds, i;
805 
806 	KASSERT(sizeof(*cm) <= m->m_len);
807 	cm = mtod(m, struct cmsghdr *);
808 
809 	KASSERT(CMSG_ALIGN(sizeof(*cm)) <= cm->cmsg_len);
810 	KASSERT(cm->cmsg_len <= m->m_len);
811 	nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof(int);
812 	fdv = (int *)CMSG_DATA(cm);
813 
814 	for (i = 0; i < nfds; i++)
815 		if (fd_getfile(fdv[i]) != NULL)
816 			(void)fd_close(fdv[i]);
817 }
818 
819 void
820 free_control_mbuf(struct lwp *l, struct mbuf *control, struct mbuf *uncopied)
821 {
822 	struct mbuf *next;
823 	struct cmsghdr *cmsg;
824 	bool do_free_rights = false;
825 
826 	while (control != NULL) {
827 		cmsg = mtod(control, struct cmsghdr *);
828 		if (control == uncopied)
829 			do_free_rights = true;
830 		if (do_free_rights && cmsg->cmsg_level == SOL_SOCKET
831 		    && cmsg->cmsg_type == SCM_RIGHTS)
832 			free_rights(control);
833 		next = control->m_next;
834 		m_free(control);
835 		control = next;
836 	}
837 }
838 
839 /* Copy socket control/CMSG data to user buffer, frees the mbuf */
840 int
841 copyout_msg_control(struct lwp *l, struct msghdr *mp, struct mbuf *control)
842 {
843 	int i, len, error = 0;
844 	struct cmsghdr *cmsg;
845 	struct mbuf *m;
846 	char *q;
847 
848 	len = mp->msg_controllen;
849 	if (len <= 0 || control == 0) {
850 		mp->msg_controllen = 0;
851 		free_control_mbuf(l, control, control);
852 		return 0;
853 	}
854 
855 	q = (char *)mp->msg_control;
856 
857 	for (m = control; m != NULL; ) {
858 		cmsg = mtod(m, struct cmsghdr *);
859 		i = m->m_len;
860 		if (len < i) {
861 			mp->msg_flags |= MSG_CTRUNC;
862 			if (cmsg->cmsg_level == SOL_SOCKET
863 			    && cmsg->cmsg_type == SCM_RIGHTS)
864 				/* Do not truncate me ... */
865 				break;
866 			i = len;
867 		}
868 		error = copyout(mtod(m, void *), q, i);
869 		ktrkuser(mbuftypes[MT_CONTROL], cmsg, cmsg->cmsg_len);
870 		if (error != 0) {
871 			/* We must free all the SCM_RIGHTS */
872 			m = control;
873 			break;
874 		}
875 		m = m->m_next;
876 		if (m)
877 			i = ALIGN(i);
878 		q += i;
879 		len -= i;
880 		if (len <= 0)
881 			break;
882 	}
883 
884 	free_control_mbuf(l, control, m);
885 
886 	mp->msg_controllen = q - (char *)mp->msg_control;
887 	return error;
888 }
889 
890 int
891 do_sys_recvmsg_so(struct lwp *l, int s, struct socket *so, struct msghdr *mp,
892     struct mbuf **from, struct mbuf **control, register_t *retsize)
893 {
894 	struct iovec	aiov[UIO_SMALLIOV], *iov = aiov, *tiov, *ktriov = NULL;
895 	struct uio	auio;
896 	size_t		len, iovsz;
897 	int		i, error;
898 
899 	ktrkuser("msghdr", mp, sizeof(*mp));
900 
901 	*from = NULL;
902 	if (control != NULL)
903 		*control = NULL;
904 
905 	iovsz = mp->msg_iovlen * sizeof(struct iovec);
906 
907 	if (mp->msg_flags & MSG_IOVUSRSPACE) {
908 		if ((unsigned int)mp->msg_iovlen > UIO_SMALLIOV) {
909 			if ((unsigned int)mp->msg_iovlen > IOV_MAX) {
910 				error = SET_ERROR(EMSGSIZE);
911 				goto out;
912 			}
913 			iov = kmem_alloc(iovsz, KM_SLEEP);
914 		}
915 		if (mp->msg_iovlen != 0) {
916 			error = copyin(mp->msg_iov, iov, iovsz);
917 			if (error)
918 				goto out;
919 		}
920 		auio.uio_iov = iov;
921 	} else
922 		auio.uio_iov = mp->msg_iov;
923 	auio.uio_iovcnt = mp->msg_iovlen;
924 	auio.uio_rw = UIO_READ;
925 	auio.uio_offset = 0;			/* XXX */
926 	auio.uio_resid = 0;
927 	KASSERT(l == curlwp);
928 	auio.uio_vmspace = l->l_proc->p_vmspace;
929 
930 	tiov = auio.uio_iov;
931 	for (i = 0; i < auio.uio_iovcnt; i++, tiov++) {
932 		/*
933 		 * Reads return ssize_t because -1 is returned on error.
934 		 * Therefore we must restrict the length to SSIZE_MAX to
935 		 * avoid garbage return values.
936 		 */
937 		auio.uio_resid += tiov->iov_len;
938 		if (tiov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
939 			error = SET_ERROR(EINVAL);
940 			goto out;
941 		}
942 	}
943 
944 	if (ktrpoint(KTR_GENIO) && iovsz > 0) {
945 		ktriov = kmem_alloc(iovsz, KM_SLEEP);
946 		memcpy(ktriov, auio.uio_iov, iovsz);
947 	}
948 
949 	len = auio.uio_resid;
950 	mp->msg_flags &= MSG_USERFLAGS;
951 	error = (*so->so_receive)(so, from, &auio, NULL, control,
952 	    &mp->msg_flags);
953 	KASSERT(*from == NULL || (*from)->m_next == NULL);
954 	len -= auio.uio_resid;
955 	*retsize = len;
956 	if (error != 0 && len != 0
957 	    && (error == ERESTART || error == EINTR || error == EWOULDBLOCK))
958 		/* Some data transferred */
959 		error = 0;
960 
961 	if (ktriov != NULL) {
962 		ktrgeniov(s, UIO_READ, ktriov, len, error);
963 		kmem_free(ktriov, iovsz);
964 	}
965 
966 	if (error != 0) {
967 		m_freem(*from);
968 		*from = NULL;
969 		if (control != NULL) {
970 			free_control_mbuf(l, *control, *control);
971 			*control = NULL;
972 		}
973 	}
974  out:
975 	if (iov != aiov)
976 		kmem_free(iov, iovsz);
977 	return error;
978 }
979 
980 
981 int
982 do_sys_recvmsg(struct lwp *l, int s, struct msghdr *mp,
983     struct mbuf **from, struct mbuf **control, register_t *retsize)
984 {
985 	int error;
986 	struct socket *so;
987 
988 	if ((error = fd_getsock(s, &so)) != 0)
989 		return error;
990 	error = do_sys_recvmsg_so(l, s, so, mp, from, control, retsize);
991 	fd_putfile(s);
992 	return error;
993 }
994 
995 int
996 sys_recvmmsg(struct lwp *l, const struct sys_recvmmsg_args *uap,
997     register_t *retval)
998 {
999 	/* {
1000 		syscallarg(int)			s;
1001 		syscallarg(struct mmsghdr *)	mmsg;
1002 		syscallarg(unsigned int)	vlen;
1003 		syscallarg(unsigned int)	flags;
1004 		syscallarg(struct timespec *)	timeout;
1005 	} */
1006 	struct mmsghdr mmsg;
1007 	struct socket *so;
1008 	struct msghdr *msg = &mmsg.msg_hdr;
1009 	int error, s;
1010 	struct mbuf *from, *control;
1011 	struct timespec ts, now;
1012 	unsigned int vlen, flags, dg;
1013 
1014 	if (SCARG(uap, timeout)) {
1015 		if ((error = copyin(SCARG(uap, timeout), &ts, sizeof(ts))) != 0)
1016 			return error;
1017 		if (ts.tv_nsec < 0 || ts.tv_nsec >= 1000000000L)
1018 			return SET_ERROR(EINVAL);
1019 		getnanotime(&now);
1020 		if (timespecaddok(&now, &ts)) {
1021 			timespecadd(&now, &ts, &ts);
1022 		} else {
1023 			ts.tv_sec = __type_max(time_t);
1024 			ts.tv_nsec = 999999999L;
1025 		}
1026 	}
1027 
1028 	s = SCARG(uap, s);
1029 	if ((error = fd_getsock(s, &so)) != 0)
1030 		return error;
1031 
1032 	/*
1033 	 * If so->so_rerror holds a deferred error return it now.
1034 	 */
1035 	if (so->so_rerror) {
1036 		error = SET_ERROR(so->so_rerror);
1037 		so->so_rerror = 0;
1038 		fd_putfile(s);
1039 		return error;
1040 	}
1041 
1042 	vlen = SCARG(uap, vlen);
1043 	if (vlen > 1024)
1044 		vlen = 1024;
1045 
1046 	from = NULL;
1047 	flags = (SCARG(uap, flags) & MSG_USERFLAGS) | MSG_IOVUSRSPACE;
1048 
1049 	for (dg = 0; dg < vlen;) {
1050 		error = copyin(SCARG(uap, mmsg) + dg, &mmsg, sizeof(mmsg));
1051 		if (error)
1052 			break;
1053 
1054 		msg->msg_flags = flags & ~MSG_WAITFORONE;
1055 
1056 		if (from != NULL) {
1057 			m_free(from);
1058 			from = NULL;
1059 		}
1060 
1061 		error = do_sys_recvmsg_so(l, s, so, msg, &from,
1062 		    msg->msg_control != NULL ? &control : NULL, retval);
1063 		if (error) {
1064 			if (error == EAGAIN && dg > 0)
1065 				error = 0;
1066 			break;
1067 		}
1068 
1069 		if (msg->msg_control != NULL)
1070 			error = copyout_msg_control(l, msg, control);
1071 		if (error)
1072 			break;
1073 
1074 		error = copyout_sockname(msg->msg_name, &msg->msg_namelen, 0,
1075 		    from);
1076 		if (error)
1077 			break;
1078 
1079 		ktrkuser("msghdr", msg, sizeof *msg);
1080 		mmsg.msg_len = *retval;
1081 
1082 		error = copyout(&mmsg, SCARG(uap, mmsg) + dg, sizeof(mmsg));
1083 		if (error)
1084 			break;
1085 
1086 		dg++;
1087 		if (msg->msg_flags & MSG_OOB)
1088 			break;
1089 
1090 		if (SCARG(uap, timeout)) {
1091 			getnanotime(&now);
1092 			if (timespeccmp(&ts, &now, <))
1093 				break;
1094 		}
1095 
1096 		if (flags & MSG_WAITFORONE)
1097 			flags |= MSG_DONTWAIT;
1098 
1099 	}
1100 
1101 	if (from != NULL)
1102 		m_free(from);
1103 
1104 	*retval = dg;
1105 
1106 	/*
1107 	 * If we succeeded at least once, return 0, hopefully so->so_rerror
1108 	 * will catch it next time.
1109 	 */
1110 	if (error && dg > 0) {
1111 		so->so_rerror = error;
1112 		error = 0;
1113 	}
1114 
1115 	fd_putfile(s);
1116 
1117 	return error;
1118 }
1119 
1120 int
1121 sys_shutdown(struct lwp *l, const struct sys_shutdown_args *uap,
1122     register_t *retval)
1123 {
1124 	/* {
1125 		syscallarg(int)	s;
1126 		syscallarg(int)	how;
1127 	} */
1128 	struct socket	*so;
1129 	int		error;
1130 
1131 	if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
1132 		return error;
1133 	solock(so);
1134 	error = soshutdown(so, SCARG(uap, how));
1135 	sounlock(so);
1136 	fd_putfile(SCARG(uap, s));
1137 	return error;
1138 }
1139 
1140 int
1141 sys_setsockopt(struct lwp *l, const struct sys_setsockopt_args *uap,
1142     register_t *retval)
1143 {
1144 	/* {
1145 		syscallarg(int)			s;
1146 		syscallarg(int)			level;
1147 		syscallarg(int)			name;
1148 		syscallarg(const void *)	val;
1149 		syscallarg(unsigned int)	valsize;
1150 	} */
1151 	struct sockopt	sopt;
1152 	struct socket	*so;
1153 	file_t		*fp;
1154 	int		error;
1155 	unsigned int	len;
1156 
1157 	len = SCARG(uap, valsize);
1158 	if (len > 0 && SCARG(uap, val) == NULL)
1159 		return SET_ERROR(EINVAL);
1160 
1161 	if (len > MCLBYTES)
1162 		return SET_ERROR(EINVAL);
1163 
1164 	if ((error = fd_getsock1(SCARG(uap, s), &so, &fp)) != 0)
1165 		return (error);
1166 
1167 	sockopt_init(&sopt, SCARG(uap, level), SCARG(uap, name), len);
1168 
1169 	if (len > 0) {
1170 		error = copyin(SCARG(uap, val), sopt.sopt_data, len);
1171 		if (error)
1172 			goto out;
1173 	}
1174 
1175 	error = sosetopt(so, &sopt);
1176 	if (so->so_options & SO_NOSIGPIPE)
1177 		atomic_or_uint(&fp->f_flag, FNOSIGPIPE);
1178 	else
1179 		atomic_and_uint(&fp->f_flag, ~FNOSIGPIPE);
1180 
1181  out:
1182 	sockopt_destroy(&sopt);
1183 	fd_putfile(SCARG(uap, s));
1184 	return error;
1185 }
1186 
1187 static int
1188 getsockopt(struct lwp *l, const struct sys_getsockopt_args *uap,
1189     register_t *retval, bool copyarg)
1190 {
1191 	struct sockopt	sopt;
1192 	struct socket	*so;
1193 	file_t		*fp;
1194 	unsigned int	valsize, len;
1195 	int		error;
1196 
1197 	if (SCARG(uap, val) != NULL) {
1198 		error = copyin(SCARG(uap, avalsize), &valsize, sizeof(valsize));
1199 		if (error)
1200 			return error;
1201 	} else
1202 		valsize = 0;
1203 
1204 	if (valsize > MCLBYTES)
1205 		return SET_ERROR(EINVAL);
1206 
1207 	if ((error = fd_getsock1(SCARG(uap, s), &so, &fp)) != 0)
1208 		return error;
1209 
1210 	sockopt_init(&sopt, SCARG(uap, level), SCARG(uap, name), valsize);
1211 	if (copyarg && valsize > 0) {
1212 		error = copyin(SCARG(uap, val), sopt.sopt_data, valsize);
1213 		if (error)
1214 			goto out;
1215 	}
1216 
1217 	if (fp->f_flag & FNOSIGPIPE)
1218 		so->so_options |= SO_NOSIGPIPE;
1219 	else
1220 		so->so_options &= ~SO_NOSIGPIPE;
1221 
1222 	error = sogetopt(so, &sopt);
1223 	if (error || valsize == 0)
1224 		goto out;
1225 
1226 	len = uimin(valsize, sopt.sopt_retsize);
1227 	error = copyout(sopt.sopt_data, SCARG(uap, val), len);
1228 	if (error)
1229 		goto out;
1230 
1231 	error = copyout(&len, SCARG(uap, avalsize), sizeof(len));
1232  out:
1233 	sockopt_destroy(&sopt);
1234 	fd_putfile(SCARG(uap, s));
1235 	return error;
1236 }
1237 
1238 int
1239 sys_getsockopt(struct lwp *l, const struct sys_getsockopt_args *uap,
1240     register_t *retval)
1241 {
1242 	/* {
1243 		syscallarg(int)			s;
1244 		syscallarg(int)			level;
1245 		syscallarg(int)			name;
1246 		syscallarg(void *)		val;
1247 		syscallarg(unsigned int *)	avalsize;
1248 	} */
1249 	return getsockopt(l, uap, retval, false);
1250 }
1251 
1252 int
1253 sys_getsockopt2(struct lwp *l, const struct sys_getsockopt2_args *uap,
1254     register_t *retval)
1255 {
1256 	/* {
1257 		syscallarg(int)			s;
1258 		syscallarg(int)			level;
1259 		syscallarg(int)			name;
1260 		syscallarg(void *)		val;
1261 		syscallarg(unsigned int *)	avalsize;
1262 	} */
1263 	return getsockopt(l, (const struct sys_getsockopt_args *) uap, retval, true);
1264 }
1265 
1266 #ifdef PIPE_SOCKETPAIR
1267 
1268 int
1269 pipe1(struct lwp *l, int *fildes, int flags)
1270 {
1271 	file_t		*rf, *wf;
1272 	struct socket	*rso, *wso;
1273 	int		error, soflags = 0;
1274 	unsigned	rfd, wfd;
1275 	proc_t		*p = l->l_proc;
1276 
1277 	if (flags & ~(O_CLOEXEC|O_NONBLOCK|O_NOSIGPIPE))
1278 		return SET_ERROR(EINVAL);
1279 	if (flags & O_CLOEXEC)
1280 		soflags |= SOCK_CLOEXEC;
1281 	if (flags & O_NONBLOCK)
1282 		soflags |= SOCK_NONBLOCK;
1283 	if (flags & O_NOSIGPIPE)
1284 		soflags |= SOCK_NOSIGPIPE;
1285 
1286 	error = fsocreate(AF_LOCAL, &rso, SOCK_STREAM|soflags, 0, &rfd, &rf,
1287 	    NULL);
1288 	if (error)
1289 		goto free1;
1290 	error = fsocreate(AF_LOCAL, &wso, SOCK_STREAM|soflags, 0, &wfd, &wf,
1291 	    rso);
1292 	if (error)
1293 		goto free2;
1294 
1295 	/* make sure the descriptors are uni-directional */
1296 	rf->f_type = rf->f_type & ~(FWRITE);
1297 	wf->f_type = wf->f_type & ~(FREAD);
1298 
1299 	/* remember this socket pair implements a pipe */
1300 	rso->so_state |= SS_ISAPIPE;
1301 	wso->so_state |= SS_ISAPIPE;
1302 
1303 	solock(wso);
1304 	/*
1305 	 * Pipes must be readable when there is at least 1
1306 	 * byte of data available in the receive buffer.
1307 	 *
1308 	 * Pipes must be writable when there is space for
1309 	 * at least PIPE_BUF bytes in the send buffer.
1310 	 * If we're increasing the low water mark for the
1311 	 * send buffer, then mimic how soreserve() would
1312 	 * have set the high water mark.
1313 	 */
1314 	rso->so_rcv.sb_lowat = 1;
1315 	if (wso->so_snd.sb_lowat < PIPE_BUF) {
1316 		wso->so_snd.sb_hiwat = PIPE_BUF * 2;
1317 	}
1318 	wso->so_snd.sb_lowat = PIPE_BUF;
1319 	error = unp_connect2(wso, rso);
1320 	sounlock(wso);
1321 
1322 	if (error != 0)
1323 		goto free3;
1324 
1325 	fd_affix(p, wf, wfd);
1326 	fd_affix(p, rf, rfd);
1327 	fildes[0] = rfd;
1328 	fildes[1] = wfd;
1329 	return (0);
1330  free3:
1331 	(void)soclose(wso);
1332 	fd_abort(p, wf, wfd);
1333  free2:
1334 	(void)soclose(rso);
1335 	fd_abort(p, rf, rfd);
1336  free1:
1337 	return error;
1338 }
1339 #endif /* PIPE_SOCKETPAIR */
1340 
1341 /*
1342  * Get peer socket name.
1343  */
1344 int
1345 do_sys_getpeername(int fd, struct sockaddr *nam)
1346 {
1347 	struct socket	*so;
1348 	int		error;
1349 
1350 	if ((error = fd_getsock(fd, &so)) != 0)
1351 		return error;
1352 
1353 	solock(so);
1354 	if ((so->so_state & SS_ISCONNECTED) == 0)
1355 		error = SET_ERROR(ENOTCONN);
1356 	else {
1357 		error = (*so->so_proto->pr_usrreqs->pr_peeraddr)(so, nam);
1358 	}
1359 	sounlock(so);
1360 	fd_putfile(fd);
1361 	return error;
1362 }
1363 
1364 /*
1365  * Get local socket name.
1366  */
1367 int
1368 do_sys_getsockname(int fd, struct sockaddr *nam)
1369 {
1370 	struct socket	*so;
1371 	int		error;
1372 
1373 	if ((error = fd_getsock(fd, &so)) != 0)
1374 		return error;
1375 
1376 	solock(so);
1377 	error = (*so->so_proto->pr_usrreqs->pr_sockaddr)(so, nam);
1378 	sounlock(so);
1379 	fd_putfile(fd);
1380 	return error;
1381 }
1382 
1383 int
1384 copyout_sockname_sb(struct sockaddr *asa, unsigned int *alen, int flags,
1385     struct sockaddr_big *addr)
1386 {
1387 	unsigned int len;
1388 	int error;
1389 
1390 	if (asa == NULL)
1391 		/* Assume application not interested */
1392 		return 0;
1393 
1394 	if (flags & MSG_LENUSRSPACE) {
1395 		error = copyin(alen, &len, sizeof(len));
1396 		if (error)
1397 			return error;
1398 	} else
1399 		len = *alen;
1400 
1401 	if (addr == NULL) {
1402 		len = 0;
1403 		error = 0;
1404 	} else {
1405 		if (len > addr->sb_len)
1406 			len = addr->sb_len;
1407 		/* XXX addr isn't an mbuf... */
1408 		ktrkuser(mbuftypes[MT_SONAME], addr, len);
1409 		error = copyout(addr, asa, len);
1410 	}
1411 
1412 	if (error == 0) {
1413 		if (flags & MSG_LENUSRSPACE)
1414 			error = copyout(&len, alen, sizeof(len));
1415 		else
1416 			*alen = len;
1417 	}
1418 
1419 	return error;
1420 }
1421 
1422 int
1423 copyout_sockname(struct sockaddr *asa, unsigned int *alen, int flags,
1424     struct mbuf *addr)
1425 {
1426 	int len;
1427 	int error;
1428 
1429 	if (asa == NULL)
1430 		/* Assume application not interested */
1431 		return 0;
1432 
1433 	if (flags & MSG_LENUSRSPACE) {
1434 		error = copyin(alen, &len, sizeof(len));
1435 		if (error)
1436 			return error;
1437 	} else
1438 		len = *alen;
1439 	if (len < 0)
1440 		return SET_ERROR(EINVAL);
1441 
1442 	if (addr == NULL) {
1443 		len = 0;
1444 		error = 0;
1445 	} else {
1446 		if (len > addr->m_len)
1447 			len = addr->m_len;
1448 		/* Maybe this ought to copy a chain ? */
1449 		ktrkuser(mbuftypes[MT_SONAME], mtod(addr, void *), len);
1450 		error = copyout(mtod(addr, void *), asa, len);
1451 	}
1452 
1453 	if (error == 0) {
1454 		if (flags & MSG_LENUSRSPACE)
1455 			error = copyout(&len, alen, sizeof(len));
1456 		else
1457 			*alen = len;
1458 	}
1459 
1460 	return error;
1461 }
1462 
1463 /*
1464  * Get socket name.
1465  */
1466 int
1467 sys_getsockname(struct lwp *l, const struct sys_getsockname_args *uap,
1468     register_t *retval)
1469 {
1470 	/* {
1471 		syscallarg(int)			fdes;
1472 		syscallarg(struct sockaddr *)	asa;
1473 		syscallarg(unsigned int *)	alen;
1474 	} */
1475 	struct sockaddr_big sbig;
1476 	int		    error;
1477 
1478 	sbig.sb_len = UCHAR_MAX;
1479 	error = do_sys_getsockname(SCARG(uap, fdes), (struct sockaddr *)&sbig);
1480 	if (error != 0)
1481 		return error;
1482 
1483 	error = copyout_sockname_sb(SCARG(uap, asa), SCARG(uap, alen),
1484 	    MSG_LENUSRSPACE, &sbig);
1485 	return error;
1486 }
1487 
1488 /*
1489  * Get name of peer for connected socket.
1490  */
1491 int
1492 sys_getpeername(struct lwp *l, const struct sys_getpeername_args *uap,
1493     register_t *retval)
1494 {
1495 	/* {
1496 		syscallarg(int)			fdes;
1497 		syscallarg(struct sockaddr *)	asa;
1498 		syscallarg(unsigned int *)	alen;
1499 	} */
1500 	struct sockaddr_big sbig;
1501 	int		    error;
1502 
1503 	sbig.sb_len = UCHAR_MAX;
1504 	error = do_sys_getpeername(SCARG(uap, fdes), (struct sockaddr *)&sbig);
1505 	if (error != 0)
1506 		return error;
1507 
1508 	error = copyout_sockname_sb(SCARG(uap, asa), SCARG(uap, alen),
1509 	    MSG_LENUSRSPACE, &sbig);
1510 	return error;
1511 }
1512 
1513 static int
1514 sockargs_sb(struct sockaddr_big *sb, const void *name, socklen_t buflen)
1515 {
1516 	int error;
1517 
1518 	/*
1519 	 * We can't allow socket names > UCHAR_MAX in length, since that
1520 	 * will overflow sb_len. Further no reasonable buflen is <=
1521 	 * offsetof(sockaddr_big, sb_data) since it shall be at least
1522 	 * the size of the preamble sb_len and sb_family members.
1523 	 */
1524 	if (buflen > UCHAR_MAX ||
1525 	    buflen <= offsetof(struct sockaddr_big, sb_data))
1526 		return SET_ERROR(EINVAL);
1527 
1528 	error = copyin(name, (void *)sb, buflen);
1529 	if (error)
1530 		return error;
1531 
1532 	ktrkuser(mbuftypes[MT_SONAME], sb, buflen);
1533 #if BYTE_ORDER != BIG_ENDIAN
1534 	/*
1535 	 * 4.3BSD compat thing - need to stay, since bind(2),
1536 	 * connect(2), sendto(2) were not versioned for COMPAT_43.
1537 	 */
1538 	if (sb->sb_family == 0 && sb->sb_len < AF_MAX)
1539 		sb->sb_family = sb->sb_len;
1540 #endif
1541 	sb->sb_len = buflen;
1542 	return 0;
1543 }
1544 
1545 /*
1546  * XXX In a perfect world, we wouldn't pass around socket control
1547  * XXX arguments in mbufs, and this could go away.
1548  */
1549 int
1550 sockargs(struct mbuf **mp, const void *bf, size_t buflen, enum uio_seg seg,
1551     int type)
1552 {
1553 	struct mbuf	*m;
1554 	int		error;
1555 
1556 	/*
1557 	 * We can't allow socket names > UCHAR_MAX in length, since that
1558 	 * will overflow sa_len.  Control data more than a page size in
1559 	 * length is just too much.
1560 	 */
1561 	if (buflen > (type == MT_SONAME ? UCHAR_MAX : PAGE_SIZE))
1562 		return SET_ERROR(EINVAL);
1563 
1564 	/*
1565 	 * length must greater than sizeof(sa_family) + sizeof(sa_len)
1566 	 */
1567 	if (type == MT_SONAME && buflen <= 2)
1568 		return SET_ERROR(EINVAL);
1569 
1570 	/* Allocate an mbuf to hold the arguments. */
1571 	m = m_get(M_WAIT, type);
1572 	/* can't claim.  don't who to assign it to. */
1573 	if (buflen > MLEN) {
1574 		/*
1575 		 * Won't fit into a regular mbuf, so we allocate just
1576 		 * enough external storage to hold the argument.
1577 		 */
1578 		MEXTMALLOC(m, buflen, M_WAITOK);
1579 	}
1580 	m->m_len = buflen;
1581 	if (seg == UIO_USERSPACE) {
1582 		error = copyin(bf, mtod(m, void *), buflen);
1583 		if (error) {
1584 			(void)m_free(m);
1585 			return error;
1586 		}
1587 	} else {
1588 		memcpy(mtod(m, void *), bf, buflen);
1589 	}
1590 	*mp = m;
1591 	switch (type) {
1592 	case MT_SONAME:
1593 		ktrkuser(mbuftypes[type], mtod(m, void *), buflen);
1594 
1595 		struct sockaddr *sa = mtod(m, struct sockaddr *);
1596 #if BYTE_ORDER != BIG_ENDIAN
1597 		/*
1598 		 * 4.3BSD compat thing - need to stay, since bind(2),
1599 		 * connect(2), sendto(2) were not versioned for COMPAT_43.
1600 		 */
1601 		if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1602 			sa->sa_family = sa->sa_len;
1603 #endif
1604 		sa->sa_len = buflen;
1605 		return 0;
1606 	case MT_CONTROL:
1607 		if (!KTRPOINT(curproc, KTR_USER))
1608 			return 0;
1609 
1610 		struct msghdr mhdr;
1611 		mhdr.msg_control = mtod(m, void *);
1612 		mhdr.msg_controllen = buflen;
1613 		for (struct cmsghdr *cmsg = CMSG_FIRSTHDR(&mhdr); cmsg;
1614 		    cmsg = CMSG_NXTHDR(&mhdr, cmsg)) {
1615 			KASSERT(((char *)cmsg - mtod(m, char *)) <= buflen);
1616 			if (cmsg->cmsg_len >
1617 			    buflen - ((char *)cmsg - mtod(m, char *)))
1618 				break;
1619 			ktrkuser(mbuftypes[type], cmsg, cmsg->cmsg_len);
1620 		}
1621 		return 0;
1622 	default:
1623 		return SET_ERROR(EINVAL);
1624 	}
1625 }
1626 
1627 int
1628 do_sys_peeloff(struct socket *head, void *data)
1629 {
1630 #ifdef SCTP
1631 	/*file_t *lfp = NULL;*/
1632 	file_t *nfp = NULL;
1633 	int error;
1634 	struct socket *so;
1635 	int fd;
1636 	uint32_t name;
1637 	/*short fflag;*/		/* type must match fp->f_flag */
1638 
1639 	name = *(uint32_t *) data;
1640 	error = sctp_can_peel_off(head, name);
1641 	if (error) {
1642 		printf("peeloff failed\n");
1643 		return error;
1644 	}
1645 	/*
1646 	 * At this point we know we do have a assoc to pull
1647 	 * we proceed to get the fd setup. This may block
1648 	 * but that is ok.
1649 	 */
1650 	error = fd_allocfile(&nfp, &fd);
1651 	if (error) {
1652 		/*
1653 		 * Probably ran out of file descriptors. Put the
1654 		 * unaccepted connection back onto the queue and
1655 		 * do another wakeup so some other process might
1656 		 * have a chance at it.
1657 		 */
1658 		return error;
1659 	}
1660 	*(int *) data = fd;
1661 
1662 	so = sctp_get_peeloff(head, name, &error);
1663 	if (so == NULL) {
1664 		/*
1665 		 * Either someone else peeled it off OR
1666 		 * we can't get a socket.
1667 		 * close the new descriptor, assuming someone hasn't ripped it
1668 		 * out from under us.
1669 		 */
1670 		mutex_enter(&nfp->f_lock);
1671 		nfp->f_count++;
1672 		mutex_exit(&nfp->f_lock);
1673 		fd_abort(curlwp->l_proc, nfp, fd);
1674 		return error;
1675 	}
1676 	so->so_state &= ~SS_NOFDREF;
1677 	so->so_state &= ~SS_ISCONNECTING;
1678 	so->so_head = NULL;
1679 	so->so_cred = kauth_cred_hold(head->so_cred);
1680 	nfp->f_socket = so;
1681 	nfp->f_flag = FREAD|FWRITE;
1682 	nfp->f_ops = &socketops;
1683 	nfp->f_type = DTYPE_SOCKET;
1684 
1685 	fd_affix(curlwp->l_proc, nfp, fd);
1686 
1687 	return error;
1688 #else
1689 	return SET_ERROR(EOPNOTSUPP);
1690 #endif
1691 }
1692