1 /* 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * @(#)sys_generic.c 8.5 (Berkeley) 1/21/94 39 * $FreeBSD: src/sys/kern/sys_generic.c,v 1.55.2.10 2001/03/17 10:39:32 peter Exp $ 40 * $DragonFly: src/sys/kern/sys_generic.c,v 1.49 2008/05/05 22:09:44 dillon Exp $ 41 */ 42 43 #include "opt_ktrace.h" 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/sysproto.h> 48 #include <sys/event.h> 49 #include <sys/filedesc.h> 50 #include <sys/filio.h> 51 #include <sys/fcntl.h> 52 #include <sys/file.h> 53 #include <sys/proc.h> 54 #include <sys/signalvar.h> 55 #include <sys/socketvar.h> 56 #include <sys/uio.h> 57 #include <sys/kernel.h> 58 #include <sys/kern_syscall.h> 59 #include <sys/malloc.h> 60 #include <sys/mapped_ioctl.h> 61 #include <sys/poll.h> 62 #include <sys/queue.h> 63 #include <sys/resourcevar.h> 64 #include <sys/socketops.h> 65 #include <sys/sysctl.h> 66 #include <sys/sysent.h> 67 #include <sys/buf.h> 68 #ifdef KTRACE 69 #include <sys/ktrace.h> 70 #endif 71 #include <vm/vm.h> 72 #include <vm/vm_page.h> 73 74 #include <sys/file2.h> 75 #include <sys/mplock2.h> 76 #include <sys/spinlock2.h> 77 78 #include <machine/limits.h> 79 80 static MALLOC_DEFINE(M_IOCTLOPS, "ioctlops", "ioctl data buffer"); 81 static MALLOC_DEFINE(M_IOCTLMAP, "ioctlmap", "mapped ioctl handler buffer"); 82 static MALLOC_DEFINE(M_SELECT, "select", "select() buffer"); 83 MALLOC_DEFINE(M_IOV, "iov", "large iov's"); 84 85 typedef struct kfd_set { 86 fd_mask fds_bits[2]; 87 } kfd_set; 88 89 enum select_copyin_states { 90 COPYIN_READ, COPYIN_WRITE, COPYIN_EXCEPT, COPYIN_DONE }; 91 92 struct select_kevent_copyin_args { 93 kfd_set *read_set; 94 kfd_set *write_set; 95 kfd_set *except_set; 96 int active_set; /* One of select_copyin_states */ 97 struct lwp *lwp; /* Pointer to our lwp */ 98 int num_fds; /* Number of file descriptors (syscall arg) */ 99 int proc_fds; /* Processed fd's (wraps) */ 100 int error; /* Returned to userland */ 101 }; 102 103 struct poll_kevent_copyin_args { 104 struct lwp *lwp; 105 struct pollfd *fds; 106 int nfds; 107 int pfds; 108 int error; 109 }; 110 111 static int doselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, 112 struct timespec *ts, int *res); 113 static int dopoll(int nfds, struct pollfd *fds, struct timespec *ts, 114 int *res); 115 static int dofileread(int, struct file *, struct uio *, int, size_t *); 116 static int dofilewrite(int, struct file *, struct uio *, int, size_t *); 117 118 /* 119 * Read system call. 120 * 121 * MPSAFE 122 */ 123 int 124 sys_read(struct read_args *uap) 125 { 126 struct thread *td = curthread; 127 struct uio auio; 128 struct iovec aiov; 129 int error; 130 131 if ((ssize_t)uap->nbyte < 0) 132 error = EINVAL; 133 134 aiov.iov_base = uap->buf; 135 aiov.iov_len = uap->nbyte; 136 auio.uio_iov = &aiov; 137 auio.uio_iovcnt = 1; 138 auio.uio_offset = -1; 139 auio.uio_resid = uap->nbyte; 140 auio.uio_rw = UIO_READ; 141 auio.uio_segflg = UIO_USERSPACE; 142 auio.uio_td = td; 143 144 error = kern_preadv(uap->fd, &auio, 0, &uap->sysmsg_szresult); 145 return(error); 146 } 147 148 /* 149 * Positioned (Pread) read system call 150 * 151 * MPSAFE 152 */ 153 int 154 sys_extpread(struct extpread_args *uap) 155 { 156 struct thread *td = curthread; 157 struct uio auio; 158 struct iovec aiov; 159 int error; 160 int flags; 161 162 if ((ssize_t)uap->nbyte < 0) 163 return(EINVAL); 164 165 aiov.iov_base = uap->buf; 166 aiov.iov_len = uap->nbyte; 167 auio.uio_iov = &aiov; 168 auio.uio_iovcnt = 1; 169 auio.uio_offset = uap->offset; 170 auio.uio_resid = uap->nbyte; 171 auio.uio_rw = UIO_READ; 172 auio.uio_segflg = UIO_USERSPACE; 173 auio.uio_td = td; 174 175 flags = uap->flags & O_FMASK; 176 if (uap->offset != (off_t)-1) 177 flags |= O_FOFFSET; 178 179 error = kern_preadv(uap->fd, &auio, flags, &uap->sysmsg_szresult); 180 return(error); 181 } 182 183 /* 184 * Scatter read system call. 185 * 186 * MPSAFE 187 */ 188 int 189 sys_readv(struct readv_args *uap) 190 { 191 struct thread *td = curthread; 192 struct uio auio; 193 struct iovec aiov[UIO_SMALLIOV], *iov = NULL; 194 int error; 195 196 error = iovec_copyin(uap->iovp, &iov, aiov, uap->iovcnt, 197 &auio.uio_resid); 198 if (error) 199 return (error); 200 auio.uio_iov = iov; 201 auio.uio_iovcnt = uap->iovcnt; 202 auio.uio_offset = -1; 203 auio.uio_rw = UIO_READ; 204 auio.uio_segflg = UIO_USERSPACE; 205 auio.uio_td = td; 206 207 error = kern_preadv(uap->fd, &auio, 0, &uap->sysmsg_szresult); 208 209 iovec_free(&iov, aiov); 210 return (error); 211 } 212 213 214 /* 215 * Scatter positioned read system call. 216 * 217 * MPSAFE 218 */ 219 int 220 sys_extpreadv(struct extpreadv_args *uap) 221 { 222 struct thread *td = curthread; 223 struct uio auio; 224 struct iovec aiov[UIO_SMALLIOV], *iov = NULL; 225 int error; 226 int flags; 227 228 error = iovec_copyin(uap->iovp, &iov, aiov, uap->iovcnt, 229 &auio.uio_resid); 230 if (error) 231 return (error); 232 auio.uio_iov = iov; 233 auio.uio_iovcnt = uap->iovcnt; 234 auio.uio_offset = uap->offset; 235 auio.uio_rw = UIO_READ; 236 auio.uio_segflg = UIO_USERSPACE; 237 auio.uio_td = td; 238 239 flags = uap->flags & O_FMASK; 240 if (uap->offset != (off_t)-1) 241 flags |= O_FOFFSET; 242 243 error = kern_preadv(uap->fd, &auio, flags, &uap->sysmsg_szresult); 244 245 iovec_free(&iov, aiov); 246 return(error); 247 } 248 249 /* 250 * MPSAFE 251 */ 252 int 253 kern_preadv(int fd, struct uio *auio, int flags, size_t *res) 254 { 255 struct thread *td = curthread; 256 struct proc *p = td->td_proc; 257 struct file *fp; 258 int error; 259 260 KKASSERT(p); 261 262 fp = holdfp(p->p_fd, fd, FREAD); 263 if (fp == NULL) 264 return (EBADF); 265 if (flags & O_FOFFSET && fp->f_type != DTYPE_VNODE) { 266 error = ESPIPE; 267 } else { 268 error = dofileread(fd, fp, auio, flags, res); 269 } 270 fdrop(fp); 271 return(error); 272 } 273 274 /* 275 * Common code for readv and preadv that reads data in 276 * from a file using the passed in uio, offset, and flags. 277 * 278 * MPALMOSTSAFE - ktrace needs help 279 */ 280 static int 281 dofileread(int fd, struct file *fp, struct uio *auio, int flags, size_t *res) 282 { 283 int error; 284 size_t len; 285 #ifdef KTRACE 286 struct thread *td = curthread; 287 struct iovec *ktriov = NULL; 288 struct uio ktruio; 289 #endif 290 291 #ifdef KTRACE 292 /* 293 * if tracing, save a copy of iovec 294 */ 295 if (KTRPOINT(td, KTR_GENIO)) { 296 int iovlen = auio->uio_iovcnt * sizeof(struct iovec); 297 298 MALLOC(ktriov, struct iovec *, iovlen, M_TEMP, M_WAITOK); 299 bcopy((caddr_t)auio->uio_iov, (caddr_t)ktriov, iovlen); 300 ktruio = *auio; 301 } 302 #endif 303 len = auio->uio_resid; 304 error = fo_read(fp, auio, fp->f_cred, flags); 305 if (error) { 306 if (auio->uio_resid != len && (error == ERESTART || 307 error == EINTR || error == EWOULDBLOCK)) 308 error = 0; 309 } 310 #ifdef KTRACE 311 if (ktriov != NULL) { 312 if (error == 0) { 313 ktruio.uio_iov = ktriov; 314 ktruio.uio_resid = len - auio->uio_resid; 315 get_mplock(); 316 ktrgenio(td->td_lwp, fd, UIO_READ, &ktruio, error); 317 rel_mplock(); 318 } 319 FREE(ktriov, M_TEMP); 320 } 321 #endif 322 if (error == 0) 323 *res = len - auio->uio_resid; 324 325 return(error); 326 } 327 328 /* 329 * Write system call 330 * 331 * MPSAFE 332 */ 333 int 334 sys_write(struct write_args *uap) 335 { 336 struct thread *td = curthread; 337 struct uio auio; 338 struct iovec aiov; 339 int error; 340 341 if ((ssize_t)uap->nbyte < 0) 342 error = EINVAL; 343 344 aiov.iov_base = (void *)(uintptr_t)uap->buf; 345 aiov.iov_len = uap->nbyte; 346 auio.uio_iov = &aiov; 347 auio.uio_iovcnt = 1; 348 auio.uio_offset = -1; 349 auio.uio_resid = uap->nbyte; 350 auio.uio_rw = UIO_WRITE; 351 auio.uio_segflg = UIO_USERSPACE; 352 auio.uio_td = td; 353 354 error = kern_pwritev(uap->fd, &auio, 0, &uap->sysmsg_szresult); 355 356 return(error); 357 } 358 359 /* 360 * Pwrite system call 361 * 362 * MPSAFE 363 */ 364 int 365 sys_extpwrite(struct extpwrite_args *uap) 366 { 367 struct thread *td = curthread; 368 struct uio auio; 369 struct iovec aiov; 370 int error; 371 int flags; 372 373 if ((ssize_t)uap->nbyte < 0) 374 error = EINVAL; 375 376 aiov.iov_base = (void *)(uintptr_t)uap->buf; 377 aiov.iov_len = uap->nbyte; 378 auio.uio_iov = &aiov; 379 auio.uio_iovcnt = 1; 380 auio.uio_offset = uap->offset; 381 auio.uio_resid = uap->nbyte; 382 auio.uio_rw = UIO_WRITE; 383 auio.uio_segflg = UIO_USERSPACE; 384 auio.uio_td = td; 385 386 flags = uap->flags & O_FMASK; 387 if (uap->offset != (off_t)-1) 388 flags |= O_FOFFSET; 389 error = kern_pwritev(uap->fd, &auio, flags, &uap->sysmsg_szresult); 390 return(error); 391 } 392 393 /* 394 * MPSAFE 395 */ 396 int 397 sys_writev(struct writev_args *uap) 398 { 399 struct thread *td = curthread; 400 struct uio auio; 401 struct iovec aiov[UIO_SMALLIOV], *iov = NULL; 402 int error; 403 404 error = iovec_copyin(uap->iovp, &iov, aiov, uap->iovcnt, 405 &auio.uio_resid); 406 if (error) 407 return (error); 408 auio.uio_iov = iov; 409 auio.uio_iovcnt = uap->iovcnt; 410 auio.uio_offset = -1; 411 auio.uio_rw = UIO_WRITE; 412 auio.uio_segflg = UIO_USERSPACE; 413 auio.uio_td = td; 414 415 error = kern_pwritev(uap->fd, &auio, 0, &uap->sysmsg_szresult); 416 417 iovec_free(&iov, aiov); 418 return (error); 419 } 420 421 422 /* 423 * Gather positioned write system call 424 * 425 * MPSAFE 426 */ 427 int 428 sys_extpwritev(struct extpwritev_args *uap) 429 { 430 struct thread *td = curthread; 431 struct uio auio; 432 struct iovec aiov[UIO_SMALLIOV], *iov = NULL; 433 int error; 434 int flags; 435 436 error = iovec_copyin(uap->iovp, &iov, aiov, uap->iovcnt, 437 &auio.uio_resid); 438 if (error) 439 return (error); 440 auio.uio_iov = iov; 441 auio.uio_iovcnt = uap->iovcnt; 442 auio.uio_offset = uap->offset; 443 auio.uio_rw = UIO_WRITE; 444 auio.uio_segflg = UIO_USERSPACE; 445 auio.uio_td = td; 446 447 flags = uap->flags & O_FMASK; 448 if (uap->offset != (off_t)-1) 449 flags |= O_FOFFSET; 450 451 error = kern_pwritev(uap->fd, &auio, flags, &uap->sysmsg_szresult); 452 453 iovec_free(&iov, aiov); 454 return(error); 455 } 456 457 /* 458 * MPSAFE 459 */ 460 int 461 kern_pwritev(int fd, struct uio *auio, int flags, size_t *res) 462 { 463 struct thread *td = curthread; 464 struct proc *p = td->td_proc; 465 struct file *fp; 466 int error; 467 468 KKASSERT(p); 469 470 fp = holdfp(p->p_fd, fd, FWRITE); 471 if (fp == NULL) 472 return (EBADF); 473 else if ((flags & O_FOFFSET) && fp->f_type != DTYPE_VNODE) { 474 error = ESPIPE; 475 } else { 476 error = dofilewrite(fd, fp, auio, flags, res); 477 } 478 479 fdrop(fp); 480 return (error); 481 } 482 483 /* 484 * Common code for writev and pwritev that writes data to 485 * a file using the passed in uio, offset, and flags. 486 * 487 * MPALMOSTSAFE - ktrace needs help 488 */ 489 static int 490 dofilewrite(int fd, struct file *fp, struct uio *auio, int flags, size_t *res) 491 { 492 struct thread *td = curthread; 493 struct lwp *lp = td->td_lwp; 494 int error; 495 size_t len; 496 #ifdef KTRACE 497 struct iovec *ktriov = NULL; 498 struct uio ktruio; 499 #endif 500 501 #ifdef KTRACE 502 /* 503 * if tracing, save a copy of iovec and uio 504 */ 505 if (KTRPOINT(td, KTR_GENIO)) { 506 int iovlen = auio->uio_iovcnt * sizeof(struct iovec); 507 508 MALLOC(ktriov, struct iovec *, iovlen, M_TEMP, M_WAITOK); 509 bcopy((caddr_t)auio->uio_iov, (caddr_t)ktriov, iovlen); 510 ktruio = *auio; 511 } 512 #endif 513 len = auio->uio_resid; 514 error = fo_write(fp, auio, fp->f_cred, flags); 515 if (error) { 516 if (auio->uio_resid != len && (error == ERESTART || 517 error == EINTR || error == EWOULDBLOCK)) 518 error = 0; 519 /* Socket layer is responsible for issuing SIGPIPE. */ 520 if (error == EPIPE) { 521 get_mplock(); 522 lwpsignal(lp->lwp_proc, lp, SIGPIPE); 523 rel_mplock(); 524 } 525 } 526 #ifdef KTRACE 527 if (ktriov != NULL) { 528 if (error == 0) { 529 ktruio.uio_iov = ktriov; 530 ktruio.uio_resid = len - auio->uio_resid; 531 get_mplock(); 532 ktrgenio(lp, fd, UIO_WRITE, &ktruio, error); 533 rel_mplock(); 534 } 535 FREE(ktriov, M_TEMP); 536 } 537 #endif 538 if (error == 0) 539 *res = len - auio->uio_resid; 540 541 return(error); 542 } 543 544 /* 545 * Ioctl system call 546 * 547 * MPALMOSTSAFE 548 */ 549 int 550 sys_ioctl(struct ioctl_args *uap) 551 { 552 int error; 553 554 get_mplock(); 555 error = mapped_ioctl(uap->fd, uap->com, uap->data, NULL, &uap->sysmsg); 556 rel_mplock(); 557 return (error); 558 } 559 560 struct ioctl_map_entry { 561 const char *subsys; 562 struct ioctl_map_range *cmd_ranges; 563 LIST_ENTRY(ioctl_map_entry) entries; 564 }; 565 566 /* 567 * The true heart of all ioctl syscall handlers (native, emulation). 568 * If map != NULL, it will be searched for a matching entry for com, 569 * and appropriate conversions/conversion functions will be utilized. 570 */ 571 int 572 mapped_ioctl(int fd, u_long com, caddr_t uspc_data, struct ioctl_map *map, 573 struct sysmsg *msg) 574 { 575 struct thread *td = curthread; 576 struct proc *p = td->td_proc; 577 struct ucred *cred; 578 struct file *fp; 579 struct ioctl_map_range *iomc = NULL; 580 int error; 581 u_int size; 582 u_long ocom = com; 583 caddr_t data, memp; 584 int tmp; 585 #define STK_PARAMS 128 586 union { 587 char stkbuf[STK_PARAMS]; 588 long align; 589 } ubuf; 590 591 KKASSERT(p); 592 cred = td->td_ucred; 593 594 fp = holdfp(p->p_fd, fd, FREAD|FWRITE); 595 if (fp == NULL) 596 return(EBADF); 597 598 if (map != NULL) { /* obey translation map */ 599 u_long maskcmd; 600 struct ioctl_map_entry *e; 601 602 maskcmd = com & map->mask; 603 604 LIST_FOREACH(e, &map->mapping, entries) { 605 for (iomc = e->cmd_ranges; iomc->start != 0 || 606 iomc->maptocmd != 0 || iomc->wrapfunc != NULL || 607 iomc->mapfunc != NULL; 608 iomc++) { 609 if (maskcmd >= iomc->start && 610 maskcmd <= iomc->end) 611 break; 612 } 613 614 /* Did we find a match? */ 615 if (iomc->start != 0 || iomc->maptocmd != 0 || 616 iomc->wrapfunc != NULL || iomc->mapfunc != NULL) 617 break; 618 } 619 620 if (iomc == NULL || 621 (iomc->start == 0 && iomc->maptocmd == 0 622 && iomc->wrapfunc == NULL && iomc->mapfunc == NULL)) { 623 kprintf("%s: 'ioctl' fd=%d, cmd=0x%lx ('%c',%d) not implemented\n", 624 map->sys, fd, maskcmd, 625 (int)((maskcmd >> 8) & 0xff), 626 (int)(maskcmd & 0xff)); 627 error = EINVAL; 628 goto done; 629 } 630 631 /* 632 * If it's a non-range one to one mapping, maptocmd should be 633 * correct. If it's a ranged one to one mapping, we pass the 634 * original value of com, and for a range mapped to a different 635 * range, we always need a mapping function to translate the 636 * ioctl to our native ioctl. Ex. 6500-65ff <-> 9500-95ff 637 */ 638 if (iomc->start == iomc->end && iomc->maptocmd == iomc->maptoend) { 639 com = iomc->maptocmd; 640 } else if (iomc->start == iomc->maptocmd && iomc->end == iomc->maptoend) { 641 if (iomc->mapfunc != NULL) 642 com = iomc->mapfunc(iomc->start, iomc->end, 643 iomc->start, iomc->end, 644 com, com); 645 } else { 646 if (iomc->mapfunc != NULL) { 647 com = iomc->mapfunc(iomc->start, iomc->end, 648 iomc->maptocmd, iomc->maptoend, 649 com, ocom); 650 } else { 651 kprintf("%s: Invalid mapping for fd=%d, cmd=%#lx ('%c',%d)\n", 652 map->sys, fd, maskcmd, 653 (int)((maskcmd >> 8) & 0xff), 654 (int)(maskcmd & 0xff)); 655 error = EINVAL; 656 goto done; 657 } 658 } 659 } 660 661 switch (com) { 662 case FIONCLEX: 663 error = fclrfdflags(p->p_fd, fd, UF_EXCLOSE); 664 goto done; 665 case FIOCLEX: 666 error = fsetfdflags(p->p_fd, fd, UF_EXCLOSE); 667 goto done; 668 } 669 670 /* 671 * Interpret high order word to find amount of data to be 672 * copied to/from the user's address space. 673 */ 674 size = IOCPARM_LEN(com); 675 if (size > IOCPARM_MAX) { 676 error = ENOTTY; 677 goto done; 678 } 679 680 memp = NULL; 681 if (size > sizeof (ubuf.stkbuf)) { 682 memp = kmalloc(size, M_IOCTLOPS, M_WAITOK); 683 data = memp; 684 } else { 685 data = ubuf.stkbuf; 686 } 687 if ((com & IOC_IN) != 0) { 688 if (size != 0) { 689 error = copyin(uspc_data, data, (size_t)size); 690 if (error) { 691 if (memp != NULL) 692 kfree(memp, M_IOCTLOPS); 693 goto done; 694 } 695 } else { 696 *(caddr_t *)data = uspc_data; 697 } 698 } else if ((com & IOC_OUT) != 0 && size) { 699 /* 700 * Zero the buffer so the user always 701 * gets back something deterministic. 702 */ 703 bzero(data, (size_t)size); 704 } else if ((com & IOC_VOID) != 0) { 705 *(caddr_t *)data = uspc_data; 706 } 707 708 switch (com) { 709 case FIONBIO: 710 if ((tmp = *(int *)data)) 711 fp->f_flag |= FNONBLOCK; 712 else 713 fp->f_flag &= ~FNONBLOCK; 714 error = 0; 715 break; 716 717 case FIOASYNC: 718 if ((tmp = *(int *)data)) 719 fp->f_flag |= FASYNC; 720 else 721 fp->f_flag &= ~FASYNC; 722 error = fo_ioctl(fp, FIOASYNC, (caddr_t)&tmp, cred, msg); 723 break; 724 725 default: 726 /* 727 * If there is a override function, 728 * call it instead of directly routing the call 729 */ 730 if (map != NULL && iomc->wrapfunc != NULL) 731 error = iomc->wrapfunc(fp, com, ocom, data, cred); 732 else 733 error = fo_ioctl(fp, com, data, cred, msg); 734 /* 735 * Copy any data to user, size was 736 * already set and checked above. 737 */ 738 if (error == 0 && (com & IOC_OUT) != 0 && size != 0) 739 error = copyout(data, uspc_data, (size_t)size); 740 break; 741 } 742 if (memp != NULL) 743 kfree(memp, M_IOCTLOPS); 744 done: 745 fdrop(fp); 746 return(error); 747 } 748 749 int 750 mapped_ioctl_register_handler(struct ioctl_map_handler *he) 751 { 752 struct ioctl_map_entry *ne; 753 754 KKASSERT(he != NULL && he->map != NULL && he->cmd_ranges != NULL && 755 he->subsys != NULL && *he->subsys != '\0'); 756 757 ne = kmalloc(sizeof(struct ioctl_map_entry), M_IOCTLMAP, M_WAITOK); 758 759 ne->subsys = he->subsys; 760 ne->cmd_ranges = he->cmd_ranges; 761 762 LIST_INSERT_HEAD(&he->map->mapping, ne, entries); 763 764 return(0); 765 } 766 767 int 768 mapped_ioctl_unregister_handler(struct ioctl_map_handler *he) 769 { 770 struct ioctl_map_entry *ne; 771 772 KKASSERT(he != NULL && he->map != NULL && he->cmd_ranges != NULL); 773 774 LIST_FOREACH(ne, &he->map->mapping, entries) { 775 if (ne->cmd_ranges != he->cmd_ranges) 776 continue; 777 LIST_REMOVE(ne, entries); 778 kfree(ne, M_IOCTLMAP); 779 return(0); 780 } 781 return(EINVAL); 782 } 783 784 static int nselcoll; /* Select collisions since boot */ 785 int selwait; 786 SYSCTL_INT(_kern, OID_AUTO, nselcoll, CTLFLAG_RD, &nselcoll, 0, ""); 787 static int nseldebug; 788 SYSCTL_INT(_kern, OID_AUTO, nseldebug, CTLFLAG_RW, &nseldebug, 0, ""); 789 790 /* 791 * Select system call. 792 * 793 * MPSAFE 794 */ 795 int 796 sys_select(struct select_args *uap) 797 { 798 struct timeval ktv; 799 struct timespec *ktsp, kts; 800 int error; 801 802 /* 803 * Get timeout if any. 804 */ 805 if (uap->tv != NULL) { 806 error = copyin(uap->tv, &ktv, sizeof (ktv)); 807 if (error) 808 return (error); 809 TIMEVAL_TO_TIMESPEC(&ktv, &kts); 810 ktsp = &kts; 811 } else { 812 ktsp = NULL; 813 } 814 815 /* 816 * Do real work. 817 */ 818 error = doselect(uap->nd, uap->in, uap->ou, uap->ex, ktsp, 819 &uap->sysmsg_result); 820 821 return (error); 822 } 823 824 825 /* 826 * Pselect system call. 827 * 828 * MPALMOSTSAFE 829 */ 830 int 831 sys_pselect(struct pselect_args *uap) 832 { 833 struct thread *td = curthread; 834 struct lwp *lp = td->td_lwp; 835 struct timespec *ktsp, kts; 836 sigset_t sigmask; 837 int error; 838 839 /* 840 * Get timeout if any. 841 */ 842 if (uap->ts != NULL) { 843 error = copyin(uap->ts, &kts, sizeof (kts)); 844 if (error) 845 return (error); 846 ktsp = &kts; 847 } else { 848 ktsp = NULL; 849 } 850 851 /* 852 * Install temporary signal mask if any provided. 853 */ 854 if (uap->sigmask != NULL) { 855 error = copyin(uap->sigmask, &sigmask, sizeof(sigmask)); 856 if (error) 857 return (error); 858 get_mplock(); 859 lp->lwp_oldsigmask = lp->lwp_sigmask; 860 SIG_CANTMASK(sigmask); 861 lp->lwp_sigmask = sigmask; 862 } else { 863 get_mplock(); 864 } 865 866 /* 867 * Do real job. 868 */ 869 error = doselect(uap->nd, uap->in, uap->ou, uap->ex, ktsp, 870 &uap->sysmsg_result); 871 872 if (uap->sigmask != NULL) { 873 /* doselect() responsible for turning ERESTART into EINTR */ 874 KKASSERT(error != ERESTART); 875 if (error == EINTR) { 876 /* 877 * We can't restore the previous signal mask now 878 * because it could block the signal that interrupted 879 * us. So make a note to restore it after executing 880 * the handler. 881 */ 882 lp->lwp_flag |= LWP_OLDMASK; 883 } else { 884 /* 885 * No handler to run. Restore previous mask immediately. 886 */ 887 lp->lwp_sigmask = lp->lwp_oldsigmask; 888 } 889 } 890 rel_mplock(); 891 892 return (error); 893 } 894 895 static int 896 select_copyin(void *arg, struct kevent *kevp, int maxevents, int *events) 897 { 898 struct select_kevent_copyin_args *skap = NULL; 899 struct kevent *kev; 900 int fd; 901 kfd_set *fdp = NULL; 902 short filter = 0; 903 u_int fflags = 0; 904 905 skap = (struct select_kevent_copyin_args *)arg; 906 907 if (*events == maxevents) 908 return (0); 909 910 while (skap->active_set < COPYIN_DONE) { 911 switch (skap->active_set) { 912 case COPYIN_READ: 913 /* 914 * Register descriptors for the read filter 915 */ 916 fdp = skap->read_set; 917 filter = EVFILT_READ; 918 fflags = 0; 919 if (fdp) 920 break; 921 ++skap->active_set; 922 skap->proc_fds = 0; 923 /* fall through */ 924 case COPYIN_WRITE: 925 /* 926 * Register descriptors for the write filter 927 */ 928 fdp = skap->write_set; 929 filter = EVFILT_WRITE; 930 fflags = 0; 931 if (fdp) 932 break; 933 ++skap->active_set; 934 skap->proc_fds = 0; 935 /* fall through */ 936 case COPYIN_EXCEPT: 937 /* 938 * Register descriptors for the exception filter 939 */ 940 fdp = skap->except_set; 941 filter = EVFILT_EXCEPT; 942 fflags = NOTE_OOB; 943 if (fdp) 944 break; 945 ++skap->active_set; 946 skap->proc_fds = 0; 947 /* fall through */ 948 case COPYIN_DONE: 949 /* 950 * Nothing left to register 951 */ 952 return(0); 953 /* NOT REACHED */ 954 } 955 956 while (skap->proc_fds < skap->num_fds) { 957 fd = skap->proc_fds; 958 if (FD_ISSET(fd, fdp)) { 959 kev = &kevp[*events]; 960 EV_SET(kev, fd, filter, 961 EV_ADD|EV_ENABLE, 962 fflags, 0, 963 (void *)skap->lwp->lwp_kqueue_serial); 964 FD_CLR(fd, fdp); 965 ++*events; 966 } 967 ++skap->proc_fds; 968 if (*events == maxevents) 969 return (0); 970 } 971 skap->active_set++; 972 skap->proc_fds = 0; 973 } 974 975 return (0); 976 } 977 978 static int 979 select_copyout(void *arg, struct kevent *kevp, int count, int *res) 980 { 981 struct select_kevent_copyin_args *skap; 982 struct kevent kev; 983 int i = 0; 984 985 skap = (struct select_kevent_copyin_args *)arg; 986 987 if (kevp[0].flags & EV_ERROR) { 988 skap->error = kevp[0].data; 989 return (0); 990 } 991 992 for (i = 0; i < count; ++i) { 993 if ((u_int)kevp[i].udata != skap->lwp->lwp_kqueue_serial) { 994 kev = kevp[i]; 995 kev.flags = EV_DISABLE|EV_DELETE; 996 kqueue_register(&skap->lwp->lwp_kqueue, &kev); 997 continue; 998 } 999 1000 switch (kevp[i].filter) { 1001 case EVFILT_READ: 1002 FD_SET(kevp[i].ident, skap->read_set); 1003 break; 1004 case EVFILT_WRITE: 1005 FD_SET(kevp[i].ident, skap->write_set); 1006 break; 1007 case EVFILT_EXCEPT: 1008 FD_SET(kevp[i].ident, skap->except_set); 1009 break; 1010 } 1011 1012 ++*res; 1013 } 1014 1015 return (0); 1016 } 1017 1018 /* 1019 * Copy select bits in from userland. Allocate kernel memory if the 1020 * set is large. 1021 */ 1022 static int 1023 getbits(int bytes, fd_set *in_set, kfd_set **out_set, kfd_set *tmp_set) 1024 { 1025 int error; 1026 1027 if (in_set) { 1028 if (bytes < sizeof(*tmp_set)) 1029 *out_set = tmp_set; 1030 else 1031 *out_set = kmalloc(bytes, M_SELECT, M_WAITOK); 1032 error = copyin(in_set, *out_set, bytes); 1033 } else { 1034 *out_set = NULL; 1035 error = 0; 1036 } 1037 return (error); 1038 } 1039 1040 /* 1041 * Copy returned select bits back out to userland. 1042 */ 1043 static int 1044 putbits(int bytes, kfd_set *in_set, fd_set *out_set) 1045 { 1046 int error; 1047 1048 if (in_set) { 1049 error = copyout(in_set, out_set, bytes); 1050 } else { 1051 error = 0; 1052 } 1053 return (error); 1054 } 1055 1056 /* 1057 * Common code for sys_select() and sys_pselect(). 1058 * 1059 * in, out and ex are userland pointers. ts must point to validated 1060 * kernel-side timeout value or NULL for infinite timeout. res must 1061 * point to syscall return value. 1062 */ 1063 static int 1064 doselect(int nd, fd_set *read, fd_set *write, fd_set *except, 1065 struct timespec *ts, int *res) 1066 { 1067 struct proc *p = curproc; 1068 struct select_kevent_copyin_args *kap, ka; 1069 int bytes, error; 1070 kfd_set read_tmp; 1071 kfd_set write_tmp; 1072 kfd_set except_tmp; 1073 1074 *res = 0; 1075 if (nd < 0) 1076 return (EINVAL); 1077 if (nd > p->p_fd->fd_nfiles) /* limit kmalloc */ 1078 nd = p->p_fd->fd_nfiles; 1079 1080 kap = &ka; 1081 kap->lwp = curthread->td_lwp; 1082 kap->num_fds = nd; 1083 kap->proc_fds = 0; 1084 kap->error = 0; 1085 kap->active_set = COPYIN_READ; 1086 1087 /* 1088 * Calculate bytes based on the number of __fd_mask[] array entries 1089 * multiplied by the size of __fd_mask. 1090 */ 1091 bytes = howmany(nd, __NFDBITS) * sizeof(__fd_mask); 1092 1093 error = getbits(bytes, read, &kap->read_set, &read_tmp); 1094 if (error == 0) 1095 error = getbits(bytes, write, &kap->write_set, &write_tmp); 1096 if (error == 0) 1097 error = getbits(bytes, except, &kap->except_set, &except_tmp); 1098 if (error) 1099 goto done; 1100 1101 /* 1102 * NOTE: Make sure the max events passed to kern_kevent() is 1103 * effectively unlimited. (nd * 3) accomplishes this. 1104 * 1105 * (*res) continues to increment as returned events are 1106 * loaded in. 1107 */ 1108 error = kern_kevent(&kap->lwp->lwp_kqueue, 0x7FFFFFFF, res, kap, 1109 select_copyin, select_copyout, ts); 1110 if (error == 0) 1111 error = putbits(bytes, kap->read_set, read); 1112 if (error == 0) 1113 error = putbits(bytes, kap->write_set, write); 1114 if (error == 0) 1115 error = putbits(bytes, kap->except_set, except); 1116 1117 /* 1118 * Cumulative error from individual events (EBADFD?) 1119 */ 1120 if (kap->error) 1121 error = kap->error; 1122 1123 /* 1124 * Clean up. 1125 */ 1126 done: 1127 if (kap->read_set && kap->read_set != &read_tmp) 1128 kfree(kap->read_set, M_SELECT); 1129 if (kap->write_set && kap->write_set != &write_tmp) 1130 kfree(kap->write_set, M_SELECT); 1131 if (kap->except_set && kap->except_set != &except_tmp) 1132 kfree(kap->except_set, M_SELECT); 1133 1134 kap->lwp->lwp_kqueue_serial++; 1135 1136 return (error); 1137 } 1138 1139 /* 1140 * Poll system call. 1141 * 1142 * MPSAFE 1143 */ 1144 int 1145 sys_poll(struct poll_args *uap) 1146 { 1147 struct timespec ts, *tsp; 1148 int error; 1149 1150 if (uap->timeout != INFTIM) { 1151 ts.tv_sec = uap->timeout / 1000; 1152 ts.tv_nsec = (uap->timeout % 1000) * 1000 * 1000; 1153 tsp = &ts; 1154 } else { 1155 tsp = NULL; 1156 } 1157 1158 error = dopoll(uap->nfds, uap->fds, tsp, &uap->sysmsg_result); 1159 1160 return (error); 1161 } 1162 1163 static int 1164 poll_copyin(void *arg, struct kevent *kevp, int maxevents, int *events) 1165 { 1166 struct poll_kevent_copyin_args *pkap; 1167 struct pollfd *pfd; 1168 struct kevent *kev; 1169 int kev_count; 1170 1171 pkap = (struct poll_kevent_copyin_args *)arg; 1172 1173 while (pkap->pfds < pkap->nfds) { 1174 pfd = &pkap->fds[pkap->pfds]; 1175 1176 /* Clear return events */ 1177 pfd->revents = 0; 1178 1179 /* Do not check if fd is equal to -1 */ 1180 if (pfd->fd == -1) { 1181 ++pkap->pfds; 1182 continue; 1183 } 1184 1185 kev_count = 0; 1186 if (pfd->events & (POLLIN | POLLRDNORM)) 1187 kev_count++; 1188 if (pfd->events & (POLLOUT | POLLWRNORM)) 1189 kev_count++; 1190 if (pfd->events & (POLLPRI | POLLRDBAND)) 1191 kev_count++; 1192 1193 if (*events + kev_count > maxevents) 1194 return (0); 1195 1196 /* 1197 * NOTE: A combined serial number and poll array index is 1198 * stored in kev->udata. 1199 */ 1200 kev = &kevp[*events]; 1201 if (pfd->events & (POLLIN | POLLRDNORM)) { 1202 EV_SET(kev++, pfd->fd, EVFILT_READ, EV_ADD|EV_ENABLE, 1203 0, 0, (void *)(pkap->lwp->lwp_kqueue_serial + 1204 pkap->pfds)); 1205 } 1206 if (pfd->events & (POLLOUT | POLLWRNORM)) { 1207 EV_SET(kev++, pfd->fd, EVFILT_WRITE, EV_ADD|EV_ENABLE, 1208 0, 0, (void *)(pkap->lwp->lwp_kqueue_serial + 1209 pkap->pfds)); 1210 } 1211 if (pfd->events & (POLLPRI | POLLRDBAND)) { 1212 EV_SET(kev++, pfd->fd, EVFILT_EXCEPT, EV_ADD|EV_ENABLE, 1213 NOTE_OOB, 0, 1214 (void *)(pkap->lwp->lwp_kqueue_serial + 1215 pkap->pfds)); 1216 } 1217 1218 if (nseldebug) { 1219 kprintf("poll index %d fd %d events %08x\n", 1220 pkap->pfds, pfd->fd, pfd->events); 1221 } 1222 1223 ++pkap->pfds; 1224 (*events) += kev_count; 1225 } 1226 1227 return (0); 1228 } 1229 1230 static int 1231 poll_copyout(void *arg, struct kevent *kevp, int count, int *res) 1232 { 1233 struct poll_kevent_copyin_args *pkap; 1234 struct pollfd *pfd; 1235 struct kevent kev; 1236 int i; 1237 u_int pi; 1238 1239 pkap = (struct poll_kevent_copyin_args *)arg; 1240 1241 for (i = 0; i < count; ++i) { 1242 /* 1243 * Extract the poll array index and delete spurious events. 1244 * We can easily tell if the serial number is incorrect 1245 * by checking whether the extracted index is out of range. 1246 */ 1247 pi = (u_int)kevp[i].udata - (u_int)pkap->lwp->lwp_kqueue_serial; 1248 1249 if (pi >= pkap->nfds) { 1250 kev = kevp[i]; 1251 kev.flags = EV_DISABLE|EV_DELETE; 1252 kqueue_register(&pkap->lwp->lwp_kqueue, &kev); 1253 if (nseldebug) 1254 kprintf("poll index %d out of range\n", pi); 1255 continue; 1256 } 1257 pfd = &pkap->fds[pi]; 1258 if (kevp[i].ident == pfd->fd) { 1259 if (kevp[i].flags & EV_ERROR) { 1260 switch(kevp[i].data) { 1261 case EOPNOTSUPP: 1262 /* 1263 * Operation not supported. Poll 1264 * does not return an error for 1265 * POLLPRI (OOB/urgent data) when 1266 * it is not supported by the device. 1267 */ 1268 if (kevp[i].filter != EVFILT_EXCEPT) { 1269 pfd->revents |= POLLERR; 1270 ++*res; 1271 } 1272 break; 1273 case EBADF: 1274 /* Bad file descriptor */ 1275 pfd->revents |= POLLNVAL; 1276 ++*res; 1277 break; 1278 default: 1279 pfd->revents |= POLLERR; 1280 ++*res; 1281 break; 1282 } 1283 if (nseldebug) 1284 kprintf("poll index %d fd %d filter %d error %d\n", 1285 pi, pfd->fd, 1286 kevp[i].filter, kevp[i].data); 1287 continue; 1288 } 1289 1290 if (kevp[i].flags & EV_EOF) { 1291 pfd->revents |= POLLHUP; 1292 ++*res; 1293 continue; 1294 } 1295 1296 switch (kevp[i].filter) { 1297 case EVFILT_READ: 1298 pfd->revents |= (POLLIN | POLLRDNORM); 1299 break; 1300 case EVFILT_WRITE: 1301 pfd->revents |= (POLLOUT | POLLWRNORM); 1302 break; 1303 case EVFILT_EXCEPT: 1304 pfd->revents |= (POLLPRI | POLLRDBAND); 1305 break; 1306 } 1307 1308 if (nseldebug) { 1309 kprintf("poll index %d fd %d revents %08x\n", 1310 pi, pfd->fd, pfd->revents); 1311 } 1312 1313 ++*res; 1314 continue; 1315 } else { 1316 if (nseldebug) 1317 kprintf("poll index %d mismatch %d/%d\n", 1318 pi, kevp[i].ident, pfd->fd); 1319 } 1320 } 1321 1322 return (0); 1323 } 1324 1325 static int 1326 dopoll(int nfds, struct pollfd *fds, struct timespec *ts, int *res) 1327 { 1328 struct poll_kevent_copyin_args ka; 1329 struct pollfd sfds[64]; 1330 int bytes; 1331 int error; 1332 1333 *res = 0; 1334 if (nfds < 0) 1335 return (EINVAL); 1336 1337 /* 1338 * This is a bit arbitrary but we need to limit internal kmallocs. 1339 */ 1340 if (nfds > maxfilesperproc * 2) 1341 nfds = maxfilesperproc * 2; 1342 bytes = sizeof(struct pollfd) * nfds; 1343 1344 ka.lwp = curthread->td_lwp; 1345 ka.nfds = nfds; 1346 ka.pfds = 0; 1347 ka.error = 0; 1348 1349 if (ka.nfds < 64) 1350 ka.fds = sfds; 1351 else 1352 ka.fds = kmalloc(bytes, M_SELECT, M_WAITOK); 1353 1354 error = copyin(fds, ka.fds, bytes); 1355 if (error == 0) 1356 error = kern_kevent(&ka.lwp->lwp_kqueue, ka.nfds, res, &ka, 1357 poll_copyin, poll_copyout, ts); 1358 1359 if (error == 0) 1360 error = copyout(ka.fds, fds, bytes); 1361 1362 if (ka.fds != sfds) 1363 kfree(ka.fds, M_SELECT); 1364 1365 ka.lwp->lwp_kqueue_serial += nfds; 1366 1367 return (error); 1368 } 1369 1370 static int 1371 socket_wait_copyin(void *arg, struct kevent *kevp, int maxevents, int *events) 1372 { 1373 return (0); 1374 } 1375 1376 static int 1377 socket_wait_copyout(void *arg, struct kevent *kevp, int count, int *res) 1378 { 1379 ++*res; 1380 return (0); 1381 } 1382 1383 extern struct fileops socketops; 1384 int 1385 socket_wait(struct socket *so, struct timespec *ts, int *res) 1386 { 1387 struct thread *td = curthread; 1388 struct file *fp; 1389 struct kqueue kq; 1390 struct kevent kev; 1391 int error, fd; 1392 1393 if ((error = falloc(td->td_lwp, &fp, &fd)) != 0) 1394 return (error); 1395 1396 fp->f_type = DTYPE_SOCKET; 1397 fp->f_flag = FREAD | FWRITE; 1398 fp->f_ops = &socketops; 1399 fp->f_data = so; 1400 fsetfd(td->td_lwp->lwp_proc->p_fd, fp, fd); 1401 1402 kqueue_init(&kq, td->td_lwp->lwp_proc->p_fd); 1403 EV_SET(&kev, fd, EVFILT_READ, EV_ADD|EV_ENABLE, 0, 0, NULL); 1404 if ((error = kqueue_register(&kq, &kev)) != 0) { 1405 fdrop(fp); 1406 return (error); 1407 } 1408 1409 error = kern_kevent(&kq, 1, res, NULL, socket_wait_copyin, 1410 socket_wait_copyout, ts); 1411 1412 EV_SET(&kev, fd, EVFILT_READ, EV_DELETE, 0, 0, NULL); 1413 kqueue_register(&kq, &kev); 1414 fp->f_ops = &badfileops; 1415 fdrop(fp); 1416 1417 return (error); 1418 } 1419 1420 /* 1421 * OpenBSD poll system call. 1422 * XXX this isn't quite a true representation.. OpenBSD uses select ops. 1423 * 1424 * MPSAFE 1425 */ 1426 int 1427 sys_openbsd_poll(struct openbsd_poll_args *uap) 1428 { 1429 return (sys_poll((struct poll_args *)uap)); 1430 } 1431 1432 /*ARGSUSED*/ 1433 int 1434 seltrue(cdev_t dev, int events) 1435 { 1436 return (events & (POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM)); 1437 } 1438 1439 /* 1440 * Do a wakeup when a selectable event occurs. 1441 */ 1442 void 1443 selwakeup(struct selinfo *sip) 1444 { 1445 struct proc *p; 1446 struct lwp *lp = NULL; 1447 1448 if (sip->si_pid == 0) 1449 return; 1450 if (sip->si_flags & SI_COLL) { 1451 nselcoll++; 1452 sip->si_flags &= ~SI_COLL; 1453 wakeup((caddr_t)&selwait); /* YYY fixable */ 1454 } 1455 p = pfind(sip->si_pid); 1456 sip->si_pid = 0; 1457 if (p == NULL) 1458 return; 1459 lp = lwp_rb_tree_RB_LOOKUP(&p->p_lwp_tree, sip->si_tid); 1460 if (lp == NULL) 1461 return; 1462 1463 /* 1464 * This is a temporary hack until the code can be rewritten. 1465 * Check LWP_SELECT before assuming we can setrunnable(). 1466 * Otherwise we might catch the lwp before it actually goes to 1467 * sleep. 1468 */ 1469 crit_enter(); 1470 if (lp->lwp_flag & LWP_SELECT) { 1471 lp->lwp_flag &= ~LWP_SELECT; 1472 } else if (lp->lwp_wchan == (caddr_t)&selwait) { 1473 /* 1474 * Flag the process to break the tsleep when 1475 * setrunnable is called, but only call setrunnable 1476 * here if the process is not in a stopped state. 1477 */ 1478 lp->lwp_flag |= LWP_BREAKTSLEEP; 1479 if (p->p_stat != SSTOP) 1480 setrunnable(lp); 1481 } 1482 crit_exit(); 1483 1484 kqueue_wakeup(&lp->lwp_kqueue); 1485 } 1486 1487