1 /* $NetBSD: kern_descrip.c,v 1.108 2003/05/16 14:40:41 itojun Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. All advertising materials mentioning features or use of this software 21 * must display the following acknowledgement: 22 * This product includes software developed by the University of 23 * California, Berkeley and its contributors. 24 * 4. Neither the name of the University nor the names of its contributors 25 * may be used to endorse or promote products derived from this software 26 * without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * 40 * @(#)kern_descrip.c 8.8 (Berkeley) 2/14/95 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.108 2003/05/16 14:40:41 itojun Exp $"); 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/filedesc.h> 49 #include <sys/kernel.h> 50 #include <sys/vnode.h> 51 #include <sys/proc.h> 52 #include <sys/file.h> 53 #include <sys/namei.h> 54 #include <sys/socket.h> 55 #include <sys/socketvar.h> 56 #include <sys/stat.h> 57 #include <sys/ioctl.h> 58 #include <sys/fcntl.h> 59 #include <sys/malloc.h> 60 #include <sys/pool.h> 61 #include <sys/syslog.h> 62 #include <sys/unistd.h> 63 #include <sys/resourcevar.h> 64 #include <sys/conf.h> 65 #include <sys/event.h> 66 67 #include <sys/mount.h> 68 #include <sys/sa.h> 69 #include <sys/syscallargs.h> 70 71 /* 72 * Descriptor management. 73 */ 74 struct filelist filehead; /* head of list of open files */ 75 int nfiles; /* actual number of open files */ 76 struct pool file_pool; /* memory pool for file structures */ 77 struct pool cwdi_pool; /* memory pool for cwdinfo structures */ 78 struct pool filedesc0_pool; /* memory pool for filedesc0 structures */ 79 80 /* Global file list lock */ 81 static struct simplelock filelist_slock = SIMPLELOCK_INITIALIZER; 82 83 MALLOC_DEFINE(M_FILE, "file", "Open file structure"); 84 MALLOC_DEFINE(M_FILEDESC, "file desc", "Open file descriptor table"); 85 MALLOC_DEFINE(M_IOCTLOPS, "ioctlops", "ioctl data buffer"); 86 87 static __inline void fd_used(struct filedesc *, int); 88 static __inline void fd_unused(struct filedesc *, int); 89 int finishdup(struct proc *, int, int, register_t *); 90 int fcntl_forfs(int, struct proc *, int, void *); 91 92 dev_type_open(filedescopen); 93 94 const struct cdevsw filedesc_cdevsw = { 95 filedescopen, noclose, noread, nowrite, noioctl, 96 nostop, notty, nopoll, nommap, nokqfilter, 97 }; 98 99 static __inline void 100 fd_used(struct filedesc *fdp, int fd) 101 { 102 103 if (fd > fdp->fd_lastfile) 104 fdp->fd_lastfile = fd; 105 } 106 107 static __inline void 108 fd_unused(struct filedesc *fdp, int fd) 109 { 110 111 if (fd < fdp->fd_freefile) 112 fdp->fd_freefile = fd; 113 #ifdef DIAGNOSTIC 114 if (fd > fdp->fd_lastfile) 115 panic("fd_unused: fd_lastfile inconsistent"); 116 #endif 117 if (fd == fdp->fd_lastfile) { 118 do { 119 fd--; 120 } while (fd >= 0 && fdp->fd_ofiles[fd] == NULL); 121 fdp->fd_lastfile = fd; 122 } 123 } 124 125 /* 126 * Lookup the file structure corresponding to a file descriptor 127 * and return it locked. 128 * Note: typical usage is: `fp = fd_getfile(..); FILE_USE(fp);' 129 * The locking strategy has been optimised for this case, i.e. 130 * fd_getfile() returns the file locked while FILE_USE() will increment 131 * the file's use count and unlock. 132 */ 133 struct file * 134 fd_getfile(struct filedesc *fdp, int fd) 135 { 136 struct file *fp; 137 138 if ((u_int) fd >= fdp->fd_nfiles || (fp = fdp->fd_ofiles[fd]) == NULL) 139 return (NULL); 140 141 simple_lock(&fp->f_slock); 142 if (FILE_IS_USABLE(fp) == 0) { 143 simple_unlock(&fp->f_slock); 144 return (NULL); 145 } 146 147 return (fp); 148 } 149 150 /* 151 * System calls on descriptors. 152 */ 153 154 /* 155 * Duplicate a file descriptor. 156 */ 157 /* ARGSUSED */ 158 int 159 sys_dup(struct lwp *l, void *v, register_t *retval) 160 { 161 struct sys_dup_args /* { 162 syscallarg(int) fd; 163 } */ *uap = v; 164 struct file *fp; 165 struct filedesc *fdp; 166 struct proc *p; 167 int old, new, error; 168 169 p = l->l_proc; 170 fdp = p->p_fd; 171 old = SCARG(uap, fd); 172 173 restart: 174 if ((fp = fd_getfile(fdp, old)) == NULL) 175 return (EBADF); 176 177 FILE_USE(fp); 178 179 if ((error = fdalloc(p, 0, &new)) != 0) { 180 if (error == ENOSPC) { 181 fdexpand(p); 182 FILE_UNUSE(fp, p); 183 goto restart; 184 } 185 FILE_UNUSE(fp, p); 186 return (error); 187 } 188 189 /* finishdup() will unuse the descriptors for us */ 190 return (finishdup(p, old, new, retval)); 191 } 192 193 /* 194 * Duplicate a file descriptor to a particular value. 195 */ 196 /* ARGSUSED */ 197 int 198 sys_dup2(struct lwp *l, void *v, register_t *retval) 199 { 200 struct sys_dup2_args /* { 201 syscallarg(int) from; 202 syscallarg(int) to; 203 } */ *uap = v; 204 struct file *fp; 205 struct filedesc *fdp; 206 struct proc *p; 207 int old, new, i, error; 208 209 p = l->l_proc; 210 fdp = p->p_fd; 211 old = SCARG(uap, from); 212 new = SCARG(uap, to); 213 214 restart: 215 if ((fp = fd_getfile(fdp, old)) == NULL) 216 return (EBADF); 217 218 if ((u_int)new >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur || 219 (u_int)new >= maxfiles) { 220 simple_unlock(&fp->f_slock); 221 return (EBADF); 222 } 223 224 if (old == new) { 225 simple_unlock(&fp->f_slock); 226 *retval = new; 227 return (0); 228 } 229 230 FILE_USE(fp); 231 232 if (new >= fdp->fd_nfiles) { 233 if ((error = fdalloc(p, new, &i)) != 0) { 234 if (error == ENOSPC) { 235 fdexpand(p); 236 FILE_UNUSE(fp, p); 237 goto restart; 238 } 239 FILE_UNUSE(fp, p); 240 return (error); 241 } 242 if (new != i) 243 panic("dup2: fdalloc"); 244 } 245 246 /* 247 * finishdup() will close the file that's in the `new' 248 * slot, if there's one there. 249 */ 250 251 /* finishdup() will unuse the descriptors for us */ 252 return (finishdup(p, old, new, retval)); 253 } 254 255 /* 256 * The file control system call. 257 */ 258 /* ARGSUSED */ 259 int 260 sys_fcntl(struct lwp *l, void *v, register_t *retval) 261 { 262 struct sys_fcntl_args /* { 263 syscallarg(int) fd; 264 syscallarg(int) cmd; 265 syscallarg(void *) arg; 266 } */ *uap = v; 267 struct filedesc *fdp; 268 struct file *fp; 269 struct proc *p; 270 struct vnode *vp; 271 int fd, i, tmp, error, flg, cmd, newmin; 272 struct flock fl; 273 274 p = l->l_proc; 275 fd = SCARG(uap, fd); 276 fdp = p->p_fd; 277 error = 0; 278 flg = F_POSIX; 279 280 restart: 281 if ((fp = fd_getfile(fdp, fd)) == NULL) 282 return (EBADF); 283 284 FILE_USE(fp); 285 286 cmd = SCARG(uap, cmd); 287 if ((cmd & F_FSCTL)) { 288 error = fcntl_forfs(fd, p, cmd, SCARG(uap, arg)); 289 goto out; 290 } 291 292 switch (cmd) { 293 294 case F_DUPFD: 295 newmin = (long)SCARG(uap, arg); 296 if ((u_int)newmin >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur || 297 (u_int)newmin >= maxfiles) { 298 error = EINVAL; 299 goto out; 300 } 301 if ((error = fdalloc(p, newmin, &i)) != 0) { 302 if (error == ENOSPC) { 303 fdexpand(p); 304 FILE_UNUSE(fp, p); 305 goto restart; 306 } 307 goto out; 308 } 309 310 /* finishdup() will unuse the descriptors for us */ 311 return (finishdup(p, fd, i, retval)); 312 313 case F_GETFD: 314 *retval = fdp->fd_ofileflags[fd] & UF_EXCLOSE ? 1 : 0; 315 break; 316 317 case F_SETFD: 318 if ((long)SCARG(uap, arg) & 1) 319 fdp->fd_ofileflags[fd] |= UF_EXCLOSE; 320 else 321 fdp->fd_ofileflags[fd] &= ~UF_EXCLOSE; 322 break; 323 324 case F_GETFL: 325 *retval = OFLAGS(fp->f_flag); 326 break; 327 328 case F_SETFL: 329 tmp = FFLAGS((long)SCARG(uap, arg)) & FCNTLFLAGS; 330 error = (*fp->f_ops->fo_fcntl)(fp, F_SETFL, &tmp, p); 331 if (error) 332 break; 333 i = tmp ^ fp->f_flag; 334 if (i & FNONBLOCK) { 335 int fl = tmp & FNONBLOCK; 336 error = (*fp->f_ops->fo_ioctl)(fp, FIONBIO, &fl, p); 337 if (error) 338 goto reset_fcntl; 339 } 340 if (i & FASYNC) { 341 int fl = tmp & FASYNC; 342 error = (*fp->f_ops->fo_ioctl)(fp, FIOASYNC, &fl, p); 343 if (error) { 344 if (i & FNONBLOCK) { 345 tmp = fp->f_flag & FNONBLOCK; 346 (void)(*fp->f_ops->fo_ioctl)(fp, 347 FIONBIO, &tmp, p); 348 } 349 goto reset_fcntl; 350 } 351 } 352 fp->f_flag = (fp->f_flag & ~FCNTLFLAGS) | tmp; 353 break; 354 reset_fcntl: 355 (void)(*fp->f_ops->fo_fcntl)(fp, F_SETFL, &fp->f_flag, p); 356 break; 357 358 case F_GETOWN: 359 if (fp->f_type == DTYPE_SOCKET) { 360 *retval = ((struct socket *)fp->f_data)->so_pgid; 361 goto out; 362 } 363 error = (*fp->f_ops->fo_ioctl)(fp, TIOCGPGRP, &tmp, p); 364 *retval = -tmp; 365 break; 366 367 case F_SETOWN: 368 if (fp->f_type == DTYPE_SOCKET) { 369 ((struct socket *)fp->f_data)->so_pgid = 370 (long)SCARG(uap, arg); 371 goto out; 372 } 373 if ((long)SCARG(uap, arg) <= 0) { 374 tmp = (-(long)SCARG(uap, arg)); 375 } else { 376 struct proc *p1 = pfind((long)SCARG(uap, arg)); 377 if (p1 == 0) { 378 error = ESRCH; 379 goto out; 380 } 381 tmp = (long)p1->p_pgrp->pg_id; 382 } 383 error = (*fp->f_ops->fo_ioctl)(fp, TIOCSPGRP, &tmp, p); 384 break; 385 386 case F_SETLKW: 387 flg |= F_WAIT; 388 /* Fall into F_SETLK */ 389 390 case F_SETLK: 391 if (fp->f_type != DTYPE_VNODE) { 392 error = EINVAL; 393 goto out; 394 } 395 vp = (struct vnode *)fp->f_data; 396 /* Copy in the lock structure */ 397 error = copyin(SCARG(uap, arg), &fl, sizeof(fl)); 398 if (error) 399 goto out; 400 if (fl.l_whence == SEEK_CUR) 401 fl.l_start += fp->f_offset; 402 switch (fl.l_type) { 403 case F_RDLCK: 404 if ((fp->f_flag & FREAD) == 0) { 405 error = EBADF; 406 goto out; 407 } 408 p->p_flag |= P_ADVLOCK; 409 error = VOP_ADVLOCK(vp, p, F_SETLK, &fl, flg); 410 goto out; 411 412 case F_WRLCK: 413 if ((fp->f_flag & FWRITE) == 0) { 414 error = EBADF; 415 goto out; 416 } 417 p->p_flag |= P_ADVLOCK; 418 error = VOP_ADVLOCK(vp, p, F_SETLK, &fl, flg); 419 goto out; 420 421 case F_UNLCK: 422 error = VOP_ADVLOCK(vp, p, F_UNLCK, &fl, F_POSIX); 423 goto out; 424 425 default: 426 error = EINVAL; 427 goto out; 428 } 429 430 case F_GETLK: 431 if (fp->f_type != DTYPE_VNODE) { 432 error = EINVAL; 433 goto out; 434 } 435 vp = (struct vnode *)fp->f_data; 436 /* Copy in the lock structure */ 437 error = copyin(SCARG(uap, arg), &fl, sizeof(fl)); 438 if (error) 439 goto out; 440 if (fl.l_whence == SEEK_CUR) 441 fl.l_start += fp->f_offset; 442 if (fl.l_type != F_RDLCK && 443 fl.l_type != F_WRLCK && 444 fl.l_type != F_UNLCK) { 445 error = EINVAL; 446 goto out; 447 } 448 error = VOP_ADVLOCK(vp, p, F_GETLK, &fl, F_POSIX); 449 if (error) 450 goto out; 451 error = copyout(&fl, SCARG(uap, arg), sizeof(fl)); 452 break; 453 454 default: 455 error = EINVAL; 456 } 457 458 out: 459 FILE_UNUSE(fp, p); 460 return (error); 461 } 462 463 /* 464 * Common code for dup, dup2, and fcntl(F_DUPFD). 465 */ 466 int 467 finishdup(struct proc *p, int old, int new, register_t *retval) 468 { 469 struct filedesc *fdp; 470 struct file *fp, *delfp; 471 472 fdp = p->p_fd; 473 474 /* 475 * If there is a file in the new slot, remember it so we 476 * can close it after we've finished the dup. We need 477 * to do it after the dup is finished, since closing 478 * the file may block. 479 * 480 * Note: `old' is already used for us. 481 */ 482 delfp = fdp->fd_ofiles[new]; 483 484 fp = fdp->fd_ofiles[old]; 485 fdp->fd_ofiles[new] = fp; 486 fdp->fd_ofileflags[new] = fdp->fd_ofileflags[old] &~ UF_EXCLOSE; 487 fp->f_count++; 488 /* 489 * Note, don't have to mark it "used" in the table if there 490 * was already a file in the `new' slot. 491 */ 492 if (delfp == NULL) 493 fd_used(fdp, new); 494 *retval = new; 495 FILE_UNUSE(fp, p); 496 497 if (delfp != NULL) { 498 simple_lock(&delfp->f_slock); 499 FILE_USE(delfp); 500 if (new < fdp->fd_knlistsize) 501 knote_fdclose(p, new); 502 (void) closef(delfp, p); 503 } 504 return (0); 505 } 506 507 void 508 fdremove(struct filedesc *fdp, int fd) 509 { 510 511 fdp->fd_ofiles[fd] = NULL; 512 fd_unused(fdp, fd); 513 } 514 515 int 516 fdrelease(struct proc *p, int fd) 517 { 518 struct filedesc *fdp; 519 struct file **fpp, *fp; 520 521 fdp = p->p_fd; 522 fpp = &fdp->fd_ofiles[fd]; 523 fp = *fpp; 524 if (fp == NULL) 525 return (EBADF); 526 527 simple_lock(&fp->f_slock); 528 if (!FILE_IS_USABLE(fp)) { 529 simple_unlock(&fp->f_slock); 530 return (EBADF); 531 } 532 533 FILE_USE(fp); 534 535 *fpp = NULL; 536 fdp->fd_ofileflags[fd] = 0; 537 if (fd < fdp->fd_knlistsize) 538 knote_fdclose(p, fd); 539 fd_unused(fdp, fd); 540 return (closef(fp, p)); 541 } 542 543 /* 544 * Close a file descriptor. 545 */ 546 /* ARGSUSED */ 547 int 548 sys_close(struct lwp *l, void *v, register_t *retval) 549 { 550 struct sys_close_args /* { 551 syscallarg(int) fd; 552 } */ *uap = v; 553 int fd; 554 struct filedesc *fdp; 555 struct proc *p; 556 557 p = l->l_proc; 558 fd = SCARG(uap, fd); 559 fdp = p->p_fd; 560 561 if ((u_int) fd >= fdp->fd_nfiles) 562 return (EBADF); 563 #if 0 564 if (fd_getfile(fdp, fd) == NULL) 565 return (EBADF); 566 #endif 567 568 return (fdrelease(p, fd)); 569 } 570 571 /* 572 * Return status information about a file descriptor. 573 */ 574 /* ARGSUSED */ 575 int 576 sys___fstat13(struct lwp *l, void *v, register_t *retval) 577 { 578 struct sys___fstat13_args /* { 579 syscallarg(int) fd; 580 syscallarg(struct stat *) sb; 581 } */ *uap = v; 582 int fd; 583 struct filedesc *fdp; 584 struct file *fp; 585 struct proc *p; 586 struct stat ub; 587 int error; 588 589 p = l->l_proc; 590 fd = SCARG(uap, fd); 591 fdp = p->p_fd; 592 593 if ((fp = fd_getfile(fdp, fd)) == NULL) 594 return (EBADF); 595 596 FILE_USE(fp); 597 error = (*fp->f_ops->fo_stat)(fp, &ub, p); 598 FILE_UNUSE(fp, p); 599 600 if (error == 0) 601 error = copyout(&ub, SCARG(uap, sb), sizeof(ub)); 602 603 return (error); 604 } 605 606 /* 607 * Return pathconf information about a file descriptor. 608 */ 609 /* ARGSUSED */ 610 int 611 sys_fpathconf(struct lwp *l, void *v, register_t *retval) 612 { 613 struct sys_fpathconf_args /* { 614 syscallarg(int) fd; 615 syscallarg(int) name; 616 } */ *uap = v; 617 int fd; 618 struct filedesc *fdp; 619 struct file *fp; 620 struct proc *p; 621 struct vnode *vp; 622 int error; 623 624 p = l->l_proc; 625 fd = SCARG(uap, fd); 626 fdp = p->p_fd; 627 error = 0; 628 629 if ((fp = fd_getfile(fdp, fd)) == NULL) 630 return (EBADF); 631 632 FILE_USE(fp); 633 634 switch (fp->f_type) { 635 636 case DTYPE_SOCKET: 637 case DTYPE_PIPE: 638 if (SCARG(uap, name) != _PC_PIPE_BUF) 639 error = EINVAL; 640 else 641 *retval = PIPE_BUF; 642 break; 643 644 case DTYPE_VNODE: 645 vp = (struct vnode *)fp->f_data; 646 error = VOP_PATHCONF(vp, SCARG(uap, name), retval); 647 break; 648 649 case DTYPE_KQUEUE: 650 error = EINVAL; 651 break; 652 653 default: 654 error = EOPNOTSUPP; 655 break; 656 } 657 658 FILE_UNUSE(fp, p); 659 return (error); 660 } 661 662 /* 663 * Allocate a file descriptor for the process. 664 */ 665 int fdexpanded; /* XXX: what else uses this? */ 666 667 int 668 fdalloc(struct proc *p, int want, int *result) 669 { 670 struct filedesc *fdp; 671 int i, lim, last; 672 673 fdp = p->p_fd; 674 675 /* 676 * Search for a free descriptor starting at the higher 677 * of want or fd_freefile. If that fails, consider 678 * expanding the ofile array. 679 */ 680 lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfiles); 681 last = min(fdp->fd_nfiles, lim); 682 if ((i = want) < fdp->fd_freefile) 683 i = fdp->fd_freefile; 684 for (; i < last; i++) { 685 if (fdp->fd_ofiles[i] == NULL) { 686 fd_used(fdp, i); 687 if (want <= fdp->fd_freefile) 688 fdp->fd_freefile = i; 689 *result = i; 690 return (0); 691 } 692 } 693 694 /* No space in current array. Expand? */ 695 if (fdp->fd_nfiles >= lim) 696 return (EMFILE); 697 698 /* Let the caller do it. */ 699 return (ENOSPC); 700 } 701 702 void 703 fdexpand(struct proc *p) 704 { 705 struct filedesc *fdp; 706 int i, nfiles; 707 struct file **newofile; 708 char *newofileflags; 709 710 fdp = p->p_fd; 711 712 if (fdp->fd_nfiles < NDEXTENT) 713 nfiles = NDEXTENT; 714 else 715 nfiles = 2 * fdp->fd_nfiles; 716 newofile = malloc(nfiles * OFILESIZE, M_FILEDESC, M_WAITOK); 717 newofileflags = (char *) &newofile[nfiles]; 718 /* 719 * Copy the existing ofile and ofileflags arrays 720 * and zero the new portion of each array. 721 */ 722 memcpy(newofile, fdp->fd_ofiles, 723 (i = sizeof(struct file *) * fdp->fd_nfiles)); 724 memset((char *)newofile + i, 0, 725 nfiles * sizeof(struct file *) - i); 726 memcpy(newofileflags, fdp->fd_ofileflags, 727 (i = sizeof(char) * fdp->fd_nfiles)); 728 memset(newofileflags + i, 0, nfiles * sizeof(char) - i); 729 if (fdp->fd_nfiles > NDFILE) 730 free(fdp->fd_ofiles, M_FILEDESC); 731 fdp->fd_ofiles = newofile; 732 fdp->fd_ofileflags = newofileflags; 733 fdp->fd_nfiles = nfiles; 734 fdexpanded++; 735 } 736 737 /* 738 * Check to see whether n user file descriptors 739 * are available to the process p. 740 */ 741 int 742 fdavail(struct proc *p, int n) 743 { 744 struct filedesc *fdp; 745 struct file **fpp; 746 int i, lim; 747 748 fdp = p->p_fd; 749 lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfiles); 750 if ((i = lim - fdp->fd_nfiles) > 0 && (n -= i) <= 0) 751 return (1); 752 fpp = &fdp->fd_ofiles[fdp->fd_freefile]; 753 for (i = min(lim,fdp->fd_nfiles) - fdp->fd_freefile; --i >= 0; fpp++) 754 if (*fpp == NULL && --n <= 0) 755 return (1); 756 return (0); 757 } 758 759 /* 760 * Initialize the data structures necessary for managing files. 761 */ 762 void 763 finit(void) 764 { 765 766 pool_init(&file_pool, sizeof(struct file), 0, 0, 0, "filepl", 767 &pool_allocator_nointr); 768 pool_init(&cwdi_pool, sizeof(struct cwdinfo), 0, 0, 0, "cwdipl", 769 &pool_allocator_nointr); 770 pool_init(&filedesc0_pool, sizeof(struct filedesc0), 0, 0, 0, "fdescpl", 771 &pool_allocator_nointr); 772 } 773 774 /* 775 * Create a new open file structure and allocate 776 * a file descriptor for the process that refers to it. 777 */ 778 int 779 falloc(struct proc *p, struct file **resultfp, int *resultfd) 780 { 781 struct file *fp, *fq; 782 int error, i; 783 784 restart: 785 if ((error = fdalloc(p, 0, &i)) != 0) { 786 if (error == ENOSPC) { 787 fdexpand(p); 788 goto restart; 789 } 790 return (error); 791 } 792 793 fp = pool_get(&file_pool, PR_WAITOK); 794 simple_lock(&filelist_slock); 795 if (nfiles >= maxfiles) { 796 tablefull("file", "increase kern.maxfiles or MAXFILES"); 797 simple_unlock(&filelist_slock); 798 pool_put(&file_pool, fp); 799 return (ENFILE); 800 } 801 /* 802 * Allocate a new file descriptor. 803 * If the process has file descriptor zero open, add to the list 804 * of open files at that point, otherwise put it at the front of 805 * the list of open files. 806 */ 807 nfiles++; 808 memset(fp, 0, sizeof(struct file)); 809 fp->f_iflags = FIF_LARVAL; 810 if ((fq = p->p_fd->fd_ofiles[0]) != NULL) { 811 LIST_INSERT_AFTER(fq, fp, f_list); 812 } else { 813 LIST_INSERT_HEAD(&filehead, fp, f_list); 814 } 815 simple_unlock(&filelist_slock); 816 p->p_fd->fd_ofiles[i] = fp; 817 simple_lock_init(&fp->f_slock); 818 fp->f_count = 1; 819 fp->f_cred = p->p_ucred; 820 crhold(fp->f_cred); 821 if (resultfp) { 822 fp->f_usecount = 1; 823 *resultfp = fp; 824 } 825 if (resultfd) 826 *resultfd = i; 827 return (0); 828 } 829 830 /* 831 * Free a file descriptor. 832 */ 833 void 834 ffree(struct file *fp) 835 { 836 837 #ifdef DIAGNOSTIC 838 if (fp->f_usecount) 839 panic("ffree"); 840 #endif 841 842 simple_lock(&filelist_slock); 843 LIST_REMOVE(fp, f_list); 844 crfree(fp->f_cred); 845 #ifdef DIAGNOSTIC 846 fp->f_count = 0; /* What's the point? */ 847 #endif 848 nfiles--; 849 simple_unlock(&filelist_slock); 850 pool_put(&file_pool, fp); 851 } 852 853 /* 854 * Create an initial cwdinfo structure, using the same current and root 855 * directories as p. 856 */ 857 struct cwdinfo * 858 cwdinit(struct proc *p) 859 { 860 struct cwdinfo *cwdi; 861 862 cwdi = pool_get(&cwdi_pool, PR_WAITOK); 863 864 cwdi->cwdi_cdir = p->p_cwdi->cwdi_cdir; 865 if (cwdi->cwdi_cdir) 866 VREF(cwdi->cwdi_cdir); 867 cwdi->cwdi_rdir = p->p_cwdi->cwdi_rdir; 868 if (cwdi->cwdi_rdir) 869 VREF(cwdi->cwdi_rdir); 870 cwdi->cwdi_cmask = p->p_cwdi->cwdi_cmask; 871 cwdi->cwdi_refcnt = 1; 872 873 return (cwdi); 874 } 875 876 /* 877 * Make p2 share p1's cwdinfo. 878 */ 879 void 880 cwdshare(struct proc *p1, struct proc *p2) 881 { 882 883 p2->p_cwdi = p1->p_cwdi; 884 p1->p_cwdi->cwdi_refcnt++; 885 } 886 887 /* 888 * Make this process not share its cwdinfo structure, maintaining 889 * all cwdinfo state. 890 */ 891 void 892 cwdunshare(struct proc *p) 893 { 894 struct cwdinfo *newcwdi; 895 896 if (p->p_cwdi->cwdi_refcnt == 1) 897 return; 898 899 newcwdi = cwdinit(p); 900 cwdfree(p); 901 p->p_cwdi = newcwdi; 902 } 903 904 /* 905 * Release a cwdinfo structure. 906 */ 907 void 908 cwdfree(struct proc *p) 909 { 910 struct cwdinfo *cwdi; 911 912 cwdi = p->p_cwdi; 913 if (--cwdi->cwdi_refcnt > 0) 914 return; 915 916 p->p_cwdi = NULL; 917 918 vrele(cwdi->cwdi_cdir); 919 if (cwdi->cwdi_rdir) 920 vrele(cwdi->cwdi_rdir); 921 pool_put(&cwdi_pool, cwdi); 922 } 923 924 /* 925 * Create an initial filedesc structure, using the same current and root 926 * directories as p. 927 */ 928 struct filedesc * 929 fdinit(struct proc *p) 930 { 931 struct filedesc0 *newfdp; 932 933 newfdp = pool_get(&filedesc0_pool, PR_WAITOK); 934 memset(newfdp, 0, sizeof(struct filedesc0)); 935 936 fdinit1(newfdp); 937 938 return (&newfdp->fd_fd); 939 } 940 941 /* 942 * Initialize a file descriptor table. 943 */ 944 void 945 fdinit1(struct filedesc0 *newfdp) 946 { 947 948 newfdp->fd_fd.fd_refcnt = 1; 949 newfdp->fd_fd.fd_ofiles = newfdp->fd_dfiles; 950 newfdp->fd_fd.fd_ofileflags = newfdp->fd_dfileflags; 951 newfdp->fd_fd.fd_nfiles = NDFILE; 952 newfdp->fd_fd.fd_knlistsize = -1; 953 } 954 955 /* 956 * Make p2 share p1's filedesc structure. 957 */ 958 void 959 fdshare(struct proc *p1, struct proc *p2) 960 { 961 962 p2->p_fd = p1->p_fd; 963 p1->p_fd->fd_refcnt++; 964 } 965 966 /* 967 * Make this process not share its filedesc structure, maintaining 968 * all file descriptor state. 969 */ 970 void 971 fdunshare(struct proc *p) 972 { 973 struct filedesc *newfd; 974 975 if (p->p_fd->fd_refcnt == 1) 976 return; 977 978 newfd = fdcopy(p); 979 fdfree(p); 980 p->p_fd = newfd; 981 } 982 983 /* 984 * Clear a process's fd table. 985 */ 986 void 987 fdclear(struct proc *p) 988 { 989 struct filedesc *newfd; 990 991 newfd = fdinit(p); 992 fdfree(p); 993 p->p_fd = newfd; 994 } 995 996 /* 997 * Copy a filedesc structure. 998 */ 999 struct filedesc * 1000 fdcopy(struct proc *p) 1001 { 1002 struct filedesc *newfdp, *fdp; 1003 struct file **fpp; 1004 int i; 1005 1006 fdp = p->p_fd; 1007 newfdp = pool_get(&filedesc0_pool, PR_WAITOK); 1008 memcpy(newfdp, fdp, sizeof(struct filedesc)); 1009 newfdp->fd_refcnt = 1; 1010 1011 /* 1012 * If the number of open files fits in the internal arrays 1013 * of the open file structure, use them, otherwise allocate 1014 * additional memory for the number of descriptors currently 1015 * in use. 1016 */ 1017 if (newfdp->fd_lastfile < NDFILE) { 1018 newfdp->fd_ofiles = ((struct filedesc0 *) newfdp)->fd_dfiles; 1019 newfdp->fd_ofileflags = 1020 ((struct filedesc0 *) newfdp)->fd_dfileflags; 1021 i = NDFILE; 1022 } else { 1023 /* 1024 * Compute the smallest multiple of NDEXTENT needed 1025 * for the file descriptors currently in use, 1026 * allowing the table to shrink. 1027 */ 1028 i = newfdp->fd_nfiles; 1029 while (i >= 2 * NDEXTENT && i > newfdp->fd_lastfile * 2) 1030 i /= 2; 1031 newfdp->fd_ofiles = malloc(i * OFILESIZE, M_FILEDESC, M_WAITOK); 1032 newfdp->fd_ofileflags = (char *) &newfdp->fd_ofiles[i]; 1033 } 1034 newfdp->fd_nfiles = i; 1035 memcpy(newfdp->fd_ofiles, fdp->fd_ofiles, i * sizeof(struct file **)); 1036 memcpy(newfdp->fd_ofileflags, fdp->fd_ofileflags, i * sizeof(char)); 1037 /* 1038 * kq descriptors cannot be copied. 1039 */ 1040 if (newfdp->fd_knlistsize != -1) { 1041 fpp = newfdp->fd_ofiles; 1042 for (i = newfdp->fd_lastfile; i-- >= 0; fpp++) { 1043 if (*fpp != NULL && (*fpp)->f_type == DTYPE_KQUEUE) 1044 *fpp = NULL; 1045 } 1046 newfdp->fd_knlist = NULL; 1047 newfdp->fd_knlistsize = -1; 1048 newfdp->fd_knhash = NULL; 1049 newfdp->fd_knhashmask = 0; 1050 } 1051 fpp = newfdp->fd_ofiles; 1052 for (i = newfdp->fd_lastfile; i >= 0; i--, fpp++) 1053 if (*fpp != NULL) 1054 (*fpp)->f_count++; 1055 return (newfdp); 1056 } 1057 1058 /* 1059 * Release a filedesc structure. 1060 */ 1061 void 1062 fdfree(struct proc *p) 1063 { 1064 struct filedesc *fdp; 1065 struct file **fpp, *fp; 1066 int i; 1067 1068 fdp = p->p_fd; 1069 if (--fdp->fd_refcnt > 0) 1070 return; 1071 fpp = fdp->fd_ofiles; 1072 for (i = fdp->fd_lastfile; i >= 0; i--, fpp++) { 1073 fp = *fpp; 1074 if (fp != NULL) { 1075 *fpp = NULL; 1076 simple_lock(&fp->f_slock); 1077 FILE_USE(fp); 1078 if (i < fdp->fd_knlistsize) 1079 knote_fdclose(p, fdp->fd_lastfile - i); 1080 (void) closef(fp, p); 1081 } 1082 } 1083 p->p_fd = NULL; 1084 if (fdp->fd_nfiles > NDFILE) 1085 free(fdp->fd_ofiles, M_FILEDESC); 1086 if (fdp->fd_knlist) 1087 free(fdp->fd_knlist, M_KEVENT); 1088 if (fdp->fd_knhash) 1089 hashdone(fdp->fd_knhash, M_KEVENT); 1090 pool_put(&filedesc0_pool, fdp); 1091 } 1092 1093 /* 1094 * Internal form of close. 1095 * Decrement reference count on file structure. 1096 * Note: p may be NULL when closing a file 1097 * that was being passed in a message. 1098 * 1099 * Note: we expect the caller is holding a usecount, and expects us 1100 * to drop it (the caller thinks the file is going away forever). 1101 */ 1102 int 1103 closef(struct file *fp, struct proc *p) 1104 { 1105 struct vnode *vp; 1106 struct flock lf; 1107 int error; 1108 1109 if (fp == NULL) 1110 return (0); 1111 1112 /* 1113 * POSIX record locking dictates that any close releases ALL 1114 * locks owned by this process. This is handled by setting 1115 * a flag in the unlock to free ONLY locks obeying POSIX 1116 * semantics, and not to free BSD-style file locks. 1117 * If the descriptor was in a message, POSIX-style locks 1118 * aren't passed with the descriptor. 1119 */ 1120 if (p && (p->p_flag & P_ADVLOCK) && fp->f_type == DTYPE_VNODE) { 1121 lf.l_whence = SEEK_SET; 1122 lf.l_start = 0; 1123 lf.l_len = 0; 1124 lf.l_type = F_UNLCK; 1125 vp = (struct vnode *)fp->f_data; 1126 (void) VOP_ADVLOCK(vp, p, F_UNLCK, &lf, F_POSIX); 1127 } 1128 1129 /* 1130 * If WANTCLOSE is set, then the reference count on the file 1131 * is 0, but there were multiple users of the file. This can 1132 * happen if a filedesc structure is shared by multiple 1133 * processes. 1134 */ 1135 simple_lock(&fp->f_slock); 1136 if (fp->f_iflags & FIF_WANTCLOSE) { 1137 /* 1138 * Another user of the file is already closing, and is 1139 * simply waiting for other users of the file to drain. 1140 * Release our usecount, and wake up the closer if it 1141 * is the only remaining use. 1142 */ 1143 #ifdef DIAGNOSTIC 1144 if (fp->f_count != 0) 1145 panic("closef: wantclose and count != 0"); 1146 if (fp->f_usecount < 2) 1147 panic("closef: wantclose and usecount < 2"); 1148 #endif 1149 if (--fp->f_usecount == 1) 1150 wakeup(&fp->f_usecount); 1151 simple_unlock(&fp->f_slock); 1152 return (0); 1153 } else { 1154 /* 1155 * Decrement the reference count. If we were not the 1156 * last reference, then release our use and just 1157 * return. 1158 */ 1159 if (--fp->f_count > 0) { 1160 #ifdef DIAGNOSTIC 1161 if (fp->f_usecount < 1) 1162 panic("closef: no wantclose and usecount < 1"); 1163 #endif 1164 fp->f_usecount--; 1165 simple_unlock(&fp->f_slock); 1166 return (0); 1167 } 1168 } 1169 1170 /* 1171 * The reference count is now 0. However, there may be 1172 * multiple potential users of this file. This can happen 1173 * if multiple processes shared a single filedesc structure. 1174 * 1175 * Notify these potential users that the file is closing. 1176 * This will prevent them from adding additional uses to 1177 * the file. 1178 */ 1179 fp->f_iflags |= FIF_WANTCLOSE; 1180 1181 /* 1182 * We expect the caller to add a use to the file. So, if we 1183 * are the last user, usecount will be 1. If it is not, we 1184 * must wait for the usecount to drain. When it drains back 1185 * to 1, we will be awakened so that we may proceed with the 1186 * close. 1187 */ 1188 #ifdef DIAGNOSTIC 1189 if (fp->f_usecount < 1) 1190 panic("closef: usecount < 1"); 1191 #endif 1192 while (fp->f_usecount > 1) 1193 (void) ltsleep(&fp->f_usecount, PRIBIO, "closef", 0, 1194 &fp->f_slock); 1195 #ifdef DIAGNOSTIC 1196 if (fp->f_usecount != 1) 1197 panic("closef: usecount != 1"); 1198 #endif 1199 1200 simple_unlock(&fp->f_slock); 1201 if ((fp->f_flag & FHASLOCK) && fp->f_type == DTYPE_VNODE) { 1202 lf.l_whence = SEEK_SET; 1203 lf.l_start = 0; 1204 lf.l_len = 0; 1205 lf.l_type = F_UNLCK; 1206 vp = (struct vnode *)fp->f_data; 1207 (void) VOP_ADVLOCK(vp, fp, F_UNLCK, &lf, F_FLOCK); 1208 } 1209 if (fp->f_ops) 1210 error = (*fp->f_ops->fo_close)(fp, p); 1211 else 1212 error = 0; 1213 1214 /* Nothing references the file now, drop the final use (us). */ 1215 fp->f_usecount--; 1216 1217 ffree(fp); 1218 return (error); 1219 } 1220 1221 /* 1222 * Apply an advisory lock on a file descriptor. 1223 * 1224 * Just attempt to get a record lock of the requested type on 1225 * the entire file (l_whence = SEEK_SET, l_start = 0, l_len = 0). 1226 */ 1227 /* ARGSUSED */ 1228 int 1229 sys_flock(struct lwp *l, void *v, register_t *retval) 1230 { 1231 struct sys_flock_args /* { 1232 syscallarg(int) fd; 1233 syscallarg(int) how; 1234 } */ *uap = v; 1235 int fd, how, error; 1236 struct proc *p; 1237 struct filedesc *fdp; 1238 struct file *fp; 1239 struct vnode *vp; 1240 struct flock lf; 1241 1242 p = l->l_proc; 1243 fd = SCARG(uap, fd); 1244 how = SCARG(uap, how); 1245 fdp = p->p_fd; 1246 error = 0; 1247 1248 if ((fp = fd_getfile(fdp, fd)) == NULL) 1249 return (EBADF); 1250 1251 FILE_USE(fp); 1252 1253 if (fp->f_type != DTYPE_VNODE) { 1254 error = EOPNOTSUPP; 1255 goto out; 1256 } 1257 1258 vp = (struct vnode *)fp->f_data; 1259 lf.l_whence = SEEK_SET; 1260 lf.l_start = 0; 1261 lf.l_len = 0; 1262 if (how & LOCK_UN) { 1263 lf.l_type = F_UNLCK; 1264 fp->f_flag &= ~FHASLOCK; 1265 error = VOP_ADVLOCK(vp, fp, F_UNLCK, &lf, F_FLOCK); 1266 goto out; 1267 } 1268 if (how & LOCK_EX) 1269 lf.l_type = F_WRLCK; 1270 else if (how & LOCK_SH) 1271 lf.l_type = F_RDLCK; 1272 else { 1273 error = EINVAL; 1274 goto out; 1275 } 1276 fp->f_flag |= FHASLOCK; 1277 if (how & LOCK_NB) 1278 error = VOP_ADVLOCK(vp, fp, F_SETLK, &lf, F_FLOCK); 1279 else 1280 error = VOP_ADVLOCK(vp, fp, F_SETLK, &lf, 1281 F_FLOCK|F_WAIT); 1282 out: 1283 FILE_UNUSE(fp, p); 1284 return (error); 1285 } 1286 1287 /* 1288 * File Descriptor pseudo-device driver (/dev/fd/). 1289 * 1290 * Opening minor device N dup()s the file (if any) connected to file 1291 * descriptor N belonging to the calling process. Note that this driver 1292 * consists of only the ``open()'' routine, because all subsequent 1293 * references to this file will be direct to the other driver. 1294 */ 1295 /* ARGSUSED */ 1296 int 1297 filedescopen(dev_t dev, int mode, int type, struct proc *p) 1298 { 1299 1300 /* 1301 * XXX Kludge: set p->p_dupfd to contain the value of the 1302 * the file descriptor being sought for duplication. The error 1303 * return ensures that the vnode for this device will be released 1304 * by vn_open. Open will detect this special error and take the 1305 * actions in dupfdopen below. Other callers of vn_open or VOP_OPEN 1306 * will simply report the error. 1307 */ 1308 p->p_dupfd = minor(dev); 1309 return (ENODEV); 1310 } 1311 1312 /* 1313 * Duplicate the specified descriptor to a free descriptor. 1314 */ 1315 int 1316 dupfdopen(struct proc *p, int indx, int dfd, int mode, int error) 1317 { 1318 struct filedesc *fdp; 1319 struct file *wfp, *fp; 1320 1321 fdp = p->p_fd; 1322 /* 1323 * If the to-be-dup'd fd number is greater than the allowed number 1324 * of file descriptors, or the fd to be dup'd has already been 1325 * closed, reject. Note, check for new == old is necessary as 1326 * falloc could allocate an already closed to-be-dup'd descriptor 1327 * as the new descriptor. 1328 */ 1329 fp = fdp->fd_ofiles[indx]; 1330 1331 if ((wfp = fd_getfile(fdp, dfd)) == NULL) 1332 return (EBADF); 1333 1334 if (fp == wfp) { 1335 simple_unlock(&fp->f_slock); 1336 return (EBADF); 1337 } 1338 1339 FILE_USE(wfp); 1340 1341 /* 1342 * There are two cases of interest here. 1343 * 1344 * For ENODEV simply dup (dfd) to file descriptor 1345 * (indx) and return. 1346 * 1347 * For ENXIO steal away the file structure from (dfd) and 1348 * store it in (indx). (dfd) is effectively closed by 1349 * this operation. 1350 * 1351 * Any other error code is just returned. 1352 */ 1353 switch (error) { 1354 case ENODEV: 1355 /* 1356 * Check that the mode the file is being opened for is a 1357 * subset of the mode of the existing descriptor. 1358 */ 1359 if (((mode & (FREAD|FWRITE)) | wfp->f_flag) != wfp->f_flag) { 1360 FILE_UNUSE(wfp, p); 1361 return (EACCES); 1362 } 1363 fdp->fd_ofiles[indx] = wfp; 1364 fdp->fd_ofileflags[indx] = fdp->fd_ofileflags[dfd]; 1365 wfp->f_count++; 1366 fd_used(fdp, indx); 1367 FILE_UNUSE(wfp, p); 1368 return (0); 1369 1370 case ENXIO: 1371 /* 1372 * Steal away the file pointer from dfd, and stuff it into indx. 1373 */ 1374 fdp->fd_ofiles[indx] = fdp->fd_ofiles[dfd]; 1375 fdp->fd_ofileflags[indx] = fdp->fd_ofileflags[dfd]; 1376 fdp->fd_ofiles[dfd] = NULL; 1377 fdp->fd_ofileflags[dfd] = 0; 1378 /* 1379 * Complete the clean up of the filedesc structure by 1380 * recomputing the various hints. 1381 */ 1382 fd_used(fdp, indx); 1383 fd_unused(fdp, dfd); 1384 FILE_UNUSE(wfp, p); 1385 return (0); 1386 1387 default: 1388 FILE_UNUSE(wfp, p); 1389 return (error); 1390 } 1391 /* NOTREACHED */ 1392 } 1393 1394 /* 1395 * fcntl call which is being passed to the file's fs. 1396 */ 1397 int 1398 fcntl_forfs(int fd, struct proc *p, int cmd, void *arg) 1399 { 1400 struct file *fp; 1401 struct filedesc *fdp; 1402 int error; 1403 u_int size; 1404 void *data, *memp; 1405 #define STK_PARAMS 128 1406 char stkbuf[STK_PARAMS]; 1407 1408 /* fd's value was validated in sys_fcntl before calling this routine */ 1409 fdp = p->p_fd; 1410 fp = fdp->fd_ofiles[fd]; 1411 1412 if ((fp->f_flag & (FREAD | FWRITE)) == 0) 1413 return (EBADF); 1414 1415 /* 1416 * Interpret high order word to find amount of data to be 1417 * copied to/from the user's address space. 1418 */ 1419 size = (size_t)F_PARAM_LEN(cmd); 1420 if (size > F_PARAM_MAX) 1421 return (EINVAL); 1422 memp = NULL; 1423 if (size > sizeof(stkbuf)) { 1424 memp = malloc((u_long)size, M_IOCTLOPS, M_WAITOK); 1425 data = memp; 1426 } else 1427 data = stkbuf; 1428 if (cmd & F_FSIN) { 1429 if (size) { 1430 error = copyin(arg, data, size); 1431 if (error) { 1432 if (memp) 1433 free(memp, M_IOCTLOPS); 1434 return (error); 1435 } 1436 } else 1437 *(void **)data = arg; 1438 } else if ((cmd & F_FSOUT) && size) 1439 /* 1440 * Zero the buffer so the user always 1441 * gets back something deterministic. 1442 */ 1443 memset(data, 0, size); 1444 else if (cmd & F_FSVOID) 1445 *(void **)data = arg; 1446 1447 1448 error = (*fp->f_ops->fo_fcntl)(fp, cmd, data, p); 1449 1450 /* 1451 * Copy any data to user, size was 1452 * already set and checked above. 1453 */ 1454 if (error == 0 && (cmd & F_FSOUT) && size) 1455 error = copyout(data, arg, size); 1456 if (memp) 1457 free(memp, M_IOCTLOPS); 1458 return (error); 1459 } 1460 1461 /* 1462 * Close any files on exec? 1463 */ 1464 void 1465 fdcloseexec(struct proc *p) 1466 { 1467 struct filedesc *fdp; 1468 int fd; 1469 1470 fdunshare(p); 1471 cwdunshare(p); 1472 1473 fdp = p->p_fd; 1474 for (fd = 0; fd <= fdp->fd_lastfile; fd++) 1475 if (fdp->fd_ofileflags[fd] & UF_EXCLOSE) 1476 (void) fdrelease(p, fd); 1477 } 1478 1479 /* 1480 * It is unsafe for set[ug]id processes to be started with file 1481 * descriptors 0..2 closed, as these descriptors are given implicit 1482 * significance in the Standard C library. fdcheckstd() will create a 1483 * descriptor referencing /dev/null for each of stdin, stdout, and 1484 * stderr that is not already open. 1485 */ 1486 #define CHECK_UPTO 3 1487 int 1488 fdcheckstd(p) 1489 struct proc *p; 1490 { 1491 struct nameidata nd; 1492 struct filedesc *fdp; 1493 struct file *fp; 1494 struct file *devnullfp = NULL; /* Quell compiler warning */ 1495 struct proc *pp; 1496 register_t retval; 1497 int fd, i, error, flags = FREAD|FWRITE, devnull = -1; 1498 char closed[CHECK_UPTO * 3 + 1], which[3 + 1]; 1499 1500 closed[0] = '\0'; 1501 if ((fdp = p->p_fd) == NULL) 1502 return (0); 1503 for (i = 0; i < CHECK_UPTO; i++) { 1504 if (fdp->fd_ofiles[i] != NULL) 1505 continue; 1506 snprintf(which, sizeof(which), ",%d", i); 1507 strlcat(closed, which, sizeof(closed)); 1508 if (devnull < 0) { 1509 if ((error = falloc(p, &fp, &fd)) != 0) 1510 return (error); 1511 NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, "/dev/null", 1512 p); 1513 if ((error = vn_open(&nd, flags, 0)) != 0) { 1514 FILE_UNUSE(fp, p); 1515 ffree(fp); 1516 fdremove(p->p_fd, fd); 1517 return (error); 1518 } 1519 fp->f_data = nd.ni_vp; 1520 fp->f_flag = flags; 1521 fp->f_ops = &vnops; 1522 fp->f_type = DTYPE_VNODE; 1523 VOP_UNLOCK(nd.ni_vp, 0); 1524 devnull = fd; 1525 devnullfp = fp; 1526 FILE_SET_MATURE(fp); 1527 } else { 1528 restart: 1529 if ((error = fdalloc(p, 0, &fd)) != 0) { 1530 if (error == ENOSPC) { 1531 fdexpand(p); 1532 goto restart; 1533 } 1534 return (error); 1535 } 1536 1537 simple_lock(&devnullfp->f_slock); 1538 FILE_USE(devnullfp); 1539 /* finishdup() will unuse the descriptors for us */ 1540 if ((error = finishdup(p, devnull, fd, &retval)) != 0) 1541 return (error); 1542 } 1543 } 1544 if (devnullfp) 1545 FILE_UNUSE(devnullfp, p); 1546 if (closed[0] != '\0') { 1547 pp = p->p_pptr; 1548 log(LOG_WARNING, "set{u,g}id pid %d (%s) " 1549 "was invoked by uid %d ppid %d (%s) " 1550 "with fd %s closed\n", 1551 p->p_pid, p->p_comm, pp->p_ucred->cr_uid, 1552 pp->p_pid, pp->p_comm, &closed[1]); 1553 } 1554 return (0); 1555 } 1556 #undef CHECK_UPTO 1557