1 /* $NetBSD: uipc_socket.c,v 1.159 2008/04/14 15:42:20 ad Exp $ */ 2 3 /*- 4 * Copyright (c) 2002, 2007, 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jason R. Thorpe of Wasabi Systems, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the NetBSD 21 * Foundation, Inc. and its contributors. 22 * 4. Neither the name of The NetBSD Foundation nor the names of its 23 * contributors may be used to endorse or promote products derived 24 * from this software without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 36 * POSSIBILITY OF SUCH DAMAGE. 37 */ 38 39 /* 40 * Copyright (c) 2004 The FreeBSD Foundation 41 * Copyright (c) 2004 Robert Watson 42 * Copyright (c) 1982, 1986, 1988, 1990, 1993 43 * The Regents of the University of California. All rights reserved. 44 * 45 * Redistribution and use in source and binary forms, with or without 46 * modification, are permitted provided that the following conditions 47 * are met: 48 * 1. Redistributions of source code must retain the above copyright 49 * notice, this list of conditions and the following disclaimer. 50 * 2. Redistributions in binary form must reproduce the above copyright 51 * notice, this list of conditions and the following disclaimer in the 52 * documentation and/or other materials provided with the distribution. 53 * 3. Neither the name of the University nor the names of its contributors 54 * may be used to endorse or promote products derived from this software 55 * without specific prior written permission. 56 * 57 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 58 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 59 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 60 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 61 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 62 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 63 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 64 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 65 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 66 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 67 * SUCH DAMAGE. 68 * 69 * @(#)uipc_socket.c 8.6 (Berkeley) 5/2/95 70 */ 71 72 #include <sys/cdefs.h> 73 __KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.159 2008/04/14 15:42:20 ad Exp $"); 74 75 #include "opt_sock_counters.h" 76 #include "opt_sosend_loan.h" 77 #include "opt_mbuftrace.h" 78 #include "opt_somaxkva.h" 79 80 #include <sys/param.h> 81 #include <sys/systm.h> 82 #include <sys/proc.h> 83 #include <sys/file.h> 84 #include <sys/filedesc.h> 85 #include <sys/malloc.h> 86 #include <sys/mbuf.h> 87 #include <sys/domain.h> 88 #include <sys/kernel.h> 89 #include <sys/protosw.h> 90 #include <sys/socket.h> 91 #include <sys/socketvar.h> 92 #include <sys/signalvar.h> 93 #include <sys/resourcevar.h> 94 #include <sys/pool.h> 95 #include <sys/event.h> 96 #include <sys/poll.h> 97 #include <sys/kauth.h> 98 #include <sys/mutex.h> 99 #include <sys/condvar.h> 100 101 #include <uvm/uvm.h> 102 103 POOL_INIT(socket_pool, sizeof(struct socket), 0, 0, 0, "sockpl", NULL, 104 IPL_SOFTNET); 105 106 MALLOC_DEFINE(M_SOOPTS, "soopts", "socket options"); 107 MALLOC_DEFINE(M_SONAME, "soname", "socket name"); 108 109 extern const struct fileops socketops; 110 111 extern int somaxconn; /* patchable (XXX sysctl) */ 112 int somaxconn = SOMAXCONN; 113 114 #ifdef SOSEND_COUNTERS 115 #include <sys/device.h> 116 117 static struct evcnt sosend_loan_big = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 118 NULL, "sosend", "loan big"); 119 static struct evcnt sosend_copy_big = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 120 NULL, "sosend", "copy big"); 121 static struct evcnt sosend_copy_small = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 122 NULL, "sosend", "copy small"); 123 static struct evcnt sosend_kvalimit = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 124 NULL, "sosend", "kva limit"); 125 126 #define SOSEND_COUNTER_INCR(ev) (ev)->ev_count++ 127 128 EVCNT_ATTACH_STATIC(sosend_loan_big); 129 EVCNT_ATTACH_STATIC(sosend_copy_big); 130 EVCNT_ATTACH_STATIC(sosend_copy_small); 131 EVCNT_ATTACH_STATIC(sosend_kvalimit); 132 #else 133 134 #define SOSEND_COUNTER_INCR(ev) /* nothing */ 135 136 #endif /* SOSEND_COUNTERS */ 137 138 static struct callback_entry sokva_reclaimerentry; 139 140 #ifdef SOSEND_NO_LOAN 141 int sock_loan_thresh = -1; 142 #else 143 int sock_loan_thresh = 4096; 144 #endif 145 146 static kmutex_t so_pendfree_lock; 147 static struct mbuf *so_pendfree; 148 149 #ifndef SOMAXKVA 150 #define SOMAXKVA (16 * 1024 * 1024) 151 #endif 152 int somaxkva = SOMAXKVA; 153 static int socurkva; 154 static kcondvar_t socurkva_cv; 155 156 #define SOCK_LOAN_CHUNK 65536 157 158 static size_t sodopendfree(void); 159 static size_t sodopendfreel(void); 160 161 static vsize_t 162 sokvareserve(struct socket *so, vsize_t len) 163 { 164 int error; 165 166 mutex_enter(&so_pendfree_lock); 167 while (socurkva + len > somaxkva) { 168 size_t freed; 169 170 /* 171 * try to do pendfree. 172 */ 173 174 freed = sodopendfreel(); 175 176 /* 177 * if some kva was freed, try again. 178 */ 179 180 if (freed) 181 continue; 182 183 SOSEND_COUNTER_INCR(&sosend_kvalimit); 184 error = cv_wait_sig(&socurkva_cv, &so_pendfree_lock); 185 if (error) { 186 len = 0; 187 break; 188 } 189 } 190 socurkva += len; 191 mutex_exit(&so_pendfree_lock); 192 return len; 193 } 194 195 static void 196 sokvaunreserve(vsize_t len) 197 { 198 199 mutex_enter(&so_pendfree_lock); 200 socurkva -= len; 201 cv_broadcast(&socurkva_cv); 202 mutex_exit(&so_pendfree_lock); 203 } 204 205 /* 206 * sokvaalloc: allocate kva for loan. 207 */ 208 209 vaddr_t 210 sokvaalloc(vsize_t len, struct socket *so) 211 { 212 vaddr_t lva; 213 214 /* 215 * reserve kva. 216 */ 217 218 if (sokvareserve(so, len) == 0) 219 return 0; 220 221 /* 222 * allocate kva. 223 */ 224 225 lva = uvm_km_alloc(kernel_map, len, 0, UVM_KMF_VAONLY | UVM_KMF_WAITVA); 226 if (lva == 0) { 227 sokvaunreserve(len); 228 return (0); 229 } 230 231 return lva; 232 } 233 234 /* 235 * sokvafree: free kva for loan. 236 */ 237 238 void 239 sokvafree(vaddr_t sva, vsize_t len) 240 { 241 242 /* 243 * free kva. 244 */ 245 246 uvm_km_free(kernel_map, sva, len, UVM_KMF_VAONLY); 247 248 /* 249 * unreserve kva. 250 */ 251 252 sokvaunreserve(len); 253 } 254 255 static void 256 sodoloanfree(struct vm_page **pgs, void *buf, size_t size) 257 { 258 vaddr_t sva, eva; 259 vsize_t len; 260 int npgs; 261 262 KASSERT(pgs != NULL); 263 264 eva = round_page((vaddr_t) buf + size); 265 sva = trunc_page((vaddr_t) buf); 266 len = eva - sva; 267 npgs = len >> PAGE_SHIFT; 268 269 pmap_kremove(sva, len); 270 pmap_update(pmap_kernel()); 271 uvm_unloan(pgs, npgs, UVM_LOAN_TOPAGE); 272 sokvafree(sva, len); 273 } 274 275 static size_t 276 sodopendfree(void) 277 { 278 size_t rv; 279 280 mutex_enter(&so_pendfree_lock); 281 rv = sodopendfreel(); 282 mutex_exit(&so_pendfree_lock); 283 284 return rv; 285 } 286 287 /* 288 * sodopendfreel: free mbufs on "pendfree" list. 289 * unlock and relock so_pendfree_lock when freeing mbufs. 290 * 291 * => called with so_pendfree_lock held. 292 */ 293 294 static size_t 295 sodopendfreel(void) 296 { 297 struct mbuf *m, *next; 298 size_t rv = 0; 299 300 KASSERT(mutex_owned(&so_pendfree_lock)); 301 302 while (so_pendfree != NULL) { 303 m = so_pendfree; 304 so_pendfree = NULL; 305 mutex_exit(&so_pendfree_lock); 306 307 for (; m != NULL; m = next) { 308 next = m->m_next; 309 KASSERT((~m->m_flags & (M_EXT|M_EXT_PAGES)) == 0); 310 KASSERT(m->m_ext.ext_refcnt == 0); 311 312 rv += m->m_ext.ext_size; 313 sodoloanfree(m->m_ext.ext_pgs, m->m_ext.ext_buf, 314 m->m_ext.ext_size); 315 pool_cache_put(mb_cache, m); 316 } 317 318 mutex_enter(&so_pendfree_lock); 319 } 320 321 return (rv); 322 } 323 324 void 325 soloanfree(struct mbuf *m, void *buf, size_t size, void *arg) 326 { 327 328 KASSERT(m != NULL); 329 330 /* 331 * postpone freeing mbuf. 332 * 333 * we can't do it in interrupt context 334 * because we need to put kva back to kernel_map. 335 */ 336 337 mutex_enter(&so_pendfree_lock); 338 m->m_next = so_pendfree; 339 so_pendfree = m; 340 cv_broadcast(&socurkva_cv); 341 mutex_exit(&so_pendfree_lock); 342 } 343 344 static long 345 sosend_loan(struct socket *so, struct uio *uio, struct mbuf *m, long space) 346 { 347 struct iovec *iov = uio->uio_iov; 348 vaddr_t sva, eva; 349 vsize_t len; 350 vaddr_t lva; 351 int npgs, error; 352 vaddr_t va; 353 int i; 354 355 if (VMSPACE_IS_KERNEL_P(uio->uio_vmspace)) 356 return (0); 357 358 if (iov->iov_len < (size_t) space) 359 space = iov->iov_len; 360 if (space > SOCK_LOAN_CHUNK) 361 space = SOCK_LOAN_CHUNK; 362 363 eva = round_page((vaddr_t) iov->iov_base + space); 364 sva = trunc_page((vaddr_t) iov->iov_base); 365 len = eva - sva; 366 npgs = len >> PAGE_SHIFT; 367 368 /* XXX KDASSERT */ 369 KASSERT(npgs <= M_EXT_MAXPAGES); 370 371 lva = sokvaalloc(len, so); 372 if (lva == 0) 373 return 0; 374 375 error = uvm_loan(&uio->uio_vmspace->vm_map, sva, len, 376 m->m_ext.ext_pgs, UVM_LOAN_TOPAGE); 377 if (error) { 378 sokvafree(lva, len); 379 return (0); 380 } 381 382 for (i = 0, va = lva; i < npgs; i++, va += PAGE_SIZE) 383 pmap_kenter_pa(va, VM_PAGE_TO_PHYS(m->m_ext.ext_pgs[i]), 384 VM_PROT_READ); 385 pmap_update(pmap_kernel()); 386 387 lva += (vaddr_t) iov->iov_base & PAGE_MASK; 388 389 MEXTADD(m, (void *) lva, space, M_MBUF, soloanfree, so); 390 m->m_flags |= M_EXT_PAGES | M_EXT_ROMAP; 391 392 uio->uio_resid -= space; 393 /* uio_offset not updated, not set/used for write(2) */ 394 uio->uio_iov->iov_base = (char *)uio->uio_iov->iov_base + space; 395 uio->uio_iov->iov_len -= space; 396 if (uio->uio_iov->iov_len == 0) { 397 uio->uio_iov++; 398 uio->uio_iovcnt--; 399 } 400 401 return (space); 402 } 403 404 static int 405 sokva_reclaim_callback(struct callback_entry *ce, void *obj, void *arg) 406 { 407 408 KASSERT(ce == &sokva_reclaimerentry); 409 KASSERT(obj == NULL); 410 411 sodopendfree(); 412 if (!vm_map_starved_p(kernel_map)) { 413 return CALLBACK_CHAIN_ABORT; 414 } 415 return CALLBACK_CHAIN_CONTINUE; 416 } 417 418 struct mbuf * 419 getsombuf(struct socket *so, int type) 420 { 421 struct mbuf *m; 422 423 m = m_get(M_WAIT, type); 424 MCLAIM(m, so->so_mowner); 425 return m; 426 } 427 428 struct mbuf * 429 m_intopt(struct socket *so, int val) 430 { 431 struct mbuf *m; 432 433 m = getsombuf(so, MT_SOOPTS); 434 m->m_len = sizeof(int); 435 *mtod(m, int *) = val; 436 return m; 437 } 438 439 void 440 soinit(void) 441 { 442 443 mutex_init(&so_pendfree_lock, MUTEX_DEFAULT, IPL_VM); 444 cv_init(&socurkva_cv, "sokva"); 445 446 /* Set the initial adjusted socket buffer size. */ 447 if (sb_max_set(sb_max)) 448 panic("bad initial sb_max value: %lu", sb_max); 449 450 callback_register(&vm_map_to_kernel(kernel_map)->vmk_reclaim_callback, 451 &sokva_reclaimerentry, NULL, sokva_reclaim_callback); 452 } 453 454 /* 455 * Socket operation routines. 456 * These routines are called by the routines in 457 * sys_socket.c or from a system process, and 458 * implement the semantics of socket operations by 459 * switching out to the protocol specific routines. 460 */ 461 /*ARGSUSED*/ 462 int 463 socreate(int dom, struct socket **aso, int type, int proto, struct lwp *l) 464 { 465 const struct protosw *prp; 466 struct socket *so; 467 uid_t uid; 468 int error, s; 469 470 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET, 471 KAUTH_REQ_NETWORK_SOCKET_OPEN, KAUTH_ARG(dom), KAUTH_ARG(type), 472 KAUTH_ARG(proto)); 473 if (error != 0) 474 return error; 475 476 if (proto) 477 prp = pffindproto(dom, proto, type); 478 else 479 prp = pffindtype(dom, type); 480 if (prp == NULL) { 481 /* no support for domain */ 482 if (pffinddomain(dom) == 0) 483 return EAFNOSUPPORT; 484 /* no support for socket type */ 485 if (proto == 0 && type != 0) 486 return EPROTOTYPE; 487 return EPROTONOSUPPORT; 488 } 489 if (prp->pr_usrreq == NULL) 490 return EPROTONOSUPPORT; 491 if (prp->pr_type != type) 492 return EPROTOTYPE; 493 s = splsoftnet(); 494 so = pool_get(&socket_pool, PR_WAITOK); 495 memset(so, 0, sizeof(*so)); 496 TAILQ_INIT(&so->so_q0); 497 TAILQ_INIT(&so->so_q); 498 so->so_type = type; 499 so->so_proto = prp; 500 so->so_send = sosend; 501 so->so_receive = soreceive; 502 #ifdef MBUFTRACE 503 so->so_rcv.sb_mowner = &prp->pr_domain->dom_mowner; 504 so->so_snd.sb_mowner = &prp->pr_domain->dom_mowner; 505 so->so_mowner = &prp->pr_domain->dom_mowner; 506 #endif 507 selinit(&so->so_rcv.sb_sel); 508 selinit(&so->so_snd.sb_sel); 509 uid = kauth_cred_geteuid(l->l_cred); 510 so->so_uidinfo = uid_find(uid); 511 error = (*prp->pr_usrreq)(so, PRU_ATTACH, NULL, 512 (struct mbuf *)(long)proto, NULL, l); 513 if (error != 0) { 514 so->so_state |= SS_NOFDREF; 515 sofree(so); 516 splx(s); 517 return error; 518 } 519 splx(s); 520 *aso = so; 521 return 0; 522 } 523 524 /* On success, write file descriptor to fdout and return zero. On 525 * failure, return non-zero; *fdout will be undefined. 526 */ 527 int 528 fsocreate(int domain, struct socket **sop, int type, int protocol, 529 struct lwp *l, int *fdout) 530 { 531 struct socket *so; 532 struct file *fp; 533 int fd, error; 534 535 if ((error = fd_allocfile(&fp, &fd)) != 0) 536 return (error); 537 fp->f_flag = FREAD|FWRITE; 538 fp->f_type = DTYPE_SOCKET; 539 fp->f_ops = &socketops; 540 error = socreate(domain, &so, type, protocol, l); 541 if (error != 0) { 542 fd_abort(curproc, fp, fd); 543 } else { 544 if (sop != NULL) 545 *sop = so; 546 fp->f_data = so; 547 fd_affix(curproc, fp, fd); 548 *fdout = fd; 549 } 550 return error; 551 } 552 553 int 554 sobind(struct socket *so, struct mbuf *nam, struct lwp *l) 555 { 556 int s, error; 557 558 s = splsoftnet(); 559 error = (*so->so_proto->pr_usrreq)(so, PRU_BIND, NULL, nam, NULL, l); 560 splx(s); 561 return error; 562 } 563 564 int 565 solisten(struct socket *so, int backlog, struct lwp *l) 566 { 567 int s, error; 568 569 s = splsoftnet(); 570 if ((so->so_state & (SS_ISCONNECTED | SS_ISCONNECTING | 571 SS_ISDISCONNECTING)) != 0) 572 return (EOPNOTSUPP); 573 error = (*so->so_proto->pr_usrreq)(so, PRU_LISTEN, NULL, 574 NULL, NULL, l); 575 if (error != 0) { 576 splx(s); 577 return error; 578 } 579 if (TAILQ_EMPTY(&so->so_q)) 580 so->so_options |= SO_ACCEPTCONN; 581 if (backlog < 0) 582 backlog = 0; 583 so->so_qlimit = min(backlog, somaxconn); 584 splx(s); 585 return 0; 586 } 587 588 void 589 sofree(struct socket *so) 590 { 591 592 if (so->so_pcb || (so->so_state & SS_NOFDREF) == 0) 593 return; 594 if (so->so_head) { 595 /* 596 * We must not decommission a socket that's on the accept(2) 597 * queue. If we do, then accept(2) may hang after select(2) 598 * indicated that the listening socket was ready. 599 */ 600 if (!soqremque(so, 0)) 601 return; 602 } 603 if (so->so_rcv.sb_hiwat) 604 (void)chgsbsize(so->so_uidinfo, &so->so_rcv.sb_hiwat, 0, 605 RLIM_INFINITY); 606 if (so->so_snd.sb_hiwat) 607 (void)chgsbsize(so->so_uidinfo, &so->so_snd.sb_hiwat, 0, 608 RLIM_INFINITY); 609 sbrelease(&so->so_snd, so); 610 sorflush(so); 611 seldestroy(&so->so_rcv.sb_sel); 612 seldestroy(&so->so_snd.sb_sel); 613 pool_put(&socket_pool, so); 614 } 615 616 /* 617 * Close a socket on last file table reference removal. 618 * Initiate disconnect if connected. 619 * Free socket when disconnect complete. 620 */ 621 int 622 soclose(struct socket *so) 623 { 624 struct socket *so2; 625 int s, error; 626 627 error = 0; 628 s = splsoftnet(); /* conservative */ 629 if (so->so_options & SO_ACCEPTCONN) { 630 while ((so2 = TAILQ_FIRST(&so->so_q0)) != 0) { 631 (void) soqremque(so2, 0); 632 (void) soabort(so2); 633 } 634 while ((so2 = TAILQ_FIRST(&so->so_q)) != 0) { 635 (void) soqremque(so2, 1); 636 (void) soabort(so2); 637 } 638 } 639 if (so->so_pcb == 0) 640 goto discard; 641 if (so->so_state & SS_ISCONNECTED) { 642 if ((so->so_state & SS_ISDISCONNECTING) == 0) { 643 error = sodisconnect(so); 644 if (error) 645 goto drop; 646 } 647 if (so->so_options & SO_LINGER) { 648 if ((so->so_state & SS_ISDISCONNECTING) && so->so_nbio) 649 goto drop; 650 while (so->so_state & SS_ISCONNECTED) { 651 error = tsleep((void *)&so->so_timeo, 652 PSOCK | PCATCH, netcls, 653 so->so_linger * hz); 654 if (error) 655 break; 656 } 657 } 658 } 659 drop: 660 if (so->so_pcb) { 661 int error2 = (*so->so_proto->pr_usrreq)(so, PRU_DETACH, 662 NULL, NULL, NULL, NULL); 663 if (error == 0) 664 error = error2; 665 } 666 discard: 667 if (so->so_state & SS_NOFDREF) 668 panic("soclose: NOFDREF"); 669 so->so_state |= SS_NOFDREF; 670 sofree(so); 671 splx(s); 672 return (error); 673 } 674 675 /* 676 * Must be called at splsoftnet... 677 */ 678 int 679 soabort(struct socket *so) 680 { 681 int error; 682 683 KASSERT(so->so_head == NULL); 684 error = (*so->so_proto->pr_usrreq)(so, PRU_ABORT, NULL, 685 NULL, NULL, NULL); 686 if (error) { 687 sofree(so); 688 } 689 return error; 690 } 691 692 int 693 soaccept(struct socket *so, struct mbuf *nam) 694 { 695 int s, error; 696 697 error = 0; 698 s = splsoftnet(); 699 if ((so->so_state & SS_NOFDREF) == 0) 700 panic("soaccept: !NOFDREF"); 701 so->so_state &= ~SS_NOFDREF; 702 if ((so->so_state & SS_ISDISCONNECTED) == 0 || 703 (so->so_proto->pr_flags & PR_ABRTACPTDIS) == 0) 704 error = (*so->so_proto->pr_usrreq)(so, PRU_ACCEPT, 705 NULL, nam, NULL, NULL); 706 else 707 error = ECONNABORTED; 708 709 splx(s); 710 return (error); 711 } 712 713 int 714 soconnect(struct socket *so, struct mbuf *nam, struct lwp *l) 715 { 716 int s, error; 717 718 if (so->so_options & SO_ACCEPTCONN) 719 return (EOPNOTSUPP); 720 s = splsoftnet(); 721 /* 722 * If protocol is connection-based, can only connect once. 723 * Otherwise, if connected, try to disconnect first. 724 * This allows user to disconnect by connecting to, e.g., 725 * a null address. 726 */ 727 if (so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING) && 728 ((so->so_proto->pr_flags & PR_CONNREQUIRED) || 729 (error = sodisconnect(so)))) 730 error = EISCONN; 731 else 732 error = (*so->so_proto->pr_usrreq)(so, PRU_CONNECT, 733 NULL, nam, NULL, l); 734 splx(s); 735 return (error); 736 } 737 738 int 739 soconnect2(struct socket *so1, struct socket *so2) 740 { 741 int s, error; 742 743 s = splsoftnet(); 744 error = (*so1->so_proto->pr_usrreq)(so1, PRU_CONNECT2, 745 NULL, (struct mbuf *)so2, NULL, NULL); 746 splx(s); 747 return (error); 748 } 749 750 int 751 sodisconnect(struct socket *so) 752 { 753 int s, error; 754 755 s = splsoftnet(); 756 if ((so->so_state & SS_ISCONNECTED) == 0) { 757 error = ENOTCONN; 758 goto bad; 759 } 760 if (so->so_state & SS_ISDISCONNECTING) { 761 error = EALREADY; 762 goto bad; 763 } 764 error = (*so->so_proto->pr_usrreq)(so, PRU_DISCONNECT, 765 NULL, NULL, NULL, NULL); 766 bad: 767 splx(s); 768 sodopendfree(); 769 return (error); 770 } 771 772 #define SBLOCKWAIT(f) (((f) & MSG_DONTWAIT) ? M_NOWAIT : M_WAITOK) 773 /* 774 * Send on a socket. 775 * If send must go all at once and message is larger than 776 * send buffering, then hard error. 777 * Lock against other senders. 778 * If must go all at once and not enough room now, then 779 * inform user that this would block and do nothing. 780 * Otherwise, if nonblocking, send as much as possible. 781 * The data to be sent is described by "uio" if nonzero, 782 * otherwise by the mbuf chain "top" (which must be null 783 * if uio is not). Data provided in mbuf chain must be small 784 * enough to send all at once. 785 * 786 * Returns nonzero on error, timeout or signal; callers 787 * must check for short counts if EINTR/ERESTART are returned. 788 * Data and control buffers are freed on return. 789 */ 790 int 791 sosend(struct socket *so, struct mbuf *addr, struct uio *uio, struct mbuf *top, 792 struct mbuf *control, int flags, struct lwp *l) 793 { 794 struct mbuf **mp, *m; 795 struct proc *p; 796 long space, len, resid, clen, mlen; 797 int error, s, dontroute, atomic; 798 799 p = l->l_proc; 800 sodopendfree(); 801 802 clen = 0; 803 atomic = sosendallatonce(so) || top; 804 if (uio) 805 resid = uio->uio_resid; 806 else 807 resid = top->m_pkthdr.len; 808 /* 809 * In theory resid should be unsigned. 810 * However, space must be signed, as it might be less than 0 811 * if we over-committed, and we must use a signed comparison 812 * of space and resid. On the other hand, a negative resid 813 * causes us to loop sending 0-length segments to the protocol. 814 */ 815 if (resid < 0) { 816 error = EINVAL; 817 goto out; 818 } 819 dontroute = 820 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0 && 821 (so->so_proto->pr_flags & PR_ATOMIC); 822 if (l) 823 l->l_ru.ru_msgsnd++; 824 if (control) 825 clen = control->m_len; 826 #define snderr(errno) { error = errno; splx(s); goto release; } 827 828 restart: 829 if ((error = sblock(&so->so_snd, SBLOCKWAIT(flags))) != 0) 830 goto out; 831 do { 832 s = splsoftnet(); 833 if (so->so_state & SS_CANTSENDMORE) 834 snderr(EPIPE); 835 if (so->so_error) { 836 error = so->so_error; 837 so->so_error = 0; 838 splx(s); 839 goto release; 840 } 841 if ((so->so_state & SS_ISCONNECTED) == 0) { 842 if (so->so_proto->pr_flags & PR_CONNREQUIRED) { 843 if ((so->so_state & SS_ISCONFIRMING) == 0 && 844 !(resid == 0 && clen != 0)) 845 snderr(ENOTCONN); 846 } else if (addr == 0) 847 snderr(EDESTADDRREQ); 848 } 849 space = sbspace(&so->so_snd); 850 if (flags & MSG_OOB) 851 space += 1024; 852 if ((atomic && resid > so->so_snd.sb_hiwat) || 853 clen > so->so_snd.sb_hiwat) 854 snderr(EMSGSIZE); 855 if (space < resid + clen && 856 (atomic || space < so->so_snd.sb_lowat || space < clen)) { 857 if (so->so_nbio) 858 snderr(EWOULDBLOCK); 859 sbunlock(&so->so_snd); 860 error = sbwait(&so->so_snd); 861 splx(s); 862 if (error) 863 goto out; 864 goto restart; 865 } 866 splx(s); 867 mp = ⊤ 868 space -= clen; 869 do { 870 if (uio == NULL) { 871 /* 872 * Data is prepackaged in "top". 873 */ 874 resid = 0; 875 if (flags & MSG_EOR) 876 top->m_flags |= M_EOR; 877 } else do { 878 if (top == NULL) { 879 m = m_gethdr(M_WAIT, MT_DATA); 880 mlen = MHLEN; 881 m->m_pkthdr.len = 0; 882 m->m_pkthdr.rcvif = NULL; 883 } else { 884 m = m_get(M_WAIT, MT_DATA); 885 mlen = MLEN; 886 } 887 MCLAIM(m, so->so_snd.sb_mowner); 888 if (sock_loan_thresh >= 0 && 889 uio->uio_iov->iov_len >= sock_loan_thresh && 890 space >= sock_loan_thresh && 891 (len = sosend_loan(so, uio, m, 892 space)) != 0) { 893 SOSEND_COUNTER_INCR(&sosend_loan_big); 894 space -= len; 895 goto have_data; 896 } 897 if (resid >= MINCLSIZE && space >= MCLBYTES) { 898 SOSEND_COUNTER_INCR(&sosend_copy_big); 899 m_clget(m, M_WAIT); 900 if ((m->m_flags & M_EXT) == 0) 901 goto nopages; 902 mlen = MCLBYTES; 903 if (atomic && top == 0) { 904 len = lmin(MCLBYTES - max_hdr, 905 resid); 906 m->m_data += max_hdr; 907 } else 908 len = lmin(MCLBYTES, resid); 909 space -= len; 910 } else { 911 nopages: 912 SOSEND_COUNTER_INCR(&sosend_copy_small); 913 len = lmin(lmin(mlen, resid), space); 914 space -= len; 915 /* 916 * For datagram protocols, leave room 917 * for protocol headers in first mbuf. 918 */ 919 if (atomic && top == 0 && len < mlen) 920 MH_ALIGN(m, len); 921 } 922 error = uiomove(mtod(m, void *), (int)len, uio); 923 have_data: 924 resid = uio->uio_resid; 925 m->m_len = len; 926 *mp = m; 927 top->m_pkthdr.len += len; 928 if (error != 0) 929 goto release; 930 mp = &m->m_next; 931 if (resid <= 0) { 932 if (flags & MSG_EOR) 933 top->m_flags |= M_EOR; 934 break; 935 } 936 } while (space > 0 && atomic); 937 938 s = splsoftnet(); 939 940 if (so->so_state & SS_CANTSENDMORE) 941 snderr(EPIPE); 942 943 if (dontroute) 944 so->so_options |= SO_DONTROUTE; 945 if (resid > 0) 946 so->so_state |= SS_MORETOCOME; 947 error = (*so->so_proto->pr_usrreq)(so, 948 (flags & MSG_OOB) ? PRU_SENDOOB : PRU_SEND, 949 top, addr, control, curlwp); /* XXX */ 950 if (dontroute) 951 so->so_options &= ~SO_DONTROUTE; 952 if (resid > 0) 953 so->so_state &= ~SS_MORETOCOME; 954 splx(s); 955 956 clen = 0; 957 control = NULL; 958 top = NULL; 959 mp = ⊤ 960 if (error != 0) 961 goto release; 962 } while (resid && space > 0); 963 } while (resid); 964 965 release: 966 sbunlock(&so->so_snd); 967 out: 968 if (top) 969 m_freem(top); 970 if (control) 971 m_freem(control); 972 return (error); 973 } 974 975 /* 976 * Following replacement or removal of the first mbuf on the first 977 * mbuf chain of a socket buffer, push necessary state changes back 978 * into the socket buffer so that other consumers see the values 979 * consistently. 'nextrecord' is the callers locally stored value of 980 * the original value of sb->sb_mb->m_nextpkt which must be restored 981 * when the lead mbuf changes. NOTE: 'nextrecord' may be NULL. 982 */ 983 static void 984 sbsync(struct sockbuf *sb, struct mbuf *nextrecord) 985 { 986 987 /* 988 * First, update for the new value of nextrecord. If necessary, 989 * make it the first record. 990 */ 991 if (sb->sb_mb != NULL) 992 sb->sb_mb->m_nextpkt = nextrecord; 993 else 994 sb->sb_mb = nextrecord; 995 996 /* 997 * Now update any dependent socket buffer fields to reflect 998 * the new state. This is an inline of SB_EMPTY_FIXUP, with 999 * the addition of a second clause that takes care of the 1000 * case where sb_mb has been updated, but remains the last 1001 * record. 1002 */ 1003 if (sb->sb_mb == NULL) { 1004 sb->sb_mbtail = NULL; 1005 sb->sb_lastrecord = NULL; 1006 } else if (sb->sb_mb->m_nextpkt == NULL) 1007 sb->sb_lastrecord = sb->sb_mb; 1008 } 1009 1010 /* 1011 * Implement receive operations on a socket. 1012 * We depend on the way that records are added to the sockbuf 1013 * by sbappend*. In particular, each record (mbufs linked through m_next) 1014 * must begin with an address if the protocol so specifies, 1015 * followed by an optional mbuf or mbufs containing ancillary data, 1016 * and then zero or more mbufs of data. 1017 * In order to avoid blocking network interrupts for the entire time here, 1018 * we splx() while doing the actual copy to user space. 1019 * Although the sockbuf is locked, new data may still be appended, 1020 * and thus we must maintain consistency of the sockbuf during that time. 1021 * 1022 * The caller may receive the data as a single mbuf chain by supplying 1023 * an mbuf **mp0 for use in returning the chain. The uio is then used 1024 * only for the count in uio_resid. 1025 */ 1026 int 1027 soreceive(struct socket *so, struct mbuf **paddr, struct uio *uio, 1028 struct mbuf **mp0, struct mbuf **controlp, int *flagsp) 1029 { 1030 struct lwp *l = curlwp; 1031 struct mbuf *m, **mp; 1032 int atomic, flags, len, error, s, offset, moff, type, orig_resid; 1033 const struct protosw *pr; 1034 struct mbuf *nextrecord; 1035 int mbuf_removed = 0; 1036 const struct domain *dom; 1037 1038 pr = so->so_proto; 1039 atomic = pr->pr_flags & PR_ATOMIC; 1040 dom = pr->pr_domain; 1041 mp = mp0; 1042 type = 0; 1043 orig_resid = uio->uio_resid; 1044 1045 if (paddr != NULL) 1046 *paddr = NULL; 1047 if (controlp != NULL) 1048 *controlp = NULL; 1049 if (flagsp != NULL) 1050 flags = *flagsp &~ MSG_EOR; 1051 else 1052 flags = 0; 1053 1054 if ((flags & MSG_DONTWAIT) == 0) 1055 sodopendfree(); 1056 1057 if (flags & MSG_OOB) { 1058 m = m_get(M_WAIT, MT_DATA); 1059 error = (*pr->pr_usrreq)(so, PRU_RCVOOB, m, 1060 (struct mbuf *)(long)(flags & MSG_PEEK), NULL, l); 1061 if (error) 1062 goto bad; 1063 do { 1064 error = uiomove(mtod(m, void *), 1065 (int) min(uio->uio_resid, m->m_len), uio); 1066 m = m_free(m); 1067 } while (uio->uio_resid > 0 && error == 0 && m); 1068 bad: 1069 if (m != NULL) 1070 m_freem(m); 1071 return error; 1072 } 1073 if (mp != NULL) 1074 *mp = NULL; 1075 if (so->so_state & SS_ISCONFIRMING && uio->uio_resid) 1076 (*pr->pr_usrreq)(so, PRU_RCVD, NULL, NULL, NULL, l); 1077 1078 restart: 1079 if ((error = sblock(&so->so_rcv, SBLOCKWAIT(flags))) != 0) 1080 return error; 1081 s = splsoftnet(); 1082 1083 m = so->so_rcv.sb_mb; 1084 /* 1085 * If we have less data than requested, block awaiting more 1086 * (subject to any timeout) if: 1087 * 1. the current count is less than the low water mark, 1088 * 2. MSG_WAITALL is set, and it is possible to do the entire 1089 * receive operation at once if we block (resid <= hiwat), or 1090 * 3. MSG_DONTWAIT is not set. 1091 * If MSG_WAITALL is set but resid is larger than the receive buffer, 1092 * we have to do the receive in sections, and thus risk returning 1093 * a short count if a timeout or signal occurs after we start. 1094 */ 1095 if (m == NULL || 1096 ((flags & MSG_DONTWAIT) == 0 && 1097 so->so_rcv.sb_cc < uio->uio_resid && 1098 (so->so_rcv.sb_cc < so->so_rcv.sb_lowat || 1099 ((flags & MSG_WAITALL) && 1100 uio->uio_resid <= so->so_rcv.sb_hiwat)) && 1101 m->m_nextpkt == NULL && !atomic)) { 1102 #ifdef DIAGNOSTIC 1103 if (m == NULL && so->so_rcv.sb_cc) 1104 panic("receive 1"); 1105 #endif 1106 if (so->so_error) { 1107 if (m != NULL) 1108 goto dontblock; 1109 error = so->so_error; 1110 if ((flags & MSG_PEEK) == 0) 1111 so->so_error = 0; 1112 goto release; 1113 } 1114 if (so->so_state & SS_CANTRCVMORE) { 1115 if (m != NULL) 1116 goto dontblock; 1117 else 1118 goto release; 1119 } 1120 for (; m != NULL; m = m->m_next) 1121 if (m->m_type == MT_OOBDATA || (m->m_flags & M_EOR)) { 1122 m = so->so_rcv.sb_mb; 1123 goto dontblock; 1124 } 1125 if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) == 0 && 1126 (so->so_proto->pr_flags & PR_CONNREQUIRED)) { 1127 error = ENOTCONN; 1128 goto release; 1129 } 1130 if (uio->uio_resid == 0) 1131 goto release; 1132 if (so->so_nbio || (flags & MSG_DONTWAIT)) { 1133 error = EWOULDBLOCK; 1134 goto release; 1135 } 1136 SBLASTRECORDCHK(&so->so_rcv, "soreceive sbwait 1"); 1137 SBLASTMBUFCHK(&so->so_rcv, "soreceive sbwait 1"); 1138 sbunlock(&so->so_rcv); 1139 error = sbwait(&so->so_rcv); 1140 splx(s); 1141 if (error != 0) 1142 return error; 1143 goto restart; 1144 } 1145 dontblock: 1146 /* 1147 * On entry here, m points to the first record of the socket buffer. 1148 * From this point onward, we maintain 'nextrecord' as a cache of the 1149 * pointer to the next record in the socket buffer. We must keep the 1150 * various socket buffer pointers and local stack versions of the 1151 * pointers in sync, pushing out modifications before dropping the 1152 * IPL, and re-reading them when picking it up. 1153 * 1154 * Otherwise, we will race with the network stack appending new data 1155 * or records onto the socket buffer by using inconsistent/stale 1156 * versions of the field, possibly resulting in socket buffer 1157 * corruption. 1158 * 1159 * By holding the high-level sblock(), we prevent simultaneous 1160 * readers from pulling off the front of the socket buffer. 1161 */ 1162 if (l != NULL) 1163 l->l_ru.ru_msgrcv++; 1164 KASSERT(m == so->so_rcv.sb_mb); 1165 SBLASTRECORDCHK(&so->so_rcv, "soreceive 1"); 1166 SBLASTMBUFCHK(&so->so_rcv, "soreceive 1"); 1167 nextrecord = m->m_nextpkt; 1168 if (pr->pr_flags & PR_ADDR) { 1169 #ifdef DIAGNOSTIC 1170 if (m->m_type != MT_SONAME) 1171 panic("receive 1a"); 1172 #endif 1173 orig_resid = 0; 1174 if (flags & MSG_PEEK) { 1175 if (paddr) 1176 *paddr = m_copy(m, 0, m->m_len); 1177 m = m->m_next; 1178 } else { 1179 sbfree(&so->so_rcv, m); 1180 mbuf_removed = 1; 1181 if (paddr != NULL) { 1182 *paddr = m; 1183 so->so_rcv.sb_mb = m->m_next; 1184 m->m_next = NULL; 1185 m = so->so_rcv.sb_mb; 1186 } else { 1187 MFREE(m, so->so_rcv.sb_mb); 1188 m = so->so_rcv.sb_mb; 1189 } 1190 sbsync(&so->so_rcv, nextrecord); 1191 } 1192 } 1193 1194 /* 1195 * Process one or more MT_CONTROL mbufs present before any data mbufs 1196 * in the first mbuf chain on the socket buffer. If MSG_PEEK, we 1197 * just copy the data; if !MSG_PEEK, we call into the protocol to 1198 * perform externalization (or freeing if controlp == NULL). 1199 */ 1200 if (__predict_false(m != NULL && m->m_type == MT_CONTROL)) { 1201 struct mbuf *cm = NULL, *cmn; 1202 struct mbuf **cme = &cm; 1203 1204 do { 1205 if (flags & MSG_PEEK) { 1206 if (controlp != NULL) { 1207 *controlp = m_copy(m, 0, m->m_len); 1208 controlp = &(*controlp)->m_next; 1209 } 1210 m = m->m_next; 1211 } else { 1212 sbfree(&so->so_rcv, m); 1213 so->so_rcv.sb_mb = m->m_next; 1214 m->m_next = NULL; 1215 *cme = m; 1216 cme = &(*cme)->m_next; 1217 m = so->so_rcv.sb_mb; 1218 } 1219 } while (m != NULL && m->m_type == MT_CONTROL); 1220 if ((flags & MSG_PEEK) == 0) 1221 sbsync(&so->so_rcv, nextrecord); 1222 for (; cm != NULL; cm = cmn) { 1223 cmn = cm->m_next; 1224 cm->m_next = NULL; 1225 type = mtod(cm, struct cmsghdr *)->cmsg_type; 1226 if (controlp != NULL) { 1227 if (dom->dom_externalize != NULL && 1228 type == SCM_RIGHTS) { 1229 splx(s); 1230 error = (*dom->dom_externalize)(cm, l); 1231 s = splsoftnet(); 1232 } 1233 *controlp = cm; 1234 while (*controlp != NULL) 1235 controlp = &(*controlp)->m_next; 1236 } else { 1237 /* 1238 * Dispose of any SCM_RIGHTS message that went 1239 * through the read path rather than recv. 1240 */ 1241 if (dom->dom_dispose != NULL && 1242 type == SCM_RIGHTS) { 1243 splx(s); 1244 (*dom->dom_dispose)(cm); 1245 s = splsoftnet(); 1246 } 1247 m_freem(cm); 1248 } 1249 } 1250 if (m != NULL) 1251 nextrecord = so->so_rcv.sb_mb->m_nextpkt; 1252 else 1253 nextrecord = so->so_rcv.sb_mb; 1254 orig_resid = 0; 1255 } 1256 1257 /* If m is non-NULL, we have some data to read. */ 1258 if (__predict_true(m != NULL)) { 1259 type = m->m_type; 1260 if (type == MT_OOBDATA) 1261 flags |= MSG_OOB; 1262 } 1263 SBLASTRECORDCHK(&so->so_rcv, "soreceive 2"); 1264 SBLASTMBUFCHK(&so->so_rcv, "soreceive 2"); 1265 1266 moff = 0; 1267 offset = 0; 1268 while (m != NULL && uio->uio_resid > 0 && error == 0) { 1269 if (m->m_type == MT_OOBDATA) { 1270 if (type != MT_OOBDATA) 1271 break; 1272 } else if (type == MT_OOBDATA) 1273 break; 1274 #ifdef DIAGNOSTIC 1275 else if (m->m_type != MT_DATA && m->m_type != MT_HEADER) 1276 panic("receive 3"); 1277 #endif 1278 so->so_state &= ~SS_RCVATMARK; 1279 len = uio->uio_resid; 1280 if (so->so_oobmark && len > so->so_oobmark - offset) 1281 len = so->so_oobmark - offset; 1282 if (len > m->m_len - moff) 1283 len = m->m_len - moff; 1284 /* 1285 * If mp is set, just pass back the mbufs. 1286 * Otherwise copy them out via the uio, then free. 1287 * Sockbuf must be consistent here (points to current mbuf, 1288 * it points to next record) when we drop priority; 1289 * we must note any additions to the sockbuf when we 1290 * block interrupts again. 1291 */ 1292 if (mp == NULL) { 1293 SBLASTRECORDCHK(&so->so_rcv, "soreceive uiomove"); 1294 SBLASTMBUFCHK(&so->so_rcv, "soreceive uiomove"); 1295 splx(s); 1296 error = uiomove(mtod(m, char *) + moff, (int)len, uio); 1297 s = splsoftnet(); 1298 if (error != 0) { 1299 /* 1300 * If any part of the record has been removed 1301 * (such as the MT_SONAME mbuf, which will 1302 * happen when PR_ADDR, and thus also 1303 * PR_ATOMIC, is set), then drop the entire 1304 * record to maintain the atomicity of the 1305 * receive operation. 1306 * 1307 * This avoids a later panic("receive 1a") 1308 * when compiled with DIAGNOSTIC. 1309 */ 1310 if (m && mbuf_removed && atomic) 1311 (void) sbdroprecord(&so->so_rcv); 1312 1313 goto release; 1314 } 1315 } else 1316 uio->uio_resid -= len; 1317 if (len == m->m_len - moff) { 1318 if (m->m_flags & M_EOR) 1319 flags |= MSG_EOR; 1320 if (flags & MSG_PEEK) { 1321 m = m->m_next; 1322 moff = 0; 1323 } else { 1324 nextrecord = m->m_nextpkt; 1325 sbfree(&so->so_rcv, m); 1326 if (mp) { 1327 *mp = m; 1328 mp = &m->m_next; 1329 so->so_rcv.sb_mb = m = m->m_next; 1330 *mp = NULL; 1331 } else { 1332 MFREE(m, so->so_rcv.sb_mb); 1333 m = so->so_rcv.sb_mb; 1334 } 1335 /* 1336 * If m != NULL, we also know that 1337 * so->so_rcv.sb_mb != NULL. 1338 */ 1339 KASSERT(so->so_rcv.sb_mb == m); 1340 if (m) { 1341 m->m_nextpkt = nextrecord; 1342 if (nextrecord == NULL) 1343 so->so_rcv.sb_lastrecord = m; 1344 } else { 1345 so->so_rcv.sb_mb = nextrecord; 1346 SB_EMPTY_FIXUP(&so->so_rcv); 1347 } 1348 SBLASTRECORDCHK(&so->so_rcv, "soreceive 3"); 1349 SBLASTMBUFCHK(&so->so_rcv, "soreceive 3"); 1350 } 1351 } else if (flags & MSG_PEEK) 1352 moff += len; 1353 else { 1354 if (mp != NULL) 1355 *mp = m_copym(m, 0, len, M_WAIT); 1356 m->m_data += len; 1357 m->m_len -= len; 1358 so->so_rcv.sb_cc -= len; 1359 } 1360 if (so->so_oobmark) { 1361 if ((flags & MSG_PEEK) == 0) { 1362 so->so_oobmark -= len; 1363 if (so->so_oobmark == 0) { 1364 so->so_state |= SS_RCVATMARK; 1365 break; 1366 } 1367 } else { 1368 offset += len; 1369 if (offset == so->so_oobmark) 1370 break; 1371 } 1372 } 1373 if (flags & MSG_EOR) 1374 break; 1375 /* 1376 * If the MSG_WAITALL flag is set (for non-atomic socket), 1377 * we must not quit until "uio->uio_resid == 0" or an error 1378 * termination. If a signal/timeout occurs, return 1379 * with a short count but without error. 1380 * Keep sockbuf locked against other readers. 1381 */ 1382 while (flags & MSG_WAITALL && m == NULL && uio->uio_resid > 0 && 1383 !sosendallatonce(so) && !nextrecord) { 1384 if (so->so_error || so->so_state & SS_CANTRCVMORE) 1385 break; 1386 /* 1387 * If we are peeking and the socket receive buffer is 1388 * full, stop since we can't get more data to peek at. 1389 */ 1390 if ((flags & MSG_PEEK) && sbspace(&so->so_rcv) <= 0) 1391 break; 1392 /* 1393 * If we've drained the socket buffer, tell the 1394 * protocol in case it needs to do something to 1395 * get it filled again. 1396 */ 1397 if ((pr->pr_flags & PR_WANTRCVD) && so->so_pcb) 1398 (*pr->pr_usrreq)(so, PRU_RCVD, 1399 NULL, (struct mbuf *)(long)flags, NULL, l); 1400 SBLASTRECORDCHK(&so->so_rcv, "soreceive sbwait 2"); 1401 SBLASTMBUFCHK(&so->so_rcv, "soreceive sbwait 2"); 1402 error = sbwait(&so->so_rcv); 1403 if (error != 0) { 1404 sbunlock(&so->so_rcv); 1405 splx(s); 1406 return 0; 1407 } 1408 if ((m = so->so_rcv.sb_mb) != NULL) 1409 nextrecord = m->m_nextpkt; 1410 } 1411 } 1412 1413 if (m && atomic) { 1414 flags |= MSG_TRUNC; 1415 if ((flags & MSG_PEEK) == 0) 1416 (void) sbdroprecord(&so->so_rcv); 1417 } 1418 if ((flags & MSG_PEEK) == 0) { 1419 if (m == NULL) { 1420 /* 1421 * First part is an inline SB_EMPTY_FIXUP(). Second 1422 * part makes sure sb_lastrecord is up-to-date if 1423 * there is still data in the socket buffer. 1424 */ 1425 so->so_rcv.sb_mb = nextrecord; 1426 if (so->so_rcv.sb_mb == NULL) { 1427 so->so_rcv.sb_mbtail = NULL; 1428 so->so_rcv.sb_lastrecord = NULL; 1429 } else if (nextrecord->m_nextpkt == NULL) 1430 so->so_rcv.sb_lastrecord = nextrecord; 1431 } 1432 SBLASTRECORDCHK(&so->so_rcv, "soreceive 4"); 1433 SBLASTMBUFCHK(&so->so_rcv, "soreceive 4"); 1434 if (pr->pr_flags & PR_WANTRCVD && so->so_pcb) 1435 (*pr->pr_usrreq)(so, PRU_RCVD, NULL, 1436 (struct mbuf *)(long)flags, NULL, l); 1437 } 1438 if (orig_resid == uio->uio_resid && orig_resid && 1439 (flags & MSG_EOR) == 0 && (so->so_state & SS_CANTRCVMORE) == 0) { 1440 sbunlock(&so->so_rcv); 1441 splx(s); 1442 goto restart; 1443 } 1444 1445 if (flagsp != NULL) 1446 *flagsp |= flags; 1447 release: 1448 sbunlock(&so->so_rcv); 1449 splx(s); 1450 return error; 1451 } 1452 1453 int 1454 soshutdown(struct socket *so, int how) 1455 { 1456 const struct protosw *pr; 1457 1458 pr = so->so_proto; 1459 if (!(how == SHUT_RD || how == SHUT_WR || how == SHUT_RDWR)) 1460 return (EINVAL); 1461 1462 if (how == SHUT_RD || how == SHUT_RDWR) 1463 sorflush(so); 1464 if (how == SHUT_WR || how == SHUT_RDWR) 1465 return (*pr->pr_usrreq)(so, PRU_SHUTDOWN, NULL, 1466 NULL, NULL, NULL); 1467 return 0; 1468 } 1469 1470 void 1471 sorflush(struct socket *so) 1472 { 1473 struct sockbuf *sb, asb; 1474 const struct protosw *pr; 1475 int s; 1476 1477 sb = &so->so_rcv; 1478 pr = so->so_proto; 1479 sb->sb_flags |= SB_NOINTR; 1480 (void) sblock(sb, M_WAITOK); 1481 s = splnet(); 1482 socantrcvmore(so); 1483 sbunlock(sb); 1484 asb = *sb; 1485 /* 1486 * Clear most of the sockbuf structure, but leave some of the 1487 * fields valid. 1488 */ 1489 memset(&sb->sb_startzero, 0, 1490 sizeof(*sb) - offsetof(struct sockbuf, sb_startzero)); 1491 splx(s); 1492 if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose) 1493 (*pr->pr_domain->dom_dispose)(asb.sb_mb); 1494 sbrelease(&asb, so); 1495 } 1496 1497 static int 1498 sosetopt1(struct socket *so, int level, int optname, struct mbuf *m) 1499 { 1500 int optval, val; 1501 struct linger *l; 1502 struct sockbuf *sb; 1503 struct timeval *tv; 1504 1505 switch (optname) { 1506 1507 case SO_LINGER: 1508 if (m == NULL || m->m_len != sizeof(struct linger)) 1509 return EINVAL; 1510 l = mtod(m, struct linger *); 1511 if (l->l_linger < 0 || l->l_linger > USHRT_MAX || 1512 l->l_linger > (INT_MAX / hz)) 1513 return EDOM; 1514 so->so_linger = l->l_linger; 1515 if (l->l_onoff) 1516 so->so_options |= SO_LINGER; 1517 else 1518 so->so_options &= ~SO_LINGER; 1519 break; 1520 1521 case SO_DEBUG: 1522 case SO_KEEPALIVE: 1523 case SO_DONTROUTE: 1524 case SO_USELOOPBACK: 1525 case SO_BROADCAST: 1526 case SO_REUSEADDR: 1527 case SO_REUSEPORT: 1528 case SO_OOBINLINE: 1529 case SO_TIMESTAMP: 1530 if (m == NULL || m->m_len < sizeof(int)) 1531 return EINVAL; 1532 if (*mtod(m, int *)) 1533 so->so_options |= optname; 1534 else 1535 so->so_options &= ~optname; 1536 break; 1537 1538 case SO_SNDBUF: 1539 case SO_RCVBUF: 1540 case SO_SNDLOWAT: 1541 case SO_RCVLOWAT: 1542 if (m == NULL || m->m_len < sizeof(int)) 1543 return EINVAL; 1544 1545 /* 1546 * Values < 1 make no sense for any of these 1547 * options, so disallow them. 1548 */ 1549 optval = *mtod(m, int *); 1550 if (optval < 1) 1551 return EINVAL; 1552 1553 switch (optname) { 1554 1555 case SO_SNDBUF: 1556 case SO_RCVBUF: 1557 sb = (optname == SO_SNDBUF) ? 1558 &so->so_snd : &so->so_rcv; 1559 if (sbreserve(sb, (u_long)optval, so) == 0) 1560 return ENOBUFS; 1561 sb->sb_flags &= ~SB_AUTOSIZE; 1562 break; 1563 1564 /* 1565 * Make sure the low-water is never greater than 1566 * the high-water. 1567 */ 1568 case SO_SNDLOWAT: 1569 so->so_snd.sb_lowat = 1570 (optval > so->so_snd.sb_hiwat) ? 1571 so->so_snd.sb_hiwat : optval; 1572 break; 1573 case SO_RCVLOWAT: 1574 so->so_rcv.sb_lowat = 1575 (optval > so->so_rcv.sb_hiwat) ? 1576 so->so_rcv.sb_hiwat : optval; 1577 break; 1578 } 1579 break; 1580 1581 case SO_SNDTIMEO: 1582 case SO_RCVTIMEO: 1583 if (m == NULL || m->m_len < sizeof(*tv)) 1584 return EINVAL; 1585 tv = mtod(m, struct timeval *); 1586 if (tv->tv_sec > (INT_MAX - tv->tv_usec / tick) / hz) 1587 return EDOM; 1588 val = tv->tv_sec * hz + tv->tv_usec / tick; 1589 if (val == 0 && tv->tv_usec != 0) 1590 val = 1; 1591 1592 switch (optname) { 1593 1594 case SO_SNDTIMEO: 1595 so->so_snd.sb_timeo = val; 1596 break; 1597 case SO_RCVTIMEO: 1598 so->so_rcv.sb_timeo = val; 1599 break; 1600 } 1601 break; 1602 1603 default: 1604 return ENOPROTOOPT; 1605 } 1606 return 0; 1607 } 1608 1609 int 1610 sosetopt(struct socket *so, int level, int optname, struct mbuf *m) 1611 { 1612 int error, prerr; 1613 1614 if (level == SOL_SOCKET) 1615 error = sosetopt1(so, level, optname, m); 1616 else 1617 error = ENOPROTOOPT; 1618 1619 if ((error == 0 || error == ENOPROTOOPT) && 1620 so->so_proto != NULL && so->so_proto->pr_ctloutput != NULL) { 1621 /* give the protocol stack a shot */ 1622 prerr = (*so->so_proto->pr_ctloutput)(PRCO_SETOPT, so, level, 1623 optname, &m); 1624 if (prerr == 0) 1625 error = 0; 1626 else if (prerr != ENOPROTOOPT) 1627 error = prerr; 1628 } else if (m != NULL) 1629 (void)m_free(m); 1630 return error; 1631 } 1632 1633 int 1634 sogetopt(struct socket *so, int level, int optname, struct mbuf **mp) 1635 { 1636 struct mbuf *m; 1637 1638 if (level != SOL_SOCKET) { 1639 if (so->so_proto && so->so_proto->pr_ctloutput) { 1640 return ((*so->so_proto->pr_ctloutput) 1641 (PRCO_GETOPT, so, level, optname, mp)); 1642 } else 1643 return (ENOPROTOOPT); 1644 } else { 1645 m = m_get(M_WAIT, MT_SOOPTS); 1646 m->m_len = sizeof(int); 1647 1648 switch (optname) { 1649 1650 case SO_LINGER: 1651 m->m_len = sizeof(struct linger); 1652 mtod(m, struct linger *)->l_onoff = 1653 (so->so_options & SO_LINGER) ? 1 : 0; 1654 mtod(m, struct linger *)->l_linger = so->so_linger; 1655 break; 1656 1657 case SO_USELOOPBACK: 1658 case SO_DONTROUTE: 1659 case SO_DEBUG: 1660 case SO_KEEPALIVE: 1661 case SO_REUSEADDR: 1662 case SO_REUSEPORT: 1663 case SO_BROADCAST: 1664 case SO_OOBINLINE: 1665 case SO_TIMESTAMP: 1666 *mtod(m, int *) = (so->so_options & optname) ? 1 : 0; 1667 break; 1668 1669 case SO_TYPE: 1670 *mtod(m, int *) = so->so_type; 1671 break; 1672 1673 case SO_ERROR: 1674 *mtod(m, int *) = so->so_error; 1675 so->so_error = 0; 1676 break; 1677 1678 case SO_SNDBUF: 1679 *mtod(m, int *) = so->so_snd.sb_hiwat; 1680 break; 1681 1682 case SO_RCVBUF: 1683 *mtod(m, int *) = so->so_rcv.sb_hiwat; 1684 break; 1685 1686 case SO_SNDLOWAT: 1687 *mtod(m, int *) = so->so_snd.sb_lowat; 1688 break; 1689 1690 case SO_RCVLOWAT: 1691 *mtod(m, int *) = so->so_rcv.sb_lowat; 1692 break; 1693 1694 case SO_SNDTIMEO: 1695 case SO_RCVTIMEO: 1696 { 1697 int val = (optname == SO_SNDTIMEO ? 1698 so->so_snd.sb_timeo : so->so_rcv.sb_timeo); 1699 1700 m->m_len = sizeof(struct timeval); 1701 mtod(m, struct timeval *)->tv_sec = val / hz; 1702 mtod(m, struct timeval *)->tv_usec = 1703 (val % hz) * tick; 1704 break; 1705 } 1706 1707 case SO_OVERFLOWED: 1708 *mtod(m, int *) = so->so_rcv.sb_overflowed; 1709 break; 1710 1711 default: 1712 (void)m_free(m); 1713 return (ENOPROTOOPT); 1714 } 1715 *mp = m; 1716 return (0); 1717 } 1718 } 1719 1720 void 1721 sohasoutofband(struct socket *so) 1722 { 1723 1724 fownsignal(so->so_pgid, SIGURG, POLL_PRI, POLLPRI|POLLRDBAND, so); 1725 selnotify(&so->so_rcv.sb_sel, POLLPRI | POLLRDBAND, 0); 1726 } 1727 1728 static void 1729 filt_sordetach(struct knote *kn) 1730 { 1731 struct socket *so; 1732 1733 so = ((file_t *)kn->kn_obj)->f_data; 1734 SLIST_REMOVE(&so->so_rcv.sb_sel.sel_klist, kn, knote, kn_selnext); 1735 if (SLIST_EMPTY(&so->so_rcv.sb_sel.sel_klist)) 1736 so->so_rcv.sb_flags &= ~SB_KNOTE; 1737 } 1738 1739 /*ARGSUSED*/ 1740 static int 1741 filt_soread(struct knote *kn, long hint) 1742 { 1743 struct socket *so; 1744 1745 so = ((file_t *)kn->kn_obj)->f_data; 1746 kn->kn_data = so->so_rcv.sb_cc; 1747 if (so->so_state & SS_CANTRCVMORE) { 1748 kn->kn_flags |= EV_EOF; 1749 kn->kn_fflags = so->so_error; 1750 return (1); 1751 } 1752 if (so->so_error) /* temporary udp error */ 1753 return (1); 1754 if (kn->kn_sfflags & NOTE_LOWAT) 1755 return (kn->kn_data >= kn->kn_sdata); 1756 return (kn->kn_data >= so->so_rcv.sb_lowat); 1757 } 1758 1759 static void 1760 filt_sowdetach(struct knote *kn) 1761 { 1762 struct socket *so; 1763 1764 so = ((file_t *)kn->kn_obj)->f_data; 1765 SLIST_REMOVE(&so->so_snd.sb_sel.sel_klist, kn, knote, kn_selnext); 1766 if (SLIST_EMPTY(&so->so_snd.sb_sel.sel_klist)) 1767 so->so_snd.sb_flags &= ~SB_KNOTE; 1768 } 1769 1770 /*ARGSUSED*/ 1771 static int 1772 filt_sowrite(struct knote *kn, long hint) 1773 { 1774 struct socket *so; 1775 1776 so = ((file_t *)kn->kn_obj)->f_data; 1777 kn->kn_data = sbspace(&so->so_snd); 1778 if (so->so_state & SS_CANTSENDMORE) { 1779 kn->kn_flags |= EV_EOF; 1780 kn->kn_fflags = so->so_error; 1781 return (1); 1782 } 1783 if (so->so_error) /* temporary udp error */ 1784 return (1); 1785 if (((so->so_state & SS_ISCONNECTED) == 0) && 1786 (so->so_proto->pr_flags & PR_CONNREQUIRED)) 1787 return (0); 1788 if (kn->kn_sfflags & NOTE_LOWAT) 1789 return (kn->kn_data >= kn->kn_sdata); 1790 return (kn->kn_data >= so->so_snd.sb_lowat); 1791 } 1792 1793 /*ARGSUSED*/ 1794 static int 1795 filt_solisten(struct knote *kn, long hint) 1796 { 1797 struct socket *so; 1798 1799 so = ((file_t *)kn->kn_obj)->f_data; 1800 1801 /* 1802 * Set kn_data to number of incoming connections, not 1803 * counting partial (incomplete) connections. 1804 */ 1805 kn->kn_data = so->so_qlen; 1806 return (kn->kn_data > 0); 1807 } 1808 1809 static const struct filterops solisten_filtops = 1810 { 1, NULL, filt_sordetach, filt_solisten }; 1811 static const struct filterops soread_filtops = 1812 { 1, NULL, filt_sordetach, filt_soread }; 1813 static const struct filterops sowrite_filtops = 1814 { 1, NULL, filt_sowdetach, filt_sowrite }; 1815 1816 int 1817 soo_kqfilter(struct file *fp, struct knote *kn) 1818 { 1819 struct socket *so; 1820 struct sockbuf *sb; 1821 1822 so = ((file_t *)kn->kn_obj)->f_data; 1823 switch (kn->kn_filter) { 1824 case EVFILT_READ: 1825 if (so->so_options & SO_ACCEPTCONN) 1826 kn->kn_fop = &solisten_filtops; 1827 else 1828 kn->kn_fop = &soread_filtops; 1829 sb = &so->so_rcv; 1830 break; 1831 case EVFILT_WRITE: 1832 kn->kn_fop = &sowrite_filtops; 1833 sb = &so->so_snd; 1834 break; 1835 default: 1836 return (EINVAL); 1837 } 1838 SLIST_INSERT_HEAD(&sb->sb_sel.sel_klist, kn, kn_selnext); 1839 sb->sb_flags |= SB_KNOTE; 1840 return (0); 1841 } 1842 1843 static int 1844 sodopoll(struct socket *so, int events) 1845 { 1846 int revents; 1847 1848 revents = 0; 1849 1850 if (events & (POLLIN | POLLRDNORM)) 1851 if (soreadable(so)) 1852 revents |= events & (POLLIN | POLLRDNORM); 1853 1854 if (events & (POLLOUT | POLLWRNORM)) 1855 if (sowritable(so)) 1856 revents |= events & (POLLOUT | POLLWRNORM); 1857 1858 if (events & (POLLPRI | POLLRDBAND)) 1859 if (so->so_oobmark || (so->so_state & SS_RCVATMARK)) 1860 revents |= events & (POLLPRI | POLLRDBAND); 1861 1862 return revents; 1863 } 1864 1865 int 1866 sopoll(struct socket *so, int events) 1867 { 1868 int revents = 0; 1869 int s; 1870 1871 if ((revents = sodopoll(so, events)) != 0) 1872 return revents; 1873 1874 KERNEL_LOCK(1, curlwp); 1875 s = splsoftnet(); 1876 1877 if ((revents = sodopoll(so, events)) == 0) { 1878 if (events & (POLLIN | POLLPRI | POLLRDNORM | POLLRDBAND)) { 1879 selrecord(curlwp, &so->so_rcv.sb_sel); 1880 so->so_rcv.sb_flags |= SB_SEL; 1881 } 1882 1883 if (events & (POLLOUT | POLLWRNORM)) { 1884 selrecord(curlwp, &so->so_snd.sb_sel); 1885 so->so_snd.sb_flags |= SB_SEL; 1886 } 1887 } 1888 1889 splx(s); 1890 KERNEL_UNLOCK_ONE(curlwp); 1891 1892 return revents; 1893 } 1894 1895 1896 #include <sys/sysctl.h> 1897 1898 static int sysctl_kern_somaxkva(SYSCTLFN_PROTO); 1899 1900 /* 1901 * sysctl helper routine for kern.somaxkva. ensures that the given 1902 * value is not too small. 1903 * (XXX should we maybe make sure it's not too large as well?) 1904 */ 1905 static int 1906 sysctl_kern_somaxkva(SYSCTLFN_ARGS) 1907 { 1908 int error, new_somaxkva; 1909 struct sysctlnode node; 1910 1911 new_somaxkva = somaxkva; 1912 node = *rnode; 1913 node.sysctl_data = &new_somaxkva; 1914 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1915 if (error || newp == NULL) 1916 return (error); 1917 1918 if (new_somaxkva < (16 * 1024 * 1024)) /* sanity */ 1919 return (EINVAL); 1920 1921 mutex_enter(&so_pendfree_lock); 1922 somaxkva = new_somaxkva; 1923 cv_broadcast(&socurkva_cv); 1924 mutex_exit(&so_pendfree_lock); 1925 1926 return (error); 1927 } 1928 1929 SYSCTL_SETUP(sysctl_kern_somaxkva_setup, "sysctl kern.somaxkva setup") 1930 { 1931 1932 sysctl_createv(clog, 0, NULL, NULL, 1933 CTLFLAG_PERMANENT, 1934 CTLTYPE_NODE, "kern", NULL, 1935 NULL, 0, NULL, 0, 1936 CTL_KERN, CTL_EOL); 1937 1938 sysctl_createv(clog, 0, NULL, NULL, 1939 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1940 CTLTYPE_INT, "somaxkva", 1941 SYSCTL_DESCR("Maximum amount of kernel memory to be " 1942 "used for socket buffers"), 1943 sysctl_kern_somaxkva, 0, NULL, 0, 1944 CTL_KERN, KERN_SOMAXKVA, CTL_EOL); 1945 } 1946