1 /* $NetBSD: uipc_syscalls.c,v 1.212 2024/07/05 04:31:53 rin Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009, 2023 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * Copyright (c) 1982, 1986, 1989, 1990, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)uipc_syscalls.c 8.6 (Berkeley) 2/14/95 61 */ 62 63 #include <sys/cdefs.h> 64 __KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.212 2024/07/05 04:31:53 rin Exp $"); 65 66 #ifdef _KERNEL_OPT 67 #include "opt_pipe.h" 68 #include "opt_sctp.h" 69 #endif 70 71 #define MBUFTYPES 72 #include <sys/param.h> 73 #include <sys/systm.h> 74 #include <sys/filedesc.h> 75 #include <sys/proc.h> 76 #include <sys/file.h> 77 #include <sys/buf.h> 78 #include <sys/mbuf.h> 79 #include <sys/protosw.h> 80 #include <sys/socket.h> 81 #include <sys/socketvar.h> 82 #include <sys/signalvar.h> 83 #include <sys/un.h> 84 #include <sys/ktrace.h> 85 #include <sys/event.h> 86 #include <sys/atomic.h> 87 #include <sys/kauth.h> 88 89 #ifdef SCTP 90 #include <netinet/sctp_uio.h> 91 #include <netinet/sctp_peeloff.h> 92 #endif 93 94 #include <sys/mount.h> 95 #include <sys/syscallargs.h> 96 97 /* 98 * System call interface to the socket abstraction. 99 */ 100 extern const struct fileops socketops; 101 102 static int sockargs_sb(struct sockaddr_big *, const void *, socklen_t); 103 104 int 105 sys___socket30(struct lwp *l, const struct sys___socket30_args *uap, 106 register_t *retval) 107 { 108 /* { 109 syscallarg(int) domain; 110 syscallarg(int) type; 111 syscallarg(int) protocol; 112 } */ 113 int fd, error; 114 file_t *fp; 115 116 error = fsocreate(SCARG(uap, domain), NULL, SCARG(uap, type), 117 SCARG(uap, protocol), &fd, &fp, NULL); 118 if (error == 0) { 119 fd_affix(l->l_proc, fp, fd); 120 *retval = fd; 121 } 122 return error; 123 } 124 125 int 126 sys_bind(struct lwp *l, const struct sys_bind_args *uap, register_t *retval) 127 { 128 /* { 129 syscallarg(int) s; 130 syscallarg(const struct sockaddr *) name; 131 syscallarg(unsigned int) namelen; 132 } */ 133 int error; 134 struct sockaddr_big sb; 135 136 error = sockargs_sb(&sb, SCARG(uap, name), SCARG(uap, namelen)); 137 if (error) 138 return error; 139 140 return do_sys_bind(l, SCARG(uap, s), (struct sockaddr *)&sb); 141 } 142 143 int 144 do_sys_bind(struct lwp *l, int fd, struct sockaddr *nam) 145 { 146 struct socket *so; 147 int error; 148 149 if ((error = fd_getsock(fd, &so)) != 0) 150 return error; 151 error = sobind(so, nam, l); 152 fd_putfile(fd); 153 return error; 154 } 155 156 int 157 sys_listen(struct lwp *l, const struct sys_listen_args *uap, register_t *retval) 158 { 159 /* { 160 syscallarg(int) s; 161 syscallarg(int) backlog; 162 } */ 163 struct socket *so; 164 int error; 165 166 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0) 167 return (error); 168 error = solisten(so, SCARG(uap, backlog), l); 169 fd_putfile(SCARG(uap, s)); 170 return error; 171 } 172 173 int 174 do_sys_accept(struct lwp *l, int sock, struct sockaddr *name, 175 register_t *new_sock, const sigset_t *mask, int flags, int clrflags) 176 { 177 file_t *fp, *fp2; 178 int error, fd; 179 struct socket *so, *so2; 180 short wakeup_state = 0; 181 182 if ((fp = fd_getfile(sock)) == NULL) 183 return EBADF; 184 if (fp->f_type != DTYPE_SOCKET) { 185 fd_putfile(sock); 186 return ENOTSOCK; 187 } 188 if ((error = fd_allocfile(&fp2, &fd)) != 0) { 189 fd_putfile(sock); 190 return error; 191 } 192 *new_sock = fd; 193 so = fp->f_socket; 194 solock(so); 195 196 if (__predict_false(mask)) 197 sigsuspendsetup(l, mask); 198 199 if (!(so->so_proto->pr_flags & PR_LISTEN)) { 200 error = EOPNOTSUPP; 201 goto bad; 202 } 203 if ((so->so_options & SO_ACCEPTCONN) == 0) { 204 error = EINVAL; 205 goto bad; 206 } 207 if ((so->so_state & SS_NBIO) && so->so_qlen == 0) { 208 error = EWOULDBLOCK; 209 goto bad; 210 } 211 while (so->so_qlen == 0 && so->so_error == 0) { 212 if (so->so_state & SS_CANTRCVMORE) { 213 so->so_error = ECONNABORTED; 214 break; 215 } 216 if (wakeup_state & SS_RESTARTSYS) { 217 error = ERESTART; 218 goto bad; 219 } 220 error = sowait(so, true, 0); 221 if (error) { 222 goto bad; 223 } 224 wakeup_state = so->so_state; 225 } 226 if (so->so_error) { 227 error = so->so_error; 228 so->so_error = 0; 229 goto bad; 230 } 231 /* connection has been removed from the listen queue */ 232 KNOTE(&so->so_rcv.sb_sel.sel_klist, NOTE_SUBMIT); 233 so2 = TAILQ_FIRST(&so->so_q); 234 if (soqremque(so2, 1) == 0) 235 panic("accept"); 236 fp2->f_type = DTYPE_SOCKET; 237 fp2->f_flag = (fp->f_flag & ~clrflags) | 238 ((flags & SOCK_NONBLOCK) ? FNONBLOCK : 0)| 239 ((flags & SOCK_NOSIGPIPE) ? FNOSIGPIPE : 0); 240 fp2->f_ops = &socketops; 241 fp2->f_socket = so2; 242 if (fp2->f_flag & FNONBLOCK) 243 so2->so_state |= SS_NBIO; 244 else 245 so2->so_state &= ~SS_NBIO; 246 error = soaccept(so2, name); 247 so2->so_cred = kauth_cred_hold(so->so_cred); 248 sounlock(so); 249 if (error) { 250 /* an error occurred, free the file descriptor and mbuf */ 251 mutex_enter(&fp2->f_lock); 252 fp2->f_count++; 253 mutex_exit(&fp2->f_lock); 254 closef(fp2); 255 fd_abort(curproc, NULL, fd); 256 } else { 257 fd_set_exclose(l, fd, (flags & SOCK_CLOEXEC) != 0); 258 fd_affix(curproc, fp2, fd); 259 } 260 fd_putfile(sock); 261 if (__predict_false(mask)) 262 sigsuspendteardown(l); 263 return error; 264 bad: 265 sounlock(so); 266 fd_putfile(sock); 267 fd_abort(curproc, fp2, fd); 268 if (__predict_false(mask)) 269 sigsuspendteardown(l); 270 return error; 271 } 272 273 int 274 sys_accept(struct lwp *l, const struct sys_accept_args *uap, register_t *retval) 275 { 276 /* { 277 syscallarg(int) s; 278 syscallarg(struct sockaddr *) name; 279 syscallarg(unsigned int *) anamelen; 280 } */ 281 int error, fd; 282 struct sockaddr_big name; 283 284 name.sb_len = UCHAR_MAX; 285 error = do_sys_accept(l, SCARG(uap, s), (struct sockaddr *)&name, 286 retval, NULL, 0, 0); 287 if (error != 0) 288 return error; 289 error = copyout_sockname_sb(SCARG(uap, name), SCARG(uap, anamelen), 290 MSG_LENUSRSPACE, &name); 291 if (error != 0) { 292 fd = (int)*retval; 293 if (fd_getfile(fd) != NULL) 294 (void)fd_close(fd); 295 } 296 return error; 297 } 298 299 int 300 sys_paccept(struct lwp *l, const struct sys_paccept_args *uap, 301 register_t *retval) 302 { 303 /* { 304 syscallarg(int) s; 305 syscallarg(struct sockaddr *) name; 306 syscallarg(unsigned int *) anamelen; 307 syscallarg(const sigset_t *) mask; 308 syscallarg(int) flags; 309 } */ 310 int error, fd; 311 struct sockaddr_big name; 312 sigset_t *mask, amask; 313 314 if (SCARG(uap, mask) != NULL) { 315 error = copyin(SCARG(uap, mask), &amask, sizeof(amask)); 316 if (error) 317 return error; 318 mask = &amask; 319 } else 320 mask = NULL; 321 322 name.sb_len = UCHAR_MAX; 323 error = do_sys_accept(l, SCARG(uap, s), (struct sockaddr *)&name, 324 retval, mask, SCARG(uap, flags), FNONBLOCK); 325 if (error != 0) 326 return error; 327 error = copyout_sockname_sb(SCARG(uap, name), SCARG(uap, anamelen), 328 MSG_LENUSRSPACE, &name); 329 if (error != 0) { 330 fd = (int)*retval; 331 if (fd_getfile(fd) != NULL) 332 (void)fd_close(fd); 333 } 334 return error; 335 } 336 337 int 338 sys_connect(struct lwp *l, const struct sys_connect_args *uap, 339 register_t *retval) 340 { 341 /* { 342 syscallarg(int) s; 343 syscallarg(const struct sockaddr *) name; 344 syscallarg(unsigned int) namelen; 345 } */ 346 int error; 347 struct sockaddr_big sbig; 348 349 error = sockargs_sb(&sbig, SCARG(uap, name), SCARG(uap, namelen)); 350 if (error) 351 return error; 352 return do_sys_connect(l, SCARG(uap, s), (struct sockaddr *)&sbig); 353 } 354 355 int 356 do_sys_connect(struct lwp *l, int fd, struct sockaddr *nam) 357 { 358 struct socket *so; 359 int error; 360 int interrupted = 0; 361 362 if ((error = fd_getsock(fd, &so)) != 0) { 363 return (error); 364 } 365 solock(so); 366 if ((so->so_state & SS_ISCONNECTING) != 0) { 367 error = EALREADY; 368 goto out; 369 } 370 371 error = soconnect(so, nam, l); 372 if (error) 373 goto bad; 374 if ((so->so_state & (SS_NBIO|SS_ISCONNECTING)) == 375 (SS_NBIO|SS_ISCONNECTING)) { 376 error = EINPROGRESS; 377 goto out; 378 } 379 while ((so->so_state & SS_ISCONNECTING) != 0 && so->so_error == 0) { 380 error = sowait(so, true, 0); 381 if (__predict_false((so->so_state & SS_ISABORTING) != 0)) { 382 error = EPIPE; 383 interrupted = 1; 384 break; 385 } 386 if (error) { 387 if (error == EINTR || error == ERESTART) 388 interrupted = 1; 389 break; 390 } 391 } 392 if (error == 0) { 393 error = so->so_error; 394 so->so_error = 0; 395 } 396 bad: 397 if (!interrupted) 398 so->so_state &= ~SS_ISCONNECTING; 399 if (error == ERESTART) 400 error = EINTR; 401 out: 402 sounlock(so); 403 fd_putfile(fd); 404 return error; 405 } 406 407 int 408 sys_socketpair(struct lwp *l, const struct sys_socketpair_args *uap, 409 register_t *retval) 410 { 411 /* { 412 syscallarg(int) domain; 413 syscallarg(int) type; 414 syscallarg(int) protocol; 415 syscallarg(int *) rsv; 416 } */ 417 file_t *fp1, *fp2; 418 struct socket *so1, *so2; 419 int fd, error, sv[2]; 420 proc_t *p = curproc; 421 int flags = SCARG(uap, type) & SOCK_FLAGS_MASK; 422 int type = SCARG(uap, type) & ~SOCK_FLAGS_MASK; 423 int domain = SCARG(uap, domain); 424 int proto = SCARG(uap, protocol); 425 426 error = fsocreate(domain, &so1, type|flags, proto, &fd, &fp1, NULL); 427 if (error) 428 return error; 429 sv[0] = fd; 430 431 error = fsocreate(domain, &so2, type|flags, proto, &fd, &fp2, so1); 432 if (error) 433 goto out; 434 sv[1] = fd; 435 436 solock(so1); 437 error = soconnect2(so1, so2); 438 if (error == 0 && type == SOCK_DGRAM) { 439 /* 440 * Datagram socket connection is asymmetric. 441 */ 442 error = soconnect2(so2, so1); 443 } 444 sounlock(so1); 445 446 if (error == 0) 447 error = copyout(sv, SCARG(uap, rsv), sizeof(sv)); 448 if (error == 0) { 449 fd_affix(p, fp2, sv[1]); 450 fd_affix(p, fp1, sv[0]); 451 return 0; 452 } 453 fd_abort(p, fp2, sv[1]); 454 (void)soclose(so2); 455 out: 456 fd_abort(p, fp1, sv[0]); 457 (void)soclose(so1); 458 return error; 459 } 460 461 int 462 sys_sendto(struct lwp *l, const struct sys_sendto_args *uap, 463 register_t *retval) 464 { 465 /* { 466 syscallarg(int) s; 467 syscallarg(const void *) buf; 468 syscallarg(size_t) len; 469 syscallarg(int) flags; 470 syscallarg(const struct sockaddr *) to; 471 syscallarg(unsigned int) tolen; 472 } */ 473 struct msghdr msg = {0}; 474 struct iovec aiov; 475 476 msg.msg_name = __UNCONST(SCARG(uap, to)); /* XXXUNCONST kills const */ 477 msg.msg_namelen = SCARG(uap, tolen); 478 msg.msg_iov = &aiov; 479 msg.msg_iovlen = 1; 480 msg.msg_control = NULL; 481 msg.msg_flags = 0; 482 aiov.iov_base = __UNCONST(SCARG(uap, buf)); /* XXXUNCONST kills const */ 483 aiov.iov_len = SCARG(uap, len); 484 return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), 485 retval); 486 } 487 488 int 489 sys_sendmsg(struct lwp *l, const struct sys_sendmsg_args *uap, 490 register_t *retval) 491 { 492 /* { 493 syscallarg(int) s; 494 syscallarg(const struct msghdr *) msg; 495 syscallarg(int) flags; 496 } */ 497 struct msghdr msg; 498 int error; 499 500 error = copyin(SCARG(uap, msg), &msg, sizeof(msg)); 501 if (error) 502 return (error); 503 504 msg.msg_flags = MSG_IOVUSRSPACE; 505 return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), 506 retval); 507 } 508 509 int 510 do_sys_sendmsg_so(struct lwp *l, int s, struct socket *so, file_t *fp, 511 struct msghdr *mp, int flags, register_t *retsize) 512 { 513 514 struct iovec aiov[UIO_SMALLIOV], *iov = aiov, *tiov, *ktriov = NULL; 515 struct sockaddr *sa = NULL; 516 struct mbuf *to, *control; 517 struct uio auio; 518 size_t len, iovsz; 519 int i, error; 520 521 ktrkuser("msghdr", mp, sizeof(*mp)); 522 523 /* If the caller passed us stuff in mbufs, we must free them. */ 524 to = (mp->msg_flags & MSG_NAMEMBUF) ? mp->msg_name : NULL; 525 control = (mp->msg_flags & MSG_CONTROLMBUF) ? mp->msg_control : NULL; 526 iovsz = mp->msg_iovlen * sizeof(struct iovec); 527 528 if (mp->msg_flags & MSG_IOVUSRSPACE) { 529 if ((unsigned int)mp->msg_iovlen > UIO_SMALLIOV) { 530 if ((unsigned int)mp->msg_iovlen > IOV_MAX) { 531 error = EMSGSIZE; 532 goto bad; 533 } 534 iov = kmem_alloc(iovsz, KM_SLEEP); 535 } 536 if (mp->msg_iovlen != 0) { 537 error = copyin(mp->msg_iov, iov, iovsz); 538 if (error) 539 goto bad; 540 } 541 auio.uio_iov = iov; 542 } else 543 auio.uio_iov = mp->msg_iov; 544 545 auio.uio_iovcnt = mp->msg_iovlen; 546 auio.uio_rw = UIO_WRITE; 547 auio.uio_offset = 0; /* XXX */ 548 auio.uio_resid = 0; 549 KASSERT(l == curlwp); 550 auio.uio_vmspace = l->l_proc->p_vmspace; 551 552 tiov = auio.uio_iov; 553 for (i = 0; i < auio.uio_iovcnt; i++, tiov++) { 554 /* 555 * Writes return ssize_t because -1 is returned on error. 556 * Therefore, we must restrict the length to SSIZE_MAX to 557 * avoid garbage return values. 558 */ 559 auio.uio_resid += tiov->iov_len; 560 if (tiov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) { 561 error = EINVAL; 562 goto bad; 563 } 564 } 565 566 if (mp->msg_name && to == NULL) { 567 error = sockargs(&to, mp->msg_name, mp->msg_namelen, 568 UIO_USERSPACE, MT_SONAME); 569 if (error) 570 goto bad; 571 } 572 573 if (mp->msg_control) { 574 if (mp->msg_controllen < CMSG_ALIGN(sizeof(struct cmsghdr))) { 575 error = EINVAL; 576 goto bad; 577 } 578 if (control == NULL) { 579 error = sockargs(&control, mp->msg_control, 580 mp->msg_controllen, UIO_USERSPACE, MT_CONTROL); 581 if (error) 582 goto bad; 583 } 584 } 585 586 if (ktrpoint(KTR_GENIO) && iovsz > 0) { 587 ktriov = kmem_alloc(iovsz, KM_SLEEP); 588 memcpy(ktriov, auio.uio_iov, iovsz); 589 } 590 591 if (mp->msg_name) 592 MCLAIM(to, so->so_mowner); 593 if (mp->msg_control) 594 MCLAIM(control, so->so_mowner); 595 596 if (to) { 597 sa = mtod(to, struct sockaddr *); 598 } 599 600 len = auio.uio_resid; 601 error = (*so->so_send)(so, sa, &auio, NULL, control, flags, l); 602 /* Protocol is responsible for freeing 'control' */ 603 control = NULL; 604 605 if (error) { 606 if (auio.uio_resid != len && (error == ERESTART || 607 error == EINTR || error == EWOULDBLOCK)) 608 error = 0; 609 if (error == EPIPE && (fp->f_flag & FNOSIGPIPE) == 0 && 610 (flags & MSG_NOSIGNAL) == 0) { 611 mutex_enter(&proc_lock); 612 psignal(l->l_proc, SIGPIPE); 613 mutex_exit(&proc_lock); 614 } 615 } 616 if (error == 0) 617 *retsize = len - auio.uio_resid; 618 619 bad: 620 if (ktriov != NULL) { 621 ktrgeniov(s, UIO_WRITE, ktriov, *retsize, error); 622 kmem_free(ktriov, iovsz); 623 } 624 625 if (iov != aiov) 626 kmem_free(iov, iovsz); 627 m_freem(to); 628 m_freem(control); 629 630 return error; 631 } 632 633 int 634 do_sys_sendmsg(struct lwp *l, int s, struct msghdr *mp, int flags, 635 register_t *retsize) 636 { 637 int error; 638 struct socket *so; 639 file_t *fp; 640 641 if ((error = fd_getsock1(s, &so, &fp)) != 0) { 642 /* We have to free msg_name and msg_control ourselves */ 643 if (mp->msg_flags & MSG_NAMEMBUF) 644 m_freem(mp->msg_name); 645 if (mp->msg_flags & MSG_CONTROLMBUF) 646 m_freem(mp->msg_control); 647 return error; 648 } 649 error = do_sys_sendmsg_so(l, s, so, fp, mp, flags, retsize); 650 /* msg_name and msg_control freed */ 651 fd_putfile(s); 652 return error; 653 } 654 655 int 656 sys_recvfrom(struct lwp *l, const struct sys_recvfrom_args *uap, 657 register_t *retval) 658 { 659 /* { 660 syscallarg(int) s; 661 syscallarg(void *) buf; 662 syscallarg(size_t) len; 663 syscallarg(int) flags; 664 syscallarg(struct sockaddr *) from; 665 syscallarg(unsigned int *) fromlenaddr; 666 } */ 667 struct msghdr msg = {0}; 668 struct iovec aiov; 669 int error; 670 struct mbuf *from; 671 672 msg.msg_name = NULL; 673 msg.msg_iov = &aiov; 674 msg.msg_iovlen = 1; 675 aiov.iov_base = SCARG(uap, buf); 676 aiov.iov_len = SCARG(uap, len); 677 msg.msg_control = NULL; 678 msg.msg_flags = SCARG(uap, flags) & MSG_USERFLAGS; 679 680 error = do_sys_recvmsg(l, SCARG(uap, s), &msg, &from, NULL, retval); 681 if (error != 0) 682 return error; 683 684 error = copyout_sockname(SCARG(uap, from), SCARG(uap, fromlenaddr), 685 MSG_LENUSRSPACE, from); 686 if (from != NULL) 687 m_free(from); 688 return error; 689 } 690 691 int 692 sys_recvmsg(struct lwp *l, const struct sys_recvmsg_args *uap, 693 register_t *retval) 694 { 695 /* { 696 syscallarg(int) s; 697 syscallarg(struct msghdr *) msg; 698 syscallarg(int) flags; 699 } */ 700 struct msghdr msg; 701 int error; 702 struct mbuf *from, *control; 703 704 error = copyin(SCARG(uap, msg), &msg, sizeof(msg)); 705 if (error) 706 return error; 707 708 msg.msg_flags = (SCARG(uap, flags) & MSG_USERFLAGS) | MSG_IOVUSRSPACE; 709 710 error = do_sys_recvmsg(l, SCARG(uap, s), &msg, &from, 711 msg.msg_control != NULL ? &control : NULL, retval); 712 if (error != 0) 713 return error; 714 715 if (msg.msg_control != NULL) 716 error = copyout_msg_control(l, &msg, control); 717 718 if (error == 0) 719 error = copyout_sockname(msg.msg_name, &msg.msg_namelen, 0, 720 from); 721 if (from != NULL) 722 m_free(from); 723 if (error == 0) { 724 ktrkuser("msghdr", &msg, sizeof(msg)); 725 error = copyout(&msg, SCARG(uap, msg), sizeof(msg)); 726 } 727 728 return error; 729 } 730 731 int 732 sys_sendmmsg(struct lwp *l, const struct sys_sendmmsg_args *uap, 733 register_t *retval) 734 { 735 /* { 736 syscallarg(int) s; 737 syscallarg(struct mmsghdr *) mmsg; 738 syscallarg(unsigned int) vlen; 739 syscallarg(unsigned int) flags; 740 } */ 741 struct mmsghdr mmsg; 742 struct socket *so; 743 file_t *fp; 744 struct msghdr *msg = &mmsg.msg_hdr; 745 int error, s; 746 unsigned int vlen, flags, dg; 747 748 s = SCARG(uap, s); 749 if ((error = fd_getsock1(s, &so, &fp)) != 0) 750 return error; 751 752 vlen = SCARG(uap, vlen); 753 if (vlen > 1024) 754 vlen = 1024; 755 756 flags = (SCARG(uap, flags) & MSG_USERFLAGS) | MSG_IOVUSRSPACE; 757 758 for (dg = 0; dg < vlen;) { 759 error = copyin(SCARG(uap, mmsg) + dg, &mmsg, sizeof(mmsg)); 760 if (error) 761 break; 762 763 msg->msg_flags = flags; 764 765 error = do_sys_sendmsg_so(l, s, so, fp, msg, flags, retval); 766 if (error) 767 break; 768 769 ktrkuser("msghdr", msg, sizeof(*msg)); 770 mmsg.msg_len = *retval; 771 error = copyout(&mmsg, SCARG(uap, mmsg) + dg, sizeof(mmsg)); 772 if (error) 773 break; 774 dg++; 775 776 } 777 778 *retval = dg; 779 780 fd_putfile(s); 781 782 /* 783 * If we succeeded at least once, return 0. 784 */ 785 if (dg) 786 return 0; 787 return error; 788 } 789 790 /* 791 * Adjust for a truncated SCM_RIGHTS control message. 792 * This means closing any file descriptors that aren't present 793 * in the returned buffer. 794 * m is the mbuf holding the (already externalized) SCM_RIGHTS message. 795 */ 796 static void 797 free_rights(struct mbuf *m) 798 { 799 struct cmsghdr *cm; 800 int *fdv; 801 unsigned int nfds, i; 802 803 KASSERT(sizeof(*cm) <= m->m_len); 804 cm = mtod(m, struct cmsghdr *); 805 806 KASSERT(CMSG_ALIGN(sizeof(*cm)) <= cm->cmsg_len); 807 KASSERT(cm->cmsg_len <= m->m_len); 808 nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof(int); 809 fdv = (int *)CMSG_DATA(cm); 810 811 for (i = 0; i < nfds; i++) 812 if (fd_getfile(fdv[i]) != NULL) 813 (void)fd_close(fdv[i]); 814 } 815 816 void 817 free_control_mbuf(struct lwp *l, struct mbuf *control, struct mbuf *uncopied) 818 { 819 struct mbuf *next; 820 struct cmsghdr *cmsg; 821 bool do_free_rights = false; 822 823 while (control != NULL) { 824 cmsg = mtod(control, struct cmsghdr *); 825 if (control == uncopied) 826 do_free_rights = true; 827 if (do_free_rights && cmsg->cmsg_level == SOL_SOCKET 828 && cmsg->cmsg_type == SCM_RIGHTS) 829 free_rights(control); 830 next = control->m_next; 831 m_free(control); 832 control = next; 833 } 834 } 835 836 /* Copy socket control/CMSG data to user buffer, frees the mbuf */ 837 int 838 copyout_msg_control(struct lwp *l, struct msghdr *mp, struct mbuf *control) 839 { 840 int i, len, error = 0; 841 struct cmsghdr *cmsg; 842 struct mbuf *m; 843 char *q; 844 845 len = mp->msg_controllen; 846 if (len <= 0 || control == 0) { 847 mp->msg_controllen = 0; 848 free_control_mbuf(l, control, control); 849 return 0; 850 } 851 852 q = (char *)mp->msg_control; 853 854 for (m = control; m != NULL; ) { 855 cmsg = mtod(m, struct cmsghdr *); 856 i = m->m_len; 857 if (len < i) { 858 mp->msg_flags |= MSG_CTRUNC; 859 if (cmsg->cmsg_level == SOL_SOCKET 860 && cmsg->cmsg_type == SCM_RIGHTS) 861 /* Do not truncate me ... */ 862 break; 863 i = len; 864 } 865 error = copyout(mtod(m, void *), q, i); 866 ktrkuser(mbuftypes[MT_CONTROL], cmsg, cmsg->cmsg_len); 867 if (error != 0) { 868 /* We must free all the SCM_RIGHTS */ 869 m = control; 870 break; 871 } 872 m = m->m_next; 873 if (m) 874 i = ALIGN(i); 875 q += i; 876 len -= i; 877 if (len <= 0) 878 break; 879 } 880 881 free_control_mbuf(l, control, m); 882 883 mp->msg_controllen = q - (char *)mp->msg_control; 884 return error; 885 } 886 887 int 888 do_sys_recvmsg_so(struct lwp *l, int s, struct socket *so, struct msghdr *mp, 889 struct mbuf **from, struct mbuf **control, register_t *retsize) 890 { 891 struct iovec aiov[UIO_SMALLIOV], *iov = aiov, *tiov, *ktriov = NULL; 892 struct uio auio; 893 size_t len, iovsz; 894 int i, error; 895 896 ktrkuser("msghdr", mp, sizeof(*mp)); 897 898 *from = NULL; 899 if (control != NULL) 900 *control = NULL; 901 902 iovsz = mp->msg_iovlen * sizeof(struct iovec); 903 904 if (mp->msg_flags & MSG_IOVUSRSPACE) { 905 if ((unsigned int)mp->msg_iovlen > UIO_SMALLIOV) { 906 if ((unsigned int)mp->msg_iovlen > IOV_MAX) { 907 error = EMSGSIZE; 908 goto out; 909 } 910 iov = kmem_alloc(iovsz, KM_SLEEP); 911 } 912 if (mp->msg_iovlen != 0) { 913 error = copyin(mp->msg_iov, iov, iovsz); 914 if (error) 915 goto out; 916 } 917 auio.uio_iov = iov; 918 } else 919 auio.uio_iov = mp->msg_iov; 920 auio.uio_iovcnt = mp->msg_iovlen; 921 auio.uio_rw = UIO_READ; 922 auio.uio_offset = 0; /* XXX */ 923 auio.uio_resid = 0; 924 KASSERT(l == curlwp); 925 auio.uio_vmspace = l->l_proc->p_vmspace; 926 927 tiov = auio.uio_iov; 928 for (i = 0; i < auio.uio_iovcnt; i++, tiov++) { 929 /* 930 * Reads return ssize_t because -1 is returned on error. 931 * Therefore we must restrict the length to SSIZE_MAX to 932 * avoid garbage return values. 933 */ 934 auio.uio_resid += tiov->iov_len; 935 if (tiov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) { 936 error = EINVAL; 937 goto out; 938 } 939 } 940 941 if (ktrpoint(KTR_GENIO) && iovsz > 0) { 942 ktriov = kmem_alloc(iovsz, KM_SLEEP); 943 memcpy(ktriov, auio.uio_iov, iovsz); 944 } 945 946 len = auio.uio_resid; 947 mp->msg_flags &= MSG_USERFLAGS; 948 error = (*so->so_receive)(so, from, &auio, NULL, control, 949 &mp->msg_flags); 950 KASSERT(*from == NULL || (*from)->m_next == NULL); 951 len -= auio.uio_resid; 952 *retsize = len; 953 if (error != 0 && len != 0 954 && (error == ERESTART || error == EINTR || error == EWOULDBLOCK)) 955 /* Some data transferred */ 956 error = 0; 957 958 if (ktriov != NULL) { 959 ktrgeniov(s, UIO_READ, ktriov, len, error); 960 kmem_free(ktriov, iovsz); 961 } 962 963 if (error != 0) { 964 m_freem(*from); 965 *from = NULL; 966 if (control != NULL) { 967 free_control_mbuf(l, *control, *control); 968 *control = NULL; 969 } 970 } 971 out: 972 if (iov != aiov) 973 kmem_free(iov, iovsz); 974 return error; 975 } 976 977 978 int 979 do_sys_recvmsg(struct lwp *l, int s, struct msghdr *mp, 980 struct mbuf **from, struct mbuf **control, register_t *retsize) 981 { 982 int error; 983 struct socket *so; 984 985 if ((error = fd_getsock(s, &so)) != 0) 986 return error; 987 error = do_sys_recvmsg_so(l, s, so, mp, from, control, retsize); 988 fd_putfile(s); 989 return error; 990 } 991 992 int 993 sys_recvmmsg(struct lwp *l, const struct sys_recvmmsg_args *uap, 994 register_t *retval) 995 { 996 /* { 997 syscallarg(int) s; 998 syscallarg(struct mmsghdr *) mmsg; 999 syscallarg(unsigned int) vlen; 1000 syscallarg(unsigned int) flags; 1001 syscallarg(struct timespec *) timeout; 1002 } */ 1003 struct mmsghdr mmsg; 1004 struct socket *so; 1005 struct msghdr *msg = &mmsg.msg_hdr; 1006 int error, s; 1007 struct mbuf *from, *control; 1008 struct timespec ts, now; 1009 unsigned int vlen, flags, dg; 1010 1011 if (SCARG(uap, timeout)) { 1012 if ((error = copyin(SCARG(uap, timeout), &ts, sizeof(ts))) != 0) 1013 return error; 1014 if (ts.tv_nsec < 0 || ts.tv_nsec >= 1000000000L) 1015 return EINVAL; 1016 getnanotime(&now); 1017 if (timespecaddok(&now, &ts)) { 1018 timespecadd(&now, &ts, &ts); 1019 } else { 1020 ts.tv_sec = __type_max(time_t); 1021 ts.tv_nsec = 999999999L; 1022 } 1023 } 1024 1025 s = SCARG(uap, s); 1026 if ((error = fd_getsock(s, &so)) != 0) 1027 return error; 1028 1029 /* 1030 * If so->so_rerror holds a deferred error return it now. 1031 */ 1032 if (so->so_rerror) { 1033 error = so->so_rerror; 1034 so->so_rerror = 0; 1035 fd_putfile(s); 1036 return error; 1037 } 1038 1039 vlen = SCARG(uap, vlen); 1040 if (vlen > 1024) 1041 vlen = 1024; 1042 1043 from = NULL; 1044 flags = (SCARG(uap, flags) & MSG_USERFLAGS) | MSG_IOVUSRSPACE; 1045 1046 for (dg = 0; dg < vlen;) { 1047 error = copyin(SCARG(uap, mmsg) + dg, &mmsg, sizeof(mmsg)); 1048 if (error) 1049 break; 1050 1051 msg->msg_flags = flags & ~MSG_WAITFORONE; 1052 1053 if (from != NULL) { 1054 m_free(from); 1055 from = NULL; 1056 } 1057 1058 error = do_sys_recvmsg_so(l, s, so, msg, &from, 1059 msg->msg_control != NULL ? &control : NULL, retval); 1060 if (error) { 1061 if (error == EAGAIN && dg > 0) 1062 error = 0; 1063 break; 1064 } 1065 1066 if (msg->msg_control != NULL) 1067 error = copyout_msg_control(l, msg, control); 1068 if (error) 1069 break; 1070 1071 error = copyout_sockname(msg->msg_name, &msg->msg_namelen, 0, 1072 from); 1073 if (error) 1074 break; 1075 1076 ktrkuser("msghdr", msg, sizeof *msg); 1077 mmsg.msg_len = *retval; 1078 1079 error = copyout(&mmsg, SCARG(uap, mmsg) + dg, sizeof(mmsg)); 1080 if (error) 1081 break; 1082 1083 dg++; 1084 if (msg->msg_flags & MSG_OOB) 1085 break; 1086 1087 if (SCARG(uap, timeout)) { 1088 getnanotime(&now); 1089 if (timespeccmp(&ts, &now, <)) 1090 break; 1091 } 1092 1093 if (flags & MSG_WAITFORONE) 1094 flags |= MSG_DONTWAIT; 1095 1096 } 1097 1098 if (from != NULL) 1099 m_free(from); 1100 1101 *retval = dg; 1102 1103 /* 1104 * If we succeeded at least once, return 0, hopefully so->so_rerror 1105 * will catch it next time. 1106 */ 1107 if (error && dg > 0) { 1108 so->so_rerror = error; 1109 error = 0; 1110 } 1111 1112 fd_putfile(s); 1113 1114 return error; 1115 } 1116 1117 int 1118 sys_shutdown(struct lwp *l, const struct sys_shutdown_args *uap, 1119 register_t *retval) 1120 { 1121 /* { 1122 syscallarg(int) s; 1123 syscallarg(int) how; 1124 } */ 1125 struct socket *so; 1126 int error; 1127 1128 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0) 1129 return error; 1130 solock(so); 1131 error = soshutdown(so, SCARG(uap, how)); 1132 sounlock(so); 1133 fd_putfile(SCARG(uap, s)); 1134 return error; 1135 } 1136 1137 int 1138 sys_setsockopt(struct lwp *l, const struct sys_setsockopt_args *uap, 1139 register_t *retval) 1140 { 1141 /* { 1142 syscallarg(int) s; 1143 syscallarg(int) level; 1144 syscallarg(int) name; 1145 syscallarg(const void *) val; 1146 syscallarg(unsigned int) valsize; 1147 } */ 1148 struct sockopt sopt; 1149 struct socket *so; 1150 file_t *fp; 1151 int error; 1152 unsigned int len; 1153 1154 len = SCARG(uap, valsize); 1155 if (len > 0 && SCARG(uap, val) == NULL) 1156 return EINVAL; 1157 1158 if (len > MCLBYTES) 1159 return EINVAL; 1160 1161 if ((error = fd_getsock1(SCARG(uap, s), &so, &fp)) != 0) 1162 return (error); 1163 1164 sockopt_init(&sopt, SCARG(uap, level), SCARG(uap, name), len); 1165 1166 if (len > 0) { 1167 error = copyin(SCARG(uap, val), sopt.sopt_data, len); 1168 if (error) 1169 goto out; 1170 } 1171 1172 error = sosetopt(so, &sopt); 1173 if (so->so_options & SO_NOSIGPIPE) 1174 atomic_or_uint(&fp->f_flag, FNOSIGPIPE); 1175 else 1176 atomic_and_uint(&fp->f_flag, ~FNOSIGPIPE); 1177 1178 out: 1179 sockopt_destroy(&sopt); 1180 fd_putfile(SCARG(uap, s)); 1181 return error; 1182 } 1183 1184 static int 1185 getsockopt(struct lwp *l, const struct sys_getsockopt_args *uap, 1186 register_t *retval, bool copyarg) 1187 { 1188 struct sockopt sopt; 1189 struct socket *so; 1190 file_t *fp; 1191 unsigned int valsize, len; 1192 int error; 1193 1194 if (SCARG(uap, val) != NULL) { 1195 error = copyin(SCARG(uap, avalsize), &valsize, sizeof(valsize)); 1196 if (error) 1197 return error; 1198 } else 1199 valsize = 0; 1200 1201 if (valsize > MCLBYTES) 1202 return EINVAL; 1203 1204 if ((error = fd_getsock1(SCARG(uap, s), &so, &fp)) != 0) 1205 return error; 1206 1207 sockopt_init(&sopt, SCARG(uap, level), SCARG(uap, name), valsize); 1208 if (copyarg && valsize > 0) { 1209 error = copyin(SCARG(uap, val), sopt.sopt_data, valsize); 1210 if (error) 1211 goto out; 1212 } 1213 1214 if (fp->f_flag & FNOSIGPIPE) 1215 so->so_options |= SO_NOSIGPIPE; 1216 else 1217 so->so_options &= ~SO_NOSIGPIPE; 1218 1219 error = sogetopt(so, &sopt); 1220 if (error || valsize == 0) 1221 goto out; 1222 1223 len = uimin(valsize, sopt.sopt_retsize); 1224 error = copyout(sopt.sopt_data, SCARG(uap, val), len); 1225 if (error) 1226 goto out; 1227 1228 error = copyout(&len, SCARG(uap, avalsize), sizeof(len)); 1229 out: 1230 sockopt_destroy(&sopt); 1231 fd_putfile(SCARG(uap, s)); 1232 return error; 1233 } 1234 1235 int 1236 sys_getsockopt(struct lwp *l, const struct sys_getsockopt_args *uap, 1237 register_t *retval) 1238 { 1239 /* { 1240 syscallarg(int) s; 1241 syscallarg(int) level; 1242 syscallarg(int) name; 1243 syscallarg(void *) val; 1244 syscallarg(unsigned int *) avalsize; 1245 } */ 1246 return getsockopt(l, uap, retval, false); 1247 } 1248 1249 int 1250 sys_getsockopt2(struct lwp *l, const struct sys_getsockopt2_args *uap, 1251 register_t *retval) 1252 { 1253 /* { 1254 syscallarg(int) s; 1255 syscallarg(int) level; 1256 syscallarg(int) name; 1257 syscallarg(void *) val; 1258 syscallarg(unsigned int *) avalsize; 1259 } */ 1260 return getsockopt(l, (const struct sys_getsockopt_args *) uap, retval, true); 1261 } 1262 1263 #ifdef PIPE_SOCKETPAIR 1264 1265 int 1266 pipe1(struct lwp *l, int *fildes, int flags) 1267 { 1268 file_t *rf, *wf; 1269 struct socket *rso, *wso; 1270 int error, soflags = 0; 1271 unsigned rfd, wfd; 1272 proc_t *p = l->l_proc; 1273 1274 if (flags & ~(O_CLOEXEC|O_NONBLOCK|O_NOSIGPIPE)) 1275 return EINVAL; 1276 if (flags & O_CLOEXEC) 1277 soflags |= SOCK_CLOEXEC; 1278 if (flags & O_NONBLOCK) 1279 soflags |= SOCK_NONBLOCK; 1280 if (flags & O_NOSIGPIPE) 1281 soflags |= SOCK_NOSIGPIPE; 1282 1283 error = fsocreate(AF_LOCAL, &rso, SOCK_STREAM|soflags, 0, &rfd, &rf, 1284 NULL); 1285 if (error) 1286 goto free1; 1287 error = fsocreate(AF_LOCAL, &wso, SOCK_STREAM|soflags, 0, &wfd, &wf, 1288 rso); 1289 if (error) 1290 goto free2; 1291 1292 /* make sure the descriptors are uni-directional */ 1293 rf->f_type = rf->f_type & ~(FWRITE); 1294 wf->f_type = wf->f_type & ~(FREAD); 1295 1296 /* remember this socket pair implements a pipe */ 1297 rso->so_state |= SS_ISAPIPE; 1298 wso->so_state |= SS_ISAPIPE; 1299 1300 solock(wso); 1301 /* 1302 * Pipes must be readable when there is at least 1 1303 * byte of data available in the receive buffer. 1304 * 1305 * Pipes must be writable when there is space for 1306 * at least PIPE_BUF bytes in the send buffer. 1307 * If we're increasing the low water mark for the 1308 * send buffer, then mimic how soreserve() would 1309 * have set the high water mark. 1310 */ 1311 rso->so_rcv.sb_lowat = 1; 1312 if (wso->so_snd.sb_lowat < PIPE_BUF) { 1313 wso->so_snd.sb_hiwat = PIPE_BUF * 2; 1314 } 1315 wso->so_snd.sb_lowat = PIPE_BUF; 1316 error = unp_connect2(wso, rso); 1317 sounlock(wso); 1318 1319 if (error != 0) 1320 goto free3; 1321 1322 fd_affix(p, wf, wfd); 1323 fd_affix(p, rf, rfd); 1324 fildes[0] = rfd; 1325 fildes[1] = wfd; 1326 return (0); 1327 free3: 1328 (void)soclose(wso); 1329 fd_abort(p, wf, wfd); 1330 free2: 1331 (void)soclose(rso); 1332 fd_abort(p, rf, rfd); 1333 free1: 1334 return error; 1335 } 1336 #endif /* PIPE_SOCKETPAIR */ 1337 1338 /* 1339 * Get peer socket name. 1340 */ 1341 int 1342 do_sys_getpeername(int fd, struct sockaddr *nam) 1343 { 1344 struct socket *so; 1345 int error; 1346 1347 if ((error = fd_getsock(fd, &so)) != 0) 1348 return error; 1349 1350 solock(so); 1351 if ((so->so_state & SS_ISCONNECTED) == 0) 1352 error = ENOTCONN; 1353 else { 1354 error = (*so->so_proto->pr_usrreqs->pr_peeraddr)(so, nam); 1355 } 1356 sounlock(so); 1357 fd_putfile(fd); 1358 return error; 1359 } 1360 1361 /* 1362 * Get local socket name. 1363 */ 1364 int 1365 do_sys_getsockname(int fd, struct sockaddr *nam) 1366 { 1367 struct socket *so; 1368 int error; 1369 1370 if ((error = fd_getsock(fd, &so)) != 0) 1371 return error; 1372 1373 solock(so); 1374 error = (*so->so_proto->pr_usrreqs->pr_sockaddr)(so, nam); 1375 sounlock(so); 1376 fd_putfile(fd); 1377 return error; 1378 } 1379 1380 int 1381 copyout_sockname_sb(struct sockaddr *asa, unsigned int *alen, int flags, 1382 struct sockaddr_big *addr) 1383 { 1384 unsigned int len; 1385 int error; 1386 1387 if (asa == NULL) 1388 /* Assume application not interested */ 1389 return 0; 1390 1391 if (flags & MSG_LENUSRSPACE) { 1392 error = copyin(alen, &len, sizeof(len)); 1393 if (error) 1394 return error; 1395 } else 1396 len = *alen; 1397 1398 if (addr == NULL) { 1399 len = 0; 1400 error = 0; 1401 } else { 1402 if (len > addr->sb_len) 1403 len = addr->sb_len; 1404 /* XXX addr isn't an mbuf... */ 1405 ktrkuser(mbuftypes[MT_SONAME], addr, len); 1406 error = copyout(addr, asa, len); 1407 } 1408 1409 if (error == 0) { 1410 if (flags & MSG_LENUSRSPACE) 1411 error = copyout(&len, alen, sizeof(len)); 1412 else 1413 *alen = len; 1414 } 1415 1416 return error; 1417 } 1418 1419 int 1420 copyout_sockname(struct sockaddr *asa, unsigned int *alen, int flags, 1421 struct mbuf *addr) 1422 { 1423 int len; 1424 int error; 1425 1426 if (asa == NULL) 1427 /* Assume application not interested */ 1428 return 0; 1429 1430 if (flags & MSG_LENUSRSPACE) { 1431 error = copyin(alen, &len, sizeof(len)); 1432 if (error) 1433 return error; 1434 } else 1435 len = *alen; 1436 if (len < 0) 1437 return EINVAL; 1438 1439 if (addr == NULL) { 1440 len = 0; 1441 error = 0; 1442 } else { 1443 if (len > addr->m_len) 1444 len = addr->m_len; 1445 /* Maybe this ought to copy a chain ? */ 1446 ktrkuser(mbuftypes[MT_SONAME], mtod(addr, void *), len); 1447 error = copyout(mtod(addr, void *), asa, len); 1448 } 1449 1450 if (error == 0) { 1451 if (flags & MSG_LENUSRSPACE) 1452 error = copyout(&len, alen, sizeof(len)); 1453 else 1454 *alen = len; 1455 } 1456 1457 return error; 1458 } 1459 1460 /* 1461 * Get socket name. 1462 */ 1463 int 1464 sys_getsockname(struct lwp *l, const struct sys_getsockname_args *uap, 1465 register_t *retval) 1466 { 1467 /* { 1468 syscallarg(int) fdes; 1469 syscallarg(struct sockaddr *) asa; 1470 syscallarg(unsigned int *) alen; 1471 } */ 1472 struct sockaddr_big sbig; 1473 int error; 1474 1475 sbig.sb_len = UCHAR_MAX; 1476 error = do_sys_getsockname(SCARG(uap, fdes), (struct sockaddr *)&sbig); 1477 if (error != 0) 1478 return error; 1479 1480 error = copyout_sockname_sb(SCARG(uap, asa), SCARG(uap, alen), 1481 MSG_LENUSRSPACE, &sbig); 1482 return error; 1483 } 1484 1485 /* 1486 * Get name of peer for connected socket. 1487 */ 1488 int 1489 sys_getpeername(struct lwp *l, const struct sys_getpeername_args *uap, 1490 register_t *retval) 1491 { 1492 /* { 1493 syscallarg(int) fdes; 1494 syscallarg(struct sockaddr *) asa; 1495 syscallarg(unsigned int *) alen; 1496 } */ 1497 struct sockaddr_big sbig; 1498 int error; 1499 1500 sbig.sb_len = UCHAR_MAX; 1501 error = do_sys_getpeername(SCARG(uap, fdes), (struct sockaddr *)&sbig); 1502 if (error != 0) 1503 return error; 1504 1505 error = copyout_sockname_sb(SCARG(uap, asa), SCARG(uap, alen), 1506 MSG_LENUSRSPACE, &sbig); 1507 return error; 1508 } 1509 1510 static int 1511 sockargs_sb(struct sockaddr_big *sb, const void *name, socklen_t buflen) 1512 { 1513 int error; 1514 1515 /* 1516 * We can't allow socket names > UCHAR_MAX in length, since that 1517 * will overflow sb_len. Further no reasonable buflen is <= 1518 * offsetof(sockaddr_big, sb_data) since it shall be at least 1519 * the size of the preamble sb_len and sb_family members. 1520 */ 1521 if (buflen > UCHAR_MAX || 1522 buflen <= offsetof(struct sockaddr_big, sb_data)) 1523 return EINVAL; 1524 1525 error = copyin(name, (void *)sb, buflen); 1526 if (error) 1527 return error; 1528 1529 ktrkuser(mbuftypes[MT_SONAME], sb, buflen); 1530 #if BYTE_ORDER != BIG_ENDIAN 1531 /* 1532 * 4.3BSD compat thing - need to stay, since bind(2), 1533 * connect(2), sendto(2) were not versioned for COMPAT_43. 1534 */ 1535 if (sb->sb_family == 0 && sb->sb_len < AF_MAX) 1536 sb->sb_family = sb->sb_len; 1537 #endif 1538 sb->sb_len = buflen; 1539 return 0; 1540 } 1541 1542 /* 1543 * XXX In a perfect world, we wouldn't pass around socket control 1544 * XXX arguments in mbufs, and this could go away. 1545 */ 1546 int 1547 sockargs(struct mbuf **mp, const void *bf, size_t buflen, enum uio_seg seg, 1548 int type) 1549 { 1550 struct mbuf *m; 1551 int error; 1552 1553 /* 1554 * We can't allow socket names > UCHAR_MAX in length, since that 1555 * will overflow sa_len. Control data more than a page size in 1556 * length is just too much. 1557 */ 1558 if (buflen > (type == MT_SONAME ? UCHAR_MAX : PAGE_SIZE)) 1559 return EINVAL; 1560 1561 /* 1562 * length must greater than sizeof(sa_family) + sizeof(sa_len) 1563 */ 1564 if (type == MT_SONAME && buflen <= 2) 1565 return EINVAL; 1566 1567 /* Allocate an mbuf to hold the arguments. */ 1568 m = m_get(M_WAIT, type); 1569 /* can't claim. don't who to assign it to. */ 1570 if (buflen > MLEN) { 1571 /* 1572 * Won't fit into a regular mbuf, so we allocate just 1573 * enough external storage to hold the argument. 1574 */ 1575 MEXTMALLOC(m, buflen, M_WAITOK); 1576 } 1577 m->m_len = buflen; 1578 if (seg == UIO_USERSPACE) { 1579 error = copyin(bf, mtod(m, void *), buflen); 1580 if (error) { 1581 (void)m_free(m); 1582 return error; 1583 } 1584 } else { 1585 memcpy(mtod(m, void *), bf, buflen); 1586 } 1587 *mp = m; 1588 switch (type) { 1589 case MT_SONAME: 1590 ktrkuser(mbuftypes[type], mtod(m, void *), buflen); 1591 1592 struct sockaddr *sa = mtod(m, struct sockaddr *); 1593 #if BYTE_ORDER != BIG_ENDIAN 1594 /* 1595 * 4.3BSD compat thing - need to stay, since bind(2), 1596 * connect(2), sendto(2) were not versioned for COMPAT_43. 1597 */ 1598 if (sa->sa_family == 0 && sa->sa_len < AF_MAX) 1599 sa->sa_family = sa->sa_len; 1600 #endif 1601 sa->sa_len = buflen; 1602 return 0; 1603 case MT_CONTROL: 1604 if (!KTRPOINT(curproc, KTR_USER)) 1605 return 0; 1606 1607 struct msghdr mhdr; 1608 mhdr.msg_control = mtod(m, void *); 1609 mhdr.msg_controllen = buflen; 1610 for (struct cmsghdr *cmsg = CMSG_FIRSTHDR(&mhdr); cmsg; 1611 cmsg = CMSG_NXTHDR(&mhdr, cmsg)) { 1612 KASSERT(((char *)cmsg - mtod(m, char *)) <= buflen); 1613 if (cmsg->cmsg_len > 1614 buflen - ((char *)cmsg - mtod(m, char *))) 1615 break; 1616 ktrkuser(mbuftypes[type], cmsg, cmsg->cmsg_len); 1617 } 1618 return 0; 1619 default: 1620 return EINVAL; 1621 } 1622 } 1623 1624 int 1625 do_sys_peeloff(struct socket *head, void *data) 1626 { 1627 #ifdef SCTP 1628 /*file_t *lfp = NULL;*/ 1629 file_t *nfp = NULL; 1630 int error; 1631 struct socket *so; 1632 int fd; 1633 uint32_t name; 1634 /*short fflag;*/ /* type must match fp->f_flag */ 1635 1636 name = *(uint32_t *) data; 1637 error = sctp_can_peel_off(head, name); 1638 if (error) { 1639 printf("peeloff failed\n"); 1640 return error; 1641 } 1642 /* 1643 * At this point we know we do have a assoc to pull 1644 * we proceed to get the fd setup. This may block 1645 * but that is ok. 1646 */ 1647 error = fd_allocfile(&nfp, &fd); 1648 if (error) { 1649 /* 1650 * Probably ran out of file descriptors. Put the 1651 * unaccepted connection back onto the queue and 1652 * do another wakeup so some other process might 1653 * have a chance at it. 1654 */ 1655 return error; 1656 } 1657 *(int *) data = fd; 1658 1659 so = sctp_get_peeloff(head, name, &error); 1660 if (so == NULL) { 1661 /* 1662 * Either someone else peeled it off OR 1663 * we can't get a socket. 1664 * close the new descriptor, assuming someone hasn't ripped it 1665 * out from under us. 1666 */ 1667 mutex_enter(&nfp->f_lock); 1668 nfp->f_count++; 1669 mutex_exit(&nfp->f_lock); 1670 fd_abort(curlwp->l_proc, nfp, fd); 1671 return error; 1672 } 1673 so->so_state &= ~SS_NOFDREF; 1674 so->so_state &= ~SS_ISCONNECTING; 1675 so->so_head = NULL; 1676 so->so_cred = kauth_cred_hold(head->so_cred); 1677 nfp->f_socket = so; 1678 nfp->f_flag = FREAD|FWRITE; 1679 nfp->f_ops = &socketops; 1680 nfp->f_type = DTYPE_SOCKET; 1681 1682 fd_affix(curlwp->l_proc, nfp, fd); 1683 1684 return error; 1685 #else 1686 return EOPNOTSUPP; 1687 #endif 1688 } 1689