1 /* $NetBSD: uipc_usrreq.c,v 1.111 2008/04/20 07:47:18 mlelstv Exp $ */ 2 3 /*- 4 * Copyright (c) 1998, 2000, 2004, 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, 9 * NASA Ames Research Center. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed by the NetBSD 22 * Foundation, Inc. and its contributors. 23 * 4. Neither the name of The NetBSD Foundation nor the names of its 24 * contributors may be used to endorse or promote products derived 25 * from this software without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 28 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 31 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 37 * POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40 /* 41 * Copyright (c) 1982, 1986, 1989, 1991, 1993 42 * The Regents of the University of California. All rights reserved. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * @(#)uipc_usrreq.c 8.9 (Berkeley) 5/14/95 69 */ 70 71 /* 72 * Copyright (c) 1997 Christopher G. Demetriou. All rights reserved. 73 * 74 * Redistribution and use in source and binary forms, with or without 75 * modification, are permitted provided that the following conditions 76 * are met: 77 * 1. Redistributions of source code must retain the above copyright 78 * notice, this list of conditions and the following disclaimer. 79 * 2. Redistributions in binary form must reproduce the above copyright 80 * notice, this list of conditions and the following disclaimer in the 81 * documentation and/or other materials provided with the distribution. 82 * 3. All advertising materials mentioning features or use of this software 83 * must display the following acknowledgement: 84 * This product includes software developed by the University of 85 * California, Berkeley and its contributors. 86 * 4. Neither the name of the University nor the names of its contributors 87 * may be used to endorse or promote products derived from this software 88 * without specific prior written permission. 89 * 90 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 91 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 92 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 93 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 94 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 95 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 96 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 97 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 98 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 99 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 100 * SUCH DAMAGE. 101 * 102 * @(#)uipc_usrreq.c 8.9 (Berkeley) 5/14/95 103 */ 104 105 #include <sys/cdefs.h> 106 __KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.111 2008/04/20 07:47:18 mlelstv Exp $"); 107 108 #include <sys/param.h> 109 #include <sys/systm.h> 110 #include <sys/proc.h> 111 #include <sys/filedesc.h> 112 #include <sys/domain.h> 113 #include <sys/protosw.h> 114 #include <sys/socket.h> 115 #include <sys/socketvar.h> 116 #include <sys/unpcb.h> 117 #include <sys/un.h> 118 #include <sys/namei.h> 119 #include <sys/vnode.h> 120 #include <sys/file.h> 121 #include <sys/stat.h> 122 #include <sys/mbuf.h> 123 #include <sys/kauth.h> 124 #include <sys/kmem.h> 125 #include <sys/atomic.h> 126 127 /* 128 * Unix communications domain. 129 * 130 * TODO: 131 * SEQPACKET, RDM 132 * rethink name space problems 133 * need a proper out-of-band 134 */ 135 const struct sockaddr_un sun_noname = { 136 .sun_len = sizeof(sun_noname), 137 .sun_family = AF_LOCAL, 138 }; 139 ino_t unp_ino; /* prototype for fake inode numbers */ 140 141 struct mbuf *unp_addsockcred(struct lwp *, struct mbuf *); 142 143 int 144 unp_output(struct mbuf *m, struct mbuf *control, struct unpcb *unp, 145 struct lwp *l) 146 { 147 struct socket *so2; 148 const struct sockaddr_un *sun; 149 150 so2 = unp->unp_conn->unp_socket; 151 if (unp->unp_addr) 152 sun = unp->unp_addr; 153 else 154 sun = &sun_noname; 155 if (unp->unp_conn->unp_flags & UNP_WANTCRED) 156 control = unp_addsockcred(l, control); 157 if (sbappendaddr(&so2->so_rcv, (const struct sockaddr *)sun, m, 158 control) == 0) { 159 unp_dispose(control); 160 m_freem(control); 161 m_freem(m); 162 so2->so_rcv.sb_overflowed++; 163 return (ENOBUFS); 164 } else { 165 sorwakeup(so2); 166 return (0); 167 } 168 } 169 170 void 171 unp_setsockaddr(struct unpcb *unp, struct mbuf *nam) 172 { 173 const struct sockaddr_un *sun; 174 175 if (unp->unp_addr) 176 sun = unp->unp_addr; 177 else 178 sun = &sun_noname; 179 nam->m_len = sun->sun_len; 180 if (nam->m_len > MLEN) 181 MEXTMALLOC(nam, nam->m_len, M_WAITOK); 182 memcpy(mtod(nam, void *), sun, (size_t)nam->m_len); 183 } 184 185 void 186 unp_setpeeraddr(struct unpcb *unp, struct mbuf *nam) 187 { 188 const struct sockaddr_un *sun; 189 190 if (unp->unp_conn && unp->unp_conn->unp_addr) 191 sun = unp->unp_conn->unp_addr; 192 else 193 sun = &sun_noname; 194 nam->m_len = sun->sun_len; 195 if (nam->m_len > MLEN) 196 MEXTMALLOC(nam, nam->m_len, M_WAITOK); 197 memcpy(mtod(nam, void *), sun, (size_t)nam->m_len); 198 } 199 200 /*ARGSUSED*/ 201 int 202 uipc_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, 203 struct mbuf *control, struct lwp *l) 204 { 205 struct unpcb *unp = sotounpcb(so); 206 struct socket *so2; 207 struct proc *p; 208 u_int newhiwat; 209 int error = 0; 210 211 if (req == PRU_CONTROL) 212 return (EOPNOTSUPP); 213 214 #ifdef DIAGNOSTIC 215 if (req != PRU_SEND && req != PRU_SENDOOB && control) 216 panic("uipc_usrreq: unexpected control mbuf"); 217 #endif 218 p = l ? l->l_proc : NULL; 219 if (unp == 0 && req != PRU_ATTACH) { 220 error = EINVAL; 221 goto release; 222 } 223 224 switch (req) { 225 226 case PRU_ATTACH: 227 if (unp != 0) { 228 error = EISCONN; 229 break; 230 } 231 error = unp_attach(so); 232 break; 233 234 case PRU_DETACH: 235 unp_detach(unp); 236 break; 237 238 case PRU_BIND: 239 KASSERT(l != NULL); 240 error = unp_bind(unp, nam, l); 241 break; 242 243 case PRU_LISTEN: 244 if (unp->unp_vnode == 0) 245 error = EINVAL; 246 break; 247 248 case PRU_CONNECT: 249 KASSERT(l != NULL); 250 error = unp_connect(so, nam, l); 251 break; 252 253 case PRU_CONNECT2: 254 error = unp_connect2(so, (struct socket *)nam, PRU_CONNECT2); 255 break; 256 257 case PRU_DISCONNECT: 258 unp_disconnect(unp); 259 break; 260 261 case PRU_ACCEPT: 262 unp_setpeeraddr(unp, nam); 263 /* 264 * Mark the initiating STREAM socket as connected *ONLY* 265 * after it's been accepted. This prevents a client from 266 * overrunning a server and receiving ECONNREFUSED. 267 */ 268 if (unp->unp_conn != NULL && 269 (unp->unp_conn->unp_socket->so_state & SS_ISCONNECTING)) 270 soisconnected(unp->unp_conn->unp_socket); 271 break; 272 273 case PRU_SHUTDOWN: 274 socantsendmore(so); 275 unp_shutdown(unp); 276 break; 277 278 case PRU_RCVD: 279 switch (so->so_type) { 280 281 case SOCK_DGRAM: 282 panic("uipc 1"); 283 /*NOTREACHED*/ 284 285 case SOCK_STREAM: 286 #define rcv (&so->so_rcv) 287 #define snd (&so2->so_snd) 288 if (unp->unp_conn == 0) 289 break; 290 so2 = unp->unp_conn->unp_socket; 291 /* 292 * Adjust backpressure on sender 293 * and wakeup any waiting to write. 294 */ 295 snd->sb_mbmax += unp->unp_mbcnt - rcv->sb_mbcnt; 296 unp->unp_mbcnt = rcv->sb_mbcnt; 297 newhiwat = snd->sb_hiwat + unp->unp_cc - rcv->sb_cc; 298 (void)chgsbsize(so2->so_uidinfo, 299 &snd->sb_hiwat, newhiwat, RLIM_INFINITY); 300 unp->unp_cc = rcv->sb_cc; 301 sowwakeup(so2); 302 #undef snd 303 #undef rcv 304 break; 305 306 default: 307 panic("uipc 2"); 308 } 309 break; 310 311 case PRU_SEND: 312 /* 313 * Note: unp_internalize() rejects any control message 314 * other than SCM_RIGHTS, and only allows one. This 315 * has the side-effect of preventing a caller from 316 * forging SCM_CREDS. 317 */ 318 if (control) { 319 KASSERT(l != NULL); 320 if ((error = unp_internalize(&control, l)) != 0) { 321 m_freem(control); 322 m_freem(m); 323 break; 324 } 325 } 326 switch (so->so_type) { 327 328 case SOCK_DGRAM: { 329 if (nam) { 330 if ((so->so_state & SS_ISCONNECTED) != 0) 331 error = EISCONN; 332 else { 333 KASSERT(l != NULL); 334 error = unp_connect(so, nam, l); 335 } 336 } else { 337 if ((so->so_state & SS_ISCONNECTED) == 0) 338 error = ENOTCONN; 339 } 340 if (error) { 341 unp_dispose(control); 342 m_freem(control); 343 m_freem(m); 344 break; 345 } 346 KASSERT(p != NULL); 347 error = unp_output(m, control, unp, l); 348 if (nam) 349 unp_disconnect(unp); 350 break; 351 } 352 353 case SOCK_STREAM: 354 #define rcv (&so2->so_rcv) 355 #define snd (&so->so_snd) 356 if (unp->unp_conn == NULL) { 357 error = ENOTCONN; 358 break; 359 } 360 so2 = unp->unp_conn->unp_socket; 361 if (unp->unp_conn->unp_flags & UNP_WANTCRED) { 362 /* 363 * Credentials are passed only once on 364 * SOCK_STREAM. 365 */ 366 unp->unp_conn->unp_flags &= ~UNP_WANTCRED; 367 control = unp_addsockcred(l, control); 368 } 369 /* 370 * Send to paired receive port, and then reduce 371 * send buffer hiwater marks to maintain backpressure. 372 * Wake up readers. 373 */ 374 if (control) { 375 if (sbappendcontrol(rcv, m, control) == 0) { 376 unp_dispose(control); 377 m_freem(control); 378 } 379 } else 380 sbappend(rcv, m); 381 snd->sb_mbmax -= 382 rcv->sb_mbcnt - unp->unp_conn->unp_mbcnt; 383 unp->unp_conn->unp_mbcnt = rcv->sb_mbcnt; 384 newhiwat = snd->sb_hiwat - 385 (rcv->sb_cc - unp->unp_conn->unp_cc); 386 (void)chgsbsize(so->so_uidinfo, 387 &snd->sb_hiwat, newhiwat, RLIM_INFINITY); 388 unp->unp_conn->unp_cc = rcv->sb_cc; 389 sorwakeup(so2); 390 #undef snd 391 #undef rcv 392 break; 393 394 default: 395 panic("uipc 4"); 396 } 397 break; 398 399 case PRU_ABORT: 400 unp_drop(unp, ECONNABORTED); 401 402 KASSERT(so->so_head == NULL); 403 #ifdef DIAGNOSTIC 404 if (so->so_pcb == 0) 405 panic("uipc 5: drop killed pcb"); 406 #endif 407 unp_detach(unp); 408 break; 409 410 case PRU_SENSE: 411 ((struct stat *) m)->st_blksize = so->so_snd.sb_hiwat; 412 if (so->so_type == SOCK_STREAM && unp->unp_conn != 0) { 413 so2 = unp->unp_conn->unp_socket; 414 ((struct stat *) m)->st_blksize += so2->so_rcv.sb_cc; 415 } 416 ((struct stat *) m)->st_dev = NODEV; 417 if (unp->unp_ino == 0) 418 unp->unp_ino = unp_ino++; 419 ((struct stat *) m)->st_atimespec = 420 ((struct stat *) m)->st_mtimespec = 421 ((struct stat *) m)->st_ctimespec = unp->unp_ctime; 422 ((struct stat *) m)->st_ino = unp->unp_ino; 423 return (0); 424 425 case PRU_RCVOOB: 426 error = EOPNOTSUPP; 427 break; 428 429 case PRU_SENDOOB: 430 m_freem(control); 431 m_freem(m); 432 error = EOPNOTSUPP; 433 break; 434 435 case PRU_SOCKADDR: 436 unp_setsockaddr(unp, nam); 437 break; 438 439 case PRU_PEERADDR: 440 unp_setpeeraddr(unp, nam); 441 break; 442 443 default: 444 panic("piusrreq"); 445 } 446 447 release: 448 return (error); 449 } 450 451 /* 452 * Unix domain socket option processing. 453 */ 454 int 455 uipc_ctloutput(int op, struct socket *so, int level, int optname, 456 struct mbuf **mp) 457 { 458 struct unpcb *unp = sotounpcb(so); 459 struct mbuf *m = *mp; 460 int optval = 0, error = 0; 461 462 if (level != 0) { 463 error = ENOPROTOOPT; 464 if (op == PRCO_SETOPT && m) 465 (void) m_free(m); 466 } else switch (op) { 467 468 case PRCO_SETOPT: 469 switch (optname) { 470 case LOCAL_CREDS: 471 case LOCAL_CONNWAIT: 472 if (m == NULL || m->m_len != sizeof(int)) 473 error = EINVAL; 474 else { 475 optval = *mtod(m, int *); 476 switch (optname) { 477 #define OPTSET(bit) \ 478 if (optval) \ 479 unp->unp_flags |= (bit); \ 480 else \ 481 unp->unp_flags &= ~(bit); 482 483 case LOCAL_CREDS: 484 OPTSET(UNP_WANTCRED); 485 break; 486 case LOCAL_CONNWAIT: 487 OPTSET(UNP_CONNWAIT); 488 break; 489 } 490 } 491 break; 492 #undef OPTSET 493 494 default: 495 error = ENOPROTOOPT; 496 break; 497 } 498 if (m) 499 (void) m_free(m); 500 break; 501 502 case PRCO_GETOPT: 503 switch (optname) { 504 case LOCAL_PEEREID: 505 if (unp->unp_flags & UNP_EIDSVALID) { 506 *mp = m = m_get(M_WAIT, MT_SOOPTS); 507 m->m_len = sizeof(struct unpcbid); 508 *mtod(m, struct unpcbid *) = unp->unp_connid; 509 } else { 510 error = EINVAL; 511 } 512 break; 513 case LOCAL_CREDS: 514 *mp = m = m_get(M_WAIT, MT_SOOPTS); 515 m->m_len = sizeof(int); 516 517 #define OPTBIT(bit) (unp->unp_flags & (bit) ? 1 : 0) 518 519 optval = OPTBIT(UNP_WANTCRED); 520 *mtod(m, int *) = optval; 521 break; 522 #undef OPTBIT 523 524 default: 525 error = ENOPROTOOPT; 526 break; 527 } 528 break; 529 } 530 return (error); 531 } 532 533 /* 534 * Both send and receive buffers are allocated PIPSIZ bytes of buffering 535 * for stream sockets, although the total for sender and receiver is 536 * actually only PIPSIZ. 537 * Datagram sockets really use the sendspace as the maximum datagram size, 538 * and don't really want to reserve the sendspace. Their recvspace should 539 * be large enough for at least one max-size datagram plus address. 540 */ 541 #define PIPSIZ 4096 542 u_long unpst_sendspace = PIPSIZ; 543 u_long unpst_recvspace = PIPSIZ; 544 u_long unpdg_sendspace = 2*1024; /* really max datagram size */ 545 u_long unpdg_recvspace = 4*1024; 546 547 u_int unp_rights; /* file descriptors in flight */ 548 549 int 550 unp_attach(struct socket *so) 551 { 552 struct unpcb *unp; 553 int error; 554 555 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { 556 switch (so->so_type) { 557 558 case SOCK_STREAM: 559 error = soreserve(so, unpst_sendspace, unpst_recvspace); 560 break; 561 562 case SOCK_DGRAM: 563 error = soreserve(so, unpdg_sendspace, unpdg_recvspace); 564 break; 565 566 default: 567 panic("unp_attach"); 568 } 569 if (error) 570 return (error); 571 } 572 unp = malloc(sizeof(*unp), M_PCB, M_NOWAIT); 573 if (unp == NULL) 574 return (ENOBUFS); 575 memset((void *)unp, 0, sizeof(*unp)); 576 unp->unp_socket = so; 577 so->so_pcb = unp; 578 nanotime(&unp->unp_ctime); 579 return (0); 580 } 581 582 void 583 unp_detach(struct unpcb *unp) 584 { 585 586 if (unp->unp_vnode) { 587 unp->unp_vnode->v_socket = 0; 588 vrele(unp->unp_vnode); 589 unp->unp_vnode = 0; 590 } 591 if (unp->unp_conn) 592 unp_disconnect(unp); 593 while (unp->unp_refs) 594 unp_drop(unp->unp_refs, ECONNRESET); 595 soisdisconnected(unp->unp_socket); 596 unp->unp_socket->so_pcb = 0; 597 if (unp->unp_addr) 598 free(unp->unp_addr, M_SONAME); 599 if (unp_rights) { 600 /* 601 * Normally the receive buffer is flushed later, 602 * in sofree, but if our receive buffer holds references 603 * to descriptors that are now garbage, we will dispose 604 * of those descriptor references after the garbage collector 605 * gets them (resulting in a "panic: closef: count < 0"). 606 */ 607 sorflush(unp->unp_socket); 608 free(unp, M_PCB); 609 unp_gc(); 610 } else 611 free(unp, M_PCB); 612 } 613 614 int 615 unp_bind(struct unpcb *unp, struct mbuf *nam, struct lwp *l) 616 { 617 struct sockaddr_un *sun; 618 vnode_t *vp; 619 struct vattr vattr; 620 size_t addrlen; 621 struct proc *p; 622 int error; 623 struct nameidata nd; 624 625 if (unp->unp_vnode != 0) 626 return (EINVAL); 627 628 if ((unp->unp_flags & UNP_BUSY) != 0) { 629 /* 630 * EALREADY may not be strictly accurate, but since this 631 * is a major application error it's hardly a big deal. 632 */ 633 return (EALREADY); 634 } 635 unp->unp_flags |= UNP_BUSY; 636 637 p = l->l_proc; 638 /* 639 * Allocate the new sockaddr. We have to allocate one 640 * extra byte so that we can ensure that the pathname 641 * is nul-terminated. 642 */ 643 addrlen = nam->m_len + 1; 644 sun = malloc(addrlen, M_SONAME, M_WAITOK); 645 m_copydata(nam, 0, nam->m_len, (void *)sun); 646 *(((char *)sun) + nam->m_len) = '\0'; 647 648 NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT | TRYEMULROOT, UIO_SYSSPACE, 649 sun->sun_path); 650 651 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */ 652 if ((error = namei(&nd)) != 0) 653 goto bad; 654 vp = nd.ni_vp; 655 if (vp != NULL) { 656 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd); 657 if (nd.ni_dvp == vp) 658 vrele(nd.ni_dvp); 659 else 660 vput(nd.ni_dvp); 661 vrele(vp); 662 error = EADDRINUSE; 663 goto bad; 664 } 665 VATTR_NULL(&vattr); 666 vattr.va_type = VSOCK; 667 vattr.va_mode = ACCESSPERMS & ~(p->p_cwdi->cwdi_cmask); 668 error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); 669 if (error) 670 goto bad; 671 vp = nd.ni_vp; 672 vp->v_socket = unp->unp_socket; 673 unp->unp_vnode = vp; 674 unp->unp_addrlen = addrlen; 675 unp->unp_addr = sun; 676 unp->unp_connid.unp_pid = p->p_pid; 677 unp->unp_connid.unp_euid = kauth_cred_geteuid(p->p_cred); 678 unp->unp_connid.unp_egid = kauth_cred_getegid(p->p_cred); 679 unp->unp_flags |= UNP_EIDSBIND; 680 VOP_UNLOCK(vp, 0); 681 unp->unp_flags &= ~UNP_BUSY; 682 return (0); 683 684 bad: 685 free(sun, M_SONAME); 686 unp->unp_flags &= ~UNP_BUSY; 687 return (error); 688 } 689 690 int 691 unp_connect(struct socket *so, struct mbuf *nam, struct lwp *l) 692 { 693 struct sockaddr_un *sun; 694 vnode_t *vp; 695 struct socket *so2, *so3; 696 struct unpcb *unp, *unp2, *unp3; 697 size_t addrlen; 698 struct proc *p; 699 int error; 700 struct nameidata nd; 701 702 unp = sotounpcb(so); 703 if ((unp->unp_flags & UNP_BUSY) != 0) { 704 /* 705 * EALREADY may not be strictly accurate, but since this 706 * is a major application error it's hardly a big deal. 707 */ 708 return (EALREADY); 709 } 710 unp->unp_flags |= UNP_BUSY; 711 712 p = l->l_proc; 713 /* 714 * Allocate a temporary sockaddr. We have to allocate one extra 715 * byte so that we can ensure that the pathname is nul-terminated. 716 * When we establish the connection, we copy the other PCB's 717 * sockaddr to our own. 718 */ 719 addrlen = nam->m_len + 1; 720 sun = malloc(addrlen, M_SONAME, M_WAITOK); 721 m_copydata(nam, 0, nam->m_len, (void *)sun); 722 *(((char *)sun) + nam->m_len) = '\0'; 723 724 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_SYSSPACE, 725 sun->sun_path); 726 727 if ((error = namei(&nd)) != 0) 728 goto bad2; 729 vp = nd.ni_vp; 730 if (vp->v_type != VSOCK) { 731 error = ENOTSOCK; 732 goto bad; 733 } 734 if ((error = VOP_ACCESS(vp, VWRITE, l->l_cred)) != 0) 735 goto bad; 736 so2 = vp->v_socket; 737 if (so2 == 0) { 738 error = ECONNREFUSED; 739 goto bad; 740 } 741 if (so->so_type != so2->so_type) { 742 error = EPROTOTYPE; 743 goto bad; 744 } 745 if (so->so_proto->pr_flags & PR_CONNREQUIRED) { 746 if ((so2->so_options & SO_ACCEPTCONN) == 0 || 747 (so3 = sonewconn(so2, 0)) == 0) { 748 error = ECONNREFUSED; 749 goto bad; 750 } 751 unp2 = sotounpcb(so2); 752 unp3 = sotounpcb(so3); 753 if (unp2->unp_addr) { 754 unp3->unp_addr = malloc(unp2->unp_addrlen, 755 M_SONAME, M_WAITOK); 756 memcpy(unp3->unp_addr, unp2->unp_addr, 757 unp2->unp_addrlen); 758 unp3->unp_addrlen = unp2->unp_addrlen; 759 } 760 unp3->unp_flags = unp2->unp_flags; 761 unp3->unp_connid.unp_pid = p->p_pid; 762 unp3->unp_connid.unp_euid = kauth_cred_geteuid(p->p_cred); 763 unp3->unp_connid.unp_egid = kauth_cred_getegid(p->p_cred); 764 unp3->unp_flags |= UNP_EIDSVALID; 765 so2 = so3; 766 if (unp2->unp_flags & UNP_EIDSBIND) { 767 unp->unp_connid = unp2->unp_connid; 768 unp->unp_flags |= UNP_EIDSVALID; 769 } 770 } 771 error = unp_connect2(so, so2, PRU_CONNECT); 772 bad: 773 vput(vp); 774 bad2: 775 free(sun, M_SONAME); 776 unp->unp_flags &= ~UNP_BUSY; 777 return (error); 778 } 779 780 int 781 unp_connect2(struct socket *so, struct socket *so2, int req) 782 { 783 struct unpcb *unp = sotounpcb(so); 784 struct unpcb *unp2; 785 786 if (so2->so_type != so->so_type) 787 return (EPROTOTYPE); 788 unp2 = sotounpcb(so2); 789 unp->unp_conn = unp2; 790 switch (so->so_type) { 791 792 case SOCK_DGRAM: 793 unp->unp_nextref = unp2->unp_refs; 794 unp2->unp_refs = unp; 795 soisconnected(so); 796 break; 797 798 case SOCK_STREAM: 799 unp2->unp_conn = unp; 800 if (req == PRU_CONNECT && 801 ((unp->unp_flags | unp2->unp_flags) & UNP_CONNWAIT)) 802 soisconnecting(so); 803 else 804 soisconnected(so); 805 soisconnected(so2); 806 break; 807 808 default: 809 panic("unp_connect2"); 810 } 811 return (0); 812 } 813 814 void 815 unp_disconnect(struct unpcb *unp) 816 { 817 struct unpcb *unp2 = unp->unp_conn; 818 819 if (unp2 == 0) 820 return; 821 unp->unp_conn = 0; 822 switch (unp->unp_socket->so_type) { 823 824 case SOCK_DGRAM: 825 if (unp2->unp_refs == unp) 826 unp2->unp_refs = unp->unp_nextref; 827 else { 828 unp2 = unp2->unp_refs; 829 for (;;) { 830 if (unp2 == 0) 831 panic("unp_disconnect"); 832 if (unp2->unp_nextref == unp) 833 break; 834 unp2 = unp2->unp_nextref; 835 } 836 unp2->unp_nextref = unp->unp_nextref; 837 } 838 unp->unp_nextref = 0; 839 unp->unp_socket->so_state &= ~SS_ISCONNECTED; 840 break; 841 842 case SOCK_STREAM: 843 soisdisconnected(unp->unp_socket); 844 unp2->unp_conn = 0; 845 soisdisconnected(unp2->unp_socket); 846 break; 847 } 848 } 849 850 #ifdef notdef 851 unp_abort(struct unpcb *unp) 852 { 853 unp_detach(unp); 854 } 855 #endif 856 857 void 858 unp_shutdown(struct unpcb *unp) 859 { 860 struct socket *so; 861 862 if (unp->unp_socket->so_type == SOCK_STREAM && unp->unp_conn && 863 (so = unp->unp_conn->unp_socket)) 864 socantrcvmore(so); 865 } 866 867 void 868 unp_drop(struct unpcb *unp, int errno) 869 { 870 struct socket *so = unp->unp_socket; 871 872 so->so_error = errno; 873 unp_disconnect(unp); 874 if (so->so_head) { 875 so->so_pcb = 0; 876 sofree(so); 877 if (unp->unp_addr) 878 free(unp->unp_addr, M_SONAME); 879 free(unp, M_PCB); 880 } 881 } 882 883 #ifdef notdef 884 unp_drain(void) 885 { 886 887 } 888 #endif 889 890 int 891 unp_externalize(struct mbuf *rights, struct lwp *l) 892 { 893 struct cmsghdr *cm = mtod(rights, struct cmsghdr *); 894 struct proc *p = l->l_proc; 895 int i, *fdp; 896 file_t **rp; 897 file_t *fp; 898 int nfds, error = 0; 899 900 nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) / 901 sizeof(file_t *); 902 rp = (file_t **)CMSG_DATA(cm); 903 904 fdp = malloc(nfds * sizeof(int), M_TEMP, M_WAITOK); 905 rw_enter(&p->p_cwdi->cwdi_lock, RW_READER); 906 907 /* Make sure the recipient should be able to see the descriptors.. */ 908 if (p->p_cwdi->cwdi_rdir != NULL) { 909 rp = (file_t **)CMSG_DATA(cm); 910 for (i = 0; i < nfds; i++) { 911 fp = *rp++; 912 /* 913 * If we are in a chroot'ed directory, and 914 * someone wants to pass us a directory, make 915 * sure it's inside the subtree we're allowed 916 * to access. 917 */ 918 if (fp->f_type == DTYPE_VNODE) { 919 vnode_t *vp = (vnode_t *)fp->f_data; 920 if ((vp->v_type == VDIR) && 921 !vn_isunder(vp, p->p_cwdi->cwdi_rdir, l)) { 922 error = EPERM; 923 break; 924 } 925 } 926 } 927 } 928 929 restart: 930 rp = (file_t **)CMSG_DATA(cm); 931 if (error != 0) { 932 for (i = 0; i < nfds; i++) { 933 fp = *rp; 934 /* 935 * zero the pointer before calling unp_discard, 936 * since it may end up in unp_gc().. 937 */ 938 *rp++ = 0; 939 unp_discard(fp); 940 } 941 goto out; 942 } 943 944 /* 945 * First loop -- allocate file descriptor table slots for the 946 * new descriptors. 947 */ 948 for (i = 0; i < nfds; i++) { 949 fp = *rp++; 950 if ((error = fd_alloc(p, 0, &fdp[i])) != 0) { 951 /* 952 * Back out what we've done so far. 953 */ 954 for (--i; i >= 0; i--) { 955 fd_abort(p, NULL, fdp[i]); 956 } 957 if (error == ENOSPC) { 958 fd_tryexpand(p); 959 error = 0; 960 } else { 961 /* 962 * This is the error that has historically 963 * been returned, and some callers may 964 * expect it. 965 */ 966 error = EMSGSIZE; 967 } 968 goto restart; 969 } 970 } 971 972 /* 973 * Now that adding them has succeeded, update all of the 974 * descriptor passing state. */ 975 rp = (file_t **)CMSG_DATA(cm); 976 for (i = 0; i < nfds; i++) { 977 fp = *rp++; 978 atomic_dec_uint(&unp_rights); 979 fd_affix(p, fp, fdp[i]); 980 mutex_enter(&fp->f_lock); 981 fp->f_msgcount--; 982 mutex_exit(&fp->f_lock); 983 /* 984 * Note that fd_affix() adds a reference to the file. 985 * The file may already have been closed by another 986 * LWP in the process, so we must drop the reference 987 * added by unp_internalize() with closef(). 988 */ 989 closef(fp); 990 } 991 992 /* 993 * Copy temporary array to message and adjust length, in case of 994 * transition from large file_t pointers to ints. 995 */ 996 memcpy(CMSG_DATA(cm), fdp, nfds * sizeof(int)); 997 cm->cmsg_len = CMSG_LEN(nfds * sizeof(int)); 998 rights->m_len = CMSG_SPACE(nfds * sizeof(int)); 999 out: 1000 rw_exit(&p->p_cwdi->cwdi_lock); 1001 free(fdp, M_TEMP); 1002 return (error); 1003 } 1004 1005 int 1006 unp_internalize(struct mbuf **controlp, struct lwp *l) 1007 { 1008 struct filedesc *fdescp = curlwp->l_fd; 1009 struct mbuf *control = *controlp; 1010 struct cmsghdr *newcm, *cm = mtod(control, struct cmsghdr *); 1011 file_t **rp, **files; 1012 file_t *fp; 1013 int i, fd, *fdp; 1014 int nfds, error; 1015 1016 KASSERT(l == curlwp); 1017 1018 error = 0; 1019 newcm = NULL; 1020 1021 /* Sanity check the control message header. */ 1022 if (cm->cmsg_type != SCM_RIGHTS || cm->cmsg_level != SOL_SOCKET || 1023 cm->cmsg_len != control->m_len) 1024 return (EINVAL); 1025 1026 /* 1027 * Verify that the file descriptors are valid, and acquire 1028 * a reference to each. 1029 */ 1030 nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof(int); 1031 fdp = (int *)CMSG_DATA(cm); 1032 for (i = 0; i < nfds; i++) { 1033 fd = *fdp++; 1034 if ((fp = fd_getfile(fd)) == NULL) { 1035 nfds = i + 1; 1036 error = EBADF; 1037 goto out; 1038 } 1039 } 1040 1041 /* Allocate new space and copy header into it. */ 1042 newcm = malloc(CMSG_SPACE(nfds * sizeof(file_t *)), M_MBUF, M_WAITOK); 1043 if (newcm == NULL) { 1044 error = E2BIG; 1045 goto out; 1046 } 1047 memcpy(newcm, cm, sizeof(struct cmsghdr)); 1048 files = (file_t **)CMSG_DATA(newcm); 1049 1050 /* 1051 * Transform the file descriptors into file_t pointers, in 1052 * reverse order so that if pointers are bigger than ints, the 1053 * int won't get until we're done. No need to lock, as we have 1054 * already validated the descriptors with fd_getfile(). 1055 */ 1056 fdp = (int *)CMSG_DATA(cm) + nfds; 1057 rp = files + nfds; 1058 for (i = 0; i < nfds; i++) { 1059 fp = fdescp->fd_ofiles[*--fdp]->ff_file; 1060 KASSERT(fp != NULL); 1061 mutex_enter(&fp->f_lock); 1062 *--rp = fp; 1063 fp->f_count++; 1064 fp->f_msgcount++; 1065 mutex_exit(&fp->f_lock); 1066 atomic_inc_uint(&unp_rights); 1067 } 1068 1069 out: 1070 /* Release descriptor references. */ 1071 fdp = (int *)CMSG_DATA(cm); 1072 for (i = 0; i < nfds; i++) { 1073 fd_putfile(*fdp++); 1074 } 1075 1076 if (error == 0) { 1077 if (control->m_flags & M_EXT) { 1078 m_freem(control); 1079 *controlp = control = m_get(M_WAIT, MT_CONTROL); 1080 } 1081 MEXTADD(control, newcm, CMSG_SPACE(nfds * sizeof(file_t *)), 1082 M_MBUF, NULL, NULL); 1083 cm = newcm; 1084 /* 1085 * Adjust message & mbuf to note amount of space 1086 * actually used. 1087 */ 1088 cm->cmsg_len = CMSG_LEN(nfds * sizeof(file_t *)); 1089 control->m_len = CMSG_SPACE(nfds * sizeof(file_t *)); 1090 } 1091 1092 return error; 1093 } 1094 1095 struct mbuf * 1096 unp_addsockcred(struct lwp *l, struct mbuf *control) 1097 { 1098 struct cmsghdr *cmp; 1099 struct sockcred *sc; 1100 struct mbuf *m, *n; 1101 int len, space, i; 1102 1103 len = CMSG_LEN(SOCKCREDSIZE(kauth_cred_ngroups(l->l_cred))); 1104 space = CMSG_SPACE(SOCKCREDSIZE(kauth_cred_ngroups(l->l_cred))); 1105 1106 m = m_get(M_WAIT, MT_CONTROL); 1107 if (space > MLEN) { 1108 if (space > MCLBYTES) 1109 MEXTMALLOC(m, space, M_WAITOK); 1110 else 1111 m_clget(m, M_WAIT); 1112 if ((m->m_flags & M_EXT) == 0) { 1113 m_free(m); 1114 return (control); 1115 } 1116 } 1117 1118 m->m_len = space; 1119 m->m_next = NULL; 1120 cmp = mtod(m, struct cmsghdr *); 1121 sc = (struct sockcred *)CMSG_DATA(cmp); 1122 cmp->cmsg_len = len; 1123 cmp->cmsg_level = SOL_SOCKET; 1124 cmp->cmsg_type = SCM_CREDS; 1125 sc->sc_uid = kauth_cred_getuid(l->l_cred); 1126 sc->sc_euid = kauth_cred_geteuid(l->l_cred); 1127 sc->sc_gid = kauth_cred_getgid(l->l_cred); 1128 sc->sc_egid = kauth_cred_getegid(l->l_cred); 1129 sc->sc_ngroups = kauth_cred_ngroups(l->l_cred); 1130 for (i = 0; i < sc->sc_ngroups; i++) 1131 sc->sc_groups[i] = kauth_cred_group(l->l_cred, i); 1132 1133 /* 1134 * If a control message already exists, append us to the end. 1135 */ 1136 if (control != NULL) { 1137 for (n = control; n->m_next != NULL; n = n->m_next) 1138 ; 1139 n->m_next = m; 1140 } else 1141 control = m; 1142 1143 return (control); 1144 } 1145 1146 int unp_defer, unp_gcing; 1147 extern struct domain unixdomain; 1148 1149 /* 1150 * Comment added long after the fact explaining what's going on here. 1151 * Do a mark-sweep GC of file descriptors on the system, to free up 1152 * any which are caught in flight to an about-to-be-closed socket. 1153 * 1154 * Traditional mark-sweep gc's start at the "root", and mark 1155 * everything reachable from the root (which, in our case would be the 1156 * process table). The mark bits are cleared during the sweep. 1157 * 1158 * XXX For some inexplicable reason (perhaps because the file 1159 * descriptor tables used to live in the u area which could be swapped 1160 * out and thus hard to reach), we do multiple scans over the set of 1161 * descriptors, using use *two* mark bits per object (DEFER and MARK). 1162 * Whenever we find a descriptor which references other descriptors, 1163 * the ones it references are marked with both bits, and we iterate 1164 * over the whole file table until there are no more DEFER bits set. 1165 * We also make an extra pass *before* the GC to clear the mark bits, 1166 * which could have been cleared at almost no cost during the previous 1167 * sweep. 1168 */ 1169 void 1170 unp_gc(void) 1171 { 1172 file_t *fp, *nextfp; 1173 struct socket *so, *so1; 1174 file_t **extra_ref, **fpp; 1175 int nunref, nslots, i; 1176 1177 if (atomic_swap_uint(&unp_gcing, 1) == 1) 1178 return; 1179 1180 restart: 1181 nslots = nfiles * 2; 1182 extra_ref = kmem_alloc(nslots * sizeof(file_t *), KM_SLEEP); 1183 1184 mutex_enter(&filelist_lock); 1185 unp_defer = 0; 1186 1187 /* Clear mark bits */ 1188 LIST_FOREACH(fp, &filehead, f_list) { 1189 atomic_and_uint(&fp->f_flag, ~(FMARK|FDEFER)); 1190 } 1191 1192 /* 1193 * Iterate over the set of descriptors, marking ones believed 1194 * (based on refcount) to be referenced from a process, and 1195 * marking for rescan descriptors which are queued on a socket. 1196 */ 1197 do { 1198 LIST_FOREACH(fp, &filehead, f_list) { 1199 mutex_enter(&fp->f_lock); 1200 if (fp->f_flag & FDEFER) { 1201 atomic_and_uint(&fp->f_flag, ~FDEFER); 1202 unp_defer--; 1203 KASSERT(fp->f_count != 0); 1204 } else { 1205 if (fp->f_count == 0 || 1206 (fp->f_flag & FMARK) || 1207 fp->f_count == fp->f_msgcount) { 1208 mutex_exit(&fp->f_lock); 1209 continue; 1210 } 1211 } 1212 atomic_or_uint(&fp->f_flag, FMARK); 1213 1214 if (fp->f_type != DTYPE_SOCKET || 1215 (so = (struct socket *)fp->f_data) == NULL || 1216 so->so_proto->pr_domain != &unixdomain || 1217 (so->so_proto->pr_flags&PR_RIGHTS) == 0) { 1218 mutex_exit(&fp->f_lock); 1219 continue; 1220 } 1221 #ifdef notdef 1222 if (so->so_rcv.sb_flags & SB_LOCK) { 1223 mutex_exit(&fp->f_lock); 1224 mutex_exit(&filelist_lock); 1225 kmem_free(extra_ref, nslots * sizeof(file_t *)); 1226 /* 1227 * This is problematical; it's not clear 1228 * we need to wait for the sockbuf to be 1229 * unlocked (on a uniprocessor, at least), 1230 * and it's also not clear what to do 1231 * if sbwait returns an error due to receipt 1232 * of a signal. If sbwait does return 1233 * an error, we'll go into an infinite 1234 * loop. Delete all of this for now. 1235 */ 1236 (void) sbwait(&so->so_rcv); 1237 goto restart; 1238 } 1239 #endif 1240 mutex_exit(&fp->f_lock); 1241 1242 unp_scan(so->so_rcv.sb_mb, unp_mark, 0); 1243 /* 1244 * Mark descriptors referenced from sockets queued 1245 * on the accept queue as well. 1246 */ 1247 if (so->so_options & SO_ACCEPTCONN) { 1248 TAILQ_FOREACH(so1, &so->so_q0, so_qe) { 1249 unp_scan(so1->so_rcv.sb_mb, unp_mark, 0); 1250 } 1251 TAILQ_FOREACH(so1, &so->so_q, so_qe) { 1252 unp_scan(so1->so_rcv.sb_mb, unp_mark, 0); 1253 } 1254 } 1255 } 1256 } while (unp_defer); 1257 1258 /* 1259 * Sweep pass. Find unmarked descriptors, and free them. 1260 * 1261 * We grab an extra reference to each of the file table entries 1262 * that are not otherwise accessible and then free the rights 1263 * that are stored in messages on them. 1264 * 1265 * The bug in the original code is a little tricky, so I'll describe 1266 * what's wrong with it here. 1267 * 1268 * It is incorrect to simply unp_discard each entry for f_msgcount 1269 * times -- consider the case of sockets A and B that contain 1270 * references to each other. On a last close of some other socket, 1271 * we trigger a gc since the number of outstanding rights (unp_rights) 1272 * is non-zero. If during the sweep phase the gc code un_discards, 1273 * we end up doing a (full) closef on the descriptor. A closef on A 1274 * results in the following chain. Closef calls soo_close, which 1275 * calls soclose. Soclose calls first (through the switch 1276 * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply 1277 * returns because the previous instance had set unp_gcing, and 1278 * we return all the way back to soclose, which marks the socket 1279 * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush 1280 * to free up the rights that are queued in messages on the socket A, 1281 * i.e., the reference on B. The sorflush calls via the dom_dispose 1282 * switch unp_dispose, which unp_scans with unp_discard. This second 1283 * instance of unp_discard just calls closef on B. 1284 * 1285 * Well, a similar chain occurs on B, resulting in a sorflush on B, 1286 * which results in another closef on A. Unfortunately, A is already 1287 * being closed, and the descriptor has already been marked with 1288 * SS_NOFDREF, and soclose panics at this point. 1289 * 1290 * Here, we first take an extra reference to each inaccessible 1291 * descriptor. Then, if the inaccessible descriptor is a 1292 * socket, we call sorflush in case it is a Unix domain 1293 * socket. After we destroy all the rights carried in 1294 * messages, we do a last closef to get rid of our extra 1295 * reference. This is the last close, and the unp_detach etc 1296 * will shut down the socket. 1297 * 1298 * 91/09/19, bsy@cs.cmu.edu 1299 */ 1300 if (nslots < nfiles) { 1301 mutex_exit(&filelist_lock); 1302 kmem_free(extra_ref, nslots * sizeof(file_t *)); 1303 goto restart; 1304 } 1305 for (nunref = 0, fp = LIST_FIRST(&filehead), fpp = extra_ref; fp != 0; 1306 fp = nextfp) { 1307 nextfp = LIST_NEXT(fp, f_list); 1308 mutex_enter(&fp->f_lock); 1309 if (fp->f_count != 0 && 1310 fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) { 1311 *fpp++ = fp; 1312 nunref++; 1313 fp->f_count++; 1314 } 1315 mutex_exit(&fp->f_lock); 1316 } 1317 mutex_exit(&filelist_lock); 1318 1319 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) { 1320 fp = *fpp; 1321 if (fp->f_type == DTYPE_SOCKET) 1322 sorflush(fp->f_data); 1323 } 1324 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) { 1325 closef(*fpp); 1326 } 1327 kmem_free(extra_ref, nslots * sizeof(file_t *)); 1328 atomic_swap_uint(&unp_gcing, 0); 1329 } 1330 1331 void 1332 unp_dispose(struct mbuf *m) 1333 { 1334 1335 if (m) 1336 unp_scan(m, unp_discard, 1); 1337 } 1338 1339 void 1340 unp_scan(struct mbuf *m0, void (*op)(file_t *), int discard) 1341 { 1342 struct mbuf *m; 1343 file_t **rp; 1344 struct cmsghdr *cm; 1345 int i; 1346 int qfds; 1347 1348 while (m0) { 1349 for (m = m0; m; m = m->m_next) { 1350 if (m->m_type == MT_CONTROL && 1351 m->m_len >= sizeof(*cm)) { 1352 cm = mtod(m, struct cmsghdr *); 1353 if (cm->cmsg_level != SOL_SOCKET || 1354 cm->cmsg_type != SCM_RIGHTS) 1355 continue; 1356 qfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) 1357 / sizeof(file_t *); 1358 rp = (file_t **)CMSG_DATA(cm); 1359 for (i = 0; i < qfds; i++) { 1360 file_t *fp = *rp; 1361 if (discard) 1362 *rp = 0; 1363 (*op)(fp); 1364 rp++; 1365 } 1366 break; /* XXX, but saves time */ 1367 } 1368 } 1369 m0 = m0->m_nextpkt; 1370 } 1371 } 1372 1373 void 1374 unp_mark(file_t *fp) 1375 { 1376 1377 if (fp == NULL) 1378 return; 1379 1380 /* If we're already deferred, don't screw up the defer count */ 1381 mutex_enter(&fp->f_lock); 1382 if (fp->f_flag & (FMARK | FDEFER)) { 1383 mutex_exit(&fp->f_lock); 1384 return; 1385 } 1386 1387 /* 1388 * Minimize the number of deferrals... Sockets are the only 1389 * type of descriptor which can hold references to another 1390 * descriptor, so just mark other descriptors, and defer 1391 * unmarked sockets for the next pass. 1392 */ 1393 if (fp->f_type == DTYPE_SOCKET) { 1394 unp_defer++; 1395 KASSERT(fp->f_count != 0); 1396 atomic_or_uint(&fp->f_flag, FDEFER); 1397 } else { 1398 atomic_or_uint(&fp->f_flag, FMARK); 1399 } 1400 mutex_exit(&fp->f_lock); 1401 return; 1402 } 1403 1404 void 1405 unp_discard(file_t *fp) 1406 { 1407 1408 if (fp == NULL) 1409 return; 1410 1411 mutex_enter(&fp->f_lock); 1412 KASSERT(fp->f_count > 0); 1413 fp->f_msgcount--; 1414 mutex_exit(&fp->f_lock); 1415 atomic_dec_uint(&unp_rights); 1416 (void)closef(fp); 1417 } 1418