xref: /onnv-gate/usr/src/uts/common/fs/sockfs/socksyscalls.c (revision 12644:4f9a0cd40c5f)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright (c) 1995, 2010, Oracle and/or its affiliates. All rights reserved.
 */

#include <sys/types.h>
#include <sys/t_lock.h>
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/buf.h>
#include <sys/conf.h>
#include <sys/cred.h>
#include <sys/kmem.h>
#include <sys/sysmacros.h>
#include <sys/vfs.h>
#include <sys/vnode.h>
#include <sys/debug.h>
#include <sys/errno.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/user.h>
#include <sys/stream.h>
#include <sys/strsubr.h>
#include <sys/strsun.h>
#include <sys/sunddi.h>
#include <sys/esunddi.h>
#include <sys/flock.h>
#include <sys/modctl.h>
#include <sys/cmn_err.h>
#include <sys/vmsystm.h>
#include <sys/policy.h>

#include <sys/socket.h>
#include <sys/socketvar.h>

#include <sys/isa_defs.h>
#include <sys/inttypes.h>
#include <sys/systm.h>
#include <sys/cpuvar.h>
#include <sys/filio.h>
#include <sys/sendfile.h>
#include <sys/ddi.h>
#include <vm/seg.h>
#include <vm/seg_map.h>
#include <vm/seg_kpm.h>

#include <fs/sockfs/nl7c.h>
#include <fs/sockfs/sockcommon.h>
#include <fs/sockfs/sockfilter_impl.h>
#include <fs/sockfs/socktpi.h>

#ifdef SOCK_TEST
int do_useracc = 1;		/* Controlled by setting SO_DEBUG to 4 */
#else
#define	do_useracc	1
#endif /* SOCK_TEST */

extern int 	xnet_truncate_print;

extern void	nl7c_init(void);
extern int	sockfs_defer_nl7c_init;

/*
 * Note: DEF_IOV_MAX is defined and used as it is in "fs/vncalls.c"
 *	 as there isn't a formal definition of IOV_MAX ???
 */
#define	MSG_MAXIOVLEN	16

/*
 * Kernel component of socket creation.
 *
 * The socket library determines which version number to use.
 * First the library calls this with a NULL devpath. If this fails
 * to find a transport (using solookup) the library will look in /etc/netconfig
 * for the appropriate transport. If one is found it will pass in the
 * devpath for the kernel to use.
 */
int
so_socket(int family, int type, int protocol, char *devpath, int version)
{
	struct sonode *so;
	vnode_t *vp;
	struct file *fp;
	int fd;
	int error;

	if (devpath != NULL) {
		char *buf;
		size_t kdevpathlen = 0;

		buf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
		if ((error = copyinstr(devpath, buf,
		    MAXPATHLEN, &kdevpathlen)) != 0) {
			kmem_free(buf, MAXPATHLEN);
			return (set_errno(error));
		}
		so = socket_create(family, type, protocol, buf, NULL,
		    SOCKET_SLEEP, version, CRED(), &error);
		kmem_free(buf, MAXPATHLEN);
	} else {
		so = socket_create(family, type, protocol, NULL, NULL,
		    SOCKET_SLEEP, version, CRED(), &error);
	}
	if (so == NULL)
		return (set_errno(error));

	/* Allocate a file descriptor for the socket */
	vp = SOTOV(so);
	if (error = falloc(vp, FWRITE|FREAD, &fp, &fd)) {
		(void) socket_close(so, 0, CRED());
		socket_destroy(so);
		return (set_errno(error));
	}

	/*
	 * Now fill in the entries that falloc reserved
	 */
	mutex_exit(&fp->f_tlock);
	setf(fd, fp);

	return (fd);
}

/*
 * Map from a file descriptor to a socket node.
 * Returns with the file descriptor held i.e. the caller has to
 * use releasef when done with the file descriptor.
 */
struct sonode *
getsonode(int sock, int *errorp, file_t **fpp)
{
	file_t *fp;
	vnode_t *vp;
	struct sonode *so;

	if ((fp = getf(sock)) == NULL) {
		*errorp = EBADF;
		eprintline(*errorp);
		return (NULL);
	}
	vp = fp->f_vnode;
	/* Check if it is a socket */
	if (vp->v_type != VSOCK) {
		releasef(sock);
		*errorp = ENOTSOCK;
		eprintline(*errorp);
		return (NULL);
	}
	/*
	 * Use the stream head to find the real socket vnode.
	 * This is needed when namefs sits above sockfs.
	 */
	if (vp->v_stream) {
		ASSERT(vp->v_stream->sd_vnode);
		vp = vp->v_stream->sd_vnode;

		so = VTOSO(vp);
		if (so->so_version == SOV_STREAM) {
			releasef(sock);
			*errorp = ENOTSOCK;
			eprintsoline(so, *errorp);
			return (NULL);
		}
	} else {
		so = VTOSO(vp);
	}
	if (fpp)
		*fpp = fp;
	return (so);
}

/*
 * Allocate and copyin a sockaddr.
 * Ensures NULL termination for AF_UNIX addresses by extending them
 * with one NULL byte if need be. Verifies that the length is not
 * excessive to prevent an application from consuming all of kernel
 * memory. Returns NULL when an error occurred.
 */
static struct sockaddr *
copyin_name(struct sonode *so, struct sockaddr *name, socklen_t *namelenp,
	    int *errorp)
{
	char	*faddr;
	size_t	namelen = (size_t)*namelenp;

	ASSERT(namelen != 0);
	if (namelen > SO_MAXARGSIZE) {
		*errorp = EINVAL;
		eprintsoline(so, *errorp);
		return (NULL);
	}

	faddr = (char *)kmem_alloc(namelen, KM_SLEEP);
	if (copyin(name, faddr, namelen)) {
		kmem_free(faddr, namelen);
		*errorp = EFAULT;
		eprintsoline(so, *errorp);
		return (NULL);
	}

	/*
	 * Add space for NULL termination if needed.
	 * Do a quick check if the last byte is NUL.
	 */
	if (so->so_family == AF_UNIX && faddr[namelen - 1] != '\0') {
		/* Check if there is any NULL termination */
		size_t	i;
		int foundnull = 0;

		for (i = sizeof (name->sa_family); i < namelen; i++) {
			if (faddr[i] == '\0') {
				foundnull = 1;
				break;
			}
		}
		if (!foundnull) {
			/* Add extra byte for NUL padding */
			char *nfaddr;

			nfaddr = (char *)kmem_alloc(namelen + 1, KM_SLEEP);
			bcopy(faddr, nfaddr, namelen);
			kmem_free(faddr, namelen);

			/* NUL terminate */
			nfaddr[namelen] = '\0';
			namelen++;
			ASSERT((socklen_t)namelen == namelen);
			*namelenp = (socklen_t)namelen;
			faddr = nfaddr;
		}
	}
	return ((struct sockaddr *)faddr);
}

/*
 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL.
 */
static int
copyout_arg(void *uaddr, socklen_t ulen, void *ulenp,
		void *kaddr, socklen_t klen)
{
	if (uaddr != NULL) {
		if (ulen > klen)
			ulen = klen;

		if (ulen != 0) {
			if (copyout(kaddr, uaddr, ulen))
				return (EFAULT);
		}
	} else
		ulen = 0;

	if (ulenp != NULL) {
		if (copyout(&ulen, ulenp, sizeof (ulen)))
			return (EFAULT);
	}
	return (0);
}

/*
 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL.
 * If klen is greater than ulen it still uses the non-truncated
 * klen to update ulenp.
 */
static int
copyout_name(void *uaddr, socklen_t ulen, void *ulenp,
		void *kaddr, socklen_t klen)
{
	if (uaddr != NULL) {
		if (ulen >= klen)
			ulen = klen;
		else if (ulen != 0 && xnet_truncate_print) {
			printf("sockfs: truncating copyout of address using "
			    "XNET semantics for pid = %d. Lengths %d, %d\n",
			    curproc->p_pid, klen, ulen);
		}

		if (ulen != 0) {
			if (copyout(kaddr, uaddr, ulen))
				return (EFAULT);
		} else
			klen = 0;
	} else
		klen = 0;

	if (ulenp != NULL) {
		if (copyout(&klen, ulenp, sizeof (klen)))
			return (EFAULT);
	}
	return (0);
}

/*
 * The socketpair() code in libsocket creates two sockets (using
 * the /etc/netconfig fallback if needed) before calling this routine
 * to connect the two sockets together.
 *
 * For a SOCK_STREAM socketpair a listener is needed - in that case this
 * routine will create a new file descriptor as part of accepting the
 * connection. The library socketpair() will check if svs[2] has changed
 * in which case it will close the changed fd.
 *
 * Note that this code could use the TPI feature of accepting the connection
 * on the listening endpoint. However, that would require significant changes
 * to soaccept.
 */
int
so_socketpair(int sv[2])
{
	int svs[2];
	struct sonode *so1, *so2;
	int error;
	struct sockaddr_ux *name;
	size_t namelen;
	sotpi_info_t *sti1;
	sotpi_info_t *sti2;

	dprint(1, ("so_socketpair(%p)\n", (void *)sv));

	error = useracc(sv, sizeof (svs), B_WRITE);
	if (error && do_useracc)
		return (set_errno(EFAULT));

	if (copyin(sv, svs, sizeof (svs)))
		return (set_errno(EFAULT));

	if ((so1 = getsonode(svs[0], &error, NULL)) == NULL)
		return (set_errno(error));

	if ((so2 = getsonode(svs[1], &error, NULL)) == NULL) {
		releasef(svs[0]);
		return (set_errno(error));
	}

	if (so1->so_family != AF_UNIX || so2->so_family != AF_UNIX) {
		error = EOPNOTSUPP;
		goto done;
	}

	sti1 = SOTOTPI(so1);
	sti2 = SOTOTPI(so2);

	/*
	 * The code below makes assumptions about the "sockfs" implementation.
	 * So make sure that the correct implementation is really used.
	 */
	ASSERT(so1->so_ops == &sotpi_sonodeops);
	ASSERT(so2->so_ops == &sotpi_sonodeops);

	if (so1->so_type == SOCK_DGRAM) {
		/*
		 * Bind both sockets and connect them with each other.
		 * Need to allocate name/namelen for soconnect.
		 */
		error = socket_bind(so1, NULL, 0, _SOBIND_UNSPEC, CRED());
		if (error) {
			eprintsoline(so1, error);
			goto done;
		}
		error = socket_bind(so2, NULL, 0, _SOBIND_UNSPEC, CRED());
		if (error) {
			eprintsoline(so2, error);
			goto done;
		}
		namelen = sizeof (struct sockaddr_ux);
		name = kmem_alloc(namelen, KM_SLEEP);
		name->sou_family = AF_UNIX;
		name->sou_addr = sti2->sti_ux_laddr;
		error = socket_connect(so1,
		    (struct sockaddr *)name,
		    (socklen_t)namelen,
		    0, _SOCONNECT_NOXLATE, CRED());
		if (error) {
			kmem_free(name, namelen);
			eprintsoline(so1, error);
			goto done;
		}
		name->sou_addr = sti1->sti_ux_laddr;
		error = socket_connect(so2,
		    (struct sockaddr *)name,
		    (socklen_t)namelen,
		    0, _SOCONNECT_NOXLATE, CRED());
		kmem_free(name, namelen);
		if (error) {
			eprintsoline(so2, error);
			goto done;
		}
		releasef(svs[0]);
		releasef(svs[1]);
	} else {
		/*
		 * Bind both sockets, with so1 being a listener.
		 * Connect so2 to so1 - nonblocking to avoid waiting for
		 * soaccept to complete.
		 * Accept a connection on so1. Pass out the new fd as sv[0].
		 * The library will detect the changed fd and close
		 * the original one.
		 */
		struct sonode *nso;
		struct vnode *nvp;
		struct file *nfp;
		int nfd;

		/*
		 * We could simply call socket_listen() here (which would do the
		 * binding automatically) if the code didn't rely on passing
		 * _SOBIND_NOXLATE to the TPI implementation of socket_bind().
		 */
		error = socket_bind(so1, NULL, 0, _SOBIND_UNSPEC|
		    _SOBIND_NOXLATE|_SOBIND_LISTEN|_SOBIND_SOCKETPAIR,
		    CRED());
		if (error) {
			eprintsoline(so1, error);
			goto done;
		}
		error = socket_bind(so2, NULL, 0, _SOBIND_UNSPEC, CRED());
		if (error) {
			eprintsoline(so2, error);
			goto done;
		}

		namelen = sizeof (struct sockaddr_ux);
		name = kmem_alloc(namelen, KM_SLEEP);
		name->sou_family = AF_UNIX;
		name->sou_addr = sti1->sti_ux_laddr;
		error = socket_connect(so2,
		    (struct sockaddr *)name,
		    (socklen_t)namelen,
		    FNONBLOCK, _SOCONNECT_NOXLATE, CRED());
		kmem_free(name, namelen);
		if (error) {
			if (error != EINPROGRESS) {
				eprintsoline(so2, error); goto done;
			}
		}

		error = socket_accept(so1, 0, CRED(), &nso);
		if (error) {
			eprintsoline(so1, error);
			goto done;
		}

		/* wait for so2 being SS_CONNECTED ignoring signals */
		mutex_enter(&so2->so_lock);
		error = sowaitconnected(so2, 0, 1);
		mutex_exit(&so2->so_lock);
		if (error != 0) {
			(void) socket_close(nso, 0, CRED());
			socket_destroy(nso);
			eprintsoline(so2, error);
			goto done;
		}

		nvp = SOTOV(nso);
		if (error = falloc(nvp, FWRITE|FREAD, &nfp, &nfd)) {
			(void) socket_close(nso, 0, CRED());
			socket_destroy(nso);
			eprintsoline(nso, error);
			goto done;
		}
		/*
		 * fill in the entries that falloc reserved
		 */
		mutex_exit(&nfp->f_tlock);
		setf(nfd, nfp);

		releasef(svs[0]);
		releasef(svs[1]);
		svs[0] = nfd;

		/*
		 * The socketpair library routine will close the original
		 * svs[0] when this code passes out a different file
		 * descriptor.
		 */
		if (copyout(svs, sv, sizeof (svs))) {
			(void) closeandsetf(nfd, NULL);
			eprintline(EFAULT);
			return (set_errno(EFAULT));
		}
	}
	return (0);

done:
	releasef(svs[0]);
	releasef(svs[1]);
	return (set_errno(error));
}

int
bind(int sock, struct sockaddr *name, socklen_t namelen, int version)
{
	struct sonode *so;
	int error;

	dprint(1, ("bind(%d, %p, %d)\n",
	    sock, (void *)name, namelen));

	if ((so = getsonode(sock, &error, NULL)) == NULL)
		return (set_errno(error));

	/* Allocate and copyin name */
	/*
	 * X/Open test does not expect EFAULT with NULL name and non-zero
	 * namelen.
	 */
	if (name != NULL && namelen != 0) {
		ASSERT(MUTEX_NOT_HELD(&so->so_lock));
		name = copyin_name(so, name, &namelen, &error);
		if (name == NULL) {
			releasef(sock);
			return (set_errno(error));
		}
	} else {
		name = NULL;
		namelen = 0;
	}

	switch (version) {
	default:
		error = socket_bind(so, name, namelen, 0, CRED());
		break;
	case SOV_XPG4_2:
		error = socket_bind(so, name, namelen, _SOBIND_XPG4_2, CRED());
		break;
	case SOV_SOCKBSD:
		error = socket_bind(so, name, namelen, _SOBIND_SOCKBSD, CRED());
		break;
	}
done:
	releasef(sock);
	if (name != NULL)
		kmem_free(name, (size_t)namelen);

	if (error)
		return (set_errno(error));
	return (0);
}

/* ARGSUSED2 */
int
listen(int sock, int backlog, int version)
{
	struct sonode *so;
	int error;

	dprint(1, ("listen(%d, %d)\n",
	    sock, backlog));

	if ((so = getsonode(sock, &error, NULL)) == NULL)
		return (set_errno(error));

	error = socket_listen(so, backlog, CRED());

	releasef(sock);
	if (error)
		return (set_errno(error));
	return (0);
}

/*ARGSUSED3*/
int
accept(int sock, struct sockaddr *name, socklen_t *namelenp, int version)
{
	struct sonode *so;
	file_t *fp;
	int error;
	socklen_t namelen;
	struct sonode *nso;
	struct vnode *nvp;
	struct file *nfp;
	int nfd;
	struct sockaddr *addrp;
	socklen_t addrlen;

	dprint(1, ("accept(%d, %p, %p)\n",
	    sock, (void *)name, (void *)namelenp));

	if ((so = getsonode(sock, &error, &fp)) == NULL)
		return (set_errno(error));

	if (name != NULL) {
		ASSERT(MUTEX_NOT_HELD(&so->so_lock));
		if (copyin(namelenp, &namelen, sizeof (namelen))) {
			releasef(sock);
			return (set_errno(EFAULT));
		}
		if (namelen != 0) {
			error = useracc(name, (size_t)namelen, B_WRITE);
			if (error && do_useracc) {
				releasef(sock);
				return (set_errno(EFAULT));
			}
		} else
			name = NULL;
	} else {
		namelen = 0;
	}

	/*
	 * Allocate the user fd before socket_accept() in order to
	 * catch EMFILE errors before calling socket_accept().
	 */
	if ((nfd = ufalloc(0)) == -1) {
		eprintsoline(so, EMFILE);
		releasef(sock);
		return (set_errno(EMFILE));
	}
	error = socket_accept(so, fp->f_flag, CRED(), &nso);
	if (error) {
		setf(nfd, NULL);
		releasef(sock);
		return (set_errno(error));
	}

	nvp = SOTOV(nso);

	ASSERT(MUTEX_NOT_HELD(&nso->so_lock));
	if (namelen != 0) {
		addrlen = so->so_max_addr_len;
		addrp = (struct sockaddr *)kmem_alloc(addrlen, KM_SLEEP);

		if ((error = socket_getpeername(nso, (struct sockaddr *)addrp,
		    &addrlen, B_TRUE, CRED())) == 0) {
			error = copyout_name(name, namelen, namelenp,
			    addrp, addrlen);
		} else {
			ASSERT(error == EINVAL || error == ENOTCONN);
			error = ECONNABORTED;
		}
		kmem_free(addrp, so->so_max_addr_len);
	}

	if (error) {
		setf(nfd, NULL);
		(void) socket_close(nso, 0, CRED());
		socket_destroy(nso);
		releasef(sock);
		return (set_errno(error));
	}
	if (error = falloc(NULL, FWRITE|FREAD, &nfp, NULL)) {
		setf(nfd, NULL);
		(void) socket_close(nso, 0, CRED());
		socket_destroy(nso);
		eprintsoline(so, error);
		releasef(sock);
		return (set_errno(error));
	}
	/*
	 * fill in the entries that falloc reserved
	 */
	nfp->f_vnode = nvp;
	mutex_exit(&nfp->f_tlock);
	setf(nfd, nfp);

	/*
	 * Copy FNDELAY and FNONBLOCK from listener to acceptor
	 */
	if (so->so_state & (SS_NDELAY|SS_NONBLOCK)) {
		uint_t oflag = nfp->f_flag;
		int arg = 0;

		if (so->so_state & SS_NONBLOCK)
			arg |= FNONBLOCK;
		else if (so->so_state & SS_NDELAY)
			arg |= FNDELAY;

		/*
		 * This code is a simplification of the F_SETFL code in fcntl()
		 * Ignore any errors from VOP_SETFL.
		 */
		if ((error = VOP_SETFL(nvp, oflag, arg, nfp->f_cred, NULL))
		    != 0) {
			eprintsoline(so, error);
			error = 0;
		} else {
			mutex_enter(&nfp->f_tlock);
			nfp->f_flag &= ~FMASK | (FREAD|FWRITE);
			nfp->f_flag |= arg;
			mutex_exit(&nfp->f_tlock);
		}
	}
	releasef(sock);
	return (nfd);
}

int
connect(int sock, struct sockaddr *name, socklen_t namelen, int version)
{
	struct sonode *so;
	file_t *fp;
	int error;

	dprint(1, ("connect(%d, %p, %d)\n",
	    sock, (void *)name, namelen));

	if ((so = getsonode(sock, &error, &fp)) == NULL)
		return (set_errno(error));

	/* Allocate and copyin name */
	if (namelen != 0) {
		ASSERT(MUTEX_NOT_HELD(&so->so_lock));
		name = copyin_name(so, name, &namelen, &error);
		if (name == NULL) {
			releasef(sock);
			return (set_errno(error));
		}
	} else
		name = NULL;

	error = socket_connect(so, name, namelen, fp->f_flag,
	    (version != SOV_XPG4_2) ? 0 : _SOCONNECT_XPG4_2, CRED());
	releasef(sock);
	if (name)
		kmem_free(name, (size_t)namelen);
	if (error)
		return (set_errno(error));
	return (0);
}

/*ARGSUSED2*/
int
shutdown(int sock, int how, int version)
{
	struct sonode *so;
	int error;

	dprint(1, ("shutdown(%d, %d)\n",
	    sock, how));

	if ((so = getsonode(sock, &error, NULL)) == NULL)
		return (set_errno(error));

	error = socket_shutdown(so, how, CRED());

	releasef(sock);
	if (error)
		return (set_errno(error));
	return (0);
}

/*
 * Common receive routine.
 */
static ssize_t
recvit(int sock,
	struct nmsghdr *msg,
	struct uio *uiop,
	int flags,
	socklen_t *namelenp,
	socklen_t *controllenp,
	int *flagsp)
{
	struct sonode *so;
	file_t *fp;
	void *name;
	socklen_t namelen;
	void *control;
	socklen_t controllen;
	ssize_t len;
	int error;

	if ((so = getsonode(sock, &error, &fp)) == NULL)
		return (set_errno(error));

	len = uiop->uio_resid;
	uiop->uio_fmode = fp->f_flag;
	uiop->uio_extflg = UIO_COPY_CACHED;

	name = msg->msg_name;
	namelen = msg->msg_namelen;
	control = msg->msg_control;
	controllen = msg->msg_controllen;

	msg->msg_flags = flags & (MSG_OOB | MSG_PEEK | MSG_WAITALL |
	    MSG_DONTWAIT | MSG_XPG4_2);

	error = socket_recvmsg(so, msg, uiop, CRED());
	if (error) {
		releasef(sock);
		return (set_errno(error));
	}
	lwp_stat_update(LWP_STAT_MSGRCV, 1);
	releasef(sock);

	error = copyout_name(name, namelen, namelenp,
	    msg->msg_name, msg->msg_namelen);
	if (error)
		goto err;

	if (flagsp != NULL) {
		/*
		 * Clear internal flag.
		 */
		msg->msg_flags &= ~MSG_XPG4_2;

		/*
		 * Determine MSG_CTRUNC. sorecvmsg sets MSG_CTRUNC only
		 * when controllen is zero and there is control data to
		 * copy out.
		 */
		if (controllen != 0 &&
		    (msg->msg_controllen > controllen || control == NULL)) {
			dprint(1, ("recvit: CTRUNC %d %d %p\n",
			    msg->msg_controllen, controllen, control));

			msg->msg_flags |= MSG_CTRUNC;
		}
		if (copyout(&msg->msg_flags, flagsp,
		    sizeof (msg->msg_flags))) {
			error = EFAULT;
			goto err;
		}
	}
	/*
	 * Note: This MUST be done last. There can be no "goto err" after this
	 * point since it could make so_closefds run twice on some part
	 * of the file descriptor array.
	 */
	if (controllen != 0) {
		if (!(flags & MSG_XPG4_2)) {
			/*
			 * Good old msg_accrights can only return a multiple
			 * of 4 bytes.
			 */
			controllen &= ~((int)sizeof (uint32_t) - 1);
		}
		error = copyout_arg(control, controllen, controllenp,
		    msg->msg_control, msg->msg_controllen);
		if (error)
			goto err;

		if (msg->msg_controllen > controllen || control == NULL) {
			if (control == NULL)
				controllen = 0;
			so_closefds(msg->msg_control, msg->msg_controllen,
			    !(flags & MSG_XPG4_2), controllen);
		}
	}
	if (msg->msg_namelen != 0)
		kmem_free(msg->msg_name, (size_t)msg->msg_namelen);
	if (msg->msg_controllen != 0)
		kmem_free(msg->msg_control, (size_t)msg->msg_controllen);
	return (len - uiop->uio_resid);

err:
	/*
	 * If we fail and the control part contains file descriptors
	 * we have to close the fd's.
	 */
	if (msg->msg_controllen != 0)
		so_closefds(msg->msg_control, msg->msg_controllen,
		    !(flags & MSG_XPG4_2), 0);
	if (msg->msg_namelen != 0)
		kmem_free(msg->msg_name, (size_t)msg->msg_namelen);
	if (msg->msg_controllen != 0)
		kmem_free(msg->msg_control, (size_t)msg->msg_controllen);
	return (set_errno(error));
}

/*
 * Native system call
 */
ssize_t
recv(int sock, void *buffer, size_t len, int flags)
{
	struct nmsghdr lmsg;
	struct uio auio;
	struct iovec aiov[1];

	dprint(1, ("recv(%d, %p, %ld, %d)\n",
	    sock, buffer, len, flags));

	if ((ssize_t)len < 0) {
		return (set_errno(EINVAL));
	}

	aiov[0].iov_base = buffer;
	aiov[0].iov_len = len;
	auio.uio_loffset = 0;
	auio.uio_iov = aiov;
	auio.uio_iovcnt = 1;
	auio.uio_resid = len;
	auio.uio_segflg = UIO_USERSPACE;
	auio.uio_limit = 0;

	lmsg.msg_namelen = 0;
	lmsg.msg_controllen = 0;
	lmsg.msg_flags = 0;
	return (recvit(sock, &lmsg, &auio, flags, NULL, NULL, NULL));
}

ssize_t
recvfrom(int sock, void *buffer, size_t len, int flags,
	struct sockaddr *name, socklen_t *namelenp)
{
	struct nmsghdr lmsg;
	struct uio auio;
	struct iovec aiov[1];

	dprint(1, ("recvfrom(%d, %p, %ld, %d, %p, %p)\n",
	    sock, buffer, len, flags, (void *)name, (void *)namelenp));

	if ((ssize_t)len < 0) {
		return (set_errno(EINVAL));
	}

	aiov[0].iov_base = buffer;
	aiov[0].iov_len = len;
	auio.uio_loffset = 0;
	auio.uio_iov = aiov;
	auio.uio_iovcnt = 1;
	auio.uio_resid = len;
	auio.uio_segflg = UIO_USERSPACE;
	auio.uio_limit = 0;

	lmsg.msg_name = (char *)name;
	if (namelenp != NULL) {
		if (copyin(namelenp, &lmsg.msg_namelen,
		    sizeof (lmsg.msg_namelen)))
			return (set_errno(EFAULT));
	} else {
		lmsg.msg_namelen = 0;
	}
	lmsg.msg_controllen = 0;
	lmsg.msg_flags = 0;

	return (recvit(sock, &lmsg, &auio, flags, namelenp, NULL, NULL));
}

/*
 * Uses the MSG_XPG4_2 flag to determine if the caller is using
 * struct omsghdr or struct nmsghdr.
 */
ssize_t
recvmsg(int sock, struct nmsghdr *msg, int flags)
{
	STRUCT_DECL(nmsghdr, u_lmsg);
	STRUCT_HANDLE(nmsghdr, umsgptr);
	struct nmsghdr lmsg;
	struct uio auio;
	struct iovec aiov[MSG_MAXIOVLEN];
	int iovcnt;
	ssize_t len;
	int i;
	int *flagsp;
	model_t	model;

	dprint(1, ("recvmsg(%d, %p, %d)\n",
	    sock, (void *)msg, flags));

	model = get_udatamodel();
	STRUCT_INIT(u_lmsg, model);
	STRUCT_SET_HANDLE(umsgptr, model, msg);

	if (flags & MSG_XPG4_2) {
		if (copyin(msg, STRUCT_BUF(u_lmsg), STRUCT_SIZE(u_lmsg)))
			return (set_errno(EFAULT));
		flagsp = STRUCT_FADDR(umsgptr, msg_flags);
	} else {
		/*
		 * Assumes that nmsghdr and omsghdr are identically shaped
		 * except for the added msg_flags field.
		 */
		if (copyin(msg, STRUCT_BUF(u_lmsg),
		    SIZEOF_STRUCT(omsghdr, model)))
			return (set_errno(EFAULT));
		STRUCT_FSET(u_lmsg, msg_flags, 0);
		flagsp = NULL;
	}

	/*
	 * Code below us will kmem_alloc memory and hang it
	 * off msg_control and msg_name fields. This forces
	 * us to copy the structure to its native form.
	 */
	lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name);
	lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen);
	lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov);
	lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen);
	lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control);
	lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen);
	lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags);

	iovcnt = lmsg.msg_iovlen;

	if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) {
		return (set_errno(EMSGSIZE));
	}

#ifdef _SYSCALL32_IMPL
	/*
	 * 32-bit callers need to have their iovec expanded, while ensuring
	 * that they can't move more than 2Gbytes of data in a single call.
	 */
	if (model == DATAMODEL_ILP32) {
		struct iovec32 aiov32[MSG_MAXIOVLEN];
		ssize32_t count32;

		if (copyin((struct iovec32 *)lmsg.msg_iov, aiov32,
		    iovcnt * sizeof (struct iovec32)))
			return (set_errno(EFAULT));

		count32 = 0;
		for (i = 0; i < iovcnt; i++) {
			ssize32_t iovlen32;

			iovlen32 = aiov32[i].iov_len;
			count32 += iovlen32;
			if (iovlen32 < 0 || count32 < 0)
				return (set_errno(EINVAL));
			aiov[i].iov_len = iovlen32;
			aiov[i].iov_base =
			    (caddr_t)(uintptr_t)aiov32[i].iov_base;
		}
	} else
#endif /* _SYSCALL32_IMPL */
	if (copyin(lmsg.msg_iov, aiov, iovcnt * sizeof (struct iovec))) {
		return (set_errno(EFAULT));
	}
	len = 0;
	for (i = 0; i < iovcnt; i++) {
		ssize_t iovlen = aiov[i].iov_len;
		len += iovlen;
		if (iovlen < 0 || len < 0) {
			return (set_errno(EINVAL));
		}
	}
	auio.uio_loffset = 0;
	auio.uio_iov = aiov;
	auio.uio_iovcnt = iovcnt;
	auio.uio_resid = len;
	auio.uio_segflg = UIO_USERSPACE;
	auio.uio_limit = 0;

	if (lmsg.msg_control != NULL &&
	    (do_useracc == 0 ||
	    useracc(lmsg.msg_control, lmsg.msg_controllen,
	    B_WRITE) != 0)) {
		return (set_errno(EFAULT));
	}

	return (recvit(sock, &lmsg, &auio, flags,
	    STRUCT_FADDR(umsgptr, msg_namelen),
	    STRUCT_FADDR(umsgptr, msg_controllen), flagsp));
}

/*
 * Common send function.
 */
static ssize_t
sendit(int sock, struct nmsghdr *msg, struct uio *uiop, int flags)
{
	struct sonode *so;
	file_t *fp;
	void *name;
	socklen_t namelen;
	void *control;
	socklen_t controllen;
	ssize_t len;
	int error;

	if ((so = getsonode(sock, &error, &fp)) == NULL)
		return (set_errno(error));

	uiop->uio_fmode = fp->f_flag;

	if (so->so_family == AF_UNIX)
		uiop->uio_extflg = UIO_COPY_CACHED;
	else
		uiop->uio_extflg = UIO_COPY_DEFAULT;

	/* Allocate and copyin name and control */
	name = msg->msg_name;
	namelen = msg->msg_namelen;
	if (name != NULL && namelen != 0) {
		ASSERT(MUTEX_NOT_HELD(&so->so_lock));
		name = copyin_name(so,
		    (struct sockaddr *)name,
		    &namelen, &error);
		if (name == NULL)
			goto done3;
		/* copyin_name null terminates addresses for AF_UNIX */
		msg->msg_namelen = namelen;
		msg->msg_name = name;
	} else {
		msg->msg_name = name = NULL;
		msg->msg_namelen = namelen = 0;
	}

	control = msg->msg_control;
	controllen = msg->msg_controllen;
	if ((control != NULL) && (controllen != 0)) {
		/*
		 * Verify that the length is not excessive to prevent
		 * an application from consuming all of kernel memory.
		 */
		if (controllen > SO_MAXARGSIZE) {
			error = EINVAL;
			goto done2;
		}
		control = kmem_alloc(controllen, KM_SLEEP);

		ASSERT(MUTEX_NOT_HELD(&so->so_lock));
		if (copyin(msg->msg_control, control, controllen)) {
			error = EFAULT;
			goto done1;
		}
		msg->msg_control = control;
	} else {
		msg->msg_control = control = NULL;
		msg->msg_controllen = controllen = 0;
	}

	len = uiop->uio_resid;
	msg->msg_flags = flags;

	error = socket_sendmsg(so, msg, uiop, CRED());
done1:
	if (control != NULL)
		kmem_free(control, controllen);
done2:
	if (name != NULL)
		kmem_free(name, namelen);
done3:
	if (error != 0) {
		releasef(sock);
		return (set_errno(error));
	}
	lwp_stat_update(LWP_STAT_MSGSND, 1);
	releasef(sock);
	return (len - uiop->uio_resid);
}

/*
 * Native system call
 */
ssize_t
send(int sock, void *buffer, size_t len, int flags)
{
	struct nmsghdr lmsg;
	struct uio auio;
	struct iovec aiov[1];

	dprint(1, ("send(%d, %p, %ld, %d)\n",
	    sock, buffer, len, flags));

	if ((ssize_t)len < 0) {
		return (set_errno(EINVAL));
	}

	aiov[0].iov_base = buffer;
	aiov[0].iov_len = len;
	auio.uio_loffset = 0;
	auio.uio_iov = aiov;
	auio.uio_iovcnt = 1;
	auio.uio_resid = len;
	auio.uio_segflg = UIO_USERSPACE;
	auio.uio_limit = 0;

	lmsg.msg_name = NULL;
	lmsg.msg_control = NULL;
	if (!(flags & MSG_XPG4_2)) {
		/*
		 * In order to be compatible with the libsocket/sockmod
		 * implementation we set EOR for all send* calls.
		 */
		flags |= MSG_EOR;
	}
	return (sendit(sock, &lmsg, &auio, flags));
}

/*
 * Uses the MSG_XPG4_2 flag to determine if the caller is using
 * struct omsghdr or struct nmsghdr.
 */
ssize_t
sendmsg(int sock, struct nmsghdr *msg, int flags)
{
	struct nmsghdr lmsg;
	STRUCT_DECL(nmsghdr, u_lmsg);
	struct uio auio;
	struct iovec aiov[MSG_MAXIOVLEN];
	int iovcnt;
	ssize_t len;
	int i;
	model_t	model;

	dprint(1, ("sendmsg(%d, %p, %d)\n", sock, (void *)msg, flags));

	model = get_udatamodel();
	STRUCT_INIT(u_lmsg, model);

	if (flags & MSG_XPG4_2) {
		if (copyin(msg, (char *)STRUCT_BUF(u_lmsg),
		    STRUCT_SIZE(u_lmsg)))
			return (set_errno(EFAULT));
	} else {
		/*
		 * Assumes that nmsghdr and omsghdr are identically shaped
		 * except for the added msg_flags field.
		 */
		if (copyin(msg, (char *)STRUCT_BUF(u_lmsg),
		    SIZEOF_STRUCT(omsghdr, model)))
			return (set_errno(EFAULT));
		/*
		 * In order to be compatible with the libsocket/sockmod
		 * implementation we set EOR for all send* calls.
		 */
		flags |= MSG_EOR;
	}

	/*
	 * Code below us will kmem_alloc memory and hang it
	 * off msg_control and msg_name fields. This forces
	 * us to copy the structure to its native form.
	 */
	lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name);
	lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen);
	lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov);
	lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen);
	lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control);
	lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen);
	lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags);

	iovcnt = lmsg.msg_iovlen;

	if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) {
		/*
		 * Unless this is XPG 4.2 we allow iovcnt == 0 to
		 * be compatible with SunOS 4.X and 4.4BSD.
		 */
		if (iovcnt != 0 || (flags & MSG_XPG4_2))
			return (set_errno(EMSGSIZE));
	}

#ifdef _SYSCALL32_IMPL
	/*
	 * 32-bit callers need to have their iovec expanded, while ensuring
	 * that they can't move more than 2Gbytes of data in a single call.
	 */
	if (model == DATAMODEL_ILP32) {
		struct iovec32 aiov32[MSG_MAXIOVLEN];
		ssize32_t count32;

		if (iovcnt != 0 &&
		    copyin((struct iovec32 *)lmsg.msg_iov, aiov32,
		    iovcnt * sizeof (struct iovec32)))
			return (set_errno(EFAULT));

		count32 = 0;
		for (i = 0; i < iovcnt; i++) {
			ssize32_t iovlen32;

			iovlen32 = aiov32[i].iov_len;
			count32 += iovlen32;
			if (iovlen32 < 0 || count32 < 0)
				return (set_errno(EINVAL));
			aiov[i].iov_len = iovlen32;
			aiov[i].iov_base =
			    (caddr_t)(uintptr_t)aiov32[i].iov_base;
		}
	} else
#endif /* _SYSCALL32_IMPL */
	if (iovcnt != 0 &&
	    copyin(lmsg.msg_iov, aiov,
	    (unsigned)iovcnt * sizeof (struct iovec))) {
		return (set_errno(EFAULT));
	}
	len = 0;
	for (i = 0; i < iovcnt; i++) {
		ssize_t iovlen = aiov[i].iov_len;
		len += iovlen;
		if (iovlen < 0 || len < 0) {
			return (set_errno(EINVAL));
		}
	}
	auio.uio_loffset = 0;
	auio.uio_iov = aiov;
	auio.uio_iovcnt = iovcnt;
	auio.uio_resid = len;
	auio.uio_segflg = UIO_USERSPACE;
	auio.uio_limit = 0;

	return (sendit(sock, &lmsg, &auio, flags));
}

ssize_t
sendto(int sock, void *buffer, size_t len, int flags,
    struct sockaddr *name, socklen_t namelen)
{
	struct nmsghdr lmsg;
	struct uio auio;
	struct iovec aiov[1];

	dprint(1, ("sendto(%d, %p, %ld, %d, %p, %d)\n",
	    sock, buffer, len, flags, (void *)name, namelen));

	if ((ssize_t)len < 0) {
		return (set_errno(EINVAL));
	}

	aiov[0].iov_base = buffer;
	aiov[0].iov_len = len;
	auio.uio_loffset = 0;
	auio.uio_iov = aiov;
	auio.uio_iovcnt = 1;
	auio.uio_resid = len;
	auio.uio_segflg = UIO_USERSPACE;
	auio.uio_limit = 0;

	lmsg.msg_name = (char *)name;
	lmsg.msg_namelen = namelen;
	lmsg.msg_control = NULL;
	if (!(flags & MSG_XPG4_2)) {
		/*
		 * In order to be compatible with the libsocket/sockmod
		 * implementation we set EOR for all send* calls.
		 */
		flags |= MSG_EOR;
	}
	return (sendit(sock, &lmsg, &auio, flags));
}

/*ARGSUSED3*/
int
getpeername(int sock, struct sockaddr *name, socklen_t *namelenp, int version)
{
	struct sonode *so;
	int error;
	socklen_t namelen;
	socklen_t sock_addrlen;
	struct sockaddr *sock_addrp;

	dprint(1, ("getpeername(%d, %p, %p)\n",
	    sock, (void *)name, (void *)namelenp));

	if ((so = getsonode(sock, &error, NULL)) == NULL)
		goto bad;

	ASSERT(MUTEX_NOT_HELD(&so->so_lock));
	if (copyin(namelenp, &namelen, sizeof (namelen)) ||
	    (name == NULL && namelen != 0)) {
		error = EFAULT;
		goto rel_out;
	}
	sock_addrlen = so->so_max_addr_len;
	sock_addrp = (struct sockaddr *)kmem_alloc(sock_addrlen, KM_SLEEP);

	if ((error = socket_getpeername(so, sock_addrp, &sock_addrlen,
	    B_FALSE, CRED())) == 0) {
		ASSERT(sock_addrlen <= so->so_max_addr_len);
		error = copyout_name(name, namelen, namelenp,
		    (void *)sock_addrp, sock_addrlen);
	}
	kmem_free(sock_addrp, so->so_max_addr_len);
rel_out:
	releasef(sock);
bad:	return (error != 0 ? set_errno(error) : 0);
}

/*ARGSUSED3*/
int
getsockname(int sock, struct sockaddr *name,
		socklen_t *namelenp, int version)
{
	struct sonode *so;
	int error;
	socklen_t namelen, sock_addrlen;
	struct sockaddr *sock_addrp;

	dprint(1, ("getsockname(%d, %p, %p)\n",
	    sock, (void *)name, (void *)namelenp));

	if ((so = getsonode(sock, &error, NULL)) == NULL)
		goto bad;

	ASSERT(MUTEX_NOT_HELD(&so->so_lock));
	if (copyin(namelenp, &namelen, sizeof (namelen)) ||
	    (name == NULL && namelen != 0)) {
		error = EFAULT;
		goto rel_out;
	}

	sock_addrlen = so->so_max_addr_len;
	sock_addrp = (struct sockaddr *)kmem_alloc(sock_addrlen, KM_SLEEP);
	if ((error = socket_getsockname(so, sock_addrp, &sock_addrlen,
	    CRED())) == 0) {
		ASSERT(MUTEX_NOT_HELD(&so->so_lock));
		ASSERT(sock_addrlen <= so->so_max_addr_len);
		error = copyout_name(name, namelen, namelenp,
		    (void *)sock_addrp, sock_addrlen);
	}
	kmem_free(sock_addrp, so->so_max_addr_len);
rel_out:
	releasef(sock);
bad:	return (error != 0 ? set_errno(error) : 0);
}

/*ARGSUSED5*/
int
getsockopt(int sock,
	int level,
	int option_name,
	void *option_value,
	socklen_t *option_lenp,
	int version)
{
	struct sonode *so;
	socklen_t optlen, optlen_res;
	void *optval;
	int error;

	dprint(1, ("getsockopt(%d, %d, %d, %p, %p)\n",
	    sock, level, option_name, option_value, (void *)option_lenp));

	if ((so = getsonode(sock, &error, NULL)) == NULL)
		return (set_errno(error));

	ASSERT(MUTEX_NOT_HELD(&so->so_lock));
	if (copyin(option_lenp, &optlen, sizeof (optlen))) {
		releasef(sock);
		return (set_errno(EFAULT));
	}
	/*
	 * Verify that the length is not excessive to prevent
	 * an application from consuming all of kernel memory.
	 */
	if (optlen > SO_MAXARGSIZE) {
		error = EINVAL;
		releasef(sock);
		return (set_errno(error));
	}
	optval = kmem_alloc(optlen, KM_SLEEP);
	optlen_res = optlen;
	error = socket_getsockopt(so, level, option_name, optval,
	    &optlen_res, (version != SOV_XPG4_2) ? 0 : _SOGETSOCKOPT_XPG4_2,
	    CRED());
	releasef(sock);
	if (error) {
		kmem_free(optval, optlen);
		return (set_errno(error));
	}
	error = copyout_arg(option_value, optlen, option_lenp,
	    optval, optlen_res);
	kmem_free(optval, optlen);
	if (error)
		return (set_errno(error));
	return (0);
}

/*ARGSUSED5*/
int
setsockopt(int sock,
	int level,
	int option_name,
	void *option_value,
	socklen_t option_len,
	int version)
{
	struct sonode *so;
	intptr_t buffer[2];
	void *optval = NULL;
	int error;

	dprint(1, ("setsockopt(%d, %d, %d, %p, %d)\n",
	    sock, level, option_name, option_value, option_len));

	if ((so = getsonode(sock, &error, NULL)) == NULL)
		return (set_errno(error));

	if (option_value != NULL) {
		if (option_len != 0) {
			/*
			 * Verify that the length is not excessive to prevent
			 * an application from consuming all of kernel memory.
			 */
			if (option_len > SO_MAXARGSIZE) {
				error = EINVAL;
				goto done2;
			}
			optval = option_len <= sizeof (buffer) ?
			    &buffer : kmem_alloc((size_t)option_len, KM_SLEEP);
			ASSERT(MUTEX_NOT_HELD(&so->so_lock));
			if (copyin(option_value, optval, (size_t)option_len)) {
				error = EFAULT;
				goto done1;
			}
		}
	} else
		option_len = 0;

	error = socket_setsockopt(so, level, option_name, optval,
	    (t_uscalar_t)option_len, CRED());
done1:
	if (optval != buffer)
		kmem_free(optval, (size_t)option_len);
done2:
	releasef(sock);
	if (error)
		return (set_errno(error));
	return (0);
}

static int
sockconf_add_sock(int family, int type, int protocol, char *name)
{
	int error = 0;
	char *kdevpath = NULL;
	char *kmodule = NULL;
	char *buf = NULL;
	size_t pathlen = 0;
	struct sockparams *sp;

	if (name == NULL)
		return (EINVAL);
	/*
	 * Copyin the name.
	 * This also makes it possible to check for too long pathnames.
	 * Compress the space needed for the name before passing it
	 * to soconfig - soconfig will store the string until
	 * the configuration is removed.
	 */
	buf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
	if ((error = copyinstr(name, buf, MAXPATHLEN, &pathlen)) != 0) {
		kmem_free(buf, MAXPATHLEN);
		return (error);
	}
	if (strncmp(buf, "/dev", strlen("/dev")) == 0) {
		/* For device */

		/*
		 * Special handling for NCA:
		 *
		 * DEV_NCA is never opened even if an application
		 * requests for AF_NCA. The device opened is instead a
		 * predefined AF_INET transport (NCA_INET_DEV).
		 *
		 * Prior to Volo (PSARC/2007/587) NCA would determine
		 * the device using a lookup, which worked then because
		 * all protocols were based on TPI. Since TPI is no
		 * longer the default, we have to explicitly state
		 * which device to use.
		 */
		if (strcmp(buf, NCA_DEV) == 0) {
			/* only support entry <28, 2, 0> */
			if (family != AF_NCA || type != SOCK_STREAM ||
			    protocol != 0) {
				kmem_free(buf, MAXPATHLEN);
				return (EINVAL);
			}

			pathlen = strlen(NCA_INET_DEV) + 1;
			kdevpath = kmem_alloc(pathlen, KM_SLEEP);
			bcopy(NCA_INET_DEV, kdevpath, pathlen);
			kdevpath[pathlen - 1] = '\0';
		} else {
			kdevpath = kmem_alloc(pathlen, KM_SLEEP);
			bcopy(buf, kdevpath, pathlen);
			kdevpath[pathlen - 1] = '\0';
		}
	} else {
		/* For socket module */
		kmodule = kmem_alloc(pathlen, KM_SLEEP);
		bcopy(buf, kmodule, pathlen);
		kmodule[pathlen - 1] = '\0';
		pathlen = 0;
	}
	kmem_free(buf, MAXPATHLEN);

	/* sockparams_create frees mod name and devpath upon failure */
	sp = sockparams_create(family, type, protocol, kmodule,
	    kdevpath, pathlen, 0, KM_SLEEP, &error);
	if (sp != NULL) {
		error = sockparams_add(sp);
		if (error != 0)
			sockparams_destroy(sp);
	}

	return (error);
}

static int
sockconf_remove_sock(int family, int type, int protocol)
{
	return (sockparams_delete(family, type, protocol));
}

static int
sockconfig_remove_filter(const char *uname)
{
	char kname[SOF_MAXNAMELEN];
	size_t len;
	int error;
	sof_entry_t *ent;

	if ((error = copyinstr(uname, kname, SOF_MAXNAMELEN, &len)) != 0)
		return (error);

	ent = sof_entry_remove_by_name(kname);
	if (ent == NULL)
		return (ENXIO);

	mutex_enter(&ent->sofe_lock);
	ASSERT(!(ent->sofe_flags & SOFEF_CONDEMED));
	if (ent->sofe_refcnt == 0) {
		mutex_exit(&ent->sofe_lock);
		sof_entry_free(ent);
	} else {
		/* let the last socket free the filter */
		ent->sofe_flags |= SOFEF_CONDEMED;
		mutex_exit(&ent->sofe_lock);
	}

	return (0);
}

static int
sockconfig_add_filter(const char *uname, void *ufilpropp)
{
	struct sockconfig_filter_props filprop;
	sof_entry_t *ent;
	int error;
	size_t tuplesz, len;
	char hintbuf[SOF_MAXNAMELEN];

	ent = kmem_zalloc(sizeof (sof_entry_t), KM_SLEEP);
	mutex_init(&ent->sofe_lock, NULL, MUTEX_DEFAULT, NULL);

	if ((error = copyinstr(uname, ent->sofe_name, SOF_MAXNAMELEN,
	    &len)) != 0) {
		sof_entry_free(ent);
		return (error);
	}

	if (get_udatamodel() == DATAMODEL_NATIVE) {
		if (copyin(ufilpropp, &filprop, sizeof (filprop)) != 0) {
			sof_entry_free(ent);
			return (EFAULT);
		}
	}
#ifdef	_SYSCALL32_IMPL
	else {
		struct sockconfig_filter_props32 filprop32;

		if (copyin(ufilpropp, &filprop32, sizeof (filprop32)) != 0) {
			sof_entry_free(ent);
			return (EFAULT);
		}
		filprop.sfp_modname = (char *)(uintptr_t)filprop32.sfp_modname;
		filprop.sfp_autoattach = filprop32.sfp_autoattach;
		filprop.sfp_hint = filprop32.sfp_hint;
		filprop.sfp_hintarg = (char *)(uintptr_t)filprop32.sfp_hintarg;
		filprop.sfp_socktuple_cnt = filprop32.sfp_socktuple_cnt;
		filprop.sfp_socktuple =
		    (sof_socktuple_t *)(uintptr_t)filprop32.sfp_socktuple;
	}
#endif	/* _SYSCALL32_IMPL */

	if ((error = copyinstr(filprop.sfp_modname, ent->sofe_modname,
	    sizeof (ent->sofe_modname), &len)) != 0) {
		sof_entry_free(ent);
		return (error);
	}

	/*
	 * A filter must specify at least one socket tuple.
	 */
	if (filprop.sfp_socktuple_cnt == 0 ||
	    filprop.sfp_socktuple_cnt > SOF_MAXSOCKTUPLECNT) {
		sof_entry_free(ent);
		return (EINVAL);
	}
	ent->sofe_flags = filprop.sfp_autoattach ? SOFEF_AUTO : SOFEF_PROG;
	ent->sofe_hint = filprop.sfp_hint;

	/*
	 * Verify the hint, and copy in the hint argument, if necessary.
	 */
	switch (ent->sofe_hint) {
	case SOF_HINT_BEFORE:
	case SOF_HINT_AFTER:
		if ((error = copyinstr(filprop.sfp_hintarg, hintbuf,
		    sizeof (hintbuf), &len)) != 0) {
			sof_entry_free(ent);
			return (error);
		}
		ent->sofe_hintarg = kmem_alloc(len, KM_SLEEP);
		bcopy(hintbuf, ent->sofe_hintarg, len);
		/* FALLTHRU */
	case SOF_HINT_TOP:
	case SOF_HINT_BOTTOM:
		/* hints cannot be used with programmatic filters */
		if (ent->sofe_flags & SOFEF_PROG) {
			sof_entry_free(ent);
			return (EINVAL);
		}
		break;
	case SOF_HINT_NONE:
		break;
	default:
		/* bad hint value */
		sof_entry_free(ent);
		return (EINVAL);
	}

	ent->sofe_socktuple_cnt = filprop.sfp_socktuple_cnt;
	tuplesz = sizeof (sof_socktuple_t) * ent->sofe_socktuple_cnt;
	ent->sofe_socktuple = kmem_alloc(tuplesz, KM_SLEEP);

	if (get_udatamodel() == DATAMODEL_NATIVE) {
		if (copyin(filprop.sfp_socktuple, ent->sofe_socktuple,
		    tuplesz)) {
			sof_entry_free(ent);
			return (EFAULT);
		}
	}
#ifdef	_SYSCALL32_IMPL
	else {
		int i;
		caddr_t data = (caddr_t)filprop.sfp_socktuple;
		sof_socktuple_t	*tup = ent->sofe_socktuple;
		sof_socktuple32_t tup32;

		tup = ent->sofe_socktuple;
		for (i = 0; i < ent->sofe_socktuple_cnt; i++, tup++) {
			ASSERT(tup < ent->sofe_socktuple + tuplesz);

			if (copyin(data, &tup32, sizeof (tup32)) != 0) {
				sof_entry_free(ent);
				return (EFAULT);
			}
			tup->sofst_family = tup32.sofst_family;
			tup->sofst_type = tup32.sofst_type;
			tup->sofst_protocol = tup32.sofst_protocol;

			data += sizeof (tup32);
		}
	}
#endif	/* _SYSCALL32_IMPL */

	/* Sockets can start using the filter as soon as the filter is added */
	if ((error = sof_entry_add(ent)) != 0)
		sof_entry_free(ent);

	return (error);
}

/*
 * Socket configuration system call. It is used to add and remove
 * socket types.
 */
int
sockconfig(int cmd, void *arg1, void *arg2, void *arg3, void *arg4)
{
	int error = 0;

	if (secpolicy_net_config(CRED(), B_FALSE) != 0)
		return (set_errno(EPERM));

	if (sockfs_defer_nl7c_init) {
		nl7c_init();
		sockfs_defer_nl7c_init = 0;
	}

	switch (cmd) {
	case SOCKCONFIG_ADD_SOCK:
		error = sockconf_add_sock((int)(uintptr_t)arg1,
		    (int)(uintptr_t)arg2, (int)(uintptr_t)arg3, arg4);
		break;
	case SOCKCONFIG_REMOVE_SOCK:
		error = sockconf_remove_sock((int)(uintptr_t)arg1,
		    (int)(uintptr_t)arg2, (int)(uintptr_t)arg3);
		break;
	case SOCKCONFIG_ADD_FILTER:
		error = sockconfig_add_filter((const char *)arg1, arg2);
		break;
	case SOCKCONFIG_REMOVE_FILTER:
		error = sockconfig_remove_filter((const char *)arg1);
		break;
	default:
#ifdef	DEBUG
		cmn_err(CE_NOTE, "sockconfig: unkonwn subcommand %d", cmd);
#endif
		error = EINVAL;
		break;
	}

	if (error != 0) {
		eprintline(error);
		return (set_errno(error));
	}
	return (0);
}


/*
 * Sendfile is implemented through two schemes, direct I/O or by
 * caching in the filesystem page cache. We cache the input file by
 * default and use direct I/O only if sendfile_max_size is set
 * appropriately as explained below. Note that this logic is consistent
 * with other filesystems where caching is turned on by default
 * unless explicitly turned off by using the DIRECTIO ioctl.
 *
 * We choose a slightly different scheme here. One can turn off
 * caching by setting sendfile_max_size to 0. One can also enable
 * caching of files <= sendfile_max_size by setting sendfile_max_size
 * to an appropriate value. By default sendfile_max_size is set to the
 * maximum value so that all files are cached. In future, we may provide
 * better interfaces for caching the file.
 *
 * Sendfile through Direct I/O (Zero copy)
 * --------------------------------------
 *
 * As disks are normally slower than the network, we can't have a
 * single thread that reads the disk and writes to the network. We
 * need to have parallelism. This is done by having the sendfile
 * thread create another thread that reads from the filesystem
 * and queues it for network processing. In this scheme, the data
 * is never copied anywhere i.e it is zero copy unlike the other
 * scheme.
 *
 * We have a sendfile queue (snfq) where each sendfile
 * request (snf_req_t) is queued for processing by a thread. Number
 * of threads is dynamically allocated and they exit if they are idling
 * beyond a specified amount of time. When each request (snf_req_t) is
 * processed by a thread, it produces a number of mblk_t structures to
 * be consumed by the sendfile thread. snf_deque and snf_enque are
 * used for consuming and producing mblks. Size of the filesystem
 * read is determined by the tunable (sendfile_read_size). A single
 * mblk holds sendfile_read_size worth of data (except the last
 * read of the file) which is sent down as a whole to the network.
 * sendfile_read_size is set to 1 MB as this seems to be the optimal
 * value for the UFS filesystem backed by a striped storage array.
 *
 * Synchronisation between read (producer) and write (consumer) threads.
 * --------------------------------------------------------------------
 *
 * sr_lock protects sr_ib_head and sr_ib_tail. The lock is held while
 * adding and deleting items in this list. Error can happen anytime
 * during read or write. There could be unprocessed mblks in the
 * sr_ib_XXX list when a read or write error occurs. Whenever error
 * is encountered, we need two things to happen :
 *
 * a) One of the threads need to clean the mblks.
 * b) When one thread encounters an error, the other should stop.
 *
 * For (a), we don't want to penalize the reader thread as it could do
 * some useful work processing other requests. For (b), the error can
 * be detected by examining sr_read_error or sr_write_error.
 * sr_lock protects sr_read_error and sr_write_error. If both reader and
 * writer encounters error, we need to report the write error back to
 * the application as that's what would have happened if the operations
 * were done sequentially. With this in mind, following should work :
 *
 * 	- Check for errors before read or write.
 *	- If the reader encounters error, set the error in sr_read_error.
 *	  Check sr_write_error, if it is set, send cv_signal as it is
 *	  waiting for reader to complete. If it is not set, the writer
 *	  is either running sinking data to the network or blocked
 *        because of flow control. For handling the latter case, we
 *	  always send a signal. In any case, it will examine sr_read_error
 *	  and return. sr_read_error is marked with SR_READ_DONE to tell
 *	  the writer that the reader is done in all the cases.
 *	- If the writer encounters error, set the error in sr_write_error.
 *	  The reader thread is either blocked because of flow control or
 *	  running reading data from the disk. For the former, we need to
 *	  wakeup the thread. Again to keep it simple, we always wake up
 *	  the reader thread. Then, wait for the read thread to complete
 *	  if it is not done yet. Cleanup and return.
 *
 * High and low water marks for the read thread.
 * --------------------------------------------
 *
 * If sendfile() is used to send data over a slow network, we need to
 * make sure that the read thread does not produce data at a faster
 * rate than the network. This can happen if the disk is faster than
 * the network. In such a case, we don't want to build a very large queue.
 * But we would still like to get all of the network throughput possible.
 * This implies that network should never block waiting for data.
 * As there are lot of disk throughput/network throughput combinations
 * possible, it is difficult to come up with an accurate number.
 * A typical 10K RPM disk has a max seek latency 17ms and rotational
 * latency of 3ms for reading a disk block. Thus, the total latency to
 * initiate a new read, transfer data from the disk and queue for
 * transmission would take about a max of 25ms. Todays max transfer rate
 * for network is 100MB/sec. If the thread is blocked because of flow
 * control, it would take 25ms to get new data ready for transmission.
 * We have to make sure that network is not idling, while we are initiating
 * new transfers. So, at 100MB/sec, to keep network busy we would need
 * 2.5MB of data. Rounding off, we keep the low water mark to be 3MB of data.
 * We need to pick a high water mark so that the woken up thread would
 * do considerable work before blocking again to prevent thrashing. Currently,
 * we pick this to be 10 times that of the low water mark.
 *
 * Sendfile with segmap caching (One copy from page cache to mblks).
 * ----------------------------------------------------------------
 *
 * We use the segmap cache for caching the file, if the size of file
 * is <= sendfile_max_size. In this case we don't use threads as VM
 * is reasonably fast enough to keep up with the network. If the underlying
 * transport allows, we call segmap_getmapflt() to map MAXBSIZE (8K) worth
 * of data into segmap space, and use the virtual address from segmap
 * directly through desballoc() to avoid copy. Once the transport is done
 * with the data, the mapping will be released through segmap_release()
 * called by the call-back routine.
 *
 * If zero-copy is not allowed by the transport, we simply call VOP_READ()
 * to copy the data from the filesystem into our temporary network buffer.
 *
 * To disable caching, set sendfile_max_size to 0.
 */

uint_t sendfile_read_size = 1024 * 1024;
#define	SENDFILE_REQ_LOWAT	3 * 1024 * 1024
uint_t sendfile_req_lowat = SENDFILE_REQ_LOWAT;
uint_t sendfile_req_hiwat = 10 * SENDFILE_REQ_LOWAT;
struct sendfile_stats sf_stats;
struct sendfile_queue *snfq;
clock_t snfq_timeout;
off64_t sendfile_max_size;

static void snf_enque(snf_req_t *, mblk_t *);
static mblk_t *snf_deque(snf_req_t *);

void
sendfile_init(void)
{
	snfq = kmem_zalloc(sizeof (struct sendfile_queue), KM_SLEEP);

	mutex_init(&snfq->snfq_lock, NULL, MUTEX_DEFAULT, NULL);
	cv_init(&snfq->snfq_cv, NULL, CV_DEFAULT, NULL);
	snfq->snfq_max_threads = max_ncpus;
	snfq_timeout = SNFQ_TIMEOUT;
	/* Cache all files by default. */
	sendfile_max_size = MAXOFFSET_T;
}

/*
 * Queues a mblk_t for network processing.
 */
static void
snf_enque(snf_req_t *sr, mblk_t *mp)
{
	mp->b_next = NULL;
	mutex_enter(&sr->sr_lock);
	if (sr->sr_mp_head == NULL) {
		sr->sr_mp_head = sr->sr_mp_tail = mp;
		cv_signal(&sr->sr_cv);
	} else {
		sr->sr_mp_tail->b_next = mp;
		sr->sr_mp_tail = mp;
	}
	sr->sr_qlen += MBLKL(mp);
	while ((sr->sr_qlen > sr->sr_hiwat) &&
	    (sr->sr_write_error == 0)) {
		sf_stats.ss_full_waits++;
		cv_wait(&sr->sr_cv, &sr->sr_lock);
	}
	mutex_exit(&sr->sr_lock);
}

/*
 * De-queues a mblk_t for network processing.
 */
static mblk_t *
snf_deque(snf_req_t *sr)
{
	mblk_t *mp;

	mutex_enter(&sr->sr_lock);
	/*
	 * If we have encountered an error on read or read is
	 * completed and no more mblks, return NULL.
	 * We need to check for NULL sr_mp_head also as
	 * the reads could have completed and there is
	 * nothing more to come.
	 */
	if (((sr->sr_read_error & ~SR_READ_DONE) != 0) ||
	    ((sr->sr_read_error & SR_READ_DONE) &&
	    sr->sr_mp_head == NULL)) {
		mutex_exit(&sr->sr_lock);
		return (NULL);
	}
	/*
	 * To start with neither SR_READ_DONE is marked nor
	 * the error is set. When we wake up from cv_wait,
	 * following are the possibilities :
	 *
	 *	a) sr_read_error is zero and mblks are queued.
	 *	b) sr_read_error is set to SR_READ_DONE
	 *	   and mblks are queued.
	 *	c) sr_read_error is set to SR_READ_DONE
	 *	   and no mblks.
	 *	d) sr_read_error is set to some error other
	 *	   than SR_READ_DONE.
	 */

	while ((sr->sr_read_error == 0) && (sr->sr_mp_head == NULL)) {
		sf_stats.ss_empty_waits++;
		cv_wait(&sr->sr_cv, &sr->sr_lock);
	}
	/* Handle (a) and (b) first  - the normal case. */
	if (((sr->sr_read_error & ~SR_READ_DONE) == 0) &&
	    (sr->sr_mp_head != NULL)) {
		mp = sr->sr_mp_head;
		sr->sr_mp_head = mp->b_next;
		sr->sr_qlen -= MBLKL(mp);
		if (sr->sr_qlen < sr->sr_lowat)
			cv_signal(&sr->sr_cv);
		mutex_exit(&sr->sr_lock);
		mp->b_next = NULL;
		return (mp);
	}
	/* Handle (c) and (d). */
	mutex_exit(&sr->sr_lock);
	return (NULL);
}

/*
 * Reads data from the filesystem and queues it for network processing.
 */
void
snf_async_read(snf_req_t *sr)
{
	size_t iosize;
	u_offset_t fileoff;
	u_offset_t size;
	int ret_size;
	int error;
	file_t *fp;
	mblk_t *mp;
	struct vnode *vp;
	int extra = 0;
	int maxblk = 0;
	int wroff = 0;
	struct sonode *so;

	fp = sr->sr_fp;
	size = sr->sr_file_size;
	fileoff = sr->sr_file_off;

	/*
	 * Ignore the error for filesystems that doesn't support DIRECTIO.
	 */
	(void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_ON, 0,
	    kcred, NULL, NULL);

	vp = sr->sr_vp;
	if (vp->v_type == VSOCK) {
		stdata_t *stp;

		/*
		 * Get the extra space to insert a header and a trailer.
		 */
		so = VTOSO(vp);
		stp = vp->v_stream;
		if (stp == NULL) {
			wroff = so->so_proto_props.sopp_wroff;
			maxblk = so->so_proto_props.sopp_maxblk;
			extra = wroff + so->so_proto_props.sopp_tail;
		} else {
			wroff = (int)(stp->sd_wroff);
			maxblk = (int)(stp->sd_maxblk);
			extra = wroff + (int)(stp->sd_tail);
		}
	}

	while ((size != 0) && (sr->sr_write_error == 0)) {

		iosize = (int)MIN(sr->sr_maxpsz, size);

		/*
		 * Socket filters can limit the mblk size,
		 * so limit reads to maxblk if there are
		 * filters present.
		 */
		if (vp->v_type == VSOCK &&
		    so->so_filter_active > 0 && maxblk != INFPSZ)
			iosize = (int)MIN(iosize, maxblk);

		if (is_system_labeled()) {
			mp = allocb_cred(iosize + extra, CRED(),
			    curproc->p_pid);
		} else {
			mp = allocb(iosize + extra, BPRI_MED);
		}
		if (mp == NULL) {
			error = EAGAIN;
			break;
		}

		mp->b_rptr += wroff;

		ret_size = soreadfile(fp, mp->b_rptr, fileoff, &error, iosize);

		/* Error or Reached EOF ? */
		if ((error != 0) || (ret_size == 0)) {
			freeb(mp);
			break;
		}
		mp->b_wptr = mp->b_rptr + ret_size;

		snf_enque(sr, mp);
		size -= ret_size;
		fileoff += ret_size;
	}
	(void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_OFF, 0,
	    kcred, NULL, NULL);
	mutex_enter(&sr->sr_lock);
	sr->sr_read_error = error;
	sr->sr_read_error |= SR_READ_DONE;
	cv_signal(&sr->sr_cv);
	mutex_exit(&sr->sr_lock);
}

void
snf_async_thread(void)
{
	snf_req_t *sr;
	callb_cpr_t cprinfo;
	clock_t time_left = 1;

	CALLB_CPR_INIT(&cprinfo, &snfq->snfq_lock, callb_generic_cpr, "snfq");

	mutex_enter(&snfq->snfq_lock);
	for (;;) {
		/*
		 * If we didn't find a entry, then block until woken up
		 * again and then look through the queues again.
		 */
		while ((sr = snfq->snfq_req_head) == NULL) {
			CALLB_CPR_SAFE_BEGIN(&cprinfo);
			if (time_left <= 0) {
				snfq->snfq_svc_threads--;
				CALLB_CPR_EXIT(&cprinfo);
				thread_exit();
				/* NOTREACHED */
			}
			snfq->snfq_idle_cnt++;

			time_left = cv_reltimedwait(&snfq->snfq_cv,
			    &snfq->snfq_lock, snfq_timeout, TR_CLOCK_TICK);
			snfq->snfq_idle_cnt--;

			CALLB_CPR_SAFE_END(&cprinfo, &snfq->snfq_lock);
		}
		snfq->snfq_req_head = sr->sr_next;
		snfq->snfq_req_cnt--;
		mutex_exit(&snfq->snfq_lock);
		snf_async_read(sr);
		mutex_enter(&snfq->snfq_lock);
	}
}


snf_req_t *
create_thread(int operation, struct vnode *vp, file_t *fp,
    u_offset_t fileoff, u_offset_t size)
{
	snf_req_t *sr;
	stdata_t *stp;

	sr = (snf_req_t *)kmem_zalloc(sizeof (snf_req_t), KM_SLEEP);

	sr->sr_vp = vp;
	sr->sr_fp = fp;
	stp = vp->v_stream;

	/*
	 * store sd_qn_maxpsz into sr_maxpsz while we have stream head.
	 * stream might be closed before thread returns from snf_async_read.
	 */
	if (stp != NULL && stp->sd_qn_maxpsz > 0) {
		sr->sr_maxpsz = MIN(MAXBSIZE, stp->sd_qn_maxpsz);
	} else {
		sr->sr_maxpsz = MAXBSIZE;
	}

	sr->sr_operation = operation;
	sr->sr_file_off = fileoff;
	sr->sr_file_size = size;
	sr->sr_hiwat = sendfile_req_hiwat;
	sr->sr_lowat = sendfile_req_lowat;
	mutex_init(&sr->sr_lock, NULL, MUTEX_DEFAULT, NULL);
	cv_init(&sr->sr_cv, NULL, CV_DEFAULT, NULL);
	/*
	 * See whether we need another thread for servicing this
	 * request. If there are already enough requests queued
	 * for the threads, create one if not exceeding
	 * snfq_max_threads.
	 */
	mutex_enter(&snfq->snfq_lock);
	if (snfq->snfq_req_cnt >= snfq->snfq_idle_cnt &&
	    snfq->snfq_svc_threads < snfq->snfq_max_threads) {
		(void) thread_create(NULL, 0, &snf_async_thread, 0, 0, &p0,
		    TS_RUN, minclsyspri);
		snfq->snfq_svc_threads++;
	}
	if (snfq->snfq_req_head == NULL) {
		snfq->snfq_req_head = snfq->snfq_req_tail = sr;
		cv_signal(&snfq->snfq_cv);
	} else {
		snfq->snfq_req_tail->sr_next = sr;
		snfq->snfq_req_tail = sr;
	}
	snfq->snfq_req_cnt++;
	mutex_exit(&snfq->snfq_lock);
	return (sr);
}

int
snf_direct_io(file_t *fp, file_t *rfp, u_offset_t fileoff, u_offset_t size,
    ssize_t *count)
{
	snf_req_t *sr;
	mblk_t *mp;
	int iosize;
	int error = 0;
	short fflag;
	struct vnode *vp;
	int ksize;
	struct nmsghdr msg;

	ksize = 0;
	*count = 0;
	bzero(&msg, sizeof (msg));

	vp = fp->f_vnode;
	fflag = fp->f_flag;
	if ((sr = create_thread(READ_OP, vp, rfp, fileoff, size)) == NULL)
		return (EAGAIN);

	/*
	 * We check for read error in snf_deque. It has to check
	 * for successful READ_DONE and return NULL, and we might
	 * as well make an additional check there.
	 */
	while ((mp = snf_deque(sr)) != NULL) {

		if (ISSIG(curthread, JUSTLOOKING)) {
			freeb(mp);
			error = EINTR;
			break;
		}
		iosize = MBLKL(mp);

		error = socket_sendmblk(VTOSO(vp), &msg, fflag, CRED(), &mp);

		if (error != 0) {
			if (mp != NULL)
				freeb(mp);
			break;
		}
		ksize += iosize;
	}
	*count = ksize;

	mutex_enter(&sr->sr_lock);
	sr->sr_write_error = error;
	/* Look at the big comments on why we cv_signal here. */
	cv_signal(&sr->sr_cv);

	/* Wait for the reader to complete always. */
	while (!(sr->sr_read_error & SR_READ_DONE)) {
		cv_wait(&sr->sr_cv, &sr->sr_lock);
	}
	/* If there is no write error, check for read error. */
	if (error == 0)
		error = (sr->sr_read_error & ~SR_READ_DONE);

	if (error != 0) {
		mblk_t *next_mp;

		mp = sr->sr_mp_head;
		while (mp != NULL) {
			next_mp = mp->b_next;
			mp->b_next = NULL;
			freeb(mp);
			mp = next_mp;
		}
	}
	mutex_exit(&sr->sr_lock);
	kmem_free(sr, sizeof (snf_req_t));
	return (error);
}

/* Maximum no.of pages allocated by vpm for sendfile at a time */
#define	SNF_VPMMAXPGS	(VPMMAXPGS/2)

/*
 * Maximum no.of elements in the list returned by vpm, including
 * NULL for the last entry
 */
#define	SNF_MAXVMAPS	(SNF_VPMMAXPGS + 1)

typedef struct {
	unsigned int	snfv_ref;
	frtn_t		snfv_frtn;
	vnode_t		*snfv_vp;
	struct vmap	snfv_vml[SNF_MAXVMAPS];
} snf_vmap_desbinfo;

typedef struct {
	frtn_t		snfi_frtn;
	caddr_t		snfi_base;
	uint_t		snfi_mapoff;
	size_t		snfi_len;
	vnode_t		*snfi_vp;
} snf_smap_desbinfo;

/*
 * The callback function used for vpm mapped mblks called when the last ref of
 * the mblk is dropped which normally occurs when TCP receives the ack. But it
 * can be the driver too due to lazy reclaim.
 */
void
snf_vmap_desbfree(snf_vmap_desbinfo *snfv)
{
	ASSERT(snfv->snfv_ref != 0);
	if (atomic_add_32_nv(&snfv->snfv_ref, -1) == 0) {
		vpm_unmap_pages(snfv->snfv_vml, S_READ);
		VN_RELE(snfv->snfv_vp);
		kmem_free(snfv, sizeof (snf_vmap_desbinfo));
	}
}

/*
 * The callback function used for segmap'ped mblks called when the last ref of
 * the mblk is dropped which normally occurs when TCP receives the ack. But it
 * can be the driver too due to lazy reclaim.
 */
void
snf_smap_desbfree(snf_smap_desbinfo *snfi)
{
	if (! IS_KPM_ADDR(snfi->snfi_base)) {
		/*
		 * We don't need to call segmap_fault(F_SOFTUNLOCK) for
		 * segmap_kpm as long as the latter never falls back to
		 * "use_segmap_range". (See segmap_getmapflt().)
		 *
		 * Using S_OTHER saves an redundant hat_setref() in
		 * segmap_unlock()
		 */
		(void) segmap_fault(kas.a_hat, segkmap,
		    (caddr_t)(uintptr_t)(((uintptr_t)snfi->snfi_base +
		    snfi->snfi_mapoff) & PAGEMASK), snfi->snfi_len,
		    F_SOFTUNLOCK, S_OTHER);
	}
	(void) segmap_release(segkmap, snfi->snfi_base, SM_DONTNEED);
	VN_RELE(snfi->snfi_vp);
	kmem_free(snfi, sizeof (*snfi));
}

/*
 * Use segmap or vpm instead of bcopy to send down a desballoca'ed, mblk.
 * When segmap is used, the mblk contains a segmap slot of no more
 * than MAXBSIZE.
 *
 * With vpm, a maximum of SNF_MAXVMAPS page-sized mappings can be obtained
 * in each iteration and sent by socket_sendmblk until an error occurs or
 * the requested size has been transferred. An mblk is esballoca'ed from
 * each mapped page and a chain of these mblk is sent to the transport layer.
 * vpm will be called to unmap the pages when all mblks have been freed by
 * free_func.
 *
 * At the end of the whole sendfile() operation, we wait till the data from
 * the last mblk is ack'ed by the transport before returning so that the
 * caller of sendfile() can safely modify the file content.
 */
int
snf_segmap(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t total_size,
    ssize_t *count, boolean_t nowait)
{
	caddr_t base;
	int mapoff;
	vnode_t *vp;
	mblk_t *mp = NULL;
	int chain_size;
	int error;
	clock_t deadlk_wait;
	short fflag;
	int ksize;
	struct vattr va;
	boolean_t dowait = B_FALSE;
	struct nmsghdr msg;

	vp = fp->f_vnode;
	fflag = fp->f_flag;
	ksize = 0;
	bzero(&msg, sizeof (msg));

	for (;;) {
		if (ISSIG(curthread, JUSTLOOKING)) {
			error = EINTR;
			break;
		}

		if (vpm_enable) {
			snf_vmap_desbinfo *snfv;
			mblk_t *nmp;
			int mblk_size;
			int maxsize;
			int i;

			mapoff = fileoff & PAGEOFFSET;
			maxsize = MIN((SNF_VPMMAXPGS * PAGESIZE), total_size);

			snfv = kmem_zalloc(sizeof (snf_vmap_desbinfo),
			    KM_SLEEP);

			/*
			 * Get vpm mappings for maxsize with read access.
			 * If the pages aren't available yet, we get
			 * DEADLK, so wait and try again a little later using
			 * an increasing wait. We might be here a long time.
			 *
			 * If delay_sig returns EINTR, be sure to exit and
			 * pass it up to the caller.
			 */
			deadlk_wait = 0;
			while ((error = vpm_map_pages(fvp, fileoff,
			    (size_t)maxsize, (VPM_FETCHPAGE), snfv->snfv_vml,
			    SNF_MAXVMAPS, NULL, S_READ)) == EDEADLK) {
				deadlk_wait += (deadlk_wait < 5) ? 1 : 4;
				if ((error = delay_sig(deadlk_wait)) != 0) {
					break;
				}
			}
			if (error != 0) {
				kmem_free(snfv, sizeof (snf_vmap_desbinfo));
				error = (error == EINTR) ? EINTR : EIO;
				goto out;
			}
			snfv->snfv_frtn.free_func = snf_vmap_desbfree;
			snfv->snfv_frtn.free_arg = (caddr_t)snfv;

			/* Construct the mblk chain from the page mappings */
			chain_size = 0;
			for (i = 0; (snfv->snfv_vml[i].vs_addr != NULL) &&
			    total_size > 0; i++) {
				ASSERT(chain_size < maxsize);
				mblk_size = MIN(snfv->snfv_vml[i].vs_len -
				    mapoff, total_size);
				nmp = esballoca(
				    (uchar_t *)snfv->snfv_vml[i].vs_addr +
				    mapoff, mblk_size, BPRI_HI,
				    &snfv->snfv_frtn);

				/*
				 * We return EAGAIN after unmapping the pages
				 * if we cannot allocate the the head of the
				 * chain. Otherwise, we continue sending the
				 * mblks constructed so far.
				 */
				if (nmp == NULL) {
					if (i == 0) {
						vpm_unmap_pages(snfv->snfv_vml,
						    S_READ);
						kmem_free(snfv,
						    sizeof (snf_vmap_desbinfo));
						error = EAGAIN;
						goto out;
					}
					break;
				}
				/* Mark this dblk with the zero-copy flag */
				nmp->b_datap->db_struioflag |= STRUIO_ZC;
				nmp->b_wptr += mblk_size;
				chain_size += mblk_size;
				fileoff += mblk_size;
				total_size -= mblk_size;
				snfv->snfv_ref++;
				mapoff = 0;
				if (i > 0)
					linkb(mp, nmp);
				else
					mp = nmp;
			}
			VN_HOLD(fvp);
			snfv->snfv_vp = fvp;
		} else {
			/* vpm not supported. fallback to segmap */
			snf_smap_desbinfo *snfi;

			mapoff = fileoff & MAXBOFFSET;
			chain_size = MAXBSIZE - mapoff;
			if (chain_size > total_size)
				chain_size = total_size;
			/*
			 * we don't forcefault because we'll call
			 * segmap_fault(F_SOFTLOCK) next.
			 *
			 * S_READ will get the ref bit set (by either
			 * segmap_getmapflt() or segmap_fault()) and page
			 * shared locked.
			 */
			base = segmap_getmapflt(segkmap, fvp, fileoff,
			    chain_size, segmap_kpm ? SM_FAULT : 0, S_READ);

			snfi = kmem_alloc(sizeof (*snfi), KM_SLEEP);
			snfi->snfi_len = (size_t)roundup(mapoff+chain_size,
			    PAGESIZE)- (mapoff & PAGEMASK);
			/*
			 * We must call segmap_fault() even for segmap_kpm
			 * because that's how error gets returned.
			 * (segmap_getmapflt() never fails but segmap_fault()
			 * does.)
			 *
			 * If the pages aren't available yet, we get
			 * DEADLK, so wait and try again a little later using
			 * an increasing wait. We might be here a long time.
			 *
			 * If delay_sig returns EINTR, be sure to exit and
			 * pass it up to the caller.
			 */
			deadlk_wait = 0;
			while ((error = FC_ERRNO(segmap_fault(kas.a_hat,
			    segkmap, (caddr_t)(uintptr_t)(((uintptr_t)base +
			    mapoff) & PAGEMASK), snfi->snfi_len, F_SOFTLOCK,
			    S_READ))) == EDEADLK) {
				deadlk_wait += (deadlk_wait < 5) ? 1 : 4;
				if ((error = delay_sig(deadlk_wait)) != 0) {
					break;
				}
			}
			if (error != 0) {
				(void) segmap_release(segkmap, base, 0);
				kmem_free(snfi, sizeof (*snfi));
				error = (error == EINTR) ? EINTR : EIO;
				goto out;
			}
			snfi->snfi_frtn.free_func = snf_smap_desbfree;
			snfi->snfi_frtn.free_arg = (caddr_t)snfi;
			snfi->snfi_base = base;
			snfi->snfi_mapoff = mapoff;
			mp = esballoca((uchar_t *)base + mapoff, chain_size,
			    BPRI_HI, &snfi->snfi_frtn);

			if (mp == NULL) {
				(void) segmap_fault(kas.a_hat, segkmap,
				    (caddr_t)(uintptr_t)(((uintptr_t)base +
				    mapoff) & PAGEMASK), snfi->snfi_len,
				    F_SOFTUNLOCK, S_OTHER);
				(void) segmap_release(segkmap, base, 0);
				kmem_free(snfi, sizeof (*snfi));
				freemsg(mp);
				error = EAGAIN;
				goto out;
			}
			VN_HOLD(fvp);
			snfi->snfi_vp = fvp;
			mp->b_wptr += chain_size;

			/* Mark this dblk with the zero-copy flag */
			mp->b_datap->db_struioflag |= STRUIO_ZC;
			fileoff += chain_size;
			total_size -= chain_size;
		}

		if (total_size == 0 && !nowait) {
			ASSERT(!dowait);
			dowait = B_TRUE;
			mp->b_datap->db_struioflag |= STRUIO_ZCNOTIFY;
		}
		VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL);
		error = socket_sendmblk(VTOSO(vp), &msg, fflag, CRED(), &mp);
		if (error != 0) {
			/*
			 * mp contains the mblks that were not sent by
			 * socket_sendmblk. Use its size to update *count
			 */
			*count = ksize + (chain_size - msgdsize(mp));
			if (mp != NULL)
				freemsg(mp);
			return (error);
		}
		ksize += chain_size;
		if (total_size == 0)
			goto done;

		(void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL);
		va.va_mask = AT_SIZE;
		error = VOP_GETATTR(fvp, &va, 0, kcred, NULL);
		if (error)
			break;
		/* Read as much as possible. */
		if (fileoff >= va.va_size)
			break;
		if (total_size + fileoff > va.va_size)
			total_size = va.va_size - fileoff;
	}
out:
	VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL);
done:
	*count = ksize;
	if (dowait) {
		stdata_t *stp;

		stp = vp->v_stream;
		if (stp == NULL) {
			struct sonode *so;
			so = VTOSO(vp);
			error = so_zcopy_wait(so);
		} else {
			mutex_enter(&stp->sd_lock);
			while (!(stp->sd_flag & STZCNOTIFY)) {
				if (cv_wait_sig(&stp->sd_zcopy_wait,
				    &stp->sd_lock) == 0) {
					error = EINTR;
					break;
				}
			}
			stp->sd_flag &= ~STZCNOTIFY;
			mutex_exit(&stp->sd_lock);
		}
	}
	return (error);
}

int
snf_cache(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t size,
    uint_t maxpsz, ssize_t *count)
{
	struct vnode *vp;
	mblk_t *mp;
	int iosize;
	int extra = 0;
	int error;
	short fflag;
	int ksize;
	int ioflag;
	struct uio auio;
	struct iovec aiov;
	struct vattr va;
	int maxblk = 0;
	int wroff = 0;
	struct sonode *so;
	struct nmsghdr msg;

	vp = fp->f_vnode;
	if (vp->v_type == VSOCK) {
		stdata_t *stp;

		/*
		 * Get the extra space to insert a header and a trailer.
		 */
		so = VTOSO(vp);
		stp = vp->v_stream;
		if (stp == NULL) {
			wroff = so->so_proto_props.sopp_wroff;
			maxblk = so->so_proto_props.sopp_maxblk;
			extra = wroff + so->so_proto_props.sopp_tail;
		} else {
			wroff = (int)(stp->sd_wroff);
			maxblk = (int)(stp->sd_maxblk);
			extra = wroff + (int)(stp->sd_tail);
		}
	}
	bzero(&msg, sizeof (msg));
	fflag = fp->f_flag;
	ksize = 0;
	auio.uio_iov = &aiov;
	auio.uio_iovcnt = 1;
	auio.uio_segflg = UIO_SYSSPACE;
	auio.uio_llimit = MAXOFFSET_T;
	auio.uio_fmode = fflag;
	auio.uio_extflg = UIO_COPY_CACHED;
	ioflag = auio.uio_fmode & (FSYNC|FDSYNC|FRSYNC);
	/* If read sync is not asked for, filter sync flags */
	if ((ioflag & FRSYNC) == 0)
		ioflag &= ~(FSYNC|FDSYNC);
	for (;;) {
		if (ISSIG(curthread, JUSTLOOKING)) {
			error = EINTR;
			break;
		}
		iosize = (int)MIN(maxpsz, size);

		/*
		 * Socket filters can limit the mblk size,
		 * so limit reads to maxblk if there are
		 * filters present.
		 */
		if (vp->v_type == VSOCK &&
		    so->so_filter_active > 0 && maxblk != INFPSZ)
			iosize = (int)MIN(iosize, maxblk);

		if (is_system_labeled()) {
			mp = allocb_cred(iosize + extra, CRED(),
			    curproc->p_pid);
		} else {
			mp = allocb(iosize + extra, BPRI_MED);
		}
		if (mp == NULL) {
			error = EAGAIN;
			break;
		}

		mp->b_rptr += wroff;

		aiov.iov_base = (caddr_t)mp->b_rptr;
		aiov.iov_len = iosize;
		auio.uio_loffset = fileoff;
		auio.uio_resid = iosize;

		error = VOP_READ(fvp, &auio, ioflag, fp->f_cred, NULL);
		iosize -= auio.uio_resid;

		if (error == EINTR && iosize != 0)
			error = 0;

		if (error != 0 || iosize == 0) {
			freeb(mp);
			break;
		}
		mp->b_wptr = mp->b_rptr + iosize;

		VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL);

		error = socket_sendmblk(VTOSO(vp), &msg, fflag, CRED(), &mp);

		if (error != 0) {
			*count = ksize;
			if (mp != NULL)
				freeb(mp);
			return (error);
		}
		ksize += iosize;
		size -= iosize;
		if (size == 0)
			goto done;

		fileoff += iosize;
		(void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL);
		va.va_mask = AT_SIZE;
		error = VOP_GETATTR(fvp, &va, 0, kcred, NULL);
		if (error)
			break;
		/* Read as much as possible. */
		if (fileoff >= va.va_size)
			size = 0;
		else if (size + fileoff > va.va_size)
			size = va.va_size - fileoff;
	}
	VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL);
done:
	*count = ksize;
	return (error);
}

#if defined(_SYSCALL32_IMPL) || defined(_ILP32)
/*
 * Largefile support for 32 bit applications only.
 */
int
sosendfile64(file_t *fp, file_t *rfp, const struct ksendfilevec64 *sfv,
    ssize32_t *count32)
{
	ssize32_t sfv_len;
	u_offset_t sfv_off, va_size;
	struct vnode *vp, *fvp, *realvp;
	struct vattr va;
	stdata_t *stp;
	ssize_t count = 0;
	int error = 0;
	boolean_t dozcopy = B_FALSE;
	uint_t maxpsz;

	sfv_len = (ssize32_t)sfv->sfv_len;
	if (sfv_len < 0) {
		error = EINVAL;
		goto out;
	}

	if (sfv_len == 0) goto out;

	sfv_off = (u_offset_t)sfv->sfv_off;

	/* Same checks as in pread */
	if (sfv_off > MAXOFFSET_T) {
		error = EINVAL;
		goto out;
	}
	if (sfv_off + sfv_len > MAXOFFSET_T)
		sfv_len = (ssize32_t)(MAXOFFSET_T - sfv_off);

	/*
	 * There are no more checks on sfv_len. So, we cast it to
	 * u_offset_t and share the snf_direct_io/snf_cache code between
	 * 32 bit and 64 bit.
	 *
	 * TODO: should do nbl_need_check() like read()?
	 */
	if (sfv_len > sendfile_max_size) {
		sf_stats.ss_file_not_cached++;
		error = snf_direct_io(fp, rfp, sfv_off, (u_offset_t)sfv_len,
		    &count);
		goto out;
	}
	fvp = rfp->f_vnode;
	if (VOP_REALVP(fvp, &realvp, NULL) == 0)
		fvp = realvp;
	/*
	 * Grab the lock as a reader to prevent the file size
	 * from changing underneath.
	 */
	(void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL);
	va.va_mask = AT_SIZE;
	error = VOP_GETATTR(fvp, &va, 0, kcred, NULL);
	va_size = va.va_size;
	if ((error != 0) || (va_size == 0) || (sfv_off >= va_size)) {
		VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL);
		goto out;
	}
	/* Read as much as possible. */
	if (sfv_off + sfv_len > va_size)
		sfv_len = va_size - sfv_off;

	vp = fp->f_vnode;
	stp = vp->v_stream;
	/*
	 * When the NOWAIT flag is not set, we enable zero-copy only if the
	 * transfer size is large enough. This prevents performance loss
	 * when the caller sends the file piece by piece.
	 */
	if (sfv_len >= MAXBSIZE && (sfv_len >= (va_size >> 1) ||
	    (sfv->sfv_flag & SFV_NOWAIT) || sfv_len >= 0x1000000) &&
	    !vn_has_flocks(fvp) && !(fvp->v_flag & VNOMAP)) {
		uint_t copyflag;
		copyflag = stp != NULL ? stp->sd_copyflag :
		    VTOSO(vp)->so_proto_props.sopp_zcopyflag;
		if ((copyflag & (STZCVMSAFE|STZCVMUNSAFE)) == 0) {
			int on = 1;

			if (socket_setsockopt(VTOSO(vp), SOL_SOCKET,
			    SO_SND_COPYAVOID, &on, sizeof (on), CRED()) == 0)
				dozcopy = B_TRUE;
		} else {
			dozcopy = copyflag & STZCVMSAFE;
		}
	}
	if (dozcopy) {
		sf_stats.ss_file_segmap++;
		error = snf_segmap(fp, fvp, sfv_off, (u_offset_t)sfv_len,
		    &count, ((sfv->sfv_flag & SFV_NOWAIT) != 0));
	} else {
		if (vp->v_type == VSOCK && stp == NULL) {
			sonode_t *so = VTOSO(vp);
			maxpsz = so->so_proto_props.sopp_maxpsz;
		} else if (stp != NULL) {
			maxpsz = stp->sd_qn_maxpsz;
		} else {
			maxpsz = maxphys;
		}

		if (maxpsz == INFPSZ)
			maxpsz = maxphys;
		else
			maxpsz = roundup(maxpsz, MAXBSIZE);
		sf_stats.ss_file_cached++;
		error = snf_cache(fp, fvp, sfv_off, (u_offset_t)sfv_len,
		    maxpsz, &count);
	}
out:
	releasef(sfv->sfv_fd);
	*count32 = (ssize32_t)count;
	return (error);
}
#endif

#ifdef _SYSCALL32_IMPL
/*
 * recv32(), recvfrom32(), send32(), sendto32(): intentionally return a
 * ssize_t rather than ssize32_t; see the comments above read32 for details.
 */

ssize_t
recv32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags)
{
	return (recv(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags));
}

ssize_t
recvfrom32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags,
	caddr32_t name, caddr32_t namelenp)
{
	return (recvfrom(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags,
	    (void *)(uintptr_t)name, (void *)(uintptr_t)namelenp));
}

ssize_t
send32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags)
{
	return (send(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags));
}

ssize_t
sendto32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags,
	caddr32_t name, socklen_t namelen)
{
	return (sendto(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags,
	    (void *)(uintptr_t)name, namelen));
}
#endif	/* _SYSCALL32_IMPL */

/*
 * Function wrappers (mostly around the sonode switch) for
 * backward compatibility.
 */

int
soaccept(struct sonode *so, int fflag, struct sonode **nsop)
{
	return (socket_accept(so, fflag, CRED(), nsop));
}

int
sobind(struct sonode *so, struct sockaddr *name, socklen_t namelen,
    int backlog, int flags)
{
	int	error;

	error = socket_bind(so, name, namelen, flags, CRED());
	if (error == 0 && backlog != 0)
		return (socket_listen(so, backlog, CRED()));

	return (error);
}

int
solisten(struct sonode *so, int backlog)
{
	return (socket_listen(so, backlog, CRED()));
}

int
soconnect(struct sonode *so, struct sockaddr *name, socklen_t namelen,
    int fflag, int flags)
{
	return (socket_connect(so, name, namelen, fflag, flags, CRED()));
}

int
sorecvmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop)
{
	return (socket_recvmsg(so, msg, uiop, CRED()));
}

int
sosendmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop)
{
	return (socket_sendmsg(so, msg, uiop, CRED()));
}

int
soshutdown(struct sonode *so, int how)
{
	return (socket_shutdown(so, how, CRED()));
}

int
sogetsockopt(struct sonode *so, int level, int option_name, void *optval,
    socklen_t *optlenp, int flags)
{
	return (socket_getsockopt(so, level, option_name, optval, optlenp,
	    flags, CRED()));
}

int
sosetsockopt(struct sonode *so, int level, int option_name, const void *optval,
    t_uscalar_t optlen)
{
	return (socket_setsockopt(so, level, option_name, optval, optlen,
	    CRED()));
}

/*
 * Because this is backward compatibility interface it only needs to be
 * able to handle the creation of TPI sockfs sockets.
 */
struct sonode *
socreate(struct sockparams *sp, int family, int type, int protocol, int version,
    int *errorp)
{
	struct sonode *so;

	ASSERT(sp != NULL);

	so = sp->sp_smod_info->smod_sock_create_func(sp, family, type, protocol,
	    version, SOCKET_SLEEP, errorp, CRED());
	if (so == NULL) {
		SOCKPARAMS_DEC_REF(sp);
	} else {
		if ((*errorp = SOP_INIT(so, NULL, CRED(), SOCKET_SLEEP)) == 0) {
			/* Cannot fail, only bumps so_count */
			(void) VOP_OPEN(&SOTOV(so), FREAD|FWRITE, CRED(), NULL);
		} else {
			socket_destroy(so);
			so = NULL;
		}
	}
	return (so);
}