1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1990, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #ifndef _SYS_FILEDESC_H_
33 #define _SYS_FILEDESC_H_
34
35 #include <sys/types.h>
36 #include <sys/caprights.h>
37 #include <sys/queue.h>
38 #include <sys/event.h>
39 #include <sys/lock.h>
40 #include <sys/mutex.h>
41 #include <sys/priority.h>
42 #include <sys/seqc.h>
43 #include <sys/sx.h>
44 #include <sys/_smr.h>
45 #include <sys/smr_types.h>
46
47 #include <machine/_limits.h>
48
49 struct filecaps {
50 cap_rights_t fc_rights; /* per-descriptor capability rights */
51 u_long *fc_ioctls; /* per-descriptor allowed ioctls */
52 int16_t fc_nioctls; /* fc_ioctls array size */
53 uint32_t fc_fcntls; /* per-descriptor allowed fcntls */
54 };
55
56 struct filedescent {
57 struct file *fde_file; /* file structure for open file */
58 struct filecaps fde_caps; /* per-descriptor rights */
59 uint8_t fde_flags; /* per-process open file flags */
60 seqc_t fde_seqc; /* keep file and caps in sync */
61 };
62 #define fde_rights fde_caps.fc_rights
63 #define fde_fcntls fde_caps.fc_fcntls
64 #define fde_ioctls fde_caps.fc_ioctls
65 #define fde_nioctls fde_caps.fc_nioctls
66
67 #ifdef _KERNEL
68 static inline void
fde_copy(struct filedescent * from,struct filedescent * to)69 fde_copy(struct filedescent *from, struct filedescent *to)
70 {
71
72 to->fde_file = from->fde_file;
73 to->fde_caps = from->fde_caps;
74 to->fde_flags = from->fde_flags;
75 }
76 #endif
77
78 struct fdescenttbl {
79 int fdt_nfiles; /* number of open files allocated */
80 struct filedescent fdt_ofiles[0]; /* open files */
81 };
82 #define fd_seqc(fdt, fd) (&(fdt)->fdt_ofiles[(fd)].fde_seqc)
83
84 #define NDSLOTTYPE u_long
85
86 /*
87 * This struct is copy-on-write and allocated from an SMR zone.
88 * All fields are constant after initialization apart from the reference count.
89 * The ABI root directory is initialized as the root directory and changed
90 * during process transiting to or from non-native ABI.
91 *
92 * Check pwd_* routines for usage.
93 */
94 struct pwd {
95 u_int pwd_refcount;
96 struct vnode *pwd_cdir; /* current directory */
97 struct vnode *pwd_rdir; /* root directory */
98 struct vnode *pwd_jdir; /* jail root directory */
99 struct vnode *pwd_adir; /* abi root directory */
100 };
101 typedef SMR_POINTER(struct pwd *) smrpwd_t;
102
103 struct pwddesc {
104 struct mtx pd_lock; /* protects members of this struct */
105 smrpwd_t pd_pwd; /* directories */
106 u_int pd_refcount;
107 u_short pd_cmask; /* mask for file creation */
108 };
109
110 /*
111 * This structure is used for the management of descriptors. It may be
112 * shared by multiple processes.
113 */
114 struct filedesc {
115 struct fdescenttbl *fd_files; /* open files table */
116 NDSLOTTYPE *fd_map; /* bitmap of free fds */
117 int fd_freefile; /* approx. next free file */
118 int fd_refcnt; /* thread reference count */
119 int fd_holdcnt; /* hold count on structure + mutex */
120 struct sx fd_sx; /* protects members of this struct */
121 struct kqlist fd_kqlist; /* list of kqueues on this filedesc */
122 int fd_holdleaderscount; /* block fdfree() for shared close() */
123 int fd_holdleaderswakeup; /* fdfree() needs wakeup */
124 };
125
126 /*
127 * Structure to keep track of (process leader, struct fildedesc) tuples.
128 * Each process has a pointer to such a structure when detailed tracking
129 * is needed, e.g., when rfork(RFPROC | RFMEM) causes a file descriptor
130 * table to be shared by processes having different "p_leader" pointers
131 * and thus distinct POSIX style locks.
132 *
133 * fdl_refcount and fdl_holdcount are protected by struct filedesc mtx.
134 */
135 struct filedesc_to_leader {
136 int fdl_refcount; /* references from struct proc */
137 int fdl_holdcount; /* temporary hold during closef */
138 int fdl_wakeup; /* fdfree() waits on closef() */
139 struct proc *fdl_leader; /* owner of POSIX locks */
140 /* Circular list: */
141 struct filedesc_to_leader *fdl_prev;
142 struct filedesc_to_leader *fdl_next;
143 };
144 #define fd_nfiles fd_files->fdt_nfiles
145 #define fd_ofiles fd_files->fdt_ofiles
146
147 /*
148 * Per-process open flags.
149 */
150 #define UF_EXCLOSE 0x01 /* auto-close on exec */
151 #define UF_RESOLVE_BENEATH 0x02 /* lookups must be beneath this dir */
152
153 #ifdef _KERNEL
154
155 /* Lock a paths descriptor table. */
156 #define PWDDESC_LOCK(pdp) (&(pdp)->pd_lock)
157 #define PWDDESC_LOCK_INIT(pdp) \
158 mtx_init(PWDDESC_LOCK(pdp), "pwddesc", NULL, MTX_DEF)
159 #define PWDDESC_LOCK_DESTROY(pdp) mtx_destroy(PWDDESC_LOCK(pdp))
160 #define PWDDESC_XLOCK(pdp) mtx_lock(PWDDESC_LOCK(pdp))
161 #define PWDDESC_XUNLOCK(pdp) mtx_unlock(PWDDESC_LOCK(pdp))
162 #define PWDDESC_LOCK_ASSERT(pdp, what) \
163 mtx_assert(PWDDESC_LOCK(pdp), (what))
164 #define PWDDESC_ASSERT_XLOCKED(pdp) \
165 PWDDESC_LOCK_ASSERT((pdp), MA_OWNED)
166 #define PWDDESC_ASSERT_UNLOCKED(pdp) \
167 PWDDESC_LOCK_ASSERT((pdp), MA_NOTOWNED)
168
169 #define PWDDESC_XLOCKED_LOAD_PWD(pdp) ({ \
170 struct pwddesc *_pdp = (pdp); \
171 struct pwd *_pwd; \
172 _pwd = smr_serialized_load(&(_pdp)->pd_pwd, \
173 (PWDDESC_ASSERT_XLOCKED(_pdp), true)); \
174 _pwd; \
175 })
176
177 /* Lock a file descriptor table. */
178 #define FILEDESC_LOCK_INIT(fdp) sx_init(&(fdp)->fd_sx, "filedesc structure")
179 #define FILEDESC_LOCK_DESTROY(fdp) sx_destroy(&(fdp)->fd_sx)
180 #define FILEDESC_LOCK(fdp) (&(fdp)->fd_sx)
181 #define FILEDESC_XLOCK(fdp) sx_xlock(&(fdp)->fd_sx)
182 #define FILEDESC_XUNLOCK(fdp) sx_xunlock(&(fdp)->fd_sx)
183 #define FILEDESC_SLOCK(fdp) sx_slock(&(fdp)->fd_sx)
184 #define FILEDESC_SUNLOCK(fdp) sx_sunlock(&(fdp)->fd_sx)
185
186 #define FILEDESC_LOCK_ASSERT(fdp) sx_assert(&(fdp)->fd_sx, SX_LOCKED | \
187 SX_NOTRECURSED)
188 #define FILEDESC_XLOCK_ASSERT(fdp) sx_assert(&(fdp)->fd_sx, SX_XLOCKED | \
189 SX_NOTRECURSED)
190 #define FILEDESC_UNLOCK_ASSERT(fdp) sx_assert(&(fdp)->fd_sx, SX_UNLOCKED)
191
192 #define FILEDESC_IS_ONLY_USER(fdp) ({ \
193 struct filedesc *_fdp = (fdp); \
194 MPASS(curproc->p_fd == _fdp); \
195 (curproc->p_numthreads == 1 && refcount_load(&_fdp->fd_refcnt) == 1); \
196 })
197
198 #else
199
200 /*
201 * Accessor for libkvm et al.
202 */
203 #define PWDDESC_KVM_LOAD_PWD(pdp) ({ \
204 struct pwddesc *_pdp = (pdp); \
205 struct pwd *_pwd; \
206 _pwd = smr_kvm_load(&(_pdp)->pd_pwd); \
207 _pwd; \
208 })
209
210 #endif
211
212 #ifdef _KERNEL
213
214 /* Operation types for kern_dup(). */
215 enum {
216 FDDUP_NORMAL, /* dup() behavior. */
217 FDDUP_FCNTL, /* fcntl()-style errors. */
218 FDDUP_FIXED, /* Force fixed allocation. */
219 FDDUP_LASTMODE,
220 };
221
222 /* Flags for kern_dup(). */
223 #define FDDUP_FLAG_CLOEXEC 0x1 /* Atomically set UF_EXCLOSE. */
224
225 /* For backward compatibility. */
226 #define falloc(td, resultfp, resultfd, flags) \
227 falloc_caps(td, resultfp, resultfd, flags, NULL)
228
229 struct mount;
230 struct thread;
231
232 static __inline void
filecaps_init(struct filecaps * fcaps)233 filecaps_init(struct filecaps *fcaps)
234 {
235
236 bzero(fcaps, sizeof(*fcaps));
237 fcaps->fc_nioctls = -1;
238 }
239 bool filecaps_copy(const struct filecaps *src, struct filecaps *dst,
240 bool locked);
241 void filecaps_move(struct filecaps *src, struct filecaps *dst);
242 void filecaps_free(struct filecaps *fcaps);
243
244 int closef(struct file *fp, struct thread *td);
245 void closef_nothread(struct file *fp);
246 int descrip_check_write_mp(struct filedesc *fdp, struct mount *mp);
247 int dupfdopen(struct thread *td, struct filedesc *fdp, int dfd, int mode,
248 int openerror, int *indxp);
249 int falloc_caps(struct thread *td, struct file **resultfp, int *resultfd,
250 int flags, struct filecaps *fcaps);
251 void falloc_abort(struct thread *td, struct file *fp);
252 int _falloc_noinstall(struct thread *td, struct file **resultfp, u_int n);
253 #define falloc_noinstall(td, resultfp) _falloc_noinstall(td, resultfp, 1)
254 void _finstall(struct filedesc *fdp, struct file *fp, int fd, int flags,
255 struct filecaps *fcaps);
256 int finstall(struct thread *td, struct file *fp, int *resultfd, int flags,
257 struct filecaps *fcaps);
258 int finstall_refed(struct thread *td, struct file *fp, int *resultfd, int flags,
259 struct filecaps *fcaps);
260 int fdalloc(struct thread *td, int minfd, int *result);
261 int fdallocn(struct thread *td, int minfd, int *fds, int n);
262 int fdcheckstd(struct thread *td);
263 void fdclose(struct thread *td, struct file *fp, int idx);
264 void fdcloseexec(struct thread *td);
265 void fdsetugidsafety(struct thread *td);
266 struct filedesc *fdcopy(struct filedesc *fdp);
267 void fdunshare(struct thread *td);
268 void fdescfree(struct thread *td);
269 int fdlastfile(struct filedesc *fdp);
270 int fdlastfile_single(struct filedesc *fdp);
271 struct filedesc *fdinit(void);
272 struct filedesc *fdshare(struct filedesc *fdp);
273 struct filedesc_to_leader *
274 filedesc_to_leader_alloc(struct filedesc_to_leader *old,
275 struct filedesc *fdp, struct proc *leader);
276 struct filedesc_to_leader *
277 filedesc_to_leader_share(struct filedesc_to_leader *fdtol,
278 struct filedesc *fdp);
279 int getvnode(struct thread *td, int fd, const cap_rights_t *rightsp,
280 struct file **fpp);
281 int getvnode_path(struct thread *td, int fd, const cap_rights_t *rightsp,
282 uint8_t *flagsp, struct file **fpp);
283 void mountcheckdirs(struct vnode *olddp, struct vnode *newdp);
284
285 int fget_cap_noref(struct filedesc *fdp, int fd,
286 const cap_rights_t *needrightsp, struct file **fpp,
287 struct filecaps *havecapsp);
288 int fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,
289 uint8_t *flagsp, struct file **fpp, struct filecaps *havecapsp);
290 /* Return a referenced file from an unlocked descriptor. */
291 int fget_unlocked(struct thread *td, int fd,
292 const cap_rights_t *needrightsp, struct file **fpp);
293 int fget_unlocked_flags(struct thread *td, int fd,
294 const cap_rights_t *needrightsp, uint8_t *flagsp,
295 struct file **fpp);
296 /* Return a file pointer without a ref. FILEDESC_IS_ONLY_USER must be true. */
297 int fget_only_user(struct filedesc *fdp, int fd,
298 const cap_rights_t *needrightsp, struct file **fpp);
299 #define fput_only_user(fdp, fp) ({ \
300 MPASS(FILEDESC_IS_ONLY_USER(fdp)); \
301 MPASS(refcount_load(&fp->f_count) > 0); \
302 })
303
304 /* Requires a FILEDESC_{S,X}LOCK held and returns without a ref. */
305 static __inline struct file *
fget_noref(struct filedesc * fdp,int fd)306 fget_noref(struct filedesc *fdp, int fd)
307 {
308
309 FILEDESC_LOCK_ASSERT(fdp);
310
311 if (__predict_false((u_int)fd >= (u_int)fdp->fd_nfiles))
312 return (NULL);
313
314 return (fdp->fd_ofiles[fd].fde_file);
315 }
316
317 static __inline struct filedescent *
fdeget_noref(struct filedesc * fdp,int fd)318 fdeget_noref(struct filedesc *fdp, int fd)
319 {
320 struct filedescent *fde;
321
322 FILEDESC_LOCK_ASSERT(fdp);
323
324 if (__predict_false((u_int)fd >= (u_int)fdp->fd_nfiles))
325 return (NULL);
326
327 fde = &fdp->fd_ofiles[fd];
328 if (__predict_false(fde->fde_file == NULL))
329 return (NULL);
330
331 return (fde);
332 }
333
334 #ifdef CAPABILITIES
335 static __inline bool
fd_modified(struct filedesc * fdp,int fd,seqc_t seqc)336 fd_modified(struct filedesc *fdp, int fd, seqc_t seqc)
337 {
338
339 return (!seqc_consistent(fd_seqc(fdp->fd_files, fd), seqc));
340 }
341 #endif
342
343 int proc_nfiles(struct proc *p);
344
345 /* cdir/rdir/jdir manipulation functions. */
346 struct pwddesc *pdcopy(struct pwddesc *pdp);
347 void pdescfree(struct thread *td);
348 struct pwddesc *pdinit(struct pwddesc *pdp, bool keeplock);
349 struct pwddesc *pdshare(struct pwddesc *pdp);
350 void pdunshare(struct thread *td);
351
352 void pwd_altroot(struct thread *td, struct vnode *altroot_vp);
353 void pwd_chdir(struct thread *td, struct vnode *vp);
354 int pwd_chroot(struct thread *td, struct vnode *vp);
355 int pwd_chroot_chdir(struct thread *td, struct vnode *vp);
356 void pwd_ensure_dirs(void);
357 void pwd_set_rootvnode(void);
358
359 struct pwd *pwd_hold_pwddesc(struct pwddesc *pdp);
360 bool pwd_hold_smr(struct pwd *pwd);
361 struct pwd *pwd_hold_proc(struct proc *p);
362 struct pwd *pwd_hold(struct thread *td);
363 void pwd_drop(struct pwd *pwd);
364 static inline void
pwd_set(struct pwddesc * pdp,struct pwd * newpwd)365 pwd_set(struct pwddesc *pdp, struct pwd *newpwd)
366 {
367 smr_serialized_store(&pdp->pd_pwd, newpwd,
368 (PWDDESC_ASSERT_XLOCKED(pdp), true));
369 }
370 #define pwd_get_smr() vfs_smr_entered_load(&curproc->p_pd->pd_pwd)
371
372 #endif /* _KERNEL */
373
374 #endif /* !_SYS_FILEDESC_H_ */
375