128993443SEd Schouten /*- 228993443SEd Schouten * Copyright (c) 1982, 1986, 1991, 1993 328993443SEd Schouten * The Regents of the University of California. All rights reserved. 428993443SEd Schouten * (c) UNIX System Laboratories, Inc. 528993443SEd Schouten * All or some portions of this file are derived from material licensed 628993443SEd Schouten * to the University of California by American Telephone and Telegraph 728993443SEd Schouten * Co. or Unix System Laboratories, Inc. and are reproduced herein with 828993443SEd Schouten * the permission of UNIX System Laboratories, Inc. 928993443SEd Schouten * 1028993443SEd Schouten * Redistribution and use in source and binary forms, with or without 1128993443SEd Schouten * modification, are permitted provided that the following conditions 1228993443SEd Schouten * are met: 1328993443SEd Schouten * 1. Redistributions of source code must retain the above copyright 1428993443SEd Schouten * notice, this list of conditions and the following disclaimer. 1528993443SEd Schouten * 2. Redistributions in binary form must reproduce the above copyright 1628993443SEd Schouten * notice, this list of conditions and the following disclaimer in the 1728993443SEd Schouten * documentation and/or other materials provided with the distribution. 1828993443SEd Schouten * 4. Neither the name of the University nor the names of its contributors 1928993443SEd Schouten * may be used to endorse or promote products derived from this software 2028993443SEd Schouten * without specific prior written permission. 2128993443SEd Schouten * 2228993443SEd Schouten * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 2328993443SEd Schouten * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2428993443SEd Schouten * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2528993443SEd Schouten * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 2628993443SEd Schouten * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2728993443SEd Schouten * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2828993443SEd Schouten * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2928993443SEd Schouten * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3028993443SEd Schouten * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3128993443SEd Schouten * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3228993443SEd Schouten * SUCH DAMAGE. 3328993443SEd Schouten * 3428993443SEd Schouten * @(#)kern_subr.c 8.3 (Berkeley) 1/21/94 3528993443SEd Schouten */ 3628993443SEd Schouten 3728993443SEd Schouten #include <sys/cdefs.h> 3828993443SEd Schouten __FBSDID("$FreeBSD$"); 3928993443SEd Schouten 4028993443SEd Schouten #include "opt_zero.h" 4128993443SEd Schouten 4228993443SEd Schouten #include <sys/param.h> 4328993443SEd Schouten #include <sys/systm.h> 4428993443SEd Schouten #include <sys/kernel.h> 4528993443SEd Schouten #include <sys/limits.h> 4628993443SEd Schouten #include <sys/lock.h> 470f502d1cSKonstantin Belousov #include <sys/mman.h> 4828993443SEd Schouten #include <sys/mutex.h> 4928993443SEd Schouten #include <sys/proc.h> 500f502d1cSKonstantin Belousov #include <sys/resourcevar.h> 5128993443SEd Schouten #include <sys/sched.h> 5228993443SEd Schouten #include <sys/sysctl.h> 5328993443SEd Schouten #include <sys/vnode.h> 5428993443SEd Schouten 5528993443SEd Schouten #include <vm/vm.h> 560f502d1cSKonstantin Belousov #include <vm/vm_extern.h> 5728993443SEd Schouten #include <vm/vm_page.h> 5828993443SEd Schouten #include <vm/vm_map.h> 5928993443SEd Schouten #ifdef ZERO_COPY_SOCKETS 6028993443SEd Schouten #include <vm/vm_param.h> 6128993443SEd Schouten #include <vm/vm_object.h> 6228993443SEd Schouten #endif 6328993443SEd Schouten 6428993443SEd Schouten SYSCTL_INT(_kern, KERN_IOV_MAX, iov_max, CTLFLAG_RD, NULL, UIO_MAXIOV, 6528993443SEd Schouten "Maximum number of elements in an I/O vector; sysconf(_SC_IOV_MAX)"); 6628993443SEd Schouten 6728993443SEd Schouten #ifdef ZERO_COPY_SOCKETS 6828993443SEd Schouten /* Declared in uipc_socket.c */ 6928993443SEd Schouten extern int so_zero_copy_receive; 7028993443SEd Schouten 7128993443SEd Schouten /* 7228993443SEd Schouten * Identify the physical page mapped at the given kernel virtual 7328993443SEd Schouten * address. Insert this physical page into the given address space at 7428993443SEd Schouten * the given virtual address, replacing the physical page, if any, 7528993443SEd Schouten * that already exists there. 7628993443SEd Schouten */ 7728993443SEd Schouten static int 7828993443SEd Schouten vm_pgmoveco(vm_map_t mapa, vm_offset_t kaddr, vm_offset_t uaddr) 7928993443SEd Schouten { 8028993443SEd Schouten vm_map_t map = mapa; 8128993443SEd Schouten vm_page_t kern_pg, user_pg; 8228993443SEd Schouten vm_object_t uobject; 8328993443SEd Schouten vm_map_entry_t entry; 8428993443SEd Schouten vm_pindex_t upindex; 8528993443SEd Schouten vm_prot_t prot; 8628993443SEd Schouten boolean_t wired; 8728993443SEd Schouten 8828993443SEd Schouten KASSERT((uaddr & PAGE_MASK) == 0, 8928993443SEd Schouten ("vm_pgmoveco: uaddr is not page aligned")); 9028993443SEd Schouten 9128993443SEd Schouten /* 9228993443SEd Schouten * Herein the physical page is validated and dirtied. It is 9328993443SEd Schouten * unwired in sf_buf_mext(). 9428993443SEd Schouten */ 9528993443SEd Schouten kern_pg = PHYS_TO_VM_PAGE(vtophys(kaddr)); 9628993443SEd Schouten kern_pg->valid = VM_PAGE_BITS_ALL; 9728993443SEd Schouten KASSERT(kern_pg->queue == PQ_NONE && kern_pg->wire_count == 1, 9828993443SEd Schouten ("vm_pgmoveco: kern_pg is not correctly wired")); 9928993443SEd Schouten 10028993443SEd Schouten if ((vm_map_lookup(&map, uaddr, 10128993443SEd Schouten VM_PROT_WRITE, &entry, &uobject, 10228993443SEd Schouten &upindex, &prot, &wired)) != KERN_SUCCESS) { 10328993443SEd Schouten return(EFAULT); 10428993443SEd Schouten } 10528993443SEd Schouten VM_OBJECT_LOCK(uobject); 10628993443SEd Schouten retry: 10728993443SEd Schouten if ((user_pg = vm_page_lookup(uobject, upindex)) != NULL) { 10828993443SEd Schouten if (vm_page_sleep_if_busy(user_pg, TRUE, "vm_pgmoveco")) 10928993443SEd Schouten goto retry; 1105ac59343SAlan Cox vm_page_lock(user_pg); 11128993443SEd Schouten pmap_remove_all(user_pg); 11228993443SEd Schouten vm_page_free(user_pg); 1135ac59343SAlan Cox vm_page_unlock(user_pg); 11428993443SEd Schouten } else { 11528993443SEd Schouten /* 11628993443SEd Schouten * Even if a physical page does not exist in the 11728993443SEd Schouten * object chain's first object, a physical page from a 11828993443SEd Schouten * backing object may be mapped read only. 11928993443SEd Schouten */ 12028993443SEd Schouten if (uobject->backing_object != NULL) 12128993443SEd Schouten pmap_remove(map->pmap, uaddr, uaddr + PAGE_SIZE); 12228993443SEd Schouten } 12328993443SEd Schouten vm_page_insert(kern_pg, uobject, upindex); 12428993443SEd Schouten vm_page_dirty(kern_pg); 12528993443SEd Schouten VM_OBJECT_UNLOCK(uobject); 12628993443SEd Schouten vm_map_lookup_done(map, entry); 12728993443SEd Schouten return(KERN_SUCCESS); 12828993443SEd Schouten } 12928993443SEd Schouten #endif /* ZERO_COPY_SOCKETS */ 13028993443SEd Schouten 13128993443SEd Schouten int 13228993443SEd Schouten uiomove(void *cp, int n, struct uio *uio) 13328993443SEd Schouten { 13428993443SEd Schouten struct thread *td = curthread; 13528993443SEd Schouten struct iovec *iov; 13628993443SEd Schouten u_int cnt; 13728993443SEd Schouten int error = 0; 13828993443SEd Schouten int save = 0; 13928993443SEd Schouten 14028993443SEd Schouten KASSERT(uio->uio_rw == UIO_READ || uio->uio_rw == UIO_WRITE, 14128993443SEd Schouten ("uiomove: mode")); 14228993443SEd Schouten KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread, 14328993443SEd Schouten ("uiomove proc")); 14428993443SEd Schouten WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 14528993443SEd Schouten "Calling uiomove()"); 14628993443SEd Schouten 14728993443SEd Schouten save = td->td_pflags & TDP_DEADLKTREAT; 14828993443SEd Schouten td->td_pflags |= TDP_DEADLKTREAT; 14928993443SEd Schouten 15028993443SEd Schouten while (n > 0 && uio->uio_resid) { 15128993443SEd Schouten iov = uio->uio_iov; 15228993443SEd Schouten cnt = iov->iov_len; 15328993443SEd Schouten if (cnt == 0) { 15428993443SEd Schouten uio->uio_iov++; 15528993443SEd Schouten uio->uio_iovcnt--; 15628993443SEd Schouten continue; 15728993443SEd Schouten } 15828993443SEd Schouten if (cnt > n) 15928993443SEd Schouten cnt = n; 16028993443SEd Schouten 16128993443SEd Schouten switch (uio->uio_segflg) { 16228993443SEd Schouten 16328993443SEd Schouten case UIO_USERSPACE: 16408b163faSMatthew D Fleming maybe_yield(); 16528993443SEd Schouten if (uio->uio_rw == UIO_READ) 16628993443SEd Schouten error = copyout(cp, iov->iov_base, cnt); 16728993443SEd Schouten else 16828993443SEd Schouten error = copyin(iov->iov_base, cp, cnt); 16928993443SEd Schouten if (error) 17028993443SEd Schouten goto out; 17128993443SEd Schouten break; 17228993443SEd Schouten 17328993443SEd Schouten case UIO_SYSSPACE: 17428993443SEd Schouten if (uio->uio_rw == UIO_READ) 17528993443SEd Schouten bcopy(cp, iov->iov_base, cnt); 17628993443SEd Schouten else 17728993443SEd Schouten bcopy(iov->iov_base, cp, cnt); 17828993443SEd Schouten break; 17928993443SEd Schouten case UIO_NOCOPY: 18028993443SEd Schouten break; 18128993443SEd Schouten } 18228993443SEd Schouten iov->iov_base = (char *)iov->iov_base + cnt; 18328993443SEd Schouten iov->iov_len -= cnt; 18428993443SEd Schouten uio->uio_resid -= cnt; 18528993443SEd Schouten uio->uio_offset += cnt; 18628993443SEd Schouten cp = (char *)cp + cnt; 18728993443SEd Schouten n -= cnt; 18828993443SEd Schouten } 18928993443SEd Schouten out: 19028993443SEd Schouten if (save == 0) 19128993443SEd Schouten td->td_pflags &= ~TDP_DEADLKTREAT; 19228993443SEd Schouten return (error); 19328993443SEd Schouten } 19428993443SEd Schouten 19528993443SEd Schouten /* 19628993443SEd Schouten * Wrapper for uiomove() that validates the arguments against a known-good 19728993443SEd Schouten * kernel buffer. Currently, uiomove accepts a signed (n) argument, which 19828993443SEd Schouten * is almost definitely a bad thing, so we catch that here as well. We 19928993443SEd Schouten * return a runtime failure, but it might be desirable to generate a runtime 20028993443SEd Schouten * assertion failure instead. 20128993443SEd Schouten */ 20228993443SEd Schouten int 20328993443SEd Schouten uiomove_frombuf(void *buf, int buflen, struct uio *uio) 20428993443SEd Schouten { 20528993443SEd Schouten unsigned int offset, n; 20628993443SEd Schouten 20728993443SEd Schouten if (uio->uio_offset < 0 || uio->uio_resid < 0 || 20828993443SEd Schouten (offset = uio->uio_offset) != uio->uio_offset) 20928993443SEd Schouten return (EINVAL); 21028993443SEd Schouten if (buflen <= 0 || offset >= buflen) 21128993443SEd Schouten return (0); 21228993443SEd Schouten if ((n = buflen - offset) > INT_MAX) 21328993443SEd Schouten return (EINVAL); 21428993443SEd Schouten return (uiomove((char *)buf + offset, n, uio)); 21528993443SEd Schouten } 21628993443SEd Schouten 21728993443SEd Schouten #ifdef ZERO_COPY_SOCKETS 21828993443SEd Schouten /* 21928993443SEd Schouten * Experimental support for zero-copy I/O 22028993443SEd Schouten */ 22128993443SEd Schouten static int 22228993443SEd Schouten userspaceco(void *cp, u_int cnt, struct uio *uio, int disposable) 22328993443SEd Schouten { 22428993443SEd Schouten struct iovec *iov; 22528993443SEd Schouten int error; 22628993443SEd Schouten 22728993443SEd Schouten iov = uio->uio_iov; 22828993443SEd Schouten if (uio->uio_rw == UIO_READ) { 22928993443SEd Schouten if ((so_zero_copy_receive != 0) 23028993443SEd Schouten && ((cnt & PAGE_MASK) == 0) 23128993443SEd Schouten && ((((intptr_t) iov->iov_base) & PAGE_MASK) == 0) 23228993443SEd Schouten && ((uio->uio_offset & PAGE_MASK) == 0) 23328993443SEd Schouten && ((((intptr_t) cp) & PAGE_MASK) == 0) 23428993443SEd Schouten && (disposable != 0)) { 23528993443SEd Schouten /* SOCKET: use page-trading */ 23628993443SEd Schouten /* 23728993443SEd Schouten * We only want to call vm_pgmoveco() on 23828993443SEd Schouten * disposeable pages, since it gives the 23928993443SEd Schouten * kernel page to the userland process. 24028993443SEd Schouten */ 24128993443SEd Schouten error = vm_pgmoveco(&curproc->p_vmspace->vm_map, 24228993443SEd Schouten (vm_offset_t)cp, (vm_offset_t)iov->iov_base); 24328993443SEd Schouten 24428993443SEd Schouten /* 24528993443SEd Schouten * If we get an error back, attempt 24628993443SEd Schouten * to use copyout() instead. The 24728993443SEd Schouten * disposable page should be freed 24828993443SEd Schouten * automatically if we weren't able to move 24928993443SEd Schouten * it into userland. 25028993443SEd Schouten */ 25128993443SEd Schouten if (error != 0) 25228993443SEd Schouten error = copyout(cp, iov->iov_base, cnt); 25328993443SEd Schouten } else { 25428993443SEd Schouten error = copyout(cp, iov->iov_base, cnt); 25528993443SEd Schouten } 25628993443SEd Schouten } else { 25728993443SEd Schouten error = copyin(iov->iov_base, cp, cnt); 25828993443SEd Schouten } 25928993443SEd Schouten return (error); 26028993443SEd Schouten } 26128993443SEd Schouten 26228993443SEd Schouten int 26328993443SEd Schouten uiomoveco(void *cp, int n, struct uio *uio, int disposable) 26428993443SEd Schouten { 26528993443SEd Schouten struct iovec *iov; 26628993443SEd Schouten u_int cnt; 26728993443SEd Schouten int error; 26828993443SEd Schouten 26928993443SEd Schouten KASSERT(uio->uio_rw == UIO_READ || uio->uio_rw == UIO_WRITE, 27028993443SEd Schouten ("uiomoveco: mode")); 27128993443SEd Schouten KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread, 27228993443SEd Schouten ("uiomoveco proc")); 27328993443SEd Schouten 27428993443SEd Schouten while (n > 0 && uio->uio_resid) { 27528993443SEd Schouten iov = uio->uio_iov; 27628993443SEd Schouten cnt = iov->iov_len; 27728993443SEd Schouten if (cnt == 0) { 27828993443SEd Schouten uio->uio_iov++; 27928993443SEd Schouten uio->uio_iovcnt--; 28028993443SEd Schouten continue; 28128993443SEd Schouten } 28228993443SEd Schouten if (cnt > n) 28328993443SEd Schouten cnt = n; 28428993443SEd Schouten 28528993443SEd Schouten switch (uio->uio_segflg) { 28628993443SEd Schouten 28728993443SEd Schouten case UIO_USERSPACE: 28808b163faSMatthew D Fleming maybe_yield(); 28928993443SEd Schouten error = userspaceco(cp, cnt, uio, disposable); 29028993443SEd Schouten if (error) 29128993443SEd Schouten return (error); 29228993443SEd Schouten break; 29328993443SEd Schouten 29428993443SEd Schouten case UIO_SYSSPACE: 29528993443SEd Schouten if (uio->uio_rw == UIO_READ) 29628993443SEd Schouten bcopy(cp, iov->iov_base, cnt); 29728993443SEd Schouten else 29828993443SEd Schouten bcopy(iov->iov_base, cp, cnt); 29928993443SEd Schouten break; 30028993443SEd Schouten case UIO_NOCOPY: 30128993443SEd Schouten break; 30228993443SEd Schouten } 30328993443SEd Schouten iov->iov_base = (char *)iov->iov_base + cnt; 30428993443SEd Schouten iov->iov_len -= cnt; 30528993443SEd Schouten uio->uio_resid -= cnt; 30628993443SEd Schouten uio->uio_offset += cnt; 30728993443SEd Schouten cp = (char *)cp + cnt; 30828993443SEd Schouten n -= cnt; 30928993443SEd Schouten } 31028993443SEd Schouten return (0); 31128993443SEd Schouten } 31228993443SEd Schouten #endif /* ZERO_COPY_SOCKETS */ 31328993443SEd Schouten 31428993443SEd Schouten /* 31528993443SEd Schouten * Give next character to user as result of read. 31628993443SEd Schouten */ 31728993443SEd Schouten int 31828993443SEd Schouten ureadc(int c, struct uio *uio) 31928993443SEd Schouten { 32028993443SEd Schouten struct iovec *iov; 32128993443SEd Schouten char *iov_base; 32228993443SEd Schouten 32328993443SEd Schouten WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 32428993443SEd Schouten "Calling ureadc()"); 32528993443SEd Schouten 32628993443SEd Schouten again: 32728993443SEd Schouten if (uio->uio_iovcnt == 0 || uio->uio_resid == 0) 32828993443SEd Schouten panic("ureadc"); 32928993443SEd Schouten iov = uio->uio_iov; 33028993443SEd Schouten if (iov->iov_len == 0) { 33128993443SEd Schouten uio->uio_iovcnt--; 33228993443SEd Schouten uio->uio_iov++; 33328993443SEd Schouten goto again; 33428993443SEd Schouten } 33528993443SEd Schouten switch (uio->uio_segflg) { 33628993443SEd Schouten 33728993443SEd Schouten case UIO_USERSPACE: 33828993443SEd Schouten if (subyte(iov->iov_base, c) < 0) 33928993443SEd Schouten return (EFAULT); 34028993443SEd Schouten break; 34128993443SEd Schouten 34228993443SEd Schouten case UIO_SYSSPACE: 34328993443SEd Schouten iov_base = iov->iov_base; 34428993443SEd Schouten *iov_base = c; 34528993443SEd Schouten iov->iov_base = iov_base; 34628993443SEd Schouten break; 34728993443SEd Schouten 34828993443SEd Schouten case UIO_NOCOPY: 34928993443SEd Schouten break; 35028993443SEd Schouten } 35128993443SEd Schouten iov->iov_base = (char *)iov->iov_base + 1; 35228993443SEd Schouten iov->iov_len--; 35328993443SEd Schouten uio->uio_resid--; 35428993443SEd Schouten uio->uio_offset++; 35528993443SEd Schouten return (0); 35628993443SEd Schouten } 35728993443SEd Schouten 35828993443SEd Schouten int 35928993443SEd Schouten copyinfrom(const void * __restrict src, void * __restrict dst, size_t len, 36028993443SEd Schouten int seg) 36128993443SEd Schouten { 36228993443SEd Schouten int error = 0; 36328993443SEd Schouten 36428993443SEd Schouten switch (seg) { 36528993443SEd Schouten case UIO_USERSPACE: 36628993443SEd Schouten error = copyin(src, dst, len); 36728993443SEd Schouten break; 36828993443SEd Schouten case UIO_SYSSPACE: 36928993443SEd Schouten bcopy(src, dst, len); 37028993443SEd Schouten break; 37128993443SEd Schouten default: 37228993443SEd Schouten panic("copyinfrom: bad seg %d\n", seg); 37328993443SEd Schouten } 37428993443SEd Schouten return (error); 37528993443SEd Schouten } 37628993443SEd Schouten 37728993443SEd Schouten int 37828993443SEd Schouten copyinstrfrom(const void * __restrict src, void * __restrict dst, size_t len, 37928993443SEd Schouten size_t * __restrict copied, int seg) 38028993443SEd Schouten { 38128993443SEd Schouten int error = 0; 38228993443SEd Schouten 38328993443SEd Schouten switch (seg) { 38428993443SEd Schouten case UIO_USERSPACE: 38528993443SEd Schouten error = copyinstr(src, dst, len, copied); 38628993443SEd Schouten break; 38728993443SEd Schouten case UIO_SYSSPACE: 38828993443SEd Schouten error = copystr(src, dst, len, copied); 38928993443SEd Schouten break; 39028993443SEd Schouten default: 39128993443SEd Schouten panic("copyinstrfrom: bad seg %d\n", seg); 39228993443SEd Schouten } 39328993443SEd Schouten return (error); 39428993443SEd Schouten } 39528993443SEd Schouten 39628993443SEd Schouten int 39728993443SEd Schouten copyiniov(struct iovec *iovp, u_int iovcnt, struct iovec **iov, int error) 39828993443SEd Schouten { 39928993443SEd Schouten u_int iovlen; 40028993443SEd Schouten 40128993443SEd Schouten *iov = NULL; 40228993443SEd Schouten if (iovcnt > UIO_MAXIOV) 40328993443SEd Schouten return (error); 40428993443SEd Schouten iovlen = iovcnt * sizeof (struct iovec); 40528993443SEd Schouten *iov = malloc(iovlen, M_IOV, M_WAITOK); 40628993443SEd Schouten error = copyin(iovp, *iov, iovlen); 40728993443SEd Schouten if (error) { 40828993443SEd Schouten free(*iov, M_IOV); 40928993443SEd Schouten *iov = NULL; 41028993443SEd Schouten } 41128993443SEd Schouten return (error); 41228993443SEd Schouten } 41328993443SEd Schouten 41428993443SEd Schouten int 41528993443SEd Schouten copyinuio(struct iovec *iovp, u_int iovcnt, struct uio **uiop) 41628993443SEd Schouten { 41728993443SEd Schouten struct iovec *iov; 41828993443SEd Schouten struct uio *uio; 41928993443SEd Schouten u_int iovlen; 42028993443SEd Schouten int error, i; 42128993443SEd Schouten 42228993443SEd Schouten *uiop = NULL; 42328993443SEd Schouten if (iovcnt > UIO_MAXIOV) 42428993443SEd Schouten return (EINVAL); 42528993443SEd Schouten iovlen = iovcnt * sizeof (struct iovec); 42628993443SEd Schouten uio = malloc(iovlen + sizeof *uio, M_IOV, M_WAITOK); 42728993443SEd Schouten iov = (struct iovec *)(uio + 1); 42828993443SEd Schouten error = copyin(iovp, iov, iovlen); 42928993443SEd Schouten if (error) { 43028993443SEd Schouten free(uio, M_IOV); 43128993443SEd Schouten return (error); 43228993443SEd Schouten } 43328993443SEd Schouten uio->uio_iov = iov; 43428993443SEd Schouten uio->uio_iovcnt = iovcnt; 43528993443SEd Schouten uio->uio_segflg = UIO_USERSPACE; 43628993443SEd Schouten uio->uio_offset = -1; 43728993443SEd Schouten uio->uio_resid = 0; 43828993443SEd Schouten for (i = 0; i < iovcnt; i++) { 43928993443SEd Schouten if (iov->iov_len > INT_MAX - uio->uio_resid) { 44028993443SEd Schouten free(uio, M_IOV); 44128993443SEd Schouten return (EINVAL); 44228993443SEd Schouten } 44328993443SEd Schouten uio->uio_resid += iov->iov_len; 44428993443SEd Schouten iov++; 44528993443SEd Schouten } 44628993443SEd Schouten *uiop = uio; 44728993443SEd Schouten return (0); 44828993443SEd Schouten } 44928993443SEd Schouten 45028993443SEd Schouten struct uio * 45128993443SEd Schouten cloneuio(struct uio *uiop) 45228993443SEd Schouten { 45328993443SEd Schouten struct uio *uio; 45428993443SEd Schouten int iovlen; 45528993443SEd Schouten 45628993443SEd Schouten iovlen = uiop->uio_iovcnt * sizeof (struct iovec); 45728993443SEd Schouten uio = malloc(iovlen + sizeof *uio, M_IOV, M_WAITOK); 45828993443SEd Schouten *uio = *uiop; 45928993443SEd Schouten uio->uio_iov = (struct iovec *)(uio + 1); 46028993443SEd Schouten bcopy(uiop->uio_iov, uio->uio_iov, iovlen); 46128993443SEd Schouten return (uio); 46228993443SEd Schouten } 4630f502d1cSKonstantin Belousov 4640f502d1cSKonstantin Belousov /* 4650f502d1cSKonstantin Belousov * Map some anonymous memory in user space of size sz, rounded up to the page 4660f502d1cSKonstantin Belousov * boundary. 4670f502d1cSKonstantin Belousov */ 4680f502d1cSKonstantin Belousov int 4690f502d1cSKonstantin Belousov copyout_map(struct thread *td, vm_offset_t *addr, size_t sz) 4700f502d1cSKonstantin Belousov { 471*cce6e354SKonstantin Belousov struct vmspace *vms; 4720f502d1cSKonstantin Belousov int error; 4730f502d1cSKonstantin Belousov vm_size_t size; 4740f502d1cSKonstantin Belousov 475*cce6e354SKonstantin Belousov vms = td->td_proc->p_vmspace; 476*cce6e354SKonstantin Belousov 4770f502d1cSKonstantin Belousov /* 4780f502d1cSKonstantin Belousov * Map somewhere after heap in process memory. 4790f502d1cSKonstantin Belousov */ 4800f502d1cSKonstantin Belousov PROC_LOCK(td->td_proc); 4810f502d1cSKonstantin Belousov *addr = round_page((vm_offset_t)vms->vm_daddr + 4820f502d1cSKonstantin Belousov lim_max(td->td_proc, RLIMIT_DATA)); 4830f502d1cSKonstantin Belousov PROC_UNLOCK(td->td_proc); 4840f502d1cSKonstantin Belousov 4850f502d1cSKonstantin Belousov /* round size up to page boundry */ 4860f502d1cSKonstantin Belousov size = (vm_size_t)round_page(sz); 4870f502d1cSKonstantin Belousov 4880f502d1cSKonstantin Belousov error = vm_mmap(&vms->vm_map, addr, size, PROT_READ | PROT_WRITE, 4890f502d1cSKonstantin Belousov VM_PROT_ALL, MAP_PRIVATE | MAP_ANON, OBJT_DEFAULT, NULL, 0); 4900f502d1cSKonstantin Belousov 4910f502d1cSKonstantin Belousov return (error); 4920f502d1cSKonstantin Belousov } 4930f502d1cSKonstantin Belousov 4940f502d1cSKonstantin Belousov /* 4950f502d1cSKonstantin Belousov * Unmap memory in user space. 4960f502d1cSKonstantin Belousov */ 4970f502d1cSKonstantin Belousov int 4980f502d1cSKonstantin Belousov copyout_unmap(struct thread *td, vm_offset_t addr, size_t sz) 4990f502d1cSKonstantin Belousov { 5000f502d1cSKonstantin Belousov vm_map_t map; 5010f502d1cSKonstantin Belousov vm_size_t size; 5020f502d1cSKonstantin Belousov 503937060a8SKonstantin Belousov if (sz == 0) 504937060a8SKonstantin Belousov return (0); 505937060a8SKonstantin Belousov 5060f502d1cSKonstantin Belousov map = &td->td_proc->p_vmspace->vm_map; 5070f502d1cSKonstantin Belousov size = (vm_size_t)round_page(sz); 5080f502d1cSKonstantin Belousov 5090f502d1cSKonstantin Belousov if (!vm_map_remove(map, addr, addr + size)) 5100f502d1cSKonstantin Belousov return (EINVAL); 5110f502d1cSKonstantin Belousov 5120f502d1cSKonstantin Belousov return (0); 5130f502d1cSKonstantin Belousov } 514