xref: /freebsd/sys/kern/uipc_sockbuf.c (revision ff0ba87247820afbdfdc1b307c803f7923d0e4d3)
1 /*-
2  * Copyright (c) 1982, 1986, 1988, 1990, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 4. Neither the name of the University nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  *	@(#)uipc_socket2.c	8.1 (Berkeley) 6/10/93
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 #include "opt_param.h"
36 
37 #include <sys/param.h>
38 #include <sys/aio.h> /* for aio_swake proto */
39 #include <sys/kernel.h>
40 #include <sys/lock.h>
41 #include <sys/mbuf.h>
42 #include <sys/mutex.h>
43 #include <sys/proc.h>
44 #include <sys/protosw.h>
45 #include <sys/resourcevar.h>
46 #include <sys/signalvar.h>
47 #include <sys/socket.h>
48 #include <sys/socketvar.h>
49 #include <sys/sx.h>
50 #include <sys/sysctl.h>
51 
52 /*
53  * Function pointer set by the AIO routines so that the socket buffer code
54  * can call back into the AIO module if it is loaded.
55  */
56 void	(*aio_swake)(struct socket *, struct sockbuf *);
57 
58 /*
59  * Primitive routines for operating on socket buffers
60  */
61 
62 u_long	sb_max = SB_MAX;
63 u_long sb_max_adj =
64        (quad_t)SB_MAX * MCLBYTES / (MSIZE + MCLBYTES); /* adjusted sb_max */
65 
66 static	u_long sb_efficiency = 8;	/* parameter for sbreserve() */
67 
68 static struct mbuf	*sbcut_internal(struct sockbuf *sb, int len);
69 static void	sbflush_internal(struct sockbuf *sb);
70 
71 /*
72  * Socantsendmore indicates that no more data will be sent on the socket; it
73  * would normally be applied to a socket when the user informs the system
74  * that no more data is to be sent, by the protocol code (in case
75  * PRU_SHUTDOWN).  Socantrcvmore indicates that no more data will be
76  * received, and will normally be applied to the socket by a protocol when it
77  * detects that the peer will send no more data.  Data queued for reading in
78  * the socket may yet be read.
79  */
80 void
81 socantsendmore_locked(struct socket *so)
82 {
83 
84 	SOCKBUF_LOCK_ASSERT(&so->so_snd);
85 
86 	so->so_snd.sb_state |= SBS_CANTSENDMORE;
87 	sowwakeup_locked(so);
88 	mtx_assert(SOCKBUF_MTX(&so->so_snd), MA_NOTOWNED);
89 }
90 
91 void
92 socantsendmore(struct socket *so)
93 {
94 
95 	SOCKBUF_LOCK(&so->so_snd);
96 	socantsendmore_locked(so);
97 	mtx_assert(SOCKBUF_MTX(&so->so_snd), MA_NOTOWNED);
98 }
99 
100 void
101 socantrcvmore_locked(struct socket *so)
102 {
103 
104 	SOCKBUF_LOCK_ASSERT(&so->so_rcv);
105 
106 	so->so_rcv.sb_state |= SBS_CANTRCVMORE;
107 	sorwakeup_locked(so);
108 	mtx_assert(SOCKBUF_MTX(&so->so_rcv), MA_NOTOWNED);
109 }
110 
111 void
112 socantrcvmore(struct socket *so)
113 {
114 
115 	SOCKBUF_LOCK(&so->so_rcv);
116 	socantrcvmore_locked(so);
117 	mtx_assert(SOCKBUF_MTX(&so->so_rcv), MA_NOTOWNED);
118 }
119 
120 /*
121  * Wait for data to arrive at/drain from a socket buffer.
122  */
123 int
124 sbwait(struct sockbuf *sb)
125 {
126 
127 	SOCKBUF_LOCK_ASSERT(sb);
128 
129 	sb->sb_flags |= SB_WAIT;
130 	return (msleep_sbt(&sb->sb_cc, &sb->sb_mtx,
131 	    (sb->sb_flags & SB_NOINTR) ? PSOCK : PSOCK | PCATCH, "sbwait",
132 	    sb->sb_timeo, 0, 0));
133 }
134 
135 int
136 sblock(struct sockbuf *sb, int flags)
137 {
138 
139 	KASSERT((flags & SBL_VALID) == flags,
140 	    ("sblock: flags invalid (0x%x)", flags));
141 
142 	if (flags & SBL_WAIT) {
143 		if ((sb->sb_flags & SB_NOINTR) ||
144 		    (flags & SBL_NOINTR)) {
145 			sx_xlock(&sb->sb_sx);
146 			return (0);
147 		}
148 		return (sx_xlock_sig(&sb->sb_sx));
149 	} else {
150 		if (sx_try_xlock(&sb->sb_sx) == 0)
151 			return (EWOULDBLOCK);
152 		return (0);
153 	}
154 }
155 
156 void
157 sbunlock(struct sockbuf *sb)
158 {
159 
160 	sx_xunlock(&sb->sb_sx);
161 }
162 
163 /*
164  * Wakeup processes waiting on a socket buffer.  Do asynchronous notification
165  * via SIGIO if the socket has the SS_ASYNC flag set.
166  *
167  * Called with the socket buffer lock held; will release the lock by the end
168  * of the function.  This allows the caller to acquire the socket buffer lock
169  * while testing for the need for various sorts of wakeup and hold it through
170  * to the point where it's no longer required.  We currently hold the lock
171  * through calls out to other subsystems (with the exception of kqueue), and
172  * then release it to avoid lock order issues.  It's not clear that's
173  * correct.
174  */
175 void
176 sowakeup(struct socket *so, struct sockbuf *sb)
177 {
178 	int ret;
179 
180 	SOCKBUF_LOCK_ASSERT(sb);
181 
182 	selwakeuppri(&sb->sb_sel, PSOCK);
183 	if (!SEL_WAITING(&sb->sb_sel))
184 		sb->sb_flags &= ~SB_SEL;
185 	if (sb->sb_flags & SB_WAIT) {
186 		sb->sb_flags &= ~SB_WAIT;
187 		wakeup(&sb->sb_cc);
188 	}
189 	KNOTE_LOCKED(&sb->sb_sel.si_note, 0);
190 	if (sb->sb_upcall != NULL) {
191 		ret = sb->sb_upcall(so, sb->sb_upcallarg, M_NOWAIT);
192 		if (ret == SU_ISCONNECTED) {
193 			KASSERT(sb == &so->so_rcv,
194 			    ("SO_SND upcall returned SU_ISCONNECTED"));
195 			soupcall_clear(so, SO_RCV);
196 		}
197 	} else
198 		ret = SU_OK;
199 	if (sb->sb_flags & SB_AIO)
200 		aio_swake(so, sb);
201 	SOCKBUF_UNLOCK(sb);
202 	if (ret == SU_ISCONNECTED)
203 		soisconnected(so);
204 	if ((so->so_state & SS_ASYNC) && so->so_sigio != NULL)
205 		pgsigio(&so->so_sigio, SIGIO, 0);
206 	mtx_assert(SOCKBUF_MTX(sb), MA_NOTOWNED);
207 }
208 
209 /*
210  * Socket buffer (struct sockbuf) utility routines.
211  *
212  * Each socket contains two socket buffers: one for sending data and one for
213  * receiving data.  Each buffer contains a queue of mbufs, information about
214  * the number of mbufs and amount of data in the queue, and other fields
215  * allowing select() statements and notification on data availability to be
216  * implemented.
217  *
218  * Data stored in a socket buffer is maintained as a list of records.  Each
219  * record is a list of mbufs chained together with the m_next field.  Records
220  * are chained together with the m_nextpkt field. The upper level routine
221  * soreceive() expects the following conventions to be observed when placing
222  * information in the receive buffer:
223  *
224  * 1. If the protocol requires each message be preceded by the sender's name,
225  *    then a record containing that name must be present before any
226  *    associated data (mbuf's must be of type MT_SONAME).
227  * 2. If the protocol supports the exchange of ``access rights'' (really just
228  *    additional data associated with the message), and there are ``rights''
229  *    to be received, then a record containing this data should be present
230  *    (mbuf's must be of type MT_RIGHTS).
231  * 3. If a name or rights record exists, then it must be followed by a data
232  *    record, perhaps of zero length.
233  *
234  * Before using a new socket structure it is first necessary to reserve
235  * buffer space to the socket, by calling sbreserve().  This should commit
236  * some of the available buffer space in the system buffer pool for the
237  * socket (currently, it does nothing but enforce limits).  The space should
238  * be released by calling sbrelease() when the socket is destroyed.
239  */
240 int
241 soreserve(struct socket *so, u_long sndcc, u_long rcvcc)
242 {
243 	struct thread *td = curthread;
244 
245 	SOCKBUF_LOCK(&so->so_snd);
246 	SOCKBUF_LOCK(&so->so_rcv);
247 	if (sbreserve_locked(&so->so_snd, sndcc, so, td) == 0)
248 		goto bad;
249 	if (sbreserve_locked(&so->so_rcv, rcvcc, so, td) == 0)
250 		goto bad2;
251 	if (so->so_rcv.sb_lowat == 0)
252 		so->so_rcv.sb_lowat = 1;
253 	if (so->so_snd.sb_lowat == 0)
254 		so->so_snd.sb_lowat = MCLBYTES;
255 	if (so->so_snd.sb_lowat > so->so_snd.sb_hiwat)
256 		so->so_snd.sb_lowat = so->so_snd.sb_hiwat;
257 	SOCKBUF_UNLOCK(&so->so_rcv);
258 	SOCKBUF_UNLOCK(&so->so_snd);
259 	return (0);
260 bad2:
261 	sbrelease_locked(&so->so_snd, so);
262 bad:
263 	SOCKBUF_UNLOCK(&so->so_rcv);
264 	SOCKBUF_UNLOCK(&so->so_snd);
265 	return (ENOBUFS);
266 }
267 
268 static int
269 sysctl_handle_sb_max(SYSCTL_HANDLER_ARGS)
270 {
271 	int error = 0;
272 	u_long tmp_sb_max = sb_max;
273 
274 	error = sysctl_handle_long(oidp, &tmp_sb_max, arg2, req);
275 	if (error || !req->newptr)
276 		return (error);
277 	if (tmp_sb_max < MSIZE + MCLBYTES)
278 		return (EINVAL);
279 	sb_max = tmp_sb_max;
280 	sb_max_adj = (u_quad_t)sb_max * MCLBYTES / (MSIZE + MCLBYTES);
281 	return (0);
282 }
283 
284 /*
285  * Allot mbufs to a sockbuf.  Attempt to scale mbmax so that mbcnt doesn't
286  * become limiting if buffering efficiency is near the normal case.
287  */
288 int
289 sbreserve_locked(struct sockbuf *sb, u_long cc, struct socket *so,
290     struct thread *td)
291 {
292 	rlim_t sbsize_limit;
293 
294 	SOCKBUF_LOCK_ASSERT(sb);
295 
296 	/*
297 	 * When a thread is passed, we take into account the thread's socket
298 	 * buffer size limit.  The caller will generally pass curthread, but
299 	 * in the TCP input path, NULL will be passed to indicate that no
300 	 * appropriate thread resource limits are available.  In that case,
301 	 * we don't apply a process limit.
302 	 */
303 	if (cc > sb_max_adj)
304 		return (0);
305 	if (td != NULL) {
306 		PROC_LOCK(td->td_proc);
307 		sbsize_limit = lim_cur(td->td_proc, RLIMIT_SBSIZE);
308 		PROC_UNLOCK(td->td_proc);
309 	} else
310 		sbsize_limit = RLIM_INFINITY;
311 	if (!chgsbsize(so->so_cred->cr_uidinfo, &sb->sb_hiwat, cc,
312 	    sbsize_limit))
313 		return (0);
314 	sb->sb_mbmax = min(cc * sb_efficiency, sb_max);
315 	if (sb->sb_lowat > sb->sb_hiwat)
316 		sb->sb_lowat = sb->sb_hiwat;
317 	return (1);
318 }
319 
320 int
321 sbreserve(struct sockbuf *sb, u_long cc, struct socket *so,
322     struct thread *td)
323 {
324 	int error;
325 
326 	SOCKBUF_LOCK(sb);
327 	error = sbreserve_locked(sb, cc, so, td);
328 	SOCKBUF_UNLOCK(sb);
329 	return (error);
330 }
331 
332 /*
333  * Free mbufs held by a socket, and reserved mbuf space.
334  */
335 void
336 sbrelease_internal(struct sockbuf *sb, struct socket *so)
337 {
338 
339 	sbflush_internal(sb);
340 	(void)chgsbsize(so->so_cred->cr_uidinfo, &sb->sb_hiwat, 0,
341 	    RLIM_INFINITY);
342 	sb->sb_mbmax = 0;
343 }
344 
345 void
346 sbrelease_locked(struct sockbuf *sb, struct socket *so)
347 {
348 
349 	SOCKBUF_LOCK_ASSERT(sb);
350 
351 	sbrelease_internal(sb, so);
352 }
353 
354 void
355 sbrelease(struct sockbuf *sb, struct socket *so)
356 {
357 
358 	SOCKBUF_LOCK(sb);
359 	sbrelease_locked(sb, so);
360 	SOCKBUF_UNLOCK(sb);
361 }
362 
363 void
364 sbdestroy(struct sockbuf *sb, struct socket *so)
365 {
366 
367 	sbrelease_internal(sb, so);
368 }
369 
370 /*
371  * Routines to add and remove data from an mbuf queue.
372  *
373  * The routines sbappend() or sbappendrecord() are normally called to append
374  * new mbufs to a socket buffer, after checking that adequate space is
375  * available, comparing the function sbspace() with the amount of data to be
376  * added.  sbappendrecord() differs from sbappend() in that data supplied is
377  * treated as the beginning of a new record.  To place a sender's address,
378  * optional access rights, and data in a socket receive buffer,
379  * sbappendaddr() should be used.  To place access rights and data in a
380  * socket receive buffer, sbappendrights() should be used.  In either case,
381  * the new data begins a new record.  Note that unlike sbappend() and
382  * sbappendrecord(), these routines check for the caller that there will be
383  * enough space to store the data.  Each fails if there is not enough space,
384  * or if it cannot find mbufs to store additional information in.
385  *
386  * Reliable protocols may use the socket send buffer to hold data awaiting
387  * acknowledgement.  Data is normally copied from a socket send buffer in a
388  * protocol with m_copy for output to a peer, and then removing the data from
389  * the socket buffer with sbdrop() or sbdroprecord() when the data is
390  * acknowledged by the peer.
391  */
392 #ifdef SOCKBUF_DEBUG
393 void
394 sblastrecordchk(struct sockbuf *sb, const char *file, int line)
395 {
396 	struct mbuf *m = sb->sb_mb;
397 
398 	SOCKBUF_LOCK_ASSERT(sb);
399 
400 	while (m && m->m_nextpkt)
401 		m = m->m_nextpkt;
402 
403 	if (m != sb->sb_lastrecord) {
404 		printf("%s: sb_mb %p sb_lastrecord %p last %p\n",
405 			__func__, sb->sb_mb, sb->sb_lastrecord, m);
406 		printf("packet chain:\n");
407 		for (m = sb->sb_mb; m != NULL; m = m->m_nextpkt)
408 			printf("\t%p\n", m);
409 		panic("%s from %s:%u", __func__, file, line);
410 	}
411 }
412 
413 void
414 sblastmbufchk(struct sockbuf *sb, const char *file, int line)
415 {
416 	struct mbuf *m = sb->sb_mb;
417 	struct mbuf *n;
418 
419 	SOCKBUF_LOCK_ASSERT(sb);
420 
421 	while (m && m->m_nextpkt)
422 		m = m->m_nextpkt;
423 
424 	while (m && m->m_next)
425 		m = m->m_next;
426 
427 	if (m != sb->sb_mbtail) {
428 		printf("%s: sb_mb %p sb_mbtail %p last %p\n",
429 			__func__, sb->sb_mb, sb->sb_mbtail, m);
430 		printf("packet tree:\n");
431 		for (m = sb->sb_mb; m != NULL; m = m->m_nextpkt) {
432 			printf("\t");
433 			for (n = m; n != NULL; n = n->m_next)
434 				printf("%p ", n);
435 			printf("\n");
436 		}
437 		panic("%s from %s:%u", __func__, file, line);
438 	}
439 }
440 #endif /* SOCKBUF_DEBUG */
441 
442 #define SBLINKRECORD(sb, m0) do {					\
443 	SOCKBUF_LOCK_ASSERT(sb);					\
444 	if ((sb)->sb_lastrecord != NULL)				\
445 		(sb)->sb_lastrecord->m_nextpkt = (m0);			\
446 	else								\
447 		(sb)->sb_mb = (m0);					\
448 	(sb)->sb_lastrecord = (m0);					\
449 } while (/*CONSTCOND*/0)
450 
451 /*
452  * Append mbuf chain m to the last record in the socket buffer sb.  The
453  * additional space associated the mbuf chain is recorded in sb.  Empty mbufs
454  * are discarded and mbufs are compacted where possible.
455  */
456 void
457 sbappend_locked(struct sockbuf *sb, struct mbuf *m)
458 {
459 	struct mbuf *n;
460 
461 	SOCKBUF_LOCK_ASSERT(sb);
462 
463 	if (m == 0)
464 		return;
465 
466 	SBLASTRECORDCHK(sb);
467 	n = sb->sb_mb;
468 	if (n) {
469 		while (n->m_nextpkt)
470 			n = n->m_nextpkt;
471 		do {
472 			if (n->m_flags & M_EOR) {
473 				sbappendrecord_locked(sb, m); /* XXXXXX!!!! */
474 				return;
475 			}
476 		} while (n->m_next && (n = n->m_next));
477 	} else {
478 		/*
479 		 * XXX Would like to simply use sb_mbtail here, but
480 		 * XXX I need to verify that I won't miss an EOR that
481 		 * XXX way.
482 		 */
483 		if ((n = sb->sb_lastrecord) != NULL) {
484 			do {
485 				if (n->m_flags & M_EOR) {
486 					sbappendrecord_locked(sb, m); /* XXXXXX!!!! */
487 					return;
488 				}
489 			} while (n->m_next && (n = n->m_next));
490 		} else {
491 			/*
492 			 * If this is the first record in the socket buffer,
493 			 * it's also the last record.
494 			 */
495 			sb->sb_lastrecord = m;
496 		}
497 	}
498 	sbcompress(sb, m, n);
499 	SBLASTRECORDCHK(sb);
500 }
501 
502 /*
503  * Append mbuf chain m to the last record in the socket buffer sb.  The
504  * additional space associated the mbuf chain is recorded in sb.  Empty mbufs
505  * are discarded and mbufs are compacted where possible.
506  */
507 void
508 sbappend(struct sockbuf *sb, struct mbuf *m)
509 {
510 
511 	SOCKBUF_LOCK(sb);
512 	sbappend_locked(sb, m);
513 	SOCKBUF_UNLOCK(sb);
514 }
515 
516 /*
517  * This version of sbappend() should only be used when the caller absolutely
518  * knows that there will never be more than one record in the socket buffer,
519  * that is, a stream protocol (such as TCP).
520  */
521 void
522 sbappendstream_locked(struct sockbuf *sb, struct mbuf *m)
523 {
524 	SOCKBUF_LOCK_ASSERT(sb);
525 
526 	KASSERT(m->m_nextpkt == NULL,("sbappendstream 0"));
527 	KASSERT(sb->sb_mb == sb->sb_lastrecord,("sbappendstream 1"));
528 
529 	SBLASTMBUFCHK(sb);
530 
531 	/* Remove all packet headers and mbuf tags to get a pure data chain. */
532 	m_demote(m, 1);
533 
534 	sbcompress(sb, m, sb->sb_mbtail);
535 
536 	sb->sb_lastrecord = sb->sb_mb;
537 	SBLASTRECORDCHK(sb);
538 }
539 
540 /*
541  * This version of sbappend() should only be used when the caller absolutely
542  * knows that there will never be more than one record in the socket buffer,
543  * that is, a stream protocol (such as TCP).
544  */
545 void
546 sbappendstream(struct sockbuf *sb, struct mbuf *m)
547 {
548 
549 	SOCKBUF_LOCK(sb);
550 	sbappendstream_locked(sb, m);
551 	SOCKBUF_UNLOCK(sb);
552 }
553 
554 #ifdef SOCKBUF_DEBUG
555 void
556 sbcheck(struct sockbuf *sb)
557 {
558 	struct mbuf *m;
559 	struct mbuf *n = 0;
560 	u_long len = 0, mbcnt = 0;
561 
562 	SOCKBUF_LOCK_ASSERT(sb);
563 
564 	for (m = sb->sb_mb; m; m = n) {
565 	    n = m->m_nextpkt;
566 	    for (; m; m = m->m_next) {
567 		len += m->m_len;
568 		mbcnt += MSIZE;
569 		if (m->m_flags & M_EXT) /*XXX*/ /* pretty sure this is bogus */
570 			mbcnt += m->m_ext.ext_size;
571 	    }
572 	}
573 	if (len != sb->sb_cc || mbcnt != sb->sb_mbcnt) {
574 		printf("cc %ld != %u || mbcnt %ld != %u\n", len, sb->sb_cc,
575 		    mbcnt, sb->sb_mbcnt);
576 		panic("sbcheck");
577 	}
578 }
579 #endif
580 
581 /*
582  * As above, except the mbuf chain begins a new record.
583  */
584 void
585 sbappendrecord_locked(struct sockbuf *sb, struct mbuf *m0)
586 {
587 	struct mbuf *m;
588 
589 	SOCKBUF_LOCK_ASSERT(sb);
590 
591 	if (m0 == 0)
592 		return;
593 	/*
594 	 * Put the first mbuf on the queue.  Note this permits zero length
595 	 * records.
596 	 */
597 	sballoc(sb, m0);
598 	SBLASTRECORDCHK(sb);
599 	SBLINKRECORD(sb, m0);
600 	sb->sb_mbtail = m0;
601 	m = m0->m_next;
602 	m0->m_next = 0;
603 	if (m && (m0->m_flags & M_EOR)) {
604 		m0->m_flags &= ~M_EOR;
605 		m->m_flags |= M_EOR;
606 	}
607 	/* always call sbcompress() so it can do SBLASTMBUFCHK() */
608 	sbcompress(sb, m, m0);
609 }
610 
611 /*
612  * As above, except the mbuf chain begins a new record.
613  */
614 void
615 sbappendrecord(struct sockbuf *sb, struct mbuf *m0)
616 {
617 
618 	SOCKBUF_LOCK(sb);
619 	sbappendrecord_locked(sb, m0);
620 	SOCKBUF_UNLOCK(sb);
621 }
622 
623 /* Helper routine that appends data, control, and address to a sockbuf. */
624 static int
625 sbappendaddr_locked_internal(struct sockbuf *sb, const struct sockaddr *asa,
626     struct mbuf *m0, struct mbuf *control, struct mbuf *ctrl_last)
627 {
628 	struct mbuf *m, *n, *nlast;
629 #if MSIZE <= 256
630 	if (asa->sa_len > MLEN)
631 		return (0);
632 #endif
633 	m = m_get(M_NOWAIT, MT_SONAME);
634 	if (m == NULL)
635 		return (0);
636 	m->m_len = asa->sa_len;
637 	bcopy(asa, mtod(m, caddr_t), asa->sa_len);
638 	if (ctrl_last)
639 		ctrl_last->m_next = m0;	/* concatenate data to control */
640 	else
641 		control = m0;
642 	m->m_next = control;
643 	for (n = m; n->m_next != NULL; n = n->m_next)
644 		sballoc(sb, n);
645 	sballoc(sb, n);
646 	nlast = n;
647 	SBLINKRECORD(sb, m);
648 
649 	sb->sb_mbtail = nlast;
650 	SBLASTMBUFCHK(sb);
651 
652 	SBLASTRECORDCHK(sb);
653 	return (1);
654 }
655 
656 /*
657  * Append address and data, and optionally, control (ancillary) data to the
658  * receive queue of a socket.  If present, m0 must include a packet header
659  * with total length.  Returns 0 if no space in sockbuf or insufficient
660  * mbufs.
661  */
662 int
663 sbappendaddr_locked(struct sockbuf *sb, const struct sockaddr *asa,
664     struct mbuf *m0, struct mbuf *control)
665 {
666 	struct mbuf *ctrl_last;
667 	int space = asa->sa_len;
668 
669 	SOCKBUF_LOCK_ASSERT(sb);
670 
671 	if (m0 && (m0->m_flags & M_PKTHDR) == 0)
672 		panic("sbappendaddr_locked");
673 	if (m0)
674 		space += m0->m_pkthdr.len;
675 	space += m_length(control, &ctrl_last);
676 
677 	if (space > sbspace(sb))
678 		return (0);
679 	return (sbappendaddr_locked_internal(sb, asa, m0, control, ctrl_last));
680 }
681 
682 /*
683  * Append address and data, and optionally, control (ancillary) data to the
684  * receive queue of a socket.  If present, m0 must include a packet header
685  * with total length.  Returns 0 if insufficient mbufs.  Does not validate space
686  * on the receiving sockbuf.
687  */
688 int
689 sbappendaddr_nospacecheck_locked(struct sockbuf *sb, const struct sockaddr *asa,
690     struct mbuf *m0, struct mbuf *control)
691 {
692 	struct mbuf *ctrl_last;
693 
694 	SOCKBUF_LOCK_ASSERT(sb);
695 
696 	ctrl_last = (control == NULL) ? NULL : m_last(control);
697 	return (sbappendaddr_locked_internal(sb, asa, m0, control, ctrl_last));
698 }
699 
700 /*
701  * Append address and data, and optionally, control (ancillary) data to the
702  * receive queue of a socket.  If present, m0 must include a packet header
703  * with total length.  Returns 0 if no space in sockbuf or insufficient
704  * mbufs.
705  */
706 int
707 sbappendaddr(struct sockbuf *sb, const struct sockaddr *asa,
708     struct mbuf *m0, struct mbuf *control)
709 {
710 	int retval;
711 
712 	SOCKBUF_LOCK(sb);
713 	retval = sbappendaddr_locked(sb, asa, m0, control);
714 	SOCKBUF_UNLOCK(sb);
715 	return (retval);
716 }
717 
718 int
719 sbappendcontrol_locked(struct sockbuf *sb, struct mbuf *m0,
720     struct mbuf *control)
721 {
722 	struct mbuf *m, *n, *mlast;
723 	int space;
724 
725 	SOCKBUF_LOCK_ASSERT(sb);
726 
727 	if (control == 0)
728 		panic("sbappendcontrol_locked");
729 	space = m_length(control, &n) + m_length(m0, NULL);
730 
731 	if (space > sbspace(sb))
732 		return (0);
733 	n->m_next = m0;			/* concatenate data to control */
734 
735 	SBLASTRECORDCHK(sb);
736 
737 	for (m = control; m->m_next; m = m->m_next)
738 		sballoc(sb, m);
739 	sballoc(sb, m);
740 	mlast = m;
741 	SBLINKRECORD(sb, control);
742 
743 	sb->sb_mbtail = mlast;
744 	SBLASTMBUFCHK(sb);
745 
746 	SBLASTRECORDCHK(sb);
747 	return (1);
748 }
749 
750 int
751 sbappendcontrol(struct sockbuf *sb, struct mbuf *m0, struct mbuf *control)
752 {
753 	int retval;
754 
755 	SOCKBUF_LOCK(sb);
756 	retval = sbappendcontrol_locked(sb, m0, control);
757 	SOCKBUF_UNLOCK(sb);
758 	return (retval);
759 }
760 
761 /*
762  * Append the data in mbuf chain (m) into the socket buffer sb following mbuf
763  * (n).  If (n) is NULL, the buffer is presumed empty.
764  *
765  * When the data is compressed, mbufs in the chain may be handled in one of
766  * three ways:
767  *
768  * (1) The mbuf may simply be dropped, if it contributes nothing (no data, no
769  *     record boundary, and no change in data type).
770  *
771  * (2) The mbuf may be coalesced -- i.e., data in the mbuf may be copied into
772  *     an mbuf already in the socket buffer.  This can occur if an
773  *     appropriate mbuf exists, there is room, and no merging of data types
774  *     will occur.
775  *
776  * (3) The mbuf may be appended to the end of the existing mbuf chain.
777  *
778  * If any of the new mbufs is marked as M_EOR, mark the last mbuf appended as
779  * end-of-record.
780  */
781 void
782 sbcompress(struct sockbuf *sb, struct mbuf *m, struct mbuf *n)
783 {
784 	int eor = 0;
785 	struct mbuf *o;
786 
787 	SOCKBUF_LOCK_ASSERT(sb);
788 
789 	while (m) {
790 		eor |= m->m_flags & M_EOR;
791 		if (m->m_len == 0 &&
792 		    (eor == 0 ||
793 		     (((o = m->m_next) || (o = n)) &&
794 		      o->m_type == m->m_type))) {
795 			if (sb->sb_lastrecord == m)
796 				sb->sb_lastrecord = m->m_next;
797 			m = m_free(m);
798 			continue;
799 		}
800 		if (n && (n->m_flags & M_EOR) == 0 &&
801 		    M_WRITABLE(n) &&
802 		    ((sb->sb_flags & SB_NOCOALESCE) == 0) &&
803 		    m->m_len <= MCLBYTES / 4 && /* XXX: Don't copy too much */
804 		    m->m_len <= M_TRAILINGSPACE(n) &&
805 		    n->m_type == m->m_type) {
806 			bcopy(mtod(m, caddr_t), mtod(n, caddr_t) + n->m_len,
807 			    (unsigned)m->m_len);
808 			n->m_len += m->m_len;
809 			sb->sb_cc += m->m_len;
810 			if (m->m_type != MT_DATA && m->m_type != MT_OOBDATA)
811 				/* XXX: Probably don't need.*/
812 				sb->sb_ctl += m->m_len;
813 			m = m_free(m);
814 			continue;
815 		}
816 		if (n)
817 			n->m_next = m;
818 		else
819 			sb->sb_mb = m;
820 		sb->sb_mbtail = m;
821 		sballoc(sb, m);
822 		n = m;
823 		m->m_flags &= ~M_EOR;
824 		m = m->m_next;
825 		n->m_next = 0;
826 	}
827 	if (eor) {
828 		KASSERT(n != NULL, ("sbcompress: eor && n == NULL"));
829 		n->m_flags |= eor;
830 	}
831 	SBLASTMBUFCHK(sb);
832 }
833 
834 /*
835  * Free all mbufs in a sockbuf.  Check that all resources are reclaimed.
836  */
837 static void
838 sbflush_internal(struct sockbuf *sb)
839 {
840 
841 	while (sb->sb_mbcnt) {
842 		/*
843 		 * Don't call sbcut(sb, 0) if the leading mbuf is non-empty:
844 		 * we would loop forever. Panic instead.
845 		 */
846 		if (!sb->sb_cc && (sb->sb_mb == NULL || sb->sb_mb->m_len))
847 			break;
848 		m_freem(sbcut_internal(sb, (int)sb->sb_cc));
849 	}
850 	if (sb->sb_cc || sb->sb_mb || sb->sb_mbcnt)
851 		panic("sbflush_internal: cc %u || mb %p || mbcnt %u",
852 		    sb->sb_cc, (void *)sb->sb_mb, sb->sb_mbcnt);
853 }
854 
855 void
856 sbflush_locked(struct sockbuf *sb)
857 {
858 
859 	SOCKBUF_LOCK_ASSERT(sb);
860 	sbflush_internal(sb);
861 }
862 
863 void
864 sbflush(struct sockbuf *sb)
865 {
866 
867 	SOCKBUF_LOCK(sb);
868 	sbflush_locked(sb);
869 	SOCKBUF_UNLOCK(sb);
870 }
871 
872 /*
873  * Cut data from (the front of) a sockbuf.
874  */
875 static struct mbuf *
876 sbcut_internal(struct sockbuf *sb, int len)
877 {
878 	struct mbuf *m, *n, *next, *mfree;
879 
880 	next = (m = sb->sb_mb) ? m->m_nextpkt : 0;
881 	mfree = NULL;
882 
883 	while (len > 0) {
884 		if (m == NULL) {
885 			KASSERT(next, ("%s: no next, len %d", __func__, len));
886 			m = next;
887 			next = m->m_nextpkt;
888 		}
889 		if (m->m_len > len) {
890 			m->m_len -= len;
891 			m->m_data += len;
892 			sb->sb_cc -= len;
893 			if (sb->sb_sndptroff != 0)
894 				sb->sb_sndptroff -= len;
895 			if (m->m_type != MT_DATA && m->m_type != MT_OOBDATA)
896 				sb->sb_ctl -= len;
897 			break;
898 		}
899 		len -= m->m_len;
900 		sbfree(sb, m);
901 		n = m->m_next;
902 		m->m_next = mfree;
903 		mfree = m;
904 		m = n;
905 	}
906 	if (m) {
907 		sb->sb_mb = m;
908 		m->m_nextpkt = next;
909 	} else
910 		sb->sb_mb = next;
911 	/*
912 	 * First part is an inline SB_EMPTY_FIXUP().  Second part makes sure
913 	 * sb_lastrecord is up-to-date if we dropped part of the last record.
914 	 */
915 	m = sb->sb_mb;
916 	if (m == NULL) {
917 		sb->sb_mbtail = NULL;
918 		sb->sb_lastrecord = NULL;
919 	} else if (m->m_nextpkt == NULL) {
920 		sb->sb_lastrecord = m;
921 	}
922 
923 	return (mfree);
924 }
925 
926 /*
927  * Drop data from (the front of) a sockbuf.
928  */
929 void
930 sbdrop_locked(struct sockbuf *sb, int len)
931 {
932 
933 	SOCKBUF_LOCK_ASSERT(sb);
934 	m_freem(sbcut_internal(sb, len));
935 }
936 
937 /*
938  * Drop data from (the front of) a sockbuf,
939  * and return it to caller.
940  */
941 struct mbuf *
942 sbcut_locked(struct sockbuf *sb, int len)
943 {
944 
945 	SOCKBUF_LOCK_ASSERT(sb);
946 	return (sbcut_internal(sb, len));
947 }
948 
949 void
950 sbdrop(struct sockbuf *sb, int len)
951 {
952 	struct mbuf *mfree;
953 
954 	SOCKBUF_LOCK(sb);
955 	mfree = sbcut_internal(sb, len);
956 	SOCKBUF_UNLOCK(sb);
957 
958 	m_freem(mfree);
959 }
960 
961 /*
962  * Maintain a pointer and offset pair into the socket buffer mbuf chain to
963  * avoid traversal of the entire socket buffer for larger offsets.
964  */
965 struct mbuf *
966 sbsndptr(struct sockbuf *sb, u_int off, u_int len, u_int *moff)
967 {
968 	struct mbuf *m, *ret;
969 
970 	KASSERT(sb->sb_mb != NULL, ("%s: sb_mb is NULL", __func__));
971 	KASSERT(off + len <= sb->sb_cc, ("%s: beyond sb", __func__));
972 	KASSERT(sb->sb_sndptroff <= sb->sb_cc, ("%s: sndptroff broken", __func__));
973 
974 	/*
975 	 * Is off below stored offset? Happens on retransmits.
976 	 * Just return, we can't help here.
977 	 */
978 	if (sb->sb_sndptroff > off) {
979 		*moff = off;
980 		return (sb->sb_mb);
981 	}
982 
983 	/* Return closest mbuf in chain for current offset. */
984 	*moff = off - sb->sb_sndptroff;
985 	m = ret = sb->sb_sndptr ? sb->sb_sndptr : sb->sb_mb;
986 	if (*moff == m->m_len) {
987 		*moff = 0;
988 		sb->sb_sndptroff += m->m_len;
989 		m = ret = m->m_next;
990 		KASSERT(ret->m_len > 0,
991 		    ("mbuf %p in sockbuf %p chain has no valid data", ret, sb));
992 	}
993 
994 	/* Advance by len to be as close as possible for the next transmit. */
995 	for (off = off - sb->sb_sndptroff + len - 1;
996 	     off > 0 && m != NULL && off >= m->m_len;
997 	     m = m->m_next) {
998 		sb->sb_sndptroff += m->m_len;
999 		off -= m->m_len;
1000 	}
1001 	if (off > 0 && m == NULL)
1002 		panic("%s: sockbuf %p and mbuf %p clashing", __func__, sb, ret);
1003 	sb->sb_sndptr = m;
1004 
1005 	return (ret);
1006 }
1007 
1008 /*
1009  * Return the first mbuf and the mbuf data offset for the provided
1010  * send offset without changing the "sb_sndptroff" field.
1011  */
1012 struct mbuf *
1013 sbsndmbuf(struct sockbuf *sb, u_int off, u_int *moff)
1014 {
1015 	struct mbuf *m;
1016 
1017 	KASSERT(sb->sb_mb != NULL, ("%s: sb_mb is NULL", __func__));
1018 
1019 	/*
1020 	 * If the "off" is below the stored offset, which happens on
1021 	 * retransmits, just use "sb_mb":
1022 	 */
1023 	if (sb->sb_sndptr == NULL || sb->sb_sndptroff > off) {
1024 		m = sb->sb_mb;
1025 	} else {
1026 		m = sb->sb_sndptr;
1027 		off -= sb->sb_sndptroff;
1028 	}
1029 	while (off > 0 && m != NULL) {
1030 		if (off < m->m_len)
1031 			break;
1032 		off -= m->m_len;
1033 		m = m->m_next;
1034 	}
1035 	*moff = off;
1036 	return (m);
1037 }
1038 
1039 /*
1040  * Drop a record off the front of a sockbuf and move the next record to the
1041  * front.
1042  */
1043 void
1044 sbdroprecord_locked(struct sockbuf *sb)
1045 {
1046 	struct mbuf *m;
1047 
1048 	SOCKBUF_LOCK_ASSERT(sb);
1049 
1050 	m = sb->sb_mb;
1051 	if (m) {
1052 		sb->sb_mb = m->m_nextpkt;
1053 		do {
1054 			sbfree(sb, m);
1055 			m = m_free(m);
1056 		} while (m);
1057 	}
1058 	SB_EMPTY_FIXUP(sb);
1059 }
1060 
1061 /*
1062  * Drop a record off the front of a sockbuf and move the next record to the
1063  * front.
1064  */
1065 void
1066 sbdroprecord(struct sockbuf *sb)
1067 {
1068 
1069 	SOCKBUF_LOCK(sb);
1070 	sbdroprecord_locked(sb);
1071 	SOCKBUF_UNLOCK(sb);
1072 }
1073 
1074 /*
1075  * Create a "control" mbuf containing the specified data with the specified
1076  * type for presentation on a socket buffer.
1077  */
1078 struct mbuf *
1079 sbcreatecontrol(caddr_t p, int size, int type, int level)
1080 {
1081 	struct cmsghdr *cp;
1082 	struct mbuf *m;
1083 
1084 	if (CMSG_SPACE((u_int)size) > MCLBYTES)
1085 		return ((struct mbuf *) NULL);
1086 	if (CMSG_SPACE((u_int)size) > MLEN)
1087 		m = m_getcl(M_NOWAIT, MT_CONTROL, 0);
1088 	else
1089 		m = m_get(M_NOWAIT, MT_CONTROL);
1090 	if (m == NULL)
1091 		return ((struct mbuf *) NULL);
1092 	cp = mtod(m, struct cmsghdr *);
1093 	m->m_len = 0;
1094 	KASSERT(CMSG_SPACE((u_int)size) <= M_TRAILINGSPACE(m),
1095 	    ("sbcreatecontrol: short mbuf"));
1096 	/*
1097 	 * Don't leave the padding between the msg header and the
1098 	 * cmsg data and the padding after the cmsg data un-initialized.
1099 	 */
1100 	bzero(cp, CMSG_SPACE((u_int)size));
1101 	if (p != NULL)
1102 		(void)memcpy(CMSG_DATA(cp), p, size);
1103 	m->m_len = CMSG_SPACE(size);
1104 	cp->cmsg_len = CMSG_LEN(size);
1105 	cp->cmsg_level = level;
1106 	cp->cmsg_type = type;
1107 	return (m);
1108 }
1109 
1110 /*
1111  * This does the same for socket buffers that sotoxsocket does for sockets:
1112  * generate an user-format data structure describing the socket buffer.  Note
1113  * that the xsockbuf structure, since it is always embedded in a socket, does
1114  * not include a self pointer nor a length.  We make this entry point public
1115  * in case some other mechanism needs it.
1116  */
1117 void
1118 sbtoxsockbuf(struct sockbuf *sb, struct xsockbuf *xsb)
1119 {
1120 
1121 	xsb->sb_cc = sb->sb_cc;
1122 	xsb->sb_hiwat = sb->sb_hiwat;
1123 	xsb->sb_mbcnt = sb->sb_mbcnt;
1124 	xsb->sb_mcnt = sb->sb_mcnt;
1125 	xsb->sb_ccnt = sb->sb_ccnt;
1126 	xsb->sb_mbmax = sb->sb_mbmax;
1127 	xsb->sb_lowat = sb->sb_lowat;
1128 	xsb->sb_flags = sb->sb_flags;
1129 	xsb->sb_timeo = sb->sb_timeo;
1130 }
1131 
1132 /* This takes the place of kern.maxsockbuf, which moved to kern.ipc. */
1133 static int dummy;
1134 SYSCTL_INT(_kern, KERN_DUMMY, dummy, CTLFLAG_RW, &dummy, 0, "");
1135 SYSCTL_OID(_kern_ipc, KIPC_MAXSOCKBUF, maxsockbuf, CTLTYPE_ULONG|CTLFLAG_RW,
1136     &sb_max, 0, sysctl_handle_sb_max, "LU", "Maximum socket buffer size");
1137 SYSCTL_ULONG(_kern_ipc, KIPC_SOCKBUF_WASTE, sockbuf_waste_factor, CTLFLAG_RW,
1138     &sb_efficiency, 0, "Socket buffer size waste factor");
1139