xref: /freebsd/sys/kern/uipc_syscalls.c (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1 /*-
2  * Copyright (c) 1982, 1986, 1989, 1990, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * sendfile(2) and related extensions:
6  * Copyright (c) 1998, David Greenman. All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 4. Neither the name of the University nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  *	@(#)uipc_syscalls.c	8.4 (Berkeley) 2/21/94
33  */
34 
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
37 
38 #include "opt_sctp.h"
39 #include "opt_compat.h"
40 #include "opt_ktrace.h"
41 #include "opt_mac.h"
42 
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/kernel.h>
46 #include <sys/lock.h>
47 #include <sys/mutex.h>
48 #include <sys/sysproto.h>
49 #include <sys/malloc.h>
50 #include <sys/filedesc.h>
51 #include <sys/event.h>
52 #include <sys/proc.h>
53 #include <sys/fcntl.h>
54 #include <sys/file.h>
55 #include <sys/filio.h>
56 #include <sys/mount.h>
57 #include <sys/mbuf.h>
58 #include <sys/protosw.h>
59 #include <sys/sf_buf.h>
60 #include <sys/socket.h>
61 #include <sys/socketvar.h>
62 #include <sys/signalvar.h>
63 #include <sys/syscallsubr.h>
64 #include <sys/sysctl.h>
65 #include <sys/uio.h>
66 #include <sys/vnode.h>
67 #ifdef KTRACE
68 #include <sys/ktrace.h>
69 #endif
70 
71 #include <security/mac/mac_framework.h>
72 
73 #include <vm/vm.h>
74 #include <vm/vm_object.h>
75 #include <vm/vm_page.h>
76 #include <vm/vm_pageout.h>
77 #include <vm/vm_kern.h>
78 #include <vm/vm_extern.h>
79 
80 #ifdef SCTP
81 #include <netinet/sctp.h>
82 #include <netinet/sctp_peeloff.h>
83 #endif /* SCTP */
84 
85 static int sendit(struct thread *td, int s, struct msghdr *mp, int flags);
86 static int recvit(struct thread *td, int s, struct msghdr *mp, void *namelenp);
87 
88 static int accept1(struct thread *td, struct accept_args *uap, int compat);
89 static int do_sendfile(struct thread *td, struct sendfile_args *uap, int compat);
90 static int getsockname1(struct thread *td, struct getsockname_args *uap,
91 			int compat);
92 static int getpeername1(struct thread *td, struct getpeername_args *uap,
93 			int compat);
94 
95 /*
96  * NSFBUFS-related variables and associated sysctls
97  */
98 int nsfbufs;
99 int nsfbufspeak;
100 int nsfbufsused;
101 
102 SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufs, CTLFLAG_RDTUN, &nsfbufs, 0,
103     "Maximum number of sendfile(2) sf_bufs available");
104 SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufspeak, CTLFLAG_RD, &nsfbufspeak, 0,
105     "Number of sendfile(2) sf_bufs at peak usage");
106 SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufsused, CTLFLAG_RD, &nsfbufsused, 0,
107     "Number of sendfile(2) sf_bufs in use");
108 
109 /*
110  * Convert a user file descriptor to a kernel file entry.  A reference on the
111  * file entry is held upon returning.  This is lighter weight than
112  * fgetsock(), which bumps the socket reference drops the file reference
113  * count instead, as this approach avoids several additional mutex operations
114  * associated with the additional reference count.  If requested, return the
115  * open file flags.
116  */
117 static int
118 getsock(struct filedesc *fdp, int fd, struct file **fpp, u_int *fflagp)
119 {
120 	struct file *fp;
121 	int error;
122 
123 	fp = NULL;
124 	if (fdp == NULL)
125 		error = EBADF;
126 	else {
127 		FILEDESC_SLOCK(fdp);
128 		fp = fget_locked(fdp, fd);
129 		if (fp == NULL)
130 			error = EBADF;
131 		else if (fp->f_type != DTYPE_SOCKET) {
132 			fp = NULL;
133 			error = ENOTSOCK;
134 		} else {
135 			fhold(fp);
136 			if (fflagp != NULL)
137 				*fflagp = fp->f_flag;
138 			error = 0;
139 		}
140 		FILEDESC_SUNLOCK(fdp);
141 	}
142 	*fpp = fp;
143 	return (error);
144 }
145 
146 /*
147  * System call interface to the socket abstraction.
148  */
149 #if defined(COMPAT_43)
150 #define COMPAT_OLDSOCK
151 #endif
152 
153 int
154 socket(td, uap)
155 	struct thread *td;
156 	struct socket_args /* {
157 		int	domain;
158 		int	type;
159 		int	protocol;
160 	} */ *uap;
161 {
162 	struct filedesc *fdp;
163 	struct socket *so;
164 	struct file *fp;
165 	int fd, error;
166 
167 #ifdef MAC
168 	error = mac_socket_check_create(td->td_ucred, uap->domain, uap->type,
169 	    uap->protocol);
170 	if (error)
171 		return (error);
172 #endif
173 	fdp = td->td_proc->p_fd;
174 	error = falloc(td, &fp, &fd);
175 	if (error)
176 		return (error);
177 	/* An extra reference on `fp' has been held for us by falloc(). */
178 	error = socreate(uap->domain, &so, uap->type, uap->protocol,
179 	    td->td_ucred, td);
180 	if (error) {
181 		fdclose(fdp, fp, fd, td);
182 	} else {
183 		finit(fp, FREAD | FWRITE, DTYPE_SOCKET, so, &socketops);
184 		td->td_retval[0] = fd;
185 	}
186 	fdrop(fp, td);
187 	return (error);
188 }
189 
190 /* ARGSUSED */
191 int
192 bind(td, uap)
193 	struct thread *td;
194 	struct bind_args /* {
195 		int	s;
196 		caddr_t	name;
197 		int	namelen;
198 	} */ *uap;
199 {
200 	struct sockaddr *sa;
201 	int error;
202 
203 	if ((error = getsockaddr(&sa, uap->name, uap->namelen)) != 0)
204 		return (error);
205 
206 	error = kern_bind(td, uap->s, sa);
207 	free(sa, M_SONAME);
208 	return (error);
209 }
210 
211 int
212 kern_bind(td, fd, sa)
213 	struct thread *td;
214 	int fd;
215 	struct sockaddr *sa;
216 {
217 	struct socket *so;
218 	struct file *fp;
219 	int error;
220 
221 	error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
222 	if (error)
223 		return (error);
224 	so = fp->f_data;
225 #ifdef MAC
226 	SOCK_LOCK(so);
227 	error = mac_socket_check_bind(td->td_ucred, so, sa);
228 	SOCK_UNLOCK(so);
229 	if (error)
230 		goto done;
231 #endif
232 	error = sobind(so, sa, td);
233 #ifdef MAC
234 done:
235 #endif
236 	fdrop(fp, td);
237 	return (error);
238 }
239 
240 /* ARGSUSED */
241 int
242 listen(td, uap)
243 	struct thread *td;
244 	struct listen_args /* {
245 		int	s;
246 		int	backlog;
247 	} */ *uap;
248 {
249 	struct socket *so;
250 	struct file *fp;
251 	int error;
252 
253 	error = getsock(td->td_proc->p_fd, uap->s, &fp, NULL);
254 	if (error == 0) {
255 		so = fp->f_data;
256 #ifdef MAC
257 		SOCK_LOCK(so);
258 		error = mac_socket_check_listen(td->td_ucred, so);
259 		SOCK_UNLOCK(so);
260 		if (error)
261 			goto done;
262 #endif
263 		error = solisten(so, uap->backlog, td);
264 #ifdef MAC
265 done:
266 #endif
267 		fdrop(fp, td);
268 	}
269 	return(error);
270 }
271 
272 /*
273  * accept1()
274  */
275 static int
276 accept1(td, uap, compat)
277 	struct thread *td;
278 	struct accept_args /* {
279 		int	s;
280 		struct sockaddr	* __restrict name;
281 		socklen_t	* __restrict anamelen;
282 	} */ *uap;
283 	int compat;
284 {
285 	struct sockaddr *name;
286 	socklen_t namelen;
287 	struct file *fp;
288 	int error;
289 
290 	if (uap->name == NULL)
291 		return (kern_accept(td, uap->s, NULL, NULL, NULL));
292 
293 	error = copyin(uap->anamelen, &namelen, sizeof (namelen));
294 	if (error)
295 		return (error);
296 
297 	error = kern_accept(td, uap->s, &name, &namelen, &fp);
298 
299 	/*
300 	 * return a namelen of zero for older code which might
301 	 * ignore the return value from accept.
302 	 */
303 	if (error) {
304 		(void) copyout(&namelen,
305 		    uap->anamelen, sizeof(*uap->anamelen));
306 		return (error);
307 	}
308 
309 	if (error == 0 && name != NULL) {
310 #ifdef COMPAT_OLDSOCK
311 		if (compat)
312 			((struct osockaddr *)name)->sa_family =
313 			    name->sa_family;
314 #endif
315 		error = copyout(name, uap->name, namelen);
316 	}
317 	if (error == 0)
318 		error = copyout(&namelen, uap->anamelen,
319 		    sizeof(namelen));
320 	if (error)
321 		fdclose(td->td_proc->p_fd, fp, td->td_retval[0], td);
322 	fdrop(fp, td);
323 	free(name, M_SONAME);
324 	return (error);
325 }
326 
327 int
328 kern_accept(struct thread *td, int s, struct sockaddr **name,
329     socklen_t *namelen, struct file **fp)
330 {
331 	struct filedesc *fdp;
332 	struct file *headfp, *nfp = NULL;
333 	struct sockaddr *sa = NULL;
334 	int error;
335 	struct socket *head, *so;
336 	int fd;
337 	u_int fflag;
338 	pid_t pgid;
339 	int tmp;
340 
341 	if (name) {
342 		*name = NULL;
343 		if (*namelen < 0)
344 			return (EINVAL);
345 	}
346 
347 	fdp = td->td_proc->p_fd;
348 	error = getsock(fdp, s, &headfp, &fflag);
349 	if (error)
350 		return (error);
351 	head = headfp->f_data;
352 	if ((head->so_options & SO_ACCEPTCONN) == 0) {
353 		error = EINVAL;
354 		goto done;
355 	}
356 #ifdef MAC
357 	SOCK_LOCK(head);
358 	error = mac_socket_check_accept(td->td_ucred, head);
359 	SOCK_UNLOCK(head);
360 	if (error != 0)
361 		goto done;
362 #endif
363 	error = falloc(td, &nfp, &fd);
364 	if (error)
365 		goto done;
366 	ACCEPT_LOCK();
367 	if ((head->so_state & SS_NBIO) && TAILQ_EMPTY(&head->so_comp)) {
368 		ACCEPT_UNLOCK();
369 		error = EWOULDBLOCK;
370 		goto noconnection;
371 	}
372 	while (TAILQ_EMPTY(&head->so_comp) && head->so_error == 0) {
373 		if (head->so_rcv.sb_state & SBS_CANTRCVMORE) {
374 			head->so_error = ECONNABORTED;
375 			break;
376 		}
377 		error = msleep(&head->so_timeo, &accept_mtx, PSOCK | PCATCH,
378 		    "accept", 0);
379 		if (error) {
380 			ACCEPT_UNLOCK();
381 			goto noconnection;
382 		}
383 	}
384 	if (head->so_error) {
385 		error = head->so_error;
386 		head->so_error = 0;
387 		ACCEPT_UNLOCK();
388 		goto noconnection;
389 	}
390 	so = TAILQ_FIRST(&head->so_comp);
391 	KASSERT(!(so->so_qstate & SQ_INCOMP), ("accept1: so SQ_INCOMP"));
392 	KASSERT(so->so_qstate & SQ_COMP, ("accept1: so not SQ_COMP"));
393 
394 	/*
395 	 * Before changing the flags on the socket, we have to bump the
396 	 * reference count.  Otherwise, if the protocol calls sofree(),
397 	 * the socket will be released due to a zero refcount.
398 	 */
399 	SOCK_LOCK(so);			/* soref() and so_state update */
400 	soref(so);			/* file descriptor reference */
401 
402 	TAILQ_REMOVE(&head->so_comp, so, so_list);
403 	head->so_qlen--;
404 	so->so_state |= (head->so_state & SS_NBIO);
405 	so->so_qstate &= ~SQ_COMP;
406 	so->so_head = NULL;
407 
408 	SOCK_UNLOCK(so);
409 	ACCEPT_UNLOCK();
410 
411 	/* An extra reference on `nfp' has been held for us by falloc(). */
412 	td->td_retval[0] = fd;
413 
414 	/* connection has been removed from the listen queue */
415 	KNOTE_UNLOCKED(&head->so_rcv.sb_sel.si_note, 0);
416 
417 	pgid = fgetown(&head->so_sigio);
418 	if (pgid != 0)
419 		fsetown(pgid, &so->so_sigio);
420 
421 	finit(nfp, fflag, DTYPE_SOCKET, so, &socketops);
422 	/* Sync socket nonblocking/async state with file flags */
423 	tmp = fflag & FNONBLOCK;
424 	(void) fo_ioctl(nfp, FIONBIO, &tmp, td->td_ucred, td);
425 	tmp = fflag & FASYNC;
426 	(void) fo_ioctl(nfp, FIOASYNC, &tmp, td->td_ucred, td);
427 	sa = 0;
428 	error = soaccept(so, &sa);
429 	if (error) {
430 		/*
431 		 * return a namelen of zero for older code which might
432 		 * ignore the return value from accept.
433 		 */
434 		if (name)
435 			*namelen = 0;
436 		goto noconnection;
437 	}
438 	if (sa == NULL) {
439 		if (name)
440 			*namelen = 0;
441 		goto done;
442 	}
443 	if (name) {
444 		/* check sa_len before it is destroyed */
445 		if (*namelen > sa->sa_len)
446 			*namelen = sa->sa_len;
447 		*name = sa;
448 		sa = NULL;
449 	}
450 noconnection:
451 	if (sa)
452 		FREE(sa, M_SONAME);
453 
454 	/*
455 	 * close the new descriptor, assuming someone hasn't ripped it
456 	 * out from under us.
457 	 */
458 	if (error)
459 		fdclose(fdp, nfp, fd, td);
460 
461 	/*
462 	 * Release explicitly held references before returning.  We return
463 	 * a reference on nfp to the caller on success if they request it.
464 	 */
465 done:
466 	if (fp != NULL) {
467 		if (error == 0) {
468 			*fp = nfp;
469 			nfp = NULL;
470 		} else
471 			*fp = NULL;
472 	}
473 	if (nfp != NULL)
474 		fdrop(nfp, td);
475 	fdrop(headfp, td);
476 	return (error);
477 }
478 
479 int
480 accept(td, uap)
481 	struct thread *td;
482 	struct accept_args *uap;
483 {
484 
485 	return (accept1(td, uap, 0));
486 }
487 
488 #ifdef COMPAT_OLDSOCK
489 int
490 oaccept(td, uap)
491 	struct thread *td;
492 	struct accept_args *uap;
493 {
494 
495 	return (accept1(td, uap, 1));
496 }
497 #endif /* COMPAT_OLDSOCK */
498 
499 /* ARGSUSED */
500 int
501 connect(td, uap)
502 	struct thread *td;
503 	struct connect_args /* {
504 		int	s;
505 		caddr_t	name;
506 		int	namelen;
507 	} */ *uap;
508 {
509 	struct sockaddr *sa;
510 	int error;
511 
512 	error = getsockaddr(&sa, uap->name, uap->namelen);
513 	if (error)
514 		return (error);
515 
516 	error = kern_connect(td, uap->s, sa);
517 	free(sa, M_SONAME);
518 	return (error);
519 }
520 
521 
522 int
523 kern_connect(td, fd, sa)
524 	struct thread *td;
525 	int fd;
526 	struct sockaddr *sa;
527 {
528 	struct socket *so;
529 	struct file *fp;
530 	int error;
531 	int interrupted = 0;
532 
533 	error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
534 	if (error)
535 		return (error);
536 	so = fp->f_data;
537 	if (so->so_state & SS_ISCONNECTING) {
538 		error = EALREADY;
539 		goto done1;
540 	}
541 #ifdef MAC
542 	SOCK_LOCK(so);
543 	error = mac_socket_check_connect(td->td_ucred, so, sa);
544 	SOCK_UNLOCK(so);
545 	if (error)
546 		goto bad;
547 #endif
548 	error = soconnect(so, sa, td);
549 	if (error)
550 		goto bad;
551 	if ((so->so_state & SS_NBIO) && (so->so_state & SS_ISCONNECTING)) {
552 		error = EINPROGRESS;
553 		goto done1;
554 	}
555 	SOCK_LOCK(so);
556 	while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
557 		error = msleep(&so->so_timeo, SOCK_MTX(so), PSOCK | PCATCH,
558 		    "connec", 0);
559 		if (error) {
560 			if (error == EINTR || error == ERESTART)
561 				interrupted = 1;
562 			break;
563 		}
564 	}
565 	if (error == 0) {
566 		error = so->so_error;
567 		so->so_error = 0;
568 	}
569 	SOCK_UNLOCK(so);
570 bad:
571 	if (!interrupted)
572 		so->so_state &= ~SS_ISCONNECTING;
573 	if (error == ERESTART)
574 		error = EINTR;
575 done1:
576 	fdrop(fp, td);
577 	return (error);
578 }
579 
580 int
581 socketpair(td, uap)
582 	struct thread *td;
583 	struct socketpair_args /* {
584 		int	domain;
585 		int	type;
586 		int	protocol;
587 		int	*rsv;
588 	} */ *uap;
589 {
590 	struct filedesc *fdp = td->td_proc->p_fd;
591 	struct file *fp1, *fp2;
592 	struct socket *so1, *so2;
593 	int fd, error, sv[2];
594 
595 #ifdef MAC
596 	/* We might want to have a separate check for socket pairs. */
597 	error = mac_socket_check_create(td->td_ucred, uap->domain, uap->type,
598 	    uap->protocol);
599 	if (error)
600 		return (error);
601 #endif
602 
603 	error = socreate(uap->domain, &so1, uap->type, uap->protocol,
604 	    td->td_ucred, td);
605 	if (error)
606 		return (error);
607 	error = socreate(uap->domain, &so2, uap->type, uap->protocol,
608 	    td->td_ucred, td);
609 	if (error)
610 		goto free1;
611 	/* On success extra reference to `fp1' and 'fp2' is set by falloc. */
612 	error = falloc(td, &fp1, &fd);
613 	if (error)
614 		goto free2;
615 	sv[0] = fd;
616 	fp1->f_data = so1;	/* so1 already has ref count */
617 	error = falloc(td, &fp2, &fd);
618 	if (error)
619 		goto free3;
620 	fp2->f_data = so2;	/* so2 already has ref count */
621 	sv[1] = fd;
622 	error = soconnect2(so1, so2);
623 	if (error)
624 		goto free4;
625 	if (uap->type == SOCK_DGRAM) {
626 		/*
627 		 * Datagram socket connection is asymmetric.
628 		 */
629 		 error = soconnect2(so2, so1);
630 		 if (error)
631 			goto free4;
632 	}
633 	finit(fp1, FREAD | FWRITE, DTYPE_SOCKET, fp1->f_data, &socketops);
634 	finit(fp2, FREAD | FWRITE, DTYPE_SOCKET, fp2->f_data, &socketops);
635 	so1 = so2 = NULL;
636 	error = copyout(sv, uap->rsv, 2 * sizeof (int));
637 	if (error)
638 		goto free4;
639 	fdrop(fp1, td);
640 	fdrop(fp2, td);
641 	return (0);
642 free4:
643 	fdclose(fdp, fp2, sv[1], td);
644 	fdrop(fp2, td);
645 free3:
646 	fdclose(fdp, fp1, sv[0], td);
647 	fdrop(fp1, td);
648 free2:
649 	if (so2 != NULL)
650 		(void)soclose(so2);
651 free1:
652 	if (so1 != NULL)
653 		(void)soclose(so1);
654 	return (error);
655 }
656 
657 static int
658 sendit(td, s, mp, flags)
659 	struct thread *td;
660 	int s;
661 	struct msghdr *mp;
662 	int flags;
663 {
664 	struct mbuf *control;
665 	struct sockaddr *to;
666 	int error;
667 
668 	if (mp->msg_name != NULL) {
669 		error = getsockaddr(&to, mp->msg_name, mp->msg_namelen);
670 		if (error) {
671 			to = NULL;
672 			goto bad;
673 		}
674 		mp->msg_name = to;
675 	} else {
676 		to = NULL;
677 	}
678 
679 	if (mp->msg_control) {
680 		if (mp->msg_controllen < sizeof(struct cmsghdr)
681 #ifdef COMPAT_OLDSOCK
682 		    && mp->msg_flags != MSG_COMPAT
683 #endif
684 		) {
685 			error = EINVAL;
686 			goto bad;
687 		}
688 		error = sockargs(&control, mp->msg_control,
689 		    mp->msg_controllen, MT_CONTROL);
690 		if (error)
691 			goto bad;
692 #ifdef COMPAT_OLDSOCK
693 		if (mp->msg_flags == MSG_COMPAT) {
694 			struct cmsghdr *cm;
695 
696 			M_PREPEND(control, sizeof(*cm), M_TRYWAIT);
697 			if (control == 0) {
698 				error = ENOBUFS;
699 				goto bad;
700 			} else {
701 				cm = mtod(control, struct cmsghdr *);
702 				cm->cmsg_len = control->m_len;
703 				cm->cmsg_level = SOL_SOCKET;
704 				cm->cmsg_type = SCM_RIGHTS;
705 			}
706 		}
707 #endif
708 	} else {
709 		control = NULL;
710 	}
711 
712 	error = kern_sendit(td, s, mp, flags, control, UIO_USERSPACE);
713 
714 bad:
715 	if (to)
716 		FREE(to, M_SONAME);
717 	return (error);
718 }
719 
720 int
721 kern_sendit(td, s, mp, flags, control, segflg)
722 	struct thread *td;
723 	int s;
724 	struct msghdr *mp;
725 	int flags;
726 	struct mbuf *control;
727 	enum uio_seg segflg;
728 {
729 	struct file *fp;
730 	struct uio auio;
731 	struct iovec *iov;
732 	struct socket *so;
733 	int i;
734 	int len, error;
735 #ifdef KTRACE
736 	struct uio *ktruio = NULL;
737 #endif
738 
739 	error = getsock(td->td_proc->p_fd, s, &fp, NULL);
740 	if (error)
741 		return (error);
742 	so = (struct socket *)fp->f_data;
743 
744 #ifdef MAC
745 	SOCK_LOCK(so);
746 	error = mac_socket_check_send(td->td_ucred, so);
747 	SOCK_UNLOCK(so);
748 	if (error)
749 		goto bad;
750 #endif
751 
752 	auio.uio_iov = mp->msg_iov;
753 	auio.uio_iovcnt = mp->msg_iovlen;
754 	auio.uio_segflg = segflg;
755 	auio.uio_rw = UIO_WRITE;
756 	auio.uio_td = td;
757 	auio.uio_offset = 0;			/* XXX */
758 	auio.uio_resid = 0;
759 	iov = mp->msg_iov;
760 	for (i = 0; i < mp->msg_iovlen; i++, iov++) {
761 		if ((auio.uio_resid += iov->iov_len) < 0) {
762 			error = EINVAL;
763 			goto bad;
764 		}
765 	}
766 #ifdef KTRACE
767 	if (KTRPOINT(td, KTR_GENIO))
768 		ktruio = cloneuio(&auio);
769 #endif
770 	len = auio.uio_resid;
771 	error = sosend(so, mp->msg_name, &auio, 0, control, flags, td);
772 	if (error) {
773 		if (auio.uio_resid != len && (error == ERESTART ||
774 		    error == EINTR || error == EWOULDBLOCK))
775 			error = 0;
776 		/* Generation of SIGPIPE can be controlled per socket */
777 		if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
778 		    !(flags & MSG_NOSIGNAL)) {
779 			PROC_LOCK(td->td_proc);
780 			psignal(td->td_proc, SIGPIPE);
781 			PROC_UNLOCK(td->td_proc);
782 		}
783 	}
784 	if (error == 0)
785 		td->td_retval[0] = len - auio.uio_resid;
786 #ifdef KTRACE
787 	if (ktruio != NULL) {
788 		ktruio->uio_resid = td->td_retval[0];
789 		ktrgenio(s, UIO_WRITE, ktruio, error);
790 	}
791 #endif
792 bad:
793 	fdrop(fp, td);
794 	return (error);
795 }
796 
797 int
798 sendto(td, uap)
799 	struct thread *td;
800 	struct sendto_args /* {
801 		int	s;
802 		caddr_t	buf;
803 		size_t	len;
804 		int	flags;
805 		caddr_t	to;
806 		int	tolen;
807 	} */ *uap;
808 {
809 	struct msghdr msg;
810 	struct iovec aiov;
811 	int error;
812 
813 	msg.msg_name = uap->to;
814 	msg.msg_namelen = uap->tolen;
815 	msg.msg_iov = &aiov;
816 	msg.msg_iovlen = 1;
817 	msg.msg_control = 0;
818 #ifdef COMPAT_OLDSOCK
819 	msg.msg_flags = 0;
820 #endif
821 	aiov.iov_base = uap->buf;
822 	aiov.iov_len = uap->len;
823 	error = sendit(td, uap->s, &msg, uap->flags);
824 	return (error);
825 }
826 
827 #ifdef COMPAT_OLDSOCK
828 int
829 osend(td, uap)
830 	struct thread *td;
831 	struct osend_args /* {
832 		int	s;
833 		caddr_t	buf;
834 		int	len;
835 		int	flags;
836 	} */ *uap;
837 {
838 	struct msghdr msg;
839 	struct iovec aiov;
840 	int error;
841 
842 	msg.msg_name = 0;
843 	msg.msg_namelen = 0;
844 	msg.msg_iov = &aiov;
845 	msg.msg_iovlen = 1;
846 	aiov.iov_base = uap->buf;
847 	aiov.iov_len = uap->len;
848 	msg.msg_control = 0;
849 	msg.msg_flags = 0;
850 	error = sendit(td, uap->s, &msg, uap->flags);
851 	return (error);
852 }
853 
854 int
855 osendmsg(td, uap)
856 	struct thread *td;
857 	struct osendmsg_args /* {
858 		int	s;
859 		caddr_t	msg;
860 		int	flags;
861 	} */ *uap;
862 {
863 	struct msghdr msg;
864 	struct iovec *iov;
865 	int error;
866 
867 	error = copyin(uap->msg, &msg, sizeof (struct omsghdr));
868 	if (error)
869 		return (error);
870 	error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
871 	if (error)
872 		return (error);
873 	msg.msg_iov = iov;
874 	msg.msg_flags = MSG_COMPAT;
875 	error = sendit(td, uap->s, &msg, uap->flags);
876 	free(iov, M_IOV);
877 	return (error);
878 }
879 #endif
880 
881 int
882 sendmsg(td, uap)
883 	struct thread *td;
884 	struct sendmsg_args /* {
885 		int	s;
886 		caddr_t	msg;
887 		int	flags;
888 	} */ *uap;
889 {
890 	struct msghdr msg;
891 	struct iovec *iov;
892 	int error;
893 
894 	error = copyin(uap->msg, &msg, sizeof (msg));
895 	if (error)
896 		return (error);
897 	error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
898 	if (error)
899 		return (error);
900 	msg.msg_iov = iov;
901 #ifdef COMPAT_OLDSOCK
902 	msg.msg_flags = 0;
903 #endif
904 	error = sendit(td, uap->s, &msg, uap->flags);
905 	free(iov, M_IOV);
906 	return (error);
907 }
908 
909 int
910 kern_recvit(td, s, mp, fromseg, controlp)
911 	struct thread *td;
912 	int s;
913 	struct msghdr *mp;
914 	enum uio_seg fromseg;
915 	struct mbuf **controlp;
916 {
917 	struct uio auio;
918 	struct iovec *iov;
919 	int i;
920 	socklen_t len;
921 	int error;
922 	struct mbuf *m, *control = 0;
923 	caddr_t ctlbuf;
924 	struct file *fp;
925 	struct socket *so;
926 	struct sockaddr *fromsa = 0;
927 #ifdef KTRACE
928 	struct uio *ktruio = NULL;
929 #endif
930 
931 	if(controlp != NULL)
932 		*controlp = 0;
933 
934 	error = getsock(td->td_proc->p_fd, s, &fp, NULL);
935 	if (error)
936 		return (error);
937 	so = fp->f_data;
938 
939 #ifdef MAC
940 	SOCK_LOCK(so);
941 	error = mac_socket_check_receive(td->td_ucred, so);
942 	SOCK_UNLOCK(so);
943 	if (error) {
944 		fdrop(fp, td);
945 		return (error);
946 	}
947 #endif
948 
949 	auio.uio_iov = mp->msg_iov;
950 	auio.uio_iovcnt = mp->msg_iovlen;
951 	auio.uio_segflg = UIO_USERSPACE;
952 	auio.uio_rw = UIO_READ;
953 	auio.uio_td = td;
954 	auio.uio_offset = 0;			/* XXX */
955 	auio.uio_resid = 0;
956 	iov = mp->msg_iov;
957 	for (i = 0; i < mp->msg_iovlen; i++, iov++) {
958 		if ((auio.uio_resid += iov->iov_len) < 0) {
959 			fdrop(fp, td);
960 			return (EINVAL);
961 		}
962 	}
963 #ifdef KTRACE
964 	if (KTRPOINT(td, KTR_GENIO))
965 		ktruio = cloneuio(&auio);
966 #endif
967 	len = auio.uio_resid;
968 	error = soreceive(so, &fromsa, &auio, (struct mbuf **)0,
969 	    (mp->msg_control || controlp) ? &control : (struct mbuf **)0,
970 	    &mp->msg_flags);
971 	if (error) {
972 		if (auio.uio_resid != (int)len && (error == ERESTART ||
973 		    error == EINTR || error == EWOULDBLOCK))
974 			error = 0;
975 	}
976 #ifdef KTRACE
977 	if (ktruio != NULL) {
978 		ktruio->uio_resid = (int)len - auio.uio_resid;
979 		ktrgenio(s, UIO_READ, ktruio, error);
980 	}
981 #endif
982 	if (error)
983 		goto out;
984 	td->td_retval[0] = (int)len - auio.uio_resid;
985 	if (mp->msg_name) {
986 		len = mp->msg_namelen;
987 		if (len <= 0 || fromsa == 0)
988 			len = 0;
989 		else {
990 			/* save sa_len before it is destroyed by MSG_COMPAT */
991 			len = MIN(len, fromsa->sa_len);
992 #ifdef COMPAT_OLDSOCK
993 			if (mp->msg_flags & MSG_COMPAT)
994 				((struct osockaddr *)fromsa)->sa_family =
995 				    fromsa->sa_family;
996 #endif
997 			if (fromseg == UIO_USERSPACE) {
998 				error = copyout(fromsa, mp->msg_name,
999 				    (unsigned)len);
1000 				if (error)
1001 					goto out;
1002 			} else
1003 				bcopy(fromsa, mp->msg_name, len);
1004 		}
1005 		mp->msg_namelen = len;
1006 	}
1007 	if (mp->msg_control && controlp == NULL) {
1008 #ifdef COMPAT_OLDSOCK
1009 		/*
1010 		 * We assume that old recvmsg calls won't receive access
1011 		 * rights and other control info, esp. as control info
1012 		 * is always optional and those options didn't exist in 4.3.
1013 		 * If we receive rights, trim the cmsghdr; anything else
1014 		 * is tossed.
1015 		 */
1016 		if (control && mp->msg_flags & MSG_COMPAT) {
1017 			if (mtod(control, struct cmsghdr *)->cmsg_level !=
1018 			    SOL_SOCKET ||
1019 			    mtod(control, struct cmsghdr *)->cmsg_type !=
1020 			    SCM_RIGHTS) {
1021 				mp->msg_controllen = 0;
1022 				goto out;
1023 			}
1024 			control->m_len -= sizeof (struct cmsghdr);
1025 			control->m_data += sizeof (struct cmsghdr);
1026 		}
1027 #endif
1028 		len = mp->msg_controllen;
1029 		m = control;
1030 		mp->msg_controllen = 0;
1031 		ctlbuf = mp->msg_control;
1032 
1033 		while (m && len > 0) {
1034 			unsigned int tocopy;
1035 
1036 			if (len >= m->m_len)
1037 				tocopy = m->m_len;
1038 			else {
1039 				mp->msg_flags |= MSG_CTRUNC;
1040 				tocopy = len;
1041 			}
1042 
1043 			if ((error = copyout(mtod(m, caddr_t),
1044 					ctlbuf, tocopy)) != 0)
1045 				goto out;
1046 
1047 			ctlbuf += tocopy;
1048 			len -= tocopy;
1049 			m = m->m_next;
1050 		}
1051 		mp->msg_controllen = ctlbuf - (caddr_t)mp->msg_control;
1052 	}
1053 out:
1054 	fdrop(fp, td);
1055 	if (fromsa)
1056 		FREE(fromsa, M_SONAME);
1057 
1058 	if (error == 0 && controlp != NULL)
1059 		*controlp = control;
1060 	else  if (control)
1061 		m_freem(control);
1062 
1063 	return (error);
1064 }
1065 
1066 static int
1067 recvit(td, s, mp, namelenp)
1068 	struct thread *td;
1069 	int s;
1070 	struct msghdr *mp;
1071 	void *namelenp;
1072 {
1073 	int error;
1074 
1075 	error = kern_recvit(td, s, mp, UIO_USERSPACE, NULL);
1076 	if (error)
1077 		return (error);
1078 	if (namelenp) {
1079 		error = copyout(&mp->msg_namelen, namelenp, sizeof (socklen_t));
1080 #ifdef COMPAT_OLDSOCK
1081 		if (mp->msg_flags & MSG_COMPAT)
1082 			error = 0;	/* old recvfrom didn't check */
1083 #endif
1084 	}
1085 	return (error);
1086 }
1087 
1088 int
1089 recvfrom(td, uap)
1090 	struct thread *td;
1091 	struct recvfrom_args /* {
1092 		int	s;
1093 		caddr_t	buf;
1094 		size_t	len;
1095 		int	flags;
1096 		struct sockaddr * __restrict	from;
1097 		socklen_t * __restrict fromlenaddr;
1098 	} */ *uap;
1099 {
1100 	struct msghdr msg;
1101 	struct iovec aiov;
1102 	int error;
1103 
1104 	if (uap->fromlenaddr) {
1105 		error = copyin(uap->fromlenaddr,
1106 		    &msg.msg_namelen, sizeof (msg.msg_namelen));
1107 		if (error)
1108 			goto done2;
1109 	} else {
1110 		msg.msg_namelen = 0;
1111 	}
1112 	msg.msg_name = uap->from;
1113 	msg.msg_iov = &aiov;
1114 	msg.msg_iovlen = 1;
1115 	aiov.iov_base = uap->buf;
1116 	aiov.iov_len = uap->len;
1117 	msg.msg_control = 0;
1118 	msg.msg_flags = uap->flags;
1119 	error = recvit(td, uap->s, &msg, uap->fromlenaddr);
1120 done2:
1121 	return(error);
1122 }
1123 
1124 #ifdef COMPAT_OLDSOCK
1125 int
1126 orecvfrom(td, uap)
1127 	struct thread *td;
1128 	struct recvfrom_args *uap;
1129 {
1130 
1131 	uap->flags |= MSG_COMPAT;
1132 	return (recvfrom(td, uap));
1133 }
1134 #endif
1135 
1136 #ifdef COMPAT_OLDSOCK
1137 int
1138 orecv(td, uap)
1139 	struct thread *td;
1140 	struct orecv_args /* {
1141 		int	s;
1142 		caddr_t	buf;
1143 		int	len;
1144 		int	flags;
1145 	} */ *uap;
1146 {
1147 	struct msghdr msg;
1148 	struct iovec aiov;
1149 	int error;
1150 
1151 	msg.msg_name = 0;
1152 	msg.msg_namelen = 0;
1153 	msg.msg_iov = &aiov;
1154 	msg.msg_iovlen = 1;
1155 	aiov.iov_base = uap->buf;
1156 	aiov.iov_len = uap->len;
1157 	msg.msg_control = 0;
1158 	msg.msg_flags = uap->flags;
1159 	error = recvit(td, uap->s, &msg, NULL);
1160 	return (error);
1161 }
1162 
1163 /*
1164  * Old recvmsg.  This code takes advantage of the fact that the old msghdr
1165  * overlays the new one, missing only the flags, and with the (old) access
1166  * rights where the control fields are now.
1167  */
1168 int
1169 orecvmsg(td, uap)
1170 	struct thread *td;
1171 	struct orecvmsg_args /* {
1172 		int	s;
1173 		struct	omsghdr *msg;
1174 		int	flags;
1175 	} */ *uap;
1176 {
1177 	struct msghdr msg;
1178 	struct iovec *iov;
1179 	int error;
1180 
1181 	error = copyin(uap->msg, &msg, sizeof (struct omsghdr));
1182 	if (error)
1183 		return (error);
1184 	error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1185 	if (error)
1186 		return (error);
1187 	msg.msg_flags = uap->flags | MSG_COMPAT;
1188 	msg.msg_iov = iov;
1189 	error = recvit(td, uap->s, &msg, &uap->msg->msg_namelen);
1190 	if (msg.msg_controllen && error == 0)
1191 		error = copyout(&msg.msg_controllen,
1192 		    &uap->msg->msg_accrightslen, sizeof (int));
1193 	free(iov, M_IOV);
1194 	return (error);
1195 }
1196 #endif
1197 
1198 int
1199 recvmsg(td, uap)
1200 	struct thread *td;
1201 	struct recvmsg_args /* {
1202 		int	s;
1203 		struct	msghdr *msg;
1204 		int	flags;
1205 	} */ *uap;
1206 {
1207 	struct msghdr msg;
1208 	struct iovec *uiov, *iov;
1209 	int error;
1210 
1211 	error = copyin(uap->msg, &msg, sizeof (msg));
1212 	if (error)
1213 		return (error);
1214 	error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1215 	if (error)
1216 		return (error);
1217 	msg.msg_flags = uap->flags;
1218 #ifdef COMPAT_OLDSOCK
1219 	msg.msg_flags &= ~MSG_COMPAT;
1220 #endif
1221 	uiov = msg.msg_iov;
1222 	msg.msg_iov = iov;
1223 	error = recvit(td, uap->s, &msg, NULL);
1224 	if (error == 0) {
1225 		msg.msg_iov = uiov;
1226 		error = copyout(&msg, uap->msg, sizeof(msg));
1227 	}
1228 	free(iov, M_IOV);
1229 	return (error);
1230 }
1231 
1232 /* ARGSUSED */
1233 int
1234 shutdown(td, uap)
1235 	struct thread *td;
1236 	struct shutdown_args /* {
1237 		int	s;
1238 		int	how;
1239 	} */ *uap;
1240 {
1241 	struct socket *so;
1242 	struct file *fp;
1243 	int error;
1244 
1245 	error = getsock(td->td_proc->p_fd, uap->s, &fp, NULL);
1246 	if (error == 0) {
1247 		so = fp->f_data;
1248 		error = soshutdown(so, uap->how);
1249 		fdrop(fp, td);
1250 	}
1251 	return (error);
1252 }
1253 
1254 /* ARGSUSED */
1255 int
1256 setsockopt(td, uap)
1257 	struct thread *td;
1258 	struct setsockopt_args /* {
1259 		int	s;
1260 		int	level;
1261 		int	name;
1262 		caddr_t	val;
1263 		int	valsize;
1264 	} */ *uap;
1265 {
1266 
1267 	return (kern_setsockopt(td, uap->s, uap->level, uap->name,
1268 	    uap->val, UIO_USERSPACE, uap->valsize));
1269 }
1270 
1271 int
1272 kern_setsockopt(td, s, level, name, val, valseg, valsize)
1273 	struct thread *td;
1274 	int s;
1275 	int level;
1276 	int name;
1277 	void *val;
1278 	enum uio_seg valseg;
1279 	socklen_t valsize;
1280 {
1281 	int error;
1282 	struct socket *so;
1283 	struct file *fp;
1284 	struct sockopt sopt;
1285 
1286 	if (val == NULL && valsize != 0)
1287 		return (EFAULT);
1288 	if ((int)valsize < 0)
1289 		return (EINVAL);
1290 
1291 	sopt.sopt_dir = SOPT_SET;
1292 	sopt.sopt_level = level;
1293 	sopt.sopt_name = name;
1294 	sopt.sopt_val = val;
1295 	sopt.sopt_valsize = valsize;
1296 	switch (valseg) {
1297 	case UIO_USERSPACE:
1298 		sopt.sopt_td = td;
1299 		break;
1300 	case UIO_SYSSPACE:
1301 		sopt.sopt_td = NULL;
1302 		break;
1303 	default:
1304 		panic("kern_setsockopt called with bad valseg");
1305 	}
1306 
1307 	error = getsock(td->td_proc->p_fd, s, &fp, NULL);
1308 	if (error == 0) {
1309 		so = fp->f_data;
1310 		error = sosetopt(so, &sopt);
1311 		fdrop(fp, td);
1312 	}
1313 	return(error);
1314 }
1315 
1316 /* ARGSUSED */
1317 int
1318 getsockopt(td, uap)
1319 	struct thread *td;
1320 	struct getsockopt_args /* {
1321 		int	s;
1322 		int	level;
1323 		int	name;
1324 		void * __restrict	val;
1325 		socklen_t * __restrict avalsize;
1326 	} */ *uap;
1327 {
1328 	socklen_t valsize;
1329 	int	error;
1330 
1331 	if (uap->val) {
1332 		error = copyin(uap->avalsize, &valsize, sizeof (valsize));
1333 		if (error)
1334 			return (error);
1335 	}
1336 
1337 	error = kern_getsockopt(td, uap->s, uap->level, uap->name,
1338 	    uap->val, UIO_USERSPACE, &valsize);
1339 
1340 	if (error == 0)
1341 		error = copyout(&valsize, uap->avalsize, sizeof (valsize));
1342 	return (error);
1343 }
1344 
1345 /*
1346  * Kernel version of getsockopt.
1347  * optval can be a userland or userspace. optlen is always a kernel pointer.
1348  */
1349 int
1350 kern_getsockopt(td, s, level, name, val, valseg, valsize)
1351 	struct thread *td;
1352 	int s;
1353 	int level;
1354 	int name;
1355 	void *val;
1356 	enum uio_seg valseg;
1357 	socklen_t *valsize;
1358 {
1359 	int error;
1360 	struct  socket *so;
1361 	struct file *fp;
1362 	struct	sockopt sopt;
1363 
1364 	if (val == NULL)
1365 		*valsize = 0;
1366 	if ((int)*valsize < 0)
1367 		return (EINVAL);
1368 
1369 	sopt.sopt_dir = SOPT_GET;
1370 	sopt.sopt_level = level;
1371 	sopt.sopt_name = name;
1372 	sopt.sopt_val = val;
1373 	sopt.sopt_valsize = (size_t)*valsize; /* checked non-negative above */
1374 	switch (valseg) {
1375 	case UIO_USERSPACE:
1376 		sopt.sopt_td = td;
1377 		break;
1378 	case UIO_SYSSPACE:
1379 		sopt.sopt_td = NULL;
1380 		break;
1381 	default:
1382 		panic("kern_getsockopt called with bad valseg");
1383 	}
1384 
1385 	error = getsock(td->td_proc->p_fd, s, &fp, NULL);
1386 	if (error == 0) {
1387 		so = fp->f_data;
1388 		error = sogetopt(so, &sopt);
1389 		*valsize = sopt.sopt_valsize;
1390 		fdrop(fp, td);
1391 	}
1392 	return (error);
1393 }
1394 
1395 /*
1396  * getsockname1() - Get socket name.
1397  */
1398 /* ARGSUSED */
1399 static int
1400 getsockname1(td, uap, compat)
1401 	struct thread *td;
1402 	struct getsockname_args /* {
1403 		int	fdes;
1404 		struct sockaddr * __restrict asa;
1405 		socklen_t * __restrict alen;
1406 	} */ *uap;
1407 	int compat;
1408 {
1409 	struct sockaddr *sa;
1410 	socklen_t len;
1411 	int error;
1412 
1413 	error = copyin(uap->alen, &len, sizeof(len));
1414 	if (error)
1415 		return (error);
1416 
1417 	error = kern_getsockname(td, uap->fdes, &sa, &len);
1418 	if (error)
1419 		return (error);
1420 
1421 	if (len != 0) {
1422 #ifdef COMPAT_OLDSOCK
1423 		if (compat)
1424 			((struct osockaddr *)sa)->sa_family = sa->sa_family;
1425 #endif
1426 		error = copyout(sa, uap->asa, (u_int)len);
1427 	}
1428 	free(sa, M_SONAME);
1429 	if (error == 0)
1430 		error = copyout(&len, uap->alen, sizeof(len));
1431 	return (error);
1432 }
1433 
1434 int
1435 kern_getsockname(struct thread *td, int fd, struct sockaddr **sa,
1436     socklen_t *alen)
1437 {
1438 	struct socket *so;
1439 	struct file *fp;
1440 	socklen_t len;
1441 	int error;
1442 
1443 	if (*alen < 0)
1444 		return (EINVAL);
1445 
1446 	error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
1447 	if (error)
1448 		return (error);
1449 	so = fp->f_data;
1450 	*sa = NULL;
1451 	error = (*so->so_proto->pr_usrreqs->pru_sockaddr)(so, sa);
1452 	if (error)
1453 		goto bad;
1454 	if (*sa == NULL)
1455 		len = 0;
1456 	else
1457 		len = MIN(*alen, (*sa)->sa_len);
1458 	*alen = len;
1459 bad:
1460 	fdrop(fp, td);
1461 	if (error && *sa) {
1462 		free(*sa, M_SONAME);
1463 		*sa = NULL;
1464 	}
1465 	return (error);
1466 }
1467 
1468 int
1469 getsockname(td, uap)
1470 	struct thread *td;
1471 	struct getsockname_args *uap;
1472 {
1473 
1474 	return (getsockname1(td, uap, 0));
1475 }
1476 
1477 #ifdef COMPAT_OLDSOCK
1478 int
1479 ogetsockname(td, uap)
1480 	struct thread *td;
1481 	struct getsockname_args *uap;
1482 {
1483 
1484 	return (getsockname1(td, uap, 1));
1485 }
1486 #endif /* COMPAT_OLDSOCK */
1487 
1488 /*
1489  * getpeername1() - Get name of peer for connected socket.
1490  */
1491 /* ARGSUSED */
1492 static int
1493 getpeername1(td, uap, compat)
1494 	struct thread *td;
1495 	struct getpeername_args /* {
1496 		int	fdes;
1497 		struct sockaddr * __restrict	asa;
1498 		socklen_t * __restrict	alen;
1499 	} */ *uap;
1500 	int compat;
1501 {
1502 	struct sockaddr *sa;
1503 	socklen_t len;
1504 	int error;
1505 
1506 	error = copyin(uap->alen, &len, sizeof (len));
1507 	if (error)
1508 		return (error);
1509 
1510 	error = kern_getpeername(td, uap->fdes, &sa, &len);
1511 	if (error)
1512 		return (error);
1513 
1514 	if (len != 0) {
1515 #ifdef COMPAT_OLDSOCK
1516 		if (compat)
1517 			((struct osockaddr *)sa)->sa_family = sa->sa_family;
1518 #endif
1519 		error = copyout(sa, uap->asa, (u_int)len);
1520 	}
1521 	free(sa, M_SONAME);
1522 	if (error == 0)
1523 		error = copyout(&len, uap->alen, sizeof(len));
1524 	return (error);
1525 }
1526 
1527 int
1528 kern_getpeername(struct thread *td, int fd, struct sockaddr **sa,
1529     socklen_t *alen)
1530 {
1531 	struct socket *so;
1532 	struct file *fp;
1533 	socklen_t len;
1534 	int error;
1535 
1536 	if (*alen < 0)
1537 		return (EINVAL);
1538 
1539 	error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
1540 	if (error)
1541 		return (error);
1542 	so = fp->f_data;
1543 	if ((so->so_state & (SS_ISCONNECTED|SS_ISCONFIRMING)) == 0) {
1544 		error = ENOTCONN;
1545 		goto done;
1546 	}
1547 	*sa = NULL;
1548 	error = (*so->so_proto->pr_usrreqs->pru_peeraddr)(so, sa);
1549 	if (error)
1550 		goto bad;
1551 	if (*sa == NULL)
1552 		len = 0;
1553 	else
1554 		len = MIN(*alen, (*sa)->sa_len);
1555 	*alen = len;
1556 bad:
1557 	if (error && *sa) {
1558 		free(*sa, M_SONAME);
1559 		*sa = NULL;
1560 	}
1561 done:
1562 	fdrop(fp, td);
1563 	return (error);
1564 }
1565 
1566 int
1567 getpeername(td, uap)
1568 	struct thread *td;
1569 	struct getpeername_args *uap;
1570 {
1571 
1572 	return (getpeername1(td, uap, 0));
1573 }
1574 
1575 #ifdef COMPAT_OLDSOCK
1576 int
1577 ogetpeername(td, uap)
1578 	struct thread *td;
1579 	struct ogetpeername_args *uap;
1580 {
1581 
1582 	/* XXX uap should have type `getpeername_args *' to begin with. */
1583 	return (getpeername1(td, (struct getpeername_args *)uap, 1));
1584 }
1585 #endif /* COMPAT_OLDSOCK */
1586 
1587 int
1588 sockargs(mp, buf, buflen, type)
1589 	struct mbuf **mp;
1590 	caddr_t buf;
1591 	int buflen, type;
1592 {
1593 	struct sockaddr *sa;
1594 	struct mbuf *m;
1595 	int error;
1596 
1597 	if ((u_int)buflen > MLEN) {
1598 #ifdef COMPAT_OLDSOCK
1599 		if (type == MT_SONAME && (u_int)buflen <= 112)
1600 			buflen = MLEN;		/* unix domain compat. hack */
1601 		else
1602 #endif
1603 			if ((u_int)buflen > MCLBYTES)
1604 				return (EINVAL);
1605 	}
1606 	m = m_get(M_TRYWAIT, type);
1607 	if (m == NULL)
1608 		return (ENOBUFS);
1609 	if ((u_int)buflen > MLEN) {
1610 		MCLGET(m, M_TRYWAIT);
1611 		if ((m->m_flags & M_EXT) == 0) {
1612 			m_free(m);
1613 			return (ENOBUFS);
1614 		}
1615 	}
1616 	m->m_len = buflen;
1617 	error = copyin(buf, mtod(m, caddr_t), (u_int)buflen);
1618 	if (error)
1619 		(void) m_free(m);
1620 	else {
1621 		*mp = m;
1622 		if (type == MT_SONAME) {
1623 			sa = mtod(m, struct sockaddr *);
1624 
1625 #if defined(COMPAT_OLDSOCK) && BYTE_ORDER != BIG_ENDIAN
1626 			if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1627 				sa->sa_family = sa->sa_len;
1628 #endif
1629 			sa->sa_len = buflen;
1630 		}
1631 	}
1632 	return (error);
1633 }
1634 
1635 int
1636 getsockaddr(namp, uaddr, len)
1637 	struct sockaddr **namp;
1638 	caddr_t uaddr;
1639 	size_t len;
1640 {
1641 	struct sockaddr *sa;
1642 	int error;
1643 
1644 	if (len > SOCK_MAXADDRLEN)
1645 		return (ENAMETOOLONG);
1646 	if (len < offsetof(struct sockaddr, sa_data[0]))
1647 		return (EINVAL);
1648 	MALLOC(sa, struct sockaddr *, len, M_SONAME, M_WAITOK);
1649 	error = copyin(uaddr, sa, len);
1650 	if (error) {
1651 		FREE(sa, M_SONAME);
1652 	} else {
1653 #if defined(COMPAT_OLDSOCK) && BYTE_ORDER != BIG_ENDIAN
1654 		if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1655 			sa->sa_family = sa->sa_len;
1656 #endif
1657 		sa->sa_len = len;
1658 		*namp = sa;
1659 	}
1660 	return (error);
1661 }
1662 
1663 /*
1664  * Detach mapped page and release resources back to the system.
1665  */
1666 void
1667 sf_buf_mext(void *addr, void *args)
1668 {
1669 	vm_page_t m;
1670 
1671 	m = sf_buf_page(args);
1672 	sf_buf_free(args);
1673 	vm_page_lock_queues();
1674 	vm_page_unwire(m, 0);
1675 	/*
1676 	 * Check for the object going away on us. This can
1677 	 * happen since we don't hold a reference to it.
1678 	 * If so, we're responsible for freeing the page.
1679 	 */
1680 	if (m->wire_count == 0 && m->object == NULL)
1681 		vm_page_free(m);
1682 	vm_page_unlock_queues();
1683 }
1684 
1685 /*
1686  * sendfile(2)
1687  *
1688  * int sendfile(int fd, int s, off_t offset, size_t nbytes,
1689  *	 struct sf_hdtr *hdtr, off_t *sbytes, int flags)
1690  *
1691  * Send a file specified by 'fd' and starting at 'offset' to a socket
1692  * specified by 's'. Send only 'nbytes' of the file or until EOF if nbytes ==
1693  * 0.  Optionally add a header and/or trailer to the socket output.  If
1694  * specified, write the total number of bytes sent into *sbytes.
1695  */
1696 int
1697 sendfile(struct thread *td, struct sendfile_args *uap)
1698 {
1699 
1700 	return (do_sendfile(td, uap, 0));
1701 }
1702 
1703 static int
1704 do_sendfile(struct thread *td, struct sendfile_args *uap, int compat)
1705 {
1706 	struct sf_hdtr hdtr;
1707 	struct uio *hdr_uio, *trl_uio;
1708 	int error;
1709 
1710 	hdr_uio = trl_uio = NULL;
1711 
1712 	if (uap->hdtr != NULL) {
1713 		error = copyin(uap->hdtr, &hdtr, sizeof(hdtr));
1714 		if (error)
1715 			goto out;
1716 		if (hdtr.headers != NULL) {
1717 			error = copyinuio(hdtr.headers, hdtr.hdr_cnt, &hdr_uio);
1718 			if (error)
1719 				goto out;
1720 		}
1721 		if (hdtr.trailers != NULL) {
1722 			error = copyinuio(hdtr.trailers, hdtr.trl_cnt, &trl_uio);
1723 			if (error)
1724 				goto out;
1725 
1726 		}
1727 	}
1728 
1729 	error = kern_sendfile(td, uap, hdr_uio, trl_uio, compat);
1730 out:
1731 	if (hdr_uio)
1732 		free(hdr_uio, M_IOV);
1733 	if (trl_uio)
1734 		free(trl_uio, M_IOV);
1735 	return (error);
1736 }
1737 
1738 #ifdef COMPAT_FREEBSD4
1739 int
1740 freebsd4_sendfile(struct thread *td, struct freebsd4_sendfile_args *uap)
1741 {
1742 	struct sendfile_args args;
1743 
1744 	args.fd = uap->fd;
1745 	args.s = uap->s;
1746 	args.offset = uap->offset;
1747 	args.nbytes = uap->nbytes;
1748 	args.hdtr = uap->hdtr;
1749 	args.sbytes = uap->sbytes;
1750 	args.flags = uap->flags;
1751 
1752 	return (do_sendfile(td, &args, 1));
1753 }
1754 #endif /* COMPAT_FREEBSD4 */
1755 
1756 int
1757 kern_sendfile(struct thread *td, struct sendfile_args *uap,
1758     struct uio *hdr_uio, struct uio *trl_uio, int compat)
1759 {
1760 	struct file *sock_fp;
1761 	struct vnode *vp;
1762 	struct vm_object *obj = NULL;
1763 	struct socket *so = NULL;
1764 	struct mbuf *m = NULL;
1765 	struct sf_buf *sf;
1766 	struct vm_page *pg;
1767 	off_t off, xfsize, fsbytes = 0, sbytes = 0, rem = 0;
1768 	int error, hdrlen = 0, mnw = 0;
1769 	int vfslocked;
1770 
1771 	/*
1772 	 * The file descriptor must be a regular file and have a
1773 	 * backing VM object.
1774 	 * File offset must be positive.  If it goes beyond EOF
1775 	 * we send only the header/trailer and no payload data.
1776 	 */
1777 	if ((error = fgetvp_read(td, uap->fd, &vp)) != 0)
1778 		goto out;
1779 	vfslocked = VFS_LOCK_GIANT(vp->v_mount);
1780 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1781 	obj = vp->v_object;
1782 	if (obj != NULL) {
1783 		/*
1784 		 * Temporarily increase the backing VM object's reference
1785 		 * count so that a forced reclamation of its vnode does not
1786 		 * immediately destroy it.
1787 		 */
1788 		VM_OBJECT_LOCK(obj);
1789 		if ((obj->flags & OBJ_DEAD) == 0) {
1790 			vm_object_reference_locked(obj);
1791 			VM_OBJECT_UNLOCK(obj);
1792 		} else {
1793 			VM_OBJECT_UNLOCK(obj);
1794 			obj = NULL;
1795 		}
1796 	}
1797 	VOP_UNLOCK(vp, 0);
1798 	VFS_UNLOCK_GIANT(vfslocked);
1799 	if (obj == NULL) {
1800 		error = EINVAL;
1801 		goto out;
1802 	}
1803 	if (uap->offset < 0) {
1804 		error = EINVAL;
1805 		goto out;
1806 	}
1807 
1808 	/*
1809 	 * The socket must be a stream socket and connected.
1810 	 * Remember if it a blocking or non-blocking socket.
1811 	 */
1812 	if ((error = getsock(td->td_proc->p_fd, uap->s, &sock_fp,
1813 	    NULL)) != 0)
1814 		goto out;
1815 	so = sock_fp->f_data;
1816 	if (so->so_type != SOCK_STREAM) {
1817 		error = EINVAL;
1818 		goto out;
1819 	}
1820 	if ((so->so_state & SS_ISCONNECTED) == 0) {
1821 		error = ENOTCONN;
1822 		goto out;
1823 	}
1824 	/*
1825 	 * Do not wait on memory allocations but return ENOMEM for
1826 	 * caller to retry later.
1827 	 * XXX: Experimental.
1828 	 */
1829 	if (uap->flags & SF_MNOWAIT)
1830 		mnw = 1;
1831 
1832 #ifdef MAC
1833 	SOCK_LOCK(so);
1834 	error = mac_socket_check_send(td->td_ucred, so);
1835 	SOCK_UNLOCK(so);
1836 	if (error)
1837 		goto out;
1838 #endif
1839 
1840 	/* If headers are specified copy them into mbufs. */
1841 	if (hdr_uio != NULL) {
1842 		hdr_uio->uio_td = td;
1843 		hdr_uio->uio_rw = UIO_WRITE;
1844 		if (hdr_uio->uio_resid > 0) {
1845 			/*
1846 			 * In FBSD < 5.0 the nbytes to send also included
1847 			 * the header.  If compat is specified subtract the
1848 			 * header size from nbytes.
1849 			 */
1850 			if (compat) {
1851 				if (uap->nbytes > hdr_uio->uio_resid)
1852 					uap->nbytes -= hdr_uio->uio_resid;
1853 				else
1854 					uap->nbytes = 0;
1855 			}
1856 			m = m_uiotombuf(hdr_uio, (mnw ? M_NOWAIT : M_WAITOK),
1857 			    0, 0, 0);
1858 			if (m == NULL) {
1859 				error = mnw ? EAGAIN : ENOBUFS;
1860 				goto out;
1861 			}
1862 			hdrlen = m_length(m, NULL);
1863 		}
1864 	}
1865 
1866 	/* Protect against multiple writers to the socket. */
1867 	(void) sblock(&so->so_snd, M_WAITOK);
1868 
1869 	/*
1870 	 * Loop through the pages of the file, starting with the requested
1871 	 * offset. Get a file page (do I/O if necessary), map the file page
1872 	 * into an sf_buf, attach an mbuf header to the sf_buf, and queue
1873 	 * it on the socket.
1874 	 * This is done in two loops.  The inner loop turns as many pages
1875 	 * as it can, up to available socket buffer space, without blocking
1876 	 * into mbufs to have it bulk delivered into the socket send buffer.
1877 	 * The outer loop checks the state and available space of the socket
1878 	 * and takes care of the overall progress.
1879 	 */
1880 	for (off = uap->offset, rem = uap->nbytes; ; ) {
1881 		int loopbytes = 0;
1882 		int space = 0;
1883 		int done = 0;
1884 
1885 		/*
1886 		 * Check the socket state for ongoing connection,
1887 		 * no errors and space in socket buffer.
1888 		 * If space is low allow for the remainder of the
1889 		 * file to be processed if it fits the socket buffer.
1890 		 * Otherwise block in waiting for sufficient space
1891 		 * to proceed, or if the socket is nonblocking, return
1892 		 * to userland with EAGAIN while reporting how far
1893 		 * we've come.
1894 		 * We wait until the socket buffer has significant free
1895 		 * space to do bulk sends.  This makes good use of file
1896 		 * system read ahead and allows packet segmentation
1897 		 * offloading hardware to take over lots of work.  If
1898 		 * we were not careful here we would send off only one
1899 		 * sfbuf at a time.
1900 		 */
1901 		SOCKBUF_LOCK(&so->so_snd);
1902 		if (so->so_snd.sb_lowat < so->so_snd.sb_hiwat / 2)
1903 			so->so_snd.sb_lowat = so->so_snd.sb_hiwat / 2;
1904 retry_space:
1905 		if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
1906 			error = EPIPE;
1907 			SOCKBUF_UNLOCK(&so->so_snd);
1908 			goto done;
1909 		} else if (so->so_error) {
1910 			error = so->so_error;
1911 			so->so_error = 0;
1912 			SOCKBUF_UNLOCK(&so->so_snd);
1913 			goto done;
1914 		}
1915 		space = sbspace(&so->so_snd);
1916 		if (space < rem &&
1917 		    (space <= 0 ||
1918 		     space < so->so_snd.sb_lowat)) {
1919 			if (so->so_state & SS_NBIO) {
1920 				SOCKBUF_UNLOCK(&so->so_snd);
1921 				error = EAGAIN;
1922 				goto done;
1923 			}
1924 			/*
1925 			 * sbwait drops the lock while sleeping.
1926 			 * When we loop back to retry_space the
1927 			 * state may have changed and we retest
1928 			 * for it.
1929 			 */
1930 			error = sbwait(&so->so_snd);
1931 			/*
1932 			 * An error from sbwait usually indicates that we've
1933 			 * been interrupted by a signal. If we've sent anything
1934 			 * then return bytes sent, otherwise return the error.
1935 			 */
1936 			if (error) {
1937 				SOCKBUF_UNLOCK(&so->so_snd);
1938 				goto done;
1939 			}
1940 			goto retry_space;
1941 		}
1942 		SOCKBUF_UNLOCK(&so->so_snd);
1943 
1944 		/*
1945 		 * Reduce space in the socket buffer by the size of
1946 		 * the header mbuf chain.
1947 		 * hdrlen is set to 0 after the first loop.
1948 		 */
1949 		space -= hdrlen;
1950 
1951 		/*
1952 		 * Loop and construct maximum sized mbuf chain to be bulk
1953 		 * dumped into socket buffer.
1954 		 */
1955 		while(space > loopbytes) {
1956 			vm_pindex_t pindex;
1957 			vm_offset_t pgoff;
1958 			struct mbuf *m0;
1959 
1960 			VM_OBJECT_LOCK(obj);
1961 			/*
1962 			 * Calculate the amount to transfer.
1963 			 * Not to exceed a page, the EOF,
1964 			 * or the passed in nbytes.
1965 			 */
1966 			pgoff = (vm_offset_t)(off & PAGE_MASK);
1967 			xfsize = omin(PAGE_SIZE - pgoff,
1968 			    obj->un_pager.vnp.vnp_size - uap->offset -
1969 			    fsbytes - loopbytes);
1970 			if (uap->nbytes)
1971 				rem = (uap->nbytes - fsbytes - loopbytes);
1972 			else
1973 				rem = obj->un_pager.vnp.vnp_size -
1974 				    uap->offset - fsbytes - loopbytes;
1975 			xfsize = omin(rem, xfsize);
1976 			if (xfsize <= 0) {
1977 				VM_OBJECT_UNLOCK(obj);
1978 				done = 1;		/* all data sent */
1979 				break;
1980 			}
1981 			/*
1982 			 * Don't overflow the send buffer.
1983 			 * Stop here and send out what we've
1984 			 * already got.
1985 			 */
1986 			if (space < loopbytes + xfsize) {
1987 				VM_OBJECT_UNLOCK(obj);
1988 				break;
1989 			}
1990 
1991 			/*
1992 			 * Attempt to look up the page.  Allocate
1993 			 * if not found or wait and loop if busy.
1994 			 */
1995 			pindex = OFF_TO_IDX(off);
1996 			pg = vm_page_grab(obj, pindex, VM_ALLOC_NOBUSY |
1997 			    VM_ALLOC_NORMAL | VM_ALLOC_WIRED | VM_ALLOC_RETRY);
1998 
1999 			/*
2000 			 * Check if page is valid for what we need,
2001 			 * otherwise initiate I/O.
2002 			 * If we already turned some pages into mbufs,
2003 			 * send them off before we come here again and
2004 			 * block.
2005 			 */
2006 			if (pg->valid && vm_page_is_valid(pg, pgoff, xfsize))
2007 				VM_OBJECT_UNLOCK(obj);
2008 			else if (m != NULL)
2009 				error = EAGAIN;	/* send what we already got */
2010 			else if (uap->flags & SF_NODISKIO)
2011 				error = EBUSY;
2012 			else {
2013 				int bsize, resid;
2014 
2015 				/*
2016 				 * Ensure that our page is still around
2017 				 * when the I/O completes.
2018 				 */
2019 				vm_page_io_start(pg);
2020 				VM_OBJECT_UNLOCK(obj);
2021 
2022 				/*
2023 				 * Get the page from backing store.
2024 				 */
2025 				bsize = vp->v_mount->mnt_stat.f_iosize;
2026 				vfslocked = VFS_LOCK_GIANT(vp->v_mount);
2027 				vn_lock(vp, LK_SHARED | LK_RETRY);
2028 
2029 				/*
2030 				 * XXXMAC: Because we don't have fp->f_cred
2031 				 * here, we pass in NOCRED.  This is probably
2032 				 * wrong, but is consistent with our original
2033 				 * implementation.
2034 				 */
2035 				error = vn_rdwr(UIO_READ, vp, NULL, MAXBSIZE,
2036 				    trunc_page(off), UIO_NOCOPY, IO_NODELOCKED |
2037 				    IO_VMIO | ((MAXBSIZE / bsize) << IO_SEQSHIFT),
2038 				    td->td_ucred, NOCRED, &resid, td);
2039 				VOP_UNLOCK(vp, 0);
2040 				VFS_UNLOCK_GIANT(vfslocked);
2041 				VM_OBJECT_LOCK(obj);
2042 				vm_page_io_finish(pg);
2043 				if (!error)
2044 					VM_OBJECT_UNLOCK(obj);
2045 				mbstat.sf_iocnt++;
2046 			}
2047 			if (error) {
2048 				vm_page_lock_queues();
2049 				vm_page_unwire(pg, 0);
2050 				/*
2051 				 * See if anyone else might know about
2052 				 * this page.  If not and it is not valid,
2053 				 * then free it.
2054 				 */
2055 				if (pg->wire_count == 0 && pg->valid == 0 &&
2056 				    pg->busy == 0 && !(pg->oflags & VPO_BUSY) &&
2057 				    pg->hold_count == 0) {
2058 					vm_page_free(pg);
2059 				}
2060 				vm_page_unlock_queues();
2061 				VM_OBJECT_UNLOCK(obj);
2062 				if (error == EAGAIN)
2063 					error = 0;	/* not a real error */
2064 				break;
2065 			}
2066 
2067 			/*
2068 			 * Get a sendfile buf.  We usually wait as long
2069 			 * as necessary, but this wait can be interrupted.
2070 			 */
2071 			if ((sf = sf_buf_alloc(pg,
2072 			    (mnw ? SFB_NOWAIT : SFB_CATCH))) == NULL) {
2073 				mbstat.sf_allocfail++;
2074 				vm_page_lock_queues();
2075 				vm_page_unwire(pg, 0);
2076 				/*
2077 				 * XXX: Not same check as above!?
2078 				 */
2079 				if (pg->wire_count == 0 && pg->object == NULL)
2080 					vm_page_free(pg);
2081 				vm_page_unlock_queues();
2082 				error = (mnw ? EAGAIN : EINTR);
2083 				break;
2084 			}
2085 
2086 			/*
2087 			 * Get an mbuf and set it up as having
2088 			 * external storage.
2089 			 */
2090 			m0 = m_get((mnw ? M_NOWAIT : M_WAITOK), MT_DATA);
2091 			if (m0 == NULL) {
2092 				error = (mnw ? EAGAIN : ENOBUFS);
2093 				sf_buf_mext((void *)sf_buf_kva(sf), sf);
2094 				break;
2095 			}
2096 			MEXTADD(m0, sf_buf_kva(sf), PAGE_SIZE, sf_buf_mext,
2097 			    sf, M_RDONLY, EXT_SFBUF);
2098 			m0->m_data = (char *)sf_buf_kva(sf) + pgoff;
2099 			m0->m_len = xfsize;
2100 
2101 			/* Append to mbuf chain. */
2102 			if (m != NULL)
2103 				m_cat(m, m0);
2104 			else
2105 				m = m0;
2106 
2107 			/* Keep track of bits processed. */
2108 			loopbytes += xfsize;
2109 			off += xfsize;
2110 		}
2111 
2112 		/* Add the buffer chain to the socket buffer. */
2113 		if (m != NULL) {
2114 			int mlen, err;
2115 
2116 			mlen = m_length(m, NULL);
2117 			SOCKBUF_LOCK(&so->so_snd);
2118 			if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2119 				error = EPIPE;
2120 				SOCKBUF_UNLOCK(&so->so_snd);
2121 				goto done;
2122 			}
2123 			SOCKBUF_UNLOCK(&so->so_snd);
2124 			/* Avoid error aliasing. */
2125 			err = (*so->so_proto->pr_usrreqs->pru_send)
2126 				    (so, 0, m, NULL, NULL, td);
2127 			if (err == 0) {
2128 				/*
2129 				 * We need two counters to get the
2130 				 * file offset and nbytes to send
2131 				 * right:
2132 				 * - sbytes contains the total amount
2133 				 *   of bytes sent, including headers.
2134 				 * - fsbytes contains the total amount
2135 				 *   of bytes sent from the file.
2136 				 */
2137 				sbytes += mlen;
2138 				fsbytes += mlen;
2139 				if (hdrlen) {
2140 					fsbytes -= hdrlen;
2141 					hdrlen = 0;
2142 				}
2143 			} else if (error == 0)
2144 				error = err;
2145 			m = NULL;	/* pru_send always consumes */
2146 		}
2147 
2148 		/* Quit outer loop on error or when we're done. */
2149 		if (error || done)
2150 			goto done;
2151 	}
2152 
2153 	/*
2154 	 * Send trailers. Wimp out and use writev(2).
2155 	 */
2156 	if (trl_uio != NULL) {
2157 		error = kern_writev(td, uap->s, trl_uio);
2158 		if (error)
2159 			goto done;
2160 		sbytes += td->td_retval[0];
2161 	}
2162 
2163 done:
2164 	sbunlock(&so->so_snd);
2165 out:
2166 	/*
2167 	 * If there was no error we have to clear td->td_retval[0]
2168 	 * because it may have been set by writev.
2169 	 */
2170 	if (error == 0) {
2171 		td->td_retval[0] = 0;
2172 	}
2173 	if (uap->sbytes != NULL) {
2174 		copyout(&sbytes, uap->sbytes, sizeof(off_t));
2175 	}
2176 	if (obj != NULL)
2177 		vm_object_deallocate(obj);
2178 	if (vp != NULL) {
2179 		vfslocked = VFS_LOCK_GIANT(vp->v_mount);
2180 		vrele(vp);
2181 		VFS_UNLOCK_GIANT(vfslocked);
2182 	}
2183 	if (so)
2184 		fdrop(sock_fp, td);
2185 	if (m)
2186 		m_freem(m);
2187 
2188 	if (error == ERESTART)
2189 		error = EINTR;
2190 
2191 	return (error);
2192 }
2193 
2194 /*
2195  * SCTP syscalls.
2196  * Functionality only compiled in if SCTP is defined in the kernel Makefile,
2197  * otherwise all return EOPNOTSUPP.
2198  * XXX: We should make this loadable one day.
2199  */
2200 int
2201 sctp_peeloff(td, uap)
2202 	struct thread *td;
2203 	struct sctp_peeloff_args /* {
2204 		int	sd;
2205 		caddr_t	name;
2206 	} */ *uap;
2207 {
2208 #ifdef SCTP
2209 	struct filedesc *fdp;
2210 	struct file *nfp = NULL;
2211 	int error;
2212 	struct socket *head, *so;
2213 	int fd;
2214 	u_int fflag;
2215 
2216 	fdp = td->td_proc->p_fd;
2217 	error = fgetsock(td, uap->sd, &head, &fflag);
2218 	if (error)
2219 		goto done2;
2220 	error = sctp_can_peel_off(head, (sctp_assoc_t)uap->name);
2221 	if (error)
2222 		goto done2;
2223 	/*
2224 	 * At this point we know we do have a assoc to pull
2225 	 * we proceed to get the fd setup. This may block
2226 	 * but that is ok.
2227 	 */
2228 
2229 	error = falloc(td, &nfp, &fd);
2230 	if (error)
2231 		goto done;
2232 	td->td_retval[0] = fd;
2233 
2234 	so = sonewconn(head, SS_ISCONNECTED);
2235 	if (so == NULL)
2236 		goto noconnection;
2237 	/*
2238 	 * Before changing the flags on the socket, we have to bump the
2239 	 * reference count.  Otherwise, if the protocol calls sofree(),
2240 	 * the socket will be released due to a zero refcount.
2241 	 */
2242         SOCK_LOCK(so);
2243         soref(so);                      /* file descriptor reference */
2244         SOCK_UNLOCK(so);
2245 
2246 	ACCEPT_LOCK();
2247 
2248 	TAILQ_REMOVE(&head->so_comp, so, so_list);
2249 	head->so_qlen--;
2250 	so->so_state |= (head->so_state & SS_NBIO);
2251 	so->so_state &= ~SS_NOFDREF;
2252 	so->so_qstate &= ~SQ_COMP;
2253 	so->so_head = NULL;
2254 	ACCEPT_UNLOCK();
2255 	finit(nfp, fflag, DTYPE_SOCKET, so, &socketops);
2256 	error = sctp_do_peeloff(head, so, (sctp_assoc_t)uap->name);
2257 	if (error)
2258 		goto noconnection;
2259 	if (head->so_sigio != NULL)
2260 		fsetown(fgetown(&head->so_sigio), &so->so_sigio);
2261 
2262 noconnection:
2263 	/*
2264 	 * close the new descriptor, assuming someone hasn't ripped it
2265 	 * out from under us.
2266 	 */
2267 	if (error)
2268 		fdclose(fdp, nfp, fd, td);
2269 
2270 	/*
2271 	 * Release explicitly held references before returning.
2272 	 */
2273 done:
2274 	if (nfp != NULL)
2275 		fdrop(nfp, td);
2276 	fputsock(head);
2277 done2:
2278 	return (error);
2279 #else  /* SCTP */
2280 	return (EOPNOTSUPP);
2281 #endif /* SCTP */
2282 }
2283 
2284 int
2285 sctp_generic_sendmsg (td, uap)
2286 	struct thread *td;
2287 	struct sctp_generic_sendmsg_args /* {
2288 		int sd,
2289 		caddr_t msg,
2290 		int mlen,
2291 		caddr_t to,
2292 		__socklen_t tolen,
2293 		struct sctp_sndrcvinfo *sinfo,
2294 		int flags
2295 	} */ *uap;
2296 {
2297 #ifdef SCTP
2298 	struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL;
2299 	struct socket *so;
2300 	struct file *fp = NULL;
2301 	int use_rcvinfo = 1;
2302 	int error = 0, len;
2303 	struct sockaddr *to = NULL;
2304 #ifdef KTRACE
2305 	struct uio *ktruio = NULL;
2306 #endif
2307 	struct uio auio;
2308 	struct iovec iov[1];
2309 
2310 	if (uap->sinfo) {
2311 		error = copyin(uap->sinfo, &sinfo, sizeof (sinfo));
2312 		if (error)
2313 			return (error);
2314 		u_sinfo = &sinfo;
2315 	}
2316 	if (uap->tolen) {
2317 		error = getsockaddr(&to, uap->to, uap->tolen);
2318 		if (error) {
2319 			to = NULL;
2320 			goto sctp_bad2;
2321 		}
2322 	}
2323 
2324 	error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
2325 	if (error)
2326 		goto sctp_bad;
2327 
2328 	iov[0].iov_base = uap->msg;
2329 	iov[0].iov_len = uap->mlen;
2330 
2331 	so = (struct socket *)fp->f_data;
2332 #ifdef MAC
2333 	SOCK_LOCK(so);
2334 	error = mac_socket_check_send(td->td_ucred, so);
2335 	SOCK_UNLOCK(so);
2336 	if (error)
2337 		goto sctp_bad;
2338 #endif /* MAC */
2339 
2340 	auio.uio_iov =  iov;
2341 	auio.uio_iovcnt = 1;
2342 	auio.uio_segflg = UIO_USERSPACE;
2343 	auio.uio_rw = UIO_WRITE;
2344 	auio.uio_td = td;
2345 	auio.uio_offset = 0;			/* XXX */
2346 	auio.uio_resid = 0;
2347 	len = auio.uio_resid = uap->mlen;
2348 	error = sctp_lower_sosend(so, to, &auio,
2349 		    (struct mbuf *)NULL, (struct mbuf *)NULL,
2350 		    uap->flags, use_rcvinfo, u_sinfo, td);
2351 	if (error) {
2352 		if (auio.uio_resid != len && (error == ERESTART ||
2353 		    error == EINTR || error == EWOULDBLOCK))
2354 			error = 0;
2355 		/* Generation of SIGPIPE can be controlled per socket. */
2356 		if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
2357 		    !(uap->flags & MSG_NOSIGNAL)) {
2358 			PROC_LOCK(td->td_proc);
2359 			psignal(td->td_proc, SIGPIPE);
2360 			PROC_UNLOCK(td->td_proc);
2361 		}
2362 	}
2363 	if (error == 0)
2364 		td->td_retval[0] = len - auio.uio_resid;
2365 #ifdef KTRACE
2366 	if (ktruio != NULL) {
2367 		ktruio->uio_resid = td->td_retval[0];
2368 		ktrgenio(uap->sd, UIO_WRITE, ktruio, error);
2369 	}
2370 #endif /* KTRACE */
2371 sctp_bad:
2372 	if (fp)
2373 		fdrop(fp, td);
2374 sctp_bad2:
2375 	if (to)
2376 		free(to, M_SONAME);
2377 	return (error);
2378 #else  /* SCTP */
2379 	return (EOPNOTSUPP);
2380 #endif /* SCTP */
2381 }
2382 
2383 int
2384 sctp_generic_sendmsg_iov(td, uap)
2385 	struct thread *td;
2386 	struct sctp_generic_sendmsg_iov_args /* {
2387 		int sd,
2388 		struct iovec *iov,
2389 		int iovlen,
2390 		caddr_t to,
2391 		__socklen_t tolen,
2392 		struct sctp_sndrcvinfo *sinfo,
2393 		int flags
2394 	} */ *uap;
2395 {
2396 #ifdef SCTP
2397 	struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL;
2398 	struct socket *so;
2399 	struct file *fp = NULL;
2400 	int use_rcvinfo = 1;
2401 	int error=0, len, i;
2402 	struct sockaddr *to = NULL;
2403 #ifdef KTRACE
2404 	struct uio *ktruio = NULL;
2405 #endif
2406 	struct uio auio;
2407 	struct iovec *iov, *tiov;
2408 
2409 	if (uap->sinfo) {
2410 		error = copyin(uap->sinfo, &sinfo, sizeof (sinfo));
2411 		if (error)
2412 			return (error);
2413 		u_sinfo = &sinfo;
2414 	}
2415 	if (uap->tolen) {
2416 		error = getsockaddr(&to, uap->to, uap->tolen);
2417 		if (error) {
2418 			to = NULL;
2419 			goto sctp_bad2;
2420 		}
2421 	}
2422 
2423 	error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
2424 	if (error)
2425 		goto sctp_bad1;
2426 
2427 	error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE);
2428 	if (error)
2429 		goto sctp_bad1;
2430 
2431 	so = (struct socket *)fp->f_data;
2432 #ifdef MAC
2433 	SOCK_LOCK(so);
2434 	error = mac_socket_check_send(td->td_ucred, so);
2435 	SOCK_UNLOCK(so);
2436 	if (error)
2437 		goto sctp_bad;
2438 #endif /* MAC */
2439 
2440 	auio.uio_iov =  iov;
2441 	auio.uio_iovcnt = uap->iovlen;
2442 	auio.uio_segflg = UIO_USERSPACE;
2443 	auio.uio_rw = UIO_WRITE;
2444 	auio.uio_td = td;
2445 	auio.uio_offset = 0;			/* XXX */
2446 	auio.uio_resid = 0;
2447 	tiov = iov;
2448 	for (i = 0; i <uap->iovlen; i++, tiov++) {
2449 		if ((auio.uio_resid += tiov->iov_len) < 0) {
2450 			error = EINVAL;
2451 			goto sctp_bad;
2452 		}
2453 	}
2454 	len = auio.uio_resid;
2455 	error = sctp_lower_sosend(so, to, &auio,
2456 		    (struct mbuf *)NULL, (struct mbuf *)NULL,
2457 		    uap->flags, use_rcvinfo, u_sinfo, td);
2458 	if (error) {
2459 		if (auio.uio_resid != len && (error == ERESTART ||
2460 		    error == EINTR || error == EWOULDBLOCK))
2461 			error = 0;
2462 		/* Generation of SIGPIPE can be controlled per socket */
2463 		if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
2464 		    !(uap->flags & MSG_NOSIGNAL)) {
2465 			PROC_LOCK(td->td_proc);
2466 			psignal(td->td_proc, SIGPIPE);
2467 			PROC_UNLOCK(td->td_proc);
2468 		}
2469 	}
2470 	if (error == 0)
2471 		td->td_retval[0] = len - auio.uio_resid;
2472 #ifdef KTRACE
2473 	if (ktruio != NULL) {
2474 		ktruio->uio_resid = td->td_retval[0];
2475 		ktrgenio(uap->sd, UIO_WRITE, ktruio, error);
2476 	}
2477 #endif /* KTRACE */
2478 sctp_bad:
2479 	free(iov, M_IOV);
2480 sctp_bad1:
2481 	if (fp)
2482 		fdrop(fp, td);
2483 sctp_bad2:
2484 	if (to)
2485 		free(to, M_SONAME);
2486 	return (error);
2487 #else  /* SCTP */
2488 	return (EOPNOTSUPP);
2489 #endif /* SCTP */
2490 }
2491 
2492 int
2493 sctp_generic_recvmsg(td, uap)
2494 	struct thread *td;
2495 	struct sctp_generic_recvmsg_args /* {
2496 		int sd,
2497 		struct iovec *iov,
2498 		int iovlen,
2499 		struct sockaddr *from,
2500 		__socklen_t *fromlenaddr,
2501 		struct sctp_sndrcvinfo *sinfo,
2502 		int *msg_flags
2503 	} */ *uap;
2504 {
2505 #ifdef SCTP
2506 	u_int8_t sockbufstore[256];
2507 	struct uio auio;
2508 	struct iovec *iov, *tiov;
2509 	struct sctp_sndrcvinfo sinfo;
2510 	struct socket *so;
2511 	struct file *fp = NULL;
2512 	struct sockaddr *fromsa;
2513 	int fromlen;
2514 	int len, i, msg_flags;
2515 	int error = 0;
2516 #ifdef KTRACE
2517 	struct uio *ktruio = NULL;
2518 #endif
2519 	error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
2520 	if (error) {
2521 		return (error);
2522 	}
2523 	error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE);
2524 	if (error) {
2525 		goto out1;
2526 	}
2527 
2528 	so = fp->f_data;
2529 #ifdef MAC
2530 	SOCK_LOCK(so);
2531 	error = mac_socket_check_receive(td->td_ucred, so);
2532 	SOCK_UNLOCK(so);
2533 	if (error) {
2534 		goto out;
2535 		return (error);
2536 	}
2537 #endif /* MAC */
2538 
2539 	if (uap->fromlenaddr) {
2540 		error = copyin(uap->fromlenaddr,
2541 		    &fromlen, sizeof (fromlen));
2542 		if (error) {
2543 			goto out;
2544 		}
2545 	} else {
2546 		fromlen = 0;
2547 	}
2548 	if(uap->msg_flags) {
2549 		error = copyin(uap->msg_flags, &msg_flags, sizeof (int));
2550 		if (error) {
2551 			goto out;
2552 		}
2553 	} else {
2554 		msg_flags = 0;
2555 	}
2556 	auio.uio_iov = iov;
2557 	auio.uio_iovcnt = uap->iovlen;
2558   	auio.uio_segflg = UIO_USERSPACE;
2559 	auio.uio_rw = UIO_READ;
2560 	auio.uio_td = td;
2561 	auio.uio_offset = 0;			/* XXX */
2562 	auio.uio_resid = 0;
2563 	tiov = iov;
2564 	for (i = 0; i <uap->iovlen; i++, tiov++) {
2565 		if ((auio.uio_resid += tiov->iov_len) < 0) {
2566 			error = EINVAL;
2567 			goto out;
2568 		}
2569 	}
2570 	len = auio.uio_resid;
2571 	fromsa = (struct sockaddr *)sockbufstore;
2572 
2573 #ifdef KTRACE
2574 	if (KTRPOINT(td, KTR_GENIO))
2575 		ktruio = cloneuio(&auio);
2576 #endif /* KTRACE */
2577 	error = sctp_sorecvmsg(so, &auio, (struct mbuf **)NULL,
2578 		    fromsa, fromlen, &msg_flags,
2579 		    (struct sctp_sndrcvinfo *)&sinfo, 1);
2580 	if (error) {
2581 		if (auio.uio_resid != (int)len && (error == ERESTART ||
2582 		    error == EINTR || error == EWOULDBLOCK))
2583 			error = 0;
2584 	} else {
2585 		if (uap->sinfo)
2586 			error = copyout(&sinfo, uap->sinfo, sizeof (sinfo));
2587 	}
2588 #ifdef KTRACE
2589 	if (ktruio != NULL) {
2590 		ktruio->uio_resid = (int)len - auio.uio_resid;
2591 		ktrgenio(uap->sd, UIO_READ, ktruio, error);
2592 	}
2593 #endif /* KTRACE */
2594 	if (error)
2595 		goto out;
2596 	td->td_retval[0] = (int)len - auio.uio_resid;
2597 
2598 	if (fromlen && uap->from) {
2599 		len = fromlen;
2600 		if (len <= 0 || fromsa == 0)
2601 			len = 0;
2602 		else {
2603 			len = MIN(len, fromsa->sa_len);
2604 			error = copyout(fromsa, uap->from, (unsigned)len);
2605 			if (error)
2606 				goto out;
2607 		}
2608 		error = copyout(&len, uap->fromlenaddr, sizeof (socklen_t));
2609 		if (error) {
2610 			goto out;
2611 		}
2612 	}
2613 	if (uap->msg_flags) {
2614 		error = copyout(&msg_flags, uap->msg_flags, sizeof (int));
2615 		if (error) {
2616 			goto out;
2617 		}
2618 	}
2619 out:
2620 	free(iov, M_IOV);
2621 out1:
2622 	if (fp)
2623 		fdrop(fp, td);
2624 
2625 	return (error);
2626 #else  /* SCTP */
2627 	return (EOPNOTSUPP);
2628 #endif /* SCTP */
2629 }
2630