xref: /freebsd/sys/kern/uipc_syscalls.c (revision 78007886c995898a9494648343e5236bca1cbba3)
1 /*-
2  * Copyright (c) 1982, 1986, 1989, 1990, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * sendfile(2) and related extensions:
6  * Copyright (c) 1998, David Greenman. All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 4. Neither the name of the University nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  *	@(#)uipc_syscalls.c	8.4 (Berkeley) 2/21/94
33  */
34 
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
37 
38 #include "opt_sctp.h"
39 #include "opt_compat.h"
40 #include "opt_ktrace.h"
41 #include "opt_mac.h"
42 
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/kernel.h>
46 #include <sys/lock.h>
47 #include <sys/mutex.h>
48 #include <sys/sysproto.h>
49 #include <sys/malloc.h>
50 #include <sys/filedesc.h>
51 #include <sys/event.h>
52 #include <sys/proc.h>
53 #include <sys/fcntl.h>
54 #include <sys/file.h>
55 #include <sys/filio.h>
56 #include <sys/mount.h>
57 #include <sys/mbuf.h>
58 #include <sys/protosw.h>
59 #include <sys/sf_buf.h>
60 #include <sys/socket.h>
61 #include <sys/socketvar.h>
62 #include <sys/signalvar.h>
63 #include <sys/syscallsubr.h>
64 #include <sys/sysctl.h>
65 #include <sys/uio.h>
66 #include <sys/vnode.h>
67 #ifdef KTRACE
68 #include <sys/ktrace.h>
69 #endif
70 
71 #include <security/mac/mac_framework.h>
72 
73 #include <vm/vm.h>
74 #include <vm/vm_object.h>
75 #include <vm/vm_page.h>
76 #include <vm/vm_pageout.h>
77 #include <vm/vm_kern.h>
78 #include <vm/vm_extern.h>
79 
80 #ifdef SCTP
81 #include <netinet/sctp.h>
82 #include <netinet/sctp_peeloff.h>
83 #endif /* SCTP */
84 
85 static int sendit(struct thread *td, int s, struct msghdr *mp, int flags);
86 static int recvit(struct thread *td, int s, struct msghdr *mp, void *namelenp);
87 
88 static int accept1(struct thread *td, struct accept_args *uap, int compat);
89 static int do_sendfile(struct thread *td, struct sendfile_args *uap, int compat);
90 static int getsockname1(struct thread *td, struct getsockname_args *uap,
91 			int compat);
92 static int getpeername1(struct thread *td, struct getpeername_args *uap,
93 			int compat);
94 
95 /*
96  * NSFBUFS-related variables and associated sysctls
97  */
98 int nsfbufs;
99 int nsfbufspeak;
100 int nsfbufsused;
101 
102 SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufs, CTLFLAG_RDTUN, &nsfbufs, 0,
103     "Maximum number of sendfile(2) sf_bufs available");
104 SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufspeak, CTLFLAG_RD, &nsfbufspeak, 0,
105     "Number of sendfile(2) sf_bufs at peak usage");
106 SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufsused, CTLFLAG_RD, &nsfbufsused, 0,
107     "Number of sendfile(2) sf_bufs in use");
108 
109 /*
110  * Convert a user file descriptor to a kernel file entry.  A reference on the
111  * file entry is held upon returning.  This is lighter weight than
112  * fgetsock(), which bumps the socket reference drops the file reference
113  * count instead, as this approach avoids several additional mutex operations
114  * associated with the additional reference count.  If requested, return the
115  * open file flags.
116  */
117 static int
118 getsock(struct filedesc *fdp, int fd, struct file **fpp, u_int *fflagp)
119 {
120 	struct file *fp;
121 	int error;
122 
123 	fp = NULL;
124 	if (fdp == NULL)
125 		error = EBADF;
126 	else {
127 		FILEDESC_SLOCK(fdp);
128 		fp = fget_locked(fdp, fd);
129 		if (fp == NULL)
130 			error = EBADF;
131 		else if (fp->f_type != DTYPE_SOCKET) {
132 			fp = NULL;
133 			error = ENOTSOCK;
134 		} else {
135 			fhold(fp);
136 			if (fflagp != NULL)
137 				*fflagp = fp->f_flag;
138 			error = 0;
139 		}
140 		FILEDESC_SUNLOCK(fdp);
141 	}
142 	*fpp = fp;
143 	return (error);
144 }
145 
146 /*
147  * System call interface to the socket abstraction.
148  */
149 #if defined(COMPAT_43)
150 #define COMPAT_OLDSOCK
151 #endif
152 
153 int
154 socket(td, uap)
155 	struct thread *td;
156 	register struct socket_args /* {
157 		int	domain;
158 		int	type;
159 		int	protocol;
160 	} */ *uap;
161 {
162 	struct filedesc *fdp;
163 	struct socket *so;
164 	struct file *fp;
165 	int fd, error;
166 
167 #ifdef MAC
168 	error = mac_check_socket_create(td->td_ucred, uap->domain, uap->type,
169 	    uap->protocol);
170 	if (error)
171 		return (error);
172 #endif
173 	fdp = td->td_proc->p_fd;
174 	error = falloc(td, &fp, &fd);
175 	if (error)
176 		return (error);
177 	/* An extra reference on `fp' has been held for us by falloc(). */
178 	NET_LOCK_GIANT();
179 	error = socreate(uap->domain, &so, uap->type, uap->protocol,
180 	    td->td_ucred, td);
181 	NET_UNLOCK_GIANT();
182 	if (error) {
183 		fdclose(fdp, fp, fd, td);
184 	} else {
185 		FILE_LOCK(fp);
186 		fp->f_data = so;	/* already has ref count */
187 		fp->f_flag = FREAD|FWRITE;
188 		fp->f_type = DTYPE_SOCKET;
189 		fp->f_ops = &socketops;
190 		FILE_UNLOCK(fp);
191 		td->td_retval[0] = fd;
192 	}
193 	fdrop(fp, td);
194 	return (error);
195 }
196 
197 /* ARGSUSED */
198 int
199 bind(td, uap)
200 	struct thread *td;
201 	register struct bind_args /* {
202 		int	s;
203 		caddr_t	name;
204 		int	namelen;
205 	} */ *uap;
206 {
207 	struct sockaddr *sa;
208 	int error;
209 
210 	if ((error = getsockaddr(&sa, uap->name, uap->namelen)) != 0)
211 		return (error);
212 
213 	error = kern_bind(td, uap->s, sa);
214 	free(sa, M_SONAME);
215 	return (error);
216 }
217 
218 int
219 kern_bind(td, fd, sa)
220 	struct thread *td;
221 	int fd;
222 	struct sockaddr *sa;
223 {
224 	struct socket *so;
225 	struct file *fp;
226 	int error;
227 
228 	NET_LOCK_GIANT();
229 	error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
230 	if (error)
231 		goto done2;
232 	so = fp->f_data;
233 #ifdef MAC
234 	SOCK_LOCK(so);
235 	error = mac_check_socket_bind(td->td_ucred, so, sa);
236 	SOCK_UNLOCK(so);
237 	if (error)
238 		goto done1;
239 #endif
240 	error = sobind(so, sa, td);
241 #ifdef MAC
242 done1:
243 #endif
244 	fdrop(fp, td);
245 done2:
246 	NET_UNLOCK_GIANT();
247 	return (error);
248 }
249 
250 /* ARGSUSED */
251 int
252 listen(td, uap)
253 	struct thread *td;
254 	register struct listen_args /* {
255 		int	s;
256 		int	backlog;
257 	} */ *uap;
258 {
259 	struct socket *so;
260 	struct file *fp;
261 	int error;
262 
263 	NET_LOCK_GIANT();
264 	error = getsock(td->td_proc->p_fd, uap->s, &fp, NULL);
265 	if (error == 0) {
266 		so = fp->f_data;
267 #ifdef MAC
268 		SOCK_LOCK(so);
269 		error = mac_check_socket_listen(td->td_ucred, so);
270 		SOCK_UNLOCK(so);
271 		if (error)
272 			goto done;
273 #endif
274 		error = solisten(so, uap->backlog, td);
275 #ifdef MAC
276 done:
277 #endif
278 		fdrop(fp, td);
279 	}
280 	NET_UNLOCK_GIANT();
281 	return(error);
282 }
283 
284 /*
285  * accept1()
286  */
287 static int
288 accept1(td, uap, compat)
289 	struct thread *td;
290 	register struct accept_args /* {
291 		int	s;
292 		struct sockaddr	* __restrict name;
293 		socklen_t	* __restrict anamelen;
294 	} */ *uap;
295 	int compat;
296 {
297 	struct sockaddr *name;
298 	socklen_t namelen;
299 	struct file *fp;
300 	int error;
301 
302 	if (uap->name == NULL)
303 		return (kern_accept(td, uap->s, NULL, NULL, NULL));
304 
305 	error = copyin(uap->anamelen, &namelen, sizeof (namelen));
306 	if (error)
307 		return (error);
308 
309 	error = kern_accept(td, uap->s, &name, &namelen, &fp);
310 
311 	/*
312 	 * return a namelen of zero for older code which might
313 	 * ignore the return value from accept.
314 	 */
315 	if (error) {
316 		(void) copyout(&namelen,
317 		    uap->anamelen, sizeof(*uap->anamelen));
318 		return (error);
319 	}
320 
321 	if (error == 0 && name != NULL) {
322 #ifdef COMPAT_OLDSOCK
323 		if (compat)
324 			((struct osockaddr *)name)->sa_family =
325 			    name->sa_family;
326 #endif
327 		error = copyout(name, uap->name, namelen);
328 	}
329 	if (error == 0)
330 		error = copyout(&namelen, uap->anamelen,
331 		    sizeof(namelen));
332 	if (error)
333 		fdclose(td->td_proc->p_fd, fp, td->td_retval[0], td);
334 	fdrop(fp, td);
335 	free(name, M_SONAME);
336 	return (error);
337 }
338 
339 int
340 kern_accept(struct thread *td, int s, struct sockaddr **name,
341     socklen_t *namelen, struct file **fp)
342 {
343 	struct filedesc *fdp;
344 	struct file *headfp, *nfp = NULL;
345 	struct sockaddr *sa = NULL;
346 	int error;
347 	struct socket *head, *so;
348 	int fd;
349 	u_int fflag;
350 	pid_t pgid;
351 	int tmp;
352 
353 	if (name) {
354 		*name = NULL;
355 		if (*namelen < 0)
356 			return (EINVAL);
357 	}
358 
359 	fdp = td->td_proc->p_fd;
360 	NET_LOCK_GIANT();
361 	error = getsock(fdp, s, &headfp, &fflag);
362 	if (error)
363 		goto done2;
364 	head = headfp->f_data;
365 	if ((head->so_options & SO_ACCEPTCONN) == 0) {
366 		error = EINVAL;
367 		goto done;
368 	}
369 #ifdef MAC
370 	SOCK_LOCK(head);
371 	error = mac_check_socket_accept(td->td_ucred, head);
372 	SOCK_UNLOCK(head);
373 	if (error != 0)
374 		goto done;
375 #endif
376 	error = falloc(td, &nfp, &fd);
377 	if (error)
378 		goto done;
379 	ACCEPT_LOCK();
380 	if ((head->so_state & SS_NBIO) && TAILQ_EMPTY(&head->so_comp)) {
381 		ACCEPT_UNLOCK();
382 		error = EWOULDBLOCK;
383 		goto noconnection;
384 	}
385 	while (TAILQ_EMPTY(&head->so_comp) && head->so_error == 0) {
386 		if (head->so_rcv.sb_state & SBS_CANTRCVMORE) {
387 			head->so_error = ECONNABORTED;
388 			break;
389 		}
390 		error = msleep(&head->so_timeo, &accept_mtx, PSOCK | PCATCH,
391 		    "accept", 0);
392 		if (error) {
393 			ACCEPT_UNLOCK();
394 			goto noconnection;
395 		}
396 	}
397 	if (head->so_error) {
398 		error = head->so_error;
399 		head->so_error = 0;
400 		ACCEPT_UNLOCK();
401 		goto noconnection;
402 	}
403 	so = TAILQ_FIRST(&head->so_comp);
404 	KASSERT(!(so->so_qstate & SQ_INCOMP), ("accept1: so SQ_INCOMP"));
405 	KASSERT(so->so_qstate & SQ_COMP, ("accept1: so not SQ_COMP"));
406 
407 	/*
408 	 * Before changing the flags on the socket, we have to bump the
409 	 * reference count.  Otherwise, if the protocol calls sofree(),
410 	 * the socket will be released due to a zero refcount.
411 	 */
412 	SOCK_LOCK(so);			/* soref() and so_state update */
413 	soref(so);			/* file descriptor reference */
414 
415 	TAILQ_REMOVE(&head->so_comp, so, so_list);
416 	head->so_qlen--;
417 	so->so_state |= (head->so_state & SS_NBIO);
418 	so->so_qstate &= ~SQ_COMP;
419 	so->so_head = NULL;
420 
421 	SOCK_UNLOCK(so);
422 	ACCEPT_UNLOCK();
423 
424 	/* An extra reference on `nfp' has been held for us by falloc(). */
425 	td->td_retval[0] = fd;
426 
427 	/* connection has been removed from the listen queue */
428 	KNOTE_UNLOCKED(&head->so_rcv.sb_sel.si_note, 0);
429 
430 	pgid = fgetown(&head->so_sigio);
431 	if (pgid != 0)
432 		fsetown(pgid, &so->so_sigio);
433 
434 	FILE_LOCK(nfp);
435 	nfp->f_data = so;	/* nfp has ref count from falloc */
436 	nfp->f_flag = fflag;
437 	nfp->f_type = DTYPE_SOCKET;
438 	nfp->f_ops = &socketops;
439 	FILE_UNLOCK(nfp);
440 	/* Sync socket nonblocking/async state with file flags */
441 	tmp = fflag & FNONBLOCK;
442 	(void) fo_ioctl(nfp, FIONBIO, &tmp, td->td_ucred, td);
443 	tmp = fflag & FASYNC;
444 	(void) fo_ioctl(nfp, FIOASYNC, &tmp, td->td_ucred, td);
445 	sa = 0;
446 	error = soaccept(so, &sa);
447 	if (error) {
448 		/*
449 		 * return a namelen of zero for older code which might
450 		 * ignore the return value from accept.
451 		 */
452 		if (name)
453 			*namelen = 0;
454 		goto noconnection;
455 	}
456 	if (sa == NULL) {
457 		if (name)
458 			*namelen = 0;
459 		goto done;
460 	}
461 	if (name) {
462 		/* check sa_len before it is destroyed */
463 		if (*namelen > sa->sa_len)
464 			*namelen = sa->sa_len;
465 		*name = sa;
466 		sa = NULL;
467 	}
468 noconnection:
469 	if (sa)
470 		FREE(sa, M_SONAME);
471 
472 	/*
473 	 * close the new descriptor, assuming someone hasn't ripped it
474 	 * out from under us.
475 	 */
476 	if (error)
477 		fdclose(fdp, nfp, fd, td);
478 
479 	/*
480 	 * Release explicitly held references before returning.  We return
481 	 * a reference on nfp to the caller on success if they request it.
482 	 */
483 done:
484 	if (fp != NULL) {
485 		if (error == 0) {
486 			*fp = nfp;
487 			nfp = NULL;
488 		} else
489 			*fp = NULL;
490 	}
491 	if (nfp != NULL)
492 		fdrop(nfp, td);
493 	fdrop(headfp, td);
494 done2:
495 	NET_UNLOCK_GIANT();
496 	return (error);
497 }
498 
499 int
500 accept(td, uap)
501 	struct thread *td;
502 	struct accept_args *uap;
503 {
504 
505 	return (accept1(td, uap, 0));
506 }
507 
508 #ifdef COMPAT_OLDSOCK
509 int
510 oaccept(td, uap)
511 	struct thread *td;
512 	struct accept_args *uap;
513 {
514 
515 	return (accept1(td, uap, 1));
516 }
517 #endif /* COMPAT_OLDSOCK */
518 
519 /* ARGSUSED */
520 int
521 connect(td, uap)
522 	struct thread *td;
523 	register struct connect_args /* {
524 		int	s;
525 		caddr_t	name;
526 		int	namelen;
527 	} */ *uap;
528 {
529 	struct sockaddr *sa;
530 	int error;
531 
532 	error = getsockaddr(&sa, uap->name, uap->namelen);
533 	if (error)
534 		return (error);
535 
536 	error = kern_connect(td, uap->s, sa);
537 	free(sa, M_SONAME);
538 	return (error);
539 }
540 
541 
542 int
543 kern_connect(td, fd, sa)
544 	struct thread *td;
545 	int fd;
546 	struct sockaddr *sa;
547 {
548 	struct socket *so;
549 	struct file *fp;
550 	int error;
551 	int interrupted = 0;
552 
553 	NET_LOCK_GIANT();
554 	error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
555 	if (error)
556 		goto done2;
557 	so = fp->f_data;
558 	if (so->so_state & SS_ISCONNECTING) {
559 		error = EALREADY;
560 		goto done1;
561 	}
562 #ifdef MAC
563 	SOCK_LOCK(so);
564 	error = mac_check_socket_connect(td->td_ucred, so, sa);
565 	SOCK_UNLOCK(so);
566 	if (error)
567 		goto bad;
568 #endif
569 	error = soconnect(so, sa, td);
570 	if (error)
571 		goto bad;
572 	if ((so->so_state & SS_NBIO) && (so->so_state & SS_ISCONNECTING)) {
573 		error = EINPROGRESS;
574 		goto done1;
575 	}
576 	SOCK_LOCK(so);
577 	while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
578 		error = msleep(&so->so_timeo, SOCK_MTX(so), PSOCK | PCATCH,
579 		    "connec", 0);
580 		if (error) {
581 			if (error == EINTR || error == ERESTART)
582 				interrupted = 1;
583 			break;
584 		}
585 	}
586 	if (error == 0) {
587 		error = so->so_error;
588 		so->so_error = 0;
589 	}
590 	SOCK_UNLOCK(so);
591 bad:
592 	if (!interrupted)
593 		so->so_state &= ~SS_ISCONNECTING;
594 	if (error == ERESTART)
595 		error = EINTR;
596 done1:
597 	fdrop(fp, td);
598 done2:
599 	NET_UNLOCK_GIANT();
600 	return (error);
601 }
602 
603 int
604 socketpair(td, uap)
605 	struct thread *td;
606 	register struct socketpair_args /* {
607 		int	domain;
608 		int	type;
609 		int	protocol;
610 		int	*rsv;
611 	} */ *uap;
612 {
613 	register struct filedesc *fdp = td->td_proc->p_fd;
614 	struct file *fp1, *fp2;
615 	struct socket *so1, *so2;
616 	int fd, error, sv[2];
617 
618 #ifdef MAC
619 	/* We might want to have a separate check for socket pairs. */
620 	error = mac_check_socket_create(td->td_ucred, uap->domain, uap->type,
621 	    uap->protocol);
622 	if (error)
623 		return (error);
624 #endif
625 
626 	NET_LOCK_GIANT();
627 	error = socreate(uap->domain, &so1, uap->type, uap->protocol,
628 	    td->td_ucred, td);
629 	if (error)
630 		goto done2;
631 	error = socreate(uap->domain, &so2, uap->type, uap->protocol,
632 	    td->td_ucred, td);
633 	if (error)
634 		goto free1;
635 	/* On success extra reference to `fp1' and 'fp2' is set by falloc. */
636 	error = falloc(td, &fp1, &fd);
637 	if (error)
638 		goto free2;
639 	sv[0] = fd;
640 	fp1->f_data = so1;	/* so1 already has ref count */
641 	error = falloc(td, &fp2, &fd);
642 	if (error)
643 		goto free3;
644 	fp2->f_data = so2;	/* so2 already has ref count */
645 	sv[1] = fd;
646 	error = soconnect2(so1, so2);
647 	if (error)
648 		goto free4;
649 	if (uap->type == SOCK_DGRAM) {
650 		/*
651 		 * Datagram socket connection is asymmetric.
652 		 */
653 		 error = soconnect2(so2, so1);
654 		 if (error)
655 			goto free4;
656 	}
657 	FILE_LOCK(fp1);
658 	fp1->f_flag = FREAD|FWRITE;
659 	fp1->f_type = DTYPE_SOCKET;
660 	fp1->f_ops = &socketops;
661 	FILE_UNLOCK(fp1);
662 	FILE_LOCK(fp2);
663 	fp2->f_flag = FREAD|FWRITE;
664 	fp2->f_type = DTYPE_SOCKET;
665 	fp2->f_ops = &socketops;
666 	FILE_UNLOCK(fp2);
667 	so1 = so2 = NULL;
668 	error = copyout(sv, uap->rsv, 2 * sizeof (int));
669 	if (error)
670 		goto free4;
671 	fdrop(fp1, td);
672 	fdrop(fp2, td);
673 	goto done2;
674 free4:
675 	fdclose(fdp, fp2, sv[1], td);
676 	fdrop(fp2, td);
677 free3:
678 	fdclose(fdp, fp1, sv[0], td);
679 	fdrop(fp1, td);
680 free2:
681 	if (so2 != NULL)
682 		(void)soclose(so2);
683 free1:
684 	if (so1 != NULL)
685 		(void)soclose(so1);
686 done2:
687 	NET_UNLOCK_GIANT();
688 	return (error);
689 }
690 
691 static int
692 sendit(td, s, mp, flags)
693 	register struct thread *td;
694 	int s;
695 	register struct msghdr *mp;
696 	int flags;
697 {
698 	struct mbuf *control;
699 	struct sockaddr *to;
700 	int error;
701 
702 	if (mp->msg_name != NULL) {
703 		error = getsockaddr(&to, mp->msg_name, mp->msg_namelen);
704 		if (error) {
705 			to = NULL;
706 			goto bad;
707 		}
708 		mp->msg_name = to;
709 	} else {
710 		to = NULL;
711 	}
712 
713 	if (mp->msg_control) {
714 		if (mp->msg_controllen < sizeof(struct cmsghdr)
715 #ifdef COMPAT_OLDSOCK
716 		    && mp->msg_flags != MSG_COMPAT
717 #endif
718 		) {
719 			error = EINVAL;
720 			goto bad;
721 		}
722 		error = sockargs(&control, mp->msg_control,
723 		    mp->msg_controllen, MT_CONTROL);
724 		if (error)
725 			goto bad;
726 #ifdef COMPAT_OLDSOCK
727 		if (mp->msg_flags == MSG_COMPAT) {
728 			register struct cmsghdr *cm;
729 
730 			M_PREPEND(control, sizeof(*cm), M_TRYWAIT);
731 			if (control == 0) {
732 				error = ENOBUFS;
733 				goto bad;
734 			} else {
735 				cm = mtod(control, struct cmsghdr *);
736 				cm->cmsg_len = control->m_len;
737 				cm->cmsg_level = SOL_SOCKET;
738 				cm->cmsg_type = SCM_RIGHTS;
739 			}
740 		}
741 #endif
742 	} else {
743 		control = NULL;
744 	}
745 
746 	error = kern_sendit(td, s, mp, flags, control, UIO_USERSPACE);
747 
748 bad:
749 	if (to)
750 		FREE(to, M_SONAME);
751 	return (error);
752 }
753 
754 int
755 kern_sendit(td, s, mp, flags, control, segflg)
756 	struct thread *td;
757 	int s;
758 	struct msghdr *mp;
759 	int flags;
760 	struct mbuf *control;
761 	enum uio_seg segflg;
762 {
763 	struct file *fp;
764 	struct uio auio;
765 	struct iovec *iov;
766 	struct socket *so;
767 	int i;
768 	int len, error;
769 #ifdef KTRACE
770 	struct uio *ktruio = NULL;
771 #endif
772 
773 	NET_LOCK_GIANT();
774 	error = getsock(td->td_proc->p_fd, s, &fp, NULL);
775 	if (error)
776 		goto bad2;
777 	so = (struct socket *)fp->f_data;
778 
779 #ifdef MAC
780 	SOCK_LOCK(so);
781 	error = mac_check_socket_send(td->td_ucred, so);
782 	SOCK_UNLOCK(so);
783 	if (error)
784 		goto bad;
785 #endif
786 
787 	auio.uio_iov = mp->msg_iov;
788 	auio.uio_iovcnt = mp->msg_iovlen;
789 	auio.uio_segflg = segflg;
790 	auio.uio_rw = UIO_WRITE;
791 	auio.uio_td = td;
792 	auio.uio_offset = 0;			/* XXX */
793 	auio.uio_resid = 0;
794 	iov = mp->msg_iov;
795 	for (i = 0; i < mp->msg_iovlen; i++, iov++) {
796 		if ((auio.uio_resid += iov->iov_len) < 0) {
797 			error = EINVAL;
798 			goto bad;
799 		}
800 	}
801 #ifdef KTRACE
802 	if (KTRPOINT(td, KTR_GENIO))
803 		ktruio = cloneuio(&auio);
804 #endif
805 	len = auio.uio_resid;
806 	error = sosend(so, mp->msg_name, &auio, 0, control, flags, td);
807 	if (error) {
808 		if (auio.uio_resid != len && (error == ERESTART ||
809 		    error == EINTR || error == EWOULDBLOCK))
810 			error = 0;
811 		/* Generation of SIGPIPE can be controlled per socket */
812 		if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
813 		    !(flags & MSG_NOSIGNAL)) {
814 			PROC_LOCK(td->td_proc);
815 			psignal(td->td_proc, SIGPIPE);
816 			PROC_UNLOCK(td->td_proc);
817 		}
818 	}
819 	if (error == 0)
820 		td->td_retval[0] = len - auio.uio_resid;
821 #ifdef KTRACE
822 	if (ktruio != NULL) {
823 		ktruio->uio_resid = td->td_retval[0];
824 		ktrgenio(s, UIO_WRITE, ktruio, error);
825 	}
826 #endif
827 bad:
828 	fdrop(fp, td);
829 bad2:
830 	NET_UNLOCK_GIANT();
831 	return (error);
832 }
833 
834 int
835 sendto(td, uap)
836 	struct thread *td;
837 	register struct sendto_args /* {
838 		int	s;
839 		caddr_t	buf;
840 		size_t	len;
841 		int	flags;
842 		caddr_t	to;
843 		int	tolen;
844 	} */ *uap;
845 {
846 	struct msghdr msg;
847 	struct iovec aiov;
848 	int error;
849 
850 	msg.msg_name = uap->to;
851 	msg.msg_namelen = uap->tolen;
852 	msg.msg_iov = &aiov;
853 	msg.msg_iovlen = 1;
854 	msg.msg_control = 0;
855 #ifdef COMPAT_OLDSOCK
856 	msg.msg_flags = 0;
857 #endif
858 	aiov.iov_base = uap->buf;
859 	aiov.iov_len = uap->len;
860 	error = sendit(td, uap->s, &msg, uap->flags);
861 	return (error);
862 }
863 
864 #ifdef COMPAT_OLDSOCK
865 int
866 osend(td, uap)
867 	struct thread *td;
868 	register struct osend_args /* {
869 		int	s;
870 		caddr_t	buf;
871 		int	len;
872 		int	flags;
873 	} */ *uap;
874 {
875 	struct msghdr msg;
876 	struct iovec aiov;
877 	int error;
878 
879 	msg.msg_name = 0;
880 	msg.msg_namelen = 0;
881 	msg.msg_iov = &aiov;
882 	msg.msg_iovlen = 1;
883 	aiov.iov_base = uap->buf;
884 	aiov.iov_len = uap->len;
885 	msg.msg_control = 0;
886 	msg.msg_flags = 0;
887 	error = sendit(td, uap->s, &msg, uap->flags);
888 	return (error);
889 }
890 
891 int
892 osendmsg(td, uap)
893 	struct thread *td;
894 	struct osendmsg_args /* {
895 		int	s;
896 		caddr_t	msg;
897 		int	flags;
898 	} */ *uap;
899 {
900 	struct msghdr msg;
901 	struct iovec *iov;
902 	int error;
903 
904 	error = copyin(uap->msg, &msg, sizeof (struct omsghdr));
905 	if (error)
906 		return (error);
907 	error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
908 	if (error)
909 		return (error);
910 	msg.msg_iov = iov;
911 	msg.msg_flags = MSG_COMPAT;
912 	error = sendit(td, uap->s, &msg, uap->flags);
913 	free(iov, M_IOV);
914 	return (error);
915 }
916 #endif
917 
918 int
919 sendmsg(td, uap)
920 	struct thread *td;
921 	struct sendmsg_args /* {
922 		int	s;
923 		caddr_t	msg;
924 		int	flags;
925 	} */ *uap;
926 {
927 	struct msghdr msg;
928 	struct iovec *iov;
929 	int error;
930 
931 	error = copyin(uap->msg, &msg, sizeof (msg));
932 	if (error)
933 		return (error);
934 	error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
935 	if (error)
936 		return (error);
937 	msg.msg_iov = iov;
938 #ifdef COMPAT_OLDSOCK
939 	msg.msg_flags = 0;
940 #endif
941 	error = sendit(td, uap->s, &msg, uap->flags);
942 	free(iov, M_IOV);
943 	return (error);
944 }
945 
946 int
947 kern_recvit(td, s, mp, fromseg, controlp)
948 	struct thread *td;
949 	int s;
950 	struct msghdr *mp;
951 	enum uio_seg fromseg;
952 	struct mbuf **controlp;
953 {
954 	struct uio auio;
955 	struct iovec *iov;
956 	int i;
957 	socklen_t len;
958 	int error;
959 	struct mbuf *m, *control = 0;
960 	caddr_t ctlbuf;
961 	struct file *fp;
962 	struct socket *so;
963 	struct sockaddr *fromsa = 0;
964 #ifdef KTRACE
965 	struct uio *ktruio = NULL;
966 #endif
967 
968 	if(controlp != NULL)
969 		*controlp = 0;
970 
971 	NET_LOCK_GIANT();
972 	error = getsock(td->td_proc->p_fd, s, &fp, NULL);
973 	if (error) {
974 		NET_UNLOCK_GIANT();
975 		return (error);
976 	}
977 	so = fp->f_data;
978 
979 #ifdef MAC
980 	SOCK_LOCK(so);
981 	error = mac_check_socket_receive(td->td_ucred, so);
982 	SOCK_UNLOCK(so);
983 	if (error) {
984 		fdrop(fp, td);
985 		NET_UNLOCK_GIANT();
986 		return (error);
987 	}
988 #endif
989 
990 	auio.uio_iov = mp->msg_iov;
991 	auio.uio_iovcnt = mp->msg_iovlen;
992 	auio.uio_segflg = UIO_USERSPACE;
993 	auio.uio_rw = UIO_READ;
994 	auio.uio_td = td;
995 	auio.uio_offset = 0;			/* XXX */
996 	auio.uio_resid = 0;
997 	iov = mp->msg_iov;
998 	for (i = 0; i < mp->msg_iovlen; i++, iov++) {
999 		if ((auio.uio_resid += iov->iov_len) < 0) {
1000 			fdrop(fp, td);
1001 			NET_UNLOCK_GIANT();
1002 			return (EINVAL);
1003 		}
1004 	}
1005 #ifdef KTRACE
1006 	if (KTRPOINT(td, KTR_GENIO))
1007 		ktruio = cloneuio(&auio);
1008 #endif
1009 	len = auio.uio_resid;
1010 	error = soreceive(so, &fromsa, &auio, (struct mbuf **)0,
1011 	    (mp->msg_control || controlp) ? &control : (struct mbuf **)0,
1012 	    &mp->msg_flags);
1013 	if (error) {
1014 		if (auio.uio_resid != (int)len && (error == ERESTART ||
1015 		    error == EINTR || error == EWOULDBLOCK))
1016 			error = 0;
1017 	}
1018 #ifdef KTRACE
1019 	if (ktruio != NULL) {
1020 		ktruio->uio_resid = (int)len - auio.uio_resid;
1021 		ktrgenio(s, UIO_READ, ktruio, error);
1022 	}
1023 #endif
1024 	if (error)
1025 		goto out;
1026 	td->td_retval[0] = (int)len - auio.uio_resid;
1027 	if (mp->msg_name) {
1028 		len = mp->msg_namelen;
1029 		if (len <= 0 || fromsa == 0)
1030 			len = 0;
1031 		else {
1032 			/* save sa_len before it is destroyed by MSG_COMPAT */
1033 			len = MIN(len, fromsa->sa_len);
1034 #ifdef COMPAT_OLDSOCK
1035 			if (mp->msg_flags & MSG_COMPAT)
1036 				((struct osockaddr *)fromsa)->sa_family =
1037 				    fromsa->sa_family;
1038 #endif
1039 			if (fromseg == UIO_USERSPACE) {
1040 				error = copyout(fromsa, mp->msg_name,
1041 				    (unsigned)len);
1042 				if (error)
1043 					goto out;
1044 			} else
1045 				bcopy(fromsa, mp->msg_name, len);
1046 		}
1047 		mp->msg_namelen = len;
1048 	}
1049 	if (mp->msg_control && controlp == NULL) {
1050 #ifdef COMPAT_OLDSOCK
1051 		/*
1052 		 * We assume that old recvmsg calls won't receive access
1053 		 * rights and other control info, esp. as control info
1054 		 * is always optional and those options didn't exist in 4.3.
1055 		 * If we receive rights, trim the cmsghdr; anything else
1056 		 * is tossed.
1057 		 */
1058 		if (control && mp->msg_flags & MSG_COMPAT) {
1059 			if (mtod(control, struct cmsghdr *)->cmsg_level !=
1060 			    SOL_SOCKET ||
1061 			    mtod(control, struct cmsghdr *)->cmsg_type !=
1062 			    SCM_RIGHTS) {
1063 				mp->msg_controllen = 0;
1064 				goto out;
1065 			}
1066 			control->m_len -= sizeof (struct cmsghdr);
1067 			control->m_data += sizeof (struct cmsghdr);
1068 		}
1069 #endif
1070 		len = mp->msg_controllen;
1071 		m = control;
1072 		mp->msg_controllen = 0;
1073 		ctlbuf = mp->msg_control;
1074 
1075 		while (m && len > 0) {
1076 			unsigned int tocopy;
1077 
1078 			if (len >= m->m_len)
1079 				tocopy = m->m_len;
1080 			else {
1081 				mp->msg_flags |= MSG_CTRUNC;
1082 				tocopy = len;
1083 			}
1084 
1085 			if ((error = copyout(mtod(m, caddr_t),
1086 					ctlbuf, tocopy)) != 0)
1087 				goto out;
1088 
1089 			ctlbuf += tocopy;
1090 			len -= tocopy;
1091 			m = m->m_next;
1092 		}
1093 		mp->msg_controllen = ctlbuf - (caddr_t)mp->msg_control;
1094 	}
1095 out:
1096 	fdrop(fp, td);
1097 	NET_UNLOCK_GIANT();
1098 	if (fromsa)
1099 		FREE(fromsa, M_SONAME);
1100 
1101 	if (error == 0 && controlp != NULL)
1102 		*controlp = control;
1103 	else  if (control)
1104 		m_freem(control);
1105 
1106 	return (error);
1107 }
1108 
1109 static int
1110 recvit(td, s, mp, namelenp)
1111 	struct thread *td;
1112 	int s;
1113 	struct msghdr *mp;
1114 	void *namelenp;
1115 {
1116 	int error;
1117 
1118 	error = kern_recvit(td, s, mp, UIO_USERSPACE, NULL);
1119 	if (error)
1120 		return (error);
1121 	if (namelenp) {
1122 		error = copyout(&mp->msg_namelen, namelenp, sizeof (socklen_t));
1123 #ifdef COMPAT_OLDSOCK
1124 		if (mp->msg_flags & MSG_COMPAT)
1125 			error = 0;	/* old recvfrom didn't check */
1126 #endif
1127 	}
1128 	return (error);
1129 }
1130 
1131 int
1132 recvfrom(td, uap)
1133 	struct thread *td;
1134 	register struct recvfrom_args /* {
1135 		int	s;
1136 		caddr_t	buf;
1137 		size_t	len;
1138 		int	flags;
1139 		struct sockaddr * __restrict	from;
1140 		socklen_t * __restrict fromlenaddr;
1141 	} */ *uap;
1142 {
1143 	struct msghdr msg;
1144 	struct iovec aiov;
1145 	int error;
1146 
1147 	if (uap->fromlenaddr) {
1148 		error = copyin(uap->fromlenaddr,
1149 		    &msg.msg_namelen, sizeof (msg.msg_namelen));
1150 		if (error)
1151 			goto done2;
1152 	} else {
1153 		msg.msg_namelen = 0;
1154 	}
1155 	msg.msg_name = uap->from;
1156 	msg.msg_iov = &aiov;
1157 	msg.msg_iovlen = 1;
1158 	aiov.iov_base = uap->buf;
1159 	aiov.iov_len = uap->len;
1160 	msg.msg_control = 0;
1161 	msg.msg_flags = uap->flags;
1162 	error = recvit(td, uap->s, &msg, uap->fromlenaddr);
1163 done2:
1164 	return(error);
1165 }
1166 
1167 #ifdef COMPAT_OLDSOCK
1168 int
1169 orecvfrom(td, uap)
1170 	struct thread *td;
1171 	struct recvfrom_args *uap;
1172 {
1173 
1174 	uap->flags |= MSG_COMPAT;
1175 	return (recvfrom(td, uap));
1176 }
1177 #endif
1178 
1179 #ifdef COMPAT_OLDSOCK
1180 int
1181 orecv(td, uap)
1182 	struct thread *td;
1183 	register struct orecv_args /* {
1184 		int	s;
1185 		caddr_t	buf;
1186 		int	len;
1187 		int	flags;
1188 	} */ *uap;
1189 {
1190 	struct msghdr msg;
1191 	struct iovec aiov;
1192 	int error;
1193 
1194 	msg.msg_name = 0;
1195 	msg.msg_namelen = 0;
1196 	msg.msg_iov = &aiov;
1197 	msg.msg_iovlen = 1;
1198 	aiov.iov_base = uap->buf;
1199 	aiov.iov_len = uap->len;
1200 	msg.msg_control = 0;
1201 	msg.msg_flags = uap->flags;
1202 	error = recvit(td, uap->s, &msg, NULL);
1203 	return (error);
1204 }
1205 
1206 /*
1207  * Old recvmsg.  This code takes advantage of the fact that the old msghdr
1208  * overlays the new one, missing only the flags, and with the (old) access
1209  * rights where the control fields are now.
1210  */
1211 int
1212 orecvmsg(td, uap)
1213 	struct thread *td;
1214 	struct orecvmsg_args /* {
1215 		int	s;
1216 		struct	omsghdr *msg;
1217 		int	flags;
1218 	} */ *uap;
1219 {
1220 	struct msghdr msg;
1221 	struct iovec *iov;
1222 	int error;
1223 
1224 	error = copyin(uap->msg, &msg, sizeof (struct omsghdr));
1225 	if (error)
1226 		return (error);
1227 	error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1228 	if (error)
1229 		return (error);
1230 	msg.msg_flags = uap->flags | MSG_COMPAT;
1231 	msg.msg_iov = iov;
1232 	error = recvit(td, uap->s, &msg, &uap->msg->msg_namelen);
1233 	if (msg.msg_controllen && error == 0)
1234 		error = copyout(&msg.msg_controllen,
1235 		    &uap->msg->msg_accrightslen, sizeof (int));
1236 	free(iov, M_IOV);
1237 	return (error);
1238 }
1239 #endif
1240 
1241 int
1242 recvmsg(td, uap)
1243 	struct thread *td;
1244 	struct recvmsg_args /* {
1245 		int	s;
1246 		struct	msghdr *msg;
1247 		int	flags;
1248 	} */ *uap;
1249 {
1250 	struct msghdr msg;
1251 	struct iovec *uiov, *iov;
1252 	int error;
1253 
1254 	error = copyin(uap->msg, &msg, sizeof (msg));
1255 	if (error)
1256 		return (error);
1257 	error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1258 	if (error)
1259 		return (error);
1260 	msg.msg_flags = uap->flags;
1261 #ifdef COMPAT_OLDSOCK
1262 	msg.msg_flags &= ~MSG_COMPAT;
1263 #endif
1264 	uiov = msg.msg_iov;
1265 	msg.msg_iov = iov;
1266 	error = recvit(td, uap->s, &msg, NULL);
1267 	if (error == 0) {
1268 		msg.msg_iov = uiov;
1269 		error = copyout(&msg, uap->msg, sizeof(msg));
1270 	}
1271 	free(iov, M_IOV);
1272 	return (error);
1273 }
1274 
1275 /* ARGSUSED */
1276 int
1277 shutdown(td, uap)
1278 	struct thread *td;
1279 	register struct shutdown_args /* {
1280 		int	s;
1281 		int	how;
1282 	} */ *uap;
1283 {
1284 	struct socket *so;
1285 	struct file *fp;
1286 	int error;
1287 
1288 	NET_LOCK_GIANT();
1289 	error = getsock(td->td_proc->p_fd, uap->s, &fp, NULL);
1290 	if (error == 0) {
1291 		so = fp->f_data;
1292 		error = soshutdown(so, uap->how);
1293 		fdrop(fp, td);
1294 	}
1295 	NET_UNLOCK_GIANT();
1296 	return (error);
1297 }
1298 
1299 /* ARGSUSED */
1300 int
1301 setsockopt(td, uap)
1302 	struct thread *td;
1303 	register struct setsockopt_args /* {
1304 		int	s;
1305 		int	level;
1306 		int	name;
1307 		caddr_t	val;
1308 		int	valsize;
1309 	} */ *uap;
1310 {
1311 
1312 	return (kern_setsockopt(td, uap->s, uap->level, uap->name,
1313 	    uap->val, UIO_USERSPACE, uap->valsize));
1314 }
1315 
1316 int
1317 kern_setsockopt(td, s, level, name, val, valseg, valsize)
1318 	struct thread *td;
1319 	int s;
1320 	int level;
1321 	int name;
1322 	void *val;
1323 	enum uio_seg valseg;
1324 	socklen_t valsize;
1325 {
1326 	int error;
1327 	struct socket *so;
1328 	struct file *fp;
1329 	struct sockopt sopt;
1330 
1331 	if (val == NULL && valsize != 0)
1332 		return (EFAULT);
1333 	if ((int)valsize < 0)
1334 		return (EINVAL);
1335 
1336 	sopt.sopt_dir = SOPT_SET;
1337 	sopt.sopt_level = level;
1338 	sopt.sopt_name = name;
1339 	sopt.sopt_val = val;
1340 	sopt.sopt_valsize = valsize;
1341 	switch (valseg) {
1342 	case UIO_USERSPACE:
1343 		sopt.sopt_td = td;
1344 		break;
1345 	case UIO_SYSSPACE:
1346 		sopt.sopt_td = NULL;
1347 		break;
1348 	default:
1349 		panic("kern_setsockopt called with bad valseg");
1350 	}
1351 
1352 	NET_LOCK_GIANT();
1353 	error = getsock(td->td_proc->p_fd, s, &fp, NULL);
1354 	if (error == 0) {
1355 		so = fp->f_data;
1356 		error = sosetopt(so, &sopt);
1357 		fdrop(fp, td);
1358 	}
1359 	NET_UNLOCK_GIANT();
1360 	return(error);
1361 }
1362 
1363 /* ARGSUSED */
1364 int
1365 getsockopt(td, uap)
1366 	struct thread *td;
1367 	register struct getsockopt_args /* {
1368 		int	s;
1369 		int	level;
1370 		int	name;
1371 		void * __restrict	val;
1372 		socklen_t * __restrict avalsize;
1373 	} */ *uap;
1374 {
1375 	socklen_t valsize;
1376 	int	error;
1377 
1378 	if (uap->val) {
1379 		error = copyin(uap->avalsize, &valsize, sizeof (valsize));
1380 		if (error)
1381 			return (error);
1382 	}
1383 
1384 	error = kern_getsockopt(td, uap->s, uap->level, uap->name,
1385 	    uap->val, UIO_USERSPACE, &valsize);
1386 
1387 	if (error == 0)
1388 		error = copyout(&valsize, uap->avalsize, sizeof (valsize));
1389 	return (error);
1390 }
1391 
1392 /*
1393  * Kernel version of getsockopt.
1394  * optval can be a userland or userspace. optlen is always a kernel pointer.
1395  */
1396 int
1397 kern_getsockopt(td, s, level, name, val, valseg, valsize)
1398 	struct thread *td;
1399 	int s;
1400 	int level;
1401 	int name;
1402 	void *val;
1403 	enum uio_seg valseg;
1404 	socklen_t *valsize;
1405 {
1406 	int error;
1407 	struct  socket *so;
1408 	struct file *fp;
1409 	struct	sockopt sopt;
1410 
1411 	if (val == NULL)
1412 		*valsize = 0;
1413 	if ((int)*valsize < 0)
1414 		return (EINVAL);
1415 
1416 	sopt.sopt_dir = SOPT_GET;
1417 	sopt.sopt_level = level;
1418 	sopt.sopt_name = name;
1419 	sopt.sopt_val = val;
1420 	sopt.sopt_valsize = (size_t)*valsize; /* checked non-negative above */
1421 	switch (valseg) {
1422 	case UIO_USERSPACE:
1423 		sopt.sopt_td = td;
1424 		break;
1425 	case UIO_SYSSPACE:
1426 		sopt.sopt_td = NULL;
1427 		break;
1428 	default:
1429 		panic("kern_getsockopt called with bad valseg");
1430 	}
1431 
1432 	NET_LOCK_GIANT();
1433 	error = getsock(td->td_proc->p_fd, s, &fp, NULL);
1434 	if (error == 0) {
1435 		so = fp->f_data;
1436 		error = sogetopt(so, &sopt);
1437 		*valsize = sopt.sopt_valsize;
1438 		fdrop(fp, td);
1439 	}
1440 	NET_UNLOCK_GIANT();
1441 	return (error);
1442 }
1443 
1444 /*
1445  * getsockname1() - Get socket name.
1446  */
1447 /* ARGSUSED */
1448 static int
1449 getsockname1(td, uap, compat)
1450 	struct thread *td;
1451 	register struct getsockname_args /* {
1452 		int	fdes;
1453 		struct sockaddr * __restrict asa;
1454 		socklen_t * __restrict alen;
1455 	} */ *uap;
1456 	int compat;
1457 {
1458 	struct sockaddr *sa;
1459 	socklen_t len;
1460 	int error;
1461 
1462 	error = copyin(uap->alen, &len, sizeof(len));
1463 	if (error)
1464 		return (error);
1465 
1466 	error = kern_getsockname(td, uap->fdes, &sa, &len);
1467 	if (error)
1468 		return (error);
1469 
1470 	if (len != 0) {
1471 #ifdef COMPAT_OLDSOCK
1472 		if (compat)
1473 			((struct osockaddr *)sa)->sa_family = sa->sa_family;
1474 #endif
1475 		error = copyout(sa, uap->asa, (u_int)len);
1476 	}
1477 	free(sa, M_SONAME);
1478 	if (error == 0)
1479 		error = copyout(&len, uap->alen, sizeof(len));
1480 	return (error);
1481 }
1482 
1483 int
1484 kern_getsockname(struct thread *td, int fd, struct sockaddr **sa,
1485     socklen_t *alen)
1486 {
1487 	struct socket *so;
1488 	struct file *fp;
1489 	socklen_t len;
1490 	int error;
1491 
1492 	if (*alen < 0)
1493 		return (EINVAL);
1494 
1495 	NET_LOCK_GIANT();
1496 	error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
1497 	if (error)
1498 		goto done;
1499 	so = fp->f_data;
1500 	*sa = NULL;
1501 	error = (*so->so_proto->pr_usrreqs->pru_sockaddr)(so, sa);
1502 	if (error)
1503 		goto bad;
1504 	if (*sa == NULL)
1505 		len = 0;
1506 	else
1507 		len = MIN(*alen, (*sa)->sa_len);
1508 	*alen = len;
1509 bad:
1510 	fdrop(fp, td);
1511 	if (error && *sa) {
1512 		free(*sa, M_SONAME);
1513 		*sa = NULL;
1514 	}
1515 done:
1516 	NET_UNLOCK_GIANT();
1517 	return (error);
1518 }
1519 
1520 int
1521 getsockname(td, uap)
1522 	struct thread *td;
1523 	struct getsockname_args *uap;
1524 {
1525 
1526 	return (getsockname1(td, uap, 0));
1527 }
1528 
1529 #ifdef COMPAT_OLDSOCK
1530 int
1531 ogetsockname(td, uap)
1532 	struct thread *td;
1533 	struct getsockname_args *uap;
1534 {
1535 
1536 	return (getsockname1(td, uap, 1));
1537 }
1538 #endif /* COMPAT_OLDSOCK */
1539 
1540 /*
1541  * getpeername1() - Get name of peer for connected socket.
1542  */
1543 /* ARGSUSED */
1544 static int
1545 getpeername1(td, uap, compat)
1546 	struct thread *td;
1547 	register struct getpeername_args /* {
1548 		int	fdes;
1549 		struct sockaddr * __restrict	asa;
1550 		socklen_t * __restrict	alen;
1551 	} */ *uap;
1552 	int compat;
1553 {
1554 	struct sockaddr *sa;
1555 	socklen_t len;
1556 	int error;
1557 
1558 	error = copyin(uap->alen, &len, sizeof (len));
1559 	if (error)
1560 		return (error);
1561 
1562 	error = kern_getpeername(td, uap->fdes, &sa, &len);
1563 	if (error)
1564 		return (error);
1565 
1566 	if (len != 0) {
1567 #ifdef COMPAT_OLDSOCK
1568 		if (compat)
1569 			((struct osockaddr *)sa)->sa_family = sa->sa_family;
1570 #endif
1571 		error = copyout(sa, uap->asa, (u_int)len);
1572 	}
1573 	free(sa, M_SONAME);
1574 	if (error == 0)
1575 		error = copyout(&len, uap->alen, sizeof(len));
1576 	return (error);
1577 }
1578 
1579 int
1580 kern_getpeername(struct thread *td, int fd, struct sockaddr **sa,
1581     socklen_t *alen)
1582 {
1583 	struct socket *so;
1584 	struct file *fp;
1585 	socklen_t len;
1586 	int error;
1587 
1588 	if (*alen < 0)
1589 		return (EINVAL);
1590 
1591 	NET_LOCK_GIANT();
1592 	error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
1593 	if (error)
1594 		goto done2;
1595 	so = fp->f_data;
1596 	if ((so->so_state & (SS_ISCONNECTED|SS_ISCONFIRMING)) == 0) {
1597 		error = ENOTCONN;
1598 		goto done1;
1599 	}
1600 	*sa = NULL;
1601 	error = (*so->so_proto->pr_usrreqs->pru_peeraddr)(so, sa);
1602 	if (error)
1603 		goto bad;
1604 	if (*sa == NULL)
1605 		len = 0;
1606 	else
1607 		len = MIN(*alen, (*sa)->sa_len);
1608 	*alen = len;
1609 bad:
1610 	if (error && *sa) {
1611 		free(*sa, M_SONAME);
1612 		*sa = NULL;
1613 	}
1614 done1:
1615 	fdrop(fp, td);
1616 done2:
1617 	NET_UNLOCK_GIANT();
1618 	return (error);
1619 }
1620 
1621 int
1622 getpeername(td, uap)
1623 	struct thread *td;
1624 	struct getpeername_args *uap;
1625 {
1626 
1627 	return (getpeername1(td, uap, 0));
1628 }
1629 
1630 #ifdef COMPAT_OLDSOCK
1631 int
1632 ogetpeername(td, uap)
1633 	struct thread *td;
1634 	struct ogetpeername_args *uap;
1635 {
1636 
1637 	/* XXX uap should have type `getpeername_args *' to begin with. */
1638 	return (getpeername1(td, (struct getpeername_args *)uap, 1));
1639 }
1640 #endif /* COMPAT_OLDSOCK */
1641 
1642 int
1643 sockargs(mp, buf, buflen, type)
1644 	struct mbuf **mp;
1645 	caddr_t buf;
1646 	int buflen, type;
1647 {
1648 	register struct sockaddr *sa;
1649 	register struct mbuf *m;
1650 	int error;
1651 
1652 	if ((u_int)buflen > MLEN) {
1653 #ifdef COMPAT_OLDSOCK
1654 		if (type == MT_SONAME && (u_int)buflen <= 112)
1655 			buflen = MLEN;		/* unix domain compat. hack */
1656 		else
1657 #endif
1658 			if ((u_int)buflen > MCLBYTES)
1659 				return (EINVAL);
1660 	}
1661 	m = m_get(M_TRYWAIT, type);
1662 	if (m == NULL)
1663 		return (ENOBUFS);
1664 	if ((u_int)buflen > MLEN) {
1665 		MCLGET(m, M_TRYWAIT);
1666 		if ((m->m_flags & M_EXT) == 0) {
1667 			m_free(m);
1668 			return (ENOBUFS);
1669 		}
1670 	}
1671 	m->m_len = buflen;
1672 	error = copyin(buf, mtod(m, caddr_t), (u_int)buflen);
1673 	if (error)
1674 		(void) m_free(m);
1675 	else {
1676 		*mp = m;
1677 		if (type == MT_SONAME) {
1678 			sa = mtod(m, struct sockaddr *);
1679 
1680 #if defined(COMPAT_OLDSOCK) && BYTE_ORDER != BIG_ENDIAN
1681 			if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1682 				sa->sa_family = sa->sa_len;
1683 #endif
1684 			sa->sa_len = buflen;
1685 		}
1686 	}
1687 	return (error);
1688 }
1689 
1690 int
1691 getsockaddr(namp, uaddr, len)
1692 	struct sockaddr **namp;
1693 	caddr_t uaddr;
1694 	size_t len;
1695 {
1696 	struct sockaddr *sa;
1697 	int error;
1698 
1699 	if (len > SOCK_MAXADDRLEN)
1700 		return (ENAMETOOLONG);
1701 	if (len < offsetof(struct sockaddr, sa_data[0]))
1702 		return (EINVAL);
1703 	MALLOC(sa, struct sockaddr *, len, M_SONAME, M_WAITOK);
1704 	error = copyin(uaddr, sa, len);
1705 	if (error) {
1706 		FREE(sa, M_SONAME);
1707 	} else {
1708 #if defined(COMPAT_OLDSOCK) && BYTE_ORDER != BIG_ENDIAN
1709 		if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1710 			sa->sa_family = sa->sa_len;
1711 #endif
1712 		sa->sa_len = len;
1713 		*namp = sa;
1714 	}
1715 	return (error);
1716 }
1717 
1718 /*
1719  * Detach mapped page and release resources back to the system.
1720  */
1721 void
1722 sf_buf_mext(void *addr, void *args)
1723 {
1724 	vm_page_t m;
1725 
1726 	m = sf_buf_page(args);
1727 	sf_buf_free(args);
1728 	vm_page_lock_queues();
1729 	vm_page_unwire(m, 0);
1730 	/*
1731 	 * Check for the object going away on us. This can
1732 	 * happen since we don't hold a reference to it.
1733 	 * If so, we're responsible for freeing the page.
1734 	 */
1735 	if (m->wire_count == 0 && m->object == NULL)
1736 		vm_page_free(m);
1737 	vm_page_unlock_queues();
1738 }
1739 
1740 /*
1741  * sendfile(2)
1742  *
1743  * int sendfile(int fd, int s, off_t offset, size_t nbytes,
1744  *	 struct sf_hdtr *hdtr, off_t *sbytes, int flags)
1745  *
1746  * Send a file specified by 'fd' and starting at 'offset' to a socket
1747  * specified by 's'. Send only 'nbytes' of the file or until EOF if nbytes ==
1748  * 0.  Optionally add a header and/or trailer to the socket output.  If
1749  * specified, write the total number of bytes sent into *sbytes.
1750  */
1751 int
1752 sendfile(struct thread *td, struct sendfile_args *uap)
1753 {
1754 
1755 	return (do_sendfile(td, uap, 0));
1756 }
1757 
1758 static int
1759 do_sendfile(struct thread *td, struct sendfile_args *uap, int compat)
1760 {
1761 	struct sf_hdtr hdtr;
1762 	struct uio *hdr_uio, *trl_uio;
1763 	int error;
1764 
1765 	hdr_uio = trl_uio = NULL;
1766 
1767 	if (uap->hdtr != NULL) {
1768 		error = copyin(uap->hdtr, &hdtr, sizeof(hdtr));
1769 		if (error)
1770 			goto out;
1771 		if (hdtr.headers != NULL) {
1772 			error = copyinuio(hdtr.headers, hdtr.hdr_cnt, &hdr_uio);
1773 			if (error)
1774 				goto out;
1775 		}
1776 		if (hdtr.trailers != NULL) {
1777 			error = copyinuio(hdtr.trailers, hdtr.trl_cnt, &trl_uio);
1778 			if (error)
1779 				goto out;
1780 
1781 		}
1782 	}
1783 
1784 	error = kern_sendfile(td, uap, hdr_uio, trl_uio, compat);
1785 out:
1786 	if (hdr_uio)
1787 		free(hdr_uio, M_IOV);
1788 	if (trl_uio)
1789 		free(trl_uio, M_IOV);
1790 	return (error);
1791 }
1792 
1793 #ifdef COMPAT_FREEBSD4
1794 int
1795 freebsd4_sendfile(struct thread *td, struct freebsd4_sendfile_args *uap)
1796 {
1797 	struct sendfile_args args;
1798 
1799 	args.fd = uap->fd;
1800 	args.s = uap->s;
1801 	args.offset = uap->offset;
1802 	args.nbytes = uap->nbytes;
1803 	args.hdtr = uap->hdtr;
1804 	args.sbytes = uap->sbytes;
1805 	args.flags = uap->flags;
1806 
1807 	return (do_sendfile(td, &args, 1));
1808 }
1809 #endif /* COMPAT_FREEBSD4 */
1810 
1811 int
1812 kern_sendfile(struct thread *td, struct sendfile_args *uap,
1813     struct uio *hdr_uio, struct uio *trl_uio, int compat)
1814 {
1815 	struct file *sock_fp;
1816 	struct vnode *vp;
1817 	struct vm_object *obj = NULL;
1818 	struct socket *so = NULL;
1819 	struct mbuf *m = NULL;
1820 	struct sf_buf *sf;
1821 	struct vm_page *pg;
1822 	off_t off, xfsize, sbytes = 0, rem = 0;
1823 	int error, mnw = 0;
1824 	int vfslocked;
1825 
1826 	NET_LOCK_GIANT();
1827 
1828 	/*
1829 	 * The file descriptor must be a regular file and have a
1830 	 * backing VM object.
1831 	 * File offset must be positive.  If it goes beyond EOF
1832 	 * we send only the header/trailer and no payload data.
1833 	 */
1834 	if ((error = fgetvp_read(td, uap->fd, &vp)) != 0)
1835 		goto out;
1836 	vfslocked = VFS_LOCK_GIANT(vp->v_mount);
1837 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
1838 	obj = vp->v_object;
1839 	if (obj != NULL) {
1840 		/*
1841 		 * Temporarily increase the backing VM object's reference
1842 		 * count so that a forced reclamation of its vnode does not
1843 		 * immediately destroy it.
1844 		 */
1845 		VM_OBJECT_LOCK(obj);
1846 		if ((obj->flags & OBJ_DEAD) == 0) {
1847 			vm_object_reference_locked(obj);
1848 			VM_OBJECT_UNLOCK(obj);
1849 		} else {
1850 			VM_OBJECT_UNLOCK(obj);
1851 			obj = NULL;
1852 		}
1853 	}
1854 	VOP_UNLOCK(vp, 0, td);
1855 	VFS_UNLOCK_GIANT(vfslocked);
1856 	if (obj == NULL) {
1857 		error = EINVAL;
1858 		goto out;
1859 	}
1860 	if (uap->offset < 0) {
1861 		error = EINVAL;
1862 		goto out;
1863 	}
1864 
1865 	/*
1866 	 * The socket must be a stream socket and connected.
1867 	 * Remember if it a blocking or non-blocking socket.
1868 	 */
1869 	if ((error = getsock(td->td_proc->p_fd, uap->s, &sock_fp,
1870 	    NULL)) != 0)
1871 		goto out;
1872 	so = sock_fp->f_data;
1873 	if (so->so_type != SOCK_STREAM) {
1874 		error = EINVAL;
1875 		goto out;
1876 	}
1877 	if ((so->so_state & SS_ISCONNECTED) == 0) {
1878 		error = ENOTCONN;
1879 		goto out;
1880 	}
1881 	/*
1882 	 * Do not wait on memory allocations but return ENOMEM for
1883 	 * caller to retry later.
1884 	 * XXX: Experimental.
1885 	 */
1886 	if (uap->flags & SF_MNOWAIT)
1887 		mnw = 1;
1888 
1889 #ifdef MAC
1890 	SOCK_LOCK(so);
1891 	error = mac_check_socket_send(td->td_ucred, so);
1892 	SOCK_UNLOCK(so);
1893 	if (error)
1894 		goto out;
1895 #endif
1896 
1897 	/* If headers are specified copy them into mbufs. */
1898 	if (hdr_uio != NULL) {
1899 		hdr_uio->uio_td = td;
1900 		hdr_uio->uio_rw = UIO_WRITE;
1901 		if (hdr_uio->uio_resid > 0) {
1902 			/*
1903 			 * In FBSD < 5.0 the nbytes to send also included
1904 			 * the header.  If compat is specified subtract the
1905 			 * header size from nbytes.
1906 			 */
1907 			if (compat) {
1908 				if (uap->nbytes > hdr_uio->uio_resid)
1909 					uap->nbytes -= hdr_uio->uio_resid;
1910 				else
1911 					uap->nbytes = 0;
1912 			}
1913 			m = m_uiotombuf(hdr_uio, (mnw ? M_NOWAIT : M_WAITOK),
1914 			    0, 0, 0);
1915 			if (m == NULL) {
1916 				error = mnw ? EAGAIN : ENOBUFS;
1917 				goto out;
1918 			}
1919 		}
1920 	}
1921 
1922 	/* Protect against multiple writers to the socket. */
1923 	SOCKBUF_LOCK(&so->so_snd);
1924 	(void) sblock(&so->so_snd, M_WAITOK);
1925 	SOCKBUF_UNLOCK(&so->so_snd);
1926 
1927 	/*
1928 	 * Loop through the pages of the file, starting with the requested
1929 	 * offset. Get a file page (do I/O if necessary), map the file page
1930 	 * into an sf_buf, attach an mbuf header to the sf_buf, and queue
1931 	 * it on the socket.
1932 	 * This is done in two loops.  The inner loop turns as many pages
1933 	 * as it can, up to available socket buffer space, without blocking
1934 	 * into mbufs to have it bulk delivered into the socket send buffer.
1935 	 * The outer loop checks the state and available space of the socket
1936 	 * and takes care of the overall progress.
1937 	 */
1938 	for (off = uap->offset; ; ) {
1939 		int loopbytes = 0;
1940 		int space = 0;
1941 		int done = 0;
1942 
1943 		/*
1944 		 * Check the socket state for ongoing connection,
1945 		 * no errors and space in socket buffer.
1946 		 * If space is low allow for the remainder of the
1947 		 * file to be processed if it fits the socket buffer.
1948 		 * Otherwise block in waiting for sufficient space
1949 		 * to proceed, or if the socket is nonblocking, return
1950 		 * to userland with EAGAIN while reporting how far
1951 		 * we've come.
1952 		 * We wait until the socket buffer has significant free
1953 		 * space to do bulk sends.  This makes good use of file
1954 		 * system read ahead and allows packet segmentation
1955 		 * offloading hardware to take over lots of work.  If
1956 		 * we were not careful here we would send off only one
1957 		 * sfbuf at a time.
1958 		 */
1959 		SOCKBUF_LOCK(&so->so_snd);
1960 		if (so->so_snd.sb_lowat < so->so_snd.sb_hiwat / 2)
1961 			so->so_snd.sb_lowat = so->so_snd.sb_hiwat / 2;
1962 retry_space:
1963 		if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
1964 			error = EPIPE;
1965 			SOCKBUF_UNLOCK(&so->so_snd);
1966 			goto done;
1967 		} else if (so->so_error) {
1968 			error = so->so_error;
1969 			so->so_error = 0;
1970 			SOCKBUF_UNLOCK(&so->so_snd);
1971 			goto done;
1972 		}
1973 		space = sbspace(&so->so_snd);
1974 		if (space < rem &&
1975 		    (space <= 0 ||
1976 		     space < so->so_snd.sb_lowat)) {
1977 			if (so->so_state & SS_NBIO) {
1978 				SOCKBUF_UNLOCK(&so->so_snd);
1979 				error = EAGAIN;
1980 				goto done;
1981 			}
1982 			/*
1983 			 * sbwait drops the lock while sleeping.
1984 			 * When we loop back to retry_space the
1985 			 * state may have changed and we retest
1986 			 * for it.
1987 			 */
1988 			error = sbwait(&so->so_snd);
1989 			/*
1990 			 * An error from sbwait usually indicates that we've
1991 			 * been interrupted by a signal. If we've sent anything
1992 			 * then return bytes sent, otherwise return the error.
1993 			 */
1994 			if (error) {
1995 				SOCKBUF_UNLOCK(&so->so_snd);
1996 				goto done;
1997 			}
1998 			goto retry_space;
1999 		}
2000 		SOCKBUF_UNLOCK(&so->so_snd);
2001 
2002 		/*
2003 		 * Loop and construct maximum sized mbuf chain to be bulk
2004 		 * dumped into socket buffer.
2005 		 */
2006 		while(space > loopbytes) {
2007 			vm_pindex_t pindex;
2008 			vm_offset_t pgoff;
2009 			struct mbuf *m0;
2010 
2011 			VM_OBJECT_LOCK(obj);
2012 			/*
2013 			 * Calculate the amount to transfer.
2014 			 * Not to exceed a page, the EOF,
2015 			 * or the passed in nbytes.
2016 			 */
2017 			pgoff = (vm_offset_t)(off & PAGE_MASK);
2018 			xfsize = omin(PAGE_SIZE - pgoff,
2019 			    obj->un_pager.vnp.vnp_size - uap->offset -
2020 			    sbytes - loopbytes);
2021 			if (uap->nbytes)
2022 				rem = (uap->nbytes - sbytes - loopbytes);
2023 			else
2024 				rem = obj->un_pager.vnp.vnp_size - uap->offset -
2025 				    sbytes - loopbytes;
2026 			xfsize = omin(rem, xfsize);
2027 			if (xfsize <= 0) {
2028 				VM_OBJECT_UNLOCK(obj);
2029 				done = 1;		/* all data sent */
2030 				break;
2031 			}
2032 			/*
2033 			 * Don't overflow the send buffer.
2034 			 * Stop here and send out what we've
2035 			 * already got.
2036 			 */
2037 			if (space < loopbytes + xfsize) {
2038 				VM_OBJECT_UNLOCK(obj);
2039 				break;
2040 			}
2041 
2042 			/*
2043 			 * Attempt to look up the page.
2044 			 * Allocate if not found or
2045 			 * wait and loop if busy.
2046 			 */
2047 			pindex = OFF_TO_IDX(off);
2048 			pg = vm_page_grab(obj, pindex, VM_ALLOC_NOBUSY |
2049 			    VM_ALLOC_NORMAL | VM_ALLOC_WIRED | VM_ALLOC_RETRY);
2050 
2051 			/*
2052 			 * Check if page is valid for what we need,
2053 			 * otherwise initiate I/O.
2054 			 * If we already turned some pages into mbufs,
2055 			 * send them off before we come here again and
2056 			 * block.
2057 			 */
2058 			if (pg->valid && vm_page_is_valid(pg, pgoff, xfsize))
2059 				VM_OBJECT_UNLOCK(obj);
2060 			else if (m != NULL)
2061 				error = EAGAIN;	/* send what we already got */
2062 			else if (uap->flags & SF_NODISKIO)
2063 				error = EBUSY;
2064 			else {
2065 				int bsize, resid;
2066 
2067 				/*
2068 				 * Ensure that our page is still around
2069 				 * when the I/O completes.
2070 				 */
2071 				vm_page_io_start(pg);
2072 				VM_OBJECT_UNLOCK(obj);
2073 
2074 				/*
2075 				 * Get the page from backing store.
2076 				 */
2077 				bsize = vp->v_mount->mnt_stat.f_iosize;
2078 				vfslocked = VFS_LOCK_GIANT(vp->v_mount);
2079 				vn_lock(vp, LK_SHARED | LK_RETRY, td);
2080 
2081 				/*
2082 				 * XXXMAC: Because we don't have fp->f_cred
2083 				 * here, we pass in NOCRED.  This is probably
2084 				 * wrong, but is consistent with our original
2085 				 * implementation.
2086 				 */
2087 				error = vn_rdwr(UIO_READ, vp, NULL, MAXBSIZE,
2088 				    trunc_page(off), UIO_NOCOPY, IO_NODELOCKED |
2089 				    IO_VMIO | ((MAXBSIZE / bsize) << IO_SEQSHIFT),
2090 				    td->td_ucred, NOCRED, &resid, td);
2091 				VOP_UNLOCK(vp, 0, td);
2092 				VFS_UNLOCK_GIANT(vfslocked);
2093 				VM_OBJECT_LOCK(obj);
2094 				vm_page_io_finish(pg);
2095 				if (!error)
2096 					VM_OBJECT_UNLOCK(obj);
2097 				mbstat.sf_iocnt++;
2098 			}
2099 			if (error) {
2100 				vm_page_lock_queues();
2101 				vm_page_unwire(pg, 0);
2102 				/*
2103 				 * See if anyone else might know about
2104 				 * this page.  If not and it is not valid,
2105 				 * then free it.
2106 				 */
2107 				if (pg->wire_count == 0 && pg->valid == 0 &&
2108 				    pg->busy == 0 && !(pg->oflags & VPO_BUSY) &&
2109 				    pg->hold_count == 0) {
2110 					vm_page_free(pg);
2111 				}
2112 				vm_page_unlock_queues();
2113 				VM_OBJECT_UNLOCK(obj);
2114 				if (error == EAGAIN)
2115 					error = 0;	/* not a real error */
2116 				break;
2117 			}
2118 
2119 			/*
2120 			 * Get a sendfile buf.  We usually wait as long
2121 			 * as necessary, but this wait can be interrupted.
2122 			 */
2123 			if ((sf = sf_buf_alloc(pg,
2124 			    (mnw ? SFB_NOWAIT : SFB_CATCH))) == NULL) {
2125 				mbstat.sf_allocfail++;
2126 				vm_page_lock_queues();
2127 				vm_page_unwire(pg, 0);
2128 				/*
2129 				 * XXX: Not same check as above!?
2130 				 */
2131 				if (pg->wire_count == 0 && pg->object == NULL)
2132 					vm_page_free(pg);
2133 				vm_page_unlock_queues();
2134 				error = (mnw ? EAGAIN : EINTR);
2135 				break;
2136 			}
2137 
2138 			/*
2139 			 * Get an mbuf and set it up as having
2140 			 * external storage.
2141 			 */
2142 			m0 = m_get((mnw ? M_NOWAIT : M_WAITOK), MT_DATA);
2143 			if (m0 == NULL) {
2144 				error = (mnw ? EAGAIN : ENOBUFS);
2145 				sf_buf_mext((void *)sf_buf_kva(sf), sf);
2146 				break;
2147 			}
2148 			MEXTADD(m0, sf_buf_kva(sf), PAGE_SIZE, sf_buf_mext,
2149 			    sf, M_RDONLY, EXT_SFBUF);
2150 			m0->m_data = (char *)sf_buf_kva(sf) + pgoff;
2151 			m0->m_len = xfsize;
2152 
2153 			/* Append to mbuf chain. */
2154 			if (m != NULL)
2155 				m_cat(m, m0);
2156 			else
2157 				m = m0;
2158 
2159 			/* Keep track of bits processed. */
2160 			loopbytes += xfsize;
2161 			off += xfsize;
2162 		}
2163 
2164 		/* Add the buffer chain to the socket buffer. */
2165 		if (m != NULL) {
2166 			int mlen;
2167 
2168 			mlen = m_length(m, NULL);
2169 			SOCKBUF_LOCK(&so->so_snd);
2170 			if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2171 				error = EPIPE;
2172 				SOCKBUF_UNLOCK(&so->so_snd);
2173 				goto done;
2174 			}
2175 			SOCKBUF_UNLOCK(&so->so_snd);
2176 			error = (*so->so_proto->pr_usrreqs->pru_send)
2177 				    (so, 0, m, NULL, NULL, td);
2178 			if (!error)
2179 				sbytes += mlen;
2180 			m = NULL;	/* pru_send always consumes */
2181 		}
2182 
2183 		/* Quit outer loop on error or when we're done. */
2184 		if (error || done)
2185 			goto done;
2186 	}
2187 
2188 	/*
2189 	 * Send trailers. Wimp out and use writev(2).
2190 	 */
2191 	if (trl_uio != NULL) {
2192 		error = kern_writev(td, uap->s, trl_uio);
2193 		if (error)
2194 			goto done;
2195 		sbytes += td->td_retval[0];
2196 	}
2197 
2198 done:
2199 	SOCKBUF_LOCK(&so->so_snd);
2200 	sbunlock(&so->so_snd);
2201 	SOCKBUF_UNLOCK(&so->so_snd);
2202 out:
2203 	/*
2204 	 * If there was no error we have to clear td->td_retval[0]
2205 	 * because it may have been set by writev.
2206 	 */
2207 	if (error == 0) {
2208 		td->td_retval[0] = 0;
2209 	}
2210 	if (uap->sbytes != NULL) {
2211 		copyout(&sbytes, uap->sbytes, sizeof(off_t));
2212 	}
2213 	if (obj != NULL)
2214 		vm_object_deallocate(obj);
2215 	if (vp != NULL) {
2216 		vfslocked = VFS_LOCK_GIANT(vp->v_mount);
2217 		vrele(vp);
2218 		VFS_UNLOCK_GIANT(vfslocked);
2219 	}
2220 	if (so)
2221 		fdrop(sock_fp, td);
2222 	if (m)
2223 		m_freem(m);
2224 
2225 	NET_UNLOCK_GIANT();
2226 
2227 	if (error == ERESTART)
2228 		error = EINTR;
2229 
2230 	return (error);
2231 }
2232 
2233 /*
2234  * SCTP syscalls.
2235  * Functionality only compiled in if SCTP is defined in the kernel Makefile,
2236  * otherwise all return EOPNOTSUPP.
2237  * XXX: We should make this loadable one day.
2238  */
2239 int
2240 sctp_peeloff(td, uap)
2241 	struct thread *td;
2242 	struct sctp_peeloff_args /* {
2243 		int	sd;
2244 		caddr_t	name;
2245 	} */ *uap;
2246 {
2247 #ifdef SCTP
2248 	struct filedesc *fdp;
2249 	struct file *nfp = NULL;
2250 	int error;
2251 	struct socket *head, *so;
2252 	int fd;
2253 	u_int fflag;
2254 
2255 	fdp = td->td_proc->p_fd;
2256 	error = fgetsock(td, uap->sd, &head, &fflag);
2257 	if (error)
2258 		goto done2;
2259 	error = sctp_can_peel_off(head, (sctp_assoc_t)uap->name);
2260 	if (error)
2261 		goto done2;
2262 	/*
2263 	 * At this point we know we do have a assoc to pull
2264 	 * we proceed to get the fd setup. This may block
2265 	 * but that is ok.
2266 	 */
2267 
2268 	error = falloc(td, &nfp, &fd);
2269 	if (error)
2270 		goto done;
2271 	td->td_retval[0] = fd;
2272 
2273 	so = sonewconn(head, SS_ISCONNECTED);
2274 	if (so == NULL)
2275 		goto noconnection;
2276 	/*
2277 	 * Before changing the flags on the socket, we have to bump the
2278 	 * reference count.  Otherwise, if the protocol calls sofree(),
2279 	 * the socket will be released due to a zero refcount.
2280 	 */
2281         SOCK_LOCK(so);
2282         soref(so);                      /* file descriptor reference */
2283         SOCK_UNLOCK(so);
2284 
2285 	ACCEPT_LOCK();
2286 
2287 	TAILQ_REMOVE(&head->so_comp, so, so_list);
2288 	head->so_qlen--;
2289 	so->so_state |= (head->so_state & SS_NBIO);
2290 	so->so_state &= ~SS_NOFDREF;
2291 	so->so_qstate &= ~SQ_COMP;
2292 	so->so_head = NULL;
2293 
2294 	ACCEPT_UNLOCK();
2295 
2296 	error = sctp_do_peeloff(head, so, (sctp_assoc_t)uap->name);
2297 	if (error)
2298 		goto noconnection;
2299 	if (head->so_sigio != NULL)
2300 		fsetown(fgetown(&head->so_sigio), &so->so_sigio);
2301 
2302 	FILE_LOCK(nfp);
2303 	nfp->f_data = so;
2304 	nfp->f_flag = fflag;
2305 	nfp->f_type = DTYPE_SOCKET;
2306 	nfp->f_ops = &socketops;
2307 	FILE_UNLOCK(nfp);
2308 
2309 noconnection:
2310 	/*
2311 	 * close the new descriptor, assuming someone hasn't ripped it
2312 	 * out from under us.
2313 	 */
2314 	if (error)
2315 		fdclose(fdp, nfp, fd, td);
2316 
2317 	/*
2318 	 * Release explicitly held references before returning.
2319 	 */
2320 done:
2321 	if (nfp != NULL)
2322 		fdrop(nfp, td);
2323 	fputsock(head);
2324 done2:
2325 	return (error);
2326 #else  /* SCTP */
2327 	return (EOPNOTSUPP);
2328 #endif /* SCTP */
2329 }
2330 
2331 int
2332 sctp_generic_sendmsg (td, uap)
2333 	struct thread *td;
2334 	struct sctp_generic_sendmsg_args /* {
2335 		int sd,
2336 		caddr_t msg,
2337 		int mlen,
2338 		caddr_t to,
2339 		__socklen_t tolen,
2340 		struct sctp_sndrcvinfo *sinfo,
2341 		int flags
2342 	} */ *uap;
2343 {
2344 #ifdef SCTP
2345 	struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL;
2346 	struct socket *so;
2347 	struct file *fp;
2348 	int use_rcvinfo = 1;
2349 	int error = 0, len;
2350 	struct sockaddr *to = NULL;
2351 #ifdef KTRACE
2352 	struct uio *ktruio = NULL;
2353 #endif
2354 	struct uio auio;
2355 	struct iovec iov[1];
2356 
2357 	if (uap->sinfo) {
2358 		error = copyin(uap->sinfo, &sinfo, sizeof (sinfo));
2359 		if (error)
2360 			return (error);
2361 		u_sinfo = &sinfo;
2362 	}
2363 	if (uap->tolen) {
2364 		error = getsockaddr(&to, uap->to, uap->tolen);
2365 		if (error) {
2366 			to = NULL;
2367 			goto sctp_bad2;
2368 		}
2369 	}
2370 
2371 	error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
2372 	if (error)
2373 		goto sctp_bad;
2374 
2375 	iov[0].iov_base = uap->msg;
2376 	iov[0].iov_len = uap->mlen;
2377 
2378 	so = (struct socket *)fp->f_data;
2379 #ifdef MAC
2380 	SOCK_LOCK(so);
2381 	error = mac_check_socket_send(td->td_ucred, so);
2382 	SOCK_UNLOCK(so);
2383 	if (error)
2384 		goto sctp_bad;
2385 #endif /* MAC */
2386 
2387 	auio.uio_iov =  iov;
2388 	auio.uio_iovcnt = 1;
2389 	auio.uio_segflg = UIO_USERSPACE;
2390 	auio.uio_rw = UIO_WRITE;
2391 	auio.uio_td = td;
2392 	auio.uio_offset = 0;			/* XXX */
2393 	auio.uio_resid = 0;
2394 	len = auio.uio_resid = uap->mlen;
2395 	error = sctp_lower_sosend(so, to, &auio,
2396 		    (struct mbuf *)NULL, (struct mbuf *)NULL,
2397 		    uap->flags, use_rcvinfo, u_sinfo, td);
2398 	if (error) {
2399 		if (auio.uio_resid != len && (error == ERESTART ||
2400 		    error == EINTR || error == EWOULDBLOCK))
2401 			error = 0;
2402 		/* Generation of SIGPIPE can be controlled per socket. */
2403 		if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
2404 		    !(uap->flags & MSG_NOSIGNAL)) {
2405 			PROC_LOCK(td->td_proc);
2406 			psignal(td->td_proc, SIGPIPE);
2407 			PROC_UNLOCK(td->td_proc);
2408 		}
2409 	}
2410 	if (error == 0)
2411 		td->td_retval[0] = len - auio.uio_resid;
2412 #ifdef KTRACE
2413 	if (ktruio != NULL) {
2414 		ktruio->uio_resid = td->td_retval[0];
2415 		ktrgenio(uap->sd, UIO_WRITE, ktruio, error);
2416 	}
2417 #endif /* KTRACE */
2418 sctp_bad:
2419 	fdrop(fp, td);
2420 sctp_bad2:
2421 	if (to)
2422 		free(to, M_SONAME);
2423 	return (error);
2424 #else  /* SCTP */
2425 	return (EOPNOTSUPP);
2426 #endif /* SCTP */
2427 }
2428 
2429 int
2430 sctp_generic_sendmsg_iov(td, uap)
2431 	struct thread *td;
2432 	struct sctp_generic_sendmsg_iov_args /* {
2433 		int sd,
2434 		struct iovec *iov,
2435 		int iovlen,
2436 		caddr_t to,
2437 		__socklen_t tolen,
2438 		struct sctp_sndrcvinfo *sinfo,
2439 		int flags
2440 	} */ *uap;
2441 {
2442 #ifdef SCTP
2443 	struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL;
2444 	struct socket *so;
2445 	struct file *fp;
2446 	int use_rcvinfo = 1;
2447 	int error=0, len, i;
2448 	struct sockaddr *to = NULL;
2449 #ifdef KTRACE
2450 	struct uio *ktruio = NULL;
2451 #endif
2452 	struct uio auio;
2453 	struct iovec *iov, *tiov;
2454 
2455 	if (uap->sinfo) {
2456 		error = copyin(uap->sinfo, &sinfo, sizeof (sinfo));
2457 		if (error)
2458 			return (error);
2459 		u_sinfo = &sinfo;
2460 	}
2461 	if (uap->tolen) {
2462 		error = getsockaddr(&to, uap->to, uap->tolen);
2463 		if (error) {
2464 			to = NULL;
2465 			goto sctp_bad2;
2466 		}
2467 	}
2468 
2469 	error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
2470 	if (error)
2471 		goto sctp_bad1;
2472 
2473 	error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE);
2474 	if (error)
2475 		goto sctp_bad1;
2476 
2477 	so = (struct socket *)fp->f_data;
2478 #ifdef MAC
2479 	SOCK_LOCK(so);
2480 	error = mac_check_socket_send(td->td_ucred, so);
2481 	SOCK_UNLOCK(so);
2482 	if (error)
2483 		goto sctp_bad;
2484 #endif /* MAC */
2485 
2486 	auio.uio_iov =  iov;
2487 	auio.uio_iovcnt = uap->iovlen;
2488 	auio.uio_segflg = UIO_USERSPACE;
2489 	auio.uio_rw = UIO_WRITE;
2490 	auio.uio_td = td;
2491 	auio.uio_offset = 0;			/* XXX */
2492 	auio.uio_resid = 0;
2493 	tiov = iov;
2494 	for (i = 0; i <uap->iovlen; i++, tiov++) {
2495 		if ((auio.uio_resid += tiov->iov_len) < 0) {
2496 			error = EINVAL;
2497 			goto sctp_bad;
2498 		}
2499 	}
2500 	len = auio.uio_resid;
2501 	error = sctp_lower_sosend(so, to, &auio,
2502 		    (struct mbuf *)NULL, (struct mbuf *)NULL,
2503 		    uap->flags, use_rcvinfo, u_sinfo, td);
2504 	if (error) {
2505 		if (auio.uio_resid != len && (error == ERESTART ||
2506 		    error == EINTR || error == EWOULDBLOCK))
2507 			error = 0;
2508 		/* Generation of SIGPIPE can be controlled per socket */
2509 		if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
2510 		    !(uap->flags & MSG_NOSIGNAL)) {
2511 			PROC_LOCK(td->td_proc);
2512 			psignal(td->td_proc, SIGPIPE);
2513 			PROC_UNLOCK(td->td_proc);
2514 		}
2515 	}
2516 	if (error == 0)
2517 		td->td_retval[0] = len - auio.uio_resid;
2518 #ifdef KTRACE
2519 	if (ktruio != NULL) {
2520 		ktruio->uio_resid = td->td_retval[0];
2521 		ktrgenio(uap->sd, UIO_WRITE, ktruio, error);
2522 	}
2523 #endif /* KTRACE */
2524 sctp_bad:
2525 	free(iov, M_IOV);
2526 sctp_bad1:
2527 	fdrop(fp, td);
2528 sctp_bad2:
2529 	if (to)
2530 		free(to, M_SONAME);
2531 	return (error);
2532 #else  /* SCTP */
2533 	return (EOPNOTSUPP);
2534 #endif /* SCTP */
2535 }
2536 
2537 int
2538 sctp_generic_recvmsg(td, uap)
2539 	struct thread *td;
2540 	struct sctp_generic_recvmsg_args /* {
2541 		int sd,
2542 		struct iovec *iov,
2543 		int iovlen,
2544 		struct sockaddr *from,
2545 		__socklen_t *fromlenaddr,
2546 		struct sctp_sndrcvinfo *sinfo,
2547 		int *msg_flags
2548 	} */ *uap;
2549 {
2550 #ifdef SCTP
2551 	u_int8_t sockbufstore[256];
2552 	struct uio auio;
2553 	struct iovec *iov, *tiov;
2554 	struct sctp_sndrcvinfo sinfo;
2555 	struct socket *so;
2556 	struct file *fp;
2557 	struct sockaddr *fromsa;
2558 	int fromlen;
2559 	int len, i, msg_flags;
2560 	int error = 0;
2561 #ifdef KTRACE
2562 	struct uio *ktruio = NULL;
2563 #endif
2564 	error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
2565 	if (error) {
2566 		return (error);
2567 	}
2568 	error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE);
2569 	if (error) {
2570 		goto out1;
2571 	}
2572 
2573 	so = fp->f_data;
2574 #ifdef MAC
2575 	SOCK_LOCK(so);
2576 	error = mac_check_socket_receive(td->td_ucred, so);
2577 	SOCK_UNLOCK(so);
2578 	if (error) {
2579 		goto out;
2580 		return (error);
2581 	}
2582 #endif /* MAC */
2583 
2584 	if (uap->fromlenaddr) {
2585 		error = copyin(uap->fromlenaddr,
2586 		    &fromlen, sizeof (fromlen));
2587 		if (error) {
2588 			goto out;
2589 		}
2590 	} else {
2591 		fromlen = 0;
2592 	}
2593 	if(uap->msg_flags) {
2594 		error = copyin(uap->msg_flags, &msg_flags, sizeof (int));
2595 		if (error) {
2596 			goto out;
2597 		}
2598 	} else {
2599 		msg_flags = 0;
2600 	}
2601 	auio.uio_iov = iov;
2602 	auio.uio_iovcnt = uap->iovlen;
2603   	auio.uio_segflg = UIO_USERSPACE;
2604 	auio.uio_rw = UIO_READ;
2605 	auio.uio_td = td;
2606 	auio.uio_offset = 0;			/* XXX */
2607 	auio.uio_resid = 0;
2608 	tiov = iov;
2609 	for (i = 0; i <uap->iovlen; i++, tiov++) {
2610 		if ((auio.uio_resid += tiov->iov_len) < 0) {
2611 			error = EINVAL;
2612 			goto out;
2613 		}
2614 	}
2615 	len = auio.uio_resid;
2616 	fromsa = (struct sockaddr *)sockbufstore;
2617 
2618 #ifdef KTRACE
2619 	if (KTRPOINT(td, KTR_GENIO))
2620 		ktruio = cloneuio(&auio);
2621 #endif /* KTRACE */
2622 	error = sctp_sorecvmsg(so, &auio, (struct mbuf **)NULL,
2623 		    fromsa, fromlen, &msg_flags,
2624 		    (struct sctp_sndrcvinfo *)&sinfo, 1);
2625 	if (error) {
2626 		if (auio.uio_resid != (int)len && (error == ERESTART ||
2627 		    error == EINTR || error == EWOULDBLOCK))
2628 			error = 0;
2629 	} else {
2630 		if (uap->sinfo)
2631 			error = copyout(&sinfo, uap->sinfo, sizeof (sinfo));
2632 	}
2633 #ifdef KTRACE
2634 	if (ktruio != NULL) {
2635 		ktruio->uio_resid = (int)len - auio.uio_resid;
2636 		ktrgenio(uap->sd, UIO_READ, ktruio, error);
2637 	}
2638 #endif /* KTRACE */
2639 	if (error)
2640 		goto out;
2641 	td->td_retval[0] = (int)len - auio.uio_resid;
2642 
2643 	if (fromlen && uap->from) {
2644 		len = fromlen;
2645 		if (len <= 0 || fromsa == 0)
2646 			len = 0;
2647 		else {
2648 			len = MIN(len, fromsa->sa_len);
2649 			error = copyout(fromsa, uap->from, (unsigned)len);
2650 			if (error)
2651 				goto out;
2652 		}
2653 		error = copyout(&len, uap->fromlenaddr, sizeof (socklen_t));
2654 		if (error) {
2655 			goto out;
2656 		}
2657 	}
2658 	if (uap->msg_flags) {
2659 		error = copyout(&msg_flags, uap->msg_flags, sizeof (int));
2660 		if (error) {
2661 			goto out;
2662 		}
2663 	}
2664 out:
2665 	free(iov, M_IOV);
2666 out1:
2667 	fdrop(fp, td);
2668 	return (error);
2669 #else  /* SCTP */
2670 	return (EOPNOTSUPP);
2671 #endif /* SCTP */
2672 }
2673