1 /* 2 * Copyright (c) 1982, 1986, 1989, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * From: @(#)uipc_usrreq.c 8.3 (Berkeley) 1/4/94 34 * $Id: uipc_usrreq.c,v 1.26 1997/09/02 20:05:59 bde Exp $ 35 */ 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/kernel.h> 40 #include <sys/domain.h> 41 #include <sys/fcntl.h> 42 #include <sys/file.h> 43 #include <sys/filedesc.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 #include <sys/namei.h> 47 #include <sys/proc.h> 48 #include <sys/protosw.h> 49 #include <sys/socket.h> 50 #include <sys/socketvar.h> 51 #include <sys/stat.h> 52 #include <sys/sysctl.h> 53 #include <sys/un.h> 54 #include <sys/vnode.h> 55 56 /* 57 * Unix communications domain. 58 * 59 * TODO: 60 * SEQPACKET, RDM 61 * rethink name space problems 62 * need a proper out-of-band 63 */ 64 static struct sockaddr sun_noname = { sizeof(sun_noname), AF_LOCAL }; 65 static ino_t unp_ino; /* prototype for fake inode numbers */ 66 67 static int unp_attach __P((struct socket *)); 68 static void unp_detach __P((struct unpcb *)); 69 static int unp_bind __P((struct unpcb *,struct sockaddr *, struct proc *)); 70 static int unp_connect __P((struct socket *,struct sockaddr *, 71 struct proc *)); 72 static void unp_disconnect __P((struct unpcb *)); 73 static void unp_shutdown __P((struct unpcb *)); 74 static void unp_drop __P((struct unpcb *, int)); 75 static void unp_gc __P((void)); 76 static void unp_scan __P((struct mbuf *, void (*)(struct file *))); 77 static void unp_mark __P((struct file *)); 78 static void unp_discard __P((struct file *)); 79 static int unp_internalize __P((struct mbuf *, struct proc *)); 80 81 static int 82 uipc_abort(struct socket *so) 83 { 84 struct unpcb *unp = sotounpcb(so); 85 86 if (unp == 0) 87 return EINVAL; 88 unp_drop(unp, ECONNABORTED); 89 return 0; 90 } 91 92 static int 93 uipc_accept(struct socket *so, struct sockaddr **nam) 94 { 95 struct unpcb *unp = sotounpcb(so); 96 97 if (unp == 0) 98 return EINVAL; 99 100 /* 101 * Pass back name of connected socket, 102 * if it was bound and we are still connected 103 * (our peer may have closed already!). 104 */ 105 if (unp->unp_conn && unp->unp_conn->unp_addr) { 106 *nam = dup_sockaddr((struct sockaddr *)unp->unp_conn->unp_addr, 107 1); 108 } else { 109 *nam = dup_sockaddr((struct sockaddr *)&sun_noname, 1); 110 } 111 return 0; 112 } 113 114 static int 115 uipc_attach(struct socket *so, int proto, struct proc *p) 116 { 117 struct unpcb *unp = sotounpcb(so); 118 119 if (unp != 0) 120 return EISCONN; 121 return unp_attach(so); 122 } 123 124 static int 125 uipc_bind(struct socket *so, struct sockaddr *nam, struct proc *p) 126 { 127 struct unpcb *unp = sotounpcb(so); 128 129 if (unp == 0) 130 return EINVAL; 131 132 return unp_bind(unp, nam, p); 133 } 134 135 static int 136 uipc_connect(struct socket *so, struct sockaddr *nam, struct proc *p) 137 { 138 struct unpcb *unp = sotounpcb(so); 139 140 if (unp == 0) 141 return EINVAL; 142 return unp_connect(so, nam, curproc); 143 } 144 145 static int 146 uipc_connect2(struct socket *so1, struct socket *so2) 147 { 148 struct unpcb *unp = sotounpcb(so1); 149 150 if (unp == 0) 151 return EINVAL; 152 153 return unp_connect2(so1, so2); 154 } 155 156 /* control is EOPNOTSUPP */ 157 158 static int 159 uipc_detach(struct socket *so) 160 { 161 struct unpcb *unp = sotounpcb(so); 162 163 if (unp == 0) 164 return EINVAL; 165 166 unp_detach(unp); 167 return 0; 168 } 169 170 static int 171 uipc_disconnect(struct socket *so) 172 { 173 struct unpcb *unp = sotounpcb(so); 174 175 if (unp == 0) 176 return EINVAL; 177 unp_disconnect(unp); 178 return 0; 179 } 180 181 static int 182 uipc_listen(struct socket *so, struct proc *p) 183 { 184 struct unpcb *unp = sotounpcb(so); 185 186 if (unp == 0 || unp->unp_vnode == 0) 187 return EINVAL; 188 return 0; 189 } 190 191 static int 192 uipc_peeraddr(struct socket *so, struct sockaddr **nam) 193 { 194 struct unpcb *unp = sotounpcb(so); 195 196 if (unp == 0) 197 return EINVAL; 198 if (unp->unp_conn && unp->unp_conn->unp_addr) 199 *nam = dup_sockaddr((struct sockaddr *)unp->unp_conn->unp_addr, 200 1); 201 return 0; 202 } 203 204 static int 205 uipc_rcvd(struct socket *so, int flags) 206 { 207 struct unpcb *unp = sotounpcb(so); 208 struct socket *so2; 209 210 if (unp == 0) 211 return EINVAL; 212 switch (so->so_type) { 213 case SOCK_DGRAM: 214 panic("uipc_rcvd DGRAM?"); 215 /*NOTREACHED*/ 216 217 case SOCK_STREAM: 218 #define rcv (&so->so_rcv) 219 #define snd (&so2->so_snd) 220 if (unp->unp_conn == 0) 221 break; 222 so2 = unp->unp_conn->unp_socket; 223 /* 224 * Adjust backpressure on sender 225 * and wakeup any waiting to write. 226 */ 227 snd->sb_mbmax += unp->unp_mbcnt - rcv->sb_mbcnt; 228 unp->unp_mbcnt = rcv->sb_mbcnt; 229 snd->sb_hiwat += unp->unp_cc - rcv->sb_cc; 230 unp->unp_cc = rcv->sb_cc; 231 sowwakeup(so2); 232 #undef snd 233 #undef rcv 234 break; 235 236 default: 237 panic("uipc_rcvd unknown socktype"); 238 } 239 return 0; 240 } 241 242 /* pru_rcvoob is EOPNOTSUPP */ 243 244 static int 245 uipc_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, 246 struct mbuf *control, struct proc *p) 247 { 248 int error = 0; 249 struct unpcb *unp = sotounpcb(so); 250 struct socket *so2; 251 252 if (unp == 0) { 253 error = EINVAL; 254 goto release; 255 } 256 if (flags & PRUS_OOB) { 257 error = EOPNOTSUPP; 258 goto release; 259 } 260 261 if (control && (error = unp_internalize(control, p))) 262 goto release; 263 264 switch (so->so_type) { 265 case SOCK_DGRAM: 266 { 267 struct sockaddr *from; 268 269 if (nam) { 270 if (unp->unp_conn) { 271 error = EISCONN; 272 break; 273 } 274 error = unp_connect(so, nam, p); 275 if (error) 276 break; 277 } else { 278 if (unp->unp_conn == 0) { 279 error = ENOTCONN; 280 break; 281 } 282 } 283 so2 = unp->unp_conn->unp_socket; 284 if (unp->unp_addr) 285 from = (struct sockaddr *)unp->unp_addr; 286 else 287 from = &sun_noname; 288 if (sbappendaddr(&so2->so_rcv, from, m, control)) { 289 sorwakeup(so2); 290 m = 0; 291 control = 0; 292 } else 293 error = ENOBUFS; 294 if (nam) 295 unp_disconnect(unp); 296 break; 297 } 298 299 case SOCK_STREAM: 300 #define rcv (&so2->so_rcv) 301 #define snd (&so->so_snd) 302 /* Connect if not connected yet. */ 303 /* 304 * Note: A better implementation would complain 305 * if not equal to the peer's address. 306 */ 307 if ((so->so_state & SS_ISCONNECTED) == 0) { 308 if (nam) { 309 error = unp_connect(so, nam, p); 310 if (error) 311 break; /* XXX */ 312 } else { 313 error = ENOTCONN; 314 break; 315 } 316 } 317 318 if (so->so_state & SS_CANTSENDMORE) { 319 error = EPIPE; 320 break; 321 } 322 if (unp->unp_conn == 0) 323 panic("uipc_send connected but no connection?"); 324 so2 = unp->unp_conn->unp_socket; 325 /* 326 * Send to paired receive port, and then reduce 327 * send buffer hiwater marks to maintain backpressure. 328 * Wake up readers. 329 */ 330 if (control) { 331 if (sbappendcontrol(rcv, m, control)) 332 control = 0; 333 } else 334 sbappend(rcv, m); 335 snd->sb_mbmax -= 336 rcv->sb_mbcnt - unp->unp_conn->unp_mbcnt; 337 unp->unp_conn->unp_mbcnt = rcv->sb_mbcnt; 338 snd->sb_hiwat -= rcv->sb_cc - unp->unp_conn->unp_cc; 339 unp->unp_conn->unp_cc = rcv->sb_cc; 340 sorwakeup(so2); 341 m = 0; 342 #undef snd 343 #undef rcv 344 break; 345 346 default: 347 panic("uipc_send unknown socktype"); 348 } 349 350 /* 351 * SEND_EOF is equivalent to a SEND followed by 352 * a SHUTDOWN. 353 */ 354 if (flags & PRUS_EOF) { 355 socantsendmore(so); 356 unp_shutdown(unp); 357 } 358 359 release: 360 if (control) 361 m_freem(control); 362 if (m) 363 m_freem(m); 364 return error; 365 } 366 367 static int 368 uipc_sense(struct socket *so, struct stat *sb) 369 { 370 struct unpcb *unp = sotounpcb(so); 371 struct socket *so2; 372 373 if (unp == 0) 374 return EINVAL; 375 sb->st_blksize = so->so_snd.sb_hiwat; 376 if (so->so_type == SOCK_STREAM && unp->unp_conn != 0) { 377 so2 = unp->unp_conn->unp_socket; 378 sb->st_blksize += so2->so_rcv.sb_cc; 379 } 380 sb->st_dev = NODEV; 381 if (unp->unp_ino == 0) 382 unp->unp_ino = unp_ino++; 383 sb->st_ino = unp->unp_ino; 384 return (0); 385 } 386 387 static int 388 uipc_shutdown(struct socket *so) 389 { 390 struct unpcb *unp = sotounpcb(so); 391 392 if (unp == 0) 393 return EINVAL; 394 socantsendmore(so); 395 unp_shutdown(unp); 396 return 0; 397 } 398 399 static int 400 uipc_sockaddr(struct socket *so, struct sockaddr **nam) 401 { 402 struct unpcb *unp = sotounpcb(so); 403 404 if (unp == 0) 405 return EINVAL; 406 if (unp->unp_addr) 407 *nam = dup_sockaddr((struct sockaddr *)unp->unp_addr, 1); 408 return 0; 409 } 410 411 struct pr_usrreqs uipc_usrreqs = { 412 uipc_abort, uipc_accept, uipc_attach, uipc_bind, uipc_connect, 413 uipc_connect2, pru_control_notsupp, uipc_detach, uipc_disconnect, 414 uipc_listen, uipc_peeraddr, uipc_rcvd, pru_rcvoob_notsupp, 415 uipc_send, uipc_sense, uipc_shutdown, uipc_sockaddr, 416 sosend, soreceive, sopoll 417 }; 418 419 /* 420 * Both send and receive buffers are allocated PIPSIZ bytes of buffering 421 * for stream sockets, although the total for sender and receiver is 422 * actually only PIPSIZ. 423 * Datagram sockets really use the sendspace as the maximum datagram size, 424 * and don't really want to reserve the sendspace. Their recvspace should 425 * be large enough for at least one max-size datagram plus address. 426 */ 427 #ifndef PIPSIZ 428 #define PIPSIZ 8192 429 #endif 430 static u_long unpst_sendspace = PIPSIZ; 431 static u_long unpst_recvspace = PIPSIZ; 432 static u_long unpdg_sendspace = 2*1024; /* really max datagram size */ 433 static u_long unpdg_recvspace = 4*1024; 434 435 static int unp_rights; /* file descriptors in flight */ 436 437 SYSCTL_INT(_net_local_stream, OID_AUTO, sendspace, CTLFLAG_RW, 438 &unpst_sendspace, 0, ""); 439 SYSCTL_INT(_net_local_stream, OID_AUTO, recvspace, CTLFLAG_RW, 440 &unpst_recvspace, 0, ""); 441 SYSCTL_INT(_net_local_dgram, OID_AUTO, maxdgram, CTLFLAG_RW, 442 &unpdg_sendspace, 0, ""); 443 SYSCTL_INT(_net_local_dgram, OID_AUTO, recvspace, CTLFLAG_RW, 444 &unpdg_recvspace, 0, ""); 445 SYSCTL_INT(_net_local, OID_AUTO, inflight, CTLFLAG_RD, &unp_rights, 0, ""); 446 447 static int 448 unp_attach(so) 449 struct socket *so; 450 { 451 register struct mbuf *m; 452 register struct unpcb *unp; 453 int error; 454 455 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { 456 switch (so->so_type) { 457 458 case SOCK_STREAM: 459 error = soreserve(so, unpst_sendspace, unpst_recvspace); 460 break; 461 462 case SOCK_DGRAM: 463 error = soreserve(so, unpdg_sendspace, unpdg_recvspace); 464 break; 465 466 default: 467 panic("unp_attach"); 468 } 469 if (error) 470 return (error); 471 } 472 MALLOC(unp, struct unpcb *, sizeof *unp, M_PCB, M_NOWAIT); 473 if (unp == NULL) 474 return (ENOBUFS); 475 bzero(unp, sizeof *unp); 476 so->so_pcb = (caddr_t)unp; 477 unp->unp_socket = so; 478 return (0); 479 } 480 481 static void 482 unp_detach(unp) 483 register struct unpcb *unp; 484 { 485 if (unp->unp_vnode) { 486 unp->unp_vnode->v_socket = 0; 487 vrele(unp->unp_vnode); 488 unp->unp_vnode = 0; 489 } 490 if (unp->unp_conn) 491 unp_disconnect(unp); 492 while (unp->unp_refs) 493 unp_drop(unp->unp_refs, ECONNRESET); 494 soisdisconnected(unp->unp_socket); 495 unp->unp_socket->so_pcb = 0; 496 if (unp_rights) { 497 /* 498 * Normally the receive buffer is flushed later, 499 * in sofree, but if our receive buffer holds references 500 * to descriptors that are now garbage, we will dispose 501 * of those descriptor references after the garbage collector 502 * gets them (resulting in a "panic: closef: count < 0"). 503 */ 504 sorflush(unp->unp_socket); 505 unp_gc(); 506 } 507 if (unp->unp_addr) 508 FREE(unp->unp_addr, M_SONAME); 509 FREE(unp, M_PCB); 510 } 511 512 static int 513 unp_bind(unp, nam, p) 514 struct unpcb *unp; 515 struct sockaddr *nam; 516 struct proc *p; 517 { 518 struct sockaddr_un *soun = (struct sockaddr_un *)nam; 519 register struct vnode *vp; 520 struct vattr vattr; 521 int error, namelen; 522 struct nameidata nd; 523 char buf[SOCK_MAXADDRLEN]; 524 525 if (unp->unp_vnode != NULL) 526 return (EINVAL); 527 #define offsetof(s, e) ((char *)&((s *)0)->e - (char *)((s *)0)) 528 namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path); 529 if (namelen <= 0) 530 return EINVAL; 531 strncpy(buf, soun->sun_path, namelen); 532 buf[namelen] = 0; /* null-terminate the string */ 533 NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT, UIO_SYSSPACE, 534 buf, p); 535 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */ 536 error = namei(&nd); 537 if (error) 538 return (error); 539 vp = nd.ni_vp; 540 if (vp != NULL) { 541 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd); 542 if (nd.ni_dvp == vp) 543 vrele(nd.ni_dvp); 544 else 545 vput(nd.ni_dvp); 546 vrele(vp); 547 return (EADDRINUSE); 548 } 549 VATTR_NULL(&vattr); 550 vattr.va_type = VSOCK; 551 vattr.va_mode = (ACCESSPERMS & ~p->p_fd->fd_cmask); 552 VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE); 553 if (error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr)) 554 return (error); 555 vp = nd.ni_vp; 556 vp->v_socket = unp->unp_socket; 557 unp->unp_vnode = vp; 558 unp->unp_addr = (struct sockaddr_un *)dup_sockaddr(nam, 1); 559 VOP_UNLOCK(vp, 0, p); 560 return (0); 561 } 562 563 static int 564 unp_connect(so, nam, p) 565 struct socket *so; 566 struct sockaddr *nam; 567 struct proc *p; 568 { 569 register struct sockaddr_un *soun = (struct sockaddr_un *)nam; 570 register struct vnode *vp; 571 register struct socket *so2, *so3; 572 struct unpcb *unp2, *unp3; 573 int error, len; 574 struct nameidata nd; 575 char buf[SOCK_MAXADDRLEN]; 576 577 len = nam->sa_len - offsetof(struct sockaddr_un, sun_path); 578 if (len <= 0) 579 return EINVAL; 580 strncpy(buf, soun->sun_path, len); 581 buf[len] = 0; 582 583 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, buf, p); 584 error = namei(&nd); 585 if (error) 586 return (error); 587 vp = nd.ni_vp; 588 if (vp->v_type != VSOCK) { 589 error = ENOTSOCK; 590 goto bad; 591 } 592 error = VOP_ACCESS(vp, VWRITE, p->p_ucred, p); 593 if (error) 594 goto bad; 595 so2 = vp->v_socket; 596 if (so2 == 0) { 597 error = ECONNREFUSED; 598 goto bad; 599 } 600 if (so->so_type != so2->so_type) { 601 error = EPROTOTYPE; 602 goto bad; 603 } 604 if (so->so_proto->pr_flags & PR_CONNREQUIRED) { 605 if ((so2->so_options & SO_ACCEPTCONN) == 0 || 606 (so3 = sonewconn(so2, 0)) == 0) { 607 error = ECONNREFUSED; 608 goto bad; 609 } 610 unp2 = sotounpcb(so2); 611 unp3 = sotounpcb(so3); 612 if (unp2->unp_addr) 613 unp3->unp_addr = (struct sockaddr_un *) 614 dup_sockaddr((struct sockaddr *) 615 unp2->unp_addr, 1); 616 so2 = so3; 617 } 618 error = unp_connect2(so, so2); 619 bad: 620 vput(vp); 621 return (error); 622 } 623 624 int 625 unp_connect2(so, so2) 626 register struct socket *so; 627 register struct socket *so2; 628 { 629 register struct unpcb *unp = sotounpcb(so); 630 register struct unpcb *unp2; 631 632 if (so2->so_type != so->so_type) 633 return (EPROTOTYPE); 634 unp2 = sotounpcb(so2); 635 unp->unp_conn = unp2; 636 switch (so->so_type) { 637 638 case SOCK_DGRAM: 639 unp->unp_nextref = unp2->unp_refs; 640 unp2->unp_refs = unp; 641 soisconnected(so); 642 break; 643 644 case SOCK_STREAM: 645 unp2->unp_conn = unp; 646 soisconnected(so); 647 soisconnected(so2); 648 break; 649 650 default: 651 panic("unp_connect2"); 652 } 653 return (0); 654 } 655 656 static void 657 unp_disconnect(unp) 658 struct unpcb *unp; 659 { 660 register struct unpcb *unp2 = unp->unp_conn; 661 662 if (unp2 == 0) 663 return; 664 unp->unp_conn = 0; 665 switch (unp->unp_socket->so_type) { 666 667 case SOCK_DGRAM: 668 if (unp2->unp_refs == unp) 669 unp2->unp_refs = unp->unp_nextref; 670 else { 671 unp2 = unp2->unp_refs; 672 for (;;) { 673 if (unp2 == 0) 674 panic("unp_disconnect"); 675 if (unp2->unp_nextref == unp) 676 break; 677 unp2 = unp2->unp_nextref; 678 } 679 unp2->unp_nextref = unp->unp_nextref; 680 } 681 unp->unp_nextref = 0; 682 unp->unp_socket->so_state &= ~SS_ISCONNECTED; 683 break; 684 685 case SOCK_STREAM: 686 soisdisconnected(unp->unp_socket); 687 unp2->unp_conn = 0; 688 soisdisconnected(unp2->unp_socket); 689 break; 690 } 691 } 692 693 #ifdef notdef 694 void 695 unp_abort(unp) 696 struct unpcb *unp; 697 { 698 699 unp_detach(unp); 700 } 701 #endif 702 703 static void 704 unp_shutdown(unp) 705 struct unpcb *unp; 706 { 707 struct socket *so; 708 709 if (unp->unp_socket->so_type == SOCK_STREAM && unp->unp_conn && 710 (so = unp->unp_conn->unp_socket)) 711 socantrcvmore(so); 712 } 713 714 static void 715 unp_drop(unp, errno) 716 struct unpcb *unp; 717 int errno; 718 { 719 struct socket *so = unp->unp_socket; 720 721 so->so_error = errno; 722 unp_disconnect(unp); 723 if (so->so_head) { 724 so->so_pcb = (caddr_t) 0; 725 if (unp->unp_addr) 726 FREE(unp->unp_addr, M_SONAME); 727 FREE(unp, M_PCB); 728 sofree(so); 729 } 730 } 731 732 #ifdef notdef 733 void 734 unp_drain() 735 { 736 737 } 738 #endif 739 740 int 741 unp_externalize(rights) 742 struct mbuf *rights; 743 { 744 struct proc *p = curproc; /* XXX */ 745 register int i; 746 register struct cmsghdr *cm = mtod(rights, struct cmsghdr *); 747 register struct file **rp = (struct file **)(cm + 1); 748 register struct file *fp; 749 int newfds = (cm->cmsg_len - sizeof(*cm)) / sizeof (int); 750 int f; 751 752 /* 753 * if the new FD's will not fit, then we free them all 754 */ 755 if (!fdavail(p, newfds)) { 756 for (i = 0; i < newfds; i++) { 757 fp = *rp; 758 unp_discard(fp); 759 *rp++ = 0; 760 } 761 return (EMSGSIZE); 762 } 763 /* 764 * now change each pointer to an fd in the global table to 765 * an integer that is the index to the local fd table entry 766 * that we set up to point to the global one we are transferring. 767 * XXX this assumes a pointer and int are the same size...! 768 */ 769 for (i = 0; i < newfds; i++) { 770 if (fdalloc(p, 0, &f)) 771 panic("unp_externalize"); 772 fp = *rp; 773 p->p_fd->fd_ofiles[f] = fp; 774 fp->f_msgcount--; 775 unp_rights--; 776 *(int *)rp++ = f; 777 } 778 return (0); 779 } 780 781 #ifndef MIN 782 #define MIN(a,b) (((a)<(b))?(a):(b)) 783 #endif 784 785 static int 786 unp_internalize(control, p) 787 struct mbuf *control; 788 struct proc *p; 789 { 790 struct filedesc *fdp = p->p_fd; 791 register struct cmsghdr *cm = mtod(control, struct cmsghdr *); 792 register struct file **rp; 793 register struct file *fp; 794 register int i, fd; 795 register struct cmsgcred *cmcred; 796 int oldfds; 797 798 if ((cm->cmsg_type != SCM_RIGHTS && cm->cmsg_type != SCM_CREDS) || 799 cm->cmsg_level != SOL_SOCKET || cm->cmsg_len != control->m_len) 800 return (EINVAL); 801 802 /* 803 * Fill in credential information. 804 */ 805 if (cm->cmsg_type == SCM_CREDS) { 806 cmcred = (struct cmsgcred *)(cm + 1); 807 cmcred->cmcred_pid = p->p_pid; 808 cmcred->cmcred_uid = p->p_cred->p_ruid; 809 cmcred->cmcred_gid = p->p_cred->p_rgid; 810 cmcred->cmcred_euid = p->p_ucred->cr_uid; 811 cmcred->cmcred_ngroups = MIN(p->p_ucred->cr_ngroups, 812 CMGROUP_MAX); 813 for (i = 0; i < cmcred->cmcred_ngroups; i++) 814 cmcred->cmcred_groups[i] = p->p_ucred->cr_groups[i]; 815 return(0); 816 } 817 818 oldfds = (cm->cmsg_len - sizeof (*cm)) / sizeof (int); 819 /* 820 * check that all the FDs passed in refer to legal OPEN files 821 * If not, reject the entire operation. 822 */ 823 rp = (struct file **)(cm + 1); 824 for (i = 0; i < oldfds; i++) { 825 fd = *(int *)rp++; 826 if ((unsigned)fd >= fdp->fd_nfiles || 827 fdp->fd_ofiles[fd] == NULL) 828 return (EBADF); 829 } 830 /* 831 * Now replace the integer FDs with pointers to 832 * the associated global file table entry.. 833 * XXX this assumes a pointer and an int are the same size! 834 */ 835 rp = (struct file **)(cm + 1); 836 for (i = 0; i < oldfds; i++) { 837 fp = fdp->fd_ofiles[*(int *)rp]; 838 *rp++ = fp; 839 fp->f_count++; 840 fp->f_msgcount++; 841 unp_rights++; 842 } 843 return (0); 844 } 845 846 static int unp_defer, unp_gcing; 847 848 static void 849 unp_gc() 850 { 851 register struct file *fp, *nextfp; 852 register struct socket *so; 853 struct file **extra_ref, **fpp; 854 int nunref, i; 855 856 if (unp_gcing) 857 return; 858 unp_gcing = 1; 859 unp_defer = 0; 860 /* 861 * before going through all this, set all FDs to 862 * be NOT defered and NOT externally accessible 863 */ 864 for (fp = filehead.lh_first; fp != 0; fp = fp->f_list.le_next) 865 fp->f_flag &= ~(FMARK|FDEFER); 866 do { 867 for (fp = filehead.lh_first; fp != 0; fp = fp->f_list.le_next) { 868 /* 869 * If the file is not open, skip it 870 */ 871 if (fp->f_count == 0) 872 continue; 873 /* 874 * If we already marked it as 'defer' in a 875 * previous pass, then try process it this time 876 * and un-mark it 877 */ 878 if (fp->f_flag & FDEFER) { 879 fp->f_flag &= ~FDEFER; 880 unp_defer--; 881 } else { 882 /* 883 * if it's not defered, then check if it's 884 * already marked.. if so skip it 885 */ 886 if (fp->f_flag & FMARK) 887 continue; 888 /* 889 * If all references are from messages 890 * in transit, then skip it. it's not 891 * externally accessible. 892 */ 893 if (fp->f_count == fp->f_msgcount) 894 continue; 895 /* 896 * If it got this far then it must be 897 * externally accessible. 898 */ 899 fp->f_flag |= FMARK; 900 } 901 /* 902 * either it was defered, or it is externally 903 * accessible and not already marked so. 904 * Now check if it is possibly one of OUR sockets. 905 */ 906 if (fp->f_type != DTYPE_SOCKET || 907 (so = (struct socket *)fp->f_data) == 0) 908 continue; 909 if (so->so_proto->pr_domain != &localdomain || 910 (so->so_proto->pr_flags&PR_RIGHTS) == 0) 911 continue; 912 #ifdef notdef 913 if (so->so_rcv.sb_flags & SB_LOCK) { 914 /* 915 * This is problematical; it's not clear 916 * we need to wait for the sockbuf to be 917 * unlocked (on a uniprocessor, at least), 918 * and it's also not clear what to do 919 * if sbwait returns an error due to receipt 920 * of a signal. If sbwait does return 921 * an error, we'll go into an infinite 922 * loop. Delete all of this for now. 923 */ 924 (void) sbwait(&so->so_rcv); 925 goto restart; 926 } 927 #endif 928 /* 929 * So, Ok, it's one of our sockets and it IS externally 930 * accessible (or was defered). Now we look 931 * to see if we hold any file descriptors in it's 932 * message buffers. Follow those links and mark them 933 * as accessible too. 934 */ 935 unp_scan(so->so_rcv.sb_mb, unp_mark); 936 } 937 } while (unp_defer); 938 /* 939 * We grab an extra reference to each of the file table entries 940 * that are not otherwise accessible and then free the rights 941 * that are stored in messages on them. 942 * 943 * The bug in the orginal code is a little tricky, so I'll describe 944 * what's wrong with it here. 945 * 946 * It is incorrect to simply unp_discard each entry for f_msgcount 947 * times -- consider the case of sockets A and B that contain 948 * references to each other. On a last close of some other socket, 949 * we trigger a gc since the number of outstanding rights (unp_rights) 950 * is non-zero. If during the sweep phase the gc code un_discards, 951 * we end up doing a (full) closef on the descriptor. A closef on A 952 * results in the following chain. Closef calls soo_close, which 953 * calls soclose. Soclose calls first (through the switch 954 * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply 955 * returns because the previous instance had set unp_gcing, and 956 * we return all the way back to soclose, which marks the socket 957 * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush 958 * to free up the rights that are queued in messages on the socket A, 959 * i.e., the reference on B. The sorflush calls via the dom_dispose 960 * switch unp_dispose, which unp_scans with unp_discard. This second 961 * instance of unp_discard just calls closef on B. 962 * 963 * Well, a similar chain occurs on B, resulting in a sorflush on B, 964 * which results in another closef on A. Unfortunately, A is already 965 * being closed, and the descriptor has already been marked with 966 * SS_NOFDREF, and soclose panics at this point. 967 * 968 * Here, we first take an extra reference to each inaccessible 969 * descriptor. Then, we call sorflush ourself, since we know 970 * it is a Unix domain socket anyhow. After we destroy all the 971 * rights carried in messages, we do a last closef to get rid 972 * of our extra reference. This is the last close, and the 973 * unp_detach etc will shut down the socket. 974 * 975 * 91/09/19, bsy@cs.cmu.edu 976 */ 977 extra_ref = malloc(nfiles * sizeof(struct file *), M_FILE, M_WAITOK); 978 for (nunref = 0, fp = filehead.lh_first, fpp = extra_ref; fp != 0; 979 fp = nextfp) { 980 nextfp = fp->f_list.le_next; 981 /* 982 * If it's not open, skip it 983 */ 984 if (fp->f_count == 0) 985 continue; 986 /* 987 * If all refs are from msgs, and it's not marked accessible 988 * then it must be referenced from some unreachable cycle 989 * of (shut-down) FDs, so include it in our 990 * list of FDs to remove 991 */ 992 if (fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) { 993 *fpp++ = fp; 994 nunref++; 995 fp->f_count++; 996 } 997 } 998 /* 999 * for each FD on our hit list, do the following two things 1000 */ 1001 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) 1002 sorflush((struct socket *)(*fpp)->f_data); 1003 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) 1004 closef(*fpp, (struct proc *) NULL); 1005 free((caddr_t)extra_ref, M_FILE); 1006 unp_gcing = 0; 1007 } 1008 1009 void 1010 unp_dispose(m) 1011 struct mbuf *m; 1012 { 1013 1014 if (m) 1015 unp_scan(m, unp_discard); 1016 } 1017 1018 static void 1019 unp_scan(m0, op) 1020 register struct mbuf *m0; 1021 void (*op) __P((struct file *)); 1022 { 1023 register struct mbuf *m; 1024 register struct file **rp; 1025 register struct cmsghdr *cm; 1026 register int i; 1027 int qfds; 1028 1029 while (m0) { 1030 for (m = m0; m; m = m->m_next) 1031 if (m->m_type == MT_CONTROL && 1032 m->m_len >= sizeof(*cm)) { 1033 cm = mtod(m, struct cmsghdr *); 1034 if (cm->cmsg_level != SOL_SOCKET || 1035 cm->cmsg_type != SCM_RIGHTS) 1036 continue; 1037 qfds = (cm->cmsg_len - sizeof *cm) 1038 / sizeof (struct file *); 1039 rp = (struct file **)(cm + 1); 1040 for (i = 0; i < qfds; i++) 1041 (*op)(*rp++); 1042 break; /* XXX, but saves time */ 1043 } 1044 m0 = m0->m_act; 1045 } 1046 } 1047 1048 static void 1049 unp_mark(fp) 1050 struct file *fp; 1051 { 1052 1053 if (fp->f_flag & FMARK) 1054 return; 1055 unp_defer++; 1056 fp->f_flag |= (FMARK|FDEFER); 1057 } 1058 1059 static void 1060 unp_discard(fp) 1061 struct file *fp; 1062 { 1063 1064 fp->f_msgcount--; 1065 unp_rights--; 1066 (void) closef(fp, (struct proc *)NULL); 1067 } 1068