1 /* 2 * Copyright (c) 1982, 1986, 1989, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * From: @(#)uipc_usrreq.c 8.3 (Berkeley) 1/4/94 34 */ 35 36 #include <sys/cdefs.h> 37 __FBSDID("$FreeBSD$"); 38 39 #include "opt_mac.h" 40 41 #include <sys/param.h> 42 #include <sys/domain.h> 43 #include <sys/fcntl.h> 44 #include <sys/malloc.h> /* XXX must be before <sys/file.h> */ 45 #include <sys/file.h> 46 #include <sys/filedesc.h> 47 #include <sys/jail.h> 48 #include <sys/kernel.h> 49 #include <sys/lock.h> 50 #include <sys/mac.h> 51 #include <sys/mbuf.h> 52 #include <sys/mutex.h> 53 #include <sys/namei.h> 54 #include <sys/proc.h> 55 #include <sys/protosw.h> 56 #include <sys/resourcevar.h> 57 #include <sys/socket.h> 58 #include <sys/socketvar.h> 59 #include <sys/signalvar.h> 60 #include <sys/stat.h> 61 #include <sys/sx.h> 62 #include <sys/sysctl.h> 63 #include <sys/systm.h> 64 #include <sys/un.h> 65 #include <sys/unpcb.h> 66 #include <sys/vnode.h> 67 68 #include <vm/uma.h> 69 70 static uma_zone_t unp_zone; 71 static unp_gen_t unp_gencnt; 72 static u_int unp_count; 73 74 static struct unp_head unp_shead, unp_dhead; 75 76 /* 77 * Unix communications domain. 78 * 79 * TODO: 80 * SEQPACKET, RDM 81 * rethink name space problems 82 * need a proper out-of-band 83 * lock pushdown 84 */ 85 static struct sockaddr sun_noname = { sizeof(sun_noname), AF_LOCAL }; 86 static ino_t unp_ino; /* prototype for fake inode numbers */ 87 88 static int unp_attach(struct socket *); 89 static void unp_detach(struct unpcb *); 90 static int unp_bind(struct unpcb *,struct sockaddr *, struct thread *); 91 static int unp_connect(struct socket *,struct sockaddr *, struct thread *); 92 static void unp_disconnect(struct unpcb *); 93 static void unp_shutdown(struct unpcb *); 94 static void unp_drop(struct unpcb *, int); 95 static void unp_gc(void); 96 static void unp_scan(struct mbuf *, void (*)(struct file *)); 97 static void unp_mark(struct file *); 98 static void unp_discard(struct file *); 99 static void unp_freerights(struct file **, int); 100 static int unp_internalize(struct mbuf **, struct thread *); 101 static int unp_listen(struct unpcb *, struct thread *); 102 103 static int 104 uipc_abort(struct socket *so) 105 { 106 struct unpcb *unp = sotounpcb(so); 107 108 if (unp == 0) 109 return (EINVAL); 110 unp_drop(unp, ECONNABORTED); 111 unp_detach(unp); 112 sotryfree(so); 113 return (0); 114 } 115 116 static int 117 uipc_accept(struct socket *so, struct sockaddr **nam) 118 { 119 struct unpcb *unp = sotounpcb(so); 120 121 if (unp == 0) 122 return (EINVAL); 123 124 /* 125 * Pass back name of connected socket, 126 * if it was bound and we are still connected 127 * (our peer may have closed already!). 128 */ 129 if (unp->unp_conn && unp->unp_conn->unp_addr) { 130 *nam = sodupsockaddr( 131 (struct sockaddr *)unp->unp_conn->unp_addr, M_WAITOK); 132 } else { 133 *nam = sodupsockaddr((struct sockaddr *)&sun_noname, 134 M_WAITOK); 135 } 136 return (0); 137 } 138 139 static int 140 uipc_attach(struct socket *so, int proto, struct thread *td) 141 { 142 struct unpcb *unp = sotounpcb(so); 143 144 if (unp != 0) 145 return (EISCONN); 146 return (unp_attach(so)); 147 } 148 149 static int 150 uipc_bind(struct socket *so, struct sockaddr *nam, struct thread *td) 151 { 152 struct unpcb *unp = sotounpcb(so); 153 154 if (unp == 0) 155 return (EINVAL); 156 157 return (unp_bind(unp, nam, td)); 158 } 159 160 static int 161 uipc_connect(struct socket *so, struct sockaddr *nam, struct thread *td) 162 { 163 struct unpcb *unp = sotounpcb(so); 164 165 if (unp == 0) 166 return (EINVAL); 167 return (unp_connect(so, nam, curthread)); 168 } 169 170 static int 171 uipc_connect2(struct socket *so1, struct socket *so2) 172 { 173 struct unpcb *unp = sotounpcb(so1); 174 175 if (unp == 0) 176 return (EINVAL); 177 178 return (unp_connect2(so1, so2)); 179 } 180 181 /* control is EOPNOTSUPP */ 182 183 static int 184 uipc_detach(struct socket *so) 185 { 186 struct unpcb *unp = sotounpcb(so); 187 188 if (unp == 0) 189 return (EINVAL); 190 191 unp_detach(unp); 192 return (0); 193 } 194 195 static int 196 uipc_disconnect(struct socket *so) 197 { 198 struct unpcb *unp = sotounpcb(so); 199 200 if (unp == 0) 201 return (EINVAL); 202 unp_disconnect(unp); 203 return (0); 204 } 205 206 static int 207 uipc_listen(struct socket *so, struct thread *td) 208 { 209 struct unpcb *unp = sotounpcb(so); 210 211 if (unp == 0 || unp->unp_vnode == 0) 212 return (EINVAL); 213 return (unp_listen(unp, td)); 214 } 215 216 static int 217 uipc_peeraddr(struct socket *so, struct sockaddr **nam) 218 { 219 struct unpcb *unp = sotounpcb(so); 220 221 if (unp == 0) 222 return (EINVAL); 223 if (unp->unp_conn && unp->unp_conn->unp_addr) 224 *nam = sodupsockaddr( 225 (struct sockaddr *)unp->unp_conn->unp_addr, M_WAITOK); 226 else { 227 /* 228 * XXX: It seems that this test always fails even when 229 * connection is established. So, this else clause is 230 * added as workaround to return PF_LOCAL sockaddr. 231 */ 232 *nam = sodupsockaddr((struct sockaddr *)&sun_noname, 233 M_WAITOK); 234 } 235 return (0); 236 } 237 238 static int 239 uipc_rcvd(struct socket *so, int flags) 240 { 241 struct unpcb *unp = sotounpcb(so); 242 struct socket *so2; 243 u_long newhiwat; 244 245 if (unp == 0) 246 return (EINVAL); 247 switch (so->so_type) { 248 case SOCK_DGRAM: 249 panic("uipc_rcvd DGRAM?"); 250 /*NOTREACHED*/ 251 252 case SOCK_STREAM: 253 if (unp->unp_conn == 0) 254 break; 255 so2 = unp->unp_conn->unp_socket; 256 /* 257 * Adjust backpressure on sender 258 * and wakeup any waiting to write. 259 */ 260 so2->so_snd.sb_mbmax += unp->unp_mbcnt - so->so_rcv.sb_mbcnt; 261 unp->unp_mbcnt = so->so_rcv.sb_mbcnt; 262 newhiwat = so2->so_snd.sb_hiwat + unp->unp_cc - 263 so->so_rcv.sb_cc; 264 (void)chgsbsize(so2->so_cred->cr_uidinfo, &so2->so_snd.sb_hiwat, 265 newhiwat, RLIM_INFINITY); 266 unp->unp_cc = so->so_rcv.sb_cc; 267 sowwakeup(so2); 268 break; 269 270 default: 271 panic("uipc_rcvd unknown socktype"); 272 } 273 return (0); 274 } 275 276 /* pru_rcvoob is EOPNOTSUPP */ 277 278 static int 279 uipc_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, 280 struct mbuf *control, struct thread *td) 281 { 282 int error = 0; 283 struct unpcb *unp = sotounpcb(so); 284 struct socket *so2; 285 u_long newhiwat; 286 287 if (unp == 0) { 288 error = EINVAL; 289 goto release; 290 } 291 if (flags & PRUS_OOB) { 292 error = EOPNOTSUPP; 293 goto release; 294 } 295 296 if (control && (error = unp_internalize(&control, td))) 297 goto release; 298 299 switch (so->so_type) { 300 case SOCK_DGRAM: 301 { 302 struct sockaddr *from; 303 304 if (nam) { 305 if (unp->unp_conn) { 306 error = EISCONN; 307 break; 308 } 309 error = unp_connect(so, nam, td); 310 if (error) 311 break; 312 } else { 313 if (unp->unp_conn == 0) { 314 error = ENOTCONN; 315 break; 316 } 317 } 318 so2 = unp->unp_conn->unp_socket; 319 if (unp->unp_addr) 320 from = (struct sockaddr *)unp->unp_addr; 321 else 322 from = &sun_noname; 323 if (sbappendaddr(&so2->so_rcv, from, m, control)) { 324 sorwakeup(so2); 325 m = 0; 326 control = 0; 327 } else { 328 error = ENOBUFS; 329 } 330 if (nam) 331 unp_disconnect(unp); 332 break; 333 } 334 335 case SOCK_STREAM: 336 /* Connect if not connected yet. */ 337 /* 338 * Note: A better implementation would complain 339 * if not equal to the peer's address. 340 */ 341 if ((so->so_state & SS_ISCONNECTED) == 0) { 342 if (nam) { 343 error = unp_connect(so, nam, td); 344 if (error) 345 break; /* XXX */ 346 } else { 347 error = ENOTCONN; 348 break; 349 } 350 } 351 352 if (so->so_state & SS_CANTSENDMORE) { 353 error = EPIPE; 354 break; 355 } 356 if (unp->unp_conn == 0) 357 panic("uipc_send connected but no connection?"); 358 so2 = unp->unp_conn->unp_socket; 359 /* 360 * Send to paired receive port, and then reduce 361 * send buffer hiwater marks to maintain backpressure. 362 * Wake up readers. 363 */ 364 if (control) { 365 if (sbappendcontrol(&so2->so_rcv, m, control)) 366 control = 0; 367 } else { 368 sbappend(&so2->so_rcv, m); 369 } 370 so->so_snd.sb_mbmax -= 371 so2->so_rcv.sb_mbcnt - unp->unp_conn->unp_mbcnt; 372 unp->unp_conn->unp_mbcnt = so2->so_rcv.sb_mbcnt; 373 newhiwat = so->so_snd.sb_hiwat - 374 (so2->so_rcv.sb_cc - unp->unp_conn->unp_cc); 375 (void)chgsbsize(so->so_cred->cr_uidinfo, &so->so_snd.sb_hiwat, 376 newhiwat, RLIM_INFINITY); 377 unp->unp_conn->unp_cc = so2->so_rcv.sb_cc; 378 sorwakeup(so2); 379 m = 0; 380 break; 381 382 default: 383 panic("uipc_send unknown socktype"); 384 } 385 386 /* 387 * SEND_EOF is equivalent to a SEND followed by 388 * a SHUTDOWN. 389 */ 390 if (flags & PRUS_EOF) { 391 socantsendmore(so); 392 unp_shutdown(unp); 393 } 394 395 if (control && error != 0) 396 unp_dispose(control); 397 398 release: 399 if (control) 400 m_freem(control); 401 if (m) 402 m_freem(m); 403 return (error); 404 } 405 406 static int 407 uipc_sense(struct socket *so, struct stat *sb) 408 { 409 struct unpcb *unp = sotounpcb(so); 410 struct socket *so2; 411 412 if (unp == 0) 413 return (EINVAL); 414 sb->st_blksize = so->so_snd.sb_hiwat; 415 if (so->so_type == SOCK_STREAM && unp->unp_conn != 0) { 416 so2 = unp->unp_conn->unp_socket; 417 sb->st_blksize += so2->so_rcv.sb_cc; 418 } 419 sb->st_dev = NOUDEV; 420 if (unp->unp_ino == 0) 421 unp->unp_ino = (++unp_ino == 0) ? ++unp_ino : unp_ino; 422 sb->st_ino = unp->unp_ino; 423 return (0); 424 } 425 426 static int 427 uipc_shutdown(struct socket *so) 428 { 429 struct unpcb *unp = sotounpcb(so); 430 431 if (unp == 0) 432 return (EINVAL); 433 socantsendmore(so); 434 unp_shutdown(unp); 435 return (0); 436 } 437 438 static int 439 uipc_sockaddr(struct socket *so, struct sockaddr **nam) 440 { 441 struct unpcb *unp = sotounpcb(so); 442 443 if (unp == 0) 444 return (EINVAL); 445 if (unp->unp_addr) 446 *nam = sodupsockaddr((struct sockaddr *)unp->unp_addr, 447 M_WAITOK); 448 else 449 *nam = sodupsockaddr((struct sockaddr *)&sun_noname, 450 M_WAITOK); 451 return (0); 452 } 453 454 struct pr_usrreqs uipc_usrreqs = { 455 uipc_abort, uipc_accept, uipc_attach, uipc_bind, uipc_connect, 456 uipc_connect2, pru_control_notsupp, uipc_detach, uipc_disconnect, 457 uipc_listen, uipc_peeraddr, uipc_rcvd, pru_rcvoob_notsupp, 458 uipc_send, uipc_sense, uipc_shutdown, uipc_sockaddr, 459 sosend, soreceive, sopoll, pru_sosetlabel_null 460 }; 461 462 int 463 uipc_ctloutput(so, sopt) 464 struct socket *so; 465 struct sockopt *sopt; 466 { 467 struct unpcb *unp = sotounpcb(so); 468 int error; 469 470 switch (sopt->sopt_dir) { 471 case SOPT_GET: 472 switch (sopt->sopt_name) { 473 case LOCAL_PEERCRED: 474 if (unp->unp_flags & UNP_HAVEPC) 475 error = sooptcopyout(sopt, &unp->unp_peercred, 476 sizeof(unp->unp_peercred)); 477 else { 478 if (so->so_type == SOCK_STREAM) 479 error = ENOTCONN; 480 else 481 error = EINVAL; 482 } 483 break; 484 default: 485 error = EOPNOTSUPP; 486 break; 487 } 488 break; 489 case SOPT_SET: 490 default: 491 error = EOPNOTSUPP; 492 break; 493 } 494 return (error); 495 } 496 497 /* 498 * Both send and receive buffers are allocated PIPSIZ bytes of buffering 499 * for stream sockets, although the total for sender and receiver is 500 * actually only PIPSIZ. 501 * Datagram sockets really use the sendspace as the maximum datagram size, 502 * and don't really want to reserve the sendspace. Their recvspace should 503 * be large enough for at least one max-size datagram plus address. 504 */ 505 #ifndef PIPSIZ 506 #define PIPSIZ 8192 507 #endif 508 static u_long unpst_sendspace = PIPSIZ; 509 static u_long unpst_recvspace = PIPSIZ; 510 static u_long unpdg_sendspace = 2*1024; /* really max datagram size */ 511 static u_long unpdg_recvspace = 4*1024; 512 513 static int unp_rights; /* file descriptors in flight */ 514 515 SYSCTL_DECL(_net_local_stream); 516 SYSCTL_INT(_net_local_stream, OID_AUTO, sendspace, CTLFLAG_RW, 517 &unpst_sendspace, 0, ""); 518 SYSCTL_INT(_net_local_stream, OID_AUTO, recvspace, CTLFLAG_RW, 519 &unpst_recvspace, 0, ""); 520 SYSCTL_DECL(_net_local_dgram); 521 SYSCTL_INT(_net_local_dgram, OID_AUTO, maxdgram, CTLFLAG_RW, 522 &unpdg_sendspace, 0, ""); 523 SYSCTL_INT(_net_local_dgram, OID_AUTO, recvspace, CTLFLAG_RW, 524 &unpdg_recvspace, 0, ""); 525 SYSCTL_DECL(_net_local); 526 SYSCTL_INT(_net_local, OID_AUTO, inflight, CTLFLAG_RD, &unp_rights, 0, ""); 527 528 static int 529 unp_attach(so) 530 struct socket *so; 531 { 532 register struct unpcb *unp; 533 int error; 534 535 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { 536 switch (so->so_type) { 537 538 case SOCK_STREAM: 539 error = soreserve(so, unpst_sendspace, unpst_recvspace); 540 break; 541 542 case SOCK_DGRAM: 543 error = soreserve(so, unpdg_sendspace, unpdg_recvspace); 544 break; 545 546 default: 547 panic("unp_attach"); 548 } 549 if (error) 550 return (error); 551 } 552 unp = uma_zalloc(unp_zone, M_WAITOK); 553 if (unp == NULL) 554 return (ENOBUFS); 555 bzero(unp, sizeof *unp); 556 unp->unp_gencnt = ++unp_gencnt; 557 unp_count++; 558 LIST_INIT(&unp->unp_refs); 559 unp->unp_socket = so; 560 LIST_INSERT_HEAD(so->so_type == SOCK_DGRAM ? &unp_dhead 561 : &unp_shead, unp, unp_link); 562 so->so_pcb = unp; 563 return (0); 564 } 565 566 static void 567 unp_detach(unp) 568 register struct unpcb *unp; 569 { 570 LIST_REMOVE(unp, unp_link); 571 unp->unp_gencnt = ++unp_gencnt; 572 --unp_count; 573 if (unp->unp_vnode) { 574 unp->unp_vnode->v_socket = 0; 575 vrele(unp->unp_vnode); 576 unp->unp_vnode = 0; 577 } 578 if (unp->unp_conn) 579 unp_disconnect(unp); 580 while (!LIST_EMPTY(&unp->unp_refs)) 581 unp_drop(LIST_FIRST(&unp->unp_refs), ECONNRESET); 582 soisdisconnected(unp->unp_socket); 583 unp->unp_socket->so_pcb = 0; 584 if (unp_rights) { 585 /* 586 * Normally the receive buffer is flushed later, 587 * in sofree, but if our receive buffer holds references 588 * to descriptors that are now garbage, we will dispose 589 * of those descriptor references after the garbage collector 590 * gets them (resulting in a "panic: closef: count < 0"). 591 */ 592 sorflush(unp->unp_socket); 593 unp_gc(); 594 } 595 if (unp->unp_addr) 596 FREE(unp->unp_addr, M_SONAME); 597 uma_zfree(unp_zone, unp); 598 } 599 600 static int 601 unp_bind(unp, nam, td) 602 struct unpcb *unp; 603 struct sockaddr *nam; 604 struct thread *td; 605 { 606 struct sockaddr_un *soun = (struct sockaddr_un *)nam; 607 struct vnode *vp; 608 struct mount *mp; 609 struct vattr vattr; 610 int error, namelen; 611 struct nameidata nd; 612 char *buf; 613 614 if (unp->unp_vnode != NULL) 615 return (EINVAL); 616 617 namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path); 618 if (namelen <= 0) 619 return (EINVAL); 620 621 buf = malloc(namelen + 1, M_TEMP, M_WAITOK); 622 strlcpy(buf, soun->sun_path, namelen + 1); 623 624 restart: 625 NDINIT(&nd, CREATE, NOFOLLOW | LOCKPARENT | SAVENAME, UIO_SYSSPACE, 626 buf, td); 627 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */ 628 error = namei(&nd); 629 if (error) { 630 free(buf, M_TEMP); 631 return (error); 632 } 633 vp = nd.ni_vp; 634 if (vp != NULL || vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 635 NDFREE(&nd, NDF_ONLY_PNBUF); 636 if (nd.ni_dvp == vp) 637 vrele(nd.ni_dvp); 638 else 639 vput(nd.ni_dvp); 640 if (vp != NULL) { 641 vrele(vp); 642 free(buf, M_TEMP); 643 return (EADDRINUSE); 644 } 645 error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH); 646 if (error) { 647 free(buf, M_TEMP); 648 return (error); 649 } 650 goto restart; 651 } 652 VATTR_NULL(&vattr); 653 vattr.va_type = VSOCK; 654 vattr.va_mode = (ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask); 655 #ifdef MAC 656 error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, 657 &vattr); 658 #endif 659 if (error == 0) { 660 VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); 661 error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); 662 } 663 NDFREE(&nd, NDF_ONLY_PNBUF); 664 vput(nd.ni_dvp); 665 if (error) { 666 free(buf, M_TEMP); 667 return (error); 668 } 669 vp = nd.ni_vp; 670 vp->v_socket = unp->unp_socket; 671 unp->unp_vnode = vp; 672 unp->unp_addr = (struct sockaddr_un *)sodupsockaddr(nam, M_WAITOK); 673 VOP_UNLOCK(vp, 0, td); 674 vn_finished_write(mp); 675 free(buf, M_TEMP); 676 return (0); 677 } 678 679 static int 680 unp_connect(so, nam, td) 681 struct socket *so; 682 struct sockaddr *nam; 683 struct thread *td; 684 { 685 register struct sockaddr_un *soun = (struct sockaddr_un *)nam; 686 register struct vnode *vp; 687 register struct socket *so2, *so3; 688 struct unpcb *unp, *unp2, *unp3; 689 int error, len; 690 struct nameidata nd; 691 char buf[SOCK_MAXADDRLEN]; 692 693 len = nam->sa_len - offsetof(struct sockaddr_un, sun_path); 694 if (len <= 0) 695 return (EINVAL); 696 strlcpy(buf, soun->sun_path, len + 1); 697 698 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, buf, td); 699 error = namei(&nd); 700 if (error) 701 return (error); 702 vp = nd.ni_vp; 703 NDFREE(&nd, NDF_ONLY_PNBUF); 704 if (vp->v_type != VSOCK) { 705 error = ENOTSOCK; 706 goto bad; 707 } 708 error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td); 709 if (error) 710 goto bad; 711 so2 = vp->v_socket; 712 if (so2 == 0) { 713 error = ECONNREFUSED; 714 goto bad; 715 } 716 if (so->so_type != so2->so_type) { 717 error = EPROTOTYPE; 718 goto bad; 719 } 720 if (so->so_proto->pr_flags & PR_CONNREQUIRED) { 721 if ((so2->so_options & SO_ACCEPTCONN) == 0 || 722 (so3 = sonewconn(so2, 0)) == 0) { 723 error = ECONNREFUSED; 724 goto bad; 725 } 726 unp = sotounpcb(so); 727 unp2 = sotounpcb(so2); 728 unp3 = sotounpcb(so3); 729 if (unp2->unp_addr) 730 unp3->unp_addr = (struct sockaddr_un *) 731 sodupsockaddr((struct sockaddr *)unp2->unp_addr, 732 M_WAITOK); 733 734 /* 735 * unp_peercred management: 736 * 737 * The connecter's (client's) credentials are copied 738 * from its process structure at the time of connect() 739 * (which is now). 740 */ 741 cru2x(td->td_ucred, &unp3->unp_peercred); 742 unp3->unp_flags |= UNP_HAVEPC; 743 /* 744 * The receiver's (server's) credentials are copied 745 * from the unp_peercred member of socket on which the 746 * former called listen(); unp_listen() cached that 747 * process's credentials at that time so we can use 748 * them now. 749 */ 750 KASSERT(unp2->unp_flags & UNP_HAVEPCCACHED, 751 ("unp_connect: listener without cached peercred")); 752 memcpy(&unp->unp_peercred, &unp2->unp_peercred, 753 sizeof(unp->unp_peercred)); 754 unp->unp_flags |= UNP_HAVEPC; 755 #ifdef MAC 756 mac_set_socket_peer_from_socket(so, so3); 757 mac_set_socket_peer_from_socket(so3, so); 758 #endif 759 760 so2 = so3; 761 } 762 error = unp_connect2(so, so2); 763 bad: 764 vput(vp); 765 return (error); 766 } 767 768 int 769 unp_connect2(so, so2) 770 register struct socket *so; 771 register struct socket *so2; 772 { 773 register struct unpcb *unp = sotounpcb(so); 774 register struct unpcb *unp2; 775 776 if (so2->so_type != so->so_type) 777 return (EPROTOTYPE); 778 unp2 = sotounpcb(so2); 779 unp->unp_conn = unp2; 780 switch (so->so_type) { 781 782 case SOCK_DGRAM: 783 LIST_INSERT_HEAD(&unp2->unp_refs, unp, unp_reflink); 784 soisconnected(so); 785 break; 786 787 case SOCK_STREAM: 788 unp2->unp_conn = unp; 789 soisconnected(so); 790 soisconnected(so2); 791 break; 792 793 default: 794 panic("unp_connect2"); 795 } 796 return (0); 797 } 798 799 static void 800 unp_disconnect(unp) 801 struct unpcb *unp; 802 { 803 register struct unpcb *unp2 = unp->unp_conn; 804 805 if (unp2 == 0) 806 return; 807 unp->unp_conn = 0; 808 switch (unp->unp_socket->so_type) { 809 810 case SOCK_DGRAM: 811 LIST_REMOVE(unp, unp_reflink); 812 unp->unp_socket->so_state &= ~SS_ISCONNECTED; 813 break; 814 815 case SOCK_STREAM: 816 soisdisconnected(unp->unp_socket); 817 unp2->unp_conn = 0; 818 soisdisconnected(unp2->unp_socket); 819 break; 820 } 821 } 822 823 #ifdef notdef 824 void 825 unp_abort(unp) 826 struct unpcb *unp; 827 { 828 829 unp_detach(unp); 830 } 831 #endif 832 833 static int 834 unp_pcblist(SYSCTL_HANDLER_ARGS) 835 { 836 int error, i, n; 837 struct unpcb *unp, **unp_list; 838 unp_gen_t gencnt; 839 struct xunpgen *xug; 840 struct unp_head *head; 841 struct xunpcb *xu; 842 843 head = ((intptr_t)arg1 == SOCK_DGRAM ? &unp_dhead : &unp_shead); 844 845 /* 846 * The process of preparing the PCB list is too time-consuming and 847 * resource-intensive to repeat twice on every request. 848 */ 849 if (req->oldptr == 0) { 850 n = unp_count; 851 req->oldidx = 2 * (sizeof *xug) 852 + (n + n/8) * sizeof(struct xunpcb); 853 return (0); 854 } 855 856 if (req->newptr != 0) 857 return (EPERM); 858 859 /* 860 * OK, now we're committed to doing something. 861 */ 862 xug = malloc(sizeof(*xug), M_TEMP, M_WAITOK); 863 gencnt = unp_gencnt; 864 n = unp_count; 865 866 xug->xug_len = sizeof *xug; 867 xug->xug_count = n; 868 xug->xug_gen = gencnt; 869 xug->xug_sogen = so_gencnt; 870 error = SYSCTL_OUT(req, xug, sizeof *xug); 871 if (error) { 872 free(xug, M_TEMP); 873 return (error); 874 } 875 876 unp_list = malloc(n * sizeof *unp_list, M_TEMP, M_WAITOK); 877 878 for (unp = LIST_FIRST(head), i = 0; unp && i < n; 879 unp = LIST_NEXT(unp, unp_link)) { 880 if (unp->unp_gencnt <= gencnt) { 881 if (cr_cansee(req->td->td_ucred, 882 unp->unp_socket->so_cred)) 883 continue; 884 unp_list[i++] = unp; 885 } 886 } 887 n = i; /* in case we lost some during malloc */ 888 889 error = 0; 890 xu = malloc(sizeof(*xu), M_TEMP, M_WAITOK); 891 for (i = 0; i < n; i++) { 892 unp = unp_list[i]; 893 if (unp->unp_gencnt <= gencnt) { 894 xu->xu_len = sizeof *xu; 895 xu->xu_unpp = unp; 896 /* 897 * XXX - need more locking here to protect against 898 * connect/disconnect races for SMP. 899 */ 900 if (unp->unp_addr) 901 bcopy(unp->unp_addr, &xu->xu_addr, 902 unp->unp_addr->sun_len); 903 if (unp->unp_conn && unp->unp_conn->unp_addr) 904 bcopy(unp->unp_conn->unp_addr, 905 &xu->xu_caddr, 906 unp->unp_conn->unp_addr->sun_len); 907 bcopy(unp, &xu->xu_unp, sizeof *unp); 908 sotoxsocket(unp->unp_socket, &xu->xu_socket); 909 error = SYSCTL_OUT(req, xu, sizeof *xu); 910 } 911 } 912 free(xu, M_TEMP); 913 if (!error) { 914 /* 915 * Give the user an updated idea of our state. 916 * If the generation differs from what we told 917 * her before, she knows that something happened 918 * while we were processing this request, and it 919 * might be necessary to retry. 920 */ 921 xug->xug_gen = unp_gencnt; 922 xug->xug_sogen = so_gencnt; 923 xug->xug_count = unp_count; 924 error = SYSCTL_OUT(req, xug, sizeof *xug); 925 } 926 free(unp_list, M_TEMP); 927 free(xug, M_TEMP); 928 return (error); 929 } 930 931 SYSCTL_PROC(_net_local_dgram, OID_AUTO, pcblist, CTLFLAG_RD, 932 (caddr_t)(long)SOCK_DGRAM, 0, unp_pcblist, "S,xunpcb", 933 "List of active local datagram sockets"); 934 SYSCTL_PROC(_net_local_stream, OID_AUTO, pcblist, CTLFLAG_RD, 935 (caddr_t)(long)SOCK_STREAM, 0, unp_pcblist, "S,xunpcb", 936 "List of active local stream sockets"); 937 938 static void 939 unp_shutdown(unp) 940 struct unpcb *unp; 941 { 942 struct socket *so; 943 944 if (unp->unp_socket->so_type == SOCK_STREAM && unp->unp_conn && 945 (so = unp->unp_conn->unp_socket)) 946 socantrcvmore(so); 947 } 948 949 static void 950 unp_drop(unp, errno) 951 struct unpcb *unp; 952 int errno; 953 { 954 struct socket *so = unp->unp_socket; 955 956 so->so_error = errno; 957 unp_disconnect(unp); 958 } 959 960 #ifdef notdef 961 void 962 unp_drain() 963 { 964 965 } 966 #endif 967 968 static void 969 unp_freerights(rp, fdcount) 970 struct file **rp; 971 int fdcount; 972 { 973 int i; 974 struct file *fp; 975 976 for (i = 0; i < fdcount; i++) { 977 fp = *rp; 978 /* 979 * zero the pointer before calling 980 * unp_discard since it may end up 981 * in unp_gc().. 982 */ 983 *rp++ = 0; 984 unp_discard(fp); 985 } 986 } 987 988 int 989 unp_externalize(control, controlp) 990 struct mbuf *control, **controlp; 991 { 992 struct thread *td = curthread; /* XXX */ 993 struct cmsghdr *cm = mtod(control, struct cmsghdr *); 994 int i; 995 int *fdp; 996 struct file **rp; 997 struct file *fp; 998 void *data; 999 socklen_t clen = control->m_len, datalen; 1000 int error, newfds; 1001 int f; 1002 u_int newlen; 1003 1004 error = 0; 1005 if (controlp != NULL) /* controlp == NULL => free control messages */ 1006 *controlp = NULL; 1007 1008 while (cm != NULL) { 1009 if (sizeof(*cm) > clen || cm->cmsg_len > clen) { 1010 error = EINVAL; 1011 break; 1012 } 1013 1014 data = CMSG_DATA(cm); 1015 datalen = (caddr_t)cm + cm->cmsg_len - (caddr_t)data; 1016 1017 if (cm->cmsg_level == SOL_SOCKET 1018 && cm->cmsg_type == SCM_RIGHTS) { 1019 newfds = datalen / sizeof(struct file *); 1020 rp = data; 1021 1022 /* If we're not outputting the descriptors free them. */ 1023 if (error || controlp == NULL) { 1024 unp_freerights(rp, newfds); 1025 goto next; 1026 } 1027 FILEDESC_LOCK(td->td_proc->p_fd); 1028 /* if the new FD's will not fit free them. */ 1029 if (!fdavail(td, newfds)) { 1030 FILEDESC_UNLOCK(td->td_proc->p_fd); 1031 error = EMSGSIZE; 1032 unp_freerights(rp, newfds); 1033 goto next; 1034 } 1035 /* 1036 * now change each pointer to an fd in the global 1037 * table to an integer that is the index to the 1038 * local fd table entry that we set up to point 1039 * to the global one we are transferring. 1040 */ 1041 newlen = newfds * sizeof(int); 1042 *controlp = sbcreatecontrol(NULL, newlen, 1043 SCM_RIGHTS, SOL_SOCKET); 1044 if (*controlp == NULL) { 1045 FILEDESC_UNLOCK(td->td_proc->p_fd); 1046 error = E2BIG; 1047 unp_freerights(rp, newfds); 1048 goto next; 1049 } 1050 1051 fdp = (int *) 1052 CMSG_DATA(mtod(*controlp, struct cmsghdr *)); 1053 for (i = 0; i < newfds; i++) { 1054 if (fdalloc(td, 0, &f)) 1055 panic("unp_externalize fdalloc failed"); 1056 fp = *rp++; 1057 td->td_proc->p_fd->fd_ofiles[f] = fp; 1058 FILE_LOCK(fp); 1059 fp->f_msgcount--; 1060 FILE_UNLOCK(fp); 1061 unp_rights--; 1062 *fdp++ = f; 1063 } 1064 FILEDESC_UNLOCK(td->td_proc->p_fd); 1065 } else { /* We can just copy anything else across */ 1066 if (error || controlp == NULL) 1067 goto next; 1068 *controlp = sbcreatecontrol(NULL, datalen, 1069 cm->cmsg_type, cm->cmsg_level); 1070 if (*controlp == NULL) { 1071 error = ENOBUFS; 1072 goto next; 1073 } 1074 bcopy(data, 1075 CMSG_DATA(mtod(*controlp, struct cmsghdr *)), 1076 datalen); 1077 } 1078 1079 controlp = &(*controlp)->m_next; 1080 1081 next: 1082 if (CMSG_SPACE(datalen) < clen) { 1083 clen -= CMSG_SPACE(datalen); 1084 cm = (struct cmsghdr *) 1085 ((caddr_t)cm + CMSG_SPACE(datalen)); 1086 } else { 1087 clen = 0; 1088 cm = NULL; 1089 } 1090 } 1091 1092 m_freem(control); 1093 1094 return (error); 1095 } 1096 1097 void 1098 unp_init(void) 1099 { 1100 unp_zone = uma_zcreate("unpcb", sizeof(struct unpcb), NULL, NULL, 1101 NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); 1102 if (unp_zone == 0) 1103 panic("unp_init"); 1104 uma_zone_set_max(unp_zone, nmbclusters); 1105 LIST_INIT(&unp_dhead); 1106 LIST_INIT(&unp_shead); 1107 } 1108 1109 static int 1110 unp_internalize(controlp, td) 1111 struct mbuf **controlp; 1112 struct thread *td; 1113 { 1114 struct mbuf *control = *controlp; 1115 struct proc *p = td->td_proc; 1116 struct filedesc *fdescp = p->p_fd; 1117 struct cmsghdr *cm = mtod(control, struct cmsghdr *); 1118 struct cmsgcred *cmcred; 1119 struct file **rp; 1120 struct file *fp; 1121 struct timeval *tv; 1122 int i, fd, *fdp; 1123 void *data; 1124 socklen_t clen = control->m_len, datalen; 1125 int error, oldfds; 1126 u_int newlen; 1127 1128 error = 0; 1129 *controlp = NULL; 1130 1131 while (cm != NULL) { 1132 if (sizeof(*cm) > clen || cm->cmsg_level != SOL_SOCKET 1133 || cm->cmsg_len > clen) { 1134 error = EINVAL; 1135 goto out; 1136 } 1137 1138 data = CMSG_DATA(cm); 1139 datalen = (caddr_t)cm + cm->cmsg_len - (caddr_t)data; 1140 1141 switch (cm->cmsg_type) { 1142 /* 1143 * Fill in credential information. 1144 */ 1145 case SCM_CREDS: 1146 *controlp = sbcreatecontrol(NULL, sizeof(*cmcred), 1147 SCM_CREDS, SOL_SOCKET); 1148 if (*controlp == NULL) { 1149 error = ENOBUFS; 1150 goto out; 1151 } 1152 1153 cmcred = (struct cmsgcred *) 1154 CMSG_DATA(mtod(*controlp, struct cmsghdr *)); 1155 cmcred->cmcred_pid = p->p_pid; 1156 cmcred->cmcred_uid = td->td_ucred->cr_ruid; 1157 cmcred->cmcred_gid = td->td_ucred->cr_rgid; 1158 cmcred->cmcred_euid = td->td_ucred->cr_uid; 1159 cmcred->cmcred_ngroups = MIN(td->td_ucred->cr_ngroups, 1160 CMGROUP_MAX); 1161 for (i = 0; i < cmcred->cmcred_ngroups; i++) 1162 cmcred->cmcred_groups[i] = 1163 td->td_ucred->cr_groups[i]; 1164 break; 1165 1166 case SCM_RIGHTS: 1167 oldfds = datalen / sizeof (int); 1168 /* 1169 * check that all the FDs passed in refer to legal files 1170 * If not, reject the entire operation. 1171 */ 1172 fdp = data; 1173 FILEDESC_LOCK(fdescp); 1174 for (i = 0; i < oldfds; i++) { 1175 fd = *fdp++; 1176 if ((unsigned)fd >= fdescp->fd_nfiles || 1177 fdescp->fd_ofiles[fd] == NULL) { 1178 FILEDESC_UNLOCK(fdescp); 1179 error = EBADF; 1180 goto out; 1181 } 1182 fp = fdescp->fd_ofiles[fd]; 1183 if (!(fp->f_ops->fo_flags & DFLAG_PASSABLE)) { 1184 FILEDESC_UNLOCK(fdescp); 1185 error = EOPNOTSUPP; 1186 goto out; 1187 } 1188 1189 } 1190 /* 1191 * Now replace the integer FDs with pointers to 1192 * the associated global file table entry.. 1193 */ 1194 newlen = oldfds * sizeof(struct file *); 1195 *controlp = sbcreatecontrol(NULL, newlen, 1196 SCM_RIGHTS, SOL_SOCKET); 1197 if (*controlp == NULL) { 1198 FILEDESC_UNLOCK(fdescp); 1199 error = E2BIG; 1200 goto out; 1201 } 1202 1203 fdp = data; 1204 rp = (struct file **) 1205 CMSG_DATA(mtod(*controlp, struct cmsghdr *)); 1206 for (i = 0; i < oldfds; i++) { 1207 fp = fdescp->fd_ofiles[*fdp++]; 1208 *rp++ = fp; 1209 FILE_LOCK(fp); 1210 fp->f_count++; 1211 fp->f_msgcount++; 1212 FILE_UNLOCK(fp); 1213 unp_rights++; 1214 } 1215 FILEDESC_UNLOCK(fdescp); 1216 break; 1217 1218 case SCM_TIMESTAMP: 1219 *controlp = sbcreatecontrol(NULL, sizeof(*tv), 1220 SCM_TIMESTAMP, SOL_SOCKET); 1221 if (*controlp == NULL) { 1222 error = ENOBUFS; 1223 goto out; 1224 } 1225 tv = (struct timeval *) 1226 CMSG_DATA(mtod(*controlp, struct cmsghdr *)); 1227 microtime(tv); 1228 break; 1229 1230 default: 1231 error = EINVAL; 1232 goto out; 1233 } 1234 1235 controlp = &(*controlp)->m_next; 1236 1237 if (CMSG_SPACE(datalen) < clen) { 1238 clen -= CMSG_SPACE(datalen); 1239 cm = (struct cmsghdr *) 1240 ((caddr_t)cm + CMSG_SPACE(datalen)); 1241 } else { 1242 clen = 0; 1243 cm = NULL; 1244 } 1245 } 1246 1247 out: 1248 m_freem(control); 1249 1250 return (error); 1251 } 1252 1253 static int unp_defer, unp_gcing; 1254 1255 static void 1256 unp_gc() 1257 { 1258 register struct file *fp, *nextfp; 1259 register struct socket *so; 1260 struct file **extra_ref, **fpp; 1261 int nunref, i; 1262 1263 if (unp_gcing) 1264 return; 1265 unp_gcing = 1; 1266 unp_defer = 0; 1267 /* 1268 * before going through all this, set all FDs to 1269 * be NOT defered and NOT externally accessible 1270 */ 1271 sx_slock(&filelist_lock); 1272 LIST_FOREACH(fp, &filehead, f_list) 1273 fp->f_gcflag &= ~(FMARK|FDEFER); 1274 do { 1275 LIST_FOREACH(fp, &filehead, f_list) { 1276 FILE_LOCK(fp); 1277 /* 1278 * If the file is not open, skip it 1279 */ 1280 if (fp->f_count == 0) { 1281 FILE_UNLOCK(fp); 1282 continue; 1283 } 1284 /* 1285 * If we already marked it as 'defer' in a 1286 * previous pass, then try process it this time 1287 * and un-mark it 1288 */ 1289 if (fp->f_gcflag & FDEFER) { 1290 fp->f_gcflag &= ~FDEFER; 1291 unp_defer--; 1292 } else { 1293 /* 1294 * if it's not defered, then check if it's 1295 * already marked.. if so skip it 1296 */ 1297 if (fp->f_gcflag & FMARK) { 1298 FILE_UNLOCK(fp); 1299 continue; 1300 } 1301 /* 1302 * If all references are from messages 1303 * in transit, then skip it. it's not 1304 * externally accessible. 1305 */ 1306 if (fp->f_count == fp->f_msgcount) { 1307 FILE_UNLOCK(fp); 1308 continue; 1309 } 1310 /* 1311 * If it got this far then it must be 1312 * externally accessible. 1313 */ 1314 fp->f_gcflag |= FMARK; 1315 } 1316 /* 1317 * either it was defered, or it is externally 1318 * accessible and not already marked so. 1319 * Now check if it is possibly one of OUR sockets. 1320 */ 1321 if (fp->f_type != DTYPE_SOCKET || 1322 (so = fp->f_data) == NULL) { 1323 FILE_UNLOCK(fp); 1324 continue; 1325 } 1326 FILE_UNLOCK(fp); 1327 if (so->so_proto->pr_domain != &localdomain || 1328 (so->so_proto->pr_flags&PR_RIGHTS) == 0) 1329 continue; 1330 #ifdef notdef 1331 if (so->so_rcv.sb_flags & SB_LOCK) { 1332 /* 1333 * This is problematical; it's not clear 1334 * we need to wait for the sockbuf to be 1335 * unlocked (on a uniprocessor, at least), 1336 * and it's also not clear what to do 1337 * if sbwait returns an error due to receipt 1338 * of a signal. If sbwait does return 1339 * an error, we'll go into an infinite 1340 * loop. Delete all of this for now. 1341 */ 1342 (void) sbwait(&so->so_rcv); 1343 goto restart; 1344 } 1345 #endif 1346 /* 1347 * So, Ok, it's one of our sockets and it IS externally 1348 * accessible (or was defered). Now we look 1349 * to see if we hold any file descriptors in its 1350 * message buffers. Follow those links and mark them 1351 * as accessible too. 1352 */ 1353 unp_scan(so->so_rcv.sb_mb, unp_mark); 1354 } 1355 } while (unp_defer); 1356 sx_sunlock(&filelist_lock); 1357 /* 1358 * We grab an extra reference to each of the file table entries 1359 * that are not otherwise accessible and then free the rights 1360 * that are stored in messages on them. 1361 * 1362 * The bug in the orginal code is a little tricky, so I'll describe 1363 * what's wrong with it here. 1364 * 1365 * It is incorrect to simply unp_discard each entry for f_msgcount 1366 * times -- consider the case of sockets A and B that contain 1367 * references to each other. On a last close of some other socket, 1368 * we trigger a gc since the number of outstanding rights (unp_rights) 1369 * is non-zero. If during the sweep phase the gc code un_discards, 1370 * we end up doing a (full) closef on the descriptor. A closef on A 1371 * results in the following chain. Closef calls soo_close, which 1372 * calls soclose. Soclose calls first (through the switch 1373 * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply 1374 * returns because the previous instance had set unp_gcing, and 1375 * we return all the way back to soclose, which marks the socket 1376 * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush 1377 * to free up the rights that are queued in messages on the socket A, 1378 * i.e., the reference on B. The sorflush calls via the dom_dispose 1379 * switch unp_dispose, which unp_scans with unp_discard. This second 1380 * instance of unp_discard just calls closef on B. 1381 * 1382 * Well, a similar chain occurs on B, resulting in a sorflush on B, 1383 * which results in another closef on A. Unfortunately, A is already 1384 * being closed, and the descriptor has already been marked with 1385 * SS_NOFDREF, and soclose panics at this point. 1386 * 1387 * Here, we first take an extra reference to each inaccessible 1388 * descriptor. Then, we call sorflush ourself, since we know 1389 * it is a Unix domain socket anyhow. After we destroy all the 1390 * rights carried in messages, we do a last closef to get rid 1391 * of our extra reference. This is the last close, and the 1392 * unp_detach etc will shut down the socket. 1393 * 1394 * 91/09/19, bsy@cs.cmu.edu 1395 */ 1396 extra_ref = malloc(nfiles * sizeof(struct file *), M_TEMP, M_WAITOK); 1397 sx_slock(&filelist_lock); 1398 for (nunref = 0, fp = LIST_FIRST(&filehead), fpp = extra_ref; fp != 0; 1399 fp = nextfp) { 1400 nextfp = LIST_NEXT(fp, f_list); 1401 FILE_LOCK(fp); 1402 /* 1403 * If it's not open, skip it 1404 */ 1405 if (fp->f_count == 0) { 1406 FILE_UNLOCK(fp); 1407 continue; 1408 } 1409 /* 1410 * If all refs are from msgs, and it's not marked accessible 1411 * then it must be referenced from some unreachable cycle 1412 * of (shut-down) FDs, so include it in our 1413 * list of FDs to remove 1414 */ 1415 if (fp->f_count == fp->f_msgcount && !(fp->f_gcflag & FMARK)) { 1416 *fpp++ = fp; 1417 nunref++; 1418 fp->f_count++; 1419 } 1420 FILE_UNLOCK(fp); 1421 } 1422 sx_sunlock(&filelist_lock); 1423 /* 1424 * for each FD on our hit list, do the following two things 1425 */ 1426 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) { 1427 struct file *tfp = *fpp; 1428 FILE_LOCK(tfp); 1429 if (tfp->f_type == DTYPE_SOCKET && 1430 tfp->f_data != NULL) { 1431 FILE_UNLOCK(tfp); 1432 sorflush(tfp->f_data); 1433 } else { 1434 FILE_UNLOCK(tfp); 1435 } 1436 } 1437 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) 1438 closef(*fpp, (struct thread *) NULL); 1439 free(extra_ref, M_TEMP); 1440 unp_gcing = 0; 1441 } 1442 1443 void 1444 unp_dispose(m) 1445 struct mbuf *m; 1446 { 1447 1448 if (m) 1449 unp_scan(m, unp_discard); 1450 } 1451 1452 static int 1453 unp_listen(unp, td) 1454 struct unpcb *unp; 1455 struct thread *td; 1456 { 1457 1458 cru2x(td->td_ucred, &unp->unp_peercred); 1459 unp->unp_flags |= UNP_HAVEPCCACHED; 1460 return (0); 1461 } 1462 1463 static void 1464 unp_scan(m0, op) 1465 register struct mbuf *m0; 1466 void (*op)(struct file *); 1467 { 1468 struct mbuf *m; 1469 struct file **rp; 1470 struct cmsghdr *cm; 1471 void *data; 1472 int i; 1473 socklen_t clen, datalen; 1474 int qfds; 1475 1476 while (m0) { 1477 for (m = m0; m; m = m->m_next) { 1478 if (m->m_type != MT_CONTROL) 1479 continue; 1480 1481 cm = mtod(m, struct cmsghdr *); 1482 clen = m->m_len; 1483 1484 while (cm != NULL) { 1485 if (sizeof(*cm) > clen || cm->cmsg_len > clen) 1486 break; 1487 1488 data = CMSG_DATA(cm); 1489 datalen = (caddr_t)cm + cm->cmsg_len 1490 - (caddr_t)data; 1491 1492 if (cm->cmsg_level == SOL_SOCKET && 1493 cm->cmsg_type == SCM_RIGHTS) { 1494 qfds = datalen / sizeof (struct file *); 1495 rp = data; 1496 for (i = 0; i < qfds; i++) 1497 (*op)(*rp++); 1498 } 1499 1500 if (CMSG_SPACE(datalen) < clen) { 1501 clen -= CMSG_SPACE(datalen); 1502 cm = (struct cmsghdr *) 1503 ((caddr_t)cm + CMSG_SPACE(datalen)); 1504 } else { 1505 clen = 0; 1506 cm = NULL; 1507 } 1508 } 1509 } 1510 m0 = m0->m_act; 1511 } 1512 } 1513 1514 static void 1515 unp_mark(fp) 1516 struct file *fp; 1517 { 1518 if (fp->f_gcflag & FMARK) 1519 return; 1520 unp_defer++; 1521 fp->f_gcflag |= (FMARK|FDEFER); 1522 } 1523 1524 static void 1525 unp_discard(fp) 1526 struct file *fp; 1527 { 1528 FILE_LOCK(fp); 1529 fp->f_msgcount--; 1530 unp_rights--; 1531 FILE_UNLOCK(fp); 1532 (void) closef(fp, (struct thread *)NULL); 1533 } 1534