1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <sys/types.h> 28 #include <inet/ip.h> 29 #include <inet/ip_impl.h> 30 #include <inet/ipclassifier.h> 31 #include <inet/proto_set.h> 32 #include <sys/stream.h> 33 #include <sys/strsubr.h> 34 #include <sys/strsun.h> 35 #include <sys/cmn_err.h> 36 #include <sys/t_kuser.h> 37 #include <sys/tihdr.h> 38 #include <sys/pathname.h> 39 #include <sys/sockio.h> 40 #include <sys/vmem.h> 41 #include <sys/disp.h> 42 43 void ip_helper_wput(queue_t *q, mblk_t *mp); 44 45 static int ip_helper_stream_close(queue_t *, int); 46 47 static struct module_info ip_helper_stream_info = { 48 0, "iphelper", IP_MOD_MINPSZ, IP_MOD_MAXPSZ, IP_MOD_HIWAT, IP_MOD_LOWAT 49 }; 50 51 static struct qinit ip_helper_stream_rinit = { 52 NULL, NULL, NULL, ip_helper_stream_close, NULL, 53 &ip_helper_stream_info, NULL 54 }; 55 56 static struct qinit ip_helper_stream_winit = { 57 (pfi_t)ip_helper_wput, (pfi_t)ip_wsrv, NULL, NULL, NULL, 58 &ip_helper_stream_info, NULL, NULL, NULL, STRUIOT_NONE 59 }; 60 61 #define IP_USE_HELPER_CACHE (ip_helper_stream_cache != NULL) 62 63 /* 64 * set the q_ptr of the 'q' to the conn_t pointer passed in 65 */ 66 static void 67 ip_helper_share_conn(queue_t *q, mblk_t *mp, cred_t *crp) 68 { 69 /* 70 * This operation is allowed only on helper streams with kcred 71 */ 72 73 if (kcred != crp || msgdsize(mp->b_cont) != sizeof (void *)) { 74 miocnak(q, mp, 0, EINVAL); 75 return; 76 } 77 78 if (IP_USE_HELPER_CACHE) { 79 ip_helper_stream_info_t *ip_helper_info; 80 81 ip_helper_info = *((ip_helper_stream_info_t **) 82 mp->b_cont->b_rptr); 83 ip_helper_info->iphs_minfo = q->q_ptr; 84 ip_helper_info->iphs_rq = RD(q); 85 ip_helper_info->iphs_wq = WR(q); 86 } else { 87 conn_t *connp = *((conn_t **)mp->b_cont->b_rptr); 88 89 connp->conn_helper_info->iphs_minfo = q->q_ptr; 90 connp->conn_helper_info->iphs_rq = RD(q); 91 connp->conn_helper_info->iphs_wq = WR(q); 92 WR(q)->q_ptr = RD(q)->q_ptr = (void *)connp; 93 connp->conn_rq = RD(q); 94 connp->conn_wq = WR(q); 95 } 96 miocack(q, mp, 0, 0); 97 } 98 99 void 100 ip_helper_wput(queue_t *q, mblk_t *mp) 101 { 102 struct iocblk *iocp = (struct iocblk *)mp->b_rptr; 103 if (DB_TYPE(mp) == M_IOCTL && 104 iocp->ioc_cmd == SIOCSQPTR) { 105 ip_helper_share_conn(q, mp, iocp->ioc_cr); 106 } else { 107 conn_t *connp = (conn_t *)q->q_ptr; 108 109 if (connp->conn_af_isv6) { 110 ip_wput_v6(q, mp); 111 } else { 112 ip_wput(q, mp); 113 } 114 } 115 } 116 117 /* ARGSUSED */ 118 int 119 ip_helper_stream_setup(queue_t *q, dev_t *devp, int flag, int sflag, 120 cred_t *credp, boolean_t isv6) 121 { 122 major_t maj; 123 ip_helper_minfo_t *ip_minfop; 124 125 ASSERT((flag & ~(FKLYR)) == IP_HELPER_STR); 126 127 ASSERT(RD(q) == q); 128 129 ip_minfop = kmem_alloc(sizeof (ip_helper_minfo_t), KM_NOSLEEP); 130 if (ip_minfop == NULL) { 131 return (ENOMEM); 132 } 133 134 ip_minfop->ip_minfo_dev = 0; 135 ip_minfop->ip_minfo_arena = NULL; 136 137 /* 138 * Clone the device, allocate minor device number 139 */ 140 if (ip_minor_arena_la != NULL) 141 ip_minfop->ip_minfo_dev = inet_minor_alloc(ip_minor_arena_la); 142 143 if (ip_minfop->ip_minfo_dev == 0) { 144 /* 145 * numbers in the large arena are exhausted 146 * Try small arena. 147 * Or this is a 32 bit system, 32 bit systems do not have 148 * ip_minor_arena_la 149 */ 150 ip_minfop->ip_minfo_dev = inet_minor_alloc(ip_minor_arena_sa); 151 if (ip_minfop->ip_minfo_dev == 0) { 152 return (EBUSY); 153 } 154 ip_minfop->ip_minfo_arena = ip_minor_arena_sa; 155 } else { 156 ip_minfop->ip_minfo_arena = ip_minor_arena_la; 157 } 158 159 160 ASSERT(ip_minfop->ip_minfo_dev != 0); 161 ASSERT(ip_minfop->ip_minfo_arena != NULL); 162 163 RD(q)->q_ptr = WR(q)->q_ptr = ip_minfop; 164 165 maj = getemajor(*devp); 166 *devp = makedevice(maj, (ulong_t)(ip_minfop->ip_minfo_dev)); 167 168 q->q_qinfo = &ip_helper_stream_rinit; 169 WR(q)->q_qinfo = &ip_helper_stream_winit; 170 qprocson(q); 171 return (0); 172 } 173 174 /* ARGSUSED */ 175 static int 176 ip_helper_stream_close(queue_t *q, int flag) 177 { 178 ip_helper_minfo_t *ip_minfop; 179 180 qprocsoff(q); 181 ip_minfop = (q)->q_ptr; 182 inet_minor_free(ip_minfop->ip_minfo_arena, 183 ip_minfop->ip_minfo_dev); 184 kmem_free(ip_minfop, sizeof (ip_helper_minfo_t)); 185 RD(q)->q_ptr = NULL; 186 WR(q)->q_ptr = NULL; 187 return (0); 188 } 189 190 /* 191 * Public interface for creating an IP stream with shared conn_t 192 */ 193 /* ARGSUSED */ 194 int 195 ip_create_helper_stream(conn_t *connp, ldi_ident_t li) 196 { 197 int error; 198 int ret; 199 200 ASSERT(!servicing_interrupt()); 201 202 error = 0; 203 if (IP_USE_HELPER_CACHE) { 204 queue_t *rq, *wq; 205 206 connp->conn_helper_info = kmem_cache_alloc( 207 ip_helper_stream_cache, KM_NOSLEEP); 208 if (connp->conn_helper_info == NULL) 209 return (EAGAIN); 210 rq = connp->conn_helper_info->iphs_rq; 211 wq = connp->conn_helper_info->iphs_wq; 212 /* 213 * Doesn't need to hold the QLOCK for there is no one else 214 * should have a pointer to this queue. 215 */ 216 rq->q_flag |= QWANTR; 217 wq->q_flag |= QWANTR; 218 219 connp->conn_rq = rq; 220 connp->conn_wq = wq; 221 rq->q_ptr = (void *)connp; 222 wq->q_ptr = (void *)connp; 223 } else { 224 ASSERT(connp->conn_helper_info == NULL); 225 connp->conn_helper_info = kmem_alloc( 226 sizeof (ip_helper_stream_info_t), KM_SLEEP); 227 /* 228 * open ip device via the layered interface. 229 * pass in kcred as some threads do not have the 230 * priviledge to open /dev/ip and the check in 231 * secpolicy_spec_open() will fail the open 232 */ 233 error = ldi_open_by_name(connp->conn_af_isv6 ? 234 DEV_IP6 : DEV_IP, IP_HELPER_STR, 235 kcred, &connp->conn_helper_info->iphs_handle, li); 236 237 if (error != 0) { 238 kmem_free(connp->conn_helper_info, 239 (sizeof (ip_helper_stream_info_t))); 240 connp->conn_helper_info = NULL; 241 return (error); 242 } 243 /* 244 * Share connp with the helper stream 245 */ 246 error = ldi_ioctl(connp->conn_helper_info->iphs_handle, 247 SIOCSQPTR, (intptr_t)connp, FKIOCTL, kcred, &ret); 248 249 if (error != 0) { 250 /* 251 * Passing in a zero flag indicates that an error 252 * occured and stream was not shared 253 */ 254 (void) ldi_close(connp->conn_helper_info->iphs_handle, 255 0, kcred); 256 kmem_free(connp->conn_helper_info, 257 (sizeof (ip_helper_stream_info_t))); 258 connp->conn_helper_info = NULL; 259 } 260 } 261 return (error); 262 } 263 264 /* 265 * Public interface for freeing IP helper stream 266 */ 267 /* ARGSUSED */ 268 void 269 ip_free_helper_stream(conn_t *connp) 270 { 271 ASSERT(!servicing_interrupt()); 272 if (IP_USE_HELPER_CACHE) { 273 274 if (connp->conn_helper_info == NULL) 275 return; 276 ASSERT(connp->conn_helper_info->iphs_rq != NULL); 277 ASSERT(connp->conn_helper_info->iphs_wq != NULL); 278 279 /* Prevent service procedures from being called */ 280 disable_svc(connp->conn_helper_info->iphs_rq); 281 282 /* Wait until service procedure of each queue is run */ 283 wait_svc(connp->conn_helper_info->iphs_rq); 284 285 /* Cleanup any pending ioctls */ 286 conn_ioctl_cleanup(connp); 287 288 /* Allow service procedures to be called again */ 289 enable_svc(connp->conn_helper_info->iphs_rq); 290 291 /* Flush the queues */ 292 flushq(connp->conn_helper_info->iphs_rq, FLUSHALL); 293 flushq(connp->conn_helper_info->iphs_wq, FLUSHALL); 294 295 connp->conn_helper_info->iphs_rq->q_ptr = NULL; 296 connp->conn_helper_info->iphs_wq->q_ptr = NULL; 297 298 kmem_cache_free(ip_helper_stream_cache, 299 connp->conn_helper_info); 300 } else { 301 ASSERT( 302 connp->conn_helper_info->iphs_handle != NULL); 303 304 connp->conn_helper_info->iphs_rq->q_ptr = 305 connp->conn_helper_info->iphs_wq->q_ptr = 306 connp->conn_helper_info->iphs_minfo; 307 (void) ldi_close(connp->conn_helper_info->iphs_handle, 308 IP_HELPER_STR, kcred); 309 kmem_free(connp->conn_helper_info, 310 sizeof (ip_helper_stream_info_t)); 311 } 312 connp->conn_helper_info = NULL; 313 } 314 315 /* 316 * create a T_SVR4_OPTMGMT_REQ TPI message and send down the IP stream 317 */ 318 static int 319 ip_send_option_request(conn_t *connp, uint_t optset_context, int level, 320 int option_name, const void *optval, t_uscalar_t optlen, cred_t *cr) 321 { 322 struct T_optmgmt_req *optmgmt_reqp; 323 struct opthdr *ohp; 324 ssize_t size; 325 mblk_t *mp; 326 327 size = sizeof (struct T_optmgmt_req) + sizeof (struct opthdr) + optlen; 328 mp = allocb_cred(size, cr); 329 if (mp == NULL) 330 return (ENOMEM); 331 332 mp->b_datap->db_type = M_PROTO; 333 optmgmt_reqp = (struct T_optmgmt_req *)mp->b_wptr; 334 335 optmgmt_reqp->PRIM_type = T_SVR4_OPTMGMT_REQ; 336 optmgmt_reqp->MGMT_flags = optset_context; 337 optmgmt_reqp->OPT_length = (t_scalar_t)sizeof (struct opthdr) + optlen; 338 optmgmt_reqp->OPT_offset = (t_scalar_t)sizeof (struct T_optmgmt_req); 339 340 mp->b_wptr += sizeof (struct T_optmgmt_req); 341 342 ohp = (struct opthdr *)mp->b_wptr; 343 344 ohp->level = level; 345 ohp->name = option_name; 346 ohp->len = optlen; 347 348 mp->b_wptr += sizeof (struct opthdr); 349 350 if (optval != NULL) { 351 bcopy(optval, mp->b_wptr, optlen); 352 } else { 353 bzero(mp->b_wptr, optlen); 354 } 355 mp->b_wptr += optlen; 356 357 /* 358 * Send down the primitive 359 */ 360 return (ldi_putmsg(connp->conn_helper_info->iphs_handle, mp)); 361 } 362 363 /* 364 * wait/process the response to T_SVR4_OPTMGMT_REQ TPI message 365 */ 366 static int 367 ip_get_option_response(conn_t *connp, uint_t optset_context, void *optval, 368 t_uscalar_t *optlenp) 369 { 370 union T_primitives *tpr; 371 int error; 372 mblk_t *mp; 373 374 mp = NULL; 375 376 ASSERT(optset_context == T_CHECK || optset_context == T_NEGOTIATE); 377 error = ldi_getmsg(connp->conn_helper_info->iphs_handle, &mp, NULL); 378 if (error != 0) { 379 return (error); 380 } 381 382 if (DB_TYPE(mp) != M_PCPROTO || MBLKL(mp) < sizeof (tpr->type)) { 383 error = EPROTO; 384 goto done; 385 } 386 387 tpr = (union T_primitives *)mp->b_rptr; 388 389 switch (tpr->type) { 390 case T_OPTMGMT_ACK: 391 if (MBLKL(mp) < TOPTMGMTACKSZ) 392 error = EPROTO; 393 break; 394 case T_ERROR_ACK: 395 if (MBLKL(mp) < TERRORACKSZ) { 396 error = EPROTO; 397 break; 398 } 399 400 if (tpr->error_ack.TLI_error == TSYSERR) 401 error = tpr->error_ack.UNIX_error; 402 else 403 error = proto_tlitosyserr(tpr->error_ack.TLI_error); 404 break; 405 default: 406 error = EPROTO; 407 break; 408 } 409 410 if ((optset_context == T_CHECK) && (error == 0)) { 411 struct opthdr *opt_res; 412 t_uscalar_t len; 413 t_uscalar_t size; 414 t_uscalar_t maxlen = *optlenp; 415 void *option; 416 struct T_optmgmt_ack *optmgmt_ack; 417 418 optmgmt_ack = (struct T_optmgmt_ack *)mp->b_rptr; 419 opt_res = (struct opthdr *) 420 ((uintptr_t)mp->b_rptr + optmgmt_ack->OPT_offset); 421 /* 422 * Check mblk boundary 423 */ 424 if (!MBLKIN(mp, optmgmt_ack->OPT_offset, 425 optmgmt_ack->OPT_length)) { 426 error = EPROTO; 427 goto done; 428 } 429 430 /* 431 * Check alignment 432 */ 433 if ((((uintptr_t)opt_res) & (__TPI_ALIGN_SIZE - 1)) != 0) { 434 error = EPROTO; 435 goto done; 436 } 437 438 option = &opt_res[1]; 439 440 /* check to ensure that the option is within bounds */ 441 if ((((uintptr_t)option + opt_res->len) < (uintptr_t)option) || 442 !MBLKIN(mp, sizeof (struct opthdr), opt_res->len)) { 443 error = EPROTO; 444 goto done; 445 } 446 447 len = opt_res->len; 448 size = MIN(len, maxlen); 449 450 /* 451 * Copy data 452 */ 453 bcopy(option, optval, size); 454 bcopy(&size, optlenp, sizeof (size)); 455 } 456 457 done: 458 freemsg(mp); 459 return (error); 460 } 461 462 /* 463 * Public interface to get socketoptions via the ip helper stream. 464 */ 465 int 466 ip_get_options(conn_t *connp, int level, int option_name, void *optval, 467 t_uscalar_t *optlenp, cred_t *cr) 468 { 469 int error; 470 471 error = ip_send_option_request(connp, T_CHECK, level, option_name, NULL, 472 *optlenp, cr); 473 if (error) 474 return (error); 475 476 return (ip_get_option_response(connp, T_CHECK, optval, optlenp)); 477 } 478 479 /* 480 * Public interface to set socket options via the ip helper stream. 481 */ 482 int 483 ip_set_options(conn_t *connp, int level, int option_name, const void *optval, 484 t_uscalar_t optlen, cred_t *cr) 485 { 486 487 int error; 488 489 error = ip_send_option_request(connp, T_NEGOTIATE, level, option_name, 490 optval, optlen, cr); 491 if (error) 492 return (error); 493 494 return (ip_get_option_response(connp, T_NEGOTIATE, (void *)optval, 495 &optlen)); 496 } 497