1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/t_lock.h> 29 #include <sys/param.h> 30 #include <sys/systm.h> 31 #include <sys/buf.h> 32 #include <sys/conf.h> 33 #include <sys/cred.h> 34 #include <sys/kmem.h> 35 #include <sys/sysmacros.h> 36 #include <sys/vfs.h> 37 #include <sys/vnode.h> 38 #include <sys/debug.h> 39 #include <sys/errno.h> 40 #include <sys/time.h> 41 #include <sys/file.h> 42 #include <sys/user.h> 43 #include <sys/stream.h> 44 #include <sys/strsubr.h> 45 #include <sys/strsun.h> 46 #include <sys/sunddi.h> 47 #include <sys/esunddi.h> 48 #include <sys/flock.h> 49 #include <sys/modctl.h> 50 #include <sys/cmn_err.h> 51 #include <sys/vmsystm.h> 52 #include <sys/policy.h> 53 54 #include <sys/socket.h> 55 #include <sys/socketvar.h> 56 57 #include <sys/isa_defs.h> 58 #include <sys/inttypes.h> 59 #include <sys/systm.h> 60 #include <sys/cpuvar.h> 61 #include <sys/filio.h> 62 #include <sys/sendfile.h> 63 #include <sys/ddi.h> 64 #include <vm/seg.h> 65 #include <vm/seg_map.h> 66 #include <vm/seg_kpm.h> 67 #include <fs/sockfs/nl7c.h> 68 69 #ifdef SOCK_TEST 70 int do_useracc = 1; /* Controlled by setting SO_DEBUG to 4 */ 71 #else 72 #define do_useracc 1 73 #endif /* SOCK_TEST */ 74 75 extern int xnet_truncate_print; 76 77 /* 78 * Note: DEF_IOV_MAX is defined and used as it is in "fs/vncalls.c" 79 * as there isn't a formal definition of IOV_MAX ??? 80 */ 81 #define MSG_MAXIOVLEN 16 82 83 /* 84 * Kernel component of socket creation. 85 * 86 * The socket library determines which version number to use. 87 * First the library calls this with a NULL devpath. If this fails 88 * to find a transport (using solookup) the library will look in /etc/netconfig 89 * for the appropriate transport. If one is found it will pass in the 90 * devpath for the kernel to use. 91 */ 92 int 93 so_socket(int domain, int type, int protocol, char *devpath, int version) 94 { 95 vnode_t *accessvp; 96 struct sonode *so; 97 vnode_t *vp; 98 struct file *fp; 99 int fd; 100 int error; 101 boolean_t wildcard = B_FALSE; 102 int saved_error = 0; 103 int sdomain = domain; 104 105 dprint(1, ("so_socket(%d,%d,%d,%p,%d)\n", 106 domain, type, protocol, (void *)devpath, version)); 107 108 if (domain == AF_NCA) { 109 /* 110 * The request is for an NCA socket so for NL7C use the 111 * INET domain instead and mark NL7C_AF_NCA below. 112 */ 113 domain = AF_INET; 114 /* 115 * NL7C is not supported in non-global zones, 116 * we enforce this restriction here. 117 */ 118 if (getzoneid() != GLOBAL_ZONEID) { 119 return (set_errno(ENOTSUP)); 120 } 121 } 122 123 accessvp = solookup(domain, type, protocol, devpath, &error); 124 if (accessvp == NULL) { 125 /* 126 * If there is either an EPROTONOSUPPORT or EPROTOTYPE error 127 * it makes sense doing the wildcard lookup since the 128 * protocol might not be in the table. 129 */ 130 if (devpath != NULL || protocol == 0 || 131 !(error == EPROTONOSUPPORT || error == EPROTOTYPE)) 132 return (set_errno(error)); 133 134 saved_error = error; 135 136 /* 137 * Try wildcard lookup. Never use devpath for wildcards. 138 */ 139 accessvp = solookup(domain, type, 0, NULL, &error); 140 if (accessvp == NULL) { 141 /* 142 * Can't find in kernel table - have library 143 * fall back to /etc/netconfig and tell us 144 * the devpath (The library will do this if it didn't 145 * already pass in a devpath). 146 */ 147 if (saved_error != 0) 148 error = saved_error; 149 return (set_errno(error)); 150 } 151 wildcard = B_TRUE; 152 } 153 154 /* Check the device policy */ 155 if ((error = secpolicy_spec_open(CRED(), 156 accessvp, FREAD|FWRITE)) != 0) { 157 return (set_errno(error)); 158 } 159 160 if (protocol == IPPROTO_SCTP) { 161 so = sosctp_create(accessvp, domain, type, protocol, version, 162 NULL, &error); 163 } else if (protocol == PROTO_SDP) { 164 so = sosdp_create(accessvp, domain, type, protocol, version, 165 NULL, &error); 166 } else { 167 so = sotpi_create(accessvp, domain, type, protocol, version, 168 NULL, &error); 169 } 170 if (so == NULL) { 171 return (set_errno(error)); 172 } 173 if (sdomain == AF_NCA && domain == AF_INET) { 174 so->so_nl7c_flags = NL7C_AF_NCA; 175 } 176 vp = SOTOV(so); 177 178 if (wildcard) { 179 /* 180 * Issue SO_PROTOTYPE setsockopt. 181 */ 182 error = SOP_SETSOCKOPT(so, SOL_SOCKET, SO_PROTOTYPE, 183 &protocol, 184 (t_uscalar_t)sizeof (protocol)); 185 if (error) { 186 (void) VOP_CLOSE(vp, 0, 1, 0, CRED(), NULL); 187 VN_RELE(vp); 188 /* 189 * Setsockopt often fails with ENOPROTOOPT but socket() 190 * should fail with EPROTONOSUPPORT/EPROTOTYPE. 191 */ 192 if (saved_error != 0 && error == ENOPROTOOPT) 193 error = saved_error; 194 else 195 error = EPROTONOSUPPORT; 196 return (set_errno(error)); 197 } 198 } 199 if (error = falloc(vp, FWRITE|FREAD, &fp, &fd)) { 200 (void) VOP_CLOSE(vp, 0, 1, 0, CRED(), NULL); 201 VN_RELE(vp); 202 return (set_errno(error)); 203 } 204 205 /* 206 * Now fill in the entries that falloc reserved 207 */ 208 mutex_exit(&fp->f_tlock); 209 setf(fd, fp); 210 211 return (fd); 212 } 213 214 /* 215 * Map from a file descriptor to a socket node. 216 * Returns with the file descriptor held i.e. the caller has to 217 * use releasef when done with the file descriptor. 218 */ 219 struct sonode * 220 getsonode(int sock, int *errorp, file_t **fpp) 221 { 222 file_t *fp; 223 vnode_t *vp; 224 struct sonode *so; 225 226 if ((fp = getf(sock)) == NULL) { 227 *errorp = EBADF; 228 eprintline(*errorp); 229 return (NULL); 230 } 231 vp = fp->f_vnode; 232 /* Check if it is a socket */ 233 if (vp->v_type != VSOCK) { 234 releasef(sock); 235 *errorp = ENOTSOCK; 236 eprintline(*errorp); 237 return (NULL); 238 } 239 /* 240 * Use the stream head to find the real socket vnode. 241 * This is needed when namefs sits above sockfs. 242 */ 243 if (vp->v_stream) { 244 ASSERT(vp->v_stream->sd_vnode); 245 vp = vp->v_stream->sd_vnode; 246 247 so = VTOSO(vp); 248 if (so->so_version == SOV_STREAM) { 249 releasef(sock); 250 *errorp = ENOTSOCK; 251 eprintsoline(so, *errorp); 252 return (NULL); 253 } 254 } else { 255 so = VTOSO(vp); 256 } 257 if (fpp) 258 *fpp = fp; 259 return (so); 260 } 261 262 /* 263 * Allocate and copyin a sockaddr. 264 * Ensures NULL termination for AF_UNIX addresses by extending them 265 * with one NULL byte if need be. Verifies that the length is not 266 * excessive to prevent an application from consuming all of kernel 267 * memory. Returns NULL when an error occurred. 268 */ 269 static struct sockaddr * 270 copyin_name(struct sonode *so, struct sockaddr *name, socklen_t *namelenp, 271 int *errorp) 272 { 273 char *faddr; 274 size_t namelen = (size_t)*namelenp; 275 276 ASSERT(namelen != 0); 277 if (namelen > SO_MAXARGSIZE) { 278 *errorp = EINVAL; 279 eprintsoline(so, *errorp); 280 return (NULL); 281 } 282 283 faddr = (char *)kmem_alloc(namelen, KM_SLEEP); 284 if (copyin(name, faddr, namelen)) { 285 kmem_free(faddr, namelen); 286 *errorp = EFAULT; 287 eprintsoline(so, *errorp); 288 return (NULL); 289 } 290 291 /* 292 * Add space for NULL termination if needed. 293 * Do a quick check if the last byte is NUL. 294 */ 295 if (so->so_family == AF_UNIX && faddr[namelen - 1] != '\0') { 296 /* Check if there is any NULL termination */ 297 size_t i; 298 int foundnull = 0; 299 300 for (i = sizeof (name->sa_family); i < namelen; i++) { 301 if (faddr[i] == '\0') { 302 foundnull = 1; 303 break; 304 } 305 } 306 if (!foundnull) { 307 /* Add extra byte for NUL padding */ 308 char *nfaddr; 309 310 nfaddr = (char *)kmem_alloc(namelen + 1, KM_SLEEP); 311 bcopy(faddr, nfaddr, namelen); 312 kmem_free(faddr, namelen); 313 314 /* NUL terminate */ 315 nfaddr[namelen] = '\0'; 316 namelen++; 317 ASSERT((socklen_t)namelen == namelen); 318 *namelenp = (socklen_t)namelen; 319 faddr = nfaddr; 320 } 321 } 322 return ((struct sockaddr *)faddr); 323 } 324 325 /* 326 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL. 327 */ 328 static int 329 copyout_arg(void *uaddr, socklen_t ulen, void *ulenp, 330 void *kaddr, socklen_t klen) 331 { 332 if (uaddr != NULL) { 333 if (ulen > klen) 334 ulen = klen; 335 336 if (ulen != 0) { 337 if (copyout(kaddr, uaddr, ulen)) 338 return (EFAULT); 339 } 340 } else 341 ulen = 0; 342 343 if (ulenp != NULL) { 344 if (copyout(&ulen, ulenp, sizeof (ulen))) 345 return (EFAULT); 346 } 347 return (0); 348 } 349 350 /* 351 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL. 352 * If klen is greater than ulen it still uses the non-truncated 353 * klen to update ulenp. 354 */ 355 static int 356 copyout_name(void *uaddr, socklen_t ulen, void *ulenp, 357 void *kaddr, socklen_t klen) 358 { 359 if (uaddr != NULL) { 360 if (ulen >= klen) 361 ulen = klen; 362 else if (ulen != 0 && xnet_truncate_print) { 363 printf("sockfs: truncating copyout of address using " 364 "XNET semantics for pid = %d. Lengths %d, %d\n", 365 curproc->p_pid, klen, ulen); 366 } 367 368 if (ulen != 0) { 369 if (copyout(kaddr, uaddr, ulen)) 370 return (EFAULT); 371 } else 372 klen = 0; 373 } else 374 klen = 0; 375 376 if (ulenp != NULL) { 377 if (copyout(&klen, ulenp, sizeof (klen))) 378 return (EFAULT); 379 } 380 return (0); 381 } 382 383 /* 384 * The socketpair() code in libsocket creates two sockets (using 385 * the /etc/netconfig fallback if needed) before calling this routine 386 * to connect the two sockets together. 387 * 388 * For a SOCK_STREAM socketpair a listener is needed - in that case this 389 * routine will create a new file descriptor as part of accepting the 390 * connection. The library socketpair() will check if svs[2] has changed 391 * in which case it will close the changed fd. 392 * 393 * Note that this code could use the TPI feature of accepting the connection 394 * on the listening endpoint. However, that would require significant changes 395 * to soaccept. 396 */ 397 int 398 so_socketpair(int sv[2]) 399 { 400 int svs[2]; 401 struct sonode *so1, *so2; 402 int error; 403 struct sockaddr_ux *name; 404 size_t namelen; 405 406 dprint(1, ("so_socketpair(%p)\n", (void *)sv)); 407 408 error = useracc(sv, sizeof (svs), B_WRITE); 409 if (error && do_useracc) 410 return (set_errno(EFAULT)); 411 412 if (copyin(sv, svs, sizeof (svs))) 413 return (set_errno(EFAULT)); 414 415 if ((so1 = getsonode(svs[0], &error, NULL)) == NULL) 416 return (set_errno(error)); 417 418 if ((so2 = getsonode(svs[1], &error, NULL)) == NULL) { 419 releasef(svs[0]); 420 return (set_errno(error)); 421 } 422 423 if (so1->so_family != AF_UNIX || so2->so_family != AF_UNIX) { 424 error = EOPNOTSUPP; 425 goto done; 426 } 427 428 /* 429 * The code below makes assumptions about the "sockfs" implementation. 430 * So make sure that the correct implementation is really used. 431 */ 432 ASSERT(so1->so_ops == &sotpi_sonodeops); 433 ASSERT(so2->so_ops == &sotpi_sonodeops); 434 435 if (so1->so_type == SOCK_DGRAM) { 436 /* 437 * Bind both sockets and connect them with each other. 438 * Need to allocate name/namelen for soconnect. 439 */ 440 error = SOP_BIND(so1, NULL, 0, _SOBIND_UNSPEC); 441 if (error) { 442 eprintsoline(so1, error); 443 goto done; 444 } 445 error = SOP_BIND(so2, NULL, 0, _SOBIND_UNSPEC); 446 if (error) { 447 eprintsoline(so2, error); 448 goto done; 449 } 450 namelen = sizeof (struct sockaddr_ux); 451 name = kmem_alloc(namelen, KM_SLEEP); 452 name->sou_family = AF_UNIX; 453 name->sou_addr = so2->so_ux_laddr; 454 error = SOP_CONNECT(so1, 455 (struct sockaddr *)name, 456 (socklen_t)namelen, 457 0, _SOCONNECT_NOXLATE); 458 if (error) { 459 kmem_free(name, namelen); 460 eprintsoline(so1, error); 461 goto done; 462 } 463 name->sou_addr = so1->so_ux_laddr; 464 error = SOP_CONNECT(so2, 465 (struct sockaddr *)name, 466 (socklen_t)namelen, 467 0, _SOCONNECT_NOXLATE); 468 kmem_free(name, namelen); 469 if (error) { 470 eprintsoline(so2, error); 471 goto done; 472 } 473 releasef(svs[0]); 474 releasef(svs[1]); 475 } else { 476 /* 477 * Bind both sockets, with so1 being a listener. 478 * Connect so2 to so1 - nonblocking to avoid waiting for 479 * soaccept to complete. 480 * Accept a connection on so1. Pass out the new fd as sv[0]. 481 * The library will detect the changed fd and close 482 * the original one. 483 */ 484 struct sonode *nso; 485 struct vnode *nvp; 486 struct file *nfp; 487 int nfd; 488 489 /* 490 * We could simply call SOP_LISTEN() here (which would do the 491 * binding automatically) if the code didn't rely on passing 492 * _SOBIND_NOXLATE to the TPI implementation of SOP_BIND(). 493 */ 494 error = SOP_BIND(so1, NULL, 0, _SOBIND_UNSPEC|_SOBIND_NOXLATE| 495 _SOBIND_LISTEN|_SOBIND_SOCKETPAIR); 496 if (error) { 497 eprintsoline(so1, error); 498 goto done; 499 } 500 error = SOP_BIND(so2, NULL, 0, _SOBIND_UNSPEC); 501 if (error) { 502 eprintsoline(so2, error); 503 goto done; 504 } 505 506 namelen = sizeof (struct sockaddr_ux); 507 name = kmem_alloc(namelen, KM_SLEEP); 508 name->sou_family = AF_UNIX; 509 name->sou_addr = so1->so_ux_laddr; 510 error = SOP_CONNECT(so2, 511 (struct sockaddr *)name, 512 (socklen_t)namelen, 513 FNONBLOCK, _SOCONNECT_NOXLATE); 514 kmem_free(name, namelen); 515 if (error) { 516 if (error != EINPROGRESS) { 517 eprintsoline(so2, error); 518 goto done; 519 } 520 } 521 522 error = SOP_ACCEPT(so1, 0, &nso); 523 if (error) { 524 eprintsoline(so1, error); 525 goto done; 526 } 527 528 /* wait for so2 being SS_CONNECTED ignoring signals */ 529 mutex_enter(&so2->so_lock); 530 error = sowaitconnected(so2, 0, 1); 531 mutex_exit(&so2->so_lock); 532 nvp = SOTOV(nso); 533 if (error != 0) { 534 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED(), NULL); 535 VN_RELE(nvp); 536 eprintsoline(so2, error); 537 goto done; 538 } 539 540 if (error = falloc(nvp, FWRITE|FREAD, &nfp, &nfd)) { 541 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED(), NULL); 542 VN_RELE(nvp); 543 eprintsoline(nso, error); 544 goto done; 545 } 546 /* 547 * fill in the entries that falloc reserved 548 */ 549 mutex_exit(&nfp->f_tlock); 550 setf(nfd, nfp); 551 552 releasef(svs[0]); 553 releasef(svs[1]); 554 svs[0] = nfd; 555 556 /* 557 * The socketpair library routine will close the original 558 * svs[0] when this code passes out a different file 559 * descriptor. 560 */ 561 if (copyout(svs, sv, sizeof (svs))) { 562 (void) closeandsetf(nfd, NULL); 563 eprintline(EFAULT); 564 return (set_errno(EFAULT)); 565 } 566 } 567 return (0); 568 569 done: 570 releasef(svs[0]); 571 releasef(svs[1]); 572 return (set_errno(error)); 573 } 574 575 int 576 bind(int sock, struct sockaddr *name, socklen_t namelen, int version) 577 { 578 struct sonode *so; 579 int error; 580 581 dprint(1, ("bind(%d, %p, %d)\n", 582 sock, (void *)name, namelen)); 583 584 if ((so = getsonode(sock, &error, NULL)) == NULL) 585 return (set_errno(error)); 586 587 /* Allocate and copyin name */ 588 /* 589 * X/Open test does not expect EFAULT with NULL name and non-zero 590 * namelen. 591 */ 592 if (name != NULL && namelen != 0) { 593 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 594 name = copyin_name(so, name, &namelen, &error); 595 if (name == NULL) { 596 releasef(sock); 597 return (set_errno(error)); 598 } 599 } else { 600 name = NULL; 601 namelen = 0; 602 } 603 604 switch (version) { 605 default: 606 error = SOP_BIND(so, name, namelen, 0); 607 break; 608 case SOV_XPG4_2: 609 error = SOP_BIND(so, name, namelen, _SOBIND_XPG4_2); 610 break; 611 case SOV_SOCKBSD: 612 error = SOP_BIND(so, name, namelen, _SOBIND_SOCKBSD); 613 break; 614 } 615 done: 616 releasef(sock); 617 if (name != NULL) 618 kmem_free(name, (size_t)namelen); 619 620 if (error) 621 return (set_errno(error)); 622 return (0); 623 } 624 625 /* ARGSUSED2 */ 626 int 627 listen(int sock, int backlog, int version) 628 { 629 struct sonode *so; 630 int error; 631 632 dprint(1, ("listen(%d, %d)\n", 633 sock, backlog)); 634 635 if ((so = getsonode(sock, &error, NULL)) == NULL) 636 return (set_errno(error)); 637 638 error = SOP_LISTEN(so, backlog); 639 640 releasef(sock); 641 if (error) 642 return (set_errno(error)); 643 return (0); 644 } 645 646 /*ARGSUSED3*/ 647 int 648 accept(int sock, struct sockaddr *name, socklen_t *namelenp, int version) 649 { 650 struct sonode *so; 651 file_t *fp; 652 int error; 653 socklen_t namelen; 654 struct sonode *nso; 655 struct vnode *nvp; 656 struct file *nfp; 657 int nfd; 658 659 dprint(1, ("accept(%d, %p, %p)\n", 660 sock, (void *)name, (void *)namelenp)); 661 662 if ((so = getsonode(sock, &error, &fp)) == NULL) 663 return (set_errno(error)); 664 665 if (name != NULL) { 666 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 667 if (copyin(namelenp, &namelen, sizeof (namelen))) { 668 releasef(sock); 669 return (set_errno(EFAULT)); 670 } 671 if (namelen != 0) { 672 error = useracc(name, (size_t)namelen, B_WRITE); 673 if (error && do_useracc) { 674 releasef(sock); 675 return (set_errno(EFAULT)); 676 } 677 } else 678 name = NULL; 679 } else { 680 namelen = 0; 681 } 682 683 /* 684 * Allocate the user fd before SOP_ACCEPT() in order to 685 * catch EMFILE errors before calling SOP_ACCEPT(). 686 */ 687 if ((nfd = ufalloc(0)) == -1) { 688 eprintsoline(so, EMFILE); 689 releasef(sock); 690 return (set_errno(EMFILE)); 691 } 692 error = SOP_ACCEPT(so, fp->f_flag, &nso); 693 releasef(sock); 694 if (error) { 695 setf(nfd, NULL); 696 return (set_errno(error)); 697 } 698 699 nvp = SOTOV(nso); 700 701 /* 702 * so_faddr_sa can not go away even though we are not holding so_lock. 703 * However, in theory its content could change from underneath us. 704 * But this is not possible in practice since it can only 705 * change due to either some socket system call 706 * or due to a T_CONN_CON being received from the stream head. 707 * Since the falloc/setf have not yet been done no thread 708 * can do any system call on nso and T_CONN_CON can not arrive 709 * on a socket that is already connected. 710 * Thus there is no reason to hold so_lock here. 711 * 712 * SOP_ACCEPT() is required to have set the valid bit for the faddr, 713 * but it could be instantly cleared by a disconnect from the transport. 714 * For that reason we ignore it here. 715 */ 716 ASSERT(MUTEX_NOT_HELD(&nso->so_lock)); 717 error = copyout_name(name, namelen, namelenp, 718 nso->so_faddr_sa, (socklen_t)nso->so_faddr_len); 719 if (error) { 720 setf(nfd, NULL); 721 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED(), NULL); 722 VN_RELE(nvp); 723 return (set_errno(error)); 724 } 725 if (error = falloc(NULL, FWRITE|FREAD, &nfp, NULL)) { 726 setf(nfd, NULL); 727 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED(), NULL); 728 VN_RELE(nvp); 729 eprintsoline(so, error); 730 return (set_errno(error)); 731 } 732 /* 733 * fill in the entries that falloc reserved 734 */ 735 nfp->f_vnode = nvp; 736 mutex_exit(&nfp->f_tlock); 737 setf(nfd, nfp); 738 739 /* 740 * Copy FNDELAY and FNONBLOCK from listener to acceptor 741 */ 742 if (so->so_state & (SS_NDELAY|SS_NONBLOCK)) { 743 uint_t oflag = nfp->f_flag; 744 int arg = 0; 745 746 if (so->so_state & SS_NONBLOCK) 747 arg |= FNONBLOCK; 748 else if (so->so_state & SS_NDELAY) 749 arg |= FNDELAY; 750 751 /* 752 * This code is a simplification of the F_SETFL code in fcntl() 753 * Ignore any errors from VOP_SETFL. 754 */ 755 if ((error = VOP_SETFL(nvp, oflag, arg, nfp->f_cred, NULL)) 756 != 0) { 757 eprintsoline(so, error); 758 error = 0; 759 } else { 760 mutex_enter(&nfp->f_tlock); 761 nfp->f_flag &= ~FMASK | (FREAD|FWRITE); 762 nfp->f_flag |= arg; 763 mutex_exit(&nfp->f_tlock); 764 } 765 } 766 return (nfd); 767 } 768 769 int 770 connect(int sock, struct sockaddr *name, socklen_t namelen, int version) 771 { 772 struct sonode *so; 773 file_t *fp; 774 int error; 775 776 dprint(1, ("connect(%d, %p, %d)\n", 777 sock, (void *)name, namelen)); 778 779 if ((so = getsonode(sock, &error, &fp)) == NULL) 780 return (set_errno(error)); 781 782 /* Allocate and copyin name */ 783 if (namelen != 0) { 784 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 785 name = copyin_name(so, name, &namelen, &error); 786 if (name == NULL) { 787 releasef(sock); 788 return (set_errno(error)); 789 } 790 } else 791 name = NULL; 792 793 error = SOP_CONNECT(so, name, namelen, fp->f_flag, 794 (version != SOV_XPG4_2) ? 0 : _SOCONNECT_XPG4_2); 795 releasef(sock); 796 if (name) 797 kmem_free(name, (size_t)namelen); 798 if (error) 799 return (set_errno(error)); 800 return (0); 801 } 802 803 /*ARGSUSED2*/ 804 int 805 shutdown(int sock, int how, int version) 806 { 807 struct sonode *so; 808 int error; 809 810 dprint(1, ("shutdown(%d, %d)\n", 811 sock, how)); 812 813 if ((so = getsonode(sock, &error, NULL)) == NULL) 814 return (set_errno(error)); 815 816 error = SOP_SHUTDOWN(so, how); 817 818 releasef(sock); 819 if (error) 820 return (set_errno(error)); 821 return (0); 822 } 823 824 /* 825 * Common receive routine. 826 */ 827 static ssize_t 828 recvit(int sock, 829 struct nmsghdr *msg, 830 struct uio *uiop, 831 int flags, 832 socklen_t *namelenp, 833 socklen_t *controllenp, 834 int *flagsp) 835 { 836 struct sonode *so; 837 file_t *fp; 838 void *name; 839 socklen_t namelen; 840 void *control; 841 socklen_t controllen; 842 ssize_t len; 843 int error; 844 845 if ((so = getsonode(sock, &error, &fp)) == NULL) 846 return (set_errno(error)); 847 848 len = uiop->uio_resid; 849 uiop->uio_fmode = fp->f_flag; 850 uiop->uio_extflg = UIO_COPY_CACHED; 851 852 name = msg->msg_name; 853 namelen = msg->msg_namelen; 854 control = msg->msg_control; 855 controllen = msg->msg_controllen; 856 857 msg->msg_flags = flags & (MSG_OOB | MSG_PEEK | MSG_WAITALL | 858 MSG_DONTWAIT | MSG_XPG4_2); 859 860 error = SOP_RECVMSG(so, msg, uiop); 861 if (error) { 862 releasef(sock); 863 return (set_errno(error)); 864 } 865 lwp_stat_update(LWP_STAT_MSGRCV, 1); 866 so_update_attrs(so, SOACC); 867 releasef(sock); 868 869 error = copyout_name(name, namelen, namelenp, 870 msg->msg_name, msg->msg_namelen); 871 if (error) 872 goto err; 873 874 if (flagsp != NULL) { 875 /* 876 * Clear internal flag. 877 */ 878 msg->msg_flags &= ~MSG_XPG4_2; 879 880 /* 881 * Determine MSG_CTRUNC. sorecvmsg sets MSG_CTRUNC only 882 * when controllen is zero and there is control data to 883 * copy out. 884 */ 885 if (controllen != 0 && 886 (msg->msg_controllen > controllen || control == NULL)) { 887 dprint(1, ("recvit: CTRUNC %d %d %p\n", 888 msg->msg_controllen, controllen, control)); 889 890 msg->msg_flags |= MSG_CTRUNC; 891 } 892 if (copyout(&msg->msg_flags, flagsp, 893 sizeof (msg->msg_flags))) { 894 error = EFAULT; 895 goto err; 896 } 897 } 898 /* 899 * Note: This MUST be done last. There can be no "goto err" after this 900 * point since it could make so_closefds run twice on some part 901 * of the file descriptor array. 902 */ 903 if (controllen != 0) { 904 if (!(flags & MSG_XPG4_2)) { 905 /* 906 * Good old msg_accrights can only return a multiple 907 * of 4 bytes. 908 */ 909 controllen &= ~((int)sizeof (uint32_t) - 1); 910 } 911 error = copyout_arg(control, controllen, controllenp, 912 msg->msg_control, msg->msg_controllen); 913 if (error) 914 goto err; 915 916 if (msg->msg_controllen > controllen || control == NULL) { 917 if (control == NULL) 918 controllen = 0; 919 so_closefds(msg->msg_control, msg->msg_controllen, 920 !(flags & MSG_XPG4_2), controllen); 921 } 922 } 923 if (msg->msg_namelen != 0) 924 kmem_free(msg->msg_name, (size_t)msg->msg_namelen); 925 if (msg->msg_controllen != 0) 926 kmem_free(msg->msg_control, (size_t)msg->msg_controllen); 927 return (len - uiop->uio_resid); 928 929 err: 930 /* 931 * If we fail and the control part contains file descriptors 932 * we have to close the fd's. 933 */ 934 if (msg->msg_controllen != 0) 935 so_closefds(msg->msg_control, msg->msg_controllen, 936 !(flags & MSG_XPG4_2), 0); 937 if (msg->msg_namelen != 0) 938 kmem_free(msg->msg_name, (size_t)msg->msg_namelen); 939 if (msg->msg_controllen != 0) 940 kmem_free(msg->msg_control, (size_t)msg->msg_controllen); 941 return (set_errno(error)); 942 } 943 944 /* 945 * Native system call 946 */ 947 ssize_t 948 recv(int sock, void *buffer, size_t len, int flags) 949 { 950 struct nmsghdr lmsg; 951 struct uio auio; 952 struct iovec aiov[1]; 953 954 dprint(1, ("recv(%d, %p, %ld, %d)\n", 955 sock, buffer, len, flags)); 956 957 if ((ssize_t)len < 0) { 958 return (set_errno(EINVAL)); 959 } 960 961 aiov[0].iov_base = buffer; 962 aiov[0].iov_len = len; 963 auio.uio_loffset = 0; 964 auio.uio_iov = aiov; 965 auio.uio_iovcnt = 1; 966 auio.uio_resid = len; 967 auio.uio_segflg = UIO_USERSPACE; 968 auio.uio_limit = 0; 969 970 lmsg.msg_namelen = 0; 971 lmsg.msg_controllen = 0; 972 lmsg.msg_flags = 0; 973 return (recvit(sock, &lmsg, &auio, flags, NULL, NULL, NULL)); 974 } 975 976 ssize_t 977 recvfrom(int sock, void *buffer, size_t len, int flags, 978 struct sockaddr *name, socklen_t *namelenp) 979 { 980 struct nmsghdr lmsg; 981 struct uio auio; 982 struct iovec aiov[1]; 983 984 dprint(1, ("recvfrom(%d, %p, %ld, %d, %p, %p)\n", 985 sock, buffer, len, flags, (void *)name, (void *)namelenp)); 986 987 if ((ssize_t)len < 0) { 988 return (set_errno(EINVAL)); 989 } 990 991 aiov[0].iov_base = buffer; 992 aiov[0].iov_len = len; 993 auio.uio_loffset = 0; 994 auio.uio_iov = aiov; 995 auio.uio_iovcnt = 1; 996 auio.uio_resid = len; 997 auio.uio_segflg = UIO_USERSPACE; 998 auio.uio_limit = 0; 999 1000 lmsg.msg_name = (char *)name; 1001 if (namelenp != NULL) { 1002 if (copyin(namelenp, &lmsg.msg_namelen, 1003 sizeof (lmsg.msg_namelen))) 1004 return (set_errno(EFAULT)); 1005 } else { 1006 lmsg.msg_namelen = 0; 1007 } 1008 lmsg.msg_controllen = 0; 1009 lmsg.msg_flags = 0; 1010 1011 return (recvit(sock, &lmsg, &auio, flags, namelenp, NULL, NULL)); 1012 } 1013 1014 /* 1015 * Uses the MSG_XPG4_2 flag to determine if the caller is using 1016 * struct omsghdr or struct nmsghdr. 1017 */ 1018 ssize_t 1019 recvmsg(int sock, struct nmsghdr *msg, int flags) 1020 { 1021 STRUCT_DECL(nmsghdr, u_lmsg); 1022 STRUCT_HANDLE(nmsghdr, umsgptr); 1023 struct nmsghdr lmsg; 1024 struct uio auio; 1025 struct iovec aiov[MSG_MAXIOVLEN]; 1026 int iovcnt; 1027 ssize_t len; 1028 int i; 1029 int *flagsp; 1030 model_t model; 1031 1032 dprint(1, ("recvmsg(%d, %p, %d)\n", 1033 sock, (void *)msg, flags)); 1034 1035 model = get_udatamodel(); 1036 STRUCT_INIT(u_lmsg, model); 1037 STRUCT_SET_HANDLE(umsgptr, model, msg); 1038 1039 if (flags & MSG_XPG4_2) { 1040 if (copyin(msg, STRUCT_BUF(u_lmsg), STRUCT_SIZE(u_lmsg))) 1041 return (set_errno(EFAULT)); 1042 flagsp = STRUCT_FADDR(umsgptr, msg_flags); 1043 } else { 1044 /* 1045 * Assumes that nmsghdr and omsghdr are identically shaped 1046 * except for the added msg_flags field. 1047 */ 1048 if (copyin(msg, STRUCT_BUF(u_lmsg), 1049 SIZEOF_STRUCT(omsghdr, model))) 1050 return (set_errno(EFAULT)); 1051 STRUCT_FSET(u_lmsg, msg_flags, 0); 1052 flagsp = NULL; 1053 } 1054 1055 /* 1056 * Code below us will kmem_alloc memory and hang it 1057 * off msg_control and msg_name fields. This forces 1058 * us to copy the structure to its native form. 1059 */ 1060 lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name); 1061 lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen); 1062 lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov); 1063 lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen); 1064 lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control); 1065 lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen); 1066 lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags); 1067 1068 iovcnt = lmsg.msg_iovlen; 1069 1070 if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) { 1071 return (set_errno(EMSGSIZE)); 1072 } 1073 1074 #ifdef _SYSCALL32_IMPL 1075 /* 1076 * 32-bit callers need to have their iovec expanded, while ensuring 1077 * that they can't move more than 2Gbytes of data in a single call. 1078 */ 1079 if (model == DATAMODEL_ILP32) { 1080 struct iovec32 aiov32[MSG_MAXIOVLEN]; 1081 ssize32_t count32; 1082 1083 if (copyin((struct iovec32 *)lmsg.msg_iov, aiov32, 1084 iovcnt * sizeof (struct iovec32))) 1085 return (set_errno(EFAULT)); 1086 1087 count32 = 0; 1088 for (i = 0; i < iovcnt; i++) { 1089 ssize32_t iovlen32; 1090 1091 iovlen32 = aiov32[i].iov_len; 1092 count32 += iovlen32; 1093 if (iovlen32 < 0 || count32 < 0) 1094 return (set_errno(EINVAL)); 1095 aiov[i].iov_len = iovlen32; 1096 aiov[i].iov_base = 1097 (caddr_t)(uintptr_t)aiov32[i].iov_base; 1098 } 1099 } else 1100 #endif /* _SYSCALL32_IMPL */ 1101 if (copyin(lmsg.msg_iov, aiov, iovcnt * sizeof (struct iovec))) { 1102 return (set_errno(EFAULT)); 1103 } 1104 len = 0; 1105 for (i = 0; i < iovcnt; i++) { 1106 ssize_t iovlen = aiov[i].iov_len; 1107 len += iovlen; 1108 if (iovlen < 0 || len < 0) { 1109 return (set_errno(EINVAL)); 1110 } 1111 } 1112 auio.uio_loffset = 0; 1113 auio.uio_iov = aiov; 1114 auio.uio_iovcnt = iovcnt; 1115 auio.uio_resid = len; 1116 auio.uio_segflg = UIO_USERSPACE; 1117 auio.uio_limit = 0; 1118 1119 if (lmsg.msg_control != NULL && 1120 (do_useracc == 0 || 1121 useracc(lmsg.msg_control, lmsg.msg_controllen, 1122 B_WRITE) != 0)) { 1123 return (set_errno(EFAULT)); 1124 } 1125 1126 return (recvit(sock, &lmsg, &auio, flags, 1127 STRUCT_FADDR(umsgptr, msg_namelen), 1128 STRUCT_FADDR(umsgptr, msg_controllen), flagsp)); 1129 } 1130 1131 /* 1132 * Common send function. 1133 */ 1134 static ssize_t 1135 sendit(int sock, struct nmsghdr *msg, struct uio *uiop, int flags) 1136 { 1137 struct sonode *so; 1138 file_t *fp; 1139 void *name; 1140 socklen_t namelen; 1141 void *control; 1142 socklen_t controllen; 1143 ssize_t len; 1144 int error; 1145 1146 if ((so = getsonode(sock, &error, &fp)) == NULL) 1147 return (set_errno(error)); 1148 1149 uiop->uio_fmode = fp->f_flag; 1150 1151 if (so->so_family == AF_UNIX) 1152 uiop->uio_extflg = UIO_COPY_CACHED; 1153 else 1154 uiop->uio_extflg = UIO_COPY_DEFAULT; 1155 1156 /* Allocate and copyin name and control */ 1157 name = msg->msg_name; 1158 namelen = msg->msg_namelen; 1159 if (name != NULL && namelen != 0) { 1160 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1161 name = copyin_name(so, 1162 (struct sockaddr *)name, 1163 &namelen, &error); 1164 if (name == NULL) 1165 goto done3; 1166 /* copyin_name null terminates addresses for AF_UNIX */ 1167 msg->msg_namelen = namelen; 1168 msg->msg_name = name; 1169 } else { 1170 msg->msg_name = name = NULL; 1171 msg->msg_namelen = namelen = 0; 1172 } 1173 1174 control = msg->msg_control; 1175 controllen = msg->msg_controllen; 1176 if ((control != NULL) && (controllen != 0)) { 1177 /* 1178 * Verify that the length is not excessive to prevent 1179 * an application from consuming all of kernel memory. 1180 */ 1181 if (controllen > SO_MAXARGSIZE) { 1182 error = EINVAL; 1183 goto done2; 1184 } 1185 control = kmem_alloc(controllen, KM_SLEEP); 1186 1187 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1188 if (copyin(msg->msg_control, control, controllen)) { 1189 error = EFAULT; 1190 goto done1; 1191 } 1192 msg->msg_control = control; 1193 } else { 1194 msg->msg_control = control = NULL; 1195 msg->msg_controllen = controllen = 0; 1196 } 1197 1198 len = uiop->uio_resid; 1199 msg->msg_flags = flags; 1200 1201 error = SOP_SENDMSG(so, msg, uiop); 1202 done1: 1203 if (control != NULL) 1204 kmem_free(control, controllen); 1205 done2: 1206 if (name != NULL) 1207 kmem_free(name, namelen); 1208 done3: 1209 if (error != 0) { 1210 releasef(sock); 1211 return (set_errno(error)); 1212 } 1213 lwp_stat_update(LWP_STAT_MSGSND, 1); 1214 so_update_attrs(so, SOMOD); 1215 releasef(sock); 1216 return (len - uiop->uio_resid); 1217 } 1218 1219 /* 1220 * Native system call 1221 */ 1222 ssize_t 1223 send(int sock, void *buffer, size_t len, int flags) 1224 { 1225 struct nmsghdr lmsg; 1226 struct uio auio; 1227 struct iovec aiov[1]; 1228 1229 dprint(1, ("send(%d, %p, %ld, %d)\n", 1230 sock, buffer, len, flags)); 1231 1232 if ((ssize_t)len < 0) { 1233 return (set_errno(EINVAL)); 1234 } 1235 1236 aiov[0].iov_base = buffer; 1237 aiov[0].iov_len = len; 1238 auio.uio_loffset = 0; 1239 auio.uio_iov = aiov; 1240 auio.uio_iovcnt = 1; 1241 auio.uio_resid = len; 1242 auio.uio_segflg = UIO_USERSPACE; 1243 auio.uio_limit = 0; 1244 1245 lmsg.msg_name = NULL; 1246 lmsg.msg_control = NULL; 1247 if (!(flags & MSG_XPG4_2)) { 1248 /* 1249 * In order to be compatible with the libsocket/sockmod 1250 * implementation we set EOR for all send* calls. 1251 */ 1252 flags |= MSG_EOR; 1253 } 1254 return (sendit(sock, &lmsg, &auio, flags)); 1255 } 1256 1257 /* 1258 * Uses the MSG_XPG4_2 flag to determine if the caller is using 1259 * struct omsghdr or struct nmsghdr. 1260 */ 1261 ssize_t 1262 sendmsg(int sock, struct nmsghdr *msg, int flags) 1263 { 1264 struct nmsghdr lmsg; 1265 STRUCT_DECL(nmsghdr, u_lmsg); 1266 struct uio auio; 1267 struct iovec aiov[MSG_MAXIOVLEN]; 1268 int iovcnt; 1269 ssize_t len; 1270 int i; 1271 model_t model; 1272 1273 dprint(1, ("sendmsg(%d, %p, %d)\n", sock, (void *)msg, flags)); 1274 1275 model = get_udatamodel(); 1276 STRUCT_INIT(u_lmsg, model); 1277 1278 if (flags & MSG_XPG4_2) { 1279 if (copyin(msg, (char *)STRUCT_BUF(u_lmsg), 1280 STRUCT_SIZE(u_lmsg))) 1281 return (set_errno(EFAULT)); 1282 } else { 1283 /* 1284 * Assumes that nmsghdr and omsghdr are identically shaped 1285 * except for the added msg_flags field. 1286 */ 1287 if (copyin(msg, (char *)STRUCT_BUF(u_lmsg), 1288 SIZEOF_STRUCT(omsghdr, model))) 1289 return (set_errno(EFAULT)); 1290 /* 1291 * In order to be compatible with the libsocket/sockmod 1292 * implementation we set EOR for all send* calls. 1293 */ 1294 flags |= MSG_EOR; 1295 } 1296 1297 /* 1298 * Code below us will kmem_alloc memory and hang it 1299 * off msg_control and msg_name fields. This forces 1300 * us to copy the structure to its native form. 1301 */ 1302 lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name); 1303 lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen); 1304 lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov); 1305 lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen); 1306 lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control); 1307 lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen); 1308 lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags); 1309 1310 iovcnt = lmsg.msg_iovlen; 1311 1312 if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) { 1313 /* 1314 * Unless this is XPG 4.2 we allow iovcnt == 0 to 1315 * be compatible with SunOS 4.X and 4.4BSD. 1316 */ 1317 if (iovcnt != 0 || (flags & MSG_XPG4_2)) 1318 return (set_errno(EMSGSIZE)); 1319 } 1320 1321 #ifdef _SYSCALL32_IMPL 1322 /* 1323 * 32-bit callers need to have their iovec expanded, while ensuring 1324 * that they can't move more than 2Gbytes of data in a single call. 1325 */ 1326 if (model == DATAMODEL_ILP32) { 1327 struct iovec32 aiov32[MSG_MAXIOVLEN]; 1328 ssize32_t count32; 1329 1330 if (iovcnt != 0 && 1331 copyin((struct iovec32 *)lmsg.msg_iov, aiov32, 1332 iovcnt * sizeof (struct iovec32))) 1333 return (set_errno(EFAULT)); 1334 1335 count32 = 0; 1336 for (i = 0; i < iovcnt; i++) { 1337 ssize32_t iovlen32; 1338 1339 iovlen32 = aiov32[i].iov_len; 1340 count32 += iovlen32; 1341 if (iovlen32 < 0 || count32 < 0) 1342 return (set_errno(EINVAL)); 1343 aiov[i].iov_len = iovlen32; 1344 aiov[i].iov_base = 1345 (caddr_t)(uintptr_t)aiov32[i].iov_base; 1346 } 1347 } else 1348 #endif /* _SYSCALL32_IMPL */ 1349 if (iovcnt != 0 && 1350 copyin(lmsg.msg_iov, aiov, 1351 (unsigned)iovcnt * sizeof (struct iovec))) { 1352 return (set_errno(EFAULT)); 1353 } 1354 len = 0; 1355 for (i = 0; i < iovcnt; i++) { 1356 ssize_t iovlen = aiov[i].iov_len; 1357 len += iovlen; 1358 if (iovlen < 0 || len < 0) { 1359 return (set_errno(EINVAL)); 1360 } 1361 } 1362 auio.uio_loffset = 0; 1363 auio.uio_iov = aiov; 1364 auio.uio_iovcnt = iovcnt; 1365 auio.uio_resid = len; 1366 auio.uio_segflg = UIO_USERSPACE; 1367 auio.uio_limit = 0; 1368 1369 return (sendit(sock, &lmsg, &auio, flags)); 1370 } 1371 1372 ssize_t 1373 sendto(int sock, void *buffer, size_t len, int flags, 1374 struct sockaddr *name, socklen_t namelen) 1375 { 1376 struct nmsghdr lmsg; 1377 struct uio auio; 1378 struct iovec aiov[1]; 1379 1380 dprint(1, ("sendto(%d, %p, %ld, %d, %p, %d)\n", 1381 sock, buffer, len, flags, (void *)name, namelen)); 1382 1383 if ((ssize_t)len < 0) { 1384 return (set_errno(EINVAL)); 1385 } 1386 1387 aiov[0].iov_base = buffer; 1388 aiov[0].iov_len = len; 1389 auio.uio_loffset = 0; 1390 auio.uio_iov = aiov; 1391 auio.uio_iovcnt = 1; 1392 auio.uio_resid = len; 1393 auio.uio_segflg = UIO_USERSPACE; 1394 auio.uio_limit = 0; 1395 1396 lmsg.msg_name = (char *)name; 1397 lmsg.msg_namelen = namelen; 1398 lmsg.msg_control = NULL; 1399 if (!(flags & MSG_XPG4_2)) { 1400 /* 1401 * In order to be compatible with the libsocket/sockmod 1402 * implementation we set EOR for all send* calls. 1403 */ 1404 flags |= MSG_EOR; 1405 } 1406 return (sendit(sock, &lmsg, &auio, flags)); 1407 } 1408 1409 /*ARGSUSED3*/ 1410 int 1411 getpeername(int sock, struct sockaddr *name, socklen_t *namelenp, int version) 1412 { 1413 struct sonode *so; 1414 int error; 1415 socklen_t namelen; 1416 union { 1417 struct sockaddr_in sin; 1418 struct sockaddr_in6 sin6; 1419 } sin; /* Temporary buffer, common case */ 1420 void *addr; /* Temporary buffer, uncommon case */ 1421 socklen_t addrlen, size; 1422 1423 dprint(1, ("getpeername(%d, %p, %p)\n", 1424 sock, (void *)name, (void *)namelenp)); 1425 1426 if ((so = getsonode(sock, &error, NULL)) == NULL) 1427 goto bad; 1428 1429 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1430 if (copyin(namelenp, &namelen, sizeof (namelen)) || 1431 (name == NULL && namelen != 0)) { 1432 error = EFAULT; 1433 goto rel_out; 1434 } 1435 /* 1436 * If a connect or accept has been done, unless we're an Xnet socket, 1437 * the remote address has already been updated in so_faddr_sa. 1438 */ 1439 if (so->so_version != SOV_SOCKSTREAM && so->so_version != SOV_SOCKBSD || 1440 !(so->so_state & SS_FADDR_VALID)) { 1441 if ((error = SOP_GETPEERNAME(so)) != 0) 1442 goto rel_out; 1443 } 1444 1445 if (so->so_faddr_maxlen <= sizeof (sin)) { 1446 size = 0; 1447 addr = &sin; 1448 } else { 1449 /* 1450 * Allocate temporary to avoid holding so_lock across 1451 * copyout 1452 */ 1453 size = so->so_faddr_maxlen; 1454 addr = kmem_alloc(size, KM_SLEEP); 1455 } 1456 /* Prevent so_faddr_sa/len from changing while accessed */ 1457 mutex_enter(&so->so_lock); 1458 if (!(so->so_state & SS_ISCONNECTED)) { 1459 mutex_exit(&so->so_lock); 1460 error = ENOTCONN; 1461 goto free_out; 1462 } 1463 addrlen = so->so_faddr_len; 1464 bcopy(so->so_faddr_sa, addr, addrlen); 1465 mutex_exit(&so->so_lock); 1466 1467 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1468 error = copyout_name(name, namelen, namelenp, addr, 1469 (so->so_state & SS_FADDR_NOXLATE) ? 0 : addrlen); 1470 free_out: 1471 if (size != 0) 1472 kmem_free(addr, size); 1473 rel_out: 1474 releasef(sock); 1475 bad: return (error != 0 ? set_errno(error) : 0); 1476 } 1477 1478 /*ARGSUSED3*/ 1479 int 1480 getsockname(int sock, struct sockaddr *name, 1481 socklen_t *namelenp, int version) 1482 { 1483 struct sonode *so; 1484 int error; 1485 socklen_t namelen; 1486 union { 1487 struct sockaddr_in sin; 1488 struct sockaddr_in6 sin6; 1489 } sin; /* Temporary buffer, common case */ 1490 void *addr; /* Temporary buffer, uncommon case */ 1491 socklen_t addrlen, size; 1492 1493 dprint(1, ("getsockname(%d, %p, %p)\n", 1494 sock, (void *)name, (void *)namelenp)); 1495 1496 if ((so = getsonode(sock, &error, NULL)) == NULL) 1497 goto bad; 1498 1499 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1500 if (copyin(namelenp, &namelen, sizeof (namelen)) || 1501 (name == NULL && namelen != 0)) { 1502 error = EFAULT; 1503 goto rel_out; 1504 } 1505 1506 /* 1507 * If a bind or accept has been done, unless we're an Xnet endpoint, 1508 * the local address has already been updated in so_laddr_sa. 1509 */ 1510 if ((so->so_version != SOV_SOCKSTREAM && 1511 so->so_version != SOV_SOCKBSD) || 1512 !(so->so_state & SS_LADDR_VALID)) { 1513 if ((error = SOP_GETSOCKNAME(so)) != 0) 1514 goto rel_out; 1515 } 1516 1517 if (so->so_laddr_maxlen <= sizeof (sin)) { 1518 size = 0; 1519 addr = &sin; 1520 } else { 1521 /* 1522 * Allocate temporary to avoid holding so_lock across 1523 * copyout 1524 */ 1525 size = so->so_laddr_maxlen; 1526 addr = kmem_alloc(size, KM_SLEEP); 1527 } 1528 /* Prevent so_laddr_sa/len from changing while accessed */ 1529 mutex_enter(&so->so_lock); 1530 addrlen = so->so_laddr_len; 1531 bcopy(so->so_laddr_sa, addr, addrlen); 1532 mutex_exit(&so->so_lock); 1533 1534 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1535 error = copyout_name(name, namelen, namelenp, 1536 addr, addrlen); 1537 if (size != 0) 1538 kmem_free(addr, size); 1539 rel_out: 1540 releasef(sock); 1541 bad: return (error != 0 ? set_errno(error) : 0); 1542 } 1543 1544 /*ARGSUSED5*/ 1545 int 1546 getsockopt(int sock, 1547 int level, 1548 int option_name, 1549 void *option_value, 1550 socklen_t *option_lenp, 1551 int version) 1552 { 1553 struct sonode *so; 1554 socklen_t optlen, optlen_res; 1555 void *optval; 1556 int error; 1557 1558 dprint(1, ("getsockopt(%d, %d, %d, %p, %p)\n", 1559 sock, level, option_name, option_value, (void *)option_lenp)); 1560 1561 if ((so = getsonode(sock, &error, NULL)) == NULL) 1562 return (set_errno(error)); 1563 1564 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1565 if (copyin(option_lenp, &optlen, sizeof (optlen))) { 1566 releasef(sock); 1567 return (set_errno(EFAULT)); 1568 } 1569 /* 1570 * Verify that the length is not excessive to prevent 1571 * an application from consuming all of kernel memory. 1572 */ 1573 if (optlen > SO_MAXARGSIZE) { 1574 error = EINVAL; 1575 releasef(sock); 1576 return (set_errno(error)); 1577 } 1578 optval = kmem_alloc(optlen, KM_SLEEP); 1579 optlen_res = optlen; 1580 error = SOP_GETSOCKOPT(so, level, option_name, optval, 1581 &optlen_res, (version != SOV_XPG4_2) ? 0 : _SOGETSOCKOPT_XPG4_2); 1582 releasef(sock); 1583 if (error) { 1584 kmem_free(optval, optlen); 1585 return (set_errno(error)); 1586 } 1587 error = copyout_arg(option_value, optlen, option_lenp, 1588 optval, optlen_res); 1589 kmem_free(optval, optlen); 1590 if (error) 1591 return (set_errno(error)); 1592 return (0); 1593 } 1594 1595 /*ARGSUSED5*/ 1596 int 1597 setsockopt(int sock, 1598 int level, 1599 int option_name, 1600 void *option_value, 1601 socklen_t option_len, 1602 int version) 1603 { 1604 struct sonode *so; 1605 intptr_t buffer[2]; 1606 void *optval = NULL; 1607 int error; 1608 1609 dprint(1, ("setsockopt(%d, %d, %d, %p, %d)\n", 1610 sock, level, option_name, option_value, option_len)); 1611 1612 if ((so = getsonode(sock, &error, NULL)) == NULL) 1613 return (set_errno(error)); 1614 1615 if (option_value != NULL) { 1616 if (option_len != 0) { 1617 /* 1618 * Verify that the length is not excessive to prevent 1619 * an application from consuming all of kernel memory. 1620 */ 1621 if (option_len > SO_MAXARGSIZE) { 1622 error = EINVAL; 1623 goto done2; 1624 } 1625 optval = option_len <= sizeof (buffer) ? 1626 &buffer : kmem_alloc((size_t)option_len, KM_SLEEP); 1627 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1628 if (copyin(option_value, optval, (size_t)option_len)) { 1629 error = EFAULT; 1630 goto done1; 1631 } 1632 } 1633 } else 1634 option_len = 0; 1635 1636 error = SOP_SETSOCKOPT(so, level, option_name, optval, 1637 (t_uscalar_t)option_len); 1638 done1: 1639 if (optval != buffer) 1640 kmem_free(optval, (size_t)option_len); 1641 done2: 1642 releasef(sock); 1643 if (error) 1644 return (set_errno(error)); 1645 return (0); 1646 } 1647 1648 /* 1649 * Add config info when devpath is non-NULL; delete info when devpath is NULL. 1650 * devpath is a user address. 1651 */ 1652 int 1653 sockconfig(int domain, int type, int protocol, char *devpath) 1654 { 1655 char *kdevpath; /* Copied in devpath string */ 1656 size_t kdevpathlen; 1657 int error = 0; 1658 1659 dprint(1, ("sockconfig(%d, %d, %d, %p)\n", 1660 domain, type, protocol, (void *)devpath)); 1661 1662 if (secpolicy_net_config(CRED(), B_FALSE) != 0) 1663 return (set_errno(EPERM)); 1664 1665 if (devpath == NULL) { 1666 /* Deleting an entry */ 1667 kdevpath = NULL; 1668 kdevpathlen = 0; 1669 } else { 1670 /* 1671 * Adding an entry. 1672 * Copyin the devpath. 1673 * This also makes it possible to check for too long pathnames. 1674 * Compress the space needed for the devpath before passing it 1675 * to soconfig - soconfig will store the string until 1676 * the configuration is removed. 1677 */ 1678 char *buf; 1679 1680 buf = kmem_alloc(MAXPATHLEN, KM_SLEEP); 1681 if ((error = copyinstr(devpath, buf, MAXPATHLEN, 1682 &kdevpathlen)) != 0) { 1683 kmem_free(buf, MAXPATHLEN); 1684 goto done; 1685 } 1686 1687 kdevpath = kmem_alloc(kdevpathlen, KM_SLEEP); 1688 bcopy(buf, kdevpath, kdevpathlen); 1689 kdevpath[kdevpathlen - 1] = '\0'; 1690 1691 kmem_free(buf, MAXPATHLEN); 1692 } 1693 error = soconfig(domain, type, protocol, kdevpath, (int)kdevpathlen); 1694 done: 1695 if (error) { 1696 eprintline(error); 1697 return (set_errno(error)); 1698 } 1699 return (0); 1700 } 1701 1702 1703 /* 1704 * Sendfile is implemented through two schemes, direct I/O or by 1705 * caching in the filesystem page cache. We cache the input file by 1706 * default and use direct I/O only if sendfile_max_size is set 1707 * appropriately as explained below. Note that this logic is consistent 1708 * with other filesystems where caching is turned on by default 1709 * unless explicitly turned off by using the DIRECTIO ioctl. 1710 * 1711 * We choose a slightly different scheme here. One can turn off 1712 * caching by setting sendfile_max_size to 0. One can also enable 1713 * caching of files <= sendfile_max_size by setting sendfile_max_size 1714 * to an appropriate value. By default sendfile_max_size is set to the 1715 * maximum value so that all files are cached. In future, we may provide 1716 * better interfaces for caching the file. 1717 * 1718 * Sendfile through Direct I/O (Zero copy) 1719 * -------------------------------------- 1720 * 1721 * As disks are normally slower than the network, we can't have a 1722 * single thread that reads the disk and writes to the network. We 1723 * need to have parallelism. This is done by having the sendfile 1724 * thread create another thread that reads from the filesystem 1725 * and queues it for network processing. In this scheme, the data 1726 * is never copied anywhere i.e it is zero copy unlike the other 1727 * scheme. 1728 * 1729 * We have a sendfile queue (snfq) where each sendfile 1730 * request (snf_req_t) is queued for processing by a thread. Number 1731 * of threads is dynamically allocated and they exit if they are idling 1732 * beyond a specified amount of time. When each request (snf_req_t) is 1733 * processed by a thread, it produces a number of mblk_t structures to 1734 * be consumed by the sendfile thread. snf_deque and snf_enque are 1735 * used for consuming and producing mblks. Size of the filesystem 1736 * read is determined by the tunable (sendfile_read_size). A single 1737 * mblk holds sendfile_read_size worth of data (except the last 1738 * read of the file) which is sent down as a whole to the network. 1739 * sendfile_read_size is set to 1 MB as this seems to be the optimal 1740 * value for the UFS filesystem backed by a striped storage array. 1741 * 1742 * Synchronisation between read (producer) and write (consumer) threads. 1743 * -------------------------------------------------------------------- 1744 * 1745 * sr_lock protects sr_ib_head and sr_ib_tail. The lock is held while 1746 * adding and deleting items in this list. Error can happen anytime 1747 * during read or write. There could be unprocessed mblks in the 1748 * sr_ib_XXX list when a read or write error occurs. Whenever error 1749 * is encountered, we need two things to happen : 1750 * 1751 * a) One of the threads need to clean the mblks. 1752 * b) When one thread encounters an error, the other should stop. 1753 * 1754 * For (a), we don't want to penalize the reader thread as it could do 1755 * some useful work processing other requests. For (b), the error can 1756 * be detected by examining sr_read_error or sr_write_error. 1757 * sr_lock protects sr_read_error and sr_write_error. If both reader and 1758 * writer encounters error, we need to report the write error back to 1759 * the application as that's what would have happened if the operations 1760 * were done sequentially. With this in mind, following should work : 1761 * 1762 * - Check for errors before read or write. 1763 * - If the reader encounters error, set the error in sr_read_error. 1764 * Check sr_write_error, if it is set, send cv_signal as it is 1765 * waiting for reader to complete. If it is not set, the writer 1766 * is either running sinking data to the network or blocked 1767 * because of flow control. For handling the latter case, we 1768 * always send a signal. In any case, it will examine sr_read_error 1769 * and return. sr_read_error is marked with SR_READ_DONE to tell 1770 * the writer that the reader is done in all the cases. 1771 * - If the writer encounters error, set the error in sr_write_error. 1772 * The reader thread is either blocked because of flow control or 1773 * running reading data from the disk. For the former, we need to 1774 * wakeup the thread. Again to keep it simple, we always wake up 1775 * the reader thread. Then, wait for the read thread to complete 1776 * if it is not done yet. Cleanup and return. 1777 * 1778 * High and low water marks for the read thread. 1779 * -------------------------------------------- 1780 * 1781 * If sendfile() is used to send data over a slow network, we need to 1782 * make sure that the read thread does not produce data at a faster 1783 * rate than the network. This can happen if the disk is faster than 1784 * the network. In such a case, we don't want to build a very large queue. 1785 * But we would still like to get all of the network throughput possible. 1786 * This implies that network should never block waiting for data. 1787 * As there are lot of disk throughput/network throughput combinations 1788 * possible, it is difficult to come up with an accurate number. 1789 * A typical 10K RPM disk has a max seek latency 17ms and rotational 1790 * latency of 3ms for reading a disk block. Thus, the total latency to 1791 * initiate a new read, transfer data from the disk and queue for 1792 * transmission would take about a max of 25ms. Todays max transfer rate 1793 * for network is 100MB/sec. If the thread is blocked because of flow 1794 * control, it would take 25ms to get new data ready for transmission. 1795 * We have to make sure that network is not idling, while we are initiating 1796 * new transfers. So, at 100MB/sec, to keep network busy we would need 1797 * 2.5MB of data. Rounding off, we keep the low water mark to be 3MB of data. 1798 * We need to pick a high water mark so that the woken up thread would 1799 * do considerable work before blocking again to prevent thrashing. Currently, 1800 * we pick this to be 10 times that of the low water mark. 1801 * 1802 * Sendfile with segmap caching (One copy from page cache to mblks). 1803 * ---------------------------------------------------------------- 1804 * 1805 * We use the segmap cache for caching the file, if the size of file 1806 * is <= sendfile_max_size. In this case we don't use threads as VM 1807 * is reasonably fast enough to keep up with the network. If the underlying 1808 * transport allows, we call segmap_getmapflt() to map MAXBSIZE (8K) worth 1809 * of data into segmap space, and use the virtual address from segmap 1810 * directly through desballoc() to avoid copy. Once the transport is done 1811 * with the data, the mapping will be released through segmap_release() 1812 * called by the call-back routine. 1813 * 1814 * If zero-copy is not allowed by the transport, we simply call VOP_READ() 1815 * to copy the data from the filesystem into our temporary network buffer. 1816 * 1817 * To disable caching, set sendfile_max_size to 0. 1818 */ 1819 1820 uint_t sendfile_read_size = 1024 * 1024; 1821 #define SENDFILE_REQ_LOWAT 3 * 1024 * 1024 1822 uint_t sendfile_req_lowat = SENDFILE_REQ_LOWAT; 1823 uint_t sendfile_req_hiwat = 10 * SENDFILE_REQ_LOWAT; 1824 struct sendfile_stats sf_stats; 1825 struct sendfile_queue *snfq; 1826 clock_t snfq_timeout; 1827 off64_t sendfile_max_size; 1828 1829 static void snf_enque(snf_req_t *, mblk_t *); 1830 static mblk_t *snf_deque(snf_req_t *); 1831 1832 void 1833 sendfile_init(void) 1834 { 1835 snfq = kmem_zalloc(sizeof (struct sendfile_queue), KM_SLEEP); 1836 1837 mutex_init(&snfq->snfq_lock, NULL, MUTEX_DEFAULT, NULL); 1838 cv_init(&snfq->snfq_cv, NULL, CV_DEFAULT, NULL); 1839 snfq->snfq_max_threads = max_ncpus; 1840 snfq_timeout = SNFQ_TIMEOUT; 1841 /* Cache all files by default. */ 1842 sendfile_max_size = MAXOFFSET_T; 1843 } 1844 1845 /* 1846 * Queues a mblk_t for network processing. 1847 */ 1848 static void 1849 snf_enque(snf_req_t *sr, mblk_t *mp) 1850 { 1851 mp->b_next = NULL; 1852 mutex_enter(&sr->sr_lock); 1853 if (sr->sr_mp_head == NULL) { 1854 sr->sr_mp_head = sr->sr_mp_tail = mp; 1855 cv_signal(&sr->sr_cv); 1856 } else { 1857 sr->sr_mp_tail->b_next = mp; 1858 sr->sr_mp_tail = mp; 1859 } 1860 sr->sr_qlen += MBLKL(mp); 1861 while ((sr->sr_qlen > sr->sr_hiwat) && 1862 (sr->sr_write_error == 0)) { 1863 sf_stats.ss_full_waits++; 1864 cv_wait(&sr->sr_cv, &sr->sr_lock); 1865 } 1866 mutex_exit(&sr->sr_lock); 1867 } 1868 1869 /* 1870 * De-queues a mblk_t for network processing. 1871 */ 1872 static mblk_t * 1873 snf_deque(snf_req_t *sr) 1874 { 1875 mblk_t *mp; 1876 1877 mutex_enter(&sr->sr_lock); 1878 /* 1879 * If we have encountered an error on read or read is 1880 * completed and no more mblks, return NULL. 1881 * We need to check for NULL sr_mp_head also as 1882 * the reads could have completed and there is 1883 * nothing more to come. 1884 */ 1885 if (((sr->sr_read_error & ~SR_READ_DONE) != 0) || 1886 ((sr->sr_read_error & SR_READ_DONE) && 1887 sr->sr_mp_head == NULL)) { 1888 mutex_exit(&sr->sr_lock); 1889 return (NULL); 1890 } 1891 /* 1892 * To start with neither SR_READ_DONE is marked nor 1893 * the error is set. When we wake up from cv_wait, 1894 * following are the possibilities : 1895 * 1896 * a) sr_read_error is zero and mblks are queued. 1897 * b) sr_read_error is set to SR_READ_DONE 1898 * and mblks are queued. 1899 * c) sr_read_error is set to SR_READ_DONE 1900 * and no mblks. 1901 * d) sr_read_error is set to some error other 1902 * than SR_READ_DONE. 1903 */ 1904 1905 while ((sr->sr_read_error == 0) && (sr->sr_mp_head == NULL)) { 1906 sf_stats.ss_empty_waits++; 1907 cv_wait(&sr->sr_cv, &sr->sr_lock); 1908 } 1909 /* Handle (a) and (b) first - the normal case. */ 1910 if (((sr->sr_read_error & ~SR_READ_DONE) == 0) && 1911 (sr->sr_mp_head != NULL)) { 1912 mp = sr->sr_mp_head; 1913 sr->sr_mp_head = mp->b_next; 1914 sr->sr_qlen -= MBLKL(mp); 1915 if (sr->sr_qlen < sr->sr_lowat) 1916 cv_signal(&sr->sr_cv); 1917 mutex_exit(&sr->sr_lock); 1918 mp->b_next = NULL; 1919 return (mp); 1920 } 1921 /* Handle (c) and (d). */ 1922 mutex_exit(&sr->sr_lock); 1923 return (NULL); 1924 } 1925 1926 /* 1927 * Reads data from the filesystem and queues it for network processing. 1928 */ 1929 void 1930 snf_async_read(snf_req_t *sr) 1931 { 1932 size_t iosize; 1933 u_offset_t fileoff; 1934 u_offset_t size; 1935 int ret_size; 1936 int error; 1937 file_t *fp; 1938 mblk_t *mp; 1939 struct vnode *vp; 1940 int extra = 0; 1941 1942 fp = sr->sr_fp; 1943 size = sr->sr_file_size; 1944 fileoff = sr->sr_file_off; 1945 1946 /* 1947 * Ignore the error for filesystems that doesn't support DIRECTIO. 1948 */ 1949 (void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_ON, 0, 1950 kcred, NULL, NULL); 1951 1952 vp = fp->f_vnode; 1953 if (vp->v_type == VSOCK) { 1954 stdata_t *stp; 1955 1956 /* 1957 * Get the extra space to insert a header and a trailer. 1958 */ 1959 stp = vp->v_stream; 1960 extra = (int)(stp->sd_wroff + stp->sd_tail); 1961 } 1962 1963 while ((size != 0) && (sr->sr_write_error == 0)) { 1964 1965 iosize = (int)MIN(sr->sr_maxpsz, size); 1966 1967 if ((mp = allocb(iosize + extra, BPRI_MED)) == NULL) { 1968 error = EAGAIN; 1969 break; 1970 } 1971 ret_size = soreadfile(fp, mp->b_rptr, fileoff, &error, iosize); 1972 1973 /* Error or Reached EOF ? */ 1974 if ((error != 0) || (ret_size == 0)) { 1975 freeb(mp); 1976 break; 1977 } 1978 mp->b_wptr = mp->b_rptr + ret_size; 1979 1980 snf_enque(sr, mp); 1981 size -= ret_size; 1982 fileoff += ret_size; 1983 } 1984 (void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_OFF, 0, 1985 kcred, NULL, NULL); 1986 mutex_enter(&sr->sr_lock); 1987 sr->sr_read_error = error; 1988 sr->sr_read_error |= SR_READ_DONE; 1989 cv_signal(&sr->sr_cv); 1990 mutex_exit(&sr->sr_lock); 1991 } 1992 1993 void 1994 snf_async_thread(void) 1995 { 1996 snf_req_t *sr; 1997 callb_cpr_t cprinfo; 1998 clock_t time_left = 1; 1999 clock_t now; 2000 2001 CALLB_CPR_INIT(&cprinfo, &snfq->snfq_lock, callb_generic_cpr, "snfq"); 2002 2003 mutex_enter(&snfq->snfq_lock); 2004 for (;;) { 2005 /* 2006 * If we didn't find a entry, then block until woken up 2007 * again and then look through the queues again. 2008 */ 2009 while ((sr = snfq->snfq_req_head) == NULL) { 2010 CALLB_CPR_SAFE_BEGIN(&cprinfo); 2011 if (time_left <= 0) { 2012 snfq->snfq_svc_threads--; 2013 CALLB_CPR_EXIT(&cprinfo); 2014 thread_exit(); 2015 /* NOTREACHED */ 2016 } 2017 snfq->snfq_idle_cnt++; 2018 2019 time_to_wait(&now, snfq_timeout); 2020 time_left = cv_timedwait(&snfq->snfq_cv, 2021 &snfq->snfq_lock, now); 2022 snfq->snfq_idle_cnt--; 2023 2024 CALLB_CPR_SAFE_END(&cprinfo, &snfq->snfq_lock); 2025 } 2026 snfq->snfq_req_head = sr->sr_next; 2027 snfq->snfq_req_cnt--; 2028 mutex_exit(&snfq->snfq_lock); 2029 snf_async_read(sr); 2030 mutex_enter(&snfq->snfq_lock); 2031 } 2032 } 2033 2034 2035 snf_req_t * 2036 create_thread(int operation, struct vnode *vp, file_t *fp, 2037 u_offset_t fileoff, u_offset_t size) 2038 { 2039 snf_req_t *sr; 2040 stdata_t *stp; 2041 2042 sr = (snf_req_t *)kmem_zalloc(sizeof (snf_req_t), KM_SLEEP); 2043 2044 sr->sr_vp = vp; 2045 sr->sr_fp = fp; 2046 stp = vp->v_stream; 2047 2048 /* 2049 * store sd_qn_maxpsz into sr_maxpsz while we have stream head. 2050 * stream might be closed before thread returns from snf_async_read. 2051 */ 2052 if (stp->sd_qn_maxpsz > 0) { 2053 sr->sr_maxpsz = MIN(MAXBSIZE, stp->sd_qn_maxpsz); 2054 } else { 2055 sr->sr_maxpsz = MAXBSIZE; 2056 } 2057 2058 sr->sr_operation = operation; 2059 sr->sr_file_off = fileoff; 2060 sr->sr_file_size = size; 2061 sr->sr_hiwat = sendfile_req_hiwat; 2062 sr->sr_lowat = sendfile_req_lowat; 2063 mutex_init(&sr->sr_lock, NULL, MUTEX_DEFAULT, NULL); 2064 cv_init(&sr->sr_cv, NULL, CV_DEFAULT, NULL); 2065 /* 2066 * See whether we need another thread for servicing this 2067 * request. If there are already enough requests queued 2068 * for the threads, create one if not exceeding 2069 * snfq_max_threads. 2070 */ 2071 mutex_enter(&snfq->snfq_lock); 2072 if (snfq->snfq_req_cnt >= snfq->snfq_idle_cnt && 2073 snfq->snfq_svc_threads < snfq->snfq_max_threads) { 2074 (void) thread_create(NULL, 0, &snf_async_thread, 0, 0, &p0, 2075 TS_RUN, minclsyspri); 2076 snfq->snfq_svc_threads++; 2077 } 2078 if (snfq->snfq_req_head == NULL) { 2079 snfq->snfq_req_head = snfq->snfq_req_tail = sr; 2080 cv_signal(&snfq->snfq_cv); 2081 } else { 2082 snfq->snfq_req_tail->sr_next = sr; 2083 snfq->snfq_req_tail = sr; 2084 } 2085 snfq->snfq_req_cnt++; 2086 mutex_exit(&snfq->snfq_lock); 2087 return (sr); 2088 } 2089 2090 int 2091 snf_direct_io(file_t *fp, file_t *rfp, u_offset_t fileoff, u_offset_t size, 2092 ssize_t *count) 2093 { 2094 snf_req_t *sr; 2095 mblk_t *mp; 2096 int iosize; 2097 int error = 0; 2098 short fflag; 2099 struct vnode *vp; 2100 int ksize; 2101 2102 ksize = 0; 2103 *count = 0; 2104 2105 vp = fp->f_vnode; 2106 fflag = fp->f_flag; 2107 if ((sr = create_thread(READ_OP, vp, rfp, fileoff, size)) == NULL) 2108 return (EAGAIN); 2109 2110 /* 2111 * We check for read error in snf_deque. It has to check 2112 * for successful READ_DONE and return NULL, and we might 2113 * as well make an additional check there. 2114 */ 2115 while ((mp = snf_deque(sr)) != NULL) { 2116 2117 if (ISSIG(curthread, JUSTLOOKING)) { 2118 freeb(mp); 2119 error = EINTR; 2120 break; 2121 } 2122 iosize = MBLKL(mp); 2123 2124 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2125 freeb(mp); 2126 break; 2127 } 2128 ksize += iosize; 2129 } 2130 *count = ksize; 2131 2132 mutex_enter(&sr->sr_lock); 2133 sr->sr_write_error = error; 2134 /* Look at the big comments on why we cv_signal here. */ 2135 cv_signal(&sr->sr_cv); 2136 2137 /* Wait for the reader to complete always. */ 2138 while (!(sr->sr_read_error & SR_READ_DONE)) { 2139 cv_wait(&sr->sr_cv, &sr->sr_lock); 2140 } 2141 /* If there is no write error, check for read error. */ 2142 if (error == 0) 2143 error = (sr->sr_read_error & ~SR_READ_DONE); 2144 2145 if (error != 0) { 2146 mblk_t *next_mp; 2147 2148 mp = sr->sr_mp_head; 2149 while (mp != NULL) { 2150 next_mp = mp->b_next; 2151 mp->b_next = NULL; 2152 freeb(mp); 2153 mp = next_mp; 2154 } 2155 } 2156 mutex_exit(&sr->sr_lock); 2157 kmem_free(sr, sizeof (snf_req_t)); 2158 return (error); 2159 } 2160 2161 typedef struct { 2162 frtn_t snfi_frtn; 2163 caddr_t snfi_base; 2164 uint_t snfi_mapoff; 2165 size_t snfi_len; 2166 vnode_t *snfi_vp; 2167 } snf_smap_desbinfo; 2168 2169 /* 2170 * The callback function when the last ref of the mblk is dropped, 2171 * normally occurs when TCP receives the ack. But it can be the driver 2172 * too due to lazy reclaim. 2173 */ 2174 void 2175 snf_smap_desbfree(snf_smap_desbinfo *snfi) 2176 { 2177 if (! IS_KPM_ADDR(snfi->snfi_base)) { 2178 /* 2179 * We don't need to call segmap_fault(F_SOFTUNLOCK) for 2180 * segmap_kpm as long as the latter never falls back to 2181 * "use_segmap_range". (See segmap_getmapflt().) 2182 * 2183 * Using S_OTHER saves an redundant hat_setref() in 2184 * segmap_unlock() 2185 */ 2186 (void) segmap_fault(kas.a_hat, segkmap, 2187 (caddr_t)(uintptr_t)(((uintptr_t)snfi->snfi_base + 2188 snfi->snfi_mapoff) & PAGEMASK), snfi->snfi_len, 2189 F_SOFTUNLOCK, S_OTHER); 2190 } 2191 (void) segmap_release(segkmap, snfi->snfi_base, SM_DONTNEED); 2192 VN_RELE(snfi->snfi_vp); 2193 kmem_free(snfi, sizeof (*snfi)); 2194 } 2195 2196 /* 2197 * Use segmap instead of bcopy to send down a desballoca'ed, mblk. The mblk 2198 * contains a segmap slot of no more than MAXBSIZE. 2199 * 2200 * At the end of the whole sendfile() operation, we wait till the data from 2201 * the last mblk is ack'ed by the transport before returning so that the 2202 * caller of sendfile() can safely modify the file content. 2203 */ 2204 int 2205 snf_segmap(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t size, 2206 ssize_t *count, boolean_t nowait) 2207 { 2208 caddr_t base; 2209 int mapoff; 2210 vnode_t *vp; 2211 mblk_t *mp; 2212 int iosize; 2213 int error; 2214 short fflag; 2215 int ksize; 2216 snf_smap_desbinfo *snfi; 2217 struct vattr va; 2218 boolean_t dowait = B_FALSE; 2219 2220 vp = fp->f_vnode; 2221 fflag = fp->f_flag; 2222 ksize = 0; 2223 for (;;) { 2224 if (ISSIG(curthread, JUSTLOOKING)) { 2225 error = EINTR; 2226 break; 2227 } 2228 2229 mapoff = fileoff & MAXBOFFSET; 2230 iosize = MAXBSIZE - mapoff; 2231 if (iosize > size) 2232 iosize = size; 2233 /* 2234 * we don't forcefault because we'll call 2235 * segmap_fault(F_SOFTLOCK) next. 2236 * 2237 * S_READ will get the ref bit set (by either 2238 * segmap_getmapflt() or segmap_fault()) and page 2239 * shared locked. 2240 */ 2241 base = segmap_getmapflt(segkmap, fvp, fileoff, iosize, 2242 segmap_kpm ? SM_FAULT : 0, S_READ); 2243 2244 snfi = kmem_alloc(sizeof (*snfi), KM_SLEEP); 2245 snfi->snfi_len = (size_t)roundup(mapoff+iosize, 2246 PAGESIZE)- (mapoff & PAGEMASK); 2247 /* 2248 * We must call segmap_fault() even for segmap_kpm 2249 * because that's how error gets returned. 2250 * (segmap_getmapflt() never fails but segmap_fault() 2251 * does.) 2252 */ 2253 if (segmap_fault(kas.a_hat, segkmap, 2254 (caddr_t)(uintptr_t)(((uintptr_t)base + mapoff) & PAGEMASK), 2255 snfi->snfi_len, F_SOFTLOCK, S_READ) != 0) { 2256 (void) segmap_release(segkmap, base, 0); 2257 kmem_free(snfi, sizeof (*snfi)); 2258 error = EIO; 2259 goto out; 2260 } 2261 snfi->snfi_frtn.free_func = snf_smap_desbfree; 2262 snfi->snfi_frtn.free_arg = (caddr_t)snfi; 2263 snfi->snfi_base = base; 2264 snfi->snfi_mapoff = mapoff; 2265 mp = esballoca((uchar_t *)base + mapoff, iosize, BPRI_HI, 2266 &snfi->snfi_frtn); 2267 2268 if (mp == NULL) { 2269 (void) segmap_fault(kas.a_hat, segkmap, 2270 (caddr_t)(uintptr_t)(((uintptr_t)base + mapoff) 2271 & PAGEMASK), snfi->snfi_len, F_SOFTUNLOCK, S_OTHER); 2272 (void) segmap_release(segkmap, base, 0); 2273 kmem_free(snfi, sizeof (*snfi)); 2274 freemsg(mp); 2275 error = EAGAIN; 2276 goto out; 2277 } 2278 VN_HOLD(fvp); 2279 snfi->snfi_vp = fvp; 2280 mp->b_wptr += iosize; 2281 2282 /* Mark this dblk with the zero-copy flag */ 2283 mp->b_datap->db_struioflag |= STRUIO_ZC; 2284 fileoff += iosize; 2285 size -= iosize; 2286 2287 if (size == 0 && !nowait) { 2288 ASSERT(!dowait); 2289 dowait = B_TRUE; 2290 mp->b_datap->db_struioflag |= STRUIO_ZCNOTIFY; 2291 } 2292 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2293 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2294 *count = ksize; 2295 freemsg(mp); 2296 return (error); 2297 } 2298 ksize += iosize; 2299 if (size == 0) 2300 goto done; 2301 2302 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2303 va.va_mask = AT_SIZE; 2304 error = VOP_GETATTR(fvp, &va, 0, kcred, NULL); 2305 if (error) 2306 break; 2307 /* Read as much as possible. */ 2308 if (fileoff >= va.va_size) 2309 break; 2310 if (size + fileoff > va.va_size) 2311 size = va.va_size - fileoff; 2312 } 2313 out: 2314 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2315 done: 2316 *count = ksize; 2317 if (dowait) { 2318 stdata_t *stp; 2319 2320 stp = vp->v_stream; 2321 mutex_enter(&stp->sd_lock); 2322 while (!(stp->sd_flag & STZCNOTIFY)) { 2323 if (cv_wait_sig(&stp->sd_zcopy_wait, 2324 &stp->sd_lock) == 0) { 2325 error = EINTR; 2326 break; 2327 } 2328 } 2329 stp->sd_flag &= ~STZCNOTIFY; 2330 mutex_exit(&stp->sd_lock); 2331 } 2332 return (error); 2333 } 2334 2335 int 2336 snf_cache(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t size, 2337 uint_t maxpsz, ssize_t *count) 2338 { 2339 struct vnode *vp; 2340 mblk_t *mp; 2341 int iosize; 2342 int extra = 0; 2343 int error; 2344 short fflag; 2345 int ksize; 2346 int ioflag; 2347 struct uio auio; 2348 struct iovec aiov; 2349 struct vattr va; 2350 2351 vp = fp->f_vnode; 2352 if (vp->v_type == VSOCK) { 2353 stdata_t *stp; 2354 2355 /* 2356 * Get the extra space to insert a header and a trailer. 2357 */ 2358 stp = vp->v_stream; 2359 extra = (int)(stp->sd_wroff + stp->sd_tail); 2360 } 2361 2362 fflag = fp->f_flag; 2363 ksize = 0; 2364 auio.uio_iov = &aiov; 2365 auio.uio_iovcnt = 1; 2366 auio.uio_segflg = UIO_SYSSPACE; 2367 auio.uio_llimit = MAXOFFSET_T; 2368 auio.uio_fmode = fflag; 2369 auio.uio_extflg = UIO_COPY_CACHED; 2370 ioflag = auio.uio_fmode & (FSYNC|FDSYNC|FRSYNC); 2371 /* If read sync is not asked for, filter sync flags */ 2372 if ((ioflag & FRSYNC) == 0) 2373 ioflag &= ~(FSYNC|FDSYNC); 2374 for (;;) { 2375 if (ISSIG(curthread, JUSTLOOKING)) { 2376 error = EINTR; 2377 break; 2378 } 2379 iosize = (int)MIN(maxpsz, size); 2380 if ((mp = allocb(iosize + extra, BPRI_MED)) == NULL) { 2381 error = EAGAIN; 2382 break; 2383 } 2384 aiov.iov_base = (caddr_t)mp->b_rptr; 2385 aiov.iov_len = iosize; 2386 auio.uio_loffset = fileoff; 2387 auio.uio_resid = iosize; 2388 2389 error = VOP_READ(fvp, &auio, ioflag, fp->f_cred, NULL); 2390 iosize -= auio.uio_resid; 2391 2392 if (error == EINTR && iosize != 0) 2393 error = 0; 2394 2395 if (error != 0 || iosize == 0) { 2396 freeb(mp); 2397 break; 2398 } 2399 mp->b_wptr = mp->b_rptr + iosize; 2400 2401 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2402 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2403 *count = ksize; 2404 freeb(mp); 2405 return (error); 2406 } 2407 ksize += iosize; 2408 size -= iosize; 2409 if (size == 0) 2410 goto done; 2411 2412 fileoff += iosize; 2413 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2414 va.va_mask = AT_SIZE; 2415 error = VOP_GETATTR(fvp, &va, 0, kcred, NULL); 2416 if (error) 2417 break; 2418 /* Read as much as possible. */ 2419 if (fileoff >= va.va_size) 2420 size = 0; 2421 else if (size + fileoff > va.va_size) 2422 size = va.va_size - fileoff; 2423 } 2424 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2425 done: 2426 *count = ksize; 2427 return (error); 2428 } 2429 2430 #if defined(_SYSCALL32_IMPL) || defined(_ILP32) 2431 /* 2432 * Largefile support for 32 bit applications only. 2433 */ 2434 int 2435 sosendfile64(file_t *fp, file_t *rfp, const struct ksendfilevec64 *sfv, 2436 ssize32_t *count32) 2437 { 2438 ssize32_t sfv_len; 2439 u_offset_t sfv_off, va_size; 2440 struct vnode *vp, *fvp, *realvp; 2441 struct vattr va; 2442 stdata_t *stp; 2443 ssize_t count = 0; 2444 int error = 0; 2445 boolean_t dozcopy = B_FALSE; 2446 uint_t maxpsz; 2447 2448 sfv_len = (ssize32_t)sfv->sfv_len; 2449 if (sfv_len < 0) { 2450 error = EINVAL; 2451 goto out; 2452 } 2453 2454 if (sfv_len == 0) goto out; 2455 2456 sfv_off = (u_offset_t)sfv->sfv_off; 2457 2458 /* Same checks as in pread */ 2459 if (sfv_off > MAXOFFSET_T) { 2460 error = EINVAL; 2461 goto out; 2462 } 2463 if (sfv_off + sfv_len > MAXOFFSET_T) 2464 sfv_len = (ssize32_t)(MAXOFFSET_T - sfv_off); 2465 2466 /* 2467 * There are no more checks on sfv_len. So, we cast it to 2468 * u_offset_t and share the snf_direct_io/snf_cache code between 2469 * 32 bit and 64 bit. 2470 * 2471 * TODO: should do nbl_need_check() like read()? 2472 */ 2473 if (sfv_len > sendfile_max_size) { 2474 sf_stats.ss_file_not_cached++; 2475 error = snf_direct_io(fp, rfp, sfv_off, (u_offset_t)sfv_len, 2476 &count); 2477 goto out; 2478 } 2479 fvp = rfp->f_vnode; 2480 if (VOP_REALVP(fvp, &realvp, NULL) == 0) 2481 fvp = realvp; 2482 /* 2483 * Grab the lock as a reader to prevent the file size 2484 * from changing underneath. 2485 */ 2486 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2487 va.va_mask = AT_SIZE; 2488 error = VOP_GETATTR(fvp, &va, 0, kcred, NULL); 2489 va_size = va.va_size; 2490 if ((error != 0) || (va_size == 0) || (sfv_off >= va_size)) { 2491 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2492 goto out; 2493 } 2494 /* Read as much as possible. */ 2495 if (sfv_off + sfv_len > va_size) 2496 sfv_len = va_size - sfv_off; 2497 2498 vp = fp->f_vnode; 2499 stp = vp->v_stream; 2500 /* 2501 * When the NOWAIT flag is not set, we enable zero-copy only if the 2502 * transfer size is large enough. This prevents performance loss 2503 * when the caller sends the file piece by piece. 2504 */ 2505 if (sfv_len >= MAXBSIZE && (sfv_len >= (va_size >> 1) || 2506 (sfv->sfv_flag & SFV_NOWAIT) || sfv_len >= 0x1000000) && 2507 !vn_has_flocks(fvp) && !(fvp->v_flag & VNOMAP)) { 2508 if ((stp->sd_copyflag & (STZCVMSAFE|STZCVMUNSAFE)) == 0) { 2509 int on = 1; 2510 2511 if (SOP_SETSOCKOPT(VTOSO(vp), SOL_SOCKET, 2512 SO_SND_COPYAVOID, &on, sizeof (on)) == 0) 2513 dozcopy = B_TRUE; 2514 } else { 2515 dozcopy = (stp->sd_copyflag & STZCVMSAFE); 2516 } 2517 } 2518 if (dozcopy) { 2519 sf_stats.ss_file_segmap++; 2520 error = snf_segmap(fp, fvp, sfv_off, (u_offset_t)sfv_len, 2521 &count, ((sfv->sfv_flag & SFV_NOWAIT) != 0)); 2522 } else { 2523 if (stp->sd_qn_maxpsz == INFPSZ) 2524 maxpsz = maxphys; 2525 else 2526 maxpsz = roundup(stp->sd_qn_maxpsz, MAXBSIZE); 2527 sf_stats.ss_file_cached++; 2528 error = snf_cache(fp, fvp, sfv_off, (u_offset_t)sfv_len, 2529 maxpsz, &count); 2530 } 2531 out: 2532 releasef(sfv->sfv_fd); 2533 *count32 = (ssize32_t)count; 2534 return (error); 2535 } 2536 #endif 2537 2538 #ifdef _SYSCALL32_IMPL 2539 /* 2540 * recv32(), recvfrom32(), send32(), sendto32(): intentionally return a 2541 * ssize_t rather than ssize32_t; see the comments above read32 for details. 2542 */ 2543 2544 ssize_t 2545 recv32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags) 2546 { 2547 return (recv(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags)); 2548 } 2549 2550 ssize_t 2551 recvfrom32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags, 2552 caddr32_t name, caddr32_t namelenp) 2553 { 2554 return (recvfrom(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags, 2555 (void *)(uintptr_t)name, (void *)(uintptr_t)namelenp)); 2556 } 2557 2558 ssize_t 2559 send32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags) 2560 { 2561 return (send(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags)); 2562 } 2563 2564 ssize_t 2565 sendto32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags, 2566 caddr32_t name, socklen_t namelen) 2567 { 2568 return (sendto(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags, 2569 (void *)(uintptr_t)name, namelen)); 2570 } 2571 #endif /* _SYSCALL32_IMPL */ 2572 2573 /* 2574 * Function wrappers (mostly around the sonode switch) for 2575 * backward compatibility. 2576 */ 2577 2578 int 2579 soaccept(struct sonode *so, int fflag, struct sonode **nsop) 2580 { 2581 return (SOP_ACCEPT(so, fflag, nsop)); 2582 } 2583 2584 int 2585 sobind(struct sonode *so, struct sockaddr *name, socklen_t namelen, 2586 int backlog, int flags) 2587 { 2588 int error; 2589 2590 error = SOP_BIND(so, name, namelen, flags); 2591 if (error == 0 && backlog != 0) 2592 return (SOP_LISTEN(so, backlog)); 2593 2594 return (error); 2595 } 2596 2597 int 2598 solisten(struct sonode *so, int backlog) 2599 { 2600 return (SOP_LISTEN(so, backlog)); 2601 } 2602 2603 int 2604 soconnect(struct sonode *so, const struct sockaddr *name, socklen_t namelen, 2605 int fflag, int flags) 2606 { 2607 return (SOP_CONNECT(so, name, namelen, fflag, flags)); 2608 } 2609 2610 int 2611 sorecvmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop) 2612 { 2613 return (SOP_RECVMSG(so, msg, uiop)); 2614 } 2615 2616 int 2617 sosendmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop) 2618 { 2619 return (SOP_SENDMSG(so, msg, uiop)); 2620 } 2621 2622 int 2623 sogetpeername(struct sonode *so) 2624 { 2625 return (SOP_GETPEERNAME(so)); 2626 } 2627 2628 int 2629 sogetsockname(struct sonode *so) 2630 { 2631 return (SOP_GETSOCKNAME(so)); 2632 } 2633 2634 int 2635 soshutdown(struct sonode *so, int how) 2636 { 2637 return (SOP_SHUTDOWN(so, how)); 2638 } 2639 2640 int 2641 sogetsockopt(struct sonode *so, int level, int option_name, void *optval, 2642 socklen_t *optlenp, int flags) 2643 { 2644 return (SOP_GETSOCKOPT(so, level, option_name, optval, optlenp, 2645 flags)); 2646 } 2647 2648 int 2649 sosetsockopt(struct sonode *so, int level, int option_name, const void *optval, 2650 t_uscalar_t optlen) 2651 { 2652 return (SOP_SETSOCKOPT(so, level, option_name, optval, optlen)); 2653 } 2654 2655 /* 2656 * Because this is backward compatibility interface it only needs to be 2657 * able to handle the creation of TPI sockfs sockets. 2658 */ 2659 struct sonode * 2660 socreate(vnode_t *accessvp, int domain, int type, int protocol, int version, 2661 struct sonode *tso, int *errorp) 2662 { 2663 return (sotpi_create(accessvp, domain, type, protocol, version, tso, 2664 errorp)); 2665 } 2666