1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/t_lock.h> 31 #include <sys/param.h> 32 #include <sys/systm.h> 33 #include <sys/buf.h> 34 #include <sys/conf.h> 35 #include <sys/cred.h> 36 #include <sys/kmem.h> 37 #include <sys/sysmacros.h> 38 #include <sys/vfs.h> 39 #include <sys/vnode.h> 40 #include <sys/debug.h> 41 #include <sys/errno.h> 42 #include <sys/time.h> 43 #include <sys/file.h> 44 #include <sys/user.h> 45 #include <sys/stream.h> 46 #include <sys/strsubr.h> 47 #include <sys/strsun.h> 48 #include <sys/sunddi.h> 49 #include <sys/esunddi.h> 50 #include <sys/flock.h> 51 #include <sys/modctl.h> 52 #include <sys/cmn_err.h> 53 #include <sys/vmsystm.h> 54 #include <sys/policy.h> 55 56 #include <sys/socket.h> 57 #include <sys/socketvar.h> 58 59 #include <sys/isa_defs.h> 60 #include <sys/inttypes.h> 61 #include <sys/systm.h> 62 #include <sys/cpuvar.h> 63 #include <sys/filio.h> 64 #include <sys/sendfile.h> 65 #include <sys/ddi.h> 66 #include <vm/seg.h> 67 #include <vm/seg_map.h> 68 #include <vm/seg_kpm.h> 69 #include <fs/sockfs/nl7c.h> 70 71 #ifdef SOCK_TEST 72 int do_useracc = 1; /* Controlled by setting SO_DEBUG to 4 */ 73 #else 74 #define do_useracc 1 75 #endif /* SOCK_TEST */ 76 77 extern int xnet_truncate_print; 78 79 /* 80 * Note: DEF_IOV_MAX is defined and used as it is in "fs/vncalls.c" 81 * as there isn't a formal definition of IOV_MAX ??? 82 */ 83 #define MSG_MAXIOVLEN 16 84 85 /* 86 * Kernel component of socket creation. 87 * 88 * The socket library determines which version number to use. 89 * First the library calls this with a NULL devpath. If this fails 90 * to find a transport (using solookup) the library will look in /etc/netconfig 91 * for the appropriate transport. If one is found it will pass in the 92 * devpath for the kernel to use. 93 */ 94 int 95 so_socket(int domain, int type, int protocol, char *devpath, int version) 96 { 97 vnode_t *accessvp; 98 struct sonode *so; 99 vnode_t *vp; 100 struct file *fp; 101 int fd; 102 int error; 103 boolean_t wildcard = B_FALSE; 104 int saved_error = 0; 105 int sdomain = domain; 106 107 dprint(1, ("so_socket(%d,%d,%d,%p,%d)\n", 108 domain, type, protocol, devpath, version)); 109 110 if (domain == AF_NCA) { 111 /* 112 * The request is for an NCA socket so for NL7C use the 113 * INET domain instead and mark NL7C_AF_NCA below. 114 */ 115 domain = AF_INET; 116 /* 117 * NL7C is not supported in non-global zones, 118 * we enforce this restriction here. 119 */ 120 if (getzoneid() != GLOBAL_ZONEID) { 121 return (set_errno(ENOTSUP)); 122 } 123 } 124 125 accessvp = solookup(domain, type, protocol, devpath, &error); 126 if (accessvp == NULL) { 127 /* 128 * If there is either an EPROTONOSUPPORT or EPROTOTYPE error 129 * it makes sense doing the wildcard lookup since the 130 * protocol might not be in the table. 131 */ 132 if (devpath != NULL || protocol == 0 || 133 !(error == EPROTONOSUPPORT || error == EPROTOTYPE)) 134 return (set_errno(error)); 135 136 saved_error = error; 137 138 /* 139 * Try wildcard lookup. Never use devpath for wildcards. 140 */ 141 accessvp = solookup(domain, type, 0, NULL, &error); 142 if (accessvp == NULL) { 143 /* 144 * Can't find in kernel table - have library 145 * fall back to /etc/netconfig and tell us 146 * the devpath (The library will do this if it didn't 147 * already pass in a devpath). 148 */ 149 if (saved_error != 0) 150 error = saved_error; 151 return (set_errno(error)); 152 } 153 wildcard = B_TRUE; 154 } 155 156 /* Check the device policy */ 157 if ((error = secpolicy_spec_open(CRED(), 158 accessvp, FREAD|FWRITE)) != 0) { 159 return (set_errno(error)); 160 } 161 162 if (protocol == IPPROTO_SCTP) { 163 so = sosctp_create(accessvp, domain, type, protocol, version, 164 NULL, &error); 165 } else if (protocol == PROTO_SDP) { 166 so = sosdp_create(accessvp, domain, type, protocol, version, 167 NULL, &error); 168 } else { 169 so = sotpi_create(accessvp, domain, type, protocol, version, 170 NULL, &error); 171 } 172 if (so == NULL) { 173 return (set_errno(error)); 174 } 175 if (sdomain == AF_NCA && domain == AF_INET) { 176 so->so_nl7c_flags = NL7C_AF_NCA; 177 } 178 vp = SOTOV(so); 179 180 if (wildcard) { 181 /* 182 * Issue SO_PROTOTYPE setsockopt. 183 */ 184 error = SOP_SETSOCKOPT(so, SOL_SOCKET, SO_PROTOTYPE, 185 &protocol, 186 (t_uscalar_t)sizeof (protocol)); 187 if (error) { 188 (void) VOP_CLOSE(vp, 0, 1, 0, CRED(), NULL); 189 VN_RELE(vp); 190 /* 191 * Setsockopt often fails with ENOPROTOOPT but socket() 192 * should fail with EPROTONOSUPPORT/EPROTOTYPE. 193 */ 194 if (saved_error != 0 && error == ENOPROTOOPT) 195 error = saved_error; 196 else 197 error = EPROTONOSUPPORT; 198 return (set_errno(error)); 199 } 200 } 201 if (error = falloc(vp, FWRITE|FREAD, &fp, &fd)) { 202 (void) VOP_CLOSE(vp, 0, 1, 0, CRED(), NULL); 203 VN_RELE(vp); 204 return (set_errno(error)); 205 } 206 207 /* 208 * Now fill in the entries that falloc reserved 209 */ 210 mutex_exit(&fp->f_tlock); 211 setf(fd, fp); 212 213 return (fd); 214 } 215 216 /* 217 * Map from a file descriptor to a socket node. 218 * Returns with the file descriptor held i.e. the caller has to 219 * use releasef when done with the file descriptor. 220 */ 221 struct sonode * 222 getsonode(int sock, int *errorp, file_t **fpp) 223 { 224 file_t *fp; 225 vnode_t *vp; 226 struct sonode *so; 227 228 if ((fp = getf(sock)) == NULL) { 229 *errorp = EBADF; 230 eprintline(*errorp); 231 return (NULL); 232 } 233 vp = fp->f_vnode; 234 /* Check if it is a socket */ 235 if (vp->v_type != VSOCK) { 236 releasef(sock); 237 *errorp = ENOTSOCK; 238 eprintline(*errorp); 239 return (NULL); 240 } 241 /* 242 * Use the stream head to find the real socket vnode. 243 * This is needed when namefs sits above sockfs. 244 */ 245 if (vp->v_stream) { 246 ASSERT(vp->v_stream->sd_vnode); 247 vp = vp->v_stream->sd_vnode; 248 249 so = VTOSO(vp); 250 if (so->so_version == SOV_STREAM) { 251 releasef(sock); 252 *errorp = ENOTSOCK; 253 eprintsoline(so, *errorp); 254 return (NULL); 255 } 256 } else { 257 so = VTOSO(vp); 258 } 259 if (fpp) 260 *fpp = fp; 261 return (so); 262 } 263 264 /* 265 * Allocate and copyin a sockaddr. 266 * Ensures NULL termination for AF_UNIX addresses by extending them 267 * with one NULL byte if need be. Verifies that the length is not 268 * excessive to prevent an application from consuming all of kernel 269 * memory. Returns NULL when an error occurred. 270 */ 271 static struct sockaddr * 272 copyin_name(struct sonode *so, struct sockaddr *name, socklen_t *namelenp, 273 int *errorp) 274 { 275 char *faddr; 276 size_t namelen = (size_t)*namelenp; 277 278 ASSERT(namelen != 0); 279 if (namelen > SO_MAXARGSIZE) { 280 *errorp = EINVAL; 281 eprintsoline(so, *errorp); 282 return (NULL); 283 } 284 285 faddr = (char *)kmem_alloc(namelen, KM_SLEEP); 286 if (copyin(name, faddr, namelen)) { 287 kmem_free(faddr, namelen); 288 *errorp = EFAULT; 289 eprintsoline(so, *errorp); 290 return (NULL); 291 } 292 293 /* 294 * Add space for NULL termination if needed. 295 * Do a quick check if the last byte is NUL. 296 */ 297 if (so->so_family == AF_UNIX && faddr[namelen - 1] != '\0') { 298 /* Check if there is any NULL termination */ 299 size_t i; 300 int foundnull = 0; 301 302 for (i = sizeof (name->sa_family); i < namelen; i++) { 303 if (faddr[i] == '\0') { 304 foundnull = 1; 305 break; 306 } 307 } 308 if (!foundnull) { 309 /* Add extra byte for NUL padding */ 310 char *nfaddr; 311 312 nfaddr = (char *)kmem_alloc(namelen + 1, KM_SLEEP); 313 bcopy(faddr, nfaddr, namelen); 314 kmem_free(faddr, namelen); 315 316 /* NUL terminate */ 317 nfaddr[namelen] = '\0'; 318 namelen++; 319 ASSERT((socklen_t)namelen == namelen); 320 *namelenp = (socklen_t)namelen; 321 faddr = nfaddr; 322 } 323 } 324 return ((struct sockaddr *)faddr); 325 } 326 327 /* 328 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL. 329 */ 330 static int 331 copyout_arg(void *uaddr, socklen_t ulen, void *ulenp, 332 void *kaddr, socklen_t klen) 333 { 334 if (uaddr != NULL) { 335 if (ulen > klen) 336 ulen = klen; 337 338 if (ulen != 0) { 339 if (copyout(kaddr, uaddr, ulen)) 340 return (EFAULT); 341 } 342 } else 343 ulen = 0; 344 345 if (ulenp != NULL) { 346 if (copyout(&ulen, ulenp, sizeof (ulen))) 347 return (EFAULT); 348 } 349 return (0); 350 } 351 352 /* 353 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL. 354 * If klen is greater than ulen it still uses the non-truncated 355 * klen to update ulenp. 356 */ 357 static int 358 copyout_name(void *uaddr, socklen_t ulen, void *ulenp, 359 void *kaddr, socklen_t klen) 360 { 361 if (uaddr != NULL) { 362 if (ulen >= klen) 363 ulen = klen; 364 else if (ulen != 0 && xnet_truncate_print) { 365 printf("sockfs: truncating copyout of address using " 366 "XNET semantics for pid = %d. Lengths %d, %d\n", 367 curproc->p_pid, klen, ulen); 368 } 369 370 if (ulen != 0) { 371 if (copyout(kaddr, uaddr, ulen)) 372 return (EFAULT); 373 } else 374 klen = 0; 375 } else 376 klen = 0; 377 378 if (ulenp != NULL) { 379 if (copyout(&klen, ulenp, sizeof (klen))) 380 return (EFAULT); 381 } 382 return (0); 383 } 384 385 /* 386 * The socketpair() code in libsocket creates two sockets (using 387 * the /etc/netconfig fallback if needed) before calling this routine 388 * to connect the two sockets together. 389 * 390 * For a SOCK_STREAM socketpair a listener is needed - in that case this 391 * routine will create a new file descriptor as part of accepting the 392 * connection. The library socketpair() will check if svs[2] has changed 393 * in which case it will close the changed fd. 394 * 395 * Note that this code could use the TPI feature of accepting the connection 396 * on the listening endpoint. However, that would require significant changes 397 * to soaccept. 398 */ 399 int 400 so_socketpair(int sv[2]) 401 { 402 int svs[2]; 403 struct sonode *so1, *so2; 404 int error; 405 struct sockaddr_ux *name; 406 size_t namelen; 407 408 dprint(1, ("so_socketpair(%p)\n", sv)); 409 410 error = useracc(sv, sizeof (svs), B_WRITE); 411 if (error && do_useracc) 412 return (set_errno(EFAULT)); 413 414 if (copyin(sv, svs, sizeof (svs))) 415 return (set_errno(EFAULT)); 416 417 if ((so1 = getsonode(svs[0], &error, NULL)) == NULL) 418 return (set_errno(error)); 419 420 if ((so2 = getsonode(svs[1], &error, NULL)) == NULL) { 421 releasef(svs[0]); 422 return (set_errno(error)); 423 } 424 425 if (so1->so_family != AF_UNIX || so2->so_family != AF_UNIX) { 426 error = EOPNOTSUPP; 427 goto done; 428 } 429 430 /* 431 * The code below makes assumptions about the "sockfs" implementation. 432 * So make sure that the correct implementation is really used. 433 */ 434 ASSERT(so1->so_ops == &sotpi_sonodeops); 435 ASSERT(so2->so_ops == &sotpi_sonodeops); 436 437 if (so1->so_type == SOCK_DGRAM) { 438 /* 439 * Bind both sockets and connect them with each other. 440 * Need to allocate name/namelen for soconnect. 441 */ 442 error = SOP_BIND(so1, NULL, 0, _SOBIND_UNSPEC); 443 if (error) { 444 eprintsoline(so1, error); 445 goto done; 446 } 447 error = SOP_BIND(so2, NULL, 0, _SOBIND_UNSPEC); 448 if (error) { 449 eprintsoline(so2, error); 450 goto done; 451 } 452 namelen = sizeof (struct sockaddr_ux); 453 name = kmem_alloc(namelen, KM_SLEEP); 454 name->sou_family = AF_UNIX; 455 name->sou_addr = so2->so_ux_laddr; 456 error = SOP_CONNECT(so1, 457 (struct sockaddr *)name, 458 (socklen_t)namelen, 459 0, _SOCONNECT_NOXLATE); 460 if (error) { 461 kmem_free(name, namelen); 462 eprintsoline(so1, error); 463 goto done; 464 } 465 name->sou_addr = so1->so_ux_laddr; 466 error = SOP_CONNECT(so2, 467 (struct sockaddr *)name, 468 (socklen_t)namelen, 469 0, _SOCONNECT_NOXLATE); 470 kmem_free(name, namelen); 471 if (error) { 472 eprintsoline(so2, error); 473 goto done; 474 } 475 releasef(svs[0]); 476 releasef(svs[1]); 477 } else { 478 /* 479 * Bind both sockets, with so1 being a listener. 480 * Connect so2 to so1 - nonblocking to avoid waiting for 481 * soaccept to complete. 482 * Accept a connection on so1. Pass out the new fd as sv[0]. 483 * The library will detect the changed fd and close 484 * the original one. 485 */ 486 struct sonode *nso; 487 struct vnode *nvp; 488 struct file *nfp; 489 int nfd; 490 491 /* 492 * We could simply call SOP_LISTEN() here (which would do the 493 * binding automatically) if the code didn't rely on passing 494 * _SOBIND_NOXLATE to the TPI implementation of SOP_BIND(). 495 */ 496 error = SOP_BIND(so1, NULL, 0, _SOBIND_UNSPEC|_SOBIND_NOXLATE| 497 _SOBIND_LISTEN|_SOBIND_SOCKETPAIR); 498 if (error) { 499 eprintsoline(so1, error); 500 goto done; 501 } 502 error = SOP_BIND(so2, NULL, 0, _SOBIND_UNSPEC); 503 if (error) { 504 eprintsoline(so2, error); 505 goto done; 506 } 507 508 namelen = sizeof (struct sockaddr_ux); 509 name = kmem_alloc(namelen, KM_SLEEP); 510 name->sou_family = AF_UNIX; 511 name->sou_addr = so1->so_ux_laddr; 512 error = SOP_CONNECT(so2, 513 (struct sockaddr *)name, 514 (socklen_t)namelen, 515 FNONBLOCK, _SOCONNECT_NOXLATE); 516 kmem_free(name, namelen); 517 if (error) { 518 if (error != EINPROGRESS) { 519 eprintsoline(so2, error); 520 goto done; 521 } 522 } 523 524 error = SOP_ACCEPT(so1, 0, &nso); 525 if (error) { 526 eprintsoline(so1, error); 527 goto done; 528 } 529 530 /* wait for so2 being SS_CONNECTED ignoring signals */ 531 mutex_enter(&so2->so_lock); 532 error = sowaitconnected(so2, 0, 1); 533 mutex_exit(&so2->so_lock); 534 nvp = SOTOV(nso); 535 if (error != 0) { 536 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED(), NULL); 537 VN_RELE(nvp); 538 eprintsoline(so2, error); 539 goto done; 540 } 541 542 if (error = falloc(nvp, FWRITE|FREAD, &nfp, &nfd)) { 543 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED(), NULL); 544 VN_RELE(nvp); 545 eprintsoline(nso, error); 546 goto done; 547 } 548 /* 549 * fill in the entries that falloc reserved 550 */ 551 mutex_exit(&nfp->f_tlock); 552 setf(nfd, nfp); 553 554 releasef(svs[0]); 555 releasef(svs[1]); 556 svs[0] = nfd; 557 558 /* 559 * The socketpair library routine will close the original 560 * svs[0] when this code passes out a different file 561 * descriptor. 562 */ 563 if (copyout(svs, sv, sizeof (svs))) { 564 (void) closeandsetf(nfd, NULL); 565 eprintline(EFAULT); 566 return (set_errno(EFAULT)); 567 } 568 } 569 return (0); 570 571 done: 572 releasef(svs[0]); 573 releasef(svs[1]); 574 return (set_errno(error)); 575 } 576 577 int 578 bind(int sock, struct sockaddr *name, socklen_t namelen, int version) 579 { 580 struct sonode *so; 581 int error; 582 583 dprint(1, ("bind(%d, %p, %d)\n", 584 sock, name, namelen)); 585 586 if ((so = getsonode(sock, &error, NULL)) == NULL) 587 return (set_errno(error)); 588 589 /* Allocate and copyin name */ 590 /* 591 * X/Open test does not expect EFAULT with NULL name and non-zero 592 * namelen. 593 */ 594 if (name != NULL && namelen != 0) { 595 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 596 name = copyin_name(so, name, &namelen, &error); 597 if (name == NULL) { 598 releasef(sock); 599 return (set_errno(error)); 600 } 601 } else { 602 name = NULL; 603 namelen = 0; 604 } 605 606 switch (version) { 607 default: 608 error = SOP_BIND(so, name, namelen, 0); 609 break; 610 case SOV_XPG4_2: 611 error = SOP_BIND(so, name, namelen, _SOBIND_XPG4_2); 612 break; 613 case SOV_SOCKBSD: 614 error = SOP_BIND(so, name, namelen, _SOBIND_SOCKBSD); 615 break; 616 } 617 done: 618 releasef(sock); 619 if (name != NULL) 620 kmem_free(name, (size_t)namelen); 621 622 if (error) 623 return (set_errno(error)); 624 return (0); 625 } 626 627 /* ARGSUSED2 */ 628 int 629 listen(int sock, int backlog, int version) 630 { 631 struct sonode *so; 632 int error; 633 634 dprint(1, ("listen(%d, %d)\n", 635 sock, backlog)); 636 637 if ((so = getsonode(sock, &error, NULL)) == NULL) 638 return (set_errno(error)); 639 640 error = SOP_LISTEN(so, backlog); 641 642 releasef(sock); 643 if (error) 644 return (set_errno(error)); 645 return (0); 646 } 647 648 /*ARGSUSED3*/ 649 int 650 accept(int sock, struct sockaddr *name, socklen_t *namelenp, int version) 651 { 652 struct sonode *so; 653 file_t *fp; 654 int error; 655 socklen_t namelen; 656 struct sonode *nso; 657 struct vnode *nvp; 658 struct file *nfp; 659 int nfd; 660 661 dprint(1, ("accept(%d, %p, %p)\n", 662 sock, name, namelenp)); 663 664 if ((so = getsonode(sock, &error, &fp)) == NULL) 665 return (set_errno(error)); 666 667 if (name != NULL) { 668 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 669 if (copyin(namelenp, &namelen, sizeof (namelen))) { 670 releasef(sock); 671 return (set_errno(EFAULT)); 672 } 673 if (namelen != 0) { 674 error = useracc(name, (size_t)namelen, B_WRITE); 675 if (error && do_useracc) { 676 releasef(sock); 677 return (set_errno(EFAULT)); 678 } 679 } else 680 name = NULL; 681 } else { 682 namelen = 0; 683 } 684 685 /* 686 * Allocate the user fd before SOP_ACCEPT() in order to 687 * catch EMFILE errors before calling SOP_ACCEPT(). 688 */ 689 if ((nfd = ufalloc(0)) == -1) { 690 eprintsoline(so, EMFILE); 691 releasef(sock); 692 return (set_errno(EMFILE)); 693 } 694 error = SOP_ACCEPT(so, fp->f_flag, &nso); 695 releasef(sock); 696 if (error) { 697 setf(nfd, NULL); 698 return (set_errno(error)); 699 } 700 701 nvp = SOTOV(nso); 702 703 /* 704 * so_faddr_sa can not go away even though we are not holding so_lock. 705 * However, in theory its content could change from underneath us. 706 * But this is not possible in practice since it can only 707 * change due to either some socket system call 708 * or due to a T_CONN_CON being received from the stream head. 709 * Since the falloc/setf have not yet been done no thread 710 * can do any system call on nso and T_CONN_CON can not arrive 711 * on a socket that is already connected. 712 * Thus there is no reason to hold so_lock here. 713 * 714 * SOP_ACCEPT() is required to have set the valid bit for the faddr, 715 * but it could be instantly cleared by a disconnect from the transport. 716 * For that reason we ignore it here. 717 */ 718 ASSERT(MUTEX_NOT_HELD(&nso->so_lock)); 719 error = copyout_name(name, namelen, namelenp, 720 nso->so_faddr_sa, (socklen_t)nso->so_faddr_len); 721 if (error) { 722 setf(nfd, NULL); 723 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED(), NULL); 724 VN_RELE(nvp); 725 return (set_errno(error)); 726 } 727 if (error = falloc(NULL, FWRITE|FREAD, &nfp, NULL)) { 728 setf(nfd, NULL); 729 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED(), NULL); 730 VN_RELE(nvp); 731 eprintsoline(so, error); 732 return (set_errno(error)); 733 } 734 /* 735 * fill in the entries that falloc reserved 736 */ 737 nfp->f_vnode = nvp; 738 mutex_exit(&nfp->f_tlock); 739 setf(nfd, nfp); 740 741 /* 742 * Copy FNDELAY and FNONBLOCK from listener to acceptor 743 */ 744 if (so->so_state & (SS_NDELAY|SS_NONBLOCK)) { 745 uint_t oflag = nfp->f_flag; 746 int arg = 0; 747 748 if (so->so_state & SS_NONBLOCK) 749 arg |= FNONBLOCK; 750 else if (so->so_state & SS_NDELAY) 751 arg |= FNDELAY; 752 753 /* 754 * This code is a simplification of the F_SETFL code in fcntl() 755 * Ignore any errors from VOP_SETFL. 756 */ 757 if ((error = VOP_SETFL(nvp, oflag, arg, nfp->f_cred, NULL)) 758 != 0) { 759 eprintsoline(so, error); 760 error = 0; 761 } else { 762 mutex_enter(&nfp->f_tlock); 763 nfp->f_flag &= ~FMASK | (FREAD|FWRITE); 764 nfp->f_flag |= arg; 765 mutex_exit(&nfp->f_tlock); 766 } 767 } 768 return (nfd); 769 } 770 771 int 772 connect(int sock, struct sockaddr *name, socklen_t namelen, int version) 773 { 774 struct sonode *so; 775 file_t *fp; 776 int error; 777 778 dprint(1, ("connect(%d, %p, %d)\n", 779 sock, name, namelen)); 780 781 if ((so = getsonode(sock, &error, &fp)) == NULL) 782 return (set_errno(error)); 783 784 /* Allocate and copyin name */ 785 if (namelen != 0) { 786 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 787 name = copyin_name(so, name, &namelen, &error); 788 if (name == NULL) { 789 releasef(sock); 790 return (set_errno(error)); 791 } 792 } else 793 name = NULL; 794 795 error = SOP_CONNECT(so, name, namelen, fp->f_flag, 796 (version != SOV_XPG4_2) ? 0 : _SOCONNECT_XPG4_2); 797 releasef(sock); 798 if (name) 799 kmem_free(name, (size_t)namelen); 800 if (error) 801 return (set_errno(error)); 802 return (0); 803 } 804 805 /*ARGSUSED2*/ 806 int 807 shutdown(int sock, int how, int version) 808 { 809 struct sonode *so; 810 int error; 811 812 dprint(1, ("shutdown(%d, %d)\n", 813 sock, how)); 814 815 if ((so = getsonode(sock, &error, NULL)) == NULL) 816 return (set_errno(error)); 817 818 error = SOP_SHUTDOWN(so, how); 819 820 releasef(sock); 821 if (error) 822 return (set_errno(error)); 823 return (0); 824 } 825 826 /* 827 * Common receive routine. 828 */ 829 static ssize_t 830 recvit(int sock, 831 struct nmsghdr *msg, 832 struct uio *uiop, 833 int flags, 834 socklen_t *namelenp, 835 socklen_t *controllenp, 836 int *flagsp) 837 { 838 struct sonode *so; 839 file_t *fp; 840 void *name; 841 socklen_t namelen; 842 void *control; 843 socklen_t controllen; 844 ssize_t len; 845 int error; 846 847 if ((so = getsonode(sock, &error, &fp)) == NULL) 848 return (set_errno(error)); 849 850 len = uiop->uio_resid; 851 uiop->uio_fmode = fp->f_flag; 852 uiop->uio_extflg = UIO_COPY_CACHED; 853 854 name = msg->msg_name; 855 namelen = msg->msg_namelen; 856 control = msg->msg_control; 857 controllen = msg->msg_controllen; 858 859 msg->msg_flags = flags & (MSG_OOB | MSG_PEEK | MSG_WAITALL | 860 MSG_DONTWAIT | MSG_XPG4_2); 861 862 error = SOP_RECVMSG(so, msg, uiop); 863 if (error) { 864 releasef(sock); 865 return (set_errno(error)); 866 } 867 lwp_stat_update(LWP_STAT_MSGRCV, 1); 868 so_update_attrs(so, SOACC); 869 releasef(sock); 870 871 error = copyout_name(name, namelen, namelenp, 872 msg->msg_name, msg->msg_namelen); 873 if (error) 874 goto err; 875 876 if (flagsp != NULL) { 877 /* 878 * Clear internal flag. 879 */ 880 msg->msg_flags &= ~MSG_XPG4_2; 881 882 /* 883 * Determine MSG_CTRUNC. sorecvmsg sets MSG_CTRUNC only 884 * when controllen is zero and there is control data to 885 * copy out. 886 */ 887 if (controllen != 0 && 888 (msg->msg_controllen > controllen || control == NULL)) { 889 dprint(1, ("recvit: CTRUNC %d %d %p\n", 890 msg->msg_controllen, controllen, control)); 891 892 msg->msg_flags |= MSG_CTRUNC; 893 } 894 if (copyout(&msg->msg_flags, flagsp, 895 sizeof (msg->msg_flags))) { 896 error = EFAULT; 897 goto err; 898 } 899 } 900 /* 901 * Note: This MUST be done last. There can be no "goto err" after this 902 * point since it could make so_closefds run twice on some part 903 * of the file descriptor array. 904 */ 905 if (controllen != 0) { 906 if (!(flags & MSG_XPG4_2)) { 907 /* 908 * Good old msg_accrights can only return a multiple 909 * of 4 bytes. 910 */ 911 controllen &= ~((int)sizeof (uint32_t) - 1); 912 } 913 error = copyout_arg(control, controllen, controllenp, 914 msg->msg_control, msg->msg_controllen); 915 if (error) 916 goto err; 917 918 if (msg->msg_controllen > controllen || control == NULL) { 919 if (control == NULL) 920 controllen = 0; 921 so_closefds(msg->msg_control, msg->msg_controllen, 922 !(flags & MSG_XPG4_2), controllen); 923 } 924 } 925 if (msg->msg_namelen != 0) 926 kmem_free(msg->msg_name, (size_t)msg->msg_namelen); 927 if (msg->msg_controllen != 0) 928 kmem_free(msg->msg_control, (size_t)msg->msg_controllen); 929 return (len - uiop->uio_resid); 930 931 err: 932 /* 933 * If we fail and the control part contains file descriptors 934 * we have to close the fd's. 935 */ 936 if (msg->msg_controllen != 0) 937 so_closefds(msg->msg_control, msg->msg_controllen, 938 !(flags & MSG_XPG4_2), 0); 939 if (msg->msg_namelen != 0) 940 kmem_free(msg->msg_name, (size_t)msg->msg_namelen); 941 if (msg->msg_controllen != 0) 942 kmem_free(msg->msg_control, (size_t)msg->msg_controllen); 943 return (set_errno(error)); 944 } 945 946 /* 947 * Native system call 948 */ 949 ssize_t 950 recv(int sock, void *buffer, size_t len, int flags) 951 { 952 struct nmsghdr lmsg; 953 struct uio auio; 954 struct iovec aiov[1]; 955 956 dprint(1, ("recv(%d, %p, %ld, %d)\n", 957 sock, buffer, len, flags)); 958 959 if ((ssize_t)len < 0) { 960 return (set_errno(EINVAL)); 961 } 962 963 aiov[0].iov_base = buffer; 964 aiov[0].iov_len = len; 965 auio.uio_loffset = 0; 966 auio.uio_iov = aiov; 967 auio.uio_iovcnt = 1; 968 auio.uio_resid = len; 969 auio.uio_segflg = UIO_USERSPACE; 970 auio.uio_limit = 0; 971 972 lmsg.msg_namelen = 0; 973 lmsg.msg_controllen = 0; 974 lmsg.msg_flags = 0; 975 return (recvit(sock, &lmsg, &auio, flags, NULL, NULL, NULL)); 976 } 977 978 ssize_t 979 recvfrom(int sock, void *buffer, size_t len, int flags, 980 struct sockaddr *name, socklen_t *namelenp) 981 { 982 struct nmsghdr lmsg; 983 struct uio auio; 984 struct iovec aiov[1]; 985 986 dprint(1, ("recvfrom(%d, %p, %ld, %d, %p, %p)\n", 987 sock, buffer, len, flags, name, namelenp)); 988 989 if ((ssize_t)len < 0) { 990 return (set_errno(EINVAL)); 991 } 992 993 aiov[0].iov_base = buffer; 994 aiov[0].iov_len = len; 995 auio.uio_loffset = 0; 996 auio.uio_iov = aiov; 997 auio.uio_iovcnt = 1; 998 auio.uio_resid = len; 999 auio.uio_segflg = UIO_USERSPACE; 1000 auio.uio_limit = 0; 1001 1002 lmsg.msg_name = (char *)name; 1003 if (namelenp != NULL) { 1004 if (copyin(namelenp, &lmsg.msg_namelen, 1005 sizeof (lmsg.msg_namelen))) 1006 return (set_errno(EFAULT)); 1007 } else { 1008 lmsg.msg_namelen = 0; 1009 } 1010 lmsg.msg_controllen = 0; 1011 lmsg.msg_flags = 0; 1012 1013 return (recvit(sock, &lmsg, &auio, flags, namelenp, NULL, NULL)); 1014 } 1015 1016 /* 1017 * Uses the MSG_XPG4_2 flag to determine if the caller is using 1018 * struct omsghdr or struct nmsghdr. 1019 */ 1020 ssize_t 1021 recvmsg(int sock, struct nmsghdr *msg, int flags) 1022 { 1023 STRUCT_DECL(nmsghdr, u_lmsg); 1024 STRUCT_HANDLE(nmsghdr, umsgptr); 1025 struct nmsghdr lmsg; 1026 struct uio auio; 1027 struct iovec aiov[MSG_MAXIOVLEN]; 1028 int iovcnt; 1029 ssize_t len; 1030 int i; 1031 int *flagsp; 1032 model_t model; 1033 1034 dprint(1, ("recvmsg(%d, %p, %d)\n", 1035 sock, msg, flags)); 1036 1037 model = get_udatamodel(); 1038 STRUCT_INIT(u_lmsg, model); 1039 STRUCT_SET_HANDLE(umsgptr, model, msg); 1040 1041 if (flags & MSG_XPG4_2) { 1042 if (copyin(msg, STRUCT_BUF(u_lmsg), STRUCT_SIZE(u_lmsg))) 1043 return (set_errno(EFAULT)); 1044 flagsp = STRUCT_FADDR(umsgptr, msg_flags); 1045 } else { 1046 /* 1047 * Assumes that nmsghdr and omsghdr are identically shaped 1048 * except for the added msg_flags field. 1049 */ 1050 if (copyin(msg, STRUCT_BUF(u_lmsg), 1051 SIZEOF_STRUCT(omsghdr, model))) 1052 return (set_errno(EFAULT)); 1053 STRUCT_FSET(u_lmsg, msg_flags, 0); 1054 flagsp = NULL; 1055 } 1056 1057 /* 1058 * Code below us will kmem_alloc memory and hang it 1059 * off msg_control and msg_name fields. This forces 1060 * us to copy the structure to its native form. 1061 */ 1062 lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name); 1063 lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen); 1064 lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov); 1065 lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen); 1066 lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control); 1067 lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen); 1068 lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags); 1069 1070 iovcnt = lmsg.msg_iovlen; 1071 1072 if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) { 1073 return (set_errno(EMSGSIZE)); 1074 } 1075 1076 #ifdef _SYSCALL32_IMPL 1077 /* 1078 * 32-bit callers need to have their iovec expanded, while ensuring 1079 * that they can't move more than 2Gbytes of data in a single call. 1080 */ 1081 if (model == DATAMODEL_ILP32) { 1082 struct iovec32 aiov32[MSG_MAXIOVLEN]; 1083 ssize32_t count32; 1084 1085 if (copyin((struct iovec32 *)lmsg.msg_iov, aiov32, 1086 iovcnt * sizeof (struct iovec32))) 1087 return (set_errno(EFAULT)); 1088 1089 count32 = 0; 1090 for (i = 0; i < iovcnt; i++) { 1091 ssize32_t iovlen32; 1092 1093 iovlen32 = aiov32[i].iov_len; 1094 count32 += iovlen32; 1095 if (iovlen32 < 0 || count32 < 0) 1096 return (set_errno(EINVAL)); 1097 aiov[i].iov_len = iovlen32; 1098 aiov[i].iov_base = 1099 (caddr_t)(uintptr_t)aiov32[i].iov_base; 1100 } 1101 } else 1102 #endif /* _SYSCALL32_IMPL */ 1103 if (copyin(lmsg.msg_iov, aiov, iovcnt * sizeof (struct iovec))) { 1104 return (set_errno(EFAULT)); 1105 } 1106 len = 0; 1107 for (i = 0; i < iovcnt; i++) { 1108 ssize_t iovlen = aiov[i].iov_len; 1109 len += iovlen; 1110 if (iovlen < 0 || len < 0) { 1111 return (set_errno(EINVAL)); 1112 } 1113 } 1114 auio.uio_loffset = 0; 1115 auio.uio_iov = aiov; 1116 auio.uio_iovcnt = iovcnt; 1117 auio.uio_resid = len; 1118 auio.uio_segflg = UIO_USERSPACE; 1119 auio.uio_limit = 0; 1120 1121 if (lmsg.msg_control != NULL && 1122 (do_useracc == 0 || 1123 useracc(lmsg.msg_control, lmsg.msg_controllen, 1124 B_WRITE) != 0)) { 1125 return (set_errno(EFAULT)); 1126 } 1127 1128 return (recvit(sock, &lmsg, &auio, flags, 1129 STRUCT_FADDR(umsgptr, msg_namelen), 1130 STRUCT_FADDR(umsgptr, msg_controllen), flagsp)); 1131 } 1132 1133 /* 1134 * Common send function. 1135 */ 1136 static ssize_t 1137 sendit(int sock, struct nmsghdr *msg, struct uio *uiop, int flags) 1138 { 1139 struct sonode *so; 1140 file_t *fp; 1141 void *name; 1142 socklen_t namelen; 1143 void *control; 1144 socklen_t controllen; 1145 ssize_t len; 1146 int error; 1147 1148 if ((so = getsonode(sock, &error, &fp)) == NULL) 1149 return (set_errno(error)); 1150 1151 uiop->uio_fmode = fp->f_flag; 1152 1153 if (so->so_family == AF_UNIX) 1154 uiop->uio_extflg = UIO_COPY_CACHED; 1155 else 1156 uiop->uio_extflg = UIO_COPY_DEFAULT; 1157 1158 /* Allocate and copyin name and control */ 1159 name = msg->msg_name; 1160 namelen = msg->msg_namelen; 1161 if (name != NULL && namelen != 0) { 1162 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1163 name = copyin_name(so, 1164 (struct sockaddr *)name, 1165 &namelen, &error); 1166 if (name == NULL) 1167 goto done3; 1168 /* copyin_name null terminates addresses for AF_UNIX */ 1169 msg->msg_namelen = namelen; 1170 msg->msg_name = name; 1171 } else { 1172 msg->msg_name = name = NULL; 1173 msg->msg_namelen = namelen = 0; 1174 } 1175 1176 control = msg->msg_control; 1177 controllen = msg->msg_controllen; 1178 if ((control != NULL) && (controllen != 0)) { 1179 /* 1180 * Verify that the length is not excessive to prevent 1181 * an application from consuming all of kernel memory. 1182 */ 1183 if (controllen > SO_MAXARGSIZE) { 1184 error = EINVAL; 1185 goto done2; 1186 } 1187 control = kmem_alloc(controllen, KM_SLEEP); 1188 1189 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1190 if (copyin(msg->msg_control, control, controllen)) { 1191 error = EFAULT; 1192 goto done1; 1193 } 1194 msg->msg_control = control; 1195 } else { 1196 msg->msg_control = control = NULL; 1197 msg->msg_controllen = controllen = 0; 1198 } 1199 1200 len = uiop->uio_resid; 1201 msg->msg_flags = flags; 1202 1203 error = SOP_SENDMSG(so, msg, uiop); 1204 done1: 1205 if (control != NULL) 1206 kmem_free(control, controllen); 1207 done2: 1208 if (name != NULL) 1209 kmem_free(name, namelen); 1210 done3: 1211 if (error != 0) { 1212 releasef(sock); 1213 return (set_errno(error)); 1214 } 1215 lwp_stat_update(LWP_STAT_MSGSND, 1); 1216 so_update_attrs(so, SOMOD); 1217 releasef(sock); 1218 return (len - uiop->uio_resid); 1219 } 1220 1221 /* 1222 * Native system call 1223 */ 1224 ssize_t 1225 send(int sock, void *buffer, size_t len, int flags) 1226 { 1227 struct nmsghdr lmsg; 1228 struct uio auio; 1229 struct iovec aiov[1]; 1230 1231 dprint(1, ("send(%d, %p, %ld, %d)\n", 1232 sock, buffer, len, flags)); 1233 1234 if ((ssize_t)len < 0) { 1235 return (set_errno(EINVAL)); 1236 } 1237 1238 aiov[0].iov_base = buffer; 1239 aiov[0].iov_len = len; 1240 auio.uio_loffset = 0; 1241 auio.uio_iov = aiov; 1242 auio.uio_iovcnt = 1; 1243 auio.uio_resid = len; 1244 auio.uio_segflg = UIO_USERSPACE; 1245 auio.uio_limit = 0; 1246 1247 lmsg.msg_name = NULL; 1248 lmsg.msg_control = NULL; 1249 if (!(flags & MSG_XPG4_2)) { 1250 /* 1251 * In order to be compatible with the libsocket/sockmod 1252 * implementation we set EOR for all send* calls. 1253 */ 1254 flags |= MSG_EOR; 1255 } 1256 return (sendit(sock, &lmsg, &auio, flags)); 1257 } 1258 1259 /* 1260 * Uses the MSG_XPG4_2 flag to determine if the caller is using 1261 * struct omsghdr or struct nmsghdr. 1262 */ 1263 ssize_t 1264 sendmsg(int sock, struct nmsghdr *msg, int flags) 1265 { 1266 struct nmsghdr lmsg; 1267 STRUCT_DECL(nmsghdr, u_lmsg); 1268 struct uio auio; 1269 struct iovec aiov[MSG_MAXIOVLEN]; 1270 int iovcnt; 1271 ssize_t len; 1272 int i; 1273 model_t model; 1274 1275 dprint(1, ("sendmsg(%d, %p, %d)\n", sock, msg, flags)); 1276 1277 model = get_udatamodel(); 1278 STRUCT_INIT(u_lmsg, model); 1279 1280 if (flags & MSG_XPG4_2) { 1281 if (copyin(msg, (char *)STRUCT_BUF(u_lmsg), 1282 STRUCT_SIZE(u_lmsg))) 1283 return (set_errno(EFAULT)); 1284 } else { 1285 /* 1286 * Assumes that nmsghdr and omsghdr are identically shaped 1287 * except for the added msg_flags field. 1288 */ 1289 if (copyin(msg, (char *)STRUCT_BUF(u_lmsg), 1290 SIZEOF_STRUCT(omsghdr, model))) 1291 return (set_errno(EFAULT)); 1292 /* 1293 * In order to be compatible with the libsocket/sockmod 1294 * implementation we set EOR for all send* calls. 1295 */ 1296 flags |= MSG_EOR; 1297 } 1298 1299 /* 1300 * Code below us will kmem_alloc memory and hang it 1301 * off msg_control and msg_name fields. This forces 1302 * us to copy the structure to its native form. 1303 */ 1304 lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name); 1305 lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen); 1306 lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov); 1307 lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen); 1308 lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control); 1309 lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen); 1310 lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags); 1311 1312 iovcnt = lmsg.msg_iovlen; 1313 1314 if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) { 1315 /* 1316 * Unless this is XPG 4.2 we allow iovcnt == 0 to 1317 * be compatible with SunOS 4.X and 4.4BSD. 1318 */ 1319 if (iovcnt != 0 || (flags & MSG_XPG4_2)) 1320 return (set_errno(EMSGSIZE)); 1321 } 1322 1323 #ifdef _SYSCALL32_IMPL 1324 /* 1325 * 32-bit callers need to have their iovec expanded, while ensuring 1326 * that they can't move more than 2Gbytes of data in a single call. 1327 */ 1328 if (model == DATAMODEL_ILP32) { 1329 struct iovec32 aiov32[MSG_MAXIOVLEN]; 1330 ssize32_t count32; 1331 1332 if (iovcnt != 0 && 1333 copyin((struct iovec32 *)lmsg.msg_iov, aiov32, 1334 iovcnt * sizeof (struct iovec32))) 1335 return (set_errno(EFAULT)); 1336 1337 count32 = 0; 1338 for (i = 0; i < iovcnt; i++) { 1339 ssize32_t iovlen32; 1340 1341 iovlen32 = aiov32[i].iov_len; 1342 count32 += iovlen32; 1343 if (iovlen32 < 0 || count32 < 0) 1344 return (set_errno(EINVAL)); 1345 aiov[i].iov_len = iovlen32; 1346 aiov[i].iov_base = 1347 (caddr_t)(uintptr_t)aiov32[i].iov_base; 1348 } 1349 } else 1350 #endif /* _SYSCALL32_IMPL */ 1351 if (iovcnt != 0 && 1352 copyin(lmsg.msg_iov, aiov, 1353 (unsigned)iovcnt * sizeof (struct iovec))) { 1354 return (set_errno(EFAULT)); 1355 } 1356 len = 0; 1357 for (i = 0; i < iovcnt; i++) { 1358 ssize_t iovlen = aiov[i].iov_len; 1359 len += iovlen; 1360 if (iovlen < 0 || len < 0) { 1361 return (set_errno(EINVAL)); 1362 } 1363 } 1364 auio.uio_loffset = 0; 1365 auio.uio_iov = aiov; 1366 auio.uio_iovcnt = iovcnt; 1367 auio.uio_resid = len; 1368 auio.uio_segflg = UIO_USERSPACE; 1369 auio.uio_limit = 0; 1370 1371 return (sendit(sock, &lmsg, &auio, flags)); 1372 } 1373 1374 ssize_t 1375 sendto(int sock, void *buffer, size_t len, int flags, 1376 struct sockaddr *name, socklen_t namelen) 1377 { 1378 struct nmsghdr lmsg; 1379 struct uio auio; 1380 struct iovec aiov[1]; 1381 1382 dprint(1, ("sendto(%d, %p, %ld, %d, %p, %d)\n", 1383 sock, buffer, len, flags, name, namelen)); 1384 1385 if ((ssize_t)len < 0) { 1386 return (set_errno(EINVAL)); 1387 } 1388 1389 aiov[0].iov_base = buffer; 1390 aiov[0].iov_len = len; 1391 auio.uio_loffset = 0; 1392 auio.uio_iov = aiov; 1393 auio.uio_iovcnt = 1; 1394 auio.uio_resid = len; 1395 auio.uio_segflg = UIO_USERSPACE; 1396 auio.uio_limit = 0; 1397 1398 lmsg.msg_name = (char *)name; 1399 lmsg.msg_namelen = namelen; 1400 lmsg.msg_control = NULL; 1401 if (!(flags & MSG_XPG4_2)) { 1402 /* 1403 * In order to be compatible with the libsocket/sockmod 1404 * implementation we set EOR for all send* calls. 1405 */ 1406 flags |= MSG_EOR; 1407 } 1408 return (sendit(sock, &lmsg, &auio, flags)); 1409 } 1410 1411 /*ARGSUSED3*/ 1412 int 1413 getpeername(int sock, struct sockaddr *name, socklen_t *namelenp, int version) 1414 { 1415 struct sonode *so; 1416 int error; 1417 socklen_t namelen; 1418 union { 1419 struct sockaddr_in sin; 1420 struct sockaddr_in6 sin6; 1421 } sin; /* Temporary buffer, common case */ 1422 void *addr; /* Temporary buffer, uncommon case */ 1423 socklen_t addrlen, size; 1424 1425 dprint(1, ("getpeername(%d, %p, %p)\n", 1426 sock, name, namelenp)); 1427 1428 if ((so = getsonode(sock, &error, NULL)) == NULL) 1429 goto bad; 1430 1431 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1432 if (copyin(namelenp, &namelen, sizeof (namelen)) || 1433 (name == NULL && namelen != 0)) { 1434 error = EFAULT; 1435 goto rel_out; 1436 } 1437 /* 1438 * If a connect or accept has been done, unless we're an Xnet socket, 1439 * the remote address has already been updated in so_faddr_sa. 1440 */ 1441 if (so->so_version != SOV_SOCKSTREAM && so->so_version != SOV_SOCKBSD || 1442 !(so->so_state & SS_FADDR_VALID)) { 1443 if ((error = SOP_GETPEERNAME(so)) != 0) 1444 goto rel_out; 1445 } 1446 1447 if (so->so_faddr_maxlen <= sizeof (sin)) { 1448 size = 0; 1449 addr = &sin; 1450 } else { 1451 /* 1452 * Allocate temporary to avoid holding so_lock across 1453 * copyout 1454 */ 1455 size = so->so_faddr_maxlen; 1456 addr = kmem_alloc(size, KM_SLEEP); 1457 } 1458 /* Prevent so_faddr_sa/len from changing while accessed */ 1459 mutex_enter(&so->so_lock); 1460 if (!(so->so_state & SS_ISCONNECTED)) { 1461 mutex_exit(&so->so_lock); 1462 error = ENOTCONN; 1463 goto free_out; 1464 } 1465 addrlen = so->so_faddr_len; 1466 bcopy(so->so_faddr_sa, addr, addrlen); 1467 mutex_exit(&so->so_lock); 1468 1469 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1470 error = copyout_name(name, namelen, namelenp, addr, 1471 (so->so_state & SS_FADDR_NOXLATE) ? 0 : addrlen); 1472 free_out: 1473 if (size != 0) 1474 kmem_free(addr, size); 1475 rel_out: 1476 releasef(sock); 1477 bad: return (error != 0 ? set_errno(error) : 0); 1478 } 1479 1480 /*ARGSUSED3*/ 1481 int 1482 getsockname(int sock, struct sockaddr *name, 1483 socklen_t *namelenp, int version) 1484 { 1485 struct sonode *so; 1486 int error; 1487 socklen_t namelen; 1488 union { 1489 struct sockaddr_in sin; 1490 struct sockaddr_in6 sin6; 1491 } sin; /* Temporary buffer, common case */ 1492 void *addr; /* Temporary buffer, uncommon case */ 1493 socklen_t addrlen, size; 1494 1495 dprint(1, ("getsockname(%d, %p, %p)\n", 1496 sock, name, namelenp)); 1497 1498 if ((so = getsonode(sock, &error, NULL)) == NULL) 1499 goto bad; 1500 1501 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1502 if (copyin(namelenp, &namelen, sizeof (namelen)) || 1503 (name == NULL && namelen != 0)) { 1504 error = EFAULT; 1505 goto rel_out; 1506 } 1507 1508 /* 1509 * If a bind or accept has been done, unless we're an Xnet endpoint, 1510 * the local address has already been updated in so_laddr_sa. 1511 */ 1512 if ((so->so_version != SOV_SOCKSTREAM && 1513 so->so_version != SOV_SOCKBSD) || 1514 !(so->so_state & SS_LADDR_VALID)) { 1515 if ((error = SOP_GETSOCKNAME(so)) != 0) 1516 goto rel_out; 1517 } 1518 1519 if (so->so_laddr_maxlen <= sizeof (sin)) { 1520 size = 0; 1521 addr = &sin; 1522 } else { 1523 /* 1524 * Allocate temporary to avoid holding so_lock across 1525 * copyout 1526 */ 1527 size = so->so_laddr_maxlen; 1528 addr = kmem_alloc(size, KM_SLEEP); 1529 } 1530 /* Prevent so_laddr_sa/len from changing while accessed */ 1531 mutex_enter(&so->so_lock); 1532 addrlen = so->so_laddr_len; 1533 bcopy(so->so_laddr_sa, addr, addrlen); 1534 mutex_exit(&so->so_lock); 1535 1536 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1537 error = copyout_name(name, namelen, namelenp, 1538 addr, addrlen); 1539 if (size != 0) 1540 kmem_free(addr, size); 1541 rel_out: 1542 releasef(sock); 1543 bad: return (error != 0 ? set_errno(error) : 0); 1544 } 1545 1546 /*ARGSUSED5*/ 1547 int 1548 getsockopt(int sock, 1549 int level, 1550 int option_name, 1551 void *option_value, 1552 socklen_t *option_lenp, 1553 int version) 1554 { 1555 struct sonode *so; 1556 socklen_t optlen, optlen_res; 1557 void *optval; 1558 int error; 1559 1560 dprint(1, ("getsockopt(%d, %d, %d, %p, %p)\n", 1561 sock, level, option_name, option_value, option_lenp)); 1562 1563 if ((so = getsonode(sock, &error, NULL)) == NULL) 1564 return (set_errno(error)); 1565 1566 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1567 if (copyin(option_lenp, &optlen, sizeof (optlen))) { 1568 releasef(sock); 1569 return (set_errno(EFAULT)); 1570 } 1571 /* 1572 * Verify that the length is not excessive to prevent 1573 * an application from consuming all of kernel memory. 1574 */ 1575 if (optlen > SO_MAXARGSIZE) { 1576 error = EINVAL; 1577 releasef(sock); 1578 return (set_errno(error)); 1579 } 1580 optval = kmem_alloc(optlen, KM_SLEEP); 1581 optlen_res = optlen; 1582 error = SOP_GETSOCKOPT(so, level, option_name, optval, 1583 &optlen_res, (version != SOV_XPG4_2) ? 0 : _SOGETSOCKOPT_XPG4_2); 1584 releasef(sock); 1585 if (error) { 1586 kmem_free(optval, optlen); 1587 return (set_errno(error)); 1588 } 1589 error = copyout_arg(option_value, optlen, option_lenp, 1590 optval, optlen_res); 1591 kmem_free(optval, optlen); 1592 if (error) 1593 return (set_errno(error)); 1594 return (0); 1595 } 1596 1597 /*ARGSUSED5*/ 1598 int 1599 setsockopt(int sock, 1600 int level, 1601 int option_name, 1602 void *option_value, 1603 socklen_t option_len, 1604 int version) 1605 { 1606 struct sonode *so; 1607 intptr_t buffer[2]; 1608 void *optval = NULL; 1609 int error; 1610 1611 dprint(1, ("setsockopt(%d, %d, %d, %p, %d)\n", 1612 sock, level, option_name, option_value, option_len)); 1613 1614 if ((so = getsonode(sock, &error, NULL)) == NULL) 1615 return (set_errno(error)); 1616 1617 if (option_value != NULL) { 1618 if (option_len != 0) { 1619 /* 1620 * Verify that the length is not excessive to prevent 1621 * an application from consuming all of kernel memory. 1622 */ 1623 if (option_len > SO_MAXARGSIZE) { 1624 error = EINVAL; 1625 goto done2; 1626 } 1627 optval = option_len <= sizeof (buffer) ? 1628 &buffer : kmem_alloc((size_t)option_len, KM_SLEEP); 1629 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1630 if (copyin(option_value, optval, (size_t)option_len)) { 1631 error = EFAULT; 1632 goto done1; 1633 } 1634 } 1635 } else 1636 option_len = 0; 1637 1638 error = SOP_SETSOCKOPT(so, level, option_name, optval, 1639 (t_uscalar_t)option_len); 1640 done1: 1641 if (optval != buffer) 1642 kmem_free(optval, (size_t)option_len); 1643 done2: 1644 releasef(sock); 1645 if (error) 1646 return (set_errno(error)); 1647 return (0); 1648 } 1649 1650 /* 1651 * Add config info when devpath is non-NULL; delete info when devpath is NULL. 1652 * devpath is a user address. 1653 */ 1654 int 1655 sockconfig(int domain, int type, int protocol, char *devpath) 1656 { 1657 char *kdevpath; /* Copied in devpath string */ 1658 size_t kdevpathlen; 1659 int error = 0; 1660 1661 dprint(1, ("sockconfig(%d, %d, %d, %p)\n", 1662 domain, type, protocol, devpath)); 1663 1664 if (secpolicy_net_config(CRED(), B_FALSE) != 0) 1665 return (set_errno(EPERM)); 1666 1667 if (devpath == NULL) { 1668 /* Deleting an entry */ 1669 kdevpath = NULL; 1670 kdevpathlen = 0; 1671 } else { 1672 /* 1673 * Adding an entry. 1674 * Copyin the devpath. 1675 * This also makes it possible to check for too long pathnames. 1676 * Compress the space needed for the devpath before passing it 1677 * to soconfig - soconfig will store the string until 1678 * the configuration is removed. 1679 */ 1680 char *buf; 1681 1682 buf = kmem_alloc(MAXPATHLEN, KM_SLEEP); 1683 if ((error = copyinstr(devpath, buf, MAXPATHLEN, 1684 &kdevpathlen)) != 0) { 1685 kmem_free(buf, MAXPATHLEN); 1686 goto done; 1687 } 1688 1689 kdevpath = kmem_alloc(kdevpathlen, KM_SLEEP); 1690 bcopy(buf, kdevpath, kdevpathlen); 1691 kdevpath[kdevpathlen - 1] = '\0'; 1692 1693 kmem_free(buf, MAXPATHLEN); 1694 } 1695 error = soconfig(domain, type, protocol, kdevpath, (int)kdevpathlen); 1696 done: 1697 if (error) { 1698 eprintline(error); 1699 return (set_errno(error)); 1700 } 1701 return (0); 1702 } 1703 1704 1705 /* 1706 * Sendfile is implemented through two schemes, direct I/O or by 1707 * caching in the filesystem page cache. We cache the input file by 1708 * default and use direct I/O only if sendfile_max_size is set 1709 * appropriately as explained below. Note that this logic is consistent 1710 * with other filesystems where caching is turned on by default 1711 * unless explicitly turned off by using the DIRECTIO ioctl. 1712 * 1713 * We choose a slightly different scheme here. One can turn off 1714 * caching by setting sendfile_max_size to 0. One can also enable 1715 * caching of files <= sendfile_max_size by setting sendfile_max_size 1716 * to an appropriate value. By default sendfile_max_size is set to the 1717 * maximum value so that all files are cached. In future, we may provide 1718 * better interfaces for caching the file. 1719 * 1720 * Sendfile through Direct I/O (Zero copy) 1721 * -------------------------------------- 1722 * 1723 * As disks are normally slower than the network, we can't have a 1724 * single thread that reads the disk and writes to the network. We 1725 * need to have parallelism. This is done by having the sendfile 1726 * thread create another thread that reads from the filesystem 1727 * and queues it for network processing. In this scheme, the data 1728 * is never copied anywhere i.e it is zero copy unlike the other 1729 * scheme. 1730 * 1731 * We have a sendfile queue (snfq) where each sendfile 1732 * request (snf_req_t) is queued for processing by a thread. Number 1733 * of threads is dynamically allocated and they exit if they are idling 1734 * beyond a specified amount of time. When each request (snf_req_t) is 1735 * processed by a thread, it produces a number of mblk_t structures to 1736 * be consumed by the sendfile thread. snf_deque and snf_enque are 1737 * used for consuming and producing mblks. Size of the filesystem 1738 * read is determined by the tunable (sendfile_read_size). A single 1739 * mblk holds sendfile_read_size worth of data (except the last 1740 * read of the file) which is sent down as a whole to the network. 1741 * sendfile_read_size is set to 1 MB as this seems to be the optimal 1742 * value for the UFS filesystem backed by a striped storage array. 1743 * 1744 * Synchronisation between read (producer) and write (consumer) threads. 1745 * -------------------------------------------------------------------- 1746 * 1747 * sr_lock protects sr_ib_head and sr_ib_tail. The lock is held while 1748 * adding and deleting items in this list. Error can happen anytime 1749 * during read or write. There could be unprocessed mblks in the 1750 * sr_ib_XXX list when a read or write error occurs. Whenever error 1751 * is encountered, we need two things to happen : 1752 * 1753 * a) One of the threads need to clean the mblks. 1754 * b) When one thread encounters an error, the other should stop. 1755 * 1756 * For (a), we don't want to penalize the reader thread as it could do 1757 * some useful work processing other requests. For (b), the error can 1758 * be detected by examining sr_read_error or sr_write_error. 1759 * sr_lock protects sr_read_error and sr_write_error. If both reader and 1760 * writer encounters error, we need to report the write error back to 1761 * the application as that's what would have happened if the operations 1762 * were done sequentially. With this in mind, following should work : 1763 * 1764 * - Check for errors before read or write. 1765 * - If the reader encounters error, set the error in sr_read_error. 1766 * Check sr_write_error, if it is set, send cv_signal as it is 1767 * waiting for reader to complete. If it is not set, the writer 1768 * is either running sinking data to the network or blocked 1769 * because of flow control. For handling the latter case, we 1770 * always send a signal. In any case, it will examine sr_read_error 1771 * and return. sr_read_error is marked with SR_READ_DONE to tell 1772 * the writer that the reader is done in all the cases. 1773 * - If the writer encounters error, set the error in sr_write_error. 1774 * The reader thread is either blocked because of flow control or 1775 * running reading data from the disk. For the former, we need to 1776 * wakeup the thread. Again to keep it simple, we always wake up 1777 * the reader thread. Then, wait for the read thread to complete 1778 * if it is not done yet. Cleanup and return. 1779 * 1780 * High and low water marks for the read thread. 1781 * -------------------------------------------- 1782 * 1783 * If sendfile() is used to send data over a slow network, we need to 1784 * make sure that the read thread does not produce data at a faster 1785 * rate than the network. This can happen if the disk is faster than 1786 * the network. In such a case, we don't want to build a very large queue. 1787 * But we would still like to get all of the network throughput possible. 1788 * This implies that network should never block waiting for data. 1789 * As there are lot of disk throughput/network throughput combinations 1790 * possible, it is difficult to come up with an accurate number. 1791 * A typical 10K RPM disk has a max seek latency 17ms and rotational 1792 * latency of 3ms for reading a disk block. Thus, the total latency to 1793 * initiate a new read, transfer data from the disk and queue for 1794 * transmission would take about a max of 25ms. Todays max transfer rate 1795 * for network is 100MB/sec. If the thread is blocked because of flow 1796 * control, it would take 25ms to get new data ready for transmission. 1797 * We have to make sure that network is not idling, while we are initiating 1798 * new transfers. So, at 100MB/sec, to keep network busy we would need 1799 * 2.5MB of data. Rounding off, we keep the low water mark to be 3MB of data. 1800 * We need to pick a high water mark so that the woken up thread would 1801 * do considerable work before blocking again to prevent thrashing. Currently, 1802 * we pick this to be 10 times that of the low water mark. 1803 * 1804 * Sendfile with segmap caching (One copy from page cache to mblks). 1805 * ---------------------------------------------------------------- 1806 * 1807 * We use the segmap cache for caching the file, if the size of file 1808 * is <= sendfile_max_size. In this case we don't use threads as VM 1809 * is reasonably fast enough to keep up with the network. If the underlying 1810 * transport allows, we call segmap_getmapflt() to map MAXBSIZE (8K) worth 1811 * of data into segmap space, and use the virtual address from segmap 1812 * directly through desballoc() to avoid copy. Once the transport is done 1813 * with the data, the mapping will be released through segmap_release() 1814 * called by the call-back routine. 1815 * 1816 * If zero-copy is not allowed by the transport, we simply call VOP_READ() 1817 * to copy the data from the filesystem into our temporary network buffer. 1818 * 1819 * To disable caching, set sendfile_max_size to 0. 1820 */ 1821 1822 uint_t sendfile_read_size = 1024 * 1024; 1823 #define SENDFILE_REQ_LOWAT 3 * 1024 * 1024 1824 uint_t sendfile_req_lowat = SENDFILE_REQ_LOWAT; 1825 uint_t sendfile_req_hiwat = 10 * SENDFILE_REQ_LOWAT; 1826 struct sendfile_stats sf_stats; 1827 struct sendfile_queue *snfq; 1828 clock_t snfq_timeout; 1829 off64_t sendfile_max_size; 1830 1831 static void snf_enque(snf_req_t *, mblk_t *); 1832 static mblk_t *snf_deque(snf_req_t *); 1833 1834 void 1835 sendfile_init(void) 1836 { 1837 snfq = kmem_zalloc(sizeof (struct sendfile_queue), KM_SLEEP); 1838 1839 mutex_init(&snfq->snfq_lock, NULL, MUTEX_DEFAULT, NULL); 1840 cv_init(&snfq->snfq_cv, NULL, CV_DEFAULT, NULL); 1841 snfq->snfq_max_threads = max_ncpus; 1842 snfq_timeout = SNFQ_TIMEOUT; 1843 /* Cache all files by default. */ 1844 sendfile_max_size = MAXOFFSET_T; 1845 } 1846 1847 /* 1848 * Queues a mblk_t for network processing. 1849 */ 1850 static void 1851 snf_enque(snf_req_t *sr, mblk_t *mp) 1852 { 1853 mp->b_next = NULL; 1854 mutex_enter(&sr->sr_lock); 1855 if (sr->sr_mp_head == NULL) { 1856 sr->sr_mp_head = sr->sr_mp_tail = mp; 1857 cv_signal(&sr->sr_cv); 1858 } else { 1859 sr->sr_mp_tail->b_next = mp; 1860 sr->sr_mp_tail = mp; 1861 } 1862 sr->sr_qlen += MBLKL(mp); 1863 while ((sr->sr_qlen > sr->sr_hiwat) && 1864 (sr->sr_write_error == 0)) { 1865 sf_stats.ss_full_waits++; 1866 cv_wait(&sr->sr_cv, &sr->sr_lock); 1867 } 1868 mutex_exit(&sr->sr_lock); 1869 } 1870 1871 /* 1872 * De-queues a mblk_t for network processing. 1873 */ 1874 static mblk_t * 1875 snf_deque(snf_req_t *sr) 1876 { 1877 mblk_t *mp; 1878 1879 mutex_enter(&sr->sr_lock); 1880 /* 1881 * If we have encountered an error on read or read is 1882 * completed and no more mblks, return NULL. 1883 * We need to check for NULL sr_mp_head also as 1884 * the reads could have completed and there is 1885 * nothing more to come. 1886 */ 1887 if (((sr->sr_read_error & ~SR_READ_DONE) != 0) || 1888 ((sr->sr_read_error & SR_READ_DONE) && 1889 sr->sr_mp_head == NULL)) { 1890 mutex_exit(&sr->sr_lock); 1891 return (NULL); 1892 } 1893 /* 1894 * To start with neither SR_READ_DONE is marked nor 1895 * the error is set. When we wake up from cv_wait, 1896 * following are the possibilities : 1897 * 1898 * a) sr_read_error is zero and mblks are queued. 1899 * b) sr_read_error is set to SR_READ_DONE 1900 * and mblks are queued. 1901 * c) sr_read_error is set to SR_READ_DONE 1902 * and no mblks. 1903 * d) sr_read_error is set to some error other 1904 * than SR_READ_DONE. 1905 */ 1906 1907 while ((sr->sr_read_error == 0) && (sr->sr_mp_head == NULL)) { 1908 sf_stats.ss_empty_waits++; 1909 cv_wait(&sr->sr_cv, &sr->sr_lock); 1910 } 1911 /* Handle (a) and (b) first - the normal case. */ 1912 if (((sr->sr_read_error & ~SR_READ_DONE) == 0) && 1913 (sr->sr_mp_head != NULL)) { 1914 mp = sr->sr_mp_head; 1915 sr->sr_mp_head = mp->b_next; 1916 sr->sr_qlen -= MBLKL(mp); 1917 if (sr->sr_qlen < sr->sr_lowat) 1918 cv_signal(&sr->sr_cv); 1919 mutex_exit(&sr->sr_lock); 1920 mp->b_next = NULL; 1921 return (mp); 1922 } 1923 /* Handle (c) and (d). */ 1924 mutex_exit(&sr->sr_lock); 1925 return (NULL); 1926 } 1927 1928 /* 1929 * Reads data from the filesystem and queues it for network processing. 1930 */ 1931 void 1932 snf_async_read(snf_req_t *sr) 1933 { 1934 size_t iosize; 1935 u_offset_t fileoff; 1936 u_offset_t size; 1937 int ret_size; 1938 int error; 1939 file_t *fp; 1940 mblk_t *mp; 1941 struct vnode *vp; 1942 int extra = 0; 1943 1944 fp = sr->sr_fp; 1945 size = sr->sr_file_size; 1946 fileoff = sr->sr_file_off; 1947 1948 /* 1949 * Ignore the error for filesystems that doesn't support DIRECTIO. 1950 */ 1951 (void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_ON, 0, 1952 kcred, NULL, NULL); 1953 1954 vp = fp->f_vnode; 1955 if (vp->v_type == VSOCK) { 1956 stdata_t *stp; 1957 1958 /* 1959 * Get the extra space to insert a header and a trailer. 1960 */ 1961 stp = vp->v_stream; 1962 extra = (int)(stp->sd_wroff + stp->sd_tail); 1963 } 1964 1965 while ((size != 0) && (sr->sr_write_error == 0)) { 1966 1967 iosize = (int)MIN(sr->sr_maxpsz, size); 1968 1969 if ((mp = allocb(iosize + extra, BPRI_MED)) == NULL) { 1970 error = EAGAIN; 1971 break; 1972 } 1973 ret_size = soreadfile(fp, mp->b_rptr, fileoff, &error, iosize); 1974 1975 /* Error or Reached EOF ? */ 1976 if ((error != 0) || (ret_size == 0)) { 1977 freeb(mp); 1978 break; 1979 } 1980 mp->b_wptr = mp->b_rptr + ret_size; 1981 1982 snf_enque(sr, mp); 1983 size -= ret_size; 1984 fileoff += ret_size; 1985 } 1986 (void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_OFF, 0, 1987 kcred, NULL, NULL); 1988 mutex_enter(&sr->sr_lock); 1989 sr->sr_read_error = error; 1990 sr->sr_read_error |= SR_READ_DONE; 1991 cv_signal(&sr->sr_cv); 1992 mutex_exit(&sr->sr_lock); 1993 } 1994 1995 void 1996 snf_async_thread(void) 1997 { 1998 snf_req_t *sr; 1999 callb_cpr_t cprinfo; 2000 clock_t time_left = 1; 2001 clock_t now; 2002 2003 CALLB_CPR_INIT(&cprinfo, &snfq->snfq_lock, callb_generic_cpr, "snfq"); 2004 2005 mutex_enter(&snfq->snfq_lock); 2006 for (;;) { 2007 /* 2008 * If we didn't find a entry, then block until woken up 2009 * again and then look through the queues again. 2010 */ 2011 while ((sr = snfq->snfq_req_head) == NULL) { 2012 CALLB_CPR_SAFE_BEGIN(&cprinfo); 2013 if (time_left <= 0) { 2014 snfq->snfq_svc_threads--; 2015 CALLB_CPR_EXIT(&cprinfo); 2016 thread_exit(); 2017 /* NOTREACHED */ 2018 } 2019 snfq->snfq_idle_cnt++; 2020 2021 time_to_wait(&now, snfq_timeout); 2022 time_left = cv_timedwait(&snfq->snfq_cv, 2023 &snfq->snfq_lock, now); 2024 snfq->snfq_idle_cnt--; 2025 2026 CALLB_CPR_SAFE_END(&cprinfo, &snfq->snfq_lock); 2027 } 2028 snfq->snfq_req_head = sr->sr_next; 2029 snfq->snfq_req_cnt--; 2030 mutex_exit(&snfq->snfq_lock); 2031 snf_async_read(sr); 2032 mutex_enter(&snfq->snfq_lock); 2033 } 2034 } 2035 2036 2037 snf_req_t * 2038 create_thread(int operation, struct vnode *vp, file_t *fp, 2039 u_offset_t fileoff, u_offset_t size) 2040 { 2041 snf_req_t *sr; 2042 stdata_t *stp; 2043 2044 sr = (snf_req_t *)kmem_zalloc(sizeof (snf_req_t), KM_SLEEP); 2045 2046 sr->sr_vp = vp; 2047 sr->sr_fp = fp; 2048 stp = vp->v_stream; 2049 2050 /* 2051 * store sd_qn_maxpsz into sr_maxpsz while we have stream head. 2052 * stream might be closed before thread returns from snf_async_read. 2053 */ 2054 if (stp->sd_qn_maxpsz > 0) { 2055 sr->sr_maxpsz = MIN(MAXBSIZE, stp->sd_qn_maxpsz); 2056 } else { 2057 sr->sr_maxpsz = MAXBSIZE; 2058 } 2059 2060 sr->sr_operation = operation; 2061 sr->sr_file_off = fileoff; 2062 sr->sr_file_size = size; 2063 sr->sr_hiwat = sendfile_req_hiwat; 2064 sr->sr_lowat = sendfile_req_lowat; 2065 mutex_init(&sr->sr_lock, NULL, MUTEX_DEFAULT, NULL); 2066 cv_init(&sr->sr_cv, NULL, CV_DEFAULT, NULL); 2067 /* 2068 * See whether we need another thread for servicing this 2069 * request. If there are already enough requests queued 2070 * for the threads, create one if not exceeding 2071 * snfq_max_threads. 2072 */ 2073 mutex_enter(&snfq->snfq_lock); 2074 if (snfq->snfq_req_cnt >= snfq->snfq_idle_cnt && 2075 snfq->snfq_svc_threads < snfq->snfq_max_threads) { 2076 (void) thread_create(NULL, 0, &snf_async_thread, 0, 0, &p0, 2077 TS_RUN, minclsyspri); 2078 snfq->snfq_svc_threads++; 2079 } 2080 if (snfq->snfq_req_head == NULL) { 2081 snfq->snfq_req_head = snfq->snfq_req_tail = sr; 2082 cv_signal(&snfq->snfq_cv); 2083 } else { 2084 snfq->snfq_req_tail->sr_next = sr; 2085 snfq->snfq_req_tail = sr; 2086 } 2087 snfq->snfq_req_cnt++; 2088 mutex_exit(&snfq->snfq_lock); 2089 return (sr); 2090 } 2091 2092 int 2093 snf_direct_io(file_t *fp, file_t *rfp, u_offset_t fileoff, u_offset_t size, 2094 ssize_t *count) 2095 { 2096 snf_req_t *sr; 2097 mblk_t *mp; 2098 int iosize; 2099 int error = 0; 2100 short fflag; 2101 struct vnode *vp; 2102 int ksize; 2103 2104 ksize = 0; 2105 *count = 0; 2106 2107 vp = fp->f_vnode; 2108 fflag = fp->f_flag; 2109 if ((sr = create_thread(READ_OP, vp, rfp, fileoff, size)) == NULL) 2110 return (EAGAIN); 2111 2112 /* 2113 * We check for read error in snf_deque. It has to check 2114 * for successful READ_DONE and return NULL, and we might 2115 * as well make an additional check there. 2116 */ 2117 while ((mp = snf_deque(sr)) != NULL) { 2118 2119 if (ISSIG(curthread, JUSTLOOKING)) { 2120 freeb(mp); 2121 error = EINTR; 2122 break; 2123 } 2124 iosize = MBLKL(mp); 2125 2126 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2127 freeb(mp); 2128 break; 2129 } 2130 ksize += iosize; 2131 } 2132 *count = ksize; 2133 2134 mutex_enter(&sr->sr_lock); 2135 sr->sr_write_error = error; 2136 /* Look at the big comments on why we cv_signal here. */ 2137 cv_signal(&sr->sr_cv); 2138 2139 /* Wait for the reader to complete always. */ 2140 while (!(sr->sr_read_error & SR_READ_DONE)) { 2141 cv_wait(&sr->sr_cv, &sr->sr_lock); 2142 } 2143 /* If there is no write error, check for read error. */ 2144 if (error == 0) 2145 error = (sr->sr_read_error & ~SR_READ_DONE); 2146 2147 if (error != 0) { 2148 mblk_t *next_mp; 2149 2150 mp = sr->sr_mp_head; 2151 while (mp != NULL) { 2152 next_mp = mp->b_next; 2153 mp->b_next = NULL; 2154 freeb(mp); 2155 mp = next_mp; 2156 } 2157 } 2158 mutex_exit(&sr->sr_lock); 2159 kmem_free(sr, sizeof (snf_req_t)); 2160 return (error); 2161 } 2162 2163 typedef struct { 2164 frtn_t snfi_frtn; 2165 caddr_t snfi_base; 2166 uint_t snfi_mapoff; 2167 size_t snfi_len; 2168 vnode_t *snfi_vp; 2169 } snf_smap_desbinfo; 2170 2171 /* 2172 * The callback function when the last ref of the mblk is dropped, 2173 * normally occurs when TCP receives the ack. But it can be the driver 2174 * too due to lazy reclaim. 2175 */ 2176 void 2177 snf_smap_desbfree(snf_smap_desbinfo *snfi) 2178 { 2179 if (!segmap_kpm) { 2180 /* 2181 * We don't need to call segmap_fault(F_SOFTUNLOCK) for 2182 * segmap_kpm as long as the latter never falls back to 2183 * "use_segmap_range". (See segmap_getmapflt().) 2184 * 2185 * Using S_OTHER saves an redundant hat_setref() in 2186 * segmap_unlock() 2187 */ 2188 (void) segmap_fault(kas.a_hat, segkmap, 2189 (caddr_t)(uintptr_t)(((uintptr_t)snfi->snfi_base + 2190 snfi->snfi_mapoff) & PAGEMASK), snfi->snfi_len, 2191 F_SOFTUNLOCK, S_OTHER); 2192 } 2193 (void) segmap_release(segkmap, snfi->snfi_base, SM_DONTNEED); 2194 VN_RELE(snfi->snfi_vp); 2195 kmem_free(snfi, sizeof (*snfi)); 2196 } 2197 2198 /* 2199 * Use segmap instead of bcopy to send down a chain of desballoca'ed, mblks. 2200 * Each mblk contains a segmap slot of no more than MAXBSIZE. The total 2201 * length of a chain is no more than sd_qn_maxpsz. 2202 * 2203 * At the end of the whole sendfile() operation, we wait till the data from 2204 * the last mblk is ack'ed by the transport before returning so that the 2205 * caller of sendfile() can safely modify the file content. 2206 */ 2207 int 2208 snf_segmap(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t size, 2209 uint_t maxpsz, ssize_t *count, boolean_t nowait) 2210 { 2211 caddr_t base; 2212 int mapoff; 2213 vnode_t *vp; 2214 mblk_t *mp, *mp1; 2215 int iosize, iosize1; 2216 int error; 2217 short fflag; 2218 int ksize; 2219 snf_smap_desbinfo *snfi; 2220 struct vattr va; 2221 boolean_t dowait = B_FALSE; 2222 2223 vp = fp->f_vnode; 2224 fflag = fp->f_flag; 2225 ksize = 0; 2226 for (;;) { 2227 if (ISSIG(curthread, JUSTLOOKING)) { 2228 error = EINTR; 2229 break; 2230 } 2231 iosize = 0; 2232 mp = NULL; 2233 do { 2234 mapoff = fileoff & MAXBOFFSET; 2235 iosize1 = MAXBSIZE - mapoff; 2236 if (iosize1 > size) 2237 iosize1 = size; 2238 /* 2239 * we don't forcefault because we'll call 2240 * segmap_fault(F_SOFTLOCK) next. 2241 * 2242 * S_READ will get the ref bit set (by either 2243 * segmap_getmapflt() or segmap_fault()) and page 2244 * shared locked. 2245 */ 2246 base = segmap_getmapflt(segkmap, fvp, fileoff, iosize1, 2247 segmap_kpm ? SM_FAULT : 0, S_READ); 2248 2249 snfi = kmem_alloc(sizeof (*snfi), KM_SLEEP); 2250 snfi->snfi_len = (size_t)roundup(mapoff+iosize1, 2251 PAGESIZE)- (mapoff & PAGEMASK); 2252 /* 2253 * We must call segmap_fault() even for segmap_kpm 2254 * because that's how error gets returned. 2255 * (segmap_getmapflt() never fails but segmap_fault() 2256 * does.) 2257 */ 2258 if (segmap_fault(kas.a_hat, segkmap, 2259 (caddr_t)(uintptr_t)(((uintptr_t)base + mapoff) & 2260 PAGEMASK), snfi->snfi_len, F_SOFTLOCK, 2261 S_READ) != 0) { 2262 (void) segmap_release(segkmap, base, 0); 2263 kmem_free(snfi, sizeof (*snfi)); 2264 freemsg(mp); 2265 error = EIO; 2266 goto out; 2267 } 2268 snfi->snfi_frtn.free_func = snf_smap_desbfree; 2269 snfi->snfi_frtn.free_arg = (caddr_t)snfi; 2270 snfi->snfi_base = base; 2271 snfi->snfi_mapoff = mapoff; 2272 mp1 = esballoca((uchar_t *)base + mapoff, 2273 iosize1, BPRI_HI, &snfi->snfi_frtn); 2274 2275 if (mp1 == NULL) { 2276 (void) segmap_fault(kas.a_hat, segkmap, 2277 (caddr_t)(uintptr_t)(((uintptr_t)base + 2278 mapoff) & PAGEMASK), snfi->snfi_len, 2279 F_SOFTUNLOCK, S_OTHER); 2280 (void) segmap_release(segkmap, base, 0); 2281 kmem_free(snfi, sizeof (*snfi)); 2282 freemsg(mp); 2283 error = EAGAIN; 2284 goto out; 2285 } 2286 VN_HOLD(fvp); 2287 snfi->snfi_vp = fvp; 2288 mp1->b_wptr += iosize1; 2289 2290 /* Mark this dblk with the zero-copy flag */ 2291 mp1->b_datap->db_struioflag |= STRUIO_ZC; 2292 if (mp == NULL) 2293 mp = mp1; 2294 else 2295 linkb(mp, mp1); 2296 iosize += iosize1; 2297 fileoff += iosize1; 2298 size -= iosize1; 2299 } while (iosize < maxpsz && size != 0); 2300 2301 if (size == 0 && !nowait) { 2302 ASSERT(!dowait); 2303 dowait = B_TRUE; 2304 mp1->b_datap->db_struioflag |= STRUIO_ZCNOTIFY; 2305 } 2306 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2307 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2308 *count = ksize; 2309 freemsg(mp); 2310 return (error); 2311 } 2312 ksize += iosize; 2313 if (size == 0) 2314 goto done; 2315 2316 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2317 va.va_mask = AT_SIZE; 2318 error = VOP_GETATTR(fvp, &va, 0, kcred, NULL); 2319 if (error) 2320 break; 2321 /* Read as much as possible. */ 2322 if (fileoff >= va.va_size) 2323 break; 2324 if (size + fileoff > va.va_size) 2325 size = va.va_size - fileoff; 2326 } 2327 out: 2328 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2329 done: 2330 *count = ksize; 2331 if (dowait) { 2332 stdata_t *stp; 2333 2334 stp = vp->v_stream; 2335 mutex_enter(&stp->sd_lock); 2336 while (!(stp->sd_flag & STZCNOTIFY)) { 2337 if (cv_wait_sig(&stp->sd_zcopy_wait, 2338 &stp->sd_lock) == 0) { 2339 error = EINTR; 2340 break; 2341 } 2342 } 2343 stp->sd_flag &= ~STZCNOTIFY; 2344 mutex_exit(&stp->sd_lock); 2345 } 2346 return (error); 2347 } 2348 2349 int 2350 snf_cache(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t size, 2351 uint_t maxpsz, ssize_t *count) 2352 { 2353 struct vnode *vp; 2354 mblk_t *mp; 2355 int iosize; 2356 int extra = 0; 2357 int error; 2358 short fflag; 2359 int ksize; 2360 int ioflag; 2361 struct uio auio; 2362 struct iovec aiov; 2363 struct vattr va; 2364 2365 vp = fp->f_vnode; 2366 if (vp->v_type == VSOCK) { 2367 stdata_t *stp; 2368 2369 /* 2370 * Get the extra space to insert a header and a trailer. 2371 */ 2372 stp = vp->v_stream; 2373 extra = (int)(stp->sd_wroff + stp->sd_tail); 2374 } 2375 2376 fflag = fp->f_flag; 2377 ksize = 0; 2378 auio.uio_iov = &aiov; 2379 auio.uio_iovcnt = 1; 2380 auio.uio_segflg = UIO_SYSSPACE; 2381 auio.uio_llimit = MAXOFFSET_T; 2382 auio.uio_fmode = fflag; 2383 auio.uio_extflg = UIO_COPY_CACHED; 2384 ioflag = auio.uio_fmode & (FSYNC|FDSYNC|FRSYNC); 2385 /* If read sync is not asked for, filter sync flags */ 2386 if ((ioflag & FRSYNC) == 0) 2387 ioflag &= ~(FSYNC|FDSYNC); 2388 for (;;) { 2389 if (ISSIG(curthread, JUSTLOOKING)) { 2390 error = EINTR; 2391 break; 2392 } 2393 iosize = (int)MIN(maxpsz, size); 2394 if ((mp = allocb(iosize + extra, BPRI_MED)) == NULL) { 2395 error = EAGAIN; 2396 break; 2397 } 2398 aiov.iov_base = (caddr_t)mp->b_rptr; 2399 aiov.iov_len = iosize; 2400 auio.uio_loffset = fileoff; 2401 auio.uio_resid = iosize; 2402 2403 error = VOP_READ(fvp, &auio, ioflag, fp->f_cred, NULL); 2404 iosize -= auio.uio_resid; 2405 2406 if (error == EINTR && iosize != 0) 2407 error = 0; 2408 2409 if (error != 0 || iosize == 0) { 2410 freeb(mp); 2411 break; 2412 } 2413 mp->b_wptr = mp->b_rptr + iosize; 2414 2415 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2416 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2417 *count = ksize; 2418 freeb(mp); 2419 return (error); 2420 } 2421 ksize += iosize; 2422 size -= iosize; 2423 if (size == 0) 2424 goto done; 2425 2426 fileoff += iosize; 2427 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2428 va.va_mask = AT_SIZE; 2429 error = VOP_GETATTR(fvp, &va, 0, kcred, NULL); 2430 if (error) 2431 break; 2432 /* Read as much as possible. */ 2433 if (fileoff >= va.va_size) 2434 size = 0; 2435 else if (size + fileoff > va.va_size) 2436 size = va.va_size - fileoff; 2437 } 2438 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2439 done: 2440 *count = ksize; 2441 return (error); 2442 } 2443 2444 #if defined(_SYSCALL32_IMPL) || defined(_ILP32) 2445 /* 2446 * Largefile support for 32 bit applications only. 2447 */ 2448 int 2449 sosendfile64(file_t *fp, file_t *rfp, const struct ksendfilevec64 *sfv, 2450 ssize32_t *count32) 2451 { 2452 ssize32_t sfv_len; 2453 u_offset_t sfv_off, va_size; 2454 struct vnode *vp, *fvp, *realvp; 2455 struct vattr va; 2456 stdata_t *stp; 2457 ssize_t count = 0; 2458 int error = 0; 2459 boolean_t dozcopy = B_FALSE; 2460 uint_t maxpsz; 2461 2462 sfv_len = (ssize32_t)sfv->sfv_len; 2463 if (sfv_len < 0) { 2464 error = EINVAL; 2465 goto out; 2466 } 2467 2468 if (sfv_len == 0) goto out; 2469 2470 sfv_off = (u_offset_t)sfv->sfv_off; 2471 2472 /* Same checks as in pread */ 2473 if (sfv_off > MAXOFFSET_T) { 2474 error = EINVAL; 2475 goto out; 2476 } 2477 if (sfv_off + sfv_len > MAXOFFSET_T) 2478 sfv_len = (ssize32_t)(MAXOFFSET_T - sfv_off); 2479 2480 /* 2481 * There are no more checks on sfv_len. So, we cast it to 2482 * u_offset_t and share the snf_direct_io/snf_cache code between 2483 * 32 bit and 64 bit. 2484 * 2485 * TODO: should do nbl_need_check() like read()? 2486 */ 2487 if (sfv_len > sendfile_max_size) { 2488 sf_stats.ss_file_not_cached++; 2489 error = snf_direct_io(fp, rfp, sfv_off, (u_offset_t)sfv_len, 2490 &count); 2491 goto out; 2492 } 2493 fvp = rfp->f_vnode; 2494 if (VOP_REALVP(fvp, &realvp, NULL) == 0) 2495 fvp = realvp; 2496 /* 2497 * Grab the lock as a reader to prevent the file size 2498 * from changing underneath. 2499 */ 2500 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2501 va.va_mask = AT_SIZE; 2502 error = VOP_GETATTR(fvp, &va, 0, kcred, NULL); 2503 va_size = va.va_size; 2504 if ((error != 0) || (va_size == 0) || (sfv_off >= va_size)) { 2505 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2506 goto out; 2507 } 2508 /* Read as much as possible. */ 2509 if (sfv_off + sfv_len > va_size) 2510 sfv_len = va_size - sfv_off; 2511 2512 vp = fp->f_vnode; 2513 stp = vp->v_stream; 2514 if (stp->sd_qn_maxpsz == INFPSZ) 2515 maxpsz = maxphys; 2516 else 2517 maxpsz = roundup(stp->sd_qn_maxpsz, MAXBSIZE); 2518 /* 2519 * When the NOWAIT flag is not set, we enable zero-copy only if the 2520 * transfer size is large enough. This prevents performance loss 2521 * when the caller sends the file piece by piece. 2522 */ 2523 if (sfv_len >= MAXBSIZE && (sfv_len >= (va_size >> 1) || 2524 (sfv->sfv_flag & SFV_NOWAIT) || sfv_len >= 0x1000000) && 2525 !vn_has_flocks(fvp) && !(fvp->v_flag & VNOMAP)) { 2526 if ((stp->sd_copyflag & (STZCVMSAFE|STZCVMUNSAFE)) == 0) { 2527 int on = 1; 2528 2529 if (SOP_SETSOCKOPT(VTOSO(vp), SOL_SOCKET, 2530 SO_SND_COPYAVOID, &on, sizeof (on)) == 0) 2531 dozcopy = B_TRUE; 2532 } else { 2533 dozcopy = (stp->sd_copyflag & STZCVMSAFE); 2534 } 2535 } 2536 if (dozcopy) { 2537 sf_stats.ss_file_segmap++; 2538 error = snf_segmap(fp, fvp, sfv_off, (u_offset_t)sfv_len, 2539 maxpsz, &count, ((sfv->sfv_flag & SFV_NOWAIT) != 0)); 2540 } else { 2541 sf_stats.ss_file_cached++; 2542 error = snf_cache(fp, fvp, sfv_off, (u_offset_t)sfv_len, 2543 maxpsz, &count); 2544 } 2545 out: 2546 releasef(sfv->sfv_fd); 2547 *count32 = (ssize32_t)count; 2548 return (error); 2549 } 2550 #endif 2551 2552 #ifdef _SYSCALL32_IMPL 2553 /* 2554 * recv32(), recvfrom32(), send32(), sendto32(): intentionally return a 2555 * ssize_t rather than ssize32_t; see the comments above read32 for details. 2556 */ 2557 2558 ssize_t 2559 recv32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags) 2560 { 2561 return (recv(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags)); 2562 } 2563 2564 ssize_t 2565 recvfrom32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags, 2566 caddr32_t name, caddr32_t namelenp) 2567 { 2568 return (recvfrom(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags, 2569 (void *)(uintptr_t)name, (void *)(uintptr_t)namelenp)); 2570 } 2571 2572 ssize_t 2573 send32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags) 2574 { 2575 return (send(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags)); 2576 } 2577 2578 ssize_t 2579 sendto32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags, 2580 caddr32_t name, socklen_t namelen) 2581 { 2582 return (sendto(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags, 2583 (void *)(uintptr_t)name, namelen)); 2584 } 2585 #endif /* _SYSCALL32_IMPL */ 2586 2587 /* 2588 * Function wrappers (mostly around the sonode switch) for 2589 * backward compatibility. 2590 */ 2591 2592 int 2593 soaccept(struct sonode *so, int fflag, struct sonode **nsop) 2594 { 2595 return (SOP_ACCEPT(so, fflag, nsop)); 2596 } 2597 2598 int 2599 sobind(struct sonode *so, struct sockaddr *name, socklen_t namelen, 2600 int backlog, int flags) 2601 { 2602 int error; 2603 2604 error = SOP_BIND(so, name, namelen, flags); 2605 if (error == 0 && backlog != 0) 2606 return (SOP_LISTEN(so, backlog)); 2607 2608 return (error); 2609 } 2610 2611 int 2612 solisten(struct sonode *so, int backlog) 2613 { 2614 return (SOP_LISTEN(so, backlog)); 2615 } 2616 2617 int 2618 soconnect(struct sonode *so, const struct sockaddr *name, socklen_t namelen, 2619 int fflag, int flags) 2620 { 2621 return (SOP_CONNECT(so, name, namelen, fflag, flags)); 2622 } 2623 2624 int 2625 sorecvmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop) 2626 { 2627 return (SOP_RECVMSG(so, msg, uiop)); 2628 } 2629 2630 int 2631 sosendmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop) 2632 { 2633 return (SOP_SENDMSG(so, msg, uiop)); 2634 } 2635 2636 int 2637 sogetpeername(struct sonode *so) 2638 { 2639 return (SOP_GETPEERNAME(so)); 2640 } 2641 2642 int 2643 sogetsockname(struct sonode *so) 2644 { 2645 return (SOP_GETSOCKNAME(so)); 2646 } 2647 2648 int 2649 soshutdown(struct sonode *so, int how) 2650 { 2651 return (SOP_SHUTDOWN(so, how)); 2652 } 2653 2654 int 2655 sogetsockopt(struct sonode *so, int level, int option_name, void *optval, 2656 socklen_t *optlenp, int flags) 2657 { 2658 return (SOP_GETSOCKOPT(so, level, option_name, optval, optlenp, 2659 flags)); 2660 } 2661 2662 int 2663 sosetsockopt(struct sonode *so, int level, int option_name, const void *optval, 2664 t_uscalar_t optlen) 2665 { 2666 return (SOP_SETSOCKOPT(so, level, option_name, optval, optlen)); 2667 } 2668 2669 /* 2670 * Because this is backward compatibility interface it only needs to be 2671 * able to handle the creation of TPI sockfs sockets. 2672 */ 2673 struct sonode * 2674 socreate(vnode_t *accessvp, int domain, int type, int protocol, int version, 2675 struct sonode *tso, int *errorp) 2676 { 2677 return (sotpi_create(accessvp, domain, type, protocol, version, tso, 2678 errorp)); 2679 } 2680