1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/t_lock.h> 31 #include <sys/param.h> 32 #include <sys/systm.h> 33 #include <sys/buf.h> 34 #include <sys/conf.h> 35 #include <sys/cred.h> 36 #include <sys/kmem.h> 37 #include <sys/sysmacros.h> 38 #include <sys/vfs.h> 39 #include <sys/vnode.h> 40 #include <sys/debug.h> 41 #include <sys/errno.h> 42 #include <sys/time.h> 43 #include <sys/file.h> 44 #include <sys/open.h> 45 #include <sys/user.h> 46 #include <sys/termios.h> 47 #include <sys/stream.h> 48 #include <sys/strsubr.h> 49 #include <sys/strsun.h> 50 #include <sys/esunddi.h> 51 #include <sys/flock.h> 52 #include <sys/modctl.h> 53 #include <sys/cmn_err.h> 54 #include <sys/vmsystm.h> 55 #include <sys/policy.h> 56 57 #include <sys/socket.h> 58 #include <sys/socketvar.h> 59 #include <netinet/in.h> 60 #include <sys/un.h> 61 #include <inet/nca/ncadoorhdr.h> 62 63 #include <sys/isa_defs.h> 64 #include <sys/inttypes.h> 65 #include <sys/systm.h> 66 #include <sys/cpuvar.h> 67 #include <sys/atomic.h> 68 #include <sys/filio.h> 69 #include <sys/sendfile.h> 70 #include <sys/ddi.h> 71 #include <vm/seg.h> 72 #include <vm/seg_map.h> 73 #include <vm/seg_kpm.h> 74 #include <fs/sockfs/nl7c.h> 75 76 #ifdef SOCK_TEST 77 int do_useracc = 1; /* Controlled by setting SO_DEBUG to 4 */ 78 #else 79 #define do_useracc 1 80 #endif /* SOCK_TEST */ 81 82 extern int xnet_truncate_print; 83 84 /* 85 * Note: DEF_IOV_MAX is defined and used as it is in "fs/vncalls.c" 86 * as there isn't a formal definition of IOV_MAX ??? 87 */ 88 #define MSG_MAXIOVLEN 16 89 90 /* 91 * Kernel component of socket creation. 92 * 93 * The socket library determines which version number to use. 94 * First the library calls this with a NULL devpath. If this fails 95 * to find a transport (using solookup) the library will look in /etc/netconfig 96 * for the appropriate transport. If one is found it will pass in the 97 * devpath for the kernel to use. 98 */ 99 int 100 so_socket(int domain, int type, int protocol, char *devpath, int version) 101 { 102 vnode_t *accessvp; 103 struct sonode *so; 104 vnode_t *vp; 105 struct file *fp; 106 int fd; 107 int error; 108 boolean_t wildcard = B_FALSE; 109 int saved_error = 0; 110 int sdomain = domain; 111 112 dprint(1, ("so_socket(%d,%d,%d,%p,%d)\n", 113 domain, type, protocol, devpath, version)); 114 115 if (domain == AF_NCA) { 116 /* 117 * The request is for an NCA socket so for NL7C use the 118 * INET domain instead and mark NL7C_AF_NCA below. 119 */ 120 domain = AF_INET; 121 /* 122 * NL7C is not supported in non-global zones, 123 * we enforce this restriction here. 124 */ 125 if (getzoneid() != GLOBAL_ZONEID) { 126 return (set_errno(ENOTSUP)); 127 } 128 } 129 130 accessvp = solookup(domain, type, protocol, devpath, &error); 131 if (accessvp == NULL) { 132 /* 133 * If there is either an EPROTONOSUPPORT or EPROTOTYPE error 134 * it makes sense doing the wildcard lookup since the 135 * protocol might not be in the table. 136 */ 137 if (devpath != NULL || protocol == 0 || 138 !(error == EPROTONOSUPPORT || error == EPROTOTYPE)) 139 return (set_errno(error)); 140 141 saved_error = error; 142 143 /* 144 * Try wildcard lookup. Never use devpath for wildcards. 145 */ 146 accessvp = solookup(domain, type, 0, NULL, &error); 147 if (accessvp == NULL) { 148 /* 149 * Can't find in kernel table - have library 150 * fall back to /etc/netconfig and tell us 151 * the devpath (The library will do this if it didn't 152 * already pass in a devpath). 153 */ 154 if (saved_error != 0) 155 error = saved_error; 156 return (set_errno(error)); 157 } 158 wildcard = B_TRUE; 159 } 160 161 /* Check the device policy */ 162 if ((error = secpolicy_spec_open(CRED(), 163 accessvp, FREAD|FWRITE)) != 0) { 164 return (set_errno(error)); 165 } 166 167 if (protocol == IPPROTO_SCTP) { 168 so = sosctp_create(accessvp, domain, type, protocol, version, 169 NULL, &error); 170 } else { 171 so = sotpi_create(accessvp, domain, type, protocol, version, 172 NULL, &error); 173 } 174 if (so == NULL) { 175 return (set_errno(error)); 176 } 177 if (sdomain == AF_NCA && domain == AF_INET) { 178 so->so_nl7c_flags = NL7C_AF_NCA; 179 } 180 vp = SOTOV(so); 181 182 if (wildcard) { 183 /* 184 * Issue SO_PROTOTYPE setsockopt. 185 */ 186 error = SOP_SETSOCKOPT(so, SOL_SOCKET, SO_PROTOTYPE, 187 &protocol, 188 (t_uscalar_t)sizeof (protocol)); 189 if (error) { 190 (void) VOP_CLOSE(vp, 0, 1, 0, CRED()); 191 VN_RELE(vp); 192 /* 193 * Setsockopt often fails with ENOPROTOOPT but socket() 194 * should fail with EPROTONOSUPPORT/EPROTOTYPE. 195 */ 196 if (saved_error != 0 && error == ENOPROTOOPT) 197 error = saved_error; 198 else 199 error = EPROTONOSUPPORT; 200 return (set_errno(error)); 201 } 202 } 203 if (error = falloc(vp, FWRITE|FREAD, &fp, &fd)) { 204 (void) VOP_CLOSE(vp, 0, 1, 0, CRED()); 205 VN_RELE(vp); 206 return (set_errno(error)); 207 } 208 209 /* 210 * Now fill in the entries that falloc reserved 211 */ 212 mutex_exit(&fp->f_tlock); 213 setf(fd, fp); 214 215 return (fd); 216 } 217 218 /* 219 * Map from a file descriptor to a socket node. 220 * Returns with the file descriptor held i.e. the caller has to 221 * use releasef when done with the file descriptor. 222 */ 223 static struct sonode * 224 getsonode(int sock, int *errorp, file_t **fpp) 225 { 226 file_t *fp; 227 vnode_t *vp; 228 struct sonode *so; 229 230 if ((fp = getf(sock)) == NULL) { 231 *errorp = EBADF; 232 eprintline(*errorp); 233 return (NULL); 234 } 235 vp = fp->f_vnode; 236 /* Check if it is a socket */ 237 if (vp->v_type != VSOCK) { 238 releasef(sock); 239 *errorp = ENOTSOCK; 240 eprintline(*errorp); 241 return (NULL); 242 } 243 /* 244 * Use the stream head to find the real socket vnode. 245 * This is needed when namefs sits above sockfs. 246 */ 247 if (vp->v_stream) { 248 ASSERT(vp->v_stream->sd_vnode); 249 vp = vp->v_stream->sd_vnode; 250 251 so = VTOSO(vp); 252 if (so->so_version == SOV_STREAM) { 253 releasef(sock); 254 *errorp = ENOTSOCK; 255 eprintsoline(so, *errorp); 256 return (NULL); 257 } 258 } else { 259 so = VTOSO(vp); 260 } 261 if (fpp) 262 *fpp = fp; 263 return (so); 264 } 265 266 /* 267 * Allocate and copyin a sockaddr. 268 * Ensures NULL termination for AF_UNIX addresses by extending them 269 * with one NULL byte if need be. Verifies that the length is not 270 * excessive to prevent an application from consuming all of kernel 271 * memory. Returns NULL when an error occurred. 272 */ 273 static struct sockaddr * 274 copyin_name(struct sonode *so, struct sockaddr *name, socklen_t *namelenp, 275 int *errorp) 276 { 277 char *faddr; 278 size_t namelen = (size_t)*namelenp; 279 280 ASSERT(namelen != 0); 281 if (namelen > SO_MAXARGSIZE) { 282 *errorp = EINVAL; 283 eprintsoline(so, *errorp); 284 return (NULL); 285 } 286 287 faddr = (char *)kmem_alloc(namelen, KM_SLEEP); 288 if (copyin(name, faddr, namelen)) { 289 kmem_free(faddr, namelen); 290 *errorp = EFAULT; 291 eprintsoline(so, *errorp); 292 return (NULL); 293 } 294 295 /* 296 * Add space for NULL termination if needed. 297 * Do a quick check if the last byte is NUL. 298 */ 299 if (so->so_family == AF_UNIX && faddr[namelen - 1] != '\0') { 300 /* Check if there is any NULL termination */ 301 size_t i; 302 int foundnull = 0; 303 304 for (i = sizeof (name->sa_family); i < namelen; i++) { 305 if (faddr[i] == '\0') { 306 foundnull = 1; 307 break; 308 } 309 } 310 if (!foundnull) { 311 /* Add extra byte for NUL padding */ 312 char *nfaddr; 313 314 nfaddr = (char *)kmem_alloc(namelen + 1, KM_SLEEP); 315 bcopy(faddr, nfaddr, namelen); 316 kmem_free(faddr, namelen); 317 318 /* NUL terminate */ 319 nfaddr[namelen] = '\0'; 320 namelen++; 321 ASSERT((socklen_t)namelen == namelen); 322 *namelenp = (socklen_t)namelen; 323 faddr = nfaddr; 324 } 325 } 326 return ((struct sockaddr *)faddr); 327 } 328 329 /* 330 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL. 331 */ 332 static int 333 copyout_arg(void *uaddr, socklen_t ulen, void *ulenp, 334 void *kaddr, socklen_t klen) 335 { 336 if (uaddr != NULL) { 337 if (ulen > klen) 338 ulen = klen; 339 340 if (ulen != 0) { 341 if (copyout(kaddr, uaddr, ulen)) 342 return (EFAULT); 343 } 344 } else 345 ulen = 0; 346 347 if (ulenp != NULL) { 348 if (copyout(&ulen, ulenp, sizeof (ulen))) 349 return (EFAULT); 350 } 351 return (0); 352 } 353 354 /* 355 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL. 356 * If klen is greater than ulen it still uses the non-truncated 357 * klen to update ulenp. 358 */ 359 static int 360 copyout_name(void *uaddr, socklen_t ulen, void *ulenp, 361 void *kaddr, socklen_t klen) 362 { 363 if (uaddr != NULL) { 364 if (ulen >= klen) 365 ulen = klen; 366 else if (ulen != 0 && xnet_truncate_print) { 367 printf("sockfs: truncating copyout of address using " 368 "XNET semantics for pid = %d. Lengths %d, %d\n", 369 curproc->p_pid, klen, ulen); 370 } 371 372 if (ulen != 0) { 373 if (copyout(kaddr, uaddr, ulen)) 374 return (EFAULT); 375 } else 376 klen = 0; 377 } else 378 klen = 0; 379 380 if (ulenp != NULL) { 381 if (copyout(&klen, ulenp, sizeof (klen))) 382 return (EFAULT); 383 } 384 return (0); 385 } 386 387 /* 388 * The socketpair() code in libsocket creates two sockets (using 389 * the /etc/netconfig fallback if needed) before calling this routine 390 * to connect the two sockets together. 391 * 392 * For a SOCK_STREAM socketpair a listener is needed - in that case this 393 * routine will create a new file descriptor as part of accepting the 394 * connection. The library socketpair() will check if svs[2] has changed 395 * in which case it will close the changed fd. 396 * 397 * Note that this code could use the TPI feature of accepting the connection 398 * on the listening endpoint. However, that would require significant changes 399 * to soaccept. 400 */ 401 int 402 so_socketpair(int sv[2]) 403 { 404 int svs[2]; 405 struct sonode *so1, *so2; 406 int error; 407 struct sockaddr_ux *name; 408 size_t namelen; 409 410 dprint(1, ("so_socketpair(%p)\n", sv)); 411 412 error = useracc(sv, sizeof (svs), B_WRITE); 413 if (error && do_useracc) 414 return (set_errno(EFAULT)); 415 416 if (copyin(sv, svs, sizeof (svs))) 417 return (set_errno(EFAULT)); 418 419 if ((so1 = getsonode(svs[0], &error, NULL)) == NULL) 420 return (set_errno(error)); 421 422 if ((so2 = getsonode(svs[1], &error, NULL)) == NULL) { 423 releasef(svs[0]); 424 return (set_errno(error)); 425 } 426 427 if (so1->so_family != AF_UNIX || so2->so_family != AF_UNIX) { 428 error = EOPNOTSUPP; 429 goto done; 430 } 431 432 /* 433 * The code below makes assumptions about the "sockfs" implementation. 434 * So make sure that the correct implementation is really used. 435 */ 436 ASSERT(so1->so_ops == &sotpi_sonodeops); 437 ASSERT(so2->so_ops == &sotpi_sonodeops); 438 439 if (so1->so_type == SOCK_DGRAM) { 440 /* 441 * Bind both sockets and connect them with each other. 442 * Need to allocate name/namelen for soconnect. 443 */ 444 error = SOP_BIND(so1, NULL, 0, _SOBIND_UNSPEC); 445 if (error) { 446 eprintsoline(so1, error); 447 goto done; 448 } 449 error = SOP_BIND(so2, NULL, 0, _SOBIND_UNSPEC); 450 if (error) { 451 eprintsoline(so2, error); 452 goto done; 453 } 454 namelen = sizeof (struct sockaddr_ux); 455 name = kmem_alloc(namelen, KM_SLEEP); 456 name->sou_family = AF_UNIX; 457 name->sou_addr = so2->so_ux_laddr; 458 error = SOP_CONNECT(so1, 459 (struct sockaddr *)name, 460 (socklen_t)namelen, 461 0, _SOCONNECT_NOXLATE); 462 if (error) { 463 kmem_free(name, namelen); 464 eprintsoline(so1, error); 465 goto done; 466 } 467 name->sou_addr = so1->so_ux_laddr; 468 error = SOP_CONNECT(so2, 469 (struct sockaddr *)name, 470 (socklen_t)namelen, 471 0, _SOCONNECT_NOXLATE); 472 kmem_free(name, namelen); 473 if (error) { 474 eprintsoline(so2, error); 475 goto done; 476 } 477 releasef(svs[0]); 478 releasef(svs[1]); 479 } else { 480 /* 481 * Bind both sockets, with so1 being a listener. 482 * Connect so2 to so1 - nonblocking to avoid waiting for 483 * soaccept to complete. 484 * Accept a connection on so1. Pass out the new fd as sv[0]. 485 * The library will detect the changed fd and close 486 * the original one. 487 */ 488 struct sonode *nso; 489 struct vnode *nvp; 490 struct file *nfp; 491 int nfd; 492 493 /* 494 * We could simply call SOP_LISTEN() here (which would do the 495 * binding automatically) if the code didn't rely on passing 496 * _SOBIND_NOXLATE to the TPI implementation of SOP_BIND(). 497 */ 498 error = SOP_BIND(so1, NULL, 0, _SOBIND_UNSPEC|_SOBIND_NOXLATE| 499 _SOBIND_LISTEN|_SOBIND_SOCKETPAIR); 500 if (error) { 501 eprintsoline(so1, error); 502 goto done; 503 } 504 error = SOP_BIND(so2, NULL, 0, _SOBIND_UNSPEC); 505 if (error) { 506 eprintsoline(so2, error); 507 goto done; 508 } 509 510 namelen = sizeof (struct sockaddr_ux); 511 name = kmem_alloc(namelen, KM_SLEEP); 512 name->sou_family = AF_UNIX; 513 name->sou_addr = so1->so_ux_laddr; 514 error = SOP_CONNECT(so2, 515 (struct sockaddr *)name, 516 (socklen_t)namelen, 517 FNONBLOCK, _SOCONNECT_NOXLATE); 518 kmem_free(name, namelen); 519 if (error) { 520 if (error != EINPROGRESS) { 521 eprintsoline(so2, error); 522 goto done; 523 } 524 } 525 526 error = SOP_ACCEPT(so1, 0, &nso); 527 if (error) { 528 eprintsoline(so1, error); 529 goto done; 530 } 531 532 /* wait for so2 being SS_CONNECTED ignoring signals */ 533 mutex_enter(&so2->so_lock); 534 error = sowaitconnected(so2, 0, 1); 535 mutex_exit(&so2->so_lock); 536 nvp = SOTOV(nso); 537 if (error != 0) { 538 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED()); 539 VN_RELE(nvp); 540 eprintsoline(so2, error); 541 goto done; 542 } 543 544 if (error = falloc(nvp, FWRITE|FREAD, &nfp, &nfd)) { 545 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED()); 546 VN_RELE(nvp); 547 eprintsoline(nso, error); 548 goto done; 549 } 550 /* 551 * fill in the entries that falloc reserved 552 */ 553 mutex_exit(&nfp->f_tlock); 554 setf(nfd, nfp); 555 556 releasef(svs[0]); 557 releasef(svs[1]); 558 svs[0] = nfd; 559 560 /* 561 * The socketpair library routine will close the original 562 * svs[0] when this code passes out a different file 563 * descriptor. 564 */ 565 if (copyout(svs, sv, sizeof (svs))) { 566 (void) closeandsetf(nfd, NULL); 567 eprintline(EFAULT); 568 return (set_errno(EFAULT)); 569 } 570 } 571 return (0); 572 573 done: 574 releasef(svs[0]); 575 releasef(svs[1]); 576 return (set_errno(error)); 577 } 578 579 int 580 bind(int sock, struct sockaddr *name, socklen_t namelen, int version) 581 { 582 struct sonode *so; 583 int error; 584 585 dprint(1, ("bind(%d, %p, %d)\n", 586 sock, name, namelen)); 587 588 if ((so = getsonode(sock, &error, NULL)) == NULL) 589 return (set_errno(error)); 590 591 /* Allocate and copyin name */ 592 /* 593 * X/Open test does not expect EFAULT with NULL name and non-zero 594 * namelen. 595 */ 596 if (name != NULL && namelen != 0) { 597 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 598 name = copyin_name(so, name, &namelen, &error); 599 if (name == NULL) { 600 releasef(sock); 601 return (set_errno(error)); 602 } 603 } else { 604 name = NULL; 605 namelen = 0; 606 } 607 608 switch (version) { 609 default: 610 error = SOP_BIND(so, name, namelen, 0); 611 break; 612 case SOV_XPG4_2: 613 error = SOP_BIND(so, name, namelen, _SOBIND_XPG4_2); 614 break; 615 case SOV_SOCKBSD: 616 error = SOP_BIND(so, name, namelen, _SOBIND_SOCKBSD); 617 break; 618 } 619 done: 620 releasef(sock); 621 if (name != NULL) 622 kmem_free(name, (size_t)namelen); 623 624 if (error) 625 return (set_errno(error)); 626 return (0); 627 } 628 629 /* ARGSUSED2 */ 630 int 631 listen(int sock, int backlog, int version) 632 { 633 struct sonode *so; 634 int error; 635 636 dprint(1, ("listen(%d, %d)\n", 637 sock, backlog)); 638 639 if ((so = getsonode(sock, &error, NULL)) == NULL) 640 return (set_errno(error)); 641 642 error = SOP_LISTEN(so, backlog); 643 644 releasef(sock); 645 if (error) 646 return (set_errno(error)); 647 return (0); 648 } 649 650 /*ARGSUSED3*/ 651 int 652 accept(int sock, struct sockaddr *name, socklen_t *namelenp, int version) 653 { 654 struct sonode *so; 655 file_t *fp; 656 int error; 657 socklen_t namelen; 658 struct sonode *nso; 659 struct vnode *nvp; 660 struct file *nfp; 661 int nfd; 662 663 dprint(1, ("accept(%d, %p, %p)\n", 664 sock, name, namelenp)); 665 666 if ((so = getsonode(sock, &error, &fp)) == NULL) 667 return (set_errno(error)); 668 669 if (name != NULL) { 670 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 671 if (copyin(namelenp, &namelen, sizeof (namelen))) { 672 releasef(sock); 673 return (set_errno(EFAULT)); 674 } 675 if (namelen != 0) { 676 error = useracc(name, (size_t)namelen, B_WRITE); 677 if (error && do_useracc) { 678 releasef(sock); 679 return (set_errno(EFAULT)); 680 } 681 } else 682 name = NULL; 683 } else { 684 namelen = 0; 685 } 686 687 /* 688 * Allocate the user fd before SOP_ACCEPT() in order to 689 * catch EMFILE errors before calling SOP_ACCEPT(). 690 */ 691 if ((nfd = ufalloc(0)) == -1) { 692 eprintsoline(so, EMFILE); 693 releasef(sock); 694 return (set_errno(EMFILE)); 695 } 696 error = SOP_ACCEPT(so, fp->f_flag, &nso); 697 releasef(sock); 698 if (error) { 699 setf(nfd, NULL); 700 return (set_errno(error)); 701 } 702 703 nvp = SOTOV(nso); 704 705 /* 706 * so_faddr_sa can not go away even though we are not holding so_lock. 707 * However, in theory its content could change from underneath us. 708 * But this is not possible in practice since it can only 709 * change due to either some socket system call 710 * or due to a T_CONN_CON being received from the stream head. 711 * Since the falloc/setf have not yet been done no thread 712 * can do any system call on nso and T_CONN_CON can not arrive 713 * on a socket that is already connected. 714 * Thus there is no reason to hold so_lock here. 715 * 716 * SOP_ACCEPT() is required to have set the valid bit for the faddr, 717 * but it could be instantly cleared by a disconnect from the transport. 718 * For that reason we ignore it here. 719 */ 720 ASSERT(MUTEX_NOT_HELD(&nso->so_lock)); 721 error = copyout_name(name, namelen, namelenp, 722 nso->so_faddr_sa, (socklen_t)nso->so_faddr_len); 723 if (error) { 724 setf(nfd, NULL); 725 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED()); 726 VN_RELE(nvp); 727 return (set_errno(error)); 728 } 729 if (error = falloc(NULL, FWRITE|FREAD, &nfp, NULL)) { 730 setf(nfd, NULL); 731 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED()); 732 VN_RELE(nvp); 733 eprintsoline(so, error); 734 return (set_errno(error)); 735 } 736 /* 737 * fill in the entries that falloc reserved 738 */ 739 nfp->f_vnode = nvp; 740 mutex_exit(&nfp->f_tlock); 741 setf(nfd, nfp); 742 743 /* 744 * Copy FNDELAY and FNONBLOCK from listener to acceptor 745 */ 746 if (so->so_state & (SS_NDELAY|SS_NONBLOCK)) { 747 uint_t oflag = nfp->f_flag; 748 int arg = 0; 749 750 if (so->so_state & SS_NONBLOCK) 751 arg |= FNONBLOCK; 752 else if (so->so_state & SS_NDELAY) 753 arg |= FNDELAY; 754 755 /* 756 * This code is a simplification of the F_SETFL code in fcntl() 757 * Ignore any errors from VOP_SETFL. 758 */ 759 if ((error = VOP_SETFL(nvp, oflag, arg, nfp->f_cred)) != 0) { 760 eprintsoline(so, error); 761 error = 0; 762 } else { 763 mutex_enter(&nfp->f_tlock); 764 nfp->f_flag &= ~FMASK | (FREAD|FWRITE); 765 nfp->f_flag |= arg; 766 mutex_exit(&nfp->f_tlock); 767 } 768 } 769 return (nfd); 770 } 771 772 int 773 connect(int sock, struct sockaddr *name, socklen_t namelen, int version) 774 { 775 struct sonode *so; 776 file_t *fp; 777 int error; 778 779 dprint(1, ("connect(%d, %p, %d)\n", 780 sock, name, namelen)); 781 782 if ((so = getsonode(sock, &error, &fp)) == NULL) 783 return (set_errno(error)); 784 785 /* Allocate and copyin name */ 786 if (namelen != 0) { 787 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 788 name = copyin_name(so, name, &namelen, &error); 789 if (name == NULL) { 790 releasef(sock); 791 return (set_errno(error)); 792 } 793 } else 794 name = NULL; 795 796 error = SOP_CONNECT(so, name, namelen, fp->f_flag, 797 (version != SOV_XPG4_2) ? 0 : _SOCONNECT_XPG4_2); 798 releasef(sock); 799 if (name) 800 kmem_free(name, (size_t)namelen); 801 if (error) 802 return (set_errno(error)); 803 return (0); 804 } 805 806 /*ARGSUSED2*/ 807 int 808 shutdown(int sock, int how, int version) 809 { 810 struct sonode *so; 811 int error; 812 813 dprint(1, ("shutdown(%d, %d)\n", 814 sock, how)); 815 816 if ((so = getsonode(sock, &error, NULL)) == NULL) 817 return (set_errno(error)); 818 819 error = SOP_SHUTDOWN(so, how); 820 821 releasef(sock); 822 if (error) 823 return (set_errno(error)); 824 return (0); 825 } 826 827 /* 828 * Common receive routine. 829 */ 830 static ssize_t 831 recvit(int sock, 832 struct nmsghdr *msg, 833 struct uio *uiop, 834 int flags, 835 socklen_t *namelenp, 836 socklen_t *controllenp, 837 int *flagsp) 838 { 839 struct sonode *so; 840 file_t *fp; 841 void *name; 842 socklen_t namelen; 843 void *control; 844 socklen_t controllen; 845 ssize_t len; 846 int error; 847 848 if ((so = getsonode(sock, &error, &fp)) == NULL) 849 return (set_errno(error)); 850 851 len = uiop->uio_resid; 852 uiop->uio_fmode = fp->f_flag; 853 uiop->uio_extflg = UIO_COPY_CACHED; 854 855 name = msg->msg_name; 856 namelen = msg->msg_namelen; 857 control = msg->msg_control; 858 controllen = msg->msg_controllen; 859 860 msg->msg_flags = flags & (MSG_OOB | MSG_PEEK | MSG_WAITALL | 861 MSG_DONTWAIT | MSG_XPG4_2); 862 863 error = SOP_RECVMSG(so, msg, uiop); 864 if (error) { 865 releasef(sock); 866 return (set_errno(error)); 867 } 868 lwp_stat_update(LWP_STAT_MSGRCV, 1); 869 so_update_attrs(so, SOACC); 870 releasef(sock); 871 872 error = copyout_name(name, namelen, namelenp, 873 msg->msg_name, msg->msg_namelen); 874 if (error) 875 goto err; 876 877 if (flagsp != NULL) { 878 /* 879 * Clear internal flag. 880 */ 881 msg->msg_flags &= ~MSG_XPG4_2; 882 883 /* 884 * Determine MSG_CTRUNC. sorecvmsg sets MSG_CTRUNC only 885 * when controllen is zero and there is control data to 886 * copy out. 887 */ 888 if (controllen != 0 && 889 (msg->msg_controllen > controllen || control == NULL)) { 890 dprint(1, ("recvit: CTRUNC %d %d %p\n", 891 msg->msg_controllen, controllen, control)); 892 893 msg->msg_flags |= MSG_CTRUNC; 894 } 895 if (copyout(&msg->msg_flags, flagsp, 896 sizeof (msg->msg_flags))) { 897 error = EFAULT; 898 goto err; 899 } 900 } 901 /* 902 * Note: This MUST be done last. There can be no "goto err" after this 903 * point since it could make so_closefds run twice on some part 904 * of the file descriptor array. 905 */ 906 if (controllen != 0) { 907 if (!(flags & MSG_XPG4_2)) { 908 /* 909 * Good old msg_accrights can only return a multiple 910 * of 4 bytes. 911 */ 912 controllen &= ~((int)sizeof (uint32_t) - 1); 913 } 914 error = copyout_arg(control, controllen, controllenp, 915 msg->msg_control, msg->msg_controllen); 916 if (error) 917 goto err; 918 919 if (msg->msg_controllen > controllen || control == NULL) { 920 if (control == NULL) 921 controllen = 0; 922 so_closefds(msg->msg_control, msg->msg_controllen, 923 !(flags & MSG_XPG4_2), controllen); 924 } 925 } 926 if (msg->msg_namelen != 0) 927 kmem_free(msg->msg_name, (size_t)msg->msg_namelen); 928 if (msg->msg_controllen != 0) 929 kmem_free(msg->msg_control, (size_t)msg->msg_controllen); 930 return (len - uiop->uio_resid); 931 932 err: 933 /* 934 * If we fail and the control part contains file descriptors 935 * we have to close the fd's. 936 */ 937 if (msg->msg_controllen != 0) 938 so_closefds(msg->msg_control, msg->msg_controllen, 939 !(flags & MSG_XPG4_2), 0); 940 if (msg->msg_namelen != 0) 941 kmem_free(msg->msg_name, (size_t)msg->msg_namelen); 942 if (msg->msg_controllen != 0) 943 kmem_free(msg->msg_control, (size_t)msg->msg_controllen); 944 return (set_errno(error)); 945 } 946 947 /* 948 * Native system call 949 */ 950 ssize_t 951 recv(int sock, void *buffer, size_t len, int flags) 952 { 953 struct nmsghdr lmsg; 954 struct uio auio; 955 struct iovec aiov[1]; 956 957 dprint(1, ("recv(%d, %p, %ld, %d)\n", 958 sock, buffer, len, flags)); 959 960 if ((ssize_t)len < 0) { 961 return (set_errno(EINVAL)); 962 } 963 964 aiov[0].iov_base = buffer; 965 aiov[0].iov_len = len; 966 auio.uio_loffset = 0; 967 auio.uio_iov = aiov; 968 auio.uio_iovcnt = 1; 969 auio.uio_resid = len; 970 auio.uio_segflg = UIO_USERSPACE; 971 auio.uio_limit = 0; 972 973 lmsg.msg_namelen = 0; 974 lmsg.msg_controllen = 0; 975 lmsg.msg_flags = 0; 976 return (recvit(sock, &lmsg, &auio, flags, NULL, NULL, NULL)); 977 } 978 979 ssize_t 980 recvfrom(int sock, void *buffer, size_t len, int flags, 981 struct sockaddr *name, socklen_t *namelenp) 982 { 983 struct nmsghdr lmsg; 984 struct uio auio; 985 struct iovec aiov[1]; 986 987 dprint(1, ("recvfrom(%d, %p, %ld, %d, %p, %p)\n", 988 sock, buffer, len, flags, name, namelenp)); 989 990 if ((ssize_t)len < 0) { 991 return (set_errno(EINVAL)); 992 } 993 994 aiov[0].iov_base = buffer; 995 aiov[0].iov_len = len; 996 auio.uio_loffset = 0; 997 auio.uio_iov = aiov; 998 auio.uio_iovcnt = 1; 999 auio.uio_resid = len; 1000 auio.uio_segflg = UIO_USERSPACE; 1001 auio.uio_limit = 0; 1002 1003 lmsg.msg_name = (char *)name; 1004 if (namelenp != NULL) { 1005 if (copyin(namelenp, &lmsg.msg_namelen, 1006 sizeof (lmsg.msg_namelen))) 1007 return (set_errno(EFAULT)); 1008 } else { 1009 lmsg.msg_namelen = 0; 1010 } 1011 lmsg.msg_controllen = 0; 1012 lmsg.msg_flags = 0; 1013 1014 return (recvit(sock, &lmsg, &auio, flags, namelenp, NULL, NULL)); 1015 } 1016 1017 /* 1018 * Uses the MSG_XPG4_2 flag to determine if the caller is using 1019 * struct omsghdr or struct nmsghdr. 1020 */ 1021 ssize_t 1022 recvmsg(int sock, struct nmsghdr *msg, int flags) 1023 { 1024 STRUCT_DECL(nmsghdr, u_lmsg); 1025 STRUCT_HANDLE(nmsghdr, umsgptr); 1026 struct nmsghdr lmsg; 1027 struct uio auio; 1028 struct iovec aiov[MSG_MAXIOVLEN]; 1029 int iovcnt; 1030 ssize_t len; 1031 int i; 1032 int *flagsp; 1033 model_t model; 1034 1035 dprint(1, ("recvmsg(%d, %p, %d)\n", 1036 sock, msg, flags)); 1037 1038 model = get_udatamodel(); 1039 STRUCT_INIT(u_lmsg, model); 1040 STRUCT_SET_HANDLE(umsgptr, model, msg); 1041 1042 if (flags & MSG_XPG4_2) { 1043 if (copyin(msg, STRUCT_BUF(u_lmsg), STRUCT_SIZE(u_lmsg))) 1044 return (set_errno(EFAULT)); 1045 flagsp = STRUCT_FADDR(umsgptr, msg_flags); 1046 } else { 1047 /* 1048 * Assumes that nmsghdr and omsghdr are identically shaped 1049 * except for the added msg_flags field. 1050 */ 1051 if (copyin(msg, STRUCT_BUF(u_lmsg), 1052 SIZEOF_STRUCT(omsghdr, model))) 1053 return (set_errno(EFAULT)); 1054 STRUCT_FSET(u_lmsg, msg_flags, 0); 1055 flagsp = NULL; 1056 } 1057 1058 /* 1059 * Code below us will kmem_alloc memory and hang it 1060 * off msg_control and msg_name fields. This forces 1061 * us to copy the structure to its native form. 1062 */ 1063 lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name); 1064 lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen); 1065 lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov); 1066 lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen); 1067 lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control); 1068 lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen); 1069 lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags); 1070 1071 iovcnt = lmsg.msg_iovlen; 1072 1073 if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) { 1074 return (set_errno(EMSGSIZE)); 1075 } 1076 1077 #ifdef _SYSCALL32_IMPL 1078 /* 1079 * 32-bit callers need to have their iovec expanded, while ensuring 1080 * that they can't move more than 2Gbytes of data in a single call. 1081 */ 1082 if (model == DATAMODEL_ILP32) { 1083 struct iovec32 aiov32[MSG_MAXIOVLEN]; 1084 ssize32_t count32; 1085 1086 if (copyin((struct iovec32 *)lmsg.msg_iov, aiov32, 1087 iovcnt * sizeof (struct iovec32))) 1088 return (set_errno(EFAULT)); 1089 1090 count32 = 0; 1091 for (i = 0; i < iovcnt; i++) { 1092 ssize32_t iovlen32; 1093 1094 iovlen32 = aiov32[i].iov_len; 1095 count32 += iovlen32; 1096 if (iovlen32 < 0 || count32 < 0) 1097 return (set_errno(EINVAL)); 1098 aiov[i].iov_len = iovlen32; 1099 aiov[i].iov_base = 1100 (caddr_t)(uintptr_t)aiov32[i].iov_base; 1101 } 1102 } else 1103 #endif /* _SYSCALL32_IMPL */ 1104 if (copyin(lmsg.msg_iov, aiov, iovcnt * sizeof (struct iovec))) { 1105 return (set_errno(EFAULT)); 1106 } 1107 len = 0; 1108 for (i = 0; i < iovcnt; i++) { 1109 ssize_t iovlen = aiov[i].iov_len; 1110 len += iovlen; 1111 if (iovlen < 0 || len < 0) { 1112 return (set_errno(EINVAL)); 1113 } 1114 } 1115 auio.uio_loffset = 0; 1116 auio.uio_iov = aiov; 1117 auio.uio_iovcnt = iovcnt; 1118 auio.uio_resid = len; 1119 auio.uio_segflg = UIO_USERSPACE; 1120 auio.uio_limit = 0; 1121 1122 if (lmsg.msg_control != NULL && 1123 (do_useracc == 0 || 1124 useracc(lmsg.msg_control, lmsg.msg_controllen, 1125 B_WRITE) != 0)) { 1126 return (set_errno(EFAULT)); 1127 } 1128 1129 return (recvit(sock, &lmsg, &auio, flags, 1130 STRUCT_FADDR(umsgptr, msg_namelen), 1131 STRUCT_FADDR(umsgptr, msg_controllen), flagsp)); 1132 } 1133 1134 /* 1135 * Common send function. 1136 */ 1137 static ssize_t 1138 sendit(int sock, struct nmsghdr *msg, struct uio *uiop, int flags) 1139 { 1140 struct sonode *so; 1141 file_t *fp; 1142 void *name; 1143 socklen_t namelen; 1144 void *control; 1145 socklen_t controllen; 1146 ssize_t len; 1147 int error; 1148 1149 if ((so = getsonode(sock, &error, &fp)) == NULL) 1150 return (set_errno(error)); 1151 1152 uiop->uio_fmode = fp->f_flag; 1153 1154 if (so->so_family == AF_UNIX) 1155 uiop->uio_extflg = UIO_COPY_CACHED; 1156 else 1157 uiop->uio_extflg = UIO_COPY_DEFAULT; 1158 1159 /* Allocate and copyin name and control */ 1160 name = msg->msg_name; 1161 namelen = msg->msg_namelen; 1162 if (name != NULL && namelen != 0) { 1163 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1164 name = copyin_name(so, 1165 (struct sockaddr *)name, 1166 &namelen, &error); 1167 if (name == NULL) 1168 goto done3; 1169 /* copyin_name null terminates addresses for AF_UNIX */ 1170 msg->msg_namelen = namelen; 1171 msg->msg_name = name; 1172 } else { 1173 msg->msg_name = name = NULL; 1174 msg->msg_namelen = namelen = 0; 1175 } 1176 1177 control = msg->msg_control; 1178 controllen = msg->msg_controllen; 1179 if ((control != NULL) && (controllen != 0)) { 1180 /* 1181 * Verify that the length is not excessive to prevent 1182 * an application from consuming all of kernel memory. 1183 */ 1184 if (controllen > SO_MAXARGSIZE) { 1185 error = EINVAL; 1186 goto done2; 1187 } 1188 control = kmem_alloc(controllen, KM_SLEEP); 1189 1190 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1191 if (copyin(msg->msg_control, control, controllen)) { 1192 error = EFAULT; 1193 goto done1; 1194 } 1195 msg->msg_control = control; 1196 } else { 1197 msg->msg_control = control = NULL; 1198 msg->msg_controllen = controllen = 0; 1199 } 1200 1201 len = uiop->uio_resid; 1202 msg->msg_flags = flags; 1203 1204 error = SOP_SENDMSG(so, msg, uiop); 1205 done1: 1206 if (control != NULL) 1207 kmem_free(control, controllen); 1208 done2: 1209 if (name != NULL) 1210 kmem_free(name, namelen); 1211 done3: 1212 if (error != 0) { 1213 releasef(sock); 1214 return (set_errno(error)); 1215 } 1216 lwp_stat_update(LWP_STAT_MSGSND, 1); 1217 so_update_attrs(so, SOMOD); 1218 releasef(sock); 1219 return (len - uiop->uio_resid); 1220 } 1221 1222 /* 1223 * Native system call 1224 */ 1225 ssize_t 1226 send(int sock, void *buffer, size_t len, int flags) 1227 { 1228 struct nmsghdr lmsg; 1229 struct uio auio; 1230 struct iovec aiov[1]; 1231 1232 dprint(1, ("send(%d, %p, %ld, %d)\n", 1233 sock, buffer, len, flags)); 1234 1235 if ((ssize_t)len < 0) { 1236 return (set_errno(EINVAL)); 1237 } 1238 1239 aiov[0].iov_base = buffer; 1240 aiov[0].iov_len = len; 1241 auio.uio_loffset = 0; 1242 auio.uio_iov = aiov; 1243 auio.uio_iovcnt = 1; 1244 auio.uio_resid = len; 1245 auio.uio_segflg = UIO_USERSPACE; 1246 auio.uio_limit = 0; 1247 1248 lmsg.msg_name = NULL; 1249 lmsg.msg_control = NULL; 1250 if (!(flags & MSG_XPG4_2)) { 1251 /* 1252 * In order to be compatible with the libsocket/sockmod 1253 * implementation we set EOR for all send* calls. 1254 */ 1255 flags |= MSG_EOR; 1256 } 1257 return (sendit(sock, &lmsg, &auio, flags)); 1258 } 1259 1260 /* 1261 * Uses the MSG_XPG4_2 flag to determine if the caller is using 1262 * struct omsghdr or struct nmsghdr. 1263 */ 1264 ssize_t 1265 sendmsg(int sock, struct nmsghdr *msg, int flags) 1266 { 1267 struct nmsghdr lmsg; 1268 STRUCT_DECL(nmsghdr, u_lmsg); 1269 struct uio auio; 1270 struct iovec aiov[MSG_MAXIOVLEN]; 1271 int iovcnt; 1272 ssize_t len; 1273 int i; 1274 model_t model; 1275 1276 dprint(1, ("sendmsg(%d, %p, %d)\n", sock, msg, flags)); 1277 1278 model = get_udatamodel(); 1279 STRUCT_INIT(u_lmsg, model); 1280 1281 if (flags & MSG_XPG4_2) { 1282 if (copyin(msg, (char *)STRUCT_BUF(u_lmsg), 1283 STRUCT_SIZE(u_lmsg))) 1284 return (set_errno(EFAULT)); 1285 } else { 1286 /* 1287 * Assumes that nmsghdr and omsghdr are identically shaped 1288 * except for the added msg_flags field. 1289 */ 1290 if (copyin(msg, (char *)STRUCT_BUF(u_lmsg), 1291 SIZEOF_STRUCT(omsghdr, model))) 1292 return (set_errno(EFAULT)); 1293 /* 1294 * In order to be compatible with the libsocket/sockmod 1295 * implementation we set EOR for all send* calls. 1296 */ 1297 flags |= MSG_EOR; 1298 } 1299 1300 /* 1301 * Code below us will kmem_alloc memory and hang it 1302 * off msg_control and msg_name fields. This forces 1303 * us to copy the structure to its native form. 1304 */ 1305 lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name); 1306 lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen); 1307 lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov); 1308 lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen); 1309 lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control); 1310 lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen); 1311 lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags); 1312 1313 iovcnt = lmsg.msg_iovlen; 1314 1315 if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) { 1316 /* 1317 * Unless this is XPG 4.2 we allow iovcnt == 0 to 1318 * be compatible with SunOS 4.X and 4.4BSD. 1319 */ 1320 if (iovcnt != 0 || (flags & MSG_XPG4_2)) 1321 return (set_errno(EMSGSIZE)); 1322 } 1323 1324 #ifdef _SYSCALL32_IMPL 1325 /* 1326 * 32-bit callers need to have their iovec expanded, while ensuring 1327 * that they can't move more than 2Gbytes of data in a single call. 1328 */ 1329 if (model == DATAMODEL_ILP32) { 1330 struct iovec32 aiov32[MSG_MAXIOVLEN]; 1331 ssize32_t count32; 1332 1333 if (iovcnt != 0 && 1334 copyin((struct iovec32 *)lmsg.msg_iov, aiov32, 1335 iovcnt * sizeof (struct iovec32))) 1336 return (set_errno(EFAULT)); 1337 1338 count32 = 0; 1339 for (i = 0; i < iovcnt; i++) { 1340 ssize32_t iovlen32; 1341 1342 iovlen32 = aiov32[i].iov_len; 1343 count32 += iovlen32; 1344 if (iovlen32 < 0 || count32 < 0) 1345 return (set_errno(EINVAL)); 1346 aiov[i].iov_len = iovlen32; 1347 aiov[i].iov_base = 1348 (caddr_t)(uintptr_t)aiov32[i].iov_base; 1349 } 1350 } else 1351 #endif /* _SYSCALL32_IMPL */ 1352 if (iovcnt != 0 && 1353 copyin(lmsg.msg_iov, aiov, 1354 (unsigned)iovcnt * sizeof (struct iovec))) { 1355 return (set_errno(EFAULT)); 1356 } 1357 len = 0; 1358 for (i = 0; i < iovcnt; i++) { 1359 ssize_t iovlen = aiov[i].iov_len; 1360 len += iovlen; 1361 if (iovlen < 0 || len < 0) { 1362 return (set_errno(EINVAL)); 1363 } 1364 } 1365 auio.uio_loffset = 0; 1366 auio.uio_iov = aiov; 1367 auio.uio_iovcnt = iovcnt; 1368 auio.uio_resid = len; 1369 auio.uio_segflg = UIO_USERSPACE; 1370 auio.uio_limit = 0; 1371 1372 return (sendit(sock, &lmsg, &auio, flags)); 1373 } 1374 1375 ssize_t 1376 sendto(int sock, void *buffer, size_t len, int flags, 1377 struct sockaddr *name, socklen_t namelen) 1378 { 1379 struct nmsghdr lmsg; 1380 struct uio auio; 1381 struct iovec aiov[1]; 1382 1383 dprint(1, ("sendto(%d, %p, %ld, %d, %p, %d)\n", 1384 sock, buffer, len, flags, name, namelen)); 1385 1386 if ((ssize_t)len < 0) { 1387 return (set_errno(EINVAL)); 1388 } 1389 1390 aiov[0].iov_base = buffer; 1391 aiov[0].iov_len = len; 1392 auio.uio_loffset = 0; 1393 auio.uio_iov = aiov; 1394 auio.uio_iovcnt = 1; 1395 auio.uio_resid = len; 1396 auio.uio_segflg = UIO_USERSPACE; 1397 auio.uio_limit = 0; 1398 1399 lmsg.msg_name = (char *)name; 1400 lmsg.msg_namelen = namelen; 1401 lmsg.msg_control = NULL; 1402 if (!(flags & MSG_XPG4_2)) { 1403 /* 1404 * In order to be compatible with the libsocket/sockmod 1405 * implementation we set EOR for all send* calls. 1406 */ 1407 flags |= MSG_EOR; 1408 } 1409 return (sendit(sock, &lmsg, &auio, flags)); 1410 } 1411 1412 /*ARGSUSED3*/ 1413 int 1414 getpeername(int sock, struct sockaddr *name, socklen_t *namelenp, int version) 1415 { 1416 struct sonode *so; 1417 int error; 1418 socklen_t namelen; 1419 union { 1420 struct sockaddr_in sin; 1421 struct sockaddr_in6 sin6; 1422 } sin; /* Temporary buffer, common case */ 1423 void *addr; /* Temporary buffer, uncommon case */ 1424 socklen_t addrlen, size; 1425 1426 dprint(1, ("getpeername(%d, %p, %p)\n", 1427 sock, name, namelenp)); 1428 1429 if ((so = getsonode(sock, &error, NULL)) == NULL) 1430 goto bad; 1431 1432 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1433 if (copyin(namelenp, &namelen, sizeof (namelen)) || 1434 (name == NULL && namelen != 0)) { 1435 error = EFAULT; 1436 goto rel_out; 1437 } 1438 /* 1439 * If a connect or accept has been done, unless we're an Xnet socket, 1440 * the remote address has already been updated in so_faddr_sa. 1441 */ 1442 if (so->so_version != SOV_SOCKSTREAM && so->so_version != SOV_SOCKBSD || 1443 !(so->so_state & SS_FADDR_VALID)) { 1444 if ((error = SOP_GETPEERNAME(so)) != 0) 1445 goto rel_out; 1446 } 1447 1448 if (so->so_faddr_maxlen <= sizeof (sin)) { 1449 size = 0; 1450 addr = &sin; 1451 } else { 1452 /* 1453 * Allocate temporary to avoid holding so_lock across 1454 * copyout 1455 */ 1456 size = so->so_faddr_maxlen; 1457 addr = kmem_alloc(size, KM_SLEEP); 1458 } 1459 /* Prevent so_faddr_sa/len from changing while accessed */ 1460 mutex_enter(&so->so_lock); 1461 if (!(so->so_state & SS_ISCONNECTED)) { 1462 mutex_exit(&so->so_lock); 1463 error = ENOTCONN; 1464 goto free_out; 1465 } 1466 addrlen = so->so_faddr_len; 1467 bcopy(so->so_faddr_sa, addr, addrlen); 1468 mutex_exit(&so->so_lock); 1469 1470 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1471 error = copyout_name(name, namelen, namelenp, addr, 1472 (so->so_state & SS_FADDR_NOXLATE) ? 0 : addrlen); 1473 free_out: 1474 if (size != 0) 1475 kmem_free(addr, size); 1476 rel_out: 1477 releasef(sock); 1478 bad: return (error != 0 ? set_errno(error) : 0); 1479 } 1480 1481 /*ARGSUSED3*/ 1482 int 1483 getsockname(int sock, struct sockaddr *name, 1484 socklen_t *namelenp, int version) 1485 { 1486 struct sonode *so; 1487 int error; 1488 socklen_t namelen; 1489 union { 1490 struct sockaddr_in sin; 1491 struct sockaddr_in6 sin6; 1492 } sin; /* Temporary buffer, common case */ 1493 void *addr; /* Temporary buffer, uncommon case */ 1494 socklen_t addrlen, size; 1495 1496 dprint(1, ("getsockname(%d, %p, %p)\n", 1497 sock, name, namelenp)); 1498 1499 if ((so = getsonode(sock, &error, NULL)) == NULL) 1500 goto bad; 1501 1502 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1503 if (copyin(namelenp, &namelen, sizeof (namelen)) || 1504 (name == NULL && namelen != 0)) { 1505 error = EFAULT; 1506 goto rel_out; 1507 } 1508 1509 /* 1510 * If a bind or accept has been done, unless we're an Xnet endpoint, 1511 * the local address has already been updated in so_laddr_sa. 1512 */ 1513 if ((so->so_version != SOV_SOCKSTREAM && 1514 so->so_version != SOV_SOCKBSD) || 1515 !(so->so_state & SS_LADDR_VALID)) { 1516 if ((error = SOP_GETSOCKNAME(so)) != 0) 1517 goto rel_out; 1518 } 1519 1520 if (so->so_laddr_maxlen <= sizeof (sin)) { 1521 size = 0; 1522 addr = &sin; 1523 } else { 1524 /* 1525 * Allocate temporary to avoid holding so_lock across 1526 * copyout 1527 */ 1528 size = so->so_laddr_maxlen; 1529 addr = kmem_alloc(size, KM_SLEEP); 1530 } 1531 /* Prevent so_laddr_sa/len from changing while accessed */ 1532 mutex_enter(&so->so_lock); 1533 addrlen = so->so_laddr_len; 1534 bcopy(so->so_laddr_sa, addr, addrlen); 1535 mutex_exit(&so->so_lock); 1536 1537 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1538 error = copyout_name(name, namelen, namelenp, 1539 addr, addrlen); 1540 if (size != 0) 1541 kmem_free(addr, size); 1542 rel_out: 1543 releasef(sock); 1544 bad: return (error != 0 ? set_errno(error) : 0); 1545 } 1546 1547 /*ARGSUSED5*/ 1548 int 1549 getsockopt(int sock, 1550 int level, 1551 int option_name, 1552 void *option_value, 1553 socklen_t *option_lenp, 1554 int version) 1555 { 1556 struct sonode *so; 1557 socklen_t optlen, optlen_res; 1558 void *optval; 1559 int error; 1560 1561 dprint(1, ("getsockopt(%d, %d, %d, %p, %p)\n", 1562 sock, level, option_name, option_value, option_lenp)); 1563 1564 if ((so = getsonode(sock, &error, NULL)) == NULL) 1565 return (set_errno(error)); 1566 1567 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1568 if (copyin(option_lenp, &optlen, sizeof (optlen))) { 1569 releasef(sock); 1570 return (set_errno(EFAULT)); 1571 } 1572 /* 1573 * Verify that the length is not excessive to prevent 1574 * an application from consuming all of kernel memory. 1575 */ 1576 if (optlen > SO_MAXARGSIZE) { 1577 error = EINVAL; 1578 releasef(sock); 1579 return (set_errno(error)); 1580 } 1581 optval = kmem_alloc(optlen, KM_SLEEP); 1582 optlen_res = optlen; 1583 error = SOP_GETSOCKOPT(so, level, option_name, optval, 1584 &optlen_res, (version != SOV_XPG4_2) ? 0 : _SOGETSOCKOPT_XPG4_2); 1585 releasef(sock); 1586 if (error) { 1587 kmem_free(optval, optlen); 1588 return (set_errno(error)); 1589 } 1590 error = copyout_arg(option_value, optlen, option_lenp, 1591 optval, optlen_res); 1592 kmem_free(optval, optlen); 1593 if (error) 1594 return (set_errno(error)); 1595 return (0); 1596 } 1597 1598 /*ARGSUSED5*/ 1599 int 1600 setsockopt(int sock, 1601 int level, 1602 int option_name, 1603 void *option_value, 1604 socklen_t option_len, 1605 int version) 1606 { 1607 struct sonode *so; 1608 intptr_t buffer[2]; 1609 void *optval = NULL; 1610 int error; 1611 1612 dprint(1, ("setsockopt(%d, %d, %d, %p, %d)\n", 1613 sock, level, option_name, option_value, option_len)); 1614 1615 if ((so = getsonode(sock, &error, NULL)) == NULL) 1616 return (set_errno(error)); 1617 1618 if (option_value != NULL) { 1619 if (option_len != 0) { 1620 /* 1621 * Verify that the length is not excessive to prevent 1622 * an application from consuming all of kernel memory. 1623 */ 1624 if (option_len > SO_MAXARGSIZE) { 1625 error = EINVAL; 1626 goto done2; 1627 } 1628 optval = option_len <= sizeof (buffer) ? 1629 &buffer : kmem_alloc((size_t)option_len, KM_SLEEP); 1630 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1631 if (copyin(option_value, optval, (size_t)option_len)) { 1632 error = EFAULT; 1633 goto done1; 1634 } 1635 } 1636 } else 1637 option_len = 0; 1638 1639 error = SOP_SETSOCKOPT(so, level, option_name, optval, 1640 (t_uscalar_t)option_len); 1641 done1: 1642 if (optval != buffer) 1643 kmem_free(optval, (size_t)option_len); 1644 done2: 1645 releasef(sock); 1646 if (error) 1647 return (set_errno(error)); 1648 return (0); 1649 } 1650 1651 /* 1652 * Add config info when devpath is non-NULL; delete info when devpath is NULL. 1653 * devpath is a user address. 1654 */ 1655 int 1656 sockconfig(int domain, int type, int protocol, char *devpath) 1657 { 1658 char *kdevpath; /* Copied in devpath string */ 1659 size_t kdevpathlen; 1660 int error = 0; 1661 1662 dprint(1, ("sockconfig(%d, %d, %d, %p)\n", 1663 domain, type, protocol, devpath)); 1664 1665 if (secpolicy_net_config(CRED(), B_FALSE) != 0) 1666 return (set_errno(EPERM)); 1667 1668 if (devpath == NULL) { 1669 /* Deleting an entry */ 1670 kdevpath = NULL; 1671 kdevpathlen = 0; 1672 } else { 1673 /* 1674 * Adding an entry. 1675 * Copyin the devpath. 1676 * This also makes it possible to check for too long pathnames. 1677 * Compress the space needed for the devpath before passing it 1678 * to soconfig - soconfig will store the string until 1679 * the configuration is removed. 1680 */ 1681 char *buf; 1682 1683 buf = kmem_alloc(MAXPATHLEN, KM_SLEEP); 1684 if ((error = copyinstr(devpath, buf, MAXPATHLEN, 1685 &kdevpathlen)) != 0) { 1686 kmem_free(buf, MAXPATHLEN); 1687 goto done; 1688 } 1689 1690 kdevpath = kmem_alloc(kdevpathlen, KM_SLEEP); 1691 bcopy(buf, kdevpath, kdevpathlen); 1692 kdevpath[kdevpathlen - 1] = '\0'; 1693 1694 kmem_free(buf, MAXPATHLEN); 1695 } 1696 error = soconfig(domain, type, protocol, kdevpath, (int)kdevpathlen); 1697 done: 1698 if (error) { 1699 eprintline(error); 1700 return (set_errno(error)); 1701 } 1702 return (0); 1703 } 1704 1705 1706 /* 1707 * Sendfile is implemented through two schemes, direct I/O or by 1708 * caching in the filesystem page cache. We cache the input file by 1709 * default and use direct I/O only if sendfile_max_size is set 1710 * appropriately as explained below. Note that this logic is consistent 1711 * with other filesystems where caching is turned on by default 1712 * unless explicitly turned off by using the DIRECTIO ioctl. 1713 * 1714 * We choose a slightly different scheme here. One can turn off 1715 * caching by setting sendfile_max_size to 0. One can also enable 1716 * caching of files <= sendfile_max_size by setting sendfile_max_size 1717 * to an appropriate value. By default sendfile_max_size is set to the 1718 * maximum value so that all files are cached. In future, we may provide 1719 * better interfaces for caching the file. 1720 * 1721 * Sendfile through Direct I/O (Zero copy) 1722 * -------------------------------------- 1723 * 1724 * As disks are normally slower than the network, we can't have a 1725 * single thread that reads the disk and writes to the network. We 1726 * need to have parallelism. This is done by having the sendfile 1727 * thread create another thread that reads from the filesystem 1728 * and queues it for network processing. In this scheme, the data 1729 * is never copied anywhere i.e it is zero copy unlike the other 1730 * scheme. 1731 * 1732 * We have a sendfile queue (snfq) where each sendfile 1733 * request (snf_req_t) is queued for processing by a thread. Number 1734 * of threads is dynamically allocated and they exit if they are idling 1735 * beyond a specified amount of time. When each request (snf_req_t) is 1736 * processed by a thread, it produces a number of mblk_t structures to 1737 * be consumed by the sendfile thread. snf_deque and snf_enque are 1738 * used for consuming and producing mblks. Size of the filesystem 1739 * read is determined by the tuneable (sendfile_read_size). A single 1740 * mblk holds sendfile_read_size worth of data (except the last 1741 * read of the file) which is sent down as a whole to the network. 1742 * sendfile_read_size is set to 1 MB as this seems to be the optimal 1743 * value for the UFS filesystem backed by a striped storage array. 1744 * 1745 * Synchronisation between read (producer) and write (consumer) threads. 1746 * -------------------------------------------------------------------- 1747 * 1748 * sr_lock protects sr_ib_head and sr_ib_tail. The lock is held while 1749 * adding and deleting items in this list. Error can happen anytime 1750 * during read or write. There could be unprocessed mblks in the 1751 * sr_ib_XXX list when a read or write error occurs. Whenever error 1752 * is encountered, we need two things to happen : 1753 * 1754 * a) One of the threads need to clean the mblks. 1755 * b) When one thread encounters an error, the other should stop. 1756 * 1757 * For (a), we don't want to penalise the reader thread as it could do 1758 * some useful work processing other requests. For (b), the error can 1759 * be detected by examining sr_read_error or sr_write_error. 1760 * sr_lock protects sr_read_error and sr_write_error. If both reader and 1761 * writer encounters error, we need to report the write error back to 1762 * the application as that's what would have happened if the operations 1763 * were done sequentially. With this in mind, following should work : 1764 * 1765 * - Check for errors before read or write. 1766 * - If the reader encounters error, set the error in sr_read_error. 1767 * Check sr_write_error, if it is set, send cv_signal as it is 1768 * waiting for reader to complete. If it is not set, the writer 1769 * is either running sinking data to the network or blocked 1770 * because of flow control. For handling the latter case, we 1771 * always send a signal. In any case, it will examine sr_read_error 1772 * and return. sr_read_error is marked with SR_READ_DONE to tell 1773 * the writer that the reader is done in all the cases. 1774 * - If the writer encounters error, set the error in sr_write_error. 1775 * The reader thread is either blocked because of flow control or 1776 * running reading data from the disk. For the former, we need to 1777 * wakeup the thread. Again to keep it simple, we always wake up 1778 * the reader thread. Then, wait for the read thread to complete 1779 * if it is not done yet. Cleanup and return. 1780 * 1781 * High and low water marks for the read thread. 1782 * -------------------------------------------- 1783 * 1784 * If sendfile() is used to send data over a slow network, we need to 1785 * make sure that the read thread does not produce data at a faster 1786 * rate than the network. This can happen if the disk is faster than 1787 * the network. In such a case, we don't want to build a very large queue. 1788 * But we would still like to get all of the network throughput possible. 1789 * This implies that network should never block waiting for data. 1790 * As there are lot of disk throughput/network throughput combinations 1791 * possible, it is difficult to come up with an accurate number. 1792 * A typical 10K RPM disk has a max seek latency 17ms and rotational 1793 * latency of 3ms for reading a disk block. Thus, the total latency to 1794 * initiate a new read, transfer data from the disk and queue for 1795 * transmission would take about a max of 25ms. Todays max transfer rate 1796 * for network is 100MB/sec. If the thread is blocked because of flow 1797 * control, it would take 25ms to get new data ready for transmission. 1798 * We have to make sure that network is not idling, while we are initiating 1799 * new transfers. So, at 100MB/sec, to keep network busy we would need 1800 * 2.5MB of data. Roundig off, we keep the low water mark to be 3MB of data. 1801 * We need to pick a high water mark so that the woken up thread would 1802 * do considerable work before blocking again to prevent thrashing. Currently, 1803 * we pick this to be 10 times that of the low water mark. 1804 * 1805 * Sendfile with segmap caching (One copy from page cache to mblks). 1806 * ---------------------------------------------------------------- 1807 * 1808 * We use the segmap cache for caching the file, if the size of file 1809 * is <= sendfile_max_size. In this case we don't use threads as VM 1810 * is reasonably fast enough to keep up with the network. If the underlying 1811 * transport allows, we call segmap_getmapflt() to map MAXBSIZE (8K) worth 1812 * of data into segmap space, and use the virtual address from segmap 1813 * directly through desballoc() to avoid copy. Once the transport is done 1814 * with the data, the mapping will be released through segmap_release() 1815 * called by the call-back routine. 1816 * 1817 * If zero-copy is not allowed by the transport, we simply call VOP_READ() 1818 * to copy the data from the filesystem into our temporary network buffer. 1819 * 1820 * To disable caching, set sendfile_max_size to 0. 1821 */ 1822 1823 uint_t sendfile_read_size = 1024 * 1024; 1824 #define SENDFILE_REQ_LOWAT 3 * 1024 * 1024 1825 uint_t sendfile_req_lowat = SENDFILE_REQ_LOWAT; 1826 uint_t sendfile_req_hiwat = 10 * SENDFILE_REQ_LOWAT; 1827 struct sendfile_stats sf_stats; 1828 struct sendfile_queue *snfq; 1829 clock_t snfq_timeout; 1830 off64_t sendfile_max_size; 1831 1832 static void snf_enque(snf_req_t *, mblk_t *); 1833 static mblk_t *snf_deque(snf_req_t *); 1834 1835 void 1836 sendfile_init(void) 1837 { 1838 snfq = kmem_zalloc(sizeof (struct sendfile_queue), KM_SLEEP); 1839 1840 mutex_init(&snfq->snfq_lock, NULL, MUTEX_DEFAULT, NULL); 1841 cv_init(&snfq->snfq_cv, NULL, CV_DEFAULT, NULL); 1842 snfq->snfq_max_threads = max_ncpus; 1843 snfq_timeout = SNFQ_TIMEOUT; 1844 /* Cache all files by default. */ 1845 sendfile_max_size = MAXOFFSET_T; 1846 } 1847 1848 /* 1849 * Queues a mblk_t for network processing. 1850 */ 1851 static void 1852 snf_enque(snf_req_t *sr, mblk_t *mp) 1853 { 1854 mp->b_next = NULL; 1855 mutex_enter(&sr->sr_lock); 1856 if (sr->sr_mp_head == NULL) { 1857 sr->sr_mp_head = sr->sr_mp_tail = mp; 1858 cv_signal(&sr->sr_cv); 1859 } else { 1860 sr->sr_mp_tail->b_next = mp; 1861 sr->sr_mp_tail = mp; 1862 } 1863 sr->sr_qlen += MBLKL(mp); 1864 while ((sr->sr_qlen > sr->sr_hiwat) && 1865 (sr->sr_write_error == 0)) { 1866 sf_stats.ss_full_waits++; 1867 cv_wait(&sr->sr_cv, &sr->sr_lock); 1868 } 1869 mutex_exit(&sr->sr_lock); 1870 } 1871 1872 /* 1873 * De-queues a mblk_t for network processing. 1874 */ 1875 static mblk_t * 1876 snf_deque(snf_req_t *sr) 1877 { 1878 mblk_t *mp; 1879 1880 mutex_enter(&sr->sr_lock); 1881 /* 1882 * If we have encountered an error on read or read is 1883 * completed and no more mblks, return NULL. 1884 * We need to check for NULL sr_mp_head also as 1885 * the reads could have completed and there is 1886 * nothing more to come. 1887 */ 1888 if (((sr->sr_read_error & ~SR_READ_DONE) != 0) || 1889 ((sr->sr_read_error & SR_READ_DONE) && 1890 sr->sr_mp_head == NULL)) { 1891 mutex_exit(&sr->sr_lock); 1892 return (NULL); 1893 } 1894 /* 1895 * To start with neither SR_READ_DONE is marked nor 1896 * the error is set. When we wake up from cv_wait, 1897 * following are the possibilities : 1898 * 1899 * a) sr_read_error is zero and mblks are queued. 1900 * b) sr_read_error is set to SR_READ_DONE 1901 * and mblks are queued. 1902 * c) sr_read_error is set to SR_READ_DONE 1903 * and no mblks. 1904 * d) sr_read_error is set to some error other 1905 * than SR_READ_DONE. 1906 */ 1907 1908 while ((sr->sr_read_error == 0) && (sr->sr_mp_head == NULL)) { 1909 sf_stats.ss_empty_waits++; 1910 cv_wait(&sr->sr_cv, &sr->sr_lock); 1911 } 1912 /* Handle (a) and (b) first - the normal case. */ 1913 if (((sr->sr_read_error & ~SR_READ_DONE) == 0) && 1914 (sr->sr_mp_head != NULL)) { 1915 mp = sr->sr_mp_head; 1916 sr->sr_mp_head = mp->b_next; 1917 sr->sr_qlen -= MBLKL(mp); 1918 if (sr->sr_qlen < sr->sr_lowat) 1919 cv_signal(&sr->sr_cv); 1920 mutex_exit(&sr->sr_lock); 1921 mp->b_next = NULL; 1922 return (mp); 1923 } 1924 /* Handle (c) and (d). */ 1925 mutex_exit(&sr->sr_lock); 1926 return (NULL); 1927 } 1928 1929 /* 1930 * Reads data from the filesystem and queues it for network processing. 1931 */ 1932 void 1933 snf_async_read(snf_req_t *sr) 1934 { 1935 size_t iosize; 1936 u_offset_t fileoff; 1937 u_offset_t size; 1938 int ret_size; 1939 int error; 1940 file_t *fp; 1941 mblk_t *mp; 1942 1943 fp = sr->sr_fp; 1944 size = sr->sr_file_size; 1945 fileoff = sr->sr_file_off; 1946 1947 /* 1948 * Ignore the error for filesystems that doesn't support DIRECTIO. 1949 */ 1950 (void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_ON, 0, 1951 kcred, NULL); 1952 1953 while ((size != 0) && (sr->sr_write_error == 0)) { 1954 1955 iosize = (int)MIN(sr->sr_maxpsz, size); 1956 1957 if ((mp = allocb(iosize, BPRI_MED)) == NULL) { 1958 error = EAGAIN; 1959 break; 1960 } 1961 ret_size = soreadfile(fp, mp->b_rptr, fileoff, &error, iosize); 1962 1963 /* Error or Reached EOF ? */ 1964 if ((error != 0) || (ret_size == 0)) { 1965 freeb(mp); 1966 break; 1967 } 1968 mp->b_wptr = mp->b_rptr + ret_size; 1969 1970 snf_enque(sr, mp); 1971 size -= ret_size; 1972 fileoff += ret_size; 1973 } 1974 (void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_OFF, 0, 1975 kcred, NULL); 1976 mutex_enter(&sr->sr_lock); 1977 sr->sr_read_error = error; 1978 sr->sr_read_error |= SR_READ_DONE; 1979 cv_signal(&sr->sr_cv); 1980 mutex_exit(&sr->sr_lock); 1981 } 1982 1983 void 1984 snf_async_thread(void) 1985 { 1986 snf_req_t *sr; 1987 callb_cpr_t cprinfo; 1988 clock_t time_left = 1; 1989 clock_t now; 1990 1991 CALLB_CPR_INIT(&cprinfo, &snfq->snfq_lock, callb_generic_cpr, "snfq"); 1992 1993 mutex_enter(&snfq->snfq_lock); 1994 for (;;) { 1995 /* 1996 * If we didn't find a entry, then block until woken up 1997 * again and then look through the queues again. 1998 */ 1999 while ((sr = snfq->snfq_req_head) == NULL) { 2000 CALLB_CPR_SAFE_BEGIN(&cprinfo); 2001 if (time_left <= 0) { 2002 snfq->snfq_svc_threads--; 2003 CALLB_CPR_EXIT(&cprinfo); 2004 thread_exit(); 2005 /* NOTREACHED */ 2006 } 2007 snfq->snfq_idle_cnt++; 2008 2009 time_to_wait(&now, snfq_timeout); 2010 time_left = cv_timedwait(&snfq->snfq_cv, 2011 &snfq->snfq_lock, now); 2012 snfq->snfq_idle_cnt--; 2013 2014 CALLB_CPR_SAFE_END(&cprinfo, &snfq->snfq_lock); 2015 } 2016 snfq->snfq_req_head = sr->sr_next; 2017 snfq->snfq_req_cnt--; 2018 mutex_exit(&snfq->snfq_lock); 2019 snf_async_read(sr); 2020 mutex_enter(&snfq->snfq_lock); 2021 } 2022 } 2023 2024 2025 snf_req_t * 2026 create_thread(int operation, struct vnode *vp, file_t *fp, 2027 u_offset_t fileoff, u_offset_t size) 2028 { 2029 snf_req_t *sr; 2030 stdata_t *stp; 2031 2032 sr = (snf_req_t *)kmem_zalloc(sizeof (snf_req_t), KM_SLEEP); 2033 2034 sr->sr_vp = vp; 2035 sr->sr_fp = fp; 2036 stp = vp->v_stream; 2037 2038 /* 2039 * store sd_qn_maxpsz into sr_maxpsz while we have stream head. 2040 * stream might be closed before thread returns from snf_async_read. 2041 */ 2042 if (stp->sd_qn_maxpsz > 0) { 2043 sr->sr_maxpsz = MIN(MAXBSIZE, stp->sd_qn_maxpsz); 2044 } else { 2045 sr->sr_maxpsz = MAXBSIZE; 2046 } 2047 2048 sr->sr_operation = operation; 2049 sr->sr_file_off = fileoff; 2050 sr->sr_file_size = size; 2051 sr->sr_hiwat = sendfile_req_hiwat; 2052 sr->sr_lowat = sendfile_req_lowat; 2053 mutex_init(&sr->sr_lock, NULL, MUTEX_DEFAULT, NULL); 2054 cv_init(&sr->sr_cv, NULL, CV_DEFAULT, NULL); 2055 /* 2056 * See whether we need another thread for servicing this 2057 * request. If there are already enough requests queued 2058 * for the threads, create one if not exceeding 2059 * snfq_max_threads. 2060 */ 2061 mutex_enter(&snfq->snfq_lock); 2062 if (snfq->snfq_req_cnt >= snfq->snfq_idle_cnt && 2063 snfq->snfq_svc_threads < snfq->snfq_max_threads) { 2064 (void) thread_create(NULL, 0, &snf_async_thread, 0, 0, &p0, 2065 TS_RUN, minclsyspri); 2066 snfq->snfq_svc_threads++; 2067 } 2068 if (snfq->snfq_req_head == NULL) { 2069 snfq->snfq_req_head = snfq->snfq_req_tail = sr; 2070 cv_signal(&snfq->snfq_cv); 2071 } else { 2072 snfq->snfq_req_tail->sr_next = sr; 2073 snfq->snfq_req_tail = sr; 2074 } 2075 snfq->snfq_req_cnt++; 2076 mutex_exit(&snfq->snfq_lock); 2077 return (sr); 2078 } 2079 2080 int 2081 snf_direct_io(file_t *fp, file_t *rfp, u_offset_t fileoff, u_offset_t size, 2082 ssize_t *count) 2083 { 2084 snf_req_t *sr; 2085 mblk_t *mp; 2086 int iosize; 2087 int error = 0; 2088 short fflag; 2089 struct vnode *vp; 2090 int ksize; 2091 2092 ksize = 0; 2093 *count = 0; 2094 2095 vp = fp->f_vnode; 2096 fflag = fp->f_flag; 2097 if ((sr = create_thread(READ_OP, vp, rfp, fileoff, size)) == NULL) 2098 return (EAGAIN); 2099 2100 /* 2101 * We check for read error in snf_deque. It has to check 2102 * for successful READ_DONE and return NULL, and we might 2103 * as well make an additional check there. 2104 */ 2105 while ((mp = snf_deque(sr)) != NULL) { 2106 2107 if (ISSIG(curthread, JUSTLOOKING)) { 2108 freeb(mp); 2109 error = EINTR; 2110 break; 2111 } 2112 iosize = MBLKL(mp); 2113 2114 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2115 freeb(mp); 2116 break; 2117 } 2118 ksize += iosize; 2119 } 2120 *count = ksize; 2121 2122 mutex_enter(&sr->sr_lock); 2123 sr->sr_write_error = error; 2124 /* Look at the big comments on why we cv_signal here. */ 2125 cv_signal(&sr->sr_cv); 2126 2127 /* Wait for the reader to complete always. */ 2128 while (!(sr->sr_read_error & SR_READ_DONE)) { 2129 cv_wait(&sr->sr_cv, &sr->sr_lock); 2130 } 2131 /* If there is no write error, check for read error. */ 2132 if (error == 0) 2133 error = (sr->sr_read_error & ~SR_READ_DONE); 2134 2135 if (error != 0) { 2136 mblk_t *next_mp; 2137 2138 mp = sr->sr_mp_head; 2139 while (mp != NULL) { 2140 next_mp = mp->b_next; 2141 mp->b_next = NULL; 2142 freeb(mp); 2143 mp = next_mp; 2144 } 2145 } 2146 mutex_exit(&sr->sr_lock); 2147 kmem_free(sr, sizeof (snf_req_t)); 2148 return (error); 2149 } 2150 2151 typedef struct { 2152 frtn_t snfi_frtn; 2153 caddr_t snfi_base; 2154 uint_t snfi_mapoff; 2155 size_t snfi_len; 2156 vnode_t *snfi_vp; 2157 } snf_smap_desbinfo; 2158 2159 /* 2160 * The callback function when the last ref of the mblk is dropped, 2161 * normally occurs when TCP receives the ack. But it can be the driver 2162 * too due to lazy reclaim. 2163 */ 2164 void 2165 snf_smap_desbfree(snf_smap_desbinfo *snfi) 2166 { 2167 if (!segmap_kpm) { 2168 /* 2169 * We don't need to call segmap_fault(F_SOFTUNLOCK) for 2170 * segmap_kpm as long as the latter never falls back to 2171 * "use_segmap_range". (See segmap_getmapflt().) 2172 * 2173 * Using S_OTHER saves an redundant hat_setref() in 2174 * segmap_unlock() 2175 */ 2176 (void) segmap_fault(kas.a_hat, segkmap, 2177 (caddr_t)(uintptr_t)(((uintptr_t)snfi->snfi_base + 2178 snfi->snfi_mapoff) & PAGEMASK), snfi->snfi_len, 2179 F_SOFTUNLOCK, S_OTHER); 2180 } 2181 (void) segmap_release(segkmap, snfi->snfi_base, SM_DONTNEED); 2182 VN_RELE(snfi->snfi_vp); 2183 kmem_free(snfi, sizeof (*snfi)); 2184 } 2185 2186 /* 2187 * Use segmap instead of bcopy to send down a chain of desballoca'ed, mblks. 2188 * Each mblk contains a segmap slot of no more than MAXBSIZE. The total 2189 * length of a chain is no more than sd_qn_maxpsz. 2190 * 2191 * At the end of the whole sendfile() operation, we wait till the data from 2192 * the last mblk is ack'ed by the transport before returning so that the 2193 * caller of sendfile() can safely modify the file content. 2194 */ 2195 int 2196 snf_segmap(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t size, 2197 uint_t maxpsz, ssize_t *count, boolean_t nowait) 2198 { 2199 caddr_t base; 2200 int mapoff; 2201 vnode_t *vp; 2202 mblk_t *mp, *mp1; 2203 int iosize, iosize1; 2204 int error; 2205 short fflag; 2206 int ksize; 2207 snf_smap_desbinfo *snfi; 2208 struct vattr va; 2209 boolean_t dowait = B_FALSE; 2210 2211 vp = fp->f_vnode; 2212 fflag = fp->f_flag; 2213 ksize = 0; 2214 for (;;) { 2215 if (ISSIG(curthread, JUSTLOOKING)) { 2216 error = EINTR; 2217 break; 2218 } 2219 iosize = 0; 2220 mp = NULL; 2221 do { 2222 mapoff = fileoff & MAXBOFFSET; 2223 iosize1 = MAXBSIZE - mapoff; 2224 if (iosize1 > size) 2225 iosize1 = size; 2226 /* 2227 * we don't forcefault because we'll call 2228 * segmap_fault(F_SOFTLOCK) next. 2229 * 2230 * S_READ will get the ref bit set (by either 2231 * segmap_getmapflt() or segmap_fault()) and page 2232 * shared locked. 2233 */ 2234 base = segmap_getmapflt(segkmap, fvp, fileoff, iosize1, 2235 segmap_kpm ? SM_FAULT : 0, S_READ); 2236 2237 snfi = kmem_alloc(sizeof (*snfi), KM_SLEEP); 2238 snfi->snfi_len = (size_t)roundup(mapoff+iosize1, 2239 PAGESIZE)- (mapoff & PAGEMASK); 2240 /* 2241 * We must call segmap_fault() even for segmap_kpm 2242 * because that's how error gets returned. 2243 * (segmap_getmapflt() never fails but segmap_fault() 2244 * does.) 2245 */ 2246 if (segmap_fault(kas.a_hat, segkmap, 2247 (caddr_t)(uintptr_t)(((uintptr_t)base + mapoff) & 2248 PAGEMASK), snfi->snfi_len, F_SOFTLOCK, 2249 S_READ) != 0) { 2250 (void) segmap_release(segkmap, base, 0); 2251 kmem_free(snfi, sizeof (*snfi)); 2252 freemsg(mp); 2253 error = EIO; 2254 goto out; 2255 } 2256 snfi->snfi_frtn.free_func = snf_smap_desbfree; 2257 snfi->snfi_frtn.free_arg = (caddr_t)snfi; 2258 snfi->snfi_base = base; 2259 snfi->snfi_mapoff = mapoff; 2260 mp1 = desballoca((uchar_t *)base + mapoff, 2261 iosize1, BPRI_HI, &snfi->snfi_frtn); 2262 2263 if (mp1 == NULL) { 2264 (void) segmap_fault(kas.a_hat, segkmap, 2265 (caddr_t)(uintptr_t)(((uintptr_t)base + 2266 mapoff) & PAGEMASK), snfi->snfi_len, 2267 F_SOFTUNLOCK, S_OTHER); 2268 (void) segmap_release(segkmap, base, 0); 2269 kmem_free(snfi, sizeof (*snfi)); 2270 freemsg(mp); 2271 error = EAGAIN; 2272 goto out; 2273 } 2274 VN_HOLD(fvp); 2275 snfi->snfi_vp = fvp; 2276 mp1->b_wptr += iosize1; 2277 2278 /* Mark this dblk with the zero-copy flag */ 2279 mp1->b_datap->db_struioflag |= STRUIO_ZC; 2280 if (mp == NULL) 2281 mp = mp1; 2282 else 2283 linkb(mp, mp1); 2284 iosize += iosize1; 2285 fileoff += iosize1; 2286 size -= iosize1; 2287 } while (iosize < maxpsz && size != 0); 2288 2289 if (size == 0 && !nowait) { 2290 ASSERT(!dowait); 2291 dowait = B_TRUE; 2292 mp1->b_datap->db_struioflag |= STRUIO_ZCNOTIFY; 2293 } 2294 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2295 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2296 *count = ksize; 2297 freemsg(mp); 2298 return (error); 2299 } 2300 ksize += iosize; 2301 if (size == 0) 2302 goto done; 2303 2304 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2305 va.va_mask = AT_SIZE; 2306 error = VOP_GETATTR(fvp, &va, 0, kcred); 2307 if (error) 2308 break; 2309 /* Read as much as possible. */ 2310 if (fileoff >= va.va_size) 2311 break; 2312 if (size + fileoff > va.va_size) 2313 size = va.va_size - fileoff; 2314 } 2315 out: 2316 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2317 done: 2318 *count = ksize; 2319 if (dowait) { 2320 stdata_t *stp; 2321 2322 stp = vp->v_stream; 2323 mutex_enter(&stp->sd_lock); 2324 while (!(stp->sd_flag & STZCNOTIFY)) { 2325 (void) cv_wait_sig(&stp->sd_zcopy_wait, 2326 &stp->sd_lock); 2327 } 2328 stp->sd_flag &= ~STZCNOTIFY; 2329 mutex_exit(&stp->sd_lock); 2330 } 2331 return (error); 2332 } 2333 2334 int 2335 snf_cache(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t size, 2336 uint_t maxpsz, ssize_t *count) 2337 { 2338 struct vnode *vp; 2339 mblk_t *mp; 2340 int iosize; 2341 int error; 2342 short fflag; 2343 int ksize; 2344 int ioflag; 2345 struct uio auio; 2346 struct iovec aiov; 2347 struct vattr va; 2348 2349 vp = fp->f_vnode; 2350 fflag = fp->f_flag; 2351 ksize = 0; 2352 auio.uio_iov = &aiov; 2353 auio.uio_iovcnt = 1; 2354 auio.uio_segflg = UIO_SYSSPACE; 2355 auio.uio_llimit = MAXOFFSET_T; 2356 auio.uio_fmode = fflag; 2357 auio.uio_extflg = UIO_COPY_CACHED; 2358 ioflag = auio.uio_fmode & (FSYNC|FDSYNC|FRSYNC); 2359 /* If read sync is not asked for, filter sync flags */ 2360 if ((ioflag & FRSYNC) == 0) 2361 ioflag &= ~(FSYNC|FDSYNC); 2362 for (;;) { 2363 if (ISSIG(curthread, JUSTLOOKING)) { 2364 error = EINTR; 2365 break; 2366 } 2367 iosize = (int)MIN(maxpsz, size); 2368 if ((mp = allocb(iosize, BPRI_MED)) == NULL) { 2369 error = EAGAIN; 2370 break; 2371 } 2372 aiov.iov_base = (caddr_t)mp->b_rptr; 2373 aiov.iov_len = iosize; 2374 auio.uio_loffset = fileoff; 2375 auio.uio_resid = iosize; 2376 2377 error = VOP_READ(fvp, &auio, ioflag, fp->f_cred, NULL); 2378 iosize -= auio.uio_resid; 2379 2380 if (error == EINTR && iosize != 0) 2381 error = 0; 2382 2383 if (error != 0 || iosize == 0) { 2384 freeb(mp); 2385 break; 2386 } 2387 mp->b_wptr = mp->b_rptr + iosize; 2388 2389 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2390 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2391 *count = ksize; 2392 freeb(mp); 2393 return (error); 2394 } 2395 ksize += iosize; 2396 size -= iosize; 2397 if (size == 0) 2398 goto done; 2399 2400 fileoff += iosize; 2401 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2402 va.va_mask = AT_SIZE; 2403 error = VOP_GETATTR(fvp, &va, 0, kcred); 2404 if (error) 2405 break; 2406 /* Read as much as possible. */ 2407 if (fileoff >= va.va_size) 2408 size = 0; 2409 else if (size + fileoff > va.va_size) 2410 size = va.va_size - fileoff; 2411 } 2412 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2413 done: 2414 *count = ksize; 2415 return (error); 2416 } 2417 2418 #if defined(_SYSCALL32_IMPL) || defined(_ILP32) 2419 /* 2420 * Largefile support for 32 bit applications only. 2421 */ 2422 int 2423 sosendfile64(file_t *fp, file_t *rfp, const struct ksendfilevec64 *sfv, 2424 ssize32_t *count32) 2425 { 2426 ssize32_t sfv_len; 2427 u_offset_t sfv_off, va_size; 2428 struct vnode *vp, *fvp, *realvp; 2429 struct vattr va; 2430 stdata_t *stp; 2431 ssize_t count = 0; 2432 int error = 0; 2433 boolean_t dozcopy = B_FALSE; 2434 uint_t maxpsz; 2435 2436 sfv_len = (ssize32_t)sfv->sfv_len; 2437 if (sfv_len < 0) { 2438 error = EINVAL; 2439 goto out; 2440 } 2441 2442 if (sfv_len == 0) goto out; 2443 2444 sfv_off = (u_offset_t)sfv->sfv_off; 2445 2446 /* Same checks as in pread */ 2447 if (sfv_off > MAXOFFSET_T) { 2448 error = EINVAL; 2449 goto out; 2450 } 2451 if (sfv_off + sfv_len > MAXOFFSET_T) 2452 sfv_len = (ssize32_t)(MAXOFFSET_T - sfv_off); 2453 2454 /* 2455 * There are no more checks on sfv_len. So, we cast it to 2456 * u_offset_t and share the snf_direct_io/snf_cache code between 2457 * 32 bit and 64 bit. 2458 * 2459 * TODO: should do nbl_need_check() like read()? 2460 */ 2461 if (sfv_len > sendfile_max_size) { 2462 sf_stats.ss_file_not_cached++; 2463 error = snf_direct_io(fp, rfp, sfv_off, (u_offset_t)sfv_len, 2464 &count); 2465 goto out; 2466 } 2467 fvp = rfp->f_vnode; 2468 if (VOP_REALVP(fvp, &realvp) == 0) 2469 fvp = realvp; 2470 /* 2471 * Grab the lock as a reader to prevent the file size 2472 * from changing underneath. 2473 */ 2474 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2475 va.va_mask = AT_SIZE; 2476 error = VOP_GETATTR(fvp, &va, 0, kcred); 2477 va_size = va.va_size; 2478 if ((error != 0) || (va_size == 0) || (sfv_off >= va_size)) { 2479 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2480 goto out; 2481 } 2482 /* Read as much as possible. */ 2483 if (sfv_off + sfv_len > va_size) 2484 sfv_len = va_size - sfv_off; 2485 2486 vp = fp->f_vnode; 2487 stp = vp->v_stream; 2488 if (stp->sd_qn_maxpsz == INFPSZ) 2489 maxpsz = MAXOFF32_T; 2490 else 2491 maxpsz = roundup(stp->sd_qn_maxpsz, MAXBSIZE); 2492 /* 2493 * When the NOWAIT flag is not set, we enable zero-copy only if the 2494 * transfer size is large enough. This prevents performance loss 2495 * when the caller sends the file piece by piece. 2496 */ 2497 if (sfv_len >= MAXBSIZE && (sfv_len >= (va_size >> 1) || 2498 (sfv->sfv_flag & SFV_NOWAIT) || sfv_len >= 0x1000000) && 2499 !vn_has_flocks(fvp)) { 2500 if ((stp->sd_copyflag & (STZCVMSAFE|STZCVMUNSAFE)) == 0) { 2501 int on = 1; 2502 2503 if (SOP_SETSOCKOPT(VTOSO(vp), SOL_SOCKET, 2504 SO_SND_COPYAVOID, &on, sizeof (on)) == 0) 2505 dozcopy = B_TRUE; 2506 } else { 2507 dozcopy = (stp->sd_copyflag & STZCVMSAFE); 2508 } 2509 } 2510 if (dozcopy) { 2511 sf_stats.ss_file_segmap++; 2512 error = snf_segmap(fp, fvp, sfv_off, (u_offset_t)sfv_len, 2513 maxpsz, &count, ((sfv->sfv_flag & SFV_NOWAIT) != 0)); 2514 } else { 2515 sf_stats.ss_file_cached++; 2516 error = snf_cache(fp, fvp, sfv_off, (u_offset_t)sfv_len, 2517 maxpsz, &count); 2518 } 2519 out: 2520 releasef(sfv->sfv_fd); 2521 *count32 = (ssize32_t)count; 2522 return (error); 2523 } 2524 #endif 2525 2526 #ifdef _SYSCALL32_IMPL 2527 /* 2528 * recv32(), recvfrom32(), send32(), sendto32(): intentionally return a 2529 * ssize_t rather than ssize32_t; see the comments above read32 for details. 2530 */ 2531 2532 ssize_t 2533 recv32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags) 2534 { 2535 return (recv(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags)); 2536 } 2537 2538 ssize_t 2539 recvfrom32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags, 2540 caddr32_t name, caddr32_t namelenp) 2541 { 2542 return (recvfrom(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags, 2543 (void *)(uintptr_t)name, (void *)(uintptr_t)namelenp)); 2544 } 2545 2546 ssize_t 2547 send32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags) 2548 { 2549 return (send(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags)); 2550 } 2551 2552 ssize_t 2553 sendto32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags, 2554 caddr32_t name, socklen_t namelen) 2555 { 2556 return (sendto(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags, 2557 (void *)(uintptr_t)name, namelen)); 2558 } 2559 #endif /* _SYSCALL32_IMPL */ 2560 2561 /* 2562 * Function wrappers (mostly arround the sonode switch) for 2563 * backward compatibility. 2564 */ 2565 2566 int 2567 soaccept(struct sonode *so, int fflag, struct sonode **nsop) 2568 { 2569 return (SOP_ACCEPT(so, fflag, nsop)); 2570 } 2571 2572 int 2573 sobind(struct sonode *so, struct sockaddr *name, socklen_t namelen, 2574 int backlog, int flags) 2575 { 2576 int error; 2577 2578 error = SOP_BIND(so, name, namelen, flags); 2579 if (error == 0 && backlog != 0) 2580 return (SOP_LISTEN(so, backlog)); 2581 2582 return (error); 2583 } 2584 2585 int 2586 solisten(struct sonode *so, int backlog) 2587 { 2588 return (SOP_LISTEN(so, backlog)); 2589 } 2590 2591 int 2592 soconnect(struct sonode *so, const struct sockaddr *name, socklen_t namelen, 2593 int fflag, int flags) 2594 { 2595 return (SOP_CONNECT(so, name, namelen, fflag, flags)); 2596 } 2597 2598 int 2599 sorecvmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop) 2600 { 2601 return (SOP_RECVMSG(so, msg, uiop)); 2602 } 2603 2604 int 2605 sosendmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop) 2606 { 2607 return (SOP_SENDMSG(so, msg, uiop)); 2608 } 2609 2610 int 2611 sogetpeername(struct sonode *so) 2612 { 2613 return (SOP_GETPEERNAME(so)); 2614 } 2615 2616 int 2617 sogetsockname(struct sonode *so) 2618 { 2619 return (SOP_GETSOCKNAME(so)); 2620 } 2621 2622 int 2623 soshutdown(struct sonode *so, int how) 2624 { 2625 return (SOP_SHUTDOWN(so, how)); 2626 } 2627 2628 int 2629 sogetsockopt(struct sonode *so, int level, int option_name, void *optval, 2630 socklen_t *optlenp, int flags) 2631 { 2632 return (SOP_GETSOCKOPT(so, level, option_name, optval, optlenp, 2633 flags)); 2634 } 2635 2636 int 2637 sosetsockopt(struct sonode *so, int level, int option_name, const void *optval, 2638 t_uscalar_t optlen) 2639 { 2640 return (SOP_SETSOCKOPT(so, level, option_name, optval, optlen)); 2641 } 2642 2643 /* 2644 * Because this is backward compatibility interface it only needs to be 2645 * able to handle the creation of TPI sockfs sockets. 2646 */ 2647 struct sonode * 2648 socreate(vnode_t *accessvp, int domain, int type, int protocol, int version, 2649 struct sonode *tso, int *errorp) 2650 { 2651 return (sotpi_create(accessvp, domain, type, protocol, version, tso, 2652 errorp)); 2653 } 2654