1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/t_lock.h> 31 #include <sys/param.h> 32 #include <sys/systm.h> 33 #include <sys/buf.h> 34 #include <sys/conf.h> 35 #include <sys/cred.h> 36 #include <sys/kmem.h> 37 #include <sys/sysmacros.h> 38 #include <sys/vfs.h> 39 #include <sys/vnode.h> 40 #include <sys/debug.h> 41 #include <sys/errno.h> 42 #include <sys/time.h> 43 #include <sys/file.h> 44 #include <sys/user.h> 45 #include <sys/stream.h> 46 #include <sys/strsubr.h> 47 #include <sys/strsun.h> 48 #include <sys/esunddi.h> 49 #include <sys/flock.h> 50 #include <sys/modctl.h> 51 #include <sys/cmn_err.h> 52 #include <sys/vmsystm.h> 53 #include <sys/policy.h> 54 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 58 #include <sys/isa_defs.h> 59 #include <sys/inttypes.h> 60 #include <sys/systm.h> 61 #include <sys/cpuvar.h> 62 #include <sys/filio.h> 63 #include <sys/sendfile.h> 64 #include <sys/ddi.h> 65 #include <vm/seg.h> 66 #include <vm/seg_map.h> 67 #include <vm/seg_kpm.h> 68 #include <fs/sockfs/nl7c.h> 69 70 #ifdef SOCK_TEST 71 int do_useracc = 1; /* Controlled by setting SO_DEBUG to 4 */ 72 #else 73 #define do_useracc 1 74 #endif /* SOCK_TEST */ 75 76 extern int xnet_truncate_print; 77 78 /* 79 * Note: DEF_IOV_MAX is defined and used as it is in "fs/vncalls.c" 80 * as there isn't a formal definition of IOV_MAX ??? 81 */ 82 #define MSG_MAXIOVLEN 16 83 84 /* 85 * Kernel component of socket creation. 86 * 87 * The socket library determines which version number to use. 88 * First the library calls this with a NULL devpath. If this fails 89 * to find a transport (using solookup) the library will look in /etc/netconfig 90 * for the appropriate transport. If one is found it will pass in the 91 * devpath for the kernel to use. 92 */ 93 int 94 so_socket(int domain, int type, int protocol, char *devpath, int version) 95 { 96 vnode_t *accessvp; 97 struct sonode *so; 98 vnode_t *vp; 99 struct file *fp; 100 int fd; 101 int error; 102 boolean_t wildcard = B_FALSE; 103 int saved_error = 0; 104 int sdomain = domain; 105 106 dprint(1, ("so_socket(%d,%d,%d,%p,%d)\n", 107 domain, type, protocol, devpath, version)); 108 109 if (domain == AF_NCA) { 110 /* 111 * The request is for an NCA socket so for NL7C use the 112 * INET domain instead and mark NL7C_AF_NCA below. 113 */ 114 domain = AF_INET; 115 /* 116 * NL7C is not supported in non-global zones, 117 * we enforce this restriction here. 118 */ 119 if (getzoneid() != GLOBAL_ZONEID) { 120 return (set_errno(ENOTSUP)); 121 } 122 } 123 124 accessvp = solookup(domain, type, protocol, devpath, &error); 125 if (accessvp == NULL) { 126 /* 127 * If there is either an EPROTONOSUPPORT or EPROTOTYPE error 128 * it makes sense doing the wildcard lookup since the 129 * protocol might not be in the table. 130 */ 131 if (devpath != NULL || protocol == 0 || 132 !(error == EPROTONOSUPPORT || error == EPROTOTYPE)) 133 return (set_errno(error)); 134 135 saved_error = error; 136 137 /* 138 * Try wildcard lookup. Never use devpath for wildcards. 139 */ 140 accessvp = solookup(domain, type, 0, NULL, &error); 141 if (accessvp == NULL) { 142 /* 143 * Can't find in kernel table - have library 144 * fall back to /etc/netconfig and tell us 145 * the devpath (The library will do this if it didn't 146 * already pass in a devpath). 147 */ 148 if (saved_error != 0) 149 error = saved_error; 150 return (set_errno(error)); 151 } 152 wildcard = B_TRUE; 153 } 154 155 /* Check the device policy */ 156 if ((error = secpolicy_spec_open(CRED(), 157 accessvp, FREAD|FWRITE)) != 0) { 158 return (set_errno(error)); 159 } 160 161 if (protocol == IPPROTO_SCTP) { 162 so = sosctp_create(accessvp, domain, type, protocol, version, 163 NULL, &error); 164 } else { 165 so = sotpi_create(accessvp, domain, type, protocol, version, 166 NULL, &error); 167 } 168 if (so == NULL) { 169 return (set_errno(error)); 170 } 171 if (sdomain == AF_NCA && domain == AF_INET) { 172 so->so_nl7c_flags = NL7C_AF_NCA; 173 } 174 vp = SOTOV(so); 175 176 if (wildcard) { 177 /* 178 * Issue SO_PROTOTYPE setsockopt. 179 */ 180 error = SOP_SETSOCKOPT(so, SOL_SOCKET, SO_PROTOTYPE, 181 &protocol, 182 (t_uscalar_t)sizeof (protocol)); 183 if (error) { 184 (void) VOP_CLOSE(vp, 0, 1, 0, CRED()); 185 VN_RELE(vp); 186 /* 187 * Setsockopt often fails with ENOPROTOOPT but socket() 188 * should fail with EPROTONOSUPPORT/EPROTOTYPE. 189 */ 190 if (saved_error != 0 && error == ENOPROTOOPT) 191 error = saved_error; 192 else 193 error = EPROTONOSUPPORT; 194 return (set_errno(error)); 195 } 196 } 197 if (error = falloc(vp, FWRITE|FREAD, &fp, &fd)) { 198 (void) VOP_CLOSE(vp, 0, 1, 0, CRED()); 199 VN_RELE(vp); 200 return (set_errno(error)); 201 } 202 203 /* 204 * Now fill in the entries that falloc reserved 205 */ 206 mutex_exit(&fp->f_tlock); 207 setf(fd, fp); 208 209 return (fd); 210 } 211 212 /* 213 * Map from a file descriptor to a socket node. 214 * Returns with the file descriptor held i.e. the caller has to 215 * use releasef when done with the file descriptor. 216 */ 217 static struct sonode * 218 getsonode(int sock, int *errorp, file_t **fpp) 219 { 220 file_t *fp; 221 vnode_t *vp; 222 struct sonode *so; 223 224 if ((fp = getf(sock)) == NULL) { 225 *errorp = EBADF; 226 eprintline(*errorp); 227 return (NULL); 228 } 229 vp = fp->f_vnode; 230 /* Check if it is a socket */ 231 if (vp->v_type != VSOCK) { 232 releasef(sock); 233 *errorp = ENOTSOCK; 234 eprintline(*errorp); 235 return (NULL); 236 } 237 /* 238 * Use the stream head to find the real socket vnode. 239 * This is needed when namefs sits above sockfs. 240 */ 241 if (vp->v_stream) { 242 ASSERT(vp->v_stream->sd_vnode); 243 vp = vp->v_stream->sd_vnode; 244 245 so = VTOSO(vp); 246 if (so->so_version == SOV_STREAM) { 247 releasef(sock); 248 *errorp = ENOTSOCK; 249 eprintsoline(so, *errorp); 250 return (NULL); 251 } 252 } else { 253 so = VTOSO(vp); 254 } 255 if (fpp) 256 *fpp = fp; 257 return (so); 258 } 259 260 /* 261 * Allocate and copyin a sockaddr. 262 * Ensures NULL termination for AF_UNIX addresses by extending them 263 * with one NULL byte if need be. Verifies that the length is not 264 * excessive to prevent an application from consuming all of kernel 265 * memory. Returns NULL when an error occurred. 266 */ 267 static struct sockaddr * 268 copyin_name(struct sonode *so, struct sockaddr *name, socklen_t *namelenp, 269 int *errorp) 270 { 271 char *faddr; 272 size_t namelen = (size_t)*namelenp; 273 274 ASSERT(namelen != 0); 275 if (namelen > SO_MAXARGSIZE) { 276 *errorp = EINVAL; 277 eprintsoline(so, *errorp); 278 return (NULL); 279 } 280 281 faddr = (char *)kmem_alloc(namelen, KM_SLEEP); 282 if (copyin(name, faddr, namelen)) { 283 kmem_free(faddr, namelen); 284 *errorp = EFAULT; 285 eprintsoline(so, *errorp); 286 return (NULL); 287 } 288 289 /* 290 * Add space for NULL termination if needed. 291 * Do a quick check if the last byte is NUL. 292 */ 293 if (so->so_family == AF_UNIX && faddr[namelen - 1] != '\0') { 294 /* Check if there is any NULL termination */ 295 size_t i; 296 int foundnull = 0; 297 298 for (i = sizeof (name->sa_family); i < namelen; i++) { 299 if (faddr[i] == '\0') { 300 foundnull = 1; 301 break; 302 } 303 } 304 if (!foundnull) { 305 /* Add extra byte for NUL padding */ 306 char *nfaddr; 307 308 nfaddr = (char *)kmem_alloc(namelen + 1, KM_SLEEP); 309 bcopy(faddr, nfaddr, namelen); 310 kmem_free(faddr, namelen); 311 312 /* NUL terminate */ 313 nfaddr[namelen] = '\0'; 314 namelen++; 315 ASSERT((socklen_t)namelen == namelen); 316 *namelenp = (socklen_t)namelen; 317 faddr = nfaddr; 318 } 319 } 320 return ((struct sockaddr *)faddr); 321 } 322 323 /* 324 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL. 325 */ 326 static int 327 copyout_arg(void *uaddr, socklen_t ulen, void *ulenp, 328 void *kaddr, socklen_t klen) 329 { 330 if (uaddr != NULL) { 331 if (ulen > klen) 332 ulen = klen; 333 334 if (ulen != 0) { 335 if (copyout(kaddr, uaddr, ulen)) 336 return (EFAULT); 337 } 338 } else 339 ulen = 0; 340 341 if (ulenp != NULL) { 342 if (copyout(&ulen, ulenp, sizeof (ulen))) 343 return (EFAULT); 344 } 345 return (0); 346 } 347 348 /* 349 * Copy from kaddr/klen to uaddr/ulen. Updates ulenp if non-NULL. 350 * If klen is greater than ulen it still uses the non-truncated 351 * klen to update ulenp. 352 */ 353 static int 354 copyout_name(void *uaddr, socklen_t ulen, void *ulenp, 355 void *kaddr, socklen_t klen) 356 { 357 if (uaddr != NULL) { 358 if (ulen >= klen) 359 ulen = klen; 360 else if (ulen != 0 && xnet_truncate_print) { 361 printf("sockfs: truncating copyout of address using " 362 "XNET semantics for pid = %d. Lengths %d, %d\n", 363 curproc->p_pid, klen, ulen); 364 } 365 366 if (ulen != 0) { 367 if (copyout(kaddr, uaddr, ulen)) 368 return (EFAULT); 369 } else 370 klen = 0; 371 } else 372 klen = 0; 373 374 if (ulenp != NULL) { 375 if (copyout(&klen, ulenp, sizeof (klen))) 376 return (EFAULT); 377 } 378 return (0); 379 } 380 381 /* 382 * The socketpair() code in libsocket creates two sockets (using 383 * the /etc/netconfig fallback if needed) before calling this routine 384 * to connect the two sockets together. 385 * 386 * For a SOCK_STREAM socketpair a listener is needed - in that case this 387 * routine will create a new file descriptor as part of accepting the 388 * connection. The library socketpair() will check if svs[2] has changed 389 * in which case it will close the changed fd. 390 * 391 * Note that this code could use the TPI feature of accepting the connection 392 * on the listening endpoint. However, that would require significant changes 393 * to soaccept. 394 */ 395 int 396 so_socketpair(int sv[2]) 397 { 398 int svs[2]; 399 struct sonode *so1, *so2; 400 int error; 401 struct sockaddr_ux *name; 402 size_t namelen; 403 404 dprint(1, ("so_socketpair(%p)\n", sv)); 405 406 error = useracc(sv, sizeof (svs), B_WRITE); 407 if (error && do_useracc) 408 return (set_errno(EFAULT)); 409 410 if (copyin(sv, svs, sizeof (svs))) 411 return (set_errno(EFAULT)); 412 413 if ((so1 = getsonode(svs[0], &error, NULL)) == NULL) 414 return (set_errno(error)); 415 416 if ((so2 = getsonode(svs[1], &error, NULL)) == NULL) { 417 releasef(svs[0]); 418 return (set_errno(error)); 419 } 420 421 if (so1->so_family != AF_UNIX || so2->so_family != AF_UNIX) { 422 error = EOPNOTSUPP; 423 goto done; 424 } 425 426 /* 427 * The code below makes assumptions about the "sockfs" implementation. 428 * So make sure that the correct implementation is really used. 429 */ 430 ASSERT(so1->so_ops == &sotpi_sonodeops); 431 ASSERT(so2->so_ops == &sotpi_sonodeops); 432 433 if (so1->so_type == SOCK_DGRAM) { 434 /* 435 * Bind both sockets and connect them with each other. 436 * Need to allocate name/namelen for soconnect. 437 */ 438 error = SOP_BIND(so1, NULL, 0, _SOBIND_UNSPEC); 439 if (error) { 440 eprintsoline(so1, error); 441 goto done; 442 } 443 error = SOP_BIND(so2, NULL, 0, _SOBIND_UNSPEC); 444 if (error) { 445 eprintsoline(so2, error); 446 goto done; 447 } 448 namelen = sizeof (struct sockaddr_ux); 449 name = kmem_alloc(namelen, KM_SLEEP); 450 name->sou_family = AF_UNIX; 451 name->sou_addr = so2->so_ux_laddr; 452 error = SOP_CONNECT(so1, 453 (struct sockaddr *)name, 454 (socklen_t)namelen, 455 0, _SOCONNECT_NOXLATE); 456 if (error) { 457 kmem_free(name, namelen); 458 eprintsoline(so1, error); 459 goto done; 460 } 461 name->sou_addr = so1->so_ux_laddr; 462 error = SOP_CONNECT(so2, 463 (struct sockaddr *)name, 464 (socklen_t)namelen, 465 0, _SOCONNECT_NOXLATE); 466 kmem_free(name, namelen); 467 if (error) { 468 eprintsoline(so2, error); 469 goto done; 470 } 471 releasef(svs[0]); 472 releasef(svs[1]); 473 } else { 474 /* 475 * Bind both sockets, with so1 being a listener. 476 * Connect so2 to so1 - nonblocking to avoid waiting for 477 * soaccept to complete. 478 * Accept a connection on so1. Pass out the new fd as sv[0]. 479 * The library will detect the changed fd and close 480 * the original one. 481 */ 482 struct sonode *nso; 483 struct vnode *nvp; 484 struct file *nfp; 485 int nfd; 486 487 /* 488 * We could simply call SOP_LISTEN() here (which would do the 489 * binding automatically) if the code didn't rely on passing 490 * _SOBIND_NOXLATE to the TPI implementation of SOP_BIND(). 491 */ 492 error = SOP_BIND(so1, NULL, 0, _SOBIND_UNSPEC|_SOBIND_NOXLATE| 493 _SOBIND_LISTEN|_SOBIND_SOCKETPAIR); 494 if (error) { 495 eprintsoline(so1, error); 496 goto done; 497 } 498 error = SOP_BIND(so2, NULL, 0, _SOBIND_UNSPEC); 499 if (error) { 500 eprintsoline(so2, error); 501 goto done; 502 } 503 504 namelen = sizeof (struct sockaddr_ux); 505 name = kmem_alloc(namelen, KM_SLEEP); 506 name->sou_family = AF_UNIX; 507 name->sou_addr = so1->so_ux_laddr; 508 error = SOP_CONNECT(so2, 509 (struct sockaddr *)name, 510 (socklen_t)namelen, 511 FNONBLOCK, _SOCONNECT_NOXLATE); 512 kmem_free(name, namelen); 513 if (error) { 514 if (error != EINPROGRESS) { 515 eprintsoline(so2, error); 516 goto done; 517 } 518 } 519 520 error = SOP_ACCEPT(so1, 0, &nso); 521 if (error) { 522 eprintsoline(so1, error); 523 goto done; 524 } 525 526 /* wait for so2 being SS_CONNECTED ignoring signals */ 527 mutex_enter(&so2->so_lock); 528 error = sowaitconnected(so2, 0, 1); 529 mutex_exit(&so2->so_lock); 530 nvp = SOTOV(nso); 531 if (error != 0) { 532 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED()); 533 VN_RELE(nvp); 534 eprintsoline(so2, error); 535 goto done; 536 } 537 538 if (error = falloc(nvp, FWRITE|FREAD, &nfp, &nfd)) { 539 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED()); 540 VN_RELE(nvp); 541 eprintsoline(nso, error); 542 goto done; 543 } 544 /* 545 * fill in the entries that falloc reserved 546 */ 547 mutex_exit(&nfp->f_tlock); 548 setf(nfd, nfp); 549 550 releasef(svs[0]); 551 releasef(svs[1]); 552 svs[0] = nfd; 553 554 /* 555 * The socketpair library routine will close the original 556 * svs[0] when this code passes out a different file 557 * descriptor. 558 */ 559 if (copyout(svs, sv, sizeof (svs))) { 560 (void) closeandsetf(nfd, NULL); 561 eprintline(EFAULT); 562 return (set_errno(EFAULT)); 563 } 564 } 565 return (0); 566 567 done: 568 releasef(svs[0]); 569 releasef(svs[1]); 570 return (set_errno(error)); 571 } 572 573 int 574 bind(int sock, struct sockaddr *name, socklen_t namelen, int version) 575 { 576 struct sonode *so; 577 int error; 578 579 dprint(1, ("bind(%d, %p, %d)\n", 580 sock, name, namelen)); 581 582 if ((so = getsonode(sock, &error, NULL)) == NULL) 583 return (set_errno(error)); 584 585 /* Allocate and copyin name */ 586 /* 587 * X/Open test does not expect EFAULT with NULL name and non-zero 588 * namelen. 589 */ 590 if (name != NULL && namelen != 0) { 591 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 592 name = copyin_name(so, name, &namelen, &error); 593 if (name == NULL) { 594 releasef(sock); 595 return (set_errno(error)); 596 } 597 } else { 598 name = NULL; 599 namelen = 0; 600 } 601 602 switch (version) { 603 default: 604 error = SOP_BIND(so, name, namelen, 0); 605 break; 606 case SOV_XPG4_2: 607 error = SOP_BIND(so, name, namelen, _SOBIND_XPG4_2); 608 break; 609 case SOV_SOCKBSD: 610 error = SOP_BIND(so, name, namelen, _SOBIND_SOCKBSD); 611 break; 612 } 613 done: 614 releasef(sock); 615 if (name != NULL) 616 kmem_free(name, (size_t)namelen); 617 618 if (error) 619 return (set_errno(error)); 620 return (0); 621 } 622 623 /* ARGSUSED2 */ 624 int 625 listen(int sock, int backlog, int version) 626 { 627 struct sonode *so; 628 int error; 629 630 dprint(1, ("listen(%d, %d)\n", 631 sock, backlog)); 632 633 if ((so = getsonode(sock, &error, NULL)) == NULL) 634 return (set_errno(error)); 635 636 error = SOP_LISTEN(so, backlog); 637 638 releasef(sock); 639 if (error) 640 return (set_errno(error)); 641 return (0); 642 } 643 644 /*ARGSUSED3*/ 645 int 646 accept(int sock, struct sockaddr *name, socklen_t *namelenp, int version) 647 { 648 struct sonode *so; 649 file_t *fp; 650 int error; 651 socklen_t namelen; 652 struct sonode *nso; 653 struct vnode *nvp; 654 struct file *nfp; 655 int nfd; 656 657 dprint(1, ("accept(%d, %p, %p)\n", 658 sock, name, namelenp)); 659 660 if ((so = getsonode(sock, &error, &fp)) == NULL) 661 return (set_errno(error)); 662 663 if (name != NULL) { 664 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 665 if (copyin(namelenp, &namelen, sizeof (namelen))) { 666 releasef(sock); 667 return (set_errno(EFAULT)); 668 } 669 if (namelen != 0) { 670 error = useracc(name, (size_t)namelen, B_WRITE); 671 if (error && do_useracc) { 672 releasef(sock); 673 return (set_errno(EFAULT)); 674 } 675 } else 676 name = NULL; 677 } else { 678 namelen = 0; 679 } 680 681 /* 682 * Allocate the user fd before SOP_ACCEPT() in order to 683 * catch EMFILE errors before calling SOP_ACCEPT(). 684 */ 685 if ((nfd = ufalloc(0)) == -1) { 686 eprintsoline(so, EMFILE); 687 releasef(sock); 688 return (set_errno(EMFILE)); 689 } 690 error = SOP_ACCEPT(so, fp->f_flag, &nso); 691 releasef(sock); 692 if (error) { 693 setf(nfd, NULL); 694 return (set_errno(error)); 695 } 696 697 nvp = SOTOV(nso); 698 699 /* 700 * so_faddr_sa can not go away even though we are not holding so_lock. 701 * However, in theory its content could change from underneath us. 702 * But this is not possible in practice since it can only 703 * change due to either some socket system call 704 * or due to a T_CONN_CON being received from the stream head. 705 * Since the falloc/setf have not yet been done no thread 706 * can do any system call on nso and T_CONN_CON can not arrive 707 * on a socket that is already connected. 708 * Thus there is no reason to hold so_lock here. 709 * 710 * SOP_ACCEPT() is required to have set the valid bit for the faddr, 711 * but it could be instantly cleared by a disconnect from the transport. 712 * For that reason we ignore it here. 713 */ 714 ASSERT(MUTEX_NOT_HELD(&nso->so_lock)); 715 error = copyout_name(name, namelen, namelenp, 716 nso->so_faddr_sa, (socklen_t)nso->so_faddr_len); 717 if (error) { 718 setf(nfd, NULL); 719 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED()); 720 VN_RELE(nvp); 721 return (set_errno(error)); 722 } 723 if (error = falloc(NULL, FWRITE|FREAD, &nfp, NULL)) { 724 setf(nfd, NULL); 725 (void) VOP_CLOSE(nvp, 0, 1, 0, CRED()); 726 VN_RELE(nvp); 727 eprintsoline(so, error); 728 return (set_errno(error)); 729 } 730 /* 731 * fill in the entries that falloc reserved 732 */ 733 nfp->f_vnode = nvp; 734 mutex_exit(&nfp->f_tlock); 735 setf(nfd, nfp); 736 737 /* 738 * Copy FNDELAY and FNONBLOCK from listener to acceptor 739 */ 740 if (so->so_state & (SS_NDELAY|SS_NONBLOCK)) { 741 uint_t oflag = nfp->f_flag; 742 int arg = 0; 743 744 if (so->so_state & SS_NONBLOCK) 745 arg |= FNONBLOCK; 746 else if (so->so_state & SS_NDELAY) 747 arg |= FNDELAY; 748 749 /* 750 * This code is a simplification of the F_SETFL code in fcntl() 751 * Ignore any errors from VOP_SETFL. 752 */ 753 if ((error = VOP_SETFL(nvp, oflag, arg, nfp->f_cred)) != 0) { 754 eprintsoline(so, error); 755 error = 0; 756 } else { 757 mutex_enter(&nfp->f_tlock); 758 nfp->f_flag &= ~FMASK | (FREAD|FWRITE); 759 nfp->f_flag |= arg; 760 mutex_exit(&nfp->f_tlock); 761 } 762 } 763 return (nfd); 764 } 765 766 int 767 connect(int sock, struct sockaddr *name, socklen_t namelen, int version) 768 { 769 struct sonode *so; 770 file_t *fp; 771 int error; 772 773 dprint(1, ("connect(%d, %p, %d)\n", 774 sock, name, namelen)); 775 776 if ((so = getsonode(sock, &error, &fp)) == NULL) 777 return (set_errno(error)); 778 779 /* Allocate and copyin name */ 780 if (namelen != 0) { 781 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 782 name = copyin_name(so, name, &namelen, &error); 783 if (name == NULL) { 784 releasef(sock); 785 return (set_errno(error)); 786 } 787 } else 788 name = NULL; 789 790 error = SOP_CONNECT(so, name, namelen, fp->f_flag, 791 (version != SOV_XPG4_2) ? 0 : _SOCONNECT_XPG4_2); 792 releasef(sock); 793 if (name) 794 kmem_free(name, (size_t)namelen); 795 if (error) 796 return (set_errno(error)); 797 return (0); 798 } 799 800 /*ARGSUSED2*/ 801 int 802 shutdown(int sock, int how, int version) 803 { 804 struct sonode *so; 805 int error; 806 807 dprint(1, ("shutdown(%d, %d)\n", 808 sock, how)); 809 810 if ((so = getsonode(sock, &error, NULL)) == NULL) 811 return (set_errno(error)); 812 813 error = SOP_SHUTDOWN(so, how); 814 815 releasef(sock); 816 if (error) 817 return (set_errno(error)); 818 return (0); 819 } 820 821 /* 822 * Common receive routine. 823 */ 824 static ssize_t 825 recvit(int sock, 826 struct nmsghdr *msg, 827 struct uio *uiop, 828 int flags, 829 socklen_t *namelenp, 830 socklen_t *controllenp, 831 int *flagsp) 832 { 833 struct sonode *so; 834 file_t *fp; 835 void *name; 836 socklen_t namelen; 837 void *control; 838 socklen_t controllen; 839 ssize_t len; 840 int error; 841 842 if ((so = getsonode(sock, &error, &fp)) == NULL) 843 return (set_errno(error)); 844 845 len = uiop->uio_resid; 846 uiop->uio_fmode = fp->f_flag; 847 uiop->uio_extflg = UIO_COPY_CACHED; 848 849 name = msg->msg_name; 850 namelen = msg->msg_namelen; 851 control = msg->msg_control; 852 controllen = msg->msg_controllen; 853 854 msg->msg_flags = flags & (MSG_OOB | MSG_PEEK | MSG_WAITALL | 855 MSG_DONTWAIT | MSG_XPG4_2); 856 857 error = SOP_RECVMSG(so, msg, uiop); 858 if (error) { 859 releasef(sock); 860 return (set_errno(error)); 861 } 862 lwp_stat_update(LWP_STAT_MSGRCV, 1); 863 so_update_attrs(so, SOACC); 864 releasef(sock); 865 866 error = copyout_name(name, namelen, namelenp, 867 msg->msg_name, msg->msg_namelen); 868 if (error) 869 goto err; 870 871 if (flagsp != NULL) { 872 /* 873 * Clear internal flag. 874 */ 875 msg->msg_flags &= ~MSG_XPG4_2; 876 877 /* 878 * Determine MSG_CTRUNC. sorecvmsg sets MSG_CTRUNC only 879 * when controllen is zero and there is control data to 880 * copy out. 881 */ 882 if (controllen != 0 && 883 (msg->msg_controllen > controllen || control == NULL)) { 884 dprint(1, ("recvit: CTRUNC %d %d %p\n", 885 msg->msg_controllen, controllen, control)); 886 887 msg->msg_flags |= MSG_CTRUNC; 888 } 889 if (copyout(&msg->msg_flags, flagsp, 890 sizeof (msg->msg_flags))) { 891 error = EFAULT; 892 goto err; 893 } 894 } 895 /* 896 * Note: This MUST be done last. There can be no "goto err" after this 897 * point since it could make so_closefds run twice on some part 898 * of the file descriptor array. 899 */ 900 if (controllen != 0) { 901 if (!(flags & MSG_XPG4_2)) { 902 /* 903 * Good old msg_accrights can only return a multiple 904 * of 4 bytes. 905 */ 906 controllen &= ~((int)sizeof (uint32_t) - 1); 907 } 908 error = copyout_arg(control, controllen, controllenp, 909 msg->msg_control, msg->msg_controllen); 910 if (error) 911 goto err; 912 913 if (msg->msg_controllen > controllen || control == NULL) { 914 if (control == NULL) 915 controllen = 0; 916 so_closefds(msg->msg_control, msg->msg_controllen, 917 !(flags & MSG_XPG4_2), controllen); 918 } 919 } 920 if (msg->msg_namelen != 0) 921 kmem_free(msg->msg_name, (size_t)msg->msg_namelen); 922 if (msg->msg_controllen != 0) 923 kmem_free(msg->msg_control, (size_t)msg->msg_controllen); 924 return (len - uiop->uio_resid); 925 926 err: 927 /* 928 * If we fail and the control part contains file descriptors 929 * we have to close the fd's. 930 */ 931 if (msg->msg_controllen != 0) 932 so_closefds(msg->msg_control, msg->msg_controllen, 933 !(flags & MSG_XPG4_2), 0); 934 if (msg->msg_namelen != 0) 935 kmem_free(msg->msg_name, (size_t)msg->msg_namelen); 936 if (msg->msg_controllen != 0) 937 kmem_free(msg->msg_control, (size_t)msg->msg_controllen); 938 return (set_errno(error)); 939 } 940 941 /* 942 * Native system call 943 */ 944 ssize_t 945 recv(int sock, void *buffer, size_t len, int flags) 946 { 947 struct nmsghdr lmsg; 948 struct uio auio; 949 struct iovec aiov[1]; 950 951 dprint(1, ("recv(%d, %p, %ld, %d)\n", 952 sock, buffer, len, flags)); 953 954 if ((ssize_t)len < 0) { 955 return (set_errno(EINVAL)); 956 } 957 958 aiov[0].iov_base = buffer; 959 aiov[0].iov_len = len; 960 auio.uio_loffset = 0; 961 auio.uio_iov = aiov; 962 auio.uio_iovcnt = 1; 963 auio.uio_resid = len; 964 auio.uio_segflg = UIO_USERSPACE; 965 auio.uio_limit = 0; 966 967 lmsg.msg_namelen = 0; 968 lmsg.msg_controllen = 0; 969 lmsg.msg_flags = 0; 970 return (recvit(sock, &lmsg, &auio, flags, NULL, NULL, NULL)); 971 } 972 973 ssize_t 974 recvfrom(int sock, void *buffer, size_t len, int flags, 975 struct sockaddr *name, socklen_t *namelenp) 976 { 977 struct nmsghdr lmsg; 978 struct uio auio; 979 struct iovec aiov[1]; 980 981 dprint(1, ("recvfrom(%d, %p, %ld, %d, %p, %p)\n", 982 sock, buffer, len, flags, name, namelenp)); 983 984 if ((ssize_t)len < 0) { 985 return (set_errno(EINVAL)); 986 } 987 988 aiov[0].iov_base = buffer; 989 aiov[0].iov_len = len; 990 auio.uio_loffset = 0; 991 auio.uio_iov = aiov; 992 auio.uio_iovcnt = 1; 993 auio.uio_resid = len; 994 auio.uio_segflg = UIO_USERSPACE; 995 auio.uio_limit = 0; 996 997 lmsg.msg_name = (char *)name; 998 if (namelenp != NULL) { 999 if (copyin(namelenp, &lmsg.msg_namelen, 1000 sizeof (lmsg.msg_namelen))) 1001 return (set_errno(EFAULT)); 1002 } else { 1003 lmsg.msg_namelen = 0; 1004 } 1005 lmsg.msg_controllen = 0; 1006 lmsg.msg_flags = 0; 1007 1008 return (recvit(sock, &lmsg, &auio, flags, namelenp, NULL, NULL)); 1009 } 1010 1011 /* 1012 * Uses the MSG_XPG4_2 flag to determine if the caller is using 1013 * struct omsghdr or struct nmsghdr. 1014 */ 1015 ssize_t 1016 recvmsg(int sock, struct nmsghdr *msg, int flags) 1017 { 1018 STRUCT_DECL(nmsghdr, u_lmsg); 1019 STRUCT_HANDLE(nmsghdr, umsgptr); 1020 struct nmsghdr lmsg; 1021 struct uio auio; 1022 struct iovec aiov[MSG_MAXIOVLEN]; 1023 int iovcnt; 1024 ssize_t len; 1025 int i; 1026 int *flagsp; 1027 model_t model; 1028 1029 dprint(1, ("recvmsg(%d, %p, %d)\n", 1030 sock, msg, flags)); 1031 1032 model = get_udatamodel(); 1033 STRUCT_INIT(u_lmsg, model); 1034 STRUCT_SET_HANDLE(umsgptr, model, msg); 1035 1036 if (flags & MSG_XPG4_2) { 1037 if (copyin(msg, STRUCT_BUF(u_lmsg), STRUCT_SIZE(u_lmsg))) 1038 return (set_errno(EFAULT)); 1039 flagsp = STRUCT_FADDR(umsgptr, msg_flags); 1040 } else { 1041 /* 1042 * Assumes that nmsghdr and omsghdr are identically shaped 1043 * except for the added msg_flags field. 1044 */ 1045 if (copyin(msg, STRUCT_BUF(u_lmsg), 1046 SIZEOF_STRUCT(omsghdr, model))) 1047 return (set_errno(EFAULT)); 1048 STRUCT_FSET(u_lmsg, msg_flags, 0); 1049 flagsp = NULL; 1050 } 1051 1052 /* 1053 * Code below us will kmem_alloc memory and hang it 1054 * off msg_control and msg_name fields. This forces 1055 * us to copy the structure to its native form. 1056 */ 1057 lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name); 1058 lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen); 1059 lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov); 1060 lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen); 1061 lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control); 1062 lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen); 1063 lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags); 1064 1065 iovcnt = lmsg.msg_iovlen; 1066 1067 if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) { 1068 return (set_errno(EMSGSIZE)); 1069 } 1070 1071 #ifdef _SYSCALL32_IMPL 1072 /* 1073 * 32-bit callers need to have their iovec expanded, while ensuring 1074 * that they can't move more than 2Gbytes of data in a single call. 1075 */ 1076 if (model == DATAMODEL_ILP32) { 1077 struct iovec32 aiov32[MSG_MAXIOVLEN]; 1078 ssize32_t count32; 1079 1080 if (copyin((struct iovec32 *)lmsg.msg_iov, aiov32, 1081 iovcnt * sizeof (struct iovec32))) 1082 return (set_errno(EFAULT)); 1083 1084 count32 = 0; 1085 for (i = 0; i < iovcnt; i++) { 1086 ssize32_t iovlen32; 1087 1088 iovlen32 = aiov32[i].iov_len; 1089 count32 += iovlen32; 1090 if (iovlen32 < 0 || count32 < 0) 1091 return (set_errno(EINVAL)); 1092 aiov[i].iov_len = iovlen32; 1093 aiov[i].iov_base = 1094 (caddr_t)(uintptr_t)aiov32[i].iov_base; 1095 } 1096 } else 1097 #endif /* _SYSCALL32_IMPL */ 1098 if (copyin(lmsg.msg_iov, aiov, iovcnt * sizeof (struct iovec))) { 1099 return (set_errno(EFAULT)); 1100 } 1101 len = 0; 1102 for (i = 0; i < iovcnt; i++) { 1103 ssize_t iovlen = aiov[i].iov_len; 1104 len += iovlen; 1105 if (iovlen < 0 || len < 0) { 1106 return (set_errno(EINVAL)); 1107 } 1108 } 1109 auio.uio_loffset = 0; 1110 auio.uio_iov = aiov; 1111 auio.uio_iovcnt = iovcnt; 1112 auio.uio_resid = len; 1113 auio.uio_segflg = UIO_USERSPACE; 1114 auio.uio_limit = 0; 1115 1116 if (lmsg.msg_control != NULL && 1117 (do_useracc == 0 || 1118 useracc(lmsg.msg_control, lmsg.msg_controllen, 1119 B_WRITE) != 0)) { 1120 return (set_errno(EFAULT)); 1121 } 1122 1123 return (recvit(sock, &lmsg, &auio, flags, 1124 STRUCT_FADDR(umsgptr, msg_namelen), 1125 STRUCT_FADDR(umsgptr, msg_controllen), flagsp)); 1126 } 1127 1128 /* 1129 * Common send function. 1130 */ 1131 static ssize_t 1132 sendit(int sock, struct nmsghdr *msg, struct uio *uiop, int flags) 1133 { 1134 struct sonode *so; 1135 file_t *fp; 1136 void *name; 1137 socklen_t namelen; 1138 void *control; 1139 socklen_t controllen; 1140 ssize_t len; 1141 int error; 1142 1143 if ((so = getsonode(sock, &error, &fp)) == NULL) 1144 return (set_errno(error)); 1145 1146 uiop->uio_fmode = fp->f_flag; 1147 1148 if (so->so_family == AF_UNIX) 1149 uiop->uio_extflg = UIO_COPY_CACHED; 1150 else 1151 uiop->uio_extflg = UIO_COPY_DEFAULT; 1152 1153 /* Allocate and copyin name and control */ 1154 name = msg->msg_name; 1155 namelen = msg->msg_namelen; 1156 if (name != NULL && namelen != 0) { 1157 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1158 name = copyin_name(so, 1159 (struct sockaddr *)name, 1160 &namelen, &error); 1161 if (name == NULL) 1162 goto done3; 1163 /* copyin_name null terminates addresses for AF_UNIX */ 1164 msg->msg_namelen = namelen; 1165 msg->msg_name = name; 1166 } else { 1167 msg->msg_name = name = NULL; 1168 msg->msg_namelen = namelen = 0; 1169 } 1170 1171 control = msg->msg_control; 1172 controllen = msg->msg_controllen; 1173 if ((control != NULL) && (controllen != 0)) { 1174 /* 1175 * Verify that the length is not excessive to prevent 1176 * an application from consuming all of kernel memory. 1177 */ 1178 if (controllen > SO_MAXARGSIZE) { 1179 error = EINVAL; 1180 goto done2; 1181 } 1182 control = kmem_alloc(controllen, KM_SLEEP); 1183 1184 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1185 if (copyin(msg->msg_control, control, controllen)) { 1186 error = EFAULT; 1187 goto done1; 1188 } 1189 msg->msg_control = control; 1190 } else { 1191 msg->msg_control = control = NULL; 1192 msg->msg_controllen = controllen = 0; 1193 } 1194 1195 len = uiop->uio_resid; 1196 msg->msg_flags = flags; 1197 1198 error = SOP_SENDMSG(so, msg, uiop); 1199 done1: 1200 if (control != NULL) 1201 kmem_free(control, controllen); 1202 done2: 1203 if (name != NULL) 1204 kmem_free(name, namelen); 1205 done3: 1206 if (error != 0) { 1207 releasef(sock); 1208 return (set_errno(error)); 1209 } 1210 lwp_stat_update(LWP_STAT_MSGSND, 1); 1211 so_update_attrs(so, SOMOD); 1212 releasef(sock); 1213 return (len - uiop->uio_resid); 1214 } 1215 1216 /* 1217 * Native system call 1218 */ 1219 ssize_t 1220 send(int sock, void *buffer, size_t len, int flags) 1221 { 1222 struct nmsghdr lmsg; 1223 struct uio auio; 1224 struct iovec aiov[1]; 1225 1226 dprint(1, ("send(%d, %p, %ld, %d)\n", 1227 sock, buffer, len, flags)); 1228 1229 if ((ssize_t)len < 0) { 1230 return (set_errno(EINVAL)); 1231 } 1232 1233 aiov[0].iov_base = buffer; 1234 aiov[0].iov_len = len; 1235 auio.uio_loffset = 0; 1236 auio.uio_iov = aiov; 1237 auio.uio_iovcnt = 1; 1238 auio.uio_resid = len; 1239 auio.uio_segflg = UIO_USERSPACE; 1240 auio.uio_limit = 0; 1241 1242 lmsg.msg_name = NULL; 1243 lmsg.msg_control = NULL; 1244 if (!(flags & MSG_XPG4_2)) { 1245 /* 1246 * In order to be compatible with the libsocket/sockmod 1247 * implementation we set EOR for all send* calls. 1248 */ 1249 flags |= MSG_EOR; 1250 } 1251 return (sendit(sock, &lmsg, &auio, flags)); 1252 } 1253 1254 /* 1255 * Uses the MSG_XPG4_2 flag to determine if the caller is using 1256 * struct omsghdr or struct nmsghdr. 1257 */ 1258 ssize_t 1259 sendmsg(int sock, struct nmsghdr *msg, int flags) 1260 { 1261 struct nmsghdr lmsg; 1262 STRUCT_DECL(nmsghdr, u_lmsg); 1263 struct uio auio; 1264 struct iovec aiov[MSG_MAXIOVLEN]; 1265 int iovcnt; 1266 ssize_t len; 1267 int i; 1268 model_t model; 1269 1270 dprint(1, ("sendmsg(%d, %p, %d)\n", sock, msg, flags)); 1271 1272 model = get_udatamodel(); 1273 STRUCT_INIT(u_lmsg, model); 1274 1275 if (flags & MSG_XPG4_2) { 1276 if (copyin(msg, (char *)STRUCT_BUF(u_lmsg), 1277 STRUCT_SIZE(u_lmsg))) 1278 return (set_errno(EFAULT)); 1279 } else { 1280 /* 1281 * Assumes that nmsghdr and omsghdr are identically shaped 1282 * except for the added msg_flags field. 1283 */ 1284 if (copyin(msg, (char *)STRUCT_BUF(u_lmsg), 1285 SIZEOF_STRUCT(omsghdr, model))) 1286 return (set_errno(EFAULT)); 1287 /* 1288 * In order to be compatible with the libsocket/sockmod 1289 * implementation we set EOR for all send* calls. 1290 */ 1291 flags |= MSG_EOR; 1292 } 1293 1294 /* 1295 * Code below us will kmem_alloc memory and hang it 1296 * off msg_control and msg_name fields. This forces 1297 * us to copy the structure to its native form. 1298 */ 1299 lmsg.msg_name = STRUCT_FGETP(u_lmsg, msg_name); 1300 lmsg.msg_namelen = STRUCT_FGET(u_lmsg, msg_namelen); 1301 lmsg.msg_iov = STRUCT_FGETP(u_lmsg, msg_iov); 1302 lmsg.msg_iovlen = STRUCT_FGET(u_lmsg, msg_iovlen); 1303 lmsg.msg_control = STRUCT_FGETP(u_lmsg, msg_control); 1304 lmsg.msg_controllen = STRUCT_FGET(u_lmsg, msg_controllen); 1305 lmsg.msg_flags = STRUCT_FGET(u_lmsg, msg_flags); 1306 1307 iovcnt = lmsg.msg_iovlen; 1308 1309 if (iovcnt <= 0 || iovcnt > MSG_MAXIOVLEN) { 1310 /* 1311 * Unless this is XPG 4.2 we allow iovcnt == 0 to 1312 * be compatible with SunOS 4.X and 4.4BSD. 1313 */ 1314 if (iovcnt != 0 || (flags & MSG_XPG4_2)) 1315 return (set_errno(EMSGSIZE)); 1316 } 1317 1318 #ifdef _SYSCALL32_IMPL 1319 /* 1320 * 32-bit callers need to have their iovec expanded, while ensuring 1321 * that they can't move more than 2Gbytes of data in a single call. 1322 */ 1323 if (model == DATAMODEL_ILP32) { 1324 struct iovec32 aiov32[MSG_MAXIOVLEN]; 1325 ssize32_t count32; 1326 1327 if (iovcnt != 0 && 1328 copyin((struct iovec32 *)lmsg.msg_iov, aiov32, 1329 iovcnt * sizeof (struct iovec32))) 1330 return (set_errno(EFAULT)); 1331 1332 count32 = 0; 1333 for (i = 0; i < iovcnt; i++) { 1334 ssize32_t iovlen32; 1335 1336 iovlen32 = aiov32[i].iov_len; 1337 count32 += iovlen32; 1338 if (iovlen32 < 0 || count32 < 0) 1339 return (set_errno(EINVAL)); 1340 aiov[i].iov_len = iovlen32; 1341 aiov[i].iov_base = 1342 (caddr_t)(uintptr_t)aiov32[i].iov_base; 1343 } 1344 } else 1345 #endif /* _SYSCALL32_IMPL */ 1346 if (iovcnt != 0 && 1347 copyin(lmsg.msg_iov, aiov, 1348 (unsigned)iovcnt * sizeof (struct iovec))) { 1349 return (set_errno(EFAULT)); 1350 } 1351 len = 0; 1352 for (i = 0; i < iovcnt; i++) { 1353 ssize_t iovlen = aiov[i].iov_len; 1354 len += iovlen; 1355 if (iovlen < 0 || len < 0) { 1356 return (set_errno(EINVAL)); 1357 } 1358 } 1359 auio.uio_loffset = 0; 1360 auio.uio_iov = aiov; 1361 auio.uio_iovcnt = iovcnt; 1362 auio.uio_resid = len; 1363 auio.uio_segflg = UIO_USERSPACE; 1364 auio.uio_limit = 0; 1365 1366 return (sendit(sock, &lmsg, &auio, flags)); 1367 } 1368 1369 ssize_t 1370 sendto(int sock, void *buffer, size_t len, int flags, 1371 struct sockaddr *name, socklen_t namelen) 1372 { 1373 struct nmsghdr lmsg; 1374 struct uio auio; 1375 struct iovec aiov[1]; 1376 1377 dprint(1, ("sendto(%d, %p, %ld, %d, %p, %d)\n", 1378 sock, buffer, len, flags, name, namelen)); 1379 1380 if ((ssize_t)len < 0) { 1381 return (set_errno(EINVAL)); 1382 } 1383 1384 aiov[0].iov_base = buffer; 1385 aiov[0].iov_len = len; 1386 auio.uio_loffset = 0; 1387 auio.uio_iov = aiov; 1388 auio.uio_iovcnt = 1; 1389 auio.uio_resid = len; 1390 auio.uio_segflg = UIO_USERSPACE; 1391 auio.uio_limit = 0; 1392 1393 lmsg.msg_name = (char *)name; 1394 lmsg.msg_namelen = namelen; 1395 lmsg.msg_control = NULL; 1396 if (!(flags & MSG_XPG4_2)) { 1397 /* 1398 * In order to be compatible with the libsocket/sockmod 1399 * implementation we set EOR for all send* calls. 1400 */ 1401 flags |= MSG_EOR; 1402 } 1403 return (sendit(sock, &lmsg, &auio, flags)); 1404 } 1405 1406 /*ARGSUSED3*/ 1407 int 1408 getpeername(int sock, struct sockaddr *name, socklen_t *namelenp, int version) 1409 { 1410 struct sonode *so; 1411 int error; 1412 socklen_t namelen; 1413 union { 1414 struct sockaddr_in sin; 1415 struct sockaddr_in6 sin6; 1416 } sin; /* Temporary buffer, common case */ 1417 void *addr; /* Temporary buffer, uncommon case */ 1418 socklen_t addrlen, size; 1419 1420 dprint(1, ("getpeername(%d, %p, %p)\n", 1421 sock, name, namelenp)); 1422 1423 if ((so = getsonode(sock, &error, NULL)) == NULL) 1424 goto bad; 1425 1426 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1427 if (copyin(namelenp, &namelen, sizeof (namelen)) || 1428 (name == NULL && namelen != 0)) { 1429 error = EFAULT; 1430 goto rel_out; 1431 } 1432 /* 1433 * If a connect or accept has been done, unless we're an Xnet socket, 1434 * the remote address has already been updated in so_faddr_sa. 1435 */ 1436 if (so->so_version != SOV_SOCKSTREAM && so->so_version != SOV_SOCKBSD || 1437 !(so->so_state & SS_FADDR_VALID)) { 1438 if ((error = SOP_GETPEERNAME(so)) != 0) 1439 goto rel_out; 1440 } 1441 1442 if (so->so_faddr_maxlen <= sizeof (sin)) { 1443 size = 0; 1444 addr = &sin; 1445 } else { 1446 /* 1447 * Allocate temporary to avoid holding so_lock across 1448 * copyout 1449 */ 1450 size = so->so_faddr_maxlen; 1451 addr = kmem_alloc(size, KM_SLEEP); 1452 } 1453 /* Prevent so_faddr_sa/len from changing while accessed */ 1454 mutex_enter(&so->so_lock); 1455 if (!(so->so_state & SS_ISCONNECTED)) { 1456 mutex_exit(&so->so_lock); 1457 error = ENOTCONN; 1458 goto free_out; 1459 } 1460 addrlen = so->so_faddr_len; 1461 bcopy(so->so_faddr_sa, addr, addrlen); 1462 mutex_exit(&so->so_lock); 1463 1464 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1465 error = copyout_name(name, namelen, namelenp, addr, 1466 (so->so_state & SS_FADDR_NOXLATE) ? 0 : addrlen); 1467 free_out: 1468 if (size != 0) 1469 kmem_free(addr, size); 1470 rel_out: 1471 releasef(sock); 1472 bad: return (error != 0 ? set_errno(error) : 0); 1473 } 1474 1475 /*ARGSUSED3*/ 1476 int 1477 getsockname(int sock, struct sockaddr *name, 1478 socklen_t *namelenp, int version) 1479 { 1480 struct sonode *so; 1481 int error; 1482 socklen_t namelen; 1483 union { 1484 struct sockaddr_in sin; 1485 struct sockaddr_in6 sin6; 1486 } sin; /* Temporary buffer, common case */ 1487 void *addr; /* Temporary buffer, uncommon case */ 1488 socklen_t addrlen, size; 1489 1490 dprint(1, ("getsockname(%d, %p, %p)\n", 1491 sock, name, namelenp)); 1492 1493 if ((so = getsonode(sock, &error, NULL)) == NULL) 1494 goto bad; 1495 1496 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1497 if (copyin(namelenp, &namelen, sizeof (namelen)) || 1498 (name == NULL && namelen != 0)) { 1499 error = EFAULT; 1500 goto rel_out; 1501 } 1502 1503 /* 1504 * If a bind or accept has been done, unless we're an Xnet endpoint, 1505 * the local address has already been updated in so_laddr_sa. 1506 */ 1507 if ((so->so_version != SOV_SOCKSTREAM && 1508 so->so_version != SOV_SOCKBSD) || 1509 !(so->so_state & SS_LADDR_VALID)) { 1510 if ((error = SOP_GETSOCKNAME(so)) != 0) 1511 goto rel_out; 1512 } 1513 1514 if (so->so_laddr_maxlen <= sizeof (sin)) { 1515 size = 0; 1516 addr = &sin; 1517 } else { 1518 /* 1519 * Allocate temporary to avoid holding so_lock across 1520 * copyout 1521 */ 1522 size = so->so_laddr_maxlen; 1523 addr = kmem_alloc(size, KM_SLEEP); 1524 } 1525 /* Prevent so_laddr_sa/len from changing while accessed */ 1526 mutex_enter(&so->so_lock); 1527 addrlen = so->so_laddr_len; 1528 bcopy(so->so_laddr_sa, addr, addrlen); 1529 mutex_exit(&so->so_lock); 1530 1531 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1532 error = copyout_name(name, namelen, namelenp, 1533 addr, addrlen); 1534 if (size != 0) 1535 kmem_free(addr, size); 1536 rel_out: 1537 releasef(sock); 1538 bad: return (error != 0 ? set_errno(error) : 0); 1539 } 1540 1541 /*ARGSUSED5*/ 1542 int 1543 getsockopt(int sock, 1544 int level, 1545 int option_name, 1546 void *option_value, 1547 socklen_t *option_lenp, 1548 int version) 1549 { 1550 struct sonode *so; 1551 socklen_t optlen, optlen_res; 1552 void *optval; 1553 int error; 1554 1555 dprint(1, ("getsockopt(%d, %d, %d, %p, %p)\n", 1556 sock, level, option_name, option_value, option_lenp)); 1557 1558 if ((so = getsonode(sock, &error, NULL)) == NULL) 1559 return (set_errno(error)); 1560 1561 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1562 if (copyin(option_lenp, &optlen, sizeof (optlen))) { 1563 releasef(sock); 1564 return (set_errno(EFAULT)); 1565 } 1566 /* 1567 * Verify that the length is not excessive to prevent 1568 * an application from consuming all of kernel memory. 1569 */ 1570 if (optlen > SO_MAXARGSIZE) { 1571 error = EINVAL; 1572 releasef(sock); 1573 return (set_errno(error)); 1574 } 1575 optval = kmem_alloc(optlen, KM_SLEEP); 1576 optlen_res = optlen; 1577 error = SOP_GETSOCKOPT(so, level, option_name, optval, 1578 &optlen_res, (version != SOV_XPG4_2) ? 0 : _SOGETSOCKOPT_XPG4_2); 1579 releasef(sock); 1580 if (error) { 1581 kmem_free(optval, optlen); 1582 return (set_errno(error)); 1583 } 1584 error = copyout_arg(option_value, optlen, option_lenp, 1585 optval, optlen_res); 1586 kmem_free(optval, optlen); 1587 if (error) 1588 return (set_errno(error)); 1589 return (0); 1590 } 1591 1592 /*ARGSUSED5*/ 1593 int 1594 setsockopt(int sock, 1595 int level, 1596 int option_name, 1597 void *option_value, 1598 socklen_t option_len, 1599 int version) 1600 { 1601 struct sonode *so; 1602 intptr_t buffer[2]; 1603 void *optval = NULL; 1604 int error; 1605 1606 dprint(1, ("setsockopt(%d, %d, %d, %p, %d)\n", 1607 sock, level, option_name, option_value, option_len)); 1608 1609 if ((so = getsonode(sock, &error, NULL)) == NULL) 1610 return (set_errno(error)); 1611 1612 if (option_value != NULL) { 1613 if (option_len != 0) { 1614 /* 1615 * Verify that the length is not excessive to prevent 1616 * an application from consuming all of kernel memory. 1617 */ 1618 if (option_len > SO_MAXARGSIZE) { 1619 error = EINVAL; 1620 goto done2; 1621 } 1622 optval = option_len <= sizeof (buffer) ? 1623 &buffer : kmem_alloc((size_t)option_len, KM_SLEEP); 1624 ASSERT(MUTEX_NOT_HELD(&so->so_lock)); 1625 if (copyin(option_value, optval, (size_t)option_len)) { 1626 error = EFAULT; 1627 goto done1; 1628 } 1629 } 1630 } else 1631 option_len = 0; 1632 1633 error = SOP_SETSOCKOPT(so, level, option_name, optval, 1634 (t_uscalar_t)option_len); 1635 done1: 1636 if (optval != buffer) 1637 kmem_free(optval, (size_t)option_len); 1638 done2: 1639 releasef(sock); 1640 if (error) 1641 return (set_errno(error)); 1642 return (0); 1643 } 1644 1645 /* 1646 * Add config info when devpath is non-NULL; delete info when devpath is NULL. 1647 * devpath is a user address. 1648 */ 1649 int 1650 sockconfig(int domain, int type, int protocol, char *devpath) 1651 { 1652 char *kdevpath; /* Copied in devpath string */ 1653 size_t kdevpathlen; 1654 int error = 0; 1655 1656 dprint(1, ("sockconfig(%d, %d, %d, %p)\n", 1657 domain, type, protocol, devpath)); 1658 1659 if (secpolicy_net_config(CRED(), B_FALSE) != 0) 1660 return (set_errno(EPERM)); 1661 1662 if (devpath == NULL) { 1663 /* Deleting an entry */ 1664 kdevpath = NULL; 1665 kdevpathlen = 0; 1666 } else { 1667 /* 1668 * Adding an entry. 1669 * Copyin the devpath. 1670 * This also makes it possible to check for too long pathnames. 1671 * Compress the space needed for the devpath before passing it 1672 * to soconfig - soconfig will store the string until 1673 * the configuration is removed. 1674 */ 1675 char *buf; 1676 1677 buf = kmem_alloc(MAXPATHLEN, KM_SLEEP); 1678 if ((error = copyinstr(devpath, buf, MAXPATHLEN, 1679 &kdevpathlen)) != 0) { 1680 kmem_free(buf, MAXPATHLEN); 1681 goto done; 1682 } 1683 1684 kdevpath = kmem_alloc(kdevpathlen, KM_SLEEP); 1685 bcopy(buf, kdevpath, kdevpathlen); 1686 kdevpath[kdevpathlen - 1] = '\0'; 1687 1688 kmem_free(buf, MAXPATHLEN); 1689 } 1690 error = soconfig(domain, type, protocol, kdevpath, (int)kdevpathlen); 1691 done: 1692 if (error) { 1693 eprintline(error); 1694 return (set_errno(error)); 1695 } 1696 return (0); 1697 } 1698 1699 1700 /* 1701 * Sendfile is implemented through two schemes, direct I/O or by 1702 * caching in the filesystem page cache. We cache the input file by 1703 * default and use direct I/O only if sendfile_max_size is set 1704 * appropriately as explained below. Note that this logic is consistent 1705 * with other filesystems where caching is turned on by default 1706 * unless explicitly turned off by using the DIRECTIO ioctl. 1707 * 1708 * We choose a slightly different scheme here. One can turn off 1709 * caching by setting sendfile_max_size to 0. One can also enable 1710 * caching of files <= sendfile_max_size by setting sendfile_max_size 1711 * to an appropriate value. By default sendfile_max_size is set to the 1712 * maximum value so that all files are cached. In future, we may provide 1713 * better interfaces for caching the file. 1714 * 1715 * Sendfile through Direct I/O (Zero copy) 1716 * -------------------------------------- 1717 * 1718 * As disks are normally slower than the network, we can't have a 1719 * single thread that reads the disk and writes to the network. We 1720 * need to have parallelism. This is done by having the sendfile 1721 * thread create another thread that reads from the filesystem 1722 * and queues it for network processing. In this scheme, the data 1723 * is never copied anywhere i.e it is zero copy unlike the other 1724 * scheme. 1725 * 1726 * We have a sendfile queue (snfq) where each sendfile 1727 * request (snf_req_t) is queued for processing by a thread. Number 1728 * of threads is dynamically allocated and they exit if they are idling 1729 * beyond a specified amount of time. When each request (snf_req_t) is 1730 * processed by a thread, it produces a number of mblk_t structures to 1731 * be consumed by the sendfile thread. snf_deque and snf_enque are 1732 * used for consuming and producing mblks. Size of the filesystem 1733 * read is determined by the tuneable (sendfile_read_size). A single 1734 * mblk holds sendfile_read_size worth of data (except the last 1735 * read of the file) which is sent down as a whole to the network. 1736 * sendfile_read_size is set to 1 MB as this seems to be the optimal 1737 * value for the UFS filesystem backed by a striped storage array. 1738 * 1739 * Synchronisation between read (producer) and write (consumer) threads. 1740 * -------------------------------------------------------------------- 1741 * 1742 * sr_lock protects sr_ib_head and sr_ib_tail. The lock is held while 1743 * adding and deleting items in this list. Error can happen anytime 1744 * during read or write. There could be unprocessed mblks in the 1745 * sr_ib_XXX list when a read or write error occurs. Whenever error 1746 * is encountered, we need two things to happen : 1747 * 1748 * a) One of the threads need to clean the mblks. 1749 * b) When one thread encounters an error, the other should stop. 1750 * 1751 * For (a), we don't want to penalise the reader thread as it could do 1752 * some useful work processing other requests. For (b), the error can 1753 * be detected by examining sr_read_error or sr_write_error. 1754 * sr_lock protects sr_read_error and sr_write_error. If both reader and 1755 * writer encounters error, we need to report the write error back to 1756 * the application as that's what would have happened if the operations 1757 * were done sequentially. With this in mind, following should work : 1758 * 1759 * - Check for errors before read or write. 1760 * - If the reader encounters error, set the error in sr_read_error. 1761 * Check sr_write_error, if it is set, send cv_signal as it is 1762 * waiting for reader to complete. If it is not set, the writer 1763 * is either running sinking data to the network or blocked 1764 * because of flow control. For handling the latter case, we 1765 * always send a signal. In any case, it will examine sr_read_error 1766 * and return. sr_read_error is marked with SR_READ_DONE to tell 1767 * the writer that the reader is done in all the cases. 1768 * - If the writer encounters error, set the error in sr_write_error. 1769 * The reader thread is either blocked because of flow control or 1770 * running reading data from the disk. For the former, we need to 1771 * wakeup the thread. Again to keep it simple, we always wake up 1772 * the reader thread. Then, wait for the read thread to complete 1773 * if it is not done yet. Cleanup and return. 1774 * 1775 * High and low water marks for the read thread. 1776 * -------------------------------------------- 1777 * 1778 * If sendfile() is used to send data over a slow network, we need to 1779 * make sure that the read thread does not produce data at a faster 1780 * rate than the network. This can happen if the disk is faster than 1781 * the network. In such a case, we don't want to build a very large queue. 1782 * But we would still like to get all of the network throughput possible. 1783 * This implies that network should never block waiting for data. 1784 * As there are lot of disk throughput/network throughput combinations 1785 * possible, it is difficult to come up with an accurate number. 1786 * A typical 10K RPM disk has a max seek latency 17ms and rotational 1787 * latency of 3ms for reading a disk block. Thus, the total latency to 1788 * initiate a new read, transfer data from the disk and queue for 1789 * transmission would take about a max of 25ms. Todays max transfer rate 1790 * for network is 100MB/sec. If the thread is blocked because of flow 1791 * control, it would take 25ms to get new data ready for transmission. 1792 * We have to make sure that network is not idling, while we are initiating 1793 * new transfers. So, at 100MB/sec, to keep network busy we would need 1794 * 2.5MB of data. Roundig off, we keep the low water mark to be 3MB of data. 1795 * We need to pick a high water mark so that the woken up thread would 1796 * do considerable work before blocking again to prevent thrashing. Currently, 1797 * we pick this to be 10 times that of the low water mark. 1798 * 1799 * Sendfile with segmap caching (One copy from page cache to mblks). 1800 * ---------------------------------------------------------------- 1801 * 1802 * We use the segmap cache for caching the file, if the size of file 1803 * is <= sendfile_max_size. In this case we don't use threads as VM 1804 * is reasonably fast enough to keep up with the network. If the underlying 1805 * transport allows, we call segmap_getmapflt() to map MAXBSIZE (8K) worth 1806 * of data into segmap space, and use the virtual address from segmap 1807 * directly through desballoc() to avoid copy. Once the transport is done 1808 * with the data, the mapping will be released through segmap_release() 1809 * called by the call-back routine. 1810 * 1811 * If zero-copy is not allowed by the transport, we simply call VOP_READ() 1812 * to copy the data from the filesystem into our temporary network buffer. 1813 * 1814 * To disable caching, set sendfile_max_size to 0. 1815 */ 1816 1817 uint_t sendfile_read_size = 1024 * 1024; 1818 #define SENDFILE_REQ_LOWAT 3 * 1024 * 1024 1819 uint_t sendfile_req_lowat = SENDFILE_REQ_LOWAT; 1820 uint_t sendfile_req_hiwat = 10 * SENDFILE_REQ_LOWAT; 1821 struct sendfile_stats sf_stats; 1822 struct sendfile_queue *snfq; 1823 clock_t snfq_timeout; 1824 off64_t sendfile_max_size; 1825 1826 static void snf_enque(snf_req_t *, mblk_t *); 1827 static mblk_t *snf_deque(snf_req_t *); 1828 1829 void 1830 sendfile_init(void) 1831 { 1832 snfq = kmem_zalloc(sizeof (struct sendfile_queue), KM_SLEEP); 1833 1834 mutex_init(&snfq->snfq_lock, NULL, MUTEX_DEFAULT, NULL); 1835 cv_init(&snfq->snfq_cv, NULL, CV_DEFAULT, NULL); 1836 snfq->snfq_max_threads = max_ncpus; 1837 snfq_timeout = SNFQ_TIMEOUT; 1838 /* Cache all files by default. */ 1839 sendfile_max_size = MAXOFFSET_T; 1840 } 1841 1842 /* 1843 * Queues a mblk_t for network processing. 1844 */ 1845 static void 1846 snf_enque(snf_req_t *sr, mblk_t *mp) 1847 { 1848 mp->b_next = NULL; 1849 mutex_enter(&sr->sr_lock); 1850 if (sr->sr_mp_head == NULL) { 1851 sr->sr_mp_head = sr->sr_mp_tail = mp; 1852 cv_signal(&sr->sr_cv); 1853 } else { 1854 sr->sr_mp_tail->b_next = mp; 1855 sr->sr_mp_tail = mp; 1856 } 1857 sr->sr_qlen += MBLKL(mp); 1858 while ((sr->sr_qlen > sr->sr_hiwat) && 1859 (sr->sr_write_error == 0)) { 1860 sf_stats.ss_full_waits++; 1861 cv_wait(&sr->sr_cv, &sr->sr_lock); 1862 } 1863 mutex_exit(&sr->sr_lock); 1864 } 1865 1866 /* 1867 * De-queues a mblk_t for network processing. 1868 */ 1869 static mblk_t * 1870 snf_deque(snf_req_t *sr) 1871 { 1872 mblk_t *mp; 1873 1874 mutex_enter(&sr->sr_lock); 1875 /* 1876 * If we have encountered an error on read or read is 1877 * completed and no more mblks, return NULL. 1878 * We need to check for NULL sr_mp_head also as 1879 * the reads could have completed and there is 1880 * nothing more to come. 1881 */ 1882 if (((sr->sr_read_error & ~SR_READ_DONE) != 0) || 1883 ((sr->sr_read_error & SR_READ_DONE) && 1884 sr->sr_mp_head == NULL)) { 1885 mutex_exit(&sr->sr_lock); 1886 return (NULL); 1887 } 1888 /* 1889 * To start with neither SR_READ_DONE is marked nor 1890 * the error is set. When we wake up from cv_wait, 1891 * following are the possibilities : 1892 * 1893 * a) sr_read_error is zero and mblks are queued. 1894 * b) sr_read_error is set to SR_READ_DONE 1895 * and mblks are queued. 1896 * c) sr_read_error is set to SR_READ_DONE 1897 * and no mblks. 1898 * d) sr_read_error is set to some error other 1899 * than SR_READ_DONE. 1900 */ 1901 1902 while ((sr->sr_read_error == 0) && (sr->sr_mp_head == NULL)) { 1903 sf_stats.ss_empty_waits++; 1904 cv_wait(&sr->sr_cv, &sr->sr_lock); 1905 } 1906 /* Handle (a) and (b) first - the normal case. */ 1907 if (((sr->sr_read_error & ~SR_READ_DONE) == 0) && 1908 (sr->sr_mp_head != NULL)) { 1909 mp = sr->sr_mp_head; 1910 sr->sr_mp_head = mp->b_next; 1911 sr->sr_qlen -= MBLKL(mp); 1912 if (sr->sr_qlen < sr->sr_lowat) 1913 cv_signal(&sr->sr_cv); 1914 mutex_exit(&sr->sr_lock); 1915 mp->b_next = NULL; 1916 return (mp); 1917 } 1918 /* Handle (c) and (d). */ 1919 mutex_exit(&sr->sr_lock); 1920 return (NULL); 1921 } 1922 1923 /* 1924 * Reads data from the filesystem and queues it for network processing. 1925 */ 1926 void 1927 snf_async_read(snf_req_t *sr) 1928 { 1929 size_t iosize; 1930 u_offset_t fileoff; 1931 u_offset_t size; 1932 int ret_size; 1933 int error; 1934 file_t *fp; 1935 mblk_t *mp; 1936 1937 fp = sr->sr_fp; 1938 size = sr->sr_file_size; 1939 fileoff = sr->sr_file_off; 1940 1941 /* 1942 * Ignore the error for filesystems that doesn't support DIRECTIO. 1943 */ 1944 (void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_ON, 0, 1945 kcred, NULL); 1946 1947 while ((size != 0) && (sr->sr_write_error == 0)) { 1948 1949 iosize = (int)MIN(sr->sr_maxpsz, size); 1950 1951 if ((mp = allocb(iosize, BPRI_MED)) == NULL) { 1952 error = EAGAIN; 1953 break; 1954 } 1955 ret_size = soreadfile(fp, mp->b_rptr, fileoff, &error, iosize); 1956 1957 /* Error or Reached EOF ? */ 1958 if ((error != 0) || (ret_size == 0)) { 1959 freeb(mp); 1960 break; 1961 } 1962 mp->b_wptr = mp->b_rptr + ret_size; 1963 1964 snf_enque(sr, mp); 1965 size -= ret_size; 1966 fileoff += ret_size; 1967 } 1968 (void) VOP_IOCTL(fp->f_vnode, _FIODIRECTIO, DIRECTIO_OFF, 0, 1969 kcred, NULL); 1970 mutex_enter(&sr->sr_lock); 1971 sr->sr_read_error = error; 1972 sr->sr_read_error |= SR_READ_DONE; 1973 cv_signal(&sr->sr_cv); 1974 mutex_exit(&sr->sr_lock); 1975 } 1976 1977 void 1978 snf_async_thread(void) 1979 { 1980 snf_req_t *sr; 1981 callb_cpr_t cprinfo; 1982 clock_t time_left = 1; 1983 clock_t now; 1984 1985 CALLB_CPR_INIT(&cprinfo, &snfq->snfq_lock, callb_generic_cpr, "snfq"); 1986 1987 mutex_enter(&snfq->snfq_lock); 1988 for (;;) { 1989 /* 1990 * If we didn't find a entry, then block until woken up 1991 * again and then look through the queues again. 1992 */ 1993 while ((sr = snfq->snfq_req_head) == NULL) { 1994 CALLB_CPR_SAFE_BEGIN(&cprinfo); 1995 if (time_left <= 0) { 1996 snfq->snfq_svc_threads--; 1997 CALLB_CPR_EXIT(&cprinfo); 1998 thread_exit(); 1999 /* NOTREACHED */ 2000 } 2001 snfq->snfq_idle_cnt++; 2002 2003 time_to_wait(&now, snfq_timeout); 2004 time_left = cv_timedwait(&snfq->snfq_cv, 2005 &snfq->snfq_lock, now); 2006 snfq->snfq_idle_cnt--; 2007 2008 CALLB_CPR_SAFE_END(&cprinfo, &snfq->snfq_lock); 2009 } 2010 snfq->snfq_req_head = sr->sr_next; 2011 snfq->snfq_req_cnt--; 2012 mutex_exit(&snfq->snfq_lock); 2013 snf_async_read(sr); 2014 mutex_enter(&snfq->snfq_lock); 2015 } 2016 } 2017 2018 2019 snf_req_t * 2020 create_thread(int operation, struct vnode *vp, file_t *fp, 2021 u_offset_t fileoff, u_offset_t size) 2022 { 2023 snf_req_t *sr; 2024 stdata_t *stp; 2025 2026 sr = (snf_req_t *)kmem_zalloc(sizeof (snf_req_t), KM_SLEEP); 2027 2028 sr->sr_vp = vp; 2029 sr->sr_fp = fp; 2030 stp = vp->v_stream; 2031 2032 /* 2033 * store sd_qn_maxpsz into sr_maxpsz while we have stream head. 2034 * stream might be closed before thread returns from snf_async_read. 2035 */ 2036 if (stp->sd_qn_maxpsz > 0) { 2037 sr->sr_maxpsz = MIN(MAXBSIZE, stp->sd_qn_maxpsz); 2038 } else { 2039 sr->sr_maxpsz = MAXBSIZE; 2040 } 2041 2042 sr->sr_operation = operation; 2043 sr->sr_file_off = fileoff; 2044 sr->sr_file_size = size; 2045 sr->sr_hiwat = sendfile_req_hiwat; 2046 sr->sr_lowat = sendfile_req_lowat; 2047 mutex_init(&sr->sr_lock, NULL, MUTEX_DEFAULT, NULL); 2048 cv_init(&sr->sr_cv, NULL, CV_DEFAULT, NULL); 2049 /* 2050 * See whether we need another thread for servicing this 2051 * request. If there are already enough requests queued 2052 * for the threads, create one if not exceeding 2053 * snfq_max_threads. 2054 */ 2055 mutex_enter(&snfq->snfq_lock); 2056 if (snfq->snfq_req_cnt >= snfq->snfq_idle_cnt && 2057 snfq->snfq_svc_threads < snfq->snfq_max_threads) { 2058 (void) thread_create(NULL, 0, &snf_async_thread, 0, 0, &p0, 2059 TS_RUN, minclsyspri); 2060 snfq->snfq_svc_threads++; 2061 } 2062 if (snfq->snfq_req_head == NULL) { 2063 snfq->snfq_req_head = snfq->snfq_req_tail = sr; 2064 cv_signal(&snfq->snfq_cv); 2065 } else { 2066 snfq->snfq_req_tail->sr_next = sr; 2067 snfq->snfq_req_tail = sr; 2068 } 2069 snfq->snfq_req_cnt++; 2070 mutex_exit(&snfq->snfq_lock); 2071 return (sr); 2072 } 2073 2074 int 2075 snf_direct_io(file_t *fp, file_t *rfp, u_offset_t fileoff, u_offset_t size, 2076 ssize_t *count) 2077 { 2078 snf_req_t *sr; 2079 mblk_t *mp; 2080 int iosize; 2081 int error = 0; 2082 short fflag; 2083 struct vnode *vp; 2084 int ksize; 2085 2086 ksize = 0; 2087 *count = 0; 2088 2089 vp = fp->f_vnode; 2090 fflag = fp->f_flag; 2091 if ((sr = create_thread(READ_OP, vp, rfp, fileoff, size)) == NULL) 2092 return (EAGAIN); 2093 2094 /* 2095 * We check for read error in snf_deque. It has to check 2096 * for successful READ_DONE and return NULL, and we might 2097 * as well make an additional check there. 2098 */ 2099 while ((mp = snf_deque(sr)) != NULL) { 2100 2101 if (ISSIG(curthread, JUSTLOOKING)) { 2102 freeb(mp); 2103 error = EINTR; 2104 break; 2105 } 2106 iosize = MBLKL(mp); 2107 2108 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2109 freeb(mp); 2110 break; 2111 } 2112 ksize += iosize; 2113 } 2114 *count = ksize; 2115 2116 mutex_enter(&sr->sr_lock); 2117 sr->sr_write_error = error; 2118 /* Look at the big comments on why we cv_signal here. */ 2119 cv_signal(&sr->sr_cv); 2120 2121 /* Wait for the reader to complete always. */ 2122 while (!(sr->sr_read_error & SR_READ_DONE)) { 2123 cv_wait(&sr->sr_cv, &sr->sr_lock); 2124 } 2125 /* If there is no write error, check for read error. */ 2126 if (error == 0) 2127 error = (sr->sr_read_error & ~SR_READ_DONE); 2128 2129 if (error != 0) { 2130 mblk_t *next_mp; 2131 2132 mp = sr->sr_mp_head; 2133 while (mp != NULL) { 2134 next_mp = mp->b_next; 2135 mp->b_next = NULL; 2136 freeb(mp); 2137 mp = next_mp; 2138 } 2139 } 2140 mutex_exit(&sr->sr_lock); 2141 kmem_free(sr, sizeof (snf_req_t)); 2142 return (error); 2143 } 2144 2145 typedef struct { 2146 frtn_t snfi_frtn; 2147 caddr_t snfi_base; 2148 uint_t snfi_mapoff; 2149 size_t snfi_len; 2150 vnode_t *snfi_vp; 2151 } snf_smap_desbinfo; 2152 2153 /* 2154 * The callback function when the last ref of the mblk is dropped, 2155 * normally occurs when TCP receives the ack. But it can be the driver 2156 * too due to lazy reclaim. 2157 */ 2158 void 2159 snf_smap_desbfree(snf_smap_desbinfo *snfi) 2160 { 2161 if (!segmap_kpm) { 2162 /* 2163 * We don't need to call segmap_fault(F_SOFTUNLOCK) for 2164 * segmap_kpm as long as the latter never falls back to 2165 * "use_segmap_range". (See segmap_getmapflt().) 2166 * 2167 * Using S_OTHER saves an redundant hat_setref() in 2168 * segmap_unlock() 2169 */ 2170 (void) segmap_fault(kas.a_hat, segkmap, 2171 (caddr_t)(uintptr_t)(((uintptr_t)snfi->snfi_base + 2172 snfi->snfi_mapoff) & PAGEMASK), snfi->snfi_len, 2173 F_SOFTUNLOCK, S_OTHER); 2174 } 2175 (void) segmap_release(segkmap, snfi->snfi_base, SM_DONTNEED); 2176 VN_RELE(snfi->snfi_vp); 2177 kmem_free(snfi, sizeof (*snfi)); 2178 } 2179 2180 /* 2181 * Use segmap instead of bcopy to send down a chain of desballoca'ed, mblks. 2182 * Each mblk contains a segmap slot of no more than MAXBSIZE. The total 2183 * length of a chain is no more than sd_qn_maxpsz. 2184 * 2185 * At the end of the whole sendfile() operation, we wait till the data from 2186 * the last mblk is ack'ed by the transport before returning so that the 2187 * caller of sendfile() can safely modify the file content. 2188 */ 2189 int 2190 snf_segmap(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t size, 2191 uint_t maxpsz, ssize_t *count, boolean_t nowait) 2192 { 2193 caddr_t base; 2194 int mapoff; 2195 vnode_t *vp; 2196 mblk_t *mp, *mp1; 2197 int iosize, iosize1; 2198 int error; 2199 short fflag; 2200 int ksize; 2201 snf_smap_desbinfo *snfi; 2202 struct vattr va; 2203 boolean_t dowait = B_FALSE; 2204 2205 vp = fp->f_vnode; 2206 fflag = fp->f_flag; 2207 ksize = 0; 2208 for (;;) { 2209 if (ISSIG(curthread, JUSTLOOKING)) { 2210 error = EINTR; 2211 break; 2212 } 2213 iosize = 0; 2214 mp = NULL; 2215 do { 2216 mapoff = fileoff & MAXBOFFSET; 2217 iosize1 = MAXBSIZE - mapoff; 2218 if (iosize1 > size) 2219 iosize1 = size; 2220 /* 2221 * we don't forcefault because we'll call 2222 * segmap_fault(F_SOFTLOCK) next. 2223 * 2224 * S_READ will get the ref bit set (by either 2225 * segmap_getmapflt() or segmap_fault()) and page 2226 * shared locked. 2227 */ 2228 base = segmap_getmapflt(segkmap, fvp, fileoff, iosize1, 2229 segmap_kpm ? SM_FAULT : 0, S_READ); 2230 2231 snfi = kmem_alloc(sizeof (*snfi), KM_SLEEP); 2232 snfi->snfi_len = (size_t)roundup(mapoff+iosize1, 2233 PAGESIZE)- (mapoff & PAGEMASK); 2234 /* 2235 * We must call segmap_fault() even for segmap_kpm 2236 * because that's how error gets returned. 2237 * (segmap_getmapflt() never fails but segmap_fault() 2238 * does.) 2239 */ 2240 if (segmap_fault(kas.a_hat, segkmap, 2241 (caddr_t)(uintptr_t)(((uintptr_t)base + mapoff) & 2242 PAGEMASK), snfi->snfi_len, F_SOFTLOCK, 2243 S_READ) != 0) { 2244 (void) segmap_release(segkmap, base, 0); 2245 kmem_free(snfi, sizeof (*snfi)); 2246 freemsg(mp); 2247 error = EIO; 2248 goto out; 2249 } 2250 snfi->snfi_frtn.free_func = snf_smap_desbfree; 2251 snfi->snfi_frtn.free_arg = (caddr_t)snfi; 2252 snfi->snfi_base = base; 2253 snfi->snfi_mapoff = mapoff; 2254 mp1 = esballoca((uchar_t *)base + mapoff, 2255 iosize1, BPRI_HI, &snfi->snfi_frtn); 2256 2257 if (mp1 == NULL) { 2258 (void) segmap_fault(kas.a_hat, segkmap, 2259 (caddr_t)(uintptr_t)(((uintptr_t)base + 2260 mapoff) & PAGEMASK), snfi->snfi_len, 2261 F_SOFTUNLOCK, S_OTHER); 2262 (void) segmap_release(segkmap, base, 0); 2263 kmem_free(snfi, sizeof (*snfi)); 2264 freemsg(mp); 2265 error = EAGAIN; 2266 goto out; 2267 } 2268 VN_HOLD(fvp); 2269 snfi->snfi_vp = fvp; 2270 mp1->b_wptr += iosize1; 2271 2272 /* Mark this dblk with the zero-copy flag */ 2273 mp1->b_datap->db_struioflag |= STRUIO_ZC; 2274 if (mp == NULL) 2275 mp = mp1; 2276 else 2277 linkb(mp, mp1); 2278 iosize += iosize1; 2279 fileoff += iosize1; 2280 size -= iosize1; 2281 } while (iosize < maxpsz && size != 0); 2282 2283 if (size == 0 && !nowait) { 2284 ASSERT(!dowait); 2285 dowait = B_TRUE; 2286 mp1->b_datap->db_struioflag |= STRUIO_ZCNOTIFY; 2287 } 2288 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2289 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2290 *count = ksize; 2291 freemsg(mp); 2292 return (error); 2293 } 2294 ksize += iosize; 2295 if (size == 0) 2296 goto done; 2297 2298 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2299 va.va_mask = AT_SIZE; 2300 error = VOP_GETATTR(fvp, &va, 0, kcred); 2301 if (error) 2302 break; 2303 /* Read as much as possible. */ 2304 if (fileoff >= va.va_size) 2305 break; 2306 if (size + fileoff > va.va_size) 2307 size = va.va_size - fileoff; 2308 } 2309 out: 2310 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2311 done: 2312 *count = ksize; 2313 if (dowait) { 2314 stdata_t *stp; 2315 2316 stp = vp->v_stream; 2317 mutex_enter(&stp->sd_lock); 2318 while (!(stp->sd_flag & STZCNOTIFY)) { 2319 if (cv_wait_sig(&stp->sd_zcopy_wait, 2320 &stp->sd_lock) == 0) { 2321 error = EINTR; 2322 break; 2323 } 2324 } 2325 stp->sd_flag &= ~STZCNOTIFY; 2326 mutex_exit(&stp->sd_lock); 2327 } 2328 return (error); 2329 } 2330 2331 int 2332 snf_cache(file_t *fp, vnode_t *fvp, u_offset_t fileoff, u_offset_t size, 2333 uint_t maxpsz, ssize_t *count) 2334 { 2335 struct vnode *vp; 2336 mblk_t *mp; 2337 int iosize; 2338 int error; 2339 short fflag; 2340 int ksize; 2341 int ioflag; 2342 struct uio auio; 2343 struct iovec aiov; 2344 struct vattr va; 2345 2346 vp = fp->f_vnode; 2347 fflag = fp->f_flag; 2348 ksize = 0; 2349 auio.uio_iov = &aiov; 2350 auio.uio_iovcnt = 1; 2351 auio.uio_segflg = UIO_SYSSPACE; 2352 auio.uio_llimit = MAXOFFSET_T; 2353 auio.uio_fmode = fflag; 2354 auio.uio_extflg = UIO_COPY_CACHED; 2355 ioflag = auio.uio_fmode & (FSYNC|FDSYNC|FRSYNC); 2356 /* If read sync is not asked for, filter sync flags */ 2357 if ((ioflag & FRSYNC) == 0) 2358 ioflag &= ~(FSYNC|FDSYNC); 2359 for (;;) { 2360 if (ISSIG(curthread, JUSTLOOKING)) { 2361 error = EINTR; 2362 break; 2363 } 2364 iosize = (int)MIN(maxpsz, size); 2365 if ((mp = allocb(iosize, BPRI_MED)) == NULL) { 2366 error = EAGAIN; 2367 break; 2368 } 2369 aiov.iov_base = (caddr_t)mp->b_rptr; 2370 aiov.iov_len = iosize; 2371 auio.uio_loffset = fileoff; 2372 auio.uio_resid = iosize; 2373 2374 error = VOP_READ(fvp, &auio, ioflag, fp->f_cred, NULL); 2375 iosize -= auio.uio_resid; 2376 2377 if (error == EINTR && iosize != 0) 2378 error = 0; 2379 2380 if (error != 0 || iosize == 0) { 2381 freeb(mp); 2382 break; 2383 } 2384 mp->b_wptr = mp->b_rptr + iosize; 2385 2386 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2387 if ((error = kstrwritemp(vp, mp, fflag)) != 0) { 2388 *count = ksize; 2389 freeb(mp); 2390 return (error); 2391 } 2392 ksize += iosize; 2393 size -= iosize; 2394 if (size == 0) 2395 goto done; 2396 2397 fileoff += iosize; 2398 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2399 va.va_mask = AT_SIZE; 2400 error = VOP_GETATTR(fvp, &va, 0, kcred); 2401 if (error) 2402 break; 2403 /* Read as much as possible. */ 2404 if (fileoff >= va.va_size) 2405 size = 0; 2406 else if (size + fileoff > va.va_size) 2407 size = va.va_size - fileoff; 2408 } 2409 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2410 done: 2411 *count = ksize; 2412 return (error); 2413 } 2414 2415 #if defined(_SYSCALL32_IMPL) || defined(_ILP32) 2416 /* 2417 * Largefile support for 32 bit applications only. 2418 */ 2419 int 2420 sosendfile64(file_t *fp, file_t *rfp, const struct ksendfilevec64 *sfv, 2421 ssize32_t *count32) 2422 { 2423 ssize32_t sfv_len; 2424 u_offset_t sfv_off, va_size; 2425 struct vnode *vp, *fvp, *realvp; 2426 struct vattr va; 2427 stdata_t *stp; 2428 ssize_t count = 0; 2429 int error = 0; 2430 boolean_t dozcopy = B_FALSE; 2431 uint_t maxpsz; 2432 2433 sfv_len = (ssize32_t)sfv->sfv_len; 2434 if (sfv_len < 0) { 2435 error = EINVAL; 2436 goto out; 2437 } 2438 2439 if (sfv_len == 0) goto out; 2440 2441 sfv_off = (u_offset_t)sfv->sfv_off; 2442 2443 /* Same checks as in pread */ 2444 if (sfv_off > MAXOFFSET_T) { 2445 error = EINVAL; 2446 goto out; 2447 } 2448 if (sfv_off + sfv_len > MAXOFFSET_T) 2449 sfv_len = (ssize32_t)(MAXOFFSET_T - sfv_off); 2450 2451 /* 2452 * There are no more checks on sfv_len. So, we cast it to 2453 * u_offset_t and share the snf_direct_io/snf_cache code between 2454 * 32 bit and 64 bit. 2455 * 2456 * TODO: should do nbl_need_check() like read()? 2457 */ 2458 if (sfv_len > sendfile_max_size) { 2459 sf_stats.ss_file_not_cached++; 2460 error = snf_direct_io(fp, rfp, sfv_off, (u_offset_t)sfv_len, 2461 &count); 2462 goto out; 2463 } 2464 fvp = rfp->f_vnode; 2465 if (VOP_REALVP(fvp, &realvp) == 0) 2466 fvp = realvp; 2467 /* 2468 * Grab the lock as a reader to prevent the file size 2469 * from changing underneath. 2470 */ 2471 (void) VOP_RWLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2472 va.va_mask = AT_SIZE; 2473 error = VOP_GETATTR(fvp, &va, 0, kcred); 2474 va_size = va.va_size; 2475 if ((error != 0) || (va_size == 0) || (sfv_off >= va_size)) { 2476 VOP_RWUNLOCK(fvp, V_WRITELOCK_FALSE, NULL); 2477 goto out; 2478 } 2479 /* Read as much as possible. */ 2480 if (sfv_off + sfv_len > va_size) 2481 sfv_len = va_size - sfv_off; 2482 2483 vp = fp->f_vnode; 2484 stp = vp->v_stream; 2485 if (stp->sd_qn_maxpsz == INFPSZ) 2486 maxpsz = MAXOFF32_T; 2487 else 2488 maxpsz = roundup(stp->sd_qn_maxpsz, MAXBSIZE); 2489 /* 2490 * When the NOWAIT flag is not set, we enable zero-copy only if the 2491 * transfer size is large enough. This prevents performance loss 2492 * when the caller sends the file piece by piece. 2493 */ 2494 if (sfv_len >= MAXBSIZE && (sfv_len >= (va_size >> 1) || 2495 (sfv->sfv_flag & SFV_NOWAIT) || sfv_len >= 0x1000000) && 2496 !vn_has_flocks(fvp)) { 2497 if ((stp->sd_copyflag & (STZCVMSAFE|STZCVMUNSAFE)) == 0) { 2498 int on = 1; 2499 2500 if (SOP_SETSOCKOPT(VTOSO(vp), SOL_SOCKET, 2501 SO_SND_COPYAVOID, &on, sizeof (on)) == 0) 2502 dozcopy = B_TRUE; 2503 } else { 2504 dozcopy = (stp->sd_copyflag & STZCVMSAFE); 2505 } 2506 } 2507 if (dozcopy) { 2508 sf_stats.ss_file_segmap++; 2509 error = snf_segmap(fp, fvp, sfv_off, (u_offset_t)sfv_len, 2510 maxpsz, &count, ((sfv->sfv_flag & SFV_NOWAIT) != 0)); 2511 } else { 2512 sf_stats.ss_file_cached++; 2513 error = snf_cache(fp, fvp, sfv_off, (u_offset_t)sfv_len, 2514 maxpsz, &count); 2515 } 2516 out: 2517 releasef(sfv->sfv_fd); 2518 *count32 = (ssize32_t)count; 2519 return (error); 2520 } 2521 #endif 2522 2523 #ifdef _SYSCALL32_IMPL 2524 /* 2525 * recv32(), recvfrom32(), send32(), sendto32(): intentionally return a 2526 * ssize_t rather than ssize32_t; see the comments above read32 for details. 2527 */ 2528 2529 ssize_t 2530 recv32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags) 2531 { 2532 return (recv(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags)); 2533 } 2534 2535 ssize_t 2536 recvfrom32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags, 2537 caddr32_t name, caddr32_t namelenp) 2538 { 2539 return (recvfrom(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags, 2540 (void *)(uintptr_t)name, (void *)(uintptr_t)namelenp)); 2541 } 2542 2543 ssize_t 2544 send32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags) 2545 { 2546 return (send(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags)); 2547 } 2548 2549 ssize_t 2550 sendto32(int32_t sock, caddr32_t buffer, size32_t len, int32_t flags, 2551 caddr32_t name, socklen_t namelen) 2552 { 2553 return (sendto(sock, (void *)(uintptr_t)buffer, (ssize32_t)len, flags, 2554 (void *)(uintptr_t)name, namelen)); 2555 } 2556 #endif /* _SYSCALL32_IMPL */ 2557 2558 /* 2559 * Function wrappers (mostly arround the sonode switch) for 2560 * backward compatibility. 2561 */ 2562 2563 int 2564 soaccept(struct sonode *so, int fflag, struct sonode **nsop) 2565 { 2566 return (SOP_ACCEPT(so, fflag, nsop)); 2567 } 2568 2569 int 2570 sobind(struct sonode *so, struct sockaddr *name, socklen_t namelen, 2571 int backlog, int flags) 2572 { 2573 int error; 2574 2575 error = SOP_BIND(so, name, namelen, flags); 2576 if (error == 0 && backlog != 0) 2577 return (SOP_LISTEN(so, backlog)); 2578 2579 return (error); 2580 } 2581 2582 int 2583 solisten(struct sonode *so, int backlog) 2584 { 2585 return (SOP_LISTEN(so, backlog)); 2586 } 2587 2588 int 2589 soconnect(struct sonode *so, const struct sockaddr *name, socklen_t namelen, 2590 int fflag, int flags) 2591 { 2592 return (SOP_CONNECT(so, name, namelen, fflag, flags)); 2593 } 2594 2595 int 2596 sorecvmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop) 2597 { 2598 return (SOP_RECVMSG(so, msg, uiop)); 2599 } 2600 2601 int 2602 sosendmsg(struct sonode *so, struct nmsghdr *msg, struct uio *uiop) 2603 { 2604 return (SOP_SENDMSG(so, msg, uiop)); 2605 } 2606 2607 int 2608 sogetpeername(struct sonode *so) 2609 { 2610 return (SOP_GETPEERNAME(so)); 2611 } 2612 2613 int 2614 sogetsockname(struct sonode *so) 2615 { 2616 return (SOP_GETSOCKNAME(so)); 2617 } 2618 2619 int 2620 soshutdown(struct sonode *so, int how) 2621 { 2622 return (SOP_SHUTDOWN(so, how)); 2623 } 2624 2625 int 2626 sogetsockopt(struct sonode *so, int level, int option_name, void *optval, 2627 socklen_t *optlenp, int flags) 2628 { 2629 return (SOP_GETSOCKOPT(so, level, option_name, optval, optlenp, 2630 flags)); 2631 } 2632 2633 int 2634 sosetsockopt(struct sonode *so, int level, int option_name, const void *optval, 2635 t_uscalar_t optlen) 2636 { 2637 return (SOP_SETSOCKOPT(so, level, option_name, optval, optlen)); 2638 } 2639 2640 /* 2641 * Because this is backward compatibility interface it only needs to be 2642 * able to handle the creation of TPI sockfs sockets. 2643 */ 2644 struct sonode * 2645 socreate(vnode_t *accessvp, int domain, int type, int protocol, int version, 2646 struct sonode *tso, int *errorp) 2647 { 2648 return (sotpi_create(accessvp, domain, type, protocol, version, tso, 2649 errorp)); 2650 } 2651