uipc_syscalls.c revision 1.130.2.3 1 /* $NetBSD: uipc_syscalls.c,v 1.130.2.3 2010/03/11 15:04:20 yamt Exp $ */
2
3 /*-
4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Andrew Doran.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 /*
33 * Copyright (c) 1982, 1986, 1989, 1990, 1993
34 * The Regents of the University of California. All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)uipc_syscalls.c 8.6 (Berkeley) 2/14/95
61 */
62
63 #include <sys/cdefs.h>
64 __KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.130.2.3 2010/03/11 15:04:20 yamt Exp $");
65
66 #include "opt_pipe.h"
67
68 #include <sys/param.h>
69 #include <sys/systm.h>
70 #include <sys/filedesc.h>
71 #include <sys/proc.h>
72 #include <sys/file.h>
73 #include <sys/buf.h>
74 #include <sys/malloc.h>
75 #include <sys/mbuf.h>
76 #include <sys/protosw.h>
77 #include <sys/socket.h>
78 #include <sys/socketvar.h>
79 #include <sys/signalvar.h>
80 #include <sys/un.h>
81 #include <sys/ktrace.h>
82 #include <sys/event.h>
83 #include <sys/kauth.h>
84
85 #include <sys/mount.h>
86 #include <sys/syscallargs.h>
87
88 #include <uvm/uvm_extern.h>
89
90 /*
91 * System call interface to the socket abstraction.
92 */
93 extern const struct fileops socketops;
94
95 int
96 sys___socket30(struct lwp *l, const struct sys___socket30_args *uap, register_t *retval)
97 {
98 /* {
99 syscallarg(int) domain;
100 syscallarg(int) type;
101 syscallarg(int) protocol;
102 } */
103 int fd, error;
104
105 error = fsocreate(SCARG(uap, domain), NULL, SCARG(uap, type),
106 SCARG(uap, protocol), l, &fd);
107 if (error == 0)
108 *retval = fd;
109 return error;
110 }
111
112 /* ARGSUSED */
113 int
114 sys_bind(struct lwp *l, const struct sys_bind_args *uap, register_t *retval)
115 {
116 /* {
117 syscallarg(int) s;
118 syscallarg(const struct sockaddr *) name;
119 syscallarg(unsigned int) namelen;
120 } */
121 struct mbuf *nam;
122 int error;
123
124 error = sockargs(&nam, SCARG(uap, name), SCARG(uap, namelen),
125 MT_SONAME);
126 if (error)
127 return error;
128
129 return do_sys_bind(l, SCARG(uap, s), nam);
130 }
131
132 int
133 do_sys_bind(struct lwp *l, int fd, struct mbuf *nam)
134 {
135 struct socket *so;
136 int error;
137
138 if ((error = fd_getsock(fd, &so)) != 0) {
139 m_freem(nam);
140 return (error);
141 }
142 MCLAIM(nam, so->so_mowner);
143 error = sobind(so, nam, l);
144 m_freem(nam);
145 fd_putfile(fd);
146 return error;
147 }
148
149 /* ARGSUSED */
150 int
151 sys_listen(struct lwp *l, const struct sys_listen_args *uap, register_t *retval)
152 {
153 /* {
154 syscallarg(int) s;
155 syscallarg(int) backlog;
156 } */
157 struct socket *so;
158 int error;
159
160 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
161 return (error);
162 error = solisten(so, SCARG(uap, backlog), l);
163 fd_putfile(SCARG(uap, s));
164 return error;
165 }
166
167 int
168 do_sys_accept(struct lwp *l, int sock, struct mbuf **name, register_t *new_sock)
169 {
170 file_t *fp, *fp2;
171 struct mbuf *nam;
172 int error, fd;
173 struct socket *so, *so2;
174 short wakeup_state = 0;
175
176 if ((fp = fd_getfile(sock)) == NULL)
177 return (EBADF);
178 if (fp->f_type != DTYPE_SOCKET) {
179 fd_putfile(sock);
180 return (ENOTSOCK);
181 }
182 if ((error = fd_allocfile(&fp2, &fd)) != 0) {
183 fd_putfile(sock);
184 return (error);
185 }
186 nam = m_get(M_WAIT, MT_SONAME);
187 *new_sock = fd;
188 so = fp->f_data;
189 solock(so);
190 if (!(so->so_proto->pr_flags & PR_LISTEN)) {
191 error = EOPNOTSUPP;
192 goto bad;
193 }
194 if ((so->so_options & SO_ACCEPTCONN) == 0) {
195 error = EINVAL;
196 goto bad;
197 }
198 if (so->so_nbio && so->so_qlen == 0) {
199 error = EWOULDBLOCK;
200 goto bad;
201 }
202 while (so->so_qlen == 0 && so->so_error == 0) {
203 if (so->so_state & SS_CANTRCVMORE) {
204 so->so_error = ECONNABORTED;
205 break;
206 }
207 if (wakeup_state & SS_RESTARTSYS) {
208 error = ERESTART;
209 goto bad;
210 }
211 error = sowait(so, true, 0);
212 if (error) {
213 goto bad;
214 }
215 wakeup_state = so->so_state;
216 }
217 if (so->so_error) {
218 error = so->so_error;
219 so->so_error = 0;
220 goto bad;
221 }
222 /* connection has been removed from the listen queue */
223 KNOTE(&so->so_rcv.sb_sel.sel_klist, NOTE_SUBMIT);
224 so2 = TAILQ_FIRST(&so->so_q);
225 if (soqremque(so2, 1) == 0)
226 panic("accept");
227 fp2->f_type = DTYPE_SOCKET;
228 fp2->f_flag = fp->f_flag;
229 fp2->f_ops = &socketops;
230 fp2->f_data = so2;
231 error = soaccept(so2, nam);
232 so2->so_cred = kauth_cred_dup(so->so_cred);
233 sounlock(so);
234 if (error) {
235 /* an error occurred, free the file descriptor and mbuf */
236 m_freem(nam);
237 mutex_enter(&fp2->f_lock);
238 fp2->f_count++;
239 mutex_exit(&fp2->f_lock);
240 closef(fp2);
241 fd_abort(curproc, NULL, fd);
242 } else {
243 fd_affix(curproc, fp2, fd);
244 *name = nam;
245 }
246 fd_putfile(sock);
247 return (error);
248 bad:
249 sounlock(so);
250 m_freem(nam);
251 fd_putfile(sock);
252 fd_abort(curproc, fp2, fd);
253 return (error);
254 }
255
256 int
257 sys_accept(struct lwp *l, const struct sys_accept_args *uap, register_t *retval)
258 {
259 /* {
260 syscallarg(int) s;
261 syscallarg(struct sockaddr *) name;
262 syscallarg(unsigned int *) anamelen;
263 } */
264 int error, fd;
265 struct mbuf *name;
266
267 error = do_sys_accept(l, SCARG(uap, s), &name, retval);
268 if (error != 0)
269 return error;
270 error = copyout_sockname(SCARG(uap, name), SCARG(uap, anamelen),
271 MSG_LENUSRSPACE, name);
272 if (name != NULL)
273 m_free(name);
274 if (error != 0) {
275 fd = (int)*retval;
276 if (fd_getfile(fd) != NULL)
277 (void)fd_close(fd);
278 }
279 return error;
280 }
281
282 /* ARGSUSED */
283 int
284 sys_connect(struct lwp *l, const struct sys_connect_args *uap, register_t *retval)
285 {
286 /* {
287 syscallarg(int) s;
288 syscallarg(const struct sockaddr *) name;
289 syscallarg(unsigned int) namelen;
290 } */
291 int error;
292 struct mbuf *nam;
293
294 error = sockargs(&nam, SCARG(uap, name), SCARG(uap, namelen),
295 MT_SONAME);
296 if (error)
297 return error;
298 return do_sys_connect(l, SCARG(uap, s), nam);
299 }
300
301 int
302 do_sys_connect(struct lwp *l, int fd, struct mbuf *nam)
303 {
304 struct socket *so;
305 int error;
306 int interrupted = 0;
307
308 if ((error = fd_getsock(fd, &so)) != 0) {
309 m_freem(nam);
310 return (error);
311 }
312 solock(so);
313 MCLAIM(nam, so->so_mowner);
314 if ((so->so_state & SS_ISCONNECTING) != 0) {
315 error = EALREADY;
316 goto out;
317 }
318
319 error = soconnect(so, nam, l);
320 if (error)
321 goto bad;
322 if (so->so_nbio && (so->so_state & SS_ISCONNECTING) != 0) {
323 error = EINPROGRESS;
324 goto out;
325 }
326 while ((so->so_state & SS_ISCONNECTING) != 0 && so->so_error == 0) {
327 error = sowait(so, true, 0);
328 if (__predict_false((so->so_state & SS_ISABORTING) != 0)) {
329 error = EPIPE;
330 interrupted = 1;
331 break;
332 }
333 if (error) {
334 if (error == EINTR || error == ERESTART)
335 interrupted = 1;
336 break;
337 }
338 }
339 if (error == 0) {
340 error = so->so_error;
341 so->so_error = 0;
342 }
343 bad:
344 if (!interrupted)
345 so->so_state &= ~SS_ISCONNECTING;
346 if (error == ERESTART)
347 error = EINTR;
348 out:
349 sounlock(so);
350 fd_putfile(fd);
351 m_freem(nam);
352 return (error);
353 }
354
355 int
356 sys_socketpair(struct lwp *l, const struct sys_socketpair_args *uap, register_t *retval)
357 {
358 /* {
359 syscallarg(int) domain;
360 syscallarg(int) type;
361 syscallarg(int) protocol;
362 syscallarg(int *) rsv;
363 } */
364 file_t *fp1, *fp2;
365 struct socket *so1, *so2;
366 int fd, error, sv[2];
367 proc_t *p;
368
369 p = curproc;
370 error = socreate(SCARG(uap, domain), &so1, SCARG(uap, type),
371 SCARG(uap, protocol), l, NULL);
372 if (error)
373 return (error);
374 error = socreate(SCARG(uap, domain), &so2, SCARG(uap, type),
375 SCARG(uap, protocol), l, so1);
376 if (error)
377 goto free1;
378 if ((error = fd_allocfile(&fp1, &fd)) != 0)
379 goto free2;
380 sv[0] = fd;
381 fp1->f_flag = FREAD|FWRITE;
382 fp1->f_type = DTYPE_SOCKET;
383 fp1->f_ops = &socketops;
384 fp1->f_data = so1;
385 if ((error = fd_allocfile(&fp2, &fd)) != 0)
386 goto free3;
387 fp2->f_flag = FREAD|FWRITE;
388 fp2->f_type = DTYPE_SOCKET;
389 fp2->f_ops = &socketops;
390 fp2->f_data = so2;
391 sv[1] = fd;
392 solock(so1);
393 error = soconnect2(so1, so2);
394 if (error == 0 && SCARG(uap, type) == SOCK_DGRAM) {
395 /*
396 * Datagram socket connection is asymmetric.
397 */
398 error = soconnect2(so2, so1);
399 }
400 sounlock(so1);
401 if (error == 0)
402 error = copyout(sv, SCARG(uap, rsv), 2 * sizeof(int));
403 if (error == 0) {
404 fd_affix(p, fp2, sv[1]);
405 fd_affix(p, fp1, sv[0]);
406 return (0);
407 }
408 fd_abort(p, fp2, sv[1]);
409 free3:
410 fd_abort(p, fp1, sv[0]);
411 free2:
412 (void)soclose(so2);
413 free1:
414 (void)soclose(so1);
415 return (error);
416 }
417
418 int
419 sys_sendto(struct lwp *l, const struct sys_sendto_args *uap, register_t *retval)
420 {
421 /* {
422 syscallarg(int) s;
423 syscallarg(const void *) buf;
424 syscallarg(size_t) len;
425 syscallarg(int) flags;
426 syscallarg(const struct sockaddr *) to;
427 syscallarg(unsigned int) tolen;
428 } */
429 struct msghdr msg;
430 struct iovec aiov;
431
432 msg.msg_name = __UNCONST(SCARG(uap, to)); /* XXXUNCONST kills const */
433 msg.msg_namelen = SCARG(uap, tolen);
434 msg.msg_iov = &aiov;
435 msg.msg_iovlen = 1;
436 msg.msg_control = NULL;
437 msg.msg_flags = 0;
438 aiov.iov_base = __UNCONST(SCARG(uap, buf)); /* XXXUNCONST kills const */
439 aiov.iov_len = SCARG(uap, len);
440 return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), retval);
441 }
442
443 int
444 sys_sendmsg(struct lwp *l, const struct sys_sendmsg_args *uap, register_t *retval)
445 {
446 /* {
447 syscallarg(int) s;
448 syscallarg(const struct msghdr *) msg;
449 syscallarg(int) flags;
450 } */
451 struct msghdr msg;
452 int error;
453
454 error = copyin(SCARG(uap, msg), &msg, sizeof(msg));
455 if (error)
456 return (error);
457
458 msg.msg_flags = MSG_IOVUSRSPACE;
459 return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), retval);
460 }
461
462 int
463 do_sys_sendmsg(struct lwp *l, int s, struct msghdr *mp, int flags,
464 register_t *retsize)
465 {
466 struct uio auio;
467 int i, len, error, iovlen;
468 struct mbuf *to, *control;
469 struct socket *so;
470 struct iovec *tiov;
471 struct iovec aiov[UIO_SMALLIOV], *iov = aiov;
472 struct iovec *ktriov = NULL;
473
474 ktrkuser("msghdr", mp, sizeof *mp);
475
476 /* If the caller passed us stuff in mbufs, we must free them */
477 if (mp->msg_flags & MSG_NAMEMBUF)
478 to = mp->msg_name;
479 else
480 to = NULL;
481
482 if (mp->msg_flags & MSG_CONTROLMBUF)
483 control = mp->msg_control;
484 else
485 control = NULL;
486
487 if (mp->msg_flags & MSG_IOVUSRSPACE) {
488 if ((unsigned int)mp->msg_iovlen > UIO_SMALLIOV) {
489 if ((unsigned int)mp->msg_iovlen > IOV_MAX) {
490 error = EMSGSIZE;
491 goto bad;
492 }
493 iov = malloc(sizeof(struct iovec) * mp->msg_iovlen,
494 M_IOV, M_WAITOK);
495 }
496 if (mp->msg_iovlen != 0) {
497 error = copyin(mp->msg_iov, iov,
498 (size_t)(mp->msg_iovlen * sizeof(struct iovec)));
499 if (error)
500 goto bad;
501 }
502 mp->msg_iov = iov;
503 }
504
505 auio.uio_iov = mp->msg_iov;
506 auio.uio_iovcnt = mp->msg_iovlen;
507 auio.uio_rw = UIO_WRITE;
508 auio.uio_offset = 0; /* XXX */
509 auio.uio_resid = 0;
510 KASSERT(l == curlwp);
511 auio.uio_vmspace = l->l_proc->p_vmspace;
512
513 for (i = 0, tiov = mp->msg_iov; i < mp->msg_iovlen; i++, tiov++) {
514 #if 0
515 /* cannot happen; iov_len is unsigned */
516 if (tiov->iov_len < 0) {
517 error = EINVAL;
518 goto bad;
519 }
520 #endif
521 /*
522 * Writes return ssize_t because -1 is returned on error.
523 * Therefore, we must restrict the length to SSIZE_MAX to
524 * avoid garbage return values.
525 */
526 auio.uio_resid += tiov->iov_len;
527 if (tiov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
528 error = EINVAL;
529 goto bad;
530 }
531 }
532
533 if (mp->msg_name && to == NULL) {
534 error = sockargs(&to, mp->msg_name, mp->msg_namelen,
535 MT_SONAME);
536 if (error)
537 goto bad;
538 }
539
540 if (mp->msg_control) {
541 if (mp->msg_controllen < CMSG_ALIGN(sizeof(struct cmsghdr))) {
542 error = EINVAL;
543 goto bad;
544 }
545 if (control == NULL) {
546 error = sockargs(&control, mp->msg_control,
547 mp->msg_controllen, MT_CONTROL);
548 if (error)
549 goto bad;
550 }
551 }
552
553 if (ktrpoint(KTR_GENIO)) {
554 iovlen = auio.uio_iovcnt * sizeof(struct iovec);
555 ktriov = malloc(iovlen, M_TEMP, M_WAITOK);
556 memcpy(ktriov, auio.uio_iov, iovlen);
557 }
558
559 if ((error = fd_getsock(s, &so)) != 0)
560 goto bad;
561
562 if (mp->msg_name)
563 MCLAIM(to, so->so_mowner);
564 if (mp->msg_control)
565 MCLAIM(control, so->so_mowner);
566
567 len = auio.uio_resid;
568 error = (*so->so_send)(so, to, &auio, NULL, control, flags, l);
569 /* Protocol is responsible for freeing 'control' */
570 control = NULL;
571
572 fd_putfile(s);
573
574 if (error) {
575 if (auio.uio_resid != len && (error == ERESTART ||
576 error == EINTR || error == EWOULDBLOCK))
577 error = 0;
578 if (error == EPIPE && (flags & MSG_NOSIGNAL) == 0) {
579 mutex_enter(proc_lock);
580 psignal(l->l_proc, SIGPIPE);
581 mutex_exit(proc_lock);
582 }
583 }
584 if (error == 0)
585 *retsize = len - auio.uio_resid;
586
587 bad:
588 if (ktriov != NULL) {
589 ktrgeniov(s, UIO_WRITE, ktriov, *retsize, error);
590 free(ktriov, M_TEMP);
591 }
592
593 if (iov != aiov)
594 free(iov, M_IOV);
595 if (to)
596 m_freem(to);
597 if (control)
598 m_freem(control);
599
600 return (error);
601 }
602
603 int
604 sys_recvfrom(struct lwp *l, const struct sys_recvfrom_args *uap, register_t *retval)
605 {
606 /* {
607 syscallarg(int) s;
608 syscallarg(void *) buf;
609 syscallarg(size_t) len;
610 syscallarg(int) flags;
611 syscallarg(struct sockaddr *) from;
612 syscallarg(unsigned int *) fromlenaddr;
613 } */
614 struct msghdr msg;
615 struct iovec aiov;
616 int error;
617 struct mbuf *from;
618
619 msg.msg_name = NULL;
620 msg.msg_iov = &aiov;
621 msg.msg_iovlen = 1;
622 aiov.iov_base = SCARG(uap, buf);
623 aiov.iov_len = SCARG(uap, len);
624 msg.msg_control = NULL;
625 msg.msg_flags = SCARG(uap, flags) & MSG_USERFLAGS;
626
627 error = do_sys_recvmsg(l, SCARG(uap, s), &msg, &from, NULL, retval);
628 if (error != 0)
629 return error;
630
631 error = copyout_sockname(SCARG(uap, from), SCARG(uap, fromlenaddr),
632 MSG_LENUSRSPACE, from);
633 if (from != NULL)
634 m_free(from);
635 return error;
636 }
637
638 int
639 sys_recvmsg(struct lwp *l, const struct sys_recvmsg_args *uap, register_t *retval)
640 {
641 /* {
642 syscallarg(int) s;
643 syscallarg(struct msghdr *) msg;
644 syscallarg(int) flags;
645 } */
646 struct msghdr msg;
647 int error;
648 struct mbuf *from, *control;
649
650 error = copyin(SCARG(uap, msg), &msg, sizeof(msg));
651 if (error)
652 return (error);
653
654 msg.msg_flags = (SCARG(uap, flags) & MSG_USERFLAGS) | MSG_IOVUSRSPACE;
655
656 error = do_sys_recvmsg(l, SCARG(uap, s), &msg, &from,
657 msg.msg_control != NULL ? &control : NULL, retval);
658 if (error != 0)
659 return error;
660
661 if (msg.msg_control != NULL)
662 error = copyout_msg_control(l, &msg, control);
663
664 if (error == 0)
665 error = copyout_sockname(msg.msg_name, &msg.msg_namelen, 0,
666 from);
667 if (from != NULL)
668 m_free(from);
669 if (error == 0) {
670 ktrkuser("msghdr", &msg, sizeof msg);
671 error = copyout(&msg, SCARG(uap, msg), sizeof(msg));
672 }
673
674 return (error);
675 }
676
677 /*
678 * Adjust for a truncated SCM_RIGHTS control message.
679 * This means closing any file descriptors that aren't present
680 * in the returned buffer.
681 * m is the mbuf holding the (already externalized) SCM_RIGHTS message.
682 */
683 static void
684 free_rights(struct mbuf *m)
685 {
686 int nfd;
687 int i;
688 int *fdv;
689
690 nfd = m->m_len < CMSG_SPACE(sizeof(int)) ? 0
691 : (m->m_len - CMSG_SPACE(sizeof(int))) / sizeof(int) + 1;
692 fdv = (int *) CMSG_DATA(mtod(m,struct cmsghdr *));
693 for (i = 0; i < nfd; i++) {
694 if (fd_getfile(fdv[i]) != NULL)
695 (void)fd_close(fdv[i]);
696 }
697 }
698
699 void
700 free_control_mbuf(struct lwp *l, struct mbuf *control, struct mbuf *uncopied)
701 {
702 struct mbuf *next;
703 struct cmsghdr *cmsg;
704 bool do_free_rights = false;
705
706 while (control != NULL) {
707 cmsg = mtod(control, struct cmsghdr *);
708 if (control == uncopied)
709 do_free_rights = true;
710 if (do_free_rights && cmsg->cmsg_level == SOL_SOCKET
711 && cmsg->cmsg_type == SCM_RIGHTS)
712 free_rights(control);
713 next = control->m_next;
714 m_free(control);
715 control = next;
716 }
717 }
718
719 /* Copy socket control/CMSG data to user buffer, frees the mbuf */
720 int
721 copyout_msg_control(struct lwp *l, struct msghdr *mp, struct mbuf *control)
722 {
723 int i, len, error = 0;
724 struct cmsghdr *cmsg;
725 struct mbuf *m;
726 char *q;
727
728 len = mp->msg_controllen;
729 if (len <= 0 || control == 0) {
730 mp->msg_controllen = 0;
731 free_control_mbuf(l, control, control);
732 return 0;
733 }
734
735 q = (char *)mp->msg_control;
736
737 for (m = control; m != NULL; ) {
738 cmsg = mtod(m, struct cmsghdr *);
739 i = m->m_len;
740 if (len < i) {
741 mp->msg_flags |= MSG_CTRUNC;
742 if (cmsg->cmsg_level == SOL_SOCKET
743 && cmsg->cmsg_type == SCM_RIGHTS)
744 /* Do not truncate me ... */
745 break;
746 i = len;
747 }
748 error = copyout(mtod(m, void *), q, i);
749 ktrkuser("msgcontrol", mtod(m, void *), i);
750 if (error != 0) {
751 /* We must free all the SCM_RIGHTS */
752 m = control;
753 break;
754 }
755 m = m->m_next;
756 if (m)
757 i = ALIGN(i);
758 q += i;
759 len -= i;
760 if (len <= 0)
761 break;
762 }
763
764 free_control_mbuf(l, control, m);
765
766 mp->msg_controllen = q - (char *)mp->msg_control;
767 return error;
768 }
769
770 int
771 do_sys_recvmsg(struct lwp *l, int s, struct msghdr *mp, struct mbuf **from,
772 struct mbuf **control, register_t *retsize)
773 {
774 struct uio auio;
775 struct iovec aiov[UIO_SMALLIOV], *iov = aiov;
776 struct iovec *tiov;
777 int i, len, error, iovlen;
778 struct socket *so;
779 struct iovec *ktriov;
780
781 ktrkuser("msghdr", mp, sizeof *mp);
782
783 *from = NULL;
784 if (control != NULL)
785 *control = NULL;
786
787 if ((error = fd_getsock(s, &so)) != 0)
788 return (error);
789
790 if (mp->msg_flags & MSG_IOVUSRSPACE) {
791 if ((unsigned int)mp->msg_iovlen > UIO_SMALLIOV) {
792 if ((unsigned int)mp->msg_iovlen > IOV_MAX) {
793 error = EMSGSIZE;
794 goto out;
795 }
796 iov = malloc(sizeof(struct iovec) * mp->msg_iovlen,
797 M_IOV, M_WAITOK);
798 }
799 if (mp->msg_iovlen != 0) {
800 error = copyin(mp->msg_iov, iov,
801 (size_t)(mp->msg_iovlen * sizeof(struct iovec)));
802 if (error)
803 goto out;
804 }
805 auio.uio_iov = iov;
806 } else
807 auio.uio_iov = mp->msg_iov;
808 auio.uio_iovcnt = mp->msg_iovlen;
809 auio.uio_rw = UIO_READ;
810 auio.uio_offset = 0; /* XXX */
811 auio.uio_resid = 0;
812 KASSERT(l == curlwp);
813 auio.uio_vmspace = l->l_proc->p_vmspace;
814
815 tiov = auio.uio_iov;
816 for (i = 0; i < mp->msg_iovlen; i++, tiov++) {
817 #if 0
818 /* cannot happen iov_len is unsigned */
819 if (tiov->iov_len < 0) {
820 error = EINVAL;
821 goto out;
822 }
823 #endif
824 /*
825 * Reads return ssize_t because -1 is returned on error.
826 * Therefore we must restrict the length to SSIZE_MAX to
827 * avoid garbage return values.
828 */
829 auio.uio_resid += tiov->iov_len;
830 if (tiov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
831 error = EINVAL;
832 goto out;
833 }
834 }
835
836 ktriov = NULL;
837 if (ktrpoint(KTR_GENIO)) {
838 iovlen = auio.uio_iovcnt * sizeof(struct iovec);
839 ktriov = malloc(iovlen, M_TEMP, M_WAITOK);
840 memcpy(ktriov, auio.uio_iov, iovlen);
841 }
842
843 len = auio.uio_resid;
844 mp->msg_flags &= MSG_USERFLAGS;
845 error = (*so->so_receive)(so, from, &auio, NULL, control,
846 &mp->msg_flags);
847 len -= auio.uio_resid;
848 *retsize = len;
849 if (error != 0 && len != 0
850 && (error == ERESTART || error == EINTR || error == EWOULDBLOCK))
851 /* Some data transferred */
852 error = 0;
853
854 if (ktriov != NULL) {
855 ktrgeniov(s, UIO_READ, ktriov, len, error);
856 free(ktriov, M_TEMP);
857 }
858
859 if (error != 0) {
860 m_freem(*from);
861 *from = NULL;
862 if (control != NULL) {
863 free_control_mbuf(l, *control, *control);
864 *control = NULL;
865 }
866 }
867 out:
868 if (iov != aiov)
869 free(iov, M_TEMP);
870 fd_putfile(s);
871 return (error);
872 }
873
874
875 /* ARGSUSED */
876 int
877 sys_shutdown(struct lwp *l, const struct sys_shutdown_args *uap, register_t *retval)
878 {
879 /* {
880 syscallarg(int) s;
881 syscallarg(int) how;
882 } */
883 struct socket *so;
884 int error;
885
886 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
887 return (error);
888 solock(so);
889 error = soshutdown(so, SCARG(uap, how));
890 sounlock(so);
891 fd_putfile(SCARG(uap, s));
892 return (error);
893 }
894
895 /* ARGSUSED */
896 int
897 sys_setsockopt(struct lwp *l, const struct sys_setsockopt_args *uap, register_t *retval)
898 {
899 /* {
900 syscallarg(int) s;
901 syscallarg(int) level;
902 syscallarg(int) name;
903 syscallarg(const void *) val;
904 syscallarg(unsigned int) valsize;
905 } */
906 struct sockopt sopt;
907 struct socket *so;
908 int error;
909 unsigned int len;
910
911 len = SCARG(uap, valsize);
912 if (len > 0 && SCARG(uap, val) == NULL)
913 return (EINVAL);
914
915 if (len > MCLBYTES)
916 return (EINVAL);
917
918 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
919 return (error);
920
921 sockopt_init(&sopt, SCARG(uap, level), SCARG(uap, name), len);
922
923 if (len > 0) {
924 error = copyin(SCARG(uap, val), sopt.sopt_data, len);
925 if (error)
926 goto out;
927 }
928
929 error = sosetopt(so, &sopt);
930
931 out:
932 sockopt_destroy(&sopt);
933 fd_putfile(SCARG(uap, s));
934 return (error);
935 }
936
937 /* ARGSUSED */
938 int
939 sys_getsockopt(struct lwp *l, const struct sys_getsockopt_args *uap, register_t *retval)
940 {
941 /* {
942 syscallarg(int) s;
943 syscallarg(int) level;
944 syscallarg(int) name;
945 syscallarg(void *) val;
946 syscallarg(unsigned int *) avalsize;
947 } */
948 struct sockopt sopt;
949 struct socket *so;
950 unsigned int valsize, len;
951 int error;
952
953 if (SCARG(uap, val) != NULL) {
954 error = copyin(SCARG(uap, avalsize), &valsize, sizeof(valsize));
955 if (error)
956 return (error);
957 } else
958 valsize = 0;
959
960 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
961 return (error);
962
963 sockopt_init(&sopt, SCARG(uap, level), SCARG(uap, name), 0);
964
965 error = sogetopt(so, &sopt);
966 if (error)
967 goto out;
968
969 if (valsize > 0) {
970 len = min(valsize, sopt.sopt_size);
971 error = copyout(sopt.sopt_data, SCARG(uap, val), len);
972 if (error)
973 goto out;
974
975 error = copyout(&len, SCARG(uap, avalsize), sizeof(len));
976 if (error)
977 goto out;
978 }
979
980 out:
981 sockopt_destroy(&sopt);
982 fd_putfile(SCARG(uap, s));
983 return (error);
984 }
985
986 #ifdef PIPE_SOCKETPAIR
987 /* ARGSUSED */
988 int
989 sys_pipe(struct lwp *l, const void *v, register_t *retval)
990 {
991 file_t *rf, *wf;
992 struct socket *rso, *wso;
993 int fd, error;
994 proc_t *p;
995
996 p = curproc;
997 if ((error = socreate(AF_LOCAL, &rso, SOCK_STREAM, 0, l, NULL)) != 0)
998 return (error);
999 if ((error = socreate(AF_LOCAL, &wso, SOCK_STREAM, 0, l, rso)) != 0)
1000 goto free1;
1001 /* remember this socket pair implements a pipe */
1002 wso->so_state |= SS_ISAPIPE;
1003 rso->so_state |= SS_ISAPIPE;
1004 if ((error = fd_allocfile(&rf, &fd)) != 0)
1005 goto free2;
1006 retval[0] = fd;
1007 rf->f_flag = FREAD;
1008 rf->f_type = DTYPE_SOCKET;
1009 rf->f_ops = &socketops;
1010 rf->f_data = rso;
1011 if ((error = fd_allocfile(&wf, &fd)) != 0)
1012 goto free3;
1013 wf->f_flag = FWRITE;
1014 wf->f_type = DTYPE_SOCKET;
1015 wf->f_ops = &socketops;
1016 wf->f_data = wso;
1017 retval[1] = fd;
1018 solock(wso);
1019 error = unp_connect2(wso, rso, PRU_CONNECT2);
1020 sounlock(wso);
1021 if (error != 0)
1022 goto free4;
1023 fd_affix(p, wf, (int)retval[1]);
1024 fd_affix(p, rf, (int)retval[0]);
1025 return (0);
1026 free4:
1027 fd_abort(p, wf, (int)retval[1]);
1028 free3:
1029 fd_abort(p, rf, (int)retval[0]);
1030 free2:
1031 (void)soclose(wso);
1032 free1:
1033 (void)soclose(rso);
1034 return (error);
1035 }
1036 #endif /* PIPE_SOCKETPAIR */
1037
1038 /*
1039 * Get socket name.
1040 */
1041 /* ARGSUSED */
1042 int
1043 do_sys_getsockname(struct lwp *l, int fd, int which, struct mbuf **nam)
1044 {
1045 struct socket *so;
1046 struct mbuf *m;
1047 int error;
1048
1049 if ((error = fd_getsock(fd, &so)) != 0)
1050 return error;
1051
1052 m = m_getclr(M_WAIT, MT_SONAME);
1053 MCLAIM(m, so->so_mowner);
1054
1055 solock(so);
1056 if (which == PRU_PEERADDR
1057 && (so->so_state & (SS_ISCONNECTED | SS_ISCONFIRMING)) == 0) {
1058 error = ENOTCONN;
1059 } else {
1060 *nam = m;
1061 error = (*so->so_proto->pr_usrreq)(so, which, NULL, m, NULL,
1062 NULL);
1063 }
1064 sounlock(so);
1065 if (error != 0)
1066 m_free(m);
1067 fd_putfile(fd);
1068 return error;
1069 }
1070
1071 int
1072 copyout_sockname(struct sockaddr *asa, unsigned int *alen, int flags,
1073 struct mbuf *addr)
1074 {
1075 int len;
1076 int error;
1077
1078 if (asa == NULL)
1079 /* Assume application not interested */
1080 return 0;
1081
1082 if (flags & MSG_LENUSRSPACE) {
1083 error = copyin(alen, &len, sizeof(len));
1084 if (error)
1085 return error;
1086 } else
1087 len = *alen;
1088 if (len < 0)
1089 return EINVAL;
1090
1091 if (addr == NULL) {
1092 len = 0;
1093 error = 0;
1094 } else {
1095 if (len > addr->m_len)
1096 len = addr->m_len;
1097 /* Maybe this ought to copy a chain ? */
1098 ktrkuser("sockname", mtod(addr, void *), len);
1099 error = copyout(mtod(addr, void *), asa, len);
1100 }
1101
1102 if (error == 0) {
1103 if (flags & MSG_LENUSRSPACE)
1104 error = copyout(&len, alen, sizeof(len));
1105 else
1106 *alen = len;
1107 }
1108
1109 return error;
1110 }
1111
1112 /*
1113 * Get socket name.
1114 */
1115 /* ARGSUSED */
1116 int
1117 sys_getsockname(struct lwp *l, const struct sys_getsockname_args *uap, register_t *retval)
1118 {
1119 /* {
1120 syscallarg(int) fdes;
1121 syscallarg(struct sockaddr *) asa;
1122 syscallarg(unsigned int *) alen;
1123 } */
1124 struct mbuf *m;
1125 int error;
1126
1127 error = do_sys_getsockname(l, SCARG(uap, fdes), PRU_SOCKADDR, &m);
1128 if (error != 0)
1129 return error;
1130
1131 error = copyout_sockname(SCARG(uap, asa), SCARG(uap, alen),
1132 MSG_LENUSRSPACE, m);
1133 if (m != NULL)
1134 m_free(m);
1135 return error;
1136 }
1137
1138 /*
1139 * Get name of peer for connected socket.
1140 */
1141 /* ARGSUSED */
1142 int
1143 sys_getpeername(struct lwp *l, const struct sys_getpeername_args *uap, register_t *retval)
1144 {
1145 /* {
1146 syscallarg(int) fdes;
1147 syscallarg(struct sockaddr *) asa;
1148 syscallarg(unsigned int *) alen;
1149 } */
1150 struct mbuf *m;
1151 int error;
1152
1153 error = do_sys_getsockname(l, SCARG(uap, fdes), PRU_PEERADDR, &m);
1154 if (error != 0)
1155 return error;
1156
1157 error = copyout_sockname(SCARG(uap, asa), SCARG(uap, alen),
1158 MSG_LENUSRSPACE, m);
1159 if (m != NULL)
1160 m_free(m);
1161 return error;
1162 }
1163
1164 /*
1165 * XXX In a perfect world, we wouldn't pass around socket control
1166 * XXX arguments in mbufs, and this could go away.
1167 */
1168 int
1169 sockargs(struct mbuf **mp, const void *bf, size_t buflen, int type)
1170 {
1171 struct sockaddr *sa;
1172 struct mbuf *m;
1173 int error;
1174
1175 /*
1176 * We can't allow socket names > UCHAR_MAX in length, since that
1177 * will overflow sa_len. Control data more than a page size in
1178 * length is just too much.
1179 */
1180 if (buflen > (type == MT_SONAME ? UCHAR_MAX : PAGE_SIZE))
1181 return (EINVAL);
1182
1183 /* Allocate an mbuf to hold the arguments. */
1184 m = m_get(M_WAIT, type);
1185 /* can't claim. don't who to assign it to. */
1186 if (buflen > MLEN) {
1187 /*
1188 * Won't fit into a regular mbuf, so we allocate just
1189 * enough external storage to hold the argument.
1190 */
1191 MEXTMALLOC(m, buflen, M_WAITOK);
1192 }
1193 m->m_len = buflen;
1194 error = copyin(bf, mtod(m, void *), buflen);
1195 if (error) {
1196 (void) m_free(m);
1197 return (error);
1198 }
1199 ktrkuser("sockargs", mtod(m, void *), buflen);
1200 *mp = m;
1201 if (type == MT_SONAME) {
1202 sa = mtod(m, struct sockaddr *);
1203 #if BYTE_ORDER != BIG_ENDIAN
1204 /*
1205 * 4.3BSD compat thing - need to stay, since bind(2),
1206 * connect(2), sendto(2) were not versioned for COMPAT_43.
1207 */
1208 if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1209 sa->sa_family = sa->sa_len;
1210 #endif
1211 sa->sa_len = buflen;
1212 }
1213 return (0);
1214 }
1215