2 * Copyright (c) 1982, 1986, 1989, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * From: @(#)uipc_usrreq.c 8.3 (Berkeley) 1/4/94
30 * $FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.54.2.10 2003/03/04 17:28:09 nectar Exp $
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/kernel.h>
36 #include <sys/domain.h>
37 #include <sys/fcntl.h>
38 #include <sys/malloc.h> /* XXX must be before <sys/file.h> */
41 #include <sys/filedesc.h>
43 #include <sys/nlookup.h>
44 #include <sys/protosw.h>
45 #include <sys/socket.h>
46 #include <sys/socketvar.h>
47 #include <sys/resourcevar.h>
49 #include <sys/mount.h>
50 #include <sys/sysctl.h>
52 #include <sys/unpcb.h>
53 #include <sys/vnode.h>
54 #include <sys/kern_syscall.h>
55 #include <sys/taskqueue.h>
57 #include <sys/file2.h>
58 #include <sys/spinlock2.h>
59 #include <sys/socketvar2.h>
60 #include <sys/msgport2.h>
63 * Unix communications domain.
67 * rethink name space problems
68 * need a proper out-of-band
72 * Unix domain sockets GC.
74 * It was originally designed to address following three cases:
75 * 1) Receiving unix domain socket can not accept the rights, e.g.
76 * when the so_rcv is full.
77 * 2) Caller of recvmsg(2) does not pass buffer to receive rights.
78 * 3) Unix domain sockets loop reference, e.g. s1 is on s2.so_rcv,
79 * while s2 on s1.so_rcv.
81 * Code under UNP_GC_ALLFILES is intended to address all above three
82 * cases. However, 1) was addressed a long time ago in uipc_send()
83 * (we inheritted the fix from FreeBSD when DragonFly forked). 2)
84 * was addressed in soreceive() by git-e62cfe62. 3) is the only
85 * case that needs GC. The new code (!UNP_GC_ALLFILES) addresses
86 * case 3) in the following way:
87 * - Record the struct file in unpcb, if the Unix domain socket is
88 * passed as one of the rights.
89 * - At GC time, only unpcbs are scanned, and only Unix domain sockets
90 * that are still used as rights are potential GC targets.
93 #define UNP_DETACHED UNP_PRIVATE1
94 #define UNP_CONNECTING UNP_PRIVATE2
95 #define UNP_DROPPED UNP_PRIVATE3
96 #define UNP_MARKER UNP_PRIVATE4
98 #define UNPGC_REF 0x1 /* unpcb has external ref. */
99 #define UNPGC_DEAD 0x2 /* unpcb might be dead. */
100 #define UNPGC_SCANNED 0x4 /* Has been scanned. */
102 #define UNP_GCFILE_MAX 256
104 /* For unp_internalize() and unp_externalize() */
105 CTASSERT(sizeof(struct file *) >= sizeof(int));
107 #define UNP_ISATTACHED(unp) \
108 ((unp) != NULL && ((unp)->unp_flags & UNP_DETACHED) == 0)
111 #define UNP_ASSERT_TOKEN_HELD(unp) \
112 ASSERT_LWKT_TOKEN_HELD(lwkt_token_pool_lookup((unp)))
113 #else /* !INVARIANTS */
114 #define UNP_ASSERT_TOKEN_HELD(unp)
115 #endif /* INVARIANTS */
117 struct unp_defdiscard {
118 SLIST_ENTRY(unp_defdiscard) next;
121 SLIST_HEAD(unp_defdiscard_list, unp_defdiscard);
123 TAILQ_HEAD(unpcb_qhead, unpcb);
124 struct unp_global_head {
125 struct unpcb_qhead list;
129 static MALLOC_DEFINE(M_UNPCB, "unpcb", "unpcb struct");
130 static unp_gen_t unp_gencnt;
132 static struct unp_global_head unp_stream_head;
133 static struct unp_global_head unp_dgram_head;
134 static struct unp_global_head unp_seqpkt_head;
136 static struct unp_global_head * const unp_heads[] =
137 { &unp_stream_head, &unp_dgram_head, &unp_seqpkt_head, NULL };
139 static struct lwkt_token unp_token = LWKT_TOKEN_INITIALIZER(unp_token);
140 static struct taskqueue *unp_taskqueue;
142 static struct unp_defdiscard_list unp_defdiscard_head;
143 static struct spinlock unp_defdiscard_spin;
144 static struct task unp_defdiscard_task;
146 static struct sockaddr sun_noname = { sizeof(sun_noname), AF_LOCAL };
148 static int unp_attach (struct socket *, struct pru_attach_info *);
149 static void unp_detach (struct unpcb *);
150 static int unp_bind (struct unpcb *,struct sockaddr *, struct thread *);
151 static int unp_connect (struct socket *,struct sockaddr *,
153 static void unp_disconnect(struct unpcb *, int);
154 static void unp_shutdown (struct unpcb *);
155 static void unp_gc(void *, int);
156 #ifdef UNP_GC_ALLFILES
157 static int unp_gc_clearmarks(struct file *, void *);
158 static int unp_gc_checkmarks(struct file *, void *);
159 static int unp_gc_checkrefs(struct file *, void *);
160 static void unp_mark(struct file *, void *data);
162 static void unp_scan (struct mbuf *, void (*)(struct file *, void *),
164 static void unp_discard (struct file *, void *);
165 static int unp_internalize (struct mbuf *, struct thread *);
166 static int unp_listen (struct unpcb *, struct thread *);
167 static void unp_fp_externalize(struct lwp *lp, struct file *fp, int fd,
169 static int unp_find_lockref(struct sockaddr *nam, struct thread *td,
170 short type, struct unpcb **unp_ret);
171 static int unp_connect_pair(struct unpcb *unp, struct unpcb *unp2);
172 static void unp_drop(struct unpcb *unp, int error);
173 static void unp_defdiscard_taskfunc(void *, int);
175 static int unp_rights; /* file descriptors in flight */
176 static struct lwkt_token unp_rights_token =
177 LWKT_TOKEN_INITIALIZER(unp_rights_token);
178 static struct task unp_gc_task;
179 static struct unpcb *unp_gc_marker;
181 SYSCTL_DECL(_net_local);
182 SYSCTL_INT(_net_local, OID_AUTO, inflight, CTLFLAG_RD, &unp_rights, 0,
183 "File descriptors in flight");
186 * SMP Considerations:
188 * Since unp_token will be automaticly released upon execution of
189 * blocking code, we need to reference unp_conn before any possible
190 * blocking code to prevent it from being ripped behind our back.
192 * Any adjustment to unp->unp_conn requires both the global unp_token
193 * AND the per-unp token (lwkt_token_pool_lookup(unp)) to be held.
195 * Any access to so_pcb to obtain unp requires the pool token for
200 unp_reference(struct unpcb *unp)
202 /* 0->1 transition will not work */
203 KKASSERT(unp->unp_refcnt > 0);
204 atomic_add_int(&unp->unp_refcnt, 1);
208 unp_free(struct unpcb *unp)
210 KKASSERT(unp->unp_refcnt > 0);
211 if (atomic_fetchadd_int(&unp->unp_refcnt, -1) == 1)
215 static __inline struct unpcb *
216 unp_getsocktoken(struct socket *so)
221 * The unp pointer is invalid until we verify that it is
222 * good by re-checking so_pcb AFTER obtaining the token.
224 while ((unp = so->so_pcb) != NULL) {
225 lwkt_getpooltoken(unp);
226 if (unp == so->so_pcb)
228 lwkt_relpooltoken(unp);
234 unp_reltoken(struct unpcb *unp)
237 lwkt_relpooltoken(unp);
241 unp_setflags(struct unpcb *unp, int flags)
243 atomic_set_int(&unp->unp_flags, flags);
247 unp_clrflags(struct unpcb *unp, int flags)
249 atomic_clear_int(&unp->unp_flags, flags);
252 static __inline struct unp_global_head *
253 unp_globalhead(short type)
257 return &unp_stream_head;
259 return &unp_dgram_head;
261 return &unp_seqpkt_head;
263 panic("unknown socket type %d", type);
267 static __inline struct unpcb *
268 unp_fp2unpcb(struct file *fp)
272 if (fp->f_type != DTYPE_SOCKET)
279 if (so->so_proto->pr_domain != &localdomain)
286 unp_add_right(struct file *fp)
290 ASSERT_LWKT_TOKEN_HELD(&unp_rights_token);
291 KASSERT(fp->f_count > 0, ("invalid f_count %d", fp->f_count));
293 unp = unp_fp2unpcb(fp);
303 unp_del_right(struct file *fp)
307 ASSERT_LWKT_TOKEN_HELD(&unp_rights_token);
308 KASSERT(fp->f_count > 0, ("invalid f_count %d", fp->f_count));
310 unp = unp_fp2unpcb(fp);
312 KASSERT(unp->unp_msgcount > 0,
313 ("invalid unp msgcount %d", unp->unp_msgcount));
315 if (unp->unp_msgcount == 0)
323 * NOTE: (so) is referenced from soabort*() and netmsg_pru_abort()
324 * will sofree() it when we return.
327 uipc_abort(netmsg_t msg)
332 lwkt_gettoken(&unp_token);
333 unp = unp_getsocktoken(msg->base.nm_so);
335 if (UNP_ISATTACHED(unp)) {
336 unp_drop(unp, ECONNABORTED);
343 lwkt_reltoken(&unp_token);
345 lwkt_replymsg(&msg->lmsg, error);
349 uipc_accept(netmsg_t msg)
354 lwkt_gettoken(&unp_token);
355 unp = unp_getsocktoken(msg->base.nm_so);
357 if (!UNP_ISATTACHED(unp)) {
360 struct unpcb *unp2 = unp->unp_conn;
363 * Pass back name of connected socket,
364 * if it was bound and we are still connected
365 * (our peer may have closed already!).
367 if (unp2 && unp2->unp_addr) {
369 *msg->accept.nm_nam = dup_sockaddr(
370 (struct sockaddr *)unp2->unp_addr);
373 *msg->accept.nm_nam = dup_sockaddr(&sun_noname);
379 lwkt_reltoken(&unp_token);
381 lwkt_replymsg(&msg->lmsg, error);
385 uipc_attach(netmsg_t msg)
389 lwkt_gettoken(&unp_token);
391 KASSERT(msg->base.nm_so->so_pcb == NULL, ("double unp attach"));
392 error = unp_attach(msg->base.nm_so, msg->attach.nm_ai);
394 lwkt_reltoken(&unp_token);
395 lwkt_replymsg(&msg->lmsg, error);
399 uipc_bind(netmsg_t msg)
404 lwkt_gettoken(&unp_token);
405 unp = unp_getsocktoken(msg->base.nm_so);
407 if (UNP_ISATTACHED(unp))
408 error = unp_bind(unp, msg->bind.nm_nam, msg->bind.nm_td);
413 lwkt_reltoken(&unp_token);
415 lwkt_replymsg(&msg->lmsg, error);
419 uipc_connect(netmsg_t msg)
423 error = unp_connect(msg->base.nm_so, msg->connect.nm_nam,
425 lwkt_replymsg(&msg->lmsg, error);
429 uipc_connect2(netmsg_t msg)
433 error = unp_connect2(msg->connect2.nm_so1, msg->connect2.nm_so2);
434 lwkt_replymsg(&msg->lmsg, error);
437 /* control is EOPNOTSUPP */
440 uipc_detach(netmsg_t msg)
445 lwkt_gettoken(&unp_token);
446 unp = unp_getsocktoken(msg->base.nm_so);
448 if (UNP_ISATTACHED(unp)) {
456 lwkt_reltoken(&unp_token);
458 lwkt_replymsg(&msg->lmsg, error);
462 uipc_disconnect(netmsg_t msg)
467 lwkt_gettoken(&unp_token);
468 unp = unp_getsocktoken(msg->base.nm_so);
470 if (UNP_ISATTACHED(unp)) {
471 unp_disconnect(unp, 0);
478 lwkt_reltoken(&unp_token);
480 lwkt_replymsg(&msg->lmsg, error);
484 uipc_listen(netmsg_t msg)
489 lwkt_gettoken(&unp_token);
490 unp = unp_getsocktoken(msg->base.nm_so);
492 if (!UNP_ISATTACHED(unp) || unp->unp_vnode == NULL)
495 error = unp_listen(unp, msg->listen.nm_td);
498 lwkt_reltoken(&unp_token);
500 lwkt_replymsg(&msg->lmsg, error);
504 uipc_peeraddr(netmsg_t msg)
509 lwkt_gettoken(&unp_token);
510 unp = unp_getsocktoken(msg->base.nm_so);
512 if (!UNP_ISATTACHED(unp)) {
514 } else if (unp->unp_conn && unp->unp_conn->unp_addr) {
515 struct unpcb *unp2 = unp->unp_conn;
518 *msg->peeraddr.nm_nam = dup_sockaddr(
519 (struct sockaddr *)unp2->unp_addr);
524 * XXX: It seems that this test always fails even when
525 * connection is established. So, this else clause is
526 * added as workaround to return PF_LOCAL sockaddr.
528 *msg->peeraddr.nm_nam = dup_sockaddr(&sun_noname);
533 lwkt_reltoken(&unp_token);
535 lwkt_replymsg(&msg->lmsg, error);
539 uipc_rcvd(netmsg_t msg)
541 struct unpcb *unp, *unp2;
547 * so_pcb is only modified with both the global and the unp
550 so = msg->base.nm_so;
551 unp = unp_getsocktoken(so);
553 if (!UNP_ISATTACHED(unp)) {
558 switch (so->so_type) {
560 panic("uipc_rcvd DGRAM?");
564 if (unp->unp_conn == NULL)
566 unp2 = unp->unp_conn; /* protected by pool token */
569 * Because we are transfering mbufs directly to the
570 * peer socket we have to use SSB_STOP on the sender
571 * to prevent it from building up infinite mbufs.
573 * As in several places in this module w ehave to ref unp2
574 * to ensure that it does not get ripped out from under us
575 * if we block on the so2 token or in sowwakeup().
577 so2 = unp2->unp_socket;
579 lwkt_gettoken(&so2->so_rcv.ssb_token);
580 if (so->so_rcv.ssb_cc < so2->so_snd.ssb_hiwat &&
581 so->so_rcv.ssb_mbcnt < so2->so_snd.ssb_mbmax
583 atomic_clear_int(&so2->so_snd.ssb_flags, SSB_STOP);
587 lwkt_reltoken(&so2->so_rcv.ssb_token);
591 panic("uipc_rcvd unknown socktype");
597 lwkt_replymsg(&msg->lmsg, error);
600 /* pru_rcvoob is EOPNOTSUPP */
603 uipc_send(netmsg_t msg)
605 struct unpcb *unp, *unp2;
608 struct mbuf *control;
612 so = msg->base.nm_so;
613 control = msg->send.nm_control;
617 * so_pcb is only modified with both the global and the unp
620 so = msg->base.nm_so;
621 unp = unp_getsocktoken(so);
623 if (!UNP_ISATTACHED(unp)) {
628 if (msg->send.nm_flags & PRUS_OOB) {
633 wakeup_start_delayed();
635 if (control && (error = unp_internalize(control, msg->send.nm_td)))
638 switch (so->so_type) {
641 struct sockaddr *from;
643 if (msg->send.nm_addr) {
648 lwkt_gettoken(&unp_token);
649 error = unp_find_lockref(msg->send.nm_addr,
650 msg->send.nm_td, so->so_type, &unp2);
652 lwkt_reltoken(&unp_token);
657 * unp2 is locked and referenced.
659 * We could unlock unp2 now, since it was checked
663 lwkt_reltoken(&unp_token);
665 if (unp->unp_conn == NULL) {
669 unp2 = unp->unp_conn;
672 /* NOTE: unp2 is referenced. */
673 so2 = unp2->unp_socket;
676 from = (struct sockaddr *)unp->unp_addr;
680 lwkt_gettoken(&so2->so_rcv.ssb_token);
681 if (ssb_appendaddr(&so2->so_rcv, from, m, control)) {
688 lwkt_reltoken(&so2->so_rcv.ssb_token);
696 /* Connect if not connected yet. */
698 * Note: A better implementation would complain
699 * if not equal to the peer's address.
701 if (unp->unp_conn == NULL) {
702 if (msg->send.nm_addr) {
703 error = unp_connect(so,
711 * unp_conn still could be NULL, even if the
712 * above unp_connect() succeeds; since the
713 * current unp's token could be released due
714 * to blocking operations after unp_conn is
717 if (unp->unp_conn == NULL) {
722 if (so->so_state & SS_CANTSENDMORE) {
727 unp2 = unp->unp_conn;
728 KASSERT(unp2 != NULL, ("unp is not connected"));
729 so2 = unp2->unp_socket;
734 * Send to paired receive port, and then reduce
735 * send buffer hiwater marks to maintain backpressure.
738 lwkt_gettoken(&so2->so_rcv.ssb_token);
740 if (ssb_appendcontrol(&so2->so_rcv, m, control)) {
744 } else if (so->so_type == SOCK_SEQPACKET) {
745 sbappendrecord(&so2->so_rcv.sb, m);
748 sbappend(&so2->so_rcv.sb, m);
753 * Because we are transfering mbufs directly to the
754 * peer socket we have to use SSB_STOP on the sender
755 * to prevent it from building up infinite mbufs.
757 if (so2->so_rcv.ssb_cc >= so->so_snd.ssb_hiwat ||
758 so2->so_rcv.ssb_mbcnt >= so->so_snd.ssb_mbmax
760 atomic_set_int(&so->so_snd.ssb_flags, SSB_STOP);
762 lwkt_reltoken(&so2->so_rcv.ssb_token);
769 panic("uipc_send unknown socktype");
773 * SEND_EOF is equivalent to a SEND followed by a SHUTDOWN.
775 if (msg->send.nm_flags & PRUS_EOF) {
780 if (control && error != 0)
781 unp_dispose(control);
784 wakeup_end_delayed();
790 lwkt_replymsg(&msg->lmsg, error);
797 uipc_sense(netmsg_t msg)
804 so = msg->base.nm_so;
805 sb = msg->sense.nm_stat;
808 * so_pcb is only modified with both the global and the unp
811 unp = unp_getsocktoken(so);
813 if (!UNP_ISATTACHED(unp)) {
818 sb->st_blksize = so->so_snd.ssb_hiwat;
823 lwkt_replymsg(&msg->lmsg, error);
827 uipc_shutdown(netmsg_t msg)
834 * so_pcb is only modified with both the global and the unp
837 so = msg->base.nm_so;
838 unp = unp_getsocktoken(so);
840 if (UNP_ISATTACHED(unp)) {
849 lwkt_replymsg(&msg->lmsg, error);
853 uipc_sockaddr(netmsg_t msg)
859 * so_pcb is only modified with both the global and the unp
862 unp = unp_getsocktoken(msg->base.nm_so);
864 if (UNP_ISATTACHED(unp)) {
866 *msg->sockaddr.nm_nam =
867 dup_sockaddr((struct sockaddr *)unp->unp_addr);
875 lwkt_replymsg(&msg->lmsg, error);
878 struct pr_usrreqs uipc_usrreqs = {
879 .pru_abort = uipc_abort,
880 .pru_accept = uipc_accept,
881 .pru_attach = uipc_attach,
882 .pru_bind = uipc_bind,
883 .pru_connect = uipc_connect,
884 .pru_connect2 = uipc_connect2,
885 .pru_control = pr_generic_notsupp,
886 .pru_detach = uipc_detach,
887 .pru_disconnect = uipc_disconnect,
888 .pru_listen = uipc_listen,
889 .pru_peeraddr = uipc_peeraddr,
890 .pru_rcvd = uipc_rcvd,
891 .pru_rcvoob = pr_generic_notsupp,
892 .pru_send = uipc_send,
893 .pru_sense = uipc_sense,
894 .pru_shutdown = uipc_shutdown,
895 .pru_sockaddr = uipc_sockaddr,
896 .pru_sosend = sosend,
897 .pru_soreceive = soreceive
901 uipc_ctloutput(netmsg_t msg)
904 struct sockopt *sopt;
908 so = msg->base.nm_so;
909 sopt = msg->ctloutput.nm_sopt;
911 lwkt_gettoken(&unp_token);
912 unp = unp_getsocktoken(so);
914 if (!UNP_ISATTACHED(unp)) {
919 switch (sopt->sopt_dir) {
921 switch (sopt->sopt_name) {
923 if (unp->unp_flags & UNP_HAVEPC)
924 soopt_from_kbuf(sopt, &unp->unp_peercred,
925 sizeof(unp->unp_peercred));
927 if (so->so_type == SOCK_STREAM)
929 else if (so->so_type == SOCK_SEQPACKET)
948 lwkt_reltoken(&unp_token);
950 lwkt_replymsg(&msg->lmsg, error);
954 * Both send and receive buffers are allocated PIPSIZ bytes of buffering
955 * for stream sockets, although the total for sender and receiver is
956 * actually only PIPSIZ.
958 * Datagram sockets really use the sendspace as the maximum datagram size,
959 * and don't really want to reserve the sendspace. Their recvspace should
960 * be large enough for at least one max-size datagram plus address.
962 * We want the local send/recv space to be significant larger then lo0's
965 * We no longer need to worry about avoiding the windows scaling option.
966 * Programs which use unix domain sockets expect larger defaults these days.
971 static u_long unpst_sendspace = PIPSIZ;
972 static u_long unpst_recvspace = PIPSIZ;
973 static u_long unpdg_sendspace = PIPSIZ; /* really max datagram size */
974 static u_long unpdg_recvspace = PIPSIZ;
975 static u_long unpsp_sendspace = PIPSIZ; /* really max datagram size */
976 static u_long unpsp_recvspace = PIPSIZ;
978 SYSCTL_DECL(_net_local_stream);
979 SYSCTL_DECL(_net_local_dgram);
980 SYSCTL_DECL(_net_local_seqpacket);
982 SYSCTL_ULONG(_net_local_stream, OID_AUTO, sendspace, CTLFLAG_RW,
983 &unpst_sendspace, 0, "Size of stream socket send buffer");
984 SYSCTL_ULONG(_net_local_stream, OID_AUTO, recvspace, CTLFLAG_RW,
985 &unpst_recvspace, 0, "Size of stream socket receive buffer");
987 SYSCTL_ULONG(_net_local_dgram, OID_AUTO, maxdgram, CTLFLAG_RW,
988 &unpdg_sendspace, 0, "Max datagram socket size");
989 SYSCTL_ULONG(_net_local_dgram, OID_AUTO, recvspace, CTLFLAG_RW,
990 &unpdg_recvspace, 0, "Size of datagram socket receive buffer");
992 SYSCTL_ULONG(_net_local_seqpacket, OID_AUTO, maxseqpacket, CTLFLAG_RW,
993 &unpsp_sendspace, 0, "Default seqpacket send space.");
994 SYSCTL_ULONG(_net_local_seqpacket, OID_AUTO, recvspace, CTLFLAG_RW,
995 &unpsp_recvspace, 0, "Default seqpacket receive space.");
999 unp_attach(struct socket *so, struct pru_attach_info *ai)
1001 struct unp_global_head *head;
1005 lwkt_gettoken(&unp_token);
1007 if (so->so_snd.ssb_hiwat == 0 || so->so_rcv.ssb_hiwat == 0) {
1008 switch (so->so_type) {
1010 error = soreserve(so, unpst_sendspace, unpst_recvspace,
1014 error = soreserve(so, unpdg_sendspace, unpdg_recvspace,
1017 case SOCK_SEQPACKET:
1018 error = soreserve(so, unpsp_sendspace, unpsp_recvspace,
1022 panic("unp_attach");
1029 * In order to support sendfile we have to set either SSB_STOPSUPP
1030 * or SSB_PREALLOC. Unix domain sockets use the SSB_STOP flow
1031 * control mechanism.
1033 if (so->so_type == SOCK_STREAM) {
1034 atomic_set_int(&so->so_rcv.ssb_flags, SSB_STOPSUPP);
1035 atomic_set_int(&so->so_snd.ssb_flags, SSB_STOPSUPP);
1038 unp = kmalloc(sizeof(*unp), M_UNPCB, M_WAITOK | M_ZERO | M_NULLOK);
1043 unp->unp_refcnt = 1;
1044 unp->unp_gencnt = ++unp_gencnt;
1045 LIST_INIT(&unp->unp_refs);
1046 unp->unp_socket = so;
1047 unp->unp_rvnode = ai->fd_rdir; /* jail cruft XXX JH */
1048 so->so_pcb = (caddr_t)unp;
1051 head = unp_globalhead(so->so_type);
1052 TAILQ_INSERT_TAIL(&head->list, unp, unp_link);
1056 lwkt_reltoken(&unp_token);
1061 unp_detach(struct unpcb *unp)
1065 lwkt_gettoken(&unp_token);
1066 lwkt_getpooltoken(unp);
1068 so = unp->unp_socket;
1070 unp->unp_gencnt = ++unp_gencnt;
1071 if (unp->unp_vnode) {
1072 unp->unp_vnode->v_socket = NULL;
1073 vrele(unp->unp_vnode);
1074 unp->unp_vnode = NULL;
1076 soisdisconnected(so);
1077 KKASSERT(so->so_pcb == unp);
1078 so->so_pcb = NULL; /* both tokens required */
1079 unp->unp_socket = NULL;
1081 lwkt_relpooltoken(unp);
1082 lwkt_reltoken(&unp_token);
1086 KASSERT(unp->unp_conn == NULL, ("unp is still connected"));
1087 KASSERT(LIST_EMPTY(&unp->unp_refs), ("unp still has references"));
1090 kfree(unp->unp_addr, M_SONAME);
1091 kfree(unp, M_UNPCB);
1094 taskqueue_enqueue(unp_taskqueue, &unp_gc_task);
1098 unp_bind(struct unpcb *unp, struct sockaddr *nam, struct thread *td)
1100 struct proc *p = td->td_proc;
1101 struct sockaddr_un *soun = (struct sockaddr_un *)nam;
1105 struct nlookupdata nd;
1106 char buf[SOCK_MAXADDRLEN];
1108 ASSERT_LWKT_TOKEN_HELD(&unp_token);
1109 UNP_ASSERT_TOKEN_HELD(unp);
1111 if (unp->unp_vnode != NULL)
1114 namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path);
1117 strncpy(buf, soun->sun_path, namelen);
1118 buf[namelen] = 0; /* null-terminate the string */
1119 error = nlookup_init(&nd, buf, UIO_SYSSPACE,
1120 NLC_LOCKVP | NLC_CREATE | NLC_REFDVP);
1122 error = nlookup(&nd);
1123 if (error == 0 && nd.nl_nch.ncp->nc_vp != NULL)
1129 vattr.va_type = VSOCK;
1130 vattr.va_mode = (ACCESSPERMS & ~p->p_fd->fd_cmask);
1131 error = VOP_NCREATE(&nd.nl_nch, nd.nl_dvp, &vp, nd.nl_cred, &vattr);
1133 if (unp->unp_vnode == NULL) {
1134 vp->v_socket = unp->unp_socket;
1135 unp->unp_vnode = vp;
1136 unp->unp_addr = (struct sockaddr_un *)dup_sockaddr(nam);
1139 vput(vp); /* late race */
1149 unp_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
1151 struct unpcb *unp, *unp2;
1152 int error, flags = 0;
1154 lwkt_gettoken(&unp_token);
1156 unp = unp_getsocktoken(so);
1157 if (!UNP_ISATTACHED(unp)) {
1162 if ((unp->unp_flags & UNP_CONNECTING) || unp->unp_conn != NULL) {
1167 flags = UNP_CONNECTING;
1168 unp_setflags(unp, flags);
1170 error = unp_find_lockref(nam, td, so->so_type, &unp2);
1175 * unp2 is locked and referenced.
1178 if (so->so_proto->pr_flags & PR_CONNREQUIRED) {
1179 struct socket *so2, *so3;
1182 so2 = unp2->unp_socket;
1183 if (!(so2->so_options & SO_ACCEPTCONN) ||
1184 /* listen is not completed yet */
1185 !(unp2->unp_flags & UNP_HAVEPCCACHED) ||
1186 (so3 = sonewconn_faddr(so2, 0, NULL,
1187 TRUE /* keep ref */)) == NULL) {
1188 error = ECONNREFUSED;
1191 /* so3 has a socket reference. */
1193 unp3 = unp_getsocktoken(so3);
1194 if (!UNP_ISATTACHED(unp3)) {
1197 * Already aborted; we only need to drop the
1198 * socket reference held by sonewconn_faddr().
1201 error = ECONNREFUSED;
1204 unp_reference(unp3);
1207 * unp3 is locked and referenced.
1211 * Release so3 socket reference held by sonewconn_faddr().
1212 * Since we have referenced unp3, neither unp3 nor so3 will
1213 * be destroyed here.
1217 if (unp2->unp_addr != NULL) {
1218 unp3->unp_addr = (struct sockaddr_un *)
1219 dup_sockaddr((struct sockaddr *)unp2->unp_addr);
1223 * unp_peercred management:
1225 * The connecter's (client's) credentials are copied
1226 * from its process structure at the time of connect()
1229 cru2x(td->td_proc->p_ucred, &unp3->unp_peercred);
1230 unp_setflags(unp3, UNP_HAVEPC);
1232 * The receiver's (server's) credentials are copied
1233 * from the unp_peercred member of socket on which the
1234 * former called listen(); unp_listen() cached that
1235 * process's credentials at that time so we can use
1238 KASSERT(unp2->unp_flags & UNP_HAVEPCCACHED,
1239 ("unp_connect: listener without cached peercred"));
1240 memcpy(&unp->unp_peercred, &unp2->unp_peercred,
1241 sizeof(unp->unp_peercred));
1242 unp_setflags(unp, UNP_HAVEPC);
1244 error = unp_connect_pair(unp, unp3);
1246 soabort_direct(so3);
1248 /* Done with unp3 */
1252 error = unp_connect_pair(unp, unp2);
1259 unp_clrflags(unp, flags);
1262 lwkt_reltoken(&unp_token);
1267 * Connect two unix domain sockets together.
1269 * NOTE: Semantics for any change to unp_conn requires that the per-unp
1270 * pool token also be held.
1273 unp_connect2(struct socket *so, struct socket *so2)
1275 struct unpcb *unp, *unp2;
1278 lwkt_gettoken(&unp_token);
1279 if (so2->so_type != so->so_type) {
1280 lwkt_reltoken(&unp_token);
1281 return (EPROTOTYPE);
1283 unp = unp_getsocktoken(so);
1284 unp2 = unp_getsocktoken(so2);
1286 if (!UNP_ISATTACHED(unp)) {
1290 if (!UNP_ISATTACHED(unp2)) {
1291 error = ECONNREFUSED;
1295 if (unp->unp_conn != NULL) {
1299 if ((so->so_type == SOCK_STREAM || so->so_type == SOCK_SEQPACKET) &&
1300 unp2->unp_conn != NULL) {
1305 error = unp_connect_pair(unp, unp2);
1309 lwkt_reltoken(&unp_token);
1314 * Disconnect a unix domain socket pair.
1316 * NOTE: Semantics for any change to unp_conn requires that the per-unp
1317 * pool token also be held.
1320 unp_disconnect(struct unpcb *unp, int error)
1322 struct socket *so = unp->unp_socket;
1325 ASSERT_LWKT_TOKEN_HELD(&unp_token);
1326 UNP_ASSERT_TOKEN_HELD(unp);
1329 so->so_error = error;
1331 while ((unp2 = unp->unp_conn) != NULL) {
1332 lwkt_getpooltoken(unp2);
1333 if (unp2 == unp->unp_conn)
1335 lwkt_relpooltoken(unp2);
1339 /* unp2 is locked. */
1341 KASSERT((unp2->unp_flags & UNP_DROPPED) == 0, ("unp2 was dropped"));
1343 unp->unp_conn = NULL;
1345 switch (so->so_type) {
1347 LIST_REMOVE(unp, unp_reflink);
1348 soclrstate(so, SS_ISCONNECTED);
1352 case SOCK_SEQPACKET:
1354 * Keep a reference before clearing the unp_conn
1355 * to avoid racing uipc_detach()/uipc_abort() in
1358 unp_reference(unp2);
1359 KASSERT(unp2->unp_conn == unp, ("unp_conn mismatch"));
1360 unp2->unp_conn = NULL;
1362 soisdisconnected(so);
1363 soisdisconnected(unp2->unp_socket);
1369 lwkt_relpooltoken(unp2);
1374 unp_abort(struct unpcb *unp)
1376 lwkt_gettoken(&unp_token);
1378 lwkt_reltoken(&unp_token);
1383 prison_unpcb(struct thread *td, struct unpcb *unp)
1389 if ((p = td->td_proc) == NULL)
1391 if (!p->p_ucred->cr_prison)
1393 if (p->p_fd->fd_rdir == unp->unp_rvnode)
1399 unp_pcblist(SYSCTL_HANDLER_ARGS)
1401 struct unp_global_head *head = arg1;
1403 struct unpcb *unp, *marker;
1405 KKASSERT(curproc != NULL);
1408 * The process of preparing the PCB list is too time-consuming and
1409 * resource-intensive to repeat twice on every request.
1411 if (req->oldptr == NULL) {
1413 req->oldidx = (n + n/8) * sizeof(struct xunpcb);
1417 if (req->newptr != NULL)
1420 marker = kmalloc(sizeof(*marker), M_UNPCB, M_WAITOK | M_ZERO);
1421 marker->unp_flags |= UNP_MARKER;
1423 lwkt_gettoken(&unp_token);
1429 TAILQ_INSERT_HEAD(&head->list, marker, unp_link);
1430 while ((unp = TAILQ_NEXT(marker, unp_link)) != NULL && i < n) {
1433 TAILQ_REMOVE(&head->list, marker, unp_link);
1434 TAILQ_INSERT_AFTER(&head->list, unp, marker, unp_link);
1436 if (unp->unp_flags & UNP_MARKER)
1438 if (prison_unpcb(req->td, unp))
1441 xu.xu_len = sizeof(xu);
1446 * unp->unp_addr and unp->unp_conn are protected by
1447 * unp_token. So if we want to get rid of unp_token
1448 * or reduce the coverage of unp_token, care must be
1451 if (unp->unp_addr) {
1452 bcopy(unp->unp_addr, &xu.xu_addr,
1453 unp->unp_addr->sun_len);
1455 if (unp->unp_conn && unp->unp_conn->unp_addr) {
1456 bcopy(unp->unp_conn->unp_addr,
1458 unp->unp_conn->unp_addr->sun_len);
1460 bcopy(unp, &xu.xu_unp, sizeof(*unp));
1461 sotoxsocket(unp->unp_socket, &xu.xu_socket);
1463 /* NOTE: This could block and temporarily release unp_token */
1464 error = SYSCTL_OUT(req, &xu, sizeof(xu));
1469 TAILQ_REMOVE(&head->list, marker, unp_link);
1471 lwkt_reltoken(&unp_token);
1473 kfree(marker, M_UNPCB);
1477 SYSCTL_PROC(_net_local_dgram, OID_AUTO, pcblist, CTLFLAG_RD,
1478 &unp_dgram_head, 0, unp_pcblist, "S,xunpcb",
1479 "List of active local datagram sockets");
1480 SYSCTL_PROC(_net_local_stream, OID_AUTO, pcblist, CTLFLAG_RD,
1481 &unp_stream_head, 0, unp_pcblist, "S,xunpcb",
1482 "List of active local stream sockets");
1483 SYSCTL_PROC(_net_local_seqpacket, OID_AUTO, pcblist, CTLFLAG_RD,
1484 &unp_seqpkt_head, 0, unp_pcblist, "S,xunpcb",
1485 "List of active local seqpacket sockets");
1488 unp_shutdown(struct unpcb *unp)
1492 if ((unp->unp_socket->so_type == SOCK_STREAM ||
1493 unp->unp_socket->so_type == SOCK_SEQPACKET) &&
1494 unp->unp_conn != NULL && (so = unp->unp_conn->unp_socket)) {
1503 lwkt_gettoken(&unp_token);
1504 lwkt_reltoken(&unp_token);
1509 unp_externalize(struct mbuf *rights, int flags)
1511 struct thread *td = curthread;
1512 struct proc *p = td->td_proc; /* XXX */
1513 struct lwp *lp = td->td_lwp;
1514 struct cmsghdr *cm = mtod(rights, struct cmsghdr *);
1519 int newfds = (cm->cmsg_len - (CMSG_DATA(cm) - (u_char *)cm))
1520 / sizeof(struct file *);
1523 lwkt_gettoken(&unp_rights_token);
1526 * if the new FD's will not fit, then we free them all
1528 if (!fdavail(p, newfds)) {
1529 rp = (struct file **)CMSG_DATA(cm);
1530 for (i = 0; i < newfds; i++) {
1533 * zero the pointer before calling unp_discard,
1534 * since it may end up in unp_gc()..
1537 unp_discard(fp, NULL);
1539 lwkt_reltoken(&unp_rights_token);
1544 * now change each pointer to an fd in the global table to
1545 * an integer that is the index to the local fd table entry
1546 * that we set up to point to the global one we are transferring.
1547 * Since the sizeof(struct file *) is bigger than or equal to
1548 * the sizeof(int), we do it in forward order. In that case,
1549 * an integer will always come in the same place or before its
1550 * corresponding struct file pointer.
1552 * Hold revoke_token in 'shared' mode, so that we won't miss
1553 * the FREVOKED update on fps being externalized (fsetfd).
1555 lwkt_gettoken_shared(&revoke_token);
1556 fdp = (int *)CMSG_DATA(cm);
1557 rp = (struct file **)CMSG_DATA(cm);
1558 for (i = 0; i < newfds; i++) {
1559 if (fdalloc(p, 0, &f)) {
1563 * Previous fdavail() can't garantee
1564 * fdalloc() success due to SMP race.
1565 * Just clean up and return the same
1566 * error value as if fdavail() failed.
1568 lwkt_reltoken(&revoke_token);
1570 /* Close externalized files */
1571 for (j = 0; j < i; j++)
1573 /* Discard the rest of internal files */
1574 for (; i < newfds; i++)
1575 unp_discard(rp[i], NULL);
1576 /* Wipe out the control message */
1577 for (i = 0; i < newfds; i++)
1580 lwkt_reltoken(&unp_rights_token);
1584 unp_fp_externalize(lp, fp, f, flags);
1587 lwkt_reltoken(&revoke_token);
1589 lwkt_reltoken(&unp_rights_token);
1592 * Adjust length, in case sizeof(struct file *) and sizeof(int)
1595 cm->cmsg_len = CMSG_LEN(newfds * sizeof(int));
1596 rights->m_len = cm->cmsg_len;
1602 unp_fp_externalize(struct lwp *lp, struct file *fp, int fd, int flags)
1605 struct filedesc *fdp = lp->lwp_proc->p_fd;
1608 if (fp->f_flag & FREVOKED) {
1612 kprintf("Warning: revoked fp exiting unix socket\n");
1613 error = falloc(lp, &fx, NULL);
1615 if (flags & MSG_CMSG_CLOEXEC)
1616 fdp->fd_files[fd].fileflags |= UF_EXCLOSE;
1617 fsetfd(fdp, fx, fd);
1620 fsetfd(fdp, NULL, fd);
1623 if (flags & MSG_CMSG_CLOEXEC)
1624 fdp->fd_files[fd].fileflags |= UF_EXCLOSE;
1625 fsetfd(fdp, fp, fd);
1635 TAILQ_INIT(&unp_stream_head.list);
1636 TAILQ_INIT(&unp_dgram_head.list);
1637 TAILQ_INIT(&unp_seqpkt_head.list);
1639 SLIST_INIT(&unp_defdiscard_head);
1640 spin_init(&unp_defdiscard_spin, "unpdisc");
1641 TASK_INIT(&unp_defdiscard_task, 0, unp_defdiscard_taskfunc, NULL);
1644 * This implies that only one gc can be in-progress at any
1647 TASK_INIT(&unp_gc_task, 0, unp_gc, NULL);
1649 unp_gc_marker = kmalloc(sizeof(*unp_gc_marker), M_UNPCB,
1651 unp_gc_marker->unp_flags |= UNP_MARKER;
1654 * Create taskqueue for defered discard, and stick it to
1657 unp_taskqueue = taskqueue_create("unp_taskq", M_WAITOK,
1658 taskqueue_thread_enqueue, &unp_taskqueue);
1659 taskqueue_start_threads(&unp_taskqueue, 1, TDPRI_KERN_DAEMON,
1660 ncpus - 1, "unp taskq");
1664 unp_internalize(struct mbuf *control, struct thread *td)
1666 struct proc *p = td->td_proc;
1667 struct filedesc *fdescp;
1668 struct cmsghdr *cm = mtod(control, struct cmsghdr *);
1672 struct cmsgcred *cmcred;
1680 * Make sure the message is reasonable, and either CREDS or RIGHTS.
1682 * NOTE: overall message length does not have to be aligned, but the
1685 if ((cm->cmsg_type != SCM_RIGHTS && cm->cmsg_type != SCM_CREDS) ||
1686 cm->cmsg_level != SOL_SOCKET ||
1687 control->m_len < sizeof(*cm) || /* control too small */
1688 cm->cmsg_len < sizeof(*cm) || /* cmsg_len too small */
1689 cm->cmsg_len > control->m_len) { /* cmsg_len too big */
1694 * Fill in credential information.
1696 if (cm->cmsg_type == SCM_CREDS) {
1697 cmcred = (struct cmsgcred *)CMSG_DATA(cm);
1698 cmcred->cmcred_pid = p->p_pid;
1699 cmcred->cmcred_uid = p->p_ucred->cr_ruid;
1700 cmcred->cmcred_gid = p->p_ucred->cr_rgid;
1701 cmcred->cmcred_euid = p->p_ucred->cr_uid;
1702 cmcred->cmcred_ngroups = MIN(p->p_ucred->cr_ngroups,
1704 for (i = 0; i < cmcred->cmcred_ngroups; i++)
1705 cmcred->cmcred_groups[i] = p->p_ucred->cr_groups[i];
1710 * cmsghdr may not be aligned, do not allow calculation(s) to
1713 * Data must be aligned but the data length does not have to be.
1715 * If there are multiple headers (XXX not supported) then the
1716 * next header will be aligned after the end of the possibly
1719 if (cm->cmsg_len < CMSG_LEN(0)) {
1723 oldfds = (cm->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1726 * Now replace the integer FDs with pointers to
1727 * the associated global file table entry..
1728 * Allocate a bigger buffer as necessary. But if an cluster is not
1729 * enough, return E2BIG.
1731 newlen = CMSG_LEN(oldfds * sizeof(struct file *));
1732 if (newlen > MCLBYTES)
1734 if (newlen - control->m_len > M_TRAILINGSPACE(control)) {
1735 if (control->m_flags & M_EXT)
1737 MCLGET(control, M_WAITOK);
1738 if (!(control->m_flags & M_EXT))
1741 /* copy the data to the cluster */
1742 memcpy(mtod(control, char *), cm, cm->cmsg_len);
1743 cm = mtod(control, struct cmsghdr *);
1746 lwkt_gettoken(&unp_rights_token);
1749 spin_lock_shared(&fdescp->fd_spin);
1752 * check that all the FDs passed in refer to legal OPEN files
1753 * If not, reject the entire operation.
1755 fdp = (int *)CMSG_DATA(cm);
1756 for (i = 0; i < oldfds; i++) {
1758 if ((unsigned)fd >= fdescp->fd_nfiles ||
1759 fdescp->fd_files[fd].fp == NULL) {
1763 if (fdescp->fd_files[fd].fp->f_type == DTYPE_KQUEUE) {
1770 * Adjust length, in case sizeof(struct file *) and sizeof(int)
1773 cm->cmsg_len = newlen;
1774 control->m_len = CMSG_ALIGN(newlen);
1777 * Transform the file descriptors into struct file pointers.
1778 * Since the sizeof(struct file *) is bigger than or equal to
1779 * the sizeof(int), we do it in reverse order so that the int
1780 * won't get trashed until we're done.
1782 fdp = (int *)CMSG_DATA(cm) + oldfds - 1;
1783 rp = (struct file **)CMSG_DATA(cm) + oldfds - 1;
1784 for (i = 0; i < oldfds; i++) {
1785 fp = fdescp->fd_files[*fdp--].fp;
1792 spin_unlock_shared(&fdescp->fd_spin);
1793 lwkt_reltoken(&unp_rights_token);
1797 #ifdef UNP_GC_ALLFILES
1800 * Garbage collect in-transit file descriptors that get lost due to
1801 * loops (i.e. when a socket is sent to another process over itself,
1802 * and more complex situations).
1804 * NOT MPSAFE - TODO socket flush code and maybe fdrop. Rest is MPSAFE.
1807 struct unp_gc_info {
1808 struct file **extra_ref;
1809 struct file *locked_fp;
1816 unp_gc(void *arg __unused, int pending __unused)
1818 struct unp_gc_info info;
1822 lwkt_gettoken(&unp_rights_token);
1825 * Before going through all this, set all FDs to be NOT defered
1826 * and NOT externally accessible (not marked). During the scan
1827 * a fd can be marked externally accessible but we may or may not
1828 * be able to immediately process it (controlled by FDEFER).
1830 * If we loop sleep a bit. The complexity of the topology can cause
1831 * multiple loops. Also failure to acquire the socket's so_rcv
1832 * token can cause us to loop.
1834 allfiles_scan_exclusive(unp_gc_clearmarks, NULL);
1837 allfiles_scan_exclusive(unp_gc_checkmarks, &info);
1839 tsleep(&info, 0, "gcagain", 1);
1840 } while (info.defer);
1843 * We grab an extra reference to each of the file table entries
1844 * that are not otherwise accessible and then free the rights
1845 * that are stored in messages on them.
1847 * The bug in the orginal code is a little tricky, so I'll describe
1848 * what's wrong with it here.
1850 * It is incorrect to simply unp_discard each entry for f_msgcount
1851 * times -- consider the case of sockets A and B that contain
1852 * references to each other. On a last close of some other socket,
1853 * we trigger a gc since the number of outstanding rights (unp_rights)
1854 * is non-zero. If during the sweep phase the gc code unp_discards,
1855 * we end up doing a (full) fdrop on the descriptor. A fdrop on A
1856 * results in the following chain. Closef calls soo_close, which
1857 * calls soclose. Soclose calls first (through the switch
1858 * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply
1859 * returns because the previous instance had set unp_gcing, and
1860 * we return all the way back to soclose, which marks the socket
1861 * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush
1862 * to free up the rights that are queued in messages on the socket A,
1863 * i.e., the reference on B. The sorflush calls via the dom_dispose
1864 * switch unp_dispose, which unp_scans with unp_discard. This second
1865 * instance of unp_discard just calls fdrop on B.
1867 * Well, a similar chain occurs on B, resulting in a sorflush on B,
1868 * which results in another fdrop on A. Unfortunately, A is already
1869 * being closed, and the descriptor has already been marked with
1870 * SS_NOFDREF, and soclose panics at this point.
1872 * Here, we first take an extra reference to each inaccessible
1873 * descriptor. Then, we call sorflush ourself, since we know
1874 * it is a Unix domain socket anyhow. After we destroy all the
1875 * rights carried in messages, we do a last fdrop to get rid
1876 * of our extra reference. This is the last close, and the
1877 * unp_detach etc will shut down the socket.
1879 * 91/09/19, bsy@cs.cmu.edu
1881 info.extra_ref = kmalloc(256 * sizeof(struct file *), M_FILE, M_WAITOK);
1882 info.maxindex = 256;
1889 allfiles_scan_exclusive(unp_gc_checkrefs, &info);
1892 * For each FD on our hit list, do the following two things
1894 for (i = info.index, fpp = info.extra_ref; --i >= 0; ++fpp) {
1895 struct file *tfp = *fpp;
1896 if (tfp->f_type == DTYPE_SOCKET && tfp->f_data != NULL)
1897 sorflush((struct socket *)(tfp->f_data));
1899 for (i = info.index, fpp = info.extra_ref; --i >= 0; ++fpp)
1901 } while (info.index == info.maxindex);
1903 kfree((caddr_t)info.extra_ref, M_FILE);
1905 lwkt_reltoken(&unp_rights_token);
1909 * MPSAFE - NOTE: filehead list and file pointer spinlocked on entry
1912 unp_gc_checkrefs(struct file *fp, void *data)
1914 struct unp_gc_info *info = data;
1916 if (fp->f_count == 0)
1918 if (info->index == info->maxindex)
1922 * If all refs are from msgs, and it's not marked accessible
1923 * then it must be referenced from some unreachable cycle
1924 * of (shut-down) FDs, so include it in our
1925 * list of FDs to remove
1927 if (fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) {
1928 info->extra_ref[info->index++] = fp;
1935 * MPSAFE - NOTE: filehead list and file pointer spinlocked on entry
1938 unp_gc_clearmarks(struct file *fp, void *data __unused)
1940 atomic_clear_int(&fp->f_flag, FMARK | FDEFER);
1945 * MPSAFE - NOTE: filehead list and file pointer spinlocked on entry
1948 unp_gc_checkmarks(struct file *fp, void *data)
1950 struct unp_gc_info *info = data;
1954 * If the file is not open, skip it. Make sure it isn't marked
1955 * defered or we could loop forever, in case we somehow race
1958 if (fp->f_count == 0) {
1959 if (fp->f_flag & FDEFER)
1960 atomic_clear_int(&fp->f_flag, FDEFER);
1964 * If we already marked it as 'defer' in a
1965 * previous pass, then try process it this time
1968 if (fp->f_flag & FDEFER) {
1969 atomic_clear_int(&fp->f_flag, FDEFER);
1972 * if it's not defered, then check if it's
1973 * already marked.. if so skip it
1975 if (fp->f_flag & FMARK)
1978 * If all references are from messages
1979 * in transit, then skip it. it's not
1980 * externally accessible.
1982 if (fp->f_count == fp->f_msgcount)
1985 * If it got this far then it must be
1986 * externally accessible.
1988 atomic_set_int(&fp->f_flag, FMARK);
1992 * either it was defered, or it is externally
1993 * accessible and not already marked so.
1994 * Now check if it is possibly one of OUR sockets.
1996 if (fp->f_type != DTYPE_SOCKET ||
1997 (so = (struct socket *)fp->f_data) == NULL) {
2000 if (so->so_proto->pr_domain != &localdomain ||
2001 !(so->so_proto->pr_flags & PR_RIGHTS)) {
2006 * So, Ok, it's one of our sockets and it IS externally accessible
2007 * (or was defered). Now we look to see if we hold any file
2008 * descriptors in its message buffers. Follow those links and mark
2009 * them as accessible too.
2011 * We are holding multiple spinlocks here, if we cannot get the
2012 * token non-blocking defer until the next loop.
2014 info->locked_fp = fp;
2015 if (lwkt_trytoken(&so->so_rcv.ssb_token)) {
2016 unp_scan(so->so_rcv.ssb_mb, unp_mark, info);
2017 lwkt_reltoken(&so->so_rcv.ssb_token);
2019 atomic_set_int(&fp->f_flag, FDEFER);
2026 * Mark visibility. info->defer is recalculated on every pass.
2029 unp_mark(struct file *fp, void *data)
2031 struct unp_gc_info *info = data;
2033 if ((fp->f_flag & FMARK) == 0) {
2035 atomic_set_int(&fp->f_flag, FMARK | FDEFER);
2036 } else if (fp->f_flag & FDEFER) {
2041 #else /* !UNP_GC_ALLFILES */
2044 * They are thread local and do not require explicit synchronization.
2046 static int unp_marked;
2047 static int unp_unreachable;
2050 unp_accessable(struct file *fp, void *data __unused)
2054 if ((unp = unp_fp2unpcb(fp)) == NULL)
2056 if (unp->unp_gcflags & UNPGC_REF)
2058 unp->unp_gcflags &= ~UNPGC_DEAD;
2059 unp->unp_gcflags |= UNPGC_REF;
2064 unp_gc_process(struct unpcb *unp)
2068 /* Already processed. */
2069 if (unp->unp_gcflags & UNPGC_SCANNED)
2074 * Check for a socket potentially in a cycle. It must be in a
2075 * queue as indicated by msgcount, and this must equal the file
2076 * reference count. Note that when msgcount is 0 the file is NULL.
2078 if ((unp->unp_gcflags & UNPGC_REF) == 0 && fp &&
2079 unp->unp_msgcount != 0 && fp->f_count == unp->unp_msgcount) {
2080 unp->unp_gcflags |= UNPGC_DEAD;
2086 * Mark all sockets we reference with RIGHTS.
2088 if (UNP_ISATTACHED(unp)) {
2089 struct signalsockbuf *ssb = &unp->unp_socket->so_rcv;
2092 lwkt_gettoken(&ssb->ssb_token);
2094 * unp_token would be temporarily dropped, if getting
2095 * so_rcv token blocks, so we need to check unp state
2098 if (UNP_ISATTACHED(unp))
2099 unp_scan(ssb->ssb_mb, unp_accessable, NULL);
2100 lwkt_reltoken(&ssb->ssb_token);
2101 unp->unp_gcflags |= UNPGC_SCANNED;
2104 unp->unp_gcflags |= UNPGC_SCANNED;
2109 unp_gc(void *arg __unused, int pending __unused)
2111 struct unp_global_head *head;
2112 int h, filemax, fileidx, filetot;
2113 struct file **unref;
2116 lwkt_gettoken(&unp_rights_token);
2117 lwkt_gettoken(&unp_token);
2120 * First clear all gc flags from previous runs.
2122 for (h = 0; unp_heads[h] != NULL; ++h) {
2124 * NOTE: This loop does not block, so it is safe
2125 * to use TAILQ_FOREACH here.
2127 head = unp_heads[h];
2128 TAILQ_FOREACH(unp, &head->list, unp_link)
2129 unp->unp_gcflags = 0;
2133 * Scan marking all reachable sockets with UNPGC_REF. Once a socket
2134 * is reachable all of the sockets it references are reachable.
2135 * Stop the scan once we do a complete loop without discovering
2136 * a new reachable socket.
2139 unp_unreachable = 0;
2141 for (h = 0; unp_heads[h] != NULL; ++h) {
2142 head = unp_heads[h];
2143 TAILQ_INSERT_HEAD(&head->list, unp_gc_marker, unp_link);
2144 while ((unp = TAILQ_NEXT(unp_gc_marker, unp_link))
2146 TAILQ_REMOVE(&head->list, unp_gc_marker,
2148 TAILQ_INSERT_AFTER(&head->list, unp,
2149 unp_gc_marker, unp_link);
2151 if (unp->unp_flags & UNP_MARKER)
2153 unp_gc_process(unp);
2155 TAILQ_REMOVE(&head->list, unp_gc_marker, unp_link);
2157 } while (unp_marked);
2159 if (unp_unreachable == 0)
2163 * We grab an extra reference to each of the file table entries
2164 * that are not otherwise accessible and then free the rights
2165 * that are stored in messages on them.
2167 * The bug in the orginal code is a little tricky, so I'll describe
2168 * what's wrong with it here.
2170 * It is incorrect to simply unp_discard each entry for f_msgcount
2171 * times -- consider the case of sockets A and B that contain
2172 * references to each other. On a last close of some other socket,
2173 * we trigger a gc since the number of outstanding rights (unp_rights)
2174 * is non-zero. If during the sweep phase the gc code unp_discards,
2175 * we end up doing a (full) fdrop on the descriptor. A fdrop on A
2176 * results in the following chain. Closef calls soo_close, which
2177 * calls soclose. Soclose calls first (through the switch
2178 * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply
2179 * returns because the previous instance had set unp_gcing, and
2180 * we return all the way back to soclose, which marks the socket
2181 * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush
2182 * to free up the rights that are queued in messages on the socket A,
2183 * i.e., the reference on B. The sorflush calls via the dom_dispose
2184 * switch unp_dispose, which unp_scans with unp_discard. This second
2185 * instance of unp_discard just calls fdrop on B.
2187 * Well, a similar chain occurs on B, resulting in a sorflush on B,
2188 * which results in another fdrop on A. Unfortunately, A is already
2189 * being closed, and the descriptor has already been marked with
2190 * SS_NOFDREF, and soclose panics at this point.
2192 * Here, we first take an extra reference to each inaccessible
2193 * descriptor. Then, we call sorflush ourself, since we know
2194 * it is a Unix domain socket anyhow. After we destroy all the
2195 * rights carried in messages, we do a last fdrop to get rid
2196 * of our extra reference. This is the last close, and the
2197 * unp_detach etc will shut down the socket.
2199 * 91/09/19, bsy@cs.cmu.edu
2202 filemax = unp_unreachable;
2203 if (filemax > UNP_GCFILE_MAX)
2204 filemax = UNP_GCFILE_MAX;
2205 unref = kmalloc(filemax * sizeof(struct file *), M_TEMP, M_WAITOK);
2212 * Iterate looking for sockets which have been specifically
2213 * marked as as unreachable and store them locally.
2216 for (h = 0; unp_heads[h] != NULL; ++h) {
2218 * NOTE: This loop does not block, so it is safe
2219 * to use TAILQ_FOREACH here.
2221 head = unp_heads[h];
2222 TAILQ_FOREACH(unp, &head->list, unp_link) {
2225 if ((unp->unp_gcflags & UNPGC_DEAD) == 0)
2227 unp->unp_gcflags &= ~UNPGC_DEAD;
2230 if (unp->unp_msgcount == 0 || fp == NULL ||
2231 fp->f_count != unp->unp_msgcount)
2235 KASSERT(fileidx < filemax,
2236 ("invalid fileidx %d, filemax %d",
2238 unref[fileidx++] = fp;
2240 KASSERT(filetot < unp_unreachable,
2241 ("invalid filetot %d and "
2242 "unp_unreachable %d",
2243 filetot, unp_unreachable));
2246 if (fileidx == filemax ||
2247 filetot == unp_unreachable)
2253 * For each Unix domain socket on our hit list, do the
2254 * following two things.
2256 for (i = 0; i < fileidx; ++i)
2257 sorflush(unref[i]->f_data);
2258 for (i = 0; i < fileidx; ++i)
2260 } while (fileidx == filemax && filetot < unp_unreachable);
2261 kfree(unref, M_TEMP);
2263 lwkt_reltoken(&unp_token);
2264 lwkt_reltoken(&unp_rights_token);
2267 #endif /* UNP_GC_ALLFILES */
2270 * Dispose of the fp's stored in a mbuf.
2272 * The dds loop can cause additional fps to be entered onto the
2273 * list while it is running, flattening out the operation and avoiding
2274 * a deep kernel stack recursion.
2277 unp_dispose(struct mbuf *m)
2279 lwkt_gettoken(&unp_rights_token);
2281 unp_scan(m, unp_discard, NULL);
2282 lwkt_reltoken(&unp_rights_token);
2286 unp_listen(struct unpcb *unp, struct thread *td)
2288 struct proc *p = td->td_proc;
2290 ASSERT_LWKT_TOKEN_HELD(&unp_token);
2291 UNP_ASSERT_TOKEN_HELD(unp);
2294 cru2x(p->p_ucred, &unp->unp_peercred);
2295 unp_setflags(unp, UNP_HAVEPCCACHED);
2300 unp_scan(struct mbuf *m0, void (*op)(struct file *, void *), void *data)
2309 for (m = m0; m; m = m->m_next) {
2310 if (m->m_type == MT_CONTROL &&
2311 m->m_len >= sizeof(*cm)) {
2312 cm = mtod(m, struct cmsghdr *);
2313 if (cm->cmsg_level != SOL_SOCKET ||
2314 cm->cmsg_type != SCM_RIGHTS)
2316 qfds = (cm->cmsg_len - CMSG_LEN(0)) /
2318 rp = (struct file **)CMSG_DATA(cm);
2319 for (i = 0; i < qfds; i++)
2321 break; /* XXX, but saves time */
2329 * Discard a fp previously held in a unix domain socket mbuf. To
2330 * avoid blowing out the kernel stack due to contrived chain-reactions
2331 * we may have to defer the operation to a dedicated taskqueue.
2333 * Caller holds unp_rights_token.
2336 unp_discard(struct file *fp, void *data __unused)
2339 if (unp_fp2unpcb(fp) != NULL) {
2340 struct unp_defdiscard *d;
2343 * This fp is a Unix domain socket itself and fdrop()
2344 * it here directly may cause deep unp_discard()
2345 * recursion, so the fdrop() is defered to the
2346 * dedicated taskqueue.
2348 d = kmalloc(sizeof(*d), M_UNPCB, M_WAITOK);
2351 spin_lock(&unp_defdiscard_spin);
2352 SLIST_INSERT_HEAD(&unp_defdiscard_head, d, next);
2353 spin_unlock(&unp_defdiscard_spin);
2355 taskqueue_enqueue(unp_taskqueue, &unp_defdiscard_task);
2357 /* This fp is not a Unix domain socket */
2364 * unp_token must be held before calling this function to avoid name
2365 * resolution and v_socket accessing races, especially racing against
2369 * For anyone caring about unconnected Unix domain socket sending
2370 * performance, other approach could be taken...
2373 unp_find_lockref(struct sockaddr *nam, struct thread *td, short type,
2374 struct unpcb **unp_ret)
2376 struct proc *p = td->td_proc;
2377 struct sockaddr_un *soun = (struct sockaddr_un *)nam;
2378 struct vnode *vp = NULL;
2382 struct nlookupdata nd;
2383 char buf[SOCK_MAXADDRLEN];
2385 ASSERT_LWKT_TOKEN_HELD(&unp_token);
2389 len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
2394 strncpy(buf, soun->sun_path, len);
2397 error = nlookup_init(&nd, buf, UIO_SYSSPACE, NLC_FOLLOW);
2399 error = nlookup(&nd);
2401 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
2408 if (vp->v_type != VSOCK) {
2412 error = VOP_EACCESS(vp, VWRITE, p->p_ucred);
2417 error = ECONNREFUSED;
2420 if (so->so_type != type) {
2425 /* Lock this unp. */
2426 unp = unp_getsocktoken(so);
2427 if (!UNP_ISATTACHED(unp)) {
2429 error = ECONNREFUSED;
2432 /* And keep this unp referenced. */
2445 unp_connect_pair(struct unpcb *unp, struct unpcb *unp2)
2447 struct socket *so = unp->unp_socket;
2448 struct socket *so2 = unp2->unp_socket;
2450 ASSERT_LWKT_TOKEN_HELD(&unp_token);
2451 UNP_ASSERT_TOKEN_HELD(unp);
2452 UNP_ASSERT_TOKEN_HELD(unp2);
2454 KASSERT(so->so_type == so2->so_type,
2455 ("socket type mismatch, so %d, so2 %d", so->so_type, so2->so_type));
2457 if (!UNP_ISATTACHED(unp))
2459 if (!UNP_ISATTACHED(unp2))
2460 return ECONNREFUSED;
2462 KASSERT(unp->unp_conn == NULL, ("unp is already connected"));
2463 unp->unp_conn = unp2;
2465 switch (so->so_type) {
2467 LIST_INSERT_HEAD(&unp2->unp_refs, unp, unp_reflink);
2472 case SOCK_SEQPACKET:
2473 KASSERT(unp2->unp_conn == NULL, ("unp2 is already connected"));
2474 unp2->unp_conn = unp;
2480 panic("unp_connect_pair: unknown socket type %d", so->so_type);
2486 unp_drop(struct unpcb *unp, int error)
2488 struct unp_global_head *head;
2491 ASSERT_LWKT_TOKEN_HELD(&unp_token);
2492 UNP_ASSERT_TOKEN_HELD(unp);
2494 KASSERT((unp->unp_flags & (UNP_DETACHED | UNP_DROPPED)) == 0,
2495 ("unp is dropped"));
2497 /* Mark this unp as detached. */
2498 unp_setflags(unp, UNP_DETACHED);
2500 /* Remove this unp from the global unp list. */
2501 head = unp_globalhead(unp->unp_socket->so_type);
2502 KASSERT(head->count > 0, ("invalid unp count"));
2503 TAILQ_REMOVE(&head->list, unp, unp_link);
2506 /* Disconnect all. */
2507 unp_disconnect(unp, error);
2508 while ((unp2 = LIST_FIRST(&unp->unp_refs)) != NULL) {
2509 lwkt_getpooltoken(unp2);
2510 unp_disconnect(unp2, ECONNRESET);
2511 lwkt_relpooltoken(unp2);
2513 unp_setflags(unp, UNP_DROPPED);
2515 /* Try freeing this unp. */
2520 unp_defdiscard_taskfunc(void *arg __unused, int pending __unused)
2522 struct unp_defdiscard *d;
2524 spin_lock(&unp_defdiscard_spin);
2525 while ((d = SLIST_FIRST(&unp_defdiscard_head)) != NULL) {
2526 SLIST_REMOVE_HEAD(&unp_defdiscard_head, next);
2527 spin_unlock(&unp_defdiscard_spin);
2532 spin_lock(&unp_defdiscard_spin);
2534 spin_unlock(&unp_defdiscard_spin);
projects / dragonfly.git / blob