2 * Copyright (c) 1982, 1986, 1989, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)kern_descrip.c 8.6 (Berkeley) 4/19/94
39 * $FreeBSD: src/sys/kern/kern_descrip.c,v 1.81.2.17 2003/06/06 20:21:32 tegge Exp $
40 * $DragonFly: src/sys/kern/kern_descrip.c,v 1.14 2003/10/13 18:01:25 dillon Exp $
43 #include "opt_compat.h"
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/malloc.h>
47 #include <sys/sysproto.h>
49 #include <sys/filedesc.h>
50 #include <sys/kernel.h>
51 #include <sys/sysctl.h>
52 #include <sys/vnode.h>
54 #include <sys/namei.h>
57 #include <sys/filio.h>
58 #include <sys/fcntl.h>
59 #include <sys/unistd.h>
60 #include <sys/resourcevar.h>
61 #include <sys/event.h>
64 #include <vm/vm_extern.h>
66 #include <sys/file2.h>
68 static MALLOC_DEFINE(M_FILEDESC, "file desc", "Open file descriptor table");
69 static MALLOC_DEFINE(M_FILEDESC_TO_LEADER, "file desc to leader",
70 "file desc to leader structures");
71 MALLOC_DEFINE(M_FILE, "file", "Open file structure");
72 static MALLOC_DEFINE(M_SIGIO, "sigio", "sigio structures");
74 static d_open_t fdopen;
78 static struct cdevsw fildesc_cdevsw = {
92 /* strategy */ nostrategy,
97 static int do_dup (struct filedesc *fdp, int old, int new, register_t *retval, struct proc *p);
98 static int badfo_readwrite (struct file *fp, struct uio *uio,
99 struct ucred *cred, int flags, struct thread *td);
100 static int badfo_ioctl (struct file *fp, u_long com, caddr_t data,
102 static int badfo_poll (struct file *fp, int events,
103 struct ucred *cred, struct thread *td);
104 static int badfo_kqfilter (struct file *fp, struct knote *kn);
105 static int badfo_stat (struct file *fp, struct stat *sb, struct thread *td);
106 static int badfo_close (struct file *fp, struct thread *td);
109 * Descriptor management.
111 struct filelist filehead; /* head of list of open files */
112 int nfiles; /* actual number of open files */
116 * System calls on descriptors.
120 getdtablesize(struct getdtablesize_args *uap)
122 struct proc *p = curproc;
125 min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfilesperproc);
130 * Duplicate a file descriptor to a particular value.
132 * note: keep in mind that a potential race condition exists when closing
133 * descriptors from a shared descriptor table (via rfork).
137 dup2(struct dup2_args *uap)
139 struct proc *p = curproc;
140 struct filedesc *fdp = p->p_fd;
141 u_int old = uap->from, new = uap->to;
145 if (old >= fdp->fd_nfiles ||
146 fdp->fd_ofiles[old] == NULL ||
147 new >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur ||
148 new >= maxfilesperproc) {
152 uap->sysmsg_result = new;
155 if (new >= fdp->fd_nfiles) {
156 if ((error = fdalloc(p, new, &i)))
159 * fdalloc() may block, retest everything.
163 return (do_dup(fdp, (int)old, (int)new, uap->sysmsg_fds, p));
167 * Duplicate a file descriptor.
171 dup(struct dup_args *uap)
173 struct proc *p = curproc;
174 struct filedesc *fdp;
180 if (old >= fdp->fd_nfiles || fdp->fd_ofiles[old] == NULL)
182 if ((error = fdalloc(p, 0, &new)))
184 return (do_dup(fdp, (int)old, new, uap->sysmsg_fds, p));
188 * The file control system call.
192 fcntl(struct fcntl_args *uap)
194 struct thread *td = curthread;
195 struct proc *p = td->td_proc;
196 struct filedesc *fdp = p->p_fd;
200 int i, tmp, error, flg = F_POSIX;
206 if ((unsigned)uap->fd >= fdp->fd_nfiles ||
207 (fp = fdp->fd_ofiles[uap->fd]) == NULL)
209 pop = &fdp->fd_ofileflags[uap->fd];
214 if (newmin >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur ||
215 newmin >= maxfilesperproc)
217 if ((error = fdalloc(p, newmin, &i)))
219 return (do_dup(fdp, uap->fd, i, uap->sysmsg_fds, p));
222 uap->sysmsg_result = (*pop & UF_EXCLOSE) ? FD_CLOEXEC : 0;
226 *pop = (*pop &~ UF_EXCLOSE) |
227 (uap->arg & FD_CLOEXEC ? UF_EXCLOSE : 0);
231 uap->sysmsg_result = OFLAGS(fp->f_flag);
236 fp->f_flag &= ~FCNTLFLAGS;
237 fp->f_flag |= FFLAGS(uap->arg & ~O_ACCMODE) & FCNTLFLAGS;
238 tmp = fp->f_flag & FNONBLOCK;
239 error = fo_ioctl(fp, FIONBIO, (caddr_t)&tmp, td);
244 tmp = fp->f_flag & FASYNC;
245 error = fo_ioctl(fp, FIOASYNC, (caddr_t)&tmp, td);
250 fp->f_flag &= ~FNONBLOCK;
252 (void)fo_ioctl(fp, FIONBIO, (caddr_t)&tmp, td);
258 error = fo_ioctl(fp, FIOGETOWN, (caddr_t)uap->sysmsg_fds, td);
264 error = fo_ioctl(fp, FIOSETOWN, (caddr_t)&uap->arg, td);
270 /* Fall into F_SETLK */
273 if (fp->f_type != DTYPE_VNODE)
275 vp = (struct vnode *)fp->f_data;
278 * copyin/lockop may block
281 /* Copy in the lock structure */
282 error = copyin((caddr_t)(intptr_t)uap->arg, (caddr_t)&fl,
288 if (fl.l_whence == SEEK_CUR)
289 fl.l_start += fp->f_offset;
293 if ((fp->f_flag & FREAD) == 0) {
297 p->p_leader->p_flag |= P_ADVLOCK;
298 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_SETLK,
302 if ((fp->f_flag & FWRITE) == 0) {
306 p->p_leader->p_flag |= P_ADVLOCK;
307 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_SETLK,
311 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_UNLCK,
318 /* Check for race with close */
319 if ((unsigned) uap->fd >= fdp->fd_nfiles ||
320 fp != fdp->fd_ofiles[uap->fd]) {
321 fl.l_whence = SEEK_SET;
325 (void) VOP_ADVLOCK(vp, (caddr_t)p->p_leader,
326 F_UNLCK, &fl, F_POSIX);
332 if (fp->f_type != DTYPE_VNODE)
334 vp = (struct vnode *)fp->f_data;
336 * copyin/lockop may block
339 /* Copy in the lock structure */
340 error = copyin((caddr_t)(intptr_t)uap->arg, (caddr_t)&fl,
346 if (fl.l_type != F_RDLCK && fl.l_type != F_WRLCK &&
347 fl.l_type != F_UNLCK) {
351 if (fl.l_whence == SEEK_CUR)
352 fl.l_start += fp->f_offset;
353 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_GETLK,
357 error = copyout((caddr_t)&fl,
358 (caddr_t)(intptr_t)uap->arg, sizeof(fl));
368 * Common code for dup, dup2, and fcntl(F_DUPFD).
371 do_dup(fdp, old, new, retval, p)
372 struct filedesc *fdp;
377 struct thread *td = p->p_thread;
383 * Save info on the descriptor being overwritten. We have
384 * to do the unmap now, but we cannot close it without
385 * introducing an ownership race for the slot.
387 delfp = fdp->fd_ofiles[new];
388 if (delfp != NULL && p->p_fdtol != NULL) {
390 * Ask fdfree() to sleep to ensure that all relevant
391 * process leaders can be traversed in closef().
393 fdp->fd_holdleaderscount++;
398 if (delfp && (fdp->fd_ofileflags[new] & UF_MAPPED))
399 (void) munmapfd(p, new);
403 * Duplicate the source descriptor, update lastfile
405 fp = fdp->fd_ofiles[old];
406 fdp->fd_ofiles[new] = fp;
407 fdp->fd_ofileflags[new] = fdp->fd_ofileflags[old] &~ UF_EXCLOSE;
409 if (new > fdp->fd_lastfile)
410 fdp->fd_lastfile = new;
414 * If we dup'd over a valid file, we now own the reference to it
415 * and must dispose of it using closef() semantics (as if a
416 * close() were performed on it).
419 (void) closef(delfp, td);
421 fdp->fd_holdleaderscount--;
422 if (fdp->fd_holdleaderscount == 0 &&
423 fdp->fd_holdleaderswakeup != 0) {
424 fdp->fd_holdleaderswakeup = 0;
425 wakeup(&fdp->fd_holdleaderscount);
433 * If sigio is on the list associated with a process or process group,
434 * disable signalling from the device, remove sigio from the list and
446 *(sigio->sio_myref) = NULL;
448 if (sigio->sio_pgid < 0) {
449 SLIST_REMOVE(&sigio->sio_pgrp->pg_sigiolst, sigio,
451 } else /* if ((*sigiop)->sio_pgid > 0) */ {
452 SLIST_REMOVE(&sigio->sio_proc->p_sigiolst, sigio,
455 crfree(sigio->sio_ucred);
456 FREE(sigio, M_SIGIO);
459 /* Free a list of sigio structures. */
461 funsetownlst(sigiolst)
462 struct sigiolst *sigiolst;
466 while ((sigio = SLIST_FIRST(sigiolst)) != NULL)
471 * This is common code for FIOSETOWN ioctl called by fcntl(fd, F_SETOWN, arg).
473 * After permission checking, add a sigio structure to the sigio list for
474 * the process or process group.
477 fsetown(pgid, sigiop)
479 struct sigio **sigiop;
496 * Policy - Don't allow a process to FSETOWN a process
497 * in another session.
499 * Remove this test to allow maximum flexibility or
500 * restrict FSETOWN to the current process or process
501 * group for maximum safety.
503 if (proc->p_session != curproc->p_session)
507 } else /* if (pgid < 0) */ {
508 pgrp = pgfind(-pgid);
513 * Policy - Don't allow a process to FSETOWN a process
514 * in another session.
516 * Remove this test to allow maximum flexibility or
517 * restrict FSETOWN to the current process or process
518 * group for maximum safety.
520 if (pgrp->pg_session != curproc->p_session)
526 MALLOC(sigio, struct sigio *, sizeof(struct sigio), M_SIGIO, M_WAITOK);
528 SLIST_INSERT_HEAD(&proc->p_sigiolst, sigio, sio_pgsigio);
529 sigio->sio_proc = proc;
531 SLIST_INSERT_HEAD(&pgrp->pg_sigiolst, sigio, sio_pgsigio);
532 sigio->sio_pgrp = pgrp;
534 sigio->sio_pgid = pgid;
535 sigio->sio_ucred = crhold(curproc->p_ucred);
536 /* It would be convenient if p_ruid was in ucred. */
537 sigio->sio_ruid = curproc->p_ucred->cr_ruid;
538 sigio->sio_myref = sigiop;
546 * This is common code for FIOGETOWN ioctl called by fcntl(fd, F_GETOWN, arg).
552 return (sigio != NULL ? sigio->sio_pgid : 0);
556 * Close a file descriptor.
560 close(struct close_args *uap)
562 struct thread *td = curthread;
563 struct proc *p = td->td_proc;
564 struct filedesc *fdp;
573 if ((unsigned)fd >= fdp->fd_nfiles ||
574 (fp = fdp->fd_ofiles[fd]) == NULL)
577 if (fdp->fd_ofileflags[fd] & UF_MAPPED)
578 (void) munmapfd(p, fd);
580 fdp->fd_ofiles[fd] = NULL;
581 fdp->fd_ofileflags[fd] = 0;
583 if (p->p_fdtol != NULL) {
585 * Ask fdfree() to sleep to ensure that all relevant
586 * process leaders can be traversed in closef().
588 fdp->fd_holdleaderscount++;
593 * we now hold the fp reference that used to be owned by the descriptor
596 while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL)
598 if (fd < fdp->fd_freefile)
599 fdp->fd_freefile = fd;
600 if (fd < fdp->fd_knlistsize)
601 knote_fdclose(p, fd);
602 error = closef(fp, td);
604 fdp->fd_holdleaderscount--;
605 if (fdp->fd_holdleaderscount == 0 &&
606 fdp->fd_holdleaderswakeup != 0) {
607 fdp->fd_holdleaderswakeup = 0;
608 wakeup(&fdp->fd_holdleaderscount);
614 #if defined(COMPAT_43) || defined(COMPAT_SUNOS)
616 * Return status information about a file descriptor.
620 ofstat(struct ofstat_args *uap)
622 struct thread *td = curthread;
623 struct proc *p = td->td_proc;
624 struct filedesc *fdp;
632 if ((unsigned)uap->fd >= fdp->fd_nfiles ||
633 (fp = fdp->fd_ofiles[uap->fd]) == NULL)
636 error = fo_stat(fp, &ub, td);
639 error = copyout((caddr_t)&oub, (caddr_t)uap->sb, sizeof (oub));
644 #endif /* COMPAT_43 || COMPAT_SUNOS */
647 * Return status information about a file descriptor.
651 fstat(struct fstat_args *uap)
653 struct thread *td = curthread;
654 struct proc *p = td->td_proc;
655 struct filedesc *fdp = p->p_fd;
662 if ((unsigned)uap->fd >= fdp->fd_nfiles ||
663 (fp = fdp->fd_ofiles[uap->fd]) == NULL)
666 error = fo_stat(fp, &ub, td);
668 error = copyout((caddr_t)&ub, (caddr_t)uap->sb, sizeof (ub));
674 * Return status information about a file descriptor.
678 nfstat(struct nfstat_args *uap)
680 struct thread *td = curthread;
681 struct proc *p = td->td_proc;
682 struct filedesc *fdp;
690 if ((unsigned)uap->fd >= fdp->fd_nfiles ||
691 (fp = fdp->fd_ofiles[uap->fd]) == NULL)
694 error = fo_stat(fp, &ub, td);
697 error = copyout((caddr_t)&nub, (caddr_t)uap->sb, sizeof (nub));
704 * Return pathconf information about a file descriptor.
708 fpathconf(struct fpathconf_args *uap)
710 struct thread *td = curthread;
711 struct proc *p = td->td_proc;
712 struct filedesc *fdp;
719 if ((unsigned)uap->fd >= fdp->fd_nfiles ||
720 (fp = fdp->fd_ofiles[uap->fd]) == NULL)
725 switch (fp->f_type) {
728 if (uap->name != _PC_PIPE_BUF) {
731 uap->sysmsg_result = PIPE_BUF;
737 vp = (struct vnode *)fp->f_data;
738 error = VOP_PATHCONF(vp, uap->name, uap->sysmsg_fds);
749 * Allocate a file descriptor for the process.
752 SYSCTL_INT(_debug, OID_AUTO, fdexpand, CTLFLAG_RD, &fdexpand, 0, "");
755 fdalloc(p, want, result)
760 struct filedesc *fdp = p->p_fd;
762 int lim, last, nfiles;
763 struct file **newofile;
767 * Search for a free descriptor starting at the higher
768 * of want or fd_freefile. If that fails, consider
769 * expanding the ofile array.
771 lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfilesperproc);
773 last = min(fdp->fd_nfiles, lim);
774 if ((i = want) < fdp->fd_freefile)
775 i = fdp->fd_freefile;
776 for (; i < last; i++) {
777 if (fdp->fd_ofiles[i] == NULL) {
778 fdp->fd_ofileflags[i] = 0;
779 if (i > fdp->fd_lastfile)
780 fdp->fd_lastfile = i;
781 if (want <= fdp->fd_freefile)
782 fdp->fd_freefile = i;
789 * No space in current array. Expand?
791 if (fdp->fd_nfiles >= lim)
793 if (fdp->fd_nfiles < NDEXTENT)
796 nfiles = 2 * fdp->fd_nfiles;
797 MALLOC(newofile, struct file **, nfiles * OFILESIZE,
798 M_FILEDESC, M_WAITOK);
801 * deal with file-table extend race that might have occured
802 * when malloc was blocked.
804 if (fdp->fd_nfiles >= nfiles) {
805 FREE(newofile, M_FILEDESC);
808 newofileflags = (char *) &newofile[nfiles];
810 * Copy the existing ofile and ofileflags arrays
811 * and zero the new portion of each array.
813 bcopy(fdp->fd_ofiles, newofile,
814 (i = sizeof(struct file *) * fdp->fd_nfiles));
815 bzero((char *)newofile + i, nfiles * sizeof(struct file *) - i);
816 bcopy(fdp->fd_ofileflags, newofileflags,
817 (i = sizeof(char) * fdp->fd_nfiles));
818 bzero(newofileflags + i, nfiles * sizeof(char) - i);
819 if (fdp->fd_nfiles > NDFILE)
820 FREE(fdp->fd_ofiles, M_FILEDESC);
821 fdp->fd_ofiles = newofile;
822 fdp->fd_ofileflags = newofileflags;
823 fdp->fd_nfiles = nfiles;
830 * Check to see whether n user file descriptors
831 * are available to the process p.
838 struct filedesc *fdp = p->p_fd;
842 lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfilesperproc);
843 if ((i = lim - fdp->fd_nfiles) > 0 && (n -= i) <= 0)
846 last = min(fdp->fd_nfiles, lim);
847 fpp = &fdp->fd_ofiles[fdp->fd_freefile];
848 for (i = last - fdp->fd_freefile; --i >= 0; fpp++) {
849 if (*fpp == NULL && --n <= 0)
857 * Create a new open file structure and allocate a file decriptor
858 * for the process that refers to it. If p is NULL, no descriptor
859 * is allocated and the file pointer is returned unassociated with
860 * any process. resultfd is only used if p is not NULL and may
861 * separately be NULL indicating that you don't need the returned fd.
864 falloc(struct proc *p, struct file **resultfp, int *resultfd)
866 struct file *fp, *fq;
869 if (nfiles >= maxfiles) {
874 * Allocate a new file descriptor.
875 * If the process has file descriptor zero open, add to the list
876 * of open files at that point, otherwise put it at the front of
877 * the list of open files.
880 MALLOC(fp, struct file *, sizeof(struct file), M_FILE, M_WAITOK);
881 bzero(fp, sizeof(struct file));
884 * wait until after malloc (which may have blocked) returns before
885 * allocating the slot, else a race might have shrunk it if we had
886 * allocated it before the malloc.
889 if (p && (error = fdalloc(p, 0, &i))) {
895 fp->f_cred = crhold(p->p_ucred);
896 fp->f_ops = &badfileops;
899 if ((fq = p->p_fd->fd_ofiles[0]) != NULL) {
900 LIST_INSERT_AFTER(fq, fp, f_list);
902 LIST_INSERT_HEAD(&filehead, fp, f_list);
904 p->p_fd->fd_ofiles[i] = fp;
914 * Free a file descriptor.
920 KASSERT((fp->f_count == 0), ("ffree: fp_fcount not 0!"));
921 LIST_REMOVE(fp, f_list);
928 * Build a new filedesc structure.
934 struct filedesc0 *newfdp;
935 struct filedesc *fdp = p->p_fd;
937 MALLOC(newfdp, struct filedesc0 *, sizeof(struct filedesc0),
938 M_FILEDESC, M_WAITOK);
939 bzero(newfdp, sizeof(struct filedesc0));
940 newfdp->fd_fd.fd_cdir = fdp->fd_cdir;
941 if (newfdp->fd_fd.fd_cdir)
942 VREF(newfdp->fd_fd.fd_cdir);
943 newfdp->fd_fd.fd_rdir = fdp->fd_rdir;
944 if (newfdp->fd_fd.fd_rdir)
945 VREF(newfdp->fd_fd.fd_rdir);
946 newfdp->fd_fd.fd_jdir = fdp->fd_jdir;
947 if (newfdp->fd_fd.fd_jdir)
948 VREF(newfdp->fd_fd.fd_jdir);
950 /* Create the file descriptor table. */
951 newfdp->fd_fd.fd_refcnt = 1;
952 newfdp->fd_fd.fd_cmask = cmask;
953 newfdp->fd_fd.fd_ofiles = newfdp->fd_dfiles;
954 newfdp->fd_fd.fd_ofileflags = newfdp->fd_dfileflags;
955 newfdp->fd_fd.fd_nfiles = NDFILE;
956 newfdp->fd_fd.fd_knlistsize = -1;
958 return (&newfdp->fd_fd);
962 * Share a filedesc structure.
968 p->p_fd->fd_refcnt++;
973 * Copy a filedesc structure.
979 struct filedesc *newfdp, *fdp = p->p_fd;
983 /* Certain daemons might not have file descriptors. */
987 MALLOC(newfdp, struct filedesc *, sizeof(struct filedesc0),
988 M_FILEDESC, M_WAITOK);
989 bcopy(fdp, newfdp, sizeof(struct filedesc));
991 VREF(newfdp->fd_cdir);
993 VREF(newfdp->fd_rdir);
995 VREF(newfdp->fd_jdir);
996 newfdp->fd_refcnt = 1;
999 * If the number of open files fits in the internal arrays
1000 * of the open file structure, use them, otherwise allocate
1001 * additional memory for the number of descriptors currently
1004 if (newfdp->fd_lastfile < NDFILE) {
1005 newfdp->fd_ofiles = ((struct filedesc0 *) newfdp)->fd_dfiles;
1006 newfdp->fd_ofileflags =
1007 ((struct filedesc0 *) newfdp)->fd_dfileflags;
1011 * Compute the smallest multiple of NDEXTENT needed
1012 * for the file descriptors currently in use,
1013 * allowing the table to shrink.
1015 i = newfdp->fd_nfiles;
1016 while (i > 2 * NDEXTENT && i > newfdp->fd_lastfile * 2)
1018 MALLOC(newfdp->fd_ofiles, struct file **, i * OFILESIZE,
1019 M_FILEDESC, M_WAITOK);
1020 newfdp->fd_ofileflags = (char *) &newfdp->fd_ofiles[i];
1022 newfdp->fd_nfiles = i;
1023 bcopy(fdp->fd_ofiles, newfdp->fd_ofiles, i * sizeof(struct file **));
1024 bcopy(fdp->fd_ofileflags, newfdp->fd_ofileflags, i * sizeof(char));
1027 * kq descriptors cannot be copied.
1029 if (newfdp->fd_knlistsize != -1) {
1030 fpp = &newfdp->fd_ofiles[newfdp->fd_lastfile];
1031 for (i = newfdp->fd_lastfile; i >= 0; i--, fpp--) {
1032 if (*fpp != NULL && (*fpp)->f_type == DTYPE_KQUEUE) {
1034 if (i < newfdp->fd_freefile)
1035 newfdp->fd_freefile = i;
1037 if (*fpp == NULL && i == newfdp->fd_lastfile && i > 0)
1038 newfdp->fd_lastfile--;
1040 newfdp->fd_knlist = NULL;
1041 newfdp->fd_knlistsize = -1;
1042 newfdp->fd_knhash = NULL;
1043 newfdp->fd_knhashmask = 0;
1046 fpp = newfdp->fd_ofiles;
1047 for (i = newfdp->fd_lastfile; i-- >= 0; fpp++) {
1055 * Release a filedesc structure.
1058 fdfree(struct proc *p)
1060 struct thread *td = p->p_thread;
1061 struct filedesc *fdp = p->p_fd;
1064 struct filedesc_to_leader *fdtol;
1069 /* Certain daemons might not have file descriptors. */
1073 /* Check for special need to clear POSIX style locks */
1075 if (fdtol != NULL) {
1076 KASSERT(fdtol->fdl_refcount > 0,
1077 ("filedesc_to_refcount botch: fdl_refcount=%d",
1078 fdtol->fdl_refcount));
1079 if (fdtol->fdl_refcount == 1 &&
1080 (p->p_leader->p_flag & P_ADVLOCK) != 0) {
1082 fpp = fdp->fd_ofiles;
1083 for (i = 0, fpp = fdp->fd_ofiles;
1084 i < fdp->fd_lastfile;
1087 (*fpp)->f_type != DTYPE_VNODE)
1091 lf.l_whence = SEEK_SET;
1094 lf.l_type = F_UNLCK;
1095 vp = (struct vnode *)fp->f_data;
1096 (void) VOP_ADVLOCK(vp,
1097 (caddr_t)p->p_leader,
1101 fdrop(fp, p->p_thread);
1102 fpp = fdp->fd_ofiles + i;
1106 if (fdtol->fdl_refcount == 1) {
1107 if (fdp->fd_holdleaderscount > 0 &&
1108 (p->p_leader->p_flag & P_ADVLOCK) != 0) {
1110 * close() or do_dup() has cleared a reference
1111 * in a shared file descriptor table.
1113 fdp->fd_holdleaderswakeup = 1;
1114 tsleep(&fdp->fd_holdleaderscount,
1118 if (fdtol->fdl_holdcount > 0) {
1120 * Ensure that fdtol->fdl_leader
1121 * remains valid in closef().
1123 fdtol->fdl_wakeup = 1;
1124 tsleep(fdtol, 0, "fdlhold", 0);
1128 fdtol->fdl_refcount--;
1129 if (fdtol->fdl_refcount == 0 &&
1130 fdtol->fdl_holdcount == 0) {
1131 fdtol->fdl_next->fdl_prev = fdtol->fdl_prev;
1132 fdtol->fdl_prev->fdl_next = fdtol->fdl_next;
1137 FREE(fdtol, M_FILEDESC_TO_LEADER);
1139 if (--fdp->fd_refcnt > 0)
1142 * we are the last reference to the structure, we can
1143 * safely assume it will not change out from under us.
1145 fpp = fdp->fd_ofiles;
1146 for (i = fdp->fd_lastfile; i-- >= 0; fpp++) {
1148 (void) closef(*fpp, td);
1150 if (fdp->fd_nfiles > NDFILE)
1151 FREE(fdp->fd_ofiles, M_FILEDESC);
1153 vrele(fdp->fd_cdir);
1155 vrele(fdp->fd_rdir);
1157 vrele(fdp->fd_jdir);
1159 FREE(fdp->fd_knlist, M_KQUEUE);
1161 FREE(fdp->fd_knhash, M_KQUEUE);
1162 FREE(fdp, M_FILEDESC);
1166 * For setugid programs, we don't want to people to use that setugidness
1167 * to generate error messages which write to a file which otherwise would
1168 * otherwise be off-limits to the process.
1170 * This is a gross hack to plug the hole. A better solution would involve
1171 * a special vop or other form of generalized access control mechanism. We
1172 * go ahead and just reject all procfs file systems accesses as dangerous.
1174 * Since setugidsafety calls this only for fd 0, 1 and 2, this check is
1175 * sufficient. We also don't for check setugidness since we know we are.
1178 is_unsafe(struct file *fp)
1180 if (fp->f_type == DTYPE_VNODE &&
1181 ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS)
1187 * Make this setguid thing safe, if at all possible.
1190 setugidsafety(struct proc *p)
1192 struct thread *td = p->p_thread;
1193 struct filedesc *fdp = p->p_fd;
1196 /* Certain daemons might not have file descriptors. */
1201 * note: fdp->fd_ofiles may be reallocated out from under us while
1202 * we are blocked in a close. Be careful!
1204 for (i = 0; i <= fdp->fd_lastfile; i++) {
1207 if (fdp->fd_ofiles[i] && is_unsafe(fdp->fd_ofiles[i])) {
1211 if ((fdp->fd_ofileflags[i] & UF_MAPPED) != 0)
1212 (void) munmapfd(p, i);
1214 if (i < fdp->fd_knlistsize)
1215 knote_fdclose(p, i);
1217 * NULL-out descriptor prior to close to avoid
1218 * a race while close blocks.
1220 fp = fdp->fd_ofiles[i];
1221 fdp->fd_ofiles[i] = NULL;
1222 fdp->fd_ofileflags[i] = 0;
1223 if (i < fdp->fd_freefile)
1224 fdp->fd_freefile = i;
1225 (void) closef(fp, td);
1228 while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL)
1233 * Close any files on exec?
1236 fdcloseexec(struct proc *p)
1238 struct thread *td = p->p_thread;
1239 struct filedesc *fdp = p->p_fd;
1242 /* Certain daemons might not have file descriptors. */
1247 * We cannot cache fd_ofiles or fd_ofileflags since operations
1248 * may block and rip them out from under us.
1250 for (i = 0; i <= fdp->fd_lastfile; i++) {
1251 if (fdp->fd_ofiles[i] != NULL &&
1252 (fdp->fd_ofileflags[i] & UF_EXCLOSE)) {
1256 if (fdp->fd_ofileflags[i] & UF_MAPPED)
1257 (void) munmapfd(p, i);
1259 if (i < fdp->fd_knlistsize)
1260 knote_fdclose(p, i);
1262 * NULL-out descriptor prior to close to avoid
1263 * a race while close blocks.
1265 fp = fdp->fd_ofiles[i];
1266 fdp->fd_ofiles[i] = NULL;
1267 fdp->fd_ofileflags[i] = 0;
1268 if (i < fdp->fd_freefile)
1269 fdp->fd_freefile = i;
1270 (void) closef(fp, td);
1273 while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL)
1278 * It is unsafe for set[ug]id processes to be started with file
1279 * descriptors 0..2 closed, as these descriptors are given implicit
1280 * significance in the Standard C library. fdcheckstd() will create a
1281 * descriptor referencing /dev/null for each of stdin, stdout, and
1282 * stderr that is not already open.
1285 fdcheckstd(struct proc *p)
1287 struct thread *td = p->p_thread;
1288 struct nameidata nd;
1289 struct filedesc *fdp;
1292 int fd, i, error, flags, devnull;
1299 for (i = 0; i < 3; i++) {
1300 if (fdp->fd_ofiles[i] != NULL)
1303 error = falloc(p, &fp, &fd);
1306 NDINIT(&nd, NAMEI_LOOKUP, CNP_FOLLOW, UIO_SYSSPACE,
1308 flags = FREAD | FWRITE;
1309 error = vn_open(&nd, flags, 0);
1311 fdp->fd_ofiles[i] = NULL;
1315 NDFREE(&nd, NDF_ONLY_PNBUF);
1316 fp->f_data = (caddr_t)nd.ni_vp;
1319 fp->f_type = DTYPE_VNODE;
1320 VOP_UNLOCK(nd.ni_vp, 0, td);
1323 error = fdalloc(p, 0, &fd);
1326 error = do_dup(fdp, devnull, fd, &retval, p);
1335 * Internal form of close.
1336 * Decrement reference count on file structure.
1337 * Note: td and/or p may be NULL when closing a file
1338 * that was being passed in a message.
1341 closef(struct file *fp, struct thread *td)
1345 struct filedesc_to_leader *fdtol;
1352 p = NULL; /* allow no proc association */
1354 p = td->td_proc; /* can also be NULL */
1357 * POSIX record locking dictates that any close releases ALL
1358 * locks owned by this process. This is handled by setting
1359 * a flag in the unlock to free ONLY locks obeying POSIX
1360 * semantics, and not to free BSD-style file locks.
1361 * If the descriptor was in a message, POSIX-style locks
1362 * aren't passed with the descriptor.
1365 fp->f_type == DTYPE_VNODE) {
1366 if ((p->p_leader->p_flag & P_ADVLOCK) != 0) {
1367 lf.l_whence = SEEK_SET;
1370 lf.l_type = F_UNLCK;
1371 vp = (struct vnode *)fp->f_data;
1372 (void) VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_UNLCK,
1376 if (fdtol != NULL) {
1378 * Handle special case where file descriptor table
1379 * is shared between multiple process leaders.
1381 for (fdtol = fdtol->fdl_next;
1382 fdtol != p->p_fdtol;
1383 fdtol = fdtol->fdl_next) {
1384 if ((fdtol->fdl_leader->p_flag &
1387 fdtol->fdl_holdcount++;
1388 lf.l_whence = SEEK_SET;
1391 lf.l_type = F_UNLCK;
1392 vp = (struct vnode *)fp->f_data;
1393 (void) VOP_ADVLOCK(vp,
1394 (caddr_t)p->p_leader,
1395 F_UNLCK, &lf, F_POSIX);
1396 fdtol->fdl_holdcount--;
1397 if (fdtol->fdl_holdcount == 0 &&
1398 fdtol->fdl_wakeup != 0) {
1399 fdtol->fdl_wakeup = 0;
1405 return (fdrop(fp, td));
1409 fdrop(struct file *fp, struct thread *td)
1415 if (--fp->f_count > 0)
1417 if (fp->f_count < 0)
1418 panic("fdrop: count < 0");
1419 if ((fp->f_flag & FHASLOCK) && fp->f_type == DTYPE_VNODE) {
1420 lf.l_whence = SEEK_SET;
1423 lf.l_type = F_UNLCK;
1424 vp = (struct vnode *)fp->f_data;
1425 (void) VOP_ADVLOCK(vp, (caddr_t)fp, F_UNLCK, &lf, F_FLOCK);
1427 if (fp->f_ops != &badfileops)
1428 error = fo_close(fp, td);
1436 * Apply an advisory lock on a file descriptor.
1438 * Just attempt to get a record lock of the requested type on
1439 * the entire file (l_whence = SEEK_SET, l_start = 0, l_len = 0).
1443 flock(struct flock_args *uap)
1445 struct proc *p = curproc;
1446 struct filedesc *fdp = p->p_fd;
1451 if ((unsigned)uap->fd >= fdp->fd_nfiles ||
1452 (fp = fdp->fd_ofiles[uap->fd]) == NULL)
1454 if (fp->f_type != DTYPE_VNODE)
1455 return (EOPNOTSUPP);
1456 vp = (struct vnode *)fp->f_data;
1457 lf.l_whence = SEEK_SET;
1460 if (uap->how & LOCK_UN) {
1461 lf.l_type = F_UNLCK;
1462 fp->f_flag &= ~FHASLOCK;
1463 return (VOP_ADVLOCK(vp, (caddr_t)fp, F_UNLCK, &lf, F_FLOCK));
1465 if (uap->how & LOCK_EX)
1466 lf.l_type = F_WRLCK;
1467 else if (uap->how & LOCK_SH)
1468 lf.l_type = F_RDLCK;
1471 fp->f_flag |= FHASLOCK;
1472 if (uap->how & LOCK_NB)
1473 return (VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, F_FLOCK));
1474 return (VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, F_FLOCK|F_WAIT));
1478 * File Descriptor pseudo-device driver (/dev/fd/).
1480 * Opening minor device N dup()s the file (if any) connected to file
1481 * descriptor N belonging to the calling process. Note that this driver
1482 * consists of only the ``open()'' routine, because all subsequent
1483 * references to this file will be direct to the other driver.
1487 fdopen(dev_t dev, int mode, int type, struct thread *td)
1489 KKASSERT(td->td_proc != NULL);
1492 * XXX Kludge: set curproc->p_dupfd to contain the value of the
1493 * the file descriptor being sought for duplication. The error
1494 * return ensures that the vnode for this device will be released
1495 * by vn_open. Open will detect this special error and take the
1496 * actions in dupfdopen below. Other callers of vn_open or VOP_OPEN
1497 * will simply report the error.
1499 td->td_proc->p_dupfd = minor(dev);
1504 * Duplicate the specified descriptor to a free descriptor.
1507 dupfdopen(struct filedesc *fdp, int indx, int dfd, int mode, int error)
1513 * If the to-be-dup'd fd number is greater than the allowed number
1514 * of file descriptors, or the fd to be dup'd has already been
1515 * closed, then reject.
1517 if ((u_int)dfd >= fdp->fd_nfiles ||
1518 (wfp = fdp->fd_ofiles[dfd]) == NULL) {
1523 * There are two cases of interest here.
1525 * For ENODEV simply dup (dfd) to file descriptor
1526 * (indx) and return.
1528 * For ENXIO steal away the file structure from (dfd) and
1529 * store it in (indx). (dfd) is effectively closed by
1532 * Any other error code is just returned.
1537 * Check that the mode the file is being opened for is a
1538 * subset of the mode of the existing descriptor.
1540 if (((mode & (FREAD|FWRITE)) | wfp->f_flag) != wfp->f_flag)
1542 fp = fdp->fd_ofiles[indx];
1544 if (fp && fdp->fd_ofileflags[indx] & UF_MAPPED)
1545 (void) munmapfd(p, indx);
1547 fdp->fd_ofiles[indx] = wfp;
1548 fdp->fd_ofileflags[indx] = fdp->fd_ofileflags[dfd];
1550 if (indx > fdp->fd_lastfile)
1551 fdp->fd_lastfile = indx;
1553 * we now own the reference to fp that the ofiles[] array
1554 * used to own. Release it.
1557 fdrop(fp, curthread);
1562 * Steal away the file pointer from dfd, and stuff it into indx.
1564 fp = fdp->fd_ofiles[indx];
1566 if (fp && fdp->fd_ofileflags[indx] & UF_MAPPED)
1567 (void) munmapfd(p, indx);
1569 fdp->fd_ofiles[indx] = fdp->fd_ofiles[dfd];
1570 fdp->fd_ofiles[dfd] = NULL;
1571 fdp->fd_ofileflags[indx] = fdp->fd_ofileflags[dfd];
1572 fdp->fd_ofileflags[dfd] = 0;
1575 * we now own the reference to fp that the ofiles[] array
1576 * used to own. Release it.
1579 fdrop(fp, curthread);
1581 * Complete the clean up of the filedesc structure by
1582 * recomputing the various hints.
1584 if (indx > fdp->fd_lastfile) {
1585 fdp->fd_lastfile = indx;
1587 while (fdp->fd_lastfile > 0 &&
1588 fdp->fd_ofiles[fdp->fd_lastfile] == NULL) {
1591 if (dfd < fdp->fd_freefile)
1592 fdp->fd_freefile = dfd;
1603 struct filedesc_to_leader *
1604 filedesc_to_leader_alloc(struct filedesc_to_leader *old,
1605 struct proc *leader)
1607 struct filedesc_to_leader *fdtol;
1609 MALLOC(fdtol, struct filedesc_to_leader *,
1610 sizeof(struct filedesc_to_leader),
1611 M_FILEDESC_TO_LEADER,
1613 fdtol->fdl_refcount = 1;
1614 fdtol->fdl_holdcount = 0;
1615 fdtol->fdl_wakeup = 0;
1616 fdtol->fdl_leader = leader;
1618 fdtol->fdl_next = old->fdl_next;
1619 fdtol->fdl_prev = old;
1620 old->fdl_next = fdtol;
1621 fdtol->fdl_next->fdl_prev = fdtol;
1623 fdtol->fdl_next = fdtol;
1624 fdtol->fdl_prev = fdtol;
1630 * Get file structures.
1633 sysctl_kern_file(SYSCTL_HANDLER_ARGS)
1640 * overestimate by 10 files
1642 return (SYSCTL_OUT(req, 0, sizeof(filehead) +
1643 (nfiles + 10) * sizeof(struct file)));
1646 error = SYSCTL_OUT(req, (caddr_t)&filehead, sizeof(filehead));
1651 * followed by an array of file structures
1653 LIST_FOREACH(fp, &filehead, f_list) {
1654 error = SYSCTL_OUT(req, (caddr_t)fp, sizeof (struct file));
1661 SYSCTL_PROC(_kern, KERN_FILE, file, CTLTYPE_OPAQUE|CTLFLAG_RD,
1662 0, 0, sysctl_kern_file, "S,file", "Entire file table");
1664 SYSCTL_INT(_kern, KERN_MAXFILESPERPROC, maxfilesperproc, CTLFLAG_RW,
1665 &maxfilesperproc, 0, "Maximum files allowed open per process");
1667 SYSCTL_INT(_kern, KERN_MAXFILES, maxfiles, CTLFLAG_RW,
1668 &maxfiles, 0, "Maximum number of files");
1670 SYSCTL_INT(_kern, OID_AUTO, openfiles, CTLFLAG_RD,
1671 &nfiles, 0, "System-wide number of open files");
1674 fildesc_drvinit(void *unused)
1678 for (fd = 0; fd < NUMFDESC; fd++)
1679 make_dev(&fildesc_cdevsw, fd,
1680 UID_BIN, GID_BIN, 0666, "fd/%d", fd);
1681 make_dev(&fildesc_cdevsw, 0, UID_ROOT, GID_WHEEL, 0666, "stdin");
1682 make_dev(&fildesc_cdevsw, 1, UID_ROOT, GID_WHEEL, 0666, "stdout");
1683 make_dev(&fildesc_cdevsw, 2, UID_ROOT, GID_WHEEL, 0666, "stderr");
1686 struct fileops badfileops = {
1710 badfo_ioctl(struct file *fp, u_long com, caddr_t data, struct thread *td)
1716 badfo_poll(struct file *fp, int events, struct ucred *cred, struct thread *td)
1722 badfo_kqfilter(struct file *fp, struct knote *kn)
1728 badfo_stat(struct file *fp, struct stat *sb, struct thread *td)
1734 badfo_close(struct file *fp, struct thread *td)
1739 SYSINIT(fildescdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,
1740 fildesc_drvinit,NULL)
projects / dragonfly.git / blob