2 * Copyright (c) 1982, 1986, 1989, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * From: @(#)uipc_usrreq.c 8.3 (Berkeley) 1/4/94
30 * $FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.54.2.10 2003/03/04 17:28:09 nectar Exp $
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/kernel.h>
36 #include <sys/domain.h>
37 #include <sys/fcntl.h>
38 #include <sys/malloc.h> /* XXX must be before <sys/file.h> */
41 #include <sys/filedesc.h>
43 #include <sys/nlookup.h>
44 #include <sys/protosw.h>
45 #include <sys/socket.h>
46 #include <sys/socketvar.h>
47 #include <sys/resourcevar.h>
49 #include <sys/mount.h>
50 #include <sys/sysctl.h>
52 #include <sys/unpcb.h>
53 #include <sys/vnode.h>
55 #include <sys/file2.h>
56 #include <sys/spinlock2.h>
57 #include <sys/socketvar2.h>
58 #include <sys/msgport2.h>
60 #define UNP_DETACHED UNP_PRIVATE1
61 #define UNP_CONNECTING UNP_PRIVATE2
63 #define UNP_ISATTACHED(unp) \
64 ((unp) != NULL && ((unp)->unp_flags & UNP_DETACHED) == 0)
67 #define UNP_ASSERT_TOKEN_HELD(unp) \
68 ASSERT_LWKT_TOKEN_HELD(lwkt_token_pool_lookup((unp)))
69 #else /* !INVARIANTS */
70 #define UNP_ASSERT_TOKEN_HELD(unp)
71 #endif /* INVARIANTS */
73 typedef struct unp_defdiscard {
74 struct unp_defdiscard *next;
78 static MALLOC_DEFINE(M_UNPCB, "unpcb", "unpcb struct");
79 static unp_gen_t unp_gencnt;
80 static u_int unp_count;
82 static struct unp_head unp_shead, unp_dhead;
84 static struct lwkt_token unp_token = LWKT_TOKEN_INITIALIZER(unp_token);
85 static int unp_defdiscard_nest;
86 static unp_defdiscard_t unp_defdiscard_base;
89 * Unix communications domain.
93 * rethink name space problems
94 * need a proper out-of-band
97 static struct sockaddr sun_noname = { sizeof(sun_noname), AF_LOCAL };
98 static ino_t unp_ino = 1; /* prototype for fake inode numbers */
99 static struct spinlock unp_ino_spin = SPINLOCK_INITIALIZER(&unp_ino_spin, "unp_ino_spin");
101 static int unp_attach (struct socket *, struct pru_attach_info *);
102 static void unp_detach (struct unpcb *);
103 static int unp_bind (struct unpcb *,struct sockaddr *, struct thread *);
104 static int unp_connect (struct socket *,struct sockaddr *,
106 static void unp_disconnect (struct unpcb *);
107 static void unp_shutdown (struct unpcb *);
108 static void unp_drop (struct unpcb *, int);
109 static void unp_gc (void);
110 static int unp_gc_clearmarks(struct file *, void *);
111 static int unp_gc_checkmarks(struct file *, void *);
112 static int unp_gc_checkrefs(struct file *, void *);
113 static int unp_revoke_gc_check(struct file *, void *);
114 static void unp_scan (struct mbuf *, void (*)(struct file *, void *),
116 static void unp_mark (struct file *, void *data);
117 static void unp_discard (struct file *, void *);
118 static int unp_internalize (struct mbuf *, struct thread *);
119 static int unp_listen (struct unpcb *, struct thread *);
120 static void unp_fp_externalize(struct lwp *lp, struct file *fp, int fd);
121 static int unp_find_lockref(struct sockaddr *nam, struct thread *td,
122 short type, struct unpcb **unp_ret);
123 static int unp_connect_pair(struct unpcb *unp, struct unpcb *unp2);
126 * SMP Considerations:
128 * Since unp_token will be automaticly released upon execution of
129 * blocking code, we need to reference unp_conn before any possible
130 * blocking code to prevent it from being ripped behind our back.
132 * Any adjustment to unp->unp_conn requires both the global unp_token
133 * AND the per-unp token (lwkt_token_pool_lookup(unp)) to be held.
135 * Any access to so_pcb to obtain unp requires the pool token for
139 /* NOTE: unp_token MUST be held */
141 unp_reference(struct unpcb *unp)
143 atomic_add_int(&unp->unp_refcnt, 1);
146 /* NOTE: unp_token MUST be held */
148 unp_free(struct unpcb *unp)
150 KKASSERT(unp->unp_refcnt > 0);
151 if (atomic_fetchadd_int(&unp->unp_refcnt, -1) == 1)
155 static __inline struct unpcb *
156 unp_getsocktoken(struct socket *so)
161 * The unp pointer is invalid until we verify that it is
162 * good by re-checking so_pcb AFTER obtaining the token.
164 while ((unp = so->so_pcb) != NULL) {
165 lwkt_getpooltoken(unp);
166 if (unp == so->so_pcb)
168 lwkt_relpooltoken(unp);
174 unp_reltoken(struct unpcb *unp)
177 lwkt_relpooltoken(unp);
181 unp_setflags(struct unpcb *unp, int flags)
183 atomic_set_int(&unp->unp_flags, flags);
187 unp_clrflags(struct unpcb *unp, int flags)
189 atomic_clear_int(&unp->unp_flags, flags);
193 * NOTE: (so) is referenced from soabort*() and netmsg_pru_abort()
194 * will sofree() it when we return.
197 uipc_abort(netmsg_t msg)
202 lwkt_gettoken(&unp_token);
203 unp = unp_getsocktoken(msg->base.nm_so);
205 if (UNP_ISATTACHED(unp)) {
206 unp_setflags(unp, UNP_DETACHED);
207 unp_drop(unp, ECONNABORTED);
215 lwkt_reltoken(&unp_token);
217 lwkt_replymsg(&msg->lmsg, error);
221 uipc_accept(netmsg_t msg)
226 lwkt_gettoken(&unp_token);
227 unp = msg->base.nm_so->so_pcb;
228 if (!UNP_ISATTACHED(unp)) {
231 struct unpcb *unp2 = unp->unp_conn;
234 * Pass back name of connected socket,
235 * if it was bound and we are still connected
236 * (our peer may have closed already!).
238 if (unp2 && unp2->unp_addr) {
240 *msg->accept.nm_nam = dup_sockaddr(
241 (struct sockaddr *)unp2->unp_addr);
244 *msg->accept.nm_nam = dup_sockaddr(&sun_noname);
248 lwkt_reltoken(&unp_token);
249 lwkt_replymsg(&msg->lmsg, error);
253 uipc_attach(netmsg_t msg)
258 lwkt_gettoken(&unp_token);
259 unp = msg->base.nm_so->so_pcb;
260 KASSERT(unp == NULL, ("double unp attach"));
261 error = unp_attach(msg->base.nm_so, msg->attach.nm_ai);
262 lwkt_reltoken(&unp_token);
263 lwkt_replymsg(&msg->lmsg, error);
267 uipc_bind(netmsg_t msg)
272 lwkt_gettoken(&unp_token);
273 unp = msg->base.nm_so->so_pcb;
274 if (UNP_ISATTACHED(unp))
275 error = unp_bind(unp, msg->bind.nm_nam, msg->bind.nm_td);
278 lwkt_reltoken(&unp_token);
279 lwkt_replymsg(&msg->lmsg, error);
283 uipc_connect(netmsg_t msg)
287 error = unp_connect(msg->base.nm_so, msg->connect.nm_nam,
289 lwkt_replymsg(&msg->lmsg, error);
293 uipc_connect2(netmsg_t msg)
297 error = unp_connect2(msg->connect2.nm_so1, msg->connect2.nm_so2);
298 lwkt_replymsg(&msg->lmsg, error);
301 /* control is EOPNOTSUPP */
304 uipc_detach(netmsg_t msg)
309 lwkt_gettoken(&unp_token);
310 unp = unp_getsocktoken(msg->base.nm_so);
312 if (UNP_ISATTACHED(unp)) {
313 unp_setflags(unp, UNP_DETACHED);
321 lwkt_reltoken(&unp_token);
323 lwkt_replymsg(&msg->lmsg, error);
327 uipc_disconnect(netmsg_t msg)
332 lwkt_gettoken(&unp_token);
333 unp = msg->base.nm_so->so_pcb;
334 if (UNP_ISATTACHED(unp)) {
340 lwkt_reltoken(&unp_token);
341 lwkt_replymsg(&msg->lmsg, error);
345 uipc_listen(netmsg_t msg)
350 lwkt_gettoken(&unp_token);
351 unp = msg->base.nm_so->so_pcb;
352 if (!UNP_ISATTACHED(unp) || unp->unp_vnode == NULL)
355 error = unp_listen(unp, msg->listen.nm_td);
356 lwkt_reltoken(&unp_token);
357 lwkt_replymsg(&msg->lmsg, error);
361 uipc_peeraddr(netmsg_t msg)
366 lwkt_gettoken(&unp_token);
367 unp = msg->base.nm_so->so_pcb;
368 if (!UNP_ISATTACHED(unp)) {
370 } else if (unp->unp_conn && unp->unp_conn->unp_addr) {
371 struct unpcb *unp2 = unp->unp_conn;
374 *msg->peeraddr.nm_nam = dup_sockaddr(
375 (struct sockaddr *)unp2->unp_addr);
380 * XXX: It seems that this test always fails even when
381 * connection is established. So, this else clause is
382 * added as workaround to return PF_LOCAL sockaddr.
384 *msg->peeraddr.nm_nam = dup_sockaddr(&sun_noname);
387 lwkt_reltoken(&unp_token);
388 lwkt_replymsg(&msg->lmsg, error);
392 uipc_rcvd(netmsg_t msg)
394 struct unpcb *unp, *unp2;
400 * so_pcb is only modified with both the global and the unp
403 so = msg->base.nm_so;
404 unp = unp_getsocktoken(so);
406 if (!UNP_ISATTACHED(unp)) {
411 switch (so->so_type) {
413 panic("uipc_rcvd DGRAM?");
417 if (unp->unp_conn == NULL)
419 unp2 = unp->unp_conn; /* protected by pool token */
422 * Because we are transfering mbufs directly to the
423 * peer socket we have to use SSB_STOP on the sender
424 * to prevent it from building up infinite mbufs.
426 * As in several places in this module w ehave to ref unp2
427 * to ensure that it does not get ripped out from under us
428 * if we block on the so2 token or in sowwakeup().
430 so2 = unp2->unp_socket;
432 lwkt_gettoken(&so2->so_rcv.ssb_token);
433 if (so->so_rcv.ssb_cc < so2->so_snd.ssb_hiwat &&
434 so->so_rcv.ssb_mbcnt < so2->so_snd.ssb_mbmax
436 atomic_clear_int(&so2->so_snd.ssb_flags, SSB_STOP);
440 lwkt_reltoken(&so2->so_rcv.ssb_token);
444 panic("uipc_rcvd unknown socktype");
450 lwkt_replymsg(&msg->lmsg, error);
453 /* pru_rcvoob is EOPNOTSUPP */
456 uipc_send(netmsg_t msg)
458 struct unpcb *unp, *unp2;
461 struct mbuf *control;
465 so = msg->base.nm_so;
466 control = msg->send.nm_control;
470 * so_pcb is only modified with both the global and the unp
473 so = msg->base.nm_so;
474 unp = unp_getsocktoken(so);
476 if (!UNP_ISATTACHED(unp)) {
481 if (msg->send.nm_flags & PRUS_OOB) {
486 wakeup_start_delayed();
488 if (control && (error = unp_internalize(control, msg->send.nm_td)))
491 switch (so->so_type) {
494 struct sockaddr *from;
496 if (msg->send.nm_addr) {
501 error = unp_find_lockref(msg->send.nm_addr,
502 msg->send.nm_td, so->so_type, &unp2);
507 * unp2 is locked and referenced.
509 * We could unlock unp2 now, since it was checked
514 if (unp->unp_conn == NULL) {
519 unp2 = unp->unp_conn;
522 /* NOTE: unp2 is referenced. */
523 so2 = unp2->unp_socket;
526 from = (struct sockaddr *)unp->unp_addr;
530 lwkt_gettoken(&so2->so_rcv.ssb_token);
531 if (ssb_appendaddr(&so2->so_rcv, from, m, control)) {
538 lwkt_reltoken(&so2->so_rcv.ssb_token);
546 /* Connect if not connected yet. */
548 * Note: A better implementation would complain
549 * if not equal to the peer's address.
551 if (!(so->so_state & SS_ISCONNECTED)) {
552 if (msg->send.nm_addr) {
553 error = unp_connect(so,
564 if (so->so_state & SS_CANTSENDMORE) {
568 if (unp->unp_conn == NULL)
569 panic("uipc_send connected but no connection?");
570 unp2 = unp->unp_conn;
571 so2 = unp2->unp_socket;
576 * Send to paired receive port, and then reduce
577 * send buffer hiwater marks to maintain backpressure.
580 lwkt_gettoken(&so2->so_rcv.ssb_token);
582 if (ssb_appendcontrol(&so2->so_rcv, m, control)) {
586 } else if (so->so_type == SOCK_SEQPACKET) {
587 sbappendrecord(&so2->so_rcv.sb, m);
590 sbappend(&so2->so_rcv.sb, m);
595 * Because we are transfering mbufs directly to the
596 * peer socket we have to use SSB_STOP on the sender
597 * to prevent it from building up infinite mbufs.
599 if (so2->so_rcv.ssb_cc >= so->so_snd.ssb_hiwat ||
600 so2->so_rcv.ssb_mbcnt >= so->so_snd.ssb_mbmax
602 atomic_set_int(&so->so_snd.ssb_flags, SSB_STOP);
604 lwkt_reltoken(&so2->so_rcv.ssb_token);
611 panic("uipc_send unknown socktype");
615 * SEND_EOF is equivalent to a SEND followed by a SHUTDOWN.
617 if (msg->send.nm_flags & PRUS_EOF) {
622 if (control && error != 0)
623 unp_dispose(control);
626 wakeup_end_delayed();
632 lwkt_replymsg(&msg->lmsg, error);
639 uipc_sense(netmsg_t msg)
646 so = msg->base.nm_so;
647 sb = msg->sense.nm_stat;
650 * so_pcb is only modified with both the global and the unp
653 unp = unp_getsocktoken(so);
655 if (!UNP_ISATTACHED(unp)) {
660 sb->st_blksize = so->so_snd.ssb_hiwat;
662 if (unp->unp_ino == 0) { /* make up a non-zero inode number */
663 spin_lock(&unp_ino_spin);
664 unp->unp_ino = unp_ino++;
665 spin_unlock(&unp_ino_spin);
667 sb->st_ino = unp->unp_ino;
671 lwkt_replymsg(&msg->lmsg, error);
675 uipc_shutdown(netmsg_t msg)
682 * so_pcb is only modified with both the global and the unp
685 so = msg->base.nm_so;
686 unp = unp_getsocktoken(so);
688 if (UNP_ISATTACHED(unp)) {
697 lwkt_replymsg(&msg->lmsg, error);
701 uipc_sockaddr(netmsg_t msg)
708 * so_pcb is only modified with both the global and the unp
711 so = msg->base.nm_so;
712 unp = unp_getsocktoken(so);
714 if (UNP_ISATTACHED(unp)) {
716 *msg->sockaddr.nm_nam =
717 dup_sockaddr((struct sockaddr *)unp->unp_addr);
725 lwkt_replymsg(&msg->lmsg, error);
728 struct pr_usrreqs uipc_usrreqs = {
729 .pru_abort = uipc_abort,
730 .pru_accept = uipc_accept,
731 .pru_attach = uipc_attach,
732 .pru_bind = uipc_bind,
733 .pru_connect = uipc_connect,
734 .pru_connect2 = uipc_connect2,
735 .pru_control = pr_generic_notsupp,
736 .pru_detach = uipc_detach,
737 .pru_disconnect = uipc_disconnect,
738 .pru_listen = uipc_listen,
739 .pru_peeraddr = uipc_peeraddr,
740 .pru_rcvd = uipc_rcvd,
741 .pru_rcvoob = pr_generic_notsupp,
742 .pru_send = uipc_send,
743 .pru_sense = uipc_sense,
744 .pru_shutdown = uipc_shutdown,
745 .pru_sockaddr = uipc_sockaddr,
746 .pru_sosend = sosend,
747 .pru_soreceive = soreceive
751 uipc_ctloutput(netmsg_t msg)
754 struct sockopt *sopt;
758 lwkt_gettoken(&unp_token);
759 so = msg->base.nm_so;
760 sopt = msg->ctloutput.nm_sopt;
763 switch (sopt->sopt_dir) {
765 switch (sopt->sopt_name) {
767 if (unp->unp_flags & UNP_HAVEPC)
768 soopt_from_kbuf(sopt, &unp->unp_peercred,
769 sizeof(unp->unp_peercred));
771 if (so->so_type == SOCK_STREAM)
773 else if (so->so_type == SOCK_SEQPACKET)
789 lwkt_reltoken(&unp_token);
790 lwkt_replymsg(&msg->lmsg, error);
794 * Both send and receive buffers are allocated PIPSIZ bytes of buffering
795 * for stream sockets, although the total for sender and receiver is
796 * actually only PIPSIZ.
798 * Datagram sockets really use the sendspace as the maximum datagram size,
799 * and don't really want to reserve the sendspace. Their recvspace should
800 * be large enough for at least one max-size datagram plus address.
802 * We want the local send/recv space to be significant larger then lo0's
808 static u_long unpst_sendspace = PIPSIZ;
809 static u_long unpst_recvspace = PIPSIZ;
810 static u_long unpdg_sendspace = 2*1024; /* really max datagram size */
811 static u_long unpdg_recvspace = 4*1024;
813 static int unp_rights; /* file descriptors in flight */
814 static struct spinlock unp_spin = SPINLOCK_INITIALIZER(&unp_spin, "unp_spin");
816 SYSCTL_DECL(_net_local_seqpacket);
817 SYSCTL_DECL(_net_local_stream);
818 SYSCTL_INT(_net_local_stream, OID_AUTO, sendspace, CTLFLAG_RW,
819 &unpst_sendspace, 0, "Size of stream socket send buffer");
820 SYSCTL_INT(_net_local_stream, OID_AUTO, recvspace, CTLFLAG_RW,
821 &unpst_recvspace, 0, "Size of stream socket receive buffer");
823 SYSCTL_DECL(_net_local_dgram);
824 SYSCTL_INT(_net_local_dgram, OID_AUTO, maxdgram, CTLFLAG_RW,
825 &unpdg_sendspace, 0, "Max datagram socket size");
826 SYSCTL_INT(_net_local_dgram, OID_AUTO, recvspace, CTLFLAG_RW,
827 &unpdg_recvspace, 0, "Size of datagram socket receive buffer");
829 SYSCTL_DECL(_net_local);
830 SYSCTL_INT(_net_local, OID_AUTO, inflight, CTLFLAG_RD, &unp_rights, 0,
831 "File descriptors in flight");
834 unp_attach(struct socket *so, struct pru_attach_info *ai)
839 lwkt_gettoken(&unp_token);
841 if (so->so_snd.ssb_hiwat == 0 || so->so_rcv.ssb_hiwat == 0) {
842 switch (so->so_type) {
845 error = soreserve(so, unpst_sendspace, unpst_recvspace,
850 error = soreserve(so, unpdg_sendspace, unpdg_recvspace,
862 * In order to support sendfile we have to set either SSB_STOPSUPP
863 * or SSB_PREALLOC. Unix domain sockets use the SSB_STOP flow
866 if (so->so_type == SOCK_STREAM) {
867 atomic_set_int(&so->so_rcv.ssb_flags, SSB_STOPSUPP);
868 atomic_set_int(&so->so_snd.ssb_flags, SSB_STOPSUPP);
871 unp = kmalloc(sizeof(*unp), M_UNPCB, M_WAITOK | M_ZERO | M_NULLOK);
877 unp->unp_gencnt = ++unp_gencnt;
879 LIST_INIT(&unp->unp_refs);
880 unp->unp_socket = so;
881 unp->unp_rvnode = ai->fd_rdir; /* jail cruft XXX JH */
882 LIST_INSERT_HEAD(so->so_type == SOCK_DGRAM ? &unp_dhead
883 : &unp_shead, unp, unp_link);
884 so->so_pcb = (caddr_t)unp;
888 lwkt_reltoken(&unp_token);
893 unp_detach(struct unpcb *unp)
897 lwkt_gettoken(&unp_token);
898 lwkt_getpooltoken(unp);
900 LIST_REMOVE(unp, unp_link); /* both tokens required */
901 unp->unp_gencnt = ++unp_gencnt;
903 if (unp->unp_vnode) {
904 unp->unp_vnode->v_socket = NULL;
905 vrele(unp->unp_vnode);
906 unp->unp_vnode = NULL;
910 while (!LIST_EMPTY(&unp->unp_refs))
911 unp_drop(LIST_FIRST(&unp->unp_refs), ECONNRESET);
912 soisdisconnected(unp->unp_socket);
913 so = unp->unp_socket;
914 soreference(so); /* for delayed sorflush */
915 KKASSERT(so->so_pcb == unp);
916 so->so_pcb = NULL; /* both tokens required */
917 unp->unp_socket = NULL;
918 sofree(so); /* remove pcb ref */
922 * Normally the receive buffer is flushed later,
923 * in sofree, but if our receive buffer holds references
924 * to descriptors that are now garbage, we will dispose
925 * of those descriptor references after the garbage collector
926 * gets them (resulting in a "panic: closef: count < 0").
932 lwkt_relpooltoken(unp);
933 lwkt_reltoken(&unp_token);
936 kfree(unp->unp_addr, M_SONAME);
941 unp_bind(struct unpcb *unp, struct sockaddr *nam, struct thread *td)
943 struct proc *p = td->td_proc;
944 struct sockaddr_un *soun = (struct sockaddr_un *)nam;
948 struct nlookupdata nd;
949 char buf[SOCK_MAXADDRLEN];
951 lwkt_gettoken(&unp_token);
952 if (unp->unp_vnode != NULL) {
956 namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path);
961 strncpy(buf, soun->sun_path, namelen);
962 buf[namelen] = 0; /* null-terminate the string */
963 error = nlookup_init(&nd, buf, UIO_SYSSPACE,
964 NLC_LOCKVP | NLC_CREATE | NLC_REFDVP);
966 error = nlookup(&nd);
967 if (error == 0 && nd.nl_nch.ncp->nc_vp != NULL)
973 vattr.va_type = VSOCK;
974 vattr.va_mode = (ACCESSPERMS & ~p->p_fd->fd_cmask);
975 error = VOP_NCREATE(&nd.nl_nch, nd.nl_dvp, &vp, nd.nl_cred, &vattr);
977 if (unp->unp_vnode == NULL) {
978 vp->v_socket = unp->unp_socket;
980 unp->unp_addr = (struct sockaddr_un *)dup_sockaddr(nam);
983 vput(vp); /* late race */
990 lwkt_reltoken(&unp_token);
995 unp_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
997 struct unpcb *unp, *unp2;
998 int error, flags = 0;
1000 lwkt_gettoken(&unp_token);
1002 unp = unp_getsocktoken(so);
1003 if (!UNP_ISATTACHED(unp)) {
1008 if ((unp->unp_flags & UNP_CONNECTING) || unp->unp_conn != NULL) {
1013 flags = UNP_CONNECTING;
1014 unp_setflags(unp, flags);
1016 error = unp_find_lockref(nam, td, so->so_type, &unp2);
1021 * unp2 is locked and referenced.
1024 if (so->so_proto->pr_flags & PR_CONNREQUIRED) {
1025 struct socket *so2, *so3;
1028 so2 = unp2->unp_socket;
1029 if (!(so2->so_options & SO_ACCEPTCONN) ||
1030 (so3 = sonewconn_faddr(so2, 0, NULL,
1031 TRUE /* keep ref */)) == NULL) {
1032 error = ECONNREFUSED;
1035 /* so3 has a socket reference. */
1037 unp3 = unp_getsocktoken(so3);
1038 if (!UNP_ISATTACHED(unp3)) {
1041 * Already aborted; we only need to drop the
1042 * socket reference held by sonewconn_faddr().
1045 error = ECONNREFUSED;
1048 unp_reference(unp3);
1051 * unp3 is locked and referenced.
1055 * Release so3 socket reference held by sonewconn_faddr().
1056 * Since we have referenced unp3, neither unp3 nor so3 will
1057 * be destroyed here.
1061 if (unp2->unp_addr != NULL) {
1062 unp3->unp_addr = (struct sockaddr_un *)
1063 dup_sockaddr((struct sockaddr *)unp2->unp_addr);
1067 * unp_peercred management:
1069 * The connecter's (client's) credentials are copied
1070 * from its process structure at the time of connect()
1073 cru2x(td->td_proc->p_ucred, &unp3->unp_peercred);
1074 unp_setflags(unp3, UNP_HAVEPC);
1076 * The receiver's (server's) credentials are copied
1077 * from the unp_peercred member of socket on which the
1078 * former called listen(); unp_listen() cached that
1079 * process's credentials at that time so we can use
1082 KASSERT(unp2->unp_flags & UNP_HAVEPCCACHED,
1083 ("unp_connect: listener without cached peercred"));
1084 memcpy(&unp->unp_peercred, &unp2->unp_peercred,
1085 sizeof(unp->unp_peercred));
1086 unp_setflags(unp, UNP_HAVEPC);
1088 error = unp_connect_pair(unp, unp3);
1090 /* XXX we need a better name */
1094 /* Done with unp3 */
1098 error = unp_connect_pair(unp, unp2);
1105 unp_clrflags(unp, flags);
1108 lwkt_reltoken(&unp_token);
1113 * Connect two unix domain sockets together.
1115 * NOTE: Semantics for any change to unp_conn requires that the per-unp
1116 * pool token also be held.
1119 unp_connect2(struct socket *so, struct socket *so2)
1121 struct unpcb *unp, *unp2;
1124 lwkt_gettoken(&unp_token);
1125 if (so2->so_type != so->so_type) {
1126 lwkt_reltoken(&unp_token);
1127 return (EPROTOTYPE);
1129 unp = unp_getsocktoken(so);
1130 unp2 = unp_getsocktoken(so2);
1132 if (!UNP_ISATTACHED(unp)) {
1136 if (!UNP_ISATTACHED(unp2)) {
1137 error = ECONNREFUSED;
1141 if (unp->unp_conn != NULL) {
1145 if ((so->so_type == SOCK_STREAM || so->so_type == SOCK_SEQPACKET) &&
1146 unp2->unp_conn != NULL) {
1151 error = unp_connect_pair(unp, unp2);
1155 lwkt_reltoken(&unp_token);
1160 * Disconnect a unix domain socket pair.
1162 * NOTE: Semantics for any change to unp_conn requires that the per-unp
1163 * pool token also be held.
1166 unp_disconnect(struct unpcb *unp)
1170 lwkt_gettoken(&unp_token);
1171 lwkt_getpooltoken(unp);
1173 while ((unp2 = unp->unp_conn) != NULL) {
1174 lwkt_getpooltoken(unp2);
1175 if (unp2 == unp->unp_conn)
1177 lwkt_relpooltoken(unp2);
1182 unp->unp_conn = NULL;
1184 switch (unp->unp_socket->so_type) {
1186 LIST_REMOVE(unp, unp_reflink);
1187 soclrstate(unp->unp_socket, SS_ISCONNECTED);
1191 case SOCK_SEQPACKET:
1192 unp_reference(unp2);
1193 unp2->unp_conn = NULL;
1195 soisdisconnected(unp->unp_socket);
1196 soisdisconnected(unp2->unp_socket);
1201 lwkt_relpooltoken(unp2);
1203 lwkt_relpooltoken(unp);
1204 lwkt_reltoken(&unp_token);
1209 unp_abort(struct unpcb *unp)
1211 lwkt_gettoken(&unp_token);
1213 lwkt_reltoken(&unp_token);
1218 prison_unpcb(struct thread *td, struct unpcb *unp)
1224 if ((p = td->td_proc) == NULL)
1226 if (!p->p_ucred->cr_prison)
1228 if (p->p_fd->fd_rdir == unp->unp_rvnode)
1234 unp_pcblist(SYSCTL_HANDLER_ARGS)
1237 struct unpcb *unp, **unp_list;
1239 struct unp_head *head;
1241 head = ((intptr_t)arg1 == SOCK_DGRAM ? &unp_dhead : &unp_shead);
1243 KKASSERT(curproc != NULL);
1246 * The process of preparing the PCB list is too time-consuming and
1247 * resource-intensive to repeat twice on every request.
1249 if (req->oldptr == NULL) {
1251 req->oldidx = (n + n/8) * sizeof(struct xunpcb);
1255 if (req->newptr != NULL)
1258 lwkt_gettoken(&unp_token);
1261 * OK, now we're committed to doing something.
1263 gencnt = unp_gencnt;
1266 unp_list = kmalloc(n * sizeof *unp_list, M_TEMP, M_WAITOK);
1268 for (unp = LIST_FIRST(head), i = 0; unp && i < n;
1269 unp = LIST_NEXT(unp, unp_link)) {
1270 if (unp->unp_gencnt <= gencnt && !prison_unpcb(req->td, unp))
1271 unp_list[i++] = unp;
1273 n = i; /* in case we lost some during malloc */
1276 for (i = 0; i < n; i++) {
1278 if (unp->unp_gencnt <= gencnt) {
1280 xu.xu_len = sizeof xu;
1283 * XXX - need more locking here to protect against
1284 * connect/disconnect races for SMP.
1287 bcopy(unp->unp_addr, &xu.xu_addr,
1288 unp->unp_addr->sun_len);
1289 if (unp->unp_conn && unp->unp_conn->unp_addr)
1290 bcopy(unp->unp_conn->unp_addr,
1292 unp->unp_conn->unp_addr->sun_len);
1293 bcopy(unp, &xu.xu_unp, sizeof *unp);
1294 sotoxsocket(unp->unp_socket, &xu.xu_socket);
1295 error = SYSCTL_OUT(req, &xu, sizeof xu);
1298 lwkt_reltoken(&unp_token);
1299 kfree(unp_list, M_TEMP);
1304 SYSCTL_PROC(_net_local_dgram, OID_AUTO, pcblist, CTLFLAG_RD,
1305 (caddr_t)(long)SOCK_DGRAM, 0, unp_pcblist, "S,xunpcb",
1306 "List of active local datagram sockets");
1307 SYSCTL_PROC(_net_local_stream, OID_AUTO, pcblist, CTLFLAG_RD,
1308 (caddr_t)(long)SOCK_STREAM, 0, unp_pcblist, "S,xunpcb",
1309 "List of active local stream sockets");
1310 SYSCTL_PROC(_net_local_seqpacket, OID_AUTO, pcblist, CTLFLAG_RD,
1311 (caddr_t)(long)SOCK_SEQPACKET, 0, unp_pcblist, "S,xunpcb",
1312 "List of active local seqpacket stream sockets");
1315 unp_shutdown(struct unpcb *unp)
1319 if ((unp->unp_socket->so_type == SOCK_STREAM ||
1320 unp->unp_socket->so_type == SOCK_SEQPACKET) &&
1321 unp->unp_conn != NULL && (so = unp->unp_conn->unp_socket)) {
1327 unp_drop(struct unpcb *unp, int err)
1329 struct socket *so = unp->unp_socket;
1332 unp_disconnect(unp);
1339 lwkt_gettoken(&unp_token);
1340 lwkt_reltoken(&unp_token);
1345 unp_externalize(struct mbuf *rights)
1347 struct thread *td = curthread;
1348 struct proc *p = td->td_proc; /* XXX */
1349 struct lwp *lp = td->td_lwp;
1350 struct cmsghdr *cm = mtod(rights, struct cmsghdr *);
1355 int newfds = (cm->cmsg_len - (CMSG_DATA(cm) - (u_char *)cm))
1356 / sizeof (struct file *);
1359 lwkt_gettoken(&unp_token);
1362 * if the new FD's will not fit, then we free them all
1364 if (!fdavail(p, newfds)) {
1365 rp = (struct file **)CMSG_DATA(cm);
1366 for (i = 0; i < newfds; i++) {
1369 * zero the pointer before calling unp_discard,
1370 * since it may end up in unp_gc()..
1373 unp_discard(fp, NULL);
1375 lwkt_reltoken(&unp_token);
1380 * now change each pointer to an fd in the global table to
1381 * an integer that is the index to the local fd table entry
1382 * that we set up to point to the global one we are transferring.
1383 * If sizeof (struct file *) is bigger than or equal to sizeof int,
1384 * then do it in forward order. In that case, an integer will
1385 * always come in the same place or before its corresponding
1386 * struct file pointer.
1387 * If sizeof (struct file *) is smaller than sizeof int, then
1388 * do it in reverse order.
1390 if (sizeof (struct file *) >= sizeof (int)) {
1391 fdp = (int *)CMSG_DATA(cm);
1392 rp = (struct file **)CMSG_DATA(cm);
1393 for (i = 0; i < newfds; i++) {
1394 if (fdalloc(p, 0, &f))
1395 panic("unp_externalize");
1397 unp_fp_externalize(lp, fp, f);
1401 fdp = (int *)CMSG_DATA(cm) + newfds - 1;
1402 rp = (struct file **)CMSG_DATA(cm) + newfds - 1;
1403 for (i = 0; i < newfds; i++) {
1404 if (fdalloc(p, 0, &f))
1405 panic("unp_externalize");
1407 unp_fp_externalize(lp, fp, f);
1413 * Adjust length, in case sizeof(struct file *) and sizeof(int)
1416 cm->cmsg_len = CMSG_LEN(newfds * sizeof(int));
1417 rights->m_len = cm->cmsg_len;
1419 lwkt_reltoken(&unp_token);
1424 unp_fp_externalize(struct lwp *lp, struct file *fp, int fd)
1429 lwkt_gettoken(&unp_token);
1433 if (fp->f_flag & FREVOKED) {
1434 kprintf("Warning: revoked fp exiting unix socket\n");
1436 error = falloc(lp, &fx, NULL);
1438 fsetfd(lp->lwp_proc->p_fd, fx, fd);
1440 fsetfd(lp->lwp_proc->p_fd, NULL, fd);
1443 fsetfd(lp->lwp_proc->p_fd, fp, fd);
1446 spin_lock(&unp_spin);
1449 spin_unlock(&unp_spin);
1452 lwkt_reltoken(&unp_token);
1459 LIST_INIT(&unp_dhead);
1460 LIST_INIT(&unp_shead);
1461 spin_init(&unp_spin, "unpinit");
1465 unp_internalize(struct mbuf *control, struct thread *td)
1467 struct proc *p = td->td_proc;
1468 struct filedesc *fdescp;
1469 struct cmsghdr *cm = mtod(control, struct cmsghdr *);
1473 struct cmsgcred *cmcred;
1479 lwkt_gettoken(&unp_token);
1482 if ((cm->cmsg_type != SCM_RIGHTS && cm->cmsg_type != SCM_CREDS) ||
1483 cm->cmsg_level != SOL_SOCKET ||
1484 CMSG_ALIGN(cm->cmsg_len) != control->m_len) {
1490 * Fill in credential information.
1492 if (cm->cmsg_type == SCM_CREDS) {
1493 cmcred = (struct cmsgcred *)CMSG_DATA(cm);
1494 cmcred->cmcred_pid = p->p_pid;
1495 cmcred->cmcred_uid = p->p_ucred->cr_ruid;
1496 cmcred->cmcred_gid = p->p_ucred->cr_rgid;
1497 cmcred->cmcred_euid = p->p_ucred->cr_uid;
1498 cmcred->cmcred_ngroups = MIN(p->p_ucred->cr_ngroups,
1500 for (i = 0; i < cmcred->cmcred_ngroups; i++)
1501 cmcred->cmcred_groups[i] = p->p_ucred->cr_groups[i];
1507 * cmsghdr may not be aligned, do not allow calculation(s) to
1510 if (cm->cmsg_len < CMSG_LEN(0)) {
1515 oldfds = (cm->cmsg_len - CMSG_LEN(0)) / sizeof (int);
1518 * check that all the FDs passed in refer to legal OPEN files
1519 * If not, reject the entire operation.
1521 fdp = (int *)CMSG_DATA(cm);
1522 for (i = 0; i < oldfds; i++) {
1524 if ((unsigned)fd >= fdescp->fd_nfiles ||
1525 fdescp->fd_files[fd].fp == NULL) {
1529 if (fdescp->fd_files[fd].fp->f_type == DTYPE_KQUEUE) {
1535 * Now replace the integer FDs with pointers to
1536 * the associated global file table entry..
1537 * Allocate a bigger buffer as necessary. But if an cluster is not
1538 * enough, return E2BIG.
1540 newlen = CMSG_LEN(oldfds * sizeof(struct file *));
1541 if (newlen > MCLBYTES) {
1545 if (newlen - control->m_len > M_TRAILINGSPACE(control)) {
1546 if (control->m_flags & M_EXT) {
1550 MCLGET(control, M_WAITOK);
1551 if (!(control->m_flags & M_EXT)) {
1556 /* copy the data to the cluster */
1557 memcpy(mtod(control, char *), cm, cm->cmsg_len);
1558 cm = mtod(control, struct cmsghdr *);
1562 * Adjust length, in case sizeof(struct file *) and sizeof(int)
1565 cm->cmsg_len = newlen;
1566 control->m_len = CMSG_ALIGN(newlen);
1569 * Transform the file descriptors into struct file pointers.
1570 * If sizeof (struct file *) is bigger than or equal to sizeof int,
1571 * then do it in reverse order so that the int won't get until
1573 * If sizeof (struct file *) is smaller than sizeof int, then
1574 * do it in forward order.
1576 if (sizeof (struct file *) >= sizeof (int)) {
1577 fdp = (int *)CMSG_DATA(cm) + oldfds - 1;
1578 rp = (struct file **)CMSG_DATA(cm) + oldfds - 1;
1579 for (i = 0; i < oldfds; i++) {
1580 fp = fdescp->fd_files[*fdp--].fp;
1583 spin_lock(&unp_spin);
1586 spin_unlock(&unp_spin);
1589 fdp = (int *)CMSG_DATA(cm);
1590 rp = (struct file **)CMSG_DATA(cm);
1591 for (i = 0; i < oldfds; i++) {
1592 fp = fdescp->fd_files[*fdp++].fp;
1595 spin_lock(&unp_spin);
1598 spin_unlock(&unp_spin);
1603 lwkt_reltoken(&unp_token);
1608 * Garbage collect in-transit file descriptors that get lost due to
1609 * loops (i.e. when a socket is sent to another process over itself,
1610 * and more complex situations).
1612 * NOT MPSAFE - TODO socket flush code and maybe closef. Rest is MPSAFE.
1615 struct unp_gc_info {
1616 struct file **extra_ref;
1617 struct file *locked_fp;
1626 struct unp_gc_info info;
1627 static boolean_t unp_gcing;
1632 * Only one gc can be in-progress at any given moment
1634 spin_lock(&unp_spin);
1636 spin_unlock(&unp_spin);
1640 spin_unlock(&unp_spin);
1642 lwkt_gettoken(&unp_token);
1645 * Before going through all this, set all FDs to be NOT defered
1646 * and NOT externally accessible (not marked). During the scan
1647 * a fd can be marked externally accessible but we may or may not
1648 * be able to immediately process it (controlled by FDEFER).
1650 * If we loop sleep a bit. The complexity of the topology can cause
1651 * multiple loops. Also failure to acquire the socket's so_rcv
1652 * token can cause us to loop.
1654 allfiles_scan_exclusive(unp_gc_clearmarks, NULL);
1657 allfiles_scan_exclusive(unp_gc_checkmarks, &info);
1659 tsleep(&info, 0, "gcagain", 1);
1660 } while (info.defer);
1663 * We grab an extra reference to each of the file table entries
1664 * that are not otherwise accessible and then free the rights
1665 * that are stored in messages on them.
1667 * The bug in the orginal code is a little tricky, so I'll describe
1668 * what's wrong with it here.
1670 * It is incorrect to simply unp_discard each entry for f_msgcount
1671 * times -- consider the case of sockets A and B that contain
1672 * references to each other. On a last close of some other socket,
1673 * we trigger a gc since the number of outstanding rights (unp_rights)
1674 * is non-zero. If during the sweep phase the gc code un_discards,
1675 * we end up doing a (full) closef on the descriptor. A closef on A
1676 * results in the following chain. Closef calls soo_close, which
1677 * calls soclose. Soclose calls first (through the switch
1678 * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply
1679 * returns because the previous instance had set unp_gcing, and
1680 * we return all the way back to soclose, which marks the socket
1681 * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush
1682 * to free up the rights that are queued in messages on the socket A,
1683 * i.e., the reference on B. The sorflush calls via the dom_dispose
1684 * switch unp_dispose, which unp_scans with unp_discard. This second
1685 * instance of unp_discard just calls closef on B.
1687 * Well, a similar chain occurs on B, resulting in a sorflush on B,
1688 * which results in another closef on A. Unfortunately, A is already
1689 * being closed, and the descriptor has already been marked with
1690 * SS_NOFDREF, and soclose panics at this point.
1692 * Here, we first take an extra reference to each inaccessible
1693 * descriptor. Then, we call sorflush ourself, since we know
1694 * it is a Unix domain socket anyhow. After we destroy all the
1695 * rights carried in messages, we do a last closef to get rid
1696 * of our extra reference. This is the last close, and the
1697 * unp_detach etc will shut down the socket.
1699 * 91/09/19, bsy@cs.cmu.edu
1701 info.extra_ref = kmalloc(256 * sizeof(struct file *), M_FILE, M_WAITOK);
1702 info.maxindex = 256;
1709 allfiles_scan_exclusive(unp_gc_checkrefs, &info);
1712 * For each FD on our hit list, do the following two things
1714 for (i = info.index, fpp = info.extra_ref; --i >= 0; ++fpp) {
1715 struct file *tfp = *fpp;
1716 if (tfp->f_type == DTYPE_SOCKET && tfp->f_data != NULL)
1717 sorflush((struct socket *)(tfp->f_data));
1719 for (i = info.index, fpp = info.extra_ref; --i >= 0; ++fpp)
1721 } while (info.index == info.maxindex);
1723 lwkt_reltoken(&unp_token);
1725 kfree((caddr_t)info.extra_ref, M_FILE);
1730 * MPSAFE - NOTE: filehead list and file pointer spinlocked on entry
1733 unp_gc_checkrefs(struct file *fp, void *data)
1735 struct unp_gc_info *info = data;
1737 if (fp->f_count == 0)
1739 if (info->index == info->maxindex)
1743 * If all refs are from msgs, and it's not marked accessible
1744 * then it must be referenced from some unreachable cycle
1745 * of (shut-down) FDs, so include it in our
1746 * list of FDs to remove
1748 if (fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) {
1749 info->extra_ref[info->index++] = fp;
1756 * MPSAFE - NOTE: filehead list and file pointer spinlocked on entry
1759 unp_gc_clearmarks(struct file *fp, void *data __unused)
1761 atomic_clear_int(&fp->f_flag, FMARK | FDEFER);
1766 * MPSAFE - NOTE: filehead list and file pointer spinlocked on entry
1769 unp_gc_checkmarks(struct file *fp, void *data)
1771 struct unp_gc_info *info = data;
1775 * If the file is not open, skip it. Make sure it isn't marked
1776 * defered or we could loop forever, in case we somehow race
1779 if (fp->f_count == 0) {
1780 if (fp->f_flag & FDEFER)
1781 atomic_clear_int(&fp->f_flag, FDEFER);
1785 * If we already marked it as 'defer' in a
1786 * previous pass, then try process it this time
1789 if (fp->f_flag & FDEFER) {
1790 atomic_clear_int(&fp->f_flag, FDEFER);
1793 * if it's not defered, then check if it's
1794 * already marked.. if so skip it
1796 if (fp->f_flag & FMARK)
1799 * If all references are from messages
1800 * in transit, then skip it. it's not
1801 * externally accessible.
1803 if (fp->f_count == fp->f_msgcount)
1806 * If it got this far then it must be
1807 * externally accessible.
1809 atomic_set_int(&fp->f_flag, FMARK);
1813 * either it was defered, or it is externally
1814 * accessible and not already marked so.
1815 * Now check if it is possibly one of OUR sockets.
1817 if (fp->f_type != DTYPE_SOCKET ||
1818 (so = (struct socket *)fp->f_data) == NULL) {
1821 if (so->so_proto->pr_domain != &localdomain ||
1822 !(so->so_proto->pr_flags & PR_RIGHTS)) {
1827 * So, Ok, it's one of our sockets and it IS externally accessible
1828 * (or was defered). Now we look to see if we hold any file
1829 * descriptors in its message buffers. Follow those links and mark
1830 * them as accessible too.
1832 * We are holding multiple spinlocks here, if we cannot get the
1833 * token non-blocking defer until the next loop.
1835 info->locked_fp = fp;
1836 if (lwkt_trytoken(&so->so_rcv.ssb_token)) {
1837 unp_scan(so->so_rcv.ssb_mb, unp_mark, info);
1838 lwkt_reltoken(&so->so_rcv.ssb_token);
1840 atomic_set_int(&fp->f_flag, FDEFER);
1847 * Scan all unix domain sockets and replace any revoked file pointers
1848 * found with the dummy file pointer fx. We don't worry about races
1849 * against file pointers being read out as those are handled in the
1853 #define REVOKE_GC_MAXFILES 32
1855 struct unp_revoke_gc_info {
1857 struct file *fary[REVOKE_GC_MAXFILES];
1862 unp_revoke_gc(struct file *fx)
1864 struct unp_revoke_gc_info info;
1867 lwkt_gettoken(&unp_token);
1871 allfiles_scan_exclusive(unp_revoke_gc_check, &info);
1872 for (i = 0; i < info.fcount; ++i)
1873 unp_fp_externalize(NULL, info.fary[i], -1);
1874 } while (info.fcount == REVOKE_GC_MAXFILES);
1875 lwkt_reltoken(&unp_token);
1879 * Check for and replace revoked descriptors.
1881 * WARNING: This routine is not allowed to block.
1884 unp_revoke_gc_check(struct file *fps, void *vinfo)
1886 struct unp_revoke_gc_info *info = vinfo;
1897 * Is this a unix domain socket with rights-passing abilities?
1899 if (fps->f_type != DTYPE_SOCKET)
1901 if ((so = (struct socket *)fps->f_data) == NULL)
1903 if (so->so_proto->pr_domain != &localdomain)
1905 if ((so->so_proto->pr_flags & PR_RIGHTS) == 0)
1909 * Scan the mbufs for control messages and replace any revoked
1910 * descriptors we find.
1912 lwkt_gettoken(&so->so_rcv.ssb_token);
1913 m0 = so->so_rcv.ssb_mb;
1915 for (m = m0; m; m = m->m_next) {
1916 if (m->m_type != MT_CONTROL)
1918 if (m->m_len < sizeof(*cm))
1920 cm = mtod(m, struct cmsghdr *);
1921 if (cm->cmsg_level != SOL_SOCKET ||
1922 cm->cmsg_type != SCM_RIGHTS) {
1925 qfds = (cm->cmsg_len - CMSG_LEN(0)) / sizeof(void *);
1926 rp = (struct file **)CMSG_DATA(cm);
1927 for (i = 0; i < qfds; i++) {
1929 if (fp->f_flag & FREVOKED) {
1930 kprintf("Warning: Removing revoked fp from unix domain socket queue\n");
1932 info->fx->f_msgcount++;
1935 info->fary[info->fcount++] = fp;
1937 if (info->fcount == REVOKE_GC_MAXFILES)
1940 if (info->fcount == REVOKE_GC_MAXFILES)
1944 if (info->fcount == REVOKE_GC_MAXFILES)
1947 lwkt_reltoken(&so->so_rcv.ssb_token);
1950 * Stop the scan if we filled up our array.
1952 if (info->fcount == REVOKE_GC_MAXFILES)
1958 * Dispose of the fp's stored in a mbuf.
1960 * The dds loop can cause additional fps to be entered onto the
1961 * list while it is running, flattening out the operation and avoiding
1962 * a deep kernel stack recursion.
1965 unp_dispose(struct mbuf *m)
1967 unp_defdiscard_t dds;
1969 lwkt_gettoken(&unp_token);
1970 ++unp_defdiscard_nest;
1972 unp_scan(m, unp_discard, NULL);
1974 if (unp_defdiscard_nest == 1) {
1975 while ((dds = unp_defdiscard_base) != NULL) {
1976 unp_defdiscard_base = dds->next;
1977 closef(dds->fp, NULL);
1978 kfree(dds, M_UNPCB);
1981 --unp_defdiscard_nest;
1982 lwkt_reltoken(&unp_token);
1986 unp_listen(struct unpcb *unp, struct thread *td)
1988 struct proc *p = td->td_proc;
1991 lwkt_gettoken(&unp_token);
1992 cru2x(p->p_ucred, &unp->unp_peercred);
1993 unp_setflags(unp, UNP_HAVEPCCACHED);
1994 lwkt_reltoken(&unp_token);
1999 unp_scan(struct mbuf *m0, void (*op)(struct file *, void *), void *data)
2008 for (m = m0; m; m = m->m_next) {
2009 if (m->m_type == MT_CONTROL &&
2010 m->m_len >= sizeof(*cm)) {
2011 cm = mtod(m, struct cmsghdr *);
2012 if (cm->cmsg_level != SOL_SOCKET ||
2013 cm->cmsg_type != SCM_RIGHTS)
2015 qfds = (cm->cmsg_len - CMSG_LEN(0)) /
2017 rp = (struct file **)CMSG_DATA(cm);
2018 for (i = 0; i < qfds; i++)
2020 break; /* XXX, but saves time */
2028 * Mark visibility. info->defer is recalculated on every pass.
2031 unp_mark(struct file *fp, void *data)
2033 struct unp_gc_info *info = data;
2035 if ((fp->f_flag & FMARK) == 0) {
2037 atomic_set_int(&fp->f_flag, FMARK | FDEFER);
2038 } else if (fp->f_flag & FDEFER) {
2044 * Discard a fp previously held in a unix domain socket mbuf. To
2045 * avoid blowing out the kernel stack due to contrived chain-reactions
2046 * we may have to defer the operation to a higher procedural level.
2048 * Caller holds unp_token
2051 unp_discard(struct file *fp, void *data __unused)
2053 unp_defdiscard_t dds;
2055 spin_lock(&unp_spin);
2058 spin_unlock(&unp_spin);
2060 if (unp_defdiscard_nest) {
2061 dds = kmalloc(sizeof(*dds), M_UNPCB, M_WAITOK|M_ZERO);
2063 dds->next = unp_defdiscard_base;
2064 unp_defdiscard_base = dds;
2071 unp_find_lockref(struct sockaddr *nam, struct thread *td, short type,
2072 struct unpcb **unp_ret)
2074 struct proc *p = td->td_proc;
2075 struct sockaddr_un *soun = (struct sockaddr_un *)nam;
2076 struct vnode *vp = NULL;
2080 struct nlookupdata nd;
2081 char buf[SOCK_MAXADDRLEN];
2085 len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
2090 strncpy(buf, soun->sun_path, len);
2093 error = nlookup_init(&nd, buf, UIO_SYSSPACE, NLC_FOLLOW);
2095 error = nlookup(&nd);
2097 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
2104 if (vp->v_type != VSOCK) {
2108 error = VOP_EACCESS(vp, VWRITE, p->p_ucred);
2113 error = ECONNREFUSED;
2116 if (so->so_type != type) {
2121 /* Lock this unp. */
2122 unp = unp_getsocktoken(so);
2123 if (!UNP_ISATTACHED(unp)) {
2125 error = ECONNREFUSED;
2128 /* And keep this unp referenced. */
2141 unp_connect_pair(struct unpcb *unp, struct unpcb *unp2)
2143 struct socket *so = unp->unp_socket;
2144 struct socket *so2 = unp2->unp_socket;
2146 ASSERT_LWKT_TOKEN_HELD(&unp_token);
2147 UNP_ASSERT_TOKEN_HELD(unp);
2148 UNP_ASSERT_TOKEN_HELD(unp2);
2150 KASSERT(so->so_type == so2->so_type,
2151 ("socket type mismatch, so %d, so2 %d", so->so_type, so2->so_type));
2153 if (!UNP_ISATTACHED(unp))
2155 if (!UNP_ISATTACHED(unp2))
2156 return ECONNREFUSED;
2158 KASSERT(unp->unp_conn == NULL, ("unp is already connected"));
2159 unp->unp_conn = unp2;
2161 switch (so->so_type) {
2163 LIST_INSERT_HEAD(&unp2->unp_refs, unp, unp_reflink);
2168 case SOCK_SEQPACKET:
2169 KASSERT(unp2->unp_conn == NULL, ("unp2 is already connected"));
2170 unp2->unp_conn = unp;
2176 panic("unp_connect_pair: unknown socket type %d", so->so_type);