2 * Copyright (c) 2005 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * Copyright (c) 1982, 1986, 1989, 1991, 1993
36 * The Regents of the University of California. All rights reserved.
37 * (c) UNIX System Laboratories, Inc.
38 * All or some portions of this file are derived from material licensed
39 * to the University of California by American Telephone and Telegraph
40 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
41 * the permission of UNIX System Laboratories, Inc.
43 * Redistribution and use in source and binary forms, with or without
44 * modification, are permitted provided that the following conditions
46 * 1. Redistributions of source code must retain the above copyright
47 * notice, this list of conditions and the following disclaimer.
48 * 2. Redistributions in binary form must reproduce the above copyright
49 * notice, this list of conditions and the following disclaimer in the
50 * documentation and/or other materials provided with the distribution.
51 * 3. Neither the name of the University nor the names of its contributors
52 * may be used to endorse or promote products derived from this software
53 * without specific prior written permission.
55 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
56 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
58 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
59 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
60 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
61 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
63 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
64 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
67 * @(#)kern_descrip.c 8.6 (Berkeley) 4/19/94
68 * $FreeBSD: src/sys/kern/kern_descrip.c,v 1.81.2.19 2004/02/28 00:43:31 tegge Exp $
71 #include "opt_compat.h"
72 #include <sys/param.h>
73 #include <sys/systm.h>
74 #include <sys/malloc.h>
75 #include <sys/sysproto.h>
77 #include <sys/device.h>
79 #include <sys/filedesc.h>
80 #include <sys/kernel.h>
81 #include <sys/sysctl.h>
82 #include <sys/vnode.h>
84 #include <sys/nlookup.h>
86 #include <sys/filio.h>
87 #include <sys/fcntl.h>
88 #include <sys/unistd.h>
89 #include <sys/resourcevar.h>
90 #include <sys/event.h>
91 #include <sys/kern_syscall.h>
92 #include <sys/kcore.h>
93 #include <sys/kinfo.h>
97 #include <vm/vm_extern.h>
99 #include <sys/thread2.h>
100 #include <sys/file2.h>
101 #include <sys/spinlock2.h>
103 static void fsetfd_locked(struct filedesc *fdp, struct file *fp, int fd);
104 static void fdreserve_locked (struct filedesc *fdp, int fd0, int incr);
105 static struct file *funsetfd_locked (struct filedesc *fdp, int fd);
106 static void ffree(struct file *fp);
108 static MALLOC_DEFINE(M_FILEDESC, "file desc", "Open file descriptor table");
109 static MALLOC_DEFINE(M_FILEDESC_TO_LEADER, "file desc to leader",
110 "file desc to leader structures");
111 MALLOC_DEFINE(M_FILE, "file", "Open file structure");
112 static MALLOC_DEFINE(M_SIGIO, "sigio", "sigio structures");
114 static struct krate krate_uidinfo = { .freq = 1 };
116 static d_open_t fdopen;
119 #define CDEV_MAJOR 22
120 static struct dev_ops fildesc_ops = {
126 * Descriptor management.
128 #ifndef NFILELIST_HEADS
129 #define NFILELIST_HEADS 257 /* primary number */
132 struct filelist_head {
133 struct spinlock spin;
134 struct filelist list;
137 static struct filelist_head filelist_heads[NFILELIST_HEADS];
139 static int nfiles; /* actual number of open files */
142 struct lwkt_token revoke_token = LWKT_TOKEN_INITIALIZER(revoke_token);
145 * Fixup fd_freefile and fd_lastfile after a descriptor has been cleared.
147 * must be called with fdp->fd_spin exclusively held
151 fdfixup_locked(struct filedesc *fdp, int fd)
153 if (fd < fdp->fd_freefile) {
154 fdp->fd_freefile = fd;
156 while (fdp->fd_lastfile >= 0 &&
157 fdp->fd_files[fdp->fd_lastfile].fp == NULL &&
158 fdp->fd_files[fdp->fd_lastfile].reserved == 0
164 static __inline struct filelist_head *
165 fp2filelist(const struct file *fp)
169 i = (u_int)(uintptr_t)fp % NFILELIST_HEADS;
170 return &filelist_heads[i];
174 * System calls on descriptors.
177 sys_getdtablesize(struct getdtablesize_args *uap)
179 struct proc *p = curproc;
180 struct plimit *limit = p->p_limit;
183 spin_lock(&limit->p_spin);
184 if (limit->pl_rlimit[RLIMIT_NOFILE].rlim_cur > INT_MAX)
187 dtsize = (int)limit->pl_rlimit[RLIMIT_NOFILE].rlim_cur;
188 spin_unlock(&limit->p_spin);
190 if (dtsize > maxfilesperproc)
191 dtsize = maxfilesperproc;
192 if (dtsize < minfilesperproc)
193 dtsize = minfilesperproc;
194 if (p->p_ucred->cr_uid && dtsize > maxfilesperuser)
195 dtsize = maxfilesperuser;
196 uap->sysmsg_result = dtsize;
201 * Duplicate a file descriptor to a particular value.
203 * note: keep in mind that a potential race condition exists when closing
204 * descriptors from a shared descriptor table (via rfork).
207 sys_dup2(struct dup2_args *uap)
212 error = kern_dup(DUP_FIXED, uap->from, uap->to, &fd);
213 uap->sysmsg_fds[0] = fd;
219 * Duplicate a file descriptor.
222 sys_dup(struct dup_args *uap)
227 error = kern_dup(DUP_VARIABLE, uap->fd, 0, &fd);
228 uap->sysmsg_fds[0] = fd;
234 * MPALMOSTSAFE - acquires mplock for fp operations
237 kern_fcntl(int fd, int cmd, union fcntl_dat *dat, struct ucred *cred)
239 struct thread *td = curthread;
240 struct proc *p = td->td_proc;
246 int tmp, error, flg = F_POSIX;
251 * Operations on file descriptors that do not require a file pointer.
255 error = fgetfdflags(p->p_fd, fd, &tmp);
257 dat->fc_cloexec = (tmp & UF_EXCLOSE) ? FD_CLOEXEC : 0;
261 if (dat->fc_cloexec & FD_CLOEXEC)
262 error = fsetfdflags(p->p_fd, fd, UF_EXCLOSE);
264 error = fclrfdflags(p->p_fd, fd, UF_EXCLOSE);
268 error = kern_dup(DUP_VARIABLE | DUP_FCNTL, fd, newmin,
271 case F_DUPFD_CLOEXEC:
273 error = kern_dup(DUP_VARIABLE | DUP_CLOEXEC | DUP_FCNTL,
274 fd, newmin, &dat->fc_fd);
278 error = kern_dup(DUP_FIXED, fd, newmin, &dat->fc_fd);
280 case F_DUP2FD_CLOEXEC:
282 error = kern_dup(DUP_FIXED | DUP_CLOEXEC, fd, newmin,
290 * Operations on file pointers
292 if ((fp = holdfp(p->p_fd, fd, -1)) == NULL)
297 dat->fc_flags = OFLAGS(fp->f_flag);
303 nflags = FFLAGS(dat->fc_flags & ~O_ACCMODE) & FCNTLFLAGS;
304 nflags |= oflags & ~FCNTLFLAGS;
307 if (((nflags ^ oflags) & O_APPEND) && (oflags & FAPPENDONLY))
309 if (error == 0 && ((nflags ^ oflags) & FASYNC)) {
310 tmp = nflags & FASYNC;
311 error = fo_ioctl(fp, FIOASYNC, (caddr_t)&tmp,
316 * If no error, must be atomically set.
321 nflags = (oflags & ~FCNTLFLAGS) | (nflags & FCNTLFLAGS);
322 if (atomic_cmpset_int(&fp->f_flag, oflags, nflags))
329 error = fo_ioctl(fp, FIOGETOWN, (caddr_t)&dat->fc_owner,
334 error = fo_ioctl(fp, FIOSETOWN, (caddr_t)&dat->fc_owner,
340 /* Fall into F_SETLK */
343 if (fp->f_type != DTYPE_VNODE) {
347 vp = (struct vnode *)fp->f_data;
350 * copyin/lockop may block
352 if (dat->fc_flock.l_whence == SEEK_CUR)
353 dat->fc_flock.l_start += fp->f_offset;
355 switch (dat->fc_flock.l_type) {
357 if ((fp->f_flag & FREAD) == 0) {
361 if ((p->p_leader->p_flags & P_ADVLOCK) == 0) {
362 lwkt_gettoken(&p->p_leader->p_token);
363 p->p_leader->p_flags |= P_ADVLOCK;
364 lwkt_reltoken(&p->p_leader->p_token);
366 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_SETLK,
367 &dat->fc_flock, flg);
370 if ((fp->f_flag & FWRITE) == 0) {
374 if ((p->p_leader->p_flags & P_ADVLOCK) == 0) {
375 lwkt_gettoken(&p->p_leader->p_token);
376 p->p_leader->p_flags |= P_ADVLOCK;
377 lwkt_reltoken(&p->p_leader->p_token);
379 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_SETLK,
380 &dat->fc_flock, flg);
383 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_UNLCK,
384 &dat->fc_flock, F_POSIX);
392 * It is possible to race a close() on the descriptor while
393 * we were blocked getting the lock. If this occurs the
394 * close might not have caught the lock.
396 if (checkfdclosed(p->p_fd, fd, fp)) {
397 dat->fc_flock.l_whence = SEEK_SET;
398 dat->fc_flock.l_start = 0;
399 dat->fc_flock.l_len = 0;
400 dat->fc_flock.l_type = F_UNLCK;
401 (void) VOP_ADVLOCK(vp, (caddr_t)p->p_leader,
402 F_UNLCK, &dat->fc_flock, F_POSIX);
407 if (fp->f_type != DTYPE_VNODE) {
411 vp = (struct vnode *)fp->f_data;
413 * copyin/lockop may block
415 if (dat->fc_flock.l_type != F_RDLCK &&
416 dat->fc_flock.l_type != F_WRLCK &&
417 dat->fc_flock.l_type != F_UNLCK) {
421 if (dat->fc_flock.l_whence == SEEK_CUR)
422 dat->fc_flock.l_start += fp->f_offset;
423 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_GETLK,
424 &dat->fc_flock, F_POSIX);
436 * The file control system call.
439 sys_fcntl(struct fcntl_args *uap)
447 case F_DUPFD_CLOEXEC:
448 case F_DUP2FD_CLOEXEC:
449 dat.fc_fd = uap->arg;
452 dat.fc_cloexec = uap->arg;
455 dat.fc_flags = uap->arg;
458 dat.fc_owner = uap->arg;
463 error = copyin((caddr_t)uap->arg, &dat.fc_flock,
464 sizeof(struct flock));
470 error = kern_fcntl(uap->fd, uap->cmd, &dat, curthread->td_ucred);
476 case F_DUPFD_CLOEXEC:
477 case F_DUP2FD_CLOEXEC:
478 uap->sysmsg_result = dat.fc_fd;
481 uap->sysmsg_result = dat.fc_cloexec;
484 uap->sysmsg_result = dat.fc_flags;
487 uap->sysmsg_result = dat.fc_owner;
490 error = copyout(&dat.fc_flock, (caddr_t)uap->arg,
491 sizeof(struct flock));
500 * Common code for dup, dup2, and fcntl(F_DUPFD).
502 * There are four type flags: DUP_FCNTL, DUP_FIXED, DUP_VARIABLE, and
505 * DUP_FCNTL is for handling EINVAL vs. EBADF differences between
506 * fcntl()'s F_DUPFD and F_DUPFD_CLOEXEC and dup2() (per POSIX).
507 * The next two flags are mutually exclusive, and the fourth is optional.
508 * DUP_FIXED tells kern_dup() to destructively dup over an existing file
509 * descriptor if "new" is already open. DUP_VARIABLE tells kern_dup()
510 * to find the lowest unused file descriptor that is greater than or
511 * equal to "new". DUP_CLOEXEC, which works with either of the first
512 * two flags, sets the close-on-exec flag on the "new" file descriptor.
515 kern_dup(int flags, int old, int new, int *res)
517 struct thread *td = curthread;
518 struct proc *p = td->td_proc;
519 struct filedesc *fdp = p->p_fd;
528 * Verify that we have a valid descriptor to dup from and
529 * possibly to dup to. When the new descriptor is out of
530 * bounds, fcntl()'s F_DUPFD and F_DUPFD_CLOEXEC must
531 * return EINVAL, while dup2() returns EBADF in
534 * NOTE: maxfilesperuser is not applicable to dup()
537 if (p->p_rlimit[RLIMIT_NOFILE].rlim_cur > INT_MAX)
540 dtsize = (int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur;
541 if (dtsize > maxfilesperproc)
542 dtsize = maxfilesperproc;
543 if (dtsize < minfilesperproc)
544 dtsize = minfilesperproc;
546 if (new < 0 || new > dtsize)
547 return (flags & DUP_FCNTL ? EINVAL : EBADF);
549 spin_lock(&fdp->fd_spin);
550 if ((unsigned)old >= fdp->fd_nfiles || fdp->fd_files[old].fp == NULL) {
551 spin_unlock(&fdp->fd_spin);
554 if ((flags & DUP_FIXED) && old == new) {
556 if (flags & DUP_CLOEXEC)
557 fdp->fd_files[new].fileflags |= UF_EXCLOSE;
558 spin_unlock(&fdp->fd_spin);
561 fp = fdp->fd_files[old].fp;
562 oldflags = fdp->fd_files[old].fileflags;
566 * Allocate a new descriptor if DUP_VARIABLE, or expand the table
567 * if the requested descriptor is beyond the current table size.
569 * This can block. Retry if the source descriptor no longer matches
570 * or if our expectation in the expansion case races.
572 * If we are not expanding or allocating a new decriptor, then reset
573 * the target descriptor to a reserved state so we have a uniform
574 * setup for the next code block.
576 if ((flags & DUP_VARIABLE) || new >= fdp->fd_nfiles) {
577 spin_unlock(&fdp->fd_spin);
578 error = fdalloc(p, new, &newfd);
579 spin_lock(&fdp->fd_spin);
581 spin_unlock(&fdp->fd_spin);
588 if (old >= fdp->fd_nfiles || fdp->fd_files[old].fp != fp) {
589 fsetfd_locked(fdp, NULL, newfd);
590 spin_unlock(&fdp->fd_spin);
595 * Check for expansion race
597 if ((flags & DUP_VARIABLE) == 0 && new != newfd) {
598 fsetfd_locked(fdp, NULL, newfd);
599 spin_unlock(&fdp->fd_spin);
604 * Check for ripout, newfd reused old (this case probably
608 fsetfd_locked(fdp, NULL, newfd);
609 spin_unlock(&fdp->fd_spin);
616 if (fdp->fd_files[new].reserved) {
617 spin_unlock(&fdp->fd_spin);
619 kprintf("Warning: dup(): target descriptor %d is reserved, waiting for it to be resolved\n", new);
620 tsleep(fdp, 0, "fdres", hz);
625 * If the target descriptor was never allocated we have
626 * to allocate it. If it was we have to clean out the
627 * old descriptor. delfp inherits the ref from the
630 delfp = fdp->fd_files[new].fp;
631 fdp->fd_files[new].fp = NULL;
632 fdp->fd_files[new].reserved = 1;
634 fdreserve_locked(fdp, new, 1);
635 if (new > fdp->fd_lastfile)
636 fdp->fd_lastfile = new;
642 * NOTE: still holding an exclusive spinlock
646 * If a descriptor is being overwritten we may hve to tell
647 * fdfree() to sleep to ensure that all relevant process
648 * leaders can be traversed in closef().
650 if (delfp != NULL && p->p_fdtol != NULL) {
651 fdp->fd_holdleaderscount++;
656 KASSERT(delfp == NULL || (flags & DUP_FIXED),
657 ("dup() picked an open file"));
660 * Duplicate the source descriptor, update lastfile. If the new
661 * descriptor was not allocated and we aren't replacing an existing
662 * descriptor we have to mark the descriptor as being in use.
664 * The fd_files[] array inherits fp's hold reference.
666 fsetfd_locked(fdp, fp, new);
667 if ((flags & DUP_CLOEXEC) != 0)
668 fdp->fd_files[new].fileflags = oldflags | UF_EXCLOSE;
670 fdp->fd_files[new].fileflags = oldflags & ~UF_EXCLOSE;
671 spin_unlock(&fdp->fd_spin);
676 * If we dup'd over a valid file, we now own the reference to it
677 * and must dispose of it using closef() semantics (as if a
678 * close() were performed on it).
681 if (SLIST_FIRST(&delfp->f_klist))
682 knote_fdclose(delfp, fdp, new);
685 spin_lock(&fdp->fd_spin);
686 fdp->fd_holdleaderscount--;
687 if (fdp->fd_holdleaderscount == 0 &&
688 fdp->fd_holdleaderswakeup != 0) {
689 fdp->fd_holdleaderswakeup = 0;
690 spin_unlock(&fdp->fd_spin);
691 wakeup(&fdp->fd_holdleaderscount);
693 spin_unlock(&fdp->fd_spin);
701 * If sigio is on the list associated with a process or process group,
702 * disable signalling from the device, remove sigio from the list and
706 funsetown(struct sigio **sigiop)
712 if ((sigio = *sigiop) != NULL) {
713 lwkt_gettoken(&sigio_token); /* protect sigio */
714 KKASSERT(sigiop == sigio->sio_myref);
717 lwkt_reltoken(&sigio_token);
722 if (sigio->sio_pgid < 0) {
723 pgrp = sigio->sio_pgrp;
724 sigio->sio_pgrp = NULL;
725 lwkt_gettoken(&pgrp->pg_token);
726 SLIST_REMOVE(&pgrp->pg_sigiolst, sigio, sigio, sio_pgsigio);
727 lwkt_reltoken(&pgrp->pg_token);
729 } else /* if ((*sigiop)->sio_pgid > 0) */ {
731 sigio->sio_proc = NULL;
733 lwkt_gettoken(&p->p_token);
734 SLIST_REMOVE(&p->p_sigiolst, sigio, sigio, sio_pgsigio);
735 lwkt_reltoken(&p->p_token);
738 crfree(sigio->sio_ucred);
739 sigio->sio_ucred = NULL;
740 kfree(sigio, M_SIGIO);
744 * Free a list of sigio structures. Caller is responsible for ensuring
745 * that the list is MPSAFE.
748 funsetownlst(struct sigiolst *sigiolst)
752 while ((sigio = SLIST_FIRST(sigiolst)) != NULL)
753 funsetown(sigio->sio_myref);
757 * This is common code for FIOSETOWN ioctl called by fcntl(fd, F_SETOWN, arg).
759 * After permission checking, add a sigio structure to the sigio list for
760 * the process or process group.
763 fsetown(pid_t pgid, struct sigio **sigiop)
765 struct proc *proc = NULL;
766 struct pgrp *pgrp = NULL;
783 * Policy - Don't allow a process to FSETOWN a process
784 * in another session.
786 * Remove this test to allow maximum flexibility or
787 * restrict FSETOWN to the current process or process
788 * group for maximum safety.
790 if (proc->p_session != curproc->p_session) {
794 } else /* if (pgid < 0) */ {
795 pgrp = pgfind(-pgid);
802 * Policy - Don't allow a process to FSETOWN a process
803 * in another session.
805 * Remove this test to allow maximum flexibility or
806 * restrict FSETOWN to the current process or process
807 * group for maximum safety.
809 if (pgrp->pg_session != curproc->p_session) {
814 sigio = kmalloc(sizeof(struct sigio), M_SIGIO, M_WAITOK | M_ZERO);
816 KKASSERT(pgrp == NULL);
817 lwkt_gettoken(&proc->p_token);
818 SLIST_INSERT_HEAD(&proc->p_sigiolst, sigio, sio_pgsigio);
819 sigio->sio_proc = proc;
820 lwkt_reltoken(&proc->p_token);
822 KKASSERT(proc == NULL);
823 lwkt_gettoken(&pgrp->pg_token);
824 SLIST_INSERT_HEAD(&pgrp->pg_sigiolst, sigio, sio_pgsigio);
825 sigio->sio_pgrp = pgrp;
826 lwkt_reltoken(&pgrp->pg_token);
829 sigio->sio_pgid = pgid;
830 sigio->sio_ucred = crhold(curthread->td_ucred);
831 /* It would be convenient if p_ruid was in ucred. */
832 sigio->sio_ruid = sigio->sio_ucred->cr_ruid;
833 sigio->sio_myref = sigiop;
835 lwkt_gettoken(&sigio_token);
839 lwkt_reltoken(&sigio_token);
850 * This is common code for FIOGETOWN ioctl called by fcntl(fd, F_GETOWN, arg).
853 fgetown(struct sigio **sigiop)
858 lwkt_gettoken_shared(&sigio_token);
860 own = (sigio != NULL ? sigio->sio_pgid : 0);
861 lwkt_reltoken(&sigio_token);
867 * Close many file descriptors.
870 sys_closefrom(struct closefrom_args *uap)
872 return(kern_closefrom(uap->fd));
876 * Close all file descriptors greater then or equal to fd
879 kern_closefrom(int fd)
881 struct thread *td = curthread;
882 struct proc *p = td->td_proc;
883 struct filedesc *fdp;
892 * NOTE: This function will skip unassociated descriptors and
893 * reserved descriptors that have not yet been assigned.
894 * fd_lastfile can change as a side effect of kern_close().
896 spin_lock(&fdp->fd_spin);
897 while (fd <= fdp->fd_lastfile) {
898 if (fdp->fd_files[fd].fp != NULL) {
899 spin_unlock(&fdp->fd_spin);
900 /* ok if this races another close */
901 if (kern_close(fd) == EINTR)
903 spin_lock(&fdp->fd_spin);
907 spin_unlock(&fdp->fd_spin);
912 * Close a file descriptor.
915 sys_close(struct close_args *uap)
917 return(kern_close(uap->fd));
926 struct thread *td = curthread;
927 struct proc *p = td->td_proc;
928 struct filedesc *fdp;
936 spin_lock(&fdp->fd_spin);
937 if ((fp = funsetfd_locked(fdp, fd)) == NULL) {
938 spin_unlock(&fdp->fd_spin);
942 if (p->p_fdtol != NULL) {
944 * Ask fdfree() to sleep to ensure that all relevant
945 * process leaders can be traversed in closef().
947 fdp->fd_holdleaderscount++;
952 * we now hold the fp reference that used to be owned by the descriptor
955 spin_unlock(&fdp->fd_spin);
956 if (SLIST_FIRST(&fp->f_klist))
957 knote_fdclose(fp, fdp, fd);
958 error = closef(fp, p);
960 spin_lock(&fdp->fd_spin);
961 fdp->fd_holdleaderscount--;
962 if (fdp->fd_holdleaderscount == 0 &&
963 fdp->fd_holdleaderswakeup != 0) {
964 fdp->fd_holdleaderswakeup = 0;
965 spin_unlock(&fdp->fd_spin);
966 wakeup(&fdp->fd_holdleaderscount);
968 spin_unlock(&fdp->fd_spin);
975 * shutdown_args(int fd, int how)
978 kern_shutdown(int fd, int how)
980 struct thread *td = curthread;
981 struct proc *p = td->td_proc;
987 if ((fp = holdfp(p->p_fd, fd, -1)) == NULL)
989 error = fo_shutdown(fp, how);
999 sys_shutdown(struct shutdown_args *uap)
1003 error = kern_shutdown(uap->s, uap->how);
1012 kern_fstat(int fd, struct stat *ub)
1014 struct thread *td = curthread;
1015 struct proc *p = td->td_proc;
1021 if ((fp = holdfp(p->p_fd, fd, -1)) == NULL)
1023 error = fo_stat(fp, ub, td->td_ucred);
1030 * Return status information about a file descriptor.
1033 sys_fstat(struct fstat_args *uap)
1038 error = kern_fstat(uap->fd, &st);
1041 error = copyout(&st, uap->sb, sizeof(st));
1046 * Return pathconf information about a file descriptor.
1051 sys_fpathconf(struct fpathconf_args *uap)
1053 struct thread *td = curthread;
1054 struct proc *p = td->td_proc;
1059 if ((fp = holdfp(p->p_fd, uap->fd, -1)) == NULL)
1062 switch (fp->f_type) {
1065 if (uap->name != _PC_PIPE_BUF) {
1068 uap->sysmsg_result = PIPE_BUF;
1074 vp = (struct vnode *)fp->f_data;
1075 error = VOP_PATHCONF(vp, uap->name, &uap->sysmsg_reg);
1085 static int fdexpand;
1086 SYSCTL_INT(_debug, OID_AUTO, fdexpand, CTLFLAG_RD, &fdexpand, 0,
1087 "Number of times a file table has been expanded");
1090 * Grow the file table so it can hold through descriptor (want).
1092 * The fdp's spinlock must be held exclusively on entry and may be held
1093 * exclusively on return. The spinlock may be cycled by the routine.
1096 fdgrow_locked(struct filedesc *fdp, int want)
1098 struct fdnode *newfiles;
1099 struct fdnode *oldfiles;
1102 nf = fdp->fd_nfiles;
1104 /* nf has to be of the form 2^n - 1 */
1106 } while (nf <= want);
1108 spin_unlock(&fdp->fd_spin);
1109 newfiles = kmalloc(nf * sizeof(struct fdnode), M_FILEDESC, M_WAITOK);
1110 spin_lock(&fdp->fd_spin);
1113 * We could have raced another extend while we were not holding
1116 if (fdp->fd_nfiles >= nf) {
1117 spin_unlock(&fdp->fd_spin);
1118 kfree(newfiles, M_FILEDESC);
1119 spin_lock(&fdp->fd_spin);
1123 * Copy the existing ofile and ofileflags arrays
1124 * and zero the new portion of each array.
1126 extra = nf - fdp->fd_nfiles;
1127 bcopy(fdp->fd_files, newfiles, fdp->fd_nfiles * sizeof(struct fdnode));
1128 bzero(&newfiles[fdp->fd_nfiles], extra * sizeof(struct fdnode));
1130 oldfiles = fdp->fd_files;
1131 fdp->fd_files = newfiles;
1132 fdp->fd_nfiles = nf;
1134 if (oldfiles != fdp->fd_builtin_files) {
1135 spin_unlock(&fdp->fd_spin);
1136 kfree(oldfiles, M_FILEDESC);
1137 spin_lock(&fdp->fd_spin);
1143 * Number of nodes in right subtree, including the root.
1146 right_subtree_size(int n)
1148 return (n ^ (n | (n + 1)));
1155 right_ancestor(int n)
1157 return (n | (n + 1));
1164 left_ancestor(int n)
1166 return ((n & (n + 1)) - 1);
1170 * Traverse the in-place binary tree buttom-up adjusting the allocation
1171 * count so scans can determine where free descriptors are located.
1173 * caller must be holding an exclusive spinlock on fdp
1177 fdreserve_locked(struct filedesc *fdp, int fd, int incr)
1180 fdp->fd_files[fd].allocated += incr;
1181 KKASSERT(fdp->fd_files[fd].allocated >= 0);
1182 fd = left_ancestor(fd);
1187 * Reserve a file descriptor for the process. If no error occurs, the
1188 * caller MUST at some point call fsetfd() or assign a file pointer
1189 * or dispose of the reservation.
1192 fdalloc(struct proc *p, int want, int *result)
1194 struct filedesc *fdp = p->p_fd;
1195 struct uidinfo *uip;
1196 int fd, rsize, rsum, node, lim;
1199 * Check dtable size limit
1201 spin_lock(&p->p_limit->p_spin);
1202 if (p->p_rlimit[RLIMIT_NOFILE].rlim_cur > INT_MAX)
1205 lim = (int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur;
1206 spin_unlock(&p->p_limit->p_spin);
1208 if (lim > maxfilesperproc)
1209 lim = maxfilesperproc;
1210 if (lim < minfilesperproc)
1211 lim = minfilesperproc;
1216 * Check that the user has not run out of descriptors (non-root only).
1217 * As a safety measure the dtable is allowed to have at least
1218 * minfilesperproc open fds regardless of the maxfilesperuser limit.
1220 if (p->p_ucred->cr_uid && fdp->fd_nfiles >= minfilesperproc) {
1221 uip = p->p_ucred->cr_uidinfo;
1222 if (uip->ui_openfiles > maxfilesperuser) {
1223 krateprintf(&krate_uidinfo,
1224 "Warning: user %d pid %d (%s) ran out of "
1225 "file descriptors (%d/%d)\n",
1226 p->p_ucred->cr_uid, (int)p->p_pid,
1228 uip->ui_openfiles, maxfilesperuser);
1234 * Grow the dtable if necessary
1236 spin_lock(&fdp->fd_spin);
1237 if (want >= fdp->fd_nfiles)
1238 fdgrow_locked(fdp, want);
1241 * Search for a free descriptor starting at the higher
1242 * of want or fd_freefile. If that fails, consider
1243 * expanding the ofile array.
1245 * NOTE! the 'allocated' field is a cumulative recursive allocation
1246 * count. If we happen to see a value of 0 then we can shortcut
1247 * our search. Otherwise we run through through the tree going
1248 * down branches we know have free descriptor(s) until we hit a
1249 * leaf node. The leaf node will be free but will not necessarily
1250 * have an allocated field of 0.
1253 /* move up the tree looking for a subtree with a free node */
1254 for (fd = max(want, fdp->fd_freefile); fd < min(fdp->fd_nfiles, lim);
1255 fd = right_ancestor(fd)) {
1256 if (fdp->fd_files[fd].allocated == 0)
1259 rsize = right_subtree_size(fd);
1260 if (fdp->fd_files[fd].allocated == rsize)
1261 continue; /* right subtree full */
1264 * Free fd is in the right subtree of the tree rooted at fd.
1265 * Call that subtree R. Look for the smallest (leftmost)
1266 * subtree of R with an unallocated fd: continue moving
1267 * down the left branch until encountering a full left
1268 * subtree, then move to the right.
1270 for (rsum = 0, rsize /= 2; rsize > 0; rsize /= 2) {
1272 rsum += fdp->fd_files[node].allocated;
1273 if (fdp->fd_files[fd].allocated == rsum + rsize) {
1274 fd = node; /* move to the right */
1275 if (fdp->fd_files[node].allocated == 0)
1284 * No space in current array. Expand?
1286 if (fdp->fd_nfiles >= lim) {
1287 spin_unlock(&fdp->fd_spin);
1290 fdgrow_locked(fdp, want);
1294 KKASSERT(fd < fdp->fd_nfiles);
1295 if (fd > fdp->fd_lastfile)
1296 fdp->fd_lastfile = fd;
1297 if (want <= fdp->fd_freefile)
1298 fdp->fd_freefile = fd;
1300 KKASSERT(fdp->fd_files[fd].fp == NULL);
1301 KKASSERT(fdp->fd_files[fd].reserved == 0);
1302 fdp->fd_files[fd].fileflags = 0;
1303 fdp->fd_files[fd].reserved = 1;
1304 fdreserve_locked(fdp, fd, 1);
1305 spin_unlock(&fdp->fd_spin);
1310 * Check to see whether n user file descriptors
1311 * are available to the process p.
1314 fdavail(struct proc *p, int n)
1316 struct filedesc *fdp = p->p_fd;
1317 struct fdnode *fdnode;
1320 spin_lock(&p->p_limit->p_spin);
1321 if (p->p_rlimit[RLIMIT_NOFILE].rlim_cur > INT_MAX)
1324 lim = (int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur;
1325 spin_unlock(&p->p_limit->p_spin);
1327 if (lim > maxfilesperproc)
1328 lim = maxfilesperproc;
1329 if (lim < minfilesperproc)
1330 lim = minfilesperproc;
1332 spin_lock(&fdp->fd_spin);
1333 if ((i = lim - fdp->fd_nfiles) > 0 && (n -= i) <= 0) {
1334 spin_unlock(&fdp->fd_spin);
1337 last = min(fdp->fd_nfiles, lim);
1338 fdnode = &fdp->fd_files[fdp->fd_freefile];
1339 for (i = last - fdp->fd_freefile; --i >= 0; ++fdnode) {
1340 if (fdnode->fp == NULL && --n <= 0) {
1341 spin_unlock(&fdp->fd_spin);
1345 spin_unlock(&fdp->fd_spin);
1350 * Revoke open descriptors referencing (f_data, f_type)
1352 * Any revoke executed within a prison is only able to
1353 * revoke descriptors for processes within that prison.
1355 * Returns 0 on success or an error code.
1357 struct fdrevoke_info {
1366 static int fdrevoke_check_callback(struct file *fp, void *vinfo);
1367 static int fdrevoke_proc_callback(struct proc *p, void *vinfo);
1370 fdrevoke(void *f_data, short f_type, struct ucred *cred)
1372 struct fdrevoke_info info;
1375 bzero(&info, sizeof(info));
1379 error = falloc(NULL, &info.nfp, NULL);
1384 * Scan the file pointer table once. dups do not dup file pointers,
1385 * only descriptors, so there is no leak. Set FREVOKED on the fps
1388 * Any fps sent over unix-domain sockets will be revoked by the
1389 * socket code checking for FREVOKED when the fps are externialized.
1390 * revoke_token is used to make sure that fps marked FREVOKED and
1391 * externalized will be picked up by the following allproc_scan().
1393 lwkt_gettoken(&revoke_token);
1394 allfiles_scan_exclusive(fdrevoke_check_callback, &info);
1395 lwkt_reltoken(&revoke_token);
1398 * If any fps were marked track down the related descriptors
1399 * and close them. Any dup()s at this point will notice
1400 * the FREVOKED already set in the fp and do the right thing.
1403 allproc_scan(fdrevoke_proc_callback, &info);
1409 * Locate matching file pointers directly.
1411 * WARNING: allfiles_scan_exclusive() holds a spinlock through these calls!
1414 fdrevoke_check_callback(struct file *fp, void *vinfo)
1416 struct fdrevoke_info *info = vinfo;
1419 * File pointers already flagged for revokation are skipped.
1421 if (fp->f_flag & FREVOKED)
1425 * If revoking from a prison file pointers created outside of
1426 * that prison, or file pointers without creds, cannot be revoked.
1428 if (info->cred->cr_prison &&
1429 (fp->f_cred == NULL ||
1430 info->cred->cr_prison != fp->f_cred->cr_prison)) {
1435 * If the file pointer matches then mark it for revocation. The
1436 * flag is currently only used by unp_revoke_gc().
1438 * info->found is a heuristic and can race in a SMP environment.
1440 if (info->data == fp->f_data && info->type == fp->f_type) {
1441 atomic_set_int(&fp->f_flag, FREVOKED);
1448 * Locate matching file pointers via process descriptor tables.
1451 fdrevoke_proc_callback(struct proc *p, void *vinfo)
1453 struct fdrevoke_info *info = vinfo;
1454 struct filedesc *fdp;
1458 if (p->p_stat == SIDL || p->p_stat == SZOMB)
1460 if (info->cred->cr_prison &&
1461 info->cred->cr_prison != p->p_ucred->cr_prison) {
1466 * If the controlling terminal of the process matches the
1467 * vnode being revoked we clear the controlling terminal.
1469 * The normal spec_close() may not catch this because it
1470 * uses curproc instead of p.
1472 if (p->p_session && info->type == DTYPE_VNODE &&
1473 info->data == p->p_session->s_ttyvp) {
1474 p->p_session->s_ttyvp = NULL;
1479 * Softref the fdp to prevent it from being destroyed
1481 spin_lock(&p->p_spin);
1482 if ((fdp = p->p_fd) == NULL) {
1483 spin_unlock(&p->p_spin);
1486 atomic_add_int(&fdp->fd_softrefs, 1);
1487 spin_unlock(&p->p_spin);
1490 * Locate and close any matching file descriptors.
1492 spin_lock(&fdp->fd_spin);
1493 for (n = 0; n < fdp->fd_nfiles; ++n) {
1494 if ((fp = fdp->fd_files[n].fp) == NULL)
1496 if (fp->f_flag & FREVOKED) {
1498 fdp->fd_files[n].fp = info->nfp;
1499 spin_unlock(&fdp->fd_spin);
1500 knote_fdclose(fp, fdp, n); /* XXX */
1502 spin_lock(&fdp->fd_spin);
1505 spin_unlock(&fdp->fd_spin);
1506 atomic_subtract_int(&fdp->fd_softrefs, 1);
1512 * Create a new open file structure and reserve a file decriptor
1513 * for the process that refers to it.
1515 * Root creds are checked using lp, or assumed if lp is NULL. If
1516 * resultfd is non-NULL then lp must also be non-NULL. No file
1517 * descriptor is reserved (and no process context is needed) if
1520 * A file pointer with a refcount of 1 is returned. Note that the
1521 * file pointer is NOT associated with the descriptor. If falloc
1522 * returns success, fsetfd() MUST be called to either associate the
1523 * file pointer or clear the reservation.
1526 falloc(struct lwp *lp, struct file **resultfp, int *resultfd)
1528 static struct timeval lastfail;
1530 struct filelist_head *head;
1532 struct ucred *cred = lp ? lp->lwp_thread->td_ucred : proc0.p_ucred;
1538 * Handle filetable full issues and root overfill.
1540 if (nfiles >= maxfiles - maxfilesrootres &&
1541 (cred->cr_ruid != 0 || nfiles >= maxfiles)) {
1542 if (ppsratecheck(&lastfail, &curfail, 1)) {
1543 kprintf("kern.maxfiles limit exceeded by uid %d, "
1544 "please see tuning(7).\n",
1552 * Allocate a new file descriptor.
1554 fp = kmalloc(sizeof(struct file), M_FILE, M_WAITOK | M_ZERO);
1555 spin_init(&fp->f_spin, "falloc");
1556 SLIST_INIT(&fp->f_klist);
1558 fp->f_ops = &badfileops;
1561 atomic_add_int(&nfiles, 1);
1563 head = fp2filelist(fp);
1564 spin_lock(&head->spin);
1565 LIST_INSERT_HEAD(&head->list, fp, f_list);
1566 spin_unlock(&head->spin);
1569 if ((error = fdalloc(lp->lwp_proc, 0, resultfd)) != 0) {
1582 * Check for races against a file descriptor by determining that the
1583 * file pointer is still associated with the specified file descriptor,
1584 * and a close is not currently in progress.
1587 checkfdclosed(struct filedesc *fdp, int fd, struct file *fp)
1591 spin_lock_shared(&fdp->fd_spin);
1592 if ((unsigned)fd >= fdp->fd_nfiles || fp != fdp->fd_files[fd].fp)
1596 spin_unlock_shared(&fdp->fd_spin);
1601 * Associate a file pointer with a previously reserved file descriptor.
1602 * This function always succeeds.
1604 * If fp is NULL, the file descriptor is returned to the pool.
1608 * (exclusive spinlock must be held on call)
1611 fsetfd_locked(struct filedesc *fdp, struct file *fp, int fd)
1613 KKASSERT((unsigned)fd < fdp->fd_nfiles);
1614 KKASSERT(fdp->fd_files[fd].reserved != 0);
1617 fdp->fd_files[fd].fp = fp;
1618 fdp->fd_files[fd].reserved = 0;
1620 fdp->fd_files[fd].reserved = 0;
1621 fdreserve_locked(fdp, fd, -1);
1622 fdfixup_locked(fdp, fd);
1627 fsetfd(struct filedesc *fdp, struct file *fp, int fd)
1629 spin_lock(&fdp->fd_spin);
1630 fsetfd_locked(fdp, fp, fd);
1631 spin_unlock(&fdp->fd_spin);
1635 * (exclusive spinlock must be held on call)
1639 funsetfd_locked(struct filedesc *fdp, int fd)
1643 if ((unsigned)fd >= fdp->fd_nfiles)
1645 if ((fp = fdp->fd_files[fd].fp) == NULL)
1647 fdp->fd_files[fd].fp = NULL;
1648 fdp->fd_files[fd].fileflags = 0;
1650 fdreserve_locked(fdp, fd, -1);
1651 fdfixup_locked(fdp, fd);
1656 * WARNING: May not be called before initial fsetfd().
1659 fgetfdflags(struct filedesc *fdp, int fd, int *flagsp)
1663 spin_lock(&fdp->fd_spin);
1664 if (((u_int)fd) >= fdp->fd_nfiles) {
1666 } else if (fdp->fd_files[fd].fp == NULL) {
1669 *flagsp = fdp->fd_files[fd].fileflags;
1672 spin_unlock(&fdp->fd_spin);
1677 * WARNING: May not be called before initial fsetfd().
1680 fsetfdflags(struct filedesc *fdp, int fd, int add_flags)
1684 spin_lock(&fdp->fd_spin);
1685 if (((u_int)fd) >= fdp->fd_nfiles) {
1687 } else if (fdp->fd_files[fd].fp == NULL) {
1690 fdp->fd_files[fd].fileflags |= add_flags;
1693 spin_unlock(&fdp->fd_spin);
1698 * WARNING: May not be called before initial fsetfd().
1701 fclrfdflags(struct filedesc *fdp, int fd, int rem_flags)
1705 spin_lock(&fdp->fd_spin);
1706 if (((u_int)fd) >= fdp->fd_nfiles) {
1708 } else if (fdp->fd_files[fd].fp == NULL) {
1711 fdp->fd_files[fd].fileflags &= ~rem_flags;
1714 spin_unlock(&fdp->fd_spin);
1719 * Set/Change/Clear the creds for a fp and synchronize the uidinfo.
1722 fsetcred(struct file *fp, struct ucred *ncr)
1725 struct uidinfo *uip;
1728 if (ocr == NULL || ncr == NULL || ocr->cr_uidinfo != ncr->cr_uidinfo) {
1730 uip = ocr->cr_uidinfo;
1731 atomic_add_int(&uip->ui_openfiles, -1);
1734 uip = ncr->cr_uidinfo;
1735 atomic_add_int(&uip->ui_openfiles, 1);
1746 * Free a file descriptor.
1750 ffree(struct file *fp)
1752 KASSERT((fp->f_count == 0), ("ffree: fp_fcount not 0!"));
1754 if (fp->f_nchandle.ncp)
1755 cache_drop(&fp->f_nchandle);
1760 * called from init_main, initialize filedesc0 for proc0.
1763 fdinit_bootstrap(struct proc *p0, struct filedesc *fdp0, int cmask)
1767 fdp0->fd_refcnt = 1;
1768 fdp0->fd_cmask = cmask;
1769 fdp0->fd_files = fdp0->fd_builtin_files;
1770 fdp0->fd_nfiles = NDFILE;
1771 fdp0->fd_lastfile = -1;
1772 spin_init(&fdp0->fd_spin, "fdinitbootstrap");
1776 * Build a new filedesc structure.
1779 fdinit(struct proc *p)
1781 struct filedesc *newfdp;
1782 struct filedesc *fdp = p->p_fd;
1784 newfdp = kmalloc(sizeof(struct filedesc), M_FILEDESC, M_WAITOK|M_ZERO);
1785 spin_lock(&fdp->fd_spin);
1787 newfdp->fd_cdir = fdp->fd_cdir;
1788 vref(newfdp->fd_cdir);
1789 cache_copy(&fdp->fd_ncdir, &newfdp->fd_ncdir);
1793 * rdir may not be set in e.g. proc0 or anything vm_fork'd off of
1794 * proc0, but should unconditionally exist in other processes.
1797 newfdp->fd_rdir = fdp->fd_rdir;
1798 vref(newfdp->fd_rdir);
1799 cache_copy(&fdp->fd_nrdir, &newfdp->fd_nrdir);
1802 newfdp->fd_jdir = fdp->fd_jdir;
1803 vref(newfdp->fd_jdir);
1804 cache_copy(&fdp->fd_njdir, &newfdp->fd_njdir);
1806 spin_unlock(&fdp->fd_spin);
1808 /* Create the file descriptor table. */
1809 newfdp->fd_refcnt = 1;
1810 newfdp->fd_cmask = cmask;
1811 newfdp->fd_files = newfdp->fd_builtin_files;
1812 newfdp->fd_nfiles = NDFILE;
1813 newfdp->fd_lastfile = -1;
1814 spin_init(&newfdp->fd_spin, "fdinit");
1820 * Share a filedesc structure.
1823 fdshare(struct proc *p)
1825 struct filedesc *fdp;
1828 spin_lock(&fdp->fd_spin);
1830 spin_unlock(&fdp->fd_spin);
1835 * Copy a filedesc structure.
1838 fdcopy(struct proc *p, struct filedesc **fpp)
1840 struct filedesc *fdp = p->p_fd;
1841 struct filedesc *newfdp;
1842 struct fdnode *fdnode;
1847 * Certain daemons might not have file descriptors.
1853 * Allocate the new filedesc and fd_files[] array. This can race
1854 * with operations by other threads on the fdp so we have to be
1857 newfdp = kmalloc(sizeof(struct filedesc),
1858 M_FILEDESC, M_WAITOK | M_ZERO | M_NULLOK);
1859 if (newfdp == NULL) {
1864 spin_lock(&fdp->fd_spin);
1865 if (fdp->fd_lastfile < NDFILE) {
1866 newfdp->fd_files = newfdp->fd_builtin_files;
1870 * We have to allocate (N^2-1) entries for our in-place
1871 * binary tree. Allow the table to shrink.
1875 while (ni > fdp->fd_lastfile && ni > NDFILE) {
1879 spin_unlock(&fdp->fd_spin);
1880 newfdp->fd_files = kmalloc(i * sizeof(struct fdnode),
1881 M_FILEDESC, M_WAITOK | M_ZERO);
1884 * Check for race, retry
1886 spin_lock(&fdp->fd_spin);
1887 if (i <= fdp->fd_lastfile) {
1888 spin_unlock(&fdp->fd_spin);
1889 kfree(newfdp->fd_files, M_FILEDESC);
1895 * Dup the remaining fields. vref() and cache_hold() can be
1896 * safely called while holding the read spinlock on fdp.
1898 * The read spinlock on fdp is still being held.
1900 * NOTE: vref and cache_hold calls for the case where the vnode
1901 * or cache entry already has at least one ref may be called
1902 * while holding spin locks.
1904 if ((newfdp->fd_cdir = fdp->fd_cdir) != NULL) {
1905 vref(newfdp->fd_cdir);
1906 cache_copy(&fdp->fd_ncdir, &newfdp->fd_ncdir);
1909 * We must check for fd_rdir here, at least for now because
1910 * the init process is created before we have access to the
1911 * rootvode to take a reference to it.
1913 if ((newfdp->fd_rdir = fdp->fd_rdir) != NULL) {
1914 vref(newfdp->fd_rdir);
1915 cache_copy(&fdp->fd_nrdir, &newfdp->fd_nrdir);
1917 if ((newfdp->fd_jdir = fdp->fd_jdir) != NULL) {
1918 vref(newfdp->fd_jdir);
1919 cache_copy(&fdp->fd_njdir, &newfdp->fd_njdir);
1921 newfdp->fd_refcnt = 1;
1922 newfdp->fd_nfiles = i;
1923 newfdp->fd_lastfile = fdp->fd_lastfile;
1924 newfdp->fd_freefile = fdp->fd_freefile;
1925 newfdp->fd_cmask = fdp->fd_cmask;
1926 spin_init(&newfdp->fd_spin, "fdcopy");
1929 * Copy the descriptor table through (i). This also copies the
1930 * allocation state. Then go through and ref the file pointers
1931 * and clean up any KQ descriptors.
1933 * kq descriptors cannot be copied. Since we haven't ref'd the
1934 * copied files yet we can ignore the return value from funsetfd().
1936 * The read spinlock on fdp is still being held.
1938 bcopy(fdp->fd_files, newfdp->fd_files, i * sizeof(struct fdnode));
1939 for (i = 0 ; i < newfdp->fd_nfiles; ++i) {
1940 fdnode = &newfdp->fd_files[i];
1941 if (fdnode->reserved) {
1942 fdreserve_locked(newfdp, i, -1);
1943 fdnode->reserved = 0;
1944 fdfixup_locked(newfdp, i);
1945 } else if (fdnode->fp) {
1946 if (fdnode->fp->f_type == DTYPE_KQUEUE) {
1947 (void)funsetfd_locked(newfdp, i);
1953 spin_unlock(&fdp->fd_spin);
1959 * Release a filedesc structure.
1961 * NOT MPSAFE (MPSAFE for refs > 1, but the final cleanup code is not MPSAFE)
1964 fdfree(struct proc *p, struct filedesc *repl)
1966 struct filedesc *fdp;
1967 struct fdnode *fdnode;
1969 struct filedesc_to_leader *fdtol;
1975 * Certain daemons might not have file descriptors.
1984 * Severe messing around to follow.
1986 spin_lock(&fdp->fd_spin);
1988 /* Check for special need to clear POSIX style locks */
1990 if (fdtol != NULL) {
1991 KASSERT(fdtol->fdl_refcount > 0,
1992 ("filedesc_to_refcount botch: fdl_refcount=%d",
1993 fdtol->fdl_refcount));
1994 if (fdtol->fdl_refcount == 1 &&
1995 (p->p_leader->p_flags & P_ADVLOCK) != 0) {
1996 for (i = 0; i <= fdp->fd_lastfile; ++i) {
1997 fdnode = &fdp->fd_files[i];
1998 if (fdnode->fp == NULL ||
1999 fdnode->fp->f_type != DTYPE_VNODE) {
2004 spin_unlock(&fdp->fd_spin);
2006 lf.l_whence = SEEK_SET;
2009 lf.l_type = F_UNLCK;
2010 vp = (struct vnode *)fp->f_data;
2011 (void) VOP_ADVLOCK(vp,
2012 (caddr_t)p->p_leader,
2017 spin_lock(&fdp->fd_spin);
2021 if (fdtol->fdl_refcount == 1) {
2022 if (fdp->fd_holdleaderscount > 0 &&
2023 (p->p_leader->p_flags & P_ADVLOCK) != 0) {
2025 * close() or do_dup() has cleared a reference
2026 * in a shared file descriptor table.
2028 fdp->fd_holdleaderswakeup = 1;
2029 ssleep(&fdp->fd_holdleaderscount,
2030 &fdp->fd_spin, 0, "fdlhold", 0);
2033 if (fdtol->fdl_holdcount > 0) {
2035 * Ensure that fdtol->fdl_leader
2036 * remains valid in closef().
2038 fdtol->fdl_wakeup = 1;
2039 ssleep(fdtol, &fdp->fd_spin, 0, "fdlhold", 0);
2043 fdtol->fdl_refcount--;
2044 if (fdtol->fdl_refcount == 0 &&
2045 fdtol->fdl_holdcount == 0) {
2046 fdtol->fdl_next->fdl_prev = fdtol->fdl_prev;
2047 fdtol->fdl_prev->fdl_next = fdtol->fdl_next;
2052 if (fdtol != NULL) {
2053 spin_unlock(&fdp->fd_spin);
2054 kfree(fdtol, M_FILEDESC_TO_LEADER);
2055 spin_lock(&fdp->fd_spin);
2058 if (--fdp->fd_refcnt > 0) {
2059 spin_unlock(&fdp->fd_spin);
2060 spin_lock(&p->p_spin);
2062 spin_unlock(&p->p_spin);
2067 * Even though we are the last reference to the structure allproc
2068 * scans may still reference the structure. Maintain proper
2069 * locks until we can replace p->p_fd.
2071 * Also note that kqueue's closef still needs to reference the
2072 * fdp via p->p_fd, so we have to close the descriptors before
2073 * we replace p->p_fd.
2075 for (i = 0; i <= fdp->fd_lastfile; ++i) {
2076 if (fdp->fd_files[i].fp) {
2077 fp = funsetfd_locked(fdp, i);
2079 spin_unlock(&fdp->fd_spin);
2080 if (SLIST_FIRST(&fp->f_klist))
2081 knote_fdclose(fp, fdp, i);
2083 spin_lock(&fdp->fd_spin);
2087 spin_unlock(&fdp->fd_spin);
2090 * Interlock against an allproc scan operations (typically frevoke).
2092 spin_lock(&p->p_spin);
2094 spin_unlock(&p->p_spin);
2097 * Wait for any softrefs to go away. This race rarely occurs so
2098 * we can use a non-critical-path style poll/sleep loop. The
2099 * race only occurs against allproc scans.
2101 * No new softrefs can occur with the fdp disconnected from the
2104 if (fdp->fd_softrefs) {
2105 kprintf("pid %d: Warning, fdp race avoided\n", p->p_pid);
2106 while (fdp->fd_softrefs)
2107 tsleep(&fdp->fd_softrefs, 0, "fdsoft", 1);
2110 if (fdp->fd_files != fdp->fd_builtin_files)
2111 kfree(fdp->fd_files, M_FILEDESC);
2113 cache_drop(&fdp->fd_ncdir);
2114 vrele(fdp->fd_cdir);
2117 cache_drop(&fdp->fd_nrdir);
2118 vrele(fdp->fd_rdir);
2121 cache_drop(&fdp->fd_njdir);
2122 vrele(fdp->fd_jdir);
2124 kfree(fdp, M_FILEDESC);
2128 * Retrieve and reference the file pointer associated with a descriptor.
2131 holdfp(struct filedesc *fdp, int fd, int flag)
2135 spin_lock_shared(&fdp->fd_spin);
2136 if (((u_int)fd) >= fdp->fd_nfiles) {
2140 if ((fp = fdp->fd_files[fd].fp) == NULL)
2142 if ((fp->f_flag & flag) == 0 && flag != -1) {
2148 spin_unlock_shared(&fdp->fd_spin);
2153 * holdsock() - load the struct file pointer associated
2154 * with a socket into *fpp. If an error occurs, non-zero
2155 * will be returned and *fpp will be set to NULL.
2158 holdsock(struct filedesc *fdp, int fd, struct file **fpp)
2163 spin_lock_shared(&fdp->fd_spin);
2164 if ((unsigned)fd >= fdp->fd_nfiles) {
2169 if ((fp = fdp->fd_files[fd].fp) == NULL) {
2173 if (fp->f_type != DTYPE_SOCKET) {
2180 spin_unlock_shared(&fdp->fd_spin);
2186 * Convert a user file descriptor to a held file pointer.
2189 holdvnode(struct filedesc *fdp, int fd, struct file **fpp)
2194 spin_lock_shared(&fdp->fd_spin);
2195 if ((unsigned)fd >= fdp->fd_nfiles) {
2200 if ((fp = fdp->fd_files[fd].fp) == NULL) {
2204 if (fp->f_type != DTYPE_VNODE && fp->f_type != DTYPE_FIFO) {
2212 spin_unlock_shared(&fdp->fd_spin);
2218 * For setugid programs, we don't want to people to use that setugidness
2219 * to generate error messages which write to a file which otherwise would
2220 * otherwise be off-limits to the process.
2222 * This is a gross hack to plug the hole. A better solution would involve
2223 * a special vop or other form of generalized access control mechanism. We
2224 * go ahead and just reject all procfs file systems accesses as dangerous.
2226 * Since setugidsafety calls this only for fd 0, 1 and 2, this check is
2227 * sufficient. We also don't for check setugidness since we know we are.
2230 is_unsafe(struct file *fp)
2232 if (fp->f_type == DTYPE_VNODE &&
2233 ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS)
2239 * Make this setguid thing safe, if at all possible.
2241 * NOT MPSAFE - scans fdp without spinlocks, calls knote_fdclose()
2244 setugidsafety(struct proc *p)
2246 struct filedesc *fdp = p->p_fd;
2249 /* Certain daemons might not have file descriptors. */
2254 * note: fdp->fd_files may be reallocated out from under us while
2255 * we are blocked in a close. Be careful!
2257 for (i = 0; i <= fdp->fd_lastfile; i++) {
2260 if (fdp->fd_files[i].fp && is_unsafe(fdp->fd_files[i].fp)) {
2264 * NULL-out descriptor prior to close to avoid
2265 * a race while close blocks.
2267 if ((fp = funsetfd_locked(fdp, i)) != NULL) {
2268 knote_fdclose(fp, fdp, i);
2276 * Close any files on exec?
2278 * NOT MPSAFE - scans fdp without spinlocks, calls knote_fdclose()
2281 fdcloseexec(struct proc *p)
2283 struct filedesc *fdp = p->p_fd;
2286 /* Certain daemons might not have file descriptors. */
2291 * We cannot cache fd_files since operations may block and rip
2292 * them out from under us.
2294 for (i = 0; i <= fdp->fd_lastfile; i++) {
2295 if (fdp->fd_files[i].fp != NULL &&
2296 (fdp->fd_files[i].fileflags & UF_EXCLOSE)) {
2300 * NULL-out descriptor prior to close to avoid
2301 * a race while close blocks.
2303 if ((fp = funsetfd_locked(fdp, i)) != NULL) {
2304 knote_fdclose(fp, fdp, i);
2312 * It is unsafe for set[ug]id processes to be started with file
2313 * descriptors 0..2 closed, as these descriptors are given implicit
2314 * significance in the Standard C library. fdcheckstd() will create a
2315 * descriptor referencing /dev/null for each of stdin, stdout, and
2316 * stderr that is not already open.
2318 * NOT MPSAFE - calls falloc, vn_open, etc
2321 fdcheckstd(struct lwp *lp)
2323 struct nlookupdata nd;
2324 struct filedesc *fdp;
2327 int i, error, flags, devnull;
2329 fdp = lp->lwp_proc->p_fd;
2334 for (i = 0; i < 3; i++) {
2335 if (fdp->fd_files[i].fp != NULL)
2338 if ((error = falloc(lp, &fp, &devnull)) != 0)
2341 error = nlookup_init(&nd, "/dev/null", UIO_SYSSPACE,
2342 NLC_FOLLOW|NLC_LOCKVP);
2343 flags = FREAD | FWRITE;
2345 error = vn_open(&nd, fp, flags, 0);
2347 fsetfd(fdp, fp, devnull);
2349 fsetfd(fdp, NULL, devnull);
2354 KKASSERT(i == devnull);
2356 error = kern_dup(DUP_FIXED, devnull, i, &retval);
2365 * Internal form of close.
2366 * Decrement reference count on file structure.
2367 * Note: td and/or p may be NULL when closing a file
2368 * that was being passed in a message.
2370 * MPALMOSTSAFE - acquires mplock for VOP operations
2373 closef(struct file *fp, struct proc *p)
2377 struct filedesc_to_leader *fdtol;
2383 * POSIX record locking dictates that any close releases ALL
2384 * locks owned by this process. This is handled by setting
2385 * a flag in the unlock to free ONLY locks obeying POSIX
2386 * semantics, and not to free BSD-style file locks.
2387 * If the descriptor was in a message, POSIX-style locks
2388 * aren't passed with the descriptor.
2390 if (p != NULL && fp->f_type == DTYPE_VNODE &&
2391 (((struct vnode *)fp->f_data)->v_flag & VMAYHAVELOCKS)
2393 if ((p->p_leader->p_flags & P_ADVLOCK) != 0) {
2394 lf.l_whence = SEEK_SET;
2397 lf.l_type = F_UNLCK;
2398 vp = (struct vnode *)fp->f_data;
2399 (void) VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_UNLCK,
2403 if (fdtol != NULL) {
2404 lwkt_gettoken(&p->p_token);
2406 * Handle special case where file descriptor table
2407 * is shared between multiple process leaders.
2409 for (fdtol = fdtol->fdl_next;
2410 fdtol != p->p_fdtol;
2411 fdtol = fdtol->fdl_next) {
2412 if ((fdtol->fdl_leader->p_flags &
2415 fdtol->fdl_holdcount++;
2416 lf.l_whence = SEEK_SET;
2419 lf.l_type = F_UNLCK;
2420 vp = (struct vnode *)fp->f_data;
2421 (void) VOP_ADVLOCK(vp,
2422 (caddr_t)fdtol->fdl_leader,
2423 F_UNLCK, &lf, F_POSIX);
2424 fdtol->fdl_holdcount--;
2425 if (fdtol->fdl_holdcount == 0 &&
2426 fdtol->fdl_wakeup != 0) {
2427 fdtol->fdl_wakeup = 0;
2431 lwkt_reltoken(&p->p_token);
2438 * fhold() can only be called if f_count is already at least 1 (i.e. the
2439 * caller of fhold() already has a reference to the file pointer in some
2442 * Atomic ops are used for incrementing and decrementing f_count before
2443 * the 1->0 transition. f_count 1->0 transition is special, see the
2444 * comment in fdrop().
2447 fhold(struct file *fp)
2449 /* 0->1 transition will never work */
2450 KASSERT(fp->f_count > 0, ("fhold: invalid f_count %d", fp->f_count));
2451 atomic_add_int(&fp->f_count, 1);
2455 * fdrop() - drop a reference to a descriptor
2458 fdrop(struct file *fp)
2462 int error, do_free = 0;
2466 * Simple atomic_fetchadd_int(f_count, -1) here will cause use-
2467 * after-free or double free (due to f_count 0->1 transition), if
2468 * fhold() is called on the fps found through filehead iteration.
2471 int count = fp->f_count;
2474 KASSERT(count > 0, ("fdrop: invalid f_count %d", count));
2476 struct filelist_head *head = fp2filelist(fp);
2479 * About to drop the last reference, hold the
2480 * filehead spin lock and drop it, so that no
2481 * one could see this fp through filehead anymore,
2482 * let alone fhold() this fp.
2484 spin_lock(&head->spin);
2485 if (atomic_cmpset_int(&fp->f_count, count, 0)) {
2486 LIST_REMOVE(fp, f_list);
2487 spin_unlock(&head->spin);
2488 atomic_subtract_int(&nfiles, 1);
2489 do_free = 1; /* free this fp */
2492 spin_unlock(&head->spin);
2494 } else if (atomic_cmpset_int(&fp->f_count, count, count - 1)) {
2502 KKASSERT(SLIST_FIRST(&fp->f_klist) == NULL);
2505 * The last reference has gone away, we own the fp structure free
2508 if (fp->f_count < 0)
2509 panic("fdrop: count < 0");
2510 if ((fp->f_flag & FHASLOCK) && fp->f_type == DTYPE_VNODE &&
2511 (((struct vnode *)fp->f_data)->v_flag & VMAYHAVELOCKS)
2513 lf.l_whence = SEEK_SET;
2516 lf.l_type = F_UNLCK;
2517 vp = (struct vnode *)fp->f_data;
2518 (void) VOP_ADVLOCK(vp, (caddr_t)fp, F_UNLCK, &lf, 0);
2520 if (fp->f_ops != &badfileops)
2521 error = fo_close(fp);
2529 * Apply an advisory lock on a file descriptor.
2531 * Just attempt to get a record lock of the requested type on
2532 * the entire file (l_whence = SEEK_SET, l_start = 0, l_len = 0).
2537 sys_flock(struct flock_args *uap)
2539 struct proc *p = curproc;
2545 if ((fp = holdfp(p->p_fd, uap->fd, -1)) == NULL)
2547 if (fp->f_type != DTYPE_VNODE) {
2551 vp = (struct vnode *)fp->f_data;
2552 lf.l_whence = SEEK_SET;
2555 if (uap->how & LOCK_UN) {
2556 lf.l_type = F_UNLCK;
2557 atomic_clear_int(&fp->f_flag, FHASLOCK); /* race ok */
2558 error = VOP_ADVLOCK(vp, (caddr_t)fp, F_UNLCK, &lf, 0);
2561 if (uap->how & LOCK_EX)
2562 lf.l_type = F_WRLCK;
2563 else if (uap->how & LOCK_SH)
2564 lf.l_type = F_RDLCK;
2569 if (uap->how & LOCK_NB)
2570 error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, 0);
2572 error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, F_WAIT);
2573 atomic_set_int(&fp->f_flag, FHASLOCK); /* race ok */
2580 * File Descriptor pseudo-device driver (/dev/fd/).
2582 * Opening minor device N dup()s the file (if any) connected to file
2583 * descriptor N belonging to the calling process. Note that this driver
2584 * consists of only the ``open()'' routine, because all subsequent
2585 * references to this file will be direct to the other driver.
2588 fdopen(struct dev_open_args *ap)
2590 thread_t td = curthread;
2592 KKASSERT(td->td_lwp != NULL);
2595 * XXX Kludge: set curlwp->lwp_dupfd to contain the value of the
2596 * the file descriptor being sought for duplication. The error
2597 * return ensures that the vnode for this device will be released
2598 * by vn_open. Open will detect this special error and take the
2599 * actions in dupfdopen below. Other callers of vn_open or VOP_OPEN
2600 * will simply report the error.
2602 td->td_lwp->lwp_dupfd = minor(ap->a_head.a_dev);
2607 * The caller has reserved the file descriptor dfd for us. On success we
2608 * must fsetfd() it. On failure the caller will clean it up.
2611 dupfdopen(struct filedesc *fdp, int dfd, int sfd, int mode, int error)
2617 if ((wfp = holdfp(fdp, sfd, -1)) == NULL)
2621 * Close a revoke/dup race. Duping a descriptor marked as revoked
2622 * will dup a dummy descriptor instead of the real one.
2624 if (wfp->f_flag & FREVOKED) {
2625 kprintf("Warning: attempt to dup() a revoked descriptor\n");
2628 werror = falloc(NULL, &wfp, NULL);
2634 * There are two cases of interest here.
2636 * For ENODEV simply dup sfd to file descriptor dfd and return.
2638 * For ENXIO steal away the file structure from sfd and store it
2639 * dfd. sfd is effectively closed by this operation.
2641 * Any other error code is just returned.
2646 * Check that the mode the file is being opened for is a
2647 * subset of the mode of the existing descriptor.
2649 if (((mode & (FREAD|FWRITE)) | wfp->f_flag) != wfp->f_flag) {
2653 spin_lock(&fdp->fd_spin);
2654 fdp->fd_files[dfd].fileflags = fdp->fd_files[sfd].fileflags;
2655 fsetfd_locked(fdp, wfp, dfd);
2656 spin_unlock(&fdp->fd_spin);
2661 * Steal away the file pointer from dfd, and stuff it into indx.
2663 spin_lock(&fdp->fd_spin);
2664 fdp->fd_files[dfd].fileflags = fdp->fd_files[sfd].fileflags;
2665 fsetfd(fdp, wfp, dfd);
2666 if ((xfp = funsetfd_locked(fdp, sfd)) != NULL) {
2667 spin_unlock(&fdp->fd_spin);
2670 spin_unlock(&fdp->fd_spin);
2682 * NOT MPSAFE - I think these refer to a common file descriptor table
2683 * and we need to spinlock that to link fdtol in.
2685 struct filedesc_to_leader *
2686 filedesc_to_leader_alloc(struct filedesc_to_leader *old,
2687 struct proc *leader)
2689 struct filedesc_to_leader *fdtol;
2691 fdtol = kmalloc(sizeof(struct filedesc_to_leader),
2692 M_FILEDESC_TO_LEADER, M_WAITOK | M_ZERO);
2693 fdtol->fdl_refcount = 1;
2694 fdtol->fdl_holdcount = 0;
2695 fdtol->fdl_wakeup = 0;
2696 fdtol->fdl_leader = leader;
2698 fdtol->fdl_next = old->fdl_next;
2699 fdtol->fdl_prev = old;
2700 old->fdl_next = fdtol;
2701 fdtol->fdl_next->fdl_prev = fdtol;
2703 fdtol->fdl_next = fdtol;
2704 fdtol->fdl_prev = fdtol;
2710 * Scan all file pointers in the system. The callback is made with
2711 * the master list spinlock held exclusively.
2714 allfiles_scan_exclusive(int (*callback)(struct file *, void *), void *data)
2718 for (i = 0; i < NFILELIST_HEADS; ++i) {
2719 struct filelist_head *head = &filelist_heads[i];
2722 spin_lock(&head->spin);
2723 LIST_FOREACH(fp, &head->list, f_list) {
2726 res = callback(fp, data);
2730 spin_unlock(&head->spin);
2735 * Get file structures.
2737 * NOT MPSAFE - process list scan, SYSCTL_OUT (probably not mpsafe)
2740 struct sysctl_kern_file_info {
2743 struct sysctl_req *req;
2746 static int sysctl_kern_file_callback(struct proc *p, void *data);
2749 sysctl_kern_file(SYSCTL_HANDLER_ARGS)
2751 struct sysctl_kern_file_info info;
2754 * Note: because the number of file descriptors is calculated
2755 * in different ways for sizing vs returning the data,
2756 * there is information leakage from the first loop. However,
2757 * it is of a similar order of magnitude to the leakage from
2758 * global system statistics such as kern.openfiles.
2760 * When just doing a count, note that we cannot just count
2761 * the elements and add f_count via the filehead list because
2762 * threaded processes share their descriptor table and f_count might
2763 * still be '1' in that case.
2765 * Since the SYSCTL op can block, we must hold the process to
2766 * prevent it being ripped out from under us either in the
2767 * file descriptor loop or in the greater LIST_FOREACH. The
2768 * process may be in varying states of disrepair. If the process
2769 * is in SZOMB we may have caught it just as it is being removed
2770 * from the allproc list, we must skip it in that case to maintain
2771 * an unbroken chain through the allproc list.
2776 allproc_scan(sysctl_kern_file_callback, &info);
2779 * When just calculating the size, overestimate a bit to try to
2780 * prevent system activity from causing the buffer-fill call
2783 if (req->oldptr == NULL) {
2784 info.count = (info.count + 16) + (info.count / 10);
2785 info.error = SYSCTL_OUT(req, NULL,
2786 info.count * sizeof(struct kinfo_file));
2788 return (info.error);
2792 sysctl_kern_file_callback(struct proc *p, void *data)
2794 struct sysctl_kern_file_info *info = data;
2795 struct kinfo_file kf;
2796 struct filedesc *fdp;
2801 if (p->p_stat == SIDL || p->p_stat == SZOMB)
2803 if (!(PRISON_CHECK(info->req->td->td_ucred, p->p_ucred) != 0))
2807 * Softref the fdp to prevent it from being destroyed
2809 spin_lock(&p->p_spin);
2810 if ((fdp = p->p_fd) == NULL) {
2811 spin_unlock(&p->p_spin);
2814 atomic_add_int(&fdp->fd_softrefs, 1);
2815 spin_unlock(&p->p_spin);
2818 * The fdp's own spinlock prevents the contents from being
2821 spin_lock_shared(&fdp->fd_spin);
2822 for (n = 0; n < fdp->fd_nfiles; ++n) {
2823 if ((fp = fdp->fd_files[n].fp) == NULL)
2825 if (info->req->oldptr == NULL) {
2828 uid = p->p_ucred ? p->p_ucred->cr_uid : -1;
2829 kcore_make_file(&kf, fp, p->p_pid, uid, n);
2830 spin_unlock_shared(&fdp->fd_spin);
2831 info->error = SYSCTL_OUT(info->req, &kf, sizeof(kf));
2832 spin_lock_shared(&fdp->fd_spin);
2837 spin_unlock_shared(&fdp->fd_spin);
2838 atomic_subtract_int(&fdp->fd_softrefs, 1);
2844 SYSCTL_PROC(_kern, KERN_FILE, file, CTLTYPE_OPAQUE|CTLFLAG_RD,
2845 0, 0, sysctl_kern_file, "S,file", "Entire file table");
2847 SYSCTL_INT(_kern, OID_AUTO, minfilesperproc, CTLFLAG_RW,
2848 &minfilesperproc, 0, "Minimum files allowed open per process");
2849 SYSCTL_INT(_kern, KERN_MAXFILESPERPROC, maxfilesperproc, CTLFLAG_RW,
2850 &maxfilesperproc, 0, "Maximum files allowed open per process");
2851 SYSCTL_INT(_kern, OID_AUTO, maxfilesperuser, CTLFLAG_RW,
2852 &maxfilesperuser, 0, "Maximum files allowed open per user");
2854 SYSCTL_INT(_kern, KERN_MAXFILES, maxfiles, CTLFLAG_RW,
2855 &maxfiles, 0, "Maximum number of files");
2857 SYSCTL_INT(_kern, OID_AUTO, maxfilesrootres, CTLFLAG_RW,
2858 &maxfilesrootres, 0, "Descriptors reserved for root use");
2860 SYSCTL_INT(_kern, OID_AUTO, openfiles, CTLFLAG_RD,
2861 &nfiles, 0, "System-wide number of open files");
2864 fildesc_drvinit(void *unused)
2868 for (fd = 0; fd < NUMFDESC; fd++) {
2869 make_dev(&fildesc_ops, fd,
2870 UID_BIN, GID_BIN, 0666, "fd/%d", fd);
2873 make_dev(&fildesc_ops, 0, UID_ROOT, GID_WHEEL, 0666, "stdin");
2874 make_dev(&fildesc_ops, 1, UID_ROOT, GID_WHEEL, 0666, "stdout");
2875 make_dev(&fildesc_ops, 2, UID_ROOT, GID_WHEEL, 0666, "stderr");
2878 struct fileops badfileops = {
2879 .fo_read = badfo_readwrite,
2880 .fo_write = badfo_readwrite,
2881 .fo_ioctl = badfo_ioctl,
2882 .fo_kqfilter = badfo_kqfilter,
2883 .fo_stat = badfo_stat,
2884 .fo_close = badfo_close,
2885 .fo_shutdown = badfo_shutdown
2899 badfo_ioctl(struct file *fp, u_long com, caddr_t data,
2900 struct ucred *cred, struct sysmsg *msgv)
2906 * Must return an error to prevent registration, typically
2907 * due to a revoked descriptor (file_filtops assigned).
2910 badfo_kqfilter(struct file *fp, struct knote *kn)
2912 return (EOPNOTSUPP);
2916 badfo_stat(struct file *fp, struct stat *sb, struct ucred *cred)
2922 badfo_close(struct file *fp)
2928 badfo_shutdown(struct file *fp, int how)
2934 nofo_shutdown(struct file *fp, int how)
2936 return (EOPNOTSUPP);
2939 SYSINIT(fildescdev, SI_SUB_DRIVERS, SI_ORDER_MIDDLE + CDEV_MAJOR,
2940 fildesc_drvinit,NULL);
2943 filelist_heads_init(void *arg __unused)
2947 for (i = 0; i < NFILELIST_HEADS; ++i) {
2948 struct filelist_head *head = &filelist_heads[i];
2950 spin_init(&head->spin, "filehead_spin");
2951 LIST_INIT(&head->list);
2955 SYSINIT(filelistheads, SI_BOOT1_LOCK, SI_ORDER_ANY,
2956 filelist_heads_init, NULL);