1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1989, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)kern_descrip.c 8.6 (Berkeley) 4/19/94
37 */
38
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
41
42 #include "opt_capsicum.h"
43 #include "opt_ddb.h"
44 #include "opt_ktrace.h"
45
46 #include <sys/param.h>
47 #include <sys/systm.h>
48
49 #include <sys/capsicum.h>
50 #include <sys/conf.h>
51 #include <sys/fcntl.h>
52 #include <sys/file.h>
53 #include <sys/filedesc.h>
54 #include <sys/filio.h>
55 #include <sys/jail.h>
56 #include <sys/kernel.h>
57 #include <sys/limits.h>
58 #include <sys/lock.h>
59 #include <sys/malloc.h>
60 #include <sys/mount.h>
61 #include <sys/mutex.h>
62 #include <sys/namei.h>
63 #include <sys/selinfo.h>
64 #include <sys/priv.h>
65 #include <sys/proc.h>
66 #include <sys/protosw.h>
67 #include <sys/racct.h>
68 #include <sys/resourcevar.h>
69 #include <sys/sbuf.h>
70 #include <sys/signalvar.h>
71 #include <sys/kdb.h>
72 #include <sys/stat.h>
73 #include <sys/sx.h>
74 #include <sys/syscallsubr.h>
75 #include <sys/sysctl.h>
76 #include <sys/sysproto.h>
77 #include <sys/unistd.h>
78 #include <sys/user.h>
79 #include <sys/vnode.h>
80 #ifdef KTRACE
81 #include <sys/ktrace.h>
82 #endif
83
84 #include <net/vnet.h>
85
86 #include <security/audit/audit.h>
87
88 #include <vm/uma.h>
89 #include <vm/vm.h>
90
91 #include <ddb/ddb.h>
92
93 static MALLOC_DEFINE(M_FILEDESC, "filedesc", "Open file descriptor table");
94 static MALLOC_DEFINE(M_FILEDESC_TO_LEADER, "filedesc_to_leader",
95 "file desc to leader structures");
96 static MALLOC_DEFINE(M_SIGIO, "sigio", "sigio structures");
97 MALLOC_DEFINE(M_FILECAPS, "filecaps", "descriptor capabilities");
98
99 MALLOC_DECLARE(M_FADVISE);
100
101 static __read_mostly uma_zone_t file_zone;
102 static __read_mostly uma_zone_t filedesc0_zone;
103
104 static int closefp(struct filedesc *fdp, int fd, struct file *fp,
105 struct thread *td, int holdleaders);
106 static int fd_first_free(struct filedesc *fdp, int low, int size);
107 static int fd_last_used(struct filedesc *fdp, int size);
108 static void fdgrowtable(struct filedesc *fdp, int nfd);
109 static void fdgrowtable_exp(struct filedesc *fdp, int nfd);
110 static void fdunused(struct filedesc *fdp, int fd);
111 static void fdused(struct filedesc *fdp, int fd);
112 static int getmaxfd(struct thread *td);
113 static u_long *filecaps_copy_prep(const struct filecaps *src);
114 static void filecaps_copy_finish(const struct filecaps *src,
115 struct filecaps *dst, u_long *ioctls);
116 static u_long *filecaps_free_prep(struct filecaps *fcaps);
117 static void filecaps_free_finish(u_long *ioctls);
118
119 /*
120 * Each process has:
121 *
122 * - An array of open file descriptors (fd_ofiles)
123 * - An array of file flags (fd_ofileflags)
124 * - A bitmap recording which descriptors are in use (fd_map)
125 *
126 * A process starts out with NDFILE descriptors. The value of NDFILE has
127 * been selected based the historical limit of 20 open files, and an
128 * assumption that the majority of processes, especially short-lived
129 * processes like shells, will never need more.
130 *
131 * If this initial allocation is exhausted, a larger descriptor table and
132 * map are allocated dynamically, and the pointers in the process's struct
133 * filedesc are updated to point to those. This is repeated every time
134 * the process runs out of file descriptors (provided it hasn't hit its
135 * resource limit).
136 *
137 * Since threads may hold references to individual descriptor table
138 * entries, the tables are never freed. Instead, they are placed on a
139 * linked list and freed only when the struct filedesc is released.
140 */
141 #define NDFILE 20
142 #define NDSLOTSIZE sizeof(NDSLOTTYPE)
143 #define NDENTRIES (NDSLOTSIZE * __CHAR_BIT)
144 #define NDSLOT(x) ((x) / NDENTRIES)
145 #define NDBIT(x) ((NDSLOTTYPE)1 << ((x) % NDENTRIES))
146 #define NDSLOTS(x) (((x) + NDENTRIES - 1) / NDENTRIES)
147
148 /*
149 * SLIST entry used to keep track of ofiles which must be reclaimed when
150 * the process exits.
151 */
152 struct freetable {
153 struct fdescenttbl *ft_table;
154 SLIST_ENTRY(freetable) ft_next;
155 };
156
157 /*
158 * Initial allocation: a filedesc structure + the head of SLIST used to
159 * keep track of old ofiles + enough space for NDFILE descriptors.
160 */
161
162 struct fdescenttbl0 {
163 int fdt_nfiles;
164 struct filedescent fdt_ofiles[NDFILE];
165 };
166
167 struct filedesc0 {
168 struct filedesc fd_fd;
169 SLIST_HEAD(, freetable) fd_free;
170 struct fdescenttbl0 fd_dfiles;
171 NDSLOTTYPE fd_dmap[NDSLOTS(NDFILE)];
172 };
173
174 /*
175 * Descriptor management.
176 */
177 volatile int __exclusive_cache_line openfiles; /* actual number of open files */
178 struct mtx sigio_lock; /* mtx to protect pointers to sigio */
179 void __read_mostly (*mq_fdclose)(struct thread *td, int fd, struct file *fp);
180
181 /*
182 * If low >= size, just return low. Otherwise find the first zero bit in the
183 * given bitmap, starting at low and not exceeding size - 1. Return size if
184 * not found.
185 */
186 static int
187 fd_first_free(struct filedesc *fdp, int low, int size)
188 {
189 NDSLOTTYPE *map = fdp->fd_map;
190 NDSLOTTYPE mask;
191 int off, maxoff;
192
193 if (low >= size)
194 return (low);
195
196 off = NDSLOT(low);
197 if (low % NDENTRIES) {
198 mask = ~(~(NDSLOTTYPE)0 >> (NDENTRIES - (low % NDENTRIES)));
199 if ((mask &= ~map[off]) != 0UL)
200 return (off * NDENTRIES + ffsl(mask) - 1);
201 ++off;
202 }
203 for (maxoff = NDSLOTS(size); off < maxoff; ++off)
204 if (map[off] != ~0UL)
205 return (off * NDENTRIES + ffsl(~map[off]) - 1);
206 return (size);
207 }
208
209 /*
210 * Find the highest non-zero bit in the given bitmap, starting at 0 and
211 * not exceeding size - 1. Return -1 if not found.
212 */
213 static int
214 fd_last_used(struct filedesc *fdp, int size)
215 {
216 NDSLOTTYPE *map = fdp->fd_map;
217 NDSLOTTYPE mask;
218 int off, minoff;
219
220 off = NDSLOT(size);
221 if (size % NDENTRIES) {
222 mask = ~(~(NDSLOTTYPE)0 << (size % NDENTRIES));
223 if ((mask &= map[off]) != 0)
224 return (off * NDENTRIES + flsl(mask) - 1);
225 --off;
226 }
227 for (minoff = NDSLOT(0); off >= minoff; --off)
228 if (map[off] != 0)
229 return (off * NDENTRIES + flsl(map[off]) - 1);
230 return (-1);
231 }
232
233 static int
234 fdisused(struct filedesc *fdp, int fd)
235 {
236
237 KASSERT(fd >= 0 && fd < fdp->fd_nfiles,
238 ("file descriptor %d out of range (0, %d)", fd, fdp->fd_nfiles));
239
240 return ((fdp->fd_map[NDSLOT(fd)] & NDBIT(fd)) != 0);
241 }
242
243 /*
244 * Mark a file descriptor as used.
245 */
246 static void
247 fdused_init(struct filedesc *fdp, int fd)
248 {
249
250 KASSERT(!fdisused(fdp, fd), ("fd=%d is already used", fd));
251
252 fdp->fd_map[NDSLOT(fd)] |= NDBIT(fd);
253 }
254
255 static void
256 fdused(struct filedesc *fdp, int fd)
257 {
258
259 FILEDESC_XLOCK_ASSERT(fdp);
260
261 fdused_init(fdp, fd);
262 if (fd > fdp->fd_lastfile)
263 fdp->fd_lastfile = fd;
264 if (fd == fdp->fd_freefile)
265 fdp->fd_freefile = fd_first_free(fdp, fd, fdp->fd_nfiles);
266 }
267
268 /*
269 * Mark a file descriptor as unused.
270 */
271 static void
272 fdunused(struct filedesc *fdp, int fd)
273 {
274
275 FILEDESC_XLOCK_ASSERT(fdp);
276
277 KASSERT(fdisused(fdp, fd), ("fd=%d is already unused", fd));
278 KASSERT(fdp->fd_ofiles[fd].fde_file == NULL,
279 ("fd=%d is still in use", fd));
280
281 fdp->fd_map[NDSLOT(fd)] &= ~NDBIT(fd);
282 if (fd < fdp->fd_freefile)
283 fdp->fd_freefile = fd;
284 if (fd == fdp->fd_lastfile)
285 fdp->fd_lastfile = fd_last_used(fdp, fd);
286 }
287
288 /*
289 * Free a file descriptor.
290 *
291 * Avoid some work if fdp is about to be destroyed.
292 */
293 static inline void
294 fdefree_last(struct filedescent *fde)
295 {
296
297 filecaps_free(&fde->fde_caps);
298 }
299
300 static inline void
301 fdfree(struct filedesc *fdp, int fd)
302 {
303 struct filedescent *fde;
304
305 fde = &fdp->fd_ofiles[fd];
306 #ifdef CAPABILITIES
307 seq_write_begin(&fde->fde_seq);
308 #endif
309 fde->fde_file = NULL;
310 #ifdef CAPABILITIES
311 seq_write_end(&fde->fde_seq);
312 #endif
313 fdefree_last(fde);
314 fdunused(fdp, fd);
315 }
316
317 void
318 pwd_ensure_dirs(void)
319 {
320 struct filedesc *fdp;
321
322 fdp = curproc->p_fd;
323 FILEDESC_XLOCK(fdp);
324 if (fdp->fd_cdir == NULL) {
325 fdp->fd_cdir = rootvnode;
326 vrefact(rootvnode);
327 }
328 if (fdp->fd_rdir == NULL) {
329 fdp->fd_rdir = rootvnode;
330 vrefact(rootvnode);
331 }
332 FILEDESC_XUNLOCK(fdp);
333 }
334
335 /*
336 * System calls on descriptors.
337 */
338 #ifndef _SYS_SYSPROTO_H_
339 struct getdtablesize_args {
340 int dummy;
341 };
342 #endif
343 /* ARGSUSED */
344 int
345 sys_getdtablesize(struct thread *td, struct getdtablesize_args *uap)
346 {
347 #ifdef RACCT
348 uint64_t lim;
349 #endif
350
351 td->td_retval[0] =
352 min((int)lim_cur(td, RLIMIT_NOFILE), maxfilesperproc);
353 #ifdef RACCT
354 PROC_LOCK(td->td_proc);
355 lim = racct_get_limit(td->td_proc, RACCT_NOFILE);
356 PROC_UNLOCK(td->td_proc);
357 if (lim < td->td_retval[0])
358 td->td_retval[0] = lim;
359 #endif
360 return (0);
361 }
362
363 /*
364 * Duplicate a file descriptor to a particular value.
365 *
366 * Note: keep in mind that a potential race condition exists when closing
367 * descriptors from a shared descriptor table (via rfork).
368 */
369 #ifndef _SYS_SYSPROTO_H_
370 struct dup2_args {
371 u_int from;
372 u_int to;
373 };
374 #endif
375 /* ARGSUSED */
376 int
377 sys_dup2(struct thread *td, struct dup2_args *uap)
378 {
379
380 return (kern_dup(td, FDDUP_FIXED, 0, (int)uap->from, (int)uap->to));
381 }
382
383 /*
384 * Duplicate a file descriptor.
385 */
386 #ifndef _SYS_SYSPROTO_H_
387 struct dup_args {
388 u_int fd;
389 };
390 #endif
391 /* ARGSUSED */
392 int
393 sys_dup(struct thread *td, struct dup_args *uap)
394 {
395
396 return (kern_dup(td, FDDUP_NORMAL, 0, (int)uap->fd, 0));
397 }
398
399 /*
400 * The file control system call.
401 */
402 #ifndef _SYS_SYSPROTO_H_
403 struct fcntl_args {
404 int fd;
405 int cmd;
406 long arg;
407 };
408 #endif
409 /* ARGSUSED */
410 int
411 sys_fcntl(struct thread *td, struct fcntl_args *uap)
412 {
413
414 return (kern_fcntl_freebsd(td, uap->fd, uap->cmd, uap->arg));
415 }
416
417 int
418 kern_fcntl_freebsd(struct thread *td, int fd, int cmd, long arg)
419 {
420 struct flock fl;
421 struct __oflock ofl;
422 intptr_t arg1;
423 int error, newcmd;
424
425 error = 0;
426 newcmd = cmd;
427 switch (cmd) {
428 case F_OGETLK:
429 case F_OSETLK:
430 case F_OSETLKW:
431 /*
432 * Convert old flock structure to new.
433 */
434 error = copyin((void *)(intptr_t)arg, &ofl, sizeof(ofl));
435 fl.l_start = ofl.l_start;
436 fl.l_len = ofl.l_len;
437 fl.l_pid = ofl.l_pid;
438 fl.l_type = ofl.l_type;
439 fl.l_whence = ofl.l_whence;
440 fl.l_sysid = 0;
441
442 switch (cmd) {
443 case F_OGETLK:
444 newcmd = F_GETLK;
445 break;
446 case F_OSETLK:
447 newcmd = F_SETLK;
448 break;
449 case F_OSETLKW:
450 newcmd = F_SETLKW;
451 break;
452 }
453 arg1 = (intptr_t)&fl;
454 break;
455 case F_GETLK:
456 case F_SETLK:
457 case F_SETLKW:
458 case F_SETLK_REMOTE:
459 error = copyin((void *)(intptr_t)arg, &fl, sizeof(fl));
460 arg1 = (intptr_t)&fl;
461 break;
462 default:
463 arg1 = arg;
464 break;
465 }
466 if (error)
467 return (error);
468 error = kern_fcntl(td, fd, newcmd, arg1);
469 if (error)
470 return (error);
471 if (cmd == F_OGETLK) {
472 ofl.l_start = fl.l_start;
473 ofl.l_len = fl.l_len;
474 ofl.l_pid = fl.l_pid;
475 ofl.l_type = fl.l_type;
476 ofl.l_whence = fl.l_whence;
477 error = copyout(&ofl, (void *)(intptr_t)arg, sizeof(ofl));
478 } else if (cmd == F_GETLK) {
479 error = copyout(&fl, (void *)(intptr_t)arg, sizeof(fl));
480 }
481 return (error);
482 }
483
484 int
485 kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
486 {
487 struct filedesc *fdp;
488 struct flock *flp;
489 struct file *fp, *fp2;
490 struct filedescent *fde;
491 struct proc *p;
492 struct vnode *vp;
493 int error, flg, tmp;
494 uint64_t bsize;
495 off_t foffset;
496
497 error = 0;
498 flg = F_POSIX;
499 p = td->td_proc;
500 fdp = p->p_fd;
501
502 AUDIT_ARG_FD(cmd);
503 AUDIT_ARG_CMD(cmd);
504 switch (cmd) {
505 case F_DUPFD:
506 tmp = arg;
507 error = kern_dup(td, FDDUP_FCNTL, 0, fd, tmp);
508 break;
509
510 case F_DUPFD_CLOEXEC:
511 tmp = arg;
512 error = kern_dup(td, FDDUP_FCNTL, FDDUP_FLAG_CLOEXEC, fd, tmp);
513 break;
514
515 case F_DUP2FD:
516 tmp = arg;
517 error = kern_dup(td, FDDUP_FIXED, 0, fd, tmp);
518 break;
519
520 case F_DUP2FD_CLOEXEC:
521 tmp = arg;
522 error = kern_dup(td, FDDUP_FIXED, FDDUP_FLAG_CLOEXEC, fd, tmp);
523 break;
524
525 case F_GETFD:
526 error = EBADF;
527 FILEDESC_SLOCK(fdp);
528 fde = fdeget_locked(fdp, fd);
529 if (fde != NULL) {
530 td->td_retval[0] =
531 (fde->fde_flags & UF_EXCLOSE) ? FD_CLOEXEC : 0;
532 error = 0;
533 }
534 FILEDESC_SUNLOCK(fdp);
535 break;
536
537 case F_SETFD:
538 error = EBADF;
539 FILEDESC_XLOCK(fdp);
540 fde = fdeget_locked(fdp, fd);
541 if (fde != NULL) {
542 fde->fde_flags = (fde->fde_flags & ~UF_EXCLOSE) |
543 (arg & FD_CLOEXEC ? UF_EXCLOSE : 0);
544 error = 0;
545 }
546 FILEDESC_XUNLOCK(fdp);
547 break;
548
549 case F_GETFL:
550 error = fget_fcntl(td, fd, &cap_fcntl_rights, F_GETFL, &fp);
551 if (error != 0)
552 break;
553 td->td_retval[0] = OFLAGS(fp->f_flag);
554 fdrop(fp, td);
555 break;
556
557 case F_SETFL:
558 error = fget_fcntl(td, fd, &cap_fcntl_rights, F_SETFL, &fp);
559 if (error != 0)
560 break;
561 do {
562 tmp = flg = fp->f_flag;
563 tmp &= ~FCNTLFLAGS;
564 tmp |= FFLAGS(arg & ~O_ACCMODE) & FCNTLFLAGS;
565 } while (atomic_cmpset_int(&fp->f_flag, flg, tmp) == 0);
566 tmp = fp->f_flag & FNONBLOCK;
567 error = fo_ioctl(fp, FIONBIO, &tmp, td->td_ucred, td);
568 if (error != 0) {
569 fdrop(fp, td);
570 break;
571 }
572 tmp = fp->f_flag & FASYNC;
573 error = fo_ioctl(fp, FIOASYNC, &tmp, td->td_ucred, td);
574 if (error == 0) {
575 fdrop(fp, td);
576 break;
577 }
578 atomic_clear_int(&fp->f_flag, FNONBLOCK);
579 tmp = 0;
580 (void)fo_ioctl(fp, FIONBIO, &tmp, td->td_ucred, td);
581 fdrop(fp, td);
582 break;
583
584 case F_GETOWN:
585 error = fget_fcntl(td, fd, &cap_fcntl_rights, F_GETOWN, &fp);
586 if (error != 0)
587 break;
588 error = fo_ioctl(fp, FIOGETOWN, &tmp, td->td_ucred, td);
589 if (error == 0)
590 td->td_retval[0] = tmp;
591 fdrop(fp, td);
592 break;
593
594 case F_SETOWN:
595 error = fget_fcntl(td, fd, &cap_fcntl_rights, F_SETOWN, &fp);
596 if (error != 0)
597 break;
598 tmp = arg;
599 error = fo_ioctl(fp, FIOSETOWN, &tmp, td->td_ucred, td);
600 fdrop(fp, td);
601 break;
602
603 case F_SETLK_REMOTE:
604 error = priv_check(td, PRIV_NFS_LOCKD);
605 if (error != 0)
606 return (error);
607 flg = F_REMOTE;
608 goto do_setlk;
609
610 case F_SETLKW:
611 flg |= F_WAIT;
612 /* FALLTHROUGH F_SETLK */
613
614 case F_SETLK:
615 do_setlk:
616 flp = (struct flock *)arg;
617 if ((flg & F_REMOTE) != 0 && flp->l_sysid == 0) {
618 error = EINVAL;
619 break;
620 }
621
622 error = fget_unlocked(fdp, fd, &cap_flock_rights, &fp, NULL);
623 if (error != 0)
624 break;
625 if (fp->f_type != DTYPE_VNODE) {
626 error = EBADF;
627 fdrop(fp, td);
628 break;
629 }
630
631 if (flp->l_whence == SEEK_CUR) {
632 foffset = foffset_get(fp);
633 if (foffset < 0 ||
634 (flp->l_start > 0 &&
635 foffset > OFF_MAX - flp->l_start)) {
636 error = EOVERFLOW;
637 fdrop(fp, td);
638 break;
639 }
640 flp->l_start += foffset;
641 }
642
643 vp = fp->f_vnode;
644 switch (flp->l_type) {
645 case F_RDLCK:
646 if ((fp->f_flag & FREAD) == 0) {
647 error = EBADF;
648 break;
649 }
650 if ((p->p_leader->p_flag & P_ADVLOCK) == 0) {
651 PROC_LOCK(p->p_leader);
652 p->p_leader->p_flag |= P_ADVLOCK;
653 PROC_UNLOCK(p->p_leader);
654 }
655 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_SETLK,
656 flp, flg);
657 break;
658 case F_WRLCK:
659 if ((fp->f_flag & FWRITE) == 0) {
660 error = EBADF;
661 break;
662 }
663 if ((p->p_leader->p_flag & P_ADVLOCK) == 0) {
664 PROC_LOCK(p->p_leader);
665 p->p_leader->p_flag |= P_ADVLOCK;
666 PROC_UNLOCK(p->p_leader);
667 }
668 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_SETLK,
669 flp, flg);
670 break;
671 case F_UNLCK:
672 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_UNLCK,
673 flp, flg);
674 break;
675 case F_UNLCKSYS:
676 if (flg != F_REMOTE) {
677 error = EINVAL;
678 break;
679 }
680 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader,
681 F_UNLCKSYS, flp, flg);
682 break;
683 default:
684 error = EINVAL;
685 break;
686 }
687 if (error != 0 || flp->l_type == F_UNLCK ||
688 flp->l_type == F_UNLCKSYS) {
689 fdrop(fp, td);
690 break;
691 }
692
693 /*
694 * Check for a race with close.
695 *
696 * The vnode is now advisory locked (or unlocked, but this case
697 * is not really important) as the caller requested.
698 * We had to drop the filedesc lock, so we need to recheck if
699 * the descriptor is still valid, because if it was closed
700 * in the meantime we need to remove advisory lock from the
701 * vnode - close on any descriptor leading to an advisory
702 * locked vnode, removes that lock.
703 * We will return 0 on purpose in that case, as the result of
704 * successful advisory lock might have been externally visible
705 * already. This is fine - effectively we pretend to the caller
706 * that the closing thread was a bit slower and that the
707 * advisory lock succeeded before the close.
708 */
709 error = fget_unlocked(fdp, fd, &cap_no_rights, &fp2, NULL);
710 if (error != 0) {
711 fdrop(fp, td);
712 break;
713 }
714 if (fp != fp2) {
715 flp->l_whence = SEEK_SET;
716 flp->l_start = 0;
717 flp->l_len = 0;
718 flp->l_type = F_UNLCK;
719 (void) VOP_ADVLOCK(vp, (caddr_t)p->p_leader,
720 F_UNLCK, flp, F_POSIX);
721 }
722 fdrop(fp, td);
723 fdrop(fp2, td);
724 break;
725
726 case F_GETLK:
727 error = fget_unlocked(fdp, fd, &cap_flock_rights, &fp, NULL);
728 if (error != 0)
729 break;
730 if (fp->f_type != DTYPE_VNODE) {
731 error = EBADF;
732 fdrop(fp, td);
733 break;
734 }
735 flp = (struct flock *)arg;
736 if (flp->l_type != F_RDLCK && flp->l_type != F_WRLCK &&
737 flp->l_type != F_UNLCK) {
738 error = EINVAL;
739 fdrop(fp, td);
740 break;
741 }
742 if (flp->l_whence == SEEK_CUR) {
743 foffset = foffset_get(fp);
744 if ((flp->l_start > 0 &&
745 foffset > OFF_MAX - flp->l_start) ||
746 (flp->l_start < 0 &&
747 foffset < OFF_MIN - flp->l_start)) {
748 error = EOVERFLOW;
749 fdrop(fp, td);
750 break;
751 }
752 flp->l_start += foffset;
753 }
754 vp = fp->f_vnode;
755 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_GETLK, flp,
756 F_POSIX);
757 fdrop(fp, td);
758 break;
759
760 case F_RDAHEAD:
761 arg = arg ? 128 * 1024: 0;
762 /* FALLTHROUGH */
763 case F_READAHEAD:
764 error = fget_unlocked(fdp, fd, &cap_no_rights, &fp, NULL);
765 if (error != 0)
766 break;
767 if (fp->f_type != DTYPE_VNODE) {
768 fdrop(fp, td);
769 error = EBADF;
770 break;
771 }
772 vp = fp->f_vnode;
773 if (vp->v_type != VREG) {
774 fdrop(fp, td);
775 error = ENOTTY;
776 break;
777 }
778
779 /*
780 * Exclusive lock synchronizes against f_seqcount reads and
781 * writes in sequential_heuristic().
782 */
783 error = vn_lock(vp, LK_EXCLUSIVE);
784 if (error != 0) {
785 fdrop(fp, td);
786 break;
787 }
788 if (arg >= 0) {
789 bsize = fp->f_vnode->v_mount->mnt_stat.f_iosize;
790 arg = MIN(arg, INT_MAX - bsize + 1);
791 fp->f_seqcount = MIN(IO_SEQMAX,
792 (arg + bsize - 1) / bsize);
793 atomic_set_int(&fp->f_flag, FRDAHEAD);
794 } else {
795 atomic_clear_int(&fp->f_flag, FRDAHEAD);
796 }
797 VOP_UNLOCK(vp, 0);
798 fdrop(fp, td);
799 break;
800
801 default:
802 error = EINVAL;
803 break;
804 }
805 return (error);
806 }
807
808 static int
809 getmaxfd(struct thread *td)
810 {
811
812 return (min((int)lim_cur(td, RLIMIT_NOFILE), maxfilesperproc));
813 }
814
815 /*
816 * Common code for dup, dup2, fcntl(F_DUPFD) and fcntl(F_DUP2FD).
817 */
818 int
819 kern_dup(struct thread *td, u_int mode, int flags, int old, int new)
820 {
821 struct filedesc *fdp;
822 struct filedescent *oldfde, *newfde;
823 struct proc *p;
824 struct file *delfp, *oldfp;
825 u_long *oioctls, *nioctls;
826 int error, maxfd;
827
828 p = td->td_proc;
829 fdp = p->p_fd;
830
831 MPASS((flags & ~(FDDUP_FLAG_CLOEXEC)) == 0);
832 MPASS(mode < FDDUP_LASTMODE);
833
834 AUDIT_ARG_FD(old);
835 /* XXXRW: if (flags & FDDUP_FIXED) AUDIT_ARG_FD2(new); */
836
837 /*
838 * Verify we have a valid descriptor to dup from and possibly to
839 * dup to. Unlike dup() and dup2(), fcntl()'s F_DUPFD should
840 * return EINVAL when the new descriptor is out of bounds.
841 */
842 if (old < 0)
843 return (EBADF);
844 if (new < 0)
845 return (mode == FDDUP_FCNTL ? EINVAL : EBADF);
846 maxfd = getmaxfd(td);
847 if (new >= maxfd)
848 return (mode == FDDUP_FCNTL ? EINVAL : EBADF);
849
850 error = EBADF;
851 FILEDESC_XLOCK(fdp);
852 if (fget_locked(fdp, old) == NULL)
853 goto unlock;
854 if ((mode == FDDUP_FIXED || mode == FDDUP_MUSTREPLACE) && old == new) {
855 td->td_retval[0] = new;
856 if (flags & FDDUP_FLAG_CLOEXEC)
857 fdp->fd_ofiles[new].fde_flags |= UF_EXCLOSE;
858 error = 0;
859 goto unlock;
860 }
861
862 oldfde = &fdp->fd_ofiles[old];
863 oldfp = oldfde->fde_file;
864 if (!fhold(oldfp))
865 goto unlock;
866
867 /*
868 * If the caller specified a file descriptor, make sure the file
869 * table is large enough to hold it, and grab it. Otherwise, just
870 * allocate a new descriptor the usual way.
871 */
872 switch (mode) {
873 case FDDUP_NORMAL:
874 case FDDUP_FCNTL:
875 if ((error = fdalloc(td, new, &new)) != 0) {
876 fdrop(oldfp, td);
877 goto unlock;
878 }
879 break;
880 case FDDUP_MUSTREPLACE:
881 /* Target file descriptor must exist. */
882 if (fget_locked(fdp, new) == NULL) {
883 fdrop(oldfp, td);
884 goto unlock;
885 }
886 break;
887 case FDDUP_FIXED:
888 if (new >= fdp->fd_nfiles) {
889 /*
890 * The resource limits are here instead of e.g.
891 * fdalloc(), because the file descriptor table may be
892 * shared between processes, so we can't really use
893 * racct_add()/racct_sub(). Instead of counting the
894 * number of actually allocated descriptors, just put
895 * the limit on the size of the file descriptor table.
896 */
897 #ifdef RACCT
898 if (racct_enable) {
899 PROC_LOCK(p);
900 error = racct_set(p, RACCT_NOFILE, new + 1);
901 PROC_UNLOCK(p);
902 if (error != 0) {
903 error = EMFILE;
904 fdrop(oldfp, td);
905 goto unlock;
906 }
907 }
908 #endif
909 fdgrowtable_exp(fdp, new + 1);
910 }
911 if (!fdisused(fdp, new))
912 fdused(fdp, new);
913 break;
914 default:
915 KASSERT(0, ("%s unsupported mode %d", __func__, mode));
916 }
917
918 KASSERT(old != new, ("new fd is same as old"));
919
920 /* Refetch oldfde because the table may have grown and old one freed. */
921 oldfde = &fdp->fd_ofiles[old];
922 KASSERT(oldfp == oldfde->fde_file,
923 ("fdt_ofiles shift from growth observed at fd %d",
924 old));
925
926 newfde = &fdp->fd_ofiles[new];
927 delfp = newfde->fde_file;
928
929 nioctls = filecaps_copy_prep(&oldfde->fde_caps);
930
931 /*
932 * Duplicate the source descriptor.
933 */
934 #ifdef CAPABILITIES
935 seq_write_begin(&newfde->fde_seq);
936 #endif
937 oioctls = filecaps_free_prep(&newfde->fde_caps);
938 memcpy(newfde, oldfde, fde_change_size);
939 filecaps_copy_finish(&oldfde->fde_caps, &newfde->fde_caps,
940 nioctls);
941 if ((flags & FDDUP_FLAG_CLOEXEC) != 0)
942 newfde->fde_flags = oldfde->fde_flags | UF_EXCLOSE;
943 else
944 newfde->fde_flags = oldfde->fde_flags & ~UF_EXCLOSE;
945 #ifdef CAPABILITIES
946 seq_write_end(&newfde->fde_seq);
947 #endif
948 filecaps_free_finish(oioctls);
949 td->td_retval[0] = new;
950
951 error = 0;
952
953 if (delfp != NULL) {
954 (void) closefp(fdp, new, delfp, td, 1);
955 FILEDESC_UNLOCK_ASSERT(fdp);
956 } else {
957 unlock:
958 FILEDESC_XUNLOCK(fdp);
959 }
960
961 return (error);
962 }
963
964 static void
965 sigiofree(struct sigio *sigio)
966 {
967 crfree(sigio->sio_ucred);
968 free(sigio, M_SIGIO);
969 }
970
971 static struct sigio *
972 funsetown_locked(struct sigio *sigio)
973 {
974 struct proc *p;
975 struct pgrp *pg;
976
977 SIGIO_ASSERT_LOCKED();
978
979 if (sigio == NULL)
980 return (NULL);
981 *(sigio->sio_myref) = NULL;
982 if (sigio->sio_pgid < 0) {
983 pg = sigio->sio_pgrp;
984 PGRP_LOCK(pg);
985 SLIST_REMOVE(&sigio->sio_pgrp->pg_sigiolst, sigio,
986 sigio, sio_pgsigio);
987 PGRP_UNLOCK(pg);
988 } else {
989 p = sigio->sio_proc;
990 PROC_LOCK(p);
991 SLIST_REMOVE(&sigio->sio_proc->p_sigiolst, sigio,
992 sigio, sio_pgsigio);
993 PROC_UNLOCK(p);
994 }
995 return (sigio);
996 }
997
998 /*
999 * If sigio is on the list associated with a process or process group,
1000 * disable signalling from the device, remove sigio from the list and
1001 * free sigio.
1002 */
1003 void
1004 funsetown(struct sigio **sigiop)
1005 {
1006 struct sigio *sigio;
1007
1008 /* Racy check, consumers must provide synchronization. */
1009 if (*sigiop == NULL)
1010 return;
1011
1012 SIGIO_LOCK();
1013 sigio = funsetown_locked(*sigiop);
1014 SIGIO_UNLOCK();
1015 if (sigio != NULL)
1016 sigiofree(sigio);
1017 }
1018
1019 /*
1020 * Free a list of sigio structures. The caller must ensure that new sigio
1021 * structures cannot be added after this point. For process groups this is
1022 * guaranteed using the proctree lock; for processes, the P_WEXIT flag serves
1023 * as an interlock.
1024 */
1025 void
1026 funsetownlst(struct sigiolst *sigiolst)
1027 {
1028 struct proc *p;
1029 struct pgrp *pg;
1030 struct sigio *sigio, *tmp;
1031
1032 /* Racy check. */
1033 sigio = SLIST_FIRST(sigiolst);
1034 if (sigio == NULL)
1035 return;
1036
1037 p = NULL;
1038 pg = NULL;
1039
1040 SIGIO_LOCK();
1041 sigio = SLIST_FIRST(sigiolst);
1042 if (sigio == NULL) {
1043 SIGIO_UNLOCK();
1044 return;
1045 }
1046
1047 /*
1048 * Every entry of the list should belong to a single proc or pgrp.
1049 */
1050 if (sigio->sio_pgid < 0) {
1051 pg = sigio->sio_pgrp;
1052 sx_assert(&proctree_lock, SX_XLOCKED);
1053 PGRP_LOCK(pg);
1054 } else /* if (sigio->sio_pgid > 0) */ {
1055 p = sigio->sio_proc;
1056 PROC_LOCK(p);
1057 KASSERT((p->p_flag & P_WEXIT) != 0,
1058 ("%s: process %p is not exiting", __func__, p));
1059 }
1060
1061 SLIST_FOREACH(sigio, sigiolst, sio_pgsigio) {
1062 *sigio->sio_myref = NULL;
1063 if (pg != NULL) {
1064 KASSERT(sigio->sio_pgid < 0,
1065 ("Proc sigio in pgrp sigio list"));
1066 KASSERT(sigio->sio_pgrp == pg,
1067 ("Bogus pgrp in sigio list"));
1068 } else /* if (p != NULL) */ {
1069 KASSERT(sigio->sio_pgid > 0,
1070 ("Pgrp sigio in proc sigio list"));
1071 KASSERT(sigio->sio_proc == p,
1072 ("Bogus proc in sigio list"));
1073 }
1074 }
1075
1076 if (pg != NULL)
1077 PGRP_UNLOCK(pg);
1078 else
1079 PROC_UNLOCK(p);
1080 SIGIO_UNLOCK();
1081
1082 SLIST_FOREACH_SAFE(sigio, sigiolst, sio_pgsigio, tmp)
1083 sigiofree(sigio);
1084 }
1085
1086 /*
1087 * This is common code for FIOSETOWN ioctl called by fcntl(fd, F_SETOWN, arg).
1088 *
1089 * After permission checking, add a sigio structure to the sigio list for
1090 * the process or process group.
1091 */
1092 int
1093 fsetown(pid_t pgid, struct sigio **sigiop)
1094 {
1095 struct proc *proc;
1096 struct pgrp *pgrp;
1097 struct sigio *osigio, *sigio;
1098 int ret;
1099
1100 if (pgid == 0) {
1101 funsetown(sigiop);
1102 return (0);
1103 }
1104
1105 ret = 0;
1106
1107 sigio = malloc(sizeof(struct sigio), M_SIGIO, M_WAITOK);
1108 sigio->sio_pgid = pgid;
1109 sigio->sio_ucred = crhold(curthread->td_ucred);
1110 sigio->sio_myref = sigiop;
1111
1112 sx_slock(&proctree_lock);
1113 SIGIO_LOCK();
1114 osigio = funsetown_locked(*sigiop);
1115 if (pgid > 0) {
1116 proc = pfind(pgid);
1117 if (proc == NULL) {
1118 ret = ESRCH;
1119 goto fail;
1120 }
1121
1122 /*
1123 * Policy - Don't allow a process to FSETOWN a process
1124 * in another session.
1125 *
1126 * Remove this test to allow maximum flexibility or
1127 * restrict FSETOWN to the current process or process
1128 * group for maximum safety.
1129 */
1130 if (proc->p_session != curthread->td_proc->p_session) {
1131 PROC_UNLOCK(proc);
1132 ret = EPERM;
1133 goto fail;
1134 }
1135
1136 sigio->sio_proc = proc;
1137 SLIST_INSERT_HEAD(&proc->p_sigiolst, sigio, sio_pgsigio);
1138 PROC_UNLOCK(proc);
1139 } else /* if (pgid < 0) */ {
1140 pgrp = pgfind(-pgid);
1141 if (pgrp == NULL) {
1142 ret = ESRCH;
1143 goto fail;
1144 }
1145
1146 /*
1147 * Policy - Don't allow a process to FSETOWN a process
1148 * in another session.
1149 *
1150 * Remove this test to allow maximum flexibility or
1151 * restrict FSETOWN to the current process or process
1152 * group for maximum safety.
1153 */
1154 if (pgrp->pg_session != curthread->td_proc->p_session) {
1155 PGRP_UNLOCK(pgrp);
1156 ret = EPERM;
1157 goto fail;
1158 }
1159
1160 SLIST_INSERT_HEAD(&pgrp->pg_sigiolst, sigio, sio_pgsigio);
1161 sigio->sio_pgrp = pgrp;
1162 PGRP_UNLOCK(pgrp);
1163 }
1164 sx_sunlock(&proctree_lock);
1165 *sigiop = sigio;
1166 SIGIO_UNLOCK();
1167 if (osigio != NULL)
1168 sigiofree(osigio);
1169 return (0);
1170
1171 fail:
1172 SIGIO_UNLOCK();
1173 sx_sunlock(&proctree_lock);
1174 sigiofree(sigio);
1175 if (osigio != NULL)
1176 sigiofree(osigio);
1177 return (ret);
1178 }
1179
1180 /*
1181 * This is common code for FIOGETOWN ioctl called by fcntl(fd, F_GETOWN, arg).
1182 */
1183 pid_t
1184 fgetown(struct sigio **sigiop)
1185 {
1186 pid_t pgid;
1187
1188 SIGIO_LOCK();
1189 pgid = (*sigiop != NULL) ? (*sigiop)->sio_pgid : 0;
1190 SIGIO_UNLOCK();
1191 return (pgid);
1192 }
1193
1194 /*
1195 * Function drops the filedesc lock on return.
1196 */
1197 static int
1198 closefp(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
1199 int holdleaders)
1200 {
1201 int error;
1202
1203 FILEDESC_XLOCK_ASSERT(fdp);
1204
1205 if (holdleaders) {
1206 if (td->td_proc->p_fdtol != NULL) {
1207 /*
1208 * Ask fdfree() to sleep to ensure that all relevant
1209 * process leaders can be traversed in closef().
1210 */
1211 fdp->fd_holdleaderscount++;
1212 } else {
1213 holdleaders = 0;
1214 }
1215 }
1216
1217 /*
1218 * We now hold the fp reference that used to be owned by the
1219 * descriptor array. We have to unlock the FILEDESC *AFTER*
1220 * knote_fdclose to prevent a race of the fd getting opened, a knote
1221 * added, and deleteing a knote for the new fd.
1222 */
1223 knote_fdclose(td, fd);
1224
1225 /*
1226 * We need to notify mqueue if the object is of type mqueue.
1227 */
1228 if (fp->f_type == DTYPE_MQUEUE)
1229 mq_fdclose(td, fd, fp);
1230 FILEDESC_XUNLOCK(fdp);
1231
1232 error = closef(fp, td);
1233
1234 /*
1235 * All paths leading up to closefp() will have already removed or
1236 * replaced the fd in the filedesc table, so a restart would not
1237 * operate on the same file.
1238 */
1239 if (error == ERESTART)
1240 error = EINTR;
1241
1242 if (holdleaders) {
1243 FILEDESC_XLOCK(fdp);
1244 fdp->fd_holdleaderscount--;
1245 if (fdp->fd_holdleaderscount == 0 &&
1246 fdp->fd_holdleaderswakeup != 0) {
1247 fdp->fd_holdleaderswakeup = 0;
1248 wakeup(&fdp->fd_holdleaderscount);
1249 }
1250 FILEDESC_XUNLOCK(fdp);
1251 }
1252 return (error);
1253 }
1254
1255 /*
1256 * Close a file descriptor.
1257 */
1258 #ifndef _SYS_SYSPROTO_H_
1259 struct close_args {
1260 int fd;
1261 };
1262 #endif
1263 /* ARGSUSED */
1264 int
1265 sys_close(struct thread *td, struct close_args *uap)
1266 {
1267
1268 return (kern_close(td, uap->fd));
1269 }
1270
1271 int
1272 kern_close(struct thread *td, int fd)
1273 {
1274 struct filedesc *fdp;
1275 struct file *fp;
1276
1277 fdp = td->td_proc->p_fd;
1278
1279 AUDIT_SYSCLOSE(td, fd);
1280
1281 FILEDESC_XLOCK(fdp);
1282 if ((fp = fget_locked(fdp, fd)) == NULL) {
1283 FILEDESC_XUNLOCK(fdp);
1284 return (EBADF);
1285 }
1286 fdfree(fdp, fd);
1287
1288 /* closefp() drops the FILEDESC lock for us. */
1289 return (closefp(fdp, fd, fp, td, 1));
1290 }
1291
1292 int
1293 kern_close_range(struct thread *td, u_int lowfd, u_int highfd)
1294 {
1295 struct filedesc *fdp;
1296 int fd, ret;
1297
1298 ret = 0;
1299 fdp = td->td_proc->p_fd;
1300 FILEDESC_SLOCK(fdp);
1301
1302 /*
1303 * Check this prior to clamping; closefrom(3) with only fd 0, 1, and 2
1304 * open should not be a usage error. From a close_range() perspective,
1305 * close_range(3, ~0U, 0) in the same scenario should also likely not
1306 * be a usage error as all fd above 3 are in-fact already closed.
1307 */
1308 if (highfd < lowfd) {
1309 ret = EINVAL;
1310 goto out;
1311 }
1312
1313 /*
1314 * If fdp->fd_lastfile == -1, we're dealing with either a fresh file
1315 * table or one in which every fd has been closed. Just return
1316 * successful; there's nothing left to do.
1317 */
1318 if (fdp->fd_lastfile == -1)
1319 goto out;
1320 /* Clamped to [lowfd, fd_lastfile] */
1321 highfd = MIN(highfd, fdp->fd_lastfile);
1322 for (fd = lowfd; fd <= highfd; fd++) {
1323 if (fdp->fd_ofiles[fd].fde_file != NULL) {
1324 FILEDESC_SUNLOCK(fdp);
1325 (void)kern_close(td, fd);
1326 FILEDESC_SLOCK(fdp);
1327 }
1328 }
1329 out:
1330 FILEDESC_SUNLOCK(fdp);
1331 return (ret);
1332 }
1333
1334 #ifndef _SYS_SYSPROTO_H_
1335 struct close_range_args {
1336 u_int lowfd;
1337 u_int highfd;
1338 int flags;
1339 };
1340 #endif
1341 int
1342 sys_close_range(struct thread *td, struct close_range_args *uap)
1343 {
1344
1345 /* No flags currently defined */
1346 if (uap->flags != 0)
1347 return (EINVAL);
1348 return (kern_close_range(td, uap->lowfd, uap->highfd));
1349 }
1350
1351 /*
1352 * Close open file descriptors.
1353 */
1354 #ifndef _SYS_SYSPROTO_H_
1355 struct closefrom_args {
1356 int lowfd;
1357 };
1358 #endif
1359 /* ARGSUSED */
1360 int
1361 sys_closefrom(struct thread *td, struct closefrom_args *uap)
1362 {
1363 u_int lowfd;
1364
1365 AUDIT_ARG_FD(uap->lowfd);
1366
1367 /*
1368 * Treat negative starting file descriptor values identical to
1369 * closefrom(0) which closes all files.
1370 */
1371 lowfd = MAX(0, uap->lowfd);
1372 return (kern_close_range(td, lowfd, ~0U));
1373 }
1374
1375 #if defined(COMPAT_43)
1376 /*
1377 * Return status information about a file descriptor.
1378 */
1379 #ifndef _SYS_SYSPROTO_H_
1380 struct ofstat_args {
1381 int fd;
1382 struct ostat *sb;
1383 };
1384 #endif
1385 /* ARGSUSED */
1386 int
1387 ofstat(struct thread *td, struct ofstat_args *uap)
1388 {
1389 struct ostat oub;
1390 struct stat ub;
1391 int error;
1392
1393 error = kern_fstat(td, uap->fd, &ub);
1394 if (error == 0) {
1395 cvtstat(&ub, &oub);
1396 error = copyout(&oub, uap->sb, sizeof(oub));
1397 }
1398 return (error);
1399 }
1400 #endif /* COMPAT_43 */
1401
1402 #if defined(COMPAT_FREEBSD11)
1403 int
1404 freebsd11_fstat(struct thread *td, struct freebsd11_fstat_args *uap)
1405 {
1406 struct stat sb;
1407 struct freebsd11_stat osb;
1408 int error;
1409
1410 error = kern_fstat(td, uap->fd, &sb);
1411 if (error != 0)
1412 return (error);
1413 error = freebsd11_cvtstat(&sb, &osb);
1414 if (error == 0)
1415 error = copyout(&osb, uap->sb, sizeof(osb));
1416 return (error);
1417 }
1418 #endif /* COMPAT_FREEBSD11 */
1419
1420 /*
1421 * Return status information about a file descriptor.
1422 */
1423 #ifndef _SYS_SYSPROTO_H_
1424 struct fstat_args {
1425 int fd;
1426 struct stat *sb;
1427 };
1428 #endif
1429 /* ARGSUSED */
1430 int
1431 sys_fstat(struct thread *td, struct fstat_args *uap)
1432 {
1433 struct stat ub;
1434 int error;
1435
1436 error = kern_fstat(td, uap->fd, &ub);
1437 if (error == 0)
1438 error = copyout(&ub, uap->sb, sizeof(ub));
1439 return (error);
1440 }
1441
1442 int
1443 kern_fstat(struct thread *td, int fd, struct stat *sbp)
1444 {
1445 struct file *fp;
1446 int error;
1447
1448 AUDIT_ARG_FD(fd);
1449
1450 error = fget(td, fd, &cap_fstat_rights, &fp);
1451 if (error != 0)
1452 return (error);
1453
1454 AUDIT_ARG_FILE(td->td_proc, fp);
1455
1456 error = fo_stat(fp, sbp, td->td_ucred, td);
1457 fdrop(fp, td);
1458 #ifdef __STAT_TIME_T_EXT
1459 if (error == 0) {
1460 sbp->st_atim_ext = 0;
1461 sbp->st_mtim_ext = 0;
1462 sbp->st_ctim_ext = 0;
1463 sbp->st_btim_ext = 0;
1464 }
1465 #endif
1466 #ifdef KTRACE
1467 if (error == 0 && KTRPOINT(td, KTR_STRUCT))
1468 ktrstat(sbp);
1469 #endif
1470 return (error);
1471 }
1472
1473 #if defined(COMPAT_FREEBSD11)
1474 /*
1475 * Return status information about a file descriptor.
1476 */
1477 #ifndef _SYS_SYSPROTO_H_
1478 struct freebsd11_nfstat_args {
1479 int fd;
1480 struct nstat *sb;
1481 };
1482 #endif
1483 /* ARGSUSED */
1484 int
1485 freebsd11_nfstat(struct thread *td, struct freebsd11_nfstat_args *uap)
1486 {
1487 struct nstat nub;
1488 struct stat ub;
1489 int error;
1490
1491 error = kern_fstat(td, uap->fd, &ub);
1492 if (error == 0) {
1493 freebsd11_cvtnstat(&ub, &nub);
1494 error = copyout(&nub, uap->sb, sizeof(nub));
1495 }
1496 return (error);
1497 }
1498 #endif /* COMPAT_FREEBSD11 */
1499
1500 /*
1501 * Return pathconf information about a file descriptor.
1502 */
1503 #ifndef _SYS_SYSPROTO_H_
1504 struct fpathconf_args {
1505 int fd;
1506 int name;
1507 };
1508 #endif
1509 /* ARGSUSED */
1510 int
1511 sys_fpathconf(struct thread *td, struct fpathconf_args *uap)
1512 {
1513 long value;
1514 int error;
1515
1516 error = kern_fpathconf(td, uap->fd, uap->name, &value);
1517 if (error == 0)
1518 td->td_retval[0] = value;
1519 return (error);
1520 }
1521
1522 int
1523 kern_fpathconf(struct thread *td, int fd, int name, long *valuep)
1524 {
1525 struct file *fp;
1526 struct vnode *vp;
1527 int error;
1528
1529 error = fget(td, fd, &cap_fpathconf_rights, &fp);
1530 if (error != 0)
1531 return (error);
1532
1533 if (name == _PC_ASYNC_IO) {
1534 *valuep = _POSIX_ASYNCHRONOUS_IO;
1535 goto out;
1536 }
1537 vp = fp->f_vnode;
1538 if (vp != NULL) {
1539 vn_lock(vp, LK_SHARED | LK_RETRY);
1540 error = VOP_PATHCONF(vp, name, valuep);
1541 VOP_UNLOCK(vp, 0);
1542 } else if (fp->f_type == DTYPE_PIPE || fp->f_type == DTYPE_SOCKET) {
1543 if (name != _PC_PIPE_BUF) {
1544 error = EINVAL;
1545 } else {
1546 *valuep = PIPE_BUF;
1547 error = 0;
1548 }
1549 } else {
1550 error = EOPNOTSUPP;
1551 }
1552 out:
1553 fdrop(fp, td);
1554 return (error);
1555 }
1556
1557 /*
1558 * Initialize filecaps structure.
1559 */
1560 void
1561 filecaps_init(struct filecaps *fcaps)
1562 {
1563
1564 bzero(fcaps, sizeof(*fcaps));
1565 fcaps->fc_nioctls = -1;
1566 }
1567
1568 /*
1569 * Copy filecaps structure allocating memory for ioctls array if needed.
1570 *
1571 * The last parameter indicates whether the fdtable is locked. If it is not and
1572 * ioctls are encountered, copying fails and the caller must lock the table.
1573 *
1574 * Note that if the table was not locked, the caller has to check the relevant
1575 * sequence counter to determine whether the operation was successful.
1576 */
1577 bool
1578 filecaps_copy(const struct filecaps *src, struct filecaps *dst, bool locked)
1579 {
1580 size_t size;
1581
1582 if (src->fc_ioctls != NULL && !locked)
1583 return (false);
1584 memcpy(dst, src, sizeof(*src));
1585 if (src->fc_ioctls == NULL)
1586 return (true);
1587
1588 KASSERT(src->fc_nioctls > 0,
1589 ("fc_ioctls != NULL, but fc_nioctls=%hd", src->fc_nioctls));
1590
1591 size = sizeof(src->fc_ioctls[0]) * src->fc_nioctls;
1592 dst->fc_ioctls = malloc(size, M_FILECAPS, M_WAITOK);
1593 memcpy(dst->fc_ioctls, src->fc_ioctls, size);
1594 return (true);
1595 }
1596
1597 static u_long *
1598 filecaps_copy_prep(const struct filecaps *src)
1599 {
1600 u_long *ioctls;
1601 size_t size;
1602
1603 if (src->fc_ioctls == NULL)
1604 return (NULL);
1605
1606 KASSERT(src->fc_nioctls > 0,
1607 ("fc_ioctls != NULL, but fc_nioctls=%hd", src->fc_nioctls));
1608
1609 size = sizeof(src->fc_ioctls[0]) * src->fc_nioctls;
1610 ioctls = malloc(size, M_FILECAPS, M_WAITOK);
1611 return (ioctls);
1612 }
1613
1614 static void
1615 filecaps_copy_finish(const struct filecaps *src, struct filecaps *dst,
1616 u_long *ioctls)
1617 {
1618 size_t size;
1619
1620 *dst = *src;
1621 if (src->fc_ioctls == NULL) {
1622 MPASS(ioctls == NULL);
1623 return;
1624 }
1625
1626 size = sizeof(src->fc_ioctls[0]) * src->fc_nioctls;
1627 dst->fc_ioctls = ioctls;
1628 bcopy(src->fc_ioctls, dst->fc_ioctls, size);
1629 }
1630
1631 /*
1632 * Move filecaps structure to the new place and clear the old place.
1633 */
1634 void
1635 filecaps_move(struct filecaps *src, struct filecaps *dst)
1636 {
1637
1638 *dst = *src;
1639 bzero(src, sizeof(*src));
1640 }
1641
1642 /*
1643 * Fill the given filecaps structure with full rights.
1644 */
1645 static void
1646 filecaps_fill(struct filecaps *fcaps)
1647 {
1648
1649 CAP_ALL(&fcaps->fc_rights);
1650 fcaps->fc_ioctls = NULL;
1651 fcaps->fc_nioctls = -1;
1652 fcaps->fc_fcntls = CAP_FCNTL_ALL;
1653 }
1654
1655 /*
1656 * Free memory allocated within filecaps structure.
1657 */
1658 void
1659 filecaps_free(struct filecaps *fcaps)
1660 {
1661
1662 free(fcaps->fc_ioctls, M_FILECAPS);
1663 bzero(fcaps, sizeof(*fcaps));
1664 }
1665
1666 static u_long *
1667 filecaps_free_prep(struct filecaps *fcaps)
1668 {
1669 u_long *ioctls;
1670
1671 ioctls = fcaps->fc_ioctls;
1672 bzero(fcaps, sizeof(*fcaps));
1673 return (ioctls);
1674 }
1675
1676 static void
1677 filecaps_free_finish(u_long *ioctls)
1678 {
1679
1680 free(ioctls, M_FILECAPS);
1681 }
1682
1683 /*
1684 * Validate the given filecaps structure.
1685 */
1686 static void
1687 filecaps_validate(const struct filecaps *fcaps, const char *func)
1688 {
1689
1690 KASSERT(cap_rights_is_valid(&fcaps->fc_rights),
1691 ("%s: invalid rights", func));
1692 KASSERT((fcaps->fc_fcntls & ~CAP_FCNTL_ALL) == 0,
1693 ("%s: invalid fcntls", func));
1694 KASSERT(fcaps->fc_fcntls == 0 ||
1695 cap_rights_is_set(&fcaps->fc_rights, CAP_FCNTL),
1696 ("%s: fcntls without CAP_FCNTL", func));
1697 KASSERT(fcaps->fc_ioctls != NULL ? fcaps->fc_nioctls > 0 :
1698 (fcaps->fc_nioctls == -1 || fcaps->fc_nioctls == 0),
1699 ("%s: invalid ioctls", func));
1700 KASSERT(fcaps->fc_nioctls == 0 ||
1701 cap_rights_is_set(&fcaps->fc_rights, CAP_IOCTL),
1702 ("%s: ioctls without CAP_IOCTL", func));
1703 }
1704
1705 static void
1706 fdgrowtable_exp(struct filedesc *fdp, int nfd)
1707 {
1708 int nfd1;
1709
1710 FILEDESC_XLOCK_ASSERT(fdp);
1711
1712 nfd1 = fdp->fd_nfiles * 2;
1713 if (nfd1 < nfd)
1714 nfd1 = nfd;
1715 fdgrowtable(fdp, nfd1);
1716 }
1717
1718 /*
1719 * Grow the file table to accommodate (at least) nfd descriptors.
1720 */
1721 static void
1722 fdgrowtable(struct filedesc *fdp, int nfd)
1723 {
1724 struct filedesc0 *fdp0;
1725 struct freetable *ft;
1726 struct fdescenttbl *ntable;
1727 struct fdescenttbl *otable;
1728 int nnfiles, onfiles;
1729 NDSLOTTYPE *nmap, *omap;
1730
1731 /*
1732 * If lastfile is -1 this struct filedesc was just allocated and we are
1733 * growing it to accommodate for the one we are going to copy from. There
1734 * is no need to have a lock on this one as it's not visible to anyone.
1735 */
1736 if (fdp->fd_lastfile != -1)
1737 FILEDESC_XLOCK_ASSERT(fdp);
1738
1739 KASSERT(fdp->fd_nfiles > 0, ("zero-length file table"));
1740
1741 /* save old values */
1742 onfiles = fdp->fd_nfiles;
1743 otable = fdp->fd_files;
1744 omap = fdp->fd_map;
1745
1746 /* compute the size of the new table */
1747 nnfiles = NDSLOTS(nfd) * NDENTRIES; /* round up */
1748 if (nnfiles <= onfiles)
1749 /* the table is already large enough */
1750 return;
1751
1752 /*
1753 * Allocate a new table. We need enough space for the number of
1754 * entries, file entries themselves and the struct freetable we will use
1755 * when we decommission the table and place it on the freelist.
1756 * We place the struct freetable in the middle so we don't have
1757 * to worry about padding.
1758 */
1759 ntable = malloc(offsetof(struct fdescenttbl, fdt_ofiles) +
1760 nnfiles * sizeof(ntable->fdt_ofiles[0]) +
1761 sizeof(struct freetable),
1762 M_FILEDESC, M_ZERO | M_WAITOK);
1763 /* copy the old data */
1764 ntable->fdt_nfiles = nnfiles;
1765 memcpy(ntable->fdt_ofiles, otable->fdt_ofiles,
1766 onfiles * sizeof(ntable->fdt_ofiles[0]));
1767
1768 /*
1769 * Allocate a new map only if the old is not large enough. It will
1770 * grow at a slower rate than the table as it can map more
1771 * entries than the table can hold.
1772 */
1773 if (NDSLOTS(nnfiles) > NDSLOTS(onfiles)) {
1774 nmap = malloc(NDSLOTS(nnfiles) * NDSLOTSIZE, M_FILEDESC,
1775 M_ZERO | M_WAITOK);
1776 /* copy over the old data and update the pointer */
1777 memcpy(nmap, omap, NDSLOTS(onfiles) * sizeof(*omap));
1778 fdp->fd_map = nmap;
1779 }
1780
1781 /*
1782 * Make sure that ntable is correctly initialized before we replace
1783 * fd_files poiner. Otherwise fget_unlocked() may see inconsistent
1784 * data.
1785 */
1786 atomic_store_rel_ptr((volatile void *)&fdp->fd_files, (uintptr_t)ntable);
1787
1788 /*
1789 * Do not free the old file table, as some threads may still
1790 * reference entries within it. Instead, place it on a freelist
1791 * which will be processed when the struct filedesc is released.
1792 *
1793 * Note that if onfiles == NDFILE, we're dealing with the original
1794 * static allocation contained within (struct filedesc0 *)fdp,
1795 * which must not be freed.
1796 */
1797 if (onfiles > NDFILE) {
1798 ft = (struct freetable *)&otable->fdt_ofiles[onfiles];
1799 fdp0 = (struct filedesc0 *)fdp;
1800 ft->ft_table = otable;
1801 SLIST_INSERT_HEAD(&fdp0->fd_free, ft, ft_next);
1802 }
1803 /*
1804 * The map does not have the same possibility of threads still
1805 * holding references to it. So always free it as long as it
1806 * does not reference the original static allocation.
1807 */
1808 if (NDSLOTS(onfiles) > NDSLOTS(NDFILE))
1809 free(omap, M_FILEDESC);
1810 }
1811
1812 /*
1813 * Allocate a file descriptor for the process.
1814 */
1815 int
1816 fdalloc(struct thread *td, int minfd, int *result)
1817 {
1818 struct proc *p = td->td_proc;
1819 struct filedesc *fdp = p->p_fd;
1820 int fd, maxfd, allocfd;
1821 #ifdef RACCT
1822 int error;
1823 #endif
1824
1825 FILEDESC_XLOCK_ASSERT(fdp);
1826
1827 if (fdp->fd_freefile > minfd)
1828 minfd = fdp->fd_freefile;
1829
1830 maxfd = getmaxfd(td);
1831
1832 /*
1833 * Search the bitmap for a free descriptor starting at minfd.
1834 * If none is found, grow the file table.
1835 */
1836 fd = fd_first_free(fdp, minfd, fdp->fd_nfiles);
1837 if (fd >= maxfd)
1838 return (EMFILE);
1839 if (fd >= fdp->fd_nfiles) {
1840 allocfd = min(fd * 2, maxfd);
1841 #ifdef RACCT
1842 if (racct_enable) {
1843 PROC_LOCK(p);
1844 error = racct_set(p, RACCT_NOFILE, allocfd);
1845 PROC_UNLOCK(p);
1846 if (error != 0)
1847 return (EMFILE);
1848 }
1849 #endif
1850 /*
1851 * fd is already equal to first free descriptor >= minfd, so
1852 * we only need to grow the table and we are done.
1853 */
1854 fdgrowtable_exp(fdp, allocfd);
1855 }
1856
1857 /*
1858 * Perform some sanity checks, then mark the file descriptor as
1859 * used and return it to the caller.
1860 */
1861 KASSERT(fd >= 0 && fd < min(maxfd, fdp->fd_nfiles),
1862 ("invalid descriptor %d", fd));
1863 KASSERT(!fdisused(fdp, fd),
1864 ("fd_first_free() returned non-free descriptor"));
1865 KASSERT(fdp->fd_ofiles[fd].fde_file == NULL,
1866 ("file descriptor isn't free"));
1867 fdused(fdp, fd);
1868 *result = fd;
1869 return (0);
1870 }
1871
1872 /*
1873 * Allocate n file descriptors for the process.
1874 */
1875 int
1876 fdallocn(struct thread *td, int minfd, int *fds, int n)
1877 {
1878 struct proc *p = td->td_proc;
1879 struct filedesc *fdp = p->p_fd;
1880 int i;
1881
1882 FILEDESC_XLOCK_ASSERT(fdp);
1883
1884 for (i = 0; i < n; i++)
1885 if (fdalloc(td, 0, &fds[i]) != 0)
1886 break;
1887
1888 if (i < n) {
1889 for (i--; i >= 0; i--)
1890 fdunused(fdp, fds[i]);
1891 return (EMFILE);
1892 }
1893
1894 return (0);
1895 }
1896
1897 /*
1898 * Create a new open file structure and allocate a file descriptor for the
1899 * process that refers to it. We add one reference to the file for the
1900 * descriptor table and one reference for resultfp. This is to prevent us
1901 * being preempted and the entry in the descriptor table closed after we
1902 * release the FILEDESC lock.
1903 */
1904 int
1905 falloc_caps(struct thread *td, struct file **resultfp, int *resultfd, int flags,
1906 struct filecaps *fcaps)
1907 {
1908 struct file *fp;
1909 int error, fd;
1910
1911 error = falloc_noinstall(td, &fp);
1912 if (error)
1913 return (error); /* no reference held on error */
1914
1915 error = finstall(td, fp, &fd, flags, fcaps);
1916 if (error) {
1917 fdrop(fp, td); /* one reference (fp only) */
1918 return (error);
1919 }
1920
1921 if (resultfp != NULL)
1922 *resultfp = fp; /* copy out result */
1923 else
1924 fdrop(fp, td); /* release local reference */
1925
1926 if (resultfd != NULL)
1927 *resultfd = fd;
1928
1929 return (0);
1930 }
1931
1932 /*
1933 * Create a new open file structure without allocating a file descriptor.
1934 */
1935 int
1936 falloc_noinstall(struct thread *td, struct file **resultfp)
1937 {
1938 struct file *fp;
1939 int maxuserfiles = maxfiles - (maxfiles / 20);
1940 int openfiles_new;
1941 static struct timeval lastfail;
1942 static int curfail;
1943
1944 KASSERT(resultfp != NULL, ("%s: resultfp == NULL", __func__));
1945
1946 openfiles_new = atomic_fetchadd_int(&openfiles, 1) + 1;
1947 if ((openfiles_new >= maxuserfiles &&
1948 priv_check(td, PRIV_MAXFILES) != 0) ||
1949 openfiles_new >= maxfiles) {
1950 atomic_subtract_int(&openfiles, 1);
1951 if (ppsratecheck(&lastfail, &curfail, 1)) {
1952 printf("kern.maxfiles limit exceeded by uid %i, (%s) "
1953 "please see tuning(7).\n", td->td_ucred->cr_ruid, td->td_proc->p_comm);
1954 }
1955 return (ENFILE);
1956 }
1957 fp = uma_zalloc(file_zone, M_WAITOK);
1958 bzero(fp, sizeof(*fp));
1959 refcount_init(&fp->f_count, 1);
1960 fp->f_cred = crhold(td->td_ucred);
1961 fp->f_ops = &badfileops;
1962 *resultfp = fp;
1963 return (0);
1964 }
1965
1966 /*
1967 * Install a file in a file descriptor table.
1968 */
1969 void
1970 _finstall(struct filedesc *fdp, struct file *fp, int fd, int flags,
1971 struct filecaps *fcaps)
1972 {
1973 struct filedescent *fde;
1974
1975 MPASS(fp != NULL);
1976 if (fcaps != NULL)
1977 filecaps_validate(fcaps, __func__);
1978 FILEDESC_XLOCK_ASSERT(fdp);
1979
1980 fde = &fdp->fd_ofiles[fd];
1981 #ifdef CAPABILITIES
1982 seq_write_begin(&fde->fde_seq);
1983 #endif
1984 fde->fde_file = fp;
1985 fde->fde_flags = (flags & O_CLOEXEC) != 0 ? UF_EXCLOSE : 0;
1986 if (fcaps != NULL)
1987 filecaps_move(fcaps, &fde->fde_caps);
1988 else
1989 filecaps_fill(&fde->fde_caps);
1990 #ifdef CAPABILITIES
1991 seq_write_end(&fde->fde_seq);
1992 #endif
1993 }
1994
1995 int
1996 finstall(struct thread *td, struct file *fp, int *fd, int flags,
1997 struct filecaps *fcaps)
1998 {
1999 struct filedesc *fdp = td->td_proc->p_fd;
2000 int error;
2001
2002 MPASS(fd != NULL);
2003
2004 if (!fhold(fp))
2005 return (EBADF);
2006 FILEDESC_XLOCK(fdp);
2007 if ((error = fdalloc(td, 0, fd))) {
2008 FILEDESC_XUNLOCK(fdp);
2009 fdrop(fp, td);
2010 return (error);
2011 }
2012 _finstall(fdp, fp, *fd, flags, fcaps);
2013 FILEDESC_XUNLOCK(fdp);
2014 return (0);
2015 }
2016
2017 /*
2018 * Build a new filedesc structure from another.
2019 * Copy the current, root, and jail root vnode references.
2020 *
2021 * If fdp is not NULL, return with it shared locked.
2022 */
2023 struct filedesc *
2024 fdinit(struct filedesc *fdp, bool prepfiles)
2025 {
2026 struct filedesc0 *newfdp0;
2027 struct filedesc *newfdp;
2028
2029 newfdp0 = uma_zalloc(filedesc0_zone, M_WAITOK | M_ZERO);
2030 newfdp = &newfdp0->fd_fd;
2031
2032 /* Create the file descriptor table. */
2033 FILEDESC_LOCK_INIT(newfdp);
2034 refcount_init(&newfdp->fd_refcnt, 1);
2035 refcount_init(&newfdp->fd_holdcnt, 1);
2036 newfdp->fd_cmask = CMASK;
2037 newfdp->fd_map = newfdp0->fd_dmap;
2038 newfdp->fd_lastfile = -1;
2039 newfdp->fd_files = (struct fdescenttbl *)&newfdp0->fd_dfiles;
2040 newfdp->fd_files->fdt_nfiles = NDFILE;
2041
2042 if (fdp == NULL)
2043 return (newfdp);
2044
2045 if (prepfiles && fdp->fd_lastfile >= newfdp->fd_nfiles)
2046 fdgrowtable(newfdp, fdp->fd_lastfile + 1);
2047
2048 FILEDESC_SLOCK(fdp);
2049 newfdp->fd_cdir = fdp->fd_cdir;
2050 if (newfdp->fd_cdir)
2051 vrefact(newfdp->fd_cdir);
2052 newfdp->fd_rdir = fdp->fd_rdir;
2053 if (newfdp->fd_rdir)
2054 vrefact(newfdp->fd_rdir);
2055 newfdp->fd_jdir = fdp->fd_jdir;
2056 if (newfdp->fd_jdir)
2057 vrefact(newfdp->fd_jdir);
2058
2059 if (!prepfiles) {
2060 FILEDESC_SUNLOCK(fdp);
2061 } else {
2062 while (fdp->fd_lastfile >= newfdp->fd_nfiles) {
2063 FILEDESC_SUNLOCK(fdp);
2064 fdgrowtable(newfdp, fdp->fd_lastfile + 1);
2065 FILEDESC_SLOCK(fdp);
2066 }
2067 }
2068
2069 return (newfdp);
2070 }
2071
2072 static struct filedesc *
2073 fdhold(struct proc *p)
2074 {
2075 struct filedesc *fdp;
2076
2077 PROC_LOCK_ASSERT(p, MA_OWNED);
2078 fdp = p->p_fd;
2079 if (fdp != NULL)
2080 refcount_acquire(&fdp->fd_holdcnt);
2081 return (fdp);
2082 }
2083
2084 static void
2085 fddrop(struct filedesc *fdp)
2086 {
2087
2088 if (fdp->fd_holdcnt > 1) {
2089 if (refcount_release(&fdp->fd_holdcnt) == 0)
2090 return;
2091 }
2092
2093 FILEDESC_LOCK_DESTROY(fdp);
2094 uma_zfree(filedesc0_zone, fdp);
2095 }
2096
2097 /*
2098 * Share a filedesc structure.
2099 */
2100 struct filedesc *
2101 fdshare(struct filedesc *fdp)
2102 {
2103
2104 refcount_acquire(&fdp->fd_refcnt);
2105 return (fdp);
2106 }
2107
2108 /*
2109 * Unshare a filedesc structure, if necessary by making a copy
2110 */
2111 void
2112 fdunshare(struct thread *td)
2113 {
2114 struct filedesc *tmp;
2115 struct proc *p = td->td_proc;
2116
2117 if (p->p_fd->fd_refcnt == 1)
2118 return;
2119
2120 tmp = fdcopy(p->p_fd);
2121 fdescfree(td);
2122 p->p_fd = tmp;
2123 }
2124
2125 void
2126 fdinstall_remapped(struct thread *td, struct filedesc *fdp)
2127 {
2128
2129 fdescfree(td);
2130 td->td_proc->p_fd = fdp;
2131 }
2132
2133 /*
2134 * Copy a filedesc structure. A NULL pointer in returns a NULL reference,
2135 * this is to ease callers, not catch errors.
2136 */
2137 struct filedesc *
2138 fdcopy(struct filedesc *fdp)
2139 {
2140 struct filedesc *newfdp;
2141 struct filedescent *nfde, *ofde;
2142 int i;
2143
2144 MPASS(fdp != NULL);
2145
2146 newfdp = fdinit(fdp, true);
2147 /* copy all passable descriptors (i.e. not kqueue) */
2148 newfdp->fd_freefile = -1;
2149 for (i = 0; i <= fdp->fd_lastfile; ++i) {
2150 ofde = &fdp->fd_ofiles[i];
2151 if (ofde->fde_file == NULL ||
2152 (ofde->fde_file->f_ops->fo_flags & DFLAG_PASSABLE) == 0 ||
2153 !fhold(ofde->fde_file)) {
2154 if (newfdp->fd_freefile == -1)
2155 newfdp->fd_freefile = i;
2156 continue;
2157 }
2158 nfde = &newfdp->fd_ofiles[i];
2159 *nfde = *ofde;
2160 filecaps_copy(&ofde->fde_caps, &nfde->fde_caps, true);
2161 fdused_init(newfdp, i);
2162 newfdp->fd_lastfile = i;
2163 }
2164 if (newfdp->fd_freefile == -1)
2165 newfdp->fd_freefile = i;
2166 newfdp->fd_cmask = fdp->fd_cmask;
2167 FILEDESC_SUNLOCK(fdp);
2168 return (newfdp);
2169 }
2170
2171 /*
2172 * Copies a filedesc structure, while remapping all file descriptors
2173 * stored inside using a translation table.
2174 *
2175 * File descriptors are copied over to the new file descriptor table,
2176 * regardless of whether the close-on-exec flag is set.
2177 */
2178 int
2179 fdcopy_remapped(struct filedesc *fdp, const int *fds, size_t nfds,
2180 struct filedesc **ret)
2181 {
2182 struct filedesc *newfdp;
2183 struct filedescent *nfde, *ofde;
2184 int error, i;
2185
2186 MPASS(fdp != NULL);
2187
2188 newfdp = fdinit(fdp, true);
2189 if (nfds > fdp->fd_lastfile + 1) {
2190 /* New table cannot be larger than the old one. */
2191 error = E2BIG;
2192 goto bad;
2193 }
2194 /* Copy all passable descriptors (i.e. not kqueue). */
2195 newfdp->fd_freefile = nfds;
2196 for (i = 0; i < nfds; ++i) {
2197 if (fds[i] < 0 || fds[i] > fdp->fd_lastfile) {
2198 /* File descriptor out of bounds. */
2199 error = EBADF;
2200 goto bad;
2201 }
2202 ofde = &fdp->fd_ofiles[fds[i]];
2203 if (ofde->fde_file == NULL) {
2204 /* Unused file descriptor. */
2205 error = EBADF;
2206 goto bad;
2207 }
2208 if ((ofde->fde_file->f_ops->fo_flags & DFLAG_PASSABLE) == 0) {
2209 /* File descriptor cannot be passed. */
2210 error = EINVAL;
2211 goto bad;
2212 }
2213 if (!fhold(nfde->fde_file)) {
2214 error = EBADF;
2215 goto bad;
2216 }
2217 nfde = &newfdp->fd_ofiles[i];
2218 *nfde = *ofde;
2219 filecaps_copy(&ofde->fde_caps, &nfde->fde_caps, true);
2220 fdused_init(newfdp, i);
2221 newfdp->fd_lastfile = i;
2222 }
2223 newfdp->fd_cmask = fdp->fd_cmask;
2224 FILEDESC_SUNLOCK(fdp);
2225 *ret = newfdp;
2226 return (0);
2227 bad:
2228 FILEDESC_SUNLOCK(fdp);
2229 fdescfree_remapped(newfdp);
2230 return (error);
2231 }
2232
2233 /*
2234 * Clear POSIX style locks. This is only used when fdp looses a reference (i.e.
2235 * one of processes using it exits) and the table used to be shared.
2236 */
2237 static void
2238 fdclearlocks(struct thread *td)
2239 {
2240 struct filedesc *fdp;
2241 struct filedesc_to_leader *fdtol;
2242 struct flock lf;
2243 struct file *fp;
2244 struct proc *p;
2245 struct vnode *vp;
2246 int i;
2247
2248 p = td->td_proc;
2249 fdp = p->p_fd;
2250 fdtol = p->p_fdtol;
2251 MPASS(fdtol != NULL);
2252
2253 FILEDESC_XLOCK(fdp);
2254 KASSERT(fdtol->fdl_refcount > 0,
2255 ("filedesc_to_refcount botch: fdl_refcount=%d",
2256 fdtol->fdl_refcount));
2257 if (fdtol->fdl_refcount == 1 &&
2258 (p->p_leader->p_flag & P_ADVLOCK) != 0) {
2259 for (i = 0; i <= fdp->fd_lastfile; i++) {
2260 fp = fdp->fd_ofiles[i].fde_file;
2261 if (fp == NULL || fp->f_type != DTYPE_VNODE ||
2262 !fhold(fp))
2263 continue;
2264 FILEDESC_XUNLOCK(fdp);
2265 lf.l_whence = SEEK_SET;
2266 lf.l_start = 0;
2267 lf.l_len = 0;
2268 lf.l_type = F_UNLCK;
2269 vp = fp->f_vnode;
2270 (void) VOP_ADVLOCK(vp,
2271 (caddr_t)p->p_leader, F_UNLCK,
2272 &lf, F_POSIX);
2273 FILEDESC_XLOCK(fdp);
2274 fdrop(fp, td);
2275 }
2276 }
2277 retry:
2278 if (fdtol->fdl_refcount == 1) {
2279 if (fdp->fd_holdleaderscount > 0 &&
2280 (p->p_leader->p_flag & P_ADVLOCK) != 0) {
2281 /*
2282 * close() or kern_dup() has cleared a reference
2283 * in a shared file descriptor table.
2284 */
2285 fdp->fd_holdleaderswakeup = 1;
2286 sx_sleep(&fdp->fd_holdleaderscount,
2287 FILEDESC_LOCK(fdp), PLOCK, "fdlhold", 0);
2288 goto retry;
2289 }
2290 if (fdtol->fdl_holdcount > 0) {
2291 /*
2292 * Ensure that fdtol->fdl_leader remains
2293 * valid in closef().
2294 */
2295 fdtol->fdl_wakeup = 1;
2296 sx_sleep(fdtol, FILEDESC_LOCK(fdp), PLOCK,
2297 "fdlhold", 0);
2298 goto retry;
2299 }
2300 }
2301 fdtol->fdl_refcount--;
2302 if (fdtol->fdl_refcount == 0 &&
2303 fdtol->fdl_holdcount == 0) {
2304 fdtol->fdl_next->fdl_prev = fdtol->fdl_prev;
2305 fdtol->fdl_prev->fdl_next = fdtol->fdl_next;
2306 } else
2307 fdtol = NULL;
2308 p->p_fdtol = NULL;
2309 FILEDESC_XUNLOCK(fdp);
2310 if (fdtol != NULL)
2311 free(fdtol, M_FILEDESC_TO_LEADER);
2312 }
2313
2314 /*
2315 * Release a filedesc structure.
2316 */
2317 static void
2318 fdescfree_fds(struct thread *td, struct filedesc *fdp, bool needclose)
2319 {
2320 struct filedesc0 *fdp0;
2321 struct freetable *ft, *tft;
2322 struct filedescent *fde;
2323 struct file *fp;
2324 int i;
2325
2326 for (i = 0; i <= fdp->fd_lastfile; i++) {
2327 fde = &fdp->fd_ofiles[i];
2328 fp = fde->fde_file;
2329 if (fp != NULL) {
2330 fdefree_last(fde);
2331 if (needclose)
2332 (void) closef(fp, td);
2333 else
2334 fdrop(fp, td);
2335 }
2336 }
2337
2338 if (NDSLOTS(fdp->fd_nfiles) > NDSLOTS(NDFILE))
2339 free(fdp->fd_map, M_FILEDESC);
2340 if (fdp->fd_nfiles > NDFILE)
2341 free(fdp->fd_files, M_FILEDESC);
2342
2343 fdp0 = (struct filedesc0 *)fdp;
2344 SLIST_FOREACH_SAFE(ft, &fdp0->fd_free, ft_next, tft)
2345 free(ft->ft_table, M_FILEDESC);
2346
2347 fddrop(fdp);
2348 }
2349
2350 void
2351 fdescfree(struct thread *td)
2352 {
2353 struct proc *p;
2354 struct filedesc *fdp;
2355 struct vnode *cdir, *jdir, *rdir;
2356
2357 p = td->td_proc;
2358 fdp = p->p_fd;
2359 MPASS(fdp != NULL);
2360
2361 #ifdef RACCT
2362 if (racct_enable) {
2363 PROC_LOCK(p);
2364 racct_set(p, RACCT_NOFILE, 0);
2365 PROC_UNLOCK(p);
2366 }
2367 #endif
2368
2369 if (p->p_fdtol != NULL)
2370 fdclearlocks(td);
2371
2372 PROC_LOCK(p);
2373 p->p_fd = NULL;
2374 PROC_UNLOCK(p);
2375
2376 if (refcount_release(&fdp->fd_refcnt) == 0)
2377 return;
2378
2379 FILEDESC_XLOCK(fdp);
2380 cdir = fdp->fd_cdir;
2381 fdp->fd_cdir = NULL;
2382 rdir = fdp->fd_rdir;
2383 fdp->fd_rdir = NULL;
2384 jdir = fdp->fd_jdir;
2385 fdp->fd_jdir = NULL;
2386 FILEDESC_XUNLOCK(fdp);
2387
2388 if (cdir != NULL)
2389 vrele(cdir);
2390 if (rdir != NULL)
2391 vrele(rdir);
2392 if (jdir != NULL)
2393 vrele(jdir);
2394
2395 fdescfree_fds(td, fdp, 1);
2396 }
2397
2398 void
2399 fdescfree_remapped(struct filedesc *fdp)
2400 {
2401
2402 if (fdp->fd_cdir != NULL)
2403 vrele(fdp->fd_cdir);
2404 if (fdp->fd_rdir != NULL)
2405 vrele(fdp->fd_rdir);
2406 if (fdp->fd_jdir != NULL)
2407 vrele(fdp->fd_jdir);
2408
2409 fdescfree_fds(curthread, fdp, 0);
2410 }
2411
2412 /*
2413 * For setugid programs, we don't want to people to use that setugidness
2414 * to generate error messages which write to a file which otherwise would
2415 * otherwise be off-limits to the process. We check for filesystems where
2416 * the vnode can change out from under us after execve (like [lin]procfs).
2417 *
2418 * Since fdsetugidsafety calls this only for fd 0, 1 and 2, this check is
2419 * sufficient. We also don't check for setugidness since we know we are.
2420 */
2421 static bool
2422 is_unsafe(struct file *fp)
2423 {
2424 struct vnode *vp;
2425
2426 if (fp->f_type != DTYPE_VNODE)
2427 return (false);
2428
2429 vp = fp->f_vnode;
2430 return ((vp->v_vflag & VV_PROCDEP) != 0);
2431 }
2432
2433 /*
2434 * Make this setguid thing safe, if at all possible.
2435 */
2436 void
2437 fdsetugidsafety(struct thread *td)
2438 {
2439 struct filedesc *fdp;
2440 struct file *fp;
2441 int i;
2442
2443 fdp = td->td_proc->p_fd;
2444 KASSERT(fdp->fd_refcnt == 1, ("the fdtable should not be shared"));
2445 MPASS(fdp->fd_nfiles >= 3);
2446 for (i = 0; i <= 2; i++) {
2447 fp = fdp->fd_ofiles[i].fde_file;
2448 if (fp != NULL && is_unsafe(fp)) {
2449 FILEDESC_XLOCK(fdp);
2450 knote_fdclose(td, i);
2451 /*
2452 * NULL-out descriptor prior to close to avoid
2453 * a race while close blocks.
2454 */
2455 fdfree(fdp, i);
2456 FILEDESC_XUNLOCK(fdp);
2457 (void) closef(fp, td);
2458 }
2459 }
2460 }
2461
2462 /*
2463 * If a specific file object occupies a specific file descriptor, close the
2464 * file descriptor entry and drop a reference on the file object. This is a
2465 * convenience function to handle a subsequent error in a function that calls
2466 * falloc() that handles the race that another thread might have closed the
2467 * file descriptor out from under the thread creating the file object.
2468 */
2469 void
2470 fdclose(struct thread *td, struct file *fp, int idx)
2471 {
2472 struct filedesc *fdp = td->td_proc->p_fd;
2473
2474 FILEDESC_XLOCK(fdp);
2475 if (fdp->fd_ofiles[idx].fde_file == fp) {
2476 fdfree(fdp, idx);
2477 FILEDESC_XUNLOCK(fdp);
2478 fdrop(fp, td);
2479 } else
2480 FILEDESC_XUNLOCK(fdp);
2481 }
2482
2483 /*
2484 * Close any files on exec?
2485 */
2486 void
2487 fdcloseexec(struct thread *td)
2488 {
2489 struct filedesc *fdp;
2490 struct filedescent *fde;
2491 struct file *fp;
2492 int i;
2493
2494 fdp = td->td_proc->p_fd;
2495 KASSERT(fdp->fd_refcnt == 1, ("the fdtable should not be shared"));
2496 for (i = 0; i <= fdp->fd_lastfile; i++) {
2497 fde = &fdp->fd_ofiles[i];
2498 fp = fde->fde_file;
2499 if (fp != NULL && (fp->f_type == DTYPE_MQUEUE ||
2500 (fde->fde_flags & UF_EXCLOSE))) {
2501 FILEDESC_XLOCK(fdp);
2502 fdfree(fdp, i);
2503 (void) closefp(fdp, i, fp, td, 0);
2504 FILEDESC_UNLOCK_ASSERT(fdp);
2505 }
2506 }
2507 }
2508
2509 /*
2510 * It is unsafe for set[ug]id processes to be started with file
2511 * descriptors 0..2 closed, as these descriptors are given implicit
2512 * significance in the Standard C library. fdcheckstd() will create a
2513 * descriptor referencing /dev/null for each of stdin, stdout, and
2514 * stderr that is not already open.
2515 */
2516 int
2517 fdcheckstd(struct thread *td)
2518 {
2519 struct filedesc *fdp;
2520 register_t save;
2521 int i, error, devnull;
2522
2523 fdp = td->td_proc->p_fd;
2524 KASSERT(fdp->fd_refcnt == 1, ("the fdtable should not be shared"));
2525 MPASS(fdp->fd_nfiles >= 3);
2526 devnull = -1;
2527 for (i = 0; i <= 2; i++) {
2528 if (fdp->fd_ofiles[i].fde_file != NULL)
2529 continue;
2530
2531 save = td->td_retval[0];
2532 if (devnull != -1) {
2533 error = kern_dup(td, FDDUP_FIXED, 0, devnull, i);
2534 } else {
2535 error = kern_openat(td, AT_FDCWD, "/dev/null",
2536 UIO_SYSSPACE, O_RDWR, 0);
2537 if (error == 0) {
2538 devnull = td->td_retval[0];
2539 KASSERT(devnull == i, ("we didn't get our fd"));
2540 }
2541 }
2542 td->td_retval[0] = save;
2543 if (error != 0)
2544 return (error);
2545 }
2546 return (0);
2547 }
2548
2549 /*
2550 * Internal form of close. Decrement reference count on file structure.
2551 * Note: td may be NULL when closing a file that was being passed in a
2552 * message.
2553 */
2554 int
2555 closef(struct file *fp, struct thread *td)
2556 {
2557 struct vnode *vp;
2558 struct flock lf;
2559 struct filedesc_to_leader *fdtol;
2560 struct filedesc *fdp;
2561
2562 /*
2563 * POSIX record locking dictates that any close releases ALL
2564 * locks owned by this process. This is handled by setting
2565 * a flag in the unlock to free ONLY locks obeying POSIX
2566 * semantics, and not to free BSD-style file locks.
2567 * If the descriptor was in a message, POSIX-style locks
2568 * aren't passed with the descriptor, and the thread pointer
2569 * will be NULL. Callers should be careful only to pass a
2570 * NULL thread pointer when there really is no owning
2571 * context that might have locks, or the locks will be
2572 * leaked.
2573 */
2574 if (fp->f_type == DTYPE_VNODE && td != NULL) {
2575 vp = fp->f_vnode;
2576 if ((td->td_proc->p_leader->p_flag & P_ADVLOCK) != 0) {
2577 lf.l_whence = SEEK_SET;
2578 lf.l_start = 0;
2579 lf.l_len = 0;
2580 lf.l_type = F_UNLCK;
2581 (void) VOP_ADVLOCK(vp, (caddr_t)td->td_proc->p_leader,
2582 F_UNLCK, &lf, F_POSIX);
2583 }
2584 fdtol = td->td_proc->p_fdtol;
2585 if (fdtol != NULL) {
2586 /*
2587 * Handle special case where file descriptor table is
2588 * shared between multiple process leaders.
2589 */
2590 fdp = td->td_proc->p_fd;
2591 FILEDESC_XLOCK(fdp);
2592 for (fdtol = fdtol->fdl_next;
2593 fdtol != td->td_proc->p_fdtol;
2594 fdtol = fdtol->fdl_next) {
2595 if ((fdtol->fdl_leader->p_flag &
2596 P_ADVLOCK) == 0)
2597 continue;
2598 fdtol->fdl_holdcount++;
2599 FILEDESC_XUNLOCK(fdp);
2600 lf.l_whence = SEEK_SET;
2601 lf.l_start = 0;
2602 lf.l_len = 0;
2603 lf.l_type = F_UNLCK;
2604 vp = fp->f_vnode;
2605 (void) VOP_ADVLOCK(vp,
2606 (caddr_t)fdtol->fdl_leader, F_UNLCK, &lf,
2607 F_POSIX);
2608 FILEDESC_XLOCK(fdp);
2609 fdtol->fdl_holdcount--;
2610 if (fdtol->fdl_holdcount == 0 &&
2611 fdtol->fdl_wakeup != 0) {
2612 fdtol->fdl_wakeup = 0;
2613 wakeup(fdtol);
2614 }
2615 }
2616 FILEDESC_XUNLOCK(fdp);
2617 }
2618 }
2619 return (fdrop(fp, td));
2620 }
2621
2622 /*
2623 * Initialize the file pointer with the specified properties.
2624 *
2625 * The ops are set with release semantics to be certain that the flags, type,
2626 * and data are visible when ops is. This is to prevent ops methods from being
2627 * called with bad data.
2628 */
2629 void
2630 finit(struct file *fp, u_int flag, short type, void *data, struct fileops *ops)
2631 {
2632 fp->f_data = data;
2633 fp->f_flag = flag;
2634 fp->f_type = type;
2635 atomic_store_rel_ptr((volatile uintptr_t *)&fp->f_ops, (uintptr_t)ops);
2636 }
2637
2638 int
2639 fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
2640 struct file **fpp, struct filecaps *havecapsp)
2641 {
2642 struct filedescent *fde;
2643 int error;
2644
2645 FILEDESC_LOCK_ASSERT(fdp);
2646
2647 fde = fdeget_locked(fdp, fd);
2648 if (fde == NULL) {
2649 error = EBADF;
2650 goto out;
2651 }
2652
2653 #ifdef CAPABILITIES
2654 error = cap_check(cap_rights_fde_inline(fde), needrightsp);
2655 if (error != 0)
2656 goto out;
2657 #endif
2658
2659 if (havecapsp != NULL)
2660 filecaps_copy(&fde->fde_caps, havecapsp, true);
2661
2662 *fpp = fde->fde_file;
2663
2664 error = 0;
2665 out:
2666 return (error);
2667 }
2668
2669 int
2670 fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
2671 struct file **fpp, struct filecaps *havecapsp)
2672 {
2673 struct filedesc *fdp = td->td_proc->p_fd;
2674 int error;
2675 #ifndef CAPABILITIES
2676 error = fget_unlocked(fdp, fd, needrightsp, fpp, NULL);
2677 if (error == 0 && havecapsp != NULL)
2678 filecaps_fill(havecapsp);
2679 #else
2680 struct file *fp;
2681 seq_t seq;
2682
2683 for (;;) {
2684 error = fget_unlocked(fdp, fd, needrightsp, &fp, &seq);
2685 if (error != 0)
2686 return (error);
2687
2688 if (havecapsp != NULL) {
2689 if (!filecaps_copy(&fdp->fd_ofiles[fd].fde_caps,
2690 havecapsp, false)) {
2691 fdrop(fp, td);
2692 goto get_locked;
2693 }
2694 }
2695
2696 if (!fd_modified(fdp, fd, seq))
2697 break;
2698 fdrop(fp, td);
2699 }
2700
2701 *fpp = fp;
2702 return (0);
2703
2704 get_locked:
2705 FILEDESC_SLOCK(fdp);
2706 error = fget_cap_locked(fdp, fd, needrightsp, fpp, havecapsp);
2707 if (error == 0 && !fhold(*fpp))
2708 error = EBADF;
2709 FILEDESC_SUNLOCK(fdp);
2710 #endif
2711 return (error);
2712 }
2713
2714 int
2715 fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
2716 struct file **fpp, seq_t *seqp)
2717 {
2718 #ifdef CAPABILITIES
2719 const struct filedescent *fde;
2720 #endif
2721 const struct fdescenttbl *fdt;
2722 struct file *fp;
2723 u_int count;
2724 #ifdef CAPABILITIES
2725 seq_t seq;
2726 cap_rights_t haverights;
2727 int error;
2728 #endif
2729
2730 fdt = fdp->fd_files;
2731 if ((u_int)fd >= fdt->fdt_nfiles)
2732 return (EBADF);
2733 /*
2734 * Fetch the descriptor locklessly. We avoid fdrop() races by
2735 * never raising a refcount above 0. To accomplish this we have
2736 * to use a cmpset loop rather than an atomic_add. The descriptor
2737 * must be re-verified once we acquire a reference to be certain
2738 * that the identity is still correct and we did not lose a race
2739 * due to preemption.
2740 */
2741 for (;;) {
2742 #ifdef CAPABILITIES
2743 seq = seq_load(fd_seq(fdt, fd));
2744 fde = &fdt->fdt_ofiles[fd];
2745 haverights = *cap_rights_fde_inline(fde);
2746 fp = fde->fde_file;
2747 if (!seq_consistent(fd_seq(fdt, fd), seq))
2748 continue;
2749 #else
2750 fp = fdt->fdt_ofiles[fd].fde_file;
2751 #endif
2752 if (fp == NULL)
2753 return (EBADF);
2754 #ifdef CAPABILITIES
2755 error = cap_check(&haverights, needrightsp);
2756 if (error != 0)
2757 return (error);
2758 #endif
2759 count = fp->f_count;
2760 retry:
2761 if (count == 0) {
2762 /*
2763 * Force a reload. Other thread could reallocate the
2764 * table before this fd was closed, so it possible that
2765 * there is a stale fp pointer in cached version.
2766 */
2767 fdt = *(const struct fdescenttbl * const volatile *)
2768 &(fdp->fd_files);
2769 continue;
2770 }
2771 if (__predict_false(count + 1 < count))
2772 return (EBADF);
2773
2774 /*
2775 * Use an acquire barrier to force re-reading of fdt so it is
2776 * refreshed for verification.
2777 */
2778 if (__predict_false(atomic_fcmpset_acq_int(&fp->f_count,
2779 &count, count + 1) == 0))
2780 goto retry;
2781 fdt = fdp->fd_files;
2782 #ifdef CAPABILITIES
2783 if (seq_consistent_nomb(fd_seq(fdt, fd), seq))
2784 #else
2785 if (fp == fdt->fdt_ofiles[fd].fde_file)
2786 #endif
2787 break;
2788 fdrop(fp, curthread);
2789 }
2790 *fpp = fp;
2791 if (seqp != NULL) {
2792 #ifdef CAPABILITIES
2793 *seqp = seq;
2794 #endif
2795 }
2796 return (0);
2797 }
2798
2799 /*
2800 * Extract the file pointer associated with the specified descriptor for the
2801 * current user process.
2802 *
2803 * If the descriptor doesn't exist or doesn't match 'flags', EBADF is
2804 * returned.
2805 *
2806 * File's rights will be checked against the capability rights mask.
2807 *
2808 * If an error occurred the non-zero error is returned and *fpp is set to
2809 * NULL. Otherwise *fpp is held and set and zero is returned. Caller is
2810 * responsible for fdrop().
2811 */
2812 static __inline int
2813 _fget(struct thread *td, int fd, struct file **fpp, int flags,
2814 cap_rights_t *needrightsp, seq_t *seqp)
2815 {
2816 struct filedesc *fdp;
2817 struct file *fp;
2818 int error;
2819
2820 *fpp = NULL;
2821 fdp = td->td_proc->p_fd;
2822 error = fget_unlocked(fdp, fd, needrightsp, &fp, seqp);
2823 if (error != 0)
2824 return (error);
2825 if (fp->f_ops == &badfileops) {
2826 fdrop(fp, td);
2827 return (EBADF);
2828 }
2829
2830 /*
2831 * FREAD and FWRITE failure return EBADF as per POSIX.
2832 */
2833 error = 0;
2834 switch (flags) {
2835 case FREAD:
2836 case FWRITE:
2837 if ((fp->f_flag & flags) == 0)
2838 error = EBADF;
2839 break;
2840 case FEXEC:
2841 if ((fp->f_flag & (FREAD | FEXEC)) == 0 ||
2842 ((fp->f_flag & FWRITE) != 0))
2843 error = EBADF;
2844 break;
2845 case 0:
2846 break;
2847 default:
2848 KASSERT(0, ("wrong flags"));
2849 }
2850
2851 if (error != 0) {
2852 fdrop(fp, td);
2853 return (error);
2854 }
2855
2856 *fpp = fp;
2857 return (0);
2858 }
2859
2860 int
2861 fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
2862 {
2863
2864 return (_fget(td, fd, fpp, 0, rightsp, NULL));
2865 }
2866
2867 int
2868 fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp, vm_prot_t *maxprotp,
2869 struct file **fpp)
2870 {
2871 int error;
2872 #ifndef CAPABILITIES
2873 error = _fget(td, fd, fpp, 0, rightsp, NULL);
2874 if (maxprotp != NULL)
2875 *maxprotp = VM_PROT_ALL;
2876 #else
2877 cap_rights_t fdrights;
2878 struct filedesc *fdp = td->td_proc->p_fd;
2879 seq_t seq;
2880
2881 MPASS(cap_rights_is_set(rightsp, CAP_MMAP));
2882 for (;;) {
2883 error = _fget(td, fd, fpp, 0, rightsp, &seq);
2884 if (error != 0)
2885 return (error);
2886 if (maxprotp != NULL)
2887 fdrights = *cap_rights(fdp, fd);
2888 if (!fd_modified(fdp, fd, seq))
2889 break;
2890 fdrop(*fpp, td);
2891 }
2892
2893 /*
2894 * If requested, convert capability rights to access flags.
2895 */
2896 if (maxprotp != NULL)
2897 *maxprotp = cap_rights_to_vmprot(&fdrights);
2898 #endif
2899 return (error);
2900 }
2901
2902 int
2903 fget_read(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
2904 {
2905
2906 return (_fget(td, fd, fpp, FREAD, rightsp, NULL));
2907 }
2908
2909 int
2910 fget_write(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
2911 {
2912
2913 return (_fget(td, fd, fpp, FWRITE, rightsp, NULL));
2914 }
2915
2916 int
2917 fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp, int needfcntl,
2918 struct file **fpp)
2919 {
2920 struct filedesc *fdp = td->td_proc->p_fd;
2921 #ifndef CAPABILITIES
2922 return (fget_unlocked(fdp, fd, rightsp, fpp, NULL));
2923 #else
2924 int error;
2925 seq_t seq;
2926
2927 MPASS(cap_rights_is_set(rightsp, CAP_FCNTL));
2928 for (;;) {
2929 error = fget_unlocked(fdp, fd, rightsp, fpp, &seq);
2930 if (error != 0)
2931 return (error);
2932 error = cap_fcntl_check(fdp, fd, needfcntl);
2933 if (!fd_modified(fdp, fd, seq))
2934 break;
2935 fdrop(*fpp, td);
2936 }
2937 if (error != 0) {
2938 fdrop(*fpp, td);
2939 *fpp = NULL;
2940 }
2941 return (error);
2942 #endif
2943 }
2944
2945 /*
2946 * Like fget() but loads the underlying vnode, or returns an error if the
2947 * descriptor does not represent a vnode. Note that pipes use vnodes but
2948 * never have VM objects. The returned vnode will be vref()'d.
2949 *
2950 * XXX: what about the unused flags ?
2951 */
2952 static __inline int
2953 _fgetvp(struct thread *td, int fd, int flags, cap_rights_t *needrightsp,
2954 struct vnode **vpp)
2955 {
2956 struct file *fp;
2957 int error;
2958
2959 *vpp = NULL;
2960 error = _fget(td, fd, &fp, flags, needrightsp, NULL);
2961 if (error != 0)
2962 return (error);
2963 if (fp->f_vnode == NULL) {
2964 error = EINVAL;
2965 } else {
2966 *vpp = fp->f_vnode;
2967 vrefact(*vpp);
2968 }
2969 fdrop(fp, td);
2970
2971 return (error);
2972 }
2973
2974 int
2975 fgetvp(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
2976 {
2977
2978 return (_fgetvp(td, fd, 0, rightsp, vpp));
2979 }
2980
2981 int
2982 fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,
2983 struct filecaps *havecaps, struct vnode **vpp)
2984 {
2985 struct filedesc *fdp;
2986 struct filecaps caps;
2987 struct file *fp;
2988 int error;
2989
2990 fdp = td->td_proc->p_fd;
2991 error = fget_cap_locked(fdp, fd, needrightsp, &fp, &caps);
2992 if (error != 0)
2993 return (error);
2994 if (fp->f_ops == &badfileops) {
2995 error = EBADF;
2996 goto out;
2997 }
2998 if (fp->f_vnode == NULL) {
2999 error = EINVAL;
3000 goto out;
3001 }
3002
3003 *havecaps = caps;
3004 *vpp = fp->f_vnode;
3005 vrefact(*vpp);
3006
3007 return (0);
3008 out:
3009 filecaps_free(&caps);
3010 return (error);
3011 }
3012
3013 int
3014 fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
3015 {
3016
3017 return (_fgetvp(td, fd, FREAD, rightsp, vpp));
3018 }
3019
3020 int
3021 fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
3022 {
3023
3024 return (_fgetvp(td, fd, FEXEC, rightsp, vpp));
3025 }
3026
3027 #ifdef notyet
3028 int
3029 fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,
3030 struct vnode **vpp)
3031 {
3032
3033 return (_fgetvp(td, fd, FWRITE, rightsp, vpp));
3034 }
3035 #endif
3036
3037 /*
3038 * Handle the last reference to a file being closed.
3039 *
3040 * Without the noinline attribute clang keeps inlining the func thorough this
3041 * file when fdrop is used.
3042 */
3043 int __noinline
3044 _fdrop(struct file *fp, struct thread *td)
3045 {
3046 int error;
3047
3048 if (fp->f_count != 0)
3049 panic("fdrop: count %d", fp->f_count);
3050 error = fo_close(fp, td);
3051 atomic_subtract_int(&openfiles, 1);
3052 crfree(fp->f_cred);
3053 free(fp->f_advice, M_FADVISE);
3054 uma_zfree(file_zone, fp);
3055
3056 return (error);
3057 }
3058
3059 /*
3060 * Apply an advisory lock on a file descriptor.
3061 *
3062 * Just attempt to get a record lock of the requested type on the entire file
3063 * (l_whence = SEEK_SET, l_start = 0, l_len = 0).
3064 */
3065 #ifndef _SYS_SYSPROTO_H_
3066 struct flock_args {
3067 int fd;
3068 int how;
3069 };
3070 #endif
3071 /* ARGSUSED */
3072 int
3073 sys_flock(struct thread *td, struct flock_args *uap)
3074 {
3075 struct file *fp;
3076 struct vnode *vp;
3077 struct flock lf;
3078 int error;
3079
3080 error = fget(td, uap->fd, &cap_flock_rights, &fp);
3081 if (error != 0)
3082 return (error);
3083 if (fp->f_type != DTYPE_VNODE) {
3084 fdrop(fp, td);
3085 return (EOPNOTSUPP);
3086 }
3087
3088 vp = fp->f_vnode;
3089 lf.l_whence = SEEK_SET;
3090 lf.l_start = 0;
3091 lf.l_len = 0;
3092 if (uap->how & LOCK_UN) {
3093 lf.l_type = F_UNLCK;
3094 atomic_clear_int(&fp->f_flag, FHASLOCK);
3095 error = VOP_ADVLOCK(vp, (caddr_t)fp, F_UNLCK, &lf, F_FLOCK);
3096 goto done2;
3097 }
3098 if (uap->how & LOCK_EX)
3099 lf.l_type = F_WRLCK;
3100 else if (uap->how & LOCK_SH)
3101 lf.l_type = F_RDLCK;
3102 else {
3103 error = EBADF;
3104 goto done2;
3105 }
3106 atomic_set_int(&fp->f_flag, FHASLOCK);
3107 error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf,
3108 (uap->how & LOCK_NB) ? F_FLOCK : F_FLOCK | F_WAIT);
3109 done2:
3110 fdrop(fp, td);
3111 return (error);
3112 }
3113 /*
3114 * Duplicate the specified descriptor to a free descriptor.
3115 */
3116 int
3117 dupfdopen(struct thread *td, struct filedesc *fdp, int dfd, int mode,
3118 int openerror, int *indxp)
3119 {
3120 struct filedescent *newfde, *oldfde;
3121 struct file *fp;
3122 u_long *ioctls;
3123 int error, indx;
3124
3125 KASSERT(openerror == ENODEV || openerror == ENXIO,
3126 ("unexpected error %d in %s", openerror, __func__));
3127
3128 /*
3129 * If the to-be-dup'd fd number is greater than the allowed number
3130 * of file descriptors, or the fd to be dup'd has already been
3131 * closed, then reject.
3132 */
3133 FILEDESC_XLOCK(fdp);
3134 if ((fp = fget_locked(fdp, dfd)) == NULL) {
3135 FILEDESC_XUNLOCK(fdp);
3136 return (EBADF);
3137 }
3138
3139 error = fdalloc(td, 0, &indx);
3140 if (error != 0) {
3141 FILEDESC_XUNLOCK(fdp);
3142 return (error);
3143 }
3144
3145 /*
3146 * There are two cases of interest here.
3147 *
3148 * For ENODEV simply dup (dfd) to file descriptor (indx) and return.
3149 *
3150 * For ENXIO steal away the file structure from (dfd) and store it in
3151 * (indx). (dfd) is effectively closed by this operation.
3152 */
3153 switch (openerror) {
3154 case ENODEV:
3155 /*
3156 * Check that the mode the file is being opened for is a
3157 * subset of the mode of the existing descriptor.
3158 */
3159 if (((mode & (FREAD|FWRITE)) | fp->f_flag) != fp->f_flag) {
3160 fdunused(fdp, indx);
3161 FILEDESC_XUNLOCK(fdp);
3162 return (EACCES);
3163 }
3164 if (!fhold(fp)) {
3165 fdunused(fdp, indx);
3166 FILEDESC_XUNLOCK(fdp);
3167 return (EBADF);
3168 }
3169 newfde = &fdp->fd_ofiles[indx];
3170 oldfde = &fdp->fd_ofiles[dfd];
3171 ioctls = filecaps_copy_prep(&oldfde->fde_caps);
3172 #ifdef CAPABILITIES
3173 seq_write_begin(&newfde->fde_seq);
3174 #endif
3175 memcpy(newfde, oldfde, fde_change_size);
3176 filecaps_copy_finish(&oldfde->fde_caps, &newfde->fde_caps,
3177 ioctls);
3178 #ifdef CAPABILITIES
3179 seq_write_end(&newfde->fde_seq);
3180 #endif
3181 break;
3182 case ENXIO:
3183 /*
3184 * Steal away the file pointer from dfd and stuff it into indx.
3185 */
3186 newfde = &fdp->fd_ofiles[indx];
3187 oldfde = &fdp->fd_ofiles[dfd];
3188 #ifdef CAPABILITIES
3189 seq_write_begin(&newfde->fde_seq);
3190 #endif
3191 memcpy(newfde, oldfde, fde_change_size);
3192 oldfde->fde_file = NULL;
3193 fdunused(fdp, dfd);
3194 #ifdef CAPABILITIES
3195 seq_write_end(&newfde->fde_seq);
3196 #endif
3197 break;
3198 }
3199 FILEDESC_XUNLOCK(fdp);
3200 *indxp = indx;
3201 return (0);
3202 }
3203
3204 /*
3205 * This sysctl determines if we will allow a process to chroot(2) if it
3206 * has a directory open:
3207 * 0: disallowed for all processes.
3208 * 1: allowed for processes that were not already chroot(2)'ed.
3209 * 2: allowed for all processes.
3210 */
3211
3212 static int chroot_allow_open_directories = 1;
3213
3214 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
3215 &chroot_allow_open_directories, 0,
3216 "Allow a process to chroot(2) if it has a directory open");
3217
3218 /*
3219 * Helper function for raised chroot(2) security function: Refuse if
3220 * any filedescriptors are open directories.
3221 */
3222 static int
3223 chroot_refuse_vdir_fds(struct filedesc *fdp)
3224 {
3225 struct vnode *vp;
3226 struct file *fp;
3227 int fd;
3228
3229 FILEDESC_LOCK_ASSERT(fdp);
3230
3231 for (fd = 0; fd <= fdp->fd_lastfile; fd++) {
3232 fp = fget_locked(fdp, fd);
3233 if (fp == NULL)
3234 continue;
3235 if (fp->f_type == DTYPE_VNODE) {
3236 vp = fp->f_vnode;
3237 if (vp->v_type == VDIR)
3238 return (EPERM);
3239 }
3240 }
3241 return (0);
3242 }
3243
3244 /*
3245 * The caller is responsible for invoking priv_check() and
3246 * mac_vnode_check_chroot() to authorize this operation.
3247 */
3248 int
3249 pwd_chroot(struct thread *td, struct vnode *vp)
3250 {
3251 struct filedesc *fdp;
3252 struct vnode *oldvp;
3253 int error;
3254
3255 fdp = td->td_proc->p_fd;
3256 FILEDESC_XLOCK(fdp);
3257 if (chroot_allow_open_directories == 0 ||
3258 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
3259 error = chroot_refuse_vdir_fds(fdp);
3260 if (error != 0) {
3261 FILEDESC_XUNLOCK(fdp);
3262 return (error);
3263 }
3264 }
3265 oldvp = fdp->fd_rdir;
3266 vrefact(vp);
3267 fdp->fd_rdir = vp;
3268 if (fdp->fd_jdir == NULL) {
3269 vrefact(vp);
3270 fdp->fd_jdir = vp;
3271 }
3272 FILEDESC_XUNLOCK(fdp);
3273 vrele(oldvp);
3274 return (0);
3275 }
3276
3277 void
3278 pwd_chdir(struct thread *td, struct vnode *vp)
3279 {
3280 struct filedesc *fdp;
3281 struct vnode *oldvp;
3282
3283 fdp = td->td_proc->p_fd;
3284 FILEDESC_XLOCK(fdp);
3285 VNASSERT(vp->v_usecount > 0, vp,
3286 ("chdir to a vnode with zero usecount"));
3287 oldvp = fdp->fd_cdir;
3288 fdp->fd_cdir = vp;
3289 FILEDESC_XUNLOCK(fdp);
3290 vrele(oldvp);
3291 }
3292
3293 /*
3294 * jail_attach(2) changes both root and working directories.
3295 */
3296 int
3297 pwd_chroot_chdir(struct thread *td, struct vnode *vp)
3298 {
3299 struct filedesc *fdp;
3300 struct vnode *oldvrp, *oldvcp;
3301 int error;
3302
3303 fdp = td->td_proc->p_fd;
3304 FILEDESC_XLOCK(fdp);
3305 error = chroot_refuse_vdir_fds(fdp);
3306 if (error != 0) {
3307 FILEDESC_XUNLOCK(fdp);
3308 return (error);
3309 }
3310 oldvrp = fdp->fd_rdir;
3311 vrefact(vp);
3312 fdp->fd_rdir = vp;
3313 oldvcp = fdp->fd_cdir;
3314 vrefact(vp);
3315 fdp->fd_cdir = vp;
3316 if (fdp->fd_jdir == NULL) {
3317 vrefact(vp);
3318 fdp->fd_jdir = vp;
3319 }
3320 FILEDESC_XUNLOCK(fdp);
3321 vrele(oldvrp);
3322 vrele(oldvcp);
3323 return (0);
3324 }
3325
3326 /*
3327 * Scan all active processes and prisons to see if any of them have a current
3328 * or root directory of `olddp'. If so, replace them with the new mount point.
3329 */
3330 void
3331 mountcheckdirs(struct vnode *olddp, struct vnode *newdp)
3332 {
3333 struct filedesc *fdp;
3334 struct prison *pr;
3335 struct proc *p;
3336 int nrele;
3337
3338 if (vrefcnt(olddp) == 1)
3339 return;
3340 nrele = 0;
3341 sx_slock(&allproc_lock);
3342 FOREACH_PROC_IN_SYSTEM(p) {
3343 PROC_LOCK(p);
3344 fdp = fdhold(p);
3345 PROC_UNLOCK(p);
3346 if (fdp == NULL)
3347 continue;
3348 FILEDESC_XLOCK(fdp);
3349 if (fdp->fd_cdir == olddp) {
3350 vrefact(newdp);
3351 fdp->fd_cdir = newdp;
3352 nrele++;
3353 }
3354 if (fdp->fd_rdir == olddp) {
3355 vrefact(newdp);
3356 fdp->fd_rdir = newdp;
3357 nrele++;
3358 }
3359 if (fdp->fd_jdir == olddp) {
3360 vrefact(newdp);
3361 fdp->fd_jdir = newdp;
3362 nrele++;
3363 }
3364 FILEDESC_XUNLOCK(fdp);
3365 fddrop(fdp);
3366 }
3367 sx_sunlock(&allproc_lock);
3368 if (rootvnode == olddp) {
3369 vrefact(newdp);
3370 rootvnode = newdp;
3371 nrele++;
3372 }
3373 mtx_lock(&prison0.pr_mtx);
3374 if (prison0.pr_root == olddp) {
3375 vrefact(newdp);
3376 prison0.pr_root = newdp;
3377 nrele++;
3378 }
3379 mtx_unlock(&prison0.pr_mtx);
3380 sx_slock(&allprison_lock);
3381 TAILQ_FOREACH(pr, &allprison, pr_list) {
3382 mtx_lock(&pr->pr_mtx);
3383 if (pr->pr_root == olddp) {
3384 vrefact(newdp);
3385 pr->pr_root = newdp;
3386 nrele++;
3387 }
3388 mtx_unlock(&pr->pr_mtx);
3389 }
3390 sx_sunlock(&allprison_lock);
3391 while (nrele--)
3392 vrele(olddp);
3393 }
3394
3395 struct filedesc_to_leader *
3396 filedesc_to_leader_alloc(struct filedesc_to_leader *old, struct filedesc *fdp, struct proc *leader)
3397 {
3398 struct filedesc_to_leader *fdtol;
3399
3400 fdtol = malloc(sizeof(struct filedesc_to_leader),
3401 M_FILEDESC_TO_LEADER, M_WAITOK);
3402 fdtol->fdl_refcount = 1;
3403 fdtol->fdl_holdcount = 0;
3404 fdtol->fdl_wakeup = 0;
3405 fdtol->fdl_leader = leader;
3406 if (old != NULL) {
3407 FILEDESC_XLOCK(fdp);
3408 fdtol->fdl_next = old->fdl_next;
3409 fdtol->fdl_prev = old;
3410 old->fdl_next = fdtol;
3411 fdtol->fdl_next->fdl_prev = fdtol;
3412 FILEDESC_XUNLOCK(fdp);
3413 } else {
3414 fdtol->fdl_next = fdtol;
3415 fdtol->fdl_prev = fdtol;
3416 }
3417 return (fdtol);
3418 }
3419
3420 static int
3421 sysctl_kern_proc_nfds(SYSCTL_HANDLER_ARGS)
3422 {
3423 struct filedesc *fdp;
3424 int i, count, slots;
3425
3426 if (*(int *)arg1 != 0)
3427 return (EINVAL);
3428
3429 fdp = curproc->p_fd;
3430 count = 0;
3431 FILEDESC_SLOCK(fdp);
3432 slots = NDSLOTS(fdp->fd_lastfile + 1);
3433 for (i = 0; i < slots; i++)
3434 count += bitcountl(fdp->fd_map[i]);
3435 FILEDESC_SUNLOCK(fdp);
3436
3437 return (SYSCTL_OUT(req, &count, sizeof(count)));
3438 }
3439
3440 static SYSCTL_NODE(_kern_proc, KERN_PROC_NFDS, nfds,
3441 CTLFLAG_RD|CTLFLAG_CAPRD|CTLFLAG_MPSAFE, sysctl_kern_proc_nfds,
3442 "Number of open file descriptors");
3443
3444 /*
3445 * Get file structures globally.
3446 */
3447 static int
3448 sysctl_kern_file(SYSCTL_HANDLER_ARGS)
3449 {
3450 struct xfile xf;
3451 struct filedesc *fdp;
3452 struct file *fp;
3453 struct proc *p;
3454 int error, n;
3455
3456 error = sysctl_wire_old_buffer(req, 0);
3457 if (error != 0)
3458 return (error);
3459 if (req->oldptr == NULL) {
3460 n = 0;
3461 sx_slock(&allproc_lock);
3462 FOREACH_PROC_IN_SYSTEM(p) {
3463 PROC_LOCK(p);
3464 if (p->p_state == PRS_NEW) {
3465 PROC_UNLOCK(p);
3466 continue;
3467 }
3468 fdp = fdhold(p);
3469 PROC_UNLOCK(p);
3470 if (fdp == NULL)
3471 continue;
3472 /* overestimates sparse tables. */
3473 if (fdp->fd_lastfile > 0)
3474 n += fdp->fd_lastfile;
3475 fddrop(fdp);
3476 }
3477 sx_sunlock(&allproc_lock);
3478 return (SYSCTL_OUT(req, 0, n * sizeof(xf)));
3479 }
3480 error = 0;
3481 bzero(&xf, sizeof(xf));
3482 xf.xf_size = sizeof(xf);
3483 sx_slock(&allproc_lock);
3484 FOREACH_PROC_IN_SYSTEM(p) {
3485 PROC_LOCK(p);
3486 if (p->p_state == PRS_NEW) {
3487 PROC_UNLOCK(p);
3488 continue;
3489 }
3490 if (p_cansee(req->td, p) != 0) {
3491 PROC_UNLOCK(p);
3492 continue;
3493 }
3494 xf.xf_pid = p->p_pid;
3495 xf.xf_uid = p->p_ucred->cr_uid;
3496 fdp = fdhold(p);
3497 PROC_UNLOCK(p);
3498 if (fdp == NULL)
3499 continue;
3500 FILEDESC_SLOCK(fdp);
3501 for (n = 0; fdp->fd_refcnt > 0 && n <= fdp->fd_lastfile; ++n) {
3502 if ((fp = fdp->fd_ofiles[n].fde_file) == NULL)
3503 continue;
3504 xf.xf_fd = n;
3505 xf.xf_file = (uintptr_t)fp;
3506 xf.xf_data = (uintptr_t)fp->f_data;
3507 xf.xf_vnode = (uintptr_t)fp->f_vnode;
3508 xf.xf_type = (uintptr_t)fp->f_type;
3509 xf.xf_count = fp->f_count;
3510 xf.xf_msgcount = 0;
3511 xf.xf_offset = foffset_get(fp);
3512 xf.xf_flag = fp->f_flag;
3513 error = SYSCTL_OUT(req, &xf, sizeof(xf));
3514 if (error)
3515 break;
3516 }
3517 FILEDESC_SUNLOCK(fdp);
3518 fddrop(fdp);
3519 if (error)
3520 break;
3521 }
3522 sx_sunlock(&allproc_lock);
3523 return (error);
3524 }
3525
3526 SYSCTL_PROC(_kern, KERN_FILE, file, CTLTYPE_OPAQUE|CTLFLAG_RD|CTLFLAG_MPSAFE,
3527 0, 0, sysctl_kern_file, "S,xfile", "Entire file table");
3528
3529 #ifdef KINFO_FILE_SIZE
3530 CTASSERT(sizeof(struct kinfo_file) == KINFO_FILE_SIZE);
3531 #endif
3532
3533 static int
3534 xlate_fflags(int fflags)
3535 {
3536 static const struct {
3537 int fflag;
3538 int kf_fflag;
3539 } fflags_table[] = {
3540 { FAPPEND, KF_FLAG_APPEND },
3541 { FASYNC, KF_FLAG_ASYNC },
3542 { FFSYNC, KF_FLAG_FSYNC },
3543 { FHASLOCK, KF_FLAG_HASLOCK },
3544 { FNONBLOCK, KF_FLAG_NONBLOCK },
3545 { FREAD, KF_FLAG_READ },
3546 { FWRITE, KF_FLAG_WRITE },
3547 { O_CREAT, KF_FLAG_CREAT },
3548 { O_DIRECT, KF_FLAG_DIRECT },
3549 { O_EXCL, KF_FLAG_EXCL },
3550 { O_EXEC, KF_FLAG_EXEC },
3551 { O_EXLOCK, KF_FLAG_EXLOCK },
3552 { O_NOFOLLOW, KF_FLAG_NOFOLLOW },
3553 { O_SHLOCK, KF_FLAG_SHLOCK },
3554 { O_TRUNC, KF_FLAG_TRUNC }
3555 };
3556 unsigned int i;
3557 int kflags;
3558
3559 kflags = 0;
3560 for (i = 0; i < nitems(fflags_table); i++)
3561 if (fflags & fflags_table[i].fflag)
3562 kflags |= fflags_table[i].kf_fflag;
3563 return (kflags);
3564 }
3565
3566 /* Trim unused data from kf_path by truncating the structure size. */
3567 void
3568 pack_kinfo(struct kinfo_file *kif)
3569 {
3570
3571 kif->kf_structsize = offsetof(struct kinfo_file, kf_path) +
3572 strlen(kif->kf_path) + 1;
3573 kif->kf_structsize = roundup(kif->kf_structsize, sizeof(uint64_t));
3574 }
3575
3576 static void
3577 export_file_to_kinfo(struct file *fp, int fd, cap_rights_t *rightsp,
3578 struct kinfo_file *kif, struct filedesc *fdp, int flags)
3579 {
3580 int error;
3581
3582 bzero(kif, sizeof(*kif));
3583
3584 /* Set a default type to allow for empty fill_kinfo() methods. */
3585 kif->kf_type = KF_TYPE_UNKNOWN;
3586 kif->kf_flags = xlate_fflags(fp->f_flag);
3587 if (rightsp != NULL)
3588 kif->kf_cap_rights = *rightsp;
3589 else
3590 cap_rights_init(&kif->kf_cap_rights);
3591 kif->kf_fd = fd;
3592 kif->kf_ref_count = fp->f_count;
3593 kif->kf_offset = foffset_get(fp);
3594
3595 /*
3596 * This may drop the filedesc lock, so the 'fp' cannot be
3597 * accessed after this call.
3598 */
3599 error = fo_fill_kinfo(fp, kif, fdp);
3600 if (error == 0)
3601 kif->kf_status |= KF_ATTR_VALID;
3602 if ((flags & KERN_FILEDESC_PACK_KINFO) != 0)
3603 pack_kinfo(kif);
3604 else
3605 kif->kf_structsize = roundup2(sizeof(*kif), sizeof(uint64_t));
3606 }
3607
3608 static void
3609 export_vnode_to_kinfo(struct vnode *vp, int fd, int fflags,
3610 struct kinfo_file *kif, int flags)
3611 {
3612 int error;
3613
3614 bzero(kif, sizeof(*kif));
3615
3616 kif->kf_type = KF_TYPE_VNODE;
3617 error = vn_fill_kinfo_vnode(vp, kif);
3618 if (error == 0)
3619 kif->kf_status |= KF_ATTR_VALID;
3620 kif->kf_flags = xlate_fflags(fflags);
3621 cap_rights_init(&kif->kf_cap_rights);
3622 kif->kf_fd = fd;
3623 kif->kf_ref_count = -1;
3624 kif->kf_offset = -1;
3625 if ((flags & KERN_FILEDESC_PACK_KINFO) != 0)
3626 pack_kinfo(kif);
3627 else
3628 kif->kf_structsize = roundup2(sizeof(*kif), sizeof(uint64_t));
3629 vrele(vp);
3630 }
3631
3632 struct export_fd_buf {
3633 struct filedesc *fdp;
3634 struct sbuf *sb;
3635 ssize_t remainder;
3636 struct kinfo_file kif;
3637 int flags;
3638 };
3639
3640 static int
3641 export_kinfo_to_sb(struct export_fd_buf *efbuf)
3642 {
3643 struct kinfo_file *kif;
3644
3645 kif = &efbuf->kif;
3646 if (efbuf->remainder != -1) {
3647 if (efbuf->remainder < kif->kf_structsize) {
3648 /* Terminate export. */
3649 efbuf->remainder = 0;
3650 return (0);
3651 }
3652 efbuf->remainder -= kif->kf_structsize;
3653 }
3654 return (sbuf_bcat(efbuf->sb, kif, kif->kf_structsize) == 0 ? 0 : ENOMEM);
3655 }
3656
3657 static int
3658 export_file_to_sb(struct file *fp, int fd, cap_rights_t *rightsp,
3659 struct export_fd_buf *efbuf)
3660 {
3661 int error;
3662
3663 if (efbuf->remainder == 0)
3664 return (0);
3665 export_file_to_kinfo(fp, fd, rightsp, &efbuf->kif, efbuf->fdp,
3666 efbuf->flags);
3667 FILEDESC_SUNLOCK(efbuf->fdp);
3668 error = export_kinfo_to_sb(efbuf);
3669 FILEDESC_SLOCK(efbuf->fdp);
3670 return (error);
3671 }
3672
3673 static int
3674 export_vnode_to_sb(struct vnode *vp, int fd, int fflags,
3675 struct export_fd_buf *efbuf)
3676 {
3677 int error;
3678
3679 if (efbuf->remainder == 0)
3680 return (0);
3681 if (efbuf->fdp != NULL)
3682 FILEDESC_SUNLOCK(efbuf->fdp);
3683 export_vnode_to_kinfo(vp, fd, fflags, &efbuf->kif, efbuf->flags);
3684 error = export_kinfo_to_sb(efbuf);
3685 if (efbuf->fdp != NULL)
3686 FILEDESC_SLOCK(efbuf->fdp);
3687 return (error);
3688 }
3689
3690 /*
3691 * Store a process file descriptor information to sbuf.
3692 *
3693 * Takes a locked proc as argument, and returns with the proc unlocked.
3694 */
3695 int
3696 kern_proc_filedesc_out(struct proc *p, struct sbuf *sb, ssize_t maxlen,
3697 int flags)
3698 {
3699 struct file *fp;
3700 struct filedesc *fdp;
3701 struct export_fd_buf *efbuf;
3702 struct vnode *cttyvp, *textvp, *tracevp;
3703 int error, i;
3704 cap_rights_t rights;
3705
3706 PROC_LOCK_ASSERT(p, MA_OWNED);
3707
3708 /* ktrace vnode */
3709 tracevp = p->p_tracevp;
3710 if (tracevp != NULL)
3711 vrefact(tracevp);
3712 /* text vnode */
3713 textvp = p->p_textvp;
3714 if (textvp != NULL)
3715 vrefact(textvp);
3716 /* Controlling tty. */
3717 cttyvp = NULL;
3718 if (p->p_pgrp != NULL && p->p_pgrp->pg_session != NULL) {
3719 cttyvp = p->p_pgrp->pg_session->s_ttyvp;
3720 if (cttyvp != NULL)
3721 vrefact(cttyvp);
3722 }
3723 fdp = fdhold(p);
3724 PROC_UNLOCK(p);
3725 efbuf = malloc(sizeof(*efbuf), M_TEMP, M_WAITOK);
3726 efbuf->fdp = NULL;
3727 efbuf->sb = sb;
3728 efbuf->remainder = maxlen;
3729 efbuf->flags = flags;
3730 if (tracevp != NULL)
3731 export_vnode_to_sb(tracevp, KF_FD_TYPE_TRACE, FREAD | FWRITE,
3732 efbuf);
3733 if (textvp != NULL)
3734 export_vnode_to_sb(textvp, KF_FD_TYPE_TEXT, FREAD, efbuf);
3735 if (cttyvp != NULL)
3736 export_vnode_to_sb(cttyvp, KF_FD_TYPE_CTTY, FREAD | FWRITE,
3737 efbuf);
3738 error = 0;
3739 if (fdp == NULL)
3740 goto fail;
3741 efbuf->fdp = fdp;
3742 FILEDESC_SLOCK(fdp);
3743 /* working directory */
3744 if (fdp->fd_cdir != NULL) {
3745 vrefact(fdp->fd_cdir);
3746 export_vnode_to_sb(fdp->fd_cdir, KF_FD_TYPE_CWD, FREAD, efbuf);
3747 }
3748 /* root directory */
3749 if (fdp->fd_rdir != NULL) {
3750 vrefact(fdp->fd_rdir);
3751 export_vnode_to_sb(fdp->fd_rdir, KF_FD_TYPE_ROOT, FREAD, efbuf);
3752 }
3753 /* jail directory */
3754 if (fdp->fd_jdir != NULL) {
3755 vrefact(fdp->fd_jdir);
3756 export_vnode_to_sb(fdp->fd_jdir, KF_FD_TYPE_JAIL, FREAD, efbuf);
3757 }
3758 for (i = 0; fdp->fd_refcnt > 0 && i <= fdp->fd_lastfile; i++) {
3759 if ((fp = fdp->fd_ofiles[i].fde_file) == NULL)
3760 continue;
3761 #ifdef CAPABILITIES
3762 rights = *cap_rights(fdp, i);
3763 #else /* !CAPABILITIES */
3764 rights = cap_no_rights;
3765 #endif
3766 /*
3767 * Create sysctl entry. It is OK to drop the filedesc
3768 * lock inside of export_file_to_sb() as we will
3769 * re-validate and re-evaluate its properties when the
3770 * loop continues.
3771 */
3772 error = export_file_to_sb(fp, i, &rights, efbuf);
3773 if (error != 0 || efbuf->remainder == 0)
3774 break;
3775 }
3776 FILEDESC_SUNLOCK(fdp);
3777 fddrop(fdp);
3778 fail:
3779 free(efbuf, M_TEMP);
3780 return (error);
3781 }
3782
3783 #define FILEDESC_SBUF_SIZE (sizeof(struct kinfo_file) * 5)
3784
3785 /*
3786 * Get per-process file descriptors for use by procstat(1), et al.
3787 */
3788 static int
3789 sysctl_kern_proc_filedesc(SYSCTL_HANDLER_ARGS)
3790 {
3791 struct sbuf sb;
3792 struct proc *p;
3793 ssize_t maxlen;
3794 int error, error2, *name;
3795
3796 name = (int *)arg1;
3797
3798 sbuf_new_for_sysctl(&sb, NULL, FILEDESC_SBUF_SIZE, req);
3799 sbuf_clear_flags(&sb, SBUF_INCLUDENUL);
3800 error = pget((pid_t)name[0], PGET_CANDEBUG | PGET_NOTWEXIT, &p);
3801 if (error != 0) {
3802 sbuf_delete(&sb);
3803 return (error);
3804 }
3805 maxlen = req->oldptr != NULL ? req->oldlen : -1;
3806 error = kern_proc_filedesc_out(p, &sb, maxlen,
3807 KERN_FILEDESC_PACK_KINFO);
3808 error2 = sbuf_finish(&sb);
3809 sbuf_delete(&sb);
3810 return (error != 0 ? error : error2);
3811 }
3812
3813 #ifdef COMPAT_FREEBSD7
3814 #ifdef KINFO_OFILE_SIZE
3815 CTASSERT(sizeof(struct kinfo_ofile) == KINFO_OFILE_SIZE);
3816 #endif
3817
3818 static void
3819 kinfo_to_okinfo(struct kinfo_file *kif, struct kinfo_ofile *okif)
3820 {
3821
3822 okif->kf_structsize = sizeof(*okif);
3823 okif->kf_type = kif->kf_type;
3824 okif->kf_fd = kif->kf_fd;
3825 okif->kf_ref_count = kif->kf_ref_count;
3826 okif->kf_flags = kif->kf_flags & (KF_FLAG_READ | KF_FLAG_WRITE |
3827 KF_FLAG_APPEND | KF_FLAG_ASYNC | KF_FLAG_FSYNC | KF_FLAG_NONBLOCK |
3828 KF_FLAG_DIRECT | KF_FLAG_HASLOCK);
3829 okif->kf_offset = kif->kf_offset;
3830 if (kif->kf_type == KF_TYPE_VNODE)
3831 okif->kf_vnode_type = kif->kf_un.kf_file.kf_file_type;
3832 else
3833 okif->kf_vnode_type = KF_VTYPE_VNON;
3834 strlcpy(okif->kf_path, kif->kf_path, sizeof(okif->kf_path));
3835 if (kif->kf_type == KF_TYPE_SOCKET) {
3836 okif->kf_sock_domain = kif->kf_un.kf_sock.kf_sock_domain0;
3837 okif->kf_sock_type = kif->kf_un.kf_sock.kf_sock_type0;
3838 okif->kf_sock_protocol = kif->kf_un.kf_sock.kf_sock_protocol0;
3839 okif->kf_sa_local = kif->kf_un.kf_sock.kf_sa_local;
3840 okif->kf_sa_peer = kif->kf_un.kf_sock.kf_sa_peer;
3841 } else {
3842 okif->kf_sa_local.ss_family = AF_UNSPEC;
3843 okif->kf_sa_peer.ss_family = AF_UNSPEC;
3844 }
3845 }
3846
3847 static int
3848 export_vnode_for_osysctl(struct vnode *vp, int type, struct kinfo_file *kif,
3849 struct kinfo_ofile *okif, struct filedesc *fdp, struct sysctl_req *req)
3850 {
3851 int error;
3852
3853 vrefact(vp);
3854 FILEDESC_SUNLOCK(fdp);
3855 export_vnode_to_kinfo(vp, type, 0, kif, KERN_FILEDESC_PACK_KINFO);
3856 kinfo_to_okinfo(kif, okif);
3857 error = SYSCTL_OUT(req, okif, sizeof(*okif));
3858 FILEDESC_SLOCK(fdp);
3859 return (error);
3860 }
3861
3862 /*
3863 * Get per-process file descriptors for use by procstat(1), et al.
3864 */
3865 static int
3866 sysctl_kern_proc_ofiledesc(SYSCTL_HANDLER_ARGS)
3867 {
3868 struct kinfo_ofile *okif;
3869 struct kinfo_file *kif;
3870 struct filedesc *fdp;
3871 int error, i, *name;
3872 struct file *fp;
3873 struct proc *p;
3874
3875 name = (int *)arg1;
3876 error = pget((pid_t)name[0], PGET_CANDEBUG | PGET_NOTWEXIT, &p);
3877 if (error != 0)
3878 return (error);
3879 fdp = fdhold(p);
3880 PROC_UNLOCK(p);
3881 if (fdp == NULL)
3882 return (ENOENT);
3883 kif = malloc(sizeof(*kif), M_TEMP, M_WAITOK);
3884 okif = malloc(sizeof(*okif), M_TEMP, M_WAITOK);
3885 FILEDESC_SLOCK(fdp);
3886 if (fdp->fd_cdir != NULL)
3887 export_vnode_for_osysctl(fdp->fd_cdir, KF_FD_TYPE_CWD, kif,
3888 okif, fdp, req);
3889 if (fdp->fd_rdir != NULL)
3890 export_vnode_for_osysctl(fdp->fd_rdir, KF_FD_TYPE_ROOT, kif,
3891 okif, fdp, req);
3892 if (fdp->fd_jdir != NULL)
3893 export_vnode_for_osysctl(fdp->fd_jdir, KF_FD_TYPE_JAIL, kif,
3894 okif, fdp, req);
3895 for (i = 0; fdp->fd_refcnt > 0 && i <= fdp->fd_lastfile; i++) {
3896 if ((fp = fdp->fd_ofiles[i].fde_file) == NULL)
3897 continue;
3898 export_file_to_kinfo(fp, i, NULL, kif, fdp,
3899 KERN_FILEDESC_PACK_KINFO);
3900 FILEDESC_SUNLOCK(fdp);
3901 kinfo_to_okinfo(kif, okif);
3902 error = SYSCTL_OUT(req, okif, sizeof(*okif));
3903 FILEDESC_SLOCK(fdp);
3904 if (error)
3905 break;
3906 }
3907 FILEDESC_SUNLOCK(fdp);
3908 fddrop(fdp);
3909 free(kif, M_TEMP);
3910 free(okif, M_TEMP);
3911 return (0);
3912 }
3913
3914 static SYSCTL_NODE(_kern_proc, KERN_PROC_OFILEDESC, ofiledesc,
3915 CTLFLAG_RD|CTLFLAG_MPSAFE, sysctl_kern_proc_ofiledesc,
3916 "Process ofiledesc entries");
3917 #endif /* COMPAT_FREEBSD7 */
3918
3919 int
3920 vntype_to_kinfo(int vtype)
3921 {
3922 struct {
3923 int vtype;
3924 int kf_vtype;
3925 } vtypes_table[] = {
3926 { VBAD, KF_VTYPE_VBAD },
3927 { VBLK, KF_VTYPE_VBLK },
3928 { VCHR, KF_VTYPE_VCHR },
3929 { VDIR, KF_VTYPE_VDIR },
3930 { VFIFO, KF_VTYPE_VFIFO },
3931 { VLNK, KF_VTYPE_VLNK },
3932 { VNON, KF_VTYPE_VNON },
3933 { VREG, KF_VTYPE_VREG },
3934 { VSOCK, KF_VTYPE_VSOCK }
3935 };
3936 unsigned int i;
3937
3938 /*
3939 * Perform vtype translation.
3940 */
3941 for (i = 0; i < nitems(vtypes_table); i++)
3942 if (vtypes_table[i].vtype == vtype)
3943 return (vtypes_table[i].kf_vtype);
3944
3945 return (KF_VTYPE_UNKNOWN);
3946 }
3947
3948 static SYSCTL_NODE(_kern_proc, KERN_PROC_FILEDESC, filedesc,
3949 CTLFLAG_RD|CTLFLAG_MPSAFE, sysctl_kern_proc_filedesc,
3950 "Process filedesc entries");
3951
3952 /*
3953 * Store a process current working directory information to sbuf.
3954 *
3955 * Takes a locked proc as argument, and returns with the proc unlocked.
3956 */
3957 int
3958 kern_proc_cwd_out(struct proc *p, struct sbuf *sb, ssize_t maxlen)
3959 {
3960 struct filedesc *fdp;
3961 struct export_fd_buf *efbuf;
3962 int error;
3963
3964 PROC_LOCK_ASSERT(p, MA_OWNED);
3965
3966 fdp = fdhold(p);
3967 PROC_UNLOCK(p);
3968 if (fdp == NULL)
3969 return (EINVAL);
3970
3971 efbuf = malloc(sizeof(*efbuf), M_TEMP, M_WAITOK);
3972 efbuf->fdp = fdp;
3973 efbuf->sb = sb;
3974 efbuf->remainder = maxlen;
3975
3976 FILEDESC_SLOCK(fdp);
3977 if (fdp->fd_cdir == NULL)
3978 error = EINVAL;
3979 else {
3980 vrefact(fdp->fd_cdir);
3981 error = export_vnode_to_sb(fdp->fd_cdir, KF_FD_TYPE_CWD,
3982 FREAD, efbuf);
3983 }
3984 FILEDESC_SUNLOCK(fdp);
3985 fddrop(fdp);
3986 free(efbuf, M_TEMP);
3987 return (error);
3988 }
3989
3990 /*
3991 * Get per-process current working directory.
3992 */
3993 static int
3994 sysctl_kern_proc_cwd(SYSCTL_HANDLER_ARGS)
3995 {
3996 struct sbuf sb;
3997 struct proc *p;
3998 ssize_t maxlen;
3999 int error, error2, *name;
4000
4001 name = (int *)arg1;
4002
4003 sbuf_new_for_sysctl(&sb, NULL, sizeof(struct kinfo_file), req);
4004 sbuf_clear_flags(&sb, SBUF_INCLUDENUL);
4005 error = pget((pid_t)name[0], PGET_CANDEBUG | PGET_NOTWEXIT, &p);
4006 if (error != 0) {
4007 sbuf_delete(&sb);
4008 return (error);
4009 }
4010 maxlen = req->oldptr != NULL ? req->oldlen : -1;
4011 error = kern_proc_cwd_out(p, &sb, maxlen);
4012 error2 = sbuf_finish(&sb);
4013 sbuf_delete(&sb);
4014 return (error != 0 ? error : error2);
4015 }
4016
4017 static SYSCTL_NODE(_kern_proc, KERN_PROC_CWD, cwd, CTLFLAG_RD|CTLFLAG_MPSAFE,
4018 sysctl_kern_proc_cwd, "Process current working directory");
4019
4020 #ifdef DDB
4021 /*
4022 * For the purposes of debugging, generate a human-readable string for the
4023 * file type.
4024 */
4025 static const char *
4026 file_type_to_name(short type)
4027 {
4028
4029 switch (type) {
4030 case 0:
4031 return ("zero");
4032 case DTYPE_VNODE:
4033 return ("vnode");
4034 case DTYPE_SOCKET:
4035 return ("socket");
4036 case DTYPE_PIPE:
4037 return ("pipe");
4038 case DTYPE_FIFO:
4039 return ("fifo");
4040 case DTYPE_KQUEUE:
4041 return ("kqueue");
4042 case DTYPE_CRYPTO:
4043 return ("crypto");
4044 case DTYPE_MQUEUE:
4045 return ("mqueue");
4046 case DTYPE_SHM:
4047 return ("shm");
4048 case DTYPE_SEM:
4049 return ("ksem");
4050 case DTYPE_PTS:
4051 return ("pts");
4052 case DTYPE_DEV:
4053 return ("dev");
4054 case DTYPE_PROCDESC:
4055 return ("proc");
4056 case DTYPE_LINUXEFD:
4057 return ("levent");
4058 case DTYPE_LINUXTFD:
4059 return ("ltimer");
4060 default:
4061 return ("unkn");
4062 }
4063 }
4064
4065 /*
4066 * For the purposes of debugging, identify a process (if any, perhaps one of
4067 * many) that references the passed file in its file descriptor array. Return
4068 * NULL if none.
4069 */
4070 static struct proc *
4071 file_to_first_proc(struct file *fp)
4072 {
4073 struct filedesc *fdp;
4074 struct proc *p;
4075 int n;
4076
4077 FOREACH_PROC_IN_SYSTEM(p) {
4078 if (p->p_state == PRS_NEW)
4079 continue;
4080 fdp = p->p_fd;
4081 if (fdp == NULL)
4082 continue;
4083 for (n = 0; n <= fdp->fd_lastfile; n++) {
4084 if (fp == fdp->fd_ofiles[n].fde_file)
4085 return (p);
4086 }
4087 }
4088 return (NULL);
4089 }
4090
4091 static void
4092 db_print_file(struct file *fp, int header)
4093 {
4094 #define XPTRWIDTH ((int)howmany(sizeof(void *) * NBBY, 4))
4095 struct proc *p;
4096
4097 if (header)
4098 db_printf("%*s %6s %*s %8s %4s %5s %6s %*s %5s %s\n",
4099 XPTRWIDTH, "File", "Type", XPTRWIDTH, "Data", "Flag",
4100 "GCFl", "Count", "MCount", XPTRWIDTH, "Vnode", "FPID",
4101 "FCmd");
4102 p = file_to_first_proc(fp);
4103 db_printf("%*p %6s %*p %08x %04x %5d %6d %*p %5d %s\n", XPTRWIDTH,
4104 fp, file_type_to_name(fp->f_type), XPTRWIDTH, fp->f_data,
4105 fp->f_flag, 0, fp->f_count, 0, XPTRWIDTH, fp->f_vnode,
4106 p != NULL ? p->p_pid : -1, p != NULL ? p->p_comm : "-");
4107
4108 #undef XPTRWIDTH
4109 }
4110
4111 DB_SHOW_COMMAND(file, db_show_file)
4112 {
4113 struct file *fp;
4114
4115 if (!have_addr) {
4116 db_printf("usage: show file <addr>\n");
4117 return;
4118 }
4119 fp = (struct file *)addr;
4120 db_print_file(fp, 1);
4121 }
4122
4123 DB_SHOW_COMMAND(files, db_show_files)
4124 {
4125 struct filedesc *fdp;
4126 struct file *fp;
4127 struct proc *p;
4128 int header;
4129 int n;
4130
4131 header = 1;
4132 FOREACH_PROC_IN_SYSTEM(p) {
4133 if (p->p_state == PRS_NEW)
4134 continue;
4135 if ((fdp = p->p_fd) == NULL)
4136 continue;
4137 for (n = 0; n <= fdp->fd_lastfile; ++n) {
4138 if ((fp = fdp->fd_ofiles[n].fde_file) == NULL)
4139 continue;
4140 db_print_file(fp, header);
4141 header = 0;
4142 }
4143 }
4144 }
4145 #endif
4146
4147 SYSCTL_INT(_kern, KERN_MAXFILESPERPROC, maxfilesperproc, CTLFLAG_RW,
4148 &maxfilesperproc, 0, "Maximum files allowed open per process");
4149
4150 SYSCTL_INT(_kern, KERN_MAXFILES, maxfiles, CTLFLAG_RW,
4151 &maxfiles, 0, "Maximum number of files");
4152
4153 SYSCTL_INT(_kern, OID_AUTO, openfiles, CTLFLAG_RD,
4154 __DEVOLATILE(int *, &openfiles), 0, "System-wide number of open files");
4155
4156 /* ARGSUSED*/
4157 static void
4158 filelistinit(void *dummy)
4159 {
4160
4161 file_zone = uma_zcreate("Files", sizeof(struct file), NULL, NULL,
4162 NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
4163 filedesc0_zone = uma_zcreate("filedesc0", sizeof(struct filedesc0),
4164 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
4165 mtx_init(&sigio_lock, "sigio lock", NULL, MTX_DEF);
4166 }
4167 SYSINIT(select, SI_SUB_LOCK, SI_ORDER_FIRST, filelistinit, NULL);
4168
4169 /*-------------------------------------------------------------------*/
4170
4171 static int
4172 badfo_readwrite(struct file *fp, struct uio *uio, struct ucred *active_cred,
4173 int flags, struct thread *td)
4174 {
4175
4176 return (EBADF);
4177 }
4178
4179 static int
4180 badfo_truncate(struct file *fp, off_t length, struct ucred *active_cred,
4181 struct thread *td)
4182 {
4183
4184 return (EINVAL);
4185 }
4186
4187 static int
4188 badfo_ioctl(struct file *fp, u_long com, void *data, struct ucred *active_cred,
4189 struct thread *td)
4190 {
4191
4192 return (EBADF);
4193 }
4194
4195 static int
4196 badfo_poll(struct file *fp, int events, struct ucred *active_cred,
4197 struct thread *td)
4198 {
4199
4200 return (0);
4201 }
4202
4203 static int
4204 badfo_kqfilter(struct file *fp, struct knote *kn)
4205 {
4206
4207 return (EBADF);
4208 }
4209
4210 static int
4211 badfo_stat(struct file *fp, struct stat *sb, struct ucred *active_cred,
4212 struct thread *td)
4213 {
4214
4215 return (EBADF);
4216 }
4217
4218 static int
4219 badfo_close(struct file *fp, struct thread *td)
4220 {
4221
4222 return (0);
4223 }
4224
4225 static int
4226 badfo_chmod(struct file *fp, mode_t mode, struct ucred *active_cred,
4227 struct thread *td)
4228 {
4229
4230 return (EBADF);
4231 }
4232
4233 static int
4234 badfo_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
4235 struct thread *td)
4236 {
4237
4238 return (EBADF);
4239 }
4240
4241 static int
4242 badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
4243 struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
4244 struct thread *td)
4245 {
4246
4247 return (EBADF);
4248 }
4249
4250 static int
4251 badfo_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp)
4252 {
4253
4254 return (0);
4255 }
4256
4257 struct fileops badfileops = {
4258 .fo_read = badfo_readwrite,
4259 .fo_write = badfo_readwrite,
4260 .fo_truncate = badfo_truncate,
4261 .fo_ioctl = badfo_ioctl,
4262 .fo_poll = badfo_poll,
4263 .fo_kqfilter = badfo_kqfilter,
4264 .fo_stat = badfo_stat,
4265 .fo_close = badfo_close,
4266 .fo_chmod = badfo_chmod,
4267 .fo_chown = badfo_chown,
4268 .fo_sendfile = badfo_sendfile,
4269 .fo_fill_kinfo = badfo_fill_kinfo,
4270 };
4271
4272 int
4273 invfo_rdwr(struct file *fp, struct uio *uio, struct ucred *active_cred,
4274 int flags, struct thread *td)
4275 {
4276
4277 return (EOPNOTSUPP);
4278 }
4279
4280 int
4281 invfo_truncate(struct file *fp, off_t length, struct ucred *active_cred,
4282 struct thread *td)
4283 {
4284
4285 return (EINVAL);
4286 }
4287
4288 int
4289 invfo_ioctl(struct file *fp, u_long com, void *data,
4290 struct ucred *active_cred, struct thread *td)
4291 {
4292
4293 return (ENOTTY);
4294 }
4295
4296 int
4297 invfo_poll(struct file *fp, int events, struct ucred *active_cred,
4298 struct thread *td)
4299 {
4300
4301 return (poll_no_poll(events));
4302 }
4303
4304 int
4305 invfo_kqfilter(struct file *fp, struct knote *kn)
4306 {
4307
4308 return (EINVAL);
4309 }
4310
4311 int
4312 invfo_chmod(struct file *fp, mode_t mode, struct ucred *active_cred,
4313 struct thread *td)
4314 {
4315
4316 return (EINVAL);
4317 }
4318
4319 int
4320 invfo_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
4321 struct thread *td)
4322 {
4323
4324 return (EINVAL);
4325 }
4326
4327 int
4328 invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
4329 struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
4330 struct thread *td)
4331 {
4332
4333 return (EINVAL);
4334 }
4335
4336 /*-------------------------------------------------------------------*/
4337
4338 /*
4339 * File Descriptor pseudo-device driver (/dev/fd/).
4340 *
4341 * Opening minor device N dup()s the file (if any) connected to file
4342 * descriptor N belonging to the calling process. Note that this driver
4343 * consists of only the ``open()'' routine, because all subsequent
4344 * references to this file will be direct to the other driver.
4345 *
4346 * XXX: we could give this one a cloning event handler if necessary.
4347 */
4348
4349 /* ARGSUSED */
4350 static int
4351 fdopen(struct cdev *dev, int mode, int type, struct thread *td)
4352 {
4353
4354 /*
4355 * XXX Kludge: set curthread->td_dupfd to contain the value of the
4356 * the file descriptor being sought for duplication. The error
4357 * return ensures that the vnode for this device will be released
4358 * by vn_open. Open will detect this special error and take the
4359 * actions in dupfdopen below. Other callers of vn_open or VOP_OPEN
4360 * will simply report the error.
4361 */
4362 td->td_dupfd = dev2unit(dev);
4363 return (ENODEV);
4364 }
4365
4366 static struct cdevsw fildesc_cdevsw = {
4367 .d_version = D_VERSION,
4368 .d_open = fdopen,
4369 .d_name = "FD",
4370 };
4371
4372 static void
4373 fildesc_drvinit(void *unused)
4374 {
4375 struct cdev *dev;
4376
4377 dev = make_dev_credf(MAKEDEV_ETERNAL, &fildesc_cdevsw, 0, NULL,
4378 UID_ROOT, GID_WHEEL, 0666, "fd/0");
4379 make_dev_alias(dev, "stdin");
4380 dev = make_dev_credf(MAKEDEV_ETERNAL, &fildesc_cdevsw, 1, NULL,
4381 UID_ROOT, GID_WHEEL, 0666, "fd/1");
4382 make_dev_alias(dev, "stdout");
4383 dev = make_dev_credf(MAKEDEV_ETERNAL, &fildesc_cdevsw, 2, NULL,
4384 UID_ROOT, GID_WHEEL, 0666, "fd/2");
4385 make_dev_alias(dev, "stderr");
4386 }
4387
4388 SYSINIT(fildescdev, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, fildesc_drvinit, NULL);
Cache object: 4406a6fd158c4cafa496270120b1c7ac
|