Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/kern/subr_uio.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1982, 1986, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)kern_subr.c 8.3 (Berkeley) 1/21/94 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD: releng/9.1/sys/kern/subr_uio.c 233647 2012-03-29 04:54:34Z alc $"); 39 40 #include "opt_zero.h" 41 42 #include <sys/param.h> 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/limits.h> 46 #include <sys/lock.h> 47 #include <sys/mman.h> 48 #include <sys/mutex.h> 49 #include <sys/proc.h> 50 #include <sys/resourcevar.h> 51 #include <sys/sched.h> 52 #include <sys/sysctl.h> 53 #include <sys/vnode.h> 54 55 #include <vm/vm.h> 56 #include <vm/vm_extern.h> 57 #include <vm/vm_page.h> 58 #include <vm/vm_map.h> 59 #ifdef ZERO_COPY_SOCKETS 60 #include <vm/vm_param.h> 61 #include <vm/vm_object.h> 62 #endif 63 64 SYSCTL_INT(_kern, KERN_IOV_MAX, iov_max, CTLFLAG_RD, NULL, UIO_MAXIOV, 65 "Maximum number of elements in an I/O vector; sysconf(_SC_IOV_MAX)"); 66 67 static int uiomove_faultflag(void *cp, int n, struct uio *uio, int nofault); 68 69 #ifdef ZERO_COPY_SOCKETS 70 /* Declared in uipc_socket.c */ 71 extern int so_zero_copy_receive; 72 73 /* 74 * Identify the physical page mapped at the given kernel virtual 75 * address. Insert this physical page into the given address space at 76 * the given virtual address, replacing the physical page, if any, 77 * that already exists there. 78 */ 79 static int 80 vm_pgmoveco(vm_map_t mapa, vm_offset_t kaddr, vm_offset_t uaddr) 81 { 82 vm_map_t map = mapa; 83 vm_page_t kern_pg, user_pg; 84 vm_object_t uobject; 85 vm_map_entry_t entry; 86 vm_pindex_t upindex; 87 vm_prot_t prot; 88 boolean_t wired; 89 90 KASSERT((uaddr & PAGE_MASK) == 0, 91 ("vm_pgmoveco: uaddr is not page aligned")); 92 93 /* 94 * Herein the physical page is validated and dirtied. It is 95 * unwired in sf_buf_mext(). 96 */ 97 kern_pg = PHYS_TO_VM_PAGE(vtophys(kaddr)); 98 kern_pg->valid = VM_PAGE_BITS_ALL; 99 KASSERT(kern_pg->queue == PQ_NONE && kern_pg->wire_count == 1, 100 ("vm_pgmoveco: kern_pg is not correctly wired")); 101 102 if ((vm_map_lookup(&map, uaddr, 103 VM_PROT_WRITE, &entry, &uobject, 104 &upindex, &prot, &wired)) != KERN_SUCCESS) { 105 return(EFAULT); 106 } 107 VM_OBJECT_LOCK(uobject); 108 retry: 109 if ((user_pg = vm_page_lookup(uobject, upindex)) != NULL) { 110 if (vm_page_sleep_if_busy(user_pg, TRUE, "vm_pgmoveco")) 111 goto retry; 112 vm_page_lock(user_pg); 113 pmap_remove_all(user_pg); 114 vm_page_free(user_pg); 115 vm_page_unlock(user_pg); 116 } else { 117 /* 118 * Even if a physical page does not exist in the 119 * object chain's first object, a physical page from a 120 * backing object may be mapped read only. 121 */ 122 if (uobject->backing_object != NULL) 123 pmap_remove(map->pmap, uaddr, uaddr + PAGE_SIZE); 124 } 125 vm_page_insert(kern_pg, uobject, upindex); 126 vm_page_dirty(kern_pg); 127 VM_OBJECT_UNLOCK(uobject); 128 vm_map_lookup_done(map, entry); 129 return(KERN_SUCCESS); 130 } 131 #endif /* ZERO_COPY_SOCKETS */ 132 133 int 134 copyin_nofault(const void *udaddr, void *kaddr, size_t len) 135 { 136 int error, save; 137 138 save = vm_fault_disable_pagefaults(); 139 error = copyin(udaddr, kaddr, len); 140 vm_fault_enable_pagefaults(save); 141 return (error); 142 } 143 144 int 145 copyout_nofault(const void *kaddr, void *udaddr, size_t len) 146 { 147 int error, save; 148 149 save = vm_fault_disable_pagefaults(); 150 error = copyout(kaddr, udaddr, len); 151 vm_fault_enable_pagefaults(save); 152 return (error); 153 } 154 155 int 156 uiomove(void *cp, int n, struct uio *uio) 157 { 158 159 return (uiomove_faultflag(cp, n, uio, 0)); 160 } 161 162 int 163 uiomove_nofault(void *cp, int n, struct uio *uio) 164 { 165 166 return (uiomove_faultflag(cp, n, uio, 1)); 167 } 168 169 static int 170 uiomove_faultflag(void *cp, int n, struct uio *uio, int nofault) 171 { 172 struct thread *td; 173 struct iovec *iov; 174 size_t cnt; 175 int error, newflags, save; 176 177 td = curthread; 178 error = 0; 179 180 KASSERT(uio->uio_rw == UIO_READ || uio->uio_rw == UIO_WRITE, 181 ("uiomove: mode")); 182 KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == td, 183 ("uiomove proc")); 184 if (!nofault) 185 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 186 "Calling uiomove()"); 187 188 /* XXX does it make a sense to set TDP_DEADLKTREAT for UIO_SYSSPACE ? */ 189 newflags = TDP_DEADLKTREAT; 190 if (uio->uio_segflg == UIO_USERSPACE && nofault) { 191 /* 192 * Fail if a non-spurious page fault occurs. 193 */ 194 newflags |= TDP_NOFAULTING | TDP_RESETSPUR; 195 } 196 save = curthread_pflags_set(newflags); 197 198 while (n > 0 && uio->uio_resid) { 199 iov = uio->uio_iov; 200 cnt = iov->iov_len; 201 if (cnt == 0) { 202 uio->uio_iov++; 203 uio->uio_iovcnt--; 204 continue; 205 } 206 if (cnt > n) 207 cnt = n; 208 209 switch (uio->uio_segflg) { 210 211 case UIO_USERSPACE: 212 maybe_yield(); 213 if (uio->uio_rw == UIO_READ) 214 error = copyout(cp, iov->iov_base, cnt); 215 else 216 error = copyin(iov->iov_base, cp, cnt); 217 if (error) 218 goto out; 219 break; 220 221 case UIO_SYSSPACE: 222 if (uio->uio_rw == UIO_READ) 223 bcopy(cp, iov->iov_base, cnt); 224 else 225 bcopy(iov->iov_base, cp, cnt); 226 break; 227 case UIO_NOCOPY: 228 break; 229 } 230 iov->iov_base = (char *)iov->iov_base + cnt; 231 iov->iov_len -= cnt; 232 uio->uio_resid -= cnt; 233 uio->uio_offset += cnt; 234 cp = (char *)cp + cnt; 235 n -= cnt; 236 } 237 out: 238 curthread_pflags_restore(save); 239 return (error); 240 } 241 242 /* 243 * Wrapper for uiomove() that validates the arguments against a known-good 244 * kernel buffer. Currently, uiomove accepts a signed (n) argument, which 245 * is almost definitely a bad thing, so we catch that here as well. We 246 * return a runtime failure, but it might be desirable to generate a runtime 247 * assertion failure instead. 248 */ 249 int 250 uiomove_frombuf(void *buf, int buflen, struct uio *uio) 251 { 252 size_t offset, n; 253 254 if (uio->uio_offset < 0 || uio->uio_resid < 0 || 255 (offset = uio->uio_offset) != uio->uio_offset) 256 return (EINVAL); 257 if (buflen <= 0 || offset >= buflen) 258 return (0); 259 if ((n = buflen - offset) > IOSIZE_MAX) 260 return (EINVAL); 261 return (uiomove((char *)buf + offset, n, uio)); 262 } 263 264 #ifdef ZERO_COPY_SOCKETS 265 /* 266 * Experimental support for zero-copy I/O 267 */ 268 static int 269 userspaceco(void *cp, u_int cnt, struct uio *uio, int disposable) 270 { 271 struct iovec *iov; 272 int error; 273 274 iov = uio->uio_iov; 275 if (uio->uio_rw == UIO_READ) { 276 if ((so_zero_copy_receive != 0) 277 && ((cnt & PAGE_MASK) == 0) 278 && ((((intptr_t) iov->iov_base) & PAGE_MASK) == 0) 279 && ((uio->uio_offset & PAGE_MASK) == 0) 280 && ((((intptr_t) cp) & PAGE_MASK) == 0) 281 && (disposable != 0)) { 282 /* SOCKET: use page-trading */ 283 /* 284 * We only want to call vm_pgmoveco() on 285 * disposeable pages, since it gives the 286 * kernel page to the userland process. 287 */ 288 error = vm_pgmoveco(&curproc->p_vmspace->vm_map, 289 (vm_offset_t)cp, (vm_offset_t)iov->iov_base); 290 291 /* 292 * If we get an error back, attempt 293 * to use copyout() instead. The 294 * disposable page should be freed 295 * automatically if we weren't able to move 296 * it into userland. 297 */ 298 if (error != 0) 299 error = copyout(cp, iov->iov_base, cnt); 300 } else { 301 error = copyout(cp, iov->iov_base, cnt); 302 } 303 } else { 304 error = copyin(iov->iov_base, cp, cnt); 305 } 306 return (error); 307 } 308 309 int 310 uiomoveco(void *cp, int n, struct uio *uio, int disposable) 311 { 312 struct iovec *iov; 313 u_int cnt; 314 int error; 315 316 KASSERT(uio->uio_rw == UIO_READ || uio->uio_rw == UIO_WRITE, 317 ("uiomoveco: mode")); 318 KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread, 319 ("uiomoveco proc")); 320 321 while (n > 0 && uio->uio_resid) { 322 iov = uio->uio_iov; 323 cnt = iov->iov_len; 324 if (cnt == 0) { 325 uio->uio_iov++; 326 uio->uio_iovcnt--; 327 continue; 328 } 329 if (cnt > n) 330 cnt = n; 331 332 switch (uio->uio_segflg) { 333 334 case UIO_USERSPACE: 335 maybe_yield(); 336 error = userspaceco(cp, cnt, uio, disposable); 337 if (error) 338 return (error); 339 break; 340 341 case UIO_SYSSPACE: 342 if (uio->uio_rw == UIO_READ) 343 bcopy(cp, iov->iov_base, cnt); 344 else 345 bcopy(iov->iov_base, cp, cnt); 346 break; 347 case UIO_NOCOPY: 348 break; 349 } 350 iov->iov_base = (char *)iov->iov_base + cnt; 351 iov->iov_len -= cnt; 352 uio->uio_resid -= cnt; 353 uio->uio_offset += cnt; 354 cp = (char *)cp + cnt; 355 n -= cnt; 356 } 357 return (0); 358 } 359 #endif /* ZERO_COPY_SOCKETS */ 360 361 /* 362 * Give next character to user as result of read. 363 */ 364 int 365 ureadc(int c, struct uio *uio) 366 { 367 struct iovec *iov; 368 char *iov_base; 369 370 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 371 "Calling ureadc()"); 372 373 again: 374 if (uio->uio_iovcnt == 0 || uio->uio_resid == 0) 375 panic("ureadc"); 376 iov = uio->uio_iov; 377 if (iov->iov_len == 0) { 378 uio->uio_iovcnt--; 379 uio->uio_iov++; 380 goto again; 381 } 382 switch (uio->uio_segflg) { 383 384 case UIO_USERSPACE: 385 if (subyte(iov->iov_base, c) < 0) 386 return (EFAULT); 387 break; 388 389 case UIO_SYSSPACE: 390 iov_base = iov->iov_base; 391 *iov_base = c; 392 iov->iov_base = iov_base; 393 break; 394 395 case UIO_NOCOPY: 396 break; 397 } 398 iov->iov_base = (char *)iov->iov_base + 1; 399 iov->iov_len--; 400 uio->uio_resid--; 401 uio->uio_offset++; 402 return (0); 403 } 404 405 int 406 copyinfrom(const void * __restrict src, void * __restrict dst, size_t len, 407 int seg) 408 { 409 int error = 0; 410 411 switch (seg) { 412 case UIO_USERSPACE: 413 error = copyin(src, dst, len); 414 break; 415 case UIO_SYSSPACE: 416 bcopy(src, dst, len); 417 break; 418 default: 419 panic("copyinfrom: bad seg %d\n", seg); 420 } 421 return (error); 422 } 423 424 int 425 copyinstrfrom(const void * __restrict src, void * __restrict dst, size_t len, 426 size_t * __restrict copied, int seg) 427 { 428 int error = 0; 429 430 switch (seg) { 431 case UIO_USERSPACE: 432 error = copyinstr(src, dst, len, copied); 433 break; 434 case UIO_SYSSPACE: 435 error = copystr(src, dst, len, copied); 436 break; 437 default: 438 panic("copyinstrfrom: bad seg %d\n", seg); 439 } 440 return (error); 441 } 442 443 int 444 copyiniov(struct iovec *iovp, u_int iovcnt, struct iovec **iov, int error) 445 { 446 u_int iovlen; 447 448 *iov = NULL; 449 if (iovcnt > UIO_MAXIOV) 450 return (error); 451 iovlen = iovcnt * sizeof (struct iovec); 452 *iov = malloc(iovlen, M_IOV, M_WAITOK); 453 error = copyin(iovp, *iov, iovlen); 454 if (error) { 455 free(*iov, M_IOV); 456 *iov = NULL; 457 } 458 return (error); 459 } 460 461 int 462 copyinuio(struct iovec *iovp, u_int iovcnt, struct uio **uiop) 463 { 464 struct iovec *iov; 465 struct uio *uio; 466 u_int iovlen; 467 int error, i; 468 469 *uiop = NULL; 470 if (iovcnt > UIO_MAXIOV) 471 return (EINVAL); 472 iovlen = iovcnt * sizeof (struct iovec); 473 uio = malloc(iovlen + sizeof *uio, M_IOV, M_WAITOK); 474 iov = (struct iovec *)(uio + 1); 475 error = copyin(iovp, iov, iovlen); 476 if (error) { 477 free(uio, M_IOV); 478 return (error); 479 } 480 uio->uio_iov = iov; 481 uio->uio_iovcnt = iovcnt; 482 uio->uio_segflg = UIO_USERSPACE; 483 uio->uio_offset = -1; 484 uio->uio_resid = 0; 485 for (i = 0; i < iovcnt; i++) { 486 if (iov->iov_len > IOSIZE_MAX - uio->uio_resid) { 487 free(uio, M_IOV); 488 return (EINVAL); 489 } 490 uio->uio_resid += iov->iov_len; 491 iov++; 492 } 493 *uiop = uio; 494 return (0); 495 } 496 497 struct uio * 498 cloneuio(struct uio *uiop) 499 { 500 struct uio *uio; 501 int iovlen; 502 503 iovlen = uiop->uio_iovcnt * sizeof (struct iovec); 504 uio = malloc(iovlen + sizeof *uio, M_IOV, M_WAITOK); 505 *uio = *uiop; 506 uio->uio_iov = (struct iovec *)(uio + 1); 507 bcopy(uiop->uio_iov, uio->uio_iov, iovlen); 508 return (uio); 509 } 510 511 /* 512 * Map some anonymous memory in user space of size sz, rounded up to the page 513 * boundary. 514 */ 515 int 516 copyout_map(struct thread *td, vm_offset_t *addr, size_t sz) 517 { 518 struct vmspace *vms; 519 int error; 520 vm_size_t size; 521 522 vms = td->td_proc->p_vmspace; 523 524 /* 525 * Map somewhere after heap in process memory. 526 */ 527 PROC_LOCK(td->td_proc); 528 *addr = round_page((vm_offset_t)vms->vm_daddr + 529 lim_max(td->td_proc, RLIMIT_DATA)); 530 PROC_UNLOCK(td->td_proc); 531 532 /* round size up to page boundry */ 533 size = (vm_size_t)round_page(sz); 534 535 error = vm_mmap(&vms->vm_map, addr, size, PROT_READ | PROT_WRITE, 536 VM_PROT_ALL, MAP_PRIVATE | MAP_ANON, OBJT_DEFAULT, NULL, 0); 537 538 return (error); 539 } 540 541 /* 542 * Unmap memory in user space. 543 */ 544 int 545 copyout_unmap(struct thread *td, vm_offset_t addr, size_t sz) 546 { 547 vm_map_t map; 548 vm_size_t size; 549 550 if (sz == 0) 551 return (0); 552 553 map = &td->td_proc->p_vmspace->vm_map; 554 size = (vm_size_t)round_page(sz); 555 556 if (vm_map_remove(map, addr, addr + size) != KERN_SUCCESS) 557 return (EINVAL); 558 559 return (0); 560 }
Cache object: 89aa6c06b8b23a9388a8e237faa04767
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]