1 /*-
2 * Copyright (c) 1982, 1986, 1988, 1990, 1993
3 * The Regents of the University of California.
4 * Copyright (c) 2004 The FreeBSD Foundation
5 * Copyright (c) 2004-2007 Robert N. M. Watson
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94
33 */
34
35 /*
36 * Comments on the socket life cycle:
37 *
38 * soalloc() sets of socket layer state for a socket, called only by
39 * socreate() and sonewconn(). Socket layer private.
40 *
41 * sodealloc() tears down socket layer state for a socket, called only by
42 * sofree() and sonewconn(). Socket layer private.
43 *
44 * pru_attach() associates protocol layer state with an allocated socket;
45 * called only once, may fail, aborting socket allocation. This is called
46 * from socreate() and sonewconn(). Socket layer private.
47 *
48 * pru_detach() disassociates protocol layer state from an attached socket,
49 * and will be called exactly once for sockets in which pru_attach() has
50 * been successfully called. If pru_attach() returned an error,
51 * pru_detach() will not be called. Socket layer private.
52 *
53 * pru_abort() and pru_close() notify the protocol layer that the last
54 * consumer of a socket is starting to tear down the socket, and that the
55 * protocol should terminate the connection. Historically, pru_abort() also
56 * detached protocol state from the socket state, but this is no longer the
57 * case.
58 *
59 * socreate() creates a socket and attaches protocol state. This is a public
60 * interface that may be used by socket layer consumers to create new
61 * sockets.
62 *
63 * sonewconn() creates a socket and attaches protocol state. This is a
64 * public interface that may be used by protocols to create new sockets when
65 * a new connection is received and will be available for accept() on a
66 * listen socket.
67 *
68 * soclose() destroys a socket after possibly waiting for it to disconnect.
69 * This is a public interface that socket consumers should use to close and
70 * release a socket when done with it.
71 *
72 * soabort() destroys a socket without waiting for it to disconnect (used
73 * only for incoming connections that are already partially or fully
74 * connected). This is used internally by the socket layer when clearing
75 * listen socket queues (due to overflow or close on the listen socket), but
76 * is also a public interface protocols may use to abort connections in
77 * their incomplete listen queues should they no longer be required. Sockets
78 * placed in completed connection listen queues should not be aborted for
79 * reasons described in the comment above the soclose() implementation. This
80 * is not a general purpose close routine, and except in the specific
81 * circumstances described here, should not be used.
82 *
83 * sofree() will free a socket and its protocol state if all references on
84 * the socket have been released, and is the public interface to attempt to
85 * free a socket when a reference is removed. This is a socket layer private
86 * interface.
87 *
88 * NOTE: In addition to socreate() and soclose(), which provide a single
89 * socket reference to the consumer to be managed as required, there are two
90 * calls to explicitly manage socket references, soref(), and sorele().
91 * Currently, these are generally required only when transitioning a socket
92 * from a listen queue to a file descriptor, in order to prevent garbage
93 * collection of the socket at an untimely moment. For a number of reasons,
94 * these interfaces are not preferred, and should be avoided.
95 */
96
97 #include <sys/cdefs.h>
98 __FBSDID("$FreeBSD$");
99
100 #include "opt_inet.h"
101 #include "opt_mac.h"
102 #include "opt_zero.h"
103 #include "opt_compat.h"
104
105 #include <sys/param.h>
106 #include <sys/systm.h>
107 #include <sys/fcntl.h>
108 #include <sys/limits.h>
109 #include <sys/lock.h>
110 #include <sys/mac.h>
111 #include <sys/malloc.h>
112 #include <sys/mbuf.h>
113 #include <sys/mutex.h>
114 #include <sys/domain.h>
115 #include <sys/file.h> /* for struct knote */
116 #include <sys/kernel.h>
117 #include <sys/event.h>
118 #include <sys/eventhandler.h>
119 #include <sys/poll.h>
120 #include <sys/proc.h>
121 #include <sys/protosw.h>
122 #include <sys/socket.h>
123 #include <sys/socketvar.h>
124 #include <sys/resourcevar.h>
125 #include <sys/signalvar.h>
126 #include <sys/stat.h>
127 #include <sys/sx.h>
128 #include <sys/sysctl.h>
129 #include <sys/uio.h>
130 #include <sys/jail.h>
131
132 #include <security/mac/mac_framework.h>
133
134 #include <vm/uma.h>
135
136 #ifdef COMPAT_IA32
137 #include <sys/mount.h>
138 #include <compat/freebsd32/freebsd32.h>
139
140 extern struct sysentvec ia32_freebsd_sysvec;
141 #endif
142
143 static int soreceive_rcvoob(struct socket *so, struct uio *uio,
144 int flags);
145
146 static void filt_sordetach(struct knote *kn);
147 static int filt_soread(struct knote *kn, long hint);
148 static void filt_sowdetach(struct knote *kn);
149 static int filt_sowrite(struct knote *kn, long hint);
150 static int filt_solisten(struct knote *kn, long hint);
151
152 static struct filterops solisten_filtops =
153 { 1, NULL, filt_sordetach, filt_solisten };
154 static struct filterops soread_filtops =
155 { 1, NULL, filt_sordetach, filt_soread };
156 static struct filterops sowrite_filtops =
157 { 1, NULL, filt_sowdetach, filt_sowrite };
158
159 uma_zone_t socket_zone;
160 so_gen_t so_gencnt; /* generation count for sockets */
161
162 int maxsockets;
163
164 MALLOC_DEFINE(M_SONAME, "soname", "socket name");
165 MALLOC_DEFINE(M_PCB, "pcb", "protocol control block");
166
167 static int somaxconn = SOMAXCONN;
168 static int sysctl_somaxconn(SYSCTL_HANDLER_ARGS);
169 /* XXX: we dont have SYSCTL_USHORT */
170 SYSCTL_PROC(_kern_ipc, KIPC_SOMAXCONN, somaxconn, CTLTYPE_UINT | CTLFLAG_RW,
171 0, sizeof(int), sysctl_somaxconn, "I", "Maximum pending socket connection "
172 "queue size");
173 static int numopensockets;
174 SYSCTL_INT(_kern_ipc, OID_AUTO, numopensockets, CTLFLAG_RD,
175 &numopensockets, 0, "Number of open sockets");
176 #ifdef ZERO_COPY_SOCKETS
177 /* These aren't static because they're used in other files. */
178 int so_zero_copy_send = 1;
179 int so_zero_copy_receive = 1;
180 SYSCTL_NODE(_kern_ipc, OID_AUTO, zero_copy, CTLFLAG_RD, 0,
181 "Zero copy controls");
182 SYSCTL_INT(_kern_ipc_zero_copy, OID_AUTO, receive, CTLFLAG_RW,
183 &so_zero_copy_receive, 0, "Enable zero copy receive");
184 SYSCTL_INT(_kern_ipc_zero_copy, OID_AUTO, send, CTLFLAG_RW,
185 &so_zero_copy_send, 0, "Enable zero copy send");
186 #endif /* ZERO_COPY_SOCKETS */
187
188 /*
189 * accept_mtx locks down per-socket fields relating to accept queues. See
190 * socketvar.h for an annotation of the protected fields of struct socket.
191 */
192 struct mtx accept_mtx;
193 MTX_SYSINIT(accept_mtx, &accept_mtx, "accept", MTX_DEF);
194
195 /*
196 * so_global_mtx protects so_gencnt, numopensockets, and the per-socket
197 * so_gencnt field.
198 */
199 static struct mtx so_global_mtx;
200 MTX_SYSINIT(so_global_mtx, &so_global_mtx, "so_glabel", MTX_DEF);
201
202 /*
203 * General IPC sysctl name space, used by sockets and a variety of other IPC
204 * types.
205 */
206 SYSCTL_NODE(_kern, KERN_IPC, ipc, CTLFLAG_RW, 0, "IPC");
207
208 /*
209 * Sysctl to get and set the maximum global sockets limit. Notify protocols
210 * of the change so that they can update their dependent limits as required.
211 */
212 static int
213 sysctl_maxsockets(SYSCTL_HANDLER_ARGS)
214 {
215 int error, newmaxsockets;
216
217 newmaxsockets = maxsockets;
218 error = sysctl_handle_int(oidp, &newmaxsockets, 0, req);
219 if (error == 0 && req->newptr) {
220 if (newmaxsockets > maxsockets) {
221 maxsockets = newmaxsockets;
222 if (maxsockets > ((maxfiles / 4) * 3)) {
223 maxfiles = (maxsockets * 5) / 4;
224 maxfilesperproc = (maxfiles * 9) / 10;
225 }
226 EVENTHANDLER_INVOKE(maxsockets_change);
227 } else
228 error = EINVAL;
229 }
230 return (error);
231 }
232
233 SYSCTL_PROC(_kern_ipc, OID_AUTO, maxsockets, CTLTYPE_INT|CTLFLAG_RW,
234 &maxsockets, 0, sysctl_maxsockets, "IU",
235 "Maximum number of sockets avaliable");
236
237 /*
238 * Initialise maxsockets.
239 */
240 static void init_maxsockets(void *ignored)
241 {
242 TUNABLE_INT_FETCH("kern.ipc.maxsockets", &maxsockets);
243 maxsockets = imax(maxsockets, imax(maxfiles, nmbclusters));
244 }
245 SYSINIT(param, SI_SUB_TUNABLES, SI_ORDER_ANY, init_maxsockets, NULL);
246
247 /*
248 * Socket operation routines. These routines are called by the routines in
249 * sys_socket.c or from a system process, and implement the semantics of
250 * socket operations by switching out to the protocol specific routines.
251 */
252
253 /*
254 * Get a socket structure from our zone, and initialize it. Note that it
255 * would probably be better to allocate socket and PCB at the same time, but
256 * I'm not convinced that all the protocols can be easily modified to do
257 * this.
258 *
259 * soalloc() returns a socket with a ref count of 0.
260 */
261 static struct socket *
262 soalloc(void)
263 {
264 struct socket *so;
265
266 so = uma_zalloc(socket_zone, M_NOWAIT | M_ZERO);
267 if (so == NULL)
268 return (NULL);
269 #ifdef MAC
270 if (mac_init_socket(so, M_NOWAIT) != 0) {
271 uma_zfree(socket_zone, so);
272 return (NULL);
273 }
274 #endif
275 SOCKBUF_LOCK_INIT(&so->so_snd, "so_snd");
276 SOCKBUF_LOCK_INIT(&so->so_rcv, "so_rcv");
277 sx_init(&so->so_snd.sb_sx, "so_snd_sx");
278 sx_init(&so->so_rcv.sb_sx, "so_rcv_sx");
279 TAILQ_INIT(&so->so_aiojobq);
280 mtx_lock(&so_global_mtx);
281 so->so_gencnt = ++so_gencnt;
282 ++numopensockets;
283 mtx_unlock(&so_global_mtx);
284 return (so);
285 }
286
287 /*
288 * Free the storage associated with a socket at the socket layer, tear down
289 * locks, labels, etc. All protocol state is assumed already to have been
290 * torn down (and possibly never set up) by the caller.
291 */
292 static void
293 sodealloc(struct socket *so)
294 {
295
296 KASSERT(so->so_count == 0, ("sodealloc(): so_count %d", so->so_count));
297 KASSERT(so->so_pcb == NULL, ("sodealloc(): so_pcb != NULL"));
298
299 mtx_lock(&so_global_mtx);
300 so->so_gencnt = ++so_gencnt;
301 --numopensockets; /* Could be below, but faster here. */
302 mtx_unlock(&so_global_mtx);
303 if (so->so_rcv.sb_hiwat)
304 (void)chgsbsize(so->so_cred->cr_uidinfo,
305 &so->so_rcv.sb_hiwat, 0, RLIM_INFINITY);
306 if (so->so_snd.sb_hiwat)
307 (void)chgsbsize(so->so_cred->cr_uidinfo,
308 &so->so_snd.sb_hiwat, 0, RLIM_INFINITY);
309 #ifdef INET
310 /* remove acccept filter if one is present. */
311 if (so->so_accf != NULL)
312 do_setopt_accept_filter(so, NULL);
313 #endif
314 #ifdef MAC
315 mac_destroy_socket(so);
316 #endif
317 crfree(so->so_cred);
318 sx_destroy(&so->so_snd.sb_sx);
319 sx_destroy(&so->so_rcv.sb_sx);
320 SOCKBUF_LOCK_DESTROY(&so->so_snd);
321 SOCKBUF_LOCK_DESTROY(&so->so_rcv);
322 uma_zfree(socket_zone, so);
323 }
324
325 /*
326 * socreate returns a socket with a ref count of 1. The socket should be
327 * closed with soclose().
328 */
329 int
330 socreate(int dom, struct socket **aso, int type, int proto,
331 struct ucred *cred, struct thread *td)
332 {
333 struct protosw *prp;
334 struct socket *so;
335 int error;
336
337 if (proto)
338 prp = pffindproto(dom, proto, type);
339 else
340 prp = pffindtype(dom, type);
341
342 if (prp == NULL || prp->pr_usrreqs->pru_attach == NULL ||
343 prp->pr_usrreqs->pru_attach == pru_attach_notsupp)
344 return (EPROTONOSUPPORT);
345
346 if (jailed(cred) && jail_socket_unixiproute_only &&
347 prp->pr_domain->dom_family != PF_LOCAL &&
348 prp->pr_domain->dom_family != PF_INET &&
349 prp->pr_domain->dom_family != PF_ROUTE) {
350 return (EPROTONOSUPPORT);
351 }
352
353 if (prp->pr_type != type)
354 return (EPROTOTYPE);
355 so = soalloc();
356 if (so == NULL)
357 return (ENOBUFS);
358
359 TAILQ_INIT(&so->so_incomp);
360 TAILQ_INIT(&so->so_comp);
361 so->so_type = type;
362 so->so_cred = crhold(cred);
363 so->so_proto = prp;
364 #ifdef MAC
365 mac_create_socket(cred, so);
366 #endif
367 knlist_init(&so->so_rcv.sb_sel.si_note, SOCKBUF_MTX(&so->so_rcv),
368 NULL, NULL, NULL);
369 knlist_init(&so->so_snd.sb_sel.si_note, SOCKBUF_MTX(&so->so_snd),
370 NULL, NULL, NULL);
371 so->so_count = 1;
372 /*
373 * Auto-sizing of socket buffers is managed by the protocols and
374 * the appropriate flags must be set in the pru_attach function.
375 */
376 error = (*prp->pr_usrreqs->pru_attach)(so, proto, td);
377 if (error) {
378 KASSERT(so->so_count == 1, ("socreate: so_count %d",
379 so->so_count));
380 so->so_count = 0;
381 sodealloc(so);
382 return (error);
383 }
384 *aso = so;
385 return (0);
386 }
387
388 #ifdef REGRESSION
389 static int regression_sonewconn_earlytest = 1;
390 SYSCTL_INT(_regression, OID_AUTO, sonewconn_earlytest, CTLFLAG_RW,
391 ®ression_sonewconn_earlytest, 0, "Perform early sonewconn limit test");
392 #endif
393
394 /*
395 * When an attempt at a new connection is noted on a socket which accepts
396 * connections, sonewconn is called. If the connection is possible (subject
397 * to space constraints, etc.) then we allocate a new structure, propoerly
398 * linked into the data structure of the original socket, and return this.
399 * Connstatus may be 0, or SO_ISCONFIRMING, or SO_ISCONNECTED.
400 *
401 * Note: the ref count on the socket is 0 on return.
402 */
403 struct socket *
404 sonewconn(struct socket *head, int connstatus)
405 {
406 struct socket *so;
407 int over;
408
409 ACCEPT_LOCK();
410 over = (head->so_qlen > 3 * head->so_qlimit / 2);
411 ACCEPT_UNLOCK();
412 #ifdef REGRESSION
413 if (regression_sonewconn_earlytest && over)
414 #else
415 if (over)
416 #endif
417 return (NULL);
418 so = soalloc();
419 if (so == NULL)
420 return (NULL);
421 if ((head->so_options & SO_ACCEPTFILTER) != 0)
422 connstatus = 0;
423 so->so_head = head;
424 so->so_type = head->so_type;
425 so->so_options = head->so_options &~ SO_ACCEPTCONN;
426 so->so_linger = head->so_linger;
427 so->so_state = head->so_state | SS_NOFDREF;
428 so->so_proto = head->so_proto;
429 so->so_cred = crhold(head->so_cred);
430 #ifdef MAC
431 SOCK_LOCK(head);
432 mac_create_socket_from_socket(head, so);
433 SOCK_UNLOCK(head);
434 #endif
435 knlist_init(&so->so_rcv.sb_sel.si_note, SOCKBUF_MTX(&so->so_rcv),
436 NULL, NULL, NULL);
437 knlist_init(&so->so_snd.sb_sel.si_note, SOCKBUF_MTX(&so->so_snd),
438 NULL, NULL, NULL);
439 if (soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat) ||
440 (*so->so_proto->pr_usrreqs->pru_attach)(so, 0, NULL)) {
441 sodealloc(so);
442 return (NULL);
443 }
444 so->so_rcv.sb_lowat = head->so_rcv.sb_lowat;
445 so->so_snd.sb_lowat = head->so_snd.sb_lowat;
446 so->so_rcv.sb_timeo = head->so_rcv.sb_timeo;
447 so->so_snd.sb_timeo = head->so_snd.sb_timeo;
448 so->so_rcv.sb_flags |= head->so_rcv.sb_flags & SB_AUTOSIZE;
449 so->so_snd.sb_flags |= head->so_snd.sb_flags & SB_AUTOSIZE;
450 so->so_state |= connstatus;
451 ACCEPT_LOCK();
452 if (connstatus) {
453 TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
454 so->so_qstate |= SQ_COMP;
455 head->so_qlen++;
456 } else {
457 /*
458 * Keep removing sockets from the head until there's room for
459 * us to insert on the tail. In pre-locking revisions, this
460 * was a simple if(), but as we could be racing with other
461 * threads and soabort() requires dropping locks, we must
462 * loop waiting for the condition to be true.
463 */
464 while (head->so_incqlen > head->so_qlimit) {
465 struct socket *sp;
466 sp = TAILQ_FIRST(&head->so_incomp);
467 TAILQ_REMOVE(&head->so_incomp, sp, so_list);
468 head->so_incqlen--;
469 sp->so_qstate &= ~SQ_INCOMP;
470 sp->so_head = NULL;
471 ACCEPT_UNLOCK();
472 soabort(sp);
473 ACCEPT_LOCK();
474 }
475 TAILQ_INSERT_TAIL(&head->so_incomp, so, so_list);
476 so->so_qstate |= SQ_INCOMP;
477 head->so_incqlen++;
478 }
479 ACCEPT_UNLOCK();
480 if (connstatus) {
481 sorwakeup(head);
482 wakeup_one(&head->so_timeo);
483 }
484 return (so);
485 }
486
487 int
488 sobind(struct socket *so, struct sockaddr *nam, struct thread *td)
489 {
490
491 return ((*so->so_proto->pr_usrreqs->pru_bind)(so, nam, td));
492 }
493
494 /*
495 * solisten() transitions a socket from a non-listening state to a listening
496 * state, but can also be used to update the listen queue depth on an
497 * existing listen socket. The protocol will call back into the sockets
498 * layer using solisten_proto_check() and solisten_proto() to check and set
499 * socket-layer listen state. Call backs are used so that the protocol can
500 * acquire both protocol and socket layer locks in whatever order is required
501 * by the protocol.
502 *
503 * Protocol implementors are advised to hold the socket lock across the
504 * socket-layer test and set to avoid races at the socket layer.
505 */
506 int
507 solisten(struct socket *so, int backlog, struct thread *td)
508 {
509
510 return ((*so->so_proto->pr_usrreqs->pru_listen)(so, backlog, td));
511 }
512
513 int
514 solisten_proto_check(struct socket *so)
515 {
516
517 SOCK_LOCK_ASSERT(so);
518
519 if (so->so_state & (SS_ISCONNECTED | SS_ISCONNECTING |
520 SS_ISDISCONNECTING))
521 return (EINVAL);
522 return (0);
523 }
524
525 void
526 solisten_proto(struct socket *so, int backlog)
527 {
528
529 SOCK_LOCK_ASSERT(so);
530
531 if (backlog < 0 || backlog > somaxconn)
532 backlog = somaxconn;
533 so->so_qlimit = backlog;
534 so->so_options |= SO_ACCEPTCONN;
535 }
536
537 /*
538 * Attempt to free a socket. This should really be sotryfree().
539 *
540 * sofree() will succeed if:
541 *
542 * - There are no outstanding file descriptor references or related consumers
543 * (so_count == 0).
544 *
545 * - The socket has been closed by user space, if ever open (SS_NOFDREF).
546 *
547 * - The protocol does not have an outstanding strong reference on the socket
548 * (SS_PROTOREF).
549 *
550 * - The socket is not in a completed connection queue, so a process has been
551 * notified that it is present. If it is removed, the user process may
552 * block in accept() despite select() saying the socket was ready.
553 *
554 * Otherwise, it will quietly abort so that a future call to sofree(), when
555 * conditions are right, can succeed.
556 */
557 void
558 sofree(struct socket *so)
559 {
560 struct protosw *pr = so->so_proto;
561 struct socket *head;
562
563 ACCEPT_LOCK_ASSERT();
564 SOCK_LOCK_ASSERT(so);
565
566 if ((so->so_state & SS_NOFDREF) == 0 || so->so_count != 0 ||
567 (so->so_state & SS_PROTOREF) || (so->so_qstate & SQ_COMP)) {
568 SOCK_UNLOCK(so);
569 ACCEPT_UNLOCK();
570 return;
571 }
572
573 head = so->so_head;
574 if (head != NULL) {
575 KASSERT((so->so_qstate & SQ_COMP) != 0 ||
576 (so->so_qstate & SQ_INCOMP) != 0,
577 ("sofree: so_head != NULL, but neither SQ_COMP nor "
578 "SQ_INCOMP"));
579 KASSERT((so->so_qstate & SQ_COMP) == 0 ||
580 (so->so_qstate & SQ_INCOMP) == 0,
581 ("sofree: so->so_qstate is SQ_COMP and also SQ_INCOMP"));
582 TAILQ_REMOVE(&head->so_incomp, so, so_list);
583 head->so_incqlen--;
584 so->so_qstate &= ~SQ_INCOMP;
585 so->so_head = NULL;
586 }
587 KASSERT((so->so_qstate & SQ_COMP) == 0 &&
588 (so->so_qstate & SQ_INCOMP) == 0,
589 ("sofree: so_head == NULL, but still SQ_COMP(%d) or SQ_INCOMP(%d)",
590 so->so_qstate & SQ_COMP, so->so_qstate & SQ_INCOMP));
591 if (so->so_options & SO_ACCEPTCONN) {
592 KASSERT((TAILQ_EMPTY(&so->so_comp)), ("sofree: so_comp populated"));
593 KASSERT((TAILQ_EMPTY(&so->so_incomp)), ("sofree: so_comp populated"));
594 }
595 SOCK_UNLOCK(so);
596 ACCEPT_UNLOCK();
597
598 if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose != NULL)
599 (*pr->pr_domain->dom_dispose)(so->so_rcv.sb_mb);
600 if (pr->pr_usrreqs->pru_detach != NULL)
601 (*pr->pr_usrreqs->pru_detach)(so);
602
603 /*
604 * From this point on, we assume that no other references to this
605 * socket exist anywhere else in the stack. Therefore, no locks need
606 * to be acquired or held.
607 *
608 * We used to do a lot of socket buffer and socket locking here, as
609 * well as invoke sorflush() and perform wakeups. The direct call to
610 * dom_dispose() and sbrelease_internal() are an inlining of what was
611 * necessary from sorflush().
612 *
613 * Notice that the socket buffer and kqueue state are torn down
614 * before calling pru_detach. This means that protocols shold not
615 * assume they can perform socket wakeups, etc, in their detach code.
616 */
617 sbdestroy(&so->so_snd, so);
618 sbdestroy(&so->so_rcv, so);
619 knlist_destroy(&so->so_rcv.sb_sel.si_note);
620 knlist_destroy(&so->so_snd.sb_sel.si_note);
621 sodealloc(so);
622 }
623
624 /*
625 * Close a socket on last file table reference removal. Initiate disconnect
626 * if connected. Free socket when disconnect complete.
627 *
628 * This function will sorele() the socket. Note that soclose() may be called
629 * prior to the ref count reaching zero. The actual socket structure will
630 * not be freed until the ref count reaches zero.
631 */
632 int
633 soclose(struct socket *so)
634 {
635 int error = 0;
636
637 KASSERT(!(so->so_state & SS_NOFDREF), ("soclose: SS_NOFDREF on enter"));
638
639 funsetown(&so->so_sigio);
640 if (so->so_state & SS_ISCONNECTED) {
641 if ((so->so_state & SS_ISDISCONNECTING) == 0) {
642 error = sodisconnect(so);
643 if (error)
644 goto drop;
645 }
646 if (so->so_options & SO_LINGER) {
647 if ((so->so_state & SS_ISDISCONNECTING) &&
648 (so->so_state & SS_NBIO))
649 goto drop;
650 while (so->so_state & SS_ISCONNECTED) {
651 error = tsleep(&so->so_timeo,
652 PSOCK | PCATCH, "soclos", so->so_linger * hz);
653 if (error)
654 break;
655 }
656 }
657 }
658
659 drop:
660 if (so->so_proto->pr_usrreqs->pru_close != NULL)
661 (*so->so_proto->pr_usrreqs->pru_close)(so);
662 if (so->so_options & SO_ACCEPTCONN) {
663 struct socket *sp;
664 ACCEPT_LOCK();
665 while ((sp = TAILQ_FIRST(&so->so_incomp)) != NULL) {
666 TAILQ_REMOVE(&so->so_incomp, sp, so_list);
667 so->so_incqlen--;
668 sp->so_qstate &= ~SQ_INCOMP;
669 sp->so_head = NULL;
670 ACCEPT_UNLOCK();
671 soabort(sp);
672 ACCEPT_LOCK();
673 }
674 while ((sp = TAILQ_FIRST(&so->so_comp)) != NULL) {
675 TAILQ_REMOVE(&so->so_comp, sp, so_list);
676 so->so_qlen--;
677 sp->so_qstate &= ~SQ_COMP;
678 sp->so_head = NULL;
679 ACCEPT_UNLOCK();
680 soabort(sp);
681 ACCEPT_LOCK();
682 }
683 ACCEPT_UNLOCK();
684 }
685 ACCEPT_LOCK();
686 SOCK_LOCK(so);
687 KASSERT((so->so_state & SS_NOFDREF) == 0, ("soclose: NOFDREF"));
688 so->so_state |= SS_NOFDREF;
689 sorele(so);
690 return (error);
691 }
692
693 /*
694 * soabort() is used to abruptly tear down a connection, such as when a
695 * resource limit is reached (listen queue depth exceeded), or if a listen
696 * socket is closed while there are sockets waiting to be accepted.
697 *
698 * This interface is tricky, because it is called on an unreferenced socket,
699 * and must be called only by a thread that has actually removed the socket
700 * from the listen queue it was on, or races with other threads are risked.
701 *
702 * This interface will call into the protocol code, so must not be called
703 * with any socket locks held. Protocols do call it while holding their own
704 * recursible protocol mutexes, but this is something that should be subject
705 * to review in the future.
706 */
707 void
708 soabort(struct socket *so)
709 {
710
711 /*
712 * In as much as is possible, assert that no references to this
713 * socket are held. This is not quite the same as asserting that the
714 * current thread is responsible for arranging for no references, but
715 * is as close as we can get for now.
716 */
717 KASSERT(so->so_count == 0, ("soabort: so_count"));
718 KASSERT((so->so_state & SS_PROTOREF) == 0, ("soabort: SS_PROTOREF"));
719 KASSERT(so->so_state & SS_NOFDREF, ("soabort: !SS_NOFDREF"));
720 KASSERT((so->so_state & SQ_COMP) == 0, ("soabort: SQ_COMP"));
721 KASSERT((so->so_state & SQ_INCOMP) == 0, ("soabort: SQ_INCOMP"));
722
723 if (so->so_proto->pr_usrreqs->pru_abort != NULL)
724 (*so->so_proto->pr_usrreqs->pru_abort)(so);
725 ACCEPT_LOCK();
726 SOCK_LOCK(so);
727 sofree(so);
728 }
729
730 int
731 soaccept(struct socket *so, struct sockaddr **nam)
732 {
733 int error;
734
735 SOCK_LOCK(so);
736 KASSERT((so->so_state & SS_NOFDREF) != 0, ("soaccept: !NOFDREF"));
737 so->so_state &= ~SS_NOFDREF;
738 SOCK_UNLOCK(so);
739 error = (*so->so_proto->pr_usrreqs->pru_accept)(so, nam);
740 return (error);
741 }
742
743 int
744 soconnect(struct socket *so, struct sockaddr *nam, struct thread *td)
745 {
746 int error;
747
748 if (so->so_options & SO_ACCEPTCONN)
749 return (EOPNOTSUPP);
750 /*
751 * If protocol is connection-based, can only connect once.
752 * Otherwise, if connected, try to disconnect first. This allows
753 * user to disconnect by connecting to, e.g., a null address.
754 */
755 if (so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING) &&
756 ((so->so_proto->pr_flags & PR_CONNREQUIRED) ||
757 (error = sodisconnect(so)))) {
758 error = EISCONN;
759 } else {
760 /*
761 * Prevent accumulated error from previous connection from
762 * biting us.
763 */
764 so->so_error = 0;
765 error = (*so->so_proto->pr_usrreqs->pru_connect)(so, nam, td);
766 }
767
768 return (error);
769 }
770
771 int
772 soconnect2(struct socket *so1, struct socket *so2)
773 {
774
775 return ((*so1->so_proto->pr_usrreqs->pru_connect2)(so1, so2));
776 }
777
778 int
779 sodisconnect(struct socket *so)
780 {
781 int error;
782
783 if ((so->so_state & SS_ISCONNECTED) == 0)
784 return (ENOTCONN);
785 if (so->so_state & SS_ISDISCONNECTING)
786 return (EALREADY);
787 error = (*so->so_proto->pr_usrreqs->pru_disconnect)(so);
788 return (error);
789 }
790
791 #ifdef ZERO_COPY_SOCKETS
792 struct so_zerocopy_stats{
793 int size_ok;
794 int align_ok;
795 int found_ifp;
796 };
797 struct so_zerocopy_stats so_zerocp_stats = {0,0,0};
798 #include <netinet/in.h>
799 #include <net/route.h>
800 #include <netinet/in_pcb.h>
801 #include <vm/vm.h>
802 #include <vm/vm_page.h>
803 #include <vm/vm_object.h>
804
805 /*
806 * sosend_copyin() is only used if zero copy sockets are enabled. Otherwise
807 * sosend_dgram() and sosend_generic() use m_uiotombuf().
808 *
809 * sosend_copyin() accepts a uio and prepares an mbuf chain holding part or
810 * all of the data referenced by the uio. If desired, it uses zero-copy.
811 * *space will be updated to reflect data copied in.
812 *
813 * NB: If atomic I/O is requested, the caller must already have checked that
814 * space can hold resid bytes.
815 *
816 * NB: In the event of an error, the caller may need to free the partial
817 * chain pointed to by *mpp. The contents of both *uio and *space may be
818 * modified even in the case of an error.
819 */
820 static int
821 sosend_copyin(struct uio *uio, struct mbuf **retmp, int atomic, long *space,
822 int flags)
823 {
824 struct mbuf *m, **mp, *top;
825 long len, resid;
826 int error;
827 #ifdef ZERO_COPY_SOCKETS
828 int cow_send;
829 #endif
830
831 *retmp = top = NULL;
832 mp = ⊤
833 len = 0;
834 resid = uio->uio_resid;
835 error = 0;
836 do {
837 #ifdef ZERO_COPY_SOCKETS
838 cow_send = 0;
839 #endif /* ZERO_COPY_SOCKETS */
840 if (resid >= MINCLSIZE) {
841 #ifdef ZERO_COPY_SOCKETS
842 if (top == NULL) {
843 m = m_gethdr(M_WAITOK, MT_DATA);
844 m->m_pkthdr.len = 0;
845 m->m_pkthdr.rcvif = NULL;
846 } else
847 m = m_get(M_WAITOK, MT_DATA);
848 if (so_zero_copy_send &&
849 resid>=PAGE_SIZE &&
850 *space>=PAGE_SIZE &&
851 uio->uio_iov->iov_len>=PAGE_SIZE) {
852 so_zerocp_stats.size_ok++;
853 so_zerocp_stats.align_ok++;
854 cow_send = socow_setup(m, uio);
855 len = cow_send;
856 }
857 if (!cow_send) {
858 m_clget(m, M_WAITOK);
859 len = min(min(MCLBYTES, resid), *space);
860 }
861 #else /* ZERO_COPY_SOCKETS */
862 if (top == NULL) {
863 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR);
864 m->m_pkthdr.len = 0;
865 m->m_pkthdr.rcvif = NULL;
866 } else
867 m = m_getcl(M_TRYWAIT, MT_DATA, 0);
868 len = min(min(MCLBYTES, resid), *space);
869 #endif /* ZERO_COPY_SOCKETS */
870 } else {
871 if (top == NULL) {
872 m = m_gethdr(M_TRYWAIT, MT_DATA);
873 m->m_pkthdr.len = 0;
874 m->m_pkthdr.rcvif = NULL;
875
876 len = min(min(MHLEN, resid), *space);
877 /*
878 * For datagram protocols, leave room
879 * for protocol headers in first mbuf.
880 */
881 if (atomic && m && len < MHLEN)
882 MH_ALIGN(m, len);
883 } else {
884 m = m_get(M_TRYWAIT, MT_DATA);
885 len = min(min(MLEN, resid), *space);
886 }
887 }
888 if (m == NULL) {
889 error = ENOBUFS;
890 goto out;
891 }
892
893 *space -= len;
894 #ifdef ZERO_COPY_SOCKETS
895 if (cow_send)
896 error = 0;
897 else
898 #endif /* ZERO_COPY_SOCKETS */
899 error = uiomove(mtod(m, void *), (int)len, uio);
900 resid = uio->uio_resid;
901 m->m_len = len;
902 *mp = m;
903 top->m_pkthdr.len += len;
904 if (error)
905 goto out;
906 mp = &m->m_next;
907 if (resid <= 0) {
908 if (flags & MSG_EOR)
909 top->m_flags |= M_EOR;
910 break;
911 }
912 } while (*space > 0 && atomic);
913 out:
914 *retmp = top;
915 return (error);
916 }
917 #endif /*ZERO_COPY_SOCKETS*/
918
919 #define SBLOCKWAIT(f) (((f) & MSG_DONTWAIT) ? 0 : SBL_WAIT)
920
921 int
922 sosend_dgram(struct socket *so, struct sockaddr *addr, struct uio *uio,
923 struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
924 {
925 long space, resid;
926 int clen = 0, error, dontroute;
927 #ifdef ZERO_COPY_SOCKETS
928 int atomic = sosendallatonce(so) || top;
929 #endif
930
931 KASSERT(so->so_type == SOCK_DGRAM, ("sodgram_send: !SOCK_DGRAM"));
932 KASSERT(so->so_proto->pr_flags & PR_ATOMIC,
933 ("sodgram_send: !PR_ATOMIC"));
934
935 if (uio != NULL)
936 resid = uio->uio_resid;
937 else
938 resid = top->m_pkthdr.len;
939 /*
940 * In theory resid should be unsigned. However, space must be
941 * signed, as it might be less than 0 if we over-committed, and we
942 * must use a signed comparison of space and resid. On the other
943 * hand, a negative resid causes us to loop sending 0-length
944 * segments to the protocol.
945 *
946 * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM
947 * type sockets since that's an error.
948 */
949 if (resid < 0) {
950 error = EINVAL;
951 goto out;
952 }
953
954 dontroute =
955 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0;
956 if (td != NULL)
957 td->td_ru.ru_msgsnd++;
958 if (control != NULL)
959 clen = control->m_len;
960
961 SOCKBUF_LOCK(&so->so_snd);
962 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
963 SOCKBUF_UNLOCK(&so->so_snd);
964 error = EPIPE;
965 goto out;
966 }
967 if (so->so_error) {
968 error = so->so_error;
969 so->so_error = 0;
970 SOCKBUF_UNLOCK(&so->so_snd);
971 goto out;
972 }
973 if ((so->so_state & SS_ISCONNECTED) == 0) {
974 /*
975 * `sendto' and `sendmsg' is allowed on a connection-based
976 * socket if it supports implied connect. Return ENOTCONN if
977 * not connected and no address is supplied.
978 */
979 if ((so->so_proto->pr_flags & PR_CONNREQUIRED) &&
980 (so->so_proto->pr_flags & PR_IMPLOPCL) == 0) {
981 if ((so->so_state & SS_ISCONFIRMING) == 0 &&
982 !(resid == 0 && clen != 0)) {
983 SOCKBUF_UNLOCK(&so->so_snd);
984 error = ENOTCONN;
985 goto out;
986 }
987 } else if (addr == NULL) {
988 if (so->so_proto->pr_flags & PR_CONNREQUIRED)
989 error = ENOTCONN;
990 else
991 error = EDESTADDRREQ;
992 SOCKBUF_UNLOCK(&so->so_snd);
993 goto out;
994 }
995 }
996
997 /*
998 * Do we need MSG_OOB support in SOCK_DGRAM? Signs here may be a
999 * problem and need fixing.
1000 */
1001 space = sbspace(&so->so_snd);
1002 if (flags & MSG_OOB)
1003 space += 1024;
1004 space -= clen;
1005 SOCKBUF_UNLOCK(&so->so_snd);
1006 if (resid > space) {
1007 error = EMSGSIZE;
1008 goto out;
1009 }
1010 if (uio == NULL) {
1011 resid = 0;
1012 if (flags & MSG_EOR)
1013 top->m_flags |= M_EOR;
1014 } else {
1015 #ifdef ZERO_COPY_SOCKETS
1016 error = sosend_copyin(uio, &top, atomic, &space, flags);
1017 if (error)
1018 goto out;
1019 #else
1020 /*
1021 * Copy the data from userland into a mbuf chain.
1022 * If no data is to be copied in, a single empty mbuf
1023 * is returned.
1024 */
1025 top = m_uiotombuf(uio, M_WAITOK, space, max_hdr,
1026 (M_PKTHDR | ((flags & MSG_EOR) ? M_EOR : 0)));
1027 if (top == NULL) {
1028 error = EFAULT; /* only possible error */
1029 goto out;
1030 }
1031 space -= resid - uio->uio_resid;
1032 #endif
1033 resid = uio->uio_resid;
1034 }
1035 KASSERT(resid == 0, ("sosend_dgram: resid != 0"));
1036 /*
1037 * XXXRW: Frobbing SO_DONTROUTE here is even worse without sblock
1038 * than with.
1039 */
1040 if (dontroute) {
1041 SOCK_LOCK(so);
1042 so->so_options |= SO_DONTROUTE;
1043 SOCK_UNLOCK(so);
1044 }
1045 /*
1046 * XXX all the SBS_CANTSENDMORE checks previously done could be out
1047 * of date. We could have recieved a reset packet in an interrupt or
1048 * maybe we slept while doing page faults in uiomove() etc. We could
1049 * probably recheck again inside the locking protection here, but
1050 * there are probably other places that this also happens. We must
1051 * rethink this.
1052 */
1053 error = (*so->so_proto->pr_usrreqs->pru_send)(so,
1054 (flags & MSG_OOB) ? PRUS_OOB :
1055 /*
1056 * If the user set MSG_EOF, the protocol understands this flag and
1057 * nothing left to send then use PRU_SEND_EOF instead of PRU_SEND.
1058 */
1059 ((flags & MSG_EOF) &&
1060 (so->so_proto->pr_flags & PR_IMPLOPCL) &&
1061 (resid <= 0)) ?
1062 PRUS_EOF :
1063 /* If there is more to send set PRUS_MORETOCOME */
1064 (resid > 0 && space > 0) ? PRUS_MORETOCOME : 0,
1065 top, addr, control, td);
1066 if (dontroute) {
1067 SOCK_LOCK(so);
1068 so->so_options &= ~SO_DONTROUTE;
1069 SOCK_UNLOCK(so);
1070 }
1071 clen = 0;
1072 control = NULL;
1073 top = NULL;
1074 out:
1075 if (top != NULL)
1076 m_freem(top);
1077 if (control != NULL)
1078 m_freem(control);
1079 return (error);
1080 }
1081
1082 /*
1083 * Send on a socket. If send must go all at once and message is larger than
1084 * send buffering, then hard error. Lock against other senders. If must go
1085 * all at once and not enough room now, then inform user that this would
1086 * block and do nothing. Otherwise, if nonblocking, send as much as
1087 * possible. The data to be sent is described by "uio" if nonzero, otherwise
1088 * by the mbuf chain "top" (which must be null if uio is not). Data provided
1089 * in mbuf chain must be small enough to send all at once.
1090 *
1091 * Returns nonzero on error, timeout or signal; callers must check for short
1092 * counts if EINTR/ERESTART are returned. Data and control buffers are freed
1093 * on return.
1094 */
1095 int
1096 sosend_generic(struct socket *so, struct sockaddr *addr, struct uio *uio,
1097 struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
1098 {
1099 long space, resid;
1100 int clen = 0, error, dontroute;
1101 int atomic = sosendallatonce(so) || top;
1102
1103 if (uio != NULL)
1104 resid = uio->uio_resid;
1105 else
1106 resid = top->m_pkthdr.len;
1107 /*
1108 * In theory resid should be unsigned. However, space must be
1109 * signed, as it might be less than 0 if we over-committed, and we
1110 * must use a signed comparison of space and resid. On the other
1111 * hand, a negative resid causes us to loop sending 0-length
1112 * segments to the protocol.
1113 *
1114 * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM
1115 * type sockets since that's an error.
1116 */
1117 if (resid < 0 || (so->so_type == SOCK_STREAM && (flags & MSG_EOR))) {
1118 error = EINVAL;
1119 goto out;
1120 }
1121
1122 dontroute =
1123 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0 &&
1124 (so->so_proto->pr_flags & PR_ATOMIC);
1125 if (td != NULL)
1126 td->td_ru.ru_msgsnd++;
1127 if (control != NULL)
1128 clen = control->m_len;
1129
1130 error = sblock(&so->so_snd, SBLOCKWAIT(flags));
1131 if (error)
1132 goto out;
1133
1134 restart:
1135 do {
1136 SOCKBUF_LOCK(&so->so_snd);
1137 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
1138 SOCKBUF_UNLOCK(&so->so_snd);
1139 error = EPIPE;
1140 goto release;
1141 }
1142 if (so->so_error) {
1143 error = so->so_error;
1144 so->so_error = 0;
1145 SOCKBUF_UNLOCK(&so->so_snd);
1146 goto release;
1147 }
1148 if ((so->so_state & SS_ISCONNECTED) == 0) {
1149 /*
1150 * `sendto' and `sendmsg' is allowed on a connection-
1151 * based socket if it supports implied connect.
1152 * Return ENOTCONN if not connected and no address is
1153 * supplied.
1154 */
1155 if ((so->so_proto->pr_flags & PR_CONNREQUIRED) &&
1156 (so->so_proto->pr_flags & PR_IMPLOPCL) == 0) {
1157 if ((so->so_state & SS_ISCONFIRMING) == 0 &&
1158 !(resid == 0 && clen != 0)) {
1159 SOCKBUF_UNLOCK(&so->so_snd);
1160 error = ENOTCONN;
1161 goto release;
1162 }
1163 } else if (addr == NULL) {
1164 SOCKBUF_UNLOCK(&so->so_snd);
1165 if (so->so_proto->pr_flags & PR_CONNREQUIRED)
1166 error = ENOTCONN;
1167 else
1168 error = EDESTADDRREQ;
1169 goto release;
1170 }
1171 }
1172 space = sbspace(&so->so_snd);
1173 if (flags & MSG_OOB)
1174 space += 1024;
1175 if ((atomic && resid > so->so_snd.sb_hiwat) ||
1176 clen > so->so_snd.sb_hiwat) {
1177 SOCKBUF_UNLOCK(&so->so_snd);
1178 error = EMSGSIZE;
1179 goto release;
1180 }
1181 if (space < resid + clen &&
1182 (atomic || space < so->so_snd.sb_lowat || space < clen)) {
1183 if ((so->so_state & SS_NBIO) || (flags & MSG_NBIO)) {
1184 SOCKBUF_UNLOCK(&so->so_snd);
1185 error = EWOULDBLOCK;
1186 goto release;
1187 }
1188 error = sbwait(&so->so_snd);
1189 SOCKBUF_UNLOCK(&so->so_snd);
1190 if (error)
1191 goto release;
1192 goto restart;
1193 }
1194 SOCKBUF_UNLOCK(&so->so_snd);
1195 space -= clen;
1196 do {
1197 if (uio == NULL) {
1198 resid = 0;
1199 if (flags & MSG_EOR)
1200 top->m_flags |= M_EOR;
1201 } else {
1202 #ifdef ZERO_COPY_SOCKETS
1203 error = sosend_copyin(uio, &top, atomic,
1204 &space, flags);
1205 if (error != 0)
1206 goto release;
1207 #else
1208 /*
1209 * Copy the data from userland into a mbuf
1210 * chain. If no data is to be copied in,
1211 * a single empty mbuf is returned.
1212 */
1213 top = m_uiotombuf(uio, M_WAITOK, space,
1214 (atomic ? max_hdr : 0),
1215 (atomic ? M_PKTHDR : 0) |
1216 ((flags & MSG_EOR) ? M_EOR : 0));
1217 if (top == NULL) {
1218 error = EFAULT; /* only possible error */
1219 goto release;
1220 }
1221 space -= resid - uio->uio_resid;
1222 #endif
1223 resid = uio->uio_resid;
1224 }
1225 if (dontroute) {
1226 SOCK_LOCK(so);
1227 so->so_options |= SO_DONTROUTE;
1228 SOCK_UNLOCK(so);
1229 }
1230 /*
1231 * XXX all the SBS_CANTSENDMORE checks previously
1232 * done could be out of date. We could have recieved
1233 * a reset packet in an interrupt or maybe we slept
1234 * while doing page faults in uiomove() etc. We
1235 * could probably recheck again inside the locking
1236 * protection here, but there are probably other
1237 * places that this also happens. We must rethink
1238 * this.
1239 */
1240 error = (*so->so_proto->pr_usrreqs->pru_send)(so,
1241 (flags & MSG_OOB) ? PRUS_OOB :
1242 /*
1243 * If the user set MSG_EOF, the protocol understands
1244 * this flag and nothing left to send then use
1245 * PRU_SEND_EOF instead of PRU_SEND.
1246 */
1247 ((flags & MSG_EOF) &&
1248 (so->so_proto->pr_flags & PR_IMPLOPCL) &&
1249 (resid <= 0)) ?
1250 PRUS_EOF :
1251 /* If there is more to send set PRUS_MORETOCOME. */
1252 (resid > 0 && space > 0) ? PRUS_MORETOCOME : 0,
1253 top, addr, control, td);
1254 if (dontroute) {
1255 SOCK_LOCK(so);
1256 so->so_options &= ~SO_DONTROUTE;
1257 SOCK_UNLOCK(so);
1258 }
1259 clen = 0;
1260 control = NULL;
1261 top = NULL;
1262 if (error)
1263 goto release;
1264 } while (resid && space > 0);
1265 } while (resid);
1266
1267 release:
1268 sbunlock(&so->so_snd);
1269 out:
1270 if (top != NULL)
1271 m_freem(top);
1272 if (control != NULL)
1273 m_freem(control);
1274 return (error);
1275 }
1276
1277 int
1278 sosend(struct socket *so, struct sockaddr *addr, struct uio *uio,
1279 struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
1280 {
1281
1282 /* XXXRW: Temporary debugging. */
1283 KASSERT(so->so_proto->pr_usrreqs->pru_sosend != sosend,
1284 ("sosend: protocol calls sosend"));
1285
1286 return (so->so_proto->pr_usrreqs->pru_sosend(so, addr, uio, top,
1287 control, flags, td));
1288 }
1289
1290 /*
1291 * The part of soreceive() that implements reading non-inline out-of-band
1292 * data from a socket. For more complete comments, see soreceive(), from
1293 * which this code originated.
1294 *
1295 * Note that soreceive_rcvoob(), unlike the remainder of soreceive(), is
1296 * unable to return an mbuf chain to the caller.
1297 */
1298 static int
1299 soreceive_rcvoob(struct socket *so, struct uio *uio, int flags)
1300 {
1301 struct protosw *pr = so->so_proto;
1302 struct mbuf *m;
1303 int error;
1304
1305 KASSERT(flags & MSG_OOB, ("soreceive_rcvoob: (flags & MSG_OOB) == 0"));
1306
1307 m = m_get(M_TRYWAIT, MT_DATA);
1308 if (m == NULL)
1309 return (ENOBUFS);
1310 error = (*pr->pr_usrreqs->pru_rcvoob)(so, m, flags & MSG_PEEK);
1311 if (error)
1312 goto bad;
1313 do {
1314 #ifdef ZERO_COPY_SOCKETS
1315 if (so_zero_copy_receive) {
1316 int disposable;
1317
1318 if ((m->m_flags & M_EXT)
1319 && (m->m_ext.ext_type == EXT_DISPOSABLE))
1320 disposable = 1;
1321 else
1322 disposable = 0;
1323
1324 error = uiomoveco(mtod(m, void *),
1325 min(uio->uio_resid, m->m_len),
1326 uio, disposable);
1327 } else
1328 #endif /* ZERO_COPY_SOCKETS */
1329 error = uiomove(mtod(m, void *),
1330 (int) min(uio->uio_resid, m->m_len), uio);
1331 m = m_free(m);
1332 } while (uio->uio_resid && error == 0 && m);
1333 bad:
1334 if (m != NULL)
1335 m_freem(m);
1336 return (error);
1337 }
1338
1339 /*
1340 * Following replacement or removal of the first mbuf on the first mbuf chain
1341 * of a socket buffer, push necessary state changes back into the socket
1342 * buffer so that other consumers see the values consistently. 'nextrecord'
1343 * is the callers locally stored value of the original value of
1344 * sb->sb_mb->m_nextpkt which must be restored when the lead mbuf changes.
1345 * NOTE: 'nextrecord' may be NULL.
1346 */
1347 static __inline void
1348 sockbuf_pushsync(struct sockbuf *sb, struct mbuf *nextrecord)
1349 {
1350
1351 SOCKBUF_LOCK_ASSERT(sb);
1352 /*
1353 * First, update for the new value of nextrecord. If necessary, make
1354 * it the first record.
1355 */
1356 if (sb->sb_mb != NULL)
1357 sb->sb_mb->m_nextpkt = nextrecord;
1358 else
1359 sb->sb_mb = nextrecord;
1360
1361 /*
1362 * Now update any dependent socket buffer fields to reflect the new
1363 * state. This is an expanded inline of SB_EMPTY_FIXUP(), with the
1364 * addition of a second clause that takes care of the case where
1365 * sb_mb has been updated, but remains the last record.
1366 */
1367 if (sb->sb_mb == NULL) {
1368 sb->sb_mbtail = NULL;
1369 sb->sb_lastrecord = NULL;
1370 } else if (sb->sb_mb->m_nextpkt == NULL)
1371 sb->sb_lastrecord = sb->sb_mb;
1372 }
1373
1374
1375 /*
1376 * Implement receive operations on a socket. We depend on the way that
1377 * records are added to the sockbuf by sbappend. In particular, each record
1378 * (mbufs linked through m_next) must begin with an address if the protocol
1379 * so specifies, followed by an optional mbuf or mbufs containing ancillary
1380 * data, and then zero or more mbufs of data. In order to allow parallelism
1381 * between network receive and copying to user space, as well as avoid
1382 * sleeping with a mutex held, we release the socket buffer mutex during the
1383 * user space copy. Although the sockbuf is locked, new data may still be
1384 * appended, and thus we must maintain consistency of the sockbuf during that
1385 * time.
1386 *
1387 * The caller may receive the data as a single mbuf chain by supplying an
1388 * mbuf **mp0 for use in returning the chain. The uio is then used only for
1389 * the count in uio_resid.
1390 */
1391 int
1392 soreceive_generic(struct socket *so, struct sockaddr **psa, struct uio *uio,
1393 struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
1394 {
1395 struct mbuf *m, **mp;
1396 int flags, len, error, offset;
1397 struct protosw *pr = so->so_proto;
1398 struct mbuf *nextrecord;
1399 int moff, type = 0;
1400 int orig_resid = uio->uio_resid;
1401
1402 mp = mp0;
1403 if (psa != NULL)
1404 *psa = NULL;
1405 if (controlp != NULL)
1406 *controlp = NULL;
1407 if (flagsp != NULL)
1408 flags = *flagsp &~ MSG_EOR;
1409 else
1410 flags = 0;
1411 if (flags & MSG_OOB)
1412 return (soreceive_rcvoob(so, uio, flags));
1413 if (mp != NULL)
1414 *mp = NULL;
1415 if ((pr->pr_flags & PR_WANTRCVD) && (so->so_state & SS_ISCONFIRMING)
1416 && uio->uio_resid)
1417 (*pr->pr_usrreqs->pru_rcvd)(so, 0);
1418
1419 error = sblock(&so->so_rcv, SBLOCKWAIT(flags));
1420 if (error)
1421 return (error);
1422
1423 restart:
1424 SOCKBUF_LOCK(&so->so_rcv);
1425 m = so->so_rcv.sb_mb;
1426 /*
1427 * If we have less data than requested, block awaiting more (subject
1428 * to any timeout) if:
1429 * 1. the current count is less than the low water mark, or
1430 * 2. MSG_WAITALL is set, and it is possible to do the entire
1431 * receive operation at once if we block (resid <= hiwat).
1432 * 3. MSG_DONTWAIT is not set
1433 * If MSG_WAITALL is set but resid is larger than the receive buffer,
1434 * we have to do the receive in sections, and thus risk returning a
1435 * short count if a timeout or signal occurs after we start.
1436 */
1437 if (m == NULL || (((flags & MSG_DONTWAIT) == 0 &&
1438 so->so_rcv.sb_cc < uio->uio_resid) &&
1439 (so->so_rcv.sb_cc < so->so_rcv.sb_lowat ||
1440 ((flags & MSG_WAITALL) && uio->uio_resid <= so->so_rcv.sb_hiwat)) &&
1441 m->m_nextpkt == NULL && (pr->pr_flags & PR_ATOMIC) == 0)) {
1442 KASSERT(m != NULL || !so->so_rcv.sb_cc,
1443 ("receive: m == %p so->so_rcv.sb_cc == %u",
1444 m, so->so_rcv.sb_cc));
1445 if (so->so_error) {
1446 if (m != NULL)
1447 goto dontblock;
1448 error = so->so_error;
1449 if ((flags & MSG_PEEK) == 0)
1450 so->so_error = 0;
1451 SOCKBUF_UNLOCK(&so->so_rcv);
1452 goto release;
1453 }
1454 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1455 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
1456 if (m == NULL) {
1457 SOCKBUF_UNLOCK(&so->so_rcv);
1458 goto release;
1459 } else
1460 goto dontblock;
1461 }
1462 for (; m != NULL; m = m->m_next)
1463 if (m->m_type == MT_OOBDATA || (m->m_flags & M_EOR)) {
1464 m = so->so_rcv.sb_mb;
1465 goto dontblock;
1466 }
1467 if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) == 0 &&
1468 (so->so_proto->pr_flags & PR_CONNREQUIRED)) {
1469 SOCKBUF_UNLOCK(&so->so_rcv);
1470 error = ENOTCONN;
1471 goto release;
1472 }
1473 if (uio->uio_resid == 0) {
1474 SOCKBUF_UNLOCK(&so->so_rcv);
1475 goto release;
1476 }
1477 if ((so->so_state & SS_NBIO) ||
1478 (flags & (MSG_DONTWAIT|MSG_NBIO))) {
1479 SOCKBUF_UNLOCK(&so->so_rcv);
1480 error = EWOULDBLOCK;
1481 goto release;
1482 }
1483 SBLASTRECORDCHK(&so->so_rcv);
1484 SBLASTMBUFCHK(&so->so_rcv);
1485 error = sbwait(&so->so_rcv);
1486 SOCKBUF_UNLOCK(&so->so_rcv);
1487 if (error)
1488 goto release;
1489 goto restart;
1490 }
1491 dontblock:
1492 /*
1493 * From this point onward, we maintain 'nextrecord' as a cache of the
1494 * pointer to the next record in the socket buffer. We must keep the
1495 * various socket buffer pointers and local stack versions of the
1496 * pointers in sync, pushing out modifications before dropping the
1497 * socket buffer mutex, and re-reading them when picking it up.
1498 *
1499 * Otherwise, we will race with the network stack appending new data
1500 * or records onto the socket buffer by using inconsistent/stale
1501 * versions of the field, possibly resulting in socket buffer
1502 * corruption.
1503 *
1504 * By holding the high-level sblock(), we prevent simultaneous
1505 * readers from pulling off the front of the socket buffer.
1506 */
1507 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1508 if (uio->uio_td)
1509 uio->uio_td->td_ru.ru_msgrcv++;
1510 KASSERT(m == so->so_rcv.sb_mb, ("soreceive: m != so->so_rcv.sb_mb"));
1511 SBLASTRECORDCHK(&so->so_rcv);
1512 SBLASTMBUFCHK(&so->so_rcv);
1513 nextrecord = m->m_nextpkt;
1514 if (pr->pr_flags & PR_ADDR) {
1515 KASSERT(m->m_type == MT_SONAME,
1516 ("m->m_type == %d", m->m_type));
1517 orig_resid = 0;
1518 if (psa != NULL)
1519 *psa = sodupsockaddr(mtod(m, struct sockaddr *),
1520 M_NOWAIT);
1521 if (flags & MSG_PEEK) {
1522 m = m->m_next;
1523 } else {
1524 sbfree(&so->so_rcv, m);
1525 so->so_rcv.sb_mb = m_free(m);
1526 m = so->so_rcv.sb_mb;
1527 sockbuf_pushsync(&so->so_rcv, nextrecord);
1528 }
1529 }
1530
1531 /*
1532 * Process one or more MT_CONTROL mbufs present before any data mbufs
1533 * in the first mbuf chain on the socket buffer. If MSG_PEEK, we
1534 * just copy the data; if !MSG_PEEK, we call into the protocol to
1535 * perform externalization (or freeing if controlp == NULL).
1536 */
1537 if (m != NULL && m->m_type == MT_CONTROL) {
1538 struct mbuf *cm = NULL, *cmn;
1539 struct mbuf **cme = &cm;
1540
1541 do {
1542 if (flags & MSG_PEEK) {
1543 if (controlp != NULL) {
1544 *controlp = m_copy(m, 0, m->m_len);
1545 controlp = &(*controlp)->m_next;
1546 }
1547 m = m->m_next;
1548 } else {
1549 sbfree(&so->so_rcv, m);
1550 so->so_rcv.sb_mb = m->m_next;
1551 m->m_next = NULL;
1552 *cme = m;
1553 cme = &(*cme)->m_next;
1554 m = so->so_rcv.sb_mb;
1555 }
1556 } while (m != NULL && m->m_type == MT_CONTROL);
1557 if ((flags & MSG_PEEK) == 0)
1558 sockbuf_pushsync(&so->so_rcv, nextrecord);
1559 while (cm != NULL) {
1560 cmn = cm->m_next;
1561 cm->m_next = NULL;
1562 if (pr->pr_domain->dom_externalize != NULL) {
1563 SOCKBUF_UNLOCK(&so->so_rcv);
1564 error = (*pr->pr_domain->dom_externalize)
1565 (cm, controlp);
1566 SOCKBUF_LOCK(&so->so_rcv);
1567 } else if (controlp != NULL)
1568 *controlp = cm;
1569 else
1570 m_freem(cm);
1571 if (controlp != NULL) {
1572 orig_resid = 0;
1573 while (*controlp != NULL)
1574 controlp = &(*controlp)->m_next;
1575 }
1576 cm = cmn;
1577 }
1578 if (m != NULL)
1579 nextrecord = so->so_rcv.sb_mb->m_nextpkt;
1580 else
1581 nextrecord = so->so_rcv.sb_mb;
1582 orig_resid = 0;
1583 }
1584 if (m != NULL) {
1585 if ((flags & MSG_PEEK) == 0) {
1586 KASSERT(m->m_nextpkt == nextrecord,
1587 ("soreceive: post-control, nextrecord !sync"));
1588 if (nextrecord == NULL) {
1589 KASSERT(so->so_rcv.sb_mb == m,
1590 ("soreceive: post-control, sb_mb!=m"));
1591 KASSERT(so->so_rcv.sb_lastrecord == m,
1592 ("soreceive: post-control, lastrecord!=m"));
1593 }
1594 }
1595 type = m->m_type;
1596 if (type == MT_OOBDATA)
1597 flags |= MSG_OOB;
1598 } else {
1599 if ((flags & MSG_PEEK) == 0) {
1600 KASSERT(so->so_rcv.sb_mb == nextrecord,
1601 ("soreceive: sb_mb != nextrecord"));
1602 if (so->so_rcv.sb_mb == NULL) {
1603 KASSERT(so->so_rcv.sb_lastrecord == NULL,
1604 ("soreceive: sb_lastercord != NULL"));
1605 }
1606 }
1607 }
1608 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1609 SBLASTRECORDCHK(&so->so_rcv);
1610 SBLASTMBUFCHK(&so->so_rcv);
1611
1612 /*
1613 * Now continue to read any data mbufs off of the head of the socket
1614 * buffer until the read request is satisfied. Note that 'type' is
1615 * used to store the type of any mbuf reads that have happened so far
1616 * such that soreceive() can stop reading if the type changes, which
1617 * causes soreceive() to return only one of regular data and inline
1618 * out-of-band data in a single socket receive operation.
1619 */
1620 moff = 0;
1621 offset = 0;
1622 while (m != NULL && uio->uio_resid > 0 && error == 0) {
1623 /*
1624 * If the type of mbuf has changed since the last mbuf
1625 * examined ('type'), end the receive operation.
1626 */
1627 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1628 if (m->m_type == MT_OOBDATA) {
1629 if (type != MT_OOBDATA)
1630 break;
1631 } else if (type == MT_OOBDATA)
1632 break;
1633 else
1634 KASSERT(m->m_type == MT_DATA,
1635 ("m->m_type == %d", m->m_type));
1636 so->so_rcv.sb_state &= ~SBS_RCVATMARK;
1637 len = uio->uio_resid;
1638 if (so->so_oobmark && len > so->so_oobmark - offset)
1639 len = so->so_oobmark - offset;
1640 if (len > m->m_len - moff)
1641 len = m->m_len - moff;
1642 /*
1643 * If mp is set, just pass back the mbufs. Otherwise copy
1644 * them out via the uio, then free. Sockbuf must be
1645 * consistent here (points to current mbuf, it points to next
1646 * record) when we drop priority; we must note any additions
1647 * to the sockbuf when we block interrupts again.
1648 */
1649 if (mp == NULL) {
1650 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1651 SBLASTRECORDCHK(&so->so_rcv);
1652 SBLASTMBUFCHK(&so->so_rcv);
1653 SOCKBUF_UNLOCK(&so->so_rcv);
1654 #ifdef ZERO_COPY_SOCKETS
1655 if (so_zero_copy_receive) {
1656 int disposable;
1657
1658 if ((m->m_flags & M_EXT)
1659 && (m->m_ext.ext_type == EXT_DISPOSABLE))
1660 disposable = 1;
1661 else
1662 disposable = 0;
1663
1664 error = uiomoveco(mtod(m, char *) + moff,
1665 (int)len, uio,
1666 disposable);
1667 } else
1668 #endif /* ZERO_COPY_SOCKETS */
1669 error = uiomove(mtod(m, char *) + moff, (int)len, uio);
1670 SOCKBUF_LOCK(&so->so_rcv);
1671 if (error) {
1672 /*
1673 * The MT_SONAME mbuf has already been removed
1674 * from the record, so it is necessary to
1675 * remove the data mbufs, if any, to preserve
1676 * the invariant in the case of PR_ADDR that
1677 * requires MT_SONAME mbufs at the head of
1678 * each record.
1679 */
1680 if (m && pr->pr_flags & PR_ATOMIC &&
1681 ((flags & MSG_PEEK) == 0))
1682 (void)sbdroprecord_locked(&so->so_rcv);
1683 SOCKBUF_UNLOCK(&so->so_rcv);
1684 goto release;
1685 }
1686 } else
1687 uio->uio_resid -= len;
1688 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1689 if (len == m->m_len - moff) {
1690 if (m->m_flags & M_EOR)
1691 flags |= MSG_EOR;
1692 if (flags & MSG_PEEK) {
1693 m = m->m_next;
1694 moff = 0;
1695 } else {
1696 nextrecord = m->m_nextpkt;
1697 sbfree(&so->so_rcv, m);
1698 if (mp != NULL) {
1699 *mp = m;
1700 mp = &m->m_next;
1701 so->so_rcv.sb_mb = m = m->m_next;
1702 *mp = NULL;
1703 } else {
1704 so->so_rcv.sb_mb = m_free(m);
1705 m = so->so_rcv.sb_mb;
1706 }
1707 sockbuf_pushsync(&so->so_rcv, nextrecord);
1708 SBLASTRECORDCHK(&so->so_rcv);
1709 SBLASTMBUFCHK(&so->so_rcv);
1710 }
1711 } else {
1712 if (flags & MSG_PEEK)
1713 moff += len;
1714 else {
1715 if (mp != NULL) {
1716 int copy_flag;
1717
1718 if (flags & MSG_DONTWAIT)
1719 copy_flag = M_DONTWAIT;
1720 else
1721 copy_flag = M_TRYWAIT;
1722 if (copy_flag == M_TRYWAIT)
1723 SOCKBUF_UNLOCK(&so->so_rcv);
1724 *mp = m_copym(m, 0, len, copy_flag);
1725 if (copy_flag == M_TRYWAIT)
1726 SOCKBUF_LOCK(&so->so_rcv);
1727 if (*mp == NULL) {
1728 /*
1729 * m_copym() couldn't
1730 * allocate an mbuf. Adjust
1731 * uio_resid back (it was
1732 * adjusted down by len
1733 * bytes, which we didn't end
1734 * up "copying" over).
1735 */
1736 uio->uio_resid += len;
1737 break;
1738 }
1739 }
1740 m->m_data += len;
1741 m->m_len -= len;
1742 so->so_rcv.sb_cc -= len;
1743 }
1744 }
1745 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1746 if (so->so_oobmark) {
1747 if ((flags & MSG_PEEK) == 0) {
1748 so->so_oobmark -= len;
1749 if (so->so_oobmark == 0) {
1750 so->so_rcv.sb_state |= SBS_RCVATMARK;
1751 break;
1752 }
1753 } else {
1754 offset += len;
1755 if (offset == so->so_oobmark)
1756 break;
1757 }
1758 }
1759 if (flags & MSG_EOR)
1760 break;
1761 /*
1762 * If the MSG_WAITALL flag is set (for non-atomic socket), we
1763 * must not quit until "uio->uio_resid == 0" or an error
1764 * termination. If a signal/timeout occurs, return with a
1765 * short count but without error. Keep sockbuf locked
1766 * against other readers.
1767 */
1768 while (flags & MSG_WAITALL && m == NULL && uio->uio_resid > 0 &&
1769 !sosendallatonce(so) && nextrecord == NULL) {
1770 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1771 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE)
1772 break;
1773 /*
1774 * Notify the protocol that some data has been
1775 * drained before blocking.
1776 */
1777 if (pr->pr_flags & PR_WANTRCVD) {
1778 SOCKBUF_UNLOCK(&so->so_rcv);
1779 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
1780 SOCKBUF_LOCK(&so->so_rcv);
1781 }
1782 SBLASTRECORDCHK(&so->so_rcv);
1783 SBLASTMBUFCHK(&so->so_rcv);
1784 error = sbwait(&so->so_rcv);
1785 if (error) {
1786 SOCKBUF_UNLOCK(&so->so_rcv);
1787 goto release;
1788 }
1789 m = so->so_rcv.sb_mb;
1790 if (m != NULL)
1791 nextrecord = m->m_nextpkt;
1792 }
1793 }
1794
1795 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1796 if (m != NULL && pr->pr_flags & PR_ATOMIC) {
1797 flags |= MSG_TRUNC;
1798 if ((flags & MSG_PEEK) == 0)
1799 (void) sbdroprecord_locked(&so->so_rcv);
1800 }
1801 if ((flags & MSG_PEEK) == 0) {
1802 if (m == NULL) {
1803 /*
1804 * First part is an inline SB_EMPTY_FIXUP(). Second
1805 * part makes sure sb_lastrecord is up-to-date if
1806 * there is still data in the socket buffer.
1807 */
1808 so->so_rcv.sb_mb = nextrecord;
1809 if (so->so_rcv.sb_mb == NULL) {
1810 so->so_rcv.sb_mbtail = NULL;
1811 so->so_rcv.sb_lastrecord = NULL;
1812 } else if (nextrecord->m_nextpkt == NULL)
1813 so->so_rcv.sb_lastrecord = nextrecord;
1814 }
1815 SBLASTRECORDCHK(&so->so_rcv);
1816 SBLASTMBUFCHK(&so->so_rcv);
1817 /*
1818 * If soreceive() is being done from the socket callback,
1819 * then don't need to generate ACK to peer to update window,
1820 * since ACK will be generated on return to TCP.
1821 */
1822 if (!(flags & MSG_SOCALLBCK) &&
1823 (pr->pr_flags & PR_WANTRCVD)) {
1824 SOCKBUF_UNLOCK(&so->so_rcv);
1825 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
1826 SOCKBUF_LOCK(&so->so_rcv);
1827 }
1828 }
1829 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1830 if (orig_resid == uio->uio_resid && orig_resid &&
1831 (flags & MSG_EOR) == 0 && (so->so_rcv.sb_state & SBS_CANTRCVMORE) == 0) {
1832 SOCKBUF_UNLOCK(&so->so_rcv);
1833 goto restart;
1834 }
1835 SOCKBUF_UNLOCK(&so->so_rcv);
1836
1837 if (flagsp != NULL)
1838 *flagsp |= flags;
1839 release:
1840 sbunlock(&so->so_rcv);
1841 return (error);
1842 }
1843
1844 int
1845 soreceive(struct socket *so, struct sockaddr **psa, struct uio *uio,
1846 struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
1847 {
1848
1849 /* XXXRW: Temporary debugging. */
1850 KASSERT(so->so_proto->pr_usrreqs->pru_soreceive != soreceive,
1851 ("soreceive: protocol calls soreceive"));
1852
1853 return (so->so_proto->pr_usrreqs->pru_soreceive(so, psa, uio, mp0,
1854 controlp, flagsp));
1855 }
1856
1857 int
1858 soshutdown(struct socket *so, int how)
1859 {
1860 struct protosw *pr = so->so_proto;
1861
1862 if (!(how == SHUT_RD || how == SHUT_WR || how == SHUT_RDWR))
1863 return (EINVAL);
1864
1865 if (how != SHUT_WR)
1866 sorflush(so);
1867 if (how != SHUT_RD)
1868 return ((*pr->pr_usrreqs->pru_shutdown)(so));
1869 return (0);
1870 }
1871
1872 void
1873 sorflush(struct socket *so)
1874 {
1875 struct sockbuf *sb = &so->so_rcv;
1876 struct protosw *pr = so->so_proto;
1877 struct sockbuf asb;
1878
1879 /*
1880 * XXXRW: This is quite ugly. Previously, this code made a copy of
1881 * the socket buffer, then zero'd the original to clear the buffer
1882 * fields. However, with mutexes in the socket buffer, this causes
1883 * problems. We only clear the zeroable bits of the original;
1884 * however, we have to initialize and destroy the mutex in the copy
1885 * so that dom_dispose() and sbrelease() can lock t as needed.
1886 */
1887
1888 /*
1889 * Dislodge threads currently blocked in receive and wait to acquire
1890 * a lock against other simultaneous readers before clearing the
1891 * socket buffer. Don't let our acquire be interrupted by a signal
1892 * despite any existing socket disposition on interruptable waiting.
1893 */
1894 socantrcvmore(so);
1895 (void) sblock(sb, SBL_WAIT | SBL_NOINTR);
1896
1897 /*
1898 * Invalidate/clear most of the sockbuf structure, but leave selinfo
1899 * and mutex data unchanged.
1900 */
1901 SOCKBUF_LOCK(sb);
1902 bzero(&asb, offsetof(struct sockbuf, sb_startzero));
1903 bcopy(&sb->sb_startzero, &asb.sb_startzero,
1904 sizeof(*sb) - offsetof(struct sockbuf, sb_startzero));
1905 bzero(&sb->sb_startzero,
1906 sizeof(*sb) - offsetof(struct sockbuf, sb_startzero));
1907 SOCKBUF_UNLOCK(sb);
1908 sbunlock(sb);
1909
1910 SOCKBUF_LOCK_INIT(&asb, "so_rcv");
1911 if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose != NULL)
1912 (*pr->pr_domain->dom_dispose)(asb.sb_mb);
1913 sbrelease(&asb, so);
1914 SOCKBUF_LOCK_DESTROY(&asb);
1915 }
1916
1917 /*
1918 * Perhaps this routine, and sooptcopyout(), below, ought to come in an
1919 * additional variant to handle the case where the option value needs to be
1920 * some kind of integer, but not a specific size. In addition to their use
1921 * here, these functions are also called by the protocol-level pr_ctloutput()
1922 * routines.
1923 */
1924 int
1925 sooptcopyin(struct sockopt *sopt, void *buf, size_t len, size_t minlen)
1926 {
1927 size_t valsize;
1928
1929 /*
1930 * If the user gives us more than we wanted, we ignore it, but if we
1931 * don't get the minimum length the caller wants, we return EINVAL.
1932 * On success, sopt->sopt_valsize is set to however much we actually
1933 * retrieved.
1934 */
1935 if ((valsize = sopt->sopt_valsize) < minlen)
1936 return EINVAL;
1937 if (valsize > len)
1938 sopt->sopt_valsize = valsize = len;
1939
1940 if (sopt->sopt_td != NULL)
1941 return (copyin(sopt->sopt_val, buf, valsize));
1942
1943 bcopy(sopt->sopt_val, buf, valsize);
1944 return (0);
1945 }
1946
1947 /*
1948 * Kernel version of setsockopt(2).
1949 *
1950 * XXX: optlen is size_t, not socklen_t
1951 */
1952 int
1953 so_setsockopt(struct socket *so, int level, int optname, void *optval,
1954 size_t optlen)
1955 {
1956 struct sockopt sopt;
1957
1958 sopt.sopt_level = level;
1959 sopt.sopt_name = optname;
1960 sopt.sopt_dir = SOPT_SET;
1961 sopt.sopt_val = optval;
1962 sopt.sopt_valsize = optlen;
1963 sopt.sopt_td = NULL;
1964 return (sosetopt(so, &sopt));
1965 }
1966
1967 int
1968 sosetopt(struct socket *so, struct sockopt *sopt)
1969 {
1970 int error, optval;
1971 struct linger l;
1972 struct timeval tv;
1973 u_long val;
1974 #ifdef MAC
1975 struct mac extmac;
1976 #endif
1977
1978 error = 0;
1979 if (sopt->sopt_level != SOL_SOCKET) {
1980 if (so->so_proto && so->so_proto->pr_ctloutput)
1981 return ((*so->so_proto->pr_ctloutput)
1982 (so, sopt));
1983 error = ENOPROTOOPT;
1984 } else {
1985 switch (sopt->sopt_name) {
1986 #ifdef INET
1987 case SO_ACCEPTFILTER:
1988 error = do_setopt_accept_filter(so, sopt);
1989 if (error)
1990 goto bad;
1991 break;
1992 #endif
1993 case SO_LINGER:
1994 error = sooptcopyin(sopt, &l, sizeof l, sizeof l);
1995 if (error)
1996 goto bad;
1997
1998 SOCK_LOCK(so);
1999 so->so_linger = l.l_linger;
2000 if (l.l_onoff)
2001 so->so_options |= SO_LINGER;
2002 else
2003 so->so_options &= ~SO_LINGER;
2004 SOCK_UNLOCK(so);
2005 break;
2006
2007 case SO_DEBUG:
2008 case SO_KEEPALIVE:
2009 case SO_DONTROUTE:
2010 case SO_USELOOPBACK:
2011 case SO_BROADCAST:
2012 case SO_REUSEADDR:
2013 case SO_REUSEPORT:
2014 case SO_OOBINLINE:
2015 case SO_TIMESTAMP:
2016 case SO_BINTIME:
2017 case SO_NOSIGPIPE:
2018 error = sooptcopyin(sopt, &optval, sizeof optval,
2019 sizeof optval);
2020 if (error)
2021 goto bad;
2022 SOCK_LOCK(so);
2023 if (optval)
2024 so->so_options |= sopt->sopt_name;
2025 else
2026 so->so_options &= ~sopt->sopt_name;
2027 SOCK_UNLOCK(so);
2028 break;
2029
2030 case SO_SNDBUF:
2031 case SO_RCVBUF:
2032 case SO_SNDLOWAT:
2033 case SO_RCVLOWAT:
2034 error = sooptcopyin(sopt, &optval, sizeof optval,
2035 sizeof optval);
2036 if (error)
2037 goto bad;
2038
2039 /*
2040 * Values < 1 make no sense for any of these options,
2041 * so disallow them.
2042 */
2043 if (optval < 1) {
2044 error = EINVAL;
2045 goto bad;
2046 }
2047
2048 switch (sopt->sopt_name) {
2049 case SO_SNDBUF:
2050 case SO_RCVBUF:
2051 if (sbreserve(sopt->sopt_name == SO_SNDBUF ?
2052 &so->so_snd : &so->so_rcv, (u_long)optval,
2053 so, curthread) == 0) {
2054 error = ENOBUFS;
2055 goto bad;
2056 }
2057 (sopt->sopt_name == SO_SNDBUF ? &so->so_snd :
2058 &so->so_rcv)->sb_flags &= ~SB_AUTOSIZE;
2059 break;
2060
2061 /*
2062 * Make sure the low-water is never greater than the
2063 * high-water.
2064 */
2065 case SO_SNDLOWAT:
2066 SOCKBUF_LOCK(&so->so_snd);
2067 so->so_snd.sb_lowat =
2068 (optval > so->so_snd.sb_hiwat) ?
2069 so->so_snd.sb_hiwat : optval;
2070 SOCKBUF_UNLOCK(&so->so_snd);
2071 break;
2072 case SO_RCVLOWAT:
2073 SOCKBUF_LOCK(&so->so_rcv);
2074 so->so_rcv.sb_lowat =
2075 (optval > so->so_rcv.sb_hiwat) ?
2076 so->so_rcv.sb_hiwat : optval;
2077 SOCKBUF_UNLOCK(&so->so_rcv);
2078 break;
2079 }
2080 break;
2081
2082 case SO_SNDTIMEO:
2083 case SO_RCVTIMEO:
2084 #ifdef COMPAT_IA32
2085 if (curthread->td_proc->p_sysent == &ia32_freebsd_sysvec) {
2086 struct timeval32 tv32;
2087
2088 error = sooptcopyin(sopt, &tv32, sizeof tv32,
2089 sizeof tv32);
2090 CP(tv32, tv, tv_sec);
2091 CP(tv32, tv, tv_usec);
2092 } else
2093 #endif
2094 error = sooptcopyin(sopt, &tv, sizeof tv,
2095 sizeof tv);
2096 if (error)
2097 goto bad;
2098
2099 /* assert(hz > 0); */
2100 if (tv.tv_sec < 0 || tv.tv_sec > INT_MAX / hz ||
2101 tv.tv_usec < 0 || tv.tv_usec >= 1000000) {
2102 error = EDOM;
2103 goto bad;
2104 }
2105 /* assert(tick > 0); */
2106 /* assert(ULONG_MAX - INT_MAX >= 1000000); */
2107 val = (u_long)(tv.tv_sec * hz) + tv.tv_usec / tick;
2108 if (val > INT_MAX) {
2109 error = EDOM;
2110 goto bad;
2111 }
2112 if (val == 0 && tv.tv_usec != 0)
2113 val = 1;
2114
2115 switch (sopt->sopt_name) {
2116 case SO_SNDTIMEO:
2117 so->so_snd.sb_timeo = val;
2118 break;
2119 case SO_RCVTIMEO:
2120 so->so_rcv.sb_timeo = val;
2121 break;
2122 }
2123 break;
2124
2125 case SO_LABEL:
2126 #ifdef MAC
2127 error = sooptcopyin(sopt, &extmac, sizeof extmac,
2128 sizeof extmac);
2129 if (error)
2130 goto bad;
2131 error = mac_setsockopt_label(sopt->sopt_td->td_ucred,
2132 so, &extmac);
2133 #else
2134 error = EOPNOTSUPP;
2135 #endif
2136 break;
2137
2138 default:
2139 error = ENOPROTOOPT;
2140 break;
2141 }
2142 if (error == 0 && so->so_proto != NULL &&
2143 so->so_proto->pr_ctloutput != NULL) {
2144 (void) ((*so->so_proto->pr_ctloutput)
2145 (so, sopt));
2146 }
2147 }
2148 bad:
2149 return (error);
2150 }
2151
2152 /*
2153 * Helper routine for getsockopt.
2154 */
2155 int
2156 sooptcopyout(struct sockopt *sopt, const void *buf, size_t len)
2157 {
2158 int error;
2159 size_t valsize;
2160
2161 error = 0;
2162
2163 /*
2164 * Documented get behavior is that we always return a value, possibly
2165 * truncated to fit in the user's buffer. Traditional behavior is
2166 * that we always tell the user precisely how much we copied, rather
2167 * than something useful like the total amount we had available for
2168 * her. Note that this interface is not idempotent; the entire
2169 * answer must generated ahead of time.
2170 */
2171 valsize = min(len, sopt->sopt_valsize);
2172 sopt->sopt_valsize = valsize;
2173 if (sopt->sopt_val != NULL) {
2174 if (sopt->sopt_td != NULL)
2175 error = copyout(buf, sopt->sopt_val, valsize);
2176 else
2177 bcopy(buf, sopt->sopt_val, valsize);
2178 }
2179 return (error);
2180 }
2181
2182 int
2183 sogetopt(struct socket *so, struct sockopt *sopt)
2184 {
2185 int error, optval;
2186 struct linger l;
2187 struct timeval tv;
2188 #ifdef MAC
2189 struct mac extmac;
2190 #endif
2191
2192 error = 0;
2193 if (sopt->sopt_level != SOL_SOCKET) {
2194 if (so->so_proto && so->so_proto->pr_ctloutput) {
2195 return ((*so->so_proto->pr_ctloutput)
2196 (so, sopt));
2197 } else
2198 return (ENOPROTOOPT);
2199 } else {
2200 switch (sopt->sopt_name) {
2201 #ifdef INET
2202 case SO_ACCEPTFILTER:
2203 error = do_getopt_accept_filter(so, sopt);
2204 break;
2205 #endif
2206 case SO_LINGER:
2207 SOCK_LOCK(so);
2208 l.l_onoff = so->so_options & SO_LINGER;
2209 l.l_linger = so->so_linger;
2210 SOCK_UNLOCK(so);
2211 error = sooptcopyout(sopt, &l, sizeof l);
2212 break;
2213
2214 case SO_USELOOPBACK:
2215 case SO_DONTROUTE:
2216 case SO_DEBUG:
2217 case SO_KEEPALIVE:
2218 case SO_REUSEADDR:
2219 case SO_REUSEPORT:
2220 case SO_BROADCAST:
2221 case SO_OOBINLINE:
2222 case SO_ACCEPTCONN:
2223 case SO_TIMESTAMP:
2224 case SO_BINTIME:
2225 case SO_NOSIGPIPE:
2226 optval = so->so_options & sopt->sopt_name;
2227 integer:
2228 error = sooptcopyout(sopt, &optval, sizeof optval);
2229 break;
2230
2231 case SO_TYPE:
2232 optval = so->so_type;
2233 goto integer;
2234
2235 case SO_ERROR:
2236 SOCK_LOCK(so);
2237 optval = so->so_error;
2238 so->so_error = 0;
2239 SOCK_UNLOCK(so);
2240 goto integer;
2241
2242 case SO_SNDBUF:
2243 optval = so->so_snd.sb_hiwat;
2244 goto integer;
2245
2246 case SO_RCVBUF:
2247 optval = so->so_rcv.sb_hiwat;
2248 goto integer;
2249
2250 case SO_SNDLOWAT:
2251 optval = so->so_snd.sb_lowat;
2252 goto integer;
2253
2254 case SO_RCVLOWAT:
2255 optval = so->so_rcv.sb_lowat;
2256 goto integer;
2257
2258 case SO_SNDTIMEO:
2259 case SO_RCVTIMEO:
2260 optval = (sopt->sopt_name == SO_SNDTIMEO ?
2261 so->so_snd.sb_timeo : so->so_rcv.sb_timeo);
2262
2263 tv.tv_sec = optval / hz;
2264 tv.tv_usec = (optval % hz) * tick;
2265 #ifdef COMPAT_IA32
2266 if (curthread->td_proc->p_sysent == &ia32_freebsd_sysvec) {
2267 struct timeval32 tv32;
2268
2269 CP(tv, tv32, tv_sec);
2270 CP(tv, tv32, tv_usec);
2271 error = sooptcopyout(sopt, &tv32, sizeof tv32);
2272 } else
2273 #endif
2274 error = sooptcopyout(sopt, &tv, sizeof tv);
2275 break;
2276
2277 case SO_LABEL:
2278 #ifdef MAC
2279 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
2280 sizeof(extmac));
2281 if (error)
2282 return (error);
2283 error = mac_getsockopt_label(sopt->sopt_td->td_ucred,
2284 so, &extmac);
2285 if (error)
2286 return (error);
2287 error = sooptcopyout(sopt, &extmac, sizeof extmac);
2288 #else
2289 error = EOPNOTSUPP;
2290 #endif
2291 break;
2292
2293 case SO_PEERLABEL:
2294 #ifdef MAC
2295 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
2296 sizeof(extmac));
2297 if (error)
2298 return (error);
2299 error = mac_getsockopt_peerlabel(
2300 sopt->sopt_td->td_ucred, so, &extmac);
2301 if (error)
2302 return (error);
2303 error = sooptcopyout(sopt, &extmac, sizeof extmac);
2304 #else
2305 error = EOPNOTSUPP;
2306 #endif
2307 break;
2308
2309 case SO_LISTENQLIMIT:
2310 optval = so->so_qlimit;
2311 goto integer;
2312
2313 case SO_LISTENQLEN:
2314 optval = so->so_qlen;
2315 goto integer;
2316
2317 case SO_LISTENINCQLEN:
2318 optval = so->so_incqlen;
2319 goto integer;
2320
2321 default:
2322 error = ENOPROTOOPT;
2323 break;
2324 }
2325 return (error);
2326 }
2327 }
2328
2329 /* XXX; prepare mbuf for (__FreeBSD__ < 3) routines. */
2330 int
2331 soopt_getm(struct sockopt *sopt, struct mbuf **mp)
2332 {
2333 struct mbuf *m, *m_prev;
2334 int sopt_size = sopt->sopt_valsize;
2335
2336 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
2337 if (m == NULL)
2338 return ENOBUFS;
2339 if (sopt_size > MLEN) {
2340 MCLGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT);
2341 if ((m->m_flags & M_EXT) == 0) {
2342 m_free(m);
2343 return ENOBUFS;
2344 }
2345 m->m_len = min(MCLBYTES, sopt_size);
2346 } else {
2347 m->m_len = min(MLEN, sopt_size);
2348 }
2349 sopt_size -= m->m_len;
2350 *mp = m;
2351 m_prev = m;
2352
2353 while (sopt_size) {
2354 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
2355 if (m == NULL) {
2356 m_freem(*mp);
2357 return ENOBUFS;
2358 }
2359 if (sopt_size > MLEN) {
2360 MCLGET(m, sopt->sopt_td != NULL ? M_TRYWAIT :
2361 M_DONTWAIT);
2362 if ((m->m_flags & M_EXT) == 0) {
2363 m_freem(m);
2364 m_freem(*mp);
2365 return ENOBUFS;
2366 }
2367 m->m_len = min(MCLBYTES, sopt_size);
2368 } else {
2369 m->m_len = min(MLEN, sopt_size);
2370 }
2371 sopt_size -= m->m_len;
2372 m_prev->m_next = m;
2373 m_prev = m;
2374 }
2375 return (0);
2376 }
2377
2378 /* XXX; copyin sopt data into mbuf chain for (__FreeBSD__ < 3) routines. */
2379 int
2380 soopt_mcopyin(struct sockopt *sopt, struct mbuf *m)
2381 {
2382 struct mbuf *m0 = m;
2383
2384 if (sopt->sopt_val == NULL)
2385 return (0);
2386 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
2387 if (sopt->sopt_td != NULL) {
2388 int error;
2389
2390 error = copyin(sopt->sopt_val, mtod(m, char *),
2391 m->m_len);
2392 if (error != 0) {
2393 m_freem(m0);
2394 return(error);
2395 }
2396 } else
2397 bcopy(sopt->sopt_val, mtod(m, char *), m->m_len);
2398 sopt->sopt_valsize -= m->m_len;
2399 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
2400 m = m->m_next;
2401 }
2402 if (m != NULL) /* should be allocated enoughly at ip6_sooptmcopyin() */
2403 panic("ip6_sooptmcopyin");
2404 return (0);
2405 }
2406
2407 /* XXX; copyout mbuf chain data into soopt for (__FreeBSD__ < 3) routines. */
2408 int
2409 soopt_mcopyout(struct sockopt *sopt, struct mbuf *m)
2410 {
2411 struct mbuf *m0 = m;
2412 size_t valsize = 0;
2413
2414 if (sopt->sopt_val == NULL)
2415 return (0);
2416 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
2417 if (sopt->sopt_td != NULL) {
2418 int error;
2419
2420 error = copyout(mtod(m, char *), sopt->sopt_val,
2421 m->m_len);
2422 if (error != 0) {
2423 m_freem(m0);
2424 return(error);
2425 }
2426 } else
2427 bcopy(mtod(m, char *), sopt->sopt_val, m->m_len);
2428 sopt->sopt_valsize -= m->m_len;
2429 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
2430 valsize += m->m_len;
2431 m = m->m_next;
2432 }
2433 if (m != NULL) {
2434 /* enough soopt buffer should be given from user-land */
2435 m_freem(m0);
2436 return(EINVAL);
2437 }
2438 sopt->sopt_valsize = valsize;
2439 return (0);
2440 }
2441
2442 /*
2443 * sohasoutofband(): protocol notifies socket layer of the arrival of new
2444 * out-of-band data, which will then notify socket consumers.
2445 */
2446 void
2447 sohasoutofband(struct socket *so)
2448 {
2449
2450 if (so->so_sigio != NULL)
2451 pgsigio(&so->so_sigio, SIGURG, 0);
2452 selwakeuppri(&so->so_rcv.sb_sel, PSOCK);
2453 }
2454
2455 int
2456 sopoll(struct socket *so, int events, struct ucred *active_cred,
2457 struct thread *td)
2458 {
2459
2460 /* XXXRW: Temporary debugging. */
2461 KASSERT(so->so_proto->pr_usrreqs->pru_sopoll != sopoll,
2462 ("sopoll: protocol calls sopoll"));
2463
2464 return (so->so_proto->pr_usrreqs->pru_sopoll(so, events, active_cred,
2465 td));
2466 }
2467
2468 int
2469 sopoll_generic(struct socket *so, int events, struct ucred *active_cred,
2470 struct thread *td)
2471 {
2472 int revents = 0;
2473
2474 SOCKBUF_LOCK(&so->so_snd);
2475 SOCKBUF_LOCK(&so->so_rcv);
2476 if (events & (POLLIN | POLLRDNORM))
2477 if (soreadable(so))
2478 revents |= events & (POLLIN | POLLRDNORM);
2479
2480 if (events & POLLINIGNEOF)
2481 if (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat ||
2482 !TAILQ_EMPTY(&so->so_comp) || so->so_error)
2483 revents |= POLLINIGNEOF;
2484
2485 if (events & (POLLOUT | POLLWRNORM))
2486 if (sowriteable(so))
2487 revents |= events & (POLLOUT | POLLWRNORM);
2488
2489 if (events & (POLLPRI | POLLRDBAND))
2490 if (so->so_oobmark || (so->so_rcv.sb_state & SBS_RCVATMARK))
2491 revents |= events & (POLLPRI | POLLRDBAND);
2492
2493 if (revents == 0) {
2494 if (events &
2495 (POLLIN | POLLINIGNEOF | POLLPRI | POLLRDNORM |
2496 POLLRDBAND)) {
2497 selrecord(td, &so->so_rcv.sb_sel);
2498 so->so_rcv.sb_flags |= SB_SEL;
2499 }
2500
2501 if (events & (POLLOUT | POLLWRNORM)) {
2502 selrecord(td, &so->so_snd.sb_sel);
2503 so->so_snd.sb_flags |= SB_SEL;
2504 }
2505 }
2506
2507 SOCKBUF_UNLOCK(&so->so_rcv);
2508 SOCKBUF_UNLOCK(&so->so_snd);
2509 return (revents);
2510 }
2511
2512 int
2513 soo_kqfilter(struct file *fp, struct knote *kn)
2514 {
2515 struct socket *so = kn->kn_fp->f_data;
2516 struct sockbuf *sb;
2517
2518 switch (kn->kn_filter) {
2519 case EVFILT_READ:
2520 if (so->so_options & SO_ACCEPTCONN)
2521 kn->kn_fop = &solisten_filtops;
2522 else
2523 kn->kn_fop = &soread_filtops;
2524 sb = &so->so_rcv;
2525 break;
2526 case EVFILT_WRITE:
2527 kn->kn_fop = &sowrite_filtops;
2528 sb = &so->so_snd;
2529 break;
2530 default:
2531 return (EINVAL);
2532 }
2533
2534 SOCKBUF_LOCK(sb);
2535 knlist_add(&sb->sb_sel.si_note, kn, 1);
2536 sb->sb_flags |= SB_KNOTE;
2537 SOCKBUF_UNLOCK(sb);
2538 return (0);
2539 }
2540
2541 /*
2542 * Some routines that return EOPNOTSUPP for entry points that are not
2543 * supported by a protocol. Fill in as needed.
2544 */
2545 int
2546 pru_accept_notsupp(struct socket *so, struct sockaddr **nam)
2547 {
2548
2549 return EOPNOTSUPP;
2550 }
2551
2552 int
2553 pru_attach_notsupp(struct socket *so, int proto, struct thread *td)
2554 {
2555
2556 return EOPNOTSUPP;
2557 }
2558
2559 int
2560 pru_bind_notsupp(struct socket *so, struct sockaddr *nam, struct thread *td)
2561 {
2562
2563 return EOPNOTSUPP;
2564 }
2565
2566 int
2567 pru_connect_notsupp(struct socket *so, struct sockaddr *nam, struct thread *td)
2568 {
2569
2570 return EOPNOTSUPP;
2571 }
2572
2573 int
2574 pru_connect2_notsupp(struct socket *so1, struct socket *so2)
2575 {
2576
2577 return EOPNOTSUPP;
2578 }
2579
2580 int
2581 pru_control_notsupp(struct socket *so, u_long cmd, caddr_t data,
2582 struct ifnet *ifp, struct thread *td)
2583 {
2584
2585 return EOPNOTSUPP;
2586 }
2587
2588 int
2589 pru_disconnect_notsupp(struct socket *so)
2590 {
2591
2592 return EOPNOTSUPP;
2593 }
2594
2595 int
2596 pru_listen_notsupp(struct socket *so, int backlog, struct thread *td)
2597 {
2598
2599 return EOPNOTSUPP;
2600 }
2601
2602 int
2603 pru_peeraddr_notsupp(struct socket *so, struct sockaddr **nam)
2604 {
2605
2606 return EOPNOTSUPP;
2607 }
2608
2609 int
2610 pru_rcvd_notsupp(struct socket *so, int flags)
2611 {
2612
2613 return EOPNOTSUPP;
2614 }
2615
2616 int
2617 pru_rcvoob_notsupp(struct socket *so, struct mbuf *m, int flags)
2618 {
2619
2620 return EOPNOTSUPP;
2621 }
2622
2623 int
2624 pru_send_notsupp(struct socket *so, int flags, struct mbuf *m,
2625 struct sockaddr *addr, struct mbuf *control, struct thread *td)
2626 {
2627
2628 return EOPNOTSUPP;
2629 }
2630
2631 /*
2632 * This isn't really a ``null'' operation, but it's the default one and
2633 * doesn't do anything destructive.
2634 */
2635 int
2636 pru_sense_null(struct socket *so, struct stat *sb)
2637 {
2638
2639 sb->st_blksize = so->so_snd.sb_hiwat;
2640 return 0;
2641 }
2642
2643 int
2644 pru_shutdown_notsupp(struct socket *so)
2645 {
2646
2647 return EOPNOTSUPP;
2648 }
2649
2650 int
2651 pru_sockaddr_notsupp(struct socket *so, struct sockaddr **nam)
2652 {
2653
2654 return EOPNOTSUPP;
2655 }
2656
2657 int
2658 pru_sosend_notsupp(struct socket *so, struct sockaddr *addr, struct uio *uio,
2659 struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
2660 {
2661
2662 return EOPNOTSUPP;
2663 }
2664
2665 int
2666 pru_soreceive_notsupp(struct socket *so, struct sockaddr **paddr,
2667 struct uio *uio, struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
2668 {
2669
2670 return EOPNOTSUPP;
2671 }
2672
2673 int
2674 pru_sopoll_notsupp(struct socket *so, int events, struct ucred *cred,
2675 struct thread *td)
2676 {
2677
2678 return EOPNOTSUPP;
2679 }
2680
2681 static void
2682 filt_sordetach(struct knote *kn)
2683 {
2684 struct socket *so = kn->kn_fp->f_data;
2685
2686 SOCKBUF_LOCK(&so->so_rcv);
2687 knlist_remove(&so->so_rcv.sb_sel.si_note, kn, 1);
2688 if (knlist_empty(&so->so_rcv.sb_sel.si_note))
2689 so->so_rcv.sb_flags &= ~SB_KNOTE;
2690 SOCKBUF_UNLOCK(&so->so_rcv);
2691 }
2692
2693 /*ARGSUSED*/
2694 static int
2695 filt_soread(struct knote *kn, long hint)
2696 {
2697 struct socket *so;
2698
2699 so = kn->kn_fp->f_data;
2700 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2701
2702 kn->kn_data = so->so_rcv.sb_cc - so->so_rcv.sb_ctl;
2703 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
2704 kn->kn_flags |= EV_EOF;
2705 kn->kn_fflags = so->so_error;
2706 return (1);
2707 } else if (so->so_error) /* temporary udp error */
2708 return (1);
2709 else if (kn->kn_sfflags & NOTE_LOWAT)
2710 return (kn->kn_data >= kn->kn_sdata);
2711 else
2712 return (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat);
2713 }
2714
2715 static void
2716 filt_sowdetach(struct knote *kn)
2717 {
2718 struct socket *so = kn->kn_fp->f_data;
2719
2720 SOCKBUF_LOCK(&so->so_snd);
2721 knlist_remove(&so->so_snd.sb_sel.si_note, kn, 1);
2722 if (knlist_empty(&so->so_snd.sb_sel.si_note))
2723 so->so_snd.sb_flags &= ~SB_KNOTE;
2724 SOCKBUF_UNLOCK(&so->so_snd);
2725 }
2726
2727 /*ARGSUSED*/
2728 static int
2729 filt_sowrite(struct knote *kn, long hint)
2730 {
2731 struct socket *so;
2732
2733 so = kn->kn_fp->f_data;
2734 SOCKBUF_LOCK_ASSERT(&so->so_snd);
2735 kn->kn_data = sbspace(&so->so_snd);
2736 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2737 kn->kn_flags |= EV_EOF;
2738 kn->kn_fflags = so->so_error;
2739 return (1);
2740 } else if (so->so_error) /* temporary udp error */
2741 return (1);
2742 else if (((so->so_state & SS_ISCONNECTED) == 0) &&
2743 (so->so_proto->pr_flags & PR_CONNREQUIRED))
2744 return (0);
2745 else if (kn->kn_sfflags & NOTE_LOWAT)
2746 return (kn->kn_data >= kn->kn_sdata);
2747 else
2748 return (kn->kn_data >= so->so_snd.sb_lowat);
2749 }
2750
2751 /*ARGSUSED*/
2752 static int
2753 filt_solisten(struct knote *kn, long hint)
2754 {
2755 struct socket *so = kn->kn_fp->f_data;
2756
2757 kn->kn_data = so->so_qlen;
2758 return (! TAILQ_EMPTY(&so->so_comp));
2759 }
2760
2761 int
2762 socheckuid(struct socket *so, uid_t uid)
2763 {
2764
2765 if (so == NULL)
2766 return (EPERM);
2767 if (so->so_cred->cr_uid != uid)
2768 return (EPERM);
2769 return (0);
2770 }
2771
2772 static int
2773 sysctl_somaxconn(SYSCTL_HANDLER_ARGS)
2774 {
2775 int error;
2776 int val;
2777
2778 val = somaxconn;
2779 error = sysctl_handle_int(oidp, &val, 0, req);
2780 if (error || !req->newptr )
2781 return (error);
2782
2783 if (val < 1 || val > USHRT_MAX)
2784 return (EINVAL);
2785
2786 somaxconn = val;
2787 return (0);
2788 }
2789
2790 /*
2791 * These functions are used by protocols to notify the socket layer (and its
2792 * consumers) of state changes in the sockets driven by protocol-side events.
2793 */
2794
2795 /*
2796 * Procedures to manipulate state flags of socket and do appropriate wakeups.
2797 *
2798 * Normal sequence from the active (originating) side is that
2799 * soisconnecting() is called during processing of connect() call, resulting
2800 * in an eventual call to soisconnected() if/when the connection is
2801 * established. When the connection is torn down soisdisconnecting() is
2802 * called during processing of disconnect() call, and soisdisconnected() is
2803 * called when the connection to the peer is totally severed. The semantics
2804 * of these routines are such that connectionless protocols can call
2805 * soisconnected() and soisdisconnected() only, bypassing the in-progress
2806 * calls when setting up a ``connection'' takes no time.
2807 *
2808 * From the passive side, a socket is created with two queues of sockets:
2809 * so_incomp for connections in progress and so_comp for connections already
2810 * made and awaiting user acceptance. As a protocol is preparing incoming
2811 * connections, it creates a socket structure queued on so_incomp by calling
2812 * sonewconn(). When the connection is established, soisconnected() is
2813 * called, and transfers the socket structure to so_comp, making it available
2814 * to accept().
2815 *
2816 * If a socket is closed with sockets on either so_incomp or so_comp, these
2817 * sockets are dropped.
2818 *
2819 * If higher-level protocols are implemented in the kernel, the wakeups done
2820 * here will sometimes cause software-interrupt process scheduling.
2821 */
2822 void
2823 soisconnecting(struct socket *so)
2824 {
2825
2826 SOCK_LOCK(so);
2827 so->so_state &= ~(SS_ISCONNECTED|SS_ISDISCONNECTING);
2828 so->so_state |= SS_ISCONNECTING;
2829 SOCK_UNLOCK(so);
2830 }
2831
2832 void
2833 soisconnected(struct socket *so)
2834 {
2835 struct socket *head;
2836
2837 ACCEPT_LOCK();
2838 SOCK_LOCK(so);
2839 so->so_state &= ~(SS_ISCONNECTING|SS_ISDISCONNECTING|SS_ISCONFIRMING);
2840 so->so_state |= SS_ISCONNECTED;
2841 head = so->so_head;
2842 if (head != NULL && (so->so_qstate & SQ_INCOMP)) {
2843 if ((so->so_options & SO_ACCEPTFILTER) == 0) {
2844 SOCK_UNLOCK(so);
2845 TAILQ_REMOVE(&head->so_incomp, so, so_list);
2846 head->so_incqlen--;
2847 so->so_qstate &= ~SQ_INCOMP;
2848 TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
2849 head->so_qlen++;
2850 so->so_qstate |= SQ_COMP;
2851 ACCEPT_UNLOCK();
2852 sorwakeup(head);
2853 wakeup_one(&head->so_timeo);
2854 } else {
2855 ACCEPT_UNLOCK();
2856 so->so_upcall =
2857 head->so_accf->so_accept_filter->accf_callback;
2858 so->so_upcallarg = head->so_accf->so_accept_filter_arg;
2859 so->so_rcv.sb_flags |= SB_UPCALL;
2860 so->so_options &= ~SO_ACCEPTFILTER;
2861 SOCK_UNLOCK(so);
2862 so->so_upcall(so, so->so_upcallarg, M_DONTWAIT);
2863 }
2864 return;
2865 }
2866 SOCK_UNLOCK(so);
2867 ACCEPT_UNLOCK();
2868 wakeup(&so->so_timeo);
2869 sorwakeup(so);
2870 sowwakeup(so);
2871 }
2872
2873 void
2874 soisdisconnecting(struct socket *so)
2875 {
2876
2877 /*
2878 * Note: This code assumes that SOCK_LOCK(so) and
2879 * SOCKBUF_LOCK(&so->so_rcv) are the same.
2880 */
2881 SOCKBUF_LOCK(&so->so_rcv);
2882 so->so_state &= ~SS_ISCONNECTING;
2883 so->so_state |= SS_ISDISCONNECTING;
2884 so->so_rcv.sb_state |= SBS_CANTRCVMORE;
2885 sorwakeup_locked(so);
2886 SOCKBUF_LOCK(&so->so_snd);
2887 so->so_snd.sb_state |= SBS_CANTSENDMORE;
2888 sowwakeup_locked(so);
2889 wakeup(&so->so_timeo);
2890 }
2891
2892 void
2893 soisdisconnected(struct socket *so)
2894 {
2895
2896 /*
2897 * Note: This code assumes that SOCK_LOCK(so) and
2898 * SOCKBUF_LOCK(&so->so_rcv) are the same.
2899 */
2900 SOCKBUF_LOCK(&so->so_rcv);
2901 so->so_state &= ~(SS_ISCONNECTING|SS_ISCONNECTED|SS_ISDISCONNECTING);
2902 so->so_state |= SS_ISDISCONNECTED;
2903 so->so_rcv.sb_state |= SBS_CANTRCVMORE;
2904 sorwakeup_locked(so);
2905 SOCKBUF_LOCK(&so->so_snd);
2906 so->so_snd.sb_state |= SBS_CANTSENDMORE;
2907 sbdrop_locked(&so->so_snd, so->so_snd.sb_cc);
2908 sowwakeup_locked(so);
2909 wakeup(&so->so_timeo);
2910 }
2911
2912 /*
2913 * Make a copy of a sockaddr in a malloced buffer of type M_SONAME.
2914 */
2915 struct sockaddr *
2916 sodupsockaddr(const struct sockaddr *sa, int mflags)
2917 {
2918 struct sockaddr *sa2;
2919
2920 sa2 = malloc(sa->sa_len, M_SONAME, mflags);
2921 if (sa2)
2922 bcopy(sa, sa2, sa->sa_len);
2923 return sa2;
2924 }
2925
2926 /*
2927 * Create an external-format (``xsocket'') structure using the information in
2928 * the kernel-format socket structure pointed to by so. This is done to
2929 * reduce the spew of irrelevant information over this interface, to isolate
2930 * user code from changes in the kernel structure, and potentially to provide
2931 * information-hiding if we decide that some of this information should be
2932 * hidden from users.
2933 */
2934 void
2935 sotoxsocket(struct socket *so, struct xsocket *xso)
2936 {
2937
2938 xso->xso_len = sizeof *xso;
2939 xso->xso_so = so;
2940 xso->so_type = so->so_type;
2941 xso->so_options = so->so_options;
2942 xso->so_linger = so->so_linger;
2943 xso->so_state = so->so_state;
2944 xso->so_pcb = so->so_pcb;
2945 xso->xso_protocol = so->so_proto->pr_protocol;
2946 xso->xso_family = so->so_proto->pr_domain->dom_family;
2947 xso->so_qlen = so->so_qlen;
2948 xso->so_incqlen = so->so_incqlen;
2949 xso->so_qlimit = so->so_qlimit;
2950 xso->so_timeo = so->so_timeo;
2951 xso->so_error = so->so_error;
2952 xso->so_pgid = so->so_sigio ? so->so_sigio->sio_pgid : 0;
2953 xso->so_oobmark = so->so_oobmark;
2954 sbtoxsockbuf(&so->so_snd, &xso->so_snd);
2955 sbtoxsockbuf(&so->so_rcv, &xso->so_rcv);
2956 xso->so_uid = so->so_cred->cr_uid;
2957 }
Cache object: 878b3b273630cba04a7148e48ba7df91
|