1 /* $NetBSD: uipc_syscalls.c,v 1.134.4.3 2010/03/28 15:32:00 snj Exp $ */
2
3 /*-
4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Andrew Doran.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 /*
33 * Copyright (c) 1982, 1986, 1989, 1990, 1993
34 * The Regents of the University of California. All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)uipc_syscalls.c 8.6 (Berkeley) 2/14/95
61 */
62
63 #include <sys/cdefs.h>
64 __KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.134.4.3 2010/03/28 15:32:00 snj Exp $");
65
66 #include "opt_pipe.h"
67
68 #include <sys/param.h>
69 #include <sys/systm.h>
70 #include <sys/filedesc.h>
71 #include <sys/proc.h>
72 #include <sys/file.h>
73 #include <sys/buf.h>
74 #include <sys/malloc.h>
75 #include <sys/mbuf.h>
76 #include <sys/protosw.h>
77 #include <sys/socket.h>
78 #include <sys/socketvar.h>
79 #include <sys/signalvar.h>
80 #include <sys/un.h>
81 #include <sys/ktrace.h>
82 #include <sys/event.h>
83
84 #include <sys/mount.h>
85 #include <sys/syscallargs.h>
86
87 #include <uvm/uvm_extern.h>
88
89 /*
90 * System call interface to the socket abstraction.
91 */
92 extern const struct fileops socketops;
93
94 int
95 sys___socket30(struct lwp *l, const struct sys___socket30_args *uap, register_t *retval)
96 {
97 /* {
98 syscallarg(int) domain;
99 syscallarg(int) type;
100 syscallarg(int) protocol;
101 } */
102 int fd, error;
103
104 error = fsocreate(SCARG(uap, domain), NULL, SCARG(uap, type),
105 SCARG(uap, protocol), l, &fd);
106 if (error == 0)
107 *retval = fd;
108 return error;
109 }
110
111 /* ARGSUSED */
112 int
113 sys_bind(struct lwp *l, const struct sys_bind_args *uap, register_t *retval)
114 {
115 /* {
116 syscallarg(int) s;
117 syscallarg(const struct sockaddr *) name;
118 syscallarg(unsigned int) namelen;
119 } */
120 struct mbuf *nam;
121 int error;
122
123 error = sockargs(&nam, SCARG(uap, name), SCARG(uap, namelen),
124 MT_SONAME);
125 if (error)
126 return error;
127
128 return do_sys_bind(l, SCARG(uap, s), nam);
129 }
130
131 int
132 do_sys_bind(struct lwp *l, int fd, struct mbuf *nam)
133 {
134 struct socket *so;
135 int error;
136
137 if ((error = fd_getsock(fd, &so)) != 0) {
138 m_freem(nam);
139 return (error);
140 }
141 MCLAIM(nam, so->so_mowner);
142 error = sobind(so, nam, l);
143 m_freem(nam);
144 fd_putfile(fd);
145 return error;
146 }
147
148 /* ARGSUSED */
149 int
150 sys_listen(struct lwp *l, const struct sys_listen_args *uap, register_t *retval)
151 {
152 /* {
153 syscallarg(int) s;
154 syscallarg(int) backlog;
155 } */
156 struct socket *so;
157 int error;
158
159 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
160 return (error);
161 error = solisten(so, SCARG(uap, backlog), l);
162 fd_putfile(SCARG(uap, s));
163 return error;
164 }
165
166 int
167 do_sys_accept(struct lwp *l, int sock, struct mbuf **name, register_t *new_sock)
168 {
169 file_t *fp, *fp2;
170 struct mbuf *nam;
171 int error, fd;
172 struct socket *so, *so2;
173
174 if ((fp = fd_getfile(sock)) == NULL)
175 return (EBADF);
176 if (fp->f_type != DTYPE_SOCKET) {
177 fd_putfile(sock);
178 return (ENOTSOCK);
179 }
180 if ((error = fd_allocfile(&fp2, &fd)) != 0) {
181 fd_putfile(sock);
182 return (error);
183 }
184 nam = m_get(M_WAIT, MT_SONAME);
185 *new_sock = fd;
186 so = fp->f_data;
187 solock(so);
188 if (!(so->so_proto->pr_flags & PR_LISTEN)) {
189 error = EOPNOTSUPP;
190 goto bad;
191 }
192 if ((so->so_options & SO_ACCEPTCONN) == 0) {
193 error = EINVAL;
194 goto bad;
195 }
196 if (so->so_nbio && so->so_qlen == 0) {
197 error = EWOULDBLOCK;
198 goto bad;
199 }
200 while (so->so_qlen == 0 && so->so_error == 0) {
201 if (so->so_state & SS_CANTRCVMORE) {
202 so->so_error = ECONNABORTED;
203 break;
204 }
205 error = sowait(so, true, 0);
206 if (error) {
207 goto bad;
208 }
209 }
210 if (so->so_error) {
211 error = so->so_error;
212 so->so_error = 0;
213 goto bad;
214 }
215 /* connection has been removed from the listen queue */
216 KNOTE(&so->so_rcv.sb_sel.sel_klist, NOTE_SUBMIT);
217 so2 = TAILQ_FIRST(&so->so_q);
218 if (soqremque(so2, 1) == 0)
219 panic("accept");
220 fp2->f_type = DTYPE_SOCKET;
221 fp2->f_flag = fp->f_flag;
222 fp2->f_ops = &socketops;
223 fp2->f_data = so2;
224 error = soaccept(so2, nam);
225 sounlock(so);
226 if (error) {
227 /* an error occurred, free the file descriptor and mbuf */
228 m_freem(nam);
229 mutex_enter(&fp2->f_lock);
230 fp2->f_count++;
231 mutex_exit(&fp2->f_lock);
232 closef(fp2);
233 fd_abort(curproc, NULL, fd);
234 } else {
235 fd_affix(curproc, fp2, fd);
236 *name = nam;
237 }
238 fd_putfile(sock);
239 return (error);
240 bad:
241 sounlock(so);
242 m_freem(nam);
243 fd_putfile(sock);
244 fd_abort(curproc, fp2, fd);
245 return (error);
246 }
247
248 int
249 sys_accept(struct lwp *l, const struct sys_accept_args *uap, register_t *retval)
250 {
251 /* {
252 syscallarg(int) s;
253 syscallarg(struct sockaddr *) name;
254 syscallarg(unsigned int *) anamelen;
255 } */
256 int error, fd;
257 struct mbuf *name;
258
259 error = do_sys_accept(l, SCARG(uap, s), &name, retval);
260 if (error != 0)
261 return error;
262 error = copyout_sockname(SCARG(uap, name), SCARG(uap, anamelen),
263 MSG_LENUSRSPACE, name);
264 if (name != NULL)
265 m_free(name);
266 if (error != 0) {
267 fd = (int)*retval;
268 if (fd_getfile(fd) != NULL)
269 (void)fd_close(fd);
270 }
271 return error;
272 }
273
274 /* ARGSUSED */
275 int
276 sys_connect(struct lwp *l, const struct sys_connect_args *uap, register_t *retval)
277 {
278 /* {
279 syscallarg(int) s;
280 syscallarg(const struct sockaddr *) name;
281 syscallarg(unsigned int) namelen;
282 } */
283 int error;
284 struct mbuf *nam;
285
286 error = sockargs(&nam, SCARG(uap, name), SCARG(uap, namelen),
287 MT_SONAME);
288 if (error)
289 return error;
290 return do_sys_connect(l, SCARG(uap, s), nam);
291 }
292
293 int
294 do_sys_connect(struct lwp *l, int fd, struct mbuf *nam)
295 {
296 struct socket *so;
297 int error;
298 int interrupted = 0;
299
300 if ((error = fd_getsock(fd, &so)) != 0) {
301 m_freem(nam);
302 return (error);
303 }
304 solock(so);
305 MCLAIM(nam, so->so_mowner);
306 if ((so->so_state & SS_ISCONNECTING) != 0) {
307 error = EALREADY;
308 goto out;
309 }
310
311 error = soconnect(so, nam, l);
312 if (error)
313 goto bad;
314 if (so->so_nbio && (so->so_state & SS_ISCONNECTING) != 0) {
315 error = EINPROGRESS;
316 goto out;
317 }
318 while ((so->so_state & SS_ISCONNECTING) != 0 && so->so_error == 0) {
319 error = sowait(so, true, 0);
320 if (__predict_false((so->so_state & SS_ISDRAINING) != 0)) {
321 error = EPIPE;
322 interrupted = 1;
323 break;
324 }
325 if (error) {
326 if (error == EINTR || error == ERESTART)
327 interrupted = 1;
328 break;
329 }
330 }
331 if (error == 0) {
332 error = so->so_error;
333 so->so_error = 0;
334 }
335 bad:
336 if (!interrupted)
337 so->so_state &= ~SS_ISCONNECTING;
338 if (error == ERESTART)
339 error = EINTR;
340 out:
341 sounlock(so);
342 fd_putfile(fd);
343 m_freem(nam);
344 return (error);
345 }
346
347 int
348 sys_socketpair(struct lwp *l, const struct sys_socketpair_args *uap, register_t *retval)
349 {
350 /* {
351 syscallarg(int) domain;
352 syscallarg(int) type;
353 syscallarg(int) protocol;
354 syscallarg(int *) rsv;
355 } */
356 file_t *fp1, *fp2;
357 struct socket *so1, *so2;
358 int fd, error, sv[2];
359 proc_t *p;
360
361 p = curproc;
362 error = socreate(SCARG(uap, domain), &so1, SCARG(uap, type),
363 SCARG(uap, protocol), l, NULL);
364 if (error)
365 return (error);
366 error = socreate(SCARG(uap, domain), &so2, SCARG(uap, type),
367 SCARG(uap, protocol), l, so1);
368 if (error)
369 goto free1;
370 if ((error = fd_allocfile(&fp1, &fd)) != 0)
371 goto free2;
372 sv[0] = fd;
373 fp1->f_flag = FREAD|FWRITE;
374 fp1->f_type = DTYPE_SOCKET;
375 fp1->f_ops = &socketops;
376 fp1->f_data = so1;
377 if ((error = fd_allocfile(&fp2, &fd)) != 0)
378 goto free3;
379 fp2->f_flag = FREAD|FWRITE;
380 fp2->f_type = DTYPE_SOCKET;
381 fp2->f_ops = &socketops;
382 fp2->f_data = so2;
383 sv[1] = fd;
384 solock(so1);
385 error = soconnect2(so1, so2);
386 if (error == 0 && SCARG(uap, type) == SOCK_DGRAM) {
387 /*
388 * Datagram socket connection is asymmetric.
389 */
390 error = soconnect2(so2, so1);
391 }
392 sounlock(so1);
393 if (error == 0)
394 error = copyout(sv, SCARG(uap, rsv), 2 * sizeof(int));
395 if (error == 0) {
396 fd_affix(p, fp2, sv[1]);
397 fd_affix(p, fp1, sv[0]);
398 return (0);
399 }
400 fd_abort(p, fp2, sv[1]);
401 free3:
402 fd_abort(p, fp1, sv[0]);
403 free2:
404 (void)soclose(so2);
405 free1:
406 (void)soclose(so1);
407 return (error);
408 }
409
410 int
411 sys_sendto(struct lwp *l, const struct sys_sendto_args *uap, register_t *retval)
412 {
413 /* {
414 syscallarg(int) s;
415 syscallarg(const void *) buf;
416 syscallarg(size_t) len;
417 syscallarg(int) flags;
418 syscallarg(const struct sockaddr *) to;
419 syscallarg(unsigned int) tolen;
420 } */
421 struct msghdr msg;
422 struct iovec aiov;
423
424 msg.msg_name = __UNCONST(SCARG(uap, to)); /* XXXUNCONST kills const */
425 msg.msg_namelen = SCARG(uap, tolen);
426 msg.msg_iov = &aiov;
427 msg.msg_iovlen = 1;
428 msg.msg_control = NULL;
429 msg.msg_flags = 0;
430 aiov.iov_base = __UNCONST(SCARG(uap, buf)); /* XXXUNCONST kills const */
431 aiov.iov_len = SCARG(uap, len);
432 return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), retval);
433 }
434
435 int
436 sys_sendmsg(struct lwp *l, const struct sys_sendmsg_args *uap, register_t *retval)
437 {
438 /* {
439 syscallarg(int) s;
440 syscallarg(const struct msghdr *) msg;
441 syscallarg(int) flags;
442 } */
443 struct msghdr msg;
444 int error;
445
446 error = copyin(SCARG(uap, msg), &msg, sizeof(msg));
447 if (error)
448 return (error);
449
450 msg.msg_flags = MSG_IOVUSRSPACE;
451 return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), retval);
452 }
453
454 int
455 do_sys_sendmsg(struct lwp *l, int s, struct msghdr *mp, int flags,
456 register_t *retsize)
457 {
458 struct uio auio;
459 int i, len, error, iovlen;
460 struct mbuf *to, *control;
461 struct socket *so;
462 struct iovec *tiov;
463 struct iovec aiov[UIO_SMALLIOV], *iov = aiov;
464 struct iovec *ktriov = NULL;
465
466 ktrkuser("msghdr", mp, sizeof *mp);
467
468 /* If the caller passed us stuff in mbufs, we must free them */
469 if (mp->msg_flags & MSG_NAMEMBUF)
470 to = mp->msg_name;
471 else
472 to = NULL;
473
474 if (mp->msg_flags & MSG_CONTROLMBUF)
475 control = mp->msg_control;
476 else
477 control = NULL;
478
479 if (mp->msg_flags & MSG_IOVUSRSPACE) {
480 if ((unsigned int)mp->msg_iovlen > UIO_SMALLIOV) {
481 if ((unsigned int)mp->msg_iovlen > IOV_MAX) {
482 error = EMSGSIZE;
483 goto bad;
484 }
485 iov = malloc(sizeof(struct iovec) * mp->msg_iovlen,
486 M_IOV, M_WAITOK);
487 }
488 if (mp->msg_iovlen != 0) {
489 error = copyin(mp->msg_iov, iov,
490 (size_t)(mp->msg_iovlen * sizeof(struct iovec)));
491 if (error)
492 goto bad;
493 }
494 mp->msg_iov = iov;
495 }
496
497 auio.uio_iov = mp->msg_iov;
498 auio.uio_iovcnt = mp->msg_iovlen;
499 auio.uio_rw = UIO_WRITE;
500 auio.uio_offset = 0; /* XXX */
501 auio.uio_resid = 0;
502 KASSERT(l == curlwp);
503 auio.uio_vmspace = l->l_proc->p_vmspace;
504
505 for (i = 0, tiov = mp->msg_iov; i < mp->msg_iovlen; i++, tiov++) {
506 #if 0
507 /* cannot happen; iov_len is unsigned */
508 if (tiov->iov_len < 0) {
509 error = EINVAL;
510 goto bad;
511 }
512 #endif
513 /*
514 * Writes return ssize_t because -1 is returned on error.
515 * Therefore, we must restrict the length to SSIZE_MAX to
516 * avoid garbage return values.
517 */
518 auio.uio_resid += tiov->iov_len;
519 if (tiov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
520 error = EINVAL;
521 goto bad;
522 }
523 }
524
525 if (mp->msg_name && to == NULL) {
526 error = sockargs(&to, mp->msg_name, mp->msg_namelen,
527 MT_SONAME);
528 if (error)
529 goto bad;
530 }
531
532 if (mp->msg_control) {
533 if (mp->msg_controllen < CMSG_ALIGN(sizeof(struct cmsghdr))) {
534 error = EINVAL;
535 goto bad;
536 }
537 if (control == NULL) {
538 error = sockargs(&control, mp->msg_control,
539 mp->msg_controllen, MT_CONTROL);
540 if (error)
541 goto bad;
542 }
543 }
544
545 if (ktrpoint(KTR_GENIO)) {
546 iovlen = auio.uio_iovcnt * sizeof(struct iovec);
547 ktriov = malloc(iovlen, M_TEMP, M_WAITOK);
548 memcpy(ktriov, auio.uio_iov, iovlen);
549 }
550
551 if ((error = fd_getsock(s, &so)) != 0)
552 goto bad;
553
554 if (mp->msg_name)
555 MCLAIM(to, so->so_mowner);
556 if (mp->msg_control)
557 MCLAIM(control, so->so_mowner);
558
559 len = auio.uio_resid;
560 error = (*so->so_send)(so, to, &auio, NULL, control, flags, l);
561 /* Protocol is responsible for freeing 'control' */
562 control = NULL;
563
564 fd_putfile(s);
565
566 if (error) {
567 if (auio.uio_resid != len && (error == ERESTART ||
568 error == EINTR || error == EWOULDBLOCK))
569 error = 0;
570 if (error == EPIPE && (flags & MSG_NOSIGNAL) == 0) {
571 mutex_enter(proc_lock);
572 psignal(l->l_proc, SIGPIPE);
573 mutex_exit(proc_lock);
574 }
575 }
576 if (error == 0)
577 *retsize = len - auio.uio_resid;
578
579 bad:
580 if (ktriov != NULL) {
581 ktrgeniov(s, UIO_WRITE, ktriov, *retsize, error);
582 free(ktriov, M_TEMP);
583 }
584
585 if (iov != aiov)
586 free(iov, M_IOV);
587 if (to)
588 m_freem(to);
589 if (control)
590 m_freem(control);
591
592 return (error);
593 }
594
595 int
596 sys_recvfrom(struct lwp *l, const struct sys_recvfrom_args *uap, register_t *retval)
597 {
598 /* {
599 syscallarg(int) s;
600 syscallarg(void *) buf;
601 syscallarg(size_t) len;
602 syscallarg(int) flags;
603 syscallarg(struct sockaddr *) from;
604 syscallarg(unsigned int *) fromlenaddr;
605 } */
606 struct msghdr msg;
607 struct iovec aiov;
608 int error;
609 struct mbuf *from;
610
611 msg.msg_name = NULL;
612 msg.msg_iov = &aiov;
613 msg.msg_iovlen = 1;
614 aiov.iov_base = SCARG(uap, buf);
615 aiov.iov_len = SCARG(uap, len);
616 msg.msg_control = NULL;
617 msg.msg_flags = SCARG(uap, flags) & MSG_USERFLAGS;
618
619 error = do_sys_recvmsg(l, SCARG(uap, s), &msg, &from, NULL, retval);
620 if (error != 0)
621 return error;
622
623 error = copyout_sockname(SCARG(uap, from), SCARG(uap, fromlenaddr),
624 MSG_LENUSRSPACE, from);
625 if (from != NULL)
626 m_free(from);
627 return error;
628 }
629
630 int
631 sys_recvmsg(struct lwp *l, const struct sys_recvmsg_args *uap, register_t *retval)
632 {
633 /* {
634 syscallarg(int) s;
635 syscallarg(struct msghdr *) msg;
636 syscallarg(int) flags;
637 } */
638 struct msghdr msg;
639 int error;
640 struct mbuf *from, *control;
641
642 error = copyin(SCARG(uap, msg), &msg, sizeof(msg));
643 if (error)
644 return (error);
645
646 msg.msg_flags = (SCARG(uap, flags) & MSG_USERFLAGS) | MSG_IOVUSRSPACE;
647
648 error = do_sys_recvmsg(l, SCARG(uap, s), &msg, &from,
649 msg.msg_control != NULL ? &control : NULL, retval);
650 if (error != 0)
651 return error;
652
653 if (msg.msg_control != NULL)
654 error = copyout_msg_control(l, &msg, control);
655
656 if (error == 0)
657 error = copyout_sockname(msg.msg_name, &msg.msg_namelen, 0,
658 from);
659 if (from != NULL)
660 m_free(from);
661 if (error == 0) {
662 ktrkuser("msghdr", &msg, sizeof msg);
663 error = copyout(&msg, SCARG(uap, msg), sizeof(msg));
664 }
665
666 return (error);
667 }
668
669 /*
670 * Adjust for a truncated SCM_RIGHTS control message.
671 * This means closing any file descriptors that aren't present
672 * in the returned buffer.
673 * m is the mbuf holding the (already externalized) SCM_RIGHTS message.
674 */
675 static void
676 free_rights(struct mbuf *m)
677 {
678 int nfd;
679 int i;
680 int *fdv;
681
682 nfd = m->m_len < CMSG_SPACE(sizeof(int)) ? 0
683 : (m->m_len - CMSG_SPACE(sizeof(int))) / sizeof(int) + 1;
684 fdv = (int *) CMSG_DATA(mtod(m,struct cmsghdr *));
685 for (i = 0; i < nfd; i++) {
686 if (fd_getfile(fdv[i]) != NULL)
687 (void)fd_close(fdv[i]);
688 }
689 }
690
691 void
692 free_control_mbuf(struct lwp *l, struct mbuf *control, struct mbuf *uncopied)
693 {
694 struct mbuf *next;
695 struct cmsghdr *cmsg;
696 bool do_free_rights = false;
697
698 while (control != NULL) {
699 cmsg = mtod(control, struct cmsghdr *);
700 if (control == uncopied)
701 do_free_rights = true;
702 if (do_free_rights && cmsg->cmsg_level == SOL_SOCKET
703 && cmsg->cmsg_type == SCM_RIGHTS)
704 free_rights(control);
705 next = control->m_next;
706 m_free(control);
707 control = next;
708 }
709 }
710
711 /* Copy socket control/CMSG data to user buffer, frees the mbuf */
712 int
713 copyout_msg_control(struct lwp *l, struct msghdr *mp, struct mbuf *control)
714 {
715 int i, len, error = 0;
716 struct cmsghdr *cmsg;
717 struct mbuf *m;
718 char *q;
719
720 len = mp->msg_controllen;
721 if (len <= 0 || control == 0) {
722 mp->msg_controllen = 0;
723 free_control_mbuf(l, control, control);
724 return 0;
725 }
726
727 q = (char *)mp->msg_control;
728
729 for (m = control; m != NULL; ) {
730 cmsg = mtod(m, struct cmsghdr *);
731 i = m->m_len;
732 if (len < i) {
733 mp->msg_flags |= MSG_CTRUNC;
734 if (cmsg->cmsg_level == SOL_SOCKET
735 && cmsg->cmsg_type == SCM_RIGHTS)
736 /* Do not truncate me ... */
737 break;
738 i = len;
739 }
740 error = copyout(mtod(m, void *), q, i);
741 ktrkuser("msgcontrol", mtod(m, void *), i);
742 if (error != 0) {
743 /* We must free all the SCM_RIGHTS */
744 m = control;
745 break;
746 }
747 m = m->m_next;
748 if (m)
749 i = ALIGN(i);
750 q += i;
751 len -= i;
752 if (len <= 0)
753 break;
754 }
755
756 free_control_mbuf(l, control, m);
757
758 mp->msg_controllen = q - (char *)mp->msg_control;
759 return error;
760 }
761
762 int
763 do_sys_recvmsg(struct lwp *l, int s, struct msghdr *mp, struct mbuf **from,
764 struct mbuf **control, register_t *retsize)
765 {
766 struct uio auio;
767 struct iovec aiov[UIO_SMALLIOV], *iov = aiov;
768 struct iovec *tiov;
769 int i, len, error, iovlen;
770 struct socket *so;
771 struct iovec *ktriov;
772
773 ktrkuser("msghdr", mp, sizeof *mp);
774
775 *from = NULL;
776 if (control != NULL)
777 *control = NULL;
778
779 if ((error = fd_getsock(s, &so)) != 0)
780 return (error);
781
782 if (mp->msg_flags & MSG_IOVUSRSPACE) {
783 if ((unsigned int)mp->msg_iovlen > UIO_SMALLIOV) {
784 if ((unsigned int)mp->msg_iovlen > IOV_MAX) {
785 error = EMSGSIZE;
786 goto out;
787 }
788 iov = malloc(sizeof(struct iovec) * mp->msg_iovlen,
789 M_IOV, M_WAITOK);
790 }
791 if (mp->msg_iovlen != 0) {
792 error = copyin(mp->msg_iov, iov,
793 (size_t)(mp->msg_iovlen * sizeof(struct iovec)));
794 if (error)
795 goto out;
796 }
797 auio.uio_iov = iov;
798 } else
799 auio.uio_iov = mp->msg_iov;
800 auio.uio_iovcnt = mp->msg_iovlen;
801 auio.uio_rw = UIO_READ;
802 auio.uio_offset = 0; /* XXX */
803 auio.uio_resid = 0;
804 KASSERT(l == curlwp);
805 auio.uio_vmspace = l->l_proc->p_vmspace;
806
807 tiov = auio.uio_iov;
808 for (i = 0; i < mp->msg_iovlen; i++, tiov++) {
809 #if 0
810 /* cannot happen iov_len is unsigned */
811 if (tiov->iov_len < 0) {
812 error = EINVAL;
813 goto out;
814 }
815 #endif
816 /*
817 * Reads return ssize_t because -1 is returned on error.
818 * Therefore we must restrict the length to SSIZE_MAX to
819 * avoid garbage return values.
820 */
821 auio.uio_resid += tiov->iov_len;
822 if (tiov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
823 error = EINVAL;
824 goto out;
825 }
826 }
827
828 ktriov = NULL;
829 if (ktrpoint(KTR_GENIO)) {
830 iovlen = auio.uio_iovcnt * sizeof(struct iovec);
831 ktriov = malloc(iovlen, M_TEMP, M_WAITOK);
832 memcpy(ktriov, auio.uio_iov, iovlen);
833 }
834
835 len = auio.uio_resid;
836 mp->msg_flags &= MSG_USERFLAGS;
837 error = (*so->so_receive)(so, from, &auio, NULL, control,
838 &mp->msg_flags);
839 len -= auio.uio_resid;
840 *retsize = len;
841 if (error != 0 && len != 0
842 && (error == ERESTART || error == EINTR || error == EWOULDBLOCK))
843 /* Some data transferred */
844 error = 0;
845
846 if (ktriov != NULL) {
847 ktrgeniov(s, UIO_READ, ktriov, len, error);
848 free(ktriov, M_TEMP);
849 }
850
851 if (error != 0) {
852 m_freem(*from);
853 *from = NULL;
854 if (control != NULL) {
855 free_control_mbuf(l, *control, *control);
856 *control = NULL;
857 }
858 }
859 out:
860 if (iov != aiov)
861 free(iov, M_IOV);
862 fd_putfile(s);
863 return (error);
864 }
865
866
867 /* ARGSUSED */
868 int
869 sys_shutdown(struct lwp *l, const struct sys_shutdown_args *uap, register_t *retval)
870 {
871 /* {
872 syscallarg(int) s;
873 syscallarg(int) how;
874 } */
875 struct socket *so;
876 int error;
877
878 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
879 return (error);
880 solock(so);
881 error = soshutdown(so, SCARG(uap, how));
882 sounlock(so);
883 fd_putfile(SCARG(uap, s));
884 return (error);
885 }
886
887 /* ARGSUSED */
888 int
889 sys_setsockopt(struct lwp *l, const struct sys_setsockopt_args *uap, register_t *retval)
890 {
891 /* {
892 syscallarg(int) s;
893 syscallarg(int) level;
894 syscallarg(int) name;
895 syscallarg(const void *) val;
896 syscallarg(unsigned int) valsize;
897 } */
898 struct sockopt sopt;
899 struct socket *so;
900 int error;
901 unsigned int len;
902
903 len = SCARG(uap, valsize);
904 if (len > 0 && SCARG(uap, val) == NULL)
905 return (EINVAL);
906
907 if (len > MCLBYTES)
908 return (EINVAL);
909
910 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
911 return (error);
912
913 sockopt_init(&sopt, SCARG(uap, level), SCARG(uap, name), len);
914
915 if (len > 0) {
916 error = copyin(SCARG(uap, val), sopt.sopt_data, len);
917 if (error)
918 goto out;
919 }
920
921 error = sosetopt(so, &sopt);
922
923 out:
924 sockopt_destroy(&sopt);
925 fd_putfile(SCARG(uap, s));
926 return (error);
927 }
928
929 /* ARGSUSED */
930 int
931 sys_getsockopt(struct lwp *l, const struct sys_getsockopt_args *uap, register_t *retval)
932 {
933 /* {
934 syscallarg(int) s;
935 syscallarg(int) level;
936 syscallarg(int) name;
937 syscallarg(void *) val;
938 syscallarg(unsigned int *) avalsize;
939 } */
940 struct sockopt sopt;
941 struct socket *so;
942 unsigned int valsize, len;
943 int error;
944
945 if (SCARG(uap, val) != NULL) {
946 error = copyin(SCARG(uap, avalsize), &valsize, sizeof(valsize));
947 if (error)
948 return (error);
949 } else
950 valsize = 0;
951
952 if ((error = fd_getsock(SCARG(uap, s), &so)) != 0)
953 return (error);
954
955 sockopt_init(&sopt, SCARG(uap, level), SCARG(uap, name), 0);
956
957 error = sogetopt(so, &sopt);
958 if (error)
959 goto out;
960
961 if (valsize > 0) {
962 len = min(valsize, sopt.sopt_size);
963 error = copyout(sopt.sopt_data, SCARG(uap, val), len);
964 if (error)
965 goto out;
966
967 error = copyout(&len, SCARG(uap, avalsize), sizeof(len));
968 if (error)
969 goto out;
970 }
971
972 out:
973 sockopt_destroy(&sopt);
974 fd_putfile(SCARG(uap, s));
975 return (error);
976 }
977
978 #ifdef PIPE_SOCKETPAIR
979 /* ARGSUSED */
980 int
981 sys_pipe(struct lwp *l, const void *v, register_t *retval)
982 {
983 file_t *rf, *wf;
984 struct socket *rso, *wso;
985 int fd, error;
986 proc_t *p;
987
988 p = curproc;
989 if ((error = socreate(AF_LOCAL, &rso, SOCK_STREAM, 0, l, NULL)) != 0)
990 return (error);
991 if ((error = socreate(AF_LOCAL, &wso, SOCK_STREAM, 0, l, rso)) != 0)
992 goto free1;
993 /* remember this socket pair implements a pipe */
994 wso->so_state |= SS_ISAPIPE;
995 rso->so_state |= SS_ISAPIPE;
996 if ((error = fd_allocfile(&rf, &fd)) != 0)
997 goto free2;
998 retval[0] = fd;
999 rf->f_flag = FREAD;
1000 rf->f_type = DTYPE_SOCKET;
1001 rf->f_ops = &socketops;
1002 rf->f_data = rso;
1003 if ((error = fd_allocfile(&wf, &fd)) != 0)
1004 goto free3;
1005 wf->f_flag = FWRITE;
1006 wf->f_type = DTYPE_SOCKET;
1007 wf->f_ops = &socketops;
1008 wf->f_data = wso;
1009 retval[1] = fd;
1010 solock(wso);
1011 error = unp_connect2(wso, rso, PRU_CONNECT2);
1012 sounlock(wso);
1013 if (error != 0)
1014 goto free4;
1015 fd_affix(p, wf, (int)retval[1]);
1016 fd_affix(p, rf, (int)retval[0]);
1017 return (0);
1018 free4:
1019 fd_abort(p, wf, (int)retval[1]);
1020 free3:
1021 fd_abort(p, rf, (int)retval[0]);
1022 free2:
1023 (void)soclose(wso);
1024 free1:
1025 (void)soclose(rso);
1026 return (error);
1027 }
1028 #endif /* PIPE_SOCKETPAIR */
1029
1030 /*
1031 * Get socket name.
1032 */
1033 /* ARGSUSED */
1034 int
1035 do_sys_getsockname(struct lwp *l, int fd, int which, struct mbuf **nam)
1036 {
1037 struct socket *so;
1038 struct mbuf *m;
1039 int error;
1040
1041 if ((error = fd_getsock(fd, &so)) != 0)
1042 return error;
1043
1044 m = m_getclr(M_WAIT, MT_SONAME);
1045 MCLAIM(m, so->so_mowner);
1046
1047 solock(so);
1048 if (which == PRU_PEERADDR
1049 && (so->so_state & (SS_ISCONNECTED | SS_ISCONFIRMING)) == 0) {
1050 error = ENOTCONN;
1051 } else {
1052 *nam = m;
1053 error = (*so->so_proto->pr_usrreq)(so, which, NULL, m, NULL,
1054 NULL);
1055 }
1056 sounlock(so);
1057 if (error != 0)
1058 m_free(m);
1059 fd_putfile(fd);
1060 return error;
1061 }
1062
1063 int
1064 copyout_sockname(struct sockaddr *asa, unsigned int *alen, int flags,
1065 struct mbuf *addr)
1066 {
1067 int len;
1068 int error;
1069
1070 if (asa == NULL)
1071 /* Assume application not interested */
1072 return 0;
1073
1074 if (flags & MSG_LENUSRSPACE) {
1075 error = copyin(alen, &len, sizeof(len));
1076 if (error)
1077 return error;
1078 } else
1079 len = *alen;
1080 if (len < 0)
1081 return EINVAL;
1082
1083 if (addr == NULL) {
1084 len = 0;
1085 error = 0;
1086 } else {
1087 if (len > addr->m_len)
1088 len = addr->m_len;
1089 /* Maybe this ought to copy a chain ? */
1090 ktrkuser("sockname", mtod(addr, void *), len);
1091 error = copyout(mtod(addr, void *), asa, len);
1092 }
1093
1094 if (error == 0) {
1095 if (flags & MSG_LENUSRSPACE)
1096 error = copyout(&len, alen, sizeof(len));
1097 else
1098 *alen = len;
1099 }
1100
1101 return error;
1102 }
1103
1104 /*
1105 * Get socket name.
1106 */
1107 /* ARGSUSED */
1108 int
1109 sys_getsockname(struct lwp *l, const struct sys_getsockname_args *uap, register_t *retval)
1110 {
1111 /* {
1112 syscallarg(int) fdes;
1113 syscallarg(struct sockaddr *) asa;
1114 syscallarg(unsigned int *) alen;
1115 } */
1116 struct mbuf *m;
1117 int error;
1118
1119 error = do_sys_getsockname(l, SCARG(uap, fdes), PRU_SOCKADDR, &m);
1120 if (error != 0)
1121 return error;
1122
1123 error = copyout_sockname(SCARG(uap, asa), SCARG(uap, alen),
1124 MSG_LENUSRSPACE, m);
1125 if (m != NULL)
1126 m_free(m);
1127 return error;
1128 }
1129
1130 /*
1131 * Get name of peer for connected socket.
1132 */
1133 /* ARGSUSED */
1134 int
1135 sys_getpeername(struct lwp *l, const struct sys_getpeername_args *uap, register_t *retval)
1136 {
1137 /* {
1138 syscallarg(int) fdes;
1139 syscallarg(struct sockaddr *) asa;
1140 syscallarg(unsigned int *) alen;
1141 } */
1142 struct mbuf *m;
1143 int error;
1144
1145 error = do_sys_getsockname(l, SCARG(uap, fdes), PRU_PEERADDR, &m);
1146 if (error != 0)
1147 return error;
1148
1149 error = copyout_sockname(SCARG(uap, asa), SCARG(uap, alen),
1150 MSG_LENUSRSPACE, m);
1151 if (m != NULL)
1152 m_free(m);
1153 return error;
1154 }
1155
1156 /*
1157 * XXX In a perfect world, we wouldn't pass around socket control
1158 * XXX arguments in mbufs, and this could go away.
1159 */
1160 int
1161 sockargs(struct mbuf **mp, const void *bf, size_t buflen, int type)
1162 {
1163 struct sockaddr *sa;
1164 struct mbuf *m;
1165 int error;
1166
1167 /*
1168 * We can't allow socket names > UCHAR_MAX in length, since that
1169 * will overflow sa_len. Control data more than a page size in
1170 * length is just too much.
1171 */
1172 if (buflen > (type == MT_SONAME ? UCHAR_MAX : PAGE_SIZE))
1173 return (EINVAL);
1174
1175 /* Allocate an mbuf to hold the arguments. */
1176 m = m_get(M_WAIT, type);
1177 /* can't claim. don't who to assign it to. */
1178 if (buflen > MLEN) {
1179 /*
1180 * Won't fit into a regular mbuf, so we allocate just
1181 * enough external storage to hold the argument.
1182 */
1183 MEXTMALLOC(m, buflen, M_WAITOK);
1184 }
1185 m->m_len = buflen;
1186 error = copyin(bf, mtod(m, void *), buflen);
1187 if (error) {
1188 (void) m_free(m);
1189 return (error);
1190 }
1191 ktrkuser("sockargs", mtod(m, void *), buflen);
1192 *mp = m;
1193 if (type == MT_SONAME) {
1194 sa = mtod(m, struct sockaddr *);
1195 #if BYTE_ORDER != BIG_ENDIAN
1196 /*
1197 * 4.3BSD compat thing - need to stay, since bind(2),
1198 * connect(2), sendto(2) were not versioned for COMPAT_43.
1199 */
1200 if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1201 sa->sa_family = sa->sa_len;
1202 #endif
1203 sa->sa_len = buflen;
1204 }
1205 return (0);
1206 }
Cache object: c818e3a5eeee7daa36a2ec8de95d354c
|