]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/kern_descrip.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-6153.101.6.tar.gz
[apple/xnu.git] / bsd / kern / kern_descrip.c
CommitLineData
1c79356b 1/*
39037602 2 * Copyright (c) 2000-2016 Apple Inc. All rights reserved.
5d5c5d0d 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
39037602 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
39037602 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
39037602 17 *
2d21ac55
A		 18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A		 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A		 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
39037602 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
1c79356b
A		 27 */
28/* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */
29/*
30 * Copyright (c) 1982, 1986, 1989, 1991, 1993
31 * The Regents of the University of California. All rights reserved.
32 * (c) UNIX System Laboratories, Inc.
33 * All or some portions of this file are derived from material licensed
34 * to the University of California by American Telephone and Telegraph
35 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
36 * the permission of UNIX System Laboratories, Inc.
37 *
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
40 * are met:
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. All advertising materials mentioning features or use of this software
47 * must display the following acknowledgement:
48 * This product includes software developed by the University of
49 * California, Berkeley and its contributors.
50 * 4. Neither the name of the University nor the names of its contributors
51 * may be used to endorse or promote products derived from this software
52 * without specific prior written permission.
53 *
54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
64 * SUCH DAMAGE.
65 *
66 * @(#)kern_descrip.c 8.8 (Berkeley) 2/14/95
1c79356b 67 */
2d21ac55
A		 68/*
69 * NOTICE: This file was modified by SPARTA, Inc. in 2006 to introduce
70 * support for mandatory and extensible security protections. This notice
71 * is included in support of clause 2.2 (b) of the Apple Public License,
72 * Version 2.0.
73 */
1c79356b
A		 74
75#include <sys/param.h>
76#include <sys/systm.h>
77#include <sys/filedesc.h>
78#include <sys/kernel.h>
91447636
A		 79#include <sys/vnode_internal.h>
80#include <sys/proc_internal.h>
81#include <sys/kauth.h>
82#include <sys/file_internal.h>
39236c6e 83#include <sys/guarded.h>
c7d2c2c6 84#include <sys/priv.h>
1c79356b
A		 85#include <sys/socket.h>
86#include <sys/socketvar.h>
87#include <sys/stat.h>
88#include <sys/ioctl.h>
89#include <sys/fcntl.h>
a39ff7e2 90#include <sys/fsctl.h>
1c79356b 91#include <sys/malloc.h>
91447636 92#include <sys/mman.h>
1c79356b
A		 93#include <sys/syslog.h>
94#include <sys/unistd.h>
95#include <sys/resourcevar.h>
55e303ae 96#include <sys/aio_kern.h>
91447636 97#include <sys/ev.h>
fe8ab488 98#include <kern/locks.h>
b0d623f7 99#include <sys/uio_internal.h>
39236c6e 100#include <sys/codesign.h>
fe8ab488 101#include <sys/codedir_internal.h>
e5568f75 102
b0d623f7 103#include <security/audit/audit.h>
1c79356b 104
91447636
A		 105#include <sys/mount_internal.h>
106#include <sys/kdebug.h>
107#include <sys/sysproto.h>
108#include <sys/pipe.h>
6d2010ae 109#include <sys/spawn.h>
39037602 110#include <sys/cprotect.h>
91447636
A		 111#include <kern/kern_types.h>
112#include <kern/kalloc.h>
3e170ce0 113#include <kern/waitq.h>
b36670ce 114#include <libkern/OSAtomic.h>
91447636 115
593a1d5f 116#include <sys/ubc_internal.h>
2d21ac55 117
d1ecb069
A		 118#include <kern/ipc_misc.h>
119#include <vm/vm_protos.h>
120
121#include <mach/mach_port.h>
fe8ab488 122#include <stdbool.h>
d1ecb069 123
5ba3f43e
A		 124#if CONFIG_MACF
125#include <security/mac_framework.h>
126#endif
127
cb323159 128#define IPC_KMSG_FLAGS_ALLOW_IMMOVABLE_SEND 0x1
d1ecb069 129kern_return_t ipc_object_copyin(ipc_space_t, mach_port_name_t,
cb323159 130 mach_msg_type_name_t, ipc_port_t *, mach_port_context_t, mach_msg_guard_flags_t *, uint32_t);
d1ecb069
A		 131void ipc_port_release_send(ipc_port_t);
132
91447636
A		 133struct psemnode;
134struct pshmnode;
135
6d2010ae
A		 136static int finishdup(proc_t p,
137 struct filedesc *fdp, int old, int new, int flags, int32_t *retval);
91447636 138
2d21ac55 139int falloc_locked(proc_t p, struct fileproc **resultfp, int *resultfd, vfs_context_t ctx, int locked);
91447636
A		 140void fg_drop(struct fileproc * fp);
141void fg_free(struct fileglob *fg);
142void fg_ref(struct fileproc * fp);
d1ecb069 143void fileport_releasefg(struct fileglob *fg);
91447636 144
2d21ac55
A		 145/* flags for close_internal_locked */
146#define FD_DUP2RESV 1
2d21ac55
A		 147
148/* We don't want these exported */
2d21ac55
A		 149
150__private_extern__
c18c124e 151int unlink1(vfs_context_t, vnode_t, user_addr_t, enum uio_seg, int);
2d21ac55
A		 152
153static void _fdrelse(struct proc * p, int fd);
91447636 154
2d21ac55 155
39236c6e 156extern void file_lock_init(void);
91447636 157
0a7de745 158extern kauth_scope_t kauth_scope_fileop;
91447636 159
6d2010ae 160/* Conflict wait queue for when selects collide (opaque type) */
3e170ce0 161extern struct waitq select_conflict_queue;
6d2010ae 162
a39ff7e2
A		 163#ifndef HFS_GET_BOOT_INFO
164#define HFS_GET_BOOT_INFO (FCNTL_FS_SPECIFIC_BASE + 0x00004)
165#endif
166
167#ifndef HFS_SET_BOOT_INFO
168#define HFS_SET_BOOT_INFO (FCNTL_FS_SPECIFIC_BASE + 0x00005)
169#endif
170
171#ifndef APFSIOC_REVERT_TO_SNAPSHOT
172#define APFSIOC_REVERT_TO_SNAPSHOT _IOW('J', 1, u_int64_t)
173#endif
174
91447636 175#define f_flag f_fglob->fg_flag
39236c6e 176#define f_type f_fglob->fg_ops->fo_type
91447636
A		 177#define f_msgcount f_fglob->fg_msgcount
178#define f_cred f_fglob->fg_cred
179#define f_ops f_fglob->fg_ops
180#define f_offset f_fglob->fg_offset
181#define f_data f_fglob->fg_data
39236c6e 182#define CHECK_ADD_OVERFLOW_INT64L(x, y) \
0a7de745
A		 183 (((((x) > 0) && ((y) > 0) && ((x) > LLONG_MAX - (y))) || \
184 (((x) < 0) && ((y) < 0) && ((x) < LLONG_MIN - (y)))) \
185 ? 1 : 0)
1c79356b
A		 186/*
187 * Descriptor management.
188 */
0a7de745
A		 189struct fmsglist fmsghead; /* head of list of open files */
190struct fmsglist fmsg_ithead; /* head of list of open files */
191int nfiles; /* actual number of open files */
1c79356b 192
91447636
A		 193
194lck_grp_attr_t * file_lck_grp_attr;
195lck_grp_t * file_lck_grp;
196lck_attr_t * file_lck_attr;
197
198lck_mtx_t * uipc_lock;
91447636
A		 199
200
39236c6e
A		 201/*
202 * check_file_seek_range
203 *
204 * Description: Checks if seek offsets are in the range of 0 to LLONG_MAX.
205 *
206 * Parameters: fl Flock structure.
207 * cur_file_offset Current offset in the file.
208 *
0a7de745 209 * Returns: 0 on Success.
39236c6e 210 * EOVERFLOW on overflow.
0a7de745 211 * EINVAL on offset less than zero.
39236c6e
A		 212 */
213
214static int
215check_file_seek_range(struct flock *fl, off_t cur_file_offset)
216{
217 if (fl->l_whence == SEEK_CUR) {
218 /* Check if the start marker is beyond LLONG_MAX. */
219 if (CHECK_ADD_OVERFLOW_INT64L(fl->l_start, cur_file_offset)) {
220 /* Check if start marker is negative */
221 if (fl->l_start < 0) {
222 return EINVAL;
223 }
224 return EOVERFLOW;
225 }
226 /* Check if the start marker is negative. */
227 if (fl->l_start + cur_file_offset < 0) {
228 return EINVAL;
229 }
230 /* Check if end marker is beyond LLONG_MAX. */
39037602 231 if ((fl->l_len > 0) && (CHECK_ADD_OVERFLOW_INT64L(fl->l_start +
0a7de745 232 cur_file_offset, fl->l_len - 1))) {
39236c6e
A		 233 return EOVERFLOW;
234 }
235 /* Check if the end marker is negative. */
236 if ((fl->l_len <= 0) && (fl->l_start + cur_file_offset +
0a7de745 237 fl->l_len < 0)) {
39236c6e
A		 238 return EINVAL;
239 }
240 } else if (fl->l_whence == SEEK_SET) {
241 /* Check if the start marker is negative. */
242 if (fl->l_start < 0) {
243 return EINVAL;
244 }
245 /* Check if the end marker is beyond LLONG_MAX. */
39037602 246 if ((fl->l_len > 0) &&
39236c6e
A		 247 CHECK_ADD_OVERFLOW_INT64L(fl->l_start, fl->l_len - 1)) {
248 return EOVERFLOW;
249 }
250 /* Check if the end marker is negative. */
0a7de745 251 if ((fl->l_len < 0) && fl->l_start + fl->l_len < 0) {
39236c6e
A		 252 return EINVAL;
253 }
254 }
255 return 0;
256}
257
258
2d21ac55
A		 259/*
260 * file_lock_init
261 *
262 * Description: Initialize the file lock group and the uipc and flist locks
263 *
264 * Parameters: (void)
265 *
266 * Returns: void
267 *
268 * Notes: Called at system startup from bsd_init().
269 */
91447636
A		 270void
271file_lock_init(void)
272{
91447636 273 /* allocate file lock group attribute and group */
0a7de745 274 file_lck_grp_attr = lck_grp_attr_alloc_init();
91447636 275
0a7de745 276 file_lck_grp = lck_grp_alloc_init("file", file_lck_grp_attr);
91447636
A		 277
278 /* Allocate file lock attribute */
279 file_lck_attr = lck_attr_alloc_init();
91447636
A		 280
281 uipc_lock = lck_mtx_alloc_init(file_lck_grp, file_lck_attr);
2d21ac55 282}
91447636 283
91447636 284
2d21ac55
A		 285/*
286 * proc_fdlock, proc_fdlock_spin
287 *
288 * Description: Lock to control access to the per process struct fileproc
289 * and struct filedesc
290 *
291 * Parameters: p Process to take the lock on
292 *
293 * Returns: void
294 *
295 * Notes: The lock is initialized in forkproc() and destroyed in
296 * reap_child_process().
297 */
298void
299proc_fdlock(proc_t p)
300{
301 lck_mtx_lock(&p->p_fdmlock);
91447636
A		 302}
303
2d21ac55
A		 304void
305proc_fdlock_spin(proc_t p)
306{
307 lck_mtx_lock_spin(&p->p_fdmlock);
308}
91447636
A		 309
310void
2d21ac55 311proc_fdlock_assert(proc_t p, int assertflags)
91447636 312{
2d21ac55 313 lck_mtx_assert(&p->p_fdmlock, assertflags);
91447636
A		 314}
315
2d21ac55
A		 316
317/*
318 * proc_fdunlock
319 *
320 * Description: Unlock the lock previously locked by a call to proc_fdlock()
321 *
322 * Parameters: p Process to drop the lock on
323 *
324 * Returns: void
325 */
91447636 326void
2d21ac55 327proc_fdunlock(proc_t p)
91447636
A		 328{
329 lck_mtx_unlock(&p->p_fdmlock);
330}
9bccf70c 331
2d21ac55 332
1c79356b
A		 333/*
334 * System calls on descriptors.
335 */
91447636 336
2d21ac55
A		 337
338/*
339 * getdtablesize
340 *
341 * Description: Returns the per process maximum size of the descriptor table
342 *
343 * Parameters: p Process being queried
344 * retval Pointer to the call return area
345 *
346 * Returns: 0 Success
347 *
348 * Implicit returns:
349 * *retval (modified) Size of dtable
350 */
1c79356b 351int
b0d623f7 352getdtablesize(proc_t p, __unused struct getdtablesize_args *uap, int32_t *retval)
1c79356b 353{
2d21ac55 354 proc_fdlock_spin(p);
1c79356b 355 *retval = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfiles);
91447636
A		 356 proc_fdunlock(p);
357
0a7de745 358 return 0;
1c79356b
A		 359}
360
1c79356b 361
6601e61a
A		 362void
363procfdtbl_reservefd(struct proc * p, int fd)
364{
365 p->p_fd->fd_ofiles[fd] = NULL;
0a7de745 366 p->p_fd->fd_ofileflags[fd] |= UF_RESERVED;
6601e61a
A		 367}
368
369void
370procfdtbl_markclosefd(struct proc * p, int fd)
371{
0a7de745 372 p->p_fd->fd_ofileflags[fd] |= (UF_RESERVED | UF_CLOSING);
6601e61a
A		 373}
374
375void
376procfdtbl_releasefd(struct proc * p, int fd, struct fileproc * fp)
377{
0a7de745
A		 378 if (fp != NULL) {
379 p->p_fd->fd_ofiles[fd] = fp;
380 }
381 p->p_fd->fd_ofileflags[fd] &= ~UF_RESERVED;
6601e61a
A		 382 if ((p->p_fd->fd_ofileflags[fd] & UF_RESVWAIT) == UF_RESVWAIT) {
383 p->p_fd->fd_ofileflags[fd] &= ~UF_RESVWAIT;
384 wakeup(&p->p_fd);
385 }
386}
387
39037602 388void
6601e61a
A		 389procfdtbl_waitfd(struct proc * p, int fd)
390{
0a7de745 391 p->p_fd->fd_ofileflags[fd] |= UF_RESVWAIT;
6601e61a
A		 392 msleep(&p->p_fd, &p->p_fdmlock, PRIBIO, "ftbl_waitfd", NULL);
393}
394
395
396void
397procfdtbl_clearfd(struct proc * p, int fd)
398{
399 int waiting;
400
401 waiting = (p->p_fd->fd_ofileflags[fd] & UF_RESVWAIT);
39037602 402 p->p_fd->fd_ofiles[fd] = NULL;
6601e61a 403 p->p_fd->fd_ofileflags[fd] = 0;
0a7de745 404 if (waiting == UF_RESVWAIT) {
6601e61a
A		 405 wakeup(&p->p_fd);
406 }
407}
408
2d21ac55
A		 409/*
410 * _fdrelse
411 *
412 * Description: Inline utility function to free an fd in a filedesc
413 *
414 * Parameters: fdp Pointer to filedesc fd lies in
415 * fd fd to free
416 * reserv fd should be reserved
417 *
418 * Returns: void
419 *
420 * Locks: Assumes proc_fdlock for process pointing to fdp is held by
421 * the caller
422 */
423static void
424_fdrelse(struct proc * p, int fd)
1c79356b 425{
2d21ac55
A		 426 struct filedesc *fdp = p->p_fd;
427 int nfd = 0;
6601e61a 428
0a7de745 429 if (fd < fdp->fd_freefile) {
1c79356b 430 fdp->fd_freefile = fd;
0a7de745 431 }
1c79356b 432#if DIAGNOSTIC
0a7de745
A		 433 if (fd > fdp->fd_lastfile) {
434 panic("fdrelse: fd_lastfile inconsistent");
435 }
1c79356b 436#endif
6601e61a 437 procfdtbl_clearfd(p, fd);
91447636 438
6601e61a 439 while ((nfd = fdp->fd_lastfile) > 0 &&
0a7de745
A		 440 fdp->fd_ofiles[nfd] == NULL &&
441 !(fdp->fd_ofileflags[nfd] & UF_RESERVED)) {
5ba3f43e 442 /* JMM - What about files with lingering EV_VANISHED knotes? */
1c79356b 443 fdp->fd_lastfile--;
0a7de745 444 }
1c79356b
A		 445}
446
2d21ac55 447
b0d623f7
A		 448int
449fd_rdwr(
450 int fd,
451 enum uio_rw rw,
452 uint64_t base,
453 int64_t len,
454 enum uio_seg segflg,
0a7de745
A		 455 off_t offset,
456 int io_flg,
b0d623f7
A		 457 int64_t *aresid)
458{
0a7de745
A		 459 struct fileproc *fp;
460 proc_t p;
461 int error = 0;
b0d623f7
A		 462 int flags = 0;
463 int spacetype;
464 uio_t auio = NULL;
0a7de745 465 char uio_buf[UIO_SIZEOF(1)];
b0d623f7 466 struct vfs_context context = *(vfs_context_current());
fe8ab488 467 bool wrote_some = false;
b0d623f7
A		 468
469 p = current_proc();
470
0a7de745
A		 471 error = fp_lookup(p, fd, &fp, 0);
472 if (error) {
473 return error;
474 }
b0d623f7
A		 475
476 if (fp->f_type != DTYPE_VNODE && fp->f_type != DTYPE_PIPE && fp->f_type != DTYPE_SOCKET) {
477 error = EINVAL;
478 goto out;
479 }
480 if (rw == UIO_WRITE && !(fp->f_flag & FWRITE)) {
0a7de745 481 error = EBADF;
b0d623f7
A		 482 goto out;
483 }
39037602 484
b0d623f7 485 if (rw == UIO_READ && !(fp->f_flag & FREAD)) {
0a7de745
A		 486 error = EBADF;
487 goto out;
b0d623f7 488 }
39037602 489
b0d623f7
A		 490 context.vc_ucred = fp->f_fglob->fg_cred;
491
0a7de745 492 if (UIO_SEG_IS_USER_SPACE(segflg)) {
b0d623f7 493 spacetype = proc_is64bit(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
0a7de745 494 } else {
b0d623f7 495 spacetype = UIO_SYSSPACE;
0a7de745 496 }
b0d623f7
A		 497
498 auio = uio_createwithbuffer(1, offset, spacetype, rw, &uio_buf[0], sizeof(uio_buf));
499
500 uio_addiov(auio, base, len);
501
0a7de745 502 if (!(io_flg & IO_APPEND)) {
b0d623f7 503 flags = FOF_OFFSET;
0a7de745 504 }
b0d623f7 505
fe8ab488
A		 506 if (rw == UIO_WRITE) {
507 user_ssize_t orig_resid = uio_resid(auio);
b0d623f7 508 error = fo_write(fp, auio, flags, &context);
fe8ab488 509 wrote_some = uio_resid(auio) < orig_resid;
0a7de745 510 } else {
b0d623f7 511 error = fo_read(fp, auio, flags, &context);
0a7de745 512 }
b0d623f7 513
0a7de745 514 if (aresid) {
b0d623f7 515 *aresid = uio_resid(auio);
0a7de745
A		 516 } else {
517 if (uio_resid(auio) && error == 0) {
b0d623f7 518 error = EIO;
0a7de745 519 }
b0d623f7
A		 520 }
521out:
0a7de745
A		 522 if (wrote_some) {
523 fp_drop_written(p, fd, fp);
524 } else {
525 fp_drop(p, fd, fp, 0);
526 }
b0d623f7
A		 527
528 return error;
529}
530
531
532
1c79356b 533/*
2d21ac55
A		 534 * dup
535 *
536 * Description: Duplicate a file descriptor.
537 *
538 * Parameters: p Process performing the dup
539 * uap->fd The fd to dup
540 * retval Pointer to the call return area
541 *
542 * Returns: 0 Success
543 * !0 Errno
544 *
545 * Implicit returns:
546 * *retval (modified) The new descriptor
1c79356b 547 */
1c79356b 548int
b0d623f7 549dup(proc_t p, struct dup_args *uap, int32_t *retval)
1c79356b 550{
2d21ac55
A		 551 struct filedesc *fdp = p->p_fd;
552 int old = uap->fd;
1c79356b 553 int new, error;
91447636 554 struct fileproc *fp;
1c79356b 555
91447636 556 proc_fdlock(p);
0a7de745 557 if ((error = fp_lookup(p, old, &fp, 1))) {
91447636 558 proc_fdunlock(p);
0a7de745 559 return error;
91447636 560 }
39236c6e
A		 561 if (FP_ISGUARDED(fp, GUARD_DUP)) {
562 error = fp_guard_exception(p, old, fp, kGUARD_EXC_DUP);
563 (void) fp_drop(p, old, fp, 1);
564 proc_fdunlock(p);
0a7de745 565 return error;
39236c6e 566 }
0a7de745 567 if ((error = fdalloc(p, 0, &new))) {
91447636
A		 568 fp_drop(p, old, fp, 1);
569 proc_fdunlock(p);
0a7de745 570 return error;
91447636 571 }
6d2010ae 572 error = finishdup(p, fdp, old, new, 0, retval);
91447636
A		 573 fp_drop(p, old, fp, 1);
574 proc_fdunlock(p);
575
3e170ce0
A		 576 if (ENTR_SHOULDTRACE && fp->f_type == DTYPE_SOCKET) {
577 KERNEL_ENERGYTRACE(kEnTrActKernSocket, DBG_FUNC_START,
578 new, 0, (int64_t)VM_KERNEL_ADDRPERM(fp->f_data));
579 }
580
0a7de745 581 return error;
1c79356b
A		 582}
583
584/*
2d21ac55
A		 585 * dup2
586 *
587 * Description: Duplicate a file descriptor to a particular value.
588 *
589 * Parameters: p Process performing the dup
6d2010ae 590 * uap->from The fd to dup
2d21ac55
A		 591 * uap->to The fd to dup it to
592 * retval Pointer to the call return area
593 *
594 * Returns: 0 Success
595 * !0 Errno
596 *
597 * Implicit returns:
598 * *retval (modified) The new descriptor
1c79356b 599 */
1c79356b 600int
b0d623f7 601dup2(proc_t p, struct dup2_args *uap, int32_t *retval)
1c79356b 602{
2d21ac55
A		 603 struct filedesc *fdp = p->p_fd;
604 int old = uap->from, new = uap->to;
1c79356b 605 int i, error;
6601e61a 606 struct fileproc *fp, *nfp;
1c79356b 607
91447636
A		 608 proc_fdlock(p);
609
6601e61a 610startover:
0a7de745 611 if ((error = fp_lookup(p, old, &fp, 1))) {
91447636 612 proc_fdunlock(p);
0a7de745 613 return error;
91447636 614 }
39236c6e
A		 615 if (FP_ISGUARDED(fp, GUARD_DUP)) {
616 error = fp_guard_exception(p, old, fp, kGUARD_EXC_DUP);
617 (void) fp_drop(p, old, fp, 1);
618 proc_fdunlock(p);
0a7de745 619 return error;
39236c6e 620 }
91447636 621 if (new < 0 ||
0a7de745 622 (rlim_t)new >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur ||
91447636
A		 623 new >= maxfiles) {
624 fp_drop(p, old, fp, 1);
625 proc_fdunlock(p);
0a7de745 626 return EBADF;
91447636 627 }
1c79356b 628 if (old == new) {
91447636 629 fp_drop(p, old, fp, 1);
1c79356b 630 *retval = new;
91447636 631 proc_fdunlock(p);
0a7de745 632 return 0;
1c79356b 633 }
91447636 634 if (new < 0 || new >= fdp->fd_nfiles) {
0a7de745 635 if ((error = fdalloc(p, new, &i))) {
91447636
A		 636 fp_drop(p, old, fp, 1);
637 proc_fdunlock(p);
0a7de745 638 return error;
91447636 639 }
1c79356b 640 if (new != i) {
2d21ac55 641 fdrelse(p, i);
1c79356b
A		 642 goto closeit;
643 }
fa4905b1 644 } else {
1c79356b 645closeit:
0a7de745
A		 646 while ((fdp->fd_ofileflags[new] & UF_RESERVED) == UF_RESERVED) {
647 fp_drop(p, old, fp, 1);
648 procfdtbl_waitfd(p, new);
2d21ac55 649#if DIAGNOSTIC
0a7de745 650 proc_fdlock_assert(p, LCK_MTX_ASSERT_OWNED);
2d21ac55 651#endif
0a7de745 652 goto startover;
91447636
A		 653 }
654
6d2010ae
A		 655 if ((fdp->fd_ofiles[new] != NULL) &&
656 ((error = fp_lookup(p, new, &nfp, 1)) == 0)) {
6601e61a 657 fp_drop(p, old, fp, 1);
39236c6e
A		 658 if (FP_ISGUARDED(nfp, GUARD_CLOSE)) {
659 error = fp_guard_exception(p,
660 new, nfp, kGUARD_EXC_CLOSE);
661 (void) fp_drop(p, new, nfp, 1);
662 proc_fdunlock(p);
0a7de745 663 return error;
39236c6e 664 }
2d21ac55
A		 665 (void)close_internal_locked(p, new, nfp, FD_DUP2RESV);
666#if DIAGNOSTIC
667 proc_fdlock_assert(p, LCK_MTX_ASSERT_OWNED);
668#endif
6601e61a
A		 669 procfdtbl_clearfd(p, new);
670 goto startover;
0a7de745 671 } else {
2d21ac55 672#if DIAGNOSTIC
0a7de745 673 if (fdp->fd_ofiles[new] != NULL) {
6d2010ae 674 panic("dup2: no ref on fileproc %d", new);
0a7de745 675 }
2d21ac55 676#endif
6601e61a 677 procfdtbl_reservefd(p, new);
1c79356b 678 }
2d21ac55
A		 679
680#if DIAGNOSTIC
681 proc_fdlock_assert(p, LCK_MTX_ASSERT_OWNED);
682#endif
1c79356b 683 }
2d21ac55 684#if DIAGNOSTIC
0a7de745 685 if (fdp->fd_ofiles[new] != 0) {
6d2010ae 686 panic("dup2: overwriting fd_ofiles with new %d", new);
0a7de745
A		 687 }
688 if ((fdp->fd_ofileflags[new] & UF_RESERVED) == 0) {
6d2010ae 689 panic("dup2: unreserved fileflags with new %d", new);
0a7de745 690 }
2d21ac55 691#endif
6d2010ae 692 error = finishdup(p, fdp, old, new, 0, retval);
91447636
A		 693 fp_drop(p, old, fp, 1);
694 proc_fdunlock(p);
695
0a7de745 696 return error;
1c79356b
A		 697}
698
2d21ac55
A		 699
700/*
701 * fcntl
702 *
703 * Description: The file control system call.
704 *
705 * Parameters: p Process performing the fcntl
706 * uap->fd The fd to operate against
707 * uap->cmd The command to perform
708 * uap->arg Pointer to the command argument
709 * retval Pointer to the call return area
710 *
711 * Returns: 0 Success
712 * !0 Errno (see fcntl_nocancel)
713 *
714 * Implicit returns:
715 * *retval (modified) fcntl return value (if any)
716 *
717 * Notes: This system call differs from fcntl_nocancel() in that it
718 * tests for cancellation prior to performing a potentially
719 * blocking operation.
720 */
721int
b0d623f7 722fcntl(proc_t p, struct fcntl_args *uap, int32_t *retval)
2d21ac55
A		 723{
724 __pthread_testcancel(1);
0a7de745 725 return fcntl_nocancel(p, (struct fcntl_nocancel_args *)uap, retval);
2d21ac55
A		 726}
727
728
1c79356b 729/*
2d21ac55
A		 730 * fcntl_nocancel
731 *
732 * Description: A non-cancel-testing file control system call.
733 *
734 * Parameters: p Process performing the fcntl
735 * uap->fd The fd to operate against
736 * uap->cmd The command to perform
737 * uap->arg Pointer to the command argument
738 * retval Pointer to the call return area
739 *
740 * Returns: 0 Success
741 * EINVAL
742 * fp_lookup:EBADF Bad file descriptor
743 * [F_DUPFD]
744 * fdalloc:EMFILE
745 * fdalloc:ENOMEM
746 * finishdup:EBADF
747 * finishdup:ENOMEM
748 * [F_SETOWN]
749 * ESRCH
750 * [F_SETLK]
751 * EBADF
752 * EOVERFLOW
753 * copyin:EFAULT
754 * vnode_getwithref:???
755 * VNOP_ADVLOCK:???
39236c6e 756 * msleep:ETIMEDOUT
2d21ac55
A		 757 * [F_GETLK]
758 * EBADF
759 * EOVERFLOW
760 * copyin:EFAULT
761 * copyout:EFAULT
762 * vnode_getwithref:???
763 * VNOP_ADVLOCK:???
764 * [F_PREALLOCATE]
765 * EBADF
766 * EINVAL
767 * copyin:EFAULT
768 * copyout:EFAULT
769 * vnode_getwithref:???
770 * VNOP_ALLOCATE:???
771 * [F_SETSIZE,F_RDADVISE]
772 * EBADF
773 * copyin:EFAULT
774 * vnode_getwithref:???
775 * [F_RDAHEAD,F_NOCACHE]
776 * EBADF
777 * vnode_getwithref:???
778 * [???]
779 *
780 * Implicit returns:
781 * *retval (modified) fcntl return value (if any)
1c79356b 782 */
1c79356b 783int
b0d623f7 784fcntl_nocancel(proc_t p, struct fcntl_nocancel_args *uap, int32_t *retval)
1c79356b
A		 785{
786 int fd = uap->fd;
91447636
A		 787 struct filedesc *fdp = p->p_fd;
788 struct fileproc *fp;
789 char *pop;
0a7de745 790 struct vnode *vp = NULLVP; /* for AUDIT_ARG() at end */
3e170ce0 791 int i, tmp, error, error2, flg = 0;
d9a64523 792 struct flock fl = {};
39236c6e
A		 793 struct flocktimeout fltimeout;
794 struct timespec *timeout = NULL;
91447636
A		 795 struct vfs_context context;
796 off_t offset;
1c79356b 797 int newmin;
91447636 798 daddr64_t lbn, bn;
91447636
A		 799 unsigned int fflag;
800 user_addr_t argp;
e2fac8b1 801 boolean_t is64bit;
1c79356b 802
55e303ae
A		 803 AUDIT_ARG(fd, uap->fd);
804 AUDIT_ARG(cmd, uap->cmd);
91447636
A		 805
806 proc_fdlock(p);
0a7de745 807 if ((error = fp_lookup(p, fd, &fp, 1))) {
91447636 808 proc_fdunlock(p);
0a7de745 809 return error;
91447636 810 }
2d21ac55 811 context.vc_thread = current_thread();
91447636 812 context.vc_ucred = fp->f_cred;
e2fac8b1
A		 813
814 is64bit = proc_is64bit(p);
815 if (is64bit) {
91447636 816 argp = uap->arg;
0a7de745 817 } else {
2d21ac55
A		 818 /*
819 * Since the arg parameter is defined as a long but may be
820 * either a long or a pointer we must take care to handle
821 * sign extension issues. Our sys call munger will sign
822 * extend a long when we are called from a 32-bit process.
823 * Since we can never have an address greater than 32-bits
824 * from a 32-bit process we lop off the top 32-bits to avoid
825 * getting the wrong address
91447636 826 */
b0d623f7 827 argp = CAST_USER_ADDR_T((uint32_t)uap->arg);
91447636
A		 828 }
829
1c79356b 830 pop = &fdp->fd_ofileflags[fd];
55e303ae 831
2d21ac55
A		 832#if CONFIG_MACF
833 error = mac_file_check_fcntl(proc_ucred(p), fp->f_fglob, uap->cmd,
834 uap->arg);
0a7de745 835 if (error) {
2d21ac55 836 goto out;
0a7de745 837 }
2d21ac55
A		 838#endif
839
1c79356b 840 switch (uap->cmd) {
1c79356b 841 case F_DUPFD:
6d2010ae 842 case F_DUPFD_CLOEXEC:
39236c6e
A		 843 if (FP_ISGUARDED(fp, GUARD_DUP)) {
844 error = fp_guard_exception(p, fd, fp, kGUARD_EXC_DUP);
845 goto out;
846 }
b0d623f7
A		 847 newmin = CAST_DOWN_EXPLICIT(int, uap->arg); /* arg is an int, so we won't lose bits */
848 AUDIT_ARG(value32, newmin);
1c79356b 849 if ((u_int)newmin >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur ||
91447636
A		 850 newmin >= maxfiles) {
851 error = EINVAL;
852 goto out;
853 }
0a7de745 854 if ((error = fdalloc(p, newmin, &i))) {
91447636 855 goto out;
0a7de745 856 }
6d2010ae
A		 857 error = finishdup(p, fdp, fd, i,
858 uap->cmd == F_DUPFD_CLOEXEC ? UF_EXCLOSE : 0, retval);
91447636 859 goto out;
1c79356b
A		 860
861 case F_GETFD:
39236c6e 862 *retval = (*pop & UF_EXCLOSE)? FD_CLOEXEC : 0;
91447636
A		 863 error = 0;
864 goto out;
1c79356b
A		 865
866 case F_SETFD:
b0d623f7 867 AUDIT_ARG(value32, uap->arg);
0a7de745 868 if (uap->arg & FD_CLOEXEC) {
39236c6e 869 *pop |= UF_EXCLOSE;
0a7de745 870 } else {
39236c6e
A		 871 if (FILEPROC_TYPE(fp) == FTYPE_GUARDED) {
872 error = fp_guard_exception(p,
873 fd, fp, kGUARD_EXC_NOCLOEXEC);
874 goto out;
875 }
876 *pop &= ~UF_EXCLOSE;
877 }
91447636
A		 878 error = 0;
879 goto out;
1c79356b
A		 880
881 case F_GETFL:
882 *retval = OFLAGS(fp->f_flag);
91447636
A		 883 error = 0;
884 goto out;
1c79356b
A		 885
886 case F_SETFL:
887 fp->f_flag &= ~FCNTLFLAGS;
b0d623f7
A		 888 tmp = CAST_DOWN_EXPLICIT(int, uap->arg); /* arg is an int, so we won't lose bits */
889 AUDIT_ARG(value32, tmp);
91447636 890 fp->f_flag |= FFLAGS(tmp) & FCNTLFLAGS;
1c79356b 891 tmp = fp->f_flag & FNONBLOCK;
2d21ac55 892 error = fo_ioctl(fp, FIONBIO, (caddr_t)&tmp, &context);
0a7de745 893 if (error) {
91447636 894 goto out;
0a7de745 895 }
1c79356b 896 tmp = fp->f_flag & FASYNC;
2d21ac55 897 error = fo_ioctl(fp, FIOASYNC, (caddr_t)&tmp, &context);
0a7de745 898 if (!error) {
91447636 899 goto out;
0a7de745 900 }
1c79356b
A		 901 fp->f_flag &= ~FNONBLOCK;
902 tmp = 0;
2d21ac55 903 (void)fo_ioctl(fp, FIONBIO, (caddr_t)&tmp, &context);
91447636 904 goto out;
1c79356b
A		 905
906 case F_GETOWN:
907 if (fp->f_type == DTYPE_SOCKET) {
908 *retval = ((struct socket *)fp->f_data)->so_pgid;
91447636
A		 909 error = 0;
910 goto out;
1c79356b 911 }
cb323159 912 error = fo_ioctl(fp, TIOCGPGRP, (caddr_t)retval, &context);
1c79356b 913 *retval = -*retval;
91447636 914 goto out;
1c79356b
A		 915
916 case F_SETOWN:
b0d623f7
A		 917 tmp = CAST_DOWN_EXPLICIT(pid_t, uap->arg); /* arg is an int, so we won't lose bits */
918 AUDIT_ARG(value32, tmp);
1c79356b 919 if (fp->f_type == DTYPE_SOCKET) {
91447636 920 ((struct socket *)fp->f_data)->so_pgid = tmp;
0a7de745 921 error = 0;
91447636 922 goto out;
1c79356b 923 }
91447636 924 if (fp->f_type == DTYPE_PIPE) {
0b4c1975 925 error = fo_ioctl(fp, TIOCSPGRP, (caddr_t)&tmp, &context);
91447636
A		 926 goto out;
927 }
928
929 if (tmp <= 0) {
930 tmp = -tmp;
1c79356b 931 } else {
2d21ac55 932 proc_t p1 = proc_find(tmp);
91447636
A		 933 if (p1 == 0) {
934 error = ESRCH;
935 goto out;
936 }
2d21ac55
A		 937 tmp = (int)p1->p_pgrpid;
938 proc_rele(p1);
1c79356b 939 }
cb323159 940 error = fo_ioctl(fp, TIOCSPGRP, (caddr_t)&tmp, &context);
91447636 941 goto out;
1c79356b 942
6d2010ae
A		 943 case F_SETNOSIGPIPE:
944 tmp = CAST_DOWN_EXPLICIT(int, uap->arg);
945 if (fp->f_type == DTYPE_SOCKET) {
39236c6e 946#if SOCKETS
6d2010ae 947 error = sock_setsockopt((struct socket *)fp->f_data,
0a7de745 948 SOL_SOCKET, SO_NOSIGPIPE, &tmp, sizeof(tmp));
39236c6e
A		 949#else
950 error = EINVAL;
951#endif
6d2010ae
A		 952 } else {
953 struct fileglob *fg = fp->f_fglob;
954
955 lck_mtx_lock_spin(&fg->fg_lock);
0a7de745 956 if (tmp) {
6d2010ae 957 fg->fg_lflags |= FG_NOSIGPIPE;
0a7de745
A		 958 } else {
959 fg->fg_lflags &= ~FG_NOSIGPIPE;
960 }
6d2010ae
A		 961 lck_mtx_unlock(&fg->fg_lock);
962 error = 0;
963 }
964 goto out;
965
966 case F_GETNOSIGPIPE:
967 if (fp->f_type == DTYPE_SOCKET) {
39236c6e 968#if SOCKETS
0a7de745 969 int retsize = sizeof(*retval);
6d2010ae
A		 970 error = sock_getsockopt((struct socket *)fp->f_data,
971 SOL_SOCKET, SO_NOSIGPIPE, retval, &retsize);
39236c6e
A		 972#else
973 error = EINVAL;
974#endif
6d2010ae
A		 975 } else {
976 *retval = (fp->f_fglob->fg_lflags & FG_NOSIGPIPE) ?
0a7de745 977 1 : 0;
6d2010ae
A		 978 error = 0;
979 }
980 goto out;
981
3e170ce0
A		 982 case F_SETCONFINED:
983 /*
984 * If this is the only reference to this fglob in the process
985 * and it's already marked as close-on-fork then mark it as
986 * (immutably) "confined" i.e. any fd that points to it will
987 * forever be close-on-fork, and attempts to use an IPC
988 * mechanism to move the descriptor elsewhere will fail.
989 */
990 if (CAST_DOWN_EXPLICIT(int, uap->arg)) {
991 struct fileglob *fg = fp->f_fglob;
992
993 lck_mtx_lock_spin(&fg->fg_lock);
0a7de745 994 if (fg->fg_lflags & FG_CONFINED) {
3e170ce0 995 error = 0;
0a7de745
A		 996 } else if (1 != fg->fg_count) {
997 error = EAGAIN; /* go close the dup .. */
998 } else if (UF_FORKCLOSE == (*pop & UF_FORKCLOSE)) {
3e170ce0
A		 999 fg->fg_lflags |= FG_CONFINED;
1000 error = 0;
0a7de745
A		 1001 } else {
1002 error = EBADF; /* open without O_CLOFORK? */
1003 }
3e170ce0
A		 1004 lck_mtx_unlock(&fg->fg_lock);
1005 } else {
1006 /*
1007 * Other subsystems may have built on the immutability
1008 * of FG_CONFINED; clearing it may be tricky.
1009 */
0a7de745 1010 error = EPERM; /* immutable */
3e170ce0
A		 1011 }
1012 goto out;
1013
1014 case F_GETCONFINED:
1015 *retval = (fp->f_fglob->fg_lflags & FG_CONFINED) ? 1 : 0;
1016 error = 0;
1017 goto out;
1018
39236c6e 1019 case F_SETLKWTIMEOUT:
1c79356b 1020 case F_SETLKW:
3e170ce0
A		 1021 case F_OFD_SETLKWTIMEOUT:
1022 case F_OFD_SETLKW:
1c79356b 1023 flg |= F_WAIT;
0a7de745 1024 /* Fall into F_SETLK */
1c79356b
A		 1025
1026 case F_SETLK:
3e170ce0 1027 case F_OFD_SETLK:
91447636
A		 1028 if (fp->f_type != DTYPE_VNODE) {
1029 error = EBADF;
1030 goto out;
1031 }
1c79356b 1032 vp = (struct vnode *)fp->f_data;
ccc36f2f 1033
91447636
A		 1034 fflag = fp->f_flag;
1035 offset = fp->f_offset;
1036 proc_fdunlock(p);
1037
1c79356b 1038 /* Copy in the lock structure */
3e170ce0
A		 1039 if (F_SETLKWTIMEOUT == uap->cmd ||
1040 F_OFD_SETLKWTIMEOUT == uap->cmd) {
39236c6e
A		 1041 error = copyin(argp, (caddr_t) &fltimeout, sizeof(fltimeout));
1042 if (error) {
1043 goto outdrop;
1044 }
1045 fl = fltimeout.fl;
1046 timeout = &fltimeout.timeout;
1047 } else {
1048 error = copyin(argp, (caddr_t)&fl, sizeof(fl));
1049 if (error) {
1050 goto outdrop;
1051 }
91447636 1052 }
2d21ac55 1053
39236c6e
A		 1054 /* Check starting byte and ending byte for EOVERFLOW in SEEK_CUR */
1055 /* and ending byte for EOVERFLOW in SEEK_SET */
1056 error = check_file_seek_range(&fl, offset);
1057 if (error) {
1058 goto outdrop;
2d21ac55
A		 1059 }
1060
0a7de745 1061 if ((error = vnode_getwithref(vp))) {
91447636
A		 1062 goto outdrop;
1063 }
0a7de745 1064 if (fl.l_whence == SEEK_CUR) {
91447636 1065 fl.l_start += offset;
0a7de745 1066 }
91447636 1067
2d21ac55
A		 1068#if CONFIG_MACF
1069 error = mac_file_check_lock(proc_ucred(p), fp->f_fglob,
1070 F_SETLK, &fl);
1071 if (error) {
1072 (void)vnode_put(vp);
1073 goto outdrop;
1074 }
1075#endif
3e170ce0
A		 1076 switch (uap->cmd) {
1077 case F_OFD_SETLK:
1078 case F_OFD_SETLKW:
1079 case F_OFD_SETLKWTIMEOUT:
1080 flg |= F_OFD_LOCK;
1081 switch (fl.l_type) {
1082 case F_RDLCK:
1083 if ((fflag & FREAD) == 0) {
1084 error = EBADF;
1085 break;
1086 }
1087 error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob,
1088 F_SETLK, &fl, flg, &context, timeout);
1089 break;
1090 case F_WRLCK:
1091 if ((fflag & FWRITE) == 0) {
1092 error = EBADF;
1093 break;
1094 }
1095 error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob,
1096 F_SETLK, &fl, flg, &context, timeout);
1097 break;
1098 case F_UNLCK:
1099 error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob,
1100 F_UNLCK, &fl, F_OFD_LOCK, &context,
1101 timeout);
1102 break;
1103 default:
1104 error = EINVAL;
1105 break;
91447636 1106 }
3e170ce0
A		 1107 if (0 == error &&
1108 (F_RDLCK == fl.l_type || F_WRLCK == fl.l_type)) {
1109 struct fileglob *fg = fp->f_fglob;
1c79356b 1110
3e170ce0
A		 1111 /*
1112 * arrange F_UNLCK on last close (once
1113 * set, FG_HAS_OFDLOCK is immutable)
1114 */
1115 if ((fg->fg_lflags & FG_HAS_OFDLOCK) == 0) {
1116 lck_mtx_lock_spin(&fg->fg_lock);
1117 fg->fg_lflags |= FG_HAS_OFDLOCK;
1118 lck_mtx_unlock(&fg->fg_lock);
1119 }
91447636 1120 }
3e170ce0 1121 break;
1c79356b 1122 default:
3e170ce0
A		 1123 flg |= F_POSIX;
1124 switch (fl.l_type) {
1125 case F_RDLCK:
1126 if ((fflag & FREAD) == 0) {
1127 error = EBADF;
1128 break;
1129 }
1130 // XXX UInt32 unsafe for LP64 kernel
1131 OSBitOrAtomic(P_LADVLOCK, &p->p_ladvflag);
1132 error = VNOP_ADVLOCK(vp, (caddr_t)p,
1133 F_SETLK, &fl, flg, &context, timeout);
1134 break;
1135 case F_WRLCK:
1136 if ((fflag & FWRITE) == 0) {
1137 error = EBADF;
1138 break;
1139 }
1140 // XXX UInt32 unsafe for LP64 kernel
1141 OSBitOrAtomic(P_LADVLOCK, &p->p_ladvflag);
1142 error = VNOP_ADVLOCK(vp, (caddr_t)p,
1143 F_SETLK, &fl, flg, &context, timeout);
1144 break;
1145 case F_UNLCK:
1146 error = VNOP_ADVLOCK(vp, (caddr_t)p,
1147 F_UNLCK, &fl, F_POSIX, &context, timeout);
1148 break;
1149 default:
1150 error = EINVAL;
1151 break;
1152 }
1153 break;
1c79356b 1154 }
3e170ce0
A		 1155 (void) vnode_put(vp);
1156 goto outdrop;
1c79356b
A		 1157
1158 case F_GETLK:
3e170ce0 1159 case F_OFD_GETLK:
5ba3f43e
A		 1160 case F_GETLKPID:
1161 case F_OFD_GETLKPID:
91447636
A		 1162 if (fp->f_type != DTYPE_VNODE) {
1163 error = EBADF;
1164 goto out;
1165 }
1c79356b 1166 vp = (struct vnode *)fp->f_data;
ccc36f2f 1167
91447636
A		 1168 offset = fp->f_offset;
1169 proc_fdunlock(p);
1170
1c79356b 1171 /* Copy in the lock structure */
2d21ac55 1172 error = copyin(argp, (caddr_t)&fl, sizeof(fl));
0a7de745 1173 if (error) {
91447636 1174 goto outdrop;
0a7de745 1175 }
91447636 1176
2d21ac55
A		 1177 /* Check starting byte and ending byte for EOVERFLOW in SEEK_CUR */
1178 /* and ending byte for EOVERFLOW in SEEK_SET */
39236c6e
A		 1179 error = check_file_seek_range(&fl, offset);
1180 if (error) {
2d21ac55
A		 1181 goto outdrop;
1182 }
1183
1184 if ((fl.l_whence == SEEK_SET) && (fl.l_start < 0)) {
1185 error = EINVAL;
1186 goto outdrop;
1187 }
1188
1189 switch (fl.l_type) {
1190 case F_RDLCK:
1191 case F_UNLCK:
1192 case F_WRLCK:
1193 break;
1194 default:
1195 error = EINVAL;
1196 goto outdrop;
1197 }
1198
1199 switch (fl.l_whence) {
1200 case SEEK_CUR:
1201 case SEEK_SET:
1202 case SEEK_END:
1203 break;
1204 default:
1205 error = EINVAL;
1206 goto outdrop;
1207 }
1208
0a7de745
A		 1209 if ((error = vnode_getwithref(vp)) == 0) {
1210 if (fl.l_whence == SEEK_CUR) {
1211 fl.l_start += offset;
1212 }
91447636 1213
2d21ac55
A		 1214#if CONFIG_MACF
1215 error = mac_file_check_lock(proc_ucred(p), fp->f_fglob,
6d2010ae 1216 uap->cmd, &fl);
2d21ac55
A		 1217 if (error == 0)
1218#endif
3e170ce0
A		 1219 switch (uap->cmd) {
1220 case F_OFD_GETLK:
1221 error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob,
1222 F_GETLK, &fl, F_OFD_LOCK, &context, NULL);
1223 break;
1224 case F_OFD_GETLKPID:
1225 error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob,
1226 F_GETLKPID, &fl, F_OFD_LOCK, &context, NULL);
1227 break;
1228 default:
1229 error = VNOP_ADVLOCK(vp, (caddr_t)p,
1230 uap->cmd, &fl, F_POSIX, &context, NULL);
1231 break;
1232 }
91447636
A		 1233
1234 (void)vnode_put(vp);
1235
0a7de745 1236 if (error == 0) {
2d21ac55 1237 error = copyout((caddr_t)&fl, argp, sizeof(fl));
0a7de745 1238 }
91447636
A		 1239 }
1240 goto outdrop;
1241
1242 case F_PREALLOCATE: {
1243 fstore_t alloc_struct; /* structure for allocate command */
1244 u_int32_t alloc_flags = 0;
1245
1246 if (fp->f_type != DTYPE_VNODE) {
1247 error = EBADF;
1248 goto out;
1249 }
1c79356b 1250
ccc36f2f 1251 vp = (struct vnode *)fp->f_data;
91447636 1252 proc_fdunlock(p);
9bccf70c
A		 1253
1254 /* make sure that we have write permission */
ccc36f2f
A		 1255 if ((fp->f_flag & FWRITE) == 0) {
1256 error = EBADF;
91447636 1257 goto outdrop;
ccc36f2f 1258 }
1c79356b 1259
2d21ac55 1260 error = copyin(argp, (caddr_t)&alloc_struct, sizeof(alloc_struct));
0a7de745 1261 if (error) {
91447636 1262 goto outdrop;
0a7de745 1263 }
1c79356b 1264
9bccf70c 1265 /* now set the space allocated to 0 */
1c79356b 1266 alloc_struct.fst_bytesalloc = 0;
39037602 1267
9bccf70c
A		 1268 /*
1269 * Do some simple parameter checking
1270 */
1c79356b
A		 1271
1272 /* set up the flags */
1273
1274 alloc_flags |= PREALLOCATE;
39037602 1275
0a7de745 1276 if (alloc_struct.fst_flags & F_ALLOCATECONTIG) {
1c79356b 1277 alloc_flags |= ALLOCATECONTIG;
0a7de745 1278 }
1c79356b 1279
0a7de745 1280 if (alloc_struct.fst_flags & F_ALLOCATEALL) {
9bccf70c 1281 alloc_flags |= ALLOCATEALL;
0a7de745 1282 }
1c79356b 1283
9bccf70c
A		 1284 /*
1285 * Do any position mode specific stuff. The only
1286 * position mode supported now is PEOFPOSMODE
1287 */
1c79356b
A		 1288
1289 switch (alloc_struct.fst_posmode) {
1c79356b 1290 case F_PEOFPOSMODE:
91447636 1291 if (alloc_struct.fst_offset != 0) {
ccc36f2f 1292 error = EINVAL;
91447636
A		 1293 goto outdrop;
1294 }
1295
1296 alloc_flags |= ALLOCATEFROMPEOF;
1c79356b
A		 1297 break;
1298
0b4e3aa0 1299 case F_VOLPOSMODE:
91447636 1300 if (alloc_struct.fst_offset <= 0) {
ccc36f2f 1301 error = EINVAL;
91447636
A		 1302 goto outdrop;
1303 }
1304
1305 alloc_flags |= ALLOCATEFROMVOL;
0b4e3aa0
A		 1306 break;
1307
91447636 1308 default: {
ccc36f2f 1309 error = EINVAL;
91447636 1310 goto outdrop;
1c79356b 1311 }
0a7de745
A		 1312 }
1313 if ((error = vnode_getwithref(vp)) == 0) {
1314 /*
91447636
A		 1315 * call allocate to get the space
1316 */
0a7de745
A		 1317 error = VNOP_ALLOCATE(vp, alloc_struct.fst_length, alloc_flags,
1318 &alloc_struct.fst_bytesalloc, alloc_struct.fst_offset,
1319 &context);
91447636 1320 (void)vnode_put(vp);
1c79356b 1321
2d21ac55 1322 error2 = copyout((caddr_t)&alloc_struct, argp, sizeof(alloc_struct));
1c79356b 1323
0a7de745 1324 if (error == 0) {
ccc36f2f 1325 error = error2;
0a7de745 1326 }
1c79356b 1327 }
91447636 1328 goto outdrop;
813fb2f6
A		 1329 }
1330 case F_PUNCHHOLE: {
1331 fpunchhole_t args;
1332
1333 if (fp->f_type != DTYPE_VNODE) {
1334 error = EBADF;
1335 goto out;
1336 }
1337
1338 vp = (struct vnode *)fp->f_data;
1339 proc_fdunlock(p);
1340
1341 /* need write permissions */
1342 if ((fp->f_flag & FWRITE) == 0) {
1343 error = EPERM;
1344 goto outdrop;
1345 }
1346
1347 if ((error = copyin(argp, (caddr_t)&args, sizeof(args)))) {
1348 goto outdrop;
1349 }
39037602 1350
813fb2f6
A		 1351 if ((error = vnode_getwithref(vp))) {
1352 goto outdrop;
1353 }
1354
1355#if CONFIG_MACF
1356 if ((error = mac_vnode_check_write(&context, fp->f_fglob->fg_cred, vp))) {
1357 (void)vnode_put(vp);
1358 goto outdrop;
91447636 1359 }
813fb2f6
A		 1360#endif
1361
1362 error = VNOP_IOCTL(vp, F_PUNCHHOLE, (caddr_t)&args, 0, &context);
1363 (void)vnode_put(vp);
1364
1365 goto outdrop;
1366 }
1367 case F_TRIM_ACTIVE_FILE: {
1368 ftrimactivefile_t args;
1369
1370 if (priv_check_cred(kauth_cred_get(), PRIV_TRIM_ACTIVE_FILE, 0)) {
1371 error = EACCES;
1372 goto out;
1373 }
1374
1375 if (fp->f_type != DTYPE_VNODE) {
1376 error = EBADF;
1377 goto out;
1378 }
1379
1380 vp = (struct vnode *)fp->f_data;
1381 proc_fdunlock(p);
1382
1383 /* need write permissions */
1384 if ((fp->f_flag & FWRITE) == 0) {
1385 error = EPERM;
1386 goto outdrop;
1387 }
1388
1389 if ((error = copyin(argp, (caddr_t)&args, sizeof(args)))) {
1390 goto outdrop;
1391 }
1392
1393 if ((error = vnode_getwithref(vp))) {
1394 goto outdrop;
1395 }
1396
1397 error = VNOP_IOCTL(vp, F_TRIM_ACTIVE_FILE, (caddr_t)&args, 0, &context);
1398 (void)vnode_put(vp);
1399
1400 goto outdrop;
1401 }
cb323159
A		 1402 case F_SPECULATIVE_READ: {
1403 fspecread_t args;
1404
1405 if (fp->f_type != DTYPE_VNODE) {
1406 error = EBADF;
1407 goto out;
1408 }
1409
1410 vp = (struct vnode *)fp->f_data;
1411 proc_fdunlock(p);
1412
1413 if ((error = copyin(argp, (caddr_t)&args, sizeof(args)))) {
1414 goto outdrop;
1415 }
1416
1417 /* Discard invalid offsets or lengths */
1418 if ((args.fsr_offset < 0) || (args.fsr_length < 0)) {
1419 error = EINVAL;
1420 goto outdrop;
1421 }
1422
1423 /*
1424 * Round the file offset down to a page-size boundary (or to 0).
1425 * The filesystem will need to round the length up to the end of the page boundary
1426 * or to the EOF of the file.
1427 */
1428 uint64_t foff = (((uint64_t)args.fsr_offset) & ~((uint64_t)PAGE_MASK));
1429 uint64_t foff_delta = args.fsr_offset - foff;
1430 args.fsr_offset = (off_t) foff;
1431
1432 /*
1433 * Now add in the delta to the supplied length. Since we may have adjusted the
1434 * offset, increase it by the amount that we adjusted.
1435 */
1436 args.fsr_length += foff_delta;
1437
1438 if ((error = vnode_getwithref(vp))) {
1439 goto outdrop;
1440 }
1441 error = VNOP_IOCTL(vp, F_SPECULATIVE_READ, (caddr_t)&args, 0, &context);
1442 (void)vnode_put(vp);
1443
1444 goto outdrop;
1445 }
9bccf70c 1446 case F_SETSIZE:
91447636
A		 1447 if (fp->f_type != DTYPE_VNODE) {
1448 error = EBADF;
1449 goto out;
1450 }
2d21ac55 1451 vp = (struct vnode *)fp->f_data;
91447636 1452 proc_fdunlock(p);
ccc36f2f 1453
0a7de745
A		 1454 error = copyin(argp, (caddr_t)&offset, sizeof(off_t));
1455 if (error) {
91447636 1456 goto outdrop;
0a7de745 1457 }
b0d623f7 1458 AUDIT_ARG(value64, offset);
1c79356b 1459
2d21ac55 1460 error = vnode_getwithref(vp);
0a7de745 1461 if (error) {
2d21ac55 1462 goto outdrop;
0a7de745 1463 }
2d21ac55
A		 1464
1465#if CONFIG_MACF
1466 error = mac_vnode_check_truncate(&context,
1467 fp->f_fglob->fg_cred, vp);
1468 if (error) {
1469 (void)vnode_put(vp);
1470 goto outdrop;
1471 }
1472#endif
9bccf70c
A		 1473 /*
1474 * Make sure that we are root. Growing a file
39037602 1475 * without zero filling the data is a security hole
9bccf70c
A		 1476 * root would have access anyway so we'll allow it
1477 */
39236c6e 1478 if (!kauth_cred_issuser(kauth_cred_get())) {
ccc36f2f 1479 error = EACCES;
2d21ac55
A		 1480 } else {
1481 /*
91447636
A		 1482 * set the file size
1483 */
2d21ac55
A		 1484 error = vnode_setsize(vp, offset, IO_NOZEROFILL,
1485 &context);
39037602
A		 1486
1487#if CONFIG_MACF
0a7de745 1488 if (error == 0) {
39037602 1489 mac_vnode_notify_truncate(&context, fp->f_fglob->fg_cred, vp);
0a7de745 1490 }
39037602 1491#endif
91447636 1492 }
2d21ac55
A		 1493
1494 (void)vnode_put(vp);
91447636 1495 goto outdrop;
9bccf70c
A		 1496
1497 case F_RDAHEAD:
91447636
A		 1498 if (fp->f_type != DTYPE_VNODE) {
1499 error = EBADF;
1500 goto out;
1501 }
0a7de745
A		 1502 if (uap->arg) {
1503 fp->f_fglob->fg_flag &= ~FNORDAHEAD;
1504 } else {
1505 fp->f_fglob->fg_flag |= FNORDAHEAD;
1506 }
91447636 1507
2d21ac55 1508 goto out;
1c79356b 1509
9bccf70c 1510 case F_NOCACHE:
91447636
A		 1511 if (fp->f_type != DTYPE_VNODE) {
1512 error = EBADF;
1513 goto out;
1514 }
0a7de745
A		 1515 if (uap->arg) {
1516 fp->f_fglob->fg_flag |= FNOCACHE;
1517 } else {
1518 fp->f_fglob->fg_flag &= ~FNOCACHE;
1519 }
2d21ac55
A		 1520
1521 goto out;
1522
6d2010ae
A		 1523 case F_NODIRECT:
1524 if (fp->f_type != DTYPE_VNODE) {
1525 error = EBADF;
1526 goto out;
1527 }
0a7de745
A		 1528 if (uap->arg) {
1529 fp->f_fglob->fg_flag |= FNODIRECT;
1530 } else {
1531 fp->f_fglob->fg_flag &= ~FNODIRECT;
1532 }
6d2010ae
A		 1533
1534 goto out;
1535
316670eb
A		 1536 case F_SINGLE_WRITER:
1537 if (fp->f_type != DTYPE_VNODE) {
1538 error = EBADF;
1539 goto out;
1540 }
0a7de745
A		 1541 if (uap->arg) {
1542 fp->f_fglob->fg_flag |= FSINGLE_WRITER;
1543 } else {
1544 fp->f_fglob->fg_flag &= ~FSINGLE_WRITER;
1545 }
316670eb
A		 1546
1547 goto out;
1548
2d21ac55 1549 case F_GLOBAL_NOCACHE:
0a7de745
A		 1550 if (fp->f_type != DTYPE_VNODE) {
1551 error = EBADF;
2d21ac55
A		 1552 goto out;
1553 }
9bccf70c 1554 vp = (struct vnode *)fp->f_data;
91447636 1555 proc_fdunlock(p);
9bccf70c 1556
0a7de745
A		 1557 if ((error = vnode_getwithref(vp)) == 0) {
1558 *retval = vnode_isnocache(vp);
2d21ac55 1559
0a7de745
A		 1560 if (uap->arg) {
1561 vnode_setnocache(vp);
1562 } else {
1563 vnode_clearnocache(vp);
1564 }
1c79356b 1565
91447636
A		 1566 (void)vnode_put(vp);
1567 }
1568 goto outdrop;
1c79356b 1569
2d21ac55 1570 case F_CHECK_OPENEVT:
0a7de745
A		 1571 if (fp->f_type != DTYPE_VNODE) {
1572 error = EBADF;
3a60a9f5
A		 1573 goto out;
1574 }
1575 vp = (struct vnode *)fp->f_data;
1576 proc_fdunlock(p);
1577
0a7de745
A		 1578 if ((error = vnode_getwithref(vp)) == 0) {
1579 *retval = vnode_is_openevt(vp);
3a60a9f5 1580
0a7de745
A		 1581 if (uap->arg) {
1582 vnode_set_openevt(vp);
1583 } else {
1584 vnode_clear_openevt(vp);
1585 }
3a60a9f5
A		 1586
1587 (void)vnode_put(vp);
1588 }
1589 goto outdrop;
1590
91447636
A		 1591 case F_RDADVISE: {
1592 struct radvisory ra_struct;
9bccf70c 1593
91447636
A		 1594 if (fp->f_type != DTYPE_VNODE) {
1595 error = EBADF;
1596 goto out;
1597 }
55e303ae 1598 vp = (struct vnode *)fp->f_data;
91447636 1599 proc_fdunlock(p);
55e303ae 1600
0a7de745 1601 if ((error = copyin(argp, (caddr_t)&ra_struct, sizeof(ra_struct)))) {
91447636 1602 goto outdrop;
0a7de745
A		 1603 }
1604 if ((error = vnode_getwithref(vp)) == 0) {
1605 error = VNOP_IOCTL(vp, F_RDADVISE, (caddr_t)&ra_struct, 0, &context);
91447636
A		 1606
1607 (void)vnode_put(vp);
1608 }
1609 goto outdrop;
0a7de745 1610 }
55e303ae 1611
0a7de745 1612 case F_FLUSH_DATA:
6d2010ae 1613
0a7de745
A		 1614 if (fp->f_type != DTYPE_VNODE) {
1615 error = EBADF;
1616 goto out;
1617 }
1618 vp = (struct vnode *)fp->f_data;
1619 proc_fdunlock(p);
6d2010ae 1620
0a7de745
A		 1621 if ((error = vnode_getwithref(vp)) == 0) {
1622 error = VNOP_FSYNC(vp, MNT_NOWAIT, &context);
6d2010ae 1623
0a7de745
A		 1624 (void)vnode_put(vp);
1625 }
1626 goto outdrop;
6d2010ae 1627
6d2010ae
A		 1628 case F_LOG2PHYS:
1629 case F_LOG2PHYS_EXT: {
d9a64523 1630 struct log2phys l2p_struct = {}; /* structure for allocate command */
6d2010ae 1631 int devBlockSize;
9bccf70c 1632
6d2010ae
A		 1633 off_t file_offset = 0;
1634 size_t a_size = 0;
1635 size_t run = 0;
1636
1637 if (uap->cmd == F_LOG2PHYS_EXT) {
1638 error = copyin(argp, (caddr_t)&l2p_struct, sizeof(l2p_struct));
0a7de745 1639 if (error) {
6d2010ae 1640 goto out;
0a7de745 1641 }
6d2010ae
A		 1642 file_offset = l2p_struct.l2p_devoffset;
1643 } else {
1644 file_offset = fp->f_offset;
1645 }
91447636
A		 1646 if (fp->f_type != DTYPE_VNODE) {
1647 error = EBADF;
1648 goto out;
1649 }
1c79356b 1650 vp = (struct vnode *)fp->f_data;
91447636 1651 proc_fdunlock(p);
0a7de745 1652 if ((error = vnode_getwithref(vp))) {
91447636
A		 1653 goto outdrop;
1654 }
6d2010ae 1655 error = VNOP_OFFTOBLK(vp, file_offset, &lbn);
91447636
A		 1656 if (error) {
1657 (void)vnode_put(vp);
1658 goto outdrop;
1659 }
1660 error = VNOP_BLKTOOFF(vp, lbn, &offset);
1661 if (error) {
1662 (void)vnode_put(vp);
1663 goto outdrop;
1664 }
1665 devBlockSize = vfs_devblocksize(vnode_mount(vp));
6d2010ae 1666 if (uap->cmd == F_LOG2PHYS_EXT) {
3e170ce0
A		 1667 if (l2p_struct.l2p_contigbytes < 0) {
1668 vnode_put(vp);
1669 error = EINVAL;
39236c6e 1670 goto outdrop;
39236c6e 1671 }
3e170ce0
A		 1672
1673 a_size = MIN((uint64_t)l2p_struct.l2p_contigbytes, SIZE_MAX);
6d2010ae
A		 1674 } else {
1675 a_size = devBlockSize;
1676 }
39037602 1677
6d2010ae 1678 error = VNOP_BLOCKMAP(vp, offset, a_size, &bn, &run, NULL, 0, &context);
91447636
A		 1679
1680 (void)vnode_put(vp);
ccc36f2f 1681
1c79356b 1682 if (!error) {
0a7de745 1683 l2p_struct.l2p_flags = 0; /* for now */
6d2010ae
A		 1684 if (uap->cmd == F_LOG2PHYS_EXT) {
1685 l2p_struct.l2p_contigbytes = run - (file_offset - offset);
1686 } else {
0a7de745 1687 l2p_struct.l2p_contigbytes = 0; /* for now */
6d2010ae 1688 }
39236c6e
A		 1689
1690 /*
1691 * The block number being -1 suggests that the file offset is not backed
1692 * by any real blocks on-disk. As a result, just let it be passed back up wholesale.
1693 */
1694 if (bn == -1) {
1695 /* Don't multiply it by the block size */
1696 l2p_struct.l2p_devoffset = bn;
0a7de745 1697 } else {
39236c6e
A		 1698 l2p_struct.l2p_devoffset = bn * devBlockSize;
1699 l2p_struct.l2p_devoffset += file_offset - offset;
1700 }
2d21ac55 1701 error = copyout((caddr_t)&l2p_struct, argp, sizeof(l2p_struct));
91447636
A		 1702 }
1703 goto outdrop;
0a7de745 1704 }
cb323159
A		 1705 case F_GETPATH:
1706 case F_GETPATH_NOFIRMLINK: {
91447636
A		 1707 char *pathbufp;
1708 int pathlen;
55e303ae 1709
91447636
A		 1710 if (fp->f_type != DTYPE_VNODE) {
1711 error = EBADF;
1712 goto out;
1713 }
55e303ae 1714 vp = (struct vnode *)fp->f_data;
91447636 1715 proc_fdunlock(p);
55e303ae 1716
91447636
A		 1717 pathlen = MAXPATHLEN;
1718 MALLOC(pathbufp, char *, pathlen, M_TEMP, M_WAITOK);
1719 if (pathbufp == NULL) {
1720 error = ENOMEM;
1721 goto outdrop;
1722 }
0a7de745 1723 if ((error = vnode_getwithref(vp)) == 0) {
cb323159
A		 1724 if (uap->cmd == F_GETPATH_NOFIRMLINK) {
1725 error = vn_getpath_ext(vp, NULL, pathbufp, &pathlen, VN_GETPATH_NO_FIRMLINK);
1726 } else {
1727 error = vn_getpath(vp, pathbufp, &pathlen);
1728 }
0a7de745 1729 (void)vnode_put(vp);
4a249263 1730
0a7de745
A		 1731 if (error == 0) {
1732 error = copyout((caddr_t)pathbufp, argp, pathlen);
1733 }
91447636
A		 1734 }
1735 FREE(pathbufp, M_TEMP);
1736 goto outdrop;
55e303ae
A		 1737 }
1738
91447636
A		 1739 case F_PATHPKG_CHECK: {
1740 char *pathbufp;
1741 size_t pathlen;
1742
1743 if (fp->f_type != DTYPE_VNODE) {
0a7de745 1744 error = EBADF;
91447636
A		 1745 goto out;
1746 }
55e303ae 1747 vp = (struct vnode *)fp->f_data;
91447636 1748 proc_fdunlock(p);
55e303ae 1749
91447636
A		 1750 pathlen = MAXPATHLEN;
1751 pathbufp = kalloc(MAXPATHLEN);
1752
0a7de745
A		 1753 if ((error = copyinstr(argp, pathbufp, MAXPATHLEN, &pathlen)) == 0) {
1754 if ((error = vnode_getwithref(vp)) == 0) {
b0d623f7 1755 AUDIT_ARG(text, pathbufp);
0a7de745 1756 error = vn_path_package_check(vp, pathbufp, pathlen, retval);
91447636
A		 1757
1758 (void)vnode_put(vp);
1759 }
1760 }
1761 kfree(pathbufp, MAXPATHLEN);
1762 goto outdrop;
1763 }
1764
1765 case F_CHKCLEAN: // used by regression tests to see if all dirty pages got cleaned by fsync()
3e170ce0
A		 1766 case F_FULLFSYNC: // fsync + flush the journal + DKIOCSYNCHRONIZE
1767 case F_BARRIERFSYNC: // fsync + barrier
91447636
A		 1768 case F_FREEZE_FS: // freeze all other fs operations for the fs of this fd
1769 case F_THAW_FS: { // thaw all frozen fs operations for the fs of this fd
1770 if (fp->f_type != DTYPE_VNODE) {
1771 error = EBADF;
1772 goto out;
1773 }
1774 vp = (struct vnode *)fp->f_data;
1775 proc_fdunlock(p);
ccc36f2f 1776
0a7de745
A		 1777 if ((error = vnode_getwithref(vp)) == 0) {
1778 error = VNOP_IOCTL(vp, uap->cmd, (caddr_t)NULL, 0, &context);
91447636
A		 1779
1780 (void)vnode_put(vp);
1781 }
ccc36f2f 1782 break;
55e303ae 1783 }
2d21ac55
A		 1784
1785 /*
1786 * SPI (private) for opening a file starting from a dir fd
1787 */
1788 case F_OPENFROM: {
1789 struct user_fopenfrom fopen;
1790 struct vnode_attr va;
1791 struct nameidata nd;
1792 int cmode;
1793
1794 /* Check if this isn't a valid file descriptor */
1795 if ((fp->f_type != DTYPE_VNODE) ||
1796 (fp->f_flag & FREAD) == 0) {
1797 error = EBADF;
91447636
A		 1798 goto out;
1799 }
2d21ac55
A		 1800 vp = (struct vnode *)fp->f_data;
1801 proc_fdunlock(p);
91447636 1802
2d21ac55
A		 1803 if (vnode_getwithref(vp)) {
1804 error = ENOENT;
1805 goto outdrop;
1806 }
39037602 1807
2d21ac55
A		 1808 /* Only valid for directories */
1809 if (vp->v_type != VDIR) {
1810 vnode_put(vp);
1811 error = ENOTDIR;
1812 goto outdrop;
1813 }
91447636 1814
2d21ac55
A		 1815 /* Get flags, mode and pathname arguments. */
1816 if (IS_64BIT_PROCESS(p)) {
1817 error = copyin(argp, &fopen, sizeof(fopen));
1818 } else {
b0d623f7 1819 struct user32_fopenfrom fopen32;
2d21ac55
A		 1820
1821 error = copyin(argp, &fopen32, sizeof(fopen32));
1822 fopen.o_flags = fopen32.o_flags;
1823 fopen.o_mode = fopen32.o_mode;
1824 fopen.o_pathname = CAST_USER_ADDR_T(fopen32.o_pathname);
1825 }
1826 if (error) {
1827 vnode_put(vp);
1828 goto outdrop;
1829 }
b0d623f7
A		 1830 AUDIT_ARG(fflags, fopen.o_flags);
1831 AUDIT_ARG(mode, fopen.o_mode);
2d21ac55
A		 1832 VATTR_INIT(&va);
1833 /* Mask off all but regular access permissions */
0a7de745 1834 cmode = ((fopen.o_mode & ~fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
2d21ac55
A		 1835 VATTR_SET(&va, va_mode, cmode & ACCESSPERMS);
1836
1837 /* Start the lookup relative to the file descriptor's vnode. */
6d2010ae 1838 NDINIT(&nd, LOOKUP, OP_OPEN, USEDVP | FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
0a7de745 1839 fopen.o_pathname, &context);
2d21ac55
A		 1840 nd.ni_dvp = vp;
1841
39236c6e 1842 error = open1(&context, &nd, fopen.o_flags, &va,
0a7de745 1843 fileproc_alloc_init, NULL, retval);
2d21ac55
A		 1844
1845 vnode_put(vp);
1846 break;
1847 }
1848 /*
1849 * SPI (private) for unlinking a file starting from a dir fd
1850 */
1851 case F_UNLINKFROM: {
2d21ac55
A		 1852 user_addr_t pathname;
1853
1854 /* Check if this isn't a valid file descriptor */
1855 if ((fp->f_type != DTYPE_VNODE) ||
1856 (fp->f_flag & FREAD) == 0) {
91447636
A		 1857 error = EBADF;
1858 goto out;
1859 }
1860 vp = (struct vnode *)fp->f_data;
1861 proc_fdunlock(p);
1862
2d21ac55
A		 1863 if (vnode_getwithref(vp)) {
1864 error = ENOENT;
1865 goto outdrop;
1866 }
39037602 1867
2d21ac55
A		 1868 /* Only valid for directories */
1869 if (vp->v_type != VDIR) {
1870 vnode_put(vp);
1871 error = ENOTDIR;
1872 goto outdrop;
1873 }
91447636 1874
2d21ac55
A		 1875 /* Get flags, mode and pathname arguments. */
1876 if (IS_64BIT_PROCESS(p)) {
1877 pathname = (user_addr_t)argp;
1878 } else {
1879 pathname = CAST_USER_ADDR_T(argp);
91447636 1880 }
ccc36f2f 1881
2d21ac55 1882 /* Start the lookup relative to the file descriptor's vnode. */
c18c124e 1883 error = unlink1(&context, vp, pathname, UIO_USERSPACE, 0);
39037602 1884
2d21ac55
A		 1885 vnode_put(vp);
1886 break;
1c79356b 1887 }
2d21ac55 1888
b0d623f7
A		 1889 case F_ADDSIGS:
1890 case F_ADDFILESIGS:
c18c124e 1891 case F_ADDFILESIGS_FOR_DYLD_SIM:
3e170ce0 1892 case F_ADDFILESIGS_RETURN:
b0d623f7 1893 {
3e170ce0 1894 struct cs_blob *blob = NULL;
2d21ac55
A		 1895 struct user_fsignatures fs;
1896 kern_return_t kr;
b0d623f7 1897 vm_offset_t kernel_blob_addr;
2d21ac55 1898 vm_size_t kernel_blob_size;
c18c124e 1899 int blob_add_flags = 0;
2d21ac55
A		 1900
1901 if (fp->f_type != DTYPE_VNODE) {
1902 error = EBADF;
1903 goto out;
1904 }
1905 vp = (struct vnode *)fp->f_data;
1906 proc_fdunlock(p);
c18c124e
A		 1907
1908 if (uap->cmd == F_ADDFILESIGS_FOR_DYLD_SIM) {
1909 blob_add_flags |= MAC_VNODE_CHECK_DYLD_SIM;
1910 if ((p->p_csflags & CS_KILL) == 0) {
1911 proc_lock(p);
1912 p->p_csflags |= CS_KILL;
1913 proc_unlock(p);
1914 }
1915 }
1916
2d21ac55 1917 error = vnode_getwithref(vp);
0a7de745 1918 if (error) {
2d21ac55 1919 goto outdrop;
0a7de745 1920 }
2d21ac55
A		 1921
1922 if (IS_64BIT_PROCESS(p)) {
0a7de745 1923 error = copyin(argp, &fs, sizeof(fs));
2d21ac55 1924 } else {
b0d623f7 1925 struct user32_fsignatures fs32;
2d21ac55 1926
0a7de745 1927 error = copyin(argp, &fs32, sizeof(fs32));
2d21ac55
A		 1928 fs.fs_file_start = fs32.fs_file_start;
1929 fs.fs_blob_start = CAST_USER_ADDR_T(fs32.fs_blob_start);
1930 fs.fs_blob_size = fs32.fs_blob_size;
1931 }
1932
1933 if (error) {
1934 vnode_put(vp);
1935 goto outdrop;
1936 }
1937
3e170ce0
A		 1938 /*
1939 * First check if we have something loaded a this offset
1940 */
1941 blob = ubc_cs_blob_get(vp, CPU_TYPE_ANY, fs.fs_file_start);
0a7de745 1942 if (blob != NULL) {
c18c124e
A		 1943 /* If this is for dyld_sim revalidate the blob */
1944 if (uap->cmd == F_ADDFILESIGS_FOR_DYLD_SIM) {
39037602
A		 1945 error = ubc_cs_blob_revalidate(vp, blob, NULL, blob_add_flags);
1946 if (error) {
d9a64523
A		 1947 blob = NULL;
1948 if (error != EAGAIN) {
1949 vnode_put(vp);
1950 goto outdrop;
1951 }
39037602 1952 }
c18c124e 1953 }
d9a64523 1954 }
2d21ac55 1955
d9a64523 1956 if (blob == NULL) {
3e170ce0
A		 1957 /*
1958 * An arbitrary limit, to prevent someone from mapping in a 20GB blob. This should cover
1959 * our use cases for the immediate future, but note that at the time of this commit, some
1960 * platforms are nearing 2MB blob sizes (with a prior soft limit of 2.5MB).
1961 *
1962 * We should consider how we can manage this more effectively; the above means that some
1963 * platforms are using megabytes of memory for signing data; it merely hasn't crossed the
1964 * threshold considered ridiculous at the time of this change.
1965 */
1966#define CS_MAX_BLOB_SIZE (40ULL * 1024ULL * 1024ULL)
1967 if (fs.fs_blob_size > CS_MAX_BLOB_SIZE) {
1968 error = E2BIG;
1969 vnode_put(vp);
1970 goto outdrop;
1971 }
2d21ac55 1972
3e170ce0
A		 1973 kernel_blob_size = CAST_DOWN(vm_size_t, fs.fs_blob_size);
1974 kr = ubc_cs_blob_allocate(&kernel_blob_addr, &kernel_blob_size);
ea3f0419 1975 if (kr != KERN_SUCCESS || kernel_blob_size < fs.fs_blob_size) {
3e170ce0
A		 1976 error = ENOMEM;
1977 vnode_put(vp);
1978 goto outdrop;
c18c124e 1979 }
2d21ac55 1980
0a7de745 1981 if (uap->cmd == F_ADDSIGS) {
3e170ce0 1982 error = copyin(fs.fs_blob_start,
0a7de745 1983 (void *) kernel_blob_addr,
ea3f0419 1984 fs.fs_blob_size);
0a7de745 1985 } else { /* F_ADDFILESIGS || F_ADDFILESIGS_RETURN || F_ADDFILESIGS_FOR_DYLD_SIM */
3e170ce0
A		 1986 int resid;
1987
1988 error = vn_rdwr(UIO_READ,
0a7de745
A		 1989 vp,
1990 (caddr_t) kernel_blob_addr,
1991 kernel_blob_size,
1992 fs.fs_file_start + fs.fs_blob_start,
1993 UIO_SYSSPACE,
1994 0,
1995 kauth_cred_get(),
1996 &resid,
1997 p);
3e170ce0
A		 1998 if ((error == 0) && resid) {
1999 /* kernel_blob_size rounded to a page size, but signature may be at end of file */
2000 memset((void *)(kernel_blob_addr + (kernel_blob_size - resid)), 0x0, resid);
2001 }
2002 }
39037602 2003
3e170ce0
A		 2004 if (error) {
2005 ubc_cs_blob_deallocate(kernel_blob_addr,
0a7de745 2006 kernel_blob_size);
3e170ce0
A		 2007 vnode_put(vp);
2008 goto outdrop;
2009 }
2010
2011 blob = NULL;
2012 error = ubc_cs_blob_add(vp,
0a7de745
A		 2013 CPU_TYPE_ANY, /* not for a specific architecture */
2014 fs.fs_file_start,
2015 &kernel_blob_addr,
2016 kernel_blob_size,
2017 NULL,
2018 blob_add_flags,
2019 &blob);
39037602
A		 2020
2021 /* ubc_blob_add() has consumed "kernel_blob_addr" if it is zeroed */
3e170ce0 2022 if (error) {
39037602
A		 2023 if (kernel_blob_addr) {
2024 ubc_cs_blob_deallocate(kernel_blob_addr,
0a7de745 2025 kernel_blob_size);
39037602
A		 2026 }
2027 vnode_put(vp);
2028 goto outdrop;
3e170ce0 2029 } else {
6d2010ae 2030#if CHECK_CS_VALIDATION_BITMAP
3e170ce0 2031 ubc_cs_validation_bitmap_allocate( vp );
6d2010ae 2032#endif
3e170ce0
A		 2033 }
2034 }
2035
2036 if (uap->cmd == F_ADDFILESIGS_RETURN || uap->cmd == F_ADDFILESIGS_FOR_DYLD_SIM) {
2037 /*
2038 * The first element of the structure is a
2039 * off_t that happen to have the same size for
2040 * all archs. Lets overwrite that.
2041 */
2042 off_t end_offset = 0;
0a7de745 2043 if (blob) {
3e170ce0 2044 end_offset = blob->csb_end_offset;
0a7de745
A		 2045 }
2046 error = copyout(&end_offset, argp, sizeof(end_offset));
2d21ac55
A		 2047 }
2048
2049 (void) vnode_put(vp);
2050 break;
2051 }
39037602 2052 case F_GETCODEDIR:
39236c6e 2053 case F_FINDSIGS: {
39236c6e 2054 error = ENOTSUP;
3e170ce0 2055 goto out;
6d2010ae 2056 }
39037602
A		 2057 case F_CHECK_LV: {
2058 struct fileglob *fg;
0a7de745 2059 fchecklv_t lv = {};
39037602
A		 2060
2061 if (fp->f_type != DTYPE_VNODE) {
2062 error = EBADF;
2063 goto out;
2064 }
2065 fg = fp->f_fglob;
2066 proc_fdunlock(p);
2067
2068 if (IS_64BIT_PROCESS(p)) {
0a7de745 2069 error = copyin(argp, &lv, sizeof(lv));
39037602 2070 } else {
0a7de745 2071 struct user32_fchecklv lv32 = {};
39037602 2072
0a7de745 2073 error = copyin(argp, &lv32, sizeof(lv32));
39037602 2074 lv.lv_file_start = lv32.lv_file_start;
5ba3f43e 2075 lv.lv_error_message = (void *)(uintptr_t)lv32.lv_error_message;
0a7de745 2076 lv.lv_error_message_size = lv32.lv_error_message_size;
39037602 2077 }
0a7de745 2078 if (error) {
39037602 2079 goto outdrop;
0a7de745 2080 }
39037602
A		 2081
2082#if CONFIG_MACF
2083 error = mac_file_check_library_validation(p, fg, lv.lv_file_start,
5ba3f43e 2084 (user_long_t)lv.lv_error_message, lv.lv_error_message_size);
39037602
A		 2085#endif
2086
2087 break;
2088 }
316670eb 2089#if CONFIG_PROTECT
6d2010ae 2090 case F_GETPROTECTIONCLASS: {
6d2010ae
A		 2091 if (fp->f_type != DTYPE_VNODE) {
2092 error = EBADF;
2093 goto out;
2094 }
2095 vp = (struct vnode *)fp->f_data;
2096
2097 proc_fdunlock(p);
2098
2099 if (vnode_getwithref(vp)) {
2100 error = ENOENT;
2101 goto outdrop;
2102 }
39037602
A		 2103
2104 struct vnode_attr va;
2105
2106 VATTR_INIT(&va);
2107 VATTR_WANTED(&va, va_dataprotect_class);
2108 error = VNOP_GETATTR(vp, &va, &context);
2109 if (!error) {
0a7de745 2110 if (VATTR_IS_SUPPORTED(&va, va_dataprotect_class)) {
39037602 2111 *retval = va.va_dataprotect_class;
0a7de745 2112 } else {
39037602 2113 error = ENOTSUP;
0a7de745 2114 }
6d2010ae 2115 }
2d21ac55
A		 2116
2117 vnode_put(vp);
6d2010ae
A		 2118 break;
2119 }
39037602 2120
6d2010ae
A		 2121 case F_SETPROTECTIONCLASS: {
2122 /* tmp must be a valid PROTECTION_CLASS_* */
2123 tmp = CAST_DOWN_EXPLICIT(uint32_t, uap->arg);
39037602 2124
6d2010ae
A		 2125 if (fp->f_type != DTYPE_VNODE) {
2126 error = EBADF;
2127 goto out;
2128 }
2129 vp = (struct vnode *)fp->f_data;
2130
2131 proc_fdunlock(p);
39037602 2132
6d2010ae
A		 2133 if (vnode_getwithref(vp)) {
2134 error = ENOENT;
2135 goto outdrop;
39037602
A		 2136 }
2137
6d2010ae
A		 2138 /* Only go forward if you have write access */
2139 vfs_context_t ctx = vfs_context_current();
0a7de745 2140 if (vnode_authorize(vp, NULLVP, (KAUTH_VNODE_ACCESS | KAUTH_VNODE_WRITE_DATA), ctx) != 0) {
6d2010ae
A		 2141 vnode_put(vp);
2142 error = EBADF;
2143 goto outdrop;
2144 }
39037602
A		 2145
2146 struct vnode_attr va;
2147
2148 VATTR_INIT(&va);
2149 VATTR_SET(&va, va_dataprotect_class, tmp);
2150
2151 error = VNOP_SETATTR(vp, &va, ctx);
2152
6d2010ae
A		 2153 vnode_put(vp);
2154 break;
39037602 2155 }
316670eb
A		 2156
2157 case F_TRANSCODEKEY: {
316670eb
A		 2158 if (fp->f_type != DTYPE_VNODE) {
2159 error = EBADF;
2160 goto out;
2161 }
39037602 2162
316670eb
A		 2163 vp = (struct vnode *)fp->f_data;
2164 proc_fdunlock(p);
2165
2166 if (vnode_getwithref(vp)) {
2167 error = ENOENT;
2168 goto outdrop;
fe8ab488
A		 2169 }
2170
39037602
A		 2171 cp_key_t k = {
2172 .len = CP_MAX_WRAPPEDKEYSIZE,
2173 };
2174
d9a64523 2175 MALLOC(k.key, char *, k.len, M_TEMP, M_WAITOK | M_ZERO);
39037602
A		 2176
2177 error = VNOP_IOCTL(vp, F_TRANSCODEKEY, (caddr_t)&k, 1, &context);
2178
316670eb 2179 vnode_put(vp);
fe8ab488
A		 2180
2181 if (error == 0) {
39037602
A		 2182 error = copyout(k.key, argp, k.len);
2183 *retval = k.len;
fe8ab488
A		 2184 }
2185
39037602 2186 FREE(k.key, M_TEMP);
fe8ab488 2187
316670eb 2188 break;
39037602 2189 }
316670eb
A		 2190
2191 case F_GETPROTECTIONLEVEL: {
316670eb 2192 if (fp->f_type != DTYPE_VNODE) {
39037602 2193 error = EBADF;
316670eb
A		 2194 goto out;
2195 }
2196
2197 vp = (struct vnode*) fp->f_data;
0a7de745 2198 proc_fdunlock(p);
316670eb
A		 2199
2200 if (vnode_getwithref(vp)) {
2201 error = ENOENT;
2202 goto outdrop;
2203 }
2204
39037602 2205 error = VNOP_IOCTL(vp, F_GETPROTECTIONLEVEL, (caddr_t)retval, 0, &context);
316670eb 2206
0a7de745 2207 vnode_put(vp);
316670eb
A		 2208 break;
2209 }
39236c6e
A		 2210
2211 case F_GETDEFAULTPROTLEVEL: {
39236c6e 2212 if (fp->f_type != DTYPE_VNODE) {
39037602 2213 error = EBADF;
39236c6e
A		 2214 goto out;
2215 }
2216
2217 vp = (struct vnode*) fp->f_data;
0a7de745 2218 proc_fdunlock(p);
39236c6e
A		 2219
2220 if (vnode_getwithref(vp)) {
2221 error = ENOENT;
2222 goto outdrop;
2223 }
2224
2225 /*
39037602 2226 * if cp_get_major_vers fails, error will be set to proper errno
39236c6e
A		 2227 * and cp_version will still be 0.
2228 */
2229
39037602 2230 error = VNOP_IOCTL(vp, F_GETDEFAULTPROTLEVEL, (caddr_t)retval, 0, &context);
39236c6e 2231
0a7de745 2232 vnode_put(vp);
39236c6e
A		 2233 break;
2234 }
2235
6d2010ae 2236#endif /* CONFIG_PROTECT */
316670eb 2237
6d2010ae
A		 2238 case F_MOVEDATAEXTENTS: {
2239 struct fileproc *fp2 = NULL;
2240 struct vnode *src_vp = NULLVP;
2241 struct vnode *dst_vp = NULLVP;
2242 /* We need to grab the 2nd FD out of the argments before moving on. */
2243 int fd2 = CAST_DOWN_EXPLICIT(int32_t, uap->arg);
c7d2c2c6
A		 2244
2245 error = priv_check_cred(kauth_cred_get(), PRIV_VFS_MOVE_DATA_EXTENTS, 0);
0a7de745 2246 if (error) {
c7d2c2c6 2247 goto out;
0a7de745 2248 }
c7d2c2c6 2249
6d2010ae
A		 2250 if (fp->f_type != DTYPE_VNODE) {
2251 error = EBADF;
2252 goto out;
2253 }
6d2010ae 2254
cb323159
A		 2255 /*
2256 * For now, special case HFS+ and APFS only, since this
2257 * is SPI.
2258 */
316670eb 2259 src_vp = (struct vnode *)fp->f_data;
cb323159 2260 if (src_vp->v_tag != VT_HFS && src_vp->v_tag != VT_APFS) {
d9a64523 2261 error = ENOTSUP;
6d2010ae
A		 2262 goto out;
2263 }
2264
316670eb 2265 /*
39037602 2266 * Get the references before we start acquiring iocounts on the vnodes,
316670eb
A		 2267 * while we still hold the proc fd lock
2268 */
0a7de745 2269 if ((error = fp_lookup(p, fd2, &fp2, 1))) {
6d2010ae
A		 2270 error = EBADF;
2271 goto out;
2272 }
2273 if (fp2->f_type != DTYPE_VNODE) {
2274 fp_drop(p, fd2, fp2, 1);
2275 error = EBADF;
2276 goto out;
2277 }
2278 dst_vp = (struct vnode *)fp2->f_data;
cb323159 2279 if (dst_vp->v_tag != VT_HFS && dst_vp->v_tag != VT_APFS) {
6d2010ae 2280 fp_drop(p, fd2, fp2, 1);
d9a64523 2281 error = ENOTSUP;
6d2010ae
A		 2282 goto out;
2283 }
2284
2285#if CONFIG_MACF
2286 /* Re-do MAC checks against the new FD, pass in a fake argument */
2287 error = mac_file_check_fcntl(proc_ucred(p), fp2->f_fglob, uap->cmd, 0);
2288 if (error) {
2289 fp_drop(p, fd2, fp2, 1);
2290 goto out;
2291 }
2292#endif
2293 /* Audit the 2nd FD */
2294 AUDIT_ARG(fd, fd2);
2295
2296 proc_fdunlock(p);
2297
6d2010ae
A		 2298 if (vnode_getwithref(src_vp)) {
2299 fp_drop(p, fd2, fp2, 0);
2300 error = ENOENT;
2301 goto outdrop;
39037602 2302 }
6d2010ae 2303 if (vnode_getwithref(dst_vp)) {
0a7de745 2304 vnode_put(src_vp);
6d2010ae
A		 2305 fp_drop(p, fd2, fp2, 0);
2306 error = ENOENT;
2307 goto outdrop;
39037602
A		 2308 }
2309
2310 /*
6d2010ae
A		 2311 * Basic asserts; validate they are not the same and that
2312 * both live on the same filesystem.
2313 */
6d2010ae 2314 if (dst_vp == src_vp) {
0a7de745
A		 2315 vnode_put(src_vp);
2316 vnode_put(dst_vp);
2317 fp_drop(p, fd2, fp2, 0);
6d2010ae
A		 2318 error = EINVAL;
2319 goto outdrop;
39037602 2320 }
316670eb 2321
6d2010ae 2322 if (dst_vp->v_mount != src_vp->v_mount) {
0a7de745
A		 2323 vnode_put(src_vp);
2324 vnode_put(dst_vp);
2325 fp_drop(p, fd2, fp2, 0);
6d2010ae
A		 2326 error = EXDEV;
2327 goto outdrop;
2328 }
2329
316670eb
A		 2330 /* Now we have a legit pair of FDs. Go to work */
2331
6d2010ae 2332 /* Now check for write access to the target files */
0a7de745
A		 2333 if (vnode_authorize(src_vp, NULLVP,
2334 (KAUTH_VNODE_ACCESS | KAUTH_VNODE_WRITE_DATA), &context) != 0) {
6d2010ae
A		 2335 vnode_put(src_vp);
2336 vnode_put(dst_vp);
2337 fp_drop(p, fd2, fp2, 0);
2338 error = EBADF;
2339 goto outdrop;
2340 }
39037602 2341
0a7de745
A		 2342 if (vnode_authorize(dst_vp, NULLVP,
2343 (KAUTH_VNODE_ACCESS | KAUTH_VNODE_WRITE_DATA), &context) != 0) {
6d2010ae
A		 2344 vnode_put(src_vp);
2345 vnode_put(dst_vp);
2346 fp_drop(p, fd2, fp2, 0);
2347 error = EBADF;
2348 goto outdrop;
2349 }
39037602 2350
6d2010ae 2351 /* Verify that both vps point to files and not directories */
0a7de745 2352 if (!vnode_isreg(src_vp) || !vnode_isreg(dst_vp)) {
6d2010ae 2353 error = EINVAL;
0a7de745
A		 2354 vnode_put(src_vp);
2355 vnode_put(dst_vp);
2356 fp_drop(p, fd2, fp2, 0);
6d2010ae
A		 2357 goto outdrop;
2358 }
2359
39037602 2360 /*
6d2010ae
A		 2361 * The exchangedata syscall handler passes in 0 for the flags to VNOP_EXCHANGE.
2362 * We'll pass in our special bit indicating that the new behavior is expected
2363 */
39037602 2364
6d2010ae 2365 error = VNOP_EXCHANGE(src_vp, dst_vp, FSOPT_EXCHANGE_DATA_ONLY, &context);
39037602 2366
0a7de745
A		 2367 vnode_put(src_vp);
2368 vnode_put(dst_vp);
6d2010ae 2369 fp_drop(p, fd2, fp2, 0);
2d21ac55
A		 2370 break;
2371 }
39037602
A		 2372
2373 /*
39236c6e
A		 2374 * SPI for making a file compressed.
2375 */
2376 case F_MAKECOMPRESSED: {
2377 uint32_t gcounter = CAST_DOWN_EXPLICIT(uint32_t, uap->arg);
2378
2379 if (fp->f_type != DTYPE_VNODE) {
39037602 2380 error = EBADF;
39236c6e
A		 2381 goto out;
2382 }
2383
2384 vp = (struct vnode*) fp->f_data;
0a7de745 2385 proc_fdunlock(p);
39236c6e
A		 2386
2387 /* get the vnode */
2388 if (vnode_getwithref(vp)) {
2389 error = ENOENT;
2390 goto outdrop;
2391 }
2392
2393 /* Is it a file? */
2394 if ((vnode_isreg(vp) == 0) && (vnode_islnk(vp) == 0)) {
2395 vnode_put(vp);
2396 error = EBADF;
2397 goto outdrop;
2398 }
2399
2400 /* invoke ioctl to pass off to FS */
39037602 2401 /* Only go forward if you have write access */
39236c6e 2402 vfs_context_t ctx = vfs_context_current();
0a7de745 2403 if (vnode_authorize(vp, NULLVP, (KAUTH_VNODE_ACCESS | KAUTH_VNODE_WRITE_DATA), ctx) != 0) {
39236c6e
A		 2404 vnode_put(vp);
2405 error = EBADF;
2406 goto outdrop;
2407 }
2408
2409 error = VNOP_IOCTL(vp, uap->cmd, (caddr_t)&gcounter, 0, &context);
2410
0a7de745 2411 vnode_put(vp);
39037602 2412 break;
39236c6e 2413 }
39037602 2414
39236c6e
A		 2415 /*
2416 * SPI (private) for indicating to a filesystem that subsequent writes to
2417 * the open FD will written to the Fastflow.
2418 */
2419 case F_SET_GREEDY_MODE:
0a7de745
A		 2420 /* intentionally drop through to the same handler as F_SETSTATIC.
2421 * both fcntls should pass the argument and their selector into VNOP_IOCTL.
2422 */
39236c6e 2423
316670eb
A		 2424 /*
2425 * SPI (private) for indicating to a filesystem that subsequent writes to
2426 * the open FD will represent static content.
2427 */
2428 case F_SETSTATICCONTENT: {
2429 caddr_t ioctl_arg = NULL;
2d21ac55 2430
316670eb
A		 2431 if (uap->arg) {
2432 ioctl_arg = (caddr_t) 1;
2433 }
2434
2435 if (fp->f_type != DTYPE_VNODE) {
2436 error = EBADF;
2437 goto out;
2438 }
2439 vp = (struct vnode *)fp->f_data;
2440 proc_fdunlock(p);
2441
2442 error = vnode_getwithref(vp);
2443 if (error) {
2444 error = ENOENT;
2445 goto outdrop;
2446 }
2447
2448 /* Only go forward if you have write access */
2449 vfs_context_t ctx = vfs_context_current();
0a7de745 2450 if (vnode_authorize(vp, NULLVP, (KAUTH_VNODE_ACCESS | KAUTH_VNODE_WRITE_DATA), ctx) != 0) {
316670eb
A		 2451 vnode_put(vp);
2452 error = EBADF;
2453 goto outdrop;
2454 }
2455
2456 error = VNOP_IOCTL(vp, uap->cmd, ioctl_arg, 0, &context);
2457 (void)vnode_put(vp);
39037602 2458
fe8ab488
A		 2459 break;
2460 }
2461
2462 /*
2463 * SPI (private) for indicating to the lower level storage driver that the
2464 * subsequent writes should be of a particular IO type (burst, greedy, static),
2465 * or other flavors that may be necessary.
2466 */
2467 case F_SETIOTYPE: {
39037602 2468 caddr_t param_ptr;
fe8ab488
A		 2469 uint32_t param;
2470
2471 if (uap->arg) {
2472 /* extract 32 bits of flags from userland */
2473 param_ptr = (caddr_t) uap->arg;
2474 param = (uint32_t) param_ptr;
0a7de745 2475 } else {
fe8ab488
A		 2476 /* If no argument is specified, error out */
2477 error = EINVAL;
2478 goto out;
2479 }
39037602
A		 2480
2481 /*
2482 * Validate the different types of flags that can be specified:
fe8ab488
A		 2483 * all of them are mutually exclusive for now.
2484 */
2485 switch (param) {
0a7de745
A		 2486 case F_IOTYPE_ISOCHRONOUS:
2487 break;
fe8ab488 2488
0a7de745
A		 2489 default:
2490 error = EINVAL;
2491 goto out;
fe8ab488
A		 2492 }
2493
2494
2495 if (fp->f_type != DTYPE_VNODE) {
2496 error = EBADF;
2497 goto out;
2498 }
2499 vp = (struct vnode *)fp->f_data;
2500 proc_fdunlock(p);
2501
2502 error = vnode_getwithref(vp);
2503 if (error) {
2504 error = ENOENT;
2505 goto outdrop;
2506 }
2507
2508 /* Only go forward if you have write access */
2509 vfs_context_t ctx = vfs_context_current();
0a7de745 2510 if (vnode_authorize(vp, NULLVP, (KAUTH_VNODE_ACCESS | KAUTH_VNODE_WRITE_DATA), ctx) != 0) {
fe8ab488
A		 2511 vnode_put(vp);
2512 error = EBADF;
2513 goto outdrop;
2514 }
2515
2516 error = VNOP_IOCTL(vp, uap->cmd, param_ptr, 0, &context);
2517 (void)vnode_put(vp);
2518
2519 break;
2520 }
2521
fe8ab488 2522 /*
6d2010ae
A		 2523 * Set the vnode pointed to by 'fd'
2524 * and tag it as the (potentially future) backing store
2525 * for another filesystem
2526 */
2527 case F_SETBACKINGSTORE: {
2528 if (fp->f_type != DTYPE_VNODE) {
2529 error = EBADF;
2530 goto out;
2531 }
39037602 2532
316670eb
A		 2533 vp = (struct vnode *)fp->f_data;
2534
6d2010ae
A		 2535 if (vp->v_tag != VT_HFS) {
2536 error = EINVAL;
2537 goto out;
6d2010ae
A		 2538 }
2539 proc_fdunlock(p);
2540
2541 if (vnode_getwithref(vp)) {
2542 error = ENOENT;
2543 goto outdrop;
2544 }
39037602 2545
6d2010ae
A		 2546 /* only proceed if you have write access */
2547 vfs_context_t ctx = vfs_context_current();
0a7de745 2548 if (vnode_authorize(vp, NULLVP, (KAUTH_VNODE_ACCESS | KAUTH_VNODE_WRITE_DATA), ctx) != 0) {
6d2010ae
A		 2549 vnode_put(vp);
2550 error = EBADF;
2551 goto outdrop;
2552 }
2553
39037602 2554
6d2010ae
A		 2555 /* If arg != 0, set, otherwise unset */
2556 if (uap->arg) {
0a7de745
A		 2557 error = VNOP_IOCTL(vp, uap->cmd, (caddr_t)1, 0, &context);
2558 } else {
2559 error = VNOP_IOCTL(vp, uap->cmd, (caddr_t)NULL, 0, &context);
6d2010ae 2560 }
39037602 2561
6d2010ae
A		 2562 vnode_put(vp);
2563 break;
d1ecb069
A		 2564 }
2565
39037602 2566 /*
6d2010ae
A		 2567 * like F_GETPATH, but special semantics for
2568 * the mobile time machine handler.
2569 */
2570 case F_GETPATH_MTMINFO: {
2571 char *pathbufp;
2572 int pathlen;
2573
2574 if (fp->f_type != DTYPE_VNODE) {
2575 error = EBADF;
2576 goto out;
2577 }
2578 vp = (struct vnode *)fp->f_data;
2579 proc_fdunlock(p);
2580
2581 pathlen = MAXPATHLEN;
2582 MALLOC(pathbufp, char *, pathlen, M_TEMP, M_WAITOK);
2583 if (pathbufp == NULL) {
2584 error = ENOMEM;
2585 goto outdrop;
2586 }
0a7de745 2587 if ((error = vnode_getwithref(vp)) == 0) {
6d2010ae 2588 int backingstore = 0;
39037602 2589
6d2010ae
A		 2590 /* Check for error from vn_getpath before moving on */
2591 if ((error = vn_getpath(vp, pathbufp, &pathlen)) == 0) {
2592 if (vp->v_tag == VT_HFS) {
0a7de745 2593 error = VNOP_IOCTL(vp, uap->cmd, (caddr_t) &backingstore, 0, &context);
6d2010ae
A		 2594 }
2595 (void)vnode_put(vp);
2596
2597 if (error == 0) {
2598 error = copyout((caddr_t)pathbufp, argp, pathlen);
2599 }
2600 if (error == 0) {
39037602 2601 /*
6d2010ae
A		 2602 * If the copyout was successful, now check to ensure
2603 * that this vnode is not a BACKINGSTORE vnode. mtmd
2604 * wants the path regardless.
2605 */
2606 if (backingstore) {
2607 error = EBUSY;
2608 }
2609 }
0a7de745 2610 } else {
6d2010ae 2611 (void)vnode_put(vp);
0a7de745 2612 }
6d2010ae
A		 2613 }
2614 FREE(pathbufp, M_TEMP);
2615 goto outdrop;
d1ecb069
A		 2616 }
2617
3e170ce0
A		 2618#if DEBUG || DEVELOPMENT
2619 case F_RECYCLE:
2620 if (fp->f_type != DTYPE_VNODE) {
2621 error = EBADF;
2622 goto out;
2623 }
2624 vp = (struct vnode *)fp->f_data;
2625 proc_fdunlock(p);
2626
2627 vnode_recycle(vp);
2628 break;
2629#endif
2630
2d21ac55 2631 default:
e2fac8b1
A		 2632 /*
2633 * This is an fcntl() that we d not recognize at this level;
2634 * if this is a vnode, we send it down into the VNOP_IOCTL
2635 * for this vnode; this can include special devices, and will
2636 * effectively overload fcntl() to send ioctl()'s.
2637 */
0a7de745
A		 2638 if ((uap->cmd & IOC_VOID) && (uap->cmd & IOC_INOUT)) {
2639 error = EINVAL;
2d21ac55
A		 2640 goto out;
2641 }
39037602 2642
39236c6e
A		 2643 /* Catch any now-invalid fcntl() selectors */
2644 switch (uap->cmd) {
0a7de745
A		 2645 case (int)APFSIOC_REVERT_TO_SNAPSHOT:
2646 case (int)FSIOC_FIOSEEKHOLE:
2647 case (int)FSIOC_FIOSEEKDATA:
cb323159 2648 case (int)FSIOC_CAS_BSDFLAGS:
0a7de745
A		 2649 case HFS_GET_BOOT_INFO:
2650 case HFS_SET_BOOT_INFO:
2651 case FIOPINSWAP:
2652 case F_MARKDEPENDENCY:
cb323159 2653 case TIOCREVOKE:
0a7de745
A		 2654 error = EINVAL;
2655 goto out;
2656 default:
2657 break;
39236c6e
A		 2658 }
2659
2d21ac55
A		 2660 if (fp->f_type != DTYPE_VNODE) {
2661 error = EBADF;
2662 goto out;
2663 }
2664 vp = (struct vnode *)fp->f_data;
2665 proc_fdunlock(p);
2666
0a7de745 2667 if ((error = vnode_getwithref(vp)) == 0) {
e2fac8b1 2668#define STK_PARAMS 128
00867663 2669 char stkbuf[STK_PARAMS] = {0};
e2fac8b1
A		 2670 unsigned int size;
2671 caddr_t data, memp;
e2fac8b1
A		 2672 /*
2673 * For this to work properly, we have to copy in the
2674 * ioctl() cmd argument if there is one; we must also
2675 * check that a command parameter, if present, does
2676 * not exceed the maximum command length dictated by
2677 * the number of bits we have available in the command
2678 * to represent a structure length. Finally, we have
2679 * to copy the results back out, if it is that type of
2680 * ioctl().
2681 */
2682 size = IOCPARM_LEN(uap->cmd);
2683 if (size > IOCPARM_MAX) {
2684 (void)vnode_put(vp);
2685 error = EINVAL;
2686 break;
2687 }
2688
e2fac8b1 2689 memp = NULL;
0a7de745 2690 if (size > sizeof(stkbuf)) {
e2fac8b1
A		 2691 if ((memp = (caddr_t)kalloc(size)) == 0) {
2692 (void)vnode_put(vp);
2693 error = ENOMEM;
b0d623f7 2694 goto outdrop;
e2fac8b1
A		 2695 }
2696 data = memp;
2697 } else {
2698 data = &stkbuf[0];
2699 }
39037602 2700
b0d623f7 2701 if (uap->cmd & IOC_IN) {
e2fac8b1
A		 2702 if (size) {
2703 /* structure */
2704 error = copyin(argp, data, size);
2705 if (error) {
2706 (void)vnode_put(vp);
0a7de745 2707 if (memp) {
e2fac8b1 2708 kfree(memp, size);
0a7de745 2709 }
e2fac8b1
A		 2710 goto outdrop;
2711 }
39236c6e
A		 2712
2713 /* Bzero the section beyond that which was needed */
2714 if (size <= sizeof(stkbuf)) {
0a7de745 2715 bzero((((uint8_t*)data) + size), (sizeof(stkbuf) - size));
39236c6e 2716 }
e2fac8b1
A		 2717 } else {
2718 /* int */
2719 if (is64bit) {
2720 *(user_addr_t *)data = argp;
2721 } else {
2722 *(uint32_t *)data = (uint32_t)argp;
2723 }
2724 };
b0d623f7 2725 } else if ((uap->cmd & IOC_OUT) && size) {
e2fac8b1
A		 2726 /*
2727 * Zero the buffer so the user always
2728 * gets back something deterministic.
2729 */
2730 bzero(data, size);
b0d623f7 2731 } else if (uap->cmd & IOC_VOID) {
e2fac8b1 2732 if (is64bit) {
0a7de745 2733 *(user_addr_t *)data = argp;
e2fac8b1 2734 } else {
0a7de745 2735 *(uint32_t *)data = (uint32_t)argp;
e2fac8b1
A		 2736 }
2737 }
2738
e2fac8b1 2739 error = VNOP_IOCTL(vp, uap->cmd, CAST_DOWN(caddr_t, data), 0, &context);
2d21ac55
A		 2740
2741 (void)vnode_put(vp);
e2fac8b1
A		 2742
2743 /* Copy any output data to user */
0a7de745 2744 if (error == 0 && (uap->cmd & IOC_OUT) && size) {
e2fac8b1 2745 error = copyout(data, argp, size);
0a7de745
A		 2746 }
2747 if (memp) {
e2fac8b1 2748 kfree(memp, size);
0a7de745 2749 }
2d21ac55
A		 2750 }
2751 break;
2d21ac55
A		 2752 }
2753
2754outdrop:
2755 AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
2756 fp_drop(p, fd, fp, 0);
0a7de745 2757 return error;
2d21ac55
A		 2758out:
2759 fp_drop(p, fd, fp, 1);
2760 proc_fdunlock(p);
0a7de745 2761 return error;
2d21ac55
A		 2762}
2763
2764
2765/*
2766 * finishdup
2767 *
2768 * Description: Common code for dup, dup2, and fcntl(F_DUPFD).
2769 *
2770 * Parameters: p Process performing the dup
2771 * old The fd to dup
2772 * new The fd to dup it to
6d2010ae 2773 * fd_flags Flags to augment the new fd
2d21ac55
A		 2774 * retval Pointer to the call return area
2775 *
2776 * Returns: 0 Success
2777 * EBADF
2778 * ENOMEM
2779 *
2780 * Implicit returns:
2781 * *retval (modified) The new descriptor
2782 *
2783 * Locks: Assumes proc_fdlock for process pointing to fdp is held by
2784 * the caller
2785 *
2786 * Notes: This function may drop and reacquire this lock; it is unsafe
2787 * for a caller to assume that other state protected by the lock
6d2010ae 2788 * has not been subsequently changed out from under it.
2d21ac55
A		 2789 */
2790int
6d2010ae
A		 2791finishdup(proc_t p,
2792 struct filedesc *fdp, int old, int new, int fd_flags, int32_t *retval)
2d21ac55
A		 2793{
2794 struct fileproc *nfp;
2795 struct fileproc *ofp;
2796#if CONFIG_MACF
2797 int error;
2798#endif
2799
2800#if DIAGNOSTIC
2801 proc_fdlock_assert(p, LCK_MTX_ASSERT_OWNED);
2802#endif
2d21ac55 2803 if ((ofp = fdp->fd_ofiles[old]) == NULL ||
6d2010ae 2804 (fdp->fd_ofileflags[old] & UF_RESERVED)) {
2d21ac55 2805 fdrelse(p, new);
0a7de745 2806 return EBADF;
2d21ac55
A		 2807 }
2808 fg_ref(ofp);
2809
2810#if CONFIG_MACF
2811 error = mac_file_check_dup(proc_ucred(p), ofp->f_fglob, new);
2812 if (error) {
2813 fg_drop(ofp);
2814 fdrelse(p, new);
0a7de745 2815 return error;
2d21ac55
A		 2816 }
2817#endif
2818
2819 proc_fdunlock(p);
91447636 2820
39236c6e 2821 nfp = fileproc_alloc_init(NULL);
91447636
A		 2822
2823 proc_fdlock(p);
2d21ac55
A		 2824
2825 if (nfp == NULL) {
2826 fg_drop(ofp);
2827 fdrelse(p, new);
0a7de745 2828 return ENOMEM;
2d21ac55
A		 2829 }
2830
91447636 2831 nfp->f_fglob = ofp->f_fglob;
91447636 2832
2d21ac55 2833#if DIAGNOSTIC
0a7de745 2834 if (fdp->fd_ofiles[new] != 0) {
6d2010ae 2835 panic("finishdup: overwriting fd_ofiles with new %d", new);
0a7de745
A		 2836 }
2837 if ((fdp->fd_ofileflags[new] & UF_RESERVED) == 0) {
6d2010ae 2838 panic("finishdup: unreserved fileflags with new %d", new);
0a7de745 2839 }
2d21ac55
A		 2840#endif
2841
0a7de745 2842 if (new > fdp->fd_lastfile) {
1c79356b 2843 fdp->fd_lastfile = new;
0a7de745 2844 }
6d2010ae 2845 *fdflags(p, new) |= fd_flags;
6601e61a 2846 procfdtbl_releasefd(p, new, nfp);
1c79356b 2847 *retval = new;
0a7de745 2848 return 0;
1c79356b
A		 2849}
2850
91447636 2851
2d21ac55
A		 2852/*
2853 * close
2854 *
2855 * Description: The implementation of the close(2) system call
2856 *
2857 * Parameters: p Process in whose per process file table
2858 * the close is to occur
2859 * uap->fd fd to be closed
2860 * retval <unused>
2861 *
2862 * Returns: 0 Success
2863 * fp_lookup:EBADF Bad file descriptor
39236c6e 2864 * fp_guard_exception:??? Guarded file descriptor
2d21ac55 2865 * close_internal:EBADF
0a7de745 2866 * close_internal:??? Anything returnable by a per-fileops
2d21ac55
A		 2867 * close function
2868 */
2869int
b0d623f7 2870close(proc_t p, struct close_args *uap, int32_t *retval)
2d21ac55
A		 2871{
2872 __pthread_testcancel(1);
0a7de745 2873 return close_nocancel(p, (struct close_nocancel_args *)uap, retval);
2d21ac55
A		 2874}
2875
2876
1c79356b 2877int
b0d623f7 2878close_nocancel(proc_t p, struct close_nocancel_args *uap, __unused int32_t *retval)
1c79356b 2879{
91447636 2880 struct fileproc *fp;
1c79356b 2881 int fd = uap->fd;
39236c6e 2882 int error;
1c79356b 2883
e5568f75 2884 AUDIT_SYSCLOSE(p, fd);
91447636
A		 2885
2886 proc_fdlock(p);
2887
0a7de745 2888 if ((error = fp_lookup(p, fd, &fp, 1))) {
91447636 2889 proc_fdunlock(p);
0a7de745 2890 return error;
91447636
A		 2891 }
2892
39236c6e
A		 2893 if (FP_ISGUARDED(fp, GUARD_CLOSE)) {
2894 error = fp_guard_exception(p, fd, fp, kGUARD_EXC_CLOSE);
2895 (void) fp_drop(p, fd, fp, 1);
2896 proc_fdunlock(p);
0a7de745 2897 return error;
39236c6e
A		 2898 }
2899
2d21ac55 2900 error = close_internal_locked(p, fd, fp, 0);
91447636
A		 2901
2902 proc_fdunlock(p);
2903
0a7de745 2904 return error;
91447636
A		 2905}
2906
2907
2908/*
2d21ac55
A		 2909 * close_internal_locked
2910 *
91447636 2911 * Close a file descriptor.
2d21ac55
A		 2912 *
2913 * Parameters: p Process in whose per process file table
2914 * the close is to occur
2915 * fd fd to be closed
2916 * fp fileproc associated with the fd
2917 *
2918 * Returns: 0 Success
2919 * EBADF fd already in close wait state
0a7de745 2920 * closef_locked:??? Anything returnable by a per-fileops
2d21ac55
A		 2921 * close function
2922 *
2923 * Locks: Assumes proc_fdlock for process is held by the caller and returns
2924 * with lock held
2925 *
2926 * Notes: This function may drop and reacquire this lock; it is unsafe
2927 * for a caller to assume that other state protected by the lock
39236c6e 2928 * has not been subsequently changed out from under it.
91447636 2929 */
39236c6e 2930int
2d21ac55 2931close_internal_locked(proc_t p, int fd, struct fileproc *fp, int flags)
91447636
A		 2932{
2933 struct filedesc *fdp = p->p_fd;
0a7de745 2934 int error = 0;
2d21ac55 2935 int resvfd = flags & FD_DUP2RESV;
91447636 2936
2d21ac55
A		 2937
2938#if DIAGNOSTIC
2939 proc_fdlock_assert(p, LCK_MTX_ASSERT_OWNED);
2940#endif
55e303ae
A		 2941
2942 /* Keep people from using the filedesc while we are closing it */
6601e61a 2943 procfdtbl_markclosefd(p, fd);
2d21ac55
A		 2944
2945
6601e61a 2946 if ((fp->f_flags & FP_CLOSING) == FP_CLOSING) {
6d2010ae 2947 panic("close_internal_locked: being called on already closing fd");
6601e61a 2948 }
91447636
A		 2949
2950
2d21ac55 2951#if DIAGNOSTIC
0a7de745 2952 if ((fdp->fd_ofileflags[fd] & UF_RESERVED) == 0) {
6d2010ae 2953 panic("close_internal: unreserved fileflags with fd %d", fd);
0a7de745 2954 }
2d21ac55 2955#endif
91447636
A		 2956
2957 fp->f_flags |= FP_CLOSING;
91447636 2958
0a7de745
A		 2959 if ((fp->f_flags & FP_AIOISSUED) || kauth_authorize_fileop_has_listeners()) {
2960 proc_fdunlock(p);
91447636 2961
0a7de745
A		 2962 if ((fp->f_type == DTYPE_VNODE) && kauth_authorize_fileop_has_listeners()) {
2963 /*
39037602 2964 * call out to allow 3rd party notification of close.
91447636
A		 2965 * Ignore result of kauth_authorize_fileop call.
2966 */
0a7de745
A		 2967 if (vnode_getwithref((vnode_t)fp->f_data) == 0) {
2968 u_int fileop_flags = 0;
2969 if ((fp->f_flags & FP_WRITTEN) != 0) {
2970 fileop_flags |= KAUTH_FILEOP_CLOSE_MODIFIED;
2971 }
2972 kauth_authorize_fileop(fp->f_fglob->fg_cred, KAUTH_FILEOP_CLOSE,
2973 (uintptr_t)fp->f_data, (uintptr_t)fileop_flags);
91447636
A		 2974 vnode_put((vnode_t)fp->f_data);
2975 }
2976 }
0a7de745
A		 2977 if (fp->f_flags & FP_AIOISSUED) {
2978 /*
91447636
A		 2979 * cancel all async IO requests that can be cancelled.
2980 */
0a7de745
A		 2981 _aio_close( p, fd );
2982 }
91447636
A		 2983
2984 proc_fdlock(p);
2985 }
2986
0a7de745 2987 if (fd < fdp->fd_knlistsize) {
d9a64523 2988 knote_fdclose(p, fd);
0a7de745 2989 }
91447636 2990
cb323159
A		 2991 /* release the ref returned from fp_lookup before calling drain */
2992 (void) os_ref_release_locked(&fp->f_iocount);
39236c6e 2993 fileproc_drain(p, fp);
2d21ac55 2994
0a7de745
A		 2995 if (fp->f_flags & FP_WAITEVENT) {
2996 (void)waitevent_close(p, fp);
2997 }
2998
db609669 2999 if (resvfd == 0) {
6601e61a 3000 _fdrelse(p, fd);
db609669
A		 3001 } else {
3002 procfdtbl_reservefd(p, fd);
3003 }
2d21ac55 3004
0a7de745 3005 if (ENTR_SHOULDTRACE && fp->f_type == DTYPE_SOCKET) {
3e170ce0
A		 3006 KERNEL_ENERGYTRACE(kEnTrActKernSocket, DBG_FUNC_END,
3007 fd, 0, (int64_t)VM_KERNEL_ADDRPERM(fp->f_data));
0a7de745 3008 }
3e170ce0 3009
91447636 3010 error = closef_locked(fp, fp->f_fglob, p);
0a7de745 3011 if ((fp->f_flags & FP_WAITCLOSE) == FP_WAITCLOSE) {
91447636 3012 wakeup(&fp->f_flags);
0a7de745 3013 }
91447636
A		 3014 fp->f_flags &= ~(FP_WAITCLOSE | FP_CLOSING);
3015
2d21ac55
A		 3016 proc_fdunlock(p);
3017
39037602 3018 fileproc_free(fp);
2d21ac55
A		 3019
3020 proc_fdlock(p);
3021
3022#if DIAGNOSTIC
3023 if (resvfd != 0) {
0a7de745 3024 if ((fdp->fd_ofileflags[fd] & UF_RESERVED) == 0) {
6d2010ae 3025 panic("close with reserved fd returns with freed fd:%d: proc: %p", fd, p);
0a7de745 3026 }
2d21ac55
A		 3027 }
3028#endif
91447636 3029
0a7de745 3030 return error;
1c79356b
A		 3031}
3032
2d21ac55 3033
1c79356b 3034/*
2d21ac55
A		 3035 * fstat1
3036 *
3037 * Description: Return status information about a file descriptor.
3038 *
3039 * Parameters: p The process doing the fstat
3040 * fd The fd to stat
3041 * ub The user stat buffer
3042 * xsecurity The user extended security
3043 * buffer, or 0 if none
3044 * xsecurity_size The size of xsecurity, or 0
3045 * if no xsecurity
3046 * isstat64 Flag to indicate 64 bit version
3047 * for inode size, etc.
3048 *
3049 * Returns: 0 Success
3050 * EBADF
3051 * EFAULT
3052 * fp_lookup:EBADF Bad file descriptor
3053 * vnode_getwithref:???
3054 * copyout:EFAULT
3055 * vnode_getwithref:???
3056 * vn_stat:???
3057 * soo_stat:???
3058 * pipe_stat:???
3059 * pshm_stat:???
3060 * kqueue_stat:???
3061 *
3062 * Notes: Internal implementation for all other fstat() related
3063 * functions
91447636 3064 *
2d21ac55
A		 3065 * XXX switch on node type is bogus; need a stat in struct
3066 * XXX fileops instead.
1c79356b 3067 */
91447636 3068static int
2d21ac55 3069fstat1(proc_t p, int fd, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size, int isstat64)
1c79356b 3070{
91447636 3071 struct fileproc *fp;
b0d623f7
A		 3072 union {
3073 struct stat sb;
3074 struct stat64 sb64;
3075 } source;
3076 union {
3077 struct user64_stat user64_sb;
3078 struct user32_stat user32_sb;
3079 struct user64_stat64 user64_sb64;
3080 struct user32_stat64 user32_sb64;
3081 } dest;
91447636 3082 int error, my_size;
8f6c56a5 3083 file_type_t type;
91447636
A		 3084 caddr_t data;
3085 kauth_filesec_t fsec;
2d21ac55
A		 3086 user_size_t xsecurity_bufsize;
3087 vfs_context_t ctx = vfs_context_current();
3088 void * sbptr;
1c79356b 3089
91447636
A		 3090
3091 AUDIT_ARG(fd, fd);
3092
2d21ac55 3093 if ((error = fp_lookup(p, fd, &fp, 0)) != 0) {
0a7de745 3094 return error;
2d21ac55 3095 }
91447636
A		 3096 type = fp->f_type;
3097 data = fp->f_data;
3098 fsec = KAUTH_FILESEC_NONE;
3099
b0d623f7 3100 sbptr = (void *)&source;
2d21ac55 3101
91447636 3102 switch (type) {
1c79356b 3103 case DTYPE_VNODE:
91447636
A		 3104 if ((error = vnode_getwithref((vnode_t)data)) == 0) {
3105 /*
2d21ac55
A		 3106 * If the caller has the file open, and is not
3107 * requesting extended security information, we are
3108 * going to let them get the basic stat information.
91447636
A		 3109 */
3110 if (xsecurity == USER_ADDR_NULL) {
cb323159 3111 error = vn_stat_noauth((vnode_t)data, sbptr, NULL, isstat64, 0, ctx,
0a7de745 3112 fp->f_fglob->fg_cred);
91447636 3113 } else {
cb323159 3114 error = vn_stat((vnode_t)data, sbptr, &fsec, isstat64, 0, ctx);
91447636
A		 3115 }
3116
3117 AUDIT_ARG(vnpath, (struct vnode *)data, ARG_VNODE1);
3118 (void)vnode_put((vnode_t)data);
55e303ae 3119 }
1c79356b
A		 3120 break;
3121
2d21ac55 3122#if SOCKETS
1c79356b 3123 case DTYPE_SOCKET:
2d21ac55 3124 error = soo_stat((struct socket *)data, sbptr, isstat64);
91447636 3125 break;
2d21ac55 3126#endif /* SOCKETS */
91447636
A		 3127
3128 case DTYPE_PIPE:
2d21ac55 3129 error = pipe_stat((void *)data, sbptr, isstat64);
1c79356b
A		 3130 break;
3131
3132 case DTYPE_PSXSHM:
2d21ac55 3133 error = pshm_stat((void *)data, sbptr, isstat64);
1c79356b 3134 break;
55e303ae
A		 3135
3136 case DTYPE_KQUEUE:
fe8ab488 3137 error = kqueue_stat((void *)data, sbptr, isstat64, p);
91447636 3138 break;
55e303ae 3139
1c79356b 3140 default:
91447636
A		 3141 error = EBADF;
3142 goto out;
3143 }
91447636
A		 3144 if (error == 0) {
3145 caddr_t sbp;
2d21ac55
A		 3146
3147 if (isstat64 != 0) {
b0d623f7
A		 3148 source.sb64.st_lspare = 0;
3149 source.sb64.st_qspare[0] = 0LL;
3150 source.sb64.st_qspare[1] = 0LL;
3151
2d21ac55 3152 if (IS_64BIT_PROCESS(current_proc())) {
39037602 3153 munge_user64_stat64(&source.sb64, &dest.user64_sb64);
b0d623f7
A		 3154 my_size = sizeof(dest.user64_sb64);
3155 sbp = (caddr_t)&dest.user64_sb64;
2d21ac55 3156 } else {
39037602 3157 munge_user32_stat64(&source.sb64, &dest.user32_sb64);
b0d623f7
A		 3158 my_size = sizeof(dest.user32_sb64);
3159 sbp = (caddr_t)&dest.user32_sb64;
2d21ac55
A		 3160 }
3161 } else {
b0d623f7
A		 3162 source.sb.st_lspare = 0;
3163 source.sb.st_qspare[0] = 0LL;
3164 source.sb.st_qspare[1] = 0LL;
2d21ac55 3165 if (IS_64BIT_PROCESS(current_proc())) {
39037602 3166 munge_user64_stat(&source.sb, &dest.user64_sb);
b0d623f7
A		 3167 my_size = sizeof(dest.user64_sb);
3168 sbp = (caddr_t)&dest.user64_sb;
2d21ac55 3169 } else {
39037602 3170 munge_user32_stat(&source.sb, &dest.user32_sb);
b0d623f7
A		 3171 my_size = sizeof(dest.user32_sb);
3172 sbp = (caddr_t)&dest.user32_sb;
2d21ac55 3173 }
91447636 3174 }
2d21ac55 3175
91447636 3176 error = copyout(sbp, ub, my_size);
1c79356b 3177 }
1c79356b 3178
91447636
A		 3179 /* caller wants extended security information? */
3180 if (xsecurity != USER_ADDR_NULL) {
91447636 3181 /* did we get any? */
0a7de745 3182 if (fsec == KAUTH_FILESEC_NONE) {
91447636
A		 3183 if (susize(xsecurity_size, 0) != 0) {
3184 error = EFAULT;
3185 goto out;
3186 }
3187 } else {
3188 /* find the user buffer size */
3189 xsecurity_bufsize = fusize(xsecurity_size);
1c79356b 3190
91447636
A		 3191 /* copy out the actual data size */
3192 if (susize(xsecurity_size, KAUTH_FILESEC_COPYSIZE(fsec)) != 0) {
3193 error = EFAULT;
3194 goto out;
3195 }
1c79356b 3196
91447636 3197 /* if the caller supplied enough room, copy out to it */
0a7de745 3198 if (xsecurity_bufsize >= KAUTH_FILESEC_COPYSIZE(fsec)) {
91447636 3199 error = copyout(fsec, xsecurity, KAUTH_FILESEC_COPYSIZE(fsec));
0a7de745 3200 }
91447636 3201 }
1c79356b 3202 }
91447636
A		 3203out:
3204 fp_drop(p, fd, fp, 0);
0a7de745 3205 if (fsec != NULL) {
91447636 3206 kauth_filesec_free(fsec);
0a7de745
A		 3207 }
3208 return error;
1c79356b 3209}
91447636 3210
2d21ac55
A		 3211
3212/*
3213 * fstat_extended
3214 *
3215 * Description: Extended version of fstat supporting returning extended
3216 * security information
3217 *
3218 * Parameters: p The process doing the fstat
3219 * uap->fd The fd to stat
3220 * uap->ub The user stat buffer
3221 * uap->xsecurity The user extended security
3222 * buffer, or 0 if none
3223 * uap->xsecurity_size The size of xsecurity, or 0
3224 *
3225 * Returns: 0 Success
3226 * !0 Errno (see fstat1)
3227 */
91447636 3228int
b0d623f7 3229fstat_extended(proc_t p, struct fstat_extended_args *uap, __unused int32_t *retval)
91447636 3230{
0a7de745 3231 return fstat1(p, uap->fd, uap->ub, uap->xsecurity, uap->xsecurity_size, 0);
91447636 3232}
39037602 3233
2d21ac55
A		 3234
3235/*
3236 * fstat
3237 *
3238 * Description: Get file status for the file associated with fd
3239 *
3240 * Parameters: p The process doing the fstat
3241 * uap->fd The fd to stat
3242 * uap->ub The user stat buffer
3243 *
3244 * Returns: 0 Success
3245 * !0 Errno (see fstat1)
3246 */
3247int
39037602 3248fstat(proc_t p, struct fstat_args *uap, __unused int32_t *retval)
2d21ac55 3249{
0a7de745 3250 return fstat1(p, uap->fd, uap->ub, 0, 0, 0);
2d21ac55
A		 3251}
3252
3253
3254/*
3255 * fstat64_extended
3256 *
3257 * Description: Extended version of fstat64 supporting returning extended
3258 * security information
3259 *
3260 * Parameters: p The process doing the fstat
3261 * uap->fd The fd to stat
3262 * uap->ub The user stat buffer
3263 * uap->xsecurity The user extended security
3264 * buffer, or 0 if none
3265 * uap->xsecurity_size The size of xsecurity, or 0
3266 *
3267 * Returns: 0 Success
3268 * !0 Errno (see fstat1)
3269 */
3270int
b0d623f7 3271fstat64_extended(proc_t p, struct fstat64_extended_args *uap, __unused int32_t *retval)
2d21ac55 3272{
0a7de745 3273 return fstat1(p, uap->fd, uap->ub, uap->xsecurity, uap->xsecurity_size, 1);
2d21ac55 3274}
39037602 3275
2d21ac55
A		 3276
3277/*
3278 * fstat64
3279 *
3280 * Description: Get 64 bit version of the file status for the file associated
3281 * with fd
3282 *
3283 * Parameters: p The process doing the fstat
3284 * uap->fd The fd to stat
3285 * uap->ub The user stat buffer
3286 *
3287 * Returns: 0 Success
3288 * !0 Errno (see fstat1)
3289 */
91447636 3290int
39037602 3291fstat64(proc_t p, struct fstat64_args *uap, __unused int32_t *retval)
91447636 3292{
0a7de745 3293 return fstat1(p, uap->fd, uap->ub, 0, 0, 1);
91447636 3294}
1c79356b 3295
2d21ac55 3296
1c79356b 3297/*
2d21ac55
A		 3298 * fpathconf
3299 *
3300 * Description: Return pathconf information about a file descriptor.
3301 *
3302 * Parameters: p Process making the request
3303 * uap->fd fd to get information about
3304 * uap->name Name of information desired
3305 * retval Pointer to the call return area
3306 *
3307 * Returns: 0 Success
3308 * EINVAL
3309 * fp_lookup:EBADF Bad file descriptor
3310 * vnode_getwithref:???
3311 * vn_pathconf:???
3312 *
3313 * Implicit returns:
3314 * *retval (modified) Returned information (numeric)
1c79356b 3315 */
91447636 3316int
b0d623f7 3317fpathconf(proc_t p, struct fpathconf_args *uap, int32_t *retval)
1c79356b
A		 3318{
3319 int fd = uap->fd;
91447636 3320 struct fileproc *fp;
1c79356b 3321 struct vnode *vp;
91447636 3322 int error = 0;
8f6c56a5 3323 file_type_t type;
91447636
A		 3324 caddr_t data;
3325
1c79356b 3326
55e303ae 3327 AUDIT_ARG(fd, uap->fd);
0a7de745
A		 3328 if ((error = fp_lookup(p, fd, &fp, 0))) {
3329 return error;
3330 }
91447636
A		 3331 type = fp->f_type;
3332 data = fp->f_data;
3333
3334 switch (type) {
1c79356b 3335 case DTYPE_SOCKET:
b0d623f7
A		 3336 if (uap->name != _PC_PIPE_BUF) {
3337 error = EINVAL;
91447636
A		 3338 goto out;
3339 }
1c79356b 3340 *retval = PIPE_BUF;
91447636
A		 3341 error = 0;
3342 goto out;
3343
3344 case DTYPE_PIPE:
b0d623f7
A		 3345 if (uap->name != _PC_PIPE_BUF) {
3346 error = EINVAL;
3347 goto out;
3348 }
3349 *retval = PIPE_BUF;
91447636
A		 3350 error = 0;
3351 goto out;
1c79356b
A		 3352
3353 case DTYPE_VNODE:
91447636
A		 3354 vp = (struct vnode *)data;
3355
0a7de745
A		 3356 if ((error = vnode_getwithref(vp)) == 0) {
3357 AUDIT_ARG(vnpath, vp, ARG_VNODE1);
91447636 3358
2d21ac55 3359 error = vn_pathconf(vp, uap->name, retval, vfs_context_current());
91447636
A		 3360
3361 (void)vnode_put(vp);
3362 }
3363 goto out;
55e303ae 3364
39236c6e 3365 default:
91447636
A		 3366 error = EINVAL;
3367 goto out;
1c79356b
A		 3368 }
3369 /*NOTREACHED*/
91447636
A		 3370out:
3371 fp_drop(p, fd, fp, 0);
0a7de745 3372 return error;
1c79356b
A		 3373}
3374
3375/*
2d21ac55
A		 3376 * Statistics counter for the number of times a process calling fdalloc()
3377 * has resulted in an expansion of the per process open file table.
3378 *
3379 * XXX This would likely be of more use if it were per process
1c79356b
A		 3380 */
3381int fdexpand;
3382
2d21ac55
A		 3383
3384/*
3385 * fdalloc
3386 *
3387 * Description: Allocate a file descriptor for the process.
3388 *
3389 * Parameters: p Process to allocate the fd in
3390 * want The fd we would prefer to get
3391 * result Pointer to fd we got
3392 *
3393 * Returns: 0 Success
3394 * EMFILE
3395 * ENOMEM
3396 *
3397 * Implicit returns:
3398 * *result (modified) The fd which was allocated
3399 */
1c79356b 3400int
2d21ac55 3401fdalloc(proc_t p, int want, int *result)
1c79356b 3402{
2d21ac55
A		 3403 struct filedesc *fdp = p->p_fd;
3404 int i;
91447636
A		 3405 int lim, last, numfiles, oldnfiles;
3406 struct fileproc **newofiles, **ofiles;
6601e61a 3407 char *newofileflags;
1c79356b
A		 3408
3409 /*
3410 * Search for a free descriptor starting at the higher
3411 * of want or fd_freefile. If that fails, consider
3412 * expanding the ofile array.
3413 */
2d21ac55
A		 3414#if DIAGNOSTIC
3415 proc_fdlock_assert(p, LCK_MTX_ASSERT_OWNED);
3416#endif
3417
1c79356b
A		 3418 lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfiles);
3419 for (;;) {
3420 last = min(fdp->fd_nfiles, lim);
0a7de745 3421 if ((i = want) < fdp->fd_freefile) {
1c79356b 3422 i = fdp->fd_freefile;
0a7de745 3423 }
1c79356b 3424 for (; i < last; i++) {
6601e61a
A		 3425 if (fdp->fd_ofiles[i] == NULL && !(fdp->fd_ofileflags[i] & UF_RESERVED)) {
3426 procfdtbl_reservefd(p, i);
0a7de745 3427 if (i > fdp->fd_lastfile) {
1c79356b 3428 fdp->fd_lastfile = i;
0a7de745
A		 3429 }
3430 if (want <= fdp->fd_freefile) {
1c79356b 3431 fdp->fd_freefile = i;
0a7de745 3432 }
1c79356b 3433 *result = i;
0a7de745 3434 return 0;
1c79356b 3435 }
1c79356b
A		 3436 }
3437
3438 /*
3439 * No space in current array. Expand?
3440 */
0a7de745
A		 3441 if (fdp->fd_nfiles >= lim) {
3442 return EMFILE;
3443 }
3444 if (fdp->fd_nfiles < NDEXTENT) {
91447636 3445 numfiles = NDEXTENT;
0a7de745 3446 } else {
91447636 3447 numfiles = 2 * fdp->fd_nfiles;
0a7de745 3448 }
1c79356b 3449 /* Enforce lim */
0a7de745 3450 if (numfiles > lim) {
91447636 3451 numfiles = lim;
0a7de745 3452 }
91447636
A		 3453 proc_fdunlock(p);
3454 MALLOC_ZONE(newofiles, struct fileproc **,
0a7de745 3455 numfiles * OFILESIZE, M_OFILETABL, M_WAITOK);
91447636
A		 3456 proc_fdlock(p);
3457 if (newofiles == NULL) {
0a7de745 3458 return ENOMEM;
91447636
A		 3459 }
3460 if (fdp->fd_nfiles >= numfiles) {
3461 FREE_ZONE(newofiles, numfiles * OFILESIZE, M_OFILETABL);
1c79356b
A		 3462 continue;
3463 }
91447636 3464 newofileflags = (char *) &newofiles[numfiles];
1c79356b
A		 3465 /*
3466 * Copy the existing ofile and ofileflags arrays
3467 * and zero the new portion of each array.
3468 */
3469 oldnfiles = fdp->fd_nfiles;
3470 (void) memcpy(newofiles, fdp->fd_ofiles,
0a7de745 3471 oldnfiles * sizeof(*fdp->fd_ofiles));
1c79356b 3472 (void) memset(&newofiles[oldnfiles], 0,
0a7de745 3473 (numfiles - oldnfiles) * sizeof(*fdp->fd_ofiles));
1c79356b
A		 3474
3475 (void) memcpy(newofileflags, fdp->fd_ofileflags,
0a7de745 3476 oldnfiles * sizeof(*fdp->fd_ofileflags));
1c79356b 3477 (void) memset(&newofileflags[oldnfiles], 0,
0a7de745
A		 3478 (numfiles - oldnfiles) *
3479 sizeof(*fdp->fd_ofileflags));
1c79356b
A		 3480 ofiles = fdp->fd_ofiles;
3481 fdp->fd_ofiles = newofiles;
3482 fdp->fd_ofileflags = newofileflags;
91447636 3483 fdp->fd_nfiles = numfiles;
1c79356b
A		 3484 FREE_ZONE(ofiles, oldnfiles * OFILESIZE, M_OFILETABL);
3485 fdexpand++;
3486 }
3487}
3488
2d21ac55 3489
91447636 3490/*
2d21ac55
A		 3491 * fdavail
3492 *
3493 * Description: Check to see whether n user file descriptors are available
3494 * to the process p.
3495 *
3496 * Parameters: p Process to check in
3497 * n The number of fd's desired
3498 *
3499 * Returns: 0 No
3500 * 1 Yes
3501 *
3502 * Locks: Assumes proc_fdlock for process is held by the caller
3503 *
3504 * Notes: The answer only remains valid so long as the proc_fdlock is
3505 * held by the caller.
91447636
A		 3506 */
3507int
2d21ac55 3508fdavail(proc_t p, int n)
91447636
A		 3509{
3510 struct filedesc *fdp = p->p_fd;
3511 struct fileproc **fpp;
3512 char *flags;
3513 int i, lim;
3514
3515 lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfiles);
0a7de745
A		 3516 if ((i = lim - fdp->fd_nfiles) > 0 && (n -= i) <= 0) {
3517 return 1;
3518 }
91447636
A		 3519 fpp = &fdp->fd_ofiles[fdp->fd_freefile];
3520 flags = &fdp->fd_ofileflags[fdp->fd_freefile];
0a7de745
A		 3521 for (i = fdp->fd_nfiles - fdp->fd_freefile; --i >= 0; fpp++, flags++) {
3522 if (*fpp == NULL && !(*flags & UF_RESERVED) && --n <= 0) {
3523 return 1;
3524 }
3525 }
3526 return 0;
91447636
A		 3527}
3528
91447636 3529
2d21ac55
A		 3530/*
3531 * fdrelse
3532 *
3533 * Description: Legacy KPI wrapper function for _fdrelse
3534 *
3535 * Parameters: p Process in which fd lives
3536 * fd fd to free
3537 *
3538 * Returns: void
3539 *
3540 * Locks: Assumes proc_fdlock for process is held by the caller
3541 */
91447636 3542void
2d21ac55 3543fdrelse(proc_t p, int fd)
91447636 3544{
2d21ac55 3545 _fdrelse(p, fd);
91447636
A		 3546}
3547
3548
2d21ac55
A		 3549/*
3550 * fdgetf_noref
3551 *
3552 * Description: Get the fileproc pointer for the given fd from the per process
3553 * open file table without taking an explicit reference on it.
3554 *
3555 * Parameters: p Process containing fd
3556 * fd fd to obtain fileproc for
3557 * resultfp Pointer to pointer return area
3558 *
3559 * Returns: 0 Success
3560 * EBADF
3561 *
3562 * Implicit returns:
3563 * *resultfp (modified) Pointer to fileproc pointer
3564 *
3565 * Locks: Assumes proc_fdlock for process is held by the caller
3566 *
3567 * Notes: Because there is no reference explicitly taken, the returned
3568 * fileproc pointer is only valid so long as the proc_fdlock
3569 * remains held by the caller.
3570 */
91447636 3571int
2d21ac55 3572fdgetf_noref(proc_t p, int fd, struct fileproc **resultfp)
91447636
A		 3573{
3574 struct filedesc *fdp = p->p_fd;
3575 struct fileproc *fp;
3576
3577 if (fd < 0 || fd >= fdp->fd_nfiles ||
0a7de745
A		 3578 (fp = fdp->fd_ofiles[fd]) == NULL ||
3579 (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
3580 return EBADF;
91447636 3581 }
0a7de745 3582 if (resultfp) {
91447636 3583 *resultfp = fp;
0a7de745
A		 3584 }
3585 return 0;
91447636
A		 3586}
3587
3588
2d21ac55
A		 3589/*
3590 * fp_getfvp
3591 *
3592 * Description: Get fileproc and vnode pointer for a given fd from the per
3593 * process open file table of the specified process, and if
3594 * successful, increment the f_iocount
3595 *
3596 * Parameters: p Process in which fd lives
3597 * fd fd to get information for
3598 * resultfp Pointer to result fileproc
3599 * pointer area, or 0 if none
3600 * resultvp Pointer to result vnode pointer
3601 * area, or 0 if none
3602 *
3603 * Returns: 0 Success
3604 * EBADF Bad file descriptor
3605 * ENOTSUP fd does not refer to a vnode
3606 *
3607 * Implicit returns:
3608 * *resultfp (modified) Fileproc pointer
3609 * *resultvp (modified) vnode pointer
3610 *
3611 * Notes: The resultfp and resultvp fields are optional, and may be
3612 * independently specified as NULL to skip returning information
3613 *
3614 * Locks: Internally takes and releases proc_fdlock
3615 */
91447636 3616int
2d21ac55 3617fp_getfvp(proc_t p, int fd, struct fileproc **resultfp, struct vnode **resultvp)
91447636
A		 3618{
3619 struct filedesc *fdp = p->p_fd;
3620 struct fileproc *fp;
3621
2d21ac55 3622 proc_fdlock_spin(p);
91447636 3623 if (fd < 0 || fd >= fdp->fd_nfiles ||
0a7de745
A		 3624 (fp = fdp->fd_ofiles[fd]) == NULL ||
3625 (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
91447636 3626 proc_fdunlock(p);
0a7de745 3627 return EBADF;
91447636
A		 3628 }
3629 if (fp->f_type != DTYPE_VNODE) {
3630 proc_fdunlock(p);
0a7de745 3631 return ENOTSUP;
91447636 3632 }
cb323159 3633 os_ref_retain_locked(&fp->f_iocount);
91447636 3634
0a7de745 3635 if (resultfp) {
91447636 3636 *resultfp = fp;
0a7de745
A		 3637 }
3638 if (resultvp) {
91447636 3639 *resultvp = (struct vnode *)fp->f_data;
0a7de745 3640 }
91447636
A		 3641 proc_fdunlock(p);
3642
0a7de745 3643 return 0;
91447636
A		 3644}
3645
3646
2d21ac55
A		 3647/*
3648 * fp_getfvpandvid
3649 *
3650 * Description: Get fileproc, vnode pointer, and vid for a given fd from the
3651 * per process open file table of the specified process, and if
3652 * successful, increment the f_iocount
3653 *
3654 * Parameters: p Process in which fd lives
3655 * fd fd to get information for
3656 * resultfp Pointer to result fileproc
3657 * pointer area, or 0 if none
3658 * resultvp Pointer to result vnode pointer
3659 * area, or 0 if none
3660 * vidp Pointer to resuld vid area
3661 *
3662 * Returns: 0 Success
3663 * EBADF Bad file descriptor
3664 * ENOTSUP fd does not refer to a vnode
3665 *
3666 * Implicit returns:
3667 * *resultfp (modified) Fileproc pointer
3668 * *resultvp (modified) vnode pointer
3669 * *vidp vid value
3670 *
3671 * Notes: The resultfp and resultvp fields are optional, and may be
3672 * independently specified as NULL to skip returning information
3673 *
3674 * Locks: Internally takes and releases proc_fdlock
3675 */
0c530ab8 3676int
2d21ac55 3677fp_getfvpandvid(proc_t p, int fd, struct fileproc **resultfp,
0a7de745 3678 struct vnode **resultvp, uint32_t *vidp)
0c530ab8
A		 3679{
3680 struct filedesc *fdp = p->p_fd;
3681 struct fileproc *fp;
3682
2d21ac55 3683 proc_fdlock_spin(p);
0c530ab8 3684 if (fd < 0 || fd >= fdp->fd_nfiles ||
0a7de745
A		 3685 (fp = fdp->fd_ofiles[fd]) == NULL ||
3686 (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
0c530ab8 3687 proc_fdunlock(p);
0a7de745 3688 return EBADF;
0c530ab8
A		 3689 }
3690 if (fp->f_type != DTYPE_VNODE) {
3691 proc_fdunlock(p);
0a7de745 3692 return ENOTSUP;
0c530ab8 3693 }
cb323159 3694 os_ref_retain_locked(&fp->f_iocount);
0c530ab8 3695
0a7de745 3696 if (resultfp) {
0c530ab8 3697 *resultfp = fp;
0a7de745
A		 3698 }
3699 if (resultvp) {
0c530ab8 3700 *resultvp = (struct vnode *)fp->f_data;
0a7de745
A		 3701 }
3702 if (vidp) {
0c530ab8 3703 *vidp = (uint32_t)vnode_vid((struct vnode *)fp->f_data);
0a7de745 3704 }
0c530ab8
A		 3705 proc_fdunlock(p);
3706
0a7de745 3707 return 0;
0c530ab8
A		 3708}
3709
2d21ac55 3710
91447636 3711/*
2d21ac55
A		 3712 * fp_getfsock
3713 *
3714 * Description: Get fileproc and socket pointer for a given fd from the
3715 * per process open file table of the specified process, and if
3716 * successful, increment the f_iocount
3717 *
3718 * Parameters: p Process in which fd lives
3719 * fd fd to get information for
3720 * resultfp Pointer to result fileproc
3721 * pointer area, or 0 if none
3722 * results Pointer to result socket
3723 * pointer area, or 0 if none
3724 *
91447636
A		 3725 * Returns: EBADF The file descriptor is invalid
3726 * EOPNOTSUPP The file descriptor is not a socket
3727 * 0 Success
3728 *
2d21ac55
A		 3729 * Implicit returns:
3730 * *resultfp (modified) Fileproc pointer
3731 * *results (modified) socket pointer
3732 *
91447636
A		 3733 * Notes: EOPNOTSUPP should probably be ENOTSOCK; this function is only
3734 * ever called from accept1().
3735 */
3736int
2d21ac55 3737fp_getfsock(proc_t p, int fd, struct fileproc **resultfp,
0a7de745 3738 struct socket **results)
91447636
A		 3739{
3740 struct filedesc *fdp = p->p_fd;
3741 struct fileproc *fp;
3742
2d21ac55 3743 proc_fdlock_spin(p);
91447636 3744 if (fd < 0 || fd >= fdp->fd_nfiles ||
0a7de745
A		 3745 (fp = fdp->fd_ofiles[fd]) == NULL ||
3746 (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
91447636 3747 proc_fdunlock(p);
0a7de745 3748 return EBADF;
91447636
A		 3749 }
3750 if (fp->f_type != DTYPE_SOCKET) {
3751 proc_fdunlock(p);
0a7de745 3752 return EOPNOTSUPP;
91447636 3753 }
cb323159 3754 os_ref_retain_locked(&fp->f_iocount);
91447636 3755
0a7de745 3756 if (resultfp) {
91447636 3757 *resultfp = fp;
0a7de745
A		 3758 }
3759 if (results) {
91447636 3760 *results = (struct socket *)fp->f_data;
0a7de745 3761 }
91447636
A		 3762 proc_fdunlock(p);
3763
0a7de745 3764 return 0;
91447636
A		 3765}
3766
3767
2d21ac55
A		 3768/*
3769 * fp_getfkq
3770 *
3771 * Description: Get fileproc and kqueue pointer for a given fd from the
3772 * per process open file table of the specified process, and if
3773 * successful, increment the f_iocount
3774 *
3775 * Parameters: p Process in which fd lives
3776 * fd fd to get information for
3777 * resultfp Pointer to result fileproc
3778 * pointer area, or 0 if none
3779 * resultkq Pointer to result kqueue
3780 * pointer area, or 0 if none
3781 *
3782 * Returns: EBADF The file descriptor is invalid
3783 * EBADF The file descriptor is not a socket
3784 * 0 Success
3785 *
3786 * Implicit returns:
3787 * *resultfp (modified) Fileproc pointer
3788 * *resultkq (modified) kqueue pointer
3789 *
3790 * Notes: The second EBADF should probably be something else to make
3791 * the error condition distinct.
3792 */
91447636 3793int
2d21ac55 3794fp_getfkq(proc_t p, int fd, struct fileproc **resultfp,
0a7de745 3795 struct kqueue **resultkq)
91447636
A		 3796{
3797 struct filedesc *fdp = p->p_fd;
3798 struct fileproc *fp;
3799
2d21ac55 3800 proc_fdlock_spin(p);
0a7de745
A		 3801 if (fd < 0 || fd >= fdp->fd_nfiles ||
3802 (fp = fdp->fd_ofiles[fd]) == NULL ||
3803 (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
91447636 3804 proc_fdunlock(p);
0a7de745 3805 return EBADF;
91447636
A		 3806 }
3807 if (fp->f_type != DTYPE_KQUEUE) {
3808 proc_fdunlock(p);
0a7de745 3809 return EBADF;
91447636 3810 }
cb323159 3811 os_ref_retain_locked(&fp->f_iocount);
91447636 3812
0a7de745 3813 if (resultfp) {
91447636 3814 *resultfp = fp;
0a7de745
A		 3815 }
3816 if (resultkq) {
91447636 3817 *resultkq = (struct kqueue *)fp->f_data;
0a7de745 3818 }
91447636
A		 3819 proc_fdunlock(p);
3820
0a7de745 3821 return 0;
91447636
A		 3822}
3823
2d21ac55
A		 3824
3825/*
3826 * fp_getfpshm
3827 *
3828 * Description: Get fileproc and POSIX shared memory pointer for a given fd
3829 * from the per process open file table of the specified process
3830 * and if successful, increment the f_iocount
3831 *
3832 * Parameters: p Process in which fd lives
3833 * fd fd to get information for
3834 * resultfp Pointer to result fileproc
3835 * pointer area, or 0 if none
3836 * resultpshm Pointer to result POSIX
3837 * shared memory pointer
3838 * pointer area, or 0 if none
3839 *
3840 * Returns: EBADF The file descriptor is invalid
3841 * EBADF The file descriptor is not a POSIX
3842 * shared memory area
3843 * 0 Success
3844 *
3845 * Implicit returns:
3846 * *resultfp (modified) Fileproc pointer
3847 * *resultpshm (modified) POSIX shared memory pointer
3848 *
3849 * Notes: The second EBADF should probably be something else to make
3850 * the error condition distinct.
3851 */
91447636 3852int
2d21ac55 3853fp_getfpshm(proc_t p, int fd, struct fileproc **resultfp,
0a7de745 3854 struct pshmnode **resultpshm)
91447636
A		 3855{
3856 struct filedesc *fdp = p->p_fd;
3857 struct fileproc *fp;
3858
2d21ac55 3859 proc_fdlock_spin(p);
91447636 3860 if (fd < 0 || fd >= fdp->fd_nfiles ||
0a7de745
A		 3861 (fp = fdp->fd_ofiles[fd]) == NULL ||
3862 (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
91447636 3863 proc_fdunlock(p);
0a7de745 3864 return EBADF;
91447636
A		 3865 }
3866 if (fp->f_type != DTYPE_PSXSHM) {
91447636 3867 proc_fdunlock(p);
0a7de745 3868 return EBADF;
91447636 3869 }
cb323159 3870 os_ref_retain_locked(&fp->f_iocount);
91447636 3871
0a7de745 3872 if (resultfp) {
91447636 3873 *resultfp = fp;
0a7de745
A		 3874 }
3875 if (resultpshm) {
91447636 3876 *resultpshm = (struct pshmnode *)fp->f_data;
0a7de745 3877 }
91447636
A		 3878 proc_fdunlock(p);
3879
0a7de745 3880 return 0;
91447636
A		 3881}
3882
3883
2d21ac55
A		 3884/*
3885 * fp_getfsem
3886 *
3887 * Description: Get fileproc and POSIX semaphore pointer for a given fd from
3888 * the per process open file table of the specified process
3889 * and if successful, increment the f_iocount
3890 *
3891 * Parameters: p Process in which fd lives
3892 * fd fd to get information for
3893 * resultfp Pointer to result fileproc
3894 * pointer area, or 0 if none
3895 * resultpsem Pointer to result POSIX
3896 * semaphore pointer area, or
3897 * 0 if none
3898 *
3899 * Returns: EBADF The file descriptor is invalid
3900 * EBADF The file descriptor is not a POSIX
3901 * semaphore
3902 * 0 Success
3903 *
3904 * Implicit returns:
3905 * *resultfp (modified) Fileproc pointer
3906 * *resultpsem (modified) POSIX semaphore pointer
3907 *
3908 * Notes: The second EBADF should probably be something else to make
3909 * the error condition distinct.
3910 *
3911 * In order to support unnamed POSIX semaphores, the named
3912 * POSIX semaphores will have to move out of the per-process
3913 * open filetable, and into a global table that is shared with
3914 * unnamed POSIX semaphores, since unnamed POSIX semaphores
3915 * are typically used by declaring instances in shared memory,
3916 * and there's no other way to do this without changing the
3917 * underlying type, which would introduce binary compatibility
3918 * issues.
3919 */
91447636 3920int
2d21ac55 3921fp_getfpsem(proc_t p, int fd, struct fileproc **resultfp,
0a7de745 3922 struct psemnode **resultpsem)
91447636
A		 3923{
3924 struct filedesc *fdp = p->p_fd;
3925 struct fileproc *fp;
3926
2d21ac55 3927 proc_fdlock_spin(p);
91447636 3928 if (fd < 0 || fd >= fdp->fd_nfiles ||
0a7de745
A		 3929 (fp = fdp->fd_ofiles[fd]) == NULL ||
3930 (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
91447636 3931 proc_fdunlock(p);
0a7de745 3932 return EBADF;
91447636
A		 3933 }
3934 if (fp->f_type != DTYPE_PSXSEM) {
3935 proc_fdunlock(p);
0a7de745 3936 return EBADF;
91447636 3937 }
cb323159 3938 os_ref_retain_locked(&fp->f_iocount);
91447636 3939
0a7de745 3940 if (resultfp) {
91447636 3941 *resultfp = fp;
0a7de745
A		 3942 }
3943 if (resultpsem) {
91447636 3944 *resultpsem = (struct psemnode *)fp->f_data;
0a7de745 3945 }
91447636
A		 3946 proc_fdunlock(p);
3947
0a7de745 3948 return 0;
91447636 3949}
0c530ab8
A		 3950
3951
2d21ac55
A		 3952/*
3953 * fp_getfpipe
3954 *
3955 * Description: Get fileproc and pipe pointer for a given fd from the
3956 * per process open file table of the specified process
3957 * and if successful, increment the f_iocount
3958 *
3959 * Parameters: p Process in which fd lives
3960 * fd fd to get information for
3961 * resultfp Pointer to result fileproc
3962 * pointer area, or 0 if none
3963 * resultpipe Pointer to result pipe
3964 * pointer area, or 0 if none
3965 *
3966 * Returns: EBADF The file descriptor is invalid
3967 * EBADF The file descriptor is not a socket
3968 * 0 Success
3969 *
3970 * Implicit returns:
3971 * *resultfp (modified) Fileproc pointer
3972 * *resultpipe (modified) pipe pointer
3973 *
3974 * Notes: The second EBADF should probably be something else to make
3975 * the error condition distinct.
3976 */
0c530ab8 3977int
2d21ac55 3978fp_getfpipe(proc_t p, int fd, struct fileproc **resultfp,
0a7de745 3979 struct pipe **resultpipe)
0c530ab8
A		 3980{
3981 struct filedesc *fdp = p->p_fd;
3982 struct fileproc *fp;
3983
2d21ac55 3984 proc_fdlock_spin(p);
0c530ab8 3985 if (fd < 0 || fd >= fdp->fd_nfiles ||
0a7de745
A		 3986 (fp = fdp->fd_ofiles[fd]) == NULL ||
3987 (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
0c530ab8 3988 proc_fdunlock(p);
0a7de745 3989 return EBADF;
0c530ab8
A		 3990 }
3991 if (fp->f_type != DTYPE_PIPE) {
3992 proc_fdunlock(p);
0a7de745 3993 return EBADF;
0c530ab8 3994 }
cb323159 3995 os_ref_retain_locked(&fp->f_iocount);
0c530ab8 3996
0a7de745 3997 if (resultfp) {
0c530ab8 3998 *resultfp = fp;
0a7de745
A		 3999 }
4000 if (resultpipe) {
0c530ab8 4001 *resultpipe = (struct pipe *)fp->f_data;
0a7de745 4002 }
0c530ab8
A		 4003 proc_fdunlock(p);
4004
0a7de745 4005 return 0;
0c530ab8
A		 4006}
4007
39037602 4008
2d21ac55
A		 4009/*
4010 * fp_lookup
4011 *
4012 * Description: Get fileproc pointer for a given fd from the per process
4013 * open file table of the specified process and if successful,
4014 * increment the f_iocount
4015 *
4016 * Parameters: p Process in which fd lives
4017 * fd fd to get information for
4018 * resultfp Pointer to result fileproc
4019 * pointer area, or 0 if none
4020 * locked !0 if the caller holds the
4021 * proc_fdlock, 0 otherwise
4022 *
4023 * Returns: 0 Success
4024 * EBADF Bad file descriptor
4025 *
4026 * Implicit returns:
4027 * *resultfp (modified) Fileproc pointer
4028 *
4029 * Locks: If the argument 'locked' is non-zero, then the caller is
4030 * expected to have taken and held the proc_fdlock; if it is
4031 * zero, than this routine internally takes and drops this lock.
4032 */
91447636 4033int
2d21ac55 4034fp_lookup(proc_t p, int fd, struct fileproc **resultfp, int locked)
91447636
A		 4035{
4036 struct filedesc *fdp = p->p_fd;
4037 struct fileproc *fp;
4038
0a7de745 4039 if (!locked) {
2d21ac55 4040 proc_fdlock_spin(p);
0a7de745 4041 }
2d21ac55 4042 if (fd < 0 || fdp == NULL || fd >= fdp->fd_nfiles ||
0a7de745
A		 4043 (fp = fdp->fd_ofiles[fd]) == NULL ||
4044 (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
4045 if (!locked) {
91447636 4046 proc_fdunlock(p);
0a7de745
A		 4047 }
4048 return EBADF;
91447636 4049 }
cb323159 4050 os_ref_retain_locked(&fp->f_iocount);
91447636 4051
0a7de745 4052 if (resultfp) {
91447636 4053 *resultfp = fp;
0a7de745
A		 4054 }
4055 if (!locked) {
91447636 4056 proc_fdunlock(p);
0a7de745 4057 }
39037602 4058
0a7de745 4059 return 0;
91447636
A		 4060}
4061
2d21ac55 4062
39236c6e
A		 4063/*
4064 * fp_tryswap
39037602 4065 *
39236c6e
A		 4066 * Description: Swap the fileproc pointer for a given fd with a new
4067 * fileproc pointer in the per-process open file table of
4068 * the specified process. The fdlock must be held at entry.
cb323159 4069 * Iff the swap is successful, the old fileproc pointer is freed.
39236c6e
A		 4070 *
4071 * Parameters: p Process containing the fd
4072 * fd The fd of interest
4073 * nfp Pointer to the newfp
4074 *
4075 * Returns: 0 Success
4076 * EBADF Bad file descriptor
4077 * EINTR Interrupted
cb323159 4078 * EKEEPLOOKING Other references were active, try again.
39236c6e
A		 4079 */
4080int
4081fp_tryswap(proc_t p, int fd, struct fileproc *nfp)
4082{
4083 struct fileproc *fp;
4084 int error;
4085
4086 proc_fdlock_assert(p, LCK_MTX_ASSERT_OWNED);
4087
0a7de745
A		 4088 if (0 != (error = fp_lookup(p, fd, &fp, 1))) {
4089 return error;
4090 }
39236c6e
A		 4091 /*
4092 * At this point, our caller (change_guardedfd_np) has
4093 * one f_iocount reference, and we just took another
4094 * one to begin the replacement.
cb323159
A		 4095 * fp and nfp have a +1 reference from allocation.
4096 * Thus if no-one else is looking, f_iocount should be 3.
39236c6e 4097 */
cb323159
A		 4098 if (os_ref_get_count(&fp->f_iocount) < 3 ||
4099 1 != os_ref_get_count(&nfp->f_iocount)) {
4100 panic("%s: f_iocount", __func__);
4101 } else if (3 == os_ref_get_count(&fp->f_iocount)) {
39236c6e
A		 4102 /* Copy the contents of *fp, preserving the "type" of *nfp */
4103
4104 nfp->f_flags = (nfp->f_flags & FP_TYPEMASK) |
0a7de745 4105 (fp->f_flags & ~FP_TYPEMASK);
cb323159
A		 4106 os_ref_retain_locked(&nfp->f_iocount);
4107 os_ref_retain_locked(&nfp->f_iocount);
39236c6e 4108 nfp->f_fglob = fp->f_fglob;
3e170ce0 4109 nfp->f_wset = fp->f_wset;
39236c6e
A		 4110
4111 p->p_fd->fd_ofiles[fd] = nfp;
cb323159
A		 4112 fp_drop(p, fd, nfp, 1);
4113
4114 os_ref_release_live(&fp->f_iocount);
4115 os_ref_release_live(&fp->f_iocount);
4116 fileproc_free(fp);
39236c6e
A		 4117 } else {
4118 /*
4119 * Wait for all other active references to evaporate.
4120 */
4121 p->p_fpdrainwait = 1;
4122 error = msleep(&p->p_fpdrainwait, &p->p_fdmlock,
4123 PRIBIO | PCATCH, "tryswap fpdrain", NULL);
4124 if (0 == error) {
4125 /*
4126 * Return an "internal" errno to trigger a full
4127 * reevaluation of the change-guard attempt.
4128 */
4129 error = EKEEPLOOKING;
39236c6e
A		 4130 }
4131 (void) fp_drop(p, fd, fp, 1);
4132 }
0a7de745 4133 return error;
39236c6e
A		 4134}
4135
4136
2d21ac55
A		 4137/*
4138 * fp_drop_written
4139 *
4140 * Description: Set the FP_WRITTEN flag on the fileproc and drop the I/O
4141 * reference previously taken by calling fp_lookup et. al.
4142 *
4143 * Parameters: p Process in which the fd lives
4144 * fd fd associated with the fileproc
4145 * fp fileproc on which to set the
4146 * flag and drop the reference
4147 *
4148 * Returns: 0 Success
4149 * fp_drop:EBADF Bad file descriptor
4150 *
4151 * Locks: This function internally takes and drops the proc_fdlock for
4152 * the supplied process
4153 *
4154 * Notes: The fileproc must correspond to the fd in the supplied proc
4155 */
91447636
A		 4156int
4157fp_drop_written(proc_t p, int fd, struct fileproc *fp)
4158{
0a7de745 4159 int error;
91447636 4160
2d21ac55 4161 proc_fdlock_spin(p);
91447636
A		 4162
4163 fp->f_flags |= FP_WRITTEN;
39037602 4164
91447636
A		 4165 error = fp_drop(p, fd, fp, 1);
4166
4167 proc_fdunlock(p);
39037602 4168
0a7de745 4169 return error;
91447636
A		 4170}
4171
4172
2d21ac55
A		 4173/*
4174 * fp_drop_event
4175 *
4176 * Description: Set the FP_WAITEVENT flag on the fileproc and drop the I/O
4177 * reference previously taken by calling fp_lookup et. al.
4178 *
4179 * Parameters: p Process in which the fd lives
4180 * fd fd associated with the fileproc
4181 * fp fileproc on which to set the
4182 * flag and drop the reference
4183 *
4184 * Returns: 0 Success
4185 * fp_drop:EBADF Bad file descriptor
4186 *
4187 * Locks: This function internally takes and drops the proc_fdlock for
4188 * the supplied process
4189 *
4190 * Notes: The fileproc must correspond to the fd in the supplied proc
4191 */
91447636
A		 4192int
4193fp_drop_event(proc_t p, int fd, struct fileproc *fp)
4194{
0a7de745 4195 int error;
91447636 4196
2d21ac55 4197 proc_fdlock_spin(p);
91447636
A		 4198
4199 fp->f_flags |= FP_WAITEVENT;
39037602 4200
91447636
A		 4201 error = fp_drop(p, fd, fp, 1);
4202
4203 proc_fdunlock(p);
39037602 4204
0a7de745 4205 return error;
91447636
A		 4206}
4207
2d21ac55
A		 4208
4209/*
4210 * fp_drop
4211 *
4212 * Description: Drop the I/O reference previously taken by calling fp_lookup
4213 * et. al.
4214 *
4215 * Parameters: p Process in which the fd lives
4216 * fd fd associated with the fileproc
4217 * fp fileproc on which to set the
4218 * flag and drop the reference
4219 * locked flag to internally take and
4220 * drop proc_fdlock if it is not
4221 * already held by the caller
4222 *
4223 * Returns: 0 Success
4224 * EBADF Bad file descriptor
4225 *
4226 * Locks: This function internally takes and drops the proc_fdlock for
4227 * the supplied process if 'locked' is non-zero, and assumes that
4228 * the caller already holds this lock if 'locked' is non-zero.
4229 *
4230 * Notes: The fileproc must correspond to the fd in the supplied proc
4231 */
1c79356b 4232int
2d21ac55 4233fp_drop(proc_t p, int fd, struct fileproc *fp, int locked)
1c79356b 4234{
91447636 4235 struct filedesc *fdp = p->p_fd;
0a7de745 4236 int needwakeup = 0;
1c79356b 4237
0a7de745 4238 if (!locked) {
2d21ac55 4239 proc_fdlock_spin(p);
0a7de745
A		 4240 }
4241 if ((fp == FILEPROC_NULL) && (fd < 0 || fd >= fdp->fd_nfiles ||
4242 (fp = fdp->fd_ofiles[fd]) == NULL ||
4243 ((fdp->fd_ofileflags[fd] & UF_RESERVED) &&
4244 !(fdp->fd_ofileflags[fd] & UF_CLOSING)))) {
4245 if (!locked) {
91447636 4246 proc_fdunlock(p);
0a7de745
A		 4247 }
4248 return EBADF;
91447636 4249 }
91447636 4250
cb323159 4251 if (1 == os_ref_release_locked(&fp->f_iocount)) {
0a7de745 4252 if (fp->f_flags & FP_SELCONFLICT) {
6d2010ae 4253 fp->f_flags &= ~FP_SELCONFLICT;
0a7de745 4254 }
6d2010ae
A		 4255
4256 if (p->p_fpdrainwait) {
4257 p->p_fpdrainwait = 0;
4258 needwakeup = 1;
4259 }
91447636 4260 }
0a7de745 4261 if (!locked) {
91447636 4262 proc_fdunlock(p);
0a7de745
A		 4263 }
4264 if (needwakeup) {
4265 wakeup(&p->p_fpdrainwait);
4266 }
39037602 4267
0a7de745 4268 return 0;
1c79356b
A		 4269}
4270
2d21ac55
A		 4271
4272/*
4273 * file_vnode
4274 *
4275 * Description: Given an fd, look it up in the current process's per process
4276 * open file table, and return its internal vnode pointer.
4277 *
4278 * Parameters: fd fd to obtain vnode from
4279 * vpp pointer to vnode return area
4280 *
4281 * Returns: 0 Success
4282 * EINVAL The fd does not refer to a
4283 * vnode fileproc entry
4284 * fp_lookup:EBADF Bad file descriptor
4285 *
4286 * Implicit returns:
4287 * *vpp (modified) Returned vnode pointer
4288 *
4289 * Locks: This function internally takes and drops the proc_fdlock for
4290 * the current process
4291 *
4292 * Notes: If successful, this function increments the f_iocount on the
4293 * fd's corresponding fileproc.
4294 *
4295 * The fileproc referenced is not returned; because of this, care
4296 * must be taken to not drop the last reference (e.g. by closing
6d2010ae 4297 * the file). This is inherently unsafe, since the reference may
2d21ac55
A		 4298 * not be recoverable from the vnode, if there is a subsequent
4299 * close that destroys the associate fileproc. The caller should
4300 * therefore retain their own reference on the fileproc so that
4301 * the f_iocount can be dropped subsequently. Failure to do this
4302 * can result in the returned pointer immediately becoming invalid
4303 * following the call.
4304 *
4305 * Use of this function is discouraged.
4306 */
91447636
A		 4307int
4308file_vnode(int fd, struct vnode **vpp)
1c79356b 4309{
2d21ac55 4310 proc_t p = current_proc();
91447636
A		 4311 struct fileproc *fp;
4312 int error;
39037602 4313
2d21ac55 4314 proc_fdlock_spin(p);
0a7de745 4315 if ((error = fp_lookup(p, fd, &fp, 1))) {
91447636 4316 proc_fdunlock(p);
0a7de745 4317 return error;
91447636
A		 4318 }
4319 if (fp->f_type != DTYPE_VNODE) {
0a7de745 4320 fp_drop(p, fd, fp, 1);
91447636 4321 proc_fdunlock(p);
0a7de745 4322 return EINVAL;
91447636 4323 }
0a7de745 4324 if (vpp != NULL) {
b0d623f7 4325 *vpp = (struct vnode *)fp->f_data;
0a7de745 4326 }
b0d623f7
A		 4327 proc_fdunlock(p);
4328
0a7de745 4329 return 0;
b0d623f7
A		 4330}
4331
4332
4333/*
4334 * file_vnode_withvid
4335 *
4336 * Description: Given an fd, look it up in the current process's per process
4337 * open file table, and return its internal vnode pointer.
4338 *
4339 * Parameters: fd fd to obtain vnode from
4340 * vpp pointer to vnode return area
4341 * vidp pointer to vid of the returned vnode
4342 *
4343 * Returns: 0 Success
4344 * EINVAL The fd does not refer to a
4345 * vnode fileproc entry
4346 * fp_lookup:EBADF Bad file descriptor
4347 *
4348 * Implicit returns:
4349 * *vpp (modified) Returned vnode pointer
4350 *
4351 * Locks: This function internally takes and drops the proc_fdlock for
4352 * the current process
4353 *
4354 * Notes: If successful, this function increments the f_iocount on the
4355 * fd's corresponding fileproc.
4356 *
4357 * The fileproc referenced is not returned; because of this, care
4358 * must be taken to not drop the last reference (e.g. by closing
6d2010ae 4359 * the file). This is inherently unsafe, since the reference may
b0d623f7
A		 4360 * not be recoverable from the vnode, if there is a subsequent
4361 * close that destroys the associate fileproc. The caller should
4362 * therefore retain their own reference on the fileproc so that
4363 * the f_iocount can be dropped subsequently. Failure to do this
4364 * can result in the returned pointer immediately becoming invalid
4365 * following the call.
4366 *
4367 * Use of this function is discouraged.
4368 */
4369int
4370file_vnode_withvid(int fd, struct vnode **vpp, uint32_t * vidp)
4371{
4372 proc_t p = current_proc();
4373 struct fileproc *fp;
4374 vnode_t vp;
4375 int error;
39037602 4376
b0d623f7 4377 proc_fdlock_spin(p);
0a7de745 4378 if ((error = fp_lookup(p, fd, &fp, 1))) {
b0d623f7 4379 proc_fdunlock(p);
0a7de745 4380 return error;
b0d623f7
A		 4381 }
4382 if (fp->f_type != DTYPE_VNODE) {
0a7de745 4383 fp_drop(p, fd, fp, 1);
b0d623f7 4384 proc_fdunlock(p);
0a7de745 4385 return EINVAL;
b0d623f7
A		 4386 }
4387 vp = (struct vnode *)fp->f_data;
0a7de745 4388 if (vpp != NULL) {
b0d623f7 4389 *vpp = vp;
0a7de745 4390 }
b0d623f7 4391
0a7de745 4392 if ((vidp != NULL) && (vp != NULLVP)) {
b0d623f7 4393 *vidp = (uint32_t)vp->v_id;
0a7de745 4394 }
b0d623f7 4395
91447636
A		 4396 proc_fdunlock(p);
4397
0a7de745 4398 return 0;
1c79356b
A		 4399}
4400
91447636 4401
2d21ac55
A		 4402/*
4403 * file_socket
4404 *
4405 * Description: Given an fd, look it up in the current process's per process
4406 * open file table, and return its internal socket pointer.
4407 *
4408 * Parameters: fd fd to obtain vnode from
4409 * sp pointer to socket return area
4410 *
4411 * Returns: 0 Success
4412 * ENOTSOCK Not a socket
4413 * fp_lookup:EBADF Bad file descriptor
4414 *
4415 * Implicit returns:
4416 * *sp (modified) Returned socket pointer
4417 *
4418 * Locks: This function internally takes and drops the proc_fdlock for
4419 * the current process
4420 *
4421 * Notes: If successful, this function increments the f_iocount on the
4422 * fd's corresponding fileproc.
4423 *
4424 * The fileproc referenced is not returned; because of this, care
4425 * must be taken to not drop the last reference (e.g. by closing
6d2010ae 4426 * the file). This is inherently unsafe, since the reference may
2d21ac55
A		 4427 * not be recoverable from the socket, if there is a subsequent
4428 * close that destroys the associate fileproc. The caller should
4429 * therefore retain their own reference on the fileproc so that
4430 * the f_iocount can be dropped subsequently. Failure to do this
4431 * can result in the returned pointer immediately becoming invalid
4432 * following the call.
4433 *
4434 * Use of this function is discouraged.
4435 */
1c79356b 4436int
91447636 4437file_socket(int fd, struct socket **sp)
1c79356b 4438{
2d21ac55 4439 proc_t p = current_proc();
91447636
A		 4440 struct fileproc *fp;
4441 int error;
39037602 4442
2d21ac55 4443 proc_fdlock_spin(p);
0a7de745 4444 if ((error = fp_lookup(p, fd, &fp, 1))) {
91447636 4445 proc_fdunlock(p);
0a7de745 4446 return error;
91447636
A		 4447 }
4448 if (fp->f_type != DTYPE_SOCKET) {
0a7de745 4449 fp_drop(p, fd, fp, 1);
91447636 4450 proc_fdunlock(p);
0a7de745 4451 return ENOTSOCK;
91447636
A		 4452 }
4453 *sp = (struct socket *)fp->f_data;
4454 proc_fdunlock(p);
1c79356b 4455
0a7de745 4456 return 0;
91447636
A		 4457}
4458
2d21ac55
A		 4459
4460/*
4461 * file_flags
4462 *
4463 * Description: Given an fd, look it up in the current process's per process
4464 * open file table, and return its fileproc's flags field.
4465 *
4466 * Parameters: fd fd whose flags are to be
4467 * retrieved
4468 * flags pointer to flags data area
4469 *
4470 * Returns: 0 Success
4471 * ENOTSOCK Not a socket
4472 * fp_lookup:EBADF Bad file descriptor
4473 *
4474 * Implicit returns:
4475 * *flags (modified) Returned flags field
4476 *
4477 * Locks: This function internally takes and drops the proc_fdlock for
4478 * the current process
4479 *
4480 * Notes: This function will internally increment and decrement the
4481 * f_iocount of the fileproc as part of its operation.
4482 */
91447636 4483int
2d21ac55 4484file_flags(int fd, int *flags)
91447636 4485{
2d21ac55 4486 proc_t p = current_proc();
91447636
A		 4487 struct fileproc *fp;
4488 int error;
39037602 4489
2d21ac55 4490 proc_fdlock_spin(p);
0a7de745 4491 if ((error = fp_lookup(p, fd, &fp, 1))) {
91447636 4492 proc_fdunlock(p);
0a7de745 4493 return error;
91447636
A		 4494 }
4495 *flags = (int)fp->f_flag;
0a7de745 4496 fp_drop(p, fd, fp, 1);
91447636
A		 4497 proc_fdunlock(p);
4498
0a7de745 4499 return 0;
91447636
A		 4500}
4501
4502
2d21ac55
A		 4503/*
4504 * file_drop
4505 *
4506 * Description: Drop an iocount reference on an fd, and wake up any waiters
4507 * for draining (i.e. blocked in fileproc_drain() called during
4508 * the last attempt to close a file).
4509 *
4510 * Parameters: fd fd on which an ioreference is
4511 * to be dropped
4512 *
4513 * Returns: 0 Success
4514 * EBADF Bad file descriptor
4515 *
4516 * Description: Given an fd, look it up in the current process's per process
4517 * open file table, and drop it's fileproc's f_iocount by one
4518 *
4519 * Notes: This is intended as a corresponding operation to the functions
4520 * file_vnode() and file_socket() operations.
4521 *
4522 * Technically, the close reference is supposed to be protected
4523 * by a fileproc_drain(), however, a drain will only block if
4524 * the fd refers to a character device, and that device has had
4525 * preparefileread() called on it. If it refers to something
4526 * other than a character device, then the drain will occur and
4527 * block each close attempt, rather than merely the last close.
4528 *
4529 * Since it's possible for an fd that refers to a character
4530 * device to have an intermediate close followed by an open to
4531 * cause a different file to correspond to that descriptor,
4532 * unless there was a cautionary reference taken on the fileproc,
4533 * this is an inherently unsafe function. This happens in the
4534 * case where multiple fd's in a process refer to the same
4535 * character device (e.g. stdin/out/err pointing to a tty, etc.).
4536 *
4537 * Use of this function is discouraged.
4538 */
39037602 4539int
91447636
A		 4540file_drop(int fd)
4541{
4542 struct fileproc *fp;
2d21ac55 4543 proc_t p = current_proc();
0a7de745 4544 int needwakeup = 0;
91447636 4545
2d21ac55 4546 proc_fdlock_spin(p);
91447636 4547 if (fd < 0 || fd >= p->p_fd->fd_nfiles ||
0a7de745
A		 4548 (fp = p->p_fd->fd_ofiles[fd]) == NULL ||
4549 ((p->p_fd->fd_ofileflags[fd] & UF_RESERVED) &&
4550 !(p->p_fd->fd_ofileflags[fd] & UF_CLOSING))) {
91447636 4551 proc_fdunlock(p);
0a7de745 4552 return EBADF;
91447636 4553 }
91447636 4554
cb323159 4555 if (1 == os_ref_release_locked(&fp->f_iocount)) {
0a7de745 4556 if (fp->f_flags & FP_SELCONFLICT) {
6d2010ae 4557 fp->f_flags &= ~FP_SELCONFLICT;
0a7de745 4558 }
6d2010ae
A		 4559
4560 if (p->p_fpdrainwait) {
4561 p->p_fpdrainwait = 0;
4562 needwakeup = 1;
4563 }
91447636
A		 4564 }
4565 proc_fdunlock(p);
1c79356b 4566
0a7de745
A		 4567 if (needwakeup) {
4568 wakeup(&p->p_fpdrainwait);
4569 }
4570 return 0;
1c79356b
A		 4571}
4572
2d21ac55 4573
39236c6e
A		 4574static int falloc_withalloc_locked(proc_t, struct fileproc **, int *,
4575 vfs_context_t, struct fileproc * (*)(void *), void *, int);
4576
2d21ac55
A		 4577/*
4578 * falloc
4579 *
4580 * Description: Allocate an entry in the per process open file table and
4581 * return the corresponding fileproc and fd.
4582 *
4583 * Parameters: p The process in whose open file
4584 * table the fd is to be allocated
4585 * resultfp Pointer to fileproc pointer
4586 * return area
4587 * resultfd Pointer to fd return area
4588 * ctx VFS context
4589 *
4590 * Returns: 0 Success
4591 * falloc:ENFILE Too many open files in system
4592 * falloc:EMFILE Too many open files in process
4593 * falloc:ENOMEM M_FILEPROC or M_FILEGLOB zone
4594 * exhausted
4595 *
4596 * Implicit returns:
4597 * *resultfd (modified) Returned fileproc pointer
4598 * *resultfd (modified) Returned fd
4599 *
4600 * Locks: This function takes and drops the proc_fdlock; if this lock
6d2010ae 4601 * is already held, use falloc_locked() instead.
2d21ac55
A		 4602 *
4603 * Notes: This function takes separate process and context arguments
4604 * solely to support kern_exec.c; otherwise, it would take
4605 * neither, and expect falloc_locked() to use the
4606 * vfs_context_current() routine internally.
4607 */
91447636 4608int
2d21ac55 4609falloc(proc_t p, struct fileproc **resultfp, int *resultfd, vfs_context_t ctx)
39236c6e 4610{
0a7de745
A		 4611 return falloc_withalloc(p, resultfp, resultfd, ctx,
4612 fileproc_alloc_init, NULL);
39236c6e
A		 4613}
4614
4615/*
4616 * Like falloc, but including the fileproc allocator and create-args
4617 */
4618int
4619falloc_withalloc(proc_t p, struct fileproc **resultfp, int *resultfd,
4620 vfs_context_t ctx, fp_allocfn_t fp_zalloc, void *arg)
91447636
A		 4621{
4622 int error;
4623
4624 proc_fdlock(p);
39236c6e
A		 4625 error = falloc_withalloc_locked(p,
4626 resultfp, resultfd, ctx, fp_zalloc, arg, 1);
91447636
A		 4627 proc_fdunlock(p);
4628
0a7de745 4629 return error;
91447636 4630}
2d21ac55 4631
39236c6e
A		 4632/*
4633 * "uninitialized" ops -- ensure fg->fg_ops->fo_type always exists
4634 */
4635static const struct fileops uninitops;
2d21ac55 4636
1c79356b 4637/*
2d21ac55
A		 4638 * falloc_locked
4639 *
1c79356b 4640 * Create a new open file structure and allocate
6d2010ae 4641 * a file descriptor for the process that refers to it.
2d21ac55
A		 4642 *
4643 * Returns: 0 Success
4644 *
4645 * Description: Allocate an entry in the per process open file table and
4646 * return the corresponding fileproc and fd.
4647 *
4648 * Parameters: p The process in whose open file
4649 * table the fd is to be allocated
4650 * resultfp Pointer to fileproc pointer
4651 * return area
4652 * resultfd Pointer to fd return area
4653 * ctx VFS context
4654 * locked Flag to indicate whether the
4655 * caller holds proc_fdlock
4656 *
4657 * Returns: 0 Success
4658 * ENFILE Too many open files in system
4659 * fdalloc:EMFILE Too many open files in process
4660 * ENOMEM M_FILEPROC or M_FILEGLOB zone
4661 * exhausted
4662 * fdalloc:ENOMEM
4663 *
4664 * Implicit returns:
4665 * *resultfd (modified) Returned fileproc pointer
4666 * *resultfd (modified) Returned fd
4667 *
4668 * Locks: If the parameter 'locked' is zero, this function takes and
4669 * drops the proc_fdlock; if non-zero, the caller must hold the
4670 * lock.
4671 *
4672 * Notes: If you intend to use a non-zero 'locked' parameter, use the
4673 * utility function falloc() instead.
4674 *
4675 * This function takes separate process and context arguments
4676 * solely to support kern_exec.c; otherwise, it would take
4677 * neither, and use the vfs_context_current() routine internally.
1c79356b
A		 4678 */
4679int
2d21ac55 4680falloc_locked(proc_t p, struct fileproc **resultfp, int *resultfd,
0a7de745 4681 vfs_context_t ctx, int locked)
39236c6e 4682{
0a7de745
A		 4683 return falloc_withalloc_locked(p, resultfp, resultfd, ctx,
4684 fileproc_alloc_init, NULL, locked);
39236c6e
A		 4685}
4686
4687static int
4688falloc_withalloc_locked(proc_t p, struct fileproc **resultfp, int *resultfd,
4689 vfs_context_t ctx, fp_allocfn_t fp_zalloc, void *crarg,
4690 int locked)
1c79356b 4691{
316670eb 4692 struct fileproc *fp;
91447636
A		 4693 struct fileglob *fg;
4694 int error, nfd;
4695
cb323159
A		 4696 if (nfiles >= maxfiles) {
4697 tablefull("file");
4698 return ENFILE;
4699 }
4700
0a7de745 4701 if (!locked) {
91447636 4702 proc_fdlock(p);
0a7de745 4703 }
cb323159 4704
0a7de745
A		 4705 if ((error = fdalloc(p, 0, &nfd))) {
4706 if (!locked) {
91447636 4707 proc_fdunlock(p);
0a7de745
A		 4708 }
4709 return error;
91447636 4710 }
cb323159 4711
2d21ac55
A		 4712#if CONFIG_MACF
4713 error = mac_file_check_create(proc_ucred(p));
4714 if (error) {
0a7de745 4715 if (!locked) {
2d21ac55 4716 proc_fdunlock(p);
0a7de745
A		 4717 }
4718 return error;
2d21ac55
A		 4719 }
4720#endif
4721
1c79356b
A		 4722 /*
4723 * Allocate a new file descriptor.
4724 * If the process has file descriptor zero open, add to the list
4725 * of open files at that point, otherwise put it at the front of
4726 * the list of open files.
4727 */
91447636
A		 4728 proc_fdunlock(p);
4729
39236c6e 4730 fp = (*fp_zalloc)(crarg);
2d21ac55 4731 if (fp == NULL) {
0a7de745 4732 if (locked) {
2d21ac55 4733 proc_fdlock(p);
0a7de745
A		 4734 }
4735 return ENOMEM;
2d21ac55 4736 }
91447636 4737 MALLOC_ZONE(fg, struct fileglob *, sizeof(struct fileglob), M_FILEGLOB, M_WAITOK);
2d21ac55 4738 if (fg == NULL) {
39236c6e 4739 fileproc_free(fp);
0a7de745 4740 if (locked) {
2d21ac55 4741 proc_fdlock(p);
0a7de745
A		 4742 }
4743 return ENOMEM;
2d21ac55 4744 }
91447636
A		 4745 bzero(fg, sizeof(struct fileglob));
4746 lck_mtx_init(&fg->fg_lock, file_lck_grp, file_lck_attr);
4747
cb323159 4748 os_ref_retain_locked(&fp->f_iocount);
91447636 4749 fg->fg_count = 1;
39236c6e 4750 fg->fg_ops = &uninitops;
91447636 4751 fp->f_fglob = fg;
2d21ac55
A		 4752#if CONFIG_MACF
4753 mac_file_label_init(fg);
4754#endif
4755
4756 kauth_cred_ref(ctx->vc_ucred);
91447636
A		 4757
4758 proc_fdlock(p);
4759
2d21ac55 4760 fp->f_cred = ctx->vc_ucred;
91447636 4761
2d21ac55
A		 4762#if CONFIG_MACF
4763 mac_file_label_associate(fp->f_cred, fg);
4764#endif
4765
316670eb 4766 OSAddAtomic(1, &nfiles);
91447636
A		 4767
4768 p->p_fd->fd_ofiles[nfd] = fp;
4769
0a7de745 4770 if (!locked) {
91447636 4771 proc_fdunlock(p);
0a7de745 4772 }
91447636 4773
0a7de745 4774 if (resultfp) {
1c79356b 4775 *resultfp = fp;
0a7de745
A		 4776 }
4777 if (resultfd) {
91447636 4778 *resultfd = nfd;
0a7de745 4779 }
91447636 4780
0a7de745 4781 return 0;
1c79356b
A		 4782}
4783
2d21ac55 4784
1c79356b 4785/*
2d21ac55
A		 4786 * fg_free
4787 *
4788 * Description: Free a file structure; drop the global open file count, and
4789 * drop the credential reference, if the fileglob has one, and
4790 * destroy the instance mutex before freeing
4791 *
4792 * Parameters: fg Pointer to fileglob to be
4793 * freed
4794 *
4795 * Returns: void
1c79356b
A		 4796 */
4797void
2d21ac55 4798fg_free(struct fileglob *fg)
1c79356b 4799{
316670eb 4800 OSAddAtomic(-1, &nfiles);
1c79356b 4801
fe8ab488
A		 4802 if (fg->fg_vn_data) {
4803 fg_vn_data_free(fg->fg_vn_data);
4804 fg->fg_vn_data = NULL;
4805 }
4806
0c530ab8
A		 4807 if (IS_VALID_CRED(fg->fg_cred)) {
4808 kauth_cred_unref(&fg->fg_cred);
1c79356b 4809 }
91447636 4810 lck_mtx_destroy(&fg->fg_lock, file_lck_grp);
fa4905b1 4811
2d21ac55
A		 4812#if CONFIG_MACF
4813 mac_file_label_destroy(fg);
4814#endif
91447636 4815 FREE_ZONE(fg, sizeof *fg, M_FILEGLOB);
1c79356b
A		 4816}
4817
2d21ac55 4818
cb323159
A		 4819/*
4820 * fg_get_vnode
4821 *
4822 * Description: Return vnode associated with the file structure, if
4823 * any. The lifetime of the returned vnode is bound to
4824 * the lifetime of the file structure.
4825 *
4826 * Parameters: fg Pointer to fileglob to
4827 * inspect
4828 *
4829 * Returns: vnode_t
4830 */
4831vnode_t
4832fg_get_vnode(struct fileglob *fg)
4833{
4834 if (FILEGLOB_DTYPE(fg) == DTYPE_VNODE) {
4835 return (vnode_t)fg->fg_data;
4836 } else {
4837 return NULL;
4838 }
4839}
5ba3f43e 4840
2d21ac55
A		 4841/*
4842 * fdexec
4843 *
4844 * Description: Perform close-on-exec processing for all files in a process
4845 * that are either marked as close-on-exec, or which were in the
4846 * process of being opened at the time of the execve
4847 *
6d2010ae
A		 4848 * Also handles the case (via posix_spawn()) where -all-
4849 * files except those marked with "inherit" as treated as
4850 * close-on-exec.
4851 *
2d21ac55
A		 4852 * Parameters: p Pointer to process calling
4853 * execve
4854 *
4855 * Returns: void
4856 *
4857 * Locks: This function internally takes and drops proc_fdlock()
5ba3f43e 4858 * But assumes tables don't grow/change while unlocked.
2d21ac55 4859 *
2d21ac55 4860 */
1c79356b 4861void
5ba3f43e 4862fdexec(proc_t p, short flags, int self_exec)
1c79356b 4863{
91447636 4864 struct filedesc *fdp = p->p_fd;
b0d623f7 4865 int i;
6d2010ae 4866 boolean_t cloexec_default = (flags & POSIX_SPAWN_CLOEXEC_DEFAULT) != 0;
5ba3f43e
A		 4867 thread_t self = current_thread();
4868 struct uthread *ut = get_bsdthread_info(self);
cb323159 4869 struct kqworkq *dealloc_kqwq = NULL;
5ba3f43e
A		 4870
4871 /*
4872 * If the current thread is bound as a workq/workloop
4873 * servicing thread, we need to unbind it first.
4874 */
d9a64523
A		 4875 if (ut->uu_kqr_bound && self_exec) {
4876 kqueue_threadreq_unbind(p, ut->uu_kqr_bound);
5ba3f43e 4877 }
91447636 4878
91447636 4879 proc_fdlock(p);
5ba3f43e
A		 4880
4881 /*
4882 * Deallocate the knotes for this process
4883 * and mark the tables non-existent so
4884 * subsequent kqueue closes go faster.
4885 */
4886 knotes_dealloc(p);
cb323159 4887 assert(fdp->fd_knlistsize == 0);
5ba3f43e
A		 4888 assert(fdp->fd_knhashmask == 0);
4889
6d2010ae 4890 for (i = fdp->fd_lastfile; i >= 0; i--) {
6d2010ae
A		 4891 struct fileproc *fp = fdp->fd_ofiles[i];
4892 char *flagp = &fdp->fd_ofileflags[i];
b0d623f7 4893
316670eb 4894 if (fp && cloexec_default) {
6d2010ae
A		 4895 /*
4896 * Reverse the usual semantics of file descriptor
4897 * inheritance - all of them should be closed
4898 * except files marked explicitly as "inherit" and
4899 * not marked close-on-exec.
4900 */
0a7de745 4901 if ((*flagp & (UF_EXCLOSE | UF_INHERIT)) != UF_INHERIT) {
6d2010ae 4902 *flagp |= UF_EXCLOSE;
0a7de745 4903 }
6d2010ae
A		 4904 *flagp &= ~UF_INHERIT;
4905 }
55e303ae 4906
2d21ac55 4907 if (
0a7de745 4908 ((*flagp & (UF_RESERVED | UF_EXCLOSE)) == UF_EXCLOSE)
2d21ac55 4909#if CONFIG_MACF
0a7de745 4910 || (fp && mac_file_check_inherit(proc_ucred(p), fp->f_fglob))
2d21ac55 4911#endif
0a7de745 4912 ) {
6601e61a 4913 procfdtbl_clearfd(p, i);
0a7de745 4914 if (i == fdp->fd_lastfile && i > 0) {
1c79356b 4915 fdp->fd_lastfile--;
0a7de745
A		 4916 }
4917 if (i < fdp->fd_freefile) {
6601e61a 4918 fdp->fd_freefile = i;
0a7de745 4919 }
6d2010ae
A		 4920
4921 /*
4922 * Wait for any third party viewers (e.g., lsof)
4923 * to release their references to this fileproc.
4924 */
cb323159 4925 while (os_ref_get_count(&fp->f_iocount) > 1) {
6d2010ae
A		 4926 p->p_fpdrainwait = 1;
4927 msleep(&p->p_fpdrainwait, &p->p_fdmlock, PRIBIO,
4928 "fpdrain", NULL);
4929 }
e8c3f781
A		 4930 if (fp->f_flags & FP_WAITEVENT) {
4931 (void)waitevent_close(p, fp);
4932 }
91447636 4933 closef_locked(fp, fp->f_fglob, p);
6d2010ae 4934
39236c6e 4935 fileproc_free(fp);
1c79356b 4936 }
1c79356b 4937 }
5ba3f43e
A		 4938
4939 /* release the per-process workq kq */
4940 if (fdp->fd_wqkqueue) {
cb323159 4941 dealloc_kqwq = fdp->fd_wqkqueue;
5ba3f43e
A		 4942 fdp->fd_wqkqueue = NULL;
4943 }
0a7de745 4944
91447636 4945 proc_fdunlock(p);
5ba3f43e
A		 4946
4947 /* Anything to free? */
cb323159
A		 4948 if (dealloc_kqwq) {
4949 kqworkq_dealloc(dealloc_kqwq);
0a7de745 4950 }
1c79356b
A		 4951}
4952
2d21ac55 4953
1c79356b 4954/*
2d21ac55
A		 4955 * fdcopy
4956 *
4957 * Description: Copy a filedesc structure. This is normally used as part of
4958 * forkproc() when forking a new process, to copy the per process
4959 * open file table over to the new process.
4960 *
4961 * Parameters: p Process whose open file table
4962 * is to be copied (parent)
4963 * uth_cdir Per thread current working
4964 * cirectory, or NULL
4965 *
4966 * Returns: NULL Copy failed
4967 * !NULL Pointer to new struct filedesc
4968 *
4969 * Locks: This function internally takes and drops proc_fdlock()
4970 *
4971 * Notes: Files are copied directly, ignoring the new resource limits
4972 * for the process that's being copied into. Since the descriptor
4973 * references are just additional references, this does not count
4974 * against the number of open files on the system.
4975 *
4976 * The struct filedesc includes the current working directory,
4977 * and the current root directory, if the process is chroot'ed.
4978 *
4979 * If the exec was called by a thread using a per thread current
4980 * working directory, we inherit the working directory from the
4981 * thread making the call, rather than from the process.
4982 *
4983 * In the case of a failure to obtain a reference, for most cases,
6d2010ae 4984 * the file entry will be silently dropped. There's an exception
2d21ac55
A		 4985 * for the case of a chroot dir, since a failure to to obtain a
4986 * reference there would constitute an "escape" from the chroot
4987 * environment, which must not be allowed. In that case, we will
4988 * deny the execve() operation, rather than allowing the escape.
1c79356b
A		 4989 */
4990struct filedesc *
2d21ac55 4991fdcopy(proc_t p, vnode_t uth_cdir)
1c79356b 4992{
91447636
A		 4993 struct filedesc *newfdp, *fdp = p->p_fd;
4994 int i;
4995 struct fileproc *ofp, *fp;
0a7de745 4996 vnode_t v_dir;
1c79356b
A		 4997
4998 MALLOC_ZONE(newfdp, struct filedesc *,
0a7de745
A		 4999 sizeof(*newfdp), M_FILEDESC, M_WAITOK);
5000 if (newfdp == NULL) {
5001 return NULL;
5002 }
91447636
A		 5003
5004 proc_fdlock(p);
5005
5006 /*
5007 * the FD_CHROOT flag will be inherited via this copy
5008 */
6601e61a 5009 (void) memcpy(newfdp, fdp, sizeof(*newfdp));
91447636
A		 5010
5011 /*
2d21ac55
A		 5012 * If we are running with per-thread current working directories,
5013 * inherit the new current working directory from the current thread
5014 * instead, before we take our references.
5015 */
0a7de745 5016 if (uth_cdir != NULLVP) {
2d21ac55 5017 newfdp->fd_cdir = uth_cdir;
0a7de745 5018 }
2d21ac55
A		 5019
5020 /*
5021 * For both fd_cdir and fd_rdir make sure we get
91447636
A		 5022 * a valid reference... if we can't, than set
5023 * set the pointer(s) to NULL in the child... this
5024 * will keep us from using a non-referenced vp
5025 * and allows us to do the vnode_rele only on
5026 * a properly referenced vp
5027 */
0a7de745
A		 5028 if ((v_dir = newfdp->fd_cdir)) {
5029 if (vnode_getwithref(v_dir) == 0) {
5030 if ((vnode_ref(v_dir))) {
5031 newfdp->fd_cdir = NULL;
5032 }
91447636 5033 vnode_put(v_dir);
0a7de745
A		 5034 } else {
5035 newfdp->fd_cdir = NULL;
5036 }
91447636
A		 5037 }
5038 if (newfdp->fd_cdir == NULL && fdp->fd_cdir) {
0a7de745 5039 /*
91447636
A		 5040 * we couldn't get a new reference on
5041 * the current working directory being
5042 * inherited... we might as well drop
5043 * our reference from the parent also
5044 * since the vnode has gone DEAD making
5045 * it useless... by dropping it we'll
6d2010ae 5046 * be that much closer to recycling it
91447636 5047 */
0a7de745 5048 vnode_rele(fdp->fd_cdir);
91447636
A		 5049 fdp->fd_cdir = NULL;
5050 }
5051
0a7de745 5052 if ((v_dir = newfdp->fd_rdir)) {
91447636 5053 if (vnode_getwithref(v_dir) == 0) {
0a7de745
A		 5054 if ((vnode_ref(v_dir))) {
5055 newfdp->fd_rdir = NULL;
5056 }
91447636 5057 vnode_put(v_dir);
2d21ac55 5058 } else {
0a7de745 5059 newfdp->fd_rdir = NULL;
2d21ac55 5060 }
91447636 5061 }
2d21ac55 5062 /* Coming from a chroot environment and unable to get a reference... */
91447636 5063 if (newfdp->fd_rdir == NULL && fdp->fd_rdir) {
0a7de745 5064 /*
2d21ac55
A		 5065 * We couldn't get a new reference on
5066 * the chroot directory being
5067 * inherited... this is fatal, since
5068 * otherwise it would constitute an
5069 * escape from a chroot environment by
5070 * the new process.
91447636 5071 */
0a7de745
A		 5072 if (newfdp->fd_cdir) {
5073 vnode_rele(newfdp->fd_cdir);
5074 }
2d21ac55 5075 FREE_ZONE(newfdp, sizeof *newfdp, M_FILEDESC);
0a7de745 5076 return NULL;
91447636 5077 }
1c79356b
A		 5078
5079 /*
5080 * If the number of open files fits in the internal arrays
5081 * of the open file structure, use them, otherwise allocate
5082 * additional memory for the number of descriptors currently
5083 * in use.
5084 */
0a7de745 5085 if (newfdp->fd_lastfile < NDFILE) {
1c79356b 5086 i = NDFILE;
0a7de745 5087 } else {
1c79356b
A		 5088 /*
5089 * Compute the smallest multiple of NDEXTENT needed
5090 * for the file descriptors currently in use,
5091 * allowing the table to shrink.
5092 */
5093 i = newfdp->fd_nfiles;
0a7de745 5094 while (i > 1 + 2 * NDEXTENT && i > 1 + newfdp->fd_lastfile * 2) {
1c79356b 5095 i /= 2;
0a7de745 5096 }
1c79356b 5097 }
91447636
A		 5098 proc_fdunlock(p);
5099
5100 MALLOC_ZONE(newfdp->fd_ofiles, struct fileproc **,
0a7de745 5101 i * OFILESIZE, M_OFILETABL, M_WAITOK);
91447636 5102 if (newfdp->fd_ofiles == NULL) {
0a7de745
A		 5103 if (newfdp->fd_cdir) {
5104 vnode_rele(newfdp->fd_cdir);
5105 }
5106 if (newfdp->fd_rdir) {
91447636 5107 vnode_rele(newfdp->fd_rdir);
0a7de745 5108 }
91447636 5109
2d21ac55 5110 FREE_ZONE(newfdp, sizeof(*newfdp), M_FILEDESC);
0a7de745 5111 return NULL;
91447636 5112 }
6601e61a 5113 (void) memset(newfdp->fd_ofiles, 0, i * OFILESIZE);
91447636
A		 5114 proc_fdlock(p);
5115
1c79356b
A		 5116 newfdp->fd_ofileflags = (char *) &newfdp->fd_ofiles[i];
5117 newfdp->fd_nfiles = i;
91447636 5118
1c79356b 5119 if (fdp->fd_nfiles > 0) {
91447636
A		 5120 struct fileproc **fpp;
5121 char *flags;
1c79356b
A		 5122
5123 (void) memcpy(newfdp->fd_ofiles, fdp->fd_ofiles,
0a7de745 5124 (newfdp->fd_lastfile + 1) * sizeof(*fdp->fd_ofiles));
1c79356b 5125 (void) memcpy(newfdp->fd_ofileflags, fdp->fd_ofileflags,
0a7de745 5126 (newfdp->fd_lastfile + 1) * sizeof(*fdp->fd_ofileflags));
1c79356b 5127
0a7de745
A		 5128 fpp = &newfdp->fd_ofiles[newfdp->fd_lastfile];
5129 flags = &newfdp->fd_ofileflags[newfdp->fd_lastfile];
5130 for (i = newfdp->fd_lastfile; i >= 0; i--, fpp--, flags--) {
39236c6e 5131 if ((ofp = *fpp) != NULL &&
3e170ce0 5132 0 == (ofp->f_fglob->fg_lflags & FG_CONFINED) &&
0a7de745 5133 0 == (*flags & (UF_FORKCLOSE | UF_RESERVED))) {
39236c6e 5134#if DEBUG
0a7de745 5135 if (FILEPROC_TYPE(ofp) != FTYPE_SIMPLE) {
39236c6e 5136 panic("complex fileproc");
0a7de745 5137 }
39236c6e
A		 5138#endif
5139 fp = fileproc_alloc_init(NULL);
2d21ac55
A		 5140 if (fp == NULL) {
5141 /*
5142 * XXX no room to copy, unable to
5143 * XXX safely unwind state at present
5144 */
5145 *fpp = NULL;
5146 } else {
39236c6e
A		 5147 fp->f_flags |=
5148 (ofp->f_flags & ~FP_TYPEMASK);
2d21ac55
A		 5149 fp->f_fglob = ofp->f_fglob;
5150 (void)fg_ref(fp);
5151 *fpp = fp;
5152 }
1c79356b
A		 5153 } else {
5154 *fpp = NULL;
5155 *flags = 0;
5156 }
0a7de745
A		 5157 if (*fpp == NULL) {
5158 if (i == newfdp->fd_lastfile && i > 0) {
5159 newfdp->fd_lastfile--;
5160 }
5161 if (i < newfdp->fd_freefile) {
5162 newfdp->fd_freefile = i;
5163 }
5164 }
5165 }
6601e61a 5166 }
1c79356b 5167
91447636 5168 proc_fdunlock(p);
5ba3f43e
A		 5169
5170 /*
5171 * Initialize knote and kqueue tracking structs
5172 */
5173 newfdp->fd_knlist = NULL;
cb323159 5174 newfdp->fd_knlistsize = 0;
5ba3f43e
A		 5175 newfdp->fd_knhash = NULL;
5176 newfdp->fd_knhashmask = 0;
5177 newfdp->fd_kqhash = NULL;
5178 newfdp->fd_kqhashmask = 0;
5179 newfdp->fd_wqkqueue = NULL;
5180 lck_mtx_init(&newfdp->fd_kqhashlock, proc_kqhashlock_grp, proc_lck_attr);
5181 lck_mtx_init(&newfdp->fd_knhashlock, proc_knhashlock_grp, proc_lck_attr);
5182
0a7de745 5183 return newfdp;
1c79356b
A		 5184}
5185
2d21ac55 5186
1c79356b 5187/*
2d21ac55
A		 5188 * fdfree
5189 *
5190 * Description: Release a filedesc (per process open file table) structure;
5191 * this is done on process exit(), or from forkproc_free() if
5192 * the fork fails for some reason subsequent to a successful
5193 * call to fdcopy()
5194 *
5195 * Parameters: p Pointer to process going away
5196 *
5197 * Returns: void
5198 *
5199 * Locks: This function internally takes and drops proc_fdlock()
1c79356b
A		 5200 */
5201void
2d21ac55 5202fdfree(proc_t p)
1c79356b 5203{
fa4905b1 5204 struct filedesc *fdp;
91447636 5205 struct fileproc *fp;
cb323159 5206 struct kqworkq *dealloc_kqwq = NULL;
fa4905b1 5207 int i;
91447636
A		 5208
5209 proc_fdlock(p);
1c79356b 5210
39236c6e 5211 if (p == kernproc || NULL == (fdp = p->p_fd)) {
0a7de745 5212 proc_fdunlock(p);
1c79356b 5213 return;
91447636 5214 }
55e303ae 5215
39236c6e
A		 5216 extern struct filedesc filedesc0;
5217
0a7de745 5218 if (&filedesc0 == fdp) {
39236c6e 5219 panic("filedesc0");
0a7de745 5220 }
91447636 5221
0a7de745 5222 /*
5ba3f43e
A		 5223 * deallocate all the knotes up front and claim empty
5224 * tables to make any subsequent kqueue closes faster.
5225 */
5226 knotes_dealloc(p);
cb323159 5227 assert(fdp->fd_knlistsize == 0);
5ba3f43e
A		 5228 assert(fdp->fd_knhashmask == 0);
5229
d9a64523
A		 5230 /*
5231 * dealloc all workloops that have outstanding retains
5232 * when created with scheduling parameters.
5233 */
5234 kqworkloops_dealloc(p);
5235
5ba3f43e 5236 /* close file descriptors */
91447636 5237 if (fdp->fd_nfiles > 0 && fdp->fd_ofiles) {
39037602 5238 for (i = fdp->fd_lastfile; i >= 0; i--) {
55e303ae 5239 if ((fp = fdp->fd_ofiles[i]) != NULL) {
0a7de745
A		 5240 if (fdp->fd_ofileflags[i] & UF_RESERVED) {
5241 panic("fdfree: found fp with UF_RESERVED");
5242 }
91447636 5243
cb323159 5244 fileproc_drain(p, fp);
6601e61a 5245 procfdtbl_reservefd(p, i);
91447636 5246
0a7de745 5247 if (fp->f_flags & FP_WAITEVENT) {
91447636 5248 (void)waitevent_close(p, fp);
0a7de745 5249 }
91447636 5250 (void) closef_locked(fp, fp->f_fglob, p);
39236c6e 5251 fileproc_free(fp);
55e303ae 5252 }
91447636
A		 5253 }
5254 FREE_ZONE(fdp->fd_ofiles, fdp->fd_nfiles * OFILESIZE, M_OFILETABL);
5255 fdp->fd_ofiles = NULL;
5256 fdp->fd_nfiles = 0;
39037602 5257 }
55e303ae 5258
5ba3f43e 5259 if (fdp->fd_wqkqueue) {
cb323159 5260 dealloc_kqwq = fdp->fd_wqkqueue;
5ba3f43e
A		 5261 fdp->fd_wqkqueue = NULL;
5262 }
5263
91447636 5264 proc_fdunlock(p);
39037602 5265
cb323159
A		 5266 if (dealloc_kqwq) {
5267 kqworkq_dealloc(dealloc_kqwq);
0a7de745 5268 }
0a7de745 5269 if (fdp->fd_cdir) {
5ba3f43e 5270 vnode_rele(fdp->fd_cdir);
0a7de745
A		 5271 }
5272 if (fdp->fd_rdir) {
91447636 5273 vnode_rele(fdp->fd_rdir);
0a7de745 5274 }
55e303ae 5275
2d21ac55 5276 proc_fdlock_spin(p);
91447636
A		 5277 p->p_fd = NULL;
5278 proc_fdunlock(p);
55e303ae 5279
5ba3f43e 5280 if (fdp->fd_kqhash) {
0a7de745 5281 for (uint32_t j = 0; j <= fdp->fd_kqhashmask; j++) {
cb323159 5282 assert(LIST_EMPTY(&fdp->fd_kqhash[j]));
0a7de745 5283 }
5ba3f43e
A		 5284 FREE(fdp->fd_kqhash, M_KQUEUE);
5285 }
5286
5287 lck_mtx_destroy(&fdp->fd_kqhashlock, proc_kqhashlock_grp);
5288 lck_mtx_destroy(&fdp->fd_knhashlock, proc_knhashlock_grp);
55e303ae 5289
2d21ac55 5290 FREE_ZONE(fdp, sizeof(*fdp), M_FILEDESC);
1c79356b
A		 5291}
5292
5293/*
2d21ac55
A		 5294 * closef_locked
5295 *
5296 * Description: Internal form of closef; called with proc_fdlock held
5297 *
5298 * Parameters: fp Pointer to fileproc for fd
5299 * fg Pointer to fileglob for fd
5300 * p Pointer to proc structure
5301 *
5302 * Returns: 0 Success
0a7de745 5303 * closef_finish:??? Anything returnable by a per-fileops
2d21ac55
A		 5304 * close function
5305 *
5306 * Note: Decrements reference count on file structure; if this was the
5307 * last reference, then closef_finish() is called
5308 *
5309 * p and fp are allowed to be NULL when closing a file that was
5310 * being passed in a message (but only if we are called when this
5311 * is NOT the last reference).
1c79356b
A		 5312 */
5313int
2d21ac55 5314closef_locked(struct fileproc *fp, struct fileglob *fg, proc_t p)
1c79356b
A		 5315{
5316 struct vnode *vp;
5317 struct flock lf;
91447636 5318 struct vfs_context context;
1c79356b
A		 5319 int error;
5320
91447636 5321 if (fg == NULL) {
0a7de745 5322 return 0;
91447636 5323 }
2d21ac55
A		 5324
5325 /* Set up context with cred stashed in fg */
0a7de745 5326 if (p == current_proc()) {
2d21ac55 5327 context.vc_thread = current_thread();
0a7de745 5328 } else {
2d21ac55 5329 context.vc_thread = NULL;
0a7de745 5330 }
2d21ac55
A		 5331 context.vc_ucred = fg->fg_cred;
5332
1c79356b
A		 5333 /*
5334 * POSIX record locking dictates that any close releases ALL
5335 * locks owned by this process. This is handled by setting
5336 * a flag in the unlock to free ONLY locks obeying POSIX
5337 * semantics, and not to free BSD-style file locks.
5338 * If the descriptor was in a message, POSIX-style locks
5339 * aren't passed with the descriptor.
5340 */
39236c6e
A		 5341 if (p && (p->p_ladvflag & P_LADVLOCK) &&
5342 DTYPE_VNODE == FILEGLOB_DTYPE(fg)) {
91447636
A		 5343 proc_fdunlock(p);
5344
1c79356b
A		 5345 lf.l_whence = SEEK_SET;
5346 lf.l_start = 0;
5347 lf.l_len = 0;
5348 lf.l_type = F_UNLCK;
91447636
A		 5349 vp = (struct vnode *)fg->fg_data;
5350
0a7de745 5351 if ((error = vnode_getwithref(vp)) == 0) {
39236c6e 5352 (void) VNOP_ADVLOCK(vp, (caddr_t)p, F_UNLCK, &lf, F_POSIX, &context, NULL);
91447636
A		 5353 (void)vnode_put(vp);
5354 }
5355 proc_fdlock(p);
1c79356b 5356 }
2d21ac55 5357 lck_mtx_lock_spin(&fg->fg_lock);
91447636
A		 5358 fg->fg_count--;
5359
5360 if (fg->fg_count > 0) {
5361 lck_mtx_unlock(&fg->fg_lock);
0a7de745 5362 return 0;
91447636 5363 }
2d21ac55 5364#if DIAGNOSTIC
0a7de745 5365 if (fg->fg_count != 0) {
2d21ac55 5366 panic("fg %p: being freed with bad fg_count (%d)", fg, fg->fg_count);
0a7de745 5367 }
2d21ac55 5368#endif
91447636 5369
0a7de745
A		 5370 if (fp && (fp->f_flags & FP_WRITTEN)) {
5371 fg->fg_flag |= FWASWRITTEN;
5372 }
91447636
A		 5373
5374 fg->fg_lflags |= FG_TERM;
5375 lck_mtx_unlock(&fg->fg_lock);
5376
0a7de745 5377 if (p) {
e2fac8b1 5378 proc_fdunlock(p);
0a7de745 5379 }
39236c6e 5380
39037602 5381 /* Since we ensure that fg->fg_ops is always initialized,
39236c6e
A		 5382 * it is safe to invoke fo_close on the fg */
5383 error = fo_close(fg, &context);
5384
5385 fg_free(fg);
39037602 5386
0a7de745 5387 if (p) {
e2fac8b1 5388 proc_fdlock(p);
0a7de745 5389 }
91447636 5390
0a7de745 5391 return error;
91447636
A		 5392}
5393
5394
2d21ac55
A		 5395/*
5396 * fileproc_drain
5397 *
5398 * Description: Drain out pending I/O operations
5399 *
5400 * Parameters: p Process closing this file
5401 * fp fileproc struct for the open
5402 * instance on the file
5403 *
5404 * Returns: void
5405 *
5406 * Locks: Assumes the caller holds the proc_fdlock
5407 *
5408 * Notes: For character devices, this occurs on the last close of the
6d2010ae 5409 * device; for all other file descriptors, this occurs on each
2d21ac55
A		 5410 * close to prevent fd's from being closed out from under
5411 * operations currently in progress and blocked
5412 *
0a7de745 5413 * See Also: file_vnode(), file_socket(), file_drop(), and the cautions
2d21ac55
A		 5414 * regarding their use and interaction with this function.
5415 */
91447636 5416void
2d21ac55 5417fileproc_drain(proc_t p, struct fileproc * fp)
91447636 5418{
2d21ac55
A		 5419 struct vfs_context context;
5420
0a7de745 5421 context.vc_thread = proc_thread(p); /* XXX */
2d21ac55
A		 5422 context.vc_ucred = fp->f_fglob->fg_cred;
5423
cb323159
A		 5424 /* Set the vflag for drain */
5425 fileproc_modify_vflags(fp, FPV_DRAIN, FALSE);
91447636 5426
cb323159 5427 while (os_ref_get_count(&fp->f_iocount) > 1) {
0a7de745 5428 lck_mtx_convert_spin(&p->p_fdmlock);
2d21ac55 5429
cb323159 5430 fo_drain(fp, &context);
6d2010ae 5431 if ((fp->f_flags & FP_INSELECT) == FP_INSELECT) {
3e170ce0 5432 if (waitq_wakeup64_all((struct waitq *)fp->f_wset, NO_EVENT64,
0a7de745 5433 THREAD_INTERRUPTED, WAITQ_ALL_PRIORITIES) == KERN_INVALID_ARGUMENT) {
3e170ce0 5434 panic("bad wait queue for waitq_wakeup64_all %p (fp:%p)", fp->f_wset, fp);
0a7de745 5435 }
3e170ce0 5436 }
6d2010ae 5437 if ((fp->f_flags & FP_SELCONFLICT) == FP_SELCONFLICT) {
3e170ce0 5438 if (waitq_wakeup64_all(&select_conflict_queue, NO_EVENT64,
0a7de745 5439 THREAD_INTERRUPTED, WAITQ_ALL_PRIORITIES) == KERN_INVALID_ARGUMENT) {
6d2010ae 5440 panic("bad select_conflict_queue");
0a7de745 5441 }
6d2010ae 5442 }
91447636
A		 5443 p->p_fpdrainwait = 1;
5444
2d21ac55 5445 msleep(&p->p_fpdrainwait, &p->p_fdmlock, PRIBIO, "fpdrain", NULL);
91447636 5446 }
6d2010ae 5447#if DIAGNOSTIC
0a7de745 5448 if ((fp->f_flags & FP_INSELECT) != 0) {
6d2010ae 5449 panic("FP_INSELECT set on drained fp");
0a7de745 5450 }
6d2010ae 5451#endif
0a7de745 5452 if ((fp->f_flags & FP_SELCONFLICT) == FP_SELCONFLICT) {
6d2010ae 5453 fp->f_flags &= ~FP_SELCONFLICT;
0a7de745 5454 }
91447636
A		 5455}
5456
2d21ac55
A		 5457
5458/*
5459 * fp_free
5460 *
5461 * Description: Release the fd and free the fileproc associated with the fd
5462 * in the per process open file table of the specified process;
5463 * these values must correspond.
5464 *
5465 * Parameters: p Process containing fd
5466 * fd fd to be released
5467 * fp fileproc to be freed
2d21ac55 5468 */
cb323159 5469void
2d21ac55 5470fp_free(proc_t p, int fd, struct fileproc * fp)
91447636 5471{
0a7de745 5472 proc_fdlock_spin(p);
91447636 5473 fdrelse(p, fd);
0a7de745 5474 proc_fdunlock(p);
91447636
A		 5475
5476 fg_free(fp->f_fglob);
cb323159 5477 os_ref_release_live(&fp->f_iocount);
39236c6e 5478 fileproc_free(fp);
1c79356b
A		 5479}
5480
91447636 5481
1c79356b 5482/*
2d21ac55
A		 5483 * flock
5484 *
5485 * Description: Apply an advisory lock on a file descriptor.
5486 *
5487 * Parameters: p Process making request
5488 * uap->fd fd on which the lock is to be
5489 * attempted
5490 * uap->how (Un)Lock bits, including type
5491 * retval Pointer to the call return area
39037602 5492 *
2d21ac55
A		 5493 * Returns: 0 Success
5494 * fp_getfvp:EBADF Bad file descriptor
5495 * fp_getfvp:ENOTSUP fd does not refer to a vnode
5496 * vnode_getwithref:???
5497 * VNOP_ADVLOCK:???
1c79356b 5498 *
2d21ac55
A		 5499 * Implicit returns:
5500 * *retval (modified) Size of dtable
5501 *
5502 * Notes: Just attempt to get a record lock of the requested type on
5503 * the entire file (l_whence = SEEK_SET, l_start = 0, l_len = 0).
1c79356b 5504 */
1c79356b 5505int
b0d623f7 5506flock(proc_t p, struct flock_args *uap, __unused int32_t *retval)
1c79356b
A		 5507{
5508 int fd = uap->fd;
5509 int how = uap->how;
91447636 5510 struct fileproc *fp;
1c79356b
A		 5511 struct vnode *vp;
5512 struct flock lf;
2d21ac55 5513 vfs_context_t ctx = vfs_context_current();
0a7de745 5514 int error = 0;
1c79356b 5515
55e303ae 5516 AUDIT_ARG(fd, uap->fd);
0a7de745
A		 5517 if ((error = fp_getfvp(p, fd, &fp, &vp))) {
5518 return error;
91447636 5519 }
0a7de745 5520 if ((error = vnode_getwithref(vp))) {
91447636
A		 5521 goto out1;
5522 }
55e303ae 5523 AUDIT_ARG(vnpath, vp, ARG_VNODE1);
91447636 5524
1c79356b
A		 5525 lf.l_whence = SEEK_SET;
5526 lf.l_start = 0;
5527 lf.l_len = 0;
5528 if (how & LOCK_UN) {
5529 lf.l_type = F_UNLCK;
5530 fp->f_flag &= ~FHASLOCK;
39236c6e 5531 error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob, F_UNLCK, &lf, F_FLOCK, ctx, NULL);
91447636 5532 goto out;
1c79356b 5533 }
0a7de745 5534 if (how & LOCK_EX) {
1c79356b 5535 lf.l_type = F_WRLCK;
0a7de745 5536 } else if (how & LOCK_SH) {
1c79356b 5537 lf.l_type = F_RDLCK;
0a7de745
A		 5538 } else {
5539 error = EBADF;
91447636
A		 5540 goto out;
5541 }
2d21ac55
A		 5542#if CONFIG_MACF
5543 error = mac_file_check_lock(proc_ucred(p), fp->f_fglob, F_SETLK, &lf);
0a7de745 5544 if (error) {
2d21ac55 5545 goto out;
0a7de745 5546 }
2d21ac55 5547#endif
39037602
A		 5548 error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob, F_SETLK, &lf,
5549 (how & LOCK_NB ? F_FLOCK : F_FLOCK | F_WAIT),
5550 ctx, NULL);
0a7de745 5551 if (!error) {
39037602 5552 fp->f_flag |= FHASLOCK;
0a7de745 5553 }
91447636
A		 5554out:
5555 (void)vnode_put(vp);
5556out1:
5557 fp_drop(p, fd, fp, 0);
0a7de745 5558 return error;
1c79356b
A		 5559}
5560
d1ecb069
A		 5561/*
5562 * fileport_makeport
5563 *
5564 * Description: Obtain a Mach send right for a given file descriptor.
5565 *
5566 * Parameters: p Process calling fileport
0a7de745
A		 5567 * uap->fd The fd to reference
5568 * uap->portnamep User address at which to place port name.
d1ecb069
A		 5569 *
5570 * Returns: 0 Success.
0a7de745
A		 5571 * EBADF Bad file descriptor.
5572 * EINVAL File descriptor had type that cannot be sent, misc. other errors.
5573 * EFAULT Address at which to store port name is not valid.
5574 * EAGAIN Resource shortage.
d1ecb069
A		 5575 *
5576 * Implicit returns:
39037602 5577 * On success, name of send right is stored at user-specified address.
d1ecb069
A		 5578 */
5579int
5580fileport_makeport(proc_t p, struct fileport_makeport_args *uap,
5581 __unused int *retval)
5582{
5583 int err;
5584 int fd = uap->fd;
5585 user_addr_t user_portaddr = uap->portnamep;
5586 struct fileproc *fp = FILEPROC_NULL;
5587 struct fileglob *fg = NULL;
5588 ipc_port_t fileport;
5589 mach_port_name_t name = MACH_PORT_NULL;
5590
3e170ce0
A		 5591 proc_fdlock(p);
5592 err = fp_lookup(p, fd, &fp, 1);
d1ecb069 5593 if (err != 0) {
3e170ce0 5594 goto out_unlock;
d1ecb069
A		 5595 }
5596
3e170ce0 5597 if (!file_issendable(p, fp)) {
d1ecb069 5598 err = EINVAL;
3e170ce0 5599 goto out_unlock;
d1ecb069
A		 5600 }
5601
39236c6e 5602 if (FP_ISGUARDED(fp, GUARD_FILEPORT)) {
39236c6e 5603 err = fp_guard_exception(p, fd, fp, kGUARD_EXC_FILEPORT);
3e170ce0 5604 goto out_unlock;
39236c6e
A		 5605 }
5606
d1ecb069
A		 5607 /* Dropped when port is deallocated */
5608 fg = fp->f_fglob;
5609 fg_ref(fp);
5610
3e170ce0
A		 5611 proc_fdunlock(p);
5612
d1ecb069
A		 5613 /* Allocate and initialize a port */
5614 fileport = fileport_alloc(fg);
5615 if (fileport == IPC_PORT_NULL) {
5616 err = EAGAIN;
5617 fg_drop(fp);
5618 goto out;
5619 }
39037602 5620
d1ecb069
A		 5621 /* Add an entry. Deallocates port on failure. */
5622 name = ipc_port_copyout_send(fileport, get_task_ipcspace(p->task));
5623 if (!MACH_PORT_VALID(name)) {
5624 err = EINVAL;
5625 goto out;
39037602
A		 5626 }
5627
d1ecb069
A		 5628 err = copyout(&name, user_portaddr, sizeof(mach_port_name_t));
5629 if (err != 0) {
5630 goto out;
5631 }
5632
5633 /* Tag the fileglob for debugging purposes */
5634 lck_mtx_lock_spin(&fg->fg_lock);
5635 fg->fg_lflags |= FG_PORTMADE;
5636 lck_mtx_unlock(&fg->fg_lock);
5637
5638 fp_drop(p, fd, fp, 0);
5639
5640 return 0;
5641
3e170ce0
A		 5642out_unlock:
5643 proc_fdunlock(p);
d1ecb069
A		 5644out:
5645 if (MACH_PORT_VALID(name)) {
5646 /* Don't care if another thread races us to deallocate the entry */
5647 (void) mach_port_deallocate(get_task_ipcspace(p->task), name);
5648 }
5649
5650 if (fp != FILEPROC_NULL) {
5651 fp_drop(p, fd, fp, 0);
5652 }
5653
5654 return err;
5655}
5656
5657void
5658fileport_releasefg(struct fileglob *fg)
5659{
5660 (void)closef_locked(NULL, fg, PROC_NULL);
5661
5662 return;
5663}
5664
d1ecb069 5665/*
cb323159 5666 * fileport_makefd_internal
d1ecb069
A		 5667 *
5668 * Description: Obtain the file descriptor for a given Mach send right.
5669 *
d1ecb069
A		 5670 * Returns: 0 Success
5671 * EINVAL Invalid Mach port name, or port is not for a file.
5672 * fdalloc:EMFILE
5673 * fdalloc:ENOMEM Unable to allocate fileproc or extend file table.
5674 *
5675 * Implicit returns:
5676 * *retval (modified) The new descriptor
5677 */
5678int
cb323159 5679fileport_makefd_internal(proc_t p, ipc_port_t port, int uf_flags, int *retval)
d1ecb069
A		 5680{
5681 struct fileglob *fg;
0a7de745 5682 struct fileproc *fp = FILEPROC_NULL;
d1ecb069
A		 5683 int fd;
5684 int err;
5685
d1ecb069
A		 5686 fg = fileport_port_to_fileglob(port);
5687 if (fg == NULL) {
5688 err = EINVAL;
5689 goto out;
5690 }
6d2010ae 5691
39236c6e 5692 fp = fileproc_alloc_init(NULL);
d1ecb069
A		 5693 if (fp == FILEPROC_NULL) {
5694 err = ENOMEM;
5695 goto out;
5696 }
5697
d1ecb069
A		 5698 fp->f_fglob = fg;
5699 fg_ref(fp);
5700
0a7de745 5701 proc_fdlock(p);
d1ecb069
A		 5702 err = fdalloc(p, 0, &fd);
5703 if (err != 0) {
5704 proc_fdunlock(p);
5ba3f43e 5705 fg_drop(fp);
d1ecb069
A		 5706 goto out;
5707 }
cb323159
A		 5708 if (uf_flags) {
5709 *fdflags(p, fd) |= uf_flags;
5710 }
d1ecb069
A		 5711
5712 procfdtbl_releasefd(p, fd, fp);
5713 proc_fdunlock(p);
5714
5715 *retval = fd;
5716 err = 0;
5717out:
5718 if ((fp != NULL) && (0 != err)) {
39236c6e 5719 fileproc_free(fp);
39037602 5720 }
d1ecb069 5721
cb323159
A		 5722 return err;
5723}
5724
5725/*
5726 * fileport_makefd
5727 *
5728 * Description: Obtain the file descriptor for a given Mach send right.
5729 *
5730 * Parameters: p Process calling fileport
5731 * uap->port Name of send right to file port.
5732 *
5733 * Returns: 0 Success
5734 * EINVAL Invalid Mach port name, or port is not for a file.
5735 * fdalloc:EMFILE
5736 * fdalloc:ENOMEM Unable to allocate fileproc or extend file table.
5737 *
5738 * Implicit returns:
5739 * *retval (modified) The new descriptor
5740 */
5741int
5742fileport_makefd(proc_t p, struct fileport_makefd_args *uap, int32_t *retval)
5743{
5744 ipc_port_t port = IPC_PORT_NULL;
5745 mach_port_name_t send = uap->port;
5746 kern_return_t res;
5747 int err;
5748
5749 res = ipc_object_copyin(get_task_ipcspace(p->task),
5750 send, MACH_MSG_TYPE_COPY_SEND, &port, 0, NULL, IPC_KMSG_FLAGS_ALLOW_IMMOVABLE_SEND);
5751
5752 if (res == KERN_SUCCESS) {
5753 err = fileport_makefd_internal(p, port, UF_EXCLOSE, retval);
5754 } else {
5755 err = EINVAL;
5756 }
5757
d1ecb069
A		 5758 if (IPC_PORT_NULL != port) {
5759 ipc_port_release_send(port);
5760 }
5761
5762 return err;
5763}
d1ecb069
A		 5764
5765
1c79356b 5766/*
2d21ac55 5767 * dupfdopen
1c79356b 5768 *
2d21ac55
A		 5769 * Description: Duplicate the specified descriptor to a free descriptor;
5770 * this is the second half of fdopen(), above.
5771 *
5772 * Parameters: fdp filedesc pointer to fill in
5773 * indx fd to dup to
5774 * dfd fd to dup from
5775 * mode mode to set on new fd
5776 * error command code
5777 *
5778 * Returns: 0 Success
5779 * EBADF Source fd is bad
5780 * EACCES Requested mode not allowed
5781 * !0 'error', if not ENODEV or
5782 * ENXIO
5783 *
5784 * Notes: XXX This is not thread safe; see fdopen() above
1c79356b
A		 5785 */
5786int
6d2010ae 5787dupfdopen(struct filedesc *fdp, int indx, int dfd, int flags, int error)
1c79356b 5788{
91447636
A		 5789 struct fileproc *wfp;
5790 struct fileproc *fp;
2d21ac55
A		 5791#if CONFIG_MACF
5792 int myerror;
5793#endif
5794 proc_t p = current_proc();
1c79356b
A		 5795
5796 /*
5797 * If the to-be-dup'd fd number is greater than the allowed number
5798 * of file descriptors, or the fd to be dup'd has already been
5799 * closed, reject. Note, check for new == old is necessary as
5800 * falloc could allocate an already closed to-be-dup'd descriptor
5801 * as the new descriptor.
5802 */
91447636
A		 5803 proc_fdlock(p);
5804
1c79356b 5805 fp = fdp->fd_ofiles[indx];
91447636 5806 if (dfd < 0 || dfd >= fdp->fd_nfiles ||
0a7de745
A		 5807 (wfp = fdp->fd_ofiles[dfd]) == NULL || wfp == fp ||
5808 (fdp->fd_ofileflags[dfd] & UF_RESERVED)) {
5809 proc_fdunlock(p);
5810 return EBADF;
91447636 5811 }
2d21ac55
A		 5812#if CONFIG_MACF
5813 myerror = mac_file_check_dup(proc_ucred(p), wfp->f_fglob, dfd);
5814 if (myerror) {
5815 proc_fdunlock(p);
0a7de745 5816 return myerror;
2d21ac55
A		 5817 }
5818#endif
1c79356b
A		 5819 /*
5820 * There are two cases of interest here.
5821 *
5822 * For ENODEV simply dup (dfd) to file descriptor
5823 * (indx) and return.
5824 *
5825 * For ENXIO steal away the file structure from (dfd) and
5826 * store it in (indx). (dfd) is effectively closed by
5827 * this operation.
5828 *
5829 * Any other error code is just returned.
5830 */
5831 switch (error) {
5832 case ENODEV:
39236c6e 5833 if (FP_ISGUARDED(wfp, GUARD_DUP)) {
39236c6e 5834 proc_fdunlock(p);
0a7de745 5835 return EPERM;
39236c6e
A		 5836 }
5837
1c79356b
A		 5838 /*
5839 * Check that the mode the file is being opened for is a
5840 * subset of the mode of the existing descriptor.
5841 */
0a7de745
A		 5842 if (((flags & (FREAD | FWRITE)) | wfp->f_flag) != wfp->f_flag) {
5843 proc_fdunlock(p);
5844 return EACCES;
91447636 5845 }
0a7de745 5846 if (indx > fdp->fd_lastfile) {
91447636 5847 fdp->fd_lastfile = indx;
0a7de745 5848 }
91447636
A		 5849 (void)fg_ref(wfp);
5850
0a7de745
A		 5851 if (fp->f_fglob) {
5852 fg_free(fp->f_fglob);
5853 }
91447636
A		 5854 fp->f_fglob = wfp->f_fglob;
5855
6d2010ae 5856 fdp->fd_ofileflags[indx] = fdp->fd_ofileflags[dfd] |
0a7de745 5857 (flags & O_CLOEXEC) ? UF_EXCLOSE : 0;
91447636 5858
0a7de745
A		 5859 proc_fdunlock(p);
5860 return 0;
1c79356b 5861
1c79356b 5862 default:
0a7de745
A		 5863 proc_fdunlock(p);
5864 return error;
1c79356b
A		 5865 }
5866 /* NOTREACHED */
5867}
5868
2d21ac55
A		 5869
5870/*
5871 * fg_ref
5872 *
5873 * Description: Add a reference to a fileglob by fileproc
5874 *
5875 * Parameters: fp fileproc containing fileglob
5876 * pointer
5877 *
5878 * Returns: void
5879 *
5880 * Notes: XXX Should use OSAddAtomic?
5881 */
91447636
A		 5882void
5883fg_ref(struct fileproc * fp)
1c79356b 5884{
91447636
A		 5885 struct fileglob *fg;
5886
5887 fg = fp->f_fglob;
5888
2d21ac55
A		 5889 lck_mtx_lock_spin(&fg->fg_lock);
5890
5891#if DIAGNOSTIC
0a7de745 5892 if ((fp->f_flags & ~((unsigned int)FP_VALID_FLAGS)) != 0) {
6d2010ae 5893 panic("fg_ref: invalid bits on fp %p", fp);
0a7de745 5894 }
2d21ac55 5895
0a7de745 5896 if (fg->fg_count == 0) {
6d2010ae
A		 5897 panic("fg_ref: adding fgcount to zeroed fg: fp %p fg %p",
5898 fp, fg);
0a7de745 5899 }
2d21ac55 5900#endif
91447636
A		 5901 fg->fg_count++;
5902 lck_mtx_unlock(&fg->fg_lock);
1c79356b
A		 5903}
5904
2d21ac55
A		 5905
5906/*
5907 * fg_drop
5908 *
5909 * Description: Remove a reference to a fileglob by fileproc
5910 *
5911 * Parameters: fp fileproc containing fileglob
5912 * pointer
5913 *
5914 * Returns: void
5915 *
5916 * Notes: XXX Should use OSAddAtomic?
5917 */
91447636
A		 5918void
5919fg_drop(struct fileproc * fp)
1c79356b 5920{
91447636
A		 5921 struct fileglob *fg;
5922
5923 fg = fp->f_fglob;
2d21ac55 5924 lck_mtx_lock_spin(&fg->fg_lock);
91447636
A		 5925 fg->fg_count--;
5926 lck_mtx_unlock(&fg->fg_lock);
1c79356b
A		 5927}
5928
39236c6e 5929#if SOCKETS
2d21ac55 5930/*
3e170ce0 5931 * fg_insertuipc_mark
2d21ac55 5932 *
3e170ce0
A		 5933 * Description: Mark fileglob for insertion onto message queue if needed
5934 * Also takes fileglob reference
2d21ac55 5935 *
3e170ce0 5936 * Parameters: fg Fileglob pointer to insert
2d21ac55 5937 *
3e170ce0 5938 * Returns: true, if the fileglob needs to be inserted onto msg queue
2d21ac55
A		 5939 *
5940 * Locks: Takes and drops fg_lock, potentially many times
5941 */
3e170ce0
A		 5942boolean_t
5943fg_insertuipc_mark(struct fileglob * fg)
9bccf70c 5944{
3e170ce0 5945 boolean_t insert = FALSE;
9bccf70c 5946
2d21ac55 5947 lck_mtx_lock_spin(&fg->fg_lock);
91447636 5948 while (fg->fg_lflags & FG_RMMSGQ) {
2d21ac55
A		 5949 lck_mtx_convert_spin(&fg->fg_lock);
5950
91447636 5951 fg->fg_lflags |= FG_WRMMSGQ;
2d21ac55 5952 msleep(&fg->fg_lflags, &fg->fg_lock, 0, "fg_insertuipc", NULL);
91447636 5953 }
9bccf70c 5954
91447636
A		 5955 fg->fg_count++;
5956 fg->fg_msgcount++;
5957 if (fg->fg_msgcount == 1) {
5958 fg->fg_lflags |= FG_INSMSGQ;
3e170ce0 5959 insert = TRUE;
9bccf70c 5960 }
91447636 5961 lck_mtx_unlock(&fg->fg_lock);
0a7de745 5962 return insert;
3e170ce0 5963}
91447636 5964
3e170ce0
A		 5965/*
5966 * fg_insertuipc
5967 *
5968 * Description: Insert marked fileglob onto message queue
5969 *
5970 * Parameters: fg Fileglob pointer to insert
5971 *
5972 * Returns: void
5973 *
5974 * Locks: Takes and drops fg_lock & uipc_lock
5975 * DO NOT call this function with proc_fdlock held as unp_gc()
5976 * can potentially try to acquire proc_fdlock, which can result
5977 * in a deadlock if this function is in unp_gc_wait().
5978 */
5979void
5980fg_insertuipc(struct fileglob * fg)
5981{
5982 if (fg->fg_lflags & FG_INSMSGQ) {
2d21ac55 5983 lck_mtx_lock_spin(uipc_lock);
6601e61a 5984 unp_gc_wait();
91447636
A		 5985 LIST_INSERT_HEAD(&fmsghead, fg, f_msglist);
5986 lck_mtx_unlock(uipc_lock);
5987 lck_mtx_lock(&fg->fg_lock);
5988 fg->fg_lflags &= ~FG_INSMSGQ;
5989 if (fg->fg_lflags & FG_WINSMSGQ) {
5990 fg->fg_lflags &= ~FG_WINSMSGQ;
5991 wakeup(&fg->fg_lflags);
5992 }
5993 lck_mtx_unlock(&fg->fg_lock);
5994 }
91447636 5995}
9bccf70c 5996
2d21ac55 5997/*
3e170ce0 5998 * fg_removeuipc_mark
2d21ac55 5999 *
3e170ce0
A		 6000 * Description: Mark the fileglob for removal from message queue if needed
6001 * Also releases fileglob message queue reference
2d21ac55 6002 *
3e170ce0 6003 * Parameters: fg Fileglob pointer to remove
2d21ac55 6004 *
3e170ce0 6005 * Returns: true, if the fileglob needs to be removed from msg queue
2d21ac55
A		 6006 *
6007 * Locks: Takes and drops fg_lock, potentially many times
6008 */
3e170ce0
A		 6009boolean_t
6010fg_removeuipc_mark(struct fileglob * fg)
91447636 6011{
3e170ce0 6012 boolean_t remove = FALSE;
91447636 6013
2d21ac55 6014 lck_mtx_lock_spin(&fg->fg_lock);
91447636 6015 while (fg->fg_lflags & FG_INSMSGQ) {
2d21ac55
A		 6016 lck_mtx_convert_spin(&fg->fg_lock);
6017
91447636 6018 fg->fg_lflags |= FG_WINSMSGQ;
2d21ac55 6019 msleep(&fg->fg_lflags, &fg->fg_lock, 0, "fg_removeuipc", NULL);
91447636
A		 6020 }
6021 fg->fg_msgcount--;
6022 if (fg->fg_msgcount == 0) {
6023 fg->fg_lflags |= FG_RMMSGQ;
3e170ce0 6024 remove = TRUE;
9bccf70c 6025 }
91447636 6026 lck_mtx_unlock(&fg->fg_lock);
0a7de745 6027 return remove;
3e170ce0 6028}
91447636 6029
3e170ce0
A		 6030/*
6031 * fg_removeuipc
6032 *
6033 * Description: Remove marked fileglob from message queue
6034 *
6035 * Parameters: fg Fileglob pointer to remove
6036 *
6037 * Returns: void
6038 *
6039 * Locks: Takes and drops fg_lock & uipc_lock
6040 * DO NOT call this function with proc_fdlock held as unp_gc()
6041 * can potentially try to acquire proc_fdlock, which can result
6042 * in a deadlock if this function is in unp_gc_wait().
6043 */
6044void
6045fg_removeuipc(struct fileglob * fg)
6046{
6047 if (fg->fg_lflags & FG_RMMSGQ) {
2d21ac55 6048 lck_mtx_lock_spin(uipc_lock);
6601e61a 6049 unp_gc_wait();
91447636
A		 6050 LIST_REMOVE(fg, f_msglist);
6051 lck_mtx_unlock(uipc_lock);
6052 lck_mtx_lock(&fg->fg_lock);
6053 fg->fg_lflags &= ~FG_RMMSGQ;
6054 if (fg->fg_lflags & FG_WRMMSGQ) {
6055 fg->fg_lflags &= ~FG_WRMMSGQ;
6056 wakeup(&fg->fg_lflags);
6057 }
6058 lck_mtx_unlock(&fg->fg_lock);
6059 }
6060}
39236c6e 6061#endif /* SOCKETS */
91447636 6062
2d21ac55
A		 6063/*
6064 * fo_read
6065 *
6066 * Description: Generic fileops read indirected through the fileops pointer
6067 * in the fileproc structure
6068 *
6069 * Parameters: fp fileproc structure pointer
6070 * uio user I/O structure pointer
6071 * flags FOF_ flags
6072 * ctx VFS context for operation
6073 *
6074 * Returns: 0 Success
6075 * !0 Errno from read
6076 */
91447636 6077int
2d21ac55 6078fo_read(struct fileproc *fp, struct uio *uio, int flags, vfs_context_t ctx)
91447636 6079{
0a7de745 6080 return (*fp->f_ops->fo_read)(fp, uio, flags, ctx);
91447636
A		 6081}
6082
cb323159
A		 6083int
6084fo_no_read(struct fileproc *fp, struct uio *uio, int flags, vfs_context_t ctx)
6085{
6086#pragma unused(fp, uio, flags, ctx)
6087 return ENXIO;
6088}
6089
2d21ac55
A		 6090
6091/*
6092 * fo_write
6093 *
6094 * Description: Generic fileops write indirected through the fileops pointer
6095 * in the fileproc structure
6096 *
6097 * Parameters: fp fileproc structure pointer
6098 * uio user I/O structure pointer
6099 * flags FOF_ flags
6100 * ctx VFS context for operation
6101 *
6102 * Returns: 0 Success
6103 * !0 Errno from write
6104 */
91447636 6105int
2d21ac55 6106fo_write(struct fileproc *fp, struct uio *uio, int flags, vfs_context_t ctx)
91447636 6107{
0a7de745 6108 return (*fp->f_ops->fo_write)(fp, uio, flags, ctx);
91447636
A		 6109}
6110
cb323159
A		 6111int
6112fo_no_write(struct fileproc *fp, struct uio *uio, int flags, vfs_context_t ctx)
6113{
6114#pragma unused(fp, uio, flags, ctx)
6115 return ENXIO;
6116}
6117
2d21ac55
A		 6118
6119/*
6120 * fo_ioctl
6121 *
6122 * Description: Generic fileops ioctl indirected through the fileops pointer
6123 * in the fileproc structure
6124 *
6125 * Parameters: fp fileproc structure pointer
6126 * com ioctl command
6127 * data pointer to internalized copy
6128 * of user space ioctl command
6129 * parameter data in kernel space
6130 * ctx VFS context for operation
6131 *
6132 * Returns: 0 Success
6133 * !0 Errno from ioctl
6134 *
6135 * Locks: The caller is assumed to have held the proc_fdlock; this
6136 * function releases and reacquires this lock. If the caller
6137 * accesses data protected by this lock prior to calling this
6138 * function, it will need to revalidate/reacquire any cached
6139 * protected data obtained prior to the call.
6140 */
39037602 6141int
2d21ac55 6142fo_ioctl(struct fileproc *fp, u_long com, caddr_t data, vfs_context_t ctx)
91447636 6143{
2d21ac55 6144 int error;
91447636 6145
2d21ac55
A		 6146 proc_fdunlock(vfs_context_proc(ctx));
6147 error = (*fp->f_ops->fo_ioctl)(fp, com, data, ctx);
6148 proc_fdlock(vfs_context_proc(ctx));
0a7de745 6149 return error;
39037602 6150}
91447636 6151
cb323159
A		 6152int
6153fo_no_ioctl(struct fileproc *fp, u_long com, caddr_t data, vfs_context_t ctx)
6154{
6155#pragma unused(fp, com, data, ctx)
6156 return ENOTTY;
6157}
6158
2d21ac55
A		 6159
6160/*
6161 * fo_select
6162 *
6163 * Description: Generic fileops select indirected through the fileops pointer
6164 * in the fileproc structure
6165 *
6166 * Parameters: fp fileproc structure pointer
6167 * which select which
6168 * wql pointer to wait queue list
6169 * ctx VFS context for operation
6170 *
6171 * Returns: 0 Success
6172 * !0 Errno from select
6173 */
91447636 6174int
2d21ac55 6175fo_select(struct fileproc *fp, int which, void *wql, vfs_context_t ctx)
39037602 6176{
0a7de745 6177 return (*fp->f_ops->fo_select)(fp, which, wql, ctx);
91447636
A		 6178}
6179
cb323159
A		 6180int
6181fo_no_select(struct fileproc *fp, int which, void *wql, vfs_context_t ctx)
6182{
6183#pragma unused(fp, which, wql, ctx)
6184 return ENOTSUP;
6185}
6186
2d21ac55
A		 6187
6188/*
6189 * fo_close
6190 *
6191 * Description: Generic fileops close indirected through the fileops pointer
6192 * in the fileproc structure
6193 *
6194 * Parameters: fp fileproc structure pointer for
6195 * file to close
6196 * ctx VFS context for operation
6197 *
6198 * Returns: 0 Success
6199 * !0 Errno from close
6200 */
91447636 6201int
2d21ac55 6202fo_close(struct fileglob *fg, vfs_context_t ctx)
39037602 6203{
0a7de745 6204 return (*fg->fg_ops->fo_close)(fg, ctx);
9bccf70c
A		 6205}
6206
2d21ac55 6207
cb323159
A		 6208/*
6209 * fo_drain
6210 *
6211 * Description: Generic fileops kqueue filter indirected through the fileops
6212 * pointer in the fileproc structure
6213 *
6214 * Parameters: fp fileproc structure pointer
6215 * ctx VFS context for operation
6216 *
6217 * Returns: 0 Success
6218 * !0 errno from drain
6219 */
6220int
6221fo_drain(struct fileproc *fp, vfs_context_t ctx)
6222{
6223 return (*fp->f_ops->fo_drain)(fp, ctx);
6224}
6225
6226int
6227fo_no_drain(struct fileproc *fp, vfs_context_t ctx)
6228{
6229#pragma unused(fp, ctx)
6230 return ENOTSUP;
6231}
6232
6233
2d21ac55
A		 6234/*
6235 * fo_kqfilter
6236 *
6237 * Description: Generic fileops kqueue filter indirected through the fileops
6238 * pointer in the fileproc structure
6239 *
6240 * Parameters: fp fileproc structure pointer
6241 * kn pointer to knote to filter on
2d21ac55 6242 *
39037602
A		 6243 * Returns: (kn->kn_flags & EV_ERROR) error in kn->kn_data
6244 * 0 Filter is not active
6245 * !0 Filter is active
2d21ac55 6246 */
1c79356b 6247int
cb323159 6248fo_kqfilter(struct fileproc *fp, struct knote *kn, struct kevent_qos_s *kev)
1c79356b 6249{
cb323159 6250 return (*fp->f_ops->fo_kqfilter)(fp, kn, kev);
1c79356b 6251}
b0d623f7 6252
cb323159
A		 6253int
6254fo_no_kqfilter(struct fileproc *fp, struct knote *kn, struct kevent_qos_s *kev)
6255{
6256#pragma unused(fp, kev)
6257 knote_set_error(kn, ENOTSUP);
6258 return 0;
6259}
6260
6261
b0d623f7
A		 6262/*
6263 * The ability to send a file descriptor to another
6264 * process is opt-in by file type.
6265 */
6266boolean_t
39037602 6267file_issendable(proc_t p, struct fileproc *fp)
b0d623f7 6268{
3e170ce0
A		 6269 proc_fdlock_assert(p, LCK_MTX_ASSERT_OWNED);
6270
6271 switch (fp->f_type) {
6272 case DTYPE_VNODE:
6273 case DTYPE_SOCKET:
6274 case DTYPE_PIPE:
6275 case DTYPE_PSXSHM:
5ba3f43e 6276 case DTYPE_NETPOLICY:
0a7de745 6277 return 0 == (fp->f_fglob->fg_lflags & FG_CONFINED);
3e170ce0
A		 6278 default:
6279 /* DTYPE_KQUEUE, DTYPE_FSEVENTS, DTYPE_PSXSEM */
6280 return FALSE;
b0d623f7
A		 6281 }
6282}
39236c6e 6283
cb323159 6284os_refgrp_decl(, f_iocount_refgrp, "f_iocount", NULL);
39236c6e
A		 6285
6286struct fileproc *
6287fileproc_alloc_init(__unused void *arg)
6288{
6289 struct fileproc *fp;
6290
0a7de745
A		 6291 MALLOC_ZONE(fp, struct fileproc *, sizeof(*fp), M_FILEPROC, M_WAITOK);
6292 if (fp) {
6293 bzero(fp, sizeof(*fp));
cb323159 6294 os_ref_init(&fp->f_iocount, &f_iocount_refgrp);
0a7de745 6295 }
39236c6e 6296
0a7de745 6297 return fp;
39236c6e
A		 6298}
6299
cb323159 6300
39236c6e
A		 6301void
6302fileproc_free(struct fileproc *fp)
6303{
cb323159
A		 6304 os_ref_count_t __unused refc = os_ref_release(&fp->f_iocount);
6305#if DEVELOPMENT || DEBUG
6306 if (0 != refc) {
6307 panic("%s: pid %d refc: %u != 0",
6308 __func__, proc_pid(current_proc()), refc);
6309 }
6310#endif
39236c6e
A		 6311 switch (FILEPROC_TYPE(fp)) {
6312 case FTYPE_SIMPLE:
0a7de745 6313 FREE_ZONE(fp, sizeof(*fp), M_FILEPROC);
39236c6e
A		 6314 break;
6315 case FTYPE_GUARDED:
6316 guarded_fileproc_free(fp);
6317 break;
6318 default:
6319 panic("%s: corrupt fp %p flags %x", __func__, fp, fp->f_flags);
6320 }
6321}
cb323159
A		 6322
6323void
6324fileproc_modify_vflags(struct fileproc *fp, fileproc_vflags_t vflags, boolean_t clearflags)
6325{
6326 if (clearflags) {
6327 os_atomic_andnot(&fp->f_vflags, vflags, relaxed);
6328 } else {
6329 os_atomic_or(&fp->f_vflags, vflags, relaxed);
6330 }
6331}
6332
6333fileproc_vflags_t
6334fileproc_get_vflags(struct fileproc *fp)
6335{
6336 return os_atomic_load(&fp->f_vflags, relaxed);
6337}
mirror of XNU