]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/uipc_socket2.c
projects / apple / xnu.git / blob
? search:


379b9afd616bcdabe1e2ddd5905b78c8226cfec6
[apple/xnu.git] / bsd / kern / uipc_socket2.c
1 /*
2 * Copyright (c) 1998-2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
29 /*
30 * Copyright (c) 1982, 1986, 1988, 1990, 1993
31 * The Regents of the University of California. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. All advertising materials mentioning features or use of this software
42 * must display the following acknowledgement:
43 * This product includes software developed by the University of
44 * California, Berkeley and its contributors.
45 * 4. Neither the name of the University nor the names of its contributors
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 * @(#)uipc_socket2.c 8.1 (Berkeley) 6/10/93
62 * $FreeBSD: src/sys/kern/uipc_socket2.c,v 1.55.2.9 2001/07/26 18:53:02 peter Exp $
63 */
64 /*
65 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
66 * support for mandatory and extensible security protections. This notice
67 * is included in support of clause 2.2 (b) of the Apple Public License,
68 * Version 2.0.
69 */
70
71 #include <sys/param.h>
72 #include <sys/systm.h>
73 #include <sys/domain.h>
74 #include <sys/kernel.h>
75 #include <sys/proc_internal.h>
76 #include <sys/kauth.h>
77 #include <sys/malloc.h>
78 #include <sys/mbuf.h>
79 #include <sys/protosw.h>
80 #include <sys/stat.h>
81 #include <sys/socket.h>
82 #include <sys/socketvar.h>
83 #include <sys/signalvar.h>
84 #include <sys/sysctl.h>
85 #include <sys/ev.h>
86 #include <kern/locks.h>
87 #include <net/route.h>
88 #include <netinet/in.h>
89 #include <netinet/in_pcb.h>
90 #include <sys/kdebug.h>
91 #include <libkern/OSAtomic.h>
92
93 #if CONFIG_MACF
94 #include <security/mac_framework.h>
95 #endif
96
97 /* TODO: this should be in a header file somewhere */
98 extern void postevent(struct socket *, struct sockbuf *, int);
99
100 #define DBG_FNC_SBDROP NETDBG_CODE(DBG_NETSOCK, 4)
101 #define DBG_FNC_SBAPPEND NETDBG_CODE(DBG_NETSOCK, 5)
102
103 static inline void sbcompress(struct sockbuf *, struct mbuf *, struct mbuf *);
104 static struct socket *sonewconn_internal(struct socket *, int);
105 static int sbappendaddr_internal(struct sockbuf *, struct sockaddr *,
106 struct mbuf *, struct mbuf *);
107 static int sbappendcontrol_internal(struct sockbuf *, struct mbuf *,
108 struct mbuf *);
109
110 /*
111 * Primitive routines for operating on sockets and socket buffers
112 */
113 static int soqlimitcompat = 1;
114 static int soqlencomp = 0;
115
116 u_long sb_max = SB_MAX; /* XXX should be static */
117
118 static u_long sb_efficiency = 8; /* parameter for sbreserve() */
119 __private_extern__ unsigned int total_mb_cnt = 0;
120 __private_extern__ unsigned int total_cl_cnt = 0;
121 __private_extern__ int sbspace_factor = 8;
122
123 /*
124 * Procedures to manipulate state flags of socket
125 * and do appropriate wakeups. Normal sequence from the
126 * active (originating) side is that soisconnecting() is
127 * called during processing of connect() call,
128 * resulting in an eventual call to soisconnected() if/when the
129 * connection is established. When the connection is torn down
130 * soisdisconnecting() is called during processing of disconnect() call,
131 * and soisdisconnected() is called when the connection to the peer
132 * is totally severed. The semantics of these routines are such that
133 * connectionless protocols can call soisconnected() and soisdisconnected()
134 * only, bypassing the in-progress calls when setting up a ``connection''
135 * takes no time.
136 *
137 * From the passive side, a socket is created with
138 * two queues of sockets: so_incomp for connections in progress
139 * and so_comp for connections already made and awaiting user acceptance.
140 * As a protocol is preparing incoming connections, it creates a socket
141 * structure queued on so_incomp by calling sonewconn(). When the connection
142 * is established, soisconnected() is called, and transfers the
143 * socket structure to so_comp, making it available to accept().
144 *
145 * If a socket is closed with sockets on either
146 * so_incomp or so_comp, these sockets are dropped.
147 *
148 * If higher level protocols are implemented in
149 * the kernel, the wakeups done here will sometimes
150 * cause software-interrupt process scheduling.
151 */
152 void
153 soisconnecting(struct socket *so)
154 {
155
156 so->so_state &= ~(SS_ISCONNECTED|SS_ISDISCONNECTING);
157 so->so_state |= SS_ISCONNECTING;
158
159 sflt_notify(so, sock_evt_connecting, NULL);
160 }
161
162 void
163 soisconnected(struct socket *so)
164 {
165 struct socket *head = so->so_head;
166
167 so->so_state &= ~(SS_ISCONNECTING|SS_ISDISCONNECTING|SS_ISCONFIRMING);
168 so->so_state |= SS_ISCONNECTED;
169
170 sflt_notify(so, sock_evt_connected, NULL);
171
172 if (head && (so->so_state & SS_INCOMP)) {
173 so->so_state &= ~SS_INCOMP;
174 so->so_state |= SS_COMP;
175 if (head->so_proto->pr_getlock != NULL) {
176 socket_unlock(so, 0);
177 socket_lock(head, 1);
178 }
179 postevent(head, 0, EV_RCONN);
180 TAILQ_REMOVE(&head->so_incomp, so, so_list);
181 head->so_incqlen--;
182 TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
183 sorwakeup(head);
184 wakeup_one((caddr_t)&head->so_timeo);
185 if (head->so_proto->pr_getlock != NULL) {
186 socket_unlock(head, 1);
187 socket_lock(so, 0);
188 }
189 } else {
190 postevent(so, 0, EV_WCONN);
191 wakeup((caddr_t)&so->so_timeo);
192 sorwakeup(so);
193 sowwakeup(so);
194 }
195 }
196
197 void
198 soisdisconnecting(struct socket *so)
199 {
200 so->so_state &= ~SS_ISCONNECTING;
201 so->so_state |= (SS_ISDISCONNECTING|SS_CANTRCVMORE|SS_CANTSENDMORE);
202 sflt_notify(so, sock_evt_disconnecting, NULL);
203 wakeup((caddr_t)&so->so_timeo);
204 sowwakeup(so);
205 sorwakeup(so);
206 }
207
208 void
209 soisdisconnected(struct socket *so)
210 {
211 so->so_state &= ~(SS_ISCONNECTING|SS_ISCONNECTED|SS_ISDISCONNECTING);
212 so->so_state |= (SS_CANTRCVMORE|SS_CANTSENDMORE|SS_ISDISCONNECTED);
213 sflt_notify(so, sock_evt_disconnected, NULL);
214 wakeup((caddr_t)&so->so_timeo);
215 sowwakeup(so);
216 sorwakeup(so);
217 }
218
219 /*
220 * When an attempt at a new connection is noted on a socket
221 * which accepts connections, sonewconn is called. If the
222 * connection is possible (subject to space constraints, etc.)
223 * then we allocate a new structure, propoerly linked into the
224 * data structure of the original socket, and return this.
225 * Connstatus may be 0, or SO_ISCONFIRMING, or SO_ISCONNECTED.
226 */
227 static struct socket *
228 sonewconn_internal(struct socket *head, int connstatus)
229 {
230 int so_qlen, error = 0;
231 struct socket *so;
232 lck_mtx_t *mutex_held;
233
234 if (head->so_proto->pr_getlock != NULL)
235 mutex_held = (*head->so_proto->pr_getlock)(head, 0);
236 else
237 mutex_held = head->so_proto->pr_domain->dom_mtx;
238 lck_mtx_assert(mutex_held, LCK_MTX_ASSERT_OWNED);
239
240 if (!soqlencomp) {
241 /*
242 * This is the default case; so_qlen represents the
243 * sum of both incomplete and completed queues.
244 */
245 so_qlen = head->so_qlen;
246 } else {
247 /*
248 * When kern.ipc.soqlencomp is set to 1, so_qlen
249 * represents only the completed queue. Since we
250 * cannot let the incomplete queue goes unbounded
251 * (in case of SYN flood), we cap the incomplete
252 * queue length to at most somaxconn, and use that
253 * as so_qlen so that we fail immediately below.
254 */
255 so_qlen = head->so_qlen - head->so_incqlen;
256 if (head->so_incqlen > somaxconn)
257 so_qlen = somaxconn;
258 }
259
260 if (so_qlen >=
261 (soqlimitcompat ? head->so_qlimit : (3 * head->so_qlimit / 2)))
262 return ((struct socket *)0);
263 so = soalloc(M_NOWAIT, head->so_proto->pr_domain->dom_family,
264 head->so_type);
265 if (so == NULL)
266 return ((struct socket *)0);
267 /* check if head was closed during the soalloc */
268 if (head->so_proto == NULL) {
269 sodealloc(so);
270 return ((struct socket *)0);
271 }
272
273 so->so_head = head;
274 so->so_type = head->so_type;
275 so->so_options = head->so_options &~ SO_ACCEPTCONN;
276 so->so_linger = head->so_linger;
277 so->so_state = head->so_state | SS_NOFDREF;
278 so->so_proto = head->so_proto;
279 so->so_timeo = head->so_timeo;
280 so->so_pgid = head->so_pgid;
281 so->so_uid = head->so_uid;
282 so->so_flags = head->so_flags & (SOF_REUSESHAREUID|SOF_NOTIFYCONFLICT); /* inherit SO_REUSESHAREUID and SO_NOTIFYCONFLICT ocket options */
283 so->so_usecount = 1;
284 so->next_lock_lr = 0;
285 so->next_unlock_lr = 0;
286
287 #ifdef __APPLE__
288 so->so_rcv.sb_flags |= SB_RECV; /* XXX */
289 so->so_rcv.sb_so = so->so_snd.sb_so = so;
290 TAILQ_INIT(&so->so_evlist);
291 #endif
292
293 #if CONFIG_MACF_SOCKET
294 mac_socket_label_associate_accept(head, so);
295 #endif
296
297 if (soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat)) {
298 sflt_termsock(so);
299 sodealloc(so);
300 return ((struct socket *)0);
301 }
302
303 /*
304 * Must be done with head unlocked to avoid deadlock
305 * for protocol with per socket mutexes.
306 */
307 if (head->so_proto->pr_unlock)
308 socket_unlock(head, 0);
309 if (((*so->so_proto->pr_usrreqs->pru_attach)(so, 0, NULL) != 0) ||
310 error) {
311 sflt_termsock(so);
312 sodealloc(so);
313 if (head->so_proto->pr_unlock)
314 socket_lock(head, 0);
315 return ((struct socket *)0);
316 }
317 if (head->so_proto->pr_unlock)
318 socket_lock(head, 0);
319 #ifdef __APPLE__
320 so->so_proto->pr_domain->dom_refs++;
321 #endif
322
323 if (connstatus) {
324 TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
325 so->so_state |= SS_COMP;
326 } else {
327 TAILQ_INSERT_TAIL(&head->so_incomp, so, so_list);
328 so->so_state |= SS_INCOMP;
329 head->so_incqlen++;
330 }
331 head->so_qlen++;
332
333 #ifdef __APPLE__
334 /* Attach socket filters for this protocol */
335 sflt_initsock(so);
336 #endif
337
338 if (connstatus) {
339 so->so_state |= connstatus;
340 sorwakeup(head);
341 wakeup((caddr_t)&head->so_timeo);
342 }
343 return (so);
344 }
345
346
347 struct socket *
348 sonewconn(struct socket *head, int connstatus, const struct sockaddr *from)
349 {
350 int error = 0;
351 struct socket_filter_entry *filter;
352 int filtered = 0;
353
354 for (filter = head->so_filt; filter && (error == 0);
355 filter = filter->sfe_next_onsocket) {
356 if (filter->sfe_filter->sf_filter.sf_connect_in) {
357 if (filtered == 0) {
358 filtered = 1;
359 sflt_use(head);
360 socket_unlock(head, 0);
361 }
362 error = filter->sfe_filter->sf_filter.
363 sf_connect_in(filter->sfe_cookie, head, from);
364 }
365 }
366 if (filtered != 0) {
367 socket_lock(head, 0);
368 sflt_unuse(head);
369 }
370
371 if (error) {
372 return (NULL);
373 }
374
375 return (sonewconn_internal(head, connstatus));
376 }
377
378 /*
379 * Socantsendmore indicates that no more data will be sent on the
380 * socket; it would normally be applied to a socket when the user
381 * informs the system that no more data is to be sent, by the protocol
382 * code (in case PRU_SHUTDOWN). Socantrcvmore indicates that no more data
383 * will be received, and will normally be applied to the socket by a
384 * protocol when it detects that the peer will send no more data.
385 * Data queued for reading in the socket may yet be read.
386 */
387
388 void
389 socantsendmore(struct socket *so)
390 {
391 so->so_state |= SS_CANTSENDMORE;
392 sflt_notify(so, sock_evt_cantsendmore, NULL);
393 sowwakeup(so);
394 }
395
396 void
397 socantrcvmore(struct socket *so)
398 {
399 so->so_state |= SS_CANTRCVMORE;
400 sflt_notify(so, sock_evt_cantrecvmore, NULL);
401 sorwakeup(so);
402 }
403
404 /*
405 * Wait for data to arrive at/drain from a socket buffer.
406 *
407 * Returns: 0 Success
408 * EBADF
409 * msleep:EINTR
410 */
411 int
412 sbwait(struct sockbuf *sb)
413 {
414 int error = 0, lr_saved;
415 struct socket *so = sb->sb_so;
416 lck_mtx_t *mutex_held;
417 struct timespec ts;
418
419 lr_saved = (unsigned int) __builtin_return_address(0);
420
421 if (so->so_proto->pr_getlock != NULL)
422 mutex_held = (*so->so_proto->pr_getlock)(so, 0);
423 else
424 mutex_held = so->so_proto->pr_domain->dom_mtx;
425
426 sb->sb_flags |= SB_WAIT;
427
428 if (so->so_usecount < 1)
429 panic("sbwait: so=%p refcount=%d\n", so, so->so_usecount);
430 ts.tv_sec = sb->sb_timeo.tv_sec;
431 ts.tv_nsec = sb->sb_timeo.tv_usec * 1000;
432 error = msleep((caddr_t)&sb->sb_cc, mutex_held,
433 (sb->sb_flags & SB_NOINTR) ? PSOCK : PSOCK | PCATCH, "sbwait", &ts);
434
435 lck_mtx_assert(mutex_held, LCK_MTX_ASSERT_OWNED);
436
437 if (so->so_usecount < 1)
438 panic("sbwait: so=%p refcount=%d\n", so, so->so_usecount);
439
440 if ((so->so_state & SS_DRAINING)) {
441 error = EBADF;
442 }
443
444 return (error);
445 }
446
447 /*
448 * Lock a sockbuf already known to be locked;
449 * return any error returned from sleep (EINTR).
450 *
451 * Returns: 0 Success
452 * EINTR
453 */
454 int
455 sb_lock(struct sockbuf *sb)
456 {
457 struct socket *so = sb->sb_so;
458 lck_mtx_t *mutex_held;
459 int error = 0;
460
461 if (so == NULL)
462 panic("sb_lock: null so back pointer sb=%p\n", sb);
463
464 while (sb->sb_flags & SB_LOCK) {
465 sb->sb_flags |= SB_WANT;
466 if (so->so_proto->pr_getlock != NULL)
467 mutex_held = (*so->so_proto->pr_getlock)(so, 0);
468 else
469 mutex_held = so->so_proto->pr_domain->dom_mtx;
470 if (so->so_usecount < 1)
471 panic("sb_lock: so=%p refcount=%d\n", so,
472 so->so_usecount);
473
474 error = msleep((caddr_t)&sb->sb_flags, mutex_held,
475 (sb->sb_flags & SB_NOINTR) ? PSOCK : PSOCK | PCATCH,
476 "sb_lock", 0);
477 if (so->so_usecount < 1)
478 panic("sb_lock: 2 so=%p refcount=%d\n", so,
479 so->so_usecount);
480 if (error)
481 return (error);
482 }
483 sb->sb_flags |= SB_LOCK;
484 return (0);
485 }
486
487 /*
488 * Wakeup processes waiting on a socket buffer.
489 * Do asynchronous notification via SIGIO
490 * if the socket has the SS_ASYNC flag set.
491 */
492 void
493 sowakeup(struct socket *so, struct sockbuf *sb)
494 {
495 sb->sb_flags &= ~SB_SEL;
496 selwakeup(&sb->sb_sel);
497 if (sb->sb_flags & SB_WAIT) {
498 sb->sb_flags &= ~SB_WAIT;
499 wakeup((caddr_t)&sb->sb_cc);
500 }
501 if (so->so_state & SS_ASYNC) {
502 if (so->so_pgid < 0)
503 gsignal(-so->so_pgid, SIGIO);
504 else if (so->so_pgid > 0)
505 proc_signal(so->so_pgid, SIGIO);
506 }
507 if (sb->sb_flags & SB_KNOTE) {
508 KNOTE(&sb->sb_sel.si_note, SO_FILT_HINT_LOCKED);
509 }
510 if (sb->sb_flags & SB_UPCALL) {
511 void (*so_upcall)(struct socket *, caddr_t, int);
512 caddr_t so_upcallarg;
513
514 so_upcall = so->so_upcall;
515 so_upcallarg = so->so_upcallarg;
516 /* Let close know that we're about to do an upcall */
517 so->so_flags |= SOF_UPCALLINUSE;
518
519 socket_unlock(so, 0);
520 (*so_upcall)(so, so_upcallarg, M_DONTWAIT);
521 socket_lock(so, 0);
522
523 so->so_flags &= ~SOF_UPCALLINUSE;
524 /* Tell close that it's safe to proceed */
525 if (so->so_flags & SOF_CLOSEWAIT)
526 wakeup((caddr_t)&so->so_upcall);
527 }
528 }
529
530 /*
531 * Socket buffer (struct sockbuf) utility routines.
532 *
533 * Each socket contains two socket buffers: one for sending data and
534 * one for receiving data. Each buffer contains a queue of mbufs,
535 * information about the number of mbufs and amount of data in the
536 * queue, and other fields allowing select() statements and notification
537 * on data availability to be implemented.
538 *
539 * Data stored in a socket buffer is maintained as a list of records.
540 * Each record is a list of mbufs chained together with the m_next
541 * field. Records are chained together with the m_nextpkt field. The upper
542 * level routine soreceive() expects the following conventions to be
543 * observed when placing information in the receive buffer:
544 *
545 * 1. If the protocol requires each message be preceded by the sender's
546 * name, then a record containing that name must be present before
547 * any associated data (mbuf's must be of type MT_SONAME).
548 * 2. If the protocol supports the exchange of ``access rights'' (really
549 * just additional data associated with the message), and there are
550 * ``rights'' to be received, then a record containing this data
551 * should be present (mbuf's must be of type MT_RIGHTS).
552 * 3. If a name or rights record exists, then it must be followed by
553 * a data record, perhaps of zero length.
554 *
555 * Before using a new socket structure it is first necessary to reserve
556 * buffer space to the socket, by calling sbreserve(). This should commit
557 * some of the available buffer space in the system buffer pool for the
558 * socket (currently, it does nothing but enforce limits). The space
559 * should be released by calling sbrelease() when the socket is destroyed.
560 */
561
562 /*
563 * Returns: 0 Success
564 * ENOBUFS
565 */
566 int
567 soreserve(struct socket *so, u_long sndcc, u_long rcvcc)
568 {
569
570 if (sbreserve(&so->so_snd, sndcc) == 0)
571 goto bad;
572 if (sbreserve(&so->so_rcv, rcvcc) == 0)
573 goto bad2;
574 if (so->so_rcv.sb_lowat == 0)
575 so->so_rcv.sb_lowat = 1;
576 if (so->so_snd.sb_lowat == 0)
577 so->so_snd.sb_lowat = MCLBYTES;
578 if (so->so_snd.sb_lowat > so->so_snd.sb_hiwat)
579 so->so_snd.sb_lowat = so->so_snd.sb_hiwat;
580 return (0);
581 bad2:
582 #ifdef __APPLE__
583 selthreadclear(&so->so_snd.sb_sel);
584 #endif
585 sbrelease(&so->so_snd);
586 bad:
587 return (ENOBUFS);
588 }
589
590 /*
591 * Allot mbufs to a sockbuf.
592 * Attempt to scale mbmax so that mbcnt doesn't become limiting
593 * if buffering efficiency is near the normal case.
594 */
595 int
596 sbreserve(struct sockbuf *sb, u_long cc)
597 {
598 if ((u_quad_t)cc > (u_quad_t)sb_max * MCLBYTES / (MSIZE + MCLBYTES))
599 return (0);
600 sb->sb_hiwat = cc;
601 sb->sb_mbmax = min(cc * sb_efficiency, sb_max);
602 if (sb->sb_lowat > sb->sb_hiwat)
603 sb->sb_lowat = sb->sb_hiwat;
604 return (1);
605 }
606
607 /*
608 * Free mbufs held by a socket, and reserved mbuf space.
609 */
610 /* WARNING needs to do selthreadclear() before calling this */
611 void
612 sbrelease(struct sockbuf *sb)
613 {
614 sbflush(sb);
615 sb->sb_hiwat = 0;
616 sb->sb_mbmax = 0;
617 }
618
619 /*
620 * Routines to add and remove
621 * data from an mbuf queue.
622 *
623 * The routines sbappend() or sbappendrecord() are normally called to
624 * append new mbufs to a socket buffer, after checking that adequate
625 * space is available, comparing the function sbspace() with the amount
626 * of data to be added. sbappendrecord() differs from sbappend() in
627 * that data supplied is treated as the beginning of a new record.
628 * To place a sender's address, optional access rights, and data in a
629 * socket receive buffer, sbappendaddr() should be used. To place
630 * access rights and data in a socket receive buffer, sbappendrights()
631 * should be used. In either case, the new data begins a new record.
632 * Note that unlike sbappend() and sbappendrecord(), these routines check
633 * for the caller that there will be enough space to store the data.
634 * Each fails if there is not enough space, or if it cannot find mbufs
635 * to store additional information in.
636 *
637 * Reliable protocols may use the socket send buffer to hold data
638 * awaiting acknowledgement. Data is normally copied from a socket
639 * send buffer in a protocol with m_copy for output to a peer,
640 * and then removing the data from the socket buffer with sbdrop()
641 * or sbdroprecord() when the data is acknowledged by the peer.
642 */
643
644 /*
645 * Append mbuf chain m to the last record in the
646 * socket buffer sb. The additional space associated
647 * the mbuf chain is recorded in sb. Empty mbufs are
648 * discarded and mbufs are compacted where possible.
649 */
650 int
651 sbappend(struct sockbuf *sb, struct mbuf *m)
652 {
653 struct socket *so = sb->sb_so;
654
655 if (m == NULL || (sb->sb_flags & SB_DROP)) {
656 if (m != NULL)
657 m_freem(m);
658 return (0);
659 }
660
661 SBLASTRECORDCHK(sb, "sbappend 1");
662
663 if (sb->sb_lastrecord != NULL && (sb->sb_mbtail->m_flags & M_EOR))
664 return (sbappendrecord(sb, m));
665
666 if (sb->sb_flags & SB_RECV) {
667 int error = sflt_data_in(so, NULL, &m, NULL, 0, NULL);
668 SBLASTRECORDCHK(sb, "sbappend 2");
669 if (error != 0) {
670 if (error != EJUSTRETURN)
671 m_freem(m);
672 return (0);
673 }
674 }
675
676 /* If this is the first record, it's also the last record */
677 if (sb->sb_lastrecord == NULL)
678 sb->sb_lastrecord = m;
679
680 sbcompress(sb, m, sb->sb_mbtail);
681 SBLASTRECORDCHK(sb, "sbappend 3");
682 return (1);
683 }
684
685 /*
686 * Similar to sbappend, except that this is optimized for stream sockets.
687 */
688 int
689 sbappendstream(struct sockbuf *sb, struct mbuf *m)
690 {
691 struct socket *so = sb->sb_so;
692
693 if (m->m_nextpkt != NULL || (sb->sb_mb != sb->sb_lastrecord))
694 panic("sbappendstream: nexpkt %p || mb %p != lastrecord %p\n",
695 m->m_nextpkt, sb->sb_mb, sb->sb_lastrecord);
696
697 SBLASTMBUFCHK(sb, __func__);
698
699 if (m == NULL || (sb->sb_flags & SB_DROP)) {
700 if (m != NULL)
701 m_freem(m);
702 return (0);
703 }
704
705 if (sb->sb_flags & SB_RECV) {
706 int error = sflt_data_in(so, NULL, &m, NULL, 0, NULL);
707 SBLASTRECORDCHK(sb, "sbappendstream 1");
708 if (error != 0) {
709 if (error != EJUSTRETURN)
710 m_freem(m);
711 return (0);
712 }
713 }
714
715 sbcompress(sb, m, sb->sb_mbtail);
716 sb->sb_lastrecord = sb->sb_mb;
717 SBLASTRECORDCHK(sb, "sbappendstream 2");
718 return (1);
719 }
720
721 #ifdef SOCKBUF_DEBUG
722 void
723 sbcheck(struct sockbuf *sb)
724 {
725 struct mbuf *m;
726 struct mbuf *n = 0;
727 u_long len = 0, mbcnt = 0;
728 lck_mtx_t *mutex_held;
729
730 if (sb->sb_so->so_proto->pr_getlock != NULL)
731 mutex_held = (*sb->sb_so->so_proto->pr_getlock)(sb->sb_so, 0);
732 else
733 mutex_held = sb->sb_so->so_proto->pr_domain->dom_mtx;
734
735 lck_mtx_assert(mutex_held, LCK_MTX_ASSERT_OWNED);
736
737 if (sbchecking == 0)
738 return;
739
740 for (m = sb->sb_mb; m; m = n) {
741 n = m->m_nextpkt;
742 for (; m; m = m->m_next) {
743 len += m->m_len;
744 mbcnt += MSIZE;
745 /* XXX pretty sure this is bogus */
746 if (m->m_flags & M_EXT)
747 mbcnt += m->m_ext.ext_size;
748 }
749 }
750 if (len != sb->sb_cc || mbcnt != sb->sb_mbcnt) {
751 panic("cc %ld != %ld || mbcnt %ld != %ld\n", len, sb->sb_cc,
752 mbcnt, sb->sb_mbcnt);
753 }
754 }
755 #endif
756
757 void
758 sblastrecordchk(struct sockbuf *sb, const char *where)
759 {
760 struct mbuf *m = sb->sb_mb;
761
762 while (m && m->m_nextpkt)
763 m = m->m_nextpkt;
764
765 if (m != sb->sb_lastrecord) {
766 printf("sblastrecordchk: mb %p lastrecord %p last %p\n",
767 sb->sb_mb, sb->sb_lastrecord, m);
768 printf("packet chain:\n");
769 for (m = sb->sb_mb; m != NULL; m = m->m_nextpkt)
770 printf("\t%p\n", m);
771 panic("sblastrecordchk from %s", where);
772 }
773 }
774
775 void
776 sblastmbufchk(struct sockbuf *sb, const char *where)
777 {
778 struct mbuf *m = sb->sb_mb;
779 struct mbuf *n;
780
781 while (m && m->m_nextpkt)
782 m = m->m_nextpkt;
783
784 while (m && m->m_next)
785 m = m->m_next;
786
787 if (m != sb->sb_mbtail) {
788 printf("sblastmbufchk: mb %p mbtail %p last %p\n",
789 sb->sb_mb, sb->sb_mbtail, m);
790 printf("packet tree:\n");
791 for (m = sb->sb_mb; m != NULL; m = m->m_nextpkt) {
792 printf("\t");
793 for (n = m; n != NULL; n = n->m_next)
794 printf("%p ", n);
795 printf("\n");
796 }
797 panic("sblastmbufchk from %s", where);
798 }
799 }
800
801 /*
802 * Similar to sbappend, except the mbuf chain begins a new record.
803 */
804 int
805 sbappendrecord(struct sockbuf *sb, struct mbuf *m0)
806 {
807 struct mbuf *m;
808 int space = 0;
809
810 if (m0 == NULL || (sb->sb_flags & SB_DROP)) {
811 if (m0 != NULL)
812 m_freem(m0);
813 return (0);
814 }
815
816 for (m = m0; m != NULL; m = m->m_next)
817 space += m->m_len;
818
819 if (space > sbspace(sb) && !(sb->sb_flags & SB_UNIX)) {
820 m_freem(m0);
821 return (0);
822 }
823
824 if (sb->sb_flags & SB_RECV) {
825 int error = sflt_data_in(sb->sb_so, NULL, &m0, NULL,
826 sock_data_filt_flag_record, NULL);
827 if (error != 0) {
828 SBLASTRECORDCHK(sb, "sbappendrecord 1");
829 if (error != EJUSTRETURN)
830 m_freem(m0);
831 return (0);
832 }
833 }
834
835 /*
836 * Note this permits zero length records.
837 */
838 sballoc(sb, m0);
839 SBLASTRECORDCHK(sb, "sbappendrecord 2");
840 if (sb->sb_lastrecord != NULL) {
841 sb->sb_lastrecord->m_nextpkt = m0;
842 } else {
843 sb->sb_mb = m0;
844 }
845 sb->sb_lastrecord = m0;
846
847 m = m0->m_next;
848 m0->m_next = 0;
849 if (m && (m0->m_flags & M_EOR)) {
850 m0->m_flags &= ~M_EOR;
851 m->m_flags |= M_EOR;
852 }
853 sbcompress(sb, m, m0);
854 SBLASTRECORDCHK(sb, "sbappendrecord 3");
855 return (1);
856 }
857
858 /*
859 * As above except that OOB data
860 * is inserted at the beginning of the sockbuf,
861 * but after any other OOB data.
862 */
863 int
864 sbinsertoob(struct sockbuf *sb, struct mbuf *m0)
865 {
866 struct mbuf *m;
867 struct mbuf **mp;
868
869 if (m0 == 0)
870 return (0);
871
872 SBLASTRECORDCHK(sb, "sbinsertoob 1");
873
874 if ((sb->sb_flags & SB_RECV) != 0) {
875 int error = sflt_data_in(sb->sb_so, NULL, &m0, NULL,
876 sock_data_filt_flag_oob, NULL);
877
878 SBLASTRECORDCHK(sb, "sbinsertoob 2");
879 if (error) {
880 if (error != EJUSTRETURN) {
881 m_freem(m0);
882 }
883 return (0);
884 }
885 }
886
887 for (mp = &sb->sb_mb; *mp; mp = &((*mp)->m_nextpkt)) {
888 m = *mp;
889 again:
890 switch (m->m_type) {
891
892 case MT_OOBDATA:
893 continue; /* WANT next train */
894
895 case MT_CONTROL:
896 m = m->m_next;
897 if (m)
898 goto again; /* inspect THIS train further */
899 }
900 break;
901 }
902 /*
903 * Put the first mbuf on the queue.
904 * Note this permits zero length records.
905 */
906 sballoc(sb, m0);
907 m0->m_nextpkt = *mp;
908 if (*mp == NULL) {
909 /* m0 is actually the new tail */
910 sb->sb_lastrecord = m0;
911 }
912 *mp = m0;
913 m = m0->m_next;
914 m0->m_next = 0;
915 if (m && (m0->m_flags & M_EOR)) {
916 m0->m_flags &= ~M_EOR;
917 m->m_flags |= M_EOR;
918 }
919 sbcompress(sb, m, m0);
920 SBLASTRECORDCHK(sb, "sbinsertoob 3");
921 return (1);
922 }
923
924 /*
925 * Append address and data, and optionally, control (ancillary) data
926 * to the receive queue of a socket. If present,
927 * m0 must include a packet header with total length.
928 * Returns 0 if no space in sockbuf or insufficient mbufs.
929 *
930 * Returns: 0 No space/out of mbufs
931 * 1 Success
932 */
933 static int
934 sbappendaddr_internal(struct sockbuf *sb, struct sockaddr *asa,
935 struct mbuf *m0, struct mbuf *control)
936 {
937 struct mbuf *m, *n, *nlast;
938 int space = asa->sa_len;
939
940 if (m0 && (m0->m_flags & M_PKTHDR) == 0)
941 panic("sbappendaddr");
942
943 if (m0)
944 space += m0->m_pkthdr.len;
945 for (n = control; n; n = n->m_next) {
946 space += n->m_len;
947 if (n->m_next == 0) /* keep pointer to last control buf */
948 break;
949 }
950 if (space > sbspace(sb))
951 return (0);
952 if (asa->sa_len > MLEN)
953 return (0);
954 MGET(m, M_DONTWAIT, MT_SONAME);
955 if (m == 0)
956 return (0);
957 m->m_len = asa->sa_len;
958 bcopy((caddr_t)asa, mtod(m, caddr_t), asa->sa_len);
959 if (n)
960 n->m_next = m0; /* concatenate data to control */
961 else
962 control = m0;
963 m->m_next = control;
964
965 SBLASTRECORDCHK(sb, "sbappendadddr 1");
966
967 for (n = m; n->m_next != NULL; n = n->m_next)
968 sballoc(sb, n);
969 sballoc(sb, n);
970 nlast = n;
971
972 if (sb->sb_lastrecord != NULL) {
973 sb->sb_lastrecord->m_nextpkt = m;
974 } else {
975 sb->sb_mb = m;
976 }
977 sb->sb_lastrecord = m;
978 sb->sb_mbtail = nlast;
979
980 SBLASTMBUFCHK(sb, __func__);
981 SBLASTRECORDCHK(sb, "sbappendadddr 2");
982
983 postevent(0, sb, EV_RWBYTES);
984 return (1);
985 }
986
987 /*
988 * Returns: 0 Error: No space/out of mbufs/etc.
989 * 1 Success
990 *
991 * Imputed: (*error_out) errno for error
992 * ENOBUFS
993 * sflt_data_in:??? [whatever a filter author chooses]
994 */
995 int
996 sbappendaddr(struct sockbuf *sb, struct sockaddr *asa, struct mbuf *m0,
997 struct mbuf *control, int *error_out)
998 {
999 int result = 0;
1000 boolean_t sb_unix = (sb->sb_flags & SB_UNIX);
1001
1002 if (error_out)
1003 *error_out = 0;
1004
1005 if (m0 && (m0->m_flags & M_PKTHDR) == 0)
1006 panic("sbappendaddrorfree");
1007
1008 if (sb->sb_flags & SB_DROP) {
1009 if (m0 != NULL)
1010 m_freem(m0);
1011 if (control != NULL && !sb_unix)
1012 m_freem(control);
1013 if (error_out != NULL)
1014 *error_out = EINVAL;
1015 return (0);
1016 }
1017
1018 /* Call socket data in filters */
1019 if ((sb->sb_flags & SB_RECV) != 0) {
1020 int error;
1021 error = sflt_data_in(sb->sb_so, asa, &m0, &control, 0, NULL);
1022 SBLASTRECORDCHK(sb, __func__);
1023 if (error) {
1024 if (error != EJUSTRETURN) {
1025 if (m0)
1026 m_freem(m0);
1027 if (control != NULL && !sb_unix)
1028 m_freem(control);
1029 if (error_out)
1030 *error_out = error;
1031 }
1032 return (0);
1033 }
1034 }
1035
1036 result = sbappendaddr_internal(sb, asa, m0, control);
1037 if (result == 0) {
1038 if (m0)
1039 m_freem(m0);
1040 if (control != NULL && !sb_unix)
1041 m_freem(control);
1042 if (error_out)
1043 *error_out = ENOBUFS;
1044 }
1045
1046 return (result);
1047 }
1048
1049 static int
1050 sbappendcontrol_internal(struct sockbuf *sb, struct mbuf *m0,
1051 struct mbuf *control)
1052 {
1053 struct mbuf *m, *mlast, *n;
1054 int space = 0;
1055
1056 if (control == 0)
1057 panic("sbappendcontrol");
1058
1059 for (m = control; ; m = m->m_next) {
1060 space += m->m_len;
1061 if (m->m_next == 0)
1062 break;
1063 }
1064 n = m; /* save pointer to last control buffer */
1065 for (m = m0; m; m = m->m_next)
1066 space += m->m_len;
1067 if (space > sbspace(sb) && !(sb->sb_flags & SB_UNIX))
1068 return (0);
1069 n->m_next = m0; /* concatenate data to control */
1070
1071 SBLASTRECORDCHK(sb, "sbappendcontrol 1");
1072
1073 for (m = control; m->m_next != NULL; m = m->m_next)
1074 sballoc(sb, m);
1075 sballoc(sb, m);
1076 mlast = m;
1077
1078 if (sb->sb_lastrecord != NULL) {
1079 sb->sb_lastrecord->m_nextpkt = control;
1080 } else {
1081 sb->sb_mb = control;
1082 }
1083 sb->sb_lastrecord = control;
1084 sb->sb_mbtail = mlast;
1085
1086 SBLASTMBUFCHK(sb, __func__);
1087 SBLASTRECORDCHK(sb, "sbappendcontrol 2");
1088
1089 postevent(0, sb, EV_RWBYTES);
1090 return (1);
1091 }
1092
1093 int
1094 sbappendcontrol(struct sockbuf *sb, struct mbuf *m0, struct mbuf *control,
1095 int *error_out)
1096 {
1097 int result = 0;
1098 boolean_t sb_unix = (sb->sb_flags & SB_UNIX);
1099
1100 if (error_out)
1101 *error_out = 0;
1102
1103 if (sb->sb_flags & SB_DROP) {
1104 if (m0 != NULL)
1105 m_freem(m0);
1106 if (control != NULL && !sb_unix)
1107 m_freem(control);
1108 if (error_out != NULL)
1109 *error_out = EINVAL;
1110 return (0);
1111 }
1112
1113 if (sb->sb_flags & SB_RECV) {
1114 int error;
1115
1116 error = sflt_data_in(sb->sb_so, NULL, &m0, &control, 0, NULL);
1117 SBLASTRECORDCHK(sb, __func__);
1118 if (error) {
1119 if (error != EJUSTRETURN) {
1120 if (m0)
1121 m_freem(m0);
1122 if (control != NULL && !sb_unix)
1123 m_freem(control);
1124 if (error_out)
1125 *error_out = error;
1126 }
1127 return (0);
1128 }
1129 }
1130
1131 result = sbappendcontrol_internal(sb, m0, control);
1132 if (result == 0) {
1133 if (m0)
1134 m_freem(m0);
1135 if (control != NULL && !sb_unix)
1136 m_freem(control);
1137 if (error_out)
1138 *error_out = ENOBUFS;
1139 }
1140
1141 return (result);
1142 }
1143
1144 /*
1145 * Compress mbuf chain m into the socket
1146 * buffer sb following mbuf n. If n
1147 * is null, the buffer is presumed empty.
1148 */
1149 static inline void
1150 sbcompress(struct sockbuf *sb, struct mbuf *m, struct mbuf *n)
1151 {
1152 int eor = 0;
1153 struct mbuf *o;
1154
1155 if (m == NULL) {
1156 /* There is nothing to compress; just update the tail */
1157 for (; n->m_next != NULL; n = n->m_next)
1158 ;
1159 sb->sb_mbtail = n;
1160 goto done;
1161 }
1162
1163 while (m) {
1164 eor |= m->m_flags & M_EOR;
1165 if (m->m_len == 0 && (eor == 0 ||
1166 (((o = m->m_next) || (o = n)) && o->m_type == m->m_type))) {
1167 if (sb->sb_lastrecord == m)
1168 sb->sb_lastrecord = m->m_next;
1169 m = m_free(m);
1170 continue;
1171 }
1172 if (n && (n->m_flags & M_EOR) == 0 &&
1173 #ifndef __APPLE__
1174 M_WRITABLE(n) &&
1175 #endif
1176 m->m_len <= MCLBYTES / 4 && /* XXX: Don't copy too much */
1177 m->m_len <= M_TRAILINGSPACE(n) &&
1178 n->m_type == m->m_type) {
1179 bcopy(mtod(m, caddr_t), mtod(n, caddr_t) + n->m_len,
1180 (unsigned)m->m_len);
1181 n->m_len += m->m_len;
1182 sb->sb_cc += m->m_len;
1183 if (m->m_type != MT_DATA && m->m_type != MT_HEADER &&
1184 m->m_type != MT_OOBDATA)
1185 /* XXX: Probably don't need.*/
1186 sb->sb_ctl += m->m_len;
1187 m = m_free(m);
1188 continue;
1189 }
1190 if (n)
1191 n->m_next = m;
1192 else
1193 sb->sb_mb = m;
1194 sb->sb_mbtail = m;
1195 sballoc(sb, m);
1196 n = m;
1197 m->m_flags &= ~M_EOR;
1198 m = m->m_next;
1199 n->m_next = 0;
1200 }
1201 if (eor) {
1202 if (n)
1203 n->m_flags |= eor;
1204 else
1205 printf("semi-panic: sbcompress\n");
1206 }
1207 done:
1208 SBLASTMBUFCHK(sb, __func__);
1209 postevent(0, sb, EV_RWBYTES);
1210 }
1211
1212 void
1213 sb_empty_assert(struct sockbuf *sb, const char *where)
1214 {
1215 if (!(sb->sb_cc == 0 && sb->sb_mb == NULL && sb->sb_mbcnt == 0 &&
1216 sb->sb_mbtail == NULL && sb->sb_lastrecord == NULL)) {
1217 panic("%s: sb %p so %p cc %ld mbcnt %ld mb %p mbtail %p "
1218 "lastrecord %p\n", where, sb, sb->sb_so, sb->sb_cc,
1219 sb->sb_mbcnt, sb->sb_mb, sb->sb_mbtail, sb->sb_lastrecord);
1220 /* NOTREACHED */
1221 }
1222 }
1223
1224 /*
1225 * Free all mbufs in a sockbuf.
1226 * Check that all resources are reclaimed.
1227 */
1228 void
1229 sbflush(struct sockbuf *sb)
1230 {
1231 if (sb->sb_so == NULL)
1232 panic("sbflush sb->sb_so already null sb=%p\n", sb);
1233 (void) sblock(sb, M_WAIT);
1234 while (sb->sb_mbcnt) {
1235 /*
1236 * Don't call sbdrop(sb, 0) if the leading mbuf is non-empty:
1237 * we would loop forever. Panic instead.
1238 */
1239 if (!sb->sb_cc && (sb->sb_mb == NULL || sb->sb_mb->m_len))
1240 break;
1241 sbdrop(sb, (int)sb->sb_cc);
1242 }
1243 sb_empty_assert(sb, __func__);
1244 postevent(0, sb, EV_RWBYTES);
1245 sbunlock(sb, 1); /* keep socket locked */
1246
1247 }
1248
1249 /*
1250 * Drop data from (the front of) a sockbuf.
1251 * use m_freem_list to free the mbuf structures
1252 * under a single lock... this is done by pruning
1253 * the top of the tree from the body by keeping track
1254 * of where we get to in the tree and then zeroing the
1255 * two pertinent pointers m_nextpkt and m_next
1256 * the socket buffer is then updated to point at the new
1257 * top of the tree and the pruned area is released via
1258 * m_freem_list.
1259 */
1260 void
1261 sbdrop(struct sockbuf *sb, int len)
1262 {
1263 struct mbuf *m, *free_list, *ml;
1264 struct mbuf *next, *last;
1265
1266 KERNEL_DEBUG((DBG_FNC_SBDROP | DBG_FUNC_START), sb, len, 0, 0, 0);
1267
1268 next = (m = sb->sb_mb) ? m->m_nextpkt : 0;
1269 free_list = last = m;
1270 ml = (struct mbuf *)0;
1271
1272 while (len > 0) {
1273 if (m == 0) {
1274 if (next == 0) {
1275 /*
1276 * temporarily replacing this panic with printf
1277 * because it occurs occasionally when closing
1278 * a socket when there is no harm in ignoring
1279 * it. This problem will be investigated
1280 * further.
1281 */
1282 /* panic("sbdrop"); */
1283 printf("sbdrop - count not zero\n");
1284 len = 0;
1285 /*
1286 * zero the counts. if we have no mbufs,
1287 * we have no data (PR-2986815)
1288 */
1289 sb->sb_cc = 0;
1290 sb->sb_mbcnt = 0;
1291 break;
1292 }
1293 m = last = next;
1294 next = m->m_nextpkt;
1295 continue;
1296 }
1297 if (m->m_len > len) {
1298 m->m_len -= len;
1299 m->m_data += len;
1300 sb->sb_cc -= len;
1301 if (m->m_type != MT_DATA && m->m_type != MT_HEADER &&
1302 m->m_type != MT_OOBDATA)
1303 sb->sb_ctl -= len;
1304 break;
1305 }
1306 len -= m->m_len;
1307 sbfree(sb, m);
1308
1309 ml = m;
1310 m = m->m_next;
1311 }
1312 while (m && m->m_len == 0) {
1313 sbfree(sb, m);
1314
1315 ml = m;
1316 m = m->m_next;
1317 }
1318 if (ml) {
1319 ml->m_next = (struct mbuf *)0;
1320 last->m_nextpkt = (struct mbuf *)0;
1321 m_freem_list(free_list);
1322 }
1323 if (m) {
1324 sb->sb_mb = m;
1325 m->m_nextpkt = next;
1326 } else {
1327 sb->sb_mb = next;
1328 }
1329
1330 /*
1331 * First part is an inline SB_EMPTY_FIXUP(). Second part
1332 * makes sure sb_lastrecord is up-to-date if we dropped
1333 * part of the last record.
1334 */
1335 m = sb->sb_mb;
1336 if (m == NULL) {
1337 sb->sb_mbtail = NULL;
1338 sb->sb_lastrecord = NULL;
1339 } else if (m->m_nextpkt == NULL) {
1340 sb->sb_lastrecord = m;
1341 }
1342
1343 postevent(0, sb, EV_RWBYTES);
1344
1345 KERNEL_DEBUG((DBG_FNC_SBDROP | DBG_FUNC_END), sb, 0, 0, 0, 0);
1346 }
1347
1348 /*
1349 * Drop a record off the front of a sockbuf
1350 * and move the next record to the front.
1351 */
1352 void
1353 sbdroprecord(struct sockbuf *sb)
1354 {
1355 struct mbuf *m, *mn;
1356
1357 m = sb->sb_mb;
1358 if (m) {
1359 sb->sb_mb = m->m_nextpkt;
1360 do {
1361 sbfree(sb, m);
1362 MFREE(m, mn);
1363 m = mn;
1364 } while (m);
1365 }
1366 SB_EMPTY_FIXUP(sb);
1367 postevent(0, sb, EV_RWBYTES);
1368 }
1369
1370 /*
1371 * Create a "control" mbuf containing the specified data
1372 * with the specified type for presentation on a socket buffer.
1373 */
1374 struct mbuf *
1375 sbcreatecontrol(caddr_t p, int size, int type, int level)
1376 {
1377 struct cmsghdr *cp;
1378 struct mbuf *m;
1379
1380 if (CMSG_SPACE((u_int)size) > MLEN)
1381 return ((struct mbuf *)NULL);
1382 if ((m = m_get(M_DONTWAIT, MT_CONTROL)) == NULL)
1383 return ((struct mbuf *)NULL);
1384 cp = mtod(m, struct cmsghdr *);
1385 /* XXX check size? */
1386 (void) memcpy(CMSG_DATA(cp), p, size);
1387 m->m_len = CMSG_SPACE(size);
1388 cp->cmsg_len = CMSG_LEN(size);
1389 cp->cmsg_level = level;
1390 cp->cmsg_type = type;
1391 return (m);
1392 }
1393
1394 /*
1395 * Some routines that return EOPNOTSUPP for entry points that are not
1396 * supported by a protocol. Fill in as needed.
1397 */
1398 int
1399 pru_abort_notsupp(__unused struct socket *so)
1400 {
1401 return (EOPNOTSUPP);
1402 }
1403
1404 int
1405 pru_accept_notsupp(__unused struct socket *so, __unused struct sockaddr **nam)
1406 {
1407 return (EOPNOTSUPP);
1408 }
1409
1410 int
1411 pru_attach_notsupp(__unused struct socket *so, __unused int proto,
1412 __unused struct proc *p)
1413 {
1414 return (EOPNOTSUPP);
1415 }
1416
1417 int
1418 pru_bind_notsupp(__unused struct socket *so, __unused struct sockaddr *nam,
1419 __unused struct proc *p)
1420 {
1421 return (EOPNOTSUPP);
1422 }
1423
1424 int
1425 pru_connect_notsupp(__unused struct socket *so, __unused struct sockaddr *nam,
1426 __unused struct proc *p)
1427 {
1428 return (EOPNOTSUPP);
1429 }
1430
1431 int
1432 pru_connect2_notsupp(__unused struct socket *so1, __unused struct socket *so2)
1433 {
1434 return (EOPNOTSUPP);
1435 }
1436
1437 int
1438 pru_control_notsupp(__unused struct socket *so, __unused u_long cmd,
1439 __unused caddr_t data, __unused struct ifnet *ifp, __unused struct proc *p)
1440 {
1441 return (EOPNOTSUPP);
1442 }
1443
1444 int
1445 pru_detach_notsupp(__unused struct socket *so)
1446 {
1447 return (EOPNOTSUPP);
1448 }
1449
1450 int
1451 pru_disconnect_notsupp(__unused struct socket *so)
1452 {
1453 return (EOPNOTSUPP);
1454 }
1455
1456 int
1457 pru_listen_notsupp(__unused struct socket *so, __unused struct proc *p)
1458 {
1459 return (EOPNOTSUPP);
1460 }
1461
1462 int
1463 pru_peeraddr_notsupp(__unused struct socket *so, __unused struct sockaddr **nam)
1464 {
1465 return (EOPNOTSUPP);
1466 }
1467
1468 int
1469 pru_rcvd_notsupp(__unused struct socket *so, __unused int flags)
1470 {
1471 return (EOPNOTSUPP);
1472 }
1473
1474 int
1475 pru_rcvoob_notsupp(__unused struct socket *so, __unused struct mbuf *m,
1476 __unused int flags)
1477 {
1478 return (EOPNOTSUPP);
1479 }
1480
1481 int
1482 pru_send_notsupp(__unused struct socket *so, __unused int flags,
1483 __unused struct mbuf *m, __unused struct sockaddr *addr,
1484 __unused struct mbuf *control, __unused struct proc *p)
1485
1486 {
1487 return (EOPNOTSUPP);
1488 }
1489
1490
1491 /*
1492 * This isn't really a ``null'' operation, but it's the default one
1493 * and doesn't do anything destructive.
1494 */
1495 int
1496 pru_sense_null(struct socket *so, void *ub, int isstat64)
1497 {
1498 if (isstat64 != 0) {
1499 struct stat64 *sb64;
1500
1501 sb64 = (struct stat64 *)ub;
1502 sb64->st_blksize = so->so_snd.sb_hiwat;
1503 } else {
1504 struct stat *sb;
1505
1506 sb = (struct stat *)ub;
1507 sb->st_blksize = so->so_snd.sb_hiwat;
1508 }
1509
1510 return (0);
1511 }
1512
1513
1514 int
1515 pru_sosend_notsupp(__unused struct socket *so, __unused struct sockaddr *addr,
1516 __unused struct uio *uio, __unused struct mbuf *top,
1517 __unused struct mbuf *control, __unused int flags)
1518
1519 {
1520 return (EOPNOTSUPP);
1521 }
1522
1523 int
1524 pru_soreceive_notsupp(__unused struct socket *so,
1525 __unused struct sockaddr **paddr,
1526 __unused struct uio *uio, __unused struct mbuf **mp0,
1527 __unused struct mbuf **controlp, __unused int *flagsp)
1528 {
1529 return (EOPNOTSUPP);
1530 }
1531
1532 int
1533 pru_shutdown_notsupp(__unused struct socket *so)
1534 {
1535 return (EOPNOTSUPP);
1536 }
1537
1538 int
1539 pru_sockaddr_notsupp(__unused struct socket *so, __unused struct sockaddr **nam)
1540 {
1541 return (EOPNOTSUPP);
1542 }
1543
1544 int
1545 pru_sopoll_notsupp(__unused struct socket *so, __unused int events,
1546 __unused kauth_cred_t cred, __unused void *wql)
1547 {
1548 return (EOPNOTSUPP);
1549 }
1550
1551
1552 #ifdef __APPLE__
1553 /*
1554 * The following are macros on BSD and functions on Darwin
1555 */
1556
1557 /*
1558 * Do we need to notify the other side when I/O is possible?
1559 */
1560
1561 int
1562 sb_notify(struct sockbuf *sb)
1563 {
1564 return ((sb->sb_flags &
1565 (SB_WAIT|SB_SEL|SB_ASYNC|SB_UPCALL|SB_KNOTE)) != 0);
1566 }
1567
1568 /*
1569 * How much space is there in a socket buffer (so->so_snd or so->so_rcv)?
1570 * This is problematical if the fields are unsigned, as the space might
1571 * still be negative (cc > hiwat or mbcnt > mbmax). Should detect
1572 * overflow and return 0. Should use "lmin" but it doesn't exist now.
1573 */
1574 long
1575 sbspace(struct sockbuf *sb)
1576 {
1577 return ((long)imin((int)(sb->sb_hiwat - sb->sb_cc),
1578 (int)(sb->sb_mbmax - sb->sb_mbcnt)));
1579 }
1580
1581 /* do we have to send all at once on a socket? */
1582 int
1583 sosendallatonce(struct socket *so)
1584 {
1585 return (so->so_proto->pr_flags & PR_ATOMIC);
1586 }
1587
1588 /* can we read something from so? */
1589 int
1590 soreadable(struct socket *so)
1591 {
1592 return (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat ||
1593 (so->so_state & SS_CANTRCVMORE) ||
1594 so->so_comp.tqh_first || so->so_error);
1595 }
1596
1597 /* can we write something to so? */
1598
1599 int
1600 sowriteable(struct socket *so)
1601 {
1602 return ((sbspace(&(so)->so_snd) >= (long)(so)->so_snd.sb_lowat &&
1603 ((so->so_state&SS_ISCONNECTED) ||
1604 (so->so_proto->pr_flags&PR_CONNREQUIRED) == 0)) ||
1605 (so->so_state & SS_CANTSENDMORE) ||
1606 so->so_error);
1607 }
1608
1609 /* adjust counters in sb reflecting allocation of m */
1610
1611 void
1612 sballoc(struct sockbuf *sb, struct mbuf *m)
1613 {
1614 int cnt = 1;
1615 sb->sb_cc += m->m_len;
1616 if (m->m_type != MT_DATA && m->m_type != MT_HEADER &&
1617 m->m_type != MT_OOBDATA)
1618 sb->sb_ctl += m->m_len;
1619 sb->sb_mbcnt += MSIZE;
1620
1621 if (m->m_flags & M_EXT) {
1622 sb->sb_mbcnt += m->m_ext.ext_size;
1623 cnt += m->m_ext.ext_size / MSIZE ;
1624 }
1625 OSAddAtomic(cnt, (SInt32*)&total_mb_cnt);
1626 }
1627
1628 /* adjust counters in sb reflecting freeing of m */
1629 void
1630 sbfree(struct sockbuf *sb, struct mbuf *m)
1631 {
1632 int cnt = -1;
1633 sb->sb_cc -= m->m_len;
1634 if (m->m_type != MT_DATA && m->m_type != MT_HEADER &&
1635 m->m_type != MT_OOBDATA)
1636 sb->sb_ctl -= m->m_len;
1637 sb->sb_mbcnt -= MSIZE;
1638 if (m->m_flags & M_EXT) {
1639 sb->sb_mbcnt -= m->m_ext.ext_size;
1640 cnt -= m->m_ext.ext_size / MSIZE ;
1641 }
1642 OSAddAtomic(cnt, (SInt32*)&total_mb_cnt);
1643 }
1644
1645 /*
1646 * Set lock on sockbuf sb; sleep if lock is already held.
1647 * Unless SB_NOINTR is set on sockbuf, sleep is interruptible.
1648 * Returns error without lock if sleep is interrupted.
1649 *
1650 * Returns: 0 Success
1651 * EWOULDBLOCK
1652 * sb_lock:EINTR
1653 */
1654 int
1655 sblock(struct sockbuf *sb, int wf)
1656 {
1657 int error = 0;
1658
1659 if (sb->sb_flags & SB_LOCK)
1660 error = (wf == M_WAIT) ? sb_lock(sb) : EWOULDBLOCK;
1661 else
1662 sb->sb_flags |= SB_LOCK;
1663
1664 return (error);
1665 }
1666
1667 /* release lock on sockbuf sb */
1668 void
1669 sbunlock(struct sockbuf *sb, int keeplocked)
1670 {
1671 struct socket *so = sb->sb_so;
1672 int lr_saved;
1673 lck_mtx_t *mutex_held;
1674
1675 lr_saved = (unsigned int) __builtin_return_address(0);
1676
1677 sb->sb_flags &= ~SB_LOCK;
1678
1679 if (sb->sb_flags & SB_WANT) {
1680 sb->sb_flags &= ~SB_WANT;
1681 if (so->so_usecount < 0)
1682 panic("sbunlock: b4 wakeup so=%p ref=%d lr=%x "
1683 "sb_flags=%x\n", sb->sb_so, so->so_usecount,
1684 lr_saved, sb->sb_flags);
1685
1686 wakeup((caddr_t)&(sb)->sb_flags);
1687 }
1688 if (keeplocked == 0) { /* unlock on exit */
1689 if (so->so_proto->pr_getlock != NULL)
1690 mutex_held = (*so->so_proto->pr_getlock)(so, 0);
1691 else
1692 mutex_held = so->so_proto->pr_domain->dom_mtx;
1693
1694 lck_mtx_assert(mutex_held, LCK_MTX_ASSERT_OWNED);
1695
1696 so->so_usecount--;
1697 if (so->so_usecount < 0)
1698 panic("sbunlock: unlock on exit so=%p ref=%d lr=%x "
1699 "sb_flags=%x\n", so, so->so_usecount, lr_saved,
1700 sb->sb_flags);
1701 so->unlock_lr[so->next_unlock_lr] = (u_int32_t)lr_saved;
1702 so->next_unlock_lr = (so->next_unlock_lr+1) % SO_LCKDBG_MAX;
1703 lck_mtx_unlock(mutex_held);
1704 }
1705 }
1706
1707 void
1708 sorwakeup(struct socket *so)
1709 {
1710 if (sb_notify(&so->so_rcv))
1711 sowakeup(so, &so->so_rcv);
1712 }
1713
1714 void
1715 sowwakeup(struct socket *so)
1716 {
1717 if (sb_notify(&so->so_snd))
1718 sowakeup(so, &so->so_snd);
1719 }
1720 #endif /* __APPLE__ */
1721
1722 /*
1723 * Make a copy of a sockaddr in a malloced buffer of type M_SONAME.
1724 */
1725 struct sockaddr *
1726 dup_sockaddr(struct sockaddr *sa, int canwait)
1727 {
1728 struct sockaddr *sa2;
1729
1730 MALLOC(sa2, struct sockaddr *, sa->sa_len, M_SONAME,
1731 canwait ? M_WAITOK : M_NOWAIT);
1732 if (sa2)
1733 bcopy(sa, sa2, sa->sa_len);
1734 return (sa2);
1735 }
1736
1737 /*
1738 * Create an external-format (``xsocket'') structure using the information
1739 * in the kernel-format socket structure pointed to by so. This is done
1740 * to reduce the spew of irrelevant information over this interface,
1741 * to isolate user code from changes in the kernel structure, and
1742 * potentially to provide information-hiding if we decide that
1743 * some of this information should be hidden from users.
1744 */
1745 void
1746 sotoxsocket(struct socket *so, struct xsocket *xso)
1747 {
1748 xso->xso_len = sizeof (*xso);
1749 xso->xso_so = so;
1750 xso->so_type = so->so_type;
1751 xso->so_options = so->so_options;
1752 xso->so_linger = so->so_linger;
1753 xso->so_state = so->so_state;
1754 xso->so_pcb = so->so_pcb;
1755 if (so->so_proto) {
1756 xso->xso_protocol = so->so_proto->pr_protocol;
1757 xso->xso_family = so->so_proto->pr_domain->dom_family;
1758 } else {
1759 xso->xso_protocol = xso->xso_family = 0;
1760 }
1761 xso->so_qlen = so->so_qlen;
1762 xso->so_incqlen = so->so_incqlen;
1763 xso->so_qlimit = so->so_qlimit;
1764 xso->so_timeo = so->so_timeo;
1765 xso->so_error = so->so_error;
1766 xso->so_pgid = so->so_pgid;
1767 xso->so_oobmark = so->so_oobmark;
1768 sbtoxsockbuf(&so->so_snd, &xso->so_snd);
1769 sbtoxsockbuf(&so->so_rcv, &xso->so_rcv);
1770 xso->so_uid = so->so_uid;
1771 }
1772
1773 /*
1774 * This does the same for sockbufs. Note that the xsockbuf structure,
1775 * since it is always embedded in a socket, does not include a self
1776 * pointer nor a length. We make this entry point public in case
1777 * some other mechanism needs it.
1778 */
1779 void
1780 sbtoxsockbuf(struct sockbuf *sb, struct xsockbuf *xsb)
1781 {
1782 xsb->sb_cc = sb->sb_cc;
1783 xsb->sb_hiwat = sb->sb_hiwat;
1784 xsb->sb_mbcnt = sb->sb_mbcnt;
1785 xsb->sb_mbmax = sb->sb_mbmax;
1786 xsb->sb_lowat = sb->sb_lowat;
1787 xsb->sb_flags = sb->sb_flags;
1788 xsb->sb_timeo = (u_long)
1789 (sb->sb_timeo.tv_sec * hz) + sb->sb_timeo.tv_usec / tick;
1790 if (xsb->sb_timeo == 0 && sb->sb_timeo.tv_usec != 0)
1791 xsb->sb_timeo = 1;
1792 }
1793
1794 /*
1795 * Here is the definition of some of the basic objects in the kern.ipc
1796 * branch of the MIB.
1797 */
1798 SYSCTL_NODE(_kern, KERN_IPC, ipc, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "IPC");
1799
1800 /* This takes the place of kern.maxsockbuf, which moved to kern.ipc. */
1801 static int dummy;
1802 SYSCTL_INT(_kern, KERN_DUMMY, dummy, CTLFLAG_RW, &dummy, 0, "");
1803
1804 SYSCTL_INT(_kern_ipc, KIPC_MAXSOCKBUF, maxsockbuf, CTLFLAG_RW,
1805 &sb_max, 0, "Maximum socket buffer size");
1806 SYSCTL_INT(_kern_ipc, OID_AUTO, maxsockets, CTLFLAG_RD,
1807 &maxsockets, 0, "Maximum number of sockets avaliable");
1808 SYSCTL_INT(_kern_ipc, KIPC_SOCKBUF_WASTE, sockbuf_waste_factor, CTLFLAG_RW,
1809 &sb_efficiency, 0, "");
1810 SYSCTL_INT(_kern_ipc, OID_AUTO, sbspace_factor, CTLFLAG_RW,
1811 &sbspace_factor, 0, "Ratio of mbuf/cluster use for socket layers");
1812 SYSCTL_INT(_kern_ipc, KIPC_NMBCLUSTERS, nmbclusters, CTLFLAG_RD,
1813 &nmbclusters, 0, "");
1814 SYSCTL_INT(_kern_ipc, OID_AUTO, njcl, CTLFLAG_RD, &njcl, 0, "");
1815 SYSCTL_INT(_kern_ipc, OID_AUTO, njclbytes, CTLFLAG_RD, &njclbytes, 0, "");
1816 SYSCTL_INT(_kern_ipc, KIPC_SOQLIMITCOMPAT, soqlimitcompat, CTLFLAG_RW,
1817 &soqlimitcompat, 1, "Enable socket queue limit compatibility");
1818 SYSCTL_INT(_kern_ipc, OID_AUTO, soqlencomp, CTLFLAG_RW,
1819 &soqlencomp, 0, "Listen backlog represents only complete queue");
mirror of XNU