]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/uipc_syscalls.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-3248.20.55.tar.gz
[apple/xnu.git] / bsd / kern / uipc_syscalls.c
1 /*
2 * Copyright (c) 2000-2015 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1982, 1986, 1989, 1990, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * sendfile(2) and related extensions:
33 * Copyright (c) 1998, David Greenman. All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. All advertising materials mentioning features or use of this software
44 * must display the following acknowledgement:
45 * This product includes software developed by the University of
46 * California, Berkeley and its contributors.
47 * 4. Neither the name of the University nor the names of its contributors
48 * may be used to endorse or promote products derived from this software
49 * without specific prior written permission.
50 *
51 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
52 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
53 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
55 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
56 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
57 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
59 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
60 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
61 * SUCH DAMAGE.
62 *
63 * @(#)uipc_syscalls.c 8.4 (Berkeley) 2/21/94
64 */
65 /*
66 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
67 * support for mandatory and extensible security protections. This notice
68 * is included in support of clause 2.2 (b) of the Apple Public License,
69 * Version 2.0.
70 */
71
72 #include <sys/param.h>
73 #include <sys/systm.h>
74 #include <sys/filedesc.h>
75 #include <sys/proc_internal.h>
76 #include <sys/file_internal.h>
77 #include <sys/vnode_internal.h>
78 #include <sys/malloc.h>
79 #include <sys/mcache.h>
80 #include <sys/mbuf.h>
81 #include <kern/locks.h>
82 #include <sys/domain.h>
83 #include <sys/protosw.h>
84 #include <sys/signalvar.h>
85 #include <sys/socket.h>
86 #include <sys/socketvar.h>
87 #include <sys/kernel.h>
88 #include <sys/uio_internal.h>
89 #include <sys/kauth.h>
90 #include <kern/task.h>
91 #include <sys/priv.h>
92 #include <sys/sysctl.h>
93
94 #include <security/audit/audit.h>
95
96 #include <sys/kdebug.h>
97 #include <sys/sysproto.h>
98 #include <netinet/in.h>
99 #include <net/route.h>
100 #include <netinet/in_pcb.h>
101
102 #if CONFIG_MACF_SOCKET_SUBSET
103 #include <security/mac_framework.h>
104 #endif /* MAC_SOCKET_SUBSET */
105
106 #define f_flag f_fglob->fg_flag
107 #define f_type f_fglob->fg_ops->fo_type
108 #define f_msgcount f_fglob->fg_msgcount
109 #define f_cred f_fglob->fg_cred
110 #define f_ops f_fglob->fg_ops
111 #define f_offset f_fglob->fg_offset
112 #define f_data f_fglob->fg_data
113
114 #define DBG_LAYER_IN_BEG NETDBG_CODE(DBG_NETSOCK, 0)
115 #define DBG_LAYER_IN_END NETDBG_CODE(DBG_NETSOCK, 2)
116 #define DBG_LAYER_OUT_BEG NETDBG_CODE(DBG_NETSOCK, 1)
117 #define DBG_LAYER_OUT_END NETDBG_CODE(DBG_NETSOCK, 3)
118 #define DBG_FNC_SENDMSG NETDBG_CODE(DBG_NETSOCK, (1 << 8) | 1)
119 #define DBG_FNC_SENDTO NETDBG_CODE(DBG_NETSOCK, (2 << 8) | 1)
120 #define DBG_FNC_SENDIT NETDBG_CODE(DBG_NETSOCK, (3 << 8) | 1)
121 #define DBG_FNC_RECVFROM NETDBG_CODE(DBG_NETSOCK, (5 << 8))
122 #define DBG_FNC_RECVMSG NETDBG_CODE(DBG_NETSOCK, (6 << 8))
123 #define DBG_FNC_RECVIT NETDBG_CODE(DBG_NETSOCK, (7 << 8))
124 #define DBG_FNC_SENDFILE NETDBG_CODE(DBG_NETSOCK, (10 << 8))
125 #define DBG_FNC_SENDFILE_WAIT NETDBG_CODE(DBG_NETSOCK, ((10 << 8) | 1))
126 #define DBG_FNC_SENDFILE_READ NETDBG_CODE(DBG_NETSOCK, ((10 << 8) | 2))
127 #define DBG_FNC_SENDFILE_SEND NETDBG_CODE(DBG_NETSOCK, ((10 << 8) | 3))
128 #define DBG_FNC_SENDMSG_X NETDBG_CODE(DBG_NETSOCK, (11 << 8))
129 #define DBG_FNC_RECVMSG_X NETDBG_CODE(DBG_NETSOCK, (12 << 8))
130
131 #if DEBUG || DEVELOPMENT
132 #define DEBUG_KERNEL_ADDRPERM(_v) (_v)
133 #define DBG_PRINTF(...) printf(__VA_ARGS__)
134 #else
135 #define DEBUG_KERNEL_ADDRPERM(_v) VM_KERNEL_ADDRPERM(_v)
136 #define DBG_PRINTF(...) do { } while (0)
137 #endif
138
139 /* TODO: should be in header file */
140 int falloc_locked(proc_t, struct fileproc **, int *, vfs_context_t, int);
141
142 static int sendit(struct proc *, struct socket *, struct user_msghdr *, uio_t,
143 int, int32_t *);
144 static int recvit(struct proc *, int, struct user_msghdr *, uio_t, user_addr_t,
145 int32_t *);
146 static int connectit(struct socket *, struct sockaddr *);
147 static int getsockaddr(struct socket *, struct sockaddr **, user_addr_t,
148 size_t, boolean_t);
149 static int getsockaddr_s(struct socket *, struct sockaddr_storage *,
150 user_addr_t, size_t, boolean_t);
151 static int getsockaddrlist(struct socket *, struct sockaddr_list **,
152 user_addr_t, socklen_t, boolean_t);
153 #if SENDFILE
154 static void alloc_sendpkt(int, size_t, unsigned int *, struct mbuf **,
155 boolean_t);
156 #endif /* SENDFILE */
157 static int connectx_nocancel(struct proc *, struct connectx_args *, int *);
158 static int connectitx(struct socket *, struct sockaddr_list **,
159 struct sockaddr_list **, struct proc *, uint32_t, sae_associd_t,
160 sae_connid_t *, uio_t, unsigned int, user_ssize_t *);
161 static int peeloff_nocancel(struct proc *, struct peeloff_args *, int *);
162 static int disconnectx_nocancel(struct proc *, struct disconnectx_args *,
163 int *);
164 static int socket_common(struct proc *, int, int, int, pid_t, int32_t *, int);
165
166 static int internalize_user_msghdr_array(const void *, int, int, u_int,
167 struct user_msghdr_x *, struct uio **);
168 static u_int externalize_user_msghdr_array(void *, int, int, u_int,
169 const struct user_msghdr_x *, struct uio **);
170
171 static void free_uio_array(struct uio **, u_int);
172 static int uio_array_is_valid(struct uio **, u_int);
173 static int recv_msg_array_is_valid(struct recv_msg_elem *, u_int);
174 static int internalize_recv_msghdr_array(const void *, int, int,
175 u_int, struct user_msghdr_x *, struct recv_msg_elem *);
176 static u_int externalize_recv_msghdr_array(void *, int, int, u_int,
177 const struct user_msghdr_x *, struct recv_msg_elem *);
178 static struct recv_msg_elem *alloc_recv_msg_array(u_int count);
179 static void free_recv_msg_array(struct recv_msg_elem *, u_int);
180
181 SYSCTL_DECL(_kern_ipc);
182
183 static u_int somaxsendmsgx = 100;
184 SYSCTL_UINT(_kern_ipc, OID_AUTO, maxsendmsgx,
185 CTLFLAG_RW | CTLFLAG_LOCKED, &somaxsendmsgx, 0, "");
186 static u_int somaxrecvmsgx = 100;
187 SYSCTL_UINT(_kern_ipc, OID_AUTO, maxrecvmsgx,
188 CTLFLAG_RW | CTLFLAG_LOCKED, &somaxrecvmsgx, 0, "");
189
190 /*
191 * System call interface to the socket abstraction.
192 */
193
194 extern const struct fileops socketops;
195
196 /*
197 * Returns: 0 Success
198 * EACCES Mandatory Access Control failure
199 * falloc:ENFILE
200 * falloc:EMFILE
201 * falloc:ENOMEM
202 * socreate:EAFNOSUPPORT
203 * socreate:EPROTOTYPE
204 * socreate:EPROTONOSUPPORT
205 * socreate:ENOBUFS
206 * socreate:ENOMEM
207 * socreate:??? [other protocol families, IPSEC]
208 */
209 int
210 socket(struct proc *p,
211 struct socket_args *uap,
212 int32_t *retval)
213 {
214 return (socket_common(p, uap->domain, uap->type, uap->protocol,
215 proc_selfpid(), retval, 0));
216 }
217
218 int
219 socket_delegate(struct proc *p,
220 struct socket_delegate_args *uap,
221 int32_t *retval)
222 {
223 return socket_common(p, uap->domain, uap->type, uap->protocol,
224 uap->epid, retval, 1);
225 }
226
227 static int
228 socket_common(struct proc *p,
229 int domain,
230 int type,
231 int protocol,
232 pid_t epid,
233 int32_t *retval,
234 int delegate)
235 {
236 struct socket *so;
237 struct fileproc *fp;
238 int fd, error;
239
240 AUDIT_ARG(socket, domain, type, protocol);
241 #if CONFIG_MACF_SOCKET_SUBSET
242 if ((error = mac_socket_check_create(kauth_cred_get(), domain,
243 type, protocol)) != 0)
244 return (error);
245 #endif /* MAC_SOCKET_SUBSET */
246
247 if (delegate) {
248 error = priv_check_cred(kauth_cred_get(),
249 PRIV_NET_PRIVILEGED_SOCKET_DELEGATE, 0);
250 if (error)
251 return (EACCES);
252 }
253
254 error = falloc(p, &fp, &fd, vfs_context_current());
255 if (error) {
256 return (error);
257 }
258 fp->f_flag = FREAD|FWRITE;
259 fp->f_ops = &socketops;
260
261 if (delegate)
262 error = socreate_delegate(domain, &so, type, protocol, epid);
263 else
264 error = socreate(domain, &so, type, protocol);
265
266 if (error) {
267 fp_free(p, fd, fp);
268 } else {
269 fp->f_data = (caddr_t)so;
270
271 proc_fdlock(p);
272 procfdtbl_releasefd(p, fd, NULL);
273
274 fp_drop(p, fd, fp, 1);
275 proc_fdunlock(p);
276
277 *retval = fd;
278 if (ENTR_SHOULDTRACE) {
279 KERNEL_ENERGYTRACE(kEnTrActKernSocket, DBG_FUNC_START,
280 fd, 0, (int64_t)VM_KERNEL_ADDRPERM(so));
281 }
282 }
283 return (error);
284 }
285
286 /*
287 * Returns: 0 Success
288 * EDESTADDRREQ Destination address required
289 * EBADF Bad file descriptor
290 * EACCES Mandatory Access Control failure
291 * file_socket:ENOTSOCK
292 * file_socket:EBADF
293 * getsockaddr:ENAMETOOLONG Filename too long
294 * getsockaddr:EINVAL Invalid argument
295 * getsockaddr:ENOMEM Not enough space
296 * getsockaddr:EFAULT Bad address
297 * sobindlock:???
298 */
299 /* ARGSUSED */
300 int
301 bind(__unused proc_t p, struct bind_args *uap, __unused int32_t *retval)
302 {
303 struct sockaddr_storage ss;
304 struct sockaddr *sa = NULL;
305 struct socket *so;
306 boolean_t want_free = TRUE;
307 int error;
308
309 AUDIT_ARG(fd, uap->s);
310 error = file_socket(uap->s, &so);
311 if (error != 0)
312 return (error);
313 if (so == NULL) {
314 error = EBADF;
315 goto out;
316 }
317 if (uap->name == USER_ADDR_NULL) {
318 error = EDESTADDRREQ;
319 goto out;
320 }
321 if (uap->namelen > sizeof (ss)) {
322 error = getsockaddr(so, &sa, uap->name, uap->namelen, TRUE);
323 } else {
324 error = getsockaddr_s(so, &ss, uap->name, uap->namelen, TRUE);
325 if (error == 0) {
326 sa = (struct sockaddr *)&ss;
327 want_free = FALSE;
328 }
329 }
330 if (error != 0)
331 goto out;
332 AUDIT_ARG(sockaddr, vfs_context_cwd(vfs_context_current()), sa);
333 #if CONFIG_MACF_SOCKET_SUBSET
334 if ((error = mac_socket_check_bind(kauth_cred_get(), so, sa)) == 0)
335 error = sobindlock(so, sa, 1); /* will lock socket */
336 #else
337 error = sobindlock(so, sa, 1); /* will lock socket */
338 #endif /* MAC_SOCKET_SUBSET */
339 if (want_free)
340 FREE(sa, M_SONAME);
341 out:
342 file_drop(uap->s);
343 return (error);
344 }
345
346 /*
347 * Returns: 0 Success
348 * EBADF
349 * EACCES Mandatory Access Control failure
350 * file_socket:ENOTSOCK
351 * file_socket:EBADF
352 * solisten:EINVAL
353 * solisten:EOPNOTSUPP
354 * solisten:???
355 */
356 int
357 listen(__unused struct proc *p, struct listen_args *uap,
358 __unused int32_t *retval)
359 {
360 int error;
361 struct socket *so;
362
363 AUDIT_ARG(fd, uap->s);
364 error = file_socket(uap->s, &so);
365 if (error)
366 return (error);
367 if (so != NULL)
368 #if CONFIG_MACF_SOCKET_SUBSET
369 {
370 error = mac_socket_check_listen(kauth_cred_get(), so);
371 if (error == 0)
372 error = solisten(so, uap->backlog);
373 }
374 #else
375 error = solisten(so, uap->backlog);
376 #endif /* MAC_SOCKET_SUBSET */
377 else
378 error = EBADF;
379
380 file_drop(uap->s);
381 return (error);
382 }
383
384 /*
385 * Returns: fp_getfsock:EBADF Bad file descriptor
386 * fp_getfsock:EOPNOTSUPP ...
387 * xlate => :ENOTSOCK Socket operation on non-socket
388 * :EFAULT Bad address on copyin/copyout
389 * :EBADF Bad file descriptor
390 * :EOPNOTSUPP Operation not supported on socket
391 * :EINVAL Invalid argument
392 * :EWOULDBLOCK Operation would block
393 * :ECONNABORTED Connection aborted
394 * :EINTR Interrupted function
395 * :EACCES Mandatory Access Control failure
396 * falloc_locked:ENFILE Too many files open in system
397 * falloc_locked::EMFILE Too many open files
398 * falloc_locked::ENOMEM Not enough space
399 * 0 Success
400 */
401 int
402 accept_nocancel(struct proc *p, struct accept_nocancel_args *uap,
403 int32_t *retval)
404 {
405 struct fileproc *fp;
406 struct sockaddr *sa = NULL;
407 socklen_t namelen;
408 int error;
409 struct socket *head, *so = NULL;
410 lck_mtx_t *mutex_held;
411 int fd = uap->s;
412 int newfd;
413 short fflag; /* type must match fp->f_flag */
414 int dosocklock = 0;
415
416 *retval = -1;
417
418 AUDIT_ARG(fd, uap->s);
419
420 if (uap->name) {
421 error = copyin(uap->anamelen, (caddr_t)&namelen,
422 sizeof (socklen_t));
423 if (error)
424 return (error);
425 }
426 error = fp_getfsock(p, fd, &fp, &head);
427 if (error) {
428 if (error == EOPNOTSUPP)
429 error = ENOTSOCK;
430 return (error);
431 }
432 if (head == NULL) {
433 error = EBADF;
434 goto out;
435 }
436 #if CONFIG_MACF_SOCKET_SUBSET
437 if ((error = mac_socket_check_accept(kauth_cred_get(), head)) != 0)
438 goto out;
439 #endif /* MAC_SOCKET_SUBSET */
440
441 socket_lock(head, 1);
442
443 if (head->so_proto->pr_getlock != NULL) {
444 mutex_held = (*head->so_proto->pr_getlock)(head, 0);
445 dosocklock = 1;
446 } else {
447 mutex_held = head->so_proto->pr_domain->dom_mtx;
448 dosocklock = 0;
449 }
450
451 if ((head->so_options & SO_ACCEPTCONN) == 0) {
452 if ((head->so_proto->pr_flags & PR_CONNREQUIRED) == 0) {
453 error = EOPNOTSUPP;
454 } else {
455 /* POSIX: The socket is not accepting connections */
456 error = EINVAL;
457 }
458 socket_unlock(head, 1);
459 goto out;
460 }
461 if ((head->so_state & SS_NBIO) && head->so_comp.tqh_first == NULL) {
462 socket_unlock(head, 1);
463 error = EWOULDBLOCK;
464 goto out;
465 }
466 while (TAILQ_EMPTY(&head->so_comp) && head->so_error == 0) {
467 if (head->so_state & SS_CANTRCVMORE) {
468 head->so_error = ECONNABORTED;
469 break;
470 }
471 if (head->so_usecount < 1)
472 panic("accept: head=%p refcount=%d\n", head,
473 head->so_usecount);
474 error = msleep((caddr_t)&head->so_timeo, mutex_held,
475 PSOCK | PCATCH, "accept", 0);
476 if (head->so_usecount < 1)
477 panic("accept: 2 head=%p refcount=%d\n", head,
478 head->so_usecount);
479 if ((head->so_state & SS_DRAINING)) {
480 error = ECONNABORTED;
481 }
482 if (error) {
483 socket_unlock(head, 1);
484 goto out;
485 }
486 }
487 if (head->so_error) {
488 error = head->so_error;
489 head->so_error = 0;
490 socket_unlock(head, 1);
491 goto out;
492 }
493
494
495 /*
496 * At this point we know that there is at least one connection
497 * ready to be accepted. Remove it from the queue prior to
498 * allocating the file descriptor for it since falloc() may
499 * block allowing another process to accept the connection
500 * instead.
501 */
502 lck_mtx_assert(mutex_held, LCK_MTX_ASSERT_OWNED);
503 so = TAILQ_FIRST(&head->so_comp);
504 TAILQ_REMOVE(&head->so_comp, so, so_list);
505 head->so_qlen--;
506 /* unlock head to avoid deadlock with select, keep a ref on head */
507 socket_unlock(head, 0);
508
509 #if CONFIG_MACF_SOCKET_SUBSET
510 /*
511 * Pass the pre-accepted socket to the MAC framework. This is
512 * cheaper than allocating a file descriptor for the socket,
513 * calling the protocol accept callback, and possibly freeing
514 * the file descriptor should the MAC check fails.
515 */
516 if ((error = mac_socket_check_accepted(kauth_cred_get(), so)) != 0) {
517 socket_lock(so, 1);
518 so->so_state &= ~(SS_NOFDREF | SS_COMP);
519 so->so_head = NULL;
520 socket_unlock(so, 1);
521 soclose(so);
522 /* Drop reference on listening socket */
523 sodereference(head);
524 goto out;
525 }
526 #endif /* MAC_SOCKET_SUBSET */
527
528 /*
529 * Pass the pre-accepted socket to any interested socket filter(s).
530 * Upon failure, the socket would have been closed by the callee.
531 */
532 if (so->so_filt != NULL && (error = soacceptfilter(so)) != 0) {
533 /* Drop reference on listening socket */
534 sodereference(head);
535 /* Propagate socket filter's error code to the caller */
536 goto out;
537 }
538
539 fflag = fp->f_flag;
540 error = falloc(p, &fp, &newfd, vfs_context_current());
541 if (error) {
542 /*
543 * Probably ran out of file descriptors.
544 *
545 * <rdar://problem/8554930>
546 * Don't put this back on the socket like we used to, that
547 * just causes the client to spin. Drop the socket.
548 */
549 socket_lock(so, 1);
550 so->so_state &= ~(SS_NOFDREF | SS_COMP);
551 so->so_head = NULL;
552 socket_unlock(so, 1);
553 soclose(so);
554 sodereference(head);
555 goto out;
556 }
557 *retval = newfd;
558 fp->f_flag = fflag;
559 fp->f_ops = &socketops;
560 fp->f_data = (caddr_t)so;
561
562 socket_lock(head, 0);
563 if (dosocklock)
564 socket_lock(so, 1);
565
566 so->so_state &= ~SS_COMP;
567 so->so_head = NULL;
568
569 /* Sync socket non-blocking/async state with file flags */
570 if (fp->f_flag & FNONBLOCK) {
571 so->so_state |= SS_NBIO;
572 } else {
573 so->so_state &= ~SS_NBIO;
574 }
575
576 if (fp->f_flag & FASYNC) {
577 so->so_state |= SS_ASYNC;
578 so->so_rcv.sb_flags |= SB_ASYNC;
579 so->so_snd.sb_flags |= SB_ASYNC;
580 } else {
581 so->so_state &= ~SS_ASYNC;
582 so->so_rcv.sb_flags &= ~SB_ASYNC;
583 so->so_snd.sb_flags &= ~SB_ASYNC;
584 }
585
586 (void) soacceptlock(so, &sa, 0);
587 socket_unlock(head, 1);
588 if (sa == NULL) {
589 namelen = 0;
590 if (uap->name)
591 goto gotnoname;
592 error = 0;
593 goto releasefd;
594 }
595 AUDIT_ARG(sockaddr, vfs_context_cwd(vfs_context_current()), sa);
596
597 if (uap->name) {
598 socklen_t sa_len;
599
600 /* save sa_len before it is destroyed */
601 sa_len = sa->sa_len;
602 namelen = MIN(namelen, sa_len);
603 error = copyout(sa, uap->name, namelen);
604 if (!error)
605 /* return the actual, untruncated address length */
606 namelen = sa_len;
607 gotnoname:
608 error = copyout((caddr_t)&namelen, uap->anamelen,
609 sizeof (socklen_t));
610 }
611 FREE(sa, M_SONAME);
612
613 releasefd:
614 /*
615 * If the socket has been marked as inactive by sosetdefunct(),
616 * disallow further operations on it.
617 */
618 if (so->so_flags & SOF_DEFUNCT) {
619 sodefunct(current_proc(), so,
620 SHUTDOWN_SOCKET_LEVEL_DISCONNECT_INTERNAL);
621 }
622
623 if (dosocklock)
624 socket_unlock(so, 1);
625
626 proc_fdlock(p);
627 procfdtbl_releasefd(p, newfd, NULL);
628 fp_drop(p, newfd, fp, 1);
629 proc_fdunlock(p);
630
631 out:
632 file_drop(fd);
633
634 if (error == 0 && ENTR_SHOULDTRACE) {
635 KERNEL_ENERGYTRACE(kEnTrActKernSocket, DBG_FUNC_START,
636 newfd, 0, (int64_t)VM_KERNEL_ADDRPERM(so));
637 }
638 return (error);
639 }
640
641 int
642 accept(struct proc *p, struct accept_args *uap, int32_t *retval)
643 {
644 __pthread_testcancel(1);
645 return (accept_nocancel(p, (struct accept_nocancel_args *)uap,
646 retval));
647 }
648
649 /*
650 * Returns: 0 Success
651 * EBADF Bad file descriptor
652 * EALREADY Connection already in progress
653 * EINPROGRESS Operation in progress
654 * ECONNABORTED Connection aborted
655 * EINTR Interrupted function
656 * EACCES Mandatory Access Control failure
657 * file_socket:ENOTSOCK
658 * file_socket:EBADF
659 * getsockaddr:ENAMETOOLONG Filename too long
660 * getsockaddr:EINVAL Invalid argument
661 * getsockaddr:ENOMEM Not enough space
662 * getsockaddr:EFAULT Bad address
663 * soconnectlock:EOPNOTSUPP
664 * soconnectlock:EISCONN
665 * soconnectlock:??? [depends on protocol, filters]
666 * msleep:EINTR
667 *
668 * Imputed: so_error error may be set from so_error, which
669 * may have been set by soconnectlock.
670 */
671 /* ARGSUSED */
672 int
673 connect(struct proc *p, struct connect_args *uap, int32_t *retval)
674 {
675 __pthread_testcancel(1);
676 return (connect_nocancel(p, (struct connect_nocancel_args *)uap,
677 retval));
678 }
679
680 int
681 connect_nocancel(proc_t p, struct connect_nocancel_args *uap, int32_t *retval)
682 {
683 #pragma unused(p, retval)
684 struct socket *so;
685 struct sockaddr_storage ss;
686 struct sockaddr *sa = NULL;
687 int error;
688 int fd = uap->s;
689 boolean_t dgram;
690
691 AUDIT_ARG(fd, uap->s);
692 error = file_socket(fd, &so);
693 if (error != 0)
694 return (error);
695 if (so == NULL) {
696 error = EBADF;
697 goto out;
698 }
699
700 /*
701 * Ask getsockaddr{_s} to not translate AF_UNSPEC to AF_INET
702 * if this is a datagram socket; translate for other types.
703 */
704 dgram = (so->so_type == SOCK_DGRAM);
705
706 /* Get socket address now before we obtain socket lock */
707 if (uap->namelen > sizeof (ss)) {
708 error = getsockaddr(so, &sa, uap->name, uap->namelen, !dgram);
709 } else {
710 error = getsockaddr_s(so, &ss, uap->name, uap->namelen, !dgram);
711 if (error == 0)
712 sa = (struct sockaddr *)&ss;
713 }
714 if (error != 0)
715 goto out;
716
717 error = connectit(so, sa);
718
719 if (sa != NULL && sa != SA(&ss))
720 FREE(sa, M_SONAME);
721 if (error == ERESTART)
722 error = EINTR;
723 out:
724 file_drop(fd);
725 return (error);
726 }
727
728 static int
729 connectx_nocancel(struct proc *p, struct connectx_args *uap, int *retval)
730 {
731 #pragma unused(p, retval)
732 struct sockaddr_list *src_sl = NULL, *dst_sl = NULL;
733 struct socket *so;
734 int error, error1, fd = uap->socket;
735 boolean_t dgram;
736 sae_connid_t cid = SAE_CONNID_ANY;
737 struct user32_sa_endpoints ep32;
738 struct user64_sa_endpoints ep64;
739 struct user_sa_endpoints ep;
740 user_ssize_t bytes_written = 0;
741 struct user_iovec *iovp;
742 uio_t auio = NULL;
743
744 AUDIT_ARG(fd, uap->socket);
745 error = file_socket(fd, &so);
746 if (error != 0)
747 return (error);
748 if (so == NULL) {
749 error = EBADF;
750 goto out;
751 }
752
753 if (uap->endpoints == USER_ADDR_NULL) {
754 error = EINVAL;
755 goto out;
756 }
757
758 if (IS_64BIT_PROCESS(p)) {
759 error = copyin(uap->endpoints, (caddr_t)&ep64, sizeof(ep64));
760 if (error != 0)
761 goto out;
762
763 ep.sae_srcif = ep64.sae_srcif;
764 ep.sae_srcaddr = ep64.sae_srcaddr;
765 ep.sae_srcaddrlen = ep64.sae_srcaddrlen;
766 ep.sae_dstaddr = ep64.sae_dstaddr;
767 ep.sae_dstaddrlen = ep64.sae_dstaddrlen;
768 } else {
769 error = copyin(uap->endpoints, (caddr_t)&ep32, sizeof(ep32));
770 if (error != 0)
771 goto out;
772
773 ep.sae_srcif = ep32.sae_srcif;
774 ep.sae_srcaddr = ep32.sae_srcaddr;
775 ep.sae_srcaddrlen = ep32.sae_srcaddrlen;
776 ep.sae_dstaddr = ep32.sae_dstaddr;
777 ep.sae_dstaddrlen = ep32.sae_dstaddrlen;
778 }
779
780 /*
781 * Ask getsockaddr{_s} to not translate AF_UNSPEC to AF_INET
782 * if this is a datagram socket; translate for other types.
783 */
784 dgram = (so->so_type == SOCK_DGRAM);
785
786 /*
787 * Get socket address(es) now before we obtain socket lock; use
788 * sockaddr_list for src address for convenience, if present,
789 * even though it won't hold more than one.
790 */
791 if (ep.sae_srcaddr != USER_ADDR_NULL && (error = getsockaddrlist(so,
792 &src_sl, (user_addr_t)(caddr_t)ep.sae_srcaddr, ep.sae_srcaddrlen,
793 dgram)) != 0)
794 goto out;
795
796 if (ep.sae_dstaddr == USER_ADDR_NULL) {
797 error = EINVAL;
798 goto out;
799 }
800
801 error = getsockaddrlist(so, &dst_sl, (user_addr_t)(caddr_t)ep.sae_dstaddr,
802 ep.sae_dstaddrlen, dgram);
803 if (error != 0)
804 goto out;
805
806 VERIFY(dst_sl != NULL &&
807 !TAILQ_EMPTY(&dst_sl->sl_head) && dst_sl->sl_cnt > 0);
808
809 if (uap->iov != USER_ADDR_NULL) {
810 /* Verify range before calling uio_create() */
811 if (uap->iovcnt <= 0 || uap->iovcnt > UIO_MAXIOV)
812 return (EINVAL);
813
814 if (uap->len == USER_ADDR_NULL)
815 return (EINVAL);
816
817 /* allocate a uio to hold the number of iovecs passed */
818 auio = uio_create(uap->iovcnt, 0,
819 (IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32),
820 UIO_WRITE);
821
822 if (auio == NULL) {
823 error = ENOMEM;
824 goto out;
825 }
826
827 /*
828 * get location of iovecs within the uio.
829 * then copyin the iovecs from user space.
830 */
831 iovp = uio_iovsaddr(auio);
832 if (iovp == NULL) {
833 error = ENOMEM;
834 goto out;
835 }
836 error = copyin_user_iovec_array(uap->iov,
837 IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32,
838 uap->iovcnt, iovp);
839 if (error != 0)
840 goto out;
841
842 /* finish setup of uio_t */
843 error = uio_calculateresid(auio);
844 if (error != 0) {
845 goto out;
846 }
847 }
848
849 error = connectitx(so, &src_sl, &dst_sl, p, ep.sae_srcif, uap->associd,
850 &cid, auio, uap->flags, &bytes_written);
851 if (error == ERESTART)
852 error = EINTR;
853
854 if (uap->len != USER_ADDR_NULL) {
855 error1 = copyout(&bytes_written, uap->len, sizeof (uap->len));
856 /* give precedence to connectitx errors */
857 if ((error1 != 0) && (error == 0))
858 error = error1;
859 }
860
861 if (uap->connid != USER_ADDR_NULL) {
862 error1 = copyout(&cid, uap->connid, sizeof (cid));
863 /* give precedence to connectitx errors */
864 if ((error1 != 0) && (error == 0))
865 error = error1;
866 }
867 out:
868 file_drop(fd);
869 if (auio != NULL) {
870 uio_free(auio);
871 }
872 if (src_sl != NULL)
873 sockaddrlist_free(src_sl);
874 if (dst_sl != NULL)
875 sockaddrlist_free(dst_sl);
876 return (error);
877 }
878
879 int
880 connectx(struct proc *p, struct connectx_args *uap, int *retval)
881 {
882 /*
883 * Due to similiarity with a POSIX interface, define as
884 * an unofficial cancellation point.
885 */
886 __pthread_testcancel(1);
887 return (connectx_nocancel(p, uap, retval));
888 }
889
890 static int
891 connectit(struct socket *so, struct sockaddr *sa)
892 {
893 int error;
894
895 AUDIT_ARG(sockaddr, vfs_context_cwd(vfs_context_current()), sa);
896 #if CONFIG_MACF_SOCKET_SUBSET
897 if ((error = mac_socket_check_connect(kauth_cred_get(), so, sa)) != 0)
898 return (error);
899 #endif /* MAC_SOCKET_SUBSET */
900
901 socket_lock(so, 1);
902 if ((so->so_state & SS_NBIO) && (so->so_state & SS_ISCONNECTING)) {
903 error = EALREADY;
904 goto out;
905 }
906 error = soconnectlock(so, sa, 0);
907 if (error != 0) {
908 so->so_state &= ~SS_ISCONNECTING;
909 goto out;
910 }
911 if ((so->so_state & SS_NBIO) && (so->so_state & SS_ISCONNECTING)) {
912 error = EINPROGRESS;
913 goto out;
914 }
915 while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
916 lck_mtx_t *mutex_held;
917
918 if (so->so_proto->pr_getlock != NULL)
919 mutex_held = (*so->so_proto->pr_getlock)(so, 0);
920 else
921 mutex_held = so->so_proto->pr_domain->dom_mtx;
922 error = msleep((caddr_t)&so->so_timeo, mutex_held,
923 PSOCK | PCATCH, __func__, 0);
924 if (so->so_state & SS_DRAINING) {
925 error = ECONNABORTED;
926 }
927 if (error != 0)
928 break;
929 }
930 if (error == 0) {
931 error = so->so_error;
932 so->so_error = 0;
933 }
934 out:
935 socket_unlock(so, 1);
936 return (error);
937 }
938
939 static int
940 connectitx(struct socket *so, struct sockaddr_list **src_sl,
941 struct sockaddr_list **dst_sl, struct proc *p, uint32_t ifscope,
942 sae_associd_t aid, sae_connid_t *pcid, uio_t auio, unsigned int flags,
943 user_ssize_t *bytes_written)
944 {
945 struct sockaddr_entry *se;
946 int error;
947 #pragma unused (flags)
948
949 VERIFY(dst_sl != NULL && *dst_sl != NULL);
950
951 TAILQ_FOREACH(se, &(*dst_sl)->sl_head, se_link) {
952 VERIFY(se->se_addr != NULL);
953 AUDIT_ARG(sockaddr, vfs_context_cwd(vfs_context_current()),
954 se->se_addr);
955 #if CONFIG_MACF_SOCKET_SUBSET
956 if ((error = mac_socket_check_connect(kauth_cred_get(),
957 so, se->se_addr)) != 0)
958 return (error);
959 #endif /* MAC_SOCKET_SUBSET */
960 }
961
962 socket_lock(so, 1);
963 if ((so->so_state & SS_NBIO) && (so->so_state & SS_ISCONNECTING)) {
964 error = EALREADY;
965 goto out;
966 }
967
968 if ((so->so_proto->pr_flags & PR_DATA_IDEMPOTENT) &&
969 (flags & CONNECT_DATA_IDEMPOTENT))
970 so->so_flags1 |= SOF1_DATA_IDEMPOTENT;
971
972 /*
973 * Case 1: CONNECT_RESUME_ON_READ_WRITE set, no data.
974 * Case 2: CONNECT_RESUME_ON_READ_WRITE set, with data (user error)
975 * Case 3: CONNECT_RESUME_ON_READ_WRITE not set, with data
976 * Case 3 allows user to combine write with connect even if they have
977 * no use for TFO (such as regular TCP, and UDP).
978 * Case 4: CONNECT_RESUME_ON_READ_WRITE not set, no data (regular case)
979 */
980 if ((so->so_proto->pr_flags & PR_PRECONN_WRITE) &&
981 ((flags & CONNECT_RESUME_ON_READ_WRITE) || auio))
982 so->so_flags1 |= SOF1_PRECONNECT_DATA;
983
984 /*
985 * If a user sets data idempotent and does not pass an uio, or
986 * sets CONNECT_RESUME_ON_READ_WRITE, this is an error, reset
987 * SOF1_DATA_IDEMPOTENT.
988 */
989 if (!(so->so_flags1 & SOF1_PRECONNECT_DATA) &&
990 (so->so_flags1 & SOF1_DATA_IDEMPOTENT)) {
991 /* We should return EINVAL instead perhaps. */
992 so->so_flags1 &= ~SOF1_DATA_IDEMPOTENT;
993 }
994
995 error = soconnectxlocked(so, src_sl, dst_sl, p, ifscope,
996 aid, pcid, 0, NULL, 0, auio, bytes_written);
997 if (error != 0) {
998 so->so_state &= ~SS_ISCONNECTING;
999 goto out;
1000 }
1001 /*
1002 * If, after the call to soconnectxlocked the flag is still set (in case
1003 * data has been queued and the connect() has actually been triggered,
1004 * it will have been unset by the transport), we exit immediately. There
1005 * is no reason to wait on any event.
1006 */
1007 if (so->so_flags1 & SOF1_PRECONNECT_DATA) {
1008 error = 0;
1009 goto out;
1010 }
1011 if ((so->so_state & SS_NBIO) && (so->so_state & SS_ISCONNECTING)) {
1012 error = EINPROGRESS;
1013 goto out;
1014 }
1015 while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
1016 lck_mtx_t *mutex_held;
1017
1018 if (so->so_proto->pr_getlock != NULL)
1019 mutex_held = (*so->so_proto->pr_getlock)(so, 0);
1020 else
1021 mutex_held = so->so_proto->pr_domain->dom_mtx;
1022 error = msleep((caddr_t)&so->so_timeo, mutex_held,
1023 PSOCK | PCATCH, __func__, 0);
1024 if (so->so_state & SS_DRAINING) {
1025 error = ECONNABORTED;
1026 }
1027 if (error != 0)
1028 break;
1029 }
1030 if (error == 0) {
1031 error = so->so_error;
1032 so->so_error = 0;
1033 }
1034 out:
1035 socket_unlock(so, 1);
1036 return (error);
1037 }
1038
1039 int
1040 peeloff(struct proc *p, struct peeloff_args *uap, int *retval)
1041 {
1042 /*
1043 * Due to similiarity with a POSIX interface, define as
1044 * an unofficial cancellation point.
1045 */
1046 __pthread_testcancel(1);
1047 return (peeloff_nocancel(p, uap, retval));
1048 }
1049
1050 static int
1051 peeloff_nocancel(struct proc *p, struct peeloff_args *uap, int *retval)
1052 {
1053 struct fileproc *fp;
1054 struct socket *mp_so, *so = NULL;
1055 int newfd, fd = uap->s;
1056 short fflag; /* type must match fp->f_flag */
1057 int error;
1058
1059 *retval = -1;
1060
1061 error = fp_getfsock(p, fd, &fp, &mp_so);
1062 if (error != 0) {
1063 if (error == EOPNOTSUPP)
1064 error = ENOTSOCK;
1065 goto out_nofile;
1066 }
1067 if (mp_so == NULL) {
1068 error = EBADF;
1069 goto out;
1070 }
1071
1072 socket_lock(mp_so, 1);
1073 error = sopeelofflocked(mp_so, uap->aid, &so);
1074 if (error != 0) {
1075 socket_unlock(mp_so, 1);
1076 goto out;
1077 }
1078 VERIFY(so != NULL);
1079 socket_unlock(mp_so, 0); /* keep ref on mp_so for us */
1080
1081 fflag = fp->f_flag;
1082 error = falloc(p, &fp, &newfd, vfs_context_current());
1083 if (error != 0) {
1084 /* drop this socket (probably ran out of file descriptors) */
1085 soclose(so);
1086 sodereference(mp_so); /* our mp_so ref */
1087 goto out;
1088 }
1089
1090 fp->f_flag = fflag;
1091 fp->f_ops = &socketops;
1092 fp->f_data = (caddr_t)so;
1093
1094 /*
1095 * If the socket has been marked as inactive by sosetdefunct(),
1096 * disallow further operations on it.
1097 */
1098 if (so->so_flags & SOF_DEFUNCT) {
1099 sodefunct(current_proc(), so,
1100 SHUTDOWN_SOCKET_LEVEL_DISCONNECT_INTERNAL);
1101 }
1102
1103 proc_fdlock(p);
1104 procfdtbl_releasefd(p, newfd, NULL);
1105 fp_drop(p, newfd, fp, 1);
1106 proc_fdunlock(p);
1107
1108 sodereference(mp_so); /* our mp_so ref */
1109 *retval = newfd;
1110
1111 out:
1112 file_drop(fd);
1113
1114 out_nofile:
1115 return (error);
1116 }
1117
1118 int
1119 disconnectx(struct proc *p, struct disconnectx_args *uap, int *retval)
1120 {
1121 /*
1122 * Due to similiarity with a POSIX interface, define as
1123 * an unofficial cancellation point.
1124 */
1125 __pthread_testcancel(1);
1126 return (disconnectx_nocancel(p, uap, retval));
1127 }
1128
1129 static int
1130 disconnectx_nocancel(struct proc *p, struct disconnectx_args *uap, int *retval)
1131 {
1132 #pragma unused(p, retval)
1133 struct socket *so;
1134 int fd = uap->s;
1135 int error;
1136
1137 error = file_socket(fd, &so);
1138 if (error != 0)
1139 return (error);
1140 if (so == NULL) {
1141 error = EBADF;
1142 goto out;
1143 }
1144
1145 error = sodisconnectx(so, uap->aid, uap->cid);
1146 out:
1147 file_drop(fd);
1148 return (error);
1149 }
1150
1151 /*
1152 * Returns: 0 Success
1153 * socreate:EAFNOSUPPORT
1154 * socreate:EPROTOTYPE
1155 * socreate:EPROTONOSUPPORT
1156 * socreate:ENOBUFS
1157 * socreate:ENOMEM
1158 * socreate:EISCONN
1159 * socreate:??? [other protocol families, IPSEC]
1160 * falloc:ENFILE
1161 * falloc:EMFILE
1162 * falloc:ENOMEM
1163 * copyout:EFAULT
1164 * soconnect2:EINVAL
1165 * soconnect2:EPROTOTYPE
1166 * soconnect2:??? [other protocol families[
1167 */
1168 int
1169 socketpair(struct proc *p, struct socketpair_args *uap,
1170 __unused int32_t *retval)
1171 {
1172 struct fileproc *fp1, *fp2;
1173 struct socket *so1, *so2;
1174 int fd, error, sv[2];
1175
1176 AUDIT_ARG(socket, uap->domain, uap->type, uap->protocol);
1177 error = socreate(uap->domain, &so1, uap->type, uap->protocol);
1178 if (error)
1179 return (error);
1180 error = socreate(uap->domain, &so2, uap->type, uap->protocol);
1181 if (error)
1182 goto free1;
1183
1184 error = falloc(p, &fp1, &fd, vfs_context_current());
1185 if (error) {
1186 goto free2;
1187 }
1188 fp1->f_flag = FREAD|FWRITE;
1189 fp1->f_ops = &socketops;
1190 fp1->f_data = (caddr_t)so1;
1191 sv[0] = fd;
1192
1193 error = falloc(p, &fp2, &fd, vfs_context_current());
1194 if (error) {
1195 goto free3;
1196 }
1197 fp2->f_flag = FREAD|FWRITE;
1198 fp2->f_ops = &socketops;
1199 fp2->f_data = (caddr_t)so2;
1200 sv[1] = fd;
1201
1202 error = soconnect2(so1, so2);
1203 if (error) {
1204 goto free4;
1205 }
1206 if (uap->type == SOCK_DGRAM) {
1207 /*
1208 * Datagram socket connection is asymmetric.
1209 */
1210 error = soconnect2(so2, so1);
1211 if (error) {
1212 goto free4;
1213 }
1214 }
1215
1216 if ((error = copyout(sv, uap->rsv, 2 * sizeof (int))) != 0)
1217 goto free4;
1218
1219 proc_fdlock(p);
1220 procfdtbl_releasefd(p, sv[0], NULL);
1221 procfdtbl_releasefd(p, sv[1], NULL);
1222 fp_drop(p, sv[0], fp1, 1);
1223 fp_drop(p, sv[1], fp2, 1);
1224 proc_fdunlock(p);
1225
1226 return (0);
1227 free4:
1228 fp_free(p, sv[1], fp2);
1229 free3:
1230 fp_free(p, sv[0], fp1);
1231 free2:
1232 (void) soclose(so2);
1233 free1:
1234 (void) soclose(so1);
1235 return (error);
1236 }
1237
1238 /*
1239 * Returns: 0 Success
1240 * EINVAL
1241 * ENOBUFS
1242 * EBADF
1243 * EPIPE
1244 * EACCES Mandatory Access Control failure
1245 * file_socket:ENOTSOCK
1246 * file_socket:EBADF
1247 * getsockaddr:ENAMETOOLONG Filename too long
1248 * getsockaddr:EINVAL Invalid argument
1249 * getsockaddr:ENOMEM Not enough space
1250 * getsockaddr:EFAULT Bad address
1251 * <pru_sosend>:EACCES[TCP]
1252 * <pru_sosend>:EADDRINUSE[TCP]
1253 * <pru_sosend>:EADDRNOTAVAIL[TCP]
1254 * <pru_sosend>:EAFNOSUPPORT[TCP]
1255 * <pru_sosend>:EAGAIN[TCP]
1256 * <pru_sosend>:EBADF
1257 * <pru_sosend>:ECONNRESET[TCP]
1258 * <pru_sosend>:EFAULT
1259 * <pru_sosend>:EHOSTUNREACH[TCP]
1260 * <pru_sosend>:EINTR
1261 * <pru_sosend>:EINVAL
1262 * <pru_sosend>:EISCONN[AF_INET]
1263 * <pru_sosend>:EMSGSIZE[TCP]
1264 * <pru_sosend>:ENETDOWN[TCP]
1265 * <pru_sosend>:ENETUNREACH[TCP]
1266 * <pru_sosend>:ENOBUFS
1267 * <pru_sosend>:ENOMEM[TCP]
1268 * <pru_sosend>:ENOTCONN[AF_INET]
1269 * <pru_sosend>:EOPNOTSUPP
1270 * <pru_sosend>:EPERM[TCP]
1271 * <pru_sosend>:EPIPE
1272 * <pru_sosend>:EWOULDBLOCK
1273 * <pru_sosend>:???[TCP] [ignorable: mostly IPSEC/firewall/DLIL]
1274 * <pru_sosend>:???[AF_INET] [whatever a filter author chooses]
1275 * <pru_sosend>:??? [value from so_error]
1276 * sockargs:???
1277 */
1278 static int
1279 sendit(struct proc *p, struct socket *so, struct user_msghdr *mp, uio_t uiop,
1280 int flags, int32_t *retval)
1281 {
1282 struct mbuf *control = NULL;
1283 struct sockaddr_storage ss;
1284 struct sockaddr *to = NULL;
1285 boolean_t want_free = TRUE;
1286 int error;
1287 user_ssize_t len;
1288
1289 KERNEL_DEBUG(DBG_FNC_SENDIT | DBG_FUNC_START, 0, 0, 0, 0, 0);
1290
1291 if (mp->msg_name != USER_ADDR_NULL) {
1292 if (mp->msg_namelen > sizeof (ss)) {
1293 error = getsockaddr(so, &to, mp->msg_name,
1294 mp->msg_namelen, TRUE);
1295 } else {
1296 error = getsockaddr_s(so, &ss, mp->msg_name,
1297 mp->msg_namelen, TRUE);
1298 if (error == 0) {
1299 to = (struct sockaddr *)&ss;
1300 want_free = FALSE;
1301 }
1302 }
1303 if (error != 0)
1304 goto out;
1305 AUDIT_ARG(sockaddr, vfs_context_cwd(vfs_context_current()), to);
1306 }
1307 if (mp->msg_control != USER_ADDR_NULL) {
1308 if (mp->msg_controllen < sizeof (struct cmsghdr)) {
1309 error = EINVAL;
1310 goto bad;
1311 }
1312 error = sockargs(&control, mp->msg_control,
1313 mp->msg_controllen, MT_CONTROL);
1314 if (error != 0)
1315 goto bad;
1316 }
1317
1318 #if CONFIG_MACF_SOCKET_SUBSET
1319 /*
1320 * We check the state without holding the socket lock;
1321 * if a race condition occurs, it would simply result
1322 * in an extra call to the MAC check function.
1323 */
1324 if (to != NULL &&
1325 !(so->so_state & SS_DEFUNCT) &&
1326 (error = mac_socket_check_send(kauth_cred_get(), so, to)) != 0)
1327 goto bad;
1328 #endif /* MAC_SOCKET_SUBSET */
1329
1330 len = uio_resid(uiop);
1331 error = so->so_proto->pr_usrreqs->pru_sosend(so, to, uiop, 0,
1332 control, flags);
1333 if (error != 0) {
1334 if (uio_resid(uiop) != len && (error == ERESTART ||
1335 error == EINTR || error == EWOULDBLOCK))
1336 error = 0;
1337 /* Generation of SIGPIPE can be controlled per socket */
1338 if (error == EPIPE && !(so->so_flags & SOF_NOSIGPIPE))
1339 psignal(p, SIGPIPE);
1340 }
1341 if (error == 0)
1342 *retval = (int)(len - uio_resid(uiop));
1343 bad:
1344 if (to != NULL && want_free)
1345 FREE(to, M_SONAME);
1346 out:
1347 KERNEL_DEBUG(DBG_FNC_SENDIT | DBG_FUNC_END, error, 0, 0, 0, 0);
1348
1349 return (error);
1350 }
1351
1352 /*
1353 * Returns: 0 Success
1354 * ENOMEM
1355 * sendit:??? [see sendit definition in this file]
1356 * write:??? [4056224: applicable for pipes]
1357 */
1358 int
1359 sendto(struct proc *p, struct sendto_args *uap, int32_t *retval)
1360 {
1361 __pthread_testcancel(1);
1362 return (sendto_nocancel(p, (struct sendto_nocancel_args *)uap, retval));
1363 }
1364
1365 int
1366 sendto_nocancel(struct proc *p,
1367 struct sendto_nocancel_args *uap,
1368 int32_t *retval)
1369 {
1370 struct user_msghdr msg;
1371 int error;
1372 uio_t auio = NULL;
1373 struct socket *so;
1374
1375 KERNEL_DEBUG(DBG_FNC_SENDTO | DBG_FUNC_START, 0, 0, 0, 0, 0);
1376 AUDIT_ARG(fd, uap->s);
1377
1378 auio = uio_create(1, 0,
1379 (IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32),
1380 UIO_WRITE);
1381 if (auio == NULL) {
1382 error = ENOMEM;
1383 goto done;
1384 }
1385 uio_addiov(auio, uap->buf, uap->len);
1386
1387 msg.msg_name = uap->to;
1388 msg.msg_namelen = uap->tolen;
1389 /* no need to set up msg_iov. sendit uses uio_t we send it */
1390 msg.msg_iov = 0;
1391 msg.msg_iovlen = 0;
1392 msg.msg_control = 0;
1393 msg.msg_flags = 0;
1394
1395 error = file_socket(uap->s, &so);
1396 if (error)
1397 goto done;
1398
1399 if (so == NULL) {
1400 error = EBADF;
1401 } else {
1402 error = sendit(p, so, &msg, auio, uap->flags, retval);
1403 }
1404
1405 file_drop(uap->s);
1406 done:
1407 if (auio != NULL)
1408 uio_free(auio);
1409
1410 KERNEL_DEBUG(DBG_FNC_SENDTO | DBG_FUNC_END, error, *retval, 0, 0, 0);
1411
1412 return (error);
1413 }
1414
1415 /*
1416 * Returns: 0 Success
1417 * ENOBUFS
1418 * copyin:EFAULT
1419 * sendit:??? [see sendit definition in this file]
1420 */
1421 int
1422 sendmsg(struct proc *p, struct sendmsg_args *uap, int32_t *retval)
1423 {
1424 __pthread_testcancel(1);
1425 return (sendmsg_nocancel(p, (struct sendmsg_nocancel_args *)uap,
1426 retval));
1427 }
1428
1429 int
1430 sendmsg_nocancel(struct proc *p, struct sendmsg_nocancel_args *uap,
1431 int32_t *retval)
1432 {
1433 struct user32_msghdr msg32;
1434 struct user64_msghdr msg64;
1435 struct user_msghdr user_msg;
1436 caddr_t msghdrp;
1437 int size_of_msghdr;
1438 int error;
1439 uio_t auio = NULL;
1440 struct user_iovec *iovp;
1441 struct socket *so;
1442
1443 KERNEL_DEBUG(DBG_FNC_SENDMSG | DBG_FUNC_START, 0, 0, 0, 0, 0);
1444 AUDIT_ARG(fd, uap->s);
1445 if (IS_64BIT_PROCESS(p)) {
1446 msghdrp = (caddr_t)&msg64;
1447 size_of_msghdr = sizeof (msg64);
1448 } else {
1449 msghdrp = (caddr_t)&msg32;
1450 size_of_msghdr = sizeof (msg32);
1451 }
1452 error = copyin(uap->msg, msghdrp, size_of_msghdr);
1453 if (error) {
1454 KERNEL_DEBUG(DBG_FNC_SENDMSG | DBG_FUNC_END, error, 0, 0, 0, 0);
1455 return (error);
1456 }
1457
1458 if (IS_64BIT_PROCESS(p)) {
1459 user_msg.msg_flags = msg64.msg_flags;
1460 user_msg.msg_controllen = msg64.msg_controllen;
1461 user_msg.msg_control = msg64.msg_control;
1462 user_msg.msg_iovlen = msg64.msg_iovlen;
1463 user_msg.msg_iov = msg64.msg_iov;
1464 user_msg.msg_namelen = msg64.msg_namelen;
1465 user_msg.msg_name = msg64.msg_name;
1466 } else {
1467 user_msg.msg_flags = msg32.msg_flags;
1468 user_msg.msg_controllen = msg32.msg_controllen;
1469 user_msg.msg_control = msg32.msg_control;
1470 user_msg.msg_iovlen = msg32.msg_iovlen;
1471 user_msg.msg_iov = msg32.msg_iov;
1472 user_msg.msg_namelen = msg32.msg_namelen;
1473 user_msg.msg_name = msg32.msg_name;
1474 }
1475
1476 if (user_msg.msg_iovlen <= 0 || user_msg.msg_iovlen > UIO_MAXIOV) {
1477 KERNEL_DEBUG(DBG_FNC_SENDMSG | DBG_FUNC_END, EMSGSIZE,
1478 0, 0, 0, 0);
1479 return (EMSGSIZE);
1480 }
1481
1482 /* allocate a uio large enough to hold the number of iovecs passed */
1483 auio = uio_create(user_msg.msg_iovlen, 0,
1484 (IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32),
1485 UIO_WRITE);
1486 if (auio == NULL) {
1487 error = ENOBUFS;
1488 goto done;
1489 }
1490
1491 if (user_msg.msg_iovlen) {
1492 /*
1493 * get location of iovecs within the uio.
1494 * then copyin the iovecs from user space.
1495 */
1496 iovp = uio_iovsaddr(auio);
1497 if (iovp == NULL) {
1498 error = ENOBUFS;
1499 goto done;
1500 }
1501 error = copyin_user_iovec_array(user_msg.msg_iov,
1502 IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32,
1503 user_msg.msg_iovlen, iovp);
1504 if (error)
1505 goto done;
1506 user_msg.msg_iov = CAST_USER_ADDR_T(iovp);
1507
1508 /* finish setup of uio_t */
1509 error = uio_calculateresid(auio);
1510 if (error) {
1511 goto done;
1512 }
1513 } else {
1514 user_msg.msg_iov = 0;
1515 }
1516
1517 /* msg_flags is ignored for send */
1518 user_msg.msg_flags = 0;
1519
1520 error = file_socket(uap->s, &so);
1521 if (error) {
1522 goto done;
1523 }
1524 if (so == NULL) {
1525 error = EBADF;
1526 } else {
1527 error = sendit(p, so, &user_msg, auio, uap->flags, retval);
1528 }
1529 file_drop(uap->s);
1530 done:
1531 if (auio != NULL) {
1532 uio_free(auio);
1533 }
1534 KERNEL_DEBUG(DBG_FNC_SENDMSG | DBG_FUNC_END, error, 0, 0, 0, 0);
1535
1536 return (error);
1537 }
1538
1539 int
1540 sendmsg_x(struct proc *p, struct sendmsg_x_args *uap, user_ssize_t *retval)
1541 {
1542 int error = 0;
1543 struct user_msghdr_x *user_msg_x = NULL;
1544 struct uio **uiop = NULL;
1545 struct socket *so;
1546 u_int i;
1547 struct sockaddr *to = NULL;
1548 user_ssize_t len_before = 0, len_after;
1549 int need_drop = 0;
1550 size_t size_of_msghdr;
1551 void *umsgp = NULL;
1552 u_int uiocnt;
1553 int has_addr_or_ctl = 0;
1554
1555 KERNEL_DEBUG(DBG_FNC_SENDMSG_X | DBG_FUNC_START, 0, 0, 0, 0, 0);
1556
1557 error = file_socket(uap->s, &so);
1558 if (error) {
1559 goto out;
1560 }
1561 need_drop = 1;
1562 if (so == NULL) {
1563 error = EBADF;
1564 goto out;
1565 }
1566
1567 /*
1568 * Input parameter range check
1569 */
1570 if (uap->cnt == 0 || uap->cnt > UIO_MAXIOV) {
1571 error = EINVAL;
1572 goto out;
1573 }
1574 /*
1575 * Clip to max currently allowed
1576 */
1577 if (uap->cnt > somaxsendmsgx)
1578 uap->cnt = somaxsendmsgx;
1579
1580 user_msg_x = _MALLOC(uap->cnt * sizeof(struct user_msghdr_x),
1581 M_TEMP, M_WAITOK | M_ZERO);
1582 if (user_msg_x == NULL) {
1583 DBG_PRINTF("%s _MALLOC() user_msg_x failed\n", __func__);
1584 error = ENOMEM;
1585 goto out;
1586 }
1587 uiop = _MALLOC(uap->cnt * sizeof(struct uio *),
1588 M_TEMP, M_WAITOK | M_ZERO);
1589 if (uiop == NULL) {
1590 DBG_PRINTF("%s _MALLOC() uiop failed\n", __func__);
1591 error = ENOMEM;
1592 goto out;
1593 }
1594
1595 size_of_msghdr = IS_64BIT_PROCESS(p) ?
1596 sizeof(struct user64_msghdr_x) : sizeof(struct user32_msghdr_x);
1597
1598 umsgp = _MALLOC(uap->cnt * size_of_msghdr,
1599 M_TEMP, M_WAITOK | M_ZERO);
1600 if (umsgp == NULL) {
1601 printf("%s _MALLOC() user_msg_x failed\n", __func__);
1602 error = ENOMEM;
1603 goto out;
1604 }
1605 error = copyin(uap->msgp, umsgp, uap->cnt * size_of_msghdr);
1606 if (error) {
1607 DBG_PRINTF("%s copyin() failed\n", __func__);
1608 goto out;
1609 }
1610 error = internalize_user_msghdr_array(umsgp,
1611 IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32,
1612 UIO_WRITE, uap->cnt, user_msg_x, uiop);
1613 if (error) {
1614 DBG_PRINTF("%s copyin_user_msghdr_array() failed\n", __func__);
1615 goto out;
1616 }
1617 /*
1618 * Make sure the size of each message iovec and
1619 * the aggregate size of all the iovec is valid
1620 */
1621 if (uio_array_is_valid(uiop, uap->cnt) == 0) {
1622 error = EINVAL;
1623 goto out;
1624 }
1625
1626 /*
1627 * Sanity check on passed arguments
1628 */
1629 for (i = 0; i < uap->cnt; i++) {
1630 struct user_msghdr_x *mp = user_msg_x + i;
1631
1632 /*
1633 * No flags on send message
1634 */
1635 if (mp->msg_flags != 0) {
1636 error = EINVAL;
1637 goto out;
1638 }
1639 /*
1640 * No support for address or ancillary data (yet)
1641 */
1642 if (mp->msg_name != USER_ADDR_NULL || mp->msg_namelen != 0)
1643 has_addr_or_ctl = 1;
1644
1645 if (mp->msg_control != USER_ADDR_NULL ||
1646 mp->msg_controllen != 0)
1647 has_addr_or_ctl = 1;
1648
1649 #if CONFIG_MACF_SOCKET_SUBSET
1650 /*
1651 * We check the state without holding the socket lock;
1652 * if a race condition occurs, it would simply result
1653 * in an extra call to the MAC check function.
1654 *
1655 * Note: The following check is never true taken with the
1656 * current limitation that we do not accept to pass an address,
1657 * this is effectively placeholder code. If we add support for
1658 * addresses, we will have to check every address.
1659 */
1660 if (to != NULL &&
1661 !(so->so_state & SS_DEFUNCT) &&
1662 (error = mac_socket_check_send(kauth_cred_get(), so, to))
1663 != 0)
1664 goto out;
1665 #endif /* MAC_SOCKET_SUBSET */
1666 }
1667
1668 len_before = uio_array_resid(uiop, uap->cnt);
1669
1670 /*
1671 * Feed list of packets at once only for connected socket without
1672 * control message
1673 */
1674 if (so->so_proto->pr_usrreqs->pru_sosend_list !=
1675 pru_sosend_list_notsupp &&
1676 has_addr_or_ctl == 0 && somaxsendmsgx == 0) {
1677 error = so->so_proto->pr_usrreqs->pru_sosend_list(so, uiop,
1678 uap->cnt, uap->flags);
1679 } else {
1680 for (i = 0; i < uap->cnt; i++) {
1681 struct user_msghdr_x *mp = user_msg_x + i;
1682 struct user_msghdr user_msg;
1683 uio_t auio = uiop[i];
1684 int32_t tmpval;
1685
1686 user_msg.msg_flags = mp->msg_flags;
1687 user_msg.msg_controllen = mp->msg_controllen;
1688 user_msg.msg_control = mp->msg_control;
1689 user_msg.msg_iovlen = mp->msg_iovlen;
1690 user_msg.msg_iov = mp->msg_iov;
1691 user_msg.msg_namelen = mp->msg_namelen;
1692 user_msg.msg_name = mp->msg_name;
1693
1694 error = sendit(p, so, &user_msg, auio, uap->flags,
1695 &tmpval);
1696 if (error != 0)
1697 break;
1698 }
1699 }
1700 len_after = uio_array_resid(uiop, uap->cnt);
1701
1702 VERIFY(len_after <= len_before);
1703
1704 if (error != 0) {
1705 if (len_after != len_before && (error == ERESTART ||
1706 error == EINTR || error == EWOULDBLOCK ||
1707 error == ENOBUFS))
1708 error = 0;
1709 /* Generation of SIGPIPE can be controlled per socket */
1710 if (error == EPIPE && !(so->so_flags & SOF_NOSIGPIPE))
1711 psignal(p, SIGPIPE);
1712 }
1713 if (error == 0) {
1714 uiocnt = externalize_user_msghdr_array(umsgp,
1715 IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32,
1716 UIO_WRITE, uap->cnt, user_msg_x, uiop);
1717
1718 *retval = (int)(uiocnt);
1719 }
1720 out:
1721 if (need_drop)
1722 file_drop(uap->s);
1723 if (umsgp != NULL)
1724 _FREE(umsgp, M_TEMP);
1725 if (uiop != NULL) {
1726 free_uio_array(uiop, uap->cnt);
1727 _FREE(uiop, M_TEMP);
1728 }
1729 if (user_msg_x != NULL)
1730 _FREE(user_msg_x, M_TEMP);
1731
1732 KERNEL_DEBUG(DBG_FNC_SENDMSG_X | DBG_FUNC_END, error, 0, 0, 0, 0);
1733
1734 return (error);
1735 }
1736
1737
1738 static int
1739 copyout_sa(struct sockaddr *fromsa, user_addr_t name, socklen_t *namelen)
1740 {
1741 int error = 0;
1742 socklen_t sa_len = 0;
1743 ssize_t len;
1744
1745 len = *namelen;
1746 if (len <= 0 || fromsa == 0) {
1747 len = 0;
1748 } else {
1749 #ifndef MIN
1750 #define MIN(a, b) ((a) > (b) ? (b) : (a))
1751 #endif
1752 sa_len = fromsa->sa_len;
1753 len = MIN((unsigned int)len, sa_len);
1754 error = copyout(fromsa, name, (unsigned)len);
1755 if (error)
1756 goto out;
1757 }
1758 *namelen = sa_len;
1759 out:
1760 return (0);
1761 }
1762
1763 static int
1764 copyout_control(struct proc *p, struct mbuf *m, user_addr_t control,
1765 socklen_t *controllen, int *flags)
1766 {
1767 int error = 0;
1768 ssize_t len;
1769 user_addr_t ctlbuf;
1770
1771 len = *controllen;
1772 *controllen = 0;
1773 ctlbuf = control;
1774
1775 while (m && len > 0) {
1776 unsigned int tocopy;
1777 struct cmsghdr *cp = mtod(m, struct cmsghdr *);
1778 int cp_size = CMSG_ALIGN(cp->cmsg_len);
1779 int buflen = m->m_len;
1780
1781 while (buflen > 0 && len > 0) {
1782 /*
1783 * SCM_TIMESTAMP hack because struct timeval has a
1784 * different size for 32 bits and 64 bits processes
1785 */
1786 if (cp->cmsg_level == SOL_SOCKET && cp->cmsg_type == SCM_TIMESTAMP) {
1787 unsigned char tmp_buffer[CMSG_SPACE(sizeof(struct user64_timeval))];
1788 struct cmsghdr *tmp_cp = (struct cmsghdr *)(void *)tmp_buffer;
1789 int tmp_space;
1790 struct timeval *tv = (struct timeval *)(void *)CMSG_DATA(cp);
1791
1792 tmp_cp->cmsg_level = SOL_SOCKET;
1793 tmp_cp->cmsg_type = SCM_TIMESTAMP;
1794
1795 if (proc_is64bit(p)) {
1796 struct user64_timeval *tv64 = (struct user64_timeval *)(void *)CMSG_DATA(tmp_cp);
1797
1798 tv64->tv_sec = tv->tv_sec;
1799 tv64->tv_usec = tv->tv_usec;
1800
1801 tmp_cp->cmsg_len = CMSG_LEN(sizeof(struct user64_timeval));
1802 tmp_space = CMSG_SPACE(sizeof(struct user64_timeval));
1803 } else {
1804 struct user32_timeval *tv32 = (struct user32_timeval *)(void *)CMSG_DATA(tmp_cp);
1805
1806 tv32->tv_sec = tv->tv_sec;
1807 tv32->tv_usec = tv->tv_usec;
1808
1809 tmp_cp->cmsg_len = CMSG_LEN(sizeof(struct user32_timeval));
1810 tmp_space = CMSG_SPACE(sizeof(struct user32_timeval));
1811 }
1812 if (len >= tmp_space) {
1813 tocopy = tmp_space;
1814 } else {
1815 *flags |= MSG_CTRUNC;
1816 tocopy = len;
1817 }
1818 error = copyout(tmp_buffer, ctlbuf, tocopy);
1819 if (error)
1820 goto out;
1821 } else {
1822 if (cp_size > buflen) {
1823 panic("cp_size > buflen, something"
1824 "wrong with alignment!");
1825 }
1826 if (len >= cp_size) {
1827 tocopy = cp_size;
1828 } else {
1829 *flags |= MSG_CTRUNC;
1830 tocopy = len;
1831 }
1832 error = copyout((caddr_t) cp, ctlbuf, tocopy);
1833 if (error)
1834 goto out;
1835 }
1836
1837 ctlbuf += tocopy;
1838 len -= tocopy;
1839
1840 buflen -= cp_size;
1841 cp = (struct cmsghdr *)(void *)
1842 ((unsigned char *) cp + cp_size);
1843 cp_size = CMSG_ALIGN(cp->cmsg_len);
1844 }
1845
1846 m = m->m_next;
1847 }
1848 *controllen = ctlbuf - control;
1849 out:
1850 return (error);
1851 }
1852
1853 /*
1854 * Returns: 0 Success
1855 * ENOTSOCK
1856 * EINVAL
1857 * EBADF
1858 * EACCES Mandatory Access Control failure
1859 * copyout:EFAULT
1860 * fp_lookup:EBADF
1861 * <pru_soreceive>:ENOBUFS
1862 * <pru_soreceive>:ENOTCONN
1863 * <pru_soreceive>:EWOULDBLOCK
1864 * <pru_soreceive>:EFAULT
1865 * <pru_soreceive>:EINTR
1866 * <pru_soreceive>:EBADF
1867 * <pru_soreceive>:EINVAL
1868 * <pru_soreceive>:EMSGSIZE
1869 * <pru_soreceive>:???
1870 *
1871 * Notes: Additional return values from calls through <pru_soreceive>
1872 * depend on protocols other than TCP or AF_UNIX, which are
1873 * documented above.
1874 */
1875 static int
1876 recvit(struct proc *p, int s, struct user_msghdr *mp, uio_t uiop,
1877 user_addr_t namelenp, int32_t *retval)
1878 {
1879 ssize_t len;
1880 int error;
1881 struct mbuf *control = 0;
1882 struct socket *so;
1883 struct sockaddr *fromsa = 0;
1884 struct fileproc *fp;
1885
1886 KERNEL_DEBUG(DBG_FNC_RECVIT | DBG_FUNC_START, 0, 0, 0, 0, 0);
1887 proc_fdlock(p);
1888 if ((error = fp_lookup(p, s, &fp, 1))) {
1889 KERNEL_DEBUG(DBG_FNC_RECVIT | DBG_FUNC_END, error, 0, 0, 0, 0);
1890 proc_fdunlock(p);
1891 return (error);
1892 }
1893 if (fp->f_type != DTYPE_SOCKET) {
1894 fp_drop(p, s, fp, 1);
1895 proc_fdunlock(p);
1896 return (ENOTSOCK);
1897 }
1898
1899 so = (struct socket *)fp->f_data;
1900 if (so == NULL) {
1901 fp_drop(p, s, fp, 1);
1902 proc_fdunlock(p);
1903 return (EBADF);
1904 }
1905
1906 proc_fdunlock(p);
1907
1908 #if CONFIG_MACF_SOCKET_SUBSET
1909 /*
1910 * We check the state without holding the socket lock;
1911 * if a race condition occurs, it would simply result
1912 * in an extra call to the MAC check function.
1913 */
1914 if (!(so->so_state & SS_DEFUNCT) &&
1915 !(so->so_state & SS_ISCONNECTED) &&
1916 !(so->so_proto->pr_flags & PR_CONNREQUIRED) &&
1917 (error = mac_socket_check_receive(kauth_cred_get(), so)) != 0)
1918 goto out1;
1919 #endif /* MAC_SOCKET_SUBSET */
1920 if (uio_resid(uiop) < 0) {
1921 KERNEL_DEBUG(DBG_FNC_RECVIT | DBG_FUNC_END, EINVAL, 0, 0, 0, 0);
1922 error = EINVAL;
1923 goto out1;
1924 }
1925
1926 len = uio_resid(uiop);
1927 error = so->so_proto->pr_usrreqs->pru_soreceive(so, &fromsa, uiop,
1928 (struct mbuf **)0, mp->msg_control ? &control : (struct mbuf **)0,
1929 &mp->msg_flags);
1930 if (fromsa)
1931 AUDIT_ARG(sockaddr, vfs_context_cwd(vfs_context_current()),
1932 fromsa);
1933 if (error) {
1934 if (uio_resid(uiop) != len && (error == ERESTART ||
1935 error == EINTR || error == EWOULDBLOCK))
1936 error = 0;
1937 }
1938 if (error)
1939 goto out;
1940
1941 *retval = len - uio_resid(uiop);
1942
1943 if (mp->msg_name) {
1944 error = copyout_sa(fromsa, mp->msg_name, &mp->msg_namelen);
1945 if (error)
1946 goto out;
1947 /* return the actual, untruncated address length */
1948 if (namelenp &&
1949 (error = copyout((caddr_t)&mp->msg_namelen, namelenp,
1950 sizeof (int)))) {
1951 goto out;
1952 }
1953 }
1954
1955 if (mp->msg_control) {
1956 error = copyout_control(p, control, mp->msg_control,
1957 &mp->msg_controllen, &mp->msg_flags);
1958 }
1959 out:
1960 if (fromsa)
1961 FREE(fromsa, M_SONAME);
1962 if (control)
1963 m_freem(control);
1964 KERNEL_DEBUG(DBG_FNC_RECVIT | DBG_FUNC_END, error, 0, 0, 0, 0);
1965 out1:
1966 fp_drop(p, s, fp, 0);
1967 return (error);
1968 }
1969
1970 /*
1971 * Returns: 0 Success
1972 * ENOMEM
1973 * copyin:EFAULT
1974 * recvit:???
1975 * read:??? [4056224: applicable for pipes]
1976 *
1977 * Notes: The read entry point is only called as part of support for
1978 * binary backward compatability; new code should use read
1979 * instead of recv or recvfrom when attempting to read data
1980 * from pipes.
1981 *
1982 * For full documentation of the return codes from recvit, see
1983 * the block header for the recvit function.
1984 */
1985 int
1986 recvfrom(struct proc *p, struct recvfrom_args *uap, int32_t *retval)
1987 {
1988 __pthread_testcancel(1);
1989 return (recvfrom_nocancel(p, (struct recvfrom_nocancel_args *)uap,
1990 retval));
1991 }
1992
1993 int
1994 recvfrom_nocancel(struct proc *p, struct recvfrom_nocancel_args *uap,
1995 int32_t *retval)
1996 {
1997 struct user_msghdr msg;
1998 int error;
1999 uio_t auio = NULL;
2000
2001 KERNEL_DEBUG(DBG_FNC_RECVFROM | DBG_FUNC_START, 0, 0, 0, 0, 0);
2002 AUDIT_ARG(fd, uap->s);
2003
2004 if (uap->fromlenaddr) {
2005 error = copyin(uap->fromlenaddr,
2006 (caddr_t)&msg.msg_namelen, sizeof (msg.msg_namelen));
2007 if (error)
2008 return (error);
2009 } else {
2010 msg.msg_namelen = 0;
2011 }
2012 msg.msg_name = uap->from;
2013 auio = uio_create(1, 0,
2014 (IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32),
2015 UIO_READ);
2016 if (auio == NULL) {
2017 return (ENOMEM);
2018 }
2019
2020 uio_addiov(auio, uap->buf, uap->len);
2021 /* no need to set up msg_iov. recvit uses uio_t we send it */
2022 msg.msg_iov = 0;
2023 msg.msg_iovlen = 0;
2024 msg.msg_control = 0;
2025 msg.msg_controllen = 0;
2026 msg.msg_flags = uap->flags;
2027 error = recvit(p, uap->s, &msg, auio, uap->fromlenaddr, retval);
2028 if (auio != NULL) {
2029 uio_free(auio);
2030 }
2031
2032 KERNEL_DEBUG(DBG_FNC_RECVFROM | DBG_FUNC_END, error, 0, 0, 0, 0);
2033
2034 return (error);
2035 }
2036
2037 /*
2038 * Returns: 0 Success
2039 * EMSGSIZE
2040 * ENOMEM
2041 * copyin:EFAULT
2042 * copyout:EFAULT
2043 * recvit:???
2044 *
2045 * Notes: For full documentation of the return codes from recvit, see
2046 * the block header for the recvit function.
2047 */
2048 int
2049 recvmsg(struct proc *p, struct recvmsg_args *uap, int32_t *retval)
2050 {
2051 __pthread_testcancel(1);
2052 return (recvmsg_nocancel(p, (struct recvmsg_nocancel_args *)uap,
2053 retval));
2054 }
2055
2056 int
2057 recvmsg_nocancel(struct proc *p, struct recvmsg_nocancel_args *uap,
2058 int32_t *retval)
2059 {
2060 struct user32_msghdr msg32;
2061 struct user64_msghdr msg64;
2062 struct user_msghdr user_msg;
2063 caddr_t msghdrp;
2064 int size_of_msghdr;
2065 user_addr_t uiov;
2066 int error;
2067 uio_t auio = NULL;
2068 struct user_iovec *iovp;
2069
2070 KERNEL_DEBUG(DBG_FNC_RECVMSG | DBG_FUNC_START, 0, 0, 0, 0, 0);
2071 AUDIT_ARG(fd, uap->s);
2072 if (IS_64BIT_PROCESS(p)) {
2073 msghdrp = (caddr_t)&msg64;
2074 size_of_msghdr = sizeof (msg64);
2075 } else {
2076 msghdrp = (caddr_t)&msg32;
2077 size_of_msghdr = sizeof (msg32);
2078 }
2079 error = copyin(uap->msg, msghdrp, size_of_msghdr);
2080 if (error) {
2081 KERNEL_DEBUG(DBG_FNC_RECVMSG | DBG_FUNC_END, error, 0, 0, 0, 0);
2082 return (error);
2083 }
2084
2085 /* only need to copy if user process is not 64-bit */
2086 if (IS_64BIT_PROCESS(p)) {
2087 user_msg.msg_flags = msg64.msg_flags;
2088 user_msg.msg_controllen = msg64.msg_controllen;
2089 user_msg.msg_control = msg64.msg_control;
2090 user_msg.msg_iovlen = msg64.msg_iovlen;
2091 user_msg.msg_iov = msg64.msg_iov;
2092 user_msg.msg_namelen = msg64.msg_namelen;
2093 user_msg.msg_name = msg64.msg_name;
2094 } else {
2095 user_msg.msg_flags = msg32.msg_flags;
2096 user_msg.msg_controllen = msg32.msg_controllen;
2097 user_msg.msg_control = msg32.msg_control;
2098 user_msg.msg_iovlen = msg32.msg_iovlen;
2099 user_msg.msg_iov = msg32.msg_iov;
2100 user_msg.msg_namelen = msg32.msg_namelen;
2101 user_msg.msg_name = msg32.msg_name;
2102 }
2103
2104 if (user_msg.msg_iovlen <= 0 || user_msg.msg_iovlen > UIO_MAXIOV) {
2105 KERNEL_DEBUG(DBG_FNC_RECVMSG | DBG_FUNC_END, EMSGSIZE,
2106 0, 0, 0, 0);
2107 return (EMSGSIZE);
2108 }
2109
2110 user_msg.msg_flags = uap->flags;
2111
2112 /* allocate a uio large enough to hold the number of iovecs passed */
2113 auio = uio_create(user_msg.msg_iovlen, 0,
2114 (IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32),
2115 UIO_READ);
2116 if (auio == NULL) {
2117 error = ENOMEM;
2118 goto done;
2119 }
2120
2121 /*
2122 * get location of iovecs within the uio. then copyin the iovecs from
2123 * user space.
2124 */
2125 iovp = uio_iovsaddr(auio);
2126 if (iovp == NULL) {
2127 error = ENOMEM;
2128 goto done;
2129 }
2130 uiov = user_msg.msg_iov;
2131 user_msg.msg_iov = CAST_USER_ADDR_T(iovp);
2132 error = copyin_user_iovec_array(uiov,
2133 IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32,
2134 user_msg.msg_iovlen, iovp);
2135 if (error)
2136 goto done;
2137
2138 /* finish setup of uio_t */
2139 error = uio_calculateresid(auio);
2140 if (error) {
2141 goto done;
2142 }
2143
2144 error = recvit(p, uap->s, &user_msg, auio, 0, retval);
2145 if (!error) {
2146 user_msg.msg_iov = uiov;
2147 if (IS_64BIT_PROCESS(p)) {
2148 msg64.msg_flags = user_msg.msg_flags;
2149 msg64.msg_controllen = user_msg.msg_controllen;
2150 msg64.msg_control = user_msg.msg_control;
2151 msg64.msg_iovlen = user_msg.msg_iovlen;
2152 msg64.msg_iov = user_msg.msg_iov;
2153 msg64.msg_namelen = user_msg.msg_namelen;
2154 msg64.msg_name = user_msg.msg_name;
2155 } else {
2156 msg32.msg_flags = user_msg.msg_flags;
2157 msg32.msg_controllen = user_msg.msg_controllen;
2158 msg32.msg_control = user_msg.msg_control;
2159 msg32.msg_iovlen = user_msg.msg_iovlen;
2160 msg32.msg_iov = user_msg.msg_iov;
2161 msg32.msg_namelen = user_msg.msg_namelen;
2162 msg32.msg_name = user_msg.msg_name;
2163 }
2164 error = copyout(msghdrp, uap->msg, size_of_msghdr);
2165 }
2166 done:
2167 if (auio != NULL) {
2168 uio_free(auio);
2169 }
2170 KERNEL_DEBUG(DBG_FNC_RECVMSG | DBG_FUNC_END, error, 0, 0, 0, 0);
2171 return (error);
2172 }
2173
2174 int
2175 recvmsg_x(struct proc *p, struct recvmsg_x_args *uap, user_ssize_t *retval)
2176 {
2177 int error = EOPNOTSUPP;
2178 struct user_msghdr_x *user_msg_x = NULL;
2179 struct recv_msg_elem *recv_msg_array = NULL;
2180 struct socket *so;
2181 user_ssize_t len_before = 0, len_after;
2182 int need_drop = 0;
2183 size_t size_of_msghdr;
2184 void *umsgp = NULL;
2185 u_int i;
2186 u_int uiocnt;
2187
2188 KERNEL_DEBUG(DBG_FNC_RECVMSG_X | DBG_FUNC_START, 0, 0, 0, 0, 0);
2189
2190 error = file_socket(uap->s, &so);
2191 if (error) {
2192 goto out;
2193 }
2194 need_drop = 1;
2195 if (so == NULL) {
2196 error = EBADF;
2197 goto out;
2198 }
2199 /*
2200 * Input parameter range check
2201 */
2202 if (uap->cnt == 0 || uap->cnt > UIO_MAXIOV) {
2203 error = EINVAL;
2204 goto out;
2205 }
2206 if (uap->cnt > somaxrecvmsgx)
2207 uap->cnt = somaxrecvmsgx;
2208
2209 user_msg_x = _MALLOC(uap->cnt * sizeof(struct user_msghdr_x),
2210 M_TEMP, M_WAITOK | M_ZERO);
2211 if (user_msg_x == NULL) {
2212 DBG_PRINTF("%s _MALLOC() user_msg_x failed\n", __func__);
2213 error = ENOMEM;
2214 goto out;
2215 }
2216 recv_msg_array = alloc_recv_msg_array(uap->cnt);
2217 if (recv_msg_array == NULL) {
2218 DBG_PRINTF("%s alloc_recv_msg_array() failed\n", __func__);
2219 error = ENOMEM;
2220 goto out;
2221 }
2222 size_of_msghdr = IS_64BIT_PROCESS(p) ?
2223 sizeof(struct user64_msghdr_x) : sizeof(struct user32_msghdr_x);
2224
2225 umsgp = _MALLOC(uap->cnt * size_of_msghdr, M_TEMP, M_WAITOK | M_ZERO);
2226 if (umsgp == NULL) {
2227 DBG_PRINTF("%s _MALLOC() umsgp failed\n", __func__);
2228 error = ENOMEM;
2229 goto out;
2230 }
2231 error = copyin(uap->msgp, umsgp, uap->cnt * size_of_msghdr);
2232 if (error) {
2233 DBG_PRINTF("%s copyin() failed\n", __func__);
2234 goto out;
2235 }
2236 error = internalize_recv_msghdr_array(umsgp,
2237 IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32,
2238 UIO_READ, uap->cnt, user_msg_x, recv_msg_array);
2239 if (error) {
2240 DBG_PRINTF("%s copyin_user_msghdr_array() failed\n", __func__);
2241 goto out;
2242 }
2243 /*
2244 * Make sure the size of each message iovec and
2245 * the aggregate size of all the iovec is valid
2246 */
2247 if (recv_msg_array_is_valid(recv_msg_array, uap->cnt) == 0) {
2248 error = EINVAL;
2249 goto out;
2250 }
2251 /*
2252 * Sanity check on passed arguments
2253 */
2254 for (i = 0; i < uap->cnt; i++) {
2255 struct user_msghdr_x *mp = user_msg_x + i;
2256
2257 if (mp->msg_flags != 0) {
2258 error = EINVAL;
2259 goto out;
2260 }
2261 }
2262 #if CONFIG_MACF_SOCKET_SUBSET
2263 /*
2264 * We check the state without holding the socket lock;
2265 * if a race condition occurs, it would simply result
2266 * in an extra call to the MAC check function.
2267 */
2268 if (!(so->so_state & SS_DEFUNCT) &&
2269 !(so->so_state & SS_ISCONNECTED) &&
2270 !(so->so_proto->pr_flags & PR_CONNREQUIRED) &&
2271 (error = mac_socket_check_receive(kauth_cred_get(), so)) != 0)
2272 goto out;
2273 #endif /* MAC_SOCKET_SUBSET */
2274
2275 len_before = recv_msg_array_resid(recv_msg_array, uap->cnt);
2276
2277 if (so->so_proto->pr_usrreqs->pru_soreceive_list !=
2278 pru_soreceive_list_notsupp &&
2279 somaxrecvmsgx == 0) {
2280 error = so->so_proto->pr_usrreqs->pru_soreceive_list(so,
2281 recv_msg_array, uap->cnt, &uap->flags);
2282 } else {
2283 int flags = uap->flags;
2284
2285 for (i = 0; i < uap->cnt; i++) {
2286 struct recv_msg_elem *recv_msg_elem;
2287 uio_t auio;
2288 struct sockaddr **psa;
2289 struct mbuf **controlp;
2290
2291 recv_msg_elem = recv_msg_array + i;
2292 auio = recv_msg_elem->uio;
2293
2294 /*
2295 * Do not block if we got at least one packet
2296 */
2297 if (i > 0)
2298 flags |= MSG_DONTWAIT;
2299
2300 psa = (recv_msg_elem->which & SOCK_MSG_SA) ?
2301 &recv_msg_elem->psa : NULL;
2302 controlp = (recv_msg_elem->which & SOCK_MSG_CONTROL) ?
2303 &recv_msg_elem->controlp : NULL;
2304
2305 error = so->so_proto->pr_usrreqs->pru_soreceive(so, psa,
2306 auio, (struct mbuf **)0, controlp, &flags);
2307 if (error)
2308 break;
2309 /*
2310 * We have some data
2311 */
2312 recv_msg_elem->which |= SOCK_MSG_DATA;
2313 /*
2314 * Stop on partial copy
2315 */
2316 if (flags & (MSG_RCVMORE | MSG_TRUNC))
2317 break;
2318 }
2319 if ((uap->flags & MSG_DONTWAIT) == 0)
2320 flags &= ~MSG_DONTWAIT;
2321 uap->flags = flags;
2322 }
2323
2324 len_after = recv_msg_array_resid(recv_msg_array, uap->cnt);
2325
2326 if (error) {
2327 if (len_after != len_before && (error == ERESTART ||
2328 error == EINTR || error == EWOULDBLOCK))
2329 error = 0;
2330 else
2331 goto out;
2332 }
2333
2334 uiocnt = externalize_recv_msghdr_array(umsgp,
2335 IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32,
2336 UIO_READ, uap->cnt, user_msg_x, recv_msg_array);
2337
2338 error = copyout(umsgp, uap->msgp, uap->cnt * size_of_msghdr);
2339 if (error) {
2340 DBG_PRINTF("%s copyout() failed\n", __func__);
2341 goto out;
2342 }
2343 *retval = (int)(uiocnt);
2344
2345 for (i = 0; i < uap->cnt; i++) {
2346 struct user_msghdr_x *mp = user_msg_x + i;
2347 struct recv_msg_elem *recv_msg_elem = recv_msg_array + i;
2348 struct sockaddr *fromsa = recv_msg_elem->psa;
2349
2350 if (mp->msg_name) {
2351 error = copyout_sa(fromsa, mp->msg_name,
2352 &mp->msg_namelen);
2353 if (error)
2354 goto out;
2355 }
2356 if (mp->msg_control) {
2357 error = copyout_control(p, recv_msg_elem->controlp,
2358 mp->msg_control, &mp->msg_controllen,
2359 &mp->msg_flags);
2360 if (error)
2361 goto out;
2362 }
2363 }
2364 out:
2365 if (need_drop)
2366 file_drop(uap->s);
2367 if (umsgp != NULL)
2368 _FREE(umsgp, M_TEMP);
2369 if (recv_msg_array != NULL)
2370 free_recv_msg_array(recv_msg_array, uap->cnt);
2371 if (user_msg_x != NULL)
2372 _FREE(user_msg_x, M_TEMP);
2373
2374 KERNEL_DEBUG(DBG_FNC_RECVMSG_X | DBG_FUNC_END, error, 0, 0, 0, 0);
2375
2376 return (error);
2377 }
2378
2379 /*
2380 * Returns: 0 Success
2381 * EBADF
2382 * file_socket:ENOTSOCK
2383 * file_socket:EBADF
2384 * soshutdown:EINVAL
2385 * soshutdown:ENOTCONN
2386 * soshutdown:EADDRNOTAVAIL[TCP]
2387 * soshutdown:ENOBUFS[TCP]
2388 * soshutdown:EMSGSIZE[TCP]
2389 * soshutdown:EHOSTUNREACH[TCP]
2390 * soshutdown:ENETUNREACH[TCP]
2391 * soshutdown:ENETDOWN[TCP]
2392 * soshutdown:ENOMEM[TCP]
2393 * soshutdown:EACCES[TCP]
2394 * soshutdown:EMSGSIZE[TCP]
2395 * soshutdown:ENOBUFS[TCP]
2396 * soshutdown:???[TCP] [ignorable: mostly IPSEC/firewall/DLIL]
2397 * soshutdown:??? [other protocol families]
2398 */
2399 /* ARGSUSED */
2400 int
2401 shutdown(__unused struct proc *p, struct shutdown_args *uap,
2402 __unused int32_t *retval)
2403 {
2404 struct socket *so;
2405 int error;
2406
2407 AUDIT_ARG(fd, uap->s);
2408 error = file_socket(uap->s, &so);
2409 if (error)
2410 return (error);
2411 if (so == NULL) {
2412 error = EBADF;
2413 goto out;
2414 }
2415 error = soshutdown((struct socket *)so, uap->how);
2416 out:
2417 file_drop(uap->s);
2418 return (error);
2419 }
2420
2421 /*
2422 * Returns: 0 Success
2423 * EFAULT
2424 * EINVAL
2425 * EACCES Mandatory Access Control failure
2426 * file_socket:ENOTSOCK
2427 * file_socket:EBADF
2428 * sosetopt:EINVAL
2429 * sosetopt:ENOPROTOOPT
2430 * sosetopt:ENOBUFS
2431 * sosetopt:EDOM
2432 * sosetopt:EFAULT
2433 * sosetopt:EOPNOTSUPP[AF_UNIX]
2434 * sosetopt:???
2435 */
2436 /* ARGSUSED */
2437 int
2438 setsockopt(struct proc *p, struct setsockopt_args *uap,
2439 __unused int32_t *retval)
2440 {
2441 struct socket *so;
2442 struct sockopt sopt;
2443 int error;
2444
2445 AUDIT_ARG(fd, uap->s);
2446 if (uap->val == 0 && uap->valsize != 0)
2447 return (EFAULT);
2448 /* No bounds checking on size (it's unsigned) */
2449
2450 error = file_socket(uap->s, &so);
2451 if (error)
2452 return (error);
2453
2454 sopt.sopt_dir = SOPT_SET;
2455 sopt.sopt_level = uap->level;
2456 sopt.sopt_name = uap->name;
2457 sopt.sopt_val = uap->val;
2458 sopt.sopt_valsize = uap->valsize;
2459 sopt.sopt_p = p;
2460
2461 if (so == NULL) {
2462 error = EINVAL;
2463 goto out;
2464 }
2465 #if CONFIG_MACF_SOCKET_SUBSET
2466 if ((error = mac_socket_check_setsockopt(kauth_cred_get(), so,
2467 &sopt)) != 0)
2468 goto out;
2469 #endif /* MAC_SOCKET_SUBSET */
2470 error = sosetoptlock(so, &sopt, 1); /* will lock socket */
2471 out:
2472 file_drop(uap->s);
2473 return (error);
2474 }
2475
2476
2477
2478 /*
2479 * Returns: 0 Success
2480 * EINVAL
2481 * EBADF
2482 * EACCES Mandatory Access Control failure
2483 * copyin:EFAULT
2484 * copyout:EFAULT
2485 * file_socket:ENOTSOCK
2486 * file_socket:EBADF
2487 * sogetopt:???
2488 */
2489 int
2490 getsockopt(struct proc *p, struct getsockopt_args *uap,
2491 __unused int32_t *retval)
2492 {
2493 int error;
2494 socklen_t valsize;
2495 struct sockopt sopt;
2496 struct socket *so;
2497
2498 error = file_socket(uap->s, &so);
2499 if (error)
2500 return (error);
2501 if (uap->val) {
2502 error = copyin(uap->avalsize, (caddr_t)&valsize,
2503 sizeof (valsize));
2504 if (error)
2505 goto out;
2506 /* No bounds checking on size (it's unsigned) */
2507 } else {
2508 valsize = 0;
2509 }
2510 sopt.sopt_dir = SOPT_GET;
2511 sopt.sopt_level = uap->level;
2512 sopt.sopt_name = uap->name;
2513 sopt.sopt_val = uap->val;
2514 sopt.sopt_valsize = (size_t)valsize; /* checked non-negative above */
2515 sopt.sopt_p = p;
2516
2517 if (so == NULL) {
2518 error = EBADF;
2519 goto out;
2520 }
2521 #if CONFIG_MACF_SOCKET_SUBSET
2522 if ((error = mac_socket_check_getsockopt(kauth_cred_get(), so,
2523 &sopt)) != 0)
2524 goto out;
2525 #endif /* MAC_SOCKET_SUBSET */
2526 error = sogetoptlock((struct socket *)so, &sopt, 1); /* will lock */
2527 if (error == 0) {
2528 valsize = sopt.sopt_valsize;
2529 error = copyout((caddr_t)&valsize, uap->avalsize,
2530 sizeof (valsize));
2531 }
2532 out:
2533 file_drop(uap->s);
2534 return (error);
2535 }
2536
2537
2538 /*
2539 * Get socket name.
2540 *
2541 * Returns: 0 Success
2542 * EBADF
2543 * file_socket:ENOTSOCK
2544 * file_socket:EBADF
2545 * copyin:EFAULT
2546 * copyout:EFAULT
2547 * <pru_sockaddr>:ENOBUFS[TCP]
2548 * <pru_sockaddr>:ECONNRESET[TCP]
2549 * <pru_sockaddr>:EINVAL[AF_UNIX]
2550 * <sf_getsockname>:???
2551 */
2552 /* ARGSUSED */
2553 int
2554 getsockname(__unused struct proc *p, struct getsockname_args *uap,
2555 __unused int32_t *retval)
2556 {
2557 struct socket *so;
2558 struct sockaddr *sa;
2559 socklen_t len;
2560 socklen_t sa_len;
2561 int error;
2562
2563 error = file_socket(uap->fdes, &so);
2564 if (error)
2565 return (error);
2566 error = copyin(uap->alen, (caddr_t)&len, sizeof (socklen_t));
2567 if (error)
2568 goto out;
2569 if (so == NULL) {
2570 error = EBADF;
2571 goto out;
2572 }
2573 sa = 0;
2574 socket_lock(so, 1);
2575 error = (*so->so_proto->pr_usrreqs->pru_sockaddr)(so, &sa);
2576 if (error == 0) {
2577 error = sflt_getsockname(so, &sa);
2578 if (error == EJUSTRETURN)
2579 error = 0;
2580 }
2581 socket_unlock(so, 1);
2582 if (error)
2583 goto bad;
2584 if (sa == 0) {
2585 len = 0;
2586 goto gotnothing;
2587 }
2588
2589 sa_len = sa->sa_len;
2590 len = MIN(len, sa_len);
2591 error = copyout((caddr_t)sa, uap->asa, len);
2592 if (error)
2593 goto bad;
2594 /* return the actual, untruncated address length */
2595 len = sa_len;
2596 gotnothing:
2597 error = copyout((caddr_t)&len, uap->alen, sizeof (socklen_t));
2598 bad:
2599 if (sa)
2600 FREE(sa, M_SONAME);
2601 out:
2602 file_drop(uap->fdes);
2603 return (error);
2604 }
2605
2606 /*
2607 * Get name of peer for connected socket.
2608 *
2609 * Returns: 0 Success
2610 * EBADF
2611 * EINVAL
2612 * ENOTCONN
2613 * file_socket:ENOTSOCK
2614 * file_socket:EBADF
2615 * copyin:EFAULT
2616 * copyout:EFAULT
2617 * <pru_peeraddr>:???
2618 * <sf_getpeername>:???
2619 */
2620 /* ARGSUSED */
2621 int
2622 getpeername(__unused struct proc *p, struct getpeername_args *uap,
2623 __unused int32_t *retval)
2624 {
2625 struct socket *so;
2626 struct sockaddr *sa;
2627 socklen_t len;
2628 socklen_t sa_len;
2629 int error;
2630
2631 error = file_socket(uap->fdes, &so);
2632 if (error)
2633 return (error);
2634 if (so == NULL) {
2635 error = EBADF;
2636 goto out;
2637 }
2638
2639 socket_lock(so, 1);
2640
2641 if ((so->so_state & (SS_CANTRCVMORE | SS_CANTSENDMORE)) ==
2642 (SS_CANTRCVMORE | SS_CANTSENDMORE)) {
2643 /* the socket has been shutdown, no more getpeername's */
2644 socket_unlock(so, 1);
2645 error = EINVAL;
2646 goto out;
2647 }
2648
2649 if ((so->so_state & (SS_ISCONNECTED|SS_ISCONFIRMING)) == 0) {
2650 socket_unlock(so, 1);
2651 error = ENOTCONN;
2652 goto out;
2653 }
2654 error = copyin(uap->alen, (caddr_t)&len, sizeof (socklen_t));
2655 if (error) {
2656 socket_unlock(so, 1);
2657 goto out;
2658 }
2659 sa = 0;
2660 error = (*so->so_proto->pr_usrreqs->pru_peeraddr)(so, &sa);
2661 if (error == 0) {
2662 error = sflt_getpeername(so, &sa);
2663 if (error == EJUSTRETURN)
2664 error = 0;
2665 }
2666 socket_unlock(so, 1);
2667 if (error)
2668 goto bad;
2669 if (sa == 0) {
2670 len = 0;
2671 goto gotnothing;
2672 }
2673 sa_len = sa->sa_len;
2674 len = MIN(len, sa_len);
2675 error = copyout(sa, uap->asa, len);
2676 if (error)
2677 goto bad;
2678 /* return the actual, untruncated address length */
2679 len = sa_len;
2680 gotnothing:
2681 error = copyout((caddr_t)&len, uap->alen, sizeof (socklen_t));
2682 bad:
2683 if (sa) FREE(sa, M_SONAME);
2684 out:
2685 file_drop(uap->fdes);
2686 return (error);
2687 }
2688
2689 int
2690 sockargs(struct mbuf **mp, user_addr_t data, int buflen, int type)
2691 {
2692 struct sockaddr *sa;
2693 struct mbuf *m;
2694 int error;
2695
2696 size_t alloc_buflen = (size_t)buflen;
2697
2698 if (alloc_buflen > INT_MAX/2)
2699 return (EINVAL);
2700 #ifdef __LP64__
2701 /*
2702 * The fd's in the buffer must expand to be pointers, thus we need twice
2703 * as much space
2704 */
2705 if (type == MT_CONTROL)
2706 alloc_buflen = ((buflen - sizeof(struct cmsghdr))*2) +
2707 sizeof(struct cmsghdr);
2708 #endif
2709 if (alloc_buflen > MLEN) {
2710 if (type == MT_SONAME && alloc_buflen <= 112)
2711 alloc_buflen = MLEN; /* unix domain compat. hack */
2712 else if (alloc_buflen > MCLBYTES)
2713 return (EINVAL);
2714 }
2715 m = m_get(M_WAIT, type);
2716 if (m == NULL)
2717 return (ENOBUFS);
2718 if (alloc_buflen > MLEN) {
2719 MCLGET(m, M_WAIT);
2720 if ((m->m_flags & M_EXT) == 0) {
2721 m_free(m);
2722 return (ENOBUFS);
2723 }
2724 }
2725 /*
2726 * K64: We still copyin the original buflen because it gets expanded
2727 * later and we lie about the size of the mbuf because it only affects
2728 * unp_* functions
2729 */
2730 m->m_len = buflen;
2731 error = copyin(data, mtod(m, caddr_t), (u_int)buflen);
2732 if (error) {
2733 (void) m_free(m);
2734 } else {
2735 *mp = m;
2736 if (type == MT_SONAME) {
2737 sa = mtod(m, struct sockaddr *);
2738 sa->sa_len = buflen;
2739 }
2740 }
2741 return (error);
2742 }
2743
2744 /*
2745 * Given a user_addr_t of length len, allocate and fill out a *sa.
2746 *
2747 * Returns: 0 Success
2748 * ENAMETOOLONG Filename too long
2749 * EINVAL Invalid argument
2750 * ENOMEM Not enough space
2751 * copyin:EFAULT Bad address
2752 */
2753 static int
2754 getsockaddr(struct socket *so, struct sockaddr **namp, user_addr_t uaddr,
2755 size_t len, boolean_t translate_unspec)
2756 {
2757 struct sockaddr *sa;
2758 int error;
2759 size_t alloclen;
2760
2761 if (len > SOCK_MAXADDRLEN)
2762 return (ENAMETOOLONG);
2763
2764 if (len < offsetof(struct sockaddr, sa_data[0]))
2765 return (EINVAL);
2766
2767 /*
2768 * Workaround for rdar://23362120
2769 * Allways allocate a buffer that can hold an IPv6 socket address
2770 */
2771 alloclen = MAX(len, sizeof(struct sockaddr_in6));
2772 MALLOC(sa, struct sockaddr *, alloclen, M_SONAME, M_WAITOK | M_ZERO);
2773 if (sa == NULL) {
2774 return (ENOMEM);
2775 }
2776 error = copyin(uaddr, (caddr_t)sa, len);
2777 if (error) {
2778 FREE(sa, M_SONAME);
2779 } else {
2780 /*
2781 * Force sa_family to AF_INET on AF_INET sockets to handle
2782 * legacy applications that use AF_UNSPEC (0). On all other
2783 * sockets we leave it unchanged and let the lower layer
2784 * handle it.
2785 */
2786 if (translate_unspec && sa->sa_family == AF_UNSPEC &&
2787 SOCK_CHECK_DOM(so, PF_INET) &&
2788 len == sizeof (struct sockaddr_in))
2789 sa->sa_family = AF_INET;
2790
2791 sa->sa_len = len;
2792 *namp = sa;
2793 }
2794 return (error);
2795 }
2796
2797 static int
2798 getsockaddr_s(struct socket *so, struct sockaddr_storage *ss,
2799 user_addr_t uaddr, size_t len, boolean_t translate_unspec)
2800 {
2801 int error;
2802
2803 if (ss == NULL || uaddr == USER_ADDR_NULL ||
2804 len < offsetof(struct sockaddr, sa_data[0]))
2805 return (EINVAL);
2806
2807 /*
2808 * sockaddr_storage size is less than SOCK_MAXADDRLEN,
2809 * so the check here is inclusive.
2810 */
2811 if (len > sizeof (*ss))
2812 return (ENAMETOOLONG);
2813
2814 bzero(ss, sizeof (*ss));
2815 error = copyin(uaddr, (caddr_t)ss, len);
2816 if (error == 0) {
2817 /*
2818 * Force sa_family to AF_INET on AF_INET sockets to handle
2819 * legacy applications that use AF_UNSPEC (0). On all other
2820 * sockets we leave it unchanged and let the lower layer
2821 * handle it.
2822 */
2823 if (translate_unspec && ss->ss_family == AF_UNSPEC &&
2824 SOCK_CHECK_DOM(so, PF_INET) &&
2825 len == sizeof (struct sockaddr_in))
2826 ss->ss_family = AF_INET;
2827
2828 ss->ss_len = len;
2829 }
2830 return (error);
2831 }
2832
2833 /*
2834 * Hard limit on the number of source and/or destination addresses
2835 * that can be specified by an application.
2836 */
2837 #define SOCKADDRLIST_MAX_ENTRIES 64
2838
2839 static int
2840 getsockaddrlist(struct socket *so, struct sockaddr_list **slp,
2841 user_addr_t uaddr, socklen_t uaddrlen, boolean_t xlate_unspec)
2842 {
2843 struct sockaddr_list *sl;
2844 int error = 0;
2845
2846 *slp = NULL;
2847
2848 if (uaddr == USER_ADDR_NULL || uaddrlen == 0)
2849 return (EINVAL);
2850
2851 sl = sockaddrlist_alloc(M_WAITOK);
2852 if (sl == NULL)
2853 return (ENOMEM);
2854
2855 VERIFY(sl->sl_cnt == 0);
2856 while (uaddrlen > 0 && sl->sl_cnt < SOCKADDRLIST_MAX_ENTRIES) {
2857 struct sockaddr_storage ss;
2858 struct sockaddr_entry *se;
2859 struct sockaddr *sa;
2860
2861 if (uaddrlen < sizeof (struct sockaddr)) {
2862 error = EINVAL;
2863 break;
2864 }
2865
2866 bzero(&ss, sizeof (ss));
2867 error = copyin(uaddr, (caddr_t)&ss, sizeof (struct sockaddr));
2868 if (error != 0)
2869 break;
2870
2871 /* getsockaddr does the same but we need them now */
2872 if (uaddrlen < ss.ss_len ||
2873 ss.ss_len < offsetof(struct sockaddr, sa_data[0])) {
2874 error = EINVAL;
2875 break;
2876 } else if (ss.ss_len > sizeof (ss)) {
2877 /*
2878 * sockaddr_storage size is less than SOCK_MAXADDRLEN,
2879 * so the check here is inclusive. We could user the
2880 * latter instead, but seems like an overkill for now.
2881 */
2882 error = ENAMETOOLONG;
2883 break;
2884 }
2885
2886 se = sockaddrentry_alloc(M_WAITOK);
2887 if (se == NULL)
2888 break;
2889
2890 sockaddrlist_insert(sl, se);
2891
2892 error = getsockaddr(so, &sa, uaddr, ss.ss_len, xlate_unspec);
2893 if (error != 0)
2894 break;
2895
2896 VERIFY(sa != NULL && sa->sa_len == ss.ss_len);
2897 se->se_addr = sa;
2898
2899 uaddr += ss.ss_len;
2900 VERIFY(((signed)uaddrlen - ss.ss_len) >= 0);
2901 uaddrlen -= ss.ss_len;
2902 }
2903
2904 if (error != 0)
2905 sockaddrlist_free(sl);
2906 else
2907 *slp = sl;
2908
2909 return (error);
2910 }
2911
2912 int
2913 internalize_user_msghdr_array(const void *src, int spacetype, int direction,
2914 u_int count, struct user_msghdr_x *dst, struct uio **uiop)
2915 {
2916 int error = 0;
2917 u_int i;
2918 u_int namecnt = 0;
2919 u_int ctlcnt = 0;
2920
2921 for (i = 0; i < count; i++) {
2922 uio_t auio;
2923 struct user_iovec *iovp;
2924 struct user_msghdr_x *user_msg = dst + i;
2925
2926 if (spacetype == UIO_USERSPACE64) {
2927 const struct user64_msghdr_x *msghdr64;
2928
2929 msghdr64 = ((const struct user64_msghdr_x *)src) + i;
2930
2931 user_msg->msg_name = msghdr64->msg_name;
2932 user_msg->msg_namelen = msghdr64->msg_namelen;
2933 user_msg->msg_iov = msghdr64->msg_iov;
2934 user_msg->msg_iovlen = msghdr64->msg_iovlen;
2935 user_msg->msg_control = msghdr64->msg_control;
2936 user_msg->msg_controllen = msghdr64->msg_controllen;
2937 user_msg->msg_flags = msghdr64->msg_flags;
2938 user_msg->msg_datalen = msghdr64->msg_datalen;
2939 } else {
2940 const struct user32_msghdr_x *msghdr32;
2941
2942 msghdr32 = ((const struct user32_msghdr_x *)src) + i;
2943
2944 user_msg->msg_name = msghdr32->msg_name;
2945 user_msg->msg_namelen = msghdr32->msg_namelen;
2946 user_msg->msg_iov = msghdr32->msg_iov;
2947 user_msg->msg_iovlen = msghdr32->msg_iovlen;
2948 user_msg->msg_control = msghdr32->msg_control;
2949 user_msg->msg_controllen = msghdr32->msg_controllen;
2950 user_msg->msg_flags = msghdr32->msg_flags;
2951 user_msg->msg_datalen = msghdr32->msg_datalen;
2952 }
2953
2954 if (user_msg->msg_iovlen <= 0 ||
2955 user_msg->msg_iovlen > UIO_MAXIOV) {
2956 error = EMSGSIZE;
2957 goto done;
2958 }
2959 auio = uio_create(user_msg->msg_iovlen, 0, spacetype,
2960 direction);
2961 if (auio == NULL) {
2962 error = ENOMEM;
2963 goto done;
2964 }
2965 uiop[i] = auio;
2966
2967 iovp = uio_iovsaddr(auio);
2968 if (iovp == NULL) {
2969 error = ENOMEM;
2970 goto done;
2971 }
2972 error = copyin_user_iovec_array(user_msg->msg_iov,
2973 spacetype, user_msg->msg_iovlen, iovp);
2974 if (error)
2975 goto done;
2976 user_msg->msg_iov = CAST_USER_ADDR_T(iovp);
2977
2978 error = uio_calculateresid(auio);
2979 if (error)
2980 goto done;
2981 user_msg->msg_datalen = uio_resid(auio);
2982
2983 if (user_msg->msg_name && user_msg->msg_namelen)
2984 namecnt++;
2985 if (user_msg->msg_control && user_msg->msg_controllen)
2986 ctlcnt++;
2987 }
2988 done:
2989
2990 return (error);
2991 }
2992
2993 int
2994 internalize_recv_msghdr_array(const void *src, int spacetype, int direction,
2995 u_int count, struct user_msghdr_x *dst,
2996 struct recv_msg_elem *recv_msg_array)
2997 {
2998 int error = 0;
2999 u_int i;
3000
3001 for (i = 0; i < count; i++) {
3002 struct user_iovec *iovp;
3003 struct user_msghdr_x *user_msg = dst + i;
3004 struct recv_msg_elem *recv_msg_elem = recv_msg_array + i;
3005
3006 if (spacetype == UIO_USERSPACE64) {
3007 const struct user64_msghdr_x *msghdr64;
3008
3009 msghdr64 = ((const struct user64_msghdr_x *)src) + i;
3010
3011 user_msg->msg_name = msghdr64->msg_name;
3012 user_msg->msg_namelen = msghdr64->msg_namelen;
3013 user_msg->msg_iov = msghdr64->msg_iov;
3014 user_msg->msg_iovlen = msghdr64->msg_iovlen;
3015 user_msg->msg_control = msghdr64->msg_control;
3016 user_msg->msg_controllen = msghdr64->msg_controllen;
3017 user_msg->msg_flags = msghdr64->msg_flags;
3018 user_msg->msg_datalen = msghdr64->msg_datalen;
3019 } else {
3020 const struct user32_msghdr_x *msghdr32;
3021
3022 msghdr32 = ((const struct user32_msghdr_x *)src) + i;
3023
3024 user_msg->msg_name = msghdr32->msg_name;
3025 user_msg->msg_namelen = msghdr32->msg_namelen;
3026 user_msg->msg_iov = msghdr32->msg_iov;
3027 user_msg->msg_iovlen = msghdr32->msg_iovlen;
3028 user_msg->msg_control = msghdr32->msg_control;
3029 user_msg->msg_controllen = msghdr32->msg_controllen;
3030 user_msg->msg_flags = msghdr32->msg_flags;
3031 user_msg->msg_datalen = msghdr32->msg_datalen;
3032 }
3033
3034 if (user_msg->msg_iovlen <= 0 ||
3035 user_msg->msg_iovlen > UIO_MAXIOV) {
3036 error = EMSGSIZE;
3037 goto done;
3038 }
3039 recv_msg_elem->uio = uio_create(user_msg->msg_iovlen, 0,
3040 spacetype, direction);
3041 if (recv_msg_elem->uio == NULL) {
3042 error = ENOMEM;
3043 goto done;
3044 }
3045
3046 iovp = uio_iovsaddr(recv_msg_elem->uio);
3047 if (iovp == NULL) {
3048 error = ENOMEM;
3049 goto done;
3050 }
3051 error = copyin_user_iovec_array(user_msg->msg_iov,
3052 spacetype, user_msg->msg_iovlen, iovp);
3053 if (error)
3054 goto done;
3055 user_msg->msg_iov = CAST_USER_ADDR_T(iovp);
3056
3057 error = uio_calculateresid(recv_msg_elem->uio);
3058 if (error)
3059 goto done;
3060 user_msg->msg_datalen = uio_resid(recv_msg_elem->uio);
3061
3062 if (user_msg->msg_name && user_msg->msg_namelen)
3063 recv_msg_elem->which |= SOCK_MSG_SA;
3064 if (user_msg->msg_control && user_msg->msg_controllen)
3065 recv_msg_elem->which |= SOCK_MSG_CONTROL;
3066 }
3067 done:
3068
3069 return (error);
3070 }
3071
3072 u_int
3073 externalize_user_msghdr_array(void *dst, int spacetype, int direction,
3074 u_int count, const struct user_msghdr_x *src, struct uio **uiop)
3075 {
3076 #pragma unused(direction)
3077 u_int i;
3078 int seenlast = 0;
3079 u_int retcnt = 0;
3080
3081 for (i = 0; i < count; i++) {
3082 const struct user_msghdr_x *user_msg = src + i;
3083 uio_t auio = uiop[i];
3084 user_ssize_t len = user_msg->msg_datalen - uio_resid(auio);
3085
3086 if (user_msg->msg_datalen != 0 && len == 0)
3087 seenlast = 1;
3088
3089 if (seenlast == 0)
3090 retcnt ++;
3091
3092 if (spacetype == UIO_USERSPACE64) {
3093 struct user64_msghdr_x *msghdr64;
3094
3095 msghdr64 = ((struct user64_msghdr_x *)dst) + i;
3096
3097 msghdr64->msg_flags = user_msg->msg_flags;
3098 msghdr64->msg_datalen = len;
3099
3100 } else {
3101 struct user32_msghdr_x *msghdr32;
3102
3103 msghdr32 = ((struct user32_msghdr_x *)dst) + i;
3104
3105 msghdr32->msg_flags = user_msg->msg_flags;
3106 msghdr32->msg_datalen = len;
3107 }
3108 }
3109 return (retcnt);
3110 }
3111
3112 u_int
3113 externalize_recv_msghdr_array(void *dst, int spacetype, int direction,
3114 u_int count, const struct user_msghdr_x *src,
3115 struct recv_msg_elem *recv_msg_array)
3116 {
3117 u_int i;
3118 int seenlast = 0;
3119 u_int retcnt = 0;
3120
3121 for (i = 0; i < count; i++) {
3122 const struct user_msghdr_x *user_msg = src + i;
3123 struct recv_msg_elem *recv_msg_elem = recv_msg_array + i;
3124 user_ssize_t len;
3125
3126 len = user_msg->msg_datalen - uio_resid(recv_msg_elem->uio);
3127
3128 if (direction == UIO_READ) {
3129 if ((recv_msg_elem->which & SOCK_MSG_DATA) == 0)
3130 seenlast = 1;
3131 } else {
3132 if (user_msg->msg_datalen != 0 && len == 0)
3133 seenlast = 1;
3134 }
3135
3136 if (seenlast == 0)
3137 retcnt ++;
3138
3139 if (spacetype == UIO_USERSPACE64) {
3140 struct user64_msghdr_x *msghdr64;
3141
3142 msghdr64 = ((struct user64_msghdr_x *)dst) + i;
3143
3144 msghdr64->msg_flags = user_msg->msg_flags;
3145 msghdr64->msg_datalen = len;
3146
3147 } else {
3148 struct user32_msghdr_x *msghdr32;
3149
3150 msghdr32 = ((struct user32_msghdr_x *)dst) + i;
3151
3152 msghdr32->msg_flags = user_msg->msg_flags;
3153 msghdr32->msg_datalen = len;
3154 }
3155 }
3156 return (retcnt);
3157 }
3158
3159 void
3160 free_uio_array(struct uio **uiop, u_int count)
3161 {
3162 u_int i;
3163
3164 for (i = 0; i < count; i++) {
3165 if (uiop[i] != NULL)
3166 uio_free(uiop[i]);
3167 }
3168 }
3169
3170 __private_extern__ user_ssize_t
3171 uio_array_resid(struct uio **uiop, u_int count)
3172 {
3173 user_ssize_t len = 0;
3174 u_int i;
3175
3176 for (i = 0; i < count; i++) {
3177 struct uio *auio = uiop[i];
3178
3179 if (auio != NULL)
3180 len += uio_resid(auio);
3181 }
3182 return (len);
3183 }
3184
3185 int
3186 uio_array_is_valid(struct uio **uiop, u_int count)
3187 {
3188 user_ssize_t len = 0;
3189 u_int i;
3190
3191 for (i = 0; i < count; i++) {
3192 struct uio *auio = uiop[i];
3193
3194 if (auio != NULL) {
3195 user_ssize_t resid = uio_resid(auio);
3196
3197 /*
3198 * Sanity check on the validity of the iovec:
3199 * no point of going over sb_max
3200 */
3201 if (resid < 0 || (u_int32_t)resid > sb_max)
3202 return (0);
3203
3204 len += resid;
3205 if (len < 0 || (u_int32_t)len > sb_max)
3206 return (0);
3207 }
3208 }
3209 return (1);
3210 }
3211
3212
3213 struct recv_msg_elem *
3214 alloc_recv_msg_array(u_int count)
3215 {
3216 struct recv_msg_elem *recv_msg_array;
3217
3218 recv_msg_array = _MALLOC(count * sizeof(struct recv_msg_elem),
3219 M_TEMP, M_WAITOK | M_ZERO);
3220
3221 return (recv_msg_array);
3222 }
3223
3224 void
3225 free_recv_msg_array(struct recv_msg_elem *recv_msg_array, u_int count)
3226 {
3227 u_int i;
3228
3229 for (i = 0; i < count; i++) {
3230 struct recv_msg_elem *recv_msg_elem = recv_msg_array + i;
3231
3232 if (recv_msg_elem->uio != NULL)
3233 uio_free(recv_msg_elem->uio);
3234 if (recv_msg_elem->psa != NULL)
3235 _FREE(recv_msg_elem->psa, M_TEMP);
3236 if (recv_msg_elem->controlp != NULL)
3237 m_freem(recv_msg_elem->controlp);
3238 }
3239 _FREE(recv_msg_array, M_TEMP);
3240 }
3241
3242
3243 __private_extern__ user_ssize_t
3244 recv_msg_array_resid(struct recv_msg_elem *recv_msg_array, u_int count)
3245 {
3246 user_ssize_t len = 0;
3247 u_int i;
3248
3249 for (i = 0; i < count; i++) {
3250 struct recv_msg_elem *recv_msg_elem = recv_msg_array + i;
3251
3252 if (recv_msg_elem->uio != NULL)
3253 len += uio_resid(recv_msg_elem->uio);
3254 }
3255 return (len);
3256 }
3257
3258 int
3259 recv_msg_array_is_valid(struct recv_msg_elem *recv_msg_array, u_int count)
3260 {
3261 user_ssize_t len = 0;
3262 u_int i;
3263
3264 for (i = 0; i < count; i++) {
3265 struct recv_msg_elem *recv_msg_elem = recv_msg_array + i;
3266
3267 if (recv_msg_elem->uio != NULL) {
3268 user_ssize_t resid = uio_resid(recv_msg_elem->uio);
3269
3270 /*
3271 * Sanity check on the validity of the iovec:
3272 * no point of going over sb_max
3273 */
3274 if (resid < 0 || (u_int32_t)resid > sb_max)
3275 return (0);
3276
3277 len += resid;
3278 if (len < 0 || (u_int32_t)len > sb_max)
3279 return (0);
3280 }
3281 }
3282 return (1);
3283 }
3284
3285 #if SENDFILE
3286
3287 #define SFUIOBUFS 64
3288
3289 /* Macros to compute the number of mbufs needed depending on cluster size */
3290 #define HOWMANY_16K(n) ((((unsigned int)(n) - 1) >> M16KCLSHIFT) + 1)
3291 #define HOWMANY_4K(n) ((((unsigned int)(n) - 1) >> MBIGCLSHIFT) + 1)
3292
3293 /* Upper send limit in bytes (SFUIOBUFS * PAGESIZE) */
3294 #define SENDFILE_MAX_BYTES (SFUIOBUFS << PGSHIFT)
3295
3296 /* Upper send limit in the number of mbuf clusters */
3297 #define SENDFILE_MAX_16K HOWMANY_16K(SENDFILE_MAX_BYTES)
3298 #define SENDFILE_MAX_4K HOWMANY_4K(SENDFILE_MAX_BYTES)
3299
3300 static void
3301 alloc_sendpkt(int how, size_t pktlen, unsigned int *maxchunks,
3302 struct mbuf **m, boolean_t jumbocl)
3303 {
3304 unsigned int needed;
3305
3306 if (pktlen == 0)
3307 panic("%s: pktlen (%ld) must be non-zero\n", __func__, pktlen);
3308
3309 /*
3310 * Try to allocate for the whole thing. Since we want full control
3311 * over the buffer size and be able to accept partial result, we can't
3312 * use mbuf_allocpacket(). The logic below is similar to sosend().
3313 */
3314 *m = NULL;
3315 if (pktlen > MBIGCLBYTES && jumbocl) {
3316 needed = MIN(SENDFILE_MAX_16K, HOWMANY_16K(pktlen));
3317 *m = m_getpackets_internal(&needed, 1, how, 0, M16KCLBYTES);
3318 }
3319 if (*m == NULL) {
3320 needed = MIN(SENDFILE_MAX_4K, HOWMANY_4K(pktlen));
3321 *m = m_getpackets_internal(&needed, 1, how, 0, MBIGCLBYTES);
3322 }
3323
3324 /*
3325 * Our previous attempt(s) at allocation had failed; the system
3326 * may be short on mbufs, and we want to block until they are
3327 * available. This time, ask just for 1 mbuf and don't return
3328 * until we get it.
3329 */
3330 if (*m == NULL) {
3331 needed = 1;
3332 *m = m_getpackets_internal(&needed, 1, M_WAIT, 1, MBIGCLBYTES);
3333 }
3334 if (*m == NULL)
3335 panic("%s: blocking allocation returned NULL\n", __func__);
3336
3337 *maxchunks = needed;
3338 }
3339
3340 /*
3341 * sendfile(2).
3342 * int sendfile(int fd, int s, off_t offset, off_t *nbytes,
3343 * struct sf_hdtr *hdtr, int flags)
3344 *
3345 * Send a file specified by 'fd' and starting at 'offset' to a socket
3346 * specified by 's'. Send only '*nbytes' of the file or until EOF if
3347 * *nbytes == 0. Optionally add a header and/or trailer to the socket
3348 * output. If specified, write the total number of bytes sent into *nbytes.
3349 */
3350 int
3351 sendfile(struct proc *p, struct sendfile_args *uap, __unused int *retval)
3352 {
3353 struct fileproc *fp;
3354 struct vnode *vp;
3355 struct socket *so;
3356 struct writev_nocancel_args nuap;
3357 user_ssize_t writev_retval;
3358 struct user_sf_hdtr user_hdtr;
3359 struct user32_sf_hdtr user32_hdtr;
3360 struct user64_sf_hdtr user64_hdtr;
3361 off_t off, xfsize;
3362 off_t nbytes = 0, sbytes = 0;
3363 int error = 0;
3364 size_t sizeof_hdtr;
3365 off_t file_size;
3366 struct vfs_context context = *vfs_context_current();
3367
3368 KERNEL_DEBUG_CONSTANT((DBG_FNC_SENDFILE | DBG_FUNC_START), uap->s,
3369 0, 0, 0, 0);
3370
3371 AUDIT_ARG(fd, uap->fd);
3372 AUDIT_ARG(value32, uap->s);
3373
3374 /*
3375 * Do argument checking. Must be a regular file in, stream
3376 * type and connected socket out, positive offset.
3377 */
3378 if ((error = fp_getfvp(p, uap->fd, &fp, &vp))) {
3379 goto done;
3380 }
3381 if ((fp->f_flag & FREAD) == 0) {
3382 error = EBADF;
3383 goto done1;
3384 }
3385 if (vnode_isreg(vp) == 0) {
3386 error = ENOTSUP;
3387 goto done1;
3388 }
3389 error = file_socket(uap->s, &so);
3390 if (error) {
3391 goto done1;
3392 }
3393 if (so == NULL) {
3394 error = EBADF;
3395 goto done2;
3396 }
3397 if (so->so_type != SOCK_STREAM) {
3398 error = EINVAL;
3399 goto done2;
3400 }
3401 if ((so->so_state & SS_ISCONNECTED) == 0) {
3402 error = ENOTCONN;
3403 goto done2;
3404 }
3405 if (uap->offset < 0) {
3406 error = EINVAL;
3407 goto done2;
3408 }
3409 if (uap->nbytes == USER_ADDR_NULL) {
3410 error = EINVAL;
3411 goto done2;
3412 }
3413 if (uap->flags != 0) {
3414 error = EINVAL;
3415 goto done2;
3416 }
3417
3418 context.vc_ucred = fp->f_fglob->fg_cred;
3419
3420 #if CONFIG_MACF_SOCKET_SUBSET
3421 /* JMM - fetch connected sockaddr? */
3422 error = mac_socket_check_send(context.vc_ucred, so, NULL);
3423 if (error)
3424 goto done2;
3425 #endif
3426
3427 /*
3428 * Get number of bytes to send
3429 * Should it applies to size of header and trailer?
3430 * JMM - error handling?
3431 */
3432 copyin(uap->nbytes, &nbytes, sizeof (off_t));
3433
3434 /*
3435 * If specified, get the pointer to the sf_hdtr struct for
3436 * any headers/trailers.
3437 */
3438 if (uap->hdtr != USER_ADDR_NULL) {
3439 caddr_t hdtrp;
3440
3441 bzero(&user_hdtr, sizeof (user_hdtr));
3442 if (IS_64BIT_PROCESS(p)) {
3443 hdtrp = (caddr_t)&user64_hdtr;
3444 sizeof_hdtr = sizeof (user64_hdtr);
3445 } else {
3446 hdtrp = (caddr_t)&user32_hdtr;
3447 sizeof_hdtr = sizeof (user32_hdtr);
3448 }
3449 error = copyin(uap->hdtr, hdtrp, sizeof_hdtr);
3450 if (error)
3451 goto done2;
3452 if (IS_64BIT_PROCESS(p)) {
3453 user_hdtr.headers = user64_hdtr.headers;
3454 user_hdtr.hdr_cnt = user64_hdtr.hdr_cnt;
3455 user_hdtr.trailers = user64_hdtr.trailers;
3456 user_hdtr.trl_cnt = user64_hdtr.trl_cnt;
3457 } else {
3458 user_hdtr.headers = user32_hdtr.headers;
3459 user_hdtr.hdr_cnt = user32_hdtr.hdr_cnt;
3460 user_hdtr.trailers = user32_hdtr.trailers;
3461 user_hdtr.trl_cnt = user32_hdtr.trl_cnt;
3462 }
3463
3464 /*
3465 * Send any headers. Wimp out and use writev(2).
3466 */
3467 if (user_hdtr.headers != USER_ADDR_NULL) {
3468 bzero(&nuap, sizeof (struct writev_args));
3469 nuap.fd = uap->s;
3470 nuap.iovp = user_hdtr.headers;
3471 nuap.iovcnt = user_hdtr.hdr_cnt;
3472 error = writev_nocancel(p, &nuap, &writev_retval);
3473 if (error) {
3474 goto done2;
3475 }
3476 sbytes += writev_retval;
3477 }
3478 }
3479
3480 /*
3481 * Get the file size for 2 reasons:
3482 * 1. We don't want to allocate more mbufs than necessary
3483 * 2. We don't want to read past the end of file
3484 */
3485 if ((error = vnode_size(vp, &file_size, vfs_context_current())) != 0) {
3486 goto done2;
3487 }
3488
3489 /*
3490 * Simply read file data into a chain of mbufs that used with scatter
3491 * gather reads. We're not (yet?) setup to use zero copy external
3492 * mbufs that point to the file pages.
3493 */
3494 socket_lock(so, 1);
3495 error = sblock(&so->so_snd, SBL_WAIT);
3496 if (error) {
3497 socket_unlock(so, 1);
3498 goto done2;
3499 }
3500 for (off = uap->offset; ; off += xfsize, sbytes += xfsize) {
3501 mbuf_t m0 = NULL, m;
3502 unsigned int nbufs = SFUIOBUFS, i;
3503 uio_t auio;
3504 char uio_buf[UIO_SIZEOF(SFUIOBUFS)]; /* 1 KB !!! */
3505 size_t uiolen;
3506 user_ssize_t rlen;
3507 off_t pgoff;
3508 size_t pktlen;
3509 boolean_t jumbocl;
3510
3511 /*
3512 * Calculate the amount to transfer.
3513 * Align to round number of pages.
3514 * Not to exceed send socket buffer,
3515 * the EOF, or the passed in nbytes.
3516 */
3517 xfsize = sbspace(&so->so_snd);
3518
3519 if (xfsize <= 0) {
3520 if (so->so_state & SS_CANTSENDMORE) {
3521 error = EPIPE;
3522 goto done3;
3523 } else if ((so->so_state & SS_NBIO)) {
3524 error = EAGAIN;
3525 goto done3;
3526 } else {
3527 xfsize = PAGE_SIZE;
3528 }
3529 }
3530
3531 if (xfsize > SENDFILE_MAX_BYTES)
3532 xfsize = SENDFILE_MAX_BYTES;
3533 else if (xfsize > PAGE_SIZE)
3534 xfsize = trunc_page(xfsize);
3535 pgoff = off & PAGE_MASK_64;
3536 if (pgoff > 0 && PAGE_SIZE - pgoff < xfsize)
3537 xfsize = PAGE_SIZE_64 - pgoff;
3538 if (nbytes && xfsize > (nbytes - sbytes))
3539 xfsize = nbytes - sbytes;
3540 if (xfsize <= 0)
3541 break;
3542 if (off + xfsize > file_size)
3543 xfsize = file_size - off;
3544 if (xfsize <= 0)
3545 break;
3546
3547 /*
3548 * Attempt to use larger than system page-size clusters for
3549 * large writes only if there is a jumbo cluster pool and
3550 * if the socket is marked accordingly.
3551 */
3552 jumbocl = sosendjcl && njcl > 0 &&
3553 ((so->so_flags & SOF_MULTIPAGES) || sosendjcl_ignore_capab);
3554
3555 socket_unlock(so, 0);
3556 alloc_sendpkt(M_WAIT, xfsize, &nbufs, &m0, jumbocl);
3557 pktlen = mbuf_pkthdr_maxlen(m0);
3558 if (pktlen < (size_t)xfsize)
3559 xfsize = pktlen;
3560
3561 auio = uio_createwithbuffer(nbufs, off, UIO_SYSSPACE,
3562 UIO_READ, &uio_buf[0], sizeof (uio_buf));
3563 if (auio == NULL) {
3564 printf("sendfile failed. nbufs = %d. %s", nbufs,
3565 "File a radar related to rdar://10146739.\n");
3566 mbuf_freem(m0);
3567 error = ENXIO;
3568 socket_lock(so, 0);
3569 goto done3;
3570 }
3571
3572 for (i = 0, m = m0, uiolen = 0;
3573 i < nbufs && m != NULL && uiolen < (size_t)xfsize;
3574 i++, m = mbuf_next(m)) {
3575 size_t mlen = mbuf_maxlen(m);
3576
3577 if (mlen + uiolen > (size_t)xfsize)
3578 mlen = xfsize - uiolen;
3579 mbuf_setlen(m, mlen);
3580 uio_addiov(auio, CAST_USER_ADDR_T(mbuf_datastart(m)),
3581 mlen);
3582 uiolen += mlen;
3583 }
3584
3585 if (xfsize != uio_resid(auio))
3586 printf("sendfile: xfsize: %lld != uio_resid(auio): "
3587 "%lld\n", xfsize, (long long)uio_resid(auio));
3588
3589 KERNEL_DEBUG_CONSTANT((DBG_FNC_SENDFILE_READ | DBG_FUNC_START),
3590 uap->s, (unsigned int)((xfsize >> 32) & 0x0ffffffff),
3591 (unsigned int)(xfsize & 0x0ffffffff), 0, 0);
3592 error = fo_read(fp, auio, FOF_OFFSET, &context);
3593 socket_lock(so, 0);
3594 if (error != 0) {
3595 if (uio_resid(auio) != xfsize && (error == ERESTART ||
3596 error == EINTR || error == EWOULDBLOCK)) {
3597 error = 0;
3598 } else {
3599 mbuf_freem(m0);
3600 goto done3;
3601 }
3602 }
3603 xfsize -= uio_resid(auio);
3604 KERNEL_DEBUG_CONSTANT((DBG_FNC_SENDFILE_READ | DBG_FUNC_END),
3605 uap->s, (unsigned int)((xfsize >> 32) & 0x0ffffffff),
3606 (unsigned int)(xfsize & 0x0ffffffff), 0, 0);
3607
3608 if (xfsize == 0) {
3609 // printf("sendfile: fo_read 0 bytes, EOF\n");
3610 break;
3611 }
3612 if (xfsize + off > file_size)
3613 printf("sendfile: xfsize: %lld + off: %lld > file_size:"
3614 "%lld\n", xfsize, off, file_size);
3615 for (i = 0, m = m0, rlen = 0;
3616 i < nbufs && m != NULL && rlen < xfsize;
3617 i++, m = mbuf_next(m)) {
3618 size_t mlen = mbuf_maxlen(m);
3619
3620 if (rlen + mlen > (size_t)xfsize)
3621 mlen = xfsize - rlen;
3622 mbuf_setlen(m, mlen);
3623
3624 rlen += mlen;
3625 }
3626 mbuf_pkthdr_setlen(m0, xfsize);
3627
3628 retry_space:
3629 /*
3630 * Make sure that the socket is still able to take more data.
3631 * CANTSENDMORE being true usually means that the connection
3632 * was closed. so_error is true when an error was sensed after
3633 * a previous send.
3634 * The state is checked after the page mapping and buffer
3635 * allocation above since those operations may block and make
3636 * any socket checks stale. From this point forward, nothing
3637 * blocks before the pru_send (or more accurately, any blocking
3638 * results in a loop back to here to re-check).
3639 */
3640 if ((so->so_state & SS_CANTSENDMORE) || so->so_error) {
3641 if (so->so_state & SS_CANTSENDMORE) {
3642 error = EPIPE;
3643 } else {
3644 error = so->so_error;
3645 so->so_error = 0;
3646 }
3647 m_freem(m0);
3648 goto done3;
3649 }
3650 /*
3651 * Wait for socket space to become available. We do this just
3652 * after checking the connection state above in order to avoid
3653 * a race condition with sbwait().
3654 */
3655 if (sbspace(&so->so_snd) < (long)so->so_snd.sb_lowat) {
3656 if (so->so_state & SS_NBIO) {
3657 m_freem(m0);
3658 error = EAGAIN;
3659 goto done3;
3660 }
3661 KERNEL_DEBUG_CONSTANT((DBG_FNC_SENDFILE_WAIT |
3662 DBG_FUNC_START), uap->s, 0, 0, 0, 0);
3663 error = sbwait(&so->so_snd);
3664 KERNEL_DEBUG_CONSTANT((DBG_FNC_SENDFILE_WAIT|
3665 DBG_FUNC_END), uap->s, 0, 0, 0, 0);
3666 /*
3667 * An error from sbwait usually indicates that we've
3668 * been interrupted by a signal. If we've sent anything
3669 * then return bytes sent, otherwise return the error.
3670 */
3671 if (error) {
3672 m_freem(m0);
3673 goto done3;
3674 }
3675 goto retry_space;
3676 }
3677
3678 struct mbuf *control = NULL;
3679 {
3680 /*
3681 * Socket filter processing
3682 */
3683
3684 error = sflt_data_out(so, NULL, &m0, &control, 0);
3685 if (error) {
3686 if (error == EJUSTRETURN) {
3687 error = 0;
3688 continue;
3689 }
3690 goto done3;
3691 }
3692 /*
3693 * End Socket filter processing
3694 */
3695 }
3696 KERNEL_DEBUG_CONSTANT((DBG_FNC_SENDFILE_SEND | DBG_FUNC_START),
3697 uap->s, 0, 0, 0, 0);
3698 error = (*so->so_proto->pr_usrreqs->pru_send)(so, 0, m0,
3699 0, control, p);
3700 KERNEL_DEBUG_CONSTANT((DBG_FNC_SENDFILE_SEND | DBG_FUNC_START),
3701 uap->s, 0, 0, 0, 0);
3702 if (error) {
3703 goto done3;
3704 }
3705 }
3706 sbunlock(&so->so_snd, FALSE); /* will unlock socket */
3707 /*
3708 * Send trailers. Wimp out and use writev(2).
3709 */
3710 if (uap->hdtr != USER_ADDR_NULL &&
3711 user_hdtr.trailers != USER_ADDR_NULL) {
3712 bzero(&nuap, sizeof (struct writev_args));
3713 nuap.fd = uap->s;
3714 nuap.iovp = user_hdtr.trailers;
3715 nuap.iovcnt = user_hdtr.trl_cnt;
3716 error = writev_nocancel(p, &nuap, &writev_retval);
3717 if (error) {
3718 goto done2;
3719 }
3720 sbytes += writev_retval;
3721 }
3722 done2:
3723 file_drop(uap->s);
3724 done1:
3725 file_drop(uap->fd);
3726 done:
3727 if (uap->nbytes != USER_ADDR_NULL) {
3728 /* XXX this appears bogus for some early failure conditions */
3729 copyout(&sbytes, uap->nbytes, sizeof (off_t));
3730 }
3731 KERNEL_DEBUG_CONSTANT((DBG_FNC_SENDFILE | DBG_FUNC_END), uap->s,
3732 (unsigned int)((sbytes >> 32) & 0x0ffffffff),
3733 (unsigned int)(sbytes & 0x0ffffffff), error, 0);
3734 return (error);
3735 done3:
3736 sbunlock(&so->so_snd, FALSE); /* will unlock socket */
3737 goto done2;
3738 }
3739
3740
3741 #endif /* SENDFILE */
mirror of XNU