2 * Copyright (c) 2000-2020 Apple Inc. All rights reserved.
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
29 * Copyright (c) 1982, 1986, 1989, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. All advertising materials mentioning features or use of this software
41 * must display the following acknowledgement:
42 * This product includes software developed by the University of
43 * California, Berkeley and its contributors.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * From: @(#)uipc_usrreq.c 8.3 (Berkeley) 1/4/94
63 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
64 * support for mandatory and extensible security protections. This notice
65 * is included in support of clause 2.2 (b) of the Apple Public License,
69 #include <sys/param.h>
70 #include <sys/systm.h>
71 #include <sys/kernel.h>
72 #include <sys/domain.h>
73 #include <sys/fcntl.h>
74 #include <sys/malloc.h> /* XXX must be before <sys/file.h> */
75 #include <sys/file_internal.h>
76 #include <sys/guarded.h>
77 #include <sys/filedesc.h>
80 #include <sys/namei.h>
81 #include <sys/proc_internal.h>
82 #include <sys/kauth.h>
83 #include <sys/protosw.h>
84 #include <sys/socket.h>
85 #include <sys/socketvar.h>
87 #include <sys/sysctl.h>
89 #include <sys/unpcb.h>
90 #include <sys/vnode_internal.h>
91 #include <sys/kdebug.h>
92 #include <sys/mcache.h>
94 #include <kern/zalloc.h>
95 #include <kern/locks.h>
96 #include <kern/task.h>
99 #include <security/mac_framework.h>
100 #endif /* CONFIG_MACF */
102 #include <mach/vm_param.h>
105 * Maximum number of FDs that can be passed in an mbuf
107 #define UIPC_MAX_CMSG_FD 512
109 ZONE_DECLARE(unp_zone
, "unpzone", sizeof(struct unpcb
), ZC_NONE
);
110 static unp_gen_t unp_gencnt
;
111 static u_int unp_count
;
113 static LCK_ATTR_DECLARE(unp_mtx_attr
, 0, 0);
114 static LCK_GRP_DECLARE(unp_mtx_grp
, "unp_list");
115 static LCK_RW_DECLARE_ATTR(unp_list_mtx
, &unp_mtx_grp
, &unp_mtx_attr
);
117 static LCK_MTX_DECLARE_ATTR(unp_disconnect_lock
, &unp_mtx_grp
, &unp_mtx_attr
);
118 static LCK_MTX_DECLARE_ATTR(unp_connect_lock
, &unp_mtx_grp
, &unp_mtx_attr
);
119 static LCK_MTX_DECLARE_ATTR(uipc_lock
, &unp_mtx_grp
, &unp_mtx_attr
);
121 static u_int disconnect_in_progress
;
123 static struct unp_head unp_shead
, unp_dhead
;
124 static int unp_defer
, unp_gcing
, unp_gcwait
;
125 static thread_t unp_gcthread
= NULL
;
126 static LIST_HEAD(, fileglob
) unp_msghead
= LIST_HEAD_INITIALIZER(unp_msghead
);
130 * mDNSResponder tracing. When enabled, endpoints connected to
131 * /var/run/mDNSResponder will be traced; during each send on
132 * the traced socket, we log the PID and process name of the
133 * sending process. We also print out a bit of info related
134 * to the data itself; this assumes ipc_msg_hdr in dnssd_ipc.h
135 * of mDNSResponder stays the same.
137 #define MDNSRESPONDER_PATH "/var/run/mDNSResponder"
139 static int unpst_tracemdns
; /* enable tracing */
141 #define MDNS_IPC_MSG_HDR_VERSION_1 1
143 struct mdns_ipc_msg_hdr
{
151 } __attribute__((packed
));
153 } __attribute__((packed
));
156 * Unix communications domain.
160 * rethink name space problems
161 * need a proper out-of-band
164 static struct sockaddr sun_noname
= { .sa_len
= sizeof(sun_noname
), .sa_family
= AF_LOCAL
, .sa_data
= { 0 } };
165 static ino_t unp_ino
; /* prototype for fake inode numbers */
167 static int unp_attach(struct socket
*);
168 static void unp_detach(struct unpcb
*);
169 static int unp_bind(struct unpcb
*, struct sockaddr
*, proc_t
);
170 static int unp_connect(struct socket
*, struct sockaddr
*, proc_t
);
171 static void unp_disconnect(struct unpcb
*);
172 static void unp_shutdown(struct unpcb
*);
173 static void unp_drop(struct unpcb
*, int);
174 __private_extern__
void unp_gc(void);
175 static void unp_scan(struct mbuf
*, void (*)(struct fileglob
*, void *arg
), void *arg
);
176 static void unp_mark(struct fileglob
*, __unused
void *);
177 static void unp_discard(struct fileglob
*, void *);
178 static int unp_internalize(struct mbuf
*, proc_t
);
179 static int unp_listen(struct unpcb
*, proc_t
);
180 static void unpcb_to_compat(struct unpcb
*, struct unpcb_compat
*);
181 static void unp_get_locks_in_order(struct socket
*so
, struct socket
*conn_so
);
184 unp_get_locks_in_order(struct socket
*so
, struct socket
*conn_so
)
187 socket_lock(conn_so
, 1);
189 struct unpcb
*unp
= sotounpcb(so
);
190 unp
->unp_flags
|= UNP_DONTDISCONNECT
;
192 socket_unlock(so
, 0);
194 /* Get the locks in the correct order */
195 socket_lock(conn_so
, 1);
198 if (unp
->rw_thrcount
== 0) {
199 unp
->unp_flags
&= ~UNP_DONTDISCONNECT
;
206 uipc_abort(struct socket
*so
)
208 struct unpcb
*unp
= sotounpcb(so
);
213 unp_drop(unp
, ECONNABORTED
);
220 uipc_accept(struct socket
*so
, struct sockaddr
**nam
)
222 struct unpcb
*unp
= sotounpcb(so
);
229 * Pass back name of connected socket,
230 * if it was bound and we are still connected
231 * (our peer may have closed already!).
233 if (unp
->unp_conn
&& unp
->unp_conn
->unp_addr
) {
234 *nam
= dup_sockaddr((struct sockaddr
*)
235 unp
->unp_conn
->unp_addr
, 1);
237 *nam
= dup_sockaddr((struct sockaddr
*)&sun_noname
, 1);
248 uipc_attach(struct socket
*so
, __unused
int proto
, __unused proc_t p
)
250 struct unpcb
*unp
= sotounpcb(so
);
255 return unp_attach(so
);
259 uipc_bind(struct socket
*so
, struct sockaddr
*nam
, proc_t p
)
261 struct unpcb
*unp
= sotounpcb(so
);
267 return unp_bind(unp
, nam
, p
);
273 * unp_connect:??? [See elsewhere in this file]
276 uipc_connect(struct socket
*so
, struct sockaddr
*nam
, proc_t p
)
278 struct unpcb
*unp
= sotounpcb(so
);
283 return unp_connect(so
, nam
, p
);
289 * unp_connect2:EPROTOTYPE Protocol wrong type for socket
290 * unp_connect2:EINVAL Invalid argument
293 uipc_connect2(struct socket
*so1
, struct socket
*so2
)
295 struct unpcb
*unp
= sotounpcb(so1
);
301 return unp_connect2(so1
, so2
);
304 /* control is EOPNOTSUPP */
307 uipc_detach(struct socket
*so
)
309 struct unpcb
*unp
= sotounpcb(so
);
315 LCK_MTX_ASSERT(&unp
->unp_mtx
, LCK_MTX_ASSERT_OWNED
);
321 uipc_disconnect(struct socket
*so
)
323 struct unpcb
*unp
= sotounpcb(so
);
337 uipc_listen(struct socket
*so
, __unused proc_t p
)
339 struct unpcb
*unp
= sotounpcb(so
);
341 if (unp
== 0 || unp
->unp_vnode
== 0) {
344 return unp_listen(unp
, p
);
348 uipc_peeraddr(struct socket
*so
, struct sockaddr
**nam
)
350 struct unpcb
*unp
= sotounpcb(so
);
355 if (unp
->unp_conn
!= NULL
&& unp
->unp_conn
->unp_addr
!= NULL
) {
356 *nam
= dup_sockaddr((struct sockaddr
*)
357 unp
->unp_conn
->unp_addr
, 1);
359 *nam
= dup_sockaddr((struct sockaddr
*)&sun_noname
, 1);
365 uipc_rcvd(struct socket
*so
, __unused
int flags
)
367 struct unpcb
*unp
= sotounpcb(so
);
373 switch (so
->so_type
) {
375 panic("uipc_rcvd DGRAM?");
379 #define rcv (&so->so_rcv)
380 #define snd (&so2->so_snd)
381 if (unp
->unp_conn
== 0) {
385 so2
= unp
->unp_conn
->unp_socket
;
386 unp_get_locks_in_order(so
, so2
);
388 * Adjust backpressure on sender
389 * and wakeup any waiting to write.
391 snd
->sb_mbmax
+= unp
->unp_mbcnt
- rcv
->sb_mbcnt
;
392 unp
->unp_mbcnt
= rcv
->sb_mbcnt
;
393 snd
->sb_hiwat
+= unp
->unp_cc
- rcv
->sb_cc
;
394 unp
->unp_cc
= rcv
->sb_cc
;
395 if (sb_notify(&so2
->so_snd
)) {
396 sowakeup(so2
, &so2
->so_snd
, so
);
399 socket_unlock(so2
, 1);
406 panic("uipc_rcvd unknown socktype");
411 /* pru_rcvoob is EOPNOTSUPP */
420 * unp_internalize:EINVAL
421 * unp_internalize:EBADF
422 * unp_connect:EAFNOSUPPORT Address family not supported
423 * unp_connect:EINVAL Invalid argument
424 * unp_connect:ENOTSOCK Not a socket
425 * unp_connect:ECONNREFUSED Connection refused
426 * unp_connect:EISCONN Socket is connected
427 * unp_connect:EPROTOTYPE Protocol wrong type for socket
429 * sbappendaddr:ENOBUFS [5th argument, contents modified]
430 * sbappendaddr:??? [whatever a filter author chooses]
433 uipc_send(struct socket
*so
, int flags
, struct mbuf
*m
, struct sockaddr
*nam
,
434 struct mbuf
*control
, proc_t p
)
437 struct unpcb
*unp
= sotounpcb(so
);
444 if (flags
& PRUS_OOB
) {
450 /* release lock to avoid deadlock (4436174) */
451 socket_unlock(so
, 0);
452 error
= unp_internalize(control
, p
);
459 switch (so
->so_type
) {
462 struct sockaddr
*from
;
469 error
= unp_connect(so
, nam
, p
);
471 so
->so_state
&= ~SS_ISCONNECTING
;
475 if (unp
->unp_conn
== 0) {
481 so2
= unp
->unp_conn
->unp_socket
;
483 unp_get_locks_in_order(so
, so2
);
487 from
= (struct sockaddr
*)unp
->unp_addr
;
492 * sbappendaddr() will fail when the receiver runs out of
493 * space; in contrast to SOCK_STREAM, we will lose messages
494 * for the SOCK_DGRAM case when the receiver's queue overflows.
495 * SB_UNIX on the socket buffer implies that the callee will
496 * not free the control message, if any, because we would need
497 * to call unp_dispose() on it.
499 if (sbappendaddr(&so2
->so_rcv
, from
, m
, control
, &error
)) {
501 if (sb_notify(&so2
->so_rcv
)) {
502 sowakeup(so2
, &so2
->so_rcv
, so
);
504 } else if (control
!= NULL
&& error
== 0) {
505 /* A socket filter took control; don't touch it */
510 socket_unlock(so2
, 1);
522 #define rcv (&so2->so_rcv)
523 #define snd (&so->so_snd)
524 /* Connect if not connected yet. */
526 * Note: A better implementation would complain
527 * if not equal to the peer's address.
529 if ((so
->so_state
& SS_ISCONNECTED
) == 0) {
531 error
= unp_connect(so
, nam
, p
);
533 so
->so_state
&= ~SS_ISCONNECTING
;
542 if (so
->so_state
& SS_CANTSENDMORE
) {
546 if (unp
->unp_conn
== 0) {
547 panic("uipc_send connected but no connection?");
550 so2
= unp
->unp_conn
->unp_socket
;
551 unp_get_locks_in_order(so
, so2
);
553 /* Check socket state again as we might have unlocked the socket
554 * while trying to get the locks in order
557 if ((so
->so_state
& SS_CANTSENDMORE
)) {
559 socket_unlock(so2
, 1);
563 if (unp
->unp_flags
& UNP_TRACE_MDNS
) {
564 struct mdns_ipc_msg_hdr hdr
;
566 if (mbuf_copydata(m
, 0, sizeof(hdr
), &hdr
) == 0 &&
567 hdr
.version
== ntohl(MDNS_IPC_MSG_HDR_VERSION_1
)) {
568 printf("%s[mDNSResponder] pid=%d (%s): op=0x%x\n",
569 __func__
, p
->p_pid
, p
->p_comm
, ntohl(hdr
.op
));
574 * Send to paired receive port, and then reduce send buffer
575 * hiwater marks to maintain backpressure. Wake up readers.
576 * SB_UNIX flag will allow new record to be appended to the
577 * receiver's queue even when it is already full. It is
578 * possible, however, that append might fail. In that case,
579 * we will need to call unp_dispose() on the control message;
580 * the callee will not free it since SB_UNIX is set.
582 didreceive
= control
?
583 sbappendcontrol(rcv
, m
, control
, &error
) : sbappend(rcv
, m
);
585 snd
->sb_mbmax
-= rcv
->sb_mbcnt
- unp
->unp_conn
->unp_mbcnt
;
586 unp
->unp_conn
->unp_mbcnt
= rcv
->sb_mbcnt
;
587 if ((int32_t)snd
->sb_hiwat
>=
588 (int32_t)(rcv
->sb_cc
- unp
->unp_conn
->unp_cc
)) {
589 snd
->sb_hiwat
-= rcv
->sb_cc
- unp
->unp_conn
->unp_cc
;
593 unp
->unp_conn
->unp_cc
= rcv
->sb_cc
;
596 if (sb_notify(&so2
->so_rcv
)) {
597 sowakeup(so2
, &so2
->so_rcv
, so
);
599 } else if (control
!= NULL
&& error
== 0) {
600 /* A socket filter took control; don't touch it */
604 socket_unlock(so2
, 1);
612 panic("uipc_send unknown socktype");
616 * SEND_EOF is equivalent to a SEND followed by
619 if (flags
& PRUS_EOF
) {
624 if (control
&& error
!= 0) {
625 socket_unlock(so
, 0);
626 unp_dispose(control
);
641 uipc_sense(struct socket
*so
, void *ub
, int isstat64
)
643 struct unpcb
*unp
= sotounpcb(so
);
651 blksize
= so
->so_snd
.sb_hiwat
;
652 if (so
->so_type
== SOCK_STREAM
&& unp
->unp_conn
!= 0) {
653 so2
= unp
->unp_conn
->unp_socket
;
654 blksize
+= so2
->so_rcv
.sb_cc
;
656 if (unp
->unp_ino
== 0) {
657 unp
->unp_ino
= unp_ino
++;
663 sb64
= (struct stat64
*)ub
;
664 sb64
->st_blksize
= blksize
;
665 sb64
->st_dev
= NODEV
;
666 sb64
->st_ino
= (ino64_t
)unp
->unp_ino
;
670 sb
= (struct stat
*)ub
;
671 sb
->st_blksize
= blksize
;
673 sb
->st_ino
= (ino_t
)(uintptr_t)unp
->unp_ino
;
683 * Notes: This is not strictly correct, as unp_shutdown() also calls
684 * socantrcvmore(). These should maybe both be conditionalized
685 * on the 'how' argument in soshutdown() as called from the
686 * shutdown() system call.
689 uipc_shutdown(struct socket
*so
)
691 struct unpcb
*unp
= sotounpcb(so
);
703 * EINVAL Invalid argument
706 uipc_sockaddr(struct socket
*so
, struct sockaddr
**nam
)
708 struct unpcb
*unp
= sotounpcb(so
);
713 if (unp
->unp_addr
!= NULL
) {
714 *nam
= dup_sockaddr((struct sockaddr
*)unp
->unp_addr
, 1);
716 *nam
= dup_sockaddr((struct sockaddr
*)&sun_noname
, 1);
721 struct pr_usrreqs uipc_usrreqs
= {
722 .pru_abort
= uipc_abort
,
723 .pru_accept
= uipc_accept
,
724 .pru_attach
= uipc_attach
,
725 .pru_bind
= uipc_bind
,
726 .pru_connect
= uipc_connect
,
727 .pru_connect2
= uipc_connect2
,
728 .pru_detach
= uipc_detach
,
729 .pru_disconnect
= uipc_disconnect
,
730 .pru_listen
= uipc_listen
,
731 .pru_peeraddr
= uipc_peeraddr
,
732 .pru_rcvd
= uipc_rcvd
,
733 .pru_send
= uipc_send
,
734 .pru_sense
= uipc_sense
,
735 .pru_shutdown
= uipc_shutdown
,
736 .pru_sockaddr
= uipc_sockaddr
,
737 .pru_sosend
= sosend
,
738 .pru_soreceive
= soreceive
,
742 uipc_ctloutput(struct socket
*so
, struct sockopt
*sopt
)
744 struct unpcb
*unp
= sotounpcb(so
);
749 struct socket
*peerso
;
751 switch (sopt
->sopt_dir
) {
753 switch (sopt
->sopt_name
) {
755 if (unp
->unp_flags
& UNP_HAVEPC
) {
756 error
= sooptcopyout(sopt
, &unp
->unp_peercred
,
757 sizeof(unp
->unp_peercred
));
759 if (so
->so_type
== SOCK_STREAM
) {
768 if (unp
->unp_conn
== NULL
) {
772 peerso
= unp
->unp_conn
->unp_socket
;
773 if (peerso
== NULL
) {
774 panic("peer is connected but has no socket?");
776 unp_get_locks_in_order(so
, peerso
);
777 if (sopt
->sopt_name
== LOCAL_PEEREPID
&&
778 peerso
->so_flags
& SOF_DELEGATED
) {
779 peerpid
= peerso
->e_pid
;
781 peerpid
= peerso
->last_pid
;
783 socket_unlock(peerso
, 1);
784 error
= sooptcopyout(sopt
, &peerpid
, sizeof(peerpid
));
787 case LOCAL_PEEREUUID
:
788 if (unp
->unp_conn
== NULL
) {
792 peerso
= unp
->unp_conn
->unp_socket
;
793 if (peerso
== NULL
) {
794 panic("peer is connected but has no socket?");
796 unp_get_locks_in_order(so
, peerso
);
797 if (sopt
->sopt_name
== LOCAL_PEEREUUID
&&
798 peerso
->so_flags
& SOF_DELEGATED
) {
799 error
= sooptcopyout(sopt
, &peerso
->e_uuid
,
800 sizeof(peerso
->e_uuid
));
802 error
= sooptcopyout(sopt
, &peerso
->last_uuid
,
803 sizeof(peerso
->last_uuid
));
805 socket_unlock(peerso
, 1);
807 case LOCAL_PEERTOKEN
:
808 if (unp
->unp_conn
== NULL
) {
812 peerso
= unp
->unp_conn
->unp_socket
;
813 if (peerso
== NULL
) {
814 panic("peer is connected but has no socket?");
816 unp_get_locks_in_order(so
, peerso
);
817 peerpid
= peerso
->last_pid
;
818 p
= proc_find(peerpid
);
819 if (p
!= PROC_NULL
) {
821 if (t
!= TASK_NULL
) {
822 audit_token_t peertoken
;
823 mach_msg_type_number_t count
= TASK_AUDIT_TOKEN_COUNT
;
824 if (task_info(t
, TASK_AUDIT_TOKEN
, (task_info_t
)&peertoken
, &count
) == KERN_SUCCESS
) {
825 error
= sooptcopyout(sopt
, &peertoken
, sizeof(peertoken
));
836 socket_unlock(peerso
, 1);
853 * Both send and receive buffers are allocated PIPSIZ bytes of buffering
854 * for stream sockets, although the total for sender and receiver is
855 * actually only PIPSIZ.
856 * Datagram sockets really use the sendspace as the maximum datagram size,
857 * and don't really want to reserve the sendspace. Their recvspace should
858 * be large enough for at least one max-size datagram plus address.
863 static u_int32_t unpst_sendspace
= PIPSIZ
;
864 static u_int32_t unpst_recvspace
= PIPSIZ
;
865 static u_int32_t unpdg_sendspace
= 2 * 1024; /* really max datagram size */
866 static u_int32_t unpdg_recvspace
= 4 * 1024;
868 static int unp_rights
; /* file descriptors in flight */
869 static int unp_disposed
; /* discarded file descriptors */
871 SYSCTL_DECL(_net_local_stream
);
872 SYSCTL_INT(_net_local_stream
, OID_AUTO
, sendspace
, CTLFLAG_RW
| CTLFLAG_LOCKED
,
873 &unpst_sendspace
, 0, "");
874 SYSCTL_INT(_net_local_stream
, OID_AUTO
, recvspace
, CTLFLAG_RW
| CTLFLAG_LOCKED
,
875 &unpst_recvspace
, 0, "");
876 SYSCTL_INT(_net_local_stream
, OID_AUTO
, tracemdns
, CTLFLAG_RW
| CTLFLAG_LOCKED
,
877 &unpst_tracemdns
, 0, "");
878 SYSCTL_DECL(_net_local_dgram
);
879 SYSCTL_INT(_net_local_dgram
, OID_AUTO
, maxdgram
, CTLFLAG_RW
| CTLFLAG_LOCKED
,
880 &unpdg_sendspace
, 0, "");
881 SYSCTL_INT(_net_local_dgram
, OID_AUTO
, recvspace
, CTLFLAG_RW
| CTLFLAG_LOCKED
,
882 &unpdg_recvspace
, 0, "");
883 SYSCTL_DECL(_net_local
);
884 SYSCTL_INT(_net_local
, OID_AUTO
, inflight
, CTLFLAG_RD
| CTLFLAG_LOCKED
, &unp_rights
, 0, "");
892 unp_attach(struct socket
*so
)
897 if (so
->so_snd
.sb_hiwat
== 0 || so
->so_rcv
.sb_hiwat
== 0) {
898 switch (so
->so_type
) {
900 error
= soreserve(so
, unpst_sendspace
, unpst_recvspace
);
904 error
= soreserve(so
, unpdg_sendspace
, unpdg_recvspace
);
914 unp
= (struct unpcb
*)zalloc(unp_zone
);
918 bzero(unp
, sizeof(*unp
));
920 lck_mtx_init(&unp
->unp_mtx
, &unp_mtx_grp
, &unp_mtx_attr
);
922 lck_rw_lock_exclusive(&unp_list_mtx
);
923 LIST_INIT(&unp
->unp_refs
);
924 unp
->unp_socket
= so
;
925 unp
->unp_gencnt
= ++unp_gencnt
;
927 LIST_INSERT_HEAD(so
->so_type
== SOCK_DGRAM
?
928 &unp_dhead
: &unp_shead
, unp
, unp_link
);
929 lck_rw_done(&unp_list_mtx
);
930 so
->so_pcb
= (caddr_t
)unp
;
932 * Mark AF_UNIX socket buffers accordingly so that:
934 * a. In the SOCK_STREAM case, socket buffer append won't fail due to
935 * the lack of space; this essentially loosens the sbspace() check,
936 * since there is disconnect between sosend() and uipc_send() with
937 * respect to flow control that might result in our dropping the
938 * data in uipc_send(). By setting this, we allow for slightly
939 * more records to be appended to the receiving socket to avoid
940 * losing data (which we can't afford in the SOCK_STREAM case).
941 * Flow control still takes place since we adjust the sender's
942 * hiwat during each send. This doesn't affect the SOCK_DGRAM
943 * case and append would still fail when the queue overflows.
945 * b. In the presence of control messages containing internalized
946 * file descriptors, the append routines will not free them since
947 * we'd need to undo the work first via unp_dispose().
949 so
->so_rcv
.sb_flags
|= SB_UNIX
;
950 so
->so_snd
.sb_flags
|= SB_UNIX
;
955 unp_detach(struct unpcb
*unp
)
959 lck_rw_lock_exclusive(&unp_list_mtx
);
960 LIST_REMOVE(unp
, unp_link
);
963 lck_rw_done(&unp_list_mtx
);
964 if (unp
->unp_vnode
) {
965 struct vnode
*tvp
= NULL
;
966 socket_unlock(unp
->unp_socket
, 0);
968 /* Holding unp_connect_lock will avoid a race between
969 * a thread closing the listening socket and a thread
972 lck_mtx_lock(&unp_connect_lock
);
973 socket_lock(unp
->unp_socket
, 0);
974 if (unp
->unp_vnode
) {
975 tvp
= unp
->unp_vnode
;
976 unp
->unp_vnode
->v_socket
= NULL
;
977 unp
->unp_vnode
= NULL
;
979 lck_mtx_unlock(&unp_connect_lock
);
981 vnode_rele(tvp
); /* drop the usecount */
987 while (unp
->unp_refs
.lh_first
) {
988 struct unpcb
*unp2
= NULL
;
990 /* This datagram socket is connected to one or more
991 * sockets. In order to avoid a race condition between removing
992 * this reference and closing the connected socket, we need
993 * to check disconnect_in_progress
995 if (so_locked
== 1) {
996 socket_unlock(unp
->unp_socket
, 0);
999 lck_mtx_lock(&unp_disconnect_lock
);
1000 while (disconnect_in_progress
!= 0) {
1001 (void)msleep((caddr_t
)&disconnect_in_progress
, &unp_disconnect_lock
,
1002 PSOCK
, "disconnect", NULL
);
1004 disconnect_in_progress
= 1;
1005 lck_mtx_unlock(&unp_disconnect_lock
);
1007 /* Now we are sure that any unpcb socket disconnect is not happening */
1008 if (unp
->unp_refs
.lh_first
!= NULL
) {
1009 unp2
= unp
->unp_refs
.lh_first
;
1010 socket_lock(unp2
->unp_socket
, 1);
1013 lck_mtx_lock(&unp_disconnect_lock
);
1014 disconnect_in_progress
= 0;
1015 wakeup(&disconnect_in_progress
);
1016 lck_mtx_unlock(&unp_disconnect_lock
);
1019 /* We already locked this socket and have a reference on it */
1020 unp_drop(unp2
, ECONNRESET
);
1021 socket_unlock(unp2
->unp_socket
, 1);
1025 if (so_locked
== 0) {
1026 socket_lock(unp
->unp_socket
, 0);
1029 soisdisconnected(unp
->unp_socket
);
1030 /* makes sure we're getting dealloced */
1031 unp
->unp_socket
->so_flags
|= SOF_PCBCLEARING
;
1035 * Returns: 0 Success
1039 * namei:??? [anything namei can return]
1040 * vnode_authorize:??? [anything vnode_authorize can return]
1042 * Notes: p at this point is the current process, as this function is
1043 * only called by sobind().
1048 struct sockaddr
*nam
,
1051 struct sockaddr_un
*soun
= (struct sockaddr_un
*)nam
;
1052 struct vnode
*vp
, *dvp
;
1053 struct vnode_attr va
;
1054 vfs_context_t ctx
= vfs_context_current();
1056 struct nameidata nd
;
1057 struct socket
*so
= unp
->unp_socket
;
1058 char buf
[SOCK_MAXADDRLEN
];
1060 if (nam
->sa_family
!= 0 && nam
->sa_family
!= AF_UNIX
) {
1061 return EAFNOSUPPORT
;
1065 * Check if the socket is already bound to an address
1067 if (unp
->unp_vnode
!= NULL
) {
1071 * Check if the socket may have been shut down
1073 if ((so
->so_state
& (SS_CANTRCVMORE
| SS_CANTSENDMORE
)) ==
1074 (SS_CANTRCVMORE
| SS_CANTSENDMORE
)) {
1078 namelen
= soun
->sun_len
- offsetof(struct sockaddr_un
, sun_path
);
1083 * Note: sun_path is not a zero terminated "C" string
1085 if (namelen
>= SOCK_MAXADDRLEN
) {
1088 bcopy(soun
->sun_path
, buf
, namelen
);
1091 socket_unlock(so
, 0);
1093 NDINIT(&nd
, CREATE
, OP_MKFIFO
, FOLLOW
| LOCKPARENT
, UIO_SYSSPACE
,
1094 CAST_USER_ADDR_T(buf
), ctx
);
1095 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */
1106 * need to do this before the vnode_put of dvp
1107 * since we may have to release an fs_nodelock
1119 VATTR_SET(&va
, va_type
, VSOCK
);
1120 VATTR_SET(&va
, va_mode
, (ACCESSPERMS
& ~p
->p_fd
->fd_cmask
));
1123 error
= mac_vnode_check_create(ctx
,
1124 nd
.ni_dvp
, &nd
.ni_cnd
, &va
);
1127 #endif /* CONFIG_MACF */
1128 #if CONFIG_MACF_SOCKET_SUBSET
1129 error
= mac_vnode_check_uipc_bind(ctx
,
1130 nd
.ni_dvp
, &nd
.ni_cnd
, &va
);
1133 #endif /* MAC_SOCKET_SUBSET */
1134 /* authorize before creating */
1135 error
= vnode_authorize(dvp
, NULL
, KAUTH_VNODE_ADD_FILE
, ctx
);
1138 /* create the socket */
1139 error
= vn_create(dvp
, &vp
, &nd
, &va
, 0, 0, NULL
, ctx
);
1152 if (unp
->unp_vnode
!= NULL
) {
1153 vnode_put(vp
); /* drop the iocount */
1157 error
= vnode_ref(vp
); /* gain a longterm reference */
1159 vnode_put(vp
); /* drop the iocount */
1163 vp
->v_socket
= unp
->unp_socket
;
1164 unp
->unp_vnode
= vp
;
1165 unp
->unp_addr
= (struct sockaddr_un
*)dup_sockaddr(nam
, 1);
1166 vnode_put(vp
); /* drop the iocount */
1173 * Returns: 0 Success
1174 * EAFNOSUPPORT Address family not supported
1175 * EINVAL Invalid argument
1176 * ENOTSOCK Not a socket
1177 * ECONNREFUSED Connection refused
1178 * EPROTOTYPE Protocol wrong type for socket
1179 * EISCONN Socket is connected
1180 * unp_connect2:EPROTOTYPE Protocol wrong type for socket
1181 * unp_connect2:EINVAL Invalid argument
1182 * namei:??? [anything namei can return]
1183 * vnode_authorize:???? [anything vnode_authorize can return]
1185 * Notes: p at this point is the current process, as this function is
1186 * only called by sosend(), sendfile(), and soconnectlock().
1189 unp_connect(struct socket
*so
, struct sockaddr
*nam
, __unused proc_t p
)
1191 struct sockaddr_un
*soun
= (struct sockaddr_un
*)nam
;
1193 struct socket
*so2
, *so3
, *list_so
= NULL
;
1194 struct unpcb
*unp
, *unp2
, *unp3
;
1195 vfs_context_t ctx
= vfs_context_current();
1197 struct nameidata nd
;
1198 char buf
[SOCK_MAXADDRLEN
];
1200 if (nam
->sa_family
!= 0 && nam
->sa_family
!= AF_UNIX
) {
1201 return EAFNOSUPPORT
;
1204 unp
= sotounpcb(so
);
1207 len
= nam
->sa_len
- offsetof(struct sockaddr_un
, sun_path
);
1212 * Note: sun_path is not a zero terminated "C" string
1214 if (len
>= SOCK_MAXADDRLEN
) {
1220 bcopy(soun
->sun_path
, buf
, len
);
1223 socket_unlock(so
, 0);
1225 NDINIT(&nd
, LOOKUP
, OP_LOOKUP
, FOLLOW
| LOCKLEAF
, UIO_SYSSPACE
,
1226 CAST_USER_ADDR_T(buf
), ctx
);
1234 if (vp
->v_type
!= VSOCK
) {
1240 #if CONFIG_MACF_SOCKET_SUBSET
1241 error
= mac_vnode_check_uipc_connect(ctx
, vp
, so
);
1246 #endif /* MAC_SOCKET_SUBSET */
1248 error
= vnode_authorize(vp
, NULL
, KAUTH_VNODE_WRITE_DATA
, ctx
);
1254 lck_mtx_lock(&unp_connect_lock
);
1256 if (vp
->v_socket
== 0) {
1257 lck_mtx_unlock(&unp_connect_lock
);
1258 error
= ECONNREFUSED
;
1263 socket_lock(vp
->v_socket
, 1); /* Get a reference on the listening socket */
1265 lck_mtx_unlock(&unp_connect_lock
);
1268 if (so2
->so_pcb
== NULL
) {
1269 error
= ECONNREFUSED
;
1271 socket_unlock(so2
, 1);
1274 /* Release the reference held for the listen socket */
1275 VERIFY(so2
->so_usecount
> 0);
1282 socket_unlock(so2
, 0);
1284 socket_lock(so2
, 0);
1285 } else if (so
> so2
) {
1289 * Check if socket was connected while we were trying to
1290 * get the socket locks in order.
1291 * XXX - probably shouldn't return an error for SOCK_DGRAM
1293 if ((so
->so_state
& SS_ISCONNECTED
) != 0) {
1298 if (so
->so_type
!= so2
->so_type
) {
1303 if (so
->so_proto
->pr_flags
& PR_CONNREQUIRED
) {
1304 /* Release the incoming socket but keep a reference */
1305 socket_unlock(so
, 0);
1307 if ((so2
->so_options
& SO_ACCEPTCONN
) == 0 ||
1308 (so3
= sonewconn(so2
, 0, nam
)) == 0) {
1309 error
= ECONNREFUSED
;
1311 socket_unlock(so2
, 1);
1315 /* Release the reference held for
1318 VERIFY(so2
->so_usecount
> 0);
1323 unp2
= sotounpcb(so2
);
1324 unp3
= sotounpcb(so3
);
1325 if (unp2
->unp_addr
) {
1326 unp3
->unp_addr
= (struct sockaddr_un
*)
1327 dup_sockaddr((struct sockaddr
*)unp2
->unp_addr
, 1);
1331 * unp_peercred management:
1333 * The connecter's (client's) credentials are copied
1334 * from its process structure at the time of connect()
1337 cru2x(vfs_context_ucred(ctx
), &unp3
->unp_peercred
);
1338 unp3
->unp_flags
|= UNP_HAVEPC
;
1340 * The receiver's (server's) credentials are copied
1341 * from the unp_peercred member of socket on which the
1342 * former called listen(); unp_listen() cached that
1343 * process's credentials at that time so we can use
1346 KASSERT(unp2
->unp_flags
& UNP_HAVEPCCACHED
,
1347 ("unp_connect: listener without cached peercred"));
1349 /* Here we need to have both so and so2 locks and so2
1350 * is already locked. Lock ordering is required.
1353 socket_unlock(so2
, 0);
1355 socket_lock(so2
, 0);
1360 /* Check again if the socket state changed when its lock was released */
1361 if ((so
->so_state
& SS_ISCONNECTED
) != 0) {
1363 socket_unlock(so2
, 1);
1364 socket_lock(so3
, 0);
1365 sofreelastref(so3
, 1);
1368 memcpy(&unp
->unp_peercred
, &unp2
->unp_peercred
,
1369 sizeof(unp
->unp_peercred
));
1370 unp
->unp_flags
|= UNP_HAVEPC
;
1372 /* Hold the reference on listening socket until the end */
1373 socket_unlock(so2
, 0);
1376 /* Lock ordering doesn't matter because so3 was just created */
1377 socket_lock(so3
, 1);
1381 * Enable tracing for mDNSResponder endpoints. (The use
1382 * of sizeof instead of strlen below takes the null
1383 * terminating character into account.)
1385 if (unpst_tracemdns
&&
1386 !strncmp(soun
->sun_path
, MDNSRESPONDER_PATH
,
1387 sizeof(MDNSRESPONDER_PATH
))) {
1388 unp
->unp_flags
|= UNP_TRACE_MDNS
;
1389 unp2
->unp_flags
|= UNP_TRACE_MDNS
;
1393 error
= unp_connect2(so
, so2
);
1398 socket_unlock(so2
, 1);
1400 /* Release the extra reference held for the listen socket.
1401 * This is possible only for SOCK_DGRAM sockets. We refuse
1402 * connecting to the same socket for SOCK_STREAM sockets.
1404 VERIFY(so2
->so_usecount
> 0);
1409 if (list_so
!= NULL
) {
1410 socket_lock(list_so
, 0);
1411 socket_unlock(list_so
, 1);
1415 LCK_MTX_ASSERT(&unp
->unp_mtx
, LCK_MTX_ASSERT_OWNED
);
1421 * Returns: 0 Success
1422 * EPROTOTYPE Protocol wrong type for socket
1423 * EINVAL Invalid argument
1426 unp_connect2(struct socket
*so
, struct socket
*so2
)
1428 struct unpcb
*unp
= sotounpcb(so
);
1431 if (so2
->so_type
!= so
->so_type
) {
1435 unp2
= sotounpcb(so2
);
1437 LCK_MTX_ASSERT(&unp
->unp_mtx
, LCK_MTX_ASSERT_OWNED
);
1438 LCK_MTX_ASSERT(&unp2
->unp_mtx
, LCK_MTX_ASSERT_OWNED
);
1440 /* Verify both sockets are still opened */
1441 if (unp
== 0 || unp2
== 0) {
1445 unp
->unp_conn
= unp2
;
1448 switch (so
->so_type
) {
1450 LIST_INSERT_HEAD(&unp2
->unp_refs
, unp
, unp_reflink
);
1453 /* Avoid lock order reversals due to drop/acquire in soisconnected. */
1454 /* Keep an extra reference on so2 that will be dropped
1455 * soon after getting the locks in order
1457 socket_unlock(so2
, 0);
1459 unp_get_locks_in_order(so
, so2
);
1460 VERIFY(so2
->so_usecount
> 0);
1469 /* This takes care of socketpair */
1470 if (!(unp
->unp_flags
& UNP_HAVEPC
) &&
1471 !(unp2
->unp_flags
& UNP_HAVEPC
)) {
1472 cru2x(kauth_cred_get(), &unp
->unp_peercred
);
1473 unp
->unp_flags
|= UNP_HAVEPC
;
1475 cru2x(kauth_cred_get(), &unp2
->unp_peercred
);
1476 unp2
->unp_flags
|= UNP_HAVEPC
;
1478 unp2
->unp_conn
= unp
;
1481 /* Avoid lock order reversals due to drop/acquire in soisconnected. */
1482 socket_unlock(so
, 0);
1485 /* Keep an extra reference on so2, that will be dropped soon after
1486 * getting the locks in order again.
1488 socket_unlock(so2
, 0);
1493 unp_get_locks_in_order(so
, so2
);
1494 /* Decrement the extra reference left before */
1495 VERIFY(so2
->so_usecount
> 0);
1500 panic("unknown socket type %d in unp_connect2", so
->so_type
);
1502 LCK_MTX_ASSERT(&unp
->unp_mtx
, LCK_MTX_ASSERT_OWNED
);
1503 LCK_MTX_ASSERT(&unp2
->unp_mtx
, LCK_MTX_ASSERT_OWNED
);
1508 unp_disconnect(struct unpcb
*unp
)
1510 struct unpcb
*unp2
= NULL
;
1511 struct socket
*so2
= NULL
, *so
;
1512 struct socket
*waitso
;
1513 int so_locked
= 1, strdisconn
= 0;
1515 so
= unp
->unp_socket
;
1516 if (unp
->unp_conn
== NULL
) {
1519 lck_mtx_lock(&unp_disconnect_lock
);
1520 while (disconnect_in_progress
!= 0) {
1521 if (so_locked
== 1) {
1522 socket_unlock(so
, 0);
1525 (void)msleep((caddr_t
)&disconnect_in_progress
, &unp_disconnect_lock
,
1526 PSOCK
, "disconnect", NULL
);
1528 disconnect_in_progress
= 1;
1529 lck_mtx_unlock(&unp_disconnect_lock
);
1531 if (so_locked
== 0) {
1536 unp2
= unp
->unp_conn
;
1538 if (unp2
== 0 || unp2
->unp_socket
== NULL
) {
1541 so2
= unp2
->unp_socket
;
1545 if (so_locked
== 0) {
1549 } else if (so
< so2
) {
1550 if (so_locked
== 0) {
1553 socket_lock(so2
, 1);
1556 if (so_locked
== 1) {
1557 socket_unlock(so
, 0);
1559 socket_lock(so2
, 1);
1565 LCK_MTX_ASSERT(&unp
->unp_mtx
, LCK_MTX_ASSERT_OWNED
);
1566 LCK_MTX_ASSERT(&unp2
->unp_mtx
, LCK_MTX_ASSERT_OWNED
);
1568 /* Check for the UNP_DONTDISCONNECT flag, if it
1569 * is set, release both sockets and go to sleep
1572 if ((((struct unpcb
*)waitso
->so_pcb
)->unp_flags
& UNP_DONTDISCONNECT
) != 0) {
1574 socket_unlock(so2
, 1);
1578 (void)msleep(waitso
->so_pcb
, &unp
->unp_mtx
,
1579 PSOCK
| PDROP
, "unpdisconnect", NULL
);
1583 if (unp
->unp_conn
== NULL
) {
1584 panic("unp_conn became NULL after sleep");
1587 unp
->unp_conn
= NULL
;
1588 VERIFY(so2
->so_usecount
> 0);
1591 if (unp
->unp_flags
& UNP_TRACE_MDNS
) {
1592 unp
->unp_flags
&= ~UNP_TRACE_MDNS
;
1595 switch (unp
->unp_socket
->so_type
) {
1597 LIST_REMOVE(unp
, unp_reflink
);
1598 unp
->unp_socket
->so_state
&= ~SS_ISCONNECTED
;
1600 socket_unlock(so2
, 1);
1605 unp2
->unp_conn
= NULL
;
1606 VERIFY(so
->so_usecount
> 0);
1609 /* Set the socket state correctly but do a wakeup later when
1610 * we release all locks except the socket lock, this will avoid
1613 unp
->unp_socket
->so_state
&= ~(SS_ISCONNECTING
| SS_ISCONNECTED
| SS_ISDISCONNECTING
);
1614 unp
->unp_socket
->so_state
|= (SS_CANTRCVMORE
| SS_CANTSENDMORE
| SS_ISDISCONNECTED
);
1616 unp2
->unp_socket
->so_state
&= ~(SS_ISCONNECTING
| SS_ISCONNECTED
| SS_ISDISCONNECTING
);
1617 unp
->unp_socket
->so_state
|= (SS_CANTRCVMORE
| SS_CANTSENDMORE
| SS_ISDISCONNECTED
);
1619 if (unp2
->unp_flags
& UNP_TRACE_MDNS
) {
1620 unp2
->unp_flags
&= ~UNP_TRACE_MDNS
;
1626 panic("unknown socket type %d", so
->so_type
);
1629 lck_mtx_lock(&unp_disconnect_lock
);
1630 disconnect_in_progress
= 0;
1631 wakeup(&disconnect_in_progress
);
1632 lck_mtx_unlock(&unp_disconnect_lock
);
1635 socket_unlock(so
, 0);
1636 soisdisconnected(so2
);
1637 socket_unlock(so2
, 1);
1640 soisdisconnected(so
);
1642 LCK_MTX_ASSERT(&unp
->unp_mtx
, LCK_MTX_ASSERT_OWNED
);
1647 * unpcb_to_compat copies specific bits of a unpcb to a unpcb_compat format.
1648 * The unpcb_compat data structure is passed to user space and must not change.
1651 unpcb_to_compat(struct unpcb
*up
, struct unpcb_compat
*cp
)
1653 #if defined(__LP64__)
1654 cp
->unp_link
.le_next
= (u_int32_t
)
1655 VM_KERNEL_ADDRPERM(up
->unp_link
.le_next
);
1656 cp
->unp_link
.le_prev
= (u_int32_t
)
1657 VM_KERNEL_ADDRPERM(up
->unp_link
.le_prev
);
1659 cp
->unp_link
.le_next
= (struct unpcb_compat
*)
1660 VM_KERNEL_ADDRPERM(up
->unp_link
.le_next
);
1661 cp
->unp_link
.le_prev
= (struct unpcb_compat
**)
1662 VM_KERNEL_ADDRPERM(up
->unp_link
.le_prev
);
1664 cp
->unp_socket
= (_UNPCB_PTR(struct socket
*))
1665 VM_KERNEL_ADDRPERM(up
->unp_socket
);
1666 cp
->unp_vnode
= (_UNPCB_PTR(struct vnode
*))
1667 VM_KERNEL_ADDRPERM(up
->unp_vnode
);
1668 cp
->unp_ino
= up
->unp_ino
;
1669 cp
->unp_conn
= (_UNPCB_PTR(struct unpcb_compat
*))
1670 VM_KERNEL_ADDRPERM(up
->unp_conn
);
1671 cp
->unp_refs
= (u_int32_t
)VM_KERNEL_ADDRPERM(up
->unp_refs
.lh_first
);
1672 #if defined(__LP64__)
1673 cp
->unp_reflink
.le_next
=
1674 (u_int32_t
)VM_KERNEL_ADDRPERM(up
->unp_reflink
.le_next
);
1675 cp
->unp_reflink
.le_prev
=
1676 (u_int32_t
)VM_KERNEL_ADDRPERM(up
->unp_reflink
.le_prev
);
1678 cp
->unp_reflink
.le_next
=
1679 (struct unpcb_compat
*)VM_KERNEL_ADDRPERM(up
->unp_reflink
.le_next
);
1680 cp
->unp_reflink
.le_prev
=
1681 (struct unpcb_compat
**)VM_KERNEL_ADDRPERM(up
->unp_reflink
.le_prev
);
1683 cp
->unp_addr
= (_UNPCB_PTR(struct sockaddr_un
*))
1684 VM_KERNEL_ADDRPERM(up
->unp_addr
);
1685 cp
->unp_cc
= up
->unp_cc
;
1686 cp
->unp_mbcnt
= up
->unp_mbcnt
;
1687 cp
->unp_gencnt
= up
->unp_gencnt
;
1691 unp_pcblist SYSCTL_HANDLER_ARGS
1693 #pragma unused(oidp,arg2)
1695 struct unpcb
*unp
, **unp_list
;
1698 struct unp_head
*head
;
1700 lck_rw_lock_shared(&unp_list_mtx
);
1701 head
= ((intptr_t)arg1
== SOCK_DGRAM
? &unp_dhead
: &unp_shead
);
1704 * The process of preparing the PCB list is too time-consuming and
1705 * resource-intensive to repeat twice on every request.
1707 if (req
->oldptr
== USER_ADDR_NULL
) {
1709 req
->oldidx
= 2 * sizeof(xug
) + (n
+ n
/ 8) *
1710 sizeof(struct xunpcb
);
1711 lck_rw_done(&unp_list_mtx
);
1715 if (req
->newptr
!= USER_ADDR_NULL
) {
1716 lck_rw_done(&unp_list_mtx
);
1721 * OK, now we're committed to doing something.
1723 gencnt
= unp_gencnt
;
1726 bzero(&xug
, sizeof(xug
));
1727 xug
.xug_len
= sizeof(xug
);
1729 xug
.xug_gen
= gencnt
;
1730 xug
.xug_sogen
= so_gencnt
;
1731 error
= SYSCTL_OUT(req
, &xug
, sizeof(xug
));
1733 lck_rw_done(&unp_list_mtx
);
1738 * We are done if there is no pcb
1741 lck_rw_done(&unp_list_mtx
);
1745 size_t unp_list_len
= n
* sizeof(*unp_list
);
1746 unp_list
= kheap_alloc(KHEAP_TEMP
, unp_list_len
, Z_WAITOK
);
1747 if (unp_list
== 0) {
1748 lck_rw_done(&unp_list_mtx
);
1752 for (unp
= head
->lh_first
, i
= 0; unp
&& i
< n
;
1753 unp
= unp
->unp_link
.le_next
) {
1754 if (unp
->unp_gencnt
<= gencnt
) {
1755 unp_list
[i
++] = unp
;
1758 n
= i
; /* in case we lost some during malloc */
1761 for (i
= 0; i
< n
; i
++) {
1763 if (unp
->unp_gencnt
<= gencnt
) {
1766 bzero(&xu
, sizeof(xu
));
1767 xu
.xu_len
= sizeof(xu
);
1768 xu
.xu_unpp
= (_UNPCB_PTR(struct unpcb_compat
*))
1769 VM_KERNEL_ADDRPERM(unp
);
1771 * XXX - need more locking here to protect against
1772 * connect/disconnect races for SMP.
1774 if (unp
->unp_addr
) {
1775 bcopy(unp
->unp_addr
, &xu
.xu_au
,
1776 unp
->unp_addr
->sun_len
);
1778 if (unp
->unp_conn
&& unp
->unp_conn
->unp_addr
) {
1779 bcopy(unp
->unp_conn
->unp_addr
,
1781 unp
->unp_conn
->unp_addr
->sun_len
);
1783 unpcb_to_compat(unp
, &xu
.xu_unp
);
1784 sotoxsocket(unp
->unp_socket
, &xu
.xu_socket
);
1785 error
= SYSCTL_OUT(req
, &xu
, sizeof(xu
));
1790 * Give the user an updated idea of our state.
1791 * If the generation differs from what we told
1792 * her before, she knows that something happened
1793 * while we were processing this request, and it
1794 * might be necessary to retry.
1796 bzero(&xug
, sizeof(xug
));
1797 xug
.xug_len
= sizeof(xug
);
1798 xug
.xug_gen
= unp_gencnt
;
1799 xug
.xug_sogen
= so_gencnt
;
1800 xug
.xug_count
= unp_count
;
1801 error
= SYSCTL_OUT(req
, &xug
, sizeof(xug
));
1803 kheap_free(KHEAP_TEMP
, unp_list
, unp_list_len
);
1804 lck_rw_done(&unp_list_mtx
);
1808 SYSCTL_PROC(_net_local_dgram
, OID_AUTO
, pcblist
,
1809 CTLTYPE_STRUCT
| CTLFLAG_RD
| CTLFLAG_LOCKED
,
1810 (caddr_t
)(long)SOCK_DGRAM
, 0, unp_pcblist
, "S,xunpcb",
1811 "List of active local datagram sockets");
1812 SYSCTL_PROC(_net_local_stream
, OID_AUTO
, pcblist
,
1813 CTLTYPE_STRUCT
| CTLFLAG_RD
| CTLFLAG_LOCKED
,
1814 (caddr_t
)(long)SOCK_STREAM
, 0, unp_pcblist
, "S,xunpcb",
1815 "List of active local stream sockets");
1817 #if XNU_TARGET_OS_OSX
1820 unp_pcblist64 SYSCTL_HANDLER_ARGS
1822 #pragma unused(oidp,arg2)
1824 struct unpcb
*unp
, **unp_list
;
1827 struct unp_head
*head
;
1829 lck_rw_lock_shared(&unp_list_mtx
);
1830 head
= ((intptr_t)arg1
== SOCK_DGRAM
? &unp_dhead
: &unp_shead
);
1833 * The process of preparing the PCB list is too time-consuming and
1834 * resource-intensive to repeat twice on every request.
1836 if (req
->oldptr
== USER_ADDR_NULL
) {
1838 req
->oldidx
= 2 * sizeof(xug
) + (n
+ n
/ 8) *
1839 (sizeof(struct xunpcb64
));
1840 lck_rw_done(&unp_list_mtx
);
1844 if (req
->newptr
!= USER_ADDR_NULL
) {
1845 lck_rw_done(&unp_list_mtx
);
1850 * OK, now we're committed to doing something.
1852 gencnt
= unp_gencnt
;
1855 bzero(&xug
, sizeof(xug
));
1856 xug
.xug_len
= sizeof(xug
);
1858 xug
.xug_gen
= gencnt
;
1859 xug
.xug_sogen
= so_gencnt
;
1860 error
= SYSCTL_OUT(req
, &xug
, sizeof(xug
));
1862 lck_rw_done(&unp_list_mtx
);
1867 * We are done if there is no pcb
1870 lck_rw_done(&unp_list_mtx
);
1874 size_t unp_list_size
= n
* sizeof(*unp_list
);
1875 unp_list
= kheap_alloc(KHEAP_TEMP
, unp_list_size
, Z_WAITOK
);
1876 if (unp_list
== 0) {
1877 lck_rw_done(&unp_list_mtx
);
1881 for (unp
= head
->lh_first
, i
= 0; unp
&& i
< n
;
1882 unp
= unp
->unp_link
.le_next
) {
1883 if (unp
->unp_gencnt
<= gencnt
) {
1884 unp_list
[i
++] = unp
;
1887 n
= i
; /* in case we lost some during malloc */
1890 for (i
= 0; i
< n
; i
++) {
1892 if (unp
->unp_gencnt
<= gencnt
) {
1894 size_t xu_len
= sizeof(struct xunpcb64
);
1897 xu
.xu_len
= (u_int32_t
)xu_len
;
1898 xu
.xu_unpp
= (u_int64_t
)VM_KERNEL_ADDRPERM(unp
);
1899 xu
.xunp_link
.le_next
= (u_int64_t
)
1900 VM_KERNEL_ADDRPERM(unp
->unp_link
.le_next
);
1901 xu
.xunp_link
.le_prev
= (u_int64_t
)
1902 VM_KERNEL_ADDRPERM(unp
->unp_link
.le_prev
);
1903 xu
.xunp_socket
= (u_int64_t
)
1904 VM_KERNEL_ADDRPERM(unp
->unp_socket
);
1905 xu
.xunp_vnode
= (u_int64_t
)
1906 VM_KERNEL_ADDRPERM(unp
->unp_vnode
);
1907 xu
.xunp_ino
= unp
->unp_ino
;
1908 xu
.xunp_conn
= (u_int64_t
)
1909 VM_KERNEL_ADDRPERM(unp
->unp_conn
);
1910 xu
.xunp_refs
= (u_int64_t
)
1911 VM_KERNEL_ADDRPERM(unp
->unp_refs
.lh_first
);
1912 xu
.xunp_reflink
.le_next
= (u_int64_t
)
1913 VM_KERNEL_ADDRPERM(unp
->unp_reflink
.le_next
);
1914 xu
.xunp_reflink
.le_prev
= (u_int64_t
)
1915 VM_KERNEL_ADDRPERM(unp
->unp_reflink
.le_prev
);
1916 xu
.xunp_cc
= unp
->unp_cc
;
1917 xu
.xunp_mbcnt
= unp
->unp_mbcnt
;
1918 xu
.xunp_gencnt
= unp
->unp_gencnt
;
1920 if (unp
->unp_socket
) {
1921 sotoxsocket64(unp
->unp_socket
, &xu
.xu_socket
);
1925 * XXX - need more locking here to protect against
1926 * connect/disconnect races for SMP.
1928 if (unp
->unp_addr
) {
1929 bcopy(unp
->unp_addr
, &xu
.xu_au
,
1930 unp
->unp_addr
->sun_len
);
1932 if (unp
->unp_conn
&& unp
->unp_conn
->unp_addr
) {
1933 bcopy(unp
->unp_conn
->unp_addr
,
1935 unp
->unp_conn
->unp_addr
->sun_len
);
1938 error
= SYSCTL_OUT(req
, &xu
, xu_len
);
1943 * Give the user an updated idea of our state.
1944 * If the generation differs from what we told
1945 * her before, she knows that something happened
1946 * while we were processing this request, and it
1947 * might be necessary to retry.
1949 bzero(&xug
, sizeof(xug
));
1950 xug
.xug_len
= sizeof(xug
);
1951 xug
.xug_gen
= unp_gencnt
;
1952 xug
.xug_sogen
= so_gencnt
;
1953 xug
.xug_count
= unp_count
;
1954 error
= SYSCTL_OUT(req
, &xug
, sizeof(xug
));
1956 kheap_free(KHEAP_TEMP
, unp_list
, unp_list_size
);
1957 lck_rw_done(&unp_list_mtx
);
1961 SYSCTL_PROC(_net_local_dgram
, OID_AUTO
, pcblist64
,
1962 CTLTYPE_STRUCT
| CTLFLAG_RD
| CTLFLAG_LOCKED
,
1963 (caddr_t
)(long)SOCK_DGRAM
, 0, unp_pcblist64
, "S,xunpcb64",
1964 "List of active local datagram sockets 64 bit");
1965 SYSCTL_PROC(_net_local_stream
, OID_AUTO
, pcblist64
,
1966 CTLTYPE_STRUCT
| CTLFLAG_RD
| CTLFLAG_LOCKED
,
1967 (caddr_t
)(long)SOCK_STREAM
, 0, unp_pcblist64
, "S,xunpcb64",
1968 "List of active local stream sockets 64 bit");
1970 #endif /* XNU_TARGET_OS_OSX */
1973 unp_shutdown(struct unpcb
*unp
)
1975 struct socket
*so
= unp
->unp_socket
;
1977 if (unp
->unp_socket
->so_type
== SOCK_STREAM
&& unp
->unp_conn
) {
1978 so2
= unp
->unp_conn
->unp_socket
;
1979 unp_get_locks_in_order(so
, so2
);
1981 socket_unlock(so2
, 1);
1986 unp_drop(struct unpcb
*unp
, int errno
)
1988 struct socket
*so
= unp
->unp_socket
;
1990 so
->so_error
= (u_short
)errno
;
1991 unp_disconnect(unp
);
1994 /* always called under uipc_lock */
1998 if (unp_gcthread
== current_thread()) {
2002 while (unp_gcing
!= 0) {
2004 msleep(&unp_gcing
, &uipc_lock
, 0, "unp_gc_wait", NULL
);
2009 * fg_insertuipc_mark
2011 * Description: Mark fileglob for insertion onto message queue if needed
2012 * Also takes fileglob reference
2014 * Parameters: fg Fileglob pointer to insert
2016 * Returns: true, if the fileglob needs to be inserted onto msg queue
2018 * Locks: Takes and drops fg_lock, potentially many times
2021 fg_insertuipc_mark(struct fileglob
* fg
)
2023 boolean_t insert
= FALSE
;
2025 lck_mtx_lock_spin(&fg
->fg_lock
);
2026 while (fg
->fg_lflags
& FG_RMMSGQ
) {
2027 lck_mtx_convert_spin(&fg
->fg_lock
);
2029 fg
->fg_lflags
|= FG_WRMMSGQ
;
2030 msleep(&fg
->fg_lflags
, &fg
->fg_lock
, 0, "fg_insertuipc", NULL
);
2033 os_ref_retain_raw(&fg
->fg_count
, &f_refgrp
);
2035 if (fg
->fg_msgcount
== 1) {
2036 fg
->fg_lflags
|= FG_INSMSGQ
;
2039 lck_mtx_unlock(&fg
->fg_lock
);
2046 * Description: Insert marked fileglob onto message queue
2048 * Parameters: fg Fileglob pointer to insert
2052 * Locks: Takes and drops fg_lock & uipc_lock
2053 * DO NOT call this function with proc_fdlock held as unp_gc()
2054 * can potentially try to acquire proc_fdlock, which can result
2055 * in a deadlock if this function is in unp_gc_wait().
2058 fg_insertuipc(struct fileglob
* fg
)
2060 if (fg
->fg_lflags
& FG_INSMSGQ
) {
2061 lck_mtx_lock_spin(&uipc_lock
);
2063 LIST_INSERT_HEAD(&unp_msghead
, fg
, f_msglist
);
2064 lck_mtx_unlock(&uipc_lock
);
2065 lck_mtx_lock(&fg
->fg_lock
);
2066 fg
->fg_lflags
&= ~FG_INSMSGQ
;
2067 if (fg
->fg_lflags
& FG_WINSMSGQ
) {
2068 fg
->fg_lflags
&= ~FG_WINSMSGQ
;
2069 wakeup(&fg
->fg_lflags
);
2071 lck_mtx_unlock(&fg
->fg_lock
);
2076 * fg_removeuipc_mark
2078 * Description: Mark the fileglob for removal from message queue if needed
2079 * Also releases fileglob message queue reference
2081 * Parameters: fg Fileglob pointer to remove
2083 * Returns: true, if the fileglob needs to be removed from msg queue
2085 * Locks: Takes and drops fg_lock, potentially many times
2088 fg_removeuipc_mark(struct fileglob
* fg
)
2090 boolean_t remove
= FALSE
;
2092 lck_mtx_lock_spin(&fg
->fg_lock
);
2093 while (fg
->fg_lflags
& FG_INSMSGQ
) {
2094 lck_mtx_convert_spin(&fg
->fg_lock
);
2096 fg
->fg_lflags
|= FG_WINSMSGQ
;
2097 msleep(&fg
->fg_lflags
, &fg
->fg_lock
, 0, "fg_removeuipc", NULL
);
2100 if (fg
->fg_msgcount
== 0) {
2101 fg
->fg_lflags
|= FG_RMMSGQ
;
2104 lck_mtx_unlock(&fg
->fg_lock
);
2111 * Description: Remove marked fileglob from message queue
2113 * Parameters: fg Fileglob pointer to remove
2117 * Locks: Takes and drops fg_lock & uipc_lock
2118 * DO NOT call this function with proc_fdlock held as unp_gc()
2119 * can potentially try to acquire proc_fdlock, which can result
2120 * in a deadlock if this function is in unp_gc_wait().
2123 fg_removeuipc(struct fileglob
* fg
)
2125 if (fg
->fg_lflags
& FG_RMMSGQ
) {
2126 lck_mtx_lock_spin(&uipc_lock
);
2128 LIST_REMOVE(fg
, f_msglist
);
2129 lck_mtx_unlock(&uipc_lock
);
2130 lck_mtx_lock(&fg
->fg_lock
);
2131 fg
->fg_lflags
&= ~FG_RMMSGQ
;
2132 if (fg
->fg_lflags
& FG_WRMMSGQ
) {
2133 fg
->fg_lflags
&= ~FG_WRMMSGQ
;
2134 wakeup(&fg
->fg_lflags
);
2136 lck_mtx_unlock(&fg
->fg_lock
);
2141 * Returns: 0 Success
2142 * EMSGSIZE The new fd's will not fit
2143 * ENOBUFS Cannot alloc struct fileproc
2146 unp_externalize(struct mbuf
*rights
)
2148 proc_t p
= current_proc(); /* XXX */
2150 struct cmsghdr
*cm
= mtod(rights
, struct cmsghdr
*);
2151 struct fileglob
**rp
= (struct fileglob
**)(cm
+ 1);
2152 int *fds
= (int *)(cm
+ 1);
2153 struct fileproc
*fp
;
2154 struct fileproc
**fileproc_l
;
2155 int newfds
= (cm
->cmsg_len
- sizeof(*cm
)) / sizeof(int);
2158 fileproc_l
= kheap_alloc(KHEAP_TEMP
,
2159 newfds
* sizeof(struct fileproc
*), Z_WAITOK
);
2160 if (fileproc_l
== NULL
) {
2168 * if the new FD's will not fit, then we free them all
2170 if (!fdavail(p
, newfds
)) {
2176 * now change each pointer to an fd in the global table to
2177 * an integer that is the index to the local fd table entry
2178 * that we set up to point to the global one we are transferring.
2179 * XXX (1) this assumes a pointer and int are the same size,
2180 * XXX or the mbuf can hold the expansion
2181 * XXX (2) allocation failures should be non-fatal
2183 for (i
= 0; i
< newfds
; i
++) {
2184 if (fdalloc(p
, 0, &f
)) {
2185 panic("unp_externalize:fdalloc");
2187 fp
= fileproc_alloc_init(NULL
);
2189 panic("unp_externalize:fileproc_alloc_init");
2191 fp
->fp_glob
= rp
[i
];
2192 if (fg_removeuipc_mark(rp
[i
])) {
2194 * Take an iocount on the fp for completing the
2195 * removal from the global msg queue
2197 os_ref_retain_locked(&fp
->fp_iocount
);
2200 fileproc_l
[i
] = NULL
;
2202 procfdtbl_releasefd(p
, f
, fp
);
2207 for (i
= 0; i
< newfds
; i
++) {
2208 if (fileproc_l
[i
] != NULL
) {
2209 VERIFY(fileproc_l
[i
]->fp_glob
!= NULL
&&
2210 (fileproc_l
[i
]->fp_glob
->fg_lflags
& FG_RMMSGQ
));
2211 VERIFY(fds
[i
] >= 0);
2212 fg_removeuipc(fileproc_l
[i
]->fp_glob
);
2214 /* Drop the iocount */
2215 fp_drop(p
, fds
[i
], fileproc_l
[i
], 0);
2216 fileproc_l
[i
] = NULL
;
2219 (void) OSAddAtomic(-1, &unp_rights
);
2224 kheap_free(KHEAP_TEMP
, fileproc_l
,
2225 newfds
* sizeof(struct fileproc
*));
2227 for (i
= 0; i
< newfds
; i
++) {
2228 unp_discard(*rp
, p
);
2238 _CASSERT(UIPC_MAX_CMSG_FD
>= (MCLBYTES
/ sizeof(int)));
2239 LIST_INIT(&unp_dhead
);
2240 LIST_INIT(&unp_shead
);
2244 #define MIN(a, b) (((a) < (b)) ? (a) : (b))
2248 * Returns: 0 Success
2253 unp_internalize(struct mbuf
*control
, proc_t p
)
2255 struct cmsghdr
*cm
= mtod(control
, struct cmsghdr
*);
2257 struct fileglob
**rp
;
2258 struct fileproc
*fp
;
2261 uint8_t fg_ins
[UIPC_MAX_CMSG_FD
/ 8];
2263 /* 64bit: cmsg_len is 'uint32_t', m_len is 'long' */
2264 if (cm
->cmsg_type
!= SCM_RIGHTS
|| cm
->cmsg_level
!= SOL_SOCKET
||
2265 (socklen_t
)cm
->cmsg_len
!= (socklen_t
)control
->m_len
) {
2268 oldfds
= (cm
->cmsg_len
- sizeof(*cm
)) / sizeof(int);
2269 bzero(fg_ins
, sizeof(fg_ins
));
2272 fds
= (int *)(cm
+ 1);
2274 for (i
= 0; i
< oldfds
; i
++) {
2275 struct fileproc
*tmpfp
;
2276 if ((tmpfp
= fp_get_noref_locked(p
, fds
[i
])) == NULL
) {
2279 } else if (!fg_sendable(tmpfp
->fp_glob
)) {
2282 } else if (fp_isguarded(tmpfp
, GUARD_SOCKET_IPC
)) {
2283 error
= fp_guard_exception(p
,
2284 fds
[i
], tmpfp
, kGUARD_EXC_SOCKET_IPC
);
2289 rp
= (struct fileglob
**)(cm
+ 1);
2291 /* On K64 we need to walk backwards because a fileglob * is twice the size of an fd
2292 * and doing them in-order would result in stomping over unprocessed fd's
2294 for (i
= (oldfds
- 1); i
>= 0; i
--) {
2295 fp
= fp_get_noref_locked(p
, fds
[i
]);
2296 if (fg_insertuipc_mark(fp
->fp_glob
)) {
2297 fg_ins
[i
/ 8] |= 0x80 >> (i
% 8);
2299 rp
[i
] = fp
->fp_glob
;
2303 for (i
= 0; i
< oldfds
; i
++) {
2304 if (fg_ins
[i
/ 8] & (0x80 >> (i
% 8))) {
2305 VERIFY(rp
[i
]->fg_lflags
& FG_INSMSGQ
);
2306 fg_insertuipc(rp
[i
]);
2308 (void) OSAddAtomic(1, &unp_rights
);
2314 __private_extern__
void
2317 struct fileglob
*fg
, *nextfg
;
2319 static struct fileglob
**extra_ref
;
2320 struct fileglob
**fpp
;
2322 int need_gcwakeup
= 0;
2324 lck_mtx_lock(&uipc_lock
);
2326 lck_mtx_unlock(&uipc_lock
);
2331 unp_gcthread
= current_thread();
2332 lck_mtx_unlock(&uipc_lock
);
2334 * before going through all this, set all FDs to
2335 * be NOT defered and NOT externally accessible
2337 for (fg
= unp_msghead
.lh_first
; fg
!= 0; fg
= fg
->f_msglist
.le_next
) {
2338 os_atomic_andnot(&fg
->fg_flag
, FMARK
| FDEFER
, relaxed
);
2341 for (fg
= unp_msghead
.lh_first
; fg
!= 0;
2342 fg
= fg
->f_msglist
.le_next
) {
2343 lck_mtx_lock(&fg
->fg_lock
);
2345 * If the file is not open, skip it
2347 if (os_ref_get_count_raw(&fg
->fg_count
) == 0) {
2348 lck_mtx_unlock(&fg
->fg_lock
);
2352 * If we already marked it as 'defer' in a
2353 * previous pass, then try process it this time
2356 if (fg
->fg_flag
& FDEFER
) {
2357 os_atomic_andnot(&fg
->fg_flag
, FDEFER
, relaxed
);
2361 * if it's not defered, then check if it's
2362 * already marked.. if so skip it
2364 if (fg
->fg_flag
& FMARK
) {
2365 lck_mtx_unlock(&fg
->fg_lock
);
2369 * If all references are from messages
2370 * in transit, then skip it. it's not
2371 * externally accessible.
2373 if (os_ref_get_count_raw(&fg
->fg_count
) ==
2375 lck_mtx_unlock(&fg
->fg_lock
);
2379 * If it got this far then it must be
2380 * externally accessible.
2382 os_atomic_or(&fg
->fg_flag
, FMARK
, relaxed
);
2385 * either it was defered, or it is externally
2386 * accessible and not already marked so.
2387 * Now check if it is possibly one of OUR sockets.
2389 if (FILEGLOB_DTYPE(fg
) != DTYPE_SOCKET
||
2390 (so
= (struct socket
*)fg
->fg_data
) == 0) {
2391 lck_mtx_unlock(&fg
->fg_lock
);
2394 if (so
->so_proto
->pr_domain
!= localdomain
||
2395 (so
->so_proto
->pr_flags
& PR_RIGHTS
) == 0) {
2396 lck_mtx_unlock(&fg
->fg_lock
);
2400 if (so
->so_rcv
.sb_flags
& SB_LOCK
) {
2402 * This is problematical; it's not clear
2403 * we need to wait for the sockbuf to be
2404 * unlocked (on a uniprocessor, at least),
2405 * and it's also not clear what to do
2406 * if sbwait returns an error due to receipt
2407 * of a signal. If sbwait does return
2408 * an error, we'll go into an infinite
2409 * loop. Delete all of this for now.
2411 (void) sbwait(&so
->so_rcv
);
2416 * So, Ok, it's one of our sockets and it IS externally
2417 * accessible (or was defered). Now we look
2418 * to see if we hold any file descriptors in its
2419 * message buffers. Follow those links and mark them
2420 * as accessible too.
2422 * In case a file is passed onto itself we need to
2423 * release the file lock.
2425 lck_mtx_unlock(&fg
->fg_lock
);
2427 unp_scan(so
->so_rcv
.sb_mb
, unp_mark
, 0);
2429 } while (unp_defer
);
2431 * We grab an extra reference to each of the file table entries
2432 * that are not otherwise accessible and then free the rights
2433 * that are stored in messages on them.
2435 * The bug in the orginal code is a little tricky, so I'll describe
2436 * what's wrong with it here.
2438 * It is incorrect to simply unp_discard each entry for fg_msgcount
2439 * times -- consider the case of sockets A and B that contain
2440 * references to each other. On a last close of some other socket,
2441 * we trigger a gc since the number of outstanding rights (unp_rights)
2442 * is non-zero. If during the sweep phase the gc code un_discards,
2443 * we end up doing a (full) closef on the descriptor. A closef on A
2444 * results in the following chain. Closef calls soo_close, which
2445 * calls soclose. Soclose calls first (through the switch
2446 * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply
2447 * returns because the previous instance had set unp_gcing, and
2448 * we return all the way back to soclose, which marks the socket
2449 * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush
2450 * to free up the rights that are queued in messages on the socket A,
2451 * i.e., the reference on B. The sorflush calls via the dom_dispose
2452 * switch unp_dispose, which unp_scans with unp_discard. This second
2453 * instance of unp_discard just calls closef on B.
2455 * Well, a similar chain occurs on B, resulting in a sorflush on B,
2456 * which results in another closef on A. Unfortunately, A is already
2457 * being closed, and the descriptor has already been marked with
2458 * SS_NOFDREF, and soclose panics at this point.
2460 * Here, we first take an extra reference to each inaccessible
2461 * descriptor. Then, we call sorflush ourself, since we know
2462 * it is a Unix domain socket anyhow. After we destroy all the
2463 * rights carried in messages, we do a last closef to get rid
2464 * of our extra reference. This is the last close, and the
2465 * unp_detach etc will shut down the socket.
2467 * 91/09/19, bsy@cs.cmu.edu
2469 size_t extra_ref_size
= nfiles
* sizeof(struct fileglob
*);
2470 extra_ref
= kheap_alloc(KHEAP_TEMP
, extra_ref_size
, Z_WAITOK
);
2471 if (extra_ref
== NULL
) {
2474 for (nunref
= 0, fg
= unp_msghead
.lh_first
, fpp
= extra_ref
; fg
!= 0;
2476 lck_mtx_lock(&fg
->fg_lock
);
2478 nextfg
= fg
->f_msglist
.le_next
;
2480 * If it's not open, skip it
2482 if (os_ref_get_count_raw(&fg
->fg_count
) == 0) {
2483 lck_mtx_unlock(&fg
->fg_lock
);
2487 * If all refs are from msgs, and it's not marked accessible
2488 * then it must be referenced from some unreachable cycle
2489 * of (shut-down) FDs, so include it in our
2490 * list of FDs to remove
2492 if (fg
->fg_flag
& FMARK
) {
2493 lck_mtx_unlock(&fg
->fg_lock
);
2496 if (os_ref_get_count_raw(&fg
->fg_count
) == fg
->fg_msgcount
) {
2497 os_ref_retain_raw(&fg
->fg_count
, &f_refgrp
);
2501 lck_mtx_unlock(&fg
->fg_lock
);
2504 * for each FD on our hit list, do the following two things
2506 for (i
= nunref
, fpp
= extra_ref
; --i
>= 0; ++fpp
) {
2507 struct fileglob
*tfg
;
2511 if (FILEGLOB_DTYPE(tfg
) == DTYPE_SOCKET
&&
2512 tfg
->fg_data
!= NULL
) {
2513 so
= (struct socket
*)(tfg
->fg_data
);
2519 socket_unlock(so
, 0);
2522 for (i
= nunref
, fpp
= extra_ref
; --i
>= 0; ++fpp
) {
2523 fg_drop(PROC_NULL
, *fpp
);
2526 kheap_free(KHEAP_TEMP
, extra_ref
, extra_ref_size
);
2529 lck_mtx_lock(&uipc_lock
);
2531 unp_gcthread
= NULL
;
2533 if (unp_gcwait
!= 0) {
2537 lck_mtx_unlock(&uipc_lock
);
2539 if (need_gcwakeup
!= 0) {
2545 unp_dispose(struct mbuf
*m
)
2548 unp_scan(m
, unp_discard
, NULL
);
2553 * Returns: 0 Success
2556 unp_listen(struct unpcb
*unp
, proc_t p
)
2558 kauth_cred_t safecred
= kauth_cred_proc_ref(p
);
2559 cru2x(safecred
, &unp
->unp_peercred
);
2560 kauth_cred_unref(&safecred
);
2561 unp
->unp_flags
|= UNP_HAVEPCCACHED
;
2566 unp_scan(struct mbuf
*m0
, void (*op
)(struct fileglob
*, void *arg
), void *arg
)
2569 struct fileglob
**rp
;
2575 for (m
= m0
; m
; m
= m
->m_next
) {
2576 if (m
->m_type
== MT_CONTROL
&&
2577 (size_t)m
->m_len
>= sizeof(*cm
)) {
2578 cm
= mtod(m
, struct cmsghdr
*);
2579 if (cm
->cmsg_level
!= SOL_SOCKET
||
2580 cm
->cmsg_type
!= SCM_RIGHTS
) {
2583 qfds
= (cm
->cmsg_len
- sizeof(*cm
)) /
2585 rp
= (struct fileglob
**)(cm
+ 1);
2586 for (i
= 0; i
< qfds
; i
++) {
2589 break; /* XXX, but saves time */
2597 unp_mark(struct fileglob
*fg
, __unused
void *arg
)
2599 uint32_t oflags
, nflags
;
2601 os_atomic_rmw_loop(&fg
->fg_flag
, oflags
, nflags
, relaxed
, {
2602 if (oflags
& FMARK
) {
2603 os_atomic_rmw_loop_give_up(return );
2605 nflags
= oflags
| FMARK
| FDEFER
;
2612 unp_discard(struct fileglob
*fg
, void *p
)
2615 p
= current_proc(); /* XXX */
2617 (void) OSAddAtomic(1, &unp_disposed
);
2618 if (fg_removeuipc_mark(fg
)) {
2619 VERIFY(fg
->fg_lflags
& FG_RMMSGQ
);
2622 (void) OSAddAtomic(-1, &unp_rights
);
2624 (void) fg_drop(p
, fg
);
2628 unp_lock(struct socket
*so
, int refcount
, void * lr
)
2632 lr_saved
= (void *) __builtin_return_address(0);
2638 lck_mtx_lock(&((struct unpcb
*)so
->so_pcb
)->unp_mtx
);
2640 panic("unp_lock: so=%p NO PCB! lr=%p ref=0x%x\n",
2641 so
, lr_saved
, so
->so_usecount
);
2644 if (so
->so_usecount
< 0) {
2645 panic("unp_lock: so=%p so_pcb=%p lr=%p ref=0x%x\n",
2646 so
, so
->so_pcb
, lr_saved
, so
->so_usecount
);
2650 VERIFY(so
->so_usecount
> 0);
2653 so
->lock_lr
[so
->next_lock_lr
] = lr_saved
;
2654 so
->next_lock_lr
= (so
->next_lock_lr
+ 1) % SO_LCKDBG_MAX
;
2659 unp_unlock(struct socket
*so
, int refcount
, void * lr
)
2662 lck_mtx_t
* mutex_held
= NULL
;
2663 struct unpcb
*unp
= sotounpcb(so
);
2666 lr_saved
= (void *) __builtin_return_address(0);
2675 if (so
->so_usecount
< 0) {
2676 panic("unp_unlock: so=%p usecount=%x\n", so
, so
->so_usecount
);
2678 if (so
->so_pcb
== NULL
) {
2679 panic("unp_unlock: so=%p NO PCB usecount=%x\n", so
, so
->so_usecount
);
2681 mutex_held
= &((struct unpcb
*)so
->so_pcb
)->unp_mtx
;
2683 LCK_MTX_ASSERT(mutex_held
, LCK_MTX_ASSERT_OWNED
);
2684 so
->unlock_lr
[so
->next_unlock_lr
] = lr_saved
;
2685 so
->next_unlock_lr
= (so
->next_unlock_lr
+ 1) % SO_LCKDBG_MAX
;
2687 if (so
->so_usecount
== 0 && (so
->so_flags
& SOF_PCBCLEARING
)) {
2688 sofreelastref(so
, 1);
2690 if (unp
->unp_addr
) {
2691 FREE(unp
->unp_addr
, M_SONAME
);
2694 lck_mtx_unlock(mutex_held
);
2696 lck_mtx_destroy(&unp
->unp_mtx
, &unp_mtx_grp
);
2697 zfree(unp_zone
, unp
);
2701 lck_mtx_unlock(mutex_held
);
2708 unp_getlock(struct socket
*so
, __unused
int flags
)
2710 struct unpcb
*unp
= (struct unpcb
*)so
->so_pcb
;
2714 if (so
->so_usecount
< 0) {
2715 panic("unp_getlock: so=%p usecount=%x\n", so
, so
->so_usecount
);
2717 return &unp
->unp_mtx
;
2719 panic("unp_getlock: so=%p NULL so_pcb\n", so
);
2720 return so
->so_proto
->pr_domain
->dom_mtx
;