]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/kern/sys_generic.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-2422.1.72.tar.gz
[apple/xnu.git] / bsd / kern / sys_generic.c
diff --git a/bsd/kern/sys_generic.c b/bsd/kern/sys_generic.c
index 44ee91c829b16a405e03e375d4669dc07dc9ef15..f41cd0018ef8e9f457f6cb4915f46a6f671a459b 100644 (file)
--- a/bsd/kern/sys_generic.c
+++ b/bsd/kern/sys_generic.c
@@ -1,23 +1,29 @@
 /*
 /*
- * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2013 Apple Inc. All rights reserved.
  *
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
  * 
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License").  You may not use this file except in compliance with the
- * License.  Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
  * 
  * 
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
- * License for the specific language governing rights and limitations
- * under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
  * 
  * 
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
 /*
  */
 /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
 /*
@@ -59,6 +65,12 @@
  *
  *     @(#)sys_generic.c       8.9 (Berkeley) 2/14/95
  */
  *
  *     @(#)sys_generic.c       8.9 (Berkeley) 2/14/95
  */
+/*
+ * NOTICE: This file was modified by SPARTA, Inc. in 2006 to introduce
+ * support for mandatory and extensible security protections.  This notice
+ * is included in support of clause 2.2 (b) of the Apple Public License,
+ * Version 2.0.
+ */
 
 #include <sys/param.h>
 #include <sys/systm.h>
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -67,11 +79,7 @@
 #include <sys/file_internal.h>
 #include <sys/proc_internal.h>
 #include <sys/socketvar.h>
 #include <sys/file_internal.h>
 #include <sys/proc_internal.h>
 #include <sys/socketvar.h>
-#if KTRACE
 #include <sys/uio_internal.h>
 #include <sys/uio_internal.h>
-#else
-#include <sys/uio.h>
-#endif
 #include <sys/kernel.h>
 #include <sys/stat.h>
 #include <sys/malloc.h>
 #include <sys/kernel.h>
 #include <sys/stat.h>
 #include <sys/malloc.h>
@@ -85,6 +93,8 @@
 #include <sys/poll.h>
 #include <sys/event.h>
 #include <sys/eventvar.h>
 #include <sys/poll.h>
 #include <sys/event.h>
 #include <sys/eventvar.h>
+#include <sys/proc.h>
+#include <sys/kauth.h>
 
 #include <mach/mach_types.h>
 #include <kern/kern_types.h>
 
 #include <mach/mach_types.h>
 #include <kern/kern_types.h>
@@ -92,15 +102,21 @@
 #include <kern/kalloc.h>
 #include <kern/thread.h>
 #include <kern/clock.h>
 #include <kern/kalloc.h>
 #include <kern/thread.h>
 #include <kern/clock.h>
+#include <kern/ledger.h>
+#include <kern/task.h>
+#if CONFIG_TELEMETRY
+#include <kern/telemetry.h>
+#endif
 
 #include <sys/mbuf.h>
 
 #include <sys/mbuf.h>
+#include <sys/domain.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/errno.h>
 #include <sys/syscall.h>
 #include <sys/pipe.h>
 
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/errno.h>
 #include <sys/syscall.h>
 #include <sys/pipe.h>
 
-#include <bsm/audit_kernel.h>
+#include <security/audit/audit.h>
 
 #include <net/if.h>
 #include <net/route.h>
 
 #include <net/if.h>
 #include <net/route.h>
@@ -121,53 +137,94 @@
 /* for wait queue based select */
 #include <kern/wait_queue.h>
 #include <kern/kalloc.h>
 /* for wait queue based select */
 #include <kern/wait_queue.h>
 #include <kern/kalloc.h>
-#if KTRACE 
-#include <sys/ktrace.h>
-#endif
 #include <sys/vnode_internal.h>
 
 #include <sys/vnode_internal.h>
 
+#include <pexpert/pexpert.h>
+
+/* XXX should be in a header file somewhere */
+void evsofree(struct socket *);
+void evpipefree(struct pipe *);
+void postpipeevent(struct pipe *, int);
+void postevent(struct socket *, struct sockbuf *, int);
+extern kern_return_t IOBSDGetPlatformUUID(__darwin_uuid_t uuid, mach_timespec_t timeoutp);
+
 int rd_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval);
 int wr_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval);
 extern void    *get_bsduthreadarg(thread_t);
 extern int     *get_bsduthreadrval(thread_t);
 
 int rd_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval);
 int wr_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval);
 extern void    *get_bsduthreadarg(thread_t);
 extern int     *get_bsduthreadrval(thread_t);
 
-__private_extern__ int dofileread(struct proc *p, struct fileproc *fp, int fd, 
+__private_extern__ int dofileread(vfs_context_t ctx, struct fileproc *fp,
                                                                   user_addr_t bufp, user_size_t nbyte, 
                                                                   off_t offset, int flags, user_ssize_t *retval);
                                                                   user_addr_t bufp, user_size_t nbyte, 
                                                                   off_t offset, int flags, user_ssize_t *retval);
-__private_extern__ int dofilewrite(struct proc *p, struct fileproc *fp, int fd, 
+__private_extern__ int dofilewrite(vfs_context_t ctx, struct fileproc *fp,
                                                                        user_addr_t bufp, user_size_t nbyte, 
                                                                        off_t offset, int flags, user_ssize_t *retval);
 __private_extern__ int preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_vnode);
 __private_extern__ void        donefileread(struct proc *p, struct fileproc *fp_ret, int fd);
 
                                                                        user_addr_t bufp, user_size_t nbyte, 
                                                                        off_t offset, int flags, user_ssize_t *retval);
 __private_extern__ int preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_vnode);
 __private_extern__ void        donefileread(struct proc *p, struct fileproc *fp_ret, int fd);
 
-#if NETAT
-extern int appletalk_inited;
-#endif /* NETAT */
+
+/* Conflict wait queue for when selects collide (opaque type) */
+struct wait_queue select_conflict_queue;
+
+#if 13841988
+int temp_debug_13841988 = 0;
+#endif
+
+/*
+ * Init routine called from bsd_init.c
+ */
+void select_wait_queue_init(void);
+void
+select_wait_queue_init(void)
+{
+       wait_queue_init(&select_conflict_queue, SYNC_POLICY_FIFO);
+#if 13841988
+       if (PE_parse_boot_argn("temp_debug_13841988", &temp_debug_13841988, sizeof(temp_debug_13841988))) {
+               kprintf("Temporary debugging for 13841988 enabled\n");
+       }
+#endif
+}
 
 #define f_flag f_fglob->fg_flag
 
 #define f_flag f_fglob->fg_flag
-#define f_type f_fglob->fg_type
+#define f_type f_fglob->fg_ops->fo_type
 #define f_msgcount f_fglob->fg_msgcount
 #define f_cred f_fglob->fg_cred
 #define f_ops f_fglob->fg_ops
 #define f_offset f_fglob->fg_offset
 #define f_data f_fglob->fg_data
 #define f_msgcount f_fglob->fg_msgcount
 #define f_cred f_fglob->fg_cred
 #define f_ops f_fglob->fg_ops
 #define f_offset f_fglob->fg_offset
 #define f_data f_fglob->fg_data
+
 /*
  * Read system call.
 /*
  * Read system call.
+ *
+ * Returns:    0                       Success
+ *     preparefileread:EBADF
+ *     preparefileread:ESPIPE
+ *     preparefileread:ENXIO
+ *     preparefileread:EBADF
+ *     dofileread:???
  */
 int
  */
 int
-read(p, uap, retval)
-       struct proc *p;
-       register struct read_args *uap;
-       user_ssize_t *retval;
+read(struct proc *p, struct read_args *uap, user_ssize_t *retval)
+{
+       __pthread_testcancel(1);
+       return(read_nocancel(p, (struct read_nocancel_args *)uap, retval));
+}
+
+int
+read_nocancel(struct proc *p, struct read_nocancel_args *uap, user_ssize_t *retval)
 {
        struct fileproc *fp;
        int error;
        int fd = uap->fd;
 {
        struct fileproc *fp;
        int error;
        int fd = uap->fd;
+       struct vfs_context context;
 
        if ( (error = preparefileread(p, &fp, fd, 0)) )
                return (error);
 
 
        if ( (error = preparefileread(p, &fp, fd, 0)) )
                return (error);
 
-       error = dofileread(p, fp, uap->fd, uap->cbuf, uap->nbyte,
+       context = *(vfs_context_current());
+       context.vc_ucred = fp->f_fglob->fg_cred;
+
+       error = dofileread(&context, fp, uap->cbuf, uap->nbyte,
                           (off_t)-1, 0, retval);
 
        donefileread(p, fp, fd);
                           (off_t)-1, 0, retval);
 
        donefileread(p, fp, fd);
@@ -177,29 +234,44 @@ read(p, uap, retval)
 
 /* 
  * Pread system call
 
 /* 
  * Pread system call
+ *
+ * Returns:    0                       Success
+ *     preparefileread:EBADF
+ *     preparefileread:ESPIPE
+ *     preparefileread:ENXIO
+ *     preparefileread:EBADF
+ *     dofileread:???
  */
 int
  */
 int
-pread(p, uap, retval)
-       struct proc *p;
-       register struct pread_args *uap;
-       user_ssize_t *retval;
+pread(struct proc *p, struct pread_args *uap, user_ssize_t *retval)
 {
 {
-       struct fileproc *fp;
+       __pthread_testcancel(1);
+       return(pread_nocancel(p, (struct pread_nocancel_args *)uap, retval));
+}
+
+int
+pread_nocancel(struct proc *p, struct pread_nocancel_args *uap, user_ssize_t *retval)
+{
+       struct fileproc *fp = NULL;     /* fp set by preparefileread() */
        int fd = uap->fd;
        int error;
        int fd = uap->fd;
        int error;
+       struct vfs_context context;
 
        if ( (error = preparefileread(p, &fp, fd, 1)) )
 
        if ( (error = preparefileread(p, &fp, fd, 1)) )
-               return (error);
+               goto out;
+
+       context = *(vfs_context_current());
+       context.vc_ucred = fp->f_fglob->fg_cred;
 
 
-       error = dofileread(p, fp, uap->fd, uap->buf, uap->nbyte,
+       error = dofileread(&context, fp, uap->buf, uap->nbyte,
                        uap->offset, FOF_OFFSET, retval);
        
        donefileread(p, fp, fd);
 
                        uap->offset, FOF_OFFSET, retval);
        
        donefileread(p, fp, fd);
 
-       if (!error)
-           KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_pread) | DBG_FUNC_NONE),
+       KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_pread) | DBG_FUNC_NONE),
              uap->fd, uap->nbyte, (unsigned int)((uap->offset >> 32)), (unsigned int)(uap->offset), 0);
              uap->fd, uap->nbyte, (unsigned int)((uap->offset >> 32)), (unsigned int)(uap->offset), 0);
-       
+
+out:
        return (error);
 }
 
        return (error);
 }
 
@@ -210,14 +282,19 @@ pread(p, uap, retval)
 void
 donefileread(struct proc *p, struct fileproc *fp, int fd)
 {
 void
 donefileread(struct proc *p, struct fileproc *fp, int fd)
 {
-       proc_fdlock(p);
-
-       fp->f_flags &= ~FP_INCHRREAD;
-
+       proc_fdlock_spin(p);
        fp_drop(p, fd, fp, 1);
         proc_fdunlock(p);
 }
 
        fp_drop(p, fd, fp, 1);
         proc_fdunlock(p);
 }
 
+/*
+ * Returns:    0                       Success
+ *             EBADF
+ *             ESPIPE
+ *             ENXIO
+ *     fp_lookup:EBADF
+ *     fo_read:???
+ */
 int
 preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_pread)
 {
 int
 preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_pread)
 {
@@ -225,7 +302,9 @@ preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_
        int     error;
        struct fileproc *fp;
 
        int     error;
        struct fileproc *fp;
 
-       proc_fdlock(p);
+       AUDIT_ARG(fd, fd);
+
+       proc_fdlock_spin(p);
 
        error = fp_lookup(p, fd, &fp, 1);
 
 
        error = fp_lookup(p, fd, &fp, 1);
 
@@ -244,8 +323,14 @@ preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_
        if (fp->f_type == DTYPE_VNODE) {
                vp = (struct vnode *)fp->f_fglob->fg_data;
 
        if (fp->f_type == DTYPE_VNODE) {
                vp = (struct vnode *)fp->f_fglob->fg_data;
 
-               if (vp->v_type == VCHR)
-                       fp->f_flags |= FP_INCHRREAD;
+               if (check_for_pread && (vnode_isfifo(vp))) {
+                       error = ESPIPE;
+                       goto out;
+               } 
+               if (check_for_pread && (vp->v_flag & VISTTY)) {
+                       error = ENXIO;
+                       goto out;
+               }
        }
 
        *fp_ret = fp;
        }
 
        *fp_ret = fp;
@@ -260,31 +345,25 @@ out:
 }
 
 
 }
 
 
+/*
+ * Returns:    0                       Success
+ *             EINVAL
+ *     fo_read:???
+ */
 __private_extern__ int
 __private_extern__ int
-dofileread(p, fp, fd, bufp, nbyte, offset, flags, retval)
-       struct proc *p;
-       struct fileproc *fp;
-       int fd, flags;
-       user_addr_t bufp;
-       user_size_t nbyte;
-       off_t offset;
-       user_ssize_t *retval;
+dofileread(vfs_context_t ctx, struct fileproc *fp,
+          user_addr_t bufp, user_size_t nbyte, off_t offset, int flags,
+          user_ssize_t *retval)
 {
        uio_t auio;
        user_ssize_t bytecnt;
        long error = 0;
        char uio_buf[ UIO_SIZEOF(1) ];
 {
        uio_t auio;
        user_ssize_t bytecnt;
        long error = 0;
        char uio_buf[ UIO_SIZEOF(1) ];
-#if KTRACE
-       uio_t ktruio = NULL;
-       char ktr_uio_buf[ UIO_SIZEOF(1) ];
-       int didktr = 0;
-#endif
 
 
-       // LP64todo - do we want to raise this?
        if (nbyte > INT_MAX)
                return (EINVAL);
 
        if (nbyte > INT_MAX)
                return (EINVAL);
 
-       if (IS_64BIT_PROCESS(p)) {
+       if (IS_64BIT_PROCESS(vfs_context_proc(ctx))) {
                auio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_READ, 
                                                                          &uio_buf[0], sizeof(uio_buf));
        } else {
                auio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_READ, 
                                                                          &uio_buf[0], sizeof(uio_buf));
        } else {
@@ -293,37 +372,14 @@ dofileread(p, fp, fd, bufp, nbyte, offset, flags, retval)
        }
        uio_addiov(auio, bufp, nbyte);
 
        }
        uio_addiov(auio, bufp, nbyte);
 
-#if KTRACE
-       /*
-       * if tracing, save a copy of iovec
-       */
-       if (KTRPOINT(p, KTR_GENIO)) {
-               didktr = 1;
-
-               if (IS_64BIT_PROCESS(p)) {
-                       ktruio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_READ, 
-                                                                         &ktr_uio_buf[0], sizeof(ktr_uio_buf));
-               } else {
-                       ktruio = uio_createwithbuffer(1, offset, UIO_USERSPACE32, UIO_READ, 
-                                                                         &ktr_uio_buf[0], sizeof(ktr_uio_buf));
-               }
-               uio_addiov(ktruio, bufp, nbyte);
-       }
-#endif
        bytecnt = nbyte;
 
        bytecnt = nbyte;
 
-       if ((error = fo_read(fp, auio, fp->f_cred, flags, p))) {
+       if ((error = fo_read(fp, auio, flags, ctx))) {
                if (uio_resid(auio) != bytecnt && (error == ERESTART ||
                        error == EINTR || error == EWOULDBLOCK))
                        error = 0;
        }
        bytecnt -= uio_resid(auio);
                if (uio_resid(auio) != bytecnt && (error == ERESTART ||
                        error == EINTR || error == EWOULDBLOCK))
                        error = 0;
        }
        bytecnt -= uio_resid(auio);
-#if KTRACE
-       if (didktr && error == 0) {
-               uio_setresid(ktruio, bytecnt);
-               ktrgenio(p->p_tracep, fd, UIO_READ, ktruio, error);
-       }
-#endif  
 
        *retval = bytecnt;
 
 
        *retval = bytecnt;
 
@@ -332,16 +388,25 @@ dofileread(p, fp, fd, bufp, nbyte, offset, flags, retval)
 
 /*      
  * Scatter read system call.
 
 /*      
  * Scatter read system call.
+ *
+ * Returns:    0                       Success
+ *             EINVAL
+ *             ENOMEM
+ *     copyin:EFAULT
+ *     rd_uio:???
  */
 int
  */
 int
-readv(p, uap, retval)
-       struct proc *p;
-       register struct readv_args *uap;
-       user_ssize_t *retval;
+readv(struct proc *p, struct readv_args *uap, user_ssize_t *retval)
+{
+       __pthread_testcancel(1);
+       return(readv_nocancel(p, (struct readv_nocancel_args *)uap, retval));
+}
+
+int
+readv_nocancel(struct proc *p, struct readv_nocancel_args *uap, user_ssize_t *retval)
 {
        uio_t auio = NULL;
        int error;
 {
        uio_t auio = NULL;
        int error;
-       int size_of_iovec;
        struct user_iovec *iovp;
 
        /* Verify range bedfore calling uio_create() */
        struct user_iovec *iovp;
 
        /* Verify range bedfore calling uio_create() */
@@ -361,15 +426,19 @@ readv(p, uap, retval)
                error = ENOMEM;
                goto ExitThisRoutine;
        }
                error = ENOMEM;
                goto ExitThisRoutine;
        }
-       size_of_iovec = (IS_64BIT_PROCESS(p) ? sizeof(struct user_iovec) : sizeof(struct iovec));
-       error = copyin(uap->iovp, (caddr_t)iovp, (uap->iovcnt * size_of_iovec));
+       error = copyin_user_iovec_array(uap->iovp,
+               IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32,
+               uap->iovcnt, iovp);
        if (error) {
                goto ExitThisRoutine;
        }
        
        /* finalize uio_t for use and do the IO 
         */
        if (error) {
                goto ExitThisRoutine;
        }
        
        /* finalize uio_t for use and do the IO 
         */
-       uio_calculateresid(auio);
+       error = uio_calculateresid(auio);
+       if (error) {
+               goto ExitThisRoutine;
+       }
        error = rd_uio(p, uap->fd, auio, retval);
 
 ExitThisRoutine:
        error = rd_uio(p, uap->fd, auio, retval);
 
 ExitThisRoutine:
@@ -381,24 +450,39 @@ ExitThisRoutine:
 
 /*
  * Write system call
 
 /*
  * Write system call
+ *
+ * Returns:    0                       Success
+ *             EBADF
+ *     fp_lookup:EBADF
+ *     dofilewrite:???
  */
 int
  */
 int
-write(p, uap, retval)
-       struct proc *p;
-       register struct write_args *uap;
-       user_ssize_t *retval;   
+write(struct proc *p, struct write_args *uap, user_ssize_t *retval)
+{
+       __pthread_testcancel(1);
+       return(write_nocancel(p, (struct write_nocancel_args *)uap, retval));
+
+}
+
+int
+write_nocancel(struct proc *p, struct write_nocancel_args *uap, user_ssize_t *retval)
 {
        struct fileproc *fp;
        int error;      
        int fd = uap->fd;
 
 {
        struct fileproc *fp;
        int error;      
        int fd = uap->fd;
 
+       AUDIT_ARG(fd, fd);
+
        error = fp_lookup(p,fd,&fp,0);
        if (error)
                return(error);
        if ((fp->f_flag & FWRITE) == 0) {
                error = EBADF;
        } else {
        error = fp_lookup(p,fd,&fp,0);
        if (error)
                return(error);
        if ((fp->f_flag & FWRITE) == 0) {
                error = EBADF;
        } else {
-               error = dofilewrite(p, fp, uap->fd, uap->cbuf, uap->nbyte,
+               struct vfs_context context = *(vfs_context_current());
+               context.vc_ucred = fp->f_fglob->fg_cred;
+
+               error = dofilewrite(&context, fp, uap->cbuf, uap->nbyte,
                        (off_t)-1, 0, retval);
        }
        if (error == 0)
                        (off_t)-1, 0, retval);
        }
        if (error == 0)
@@ -410,16 +494,31 @@ write(p, uap, retval)
 
 /*                          
  * pwrite system call
 
 /*                          
  * pwrite system call
+ *
+ * Returns:    0                       Success
+ *             EBADF
+ *             ESPIPE
+ *             ENXIO
+ *             EINVAL
+ *     fp_lookup:EBADF
+ *     dofilewrite:???
  */
 int
  */
 int
-pwrite(p, uap, retval)
-       struct proc *p;
-       register struct pwrite_args *uap;
-       user_ssize_t *retval;   
+pwrite(struct proc *p, struct pwrite_args *uap, user_ssize_t *retval)
+{
+       __pthread_testcancel(1);
+       return(pwrite_nocancel(p, (struct pwrite_nocancel_args *)uap, retval));
+}
+
+int
+pwrite_nocancel(struct proc *p, struct pwrite_nocancel_args *uap, user_ssize_t *retval)
 {
         struct fileproc *fp;
         int error; 
        int fd = uap->fd;
 {
         struct fileproc *fp;
         int error; 
        int fd = uap->fd;
+       vnode_t vp  = (vnode_t)0;
+
+       AUDIT_ARG(fd, fd);
 
        error = fp_lookup(p,fd,&fp,0);
        if (error)
 
        error = fp_lookup(p,fd,&fp,0);
        if (error)
@@ -428,50 +527,62 @@ pwrite(p, uap, retval)
        if ((fp->f_flag & FWRITE) == 0) {
                error = EBADF;
        } else {
        if ((fp->f_flag & FWRITE) == 0) {
                error = EBADF;
        } else {
+               struct vfs_context context = *vfs_context_current();
+               context.vc_ucred = fp->f_fglob->fg_cred;
+
                if (fp->f_type != DTYPE_VNODE) {
                        error = ESPIPE;
                if (fp->f_type != DTYPE_VNODE) {
                        error = ESPIPE;
-               } else {
-                   error = dofilewrite(p, fp, uap->fd, uap->buf, uap->nbyte,
-                       uap->offset, FOF_OFFSET, retval);
+                       goto errout;
+               }
+               vp = (vnode_t)fp->f_fglob->fg_data;
+               if (vnode_isfifo(vp)) {
+                       error = ESPIPE;
+                       goto errout;
+               } 
+               if ((vp->v_flag & VISTTY)) {
+                       error = ENXIO;
+                       goto errout;
                }
                }
+               if (uap->offset == (off_t)-1) {
+                       error = EINVAL;
+                       goto errout;
+               }
+
+                   error = dofilewrite(&context, fp, uap->buf, uap->nbyte,
+                       uap->offset, FOF_OFFSET, retval);
         }
         }
+errout:
        if (error == 0)
                fp_drop_written(p, fd, fp);
        else
                fp_drop(p, fd, fp, 0);
 
        if (error == 0)
                fp_drop_written(p, fd, fp);
        else
                fp_drop(p, fd, fp, 0);
 
-       if (!error)
-           KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_pwrite) | DBG_FUNC_NONE),
+       KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_pwrite) | DBG_FUNC_NONE),
              uap->fd, uap->nbyte, (unsigned int)((uap->offset >> 32)), (unsigned int)(uap->offset), 0);
        
         return(error);
 }
 
              uap->fd, uap->nbyte, (unsigned int)((uap->offset >> 32)), (unsigned int)(uap->offset), 0);
        
         return(error);
 }
 
+/*
+ * Returns:    0                       Success
+ *             EINVAL
+ *     <fo_write>:EPIPE
+ *     <fo_write>:???                  [indirect through struct fileops]
+ */
 __private_extern__ int                  
 __private_extern__ int                  
-dofilewrite(p, fp, fd, bufp, nbyte, offset, flags, retval)
-       struct proc *p;
-       struct fileproc *fp; 
-       int fd, flags;
-       user_addr_t bufp;
-       user_size_t nbyte;   
-       off_t offset; 
-       user_ssize_t *retval;
+dofilewrite(vfs_context_t ctx, struct fileproc *fp,
+           user_addr_t bufp, user_size_t nbyte, off_t offset, int flags,
+           user_ssize_t *retval)
 {       
        uio_t auio;
        long error = 0;
        user_ssize_t bytecnt;
        char uio_buf[ UIO_SIZEOF(1) ];
 {       
        uio_t auio;
        long error = 0;
        user_ssize_t bytecnt;
        char uio_buf[ UIO_SIZEOF(1) ];
-#if KTRACE
-       uio_t ktruio;
-       int didktr = 0; 
-       char ktr_uio_buf[ UIO_SIZEOF(1) ];
-#endif
 
 
-       // LP64todo - do we want to raise this?
        if (nbyte > INT_MAX)   
                return (EINVAL);
 
        if (nbyte > INT_MAX)   
                return (EINVAL);
 
-       if (IS_64BIT_PROCESS(p)) {
+       if (IS_64BIT_PROCESS(vfs_context_proc(ctx))) {
                auio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_WRITE, 
                                                                          &uio_buf[0], sizeof(uio_buf));
        } else {
                auio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_WRITE, 
                                                                          &uio_buf[0], sizeof(uio_buf));
        } else {
@@ -480,39 +591,19 @@ dofilewrite(p, fp, fd, bufp, nbyte, offset, flags, retval)
        }
        uio_addiov(auio, bufp, nbyte);
 
        }
        uio_addiov(auio, bufp, nbyte);
 
-#if KTRACE
-       /*
-       * if tracing, save a copy of iovec and uio
-       */
-       if (KTRPOINT(p, KTR_GENIO)) {
-               didktr = 1;
-
-               if (IS_64BIT_PROCESS(p)) {
-                       ktruio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_WRITE, 
-                                                                                 &ktr_uio_buf[0], sizeof(ktr_uio_buf));
-               } else {
-                       ktruio = uio_createwithbuffer(1, offset, UIO_USERSPACE32, UIO_WRITE, 
-                                                                                 &ktr_uio_buf[0], sizeof(ktr_uio_buf));
-               }
-               uio_addiov(ktruio, bufp, nbyte);
-       }
-#endif  
        bytecnt = nbyte; 
        bytecnt = nbyte; 
-       if ((error = fo_write(fp, auio, fp->f_cred, flags, p))) {
+       if ((error = fo_write(fp, auio, flags, ctx))) {
                if (uio_resid(auio) != bytecnt && (error == ERESTART ||
                        error == EINTR || error == EWOULDBLOCK))
                        error = 0;
                /* The socket layer handles SIGPIPE */
                if (uio_resid(auio) != bytecnt && (error == ERESTART ||
                        error == EINTR || error == EWOULDBLOCK))
                        error = 0;
                /* The socket layer handles SIGPIPE */
-               if (error == EPIPE && fp->f_type != DTYPE_SOCKET)
-                       psignal(p, SIGPIPE);
+               if (error == EPIPE && fp->f_type != DTYPE_SOCKET &&
+                   (fp->f_fglob->fg_lflags & FG_NOSIGPIPE) == 0) {
+                       /* XXX Raise the signal on the thread? */
+                       psignal(vfs_context_proc(ctx), SIGPIPE);
+               }
        }
        bytecnt -= uio_resid(auio);
        }
        bytecnt -= uio_resid(auio);
-#if KTRACE 
-       if (didktr && error == 0) {
-               uio_setresid(ktruio, bytecnt);
-               ktrgenio(p->p_tracep, fd, UIO_WRITE, ktruio, error);
-       }
-#endif  
        *retval = bytecnt;
 
        return (error); 
        *retval = bytecnt;
 
        return (error); 
@@ -522,16 +613,21 @@ dofilewrite(p, fp, fd, bufp, nbyte, offset, flags, retval)
  * Gather write system call  
  */     
 int
  * Gather write system call  
  */     
 int
-writev(p, uap, retval)
-       struct proc *p;
-       register struct writev_args *uap;
-       user_ssize_t *retval;
+writev(struct proc *p, struct writev_args *uap, user_ssize_t *retval)
+{
+       __pthread_testcancel(1);
+       return(writev_nocancel(p, (struct writev_nocancel_args *)uap, retval));
+}
+
+int
+writev_nocancel(struct proc *p, struct writev_nocancel_args *uap, user_ssize_t *retval)
 {
        uio_t auio = NULL;
        int error;
 {
        uio_t auio = NULL;
        int error;
-       int size_of_iovec;
        struct user_iovec *iovp;
 
        struct user_iovec *iovp;
 
+       AUDIT_ARG(fd, uap->fd);
+
        /* Verify range bedfore calling uio_create() */
        if (uap->iovcnt <= 0 || uap->iovcnt > UIO_MAXIOV)
                return (EINVAL);
        /* Verify range bedfore calling uio_create() */
        if (uap->iovcnt <= 0 || uap->iovcnt > UIO_MAXIOV)
                return (EINVAL);
@@ -549,15 +645,19 @@ writev(p, uap, retval)
                error = ENOMEM;
                goto ExitThisRoutine;
        }
                error = ENOMEM;
                goto ExitThisRoutine;
        }
-       size_of_iovec = (IS_64BIT_PROCESS(p) ? sizeof(struct user_iovec) : sizeof(struct iovec));
-       error = copyin(uap->iovp, (caddr_t)iovp, (uap->iovcnt * size_of_iovec));
+       error = copyin_user_iovec_array(uap->iovp,
+               IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32,
+               uap->iovcnt, iovp);
        if (error) {
                goto ExitThisRoutine;
        }
        
        /* finalize uio_t for use and do the IO 
         */
        if (error) {
                goto ExitThisRoutine;
        }
        
        /* finalize uio_t for use and do the IO 
         */
-       uio_calculateresid(auio);
+       error = uio_calculateresid(auio);
+       if (error) {
+               goto ExitThisRoutine;
+       }
        error = wr_uio(p, uap->fd, auio, retval);
 
 ExitThisRoutine:
        error = wr_uio(p, uap->fd, auio, retval);
 
 ExitThisRoutine:
@@ -569,21 +669,12 @@ ExitThisRoutine:
 
 
 int
 
 
 int
-wr_uio(p, fdes, uio, retval)
-       struct proc *p;
-       int fdes;
-       register uio_t uio;
-       user_ssize_t *retval;
+wr_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval)
 {
        struct fileproc *fp;
        int error;
        user_ssize_t count;
 {
        struct fileproc *fp;
        int error;
        user_ssize_t count;
-#if KTRACE
-       struct iovec_64 *ktriov = NULL;
-       struct uio ktruio;
-       int didktr = 0;
-       u_int iovlen;
-#endif
+       struct vfs_context context = *vfs_context_current();
 
        error = fp_lookup(p,fdes,&fp,0);
        if (error)
 
        error = fp_lookup(p,fdes,&fp,0);
        if (error)
@@ -594,45 +685,22 @@ wr_uio(p, fdes, uio, retval)
                goto out;
        }
        count = uio_resid(uio);
                goto out;
        }
        count = uio_resid(uio);
-#if KTRACE
-       /*
-        * if tracing, save a copy of iovec
-        */
-       if (KTRPOINT(p, KTR_GENIO)) {
-               iovlen = uio->uio_iovcnt *
-                       (IS_64BIT_PROCESS(p) ? sizeof (struct iovec_64) : sizeof (struct iovec_32));
-               MALLOC(ktriov, struct iovec_64 *, iovlen, M_TEMP, M_WAITOK);
-               if (ktriov != NULL) {
-                       bcopy((caddr_t)uio->uio_iovs.iov64p, (caddr_t)ktriov, iovlen);
-                       ktruio = *uio;
-                       didktr = 1;
-               }
-       } 
-#endif  
-       error = fo_write(fp, uio, fp->f_cred, 0, p);
+
+       context.vc_ucred = fp->f_cred;
+       error = fo_write(fp, uio, 0, &context);
        if (error) {
                if (uio_resid(uio) != count && (error == ERESTART ||
                                                error == EINTR || error == EWOULDBLOCK))
                        error = 0;
                /* The socket layer handles SIGPIPE */
        if (error) {
                if (uio_resid(uio) != count && (error == ERESTART ||
                                                error == EINTR || error == EWOULDBLOCK))
                        error = 0;
                /* The socket layer handles SIGPIPE */
-               if (error == EPIPE && fp->f_type != DTYPE_SOCKET)
+               if (error == EPIPE && fp->f_type != DTYPE_SOCKET &&
+                   (fp->f_fglob->fg_lflags & FG_NOSIGPIPE) == 0)
                        psignal(p, SIGPIPE);
        }
        *retval = count - uio_resid(uio);
 
                        psignal(p, SIGPIPE);
        }
        *retval = count - uio_resid(uio);
 
-#if KTRACE
-       if (didktr) {
-               if (error == 0) {
-                       ktruio.uio_iovs.iov64p = ktriov; 
-                       uio_setresid(&ktruio, *retval);
-                       ktrgenio(p->p_tracep, fdes, UIO_WRITE, &ktruio, error);
-               }
-               FREE(ktriov, M_TEMP);
-       }
-#endif
-
 out:
 out:
-       if ( (error == 0) )
+       if (error == 0)
                fp_drop_written(p, fdes, fp);
        else
                fp_drop(p, fdes, fp, 0);
                fp_drop_written(p, fdes, fp);
        else
                fp_drop(p, fdes, fp, 0);
@@ -641,42 +709,21 @@ out:
 
 
 int
 
 
 int
-rd_uio(p, fdes, uio, retval)
-       struct proc *p;
-       int fdes;
-       register uio_t uio;
-       user_ssize_t *retval;
+rd_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval)
 {
        struct fileproc *fp;
        int error;
        user_ssize_t count;
 {
        struct fileproc *fp;
        int error;
        user_ssize_t count;
-#if KTRACE
-       struct iovec_64 *ktriov = NULL;
-       struct uio ktruio;
-       int didktr = 0;
-       u_int iovlen;
-#endif
+       struct vfs_context context = *vfs_context_current();
 
        if ( (error = preparefileread(p, &fp, fdes, 0)) )
                return (error);
 
        count = uio_resid(uio);
 
        if ( (error = preparefileread(p, &fp, fdes, 0)) )
                return (error);
 
        count = uio_resid(uio);
-#if KTRACE
-       /*
-        * if tracing, save a copy of iovec
-        */
-       if (KTRPOINT(p, KTR_GENIO)) {
-               iovlen = uio->uio_iovcnt *
-                       (IS_64BIT_PROCESS(p) ? sizeof (struct iovec_64) : sizeof (struct iovec_32));
-               MALLOC(ktriov, struct iovec_64 *, iovlen, M_TEMP, M_WAITOK);
-               if (ktriov != NULL) {
-                       bcopy((caddr_t)uio->uio_iovs.iov64p, (caddr_t)ktriov, iovlen);
-                       ktruio = *uio;
-                       didktr = 1;
-               }
-       } 
-#endif  
-       error = fo_read(fp, uio, fp->f_cred, 0, p);
+
+       context.vc_ucred = fp->f_cred;
+
+       error = fo_read(fp, uio, 0, &context);
 
        if (error) {
                if (uio_resid(uio) != count && (error == ERESTART ||
 
        if (error) {
                if (uio_resid(uio) != count && (error == ERESTART ||
@@ -685,16 +732,6 @@ rd_uio(p, fdes, uio, retval)
        }
        *retval = count - uio_resid(uio);
 
        }
        *retval = count - uio_resid(uio);
 
-#if KTRACE
-       if (didktr) {
-               if (error == 0) {
-                       ktruio.uio_iovs.iov64p = ktriov; 
-                       uio_setresid(&ktruio, *retval);
-                       ktrgenio(p->p_tracep, fdes, UIO_READ, &ktruio, error);
-               }
-               FREE(ktriov, M_TEMP);
-       }
-#endif
        donefileread(p, fp, fdes);
 
        return (error);
        donefileread(p, fp, fdes);
 
        return (error);
@@ -703,106 +740,60 @@ rd_uio(p, fdes, uio, retval)
 /*
  * Ioctl system call
  *
 /*
  * Ioctl system call
  *
+ * Returns:    0                       Success
+ *             EBADF
+ *             ENOTTY
+ *             ENOMEM
+ *             ESRCH
+ *     copyin:EFAULT
+ *     copyoutEFAULT
+ *     fp_lookup:EBADF                 Bad file descriptor
+ *     fo_ioctl:???
  */
 int
  */
 int
-ioctl(struct proc *p, register struct ioctl_args *uap, __unused register_t *retval)
+ioctl(struct proc *p, struct ioctl_args *uap, __unused int32_t *retval)
 {
 {
-       struct fileproc *fp;
-       register u_long com;
+       struct fileproc *fp = NULL;
        int error = 0;
        int error = 0;
-       register u_int size;
-       caddr_t datap, memp;
-       boolean_t is64bit;
-       int tmp;
+       u_int size = 0;
+       caddr_t datap = NULL, memp = NULL;
+       boolean_t is64bit = FALSE;
+       int tmp = 0;
 #define STK_PARAMS     128
        char stkbuf[STK_PARAMS];
        int fd = uap->fd;
 #define STK_PARAMS     128
        char stkbuf[STK_PARAMS];
        int fd = uap->fd;
+       u_long com = uap->com;
+       struct vfs_context context = *vfs_context_current();
 
        AUDIT_ARG(fd, uap->fd);
 
        AUDIT_ARG(fd, uap->fd);
-       AUDIT_ARG(cmd, CAST_DOWN(int, uap->com)); /* LP64todo: uap->com is a user-land long */
        AUDIT_ARG(addr, uap->data);
 
        is64bit = proc_is64bit(p);
        AUDIT_ARG(addr, uap->data);
 
        is64bit = proc_is64bit(p);
-
-       proc_fdlock(p);
-       error = fp_lookup(p,fd,&fp,1);
-       if (error)  {
-               proc_fdunlock(p);
-               return(error);
-       }
-
-       AUDIT_ARG(file, p, fp);
-
-       if ((fp->f_flag & (FREAD | FWRITE)) == 0) {
-                       error = EBADF;
-                       goto out;
-       }
-               
-#if NETAT
-       /*
-        * ### LD 6/11/97 Hack Alert: this is to get AppleTalk to work
-        * while implementing an ATioctl system call
-        */
-       {
-               if (appletalk_inited && ((uap->com & 0x0000FFFF) == 0xff99)) {
-                       u_long  fixed_command;
-#ifdef APPLETALK_DEBUG
-                       kprintf("ioctl: special AppleTalk \n");
-#endif
-                       datap = &stkbuf[0];
-                       *(user_addr_t *)datap = uap->data;
-                       fixed_command = _IOW(0, 0xff99, uap->data);
-                       error = fo_ioctl(fp, fixed_command, datap, p);
-                       goto out;
-               }
-       }
-
-#endif /* NETAT */
-
-
-       switch (com = uap->com) {
-       case FIONCLEX:
-               *fdflags(p, uap->fd) &= ~UF_EXCLOSE;
-               error =0;
-               goto out;
-       case FIOCLEX:
-               *fdflags(p, uap->fd) |= UF_EXCLOSE;
-               error =0;
-               goto out;
-       }
+#if CONFIG_AUDIT
+       if (is64bit)
+               AUDIT_ARG(value64, com);
+       else
+               AUDIT_ARG(cmd, CAST_DOWN_EXPLICIT(int, com));
+#endif /* CONFIG_AUDIT */
 
        /*
         * Interpret high order word to find amount of data to be
         * copied to/from the user's address space.
         */
        size = IOCPARM_LEN(com);
 
        /*
         * Interpret high order word to find amount of data to be
         * copied to/from the user's address space.
         */
        size = IOCPARM_LEN(com);
-       if (size > IOCPARM_MAX) {
-                       error = ENOTTY;
-                       goto out;
-       }
-       memp = NULL;
+       if (size > IOCPARM_MAX)
+                       return ENOTTY;
        if (size > sizeof (stkbuf)) {
        if (size > sizeof (stkbuf)) {
-               proc_fdunlock(p);
-               if ((memp = (caddr_t)kalloc(size)) == 0) {
-                       proc_fdlock(p);
-                       error = ENOMEM;
-                       goto out;
-               }
-               proc_fdlock(p);
+               if ((memp = (caddr_t)kalloc(size)) == 0)
+                       return ENOMEM;
                datap = memp;
        } else
                datap = &stkbuf[0];
                datap = memp;
        } else
                datap = &stkbuf[0];
-       if (com&IOC_IN) {
+       if (com & IOC_IN) {
                if (size) {
                if (size) {
-                       proc_fdunlock(p);
                        error = copyin(uap->data, datap, size);
                        error = copyin(uap->data, datap, size);
-                       if (error) {
-                               if (memp)
-                                       kfree(memp, size);
-                               proc_fdlock(p);
-                               goto out;
-                       }
-                       proc_fdlock(p);
+                       if (error)
+                               goto out_nofp;
                } else {
                        /* XXX - IOC_IN and no size?  we should proably return an error here!! */
                        if (is64bit) {
                } else {
                        /* XXX - IOC_IN and no size?  we should proably return an error here!! */
                        if (is64bit) {
@@ -812,13 +803,13 @@ ioctl(struct proc *p, register struct ioctl_args *uap, __unused register_t *retv
                                *(uint32_t *)datap = (uint32_t)uap->data;
                        }
                }
                                *(uint32_t *)datap = (uint32_t)uap->data;
                        }
                }
-       } else if ((com&IOC_OUT) && size)
+       } else if ((com & IOC_OUT) && size)
                /*
                 * Zero the buffer so the user always
                 * gets back something deterministic.
                 */
                bzero(datap, size);
                /*
                 * Zero the buffer so the user always
                 * gets back something deterministic.
                 */
                bzero(datap, size);
-       else if (com&IOC_VOID) {
+       else if (com & IOC_VOID) {
                /* XXX - this is odd since IOC_VOID means no parameters */
                if (is64bit) {
                        *(user_addr_t *)datap = uap->data;
                /* XXX - this is odd since IOC_VOID means no parameters */
                if (is64bit) {
                        *(user_addr_t *)datap = uap->data;
@@ -828,14 +819,43 @@ ioctl(struct proc *p, register struct ioctl_args *uap, __unused register_t *retv
                }
        }
 
                }
        }
 
+       proc_fdlock(p);
+       error = fp_lookup(p,fd,&fp,1);
+       if (error)  {
+               proc_fdunlock(p);
+               goto out_nofp;
+       }
+
+       AUDIT_ARG(file, p, fp);
+
+       if ((fp->f_flag & (FREAD | FWRITE)) == 0) {
+                       error = EBADF;
+                       goto out;
+       }
+
+       context.vc_ucred = fp->f_fglob->fg_cred;
+
+#if CONFIG_MACF
+       error = mac_file_check_ioctl(context.vc_ucred, fp->f_fglob, com);
+       if (error)
+               goto out;
+#endif
+
        switch (com) {
        switch (com) {
+       case FIONCLEX:
+               *fdflags(p, fd) &= ~UF_EXCLOSE;
+               break;
+
+       case FIOCLEX:
+               *fdflags(p, fd) |= UF_EXCLOSE;
+               break;
 
        case FIONBIO:
                if ( (tmp = *(int *)datap) )
                        fp->f_flag |= FNONBLOCK;
                else
                        fp->f_flag &= ~FNONBLOCK;
 
        case FIONBIO:
                if ( (tmp = *(int *)datap) )
                        fp->f_flag |= FNONBLOCK;
                else
                        fp->f_flag &= ~FNONBLOCK;
-               error = fo_ioctl(fp, FIONBIO, (caddr_t)&tmp, p);
+               error = fo_ioctl(fp, FIONBIO, (caddr_t)&tmp, &context);
                break;
 
        case FIOASYNC:
                break;
 
        case FIOASYNC:
@@ -843,60 +863,59 @@ ioctl(struct proc *p, register struct ioctl_args *uap, __unused register_t *retv
                        fp->f_flag |= FASYNC;
                else
                        fp->f_flag &= ~FASYNC;
                        fp->f_flag |= FASYNC;
                else
                        fp->f_flag &= ~FASYNC;
-               error = fo_ioctl(fp, FIOASYNC, (caddr_t)&tmp, p);
+               error = fo_ioctl(fp, FIOASYNC, (caddr_t)&tmp, &context);
                break;
 
        case FIOSETOWN:
                tmp = *(int *)datap;
                if (fp->f_type == DTYPE_SOCKET) {
                        ((struct socket *)fp->f_data)->so_pgid = tmp;
                break;
 
        case FIOSETOWN:
                tmp = *(int *)datap;
                if (fp->f_type == DTYPE_SOCKET) {
                        ((struct socket *)fp->f_data)->so_pgid = tmp;
-                       error = 0;
                        break;
                }
                if (fp->f_type == DTYPE_PIPE) {
                        break;
                }
                if (fp->f_type == DTYPE_PIPE) {
-                       error = fo_ioctl(fp, (int)TIOCSPGRP, (caddr_t)&tmp, p);
+                       error = fo_ioctl(fp, (int)TIOCSPGRP, (caddr_t)&tmp, &context);
                        break;
                }
                if (tmp <= 0) {
                        tmp = -tmp;
                } else {
                        break;
                }
                if (tmp <= 0) {
                        tmp = -tmp;
                } else {
-                       struct proc *p1 = pfind(tmp);
+                       struct proc *p1 = proc_find(tmp);
                        if (p1 == 0) {
                                error = ESRCH;
                                break;
                        }
                        if (p1 == 0) {
                                error = ESRCH;
                                break;
                        }
-                       tmp = p1->p_pgrp->pg_id;
+                       tmp = p1->p_pgrpid;
+                       proc_rele(p1);
                }
                }
-               error = fo_ioctl(fp, (int)TIOCSPGRP, (caddr_t)&tmp, p);
+               error = fo_ioctl(fp, (int)TIOCSPGRP, (caddr_t)&tmp, &context);
                break;
 
        case FIOGETOWN:
                if (fp->f_type == DTYPE_SOCKET) {
                break;
 
        case FIOGETOWN:
                if (fp->f_type == DTYPE_SOCKET) {
-                       error = 0;
                        *(int *)datap = ((struct socket *)fp->f_data)->so_pgid;
                        break;
                }
                        *(int *)datap = ((struct socket *)fp->f_data)->so_pgid;
                        break;
                }
-               error = fo_ioctl(fp, TIOCGPGRP, datap, p);
+               error = fo_ioctl(fp, TIOCGPGRP, datap, &context);
                *(int *)datap = -*(int *)datap;
                break;
 
        default:
                *(int *)datap = -*(int *)datap;
                break;
 
        default:
-               error = fo_ioctl(fp, com, datap, p);
+               error = fo_ioctl(fp, com, datap, &context);
                /*
                 * Copy any data to user, size was
                 * already set and checked above.
                 */
                /*
                 * Copy any data to user, size was
                 * already set and checked above.
                 */
-               if (error == 0 && (com&IOC_OUT) && size)
+               if (error == 0 && (com & IOC_OUT) && size)
                        error = copyout(datap, uap->data, (u_int)size);
                break;
        }
                        error = copyout(datap, uap->data, (u_int)size);
                break;
        }
-       proc_fdunlock(p);
-       if (memp)
-               kfree(memp, size);
-       proc_fdlock(p);
 out:
        fp_drop(p, fd, fp, 1);
        proc_fdunlock(p);
 out:
        fp_drop(p, fd, fp, 1);
        proc_fdunlock(p);
+
+out_nofp:
+       if (memp)
+               kfree(memp, size);
        return(error);
 }
 
        return(error);
 }
 
@@ -906,17 +925,28 @@ int       selwait, nselcoll;
 extern int selcontinue(int error);
 extern int selprocess(int error, int sel_pass);
 static int selscan(struct proc *p, struct _select * sel,
 extern int selcontinue(int error);
 extern int selprocess(int error, int sel_pass);
 static int selscan(struct proc *p, struct _select * sel,
-                       int nfd, register_t *retval, int sel_pass, wait_queue_sub_t wqsub);
-static int selcount(struct proc *p, u_int32_t *ibits, u_int32_t *obits,
-                       int nfd, int * count);
+                       int nfd, int32_t *retval, int sel_pass, wait_queue_sub_t wqsub);
+static int selcount(struct proc *p, u_int32_t *ibits, int nfd, int *count);
+static int seldrop_locked(struct proc *p, u_int32_t *ibits, int nfd, int lim, int *need_wakeup, int fromselcount);
 static int seldrop(struct proc *p, u_int32_t *ibits, int nfd);
 static int seldrop(struct proc *p, u_int32_t *ibits, int nfd);
-extern uint64_t        tvtoabstime(struct timeval      *tvp);
 
 /*
  * Select system call.
 
 /*
  * Select system call.
+ *
+ * Returns:    0                       Success
+ *             EINVAL                  Invalid argument
+ *             EAGAIN                  Nonconformant error if allocation fails
+ *     selprocess:???
  */
 int
  */
 int
-select(struct proc *p, struct select_args *uap, register_t *retval)
+select(struct proc *p, struct select_args *uap, int32_t *retval)
+{
+       __pthread_testcancel(1);
+       return(select_nocancel(p, (struct select_nocancel_args *)uap, retval));
+}
+
+int
+select_nocancel(struct proc *p, struct select_nocancel_args *uap, int32_t *retval)
 {
        int error = 0;
        u_int ni, nw, size;
 {
        int error = 0;
        u_int ni, nw, size;
@@ -929,6 +959,7 @@ select(struct proc *p, struct select_args *uap, register_t *retval)
        th_act = current_thread();
        uth = get_bsdthread_info(th_act);
        sel = &uth->uu_select;
        th_act = current_thread();
        uth = get_bsdthread_info(th_act);
        sel = &uth->uu_select;
+       sel->data = &uth->uu_kevent.ss_select_data;
        retval = (int *)get_bsduthreadrval(th_act);
        *retval = 0;
 
        retval = (int *)get_bsduthreadrval(th_act);
        *retval = 0;
 
@@ -936,6 +967,11 @@ select(struct proc *p, struct select_args *uap, register_t *retval)
                return (EINVAL);
        }
 
                return (EINVAL);
        }
 
+       /* select on thread of process that already called proc_exit() */
+       if (p->p_fd == NULL) {
+               return (EBADF);
+       }
+
        if (uap->nd > p->p_fd->fd_nfiles)
                uap->nd = p->p_fd->fd_nfiles; /* forgiving; slightly wrong */
 
        if (uap->nd > p->p_fd->fd_nfiles)
                uap->nd = p->p_fd->fd_nfiles; /* forgiving; slightly wrong */
 
@@ -943,32 +979,38 @@ select(struct proc *p, struct select_args *uap, register_t *retval)
        ni = nw * sizeof(fd_mask);
 
        /*
        ni = nw * sizeof(fd_mask);
 
        /*
-        * if this is the first select by the thread 
-        * allocate the space for bits.
-        */
-       if (sel->nbytes == 0) {
-               sel->nbytes = 3 * ni;
-               MALLOC(sel->ibits, u_int32_t *, sel->nbytes, M_TEMP, M_WAITOK | M_ZERO);
-               MALLOC(sel->obits, u_int32_t *, sel->nbytes, M_TEMP, M_WAITOK | M_ZERO);
-               if ((sel->ibits == NULL) || (sel->obits == NULL))
-                       panic("select out of memory");
-               needzerofill = 0;
-       }
-
-       /*
-        * if the previously allocated space for the bits
-        * is smaller than what is requested. Reallocate.
+        * if the previously allocated space for the bits is smaller than
+        * what is requested or no space has yet been allocated for this
+        * thread, allocate enough space now.
+        *
+        * Note: If this process fails, select() will return EAGAIN; this
+        * is the same thing pool() returns in a no-memory situation, but
+        * it is not a POSIX compliant error code for select().
         */
        if (sel->nbytes < (3 * ni)) {
         */
        if (sel->nbytes < (3 * ni)) {
-               sel->nbytes = (3 * ni);
-               FREE(sel->ibits, M_TEMP);
-               FREE(sel->obits, M_TEMP);
-               MALLOC(sel->ibits, u_int32_t *, sel->nbytes, M_TEMP, M_WAITOK | M_ZERO);
-               MALLOC(sel->obits, u_int32_t *, sel->nbytes, M_TEMP, M_WAITOK | M_ZERO);
-               if ((sel->ibits == NULL) || (sel->obits == NULL))
-                       panic("select out of memory");
+               int nbytes = 3 * ni;
+
+               /* Free previous allocation, if any */
+               if (sel->ibits != NULL)
+                       FREE(sel->ibits, M_TEMP);
+               if (sel->obits != NULL) {
+                       FREE(sel->obits, M_TEMP);
+                       /* NULL out; subsequent ibits allocation may fail */
+                       sel->obits = NULL;
+               }
+
+               MALLOC(sel->ibits, u_int32_t *, nbytes, M_TEMP, M_WAITOK | M_ZERO);
+               if (sel->ibits == NULL)
+                       return (EAGAIN);
+               MALLOC(sel->obits, u_int32_t *, nbytes, M_TEMP, M_WAITOK | M_ZERO);
+               if (sel->obits == NULL) {
+                       FREE(sel->ibits, M_TEMP);
+                       sel->ibits = NULL;
+                       return (EAGAIN);
+               }
+               sel->nbytes = nbytes;
                needzerofill = 0;
                needzerofill = 0;
-       }   
+       }
 
        if (needzerofill) {
                bzero((caddr_t)sel->ibits, sel->nbytes);
 
        if (needzerofill) {
                bzero((caddr_t)sel->ibits, sel->nbytes);
@@ -993,13 +1035,16 @@ select(struct proc *p, struct select_args *uap, register_t *retval)
        if (uap->tv) {
                struct timeval atv;
                if (IS_64BIT_PROCESS(p)) {
        if (uap->tv) {
                struct timeval atv;
                if (IS_64BIT_PROCESS(p)) {
-                       struct user_timeval atv64;
+                       struct user64_timeval atv64;
                        error = copyin(uap->tv, (caddr_t)&atv64, sizeof(atv64));
                        /* Loses resolution - assume timeout < 68 years */
                        atv.tv_sec = atv64.tv_sec;
                        atv.tv_usec = atv64.tv_usec;
                } else {
                        error = copyin(uap->tv, (caddr_t)&atv64, sizeof(atv64));
                        /* Loses resolution - assume timeout < 68 years */
                        atv.tv_sec = atv64.tv_sec;
                        atv.tv_usec = atv64.tv_usec;
                } else {
-                       error = copyin(uap->tv, (caddr_t)&atv, sizeof(atv));
+                       struct user32_timeval atv32;
+                       error = copyin(uap->tv, (caddr_t)&atv32, sizeof(atv32));
+                       atv.tv_sec = atv32.tv_sec;
+                       atv.tv_usec = atv32.tv_usec;
                }
                if (error)
                        goto continuation;
                }
                if (error)
                        goto continuation;
@@ -1009,41 +1054,51 @@ select(struct proc *p, struct select_args *uap, register_t *retval)
                }
 
                clock_absolutetime_interval_to_deadline(
                }
 
                clock_absolutetime_interval_to_deadline(
-                                                                               tvtoabstime(&atv), &sel->abstime);
+                                                                               tvtoabstime(&atv), &sel->data->abstime);
        }
        else
        }
        else
-               sel->abstime = 0;
+               sel->data->abstime = 0;
 
 
-       if ( (error = selcount(p, sel->ibits, sel->obits, uap->nd, &count)) ) {
+       if ( (error = selcount(p, sel->ibits, uap->nd, &count)) ) {
                        goto continuation;
        }
 
                        goto continuation;
        }
 
-       sel->count = count;
+       sel->data->count = count;
        size = SIZEOF_WAITQUEUE_SET + (count * SIZEOF_WAITQUEUE_LINK);
        size = SIZEOF_WAITQUEUE_SET + (count * SIZEOF_WAITQUEUE_LINK);
-       if (sel->allocsize) {
-               if (sel->wqset == 0)
+       if (uth->uu_allocsize) {
+               if (uth->uu_wqset == 0)
                        panic("select: wql memory smashed");
                /* needed for the select now */
                        panic("select: wql memory smashed");
                /* needed for the select now */
-               if (size > sel->allocsize) {
-                       kfree(sel->wqset,  sel->allocsize);
-                       sel->allocsize = size;
-                       sel->wqset = (wait_queue_set_t)kalloc(size);
-                       if (sel->wqset == (wait_queue_set_t)NULL)
+               if (size > uth->uu_allocsize) {
+                       kfree(uth->uu_wqset,  uth->uu_allocsize);
+                       uth->uu_allocsize = size;
+                       uth->uu_wqset = (wait_queue_set_t)kalloc(size);
+                       if (uth->uu_wqset == (wait_queue_set_t)NULL)
                                panic("failed to allocate memory for waitqueue\n");
                }
        } else {
                                panic("failed to allocate memory for waitqueue\n");
                }
        } else {
-               sel->count = count;
-               sel->allocsize = size;
-               sel->wqset = (wait_queue_set_t)kalloc(sel->allocsize);
-               if (sel->wqset == (wait_queue_set_t)NULL)
+               uth->uu_allocsize = size;
+               uth->uu_wqset = (wait_queue_set_t)kalloc(uth->uu_allocsize);
+               if (uth->uu_wqset == (wait_queue_set_t)NULL)
                        panic("failed to allocate memory for waitqueue\n");
        }
                        panic("failed to allocate memory for waitqueue\n");
        }
-       bzero(sel->wqset, size);
-       sel->wql = (char *)sel->wqset + SIZEOF_WAITQUEUE_SET;
-       wait_queue_set_init(sel->wqset, (SYNC_POLICY_FIFO | SYNC_POLICY_PREPOST));
+       bzero(uth->uu_wqset, size);
+       sel->data->wql = (char *)uth->uu_wqset + SIZEOF_WAITQUEUE_SET;
+       wait_queue_set_init(uth->uu_wqset, (SYNC_POLICY_FIFO | SYNC_POLICY_PREPOST));
 
 continuation:
 
 continuation:
-       return selprocess(error, SEL_FIRSTPASS);
+
+       if (error) {
+               /*
+                * We have already cleaned up any state we established,
+                * either locally or as a result of selcount().  We don't
+                * need to wait_subqueue_unlink_all(), since we haven't set
+                * anything at this point.
+                */
+               return (error);
+       }
+
+       return selprocess(0, SEL_FIRSTPASS);
 }
 
 int
 }
 
 int
@@ -1052,6 +1107,13 @@ selcontinue(int error)
        return selprocess(error, SEL_SECONDPASS);
 }
 
        return selprocess(error, SEL_SECONDPASS);
 }
 
+
+/*
+ * selprocess
+ *
+ * Parameters: error                   The error code from our caller
+ *             sel_pass                The pass we are on
+ */
 int
 selprocess(int error, int sel_pass)
 {
 int
 selprocess(int error, int sel_pass)
 {
@@ -1076,24 +1138,28 @@ selprocess(int error, int sel_pass)
        uth = get_bsdthread_info(th_act);
        sel = &uth->uu_select;
 
        uth = get_bsdthread_info(th_act);
        sel = &uth->uu_select;
 
-       /* if it is first pass wait queue is not setup yet */
        if ((error != 0) && (sel_pass == SEL_FIRSTPASS))
                        unwind = 0;
        if ((error != 0) && (sel_pass == SEL_FIRSTPASS))
                        unwind = 0;
-       if (sel->count == 0)
+       if (sel->data->count == 0)
                        unwind = 0;
 retry:
        if (error != 0) {
                        unwind = 0;
 retry:
        if (error != 0) {
-         goto done;
+               sel_pass = SEL_FIRSTPASS;       /* Reset for seldrop */
+               goto done;
        }
 
        ncoll = nselcoll;
        }
 
        ncoll = nselcoll;
-       p->p_flag |= P_SELECT;
+       OSBitOrAtomic(P_SELECT, &p->p_flag);
        /* skip scans if the select is just for timeouts */
        /* skip scans if the select is just for timeouts */
-       if (sel->count) {
+       if (sel->data->count) {
+               /*
+                * Clear out any dangling refs from prior calls; technically
+                * there should not be any.
+                */
                if (sel_pass == SEL_FIRSTPASS)
                if (sel_pass == SEL_FIRSTPASS)
-                       wait_queue_sub_clearrefs(sel->wqset);
+                       wait_queue_sub_clearrefs(uth->uu_wqset);
 
 
-               error = selscan(p, sel, uap->nd, retval, sel_pass, sel->wqset);
+               error = selscan(p, sel, uap->nd, retval, sel_pass, (wait_queue_sub_t)uth->uu_wqset);
                if (error || *retval) {
                        goto done;
                }
                if (error || *retval) {
                        goto done;
                }
@@ -1114,7 +1180,7 @@ retry:
                uint64_t        now;
 
                clock_get_uptime(&now);
                uint64_t        now;
 
                clock_get_uptime(&now);
-               if (now >= sel->abstime)
+               if (now >= sel->data->abstime)
                        goto done;
        }
 
                        goto done;
        }
 
@@ -1129,7 +1195,7 @@ retry:
         * To effect a poll, the timeout argument should be
         * non-nil, pointing to a zero-valued timeval structure.
         */
         * To effect a poll, the timeout argument should be
         * non-nil, pointing to a zero-valued timeval structure.
         */
-       if (uap->tv && sel->abstime == 0) {
+       if (uap->tv && sel->data->abstime == 0) {
                goto done;
        }
 
                goto done;
        }
 
@@ -1139,15 +1205,16 @@ retry:
                goto retry;
        }
 
                goto retry;
        }
 
-       p->p_flag &= ~P_SELECT;
+       OSBitAndAtomic(~((uint32_t)P_SELECT), &p->p_flag);
 
        /* if the select is just for timeout skip check */
 
        /* if the select is just for timeout skip check */
-       if (sel->count &&(sel_pass == SEL_SECONDPASS))
+       if (sel->data->count &&(sel_pass == SEL_SECONDPASS))
                panic("selprocess: 2nd pass assertwaiting");
 
        /* Wait Queue Subordinate has waitqueue as first element */
                panic("selprocess: 2nd pass assertwaiting");
 
        /* Wait Queue Subordinate has waitqueue as first element */
-       wait_result = wait_queue_assert_wait((wait_queue_t)sel->wqset,
-                                            &selwait, THREAD_ABORTSAFE, sel->abstime);
+       wait_result = wait_queue_assert_wait_with_leeway((wait_queue_t)uth->uu_wqset,
+                                            NULL, THREAD_ABORTSAFE,
+                                            TIMEOUT_URGENCY_USER_NORMAL, sel->data->abstime, 0);
        if (wait_result != THREAD_AWAKENED) {
                /* there are no preposted events */
                error = tsleep1(NULL, PSOCK | PCATCH,
        if (wait_result != THREAD_AWAKENED) {
                /* there are no preposted events */
                error = tsleep1(NULL, PSOCK | PCATCH,
@@ -1157,18 +1224,18 @@ retry:
                error = 0;
        }
 
                error = 0;
        }
 
-       sel_pass = SEL_SECONDPASS;
        if (error == 0) {
        if (error == 0) {
+               sel_pass = SEL_SECONDPASS;
                if (!prepost)
                if (!prepost)
-                       somewakeup =1;
+                       somewakeup = 1;
                goto retry;
        }
 done:
        if (unwind) {
                goto retry;
        }
 done:
        if (unwind) {
-               wait_subqueue_unlink_all(sel->wqset);
+               wait_subqueue_unlink_all(uth->uu_wqset);
                seldrop(p, sel->ibits, uap->nd);
        }
                seldrop(p, sel->ibits, uap->nd);
        }
-       p->p_flag &= ~P_SELECT;
+       OSBitAndAtomic(~((uint32_t)P_SELECT), &p->p_flag);
        /* select is not restarted after signals... */
        if (error == ERESTART)
                error = EINTR;
        /* select is not restarted after signals... */
        if (error == ERESTART)
                error = EINTR;
@@ -1195,27 +1262,41 @@ done:
        return(error);
 }
 
        return(error);
 }
 
+
+/*
+ * selscan
+ *
+ * Parameters: p                       Process performing the select
+ *             sel                     The per-thread select context structure
+ *             nfd                     The number of file descriptors to scan
+ *             retval                  The per thread system call return area
+ *             sel_pass                Which pass this is; allowed values are
+ *                                             SEL_FIRSTPASS and SEL_SECONDPASS
+ *             wqsub                   The per thread wait queue set
+ *
+ * Returns:    0                       Success
+ *             EIO                     Invalid p->p_fd field XXX Obsolete?
+ *             EBADF                   One of the files in the bit vector is
+ *                                             invalid.
+ */
 static int
 static int
-selscan(p, sel, nfd, retval, sel_pass, wqsub)
-       struct proc *p;
-       struct _select *sel;
-       int nfd;
-       register_t *retval;
-       int sel_pass;
-       wait_queue_sub_t wqsub;
+selscan(struct proc *p, struct _select *sel, int nfd, int32_t *retval,
+       int sel_pass, wait_queue_sub_t wqsub)
 {
 {
-       register struct filedesc *fdp = p->p_fd;
-       register int msk, i, j, fd;
-       register u_int32_t bits;
+       struct filedesc *fdp = p->p_fd;
+       int msk, i, j, fd;
+       u_int32_t bits;
        struct fileproc *fp;
        struct fileproc *fp;
-       int n = 0;
-       int nc = 0;
+       int n = 0;              /* count of bits */
+       int nc = 0;             /* bit vector offset (nc'th bit) */
        static int flag[3] = { FREAD, FWRITE, 0 };
        u_int32_t *iptr, *optr;
        u_int nw;
        u_int32_t *ibits, *obits;
        char * wql;
        char * wql_ptr;
        static int flag[3] = { FREAD, FWRITE, 0 };
        u_int32_t *iptr, *optr;
        u_int nw;
        u_int32_t *ibits, *obits;
        char * wql;
        char * wql_ptr;
+       int count;
+       struct vfs_context context = *vfs_context_current();
 
        /*
         * Problems when reboot; due to MacOSX signal probs
 
        /*
         * Problems when reboot; due to MacOSX signal probs
@@ -1227,14 +1308,15 @@ selscan(p, sel, nfd, retval, sel_pass, wqsub)
        }
        ibits = sel->ibits;
        obits = sel->obits;
        }
        ibits = sel->ibits;
        obits = sel->obits;
-       wql = sel->wql;
+       wql = sel->data->wql;
 
        nw = howmany(nfd, NFDBITS);
 
 
        nw = howmany(nfd, NFDBITS);
 
-       nc = 0;
-       proc_fdlock(p);
+       count = sel->data->count;
 
 
-       if (sel->count) {
+       nc = 0;
+       if (count) {
+               proc_fdlock(p);
                for (msk = 0; msk < 3; msk++) {
                        iptr = (u_int32_t *)&ibits[msk * nw];
                        optr = (u_int32_t *)&obits[msk * nw];
                for (msk = 0; msk < 3; msk++) {
                        iptr = (u_int32_t *)&ibits[msk * nw];
                        optr = (u_int32_t *)&obits[msk * nw];
@@ -1246,21 +1328,37 @@ selscan(p, sel, nfd, retval, sel_pass, wqsub)
                                        bits &= ~(1 << j);
                                        fp = fdp->fd_ofiles[fd];
 
                                        bits &= ~(1 << j);
                                        fp = fdp->fd_ofiles[fd];
 
-                                       if (fp == NULL ||
-                                               (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
+                                       if (fp == NULL || (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
+                                               /*
+                                                * If we abort because of a bad
+                                                * fd, let the caller unwind...
+                                                */
                                                proc_fdunlock(p);
                                                return(EBADF);
                                        }
                                        if (sel_pass == SEL_SECONDPASS) {
                                                wql_ptr = (char *)0;
                                                proc_fdunlock(p);
                                                return(EBADF);
                                        }
                                        if (sel_pass == SEL_SECONDPASS) {
                                                wql_ptr = (char *)0;
-                                               fp->f_flags &= ~FP_INSELECT;
-                                               fp->f_waddr = (void *)0;
+                                               if ((fp->f_flags & FP_INSELECT) && (fp->f_waddr == (void *)wqsub)) {
+                                                       fp->f_flags &= ~FP_INSELECT;
+                                                       fp->f_waddr = (void *)0;
+                                               }
                                        } else {
                                                wql_ptr = (wql + nc * SIZEOF_WAITQUEUE_LINK);
                                        } else {
                                                wql_ptr = (wql + nc * SIZEOF_WAITQUEUE_LINK);
-                                               fp->f_flags |= FP_INSELECT;
-                                               fp->f_waddr = (void *)wqsub;
+                                               if (fp->f_flags & FP_INSELECT) {
+                                                       /* someone is already in select on this fp */
+                                                       fp->f_flags |= FP_SELCONFLICT;
+                                                       wait_queue_link(&select_conflict_queue, (wait_queue_set_t)wqsub);
+                                               } else {
+                                                       fp->f_flags |= FP_INSELECT;
+                                                       fp->f_waddr = (void *)wqsub;
+                                               }
                                        }
                                        }
-                                       if (fp->f_ops && fo_select(fp, flag[msk], wql_ptr, p)) {
+
+                                       context.vc_ucred = fp->f_cred;
+
+                                       /* The select; set the bit, if true */
+                                       if (fp->f_ops && fp->f_type
+                                               && fo_select(fp, flag[msk], wql_ptr, &context)) {
                                                optr[fd/NFDBITS] |= (1 << (fd % NFDBITS));
                                                n++;
                                        }
                                                optr[fd/NFDBITS] |= (1 << (fd % NFDBITS));
                                                n++;
                                        }
@@ -1268,13 +1366,13 @@ selscan(p, sel, nfd, retval, sel_pass, wqsub)
                                }
                        }
                }
                                }
                        }
                }
+               proc_fdunlock(p);
        }
        }
-       proc_fdunlock(p);
        *retval = n;
        return (0);
 }
 
        *retval = n;
        return (0);
 }
 
-static int poll_callback(struct kqueue *, struct kevent *, void *);
+int poll_callback(struct kqueue *, struct kevent64_s *, void *);
 
 struct poll_continue_args {
        user_addr_t pca_fds;
 
 struct poll_continue_args {
        user_addr_t pca_fds;
@@ -1283,7 +1381,15 @@ struct poll_continue_args {
 };
 
 int
 };
 
 int
-poll(struct proc *p, struct poll_args *uap, register_t *retval)
+poll(struct proc *p, struct poll_args *uap, int32_t *retval)
+{
+       __pthread_testcancel(1);
+       return(poll_nocancel(p, (struct poll_nocancel_args *)uap, retval));
+}
+
+
+int
+poll_nocancel(struct proc *p, struct poll_nocancel_args *uap, int32_t *retval)
 {
        struct poll_continue_args *cont;
        struct pollfd *fds;
 {
        struct poll_continue_args *cont;
        struct pollfd *fds;
@@ -1303,7 +1409,7 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval)
         * safe, but not overly restrictive.
         */
        if (nfds > OPEN_MAX ||
         * safe, but not overly restrictive.
         */
        if (nfds > OPEN_MAX ||
-           (nfds > p->p_rlimit[RLIMIT_NOFILE].rlim_cur && nfds > FD_SETSIZE))
+           (nfds > p->p_rlimit[RLIMIT_NOFILE].rlim_cur && (proc_suser(p) || nfds > FD_SETSIZE)))
                return (EINVAL);
 
        kq = kqueue_alloc(p);
                return (EINVAL);
 
        kq = kqueue_alloc(p);
@@ -1340,11 +1446,10 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval)
 
        /* JMM - all this P_SELECT stuff is bogus */
        ncoll = nselcoll;
 
        /* JMM - all this P_SELECT stuff is bogus */
        ncoll = nselcoll;
-       p->p_flag |= P_SELECT;
-
+       OSBitOrAtomic(P_SELECT, &p->p_flag);
        for (i = 0; i < nfds; i++) {
                short events = fds[i].events;
        for (i = 0; i < nfds; i++) {
                short events = fds[i].events;
-               struct kevent kev;
+               struct kevent64_s kev;
                int kerror = 0;
 
                /* per spec, ignore fd values below zero */
                int kerror = 0;
 
                /* per spec, ignore fd values below zero */
@@ -1356,12 +1461,14 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval)
                /* convert the poll event into a kqueue kevent */
                kev.ident = fds[i].fd;
                kev.flags = EV_ADD | EV_ONESHOT | EV_POLL;
                /* convert the poll event into a kqueue kevent */
                kev.ident = fds[i].fd;
                kev.flags = EV_ADD | EV_ONESHOT | EV_POLL;
-               kev.fflags = NOTE_LOWAT;
-               kev.data = 1; /* efficiency be damned: any data should trigger */
                kev.udata = CAST_USER_ADDR_T(&fds[i]);
                kev.udata = CAST_USER_ADDR_T(&fds[i]);
+               kev.fflags = 0;
+               kev.data = 0;
+               kev.ext[0] = 0;
+               kev.ext[1] = 0;
 
                /* Handle input events */
 
                /* Handle input events */
-               if (events & ( POLLIN | POLLRDNORM | POLLPRI | POLLRDBAND )) {
+               if (events & ( POLLIN | POLLRDNORM | POLLPRI | POLLRDBAND | POLLHUP )) {
                        kev.filter = EVFILT_READ;
                        if (!(events & ( POLLIN | POLLRDNORM )))
                                kev.flags |= EV_OOBAND;
                        kev.filter = EVFILT_READ;
                        if (!(events & ( POLLIN | POLLRDNORM )))
                                kev.flags |= EV_OOBAND;
@@ -1406,11 +1513,11 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval)
        cont->pca_fds = uap->fds;
        cont->pca_nfds = nfds;
        cont->pca_rfds = rfds;
        cont->pca_fds = uap->fds;
        cont->pca_nfds = nfds;
        cont->pca_rfds = rfds;
-       error = kevent_scan(kq, poll_callback, NULL, cont, &atv, p);
+       error = kqueue_scan(kq, poll_callback, NULL, cont, &atv, p);
        rfds = cont->pca_rfds;
 
  done:
        rfds = cont->pca_rfds;
 
  done:
-       p->p_flag &= ~P_SELECT;
+       OSBitAndAtomic(~((uint32_t)P_SELECT), &p->p_flag);
        /* poll is not restarted after signals... */
        if (error == ERESTART)
                error = EINTR;
        /* poll is not restarted after signals... */
        if (error == ERESTART)
                error = EINTR;
@@ -1425,15 +1532,16 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval)
        if (NULL != cont)
                FREE(cont, M_TEMP);
 
        if (NULL != cont)
                FREE(cont, M_TEMP);
 
-       kqueue_dealloc(kq, p);
+       kqueue_dealloc(kq);
        return (error);
 }
 
        return (error);
 }
 
-static int
-poll_callback(__unused struct kqueue *kq, struct kevent *kevp, void *data)
+int
+poll_callback(__unused struct kqueue *kq, struct kevent64_s *kevp, void *data)
 {
        struct poll_continue_args *cont = (struct poll_continue_args *)data;
        struct pollfd *fds = CAST_DOWN(struct pollfd *, kevp->udata);
 {
        struct poll_continue_args *cont = (struct poll_continue_args *)data;
        struct pollfd *fds = CAST_DOWN(struct pollfd *, kevp->udata);
+       short prev_revents = fds->revents;
        short mask;
 
        /* convert the results back into revents */
        short mask;
 
        /* convert the results back into revents */
@@ -1441,7 +1549,6 @@ poll_callback(__unused struct kqueue *kq, struct kevent *kevp, void *data)
                fds->revents |= POLLHUP;
        if (kevp->flags & EV_ERROR)
                fds->revents |= POLLERR;
                fds->revents |= POLLHUP;
        if (kevp->flags & EV_ERROR)
                fds->revents |= POLLERR;
-       cont->pca_rfds++;
 
        switch (kevp->filter) {
        case EVFILT_READ:
 
        switch (kevp->filter) {
        case EVFILT_READ:
@@ -1462,7 +1569,7 @@ poll_callback(__unused struct kqueue *kq, struct kevent *kevp, void *data)
                        fds->revents |= (fds->events & ( POLLOUT | POLLWRNORM | POLLWRBAND ));
                break;
 
                        fds->revents |= (fds->events & ( POLLOUT | POLLWRNORM | POLLWRBAND ));
                break;
 
-       case EVFILT_PROC:
+       case EVFILT_VNODE:
                if (kevp->fflags & NOTE_EXTEND)
                        fds->revents |= (fds->events & POLLEXTEND);
                if (kevp->fflags & NOTE_ATTRIB)
                if (kevp->fflags & NOTE_EXTEND)
                        fds->revents |= (fds->events & POLLEXTEND);
                if (kevp->fflags & NOTE_ATTRIB)
@@ -1473,6 +1580,10 @@ poll_callback(__unused struct kqueue *kq, struct kevent *kevp, void *data)
                        fds->revents |= (fds->events & POLLWRITE);
                break;
        }
                        fds->revents |= (fds->events & POLLWRITE);
                break;
        }
+
+       if (fds->revents != 0 && prev_revents == 0)
+               cont->pca_rfds++;
+
        return 0;
 }
        
        return 0;
 }
        
@@ -1483,26 +1594,50 @@ seltrue(__unused dev_t dev, __unused int flag, __unused struct proc *p)
        return (1);
 }
 
        return (1);
 }
 
+/*
+ * selcount
+ *
+ * Count the number of bits set in the input bit vector, and establish an
+ * outstanding fp->f_iocount for each of the descriptors which will be in
+ * use in the select operation.
+ *
+ * Parameters: p                       The process doing the select
+ *             ibits                   The input bit vector
+ *             nfd                     The number of fd's in the vector
+ *             countp                  Pointer to where to store the bit count
+ *
+ * Returns:    0                       Success
+ *             EIO                     Bad per process open file table
+ *             EBADF                   One of the bits in the input bit vector
+ *                                             references an invalid fd
+ *
+ * Implicit:   *countp (modified)      Count of fd's
+ *
+ * Notes:      This function is the first pass under the proc_fdlock() that
+ *             permits us to recognize invalid descriptors in the bit vector;
+ *             the may, however, not remain valid through the drop and
+ *             later reacquisition of the proc_fdlock().
+ */
 static int
 static int
-selcount(struct proc *p, u_int32_t *ibits, __unused u_int32_t *obits, 
-                int nfd, int *count)
+selcount(struct proc *p, u_int32_t *ibits, int nfd, int *countp)
 {
 {
-       register struct filedesc *fdp = p->p_fd;
-       register int msk, i, j, fd;
-       register u_int32_t bits;
+       struct filedesc *fdp = p->p_fd;
+       int msk, i, j, fd;
+       u_int32_t bits;
        struct fileproc *fp;
        int n = 0;
        u_int32_t *iptr;
        u_int nw;
        int error=0; 
        int dropcount;
        struct fileproc *fp;
        int n = 0;
        u_int32_t *iptr;
        u_int nw;
        int error=0; 
        int dropcount;
+       int need_wakeup = 0;
 
        /*
         * Problems when reboot; due to MacOSX signal probs
         * in Beaker1C ; verify that the p->p_fd is valid
         */
        if (fdp == NULL) {
 
        /*
         * Problems when reboot; due to MacOSX signal probs
         * in Beaker1C ; verify that the p->p_fd is valid
         */
        if (fdp == NULL) {
-               *count=0;
+               *countp = 0;
                return(EIO);
        }
        nw = howmany(nfd, NFDBITS);
                return(EIO);
        }
        nw = howmany(nfd, NFDBITS);
@@ -1517,7 +1652,7 @@ selcount(struct proc *p, u_int32_t *ibits, __unused u_int32_t *obits,
                                fp = fdp->fd_ofiles[fd];
                                if (fp == NULL ||
                                        (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
                                fp = fdp->fd_ofiles[fd];
                                if (fp == NULL ||
                                        (fdp->fd_ofileflags[fd] & UF_RESERVED)) {
-                                               *count=0;
+                                               *countp = 0;
                                                error = EBADF;
                                                goto bad;
                                }
                                                error = EBADF;
                                                goto bad;
                                }
@@ -1528,51 +1663,65 @@ selcount(struct proc *p, u_int32_t *ibits, __unused u_int32_t *obits,
        }
        proc_fdunlock(p);
 
        }
        proc_fdunlock(p);
 
-       *count = n;
+       *countp = n;
        return (0);
        return (0);
+
 bad:
        dropcount = 0;
        
        if (n== 0)
                goto out;
 bad:
        dropcount = 0;
        
        if (n== 0)
                goto out;
-       /* undo the iocounts */
-       for (msk = 0; msk < 3; msk++) {
-               iptr = (u_int32_t *)&ibits[msk * nw];
-               for (i = 0; i < nfd; i += NFDBITS) {
-                       bits = iptr[i/NFDBITS];
-                       while ((j = ffs(bits)) && (fd = i + --j) < nfd) {
-                               bits &= ~(1 << j);
-                               fp = fdp->fd_ofiles[fd];
-                               if (dropcount >= n)
-                                       goto out;
-                               fp->f_iocount--;
+       /* Ignore error return; it's already EBADF */
+       (void)seldrop_locked(p, ibits, nfd, n, &need_wakeup, 1);
 
 
-                               if (p->p_fpdrainwait && fp->f_iocount == 0) {
-                                       p->p_fpdrainwait = 0;
-                                       wakeup(&p->p_fpdrainwait);
-                               }
-                               dropcount++;
-                       }
-               }
-       }
 out:
        proc_fdunlock(p);
 out:
        proc_fdunlock(p);
+       if (need_wakeup) {
+               wakeup(&p->p_fpdrainwait);
+       }
        return(error);
 }
 
        return(error);
 }
 
+
+/*
+ * seldrop_locked
+ *
+ * Drop outstanding wait queue references set up during selscan(); drop the
+ * outstanding per fileproc f_iocount() picked up during the selcount().
+ *
+ * Parameters: p                       Process performing the select
+ *             ibits                   Input pit bector of fd's
+ *             nfd                     Number of fd's
+ *             lim                     Limit to number of vector entries to
+ *                                             consider, or -1 for "all"
+ *             inselect                True if
+ *             need_wakeup             Pointer to flag to set to do a wakeup
+ *                                     if f_iocont on any descriptor goes to 0
+ *
+ * Returns:    0                       Success
+ *             EBADF                   One or more fds in the bit vector
+ *                                             were invalid, but the rest
+ *                                             were successfully dropped
+ *
+ * Notes:      An fd make become bad while the proc_fdlock() is not held,
+ *             if a multithreaded application closes the fd out from under
+ *             the in progress select.  In this case, we still have to
+ *             clean up after the set up on the remaining fds.
+ */
 static int
 static int
-seldrop(p, ibits, nfd)
-       struct proc *p;
-       u_int32_t *ibits;
-       int nfd;
+seldrop_locked(struct proc *p, u_int32_t *ibits, int nfd, int lim, int *need_wakeup, int fromselcount)
 {
 {
-       register struct filedesc *fdp = p->p_fd;
-       register int msk, i, j, fd;
-       register u_int32_t bits;
+       struct filedesc *fdp = p->p_fd;
+       int msk, i, j, fd;
+       u_int32_t bits;
        struct fileproc *fp;
        struct fileproc *fp;
-       int n = 0;
        u_int32_t *iptr;
        u_int nw;
        u_int32_t *iptr;
        u_int nw;
+       int error = 0;
+       int dropcount = 0;
+       uthread_t uth = get_bsdthread_info(current_thread());
+
+       *need_wakeup = 0;
 
        /*
         * Problems when reboot; due to MacOSX signal probs
 
        /*
         * Problems when reboot; due to MacOSX signal probs
@@ -1584,8 +1733,6 @@ seldrop(p, ibits, nfd)
 
        nw = howmany(nfd, NFDBITS);
 
 
        nw = howmany(nfd, NFDBITS);
 
-
-       proc_fdlock(p);
        for (msk = 0; msk < 3; msk++) {
                iptr = (u_int32_t *)&ibits[msk * nw];
                for (i = 0; i < nfd; i += NFDBITS) {
        for (msk = 0; msk < 3; msk++) {
                iptr = (u_int32_t *)&ibits[msk * nw];
                for (i = 0; i < nfd; i += NFDBITS) {
@@ -1593,28 +1740,67 @@ seldrop(p, ibits, nfd)
                        while ((j = ffs(bits)) && (fd = i + --j) < nfd) {
                                bits &= ~(1 << j);
                                fp = fdp->fd_ofiles[fd];
                        while ((j = ffs(bits)) && (fd = i + --j) < nfd) {
                                bits &= ~(1 << j);
                                fp = fdp->fd_ofiles[fd];
-                               if (fp == NULL 
-#if 0
-                       /* if you are here then it is being closed */
-                                       || (fdp->fd_ofileflags[fd] & UF_RESERVED)
-#endif
-                                       ) {
-                                               proc_fdunlock(p);
-                                               return(EBADF);
+                               /*
+                                * If we've already dropped as many as were
+                                * counted/scanned, then we are done.  
+                                */
+                               if ((fromselcount != 0) && (++dropcount > lim))
+                                       goto done;
+
+                               if (fp == NULL) {
+                                       /* skip (now) bad fds */
+                                       error = EBADF;
+                                       continue;
+                               }
+                               /*
+                                * Only clear the flag if we set it.  We'll
+                                * only find that we set it if we had made
+                                * at least one [partial] pass through selscan().
+                                */
+                               if ((fp->f_flags & FP_INSELECT) && (fp->f_waddr == (void *)uth->uu_wqset)) {
+                                       fp->f_flags &= ~FP_INSELECT;
+                                       fp->f_waddr = (void *)0;
                                }
                                }
-                               n++;
-                               fp->f_iocount--;
-                               fp->f_flags &= ~FP_INSELECT;
 
 
-                               if (p->p_fpdrainwait && fp->f_iocount == 0) {
-                                       p->p_fpdrainwait = 0;
-                                       wakeup(&p->p_fpdrainwait);
+                               fp->f_iocount--;
+                               if (fp->f_iocount < 0)
+                                       panic("f_iocount overdecrement!");
+
+                               if (fp->f_iocount == 0) {
+                                       /*
+                                        * The last iocount is responsible for clearing
+                                        * selconfict flag - even if we didn't set it -
+                                        * and is also responsible for waking up anyone
+                                        * waiting on iocounts to drain.
+                                        */
+                                       if (fp->f_flags & FP_SELCONFLICT)
+                                               fp->f_flags &= ~FP_SELCONFLICT;
+                                       if (p->p_fpdrainwait) {
+                                               p->p_fpdrainwait = 0;
+                                               *need_wakeup = 1;
+                                       }
                                }
                        }
                }
        }
                                }
                        }
                }
        }
+done:
+       return (error);
+}
+
+
+static int
+seldrop(struct proc *p, u_int32_t *ibits, int nfd)
+{
+       int error;
+       int need_wakeup = 0;
+
+       proc_fdlock(p);
+       error =  seldrop_locked(p, ibits, nfd, nfd, &need_wakeup, 0);
        proc_fdunlock(p);
        proc_fdunlock(p);
-       return (0);
+       if (need_wakeup) {
+               wakeup(&p->p_fpdrainwait);
+       }
+       return (error);
 }
 
 /*
 }
 
 /*
@@ -1628,12 +1814,8 @@ selrecord(__unused struct proc *selector, struct selinfo *sip, void * p_wql)
 
        /* need to look at collisions */
 
 
        /* need to look at collisions */
 
-       if ((p_wql == (void *)0) && ((sip->si_flags & SI_INITED) == 0)) {
-               return;
-       }
-
        /*do not record if this is second pass of select */
        /*do not record if this is second pass of select */
-       if((p_wql == (void *)0)) {
+       if(p_wql == (void *)0) {
                return;
        }
 
                return;
        }
 
@@ -1649,16 +1831,15 @@ selrecord(__unused struct proc *selector, struct selinfo *sip, void * p_wql)
                sip->si_flags &= ~SI_COLL;
 
        sip->si_flags |= SI_RECORDED;
                sip->si_flags &= ~SI_COLL;
 
        sip->si_flags |= SI_RECORDED;
-       if (!wait_queue_member(&sip->si_wait_queue, ut->uu_select.wqset))
-               wait_queue_link_noalloc(&sip->si_wait_queue, ut->uu_select.wqset,
+       if (!wait_queue_member(&sip->si_wait_queue, ut->uu_wqset))
+               wait_queue_link_noalloc(&sip->si_wait_queue, ut->uu_wqset,
                                        (wait_queue_link_t)p_wql);
 
        return;
 }
 
 void
                                        (wait_queue_link_t)p_wql);
 
        return;
 }
 
 void
-selwakeup(sip)
-       register struct selinfo *sip;
+selwakeup(struct selinfo *sip)
 {
        
        if ((sip->si_flags & SI_INITED) == 0) {
 {
        
        if ((sip->si_flags & SI_INITED) == 0) {
@@ -1675,15 +1856,14 @@ selwakeup(sip)
        }
 
        if (sip->si_flags & SI_RECORDED) {
        }
 
        if (sip->si_flags & SI_RECORDED) {
-               wait_queue_wakeup_all(&sip->si_wait_queue, &selwait, THREAD_AWAKENED);
+               wait_queue_wakeup_all(&sip->si_wait_queue, NULL, THREAD_AWAKENED);
                sip->si_flags &= ~SI_RECORDED;
        }
 
 }
 
 void 
                sip->si_flags &= ~SI_RECORDED;
        }
 
 }
 
 void 
-selthreadclear(sip)
-       register struct selinfo *sip;
+selthreadclear(struct selinfo *sip)
 {
 
        if ((sip->si_flags & SI_INITED) == 0) {
 {
 
        if ((sip->si_flags & SI_INITED) == 0) {
@@ -1694,14 +1874,12 @@ selthreadclear(sip)
                        sip->si_flags &= ~(SI_RECORDED | SI_COLL);
        }
        sip->si_flags |= SI_CLEAR;
                        sip->si_flags &= ~(SI_RECORDED | SI_COLL);
        }
        sip->si_flags |= SI_CLEAR;
-       wait_queue_unlinkall_nofree(&sip->si_wait_queue);
+       wait_queue_unlink_all(&sip->si_wait_queue);
 }
 
 
 
 
 }
 
 
 
 
-#define DBG_EVENT      0x10
-
 #define DBG_POST       0x10
 #define DBG_WATCH      0x11
 #define DBG_WAIT       0x12
 #define DBG_POST       0x10
 #define DBG_WATCH      0x11
 #define DBG_WAIT       0x12
@@ -1791,7 +1969,7 @@ evprocenque(struct eventqelt *evq)
        assert(evq);
        p = evq->ee_proc;
 
        assert(evq);
        p = evq->ee_proc;
 
-       KERNEL_DEBUG(DBG_MISC_ENQUEUE|DBG_FUNC_START, evq, evq->ee_flags, evq->ee_eventmask,0,0);
+       KERNEL_DEBUG(DBG_MISC_ENQUEUE|DBG_FUNC_START, (uint32_t)evq, evq->ee_flags, evq->ee_eventmask,0,0);
 
        proc_lock(p);
 
 
        proc_lock(p);
 
@@ -1841,14 +2019,14 @@ postpipeevent(struct pipe *pipep, int event)
                          evq->ee_req.er_rcnt = pipep->pipe_buffer.cnt;
                  }
                  if ((evq->ee_eventmask & EV_WR) && 
                          evq->ee_req.er_rcnt = pipep->pipe_buffer.cnt;
                  }
                  if ((evq->ee_eventmask & EV_WR) && 
-                     (pipep->pipe_buffer.size - pipep->pipe_buffer.cnt) >= PIPE_BUF) {
+                     (MAX(pipep->pipe_buffer.size,PIPE_SIZE) - pipep->pipe_buffer.cnt) >= PIPE_BUF) {
 
                          if (pipep->pipe_state & PIPE_EOF) {
                                  mask |= EV_WR|EV_RESET;
                                  break;
                          }
                          mask |= EV_WR;
 
                          if (pipep->pipe_state & PIPE_EOF) {
                                  mask |= EV_WR|EV_RESET;
                                  break;
                          }
                          mask |= EV_WR;
-                         evq->ee_req.er_wcnt = pipep->pipe_buffer.size - pipep->pipe_buffer.cnt;
+                         evq->ee_req.er_wcnt = MAX(pipep->pipe_buffer.size, PIPE_SIZE) - pipep->pipe_buffer.cnt;
                  }
                  break;
 
                  }
                  break;
 
@@ -1883,7 +2061,7 @@ postpipeevent(struct pipe *pipep, int event)
                         */
                        evq->ee_req.er_eventbits |= mask;
 
                         */
                        evq->ee_req.er_eventbits |= mask;
 
-                       KERNEL_DEBUG(DBG_MISC_POST, evq, evq->ee_req.er_eventbits, mask, 1,0);
+                       KERNEL_DEBUG(DBG_MISC_POST, (uint32_t)evq, evq->ee_req.er_eventbits, mask, 1,0);
 
                        evprocenque(evq);
                }
 
                        evprocenque(evq);
                }
@@ -1891,7 +2069,7 @@ postpipeevent(struct pipe *pipep, int event)
        KERNEL_DEBUG(DBG_MISC_POST|DBG_FUNC_END, 0,0,0,1,0);
 }
 
        KERNEL_DEBUG(DBG_MISC_POST|DBG_FUNC_END, 0,0,0,1,0);
 }
 
-
+#if SOCKETS
 /*
  * given either a sockbuf or a socket run down the
  * event list and queue ready events found...
 /*
  * given either a sockbuf or a socket run down the
  * event list and queue ready events found...
@@ -1954,13 +2132,19 @@ postevent(struct socket *sp, struct sockbuf *sb, int event)
                   */
                case EV_RWBYTES:
                  if ((evq->ee_eventmask & EV_RE) && soreadable(sp)) {
                   */
                case EV_RWBYTES:
                  if ((evq->ee_eventmask & EV_RE) && soreadable(sp)) {
-                         if (sp->so_error) {
-                                 if ((sp->so_type == SOCK_STREAM) && ((sp->so_error == ECONNREFUSED) || (sp->so_error == ECONNRESET))) {
-                                         if ((sp->so_pcb == 0) || (((struct inpcb *)sp->so_pcb)->inp_state == INPCB_STATE_DEAD) || !(tp = sototcpcb(sp)) ||
-                                             (tp->t_state == TCPS_CLOSED)) {
-                                                 mask |= EV_RE|EV_RESET;
-                                                 break;
-                                         }
+                         /* for AFP/OT purposes; may go away in future */
+                         if ((SOCK_DOM(sp) == PF_INET ||
+                             SOCK_DOM(sp) == PF_INET6) &&
+                             SOCK_PROTO(sp) == IPPROTO_TCP &&
+                             (sp->so_error == ECONNREFUSED ||
+                             sp->so_error == ECONNRESET)) {
+                                 if (sp->so_pcb == NULL ||
+                                     sotoinpcb(sp)->inp_state ==
+                                     INPCB_STATE_DEAD ||
+                                     (tp = sototcpcb(sp)) == NULL ||
+                                     tp->t_state == TCPS_CLOSED) {
+                                         mask |= EV_RE|EV_RESET;
+                                         break;
                                  }
                          }
                          mask |= EV_RE;
                                  }
                          }
                          mask |= EV_RE;
@@ -1972,13 +2156,19 @@ postevent(struct socket *sp, struct sockbuf *sb, int event)
                          }
                  }
                  if ((evq->ee_eventmask & EV_WR) && sowriteable(sp)) {
                          }
                  }
                  if ((evq->ee_eventmask & EV_WR) && sowriteable(sp)) {
-                         if (sp->so_error) {
-                                 if ((sp->so_type == SOCK_STREAM) && ((sp->so_error == ECONNREFUSED) || (sp->so_error == ECONNRESET))) {
-                                         if ((sp->so_pcb == 0) || (((struct inpcb *)sp->so_pcb)->inp_state == INPCB_STATE_DEAD) || !(tp = sototcpcb(sp)) ||
-                                             (tp->t_state == TCPS_CLOSED)) {
-                                                 mask |= EV_WR|EV_RESET;
-                                                 break;
-                                         }
+                         /* for AFP/OT purposes; may go away in future */
+                         if ((SOCK_DOM(sp) == PF_INET ||
+                             SOCK_DOM(sp) == PF_INET6) &&
+                             SOCK_PROTO(sp) == IPPROTO_TCP &&
+                             (sp->so_error == ECONNREFUSED ||
+                             sp->so_error == ECONNRESET)) {
+                                 if (sp->so_pcb == NULL ||
+                                     sotoinpcb(sp)->inp_state ==
+                                     INPCB_STATE_DEAD ||
+                                     (tp = sototcpcb(sp)) == NULL ||
+                                     tp->t_state == TCPS_CLOSED) {
+                                         mask |= EV_WR|EV_RESET;
+                                         break;
                                  }
                          }
                          mask |= EV_WR;
                                  }
                          }
                          mask |= EV_WR;
@@ -2058,6 +2248,7 @@ postevent(struct socket *sp, struct sockbuf *sb, int event)
        }
        KERNEL_DEBUG(DBG_MISC_POST|DBG_FUNC_END, (int)sp, 0, 0, 0, 0);
 }
        }
        KERNEL_DEBUG(DBG_MISC_POST|DBG_FUNC_END, (int)sp, 0, 0, 0, 0);
 }
+#endif /* SOCKETS */
 
 
 /*
 
 
 /*
@@ -2068,13 +2259,17 @@ postevent(struct socket *sp, struct sockbuf *sb, int event)
  * via waitevent().
  *
  * should this prevent duplicate events on same socket?
  * via waitevent().
  *
  * should this prevent duplicate events on same socket?
+ *
+ * Returns:
+ *             ENOMEM                  No memory for operation
+ *     copyin:EFAULT
  */
 int
 watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval)
 {
        struct eventqelt *evq = (struct eventqelt *)0;
        struct eventqelt *np = NULL;
  */
 int
 watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval)
 {
        struct eventqelt *evq = (struct eventqelt *)0;
        struct eventqelt *np = NULL;
-       struct eventreq *erp;
+       struct eventreq64 *erp;
        struct fileproc *fp = NULL;
        int error;
 
        struct fileproc *fp = NULL;
        int error;
 
@@ -2084,18 +2279,36 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval)
        MALLOC(evq, struct eventqelt *, sizeof(struct eventqelt), M_TEMP, M_WAITOK);
 
        if (evq == NULL)
        MALLOC(evq, struct eventqelt *, sizeof(struct eventqelt), M_TEMP, M_WAITOK);
 
        if (evq == NULL)
-               panic("can't MALLOC evq");
+               return (ENOMEM);
        erp = &evq->ee_req;
 
        // get users request pkt
        erp = &evq->ee_req;
 
        // get users request pkt
-       if ( (error = copyin(CAST_USER_ADDR_T(uap->u_req), (caddr_t)erp,
-                          sizeof(struct eventreq))) ) {
-               FREE(evq, M_TEMP);
 
 
+       if (IS_64BIT_PROCESS(p)) {
+               error = copyin(uap->u_req, (caddr_t)erp, sizeof(struct eventreq64));
+       } else {
+               struct eventreq32 er32;
+
+               error = copyin(uap->u_req, (caddr_t)&er32, sizeof(struct eventreq32));
+               if (error == 0) {
+                      /*
+                       * the user only passes in the
+                       * er_type, er_handle and er_data...
+                       * the other fields are initialized
+                       * below, so don't bother to copy
+                       */
+                       erp->er_type = er32.er_type;
+                       erp->er_handle = er32.er_handle;
+                       erp->er_data = (user_addr_t)er32.er_data;
+               }
+       }
+       if (error) {
+               FREE(evq, M_TEMP);
                KERNEL_DEBUG(DBG_MISC_WATCH|DBG_FUNC_END, error,0,0,0,0);
                KERNEL_DEBUG(DBG_MISC_WATCH|DBG_FUNC_END, error,0,0,0,0);
-               return(error);
+
+               return(error);          
        }
        }
-       KERNEL_DEBUG(DBG_MISC_WATCH, erp->er_handle,uap->u_eventmask,evq,0,0);
+       KERNEL_DEBUG(DBG_MISC_WATCH, erp->er_handle,uap->u_eventmask,(uint32_t)evq,0,0);
 
        // validate, freeing qelt if errors
        error = 0;
 
        // validate, freeing qelt if errors
        error = 0;
@@ -2105,9 +2318,11 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval)
                error = EINVAL;
        } else if ((error = fp_lookup(p, erp->er_handle, &fp, 1)) != 0) {
                error = EBADF;
                error = EINVAL;
        } else if ((error = fp_lookup(p, erp->er_handle, &fp, 1)) != 0) {
                error = EBADF;
+#if SOCKETS
        } else if (fp->f_type == DTYPE_SOCKET) {
                socket_lock((struct socket *)fp->f_data, 1);
                np = ((struct socket *)fp->f_data)->so_evlist.tqh_first;
        } else if (fp->f_type == DTYPE_SOCKET) {
                socket_lock((struct socket *)fp->f_data, 1);
                np = ((struct socket *)fp->f_data)->so_evlist.tqh_first;
+#endif /* SOCKETS */
        } else if (fp->f_type == DTYPE_PIPE) {
                PIPE_LOCK((struct pipe *)fp->f_data);
                np = ((struct pipe *)fp->f_data)->pipe_evlist.tqh_first;
        } else if (fp->f_type == DTYPE_PIPE) {
                PIPE_LOCK((struct pipe *)fp->f_data);
                np = ((struct pipe *)fp->f_data)->pipe_evlist.tqh_first;
@@ -2129,9 +2344,11 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval)
         */
        for ( ; np != NULL; np = np->ee_slist.tqe_next) {
                if (np->ee_proc == p) {
         */
        for ( ; np != NULL; np = np->ee_slist.tqe_next) {
                if (np->ee_proc == p) {
+#if SOCKETS
                        if (fp->f_type == DTYPE_SOCKET)
                                socket_unlock((struct socket *)fp->f_data, 1);
                        else 
                        if (fp->f_type == DTYPE_SOCKET)
                                socket_unlock((struct socket *)fp->f_data, 1);
                        else 
+#endif /* SOCKETS */
                                PIPE_UNLOCK((struct pipe *)fp->f_data);
                        fp_drop(p, erp->er_handle, fp, 0);
                        FREE(evq, M_TEMP);
                                PIPE_UNLOCK((struct pipe *)fp->f_data);
                        fp_drop(p, erp->er_handle, fp, 0);
                        FREE(evq, M_TEMP);
@@ -2145,12 +2362,15 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval)
        evq->ee_eventmask = uap->u_eventmask & EV_MASK;
        evq->ee_flags = 0;
 
        evq->ee_eventmask = uap->u_eventmask & EV_MASK;
        evq->ee_flags = 0;
 
+#if SOCKETS
        if (fp->f_type == DTYPE_SOCKET) {
                TAILQ_INSERT_TAIL(&((struct socket *)fp->f_data)->so_evlist, evq, ee_slist);
                postevent((struct socket *)fp->f_data, 0, EV_RWBYTES); // catch existing events
 
                socket_unlock((struct socket *)fp->f_data, 1);
        if (fp->f_type == DTYPE_SOCKET) {
                TAILQ_INSERT_TAIL(&((struct socket *)fp->f_data)->so_evlist, evq, ee_slist);
                postevent((struct socket *)fp->f_data, 0, EV_RWBYTES); // catch existing events
 
                socket_unlock((struct socket *)fp->f_data, 1);
-       } else {
+       } else
+#endif /* SOCKETS */
+       {
                TAILQ_INSERT_TAIL(&((struct pipe *)fp->f_data)->pipe_evlist, evq, ee_slist);
                postpipeevent((struct pipe *)fp->f_data, EV_RWBYTES);
 
                TAILQ_INSERT_TAIL(&((struct pipe *)fp->f_data)->pipe_evlist, evq, ee_slist);
                postpipeevent((struct pipe *)fp->f_data, EV_RWBYTES);
 
@@ -2168,20 +2388,60 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval)
  * waitevent system call.
  * grabs the next waiting event for this proc and returns
  * it. if no events, user can request to sleep with timeout
  * waitevent system call.
  * grabs the next waiting event for this proc and returns
  * it. if no events, user can request to sleep with timeout
- * or poll mode (tv=NULL);
+ * or without or poll mode
+ *    ((tv != NULL && interval == 0) || tv == -1)
  */
 int
 waitevent(proc_t p, struct waitevent_args *uap, int *retval)
 {
         int error = 0;
        struct eventqelt *evq;
  */
 int
 waitevent(proc_t p, struct waitevent_args *uap, int *retval)
 {
         int error = 0;
        struct eventqelt *evq;
-       struct eventreq   er;
+       struct eventreq64 *erp;
        uint64_t abstime, interval;
        uint64_t abstime, interval;
+       boolean_t fast_poll = FALSE;
+       union {
+               struct eventreq64 er64;
+               struct eventreq32 er32;
+       } uer;
+
+       interval = 0;
 
        if (uap->tv) {
                struct timeval atv;
 
        if (uap->tv) {
                struct timeval atv;
+               /*
+                * check for fast poll method
+                */
+               if (IS_64BIT_PROCESS(p)) {
+                       if (uap->tv == (user_addr_t)-1)
+                               fast_poll = TRUE;
+               } else if (uap->tv == (user_addr_t)((uint32_t)-1))
+                       fast_poll = TRUE;
+
+               if (fast_poll == TRUE) {
+                       if (p->p_evlist.tqh_first == NULL) {
+                               KERNEL_DEBUG(DBG_MISC_WAIT|DBG_FUNC_NONE, -1,0,0,0,0);
+                               /*
+                                * poll failed
+                                */
+                               *retval = 1;
+                               return (0);
+                       }
+                       proc_lock(p);
+                       goto retry;
+               }
+               if (IS_64BIT_PROCESS(p)) {
+                       struct user64_timeval atv64;
+                       error = copyin(uap->tv, (caddr_t)&atv64, sizeof(atv64));
+                       /* Loses resolution - assume timeout < 68 years */
+                       atv.tv_sec = atv64.tv_sec;
+                       atv.tv_usec = atv64.tv_usec;
+               } else {
+                       struct user32_timeval atv32;
+                       error = copyin(uap->tv, (caddr_t)&atv32, sizeof(atv32));
+                       atv.tv_sec = atv32.tv_sec;
+                       atv.tv_usec = atv32.tv_usec;
+               }
 
 
-               error = copyin(CAST_USER_ADDR_T(uap->tv), (caddr_t)&atv, sizeof (atv));
                if (error)
                        return(error);
                if (itimerfix(&atv)) {
                if (error)
                        return(error);
                if (itimerfix(&atv)) {
@@ -2189,9 +2449,7 @@ waitevent(proc_t p, struct waitevent_args *uap, int *retval)
                        return(error);
                }
                interval = tvtoabstime(&atv);
                        return(error);
                }
                interval = tvtoabstime(&atv);
-       } else
-               interval = 0;
-
+       }
        KERNEL_DEBUG(DBG_MISC_WAIT|DBG_FUNC_START, 0,0,0,0,0);
 
        proc_lock(p);
        KERNEL_DEBUG(DBG_MISC_WAIT|DBG_FUNC_START, 0,0,0,0,0);
 
        proc_lock(p);
@@ -2203,18 +2461,32 @@ retry:
                 * don't want to hold the proc lock across a copyout because
                 * it might block on a page fault at the target in user space
                 */
                 * don't want to hold the proc lock across a copyout because
                 * it might block on a page fault at the target in user space
                 */
-               bcopy((caddr_t)&evq->ee_req, (caddr_t)&er, sizeof (struct eventreq));
+               erp = &evq->ee_req;
 
 
+               if (IS_64BIT_PROCESS(p))
+                       bcopy((caddr_t)erp, (caddr_t)&uer.er64, sizeof (struct eventreq64));
+               else {
+                       uer.er32.er_type  = erp->er_type;
+                       uer.er32.er_handle  = erp->er_handle;
+                       uer.er32.er_data  = (uint32_t)erp->er_data;
+                       uer.er32.er_ecnt  = erp->er_ecnt;
+                       uer.er32.er_rcnt  = erp->er_rcnt;
+                       uer.er32.er_wcnt  = erp->er_wcnt;
+                       uer.er32.er_eventbits = erp->er_eventbits;
+               }
                TAILQ_REMOVE(&p->p_evlist, evq, ee_plist);
 
                evq->ee_flags &= ~EV_QUEUED;
 
                proc_unlock(p);
 
                TAILQ_REMOVE(&p->p_evlist, evq, ee_plist);
 
                evq->ee_flags &= ~EV_QUEUED;
 
                proc_unlock(p);
 
-               error = copyout((caddr_t)&er, CAST_USER_ADDR_T(uap->u_req), sizeof(struct eventreq));
+               if (IS_64BIT_PROCESS(p))
+                       error = copyout((caddr_t)&uer.er64, uap->u_req, sizeof(struct eventreq64));
+               else
+                       error = copyout((caddr_t)&uer.er32, uap->u_req, sizeof(struct eventreq32));
 
                KERNEL_DEBUG(DBG_MISC_WAIT|DBG_FUNC_END, error,
 
                KERNEL_DEBUG(DBG_MISC_WAIT|DBG_FUNC_END, error,
-                            evq->ee_req.er_handle,evq->ee_req.er_eventbits,evq,0);
+                            evq->ee_req.er_handle,evq->ee_req.er_eventbits,(uint32_t)evq,0);
                return (error);
        }
        else {
                return (error);
        }
        else {
@@ -2230,11 +2502,11 @@ retry:
                else
                        abstime = 0;
 
                else
                        abstime = 0;
 
-               KERNEL_DEBUG(DBG_MISC_WAIT, 1,&p->p_evlist,0,0,0);
+               KERNEL_DEBUG(DBG_MISC_WAIT, 1,(uint32_t)&p->p_evlist,0,0,0);
 
                error = msleep1(&p->p_evlist, &p->p_mlock, (PSOCK | PCATCH), "waitevent", abstime);
 
 
                error = msleep1(&p->p_evlist, &p->p_mlock, (PSOCK | PCATCH), "waitevent", abstime);
 
-               KERNEL_DEBUG(DBG_MISC_WAIT, 2,&p->p_evlist,0,0,0);
+               KERNEL_DEBUG(DBG_MISC_WAIT, 2,(uint32_t)&p->p_evlist,0,0,0);
 
                if (error == 0)
                        goto retry;
 
                if (error == 0)
                        goto retry;
@@ -2260,9 +2532,9 @@ retry:
 int
 modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval)
 {
 int
 modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval)
 {
-       struct eventreq er;
-       struct eventreq *erp = &er;
-       struct eventqelt *evq;
+       struct eventreq64 er;
+       struct eventreq64 *erp = &er;
+       struct eventqelt *evq = NULL;   /* protected by error return */
        int error;
        struct fileproc *fp;
        int flag;
        int error;
        struct fileproc *fp;
        int flag;
@@ -2271,10 +2543,12 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval)
 
        /*
         * get user's request pkt
 
        /*
         * get user's request pkt
+        * just need the er_type and er_handle which sit above the
+        * problematic er_data (32/64 issue)... so only copy in
+        * those 2 fields
         */
         */
-       if ((error = copyin(CAST_USER_ADDR_T(uap->u_req), (caddr_t)erp,
-                            sizeof(struct eventreq)))) {
-                       KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, error,0,0,0,0);
+       if ((error = copyin(uap->u_req, (caddr_t)erp, sizeof(er.er_type) + sizeof(er.er_handle)))) {
+               KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, error,0,0,0,0);
                return(error);
        }
        proc_fdlock(p);
                return(error);
        }
        proc_fdlock(p);
@@ -2283,9 +2557,11 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval)
                error = EINVAL;
        } else if ((error = fp_lookup(p, erp->er_handle, &fp, 1)) != 0) {
                error = EBADF;
                error = EINVAL;
        } else if ((error = fp_lookup(p, erp->er_handle, &fp, 1)) != 0) {
                error = EBADF;
+#if SOCKETS
        } else if (fp->f_type == DTYPE_SOCKET) {
                socket_lock((struct socket *)fp->f_data, 1);
                evq = ((struct socket *)fp->f_data)->so_evlist.tqh_first;
        } else if (fp->f_type == DTYPE_SOCKET) {
                socket_lock((struct socket *)fp->f_data, 1);
                evq = ((struct socket *)fp->f_data)->so_evlist.tqh_first;
+#endif /* SOCKETS */
        } else if (fp->f_type == DTYPE_PIPE) {
                PIPE_LOCK((struct pipe *)fp->f_data);
                evq = ((struct pipe *)fp->f_data)->pipe_evlist.tqh_first;
        } else if (fp->f_type == DTYPE_PIPE) {
                PIPE_LOCK((struct pipe *)fp->f_data);
                evq = ((struct pipe *)fp->f_data)->pipe_evlist.tqh_first;
@@ -2311,23 +2587,28 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval)
                        break;
        }
        if (evq == NULL) {
                        break;
        }
        if (evq == NULL) {
+#if SOCKETS
                if (fp->f_type == DTYPE_SOCKET) 
                        socket_unlock((struct socket *)fp->f_data, 1);
                if (fp->f_type == DTYPE_SOCKET) 
                        socket_unlock((struct socket *)fp->f_data, 1);
-               else 
+               else
+#endif /* SOCKETS */
                        PIPE_UNLOCK((struct pipe *)fp->f_data);
                fp_drop(p, erp->er_handle, fp, 0);
                KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, EINVAL,0,0,0,0);
                return(EINVAL);
        }
                        PIPE_UNLOCK((struct pipe *)fp->f_data);
                fp_drop(p, erp->er_handle, fp, 0);
                KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, EINVAL,0,0,0,0);
                return(EINVAL);
        }
-       KERNEL_DEBUG(DBG_MISC_MOD, erp->er_handle,uap->u_eventmask,evq,0,0);
+       KERNEL_DEBUG(DBG_MISC_MOD, erp->er_handle,uap->u_eventmask,(uint32_t)evq,0,0);
 
        if (uap->u_eventmask == EV_RM) {
                EVPROCDEQUE(p, evq);
 
 
        if (uap->u_eventmask == EV_RM) {
                EVPROCDEQUE(p, evq);
 
+#if SOCKETS
                if (fp->f_type == DTYPE_SOCKET) {
                        TAILQ_REMOVE(&((struct socket *)fp->f_data)->so_evlist, evq, ee_slist);
                        socket_unlock((struct socket *)fp->f_data, 1);
                if (fp->f_type == DTYPE_SOCKET) {
                        TAILQ_REMOVE(&((struct socket *)fp->f_data)->so_evlist, evq, ee_slist);
                        socket_unlock((struct socket *)fp->f_data, 1);
-               } else {
+               } else
+#endif /* SOCKETS */
+               {
                        TAILQ_REMOVE(&((struct pipe *)fp->f_data)->pipe_evlist, evq, ee_slist);
                        PIPE_UNLOCK((struct pipe *)fp->f_data);
                }
                        TAILQ_REMOVE(&((struct pipe *)fp->f_data)->pipe_evlist, evq, ee_slist);
                        PIPE_UNLOCK((struct pipe *)fp->f_data);
                }
@@ -2359,9 +2640,11 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval)
                break;
 
        default:
                break;
 
        default:
+#if SOCKETS
                if (fp->f_type == DTYPE_SOCKET) 
                        socket_unlock((struct socket *)fp->f_data, 1);
                else 
                if (fp->f_type == DTYPE_SOCKET) 
                        socket_unlock((struct socket *)fp->f_data, 1);
                else 
+#endif /* SOCKETS */
                        PIPE_UNLOCK((struct pipe *)fp->f_data);
                fp_drop(p, erp->er_handle, fp, 0);
                KERNEL_DEBUG(DBG_MISC_WATCH|DBG_FUNC_END, EINVAL,0,0,0,0);
                        PIPE_UNLOCK((struct pipe *)fp->f_data);
                fp_drop(p, erp->er_handle, fp, 0);
                KERNEL_DEBUG(DBG_MISC_WATCH|DBG_FUNC_END, EINVAL,0,0,0,0);
@@ -2390,16 +2673,18 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval)
        evq->ee_req.er_eventbits = 0;
        evq->ee_eventmask = uap->u_eventmask & EV_MASK;
 
        evq->ee_req.er_eventbits = 0;
        evq->ee_eventmask = uap->u_eventmask & EV_MASK;
 
+#if SOCKETS
        if (fp->f_type == DTYPE_SOCKET) {
                postevent((struct socket *)fp->f_data, 0, flag);
                socket_unlock((struct socket *)fp->f_data, 1);
        if (fp->f_type == DTYPE_SOCKET) {
                postevent((struct socket *)fp->f_data, 0, flag);
                socket_unlock((struct socket *)fp->f_data, 1);
-       }
-       else {
+       } else
+#endif /* SOCKETS */
+       {
                postpipeevent((struct pipe *)fp->f_data, flag);
                PIPE_UNLOCK((struct pipe *)fp->f_data);
        }
        fp_drop(p, erp->er_handle, fp, 0);
                postpipeevent((struct pipe *)fp->f_data, flag);
                PIPE_UNLOCK((struct pipe *)fp->f_data);
        }
        fp_drop(p, erp->er_handle, fp, 0);
-       KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, evq->ee_req.er_handle,evq->ee_eventmask,fp->f_data,flag,0);
+       KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, evq->ee_req.er_handle,evq->ee_eventmask,(uint32_t)fp->f_data,flag,0);
        return(0);
 }
 
        return(0);
 }
 
@@ -2412,11 +2697,13 @@ waitevent_close(struct proc *p, struct fileproc *fp)
 
        fp->f_flags &= ~FP_WAITEVENT;
 
 
        fp->f_flags &= ~FP_WAITEVENT;
 
+#if SOCKETS
        if (fp->f_type == DTYPE_SOCKET) {
                socket_lock((struct socket *)fp->f_data, 1);
                evq = ((struct socket *)fp->f_data)->so_evlist.tqh_first;
        if (fp->f_type == DTYPE_SOCKET) {
                socket_lock((struct socket *)fp->f_data, 1);
                evq = ((struct socket *)fp->f_data)->so_evlist.tqh_first;
-       }
-       else if (fp->f_type == DTYPE_PIPE) {
+       } else
+#endif /* SOCKETS */
+       if (fp->f_type == DTYPE_PIPE) {
                PIPE_LOCK((struct pipe *)fp->f_data);
                evq = ((struct pipe *)fp->f_data)->pipe_evlist.tqh_first;
        }
                PIPE_LOCK((struct pipe *)fp->f_data);
                evq = ((struct pipe *)fp->f_data)->pipe_evlist.tqh_first;
        }
@@ -2432,9 +2719,11 @@ waitevent_close(struct proc *p, struct fileproc *fp)
                        break;
        }
        if (evq == NULL) {
                        break;
        }
        if (evq == NULL) {
+#if SOCKETS
                if (fp->f_type == DTYPE_SOCKET) 
                        socket_unlock((struct socket *)fp->f_data, 1);
                else 
                if (fp->f_type == DTYPE_SOCKET) 
                        socket_unlock((struct socket *)fp->f_data, 1);
                else 
+#endif /* SOCKETS */
                        PIPE_UNLOCK((struct pipe *)fp->f_data);
 
                proc_fdlock(p);
                        PIPE_UNLOCK((struct pipe *)fp->f_data);
 
                proc_fdlock(p);
@@ -2443,10 +2732,13 @@ waitevent_close(struct proc *p, struct fileproc *fp)
        }
        EVPROCDEQUE(p, evq);
 
        }
        EVPROCDEQUE(p, evq);
 
+#if SOCKETS
        if (fp->f_type == DTYPE_SOCKET) {
                TAILQ_REMOVE(&((struct socket *)fp->f_data)->so_evlist, evq, ee_slist);
                socket_unlock((struct socket *)fp->f_data, 1);
        if (fp->f_type == DTYPE_SOCKET) {
                TAILQ_REMOVE(&((struct socket *)fp->f_data)->so_evlist, evq, ee_slist);
                socket_unlock((struct socket *)fp->f_data, 1);
-       } else {
+       } else
+#endif /* SOCKETS */
+       {
                TAILQ_REMOVE(&((struct pipe *)fp->f_data)->pipe_evlist, evq, ee_slist);
                PIPE_UNLOCK((struct pipe *)fp->f_data);
        }
                TAILQ_REMOVE(&((struct pipe *)fp->f_data)->pipe_evlist, evq, ee_slist);
                PIPE_UNLOCK((struct pipe *)fp->f_data);
        }
@@ -2457,3 +2749,203 @@ waitevent_close(struct proc *p, struct fileproc *fp)
        return(0);
 }
 
        return(0);
 }
 
+
+/*
+ * gethostuuid
+ *
+ * Description:        Get the host UUID from IOKit and return it to user space.
+ *
+ * Parameters: uuid_buf                Pointer to buffer to receive UUID
+ *             timeout                 Timespec for timout
+ *             spi                             SPI, skip sandbox check (temporary)
+ *
+ * Returns:    0                       Success
+ *             EWOULDBLOCK             Timeout is too short
+ *             copyout:EFAULT          Bad user buffer
+ *
+ * Notes:      A timeout seems redundant, since if it's tolerable to not
+ *             have a system UUID in hand, then why ask for one?
+ */
+int
+gethostuuid(struct proc *p, struct gethostuuid_args *uap, __unused int32_t *retval)
+{
+       kern_return_t kret;
+       int error;
+       mach_timespec_t mach_ts;        /* for IOKit call */
+       __darwin_uuid_t uuid_kern;      /* for IOKit call */
+
+       if (!uap->spi) {
+#if 13841988
+               uint32_t flags;
+               if (temp_debug_13841988 && (0 == proc_get_darwinbgstate(p->task, &flags)) && (flags & PROC_FLAG_IOS_APPLICATION)) {
+                       printf("Unauthorized access to gethostuuid() by %s(%d)\n", p->p_comm, proc_pid(p));
+                       return (EPERM);
+               }
+#else
+               /* Perform sandbox check */
+#endif
+       }
+
+       /* Convert the 32/64 bit timespec into a mach_timespec_t */
+       if ( proc_is64bit(p) ) {
+               struct user64_timespec ts;
+               error = copyin(uap->timeoutp, &ts, sizeof(ts));
+               if (error)
+                       return (error);
+               mach_ts.tv_sec = ts.tv_sec;
+               mach_ts.tv_nsec = ts.tv_nsec;
+       } else {
+               struct user32_timespec ts;
+               error = copyin(uap->timeoutp, &ts, sizeof(ts) );
+               if (error)
+                       return (error);
+               mach_ts.tv_sec = ts.tv_sec;
+               mach_ts.tv_nsec = ts.tv_nsec;
+       }
+
+       /* Call IOKit with the stack buffer to get the UUID */
+       kret = IOBSDGetPlatformUUID(uuid_kern, mach_ts);
+
+       /*
+        * If we get it, copy out the data to the user buffer; note that a
+        * uuid_t is an array of characters, so this is size invariant for
+        * 32 vs. 64 bit.
+        */
+       if (kret == KERN_SUCCESS) {
+               error = copyout(uuid_kern, uap->uuid_buf, sizeof(uuid_kern));
+       } else {
+               error = EWOULDBLOCK;
+       }
+
+       return (error);
+}
+
+/*
+ * ledger
+ *
+ * Description:        Omnibus system call for ledger operations
+ */
+int
+ledger(struct proc *p, struct ledger_args *args, __unused int32_t *retval)
+{
+#if !CONFIG_MACF
+#pragma unused(p)
+#endif
+       int rval, pid, len, error;
+#ifdef LEDGER_DEBUG
+       struct ledger_limit_args lla;
+#endif
+       task_t task;
+       proc_t proc;
+
+       /* Finish copying in the necessary args before taking the proc lock */
+       error = 0;
+       len = 0;
+       if (args->cmd == LEDGER_ENTRY_INFO)
+               error = copyin(args->arg3, (char *)&len, sizeof (len));
+       else if (args->cmd == LEDGER_TEMPLATE_INFO)
+               error = copyin(args->arg2, (char *)&len, sizeof (len));
+#ifdef LEDGER_DEBUG
+       else if (args->cmd == LEDGER_LIMIT)
+               error = copyin(args->arg2, (char *)&lla, sizeof (lla));
+#endif
+       if (error)
+               return (error);
+       if (len < 0)
+               return (EINVAL);
+
+       rval = 0;
+       if (args->cmd != LEDGER_TEMPLATE_INFO) {
+               pid = args->arg1;
+               proc = proc_find(pid);
+               if (proc == NULL)
+                       return (ESRCH);
+
+#if CONFIG_MACF
+               error = mac_proc_check_ledger(p, proc, args->cmd);
+               if (error) {
+                       proc_rele(proc);
+                       return (error);
+               }
+#endif
+
+               task = proc->task;
+       }
+               
+       switch (args->cmd) {
+#ifdef LEDGER_DEBUG
+               case LEDGER_LIMIT: {
+                       if (!kauth_cred_issuser(kauth_cred_get()))
+                               rval = EPERM;
+                       rval = ledger_limit(task, &lla);
+                       proc_rele(proc);
+                       break;
+               }
+#endif
+               case LEDGER_INFO: {
+                       struct ledger_info info;
+
+                       rval = ledger_info(task, &info);
+                       proc_rele(proc);
+                       if (rval == 0)
+                               rval = copyout(&info, args->arg2,
+                                   sizeof (info));
+                       break;
+               }
+
+               case LEDGER_ENTRY_INFO: {
+                       void *buf;
+                       int sz;
+
+                       rval = ledger_get_task_entry_info_multiple(task, &buf, &len);
+                       proc_rele(proc);
+                       if ((rval == 0) && (len > 0)) {
+                               sz = len * sizeof (struct ledger_entry_info);
+                               rval = copyout(buf, args->arg2, sz);
+                               kfree(buf, sz);
+                       }
+                       if (rval == 0)
+                               rval = copyout(&len, args->arg3, sizeof (len));
+                       break;
+               }
+
+               case LEDGER_TEMPLATE_INFO: {
+                       void *buf;
+                       int sz;
+
+                       rval = ledger_template_info(&buf, &len);
+                       if ((rval == 0) && (len > 0)) {
+                               sz = len * sizeof (struct ledger_template_info);
+                               rval = copyout(buf, args->arg1, sz);
+                               kfree(buf, sz);
+                       }
+                       if (rval == 0)
+                               rval = copyout(&len, args->arg2, sizeof (len));
+                       break;
+               }
+
+               default:
+                       rval = EINVAL;
+       }
+
+       return (rval);
+}
+
+#if CONFIG_TELEMETRY
+int
+telemetry(__unused struct proc *p, struct telemetry_args *args, __unused int32_t *retval)
+{
+       int error = 0;
+
+       switch (args->cmd) {
+       case TELEMETRY_CMD_TIMER_EVENT:
+               error = telemetry_timer_event(args->deadline, args->interval, args->leeway);
+               break;
+       default:
+               error = EINVAL;
+               break;
+       }
+
+       return (error);
+}
+#endif /* CONFIG_TELEMETRY */
mirror of XNU