X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/ff6e181ae92fc6f1e89841290f461d1f2f9badd9..39236c6e673c41db228275375ab7fdb0f837b292:/bsd/kern/sys_generic.c?ds=inline diff --git a/bsd/kern/sys_generic.c b/bsd/kern/sys_generic.c index 137e3654f..f41cd0018 100644 --- a/bsd/kern/sys_generic.c +++ b/bsd/kern/sys_generic.c @@ -1,14 +1,19 @@ /* - * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved. + * Copyright (c) 2000-2013 Apple Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER @@ -18,7 +23,7 @@ * Please see the License for the specific language governing rights and * limitations under the License. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */ /* @@ -60,6 +65,12 @@ * * @(#)sys_generic.c 8.9 (Berkeley) 2/14/95 */ +/* + * NOTICE: This file was modified by SPARTA, Inc. in 2006 to introduce + * support for mandatory and extensible security protections. This notice + * is included in support of clause 2.2 (b) of the Apple Public License, + * Version 2.0. + */ #include #include @@ -68,11 +79,7 @@ #include #include #include -#if KTRACE #include -#else -#include -#endif #include #include #include @@ -86,6 +93,8 @@ #include #include #include +#include +#include #include #include @@ -93,15 +102,21 @@ #include #include #include +#include +#include +#if CONFIG_TELEMETRY +#include +#endif #include +#include #include #include #include #include #include -#include +#include #include #include @@ -122,53 +137,94 @@ /* for wait queue based select */ #include #include -#if KTRACE -#include -#endif #include +#include + +/* XXX should be in a header file somewhere */ +void evsofree(struct socket *); +void evpipefree(struct pipe *); +void postpipeevent(struct pipe *, int); +void postevent(struct socket *, struct sockbuf *, int); +extern kern_return_t IOBSDGetPlatformUUID(__darwin_uuid_t uuid, mach_timespec_t timeoutp); + int rd_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval); int wr_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval); extern void *get_bsduthreadarg(thread_t); extern int *get_bsduthreadrval(thread_t); -__private_extern__ int dofileread(struct proc *p, struct fileproc *fp, int fd, +__private_extern__ int dofileread(vfs_context_t ctx, struct fileproc *fp, user_addr_t bufp, user_size_t nbyte, off_t offset, int flags, user_ssize_t *retval); -__private_extern__ int dofilewrite(struct proc *p, struct fileproc *fp, int fd, +__private_extern__ int dofilewrite(vfs_context_t ctx, struct fileproc *fp, user_addr_t bufp, user_size_t nbyte, off_t offset, int flags, user_ssize_t *retval); __private_extern__ int preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_vnode); __private_extern__ void donefileread(struct proc *p, struct fileproc *fp_ret, int fd); -#if NETAT -extern int appletalk_inited; -#endif /* NETAT */ + +/* Conflict wait queue for when selects collide (opaque type) */ +struct wait_queue select_conflict_queue; + +#if 13841988 +int temp_debug_13841988 = 0; +#endif + +/* + * Init routine called from bsd_init.c + */ +void select_wait_queue_init(void); +void +select_wait_queue_init(void) +{ + wait_queue_init(&select_conflict_queue, SYNC_POLICY_FIFO); +#if 13841988 + if (PE_parse_boot_argn("temp_debug_13841988", &temp_debug_13841988, sizeof(temp_debug_13841988))) { + kprintf("Temporary debugging for 13841988 enabled\n"); + } +#endif +} #define f_flag f_fglob->fg_flag -#define f_type f_fglob->fg_type +#define f_type f_fglob->fg_ops->fo_type #define f_msgcount f_fglob->fg_msgcount #define f_cred f_fglob->fg_cred #define f_ops f_fglob->fg_ops #define f_offset f_fglob->fg_offset #define f_data f_fglob->fg_data + /* * Read system call. + * + * Returns: 0 Success + * preparefileread:EBADF + * preparefileread:ESPIPE + * preparefileread:ENXIO + * preparefileread:EBADF + * dofileread:??? */ int -read(p, uap, retval) - struct proc *p; - register struct read_args *uap; - user_ssize_t *retval; +read(struct proc *p, struct read_args *uap, user_ssize_t *retval) +{ + __pthread_testcancel(1); + return(read_nocancel(p, (struct read_nocancel_args *)uap, retval)); +} + +int +read_nocancel(struct proc *p, struct read_nocancel_args *uap, user_ssize_t *retval) { struct fileproc *fp; int error; int fd = uap->fd; + struct vfs_context context; if ( (error = preparefileread(p, &fp, fd, 0)) ) return (error); - error = dofileread(p, fp, uap->fd, uap->cbuf, uap->nbyte, + context = *(vfs_context_current()); + context.vc_ucred = fp->f_fglob->fg_cred; + + error = dofileread(&context, fp, uap->cbuf, uap->nbyte, (off_t)-1, 0, retval); donefileread(p, fp, fd); @@ -178,29 +234,44 @@ read(p, uap, retval) /* * Pread system call + * + * Returns: 0 Success + * preparefileread:EBADF + * preparefileread:ESPIPE + * preparefileread:ENXIO + * preparefileread:EBADF + * dofileread:??? */ int -pread(p, uap, retval) - struct proc *p; - register struct pread_args *uap; - user_ssize_t *retval; +pread(struct proc *p, struct pread_args *uap, user_ssize_t *retval) { - struct fileproc *fp; + __pthread_testcancel(1); + return(pread_nocancel(p, (struct pread_nocancel_args *)uap, retval)); +} + +int +pread_nocancel(struct proc *p, struct pread_nocancel_args *uap, user_ssize_t *retval) +{ + struct fileproc *fp = NULL; /* fp set by preparefileread() */ int fd = uap->fd; int error; + struct vfs_context context; if ( (error = preparefileread(p, &fp, fd, 1)) ) - return (error); + goto out; + + context = *(vfs_context_current()); + context.vc_ucred = fp->f_fglob->fg_cred; - error = dofileread(p, fp, uap->fd, uap->buf, uap->nbyte, + error = dofileread(&context, fp, uap->buf, uap->nbyte, uap->offset, FOF_OFFSET, retval); donefileread(p, fp, fd); - if (!error) - KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_pread) | DBG_FUNC_NONE), + KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_pread) | DBG_FUNC_NONE), uap->fd, uap->nbyte, (unsigned int)((uap->offset >> 32)), (unsigned int)(uap->offset), 0); - + +out: return (error); } @@ -211,14 +282,19 @@ pread(p, uap, retval) void donefileread(struct proc *p, struct fileproc *fp, int fd) { - proc_fdlock(p); - - fp->f_flags &= ~FP_INCHRREAD; - + proc_fdlock_spin(p); fp_drop(p, fd, fp, 1); proc_fdunlock(p); } +/* + * Returns: 0 Success + * EBADF + * ESPIPE + * ENXIO + * fp_lookup:EBADF + * fo_read:??? + */ int preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_pread) { @@ -226,7 +302,9 @@ preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_ int error; struct fileproc *fp; - proc_fdlock(p); + AUDIT_ARG(fd, fd); + + proc_fdlock_spin(p); error = fp_lookup(p, fd, &fp, 1); @@ -245,8 +323,14 @@ preparefileread(struct proc *p, struct fileproc **fp_ret, int fd, int check_for_ if (fp->f_type == DTYPE_VNODE) { vp = (struct vnode *)fp->f_fglob->fg_data; - if (vp->v_type == VCHR) - fp->f_flags |= FP_INCHRREAD; + if (check_for_pread && (vnode_isfifo(vp))) { + error = ESPIPE; + goto out; + } + if (check_for_pread && (vp->v_flag & VISTTY)) { + error = ENXIO; + goto out; + } } *fp_ret = fp; @@ -261,31 +345,25 @@ out: } +/* + * Returns: 0 Success + * EINVAL + * fo_read:??? + */ __private_extern__ int -dofileread(p, fp, fd, bufp, nbyte, offset, flags, retval) - struct proc *p; - struct fileproc *fp; - int fd, flags; - user_addr_t bufp; - user_size_t nbyte; - off_t offset; - user_ssize_t *retval; +dofileread(vfs_context_t ctx, struct fileproc *fp, + user_addr_t bufp, user_size_t nbyte, off_t offset, int flags, + user_ssize_t *retval) { uio_t auio; user_ssize_t bytecnt; long error = 0; char uio_buf[ UIO_SIZEOF(1) ]; -#if KTRACE - uio_t ktruio = NULL; - char ktr_uio_buf[ UIO_SIZEOF(1) ]; - int didktr = 0; -#endif - // LP64todo - do we want to raise this? if (nbyte > INT_MAX) return (EINVAL); - if (IS_64BIT_PROCESS(p)) { + if (IS_64BIT_PROCESS(vfs_context_proc(ctx))) { auio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_READ, &uio_buf[0], sizeof(uio_buf)); } else { @@ -294,37 +372,14 @@ dofileread(p, fp, fd, bufp, nbyte, offset, flags, retval) } uio_addiov(auio, bufp, nbyte); -#if KTRACE - /* - * if tracing, save a copy of iovec - */ - if (KTRPOINT(p, KTR_GENIO)) { - didktr = 1; - - if (IS_64BIT_PROCESS(p)) { - ktruio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_READ, - &ktr_uio_buf[0], sizeof(ktr_uio_buf)); - } else { - ktruio = uio_createwithbuffer(1, offset, UIO_USERSPACE32, UIO_READ, - &ktr_uio_buf[0], sizeof(ktr_uio_buf)); - } - uio_addiov(ktruio, bufp, nbyte); - } -#endif bytecnt = nbyte; - if ((error = fo_read(fp, auio, fp->f_cred, flags, p))) { + if ((error = fo_read(fp, auio, flags, ctx))) { if (uio_resid(auio) != bytecnt && (error == ERESTART || error == EINTR || error == EWOULDBLOCK)) error = 0; } bytecnt -= uio_resid(auio); -#if KTRACE - if (didktr && error == 0) { - uio_setresid(ktruio, bytecnt); - ktrgenio(p->p_tracep, fd, UIO_READ, ktruio, error); - } -#endif *retval = bytecnt; @@ -333,16 +388,25 @@ dofileread(p, fp, fd, bufp, nbyte, offset, flags, retval) /* * Scatter read system call. + * + * Returns: 0 Success + * EINVAL + * ENOMEM + * copyin:EFAULT + * rd_uio:??? */ int -readv(p, uap, retval) - struct proc *p; - register struct readv_args *uap; - user_ssize_t *retval; +readv(struct proc *p, struct readv_args *uap, user_ssize_t *retval) +{ + __pthread_testcancel(1); + return(readv_nocancel(p, (struct readv_nocancel_args *)uap, retval)); +} + +int +readv_nocancel(struct proc *p, struct readv_nocancel_args *uap, user_ssize_t *retval) { uio_t auio = NULL; int error; - int size_of_iovec; struct user_iovec *iovp; /* Verify range bedfore calling uio_create() */ @@ -362,15 +426,19 @@ readv(p, uap, retval) error = ENOMEM; goto ExitThisRoutine; } - size_of_iovec = (IS_64BIT_PROCESS(p) ? sizeof(struct user_iovec) : sizeof(struct iovec)); - error = copyin(uap->iovp, (caddr_t)iovp, (uap->iovcnt * size_of_iovec)); + error = copyin_user_iovec_array(uap->iovp, + IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32, + uap->iovcnt, iovp); if (error) { goto ExitThisRoutine; } /* finalize uio_t for use and do the IO */ - uio_calculateresid(auio); + error = uio_calculateresid(auio); + if (error) { + goto ExitThisRoutine; + } error = rd_uio(p, uap->fd, auio, retval); ExitThisRoutine: @@ -382,24 +450,39 @@ ExitThisRoutine: /* * Write system call + * + * Returns: 0 Success + * EBADF + * fp_lookup:EBADF + * dofilewrite:??? */ int -write(p, uap, retval) - struct proc *p; - register struct write_args *uap; - user_ssize_t *retval; +write(struct proc *p, struct write_args *uap, user_ssize_t *retval) +{ + __pthread_testcancel(1); + return(write_nocancel(p, (struct write_nocancel_args *)uap, retval)); + +} + +int +write_nocancel(struct proc *p, struct write_nocancel_args *uap, user_ssize_t *retval) { struct fileproc *fp; int error; int fd = uap->fd; + AUDIT_ARG(fd, fd); + error = fp_lookup(p,fd,&fp,0); if (error) return(error); if ((fp->f_flag & FWRITE) == 0) { error = EBADF; } else { - error = dofilewrite(p, fp, uap->fd, uap->cbuf, uap->nbyte, + struct vfs_context context = *(vfs_context_current()); + context.vc_ucred = fp->f_fglob->fg_cred; + + error = dofilewrite(&context, fp, uap->cbuf, uap->nbyte, (off_t)-1, 0, retval); } if (error == 0) @@ -411,16 +494,31 @@ write(p, uap, retval) /* * pwrite system call + * + * Returns: 0 Success + * EBADF + * ESPIPE + * ENXIO + * EINVAL + * fp_lookup:EBADF + * dofilewrite:??? */ int -pwrite(p, uap, retval) - struct proc *p; - register struct pwrite_args *uap; - user_ssize_t *retval; +pwrite(struct proc *p, struct pwrite_args *uap, user_ssize_t *retval) +{ + __pthread_testcancel(1); + return(pwrite_nocancel(p, (struct pwrite_nocancel_args *)uap, retval)); +} + +int +pwrite_nocancel(struct proc *p, struct pwrite_nocancel_args *uap, user_ssize_t *retval) { struct fileproc *fp; int error; int fd = uap->fd; + vnode_t vp = (vnode_t)0; + + AUDIT_ARG(fd, fd); error = fp_lookup(p,fd,&fp,0); if (error) @@ -429,50 +527,62 @@ pwrite(p, uap, retval) if ((fp->f_flag & FWRITE) == 0) { error = EBADF; } else { + struct vfs_context context = *vfs_context_current(); + context.vc_ucred = fp->f_fglob->fg_cred; + if (fp->f_type != DTYPE_VNODE) { error = ESPIPE; - } else { - error = dofilewrite(p, fp, uap->fd, uap->buf, uap->nbyte, - uap->offset, FOF_OFFSET, retval); + goto errout; + } + vp = (vnode_t)fp->f_fglob->fg_data; + if (vnode_isfifo(vp)) { + error = ESPIPE; + goto errout; + } + if ((vp->v_flag & VISTTY)) { + error = ENXIO; + goto errout; } + if (uap->offset == (off_t)-1) { + error = EINVAL; + goto errout; + } + + error = dofilewrite(&context, fp, uap->buf, uap->nbyte, + uap->offset, FOF_OFFSET, retval); } +errout: if (error == 0) fp_drop_written(p, fd, fp); else fp_drop(p, fd, fp, 0); - if (!error) - KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_pwrite) | DBG_FUNC_NONE), + KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_pwrite) | DBG_FUNC_NONE), uap->fd, uap->nbyte, (unsigned int)((uap->offset >> 32)), (unsigned int)(uap->offset), 0); return(error); } +/* + * Returns: 0 Success + * EINVAL + * :EPIPE + * :??? [indirect through struct fileops] + */ __private_extern__ int -dofilewrite(p, fp, fd, bufp, nbyte, offset, flags, retval) - struct proc *p; - struct fileproc *fp; - int fd, flags; - user_addr_t bufp; - user_size_t nbyte; - off_t offset; - user_ssize_t *retval; +dofilewrite(vfs_context_t ctx, struct fileproc *fp, + user_addr_t bufp, user_size_t nbyte, off_t offset, int flags, + user_ssize_t *retval) { uio_t auio; long error = 0; user_ssize_t bytecnt; char uio_buf[ UIO_SIZEOF(1) ]; -#if KTRACE - uio_t ktruio; - int didktr = 0; - char ktr_uio_buf[ UIO_SIZEOF(1) ]; -#endif - // LP64todo - do we want to raise this? if (nbyte > INT_MAX) return (EINVAL); - if (IS_64BIT_PROCESS(p)) { + if (IS_64BIT_PROCESS(vfs_context_proc(ctx))) { auio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_WRITE, &uio_buf[0], sizeof(uio_buf)); } else { @@ -481,39 +591,19 @@ dofilewrite(p, fp, fd, bufp, nbyte, offset, flags, retval) } uio_addiov(auio, bufp, nbyte); -#if KTRACE - /* - * if tracing, save a copy of iovec and uio - */ - if (KTRPOINT(p, KTR_GENIO)) { - didktr = 1; - - if (IS_64BIT_PROCESS(p)) { - ktruio = uio_createwithbuffer(1, offset, UIO_USERSPACE64, UIO_WRITE, - &ktr_uio_buf[0], sizeof(ktr_uio_buf)); - } else { - ktruio = uio_createwithbuffer(1, offset, UIO_USERSPACE32, UIO_WRITE, - &ktr_uio_buf[0], sizeof(ktr_uio_buf)); - } - uio_addiov(ktruio, bufp, nbyte); - } -#endif bytecnt = nbyte; - if ((error = fo_write(fp, auio, fp->f_cred, flags, p))) { + if ((error = fo_write(fp, auio, flags, ctx))) { if (uio_resid(auio) != bytecnt && (error == ERESTART || error == EINTR || error == EWOULDBLOCK)) error = 0; /* The socket layer handles SIGPIPE */ - if (error == EPIPE && fp->f_type != DTYPE_SOCKET) - psignal(p, SIGPIPE); + if (error == EPIPE && fp->f_type != DTYPE_SOCKET && + (fp->f_fglob->fg_lflags & FG_NOSIGPIPE) == 0) { + /* XXX Raise the signal on the thread? */ + psignal(vfs_context_proc(ctx), SIGPIPE); + } } bytecnt -= uio_resid(auio); -#if KTRACE - if (didktr && error == 0) { - uio_setresid(ktruio, bytecnt); - ktrgenio(p->p_tracep, fd, UIO_WRITE, ktruio, error); - } -#endif *retval = bytecnt; return (error); @@ -523,16 +613,21 @@ dofilewrite(p, fp, fd, bufp, nbyte, offset, flags, retval) * Gather write system call */ int -writev(p, uap, retval) - struct proc *p; - register struct writev_args *uap; - user_ssize_t *retval; +writev(struct proc *p, struct writev_args *uap, user_ssize_t *retval) +{ + __pthread_testcancel(1); + return(writev_nocancel(p, (struct writev_nocancel_args *)uap, retval)); +} + +int +writev_nocancel(struct proc *p, struct writev_nocancel_args *uap, user_ssize_t *retval) { uio_t auio = NULL; int error; - int size_of_iovec; struct user_iovec *iovp; + AUDIT_ARG(fd, uap->fd); + /* Verify range bedfore calling uio_create() */ if (uap->iovcnt <= 0 || uap->iovcnt > UIO_MAXIOV) return (EINVAL); @@ -550,15 +645,19 @@ writev(p, uap, retval) error = ENOMEM; goto ExitThisRoutine; } - size_of_iovec = (IS_64BIT_PROCESS(p) ? sizeof(struct user_iovec) : sizeof(struct iovec)); - error = copyin(uap->iovp, (caddr_t)iovp, (uap->iovcnt * size_of_iovec)); + error = copyin_user_iovec_array(uap->iovp, + IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32, + uap->iovcnt, iovp); if (error) { goto ExitThisRoutine; } /* finalize uio_t for use and do the IO */ - uio_calculateresid(auio); + error = uio_calculateresid(auio); + if (error) { + goto ExitThisRoutine; + } error = wr_uio(p, uap->fd, auio, retval); ExitThisRoutine: @@ -570,21 +669,12 @@ ExitThisRoutine: int -wr_uio(p, fdes, uio, retval) - struct proc *p; - int fdes; - register uio_t uio; - user_ssize_t *retval; +wr_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval) { struct fileproc *fp; int error; user_ssize_t count; -#if KTRACE - struct iovec_64 *ktriov = NULL; - struct uio ktruio; - int didktr = 0; - u_int iovlen; -#endif + struct vfs_context context = *vfs_context_current(); error = fp_lookup(p,fdes,&fp,0); if (error) @@ -595,45 +685,22 @@ wr_uio(p, fdes, uio, retval) goto out; } count = uio_resid(uio); -#if KTRACE - /* - * if tracing, save a copy of iovec - */ - if (KTRPOINT(p, KTR_GENIO)) { - iovlen = uio->uio_iovcnt * - (IS_64BIT_PROCESS(p) ? sizeof (struct iovec_64) : sizeof (struct iovec_32)); - MALLOC(ktriov, struct iovec_64 *, iovlen, M_TEMP, M_WAITOK); - if (ktriov != NULL) { - bcopy((caddr_t)uio->uio_iovs.iov64p, (caddr_t)ktriov, iovlen); - ktruio = *uio; - didktr = 1; - } - } -#endif - error = fo_write(fp, uio, fp->f_cred, 0, p); + + context.vc_ucred = fp->f_cred; + error = fo_write(fp, uio, 0, &context); if (error) { if (uio_resid(uio) != count && (error == ERESTART || error == EINTR || error == EWOULDBLOCK)) error = 0; /* The socket layer handles SIGPIPE */ - if (error == EPIPE && fp->f_type != DTYPE_SOCKET) + if (error == EPIPE && fp->f_type != DTYPE_SOCKET && + (fp->f_fglob->fg_lflags & FG_NOSIGPIPE) == 0) psignal(p, SIGPIPE); } *retval = count - uio_resid(uio); -#if KTRACE - if (didktr) { - if (error == 0) { - ktruio.uio_iovs.iov64p = ktriov; - uio_setresid(&ktruio, *retval); - ktrgenio(p->p_tracep, fdes, UIO_WRITE, &ktruio, error); - } - FREE(ktriov, M_TEMP); - } -#endif - out: - if ( (error == 0) ) + if (error == 0) fp_drop_written(p, fdes, fp); else fp_drop(p, fdes, fp, 0); @@ -642,42 +709,21 @@ out: int -rd_uio(p, fdes, uio, retval) - struct proc *p; - int fdes; - register uio_t uio; - user_ssize_t *retval; +rd_uio(struct proc *p, int fdes, uio_t uio, user_ssize_t *retval) { struct fileproc *fp; int error; user_ssize_t count; -#if KTRACE - struct iovec_64 *ktriov = NULL; - struct uio ktruio; - int didktr = 0; - u_int iovlen; -#endif + struct vfs_context context = *vfs_context_current(); if ( (error = preparefileread(p, &fp, fdes, 0)) ) return (error); count = uio_resid(uio); -#if KTRACE - /* - * if tracing, save a copy of iovec - */ - if (KTRPOINT(p, KTR_GENIO)) { - iovlen = uio->uio_iovcnt * - (IS_64BIT_PROCESS(p) ? sizeof (struct iovec_64) : sizeof (struct iovec_32)); - MALLOC(ktriov, struct iovec_64 *, iovlen, M_TEMP, M_WAITOK); - if (ktriov != NULL) { - bcopy((caddr_t)uio->uio_iovs.iov64p, (caddr_t)ktriov, iovlen); - ktruio = *uio; - didktr = 1; - } - } -#endif - error = fo_read(fp, uio, fp->f_cred, 0, p); + + context.vc_ucred = fp->f_cred; + + error = fo_read(fp, uio, 0, &context); if (error) { if (uio_resid(uio) != count && (error == ERESTART || @@ -686,16 +732,6 @@ rd_uio(p, fdes, uio, retval) } *retval = count - uio_resid(uio); -#if KTRACE - if (didktr) { - if (error == 0) { - ktruio.uio_iovs.iov64p = ktriov; - uio_setresid(&ktruio, *retval); - ktrgenio(p->p_tracep, fdes, UIO_READ, &ktruio, error); - } - FREE(ktriov, M_TEMP); - } -#endif donefileread(p, fp, fdes); return (error); @@ -704,106 +740,60 @@ rd_uio(p, fdes, uio, retval) /* * Ioctl system call * + * Returns: 0 Success + * EBADF + * ENOTTY + * ENOMEM + * ESRCH + * copyin:EFAULT + * copyoutEFAULT + * fp_lookup:EBADF Bad file descriptor + * fo_ioctl:??? */ int -ioctl(struct proc *p, register struct ioctl_args *uap, __unused register_t *retval) +ioctl(struct proc *p, struct ioctl_args *uap, __unused int32_t *retval) { - struct fileproc *fp; - register u_long com; + struct fileproc *fp = NULL; int error = 0; - register u_int size; - caddr_t datap, memp; - boolean_t is64bit; - int tmp; + u_int size = 0; + caddr_t datap = NULL, memp = NULL; + boolean_t is64bit = FALSE; + int tmp = 0; #define STK_PARAMS 128 char stkbuf[STK_PARAMS]; int fd = uap->fd; + u_long com = uap->com; + struct vfs_context context = *vfs_context_current(); AUDIT_ARG(fd, uap->fd); - AUDIT_ARG(cmd, CAST_DOWN(int, uap->com)); /* LP64todo: uap->com is a user-land long */ AUDIT_ARG(addr, uap->data); is64bit = proc_is64bit(p); - - proc_fdlock(p); - error = fp_lookup(p,fd,&fp,1); - if (error) { - proc_fdunlock(p); - return(error); - } - - AUDIT_ARG(file, p, fp); - - if ((fp->f_flag & (FREAD | FWRITE)) == 0) { - error = EBADF; - goto out; - } - -#if NETAT - /* - * ### LD 6/11/97 Hack Alert: this is to get AppleTalk to work - * while implementing an ATioctl system call - */ - { - if (appletalk_inited && ((uap->com & 0x0000FFFF) == 0xff99)) { - u_long fixed_command; -#ifdef APPLETALK_DEBUG - kprintf("ioctl: special AppleTalk \n"); -#endif - datap = &stkbuf[0]; - *(user_addr_t *)datap = uap->data; - fixed_command = _IOW(0, 0xff99, uap->data); - error = fo_ioctl(fp, fixed_command, datap, p); - goto out; - } - } - -#endif /* NETAT */ - - - switch (com = uap->com) { - case FIONCLEX: - *fdflags(p, uap->fd) &= ~UF_EXCLOSE; - error =0; - goto out; - case FIOCLEX: - *fdflags(p, uap->fd) |= UF_EXCLOSE; - error =0; - goto out; - } +#if CONFIG_AUDIT + if (is64bit) + AUDIT_ARG(value64, com); + else + AUDIT_ARG(cmd, CAST_DOWN_EXPLICIT(int, com)); +#endif /* CONFIG_AUDIT */ /* * Interpret high order word to find amount of data to be * copied to/from the user's address space. */ size = IOCPARM_LEN(com); - if (size > IOCPARM_MAX) { - error = ENOTTY; - goto out; - } - memp = NULL; + if (size > IOCPARM_MAX) + return ENOTTY; if (size > sizeof (stkbuf)) { - proc_fdunlock(p); - if ((memp = (caddr_t)kalloc(size)) == 0) { - proc_fdlock(p); - error = ENOMEM; - goto out; - } - proc_fdlock(p); + if ((memp = (caddr_t)kalloc(size)) == 0) + return ENOMEM; datap = memp; } else datap = &stkbuf[0]; - if (com&IOC_IN) { + if (com & IOC_IN) { if (size) { - proc_fdunlock(p); error = copyin(uap->data, datap, size); - if (error) { - if (memp) - kfree(memp, size); - proc_fdlock(p); - goto out; - } - proc_fdlock(p); + if (error) + goto out_nofp; } else { /* XXX - IOC_IN and no size? we should proably return an error here!! */ if (is64bit) { @@ -813,13 +803,13 @@ ioctl(struct proc *p, register struct ioctl_args *uap, __unused register_t *retv *(uint32_t *)datap = (uint32_t)uap->data; } } - } else if ((com&IOC_OUT) && size) + } else if ((com & IOC_OUT) && size) /* * Zero the buffer so the user always * gets back something deterministic. */ bzero(datap, size); - else if (com&IOC_VOID) { + else if (com & IOC_VOID) { /* XXX - this is odd since IOC_VOID means no parameters */ if (is64bit) { *(user_addr_t *)datap = uap->data; @@ -829,14 +819,43 @@ ioctl(struct proc *p, register struct ioctl_args *uap, __unused register_t *retv } } + proc_fdlock(p); + error = fp_lookup(p,fd,&fp,1); + if (error) { + proc_fdunlock(p); + goto out_nofp; + } + + AUDIT_ARG(file, p, fp); + + if ((fp->f_flag & (FREAD | FWRITE)) == 0) { + error = EBADF; + goto out; + } + + context.vc_ucred = fp->f_fglob->fg_cred; + +#if CONFIG_MACF + error = mac_file_check_ioctl(context.vc_ucred, fp->f_fglob, com); + if (error) + goto out; +#endif + switch (com) { + case FIONCLEX: + *fdflags(p, fd) &= ~UF_EXCLOSE; + break; + + case FIOCLEX: + *fdflags(p, fd) |= UF_EXCLOSE; + break; case FIONBIO: if ( (tmp = *(int *)datap) ) fp->f_flag |= FNONBLOCK; else fp->f_flag &= ~FNONBLOCK; - error = fo_ioctl(fp, FIONBIO, (caddr_t)&tmp, p); + error = fo_ioctl(fp, FIONBIO, (caddr_t)&tmp, &context); break; case FIOASYNC: @@ -844,60 +863,59 @@ ioctl(struct proc *p, register struct ioctl_args *uap, __unused register_t *retv fp->f_flag |= FASYNC; else fp->f_flag &= ~FASYNC; - error = fo_ioctl(fp, FIOASYNC, (caddr_t)&tmp, p); + error = fo_ioctl(fp, FIOASYNC, (caddr_t)&tmp, &context); break; case FIOSETOWN: tmp = *(int *)datap; if (fp->f_type == DTYPE_SOCKET) { ((struct socket *)fp->f_data)->so_pgid = tmp; - error = 0; break; } if (fp->f_type == DTYPE_PIPE) { - error = fo_ioctl(fp, (int)TIOCSPGRP, (caddr_t)&tmp, p); + error = fo_ioctl(fp, (int)TIOCSPGRP, (caddr_t)&tmp, &context); break; } if (tmp <= 0) { tmp = -tmp; } else { - struct proc *p1 = pfind(tmp); + struct proc *p1 = proc_find(tmp); if (p1 == 0) { error = ESRCH; break; } - tmp = p1->p_pgrp->pg_id; + tmp = p1->p_pgrpid; + proc_rele(p1); } - error = fo_ioctl(fp, (int)TIOCSPGRP, (caddr_t)&tmp, p); + error = fo_ioctl(fp, (int)TIOCSPGRP, (caddr_t)&tmp, &context); break; case FIOGETOWN: if (fp->f_type == DTYPE_SOCKET) { - error = 0; *(int *)datap = ((struct socket *)fp->f_data)->so_pgid; break; } - error = fo_ioctl(fp, TIOCGPGRP, datap, p); + error = fo_ioctl(fp, TIOCGPGRP, datap, &context); *(int *)datap = -*(int *)datap; break; default: - error = fo_ioctl(fp, com, datap, p); + error = fo_ioctl(fp, com, datap, &context); /* * Copy any data to user, size was * already set and checked above. */ - if (error == 0 && (com&IOC_OUT) && size) + if (error == 0 && (com & IOC_OUT) && size) error = copyout(datap, uap->data, (u_int)size); break; } - proc_fdunlock(p); - if (memp) - kfree(memp, size); - proc_fdlock(p); out: fp_drop(p, fd, fp, 1); proc_fdunlock(p); + +out_nofp: + if (memp) + kfree(memp, size); return(error); } @@ -907,17 +925,28 @@ int selwait, nselcoll; extern int selcontinue(int error); extern int selprocess(int error, int sel_pass); static int selscan(struct proc *p, struct _select * sel, - int nfd, register_t *retval, int sel_pass, wait_queue_sub_t wqsub); -static int selcount(struct proc *p, u_int32_t *ibits, u_int32_t *obits, - int nfd, int * count); + int nfd, int32_t *retval, int sel_pass, wait_queue_sub_t wqsub); +static int selcount(struct proc *p, u_int32_t *ibits, int nfd, int *count); +static int seldrop_locked(struct proc *p, u_int32_t *ibits, int nfd, int lim, int *need_wakeup, int fromselcount); static int seldrop(struct proc *p, u_int32_t *ibits, int nfd); -extern uint64_t tvtoabstime(struct timeval *tvp); /* * Select system call. + * + * Returns: 0 Success + * EINVAL Invalid argument + * EAGAIN Nonconformant error if allocation fails + * selprocess:??? */ int -select(struct proc *p, struct select_args *uap, register_t *retval) +select(struct proc *p, struct select_args *uap, int32_t *retval) +{ + __pthread_testcancel(1); + return(select_nocancel(p, (struct select_nocancel_args *)uap, retval)); +} + +int +select_nocancel(struct proc *p, struct select_nocancel_args *uap, int32_t *retval) { int error = 0; u_int ni, nw, size; @@ -930,6 +959,7 @@ select(struct proc *p, struct select_args *uap, register_t *retval) th_act = current_thread(); uth = get_bsdthread_info(th_act); sel = &uth->uu_select; + sel->data = &uth->uu_kevent.ss_select_data; retval = (int *)get_bsduthreadrval(th_act); *retval = 0; @@ -937,6 +967,11 @@ select(struct proc *p, struct select_args *uap, register_t *retval) return (EINVAL); } + /* select on thread of process that already called proc_exit() */ + if (p->p_fd == NULL) { + return (EBADF); + } + if (uap->nd > p->p_fd->fd_nfiles) uap->nd = p->p_fd->fd_nfiles; /* forgiving; slightly wrong */ @@ -944,32 +979,38 @@ select(struct proc *p, struct select_args *uap, register_t *retval) ni = nw * sizeof(fd_mask); /* - * if this is the first select by the thread - * allocate the space for bits. - */ - if (sel->nbytes == 0) { - sel->nbytes = 3 * ni; - MALLOC(sel->ibits, u_int32_t *, sel->nbytes, M_TEMP, M_WAITOK | M_ZERO); - MALLOC(sel->obits, u_int32_t *, sel->nbytes, M_TEMP, M_WAITOK | M_ZERO); - if ((sel->ibits == NULL) || (sel->obits == NULL)) - panic("select out of memory"); - needzerofill = 0; - } - - /* - * if the previously allocated space for the bits - * is smaller than what is requested. Reallocate. + * if the previously allocated space for the bits is smaller than + * what is requested or no space has yet been allocated for this + * thread, allocate enough space now. + * + * Note: If this process fails, select() will return EAGAIN; this + * is the same thing pool() returns in a no-memory situation, but + * it is not a POSIX compliant error code for select(). */ if (sel->nbytes < (3 * ni)) { - sel->nbytes = (3 * ni); - FREE(sel->ibits, M_TEMP); - FREE(sel->obits, M_TEMP); - MALLOC(sel->ibits, u_int32_t *, sel->nbytes, M_TEMP, M_WAITOK | M_ZERO); - MALLOC(sel->obits, u_int32_t *, sel->nbytes, M_TEMP, M_WAITOK | M_ZERO); - if ((sel->ibits == NULL) || (sel->obits == NULL)) - panic("select out of memory"); + int nbytes = 3 * ni; + + /* Free previous allocation, if any */ + if (sel->ibits != NULL) + FREE(sel->ibits, M_TEMP); + if (sel->obits != NULL) { + FREE(sel->obits, M_TEMP); + /* NULL out; subsequent ibits allocation may fail */ + sel->obits = NULL; + } + + MALLOC(sel->ibits, u_int32_t *, nbytes, M_TEMP, M_WAITOK | M_ZERO); + if (sel->ibits == NULL) + return (EAGAIN); + MALLOC(sel->obits, u_int32_t *, nbytes, M_TEMP, M_WAITOK | M_ZERO); + if (sel->obits == NULL) { + FREE(sel->ibits, M_TEMP); + sel->ibits = NULL; + return (EAGAIN); + } + sel->nbytes = nbytes; needzerofill = 0; - } + } if (needzerofill) { bzero((caddr_t)sel->ibits, sel->nbytes); @@ -994,13 +1035,16 @@ select(struct proc *p, struct select_args *uap, register_t *retval) if (uap->tv) { struct timeval atv; if (IS_64BIT_PROCESS(p)) { - struct user_timeval atv64; + struct user64_timeval atv64; error = copyin(uap->tv, (caddr_t)&atv64, sizeof(atv64)); /* Loses resolution - assume timeout < 68 years */ atv.tv_sec = atv64.tv_sec; atv.tv_usec = atv64.tv_usec; } else { - error = copyin(uap->tv, (caddr_t)&atv, sizeof(atv)); + struct user32_timeval atv32; + error = copyin(uap->tv, (caddr_t)&atv32, sizeof(atv32)); + atv.tv_sec = atv32.tv_sec; + atv.tv_usec = atv32.tv_usec; } if (error) goto continuation; @@ -1010,41 +1054,51 @@ select(struct proc *p, struct select_args *uap, register_t *retval) } clock_absolutetime_interval_to_deadline( - tvtoabstime(&atv), &sel->abstime); + tvtoabstime(&atv), &sel->data->abstime); } else - sel->abstime = 0; + sel->data->abstime = 0; - if ( (error = selcount(p, sel->ibits, sel->obits, uap->nd, &count)) ) { + if ( (error = selcount(p, sel->ibits, uap->nd, &count)) ) { goto continuation; } - sel->count = count; + sel->data->count = count; size = SIZEOF_WAITQUEUE_SET + (count * SIZEOF_WAITQUEUE_LINK); - if (sel->allocsize) { - if (sel->wqset == 0) + if (uth->uu_allocsize) { + if (uth->uu_wqset == 0) panic("select: wql memory smashed"); /* needed for the select now */ - if (size > sel->allocsize) { - kfree(sel->wqset, sel->allocsize); - sel->allocsize = size; - sel->wqset = (wait_queue_set_t)kalloc(size); - if (sel->wqset == (wait_queue_set_t)NULL) + if (size > uth->uu_allocsize) { + kfree(uth->uu_wqset, uth->uu_allocsize); + uth->uu_allocsize = size; + uth->uu_wqset = (wait_queue_set_t)kalloc(size); + if (uth->uu_wqset == (wait_queue_set_t)NULL) panic("failed to allocate memory for waitqueue\n"); } } else { - sel->count = count; - sel->allocsize = size; - sel->wqset = (wait_queue_set_t)kalloc(sel->allocsize); - if (sel->wqset == (wait_queue_set_t)NULL) + uth->uu_allocsize = size; + uth->uu_wqset = (wait_queue_set_t)kalloc(uth->uu_allocsize); + if (uth->uu_wqset == (wait_queue_set_t)NULL) panic("failed to allocate memory for waitqueue\n"); } - bzero(sel->wqset, size); - sel->wql = (char *)sel->wqset + SIZEOF_WAITQUEUE_SET; - wait_queue_set_init(sel->wqset, (SYNC_POLICY_FIFO | SYNC_POLICY_PREPOST)); + bzero(uth->uu_wqset, size); + sel->data->wql = (char *)uth->uu_wqset + SIZEOF_WAITQUEUE_SET; + wait_queue_set_init(uth->uu_wqset, (SYNC_POLICY_FIFO | SYNC_POLICY_PREPOST)); continuation: - return selprocess(error, SEL_FIRSTPASS); + + if (error) { + /* + * We have already cleaned up any state we established, + * either locally or as a result of selcount(). We don't + * need to wait_subqueue_unlink_all(), since we haven't set + * anything at this point. + */ + return (error); + } + + return selprocess(0, SEL_FIRSTPASS); } int @@ -1053,6 +1107,13 @@ selcontinue(int error) return selprocess(error, SEL_SECONDPASS); } + +/* + * selprocess + * + * Parameters: error The error code from our caller + * sel_pass The pass we are on + */ int selprocess(int error, int sel_pass) { @@ -1077,24 +1138,28 @@ selprocess(int error, int sel_pass) uth = get_bsdthread_info(th_act); sel = &uth->uu_select; - /* if it is first pass wait queue is not setup yet */ if ((error != 0) && (sel_pass == SEL_FIRSTPASS)) unwind = 0; - if (sel->count == 0) + if (sel->data->count == 0) unwind = 0; retry: if (error != 0) { - goto done; + sel_pass = SEL_FIRSTPASS; /* Reset for seldrop */ + goto done; } ncoll = nselcoll; - p->p_flag |= P_SELECT; + OSBitOrAtomic(P_SELECT, &p->p_flag); /* skip scans if the select is just for timeouts */ - if (sel->count) { + if (sel->data->count) { + /* + * Clear out any dangling refs from prior calls; technically + * there should not be any. + */ if (sel_pass == SEL_FIRSTPASS) - wait_queue_sub_clearrefs(sel->wqset); + wait_queue_sub_clearrefs(uth->uu_wqset); - error = selscan(p, sel, uap->nd, retval, sel_pass, sel->wqset); + error = selscan(p, sel, uap->nd, retval, sel_pass, (wait_queue_sub_t)uth->uu_wqset); if (error || *retval) { goto done; } @@ -1115,7 +1180,7 @@ retry: uint64_t now; clock_get_uptime(&now); - if (now >= sel->abstime) + if (now >= sel->data->abstime) goto done; } @@ -1130,7 +1195,7 @@ retry: * To effect a poll, the timeout argument should be * non-nil, pointing to a zero-valued timeval structure. */ - if (uap->tv && sel->abstime == 0) { + if (uap->tv && sel->data->abstime == 0) { goto done; } @@ -1140,15 +1205,16 @@ retry: goto retry; } - p->p_flag &= ~P_SELECT; + OSBitAndAtomic(~((uint32_t)P_SELECT), &p->p_flag); /* if the select is just for timeout skip check */ - if (sel->count &&(sel_pass == SEL_SECONDPASS)) + if (sel->data->count &&(sel_pass == SEL_SECONDPASS)) panic("selprocess: 2nd pass assertwaiting"); /* Wait Queue Subordinate has waitqueue as first element */ - wait_result = wait_queue_assert_wait((wait_queue_t)sel->wqset, - &selwait, THREAD_ABORTSAFE, sel->abstime); + wait_result = wait_queue_assert_wait_with_leeway((wait_queue_t)uth->uu_wqset, + NULL, THREAD_ABORTSAFE, + TIMEOUT_URGENCY_USER_NORMAL, sel->data->abstime, 0); if (wait_result != THREAD_AWAKENED) { /* there are no preposted events */ error = tsleep1(NULL, PSOCK | PCATCH, @@ -1158,18 +1224,18 @@ retry: error = 0; } - sel_pass = SEL_SECONDPASS; if (error == 0) { + sel_pass = SEL_SECONDPASS; if (!prepost) - somewakeup =1; + somewakeup = 1; goto retry; } done: if (unwind) { - wait_subqueue_unlink_all(sel->wqset); + wait_subqueue_unlink_all(uth->uu_wqset); seldrop(p, sel->ibits, uap->nd); } - p->p_flag &= ~P_SELECT; + OSBitAndAtomic(~((uint32_t)P_SELECT), &p->p_flag); /* select is not restarted after signals... */ if (error == ERESTART) error = EINTR; @@ -1196,27 +1262,41 @@ done: return(error); } + +/* + * selscan + * + * Parameters: p Process performing the select + * sel The per-thread select context structure + * nfd The number of file descriptors to scan + * retval The per thread system call return area + * sel_pass Which pass this is; allowed values are + * SEL_FIRSTPASS and SEL_SECONDPASS + * wqsub The per thread wait queue set + * + * Returns: 0 Success + * EIO Invalid p->p_fd field XXX Obsolete? + * EBADF One of the files in the bit vector is + * invalid. + */ static int -selscan(p, sel, nfd, retval, sel_pass, wqsub) - struct proc *p; - struct _select *sel; - int nfd; - register_t *retval; - int sel_pass; - wait_queue_sub_t wqsub; +selscan(struct proc *p, struct _select *sel, int nfd, int32_t *retval, + int sel_pass, wait_queue_sub_t wqsub) { - register struct filedesc *fdp = p->p_fd; - register int msk, i, j, fd; - register u_int32_t bits; + struct filedesc *fdp = p->p_fd; + int msk, i, j, fd; + u_int32_t bits; struct fileproc *fp; - int n = 0; - int nc = 0; + int n = 0; /* count of bits */ + int nc = 0; /* bit vector offset (nc'th bit) */ static int flag[3] = { FREAD, FWRITE, 0 }; u_int32_t *iptr, *optr; u_int nw; u_int32_t *ibits, *obits; char * wql; char * wql_ptr; + int count; + struct vfs_context context = *vfs_context_current(); /* * Problems when reboot; due to MacOSX signal probs @@ -1228,14 +1308,15 @@ selscan(p, sel, nfd, retval, sel_pass, wqsub) } ibits = sel->ibits; obits = sel->obits; - wql = sel->wql; + wql = sel->data->wql; nw = howmany(nfd, NFDBITS); - nc = 0; - proc_fdlock(p); + count = sel->data->count; - if (sel->count) { + nc = 0; + if (count) { + proc_fdlock(p); for (msk = 0; msk < 3; msk++) { iptr = (u_int32_t *)&ibits[msk * nw]; optr = (u_int32_t *)&obits[msk * nw]; @@ -1247,21 +1328,37 @@ selscan(p, sel, nfd, retval, sel_pass, wqsub) bits &= ~(1 << j); fp = fdp->fd_ofiles[fd]; - if (fp == NULL || - (fdp->fd_ofileflags[fd] & UF_RESERVED)) { + if (fp == NULL || (fdp->fd_ofileflags[fd] & UF_RESERVED)) { + /* + * If we abort because of a bad + * fd, let the caller unwind... + */ proc_fdunlock(p); return(EBADF); } if (sel_pass == SEL_SECONDPASS) { wql_ptr = (char *)0; - fp->f_flags &= ~FP_INSELECT; - fp->f_waddr = (void *)0; + if ((fp->f_flags & FP_INSELECT) && (fp->f_waddr == (void *)wqsub)) { + fp->f_flags &= ~FP_INSELECT; + fp->f_waddr = (void *)0; + } } else { wql_ptr = (wql + nc * SIZEOF_WAITQUEUE_LINK); - fp->f_flags |= FP_INSELECT; - fp->f_waddr = (void *)wqsub; + if (fp->f_flags & FP_INSELECT) { + /* someone is already in select on this fp */ + fp->f_flags |= FP_SELCONFLICT; + wait_queue_link(&select_conflict_queue, (wait_queue_set_t)wqsub); + } else { + fp->f_flags |= FP_INSELECT; + fp->f_waddr = (void *)wqsub; + } } - if (fp->f_ops && fo_select(fp, flag[msk], wql_ptr, p)) { + + context.vc_ucred = fp->f_cred; + + /* The select; set the bit, if true */ + if (fp->f_ops && fp->f_type + && fo_select(fp, flag[msk], wql_ptr, &context)) { optr[fd/NFDBITS] |= (1 << (fd % NFDBITS)); n++; } @@ -1269,13 +1366,13 @@ selscan(p, sel, nfd, retval, sel_pass, wqsub) } } } + proc_fdunlock(p); } - proc_fdunlock(p); *retval = n; return (0); } -static int poll_callback(struct kqueue *, struct kevent *, void *); +int poll_callback(struct kqueue *, struct kevent64_s *, void *); struct poll_continue_args { user_addr_t pca_fds; @@ -1284,7 +1381,15 @@ struct poll_continue_args { }; int -poll(struct proc *p, struct poll_args *uap, register_t *retval) +poll(struct proc *p, struct poll_args *uap, int32_t *retval) +{ + __pthread_testcancel(1); + return(poll_nocancel(p, (struct poll_nocancel_args *)uap, retval)); +} + + +int +poll_nocancel(struct proc *p, struct poll_nocancel_args *uap, int32_t *retval) { struct poll_continue_args *cont; struct pollfd *fds; @@ -1304,7 +1409,7 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval) * safe, but not overly restrictive. */ if (nfds > OPEN_MAX || - (nfds > p->p_rlimit[RLIMIT_NOFILE].rlim_cur && nfds > FD_SETSIZE)) + (nfds > p->p_rlimit[RLIMIT_NOFILE].rlim_cur && (proc_suser(p) || nfds > FD_SETSIZE))) return (EINVAL); kq = kqueue_alloc(p); @@ -1341,11 +1446,10 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval) /* JMM - all this P_SELECT stuff is bogus */ ncoll = nselcoll; - p->p_flag |= P_SELECT; - + OSBitOrAtomic(P_SELECT, &p->p_flag); for (i = 0; i < nfds; i++) { short events = fds[i].events; - struct kevent kev; + struct kevent64_s kev; int kerror = 0; /* per spec, ignore fd values below zero */ @@ -1357,12 +1461,14 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval) /* convert the poll event into a kqueue kevent */ kev.ident = fds[i].fd; kev.flags = EV_ADD | EV_ONESHOT | EV_POLL; - kev.fflags = NOTE_LOWAT; - kev.data = 1; /* efficiency be damned: any data should trigger */ kev.udata = CAST_USER_ADDR_T(&fds[i]); + kev.fflags = 0; + kev.data = 0; + kev.ext[0] = 0; + kev.ext[1] = 0; /* Handle input events */ - if (events & ( POLLIN | POLLRDNORM | POLLPRI | POLLRDBAND )) { + if (events & ( POLLIN | POLLRDNORM | POLLPRI | POLLRDBAND | POLLHUP )) { kev.filter = EVFILT_READ; if (!(events & ( POLLIN | POLLRDNORM ))) kev.flags |= EV_OOBAND; @@ -1407,11 +1513,11 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval) cont->pca_fds = uap->fds; cont->pca_nfds = nfds; cont->pca_rfds = rfds; - error = kevent_scan(kq, poll_callback, NULL, cont, &atv, p); + error = kqueue_scan(kq, poll_callback, NULL, cont, &atv, p); rfds = cont->pca_rfds; done: - p->p_flag &= ~P_SELECT; + OSBitAndAtomic(~((uint32_t)P_SELECT), &p->p_flag); /* poll is not restarted after signals... */ if (error == ERESTART) error = EINTR; @@ -1426,15 +1532,16 @@ poll(struct proc *p, struct poll_args *uap, register_t *retval) if (NULL != cont) FREE(cont, M_TEMP); - kqueue_dealloc(kq, p); + kqueue_dealloc(kq); return (error); } -static int -poll_callback(__unused struct kqueue *kq, struct kevent *kevp, void *data) +int +poll_callback(__unused struct kqueue *kq, struct kevent64_s *kevp, void *data) { struct poll_continue_args *cont = (struct poll_continue_args *)data; struct pollfd *fds = CAST_DOWN(struct pollfd *, kevp->udata); + short prev_revents = fds->revents; short mask; /* convert the results back into revents */ @@ -1442,7 +1549,6 @@ poll_callback(__unused struct kqueue *kq, struct kevent *kevp, void *data) fds->revents |= POLLHUP; if (kevp->flags & EV_ERROR) fds->revents |= POLLERR; - cont->pca_rfds++; switch (kevp->filter) { case EVFILT_READ: @@ -1463,7 +1569,7 @@ poll_callback(__unused struct kqueue *kq, struct kevent *kevp, void *data) fds->revents |= (fds->events & ( POLLOUT | POLLWRNORM | POLLWRBAND )); break; - case EVFILT_PROC: + case EVFILT_VNODE: if (kevp->fflags & NOTE_EXTEND) fds->revents |= (fds->events & POLLEXTEND); if (kevp->fflags & NOTE_ATTRIB) @@ -1474,6 +1580,10 @@ poll_callback(__unused struct kqueue *kq, struct kevent *kevp, void *data) fds->revents |= (fds->events & POLLWRITE); break; } + + if (fds->revents != 0 && prev_revents == 0) + cont->pca_rfds++; + return 0; } @@ -1484,26 +1594,50 @@ seltrue(__unused dev_t dev, __unused int flag, __unused struct proc *p) return (1); } +/* + * selcount + * + * Count the number of bits set in the input bit vector, and establish an + * outstanding fp->f_iocount for each of the descriptors which will be in + * use in the select operation. + * + * Parameters: p The process doing the select + * ibits The input bit vector + * nfd The number of fd's in the vector + * countp Pointer to where to store the bit count + * + * Returns: 0 Success + * EIO Bad per process open file table + * EBADF One of the bits in the input bit vector + * references an invalid fd + * + * Implicit: *countp (modified) Count of fd's + * + * Notes: This function is the first pass under the proc_fdlock() that + * permits us to recognize invalid descriptors in the bit vector; + * the may, however, not remain valid through the drop and + * later reacquisition of the proc_fdlock(). + */ static int -selcount(struct proc *p, u_int32_t *ibits, __unused u_int32_t *obits, - int nfd, int *count) +selcount(struct proc *p, u_int32_t *ibits, int nfd, int *countp) { - register struct filedesc *fdp = p->p_fd; - register int msk, i, j, fd; - register u_int32_t bits; + struct filedesc *fdp = p->p_fd; + int msk, i, j, fd; + u_int32_t bits; struct fileproc *fp; int n = 0; u_int32_t *iptr; u_int nw; int error=0; int dropcount; + int need_wakeup = 0; /* * Problems when reboot; due to MacOSX signal probs * in Beaker1C ; verify that the p->p_fd is valid */ if (fdp == NULL) { - *count=0; + *countp = 0; return(EIO); } nw = howmany(nfd, NFDBITS); @@ -1518,7 +1652,7 @@ selcount(struct proc *p, u_int32_t *ibits, __unused u_int32_t *obits, fp = fdp->fd_ofiles[fd]; if (fp == NULL || (fdp->fd_ofileflags[fd] & UF_RESERVED)) { - *count=0; + *countp = 0; error = EBADF; goto bad; } @@ -1529,51 +1663,65 @@ selcount(struct proc *p, u_int32_t *ibits, __unused u_int32_t *obits, } proc_fdunlock(p); - *count = n; + *countp = n; return (0); + bad: dropcount = 0; if (n== 0) goto out; - /* undo the iocounts */ - for (msk = 0; msk < 3; msk++) { - iptr = (u_int32_t *)&ibits[msk * nw]; - for (i = 0; i < nfd; i += NFDBITS) { - bits = iptr[i/NFDBITS]; - while ((j = ffs(bits)) && (fd = i + --j) < nfd) { - bits &= ~(1 << j); - fp = fdp->fd_ofiles[fd]; - if (dropcount >= n) - goto out; - fp->f_iocount--; + /* Ignore error return; it's already EBADF */ + (void)seldrop_locked(p, ibits, nfd, n, &need_wakeup, 1); - if (p->p_fpdrainwait && fp->f_iocount == 0) { - p->p_fpdrainwait = 0; - wakeup(&p->p_fpdrainwait); - } - dropcount++; - } - } - } out: proc_fdunlock(p); + if (need_wakeup) { + wakeup(&p->p_fpdrainwait); + } return(error); } + +/* + * seldrop_locked + * + * Drop outstanding wait queue references set up during selscan(); drop the + * outstanding per fileproc f_iocount() picked up during the selcount(). + * + * Parameters: p Process performing the select + * ibits Input pit bector of fd's + * nfd Number of fd's + * lim Limit to number of vector entries to + * consider, or -1 for "all" + * inselect True if + * need_wakeup Pointer to flag to set to do a wakeup + * if f_iocont on any descriptor goes to 0 + * + * Returns: 0 Success + * EBADF One or more fds in the bit vector + * were invalid, but the rest + * were successfully dropped + * + * Notes: An fd make become bad while the proc_fdlock() is not held, + * if a multithreaded application closes the fd out from under + * the in progress select. In this case, we still have to + * clean up after the set up on the remaining fds. + */ static int -seldrop(p, ibits, nfd) - struct proc *p; - u_int32_t *ibits; - int nfd; +seldrop_locked(struct proc *p, u_int32_t *ibits, int nfd, int lim, int *need_wakeup, int fromselcount) { - register struct filedesc *fdp = p->p_fd; - register int msk, i, j, fd; - register u_int32_t bits; + struct filedesc *fdp = p->p_fd; + int msk, i, j, fd; + u_int32_t bits; struct fileproc *fp; - int n = 0; u_int32_t *iptr; u_int nw; + int error = 0; + int dropcount = 0; + uthread_t uth = get_bsdthread_info(current_thread()); + + *need_wakeup = 0; /* * Problems when reboot; due to MacOSX signal probs @@ -1585,8 +1733,6 @@ seldrop(p, ibits, nfd) nw = howmany(nfd, NFDBITS); - - proc_fdlock(p); for (msk = 0; msk < 3; msk++) { iptr = (u_int32_t *)&ibits[msk * nw]; for (i = 0; i < nfd; i += NFDBITS) { @@ -1594,28 +1740,67 @@ seldrop(p, ibits, nfd) while ((j = ffs(bits)) && (fd = i + --j) < nfd) { bits &= ~(1 << j); fp = fdp->fd_ofiles[fd]; - if (fp == NULL -#if 0 - /* if you are here then it is being closed */ - || (fdp->fd_ofileflags[fd] & UF_RESERVED) -#endif - ) { - proc_fdunlock(p); - return(EBADF); + /* + * If we've already dropped as many as were + * counted/scanned, then we are done. + */ + if ((fromselcount != 0) && (++dropcount > lim)) + goto done; + + if (fp == NULL) { + /* skip (now) bad fds */ + error = EBADF; + continue; + } + /* + * Only clear the flag if we set it. We'll + * only find that we set it if we had made + * at least one [partial] pass through selscan(). + */ + if ((fp->f_flags & FP_INSELECT) && (fp->f_waddr == (void *)uth->uu_wqset)) { + fp->f_flags &= ~FP_INSELECT; + fp->f_waddr = (void *)0; } - n++; - fp->f_iocount--; - fp->f_flags &= ~FP_INSELECT; - if (p->p_fpdrainwait && fp->f_iocount == 0) { - p->p_fpdrainwait = 0; - wakeup(&p->p_fpdrainwait); + fp->f_iocount--; + if (fp->f_iocount < 0) + panic("f_iocount overdecrement!"); + + if (fp->f_iocount == 0) { + /* + * The last iocount is responsible for clearing + * selconfict flag - even if we didn't set it - + * and is also responsible for waking up anyone + * waiting on iocounts to drain. + */ + if (fp->f_flags & FP_SELCONFLICT) + fp->f_flags &= ~FP_SELCONFLICT; + if (p->p_fpdrainwait) { + p->p_fpdrainwait = 0; + *need_wakeup = 1; + } } } } } +done: + return (error); +} + + +static int +seldrop(struct proc *p, u_int32_t *ibits, int nfd) +{ + int error; + int need_wakeup = 0; + + proc_fdlock(p); + error = seldrop_locked(p, ibits, nfd, nfd, &need_wakeup, 0); proc_fdunlock(p); - return (0); + if (need_wakeup) { + wakeup(&p->p_fpdrainwait); + } + return (error); } /* @@ -1629,12 +1814,8 @@ selrecord(__unused struct proc *selector, struct selinfo *sip, void * p_wql) /* need to look at collisions */ - if ((p_wql == (void *)0) && ((sip->si_flags & SI_INITED) == 0)) { - return; - } - /*do not record if this is second pass of select */ - if((p_wql == (void *)0)) { + if(p_wql == (void *)0) { return; } @@ -1650,16 +1831,15 @@ selrecord(__unused struct proc *selector, struct selinfo *sip, void * p_wql) sip->si_flags &= ~SI_COLL; sip->si_flags |= SI_RECORDED; - if (!wait_queue_member(&sip->si_wait_queue, ut->uu_select.wqset)) - wait_queue_link_noalloc(&sip->si_wait_queue, ut->uu_select.wqset, + if (!wait_queue_member(&sip->si_wait_queue, ut->uu_wqset)) + wait_queue_link_noalloc(&sip->si_wait_queue, ut->uu_wqset, (wait_queue_link_t)p_wql); return; } void -selwakeup(sip) - register struct selinfo *sip; +selwakeup(struct selinfo *sip) { if ((sip->si_flags & SI_INITED) == 0) { @@ -1676,15 +1856,14 @@ selwakeup(sip) } if (sip->si_flags & SI_RECORDED) { - wait_queue_wakeup_all(&sip->si_wait_queue, &selwait, THREAD_AWAKENED); + wait_queue_wakeup_all(&sip->si_wait_queue, NULL, THREAD_AWAKENED); sip->si_flags &= ~SI_RECORDED; } } void -selthreadclear(sip) - register struct selinfo *sip; +selthreadclear(struct selinfo *sip) { if ((sip->si_flags & SI_INITED) == 0) { @@ -1695,14 +1874,12 @@ selthreadclear(sip) sip->si_flags &= ~(SI_RECORDED | SI_COLL); } sip->si_flags |= SI_CLEAR; - wait_queue_unlinkall_nofree(&sip->si_wait_queue); + wait_queue_unlink_all(&sip->si_wait_queue); } -#define DBG_EVENT 0x10 - #define DBG_POST 0x10 #define DBG_WATCH 0x11 #define DBG_WAIT 0x12 @@ -1792,7 +1969,7 @@ evprocenque(struct eventqelt *evq) assert(evq); p = evq->ee_proc; - KERNEL_DEBUG(DBG_MISC_ENQUEUE|DBG_FUNC_START, evq, evq->ee_flags, evq->ee_eventmask,0,0); + KERNEL_DEBUG(DBG_MISC_ENQUEUE|DBG_FUNC_START, (uint32_t)evq, evq->ee_flags, evq->ee_eventmask,0,0); proc_lock(p); @@ -1842,14 +2019,14 @@ postpipeevent(struct pipe *pipep, int event) evq->ee_req.er_rcnt = pipep->pipe_buffer.cnt; } if ((evq->ee_eventmask & EV_WR) && - (pipep->pipe_buffer.size - pipep->pipe_buffer.cnt) >= PIPE_BUF) { + (MAX(pipep->pipe_buffer.size,PIPE_SIZE) - pipep->pipe_buffer.cnt) >= PIPE_BUF) { if (pipep->pipe_state & PIPE_EOF) { mask |= EV_WR|EV_RESET; break; } mask |= EV_WR; - evq->ee_req.er_wcnt = pipep->pipe_buffer.size - pipep->pipe_buffer.cnt; + evq->ee_req.er_wcnt = MAX(pipep->pipe_buffer.size, PIPE_SIZE) - pipep->pipe_buffer.cnt; } break; @@ -1884,7 +2061,7 @@ postpipeevent(struct pipe *pipep, int event) */ evq->ee_req.er_eventbits |= mask; - KERNEL_DEBUG(DBG_MISC_POST, evq, evq->ee_req.er_eventbits, mask, 1,0); + KERNEL_DEBUG(DBG_MISC_POST, (uint32_t)evq, evq->ee_req.er_eventbits, mask, 1,0); evprocenque(evq); } @@ -1892,7 +2069,7 @@ postpipeevent(struct pipe *pipep, int event) KERNEL_DEBUG(DBG_MISC_POST|DBG_FUNC_END, 0,0,0,1,0); } - +#if SOCKETS /* * given either a sockbuf or a socket run down the * event list and queue ready events found... @@ -1955,13 +2132,19 @@ postevent(struct socket *sp, struct sockbuf *sb, int event) */ case EV_RWBYTES: if ((evq->ee_eventmask & EV_RE) && soreadable(sp)) { - if (sp->so_error) { - if ((sp->so_type == SOCK_STREAM) && ((sp->so_error == ECONNREFUSED) || (sp->so_error == ECONNRESET))) { - if ((sp->so_pcb == 0) || (((struct inpcb *)sp->so_pcb)->inp_state == INPCB_STATE_DEAD) || !(tp = sototcpcb(sp)) || - (tp->t_state == TCPS_CLOSED)) { - mask |= EV_RE|EV_RESET; - break; - } + /* for AFP/OT purposes; may go away in future */ + if ((SOCK_DOM(sp) == PF_INET || + SOCK_DOM(sp) == PF_INET6) && + SOCK_PROTO(sp) == IPPROTO_TCP && + (sp->so_error == ECONNREFUSED || + sp->so_error == ECONNRESET)) { + if (sp->so_pcb == NULL || + sotoinpcb(sp)->inp_state == + INPCB_STATE_DEAD || + (tp = sototcpcb(sp)) == NULL || + tp->t_state == TCPS_CLOSED) { + mask |= EV_RE|EV_RESET; + break; } } mask |= EV_RE; @@ -1973,13 +2156,19 @@ postevent(struct socket *sp, struct sockbuf *sb, int event) } } if ((evq->ee_eventmask & EV_WR) && sowriteable(sp)) { - if (sp->so_error) { - if ((sp->so_type == SOCK_STREAM) && ((sp->so_error == ECONNREFUSED) || (sp->so_error == ECONNRESET))) { - if ((sp->so_pcb == 0) || (((struct inpcb *)sp->so_pcb)->inp_state == INPCB_STATE_DEAD) || !(tp = sototcpcb(sp)) || - (tp->t_state == TCPS_CLOSED)) { - mask |= EV_WR|EV_RESET; - break; - } + /* for AFP/OT purposes; may go away in future */ + if ((SOCK_DOM(sp) == PF_INET || + SOCK_DOM(sp) == PF_INET6) && + SOCK_PROTO(sp) == IPPROTO_TCP && + (sp->so_error == ECONNREFUSED || + sp->so_error == ECONNRESET)) { + if (sp->so_pcb == NULL || + sotoinpcb(sp)->inp_state == + INPCB_STATE_DEAD || + (tp = sototcpcb(sp)) == NULL || + tp->t_state == TCPS_CLOSED) { + mask |= EV_WR|EV_RESET; + break; } } mask |= EV_WR; @@ -2059,6 +2248,7 @@ postevent(struct socket *sp, struct sockbuf *sb, int event) } KERNEL_DEBUG(DBG_MISC_POST|DBG_FUNC_END, (int)sp, 0, 0, 0, 0); } +#endif /* SOCKETS */ /* @@ -2069,13 +2259,17 @@ postevent(struct socket *sp, struct sockbuf *sb, int event) * via waitevent(). * * should this prevent duplicate events on same socket? + * + * Returns: + * ENOMEM No memory for operation + * copyin:EFAULT */ int watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval) { struct eventqelt *evq = (struct eventqelt *)0; struct eventqelt *np = NULL; - struct eventreq *erp; + struct eventreq64 *erp; struct fileproc *fp = NULL; int error; @@ -2085,18 +2279,36 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval) MALLOC(evq, struct eventqelt *, sizeof(struct eventqelt), M_TEMP, M_WAITOK); if (evq == NULL) - panic("can't MALLOC evq"); + return (ENOMEM); erp = &evq->ee_req; // get users request pkt - if ( (error = copyin(CAST_USER_ADDR_T(uap->u_req), (caddr_t)erp, - sizeof(struct eventreq))) ) { - FREE(evq, M_TEMP); + if (IS_64BIT_PROCESS(p)) { + error = copyin(uap->u_req, (caddr_t)erp, sizeof(struct eventreq64)); + } else { + struct eventreq32 er32; + + error = copyin(uap->u_req, (caddr_t)&er32, sizeof(struct eventreq32)); + if (error == 0) { + /* + * the user only passes in the + * er_type, er_handle and er_data... + * the other fields are initialized + * below, so don't bother to copy + */ + erp->er_type = er32.er_type; + erp->er_handle = er32.er_handle; + erp->er_data = (user_addr_t)er32.er_data; + } + } + if (error) { + FREE(evq, M_TEMP); KERNEL_DEBUG(DBG_MISC_WATCH|DBG_FUNC_END, error,0,0,0,0); - return(error); + + return(error); } - KERNEL_DEBUG(DBG_MISC_WATCH, erp->er_handle,uap->u_eventmask,evq,0,0); + KERNEL_DEBUG(DBG_MISC_WATCH, erp->er_handle,uap->u_eventmask,(uint32_t)evq,0,0); // validate, freeing qelt if errors error = 0; @@ -2106,9 +2318,11 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval) error = EINVAL; } else if ((error = fp_lookup(p, erp->er_handle, &fp, 1)) != 0) { error = EBADF; +#if SOCKETS } else if (fp->f_type == DTYPE_SOCKET) { socket_lock((struct socket *)fp->f_data, 1); np = ((struct socket *)fp->f_data)->so_evlist.tqh_first; +#endif /* SOCKETS */ } else if (fp->f_type == DTYPE_PIPE) { PIPE_LOCK((struct pipe *)fp->f_data); np = ((struct pipe *)fp->f_data)->pipe_evlist.tqh_first; @@ -2130,9 +2344,11 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval) */ for ( ; np != NULL; np = np->ee_slist.tqe_next) { if (np->ee_proc == p) { +#if SOCKETS if (fp->f_type == DTYPE_SOCKET) socket_unlock((struct socket *)fp->f_data, 1); else +#endif /* SOCKETS */ PIPE_UNLOCK((struct pipe *)fp->f_data); fp_drop(p, erp->er_handle, fp, 0); FREE(evq, M_TEMP); @@ -2146,12 +2362,15 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval) evq->ee_eventmask = uap->u_eventmask & EV_MASK; evq->ee_flags = 0; +#if SOCKETS if (fp->f_type == DTYPE_SOCKET) { TAILQ_INSERT_TAIL(&((struct socket *)fp->f_data)->so_evlist, evq, ee_slist); postevent((struct socket *)fp->f_data, 0, EV_RWBYTES); // catch existing events socket_unlock((struct socket *)fp->f_data, 1); - } else { + } else +#endif /* SOCKETS */ + { TAILQ_INSERT_TAIL(&((struct pipe *)fp->f_data)->pipe_evlist, evq, ee_slist); postpipeevent((struct pipe *)fp->f_data, EV_RWBYTES); @@ -2169,20 +2388,60 @@ watchevent(proc_t p, struct watchevent_args *uap, __unused int *retval) * waitevent system call. * grabs the next waiting event for this proc and returns * it. if no events, user can request to sleep with timeout - * or poll mode (tv=NULL); + * or without or poll mode + * ((tv != NULL && interval == 0) || tv == -1) */ int waitevent(proc_t p, struct waitevent_args *uap, int *retval) { int error = 0; struct eventqelt *evq; - struct eventreq er; + struct eventreq64 *erp; uint64_t abstime, interval; + boolean_t fast_poll = FALSE; + union { + struct eventreq64 er64; + struct eventreq32 er32; + } uer; + + interval = 0; if (uap->tv) { struct timeval atv; + /* + * check for fast poll method + */ + if (IS_64BIT_PROCESS(p)) { + if (uap->tv == (user_addr_t)-1) + fast_poll = TRUE; + } else if (uap->tv == (user_addr_t)((uint32_t)-1)) + fast_poll = TRUE; + + if (fast_poll == TRUE) { + if (p->p_evlist.tqh_first == NULL) { + KERNEL_DEBUG(DBG_MISC_WAIT|DBG_FUNC_NONE, -1,0,0,0,0); + /* + * poll failed + */ + *retval = 1; + return (0); + } + proc_lock(p); + goto retry; + } + if (IS_64BIT_PROCESS(p)) { + struct user64_timeval atv64; + error = copyin(uap->tv, (caddr_t)&atv64, sizeof(atv64)); + /* Loses resolution - assume timeout < 68 years */ + atv.tv_sec = atv64.tv_sec; + atv.tv_usec = atv64.tv_usec; + } else { + struct user32_timeval atv32; + error = copyin(uap->tv, (caddr_t)&atv32, sizeof(atv32)); + atv.tv_sec = atv32.tv_sec; + atv.tv_usec = atv32.tv_usec; + } - error = copyin(CAST_USER_ADDR_T(uap->tv), (caddr_t)&atv, sizeof (atv)); if (error) return(error); if (itimerfix(&atv)) { @@ -2190,9 +2449,7 @@ waitevent(proc_t p, struct waitevent_args *uap, int *retval) return(error); } interval = tvtoabstime(&atv); - } else - interval = 0; - + } KERNEL_DEBUG(DBG_MISC_WAIT|DBG_FUNC_START, 0,0,0,0,0); proc_lock(p); @@ -2204,18 +2461,32 @@ retry: * don't want to hold the proc lock across a copyout because * it might block on a page fault at the target in user space */ - bcopy((caddr_t)&evq->ee_req, (caddr_t)&er, sizeof (struct eventreq)); + erp = &evq->ee_req; + if (IS_64BIT_PROCESS(p)) + bcopy((caddr_t)erp, (caddr_t)&uer.er64, sizeof (struct eventreq64)); + else { + uer.er32.er_type = erp->er_type; + uer.er32.er_handle = erp->er_handle; + uer.er32.er_data = (uint32_t)erp->er_data; + uer.er32.er_ecnt = erp->er_ecnt; + uer.er32.er_rcnt = erp->er_rcnt; + uer.er32.er_wcnt = erp->er_wcnt; + uer.er32.er_eventbits = erp->er_eventbits; + } TAILQ_REMOVE(&p->p_evlist, evq, ee_plist); evq->ee_flags &= ~EV_QUEUED; proc_unlock(p); - error = copyout((caddr_t)&er, CAST_USER_ADDR_T(uap->u_req), sizeof(struct eventreq)); + if (IS_64BIT_PROCESS(p)) + error = copyout((caddr_t)&uer.er64, uap->u_req, sizeof(struct eventreq64)); + else + error = copyout((caddr_t)&uer.er32, uap->u_req, sizeof(struct eventreq32)); KERNEL_DEBUG(DBG_MISC_WAIT|DBG_FUNC_END, error, - evq->ee_req.er_handle,evq->ee_req.er_eventbits,evq,0); + evq->ee_req.er_handle,evq->ee_req.er_eventbits,(uint32_t)evq,0); return (error); } else { @@ -2231,11 +2502,11 @@ retry: else abstime = 0; - KERNEL_DEBUG(DBG_MISC_WAIT, 1,&p->p_evlist,0,0,0); + KERNEL_DEBUG(DBG_MISC_WAIT, 1,(uint32_t)&p->p_evlist,0,0,0); error = msleep1(&p->p_evlist, &p->p_mlock, (PSOCK | PCATCH), "waitevent", abstime); - KERNEL_DEBUG(DBG_MISC_WAIT, 2,&p->p_evlist,0,0,0); + KERNEL_DEBUG(DBG_MISC_WAIT, 2,(uint32_t)&p->p_evlist,0,0,0); if (error == 0) goto retry; @@ -2261,9 +2532,9 @@ retry: int modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval) { - struct eventreq er; - struct eventreq *erp = &er; - struct eventqelt *evq; + struct eventreq64 er; + struct eventreq64 *erp = &er; + struct eventqelt *evq = NULL; /* protected by error return */ int error; struct fileproc *fp; int flag; @@ -2272,10 +2543,12 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval) /* * get user's request pkt + * just need the er_type and er_handle which sit above the + * problematic er_data (32/64 issue)... so only copy in + * those 2 fields */ - if ((error = copyin(CAST_USER_ADDR_T(uap->u_req), (caddr_t)erp, - sizeof(struct eventreq)))) { - KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, error,0,0,0,0); + if ((error = copyin(uap->u_req, (caddr_t)erp, sizeof(er.er_type) + sizeof(er.er_handle)))) { + KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, error,0,0,0,0); return(error); } proc_fdlock(p); @@ -2284,9 +2557,11 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval) error = EINVAL; } else if ((error = fp_lookup(p, erp->er_handle, &fp, 1)) != 0) { error = EBADF; +#if SOCKETS } else if (fp->f_type == DTYPE_SOCKET) { socket_lock((struct socket *)fp->f_data, 1); evq = ((struct socket *)fp->f_data)->so_evlist.tqh_first; +#endif /* SOCKETS */ } else if (fp->f_type == DTYPE_PIPE) { PIPE_LOCK((struct pipe *)fp->f_data); evq = ((struct pipe *)fp->f_data)->pipe_evlist.tqh_first; @@ -2312,23 +2587,28 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval) break; } if (evq == NULL) { +#if SOCKETS if (fp->f_type == DTYPE_SOCKET) socket_unlock((struct socket *)fp->f_data, 1); - else + else +#endif /* SOCKETS */ PIPE_UNLOCK((struct pipe *)fp->f_data); fp_drop(p, erp->er_handle, fp, 0); KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, EINVAL,0,0,0,0); return(EINVAL); } - KERNEL_DEBUG(DBG_MISC_MOD, erp->er_handle,uap->u_eventmask,evq,0,0); + KERNEL_DEBUG(DBG_MISC_MOD, erp->er_handle,uap->u_eventmask,(uint32_t)evq,0,0); if (uap->u_eventmask == EV_RM) { EVPROCDEQUE(p, evq); +#if SOCKETS if (fp->f_type == DTYPE_SOCKET) { TAILQ_REMOVE(&((struct socket *)fp->f_data)->so_evlist, evq, ee_slist); socket_unlock((struct socket *)fp->f_data, 1); - } else { + } else +#endif /* SOCKETS */ + { TAILQ_REMOVE(&((struct pipe *)fp->f_data)->pipe_evlist, evq, ee_slist); PIPE_UNLOCK((struct pipe *)fp->f_data); } @@ -2360,9 +2640,11 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval) break; default: +#if SOCKETS if (fp->f_type == DTYPE_SOCKET) socket_unlock((struct socket *)fp->f_data, 1); else +#endif /* SOCKETS */ PIPE_UNLOCK((struct pipe *)fp->f_data); fp_drop(p, erp->er_handle, fp, 0); KERNEL_DEBUG(DBG_MISC_WATCH|DBG_FUNC_END, EINVAL,0,0,0,0); @@ -2391,16 +2673,18 @@ modwatch(proc_t p, struct modwatch_args *uap, __unused int *retval) evq->ee_req.er_eventbits = 0; evq->ee_eventmask = uap->u_eventmask & EV_MASK; +#if SOCKETS if (fp->f_type == DTYPE_SOCKET) { postevent((struct socket *)fp->f_data, 0, flag); socket_unlock((struct socket *)fp->f_data, 1); - } - else { + } else +#endif /* SOCKETS */ + { postpipeevent((struct pipe *)fp->f_data, flag); PIPE_UNLOCK((struct pipe *)fp->f_data); } fp_drop(p, erp->er_handle, fp, 0); - KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, evq->ee_req.er_handle,evq->ee_eventmask,fp->f_data,flag,0); + KERNEL_DEBUG(DBG_MISC_MOD|DBG_FUNC_END, evq->ee_req.er_handle,evq->ee_eventmask,(uint32_t)fp->f_data,flag,0); return(0); } @@ -2413,11 +2697,13 @@ waitevent_close(struct proc *p, struct fileproc *fp) fp->f_flags &= ~FP_WAITEVENT; +#if SOCKETS if (fp->f_type == DTYPE_SOCKET) { socket_lock((struct socket *)fp->f_data, 1); evq = ((struct socket *)fp->f_data)->so_evlist.tqh_first; - } - else if (fp->f_type == DTYPE_PIPE) { + } else +#endif /* SOCKETS */ + if (fp->f_type == DTYPE_PIPE) { PIPE_LOCK((struct pipe *)fp->f_data); evq = ((struct pipe *)fp->f_data)->pipe_evlist.tqh_first; } @@ -2433,9 +2719,11 @@ waitevent_close(struct proc *p, struct fileproc *fp) break; } if (evq == NULL) { +#if SOCKETS if (fp->f_type == DTYPE_SOCKET) socket_unlock((struct socket *)fp->f_data, 1); else +#endif /* SOCKETS */ PIPE_UNLOCK((struct pipe *)fp->f_data); proc_fdlock(p); @@ -2444,10 +2732,13 @@ waitevent_close(struct proc *p, struct fileproc *fp) } EVPROCDEQUE(p, evq); +#if SOCKETS if (fp->f_type == DTYPE_SOCKET) { TAILQ_REMOVE(&((struct socket *)fp->f_data)->so_evlist, evq, ee_slist); socket_unlock((struct socket *)fp->f_data, 1); - } else { + } else +#endif /* SOCKETS */ + { TAILQ_REMOVE(&((struct pipe *)fp->f_data)->pipe_evlist, evq, ee_slist); PIPE_UNLOCK((struct pipe *)fp->f_data); } @@ -2458,3 +2749,203 @@ waitevent_close(struct proc *p, struct fileproc *fp) return(0); } + +/* + * gethostuuid + * + * Description: Get the host UUID from IOKit and return it to user space. + * + * Parameters: uuid_buf Pointer to buffer to receive UUID + * timeout Timespec for timout + * spi SPI, skip sandbox check (temporary) + * + * Returns: 0 Success + * EWOULDBLOCK Timeout is too short + * copyout:EFAULT Bad user buffer + * + * Notes: A timeout seems redundant, since if it's tolerable to not + * have a system UUID in hand, then why ask for one? + */ +int +gethostuuid(struct proc *p, struct gethostuuid_args *uap, __unused int32_t *retval) +{ + kern_return_t kret; + int error; + mach_timespec_t mach_ts; /* for IOKit call */ + __darwin_uuid_t uuid_kern; /* for IOKit call */ + + if (!uap->spi) { +#if 13841988 + uint32_t flags; + if (temp_debug_13841988 && (0 == proc_get_darwinbgstate(p->task, &flags)) && (flags & PROC_FLAG_IOS_APPLICATION)) { + printf("Unauthorized access to gethostuuid() by %s(%d)\n", p->p_comm, proc_pid(p)); + return (EPERM); + } +#else + /* Perform sandbox check */ +#endif + } + + /* Convert the 32/64 bit timespec into a mach_timespec_t */ + if ( proc_is64bit(p) ) { + struct user64_timespec ts; + error = copyin(uap->timeoutp, &ts, sizeof(ts)); + if (error) + return (error); + mach_ts.tv_sec = ts.tv_sec; + mach_ts.tv_nsec = ts.tv_nsec; + } else { + struct user32_timespec ts; + error = copyin(uap->timeoutp, &ts, sizeof(ts) ); + if (error) + return (error); + mach_ts.tv_sec = ts.tv_sec; + mach_ts.tv_nsec = ts.tv_nsec; + } + + /* Call IOKit with the stack buffer to get the UUID */ + kret = IOBSDGetPlatformUUID(uuid_kern, mach_ts); + + /* + * If we get it, copy out the data to the user buffer; note that a + * uuid_t is an array of characters, so this is size invariant for + * 32 vs. 64 bit. + */ + if (kret == KERN_SUCCESS) { + error = copyout(uuid_kern, uap->uuid_buf, sizeof(uuid_kern)); + } else { + error = EWOULDBLOCK; + } + + return (error); +} + +/* + * ledger + * + * Description: Omnibus system call for ledger operations + */ +int +ledger(struct proc *p, struct ledger_args *args, __unused int32_t *retval) +{ +#if !CONFIG_MACF +#pragma unused(p) +#endif + int rval, pid, len, error; +#ifdef LEDGER_DEBUG + struct ledger_limit_args lla; +#endif + task_t task; + proc_t proc; + + /* Finish copying in the necessary args before taking the proc lock */ + error = 0; + len = 0; + if (args->cmd == LEDGER_ENTRY_INFO) + error = copyin(args->arg3, (char *)&len, sizeof (len)); + else if (args->cmd == LEDGER_TEMPLATE_INFO) + error = copyin(args->arg2, (char *)&len, sizeof (len)); +#ifdef LEDGER_DEBUG + else if (args->cmd == LEDGER_LIMIT) + error = copyin(args->arg2, (char *)&lla, sizeof (lla)); +#endif + if (error) + return (error); + if (len < 0) + return (EINVAL); + + rval = 0; + if (args->cmd != LEDGER_TEMPLATE_INFO) { + pid = args->arg1; + proc = proc_find(pid); + if (proc == NULL) + return (ESRCH); + +#if CONFIG_MACF + error = mac_proc_check_ledger(p, proc, args->cmd); + if (error) { + proc_rele(proc); + return (error); + } +#endif + + task = proc->task; + } + + switch (args->cmd) { +#ifdef LEDGER_DEBUG + case LEDGER_LIMIT: { + if (!kauth_cred_issuser(kauth_cred_get())) + rval = EPERM; + rval = ledger_limit(task, &lla); + proc_rele(proc); + break; + } +#endif + case LEDGER_INFO: { + struct ledger_info info; + + rval = ledger_info(task, &info); + proc_rele(proc); + if (rval == 0) + rval = copyout(&info, args->arg2, + sizeof (info)); + break; + } + + case LEDGER_ENTRY_INFO: { + void *buf; + int sz; + + rval = ledger_get_task_entry_info_multiple(task, &buf, &len); + proc_rele(proc); + if ((rval == 0) && (len > 0)) { + sz = len * sizeof (struct ledger_entry_info); + rval = copyout(buf, args->arg2, sz); + kfree(buf, sz); + } + if (rval == 0) + rval = copyout(&len, args->arg3, sizeof (len)); + break; + } + + case LEDGER_TEMPLATE_INFO: { + void *buf; + int sz; + + rval = ledger_template_info(&buf, &len); + if ((rval == 0) && (len > 0)) { + sz = len * sizeof (struct ledger_template_info); + rval = copyout(buf, args->arg1, sz); + kfree(buf, sz); + } + if (rval == 0) + rval = copyout(&len, args->arg2, sizeof (len)); + break; + } + + default: + rval = EINVAL; + } + + return (rval); +} + +#if CONFIG_TELEMETRY +int +telemetry(__unused struct proc *p, struct telemetry_args *args, __unused int32_t *retval) +{ + int error = 0; + + switch (args->cmd) { + case TELEMETRY_CMD_TIMER_EVENT: + error = telemetry_timer_event(args->deadline, args->interval, args->leeway); + break; + default: + error = EINVAL; + break; + } + + return (error); +} +#endif /* CONFIG_TELEMETRY */