2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2013 The FreeBSD Foundation
5 * Copyright (c) 2013 Mariusz Zaborski <oshogbo@FreeBSD.org>
8 * This software was developed by Pawel Jakub Dawidek under sponsorship from
9 * the FreeBSD Foundation.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <sys/select.h>
52 #include "common_impl.h"
57 #define PJDLOG_ASSERT(...) assert(__VA_ARGS__)
58 #define PJDLOG_RASSERT(expr, ...) assert(expr)
59 #define PJDLOG_ABORT(...) abort()
63 /* Linux: arbitrary size, but must be lower than SCM_MAX_FD. */
64 #define PKG_MAX_SIZE ((64U - 1) * CMSG_SPACE(sizeof(int)))
67 * To work around limitations in 32-bit emulation on 64-bit kernels, use a
68 * machine-independent limit on the number of FDs per message. Each control
69 * message contains 1 FD and requires 12 bytes for the header, 4 pad bytes,
70 * 4 bytes for the descriptor, and another 4 pad bytes.
72 #define PKG_MAX_SIZE (MCLBYTES / 24)
76 msghdr_add_fd(struct cmsghdr *cmsg, int fd)
79 PJDLOG_ASSERT(fd >= 0);
81 cmsg->cmsg_level = SOL_SOCKET;
82 cmsg->cmsg_type = SCM_RIGHTS;
83 cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
84 bcopy(&fd, CMSG_DATA(cmsg), sizeof(fd));
90 fd_wait(int fd, bool doread)
94 PJDLOG_ASSERT(fd >= 0);
98 (void)select(fd + 1, doread ? &fds : NULL, doread ? NULL : &fds,
103 msg_recv(int sock, struct msghdr *msg)
107 PJDLOG_ASSERT(sock >= 0);
109 #ifdef MSG_CMSG_CLOEXEC
110 flags = MSG_CMSG_CLOEXEC;
117 if (recvmsg(sock, msg, flags) == -1) {
129 msg_send(int sock, const struct msghdr *msg)
132 PJDLOG_ASSERT(sock >= 0);
135 fd_wait(sock, false);
136 if (sendmsg(sock, msg, 0) == -1) {
151 unsigned char credbuf[CMSG_SPACE(sizeof(struct cmsgcred))];
153 struct cmsghdr *cmsg;
157 bzero(credbuf, sizeof(credbuf));
158 bzero(&msg, sizeof(msg));
159 bzero(&iov, sizeof(iov));
162 * XXX: We send one byte along with the control message, because
163 * setting msg_iov to NULL only works if this is the first
164 * packet send over the socket. Once we send some data we
165 * won't be able to send credentials anymore. This is most
166 * likely a kernel bug.
169 iov.iov_base = &dummy;
170 iov.iov_len = sizeof(dummy);
174 msg.msg_control = credbuf;
175 msg.msg_controllen = sizeof(credbuf);
177 cmsg = CMSG_FIRSTHDR(&msg);
178 cmsg->cmsg_len = CMSG_LEN(sizeof(struct cmsgcred));
179 cmsg->cmsg_level = SOL_SOCKET;
180 cmsg->cmsg_type = SCM_CREDS;
182 if (msg_send(sock, &msg) == -1)
189 cred_recv(int sock, struct cmsgcred *cred)
191 unsigned char credbuf[CMSG_SPACE(sizeof(struct cmsgcred))];
193 struct cmsghdr *cmsg;
197 bzero(credbuf, sizeof(credbuf));
198 bzero(&msg, sizeof(msg));
199 bzero(&iov, sizeof(iov));
201 iov.iov_base = &dummy;
202 iov.iov_len = sizeof(dummy);
206 msg.msg_control = credbuf;
207 msg.msg_controllen = sizeof(credbuf);
209 if (msg_recv(sock, &msg) == -1)
212 cmsg = CMSG_FIRSTHDR(&msg);
214 cmsg->cmsg_len != CMSG_LEN(sizeof(struct cmsgcred)) ||
215 cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_CREDS) {
219 bcopy(CMSG_DATA(cmsg), cred, sizeof(*cred));
226 fd_package_send(int sock, const int *fds, size_t nfds)
229 struct cmsghdr *cmsg;
235 PJDLOG_ASSERT(sock >= 0);
236 PJDLOG_ASSERT(fds != NULL);
237 PJDLOG_ASSERT(nfds > 0);
239 bzero(&msg, sizeof(msg));
242 * XXX: Look into cred_send function for more details.
245 iov.iov_base = &dummy;
246 iov.iov_len = sizeof(dummy);
250 msg.msg_controllen = nfds * CMSG_SPACE(sizeof(int));
251 msg.msg_control = calloc(1, msg.msg_controllen);
252 if (msg.msg_control == NULL)
257 for (i = 0, cmsg = CMSG_FIRSTHDR(&msg); i < nfds && cmsg != NULL;
258 i++, cmsg = CMSG_NXTHDR(&msg, cmsg)) {
259 if (msghdr_add_fd(cmsg, fds[i]) == -1)
263 if (msg_send(sock, &msg) == -1)
269 free(msg.msg_control);
275 fd_package_recv(int sock, int *fds, size_t nfds)
278 struct cmsghdr *cmsg;
284 PJDLOG_ASSERT(sock >= 0);
285 PJDLOG_ASSERT(nfds > 0);
286 PJDLOG_ASSERT(fds != NULL);
288 bzero(&msg, sizeof(msg));
289 bzero(&iov, sizeof(iov));
292 * XXX: Look into cred_send function for more details.
294 iov.iov_base = &dummy;
295 iov.iov_len = sizeof(dummy);
299 msg.msg_controllen = nfds * CMSG_SPACE(sizeof(int));
300 msg.msg_control = calloc(1, msg.msg_controllen);
301 if (msg.msg_control == NULL)
306 if (msg_recv(sock, &msg) == -1)
310 cmsg = CMSG_FIRSTHDR(&msg);
311 while (cmsg && i < nfds) {
314 if (cmsg->cmsg_level != SOL_SOCKET ||
315 cmsg->cmsg_type != SCM_RIGHTS) {
319 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
324 bcopy(CMSG_DATA(cmsg), fds + i, sizeof(int) * n);
325 cmsg = CMSG_NXTHDR(&msg, cmsg);
329 if (cmsg != NULL || i < nfds) {
333 * We need to close all received descriptors, even if we have
334 * different control message (eg. SCM_CREDS) in between.
337 for (i = 0; i < last; i++) {
346 #ifndef MSG_CMSG_CLOEXEC
348 * If the MSG_CMSG_CLOEXEC flag is not available we cannot set the
349 * close-on-exec flag atomically, but we still want to set it for
352 for (i = 0; i < nfds; i++) {
353 (void) fcntl(fds[i], F_SETFD, FD_CLOEXEC);
360 free(msg.msg_control);
366 fd_recv(int sock, int *fds, size_t nfds)
368 unsigned int i, step, j;
371 if (nfds == 0 || fds == NULL) {
378 if (PKG_MAX_SIZE < nfds - i)
382 ret = fd_package_recv(sock, fds + i, step);
384 /* Close all received descriptors. */
386 for (j = 0; j < i; j++)
398 fd_send(int sock, const int *fds, size_t nfds)
400 unsigned int i, step;
403 if (nfds == 0 || fds == NULL) {
410 if (PKG_MAX_SIZE < nfds - i)
414 ret = fd_package_send(sock, fds + i, step);
424 buf_send(int sock, void *buf, size_t size)
429 PJDLOG_ASSERT(sock >= 0);
430 PJDLOG_ASSERT(size > 0);
431 PJDLOG_ASSERT(buf != NULL);
435 fd_wait(sock, false);
436 done = send(sock, ptr, size, 0);
441 } else if (done == 0) {
453 buf_recv(int sock, void *buf, size_t size)
458 PJDLOG_ASSERT(sock >= 0);
459 PJDLOG_ASSERT(buf != NULL);
464 done = recv(sock, ptr, size, 0);
469 } else if (done == 0) {