2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1982, 1986, 1989, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)kern_descrip.c 8.6 (Berkeley) 4/19/94
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
42 #include "opt_capsicum.h"
44 #include "opt_ktrace.h"
46 #include <sys/param.h>
47 #include <sys/systm.h>
49 #include <sys/capsicum.h>
51 #include <sys/fcntl.h>
53 #include <sys/filedesc.h>
54 #include <sys/filio.h>
56 #include <sys/kernel.h>
57 #include <sys/limits.h>
59 #include <sys/malloc.h>
60 #include <sys/mount.h>
61 #include <sys/mutex.h>
62 #include <sys/namei.h>
63 #include <sys/selinfo.h>
66 #include <sys/protosw.h>
67 #include <sys/racct.h>
68 #include <sys/resourcevar.h>
70 #include <sys/signalvar.h>
75 #include <sys/syscallsubr.h>
76 #include <sys/sysctl.h>
77 #include <sys/sysproto.h>
78 #include <sys/unistd.h>
80 #include <sys/vnode.h>
82 #include <sys/ktrace.h>
87 #include <security/audit/audit.h>
94 static MALLOC_DEFINE(M_FILEDESC, "filedesc", "Open file descriptor table");
95 static MALLOC_DEFINE(M_PWD, "pwd", "Descriptor table vnodes");
96 static MALLOC_DEFINE(M_PWDDESC, "pwddesc", "Pwd descriptors");
97 static MALLOC_DEFINE(M_FILEDESC_TO_LEADER, "filedesc_to_leader",
98 "file desc to leader structures");
99 static MALLOC_DEFINE(M_SIGIO, "sigio", "sigio structures");
100 MALLOC_DEFINE(M_FILECAPS, "filecaps", "descriptor capabilities");
102 MALLOC_DECLARE(M_FADVISE);
104 static __read_mostly uma_zone_t file_zone;
105 static __read_mostly uma_zone_t filedesc0_zone;
106 __read_mostly uma_zone_t pwd_zone;
109 static int closefp(struct filedesc *fdp, int fd, struct file *fp,
110 struct thread *td, bool holdleaders, bool audit);
111 static int fd_first_free(struct filedesc *fdp, int low, int size);
112 static void fdgrowtable(struct filedesc *fdp, int nfd);
113 static void fdgrowtable_exp(struct filedesc *fdp, int nfd);
114 static void fdunused(struct filedesc *fdp, int fd);
115 static void fdused(struct filedesc *fdp, int fd);
116 static int getmaxfd(struct thread *td);
117 static u_long *filecaps_copy_prep(const struct filecaps *src);
118 static void filecaps_copy_finish(const struct filecaps *src,
119 struct filecaps *dst, u_long *ioctls);
120 static u_long *filecaps_free_prep(struct filecaps *fcaps);
121 static void filecaps_free_finish(u_long *ioctls);
123 static struct pwd *pwd_alloc(void);
128 * - An array of open file descriptors (fd_ofiles)
129 * - An array of file flags (fd_ofileflags)
130 * - A bitmap recording which descriptors are in use (fd_map)
132 * A process starts out with NDFILE descriptors. The value of NDFILE has
133 * been selected based the historical limit of 20 open files, and an
134 * assumption that the majority of processes, especially short-lived
135 * processes like shells, will never need more.
137 * If this initial allocation is exhausted, a larger descriptor table and
138 * map are allocated dynamically, and the pointers in the process's struct
139 * filedesc are updated to point to those. This is repeated every time
140 * the process runs out of file descriptors (provided it hasn't hit its
143 * Since threads may hold references to individual descriptor table
144 * entries, the tables are never freed. Instead, they are placed on a
145 * linked list and freed only when the struct filedesc is released.
148 #define NDSLOTSIZE sizeof(NDSLOTTYPE)
149 #define NDENTRIES (NDSLOTSIZE * __CHAR_BIT)
150 #define NDSLOT(x) ((x) / NDENTRIES)
151 #define NDBIT(x) ((NDSLOTTYPE)1 << ((x) % NDENTRIES))
152 #define NDSLOTS(x) (((x) + NDENTRIES - 1) / NDENTRIES)
155 * SLIST entry used to keep track of ofiles which must be reclaimed when
159 struct fdescenttbl *ft_table;
160 SLIST_ENTRY(freetable) ft_next;
164 * Initial allocation: a filedesc structure + the head of SLIST used to
165 * keep track of old ofiles + enough space for NDFILE descriptors.
168 struct fdescenttbl0 {
170 struct filedescent fdt_ofiles[NDFILE];
174 struct filedesc fd_fd;
175 SLIST_HEAD(, freetable) fd_free;
176 struct fdescenttbl0 fd_dfiles;
177 NDSLOTTYPE fd_dmap[NDSLOTS(NDFILE)];
181 * Descriptor management.
183 static int __exclusive_cache_line openfiles; /* actual number of open files */
184 struct mtx sigio_lock; /* mtx to protect pointers to sigio */
185 void __read_mostly (*mq_fdclose)(struct thread *td, int fd, struct file *fp);
188 * If low >= size, just return low. Otherwise find the first zero bit in the
189 * given bitmap, starting at low and not exceeding size - 1. Return size if
193 fd_first_free(struct filedesc *fdp, int low, int size)
195 NDSLOTTYPE *map = fdp->fd_map;
203 if (low % NDENTRIES) {
204 mask = ~(~(NDSLOTTYPE)0 >> (NDENTRIES - (low % NDENTRIES)));
205 if ((mask &= ~map[off]) != 0UL)
206 return (off * NDENTRIES + ffsl(mask) - 1);
209 for (maxoff = NDSLOTS(size); off < maxoff; ++off)
210 if (map[off] != ~0UL)
211 return (off * NDENTRIES + ffsl(~map[off]) - 1);
216 * Find the last used fd.
218 * Call this variant if fdp can't be modified by anyone else (e.g, during exec).
219 * Otherwise use fdlastfile.
222 fdlastfile_single(struct filedesc *fdp)
224 NDSLOTTYPE *map = fdp->fd_map;
227 off = NDSLOT(fdp->fd_nfiles - 1);
228 for (minoff = NDSLOT(0); off >= minoff; --off)
230 return (off * NDENTRIES + flsl(map[off]) - 1);
235 fdlastfile(struct filedesc *fdp)
238 FILEDESC_LOCK_ASSERT(fdp);
239 return (fdlastfile_single(fdp));
243 fdisused(struct filedesc *fdp, int fd)
246 KASSERT(fd >= 0 && fd < fdp->fd_nfiles,
247 ("file descriptor %d out of range (0, %d)", fd, fdp->fd_nfiles));
249 return ((fdp->fd_map[NDSLOT(fd)] & NDBIT(fd)) != 0);
253 * Mark a file descriptor as used.
256 fdused_init(struct filedesc *fdp, int fd)
259 KASSERT(!fdisused(fdp, fd), ("fd=%d is already used", fd));
261 fdp->fd_map[NDSLOT(fd)] |= NDBIT(fd);
265 fdused(struct filedesc *fdp, int fd)
268 FILEDESC_XLOCK_ASSERT(fdp);
270 fdused_init(fdp, fd);
271 if (fd == fdp->fd_freefile)
276 * Mark a file descriptor as unused.
279 fdunused(struct filedesc *fdp, int fd)
282 FILEDESC_XLOCK_ASSERT(fdp);
284 KASSERT(fdisused(fdp, fd), ("fd=%d is already unused", fd));
285 KASSERT(fdp->fd_ofiles[fd].fde_file == NULL,
286 ("fd=%d is still in use", fd));
288 fdp->fd_map[NDSLOT(fd)] &= ~NDBIT(fd);
289 if (fd < fdp->fd_freefile)
290 fdp->fd_freefile = fd;
294 * Free a file descriptor.
296 * Avoid some work if fdp is about to be destroyed.
299 fdefree_last(struct filedescent *fde)
302 filecaps_free(&fde->fde_caps);
306 fdfree(struct filedesc *fdp, int fd)
308 struct filedescent *fde;
310 FILEDESC_XLOCK_ASSERT(fdp);
311 fde = &fdp->fd_ofiles[fd];
313 seqc_write_begin(&fde->fde_seqc);
315 fde->fde_file = NULL;
317 seqc_write_end(&fde->fde_seqc);
324 * System calls on descriptors.
326 #ifndef _SYS_SYSPROTO_H_
327 struct getdtablesize_args {
333 sys_getdtablesize(struct thread *td, struct getdtablesize_args *uap)
339 td->td_retval[0] = getmaxfd(td);
341 PROC_LOCK(td->td_proc);
342 lim = racct_get_limit(td->td_proc, RACCT_NOFILE);
343 PROC_UNLOCK(td->td_proc);
344 if (lim < td->td_retval[0])
345 td->td_retval[0] = lim;
351 * Duplicate a file descriptor to a particular value.
353 * Note: keep in mind that a potential race condition exists when closing
354 * descriptors from a shared descriptor table (via rfork).
356 #ifndef _SYS_SYSPROTO_H_
364 sys_dup2(struct thread *td, struct dup2_args *uap)
367 return (kern_dup(td, FDDUP_FIXED, 0, (int)uap->from, (int)uap->to));
371 * Duplicate a file descriptor.
373 #ifndef _SYS_SYSPROTO_H_
380 sys_dup(struct thread *td, struct dup_args *uap)
383 return (kern_dup(td, FDDUP_NORMAL, 0, (int)uap->fd, 0));
387 * The file control system call.
389 #ifndef _SYS_SYSPROTO_H_
398 sys_fcntl(struct thread *td, struct fcntl_args *uap)
401 return (kern_fcntl_freebsd(td, uap->fd, uap->cmd, uap->arg));
405 kern_fcntl_freebsd(struct thread *td, int fd, int cmd, long arg)
419 * Convert old flock structure to new.
421 error = copyin((void *)(intptr_t)arg, &ofl, sizeof(ofl));
422 fl.l_start = ofl.l_start;
423 fl.l_len = ofl.l_len;
424 fl.l_pid = ofl.l_pid;
425 fl.l_type = ofl.l_type;
426 fl.l_whence = ofl.l_whence;
440 arg1 = (intptr_t)&fl;
446 error = copyin((void *)(intptr_t)arg, &fl, sizeof(fl));
447 arg1 = (intptr_t)&fl;
455 error = kern_fcntl(td, fd, newcmd, arg1);
458 if (cmd == F_OGETLK) {
459 ofl.l_start = fl.l_start;
460 ofl.l_len = fl.l_len;
461 ofl.l_pid = fl.l_pid;
462 ofl.l_type = fl.l_type;
463 ofl.l_whence = fl.l_whence;
464 error = copyout(&ofl, (void *)(intptr_t)arg, sizeof(ofl));
465 } else if (cmd == F_GETLK) {
466 error = copyout(&fl, (void *)(intptr_t)arg, sizeof(fl));
472 kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
474 struct filedesc *fdp;
476 struct file *fp, *fp2;
477 struct filedescent *fde;
481 int error, flg, seals, tmp;
495 error = kern_dup(td, FDDUP_FCNTL, 0, fd, tmp);
498 case F_DUPFD_CLOEXEC:
500 error = kern_dup(td, FDDUP_FCNTL, FDDUP_FLAG_CLOEXEC, fd, tmp);
505 error = kern_dup(td, FDDUP_FIXED, 0, fd, tmp);
508 case F_DUP2FD_CLOEXEC:
510 error = kern_dup(td, FDDUP_FIXED, FDDUP_FLAG_CLOEXEC, fd, tmp);
516 fde = fdeget_locked(fdp, fd);
519 (fde->fde_flags & UF_EXCLOSE) ? FD_CLOEXEC : 0;
522 FILEDESC_SUNLOCK(fdp);
528 fde = fdeget_locked(fdp, fd);
530 fde->fde_flags = (fde->fde_flags & ~UF_EXCLOSE) |
531 (arg & FD_CLOEXEC ? UF_EXCLOSE : 0);
534 FILEDESC_XUNLOCK(fdp);
538 error = fget_fcntl(td, fd, &cap_fcntl_rights, F_GETFL, &fp);
541 td->td_retval[0] = OFLAGS(fp->f_flag);
546 error = fget_fcntl(td, fd, &cap_fcntl_rights, F_SETFL, &fp);
550 tmp = flg = fp->f_flag;
552 tmp |= FFLAGS(arg & ~O_ACCMODE) & FCNTLFLAGS;
553 } while(atomic_cmpset_int(&fp->f_flag, flg, tmp) == 0);
554 tmp = fp->f_flag & FNONBLOCK;
555 error = fo_ioctl(fp, FIONBIO, &tmp, td->td_ucred, td);
560 tmp = fp->f_flag & FASYNC;
561 error = fo_ioctl(fp, FIOASYNC, &tmp, td->td_ucred, td);
566 atomic_clear_int(&fp->f_flag, FNONBLOCK);
568 (void)fo_ioctl(fp, FIONBIO, &tmp, td->td_ucred, td);
573 error = fget_fcntl(td, fd, &cap_fcntl_rights, F_GETOWN, &fp);
576 error = fo_ioctl(fp, FIOGETOWN, &tmp, td->td_ucred, td);
578 td->td_retval[0] = tmp;
583 error = fget_fcntl(td, fd, &cap_fcntl_rights, F_SETOWN, &fp);
587 error = fo_ioctl(fp, FIOSETOWN, &tmp, td->td_ucred, td);
592 error = priv_check(td, PRIV_NFS_LOCKD);
600 /* FALLTHROUGH F_SETLK */
604 flp = (struct flock *)arg;
605 if ((flg & F_REMOTE) != 0 && flp->l_sysid == 0) {
610 error = fget_unlocked(fdp, fd, &cap_flock_rights, &fp);
613 if (fp->f_type != DTYPE_VNODE) {
619 if (flp->l_whence == SEEK_CUR) {
620 foffset = foffset_get(fp);
623 foffset > OFF_MAX - flp->l_start)) {
628 flp->l_start += foffset;
632 switch (flp->l_type) {
634 if ((fp->f_flag & FREAD) == 0) {
638 if ((p->p_leader->p_flag & P_ADVLOCK) == 0) {
639 PROC_LOCK(p->p_leader);
640 p->p_leader->p_flag |= P_ADVLOCK;
641 PROC_UNLOCK(p->p_leader);
643 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_SETLK,
647 if ((fp->f_flag & FWRITE) == 0) {
651 if ((p->p_leader->p_flag & P_ADVLOCK) == 0) {
652 PROC_LOCK(p->p_leader);
653 p->p_leader->p_flag |= P_ADVLOCK;
654 PROC_UNLOCK(p->p_leader);
656 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_SETLK,
660 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_UNLCK,
664 if (flg != F_REMOTE) {
668 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader,
669 F_UNLCKSYS, flp, flg);
675 if (error != 0 || flp->l_type == F_UNLCK ||
676 flp->l_type == F_UNLCKSYS) {
682 * Check for a race with close.
684 * The vnode is now advisory locked (or unlocked, but this case
685 * is not really important) as the caller requested.
686 * We had to drop the filedesc lock, so we need to recheck if
687 * the descriptor is still valid, because if it was closed
688 * in the meantime we need to remove advisory lock from the
689 * vnode - close on any descriptor leading to an advisory
690 * locked vnode, removes that lock.
691 * We will return 0 on purpose in that case, as the result of
692 * successful advisory lock might have been externally visible
693 * already. This is fine - effectively we pretend to the caller
694 * that the closing thread was a bit slower and that the
695 * advisory lock succeeded before the close.
697 error = fget_unlocked(fdp, fd, &cap_no_rights, &fp2);
703 flp->l_whence = SEEK_SET;
706 flp->l_type = F_UNLCK;
707 (void) VOP_ADVLOCK(vp, (caddr_t)p->p_leader,
708 F_UNLCK, flp, F_POSIX);
715 error = fget_unlocked(fdp, fd, &cap_flock_rights, &fp);
718 if (fp->f_type != DTYPE_VNODE) {
723 flp = (struct flock *)arg;
724 if (flp->l_type != F_RDLCK && flp->l_type != F_WRLCK &&
725 flp->l_type != F_UNLCK) {
730 if (flp->l_whence == SEEK_CUR) {
731 foffset = foffset_get(fp);
732 if ((flp->l_start > 0 &&
733 foffset > OFF_MAX - flp->l_start) ||
735 foffset < OFF_MIN - flp->l_start)) {
740 flp->l_start += foffset;
743 error = VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_GETLK, flp,
749 error = fget_unlocked(fdp, fd, &cap_no_rights, &fp);
752 error = fo_add_seals(fp, arg);
757 error = fget_unlocked(fdp, fd, &cap_no_rights, &fp);
760 if (fo_get_seals(fp, &seals) == 0)
761 td->td_retval[0] = seals;
768 arg = arg ? 128 * 1024: 0;
771 error = fget_unlocked(fdp, fd, &cap_no_rights, &fp);
774 if (fp->f_type != DTYPE_VNODE) {
780 if (vp->v_type != VREG) {
787 * Exclusive lock synchronizes against f_seqcount reads and
788 * writes in sequential_heuristic().
790 error = vn_lock(vp, LK_EXCLUSIVE);
796 bsize = fp->f_vnode->v_mount->mnt_stat.f_iosize;
797 arg = MIN(arg, INT_MAX - bsize + 1);
798 fp->f_seqcount[UIO_READ] = MIN(IO_SEQMAX,
799 (arg + bsize - 1) / bsize);
800 atomic_set_int(&fp->f_flag, FRDAHEAD);
802 atomic_clear_int(&fp->f_flag, FRDAHEAD);
810 * Check if the vnode is part of a union stack (either the
811 * "union" flag from mount(2) or unionfs).
813 * Prior to introduction of this op libc's readdir would call
814 * fstatfs(2), in effect unnecessarily copying kilobytes of
815 * data just to check fs name and a mount flag.
817 * Fixing the code to handle everything in the kernel instead
818 * is a non-trivial endeavor and has low priority, thus this
819 * horrible kludge facilitates the current behavior in a much
820 * cheaper manner until someone(tm) sorts this out.
822 error = fget_unlocked(fdp, fd, &cap_no_rights, &fp);
825 if (fp->f_type != DTYPE_VNODE) {
832 * Since we don't prevent dooming the vnode even non-null mp
833 * found can become immediately stale. This is tolerable since
834 * mount points are type-stable (providing safe memory access)
835 * and any vfs op on this vnode going forward will return an
836 * error (meaning return value in this case is meaningless).
838 mp = atomic_load_ptr(&vp->v_mount);
839 if (__predict_false(mp == NULL)) {
844 td->td_retval[0] = 0;
845 if (mp->mnt_kern_flag & MNTK_UNIONFS ||
846 mp->mnt_flag & MNT_UNION)
847 td->td_retval[0] = 1;
859 getmaxfd(struct thread *td)
862 return (min((int)lim_cur(td, RLIMIT_NOFILE), maxfilesperproc));
866 * Common code for dup, dup2, fcntl(F_DUPFD) and fcntl(F_DUP2FD).
869 kern_dup(struct thread *td, u_int mode, int flags, int old, int new)
871 struct filedesc *fdp;
872 struct filedescent *oldfde, *newfde;
874 struct file *delfp, *oldfp;
875 u_long *oioctls, *nioctls;
882 MPASS((flags & ~(FDDUP_FLAG_CLOEXEC)) == 0);
883 MPASS(mode < FDDUP_LASTMODE);
886 /* XXXRW: if (flags & FDDUP_FIXED) AUDIT_ARG_FD2(new); */
889 * Verify we have a valid descriptor to dup from and possibly to
890 * dup to. Unlike dup() and dup2(), fcntl()'s F_DUPFD should
891 * return EINVAL when the new descriptor is out of bounds.
896 return (mode == FDDUP_FCNTL ? EINVAL : EBADF);
897 maxfd = getmaxfd(td);
899 return (mode == FDDUP_FCNTL ? EINVAL : EBADF);
903 if (fget_locked(fdp, old) == NULL)
905 if ((mode == FDDUP_FIXED || mode == FDDUP_MUSTREPLACE) && old == new) {
906 td->td_retval[0] = new;
907 if (flags & FDDUP_FLAG_CLOEXEC)
908 fdp->fd_ofiles[new].fde_flags |= UF_EXCLOSE;
913 oldfde = &fdp->fd_ofiles[old];
914 oldfp = oldfde->fde_file;
919 * If the caller specified a file descriptor, make sure the file
920 * table is large enough to hold it, and grab it. Otherwise, just
921 * allocate a new descriptor the usual way.
926 if ((error = fdalloc(td, new, &new)) != 0) {
931 case FDDUP_MUSTREPLACE:
932 /* Target file descriptor must exist. */
933 if (fget_locked(fdp, new) == NULL) {
939 if (new >= fdp->fd_nfiles) {
941 * The resource limits are here instead of e.g.
942 * fdalloc(), because the file descriptor table may be
943 * shared between processes, so we can't really use
944 * racct_add()/racct_sub(). Instead of counting the
945 * number of actually allocated descriptors, just put
946 * the limit on the size of the file descriptor table.
949 if (RACCT_ENABLED()) {
950 error = racct_set_unlocked(p, RACCT_NOFILE, new + 1);
958 fdgrowtable_exp(fdp, new + 1);
960 if (!fdisused(fdp, new))
964 KASSERT(0, ("%s unsupported mode %d", __func__, mode));
967 KASSERT(old != new, ("new fd is same as old"));
969 /* Refetch oldfde because the table may have grown and old one freed. */
970 oldfde = &fdp->fd_ofiles[old];
971 KASSERT(oldfp == oldfde->fde_file,
972 ("fdt_ofiles shift from growth observed at fd %d",
975 newfde = &fdp->fd_ofiles[new];
976 delfp = newfde->fde_file;
978 nioctls = filecaps_copy_prep(&oldfde->fde_caps);
981 * Duplicate the source descriptor.
984 seqc_write_begin(&newfde->fde_seqc);
986 oioctls = filecaps_free_prep(&newfde->fde_caps);
987 memcpy(newfde, oldfde, fde_change_size);
988 filecaps_copy_finish(&oldfde->fde_caps, &newfde->fde_caps,
990 if ((flags & FDDUP_FLAG_CLOEXEC) != 0)
991 newfde->fde_flags = oldfde->fde_flags | UF_EXCLOSE;
993 newfde->fde_flags = oldfde->fde_flags & ~UF_EXCLOSE;
995 seqc_write_end(&newfde->fde_seqc);
997 td->td_retval[0] = new;
1001 if (delfp != NULL) {
1002 (void) closefp(fdp, new, delfp, td, true, false);
1003 FILEDESC_UNLOCK_ASSERT(fdp);
1006 FILEDESC_XUNLOCK(fdp);
1009 filecaps_free_finish(oioctls);
1014 sigiofree(struct sigio *sigio)
1016 crfree(sigio->sio_ucred);
1017 free(sigio, M_SIGIO);
1020 static struct sigio *
1021 funsetown_locked(struct sigio *sigio)
1026 SIGIO_ASSERT_LOCKED();
1030 *(sigio->sio_myref) = NULL;
1031 if (sigio->sio_pgid < 0) {
1032 pg = sigio->sio_pgrp;
1034 SLIST_REMOVE(&sigio->sio_pgrp->pg_sigiolst, sigio,
1035 sigio, sio_pgsigio);
1038 p = sigio->sio_proc;
1040 SLIST_REMOVE(&sigio->sio_proc->p_sigiolst, sigio,
1041 sigio, sio_pgsigio);
1048 * If sigio is on the list associated with a process or process group,
1049 * disable signalling from the device, remove sigio from the list and
1053 funsetown(struct sigio **sigiop)
1055 struct sigio *sigio;
1057 /* Racy check, consumers must provide synchronization. */
1058 if (*sigiop == NULL)
1062 sigio = funsetown_locked(*sigiop);
1069 * Free a list of sigio structures. The caller must ensure that new sigio
1070 * structures cannot be added after this point. For process groups this is
1071 * guaranteed using the proctree lock; for processes, the P_WEXIT flag serves
1075 funsetownlst(struct sigiolst *sigiolst)
1079 struct sigio *sigio, *tmp;
1082 sigio = SLIST_FIRST(sigiolst);
1090 sigio = SLIST_FIRST(sigiolst);
1091 if (sigio == NULL) {
1097 * Every entry of the list should belong to a single proc or pgrp.
1099 if (sigio->sio_pgid < 0) {
1100 pg = sigio->sio_pgrp;
1101 sx_assert(&proctree_lock, SX_XLOCKED);
1103 } else /* if (sigio->sio_pgid > 0) */ {
1104 p = sigio->sio_proc;
1106 KASSERT((p->p_flag & P_WEXIT) != 0,
1107 ("%s: process %p is not exiting", __func__, p));
1110 SLIST_FOREACH(sigio, sigiolst, sio_pgsigio) {
1111 *sigio->sio_myref = NULL;
1113 KASSERT(sigio->sio_pgid < 0,
1114 ("Proc sigio in pgrp sigio list"));
1115 KASSERT(sigio->sio_pgrp == pg,
1116 ("Bogus pgrp in sigio list"));
1117 } else /* if (p != NULL) */ {
1118 KASSERT(sigio->sio_pgid > 0,
1119 ("Pgrp sigio in proc sigio list"));
1120 KASSERT(sigio->sio_proc == p,
1121 ("Bogus proc in sigio list"));
1131 SLIST_FOREACH_SAFE(sigio, sigiolst, sio_pgsigio, tmp)
1136 * This is common code for FIOSETOWN ioctl called by fcntl(fd, F_SETOWN, arg).
1138 * After permission checking, add a sigio structure to the sigio list for
1139 * the process or process group.
1142 fsetown(pid_t pgid, struct sigio **sigiop)
1146 struct sigio *osigio, *sigio;
1156 sigio = malloc(sizeof(struct sigio), M_SIGIO, M_WAITOK);
1157 sigio->sio_pgid = pgid;
1158 sigio->sio_ucred = crhold(curthread->td_ucred);
1159 sigio->sio_myref = sigiop;
1161 sx_slock(&proctree_lock);
1163 osigio = funsetown_locked(*sigiop);
1172 * Policy - Don't allow a process to FSETOWN a process
1173 * in another session.
1175 * Remove this test to allow maximum flexibility or
1176 * restrict FSETOWN to the current process or process
1177 * group for maximum safety.
1179 if (proc->p_session != curthread->td_proc->p_session) {
1185 sigio->sio_proc = proc;
1186 SLIST_INSERT_HEAD(&proc->p_sigiolst, sigio, sio_pgsigio);
1188 } else /* if (pgid < 0) */ {
1189 pgrp = pgfind(-pgid);
1196 * Policy - Don't allow a process to FSETOWN a process
1197 * in another session.
1199 * Remove this test to allow maximum flexibility or
1200 * restrict FSETOWN to the current process or process
1201 * group for maximum safety.
1203 if (pgrp->pg_session != curthread->td_proc->p_session) {
1209 SLIST_INSERT_HEAD(&pgrp->pg_sigiolst, sigio, sio_pgsigio);
1210 sigio->sio_pgrp = pgrp;
1213 sx_sunlock(&proctree_lock);
1222 sx_sunlock(&proctree_lock);
1230 * This is common code for FIOGETOWN ioctl called by fcntl(fd, F_GETOWN, arg).
1233 fgetown(struct sigio **sigiop)
1238 pgid = (*sigiop != NULL) ? (*sigiop)->sio_pgid : 0;
1244 closefp_impl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
1249 FILEDESC_XLOCK_ASSERT(fdp);
1252 * We now hold the fp reference that used to be owned by the
1253 * descriptor array. We have to unlock the FILEDESC *AFTER*
1254 * knote_fdclose to prevent a race of the fd getting opened, a knote
1255 * added, and deleteing a knote for the new fd.
1257 if (__predict_false(!TAILQ_EMPTY(&fdp->fd_kqlist)))
1258 knote_fdclose(td, fd);
1261 * We need to notify mqueue if the object is of type mqueue.
1263 if (__predict_false(fp->f_type == DTYPE_MQUEUE))
1264 mq_fdclose(td, fd, fp);
1265 FILEDESC_XUNLOCK(fdp);
1268 if (AUDITING_TD(td) && audit)
1269 audit_sysclose(td, fd, fp);
1271 error = closef(fp, td);
1274 * All paths leading up to closefp() will have already removed or
1275 * replaced the fd in the filedesc table, so a restart would not
1276 * operate on the same file.
1278 if (error == ERESTART)
1285 closefp_hl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
1286 bool holdleaders, bool audit)
1290 FILEDESC_XLOCK_ASSERT(fdp);
1293 if (td->td_proc->p_fdtol != NULL) {
1295 * Ask fdfree() to sleep to ensure that all relevant
1296 * process leaders can be traversed in closef().
1298 fdp->fd_holdleaderscount++;
1300 holdleaders = false;
1304 error = closefp_impl(fdp, fd, fp, td, audit);
1306 FILEDESC_XLOCK(fdp);
1307 fdp->fd_holdleaderscount--;
1308 if (fdp->fd_holdleaderscount == 0 &&
1309 fdp->fd_holdleaderswakeup != 0) {
1310 fdp->fd_holdleaderswakeup = 0;
1311 wakeup(&fdp->fd_holdleaderscount);
1313 FILEDESC_XUNLOCK(fdp);
1319 closefp(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
1320 bool holdleaders, bool audit)
1323 FILEDESC_XLOCK_ASSERT(fdp);
1325 if (__predict_false(td->td_proc->p_fdtol != NULL)) {
1326 return (closefp_hl(fdp, fd, fp, td, holdleaders, audit));
1328 return (closefp_impl(fdp, fd, fp, td, audit));
1333 * Close a file descriptor.
1335 #ifndef _SYS_SYSPROTO_H_
1342 sys_close(struct thread *td, struct close_args *uap)
1345 return (kern_close(td, uap->fd));
1349 kern_close(struct thread *td, int fd)
1351 struct filedesc *fdp;
1354 fdp = td->td_proc->p_fd;
1356 FILEDESC_XLOCK(fdp);
1357 if ((fp = fget_locked(fdp, fd)) == NULL) {
1358 FILEDESC_XUNLOCK(fdp);
1363 /* closefp() drops the FILEDESC lock for us. */
1364 return (closefp(fdp, fd, fp, td, true, true));
1368 kern_close_range(struct thread *td, u_int lowfd, u_int highfd)
1370 struct filedesc *fdp;
1371 const struct fdescenttbl *fdt;
1376 * Check this prior to clamping; closefrom(3) with only fd 0, 1, and 2
1377 * open should not be a usage error. From a close_range() perspective,
1378 * close_range(3, ~0U, 0) in the same scenario should also likely not
1379 * be a usage error as all fd above 3 are in-fact already closed.
1381 if (highfd < lowfd) {
1385 fdp = td->td_proc->p_fd;
1386 FILEDESC_XLOCK(fdp);
1387 fdt = atomic_load_ptr(&fdp->fd_files);
1388 highfd = MIN(highfd, fdt->fdt_nfiles - 1);
1390 if (__predict_false(fd > highfd)) {
1394 fp = fdt->fdt_ofiles[fd].fde_file;
1400 (void) closefp(fdp, fd, fp, td, true, true);
1403 FILEDESC_XLOCK(fdp);
1404 fdt = atomic_load_ptr(&fdp->fd_files);
1409 FILEDESC_XUNLOCK(fdp);
1414 #ifndef _SYS_SYSPROTO_H_
1415 struct close_range_args {
1422 sys_close_range(struct thread *td, struct close_range_args *uap)
1425 /* No flags currently defined */
1426 if (uap->flags != 0)
1428 return (kern_close_range(td, uap->lowfd, uap->highfd));
1431 #ifdef COMPAT_FREEBSD12
1433 * Close open file descriptors.
1435 #ifndef _SYS_SYSPROTO_H_
1436 struct freebsd12_closefrom_args {
1442 freebsd12_closefrom(struct thread *td, struct freebsd12_closefrom_args *uap)
1446 AUDIT_ARG_FD(uap->lowfd);
1449 * Treat negative starting file descriptor values identical to
1450 * closefrom(0) which closes all files.
1452 lowfd = MAX(0, uap->lowfd);
1453 return (kern_close_range(td, lowfd, ~0U));
1455 #endif /* COMPAT_FREEBSD12 */
1457 #if defined(COMPAT_43)
1459 * Return status information about a file descriptor.
1461 #ifndef _SYS_SYSPROTO_H_
1462 struct ofstat_args {
1469 ofstat(struct thread *td, struct ofstat_args *uap)
1475 error = kern_fstat(td, uap->fd, &ub);
1478 error = copyout(&oub, uap->sb, sizeof(oub));
1482 #endif /* COMPAT_43 */
1484 #if defined(COMPAT_FREEBSD11)
1486 freebsd11_fstat(struct thread *td, struct freebsd11_fstat_args *uap)
1489 struct freebsd11_stat osb;
1492 error = kern_fstat(td, uap->fd, &sb);
1495 error = freebsd11_cvtstat(&sb, &osb);
1497 error = copyout(&osb, uap->sb, sizeof(osb));
1500 #endif /* COMPAT_FREEBSD11 */
1503 * Return status information about a file descriptor.
1505 #ifndef _SYS_SYSPROTO_H_
1513 sys_fstat(struct thread *td, struct fstat_args *uap)
1518 error = kern_fstat(td, uap->fd, &ub);
1520 error = copyout(&ub, uap->sb, sizeof(ub));
1525 kern_fstat(struct thread *td, int fd, struct stat *sbp)
1532 error = fget(td, fd, &cap_fstat_rights, &fp);
1533 if (__predict_false(error != 0))
1536 AUDIT_ARG_FILE(td->td_proc, fp);
1538 error = fo_stat(fp, sbp, td->td_ucred, td);
1540 #ifdef __STAT_TIME_T_EXT
1541 sbp->st_atim_ext = 0;
1542 sbp->st_mtim_ext = 0;
1543 sbp->st_ctim_ext = 0;
1544 sbp->st_btim_ext = 0;
1547 if (KTRPOINT(td, KTR_STRUCT))
1548 ktrstat_error(sbp, error);
1553 #if defined(COMPAT_FREEBSD11)
1555 * Return status information about a file descriptor.
1557 #ifndef _SYS_SYSPROTO_H_
1558 struct freebsd11_nfstat_args {
1565 freebsd11_nfstat(struct thread *td, struct freebsd11_nfstat_args *uap)
1571 error = kern_fstat(td, uap->fd, &ub);
1573 freebsd11_cvtnstat(&ub, &nub);
1574 error = copyout(&nub, uap->sb, sizeof(nub));
1578 #endif /* COMPAT_FREEBSD11 */
1581 * Return pathconf information about a file descriptor.
1583 #ifndef _SYS_SYSPROTO_H_
1584 struct fpathconf_args {
1591 sys_fpathconf(struct thread *td, struct fpathconf_args *uap)
1596 error = kern_fpathconf(td, uap->fd, uap->name, &value);
1598 td->td_retval[0] = value;
1603 kern_fpathconf(struct thread *td, int fd, int name, long *valuep)
1609 error = fget(td, fd, &cap_fpathconf_rights, &fp);
1613 if (name == _PC_ASYNC_IO) {
1614 *valuep = _POSIX_ASYNCHRONOUS_IO;
1619 vn_lock(vp, LK_SHARED | LK_RETRY);
1620 error = VOP_PATHCONF(vp, name, valuep);
1622 } else if (fp->f_type == DTYPE_PIPE || fp->f_type == DTYPE_SOCKET) {
1623 if (name != _PC_PIPE_BUF) {
1638 * Copy filecaps structure allocating memory for ioctls array if needed.
1640 * The last parameter indicates whether the fdtable is locked. If it is not and
1641 * ioctls are encountered, copying fails and the caller must lock the table.
1643 * Note that if the table was not locked, the caller has to check the relevant
1644 * sequence counter to determine whether the operation was successful.
1647 filecaps_copy(const struct filecaps *src, struct filecaps *dst, bool locked)
1651 if (src->fc_ioctls != NULL && !locked)
1653 memcpy(dst, src, sizeof(*src));
1654 if (src->fc_ioctls == NULL)
1657 KASSERT(src->fc_nioctls > 0,
1658 ("fc_ioctls != NULL, but fc_nioctls=%hd", src->fc_nioctls));
1660 size = sizeof(src->fc_ioctls[0]) * src->fc_nioctls;
1661 dst->fc_ioctls = malloc(size, M_FILECAPS, M_WAITOK);
1662 memcpy(dst->fc_ioctls, src->fc_ioctls, size);
1667 filecaps_copy_prep(const struct filecaps *src)
1672 if (__predict_true(src->fc_ioctls == NULL))
1675 KASSERT(src->fc_nioctls > 0,
1676 ("fc_ioctls != NULL, but fc_nioctls=%hd", src->fc_nioctls));
1678 size = sizeof(src->fc_ioctls[0]) * src->fc_nioctls;
1679 ioctls = malloc(size, M_FILECAPS, M_WAITOK);
1684 filecaps_copy_finish(const struct filecaps *src, struct filecaps *dst,
1690 if (__predict_true(src->fc_ioctls == NULL)) {
1691 MPASS(ioctls == NULL);
1695 size = sizeof(src->fc_ioctls[0]) * src->fc_nioctls;
1696 dst->fc_ioctls = ioctls;
1697 bcopy(src->fc_ioctls, dst->fc_ioctls, size);
1701 * Move filecaps structure to the new place and clear the old place.
1704 filecaps_move(struct filecaps *src, struct filecaps *dst)
1708 bzero(src, sizeof(*src));
1712 * Fill the given filecaps structure with full rights.
1715 filecaps_fill(struct filecaps *fcaps)
1718 CAP_ALL(&fcaps->fc_rights);
1719 fcaps->fc_ioctls = NULL;
1720 fcaps->fc_nioctls = -1;
1721 fcaps->fc_fcntls = CAP_FCNTL_ALL;
1725 * Free memory allocated within filecaps structure.
1728 filecaps_free(struct filecaps *fcaps)
1731 free(fcaps->fc_ioctls, M_FILECAPS);
1732 bzero(fcaps, sizeof(*fcaps));
1736 filecaps_free_prep(struct filecaps *fcaps)
1740 ioctls = fcaps->fc_ioctls;
1741 bzero(fcaps, sizeof(*fcaps));
1746 filecaps_free_finish(u_long *ioctls)
1749 free(ioctls, M_FILECAPS);
1753 * Validate the given filecaps structure.
1756 filecaps_validate(const struct filecaps *fcaps, const char *func)
1759 KASSERT(cap_rights_is_valid(&fcaps->fc_rights),
1760 ("%s: invalid rights", func));
1761 KASSERT((fcaps->fc_fcntls & ~CAP_FCNTL_ALL) == 0,
1762 ("%s: invalid fcntls", func));
1763 KASSERT(fcaps->fc_fcntls == 0 ||
1764 cap_rights_is_set(&fcaps->fc_rights, CAP_FCNTL),
1765 ("%s: fcntls without CAP_FCNTL", func));
1766 KASSERT(fcaps->fc_ioctls != NULL ? fcaps->fc_nioctls > 0 :
1767 (fcaps->fc_nioctls == -1 || fcaps->fc_nioctls == 0),
1768 ("%s: invalid ioctls", func));
1769 KASSERT(fcaps->fc_nioctls == 0 ||
1770 cap_rights_is_set(&fcaps->fc_rights, CAP_IOCTL),
1771 ("%s: ioctls without CAP_IOCTL", func));
1775 fdgrowtable_exp(struct filedesc *fdp, int nfd)
1779 FILEDESC_XLOCK_ASSERT(fdp);
1781 nfd1 = fdp->fd_nfiles * 2;
1784 fdgrowtable(fdp, nfd1);
1788 * Grow the file table to accommodate (at least) nfd descriptors.
1791 fdgrowtable(struct filedesc *fdp, int nfd)
1793 struct filedesc0 *fdp0;
1794 struct freetable *ft;
1795 struct fdescenttbl *ntable;
1796 struct fdescenttbl *otable;
1797 int nnfiles, onfiles;
1798 NDSLOTTYPE *nmap, *omap;
1800 KASSERT(fdp->fd_nfiles > 0, ("zero-length file table"));
1802 /* save old values */
1803 onfiles = fdp->fd_nfiles;
1804 otable = fdp->fd_files;
1807 /* compute the size of the new table */
1808 nnfiles = NDSLOTS(nfd) * NDENTRIES; /* round up */
1809 if (nnfiles <= onfiles)
1810 /* the table is already large enough */
1814 * Allocate a new table. We need enough space for the number of
1815 * entries, file entries themselves and the struct freetable we will use
1816 * when we decommission the table and place it on the freelist.
1817 * We place the struct freetable in the middle so we don't have
1818 * to worry about padding.
1820 ntable = malloc(offsetof(struct fdescenttbl, fdt_ofiles) +
1821 nnfiles * sizeof(ntable->fdt_ofiles[0]) +
1822 sizeof(struct freetable),
1823 M_FILEDESC, M_ZERO | M_WAITOK);
1824 /* copy the old data */
1825 ntable->fdt_nfiles = nnfiles;
1826 memcpy(ntable->fdt_ofiles, otable->fdt_ofiles,
1827 onfiles * sizeof(ntable->fdt_ofiles[0]));
1830 * Allocate a new map only if the old is not large enough. It will
1831 * grow at a slower rate than the table as it can map more
1832 * entries than the table can hold.
1834 if (NDSLOTS(nnfiles) > NDSLOTS(onfiles)) {
1835 nmap = malloc(NDSLOTS(nnfiles) * NDSLOTSIZE, M_FILEDESC,
1837 /* copy over the old data and update the pointer */
1838 memcpy(nmap, omap, NDSLOTS(onfiles) * sizeof(*omap));
1843 * Make sure that ntable is correctly initialized before we replace
1844 * fd_files poiner. Otherwise fget_unlocked() may see inconsistent
1847 atomic_store_rel_ptr((volatile void *)&fdp->fd_files, (uintptr_t)ntable);
1850 * Free the old file table when not shared by other threads or processes.
1851 * The old file table is considered to be shared when either are true:
1852 * - The process has more than one thread.
1853 * - The file descriptor table has been shared via fdshare().
1855 * When shared, the old file table will be placed on a freelist
1856 * which will be processed when the struct filedesc is released.
1858 * Note that if onfiles == NDFILE, we're dealing with the original
1859 * static allocation contained within (struct filedesc0 *)fdp,
1860 * which must not be freed.
1862 if (onfiles > NDFILE) {
1863 if (curproc->p_numthreads == 1 &&
1864 refcount_load(&fdp->fd_refcnt) == 1)
1865 free(otable, M_FILEDESC);
1867 ft = (struct freetable *)&otable->fdt_ofiles[onfiles];
1868 fdp0 = (struct filedesc0 *)fdp;
1869 ft->ft_table = otable;
1870 SLIST_INSERT_HEAD(&fdp0->fd_free, ft, ft_next);
1874 * The map does not have the same possibility of threads still
1875 * holding references to it. So always free it as long as it
1876 * does not reference the original static allocation.
1878 if (NDSLOTS(onfiles) > NDSLOTS(NDFILE))
1879 free(omap, M_FILEDESC);
1883 * Allocate a file descriptor for the process.
1886 fdalloc(struct thread *td, int minfd, int *result)
1888 struct proc *p = td->td_proc;
1889 struct filedesc *fdp = p->p_fd;
1890 int fd, maxfd, allocfd;
1895 FILEDESC_XLOCK_ASSERT(fdp);
1897 if (fdp->fd_freefile > minfd)
1898 minfd = fdp->fd_freefile;
1900 maxfd = getmaxfd(td);
1903 * Search the bitmap for a free descriptor starting at minfd.
1904 * If none is found, grow the file table.
1906 fd = fd_first_free(fdp, minfd, fdp->fd_nfiles);
1907 if (__predict_false(fd >= maxfd))
1909 if (__predict_false(fd >= fdp->fd_nfiles)) {
1910 allocfd = min(fd * 2, maxfd);
1912 if (RACCT_ENABLED()) {
1913 error = racct_set_unlocked(p, RACCT_NOFILE, allocfd);
1919 * fd is already equal to first free descriptor >= minfd, so
1920 * we only need to grow the table and we are done.
1922 fdgrowtable_exp(fdp, allocfd);
1926 * Perform some sanity checks, then mark the file descriptor as
1927 * used and return it to the caller.
1929 KASSERT(fd >= 0 && fd < min(maxfd, fdp->fd_nfiles),
1930 ("invalid descriptor %d", fd));
1931 KASSERT(!fdisused(fdp, fd),
1932 ("fd_first_free() returned non-free descriptor"));
1933 KASSERT(fdp->fd_ofiles[fd].fde_file == NULL,
1934 ("file descriptor isn't free"));
1941 * Allocate n file descriptors for the process.
1944 fdallocn(struct thread *td, int minfd, int *fds, int n)
1946 struct proc *p = td->td_proc;
1947 struct filedesc *fdp = p->p_fd;
1950 FILEDESC_XLOCK_ASSERT(fdp);
1952 for (i = 0; i < n; i++)
1953 if (fdalloc(td, 0, &fds[i]) != 0)
1957 for (i--; i >= 0; i--)
1958 fdunused(fdp, fds[i]);
1966 * Create a new open file structure and allocate a file descriptor for the
1967 * process that refers to it. We add one reference to the file for the
1968 * descriptor table and one reference for resultfp. This is to prevent us
1969 * being preempted and the entry in the descriptor table closed after we
1970 * release the FILEDESC lock.
1973 falloc_caps(struct thread *td, struct file **resultfp, int *resultfd, int flags,
1974 struct filecaps *fcaps)
1979 MPASS(resultfp != NULL);
1980 MPASS(resultfd != NULL);
1982 error = _falloc_noinstall(td, &fp, 2);
1983 if (__predict_false(error != 0)) {
1987 error = finstall_refed(td, fp, &fd, flags, fcaps);
1988 if (__predict_false(error != 0)) {
1989 falloc_abort(td, fp);
2000 * Create a new open file structure without allocating a file descriptor.
2003 _falloc_noinstall(struct thread *td, struct file **resultfp, u_int n)
2006 int maxuserfiles = maxfiles - (maxfiles / 20);
2008 static struct timeval lastfail;
2011 KASSERT(resultfp != NULL, ("%s: resultfp == NULL", __func__));
2014 openfiles_new = atomic_fetchadd_int(&openfiles, 1) + 1;
2015 if ((openfiles_new >= maxuserfiles &&
2016 priv_check(td, PRIV_MAXFILES) != 0) ||
2017 openfiles_new >= maxfiles) {
2018 atomic_subtract_int(&openfiles, 1);
2019 if (ppsratecheck(&lastfail, &curfail, 1)) {
2020 printf("kern.maxfiles limit exceeded by uid %i, (%s) "
2021 "please see tuning(7).\n", td->td_ucred->cr_ruid, td->td_proc->p_comm);
2025 fp = uma_zalloc(file_zone, M_WAITOK);
2026 bzero(fp, sizeof(*fp));
2027 refcount_init(&fp->f_count, n);
2028 fp->f_cred = crhold(td->td_ucred);
2029 fp->f_ops = &badfileops;
2035 falloc_abort(struct thread *td, struct file *fp)
2039 * For assertion purposes.
2041 refcount_init(&fp->f_count, 0);
2046 * Install a file in a file descriptor table.
2049 _finstall(struct filedesc *fdp, struct file *fp, int fd, int flags,
2050 struct filecaps *fcaps)
2052 struct filedescent *fde;
2056 filecaps_validate(fcaps, __func__);
2057 FILEDESC_XLOCK_ASSERT(fdp);
2059 fde = &fdp->fd_ofiles[fd];
2061 seqc_write_begin(&fde->fde_seqc);
2064 fde->fde_flags = (flags & O_CLOEXEC) != 0 ? UF_EXCLOSE : 0;
2066 filecaps_move(fcaps, &fde->fde_caps);
2068 filecaps_fill(&fde->fde_caps);
2070 seqc_write_end(&fde->fde_seqc);
2075 finstall_refed(struct thread *td, struct file *fp, int *fd, int flags,
2076 struct filecaps *fcaps)
2078 struct filedesc *fdp = td->td_proc->p_fd;
2083 FILEDESC_XLOCK(fdp);
2084 error = fdalloc(td, 0, fd);
2085 if (__predict_true(error == 0)) {
2086 _finstall(fdp, fp, *fd, flags, fcaps);
2088 FILEDESC_XUNLOCK(fdp);
2093 finstall(struct thread *td, struct file *fp, int *fd, int flags,
2094 struct filecaps *fcaps)
2102 error = finstall_refed(td, fp, fd, flags, fcaps);
2103 if (__predict_false(error != 0)) {
2110 * Build a new filedesc structure from another.
2112 * If fdp is not NULL, return with it shared locked.
2115 fdinit(struct filedesc *fdp, bool prepfiles, int *lastfile)
2117 struct filedesc0 *newfdp0;
2118 struct filedesc *newfdp;
2121 MPASS(lastfile != NULL);
2123 MPASS(lastfile == NULL);
2125 newfdp0 = uma_zalloc(filedesc0_zone, M_WAITOK | M_ZERO);
2126 newfdp = &newfdp0->fd_fd;
2128 /* Create the file descriptor table. */
2129 FILEDESC_LOCK_INIT(newfdp);
2130 refcount_init(&newfdp->fd_refcnt, 1);
2131 refcount_init(&newfdp->fd_holdcnt, 1);
2132 newfdp->fd_map = newfdp0->fd_dmap;
2133 newfdp->fd_files = (struct fdescenttbl *)&newfdp0->fd_dfiles;
2134 newfdp->fd_files->fdt_nfiles = NDFILE;
2139 FILEDESC_SLOCK(fdp);
2141 FILEDESC_SUNLOCK(fdp);
2146 *lastfile = fdlastfile(fdp);
2147 if (*lastfile < newfdp->fd_nfiles)
2149 FILEDESC_SUNLOCK(fdp);
2150 fdgrowtable(newfdp, *lastfile + 1);
2151 FILEDESC_SLOCK(fdp);
2158 * Build a pwddesc structure from another.
2159 * Copy the current, root, and jail root vnode references.
2161 * If pdp is not NULL, return with it shared locked.
2164 pdinit(struct pwddesc *pdp, bool keeplock)
2166 struct pwddesc *newpdp;
2169 newpdp = malloc(sizeof(*newpdp), M_PWDDESC, M_WAITOK | M_ZERO);
2171 PWDDESC_LOCK_INIT(newpdp);
2172 refcount_init(&newpdp->pd_refcount, 1);
2173 newpdp->pd_cmask = CMASK;
2176 newpwd = pwd_alloc();
2177 smr_serialized_store(&newpdp->pd_pwd, newpwd, true);
2182 newpwd = pwd_hold_pwddesc(pdp);
2183 smr_serialized_store(&newpdp->pd_pwd, newpwd, true);
2185 PWDDESC_XUNLOCK(pdp);
2189 static struct filedesc *
2190 fdhold(struct proc *p)
2192 struct filedesc *fdp;
2194 PROC_LOCK_ASSERT(p, MA_OWNED);
2197 refcount_acquire(&fdp->fd_holdcnt);
2201 static struct pwddesc *
2202 pdhold(struct proc *p)
2204 struct pwddesc *pdp;
2206 PROC_LOCK_ASSERT(p, MA_OWNED);
2209 refcount_acquire(&pdp->pd_refcount);
2214 fddrop(struct filedesc *fdp)
2217 if (refcount_load(&fdp->fd_holdcnt) > 1) {
2218 if (refcount_release(&fdp->fd_holdcnt) == 0)
2222 FILEDESC_LOCK_DESTROY(fdp);
2223 uma_zfree(filedesc0_zone, fdp);
2227 pddrop(struct pwddesc *pdp)
2231 if (refcount_release_if_not_last(&pdp->pd_refcount))
2235 if (refcount_release(&pdp->pd_refcount) == 0) {
2236 PWDDESC_XUNLOCK(pdp);
2239 pwd = PWDDESC_XLOCKED_LOAD_PWD(pdp);
2241 PWDDESC_XUNLOCK(pdp);
2244 PWDDESC_LOCK_DESTROY(pdp);
2245 free(pdp, M_PWDDESC);
2249 * Share a filedesc structure.
2252 fdshare(struct filedesc *fdp)
2255 refcount_acquire(&fdp->fd_refcnt);
2260 * Share a pwddesc structure.
2263 pdshare(struct pwddesc *pdp)
2265 refcount_acquire(&pdp->pd_refcount);
2270 * Unshare a filedesc structure, if necessary by making a copy
2273 fdunshare(struct thread *td)
2275 struct filedesc *tmp;
2276 struct proc *p = td->td_proc;
2278 if (refcount_load(&p->p_fd->fd_refcnt) == 1)
2281 tmp = fdcopy(p->p_fd);
2287 * Unshare a pwddesc structure.
2290 pdunshare(struct thread *td)
2292 struct pwddesc *pdp;
2297 if (p->p_pd->pd_refcount == 1)
2300 pdp = pdcopy(p->p_pd);
2306 fdinstall_remapped(struct thread *td, struct filedesc *fdp)
2310 td->td_proc->p_fd = fdp;
2314 * Copy a filedesc structure. A NULL pointer in returns a NULL reference,
2315 * this is to ease callers, not catch errors.
2318 fdcopy(struct filedesc *fdp)
2320 struct filedesc *newfdp;
2321 struct filedescent *nfde, *ofde;
2326 newfdp = fdinit(fdp, true, &lastfile);
2327 /* copy all passable descriptors (i.e. not kqueue) */
2328 newfdp->fd_freefile = -1;
2329 for (i = 0; i <= lastfile; ++i) {
2330 ofde = &fdp->fd_ofiles[i];
2331 if (ofde->fde_file == NULL ||
2332 (ofde->fde_file->f_ops->fo_flags & DFLAG_PASSABLE) == 0 ||
2333 !fhold(ofde->fde_file)) {
2334 if (newfdp->fd_freefile == -1)
2335 newfdp->fd_freefile = i;
2338 nfde = &newfdp->fd_ofiles[i];
2340 filecaps_copy(&ofde->fde_caps, &nfde->fde_caps, true);
2341 fdused_init(newfdp, i);
2343 if (newfdp->fd_freefile == -1)
2344 newfdp->fd_freefile = i;
2345 FILEDESC_SUNLOCK(fdp);
2350 * Copy a pwddesc structure.
2353 pdcopy(struct pwddesc *pdp)
2355 struct pwddesc *newpdp;
2359 newpdp = pdinit(pdp, true);
2360 newpdp->pd_cmask = pdp->pd_cmask;
2361 PWDDESC_XUNLOCK(pdp);
2366 * Copies a filedesc structure, while remapping all file descriptors
2367 * stored inside using a translation table.
2369 * File descriptors are copied over to the new file descriptor table,
2370 * regardless of whether the close-on-exec flag is set.
2373 fdcopy_remapped(struct filedesc *fdp, const int *fds, size_t nfds,
2374 struct filedesc **ret)
2376 struct filedesc *newfdp;
2377 struct filedescent *nfde, *ofde;
2378 int error, i, lastfile;
2382 newfdp = fdinit(fdp, true, &lastfile);
2383 if (nfds > lastfile + 1) {
2384 /* New table cannot be larger than the old one. */
2388 /* Copy all passable descriptors (i.e. not kqueue). */
2389 newfdp->fd_freefile = nfds;
2390 for (i = 0; i < nfds; ++i) {
2391 if (fds[i] < 0 || fds[i] > lastfile) {
2392 /* File descriptor out of bounds. */
2396 ofde = &fdp->fd_ofiles[fds[i]];
2397 if (ofde->fde_file == NULL) {
2398 /* Unused file descriptor. */
2402 if ((ofde->fde_file->f_ops->fo_flags & DFLAG_PASSABLE) == 0) {
2403 /* File descriptor cannot be passed. */
2407 if (!fhold(ofde->fde_file)) {
2411 nfde = &newfdp->fd_ofiles[i];
2413 filecaps_copy(&ofde->fde_caps, &nfde->fde_caps, true);
2414 fdused_init(newfdp, i);
2416 FILEDESC_SUNLOCK(fdp);
2420 FILEDESC_SUNLOCK(fdp);
2421 fdescfree_remapped(newfdp);
2426 * Clear POSIX style locks. This is only used when fdp looses a reference (i.e.
2427 * one of processes using it exits) and the table used to be shared.
2430 fdclearlocks(struct thread *td)
2432 struct filedesc *fdp;
2433 struct filedesc_to_leader *fdtol;
2443 MPASS(fdtol != NULL);
2445 FILEDESC_XLOCK(fdp);
2446 KASSERT(fdtol->fdl_refcount > 0,
2447 ("filedesc_to_refcount botch: fdl_refcount=%d",
2448 fdtol->fdl_refcount));
2449 if (fdtol->fdl_refcount == 1 &&
2450 (p->p_leader->p_flag & P_ADVLOCK) != 0) {
2451 lastfile = fdlastfile(fdp);
2452 for (i = 0; i <= lastfile; i++) {
2453 fp = fdp->fd_ofiles[i].fde_file;
2454 if (fp == NULL || fp->f_type != DTYPE_VNODE ||
2457 FILEDESC_XUNLOCK(fdp);
2458 lf.l_whence = SEEK_SET;
2461 lf.l_type = F_UNLCK;
2463 (void) VOP_ADVLOCK(vp,
2464 (caddr_t)p->p_leader, F_UNLCK,
2466 FILEDESC_XLOCK(fdp);
2471 if (fdtol->fdl_refcount == 1) {
2472 if (fdp->fd_holdleaderscount > 0 &&
2473 (p->p_leader->p_flag & P_ADVLOCK) != 0) {
2475 * close() or kern_dup() has cleared a reference
2476 * in a shared file descriptor table.
2478 fdp->fd_holdleaderswakeup = 1;
2479 sx_sleep(&fdp->fd_holdleaderscount,
2480 FILEDESC_LOCK(fdp), PLOCK, "fdlhold", 0);
2483 if (fdtol->fdl_holdcount > 0) {
2485 * Ensure that fdtol->fdl_leader remains
2486 * valid in closef().
2488 fdtol->fdl_wakeup = 1;
2489 sx_sleep(fdtol, FILEDESC_LOCK(fdp), PLOCK,
2494 fdtol->fdl_refcount--;
2495 if (fdtol->fdl_refcount == 0 &&
2496 fdtol->fdl_holdcount == 0) {
2497 fdtol->fdl_next->fdl_prev = fdtol->fdl_prev;
2498 fdtol->fdl_prev->fdl_next = fdtol->fdl_next;
2502 FILEDESC_XUNLOCK(fdp);
2504 free(fdtol, M_FILEDESC_TO_LEADER);
2508 * Release a filedesc structure.
2511 fdescfree_fds(struct thread *td, struct filedesc *fdp, bool needclose)
2513 struct filedesc0 *fdp0;
2514 struct freetable *ft, *tft;
2515 struct filedescent *fde;
2519 KASSERT(refcount_load(&fdp->fd_refcnt) == 0,
2520 ("%s: fd table %p carries references", __func__, fdp));
2523 * Serialize with threads iterating over the table, if any.
2525 if (refcount_load(&fdp->fd_holdcnt) > 1) {
2526 FILEDESC_XLOCK(fdp);
2527 FILEDESC_XUNLOCK(fdp);
2530 lastfile = fdlastfile_single(fdp);
2531 for (i = 0; i <= lastfile; i++) {
2532 fde = &fdp->fd_ofiles[i];
2537 (void) closef(fp, td);
2543 if (NDSLOTS(fdp->fd_nfiles) > NDSLOTS(NDFILE))
2544 free(fdp->fd_map, M_FILEDESC);
2545 if (fdp->fd_nfiles > NDFILE)
2546 free(fdp->fd_files, M_FILEDESC);
2548 fdp0 = (struct filedesc0 *)fdp;
2549 SLIST_FOREACH_SAFE(ft, &fdp0->fd_free, ft_next, tft)
2550 free(ft->ft_table, M_FILEDESC);
2556 fdescfree(struct thread *td)
2559 struct filedesc *fdp;
2566 if (RACCT_ENABLED())
2567 racct_set_unlocked(p, RACCT_NOFILE, 0);
2570 if (p->p_fdtol != NULL)
2577 if (refcount_release(&fdp->fd_refcnt) == 0)
2580 fdescfree_fds(td, fdp, 1);
2584 pdescfree(struct thread *td)
2587 struct pwddesc *pdp;
2601 fdescfree_remapped(struct filedesc *fdp)
2604 /* fdescfree_fds() asserts that fd_refcnt == 0. */
2605 if (!refcount_release(&fdp->fd_refcnt))
2606 panic("%s: fd table %p has extra references", __func__, fdp);
2608 fdescfree_fds(curthread, fdp, 0);
2612 * For setugid programs, we don't want to people to use that setugidness
2613 * to generate error messages which write to a file which otherwise would
2614 * otherwise be off-limits to the process. We check for filesystems where
2615 * the vnode can change out from under us after execve (like [lin]procfs).
2617 * Since fdsetugidsafety calls this only for fd 0, 1 and 2, this check is
2618 * sufficient. We also don't check for setugidness since we know we are.
2621 is_unsafe(struct file *fp)
2625 if (fp->f_type != DTYPE_VNODE)
2629 return ((vp->v_vflag & VV_PROCDEP) != 0);
2633 * Make this setguid thing safe, if at all possible.
2636 fdsetugidsafety(struct thread *td)
2638 struct filedesc *fdp;
2642 fdp = td->td_proc->p_fd;
2643 KASSERT(refcount_load(&fdp->fd_refcnt) == 1,
2644 ("the fdtable should not be shared"));
2645 MPASS(fdp->fd_nfiles >= 3);
2646 for (i = 0; i <= 2; i++) {
2647 fp = fdp->fd_ofiles[i].fde_file;
2648 if (fp != NULL && is_unsafe(fp)) {
2649 FILEDESC_XLOCK(fdp);
2650 knote_fdclose(td, i);
2652 * NULL-out descriptor prior to close to avoid
2653 * a race while close blocks.
2656 FILEDESC_XUNLOCK(fdp);
2657 (void) closef(fp, td);
2663 * If a specific file object occupies a specific file descriptor, close the
2664 * file descriptor entry and drop a reference on the file object. This is a
2665 * convenience function to handle a subsequent error in a function that calls
2666 * falloc() that handles the race that another thread might have closed the
2667 * file descriptor out from under the thread creating the file object.
2670 fdclose(struct thread *td, struct file *fp, int idx)
2672 struct filedesc *fdp = td->td_proc->p_fd;
2674 FILEDESC_XLOCK(fdp);
2675 if (fdp->fd_ofiles[idx].fde_file == fp) {
2677 FILEDESC_XUNLOCK(fdp);
2680 FILEDESC_XUNLOCK(fdp);
2684 * Close any files on exec?
2687 fdcloseexec(struct thread *td)
2689 struct filedesc *fdp;
2690 struct filedescent *fde;
2694 fdp = td->td_proc->p_fd;
2695 KASSERT(refcount_load(&fdp->fd_refcnt) == 1,
2696 ("the fdtable should not be shared"));
2697 lastfile = fdlastfile_single(fdp);
2698 for (i = 0; i <= lastfile; i++) {
2699 fde = &fdp->fd_ofiles[i];
2701 if (fp != NULL && (fp->f_type == DTYPE_MQUEUE ||
2702 (fde->fde_flags & UF_EXCLOSE))) {
2703 FILEDESC_XLOCK(fdp);
2705 (void) closefp(fdp, i, fp, td, false, false);
2706 FILEDESC_UNLOCK_ASSERT(fdp);
2712 * It is unsafe for set[ug]id processes to be started with file
2713 * descriptors 0..2 closed, as these descriptors are given implicit
2714 * significance in the Standard C library. fdcheckstd() will create a
2715 * descriptor referencing /dev/null for each of stdin, stdout, and
2716 * stderr that is not already open.
2719 fdcheckstd(struct thread *td)
2721 struct filedesc *fdp;
2723 int i, error, devnull;
2725 fdp = td->td_proc->p_fd;
2726 KASSERT(refcount_load(&fdp->fd_refcnt) == 1,
2727 ("the fdtable should not be shared"));
2728 MPASS(fdp->fd_nfiles >= 3);
2730 for (i = 0; i <= 2; i++) {
2731 if (fdp->fd_ofiles[i].fde_file != NULL)
2734 save = td->td_retval[0];
2735 if (devnull != -1) {
2736 error = kern_dup(td, FDDUP_FIXED, 0, devnull, i);
2738 error = kern_openat(td, AT_FDCWD, "/dev/null",
2739 UIO_SYSSPACE, O_RDWR, 0);
2741 devnull = td->td_retval[0];
2742 KASSERT(devnull == i, ("we didn't get our fd"));
2745 td->td_retval[0] = save;
2753 * Internal form of close. Decrement reference count on file structure.
2754 * Note: td may be NULL when closing a file that was being passed in a
2758 closef(struct file *fp, struct thread *td)
2762 struct filedesc_to_leader *fdtol;
2763 struct filedesc *fdp;
2768 * POSIX record locking dictates that any close releases ALL
2769 * locks owned by this process. This is handled by setting
2770 * a flag in the unlock to free ONLY locks obeying POSIX
2771 * semantics, and not to free BSD-style file locks.
2772 * If the descriptor was in a message, POSIX-style locks
2773 * aren't passed with the descriptor, and the thread pointer
2774 * will be NULL. Callers should be careful only to pass a
2775 * NULL thread pointer when there really is no owning
2776 * context that might have locks, or the locks will be
2779 if (fp->f_type == DTYPE_VNODE) {
2781 if ((td->td_proc->p_leader->p_flag & P_ADVLOCK) != 0) {
2782 lf.l_whence = SEEK_SET;
2785 lf.l_type = F_UNLCK;
2786 (void) VOP_ADVLOCK(vp, (caddr_t)td->td_proc->p_leader,
2787 F_UNLCK, &lf, F_POSIX);
2789 fdtol = td->td_proc->p_fdtol;
2790 if (fdtol != NULL) {
2792 * Handle special case where file descriptor table is
2793 * shared between multiple process leaders.
2795 fdp = td->td_proc->p_fd;
2796 FILEDESC_XLOCK(fdp);
2797 for (fdtol = fdtol->fdl_next;
2798 fdtol != td->td_proc->p_fdtol;
2799 fdtol = fdtol->fdl_next) {
2800 if ((fdtol->fdl_leader->p_flag &
2803 fdtol->fdl_holdcount++;
2804 FILEDESC_XUNLOCK(fdp);
2805 lf.l_whence = SEEK_SET;
2808 lf.l_type = F_UNLCK;
2810 (void) VOP_ADVLOCK(vp,
2811 (caddr_t)fdtol->fdl_leader, F_UNLCK, &lf,
2813 FILEDESC_XLOCK(fdp);
2814 fdtol->fdl_holdcount--;
2815 if (fdtol->fdl_holdcount == 0 &&
2816 fdtol->fdl_wakeup != 0) {
2817 fdtol->fdl_wakeup = 0;
2821 FILEDESC_XUNLOCK(fdp);
2824 return (fdrop_close(fp, td));
2828 * Hack for file descriptor passing code.
2831 closef_nothread(struct file *fp)
2838 * Initialize the file pointer with the specified properties.
2840 * The ops are set with release semantics to be certain that the flags, type,
2841 * and data are visible when ops is. This is to prevent ops methods from being
2842 * called with bad data.
2845 finit(struct file *fp, u_int flag, short type, void *data, struct fileops *ops)
2850 atomic_store_rel_ptr((volatile uintptr_t *)&fp->f_ops, (uintptr_t)ops);
2854 finit_vnode(struct file *fp, u_int flag, void *data, struct fileops *ops)
2856 fp->f_seqcount[UIO_READ] = 1;
2857 fp->f_seqcount[UIO_WRITE] = 1;
2858 finit(fp, (flag & FMASK) | (fp->f_flag & FHASLOCK), DTYPE_VNODE,
2863 fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
2864 struct file **fpp, struct filecaps *havecapsp)
2866 struct filedescent *fde;
2869 FILEDESC_LOCK_ASSERT(fdp);
2871 fde = fdeget_locked(fdp, fd);
2878 error = cap_check(cap_rights_fde_inline(fde), needrightsp);
2883 if (havecapsp != NULL)
2884 filecaps_copy(&fde->fde_caps, havecapsp, true);
2886 *fpp = fde->fde_file;
2894 fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
2895 struct file **fpp, struct filecaps *havecapsp)
2897 struct filedesc *fdp = td->td_proc->p_fd;
2899 #ifndef CAPABILITIES
2900 error = fget_unlocked(fdp, fd, needrightsp, fpp);
2901 if (havecapsp != NULL && error == 0)
2902 filecaps_fill(havecapsp);
2909 error = fget_unlocked_seq(fdp, fd, needrightsp, &fp, &seq);
2913 if (havecapsp != NULL) {
2914 if (!filecaps_copy(&fdp->fd_ofiles[fd].fde_caps,
2915 havecapsp, false)) {
2921 if (!fd_modified(fdp, fd, seq))
2930 FILEDESC_SLOCK(fdp);
2931 error = fget_cap_locked(fdp, fd, needrightsp, fpp, havecapsp);
2932 if (error == 0 && !fhold(*fpp))
2934 FILEDESC_SUNLOCK(fdp);
2941 fgetvp_lookup_smr(int fd, struct nameidata *ndp, struct vnode **vpp, bool *fsearch)
2943 const struct filedescent *fde;
2944 const struct fdescenttbl *fdt;
2945 struct filedesc *fdp;
2948 const cap_rights_t *haverights;
2949 cap_rights_t rights;
2952 VFS_SMR_ASSERT_ENTERED();
2954 rights = *ndp->ni_rightsneeded;
2955 cap_rights_set_one(&rights, CAP_LOOKUP);
2957 fdp = curproc->p_fd;
2958 fdt = fdp->fd_files;
2959 if (__predict_false((u_int)fd >= fdt->fdt_nfiles))
2961 seq = seqc_read_notmodify(fd_seqc(fdt, fd));
2962 fde = &fdt->fdt_ofiles[fd];
2963 haverights = cap_rights_fde_inline(fde);
2965 if (__predict_false(fp == NULL))
2967 if (__predict_false(cap_check_inline_transient(haverights, &rights)))
2969 *fsearch = ((fp->f_flag & FSEARCH) != 0);
2971 if (__predict_false(vp == NULL || vp->v_type != VDIR)) {
2974 if (!filecaps_copy(&fde->fde_caps, &ndp->ni_filecaps, false)) {
2978 * Use an acquire barrier to force re-reading of fdt so it is
2979 * refreshed for verification.
2981 atomic_thread_fence_acq();
2982 fdt = fdp->fd_files;
2983 if (__predict_false(!seqc_consistent_nomb(fd_seqc(fdt, fd), seq)))
2986 * If file descriptor doesn't have all rights,
2987 * all lookups relative to it must also be
2988 * strictly relative.
2990 * Not yet supported by fast path.
2993 if (!cap_rights_contains(&ndp->ni_filecaps.fc_rights, &rights) ||
2994 ndp->ni_filecaps.fc_fcntls != CAP_FCNTL_ALL ||
2995 ndp->ni_filecaps.fc_nioctls != -1) {
2997 ndp->ni_lcf |= NI_LCF_STRICTRELATIVE;
3007 fgetvp_lookup_smr(int fd, struct nameidata *ndp, struct vnode **vpp, bool *fsearch)
3009 const struct fdescenttbl *fdt;
3010 struct filedesc *fdp;
3014 VFS_SMR_ASSERT_ENTERED();
3016 fdp = curproc->p_fd;
3017 fdt = fdp->fd_files;
3018 if (__predict_false((u_int)fd >= fdt->fdt_nfiles))
3020 fp = fdt->fdt_ofiles[fd].fde_file;
3021 if (__predict_false(fp == NULL))
3023 *fsearch = ((fp->f_flag & FSEARCH) != 0);
3025 if (__predict_false(vp == NULL || vp->v_type != VDIR)) {
3029 * Use an acquire barrier to force re-reading of fdt so it is
3030 * refreshed for verification.
3032 atomic_thread_fence_acq();
3033 fdt = fdp->fd_files;
3034 if (__predict_false(fp != fdt->fdt_ofiles[fd].fde_file))
3036 filecaps_fill(&ndp->ni_filecaps);
3043 fget_unlocked_seq(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
3044 struct file **fpp, seqc_t *seqp)
3047 const struct filedescent *fde;
3049 const struct fdescenttbl *fdt;
3053 cap_rights_t haverights;
3057 fdt = fdp->fd_files;
3058 if (__predict_false((u_int)fd >= fdt->fdt_nfiles))
3061 * Fetch the descriptor locklessly. We avoid fdrop() races by
3062 * never raising a refcount above 0. To accomplish this we have
3063 * to use a cmpset loop rather than an atomic_add. The descriptor
3064 * must be re-verified once we acquire a reference to be certain
3065 * that the identity is still correct and we did not lose a race
3066 * due to preemption.
3070 seq = seqc_read_notmodify(fd_seqc(fdt, fd));
3071 fde = &fdt->fdt_ofiles[fd];
3072 haverights = *cap_rights_fde_inline(fde);
3074 if (!seqc_consistent(fd_seqc(fdt, fd), seq))
3077 fp = fdt->fdt_ofiles[fd].fde_file;
3082 error = cap_check_inline(&haverights, needrightsp);
3086 if (__predict_false(!refcount_acquire_if_not_zero(&fp->f_count))) {
3088 * Force a reload. Other thread could reallocate the
3089 * table before this fd was closed, so it is possible
3090 * that there is a stale fp pointer in cached version.
3092 fdt = atomic_load_ptr(&fdp->fd_files);
3096 * Use an acquire barrier to force re-reading of fdt so it is
3097 * refreshed for verification.
3099 atomic_thread_fence_acq();
3100 fdt = fdp->fd_files;
3102 if (seqc_consistent_nomb(fd_seqc(fdt, fd), seq))
3104 if (fp == fdt->fdt_ofiles[fd].fde_file)
3107 fdrop(fp, curthread);
3119 * See the comments in fget_unlocked_seq for an explanation of how this works.
3121 * This is a simplified variant which bails out to the aforementioned routine
3122 * if anything goes wrong. In practice this only happens when userspace is
3123 * racing with itself.
3126 fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
3130 const struct filedescent *fde;
3132 const struct fdescenttbl *fdt;
3136 const cap_rights_t *haverights;
3139 fdt = fdp->fd_files;
3140 if (__predict_false((u_int)fd >= fdt->fdt_nfiles))
3143 seq = seqc_read_notmodify(fd_seqc(fdt, fd));
3144 fde = &fdt->fdt_ofiles[fd];
3145 haverights = cap_rights_fde_inline(fde);
3148 fp = fdt->fdt_ofiles[fd].fde_file;
3150 if (__predict_false(fp == NULL))
3153 if (__predict_false(cap_check_inline_transient(haverights, needrightsp)))
3156 if (__predict_false(!refcount_acquire_if_not_zero(&fp->f_count)))
3160 * Use an acquire barrier to force re-reading of fdt so it is
3161 * refreshed for verification.
3163 atomic_thread_fence_acq();
3164 fdt = fdp->fd_files;
3166 if (__predict_false(!seqc_consistent_nomb(fd_seqc(fdt, fd), seq)))
3168 if (__predict_false(fp != fdt->fdt_ofiles[fd].fde_file))
3174 fdrop(fp, curthread);
3176 return (fget_unlocked_seq(fdp, fd, needrightsp, fpp, NULL));
3180 * Extract the file pointer associated with the specified descriptor for the
3181 * current user process.
3183 * If the descriptor doesn't exist or doesn't match 'flags', EBADF is
3186 * File's rights will be checked against the capability rights mask.
3188 * If an error occurred the non-zero error is returned and *fpp is set to
3189 * NULL. Otherwise *fpp is held and set and zero is returned. Caller is
3190 * responsible for fdrop().
3193 _fget(struct thread *td, int fd, struct file **fpp, int flags,
3194 cap_rights_t *needrightsp)
3196 struct filedesc *fdp;
3201 fdp = td->td_proc->p_fd;
3202 error = fget_unlocked(fdp, fd, needrightsp, &fp);
3203 if (__predict_false(error != 0))
3205 if (__predict_false(fp->f_ops == &badfileops)) {
3211 * FREAD and FWRITE failure return EBADF as per POSIX.
3217 if ((fp->f_flag & flags) == 0)
3221 if ((fp->f_flag & (FREAD | FEXEC)) == 0 ||
3222 ((fp->f_flag & FWRITE) != 0))
3228 KASSERT(0, ("wrong flags"));
3241 fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
3244 return (_fget(td, fd, fpp, 0, rightsp));
3248 fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp, vm_prot_t *maxprotp,
3252 #ifndef CAPABILITIES
3253 error = _fget(td, fd, fpp, 0, rightsp);
3254 if (maxprotp != NULL)
3255 *maxprotp = VM_PROT_ALL;
3258 cap_rights_t fdrights;
3259 struct filedesc *fdp;
3264 fdp = td->td_proc->p_fd;
3265 MPASS(cap_rights_is_set(rightsp, CAP_MMAP));
3267 error = fget_unlocked_seq(fdp, fd, rightsp, &fp, &seq);
3268 if (__predict_false(error != 0))
3270 if (__predict_false(fp->f_ops == &badfileops)) {
3274 if (maxprotp != NULL)
3275 fdrights = *cap_rights(fdp, fd);
3276 if (!fd_modified(fdp, fd, seq))
3282 * If requested, convert capability rights to access flags.
3284 if (maxprotp != NULL)
3285 *maxprotp = cap_rights_to_vmprot(&fdrights);
3292 fget_read(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
3295 return (_fget(td, fd, fpp, FREAD, rightsp));
3299 fget_write(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
3302 return (_fget(td, fd, fpp, FWRITE, rightsp));
3306 fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp, int needfcntl,
3309 struct filedesc *fdp = td->td_proc->p_fd;
3310 #ifndef CAPABILITIES
3311 return (fget_unlocked(fdp, fd, rightsp, fpp));
3318 MPASS(cap_rights_is_set(rightsp, CAP_FCNTL));
3320 error = fget_unlocked_seq(fdp, fd, rightsp, &fp, &seq);
3323 error = cap_fcntl_check(fdp, fd, needfcntl);
3324 if (!fd_modified(fdp, fd, seq))
3338 * Like fget() but loads the underlying vnode, or returns an error if the
3339 * descriptor does not represent a vnode. Note that pipes use vnodes but
3340 * never have VM objects. The returned vnode will be vref()'d.
3342 * XXX: what about the unused flags ?
3345 _fgetvp(struct thread *td, int fd, int flags, cap_rights_t *needrightsp,
3352 error = _fget(td, fd, &fp, flags, needrightsp);
3355 if (fp->f_vnode == NULL) {
3367 fgetvp(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
3370 return (_fgetvp(td, fd, 0, rightsp, vpp));
3374 fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,
3375 struct filecaps *havecaps, struct vnode **vpp)
3377 struct filecaps caps;
3381 error = fget_cap(td, fd, needrightsp, &fp, &caps);
3384 if (fp->f_ops == &badfileops) {
3388 if (fp->f_vnode == NULL) {
3400 filecaps_free(&caps);
3406 fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
3409 return (_fgetvp(td, fd, FREAD, rightsp, vpp));
3413 fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
3416 return (_fgetvp(td, fd, FEXEC, rightsp, vpp));
3421 fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,
3425 return (_fgetvp(td, fd, FWRITE, rightsp, vpp));
3430 * Handle the last reference to a file being closed.
3432 * Without the noinline attribute clang keeps inlining the func thorough this
3433 * file when fdrop is used.
3436 _fdrop(struct file *fp, struct thread *td)
3442 count = refcount_load(&fp->f_count);
3444 panic("fdrop: fp %p count %d", fp, count);
3446 error = fo_close(fp, td);
3447 atomic_subtract_int(&openfiles, 1);
3449 free(fp->f_advice, M_FADVISE);
3450 uma_zfree(file_zone, fp);
3456 * Apply an advisory lock on a file descriptor.
3458 * Just attempt to get a record lock of the requested type on the entire file
3459 * (l_whence = SEEK_SET, l_start = 0, l_len = 0).
3461 #ifndef _SYS_SYSPROTO_H_
3469 sys_flock(struct thread *td, struct flock_args *uap)
3476 error = fget(td, uap->fd, &cap_flock_rights, &fp);
3479 if (fp->f_type != DTYPE_VNODE) {
3481 return (EOPNOTSUPP);
3485 lf.l_whence = SEEK_SET;
3488 if (uap->how & LOCK_UN) {
3489 lf.l_type = F_UNLCK;
3490 atomic_clear_int(&fp->f_flag, FHASLOCK);
3491 error = VOP_ADVLOCK(vp, (caddr_t)fp, F_UNLCK, &lf, F_FLOCK);
3494 if (uap->how & LOCK_EX)
3495 lf.l_type = F_WRLCK;
3496 else if (uap->how & LOCK_SH)
3497 lf.l_type = F_RDLCK;
3502 atomic_set_int(&fp->f_flag, FHASLOCK);
3503 error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf,
3504 (uap->how & LOCK_NB) ? F_FLOCK : F_FLOCK | F_WAIT);
3510 * Duplicate the specified descriptor to a free descriptor.
3513 dupfdopen(struct thread *td, struct filedesc *fdp, int dfd, int mode,
3514 int openerror, int *indxp)
3516 struct filedescent *newfde, *oldfde;
3521 KASSERT(openerror == ENODEV || openerror == ENXIO,
3522 ("unexpected error %d in %s", openerror, __func__));
3525 * If the to-be-dup'd fd number is greater than the allowed number
3526 * of file descriptors, or the fd to be dup'd has already been
3527 * closed, then reject.
3529 FILEDESC_XLOCK(fdp);
3530 if ((fp = fget_locked(fdp, dfd)) == NULL) {
3531 FILEDESC_XUNLOCK(fdp);
3535 error = fdalloc(td, 0, &indx);
3537 FILEDESC_XUNLOCK(fdp);
3542 * There are two cases of interest here.
3544 * For ENODEV simply dup (dfd) to file descriptor (indx) and return.
3546 * For ENXIO steal away the file structure from (dfd) and store it in
3547 * (indx). (dfd) is effectively closed by this operation.
3549 switch (openerror) {
3552 * Check that the mode the file is being opened for is a
3553 * subset of the mode of the existing descriptor.
3555 if (((mode & (FREAD|FWRITE)) | fp->f_flag) != fp->f_flag) {
3556 fdunused(fdp, indx);
3557 FILEDESC_XUNLOCK(fdp);
3561 fdunused(fdp, indx);
3562 FILEDESC_XUNLOCK(fdp);
3565 newfde = &fdp->fd_ofiles[indx];
3566 oldfde = &fdp->fd_ofiles[dfd];
3567 ioctls = filecaps_copy_prep(&oldfde->fde_caps);
3569 seqc_write_begin(&newfde->fde_seqc);
3571 memcpy(newfde, oldfde, fde_change_size);
3572 filecaps_copy_finish(&oldfde->fde_caps, &newfde->fde_caps,
3575 seqc_write_end(&newfde->fde_seqc);
3580 * Steal away the file pointer from dfd and stuff it into indx.
3582 newfde = &fdp->fd_ofiles[indx];
3583 oldfde = &fdp->fd_ofiles[dfd];
3585 seqc_write_begin(&newfde->fde_seqc);
3587 memcpy(newfde, oldfde, fde_change_size);
3588 oldfde->fde_file = NULL;
3591 seqc_write_end(&newfde->fde_seqc);
3595 FILEDESC_XUNLOCK(fdp);
3601 * This sysctl determines if we will allow a process to chroot(2) if it
3602 * has a directory open:
3603 * 0: disallowed for all processes.
3604 * 1: allowed for processes that were not already chroot(2)'ed.
3605 * 2: allowed for all processes.
3608 static int chroot_allow_open_directories = 1;
3610 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
3611 &chroot_allow_open_directories, 0,
3612 "Allow a process to chroot(2) if it has a directory open");
3615 * Helper function for raised chroot(2) security function: Refuse if
3616 * any filedescriptors are open directories.
3619 chroot_refuse_vdir_fds(struct filedesc *fdp)
3625 FILEDESC_LOCK_ASSERT(fdp);
3627 lastfile = fdlastfile(fdp);
3628 for (fd = 0; fd <= lastfile; fd++) {
3629 fp = fget_locked(fdp, fd);
3632 if (fp->f_type == DTYPE_VNODE) {
3634 if (vp->v_type == VDIR)
3642 pwd_fill(struct pwd *oldpwd, struct pwd *newpwd)
3645 if (newpwd->pwd_cdir == NULL && oldpwd->pwd_cdir != NULL) {
3646 vrefact(oldpwd->pwd_cdir);
3647 newpwd->pwd_cdir = oldpwd->pwd_cdir;
3650 if (newpwd->pwd_rdir == NULL && oldpwd->pwd_rdir != NULL) {
3651 vrefact(oldpwd->pwd_rdir);
3652 newpwd->pwd_rdir = oldpwd->pwd_rdir;
3655 if (newpwd->pwd_jdir == NULL && oldpwd->pwd_jdir != NULL) {
3656 vrefact(oldpwd->pwd_jdir);
3657 newpwd->pwd_jdir = oldpwd->pwd_jdir;
3662 pwd_hold_pwddesc(struct pwddesc *pdp)
3666 PWDDESC_ASSERT_XLOCKED(pdp);
3667 pwd = PWDDESC_XLOCKED_LOAD_PWD(pdp);
3669 refcount_acquire(&pwd->pwd_refcount);
3674 pwd_hold_smr(struct pwd *pwd)
3678 if (__predict_true(refcount_acquire_if_not_zero(&pwd->pwd_refcount))) {
3685 pwd_hold(struct thread *td)
3687 struct pwddesc *pdp;
3690 pdp = td->td_proc->p_pd;
3693 pwd = vfs_smr_entered_load(&pdp->pd_pwd);
3694 if (pwd_hold_smr(pwd)) {
3700 pwd = pwd_hold_pwddesc(pdp);
3702 PWDDESC_XUNLOCK(pdp);
3711 pwd = uma_zalloc_smr(pwd_zone, M_WAITOK);
3712 bzero(pwd, sizeof(*pwd));
3713 refcount_init(&pwd->pwd_refcount, 1);
3718 pwd_drop(struct pwd *pwd)
3721 if (!refcount_release(&pwd->pwd_refcount))
3724 if (pwd->pwd_cdir != NULL)
3725 vrele(pwd->pwd_cdir);
3726 if (pwd->pwd_rdir != NULL)
3727 vrele(pwd->pwd_rdir);
3728 if (pwd->pwd_jdir != NULL)
3729 vrele(pwd->pwd_jdir);
3730 uma_zfree_smr(pwd_zone, pwd);
3734 * Common routine for kern_chroot() and jail_attach(). The caller is
3735 * responsible for invoking priv_check() and mac_vnode_check_chroot() to
3736 * authorize this operation.
3739 pwd_chroot(struct thread *td, struct vnode *vp)
3741 struct pwddesc *pdp;
3742 struct filedesc *fdp;
3743 struct pwd *newpwd, *oldpwd;
3746 fdp = td->td_proc->p_fd;
3747 pdp = td->td_proc->p_pd;
3748 newpwd = pwd_alloc();
3749 FILEDESC_SLOCK(fdp);
3751 oldpwd = PWDDESC_XLOCKED_LOAD_PWD(pdp);
3752 if (chroot_allow_open_directories == 0 ||
3753 (chroot_allow_open_directories == 1 &&
3754 oldpwd->pwd_rdir != rootvnode)) {
3755 error = chroot_refuse_vdir_fds(fdp);
3756 FILEDESC_SUNLOCK(fdp);
3758 PWDDESC_XUNLOCK(pdp);
3763 FILEDESC_SUNLOCK(fdp);
3767 newpwd->pwd_rdir = vp;
3768 if (oldpwd->pwd_jdir == NULL) {
3770 newpwd->pwd_jdir = vp;
3772 pwd_fill(oldpwd, newpwd);
3773 pwd_set(pdp, newpwd);
3774 PWDDESC_XUNLOCK(pdp);
3780 pwd_chdir(struct thread *td, struct vnode *vp)
3782 struct pwddesc *pdp;
3783 struct pwd *newpwd, *oldpwd;
3785 VNPASS(vp->v_usecount > 0, vp);
3787 newpwd = pwd_alloc();
3788 pdp = td->td_proc->p_pd;
3790 oldpwd = PWDDESC_XLOCKED_LOAD_PWD(pdp);
3791 newpwd->pwd_cdir = vp;
3792 pwd_fill(oldpwd, newpwd);
3793 pwd_set(pdp, newpwd);
3794 PWDDESC_XUNLOCK(pdp);
3799 pwd_ensure_dirs(void)
3801 struct pwddesc *pdp;
3802 struct pwd *oldpwd, *newpwd;
3804 pdp = curproc->p_pd;
3806 oldpwd = PWDDESC_XLOCKED_LOAD_PWD(pdp);
3807 if (oldpwd->pwd_cdir != NULL && oldpwd->pwd_rdir != NULL) {
3808 PWDDESC_XUNLOCK(pdp);
3811 PWDDESC_XUNLOCK(pdp);
3813 newpwd = pwd_alloc();
3815 oldpwd = PWDDESC_XLOCKED_LOAD_PWD(pdp);
3816 pwd_fill(oldpwd, newpwd);
3817 if (newpwd->pwd_cdir == NULL) {
3819 newpwd->pwd_cdir = rootvnode;
3821 if (newpwd->pwd_rdir == NULL) {
3823 newpwd->pwd_rdir = rootvnode;
3825 pwd_set(pdp, newpwd);
3826 PWDDESC_XUNLOCK(pdp);
3831 pwd_set_rootvnode(void)
3833 struct pwddesc *pdp;
3834 struct pwd *oldpwd, *newpwd;
3836 pdp = curproc->p_pd;
3838 newpwd = pwd_alloc();
3840 oldpwd = PWDDESC_XLOCKED_LOAD_PWD(pdp);
3842 newpwd->pwd_cdir = rootvnode;
3844 newpwd->pwd_rdir = rootvnode;
3845 pwd_fill(oldpwd, newpwd);
3846 pwd_set(pdp, newpwd);
3847 PWDDESC_XUNLOCK(pdp);
3852 * Scan all active processes and prisons to see if any of them have a current
3853 * or root directory of `olddp'. If so, replace them with the new mount point.
3856 mountcheckdirs(struct vnode *olddp, struct vnode *newdp)
3858 struct pwddesc *pdp;
3859 struct pwd *newpwd, *oldpwd;
3864 if (vrefcnt(olddp) == 1)
3867 newpwd = pwd_alloc();
3868 sx_slock(&allproc_lock);
3869 FOREACH_PROC_IN_SYSTEM(p) {
3876 oldpwd = PWDDESC_XLOCKED_LOAD_PWD(pdp);
3877 if (oldpwd == NULL ||
3878 (oldpwd->pwd_cdir != olddp &&
3879 oldpwd->pwd_rdir != olddp &&
3880 oldpwd->pwd_jdir != olddp)) {
3881 PWDDESC_XUNLOCK(pdp);
3885 if (oldpwd->pwd_cdir == olddp) {
3887 newpwd->pwd_cdir = newdp;
3889 if (oldpwd->pwd_rdir == olddp) {
3891 newpwd->pwd_rdir = newdp;
3893 if (oldpwd->pwd_jdir == olddp) {
3895 newpwd->pwd_jdir = newdp;
3897 pwd_fill(oldpwd, newpwd);
3898 pwd_set(pdp, newpwd);
3899 PWDDESC_XUNLOCK(pdp);
3902 newpwd = pwd_alloc();
3904 sx_sunlock(&allproc_lock);
3906 if (rootvnode == olddp) {
3911 mtx_lock(&prison0.pr_mtx);
3912 if (prison0.pr_root == olddp) {
3914 prison0.pr_root = newdp;
3917 mtx_unlock(&prison0.pr_mtx);
3918 sx_slock(&allprison_lock);
3919 TAILQ_FOREACH(pr, &allprison, pr_list) {
3920 mtx_lock(&pr->pr_mtx);
3921 if (pr->pr_root == olddp) {
3923 pr->pr_root = newdp;
3926 mtx_unlock(&pr->pr_mtx);
3928 sx_sunlock(&allprison_lock);
3933 struct filedesc_to_leader *
3934 filedesc_to_leader_alloc(struct filedesc_to_leader *old, struct filedesc *fdp, struct proc *leader)
3936 struct filedesc_to_leader *fdtol;
3938 fdtol = malloc(sizeof(struct filedesc_to_leader),
3939 M_FILEDESC_TO_LEADER, M_WAITOK);
3940 fdtol->fdl_refcount = 1;
3941 fdtol->fdl_holdcount = 0;
3942 fdtol->fdl_wakeup = 0;
3943 fdtol->fdl_leader = leader;
3945 FILEDESC_XLOCK(fdp);
3946 fdtol->fdl_next = old->fdl_next;
3947 fdtol->fdl_prev = old;
3948 old->fdl_next = fdtol;
3949 fdtol->fdl_next->fdl_prev = fdtol;
3950 FILEDESC_XUNLOCK(fdp);
3952 fdtol->fdl_next = fdtol;
3953 fdtol->fdl_prev = fdtol;
3959 sysctl_kern_proc_nfds(SYSCTL_HANDLER_ARGS)
3962 struct filedesc *fdp;
3963 int count, off, minoff;
3965 if (*(int *)arg1 != 0)
3968 fdp = curproc->p_fd;
3970 FILEDESC_SLOCK(fdp);
3972 off = NDSLOT(fdp->fd_nfiles - 1);
3973 for (minoff = NDSLOT(0); off >= minoff; --off)
3974 count += bitcountl(map[off]);
3975 FILEDESC_SUNLOCK(fdp);
3977 return (SYSCTL_OUT(req, &count, sizeof(count)));
3980 static SYSCTL_NODE(_kern_proc, KERN_PROC_NFDS, nfds,
3981 CTLFLAG_RD|CTLFLAG_CAPRD|CTLFLAG_MPSAFE, sysctl_kern_proc_nfds,
3982 "Number of open file descriptors");
3985 * Get file structures globally.
3988 sysctl_kern_file(SYSCTL_HANDLER_ARGS)
3991 struct filedesc *fdp;
3994 int error, n, lastfile;
3996 error = sysctl_wire_old_buffer(req, 0);
3999 if (req->oldptr == NULL) {
4001 sx_slock(&allproc_lock);
4002 FOREACH_PROC_IN_SYSTEM(p) {
4004 if (p->p_state == PRS_NEW) {
4012 /* overestimates sparse tables. */
4013 n += fdp->fd_nfiles;
4016 sx_sunlock(&allproc_lock);
4017 return (SYSCTL_OUT(req, 0, n * sizeof(xf)));
4020 bzero(&xf, sizeof(xf));
4021 xf.xf_size = sizeof(xf);
4022 sx_slock(&allproc_lock);
4023 FOREACH_PROC_IN_SYSTEM(p) {
4025 if (p->p_state == PRS_NEW) {
4029 if (p_cansee(req->td, p) != 0) {
4033 xf.xf_pid = p->p_pid;
4034 xf.xf_uid = p->p_ucred->cr_uid;
4039 FILEDESC_SLOCK(fdp);
4040 lastfile = fdlastfile(fdp);
4041 for (n = 0; refcount_load(&fdp->fd_refcnt) > 0 && n <= lastfile;
4043 if ((fp = fdp->fd_ofiles[n].fde_file) == NULL)
4046 xf.xf_file = (uintptr_t)fp;
4047 xf.xf_data = (uintptr_t)fp->f_data;
4048 xf.xf_vnode = (uintptr_t)fp->f_vnode;
4049 xf.xf_type = (uintptr_t)fp->f_type;
4050 xf.xf_count = refcount_load(&fp->f_count);
4052 xf.xf_offset = foffset_get(fp);
4053 xf.xf_flag = fp->f_flag;
4054 error = SYSCTL_OUT(req, &xf, sizeof(xf));
4058 FILEDESC_SUNLOCK(fdp);
4063 sx_sunlock(&allproc_lock);
4067 SYSCTL_PROC(_kern, KERN_FILE, file, CTLTYPE_OPAQUE|CTLFLAG_RD|CTLFLAG_MPSAFE,
4068 0, 0, sysctl_kern_file, "S,xfile", "Entire file table");
4070 #ifdef KINFO_FILE_SIZE
4071 CTASSERT(sizeof(struct kinfo_file) == KINFO_FILE_SIZE);
4075 xlate_fflags(int fflags)
4077 static const struct {
4080 } fflags_table[] = {
4081 { FAPPEND, KF_FLAG_APPEND },
4082 { FASYNC, KF_FLAG_ASYNC },
4083 { FFSYNC, KF_FLAG_FSYNC },
4084 { FHASLOCK, KF_FLAG_HASLOCK },
4085 { FNONBLOCK, KF_FLAG_NONBLOCK },
4086 { FREAD, KF_FLAG_READ },
4087 { FWRITE, KF_FLAG_WRITE },
4088 { O_CREAT, KF_FLAG_CREAT },
4089 { O_DIRECT, KF_FLAG_DIRECT },
4090 { O_EXCL, KF_FLAG_EXCL },
4091 { O_EXEC, KF_FLAG_EXEC },
4092 { O_EXLOCK, KF_FLAG_EXLOCK },
4093 { O_NOFOLLOW, KF_FLAG_NOFOLLOW },
4094 { O_SHLOCK, KF_FLAG_SHLOCK },
4095 { O_TRUNC, KF_FLAG_TRUNC }
4101 for (i = 0; i < nitems(fflags_table); i++)
4102 if (fflags & fflags_table[i].fflag)
4103 kflags |= fflags_table[i].kf_fflag;
4107 /* Trim unused data from kf_path by truncating the structure size. */
4109 pack_kinfo(struct kinfo_file *kif)
4112 kif->kf_structsize = offsetof(struct kinfo_file, kf_path) +
4113 strlen(kif->kf_path) + 1;
4114 kif->kf_structsize = roundup(kif->kf_structsize, sizeof(uint64_t));
4118 export_file_to_kinfo(struct file *fp, int fd, cap_rights_t *rightsp,
4119 struct kinfo_file *kif, struct filedesc *fdp, int flags)
4123 bzero(kif, sizeof(*kif));
4125 /* Set a default type to allow for empty fill_kinfo() methods. */
4126 kif->kf_type = KF_TYPE_UNKNOWN;
4127 kif->kf_flags = xlate_fflags(fp->f_flag);
4128 if (rightsp != NULL)
4129 kif->kf_cap_rights = *rightsp;
4131 cap_rights_init_zero(&kif->kf_cap_rights);
4133 kif->kf_ref_count = refcount_load(&fp->f_count);
4134 kif->kf_offset = foffset_get(fp);
4137 * This may drop the filedesc lock, so the 'fp' cannot be
4138 * accessed after this call.
4140 error = fo_fill_kinfo(fp, kif, fdp);
4142 kif->kf_status |= KF_ATTR_VALID;
4143 if ((flags & KERN_FILEDESC_PACK_KINFO) != 0)
4146 kif->kf_structsize = roundup2(sizeof(*kif), sizeof(uint64_t));
4150 export_vnode_to_kinfo(struct vnode *vp, int fd, int fflags,
4151 struct kinfo_file *kif, int flags)
4155 bzero(kif, sizeof(*kif));
4157 kif->kf_type = KF_TYPE_VNODE;
4158 error = vn_fill_kinfo_vnode(vp, kif);
4160 kif->kf_status |= KF_ATTR_VALID;
4161 kif->kf_flags = xlate_fflags(fflags);
4162 cap_rights_init_zero(&kif->kf_cap_rights);
4164 kif->kf_ref_count = -1;
4165 kif->kf_offset = -1;
4166 if ((flags & KERN_FILEDESC_PACK_KINFO) != 0)
4169 kif->kf_structsize = roundup2(sizeof(*kif), sizeof(uint64_t));
4173 struct export_fd_buf {
4174 struct filedesc *fdp;
4175 struct pwddesc *pdp;
4178 struct kinfo_file kif;
4183 export_kinfo_to_sb(struct export_fd_buf *efbuf)
4185 struct kinfo_file *kif;
4188 if (efbuf->remainder != -1) {
4189 if (efbuf->remainder < kif->kf_structsize) {
4190 /* Terminate export. */
4191 efbuf->remainder = 0;
4194 efbuf->remainder -= kif->kf_structsize;
4196 return (sbuf_bcat(efbuf->sb, kif, kif->kf_structsize) == 0 ? 0 : ENOMEM);
4200 export_file_to_sb(struct file *fp, int fd, cap_rights_t *rightsp,
4201 struct export_fd_buf *efbuf)
4205 if (efbuf->remainder == 0)
4207 export_file_to_kinfo(fp, fd, rightsp, &efbuf->kif, efbuf->fdp,
4209 FILEDESC_SUNLOCK(efbuf->fdp);
4210 error = export_kinfo_to_sb(efbuf);
4211 FILEDESC_SLOCK(efbuf->fdp);
4216 export_vnode_to_sb(struct vnode *vp, int fd, int fflags,
4217 struct export_fd_buf *efbuf)
4221 if (efbuf->remainder == 0)
4223 if (efbuf->pdp != NULL)
4224 PWDDESC_XUNLOCK(efbuf->pdp);
4225 export_vnode_to_kinfo(vp, fd, fflags, &efbuf->kif, efbuf->flags);
4226 error = export_kinfo_to_sb(efbuf);
4227 if (efbuf->pdp != NULL)
4228 PWDDESC_XLOCK(efbuf->pdp);
4233 * Store a process file descriptor information to sbuf.
4235 * Takes a locked proc as argument, and returns with the proc unlocked.
4238 kern_proc_filedesc_out(struct proc *p, struct sbuf *sb, ssize_t maxlen,
4242 struct filedesc *fdp;
4243 struct pwddesc *pdp;
4244 struct export_fd_buf *efbuf;
4245 struct vnode *cttyvp, *textvp, *tracevp;
4247 int error, i, lastfile;
4248 cap_rights_t rights;
4250 PROC_LOCK_ASSERT(p, MA_OWNED);
4253 tracevp = p->p_tracevp;
4254 if (tracevp != NULL)
4257 textvp = p->p_textvp;
4260 /* Controlling tty. */
4262 if (p->p_pgrp != NULL && p->p_pgrp->pg_session != NULL) {
4263 cttyvp = p->p_pgrp->pg_session->s_ttyvp;
4270 efbuf = malloc(sizeof(*efbuf), M_TEMP, M_WAITOK);
4274 efbuf->remainder = maxlen;
4275 efbuf->flags = flags;
4276 if (tracevp != NULL)
4277 export_vnode_to_sb(tracevp, KF_FD_TYPE_TRACE, FREAD | FWRITE,
4280 export_vnode_to_sb(textvp, KF_FD_TYPE_TEXT, FREAD, efbuf);
4282 export_vnode_to_sb(cttyvp, KF_FD_TYPE_CTTY, FREAD | FWRITE,
4285 if (pdp == NULL || fdp == NULL)
4290 pwd = pwd_hold_pwddesc(pdp);
4292 /* working directory */
4293 if (pwd->pwd_cdir != NULL) {
4294 vrefact(pwd->pwd_cdir);
4295 export_vnode_to_sb(pwd->pwd_cdir, KF_FD_TYPE_CWD, FREAD, efbuf);
4297 /* root directory */
4298 if (pwd->pwd_rdir != NULL) {
4299 vrefact(pwd->pwd_rdir);
4300 export_vnode_to_sb(pwd->pwd_rdir, KF_FD_TYPE_ROOT, FREAD, efbuf);
4302 /* jail directory */
4303 if (pwd->pwd_jdir != NULL) {
4304 vrefact(pwd->pwd_jdir);
4305 export_vnode_to_sb(pwd->pwd_jdir, KF_FD_TYPE_JAIL, FREAD, efbuf);
4308 PWDDESC_XUNLOCK(pdp);
4311 FILEDESC_SLOCK(fdp);
4312 lastfile = fdlastfile(fdp);
4313 for (i = 0; refcount_load(&fdp->fd_refcnt) > 0 && i <= lastfile; i++) {
4314 if ((fp = fdp->fd_ofiles[i].fde_file) == NULL)
4317 rights = *cap_rights(fdp, i);
4318 #else /* !CAPABILITIES */
4319 rights = cap_no_rights;
4322 * Create sysctl entry. It is OK to drop the filedesc
4323 * lock inside of export_file_to_sb() as we will
4324 * re-validate and re-evaluate its properties when the
4327 error = export_file_to_sb(fp, i, &rights, efbuf);
4328 if (error != 0 || efbuf->remainder == 0)
4331 FILEDESC_SUNLOCK(fdp);
4337 free(efbuf, M_TEMP);
4341 #define FILEDESC_SBUF_SIZE (sizeof(struct kinfo_file) * 5)
4344 * Get per-process file descriptors for use by procstat(1), et al.
4347 sysctl_kern_proc_filedesc(SYSCTL_HANDLER_ARGS)
4352 int error, error2, *name;
4356 sbuf_new_for_sysctl(&sb, NULL, FILEDESC_SBUF_SIZE, req);
4357 sbuf_clear_flags(&sb, SBUF_INCLUDENUL);
4358 error = pget((pid_t)name[0], PGET_CANDEBUG | PGET_NOTWEXIT, &p);
4363 maxlen = req->oldptr != NULL ? req->oldlen : -1;
4364 error = kern_proc_filedesc_out(p, &sb, maxlen,
4365 KERN_FILEDESC_PACK_KINFO);
4366 error2 = sbuf_finish(&sb);
4368 return (error != 0 ? error : error2);
4371 #ifdef COMPAT_FREEBSD7
4372 #ifdef KINFO_OFILE_SIZE
4373 CTASSERT(sizeof(struct kinfo_ofile) == KINFO_OFILE_SIZE);
4377 kinfo_to_okinfo(struct kinfo_file *kif, struct kinfo_ofile *okif)
4380 okif->kf_structsize = sizeof(*okif);
4381 okif->kf_type = kif->kf_type;
4382 okif->kf_fd = kif->kf_fd;
4383 okif->kf_ref_count = kif->kf_ref_count;
4384 okif->kf_flags = kif->kf_flags & (KF_FLAG_READ | KF_FLAG_WRITE |
4385 KF_FLAG_APPEND | KF_FLAG_ASYNC | KF_FLAG_FSYNC | KF_FLAG_NONBLOCK |
4386 KF_FLAG_DIRECT | KF_FLAG_HASLOCK);
4387 okif->kf_offset = kif->kf_offset;
4388 if (kif->kf_type == KF_TYPE_VNODE)
4389 okif->kf_vnode_type = kif->kf_un.kf_file.kf_file_type;
4391 okif->kf_vnode_type = KF_VTYPE_VNON;
4392 strlcpy(okif->kf_path, kif->kf_path, sizeof(okif->kf_path));
4393 if (kif->kf_type == KF_TYPE_SOCKET) {
4394 okif->kf_sock_domain = kif->kf_un.kf_sock.kf_sock_domain0;
4395 okif->kf_sock_type = kif->kf_un.kf_sock.kf_sock_type0;
4396 okif->kf_sock_protocol = kif->kf_un.kf_sock.kf_sock_protocol0;
4397 okif->kf_sa_local = kif->kf_un.kf_sock.kf_sa_local;
4398 okif->kf_sa_peer = kif->kf_un.kf_sock.kf_sa_peer;
4400 okif->kf_sa_local.ss_family = AF_UNSPEC;
4401 okif->kf_sa_peer.ss_family = AF_UNSPEC;
4406 export_vnode_for_osysctl(struct vnode *vp, int type, struct kinfo_file *kif,
4407 struct kinfo_ofile *okif, struct pwddesc *pdp, struct sysctl_req *req)
4412 PWDDESC_XUNLOCK(pdp);
4413 export_vnode_to_kinfo(vp, type, 0, kif, KERN_FILEDESC_PACK_KINFO);
4414 kinfo_to_okinfo(kif, okif);
4415 error = SYSCTL_OUT(req, okif, sizeof(*okif));
4421 * Get per-process file descriptors for use by procstat(1), et al.
4424 sysctl_kern_proc_ofiledesc(SYSCTL_HANDLER_ARGS)
4426 struct kinfo_ofile *okif;
4427 struct kinfo_file *kif;
4428 struct filedesc *fdp;
4429 struct pwddesc *pdp;
4431 int error, i, lastfile, *name;
4436 error = pget((pid_t)name[0], PGET_CANDEBUG | PGET_NOTWEXIT, &p);
4443 if (fdp == NULL || pdp == NULL) {
4448 kif = malloc(sizeof(*kif), M_TEMP, M_WAITOK);
4449 okif = malloc(sizeof(*okif), M_TEMP, M_WAITOK);
4451 pwd = pwd_hold_pwddesc(pdp);
4453 if (pwd->pwd_cdir != NULL)
4454 export_vnode_for_osysctl(pwd->pwd_cdir, KF_FD_TYPE_CWD, kif,
4456 if (pwd->pwd_rdir != NULL)
4457 export_vnode_for_osysctl(pwd->pwd_rdir, KF_FD_TYPE_ROOT, kif,
4459 if (pwd->pwd_jdir != NULL)
4460 export_vnode_for_osysctl(pwd->pwd_jdir, KF_FD_TYPE_JAIL, kif,
4463 PWDDESC_XUNLOCK(pdp);
4466 FILEDESC_SLOCK(fdp);
4467 lastfile = fdlastfile(fdp);
4468 for (i = 0; refcount_load(&fdp->fd_refcnt) > 0 && i <= lastfile; i++) {
4469 if ((fp = fdp->fd_ofiles[i].fde_file) == NULL)
4471 export_file_to_kinfo(fp, i, NULL, kif, fdp,
4472 KERN_FILEDESC_PACK_KINFO);
4473 FILEDESC_SUNLOCK(fdp);
4474 kinfo_to_okinfo(kif, okif);
4475 error = SYSCTL_OUT(req, okif, sizeof(*okif));
4476 FILEDESC_SLOCK(fdp);
4480 FILEDESC_SUNLOCK(fdp);
4488 static SYSCTL_NODE(_kern_proc, KERN_PROC_OFILEDESC, ofiledesc,
4489 CTLFLAG_RD|CTLFLAG_MPSAFE, sysctl_kern_proc_ofiledesc,
4490 "Process ofiledesc entries");
4491 #endif /* COMPAT_FREEBSD7 */
4494 vntype_to_kinfo(int vtype)
4499 } vtypes_table[] = {
4500 { VBAD, KF_VTYPE_VBAD },
4501 { VBLK, KF_VTYPE_VBLK },
4502 { VCHR, KF_VTYPE_VCHR },
4503 { VDIR, KF_VTYPE_VDIR },
4504 { VFIFO, KF_VTYPE_VFIFO },
4505 { VLNK, KF_VTYPE_VLNK },
4506 { VNON, KF_VTYPE_VNON },
4507 { VREG, KF_VTYPE_VREG },
4508 { VSOCK, KF_VTYPE_VSOCK }
4513 * Perform vtype translation.
4515 for (i = 0; i < nitems(vtypes_table); i++)
4516 if (vtypes_table[i].vtype == vtype)
4517 return (vtypes_table[i].kf_vtype);
4519 return (KF_VTYPE_UNKNOWN);
4522 static SYSCTL_NODE(_kern_proc, KERN_PROC_FILEDESC, filedesc,
4523 CTLFLAG_RD|CTLFLAG_MPSAFE, sysctl_kern_proc_filedesc,
4524 "Process filedesc entries");
4527 * Store a process current working directory information to sbuf.
4529 * Takes a locked proc as argument, and returns with the proc unlocked.
4532 kern_proc_cwd_out(struct proc *p, struct sbuf *sb, ssize_t maxlen)
4534 struct pwddesc *pdp;
4536 struct export_fd_buf *efbuf;
4540 PROC_LOCK_ASSERT(p, MA_OWNED);
4547 efbuf = malloc(sizeof(*efbuf), M_TEMP, M_WAITOK);
4550 efbuf->remainder = maxlen;
4553 pwd = PWDDESC_XLOCKED_LOAD_PWD(pdp);
4554 cdir = pwd->pwd_cdir;
4559 error = export_vnode_to_sb(cdir, KF_FD_TYPE_CWD, FREAD, efbuf);
4561 PWDDESC_XUNLOCK(pdp);
4563 free(efbuf, M_TEMP);
4568 * Get per-process current working directory.
4571 sysctl_kern_proc_cwd(SYSCTL_HANDLER_ARGS)
4576 int error, error2, *name;
4580 sbuf_new_for_sysctl(&sb, NULL, sizeof(struct kinfo_file), req);
4581 sbuf_clear_flags(&sb, SBUF_INCLUDENUL);
4582 error = pget((pid_t)name[0], PGET_CANDEBUG | PGET_NOTWEXIT, &p);
4587 maxlen = req->oldptr != NULL ? req->oldlen : -1;
4588 error = kern_proc_cwd_out(p, &sb, maxlen);
4589 error2 = sbuf_finish(&sb);
4591 return (error != 0 ? error : error2);
4594 static SYSCTL_NODE(_kern_proc, KERN_PROC_CWD, cwd, CTLFLAG_RD|CTLFLAG_MPSAFE,
4595 sysctl_kern_proc_cwd, "Process current working directory");
4599 * For the purposes of debugging, generate a human-readable string for the
4603 file_type_to_name(short type)
4631 case DTYPE_PROCDESC:
4635 case DTYPE_LINUXTFD:
4643 * For the purposes of debugging, identify a process (if any, perhaps one of
4644 * many) that references the passed file in its file descriptor array. Return
4647 static struct proc *
4648 file_to_first_proc(struct file *fp)
4650 struct filedesc *fdp;
4654 FOREACH_PROC_IN_SYSTEM(p) {
4655 if (p->p_state == PRS_NEW)
4660 for (n = 0; n < fdp->fd_nfiles; n++) {
4661 if (fp == fdp->fd_ofiles[n].fde_file)
4669 db_print_file(struct file *fp, int header)
4671 #define XPTRWIDTH ((int)howmany(sizeof(void *) * NBBY, 4))
4675 db_printf("%*s %6s %*s %8s %4s %5s %6s %*s %5s %s\n",
4676 XPTRWIDTH, "File", "Type", XPTRWIDTH, "Data", "Flag",
4677 "GCFl", "Count", "MCount", XPTRWIDTH, "Vnode", "FPID",
4679 p = file_to_first_proc(fp);
4680 db_printf("%*p %6s %*p %08x %04x %5d %6d %*p %5d %s\n", XPTRWIDTH,
4681 fp, file_type_to_name(fp->f_type), XPTRWIDTH, fp->f_data,
4682 fp->f_flag, 0, refcount_load(&fp->f_count), 0, XPTRWIDTH, fp->f_vnode,
4683 p != NULL ? p->p_pid : -1, p != NULL ? p->p_comm : "-");
4688 DB_SHOW_COMMAND(file, db_show_file)
4693 db_printf("usage: show file <addr>\n");
4696 fp = (struct file *)addr;
4697 db_print_file(fp, 1);
4700 DB_SHOW_COMMAND(files, db_show_files)
4702 struct filedesc *fdp;
4709 FOREACH_PROC_IN_SYSTEM(p) {
4710 if (p->p_state == PRS_NEW)
4712 if ((fdp = p->p_fd) == NULL)
4714 for (n = 0; n < fdp->fd_nfiles; ++n) {
4715 if ((fp = fdp->fd_ofiles[n].fde_file) == NULL)
4717 db_print_file(fp, header);
4724 SYSCTL_INT(_kern, KERN_MAXFILESPERPROC, maxfilesperproc, CTLFLAG_RW,
4725 &maxfilesperproc, 0, "Maximum files allowed open per process");
4727 SYSCTL_INT(_kern, KERN_MAXFILES, maxfiles, CTLFLAG_RW,
4728 &maxfiles, 0, "Maximum number of files");
4730 SYSCTL_INT(_kern, OID_AUTO, openfiles, CTLFLAG_RD,
4731 &openfiles, 0, "System-wide number of open files");
4735 filelistinit(void *dummy)
4738 file_zone = uma_zcreate("Files", sizeof(struct file), NULL, NULL,
4739 NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
4740 filedesc0_zone = uma_zcreate("filedesc0", sizeof(struct filedesc0),
4741 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
4742 pwd_zone = uma_zcreate("PWD", sizeof(struct pwd), NULL, NULL,
4743 NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_SMR);
4745 * XXXMJG this is a temporary hack due to boot ordering issues against
4748 vfs_smr = uma_zone_get_smr(pwd_zone);
4749 mtx_init(&sigio_lock, "sigio lock", NULL, MTX_DEF);
4751 SYSINIT(select, SI_SUB_LOCK, SI_ORDER_FIRST, filelistinit, NULL);
4753 /*-------------------------------------------------------------------*/
4756 badfo_readwrite(struct file *fp, struct uio *uio, struct ucred *active_cred,
4757 int flags, struct thread *td)
4764 badfo_truncate(struct file *fp, off_t length, struct ucred *active_cred,
4772 badfo_ioctl(struct file *fp, u_long com, void *data, struct ucred *active_cred,
4780 badfo_poll(struct file *fp, int events, struct ucred *active_cred,
4788 badfo_kqfilter(struct file *fp, struct knote *kn)
4795 badfo_stat(struct file *fp, struct stat *sb, struct ucred *active_cred,
4803 badfo_close(struct file *fp, struct thread *td)
4810 badfo_chmod(struct file *fp, mode_t mode, struct ucred *active_cred,
4818 badfo_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
4826 badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
4827 struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
4835 badfo_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp)
4841 struct fileops badfileops = {
4842 .fo_read = badfo_readwrite,
4843 .fo_write = badfo_readwrite,
4844 .fo_truncate = badfo_truncate,
4845 .fo_ioctl = badfo_ioctl,
4846 .fo_poll = badfo_poll,
4847 .fo_kqfilter = badfo_kqfilter,
4848 .fo_stat = badfo_stat,
4849 .fo_close = badfo_close,
4850 .fo_chmod = badfo_chmod,
4851 .fo_chown = badfo_chown,
4852 .fo_sendfile = badfo_sendfile,
4853 .fo_fill_kinfo = badfo_fill_kinfo,
4857 invfo_rdwr(struct file *fp, struct uio *uio, struct ucred *active_cred,
4858 int flags, struct thread *td)
4861 return (EOPNOTSUPP);
4865 invfo_truncate(struct file *fp, off_t length, struct ucred *active_cred,
4873 invfo_ioctl(struct file *fp, u_long com, void *data,
4874 struct ucred *active_cred, struct thread *td)
4881 invfo_poll(struct file *fp, int events, struct ucred *active_cred,
4885 return (poll_no_poll(events));
4889 invfo_kqfilter(struct file *fp, struct knote *kn)
4896 invfo_chmod(struct file *fp, mode_t mode, struct ucred *active_cred,
4904 invfo_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
4912 invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
4913 struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
4920 /*-------------------------------------------------------------------*/
4923 * File Descriptor pseudo-device driver (/dev/fd/).
4925 * Opening minor device N dup()s the file (if any) connected to file
4926 * descriptor N belonging to the calling process. Note that this driver
4927 * consists of only the ``open()'' routine, because all subsequent
4928 * references to this file will be direct to the other driver.
4930 * XXX: we could give this one a cloning event handler if necessary.
4935 fdopen(struct cdev *dev, int mode, int type, struct thread *td)
4939 * XXX Kludge: set curthread->td_dupfd to contain the value of the
4940 * the file descriptor being sought for duplication. The error
4941 * return ensures that the vnode for this device will be released
4942 * by vn_open. Open will detect this special error and take the
4943 * actions in dupfdopen below. Other callers of vn_open or VOP_OPEN
4944 * will simply report the error.
4946 td->td_dupfd = dev2unit(dev);
4950 static struct cdevsw fildesc_cdevsw = {
4951 .d_version = D_VERSION,
4957 fildesc_drvinit(void *unused)
4961 dev = make_dev_credf(MAKEDEV_ETERNAL, &fildesc_cdevsw, 0, NULL,
4962 UID_ROOT, GID_WHEEL, 0666, "fd/0");
4963 make_dev_alias(dev, "stdin");
4964 dev = make_dev_credf(MAKEDEV_ETERNAL, &fildesc_cdevsw, 1, NULL,
4965 UID_ROOT, GID_WHEEL, 0666, "fd/1");
4966 make_dev_alias(dev, "stdout");
4967 dev = make_dev_credf(MAKEDEV_ETERNAL, &fildesc_cdevsw, 2, NULL,
4968 UID_ROOT, GID_WHEEL, 0666, "fd/2");
4969 make_dev_alias(dev, "stderr");
4972 SYSINIT(fildescdev, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, fildesc_drvinit, NULL);