2 * Copyright (c) 1982, 1986, 1989, 1990, 1993
3 * The Regents of the University of California. All rights reserved.
5 * sendfile(2) and related extensions:
6 * Copyright (c) 1998, David Greenman. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * @(#)uipc_syscalls.c 8.4 (Berkeley) 2/21/94
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
38 #include "opt_capsicum.h"
40 #include "opt_inet6.h"
42 #include "opt_compat.h"
43 #include "opt_ktrace.h"
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/capability.h>
48 #include <sys/kernel.h>
50 #include <sys/mutex.h>
51 #include <sys/sysproto.h>
52 #include <sys/malloc.h>
53 #include <sys/filedesc.h>
54 #include <sys/event.h>
56 #include <sys/fcntl.h>
58 #include <sys/filio.h>
60 #include <sys/mount.h>
62 #include <sys/protosw.h>
63 #include <sys/rwlock.h>
64 #include <sys/sf_buf.h>
65 #include <sys/sysent.h>
66 #include <sys/socket.h>
67 #include <sys/socketvar.h>
68 #include <sys/signalvar.h>
69 #include <sys/syscallsubr.h>
70 #include <sys/sysctl.h>
72 #include <sys/vnode.h>
74 #include <sys/ktrace.h>
76 #ifdef COMPAT_FREEBSD32
77 #include <compat/freebsd32/freebsd32_util.h>
82 #include <security/audit/audit.h>
83 #include <security/mac/mac_framework.h>
86 #include <vm/vm_param.h>
87 #include <vm/vm_object.h>
88 #include <vm/vm_page.h>
89 #include <vm/vm_pageout.h>
90 #include <vm/vm_kern.h>
91 #include <vm/vm_extern.h>
93 #if defined(INET) || defined(INET6)
95 #include <netinet/sctp.h>
96 #include <netinet/sctp_peeloff.h>
98 #endif /* INET || INET6 */
100 static int sendit(struct thread *td, int s, struct msghdr *mp, int flags);
101 static int recvit(struct thread *td, int s, struct msghdr *mp, void *namelenp);
103 static int accept1(struct thread *td, struct accept_args *uap, int compat);
104 static int do_sendfile(struct thread *td, struct sendfile_args *uap, int compat);
105 static int getsockname1(struct thread *td, struct getsockname_args *uap,
107 static int getpeername1(struct thread *td, struct getpeername_args *uap,
111 * NSFBUFS-related variables and associated sysctls
117 SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufs, CTLFLAG_RDTUN, &nsfbufs, 0,
118 "Maximum number of sendfile(2) sf_bufs available");
119 SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufspeak, CTLFLAG_RD, &nsfbufspeak, 0,
120 "Number of sendfile(2) sf_bufs at peak usage");
121 SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufsused, CTLFLAG_RD, &nsfbufsused, 0,
122 "Number of sendfile(2) sf_bufs in use");
125 * Convert a user file descriptor to a kernel file entry and check if required
126 * capability rights are present.
127 * A reference on the file entry is held upon returning.
130 getsock_cap(struct filedesc *fdp, int fd, cap_rights_t rights,
131 struct file **fpp, u_int *fflagp)
136 error = fget_unlocked(fdp, fd, rights, 0, &fp, NULL);
139 if (fp->f_type != DTYPE_SOCKET) {
140 fdrop(fp, curthread);
144 *fflagp = fp->f_flag;
150 * System call interface to the socket abstraction.
152 #if defined(COMPAT_43)
153 #define COMPAT_OLDSOCK
159 struct socket_args /* {
169 AUDIT_ARG_SOCKET(uap->domain, uap->type, uap->protocol);
171 error = mac_socket_check_create(td->td_ucred, uap->domain, uap->type,
176 error = falloc(td, &fp, &fd, 0);
179 /* An extra reference on `fp' has been held for us by falloc(). */
180 error = socreate(uap->domain, &so, uap->type, uap->protocol,
183 fdclose(td->td_proc->p_fd, fp, fd, td);
185 finit(fp, FREAD | FWRITE, DTYPE_SOCKET, so, &socketops);
186 td->td_retval[0] = fd;
196 struct bind_args /* {
205 error = getsockaddr(&sa, uap->name, uap->namelen);
207 error = kern_bind(td, uap->s, sa);
214 kern_bindat(struct thread *td, int dirfd, int fd, struct sockaddr *sa)
221 AUDIT_ARG_SOCKADDR(td, dirfd, sa);
222 error = getsock_cap(td->td_proc->p_fd, fd, CAP_BIND, &fp, NULL);
227 if (KTRPOINT(td, KTR_STRUCT))
231 error = mac_socket_check_bind(td->td_ucred, so, sa);
234 if (dirfd == AT_FDCWD)
235 error = sobind(so, sa, td);
237 error = sobindat(dirfd, so, sa, td);
246 kern_bind(struct thread *td, int fd, struct sockaddr *sa)
249 return (kern_bindat(td, AT_FDCWD, fd, sa));
256 struct bindat_args /* {
266 error = getsockaddr(&sa, uap->name, uap->namelen);
268 error = kern_bindat(td, uap->fd, uap->s, sa);
278 struct listen_args /* {
287 AUDIT_ARG_FD(uap->s);
288 error = getsock_cap(td->td_proc->p_fd, uap->s, CAP_LISTEN, &fp, NULL);
292 error = mac_socket_check_listen(td->td_ucred, so);
295 error = solisten(so, uap->backlog, td);
305 accept1(td, uap, compat)
307 struct accept_args /* {
309 struct sockaddr * __restrict name;
310 socklen_t * __restrict anamelen;
314 struct sockaddr *name;
319 if (uap->name == NULL)
320 return (kern_accept(td, uap->s, NULL, NULL, NULL));
322 error = copyin(uap->anamelen, &namelen, sizeof (namelen));
326 error = kern_accept(td, uap->s, &name, &namelen, &fp);
329 * return a namelen of zero for older code which might
330 * ignore the return value from accept.
333 (void) copyout(&namelen,
334 uap->anamelen, sizeof(*uap->anamelen));
338 if (error == 0 && name != NULL) {
339 #ifdef COMPAT_OLDSOCK
341 ((struct osockaddr *)name)->sa_family =
344 error = copyout(name, uap->name, namelen);
347 error = copyout(&namelen, uap->anamelen,
350 fdclose(td->td_proc->p_fd, fp, td->td_retval[0], td);
352 free(name, M_SONAME);
357 kern_accept(struct thread *td, int s, struct sockaddr **name,
358 socklen_t *namelen, struct file **fp)
360 struct filedesc *fdp;
361 struct file *headfp, *nfp = NULL;
362 struct sockaddr *sa = NULL;
364 struct socket *head, *so;
377 fdp = td->td_proc->p_fd;
378 error = getsock_cap(fdp, s, CAP_ACCEPT, &headfp, &fflag);
381 head = headfp->f_data;
382 if ((head->so_options & SO_ACCEPTCONN) == 0) {
387 error = mac_socket_check_accept(td->td_ucred, head);
391 error = falloc(td, &nfp, &fd, 0);
395 if ((head->so_state & SS_NBIO) && TAILQ_EMPTY(&head->so_comp)) {
400 while (TAILQ_EMPTY(&head->so_comp) && head->so_error == 0) {
401 if (head->so_rcv.sb_state & SBS_CANTRCVMORE) {
402 head->so_error = ECONNABORTED;
405 error = msleep(&head->so_timeo, &accept_mtx, PSOCK | PCATCH,
412 if (head->so_error) {
413 error = head->so_error;
418 so = TAILQ_FIRST(&head->so_comp);
419 KASSERT(!(so->so_qstate & SQ_INCOMP), ("accept1: so SQ_INCOMP"));
420 KASSERT(so->so_qstate & SQ_COMP, ("accept1: so not SQ_COMP"));
423 * Before changing the flags on the socket, we have to bump the
424 * reference count. Otherwise, if the protocol calls sofree(),
425 * the socket will be released due to a zero refcount.
427 SOCK_LOCK(so); /* soref() and so_state update */
428 soref(so); /* file descriptor reference */
430 TAILQ_REMOVE(&head->so_comp, so, so_list);
432 so->so_state |= (head->so_state & SS_NBIO);
433 so->so_qstate &= ~SQ_COMP;
439 /* An extra reference on `nfp' has been held for us by falloc(). */
440 td->td_retval[0] = fd;
442 /* connection has been removed from the listen queue */
443 KNOTE_UNLOCKED(&head->so_rcv.sb_sel.si_note, 0);
445 pgid = fgetown(&head->so_sigio);
447 fsetown(pgid, &so->so_sigio);
449 finit(nfp, fflag, DTYPE_SOCKET, so, &socketops);
450 /* Sync socket nonblocking/async state with file flags */
451 tmp = fflag & FNONBLOCK;
452 (void) fo_ioctl(nfp, FIONBIO, &tmp, td->td_ucred, td);
453 tmp = fflag & FASYNC;
454 (void) fo_ioctl(nfp, FIOASYNC, &tmp, td->td_ucred, td);
456 error = soaccept(so, &sa);
459 * return a namelen of zero for older code which might
460 * ignore the return value from accept.
471 AUDIT_ARG_SOCKADDR(td, AT_FDCWD, sa);
473 /* check sa_len before it is destroyed */
474 if (*namelen > sa->sa_len)
475 *namelen = sa->sa_len;
477 if (KTRPOINT(td, KTR_STRUCT))
488 * close the new descriptor, assuming someone hasn't ripped it
492 fdclose(fdp, nfp, fd, td);
495 * Release explicitly held references before returning. We return
496 * a reference on nfp to the caller on success if they request it.
515 struct accept_args *uap;
518 return (accept1(td, uap, 0));
521 #ifdef COMPAT_OLDSOCK
525 struct accept_args *uap;
528 return (accept1(td, uap, 1));
530 #endif /* COMPAT_OLDSOCK */
536 struct connect_args /* {
545 error = getsockaddr(&sa, uap->name, uap->namelen);
547 error = kern_connect(td, uap->s, sa);
554 kern_connectat(struct thread *td, int dirfd, int fd, struct sockaddr *sa)
562 AUDIT_ARG_SOCKADDR(td, dirfd, sa);
563 error = getsock_cap(td->td_proc->p_fd, fd, CAP_CONNECT, &fp, NULL);
567 if (so->so_state & SS_ISCONNECTING) {
572 if (KTRPOINT(td, KTR_STRUCT))
576 error = mac_socket_check_connect(td->td_ucred, so, sa);
580 if (dirfd == AT_FDCWD)
581 error = soconnect(so, sa, td);
583 error = soconnectat(dirfd, so, sa, td);
586 if ((so->so_state & SS_NBIO) && (so->so_state & SS_ISCONNECTING)) {
591 while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
592 error = msleep(&so->so_timeo, SOCK_MTX(so), PSOCK | PCATCH,
595 if (error == EINTR || error == ERESTART)
601 error = so->so_error;
607 so->so_state &= ~SS_ISCONNECTING;
608 if (error == ERESTART)
616 kern_connect(struct thread *td, int fd, struct sockaddr *sa)
619 return (kern_connectat(td, AT_FDCWD, fd, sa));
624 sys_connectat(td, uap)
626 struct connectat_args /* {
636 error = getsockaddr(&sa, uap->name, uap->namelen);
638 error = kern_connectat(td, uap->fd, uap->s, sa);
645 kern_socketpair(struct thread *td, int domain, int type, int protocol,
648 struct filedesc *fdp = td->td_proc->p_fd;
649 struct file *fp1, *fp2;
650 struct socket *so1, *so2;
653 AUDIT_ARG_SOCKET(domain, type, protocol);
655 /* We might want to have a separate check for socket pairs. */
656 error = mac_socket_check_create(td->td_ucred, domain, type,
661 error = socreate(domain, &so1, type, protocol, td->td_ucred, td);
664 error = socreate(domain, &so2, type, protocol, td->td_ucred, td);
667 /* On success extra reference to `fp1' and 'fp2' is set by falloc. */
668 error = falloc(td, &fp1, &fd, 0);
672 fp1->f_data = so1; /* so1 already has ref count */
673 error = falloc(td, &fp2, &fd, 0);
676 fp2->f_data = so2; /* so2 already has ref count */
678 error = soconnect2(so1, so2);
681 if (type == SOCK_DGRAM) {
683 * Datagram socket connection is asymmetric.
685 error = soconnect2(so2, so1);
689 finit(fp1, FREAD | FWRITE, DTYPE_SOCKET, fp1->f_data, &socketops);
690 finit(fp2, FREAD | FWRITE, DTYPE_SOCKET, fp2->f_data, &socketops);
695 fdclose(fdp, fp2, rsv[1], td);
698 fdclose(fdp, fp1, rsv[0], td);
710 sys_socketpair(struct thread *td, struct socketpair_args *uap)
714 error = kern_socketpair(td, uap->domain, uap->type,
718 error = copyout(sv, uap->rsv, 2 * sizeof(int));
720 (void)kern_close(td, sv[0]);
721 (void)kern_close(td, sv[1]);
727 sendit(td, s, mp, flags)
733 struct mbuf *control;
737 #ifdef CAPABILITY_MODE
738 if (IN_CAPABILITY_MODE(td) && (mp->msg_name != NULL))
742 if (mp->msg_name != NULL) {
743 error = getsockaddr(&to, mp->msg_name, mp->msg_namelen);
753 if (mp->msg_control) {
754 if (mp->msg_controllen < sizeof(struct cmsghdr)
755 #ifdef COMPAT_OLDSOCK
756 && mp->msg_flags != MSG_COMPAT
762 error = sockargs(&control, mp->msg_control,
763 mp->msg_controllen, MT_CONTROL);
766 #ifdef COMPAT_OLDSOCK
767 if (mp->msg_flags == MSG_COMPAT) {
770 M_PREPEND(control, sizeof(*cm), M_WAITOK);
771 cm = mtod(control, struct cmsghdr *);
772 cm->cmsg_len = control->m_len;
773 cm->cmsg_level = SOL_SOCKET;
774 cm->cmsg_type = SCM_RIGHTS;
781 error = kern_sendit(td, s, mp, flags, control, UIO_USERSPACE);
790 kern_sendit(td, s, mp, flags, control, segflg)
795 struct mbuf *control;
806 struct uio *ktruio = NULL;
811 if (mp->msg_name != NULL) {
812 AUDIT_ARG_SOCKADDR(td, AT_FDCWD, mp->msg_name);
813 rights |= CAP_CONNECT;
815 error = getsock_cap(td->td_proc->p_fd, s, rights, &fp, NULL);
818 so = (struct socket *)fp->f_data;
821 if (mp->msg_name != NULL && KTRPOINT(td, KTR_STRUCT))
822 ktrsockaddr(mp->msg_name);
825 if (mp->msg_name != NULL) {
826 error = mac_socket_check_connect(td->td_ucred, so,
831 error = mac_socket_check_send(td->td_ucred, so);
836 auio.uio_iov = mp->msg_iov;
837 auio.uio_iovcnt = mp->msg_iovlen;
838 auio.uio_segflg = segflg;
839 auio.uio_rw = UIO_WRITE;
841 auio.uio_offset = 0; /* XXX */
844 for (i = 0; i < mp->msg_iovlen; i++, iov++) {
845 if ((auio.uio_resid += iov->iov_len) < 0) {
851 if (KTRPOINT(td, KTR_GENIO))
852 ktruio = cloneuio(&auio);
854 len = auio.uio_resid;
855 error = sosend(so, mp->msg_name, &auio, 0, control, flags, td);
857 if (auio.uio_resid != len && (error == ERESTART ||
858 error == EINTR || error == EWOULDBLOCK))
860 /* Generation of SIGPIPE can be controlled per socket */
861 if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
862 !(flags & MSG_NOSIGNAL)) {
863 PROC_LOCK(td->td_proc);
864 tdsignal(td, SIGPIPE);
865 PROC_UNLOCK(td->td_proc);
869 td->td_retval[0] = len - auio.uio_resid;
871 if (ktruio != NULL) {
872 ktruio->uio_resid = td->td_retval[0];
873 ktrgenio(s, UIO_WRITE, ktruio, error);
884 struct sendto_args /* {
897 msg.msg_name = uap->to;
898 msg.msg_namelen = uap->tolen;
902 #ifdef COMPAT_OLDSOCK
905 aiov.iov_base = uap->buf;
906 aiov.iov_len = uap->len;
907 error = sendit(td, uap->s, &msg, uap->flags);
911 #ifdef COMPAT_OLDSOCK
915 struct osend_args /* {
930 aiov.iov_base = uap->buf;
931 aiov.iov_len = uap->len;
934 error = sendit(td, uap->s, &msg, uap->flags);
941 struct osendmsg_args /* {
951 error = copyin(uap->msg, &msg, sizeof (struct omsghdr));
954 error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
958 msg.msg_flags = MSG_COMPAT;
959 error = sendit(td, uap->s, &msg, uap->flags);
968 struct sendmsg_args /* {
978 error = copyin(uap->msg, &msg, sizeof (msg));
981 error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
985 #ifdef COMPAT_OLDSOCK
988 error = sendit(td, uap->s, &msg, uap->flags);
994 kern_recvit(td, s, mp, fromseg, controlp)
998 enum uio_seg fromseg;
999 struct mbuf **controlp;
1006 struct mbuf *m, *control = NULL;
1010 struct sockaddr *fromsa = NULL;
1012 struct uio *ktruio = NULL;
1015 if (controlp != NULL)
1019 error = getsock_cap(td->td_proc->p_fd, s, CAP_RECV, &fp, NULL);
1025 error = mac_socket_check_receive(td->td_ucred, so);
1032 auio.uio_iov = mp->msg_iov;
1033 auio.uio_iovcnt = mp->msg_iovlen;
1034 auio.uio_segflg = UIO_USERSPACE;
1035 auio.uio_rw = UIO_READ;
1037 auio.uio_offset = 0; /* XXX */
1040 for (i = 0; i < mp->msg_iovlen; i++, iov++) {
1041 if ((auio.uio_resid += iov->iov_len) < 0) {
1047 if (KTRPOINT(td, KTR_GENIO))
1048 ktruio = cloneuio(&auio);
1050 len = auio.uio_resid;
1051 error = soreceive(so, &fromsa, &auio, NULL,
1052 (mp->msg_control || controlp) ? &control : NULL,
1055 if (auio.uio_resid != len && (error == ERESTART ||
1056 error == EINTR || error == EWOULDBLOCK))
1060 AUDIT_ARG_SOCKADDR(td, AT_FDCWD, fromsa);
1062 if (ktruio != NULL) {
1063 ktruio->uio_resid = len - auio.uio_resid;
1064 ktrgenio(s, UIO_READ, ktruio, error);
1069 td->td_retval[0] = len - auio.uio_resid;
1071 len = mp->msg_namelen;
1072 if (len <= 0 || fromsa == NULL)
1075 /* save sa_len before it is destroyed by MSG_COMPAT */
1076 len = MIN(len, fromsa->sa_len);
1077 #ifdef COMPAT_OLDSOCK
1078 if (mp->msg_flags & MSG_COMPAT)
1079 ((struct osockaddr *)fromsa)->sa_family =
1082 if (fromseg == UIO_USERSPACE) {
1083 error = copyout(fromsa, mp->msg_name,
1088 bcopy(fromsa, mp->msg_name, len);
1090 mp->msg_namelen = len;
1092 if (mp->msg_control && controlp == NULL) {
1093 #ifdef COMPAT_OLDSOCK
1095 * We assume that old recvmsg calls won't receive access
1096 * rights and other control info, esp. as control info
1097 * is always optional and those options didn't exist in 4.3.
1098 * If we receive rights, trim the cmsghdr; anything else
1101 if (control && mp->msg_flags & MSG_COMPAT) {
1102 if (mtod(control, struct cmsghdr *)->cmsg_level !=
1104 mtod(control, struct cmsghdr *)->cmsg_type !=
1106 mp->msg_controllen = 0;
1109 control->m_len -= sizeof (struct cmsghdr);
1110 control->m_data += sizeof (struct cmsghdr);
1113 len = mp->msg_controllen;
1115 mp->msg_controllen = 0;
1116 ctlbuf = mp->msg_control;
1118 while (m && len > 0) {
1119 unsigned int tocopy;
1121 if (len >= m->m_len)
1124 mp->msg_flags |= MSG_CTRUNC;
1128 if ((error = copyout(mtod(m, caddr_t),
1129 ctlbuf, tocopy)) != 0)
1136 mp->msg_controllen = ctlbuf - (caddr_t)mp->msg_control;
1141 if (fromsa && KTRPOINT(td, KTR_STRUCT))
1142 ktrsockaddr(fromsa);
1145 free(fromsa, M_SONAME);
1147 if (error == 0 && controlp != NULL)
1148 *controlp = control;
1156 recvit(td, s, mp, namelenp)
1164 error = kern_recvit(td, s, mp, UIO_USERSPACE, NULL);
1168 error = copyout(&mp->msg_namelen, namelenp, sizeof (socklen_t));
1169 #ifdef COMPAT_OLDSOCK
1170 if (mp->msg_flags & MSG_COMPAT)
1171 error = 0; /* old recvfrom didn't check */
1178 sys_recvfrom(td, uap)
1180 struct recvfrom_args /* {
1185 struct sockaddr * __restrict from;
1186 socklen_t * __restrict fromlenaddr;
1193 if (uap->fromlenaddr) {
1194 error = copyin(uap->fromlenaddr,
1195 &msg.msg_namelen, sizeof (msg.msg_namelen));
1199 msg.msg_namelen = 0;
1201 msg.msg_name = uap->from;
1202 msg.msg_iov = &aiov;
1204 aiov.iov_base = uap->buf;
1205 aiov.iov_len = uap->len;
1206 msg.msg_control = 0;
1207 msg.msg_flags = uap->flags;
1208 error = recvit(td, uap->s, &msg, uap->fromlenaddr);
1213 #ifdef COMPAT_OLDSOCK
1217 struct recvfrom_args *uap;
1220 uap->flags |= MSG_COMPAT;
1221 return (sys_recvfrom(td, uap));
1225 #ifdef COMPAT_OLDSOCK
1229 struct orecv_args /* {
1241 msg.msg_namelen = 0;
1242 msg.msg_iov = &aiov;
1244 aiov.iov_base = uap->buf;
1245 aiov.iov_len = uap->len;
1246 msg.msg_control = 0;
1247 msg.msg_flags = uap->flags;
1248 error = recvit(td, uap->s, &msg, NULL);
1253 * Old recvmsg. This code takes advantage of the fact that the old msghdr
1254 * overlays the new one, missing only the flags, and with the (old) access
1255 * rights where the control fields are now.
1260 struct orecvmsg_args /* {
1262 struct omsghdr *msg;
1270 error = copyin(uap->msg, &msg, sizeof (struct omsghdr));
1273 error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1276 msg.msg_flags = uap->flags | MSG_COMPAT;
1278 error = recvit(td, uap->s, &msg, &uap->msg->msg_namelen);
1279 if (msg.msg_controllen && error == 0)
1280 error = copyout(&msg.msg_controllen,
1281 &uap->msg->msg_accrightslen, sizeof (int));
1288 sys_recvmsg(td, uap)
1290 struct recvmsg_args /* {
1297 struct iovec *uiov, *iov;
1300 error = copyin(uap->msg, &msg, sizeof (msg));
1303 error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1306 msg.msg_flags = uap->flags;
1307 #ifdef COMPAT_OLDSOCK
1308 msg.msg_flags &= ~MSG_COMPAT;
1312 error = recvit(td, uap->s, &msg, NULL);
1315 error = copyout(&msg, uap->msg, sizeof(msg));
1323 sys_shutdown(td, uap)
1325 struct shutdown_args /* {
1334 AUDIT_ARG_FD(uap->s);
1335 error = getsock_cap(td->td_proc->p_fd, uap->s, CAP_SHUTDOWN, &fp,
1339 error = soshutdown(so, uap->how);
1347 sys_setsockopt(td, uap)
1349 struct setsockopt_args /* {
1358 return (kern_setsockopt(td, uap->s, uap->level, uap->name,
1359 uap->val, UIO_USERSPACE, uap->valsize));
1363 kern_setsockopt(td, s, level, name, val, valseg, valsize)
1369 enum uio_seg valseg;
1375 struct sockopt sopt;
1377 if (val == NULL && valsize != 0)
1379 if ((int)valsize < 0)
1382 sopt.sopt_dir = SOPT_SET;
1383 sopt.sopt_level = level;
1384 sopt.sopt_name = name;
1385 sopt.sopt_val = val;
1386 sopt.sopt_valsize = valsize;
1392 sopt.sopt_td = NULL;
1395 panic("kern_setsockopt called with bad valseg");
1399 error = getsock_cap(td->td_proc->p_fd, s, CAP_SETSOCKOPT, &fp, NULL);
1402 error = sosetopt(so, &sopt);
1410 sys_getsockopt(td, uap)
1412 struct getsockopt_args /* {
1416 void * __restrict val;
1417 socklen_t * __restrict avalsize;
1424 error = copyin(uap->avalsize, &valsize, sizeof (valsize));
1429 error = kern_getsockopt(td, uap->s, uap->level, uap->name,
1430 uap->val, UIO_USERSPACE, &valsize);
1433 error = copyout(&valsize, uap->avalsize, sizeof (valsize));
1438 * Kernel version of getsockopt.
1439 * optval can be a userland or userspace. optlen is always a kernel pointer.
1442 kern_getsockopt(td, s, level, name, val, valseg, valsize)
1448 enum uio_seg valseg;
1454 struct sockopt sopt;
1458 if ((int)*valsize < 0)
1461 sopt.sopt_dir = SOPT_GET;
1462 sopt.sopt_level = level;
1463 sopt.sopt_name = name;
1464 sopt.sopt_val = val;
1465 sopt.sopt_valsize = (size_t)*valsize; /* checked non-negative above */
1471 sopt.sopt_td = NULL;
1474 panic("kern_getsockopt called with bad valseg");
1478 error = getsock_cap(td->td_proc->p_fd, s, CAP_GETSOCKOPT, &fp, NULL);
1481 error = sogetopt(so, &sopt);
1482 *valsize = sopt.sopt_valsize;
1489 * getsockname1() - Get socket name.
1493 getsockname1(td, uap, compat)
1495 struct getsockname_args /* {
1497 struct sockaddr * __restrict asa;
1498 socklen_t * __restrict alen;
1502 struct sockaddr *sa;
1506 error = copyin(uap->alen, &len, sizeof(len));
1510 error = kern_getsockname(td, uap->fdes, &sa, &len);
1515 #ifdef COMPAT_OLDSOCK
1517 ((struct osockaddr *)sa)->sa_family = sa->sa_family;
1519 error = copyout(sa, uap->asa, (u_int)len);
1523 error = copyout(&len, uap->alen, sizeof(len));
1528 kern_getsockname(struct thread *td, int fd, struct sockaddr **sa,
1540 error = getsock_cap(td->td_proc->p_fd, fd, CAP_GETSOCKNAME, &fp, NULL);
1545 CURVNET_SET(so->so_vnet);
1546 error = (*so->so_proto->pr_usrreqs->pru_sockaddr)(so, sa);
1553 len = MIN(*alen, (*sa)->sa_len);
1556 if (KTRPOINT(td, KTR_STRUCT))
1562 free(*sa, M_SONAME);
1569 sys_getsockname(td, uap)
1571 struct getsockname_args *uap;
1574 return (getsockname1(td, uap, 0));
1577 #ifdef COMPAT_OLDSOCK
1579 ogetsockname(td, uap)
1581 struct getsockname_args *uap;
1584 return (getsockname1(td, uap, 1));
1586 #endif /* COMPAT_OLDSOCK */
1589 * getpeername1() - Get name of peer for connected socket.
1593 getpeername1(td, uap, compat)
1595 struct getpeername_args /* {
1597 struct sockaddr * __restrict asa;
1598 socklen_t * __restrict alen;
1602 struct sockaddr *sa;
1606 error = copyin(uap->alen, &len, sizeof (len));
1610 error = kern_getpeername(td, uap->fdes, &sa, &len);
1615 #ifdef COMPAT_OLDSOCK
1617 ((struct osockaddr *)sa)->sa_family = sa->sa_family;
1619 error = copyout(sa, uap->asa, (u_int)len);
1623 error = copyout(&len, uap->alen, sizeof(len));
1628 kern_getpeername(struct thread *td, int fd, struct sockaddr **sa,
1640 error = getsock_cap(td->td_proc->p_fd, fd, CAP_GETPEERNAME, &fp, NULL);
1644 if ((so->so_state & (SS_ISCONNECTED|SS_ISCONFIRMING)) == 0) {
1649 CURVNET_SET(so->so_vnet);
1650 error = (*so->so_proto->pr_usrreqs->pru_peeraddr)(so, sa);
1657 len = MIN(*alen, (*sa)->sa_len);
1660 if (KTRPOINT(td, KTR_STRUCT))
1665 free(*sa, M_SONAME);
1674 sys_getpeername(td, uap)
1676 struct getpeername_args *uap;
1679 return (getpeername1(td, uap, 0));
1682 #ifdef COMPAT_OLDSOCK
1684 ogetpeername(td, uap)
1686 struct ogetpeername_args *uap;
1689 /* XXX uap should have type `getpeername_args *' to begin with. */
1690 return (getpeername1(td, (struct getpeername_args *)uap, 1));
1692 #endif /* COMPAT_OLDSOCK */
1695 sockargs(mp, buf, buflen, type)
1700 struct sockaddr *sa;
1704 if (buflen > MLEN) {
1705 #ifdef COMPAT_OLDSOCK
1706 if (type == MT_SONAME && buflen <= 112)
1707 buflen = MLEN; /* unix domain compat. hack */
1710 if (buflen > MCLBYTES)
1713 m = m_get2(buflen, M_WAITOK, type, 0);
1715 error = copyin(buf, mtod(m, caddr_t), (u_int)buflen);
1720 if (type == MT_SONAME) {
1721 sa = mtod(m, struct sockaddr *);
1723 #if defined(COMPAT_OLDSOCK) && BYTE_ORDER != BIG_ENDIAN
1724 if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1725 sa->sa_family = sa->sa_len;
1727 sa->sa_len = buflen;
1734 getsockaddr(namp, uaddr, len)
1735 struct sockaddr **namp;
1739 struct sockaddr *sa;
1742 if (len > SOCK_MAXADDRLEN)
1743 return (ENAMETOOLONG);
1744 if (len < offsetof(struct sockaddr, sa_data[0]))
1746 sa = malloc(len, M_SONAME, M_WAITOK);
1747 error = copyin(uaddr, sa, len);
1751 #if defined(COMPAT_OLDSOCK) && BYTE_ORDER != BIG_ENDIAN
1752 if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1753 sa->sa_family = sa->sa_len;
1761 #include <sys/condvar.h>
1763 struct sendfile_sync {
1770 * Detach mapped page and release resources back to the system.
1773 sf_buf_mext(void *addr, void *args)
1776 struct sendfile_sync *sfs;
1778 m = sf_buf_page(args);
1781 vm_page_unwire(m, 0);
1783 * Check for the object going away on us. This can
1784 * happen since we don't hold a reference to it.
1785 * If so, we're responsible for freeing the page.
1787 if (m->wire_count == 0 && m->object == NULL)
1793 mtx_lock(&sfs->mtx);
1794 KASSERT(sfs->count> 0, ("Sendfile sync botchup count == 0"));
1795 if (--sfs->count == 0)
1796 cv_signal(&sfs->cv);
1797 mtx_unlock(&sfs->mtx);
1803 * int sendfile(int fd, int s, off_t offset, size_t nbytes,
1804 * struct sf_hdtr *hdtr, off_t *sbytes, int flags)
1806 * Send a file specified by 'fd' and starting at 'offset' to a socket
1807 * specified by 's'. Send only 'nbytes' of the file or until EOF if nbytes ==
1808 * 0. Optionally add a header and/or trailer to the socket output. If
1809 * specified, write the total number of bytes sent into *sbytes.
1812 sys_sendfile(struct thread *td, struct sendfile_args *uap)
1815 return (do_sendfile(td, uap, 0));
1819 do_sendfile(struct thread *td, struct sendfile_args *uap, int compat)
1821 struct sf_hdtr hdtr;
1822 struct uio *hdr_uio, *trl_uio;
1825 hdr_uio = trl_uio = NULL;
1827 if (uap->hdtr != NULL) {
1828 error = copyin(uap->hdtr, &hdtr, sizeof(hdtr));
1831 if (hdtr.headers != NULL) {
1832 error = copyinuio(hdtr.headers, hdtr.hdr_cnt, &hdr_uio);
1836 if (hdtr.trailers != NULL) {
1837 error = copyinuio(hdtr.trailers, hdtr.trl_cnt, &trl_uio);
1844 error = kern_sendfile(td, uap, hdr_uio, trl_uio, compat);
1847 free(hdr_uio, M_IOV);
1849 free(trl_uio, M_IOV);
1853 #ifdef COMPAT_FREEBSD4
1855 freebsd4_sendfile(struct thread *td, struct freebsd4_sendfile_args *uap)
1857 struct sendfile_args args;
1861 args.offset = uap->offset;
1862 args.nbytes = uap->nbytes;
1863 args.hdtr = uap->hdtr;
1864 args.sbytes = uap->sbytes;
1865 args.flags = uap->flags;
1867 return (do_sendfile(td, &args, 1));
1869 #endif /* COMPAT_FREEBSD4 */
1872 kern_sendfile(struct thread *td, struct sendfile_args *uap,
1873 struct uio *hdr_uio, struct uio *trl_uio, int compat)
1875 struct file *sock_fp;
1877 struct vm_object *obj = NULL;
1878 struct socket *so = NULL;
1879 struct mbuf *m = NULL;
1882 off_t off, xfsize, fsbytes = 0, sbytes = 0, rem = 0;
1883 int error, hdrlen = 0, mnw = 0;
1884 struct sendfile_sync *sfs = NULL;
1887 * The file descriptor must be a regular file and have a
1888 * backing VM object.
1889 * File offset must be positive. If it goes beyond EOF
1890 * we send only the header/trailer and no payload data.
1892 AUDIT_ARG_FD(uap->fd);
1894 * sendfile(2) can start at any offset within a file so we require
1895 * CAP_READ+CAP_SEEK = CAP_PREAD.
1897 if ((error = fgetvp_read(td, uap->fd, CAP_PREAD, &vp)) != 0)
1899 vn_lock(vp, LK_SHARED | LK_RETRY);
1900 if (vp->v_type == VREG) {
1904 * Temporarily increase the backing VM
1905 * object's reference count so that a forced
1906 * reclamation of its vnode does not
1907 * immediately destroy it.
1909 VM_OBJECT_WLOCK(obj);
1910 if ((obj->flags & OBJ_DEAD) == 0) {
1911 vm_object_reference_locked(obj);
1912 VM_OBJECT_WUNLOCK(obj);
1914 VM_OBJECT_WUNLOCK(obj);
1924 if (uap->offset < 0) {
1930 * The socket must be a stream socket and connected.
1931 * Remember if it a blocking or non-blocking socket.
1933 if ((error = getsock_cap(td->td_proc->p_fd, uap->s, CAP_SEND,
1934 &sock_fp, NULL)) != 0)
1936 so = sock_fp->f_data;
1937 if (so->so_type != SOCK_STREAM) {
1941 if ((so->so_state & SS_ISCONNECTED) == 0) {
1946 * Do not wait on memory allocations but return ENOMEM for
1947 * caller to retry later.
1948 * XXX: Experimental.
1950 if (uap->flags & SF_MNOWAIT)
1953 if (uap->flags & SF_SYNC) {
1954 sfs = malloc(sizeof *sfs, M_TEMP, M_WAITOK | M_ZERO);
1955 mtx_init(&sfs->mtx, "sendfile", NULL, MTX_DEF);
1956 cv_init(&sfs->cv, "sendfile");
1960 error = mac_socket_check_send(td->td_ucred, so);
1965 /* If headers are specified copy them into mbufs. */
1966 if (hdr_uio != NULL) {
1967 hdr_uio->uio_td = td;
1968 hdr_uio->uio_rw = UIO_WRITE;
1969 if (hdr_uio->uio_resid > 0) {
1971 * In FBSD < 5.0 the nbytes to send also included
1972 * the header. If compat is specified subtract the
1973 * header size from nbytes.
1976 if (uap->nbytes > hdr_uio->uio_resid)
1977 uap->nbytes -= hdr_uio->uio_resid;
1981 m = m_uiotombuf(hdr_uio, (mnw ? M_NOWAIT : M_WAITOK),
1984 error = mnw ? EAGAIN : ENOBUFS;
1987 hdrlen = m_length(m, NULL);
1992 * Protect against multiple writers to the socket.
1994 * XXXRW: Historically this has assumed non-interruptibility, so now
1995 * we implement that, but possibly shouldn't.
1997 (void)sblock(&so->so_snd, SBL_WAIT | SBL_NOINTR);
2000 * Loop through the pages of the file, starting with the requested
2001 * offset. Get a file page (do I/O if necessary), map the file page
2002 * into an sf_buf, attach an mbuf header to the sf_buf, and queue
2004 * This is done in two loops. The inner loop turns as many pages
2005 * as it can, up to available socket buffer space, without blocking
2006 * into mbufs to have it bulk delivered into the socket send buffer.
2007 * The outer loop checks the state and available space of the socket
2008 * and takes care of the overall progress.
2010 for (off = uap->offset, rem = uap->nbytes; ; ) {
2011 struct mbuf *mtail = NULL;
2017 * Check the socket state for ongoing connection,
2018 * no errors and space in socket buffer.
2019 * If space is low allow for the remainder of the
2020 * file to be processed if it fits the socket buffer.
2021 * Otherwise block in waiting for sufficient space
2022 * to proceed, or if the socket is nonblocking, return
2023 * to userland with EAGAIN while reporting how far
2025 * We wait until the socket buffer has significant free
2026 * space to do bulk sends. This makes good use of file
2027 * system read ahead and allows packet segmentation
2028 * offloading hardware to take over lots of work. If
2029 * we were not careful here we would send off only one
2032 SOCKBUF_LOCK(&so->so_snd);
2033 if (so->so_snd.sb_lowat < so->so_snd.sb_hiwat / 2)
2034 so->so_snd.sb_lowat = so->so_snd.sb_hiwat / 2;
2036 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2038 SOCKBUF_UNLOCK(&so->so_snd);
2040 } else if (so->so_error) {
2041 error = so->so_error;
2043 SOCKBUF_UNLOCK(&so->so_snd);
2046 space = sbspace(&so->so_snd);
2049 space < so->so_snd.sb_lowat)) {
2050 if (so->so_state & SS_NBIO) {
2051 SOCKBUF_UNLOCK(&so->so_snd);
2056 * sbwait drops the lock while sleeping.
2057 * When we loop back to retry_space the
2058 * state may have changed and we retest
2061 error = sbwait(&so->so_snd);
2063 * An error from sbwait usually indicates that we've
2064 * been interrupted by a signal. If we've sent anything
2065 * then return bytes sent, otherwise return the error.
2068 SOCKBUF_UNLOCK(&so->so_snd);
2073 SOCKBUF_UNLOCK(&so->so_snd);
2076 * Reduce space in the socket buffer by the size of
2077 * the header mbuf chain.
2078 * hdrlen is set to 0 after the first loop.
2083 * Loop and construct maximum sized mbuf chain to be bulk
2084 * dumped into socket buffer.
2086 while (space > loopbytes) {
2091 VM_OBJECT_WLOCK(obj);
2093 * Calculate the amount to transfer.
2094 * Not to exceed a page, the EOF,
2095 * or the passed in nbytes.
2097 pgoff = (vm_offset_t)(off & PAGE_MASK);
2098 xfsize = omin(PAGE_SIZE - pgoff,
2099 obj->un_pager.vnp.vnp_size - uap->offset -
2100 fsbytes - loopbytes);
2102 rem = (uap->nbytes - fsbytes - loopbytes);
2104 rem = obj->un_pager.vnp.vnp_size -
2105 uap->offset - fsbytes - loopbytes;
2106 xfsize = omin(rem, xfsize);
2107 xfsize = omin(space - loopbytes, xfsize);
2109 VM_OBJECT_WUNLOCK(obj);
2110 done = 1; /* all data sent */
2115 * Attempt to look up the page. Allocate
2116 * if not found or wait and loop if busy.
2118 pindex = OFF_TO_IDX(off);
2119 pg = vm_page_grab(obj, pindex, VM_ALLOC_NOBUSY |
2120 VM_ALLOC_NORMAL | VM_ALLOC_WIRED | VM_ALLOC_RETRY);
2123 * Check if page is valid for what we need,
2124 * otherwise initiate I/O.
2125 * If we already turned some pages into mbufs,
2126 * send them off before we come here again and
2129 if (pg->valid && vm_page_is_valid(pg, pgoff, xfsize))
2130 VM_OBJECT_WUNLOCK(obj);
2132 error = EAGAIN; /* send what we already got */
2133 else if (uap->flags & SF_NODISKIO)
2140 * Ensure that our page is still around
2141 * when the I/O completes.
2143 vm_page_io_start(pg);
2144 VM_OBJECT_WUNLOCK(obj);
2147 * Get the page from backing store.
2149 error = vn_lock(vp, LK_SHARED);
2152 bsize = vp->v_mount->mnt_stat.f_iosize;
2155 * XXXMAC: Because we don't have fp->f_cred
2156 * here, we pass in NOCRED. This is probably
2157 * wrong, but is consistent with our original
2160 error = vn_rdwr(UIO_READ, vp, NULL, MAXBSIZE,
2161 trunc_page(off), UIO_NOCOPY, IO_NODELOCKED |
2162 IO_VMIO | ((MAXBSIZE / bsize) << IO_SEQSHIFT),
2163 td->td_ucred, NOCRED, &resid, td);
2166 VM_OBJECT_WLOCK(obj);
2167 vm_page_io_finish(pg);
2169 VM_OBJECT_WUNLOCK(obj);
2174 vm_page_unwire(pg, 0);
2176 * See if anyone else might know about
2177 * this page. If not and it is not valid,
2180 if (pg->wire_count == 0 && pg->valid == 0 &&
2181 pg->busy == 0 && !(pg->oflags & VPO_BUSY))
2184 VM_OBJECT_WUNLOCK(obj);
2185 if (error == EAGAIN)
2186 error = 0; /* not a real error */
2191 * Get a sendfile buf. When allocating the
2192 * first buffer for mbuf chain, we usually
2193 * wait as long as necessary, but this wait
2194 * can be interrupted. For consequent
2195 * buffers, do not sleep, since several
2196 * threads might exhaust the buffers and then
2199 sf = sf_buf_alloc(pg, (mnw || m != NULL) ? SFB_NOWAIT :
2202 mbstat.sf_allocfail++;
2204 vm_page_unwire(pg, 0);
2205 KASSERT(pg->object != NULL,
2206 ("kern_sendfile: object disappeared"));
2209 error = (mnw ? EAGAIN : EINTR);
2214 * Get an mbuf and set it up as having
2217 m0 = m_get((mnw ? M_NOWAIT : M_WAITOK), MT_DATA);
2219 error = (mnw ? EAGAIN : ENOBUFS);
2220 sf_buf_mext((void *)sf_buf_kva(sf), sf);
2223 if (m_extadd(m0, (caddr_t )sf_buf_kva(sf), PAGE_SIZE,
2224 sf_buf_mext, sfs, sf, M_RDONLY, EXT_SFBUF,
2225 (mnw ? M_NOWAIT : M_WAITOK)) != 0) {
2226 error = (mnw ? EAGAIN : ENOBUFS);
2227 sf_buf_mext((void *)sf_buf_kva(sf), sf);
2231 m0->m_data = (char *)sf_buf_kva(sf) + pgoff;
2234 /* Append to mbuf chain. */
2238 m_last(m)->m_next = m0;
2243 /* Keep track of bits processed. */
2244 loopbytes += xfsize;
2248 mtx_lock(&sfs->mtx);
2250 mtx_unlock(&sfs->mtx);
2254 /* Add the buffer chain to the socket buffer. */
2258 mlen = m_length(m, NULL);
2259 SOCKBUF_LOCK(&so->so_snd);
2260 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2262 SOCKBUF_UNLOCK(&so->so_snd);
2265 SOCKBUF_UNLOCK(&so->so_snd);
2266 CURVNET_SET(so->so_vnet);
2267 /* Avoid error aliasing. */
2268 err = (*so->so_proto->pr_usrreqs->pru_send)
2269 (so, 0, m, NULL, NULL, td);
2273 * We need two counters to get the
2274 * file offset and nbytes to send
2276 * - sbytes contains the total amount
2277 * of bytes sent, including headers.
2278 * - fsbytes contains the total amount
2279 * of bytes sent from the file.
2287 } else if (error == 0)
2289 m = NULL; /* pru_send always consumes */
2292 /* Quit outer loop on error or when we're done. */
2300 * Send trailers. Wimp out and use writev(2).
2302 if (trl_uio != NULL) {
2303 sbunlock(&so->so_snd);
2304 error = kern_writev(td, uap->s, trl_uio);
2306 sbytes += td->td_retval[0];
2311 sbunlock(&so->so_snd);
2314 * If there was no error we have to clear td->td_retval[0]
2315 * because it may have been set by writev.
2318 td->td_retval[0] = 0;
2320 if (uap->sbytes != NULL) {
2321 copyout(&sbytes, uap->sbytes, sizeof(off_t));
2324 vm_object_deallocate(obj);
2333 mtx_lock(&sfs->mtx);
2334 if (sfs->count != 0)
2335 cv_wait(&sfs->cv, &sfs->mtx);
2336 KASSERT(sfs->count == 0, ("sendfile sync still busy"));
2337 cv_destroy(&sfs->cv);
2338 mtx_destroy(&sfs->mtx);
2342 if (error == ERESTART)
2350 * Functionality only compiled in if SCTP is defined in the kernel Makefile,
2351 * otherwise all return EOPNOTSUPP.
2352 * XXX: We should make this loadable one day.
2355 sys_sctp_peeloff(td, uap)
2357 struct sctp_peeloff_args /* {
2362 #if (defined(INET) || defined(INET6)) && defined(SCTP)
2363 struct file *nfp = NULL;
2365 struct socket *head, *so;
2369 AUDIT_ARG_FD(uap->sd);
2370 error = fgetsock(td, uap->sd, CAP_PEELOFF, &head, &fflag);
2373 if (head->so_proto->pr_protocol != IPPROTO_SCTP) {
2377 error = sctp_can_peel_off(head, (sctp_assoc_t)uap->name);
2381 * At this point we know we do have a assoc to pull
2382 * we proceed to get the fd setup. This may block
2386 error = falloc(td, &nfp, &fd, 0);
2389 td->td_retval[0] = fd;
2391 CURVNET_SET(head->so_vnet);
2392 so = sonewconn(head, SS_ISCONNECTED);
2398 * Before changing the flags on the socket, we have to bump the
2399 * reference count. Otherwise, if the protocol calls sofree(),
2400 * the socket will be released due to a zero refcount.
2403 soref(so); /* file descriptor reference */
2408 TAILQ_REMOVE(&head->so_comp, so, so_list);
2410 so->so_state |= (head->so_state & SS_NBIO);
2411 so->so_state &= ~SS_NOFDREF;
2412 so->so_qstate &= ~SQ_COMP;
2415 finit(nfp, fflag, DTYPE_SOCKET, so, &socketops);
2416 error = sctp_do_peeloff(head, so, (sctp_assoc_t)uap->name);
2419 if (head->so_sigio != NULL)
2420 fsetown(fgetown(&head->so_sigio), &so->so_sigio);
2424 * close the new descriptor, assuming someone hasn't ripped it
2425 * out from under us.
2428 fdclose(td->td_proc->p_fd, nfp, fd, td);
2431 * Release explicitly held references before returning.
2441 return (EOPNOTSUPP);
2446 sys_sctp_generic_sendmsg (td, uap)
2448 struct sctp_generic_sendmsg_args /* {
2454 struct sctp_sndrcvinfo *sinfo,
2458 #if (defined(INET) || defined(INET6)) && defined(SCTP)
2459 struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL;
2461 struct file *fp = NULL;
2463 struct sockaddr *to = NULL;
2465 struct uio *ktruio = NULL;
2468 struct iovec iov[1];
2469 cap_rights_t rights;
2472 error = copyin(uap->sinfo, &sinfo, sizeof (sinfo));
2480 error = getsockaddr(&to, uap->to, uap->tolen);
2485 rights |= CAP_CONNECT;
2488 AUDIT_ARG_FD(uap->sd);
2489 error = getsock_cap(td->td_proc->p_fd, uap->sd, rights, &fp, NULL);
2493 if (to && (KTRPOINT(td, KTR_STRUCT)))
2497 iov[0].iov_base = uap->msg;
2498 iov[0].iov_len = uap->mlen;
2500 so = (struct socket *)fp->f_data;
2501 if (so->so_proto->pr_protocol != IPPROTO_SCTP) {
2506 error = mac_socket_check_send(td->td_ucred, so);
2512 auio.uio_iovcnt = 1;
2513 auio.uio_segflg = UIO_USERSPACE;
2514 auio.uio_rw = UIO_WRITE;
2516 auio.uio_offset = 0; /* XXX */
2518 len = auio.uio_resid = uap->mlen;
2519 CURVNET_SET(so->so_vnet);
2520 error = sctp_lower_sosend(so, to, &auio,
2521 (struct mbuf *)NULL, (struct mbuf *)NULL,
2522 uap->flags, u_sinfo, td);
2525 if (auio.uio_resid != len && (error == ERESTART ||
2526 error == EINTR || error == EWOULDBLOCK))
2528 /* Generation of SIGPIPE can be controlled per socket. */
2529 if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
2530 !(uap->flags & MSG_NOSIGNAL)) {
2531 PROC_LOCK(td->td_proc);
2532 tdsignal(td, SIGPIPE);
2533 PROC_UNLOCK(td->td_proc);
2537 td->td_retval[0] = len - auio.uio_resid;
2539 if (ktruio != NULL) {
2540 ktruio->uio_resid = td->td_retval[0];
2541 ktrgenio(uap->sd, UIO_WRITE, ktruio, error);
2552 return (EOPNOTSUPP);
2557 sys_sctp_generic_sendmsg_iov(td, uap)
2559 struct sctp_generic_sendmsg_iov_args /* {
2565 struct sctp_sndrcvinfo *sinfo,
2569 #if (defined(INET) || defined(INET6)) && defined(SCTP)
2570 struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL;
2572 struct file *fp = NULL;
2575 struct sockaddr *to = NULL;
2577 struct uio *ktruio = NULL;
2580 struct iovec *iov, *tiov;
2581 cap_rights_t rights;
2584 error = copyin(uap->sinfo, &sinfo, sizeof (sinfo));
2591 error = getsockaddr(&to, uap->to, uap->tolen);
2596 rights |= CAP_CONNECT;
2599 AUDIT_ARG_FD(uap->sd);
2600 error = getsock_cap(td->td_proc->p_fd, uap->sd, rights, &fp, NULL);
2604 #ifdef COMPAT_FREEBSD32
2605 if (SV_CURPROC_FLAG(SV_ILP32))
2606 error = freebsd32_copyiniov((struct iovec32 *)uap->iov,
2607 uap->iovlen, &iov, EMSGSIZE);
2610 error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE);
2614 if (to && (KTRPOINT(td, KTR_STRUCT)))
2618 so = (struct socket *)fp->f_data;
2619 if (so->so_proto->pr_protocol != IPPROTO_SCTP) {
2624 error = mac_socket_check_send(td->td_ucred, so);
2630 auio.uio_iovcnt = uap->iovlen;
2631 auio.uio_segflg = UIO_USERSPACE;
2632 auio.uio_rw = UIO_WRITE;
2634 auio.uio_offset = 0; /* XXX */
2637 for (i = 0; i <uap->iovlen; i++, tiov++) {
2638 if ((auio.uio_resid += tiov->iov_len) < 0) {
2643 len = auio.uio_resid;
2644 CURVNET_SET(so->so_vnet);
2645 error = sctp_lower_sosend(so, to, &auio,
2646 (struct mbuf *)NULL, (struct mbuf *)NULL,
2647 uap->flags, u_sinfo, td);
2650 if (auio.uio_resid != len && (error == ERESTART ||
2651 error == EINTR || error == EWOULDBLOCK))
2653 /* Generation of SIGPIPE can be controlled per socket */
2654 if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
2655 !(uap->flags & MSG_NOSIGNAL)) {
2656 PROC_LOCK(td->td_proc);
2657 tdsignal(td, SIGPIPE);
2658 PROC_UNLOCK(td->td_proc);
2662 td->td_retval[0] = len - auio.uio_resid;
2664 if (ktruio != NULL) {
2665 ktruio->uio_resid = td->td_retval[0];
2666 ktrgenio(uap->sd, UIO_WRITE, ktruio, error);
2679 return (EOPNOTSUPP);
2684 sys_sctp_generic_recvmsg(td, uap)
2686 struct sctp_generic_recvmsg_args /* {
2690 struct sockaddr *from,
2691 __socklen_t *fromlenaddr,
2692 struct sctp_sndrcvinfo *sinfo,
2696 #if (defined(INET) || defined(INET6)) && defined(SCTP)
2697 uint8_t sockbufstore[256];
2699 struct iovec *iov, *tiov;
2700 struct sctp_sndrcvinfo sinfo;
2702 struct file *fp = NULL;
2703 struct sockaddr *fromsa;
2709 struct uio *ktruio = NULL;
2712 AUDIT_ARG_FD(uap->sd);
2713 error = getsock_cap(td->td_proc->p_fd, uap->sd, CAP_RECV, &fp, NULL);
2717 #ifdef COMPAT_FREEBSD32
2718 if (SV_CURPROC_FLAG(SV_ILP32))
2719 error = freebsd32_copyiniov((struct iovec32 *)uap->iov,
2720 uap->iovlen, &iov, EMSGSIZE);
2723 error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE);
2728 if (so->so_proto->pr_protocol != IPPROTO_SCTP) {
2733 error = mac_socket_check_receive(td->td_ucred, so);
2739 if (uap->fromlenaddr) {
2740 error = copyin(uap->fromlenaddr,
2741 &fromlen, sizeof (fromlen));
2748 if (uap->msg_flags) {
2749 error = copyin(uap->msg_flags, &msg_flags, sizeof (int));
2757 auio.uio_iovcnt = uap->iovlen;
2758 auio.uio_segflg = UIO_USERSPACE;
2759 auio.uio_rw = UIO_READ;
2761 auio.uio_offset = 0; /* XXX */
2764 for (i = 0; i <uap->iovlen; i++, tiov++) {
2765 if ((auio.uio_resid += tiov->iov_len) < 0) {
2770 len = auio.uio_resid;
2771 fromsa = (struct sockaddr *)sockbufstore;
2774 if (KTRPOINT(td, KTR_GENIO))
2775 ktruio = cloneuio(&auio);
2777 memset(&sinfo, 0, sizeof(struct sctp_sndrcvinfo));
2778 CURVNET_SET(so->so_vnet);
2779 error = sctp_sorecvmsg(so, &auio, (struct mbuf **)NULL,
2780 fromsa, fromlen, &msg_flags,
2781 (struct sctp_sndrcvinfo *)&sinfo, 1);
2784 if (auio.uio_resid != len && (error == ERESTART ||
2785 error == EINTR || error == EWOULDBLOCK))
2789 error = copyout(&sinfo, uap->sinfo, sizeof (sinfo));
2792 if (ktruio != NULL) {
2793 ktruio->uio_resid = len - auio.uio_resid;
2794 ktrgenio(uap->sd, UIO_READ, ktruio, error);
2799 td->td_retval[0] = len - auio.uio_resid;
2801 if (fromlen && uap->from) {
2803 if (len <= 0 || fromsa == 0)
2806 len = MIN(len, fromsa->sa_len);
2807 error = copyout(fromsa, uap->from, (size_t)len);
2811 error = copyout(&len, uap->fromlenaddr, sizeof (socklen_t));
2817 if (KTRPOINT(td, KTR_STRUCT))
2818 ktrsockaddr(fromsa);
2820 if (uap->msg_flags) {
2821 error = copyout(&msg_flags, uap->msg_flags, sizeof (int));
2834 return (EOPNOTSUPP);