2 * Copyright (c) 1982, 1986, 1989, 1990, 1993
3 * The Regents of the University of California. All rights reserved.
5 * sendfile(2) and related extensions:
6 * Copyright (c) 1998, David Greenman. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * @(#)uipc_syscalls.c 8.4 (Berkeley) 2/21/94
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
38 #include "opt_capsicum.h"
40 #include "opt_inet6.h"
41 #include "opt_compat.h"
42 #include "opt_ktrace.h"
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/capsicum.h>
47 #include <sys/condvar.h>
48 #include <sys/kernel.h>
50 #include <sys/mutex.h>
51 #include <sys/sysproto.h>
52 #include <sys/malloc.h>
53 #include <sys/filedesc.h>
54 #include <sys/event.h>
56 #include <sys/fcntl.h>
58 #include <sys/filio.h>
61 #include <sys/mount.h>
63 #include <sys/protosw.h>
64 #include <sys/rwlock.h>
65 #include <sys/sf_buf.h>
66 #include <sys/sysent.h>
67 #include <sys/socket.h>
68 #include <sys/socketvar.h>
69 #include <sys/signalvar.h>
70 #include <sys/syscallsubr.h>
71 #include <sys/sysctl.h>
73 #include <sys/vnode.h>
75 #include <sys/ktrace.h>
77 #ifdef COMPAT_FREEBSD32
78 #include <compat/freebsd32/freebsd32_util.h>
83 #include <security/audit/audit.h>
84 #include <security/mac/mac_framework.h>
87 #include <vm/vm_param.h>
88 #include <vm/vm_object.h>
89 #include <vm/vm_page.h>
90 #include <vm/vm_pager.h>
91 #include <vm/vm_kern.h>
92 #include <vm/vm_extern.h>
96 * Flags for accept1() and kern_accept4(), in addition to SOCK_CLOEXEC
99 #define ACCEPT4_INHERIT 0x1
100 #define ACCEPT4_COMPAT 0x2
102 static int sendit(struct thread *td, int s, struct msghdr *mp, int flags);
103 static int recvit(struct thread *td, int s, struct msghdr *mp, void *namelenp);
105 static int accept1(struct thread *td, int s, struct sockaddr *uname,
106 socklen_t *anamelen, int flags);
107 static int do_sendfile(struct thread *td, struct sendfile_args *uap,
109 static int getsockname1(struct thread *td, struct getsockname_args *uap,
111 static int getpeername1(struct thread *td, struct getpeername_args *uap,
114 counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)];
117 * sendfile(2)-related variables and associated sysctls
119 static SYSCTL_NODE(_kern_ipc, OID_AUTO, sendfile, CTLFLAG_RW, 0,
120 "sendfile(2) tunables");
121 static int sfreadahead = 1;
122 SYSCTL_INT(_kern_ipc_sendfile, OID_AUTO, readahead, CTLFLAG_RW,
123 &sfreadahead, 0, "Number of sendfile(2) read-ahead MAXBSIZE blocks");
126 sfstat_init(const void *unused)
129 COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) / sizeof(uint64_t),
132 SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL);
135 sfstat_sysctl(SYSCTL_HANDLER_ARGS)
139 COUNTER_ARRAY_COPY(sfstat, &s, sizeof(s) / sizeof(uint64_t));
141 COUNTER_ARRAY_ZERO(sfstat, sizeof(s) / sizeof(uint64_t));
142 return (SYSCTL_OUT(req, &s, sizeof(s)));
144 SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE | CTLFLAG_RW,
145 NULL, 0, sfstat_sysctl, "I", "sendfile statistics");
148 * Convert a user file descriptor to a kernel file entry and check if required
149 * capability rights are present.
150 * A reference on the file entry is held upon returning.
153 getsock_cap(struct filedesc *fdp, int fd, cap_rights_t *rightsp,
154 struct file **fpp, u_int *fflagp)
159 error = fget_unlocked(fdp, fd, rightsp, 0, &fp, NULL);
162 if (fp->f_type != DTYPE_SOCKET) {
163 fdrop(fp, curthread);
167 *fflagp = fp->f_flag;
173 * System call interface to the socket abstraction.
175 #if defined(COMPAT_43)
176 #define COMPAT_OLDSOCK
182 struct socket_args /* {
190 int fd, error, type, oflag, fflag;
192 AUDIT_ARG_SOCKET(uap->domain, uap->type, uap->protocol);
197 if ((type & SOCK_CLOEXEC) != 0) {
198 type &= ~SOCK_CLOEXEC;
201 if ((type & SOCK_NONBLOCK) != 0) {
202 type &= ~SOCK_NONBLOCK;
207 error = mac_socket_check_create(td->td_ucred, uap->domain, type,
212 error = falloc(td, &fp, &fd, oflag);
215 /* An extra reference on `fp' has been held for us by falloc(). */
216 error = socreate(uap->domain, &so, type, uap->protocol,
219 fdclose(td->td_proc->p_fd, fp, fd, td);
221 finit(fp, FREAD | FWRITE | fflag, DTYPE_SOCKET, so, &socketops);
222 if ((fflag & FNONBLOCK) != 0)
223 (void) fo_ioctl(fp, FIONBIO, &fflag, td->td_ucred, td);
224 td->td_retval[0] = fd;
234 struct bind_args /* {
243 error = getsockaddr(&sa, uap->name, uap->namelen);
245 error = kern_bindat(td, AT_FDCWD, uap->s, sa);
252 kern_bindat(struct thread *td, int dirfd, int fd, struct sockaddr *sa)
260 AUDIT_ARG_SOCKADDR(td, dirfd, sa);
261 error = getsock_cap(td->td_proc->p_fd, fd,
262 cap_rights_init(&rights, CAP_BIND), &fp, NULL);
267 if (KTRPOINT(td, KTR_STRUCT))
271 error = mac_socket_check_bind(td->td_ucred, so, sa);
274 if (dirfd == AT_FDCWD)
275 error = sobind(so, sa, td);
277 error = sobindat(dirfd, so, sa, td);
289 struct bindat_args /* {
299 error = getsockaddr(&sa, uap->name, uap->namelen);
301 error = kern_bindat(td, uap->fd, uap->s, sa);
311 struct listen_args /* {
321 AUDIT_ARG_FD(uap->s);
322 error = getsock_cap(td->td_proc->p_fd, uap->s,
323 cap_rights_init(&rights, CAP_LISTEN), &fp, NULL);
327 error = mac_socket_check_listen(td->td_ucred, so);
330 error = solisten(so, uap->backlog, td);
340 accept1(td, s, uname, anamelen, flags)
343 struct sockaddr *uname;
347 struct sockaddr *name;
353 return (kern_accept4(td, s, NULL, NULL, flags, NULL));
355 error = copyin(anamelen, &namelen, sizeof (namelen));
359 error = kern_accept4(td, s, &name, &namelen, flags, &fp);
364 if (error == 0 && uname != NULL) {
365 #ifdef COMPAT_OLDSOCK
366 if (flags & ACCEPT4_COMPAT)
367 ((struct osockaddr *)name)->sa_family =
370 error = copyout(name, uname, namelen);
373 error = copyout(&namelen, anamelen,
376 fdclose(td->td_proc->p_fd, fp, td->td_retval[0], td);
378 free(name, M_SONAME);
383 kern_accept(struct thread *td, int s, struct sockaddr **name,
384 socklen_t *namelen, struct file **fp)
386 return (kern_accept4(td, s, name, namelen, ACCEPT4_INHERIT, fp));
390 kern_accept4(struct thread *td, int s, struct sockaddr **name,
391 socklen_t *namelen, int flags, struct file **fp)
393 struct filedesc *fdp;
394 struct file *headfp, *nfp = NULL;
395 struct sockaddr *sa = NULL;
396 struct socket *head, *so;
406 fdp = td->td_proc->p_fd;
407 error = getsock_cap(fdp, s, cap_rights_init(&rights, CAP_ACCEPT),
411 head = headfp->f_data;
412 if ((head->so_options & SO_ACCEPTCONN) == 0) {
417 error = mac_socket_check_accept(td->td_ucred, head);
421 error = falloc(td, &nfp, &fd, (flags & SOCK_CLOEXEC) ? O_CLOEXEC : 0);
425 if ((head->so_state & SS_NBIO) && TAILQ_EMPTY(&head->so_comp)) {
430 while (TAILQ_EMPTY(&head->so_comp) && head->so_error == 0) {
431 if (head->so_rcv.sb_state & SBS_CANTRCVMORE) {
432 head->so_error = ECONNABORTED;
435 error = msleep(&head->so_timeo, &accept_mtx, PSOCK | PCATCH,
442 if (head->so_error) {
443 error = head->so_error;
448 so = TAILQ_FIRST(&head->so_comp);
449 KASSERT(!(so->so_qstate & SQ_INCOMP), ("accept1: so SQ_INCOMP"));
450 KASSERT(so->so_qstate & SQ_COMP, ("accept1: so not SQ_COMP"));
453 * Before changing the flags on the socket, we have to bump the
454 * reference count. Otherwise, if the protocol calls sofree(),
455 * the socket will be released due to a zero refcount.
457 SOCK_LOCK(so); /* soref() and so_state update */
458 soref(so); /* file descriptor reference */
460 TAILQ_REMOVE(&head->so_comp, so, so_list);
462 if (flags & ACCEPT4_INHERIT)
463 so->so_state |= (head->so_state & SS_NBIO);
465 so->so_state |= (flags & SOCK_NONBLOCK) ? SS_NBIO : 0;
466 so->so_qstate &= ~SQ_COMP;
472 /* An extra reference on `nfp' has been held for us by falloc(). */
473 td->td_retval[0] = fd;
475 /* connection has been removed from the listen queue */
476 KNOTE_UNLOCKED(&head->so_rcv.sb_sel.si_note, 0);
478 if (flags & ACCEPT4_INHERIT) {
479 pgid = fgetown(&head->so_sigio);
481 fsetown(pgid, &so->so_sigio);
483 fflag &= ~(FNONBLOCK | FASYNC);
484 if (flags & SOCK_NONBLOCK)
488 finit(nfp, fflag, DTYPE_SOCKET, so, &socketops);
489 /* Sync socket nonblocking/async state with file flags */
490 tmp = fflag & FNONBLOCK;
491 (void) fo_ioctl(nfp, FIONBIO, &tmp, td->td_ucred, td);
492 tmp = fflag & FASYNC;
493 (void) fo_ioctl(nfp, FIOASYNC, &tmp, td->td_ucred, td);
495 error = soaccept(so, &sa);
503 AUDIT_ARG_SOCKADDR(td, AT_FDCWD, sa);
505 /* check sa_len before it is destroyed */
506 if (*namelen > sa->sa_len)
507 *namelen = sa->sa_len;
509 if (KTRPOINT(td, KTR_STRUCT))
519 * close the new descriptor, assuming someone hasn't ripped it
523 fdclose(fdp, nfp, fd, td);
526 * Release explicitly held references before returning. We return
527 * a reference on nfp to the caller on success if they request it.
546 struct accept_args *uap;
549 return (accept1(td, uap->s, uap->name, uap->anamelen, ACCEPT4_INHERIT));
555 struct accept4_args *uap;
558 if (uap->flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
561 return (accept1(td, uap->s, uap->name, uap->anamelen, uap->flags));
564 #ifdef COMPAT_OLDSOCK
568 struct accept_args *uap;
571 return (accept1(td, uap->s, uap->name, uap->anamelen,
572 ACCEPT4_INHERIT | ACCEPT4_COMPAT));
574 #endif /* COMPAT_OLDSOCK */
580 struct connect_args /* {
589 error = getsockaddr(&sa, uap->name, uap->namelen);
591 error = kern_connectat(td, AT_FDCWD, uap->s, sa);
598 kern_connectat(struct thread *td, int dirfd, int fd, struct sockaddr *sa)
603 int error, interrupted = 0;
606 AUDIT_ARG_SOCKADDR(td, dirfd, sa);
607 error = getsock_cap(td->td_proc->p_fd, fd,
608 cap_rights_init(&rights, CAP_CONNECT), &fp, NULL);
612 if (so->so_state & SS_ISCONNECTING) {
617 if (KTRPOINT(td, KTR_STRUCT))
621 error = mac_socket_check_connect(td->td_ucred, so, sa);
625 if (dirfd == AT_FDCWD)
626 error = soconnect(so, sa, td);
628 error = soconnectat(dirfd, so, sa, td);
631 if ((so->so_state & SS_NBIO) && (so->so_state & SS_ISCONNECTING)) {
636 while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
637 error = msleep(&so->so_timeo, SOCK_MTX(so), PSOCK | PCATCH,
640 if (error == EINTR || error == ERESTART)
646 error = so->so_error;
652 so->so_state &= ~SS_ISCONNECTING;
653 if (error == ERESTART)
662 sys_connectat(td, uap)
664 struct connectat_args /* {
674 error = getsockaddr(&sa, uap->name, uap->namelen);
676 error = kern_connectat(td, uap->fd, uap->s, sa);
683 kern_socketpair(struct thread *td, int domain, int type, int protocol,
686 struct filedesc *fdp = td->td_proc->p_fd;
687 struct file *fp1, *fp2;
688 struct socket *so1, *so2;
689 int fd, error, oflag, fflag;
691 AUDIT_ARG_SOCKET(domain, type, protocol);
695 if ((type & SOCK_CLOEXEC) != 0) {
696 type &= ~SOCK_CLOEXEC;
699 if ((type & SOCK_NONBLOCK) != 0) {
700 type &= ~SOCK_NONBLOCK;
704 /* We might want to have a separate check for socket pairs. */
705 error = mac_socket_check_create(td->td_ucred, domain, type,
710 error = socreate(domain, &so1, type, protocol, td->td_ucred, td);
713 error = socreate(domain, &so2, type, protocol, td->td_ucred, td);
716 /* On success extra reference to `fp1' and 'fp2' is set by falloc. */
717 error = falloc(td, &fp1, &fd, oflag);
721 fp1->f_data = so1; /* so1 already has ref count */
722 error = falloc(td, &fp2, &fd, oflag);
725 fp2->f_data = so2; /* so2 already has ref count */
727 error = soconnect2(so1, so2);
730 if (type == SOCK_DGRAM) {
732 * Datagram socket connection is asymmetric.
734 error = soconnect2(so2, so1);
738 finit(fp1, FREAD | FWRITE | fflag, DTYPE_SOCKET, fp1->f_data,
740 finit(fp2, FREAD | FWRITE | fflag, DTYPE_SOCKET, fp2->f_data,
742 if ((fflag & FNONBLOCK) != 0) {
743 (void) fo_ioctl(fp1, FIONBIO, &fflag, td->td_ucred, td);
744 (void) fo_ioctl(fp2, FIONBIO, &fflag, td->td_ucred, td);
750 fdclose(fdp, fp2, rsv[1], td);
753 fdclose(fdp, fp1, rsv[0], td);
765 sys_socketpair(struct thread *td, struct socketpair_args *uap)
769 error = kern_socketpair(td, uap->domain, uap->type,
773 error = copyout(sv, uap->rsv, 2 * sizeof(int));
775 (void)kern_close(td, sv[0]);
776 (void)kern_close(td, sv[1]);
782 sendit(td, s, mp, flags)
788 struct mbuf *control;
792 #ifdef CAPABILITY_MODE
793 if (IN_CAPABILITY_MODE(td) && (mp->msg_name != NULL))
797 if (mp->msg_name != NULL) {
798 error = getsockaddr(&to, mp->msg_name, mp->msg_namelen);
808 if (mp->msg_control) {
809 if (mp->msg_controllen < sizeof(struct cmsghdr)
810 #ifdef COMPAT_OLDSOCK
811 && mp->msg_flags != MSG_COMPAT
817 error = sockargs(&control, mp->msg_control,
818 mp->msg_controllen, MT_CONTROL);
821 #ifdef COMPAT_OLDSOCK
822 if (mp->msg_flags == MSG_COMPAT) {
825 M_PREPEND(control, sizeof(*cm), M_WAITOK);
826 cm = mtod(control, struct cmsghdr *);
827 cm->cmsg_len = control->m_len;
828 cm->cmsg_level = SOL_SOCKET;
829 cm->cmsg_type = SCM_RIGHTS;
836 error = kern_sendit(td, s, mp, flags, control, UIO_USERSPACE);
844 kern_sendit(td, s, mp, flags, control, segflg)
849 struct mbuf *control;
858 struct uio *ktruio = NULL;
864 cap_rights_init(&rights, CAP_SEND);
865 if (mp->msg_name != NULL) {
866 AUDIT_ARG_SOCKADDR(td, AT_FDCWD, mp->msg_name);
867 cap_rights_set(&rights, CAP_CONNECT);
869 error = getsock_cap(td->td_proc->p_fd, s, &rights, &fp, NULL);
872 so = (struct socket *)fp->f_data;
875 if (mp->msg_name != NULL && KTRPOINT(td, KTR_STRUCT))
876 ktrsockaddr(mp->msg_name);
879 if (mp->msg_name != NULL) {
880 error = mac_socket_check_connect(td->td_ucred, so,
885 error = mac_socket_check_send(td->td_ucred, so);
890 auio.uio_iov = mp->msg_iov;
891 auio.uio_iovcnt = mp->msg_iovlen;
892 auio.uio_segflg = segflg;
893 auio.uio_rw = UIO_WRITE;
895 auio.uio_offset = 0; /* XXX */
898 for (i = 0; i < mp->msg_iovlen; i++, iov++) {
899 if ((auio.uio_resid += iov->iov_len) < 0) {
905 if (KTRPOINT(td, KTR_GENIO))
906 ktruio = cloneuio(&auio);
908 len = auio.uio_resid;
909 error = sosend(so, mp->msg_name, &auio, 0, control, flags, td);
911 if (auio.uio_resid != len && (error == ERESTART ||
912 error == EINTR || error == EWOULDBLOCK))
914 /* Generation of SIGPIPE can be controlled per socket */
915 if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) &&
916 !(flags & MSG_NOSIGNAL)) {
917 PROC_LOCK(td->td_proc);
918 tdsignal(td, SIGPIPE);
919 PROC_UNLOCK(td->td_proc);
923 td->td_retval[0] = len - auio.uio_resid;
925 if (ktruio != NULL) {
926 ktruio->uio_resid = td->td_retval[0];
927 ktrgenio(s, UIO_WRITE, ktruio, error);
938 struct sendto_args /* {
950 msg.msg_name = uap->to;
951 msg.msg_namelen = uap->tolen;
955 #ifdef COMPAT_OLDSOCK
958 aiov.iov_base = uap->buf;
959 aiov.iov_len = uap->len;
960 return (sendit(td, uap->s, &msg, uap->flags));
963 #ifdef COMPAT_OLDSOCK
967 struct osend_args /* {
981 aiov.iov_base = uap->buf;
982 aiov.iov_len = uap->len;
985 return (sendit(td, uap->s, &msg, uap->flags));
991 struct osendmsg_args /* {
1001 error = copyin(uap->msg, &msg, sizeof (struct omsghdr));
1004 error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1008 msg.msg_flags = MSG_COMPAT;
1009 error = sendit(td, uap->s, &msg, uap->flags);
1016 sys_sendmsg(td, uap)
1018 struct sendmsg_args /* {
1028 error = copyin(uap->msg, &msg, sizeof (msg));
1031 error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1035 #ifdef COMPAT_OLDSOCK
1038 error = sendit(td, uap->s, &msg, uap->flags);
1044 kern_recvit(td, s, mp, fromseg, controlp)
1048 enum uio_seg fromseg;
1049 struct mbuf **controlp;
1053 struct mbuf *m, *control = NULL;
1057 struct sockaddr *fromsa = NULL;
1058 cap_rights_t rights;
1060 struct uio *ktruio = NULL;
1065 if (controlp != NULL)
1069 error = getsock_cap(td->td_proc->p_fd, s,
1070 cap_rights_init(&rights, CAP_RECV), &fp, NULL);
1076 error = mac_socket_check_receive(td->td_ucred, so);
1083 auio.uio_iov = mp->msg_iov;
1084 auio.uio_iovcnt = mp->msg_iovlen;
1085 auio.uio_segflg = UIO_USERSPACE;
1086 auio.uio_rw = UIO_READ;
1088 auio.uio_offset = 0; /* XXX */
1091 for (i = 0; i < mp->msg_iovlen; i++, iov++) {
1092 if ((auio.uio_resid += iov->iov_len) < 0) {
1098 if (KTRPOINT(td, KTR_GENIO))
1099 ktruio = cloneuio(&auio);
1101 len = auio.uio_resid;
1102 error = soreceive(so, &fromsa, &auio, NULL,
1103 (mp->msg_control || controlp) ? &control : NULL,
1106 if (auio.uio_resid != len && (error == ERESTART ||
1107 error == EINTR || error == EWOULDBLOCK))
1111 AUDIT_ARG_SOCKADDR(td, AT_FDCWD, fromsa);
1113 if (ktruio != NULL) {
1114 ktruio->uio_resid = len - auio.uio_resid;
1115 ktrgenio(s, UIO_READ, ktruio, error);
1120 td->td_retval[0] = len - auio.uio_resid;
1122 len = mp->msg_namelen;
1123 if (len <= 0 || fromsa == NULL)
1126 /* save sa_len before it is destroyed by MSG_COMPAT */
1127 len = MIN(len, fromsa->sa_len);
1128 #ifdef COMPAT_OLDSOCK
1129 if (mp->msg_flags & MSG_COMPAT)
1130 ((struct osockaddr *)fromsa)->sa_family =
1133 if (fromseg == UIO_USERSPACE) {
1134 error = copyout(fromsa, mp->msg_name,
1139 bcopy(fromsa, mp->msg_name, len);
1141 mp->msg_namelen = len;
1143 if (mp->msg_control && controlp == NULL) {
1144 #ifdef COMPAT_OLDSOCK
1146 * We assume that old recvmsg calls won't receive access
1147 * rights and other control info, esp. as control info
1148 * is always optional and those options didn't exist in 4.3.
1149 * If we receive rights, trim the cmsghdr; anything else
1152 if (control && mp->msg_flags & MSG_COMPAT) {
1153 if (mtod(control, struct cmsghdr *)->cmsg_level !=
1155 mtod(control, struct cmsghdr *)->cmsg_type !=
1157 mp->msg_controllen = 0;
1160 control->m_len -= sizeof (struct cmsghdr);
1161 control->m_data += sizeof (struct cmsghdr);
1164 len = mp->msg_controllen;
1166 mp->msg_controllen = 0;
1167 ctlbuf = mp->msg_control;
1169 while (m && len > 0) {
1170 unsigned int tocopy;
1172 if (len >= m->m_len)
1175 mp->msg_flags |= MSG_CTRUNC;
1179 if ((error = copyout(mtod(m, caddr_t),
1180 ctlbuf, tocopy)) != 0)
1187 mp->msg_controllen = ctlbuf - (caddr_t)mp->msg_control;
1192 if (fromsa && KTRPOINT(td, KTR_STRUCT))
1193 ktrsockaddr(fromsa);
1195 free(fromsa, M_SONAME);
1197 if (error == 0 && controlp != NULL)
1198 *controlp = control;
1206 recvit(td, s, mp, namelenp)
1214 error = kern_recvit(td, s, mp, UIO_USERSPACE, NULL);
1217 if (namelenp != NULL) {
1218 error = copyout(&mp->msg_namelen, namelenp, sizeof (socklen_t));
1219 #ifdef COMPAT_OLDSOCK
1220 if (mp->msg_flags & MSG_COMPAT)
1221 error = 0; /* old recvfrom didn't check */
1228 sys_recvfrom(td, uap)
1230 struct recvfrom_args /* {
1235 struct sockaddr * __restrict from;
1236 socklen_t * __restrict fromlenaddr;
1243 if (uap->fromlenaddr) {
1244 error = copyin(uap->fromlenaddr,
1245 &msg.msg_namelen, sizeof (msg.msg_namelen));
1249 msg.msg_namelen = 0;
1251 msg.msg_name = uap->from;
1252 msg.msg_iov = &aiov;
1254 aiov.iov_base = uap->buf;
1255 aiov.iov_len = uap->len;
1256 msg.msg_control = 0;
1257 msg.msg_flags = uap->flags;
1258 error = recvit(td, uap->s, &msg, uap->fromlenaddr);
1263 #ifdef COMPAT_OLDSOCK
1267 struct recvfrom_args *uap;
1270 uap->flags |= MSG_COMPAT;
1271 return (sys_recvfrom(td, uap));
1275 #ifdef COMPAT_OLDSOCK
1279 struct orecv_args /* {
1290 msg.msg_namelen = 0;
1291 msg.msg_iov = &aiov;
1293 aiov.iov_base = uap->buf;
1294 aiov.iov_len = uap->len;
1295 msg.msg_control = 0;
1296 msg.msg_flags = uap->flags;
1297 return (recvit(td, uap->s, &msg, NULL));
1301 * Old recvmsg. This code takes advantage of the fact that the old msghdr
1302 * overlays the new one, missing only the flags, and with the (old) access
1303 * rights where the control fields are now.
1308 struct orecvmsg_args /* {
1310 struct omsghdr *msg;
1318 error = copyin(uap->msg, &msg, sizeof (struct omsghdr));
1321 error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1324 msg.msg_flags = uap->flags | MSG_COMPAT;
1326 error = recvit(td, uap->s, &msg, &uap->msg->msg_namelen);
1327 if (msg.msg_controllen && error == 0)
1328 error = copyout(&msg.msg_controllen,
1329 &uap->msg->msg_accrightslen, sizeof (int));
1336 sys_recvmsg(td, uap)
1338 struct recvmsg_args /* {
1345 struct iovec *uiov, *iov;
1348 error = copyin(uap->msg, &msg, sizeof (msg));
1351 error = copyiniov(msg.msg_iov, msg.msg_iovlen, &iov, EMSGSIZE);
1354 msg.msg_flags = uap->flags;
1355 #ifdef COMPAT_OLDSOCK
1356 msg.msg_flags &= ~MSG_COMPAT;
1360 error = recvit(td, uap->s, &msg, NULL);
1363 error = copyout(&msg, uap->msg, sizeof(msg));
1371 sys_shutdown(td, uap)
1373 struct shutdown_args /* {
1380 cap_rights_t rights;
1383 AUDIT_ARG_FD(uap->s);
1384 error = getsock_cap(td->td_proc->p_fd, uap->s,
1385 cap_rights_init(&rights, CAP_SHUTDOWN), &fp, NULL);
1388 error = soshutdown(so, uap->how);
1396 sys_setsockopt(td, uap)
1398 struct setsockopt_args /* {
1407 return (kern_setsockopt(td, uap->s, uap->level, uap->name,
1408 uap->val, UIO_USERSPACE, uap->valsize));
1412 kern_setsockopt(td, s, level, name, val, valseg, valsize)
1418 enum uio_seg valseg;
1423 struct sockopt sopt;
1424 cap_rights_t rights;
1427 if (val == NULL && valsize != 0)
1429 if ((int)valsize < 0)
1432 sopt.sopt_dir = SOPT_SET;
1433 sopt.sopt_level = level;
1434 sopt.sopt_name = name;
1435 sopt.sopt_val = val;
1436 sopt.sopt_valsize = valsize;
1442 sopt.sopt_td = NULL;
1445 panic("kern_setsockopt called with bad valseg");
1449 error = getsock_cap(td->td_proc->p_fd, s,
1450 cap_rights_init(&rights, CAP_SETSOCKOPT), &fp, NULL);
1453 error = sosetopt(so, &sopt);
1461 sys_getsockopt(td, uap)
1463 struct getsockopt_args /* {
1467 void * __restrict val;
1468 socklen_t * __restrict avalsize;
1475 error = copyin(uap->avalsize, &valsize, sizeof (valsize));
1480 error = kern_getsockopt(td, uap->s, uap->level, uap->name,
1481 uap->val, UIO_USERSPACE, &valsize);
1484 error = copyout(&valsize, uap->avalsize, sizeof (valsize));
1489 * Kernel version of getsockopt.
1490 * optval can be a userland or userspace. optlen is always a kernel pointer.
1493 kern_getsockopt(td, s, level, name, val, valseg, valsize)
1499 enum uio_seg valseg;
1504 struct sockopt sopt;
1505 cap_rights_t rights;
1510 if ((int)*valsize < 0)
1513 sopt.sopt_dir = SOPT_GET;
1514 sopt.sopt_level = level;
1515 sopt.sopt_name = name;
1516 sopt.sopt_val = val;
1517 sopt.sopt_valsize = (size_t)*valsize; /* checked non-negative above */
1523 sopt.sopt_td = NULL;
1526 panic("kern_getsockopt called with bad valseg");
1530 error = getsock_cap(td->td_proc->p_fd, s,
1531 cap_rights_init(&rights, CAP_GETSOCKOPT), &fp, NULL);
1534 error = sogetopt(so, &sopt);
1535 *valsize = sopt.sopt_valsize;
1542 * getsockname1() - Get socket name.
1546 getsockname1(td, uap, compat)
1548 struct getsockname_args /* {
1550 struct sockaddr * __restrict asa;
1551 socklen_t * __restrict alen;
1555 struct sockaddr *sa;
1559 error = copyin(uap->alen, &len, sizeof(len));
1563 error = kern_getsockname(td, uap->fdes, &sa, &len);
1568 #ifdef COMPAT_OLDSOCK
1570 ((struct osockaddr *)sa)->sa_family = sa->sa_family;
1572 error = copyout(sa, uap->asa, (u_int)len);
1576 error = copyout(&len, uap->alen, sizeof(len));
1581 kern_getsockname(struct thread *td, int fd, struct sockaddr **sa,
1586 cap_rights_t rights;
1591 error = getsock_cap(td->td_proc->p_fd, fd,
1592 cap_rights_init(&rights, CAP_GETSOCKNAME), &fp, NULL);
1597 CURVNET_SET(so->so_vnet);
1598 error = (*so->so_proto->pr_usrreqs->pru_sockaddr)(so, sa);
1605 len = MIN(*alen, (*sa)->sa_len);
1608 if (KTRPOINT(td, KTR_STRUCT))
1613 if (error != 0 && *sa != NULL) {
1614 free(*sa, M_SONAME);
1621 sys_getsockname(td, uap)
1623 struct getsockname_args *uap;
1626 return (getsockname1(td, uap, 0));
1629 #ifdef COMPAT_OLDSOCK
1631 ogetsockname(td, uap)
1633 struct getsockname_args *uap;
1636 return (getsockname1(td, uap, 1));
1638 #endif /* COMPAT_OLDSOCK */
1641 * getpeername1() - Get name of peer for connected socket.
1645 getpeername1(td, uap, compat)
1647 struct getpeername_args /* {
1649 struct sockaddr * __restrict asa;
1650 socklen_t * __restrict alen;
1654 struct sockaddr *sa;
1658 error = copyin(uap->alen, &len, sizeof (len));
1662 error = kern_getpeername(td, uap->fdes, &sa, &len);
1667 #ifdef COMPAT_OLDSOCK
1669 ((struct osockaddr *)sa)->sa_family = sa->sa_family;
1671 error = copyout(sa, uap->asa, (u_int)len);
1675 error = copyout(&len, uap->alen, sizeof(len));
1680 kern_getpeername(struct thread *td, int fd, struct sockaddr **sa,
1685 cap_rights_t rights;
1690 error = getsock_cap(td->td_proc->p_fd, fd,
1691 cap_rights_init(&rights, CAP_GETPEERNAME), &fp, NULL);
1695 if ((so->so_state & (SS_ISCONNECTED|SS_ISCONFIRMING)) == 0) {
1700 CURVNET_SET(so->so_vnet);
1701 error = (*so->so_proto->pr_usrreqs->pru_peeraddr)(so, sa);
1708 len = MIN(*alen, (*sa)->sa_len);
1711 if (KTRPOINT(td, KTR_STRUCT))
1715 if (error != 0 && *sa != NULL) {
1716 free(*sa, M_SONAME);
1725 sys_getpeername(td, uap)
1727 struct getpeername_args *uap;
1730 return (getpeername1(td, uap, 0));
1733 #ifdef COMPAT_OLDSOCK
1735 ogetpeername(td, uap)
1737 struct ogetpeername_args *uap;
1740 /* XXX uap should have type `getpeername_args *' to begin with. */
1741 return (getpeername1(td, (struct getpeername_args *)uap, 1));
1743 #endif /* COMPAT_OLDSOCK */
1746 sockargs(mp, buf, buflen, type)
1751 struct sockaddr *sa;
1755 if (buflen > MLEN) {
1756 #ifdef COMPAT_OLDSOCK
1757 if (type == MT_SONAME && buflen <= 112)
1758 buflen = MLEN; /* unix domain compat. hack */
1761 if (buflen > MCLBYTES)
1764 m = m_get2(buflen, M_WAITOK, type, 0);
1766 error = copyin(buf, mtod(m, caddr_t), (u_int)buflen);
1771 if (type == MT_SONAME) {
1772 sa = mtod(m, struct sockaddr *);
1774 #if defined(COMPAT_OLDSOCK) && BYTE_ORDER != BIG_ENDIAN
1775 if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1776 sa->sa_family = sa->sa_len;
1778 sa->sa_len = buflen;
1785 getsockaddr(namp, uaddr, len)
1786 struct sockaddr **namp;
1790 struct sockaddr *sa;
1793 if (len > SOCK_MAXADDRLEN)
1794 return (ENAMETOOLONG);
1795 if (len < offsetof(struct sockaddr, sa_data[0]))
1797 sa = malloc(len, M_SONAME, M_WAITOK);
1798 error = copyin(uaddr, sa, len);
1802 #if defined(COMPAT_OLDSOCK) && BYTE_ORDER != BIG_ENDIAN
1803 if (sa->sa_family == 0 && sa->sa_len < AF_MAX)
1804 sa->sa_family = sa->sa_len;
1812 struct sendfile_sync {
1819 * Add more references to a vm_page + sf_buf + sendfile_sync.
1822 sf_ext_ref(void *arg1, void *arg2)
1824 struct sf_buf *sf = arg1;
1825 struct sendfile_sync *sfs = arg2;
1826 vm_page_t pg = sf_buf_page(sf);
1835 mtx_lock(&sfs->mtx);
1836 KASSERT(sfs->count > 0, ("Sendfile sync botchup count == 0"));
1838 mtx_unlock(&sfs->mtx);
1843 * Detach mapped page and release resources back to the system.
1846 sf_ext_free(void *arg1, void *arg2)
1848 struct sf_buf *sf = arg1;
1849 struct sendfile_sync *sfs = arg2;
1850 vm_page_t pg = sf_buf_page(sf);
1855 vm_page_unwire(pg, PQ_INACTIVE);
1857 * Check for the object going away on us. This can
1858 * happen since we don't hold a reference to it.
1859 * If so, we're responsible for freeing the page.
1861 if (pg->wire_count == 0 && pg->object == NULL)
1866 mtx_lock(&sfs->mtx);
1867 KASSERT(sfs->count > 0, ("Sendfile sync botchup count == 0"));
1868 if (--sfs->count == 0)
1869 cv_signal(&sfs->cv);
1870 mtx_unlock(&sfs->mtx);
1877 * int sendfile(int fd, int s, off_t offset, size_t nbytes,
1878 * struct sf_hdtr *hdtr, off_t *sbytes, int flags)
1880 * Send a file specified by 'fd' and starting at 'offset' to a socket
1881 * specified by 's'. Send only 'nbytes' of the file or until EOF if nbytes ==
1882 * 0. Optionally add a header and/or trailer to the socket output. If
1883 * specified, write the total number of bytes sent into *sbytes.
1886 sys_sendfile(struct thread *td, struct sendfile_args *uap)
1889 return (do_sendfile(td, uap, 0));
1893 do_sendfile(struct thread *td, struct sendfile_args *uap, int compat)
1895 struct sf_hdtr hdtr;
1896 struct uio *hdr_uio, *trl_uio;
1898 cap_rights_t rights;
1903 * File offset must be positive. If it goes beyond EOF
1904 * we send only the header/trailer and no payload data.
1906 if (uap->offset < 0)
1909 hdr_uio = trl_uio = NULL;
1911 if (uap->hdtr != NULL) {
1912 error = copyin(uap->hdtr, &hdtr, sizeof(hdtr));
1915 if (hdtr.headers != NULL) {
1916 error = copyinuio(hdtr.headers, hdtr.hdr_cnt,
1921 if (hdtr.trailers != NULL) {
1922 error = copyinuio(hdtr.trailers, hdtr.trl_cnt,
1929 AUDIT_ARG_FD(uap->fd);
1932 * sendfile(2) can start at any offset within a file so we require
1933 * CAP_READ+CAP_SEEK = CAP_PREAD.
1935 if ((error = fget_read(td, uap->fd,
1936 cap_rights_init(&rights, CAP_PREAD), &fp)) != 0) {
1940 error = fo_sendfile(fp, uap->s, hdr_uio, trl_uio, uap->offset,
1941 uap->nbytes, &sbytes, uap->flags, compat ? SFK_COMPAT : 0, td);
1944 if (uap->sbytes != NULL)
1945 copyout(&sbytes, uap->sbytes, sizeof(off_t));
1948 free(hdr_uio, M_IOV);
1949 free(trl_uio, M_IOV);
1953 #ifdef COMPAT_FREEBSD4
1955 freebsd4_sendfile(struct thread *td, struct freebsd4_sendfile_args *uap)
1957 struct sendfile_args args;
1961 args.offset = uap->offset;
1962 args.nbytes = uap->nbytes;
1963 args.hdtr = uap->hdtr;
1964 args.sbytes = uap->sbytes;
1965 args.flags = uap->flags;
1967 return (do_sendfile(td, &args, 1));
1969 #endif /* COMPAT_FREEBSD4 */
1972 sendfile_readpage(vm_object_t obj, struct vnode *vp, int nd,
1973 off_t off, int xfsize, int bsize, struct thread *td, vm_page_t *res)
1978 int error, readahead, rv;
1980 pindex = OFF_TO_IDX(off);
1981 VM_OBJECT_WLOCK(obj);
1982 m = vm_page_grab(obj, pindex, (vp != NULL ? VM_ALLOC_NOBUSY |
1983 VM_ALLOC_IGN_SBUSY : 0) | VM_ALLOC_WIRED | VM_ALLOC_NORMAL);
1986 * Check if page is valid for what we need, otherwise initiate I/O.
1988 * The non-zero nd argument prevents disk I/O, instead we
1989 * return the caller what he specified in nd. In particular,
1990 * if we already turned some pages into mbufs, nd == EAGAIN
1991 * and the main function send them the pages before we come
1992 * here again and block.
1994 if (m->valid != 0 && vm_page_is_valid(m, off & PAGE_MASK, xfsize)) {
1997 VM_OBJECT_WUNLOCK(obj);
2000 } else if (nd != 0) {
2008 * Get the page from backing store.
2012 VM_OBJECT_WUNLOCK(obj);
2013 readahead = sfreadahead * MAXBSIZE;
2016 * Use vn_rdwr() instead of the pager interface for
2017 * the vnode, to allow the read-ahead.
2019 * XXXMAC: Because we don't have fp->f_cred here, we
2020 * pass in NOCRED. This is probably wrong, but is
2021 * consistent with our original implementation.
2023 error = vn_rdwr(UIO_READ, vp, NULL, readahead, trunc_page(off),
2024 UIO_NOCOPY, IO_NODELOCKED | IO_VMIO | ((readahead /
2025 bsize) << IO_SEQSHIFT), td->td_ucred, NOCRED, &resid, td);
2026 SFSTAT_INC(sf_iocnt);
2027 VM_OBJECT_WLOCK(obj);
2029 if (vm_pager_has_page(obj, pindex, NULL, NULL)) {
2030 rv = vm_pager_get_pages(obj, &m, 1, 0);
2031 SFSTAT_INC(sf_iocnt);
2032 m = vm_page_lookup(obj, pindex);
2035 else if (rv != VM_PAGER_OK) {
2044 m->valid = VM_PAGE_BITS_ALL;
2052 } else if (m != NULL) {
2055 vm_page_unwire(m, PQ_INACTIVE);
2058 * See if anyone else might know about this page. If
2059 * not and it is not valid, then free it.
2061 if (m->wire_count == 0 && m->valid == 0 && !vm_page_busied(m))
2065 KASSERT(error != 0 || (m->wire_count > 0 &&
2066 vm_page_is_valid(m, off & PAGE_MASK, xfsize)),
2067 ("wrong page state m %p off %#jx xfsize %d", m, (uintmax_t)off,
2069 VM_OBJECT_WUNLOCK(obj);
2074 sendfile_getobj(struct thread *td, struct file *fp, vm_object_t *obj_res,
2075 struct vnode **vp_res, struct shmfd **shmfd_res, off_t *obj_size,
2081 struct shmfd *shmfd;
2084 vp = *vp_res = NULL;
2086 shmfd = *shmfd_res = NULL;
2090 * The file descriptor must be a regular file and have a
2091 * backing VM object.
2093 if (fp->f_type == DTYPE_VNODE) {
2095 vn_lock(vp, LK_SHARED | LK_RETRY);
2096 if (vp->v_type != VREG) {
2100 *bsize = vp->v_mount->mnt_stat.f_iosize;
2101 error = VOP_GETATTR(vp, &va, td->td_ucred);
2104 *obj_size = va.va_size;
2110 } else if (fp->f_type == DTYPE_SHM) {
2112 obj = shmfd->shm_object;
2113 *obj_size = shmfd->shm_size;
2119 VM_OBJECT_WLOCK(obj);
2120 if ((obj->flags & OBJ_DEAD) != 0) {
2121 VM_OBJECT_WUNLOCK(obj);
2127 * Temporarily increase the backing VM object's reference
2128 * count so that a forced reclamation of its vnode does not
2129 * immediately destroy it.
2131 vm_object_reference_locked(obj);
2132 VM_OBJECT_WUNLOCK(obj);
2144 kern_sendfile_getsock(struct thread *td, int s, struct file **sock_fp,
2147 cap_rights_t rights;
2154 * The socket must be a stream socket and connected.
2156 error = getsock_cap(td->td_proc->p_fd, s, cap_rights_init(&rights,
2157 CAP_SEND), sock_fp, NULL);
2160 *so = (*sock_fp)->f_data;
2161 if ((*so)->so_type != SOCK_STREAM)
2163 if (((*so)->so_state & SS_ISCONNECTED) == 0)
2169 vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
2170 struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
2171 int kflags, struct thread *td)
2173 struct file *sock_fp;
2175 struct vm_object *obj;
2180 struct shmfd *shmfd;
2181 struct sendfile_sync *sfs;
2183 off_t off, xfsize, fsbytes, sbytes, rem, obj_size;
2184 int error, bsize, nd, hdrlen, mnw;
2191 fsbytes = sbytes = 0;
2196 error = sendfile_getobj(td, fp, &obj, &vp, &shmfd, &obj_size, &bsize);
2202 error = kern_sendfile_getsock(td, sockfd, &sock_fp, &so);
2207 * Do not wait on memory allocations but return ENOMEM for
2208 * caller to retry later.
2209 * XXX: Experimental.
2211 if (flags & SF_MNOWAIT)
2214 if (flags & SF_SYNC) {
2215 sfs = malloc(sizeof *sfs, M_TEMP, M_WAITOK | M_ZERO);
2216 mtx_init(&sfs->mtx, "sendfile", NULL, MTX_DEF);
2217 cv_init(&sfs->cv, "sendfile");
2221 error = mac_socket_check_send(td->td_ucred, so);
2226 /* If headers are specified copy them into mbufs. */
2227 if (hdr_uio != NULL) {
2228 hdr_uio->uio_td = td;
2229 hdr_uio->uio_rw = UIO_WRITE;
2230 if (hdr_uio->uio_resid > 0) {
2232 * In FBSD < 5.0 the nbytes to send also included
2233 * the header. If compat is specified subtract the
2234 * header size from nbytes.
2236 if (kflags & SFK_COMPAT) {
2237 if (nbytes > hdr_uio->uio_resid)
2238 nbytes -= hdr_uio->uio_resid;
2242 m = m_uiotombuf(hdr_uio, (mnw ? M_NOWAIT : M_WAITOK),
2245 error = mnw ? EAGAIN : ENOBUFS;
2248 hdrlen = m_length(m, NULL);
2253 * Protect against multiple writers to the socket.
2255 * XXXRW: Historically this has assumed non-interruptibility, so now
2256 * we implement that, but possibly shouldn't.
2258 (void)sblock(&so->so_snd, SBL_WAIT | SBL_NOINTR);
2261 * Loop through the pages of the file, starting with the requested
2262 * offset. Get a file page (do I/O if necessary), map the file page
2263 * into an sf_buf, attach an mbuf header to the sf_buf, and queue
2265 * This is done in two loops. The inner loop turns as many pages
2266 * as it can, up to available socket buffer space, without blocking
2267 * into mbufs to have it bulk delivered into the socket send buffer.
2268 * The outer loop checks the state and available space of the socket
2269 * and takes care of the overall progress.
2271 for (off = offset; ; ) {
2277 if ((nbytes != 0 && nbytes == fsbytes) ||
2278 (nbytes == 0 && obj_size == fsbytes))
2287 * Check the socket state for ongoing connection,
2288 * no errors and space in socket buffer.
2289 * If space is low allow for the remainder of the
2290 * file to be processed if it fits the socket buffer.
2291 * Otherwise block in waiting for sufficient space
2292 * to proceed, or if the socket is nonblocking, return
2293 * to userland with EAGAIN while reporting how far
2295 * We wait until the socket buffer has significant free
2296 * space to do bulk sends. This makes good use of file
2297 * system read ahead and allows packet segmentation
2298 * offloading hardware to take over lots of work. If
2299 * we were not careful here we would send off only one
2302 SOCKBUF_LOCK(&so->so_snd);
2303 if (so->so_snd.sb_lowat < so->so_snd.sb_hiwat / 2)
2304 so->so_snd.sb_lowat = so->so_snd.sb_hiwat / 2;
2306 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2308 SOCKBUF_UNLOCK(&so->so_snd);
2310 } else if (so->so_error) {
2311 error = so->so_error;
2313 SOCKBUF_UNLOCK(&so->so_snd);
2316 space = sbspace(&so->so_snd);
2319 space < so->so_snd.sb_lowat)) {
2320 if (so->so_state & SS_NBIO) {
2321 SOCKBUF_UNLOCK(&so->so_snd);
2326 * sbwait drops the lock while sleeping.
2327 * When we loop back to retry_space the
2328 * state may have changed and we retest
2331 error = sbwait(&so->so_snd);
2333 * An error from sbwait usually indicates that we've
2334 * been interrupted by a signal. If we've sent anything
2335 * then return bytes sent, otherwise return the error.
2338 SOCKBUF_UNLOCK(&so->so_snd);
2343 SOCKBUF_UNLOCK(&so->so_snd);
2346 * Reduce space in the socket buffer by the size of
2347 * the header mbuf chain.
2348 * hdrlen is set to 0 after the first loop.
2353 error = vn_lock(vp, LK_SHARED);
2356 error = VOP_GETATTR(vp, &va, td->td_ucred);
2357 if (error != 0 || off >= va.va_size) {
2361 obj_size = va.va_size;
2365 * Loop and construct maximum sized mbuf chain to be bulk
2366 * dumped into socket buffer.
2368 while (space > loopbytes) {
2373 * Calculate the amount to transfer.
2374 * Not to exceed a page, the EOF,
2375 * or the passed in nbytes.
2377 pgoff = (vm_offset_t)(off & PAGE_MASK);
2378 rem = obj_size - offset;
2380 rem = omin(rem, nbytes);
2381 rem -= fsbytes + loopbytes;
2382 xfsize = omin(PAGE_SIZE - pgoff, rem);
2383 xfsize = omin(space - loopbytes, xfsize);
2385 done = 1; /* all data sent */
2390 * Attempt to look up the page. Allocate
2391 * if not found or wait and loop if busy.
2394 nd = EAGAIN; /* send what we already got */
2395 else if ((flags & SF_NODISKIO) != 0)
2399 error = sendfile_readpage(obj, vp, nd, off,
2400 xfsize, bsize, td, &pg);
2402 if (error == EAGAIN)
2403 error = 0; /* not a real error */
2408 * Get a sendfile buf. When allocating the
2409 * first buffer for mbuf chain, we usually
2410 * wait as long as necessary, but this wait
2411 * can be interrupted. For consequent
2412 * buffers, do not sleep, since several
2413 * threads might exhaust the buffers and then
2416 sf = sf_buf_alloc(pg, (mnw || m != NULL) ? SFB_NOWAIT :
2419 SFSTAT_INC(sf_allocfail);
2421 vm_page_unwire(pg, PQ_INACTIVE);
2422 KASSERT(pg->object != NULL,
2423 ("%s: object disappeared", __func__));
2426 error = (mnw ? EAGAIN : EINTR);
2431 * Get an mbuf and set it up as having
2434 m0 = m_get((mnw ? M_NOWAIT : M_WAITOK), MT_DATA);
2436 error = (mnw ? EAGAIN : ENOBUFS);
2437 sf_ext_free(sf, NULL);
2441 * Attach EXT_SFBUF external storage.
2443 m0->m_ext.ext_buf = (caddr_t )sf_buf_kva(sf);
2444 m0->m_ext.ext_size = PAGE_SIZE;
2445 m0->m_ext.ext_arg1 = sf;
2446 m0->m_ext.ext_arg2 = sfs;
2447 m0->m_ext.ext_type = EXT_SFBUF;
2448 m0->m_ext.ext_flags = 0;
2449 m0->m_flags |= (M_EXT|M_RDONLY);
2450 m0->m_data = (char *)sf_buf_kva(sf) + pgoff;
2453 /* Append to mbuf chain. */
2457 m_last(m)->m_next = m0;
2462 /* Keep track of bits processed. */
2463 loopbytes += xfsize;
2467 mtx_lock(&sfs->mtx);
2469 mtx_unlock(&sfs->mtx);
2476 /* Add the buffer chain to the socket buffer. */
2480 mlen = m_length(m, NULL);
2481 SOCKBUF_LOCK(&so->so_snd);
2482 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2484 SOCKBUF_UNLOCK(&so->so_snd);
2487 SOCKBUF_UNLOCK(&so->so_snd);
2488 CURVNET_SET(so->so_vnet);
2489 /* Avoid error aliasing. */
2490 err = (*so->so_proto->pr_usrreqs->pru_send)
2491 (so, 0, m, NULL, NULL, td);
2495 * We need two counters to get the
2496 * file offset and nbytes to send
2498 * - sbytes contains the total amount
2499 * of bytes sent, including headers.
2500 * - fsbytes contains the total amount
2501 * of bytes sent from the file.
2509 } else if (error == 0)
2511 m = NULL; /* pru_send always consumes */
2514 /* Quit outer loop on error or when we're done. */
2522 * Send trailers. Wimp out and use writev(2).
2524 if (trl_uio != NULL) {
2525 sbunlock(&so->so_snd);
2526 error = kern_writev(td, sockfd, trl_uio);
2528 sbytes += td->td_retval[0];
2533 sbunlock(&so->so_snd);
2536 * If there was no error we have to clear td->td_retval[0]
2537 * because it may have been set by writev.
2540 td->td_retval[0] = 0;
2546 vm_object_deallocate(obj);
2553 mtx_lock(&sfs->mtx);
2554 if (sfs->count != 0)
2555 cv_wait(&sfs->cv, &sfs->mtx);
2556 KASSERT(sfs->count == 0, ("sendfile sync still busy"));
2557 cv_destroy(&sfs->cv);
2558 mtx_destroy(&sfs->mtx);
2562 if (error == ERESTART)