Commit Graph

51 Commits

Author SHA1 Message Date
thorpej 80cc38a1af Fix a partial construction problem that can cause race conditions
between creation of a file descriptor and close(2) when using kernel
assisted threads.  What we do is stick descriptors in the table, but
mark them as "larval".  This causes essentially everything to treat
it as a non-existent descriptor, except for fdalloc(), which sees a
filled slot so that it won't (incorrectly) allocate it again.  When
a descriptor is fully constructed, the code that has constructed it
marks it as "mature" (which actually clears the "larval" flag), and
things continue to work as normal.

While here, gather all the code that gets a descriptor from the table
into a fd_getfile() function, and call it, rather than having the
same (sometimes incorrect) code copied all over the place.
2001-06-14 20:32:41 +00:00
thorpej d9b3317e3e Rework fdalloc() even further: split fdalloc() into fdalloc() and
fdexpand().  The former will return ENOSPC if there is not space
in the current filedesc table.  The latter performs the expansion
of the filedesc table.  This means that fdalloc() won't ever block,
and it gives callers an opportunity to clean up before the
potentially-blocking fdexpand() call.

Update all fdalloc() callers to deal with the need-to-fdexpand() case.

Rewrite unp_externalize() to use fdalloc() and fdexpand() in a
safe way, using an algorithm suggested by Bill Sommerfeld:
- Use a temporary array of integers to hold the new filedesc table
  indexes.  This allows us to repeat the loop if necessary.
- Loop through the array of file *'s, assigning them to filedesc table
  slots.  If fdalloc() indicates expansion is necessary, undo the
  assignments we've done so far, expand, and retry the whole process.
- Once all file *'s have been assigned to slots, update the f_msgcount
  and unp_rights counters.
- Right before we return, copy the temporary integer array to the message
  buffer, and trim the length as before.
Note that once locking is added to the filedesc array, this entire
operation will be `atomic', in that the lock will be held while
file *'s are assigned to embryonic table slots, thus preventing anything
else from using them.
2001-06-07 01:29:16 +00:00
thorpej c55795d055 Change fdalloc() to return ERESTART if we had to reallocate the
descriptor array, which may have blocked.  Change callers of
fdalloc() to restart whatever they\'re doing if this condition
happens.  (XXX unp_externalize() needs some work, but that will
be tackled later.)

Change finishdup() to close the descriptor in the `new\' slot if
one exists, and change sys_dup2() accordingly.

Closes a race condition when using kernel-assisted user threads.

While here, garbage-collect UF_MAPPED -- it is not used anywhere.
2001-06-06 17:00:00 +00:00
thorpej 0a3a6e34f8 Oops, missed a couple of places where CMSG_*() should be used. No
functional change in this case, but the code is now correct.
2000-06-05 16:29:45 +00:00
thorpej 724a90318e - Fix file descriptor passing AGAIN. This has apparently been broken
on LP64 systems (and probably the SPARC) since the __cmsg_alignbytes()
  changes went in.
- Change file descriptor passing to use CMSG_DATA(), not (cm + 1).  This
  pretty much has to be done in order to make it work properly on LP64,
  and considering that it's been broken this long...
- Use CMSG_SPACE() to determine the mbuf length needed for a given
  control message, and CMSG_LEN() to stash in the cmsg_len member.
2000-06-05 06:06:07 +00:00
augustss 264f1d27c6 Get rid of register declarations. 2000-03-30 09:27:11 +00:00
thorpej bbf19ba181 Um, hi, let's initialize pointers before we use them. 1999-06-17 23:17:45 +00:00
thorpej e3669c3393 Add "use counting" to file entries. When closing a file, and it's reference
count is 0, wait for use count to drain before finishing the close.

This is necessary in order for multiple processes to safely share file
descriptor tables.
1999-05-05 20:01:01 +00:00
thorpej 4913e22a19 Fix alignment problem in the garbage-collection code path. 1999-05-05 19:05:43 +00:00
thorpej 16936c9565 Break cdir/rdir/cmask info out of struct filedesc, and put it in a new
substructure, `cwdinfo'.  Implement optional sharing of this substructure.

This is required for clone(2).
1999-04-30 18:42:58 +00:00
mrg 48c12bfeed revert previous. oops. 1999-04-21 02:37:07 +00:00
mrg 58540a2274 properly test the msgsz as "msgsz - len". from PR#7386 1999-04-21 02:31:49 +00:00
sommerfe 098b6f8e8a Disallow descriptor-passing of descriptors which are open on
directories which aren't under the recipient's root.

Clean up of many error conditions involving descriptor passing, to
eliminate infinite loops, panics, premature garbage collection of
sockets, and descriptor leaks:
 - Avoid letting unp_gc() see descriptors with a refcount of zero by
removing them from the socket's queue before releasing them.
 - Avoid socket leak in PRU_ABORT (this will also gc descriptors queued
on a not-yet accepted socket when the accepting socket goes away).
 - Put in block comment explaining how unp_gc() should work.
 - Correctly manage unp_defer count so we don't get stuck in an infinite
loop with nothing to do.
 - Don't tie MARK and DEFER bits so closely together.
 - Mark descriptors queued on not-yet-accepted sockets as well.
 - Don't call sorflush on non-socket, it doesn't work very well.
 - Deal with discard of NULL file pointer.
 - Hopefully cause GC to converge faster by only deferring sockets in
unp_mark().
1999-03-22 17:54:38 +00:00
thorpej 943f7cd0e7 In unp_internalize(), add a comment explaining why we must ALIGN() the
data after the cmsghdr when accessing internalized SCM_RIGHTS messages
(i.e. array of struct file *s).  The historic interface does not align
the externalized SCM_RIGHTS messages (i.e. array of ints).
1998-12-21 23:12:19 +00:00
thorpej 992f3b8ea7 Fix a fencepost error in unp_scan() which caused a bad pointer deref on
the SPARC platform only (ILP32 but ALIGNBYTES of 7), due to a missing
ALIGN().
1998-12-21 23:03:02 +00:00
perry 275d1554aa Abolition of bcopy, ovbcopy, bcmp, and bzero, phase one.
bcopy(x, y, z) ->  memcpy(y, x, z)
ovbcopy(x, y, z) -> memmove(y, x, z)
   bcmp(x, y, z) ->  memcmp(x, y, z)
  bzero(x, y)    ->  memset(x, 0, y)
1998-08-04 04:03:10 +00:00
perry 730baa7431 fix sizeofs so they comply with the KNF style guide. yes, it is pedantic. 1998-07-31 22:50:48 +00:00
lukem 786b86d71b use AF_LOCAL instead of AF_UNIX 1998-07-18 05:04:35 +00:00
thorpej 4c50a37133 Back out previous, I botched something. 1998-07-16 00:46:50 +00:00
thorpej b20c7bf68c For SOCK_STREAM, provide the socket credentials to the accepter as soon as
the client connects.
1998-07-10 22:15:47 +00:00
fvdl e5bc90f40c Merge with Lite2 + local changes 1998-03-01 02:20:01 +00:00
thorpej cc22126721 Implement passing credentials as ancillary data on Unix domain sockets,
enabled with the LOCAL_CREDS socket option on the listener.  Semantics are
similar to BSD/OS's:
- Creds are available with first data on SOCK_STREAM, and with every datagram
  on SOCK_DGRAM.
- It is not possible to forge credentials.

Different in that:
- Different credential data structure (ours does not rely on the format
  of internal kernel data structures, and does not pass the login name).
- We can pass creds and file descriptors at the same time (this does not
  work in BSD/OS).

Luke Mewburn <lukem@netbsd.org> gets credit for inspiring me to implement
this.  :-)
1998-01-07 22:57:09 +00:00
thorpej e918c058f1 Fix passing of multiple file descriptors (was broken when code was made
64-bit safe).
1998-01-07 04:03:38 +00:00
christos 3f60774556 PR/4280: Chris Jones: Sending more than one fd over AF_UNIX sockets causes
panic. Bug in the fd -> struct file * conversion...
1997-10-17 17:35:08 +00:00
thorpej 1351e629b3 Several small changes to eliminate kludginess in dealing with unix domain
socket names:
- In unp_setsockaddr() and unp_setpeeraddr(), if the socket name can't
  fit into a single mbuf, allocate enough external storage space to
  hold it.
- In unp_bind() and unp_connect(), perform a similar operation, but allocate
  one extra byte, and ensure that the pathname is nul-terminated.
Many thanks to enami tsugutomo <enami@cv.sony.co.jp> for the sanity
checking.
1997-06-26 06:06:40 +00:00
thorpej a149ed59e4 Eliminate use of dtom() in the handing of UNIX domain sockets. Add an
"unp_addrlen" member to the unpcb, and use it when copying the socket
name.  This eliminates that last uses of dtom() in the system.
1997-06-24 19:12:53 +00:00
kleink 9827bd6dc6 When fstat(2)ing a file descriptor of a local communications domain socket,
fill the socket's creation time into the stat structure's st_[acm]time fields:
POSIX requires this behavior for pipe(2). N.B.: updating the st_[am]time fields
when reading/writing the pipe is neither required nor implemented, though.
1997-05-15 17:01:04 +00:00
cgd 319b64a8f7 Internalize and externalize file descriptors being passed via local domain
socket control messages correctly, without assuming that sizeof(int) ==
sizeof(pointer).  Fixes PR#3183.
1997-04-10 01:51:21 +00:00
mycroft 4c8302e0f4 Oops. Add missing label. 1996-05-23 17:07:03 +00:00
mycroft 8d0a82819c We can only get a control mbuf for PRU_SEND or PRU_SENDOOB. Add diagnostic
code to panic in this case.
1996-05-23 16:49:08 +00:00
mycroft 5288bfd58b Make sure the control and data mbufs are freed in all cases. 1996-05-23 16:41:49 +00:00
mycroft 03232fb1f2 Separate some code into separate functions.
Make unp_addr be a pointer to the sockaddr, not to the mbuf, as with raw
sockets.
Other minor cleanup.
1996-05-23 16:03:45 +00:00
mycroft 49d52c9b1c Pass a proc pointer down to the usrreq and pcbbind functions for PRU_ATTACH, PRU_BIND and
PRU_CONTROL.  The usrreq interface really needs to be split up, but this will have to wait.
Remove SS_PRIV completely.
1996-05-22 13:54:55 +00:00
christos 09afd77655 More proto fixes 1996-02-09 18:59:18 +00:00
pk 00acf2040e unp_detach() return type botch. 1996-02-04 20:32:15 +00:00
christos e630447d8c First pass at prototyping 1996-02-04 02:17:43 +00:00
mycroft 873ed30f83 so_pcb should be a void *. 1995-08-17 02:57:20 +00:00
mycroft 0ecd5256ad Allocate PCBs with malloc(), more mgetclr(). Be more careful to free the
PCB after it's done with.
1995-08-16 00:29:50 +00:00
mycroft bb85930bbe Add missing argument to closef(). 1995-04-05 21:26:40 +00:00
mycroft a18ec3cb1b LEASE_CHECK -> VOP_LEASE 1994-12-13 21:52:35 +00:00
mycroft 2f710a54ee Convert process, file, and namei lists and hash tables to use queue.h. 1994-08-30 03:04:28 +00:00
cgd cf92afd66e New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD' 1994-06-29 06:29:24 +00:00
mycroft 699bbb84b6 Update to 4.4-Lite fs code. 1994-06-08 11:28:29 +00:00
mycroft 511a02415f Fix panic when closing a file descriptor on which access rights have been sent
but not received.
1994-05-04 09:50:11 +00:00
mycroft 7f50bd1829 Canonicalize all #includes. 1993-12-18 04:21:37 +00:00
mycroft 40222e846f Fix from Noriyuki Soda <soda@sra.co.jp>:
recvmsg(2) always returns -1 with errno==EMSGSIZE, when trying
        to pass file descriptors through UNIX domain socket.
1993-09-14 03:35:08 +00:00
andrew 0e6cb953ea ANSIfications - removed all implicit function return types and argument
definitions.  Ensured that all files include "systm.h" to gain access to
general prototypes.  Casts where necessary.
1993-06-27 06:01:27 +00:00
andrew d790308a20 Yuval Yarom's 'panic:closef: count < 0' fix to unp_discard(). 1993-06-12 14:01:23 +00:00
cgd fe1802950b add include of select.h if necessary for protos, or delete if extraneous 1993-05-22 11:40:42 +00:00
cgd 8d6c77881c make kernel select interface be one-stop shopping & clean it all up. 1993-05-18 18:18:40 +00:00