BSD 4_4_Lite2 release

[unix-history] / usr / src / sys / kern / uipc_usrreq.c

diff --git a/usr/src/sys/kern/uipc_usrreq.c b/usr/src/sys/kern/uipc_usrreq.c
index e31c031..c6bcbfd 100644 (file)
--- a/usr/src/sys/kern/uipc_usrreq.c
+++ b/usr/src/sys/kern/uipc_usrreq.c
@@ -1,25 +1,53 @@
 /*
 /*

+ * Copyright (c) 1982, 1986, 1989, 1991, 1993
+ *     The Regents of the University of California.  All rights reserved.

  *
  *

- * %sccs.include.redist.c%
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *     This product includes software developed by the University of
+ *     California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.

  *
  *

- *     @(#)uipc_usrreq.c       7.36 (Berkeley) %G%
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *     @(#)uipc_usrreq.c       8.9 (Berkeley) 5/14/95

  */
 
  */
 

-#include "param.h"
-#include "systm.h"
-#include "proc.h"
-#include "filedesc.h"
-#include "domain.h"
-#include "protosw.h"
-#include "socket.h"
-#include "socketvar.h"
-#include "unpcb.h"
-#include "un.h"
-#include "namei.h"
-#include "vnode.h"
-#include "file.h"
-#include "stat.h"
-#include "mbuf.h"
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/proc.h>
+#include <sys/filedesc.h>
+#include <sys/domain.h>
+#include <sys/protosw.h>
+#include <sys/socket.h>
+#include <sys/socketvar.h>
+#include <sys/unpcb.h>
+#include <sys/un.h>
+#include <sys/namei.h>
+#include <sys/vnode.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <sys/mbuf.h>

 
 /*
  * Unix communications domain.
 
 /*
  * Unix communications domain.


@@ -33,6 +61,7 @@ struct        sockaddr sun_noname = { sizeof(sun_noname), AF_UNIX };
 ino_t  unp_ino;                        /* prototype for fake inode numbers */
 
 /*ARGSUSED*/
 ino_t  unp_ino;                        /* prototype for fake inode numbers */
 
 /*ARGSUSED*/

+int

 uipc_usrreq(so, req, m, nam, control)
        struct socket *so;
        int req;
 uipc_usrreq(so, req, m, nam, control)
        struct socket *so;
        int req;


@@ -285,6 +314,7 @@ u_long      unpdg_recvspace = 4*1024;
 
 int    unp_rights;                     /* file descriptors in flight */
 
 
 int    unp_rights;                     /* file descriptors in flight */
 

+int

 unp_attach(so)
        struct socket *so;
 {
 unp_attach(so)
        struct socket *so;
 {


@@ -318,6 +348,7 @@ unp_attach(so)
        return (0);
 }
 
        return (0);
 }
 

+void

 unp_detach(unp)
        register struct unpcb *unp;
 {
 unp_detach(unp)
        register struct unpcb *unp;
 {


@@ -335,10 +366,20 @@ unp_detach(unp)
        unp->unp_socket->so_pcb = 0;
        m_freem(unp->unp_addr);
        (void) m_free(dtom(unp));
        unp->unp_socket->so_pcb = 0;
        m_freem(unp->unp_addr);
        (void) m_free(dtom(unp));

-       if (unp_rights)
+       if (unp_rights) {
+               /*
+                * Normally the receive buffer is flushed later,
+                * in sofree, but if our receive buffer holds references
+                * to descriptors that are now garbage, we will dispose
+                * of those descriptor references after the garbage collector
+                * gets them (resulting in a "panic: closef: count < 0").
+                */
+               sorflush(unp->unp_socket);

                unp_gc();
                unp_gc();

+       }

 }
 
 }
 

+int

 unp_bind(unp, nam, p)
        struct unpcb *unp;
        struct mbuf *nam;
 unp_bind(unp, nam, p)
        struct unpcb *unp;
        struct mbuf *nam;


@@ -351,7 +392,7 @@ unp_bind(unp, nam, p)
        struct nameidata nd;
 
        NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT, UIO_SYSSPACE,
        struct nameidata nd;
 
        NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT, UIO_SYSSPACE,

-               soun->sun_path, p);
+           soun->sun_path, p);

        if (unp->unp_vnode != NULL)
                return (EINVAL);
        if (nam->m_len == MLEN) {
        if (unp->unp_vnode != NULL)
                return (EINVAL);
        if (nam->m_len == MLEN) {


@@ -374,18 +415,19 @@ unp_bind(unp, nam, p)
        }
        VATTR_NULL(&vattr);
        vattr.va_type = VSOCK;
        }
        VATTR_NULL(&vattr);
        vattr.va_type = VSOCK;

-       vattr.va_mode = 0777;
-       LEASE_CHECK(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
+       vattr.va_mode = ACCESSPERMS;
+       VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);

        if (error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr))
                return (error);
        vp = nd.ni_vp;
        vp->v_socket = unp->unp_socket;
        unp->unp_vnode = vp;
        unp->unp_addr = m_copy(nam, 0, (int)M_COPYALL);
        if (error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr))
                return (error);
        vp = nd.ni_vp;
        vp->v_socket = unp->unp_socket;
        unp->unp_vnode = vp;
        unp->unp_addr = m_copy(nam, 0, (int)M_COPYALL);

-       VOP_UNLOCK(vp);
+       VOP_UNLOCK(vp, 0, p);

        return (0);
 }
 
        return (0);
 }
 

+int

 unp_connect(so, nam, p)
        struct socket *so;
        struct mbuf *nam;
 unp_connect(so, nam, p)
        struct socket *so;
        struct mbuf *nam;


@@ -441,6 +483,7 @@ bad:
        return (error);
 }
 
        return (error);
 }
 

+int

 unp_connect2(so, so2)
        register struct socket *so;
        register struct socket *so2;
 unp_connect2(so, so2)
        register struct socket *so;
        register struct socket *so2;


@@ -472,6 +515,7 @@ unp_connect2(so, so2)
        return (0);
 }
 
        return (0);
 }
 

+void

 unp_disconnect(unp)
        struct unpcb *unp;
 {
 unp_disconnect(unp)
        struct unpcb *unp;
 {


@@ -509,6 +553,7 @@ unp_disconnect(unp)
 }
 
 #ifdef notdef
 }
 
 #ifdef notdef

+void

 unp_abort(unp)
        struct unpcb *unp;
 {
 unp_abort(unp)
        struct unpcb *unp;
 {


@@ -517,6 +562,7 @@ unp_abort(unp)
 }
 #endif
 
 }
 #endif
 

+void

 unp_shutdown(unp)
        struct unpcb *unp;
 {
 unp_shutdown(unp)
        struct unpcb *unp;
 {


@@ -527,6 +573,7 @@ unp_shutdown(unp)
                socantrcvmore(so);
 }
 
                socantrcvmore(so);
 }
 

+void

 unp_drop(unp, errno)
        struct unpcb *unp;
        int errno;
 unp_drop(unp, errno)
        struct unpcb *unp;
        int errno;


@@ -550,6 +597,7 @@ unp_drain()
 }
 #endif
 
 }
 #endif
 

+int

 unp_externalize(rights)
        struct mbuf *rights;
 {
 unp_externalize(rights)
        struct mbuf *rights;
 {


@@ -581,6 +629,7 @@ unp_externalize(rights)
        return (0);
 }
 
        return (0);
 }
 

+int

 unp_internalize(control, p)
        struct mbuf *control;
        struct proc *p;
 unp_internalize(control, p)
        struct mbuf *control;
        struct proc *p;


@@ -615,23 +664,24 @@ unp_internalize(control, p)
 }
 
 int    unp_defer, unp_gcing;
 }
 
 int    unp_defer, unp_gcing;

-int    unp_mark();

 extern struct domain unixdomain;
 
 extern struct domain unixdomain;
 

+void

 unp_gc()
 {
        register struct file *fp, *nextfp;
        register struct socket *so;
 unp_gc()
 {
        register struct file *fp, *nextfp;
        register struct socket *so;

+       struct file **extra_ref, **fpp;
+       int nunref, i;

 
        if (unp_gcing)
                return;
        unp_gcing = 1;
 
        if (unp_gcing)
                return;
        unp_gcing = 1;

-restart:

        unp_defer = 0;
        unp_defer = 0;

-       for (fp = filehead; fp; fp = fp->f_filef)
+       for (fp = filehead.lh_first; fp != 0; fp = fp->f_list.le_next)

                fp->f_flag &= ~(FMARK|FDEFER);
        do {
                fp->f_flag &= ~(FMARK|FDEFER);
        do {

-               for (fp = filehead; fp; fp = fp->f_filef) {
+               for (fp = filehead.lh_first; fp != 0; fp = fp->f_list.le_next) {

                        if (fp->f_count == 0)
                                continue;
                        if (fp->f_flag & FDEFER) {
                        if (fp->f_count == 0)
                                continue;
                        if (fp->f_flag & FDEFER) {


@@ -669,29 +719,78 @@ restart:
                        unp_scan(so->so_rcv.sb_mb, unp_mark);
                }
        } while (unp_defer);
                        unp_scan(so->so_rcv.sb_mb, unp_mark);
                }
        } while (unp_defer);

-       for (fp = filehead; fp; fp = nextfp) {
-               nextfp = fp->f_filef;
+       /*
+        * We grab an extra reference to each of the file table entries
+        * that are not otherwise accessible and then free the rights
+        * that are stored in messages on them.
+        *
+        * The bug in the orginal code is a little tricky, so I'll describe
+        * what's wrong with it here.
+        *
+        * It is incorrect to simply unp_discard each entry for f_msgcount
+        * times -- consider the case of sockets A and B that contain
+        * references to each other.  On a last close of some other socket,
+        * we trigger a gc since the number of outstanding rights (unp_rights)
+        * is non-zero.  If during the sweep phase the gc code un_discards,
+        * we end up doing a (full) closef on the descriptor.  A closef on A
+        * results in the following chain.  Closef calls soo_close, which
+        * calls soclose.   Soclose calls first (through the switch
+        * uipc_usrreq) unp_detach, which re-invokes unp_gc.  Unp_gc simply
+        * returns because the previous instance had set unp_gcing, and
+        * we return all the way back to soclose, which marks the socket
+        * with SS_NOFDREF, and then calls sofree.  Sofree calls sorflush
+        * to free up the rights that are queued in messages on the socket A,
+        * i.e., the reference on B.  The sorflush calls via the dom_dispose
+        * switch unp_dispose, which unp_scans with unp_discard.  This second
+        * instance of unp_discard just calls closef on B.
+        *
+        * Well, a similar chain occurs on B, resulting in a sorflush on B,
+        * which results in another closef on A.  Unfortunately, A is already
+        * being closed, and the descriptor has already been marked with
+        * SS_NOFDREF, and soclose panics at this point.
+        *
+        * Here, we first take an extra reference to each inaccessible
+        * descriptor.  Then, we call sorflush ourself, since we know
+        * it is a Unix domain socket anyhow.  After we destroy all the
+        * rights carried in messages, we do a last closef to get rid
+        * of our extra reference.  This is the last close, and the
+        * unp_detach etc will shut down the socket.
+        *
+        * 91/09/19, bsy@cs.cmu.edu
+        */
+       extra_ref = malloc(nfiles * sizeof(struct file *), M_FILE, M_WAITOK);
+       for (nunref = 0, fp = filehead.lh_first, fpp = extra_ref; fp != 0;
+           fp = nextfp) {
+               nextfp = fp->f_list.le_next;

                if (fp->f_count == 0)
                        continue;
                if (fp->f_count == 0)
                        continue;

-               if (fp->f_count == fp->f_msgcount && (fp->f_flag & FMARK) == 0)
-                       while (fp->f_msgcount)
-                               unp_discard(fp);
+               if (fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) {
+                       *fpp++ = fp;
+                       nunref++;
+                       fp->f_count++;
+               }

        }
        }

+       for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp)
+               sorflush((struct socket *)(*fpp)->f_data);
+       for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp)
+               closef(*fpp, (struct proc *)NULL);
+       free((caddr_t)extra_ref, M_FILE);

        unp_gcing = 0;
 }
 
        unp_gcing = 0;
 }
 

+void

 unp_dispose(m)
        struct mbuf *m;
 {
 unp_dispose(m)
        struct mbuf *m;
 {

-       int unp_discard();

 
        if (m)
                unp_scan(m, unp_discard);
 }
 
 
        if (m)
                unp_scan(m, unp_discard);
 }
 

+void

 unp_scan(m0, op)
        register struct mbuf *m0;
 unp_scan(m0, op)
        register struct mbuf *m0;

-       int (*op)();
+       void (*op) __P((struct file *));

 {
        register struct mbuf *m;
        register struct file **rp;
 {
        register struct mbuf *m;
        register struct file **rp;


@@ -718,6 +817,7 @@ unp_scan(m0, op)
        }
 }
 
        }
 }
 

+void

 unp_mark(fp)
        struct file *fp;
 {
 unp_mark(fp)
        struct file *fp;
 {


@@ -728,6 +828,7 @@ unp_mark(fp)
        fp->f_flag |= (FMARK|FDEFER);
 }
 
        fp->f_flag |= (FMARK|FDEFER);
 }
 

+void

 unp_discard(fp)
        struct file *fp;
 {
 unp_discard(fp)
        struct file *fp;
 {