X-Git-Url: https://git.subgeniuskitty.com/unix-history/.git/blobdiff_plain/cd9b8206c8aa3501b9c3f4fbc955f9f87727417f..a2cdf9f6b08eceef2637b965669f0e87065b27fb:/usr/src/sys/kern/uipc_usrreq.c diff --git a/usr/src/sys/kern/uipc_usrreq.c b/usr/src/sys/kern/uipc_usrreq.c index 569ec34ef4..04b723b4fa 100644 --- a/usr/src/sys/kern/uipc_usrreq.c +++ b/usr/src/sys/kern/uipc_usrreq.c @@ -1,17 +1,25 @@ -/* uipc_usrreq.c 6.4 84/05/02 */ - -#include "../h/param.h" -#include "../h/dir.h" -#include "../h/user.h" -#include "../h/mbuf.h" -#include "../h/protosw.h" -#include "../h/socket.h" -#include "../h/socketvar.h" -#include "../h/unpcb.h" -#include "../h/un.h" -#include "../h/inode.h" -#include "../h/nami.h" -#include "../h/file.h" +/* + * + * %sccs.include.redist.c% + * + * @(#)uipc_usrreq.c 8.2 (Berkeley) %G% + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include /* * Unix communications domain. @@ -21,19 +29,23 @@ * rethink name space problems * need a proper out-of-band */ -struct sockaddr sun_noname = { AF_UNIX }; +struct sockaddr sun_noname = { sizeof(sun_noname), AF_UNIX }; +ino_t unp_ino; /* prototype for fake inode numbers */ /*ARGSUSED*/ -uipc_usrreq(so, req, m, nam, rights) +uipc_usrreq(so, req, m, nam, control) struct socket *so; int req; - struct mbuf *m, *nam, *rights; + struct mbuf *m, *nam, *control; { struct unpcb *unp = sotounpcb(so); register struct socket *so2; - int error = 0; + register int error = 0; + struct proc *p = curproc; /* XXX */ - if (req != PRU_SEND && rights && rights->m_len) { + if (req == PRU_CONTROL) + return (EOPNOTSUPP); + if (req != PRU_SEND && control && control->m_len) { error = EOPNOTSUPP; goto release; } @@ -56,21 +68,20 @@ uipc_usrreq(so, req, m, nam, rights) break; case PRU_BIND: - error = unp_bind(unp, nam); + error = unp_bind(unp, nam, p); break; case PRU_LISTEN: - if (unp->unp_inode == 0) + if (unp->unp_vnode == 0) error = EINVAL; break; case PRU_CONNECT: - error = unp_connect(so, nam); + error = unp_connect(so, nam, p); break; case PRU_CONNECT2: - error = unp_connect2(so, (struct mbuf *)0, - (struct socket *)nam); + error = unp_connect2(so, (struct socket *)nam); break; case PRU_DISCONNECT: @@ -78,14 +89,24 @@ uipc_usrreq(so, req, m, nam, rights) break; case PRU_ACCEPT: - nam->m_len = unp->unp_remaddr->m_len; - bcopy(mtod(unp->unp_remaddr, caddr_t), - mtod(nam, caddr_t), (unsigned)nam->m_len); + /* + * Pass back name of connected socket, + * if it was bound and we are still connected + * (our peer may have closed already!). + */ + if (unp->unp_conn && unp->unp_conn->unp_addr) { + nam->m_len = unp->unp_conn->unp_addr->m_len; + bcopy(mtod(unp->unp_conn->unp_addr, caddr_t), + mtod(nam, caddr_t), (unsigned)nam->m_len); + } else { + nam->m_len = sizeof(sun_noname); + *(mtod(nam, struct sockaddr *)) = sun_noname; + } break; case PRU_SHUTDOWN: socantsendmore(so); - unp_usrclosed(unp); + unp_shutdown(unp); break; case PRU_RCVD: @@ -102,14 +123,14 @@ uipc_usrreq(so, req, m, nam, rights) break; so2 = unp->unp_conn->unp_socket; /* - * Transfer resources back to send port + * Adjust backpressure on sender * and wakeup any waiting to write. */ - snd->sb_mbmax += rcv->sb_mbmax - rcv->sb_mbcnt; - rcv->sb_mbmax = rcv->sb_mbcnt; - snd->sb_hiwat += rcv->sb_hiwat - rcv->sb_cc; - rcv->sb_hiwat = rcv->sb_cc; - sbwakeup(snd); + snd->sb_mbmax += unp->unp_mbcnt - rcv->sb_mbcnt; + unp->unp_mbcnt = rcv->sb_mbcnt; + snd->sb_hiwat += unp->unp_cc - rcv->sb_cc; + unp->unp_cc = rcv->sb_cc; + sowwakeup(so2); #undef snd #undef rcv break; @@ -120,15 +141,19 @@ uipc_usrreq(so, req, m, nam, rights) break; case PRU_SEND: + if (control && (error = unp_internalize(control, p))) + break; switch (so->so_type) { - case SOCK_DGRAM: + case SOCK_DGRAM: { + struct sockaddr *from; + if (nam) { if (unp->unp_conn) { error = EISCONN; break; } - error = unp_connect(so, nam); + error = unp_connect(so, nam, p); if (error) break; } else { @@ -138,48 +163,48 @@ uipc_usrreq(so, req, m, nam, rights) } } so2 = unp->unp_conn->unp_socket; - /* BEGIN XXX */ - if (rights) { - error = unp_internalize(rights); - if (error) - break; - } - if (sbspace(&so2->so_rcv) > 0) { - /* - * There's no record of source socket's - * name, so send null name for the moment. - */ - (void) sbappendaddr(&so2->so_rcv, - &sun_noname, m, rights); - sbwakeup(&so2->so_rcv); + if (unp->unp_addr) + from = mtod(unp->unp_addr, struct sockaddr *); + else + from = &sun_noname; + if (sbappendaddr(&so2->so_rcv, from, m, control)) { + sorwakeup(so2); m = 0; - } - /* END XXX */ + control = 0; + } else + error = ENOBUFS; if (nam) unp_disconnect(unp); break; + } case SOCK_STREAM: #define rcv (&so2->so_rcv) #define snd (&so->so_snd) - if (rights && rights->m_len) { - error = EOPNOTSUPP; + if (so->so_state & SS_CANTSENDMORE) { + error = EPIPE; break; } if (unp->unp_conn == 0) panic("uipc 3"); so2 = unp->unp_conn->unp_socket; /* - * Send to paired receive port, and then - * give it enough resources to hold what it already has. + * Send to paired receive port, and then reduce + * send buffer hiwater marks to maintain backpressure. * Wake up readers. */ - sbappend(rcv, m); - snd->sb_mbmax -= rcv->sb_mbcnt - rcv->sb_mbmax; - rcv->sb_mbmax = rcv->sb_mbcnt; - snd->sb_hiwat -= rcv->sb_cc - rcv->sb_hiwat; - rcv->sb_hiwat = rcv->sb_cc; - sbwakeup(rcv); + if (control) { + if (sbappendcontrol(rcv, m, control)) + control = 0; + } else + sbappend(rcv, m); + snd->sb_mbmax -= + rcv->sb_mbcnt - unp->unp_conn->unp_mbcnt; + unp->unp_conn->unp_mbcnt = rcv->sb_mbcnt; + snd->sb_hiwat -= rcv->sb_cc - unp->unp_conn->unp_cc; + unp->unp_conn->unp_cc = rcv->sb_cc; + sorwakeup(so2); + m = 0; #undef snd #undef rcv break; @@ -187,32 +212,47 @@ uipc_usrreq(so, req, m, nam, rights) default: panic("uipc 4"); } - m = 0; break; case PRU_ABORT: unp_drop(unp, ECONNABORTED); break; -/* SOME AS YET UNIMPLEMENTED HOOKS */ - case PRU_CONTROL: - return (EOPNOTSUPP); - case PRU_SENSE: - error = EOPNOTSUPP; - break; -/* END UNIMPLEMENTED HOOKS */ + ((struct stat *) m)->st_blksize = so->so_snd.sb_hiwat; + if (so->so_type == SOCK_STREAM && unp->unp_conn != 0) { + so2 = unp->unp_conn->unp_socket; + ((struct stat *) m)->st_blksize += so2->so_rcv.sb_cc; + } + ((struct stat *) m)->st_dev = NODEV; + if (unp->unp_ino == 0) + unp->unp_ino = unp_ino++; + ((struct stat *) m)->st_ino = unp->unp_ino; + return (0); case PRU_RCVOOB: - break; + return (EOPNOTSUPP); case PRU_SENDOOB: + error = EOPNOTSUPP; break; case PRU_SOCKADDR: + if (unp->unp_addr) { + nam->m_len = unp->unp_addr->m_len; + bcopy(mtod(unp->unp_addr, caddr_t), + mtod(nam, caddr_t), (unsigned)nam->m_len); + } else + nam->m_len = 0; break; case PRU_PEERADDR: + if (unp->unp_conn && unp->unp_conn->unp_addr) { + nam->m_len = unp->unp_conn->unp_addr->m_len; + bcopy(mtod(unp->unp_conn->unp_addr, caddr_t), + mtod(nam, caddr_t), (unsigned)nam->m_len); + } else + nam->m_len = 0; break; case PRU_SLOWTIMO: @@ -222,14 +262,28 @@ uipc_usrreq(so, req, m, nam, rights) panic("piusrreq"); } release: + if (control) + m_freem(control); if (m) m_freem(m); return (error); } -/* SHOULD BE PIPSIZ and 0 */ -int unp_sendspace = 1024*2; -int unp_recvspace = 1024*2 + sizeof(struct sockaddr); +/* + * Both send and receive buffers are allocated PIPSIZ bytes of buffering + * for stream sockets, although the total for sender and receiver is + * actually only PIPSIZ. + * Datagram sockets really use the sendspace as the maximum datagram size, + * and don't really want to reserve the sendspace. Their recvspace should + * be large enough for at least one max-size datagram plus address. + */ +#define PIPSIZ 4096 +u_long unpst_sendspace = PIPSIZ; +u_long unpst_recvspace = PIPSIZ; +u_long unpdg_sendspace = 2*1024; /* really max datagram size */ +u_long unpdg_recvspace = 4*1024; + +int unp_rights; /* file descriptors in flight */ unp_attach(so) struct socket *so; @@ -238,9 +292,23 @@ unp_attach(so) register struct unpcb *unp; int error; - error = soreserve(so, unp_sendspace, unp_recvspace); - if (error) - return (error); + if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { + switch (so->so_type) { + + case SOCK_STREAM: + error = soreserve(so, unpst_sendspace, unpst_recvspace); + break; + + case SOCK_DGRAM: + error = soreserve(so, unpdg_sendspace, unpdg_recvspace); + break; + + default: + panic("unp_attach"); + } + if (error) + return (error); + } m = m_getclr(M_DONTWAIT, MT_PCB); if (m == NULL) return (ENOBUFS); @@ -254,9 +322,10 @@ unp_detach(unp) register struct unpcb *unp; { - if (unp->unp_inode) { - irele(unp->unp_inode); - unp->unp_inode = 0; + if (unp->unp_vnode) { + unp->unp_vnode->v_socket = 0; + vrele(unp->unp_vnode); + unp->unp_vnode = 0; } if (unp->unp_conn) unp_disconnect(unp); @@ -264,69 +333,96 @@ unp_detach(unp) unp_drop(unp->unp_refs, ECONNRESET); soisdisconnected(unp->unp_socket); unp->unp_socket->so_pcb = 0; - m_freem(unp->unp_remaddr); + m_freem(unp->unp_addr); (void) m_free(dtom(unp)); + if (unp_rights) { + /* + * Normally the receive buffer is flushed later, + * in sofree, but if our receive buffer holds references + * to descriptors that are now garbage, we will dispose + * of those descriptor references after the garbage collector + * gets them (resulting in a "panic: closef: count < 0"). + */ + sorflush(unp->unp_socket); + unp_gc(); + } } -unp_bind(unp, nam) +unp_bind(unp, nam, p) struct unpcb *unp; struct mbuf *nam; + struct proc *p; { struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *); - register struct inode *ip; - extern schar(); + register struct vnode *vp; + struct vattr vattr; int error; + struct nameidata nd; - u.u_dirp = soun->sun_path; - if (nam->m_len == MLEN) + NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT, UIO_SYSSPACE, + soun->sun_path, p); + if (unp->unp_vnode != NULL) return (EINVAL); - *(mtod(nam, caddr_t) + nam->m_len) = 0; + if (nam->m_len == MLEN) { + if (*(mtod(nam, caddr_t) + nam->m_len - 1) != 0) + return (EINVAL); + } else + *(mtod(nam, caddr_t) + nam->m_len) = 0; /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */ - ip = namei(schar, CREATE, 1); - if (ip) { - iput(ip); - return (EADDRINUSE); - } - if (error = u.u_error) { - u.u_error = 0; /* XXX */ + if (error = namei(&nd)) return (error); + vp = nd.ni_vp; + if (vp != NULL) { + VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd); + if (nd.ni_dvp == vp) + vrele(nd.ni_dvp); + else + vput(nd.ni_dvp); + vrele(vp); + return (EADDRINUSE); } - ip = maknode(IFSOCK | 0777); - if (ip == NULL) { - error = u.u_error; /* XXX */ - u.u_error = 0; /* XXX */ + VATTR_NULL(&vattr); + vattr.va_type = VSOCK; + vattr.va_mode = ACCESSPERMS; + LEASE_CHECK(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE); + if (error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr)) return (error); - } - ip->i_socket = unp->unp_socket; - unp->unp_inode = ip; - iunlock(ip); /* but keep reference */ + vp = nd.ni_vp; + vp->v_socket = unp->unp_socket; + unp->unp_vnode = vp; + unp->unp_addr = m_copy(nam, 0, (int)M_COPYALL); + VOP_UNLOCK(vp); return (0); } -unp_connect(so, nam) +unp_connect(so, nam, p) struct socket *so; struct mbuf *nam; + struct proc *p; { register struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *); - register struct inode *ip; + register struct vnode *vp; + register struct socket *so2, *so3; + struct unpcb *unp2, *unp3; int error; - register struct socket *so2; - - u.u_dirp = soun->sun_path; - if (nam->m_len + (nam->m_off - MMINOFF) == MLEN) - return (EMSGSIZE); - *(mtod(nam, caddr_t) + nam->m_len) = 0; - ip = namei(schar, LOOKUP, 1); - if (ip == 0) { - error = u.u_error; - u.u_error = 0; - return (error); /* XXX */ - } - if ((ip->i_mode&IFMT) != IFSOCK) { + struct nameidata nd; + + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, soun->sun_path, p); + if (nam->m_data + nam->m_len == &nam->m_dat[MLEN]) { /* XXX */ + if (*(mtod(nam, caddr_t) + nam->m_len - 1) != 0) + return (EMSGSIZE); + } else + *(mtod(nam, caddr_t) + nam->m_len) = 0; + if (error = namei(&nd)) + return (error); + vp = nd.ni_vp; + if (vp->v_type != VSOCK) { error = ENOTSOCK; goto bad; } - so2 = ip->i_socket; + if (error = VOP_ACCESS(vp, VWRITE, p->p_ucred, p)) + goto bad; + so2 = vp->v_socket; if (so2 == 0) { error = ECONNREFUSED; goto bad; @@ -335,21 +431,27 @@ unp_connect(so, nam) error = EPROTOTYPE; goto bad; } - if (so->so_proto->pr_flags & PR_CONNREQUIRED && - ((so2->so_options&SO_ACCEPTCONN) == 0 || - (so2 = sonewconn(so2)) == 0)) { - error = ECONNREFUSED; - goto bad; + if (so->so_proto->pr_flags & PR_CONNREQUIRED) { + if ((so2->so_options & SO_ACCEPTCONN) == 0 || + (so3 = sonewconn(so2, 0)) == 0) { + error = ECONNREFUSED; + goto bad; + } + unp2 = sotounpcb(so2); + unp3 = sotounpcb(so3); + if (unp2->unp_addr) + unp3->unp_addr = + m_copy(unp2->unp_addr, 0, (int)M_COPYALL); + so2 = so3; } - error = unp_connect2(so, nam, so2); + error = unp_connect2(so, so2); bad: - iput(ip); + vput(vp); return (error); } -unp_connect2(so, sonam, so2) +unp_connect2(so, so2) register struct socket *so; - struct mbuf *sonam; register struct socket *so2; { register struct unpcb *unp = sotounpcb(so); @@ -364,14 +466,13 @@ unp_connect2(so, sonam, so2) case SOCK_DGRAM: unp->unp_nextref = unp2->unp_refs; unp2->unp_refs = unp; + soisconnected(so); break; case SOCK_STREAM: unp2->unp_conn = unp; - if (sonam) - unp2->unp_remaddr = m_copy(sonam, 0, (int)M_COPYALL); - soisconnected(so2); soisconnected(so); + soisconnected(so2); break; default: @@ -405,6 +506,7 @@ unp_disconnect(unp) unp2->unp_nextref = unp->unp_nextref; } unp->unp_nextref = 0; + unp->unp_socket->so_state &= ~SS_ISCONNECTED; break; case SOCK_STREAM: @@ -424,11 +526,14 @@ unp_abort(unp) } #endif -/*ARGSUSED*/ -unp_usrclosed(unp) +unp_shutdown(unp) struct unpcb *unp; { + struct socket *so; + if (unp->unp_socket->so_type == SOCK_STREAM && unp->unp_conn && + (so = unp->unp_conn->unp_socket)) + socantrcvmore(so); } unp_drop(unp, errno) @@ -441,7 +546,7 @@ unp_drop(unp, errno) unp_disconnect(unp); if (so->so_head) { so->so_pcb = (caddr_t) 0; - m_freem(unp->unp_remaddr); + m_freem(unp->unp_addr); (void) m_free(dtom(unp)); sofree(so); } @@ -457,13 +562,15 @@ unp_drain() unp_externalize(rights) struct mbuf *rights; { - int newfds = rights->m_len / sizeof (int); + struct proc *p = curproc; /* XXX */ register int i; - register struct file **rp = mtod(rights, struct file **); + register struct cmsghdr *cm = mtod(rights, struct cmsghdr *); + register struct file **rp = (struct file **)(cm + 1); register struct file *fp; + int newfds = (cm->cmsg_len - sizeof(*cm)) / sizeof (int); int f; - if (newfds > ufavail()) { + if (!fdavail(p, newfds)) { for (i = 0; i < newfds; i++) { fp = *rp; unp_discard(fp); @@ -472,56 +579,70 @@ unp_externalize(rights) return (EMSGSIZE); } for (i = 0; i < newfds; i++) { - f = ufalloc(0); - if (f < 0) + if (fdalloc(p, 0, &f)) panic("unp_externalize"); fp = *rp; - u.u_ofile[f] = fp; + p->p_fd->fd_ofiles[f] = fp; fp->f_msgcount--; + unp_rights--; *(int *)rp++ = f; } return (0); } -unp_internalize(rights) - struct mbuf *rights; +unp_internalize(control, p) + struct mbuf *control; + struct proc *p; { + struct filedesc *fdp = p->p_fd; + register struct cmsghdr *cm = mtod(control, struct cmsghdr *); register struct file **rp; - int oldfds = rights->m_len / sizeof (int); - register int i; register struct file *fp; + register int i, fd; + int oldfds; - rp = mtod(rights, struct file **); - for (i = 0; i < oldfds; i++) - if (getf(*(int *)rp++) == 0) + if (cm->cmsg_type != SCM_RIGHTS || cm->cmsg_level != SOL_SOCKET || + cm->cmsg_len != control->m_len) + return (EINVAL); + oldfds = (cm->cmsg_len - sizeof (*cm)) / sizeof (int); + rp = (struct file **)(cm + 1); + for (i = 0; i < oldfds; i++) { + fd = *(int *)rp++; + if ((unsigned)fd >= fdp->fd_nfiles || + fdp->fd_ofiles[fd] == NULL) return (EBADF); - rp = mtod(rights, struct file **); + } + rp = (struct file **)(cm + 1); for (i = 0; i < oldfds; i++) { - fp = getf(*(int *)rp); + fp = fdp->fd_ofiles[*(int *)rp]; *rp++ = fp; fp->f_count++; fp->f_msgcount++; + unp_rights++; } return (0); } int unp_defer, unp_gcing; int unp_mark(); +extern struct domain unixdomain; unp_gc() { - register struct file *fp; + register struct file *fp, *nextfp; register struct socket *so; + struct file **extra_ref, **fpp; + int nunref, i; if (unp_gcing) return; unp_gcing = 1; restart: unp_defer = 0; - for (fp = file; fp < fileNFILE; fp++) + for (fp = filehead; fp; fp = fp->f_filef) fp->f_flag &= ~(FMARK|FDEFER); do { - for (fp = file; fp < fileNFILE; fp++) { + for (fp = filehead; fp; fp = fp->f_filef) { if (fp->f_count == 0) continue; if (fp->f_flag & FDEFER) { @@ -534,59 +655,125 @@ restart: continue; fp->f_flag |= FMARK; } - if (fp->f_type != DTYPE_SOCKET) + if (fp->f_type != DTYPE_SOCKET || + (so = (struct socket *)fp->f_data) == 0) continue; - so = (struct socket *)fp->f_data; - if (so->so_proto->pr_family != AF_UNIX || - (so->so_proto->pr_flags&PR_ADDR) == 0) + if (so->so_proto->pr_domain != &unixdomain || + (so->so_proto->pr_flags&PR_RIGHTS) == 0) continue; +#ifdef notdef if (so->so_rcv.sb_flags & SB_LOCK) { - sbwait(&so->so_rcv); + /* + * This is problematical; it's not clear + * we need to wait for the sockbuf to be + * unlocked (on a uniprocessor, at least), + * and it's also not clear what to do + * if sbwait returns an error due to receipt + * of a signal. If sbwait does return + * an error, we'll go into an infinite + * loop. Delete all of this for now. + */ + (void) sbwait(&so->so_rcv); goto restart; } +#endif unp_scan(so->so_rcv.sb_mb, unp_mark); } } while (unp_defer); - for (fp = file; fp < fileNFILE; fp++) { + /* + * We grab an extra reference to each of the file table entries + * that are not otherwise accessible and then free the rights + * that are stored in messages on them. + * + * The bug in the orginal code is a little tricky, so I'll describe + * what's wrong with it here. + * + * It is incorrect to simply unp_discard each entry for f_msgcount + * times -- consider the case of sockets A and B that contain + * references to each other. On a last close of some other socket, + * we trigger a gc since the number of outstanding rights (unp_rights) + * is non-zero. If during the sweep phase the gc code un_discards, + * we end up doing a (full) closef on the descriptor. A closef on A + * results in the following chain. Closef calls soo_close, which + * calls soclose. Soclose calls first (through the switch + * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply + * returns because the previous instance had set unp_gcing, and + * we return all the way back to soclose, which marks the socket + * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush + * to free up the rights that are queued in messages on the socket A, + * i.e., the reference on B. The sorflush calls via the dom_dispose + * switch unp_dispose, which unp_scans with unp_discard. This second + * instance of unp_discard just calls closef on B. + * + * Well, a similar chain occurs on B, resulting in a sorflush on B, + * which results in another closef on A. Unfortunately, A is already + * being closed, and the descriptor has already been marked with + * SS_NOFDREF, and soclose panics at this point. + * + * Here, we first take an extra reference to each inaccessible + * descriptor. Then, we call sorflush ourself, since we know + * it is a Unix domain socket anyhow. After we destroy all the + * rights carried in messages, we do a last closef to get rid + * of our extra reference. This is the last close, and the + * unp_detach etc will shut down the socket. + * + * 91/09/19, bsy@cs.cmu.edu + */ + extra_ref = malloc(nfiles * sizeof(struct file *), M_FILE, M_WAITOK); + for (nunref = 0, fp = filehead, fpp = extra_ref; fp; fp = nextfp) { + nextfp = fp->f_filef; if (fp->f_count == 0) continue; - if (fp->f_count == fp->f_msgcount && (fp->f_flag&FMARK)==0) { - if (fp->f_type != DTYPE_SOCKET) - panic("unp_gc"); - (void) soshutdown((struct socket *)fp->f_data, 0); + if (fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) { + *fpp++ = fp; + nunref++; + fp->f_count++; } } + for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) + sorflush((struct socket *)(*fpp)->f_data); + for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) + closef(*fpp); + free((caddr_t)extra_ref, M_FILE); unp_gcing = 0; } -unp_scan(m, op) - register struct mbuf *m; +unp_dispose(m) + struct mbuf *m; +{ + int unp_discard(); + + if (m) + unp_scan(m, unp_discard); +} + +unp_scan(m0, op) + register struct mbuf *m0; int (*op)(); { + register struct mbuf *m; register struct file **rp; + register struct cmsghdr *cm; register int i; int qfds; - while (m) { - m = m->m_next; - if (m == 0) - goto bad; - if (m->m_len) { - qfds = m->m_len / sizeof (struct file *); - rp = mtod(m, struct file **); - for (i = 0; i < qfds; i++) - (*op)(*rp++); - } - do { - m = m->m_next; - if (m == 0) - goto bad; - } while (m->m_act == 0); - m = m->m_next; + while (m0) { + for (m = m0; m; m = m->m_next) + if (m->m_type == MT_CONTROL && + m->m_len >= sizeof(*cm)) { + cm = mtod(m, struct cmsghdr *); + if (cm->cmsg_level != SOL_SOCKET || + cm->cmsg_type != SCM_RIGHTS) + continue; + qfds = (cm->cmsg_len - sizeof *cm) + / sizeof (struct file *); + rp = (struct file **)(cm + 1); + for (i = 0; i < qfds; i++) + (*op)(*rp++); + break; /* XXX, but saves time */ + } + m0 = m0->m_act; } - return; -bad: - panic("unp_gcscan"); } unp_mark(fp) @@ -604,5 +791,6 @@ unp_discard(fp) { fp->f_msgcount--; - closef(fp); + unp_rights--; + (void) closef(fp, (struct proc *)NULL); }