1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
27 /* All Rights Reserved */
28
29 #include <sys/types.h>
30 #include <sys/sysmacros.h>
31 #include <sys/param.h>
32 #include <sys/systm.h>
33 #include <sys/errno.h>
34 #include <sys/signal.h>
35 #include <sys/cred.h>
36 #include <sys/user.h>
37 #include <sys/conf.h>
38 #include <sys/vfs.h>
39 #include <sys/vnode.h>
40 #include <sys/pathname.h>
41 #include <sys/file.h>
42 #include <sys/proc.h>
43 #include <sys/var.h>
44 #include <sys/cpuvar.h>
45 #include <sys/open.h>
46 #include <sys/cmn_err.h>
47 #include <sys/priocntl.h>
48 #include <sys/procset.h>
49 #include <sys/prsystm.h>
50 #include <sys/debug.h>
51 #include <sys/kmem.h>
52 #include <sys/atomic.h>
53 #include <sys/fcntl.h>
54 #include <sys/poll.h>
55 #include <sys/rctl.h>
56 #include <sys/port_impl.h>
57
58 #include <c2/audit.h>
59 #include <sys/nbmlock.h>
60
61 #ifdef DEBUG
62
63 static uint32_t afd_maxfd; /* # of entries in maximum allocated array */
64 static uint32_t afd_alloc; /* count of kmem_alloc()s */
65 static uint32_t afd_free; /* count of kmem_free()s */
66 static uint32_t afd_wait; /* count of waits on non-zero ref count */
67 #define MAXFD(x) (afd_maxfd = ((afd_maxfd >= (x))? afd_maxfd : (x)))
68 #define COUNT(x) atomic_add_32(&x, 1)
69
70 #else /* DEBUG */
71
72 #define MAXFD(x)
73 #define COUNT(x)
74
75 #endif /* DEBUG */
76
77 kmem_cache_t *file_cache;
78
79 static void port_close_fd(portfd_t *);
80
81 /*
82 * File descriptor allocation.
83 *
84 * fd_find(fip, minfd) finds the first available descriptor >= minfd.
85 * The most common case is open(2), in which minfd = 0, but we must also
86 * support fcntl(fd, F_DUPFD, minfd).
87 *
88 * The algorithm is as follows: we keep all file descriptors in an infix
89 * binary tree in which each node records the number of descriptors
90 * allocated in its right subtree, including itself. Starting at minfd,
91 * we ascend the tree until we find a non-fully allocated right subtree.
92 * We then descend that subtree in a binary search for the smallest fd.
93 * Finally, we ascend the tree again to increment the allocation count
94 * of every subtree containing the newly-allocated fd. Freeing an fd
95 * requires only the last step: we ascend the tree to decrement allocation
96 * counts. Each of these three steps (ascent to find non-full subtree,
97 * descent to find lowest fd, ascent to update allocation counts) is
98 * O(log n), thus the algorithm as a whole is O(log n).
99 *
100 * We don't implement the fd tree using the customary left/right/parent
101 * pointers, but instead take advantage of the glorious mathematics of
102 * full infix binary trees. For reference, here's an illustration of the
103 * logical structure of such a tree, rooted at 4 (binary 100), covering
104 * the range 1-7 (binary 001-111). Our canonical trees do not include
105 * fd 0; we'll deal with that later.
106 *
107 * 100
108 * / \
109 * / \
110 * 010 110
111 * / \ / \
112 * 001 011 101 111
113 *
114 * We make the following observations, all of which are easily proven by
115 * induction on the depth of the tree:
116 *
117 * (T1) The least-significant bit (LSB) of any node is equal to its level
118 * in the tree. In our example, nodes 001, 011, 101 and 111 are at
119 * level 0; nodes 010 and 110 are at level 1; and node 100 is at level 2.
120 *
121 * (T2) The child size (CSIZE) of node N -- that is, the total number of
122 * right-branch descendants in a child of node N, including itself -- is
123 * given by clearing all but the least significant bit of N. This
124 * follows immediately from (T1). Applying this rule to our example, we
125 * see that CSIZE(100) = 100, CSIZE(x10) = 10, and CSIZE(xx1) = 1.
126 *
127 * (T3) The nearest left ancestor (LPARENT) of node N -- that is, the nearest
128 * ancestor containing node N in its right child -- is given by clearing
129 * the LSB of N. For example, LPARENT(111) = 110 and LPARENT(110) = 100.
130 * Clearing the LSB of nodes 001, 010 or 100 yields zero, reflecting
131 * the fact that these are leftmost nodes. Note that this algorithm
132 * automatically skips generations as necessary. For example, the parent
133 * of node 101 is 110, which is a *right* ancestor (not what we want);
134 * but its grandparent is 100, which is a left ancestor. Clearing the LSB
135 * of 101 gets us to 100 directly, skipping right past the uninteresting
136 * generation (110).
137 *
138 * Note that since LPARENT clears the LSB, whereas CSIZE clears all *but*
139 * the LSB, we can express LPARENT() nicely in terms of CSIZE():
140 *
141 * LPARENT(N) = N - CSIZE(N)
142 *
143 * (T4) The nearest right ancestor (RPARENT) of node N is given by:
144 *
145 * RPARENT(N) = N + CSIZE(N)
146 *
147 * (T5) For every interior node, the children differ from their parent by
148 * CSIZE(parent) / 2. In our example, CSIZE(100) / 2 = 2 = 10 binary,
149 * and indeed, the children of 100 are 100 +/- 10 = 010 and 110.
150 *
151 * Next, we'll need a few two's-complement math tricks. Suppose a number,
152 * N, has the following form:
153 *
154 * N = xxxx10...0
155 *
156 * That is, the binary representation of N consists of some string of bits,
157 * then a 1, then all zeroes. This amounts to nothing more than saying that
158 * N has a least-significant bit, which is true for any N != 0. If we look
159 * at N and N - 1 together, we see that we can combine them in useful ways:
160 *
161 * N = xxxx10...0
162 * N - 1 = xxxx01...1
163 * ------------------------
164 * N & (N - 1) = xxxx000000
165 * N | (N - 1) = xxxx111111
166 * N ^ (N - 1) = 111111
167 *
168 * In particular, this suggests several easy ways to clear all but the LSB,
169 * which by (T2) is exactly what we need to determine CSIZE(N) = 10...0.
170 * We'll opt for this formulation:
171 *
172 * (C1) CSIZE(N) = (N - 1) ^ (N | (N - 1))
173 *
174 * Similarly, we have an easy way to determine LPARENT(N), which requires
175 * that we clear the LSB of N:
176 *
177 * (L1) LPARENT(N) = N & (N - 1)
178 *
179 * We note in the above relations that (N | (N - 1)) - N = CSIZE(N) - 1.
180 * When combined with (T4), this yields an easy way to compute RPARENT(N):
181 *
182 * (R1) RPARENT(N) = (N | (N - 1)) + 1
183 *
184 * Finally, to accommodate fd 0 we must adjust all of our results by +/-1 to
185 * move the fd range from [1, 2^n) to [0, 2^n - 1). This is straightforward,
186 * so there's no need to belabor the algebra; the revised relations become:
187 *
188 * (C1a) CSIZE(N) = N ^ (N | (N + 1))
189 *
190 * (L1a) LPARENT(N) = (N & (N + 1)) - 1
191 *
192 * (R1a) RPARENT(N) = N | (N + 1)
193 *
194 * This completes the mathematical framework. We now have all the tools
195 * we need to implement fd_find() and fd_reserve().
196 *
197 * fd_find(fip, minfd) finds the smallest available file descriptor >= minfd.
198 * It does not actually allocate the descriptor; that's done by fd_reserve().
199 * fd_find() proceeds in two steps:
200 *
201 * (1) Find the leftmost subtree that contains a descriptor >= minfd.
202 * We start at the right subtree rooted at minfd. If this subtree is
203 * not full -- if fip->fi_list[minfd].uf_alloc != CSIZE(minfd) -- then
204 * step 1 is done. Otherwise, we know that all fds in this subtree
205 * are taken, so we ascend to RPARENT(minfd) using (R1a). We repeat
206 * this process until we either find a candidate subtree or exceed
207 * fip->fi_nfiles. We use (C1a) to compute CSIZE().
208 *
209 * (2) Find the smallest fd in the subtree discovered by step 1.
210 * Starting at the root of this subtree, we descend to find the
211 * smallest available fd. Since the left children have the smaller
212 * fds, we will descend rightward only when the left child is full.
213 *
214 * We begin by comparing the number of allocated fds in the root
215 * to the number of allocated fds in its right child; if they differ
216 * by exactly CSIZE(child), we know the left subtree is full, so we
217 * descend right; that is, the right child becomes the search root.
218 * Otherwise we leave the root alone and start following the right
219 * child's left children. As fortune would have it, this is very
220 * simple computationally: by (T5), the right child of fd is just
221 * fd + size, where size = CSIZE(fd) / 2. Applying (T5) again,
222 * we find that the right child's left child is fd + size - (size / 2) =
223 * fd + (size / 2); *its* left child is fd + (size / 2) - (size / 4) =
224 * fd + (size / 4), and so on. In general, fd's right child's
225 * leftmost nth descendant is fd + (size >> n). Thus, to follow
226 * the right child's left descendants, we just halve the size in
227 * each iteration of the search.
228 *
229 * When we descend leftward, we must keep track of the number of fds
230 * that were allocated in all the right subtrees we rejected, so we
231 * know how many of the root fd's allocations are in the remaining
232 * (as yet unexplored) leftmost part of its right subtree. When we
233 * encounter a fully-allocated left child -- that is, when we find
234 * that fip->fi_list[fd].uf_alloc == ralloc + size -- we descend right
235 * (as described earlier), resetting ralloc to zero.
236 *
237 * fd_reserve(fip, fd, incr) either allocates or frees fd, depending
238 * on whether incr is 1 or -1. Starting at fd, fd_reserve() ascends
239 * the leftmost ancestors (see (T3)) and updates the allocation counts.
240 * At each step we use (L1a) to compute LPARENT(), the next left ancestor.
241 *
242 * flist_minsize() finds the minimal tree that still covers all
243 * used fds; as long as the allocation count of a root node is zero, we
244 * don't need that node or its right subtree.
245 *
246 * flist_nalloc() counts the number of allocated fds in the tree, by starting
247 * at the top of the tree and summing the right-subtree allocation counts as
248 * it descends leftwards.
249 *
250 * Note: we assume that flist_grow() will keep fip->fi_nfiles of the form
251 * 2^n - 1. This ensures that the fd trees are always full, which saves
252 * quite a bit of boundary checking.
253 */
254 static int
255 fd_find(uf_info_t *fip, int minfd)
256 {
257 int size, ralloc, fd;
258
259 ASSERT(MUTEX_HELD(&fip->fi_lock));
260 ASSERT((fip->fi_nfiles & (fip->fi_nfiles + 1)) == 0);
261
262 for (fd = minfd; (uint_t)fd < fip->fi_nfiles; fd |= fd + 1) {
263 size = fd ^ (fd | (fd + 1));
264 if (fip->fi_list[fd].uf_alloc == size)
265 continue;
266 for (ralloc = 0, size >>= 1; size != 0; size >>= 1) {
267 ralloc += fip->fi_list[fd + size].uf_alloc;
268 if (fip->fi_list[fd].uf_alloc == ralloc + size) {
269 fd += size;
270 ralloc = 0;
271 }
272 }
273 return (fd);
274 }
275 return (-1);
276 }
277
278 static void
279 fd_reserve(uf_info_t *fip, int fd, int incr)
280 {
281 int pfd;
282 uf_entry_t *ufp = &fip->fi_list[fd];
283
284 ASSERT((uint_t)fd < fip->fi_nfiles);
285 ASSERT((ufp->uf_busy == 0 && incr == 1) ||
286 (ufp->uf_busy == 1 && incr == -1));
287 ASSERT(MUTEX_HELD(&ufp->uf_lock));
288 ASSERT(MUTEX_HELD(&fip->fi_lock));
289
290 for (pfd = fd; pfd >= 0; pfd = (pfd & (pfd + 1)) - 1)
291 fip->fi_list[pfd].uf_alloc += incr;
292
293 ufp->uf_busy += incr;
294 }
295
296 static int
297 flist_minsize(uf_info_t *fip)
298 {
299 int fd;
300
301 /*
302 * We'd like to ASSERT(MUTEX_HELD(&fip->fi_lock)), but we're called
303 * by flist_fork(), which relies on other mechanisms for mutual
304 * exclusion.
305 */
306 ASSERT((fip->fi_nfiles & (fip->fi_nfiles + 1)) == 0);
307
308 for (fd = fip->fi_nfiles; fd != 0; fd >>= 1)
309 if (fip->fi_list[fd >> 1].uf_alloc != 0)
310 break;
311
312 return (fd);
313 }
314
315 static int
316 flist_nalloc(uf_info_t *fip)
317 {
318 int fd;
319 int nalloc = 0;
320
321 ASSERT(MUTEX_HELD(&fip->fi_lock));
322 ASSERT((fip->fi_nfiles & (fip->fi_nfiles + 1)) == 0);
323
324 for (fd = fip->fi_nfiles; fd != 0; fd >>= 1)
325 nalloc += fip->fi_list[fd >> 1].uf_alloc;
326
327 return (nalloc);
328 }
329
330 /*
331 * Increase size of the fi_list array to accommodate at least maxfd.
332 * We keep the size of the form 2^n - 1 for benefit of fd_find().
333 */
334 static void
335 flist_grow(int maxfd)
336 {
337 uf_info_t *fip = P_FINFO(curproc);
338 int newcnt, oldcnt;
339 uf_entry_t *src, *dst, *newlist, *oldlist, *newend, *oldend;
340 uf_rlist_t *urp;
341
342 for (newcnt = 1; newcnt <= maxfd; newcnt = (newcnt << 1) | 1)
343 continue;
344
345 newlist = kmem_zalloc(newcnt * sizeof (uf_entry_t), KM_SLEEP);
346
347 mutex_enter(&fip->fi_lock);
348 oldcnt = fip->fi_nfiles;
349 if (newcnt <= oldcnt) {
350 mutex_exit(&fip->fi_lock);
351 kmem_free(newlist, newcnt * sizeof (uf_entry_t));
352 return;
353 }
354 ASSERT((newcnt & (newcnt + 1)) == 0);
355 oldlist = fip->fi_list;
356 oldend = oldlist + oldcnt;
357 newend = newlist + oldcnt; /* no need to lock beyond old end */
358
359 /*
360 * fi_list and fi_nfiles cannot change while any uf_lock is held,
361 * so we must grab all the old locks *and* the new locks up to oldcnt.
362 * (Locks beyond the end of oldcnt aren't visible until we store
363 * the new fi_nfiles, which is the last thing we do before dropping
364 * all the locks, so there's no need to acquire these locks).
365 * Holding the new locks is necessary because when fi_list changes
366 * to point to the new list, fi_nfiles won't have been stored yet.
367 * If we *didn't* hold the new locks, someone doing a UF_ENTER()
368 * could see the new fi_list, grab the new uf_lock, and then see
369 * fi_nfiles change while the lock is held -- in violation of
370 * UF_ENTER() semantics.
371 */
372 for (src = oldlist; src < oldend; src++)
373 mutex_enter(&src->uf_lock);
374
375 for (dst = newlist; dst < newend; dst++)
376 mutex_enter(&dst->uf_lock);
377
378 for (src = oldlist, dst = newlist; src < oldend; src++, dst++) {
379 dst->uf_file = src->uf_file;
380 dst->uf_fpollinfo = src->uf_fpollinfo;
381 dst->uf_refcnt = src->uf_refcnt;
382 dst->uf_alloc = src->uf_alloc;
383 dst->uf_flag = src->uf_flag;
384 dst->uf_busy = src->uf_busy;
385 dst->uf_portfd = src->uf_portfd;
386 }
387
388 /*
389 * As soon as we store the new flist, future locking operations
390 * will use it. Therefore, we must ensure that all the state
391 * we've just established reaches global visibility before the
392 * new flist does.
393 */
394 membar_producer();
395 fip->fi_list = newlist;
396
397 /*
398 * Routines like getf() make an optimistic check on the validity
399 * of the supplied file descriptor: if it's less than the current
400 * value of fi_nfiles -- examined without any locks -- then it's
401 * safe to attempt a UF_ENTER() on that fd (which is a valid
402 * assumption because fi_nfiles only increases). Therefore, it
403 * is critical that the new value of fi_nfiles not reach global
404 * visibility until after the new fi_list: if it happened the
405 * other way around, getf() could see the new fi_nfiles and attempt
406 * a UF_ENTER() on the old fi_list, which would write beyond its
407 * end if the fd exceeded the old fi_nfiles.
408 */
409 membar_producer();
410 fip->fi_nfiles = newcnt;
411
412 /*
413 * The new state is consistent now, so we can drop all the locks.
414 */
415 for (dst = newlist; dst < newend; dst++)
416 mutex_exit(&dst->uf_lock);
417
418 for (src = oldlist; src < oldend; src++) {
419 /*
420 * If any threads are blocked on the old cvs, wake them.
421 * This will force them to wake up, discover that fi_list
422 * has changed, and go back to sleep on the new cvs.
423 */
424 cv_broadcast(&src->uf_wanted_cv);
425 cv_broadcast(&src->uf_closing_cv);
426 mutex_exit(&src->uf_lock);
427 }
428
429 mutex_exit(&fip->fi_lock);
430
431 /*
432 * Retire the old flist. We can't actually kmem_free() it now
433 * because someone may still have a pointer to it. Instead,
434 * we link it onto a list of retired flists. The new flist
435 * is at least double the size of the previous flist, so the
436 * total size of all retired flists will be less than the size
437 * of the current one (to prove, consider the sum of a geometric
438 * series in powers of 2). exit() frees the retired flists.
439 */
440 urp = kmem_zalloc(sizeof (uf_rlist_t), KM_SLEEP);
441 urp->ur_list = oldlist;
442 urp->ur_nfiles = oldcnt;
443
444 mutex_enter(&fip->fi_lock);
445 urp->ur_next = fip->fi_rlist;
446 fip->fi_rlist = urp;
447 mutex_exit(&fip->fi_lock);
448 }
449
450 /*
451 * Utility functions for keeping track of the active file descriptors.
452 */
453 void
454 clear_stale_fd() /* called from post_syscall() */
455 {
456 afd_t *afd = &curthread->t_activefd;
457 int i;
458
459 /* uninitialized is ok here, a_nfd is then zero */
460 for (i = 0; i < afd->a_nfd; i++) {
461 /* assert that this should not be necessary */
462 ASSERT(afd->a_fd[i] == -1);
463 afd->a_fd[i] = -1;
464 }
465 afd->a_stale = 0;
466 }
467
468 void
469 free_afd(afd_t *afd) /* called below and from thread_free() */
470 {
471 int i;
472
473 /* free the buffer if it was kmem_alloc()ed */
474 if (afd->a_nfd > sizeof (afd->a_buf) / sizeof (afd->a_buf[0])) {
475 COUNT(afd_free);
476 kmem_free(afd->a_fd, afd->a_nfd * sizeof (afd->a_fd[0]));
477 }
478
479 /* (re)initialize the structure */
480 afd->a_fd = &afd->a_buf[0];
481 afd->a_nfd = sizeof (afd->a_buf) / sizeof (afd->a_buf[0]);
482 afd->a_stale = 0;
483 for (i = 0; i < afd->a_nfd; i++)
484 afd->a_fd[i] = -1;
485 }
486
487 static void
488 set_active_fd(int fd)
489 {
490 afd_t *afd = &curthread->t_activefd;
491 int i;
492 int *old_fd;
493 int old_nfd;
494 int *new_fd;
495 int new_nfd;
496
497 if (afd->a_nfd == 0) { /* first time initialization */
498 ASSERT(fd == -1);
499 mutex_enter(&afd->a_fdlock);
500 free_afd(afd);
501 mutex_exit(&afd->a_fdlock);
502 }
503
504 /* insert fd into vacant slot, if any */
505 for (i = 0; i < afd->a_nfd; i++) {
506 if (afd->a_fd[i] == -1) {
507 afd->a_fd[i] = fd;
508 return;
509 }
510 }
511
512 /*
513 * Reallocate the a_fd[] array to add one more slot.
514 */
515 ASSERT(fd == -1);
516 old_nfd = afd->a_nfd;
517 old_fd = afd->a_fd;
518 new_nfd = old_nfd + 1;
519 new_fd = kmem_alloc(new_nfd * sizeof (afd->a_fd[0]), KM_SLEEP);
520 MAXFD(new_nfd);
521 COUNT(afd_alloc);
522
523 mutex_enter(&afd->a_fdlock);
524 afd->a_fd = new_fd;
525 afd->a_nfd = new_nfd;
526 for (i = 0; i < old_nfd; i++)
527 afd->a_fd[i] = old_fd[i];
528 afd->a_fd[i] = fd;
529 mutex_exit(&afd->a_fdlock);
530
531 if (old_nfd > sizeof (afd->a_buf) / sizeof (afd->a_buf[0])) {
532 COUNT(afd_free);
533 kmem_free(old_fd, old_nfd * sizeof (afd->a_fd[0]));
534 }
535 }
536
537 void
538 clear_active_fd(int fd) /* called below and from aio.c */
539 {
540 afd_t *afd = &curthread->t_activefd;
541 int i;
542
543 for (i = 0; i < afd->a_nfd; i++) {
544 if (afd->a_fd[i] == fd) {
545 afd->a_fd[i] = -1;
546 break;
547 }
548 }
549 ASSERT(i < afd->a_nfd); /* not found is not ok */
550 }
551
552 /*
553 * Does this thread have this fd active?
554 */
555 static int
556 is_active_fd(kthread_t *t, int fd)
557 {
558 afd_t *afd = &t->t_activefd;
559 int i;
560
561 ASSERT(t != curthread);
562 mutex_enter(&afd->a_fdlock);
563 /* uninitialized is ok here, a_nfd is then zero */
564 for (i = 0; i < afd->a_nfd; i++) {
565 if (afd->a_fd[i] == fd) {
566 mutex_exit(&afd->a_fdlock);
567 return (1);
568 }
569 }
570 mutex_exit(&afd->a_fdlock);
571 return (0);
572 }
573
574 /*
575 * Convert a user supplied file descriptor into a pointer to a file
576 * structure. Only task is to check range of the descriptor (soft
577 * resource limit was enforced at open time and shouldn't be checked
578 * here).
579 */
580 file_t *
581 getf(int fd)
582 {
583 uf_info_t *fip = P_FINFO(curproc);
584 uf_entry_t *ufp;
585 file_t *fp;
586
587 if ((uint_t)fd >= fip->fi_nfiles)
588 return (NULL);
589
590 /*
591 * Reserve a slot in the active fd array now so we can call
592 * set_active_fd(fd) for real below, while still inside UF_ENTER().
593 */
594 set_active_fd(-1);
595
596 UF_ENTER(ufp, fip, fd);
597
598 if ((fp = ufp->uf_file) == NULL) {
599 UF_EXIT(ufp);
600
601 if (fd == fip->fi_badfd && fip->fi_action > 0)
602 tsignal(curthread, fip->fi_action);
603
604 return (NULL);
605 }
606 ufp->uf_refcnt++;
607
608 set_active_fd(fd); /* record the active file descriptor */
609
610 UF_EXIT(ufp);
611
612 return (fp);
613 }
614
615 /*
616 * Close whatever file currently occupies the file descriptor slot
617 * and install the new file, usually NULL, in the file descriptor slot.
618 * The close must complete before we release the file descriptor slot.
619 * If newfp != NULL we only return an error if we can't allocate the
620 * slot so the caller knows that it needs to free the filep;
621 * in the other cases we return the error number from closef().
622 */
623 int
624 closeandsetf(int fd, file_t *newfp)
625 {
626 proc_t *p = curproc;
627 uf_info_t *fip = P_FINFO(p);
628 uf_entry_t *ufp;
629 file_t *fp;
630 fpollinfo_t *fpip;
631 portfd_t *pfd;
632 int error;
633
634 if ((uint_t)fd >= fip->fi_nfiles) {
635 if (newfp == NULL)
636 return (EBADF);
637 flist_grow(fd);
638 }
639
640 if (newfp != NULL) {
641 /*
642 * If ufp is reserved but has no file pointer, it's in the
643 * transition between ufalloc() and setf(). We must wait
644 * for this transition to complete before assigning the
645 * new non-NULL file pointer.
646 */
647 mutex_enter(&fip->fi_lock);
648 if (fd == fip->fi_badfd) {
649 mutex_exit(&fip->fi_lock);
650 if (fip->fi_action > 0)
651 tsignal(curthread, fip->fi_action);
652 return (EBADF);
653 }
654 UF_ENTER(ufp, fip, fd);
655 while (ufp->uf_busy && ufp->uf_file == NULL) {
656 mutex_exit(&fip->fi_lock);
657 cv_wait_stop(&ufp->uf_wanted_cv, &ufp->uf_lock, 250);
658 UF_EXIT(ufp);
659 mutex_enter(&fip->fi_lock);
660 UF_ENTER(ufp, fip, fd);
661 }
662 if ((fp = ufp->uf_file) == NULL) {
663 ASSERT(ufp->uf_fpollinfo == NULL);
664 ASSERT(ufp->uf_flag == 0);
665 fd_reserve(fip, fd, 1);
666 ufp->uf_file = newfp;
667 UF_EXIT(ufp);
668 mutex_exit(&fip->fi_lock);
669 return (0);
670 }
671 mutex_exit(&fip->fi_lock);
672 } else {
673 UF_ENTER(ufp, fip, fd);
674 if ((fp = ufp->uf_file) == NULL) {
675 UF_EXIT(ufp);
676 return (EBADF);
677 }
678 }
679
680 ASSERT(ufp->uf_busy);
681 ufp->uf_file = NULL;
682 ufp->uf_flag = 0;
683
684 /*
685 * If the file descriptor reference count is non-zero, then
686 * some other lwp in the process is performing system call
687 * activity on the file. To avoid blocking here for a long
688 * time (the other lwp might be in a long term sleep in its
689 * system call), we scan all other lwps in the process to
690 * find the ones with this fd as one of their active fds,
691 * set their a_stale flag, and set them running if they
692 * are in an interruptible sleep so they will emerge from
693 * their system calls immediately. post_syscall() will
694 * test the a_stale flag and set errno to EBADF.
695 */
696 ASSERT(ufp->uf_refcnt == 0 || p->p_lwpcnt > 1);
697 if (ufp->uf_refcnt > 0) {
698 kthread_t *t;
699
700 /*
701 * We call sprlock_proc(p) to ensure that the thread
702 * list will not change while we are scanning it.
703 * To do this, we must drop ufp->uf_lock and then
704 * reacquire it (so we are not holding both p->p_lock
705 * and ufp->uf_lock at the same time). ufp->uf_lock
706 * must be held for is_active_fd() to be correct
707 * (set_active_fd() is called while holding ufp->uf_lock).
708 *
709 * This is a convoluted dance, but it is better than
710 * the old brute-force method of stopping every thread
711 * in the process by calling holdlwps(SHOLDFORK1).
712 */
713
714 UF_EXIT(ufp);
715 COUNT(afd_wait);
716
717 mutex_enter(&p->p_lock);
718 sprlock_proc(p);
719 mutex_exit(&p->p_lock);
720
721 UF_ENTER(ufp, fip, fd);
722 ASSERT(ufp->uf_file == NULL);
723
724 if (ufp->uf_refcnt > 0) {
725 for (t = curthread->t_forw;
726 t != curthread;
727 t = t->t_forw) {
728 if (is_active_fd(t, fd)) {
729 thread_lock(t);
730 t->t_activefd.a_stale = 1;
731 t->t_post_sys = 1;
732 if (ISWAKEABLE(t))
733 setrun_locked(t);
734 thread_unlock(t);
735 }
736 }
737 }
738
739 UF_EXIT(ufp);
740
741 mutex_enter(&p->p_lock);
742 sprunlock(p);
743
744 UF_ENTER(ufp, fip, fd);
745 ASSERT(ufp->uf_file == NULL);
746 }
747
748 /*
749 * Wait for other lwps to stop using this file descriptor.
750 */
751 while (ufp->uf_refcnt > 0) {
752 cv_wait_stop(&ufp->uf_closing_cv, &ufp->uf_lock, 250);
753 /*
754 * cv_wait_stop() drops ufp->uf_lock, so the file list
755 * can change. Drop the lock on our (possibly) stale
756 * ufp and let UF_ENTER() find and lock the current ufp.
757 */
758 UF_EXIT(ufp);
759 UF_ENTER(ufp, fip, fd);
760 }
761
762 #ifdef DEBUG
763 /*
764 * catch a watchfd on device's pollhead list but not on fpollinfo list
765 */
766 if (ufp->uf_fpollinfo != NULL)
767 checkwfdlist(fp->f_vnode, ufp->uf_fpollinfo);
768 #endif /* DEBUG */
769
770 /*
771 * We may need to cleanup some cached poll states in t_pollstate
772 * before the fd can be reused. It is important that we don't
773 * access a stale thread structure. We will do the cleanup in two
774 * phases to avoid deadlock and holding uf_lock for too long.
775 * In phase 1, hold the uf_lock and call pollblockexit() to set
776 * state in t_pollstate struct so that a thread does not exit on
777 * us. In phase 2, we drop the uf_lock and call pollcacheclean().
778 */
779 pfd = ufp->uf_portfd;
780 ufp->uf_portfd = NULL;
781 fpip = ufp->uf_fpollinfo;
782 ufp->uf_fpollinfo = NULL;
783 if (fpip != NULL)
784 pollblockexit(fpip);
785 UF_EXIT(ufp);
786 if (fpip != NULL)
787 pollcacheclean(fpip, fd);
788 if (pfd)
789 port_close_fd(pfd);
790
791 /*
792 * Keep the file descriptor entry reserved across the closef().
793 */
794 error = closef(fp);
795
796 setf(fd, newfp);
797
798 /* Only return closef() error when closing is all we do */
799 return (newfp == NULL ? error : 0);
800 }
801
802 /*
803 * Decrement uf_refcnt; wakeup anyone waiting to close the file.
804 */
805 void
806 releasef(int fd)
807 {
808 uf_info_t *fip = P_FINFO(curproc);
809 uf_entry_t *ufp;
810
811 UF_ENTER(ufp, fip, fd);
812 ASSERT(ufp->uf_refcnt > 0);
813 clear_active_fd(fd); /* clear the active file descriptor */
814 if (--ufp->uf_refcnt == 0)
815 cv_broadcast(&ufp->uf_closing_cv);
816 UF_EXIT(ufp);
817 }
818
819 /*
820 * Identical to releasef() but can be called from another process.
821 */
822 void
823 areleasef(int fd, uf_info_t *fip)
824 {
825 uf_entry_t *ufp;
826
827 UF_ENTER(ufp, fip, fd);
828 ASSERT(ufp->uf_refcnt > 0);
829 if (--ufp->uf_refcnt == 0)
830 cv_broadcast(&ufp->uf_closing_cv);
831 UF_EXIT(ufp);
832 }
833
834 /*
835 * Duplicate all file descriptors across a fork.
836 */
837 void
838 flist_fork(uf_info_t *pfip, uf_info_t *cfip)
839 {
840 int fd, nfiles;
841 uf_entry_t *pufp, *cufp;
842
843 mutex_init(&cfip->fi_lock, NULL, MUTEX_DEFAULT, NULL);
844 cfip->fi_rlist = NULL;
845
846 /*
847 * We don't need to hold fi_lock because all other lwp's in the
848 * parent have been held.
849 */
850 cfip->fi_nfiles = nfiles = flist_minsize(pfip);
851
852 cfip->fi_list = kmem_zalloc(nfiles * sizeof (uf_entry_t), KM_SLEEP);
853
854 for (fd = 0, pufp = pfip->fi_list, cufp = cfip->fi_list; fd < nfiles;
855 fd++, pufp++, cufp++) {
856 cufp->uf_file = pufp->uf_file;
857 cufp->uf_alloc = pufp->uf_alloc;
858 cufp->uf_flag = pufp->uf_flag;
859 cufp->uf_busy = pufp->uf_busy;
860 if (pufp->uf_file == NULL) {
861 ASSERT(pufp->uf_flag == 0);
862 if (pufp->uf_busy) {
863 /*
864 * Grab locks to appease ASSERTs in fd_reserve
865 */
866 mutex_enter(&cfip->fi_lock);
867 mutex_enter(&cufp->uf_lock);
868 fd_reserve(cfip, fd, -1);
869 mutex_exit(&cufp->uf_lock);
870 mutex_exit(&cfip->fi_lock);
871 }
872 }
873 }
874 }
875
876 /*
877 * Close all open file descriptors for the current process.
878 * This is only called from exit(), which is single-threaded,
879 * so we don't need any locking.
880 */
881 void
882 closeall(uf_info_t *fip)
883 {
884 int fd;
885 file_t *fp;
886 uf_entry_t *ufp;
887
888 ufp = fip->fi_list;
889 for (fd = 0; fd < fip->fi_nfiles; fd++, ufp++) {
890 if ((fp = ufp->uf_file) != NULL) {
891 ufp->uf_file = NULL;
892 if (ufp->uf_portfd != NULL) {
893 portfd_t *pfd;
894 /* remove event port association */
895 pfd = ufp->uf_portfd;
896 ufp->uf_portfd = NULL;
897 port_close_fd(pfd);
898 }
899 ASSERT(ufp->uf_fpollinfo == NULL);
900 (void) closef(fp);
901 }
902 }
903
904 kmem_free(fip->fi_list, fip->fi_nfiles * sizeof (uf_entry_t));
905 fip->fi_list = NULL;
906 fip->fi_nfiles = 0;
907 while (fip->fi_rlist != NULL) {
908 uf_rlist_t *urp = fip->fi_rlist;
909 fip->fi_rlist = urp->ur_next;
910 kmem_free(urp->ur_list, urp->ur_nfiles * sizeof (uf_entry_t));
911 kmem_free(urp, sizeof (uf_rlist_t));
912 }
913 }
914
915 /*
916 * Internal form of close. Decrement reference count on file
917 * structure. Decrement reference count on the vnode following
918 * removal of the referencing file structure.
919 */
920 int
921 closef(file_t *fp)
922 {
923 vnode_t *vp;
924 int error;
925 int count;
926 int flag;
927 offset_t offset;
928
929 /*
930 * audit close of file (may be exit)
931 */
932 if (AU_AUDITING())
933 audit_closef(fp);
934 ASSERT(MUTEX_NOT_HELD(&P_FINFO(curproc)->fi_lock));
935
936 mutex_enter(&fp->f_tlock);
937
938 ASSERT(fp->f_count > 0);
939
940 count = fp->f_count--;
941 flag = fp->f_flag;
942 offset = fp->f_offset;
943
944 vp = fp->f_vnode;
945
946 error = VOP_CLOSE(vp, flag, count, offset, fp->f_cred, NULL);
947
948 if (count > 1) {
949 mutex_exit(&fp->f_tlock);
950 return (error);
951 }
952 ASSERT(fp->f_count == 0);
953 mutex_exit(&fp->f_tlock);
954
955 VN_RELE(vp);
956 /*
957 * deallocate resources to audit_data
958 */
959 if (audit_active)
960 audit_unfalloc(fp);
961 crfree(fp->f_cred);
962 kmem_cache_free(file_cache, fp);
963 return (error);
964 }
965
966 /*
967 * This is a combination of ufalloc() and setf().
968 */
969 int
970 ufalloc_file(int start, file_t *fp)
971 {
972 proc_t *p = curproc;
973 uf_info_t *fip = P_FINFO(p);
974 int filelimit;
975 uf_entry_t *ufp;
976 int nfiles;
977 int fd;
978
979 /*
980 * Assertion is to convince the correctness of the following
981 * assignment for filelimit after casting to int.
982 */
983 ASSERT(p->p_fno_ctl <= INT_MAX);
984 filelimit = (int)p->p_fno_ctl;
985
986 for (;;) {
987 mutex_enter(&fip->fi_lock);
988 fd = fd_find(fip, start);
989 if (fd >= 0 && fd == fip->fi_badfd) {
990 start = fd + 1;
991 mutex_exit(&fip->fi_lock);
992 continue;
993 }
994 if ((uint_t)fd < filelimit)
995 break;
996 if (fd >= filelimit) {
997 mutex_exit(&fip->fi_lock);
998 mutex_enter(&p->p_lock);
999 (void) rctl_action(rctlproc_legacy[RLIMIT_NOFILE],
1000 p->p_rctls, p, RCA_SAFE);
1001 mutex_exit(&p->p_lock);
1002 return (-1);
1003 }
1004 /* fd_find() returned -1 */
1005 nfiles = fip->fi_nfiles;
1006 mutex_exit(&fip->fi_lock);
1007 flist_grow(MAX(start, nfiles));
1008 }
1009
1010 UF_ENTER(ufp, fip, fd);
1011 fd_reserve(fip, fd, 1);
1012 ASSERT(ufp->uf_file == NULL);
1013 ufp->uf_file = fp;
1014 UF_EXIT(ufp);
1015 mutex_exit(&fip->fi_lock);
1016 return (fd);
1017 }
1018
1019 /*
1020 * Allocate a user file descriptor greater than or equal to "start".
1021 */
1022 int
1023 ufalloc(int start)
1024 {
1025 return (ufalloc_file(start, NULL));
1026 }
1027
1028 /*
1029 * Check that a future allocation of count fds on proc p has a good
1030 * chance of succeeding. If not, do rctl processing as if we'd failed
1031 * the allocation.
1032 *
1033 * Our caller must guarantee that p cannot disappear underneath us.
1034 */
1035 int
1036 ufcanalloc(proc_t *p, uint_t count)
1037 {
1038 uf_info_t *fip = P_FINFO(p);
1039 int filelimit;
1040 int current;
1041
1042 if (count == 0)
1043 return (1);
1044
1045 ASSERT(p->p_fno_ctl <= INT_MAX);
1046 filelimit = (int)p->p_fno_ctl;
1047
1048 mutex_enter(&fip->fi_lock);
1049 current = flist_nalloc(fip); /* # of in-use descriptors */
1050 mutex_exit(&fip->fi_lock);
1051
1052 /*
1053 * If count is a positive integer, the worst that can happen is
1054 * an overflow to a negative value, which is caught by the >= 0 check.
1055 */
1056 current += count;
1057 if (count <= INT_MAX && current >= 0 && current <= filelimit)
1058 return (1);
1059
1060 mutex_enter(&p->p_lock);
1061 (void) rctl_action(rctlproc_legacy[RLIMIT_NOFILE],
1062 p->p_rctls, p, RCA_SAFE);
1063 mutex_exit(&p->p_lock);
1064 return (0);
1065 }
1066
1067 /*
1068 * Allocate a user file descriptor and a file structure.
1069 * Initialize the descriptor to point at the file structure.
1070 * If fdp is NULL, the user file descriptor will not be allocated.
1071 */
1072 int
1073 falloc(vnode_t *vp, int flag, file_t **fpp, int *fdp)
1074 {
1075 file_t *fp;
1076 int fd;
1077
1078 if (fdp) {
1079 if ((fd = ufalloc(0)) == -1)
1080 return (EMFILE);
1081 }
1082 fp = kmem_cache_alloc(file_cache, KM_SLEEP);
1083 /*
1084 * Note: falloc returns the fp locked
1085 */
1086 mutex_enter(&fp->f_tlock);
1087 fp->f_count = 1;
1088 fp->f_flag = (ushort_t)flag;
1089 fp->f_flag2 = (flag & (FSEARCH|FEXEC)) >> 16;
1090 fp->f_vnode = vp;
1091 fp->f_offset = 0;
1092 fp->f_audit_data = 0;
1093 crhold(fp->f_cred = CRED());
1094 /*
1095 * allocate resources to audit_data
1096 */
1097 if (audit_active)
1098 audit_falloc(fp);
1099 *fpp = fp;
1100 if (fdp)
1101 *fdp = fd;
1102 return (0);
1103 }
1104
1105 /*ARGSUSED*/
1106 static int
1107 file_cache_constructor(void *buf, void *cdrarg, int kmflags)
1108 {
1109 file_t *fp = buf;
1110
1111 mutex_init(&fp->f_tlock, NULL, MUTEX_DEFAULT, NULL);
1112 return (0);
1113 }
1114
1115 /*ARGSUSED*/
1116 static void
1117 file_cache_destructor(void *buf, void *cdrarg)
1118 {
1119 file_t *fp = buf;
1120
1121 mutex_destroy(&fp->f_tlock);
1122 }
1123
1124 void
1125 finit()
1126 {
1127 file_cache = kmem_cache_create("file_cache", sizeof (file_t), 0,
1128 file_cache_constructor, file_cache_destructor, NULL, NULL, NULL, 0);
1129 }
1130
1131 void
1132 unfalloc(file_t *fp)
1133 {
1134 ASSERT(MUTEX_HELD(&fp->f_tlock));
1135 if (--fp->f_count <= 0) {
1136 /*
1137 * deallocate resources to audit_data
1138 */
1139 if (audit_active)
1140 audit_unfalloc(fp);
1141 crfree(fp->f_cred);
1142 mutex_exit(&fp->f_tlock);
1143 kmem_cache_free(file_cache, fp);
1144 } else
1145 mutex_exit(&fp->f_tlock);
1146 }
1147
1148 /*
1149 * Given a file descriptor, set the user's
1150 * file pointer to the given parameter.
1151 */
1152 void
1153 setf(int fd, file_t *fp)
1154 {
1155 uf_info_t *fip = P_FINFO(curproc);
1156 uf_entry_t *ufp;
1157
1158 if (AU_AUDITING())
1159 audit_setf(fp, fd);
1160
1161 if (fp == NULL) {
1162 mutex_enter(&fip->fi_lock);
1163 UF_ENTER(ufp, fip, fd);
1164 fd_reserve(fip, fd, -1);
1165 mutex_exit(&fip->fi_lock);
1166 } else {
1167 UF_ENTER(ufp, fip, fd);
1168 ASSERT(ufp->uf_busy);
1169 }
1170 ASSERT(ufp->uf_fpollinfo == NULL);
1171 ASSERT(ufp->uf_flag == 0);
1172 ufp->uf_file = fp;
1173 cv_broadcast(&ufp->uf_wanted_cv);
1174 UF_EXIT(ufp);
1175 }
1176
1177 /*
1178 * Given a file descriptor, return the file table flags, plus,
1179 * if this is a socket in asynchronous mode, the FASYNC flag.
1180 * getf() may or may not have been called before calling f_getfl().
1181 */
1182 int
1183 f_getfl(int fd, int *flagp)
1184 {
1185 uf_info_t *fip = P_FINFO(curproc);
1186 uf_entry_t *ufp;
1187 file_t *fp;
1188 int error;
1189
1190 if ((uint_t)fd >= fip->fi_nfiles)
1191 error = EBADF;
1192 else {
1193 UF_ENTER(ufp, fip, fd);
1194 if ((fp = ufp->uf_file) == NULL)
1195 error = EBADF;
1196 else {
1197 vnode_t *vp = fp->f_vnode;
1198 int flag = fp->f_flag | (fp->f_flag2 << 16);
1199
1200 /*
1201 * BSD fcntl() FASYNC compatibility.
1202 */
1203 if (vp->v_type == VSOCK)
1204 flag |= sock_getfasync(vp);
1205 *flagp = flag;
1206 error = 0;
1207 }
1208 UF_EXIT(ufp);
1209 }
1210
1211 return (error);
1212 }
1213
1214 /*
1215 * Given a file descriptor, return the user's file flags.
1216 * Force the FD_CLOEXEC flag for writable self-open /proc files.
1217 * getf() may or may not have been called before calling f_getfd_error().
1218 */
1219 int
1220 f_getfd_error(int fd, int *flagp)
1221 {
1222 uf_info_t *fip = P_FINFO(curproc);
1223 uf_entry_t *ufp;
1224 file_t *fp;
1225 int flag;
1226 int error;
1227
1228 if ((uint_t)fd >= fip->fi_nfiles)
1229 error = EBADF;
1230 else {
1231 UF_ENTER(ufp, fip, fd);
1232 if ((fp = ufp->uf_file) == NULL)
1233 error = EBADF;
1234 else {
1235 flag = ufp->uf_flag;
1236 if ((fp->f_flag & FWRITE) && pr_isself(fp->f_vnode))
1237 flag |= FD_CLOEXEC;
1238 *flagp = flag;
1239 error = 0;
1240 }
1241 UF_EXIT(ufp);
1242 }
1243
1244 return (error);
1245 }
1246
1247 /*
1248 * getf() must have been called before calling f_getfd().
1249 */
1250 char
1251 f_getfd(int fd)
1252 {
1253 int flag = 0;
1254 (void) f_getfd_error(fd, &flag);
1255 return ((char)flag);
1256 }
1257
1258 /*
1259 * Given a file descriptor and file flags, set the user's file flags.
1260 * At present, the only valid flag is FD_CLOEXEC.
1261 * getf() may or may not have been called before calling f_setfd_error().
1262 */
1263 int
1264 f_setfd_error(int fd, int flags)
1265 {
1266 uf_info_t *fip = P_FINFO(curproc);
1267 uf_entry_t *ufp;
1268 int error;
1269
1270 if ((uint_t)fd >= fip->fi_nfiles)
1271 error = EBADF;
1272 else {
1273 UF_ENTER(ufp, fip, fd);
1274 if (ufp->uf_file == NULL)
1275 error = EBADF;
1276 else {
1277 ufp->uf_flag = flags & FD_CLOEXEC;
1278 error = 0;
1279 }
1280 UF_EXIT(ufp);
1281 }
1282 return (error);
1283 }
1284
1285 void
1286 f_setfd(int fd, char flags)
1287 {
1288 (void) f_setfd_error(fd, flags);
1289 }
1290
1291 #define BADFD_MIN 3
1292 #define BADFD_MAX 255
1293
1294 /*
1295 * Attempt to allocate a file descriptor which is bad and which
1296 * is "poison" to the application. It cannot be closed (except
1297 * on exec), allocated for a different use, etc.
1298 */
1299 int
1300 f_badfd(int start, int *fdp, int action)
1301 {
1302 int fdr;
1303 int badfd;
1304 uf_info_t *fip = P_FINFO(curproc);
1305
1306 #ifdef _LP64
1307 /* No restrictions on 64 bit _file */
1308 if (get_udatamodel() != DATAMODEL_ILP32)
1309 return (EINVAL);
1310 #endif
1311
1312 if (start > BADFD_MAX || start < BADFD_MIN)
1313 return (EINVAL);
1314
1315 if (action >= NSIG || action < 0)
1316 return (EINVAL);
1317
1318 mutex_enter(&fip->fi_lock);
1319 badfd = fip->fi_badfd;
1320 mutex_exit(&fip->fi_lock);
1321
1322 if (badfd != -1)
1323 return (EAGAIN);
1324
1325 fdr = ufalloc(start);
1326
1327 if (fdr > BADFD_MAX) {
1328 setf(fdr, NULL);
1329 return (EMFILE);
1330 }
1331 if (fdr < 0)
1332 return (EMFILE);
1333
1334 mutex_enter(&fip->fi_lock);
1335 if (fip->fi_badfd != -1) {
1336 /* Lost race */
1337 mutex_exit(&fip->fi_lock);
1338 setf(fdr, NULL);
1339 return (EAGAIN);
1340 }
1341 fip->fi_action = action;
1342 fip->fi_badfd = fdr;
1343 mutex_exit(&fip->fi_lock);
1344 setf(fdr, NULL);
1345
1346 *fdp = fdr;
1347
1348 return (0);
1349 }
1350
1351 /*
1352 * Allocate a file descriptor and assign it to the vnode "*vpp",
1353 * performing the usual open protocol upon it and returning the
1354 * file descriptor allocated. It is the responsibility of the
1355 * caller to dispose of "*vpp" if any error occurs.
1356 */
1357 int
1358 fassign(vnode_t **vpp, int mode, int *fdp)
1359 {
1360 file_t *fp;
1361 int error;
1362 int fd;
1363
1364 if (error = falloc((vnode_t *)NULL, mode, &fp, &fd))
1365 return (error);
1366 if (error = VOP_OPEN(vpp, mode, fp->f_cred, NULL)) {
1367 setf(fd, NULL);
1368 unfalloc(fp);
1369 return (error);
1370 }
1371 fp->f_vnode = *vpp;
1372 mutex_exit(&fp->f_tlock);
1373 /*
1374 * Fill in the slot falloc reserved.
1375 */
1376 setf(fd, fp);
1377 *fdp = fd;
1378 return (0);
1379 }
1380
1381 /*
1382 * When a process forks it must increment the f_count of all file pointers
1383 * since there is a new process pointing at them. fcnt_add(fip, 1) does this.
1384 * Since we are called when there is only 1 active lwp we don't need to
1385 * hold fi_lock or any uf_lock. If the fork fails, fork_fail() calls
1386 * fcnt_add(fip, -1) to restore the counts.
1387 */
1388 void
1389 fcnt_add(uf_info_t *fip, int incr)
1390 {
1391 int i;
1392 uf_entry_t *ufp;
1393 file_t *fp;
1394
1395 ufp = fip->fi_list;
1396 for (i = 0; i < fip->fi_nfiles; i++, ufp++) {
1397 if ((fp = ufp->uf_file) != NULL) {
1398 mutex_enter(&fp->f_tlock);
1399 ASSERT((incr == 1 && fp->f_count >= 1) ||
1400 (incr == -1 && fp->f_count >= 2));
1401 fp->f_count += incr;
1402 mutex_exit(&fp->f_tlock);
1403 }
1404 }
1405 }
1406
1407 /*
1408 * This is called from exec to close all fd's that have the FD_CLOEXEC flag
1409 * set and also to close all self-open for write /proc file descriptors.
1410 */
1411 void
1412 close_exec(uf_info_t *fip)
1413 {
1414 int fd;
1415 file_t *fp;
1416 fpollinfo_t *fpip;
1417 uf_entry_t *ufp;
1418 portfd_t *pfd;
1419
1420 ufp = fip->fi_list;
1421 for (fd = 0; fd < fip->fi_nfiles; fd++, ufp++) {
1422 if ((fp = ufp->uf_file) != NULL &&
1423 ((ufp->uf_flag & FD_CLOEXEC) ||
1424 ((fp->f_flag & FWRITE) && pr_isself(fp->f_vnode)))) {
1425 fpip = ufp->uf_fpollinfo;
1426 mutex_enter(&fip->fi_lock);
1427 mutex_enter(&ufp->uf_lock);
1428 fd_reserve(fip, fd, -1);
1429 mutex_exit(&fip->fi_lock);
1430 ufp->uf_file = NULL;
1431 ufp->uf_fpollinfo = NULL;
1432 ufp->uf_flag = 0;
1433 /*
1434 * We may need to cleanup some cached poll states
1435 * in t_pollstate before the fd can be reused. It
1436 * is important that we don't access a stale thread
1437 * structure. We will do the cleanup in two
1438 * phases to avoid deadlock and holding uf_lock for
1439 * too long. In phase 1, hold the uf_lock and call
1440 * pollblockexit() to set state in t_pollstate struct
1441 * so that a thread does not exit on us. In phase 2,
1442 * we drop the uf_lock and call pollcacheclean().
1443 */
1444 pfd = ufp->uf_portfd;
1445 ufp->uf_portfd = NULL;
1446 if (fpip != NULL)
1447 pollblockexit(fpip);
1448 mutex_exit(&ufp->uf_lock);
1449 if (fpip != NULL)
1450 pollcacheclean(fpip, fd);
1451 if (pfd)
1452 port_close_fd(pfd);
1453 (void) closef(fp);
1454 }
1455 }
1456
1457 /* Reset bad fd */
1458 fip->fi_badfd = -1;
1459 fip->fi_action = -1;
1460 }
1461
1462 /*
1463 * Utility function called by most of the *at() system call interfaces.
1464 *
1465 * Generate a starting vnode pointer for an (fd, path) pair where 'fd'
1466 * is an open file descriptor for a directory to be used as the starting
1467 * point for the lookup of the relative pathname 'path' (or, if path is
1468 * NULL, generate a vnode pointer for the direct target of the operation).
1469 *
1470 * If we successfully return a non-NULL startvp, it has been the target
1471 * of VN_HOLD() and the caller must call VN_RELE() on it.
1472 */
1473 int
1474 fgetstartvp(int fd, char *path, vnode_t **startvpp)
1475 {
1476 vnode_t *startvp;
1477 file_t *startfp;
1478 char startchar;
1479
1480 if (fd == AT_FDCWD && path == NULL)
1481 return (EFAULT);
1482
1483 if (fd == AT_FDCWD) {
1484 /*
1485 * Start from the current working directory.
1486 */
1487 startvp = NULL;
1488 } else {
1489 if (path == NULL)
1490 startchar = '\0';
1491 else if (copyin(path, &startchar, sizeof (char)))
1492 return (EFAULT);
1493
1494 if (startchar == '/') {
1495 /*
1496 * 'path' is an absolute pathname.
1497 */
1498 startvp = NULL;
1499 } else {
1500 /*
1501 * 'path' is a relative pathname or we will
1502 * be applying the operation to 'fd' itself.
1503 */
1504 if ((startfp = getf(fd)) == NULL)
1505 return (EBADF);
1506 startvp = startfp->f_vnode;
1507 VN_HOLD(startvp);
1508 releasef(fd);
1509 }
1510 }
1511 *startvpp = startvp;
1512 return (0);
1513 }
1514
1515 /*
1516 * Called from fchownat() and fchmodat() to set ownership and mode.
1517 * The contents of *vap must be set before calling here.
1518 */
1519 int
1520 fsetattrat(int fd, char *path, int flags, struct vattr *vap)
1521 {
1522 vnode_t *startvp;
1523 vnode_t *vp;
1524 int error;
1525
1526 /*
1527 * Since we are never called to set the size of a file, we don't
1528 * need to check for non-blocking locks (via nbl_need_check(vp)).
1529 */
1530 ASSERT(!(vap->va_mask & AT_SIZE));
1531
1532 if ((error = fgetstartvp(fd, path, &startvp)) != 0)
1533 return (error);
1534 if (AU_AUDITING() && startvp != NULL)
1535 audit_setfsat_path(1);
1536
1537 /*
1538 * Do lookup for fchownat/fchmodat when path not NULL
1539 */
1540 if (path != NULL) {
1541 if (error = lookupnameat(path, UIO_USERSPACE,
1542 (flags == AT_SYMLINK_NOFOLLOW) ?
1543 NO_FOLLOW : FOLLOW,
1544 NULLVPP, &vp, startvp)) {
1545 if (startvp != NULL)
1546 VN_RELE(startvp);
1547 return (error);
1548 }
1549 } else {
1550 vp = startvp;
1551 ASSERT(vp);
1552 VN_HOLD(vp);
1553 }
1554
1555 if (vn_is_readonly(vp)) {
1556 error = EROFS;
1557 } else {
1558 error = VOP_SETATTR(vp, vap, 0, CRED(), NULL);
1559 }
1560
1561 if (startvp != NULL)
1562 VN_RELE(startvp);
1563 VN_RELE(vp);
1564
1565 return (error);
1566 }
1567
1568 /*
1569 * Return true if the given vnode is referenced by any
1570 * entry in the current process's file descriptor table.
1571 */
1572 int
1573 fisopen(vnode_t *vp)
1574 {
1575 int fd;
1576 file_t *fp;
1577 vnode_t *ovp;
1578 uf_info_t *fip = P_FINFO(curproc);
1579 uf_entry_t *ufp;
1580
1581 mutex_enter(&fip->fi_lock);
1582 for (fd = 0; fd < fip->fi_nfiles; fd++) {
1583 UF_ENTER(ufp, fip, fd);
1584 if ((fp = ufp->uf_file) != NULL &&
1585 (ovp = fp->f_vnode) != NULL && VN_CMP(vp, ovp)) {
1586 UF_EXIT(ufp);
1587 mutex_exit(&fip->fi_lock);
1588 return (1);
1589 }
1590 UF_EXIT(ufp);
1591 }
1592 mutex_exit(&fip->fi_lock);
1593 return (0);
1594 }
1595
1596 /*
1597 * Return zero if at least one file currently open (by curproc) shouldn't be
1598 * allowed to change zones.
1599 */
1600 int
1601 files_can_change_zones(void)
1602 {
1603 int fd;
1604 file_t *fp;
1605 uf_info_t *fip = P_FINFO(curproc);
1606 uf_entry_t *ufp;
1607
1608 mutex_enter(&fip->fi_lock);
1609 for (fd = 0; fd < fip->fi_nfiles; fd++) {
1610 UF_ENTER(ufp, fip, fd);
1611 if ((fp = ufp->uf_file) != NULL &&
1612 !vn_can_change_zones(fp->f_vnode)) {
1613 UF_EXIT(ufp);
1614 mutex_exit(&fip->fi_lock);
1615 return (0);
1616 }
1617 UF_EXIT(ufp);
1618 }
1619 mutex_exit(&fip->fi_lock);
1620 return (1);
1621 }
1622
1623 #ifdef DEBUG
1624
1625 /*
1626 * The following functions are only used in ASSERT()s elsewhere.
1627 * They do not modify the state of the system.
1628 */
1629
1630 /*
1631 * Return true (1) if the current thread is in the fpollinfo
1632 * list for this file descriptor, else false (0).
1633 */
1634 static int
1635 curthread_in_plist(uf_entry_t *ufp)
1636 {
1637 fpollinfo_t *fpip;
1638
1639 ASSERT(MUTEX_HELD(&ufp->uf_lock));
1640 for (fpip = ufp->uf_fpollinfo; fpip; fpip = fpip->fp_next)
1641 if (fpip->fp_thread == curthread)
1642 return (1);
1643 return (0);
1644 }
1645
1646 /*
1647 * Sanity check to make sure that after lwp_exit(),
1648 * curthread does not appear on any fd's fpollinfo list.
1649 */
1650 void
1651 checkfpollinfo(void)
1652 {
1653 int fd;
1654 uf_info_t *fip = P_FINFO(curproc);
1655 uf_entry_t *ufp;
1656
1657 mutex_enter(&fip->fi_lock);
1658 for (fd = 0; fd < fip->fi_nfiles; fd++) {
1659 UF_ENTER(ufp, fip, fd);
1660 ASSERT(!curthread_in_plist(ufp));
1661 UF_EXIT(ufp);
1662 }
1663 mutex_exit(&fip->fi_lock);
1664 }
1665
1666 /*
1667 * Return true (1) if the current thread is in the fpollinfo
1668 * list for this file descriptor, else false (0).
1669 * This is the same as curthread_in_plist(),
1670 * but is called w/o holding uf_lock.
1671 */
1672 int
1673 infpollinfo(int fd)
1674 {
1675 uf_info_t *fip = P_FINFO(curproc);
1676 uf_entry_t *ufp;
1677 int rc;
1678
1679 UF_ENTER(ufp, fip, fd);
1680 rc = curthread_in_plist(ufp);
1681 UF_EXIT(ufp);
1682 return (rc);
1683 }
1684
1685 #endif /* DEBUG */
1686
1687 /*
1688 * Add the curthread to fpollinfo list, meaning this fd is currently in the
1689 * thread's poll cache. Each lwp polling this file descriptor should call
1690 * this routine once.
1691 */
1692 void
1693 addfpollinfo(int fd)
1694 {
1695 struct uf_entry *ufp;
1696 fpollinfo_t *fpip;
1697 uf_info_t *fip = P_FINFO(curproc);
1698
1699 fpip = kmem_zalloc(sizeof (fpollinfo_t), KM_SLEEP);
1700 fpip->fp_thread = curthread;
1701 UF_ENTER(ufp, fip, fd);
1702 /*
1703 * Assert we are not already on the list, that is, that
1704 * this lwp did not call addfpollinfo twice for the same fd.
1705 */
1706 ASSERT(!curthread_in_plist(ufp));
1707 /*
1708 * addfpollinfo is always done inside the getf/releasef pair.
1709 */
1710 ASSERT(ufp->uf_refcnt >= 1);
1711 fpip->fp_next = ufp->uf_fpollinfo;
1712 ufp->uf_fpollinfo = fpip;
1713 UF_EXIT(ufp);
1714 }
1715
1716 /*
1717 * Delete curthread from fpollinfo list if it is there.
1718 */
1719 void
1720 delfpollinfo(int fd)
1721 {
1722 struct uf_entry *ufp;
1723 struct fpollinfo *fpip;
1724 struct fpollinfo **fpipp;
1725 uf_info_t *fip = P_FINFO(curproc);
1726
1727 UF_ENTER(ufp, fip, fd);
1728 for (fpipp = &ufp->uf_fpollinfo;
1729 (fpip = *fpipp) != NULL;
1730 fpipp = &fpip->fp_next) {
1731 if (fpip->fp_thread == curthread) {
1732 *fpipp = fpip->fp_next;
1733 kmem_free(fpip, sizeof (fpollinfo_t));
1734 break;
1735 }
1736 }
1737 /*
1738 * Assert that we are not still on the list, that is, that
1739 * this lwp did not call addfpollinfo twice for the same fd.
1740 */
1741 ASSERT(!curthread_in_plist(ufp));
1742 UF_EXIT(ufp);
1743 }
1744
1745 /*
1746 * fd is associated with a port. pfd is a pointer to the fd entry in the
1747 * cache of the port.
1748 */
1749
1750 void
1751 addfd_port(int fd, portfd_t *pfd)
1752 {
1753 struct uf_entry *ufp;
1754 uf_info_t *fip = P_FINFO(curproc);
1755
1756 UF_ENTER(ufp, fip, fd);
1757 /*
1758 * addfd_port is always done inside the getf/releasef pair.
1759 */
1760 ASSERT(ufp->uf_refcnt >= 1);
1761 if (ufp->uf_portfd == NULL) {
1762 /* first entry */
1763 ufp->uf_portfd = pfd;
1764 pfd->pfd_next = NULL;
1765 } else {
1766 pfd->pfd_next = ufp->uf_portfd;
1767 ufp->uf_portfd = pfd;
1768 pfd->pfd_next->pfd_prev = pfd;
1769 }
1770 UF_EXIT(ufp);
1771 }
1772
1773 void
1774 delfd_port(int fd, portfd_t *pfd)
1775 {
1776 struct uf_entry *ufp;
1777 uf_info_t *fip = P_FINFO(curproc);
1778
1779 UF_ENTER(ufp, fip, fd);
1780 /*
1781 * delfd_port is always done inside the getf/releasef pair.
1782 */
1783 ASSERT(ufp->uf_refcnt >= 1);
1784 if (ufp->uf_portfd == pfd) {
1785 /* remove first entry */
1786 ufp->uf_portfd = pfd->pfd_next;
1787 } else {
1788 pfd->pfd_prev->pfd_next = pfd->pfd_next;
1789 if (pfd->pfd_next != NULL)
1790 pfd->pfd_next->pfd_prev = pfd->pfd_prev;
1791 }
1792 UF_EXIT(ufp);
1793 }
1794
1795 static void
1796 port_close_fd(portfd_t *pfd)
1797 {
1798 portfd_t *pfdn;
1799
1800 /*
1801 * At this point, no other thread should access
1802 * the portfd_t list for this fd. The uf_file, uf_portfd
1803 * pointers in the uf_entry_t struct for this fd would
1804 * be set to NULL.
1805 */
1806 for (; pfd != NULL; pfd = pfdn) {
1807 pfdn = pfd->pfd_next;
1808 port_close_pfd(pfd);
1809 }
1810 }