Rename socket wait channels when sleeping.

Use "netacc" for accept(2) and "netcon" for connect(2). Call sleep
in sys_ypconnect() "ypcon" to make it unique. sblock() now has
"sblock" to distinguish

Rename socket wait channels when sleeping.

Use "netacc" for accept(2) and "netcon" for connect(2). Call sleep
in sys_ypconnect() "ypcon" to make it unique. sblock() now has
"sblock" to distinguish it from netlock.

OK claudio@ mvs@ kn@

show more ...

Protect pool_get() with kernel lock in sys_ypconnect().

Pool namei_pool is initialized with IPL_NONE as filesystem always
runs with kernel lock. So pool_get() needs kernel lock also in
sys_ypconnec

Protect pool_get() with kernel lock in sys_ypconnect().

Pool namei_pool is initialized with IPL_NONE as filesystem always
runs with kernel lock. So pool_get() needs kernel lock also in
sys_ypconnect().

OK kn@ deraadt@

show more ...

Rework socket buffers locking for shared netlock.

Shared netlock is not sufficient to call so{r,w}wakeup(). The following
sowakeup() modifies `sb_flags' and knote(9) stuff. Unfortunately, we
can't c

Rework socket buffers locking for shared netlock.

Shared netlock is not sufficient to call so{r,w}wakeup(). The following
sowakeup() modifies `sb_flags' and knote(9) stuff. Unfortunately, we
can't call so{r,w}wakeup() with `inp_mtx' mutex(9) because sowakeup()
also calls pgsigio() which grabs kernel lock.

However, `so*_filtops' callbacks only perform read-only access to the
socket stuff, so it is enough to hold shared netlock only, but the klist
stuff needs to be protected.

This diff introduces `sb_mtx' mutex(9) to protect sockbuf. This time
`sb_mtx' used to protect only `sb_flags' and `sb_klist'.

Now we have soassertlocked_readonly() and soassertlocked(). The first
one is happy if only shared netlock is held, meanwhile the second wants
`so_lock' or pru_lock() be held together with shared netlock.

To keep soassertlocked*() assertions soft, we need to know mutex(9)
state, so new mtx_owned() macro was introduces. Also, the new optional
(*pru_locked)() handler brings the state of pru_lock().

Tests and ok from bluhm.

show more ...

Run connect(2) in parallel within inet doamin.

This unlocks soconnect() for UDP, rip, rip6 and divert. It takes
shared net lock in combination with per socket lock. TCP and GRE
still use exclusive

Run connect(2) in parallel within inet doamin.

This unlocks soconnect() for UDP, rip, rip6 and divert. It takes
shared net lock in combination with per socket lock. TCP and GRE
still use exclusive net lock when connecting.

OK mvs@

show more ...

Run bind(2) system call in parallel.

For protocols that care about locking, use the shared net lock to
call sobind(). Use the per socket rwlock together with shared net
lock. This affects protocol

Run bind(2) system call in parallel.

For protocols that care about locking, use the shared net lock to
call sobind(). Use the per socket rwlock together with shared net
lock. This affects protocols UDP, raw IP, and divert. Move the
inpcb mutex locking into soreceive(), it is only used there. Add
a comment to describe the current inmplementation of inpcb locking.

OK mvs@ sashan@

show more ...

Fix unreliable sys_setsockopt() with consistent use of M_WAIT

Also remove useless NULL check.

ok bluhm@

Move solock() down to sosetopt(). A part of standalone sblock() work.
This movement required because buffers related SO_SND* and SO_RCV*
socket options should be protected with sblock(). However, sta

Move solock() down to sosetopt(). A part of standalone sblock() work.
This movement required because buffers related SO_SND* and SO_RCV*
socket options should be protected with sblock(). However, standalone
sblock() has different lock order with solock() and `so_snd' and
`so_rcv' buffers. At least sblock() for `so_snd' buffer will always be
taken before solock() in the sosend() path.

The (*pr_ctloutput)() call was removed from the SOL_SOCKET level 'else'
branch. Except the SO_RTABLE case where it handled in the special way,
this is null op call.

For SO_SND* and SO_RCV* cases solock() will be replaced by sblock() in
the future.

Feedback from bluhm

Tested by bluhm naddy

ok bluhm

show more ...

Adjust knote(9) API

Make knote(9) lock the knote list internally, and add knote_locked(9)
for the typical situation where the list is already locked.

Remove the KNOTE(9) macro to simplify the API.

Adjust knote(9) API

Make knote(9) lock the knote list internally, and add knote_locked(9)
for the typical situation where the list is already locked.

Remove the KNOTE(9) macro to simplify the API.

Manual page OK jmc@
OK mpi@ mvs@

show more ...

Push solock() down to sogetopt(). It is not required for the most cases.
Also, some cases could be protected with solock_shared().

ok bluhm@

Replace selinfo structure by klist in sockbuf. No reason to keep it,
selinfo is just wrapper to klist. netstat(1) and libkvm use socket
structure, but don't touch so_{snd,rcv}.sb_sel.

ok visa@

Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of
receive buffer. As it was done for SS_CANTSENDMORE bit, the definition
kept as is, but now these bits belongs to the `sb_sta

Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of
receive buffer. As it was done for SS_CANTSENDMORE bit, the definition
kept as is, but now these bits belongs to the `sb_state' of receive
buffer. `sb_state' ored with `so_state' when socket data exporting to the
userland.

ok bluhm@

show more ...

Use solock() instead solock_shared() within sys_getsockopt(). Otherwise
we acquiring kernel lock with mutex(9) held. This partially reverts
rev 1.205 of sys/kern/uipc_syscalls.c. Shared solock() is s

Use solock() instead solock_shared() within sys_getsockopt(). Otherwise
we acquiring kernel lock with mutex(9) held. This partially reverts
rev 1.205 of sys/kern/uipc_syscalls.c. Shared solock() is still fine for
getsockname(2) and getpeername(2).

Reported-by: syzbot+00a4824cb1b6a214c7d6@syzkaller.appspotmail.com

ok kn@ claudio@

show more ...

If the called of ypconnect(2) is root, the socket should acquire a
reserved port to received secure-maps from the ypserver.
issue found by niklas, using a simpler diff i proposed
ok miod

zap a pile of dangling tabs

Use shared socket/net lock for IP sockets

so{,un}lock_shared() take the shared net lock for PF_INET and PF_INET6
while sticking to the exclusive rwlock elsewhere.

getsockopt(2), getsockname(2) and

Use shared socket/net lock for IP sockets

so{,un}lock_shared() take the shared net lock for PF_INET and PF_INET6
while sticking to the exclusive rwlock elsewhere.

getsockopt(2), getsockname(2) and getpeername(2) (all UNLOCK) do not
write, so the exclusive net lock is overkill here.

OK mvs

show more ...

Make recvmmsg and sendmmsg look more alike. change the flag type
to int like other flag parameters, NetBSD uses unsigned int, FreeBSD
and Linux do int.
OK bluhm@

add the sendmmsg syscall that allows sending multiple msghdrs at
once. libc, man page, and regress parts to come.
With input from jca@, bluhm@.
OK bluhm@

add the recvmmsg syscall that allows receiving multiple msghdrs at
once. libc, man page, and regress parts to come.
With input from jca@, guenther@, bluhm@.
OK bluhm@

remove unneeded includes in sys/kern
ok mpi@ miod@

Introduce the pru_*() wrappers for corresponding (*pr_usrreq)() calls.

This is helpful for the following (*pr_usrreq)() split to multiple
handlers. But right now this makes code more readable.

Also

Introduce the pru_*() wrappers for corresponding (*pr_usrreq)() calls.

This is helpful for the following (*pr_usrreq)() split to multiple
handlers. But right now this makes code more readable.

Also add '#ifndef _SYS_SOCKETVAR_H_' to sys/socketvar.h. This prevents the
collisions when both sys/protosw.h and sys/socketvar.h are included
together. Both 'socket' and 'protosw' structures are required to be
defined before pru_*() wrappers, so we need to include sys/socketvar.h to
sys/protosw.h.

ok bluhm@

show more ...

the domainname is under root control, but because we are producing a path
inside ypconnect(), it is best if we prevent "../" problems. so reject
domainnames containing '/.
discussed with jca

For opening up the bindings file in ypconnect(2), bail out early
if chrooted
issue pointed out by semarie

pledge "getpw" would notice access to /var/run/ypbind.lock, and grant "inet"
rights, so that libc/yp could access YP services via a fairly complex 'protocol'
including file access, sockets, etc. Thi

pledge "getpw" would notice access to /var/run/ypbind.lock, and grant "inet"
rights, so that libc/yp could access YP services via a fairly complex 'protocol'
including file access, sockets, etc. This YP protocol is also used by ypldap --
this is our way of bringing 'NIS' services into libc without monster sub-libraries.
I have managed to remove this "inet" right by creating a new ypconnect() system
call, which performs parts of the yp_bind.c dance inside the kernel.. It checks if
domainname is set, looks for a binding file with advisory lock, reads it to
get the IP and udp/tcp port numbers, and then establishes a connnected socket
direct to that ypserv. This socket has a SS_YP flag set, and non-required system
calls are prohibited. libc maintains lifetime on this socket so a process
should never see it, but it seems safer to block udp re-connect and other calls
even in non-pledge mode.
Userland changes to use this will follow in a few days.
Lots of help from claudio and jmatthew, also ok miod

show more ...

Make fine grained unix(4) domain sockets locking. Use the per-socket
`so_lock' rwlock(9) instead of global `unp_lock' which locks the whole
layer.

The PCB of unix(4) sockets are linked to each other

Make fine grained unix(4) domain sockets locking. Use the per-socket
`so_lock' rwlock(9) instead of global `unp_lock' which locks the whole
layer.

The PCB of unix(4) sockets are linked to each other and we need to lock
them both. This introduces the lock ordering problem, because when the
thread (1) keeps lock on `so1' and trying to lock `so2', the thread (2)
could hold lock on `so2' and trying to lock `so1'. To solve this we
always lock sockets in the strict order.

For the sockets which are already accessible from userland, we always
lock socket with the smallest memory address first. Sometimes we need to
unlock socket before lock it's peer and lock it again.

We use reference counters for prevent the connected peer destruction
during to relock. We also handle the case where the peer socket was
replaced by another socket.

For the newly connected sockets, which are not yet exported to the
userland by accept(2), we always lock the listening socket `head' first.
This allows us to avoid unwanted relock within accept(2) syscall.

ok claudio@

show more ...

Simplify solock() and sounlock(). There is no reason to return a value
for the lock operation and to pass a value to the unlock operation.
sofree() still needs an extra flag to know if sounlock() sho

Simplify solock() and sounlock(). There is no reason to return a value
for the lock operation and to pass a value to the unlock operation.
sofree() still needs an extra flag to know if sounlock() should be called
or not. But sofree() is called less often and mostly without keeping the lock.
OK mpi@ mvs@

show more ...