1 /* 2 * Copyright (c) 2003,2004 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Matthew Dillon <dillon@backplane.com> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * Direct file pointer API functions for in-kernel operations on files. These 37 * functions provide a open/read/write/close like interface within the kernel 38 * for operating on files that are not necessarily associated with processes 39 * and which do not (typically) have descriptors. 40 * 41 * FUTURE: file handle conversion routines to support checkpointing, 42 * and additional file operations (ioctl, fcntl). 43 */ 44 45 #include <sys/param.h> 46 #include <sys/kernel.h> 47 #include <sys/systm.h> 48 #include <sys/uio.h> 49 #include <sys/malloc.h> 50 #include <sys/sysproto.h> 51 #include <sys/conf.h> 52 #include <sys/filedesc.h> 53 #include <sys/sysctl.h> 54 #include <sys/vnode.h> 55 #include <sys/proc.h> 56 #include <sys/priv.h> 57 #include <sys/nlookup.h> 58 #include <sys/file.h> 59 #include <sys/stat.h> 60 #include <sys/filio.h> 61 #include <sys/fcntl.h> 62 #include <sys/unistd.h> 63 #include <sys/resourcevar.h> 64 #include <sys/event.h> 65 #include <sys/mman.h> 66 67 #include <vm/vm.h> 68 #include <vm/vm_param.h> 69 #include <sys/lock.h> 70 #include <vm/pmap.h> 71 #include <vm/vm_map.h> 72 #include <vm/vm_object.h> 73 #include <vm/vm_page.h> 74 #include <vm/vm_pager.h> 75 #include <vm/vm_pageout.h> 76 #include <vm/vm_extern.h> 77 #include <vm/vm_kern.h> 78 79 #include <sys/file2.h> 80 #include <machine/limits.h> 81 82 typedef struct file *file_t; 83 84 /* 85 * fp_open: 86 * 87 * Open a file as specified. Use O_* flags for flags. 88 * 89 * vn_open() asserts that the cred must match the process's cred. 90 * 91 * NOTE! when fp_open() is called from a pure thread, root creds are 92 * used. 93 */ 94 int 95 fp_open(const char *path, int flags, int mode, file_t *fpp) 96 { 97 struct nlookupdata nd; 98 struct thread *td; 99 struct file *fp; 100 int error; 101 102 if ((error = falloc(NULL, fpp, NULL)) != 0) 103 return (error); 104 fp = *fpp; 105 td = curthread; 106 if (td->td_proc) 107 fsetcred(fp, td->td_proc->p_ucred); 108 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_LOCKVP); 109 flags = FFLAGS(flags); 110 if (error == 0) 111 error = vn_open(&nd, fp, flags, mode); 112 nlookup_done(&nd); 113 if (error) { 114 fdrop(fp); 115 *fpp = NULL; 116 } 117 return(error); 118 } 119 120 121 /* 122 * fp_vpopen(): convert a vnode to a file pointer, call VOP_OPEN() on the 123 * the vnode. The vnode must be refd and locked. 124 * 125 * On success the vnode's ref is inherited by the file pointer and the caller 126 * should not vrele() it, and the vnode is unlocked. 127 * 128 * On failure the vnode remains locked and refd and the caller is responsible 129 * for vput()ing it. 130 */ 131 int 132 fp_vpopen(struct vnode *vp, int flags, file_t *fpp) 133 { 134 struct thread *td; 135 struct file *fp; 136 int vmode; 137 int error; 138 139 td = curthread; 140 141 /* 142 * Vnode checks (from vn_open()) 143 */ 144 if (vp->v_type == VLNK) { 145 error = EMLINK; 146 goto bad2; 147 } 148 if (vp->v_type == VSOCK) { 149 error = EOPNOTSUPP; 150 goto bad2; 151 } 152 flags = FFLAGS(flags); 153 vmode = 0; 154 if (flags & (FWRITE | O_TRUNC)) { 155 if (vp->v_type == VDIR) { 156 error = EISDIR; 157 goto bad2; 158 } 159 error = vn_writechk(vp, NULL); 160 if (error) 161 goto bad2; 162 vmode |= VWRITE; 163 } 164 if (flags & FREAD) 165 vmode |= VREAD; 166 if (vmode) { 167 error = VOP_ACCESS(vp, vmode, td->td_proc->p_ucred); 168 if (error) 169 goto bad2; 170 } 171 172 /* 173 * File pointer setup 174 */ 175 if ((error = falloc(NULL, fpp, NULL)) != 0) 176 goto bad2; 177 fp = *fpp; 178 if (td->td_proc) 179 fsetcred(fp, td->td_proc->p_ucred); 180 181 error = VOP_OPEN(vp, flags, td->td_proc->p_ucred, fp); 182 if (error) 183 goto bad1; 184 185 vput(vp); 186 return (0); 187 bad1: 188 fp->f_ops = &badfileops; /* open failed, don't close */ 189 fp->f_data = NULL; 190 fdrop(fp); 191 /* leave the vnode intact, but fall through and unlock it anyway */ 192 bad2: 193 *fpp = NULL; 194 return (error); 195 } 196 197 /* 198 * fp_*read() is meant to operate like the normal descriptor based syscalls 199 * would. Note that if 'buf' points to user memory a UIO_USERSPACE 200 * transfer will be used. 201 */ 202 int 203 fp_pread(file_t fp, void *buf, size_t nbytes, off_t offset, ssize_t *res, 204 enum uio_seg seg) 205 { 206 struct uio auio; 207 struct iovec aiov; 208 size_t count; 209 int error; 210 211 if (res) 212 *res = 0; 213 if (nbytes > LONG_MAX) 214 return (EINVAL); 215 bzero(&auio, sizeof(auio)); 216 aiov.iov_base = (caddr_t)buf; 217 aiov.iov_len = nbytes; 218 auio.uio_iov = &aiov; 219 auio.uio_iovcnt = 1; 220 auio.uio_offset = offset; 221 auio.uio_resid = nbytes; 222 auio.uio_rw = UIO_READ; 223 auio.uio_segflg = seg; 224 auio.uio_td = curthread; 225 226 count = nbytes; 227 error = fo_read(fp, &auio, fp->f_cred, O_FOFFSET); 228 if (error) { 229 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 230 error == EWOULDBLOCK) 231 ) { 232 error = 0; 233 } 234 } 235 count -= auio.uio_resid; 236 if (res) 237 *res = count; 238 return(error); 239 } 240 241 int 242 fp_read(file_t fp, void *buf, size_t nbytes, ssize_t *res, int all, 243 enum uio_seg seg) 244 { 245 struct uio auio; 246 struct iovec aiov; 247 int error; 248 int lastresid; 249 250 if (res) 251 *res = 0; 252 if (nbytes > LONG_MAX) 253 return (EINVAL); 254 bzero(&auio, sizeof(auio)); 255 aiov.iov_base = (caddr_t)buf; 256 aiov.iov_len = nbytes; 257 auio.uio_iov = &aiov; 258 auio.uio_iovcnt = 1; 259 auio.uio_offset = 0; 260 auio.uio_resid = nbytes; 261 auio.uio_rw = UIO_READ; 262 auio.uio_segflg = seg; 263 auio.uio_td = curthread; 264 265 /* 266 * If all is false call fo_read() once. 267 * If all is true we attempt to read the entire request. We have to 268 * break out of the loop if an unrecoverable error or EOF occurs. 269 */ 270 do { 271 lastresid = auio.uio_resid; 272 error = fo_read(fp, &auio, fp->f_cred, 0); 273 } while (all && auio.uio_resid && 274 ((error == 0 && auio.uio_resid != lastresid) || 275 error == ERESTART || error == EINTR)); 276 if (all && error == 0 && auio.uio_resid) 277 error = ESPIPE; 278 279 /* 280 * If an error occured but some data was read, silently forget the 281 * error. However, if this is a non-blocking descriptor and 'all' 282 * was specified, return an error even if some data was read (this 283 * is considered a bug in the caller for using an illegal combination 284 * of 'all' and a non-blocking descriptor). 285 */ 286 if (error) { 287 if (auio.uio_resid != nbytes) { 288 if (error == ERESTART || error == EINTR) 289 error = 0; 290 if (error == EWOULDBLOCK && all == 0) 291 error = 0; 292 } 293 } 294 if (res) 295 *res = nbytes - auio.uio_resid; 296 return(error); 297 } 298 299 int 300 fp_pwrite(file_t fp, void *buf, size_t nbytes, off_t offset, ssize_t *res, 301 enum uio_seg seg) 302 { 303 struct uio auio; 304 struct iovec aiov; 305 size_t count; 306 int error; 307 308 if (res) 309 *res = 0; 310 if (nbytes > LONG_MAX) 311 return (EINVAL); 312 bzero(&auio, sizeof(auio)); 313 aiov.iov_base = (caddr_t)buf; 314 aiov.iov_len = nbytes; 315 auio.uio_iov = &aiov; 316 auio.uio_iovcnt = 1; 317 auio.uio_offset = offset; 318 auio.uio_resid = nbytes; 319 auio.uio_rw = UIO_WRITE; 320 auio.uio_segflg = seg; 321 auio.uio_td = curthread; 322 323 count = nbytes; 324 error = fo_write(fp, &auio, fp->f_cred, O_FOFFSET); 325 if (error) { 326 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 327 error == EWOULDBLOCK) 328 ) { 329 error = 0; 330 } 331 } 332 count -= auio.uio_resid; 333 if (res) 334 *res = count; 335 return(error); 336 } 337 338 339 int 340 fp_write(file_t fp, void *buf, size_t nbytes, ssize_t *res, enum uio_seg seg) 341 { 342 struct uio auio; 343 struct iovec aiov; 344 size_t count; 345 int error; 346 347 if (res) 348 *res = 0; 349 if (nbytes > LONG_MAX) 350 return (EINVAL); 351 bzero(&auio, sizeof(auio)); 352 aiov.iov_base = (caddr_t)buf; 353 aiov.iov_len = nbytes; 354 auio.uio_iov = &aiov; 355 auio.uio_iovcnt = 1; 356 auio.uio_offset = 0; 357 auio.uio_resid = nbytes; 358 auio.uio_rw = UIO_WRITE; 359 auio.uio_segflg = seg; 360 auio.uio_td = curthread; 361 362 count = nbytes; 363 error = fo_write(fp, &auio, fp->f_cred, 0); 364 if (error) { 365 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 366 error == EWOULDBLOCK) 367 ) { 368 error = 0; 369 } 370 } 371 count -= auio.uio_resid; 372 if (res) 373 *res = count; 374 return(error); 375 } 376 377 int 378 fp_stat(file_t fp, struct stat *ub) 379 { 380 int error; 381 382 error = fo_stat(fp, ub, fp->f_cred); 383 return(error); 384 } 385 386 /* 387 * non-anonymous, non-stack descriptor mappings only! 388 * 389 * This routine mostly snarfed from vm/vm_mmap.c 390 */ 391 int 392 fp_mmap(void *addr_arg, size_t size, int prot, int flags, struct file *fp, 393 off_t pos, void **resp) 394 { 395 struct thread *td = curthread; 396 struct proc *p = td->td_proc; 397 vm_size_t pageoff; 398 vm_prot_t maxprot; 399 vm_offset_t addr; 400 void *handle; 401 int error; 402 vm_object_t obj; 403 struct vmspace *vms = p->p_vmspace; 404 struct vnode *vp; 405 406 prot &= VM_PROT_ALL; 407 408 if ((ssize_t)size < 0 || (flags & MAP_ANON)) 409 return(EINVAL); 410 411 pageoff = (pos & PAGE_MASK); 412 pos -= pageoff; 413 414 /* Adjust size for rounding (on both ends). */ 415 size += pageoff; /* low end... */ 416 size = (vm_size_t)round_page(size); /* hi end */ 417 addr = (vm_offset_t)addr_arg; 418 419 /* 420 * Check for illegal addresses. Watch out for address wrap... Note 421 * that VM_*_ADDRESS are not constants due to casts (argh). 422 */ 423 if (flags & MAP_FIXED) { 424 /* 425 * The specified address must have the same remainder 426 * as the file offset taken modulo PAGE_SIZE, so it 427 * should be aligned after adjustment by pageoff. 428 */ 429 addr -= pageoff; 430 if (addr & PAGE_MASK) 431 return (EINVAL); 432 /* Address range must be all in user VM space. */ 433 if (VM_MAX_USER_ADDRESS > 0 && addr + size > VM_MAX_USER_ADDRESS) 434 return (EINVAL); 435 if (VM_MIN_USER_ADDRESS > 0 && addr < VM_MIN_USER_ADDRESS) 436 return (EINVAL); 437 if (addr + size < addr) 438 return (EINVAL); 439 } else if (addr == 0 || 440 (addr >= round_page((vm_offset_t)vms->vm_taddr) && 441 addr < round_page((vm_offset_t)vms->vm_daddr + maxdsiz)) 442 ) { 443 /* 444 * XXX for non-fixed mappings where no hint is provided or 445 * the hint would fall in the potential heap space, 446 * place it after the end of the largest possible heap. 447 * 448 * There should really be a pmap call to determine a reasonable 449 * location. 450 */ 451 addr = round_page((vm_offset_t)vms->vm_daddr + maxdsiz); 452 } 453 454 /* 455 * Mapping file, get fp for validation. Obtain vnode and make 456 * sure it is of appropriate type. 457 */ 458 if (fp->f_type != DTYPE_VNODE) 459 return (EINVAL); 460 461 /* 462 * POSIX shared-memory objects are defined to have 463 * kernel persistence, and are not defined to support 464 * read(2)/write(2) -- or even open(2). Thus, we can 465 * use MAP_ASYNC to trade on-disk coherence for speed. 466 * The shm_open(3) library routine turns on the FPOSIXSHM 467 * flag to request this behavior. 468 */ 469 if (fp->f_flag & FPOSIXSHM) 470 flags |= MAP_NOSYNC; 471 vp = (struct vnode *) fp->f_data; 472 if (vp->v_type != VREG && vp->v_type != VCHR) 473 return (EINVAL); 474 475 /* 476 * Get the proper underlying object 477 */ 478 if (vp->v_type == VREG) { 479 if ((obj = vp->v_object) == NULL) 480 return (EINVAL); 481 KKASSERT(vp == (struct vnode *)obj->handle); 482 } 483 484 /* 485 * XXX hack to handle use of /dev/zero to map anon memory (ala 486 * SunOS). 487 */ 488 if (vp->v_type == VCHR && iszerodev(vp->v_rdev)) { 489 handle = NULL; 490 maxprot = VM_PROT_ALL; 491 flags |= MAP_ANON; 492 pos = 0; 493 } else { 494 /* 495 * cdevs does not provide private mappings of any kind. 496 */ 497 if (vp->v_type == VCHR && 498 (flags & (MAP_PRIVATE|MAP_COPY))) { 499 error = EINVAL; 500 goto done; 501 } 502 /* 503 * Ensure that file and memory protections are 504 * compatible. Note that we only worry about 505 * writability if mapping is shared; in this case, 506 * current and max prot are dictated by the open file. 507 * XXX use the vnode instead? Problem is: what 508 * credentials do we use for determination? What if 509 * proc does a setuid? 510 */ 511 maxprot = VM_PROT_EXECUTE; /* ??? */ 512 if (fp->f_flag & FREAD) { 513 maxprot |= VM_PROT_READ; 514 } else if (prot & PROT_READ) { 515 error = EACCES; 516 goto done; 517 } 518 /* 519 * If we are sharing potential changes (either via 520 * MAP_SHARED or via the implicit sharing of character 521 * device mappings), and we are trying to get write 522 * permission although we opened it without asking 523 * for it, bail out. 524 */ 525 526 if ((flags & MAP_SHARED) != 0 || 527 (vp->v_type == VCHR) 528 ) { 529 if ((fp->f_flag & FWRITE) != 0) { 530 struct vattr va; 531 if ((error = VOP_GETATTR_FP(vp, &va, fp))) { 532 goto done; 533 } 534 if ((va.va_flags & (IMMUTABLE|APPEND)) == 0) { 535 maxprot |= VM_PROT_WRITE; 536 } else if (prot & PROT_WRITE) { 537 error = EPERM; 538 goto done; 539 } 540 } else if ((prot & PROT_WRITE) != 0) { 541 error = EACCES; 542 goto done; 543 } 544 } else { 545 maxprot |= VM_PROT_WRITE; 546 } 547 handle = (void *)vp; 548 } 549 error = vm_mmap(&vms->vm_map, &addr, size, prot, 550 maxprot, flags, handle, pos); 551 if (error == 0 && addr_arg) 552 *resp = (void *)addr; 553 done: 554 return (error); 555 } 556 557 int 558 fp_close(file_t fp) 559 { 560 return(fdrop(fp)); 561 } 562 563 int 564 fp_shutdown(file_t fp, int how) 565 { 566 return(fo_shutdown(fp, how)); 567 } 568 569