1 /* 2 * Copyright (c) 2003,2004 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Matthew Dillon <dillon@backplane.com> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $DragonFly: src/sys/kern/kern_fp.c,v 1.9 2004/11/12 00:09:23 dillon Exp $ 35 */ 36 37 /* 38 * Direct file pointer API functions for in-kernel operations on files. These 39 * functions provide a open/read/write/close like interface within the kernel 40 * for operating on files that are not necessarily associated with processes 41 * and which do not (typically) have descriptors. 42 * 43 * FUTURE: file handle conversion routines to support checkpointing, 44 * and additional file operations (ioctl, fcntl). 45 */ 46 47 #include <sys/param.h> 48 #include <sys/kernel.h> 49 #include <sys/systm.h> 50 #include <sys/malloc.h> 51 #include <sys/sysproto.h> 52 #include <sys/conf.h> 53 #include <sys/filedesc.h> 54 #include <sys/sysctl.h> 55 #include <sys/vnode.h> 56 #include <sys/proc.h> 57 #include <sys/nlookup.h> 58 #include <sys/file.h> 59 #include <sys/stat.h> 60 #include <sys/filio.h> 61 #include <sys/fcntl.h> 62 #include <sys/unistd.h> 63 #include <sys/resourcevar.h> 64 #include <sys/event.h> 65 #include <sys/mman.h> 66 67 #include <vm/vm.h> 68 #include <vm/vm_param.h> 69 #include <sys/lock.h> 70 #include <vm/pmap.h> 71 #include <vm/vm_map.h> 72 #include <vm/vm_object.h> 73 #include <vm/vm_page.h> 74 #include <vm/vm_pager.h> 75 #include <vm/vm_pageout.h> 76 #include <vm/vm_extern.h> 77 #include <vm/vm_page.h> 78 #include <vm/vm_kern.h> 79 80 #include <sys/file2.h> 81 #include <machine/limits.h> 82 83 typedef struct file *file_t; 84 85 /* 86 * fp_open: 87 * 88 * Open a file as specified. Use O_* flags for flags. 89 * 90 * NOTE! O_ROOTCRED not quite working yet, vn_open() asserts that the 91 * cred must match the process's cred. XXX 92 * 93 * NOTE! when fp_open() is called from a pure thread, root creds are 94 * used. 95 */ 96 int 97 fp_open(const char *path, int flags, int mode, file_t *fpp) 98 { 99 struct nlookupdata nd; 100 struct thread *td; 101 struct file *fp; 102 int error; 103 104 if ((error = falloc(NULL, fpp, NULL)) != 0) 105 return (error); 106 fp = *fpp; 107 td = curthread; 108 if (td->td_proc) { 109 if ((flags & O_ROOTCRED) == 0) 110 fsetcred(fp, td->td_proc->p_ucred); 111 } 112 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_LOCKVP); 113 flags = FFLAGS(flags); 114 if (error == 0) 115 error = vn_open(&nd, fp, flags, mode); 116 nlookup_done(&nd); 117 if (error) { 118 fdrop(fp, td); 119 *fpp = NULL; 120 } 121 return(error); 122 } 123 124 125 /* 126 * fp_vpopen(): convert a vnode to a file pointer, call VOP_OPEN() on the 127 * the vnode. The vnode must be refd and locked. 128 * 129 * On success the vnode's ref is inherited by the file pointer and the caller 130 * should not vrele() it, and the vnode is unlocked. 131 * 132 * On failure the vnode remains locked and refd and the caller is responsible 133 * for vput()ing it. 134 */ 135 int 136 fp_vpopen(struct vnode *vp, int flags, file_t *fpp) 137 { 138 struct thread *td; 139 struct file *fp; 140 int vmode; 141 int error; 142 143 td = curthread; 144 145 /* 146 * Vnode checks (from vn_open()) 147 */ 148 if (vp->v_type == VLNK) { 149 error = EMLINK; 150 goto bad2; 151 } 152 if (vp->v_type == VSOCK) { 153 error = EOPNOTSUPP; 154 goto bad2; 155 } 156 flags = FFLAGS(flags); 157 vmode = 0; 158 if (flags & (FWRITE | O_TRUNC)) { 159 if (vp->v_type == VDIR) { 160 error = EISDIR; 161 goto bad2; 162 } 163 error = vn_writechk(vp); 164 if (error) 165 goto bad2; 166 vmode |= VWRITE; 167 } 168 if (flags & FREAD) 169 vmode |= VREAD; 170 if (vmode) { 171 error = VOP_ACCESS(vp, vmode, td->td_proc->p_ucred, td); 172 if (error) 173 goto bad2; 174 } 175 176 /* 177 * File pointer setup 178 */ 179 if ((error = falloc(NULL, fpp, NULL)) != 0) 180 goto bad2; 181 fp = *fpp; 182 if ((flags & O_ROOTCRED) == 0 && td->td_proc) 183 fsetcred(fp, td->td_proc->p_ucred); 184 fp->f_data = (caddr_t)vp; 185 fp->f_flag = flags; 186 fp->f_ops = &vnode_fileops; 187 fp->f_type = DTYPE_VNODE; 188 189 error = VOP_OPEN(vp, flags, td->td_proc->p_ucred, fp, td); 190 if (error) 191 goto bad1; 192 193 /* 194 * Make sure that a VM object is created for VMIO support. 195 */ 196 if (vn_canvmio(vp) == TRUE) { 197 if ((error = vfs_object_create(vp, td)) != 0) { 198 VOP_CLOSE(vp, flags, td); 199 goto bad1; 200 } 201 } 202 203 /* 204 * All done, update v_writecount now that no more errors can occur. 205 */ 206 if (flags & FWRITE) 207 vp->v_writecount++; 208 VOP_UNLOCK(vp, 0, td); 209 return (0); 210 bad1: 211 fp->f_ops = &badfileops; /* open failed, don't close */ 212 fp->f_data = NULL; 213 fdrop(fp, td); 214 /* leave the vnode intact, but fall through and unlock it anyway */ 215 bad2: 216 *fpp = NULL; 217 return (error); 218 } 219 220 /* 221 * fp_*read() is meant to operate like the normal descriptor based syscalls 222 * would. Note that if 'buf' points to user memory a UIO_USERSPACE 223 * transfer will be used. 224 */ 225 int 226 fp_pread(file_t fp, void *buf, size_t nbytes, off_t offset, ssize_t *res) 227 { 228 struct uio auio; 229 struct iovec aiov; 230 size_t count; 231 int error; 232 233 if (res) 234 *res = 0; 235 if (nbytes > INT_MAX) 236 return (EINVAL); 237 bzero(&auio, sizeof(auio)); 238 aiov.iov_base = (caddr_t)buf; 239 aiov.iov_len = nbytes; 240 auio.uio_iov = &aiov; 241 auio.uio_iovcnt = 1; 242 auio.uio_offset = offset; 243 auio.uio_resid = nbytes; 244 auio.uio_rw = UIO_READ; 245 if ((vm_offset_t)buf < VM_MAXUSER_ADDRESS) 246 auio.uio_segflg = UIO_USERSPACE; 247 else 248 auio.uio_segflg = UIO_SYSSPACE; 249 auio.uio_td = curthread; 250 251 count = nbytes; 252 error = fo_read(fp, &auio, fp->f_cred, FOF_OFFSET, auio.uio_td); 253 if (error) { 254 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 255 error == EWOULDBLOCK) 256 ) { 257 error = 0; 258 } 259 } 260 count -= auio.uio_resid; 261 if (res) 262 *res = count; 263 return(error); 264 } 265 266 int 267 fp_read(file_t fp, void *buf, size_t nbytes, ssize_t *res) 268 { 269 struct uio auio; 270 struct iovec aiov; 271 size_t count; 272 int error; 273 274 if (res) 275 *res = 0; 276 if (nbytes > INT_MAX) 277 return (EINVAL); 278 bzero(&auio, sizeof(auio)); 279 aiov.iov_base = (caddr_t)buf; 280 aiov.iov_len = nbytes; 281 auio.uio_iov = &aiov; 282 auio.uio_iovcnt = 1; 283 auio.uio_offset = 0; 284 auio.uio_resid = nbytes; 285 auio.uio_rw = UIO_READ; 286 if ((vm_offset_t)buf < VM_MAXUSER_ADDRESS) 287 auio.uio_segflg = UIO_USERSPACE; 288 else 289 auio.uio_segflg = UIO_SYSSPACE; 290 auio.uio_td = curthread; 291 292 count = nbytes; 293 error = fo_read(fp, &auio, fp->f_cred, 0, auio.uio_td); 294 if (error) { 295 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 296 error == EWOULDBLOCK) 297 ) { 298 error = 0; 299 } 300 } 301 count -= auio.uio_resid; 302 if (res) 303 *res = count; 304 return(error); 305 } 306 307 int 308 fp_pwrite(file_t fp, void *buf, size_t nbytes, off_t offset, ssize_t *res) 309 { 310 struct uio auio; 311 struct iovec aiov; 312 size_t count; 313 int error; 314 315 if (res) 316 *res = 0; 317 if (nbytes > INT_MAX) 318 return (EINVAL); 319 bzero(&auio, sizeof(auio)); 320 aiov.iov_base = (caddr_t)buf; 321 aiov.iov_len = nbytes; 322 auio.uio_iov = &aiov; 323 auio.uio_iovcnt = 1; 324 auio.uio_offset = offset; 325 auio.uio_resid = nbytes; 326 auio.uio_rw = UIO_WRITE; 327 if ((vm_offset_t)buf < VM_MAXUSER_ADDRESS) 328 auio.uio_segflg = UIO_USERSPACE; 329 else 330 auio.uio_segflg = UIO_SYSSPACE; 331 auio.uio_td = curthread; 332 333 count = nbytes; 334 error = fo_write(fp, &auio, fp->f_cred, FOF_OFFSET, auio.uio_td); 335 if (error) { 336 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 337 error == EWOULDBLOCK) 338 ) { 339 error = 0; 340 } 341 } 342 count -= auio.uio_resid; 343 if (res) 344 *res = count; 345 return(error); 346 } 347 348 349 int 350 fp_write(file_t fp, void *buf, size_t nbytes, ssize_t *res) 351 { 352 struct uio auio; 353 struct iovec aiov; 354 size_t count; 355 int error; 356 357 if (res) 358 *res = 0; 359 if (nbytes > INT_MAX) 360 return (EINVAL); 361 bzero(&auio, sizeof(auio)); 362 aiov.iov_base = (caddr_t)buf; 363 aiov.iov_len = nbytes; 364 auio.uio_iov = &aiov; 365 auio.uio_iovcnt = 1; 366 auio.uio_offset = 0; 367 auio.uio_resid = nbytes; 368 auio.uio_rw = UIO_WRITE; 369 if ((vm_offset_t)buf < VM_MAXUSER_ADDRESS) 370 auio.uio_segflg = UIO_USERSPACE; 371 else 372 auio.uio_segflg = UIO_SYSSPACE; 373 auio.uio_td = curthread; 374 375 count = nbytes; 376 error = fo_write(fp, &auio, fp->f_cred, 0, auio.uio_td); 377 if (error) { 378 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 379 error == EWOULDBLOCK) 380 ) { 381 error = 0; 382 } 383 } 384 count -= auio.uio_resid; 385 if (res) 386 *res = count; 387 return(error); 388 } 389 390 int 391 fp_stat(file_t fp, struct stat *ub) 392 { 393 int error; 394 395 error = fo_stat(fp, ub, curthread); 396 return(error); 397 } 398 399 /* 400 * non-anonymous, non-stack descriptor mappings only! 401 * 402 * This routine mostly snarfed from vm/vm_mmap.c 403 */ 404 int 405 fp_mmap(void *addr_arg, size_t size, int prot, int flags, struct file *fp, 406 off_t pos, void **resp) 407 { 408 struct thread *td = curthread; 409 struct proc *p = td->td_proc; 410 vm_size_t pageoff; 411 vm_prot_t maxprot; 412 vm_offset_t addr; 413 void *handle; 414 int error; 415 vm_object_t obj; 416 struct vmspace *vms = p->p_vmspace; 417 struct vnode *vp; 418 int disablexworkaround; 419 420 prot &= VM_PROT_ALL; 421 422 if ((ssize_t)size < 0 || (flags & MAP_ANON)) 423 return(EINVAL); 424 425 pageoff = (pos & PAGE_MASK); 426 pos -= pageoff; 427 428 /* Adjust size for rounding (on both ends). */ 429 size += pageoff; /* low end... */ 430 size = (vm_size_t)round_page(size); /* hi end */ 431 addr = (vm_offset_t)addr_arg; 432 433 /* 434 * Check for illegal addresses. Watch out for address wrap... Note 435 * that VM_*_ADDRESS are not constants due to casts (argh). 436 */ 437 if (flags & MAP_FIXED) { 438 /* 439 * The specified address must have the same remainder 440 * as the file offset taken modulo PAGE_SIZE, so it 441 * should be aligned after adjustment by pageoff. 442 */ 443 addr -= pageoff; 444 if (addr & PAGE_MASK) 445 return (EINVAL); 446 /* Address range must be all in user VM space. */ 447 if (VM_MAXUSER_ADDRESS > 0 && addr + size > VM_MAXUSER_ADDRESS) 448 return (EINVAL); 449 #ifndef i386 450 if (VM_MIN_ADDRESS > 0 && addr < VM_MIN_ADDRESS) 451 return (EINVAL); 452 #endif 453 if (addr + size < addr) 454 return (EINVAL); 455 } else if (addr == 0 || 456 (addr >= round_page((vm_offset_t)vms->vm_taddr) && 457 addr < round_page((vm_offset_t)vms->vm_daddr + maxdsiz)) 458 ) { 459 /* 460 * XXX for non-fixed mappings where no hint is provided or 461 * the hint would fall in the potential heap space, 462 * place it after the end of the largest possible heap. 463 * 464 * There should really be a pmap call to determine a reasonable 465 * location. 466 */ 467 addr = round_page((vm_offset_t)vms->vm_daddr + maxdsiz); 468 } 469 470 /* 471 * Mapping file, get fp for validation. Obtain vnode and make 472 * sure it is of appropriate type. 473 */ 474 if (fp->f_type != DTYPE_VNODE) 475 return (EINVAL); 476 477 /* 478 * POSIX shared-memory objects are defined to have 479 * kernel persistence, and are not defined to support 480 * read(2)/write(2) -- or even open(2). Thus, we can 481 * use MAP_ASYNC to trade on-disk coherence for speed. 482 * The shm_open(3) library routine turns on the FPOSIXSHM 483 * flag to request this behavior. 484 */ 485 if (fp->f_flag & FPOSIXSHM) 486 flags |= MAP_NOSYNC; 487 vp = (struct vnode *) fp->f_data; 488 if (vp->v_type != VREG && vp->v_type != VCHR) 489 return (EINVAL); 490 491 /* 492 * Get the proper underlying object 493 */ 494 if (vp->v_type == VREG) { 495 if (VOP_GETVOBJECT(vp, &obj) != 0) 496 return (EINVAL); 497 vp = (struct vnode*)obj->handle; 498 } 499 500 /* 501 * XXX hack to handle use of /dev/zero to map anon memory (ala 502 * SunOS). 503 */ 504 if (vp->v_type == VCHR && iszerodev(vp->v_rdev)) { 505 handle = NULL; 506 maxprot = VM_PROT_ALL; 507 flags |= MAP_ANON; 508 pos = 0; 509 } else { 510 /* 511 * cdevs does not provide private mappings of any kind. 512 */ 513 /* 514 * However, for XIG X server to continue to work, 515 * we should allow the superuser to do it anyway. 516 * We only allow it at securelevel < 1. 517 * (Because the XIG X server writes directly to video 518 * memory via /dev/mem, it should never work at any 519 * other securelevel. 520 * XXX this will have to go 521 */ 522 if (securelevel >= 1) 523 disablexworkaround = 1; 524 else 525 disablexworkaround = suser(td); 526 if (vp->v_type == VCHR && disablexworkaround && 527 (flags & (MAP_PRIVATE|MAP_COPY))) { 528 error = EINVAL; 529 goto done; 530 } 531 /* 532 * Ensure that file and memory protections are 533 * compatible. Note that we only worry about 534 * writability if mapping is shared; in this case, 535 * current and max prot are dictated by the open file. 536 * XXX use the vnode instead? Problem is: what 537 * credentials do we use for determination? What if 538 * proc does a setuid? 539 */ 540 maxprot = VM_PROT_EXECUTE; /* ??? */ 541 if (fp->f_flag & FREAD) { 542 maxprot |= VM_PROT_READ; 543 } else if (prot & PROT_READ) { 544 error = EACCES; 545 goto done; 546 } 547 /* 548 * If we are sharing potential changes (either via 549 * MAP_SHARED or via the implicit sharing of character 550 * device mappings), and we are trying to get write 551 * permission although we opened it without asking 552 * for it, bail out. Check for superuser, only if 553 * we're at securelevel < 1, to allow the XIG X server 554 * to continue to work. 555 */ 556 557 if ((flags & MAP_SHARED) != 0 || 558 (vp->v_type == VCHR && disablexworkaround) 559 ) { 560 if ((fp->f_flag & FWRITE) != 0) { 561 struct vattr va; 562 if ((error = VOP_GETATTR(vp, &va, td))) { 563 goto done; 564 } 565 if ((va.va_flags & (IMMUTABLE|APPEND)) == 0) { 566 maxprot |= VM_PROT_WRITE; 567 } else if (prot & PROT_WRITE) { 568 error = EPERM; 569 goto done; 570 } 571 } else if ((prot & PROT_WRITE) != 0) { 572 error = EACCES; 573 goto done; 574 } 575 } else { 576 maxprot |= VM_PROT_WRITE; 577 } 578 handle = (void *)vp; 579 } 580 error = vm_mmap(&vms->vm_map, &addr, size, prot, 581 maxprot, flags, handle, pos); 582 if (error == 0 && addr_arg) 583 *resp = (void *)addr; 584 done: 585 return (error); 586 } 587 588 int 589 fp_close(file_t fp) 590 { 591 return(fdrop(fp, curthread)); 592 } 593 594