1 /* 2 * Copyright (c) 2003,2004 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Matthew Dillon <dillon@backplane.com> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * Direct file pointer API functions for in-kernel operations on files. These 37 * functions provide a open/read/write/close like interface within the kernel 38 * for operating on files that are not necessarily associated with processes 39 * and which do not (typically) have descriptors. 40 * 41 * FUTURE: file handle conversion routines to support checkpointing, 42 * and additional file operations (ioctl, fcntl). 43 */ 44 45 #include <sys/param.h> 46 #include <sys/kernel.h> 47 #include <sys/systm.h> 48 #include <sys/malloc.h> 49 #include <sys/sysproto.h> 50 #include <sys/conf.h> 51 #include <sys/filedesc.h> 52 #include <sys/sysctl.h> 53 #include <sys/vnode.h> 54 #include <sys/proc.h> 55 #include <sys/priv.h> 56 #include <sys/nlookup.h> 57 #include <sys/file.h> 58 #include <sys/stat.h> 59 #include <sys/filio.h> 60 #include <sys/fcntl.h> 61 #include <sys/unistd.h> 62 #include <sys/resourcevar.h> 63 #include <sys/event.h> 64 #include <sys/mman.h> 65 66 #include <vm/vm.h> 67 #include <vm/vm_param.h> 68 #include <sys/lock.h> 69 #include <vm/pmap.h> 70 #include <vm/vm_map.h> 71 #include <vm/vm_object.h> 72 #include <vm/vm_page.h> 73 #include <vm/vm_pager.h> 74 #include <vm/vm_pageout.h> 75 #include <vm/vm_extern.h> 76 #include <vm/vm_page.h> 77 #include <vm/vm_kern.h> 78 79 #include <sys/file2.h> 80 #include <machine/limits.h> 81 82 typedef struct file *file_t; 83 84 /* 85 * fp_open: 86 * 87 * Open a file as specified. Use O_* flags for flags. 88 * 89 * NOTE! O_ROOTCRED not quite working yet, vn_open() asserts that the 90 * cred must match the process's cred. XXX 91 * 92 * NOTE! when fp_open() is called from a pure thread, root creds are 93 * used. 94 */ 95 int 96 fp_open(const char *path, int flags, int mode, file_t *fpp) 97 { 98 struct nlookupdata nd; 99 struct thread *td; 100 struct file *fp; 101 int error; 102 103 if ((error = falloc(NULL, fpp, NULL)) != 0) 104 return (error); 105 fp = *fpp; 106 td = curthread; 107 if (td->td_proc) { 108 if ((flags & O_ROOTCRED) == 0) 109 fsetcred(fp, td->td_proc->p_ucred); 110 } 111 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_LOCKVP); 112 flags = FFLAGS(flags); 113 if (error == 0) 114 error = vn_open(&nd, fp, flags, mode); 115 nlookup_done(&nd); 116 if (error) { 117 fdrop(fp); 118 *fpp = NULL; 119 } 120 return(error); 121 } 122 123 124 /* 125 * fp_vpopen(): convert a vnode to a file pointer, call VOP_OPEN() on the 126 * the vnode. The vnode must be refd and locked. 127 * 128 * On success the vnode's ref is inherited by the file pointer and the caller 129 * should not vrele() it, and the vnode is unlocked. 130 * 131 * On failure the vnode remains locked and refd and the caller is responsible 132 * for vput()ing it. 133 */ 134 int 135 fp_vpopen(struct vnode *vp, int flags, file_t *fpp) 136 { 137 struct thread *td; 138 struct file *fp; 139 int vmode; 140 int error; 141 142 td = curthread; 143 144 /* 145 * Vnode checks (from vn_open()) 146 */ 147 if (vp->v_type == VLNK) { 148 error = EMLINK; 149 goto bad2; 150 } 151 if (vp->v_type == VSOCK) { 152 error = EOPNOTSUPP; 153 goto bad2; 154 } 155 flags = FFLAGS(flags); 156 vmode = 0; 157 if (flags & (FWRITE | O_TRUNC)) { 158 if (vp->v_type == VDIR) { 159 error = EISDIR; 160 goto bad2; 161 } 162 error = vn_writechk(vp, NULL); 163 if (error) 164 goto bad2; 165 vmode |= VWRITE; 166 } 167 if (flags & FREAD) 168 vmode |= VREAD; 169 if (vmode) { 170 error = VOP_ACCESS(vp, vmode, td->td_proc->p_ucred); 171 if (error) 172 goto bad2; 173 } 174 175 /* 176 * File pointer setup 177 */ 178 if ((error = falloc(NULL, fpp, NULL)) != 0) 179 goto bad2; 180 fp = *fpp; 181 if ((flags & O_ROOTCRED) == 0 && td->td_proc) 182 fsetcred(fp, td->td_proc->p_ucred); 183 184 error = VOP_OPEN(vp, flags, td->td_proc->p_ucred, fp); 185 if (error) 186 goto bad1; 187 188 vput(vp); 189 return (0); 190 bad1: 191 fp->f_ops = &badfileops; /* open failed, don't close */ 192 fp->f_data = NULL; 193 fdrop(fp); 194 /* leave the vnode intact, but fall through and unlock it anyway */ 195 bad2: 196 *fpp = NULL; 197 return (error); 198 } 199 200 /* 201 * fp_*read() is meant to operate like the normal descriptor based syscalls 202 * would. Note that if 'buf' points to user memory a UIO_USERSPACE 203 * transfer will be used. 204 */ 205 int 206 fp_pread(file_t fp, void *buf, size_t nbytes, off_t offset, ssize_t *res, 207 enum uio_seg seg) 208 { 209 struct uio auio; 210 struct iovec aiov; 211 size_t count; 212 int error; 213 214 if (res) 215 *res = 0; 216 if (nbytes > LONG_MAX) 217 return (EINVAL); 218 bzero(&auio, sizeof(auio)); 219 aiov.iov_base = (caddr_t)buf; 220 aiov.iov_len = nbytes; 221 auio.uio_iov = &aiov; 222 auio.uio_iovcnt = 1; 223 auio.uio_offset = offset; 224 auio.uio_resid = nbytes; 225 auio.uio_rw = UIO_READ; 226 auio.uio_segflg = seg; 227 auio.uio_td = curthread; 228 229 count = nbytes; 230 error = fo_read(fp, &auio, fp->f_cred, O_FOFFSET); 231 if (error) { 232 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 233 error == EWOULDBLOCK) 234 ) { 235 error = 0; 236 } 237 } 238 count -= auio.uio_resid; 239 if (res) 240 *res = count; 241 return(error); 242 } 243 244 int 245 fp_read(file_t fp, void *buf, size_t nbytes, ssize_t *res, int all, 246 enum uio_seg seg) 247 { 248 struct uio auio; 249 struct iovec aiov; 250 int error; 251 int lastresid; 252 253 if (res) 254 *res = 0; 255 if (nbytes > LONG_MAX) 256 return (EINVAL); 257 bzero(&auio, sizeof(auio)); 258 aiov.iov_base = (caddr_t)buf; 259 aiov.iov_len = nbytes; 260 auio.uio_iov = &aiov; 261 auio.uio_iovcnt = 1; 262 auio.uio_offset = 0; 263 auio.uio_resid = nbytes; 264 auio.uio_rw = UIO_READ; 265 auio.uio_segflg = seg; 266 auio.uio_td = curthread; 267 268 /* 269 * If all is false call fo_read() once. 270 * If all is true we attempt to read the entire request. We have to 271 * break out of the loop if an unrecoverable error or EOF occurs. 272 */ 273 do { 274 lastresid = auio.uio_resid; 275 error = fo_read(fp, &auio, fp->f_cred, 0); 276 } while (all && auio.uio_resid && 277 ((error == 0 && auio.uio_resid != lastresid) || 278 error == ERESTART || error == EINTR)); 279 if (all && error == 0 && auio.uio_resid) 280 error = ESPIPE; 281 282 /* 283 * If an error occured but some data was read, silently forget the 284 * error. However, if this is a non-blocking descriptor and 'all' 285 * was specified, return an error even if some data was read (this 286 * is considered a bug in the caller for using an illegal combination 287 * of 'all' and a non-blocking descriptor). 288 */ 289 if (error) { 290 if (auio.uio_resid != nbytes) { 291 if (error == ERESTART || error == EINTR) 292 error = 0; 293 if (error == EWOULDBLOCK && all == 0) 294 error = 0; 295 } 296 } 297 if (res) 298 *res = nbytes - auio.uio_resid; 299 return(error); 300 } 301 302 int 303 fp_pwrite(file_t fp, void *buf, size_t nbytes, off_t offset, ssize_t *res, 304 enum uio_seg seg) 305 { 306 struct uio auio; 307 struct iovec aiov; 308 size_t count; 309 int error; 310 311 if (res) 312 *res = 0; 313 if (nbytes > LONG_MAX) 314 return (EINVAL); 315 bzero(&auio, sizeof(auio)); 316 aiov.iov_base = (caddr_t)buf; 317 aiov.iov_len = nbytes; 318 auio.uio_iov = &aiov; 319 auio.uio_iovcnt = 1; 320 auio.uio_offset = offset; 321 auio.uio_resid = nbytes; 322 auio.uio_rw = UIO_WRITE; 323 auio.uio_segflg = seg; 324 auio.uio_td = curthread; 325 326 count = nbytes; 327 error = fo_write(fp, &auio, fp->f_cred, O_FOFFSET); 328 if (error) { 329 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 330 error == EWOULDBLOCK) 331 ) { 332 error = 0; 333 } 334 } 335 count -= auio.uio_resid; 336 if (res) 337 *res = count; 338 return(error); 339 } 340 341 342 int 343 fp_write(file_t fp, void *buf, size_t nbytes, ssize_t *res, enum uio_seg seg) 344 { 345 struct uio auio; 346 struct iovec aiov; 347 size_t count; 348 int error; 349 350 if (res) 351 *res = 0; 352 if (nbytes > LONG_MAX) 353 return (EINVAL); 354 bzero(&auio, sizeof(auio)); 355 aiov.iov_base = (caddr_t)buf; 356 aiov.iov_len = nbytes; 357 auio.uio_iov = &aiov; 358 auio.uio_iovcnt = 1; 359 auio.uio_offset = 0; 360 auio.uio_resid = nbytes; 361 auio.uio_rw = UIO_WRITE; 362 auio.uio_segflg = seg; 363 auio.uio_td = curthread; 364 365 count = nbytes; 366 error = fo_write(fp, &auio, fp->f_cred, 0); 367 if (error) { 368 if (auio.uio_resid != nbytes && (error == ERESTART || error == EINTR || 369 error == EWOULDBLOCK) 370 ) { 371 error = 0; 372 } 373 } 374 count -= auio.uio_resid; 375 if (res) 376 *res = count; 377 return(error); 378 } 379 380 int 381 fp_stat(file_t fp, struct stat *ub) 382 { 383 int error; 384 385 error = fo_stat(fp, ub, fp->f_cred); 386 return(error); 387 } 388 389 /* 390 * non-anonymous, non-stack descriptor mappings only! 391 * 392 * This routine mostly snarfed from vm/vm_mmap.c 393 */ 394 int 395 fp_mmap(void *addr_arg, size_t size, int prot, int flags, struct file *fp, 396 off_t pos, void **resp) 397 { 398 struct thread *td = curthread; 399 struct proc *p = td->td_proc; 400 vm_size_t pageoff; 401 vm_prot_t maxprot; 402 vm_offset_t addr; 403 void *handle; 404 int error; 405 vm_object_t obj; 406 struct vmspace *vms = p->p_vmspace; 407 struct vnode *vp; 408 409 prot &= VM_PROT_ALL; 410 411 if ((ssize_t)size < 0 || (flags & MAP_ANON)) 412 return(EINVAL); 413 414 pageoff = (pos & PAGE_MASK); 415 pos -= pageoff; 416 417 /* Adjust size for rounding (on both ends). */ 418 size += pageoff; /* low end... */ 419 size = (vm_size_t)round_page(size); /* hi end */ 420 addr = (vm_offset_t)addr_arg; 421 422 /* 423 * Check for illegal addresses. Watch out for address wrap... Note 424 * that VM_*_ADDRESS are not constants due to casts (argh). 425 */ 426 if (flags & MAP_FIXED) { 427 /* 428 * The specified address must have the same remainder 429 * as the file offset taken modulo PAGE_SIZE, so it 430 * should be aligned after adjustment by pageoff. 431 */ 432 addr -= pageoff; 433 if (addr & PAGE_MASK) 434 return (EINVAL); 435 /* Address range must be all in user VM space. */ 436 if (VM_MAX_USER_ADDRESS > 0 && addr + size > VM_MAX_USER_ADDRESS) 437 return (EINVAL); 438 if (VM_MIN_USER_ADDRESS > 0 && addr < VM_MIN_USER_ADDRESS) 439 return (EINVAL); 440 if (addr + size < addr) 441 return (EINVAL); 442 } else if (addr == 0 || 443 (addr >= round_page((vm_offset_t)vms->vm_taddr) && 444 addr < round_page((vm_offset_t)vms->vm_daddr + maxdsiz)) 445 ) { 446 /* 447 * XXX for non-fixed mappings where no hint is provided or 448 * the hint would fall in the potential heap space, 449 * place it after the end of the largest possible heap. 450 * 451 * There should really be a pmap call to determine a reasonable 452 * location. 453 */ 454 addr = round_page((vm_offset_t)vms->vm_daddr + maxdsiz); 455 } 456 457 /* 458 * Mapping file, get fp for validation. Obtain vnode and make 459 * sure it is of appropriate type. 460 */ 461 if (fp->f_type != DTYPE_VNODE) 462 return (EINVAL); 463 464 /* 465 * POSIX shared-memory objects are defined to have 466 * kernel persistence, and are not defined to support 467 * read(2)/write(2) -- or even open(2). Thus, we can 468 * use MAP_ASYNC to trade on-disk coherence for speed. 469 * The shm_open(3) library routine turns on the FPOSIXSHM 470 * flag to request this behavior. 471 */ 472 if (fp->f_flag & FPOSIXSHM) 473 flags |= MAP_NOSYNC; 474 vp = (struct vnode *) fp->f_data; 475 if (vp->v_type != VREG && vp->v_type != VCHR) 476 return (EINVAL); 477 478 /* 479 * Get the proper underlying object 480 */ 481 if (vp->v_type == VREG) { 482 if ((obj = vp->v_object) == NULL) 483 return (EINVAL); 484 KKASSERT(vp == (struct vnode *)obj->handle); 485 } 486 487 /* 488 * XXX hack to handle use of /dev/zero to map anon memory (ala 489 * SunOS). 490 */ 491 if (vp->v_type == VCHR && iszerodev(vp->v_rdev)) { 492 handle = NULL; 493 maxprot = VM_PROT_ALL; 494 flags |= MAP_ANON; 495 pos = 0; 496 } else { 497 /* 498 * cdevs does not provide private mappings of any kind. 499 */ 500 if (vp->v_type == VCHR && 501 (flags & (MAP_PRIVATE|MAP_COPY))) { 502 error = EINVAL; 503 goto done; 504 } 505 /* 506 * Ensure that file and memory protections are 507 * compatible. Note that we only worry about 508 * writability if mapping is shared; in this case, 509 * current and max prot are dictated by the open file. 510 * XXX use the vnode instead? Problem is: what 511 * credentials do we use for determination? What if 512 * proc does a setuid? 513 */ 514 maxprot = VM_PROT_EXECUTE; /* ??? */ 515 if (fp->f_flag & FREAD) { 516 maxprot |= VM_PROT_READ; 517 } else if (prot & PROT_READ) { 518 error = EACCES; 519 goto done; 520 } 521 /* 522 * If we are sharing potential changes (either via 523 * MAP_SHARED or via the implicit sharing of character 524 * device mappings), and we are trying to get write 525 * permission although we opened it without asking 526 * for it, bail out. 527 */ 528 529 if ((flags & MAP_SHARED) != 0 || 530 (vp->v_type == VCHR) 531 ) { 532 if ((fp->f_flag & FWRITE) != 0) { 533 struct vattr va; 534 if ((error = VOP_GETATTR(vp, &va))) { 535 goto done; 536 } 537 if ((va.va_flags & (IMMUTABLE|APPEND)) == 0) { 538 maxprot |= VM_PROT_WRITE; 539 } else if (prot & PROT_WRITE) { 540 error = EPERM; 541 goto done; 542 } 543 } else if ((prot & PROT_WRITE) != 0) { 544 error = EACCES; 545 goto done; 546 } 547 } else { 548 maxprot |= VM_PROT_WRITE; 549 } 550 handle = (void *)vp; 551 } 552 error = vm_mmap(&vms->vm_map, &addr, size, prot, 553 maxprot, flags, handle, pos); 554 if (error == 0 && addr_arg) 555 *resp = (void *)addr; 556 done: 557 return (error); 558 } 559 560 int 561 fp_close(file_t fp) 562 { 563 return(fdrop(fp)); 564 } 565 566 int 567 fp_shutdown(file_t fp, int how) 568 { 569 return(fo_shutdown(fp, how)); 570 } 571 572