1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1990, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * @(#)filedesc.h 8.1 (Berkeley) 6/2/93 32 * $FreeBSD$ 33 */ 34 35 #ifndef _SYS_FILEDESC_H_ 36 #define _SYS_FILEDESC_H_ 37 38 #include <sys/types.h> 39 #include <sys/caprights.h> 40 #include <sys/queue.h> 41 #include <sys/event.h> 42 #include <sys/lock.h> 43 #include <sys/mutex.h> 44 #include <sys/priority.h> 45 #include <sys/seqc.h> 46 #include <sys/sx.h> 47 #include <sys/_smr.h> 48 #include <sys/smr_types.h> 49 50 #include <machine/_limits.h> 51 52 struct filecaps { 53 cap_rights_t fc_rights; /* per-descriptor capability rights */ 54 u_long *fc_ioctls; /* per-descriptor allowed ioctls */ 55 int16_t fc_nioctls; /* fc_ioctls array size */ 56 uint32_t fc_fcntls; /* per-descriptor allowed fcntls */ 57 }; 58 59 struct filedescent { 60 struct file *fde_file; /* file structure for open file */ 61 struct filecaps fde_caps; /* per-descriptor rights */ 62 uint8_t fde_flags; /* per-process open file flags */ 63 seqc_t fde_seqc; /* keep file and caps in sync */ 64 }; 65 #define fde_rights fde_caps.fc_rights 66 #define fde_fcntls fde_caps.fc_fcntls 67 #define fde_ioctls fde_caps.fc_ioctls 68 #define fde_nioctls fde_caps.fc_nioctls 69 70 #ifdef _KERNEL 71 static inline void 72 fde_copy(struct filedescent *from, struct filedescent *to) 73 { 74 75 to->fde_file = from->fde_file; 76 to->fde_caps = from->fde_caps; 77 to->fde_flags = from->fde_flags; 78 } 79 #endif 80 81 struct fdescenttbl { 82 int fdt_nfiles; /* number of open files allocated */ 83 struct filedescent fdt_ofiles[0]; /* open files */ 84 }; 85 #define fd_seqc(fdt, fd) (&(fdt)->fdt_ofiles[(fd)].fde_seqc) 86 87 #define NDSLOTTYPE u_long 88 89 /* 90 * This struct is copy-on-write and allocated from an SMR zone. 91 * All fields are constant after initialization apart from the reference count. 92 * The ABI root directory is initialized as the root directory and changed 93 * during process transiting to or from non-native ABI. 94 * 95 * Check pwd_* routines for usage. 96 */ 97 struct pwd { 98 u_int pwd_refcount; 99 struct vnode *pwd_cdir; /* current directory */ 100 struct vnode *pwd_rdir; /* root directory */ 101 struct vnode *pwd_jdir; /* jail root directory */ 102 struct vnode *pwd_adir; /* abi root directory */ 103 }; 104 typedef SMR_POINTER(struct pwd *) smrpwd_t; 105 106 struct pwddesc { 107 struct mtx pd_lock; /* protects members of this struct */ 108 smrpwd_t pd_pwd; /* directories */ 109 u_int pd_refcount; 110 u_short pd_cmask; /* mask for file creation */ 111 }; 112 113 /* 114 * This structure is used for the management of descriptors. It may be 115 * shared by multiple processes. 116 */ 117 struct filedesc { 118 struct fdescenttbl *fd_files; /* open files table */ 119 NDSLOTTYPE *fd_map; /* bitmap of free fds */ 120 int fd_freefile; /* approx. next free file */ 121 int fd_refcnt; /* thread reference count */ 122 int fd_holdcnt; /* hold count on structure + mutex */ 123 struct sx fd_sx; /* protects members of this struct */ 124 struct kqlist fd_kqlist; /* list of kqueues on this filedesc */ 125 int fd_holdleaderscount; /* block fdfree() for shared close() */ 126 int fd_holdleaderswakeup; /* fdfree() needs wakeup */ 127 }; 128 129 /* 130 * Structure to keep track of (process leader, struct fildedesc) tuples. 131 * Each process has a pointer to such a structure when detailed tracking 132 * is needed, e.g., when rfork(RFPROC | RFMEM) causes a file descriptor 133 * table to be shared by processes having different "p_leader" pointers 134 * and thus distinct POSIX style locks. 135 * 136 * fdl_refcount and fdl_holdcount are protected by struct filedesc mtx. 137 */ 138 struct filedesc_to_leader { 139 int fdl_refcount; /* references from struct proc */ 140 int fdl_holdcount; /* temporary hold during closef */ 141 int fdl_wakeup; /* fdfree() waits on closef() */ 142 struct proc *fdl_leader; /* owner of POSIX locks */ 143 /* Circular list: */ 144 struct filedesc_to_leader *fdl_prev; 145 struct filedesc_to_leader *fdl_next; 146 }; 147 #define fd_nfiles fd_files->fdt_nfiles 148 #define fd_ofiles fd_files->fdt_ofiles 149 150 /* 151 * Per-process open flags. 152 */ 153 #define UF_EXCLOSE 0x01 /* auto-close on exec */ 154 155 #ifdef _KERNEL 156 157 /* Lock a paths descriptor table. */ 158 #define PWDDESC_LOCK(pdp) (&(pdp)->pd_lock) 159 #define PWDDESC_LOCK_INIT(pdp) \ 160 mtx_init(PWDDESC_LOCK(pdp), "pwddesc", NULL, MTX_DEF) 161 #define PWDDESC_LOCK_DESTROY(pdp) mtx_destroy(PWDDESC_LOCK(pdp)) 162 #define PWDDESC_XLOCK(pdp) mtx_lock(PWDDESC_LOCK(pdp)) 163 #define PWDDESC_XUNLOCK(pdp) mtx_unlock(PWDDESC_LOCK(pdp)) 164 #define PWDDESC_LOCK_ASSERT(pdp, what) \ 165 mtx_assert(PWDDESC_LOCK(pdp), (what)) 166 #define PWDDESC_ASSERT_XLOCKED(pdp) \ 167 PWDDESC_LOCK_ASSERT((pdp), MA_OWNED) 168 #define PWDDESC_ASSERT_UNLOCKED(pdp) \ 169 PWDDESC_LOCK_ASSERT((pdp), MA_NOTOWNED) 170 171 #define PWDDESC_XLOCKED_LOAD_PWD(pdp) ({ \ 172 struct pwddesc *_pdp = (pdp); \ 173 struct pwd *_pwd; \ 174 _pwd = smr_serialized_load(&(_pdp)->pd_pwd, \ 175 (PWDDESC_ASSERT_XLOCKED(_pdp), true)); \ 176 _pwd; \ 177 }) 178 179 /* Lock a file descriptor table. */ 180 #define FILEDESC_LOCK_INIT(fdp) sx_init(&(fdp)->fd_sx, "filedesc structure") 181 #define FILEDESC_LOCK_DESTROY(fdp) sx_destroy(&(fdp)->fd_sx) 182 #define FILEDESC_LOCK(fdp) (&(fdp)->fd_sx) 183 #define FILEDESC_XLOCK(fdp) sx_xlock(&(fdp)->fd_sx) 184 #define FILEDESC_XUNLOCK(fdp) sx_xunlock(&(fdp)->fd_sx) 185 #define FILEDESC_SLOCK(fdp) sx_slock(&(fdp)->fd_sx) 186 #define FILEDESC_SUNLOCK(fdp) sx_sunlock(&(fdp)->fd_sx) 187 188 #define FILEDESC_LOCK_ASSERT(fdp) sx_assert(&(fdp)->fd_sx, SX_LOCKED | \ 189 SX_NOTRECURSED) 190 #define FILEDESC_XLOCK_ASSERT(fdp) sx_assert(&(fdp)->fd_sx, SX_XLOCKED | \ 191 SX_NOTRECURSED) 192 #define FILEDESC_UNLOCK_ASSERT(fdp) sx_assert(&(fdp)->fd_sx, SX_UNLOCKED) 193 194 #define FILEDESC_IS_ONLY_USER(fdp) ({ \ 195 struct filedesc *_fdp = (fdp); \ 196 MPASS(curproc->p_fd == _fdp); \ 197 (curproc->p_numthreads == 1 && refcount_load(&_fdp->fd_refcnt) == 1); \ 198 }) 199 200 #else 201 202 /* 203 * Accessor for libkvm et al. 204 */ 205 #define PWDDESC_KVM_LOAD_PWD(pdp) ({ \ 206 struct pwddesc *_pdp = (pdp); \ 207 struct pwd *_pwd; \ 208 _pwd = smr_kvm_load(&(_pdp)->pd_pwd); \ 209 _pwd; \ 210 }) 211 212 #endif 213 214 #ifdef _KERNEL 215 216 /* Operation types for kern_dup(). */ 217 enum { 218 FDDUP_NORMAL, /* dup() behavior. */ 219 FDDUP_FCNTL, /* fcntl()-style errors. */ 220 FDDUP_FIXED, /* Force fixed allocation. */ 221 FDDUP_LASTMODE, 222 }; 223 224 /* Flags for kern_dup(). */ 225 #define FDDUP_FLAG_CLOEXEC 0x1 /* Atomically set UF_EXCLOSE. */ 226 227 /* For backward compatibility. */ 228 #define falloc(td, resultfp, resultfd, flags) \ 229 falloc_caps(td, resultfp, resultfd, flags, NULL) 230 231 struct mount; 232 struct thread; 233 234 static __inline void 235 filecaps_init(struct filecaps *fcaps) 236 { 237 238 bzero(fcaps, sizeof(*fcaps)); 239 fcaps->fc_nioctls = -1; 240 } 241 bool filecaps_copy(const struct filecaps *src, struct filecaps *dst, 242 bool locked); 243 void filecaps_move(struct filecaps *src, struct filecaps *dst); 244 void filecaps_free(struct filecaps *fcaps); 245 246 int closef(struct file *fp, struct thread *td); 247 void closef_nothread(struct file *fp); 248 int descrip_check_write_mp(struct filedesc *fdp, struct mount *mp); 249 int dupfdopen(struct thread *td, struct filedesc *fdp, int dfd, int mode, 250 int openerror, int *indxp); 251 int falloc_caps(struct thread *td, struct file **resultfp, int *resultfd, 252 int flags, struct filecaps *fcaps); 253 void falloc_abort(struct thread *td, struct file *fp); 254 int _falloc_noinstall(struct thread *td, struct file **resultfp, u_int n); 255 #define falloc_noinstall(td, resultfp) _falloc_noinstall(td, resultfp, 1) 256 void _finstall(struct filedesc *fdp, struct file *fp, int fd, int flags, 257 struct filecaps *fcaps); 258 int finstall(struct thread *td, struct file *fp, int *resultfd, int flags, 259 struct filecaps *fcaps); 260 int finstall_refed(struct thread *td, struct file *fp, int *resultfd, int flags, 261 struct filecaps *fcaps); 262 int fdalloc(struct thread *td, int minfd, int *result); 263 int fdallocn(struct thread *td, int minfd, int *fds, int n); 264 int fdcheckstd(struct thread *td); 265 void fdclose(struct thread *td, struct file *fp, int idx); 266 void fdcloseexec(struct thread *td); 267 void fdsetugidsafety(struct thread *td); 268 struct filedesc *fdcopy(struct filedesc *fdp); 269 void fdunshare(struct thread *td); 270 void fdescfree(struct thread *td); 271 int fdlastfile(struct filedesc *fdp); 272 int fdlastfile_single(struct filedesc *fdp); 273 struct filedesc *fdinit(void); 274 struct filedesc *fdshare(struct filedesc *fdp); 275 struct filedesc_to_leader * 276 filedesc_to_leader_alloc(struct filedesc_to_leader *old, 277 struct filedesc *fdp, struct proc *leader); 278 struct filedesc_to_leader * 279 filedesc_to_leader_share(struct filedesc_to_leader *fdtol, 280 struct filedesc *fdp); 281 int getvnode(struct thread *td, int fd, cap_rights_t *rightsp, 282 struct file **fpp); 283 int getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp, 284 struct file **fpp); 285 void mountcheckdirs(struct vnode *olddp, struct vnode *newdp); 286 287 int fget_cap_noref(struct filedesc *fdp, int fd, cap_rights_t *needrightsp, 288 struct file **fpp, struct filecaps *havecapsp); 289 int fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp, 290 struct file **fpp, struct filecaps *havecapsp); 291 /* Return a referenced file from an unlocked descriptor. */ 292 int fget_unlocked(struct thread *td, int fd, cap_rights_t *needrightsp, 293 struct file **fpp); 294 /* Return a file pointer without a ref. FILEDESC_IS_ONLY_USER must be true. */ 295 int fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp, 296 struct file **fpp); 297 #define fput_only_user(fdp, fp) ({ \ 298 MPASS(FILEDESC_IS_ONLY_USER(fdp)); \ 299 MPASS(refcount_load(&fp->f_count) > 0); \ 300 }) 301 302 /* Requires a FILEDESC_{S,X}LOCK held and returns without a ref. */ 303 static __inline struct file * 304 fget_noref(struct filedesc *fdp, int fd) 305 { 306 307 FILEDESC_LOCK_ASSERT(fdp); 308 309 if (__predict_false((u_int)fd >= (u_int)fdp->fd_nfiles)) 310 return (NULL); 311 312 return (fdp->fd_ofiles[fd].fde_file); 313 } 314 315 static __inline struct filedescent * 316 fdeget_noref(struct filedesc *fdp, int fd) 317 { 318 struct filedescent *fde; 319 320 FILEDESC_LOCK_ASSERT(fdp); 321 322 if (__predict_false((u_int)fd >= (u_int)fdp->fd_nfiles)) 323 return (NULL); 324 325 fde = &fdp->fd_ofiles[fd]; 326 if (__predict_false(fde->fde_file == NULL)) 327 return (NULL); 328 329 return (fde); 330 } 331 332 #ifdef CAPABILITIES 333 static __inline bool 334 fd_modified(struct filedesc *fdp, int fd, seqc_t seqc) 335 { 336 337 return (!seqc_consistent(fd_seqc(fdp->fd_files, fd), seqc)); 338 } 339 #endif 340 341 /* cdir/rdir/jdir manipulation functions. */ 342 struct pwddesc *pdcopy(struct pwddesc *pdp); 343 void pdescfree(struct thread *td); 344 struct pwddesc *pdinit(struct pwddesc *pdp, bool keeplock); 345 struct pwddesc *pdshare(struct pwddesc *pdp); 346 void pdunshare(struct thread *td); 347 348 void pwd_altroot(struct thread *td, struct vnode *altroot_vp); 349 void pwd_chdir(struct thread *td, struct vnode *vp); 350 int pwd_chroot(struct thread *td, struct vnode *vp); 351 int pwd_chroot_chdir(struct thread *td, struct vnode *vp); 352 void pwd_ensure_dirs(void); 353 void pwd_set_rootvnode(void); 354 355 struct pwd *pwd_hold_pwddesc(struct pwddesc *pdp); 356 bool pwd_hold_smr(struct pwd *pwd); 357 struct pwd *pwd_hold_proc(struct proc *p); 358 struct pwd *pwd_hold(struct thread *td); 359 void pwd_drop(struct pwd *pwd); 360 static inline void 361 pwd_set(struct pwddesc *pdp, struct pwd *newpwd) 362 { 363 smr_serialized_store(&pdp->pd_pwd, newpwd, 364 (PWDDESC_ASSERT_XLOCKED(pdp), true)); 365 } 366 #define pwd_get_smr() vfs_smr_entered_load(&curproc->p_pd->pd_pwd) 367 368 #endif /* _KERNEL */ 369 370 #endif /* !_SYS_FILEDESC_H_ */ 371