1 /* 2 * Copyright (c) 1982, 1986, 1989, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * %sccs.include.redist.c% 6 * 7 * @(#)uipc_usrreq.c 8.9 (Berkeley) 05/14/95 8 */ 9 10 #include <sys/param.h> 11 #include <sys/systm.h> 12 #include <sys/proc.h> 13 #include <sys/filedesc.h> 14 #include <sys/domain.h> 15 #include <sys/protosw.h> 16 #include <sys/socket.h> 17 #include <sys/socketvar.h> 18 #include <sys/unpcb.h> 19 #include <sys/un.h> 20 #include <sys/namei.h> 21 #include <sys/vnode.h> 22 #include <sys/file.h> 23 #include <sys/stat.h> 24 #include <sys/mbuf.h> 25 26 /* 27 * Unix communications domain. 28 * 29 * TODO: 30 * SEQPACKET, RDM 31 * rethink name space problems 32 * need a proper out-of-band 33 */ 34 struct sockaddr sun_noname = { sizeof(sun_noname), AF_UNIX }; 35 ino_t unp_ino; /* prototype for fake inode numbers */ 36 37 /*ARGSUSED*/ 38 int 39 uipc_usrreq(so, req, m, nam, control) 40 struct socket *so; 41 int req; 42 struct mbuf *m, *nam, *control; 43 { 44 struct unpcb *unp = sotounpcb(so); 45 register struct socket *so2; 46 register int error = 0; 47 struct proc *p = curproc; /* XXX */ 48 49 if (req == PRU_CONTROL) 50 return (EOPNOTSUPP); 51 if (req != PRU_SEND && control && control->m_len) { 52 error = EOPNOTSUPP; 53 goto release; 54 } 55 if (unp == 0 && req != PRU_ATTACH) { 56 error = EINVAL; 57 goto release; 58 } 59 switch (req) { 60 61 case PRU_ATTACH: 62 if (unp) { 63 error = EISCONN; 64 break; 65 } 66 error = unp_attach(so); 67 break; 68 69 case PRU_DETACH: 70 unp_detach(unp); 71 break; 72 73 case PRU_BIND: 74 error = unp_bind(unp, nam, p); 75 break; 76 77 case PRU_LISTEN: 78 if (unp->unp_vnode == 0) 79 error = EINVAL; 80 break; 81 82 case PRU_CONNECT: 83 error = unp_connect(so, nam, p); 84 break; 85 86 case PRU_CONNECT2: 87 error = unp_connect2(so, (struct socket *)nam); 88 break; 89 90 case PRU_DISCONNECT: 91 unp_disconnect(unp); 92 break; 93 94 case PRU_ACCEPT: 95 /* 96 * Pass back name of connected socket, 97 * if it was bound and we are still connected 98 * (our peer may have closed already!). 99 */ 100 if (unp->unp_conn && unp->unp_conn->unp_addr) { 101 nam->m_len = unp->unp_conn->unp_addr->m_len; 102 bcopy(mtod(unp->unp_conn->unp_addr, caddr_t), 103 mtod(nam, caddr_t), (unsigned)nam->m_len); 104 } else { 105 nam->m_len = sizeof(sun_noname); 106 *(mtod(nam, struct sockaddr *)) = sun_noname; 107 } 108 break; 109 110 case PRU_SHUTDOWN: 111 socantsendmore(so); 112 unp_shutdown(unp); 113 break; 114 115 case PRU_RCVD: 116 switch (so->so_type) { 117 118 case SOCK_DGRAM: 119 panic("uipc 1"); 120 /*NOTREACHED*/ 121 122 case SOCK_STREAM: 123 #define rcv (&so->so_rcv) 124 #define snd (&so2->so_snd) 125 if (unp->unp_conn == 0) 126 break; 127 so2 = unp->unp_conn->unp_socket; 128 /* 129 * Adjust backpressure on sender 130 * and wakeup any waiting to write. 131 */ 132 snd->sb_mbmax += unp->unp_mbcnt - rcv->sb_mbcnt; 133 unp->unp_mbcnt = rcv->sb_mbcnt; 134 snd->sb_hiwat += unp->unp_cc - rcv->sb_cc; 135 unp->unp_cc = rcv->sb_cc; 136 sowwakeup(so2); 137 #undef snd 138 #undef rcv 139 break; 140 141 default: 142 panic("uipc 2"); 143 } 144 break; 145 146 case PRU_SEND: 147 if (control && (error = unp_internalize(control, p))) 148 break; 149 switch (so->so_type) { 150 151 case SOCK_DGRAM: { 152 struct sockaddr *from; 153 154 if (nam) { 155 if (unp->unp_conn) { 156 error = EISCONN; 157 break; 158 } 159 error = unp_connect(so, nam, p); 160 if (error) 161 break; 162 } else { 163 if (unp->unp_conn == 0) { 164 error = ENOTCONN; 165 break; 166 } 167 } 168 so2 = unp->unp_conn->unp_socket; 169 if (unp->unp_addr) 170 from = mtod(unp->unp_addr, struct sockaddr *); 171 else 172 from = &sun_noname; 173 if (sbappendaddr(&so2->so_rcv, from, m, control)) { 174 sorwakeup(so2); 175 m = 0; 176 control = 0; 177 } else 178 error = ENOBUFS; 179 if (nam) 180 unp_disconnect(unp); 181 break; 182 } 183 184 case SOCK_STREAM: 185 #define rcv (&so2->so_rcv) 186 #define snd (&so->so_snd) 187 if (so->so_state & SS_CANTSENDMORE) { 188 error = EPIPE; 189 break; 190 } 191 if (unp->unp_conn == 0) 192 panic("uipc 3"); 193 so2 = unp->unp_conn->unp_socket; 194 /* 195 * Send to paired receive port, and then reduce 196 * send buffer hiwater marks to maintain backpressure. 197 * Wake up readers. 198 */ 199 if (control) { 200 if (sbappendcontrol(rcv, m, control)) 201 control = 0; 202 } else 203 sbappend(rcv, m); 204 snd->sb_mbmax -= 205 rcv->sb_mbcnt - unp->unp_conn->unp_mbcnt; 206 unp->unp_conn->unp_mbcnt = rcv->sb_mbcnt; 207 snd->sb_hiwat -= rcv->sb_cc - unp->unp_conn->unp_cc; 208 unp->unp_conn->unp_cc = rcv->sb_cc; 209 sorwakeup(so2); 210 m = 0; 211 #undef snd 212 #undef rcv 213 break; 214 215 default: 216 panic("uipc 4"); 217 } 218 break; 219 220 case PRU_ABORT: 221 unp_drop(unp, ECONNABORTED); 222 break; 223 224 case PRU_SENSE: 225 ((struct stat *) m)->st_blksize = so->so_snd.sb_hiwat; 226 if (so->so_type == SOCK_STREAM && unp->unp_conn != 0) { 227 so2 = unp->unp_conn->unp_socket; 228 ((struct stat *) m)->st_blksize += so2->so_rcv.sb_cc; 229 } 230 ((struct stat *) m)->st_dev = NODEV; 231 if (unp->unp_ino == 0) 232 unp->unp_ino = unp_ino++; 233 ((struct stat *) m)->st_ino = unp->unp_ino; 234 return (0); 235 236 case PRU_RCVOOB: 237 return (EOPNOTSUPP); 238 239 case PRU_SENDOOB: 240 error = EOPNOTSUPP; 241 break; 242 243 case PRU_SOCKADDR: 244 if (unp->unp_addr) { 245 nam->m_len = unp->unp_addr->m_len; 246 bcopy(mtod(unp->unp_addr, caddr_t), 247 mtod(nam, caddr_t), (unsigned)nam->m_len); 248 } else 249 nam->m_len = 0; 250 break; 251 252 case PRU_PEERADDR: 253 if (unp->unp_conn && unp->unp_conn->unp_addr) { 254 nam->m_len = unp->unp_conn->unp_addr->m_len; 255 bcopy(mtod(unp->unp_conn->unp_addr, caddr_t), 256 mtod(nam, caddr_t), (unsigned)nam->m_len); 257 } else 258 nam->m_len = 0; 259 break; 260 261 case PRU_SLOWTIMO: 262 break; 263 264 default: 265 panic("piusrreq"); 266 } 267 release: 268 if (control) 269 m_freem(control); 270 if (m) 271 m_freem(m); 272 return (error); 273 } 274 275 /* 276 * Both send and receive buffers are allocated PIPSIZ bytes of buffering 277 * for stream sockets, although the total for sender and receiver is 278 * actually only PIPSIZ. 279 * Datagram sockets really use the sendspace as the maximum datagram size, 280 * and don't really want to reserve the sendspace. Their recvspace should 281 * be large enough for at least one max-size datagram plus address. 282 */ 283 #define PIPSIZ 4096 284 u_long unpst_sendspace = PIPSIZ; 285 u_long unpst_recvspace = PIPSIZ; 286 u_long unpdg_sendspace = 2*1024; /* really max datagram size */ 287 u_long unpdg_recvspace = 4*1024; 288 289 int unp_rights; /* file descriptors in flight */ 290 291 int 292 unp_attach(so) 293 struct socket *so; 294 { 295 register struct mbuf *m; 296 register struct unpcb *unp; 297 int error; 298 299 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { 300 switch (so->so_type) { 301 302 case SOCK_STREAM: 303 error = soreserve(so, unpst_sendspace, unpst_recvspace); 304 break; 305 306 case SOCK_DGRAM: 307 error = soreserve(so, unpdg_sendspace, unpdg_recvspace); 308 break; 309 310 default: 311 panic("unp_attach"); 312 } 313 if (error) 314 return (error); 315 } 316 m = m_getclr(M_DONTWAIT, MT_PCB); 317 if (m == NULL) 318 return (ENOBUFS); 319 unp = mtod(m, struct unpcb *); 320 so->so_pcb = (caddr_t)unp; 321 unp->unp_socket = so; 322 return (0); 323 } 324 325 void 326 unp_detach(unp) 327 register struct unpcb *unp; 328 { 329 330 if (unp->unp_vnode) { 331 unp->unp_vnode->v_socket = 0; 332 vrele(unp->unp_vnode); 333 unp->unp_vnode = 0; 334 } 335 if (unp->unp_conn) 336 unp_disconnect(unp); 337 while (unp->unp_refs) 338 unp_drop(unp->unp_refs, ECONNRESET); 339 soisdisconnected(unp->unp_socket); 340 unp->unp_socket->so_pcb = 0; 341 m_freem(unp->unp_addr); 342 (void) m_free(dtom(unp)); 343 if (unp_rights) { 344 /* 345 * Normally the receive buffer is flushed later, 346 * in sofree, but if our receive buffer holds references 347 * to descriptors that are now garbage, we will dispose 348 * of those descriptor references after the garbage collector 349 * gets them (resulting in a "panic: closef: count < 0"). 350 */ 351 sorflush(unp->unp_socket); 352 unp_gc(); 353 } 354 } 355 356 int 357 unp_bind(unp, nam, p) 358 struct unpcb *unp; 359 struct mbuf *nam; 360 struct proc *p; 361 { 362 struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *); 363 register struct vnode *vp; 364 struct vattr vattr; 365 int error; 366 struct nameidata nd; 367 368 NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT, UIO_SYSSPACE, 369 soun->sun_path, p); 370 if (unp->unp_vnode != NULL) 371 return (EINVAL); 372 if (nam->m_len == MLEN) { 373 if (*(mtod(nam, caddr_t) + nam->m_len - 1) != 0) 374 return (EINVAL); 375 } else 376 *(mtod(nam, caddr_t) + nam->m_len) = 0; 377 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */ 378 if (error = namei(&nd)) 379 return (error); 380 vp = nd.ni_vp; 381 if (vp != NULL) { 382 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd); 383 if (nd.ni_dvp == vp) 384 vrele(nd.ni_dvp); 385 else 386 vput(nd.ni_dvp); 387 vrele(vp); 388 return (EADDRINUSE); 389 } 390 VATTR_NULL(&vattr); 391 vattr.va_type = VSOCK; 392 vattr.va_mode = ACCESSPERMS; 393 VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE); 394 if (error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr)) 395 return (error); 396 vp = nd.ni_vp; 397 vp->v_socket = unp->unp_socket; 398 unp->unp_vnode = vp; 399 unp->unp_addr = m_copy(nam, 0, (int)M_COPYALL); 400 VOP_UNLOCK(vp, 0, p); 401 return (0); 402 } 403 404 int 405 unp_connect(so, nam, p) 406 struct socket *so; 407 struct mbuf *nam; 408 struct proc *p; 409 { 410 register struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *); 411 register struct vnode *vp; 412 register struct socket *so2, *so3; 413 struct unpcb *unp2, *unp3; 414 int error; 415 struct nameidata nd; 416 417 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, soun->sun_path, p); 418 if (nam->m_data + nam->m_len == &nam->m_dat[MLEN]) { /* XXX */ 419 if (*(mtod(nam, caddr_t) + nam->m_len - 1) != 0) 420 return (EMSGSIZE); 421 } else 422 *(mtod(nam, caddr_t) + nam->m_len) = 0; 423 if (error = namei(&nd)) 424 return (error); 425 vp = nd.ni_vp; 426 if (vp->v_type != VSOCK) { 427 error = ENOTSOCK; 428 goto bad; 429 } 430 if (error = VOP_ACCESS(vp, VWRITE, p->p_ucred, p)) 431 goto bad; 432 so2 = vp->v_socket; 433 if (so2 == 0) { 434 error = ECONNREFUSED; 435 goto bad; 436 } 437 if (so->so_type != so2->so_type) { 438 error = EPROTOTYPE; 439 goto bad; 440 } 441 if (so->so_proto->pr_flags & PR_CONNREQUIRED) { 442 if ((so2->so_options & SO_ACCEPTCONN) == 0 || 443 (so3 = sonewconn(so2, 0)) == 0) { 444 error = ECONNREFUSED; 445 goto bad; 446 } 447 unp2 = sotounpcb(so2); 448 unp3 = sotounpcb(so3); 449 if (unp2->unp_addr) 450 unp3->unp_addr = 451 m_copy(unp2->unp_addr, 0, (int)M_COPYALL); 452 so2 = so3; 453 } 454 error = unp_connect2(so, so2); 455 bad: 456 vput(vp); 457 return (error); 458 } 459 460 int 461 unp_connect2(so, so2) 462 register struct socket *so; 463 register struct socket *so2; 464 { 465 register struct unpcb *unp = sotounpcb(so); 466 register struct unpcb *unp2; 467 468 if (so2->so_type != so->so_type) 469 return (EPROTOTYPE); 470 unp2 = sotounpcb(so2); 471 unp->unp_conn = unp2; 472 switch (so->so_type) { 473 474 case SOCK_DGRAM: 475 unp->unp_nextref = unp2->unp_refs; 476 unp2->unp_refs = unp; 477 soisconnected(so); 478 break; 479 480 case SOCK_STREAM: 481 unp2->unp_conn = unp; 482 soisconnected(so); 483 soisconnected(so2); 484 break; 485 486 default: 487 panic("unp_connect2"); 488 } 489 return (0); 490 } 491 492 void 493 unp_disconnect(unp) 494 struct unpcb *unp; 495 { 496 register struct unpcb *unp2 = unp->unp_conn; 497 498 if (unp2 == 0) 499 return; 500 unp->unp_conn = 0; 501 switch (unp->unp_socket->so_type) { 502 503 case SOCK_DGRAM: 504 if (unp2->unp_refs == unp) 505 unp2->unp_refs = unp->unp_nextref; 506 else { 507 unp2 = unp2->unp_refs; 508 for (;;) { 509 if (unp2 == 0) 510 panic("unp_disconnect"); 511 if (unp2->unp_nextref == unp) 512 break; 513 unp2 = unp2->unp_nextref; 514 } 515 unp2->unp_nextref = unp->unp_nextref; 516 } 517 unp->unp_nextref = 0; 518 unp->unp_socket->so_state &= ~SS_ISCONNECTED; 519 break; 520 521 case SOCK_STREAM: 522 soisdisconnected(unp->unp_socket); 523 unp2->unp_conn = 0; 524 soisdisconnected(unp2->unp_socket); 525 break; 526 } 527 } 528 529 #ifdef notdef 530 void 531 unp_abort(unp) 532 struct unpcb *unp; 533 { 534 535 unp_detach(unp); 536 } 537 #endif 538 539 void 540 unp_shutdown(unp) 541 struct unpcb *unp; 542 { 543 struct socket *so; 544 545 if (unp->unp_socket->so_type == SOCK_STREAM && unp->unp_conn && 546 (so = unp->unp_conn->unp_socket)) 547 socantrcvmore(so); 548 } 549 550 void 551 unp_drop(unp, errno) 552 struct unpcb *unp; 553 int errno; 554 { 555 struct socket *so = unp->unp_socket; 556 557 so->so_error = errno; 558 unp_disconnect(unp); 559 if (so->so_head) { 560 so->so_pcb = (caddr_t) 0; 561 m_freem(unp->unp_addr); 562 (void) m_free(dtom(unp)); 563 sofree(so); 564 } 565 } 566 567 #ifdef notdef 568 unp_drain() 569 { 570 571 } 572 #endif 573 574 int 575 unp_externalize(rights) 576 struct mbuf *rights; 577 { 578 struct proc *p = curproc; /* XXX */ 579 register int i; 580 register struct cmsghdr *cm = mtod(rights, struct cmsghdr *); 581 register struct file **rp = (struct file **)(cm + 1); 582 register struct file *fp; 583 int newfds = (cm->cmsg_len - sizeof(*cm)) / sizeof (int); 584 int f; 585 586 if (!fdavail(p, newfds)) { 587 for (i = 0; i < newfds; i++) { 588 fp = *rp; 589 unp_discard(fp); 590 *rp++ = 0; 591 } 592 return (EMSGSIZE); 593 } 594 for (i = 0; i < newfds; i++) { 595 if (fdalloc(p, 0, &f)) 596 panic("unp_externalize"); 597 fp = *rp; 598 p->p_fd->fd_ofiles[f] = fp; 599 fp->f_msgcount--; 600 unp_rights--; 601 *(int *)rp++ = f; 602 } 603 return (0); 604 } 605 606 int 607 unp_internalize(control, p) 608 struct mbuf *control; 609 struct proc *p; 610 { 611 struct filedesc *fdp = p->p_fd; 612 register struct cmsghdr *cm = mtod(control, struct cmsghdr *); 613 register struct file **rp; 614 register struct file *fp; 615 register int i, fd; 616 int oldfds; 617 618 if (cm->cmsg_type != SCM_RIGHTS || cm->cmsg_level != SOL_SOCKET || 619 cm->cmsg_len != control->m_len) 620 return (EINVAL); 621 oldfds = (cm->cmsg_len - sizeof (*cm)) / sizeof (int); 622 rp = (struct file **)(cm + 1); 623 for (i = 0; i < oldfds; i++) { 624 fd = *(int *)rp++; 625 if ((unsigned)fd >= fdp->fd_nfiles || 626 fdp->fd_ofiles[fd] == NULL) 627 return (EBADF); 628 } 629 rp = (struct file **)(cm + 1); 630 for (i = 0; i < oldfds; i++) { 631 fp = fdp->fd_ofiles[*(int *)rp]; 632 *rp++ = fp; 633 fp->f_count++; 634 fp->f_msgcount++; 635 unp_rights++; 636 } 637 return (0); 638 } 639 640 int unp_defer, unp_gcing; 641 extern struct domain unixdomain; 642 643 void 644 unp_gc() 645 { 646 register struct file *fp, *nextfp; 647 register struct socket *so; 648 struct file **extra_ref, **fpp; 649 int nunref, i; 650 651 if (unp_gcing) 652 return; 653 unp_gcing = 1; 654 unp_defer = 0; 655 for (fp = filehead.lh_first; fp != 0; fp = fp->f_list.le_next) 656 fp->f_flag &= ~(FMARK|FDEFER); 657 do { 658 for (fp = filehead.lh_first; fp != 0; fp = fp->f_list.le_next) { 659 if (fp->f_count == 0) 660 continue; 661 if (fp->f_flag & FDEFER) { 662 fp->f_flag &= ~FDEFER; 663 unp_defer--; 664 } else { 665 if (fp->f_flag & FMARK) 666 continue; 667 if (fp->f_count == fp->f_msgcount) 668 continue; 669 fp->f_flag |= FMARK; 670 } 671 if (fp->f_type != DTYPE_SOCKET || 672 (so = (struct socket *)fp->f_data) == 0) 673 continue; 674 if (so->so_proto->pr_domain != &unixdomain || 675 (so->so_proto->pr_flags&PR_RIGHTS) == 0) 676 continue; 677 #ifdef notdef 678 if (so->so_rcv.sb_flags & SB_LOCK) { 679 /* 680 * This is problematical; it's not clear 681 * we need to wait for the sockbuf to be 682 * unlocked (on a uniprocessor, at least), 683 * and it's also not clear what to do 684 * if sbwait returns an error due to receipt 685 * of a signal. If sbwait does return 686 * an error, we'll go into an infinite 687 * loop. Delete all of this for now. 688 */ 689 (void) sbwait(&so->so_rcv); 690 goto restart; 691 } 692 #endif 693 unp_scan(so->so_rcv.sb_mb, unp_mark); 694 } 695 } while (unp_defer); 696 /* 697 * We grab an extra reference to each of the file table entries 698 * that are not otherwise accessible and then free the rights 699 * that are stored in messages on them. 700 * 701 * The bug in the orginal code is a little tricky, so I'll describe 702 * what's wrong with it here. 703 * 704 * It is incorrect to simply unp_discard each entry for f_msgcount 705 * times -- consider the case of sockets A and B that contain 706 * references to each other. On a last close of some other socket, 707 * we trigger a gc since the number of outstanding rights (unp_rights) 708 * is non-zero. If during the sweep phase the gc code un_discards, 709 * we end up doing a (full) closef on the descriptor. A closef on A 710 * results in the following chain. Closef calls soo_close, which 711 * calls soclose. Soclose calls first (through the switch 712 * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply 713 * returns because the previous instance had set unp_gcing, and 714 * we return all the way back to soclose, which marks the socket 715 * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush 716 * to free up the rights that are queued in messages on the socket A, 717 * i.e., the reference on B. The sorflush calls via the dom_dispose 718 * switch unp_dispose, which unp_scans with unp_discard. This second 719 * instance of unp_discard just calls closef on B. 720 * 721 * Well, a similar chain occurs on B, resulting in a sorflush on B, 722 * which results in another closef on A. Unfortunately, A is already 723 * being closed, and the descriptor has already been marked with 724 * SS_NOFDREF, and soclose panics at this point. 725 * 726 * Here, we first take an extra reference to each inaccessible 727 * descriptor. Then, we call sorflush ourself, since we know 728 * it is a Unix domain socket anyhow. After we destroy all the 729 * rights carried in messages, we do a last closef to get rid 730 * of our extra reference. This is the last close, and the 731 * unp_detach etc will shut down the socket. 732 * 733 * 91/09/19, bsy@cs.cmu.edu 734 */ 735 extra_ref = malloc(nfiles * sizeof(struct file *), M_FILE, M_WAITOK); 736 for (nunref = 0, fp = filehead.lh_first, fpp = extra_ref; fp != 0; 737 fp = nextfp) { 738 nextfp = fp->f_list.le_next; 739 if (fp->f_count == 0) 740 continue; 741 if (fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) { 742 *fpp++ = fp; 743 nunref++; 744 fp->f_count++; 745 } 746 } 747 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) 748 sorflush((struct socket *)(*fpp)->f_data); 749 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) 750 closef(*fpp, (struct proc *)NULL); 751 free((caddr_t)extra_ref, M_FILE); 752 unp_gcing = 0; 753 } 754 755 void 756 unp_dispose(m) 757 struct mbuf *m; 758 { 759 760 if (m) 761 unp_scan(m, unp_discard); 762 } 763 764 void 765 unp_scan(m0, op) 766 register struct mbuf *m0; 767 void (*op) __P((struct file *)); 768 { 769 register struct mbuf *m; 770 register struct file **rp; 771 register struct cmsghdr *cm; 772 register int i; 773 int qfds; 774 775 while (m0) { 776 for (m = m0; m; m = m->m_next) 777 if (m->m_type == MT_CONTROL && 778 m->m_len >= sizeof(*cm)) { 779 cm = mtod(m, struct cmsghdr *); 780 if (cm->cmsg_level != SOL_SOCKET || 781 cm->cmsg_type != SCM_RIGHTS) 782 continue; 783 qfds = (cm->cmsg_len - sizeof *cm) 784 / sizeof (struct file *); 785 rp = (struct file **)(cm + 1); 786 for (i = 0; i < qfds; i++) 787 (*op)(*rp++); 788 break; /* XXX, but saves time */ 789 } 790 m0 = m0->m_act; 791 } 792 } 793 794 void 795 unp_mark(fp) 796 struct file *fp; 797 { 798 799 if (fp->f_flag & FMARK) 800 return; 801 unp_defer++; 802 fp->f_flag |= (FMARK|FDEFER); 803 } 804 805 void 806 unp_discard(fp) 807 struct file *fp; 808 { 809 810 fp->f_msgcount--; 811 unp_rights--; 812 (void) closef(fp, (struct proc *)NULL); 813 } 814