1 /* 2 * Copyright (c) 1982, 1986, 1989, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * %sccs.include.redist.c% 6 * 7 * @(#)uipc_usrreq.c 8.6 (Berkeley) 01/09/95 8 */ 9 10 #include <sys/param.h> 11 #include <sys/systm.h> 12 #include <sys/proc.h> 13 #include <sys/filedesc.h> 14 #include <sys/domain.h> 15 #include <sys/protosw.h> 16 #include <sys/socket.h> 17 #include <sys/socketvar.h> 18 #include <sys/unpcb.h> 19 #include <sys/un.h> 20 #include <sys/namei.h> 21 #include <sys/vnode.h> 22 #include <sys/file.h> 23 #include <sys/stat.h> 24 #include <sys/mbuf.h> 25 26 /* 27 * Unix communications domain. 28 * 29 * TODO: 30 * SEQPACKET, RDM 31 * rethink name space problems 32 * need a proper out-of-band 33 */ 34 struct sockaddr sun_noname = { sizeof(sun_noname), AF_UNIX }; 35 ino_t unp_ino; /* prototype for fake inode numbers */ 36 37 /*ARGSUSED*/ 38 uipc_usrreq(so, req, m, nam, control) 39 struct socket *so; 40 int req; 41 struct mbuf *m, *nam, *control; 42 { 43 struct unpcb *unp = sotounpcb(so); 44 register struct socket *so2; 45 register int error = 0; 46 struct proc *p = curproc; /* XXX */ 47 48 if (req == PRU_CONTROL) 49 return (EOPNOTSUPP); 50 if (req != PRU_SEND && control && control->m_len) { 51 error = EOPNOTSUPP; 52 goto release; 53 } 54 if (unp == 0 && req != PRU_ATTACH) { 55 error = EINVAL; 56 goto release; 57 } 58 switch (req) { 59 60 case PRU_ATTACH: 61 if (unp) { 62 error = EISCONN; 63 break; 64 } 65 error = unp_attach(so); 66 break; 67 68 case PRU_DETACH: 69 unp_detach(unp); 70 break; 71 72 case PRU_BIND: 73 error = unp_bind(unp, nam, p); 74 break; 75 76 case PRU_LISTEN: 77 if (unp->unp_vnode == 0) 78 error = EINVAL; 79 break; 80 81 case PRU_CONNECT: 82 error = unp_connect(so, nam, p); 83 break; 84 85 case PRU_CONNECT2: 86 error = unp_connect2(so, (struct socket *)nam); 87 break; 88 89 case PRU_DISCONNECT: 90 unp_disconnect(unp); 91 break; 92 93 case PRU_ACCEPT: 94 /* 95 * Pass back name of connected socket, 96 * if it was bound and we are still connected 97 * (our peer may have closed already!). 98 */ 99 if (unp->unp_conn && unp->unp_conn->unp_addr) { 100 nam->m_len = unp->unp_conn->unp_addr->m_len; 101 bcopy(mtod(unp->unp_conn->unp_addr, caddr_t), 102 mtod(nam, caddr_t), (unsigned)nam->m_len); 103 } else { 104 nam->m_len = sizeof(sun_noname); 105 *(mtod(nam, struct sockaddr *)) = sun_noname; 106 } 107 break; 108 109 case PRU_SHUTDOWN: 110 socantsendmore(so); 111 unp_shutdown(unp); 112 break; 113 114 case PRU_RCVD: 115 switch (so->so_type) { 116 117 case SOCK_DGRAM: 118 panic("uipc 1"); 119 /*NOTREACHED*/ 120 121 case SOCK_STREAM: 122 #define rcv (&so->so_rcv) 123 #define snd (&so2->so_snd) 124 if (unp->unp_conn == 0) 125 break; 126 so2 = unp->unp_conn->unp_socket; 127 /* 128 * Adjust backpressure on sender 129 * and wakeup any waiting to write. 130 */ 131 snd->sb_mbmax += unp->unp_mbcnt - rcv->sb_mbcnt; 132 unp->unp_mbcnt = rcv->sb_mbcnt; 133 snd->sb_hiwat += unp->unp_cc - rcv->sb_cc; 134 unp->unp_cc = rcv->sb_cc; 135 sowwakeup(so2); 136 #undef snd 137 #undef rcv 138 break; 139 140 default: 141 panic("uipc 2"); 142 } 143 break; 144 145 case PRU_SEND: 146 if (control && (error = unp_internalize(control, p))) 147 break; 148 switch (so->so_type) { 149 150 case SOCK_DGRAM: { 151 struct sockaddr *from; 152 153 if (nam) { 154 if (unp->unp_conn) { 155 error = EISCONN; 156 break; 157 } 158 error = unp_connect(so, nam, p); 159 if (error) 160 break; 161 } else { 162 if (unp->unp_conn == 0) { 163 error = ENOTCONN; 164 break; 165 } 166 } 167 so2 = unp->unp_conn->unp_socket; 168 if (unp->unp_addr) 169 from = mtod(unp->unp_addr, struct sockaddr *); 170 else 171 from = &sun_noname; 172 if (sbappendaddr(&so2->so_rcv, from, m, control)) { 173 sorwakeup(so2); 174 m = 0; 175 control = 0; 176 } else 177 error = ENOBUFS; 178 if (nam) 179 unp_disconnect(unp); 180 break; 181 } 182 183 case SOCK_STREAM: 184 #define rcv (&so2->so_rcv) 185 #define snd (&so->so_snd) 186 if (so->so_state & SS_CANTSENDMORE) { 187 error = EPIPE; 188 break; 189 } 190 if (unp->unp_conn == 0) 191 panic("uipc 3"); 192 so2 = unp->unp_conn->unp_socket; 193 /* 194 * Send to paired receive port, and then reduce 195 * send buffer hiwater marks to maintain backpressure. 196 * Wake up readers. 197 */ 198 if (control) { 199 if (sbappendcontrol(rcv, m, control)) 200 control = 0; 201 } else 202 sbappend(rcv, m); 203 snd->sb_mbmax -= 204 rcv->sb_mbcnt - unp->unp_conn->unp_mbcnt; 205 unp->unp_conn->unp_mbcnt = rcv->sb_mbcnt; 206 snd->sb_hiwat -= rcv->sb_cc - unp->unp_conn->unp_cc; 207 unp->unp_conn->unp_cc = rcv->sb_cc; 208 sorwakeup(so2); 209 m = 0; 210 #undef snd 211 #undef rcv 212 break; 213 214 default: 215 panic("uipc 4"); 216 } 217 break; 218 219 case PRU_ABORT: 220 unp_drop(unp, ECONNABORTED); 221 break; 222 223 case PRU_SENSE: 224 ((struct stat *) m)->st_blksize = so->so_snd.sb_hiwat; 225 if (so->so_type == SOCK_STREAM && unp->unp_conn != 0) { 226 so2 = unp->unp_conn->unp_socket; 227 ((struct stat *) m)->st_blksize += so2->so_rcv.sb_cc; 228 } 229 ((struct stat *) m)->st_dev = NODEV; 230 if (unp->unp_ino == 0) 231 unp->unp_ino = unp_ino++; 232 ((struct stat *) m)->st_ino = unp->unp_ino; 233 return (0); 234 235 case PRU_RCVOOB: 236 return (EOPNOTSUPP); 237 238 case PRU_SENDOOB: 239 error = EOPNOTSUPP; 240 break; 241 242 case PRU_SOCKADDR: 243 if (unp->unp_addr) { 244 nam->m_len = unp->unp_addr->m_len; 245 bcopy(mtod(unp->unp_addr, caddr_t), 246 mtod(nam, caddr_t), (unsigned)nam->m_len); 247 } else 248 nam->m_len = 0; 249 break; 250 251 case PRU_PEERADDR: 252 if (unp->unp_conn && unp->unp_conn->unp_addr) { 253 nam->m_len = unp->unp_conn->unp_addr->m_len; 254 bcopy(mtod(unp->unp_conn->unp_addr, caddr_t), 255 mtod(nam, caddr_t), (unsigned)nam->m_len); 256 } else 257 nam->m_len = 0; 258 break; 259 260 case PRU_SLOWTIMO: 261 break; 262 263 default: 264 panic("piusrreq"); 265 } 266 release: 267 if (control) 268 m_freem(control); 269 if (m) 270 m_freem(m); 271 return (error); 272 } 273 274 /* 275 * Both send and receive buffers are allocated PIPSIZ bytes of buffering 276 * for stream sockets, although the total for sender and receiver is 277 * actually only PIPSIZ. 278 * Datagram sockets really use the sendspace as the maximum datagram size, 279 * and don't really want to reserve the sendspace. Their recvspace should 280 * be large enough for at least one max-size datagram plus address. 281 */ 282 #define PIPSIZ 4096 283 u_long unpst_sendspace = PIPSIZ; 284 u_long unpst_recvspace = PIPSIZ; 285 u_long unpdg_sendspace = 2*1024; /* really max datagram size */ 286 u_long unpdg_recvspace = 4*1024; 287 288 int unp_rights; /* file descriptors in flight */ 289 290 unp_attach(so) 291 struct socket *so; 292 { 293 register struct mbuf *m; 294 register struct unpcb *unp; 295 int error; 296 297 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { 298 switch (so->so_type) { 299 300 case SOCK_STREAM: 301 error = soreserve(so, unpst_sendspace, unpst_recvspace); 302 break; 303 304 case SOCK_DGRAM: 305 error = soreserve(so, unpdg_sendspace, unpdg_recvspace); 306 break; 307 308 default: 309 panic("unp_attach"); 310 } 311 if (error) 312 return (error); 313 } 314 m = m_getclr(M_DONTWAIT, MT_PCB); 315 if (m == NULL) 316 return (ENOBUFS); 317 unp = mtod(m, struct unpcb *); 318 so->so_pcb = (caddr_t)unp; 319 unp->unp_socket = so; 320 return (0); 321 } 322 323 unp_detach(unp) 324 register struct unpcb *unp; 325 { 326 327 if (unp->unp_vnode) { 328 unp->unp_vnode->v_socket = 0; 329 vrele(unp->unp_vnode); 330 unp->unp_vnode = 0; 331 } 332 if (unp->unp_conn) 333 unp_disconnect(unp); 334 while (unp->unp_refs) 335 unp_drop(unp->unp_refs, ECONNRESET); 336 soisdisconnected(unp->unp_socket); 337 unp->unp_socket->so_pcb = 0; 338 m_freem(unp->unp_addr); 339 (void) m_free(dtom(unp)); 340 if (unp_rights) { 341 /* 342 * Normally the receive buffer is flushed later, 343 * in sofree, but if our receive buffer holds references 344 * to descriptors that are now garbage, we will dispose 345 * of those descriptor references after the garbage collector 346 * gets them (resulting in a "panic: closef: count < 0"). 347 */ 348 sorflush(unp->unp_socket); 349 unp_gc(); 350 } 351 } 352 353 unp_bind(unp, nam, p) 354 struct unpcb *unp; 355 struct mbuf *nam; 356 struct proc *p; 357 { 358 struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *); 359 register struct vnode *vp; 360 struct vattr vattr; 361 int error; 362 struct nameidata nd; 363 364 NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT, UIO_SYSSPACE, 365 soun->sun_path, p); 366 if (unp->unp_vnode != NULL) 367 return (EINVAL); 368 if (nam->m_len == MLEN) { 369 if (*(mtod(nam, caddr_t) + nam->m_len - 1) != 0) 370 return (EINVAL); 371 } else 372 *(mtod(nam, caddr_t) + nam->m_len) = 0; 373 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */ 374 if (error = namei(&nd)) 375 return (error); 376 vp = nd.ni_vp; 377 if (vp != NULL) { 378 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd); 379 if (nd.ni_dvp == vp) 380 vrele(nd.ni_dvp); 381 else 382 vput(nd.ni_dvp); 383 vrele(vp); 384 return (EADDRINUSE); 385 } 386 VATTR_NULL(&vattr); 387 vattr.va_type = VSOCK; 388 vattr.va_mode = ACCESSPERMS; 389 VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE); 390 if (error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr)) 391 return (error); 392 vp = nd.ni_vp; 393 vp->v_socket = unp->unp_socket; 394 unp->unp_vnode = vp; 395 unp->unp_addr = m_copy(nam, 0, (int)M_COPYALL); 396 VOP_UNLOCK(vp); 397 return (0); 398 } 399 400 unp_connect(so, nam, p) 401 struct socket *so; 402 struct mbuf *nam; 403 struct proc *p; 404 { 405 register struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *); 406 register struct vnode *vp; 407 register struct socket *so2, *so3; 408 struct unpcb *unp2, *unp3; 409 int error; 410 struct nameidata nd; 411 412 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, soun->sun_path, p); 413 if (nam->m_data + nam->m_len == &nam->m_dat[MLEN]) { /* XXX */ 414 if (*(mtod(nam, caddr_t) + nam->m_len - 1) != 0) 415 return (EMSGSIZE); 416 } else 417 *(mtod(nam, caddr_t) + nam->m_len) = 0; 418 if (error = namei(&nd)) 419 return (error); 420 vp = nd.ni_vp; 421 if (vp->v_type != VSOCK) { 422 error = ENOTSOCK; 423 goto bad; 424 } 425 if (error = VOP_ACCESS(vp, VWRITE, p->p_ucred, p)) 426 goto bad; 427 so2 = vp->v_socket; 428 if (so2 == 0) { 429 error = ECONNREFUSED; 430 goto bad; 431 } 432 if (so->so_type != so2->so_type) { 433 error = EPROTOTYPE; 434 goto bad; 435 } 436 if (so->so_proto->pr_flags & PR_CONNREQUIRED) { 437 if ((so2->so_options & SO_ACCEPTCONN) == 0 || 438 (so3 = sonewconn(so2, 0)) == 0) { 439 error = ECONNREFUSED; 440 goto bad; 441 } 442 unp2 = sotounpcb(so2); 443 unp3 = sotounpcb(so3); 444 if (unp2->unp_addr) 445 unp3->unp_addr = 446 m_copy(unp2->unp_addr, 0, (int)M_COPYALL); 447 so2 = so3; 448 } 449 error = unp_connect2(so, so2); 450 bad: 451 vput(vp); 452 return (error); 453 } 454 455 unp_connect2(so, so2) 456 register struct socket *so; 457 register struct socket *so2; 458 { 459 register struct unpcb *unp = sotounpcb(so); 460 register struct unpcb *unp2; 461 462 if (so2->so_type != so->so_type) 463 return (EPROTOTYPE); 464 unp2 = sotounpcb(so2); 465 unp->unp_conn = unp2; 466 switch (so->so_type) { 467 468 case SOCK_DGRAM: 469 unp->unp_nextref = unp2->unp_refs; 470 unp2->unp_refs = unp; 471 soisconnected(so); 472 break; 473 474 case SOCK_STREAM: 475 unp2->unp_conn = unp; 476 soisconnected(so); 477 soisconnected(so2); 478 break; 479 480 default: 481 panic("unp_connect2"); 482 } 483 return (0); 484 } 485 486 void 487 unp_disconnect(unp) 488 struct unpcb *unp; 489 { 490 register struct unpcb *unp2 = unp->unp_conn; 491 492 if (unp2 == 0) 493 return; 494 unp->unp_conn = 0; 495 switch (unp->unp_socket->so_type) { 496 497 case SOCK_DGRAM: 498 if (unp2->unp_refs == unp) 499 unp2->unp_refs = unp->unp_nextref; 500 else { 501 unp2 = unp2->unp_refs; 502 for (;;) { 503 if (unp2 == 0) 504 panic("unp_disconnect"); 505 if (unp2->unp_nextref == unp) 506 break; 507 unp2 = unp2->unp_nextref; 508 } 509 unp2->unp_nextref = unp->unp_nextref; 510 } 511 unp->unp_nextref = 0; 512 unp->unp_socket->so_state &= ~SS_ISCONNECTED; 513 break; 514 515 case SOCK_STREAM: 516 soisdisconnected(unp->unp_socket); 517 unp2->unp_conn = 0; 518 soisdisconnected(unp2->unp_socket); 519 break; 520 } 521 } 522 523 #ifdef notdef 524 unp_abort(unp) 525 struct unpcb *unp; 526 { 527 528 unp_detach(unp); 529 } 530 #endif 531 532 void 533 unp_shutdown(unp) 534 struct unpcb *unp; 535 { 536 struct socket *so; 537 538 if (unp->unp_socket->so_type == SOCK_STREAM && unp->unp_conn && 539 (so = unp->unp_conn->unp_socket)) 540 socantrcvmore(so); 541 } 542 543 void 544 unp_drop(unp, errno) 545 struct unpcb *unp; 546 int errno; 547 { 548 struct socket *so = unp->unp_socket; 549 550 so->so_error = errno; 551 unp_disconnect(unp); 552 if (so->so_head) { 553 so->so_pcb = (caddr_t) 0; 554 m_freem(unp->unp_addr); 555 (void) m_free(dtom(unp)); 556 sofree(so); 557 } 558 } 559 560 #ifdef notdef 561 unp_drain() 562 { 563 564 } 565 #endif 566 567 unp_externalize(rights) 568 struct mbuf *rights; 569 { 570 struct proc *p = curproc; /* XXX */ 571 register int i; 572 register struct cmsghdr *cm = mtod(rights, struct cmsghdr *); 573 register struct file **rp = (struct file **)(cm + 1); 574 register struct file *fp; 575 int newfds = (cm->cmsg_len - sizeof(*cm)) / sizeof (int); 576 int f; 577 578 if (!fdavail(p, newfds)) { 579 for (i = 0; i < newfds; i++) { 580 fp = *rp; 581 unp_discard(fp); 582 *rp++ = 0; 583 } 584 return (EMSGSIZE); 585 } 586 for (i = 0; i < newfds; i++) { 587 if (fdalloc(p, 0, &f)) 588 panic("unp_externalize"); 589 fp = *rp; 590 p->p_fd->fd_ofiles[f] = fp; 591 fp->f_msgcount--; 592 unp_rights--; 593 *(int *)rp++ = f; 594 } 595 return (0); 596 } 597 598 unp_internalize(control, p) 599 struct mbuf *control; 600 struct proc *p; 601 { 602 struct filedesc *fdp = p->p_fd; 603 register struct cmsghdr *cm = mtod(control, struct cmsghdr *); 604 register struct file **rp; 605 register struct file *fp; 606 register int i, fd; 607 int oldfds; 608 609 if (cm->cmsg_type != SCM_RIGHTS || cm->cmsg_level != SOL_SOCKET || 610 cm->cmsg_len != control->m_len) 611 return (EINVAL); 612 oldfds = (cm->cmsg_len - sizeof (*cm)) / sizeof (int); 613 rp = (struct file **)(cm + 1); 614 for (i = 0; i < oldfds; i++) { 615 fd = *(int *)rp++; 616 if ((unsigned)fd >= fdp->fd_nfiles || 617 fdp->fd_ofiles[fd] == NULL) 618 return (EBADF); 619 } 620 rp = (struct file **)(cm + 1); 621 for (i = 0; i < oldfds; i++) { 622 fp = fdp->fd_ofiles[*(int *)rp]; 623 *rp++ = fp; 624 fp->f_count++; 625 fp->f_msgcount++; 626 unp_rights++; 627 } 628 return (0); 629 } 630 631 int unp_defer, unp_gcing; 632 extern struct domain unixdomain; 633 634 void 635 unp_gc() 636 { 637 register struct file *fp, *nextfp; 638 register struct socket *so; 639 struct file **extra_ref, **fpp; 640 int nunref, i; 641 642 if (unp_gcing) 643 return; 644 unp_gcing = 1; 645 unp_defer = 0; 646 for (fp = filehead.lh_first; fp != 0; fp = fp->f_list.le_next) 647 fp->f_flag &= ~(FMARK|FDEFER); 648 do { 649 for (fp = filehead.lh_first; fp != 0; fp = fp->f_list.le_next) { 650 if (fp->f_count == 0) 651 continue; 652 if (fp->f_flag & FDEFER) { 653 fp->f_flag &= ~FDEFER; 654 unp_defer--; 655 } else { 656 if (fp->f_flag & FMARK) 657 continue; 658 if (fp->f_count == fp->f_msgcount) 659 continue; 660 fp->f_flag |= FMARK; 661 } 662 if (fp->f_type != DTYPE_SOCKET || 663 (so = (struct socket *)fp->f_data) == 0) 664 continue; 665 if (so->so_proto->pr_domain != &unixdomain || 666 (so->so_proto->pr_flags&PR_RIGHTS) == 0) 667 continue; 668 #ifdef notdef 669 if (so->so_rcv.sb_flags & SB_LOCK) { 670 /* 671 * This is problematical; it's not clear 672 * we need to wait for the sockbuf to be 673 * unlocked (on a uniprocessor, at least), 674 * and it's also not clear what to do 675 * if sbwait returns an error due to receipt 676 * of a signal. If sbwait does return 677 * an error, we'll go into an infinite 678 * loop. Delete all of this for now. 679 */ 680 (void) sbwait(&so->so_rcv); 681 goto restart; 682 } 683 #endif 684 unp_scan(so->so_rcv.sb_mb, unp_mark); 685 } 686 } while (unp_defer); 687 /* 688 * We grab an extra reference to each of the file table entries 689 * that are not otherwise accessible and then free the rights 690 * that are stored in messages on them. 691 * 692 * The bug in the orginal code is a little tricky, so I'll describe 693 * what's wrong with it here. 694 * 695 * It is incorrect to simply unp_discard each entry for f_msgcount 696 * times -- consider the case of sockets A and B that contain 697 * references to each other. On a last close of some other socket, 698 * we trigger a gc since the number of outstanding rights (unp_rights) 699 * is non-zero. If during the sweep phase the gc code un_discards, 700 * we end up doing a (full) closef on the descriptor. A closef on A 701 * results in the following chain. Closef calls soo_close, which 702 * calls soclose. Soclose calls first (through the switch 703 * uipc_usrreq) unp_detach, which re-invokes unp_gc. Unp_gc simply 704 * returns because the previous instance had set unp_gcing, and 705 * we return all the way back to soclose, which marks the socket 706 * with SS_NOFDREF, and then calls sofree. Sofree calls sorflush 707 * to free up the rights that are queued in messages on the socket A, 708 * i.e., the reference on B. The sorflush calls via the dom_dispose 709 * switch unp_dispose, which unp_scans with unp_discard. This second 710 * instance of unp_discard just calls closef on B. 711 * 712 * Well, a similar chain occurs on B, resulting in a sorflush on B, 713 * which results in another closef on A. Unfortunately, A is already 714 * being closed, and the descriptor has already been marked with 715 * SS_NOFDREF, and soclose panics at this point. 716 * 717 * Here, we first take an extra reference to each inaccessible 718 * descriptor. Then, we call sorflush ourself, since we know 719 * it is a Unix domain socket anyhow. After we destroy all the 720 * rights carried in messages, we do a last closef to get rid 721 * of our extra reference. This is the last close, and the 722 * unp_detach etc will shut down the socket. 723 * 724 * 91/09/19, bsy@cs.cmu.edu 725 */ 726 extra_ref = malloc(nfiles * sizeof(struct file *), M_FILE, M_WAITOK); 727 for (nunref = 0, fp = filehead.lh_first, fpp = extra_ref; fp != 0; 728 fp = nextfp) { 729 nextfp = fp->f_list.le_next; 730 if (fp->f_count == 0) 731 continue; 732 if (fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) { 733 *fpp++ = fp; 734 nunref++; 735 fp->f_count++; 736 } 737 } 738 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) 739 sorflush((struct socket *)(*fpp)->f_data); 740 for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) 741 closef(*fpp); 742 free((caddr_t)extra_ref, M_FILE); 743 unp_gcing = 0; 744 } 745 746 void 747 unp_dispose(m) 748 struct mbuf *m; 749 { 750 751 if (m) 752 unp_scan(m, unp_discard); 753 } 754 755 void 756 unp_scan(m0, op) 757 register struct mbuf *m0; 758 void (*op)(); 759 { 760 register struct mbuf *m; 761 register struct file **rp; 762 register struct cmsghdr *cm; 763 register int i; 764 int qfds; 765 766 while (m0) { 767 for (m = m0; m; m = m->m_next) 768 if (m->m_type == MT_CONTROL && 769 m->m_len >= sizeof(*cm)) { 770 cm = mtod(m, struct cmsghdr *); 771 if (cm->cmsg_level != SOL_SOCKET || 772 cm->cmsg_type != SCM_RIGHTS) 773 continue; 774 qfds = (cm->cmsg_len - sizeof *cm) 775 / sizeof (struct file *); 776 rp = (struct file **)(cm + 1); 777 for (i = 0; i < qfds; i++) 778 (*op)(*rp++); 779 break; /* XXX, but saves time */ 780 } 781 m0 = m0->m_act; 782 } 783 } 784 785 void 786 unp_mark(fp) 787 struct file *fp; 788 { 789 790 if (fp->f_flag & FMARK) 791 return; 792 unp_defer++; 793 fp->f_flag |= (FMARK|FDEFER); 794 } 795 796 void 797 unp_discard(fp) 798 struct file *fp; 799 { 800 801 fp->f_msgcount--; 802 unp_rights--; 803 (void) closef(fp, (struct proc *)NULL); 804 } 805