1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1990, 1993
5 *	The Regents of the University of California.  All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 *    may be used to endorse or promote products derived from this software
17 *    without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 *	@(#)filedesc.h	8.1 (Berkeley) 6/2/93
32 * $FreeBSD$
33 */
34
35#ifndef _SYS_FILEDESC_H_
36#define	_SYS_FILEDESC_H_
37
38#include <sys/caprights.h>
39#include <sys/queue.h>
40#include <sys/event.h>
41#include <sys/lock.h>
42#include <sys/mutex.h>
43#include <sys/priority.h>
44#include <sys/seqc.h>
45#include <sys/sx.h>
46#include <sys/_smr.h>
47#include <sys/smr_types.h>
48
49#include <machine/_limits.h>
50
51struct filecaps {
52	cap_rights_t	 fc_rights;	/* per-descriptor capability rights */
53	u_long		*fc_ioctls;	/* per-descriptor allowed ioctls */
54	int16_t		 fc_nioctls;	/* fc_ioctls array size */
55	uint32_t	 fc_fcntls;	/* per-descriptor allowed fcntls */
56};
57
58struct filedescent {
59	struct file	*fde_file;	/* file structure for open file */
60	struct filecaps	 fde_caps;	/* per-descriptor rights */
61	uint8_t		 fde_flags;	/* per-process open file flags */
62	seqc_t		 fde_seqc;	/* keep file and caps in sync */
63};
64#define	fde_rights	fde_caps.fc_rights
65#define	fde_fcntls	fde_caps.fc_fcntls
66#define	fde_ioctls	fde_caps.fc_ioctls
67#define	fde_nioctls	fde_caps.fc_nioctls
68#define	fde_change_size	(offsetof(struct filedescent, fde_seqc))
69
70struct fdescenttbl {
71	int	fdt_nfiles;		/* number of open files allocated */
72	struct	filedescent fdt_ofiles[0];	/* open files */
73};
74#define	fd_seqc(fdt, fd)	(&(fdt)->fdt_ofiles[(fd)].fde_seqc)
75
76/*
77 * This structure is used for the management of descriptors.  It may be
78 * shared by multiple processes.
79 */
80#define NDSLOTTYPE	u_long
81
82/*
83 * This struct is copy-on-write and allocated from an SMR zone.
84 * All fields are constant after initialization apart from the reference count.
85 *
86 * Check pwd_* routines for usage.
87 */
88struct pwd {
89	volatile u_int pwd_refcount;
90	struct	vnode *pwd_cdir;		/* current directory */
91	struct	vnode *pwd_rdir;		/* root directory */
92	struct	vnode *pwd_jdir;		/* jail root directory */
93};
94typedef SMR_POINTER(struct pwd *) smrpwd_t;
95
96struct pwddesc {
97	struct mtx	pd_lock;	/* protects members of this struct */
98	smrpwd_t	pd_pwd;		/* directories */
99	volatile u_int	pd_refcount;
100	u_short		pd_cmask;	/* mask for file creation */
101};
102
103struct filedesc {
104	struct	fdescenttbl *fd_files;	/* open files table */
105	NDSLOTTYPE *fd_map;		/* bitmap of free fds */
106	int	fd_freefile;		/* approx. next free file */
107	int	fd_refcnt;		/* thread reference count */
108	int	fd_holdcnt;		/* hold count on structure + mutex */
109	struct	sx fd_sx;		/* protects members of this struct */
110	struct	kqlist fd_kqlist;	/* list of kqueues on this filedesc */
111	int	fd_holdleaderscount;	/* block fdfree() for shared close() */
112	int	fd_holdleaderswakeup;	/* fdfree() needs wakeup */
113};
114
115/*
116 * Structure to keep track of (process leader, struct fildedesc) tuples.
117 * Each process has a pointer to such a structure when detailed tracking
118 * is needed, e.g., when rfork(RFPROC | RFMEM) causes a file descriptor
119 * table to be shared by processes having different "p_leader" pointers
120 * and thus distinct POSIX style locks.
121 *
122 * fdl_refcount and fdl_holdcount are protected by struct filedesc mtx.
123 */
124struct filedesc_to_leader {
125	int		fdl_refcount;	/* references from struct proc */
126	int		fdl_holdcount;	/* temporary hold during closef */
127	int		fdl_wakeup;	/* fdfree() waits on closef() */
128	struct proc	*fdl_leader;	/* owner of POSIX locks */
129	/* Circular list: */
130	struct filedesc_to_leader *fdl_prev;
131	struct filedesc_to_leader *fdl_next;
132};
133#define	fd_nfiles	fd_files->fdt_nfiles
134#define	fd_ofiles	fd_files->fdt_ofiles
135
136/*
137 * Per-process open flags.
138 */
139#define	UF_EXCLOSE	0x01		/* auto-close on exec */
140
141#ifdef _KERNEL
142
143/* Lock a paths descriptor table. */
144#define	PWDDESC_LOCK(pdp)	(&(pdp)->pd_lock)
145#define	PWDDESC_LOCK_INIT(pdp) \
146    mtx_init(PWDDESC_LOCK(pdp), "pwddesc", NULL, MTX_DEF)
147#define	PWDDESC_LOCK_DESTROY(pdp)	mtx_destroy(PWDDESC_LOCK(pdp))
148#define	PWDDESC_XLOCK(pdp)	mtx_lock(PWDDESC_LOCK(pdp))
149#define	PWDDESC_XUNLOCK(pdp)	mtx_unlock(PWDDESC_LOCK(pdp))
150#define	PWDDESC_LOCK_ASSERT(pdp, what) \
151    mtx_assert(PWDDESC_LOCK(pdp), (what))
152#define	PWDDESC_ASSERT_XLOCKED(pdp) \
153    PWDDESC_LOCK_ASSERT((pdp), MA_OWNED)
154#define	PWDDESC_ASSERT_UNLOCKED(pdp) \
155    PWDDESC_LOCK_ASSERT((pdp), MA_NOTOWNED)
156
157#define	PWDDESC_XLOCKED_LOAD_PWD(pdp)	({					\
158	struct pwddesc *_pdp = (pdp);						\
159	struct pwd *_pwd;							\
160	_pwd = smr_serialized_load(&(_pdp)->pd_pwd,				\
161	    (PWDDESC_ASSERT_XLOCKED(_pdp), true));				\
162	_pwd;									\
163})
164
165/* Lock a file descriptor table. */
166#define	FILEDESC_LOCK_INIT(fdp)	sx_init(&(fdp)->fd_sx, "filedesc structure")
167#define	FILEDESC_LOCK_DESTROY(fdp)	sx_destroy(&(fdp)->fd_sx)
168#define	FILEDESC_LOCK(fdp)	(&(fdp)->fd_sx)
169#define	FILEDESC_XLOCK(fdp)	sx_xlock(&(fdp)->fd_sx)
170#define	FILEDESC_XUNLOCK(fdp)	sx_xunlock(&(fdp)->fd_sx)
171#define	FILEDESC_SLOCK(fdp)	sx_slock(&(fdp)->fd_sx)
172#define	FILEDESC_SUNLOCK(fdp)	sx_sunlock(&(fdp)->fd_sx)
173
174#define	FILEDESC_LOCK_ASSERT(fdp)	sx_assert(&(fdp)->fd_sx, SX_LOCKED | \
175					    SX_NOTRECURSED)
176#define	FILEDESC_XLOCK_ASSERT(fdp)	sx_assert(&(fdp)->fd_sx, SX_XLOCKED | \
177					    SX_NOTRECURSED)
178#define	FILEDESC_UNLOCK_ASSERT(fdp)	sx_assert(&(fdp)->fd_sx, SX_UNLOCKED)
179
180#define	FILEDESC_IS_ONLY_USER(fdp)	({					\
181	struct filedesc *_fdp = (fdp);						\
182	MPASS(curproc->p_fd == _fdp);						\
183	(curproc->p_numthreads == 1 && refcount_load(&_fdp->fd_refcnt) == 1);	\
184})
185#else
186
187/*
188 * Accessor for libkvm et al.
189 */
190#define	PWDDESC_KVM_LOAD_PWD(pdp)	({					\
191	struct pwddesc *_pdp = (pdp);						\
192	struct pwd *_pwd;							\
193	_pwd = smr_kvm_load(&(_pdp)->pd_pwd);					\
194	_pwd;									\
195})
196
197#endif
198
199#ifdef _KERNEL
200
201/* Operation types for kern_dup(). */
202enum {
203	FDDUP_NORMAL,		/* dup() behavior. */
204	FDDUP_FCNTL,		/* fcntl()-style errors. */
205	FDDUP_FIXED,		/* Force fixed allocation. */
206	FDDUP_MUSTREPLACE,	/* Target must exist. */
207	FDDUP_LASTMODE,
208};
209
210/* Flags for kern_dup(). */
211#define	FDDUP_FLAG_CLOEXEC	0x1	/* Atomically set UF_EXCLOSE. */
212
213/* For backward compatibility. */
214#define	falloc(td, resultfp, resultfd, flags) \
215	falloc_caps(td, resultfp, resultfd, flags, NULL)
216
217struct thread;
218
219static __inline void
220filecaps_init(struct filecaps *fcaps)
221{
222
223        bzero(fcaps, sizeof(*fcaps));
224        fcaps->fc_nioctls = -1;
225}
226bool	filecaps_copy(const struct filecaps *src, struct filecaps *dst,
227	    bool locked);
228void	filecaps_move(struct filecaps *src, struct filecaps *dst);
229void	filecaps_free(struct filecaps *fcaps);
230
231int	closef(struct file *fp, struct thread *td);
232void	closef_nothread(struct file *fp);
233int	dupfdopen(struct thread *td, struct filedesc *fdp, int dfd, int mode,
234	    int openerror, int *indxp);
235int	falloc_caps(struct thread *td, struct file **resultfp, int *resultfd,
236	    int flags, struct filecaps *fcaps);
237void	falloc_abort(struct thread *td, struct file *fp);
238int	_falloc_noinstall(struct thread *td, struct file **resultfp, u_int n);
239#define	falloc_noinstall(td, resultfp) _falloc_noinstall(td, resultfp, 1)
240void	_finstall(struct filedesc *fdp, struct file *fp, int fd, int flags,
241	    struct filecaps *fcaps);
242int	finstall(struct thread *td, struct file *fp, int *resultfd, int flags,
243	    struct filecaps *fcaps);
244int	finstall_refed(struct thread *td, struct file *fp, int *resultfd, int flags,
245	    struct filecaps *fcaps);
246int	fdalloc(struct thread *td, int minfd, int *result);
247int	fdallocn(struct thread *td, int minfd, int *fds, int n);
248int	fdcheckstd(struct thread *td);
249void	fdclose(struct thread *td, struct file *fp, int idx);
250void	fdcloseexec(struct thread *td);
251void	fdsetugidsafety(struct thread *td);
252struct	filedesc *fdcopy(struct filedesc *fdp);
253int	fdcopy_remapped(struct filedesc *fdp, const int *fds, size_t nfds,
254	    struct filedesc **newfdp);
255void	fdinstall_remapped(struct thread *td, struct filedesc *fdp);
256void	fdunshare(struct thread *td);
257void	fdescfree(struct thread *td);
258void	fdescfree_remapped(struct filedesc *fdp);
259int	fdlastfile(struct filedesc *fdp);
260int	fdlastfile_single(struct filedesc *fdp);
261struct	filedesc *fdinit(struct filedesc *fdp, bool prepfiles, int *lastfile);
262struct	filedesc *fdshare(struct filedesc *fdp);
263struct filedesc_to_leader *
264	filedesc_to_leader_alloc(struct filedesc_to_leader *old,
265	    struct filedesc *fdp, struct proc *leader);
266int	getvnode(struct thread *td, int fd, cap_rights_t *rightsp,
267	    struct file **fpp);
268int	getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
269	    struct file **fpp);
270void	mountcheckdirs(struct vnode *olddp, struct vnode *newdp);
271
272int	fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
273	    struct file **fpp, struct filecaps *havecapsp);
274int	fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
275	    struct file **fpp, struct filecaps *havecapsp);
276
277/* Return a referenced file from an unlocked descriptor. */
278int	fget_unlocked_seq(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
279	    struct file **fpp, seqc_t *seqp);
280int	fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
281	    struct file **fpp);
282/* Return a file pointer without a ref. FILEDESC_IS_ONLY_USER must be true.  */
283int	fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
284	    struct file **fpp);
285#define	fput_only_user(fdp, fp)	({					\
286	MPASS(FILEDESC_IS_ONLY_USER(fdp));				\
287	MPASS(refcount_load(&fp->f_count) > 0);				\
288})
289
290/* Requires a FILEDESC_{S,X}LOCK held and returns without a ref. */
291static __inline struct file *
292fget_locked(struct filedesc *fdp, int fd)
293{
294
295	FILEDESC_LOCK_ASSERT(fdp);
296
297	if (__predict_false((u_int)fd >= fdp->fd_nfiles))
298		return (NULL);
299
300	return (fdp->fd_ofiles[fd].fde_file);
301}
302
303static __inline struct filedescent *
304fdeget_locked(struct filedesc *fdp, int fd)
305{
306	struct filedescent *fde;
307
308	FILEDESC_LOCK_ASSERT(fdp);
309
310	if (__predict_false((u_int)fd >= fdp->fd_nfiles))
311		return (NULL);
312
313	fde = &fdp->fd_ofiles[fd];
314	if (__predict_false(fde->fde_file == NULL))
315		return (NULL);
316
317	return (fde);
318}
319
320#ifdef CAPABILITIES
321static __inline bool
322fd_modified(struct filedesc *fdp, int fd, seqc_t seqc)
323{
324
325	return (!seqc_consistent(fd_seqc(fdp->fd_files, fd), seqc));
326}
327#endif
328
329/* cdir/rdir/jdir manipulation functions. */
330struct pwddesc *pdcopy(struct pwddesc *pdp);
331void	pdescfree(struct thread *td);
332struct pwddesc *pdinit(struct pwddesc *pdp, bool keeplock);
333struct pwddesc *pdshare(struct pwddesc *pdp);
334void	pdunshare(struct thread *td);
335
336void	pwd_chdir(struct thread *td, struct vnode *vp);
337int	pwd_chroot(struct thread *td, struct vnode *vp);
338int	pwd_chroot_chdir(struct thread *td, struct vnode *vp);
339void	pwd_ensure_dirs(void);
340void	pwd_set_rootvnode(void);
341
342struct pwd *pwd_hold_pwddesc(struct pwddesc *pdp);
343bool	pwd_hold_smr(struct pwd *pwd);
344struct pwd *pwd_hold(struct thread *td);
345void	pwd_drop(struct pwd *pwd);
346static inline void
347pwd_set(struct pwddesc *pdp, struct pwd *newpwd)
348{
349	smr_serialized_store(&pdp->pd_pwd, newpwd,
350	    (PWDDESC_ASSERT_XLOCKED(pdp), true));
351}
352#define	pwd_get_smr()	vfs_smr_entered_load(&curproc->p_pd->pd_pwd)
353
354#endif /* _KERNEL */
355
356#endif /* !_SYS_FILEDESC_H_ */
357