463 lines
16 KiB
C
463 lines
16 KiB
C
/*
|
|
* Copyright (c) 2000-2012 Apple Computer, Inc. All rights reserved.
|
|
*
|
|
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
|
|
*
|
|
* This file contains Original Code and/or Modifications of Original Code
|
|
* as defined in and that are subject to the Apple Public Source License
|
|
* Version 2.0 (the 'License'). You may not use this file except in
|
|
* compliance with the License. The rights granted to you under the License
|
|
* may not be used to create, or enable the creation or redistribution of,
|
|
* unlawful or unlicensed copies of an Apple operating system, or to
|
|
* circumvent, violate, or enable the circumvention or violation of, any
|
|
* terms of an Apple operating system software license agreement.
|
|
*
|
|
* Please obtain a copy of the License at
|
|
* http://www.opensource.apple.com/apsl/ and read it before using this file.
|
|
*
|
|
* The Original Code and all software distributed under the License are
|
|
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
|
|
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
|
|
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
|
|
* Please see the License for the specific language governing rights and
|
|
* limitations under the License.
|
|
*
|
|
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
|
|
*/
|
|
/* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */
|
|
/*
|
|
* Copyright (c) 1990, 1993
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the University of
|
|
* California, Berkeley and its contributors.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* @(#)filedesc.h 8.1 (Berkeley) 6/2/93
|
|
*/
|
|
|
|
#ifndef _SYS_FILEDESC_H_
|
|
#define _SYS_FILEDESC_H_
|
|
|
|
#include <sys/appleapiopts.h>
|
|
|
|
/*
|
|
* This structure is used for the management of descriptors. It may be
|
|
* shared by multiple processes.
|
|
*
|
|
* A process is initially started out with NDFILE descriptors [XXXstored within
|
|
* this structureXXX], selected to be enough for typical applications based on
|
|
* the historical limit of 20 open files (and the usage of descriptors by
|
|
* shells). If these descriptors are exhausted, a larger descriptor table
|
|
* may be allocated, up to a process' resource limit; [XXXthe internal arrays
|
|
* are then unusedXXX]. The initial expansion is set to NDEXTENT; each time
|
|
* it runs out, it is doubled until the resource limit is reached. NDEXTENT
|
|
* should be selected to be the biggest multiple of OFILESIZE (see below)
|
|
* that will fit in a power-of-two sized piece of memory.
|
|
*/
|
|
#define NDFILE 25 /* 125 bytes */
|
|
#define NDEXTENT 50 /* 250 bytes in 256-byte alloc. */
|
|
|
|
#ifdef XNU_KERNEL_PRIVATE
|
|
|
|
#include <sys/kernel_types.h>
|
|
#include <kern/locks.h>
|
|
|
|
struct klist;
|
|
struct kqwllist;
|
|
struct ucred;
|
|
|
|
__options_decl(filedesc_flags_t, uint8_t, {
|
|
/*
|
|
* process was chrooted... keep track even
|
|
* if we're force unmounted and unable to
|
|
* take a vnode_ref on fd_rdir during a fork
|
|
*/
|
|
FD_CHROOT = 0x01,
|
|
|
|
/*
|
|
* process has created a kqworkloop that
|
|
* requires manual cleanup on exit
|
|
*/
|
|
FD_WORKLOOP = 0x02,
|
|
|
|
#if CONFIG_PROC_RESOURCE_LIMITS
|
|
/* process has exceeded fd_nfiles soft limit */
|
|
FD_ABOVE_SOFT_LIMIT = 0x04,
|
|
/* process has exceeded fd_nfiles hard limit */
|
|
FD_ABOVE_HARD_LIMIT = 0x08,
|
|
KQWL_ABOVE_SOFT_LIMIT = 0x10,
|
|
KQWL_ABOVE_HARD_LIMIT = 0x20,
|
|
#endif /* CONFIG_PROC_RESOURCE_LIMITS */
|
|
});
|
|
|
|
#define FILEDESC_FORK_INHERITED_MASK (FD_CHROOT)
|
|
|
|
struct filedesc {
|
|
lck_mtx_t fd_lock; /* (L) lock to protect fdesc */
|
|
uint8_t fd_fpdrainwait; /* (L) has drain waiters */
|
|
filedesc_flags_t fd_flags; /* (L) filedesc flags */
|
|
u_short fd_cmask; /* (L) mask for file creation */
|
|
int fd_nfiles; /* (L) number of open fdesc slots allocated */
|
|
int fd_afterlast; /* (L) high-water mark of fd_ofiles */
|
|
int fd_freefile; /* (L) approx. next free file */
|
|
#if CONFIG_PROC_RESOURCE_LIMITS
|
|
#define FD_LIMIT_SENTINEL ((int) (-1))
|
|
int fd_nfiles_open;
|
|
int fd_nfiles_soft_limit; /* (L) fd_nfiles soft limit to trigger guard. */
|
|
int fd_nfiles_hard_limit; /* (L) fd_nfiles hard limit to terminate. */
|
|
|
|
#define KQWL_LIMIT_SENTINEL ((int) (-1))
|
|
int num_kqwls; /* Number of kqwls in the fd_kqhash */
|
|
int kqwl_dyn_soft_limit; /* (L) soft limit for dynamic kqueue */
|
|
int kqwl_dyn_hard_limit; /* (L) hard limit for dynamic kqueue */
|
|
#endif /* CONFIG_PROC_RESOURCE_LIMITS */
|
|
|
|
int fd_knlistsize; /* (L) size of knlist */
|
|
int unused_padding;/* Due to alignment */
|
|
struct fileproc **XNU_PTRAUTH_SIGNED_PTR("filedesc.fd_ofiles") fd_ofiles; /* (L) file structures for open files */
|
|
char *fd_ofileflags; /* (L) per-process open file flags */
|
|
|
|
struct klist *fd_knlist; /* (L) list of attached knotes */
|
|
|
|
struct kqworkq *fd_wqkqueue; /* (L) the workq kqueue */
|
|
struct vnode *fd_cdir; /* (L) current directory */
|
|
struct vnode *fd_rdir; /* (L) root directory */
|
|
lck_rw_t fd_dirs_lock; /* keeps fd_cdir and fd_rdir stable across a lookup */
|
|
|
|
lck_mtx_t fd_kqhashlock; /* (Q) lock for dynamic kqueue hash */
|
|
u_long fd_kqhashmask; /* (Q) size of dynamic kqueue hash */
|
|
struct kqwllist *fd_kqhash; /* (Q) hash table for dynamic kqueues */
|
|
|
|
lck_mtx_t fd_knhashlock; /* (N) lock for hash table for attached knotes */
|
|
u_long fd_knhashmask; /* (N) size of knhash */
|
|
struct klist *fd_knhash; /* (N) hash table for attached knotes */
|
|
};
|
|
|
|
#define fdt_flag_test(fdt, flag) (((fdt)->fd_flags & (flag)) != 0)
|
|
#define fdt_flag_set(fdt, flag) ((void)((fdt)->fd_flags |= (flag)))
|
|
#define fdt_flag_clear(fdt, flag) ((void)((fdt)->fd_flags &= ~(flag)))
|
|
|
|
#if CONFIG_PROC_RESOURCE_LIMITS
|
|
#define fd_above_soft_limit_notified(fdp) fdt_flag_test(fdp, FD_ABOVE_SOFT_LIMIT)
|
|
#define fd_above_hard_limit_notified(fdp) fdt_flag_test(fdp, FD_ABOVE_HARD_LIMIT)
|
|
#define fd_above_soft_limit_send_notification(fdp) fdt_flag_set(fdp, FD_ABOVE_SOFT_LIMIT)
|
|
#define fd_above_hard_limit_send_notification(fdp) fdt_flag_set(fdp, FD_ABOVE_HARD_LIMIT)
|
|
|
|
#define kqwl_above_soft_limit_notified(fdp) fdt_flag_test(fdp, KQWL_ABOVE_SOFT_LIMIT)
|
|
#define kqwl_above_hard_limit_notified(fdp) fdt_flag_test(fdp, KQWL_ABOVE_HARD_LIMIT)
|
|
#define kqwl_above_soft_limit_send_notification(fdp) fdt_flag_set(fdp, KQWL_ABOVE_SOFT_LIMIT)
|
|
#define kqwl_above_hard_limit_send_notification(fdp) fdt_flag_set(fdp, KQWL_ABOVE_HARD_LIMIT)
|
|
#endif /* CONFIG_PROC_RESOURCE_LIMITS */
|
|
|
|
/*
|
|
* Per-process open flags.
|
|
*/
|
|
#define UF_RESERVED 0x04 /* open pending / in progress */
|
|
#define UF_CLOSING 0x08 /* close in progress */
|
|
#define UF_RESVWAIT 0x10 /* close in progress */
|
|
#define UF_INHERIT 0x20 /* "inherit-on-exec" */
|
|
|
|
/*
|
|
* Storage required per open file descriptor.
|
|
*/
|
|
#define OFILESIZE (sizeof(struct file *) + sizeof(char))
|
|
|
|
/*!
|
|
* @function fdt_available
|
|
*
|
|
* @brief
|
|
* Returns whether the file descritor table can accomodate
|
|
* for @c n new entries.
|
|
*
|
|
* @discussion
|
|
* The answer is only valid so long as the @c proc_fdlock() is held by the
|
|
* caller.
|
|
*/
|
|
extern bool
|
|
fdt_available_locked(proc_t p, int n);
|
|
|
|
/*!
|
|
* @struct fdt_iterator
|
|
*
|
|
* @brief
|
|
* Type used to iterate a file descriptor table.
|
|
*/
|
|
struct fdt_iterator {
|
|
int fdti_fd;
|
|
struct fileproc *fdti_fp;
|
|
};
|
|
|
|
/*!
|
|
* @function fdt_next
|
|
*
|
|
* @brief
|
|
* Seek the iterator forward.
|
|
*
|
|
* @discussion
|
|
* The @c proc_fdlock() should be held by the caller.
|
|
*
|
|
* @param p
|
|
* The process for which the file descriptor table is being iterated.
|
|
*
|
|
* @param fd
|
|
* The current file file descriptor to scan from (exclusive).
|
|
*
|
|
* @param only_settled
|
|
* When true, only fileprocs with @c UF_RESERVED set are returned.
|
|
* If false, fileprocs that are in flux (@c UF_RESERVED is set) are returned.
|
|
*
|
|
* @returns
|
|
* The next iterator position.
|
|
* If @c fdti_fp is NULL, the iteration is done.
|
|
*/
|
|
extern struct fdt_iterator
|
|
fdt_next(proc_t p, int fd, bool only_settled);
|
|
|
|
/*!
|
|
* @function fdt_next
|
|
*
|
|
* @brief
|
|
* Seek the iterator backwards.
|
|
*
|
|
* @discussion
|
|
* The @c proc_fdlock() should be held by the caller.
|
|
*
|
|
* @param p
|
|
* The process for which the file descriptor table is being iterated.
|
|
*
|
|
* @param fd
|
|
* The current file file descriptor to scan from (exclusive).
|
|
*
|
|
* @param only_settled
|
|
* When true, only fileprocs with @c UF_RESERVED set are returned.
|
|
* If false, fileprocs that are in flux (@c UF_RESERVED is set) are returned.
|
|
*
|
|
* @returns
|
|
* The next iterator position.
|
|
* If @c fdti_fp is NULL, the iteration is done.
|
|
*/
|
|
extern struct fdt_iterator
|
|
fdt_prev(proc_t p, int fd, bool only_settled);
|
|
|
|
/*!
|
|
* @def fdt_foreach
|
|
*
|
|
* @brief
|
|
* Convenience macro around @c fdt_next() to enumerates fileprocs in a process
|
|
* file descriptor table.
|
|
*
|
|
* @discussion
|
|
* The @c proc_fdlock() should be held by the caller.
|
|
*
|
|
* @param fp
|
|
* The iteration variable.
|
|
*
|
|
* @param p
|
|
* The process for which the file descriptor table is being iterated.
|
|
*/
|
|
#define fdt_foreach(fp, p) \
|
|
for (struct fdt_iterator __fdt_it = fdt_next(p, -1, true); \
|
|
((fp) = __fdt_it.fdti_fp); \
|
|
__fdt_it = fdt_next(p, __fdt_it.fdti_fd, true))
|
|
|
|
/*!
|
|
* @def fdt_foreach_fd
|
|
*
|
|
* @brief
|
|
* When in an @c fdt_foreach() loop, return the current file descriptor
|
|
* being inspected.
|
|
*/
|
|
#define fdt_foreach_fd() __fdt_it.fdti_fd
|
|
|
|
/*!
|
|
* @function fdt_init
|
|
*
|
|
* @brief
|
|
* Initializers a proc file descriptor table.
|
|
*
|
|
* @warning
|
|
* The proc that is passed is supposed to have been zeroed out,
|
|
* as this function is used to setup @c kernelproc's file descriptor table
|
|
* and some fields are already initialized when fdt_init() is called.
|
|
*/
|
|
extern void
|
|
fdt_init(proc_t p);
|
|
|
|
/*!
|
|
* @function fdt_destroy
|
|
*
|
|
* @brief
|
|
* Destroys locks from the file descriptor table.
|
|
*
|
|
* @description
|
|
* This function destroys the file descriptor table locks.
|
|
*
|
|
* This cannot be done while the process this table belongs
|
|
* to can be looked up.
|
|
*/
|
|
extern void
|
|
fdt_destroy(proc_t p);
|
|
|
|
/*!
|
|
* @function fdt_fork
|
|
*
|
|
* @brief
|
|
* Clones a file descriptor table for the @c fork() system call.
|
|
*
|
|
* @discussion
|
|
* This function internally takes and drops @c proc_fdlock().
|
|
*
|
|
* Files are copied directly, ignoring the new resource limits for the process
|
|
* that's being copied into. Since the descriptor references are just
|
|
* additional references, this does not count against the number of open files
|
|
* on the system.
|
|
*
|
|
* The struct filedesc includes the current working directory, and the current
|
|
* root directory, if the process is chroot'ed.
|
|
*
|
|
* If the exec was called by a thread using a per thread current working
|
|
* directory, we inherit the working directory from the thread making the call,
|
|
* rather than from the process.
|
|
*
|
|
* In the case of a failure to obtain a reference, for most cases, the file
|
|
* entry will be silently dropped. There's an exception for the case of
|
|
* a chroot dir, since a failure to to obtain a reference there would constitute
|
|
* an "escape" from the chroot environment, which must not be allowed.
|
|
*
|
|
* @param child_fdt
|
|
* The child process file descriptor table.
|
|
*
|
|
* @param parent_p
|
|
* The parent process to clone the file descriptor table from.
|
|
*
|
|
* @param uth_cdir
|
|
* The vnode for the current thread's current working directory if it is
|
|
* different from the parent process one.
|
|
*
|
|
* @param in_exec
|
|
* The duplication of fdt is happening for exec
|
|
*
|
|
* @returns
|
|
* 0 Success
|
|
* EPERM Unable to acquire a reference to the current chroot directory
|
|
* ENOMEM Not enough memory to perform the clone operation
|
|
*/
|
|
extern int
|
|
fdt_fork(struct filedesc *child_fdt, proc_t parent_p, struct vnode *uth_cdir, bool in_exec);
|
|
|
|
/*!
|
|
* @function fdt_exec
|
|
*
|
|
* @brief
|
|
* Perform close-on-exec processing for all files in a process
|
|
* that are either marked as close-on-exec.
|
|
*
|
|
* @description
|
|
* Also handles the case (via posix_spawn()) where -all- files except those
|
|
* marked with "inherit" as treated as close-on-exec.
|
|
*
|
|
* This function internally takes and drops proc_fdlock()
|
|
* But assumes tables don't grow/change while unlocked.
|
|
*
|
|
* @param p
|
|
* The process whose file descriptor table is being filrered.
|
|
*
|
|
* @param posix_spawn_flags
|
|
* A set of @c POSIX_SPAWN_* flags.
|
|
*
|
|
* @param thread
|
|
* new thread
|
|
*
|
|
* @param in_exec
|
|
* If the process is in exec
|
|
*/
|
|
extern void
|
|
fdt_exec(proc_t p, struct ucred *p_cred, short posix_spawn_flags, thread_t thread, bool in_exec);
|
|
|
|
/*!
|
|
* @function fdt_invalidate
|
|
*
|
|
* @brief
|
|
* Invalidates a proc file descriptor table.
|
|
*
|
|
* @discussion
|
|
* Closes all open files in the file descriptor table,
|
|
* empties hash tables, etc...
|
|
*
|
|
* However, the fileproc arrays stay allocated to still allow external lookups.
|
|
* These get cleaned up by @c fdt_destroy().
|
|
*
|
|
* This function internally takes and drops proc_fdlock().
|
|
*/
|
|
extern void
|
|
fdt_invalidate(proc_t p);
|
|
|
|
/*
|
|
* Kernel global variables and routines.
|
|
*/
|
|
extern int dupfdopen(proc_t p, int indx, int dfd, int mode, int error);
|
|
extern int fdalloc(proc_t p, int want, int *result);
|
|
extern void fdrelse(struct proc * p, int fd);
|
|
#define fdfile(p, fd) \
|
|
(&(p)->p_fd.fd_ofiles[(fd)])
|
|
#define fdflags(p, fd) \
|
|
(&(p)->p_fd.fd_ofileflags[(fd)])
|
|
|
|
typedef void (*fp_initfn_t)(struct fileproc *, void *ctx);
|
|
extern int falloc_withinit(
|
|
proc_t p,
|
|
struct ucred *p_cred,
|
|
struct vfs_context *ctx,
|
|
struct fileproc **resultfp,
|
|
int *resultfd,
|
|
fp_initfn_t fp_init,
|
|
void *initarg);
|
|
|
|
#define falloc(p, rfp, rfd) ({ \
|
|
struct proc *__p = (p); \
|
|
falloc_withinit(__p, current_cached_proc_cred(__p), \
|
|
vfs_context_current(), rfp, rfd, NULL, NULL); \
|
|
})
|
|
|
|
#define falloc_exec(p, ctx, rfp, rfd) ({ \
|
|
struct vfs_context *__c = (ctx); \
|
|
falloc_withinit(p, vfs_context_ucred(__c), __c, rfp, rfd, NULL, NULL); \
|
|
})
|
|
|
|
#if CONFIG_PROC_RESOURCE_LIMITS
|
|
/* The proc_fdlock has to be held by caller for duration of the call */
|
|
void fd_check_limit_exceeded(struct filedesc *fdp);
|
|
|
|
/* The kqhash_lock has to be held by caller for duration of the call */
|
|
void kqworkloop_check_limit_exceeded(struct filedesc *fdp);
|
|
#endif /* CONFIG_PROC_RESOURCE_LIMITS */
|
|
|
|
#endif /* XNU_KERNEL_PRIVATE */
|
|
|
|
#endif /* !_SYS_FILEDESC_H_ */
|