| 1 | /* $NetBSD: netbsd32_socket.c,v 1.44 2016/09/13 07:01:07 martin Exp $ */ |
| 2 | |
| 3 | /* |
| 4 | * Copyright (c) 1998, 2001 Matthew R. Green |
| 5 | * All rights reserved. |
| 6 | * |
| 7 | * Redistribution and use in source and binary forms, with or without |
| 8 | * modification, are permitted provided that the following conditions |
| 9 | * are met: |
| 10 | * 1. Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * |
| 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| 21 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
| 23 | * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| 24 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 25 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 26 | * SUCH DAMAGE. |
| 27 | */ |
| 28 | |
| 29 | #include <sys/cdefs.h> |
| 30 | __KERNEL_RCSID(0, "$NetBSD: netbsd32_socket.c,v 1.44 2016/09/13 07:01:07 martin Exp $" ); |
| 31 | |
| 32 | #include <sys/param.h> |
| 33 | #include <sys/systm.h> |
| 34 | #define msg __msg /* Don't ask me! */ |
| 35 | #include <sys/mount.h> |
| 36 | #include <sys/socket.h> |
| 37 | #include <sys/sockio.h> |
| 38 | #include <sys/socketvar.h> |
| 39 | #include <sys/mbuf.h> |
| 40 | #include <sys/ktrace.h> |
| 41 | #include <sys/file.h> |
| 42 | #include <sys/filedesc.h> |
| 43 | #include <sys/syscallargs.h> |
| 44 | #include <sys/proc.h> |
| 45 | #include <sys/dirent.h> |
| 46 | |
| 47 | #include <compat/netbsd32/netbsd32.h> |
| 48 | #include <compat/netbsd32/netbsd32_syscallargs.h> |
| 49 | #include <compat/netbsd32/netbsd32_conv.h> |
| 50 | |
| 51 | /* |
| 52 | * XXX Assumes that struct sockaddr is compatible. |
| 53 | */ |
| 54 | |
| 55 | #define CMSG32_ALIGN(n) (((n) + ALIGNBYTES32) & ~ALIGNBYTES32) |
| 56 | #define CMSG32_DATA(cmsg) \ |
| 57 | ((u_char *)(void *)(cmsg) + CMSG32_ALIGN(sizeof(struct cmsghdr))) |
| 58 | |
| 59 | #define CMSG32_NXTHDR(mhdr, cmsg) \ |
| 60 | (((char *)(cmsg) + CMSG32_ALIGN((cmsg)->cmsg_len) + \ |
| 61 | CMSG32_ALIGN(sizeof(struct cmsghdr)) > \ |
| 62 | (((char *)(mhdr)->msg_control) + (mhdr)->msg_controllen)) ? \ |
| 63 | (struct cmsghdr *)0 : \ |
| 64 | (struct cmsghdr *)((char *)(cmsg) + \ |
| 65 | CMSG32_ALIGN((cmsg)->cmsg_len))) |
| 66 | #define CMSG32_FIRSTHDR(mhdr) \ |
| 67 | ((mhdr)->msg_controllen >= sizeof(struct cmsghdr) ? \ |
| 68 | (struct cmsghdr *)(mhdr)->msg_control : \ |
| 69 | (struct cmsghdr *)0) |
| 70 | |
| 71 | #define CMSG32_SPACE(l) (CMSG32_ALIGN(sizeof(struct cmsghdr)) + CMSG32_ALIGN(l)) |
| 72 | #define CMSG32_LEN(l) (CMSG32_ALIGN(sizeof(struct cmsghdr)) + (l)) |
| 73 | |
| 74 | static int |
| 75 | copyout32_msg_control_mbuf(struct lwp *l, struct msghdr *mp, int *len, struct mbuf *m, char **q, bool *truncated) |
| 76 | { |
| 77 | struct cmsghdr *cmsg, cmsg32; |
| 78 | int i, j, error; |
| 79 | |
| 80 | *truncated = false; |
| 81 | cmsg = mtod(m, struct cmsghdr *); |
| 82 | do { |
| 83 | if ((char *)cmsg == mtod(m, char *) + m->m_len) |
| 84 | break; |
| 85 | if ((char *)cmsg > mtod(m, char *) + m->m_len - sizeof(*cmsg)) |
| 86 | return EINVAL; |
| 87 | cmsg32 = *cmsg; |
| 88 | j = cmsg->cmsg_len - CMSG_LEN(0); |
| 89 | i = cmsg32.cmsg_len = CMSG32_LEN(j); |
| 90 | if (i > *len) { |
| 91 | mp->msg_flags |= MSG_CTRUNC; |
| 92 | if (cmsg->cmsg_level == SOL_SOCKET |
| 93 | && cmsg->cmsg_type == SCM_RIGHTS) { |
| 94 | *truncated = true; |
| 95 | return 0; |
| 96 | } |
| 97 | j -= i - *len; |
| 98 | i = *len; |
| 99 | } |
| 100 | |
| 101 | ktrkuser("msgcontrol" , cmsg, cmsg->cmsg_len); |
| 102 | error = copyout(&cmsg32, *q, MAX(i, sizeof(cmsg32))); |
| 103 | if (error) |
| 104 | return (error); |
| 105 | if (i > CMSG32_LEN(0)) { |
| 106 | error = copyout(CMSG_DATA(cmsg), *q + CMSG32_LEN(0), i - CMSG32_LEN(0)); |
| 107 | if (error) |
| 108 | return (error); |
| 109 | } |
| 110 | j = CMSG32_SPACE(cmsg->cmsg_len - CMSG_LEN(0)); |
| 111 | if (*len >= j) { |
| 112 | *len -= j; |
| 113 | *q += j; |
| 114 | } else { |
| 115 | *q += i; |
| 116 | *len = 0; |
| 117 | } |
| 118 | cmsg = (void *)((char *)cmsg + CMSG_ALIGN(cmsg->cmsg_len)); |
| 119 | } while (*len > 0); |
| 120 | |
| 121 | return 0; |
| 122 | } |
| 123 | |
| 124 | static int |
| 125 | copyout32_msg_control(struct lwp *l, struct msghdr *mp, struct mbuf *control) |
| 126 | { |
| 127 | int len, error = 0; |
| 128 | struct mbuf *m; |
| 129 | char *q; |
| 130 | bool truncated; |
| 131 | |
| 132 | len = mp->msg_controllen; |
| 133 | if (len <= 0 || control == 0) { |
| 134 | mp->msg_controllen = 0; |
| 135 | free_control_mbuf(l, control, control); |
| 136 | return 0; |
| 137 | } |
| 138 | |
| 139 | q = (char *)mp->msg_control; |
| 140 | |
| 141 | for (m = control; len > 0 && m != NULL; m = m->m_next) { |
| 142 | error = copyout32_msg_control_mbuf(l, mp, &len, m, &q, &truncated); |
| 143 | if (truncated) { |
| 144 | m = control; |
| 145 | break; |
| 146 | } |
| 147 | if (error) |
| 148 | break; |
| 149 | } |
| 150 | |
| 151 | free_control_mbuf(l, control, m); |
| 152 | |
| 153 | mp->msg_controllen = q - (char *)mp->msg_control; |
| 154 | return error; |
| 155 | } |
| 156 | |
| 157 | int |
| 158 | netbsd32_recvmsg(struct lwp *l, const struct netbsd32_recvmsg_args *uap, register_t *retval) |
| 159 | { |
| 160 | /* { |
| 161 | syscallarg(int) s; |
| 162 | syscallarg(netbsd32_msghdrp_t) msg; |
| 163 | syscallarg(int) flags; |
| 164 | } */ |
| 165 | struct netbsd32_msghdr msg32; |
| 166 | struct iovec aiov[UIO_SMALLIOV], *iov; |
| 167 | struct msghdr msg; |
| 168 | int error; |
| 169 | struct mbuf *from, *control; |
| 170 | size_t iovsz; |
| 171 | |
| 172 | error = copyin(SCARG_P32(uap, msg), &msg32, sizeof(msg32)); |
| 173 | if (error) |
| 174 | return (error); |
| 175 | |
| 176 | iovsz = msg32.msg_iovlen * sizeof(struct iovec); |
| 177 | if (msg32.msg_iovlen > UIO_SMALLIOV) { |
| 178 | if (msg32.msg_iovlen > IOV_MAX) |
| 179 | return (EMSGSIZE); |
| 180 | iov = kmem_alloc(iovsz, KM_SLEEP); |
| 181 | } else |
| 182 | iov = aiov; |
| 183 | error = netbsd32_to_iovecin(NETBSD32PTR64(msg32.msg_iov), iov, |
| 184 | msg32.msg_iovlen); |
| 185 | if (error) |
| 186 | goto done; |
| 187 | |
| 188 | msg.msg_flags = SCARG(uap, flags) & MSG_USERFLAGS; |
| 189 | msg.msg_name = NETBSD32PTR64(msg32.msg_name); |
| 190 | msg.msg_namelen = msg32.msg_namelen; |
| 191 | msg.msg_control = NETBSD32PTR64(msg32.msg_control); |
| 192 | msg.msg_controllen = msg32.msg_controllen; |
| 193 | msg.msg_iov = iov; |
| 194 | msg.msg_iovlen = msg32.msg_iovlen; |
| 195 | |
| 196 | error = do_sys_recvmsg(l, SCARG(uap, s), &msg, &msg32, sizeof(msg32), |
| 197 | &from, msg.msg_control != NULL ? &control : NULL, retval); |
| 198 | if (error != 0) |
| 199 | goto done; |
| 200 | |
| 201 | if (msg.msg_control != NULL) |
| 202 | error = copyout32_msg_control(l, &msg, control); |
| 203 | |
| 204 | if (error == 0) |
| 205 | error = copyout_sockname(msg.msg_name, &msg.msg_namelen, 0, |
| 206 | from); |
| 207 | if (from != NULL) |
| 208 | m_free(from); |
| 209 | if (error == 0) { |
| 210 | msg32.msg_namelen = msg.msg_namelen; |
| 211 | msg32.msg_controllen = msg.msg_controllen; |
| 212 | msg32.msg_flags = msg.msg_flags; |
| 213 | ktrkuser("msghdr" , &msg32, sizeof msg32); |
| 214 | error = copyout(&msg32, SCARG_P32(uap, msg), sizeof(msg32)); |
| 215 | } |
| 216 | |
| 217 | done: |
| 218 | if (iov != aiov) |
| 219 | kmem_free(iov, iovsz); |
| 220 | return (error); |
| 221 | } |
| 222 | |
| 223 | static int |
| 224 | copyin32_msg_control(struct lwp *l, struct msghdr *mp) |
| 225 | { |
| 226 | /* |
| 227 | * Handle cmsg if there is any. |
| 228 | */ |
| 229 | struct cmsghdr *cmsg, cmsg32, *cc; |
| 230 | struct mbuf *ctl_mbuf; |
| 231 | ssize_t resid = mp->msg_controllen; |
| 232 | size_t clen, cidx = 0, cspace; |
| 233 | u_int8_t *control; |
| 234 | int error; |
| 235 | |
| 236 | ctl_mbuf = m_get(M_WAIT, MT_CONTROL); |
| 237 | clen = MLEN; |
| 238 | control = mtod(ctl_mbuf, void *); |
| 239 | memset(control, 0, clen); |
| 240 | |
| 241 | cc = CMSG32_FIRSTHDR(mp); |
| 242 | do { |
| 243 | error = copyin(cc, &cmsg32, sizeof(cmsg32)); |
| 244 | if (error) |
| 245 | goto failure; |
| 246 | |
| 247 | /* |
| 248 | * Sanity check the control message length. |
| 249 | */ |
| 250 | if (cmsg32.cmsg_len > resid || |
| 251 | cmsg32.cmsg_len < sizeof(cmsg32)) { |
| 252 | error = EINVAL; |
| 253 | goto failure; |
| 254 | } |
| 255 | |
| 256 | cspace = CMSG_SPACE(cmsg32.cmsg_len - CMSG32_LEN(0)); |
| 257 | |
| 258 | /* Check the buffer is big enough */ |
| 259 | if (__predict_false(cidx + cspace > clen)) { |
| 260 | u_int8_t *nc; |
| 261 | size_t nclen; |
| 262 | |
| 263 | nclen = cidx + cspace; |
| 264 | if (nclen >= PAGE_SIZE) { |
| 265 | error = EINVAL; |
| 266 | goto failure; |
| 267 | } |
| 268 | nc = realloc(clen <= MLEN ? NULL : control, |
| 269 | nclen, M_TEMP, M_WAITOK); |
| 270 | if (!nc) { |
| 271 | error = ENOMEM; |
| 272 | goto failure; |
| 273 | } |
| 274 | if (cidx <= MLEN) { |
| 275 | /* Old buffer was in mbuf... */ |
| 276 | memcpy(nc, control, cidx); |
| 277 | memset(nc + cidx, 0, nclen - cidx); |
| 278 | } else { |
| 279 | memset(nc + nclen, 0, nclen - clen); |
| 280 | } |
| 281 | control = nc; |
| 282 | clen = nclen; |
| 283 | } |
| 284 | |
| 285 | /* Copy header */ |
| 286 | cmsg = (void *)&control[cidx]; |
| 287 | cmsg->cmsg_len = CMSG_LEN(cmsg32.cmsg_len - CMSG32_LEN(0)); |
| 288 | cmsg->cmsg_level = cmsg32.cmsg_level; |
| 289 | cmsg->cmsg_type = cmsg32.cmsg_type; |
| 290 | |
| 291 | /* Copyin the data */ |
| 292 | error = copyin(CMSG32_DATA(cc), CMSG_DATA(cmsg), |
| 293 | cmsg32.cmsg_len - CMSG32_LEN(0)); |
| 294 | if (error) |
| 295 | goto failure; |
| 296 | |
| 297 | resid -= CMSG32_ALIGN(cmsg32.cmsg_len); |
| 298 | cidx += cmsg->cmsg_len; |
| 299 | } while (resid > 0 && (cc = CMSG32_NXTHDR(mp, &cmsg32))); |
| 300 | |
| 301 | /* If we allocated a buffer, attach to mbuf */ |
| 302 | if (cidx > MLEN) { |
| 303 | MEXTADD(ctl_mbuf, control, clen, M_MBUF, NULL, NULL); |
| 304 | ctl_mbuf->m_flags |= M_EXT_RW; |
| 305 | } |
| 306 | control = NULL; |
| 307 | mp->msg_controllen = ctl_mbuf->m_len = CMSG_ALIGN(cidx); |
| 308 | |
| 309 | mp->msg_control = ctl_mbuf; |
| 310 | mp->msg_flags |= MSG_CONTROLMBUF; |
| 311 | |
| 312 | ktrkuser("msgcontrol" , mtod(ctl_mbuf, void *), |
| 313 | mp->msg_controllen); |
| 314 | |
| 315 | return 0; |
| 316 | |
| 317 | failure: |
| 318 | if (control != mtod(ctl_mbuf, void *)) |
| 319 | free(control, M_MBUF); |
| 320 | m_free(ctl_mbuf); |
| 321 | return error; |
| 322 | } |
| 323 | |
| 324 | int |
| 325 | netbsd32_sendmsg(struct lwp *l, const struct netbsd32_sendmsg_args *uap, register_t *retval) |
| 326 | { |
| 327 | /* { |
| 328 | syscallarg(int) s; |
| 329 | syscallarg(const netbsd32_msghdrp_t) msg; |
| 330 | syscallarg(int) flags; |
| 331 | } */ |
| 332 | struct msghdr msg; |
| 333 | struct netbsd32_msghdr msg32; |
| 334 | struct iovec aiov[UIO_SMALLIOV], *iov = aiov; |
| 335 | struct netbsd32_iovec *iov32; |
| 336 | size_t iovsz; |
| 337 | int error; |
| 338 | |
| 339 | error = copyin(SCARG_P32(uap, msg), &msg32, sizeof(msg32)); |
| 340 | if (error) |
| 341 | return (error); |
| 342 | netbsd32_to_msghdr(&msg32, &msg); |
| 343 | msg.msg_flags = 0; |
| 344 | |
| 345 | if (CMSG32_FIRSTHDR(&msg)) { |
| 346 | error = copyin32_msg_control(l, &msg); |
| 347 | if (error) |
| 348 | return (error); |
| 349 | /* From here on, msg.msg_control is allocated */ |
| 350 | } else { |
| 351 | msg.msg_control = NULL; |
| 352 | msg.msg_controllen = 0; |
| 353 | } |
| 354 | |
| 355 | iovsz = msg.msg_iovlen * sizeof(struct iovec); |
| 356 | if ((u_int)msg.msg_iovlen > UIO_SMALLIOV) { |
| 357 | if ((u_int)msg.msg_iovlen > IOV_MAX) { |
| 358 | error = EMSGSIZE; |
| 359 | goto out; |
| 360 | } |
| 361 | iov = kmem_alloc(iovsz, KM_SLEEP); |
| 362 | } |
| 363 | |
| 364 | iov32 = NETBSD32PTR64(msg32.msg_iov); |
| 365 | error = netbsd32_to_iovecin(iov32, iov, msg.msg_iovlen); |
| 366 | if (error) |
| 367 | goto out; |
| 368 | msg.msg_iov = iov; |
| 369 | |
| 370 | error = do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), |
| 371 | &msg32, sizeof(msg32), retval); |
| 372 | /* msg.msg_control freed by do_sys_sendmsg() */ |
| 373 | |
| 374 | if (iov != aiov) |
| 375 | kmem_free(iov, iovsz); |
| 376 | return (error); |
| 377 | |
| 378 | out: |
| 379 | if (iov != aiov) |
| 380 | kmem_free(iov, iovsz); |
| 381 | if (msg.msg_control) |
| 382 | m_free(msg.msg_control); |
| 383 | return error; |
| 384 | } |
| 385 | |
| 386 | int |
| 387 | netbsd32_recvfrom(struct lwp *l, const struct netbsd32_recvfrom_args *uap, register_t *retval) |
| 388 | { |
| 389 | /* { |
| 390 | syscallarg(int) s; |
| 391 | syscallarg(netbsd32_voidp) buf; |
| 392 | syscallarg(netbsd32_size_t) len; |
| 393 | syscallarg(int) flags; |
| 394 | syscallarg(netbsd32_sockaddrp_t) from; |
| 395 | syscallarg(netbsd32_intp) fromlenaddr; |
| 396 | } */ |
| 397 | struct msghdr msg; |
| 398 | struct iovec aiov; |
| 399 | int error; |
| 400 | struct mbuf *from; |
| 401 | |
| 402 | msg.msg_name = NULL; |
| 403 | msg.msg_iov = &aiov; |
| 404 | msg.msg_iovlen = 1; |
| 405 | aiov.iov_base = SCARG_P32(uap, buf); |
| 406 | aiov.iov_len = SCARG(uap, len); |
| 407 | msg.msg_control = NULL; |
| 408 | msg.msg_flags = SCARG(uap, flags) & MSG_USERFLAGS; |
| 409 | |
| 410 | error = do_sys_recvmsg(l, SCARG(uap, s), &msg, NULL, ~0U, |
| 411 | &from, NULL, retval); |
| 412 | if (error != 0) |
| 413 | return error; |
| 414 | |
| 415 | error = copyout_sockname(SCARG_P32(uap, from), SCARG_P32(uap, fromlenaddr), |
| 416 | MSG_LENUSRSPACE, from); |
| 417 | if (from != NULL) |
| 418 | m_free(from); |
| 419 | return error; |
| 420 | } |
| 421 | |
| 422 | int |
| 423 | netbsd32_sendto(struct lwp *l, const struct netbsd32_sendto_args *uap, register_t *retval) |
| 424 | { |
| 425 | /* { |
| 426 | syscallarg(int) s; |
| 427 | syscallarg(const netbsd32_voidp) buf; |
| 428 | syscallarg(netbsd32_size_t) len; |
| 429 | syscallarg(int) flags; |
| 430 | syscallarg(const netbsd32_sockaddrp_t) to; |
| 431 | syscallarg(int) tolen; |
| 432 | } */ |
| 433 | struct msghdr msg; |
| 434 | struct iovec aiov; |
| 435 | |
| 436 | msg.msg_name = SCARG_P32(uap, to); /* XXX kills const */ |
| 437 | msg.msg_namelen = SCARG(uap, tolen); |
| 438 | msg.msg_iov = &aiov; |
| 439 | msg.msg_iovlen = 1; |
| 440 | msg.msg_control = 0; |
| 441 | aiov.iov_base = SCARG_P32(uap, buf); /* XXX kills const */ |
| 442 | aiov.iov_len = SCARG(uap, len); |
| 443 | msg.msg_flags = 0; |
| 444 | return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), |
| 445 | NULL, ~0U, retval); |
| 446 | } |
| 447 | |