1 /*
2 * Copyright (c) 2000-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */
29 /*
30 * Copyright (c) 1982, 1986, 1989, 1993
31 * The Regents of the University of California. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. All advertising materials mentioning features or use of this software
42 * must display the following acknowledgement:
43 * This product includes software developed by the University of
44 * California, Berkeley and its contributors.
45 * 4. Neither the name of the University nor the names of its contributors
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 * @(#)file.h 8.3 (Berkeley) 1/9/95
62 */
63
64 #ifndef _SYS_FILE_INTERNAL_H_
65 #define _SYS_FILE_INTERNAL_H_
66
67 #include <sys/appleapiopts.h>
68 #include <sys/fcntl.h>
69 #include <sys/unistd.h>
70
71 #ifdef XNU_KERNEL_PRIVATE
72 #include <sys/errno.h>
73 #include <sys/queue.h>
74 #include <sys/cdefs.h>
75 #include <sys/constrained_ctypes.h>
76 #include <sys/lock.h>
77 #include <sys/file.h>
78 #include <sys/filedesc.h>
79 #include <sys/guarded.h>
80 #include <os/refcnt.h>
81
82 __BEGIN_DECLS
83
84 #pragma GCC visibility push(hidden)
85
86 struct proc;
87 struct uio;
88 struct knote;
89 struct kevent_qos_s;
90 struct file;
91 #ifndef _KAUTH_CRED_T
92 #define _KAUTH_CRED_T
93 typedef struct ucred *kauth_cred_t;
94 typedef struct posix_cred *posix_cred_t;
95 #endif /* !_KAUTH_CRED_T */
96
97 __options_decl(fileproc_vflags_t, unsigned int, {
98 FPV_NONE = 0,
99 FPV_DRAIN = 0x01,
100 });
101
102 __options_decl(fileproc_flags_t, uint16_t, {
103 FP_NONE = 0,
104 FP_CLOEXEC = 0x01,
105 FP_CLOFORK = 0x02,
106 FP_INSELECT = 0x04,
107 FP_AIOISSUED = 0x08,
108 FP_SELCONFLICT = 0x10, /* select conflict on an individual fp */
109 });
110
111 struct fileproc_guard {
112 struct select_set *fpg_wset;
113 guardid_t fpg_guard;
114 };
115
116 /*
117 * Kernel descriptor table.
118 * One entry for each open kernel vnode and socket.
119 */
120 struct fileproc {
121 os_refcnt_t fp_iocount;
122 _Atomic fileproc_vflags_t fp_vflags;
123 fileproc_flags_t fp_flags;
124 uint16_t fp_guard_attrs;
125 struct fileglob *XNU_PTRAUTH_SIGNED_PTR("fileproc.fp_glob") fp_glob;
126 union {
127 struct select_set *fp_wset; /* fp_guard_attrs == 0 */
128 struct fileproc_guard *XNU_PTRAUTH_SIGNED_PTR("fileproc.fp_guard") fp_guard; /* fp_guard_attrs != 0 */
129 };
130 };
131 __CCT_DECLARE_CONSTRAINED_PTR_TYPES(struct fileproc, fileproc);
132 #define FILEPROC_NULL ((struct fileproc *)0)
133
134 /* file types */
135 typedef enum {
136 DTYPE_VNODE = 1, /* file */
137 DTYPE_SOCKET, /* communications endpoint */
138 DTYPE_PSXSHM, /* POSIX Shared memory */
139 DTYPE_PSXSEM, /* POSIX Semaphores */
140 DTYPE_KQUEUE, /* kqueue */
141 DTYPE_PIPE, /* pipe */
142 DTYPE_FSEVENTS, /* fsevents */
143 DTYPE_ATALK, /* (obsolete) */
144 DTYPE_NETPOLICY, /* networking policy */
145 DTYPE_CHANNEL, /* Skywalk Channel */
146 DTYPE_NEXUS /* Skywalk Nexus */
147 } file_type_t;
148
149 /* defines for fg_lflags */
150 // was FG_TERM 0x01
151 #define FG_INSMSGQ 0x02 /* insert to msgqueue pending .. */
152 #define FG_WINSMSGQ 0x04 /* wait for the fielglob is in msgque */
153 #define FG_RMMSGQ 0x08 /* the fileglob is being removed from msgqueue */
154 #define FG_WRMMSGQ 0x10 /* wait for the fileglob to be removed from msgqueue */
155 #define FG_PORTMADE 0x20 /* a port was at some point created for this fileglob */
156 #define FG_NOSIGPIPE 0x40 /* don't deliver SIGPIPE with EPIPE return */
157 #define FG_OFF_LOCKED 0x80 /* Used as a mutex for offset changes (for vnodes) */
158 #define FG_OFF_LOCKWANT 0x100 /* Somebody's wating for the lock */
159 #define FG_CONFINED 0x200 /* fileglob confined to process, immutably */
160 #define FG_HAS_OFDLOCK 0x400 /* Has or has had an OFD lock */
161
162 struct fileops {
163 file_type_t fo_type; /* descriptor type */
164 int (*fo_read) (struct fileproc *fp, struct uio *uio,
165 int flags, vfs_context_t ctx);
166 int (*fo_write) (struct fileproc *fp, struct uio *uio,
167 int flags, vfs_context_t ctx);
168 #define FOF_OFFSET 0x00000001 /* offset supplied to vn_write */
169 int (*fo_ioctl)(struct fileproc *fp, u_long com,
170 caddr_t data, vfs_context_t ctx);
171 int (*fo_select) (struct fileproc *fp, int which,
172 void *wql, vfs_context_t ctx);
173 int (*fo_close) (struct fileglob *fg, vfs_context_t ctx);
174 int (*fo_kqfilter) (struct fileproc *fp, struct knote *, struct kevent_qos_s *);
175 int (*fo_drain) (struct fileproc *fp, vfs_context_t ctx);
176 };
177
178 struct fileglob {
179 LIST_ENTRY(fileglob) f_msglist; /* list of files in unix messages */
180 uint32_t fg_flag; /* (atomic) see fcntl.h */
181 os_ref_atomic_t fg_count; /* reference count */
182 uint32_t fg_msgcount; /* references from message queue */
183 int32_t fg_lflags; /* file global flags */
184 kauth_cred_t XNU_PTRAUTH_SIGNED_PTR("fileglob.fg_cred") fg_cred; /* credentials associated with descriptor */
185 const struct fileops *XNU_PTRAUTH_SIGNED_PTR("fileglob.fg_ops") fg_ops;
186 off_t fg_offset;
187 uintptr_t fg_data; /* vnode or socket or SHM or semaphore */
188 struct fd_vn_data *XNU_PTRAUTH_SIGNED_PTR("fileglob.fg_vn_data") fg_vn_data; /* Per fd vnode data, used for directories */
189 lck_mtx_t fg_lock;
190 #if CONFIG_MACF && CONFIG_VNGUARD
191 struct vng_owner *fg_vgo; /* Used by the vnode guard MAC hook */
192 #endif
193 };
194
195 /* Disambiguate OFD ids from flock ids (fileglobs) */
196 __pure2
197 static inline caddr_t
ofd_to_id(const struct fileglob * fg)198 ofd_to_id(const struct fileglob *fg)
199 {
200 return (caddr_t)~(uintptr_t)fg;
201 }
202
203 extern int maxfiles; /* kernel limit on number of open files */
204 extern int nfiles; /* actual number of open files */
205 extern int maxfilesperproc;
206 os_refgrp_decl_extern(f_refgrp); /* os_refgrp_t for file refcounts */
207
208 #define FILEGLOB_DTYPE(fg) ((const file_type_t)((fg)->fg_ops->fo_type))
209
210 #pragma mark files (struct fileglob)
211
212 /*!
213 * @function fg_ref
214 *
215 * @brief
216 * Acquire a file reference on the specified file.
217 *
218 * @description
219 * The @c proc must be locked while this operation is being performed
220 * to avoid races with setting the FG_CONFINED flag.
221 *
222 * @param proc
223 * The proc this file reference is taken on behalf of.
224 *
225 * @param fg
226 * The specified file
227 */
228 void
229 fg_ref(proc_t proc, struct fileglob *fg);
230
231 /*!
232 * @function fg_drop_live
233 *
234 * @brief
235 * Drops a file reference on the specified file that isn't the last one.
236 *
237 * @param fg
238 * The file whose reference is being dropped.
239 */
240 void
241 fg_drop_live(struct fileglob *fg);
242
243 /*!
244 * @function fg_drop
245 *
246 * @brief
247 * Drops a file reference on the specified file.
248 *
249 * @discussion
250 * No locks should be held when calling this function.
251 *
252 * @param p
253 * The process making the request,
254 * or PROC_NULL if the file belongs to a message/fileport.
255 *
256 * @param fg
257 * The file being closed.
258 *
259 * @returns
260 * 0 Success
261 * ??? Any error that @c fileops::fo_close can return
262 */
263 int
264 fg_drop(proc_t p, struct fileglob *fg);
265
266 /*!
267 * @function fg_sendable
268 *
269 * @brief
270 * Returns whether a particular file can be sent over IPC.
271 */
272 bool
273 fg_sendable(struct fileglob *fg);
274
275 /*!
276 * @function fg_get_data_volatile
277 *
278 * @brief
279 * Returns the fileglob opaque data pointer.
280 *
281 * @discussion
282 * Unlike @c fg_get_data() this variant will
283 * not be hoisted by the compiler.
284 *
285 * @param fg
286 * The file whose data is being requested.
287 */
288 void *
289 fg_get_data_volatile(struct fileglob *fg);
290
291 /*!
292 * @function fg_get_data
293 *
294 * @brief
295 * Returns the fileglob opaque data pointer.
296 *
297 * @discussion
298 * Unlike @c fg_get_data_volatile() this variant
299 * will be hoisted by the compiler if it is called
300 * repeatedly.
301 *
302 * @param fg
303 * The file whose data is being requested.
304 */
305 __pure2
306 static inline void *
fg_get_data(struct fileglob * fg)307 fg_get_data(struct fileglob *fg)
308 {
309 return fg_get_data_volatile(fg);
310 }
311
312 /*!
313 * @function fg_set_data
314 *
315 * @brief
316 * Sets the fileglob opaque data pointer.
317 *
318 * @param fg
319 * The file whose data is being set.
320 *
321 * @param fg_data
322 * Opaque file data value
323 */
324 void
325 fg_set_data(struct fileglob *fg, void *fg_data);
326
327 #pragma mark file descriptor entries (struct fileproc)
328
329 /*!
330 * @function fg_get_data
331 *
332 * @brief
333 * Returns the fileproc fileglob opaque data pointer.
334 *
335 * @discussion
336 * Unlike @c fp_get_data_volatile() this variant
337 * will be hoisted by the compiler if it is called
338 * repeatedly.
339 *
340 * @param fp
341 * The fileproc whose data is being requested.
342 */
343 __pure2
344 static inline void *
fp_get_data(struct fileproc * fp)345 fp_get_data(struct fileproc *fp)
346 {
347 return fg_get_data(fp->fp_glob);
348 }
349
350 /*!
351 * @function fp_get_data
352 *
353 * @brief
354 * Returns the fileproc fileglob opaque data pointer.
355 *
356 * @discussion
357 * Unlike @c fp_get_data() this variant will
358 * not be hoisted by the compiler.
359 *
360 * @param fp
361 * The fileproc whose data is being requested.
362 */
363 static inline void *
fp_get_data_volatile(struct fileproc * fp)364 fp_get_data_volatile(struct fileproc *fp)
365 {
366 return fg_get_data_volatile(fp->fp_glob);
367 }
368
369 /*!
370 * @function fp_set_data
371 *
372 * @brief
373 * Sets the fileproc opaque data pointer.
374 *
375 * @param fp
376 * The fileproc whose data is being set.
377 *
378 * @param fg_data
379 * Opaque file data value
380 */
381 static inline void
fp_set_data(struct fileproc * fp,void * fg_data)382 fp_set_data(struct fileproc *fp, void *fg_data)
383 {
384 fg_set_data(fp->fp_glob, fg_data);
385 }
386
387 /*!
388 * @function fp_get_ftype
389 *
390 * @brief
391 * Get the fileproc pointer for the given fd from the per process, with the
392 * specified file type, and with an I/O reference.
393 *
394 * @param p
395 * The process in which fd lives.
396 *
397 * @param fd
398 * The file descriptor index to lookup.
399 *
400 * @param ftype
401 * The required file type.
402 *
403 * @param err
404 * The error to return if the file exists but isn't of the specified type.
405 *
406 * @param fpp
407 * The returned fileproc when the call returns 0.
408 *
409 * @returns
410 * 0 Success (@c fpp is set)
411 * EBADF Bad file descriptor
412 * @c err There is an entry, but it isn't of the specified type.
413 */
414 extern int
415 fp_get_ftype(proc_t p, int fd, file_type_t ftype, int err, struct fileproc **fpp);
416
417 /*!
418 * @function fp_get_noref_locked
419 *
420 * @brief
421 * Get the fileproc pointer for the given fd from the per process
422 * open file table without taking an explicit reference on it.
423 *
424 * @description
425 * This function assumes that the @c proc_fdlock is held, as the caller
426 * doesn't hold an I/O reference for the returned fileproc.
427 *
428 * Because there is no reference explicitly taken, the returned
429 * fileproc pointer is only valid so long as the @c proc_fdlock
430 * remains held by the caller.
431 *
432 * @param p
433 * The process in which fd lives.
434 *
435 * @param fd
436 * The file descriptor index to lookup.
437 *
438 * @returns
439 * - the fileproc on success
440 * - FILEPROC_NULL on error
441 */
442 extern struct fileproc *
443 fp_get_noref_locked(proc_t p, int fd);
444
445 /*!
446 * @function fp_get_noref_locked_with_iocount
447 *
448 * @brief
449 * Similar to fp_get_noref_locked(), but allows returning files that are
450 * closing.
451 *
452 * @discussion
453 * Some parts of the kernel take I/O references on fileprocs but only remember
454 * the file descriptor for which they did that.
455 *
456 * These interfaces later need to drop that reference, but if the file is
457 * already closing, then fp_get_noref_locked() will refuse to resolve
458 * the file descriptor.
459 *
460 * This interface allows the lookup (but will assert that the fileproc has
461 * enouhg I/O references).
462 *
463 * @warning
464 * New code should NOT use this function, it is required for interfaces
465 * that acquire iocounts without remembering the fileproc pointer,
466 * which is bad practice.
467 */
468 extern struct fileproc *
469 fp_get_noref_locked_with_iocount(proc_t p, int fd);
470
471 /*!
472 * @function fp_close_and_unlock
473 *
474 * @brief
475 * Close the given file descriptor entry.
476 *
477 * @description
478 * This function assumes that the @c proc_fdlock is held,
479 * and that the caller holds no additional I/O reference
480 * on the specified file descriptor entry.
481 *
482 * The @c proc_fdlock is unlocked upon return.
483 *
484 * @param p
485 * The process in which fd lives.
486 *
487 * @param fd
488 * The file descriptor index being closed.
489 *
490 * @param fp
491 * The fileproc entry associated with @c fd.
492 *
493 * @returns
494 * 0 Success
495 * EBADF Bad file descriptor
496 * ??? Any error that @c fileops::fo_close can return.
497 */
498 extern int
499 fp_close_and_unlock(proc_t p, int fd, struct fileproc *fp, int flags);
500
501 /* wrappers for fp->f_ops->fo_... */
502 int fo_read(struct fileproc *fp, struct uio *uio, int flags, vfs_context_t ctx);
503 int fo_write(struct fileproc *fp, struct uio *uio, int flags,
504 vfs_context_t ctx);
505 int fo_ioctl(struct fileproc *fp, u_long com, caddr_t data, vfs_context_t ctx);
506 int fo_select(struct fileproc *fp, int which, void *wql, vfs_context_t ctx);
507 int fo_close(struct fileglob *fg, vfs_context_t ctx);
508 int fo_drain(struct fileproc *fp, vfs_context_t ctx);
509 int fo_kqfilter(struct fileproc *fp, struct knote *kn, struct kevent_qos_s *kev);
510
511 /* Functions to use for unsupported fileops */
512 int fo_no_read(struct fileproc *fp, struct uio *uio, int flags, vfs_context_t ctx);
513 int fo_no_write(struct fileproc *fp, struct uio *uio, int flags,
514 vfs_context_t ctx);
515 int fo_no_ioctl(struct fileproc *fp, u_long com, caddr_t data, vfs_context_t ctx);
516 int fo_no_select(struct fileproc *fp, int which, void *wql, vfs_context_t ctx);
517 int fo_no_drain(struct fileproc *fp, vfs_context_t ctx);
518 int fo_no_kqfilter(struct fileproc *, struct knote *, struct kevent_qos_s *kev);
519
520 int fp_tryswap(proc_t, int fd, struct fileproc *nfp);
521 int fp_drop(struct proc *p, int fd, struct fileproc *fp, int locked);
522 void fp_free(struct proc * p, int fd, struct fileproc * fp);
523 int fp_lookup(struct proc *p, int fd, struct fileproc **resultfp, int locked);
524 int fp_lookup_guarded(struct proc *p, int fd, guardid_t guard, struct fileproc **resultfp, int locked);
525 int fp_isguarded(struct fileproc *fp, u_int attribs);
526 int fp_guard_exception(proc_t p, int fd, struct fileproc *fp, u_int attribs);
527 struct nameidata;
528 struct vnode_attr;
529 int open1(vfs_context_t ctx, struct nameidata *ndp, int uflags,
530 struct vnode_attr *vap, fp_initfn_t fp_init, void *initarg,
531 int32_t *retval, int authfd);
532 int chdir_internal(proc_t p, vfs_context_t ctx, struct nameidata *ndp, int per_thread);
533 int kqueue_internal(struct proc *p, fp_initfn_t, void *initarg, int32_t *retval);
534 void procfdtbl_releasefd(struct proc * p, int fd, struct fileproc * fp);
535 extern struct fileproc *fileproc_alloc_init(void);
536 extern void fileproc_free(struct fileproc *fp);
537 extern void guarded_fileproc_copy_guard(struct fileproc *ofp, struct fileproc *nfp);
538 extern void guarded_fileproc_unguard(struct fileproc *fp);
539 extern void fg_vn_data_free(void *fgvndata);
540 extern int nameiat(struct nameidata *ndp, int dirfd);
541 extern void vn_offset_lock(struct fileglob *fg);
542 extern void vn_offset_unlock(struct fileglob *fg);
543 extern int falloc_guarded(struct proc *p, struct fileproc **fp, int *fd,
544 vfs_context_t ctx, const guardid_t *guard, u_int attrs);
545 extern void fileproc_modify_vflags(struct fileproc *fp, fileproc_vflags_t vflags, boolean_t clearflags);
546 fileproc_vflags_t fileproc_get_vflags(struct fileproc *fp);
547
548 #pragma mark internal version of syscalls
549
550 int fileport_makefd(proc_t p, ipc_port_t port, fileproc_flags_t fp_flags, int *fd);
551 int dup2(proc_t p, int from, int to, int *fd);
552 int close_nocancel(proc_t p, int fd);
553
554 #pragma GCC visibility pop
555
556 __END_DECLS
557
558 #endif /* XNU_KERNEL_PRIVATE */
559
560 #endif /* !_SYS_FILE_INTERNAL_H_ */
561