1 /* 2 * Copyright (c) 2000-2012 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 /* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */ 29 /* 30 * Copyright (c) 1990, 1993 31 * The Regents of the University of California. All rights reserved. 32 * 33 * Redistribution and use in source and binary forms, with or without 34 * modification, are permitted provided that the following conditions 35 * are met: 36 * 1. Redistributions of source code must retain the above copyright 37 * notice, this list of conditions and the following disclaimer. 38 * 2. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 3. All advertising materials mentioning features or use of this software 42 * must display the following acknowledgement: 43 * This product includes software developed by the University of 44 * California, Berkeley and its contributors. 45 * 4. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)filedesc.h 8.1 (Berkeley) 6/2/93 62 */ 63 64 #ifndef _SYS_FILEDESC_H_ 65 #define _SYS_FILEDESC_H_ 66 67 #include <sys/appleapiopts.h> 68 69 /* 70 * This structure is used for the management of descriptors. It may be 71 * shared by multiple processes. 72 * 73 * A process is initially started out with NDFILE descriptors [XXXstored within 74 * this structureXXX], selected to be enough for typical applications based on 75 * the historical limit of 20 open files (and the usage of descriptors by 76 * shells). If these descriptors are exhausted, a larger descriptor table 77 * may be allocated, up to a process' resource limit; [XXXthe internal arrays 78 * are then unusedXXX]. The initial expansion is set to NDEXTENT; each time 79 * it runs out, it is doubled until the resource limit is reached. NDEXTENT 80 * should be selected to be the biggest multiple of OFILESIZE (see below) 81 * that will fit in a power-of-two sized piece of memory. 82 */ 83 #define NDFILE 25 /* 125 bytes */ 84 #define NDEXTENT 50 /* 250 bytes in 256-byte alloc. */ 85 86 #ifdef XNU_KERNEL_PRIVATE 87 88 #include <sys/kernel_types.h> 89 #include <kern/locks.h> 90 91 struct klist; 92 struct kqwllist; 93 94 __options_decl(filedesc_flags_t, uint8_t, { 95 /* 96 * process was chrooted... keep track even 97 * if we're force unmounted and unable to 98 * take a vnode_ref on fd_rdir during a fork 99 */ 100 FD_CHROOT = 0x01, 101 102 /* 103 * process has created a kqworkloop that 104 * requires manual cleanup on exit 105 */ 106 FD_WORKLOOP = 0x02, 107 108 #if CONFIG_PROC_RESOURCE_LIMITS 109 /* process has exceeded fd_nfiles soft limit */ 110 FD_ABOVE_SOFT_LIMIT = 0x04, 111 /* process has exceeded fd_nfiles hard limit */ 112 FD_ABOVE_HARD_LIMIT = 0x08, 113 114 /* fd_nfiles soft limit notification has already been sent */ 115 FD_SOFT_LIMIT_NOTIFIED = 0x10, 116 /* fd_nfiles hard limit notification has already been sent */ 117 FD_HARD_LIMIT_NOTIFIED = 0x20, 118 #endif /* CONFIG_PROC_RESOURCE_LIMITS */ 119 }); 120 121 #define FILEDESC_FORK_INHERITED_MASK (FD_CHROOT) 122 123 struct filedesc { 124 lck_mtx_t fd_lock; /* (L) lock to protect fdesc */ 125 uint8_t fd_fpdrainwait; /* (L) has drain waiters */ 126 filedesc_flags_t fd_flags; /* (L) filedesc flags */ 127 u_short fd_cmask; /* (L) mask for file creation */ 128 int fd_nfiles; /* (L) number of open fdesc slots allocated */ 129 int fd_afterlast; /* (L) high-water mark of fd_ofiles */ 130 int fd_freefile; /* (L) approx. next free file */ 131 #if CONFIG_PROC_RESOURCE_LIMITS 132 int fd_nfiles_open; 133 int fd_nfiles_soft_limit; /* (L) fd_nfiles soft limit to trigger guard */ 134 int fd_nfiles_hard_limit; /* (L) fd_nfiles hard limit to terminate */ 135 #endif /* CONFIG_PROC_RESOURCE_LIMITS */ 136 137 int fd_knlistsize; /* (L) size of knlist */ 138 struct fileproc **XNU_PTRAUTH_SIGNED_PTR("filedesc.fd_ofiles") fd_ofiles; /* (L) file structures for open files */ 139 char *fd_ofileflags; /* (L) per-process open file flags */ 140 141 struct klist *fd_knlist; /* (L) list of attached knotes */ 142 143 struct kqworkq *fd_wqkqueue; /* (L) the workq kqueue */ 144 struct vnode *fd_cdir; /* (L) current directory */ 145 struct vnode *fd_rdir; /* (L) root directory */ 146 lck_rw_t fd_dirs_lock; /* keeps fd_cdir and fd_rdir stable across a lookup */ 147 148 lck_mtx_t fd_kqhashlock; /* (Q) lock for dynamic kqueue hash */ 149 u_long fd_kqhashmask; /* (Q) size of dynamic kqueue hash */ 150 struct kqwllist *fd_kqhash; /* (Q) hash table for dynamic kqueues */ 151 152 lck_mtx_t fd_knhashlock; /* (N) lock for hash table for attached knotes */ 153 u_long fd_knhashmask; /* (N) size of knhash */ 154 struct klist *fd_knhash; /* (N) hash table for attached knotes */ 155 }; 156 157 #define fdt_flag_test(fdt, flag) (((fdt)->fd_flags & (flag)) != 0) 158 #define fdt_flag_set(fdt, flag) ((void)((fdt)->fd_flags |= (flag))) 159 #define fdt_flag_clear(fdt, flag) ((void)((fdt)->fd_flags &= ~(flag))) 160 161 #if CONFIG_PROC_RESOURCE_LIMITS 162 #define fd_above_soft_limit_notify(fdp) fdt_flag_test(fdp, FD_ABOVE_SOFT_LIMIT) 163 #define fd_above_hard_limit_notify(fdp) fdt_flag_test(fdp, FD_ABOVE_HARD_LIMIT) 164 #define fd_above_soft_limit_send_notification(fdp) fdt_flag_set(fdp, FD_ABOVE_SOFT_LIMIT) 165 #define fd_above_hard_limit_send_notification(fdp) fdt_flag_set(fdp, FD_ABOVE_HARD_LIMIT) 166 #define fd_soft_limit_already_notified(fdp) fdt_flag_test(fdp, FD_SOFT_LIMIT_NOTIFIED) 167 #define fd_soft_limit_notified(fdp) fdt_flag_set(fdp, FD_SOFT_LIMIT_NOTIFIED) 168 #define fd_hard_limit_already_notified(fdp) fdt_flag_test(fdp, FD_HARD_LIMIT_NOTIFIED) 169 #define fd_hard_limit_notified(fdp) fdt_flag_set(fdp, FD_HARD_LIMIT_NOTIFIED) 170 #endif /* CONFIG_PROC_RESOURCE_LIMITS */ 171 172 /* 173 * Per-process open flags. 174 */ 175 #define UF_RESERVED 0x04 /* open pending / in progress */ 176 #define UF_CLOSING 0x08 /* close in progress */ 177 #define UF_RESVWAIT 0x10 /* close in progress */ 178 #define UF_INHERIT 0x20 /* "inherit-on-exec" */ 179 180 /* 181 * Storage required per open file descriptor. 182 */ 183 #define OFILESIZE (sizeof(struct file *) + sizeof(char)) 184 185 /*! 186 * @function fdt_available 187 * 188 * @brief 189 * Returns whether the file descritor table can accomodate 190 * for @c n new entries. 191 * 192 * @discussion 193 * The answer is only valid so long as the @c proc_fdlock() is held by the 194 * caller. 195 */ 196 extern bool 197 fdt_available_locked(proc_t p, int n); 198 199 /*! 200 * @struct fdt_iterator 201 * 202 * @brief 203 * Type used to iterate a file descriptor table. 204 */ 205 struct fdt_iterator { 206 int fdti_fd; 207 struct fileproc *fdti_fp; 208 }; 209 210 /*! 211 * @function fdt_next 212 * 213 * @brief 214 * Seek the iterator forward. 215 * 216 * @discussion 217 * The @c proc_fdlock() should be held by the caller. 218 * 219 * @param p 220 * The process for which the file descriptor table is being iterated. 221 * 222 * @param fd 223 * The current file file descriptor to scan from (exclusive). 224 * 225 * @param only_settled 226 * When true, only fileprocs with @c UF_RESERVED set are returned. 227 * If false, fileprocs that are in flux (@c UF_RESERVED is set) are returned. 228 * 229 * @returns 230 * The next iterator position. 231 * If @c fdti_fp is NULL, the iteration is done. 232 */ 233 extern struct fdt_iterator 234 fdt_next(proc_t p, int fd, bool only_settled); 235 236 /*! 237 * @function fdt_next 238 * 239 * @brief 240 * Seek the iterator backwards. 241 * 242 * @discussion 243 * The @c proc_fdlock() should be held by the caller. 244 * 245 * @param p 246 * The process for which the file descriptor table is being iterated. 247 * 248 * @param fd 249 * The current file file descriptor to scan from (exclusive). 250 * 251 * @param only_settled 252 * When true, only fileprocs with @c UF_RESERVED set are returned. 253 * If false, fileprocs that are in flux (@c UF_RESERVED is set) are returned. 254 * 255 * @returns 256 * The next iterator position. 257 * If @c fdti_fp is NULL, the iteration is done. 258 */ 259 extern struct fdt_iterator 260 fdt_prev(proc_t p, int fd, bool only_settled); 261 262 /*! 263 * @def fdt_foreach 264 * 265 * @brief 266 * Convenience macro around @c fdt_next() to enumerates fileprocs in a process 267 * file descriptor table. 268 * 269 * @discussion 270 * The @c proc_fdlock() should be held by the caller. 271 * 272 * @param fp 273 * The iteration variable. 274 * 275 * @param p 276 * The process for which the file descriptor table is being iterated. 277 */ 278 #define fdt_foreach(fp, p) \ 279 for (struct fdt_iterator __fdt_it = fdt_next(p, -1, true); \ 280 ((fp) = __fdt_it.fdti_fp); \ 281 __fdt_it = fdt_next(p, __fdt_it.fdti_fd, true)) 282 283 /*! 284 * @def fdt_foreach_fd 285 * 286 * @brief 287 * When in an @c fdt_foreach() loop, return the current file descriptor 288 * being inspected. 289 */ 290 #define fdt_foreach_fd() __fdt_it.fdti_fd 291 292 /*! 293 * @function fdt_init 294 * 295 * @brief 296 * Initializers a proc file descriptor table. 297 * 298 * @warning 299 * The proc that is passed is supposed to have been zeroed out, 300 * as this function is used to setup @c kernelproc's file descriptor table 301 * and some fields are already initialized when fdt_init() is called. 302 */ 303 extern void 304 fdt_init(proc_t p); 305 306 /*! 307 * @function fdt_destroy 308 * 309 * @brief 310 * Destroys locks from the file descriptor table. 311 * 312 * @description 313 * This function destroys the file descriptor table locks. 314 * 315 * This cannot be done while the process this table belongs 316 * to can be looked up. 317 */ 318 extern void 319 fdt_destroy(proc_t p); 320 321 /*! 322 * @function fdt_fork 323 * 324 * @brief 325 * Clones a file descriptor table for the @c fork() system call. 326 * 327 * @discussion 328 * This function internally takes and drops @c proc_fdlock(). 329 * 330 * Files are copied directly, ignoring the new resource limits for the process 331 * that's being copied into. Since the descriptor references are just 332 * additional references, this does not count against the number of open files 333 * on the system. 334 * 335 * The struct filedesc includes the current working directory, and the current 336 * root directory, if the process is chroot'ed. 337 * 338 * If the exec was called by a thread using a per thread current working 339 * directory, we inherit the working directory from the thread making the call, 340 * rather than from the process. 341 * 342 * In the case of a failure to obtain a reference, for most cases, the file 343 * entry will be silently dropped. There's an exception for the case of 344 * a chroot dir, since a failure to to obtain a reference there would constitute 345 * an "escape" from the chroot environment, which must not be allowed. 346 * 347 * @param child_fdt 348 * The child process file descriptor table. 349 * 350 * @param parent_p 351 * The parent process to clone the file descriptor table from. 352 * 353 * @param uth_cdir 354 * The vnode for the current thread's current working directory if it is 355 * different from the parent process one. 356 * 357 * @param in_exec 358 * The duplication of fdt is happening for exec 359 * 360 * @returns 361 * 0 Success 362 * EPERM Unable to acquire a reference to the current chroot directory 363 * ENOMEM Not enough memory to perform the clone operation 364 */ 365 extern int 366 fdt_fork(struct filedesc *child_fdt, proc_t parent_p, struct vnode *uth_cdir, bool in_exec); 367 368 /*! 369 * @function fdt_exec 370 * 371 * @brief 372 * Perform close-on-exec processing for all files in a process 373 * that are either marked as close-on-exec. 374 * 375 * @description 376 * Also handles the case (via posix_spawn()) where -all- files except those 377 * marked with "inherit" as treated as close-on-exec. 378 * 379 * This function internally takes and drops proc_fdlock() 380 * But assumes tables don't grow/change while unlocked. 381 * 382 * @param p 383 * The process whose file descriptor table is being filrered. 384 * 385 * @param posix_spawn_flags 386 * A set of @c POSIX_SPAWN_* flags. 387 * 388 * @param thread 389 * new thread 390 * 391 * @param in_exec 392 * If the process is in exec 393 */ 394 extern void 395 fdt_exec(proc_t p, short posix_spawn_flags, thread_t thread, bool in_exec); 396 397 /*! 398 * @function fdt_invalidate 399 * 400 * @brief 401 * Invalidates a proc file descriptor table. 402 * 403 * @discussion 404 * Closes all open files in the file descriptor table, 405 * empties hash tables, etc... 406 * 407 * However, the fileproc arrays stay allocated to still allow external lookups. 408 * These get cleaned up by @c fdt_destroy(). 409 * 410 * This function internally takes and drops proc_fdlock(). 411 */ 412 extern void 413 fdt_invalidate(proc_t p); 414 415 /* 416 * Kernel global variables and routines. 417 */ 418 extern int dupfdopen(proc_t p, int indx, int dfd, int mode, int error); 419 extern int fdalloc(proc_t p, int want, int *result); 420 extern void fdrelse(struct proc * p, int fd); 421 #define fdfile(p, fd) \ 422 (&(p)->p_fd.fd_ofiles[(fd)]) 423 #define fdflags(p, fd) \ 424 (&(p)->p_fd.fd_ofileflags[(fd)]) 425 426 extern int falloc(proc_t p, struct fileproc **resultfp, 427 int *resultfd, struct vfs_context *ctx); 428 429 typedef void (*fp_initfn_t)(struct fileproc *, void *ctx); 430 extern int falloc_withinit(proc_t p, struct fileproc **resultfp, 431 int *resultfd, struct vfs_context *ctx, 432 fp_initfn_t fp_init, void *initarg); 433 434 #if CONFIG_PROC_RESOURCE_LIMITS 435 void fd_check_limit_exceeded(struct filedesc *fdp); 436 #endif /* CONFIG_PROC_RESOURCE_LIMITS */ 437 438 #endif /* XNU_KERNEL_PRIVATE */ 439 440 #endif /* !_SYS_FILEDESC_H_ */ 441