279d722604
Pre-rfork code assumed inherent locking of a process's file descriptor array. However, with the advent of rfork() the file descriptor table could be shared between processes. This patch closes over a dozen serious race conditions related to one thread manipulating the table (e.g. closing or dup()ing a descriptor) while another is blocked in an open(), close(), fcntl(), read(), write(), etc... PR: kern/11629 Discussed with: Alexander Viro <viro@math.psu.edu>
152 lines
5.9 KiB
C
152 lines
5.9 KiB
C
/*
|
|
* Copyright (c) 1990, 1993
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the University of
|
|
* California, Berkeley and its contributors.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* @(#)filedesc.h 8.1 (Berkeley) 6/2/93
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#ifndef _SYS_FILEDESC_H_
|
|
#define _SYS_FILEDESC_H_
|
|
|
|
#include <sys/queue.h>
|
|
|
|
/*
|
|
* This structure is used for the management of descriptors. It may be
|
|
* shared by multiple processes.
|
|
*
|
|
* A process is initially started out with NDFILE descriptors stored within
|
|
* this structure, selected to be enough for typical applications based on
|
|
* the historical limit of 20 open files (and the usage of descriptors by
|
|
* shells). If these descriptors are exhausted, a larger descriptor table
|
|
* may be allocated, up to a process' resource limit; the internal arrays
|
|
* are then unused. The initial expansion is set to NDEXTENT; each time
|
|
* it runs out, it is doubled until the resource limit is reached. NDEXTENT
|
|
* should be selected to be the biggest multiple of OFILESIZE (see below)
|
|
* that will fit in a power-of-two sized piece of memory.
|
|
*/
|
|
#define NDFILE 20
|
|
#define NDEXTENT 50 /* 250 bytes in 256-byte alloc. */
|
|
|
|
struct filedesc {
|
|
struct file **fd_ofiles; /* file structures for open files */
|
|
char *fd_ofileflags; /* per-process open file flags */
|
|
struct vnode *fd_cdir; /* current directory */
|
|
struct vnode *fd_rdir; /* root directory */
|
|
struct vnode *fd_jdir; /* jail root directory */
|
|
int fd_nfiles; /* number of open files allocated */
|
|
u_short fd_lastfile; /* high-water mark of fd_ofiles */
|
|
u_short fd_freefile; /* approx. next free file */
|
|
u_short fd_cmask; /* mask for file creation */
|
|
u_short fd_refcnt; /* reference count */
|
|
|
|
int fd_knlistsize; /* size of knlist */
|
|
struct klist *fd_knlist; /* list of attached knotes */
|
|
u_long fd_knhashmask; /* size of knhash */
|
|
struct klist *fd_knhash; /* hash table for attached knotes */
|
|
};
|
|
|
|
/*
|
|
* Basic allocation of descriptors:
|
|
* one of the above, plus arrays for NDFILE descriptors.
|
|
*/
|
|
struct filedesc0 {
|
|
struct filedesc fd_fd;
|
|
/*
|
|
* These arrays are used when the number of open files is
|
|
* <= NDFILE, and are then pointed to by the pointers above.
|
|
*/
|
|
struct file *fd_dfiles[NDFILE];
|
|
char fd_dfileflags[NDFILE];
|
|
};
|
|
|
|
/*
|
|
* Per-process open flags.
|
|
*/
|
|
#define UF_EXCLOSE 0x01 /* auto-close on exec */
|
|
#if 0
|
|
#define UF_MAPPED 0x02 /* mapped from device */
|
|
#endif
|
|
|
|
/*
|
|
* Storage required per open file descriptor.
|
|
*/
|
|
#define OFILESIZE (sizeof(struct file *) + sizeof(char))
|
|
|
|
/*
|
|
* This structure holds the information needed to send a SIGIO or
|
|
* a SIGURG signal to a process or process group when new data arrives
|
|
* on a device or socket. The structure is placed on an SLIST belonging
|
|
* to the proc or pgrp so that the entire list may be revoked when the
|
|
* process exits or the process group disappears.
|
|
*/
|
|
struct sigio {
|
|
union {
|
|
struct proc *siu_proc; /* process to receive SIGIO/SIGURG */
|
|
struct pgrp *siu_pgrp; /* process group to receive ... */
|
|
} sio_u;
|
|
SLIST_ENTRY(sigio) sio_pgsigio; /* sigio's for process or group */
|
|
struct sigio **sio_myref; /* location of the pointer that holds
|
|
* the reference to this structure */
|
|
struct ucred *sio_ucred; /* current credentials */
|
|
uid_t sio_ruid; /* real user id */
|
|
pid_t sio_pgid; /* pgid for signals */
|
|
};
|
|
#define sio_proc sio_u.siu_proc
|
|
#define sio_pgrp sio_u.siu_pgrp
|
|
|
|
SLIST_HEAD(sigiolst, sigio);
|
|
|
|
#ifdef _KERNEL
|
|
int closef __P((struct file *fp, struct proc *p));
|
|
int dupfdopen __P((struct proc *p, struct filedesc *fdp, int indx, int dfd, int mode,
|
|
int error));
|
|
int falloc __P((struct proc *p, struct file **resultfp, int *resultfd));
|
|
int fdalloc __P((struct proc *p, int want, int *result));
|
|
int fdavail __P((struct proc *p, int n));
|
|
void fdcloseexec __P((struct proc *p));
|
|
struct filedesc *fdcopy __P((struct proc *p));
|
|
void fdfree __P((struct proc *p));
|
|
struct filedesc *fdinit __P((struct proc *p));
|
|
struct filedesc *fdshare __P((struct proc *p));
|
|
void ffree __P((struct file *fp));
|
|
pid_t fgetown __P((struct sigio *sigio));
|
|
int fsetown __P((pid_t pgid, struct sigio **sigiop));
|
|
void funsetown __P((struct sigio *sigio));
|
|
void funsetownlst __P((struct sigiolst *sigiolst));
|
|
struct file *holdfp __P((struct filedesc *fdp, int fd, int flag));
|
|
int getvnode __P((struct filedesc *fdp, int fd, struct file **fpp));
|
|
void setugidsafety __P((struct proc *p));
|
|
|
|
#endif /* _KERNEL */
|
|
|
|
#endif /* !_SYS_FILEDESC_H_ */
|