1/*
2 * Copyright (c) 2000-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28/* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */
29/*
30 * Copyright (c) 1982, 1986, 1989, 1993
31 * The Regents of the University of California. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. All advertising materials mentioning features or use of this software
42 * must display the following acknowledgement:
43 * This product includes software developed by the University of
44 * California, Berkeley and its contributors.
45 * 4. Neither the name of the University nor the names of its contributors
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 * @(#)file.h 8.3 (Berkeley) 1/9/95
62 */
63
64#ifndef _SYS_FILE_INTERNAL_H_
65#define _SYS_FILE_INTERNAL_H_
66
67#include <sys/appleapiopts.h>
68#include <sys/fcntl.h>
69#include <sys/unistd.h>
70
71#ifdef XNU_KERNEL_PRIVATE
72#include <sys/errno.h>
73#include <sys/queue.h>
74#include <sys/cdefs.h>
75#include <sys/constrained_ctypes.h>
76#include <sys/lock.h>
77#include <sys/file.h>
78#include <sys/filedesc.h>
79#include <sys/guarded.h>
80#include <os/refcnt.h>
81
82__BEGIN_DECLS
83
84#pragma GCC visibility push(hidden)
85
86struct proc;
87struct uio;
88struct knote;
89struct kevent_qos_s;
90struct file;
91#ifndef _KAUTH_CRED_T
92#define _KAUTH_CRED_T
93typedef struct ucred *kauth_cred_t;
94typedef struct posix_cred *posix_cred_t;
95#endif /* !_KAUTH_CRED_T */
96
97__options_decl(fileproc_vflags_t, unsigned int, {
98 FPV_NONE = 0,
99 FPV_DRAIN = 0x01,
100});
101
102__options_decl(fileproc_flags_t, uint16_t, {
103 FP_NONE = 0,
104 FP_CLOEXEC = 0x01,
105 FP_CLOFORK = 0x02,
106 FP_INSELECT = 0x04,
107 FP_AIOISSUED = 0x08,
108 FP_SELCONFLICT = 0x10, /* select conflict on an individual fp */
109});
110
111struct fileproc_guard {
112 struct select_set *fpg_wset;
113 guardid_t fpg_guard;
114};
115
116/*
117 * Kernel descriptor table.
118 * One entry for each open kernel vnode and socket.
119 */
120struct fileproc {
121 os_refcnt_t fp_iocount;
122 _Atomic fileproc_vflags_t fp_vflags;
123 fileproc_flags_t fp_flags;
124 uint16_t fp_guard_attrs;
125 struct fileglob *XNU_PTRAUTH_SIGNED_PTR("fileproc.fp_glob") fp_glob;
126 union {
127 struct select_set *fp_wset; /* fp_guard_attrs == 0 */
128 struct fileproc_guard *XNU_PTRAUTH_SIGNED_PTR("fileproc.fp_guard") fp_guard; /* fp_guard_attrs != 0 */
129 };
130};
131__CCT_DECLARE_CONSTRAINED_PTR_TYPES(struct fileproc, fileproc);
132#define FILEPROC_NULL ((struct fileproc *)0)
133
134/* file types */
135typedef enum {
136 DTYPE_VNODE = 1, /* file */
137 DTYPE_SOCKET, /* communications endpoint */
138 DTYPE_PSXSHM, /* POSIX Shared memory */
139 DTYPE_PSXSEM, /* POSIX Semaphores */
140 DTYPE_KQUEUE, /* kqueue */
141 DTYPE_PIPE, /* pipe */
142 DTYPE_FSEVENTS, /* fsevents */
143 DTYPE_ATALK, /* (obsolete) */
144 DTYPE_NETPOLICY, /* networking policy */
145 DTYPE_CHANNEL, /* Skywalk Channel */
146 DTYPE_NEXUS /* Skywalk Nexus */
147} file_type_t;
148
149/* defines for fg_lflags */
150// was FG_TERM 0x01
151#define FG_INSMSGQ 0x02 /* insert to msgqueue pending .. */
152#define FG_WINSMSGQ 0x04 /* wait for the fielglob is in msgque */
153#define FG_RMMSGQ 0x08 /* the fileglob is being removed from msgqueue */
154#define FG_WRMMSGQ 0x10 /* wait for the fileglob to be removed from msgqueue */
155#define FG_PORTMADE 0x20 /* a port was at some point created for this fileglob */
156#define FG_NOSIGPIPE 0x40 /* don't deliver SIGPIPE with EPIPE return */
157#define FG_OFF_LOCKED 0x80 /* Used as a mutex for offset changes (for vnodes) */
158#define FG_OFF_LOCKWANT 0x100 /* Somebody's wating for the lock */
159#define FG_CONFINED 0x200 /* fileglob confined to process, immutably */
160#define FG_HAS_OFDLOCK 0x400 /* Has or has had an OFD lock */
161
162struct fileops {
163 file_type_t fo_type; /* descriptor type */
164 int (*fo_read) (struct fileproc *fp, struct uio *uio,
165 int flags, vfs_context_t ctx);
166 int (*fo_write) (struct fileproc *fp, struct uio *uio,
167 int flags, vfs_context_t ctx);
168#define FOF_OFFSET 0x00000001 /* offset supplied to vn_write */
169 int (*fo_ioctl)(struct fileproc *fp, u_long com,
170 caddr_t data, vfs_context_t ctx);
171 int (*fo_select) (struct fileproc *fp, int which,
172 void *wql, vfs_context_t ctx);
173 int (*fo_close) (struct fileglob *fg, vfs_context_t ctx);
174 int (*fo_kqfilter) (struct fileproc *fp, struct knote *, struct kevent_qos_s *);
175 int (*fo_drain) (struct fileproc *fp, vfs_context_t ctx);
176};
177
178struct fileglob {
179 LIST_ENTRY(fileglob) f_msglist; /* list of files in unix messages */
180 uint32_t fg_flag; /* (atomic) see fcntl.h */
181 os_ref_atomic_t fg_count; /* reference count */
182 uint32_t fg_msgcount; /* references from message queue */
183 int32_t fg_lflags; /* file global flags */
184 kauth_cred_t XNU_PTRAUTH_SIGNED_PTR("fileglob.fg_cred") fg_cred; /* credentials associated with descriptor */
185 const struct fileops *XNU_PTRAUTH_SIGNED_PTR("fileglob.fg_ops") fg_ops;
186 off_t fg_offset;
187 uintptr_t fg_data; /* vnode or socket or SHM or semaphore */
188 struct fd_vn_data *XNU_PTRAUTH_SIGNED_PTR("fileglob.fg_vn_data") fg_vn_data; /* Per fd vnode data, used for directories */
189 lck_mtx_t fg_lock;
190#if CONFIG_MACF && CONFIG_VNGUARD
191 struct vng_owner *fg_vgo; /* Used by the vnode guard MAC hook */
192#endif
193};
194
195/* Disambiguate OFD ids from flock ids (fileglobs) */
196__pure2
197static inline caddr_t
198ofd_to_id(const struct fileglob *fg)
199{
200 return (caddr_t)~(uintptr_t)fg;
201}
202
203extern int maxfiles; /* kernel limit on number of open files */
204extern int nfiles; /* actual number of open files */
205extern int maxfilesperproc;
206os_refgrp_decl_extern(f_refgrp); /* os_refgrp_t for file refcounts */
207
208#define FILEGLOB_DTYPE(fg) ((const file_type_t)((fg)->fg_ops->fo_type))
209
210#pragma mark files (struct fileglob)
211
212/*!
213 * @function fg_ref
214 *
215 * @brief
216 * Acquire a file reference on the specified file.
217 *
218 * @description
219 * The @c proc must be locked while this operation is being performed
220 * to avoid races with setting the FG_CONFINED flag.
221 *
222 * @param proc
223 * The proc this file reference is taken on behalf of.
224 *
225 * @param fg
226 * The specified file
227 */
228void
229fg_ref(proc_t proc, struct fileglob *fg);
230
231/*!
232 * @function fg_drop_live
233 *
234 * @brief
235 * Drops a file reference on the specified file that isn't the last one.
236 *
237 * @param fg
238 * The file whose reference is being dropped.
239 */
240void
241fg_drop_live(struct fileglob *fg);
242
243/*!
244 * @function fg_drop
245 *
246 * @brief
247 * Drops a file reference on the specified file.
248 *
249 * @discussion
250 * No locks should be held when calling this function.
251 *
252 * @param p
253 * The process making the request,
254 * or PROC_NULL if the file belongs to a message/fileport.
255 *
256 * @param fg
257 * The file being closed.
258 *
259 * @returns
260 * 0 Success
261 * ??? Any error that @c fileops::fo_close can return
262 */
263int
264fg_drop(proc_t p, struct fileglob *fg);
265
266/*!
267 * @function fg_sendable
268 *
269 * @brief
270 * Returns whether a particular file can be sent over IPC.
271 */
272bool
273fg_sendable(struct fileglob *fg);
274
275/*!
276 * @function fg_get_data_volatile
277 *
278 * @brief
279 * Returns the fileglob opaque data pointer.
280 *
281 * @discussion
282 * Unlike @c fg_get_data() this variant will
283 * not be hoisted by the compiler.
284 *
285 * @param fg
286 * The file whose data is being requested.
287 */
288void *
289fg_get_data_volatile(struct fileglob *fg);
290
291/*!
292 * @function fg_get_data
293 *
294 * @brief
295 * Returns the fileglob opaque data pointer.
296 *
297 * @discussion
298 * Unlike @c fg_get_data_volatile() this variant
299 * will be hoisted by the compiler if it is called
300 * repeatedly.
301 *
302 * @param fg
303 * The file whose data is being requested.
304 */
305__pure2
306static inline void *
307fg_get_data(struct fileglob *fg)
308{
309 return fg_get_data_volatile(fg);
310}
311
312/*!
313 * @function fg_set_data
314 *
315 * @brief
316 * Sets the fileglob opaque data pointer.
317 *
318 * @param fg
319 * The file whose data is being set.
320 *
321 * @param fg_data
322 * Opaque file data value
323 */
324void
325fg_set_data(struct fileglob *fg, void *fg_data);
326
327#pragma mark file descriptor entries (struct fileproc)
328
329/*!
330 * @function fg_get_data
331 *
332 * @brief
333 * Returns the fileproc fileglob opaque data pointer.
334 *
335 * @discussion
336 * Unlike @c fp_get_data_volatile() this variant
337 * will be hoisted by the compiler if it is called
338 * repeatedly.
339 *
340 * @param fp
341 * The fileproc whose data is being requested.
342 */
343__pure2
344static inline void *
345fp_get_data(struct fileproc *fp)
346{
347 return fg_get_data(fg: fp->fp_glob);
348}
349
350/*!
351 * @function fp_get_data
352 *
353 * @brief
354 * Returns the fileproc fileglob opaque data pointer.
355 *
356 * @discussion
357 * Unlike @c fp_get_data() this variant will
358 * not be hoisted by the compiler.
359 *
360 * @param fp
361 * The fileproc whose data is being requested.
362 */
363static inline void *
364fp_get_data_volatile(struct fileproc *fp)
365{
366 return fg_get_data_volatile(fg: fp->fp_glob);
367}
368
369/*!
370 * @function fp_set_data
371 *
372 * @brief
373 * Sets the fileproc opaque data pointer.
374 *
375 * @param fp
376 * The fileproc whose data is being set.
377 *
378 * @param fg_data
379 * Opaque file data value
380 */
381static inline void
382fp_set_data(struct fileproc *fp, void *fg_data)
383{
384 fg_set_data(fg: fp->fp_glob, fg_data);
385}
386
387/*!
388 * @function fp_get_ftype
389 *
390 * @brief
391 * Get the fileproc pointer for the given fd from the per process, with the
392 * specified file type, and with an I/O reference.
393 *
394 * @param p
395 * The process in which fd lives.
396 *
397 * @param fd
398 * The file descriptor index to lookup.
399 *
400 * @param ftype
401 * The required file type.
402 *
403 * @param err
404 * The error to return if the file exists but isn't of the specified type.
405 *
406 * @param fpp
407 * The returned fileproc when the call returns 0.
408 *
409 * @returns
410 * 0 Success (@c fpp is set)
411 * EBADF Bad file descriptor
412 * @c err There is an entry, but it isn't of the specified type.
413 */
414extern int
415fp_get_ftype(proc_t p, int fd, file_type_t ftype, int err, struct fileproc **fpp);
416
417/*!
418 * @function fp_get_noref_locked
419 *
420 * @brief
421 * Get the fileproc pointer for the given fd from the per process
422 * open file table without taking an explicit reference on it.
423 *
424 * @description
425 * This function assumes that the @c proc_fdlock is held, as the caller
426 * doesn't hold an I/O reference for the returned fileproc.
427 *
428 * Because there is no reference explicitly taken, the returned
429 * fileproc pointer is only valid so long as the @c proc_fdlock
430 * remains held by the caller.
431 *
432 * @param p
433 * The process in which fd lives.
434 *
435 * @param fd
436 * The file descriptor index to lookup.
437 *
438 * @returns
439 * - the fileproc on success
440 * - FILEPROC_NULL on error
441 */
442extern struct fileproc *
443fp_get_noref_locked(proc_t p, int fd);
444
445/*!
446 * @function fp_get_noref_locked_with_iocount
447 *
448 * @brief
449 * Similar to fp_get_noref_locked(), but allows returning files that are
450 * closing.
451 *
452 * @discussion
453 * Some parts of the kernel take I/O references on fileprocs but only remember
454 * the file descriptor for which they did that.
455 *
456 * These interfaces later need to drop that reference, but if the file is
457 * already closing, then fp_get_noref_locked() will refuse to resolve
458 * the file descriptor.
459 *
460 * This interface allows the lookup (but will assert that the fileproc has
461 * enouhg I/O references).
462 *
463 * @warning
464 * New code should NOT use this function, it is required for interfaces
465 * that acquire iocounts without remembering the fileproc pointer,
466 * which is bad practice.
467 */
468extern struct fileproc *
469fp_get_noref_locked_with_iocount(proc_t p, int fd);
470
471/*!
472 * @function fp_close_and_unlock
473 *
474 * @brief
475 * Close the given file descriptor entry.
476 *
477 * @description
478 * This function assumes that the @c proc_fdlock is held,
479 * and that the caller holds no additional I/O reference
480 * on the specified file descriptor entry.
481 *
482 * The @c proc_fdlock is unlocked upon return.
483 *
484 * @param p The process in which fd lives.
485 * @param p_cred The proc's cred for this operation.
486 * @param fd The file descriptor index being closed.
487 * @param fp The fileproc entry associated with @c fd.
488 * @param flags FD_DUP2RESV or 0.
489 *
490 * @returns
491 * 0 Success
492 * EBADF Bad file descriptor
493 * ??? Any error that @c fileops::fo_close can return.
494 */
495extern int
496fp_close_and_unlock(proc_t p, kauth_cred_t p_cred, int fd, struct fileproc *fp, int flags);
497
498/* wrappers for fp->f_ops->fo_... */
499int fo_read(struct fileproc *fp, struct uio *uio, int flags, vfs_context_t ctx);
500int fo_write(struct fileproc *fp, struct uio *uio, int flags,
501 vfs_context_t ctx);
502int fo_ioctl(struct fileproc *fp, u_long com, caddr_t data, vfs_context_t ctx);
503int fo_select(struct fileproc *fp, int which, void *wql, vfs_context_t ctx);
504int fo_close(struct fileglob *fg, vfs_context_t ctx);
505int fo_drain(struct fileproc *fp, vfs_context_t ctx);
506int fo_kqfilter(struct fileproc *fp, struct knote *kn, struct kevent_qos_s *kev);
507
508/* Functions to use for unsupported fileops */
509int fo_no_read(struct fileproc *fp, struct uio *uio, int flags, vfs_context_t ctx);
510int fo_no_write(struct fileproc *fp, struct uio *uio, int flags,
511 vfs_context_t ctx);
512int fo_no_ioctl(struct fileproc *fp, u_long com, caddr_t data, vfs_context_t ctx);
513int fo_no_select(struct fileproc *fp, int which, void *wql, vfs_context_t ctx);
514int fo_no_drain(struct fileproc *fp, vfs_context_t ctx);
515int fo_no_kqfilter(struct fileproc *, struct knote *, struct kevent_qos_s *kev);
516
517int fp_tryswap(proc_t, int fd, struct fileproc *nfp);
518int fp_drop(struct proc *p, int fd, struct fileproc *fp, int locked);
519void fp_free(struct proc * p, int fd, struct fileproc * fp);
520int fp_lookup(struct proc *p, int fd, struct fileproc **resultfp, int locked);
521int fp_lookup_guarded(struct proc *p, int fd, guardid_t guard, struct fileproc **resultfp, int locked);
522int fp_isguarded(struct fileproc *fp, u_int attribs);
523int fp_guard_exception(proc_t p, int fd, struct fileproc *fp, u_int attribs);
524struct nameidata;
525struct vnode_attr;
526int open1(vfs_context_t ctx, struct nameidata *ndp, int uflags,
527 struct vnode_attr *vap, fp_initfn_t fp_init, void *initarg,
528 int32_t *retval, int authfd);
529int chdir_internal(proc_t p, vfs_context_t ctx, struct nameidata *ndp, int per_thread);
530int kqueue_internal(struct proc *p, fp_initfn_t, void *initarg, int32_t *retval);
531void procfdtbl_releasefd(struct proc * p, int fd, struct fileproc * fp);
532extern struct fileproc *fileproc_alloc_init(void);
533extern void fileproc_free(struct fileproc *fp);
534extern void guarded_fileproc_copy_guard(struct fileproc *ofp, struct fileproc *nfp);
535extern void guarded_fileproc_unguard(struct fileproc *fp);
536extern void fg_vn_data_free(void *fgvndata);
537extern int nameiat(struct nameidata *ndp, int dirfd);
538extern void vn_offset_lock(struct fileglob *fg);
539extern void vn_offset_unlock(struct fileglob *fg);
540extern int falloc_guarded(struct proc *p, struct fileproc **fp, int *fd,
541 vfs_context_t ctx, const guardid_t *guard, u_int attrs);
542extern void fileproc_modify_vflags(struct fileproc *fp, fileproc_vflags_t vflags, boolean_t clearflags);
543fileproc_vflags_t fileproc_get_vflags(struct fileproc *fp);
544
545#pragma mark internal version of syscalls
546
547int fileport_makefd(proc_t p, ipc_port_t port, fileproc_flags_t fp_flags, int *fd);
548int dup2(proc_t p, kauth_cred_t p_cred, int from, int to, int *fd);
549int close_nocancel(proc_t p, kauth_cred_t p_cred, int fd);
550int fchdir(proc_t p, vfs_context_t ctx, int fd, bool per_thread);
551
552#pragma GCC visibility pop
553
554__END_DECLS
555
556#endif /* XNU_KERNEL_PRIVATE */
557
558#endif /* !_SYS_FILE_INTERNAL_H_ */
559