Push solock() down to sosend() for SOCK_RAW sockets.

Raw sockets are the simplest inet sockets, so use them to start landing
`sb_mtx' mutex(9) protection for `so_snd' buffer. Now solock() is taken
only around pru_send*(), the rest of sosend() serialized by sblock() and
`sb_mtx'. The unlocked SS_ISCONNECTED check is fine, because
rip{,6}_send() check it. Also, previously the SS_ISCONNECTED could be
lost due to solock() release around following m_getuio().

ok bluhm

Take solock_shared() in soo_stat().

Only unix(4) and tcp(4) sockets set (*pru_sence)() handler. The rest of
soo_stat() is the read only access.

ok bluhm

Mark `so_rcv' sockbuf of udp(4) sockets as SB_OWNLOCK.

sbappend*() and soreceive() of SB_MTXLOCK marked sockets uses `sb_mtx'
mutex(9) for protection, meanwhile buffer usage check and corresponding
sbwait() sleep still serialized by solock(). Mark udp(4) as SB_OWNLOCK
to avoid solock() serialization and rely to `sb_mtx' mutex(9). The
`sb_state' and `sb_flags' modifications must be protected by `sb_mtx'
too.

ok bluhm

Use `sb_mtx' to protect `so_rcv' receive buffer of unix(4) sockets.

This makes re-locking unnecessary in the uipc_*send() paths, because
it's enough to lock one socket to prevent peer from concurrent
disconnection. As the little bonus, one unix(4) socket can perform
simultaneous transmission and reception with one exception for
uipc_rcvd(), which still requires the re-lock for connection oriented
sockets.

The socket lock is not held while filt_soread() and filt_soexcept()
called from uipc_*send() through sorwakeup(). However, the unlocked
access to the `so_options', `so_state' and `so_error' is fine.

The receiving socket can't be or became listening socket. It also can't
be disconnected concurrently. This makes immutable SO_ACCEPTCONN,
SS_ISDISCONNECTED and SS_ISCONNECTED bits which are clean and set
respectively.

`so_error' is set on the peer sockets only by unp_detach(), which also
can't be called concurrently on sending socket.

This is also true for filt_fiforead() and filt_fifoexcept(). For other
callers like kevent(2) or doaccept() the socket lock is still held.

ok bluhm

return directly to drop needless error variable; OK mvs

Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of
receive buffer. As it was done for SS_CANTSENDMORE bit, the definition
kept as is, but now these bits belongs to the `sb_state' of receive
buffer. `sb_state' ored with `so_state' when socket data exporting to the
userland.

ok bluhm@

Introduce per-sockbuf `sb_state' to use it with SS_CANTSENDMORE.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state.

Opposing the previous reverted diff, the SS_CANTSENDMORE definition left
as is, but it used only with `sb_state'. `sb_state' ored with original
`so_state' when socket's data exported to the userland, so the ABI kept as
it was.

Inputs from deraadt@.

ok bluhm@

Revert sb_state changes to unbreak tree.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state. Introduce `sb_state' and
turn SS_CANTSENDMORE to SBS_CANTSENDMORE. This bit will be processed on
`so_snd' buffer only.

Move SS_CANTRCVMORE and SS_RCVATMARK bits with separate diff to make
review easier and exclude possible so_rcv/so_snd mistypes.

Also, don't adjust the remaining SS_* bits right now.

ok millert@

Push kernel lock into pru_control() aka. in6_control() / in_control()

so->so_state is already read without kernel lock inside soo_ioctl()
which calls pru_control() aka in6_control() and in_control().

OK mvs

Push kernel lock down into ifioctl()

This is a mechanical diff without semantical changes, locking ioctls
individually inside ifioctl() rather than all of them around it.

This allows us to unlock ioctls one by one.

OK mpi

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

remove unneeded includes in sys/kern
ok mpi@ miod@

Introduce the pru_*() wrappers for corresponding (*pr_usrreq)() calls.

This is helpful for the following (*pr_usrreq)() split to multiple
handlers. But right now this makes code more readable.

Also add '#ifndef _SYS_SOCKETVAR_H_' to sys/socketvar.h. This prevents the
collisions when both sys/protosw.h and sys/socketvar.h are included
together. Both 'socket' and 'protosw' structures are required to be
defined before pru_*() wrappers, so we need to include sys/socketvar.h to
sys/protosw.h.

ok bluhm@

Remove unused struct fileops field fo_poll and callbacks.

OK mpi@

Simplify solock() and sounlock(). There is no reason to return a value
for the lock operation and to pass a value to the unlock operation.
sofree() still needs an extra flag to know if sounlock() should be called
or not. But sofree() is called less often and mostly without keeping the lock.
OK mpi@ mvs@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

use NULL not 0 for pointer values in kern
ok semarie@

Kill SS_ASYNC and only check SB_ASYNC when async signals are wanted.

This socket flag was redundant with the socket buffer one.

ok mvs@

In preparation for unlocking ioctl(2), grab the kernel lock as needed.

ok kettenis@ mpi@ visa@

Unify handling of ioctls FIOSETOWN/SIOCSPGRP/TIOCSPGRP and
FIOGETOWN/SIOCGPGRP/TIOCGPGRP. Do this by determining the meaning of
the ID parameter inside the sigio code. Also add cases for FIOSETOWN
and FIOGETOWN where there have been TIOCSPGRP and TIOCGPGRP before.
These changes allow removing the ID translation from sys_fcntl() and
sys_ioctl().

Idea from NetBSD

OK mpi@, claudio@

Constify instances of struct fileops.

OK anton@, mpi@, bluhm@

Utilize sigio with sockets.

OK mpi@

Reorder checks in the read/write(2) family of syscalls to prepare making
file operations mp-safe.

This change makes it clear that `f_offset' is only accessed in vn_read()
and vn_write(), which will help taking it out of the KERNEL_LOCK().

This refactoring uncovered a race in vn_read() which is now documented
and will be addressed in a later diff.

ok visa@

Use FNONBLOCK instead of SS_NBIO to check/indicate that the I/O mode
for sockets is non-blocking.

This allows us to G/C SS_NBIO. Having to keep the two flags in sync
in a mp-safe way is complicated.

This change introduce a behavior change in sosplice(), it can now
always block. However this should not matter much due to the socket
lock being taken beforhand.

ok bluhm@, benno@, visa@

Move socket & pipe specific logic in their ioctl handler.

ok visa@, tb@

Pass the socket to sounlock(), this prepare the terrain for per-socket
locking.

ok visa@, bluhm@

Remove solock() surrounding PRU_CONTROL in soo_ioctl().

We do not need the lock there.
Missed this in my former commit pushing NET_LOCK() down the stack.

Found the hard way by naddy@, sorry!

OK mpi@.

Convert 'struct fileops' definitions to C99.

ok millert@, deraadt@, florian@

Move SB_SPLICE, SB_WAIT and SB_SEL to `sb_flags', serialized by solock().

SB_KNOTE remains the only bit set on `sb_flagsintr' as it is set/unset in
contexts related to kqueue(2) where we'd like to avoid grabbing solock().

While here add some KERNEL_LOCK()/UNLOCK() dances around selwakeup() and
csignal() to mark which remaining functions need to be addressed in the
socket layer.

ok visa@, bluhm@

Push the NET_LOCK into ifioctl() and use the NET_RLOCK in ifioctl_get().
In particular, this allows SIOCGIF* requests to run in parallel.

lots of help & ok mpi, ok visa, sashan

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Grab the socket lock in soo_ioctl() where `so_state', `so_rcv'
and `so_snd' are modified.

ok bluhm@, visa@

Extend the scope of the socket lock in soo_stat() to protect `so_state'
and `so_rcv'.

ok bluhm@, claudio@, visa@

Do not grab the NET_LOCK() when poll(2)ing on unix domain sockets.

Fix the 'X freeze' while scanning with wireless interfaces. Problem
reported by pirofti@.

ok tb@, bluhm@

Wrap the NET_LOCK() into a per-socket solock() that does nothing for
unix domain sockets.

This should prevent the multiple deadlock related to unix domain sockets.

Inputs from millert@ and bluhm@, ok bluhm@

Remove the inifioctl hack, checking for an unheld NET_LOCK() in
tsleep(9) & friends seem to only produce false positives and cannot
be easily disabled.

Introduce a hack to remove false-positives when looking for memory
allocation that can sleep while holding the NET_LOCK().

To be removed once we're confident the remaining code paths are safe.

Discussed with deraadt@

Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.

This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.

Inputs from and ok bluhm@, ok dlg@

Enforce that ifioctl() is called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@

Kill rtioctl() stub, returning EOPNOTSUPP since tree import.

ok jsg@

Enforce that pr_usrreq functions are called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@, claudio@

Separate splsoftnet() from variable initialization.
From mpi@'s netlock diff; OK mikeb@

remove stale lint annotations

test mbuf pointers against NULL not 0
ok krw@ miod@

bzero -> memset. for the speeds.

Eliminates struct pcred by moving the real and saved ugids into
struct ucred; struct process then directly links to the ucred

Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.

ok matthew@

poll(2) on a socket should set POLLHUP on EOF. This makes the
behavior of socketpair(2) match that of pipe(2) when the other end
is closed. OK guenther@

remove some obsolete casts

Changing the socket buffer flags sb_flags was not interrupt safe
as |= and &= are non-atomic operations. To avoid additional locks,
put the flags that have to be accessed from interrupt into a separate
sb_flagsintr 32 bit integer field. sb_flagsintr is protected by
splsoftnet.
Input from miod@ deraadt@; OK deraadt@

fix PR 6082: do not create more fd's than will fit in the message on
the receiving side when passing fd's. ok deraadt@ kettenis@

A closed, disconnected, or otherwise failed socket is still a socket
and should return stat information instead of EINVAL from deep in the
guts of tcp_usrreq. While there, put some more information into struct
stat, inspired by FreeBSD. EINVAL problem reported in PR 5943

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

exclude control data from the number of bytes returned by FIONREAD ioctl()
by adding a sb_datacc count to sockbuf that counts data excluding
MT_CONTROL and MT_SONAME mbuf types. w/help from deraadt@.
okay deraadt@ claudio@

ansi/deregister. No binary change.

Replace select backends with poll backends. selscan() and pollscan()
now call the poll backend. With this change we implement greater
poll(2) functionality instead of emulating it via the select backend.
Adapted from NetBSD and including some changes from FreeBSD.
Tested by many, deraadt@ OK

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Add a fo_stat member to struct fileops. Used soon.
Also add a stat function for kqueue from FreeBSD.

More generic arguments to soo_stat.

port kqueue changes from freebsd, plus all required openbsd glue.
okay deraadt@, millert@
from jlemon@freebsd.org:
extend kqueue down to the device layer, backwards compatible approach
suggested by peter@freebsd.org

Change struct file interface methods read and write to pass file offset in
and out.

Make pread/pwrite in netbsd & linux thread safe - which is the whole point
anyway.

branches: 1.3.12;
for non-tty TIOCSPGRP/F_SETOWN/FIOSETOWN pgid setting calls, store uid
and euid as well, then deliver them using new csignal() interface
which ensures that pgid setting process is permitted to signal the
pgid process(es). Thanks to newsham@aloha.net for extensive help and
discussion.

OpenBSD tags

branches: 1.1.1;
Initial revision

Take solock_shared() in soo_stat().

Only unix(4) and tcp(4) sockets set (*pru_sence)() handler. The rest of
soo_stat() is the read only access.

ok bluhm

Mark `so_rcv' sockbuf of udp(4) sockets as SB_OWNLOCK.

sbappend*() and soreceive() of SB_MTXLOCK marked sockets uses `sb_mtx'
mutex(9) for protection, meanwhile buffer usage check and corresponding
sbwait() sleep still serialized by solock(). Mark udp(4) as SB_OWNLOCK
to avoid solock() serialization and rely to `sb_mtx' mutex(9). The
`sb_state' and `sb_flags' modifications must be protected by `sb_mtx'
too.

ok bluhm

Use `sb_mtx' to protect `so_rcv' receive buffer of unix(4) sockets.

This makes re-locking unnecessary in the uipc_*send() paths, because
it's enough to lock one socket to prevent peer from concurrent
disconnection. As the little bonus, one unix(4) socket can perform
simultaneous transmission and reception with one exception for
uipc_rcvd(), which still requires the re-lock for connection oriented
sockets.

The socket lock is not held while filt_soread() and filt_soexcept()
called from uipc_*send() through sorwakeup(). However, the unlocked
access to the `so_options', `so_state' and `so_error' is fine.

The receiving socket can't be or became listening socket. It also can't
be disconnected concurrently. This makes immutable SO_ACCEPTCONN,
SS_ISDISCONNECTED and SS_ISCONNECTED bits which are clean and set
respectively.

`so_error' is set on the peer sockets only by unp_detach(), which also
can't be called concurrently on sending socket.

This is also true for filt_fiforead() and filt_fifoexcept(). For other
callers like kevent(2) or doaccept() the socket lock is still held.

ok bluhm

return directly to drop needless error variable; OK mvs

Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of
receive buffer. As it was done for SS_CANTSENDMORE bit, the definition
kept as is, but now these bits belongs to the `sb_state' of receive
buffer. `sb_state' ored with `so_state' when socket data exporting to the
userland.

ok bluhm@

Introduce per-sockbuf `sb_state' to use it with SS_CANTSENDMORE.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state.

Opposing the previous reverted diff, the SS_CANTSENDMORE definition left
as is, but it used only with `sb_state'. `sb_state' ored with original
`so_state' when socket's data exported to the userland, so the ABI kept as
it was.

Inputs from deraadt@.

ok bluhm@

Revert sb_state changes to unbreak tree.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state. Introduce `sb_state' and
turn SS_CANTSENDMORE to SBS_CANTSENDMORE. This bit will be processed on
`so_snd' buffer only.

Move SS_CANTRCVMORE and SS_RCVATMARK bits with separate diff to make
review easier and exclude possible so_rcv/so_snd mistypes.

Also, don't adjust the remaining SS_* bits right now.

ok millert@

Push kernel lock into pru_control() aka. in6_control() / in_control()

so->so_state is already read without kernel lock inside soo_ioctl()
which calls pru_control() aka in6_control() and in_control().

OK mvs

Push kernel lock down into ifioctl()

This is a mechanical diff without semantical changes, locking ioctls
individually inside ifioctl() rather than all of them around it.

This allows us to unlock ioctls one by one.

OK mpi

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

remove unneeded includes in sys/kern
ok mpi@ miod@

Introduce the pru_*() wrappers for corresponding (*pr_usrreq)() calls.

This is helpful for the following (*pr_usrreq)() split to multiple
handlers. But right now this makes code more readable.

Also add '#ifndef _SYS_SOCKETVAR_H_' to sys/socketvar.h. This prevents the
collisions when both sys/protosw.h and sys/socketvar.h are included
together. Both 'socket' and 'protosw' structures are required to be
defined before pru_*() wrappers, so we need to include sys/socketvar.h to
sys/protosw.h.

ok bluhm@

Remove unused struct fileops field fo_poll and callbacks.

OK mpi@

Simplify solock() and sounlock(). There is no reason to return a value
for the lock operation and to pass a value to the unlock operation.
sofree() still needs an extra flag to know if sounlock() should be called
or not. But sofree() is called less often and mostly without keeping the lock.
OK mpi@ mvs@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

use NULL not 0 for pointer values in kern
ok semarie@

Kill SS_ASYNC and only check SB_ASYNC when async signals are wanted.

This socket flag was redundant with the socket buffer one.

ok mvs@

In preparation for unlocking ioctl(2), grab the kernel lock as needed.

ok kettenis@ mpi@ visa@

Unify handling of ioctls FIOSETOWN/SIOCSPGRP/TIOCSPGRP and
FIOGETOWN/SIOCGPGRP/TIOCGPGRP. Do this by determining the meaning of
the ID parameter inside the sigio code. Also add cases for FIOSETOWN
and FIOGETOWN where there have been TIOCSPGRP and TIOCGPGRP before.
These changes allow removing the ID translation from sys_fcntl() and
sys_ioctl().

Idea from NetBSD

OK mpi@, claudio@

Constify instances of struct fileops.

OK anton@, mpi@, bluhm@

Utilize sigio with sockets.

OK mpi@

Reorder checks in the read/write(2) family of syscalls to prepare making
file operations mp-safe.

This change makes it clear that `f_offset' is only accessed in vn_read()
and vn_write(), which will help taking it out of the KERNEL_LOCK().

This refactoring uncovered a race in vn_read() which is now documented
and will be addressed in a later diff.

ok visa@

Use FNONBLOCK instead of SS_NBIO to check/indicate that the I/O mode
for sockets is non-blocking.

This allows us to G/C SS_NBIO. Having to keep the two flags in sync
in a mp-safe way is complicated.

This change introduce a behavior change in sosplice(), it can now
always block. However this should not matter much due to the socket
lock being taken beforhand.

ok bluhm@, benno@, visa@

Move socket & pipe specific logic in their ioctl handler.

ok visa@, tb@

Pass the socket to sounlock(), this prepare the terrain for per-socket
locking.

ok visa@, bluhm@

Remove solock() surrounding PRU_CONTROL in soo_ioctl().

We do not need the lock there.
Missed this in my former commit pushing NET_LOCK() down the stack.

Found the hard way by naddy@, sorry!

OK mpi@.

Convert 'struct fileops' definitions to C99.

ok millert@, deraadt@, florian@

Move SB_SPLICE, SB_WAIT and SB_SEL to `sb_flags', serialized by solock().

SB_KNOTE remains the only bit set on `sb_flagsintr' as it is set/unset in
contexts related to kqueue(2) where we'd like to avoid grabbing solock().

While here add some KERNEL_LOCK()/UNLOCK() dances around selwakeup() and
csignal() to mark which remaining functions need to be addressed in the
socket layer.

ok visa@, bluhm@

Push the NET_LOCK into ifioctl() and use the NET_RLOCK in ifioctl_get().
In particular, this allows SIOCGIF* requests to run in parallel.

lots of help & ok mpi, ok visa, sashan

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Grab the socket lock in soo_ioctl() where `so_state', `so_rcv'
and `so_snd' are modified.

ok bluhm@, visa@

Extend the scope of the socket lock in soo_stat() to protect `so_state'
and `so_rcv'.

ok bluhm@, claudio@, visa@

Do not grab the NET_LOCK() when poll(2)ing on unix domain sockets.

Fix the 'X freeze' while scanning with wireless interfaces. Problem
reported by pirofti@.

ok tb@, bluhm@

Wrap the NET_LOCK() into a per-socket solock() that does nothing for
unix domain sockets.

This should prevent the multiple deadlock related to unix domain sockets.

Inputs from millert@ and bluhm@, ok bluhm@

Remove the inifioctl hack, checking for an unheld NET_LOCK() in
tsleep(9) & friends seem to only produce false positives and cannot
be easily disabled.

Introduce a hack to remove false-positives when looking for memory
allocation that can sleep while holding the NET_LOCK().

To be removed once we're confident the remaining code paths are safe.

Discussed with deraadt@

Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.

This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.

Inputs from and ok bluhm@, ok dlg@

Enforce that ifioctl() is called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@

Kill rtioctl() stub, returning EOPNOTSUPP since tree import.

ok jsg@

Enforce that pr_usrreq functions are called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@, claudio@

Separate splsoftnet() from variable initialization.
From mpi@'s netlock diff; OK mikeb@

remove stale lint annotations

test mbuf pointers against NULL not 0
ok krw@ miod@

bzero -> memset. for the speeds.

Eliminates struct pcred by moving the real and saved ugids into
struct ucred; struct process then directly links to the ucred

Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.

ok matthew@

poll(2) on a socket should set POLLHUP on EOF. This makes the
behavior of socketpair(2) match that of pipe(2) when the other end
is closed. OK guenther@

remove some obsolete casts

Changing the socket buffer flags sb_flags was not interrupt safe
as |= and &= are non-atomic operations. To avoid additional locks,
put the flags that have to be accessed from interrupt into a separate
sb_flagsintr 32 bit integer field. sb_flagsintr is protected by
splsoftnet.
Input from miod@ deraadt@; OK deraadt@

fix PR 6082: do not create more fd's than will fit in the message on
the receiving side when passing fd's. ok deraadt@ kettenis@

A closed, disconnected, or otherwise failed socket is still a socket
and should return stat information instead of EINVAL from deep in the
guts of tcp_usrreq. While there, put some more information into struct
stat, inspired by FreeBSD. EINVAL problem reported in PR 5943

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

exclude control data from the number of bytes returned by FIONREAD ioctl()
by adding a sb_datacc count to sockbuf that counts data excluding
MT_CONTROL and MT_SONAME mbuf types. w/help from deraadt@.
okay deraadt@ claudio@

ansi/deregister. No binary change.

Replace select backends with poll backends. selscan() and pollscan()
now call the poll backend. With this change we implement greater
poll(2) functionality instead of emulating it via the select backend.
Adapted from NetBSD and including some changes from FreeBSD.
Tested by many, deraadt@ OK

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Add a fo_stat member to struct fileops. Used soon.
Also add a stat function for kqueue from FreeBSD.

More generic arguments to soo_stat.

port kqueue changes from freebsd, plus all required openbsd glue.
okay deraadt@, millert@
from jlemon@freebsd.org:
extend kqueue down to the device layer, backwards compatible approach
suggested by peter@freebsd.org

Change struct file interface methods read and write to pass file offset in
and out.

Make pread/pwrite in netbsd & linux thread safe - which is the whole point
anyway.

branches: 1.3.12;
for non-tty TIOCSPGRP/F_SETOWN/FIOSETOWN pgid setting calls, store uid
and euid as well, then deliver them using new csignal() interface
which ensures that pgid setting process is permitted to signal the
pgid process(es). Thanks to newsham@aloha.net for extensive help and
discussion.

OpenBSD tags

branches: 1.1.1;
Initial revision

Mark `so_rcv' sockbuf of udp(4) sockets as SB_OWNLOCK.

sbappend*() and soreceive() of SB_MTXLOCK marked sockets uses `sb_mtx'
mutex(9) for protection, meanwhile buffer usage check and corresponding
sbwait() sleep still serialized by solock(). Mark udp(4) as SB_OWNLOCK
to avoid solock() serialization and rely to `sb_mtx' mutex(9). The
`sb_state' and `sb_flags' modifications must be protected by `sb_mtx'
too.

ok bluhm

Use `sb_mtx' to protect `so_rcv' receive buffer of unix(4) sockets.

This makes re-locking unnecessary in the uipc_*send() paths, because
it's enough to lock one socket to prevent peer from concurrent
disconnection. As the little bonus, one unix(4) socket can perform
simultaneous transmission and reception with one exception for
uipc_rcvd(), which still requires the re-lock for connection oriented
sockets.

The socket lock is not held while filt_soread() and filt_soexcept()
called from uipc_*send() through sorwakeup(). However, the unlocked
access to the `so_options', `so_state' and `so_error' is fine.

The receiving socket can't be or became listening socket. It also can't
be disconnected concurrently. This makes immutable SO_ACCEPTCONN,
SS_ISDISCONNECTED and SS_ISCONNECTED bits which are clean and set
respectively.

`so_error' is set on the peer sockets only by unp_detach(), which also
can't be called concurrently on sending socket.

This is also true for filt_fiforead() and filt_fifoexcept(). For other
callers like kevent(2) or doaccept() the socket lock is still held.

ok bluhm

return directly to drop needless error variable; OK mvs

Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of
receive buffer. As it was done for SS_CANTSENDMORE bit, the definition
kept as is, but now these bits belongs to the `sb_state' of receive
buffer. `sb_state' ored with `so_state' when socket data exporting to the
userland.

ok bluhm@

Introduce per-sockbuf `sb_state' to use it with SS_CANTSENDMORE.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state.

Opposing the previous reverted diff, the SS_CANTSENDMORE definition left
as is, but it used only with `sb_state'. `sb_state' ored with original
`so_state' when socket's data exported to the userland, so the ABI kept as
it was.

Inputs from deraadt@.

ok bluhm@

Revert sb_state changes to unbreak tree.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state. Introduce `sb_state' and
turn SS_CANTSENDMORE to SBS_CANTSENDMORE. This bit will be processed on
`so_snd' buffer only.

Move SS_CANTRCVMORE and SS_RCVATMARK bits with separate diff to make
review easier and exclude possible so_rcv/so_snd mistypes.

Also, don't adjust the remaining SS_* bits right now.

ok millert@

Push kernel lock into pru_control() aka. in6_control() / in_control()

so->so_state is already read without kernel lock inside soo_ioctl()
which calls pru_control() aka in6_control() and in_control().

OK mvs

Push kernel lock down into ifioctl()

This is a mechanical diff without semantical changes, locking ioctls
individually inside ifioctl() rather than all of them around it.

This allows us to unlock ioctls one by one.

OK mpi

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

remove unneeded includes in sys/kern
ok mpi@ miod@

Introduce the pru_*() wrappers for corresponding (*pr_usrreq)() calls.

This is helpful for the following (*pr_usrreq)() split to multiple
handlers. But right now this makes code more readable.

Also add '#ifndef _SYS_SOCKETVAR_H_' to sys/socketvar.h. This prevents the
collisions when both sys/protosw.h and sys/socketvar.h are included
together. Both 'socket' and 'protosw' structures are required to be
defined before pru_*() wrappers, so we need to include sys/socketvar.h to
sys/protosw.h.

ok bluhm@

Remove unused struct fileops field fo_poll and callbacks.

OK mpi@

Simplify solock() and sounlock(). There is no reason to return a value
for the lock operation and to pass a value to the unlock operation.
sofree() still needs an extra flag to know if sounlock() should be called
or not. But sofree() is called less often and mostly without keeping the lock.
OK mpi@ mvs@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

use NULL not 0 for pointer values in kern
ok semarie@

Kill SS_ASYNC and only check SB_ASYNC when async signals are wanted.

This socket flag was redundant with the socket buffer one.

ok mvs@

In preparation for unlocking ioctl(2), grab the kernel lock as needed.

ok kettenis@ mpi@ visa@

Unify handling of ioctls FIOSETOWN/SIOCSPGRP/TIOCSPGRP and
FIOGETOWN/SIOCGPGRP/TIOCGPGRP. Do this by determining the meaning of
the ID parameter inside the sigio code. Also add cases for FIOSETOWN
and FIOGETOWN where there have been TIOCSPGRP and TIOCGPGRP before.
These changes allow removing the ID translation from sys_fcntl() and
sys_ioctl().

Idea from NetBSD

OK mpi@, claudio@

Constify instances of struct fileops.

OK anton@, mpi@, bluhm@

Utilize sigio with sockets.

OK mpi@

Reorder checks in the read/write(2) family of syscalls to prepare making
file operations mp-safe.

This change makes it clear that `f_offset' is only accessed in vn_read()
and vn_write(), which will help taking it out of the KERNEL_LOCK().

This refactoring uncovered a race in vn_read() which is now documented
and will be addressed in a later diff.

ok visa@

Use FNONBLOCK instead of SS_NBIO to check/indicate that the I/O mode
for sockets is non-blocking.

This allows us to G/C SS_NBIO. Having to keep the two flags in sync
in a mp-safe way is complicated.

This change introduce a behavior change in sosplice(), it can now
always block. However this should not matter much due to the socket
lock being taken beforhand.

ok bluhm@, benno@, visa@

Move socket & pipe specific logic in their ioctl handler.

ok visa@, tb@

Pass the socket to sounlock(), this prepare the terrain for per-socket
locking.

ok visa@, bluhm@

Remove solock() surrounding PRU_CONTROL in soo_ioctl().

We do not need the lock there.
Missed this in my former commit pushing NET_LOCK() down the stack.

Found the hard way by naddy@, sorry!

OK mpi@.

Convert 'struct fileops' definitions to C99.

ok millert@, deraadt@, florian@

Move SB_SPLICE, SB_WAIT and SB_SEL to `sb_flags', serialized by solock().

SB_KNOTE remains the only bit set on `sb_flagsintr' as it is set/unset in
contexts related to kqueue(2) where we'd like to avoid grabbing solock().

While here add some KERNEL_LOCK()/UNLOCK() dances around selwakeup() and
csignal() to mark which remaining functions need to be addressed in the
socket layer.

ok visa@, bluhm@

Push the NET_LOCK into ifioctl() and use the NET_RLOCK in ifioctl_get().
In particular, this allows SIOCGIF* requests to run in parallel.

lots of help & ok mpi, ok visa, sashan

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Grab the socket lock in soo_ioctl() where `so_state', `so_rcv'
and `so_snd' are modified.

ok bluhm@, visa@

Extend the scope of the socket lock in soo_stat() to protect `so_state'
and `so_rcv'.

ok bluhm@, claudio@, visa@

Do not grab the NET_LOCK() when poll(2)ing on unix domain sockets.

Fix the 'X freeze' while scanning with wireless interfaces. Problem
reported by pirofti@.

ok tb@, bluhm@

Wrap the NET_LOCK() into a per-socket solock() that does nothing for
unix domain sockets.

This should prevent the multiple deadlock related to unix domain sockets.

Inputs from millert@ and bluhm@, ok bluhm@

Remove the inifioctl hack, checking for an unheld NET_LOCK() in
tsleep(9) & friends seem to only produce false positives and cannot
be easily disabled.

Introduce a hack to remove false-positives when looking for memory
allocation that can sleep while holding the NET_LOCK().

To be removed once we're confident the remaining code paths are safe.

Discussed with deraadt@

Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.

This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.

Inputs from and ok bluhm@, ok dlg@

Enforce that ifioctl() is called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@

Kill rtioctl() stub, returning EOPNOTSUPP since tree import.

ok jsg@

Enforce that pr_usrreq functions are called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@, claudio@

Separate splsoftnet() from variable initialization.
From mpi@'s netlock diff; OK mikeb@

remove stale lint annotations

test mbuf pointers against NULL not 0
ok krw@ miod@

bzero -> memset. for the speeds.

Eliminates struct pcred by moving the real and saved ugids into
struct ucred; struct process then directly links to the ucred

Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.

ok matthew@

poll(2) on a socket should set POLLHUP on EOF. This makes the
behavior of socketpair(2) match that of pipe(2) when the other end
is closed. OK guenther@

remove some obsolete casts

Changing the socket buffer flags sb_flags was not interrupt safe
as |= and &= are non-atomic operations. To avoid additional locks,
put the flags that have to be accessed from interrupt into a separate
sb_flagsintr 32 bit integer field. sb_flagsintr is protected by
splsoftnet.
Input from miod@ deraadt@; OK deraadt@

fix PR 6082: do not create more fd's than will fit in the message on
the receiving side when passing fd's. ok deraadt@ kettenis@

A closed, disconnected, or otherwise failed socket is still a socket
and should return stat information instead of EINVAL from deep in the
guts of tcp_usrreq. While there, put some more information into struct
stat, inspired by FreeBSD. EINVAL problem reported in PR 5943

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

exclude control data from the number of bytes returned by FIONREAD ioctl()
by adding a sb_datacc count to sockbuf that counts data excluding
MT_CONTROL and MT_SONAME mbuf types. w/help from deraadt@.
okay deraadt@ claudio@

ansi/deregister. No binary change.

Replace select backends with poll backends. selscan() and pollscan()
now call the poll backend. With this change we implement greater
poll(2) functionality instead of emulating it via the select backend.
Adapted from NetBSD and including some changes from FreeBSD.
Tested by many, deraadt@ OK

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Add a fo_stat member to struct fileops. Used soon.
Also add a stat function for kqueue from FreeBSD.

More generic arguments to soo_stat.

port kqueue changes from freebsd, plus all required openbsd glue.
okay deraadt@, millert@
from jlemon@freebsd.org:
extend kqueue down to the device layer, backwards compatible approach
suggested by peter@freebsd.org

Change struct file interface methods read and write to pass file offset in
and out.

Make pread/pwrite in netbsd & linux thread safe - which is the whole point
anyway.

branches: 1.3.12;
for non-tty TIOCSPGRP/F_SETOWN/FIOSETOWN pgid setting calls, store uid
and euid as well, then deliver them using new csignal() interface
which ensures that pgid setting process is permitted to signal the
pgid process(es). Thanks to newsham@aloha.net for extensive help and
discussion.

OpenBSD tags

branches: 1.1.1;
Initial revision

Use `sb_mtx' to protect `so_rcv' receive buffer of unix(4) sockets.

This makes re-locking unnecessary in the uipc_*send() paths, because
it's enough to lock one socket to prevent peer from concurrent
disconnection. As the little bonus, one unix(4) socket can perform
simultaneous transmission and reception with one exception for
uipc_rcvd(), which still requires the re-lock for connection oriented
sockets.

The socket lock is not held while filt_soread() and filt_soexcept()
called from uipc_*send() through sorwakeup(). However, the unlocked
access to the `so_options', `so_state' and `so_error' is fine.

The receiving socket can't be or became listening socket. It also can't
be disconnected concurrently. This makes immutable SO_ACCEPTCONN,
SS_ISDISCONNECTED and SS_ISCONNECTED bits which are clean and set
respectively.

`so_error' is set on the peer sockets only by unp_detach(), which also
can't be called concurrently on sending socket.

This is also true for filt_fiforead() and filt_fifoexcept(). For other
callers like kevent(2) or doaccept() the socket lock is still held.

ok bluhm

return directly to drop needless error variable; OK mvs

Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of
receive buffer. As it was done for SS_CANTSENDMORE bit, the definition
kept as is, but now these bits belongs to the `sb_state' of receive
buffer. `sb_state' ored with `so_state' when socket data exporting to the
userland.

ok bluhm@

Introduce per-sockbuf `sb_state' to use it with SS_CANTSENDMORE.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state.

Opposing the previous reverted diff, the SS_CANTSENDMORE definition left
as is, but it used only with `sb_state'. `sb_state' ored with original
`so_state' when socket's data exported to the userland, so the ABI kept as
it was.

Inputs from deraadt@.

ok bluhm@

Revert sb_state changes to unbreak tree.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state. Introduce `sb_state' and
turn SS_CANTSENDMORE to SBS_CANTSENDMORE. This bit will be processed on
`so_snd' buffer only.

Move SS_CANTRCVMORE and SS_RCVATMARK bits with separate diff to make
review easier and exclude possible so_rcv/so_snd mistypes.

Also, don't adjust the remaining SS_* bits right now.

ok millert@

Push kernel lock into pru_control() aka. in6_control() / in_control()

so->so_state is already read without kernel lock inside soo_ioctl()
which calls pru_control() aka in6_control() and in_control().

OK mvs

Push kernel lock down into ifioctl()

This is a mechanical diff without semantical changes, locking ioctls
individually inside ifioctl() rather than all of them around it.

This allows us to unlock ioctls one by one.

OK mpi

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

remove unneeded includes in sys/kern
ok mpi@ miod@

Introduce the pru_*() wrappers for corresponding (*pr_usrreq)() calls.

This is helpful for the following (*pr_usrreq)() split to multiple
handlers. But right now this makes code more readable.

Also add '#ifndef _SYS_SOCKETVAR_H_' to sys/socketvar.h. This prevents the
collisions when both sys/protosw.h and sys/socketvar.h are included
together. Both 'socket' and 'protosw' structures are required to be
defined before pru_*() wrappers, so we need to include sys/socketvar.h to
sys/protosw.h.

ok bluhm@

Remove unused struct fileops field fo_poll and callbacks.

OK mpi@

Simplify solock() and sounlock(). There is no reason to return a value
for the lock operation and to pass a value to the unlock operation.
sofree() still needs an extra flag to know if sounlock() should be called
or not. But sofree() is called less often and mostly without keeping the lock.
OK mpi@ mvs@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

use NULL not 0 for pointer values in kern
ok semarie@

Kill SS_ASYNC and only check SB_ASYNC when async signals are wanted.

This socket flag was redundant with the socket buffer one.

ok mvs@

In preparation for unlocking ioctl(2), grab the kernel lock as needed.

ok kettenis@ mpi@ visa@

Unify handling of ioctls FIOSETOWN/SIOCSPGRP/TIOCSPGRP and
FIOGETOWN/SIOCGPGRP/TIOCGPGRP. Do this by determining the meaning of
the ID parameter inside the sigio code. Also add cases for FIOSETOWN
and FIOGETOWN where there have been TIOCSPGRP and TIOCGPGRP before.
These changes allow removing the ID translation from sys_fcntl() and
sys_ioctl().

Idea from NetBSD

OK mpi@, claudio@

Constify instances of struct fileops.

OK anton@, mpi@, bluhm@

Utilize sigio with sockets.

OK mpi@

Reorder checks in the read/write(2) family of syscalls to prepare making
file operations mp-safe.

This change makes it clear that `f_offset' is only accessed in vn_read()
and vn_write(), which will help taking it out of the KERNEL_LOCK().

This refactoring uncovered a race in vn_read() which is now documented
and will be addressed in a later diff.

ok visa@

Use FNONBLOCK instead of SS_NBIO to check/indicate that the I/O mode
for sockets is non-blocking.

This allows us to G/C SS_NBIO. Having to keep the two flags in sync
in a mp-safe way is complicated.

This change introduce a behavior change in sosplice(), it can now
always block. However this should not matter much due to the socket
lock being taken beforhand.

ok bluhm@, benno@, visa@

Move socket & pipe specific logic in their ioctl handler.

ok visa@, tb@

Pass the socket to sounlock(), this prepare the terrain for per-socket
locking.

ok visa@, bluhm@

Remove solock() surrounding PRU_CONTROL in soo_ioctl().

We do not need the lock there.
Missed this in my former commit pushing NET_LOCK() down the stack.

Found the hard way by naddy@, sorry!

OK mpi@.

Convert 'struct fileops' definitions to C99.

ok millert@, deraadt@, florian@

Move SB_SPLICE, SB_WAIT and SB_SEL to `sb_flags', serialized by solock().

SB_KNOTE remains the only bit set on `sb_flagsintr' as it is set/unset in
contexts related to kqueue(2) where we'd like to avoid grabbing solock().

While here add some KERNEL_LOCK()/UNLOCK() dances around selwakeup() and
csignal() to mark which remaining functions need to be addressed in the
socket layer.

ok visa@, bluhm@

Push the NET_LOCK into ifioctl() and use the NET_RLOCK in ifioctl_get().
In particular, this allows SIOCGIF* requests to run in parallel.

lots of help & ok mpi, ok visa, sashan

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Grab the socket lock in soo_ioctl() where `so_state', `so_rcv'
and `so_snd' are modified.

ok bluhm@, visa@

Extend the scope of the socket lock in soo_stat() to protect `so_state'
and `so_rcv'.

ok bluhm@, claudio@, visa@

Do not grab the NET_LOCK() when poll(2)ing on unix domain sockets.

Fix the 'X freeze' while scanning with wireless interfaces. Problem
reported by pirofti@.

ok tb@, bluhm@

Wrap the NET_LOCK() into a per-socket solock() that does nothing for
unix domain sockets.

This should prevent the multiple deadlock related to unix domain sockets.

Inputs from millert@ and bluhm@, ok bluhm@

Remove the inifioctl hack, checking for an unheld NET_LOCK() in
tsleep(9) & friends seem to only produce false positives and cannot
be easily disabled.

Introduce a hack to remove false-positives when looking for memory
allocation that can sleep while holding the NET_LOCK().

To be removed once we're confident the remaining code paths are safe.

Discussed with deraadt@

Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.

This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.

Inputs from and ok bluhm@, ok dlg@

Enforce that ifioctl() is called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@

Kill rtioctl() stub, returning EOPNOTSUPP since tree import.

ok jsg@

Enforce that pr_usrreq functions are called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@, claudio@

Separate splsoftnet() from variable initialization.
From mpi@'s netlock diff; OK mikeb@

remove stale lint annotations

test mbuf pointers against NULL not 0
ok krw@ miod@

bzero -> memset. for the speeds.

Eliminates struct pcred by moving the real and saved ugids into
struct ucred; struct process then directly links to the ucred

Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.

ok matthew@

poll(2) on a socket should set POLLHUP on EOF. This makes the
behavior of socketpair(2) match that of pipe(2) when the other end
is closed. OK guenther@

remove some obsolete casts

Changing the socket buffer flags sb_flags was not interrupt safe
as |= and &= are non-atomic operations. To avoid additional locks,
put the flags that have to be accessed from interrupt into a separate
sb_flagsintr 32 bit integer field. sb_flagsintr is protected by
splsoftnet.
Input from miod@ deraadt@; OK deraadt@

fix PR 6082: do not create more fd's than will fit in the message on
the receiving side when passing fd's. ok deraadt@ kettenis@

A closed, disconnected, or otherwise failed socket is still a socket
and should return stat information instead of EINVAL from deep in the
guts of tcp_usrreq. While there, put some more information into struct
stat, inspired by FreeBSD. EINVAL problem reported in PR 5943

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

exclude control data from the number of bytes returned by FIONREAD ioctl()
by adding a sb_datacc count to sockbuf that counts data excluding
MT_CONTROL and MT_SONAME mbuf types. w/help from deraadt@.
okay deraadt@ claudio@

ansi/deregister. No binary change.

Replace select backends with poll backends. selscan() and pollscan()
now call the poll backend. With this change we implement greater
poll(2) functionality instead of emulating it via the select backend.
Adapted from NetBSD and including some changes from FreeBSD.
Tested by many, deraadt@ OK

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Add a fo_stat member to struct fileops. Used soon.
Also add a stat function for kqueue from FreeBSD.

More generic arguments to soo_stat.

port kqueue changes from freebsd, plus all required openbsd glue.
okay deraadt@, millert@
from jlemon@freebsd.org:
extend kqueue down to the device layer, backwards compatible approach
suggested by peter@freebsd.org

Change struct file interface methods read and write to pass file offset in
and out.

Make pread/pwrite in netbsd & linux thread safe - which is the whole point
anyway.

branches: 1.3.12;
for non-tty TIOCSPGRP/F_SETOWN/FIOSETOWN pgid setting calls, store uid
and euid as well, then deliver them using new csignal() interface
which ensures that pgid setting process is permitted to signal the
pgid process(es). Thanks to newsham@aloha.net for extensive help and
discussion.

OpenBSD tags

branches: 1.1.1;
Initial revision

return directly to drop needless error variable; OK mvs

Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of
receive buffer. As it was done for SS_CANTSENDMORE bit, the definition
kept as is, but now these bits belongs to the `sb_state' of receive
buffer. `sb_state' ored with `so_state' when socket data exporting to the
userland.

ok bluhm@

Introduce per-sockbuf `sb_state' to use it with SS_CANTSENDMORE.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state.

Opposing the previous reverted diff, the SS_CANTSENDMORE definition left
as is, but it used only with `sb_state'. `sb_state' ored with original
`so_state' when socket's data exported to the userland, so the ABI kept as
it was.

Inputs from deraadt@.

ok bluhm@

Revert sb_state changes to unbreak tree.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state. Introduce `sb_state' and
turn SS_CANTSENDMORE to SBS_CANTSENDMORE. This bit will be processed on
`so_snd' buffer only.

Move SS_CANTRCVMORE and SS_RCVATMARK bits with separate diff to make
review easier and exclude possible so_rcv/so_snd mistypes.

Also, don't adjust the remaining SS_* bits right now.

ok millert@

Push kernel lock into pru_control() aka. in6_control() / in_control()

so->so_state is already read without kernel lock inside soo_ioctl()
which calls pru_control() aka in6_control() and in_control().

OK mvs

Push kernel lock down into ifioctl()

This is a mechanical diff without semantical changes, locking ioctls
individually inside ifioctl() rather than all of them around it.

This allows us to unlock ioctls one by one.

OK mpi

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

remove unneeded includes in sys/kern
ok mpi@ miod@

Introduce the pru_*() wrappers for corresponding (*pr_usrreq)() calls.

This is helpful for the following (*pr_usrreq)() split to multiple
handlers. But right now this makes code more readable.

Also add '#ifndef _SYS_SOCKETVAR_H_' to sys/socketvar.h. This prevents the
collisions when both sys/protosw.h and sys/socketvar.h are included
together. Both 'socket' and 'protosw' structures are required to be
defined before pru_*() wrappers, so we need to include sys/socketvar.h to
sys/protosw.h.

ok bluhm@

Remove unused struct fileops field fo_poll and callbacks.

OK mpi@

Simplify solock() and sounlock(). There is no reason to return a value
for the lock operation and to pass a value to the unlock operation.
sofree() still needs an extra flag to know if sounlock() should be called
or not. But sofree() is called less often and mostly without keeping the lock.
OK mpi@ mvs@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

use NULL not 0 for pointer values in kern
ok semarie@

Kill SS_ASYNC and only check SB_ASYNC when async signals are wanted.

This socket flag was redundant with the socket buffer one.

ok mvs@

In preparation for unlocking ioctl(2), grab the kernel lock as needed.

ok kettenis@ mpi@ visa@

Unify handling of ioctls FIOSETOWN/SIOCSPGRP/TIOCSPGRP and
FIOGETOWN/SIOCGPGRP/TIOCGPGRP. Do this by determining the meaning of
the ID parameter inside the sigio code. Also add cases for FIOSETOWN
and FIOGETOWN where there have been TIOCSPGRP and TIOCGPGRP before.
These changes allow removing the ID translation from sys_fcntl() and
sys_ioctl().

Idea from NetBSD

OK mpi@, claudio@

Constify instances of struct fileops.

OK anton@, mpi@, bluhm@

Utilize sigio with sockets.

OK mpi@

Reorder checks in the read/write(2) family of syscalls to prepare making
file operations mp-safe.

This change makes it clear that `f_offset' is only accessed in vn_read()
and vn_write(), which will help taking it out of the KERNEL_LOCK().

This refactoring uncovered a race in vn_read() which is now documented
and will be addressed in a later diff.

ok visa@

Use FNONBLOCK instead of SS_NBIO to check/indicate that the I/O mode
for sockets is non-blocking.

This allows us to G/C SS_NBIO. Having to keep the two flags in sync
in a mp-safe way is complicated.

This change introduce a behavior change in sosplice(), it can now
always block. However this should not matter much due to the socket
lock being taken beforhand.

ok bluhm@, benno@, visa@

Move socket & pipe specific logic in their ioctl handler.

ok visa@, tb@

Pass the socket to sounlock(), this prepare the terrain for per-socket
locking.

ok visa@, bluhm@

Remove solock() surrounding PRU_CONTROL in soo_ioctl().

We do not need the lock there.
Missed this in my former commit pushing NET_LOCK() down the stack.

Found the hard way by naddy@, sorry!

OK mpi@.

Convert 'struct fileops' definitions to C99.

ok millert@, deraadt@, florian@

Move SB_SPLICE, SB_WAIT and SB_SEL to `sb_flags', serialized by solock().

SB_KNOTE remains the only bit set on `sb_flagsintr' as it is set/unset in
contexts related to kqueue(2) where we'd like to avoid grabbing solock().

While here add some KERNEL_LOCK()/UNLOCK() dances around selwakeup() and
csignal() to mark which remaining functions need to be addressed in the
socket layer.

ok visa@, bluhm@

Push the NET_LOCK into ifioctl() and use the NET_RLOCK in ifioctl_get().
In particular, this allows SIOCGIF* requests to run in parallel.

lots of help & ok mpi, ok visa, sashan

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Grab the socket lock in soo_ioctl() where `so_state', `so_rcv'
and `so_snd' are modified.

ok bluhm@, visa@

Extend the scope of the socket lock in soo_stat() to protect `so_state'
and `so_rcv'.

ok bluhm@, claudio@, visa@

Do not grab the NET_LOCK() when poll(2)ing on unix domain sockets.

Fix the 'X freeze' while scanning with wireless interfaces. Problem
reported by pirofti@.

ok tb@, bluhm@

Wrap the NET_LOCK() into a per-socket solock() that does nothing for
unix domain sockets.

This should prevent the multiple deadlock related to unix domain sockets.

Inputs from millert@ and bluhm@, ok bluhm@

Remove the inifioctl hack, checking for an unheld NET_LOCK() in
tsleep(9) & friends seem to only produce false positives and cannot
be easily disabled.

Introduce a hack to remove false-positives when looking for memory
allocation that can sleep while holding the NET_LOCK().

To be removed once we're confident the remaining code paths are safe.

Discussed with deraadt@

Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.

This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.

Inputs from and ok bluhm@, ok dlg@

Enforce that ifioctl() is called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@

Kill rtioctl() stub, returning EOPNOTSUPP since tree import.

ok jsg@

Enforce that pr_usrreq functions are called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@, claudio@

Separate splsoftnet() from variable initialization.
From mpi@'s netlock diff; OK mikeb@

remove stale lint annotations

test mbuf pointers against NULL not 0
ok krw@ miod@

bzero -> memset. for the speeds.

Eliminates struct pcred by moving the real and saved ugids into
struct ucred; struct process then directly links to the ucred

Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.

ok matthew@

poll(2) on a socket should set POLLHUP on EOF. This makes the
behavior of socketpair(2) match that of pipe(2) when the other end
is closed. OK guenther@

remove some obsolete casts

Changing the socket buffer flags sb_flags was not interrupt safe
as |= and &= are non-atomic operations. To avoid additional locks,
put the flags that have to be accessed from interrupt into a separate
sb_flagsintr 32 bit integer field. sb_flagsintr is protected by
splsoftnet.
Input from miod@ deraadt@; OK deraadt@

fix PR 6082: do not create more fd's than will fit in the message on
the receiving side when passing fd's. ok deraadt@ kettenis@

A closed, disconnected, or otherwise failed socket is still a socket
and should return stat information instead of EINVAL from deep in the
guts of tcp_usrreq. While there, put some more information into struct
stat, inspired by FreeBSD. EINVAL problem reported in PR 5943

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

exclude control data from the number of bytes returned by FIONREAD ioctl()
by adding a sb_datacc count to sockbuf that counts data excluding
MT_CONTROL and MT_SONAME mbuf types. w/help from deraadt@.
okay deraadt@ claudio@

ansi/deregister. No binary change.

Replace select backends with poll backends. selscan() and pollscan()
now call the poll backend. With this change we implement greater
poll(2) functionality instead of emulating it via the select backend.
Adapted from NetBSD and including some changes from FreeBSD.
Tested by many, deraadt@ OK

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Add a fo_stat member to struct fileops. Used soon.
Also add a stat function for kqueue from FreeBSD.

More generic arguments to soo_stat.

port kqueue changes from freebsd, plus all required openbsd glue.
okay deraadt@, millert@
from jlemon@freebsd.org:
extend kqueue down to the device layer, backwards compatible approach
suggested by peter@freebsd.org

Change struct file interface methods read and write to pass file offset in
and out.

Make pread/pwrite in netbsd & linux thread safe - which is the whole point
anyway.

branches: 1.3.12;
for non-tty TIOCSPGRP/F_SETOWN/FIOSETOWN pgid setting calls, store uid
and euid as well, then deliver them using new csignal() interface
which ensures that pgid setting process is permitted to signal the
pgid process(es). Thanks to newsham@aloha.net for extensive help and
discussion.

OpenBSD tags

branches: 1.1.1;
Initial revision

Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of
receive buffer. As it was done for SS_CANTSENDMORE bit, the definition
kept as is, but now these bits belongs to the `sb_state' of receive
buffer. `sb_state' ored with `so_state' when socket data exporting to the
userland.

ok bluhm@

Introduce per-sockbuf `sb_state' to use it with SS_CANTSENDMORE.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state.

Opposing the previous reverted diff, the SS_CANTSENDMORE definition left
as is, but it used only with `sb_state'. `sb_state' ored with original
`so_state' when socket's data exported to the userland, so the ABI kept as
it was.

Inputs from deraadt@.

ok bluhm@

Revert sb_state changes to unbreak tree.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state. Introduce `sb_state' and
turn SS_CANTSENDMORE to SBS_CANTSENDMORE. This bit will be processed on
`so_snd' buffer only.

Move SS_CANTRCVMORE and SS_RCVATMARK bits with separate diff to make
review easier and exclude possible so_rcv/so_snd mistypes.

Also, don't adjust the remaining SS_* bits right now.

ok millert@

Push kernel lock into pru_control() aka. in6_control() / in_control()

so->so_state is already read without kernel lock inside soo_ioctl()
which calls pru_control() aka in6_control() and in_control().

OK mvs

Push kernel lock down into ifioctl()

This is a mechanical diff without semantical changes, locking ioctls
individually inside ifioctl() rather than all of them around it.

This allows us to unlock ioctls one by one.

OK mpi

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

remove unneeded includes in sys/kern
ok mpi@ miod@

Introduce the pru_*() wrappers for corresponding (*pr_usrreq)() calls.

This is helpful for the following (*pr_usrreq)() split to multiple
handlers. But right now this makes code more readable.

Also add '#ifndef _SYS_SOCKETVAR_H_' to sys/socketvar.h. This prevents the
collisions when both sys/protosw.h and sys/socketvar.h are included
together. Both 'socket' and 'protosw' structures are required to be
defined before pru_*() wrappers, so we need to include sys/socketvar.h to
sys/protosw.h.

ok bluhm@

Remove unused struct fileops field fo_poll and callbacks.

OK mpi@

Simplify solock() and sounlock(). There is no reason to return a value
for the lock operation and to pass a value to the unlock operation.
sofree() still needs an extra flag to know if sounlock() should be called
or not. But sofree() is called less often and mostly without keeping the lock.
OK mpi@ mvs@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

use NULL not 0 for pointer values in kern
ok semarie@

Kill SS_ASYNC and only check SB_ASYNC when async signals are wanted.

This socket flag was redundant with the socket buffer one.

ok mvs@

In preparation for unlocking ioctl(2), grab the kernel lock as needed.

ok kettenis@ mpi@ visa@

Unify handling of ioctls FIOSETOWN/SIOCSPGRP/TIOCSPGRP and
FIOGETOWN/SIOCGPGRP/TIOCGPGRP. Do this by determining the meaning of
the ID parameter inside the sigio code. Also add cases for FIOSETOWN
and FIOGETOWN where there have been TIOCSPGRP and TIOCGPGRP before.
These changes allow removing the ID translation from sys_fcntl() and
sys_ioctl().

Idea from NetBSD

OK mpi@, claudio@

Constify instances of struct fileops.

OK anton@, mpi@, bluhm@

Utilize sigio with sockets.

OK mpi@

Reorder checks in the read/write(2) family of syscalls to prepare making
file operations mp-safe.

This change makes it clear that `f_offset' is only accessed in vn_read()
and vn_write(), which will help taking it out of the KERNEL_LOCK().

This refactoring uncovered a race in vn_read() which is now documented
and will be addressed in a later diff.

ok visa@

Use FNONBLOCK instead of SS_NBIO to check/indicate that the I/O mode
for sockets is non-blocking.

This allows us to G/C SS_NBIO. Having to keep the two flags in sync
in a mp-safe way is complicated.

This change introduce a behavior change in sosplice(), it can now
always block. However this should not matter much due to the socket
lock being taken beforhand.

ok bluhm@, benno@, visa@

Move socket & pipe specific logic in their ioctl handler.

ok visa@, tb@

Pass the socket to sounlock(), this prepare the terrain for per-socket
locking.

ok visa@, bluhm@

Remove solock() surrounding PRU_CONTROL in soo_ioctl().

We do not need the lock there.
Missed this in my former commit pushing NET_LOCK() down the stack.

Found the hard way by naddy@, sorry!

OK mpi@.

Convert 'struct fileops' definitions to C99.

ok millert@, deraadt@, florian@

Move SB_SPLICE, SB_WAIT and SB_SEL to `sb_flags', serialized by solock().

SB_KNOTE remains the only bit set on `sb_flagsintr' as it is set/unset in
contexts related to kqueue(2) where we'd like to avoid grabbing solock().

While here add some KERNEL_LOCK()/UNLOCK() dances around selwakeup() and
csignal() to mark which remaining functions need to be addressed in the
socket layer.

ok visa@, bluhm@

Push the NET_LOCK into ifioctl() and use the NET_RLOCK in ifioctl_get().
In particular, this allows SIOCGIF* requests to run in parallel.

lots of help & ok mpi, ok visa, sashan

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Grab the socket lock in soo_ioctl() where `so_state', `so_rcv'
and `so_snd' are modified.

ok bluhm@, visa@

Extend the scope of the socket lock in soo_stat() to protect `so_state'
and `so_rcv'.

ok bluhm@, claudio@, visa@

Do not grab the NET_LOCK() when poll(2)ing on unix domain sockets.

Fix the 'X freeze' while scanning with wireless interfaces. Problem
reported by pirofti@.

ok tb@, bluhm@

Wrap the NET_LOCK() into a per-socket solock() that does nothing for
unix domain sockets.

This should prevent the multiple deadlock related to unix domain sockets.

Inputs from millert@ and bluhm@, ok bluhm@

Remove the inifioctl hack, checking for an unheld NET_LOCK() in
tsleep(9) & friends seem to only produce false positives and cannot
be easily disabled.

Introduce a hack to remove false-positives when looking for memory
allocation that can sleep while holding the NET_LOCK().

To be removed once we're confident the remaining code paths are safe.

Discussed with deraadt@

Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.

This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.

Inputs from and ok bluhm@, ok dlg@

Enforce that ifioctl() is called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@

Kill rtioctl() stub, returning EOPNOTSUPP since tree import.

ok jsg@

Enforce that pr_usrreq functions are called at IPL_SOFTNET.

This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.

ok bluhm@, claudio@

Separate splsoftnet() from variable initialization.
From mpi@'s netlock diff; OK mikeb@

remove stale lint annotations

test mbuf pointers against NULL not 0
ok krw@ miod@

bzero -> memset. for the speeds.

Eliminates struct pcred by moving the real and saved ugids into
struct ucred; struct process then directly links to the ucred

Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.

ok matthew@

poll(2) on a socket should set POLLHUP on EOF. This makes the
behavior of socketpair(2) match that of pipe(2) when the other end
is closed. OK guenther@

remove some obsolete casts

Changing the socket buffer flags sb_flags was not interrupt safe
as |= and &= are non-atomic operations. To avoid additional locks,
put the flags that have to be accessed from interrupt into a separate
sb_flagsintr 32 bit integer field. sb_flagsintr is protected by
splsoftnet.
Input from miod@ deraadt@; OK deraadt@

fix PR 6082: do not create more fd's than will fit in the message on
the receiving side when passing fd's. ok deraadt@ kettenis@

A closed, disconnected, or otherwise failed socket is still a socket
and should return stat information instead of EINVAL from deep in the
guts of tcp_usrreq. While there, put some more information into struct
stat, inspired by FreeBSD. EINVAL problem reported in PR 5943

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

exclude control data from the number of bytes returned by FIONREAD ioctl()
by adding a sb_datacc count to sockbuf that counts data excluding
MT_CONTROL and MT_SONAME mbuf types. w/help from deraadt@.
okay deraadt@ claudio@

ansi/deregister. No binary change.

Replace select backends with poll backends. selscan() and pollscan()
now call the poll backend. With this change we implement greater
poll(2) functionality instead of emulating it via the select backend.
Adapted from NetBSD and including some changes from FreeBSD.
Tested by many, deraadt@ OK

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Add a fo_stat member to struct fileops. Used soon.
Also add a stat function for kqueue from FreeBSD.

More generic arguments to soo_stat.

port kqueue changes from freebsd, plus all required openbsd glue.
okay deraadt@, millert@
from jlemon@freebsd.org:
extend kqueue down to the device layer, backwards compatible approach
suggested by peter@freebsd.org

Change struct file interface methods read and write to pass file offset in
and out.

Make pread/pwrite in netbsd & linux thread safe - which is the whole point
anyway.

branches: 1.3.12;
for non-tty TIOCSPGRP/F_SETOWN/FIOSETOWN pgid setting calls, store uid
and euid as well, then deliver them using new csignal() interface
which ensures that pgid setting process is permitted to signal the
pgid process(es). Thanks to newsham@aloha.net for extensive help and
discussion.

OpenBSD tags

branches: 1.1.1;
Initial revision

Revert sb_state changes to unbreak tree.

This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state. Introduce `sb_state' and
turn SS_CANTSENDMORE to SBS_CANTSENDMORE. This bit will be processed on
`so_snd' buffer only.

Move SS_CANTRCVMORE and SS_RCVATMARK bits with separate diff to make
review easier and exclude possible so_rcv/so_snd mistypes.

Also, don't adjust the remaining SS_* bits right now.

ok millert@

Push kernel lock into pru_control() aka. in6_control() / in_control()

so->so_state is already read without kernel lock inside soo_ioctl()
which calls pru_control() aka in6_control() and in_control().

OK mvs

Push kernel lock down into ifioctl()

This is a mechanical diff without semantical changes, locking ioctls
individually inside ifioctl() rather than all of them around it.

This allows us to unlock ioctls one by one.

OK mpi