sys/kern/kern_event.c

59290Sjlemon/*-
72969Sjlemon * Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon@FreeBSD.org>
133741Sjmg * Copyright 2004 John-Mark Gurney <jmg@FreeBSD.org>
197240Ssson * Copyright (c) 2009 Apple, Inc.
59290Sjlemon * All rights reserved.
59290Sjlemon *
59290Sjlemon * Redistribution and use in source and binary forms, with or without
59290Sjlemon * modification, are permitted provided that the following conditions
59290Sjlemon * are met:
59290Sjlemon * 1. Redistributions of source code must retain the above copyright
59290Sjlemon *    notice, this list of conditions and the following disclaimer.
59290Sjlemon * 2. Redistributions in binary form must reproduce the above copyright
59290Sjlemon *    notice, this list of conditions and the following disclaimer in the
59290Sjlemon *    documentation and/or other materials provided with the distribution.
59290Sjlemon *
59290Sjlemon * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
59290Sjlemon * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
59290Sjlemon * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
59290Sjlemon * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
59290Sjlemon * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59290Sjlemon * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59290Sjlemon * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
59290Sjlemon * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
59290Sjlemon * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59290Sjlemon * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59290Sjlemon * SUCH DAMAGE.
59290Sjlemon */
59290Sjlemon
116182Sobrien#include <sys/cdefs.h>
116182Sobrien__FBSDID("$FreeBSD: head/sys/kern/kern_event.c 197243 2009-09-16 03:49:54Z sson $");
116182Sobrien
162592Sjmg#include "opt_ktrace.h"
162592Sjmg
59290Sjlemon#include <sys/param.h>
59290Sjlemon#include <sys/systm.h>
59290Sjlemon#include <sys/kernel.h>
76166Smarkm#include <sys/lock.h>
76166Smarkm#include <sys/mutex.h>
59290Sjlemon#include <sys/proc.h>
132138Salfred#include <sys/malloc.h>
59290Sjlemon#include <sys/unistd.h>
59290Sjlemon#include <sys/file.h>
108524Salfred#include <sys/filedesc.h>
132138Salfred#include <sys/filio.h>
59290Sjlemon#include <sys/fcntl.h>
133741Sjmg#include <sys/kthread.h>
70834Swollman#include <sys/selinfo.h>
59290Sjlemon#include <sys/queue.h>
59290Sjlemon#include <sys/event.h>
59290Sjlemon#include <sys/eventvar.h>
59290Sjlemon#include <sys/poll.h>
59290Sjlemon#include <sys/protosw.h>
132138Salfred#include <sys/sigio.h>
132138Salfred#include <sys/signalvar.h>
59290Sjlemon#include <sys/socket.h>
59290Sjlemon#include <sys/socketvar.h>
59290Sjlemon#include <sys/stat.h>
84138Sjlemon#include <sys/sysctl.h>
59290Sjlemon#include <sys/sysproto.h>
142934Sps#include <sys/syscallsubr.h>
133741Sjmg#include <sys/taskqueue.h>
59290Sjlemon#include <sys/uio.h>
162592Sjmg#ifdef KTRACE
162592Sjmg#include <sys/ktrace.h>
162592Sjmg#endif
59290Sjlemon
92751Sjeff#include <vm/uma.h>
59290Sjlemon
141616Sphkstatic MALLOC_DEFINE(M_KQUEUE, "kqueue", "memory for kqueue system");
141616Sphk
133741Sjmg/*
133741Sjmg * This lock is used if multiple kq locks are required.  This possibly
133741Sjmg * should be made into a per proc lock.
133741Sjmg */
133741Sjmgstatic struct mtx	kq_global;
133741SjmgMTX_SYSINIT(kq_global, &kq_global, "kqueue order", MTX_DEF);
133741Sjmg#define KQ_GLOBAL_LOCK(lck, haslck)	do {	\
133741Sjmg	if (!haslck)				\
133741Sjmg		mtx_lock(lck);			\
133741Sjmg	haslck = 1;				\
133741Sjmg} while (0)
133741Sjmg#define KQ_GLOBAL_UNLOCK(lck, haslck)	do {	\
133741Sjmg	if (haslck)				\
133741Sjmg		mtx_unlock(lck);			\
133741Sjmg	haslck = 0;				\
133741Sjmg} while (0)
84138Sjlemon
133741SjmgTASKQUEUE_DEFINE_THREAD(kqueue);
133741Sjmg
146950Spsstatic int	kevent_copyout(void *arg, struct kevent *kevp, int count);
146950Spsstatic int	kevent_copyin(void *arg, struct kevent *kevp, int count);
162594Sjmgstatic int	kqueue_register(struct kqueue *kq, struct kevent *kev,
162594Sjmg		    struct thread *td, int waitok);
170029Srwatsonstatic int	kqueue_acquire(struct file *fp, struct kqueue **kqp);
133741Sjmgstatic void	kqueue_release(struct kqueue *kq, int locked);
133741Sjmgstatic int	kqueue_expand(struct kqueue *kq, struct filterops *fops,
133741Sjmg		    uintptr_t ident, int waitok);
133741Sjmgstatic void	kqueue_task(void *arg, int pending);
133741Sjmgstatic int	kqueue_scan(struct kqueue *kq, int maxevents,
146950Sps		    struct kevent_copyops *k_ops,
146950Sps		    const struct timespec *timeout,
146950Sps		    struct kevent *keva, struct thread *td);
59290Sjlemonstatic void 	kqueue_wakeup(struct kqueue *kq);
133741Sjmgstatic struct filterops *kqueue_fo_find(int filt);
133741Sjmgstatic void	kqueue_fo_release(int filt);
59290Sjlemon
108255Sphkstatic fo_rdwr_t	kqueue_read;
108255Sphkstatic fo_rdwr_t	kqueue_write;
175140Sjhbstatic fo_truncate_t	kqueue_truncate;
108255Sphkstatic fo_ioctl_t	kqueue_ioctl;
108255Sphkstatic fo_poll_t	kqueue_poll;
108255Sphkstatic fo_kqfilter_t	kqueue_kqfilter;
108255Sphkstatic fo_stat_t	kqueue_stat;
108255Sphkstatic fo_close_t	kqueue_close;
108238Sphk
72521Sjlemonstatic struct fileops kqueueops = {
116546Sphk	.fo_read = kqueue_read,
116546Sphk	.fo_write = kqueue_write,
175140Sjhb	.fo_truncate = kqueue_truncate,
116546Sphk	.fo_ioctl = kqueue_ioctl,
116546Sphk	.fo_poll = kqueue_poll,
116546Sphk	.fo_kqfilter = kqueue_kqfilter,
116546Sphk	.fo_stat = kqueue_stat,
116546Sphk	.fo_close = kqueue_close,
72521Sjlemon};
72521Sjlemon
133741Sjmgstatic int 	knote_attach(struct knote *kn, struct kqueue *kq);
83366Sjulianstatic void 	knote_drop(struct knote *kn, struct thread *td);
59290Sjlemonstatic void 	knote_enqueue(struct knote *kn);
59290Sjlemonstatic void 	knote_dequeue(struct knote *kn);
59290Sjlemonstatic void 	knote_init(void);
133741Sjmgstatic struct 	knote *knote_alloc(int waitok);
59290Sjlemonstatic void 	knote_free(struct knote *kn);
59290Sjlemon
72521Sjlemonstatic void	filt_kqdetach(struct knote *kn);
72521Sjlemonstatic int	filt_kqueue(struct knote *kn, long hint);
72521Sjlemonstatic int	filt_procattach(struct knote *kn);
72521Sjlemonstatic void	filt_procdetach(struct knote *kn);
72521Sjlemonstatic int	filt_proc(struct knote *kn, long hint);
72521Sjlemonstatic int	filt_fileattach(struct knote *kn);
79989Sjlemonstatic void	filt_timerexpire(void *knx);
79989Sjlemonstatic int	filt_timerattach(struct knote *kn);
79989Sjlemonstatic void	filt_timerdetach(struct knote *kn);
79989Sjlemonstatic int	filt_timer(struct knote *kn, long hint);
197241Sssonstatic int	filt_userattach(struct knote *kn);
197241Sssonstatic void	filt_userdetach(struct knote *kn);
197241Sssonstatic int	filt_user(struct knote *kn, long hint);
197241Sssonstatic void	filt_usertouch(struct knote *kn, struct kevent *kev, long type);
72521Sjlemon
197134Srwatsonstatic struct filterops file_filtops = {
197134Srwatson	.f_isfd = 1,
197134Srwatson	.f_attach = filt_fileattach,
197134Srwatson};
197134Srwatsonstatic struct filterops kqread_filtops = {
197134Srwatson	.f_isfd = 1,
197134Srwatson	.f_detach = filt_kqdetach,
197134Srwatson	.f_event = filt_kqueue,
197134Srwatson};
133741Sjmg/* XXX - move to kern_proc.c?  */
197134Srwatsonstatic struct filterops proc_filtops = {
197134Srwatson	.f_isfd = 0,
197134Srwatson	.f_attach = filt_procattach,
197134Srwatson	.f_detach = filt_procdetach,
197134Srwatson	.f_event = filt_proc,
197134Srwatson};
197134Srwatsonstatic struct filterops timer_filtops = {
197134Srwatson	.f_isfd = 0,
197134Srwatson	.f_attach = filt_timerattach,
197134Srwatson	.f_detach = filt_timerdetach,
197134Srwatson	.f_event = filt_timer,
197134Srwatson};
197241Sssonstatic struct filterops user_filtops = {
197241Ssson	.f_attach = filt_userattach,
197241Ssson	.f_detach = filt_userdetach,
197241Ssson	.f_event = filt_user,
197241Ssson	.f_touch = filt_usertouch,
197241Ssson};
72521Sjlemon
92751Sjeffstatic uma_zone_t	knote_zone;
84138Sjlemonstatic int 		kq_ncallouts = 0;
84138Sjlemonstatic int 		kq_calloutmax = (4 * 1024);
84138SjlemonSYSCTL_INT(_kern, OID_AUTO, kq_calloutmax, CTLFLAG_RW,
84138Sjlemon    &kq_calloutmax, 0, "Maximum number of callouts allocated for kqueue");
59290Sjlemon
133741Sjmg/* XXX - ensure not KN_INFLUX?? */
133741Sjmg#define KNOTE_ACTIVATE(kn, islock) do { 				\
133741Sjmg	if ((islock))							\
133741Sjmg		mtx_assert(&(kn)->kn_kq->kq_lock, MA_OWNED);		\
133741Sjmg	else								\
133741Sjmg		KQ_LOCK((kn)->kn_kq);					\
133741Sjmg	(kn)->kn_status |= KN_ACTIVE;					\
133741Sjmg	if (((kn)->kn_status & (KN_QUEUED | KN_DISABLED)) == 0)		\
133741Sjmg		knote_enqueue((kn));					\
133741Sjmg	if (!(islock))							\
133741Sjmg		KQ_UNLOCK((kn)->kn_kq);					\
59290Sjlemon} while(0)
133741Sjmg#define KQ_LOCK(kq) do {						\
133741Sjmg	mtx_lock(&(kq)->kq_lock);					\
133741Sjmg} while (0)
133741Sjmg#define KQ_FLUX_WAKEUP(kq) do {						\
133741Sjmg	if (((kq)->kq_state & KQ_FLUXWAIT) == KQ_FLUXWAIT) {		\
133741Sjmg		(kq)->kq_state &= ~KQ_FLUXWAIT;				\
133741Sjmg		wakeup((kq));						\
133741Sjmg	}								\
133741Sjmg} while (0)
133741Sjmg#define KQ_UNLOCK_FLUX(kq) do {						\
133741Sjmg	KQ_FLUX_WAKEUP(kq);						\
133741Sjmg	mtx_unlock(&(kq)->kq_lock);					\
133741Sjmg} while (0)
133741Sjmg#define KQ_UNLOCK(kq) do {						\
133741Sjmg	mtx_unlock(&(kq)->kq_lock);					\
133741Sjmg} while (0)
133741Sjmg#define KQ_OWNED(kq) do {						\
133741Sjmg	mtx_assert(&(kq)->kq_lock, MA_OWNED);				\
133741Sjmg} while (0)
133741Sjmg#define KQ_NOTOWNED(kq) do {						\
133741Sjmg	mtx_assert(&(kq)->kq_lock, MA_NOTOWNED);			\
133741Sjmg} while (0)
133741Sjmg#define KN_LIST_LOCK(kn) do {						\
133741Sjmg	if (kn->kn_knlist != NULL)					\
147730Sssouhlal		kn->kn_knlist->kl_lock(kn->kn_knlist->kl_lockarg);	\
133741Sjmg} while (0)
133741Sjmg#define KN_LIST_UNLOCK(kn) do {						\
147730Sssouhlal	if (kn->kn_knlist != NULL) 					\
147730Sssouhlal		kn->kn_knlist->kl_unlock(kn->kn_knlist->kl_lockarg);	\
133741Sjmg} while (0)
147730Sssouhlal#define	KNL_ASSERT_LOCK(knl, islocked) do {				\
147730Sssouhlal	if (islocked)							\
147730Sssouhlal		KNL_ASSERT_LOCKED(knl);				\
147730Sssouhlal	else								\
147730Sssouhlal		KNL_ASSERT_UNLOCKED(knl);				\
147730Sssouhlal} while (0)
147730Sssouhlal#ifdef INVARIANTS
147730Sssouhlal#define	KNL_ASSERT_LOCKED(knl) do {					\
193951Skib	knl->kl_assert_locked((knl)->kl_lockarg);			\
147730Sssouhlal} while (0)
193951Skib#define	KNL_ASSERT_UNLOCKED(knl) do {					\
193951Skib	knl->kl_assert_unlocked((knl)->kl_lockarg);			\
147730Sssouhlal} while (0)
147730Sssouhlal#else /* !INVARIANTS */
147730Sssouhlal#define	KNL_ASSERT_LOCKED(knl) do {} while(0)
147730Sssouhlal#define	KNL_ASSERT_UNLOCKED(knl) do {} while (0)
147730Sssouhlal#endif /* INVARIANTS */
59290Sjlemon
59290Sjlemon#define	KN_HASHSIZE		64		/* XXX should be tunable */
59290Sjlemon#define KN_HASH(val, mask)	(((val) ^ (val >> 8)) & (mask))
59290Sjlemon
88633Salfredstatic int
88633Salfredfilt_nullattach(struct knote *kn)
88633Salfred{
88633Salfred
88633Salfred	return (ENXIO);
88633Salfred};
88633Salfred
197134Srwatsonstruct filterops null_filtops = {
197134Srwatson	.f_isfd = 0,
197134Srwatson	.f_attach = filt_nullattach,
197134Srwatson};
88633Salfred
133741Sjmg/* XXX - make SYSINIT to add these, and move into respective modules. */
59290Sjlemonextern struct filterops sig_filtops;
131562Salfredextern struct filterops fs_filtops;
59290Sjlemon
59290Sjlemon/*
72521Sjlemon * Table for for all system-defined filters.
59290Sjlemon */
133741Sjmgstatic struct mtx	filterops_lock;
133741SjmgMTX_SYSINIT(kqueue_filterops, &filterops_lock, "protect sysfilt_ops",
133741Sjmg	MTX_DEF);
133741Sjmgstatic struct {
133741Sjmg	struct filterops *for_fop;
133741Sjmg	int for_refcnt;
133741Sjmg} sysfilt_ops[EVFILT_SYSCOUNT] = {
133741Sjmg	{ &file_filtops },			/* EVFILT_READ */
133741Sjmg	{ &file_filtops },			/* EVFILT_WRITE */
133741Sjmg	{ &null_filtops },			/* EVFILT_AIO */
133741Sjmg	{ &file_filtops },			/* EVFILT_VNODE */
133741Sjmg	{ &proc_filtops },			/* EVFILT_PROC */
133741Sjmg	{ &sig_filtops },			/* EVFILT_SIGNAL */
133741Sjmg	{ &timer_filtops },			/* EVFILT_TIMER */
133741Sjmg	{ &file_filtops },			/* EVFILT_NETDEV */
133741Sjmg	{ &fs_filtops },			/* EVFILT_FS */
151260Sambrisko	{ &null_filtops },			/* EVFILT_LIO */
197241Ssson	{ &user_filtops },			/* EVFILT_USER */
59290Sjlemon};
59290Sjlemon
133741Sjmg/*
133741Sjmg * Simple redirection for all cdevsw style objects to call their fo_kqfilter
133741Sjmg * method.
133741Sjmg */
59290Sjlemonstatic int
72521Sjlemonfilt_fileattach(struct knote *kn)
59290Sjlemon{
133635Sjmg
72521Sjlemon	return (fo_kqfilter(kn->kn_fp, kn));
59290Sjlemon}
59290Sjlemon
72521Sjlemon/*ARGSUSED*/
59290Sjlemonstatic int
72521Sjlemonkqueue_kqfilter(struct file *fp, struct knote *kn)
59290Sjlemon{
109153Sdillon	struct kqueue *kq = kn->kn_fp->f_data;
59290Sjlemon
72521Sjlemon	if (kn->kn_filter != EVFILT_READ)
133741Sjmg		return (EINVAL);
59290Sjlemon
133741Sjmg	kn->kn_status |= KN_KQUEUE;
72521Sjlemon	kn->kn_fop = &kqread_filtops;
133741Sjmg	knlist_add(&kq->kq_sel.si_note, kn, 0);
133741Sjmg
59290Sjlemon	return (0);
59290Sjlemon}
59290Sjlemon
59290Sjlemonstatic void
59290Sjlemonfilt_kqdetach(struct knote *kn)
59290Sjlemon{
109153Sdillon	struct kqueue *kq = kn->kn_fp->f_data;
59290Sjlemon
133741Sjmg	knlist_remove(&kq->kq_sel.si_note, kn, 0);
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*ARGSUSED*/
59290Sjlemonstatic int
59290Sjlemonfilt_kqueue(struct knote *kn, long hint)
59290Sjlemon{
109153Sdillon	struct kqueue *kq = kn->kn_fp->f_data;
59290Sjlemon
59290Sjlemon	kn->kn_data = kq->kq_count;
59290Sjlemon	return (kn->kn_data > 0);
59290Sjlemon}
59290Sjlemon
133741Sjmg/* XXX - move to kern_proc.c?  */
59290Sjlemonstatic int
59290Sjlemonfilt_procattach(struct knote *kn)
59290Sjlemon{
59290Sjlemon	struct proc *p;
113377Skbyanc	int immediate;
75451Srwatson	int error;
59290Sjlemon
113377Skbyanc	immediate = 0;
59290Sjlemon	p = pfind(kn->kn_id);
113377Skbyanc	if (p == NULL && (kn->kn_sfflags & NOTE_EXIT)) {
113377Skbyanc		p = zpfind(kn->kn_id);
113377Skbyanc		immediate = 1;
133741Sjmg	} else if (p != NULL && (p->p_flag & P_WEXIT)) {
133741Sjmg		immediate = 1;
113377Skbyanc	}
133741Sjmg
122019Scognet	if (p == NULL)
122019Scognet		return (ESRCH);
133741Sjmg	if ((error = p_cansee(curthread, p)))
75451Srwatson		return (error);
59290Sjlemon
59290Sjlemon	kn->kn_ptr.p_proc = p;
59290Sjlemon	kn->kn_flags |= EV_CLEAR;		/* automatically set */
59290Sjlemon
59290Sjlemon	/*
59290Sjlemon	 * internal flag indicating registration done by kernel
59290Sjlemon	 */
59290Sjlemon	if (kn->kn_flags & EV_FLAG1) {
59290Sjlemon		kn->kn_data = kn->kn_sdata;		/* ppid */
59290Sjlemon		kn->kn_fflags = NOTE_CHILD;
59290Sjlemon		kn->kn_flags &= ~EV_FLAG1;
59290Sjlemon	}
59290Sjlemon
122686Scognet	if (immediate == 0)
133741Sjmg		knlist_add(&p->p_klist, kn, 1);
113377Skbyanc
113377Skbyanc	/*
113377Skbyanc	 * Immediately activate any exit notes if the target process is a
113377Skbyanc	 * zombie.  This is necessary to handle the case where the target
113377Skbyanc	 * process, e.g. a child, dies before the kevent is registered.
113377Skbyanc	 */
113377Skbyanc	if (immediate && filt_proc(kn, NOTE_EXIT))
133741Sjmg		KNOTE_ACTIVATE(kn, 0);
113377Skbyanc
71500Sjhb	PROC_UNLOCK(p);
59290Sjlemon
59290Sjlemon	return (0);
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*
59290Sjlemon * The knote may be attached to a different process, which may exit,
59290Sjlemon * leaving nothing for the knote to be attached to.  So when the process
59290Sjlemon * exits, the knote is marked as DETACHED and also flagged as ONESHOT so
59290Sjlemon * it will be deleted when read out.  However, as part of the knote deletion,
59290Sjlemon * this routine is called, so a check is needed to avoid actually performing
59290Sjlemon * a detach, because the original process does not exist any more.
59290Sjlemon */
133741Sjmg/* XXX - move to kern_proc.c?  */
59290Sjlemonstatic void
59290Sjlemonfilt_procdetach(struct knote *kn)
59290Sjlemon{
133741Sjmg	struct proc *p;
59290Sjlemon
133741Sjmg	p = kn->kn_ptr.p_proc;
133741Sjmg	knlist_remove(&p->p_klist, kn, 0);
133741Sjmg	kn->kn_ptr.p_proc = NULL;
59290Sjlemon}
59290Sjlemon
133741Sjmg/* XXX - move to kern_proc.c?  */
59290Sjlemonstatic int
59290Sjlemonfilt_proc(struct knote *kn, long hint)
59290Sjlemon{
133741Sjmg	struct proc *p = kn->kn_ptr.p_proc;
59290Sjlemon	u_int event;
59290Sjlemon
59290Sjlemon	/*
59290Sjlemon	 * mask off extra data
59290Sjlemon	 */
59290Sjlemon	event = (u_int)hint & NOTE_PCTRLMASK;
59290Sjlemon
59290Sjlemon	/*
59290Sjlemon	 * if the user is interested in this event, record it.
59290Sjlemon	 */
59290Sjlemon	if (kn->kn_sfflags & event)
59290Sjlemon		kn->kn_fflags |= event;
59290Sjlemon
59290Sjlemon	/*
59290Sjlemon	 * process is gone, so flag the event as finished.
59290Sjlemon	 */
59290Sjlemon	if (event == NOTE_EXIT) {
133741Sjmg		if (!(kn->kn_status & KN_DETACHED))
133741Sjmg			knlist_remove_inevent(&p->p_klist, kn);
133590Srwatson		kn->kn_flags |= (EV_EOF | EV_ONESHOT);
164451Sjhb		kn->kn_data = p->p_xstat;
133741Sjmg		kn->kn_ptr.p_proc = NULL;
59290Sjlemon		return (1);
59290Sjlemon	}
59290Sjlemon
180340Skib	return (kn->kn_fflags != 0);
180340Skib}
59290Sjlemon
180340Skib/*
180340Skib * Called when the process forked. It mostly does the same as the
180340Skib * knote(), activating all knotes registered to be activated when the
180340Skib * process forked. Additionally, for each knote attached to the
180340Skib * parent, check whether user wants to track the new process. If so
180340Skib * attach a new knote to it, and immediately report an event with the
180340Skib * child's pid.
180340Skib */
180340Skibvoid
180340Skibknote_fork(struct knlist *list, int pid)
180340Skib{
180340Skib	struct kqueue *kq;
180340Skib	struct knote *kn;
180340Skib	struct kevent kev;
180340Skib	int error;
180340Skib
180340Skib	if (list == NULL)
180340Skib		return;
180340Skib	list->kl_lock(list->kl_lockarg);
180340Skib
180340Skib	SLIST_FOREACH(kn, &list->kl_list, kn_selnext) {
180340Skib		if ((kn->kn_status & KN_INFLUX) == KN_INFLUX)
180340Skib			continue;
180340Skib		kq = kn->kn_kq;
180340Skib		KQ_LOCK(kq);
180340Skib		if ((kn->kn_status & KN_INFLUX) == KN_INFLUX) {
180340Skib			KQ_UNLOCK(kq);
180340Skib			continue;
180340Skib		}
180340Skib
59290Sjlemon		/*
180340Skib		 * The same as knote(), activate the event.
59290Sjlemon		 */
180340Skib		if ((kn->kn_sfflags & NOTE_TRACK) == 0) {
180340Skib			kn->kn_status |= KN_HASKQLOCK;
180340Skib			if (kn->kn_fop->f_event(kn, NOTE_FORK | pid))
180340Skib				KNOTE_ACTIVATE(kn, 1);
180340Skib			kn->kn_status &= ~KN_HASKQLOCK;
180340Skib			KQ_UNLOCK(kq);
180340Skib			continue;
180340Skib		}
180340Skib
180340Skib		/*
180340Skib		 * The NOTE_TRACK case. In addition to the activation
180340Skib		 * of the event, we need to register new event to
180340Skib		 * track the child. Drop the locks in preparation for
180340Skib		 * the call to kqueue_register().
180340Skib		 */
180340Skib		kn->kn_status |= KN_INFLUX;
180340Skib		KQ_UNLOCK(kq);
180340Skib		list->kl_unlock(list->kl_lockarg);
180340Skib
180340Skib		/*
180340Skib		 * Activate existing knote and register a knote with
180340Skib		 * new process.
180340Skib		 */
180340Skib		kev.ident = pid;
59290Sjlemon		kev.filter = kn->kn_filter;
59290Sjlemon		kev.flags = kn->kn_flags | EV_ADD | EV_ENABLE | EV_FLAG1;
59290Sjlemon		kev.fflags = kn->kn_sfflags;
180340Skib		kev.data = kn->kn_id;		/* parent */
180340Skib		kev.udata = kn->kn_kevent.udata;/* preserve udata */
180340Skib		error = kqueue_register(kq, &kev, NULL, 0);
180340Skib		if (kn->kn_fop->f_event(kn, NOTE_FORK | pid))
180340Skib			KNOTE_ACTIVATE(kn, 0);
59290Sjlemon		if (error)
59290Sjlemon			kn->kn_fflags |= NOTE_TRACKERR;
180340Skib		KQ_LOCK(kq);
180340Skib		kn->kn_status &= ~KN_INFLUX;
180340Skib		KQ_UNLOCK_FLUX(kq);
180340Skib		list->kl_lock(list->kl_lockarg);
59290Sjlemon	}
180340Skib	list->kl_unlock(list->kl_lockarg);
59290Sjlemon}
59290Sjlemon
133741Sjmgstatic int
133741Sjmgtimertoticks(intptr_t data)
133741Sjmg{
133741Sjmg	struct timeval tv;
133741Sjmg	int tticks;
133741Sjmg
133741Sjmg	tv.tv_sec = data / 1000;
133741Sjmg	tv.tv_usec = (data % 1000) * 1000;
133741Sjmg	tticks = tvtohz(&tv);
133741Sjmg
133741Sjmg	return tticks;
133741Sjmg}
133741Sjmg
133741Sjmg/* XXX - move to kern_timeout.c? */
79989Sjlemonstatic void
79989Sjlemonfilt_timerexpire(void *knx)
79989Sjlemon{
79989Sjlemon	struct knote *kn = knx;
84138Sjlemon	struct callout *calloutp;
79989Sjlemon
79989Sjlemon	kn->kn_data++;
133741Sjmg	KNOTE_ACTIVATE(kn, 0);	/* XXX - handle locking */
79989Sjlemon
133741Sjmg	if ((kn->kn_flags & EV_ONESHOT) != EV_ONESHOT) {
84138Sjlemon		calloutp = (struct callout *)kn->kn_hook;
177860Sjeff		callout_reset_curcpu(calloutp, timertoticks(kn->kn_sdata),
133741Sjmg		    filt_timerexpire, kn);
79989Sjlemon	}
79989Sjlemon}
79989Sjlemon
79989Sjlemon/*
79989Sjlemon * data contains amount of time to sleep, in milliseconds
133590Srwatson */
133741Sjmg/* XXX - move to kern_timeout.c? */
79989Sjlemonstatic int
79989Sjlemonfilt_timerattach(struct knote *kn)
79989Sjlemon{
84138Sjlemon	struct callout *calloutp;
79989Sjlemon
133741Sjmg	atomic_add_int(&kq_ncallouts, 1);
133741Sjmg
133741Sjmg	if (kq_ncallouts >= kq_calloutmax) {
133741Sjmg		atomic_add_int(&kq_ncallouts, -1);
84138Sjlemon		return (ENOMEM);
133741Sjmg	}
84138Sjlemon
79989Sjlemon	kn->kn_flags |= EV_CLEAR;		/* automatically set */
136500Sjmg	kn->kn_status &= ~KN_DETACHED;		/* knlist_add usually sets it */
184214Sdes	calloutp = malloc(sizeof(*calloutp), M_KQUEUE, M_WAITOK);
142217Srwatson	callout_init(calloutp, CALLOUT_MPSAFE);
127982Scperciva	kn->kn_hook = calloutp;
177860Sjeff	callout_reset_curcpu(calloutp, timertoticks(kn->kn_sdata),
177860Sjeff	    filt_timerexpire, kn);
79989Sjlemon
79989Sjlemon	return (0);
79989Sjlemon}
79989Sjlemon
133741Sjmg/* XXX - move to kern_timeout.c? */
79989Sjlemonstatic void
79989Sjlemonfilt_timerdetach(struct knote *kn)
79989Sjlemon{
84138Sjlemon	struct callout *calloutp;
79989Sjlemon
84138Sjlemon	calloutp = (struct callout *)kn->kn_hook;
127982Scperciva	callout_drain(calloutp);
184205Sdes	free(calloutp, M_KQUEUE);
133741Sjmg	atomic_add_int(&kq_ncallouts, -1);
136500Sjmg	kn->kn_status |= KN_DETACHED;	/* knlist_remove usually clears it */
79989Sjlemon}
79989Sjlemon
133741Sjmg/* XXX - move to kern_timeout.c? */
79989Sjlemonstatic int
79989Sjlemonfilt_timer(struct knote *kn, long hint)
79989Sjlemon{
79989Sjlemon
79989Sjlemon	return (kn->kn_data != 0);
79989Sjlemon}
79989Sjlemon
197241Sssonstatic int
197241Sssonfilt_userattach(struct knote *kn)
197241Ssson{
197241Ssson
197241Ssson	/*
197241Ssson	 * EVFILT_USER knotes are not attached to anything in the kernel.
197241Ssson	 */
197241Ssson	kn->kn_hook = NULL;
197241Ssson	if (kn->kn_fflags & NOTE_TRIGGER)
197241Ssson		kn->kn_hookid = 1;
197241Ssson	else
197241Ssson		kn->kn_hookid = 0;
197241Ssson	return (0);
197241Ssson}
197241Ssson
197241Sssonstatic void
197241Sssonfilt_userdetach(__unused struct knote *kn)
197241Ssson{
197241Ssson
197241Ssson	/*
197241Ssson	 * EVFILT_USER knotes are not attached to anything in the kernel.
197241Ssson	 */
197241Ssson}
197241Ssson
197241Sssonstatic int
197241Sssonfilt_user(struct knote *kn, __unused long hint)
197241Ssson{
197241Ssson
197241Ssson	return (kn->kn_hookid);
197241Ssson}
197241Ssson
197241Sssonstatic void
197241Sssonfilt_usertouch(struct knote *kn, struct kevent *kev, long type)
197241Ssson{
197241Ssson	int ffctrl;
197241Ssson
197241Ssson	switch (type) {
197241Ssson	case EVENT_REGISTER:
197241Ssson		if (kev->fflags & NOTE_TRIGGER)
197241Ssson			kn->kn_hookid = 1;
197241Ssson
197241Ssson		ffctrl = kev->fflags & NOTE_FFCTRLMASK;
197241Ssson		kev->fflags &= NOTE_FFLAGSMASK;
197241Ssson		switch (ffctrl) {
197241Ssson		case NOTE_FFNOP:
197241Ssson			break;
197241Ssson
197241Ssson		case NOTE_FFAND:
197241Ssson			kn->kn_sfflags &= kev->fflags;
197241Ssson			break;
197241Ssson
197241Ssson		case NOTE_FFOR:
197241Ssson			kn->kn_sfflags |= kev->fflags;
197241Ssson			break;
197241Ssson
197241Ssson		case NOTE_FFCOPY:
197241Ssson			kn->kn_sfflags = kev->fflags;
197241Ssson			break;
197241Ssson
197241Ssson		default:
197241Ssson			/* XXX Return error? */
197241Ssson			break;
197241Ssson		}
197241Ssson		kn->kn_sdata = kev->data;
197241Ssson		if (kev->flags & EV_CLEAR) {
197241Ssson			kn->kn_hookid = 0;
197241Ssson			kn->kn_data = 0;
197241Ssson			kn->kn_fflags = 0;
197241Ssson		}
197241Ssson		break;
197241Ssson
197241Ssson        case EVENT_PROCESS:
197241Ssson		*kev = kn->kn_kevent;
197241Ssson		kev->fflags = kn->kn_sfflags;
197241Ssson		kev->data = kn->kn_sdata;
197241Ssson		if (kn->kn_flags & EV_CLEAR) {
197241Ssson			kn->kn_hookid = 0;
197241Ssson			kn->kn_data = 0;
197241Ssson			kn->kn_fflags = 0;
197241Ssson		}
197241Ssson		break;
197241Ssson
197241Ssson	default:
197241Ssson		panic("filt_usertouch() - invalid type (%ld)", type);
197241Ssson		break;
197241Ssson	}
197241Ssson}
197241Ssson
61468Sjlemonint
83366Sjuliankqueue(struct thread *td, struct kqueue_args *uap)
59290Sjlemon{
82710Sdillon	struct filedesc *fdp;
59290Sjlemon	struct kqueue *kq;
61468Sjlemon	struct file *fp;
61468Sjlemon	int fd, error;
59290Sjlemon
83366Sjulian	fdp = td->td_proc->p_fd;
83366Sjulian	error = falloc(td, &fp, &fd);
61468Sjlemon	if (error)
82710Sdillon		goto done2;
133741Sjmg
121256Sdwmalone	/* An extra reference on `nfp' has been held for us by falloc(). */
133741Sjmg	kq = malloc(sizeof *kq, M_KQUEUE, M_WAITOK | M_ZERO);
133741Sjmg	mtx_init(&kq->kq_lock, "kqueue", NULL, MTX_DEF|MTX_DUPOK);
89306Salfred	TAILQ_INIT(&kq->kq_head);
133741Sjmg	kq->kq_fdp = fdp;
193951Skib	knlist_init_mtx(&kq->kq_sel.si_note, &kq->kq_lock);
133741Sjmg	TASK_INIT(&kq->kq_task, 0, kqueue_task, kq);
133741Sjmg
168355Srwatson	FILEDESC_XLOCK(fdp);
133741Sjmg	SLIST_INSERT_HEAD(&fdp->fd_kqlist, kq, kq_list);
168355Srwatson	FILEDESC_XUNLOCK(fdp);
133741Sjmg
174988Sjeff	finit(fp, FREAD | FWRITE, DTYPE_KQUEUE, kq, &kqueueops);
121256Sdwmalone	fdrop(fp, td);
133741Sjmg
83366Sjulian	td->td_retval[0] = fd;
82710Sdillondone2:
61468Sjlemon	return (error);
59290Sjlemon}
59290Sjlemon
59290Sjlemon#ifndef _SYS_SYSPROTO_H_
59290Sjlemonstruct kevent_args {
59290Sjlemon	int	fd;
63977Speter	const struct kevent *changelist;
59290Sjlemon	int	nchanges;
63452Sjlemon	struct	kevent *eventlist;
59290Sjlemon	int	nevents;
63977Speter	const struct timespec *timeout;
59290Sjlemon};
59290Sjlemon#endif
59290Sjlemonint
83366Sjuliankevent(struct thread *td, struct kevent_args *uap)
59290Sjlemon{
142934Sps	struct timespec ts, *tsp;
146950Sps	struct kevent_copyops k_ops = { uap,
146950Sps					kevent_copyout,
146950Sps					kevent_copyin};
142934Sps	int error;
162592Sjmg#ifdef KTRACE
162592Sjmg	struct uio ktruio;
162592Sjmg	struct iovec ktriov;
162592Sjmg	struct uio *ktruioin = NULL;
162592Sjmg	struct uio *ktruioout = NULL;
162592Sjmg#endif
142934Sps
142934Sps	if (uap->timeout != NULL) {
142934Sps		error = copyin(uap->timeout, &ts, sizeof(ts));
142934Sps		if (error)
142934Sps			return (error);
142934Sps		tsp = &ts;
142934Sps	} else
142934Sps		tsp = NULL;
142934Sps
162592Sjmg#ifdef KTRACE
162592Sjmg	if (KTRPOINT(td, KTR_GENIO)) {
162592Sjmg		ktriov.iov_base = uap->changelist;
162592Sjmg		ktriov.iov_len = uap->nchanges * sizeof(struct kevent);
162592Sjmg		ktruio = (struct uio){ .uio_iov = &ktriov, .uio_iovcnt = 1,
162592Sjmg		    .uio_segflg = UIO_USERSPACE, .uio_rw = UIO_READ,
162592Sjmg		    .uio_td = td };
162592Sjmg		ktruioin = cloneuio(&ktruio);
162592Sjmg		ktriov.iov_base = uap->eventlist;
162592Sjmg		ktriov.iov_len = uap->nevents * sizeof(struct kevent);
162592Sjmg		ktruioout = cloneuio(&ktruio);
162592Sjmg	}
162592Sjmg#endif
162592Sjmg
162592Sjmg	error = kern_kevent(td, uap->fd, uap->nchanges, uap->nevents,
162592Sjmg	    &k_ops, tsp);
162592Sjmg
162592Sjmg#ifdef KTRACE
162592Sjmg	if (ktruioin != NULL) {
162592Sjmg		ktruioin->uio_resid = uap->nchanges * sizeof(struct kevent);
162592Sjmg		ktrgenio(uap->fd, UIO_WRITE, ktruioin, 0);
162592Sjmg		ktruioout->uio_resid = td->td_retval[0] * sizeof(struct kevent);
162592Sjmg		ktrgenio(uap->fd, UIO_READ, ktruioout, error);
162592Sjmg	}
162592Sjmg#endif
162592Sjmg
162592Sjmg	return (error);
142934Sps}
142934Sps
142934Sps/*
146950Sps * Copy 'count' items into the destination list pointed to by uap->eventlist.
142934Sps */
142934Spsstatic int
146950Spskevent_copyout(void *arg, struct kevent *kevp, int count)
142934Sps{
146950Sps	struct kevent_args *uap;
142934Sps	int error;
142934Sps
146950Sps	KASSERT(count <= KQ_NEVENTS, ("count (%d) > KQ_NEVENTS", count));
146950Sps	uap = (struct kevent_args *)arg;
146950Sps
146950Sps	error = copyout(kevp, uap->eventlist, count * sizeof *kevp);
146950Sps	if (error == 0)
146950Sps		uap->eventlist += count;
142934Sps	return (error);
142934Sps}
142934Sps
146950Sps/*
146950Sps * Copy 'count' items from the list pointed to by uap->changelist.
146950Sps */
146950Spsstatic int
146950Spskevent_copyin(void *arg, struct kevent *kevp, int count)
146950Sps{
146950Sps	struct kevent_args *uap;
146950Sps	int error;
146950Sps
146950Sps	KASSERT(count <= KQ_NEVENTS, ("count (%d) > KQ_NEVENTS", count));
146950Sps	uap = (struct kevent_args *)arg;
146950Sps
146950Sps	error = copyin(uap->changelist, kevp, count * sizeof *kevp);
146950Sps	if (error == 0)
146950Sps		uap->changelist += count;
146950Sps	return (error);
146950Sps}
146950Sps
142934Spsint
146950Spskern_kevent(struct thread *td, int fd, int nchanges, int nevents,
146950Sps    struct kevent_copyops *k_ops, const struct timespec *timeout)
142934Sps{
133741Sjmg	struct kevent keva[KQ_NEVENTS];
142934Sps	struct kevent *kevp, *changes;
59290Sjlemon	struct kqueue *kq;
86341Sdillon	struct file *fp;
59290Sjlemon	int i, n, nerrors, error;
59290Sjlemon
142934Sps	if ((error = fget(td, fd, &fp)) != 0)
89319Salfred		return (error);
170029Srwatson	if ((error = kqueue_acquire(fp, &kq)) != 0)
133741Sjmg		goto done_norel;
133741Sjmg
59290Sjlemon	nerrors = 0;
59290Sjlemon
142934Sps	while (nchanges > 0) {
146950Sps		n = nchanges > KQ_NEVENTS ? KQ_NEVENTS : nchanges;
146950Sps		error = k_ops->k_copyin(k_ops->arg, keva, n);
146950Sps		if (error)
146950Sps			goto done;
146950Sps		changes = keva;
59290Sjlemon		for (i = 0; i < n; i++) {
142934Sps			kevp = &changes[i];
151260Sambrisko			if (!kevp->filter)
151260Sambrisko				continue;
63452Sjlemon			kevp->flags &= ~EV_SYSFLAGS;
133741Sjmg			error = kqueue_register(kq, kevp, td, 1);
197243Ssson			if (error || (kevp->flags & EV_RECEIPT)) {
142934Sps				if (nevents != 0) {
63452Sjlemon					kevp->flags = EV_ERROR;
63452Sjlemon					kevp->data = error;
146950Sps					(void) k_ops->k_copyout(k_ops->arg,
146950Sps					    kevp, 1);
142934Sps					nevents--;
59290Sjlemon					nerrors++;
59290Sjlemon				} else {
68883Sdillon					goto done;
59290Sjlemon				}
59290Sjlemon			}
59290Sjlemon		}
142934Sps		nchanges -= n;
59290Sjlemon	}
59290Sjlemon	if (nerrors) {
133741Sjmg		td->td_retval[0] = nerrors;
68883Sdillon		error = 0;
68883Sdillon		goto done;
59290Sjlemon	}
59290Sjlemon
146950Sps	error = kqueue_scan(kq, nevents, k_ops, timeout, keva, td);
68883Sdillondone:
133741Sjmg	kqueue_release(kq, 0);
133741Sjmgdone_norel:
170066Srwatson	fdrop(fp, td);
59290Sjlemon	return (error);
59290Sjlemon}
59290Sjlemon
59290Sjlemonint
88633Salfredkqueue_add_filteropts(int filt, struct filterops *filtops)
88633Salfred{
133741Sjmg	int error;
88633Salfred
133741Sjmg	if (filt > 0 || filt + EVFILT_SYSCOUNT < 0) {
133741Sjmg		printf(
133741Sjmg"trying to add a filterop that is out of range: %d is beyond %d\n",
133741Sjmg		    ~filt, EVFILT_SYSCOUNT);
133741Sjmg		return EINVAL;
133741Sjmg	}
133741Sjmg	mtx_lock(&filterops_lock);
133741Sjmg	if (sysfilt_ops[~filt].for_fop != &null_filtops &&
133741Sjmg	    sysfilt_ops[~filt].for_fop != NULL)
133741Sjmg		error = EEXIST;
133741Sjmg	else {
133741Sjmg		sysfilt_ops[~filt].for_fop = filtops;
133741Sjmg		sysfilt_ops[~filt].for_refcnt = 0;
133741Sjmg	}
133741Sjmg	mtx_unlock(&filterops_lock);
133741Sjmg
88633Salfred	return (0);
88633Salfred}
88633Salfred
88633Salfredint
88633Salfredkqueue_del_filteropts(int filt)
88633Salfred{
133741Sjmg	int error;
88633Salfred
133741Sjmg	error = 0;
133741Sjmg	if (filt > 0 || filt + EVFILT_SYSCOUNT < 0)
133741Sjmg		return EINVAL;
133741Sjmg
133741Sjmg	mtx_lock(&filterops_lock);
133741Sjmg	if (sysfilt_ops[~filt].for_fop == &null_filtops ||
133741Sjmg	    sysfilt_ops[~filt].for_fop == NULL)
133741Sjmg		error = EINVAL;
133741Sjmg	else if (sysfilt_ops[~filt].for_refcnt != 0)
133741Sjmg		error = EBUSY;
133741Sjmg	else {
133741Sjmg		sysfilt_ops[~filt].for_fop = &null_filtops;
133741Sjmg		sysfilt_ops[~filt].for_refcnt = 0;
133741Sjmg	}
133741Sjmg	mtx_unlock(&filterops_lock);
133741Sjmg
133741Sjmg	return error;
88633Salfred}
88633Salfred
133741Sjmgstatic struct filterops *
133741Sjmgkqueue_fo_find(int filt)
133741Sjmg{
133741Sjmg
133741Sjmg	if (filt > 0 || filt + EVFILT_SYSCOUNT < 0)
133741Sjmg		return NULL;
133741Sjmg
133741Sjmg	mtx_lock(&filterops_lock);
133741Sjmg	sysfilt_ops[~filt].for_refcnt++;
133741Sjmg	if (sysfilt_ops[~filt].for_fop == NULL)
133741Sjmg		sysfilt_ops[~filt].for_fop = &null_filtops;
133741Sjmg	mtx_unlock(&filterops_lock);
133741Sjmg
133741Sjmg	return sysfilt_ops[~filt].for_fop;
133741Sjmg}
133741Sjmg
133741Sjmgstatic void
133741Sjmgkqueue_fo_release(int filt)
133741Sjmg{
133741Sjmg
133741Sjmg	if (filt > 0 || filt + EVFILT_SYSCOUNT < 0)
133741Sjmg		return;
133741Sjmg
133741Sjmg	mtx_lock(&filterops_lock);
133741Sjmg	KASSERT(sysfilt_ops[~filt].for_refcnt > 0,
133741Sjmg	    ("filter object refcount not valid on release"));
133741Sjmg	sysfilt_ops[~filt].for_refcnt--;
133741Sjmg	mtx_unlock(&filterops_lock);
133741Sjmg}
133741Sjmg
133741Sjmg/*
170029Srwatson * A ref to kq (obtained via kqueue_acquire) must be held.  waitok will
133741Sjmg * influence if memory allocation should wait.  Make sure it is 0 if you
133741Sjmg * hold any mutexes.
133741Sjmg */
162594Sjmgstatic int
133741Sjmgkqueue_register(struct kqueue *kq, struct kevent *kev, struct thread *td, int waitok)
59290Sjlemon{
59290Sjlemon	struct filterops *fops;
133741Sjmg	struct file *fp;
133741Sjmg	struct knote *kn, *tkn;
133741Sjmg	int error, filt, event;
133741Sjmg	int haskqglobal;
59290Sjlemon
133741Sjmg	fp = NULL;
133741Sjmg	kn = NULL;
133741Sjmg	error = 0;
133741Sjmg	haskqglobal = 0;
59290Sjlemon
133741Sjmg	filt = kev->filter;
133741Sjmg	fops = kqueue_fo_find(filt);
133741Sjmg	if (fops == NULL)
133741Sjmg		return EINVAL;
133741Sjmg
133741Sjmg	tkn = knote_alloc(waitok);		/* prevent waiting with locks */
133741Sjmg
133741Sjmgfindkn:
59290Sjlemon	if (fops->f_isfd) {
133741Sjmg		KASSERT(td != NULL, ("td is NULL"));
159553Sjhb		error = fget(td, kev->ident, &fp);
159553Sjhb		if (error)
133741Sjmg			goto done;
59290Sjlemon
133741Sjmg		if ((kev->flags & EV_ADD) == EV_ADD && kqueue_expand(kq, fops,
133741Sjmg		    kev->ident, 0) != 0) {
159553Sjhb			/* try again */
133741Sjmg			fdrop(fp, td);
133741Sjmg			fp = NULL;
133741Sjmg			error = kqueue_expand(kq, fops, kev->ident, waitok);
133741Sjmg			if (error)
133741Sjmg				goto done;
133741Sjmg			goto findkn;
133741Sjmg		}
133741Sjmg
133741Sjmg		if (fp->f_type == DTYPE_KQUEUE) {
133741Sjmg			/*
133741Sjmg			 * if we add some inteligence about what we are doing,
133741Sjmg			 * we should be able to support events on ourselves.
133741Sjmg			 * We need to know when we are doing this to prevent
133741Sjmg			 * getting both the knlist lock and the kq lock since
133741Sjmg			 * they are the same thing.
133741Sjmg			 */
133741Sjmg			if (fp->f_data == kq) {
133741Sjmg				error = EINVAL;
159172Spjd				goto done;
133741Sjmg			}
133741Sjmg
133741Sjmg			KQ_GLOBAL_LOCK(&kq_global, haskqglobal);
133741Sjmg		}
133741Sjmg
133741Sjmg		KQ_LOCK(kq);
133741Sjmg		if (kev->ident < kq->kq_knlistsize) {
133741Sjmg			SLIST_FOREACH(kn, &kq->kq_knlist[kev->ident], kn_link)
133741Sjmg				if (kev->filter == kn->kn_filter)
59290Sjlemon					break;
59290Sjlemon		}
59290Sjlemon	} else {
133741Sjmg		if ((kev->flags & EV_ADD) == EV_ADD)
133741Sjmg			kqueue_expand(kq, fops, kev->ident, waitok);
133741Sjmg
133741Sjmg		KQ_LOCK(kq);
133741Sjmg		if (kq->kq_knhashmask != 0) {
59290Sjlemon			struct klist *list;
133635Sjmg
133741Sjmg			list = &kq->kq_knhash[
133741Sjmg			    KN_HASH((u_long)kev->ident, kq->kq_knhashmask)];
59290Sjlemon			SLIST_FOREACH(kn, list, kn_link)
59290Sjlemon				if (kev->ident == kn->kn_id &&
59290Sjlemon				    kev->filter == kn->kn_filter)
59290Sjlemon					break;
59290Sjlemon		}
59290Sjlemon	}
59290Sjlemon
133741Sjmg	/* knote is in the process of changing, wait for it to stablize. */
133741Sjmg	if (kn != NULL && (kn->kn_status & KN_INFLUX) == KN_INFLUX) {
133741Sjmg		if (fp != NULL) {
133741Sjmg			fdrop(fp, td);
133741Sjmg			fp = NULL;
133741Sjmg		}
133741Sjmg		KQ_GLOBAL_UNLOCK(&kq_global, haskqglobal);
133741Sjmg		kq->kq_state |= KQ_FLUXWAIT;
133741Sjmg		msleep(kq, &kq->kq_lock, PSOCK | PDROP, "kqflxwt", 0);
133741Sjmg		goto findkn;
133741Sjmg	}
133741Sjmg
59290Sjlemon	/*
59290Sjlemon	 * kn now contains the matching knote, or NULL if no match
59290Sjlemon	 */
197240Ssson	if (kn == NULL) {
197240Ssson		if (kev->flags & EV_ADD) {
133741Sjmg			kn = tkn;
133741Sjmg			tkn = NULL;
68883Sdillon			if (kn == NULL) {
159173Spjd				KQ_UNLOCK(kq);
68883Sdillon				error = ENOMEM;
68883Sdillon				goto done;
68883Sdillon			}
59290Sjlemon			kn->kn_fp = fp;
59290Sjlemon			kn->kn_kq = kq;
59290Sjlemon			kn->kn_fop = fops;
68883Sdillon			/*
133741Sjmg			 * apply reference counts to knote structure, and
68883Sdillon			 * do not release it at the end of this routine.
68883Sdillon			 */
133741Sjmg			fops = NULL;
68883Sdillon			fp = NULL;
68883Sdillon
61962Sjlemon			kn->kn_sfflags = kev->fflags;
61962Sjlemon			kn->kn_sdata = kev->data;
61962Sjlemon			kev->fflags = 0;
61962Sjlemon			kev->data = 0;
61962Sjlemon			kn->kn_kevent = *kev;
157383Sjmg			kn->kn_kevent.flags &= ~(EV_ADD | EV_DELETE |
157383Sjmg			    EV_ENABLE | EV_DISABLE);
133741Sjmg			kn->kn_status = KN_INFLUX|KN_DETACHED;
61962Sjlemon
133741Sjmg			error = knote_attach(kn, kq);
133741Sjmg			KQ_UNLOCK(kq);
133741Sjmg			if (error != 0) {
133741Sjmg				tkn = kn;
133741Sjmg				goto done;
133741Sjmg			}
133741Sjmg
133741Sjmg			if ((error = kn->kn_fop->f_attach(kn)) != 0) {
83366Sjulian				knote_drop(kn, td);
59290Sjlemon				goto done;
59290Sjlemon			}
133741Sjmg			KN_LIST_LOCK(kn);
197240Ssson			goto done_ev_add;
61962Sjlemon		} else {
197240Ssson			/* No matching knote and the EV_ADD flag is not set. */
133741Sjmg			KQ_UNLOCK(kq);
197240Ssson			error = ENOENT;
197240Ssson			goto done;
59290Sjlemon		}
197240Ssson	}
197240Ssson
197240Ssson	if (kev->flags & EV_DELETE) {
133741Sjmg		kn->kn_status |= KN_INFLUX;
133741Sjmg		KQ_UNLOCK(kq);
134859Sjmg		if (!(kn->kn_status & KN_DETACHED))
134859Sjmg			kn->kn_fop->f_detach(kn);
83366Sjulian		knote_drop(kn, td);
59290Sjlemon		goto done;
59290Sjlemon	}
59290Sjlemon
197240Ssson	/*
197240Ssson	 * The user may change some filter values after the initial EV_ADD,
197240Ssson	 * but doing so will not reset any filter which has already been
197240Ssson	 * triggered.
197240Ssson	 */
197240Ssson	kn->kn_status |= KN_INFLUX;
197240Ssson	KQ_UNLOCK(kq);
197240Ssson	KN_LIST_LOCK(kn);
197240Ssson	kn->kn_kevent.udata = kev->udata;
197240Ssson	if (!fops->f_isfd && fops->f_touch != NULL) {
197240Ssson		fops->f_touch(kn, kev, EVENT_REGISTER);
197240Ssson	} else {
197240Ssson		kn->kn_sfflags = kev->fflags;
197240Ssson		kn->kn_sdata = kev->data;
197240Ssson	}
197240Ssson
197240Ssson	/*
197240Ssson	 * We can get here with kn->kn_knlist == NULL.  This can happen when
197240Ssson	 * the initial attach event decides that the event is "completed"
197240Ssson	 * already.  i.e. filt_procattach is called on a zombie process.  It
197240Ssson	 * will call filt_proc which will remove it from the list, and NULL
197240Ssson	 * kn_knlist.
197240Ssson	 */
197240Sssondone_ev_add:
197240Ssson	event = kn->kn_fop->f_event(kn, 0);
197240Ssson	KQ_LOCK(kq);
197240Ssson	if (event)
197240Ssson		KNOTE_ACTIVATE(kn, 1);
197240Ssson	kn->kn_status &= ~KN_INFLUX;
197240Ssson	KN_LIST_UNLOCK(kn);
197240Ssson
59290Sjlemon	if ((kev->flags & EV_DISABLE) &&
59290Sjlemon	    ((kn->kn_status & KN_DISABLED) == 0)) {
59290Sjlemon		kn->kn_status |= KN_DISABLED;
59290Sjlemon	}
59290Sjlemon
59290Sjlemon	if ((kev->flags & EV_ENABLE) && (kn->kn_status & KN_DISABLED)) {
59290Sjlemon		kn->kn_status &= ~KN_DISABLED;
59290Sjlemon		if ((kn->kn_status & KN_ACTIVE) &&
59290Sjlemon		    ((kn->kn_status & KN_QUEUED) == 0))
59290Sjlemon			knote_enqueue(kn);
59290Sjlemon	}
133741Sjmg	KQ_UNLOCK_FLUX(kq);
59290Sjlemon
59290Sjlemondone:
133741Sjmg	KQ_GLOBAL_UNLOCK(&kq_global, haskqglobal);
68883Sdillon	if (fp != NULL)
83366Sjulian		fdrop(fp, td);
133741Sjmg	if (tkn != NULL)
133741Sjmg		knote_free(tkn);
133741Sjmg	if (fops != NULL)
133741Sjmg		kqueue_fo_release(filt);
59290Sjlemon	return (error);
59290Sjlemon}
59290Sjlemon
59290Sjlemonstatic int
170029Srwatsonkqueue_acquire(struct file *fp, struct kqueue **kqp)
59290Sjlemon{
133741Sjmg	int error;
89306Salfred	struct kqueue *kq;
133741Sjmg
133741Sjmg	error = 0;
133741Sjmg
174988Sjeff	kq = fp->f_data;
174988Sjeff	if (fp->f_type != DTYPE_KQUEUE || kq == NULL)
174988Sjeff		return (EBADF);
174988Sjeff	*kqp = kq;
174988Sjeff	KQ_LOCK(kq);
174988Sjeff	if ((kq->kq_state & KQ_CLOSING) == KQ_CLOSING) {
133741Sjmg		KQ_UNLOCK(kq);
174988Sjeff		return (EBADF);
174988Sjeff	}
174988Sjeff	kq->kq_refcnt++;
174988Sjeff	KQ_UNLOCK(kq);
133741Sjmg
133741Sjmg	return error;
133741Sjmg}
133741Sjmg
133741Sjmgstatic void
133741Sjmgkqueue_release(struct kqueue *kq, int locked)
133741Sjmg{
133741Sjmg	if (locked)
133741Sjmg		KQ_OWNED(kq);
133741Sjmg	else
133741Sjmg		KQ_LOCK(kq);
133741Sjmg	kq->kq_refcnt--;
133741Sjmg	if (kq->kq_refcnt == 1)
133741Sjmg		wakeup(&kq->kq_refcnt);
133741Sjmg	if (!locked)
133741Sjmg		KQ_UNLOCK(kq);
133741Sjmg}
133741Sjmg
133741Sjmgstatic void
133741Sjmgkqueue_schedtask(struct kqueue *kq)
133741Sjmg{
133741Sjmg
133741Sjmg	KQ_OWNED(kq);
133741Sjmg	KASSERT(((kq->kq_state & KQ_TASKDRAIN) != KQ_TASKDRAIN),
133741Sjmg	    ("scheduling kqueue task while draining"));
133741Sjmg
133741Sjmg	if ((kq->kq_state & KQ_TASKSCHED) != KQ_TASKSCHED) {
133741Sjmg		taskqueue_enqueue(taskqueue_kqueue, &kq->kq_task);
133741Sjmg		kq->kq_state |= KQ_TASKSCHED;
133741Sjmg	}
133741Sjmg}
133741Sjmg
133741Sjmg/*
133741Sjmg * Expand the kq to make sure we have storage for fops/ident pair.
133741Sjmg *
133741Sjmg * Return 0 on success (or no work necessary), return errno on failure.
133741Sjmg *
133741Sjmg * Not calling hashinit w/ waitok (proper malloc flag) should be safe.
133741Sjmg * If kqueue_register is called from a non-fd context, there usually/should
133741Sjmg * be no locks held.
133741Sjmg */
133741Sjmgstatic int
133741Sjmgkqueue_expand(struct kqueue *kq, struct filterops *fops, uintptr_t ident,
133741Sjmg	int waitok)
133741Sjmg{
133741Sjmg	struct klist *list, *tmp_knhash;
133741Sjmg	u_long tmp_knhashmask;
133741Sjmg	int size;
133741Sjmg	int fd;
133741Sjmg	int mflag = waitok ? M_WAITOK : M_NOWAIT;
133741Sjmg
133741Sjmg	KQ_NOTOWNED(kq);
133741Sjmg
133741Sjmg	if (fops->f_isfd) {
133741Sjmg		fd = ident;
133741Sjmg		if (kq->kq_knlistsize <= fd) {
133741Sjmg			size = kq->kq_knlistsize;
133741Sjmg			while (size <= fd)
133741Sjmg				size += KQEXTENT;
184214Sdes			list = malloc(size * sizeof list, M_KQUEUE, mflag);
133741Sjmg			if (list == NULL)
133741Sjmg				return ENOMEM;
133741Sjmg			KQ_LOCK(kq);
133741Sjmg			if (kq->kq_knlistsize > fd) {
184205Sdes				free(list, M_KQUEUE);
133741Sjmg				list = NULL;
133741Sjmg			} else {
133741Sjmg				if (kq->kq_knlist != NULL) {
133741Sjmg					bcopy(kq->kq_knlist, list,
133741Sjmg					    kq->kq_knlistsize * sizeof list);
184205Sdes					free(kq->kq_knlist, M_KQUEUE);
133741Sjmg					kq->kq_knlist = NULL;
133741Sjmg				}
133741Sjmg				bzero((caddr_t)list +
133741Sjmg				    kq->kq_knlistsize * sizeof list,
133741Sjmg				    (size - kq->kq_knlistsize) * sizeof list);
133741Sjmg				kq->kq_knlistsize = size;
133741Sjmg				kq->kq_knlist = list;
133741Sjmg			}
133741Sjmg			KQ_UNLOCK(kq);
133741Sjmg		}
133741Sjmg	} else {
133741Sjmg		if (kq->kq_knhashmask == 0) {
133741Sjmg			tmp_knhash = hashinit(KN_HASHSIZE, M_KQUEUE,
133741Sjmg			    &tmp_knhashmask);
133741Sjmg			if (tmp_knhash == NULL)
133741Sjmg				return ENOMEM;
133741Sjmg			KQ_LOCK(kq);
133741Sjmg			if (kq->kq_knhashmask == 0) {
133741Sjmg				kq->kq_knhash = tmp_knhash;
133741Sjmg				kq->kq_knhashmask = tmp_knhashmask;
133741Sjmg			} else {
133741Sjmg				free(tmp_knhash, M_KQUEUE);
133741Sjmg			}
133741Sjmg			KQ_UNLOCK(kq);
133741Sjmg		}
133741Sjmg	}
133741Sjmg
133741Sjmg	KQ_NOTOWNED(kq);
133741Sjmg	return 0;
133741Sjmg}
133741Sjmg
133741Sjmgstatic void
133741Sjmgkqueue_task(void *arg, int pending)
133741Sjmg{
133741Sjmg	struct kqueue *kq;
133741Sjmg	int haskqglobal;
133741Sjmg
133741Sjmg	haskqglobal = 0;
133741Sjmg	kq = arg;
133741Sjmg
133741Sjmg	KQ_GLOBAL_LOCK(&kq_global, haskqglobal);
133741Sjmg	KQ_LOCK(kq);
133741Sjmg
133741Sjmg	KNOTE_LOCKED(&kq->kq_sel.si_note, 0);
133741Sjmg
133741Sjmg	kq->kq_state &= ~KQ_TASKSCHED;
133741Sjmg	if ((kq->kq_state & KQ_TASKDRAIN) == KQ_TASKDRAIN) {
133741Sjmg		wakeup(&kq->kq_state);
133741Sjmg	}
133741Sjmg	KQ_UNLOCK(kq);
133741Sjmg	KQ_GLOBAL_UNLOCK(&kq_global, haskqglobal);
133741Sjmg}
133741Sjmg
133741Sjmg/*
133741Sjmg * Scan, update kn_data (if not ONESHOT), and copyout triggered events.
133741Sjmg * We treat KN_MARKER knotes as if they are INFLUX.
133741Sjmg */
133741Sjmgstatic int
146950Spskqueue_scan(struct kqueue *kq, int maxevents, struct kevent_copyops *k_ops,
146950Sps    const struct timespec *tsp, struct kevent *keva, struct thread *td)
133741Sjmg{
59290Sjlemon	struct kevent *kevp;
59290Sjlemon	struct timeval atv, rtv, ttv;
133794Sgreen	struct knote *kn, *marker;
178914Skib	int count, timeout, nkev, error, influx;
197240Ssson	int haskqglobal, touch;
59290Sjlemon
59290Sjlemon	count = maxevents;
133741Sjmg	nkev = 0;
133741Sjmg	error = 0;
133741Sjmg	haskqglobal = 0;
59290Sjlemon
133741Sjmg	if (maxevents == 0)
133741Sjmg		goto done_nl;
133741Sjmg
64343Sjlemon	if (tsp != NULL) {
59290Sjlemon		TIMESPEC_TO_TIMEVAL(&atv, tsp);
64343Sjlemon		if (itimerfix(&atv)) {
59290Sjlemon			error = EINVAL;
133741Sjmg			goto done_nl;
59290Sjlemon		}
64343Sjlemon		if (tsp->tv_sec == 0 && tsp->tv_nsec == 0)
64343Sjlemon			timeout = -1;
133590Srwatson		else
64343Sjlemon			timeout = atv.tv_sec > 24 * 60 * 60 ?
64343Sjlemon			    24 * 60 * 60 * hz : tvtohz(&atv);
64343Sjlemon		getmicrouptime(&rtv);
64343Sjlemon		timevaladd(&atv, &rtv);
64343Sjlemon	} else {
64343Sjlemon		atv.tv_sec = 0;
64343Sjlemon		atv.tv_usec = 0;
59290Sjlemon		timeout = 0;
59290Sjlemon	}
133794Sgreen	marker = knote_alloc(1);
133794Sgreen	if (marker == NULL) {
133794Sgreen		error = ENOMEM;
133794Sgreen		goto done_nl;
133794Sgreen	}
133794Sgreen	marker->kn_status = KN_MARKER;
133741Sjmg	KQ_LOCK(kq);
59290Sjlemon	goto start;
59290Sjlemon
59290Sjlemonretry:
64343Sjlemon	if (atv.tv_sec || atv.tv_usec) {
59290Sjlemon		getmicrouptime(&rtv);
59290Sjlemon		if (timevalcmp(&rtv, &atv, >=))
59290Sjlemon			goto done;
59290Sjlemon		ttv = atv;
59290Sjlemon		timevalsub(&ttv, &rtv);
59290Sjlemon		timeout = ttv.tv_sec > 24 * 60 * 60 ?
59290Sjlemon			24 * 60 * 60 * hz : tvtohz(&ttv);
59290Sjlemon	}
59290Sjlemon
59290Sjlemonstart:
133741Sjmg	kevp = keva;
59290Sjlemon	if (kq->kq_count == 0) {
133590Srwatson		if (timeout < 0) {
64343Sjlemon			error = EWOULDBLOCK;
64343Sjlemon		} else {
64343Sjlemon			kq->kq_state |= KQ_SLEEP;
133741Sjmg			error = msleep(kq, &kq->kq_lock, PSOCK | PCATCH,
133741Sjmg			    "kqread", timeout);
64343Sjlemon		}
64084Sjlemon		if (error == 0)
59290Sjlemon			goto retry;
64084Sjlemon		/* don't restart after signals... */
64084Sjlemon		if (error == ERESTART)
64084Sjlemon			error = EINTR;
64084Sjlemon		else if (error == EWOULDBLOCK)
59290Sjlemon			error = 0;
59290Sjlemon		goto done;
59290Sjlemon	}
59290Sjlemon
133794Sgreen	TAILQ_INSERT_TAIL(&kq->kq_head, marker, kn_tqe);
178914Skib	influx = 0;
59290Sjlemon	while (count) {
133741Sjmg		KQ_OWNED(kq);
59290Sjlemon		kn = TAILQ_FIRST(&kq->kq_head);
133741Sjmg
133794Sgreen		if ((kn->kn_status == KN_MARKER && kn != marker) ||
133741Sjmg		    (kn->kn_status & KN_INFLUX) == KN_INFLUX) {
178914Skib			if (influx) {
178914Skib				influx = 0;
178914Skib				KQ_FLUX_WAKEUP(kq);
178914Skib			}
180336Skib			kq->kq_state |= KQ_FLUXWAIT;
133741Sjmg			error = msleep(kq, &kq->kq_lock, PSOCK,
133741Sjmg			    "kqflxwt", 0);
133741Sjmg			continue;
133741Sjmg		}
133741Sjmg
133590Srwatson		TAILQ_REMOVE(&kq->kq_head, kn, kn_tqe);
133741Sjmg		if ((kn->kn_status & KN_DISABLED) == KN_DISABLED) {
133741Sjmg			kn->kn_status &= ~KN_QUEUED;
133741Sjmg			kq->kq_count--;
133741Sjmg			continue;
133741Sjmg		}
133794Sgreen		if (kn == marker) {
133741Sjmg			KQ_FLUX_WAKEUP(kq);
59290Sjlemon			if (count == maxevents)
59290Sjlemon				goto retry;
59290Sjlemon			goto done;
59290Sjlemon		}
133741Sjmg		KASSERT((kn->kn_status & KN_INFLUX) == 0,
133741Sjmg		    ("KN_INFLUX set when not suppose to be"));
133741Sjmg
133741Sjmg		if ((kn->kn_flags & EV_ONESHOT) == EV_ONESHOT) {
59290Sjlemon			kn->kn_status &= ~KN_QUEUED;
133741Sjmg			kn->kn_status |= KN_INFLUX;
59290Sjlemon			kq->kq_count--;
133741Sjmg			KQ_UNLOCK(kq);
133741Sjmg			/*
133741Sjmg			 * We don't need to lock the list since we've marked
133741Sjmg			 * it _INFLUX.
133741Sjmg			 */
133741Sjmg			*kevp = kn->kn_kevent;
134859Sjmg			if (!(kn->kn_status & KN_DETACHED))
134859Sjmg				kn->kn_fop->f_detach(kn);
83366Sjulian			knote_drop(kn, td);
133741Sjmg			KQ_LOCK(kq);
133741Sjmg			kn = NULL;
59290Sjlemon		} else {
133741Sjmg			kn->kn_status |= KN_INFLUX;
133741Sjmg			KQ_UNLOCK(kq);
133741Sjmg			if ((kn->kn_status & KN_KQUEUE) == KN_KQUEUE)
133741Sjmg				KQ_GLOBAL_LOCK(&kq_global, haskqglobal);
133741Sjmg			KN_LIST_LOCK(kn);
133741Sjmg			if (kn->kn_fop->f_event(kn, 0) == 0) {
133741Sjmg				KQ_LOCK(kq);
157754Sjhb				KQ_GLOBAL_UNLOCK(&kq_global, haskqglobal);
133741Sjmg				kn->kn_status &=
133741Sjmg				    ~(KN_QUEUED | KN_ACTIVE | KN_INFLUX);
133741Sjmg				kq->kq_count--;
150199Sups				KN_LIST_UNLOCK(kn);
178914Skib				influx = 1;
133741Sjmg				continue;
133741Sjmg			}
197240Ssson			touch = (!kn->kn_fop->f_isfd &&
197240Ssson			    kn->kn_fop->f_touch != NULL);
197240Ssson			if (touch)
197240Ssson				kn->kn_fop->f_touch(kn, kevp, EVENT_PROCESS);
197240Ssson			else
197240Ssson				*kevp = kn->kn_kevent;
133741Sjmg			KQ_LOCK(kq);
157754Sjhb			KQ_GLOBAL_UNLOCK(&kq_global, haskqglobal);
197242Ssson			if (kn->kn_flags & (EV_CLEAR |  EV_DISPATCH)) {
197240Ssson				/*
197240Ssson				 * Manually clear knotes who weren't
197240Ssson				 * 'touch'ed.
197240Ssson				 */
197242Ssson				if (touch == 0 && kn->kn_flags & EV_CLEAR) {
197240Ssson					kn->kn_data = 0;
197240Ssson					kn->kn_fflags = 0;
197240Ssson				}
197242Ssson				if (kn->kn_flags & EV_DISPATCH)
197242Ssson					kn->kn_status |= KN_DISABLED;
133741Sjmg				kn->kn_status &= ~(KN_QUEUED | KN_ACTIVE);
133741Sjmg				kq->kq_count--;
133741Sjmg			} else
133741Sjmg				TAILQ_INSERT_TAIL(&kq->kq_head, kn, kn_tqe);
150199Sups
150199Sups			kn->kn_status &= ~(KN_INFLUX);
133741Sjmg			KN_LIST_UNLOCK(kn);
178914Skib			influx = 1;
59290Sjlemon		}
133741Sjmg
133741Sjmg		/* we are returning a copy to the user */
133741Sjmg		kevp++;
133741Sjmg		nkev++;
59290Sjlemon		count--;
133741Sjmg
59290Sjlemon		if (nkev == KQ_NEVENTS) {
178914Skib			influx = 0;
133741Sjmg			KQ_UNLOCK_FLUX(kq);
146950Sps			error = k_ops->k_copyout(k_ops->arg, keva, nkev);
59290Sjlemon			nkev = 0;
133741Sjmg			kevp = keva;
133741Sjmg			KQ_LOCK(kq);
59997Sjlemon			if (error)
59997Sjlemon				break;
59290Sjlemon		}
59290Sjlemon	}
133794Sgreen	TAILQ_REMOVE(&kq->kq_head, marker, kn_tqe);
59290Sjlemondone:
133741Sjmg	KQ_OWNED(kq);
133741Sjmg	KQ_UNLOCK_FLUX(kq);
133794Sgreen	knote_free(marker);
133741Sjmgdone_nl:
133741Sjmg	KQ_NOTOWNED(kq);
59290Sjlemon	if (nkev != 0)
146950Sps		error = k_ops->k_copyout(k_ops->arg, keva, nkev);
133741Sjmg	td->td_retval[0] = maxevents - count;
59290Sjlemon	return (error);
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*
59290Sjlemon * XXX
59290Sjlemon * This could be expanded to call kqueue_scan, if desired.
59290Sjlemon */
59290Sjlemon/*ARGSUSED*/
59290Sjlemonstatic int
101941Srwatsonkqueue_read(struct file *fp, struct uio *uio, struct ucred *active_cred,
83366Sjulian	int flags, struct thread *td)
59290Sjlemon{
59290Sjlemon	return (ENXIO);
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*ARGSUSED*/
59290Sjlemonstatic int
101941Srwatsonkqueue_write(struct file *fp, struct uio *uio, struct ucred *active_cred,
83366Sjulian	 int flags, struct thread *td)
59290Sjlemon{
59290Sjlemon	return (ENXIO);
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*ARGSUSED*/
59290Sjlemonstatic int
175140Sjhbkqueue_truncate(struct file *fp, off_t length, struct ucred *active_cred,
175140Sjhb	struct thread *td)
175140Sjhb{
175140Sjhb
175140Sjhb	return (EINVAL);
175140Sjhb}
175140Sjhb
175140Sjhb/*ARGSUSED*/
175140Sjhbstatic int
132138Salfredkqueue_ioctl(struct file *fp, u_long cmd, void *data,
102003Srwatson	struct ucred *active_cred, struct thread *td)
59290Sjlemon{
132174Salfred	/*
132174Salfred	 * Enabling sigio causes two major problems:
132174Salfred	 * 1) infinite recursion:
132174Salfred	 * Synopsys: kevent is being used to track signals and have FIOASYNC
132174Salfred	 * set.  On receipt of a signal this will cause a kqueue to recurse
132174Salfred	 * into itself over and over.  Sending the sigio causes the kqueue
132174Salfred	 * to become ready, which in turn posts sigio again, forever.
132174Salfred	 * Solution: this can be solved by setting a flag in the kqueue that
132174Salfred	 * we have a SIGIO in progress.
132174Salfred	 * 2) locking problems:
132174Salfred	 * Synopsys: Kqueue is a leaf subsystem, but adding signalling puts
132174Salfred	 * us above the proc and pgrp locks.
132174Salfred	 * Solution: Post a signal using an async mechanism, being sure to
132174Salfred	 * record a generation count in the delivery so that we do not deliver
132174Salfred	 * a signal to the wrong process.
132174Salfred	 *
132174Salfred	 * Note, these two mechanisms are somewhat mutually exclusive!
132174Salfred	 */
132174Salfred#if 0
132138Salfred	struct kqueue *kq;
132138Salfred
132138Salfred	kq = fp->f_data;
132138Salfred	switch (cmd) {
132138Salfred	case FIOASYNC:
132138Salfred		if (*(int *)data) {
132138Salfred			kq->kq_state |= KQ_ASYNC;
132138Salfred		} else {
132138Salfred			kq->kq_state &= ~KQ_ASYNC;
132138Salfred		}
132138Salfred		return (0);
132138Salfred
132138Salfred	case FIOSETOWN:
132138Salfred		return (fsetown(*(int *)data, &kq->kq_sigio));
132138Salfred
132138Salfred	case FIOGETOWN:
132138Salfred		*(int *)data = fgetown(&kq->kq_sigio);
132138Salfred		return (0);
132138Salfred	}
132174Salfred#endif
132138Salfred
59290Sjlemon	return (ENOTTY);
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*ARGSUSED*/
59290Sjlemonstatic int
101983Srwatsonkqueue_poll(struct file *fp, int events, struct ucred *active_cred,
101987Srwatson	struct thread *td)
59290Sjlemon{
89306Salfred	struct kqueue *kq;
59290Sjlemon	int revents = 0;
133741Sjmg	int error;
59290Sjlemon
170029Srwatson	if ((error = kqueue_acquire(fp, &kq)))
133741Sjmg		return POLLERR;
133741Sjmg
133741Sjmg	KQ_LOCK(kq);
133741Sjmg	if (events & (POLLIN | POLLRDNORM)) {
133741Sjmg		if (kq->kq_count) {
133741Sjmg			revents |= events & (POLLIN | POLLRDNORM);
59290Sjlemon		} else {
133741Sjmg			selrecord(td, &kq->kq_sel);
174647Sjeff			if (SEL_WAITING(&kq->kq_sel))
174647Sjeff				kq->kq_state |= KQ_SEL;
59290Sjlemon		}
59290Sjlemon	}
133741Sjmg	kqueue_release(kq, 1);
133741Sjmg	KQ_UNLOCK(kq);
59290Sjlemon	return (revents);
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*ARGSUSED*/
59290Sjlemonstatic int
101983Srwatsonkqueue_stat(struct file *fp, struct stat *st, struct ucred *active_cred,
101987Srwatson	struct thread *td)
59290Sjlemon{
59290Sjlemon
146603Sjmg	bzero((void *)st, sizeof *st);
146603Sjmg	/*
146603Sjmg	 * We no longer return kq_count because the unlocked value is useless.
146603Sjmg	 * If you spent all this time getting the count, why not spend your
146603Sjmg	 * syscall better by calling kevent?
146603Sjmg	 *
146603Sjmg	 * XXX - This is needed for libc_r.
146603Sjmg	 */
146603Sjmg	st->st_mode = S_IFIFO;
146603Sjmg	return (0);
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*ARGSUSED*/
59290Sjlemonstatic int
83366Sjuliankqueue_close(struct file *fp, struct thread *td)
59290Sjlemon{
109153Sdillon	struct kqueue *kq = fp->f_data;
133741Sjmg	struct filedesc *fdp;
133741Sjmg	struct knote *kn;
59290Sjlemon	int i;
133741Sjmg	int error;
59290Sjlemon
170029Srwatson	if ((error = kqueue_acquire(fp, &kq)))
133741Sjmg		return error;
133741Sjmg
133741Sjmg	KQ_LOCK(kq);
133741Sjmg
133741Sjmg	KASSERT((kq->kq_state & KQ_CLOSING) != KQ_CLOSING,
133741Sjmg	    ("kqueue already closing"));
133741Sjmg	kq->kq_state |= KQ_CLOSING;
133741Sjmg	if (kq->kq_refcnt > 1)
133741Sjmg		msleep(&kq->kq_refcnt, &kq->kq_lock, PSOCK, "kqclose", 0);
133741Sjmg
133741Sjmg	KASSERT(kq->kq_refcnt == 1, ("other refs are out there!"));
133741Sjmg	fdp = kq->kq_fdp;
133741Sjmg
133741Sjmg	KASSERT(knlist_empty(&kq->kq_sel.si_note),
133741Sjmg	    ("kqueue's knlist not empty"));
133741Sjmg
133741Sjmg	for (i = 0; i < kq->kq_knlistsize; i++) {
133741Sjmg		while ((kn = SLIST_FIRST(&kq->kq_knlist[i])) != NULL) {
178913Skib			if ((kn->kn_status & KN_INFLUX) == KN_INFLUX) {
178913Skib				kq->kq_state |= KQ_FLUXWAIT;
178913Skib				msleep(kq, &kq->kq_lock, PSOCK, "kqclo1", 0);
178913Skib				continue;
178913Skib			}
133741Sjmg			kn->kn_status |= KN_INFLUX;
133741Sjmg			KQ_UNLOCK(kq);
134859Sjmg			if (!(kn->kn_status & KN_DETACHED))
134859Sjmg				kn->kn_fop->f_detach(kn);
133741Sjmg			knote_drop(kn, td);
133741Sjmg			KQ_LOCK(kq);
59290Sjlemon		}
59290Sjlemon	}
133741Sjmg	if (kq->kq_knhashmask != 0) {
133741Sjmg		for (i = 0; i <= kq->kq_knhashmask; i++) {
133741Sjmg			while ((kn = SLIST_FIRST(&kq->kq_knhash[i])) != NULL) {
178913Skib				if ((kn->kn_status & KN_INFLUX) == KN_INFLUX) {
178913Skib					kq->kq_state |= KQ_FLUXWAIT;
178913Skib					msleep(kq, &kq->kq_lock, PSOCK,
178913Skib					       "kqclo2", 0);
178913Skib					continue;
178913Skib				}
133741Sjmg				kn->kn_status |= KN_INFLUX;
133741Sjmg				KQ_UNLOCK(kq);
134859Sjmg				if (!(kn->kn_status & KN_DETACHED))
134859Sjmg					kn->kn_fop->f_detach(kn);
133741Sjmg				knote_drop(kn, td);
133741Sjmg				KQ_LOCK(kq);
59290Sjlemon			}
59290Sjlemon		}
59290Sjlemon	}
133741Sjmg
133741Sjmg	if ((kq->kq_state & KQ_TASKSCHED) == KQ_TASKSCHED) {
133741Sjmg		kq->kq_state |= KQ_TASKDRAIN;
133741Sjmg		msleep(&kq->kq_state, &kq->kq_lock, PSOCK, "kqtqdr", 0);
133741Sjmg	}
133741Sjmg
133741Sjmg	if ((kq->kq_state & KQ_SEL) == KQ_SEL) {
126033Sgreen		selwakeuppri(&kq->kq_sel, PSOCK);
174647Sjeff		if (!SEL_WAITING(&kq->kq_sel))
174647Sjeff			kq->kq_state &= ~KQ_SEL;
126033Sgreen	}
133741Sjmg
133741Sjmg	KQ_UNLOCK(kq);
133741Sjmg
168355Srwatson	FILEDESC_XLOCK(fdp);
133741Sjmg	SLIST_REMOVE(&fdp->fd_kqlist, kq, kqueue, kq_list);
168355Srwatson	FILEDESC_XUNLOCK(fdp);
133741Sjmg
133741Sjmg	knlist_destroy(&kq->kq_sel.si_note);
133741Sjmg	mtx_destroy(&kq->kq_lock);
133741Sjmg	kq->kq_fdp = NULL;
133741Sjmg
133741Sjmg	if (kq->kq_knhash != NULL)
133741Sjmg		free(kq->kq_knhash, M_KQUEUE);
133741Sjmg	if (kq->kq_knlist != NULL)
133741Sjmg		free(kq->kq_knlist, M_KQUEUE);
133741Sjmg
132138Salfred	funsetown(&kq->kq_sigio);
84138Sjlemon	free(kq, M_KQUEUE);
109153Sdillon	fp->f_data = NULL;
59290Sjlemon
59290Sjlemon	return (0);
59290Sjlemon}
59290Sjlemon
59290Sjlemonstatic void
59290Sjlemonkqueue_wakeup(struct kqueue *kq)
59290Sjlemon{
133741Sjmg	KQ_OWNED(kq);
59290Sjlemon
133741Sjmg	if ((kq->kq_state & KQ_SLEEP) == KQ_SLEEP) {
59290Sjlemon		kq->kq_state &= ~KQ_SLEEP;
59290Sjlemon		wakeup(kq);
59290Sjlemon	}
133741Sjmg	if ((kq->kq_state & KQ_SEL) == KQ_SEL) {
122352Stanimura		selwakeuppri(&kq->kq_sel, PSOCK);
174647Sjeff		if (!SEL_WAITING(&kq->kq_sel))
174647Sjeff			kq->kq_state &= ~KQ_SEL;
59290Sjlemon	}
133741Sjmg	if (!knlist_empty(&kq->kq_sel.si_note))
133741Sjmg		kqueue_schedtask(kq);
133741Sjmg	if ((kq->kq_state & KQ_ASYNC) == KQ_ASYNC) {
132138Salfred		pgsigio(&kq->kq_sigio, SIGIO, 0);
132138Salfred	}
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*
133741Sjmg * Walk down a list of knotes, activating them if their event has triggered.
133741Sjmg *
133741Sjmg * There is a possibility to optimize in the case of one kq watching another.
133741Sjmg * Instead of scheduling a task to wake it up, you could pass enough state
133741Sjmg * down the chain to make up the parent kqueue.  Make this code functional
133741Sjmg * first.
59290Sjlemon */
59290Sjlemonvoid
195148Sstasknote(struct knlist *list, long hint, int lockflags)
59290Sjlemon{
133741Sjmg	struct kqueue *kq;
59290Sjlemon	struct knote *kn;
195148Sstas	int error;
59290Sjlemon
133741Sjmg	if (list == NULL)
133741Sjmg		return;
133741Sjmg
195148Sstas	KNL_ASSERT_LOCK(list, lockflags & KNF_LISTLOCKED);
147730Sssouhlal
195148Sstas	if ((lockflags & KNF_LISTLOCKED) == 0)
147730Sssouhlal		list->kl_lock(list->kl_lockarg);
147730Sssouhlal
133741Sjmg	/*
133741Sjmg	 * If we unlock the list lock (and set KN_INFLUX), we can eliminate
133741Sjmg	 * the kqueue scheduling, but this will introduce four
133741Sjmg	 * lock/unlock's for each knote to test.  If we do, continue to use
133741Sjmg	 * SLIST_FOREACH, SLIST_FOREACH_SAFE is not safe in our case, it is
133741Sjmg	 * only safe if you want to remove the current item, which we are
133741Sjmg	 * not doing.
133741Sjmg	 */
133741Sjmg	SLIST_FOREACH(kn, &list->kl_list, kn_selnext) {
133741Sjmg		kq = kn->kn_kq;
133741Sjmg		if ((kn->kn_status & KN_INFLUX) != KN_INFLUX) {
133741Sjmg			KQ_LOCK(kq);
195148Sstas			if ((kn->kn_status & KN_INFLUX) == KN_INFLUX) {
195148Sstas				KQ_UNLOCK(kq);
195148Sstas			} else if ((lockflags & KNF_NOKQLOCK) != 0) {
195148Sstas				kn->kn_status |= KN_INFLUX;
195148Sstas				KQ_UNLOCK(kq);
195148Sstas				error = kn->kn_fop->f_event(kn, hint);
195148Sstas				KQ_LOCK(kq);
195148Sstas				kn->kn_status &= ~KN_INFLUX;
195148Sstas				if (error)
195148Sstas					KNOTE_ACTIVATE(kn, 1);
195148Sstas				KQ_UNLOCK_FLUX(kq);
195148Sstas			} else {
133741Sjmg				kn->kn_status |= KN_HASKQLOCK;
133741Sjmg				if (kn->kn_fop->f_event(kn, hint))
133741Sjmg					KNOTE_ACTIVATE(kn, 1);
133741Sjmg				kn->kn_status &= ~KN_HASKQLOCK;
195148Sstas				KQ_UNLOCK(kq);
133741Sjmg			}
133741Sjmg		}
133741Sjmg		kq = NULL;
133741Sjmg	}
195148Sstas	if ((lockflags & KNF_LISTLOCKED) == 0)
147730Sssouhlal		list->kl_unlock(list->kl_lockarg);
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*
133741Sjmg * add a knote to a knlist
133741Sjmg */
133741Sjmgvoid
133741Sjmgknlist_add(struct knlist *knl, struct knote *kn, int islocked)
133741Sjmg{
147730Sssouhlal	KNL_ASSERT_LOCK(knl, islocked);
133741Sjmg	KQ_NOTOWNED(kn->kn_kq);
133741Sjmg	KASSERT((kn->kn_status & (KN_INFLUX|KN_DETACHED)) ==
133741Sjmg	    (KN_INFLUX|KN_DETACHED), ("knote not KN_INFLUX and KN_DETACHED"));
133741Sjmg	if (!islocked)
147730Sssouhlal		knl->kl_lock(knl->kl_lockarg);
133741Sjmg	SLIST_INSERT_HEAD(&knl->kl_list, kn, kn_selnext);
133741Sjmg	if (!islocked)
147730Sssouhlal		knl->kl_unlock(knl->kl_lockarg);
133741Sjmg	KQ_LOCK(kn->kn_kq);
133741Sjmg	kn->kn_knlist = knl;
133741Sjmg	kn->kn_status &= ~KN_DETACHED;
133741Sjmg	KQ_UNLOCK(kn->kn_kq);
133741Sjmg}
133741Sjmg
133741Sjmgstatic void
133741Sjmgknlist_remove_kq(struct knlist *knl, struct knote *kn, int knlislocked, int kqislocked)
133741Sjmg{
133741Sjmg	KASSERT(!(!!kqislocked && !knlislocked), ("kq locked w/o knl locked"));
147730Sssouhlal	KNL_ASSERT_LOCK(knl, knlislocked);
133741Sjmg	mtx_assert(&kn->kn_kq->kq_lock, kqislocked ? MA_OWNED : MA_NOTOWNED);
133741Sjmg	if (!kqislocked)
133741Sjmg		KASSERT((kn->kn_status & (KN_INFLUX|KN_DETACHED)) == KN_INFLUX,
133741Sjmg    ("knlist_remove called w/o knote being KN_INFLUX or already removed"));
133741Sjmg	if (!knlislocked)
147730Sssouhlal		knl->kl_lock(knl->kl_lockarg);
133741Sjmg	SLIST_REMOVE(&knl->kl_list, kn, knote, kn_selnext);
133741Sjmg	kn->kn_knlist = NULL;
133741Sjmg	if (!knlislocked)
147730Sssouhlal		knl->kl_unlock(knl->kl_lockarg);
133741Sjmg	if (!kqislocked)
133741Sjmg		KQ_LOCK(kn->kn_kq);
133741Sjmg	kn->kn_status |= KN_DETACHED;
133741Sjmg	if (!kqislocked)
133741Sjmg		KQ_UNLOCK(kn->kn_kq);
133741Sjmg}
133741Sjmg
133741Sjmg/*
59290Sjlemon * remove all knotes from a specified klist
59290Sjlemon */
59290Sjlemonvoid
133741Sjmgknlist_remove(struct knlist *knl, struct knote *kn, int islocked)
59290Sjlemon{
133741Sjmg
133741Sjmg	knlist_remove_kq(knl, kn, islocked, 0);
133741Sjmg}
133741Sjmg
133741Sjmg/*
133741Sjmg * remove knote from a specified klist while in f_event handler.
133741Sjmg */
133741Sjmgvoid
133741Sjmgknlist_remove_inevent(struct knlist *knl, struct knote *kn)
133741Sjmg{
133741Sjmg
133741Sjmg	knlist_remove_kq(knl, kn, 1,
133741Sjmg	    (kn->kn_status & KN_HASKQLOCK) == KN_HASKQLOCK);
133741Sjmg}
133741Sjmg
133741Sjmgint
133741Sjmgknlist_empty(struct knlist *knl)
133741Sjmg{
147730Sssouhlal	KNL_ASSERT_LOCKED(knl);
133741Sjmg	return SLIST_EMPTY(&knl->kl_list);
133741Sjmg}
133741Sjmg
133741Sjmgstatic struct mtx	knlist_lock;
133741SjmgMTX_SYSINIT(knlist_lock, &knlist_lock, "knlist lock for lockless objects",
133741Sjmg	MTX_DEF);
147730Sssouhlalstatic void knlist_mtx_lock(void *arg);
147730Sssouhlalstatic void knlist_mtx_unlock(void *arg);
133741Sjmg
147730Sssouhlalstatic void
147730Sssouhlalknlist_mtx_lock(void *arg)
147730Sssouhlal{
147730Sssouhlal	mtx_lock((struct mtx *)arg);
147730Sssouhlal}
147730Sssouhlal
147730Sssouhlalstatic void
147730Sssouhlalknlist_mtx_unlock(void *arg)
147730Sssouhlal{
147730Sssouhlal	mtx_unlock((struct mtx *)arg);
147730Sssouhlal}
147730Sssouhlal
193951Skibstatic void
193951Skibknlist_mtx_assert_locked(void *arg)
147730Sssouhlal{
193951Skib	mtx_assert((struct mtx *)arg, MA_OWNED);
147730Sssouhlal}
147730Sssouhlal
193951Skibstatic void
193951Skibknlist_mtx_assert_unlocked(void *arg)
193951Skib{
193951Skib	mtx_assert((struct mtx *)arg, MA_NOTOWNED);
193951Skib}
193951Skib
133741Sjmgvoid
147730Sssouhlalknlist_init(struct knlist *knl, void *lock, void (*kl_lock)(void *),
193951Skib    void (*kl_unlock)(void *),
193951Skib    void (*kl_assert_locked)(void *), void (*kl_assert_unlocked)(void *))
133741Sjmg{
133741Sjmg
147730Sssouhlal	if (lock == NULL)
147730Sssouhlal		knl->kl_lockarg = &knlist_lock;
133741Sjmg	else
147730Sssouhlal		knl->kl_lockarg = lock;
133741Sjmg
147730Sssouhlal	if (kl_lock == NULL)
147730Sssouhlal		knl->kl_lock = knlist_mtx_lock;
147730Sssouhlal	else
147730Sssouhlal		knl->kl_lock = kl_lock;
157582Sjmg	if (kl_unlock == NULL)
147730Sssouhlal		knl->kl_unlock = knlist_mtx_unlock;
147730Sssouhlal	else
147730Sssouhlal		knl->kl_unlock = kl_unlock;
193951Skib	if (kl_assert_locked == NULL)
193951Skib		knl->kl_assert_locked = knlist_mtx_assert_locked;
147730Sssouhlal	else
193951Skib		knl->kl_assert_locked = kl_assert_locked;
193951Skib	if (kl_assert_unlocked == NULL)
193951Skib		knl->kl_assert_unlocked = knlist_mtx_assert_unlocked;
193951Skib	else
193951Skib		knl->kl_assert_unlocked = kl_assert_unlocked;
147730Sssouhlal
133741Sjmg	SLIST_INIT(&knl->kl_list);
133741Sjmg}
133741Sjmg
133741Sjmgvoid
193951Skibknlist_init_mtx(struct knlist *knl, struct mtx *lock)
193951Skib{
193951Skib
193951Skib	knlist_init(knl, lock, NULL, NULL, NULL, NULL);
193951Skib}
193951Skib
193951Skibvoid
133741Sjmgknlist_destroy(struct knlist *knl)
133741Sjmg{
133741Sjmg
133741Sjmg#ifdef INVARIANTS
133741Sjmg	/*
133741Sjmg	 * if we run across this error, we need to find the offending
133741Sjmg	 * driver and have it call knlist_clear.
133741Sjmg	 */
133741Sjmg	if (!SLIST_EMPTY(&knl->kl_list))
133741Sjmg		printf("WARNING: destroying knlist w/ knotes on it!\n");
133741Sjmg#endif
133741Sjmg
147730Sssouhlal	knl->kl_lockarg = knl->kl_lock = knl->kl_unlock = NULL;
133741Sjmg	SLIST_INIT(&knl->kl_list);
133741Sjmg}
133741Sjmg
133741Sjmg/*
133741Sjmg * Even if we are locked, we may need to drop the lock to allow any influx
133741Sjmg * knotes time to "settle".
133741Sjmg */
133741Sjmgvoid
143776Sjmgknlist_cleardel(struct knlist *knl, struct thread *td, int islocked, int killkn)
133741Sjmg{
159171Spjd	struct knote *kn, *kn2;
133741Sjmg	struct kqueue *kq;
59290Sjlemon
133741Sjmg	if (islocked)
147730Sssouhlal		KNL_ASSERT_LOCKED(knl);
133741Sjmg	else {
147730Sssouhlal		KNL_ASSERT_UNLOCKED(knl);
170029Srwatsonagain:		/* need to reacquire lock since we have dropped it */
147730Sssouhlal		knl->kl_lock(knl->kl_lockarg);
59290Sjlemon	}
133741Sjmg
159171Spjd	SLIST_FOREACH_SAFE(kn, &knl->kl_list, kn_selnext, kn2) {
133741Sjmg		kq = kn->kn_kq;
133741Sjmg		KQ_LOCK(kq);
143776Sjmg		if ((kn->kn_status & KN_INFLUX)) {
133741Sjmg			KQ_UNLOCK(kq);
133741Sjmg			continue;
133741Sjmg		}
133741Sjmg		knlist_remove_kq(knl, kn, 1, 1);
143776Sjmg		if (killkn) {
143776Sjmg			kn->kn_status |= KN_INFLUX | KN_DETACHED;
143776Sjmg			KQ_UNLOCK(kq);
143776Sjmg			knote_drop(kn, td);
143776Sjmg		} else {
143776Sjmg			/* Make sure cleared knotes disappear soon */
143776Sjmg			kn->kn_flags |= (EV_EOF | EV_ONESHOT);
143776Sjmg			KQ_UNLOCK(kq);
143776Sjmg		}
133741Sjmg		kq = NULL;
133741Sjmg	}
133741Sjmg
133741Sjmg	if (!SLIST_EMPTY(&knl->kl_list)) {
133741Sjmg		/* there are still KN_INFLUX remaining */
133741Sjmg		kn = SLIST_FIRST(&knl->kl_list);
133741Sjmg		kq = kn->kn_kq;
133741Sjmg		KQ_LOCK(kq);
133741Sjmg		KASSERT(kn->kn_status & KN_INFLUX,
133741Sjmg		    ("knote removed w/o list lock"));
147730Sssouhlal		knl->kl_unlock(knl->kl_lockarg);
133741Sjmg		kq->kq_state |= KQ_FLUXWAIT;
133741Sjmg		msleep(kq, &kq->kq_lock, PSOCK | PDROP, "kqkclr", 0);
133741Sjmg		kq = NULL;
133741Sjmg		goto again;
133741Sjmg	}
133741Sjmg
133741Sjmg	if (islocked)
147730Sssouhlal		KNL_ASSERT_LOCKED(knl);
133741Sjmg	else {
147730Sssouhlal		knl->kl_unlock(knl->kl_lockarg);
147730Sssouhlal		KNL_ASSERT_UNLOCKED(knl);
133741Sjmg	}
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*
168355Srwatson * Remove all knotes referencing a specified fd must be called with FILEDESC
168355Srwatson * lock.  This prevents a race where a new fd comes along and occupies the
168355Srwatson * entry and we attach a knote to the fd.
59290Sjlemon */
59290Sjlemonvoid
83366Sjulianknote_fdclose(struct thread *td, int fd)
59290Sjlemon{
83366Sjulian	struct filedesc *fdp = td->td_proc->p_fd;
133741Sjmg	struct kqueue *kq;
133741Sjmg	struct knote *kn;
133741Sjmg	int influx;
59290Sjlemon
168355Srwatson	FILEDESC_XLOCK_ASSERT(fdp);
133741Sjmg
133741Sjmg	/*
133741Sjmg	 * We shouldn't have to worry about new kevents appearing on fd
133741Sjmg	 * since filedesc is locked.
133741Sjmg	 */
133741Sjmg	SLIST_FOREACH(kq, &fdp->fd_kqlist, kq_list) {
133741Sjmg		KQ_LOCK(kq);
133741Sjmg
133741Sjmgagain:
133741Sjmg		influx = 0;
133741Sjmg		while (kq->kq_knlistsize > fd &&
133741Sjmg		    (kn = SLIST_FIRST(&kq->kq_knlist[fd])) != NULL) {
133741Sjmg			if (kn->kn_status & KN_INFLUX) {
133741Sjmg				/* someone else might be waiting on our knote */
133741Sjmg				if (influx)
133741Sjmg					wakeup(kq);
133741Sjmg				kq->kq_state |= KQ_FLUXWAIT;
133741Sjmg				msleep(kq, &kq->kq_lock, PSOCK, "kqflxwt", 0);
133741Sjmg				goto again;
133741Sjmg			}
133741Sjmg			kn->kn_status |= KN_INFLUX;
133741Sjmg			KQ_UNLOCK(kq);
134859Sjmg			if (!(kn->kn_status & KN_DETACHED))
134859Sjmg				kn->kn_fop->f_detach(kn);
133741Sjmg			knote_drop(kn, td);
133741Sjmg			influx = 1;
133741Sjmg			KQ_LOCK(kq);
133741Sjmg		}
133741Sjmg		KQ_UNLOCK_FLUX(kq);
133741Sjmg	}
59290Sjlemon}
59290Sjlemon
133741Sjmgstatic int
133741Sjmgknote_attach(struct knote *kn, struct kqueue *kq)
59290Sjlemon{
133741Sjmg	struct klist *list;
59290Sjlemon
133741Sjmg	KASSERT(kn->kn_status & KN_INFLUX, ("knote not marked INFLUX"));
133741Sjmg	KQ_OWNED(kq);
89306Salfred
133741Sjmg	if (kn->kn_fop->f_isfd) {
133741Sjmg		if (kn->kn_id >= kq->kq_knlistsize)
133741Sjmg			return ENOMEM;
133741Sjmg		list = &kq->kq_knlist[kn->kn_id];
133741Sjmg	} else {
133741Sjmg		if (kq->kq_knhash == NULL)
133741Sjmg			return ENOMEM;
133741Sjmg		list = &kq->kq_knhash[KN_HASH(kn->kn_id, kq->kq_knhashmask)];
59290Sjlemon	}
59290Sjlemon
59290Sjlemon	SLIST_INSERT_HEAD(list, kn, kn_link);
133741Sjmg
133741Sjmg	return 0;
59290Sjlemon}
59290Sjlemon
59290Sjlemon/*
151260Sambrisko * knote must already have been detached using the f_detach method.
133741Sjmg * no lock need to be held, it is assumed that the KN_INFLUX flag is set
133741Sjmg * to prevent other removal.
59290Sjlemon */
59290Sjlemonstatic void
83366Sjulianknote_drop(struct knote *kn, struct thread *td)
59290Sjlemon{
133741Sjmg	struct kqueue *kq;
59290Sjlemon	struct klist *list;
59290Sjlemon
133741Sjmg	kq = kn->kn_kq;
133741Sjmg
133741Sjmg	KQ_NOTOWNED(kq);
133741Sjmg	KASSERT((kn->kn_status & KN_INFLUX) == KN_INFLUX,
133741Sjmg	    ("knote_drop called without KN_INFLUX set in kn_status"));
133741Sjmg
133741Sjmg	KQ_LOCK(kq);
59290Sjlemon	if (kn->kn_fop->f_isfd)
133741Sjmg		list = &kq->kq_knlist[kn->kn_id];
59290Sjlemon	else
133741Sjmg		list = &kq->kq_knhash[KN_HASH(kn->kn_id, kq->kq_knhashmask)];
59290Sjlemon
151260Sambrisko	if (!SLIST_EMPTY(list))
151260Sambrisko		SLIST_REMOVE(list, kn, knote, kn_link);
59290Sjlemon	if (kn->kn_status & KN_QUEUED)
59290Sjlemon		knote_dequeue(kn);
133741Sjmg	KQ_UNLOCK_FLUX(kq);
133741Sjmg
133741Sjmg	if (kn->kn_fop->f_isfd) {
133741Sjmg		fdrop(kn->kn_fp, td);
133741Sjmg		kn->kn_fp = NULL;
133741Sjmg	}
133741Sjmg	kqueue_fo_release(kn->kn_kevent.filter);
133741Sjmg	kn->kn_fop = NULL;
59290Sjlemon	knote_free(kn);
59290Sjlemon}
59290Sjlemon
59290Sjlemonstatic void
59290Sjlemonknote_enqueue(struct knote *kn)
59290Sjlemon{
59290Sjlemon	struct kqueue *kq = kn->kn_kq;
59290Sjlemon
133741Sjmg	KQ_OWNED(kn->kn_kq);
59997Sjlemon	KASSERT((kn->kn_status & KN_QUEUED) == 0, ("knote already queued"));
59997Sjlemon
133590Srwatson	TAILQ_INSERT_TAIL(&kq->kq_head, kn, kn_tqe);
59290Sjlemon	kn->kn_status |= KN_QUEUED;
59290Sjlemon	kq->kq_count++;
59290Sjlemon	kqueue_wakeup(kq);
59290Sjlemon}
59290Sjlemon
59290Sjlemonstatic void
59290Sjlemonknote_dequeue(struct knote *kn)
59290Sjlemon{
59290Sjlemon	struct kqueue *kq = kn->kn_kq;
59290Sjlemon
133741Sjmg	KQ_OWNED(kn->kn_kq);
59997Sjlemon	KASSERT(kn->kn_status & KN_QUEUED, ("knote not queued"));
59997Sjlemon
133590Srwatson	TAILQ_REMOVE(&kq->kq_head, kn, kn_tqe);
59290Sjlemon	kn->kn_status &= ~KN_QUEUED;
59290Sjlemon	kq->kq_count--;
59290Sjlemon}
59290Sjlemon
59290Sjlemonstatic void
59290Sjlemonknote_init(void)
59290Sjlemon{
133741Sjmg
92751Sjeff	knote_zone = uma_zcreate("KNOTE", sizeof(struct knote), NULL, NULL,
92751Sjeff	    NULL, NULL, UMA_ALIGN_PTR, 0);
59290Sjlemon}
177253SrwatsonSYSINIT(knote, SI_SUB_PSEUDO, SI_ORDER_ANY, knote_init, NULL);
59290Sjlemon
59290Sjlemonstatic struct knote *
133741Sjmgknote_alloc(int waitok)
59290Sjlemon{
133741Sjmg	return ((struct knote *)uma_zalloc(knote_zone,
133741Sjmg	    (waitok ? M_WAITOK : M_NOWAIT)|M_ZERO));
59290Sjlemon}
59290Sjlemon
59290Sjlemonstatic void
59290Sjlemonknote_free(struct knote *kn)
59290Sjlemon{
133741Sjmg	if (kn != NULL)
133741Sjmg		uma_zfree(knote_zone, kn);
59290Sjlemon}
162594Sjmg
162594Sjmg/*
162594Sjmg * Register the kev w/ the kq specified by fd.
162594Sjmg */
162594Sjmgint
162594Sjmgkqfd_register(int fd, struct kevent *kev, struct thread *td, int waitok)
162594Sjmg{
162594Sjmg	struct kqueue *kq;
162594Sjmg	struct file *fp;
162594Sjmg	int error;
162594Sjmg
162594Sjmg	if ((error = fget(td, fd, &fp)) != 0)
162594Sjmg		return (error);
170029Srwatson	if ((error = kqueue_acquire(fp, &kq)) != 0)
170029Srwatson		goto noacquire;
162594Sjmg
162594Sjmg	error = kqueue_register(kq, kev, td, waitok);
162594Sjmg
162594Sjmg	kqueue_release(kq, 0);
162594Sjmg
170029Srwatsonnoacquire:
162608Sjmg	fdrop(fp, td);
162594Sjmg
162594Sjmg	return error;
162594Sjmg}