1139804Simp/*- 21541Srgrimes * Copyright (c) 1982, 1986, 1991, 1993 31541Srgrimes * The Regents of the University of California. All rights reserved. 41541Srgrimes * (c) UNIX System Laboratories, Inc. 51541Srgrimes * All or some portions of this file are derived from material licensed 61541Srgrimes * to the University of California by American Telephone and Telegraph 71541Srgrimes * Co. or Unix System Laboratories, Inc. and are reproduced herein with 81541Srgrimes * the permission of UNIX System Laboratories, Inc. 91541Srgrimes * 101541Srgrimes * Redistribution and use in source and binary forms, with or without 111541Srgrimes * modification, are permitted provided that the following conditions 121541Srgrimes * are met: 131541Srgrimes * 1. Redistributions of source code must retain the above copyright 141541Srgrimes * notice, this list of conditions and the following disclaimer. 151541Srgrimes * 2. Redistributions in binary form must reproduce the above copyright 161541Srgrimes * notice, this list of conditions and the following disclaimer in the 171541Srgrimes * documentation and/or other materials provided with the distribution. 181541Srgrimes * 4. Neither the name of the University nor the names of its contributors 191541Srgrimes * may be used to endorse or promote products derived from this software 201541Srgrimes * without specific prior written permission. 211541Srgrimes * 221541Srgrimes * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 231541Srgrimes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 241541Srgrimes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 251541Srgrimes * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 261541Srgrimes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 271541Srgrimes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 281541Srgrimes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 291541Srgrimes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 301541Srgrimes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 311541Srgrimes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 321541Srgrimes * SUCH DAMAGE. 331541Srgrimes * 341541Srgrimes * @(#)kern_subr.c 8.3 (Berkeley) 1/21/94 351541Srgrimes */ 361541Srgrimes 37116182Sobrien#include <sys/cdefs.h> 38116182Sobrien__FBSDID("$FreeBSD$"); 39116182Sobrien 4098849Sken#include "opt_zero.h" 4198849Sken 421541Srgrimes#include <sys/param.h> 431541Srgrimes#include <sys/systm.h> 4444218Sbde#include <sys/kernel.h> 45120665Snectar#include <sys/limits.h> 4676166Smarkm#include <sys/lock.h> 47220100Skib#include <sys/mman.h> 4876166Smarkm#include <sys/mutex.h> 491541Srgrimes#include <sys/proc.h> 50220100Skib#include <sys/resourcevar.h> 51104964Sjeff#include <sys/sched.h> 5278431Swollman#include <sys/sysctl.h> 5332702Sdyson#include <sys/vnode.h> 541541Srgrimes 5531853Sdyson#include <vm/vm.h> 56240238Skib#include <vm/vm_param.h> 57220100Skib#include <vm/vm_extern.h> 5831853Sdyson#include <vm/vm_page.h> 5931853Sdyson#include <vm/vm_map.h> 6099848Sken#ifdef ZERO_COPY_SOCKETS 6199848Sken#include <vm/vm_object.h> 6299848Sken#endif 6331853Sdyson 64111737SdesSYSCTL_INT(_kern, KERN_IOV_MAX, iov_max, CTLFLAG_RD, NULL, UIO_MAXIOV, 6578431Swollman "Maximum number of elements in an I/O vector; sysconf(_SC_IOV_MAX)"); 6678431Swollman 67223889Skibstatic int uiomove_faultflag(void *cp, int n, struct uio *uio, int nofault); 68223889Skib 6998849Sken#ifdef ZERO_COPY_SOCKETS 7098849Sken/* Declared in uipc_socket.c */ 7198849Skenextern int so_zero_copy_receive; 7298849Sken 73138781Salc/* 74138781Salc * Identify the physical page mapped at the given kernel virtual 75138781Salc * address. Insert this physical page into the given address space at 76138781Salc * the given virtual address, replacing the physical page, if any, 77138781Salc * that already exists there. 78138781Salc */ 7998849Skenstatic int 80137377Salcvm_pgmoveco(vm_map_t mapa, vm_offset_t kaddr, vm_offset_t uaddr) 8198849Sken{ 8298849Sken vm_map_t map = mapa; 8398849Sken vm_page_t kern_pg, user_pg; 8498849Sken vm_object_t uobject; 8598849Sken vm_map_entry_t entry; 86137244Salc vm_pindex_t upindex; 8798849Sken vm_prot_t prot; 8898849Sken boolean_t wired; 8998849Sken 90138781Salc KASSERT((uaddr & PAGE_MASK) == 0, 91138781Salc ("vm_pgmoveco: uaddr is not page aligned")); 92138781Salc 9398849Sken /* 94138781Salc * Herein the physical page is validated and dirtied. It is 95138781Salc * unwired in sf_buf_mext(). 9698849Sken */ 9798849Sken kern_pg = PHYS_TO_VM_PAGE(vtophys(kaddr)); 98138781Salc kern_pg->valid = VM_PAGE_BITS_ALL; 99138781Salc KASSERT(kern_pg->queue == PQ_NONE && kern_pg->wire_count == 1, 100138781Salc ("vm_pgmoveco: kern_pg is not correctly wired")); 101138424Salc 10298849Sken if ((vm_map_lookup(&map, uaddr, 103111977Sken VM_PROT_WRITE, &entry, &uobject, 10498849Sken &upindex, &prot, &wired)) != KERN_SUCCESS) { 10598849Sken return(EFAULT); 10698849Sken } 107116110Salc VM_OBJECT_LOCK(uobject); 108138781Salcretry: 10998849Sken if ((user_pg = vm_page_lookup(uobject, upindex)) != NULL) { 110161252Salc if (vm_page_sleep_if_busy(user_pg, TRUE, "vm_pgmoveco")) 111161252Salc goto retry; 112207669Salc vm_page_lock(user_pg); 113107371Salc pmap_remove_all(user_pg); 11498849Sken vm_page_free(user_pg); 115207669Salc vm_page_unlock(user_pg); 116138781Salc } else { 117138781Salc /* 118138781Salc * Even if a physical page does not exist in the 119138781Salc * object chain's first object, a physical page from a 120138781Salc * backing object may be mapped read only. 121138781Salc */ 122138781Salc if (uobject->backing_object != NULL) 123138781Salc pmap_remove(map->pmap, uaddr, uaddr + PAGE_SIZE); 12498849Sken } 125138424Salc vm_page_insert(kern_pg, uobject, upindex); 126138424Salc vm_page_dirty(kern_pg); 127116110Salc VM_OBJECT_UNLOCK(uobject); 12898849Sken vm_map_lookup_done(map, entry); 12998849Sken return(KERN_SUCCESS); 13098849Sken} 13198849Sken#endif /* ZERO_COPY_SOCKETS */ 13298849Sken 1331549Srgrimesint 134223889Skibcopyin_nofault(const void *udaddr, void *kaddr, size_t len) 135223889Skib{ 136223889Skib int error, save; 137223889Skib 138223889Skib save = vm_fault_disable_pagefaults(); 139223889Skib error = copyin(udaddr, kaddr, len); 140223889Skib vm_fault_enable_pagefaults(save); 141223889Skib return (error); 142223889Skib} 143223889Skib 144223889Skibint 145223889Skibcopyout_nofault(const void *kaddr, void *udaddr, size_t len) 146223889Skib{ 147223889Skib int error, save; 148223889Skib 149223889Skib save = vm_fault_disable_pagefaults(); 150223889Skib error = copyout(kaddr, udaddr, len); 151223889Skib vm_fault_enable_pagefaults(save); 152223889Skib return (error); 153223889Skib} 154223889Skib 155251874Sscottl#define PHYS_PAGE_COUNT(len) (howmany(len, PAGE_SIZE) + 1) 156251874Sscottl 157223889Skibint 158251874Sscottlphyscopyin(void *src, vm_paddr_t dst, size_t len) 159251874Sscottl{ 160251874Sscottl vm_page_t m[PHYS_PAGE_COUNT(len)]; 161251874Sscottl struct iovec iov[1]; 162251874Sscottl struct uio uio; 163251874Sscottl int i; 164251874Sscottl 165251874Sscottl iov[0].iov_base = src; 166251874Sscottl iov[0].iov_len = len; 167251874Sscottl uio.uio_iov = iov; 168251874Sscottl uio.uio_iovcnt = 1; 169251874Sscottl uio.uio_offset = 0; 170251874Sscottl uio.uio_resid = len; 171251874Sscottl uio.uio_segflg = UIO_SYSSPACE; 172251874Sscottl uio.uio_rw = UIO_WRITE; 173251874Sscottl for (i = 0; i < PHYS_PAGE_COUNT(len); i++, dst += PAGE_SIZE) 174251874Sscottl m[i] = PHYS_TO_VM_PAGE(dst); 175251874Sscottl return (uiomove_fromphys(m, dst & PAGE_MASK, len, &uio)); 176251874Sscottl} 177251874Sscottl 178251874Sscottlint 179251874Sscottlphyscopyout(vm_paddr_t src, void *dst, size_t len) 180251874Sscottl{ 181251874Sscottl vm_page_t m[PHYS_PAGE_COUNT(len)]; 182251874Sscottl struct iovec iov[1]; 183251874Sscottl struct uio uio; 184251874Sscottl int i; 185251874Sscottl 186251874Sscottl iov[0].iov_base = dst; 187251874Sscottl iov[0].iov_len = len; 188251874Sscottl uio.uio_iov = iov; 189251874Sscottl uio.uio_iovcnt = 1; 190251874Sscottl uio.uio_offset = 0; 191251874Sscottl uio.uio_resid = len; 192251874Sscottl uio.uio_segflg = UIO_SYSSPACE; 193251874Sscottl uio.uio_rw = UIO_READ; 194251874Sscottl for (i = 0; i < PHYS_PAGE_COUNT(len); i++, src += PAGE_SIZE) 195251874Sscottl m[i] = PHYS_TO_VM_PAGE(src); 196251874Sscottl return (uiomove_fromphys(m, src & PAGE_MASK, len, &uio)); 197251874Sscottl} 198251874Sscottl 199251874Sscottl#undef PHYS_PAGE_COUNT 200251874Sscottl 201251874Sscottlint 202111739Sdesuiomove(void *cp, int n, struct uio *uio) 2031541Srgrimes{ 204223889Skib 205223889Skib return (uiomove_faultflag(cp, n, uio, 0)); 206223889Skib} 207223889Skib 208223889Skibint 209223889Skibuiomove_nofault(void *cp, int n, struct uio *uio) 210223889Skib{ 211223889Skib 212223889Skib return (uiomove_faultflag(cp, n, uio, 1)); 213223889Skib} 214223889Skib 215223889Skibstatic int 216223889Skibuiomove_faultflag(void *cp, int n, struct uio *uio, int nofault) 217223889Skib{ 218223889Skib struct thread *td; 219111737Sdes struct iovec *iov; 220233353Skib size_t cnt; 221223889Skib int error, newflags, save; 2221541Srgrimes 223223889Skib td = curthread; 224223889Skib error = 0; 225223889Skib 22642408Seivind KASSERT(uio->uio_rw == UIO_READ || uio->uio_rw == UIO_WRITE, 22742453Seivind ("uiomove: mode")); 228223889Skib KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == td, 22942453Seivind ("uiomove proc")); 230223889Skib if (!nofault) 231223889Skib WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 232223889Skib "Calling uiomove()"); 23342408Seivind 234223889Skib /* XXX does it make a sense to set TDP_DEADLKTREAT for UIO_SYSSPACE ? */ 235223889Skib newflags = TDP_DEADLKTREAT; 236233647Salc if (uio->uio_segflg == UIO_USERSPACE && nofault) { 237233647Salc /* 238233647Salc * Fail if a non-spurious page fault occurs. 239233647Salc */ 240233647Salc newflags |= TDP_NOFAULTING | TDP_RESETSPUR; 241233647Salc } 242223889Skib save = curthread_pflags_set(newflags); 24344681Sjulian 2441541Srgrimes while (n > 0 && uio->uio_resid) { 2451541Srgrimes iov = uio->uio_iov; 2461541Srgrimes cnt = iov->iov_len; 2471541Srgrimes if (cnt == 0) { 2481541Srgrimes uio->uio_iov++; 2491541Srgrimes uio->uio_iovcnt--; 2501541Srgrimes continue; 2511541Srgrimes } 2521541Srgrimes if (cnt > n) 2531541Srgrimes cnt = n; 2546324Sdg 2551541Srgrimes switch (uio->uio_segflg) { 2561541Srgrimes 2571541Srgrimes case UIO_USERSPACE: 258218195Smdf maybe_yield(); 2591541Srgrimes if (uio->uio_rw == UIO_READ) 2601541Srgrimes error = copyout(cp, iov->iov_base, cnt); 2611541Srgrimes else 2621541Srgrimes error = copyin(iov->iov_base, cp, cnt); 2631541Srgrimes if (error) 26490413Stmm goto out; 2651541Srgrimes break; 2661541Srgrimes 2671541Srgrimes case UIO_SYSSPACE: 2681541Srgrimes if (uio->uio_rw == UIO_READ) 26998998Salfred bcopy(cp, iov->iov_base, cnt); 2701541Srgrimes else 27198998Salfred bcopy(iov->iov_base, cp, cnt); 2721541Srgrimes break; 2737611Sdg case UIO_NOCOPY: 2747611Sdg break; 2751541Srgrimes } 276104908Smike iov->iov_base = (char *)iov->iov_base + cnt; 2771541Srgrimes iov->iov_len -= cnt; 2781541Srgrimes uio->uio_resid -= cnt; 2791541Srgrimes uio->uio_offset += cnt; 280111739Sdes cp = (char *)cp + cnt; 2811541Srgrimes n -= cnt; 2821541Srgrimes } 28390413Stmmout: 284223889Skib curthread_pflags_restore(save); 28544681Sjulian return (error); 2861541Srgrimes} 2871541Srgrimes 288120665Snectar/* 289120665Snectar * Wrapper for uiomove() that validates the arguments against a known-good 290120665Snectar * kernel buffer. Currently, uiomove accepts a signed (n) argument, which 291120665Snectar * is almost definitely a bad thing, so we catch that here as well. We 292120665Snectar * return a runtime failure, but it might be desirable to generate a runtime 293120665Snectar * assertion failure instead. 294120665Snectar */ 295120665Snectarint 296120665Snectaruiomove_frombuf(void *buf, int buflen, struct uio *uio) 297120665Snectar{ 298233353Skib size_t offset, n; 299120665Snectar 300120665Snectar if (uio->uio_offset < 0 || uio->uio_resid < 0 || 301120665Snectar (offset = uio->uio_offset) != uio->uio_offset) 302120665Snectar return (EINVAL); 303120665Snectar if (buflen <= 0 || offset >= buflen) 304120665Snectar return (0); 305233353Skib if ((n = buflen - offset) > IOSIZE_MAX) 306120665Snectar return (EINVAL); 307120665Snectar return (uiomove((char *)buf + offset, n, uio)); 308120665Snectar} 309120665Snectar 310111937Salc#ifdef ZERO_COPY_SOCKETS 31196080Salc/* 31296080Salc * Experimental support for zero-copy I/O 31396080Salc */ 31498849Skenstatic int 315138539Salcuserspaceco(void *cp, u_int cnt, struct uio *uio, int disposable) 31698849Sken{ 31798849Sken struct iovec *iov; 31898849Sken int error; 31998849Sken 32098849Sken iov = uio->uio_iov; 32198849Sken if (uio->uio_rw == UIO_READ) { 32298849Sken if ((so_zero_copy_receive != 0) 32398849Sken && ((cnt & PAGE_MASK) == 0) 32498849Sken && ((((intptr_t) iov->iov_base) & PAGE_MASK) == 0) 32598849Sken && ((uio->uio_offset & PAGE_MASK) == 0) 32698849Sken && ((((intptr_t) cp) & PAGE_MASK) == 0) 32798849Sken && (disposable != 0)) { 32898849Sken /* SOCKET: use page-trading */ 32998849Sken /* 33098849Sken * We only want to call vm_pgmoveco() on 33198849Sken * disposeable pages, since it gives the 33298849Sken * kernel page to the userland process. 33398849Sken */ 33498849Sken error = vm_pgmoveco(&curproc->p_vmspace->vm_map, 335137377Salc (vm_offset_t)cp, (vm_offset_t)iov->iov_base); 33698849Sken 33798849Sken /* 33898849Sken * If we get an error back, attempt 33998849Sken * to use copyout() instead. The 34098849Sken * disposable page should be freed 34198849Sken * automatically if we weren't able to move 34298849Sken * it into userland. 34398849Sken */ 34498849Sken if (error != 0) 34598849Sken error = copyout(cp, iov->iov_base, cnt); 34698849Sken } else { 34798849Sken error = copyout(cp, iov->iov_base, cnt); 34898849Sken } 34998849Sken } else { 35098849Sken error = copyin(iov->iov_base, cp, cnt); 35198849Sken } 35298849Sken return (error); 35398849Sken} 35498849Sken 35531853Sdysonint 356138539Salcuiomoveco(void *cp, int n, struct uio *uio, int disposable) 35731853Sdyson{ 35831853Sdyson struct iovec *iov; 35931853Sdyson u_int cnt; 36031853Sdyson int error; 36131853Sdyson 36242408Seivind KASSERT(uio->uio_rw == UIO_READ || uio->uio_rw == UIO_WRITE, 36342453Seivind ("uiomoveco: mode")); 36483366Sjulian KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread, 36542453Seivind ("uiomoveco proc")); 36642408Seivind 36731853Sdyson while (n > 0 && uio->uio_resid) { 36831853Sdyson iov = uio->uio_iov; 36931853Sdyson cnt = iov->iov_len; 37031853Sdyson if (cnt == 0) { 37131853Sdyson uio->uio_iov++; 37231853Sdyson uio->uio_iovcnt--; 37331853Sdyson continue; 37431853Sdyson } 37531853Sdyson if (cnt > n) 37631853Sdyson cnt = n; 37731853Sdyson 37831853Sdyson switch (uio->uio_segflg) { 37931853Sdyson 38031853Sdyson case UIO_USERSPACE: 381218195Smdf maybe_yield(); 382138539Salc error = userspaceco(cp, cnt, uio, disposable); 38331853Sdyson if (error) 38431853Sdyson return (error); 38531853Sdyson break; 38631853Sdyson 38731853Sdyson case UIO_SYSSPACE: 38831853Sdyson if (uio->uio_rw == UIO_READ) 38998998Salfred bcopy(cp, iov->iov_base, cnt); 39031853Sdyson else 39198998Salfred bcopy(iov->iov_base, cp, cnt); 39231853Sdyson break; 39331853Sdyson case UIO_NOCOPY: 39431853Sdyson break; 39531853Sdyson } 396104908Smike iov->iov_base = (char *)iov->iov_base + cnt; 39731853Sdyson iov->iov_len -= cnt; 39831853Sdyson uio->uio_resid -= cnt; 39931853Sdyson uio->uio_offset += cnt; 400111739Sdes cp = (char *)cp + cnt; 40131853Sdyson n -= cnt; 40231853Sdyson } 40331853Sdyson return (0); 40431853Sdyson} 405111937Salc#endif /* ZERO_COPY_SOCKETS */ 40631853Sdyson 40796080Salc/* 4081541Srgrimes * Give next character to user as result of read. 4091541Srgrimes */ 4101549Srgrimesint 411111737Sdesureadc(int c, struct uio *uio) 4121541Srgrimes{ 413111737Sdes struct iovec *iov; 414111737Sdes char *iov_base; 4151541Srgrimes 416182399Sed WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 417182399Sed "Calling ureadc()"); 418182399Sed 4191541Srgrimesagain: 4201541Srgrimes if (uio->uio_iovcnt == 0 || uio->uio_resid == 0) 4211541Srgrimes panic("ureadc"); 4221541Srgrimes iov = uio->uio_iov; 4231541Srgrimes if (iov->iov_len == 0) { 4241541Srgrimes uio->uio_iovcnt--; 4251541Srgrimes uio->uio_iov++; 4261541Srgrimes goto again; 4271541Srgrimes } 4281541Srgrimes switch (uio->uio_segflg) { 4291541Srgrimes 4301541Srgrimes case UIO_USERSPACE: 4311541Srgrimes if (subyte(iov->iov_base, c) < 0) 4321541Srgrimes return (EFAULT); 4331541Srgrimes break; 4341541Srgrimes 4351541Srgrimes case UIO_SYSSPACE: 436104908Smike iov_base = iov->iov_base; 437104908Smike *iov_base = c; 438104908Smike iov->iov_base = iov_base; 4391541Srgrimes break; 4401541Srgrimes 4418177Sdg case UIO_NOCOPY: 4428177Sdg break; 4431541Srgrimes } 444104908Smike iov->iov_base = (char *)iov->iov_base + 1; 4451541Srgrimes iov->iov_len--; 4461541Srgrimes uio->uio_resid--; 4471541Srgrimes uio->uio_offset++; 4481541Srgrimes return (0); 4491541Srgrimes} 4501541Srgrimes 45172537Sjlemonint 452123852Salfredcopyinfrom(const void * __restrict src, void * __restrict dst, size_t len, 453123852Salfred int seg) 45472537Sjlemon{ 45572537Sjlemon int error = 0; 45672537Sjlemon 45772537Sjlemon switch (seg) { 45872537Sjlemon case UIO_USERSPACE: 45972537Sjlemon error = copyin(src, dst, len); 46072537Sjlemon break; 46172537Sjlemon case UIO_SYSSPACE: 46272537Sjlemon bcopy(src, dst, len); 46372537Sjlemon break; 46472537Sjlemon default: 46572537Sjlemon panic("copyinfrom: bad seg %d\n", seg); 46672537Sjlemon } 46772537Sjlemon return (error); 46872537Sjlemon} 46972537Sjlemon 47072537Sjlemonint 471123852Salfredcopyinstrfrom(const void * __restrict src, void * __restrict dst, size_t len, 472123852Salfred size_t * __restrict copied, int seg) 47372537Sjlemon{ 47472537Sjlemon int error = 0; 47572537Sjlemon 47672537Sjlemon switch (seg) { 47772537Sjlemon case UIO_USERSPACE: 47872537Sjlemon error = copyinstr(src, dst, len, copied); 47972537Sjlemon break; 48072537Sjlemon case UIO_SYSSPACE: 48172537Sjlemon error = copystr(src, dst, len, copied); 48272537Sjlemon break; 48372537Sjlemon default: 48472537Sjlemon panic("copyinstrfrom: bad seg %d\n", seg); 48572537Sjlemon } 48672537Sjlemon return (error); 48772537Sjlemon} 488125296Ssilby 489125296Ssilbyint 490131897Sphkcopyiniov(struct iovec *iovp, u_int iovcnt, struct iovec **iov, int error) 491125296Ssilby{ 492131897Sphk u_int iovlen; 493131897Sphk 494131897Sphk *iov = NULL; 495131897Sphk if (iovcnt > UIO_MAXIOV) 496131897Sphk return (error); 497131897Sphk iovlen = iovcnt * sizeof (struct iovec); 498131897Sphk *iov = malloc(iovlen, M_IOV, M_WAITOK); 499131897Sphk error = copyin(iovp, *iov, iovlen); 500131897Sphk if (error) { 501131897Sphk free(*iov, M_IOV); 502131897Sphk *iov = NULL; 503131897Sphk } 504131897Sphk return (error); 505131897Sphk} 506131897Sphk 507131897Sphkint 508131897Sphkcopyinuio(struct iovec *iovp, u_int iovcnt, struct uio **uiop) 509131897Sphk{ 510125420Ssilby struct iovec *iov; 511131897Sphk struct uio *uio; 512125296Ssilby u_int iovlen; 513125420Ssilby int error, i; 514125296Ssilby 515131897Sphk *uiop = NULL; 516131897Sphk if (iovcnt > UIO_MAXIOV) 517131897Sphk return (EINVAL); 518125420Ssilby iovlen = iovcnt * sizeof (struct iovec); 519131897Sphk uio = malloc(iovlen + sizeof *uio, M_IOV, M_WAITOK); 520131897Sphk iov = (struct iovec *)(uio + 1); 521131897Sphk error = copyin(iovp, iov, iovlen); 522131897Sphk if (error) { 523131897Sphk free(uio, M_IOV); 524131897Sphk return (error); 525125420Ssilby } 526125420Ssilby uio->uio_iov = iov; 527125420Ssilby uio->uio_iovcnt = iovcnt; 528125420Ssilby uio->uio_segflg = UIO_USERSPACE; 529125420Ssilby uio->uio_offset = -1; 530125420Ssilby uio->uio_resid = 0; 531125420Ssilby for (i = 0; i < iovcnt; i++) { 532233353Skib if (iov->iov_len > IOSIZE_MAX - uio->uio_resid) { 533131897Sphk free(uio, M_IOV); 534131897Sphk return (EINVAL); 535125420Ssilby } 536125420Ssilby uio->uio_resid += iov->iov_len; 537125420Ssilby iov++; 538125420Ssilby } 539131897Sphk *uiop = uio; 540131897Sphk return (0); 541131897Sphk} 542125296Ssilby 543131897Sphkstruct uio * 544131897Sphkcloneuio(struct uio *uiop) 545131897Sphk{ 546131897Sphk struct uio *uio; 547131897Sphk int iovlen; 548125296Ssilby 549131897Sphk iovlen = uiop->uio_iovcnt * sizeof (struct iovec); 550131897Sphk uio = malloc(iovlen + sizeof *uio, M_IOV, M_WAITOK); 551131897Sphk *uio = *uiop; 552131897Sphk uio->uio_iov = (struct iovec *)(uio + 1); 553131897Sphk bcopy(uiop->uio_iov, uio->uio_iov, iovlen); 554131897Sphk return (uio); 555125296Ssilby} 556220100Skib 557220100Skib/* 558220100Skib * Map some anonymous memory in user space of size sz, rounded up to the page 559220100Skib * boundary. 560220100Skib */ 561220100Skibint 562220100Skibcopyout_map(struct thread *td, vm_offset_t *addr, size_t sz) 563220100Skib{ 564220102Skib struct vmspace *vms; 565220100Skib int error; 566220100Skib vm_size_t size; 567220102Skib 568220102Skib vms = td->td_proc->p_vmspace; 569220102Skib 570220102Skib /* 571220100Skib * Map somewhere after heap in process memory. 572220100Skib */ 573220100Skib PROC_LOCK(td->td_proc); 574220102Skib *addr = round_page((vm_offset_t)vms->vm_daddr + 575220100Skib lim_max(td->td_proc, RLIMIT_DATA)); 576220100Skib PROC_UNLOCK(td->td_proc); 577220100Skib 578220100Skib /* round size up to page boundry */ 579220102Skib size = (vm_size_t)round_page(sz); 580220102Skib 581220102Skib error = vm_mmap(&vms->vm_map, addr, size, PROT_READ | PROT_WRITE, 582220100Skib VM_PROT_ALL, MAP_PRIVATE | MAP_ANON, OBJT_DEFAULT, NULL, 0); 583220102Skib 584220100Skib return (error); 585220100Skib} 586220100Skib 587220100Skib/* 588220100Skib * Unmap memory in user space. 589220100Skib */ 590220100Skibint 591220100Skibcopyout_unmap(struct thread *td, vm_offset_t addr, size_t sz) 592220100Skib{ 593220100Skib vm_map_t map; 594220100Skib vm_size_t size; 595220102Skib 596220101Skib if (sz == 0) 597220101Skib return (0); 598220101Skib 599220100Skib map = &td->td_proc->p_vmspace->vm_map; 600220102Skib size = (vm_size_t)round_page(sz); 601220100Skib 602220114Skib if (vm_map_remove(map, addr, addr + size) != KERN_SUCCESS) 603220100Skib return (EINVAL); 604220100Skib 605220100Skib return (0); 606220100Skib} 607