Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/kern/uipc_socket.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/kern/uipc_socket.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.115.2.2
retrieving revision 1.122.6.2
diff -u -p -r1.115.2.2 -r1.122.6.2
--- src/sys/kern/uipc_socket.c	2005/12/31 11:21:51	1.115.2.2
+++ src/sys/kern/uipc_socket.c	2006/12/10 07:18:46	1.122.6.2
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_socket.c,v 1.115.2.2 2005/12/31 11:21:51 yamt Exp $	*/
+/*	$NetBSD: uipc_socket.c,v 1.122.6.2 2006/12/10 07:18:46 yamt Exp $	*/
 
 /*-
  * Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.115.2.2 2005/12/31 11:21:51 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.122.6.2 2006/12/10 07:18:46 yamt Exp $");
 
 #include "opt_sock_counters.h"
 #include "opt_sosend_loan.h"
@@ -91,6 +91,7 @@ __KERNEL_RCSID(0, "$NetBSD: uipc_socket.
 #include <sys/pool.h>
 #include <sys/event.h>
 #include <sys/poll.h>
+#include <sys/kauth.h>
 
 #include <uvm/uvm.h>
 
@@ -126,20 +127,12 @@ EVCNT_ATTACH_STATIC(sosend_kvalimit);
 
 #endif /* SOSEND_COUNTERS */
 
-void
-soinit(void)
-{
-
-	/* Set the initial adjusted socket buffer size. */
-	if (sb_max_set(sb_max))
-		panic("bad initial sb_max value: %lu", sb_max);
-
-}
+static struct callback_entry sokva_reclaimerentry;
 
 #ifdef SOSEND_NO_LOAN
-int use_sosend_loan = 0;
+int sock_loan_thresh = -1;
 #else
-int use_sosend_loan = 1;
+int sock_loan_thresh = 4096;
 #endif
 
 static struct simplelock so_pendfree_slock = SIMPLELOCK_INITIALIZER;
@@ -152,11 +145,10 @@ int somaxkva = SOMAXKVA;
 static int socurkva;
 static int sokvawaiters;
 
-#define	SOCK_LOAN_THRESH	4096
 #define	SOCK_LOAN_CHUNK		65536
 
-static size_t sodopendfree(struct socket *);
-static size_t sodopendfreel(struct socket *);
+static size_t sodopendfree(void);
+static size_t sodopendfreel(void);
 
 static vsize_t
 sokvareserve(struct socket *so, vsize_t len)
@@ -173,7 +165,7 @@ sokvareserve(struct socket *so, vsize_t 
 		 * try to do pendfree.
 		 */
 
-		freed = sodopendfreel(so);
+		freed = sodopendfreel();
 
 		/*
 		 * if some kva was freed, try again.
@@ -292,14 +284,14 @@ sodoloanfree(struct vm_page **pgs, caddr
 }
 
 static size_t
-sodopendfree(struct socket *so)
+sodopendfree()
 {
 	int s;
 	size_t rv;
 
 	s = splvm();
 	simple_lock(&so_pendfree_slock);
-	rv = sodopendfreel(so);
+	rv = sodopendfreel();
 	simple_unlock(&so_pendfree_slock);
 	splx(s);
 
@@ -315,7 +307,7 @@ sodopendfree(struct socket *so)
  */
 
 static size_t
-sodopendfreel(struct socket *so)
+sodopendfreel()
 {
 	size_t rv = 0;
 
@@ -390,7 +382,7 @@ sosend_loan(struct socket *so, struct ui
 	vaddr_t lva, va;
 	int npgs, i, error;
 
-	if (VMSPACE_IS_KERNEL(&uio->uio_vmspace->vm_map))
+	if (VMSPACE_IS_KERNEL_P(uio->uio_vmspace))
 		return (0);
 
 	if (iov->iov_len < (size_t) space)
@@ -439,6 +431,32 @@ sosend_loan(struct socket *so, struct ui
 	return (space);
 }
 
+static int
+sokva_reclaim_callback(struct callback_entry *ce, void *obj, void *arg)
+{
+
+	KASSERT(ce == &sokva_reclaimerentry);
+	KASSERT(obj == NULL);
+
+	sodopendfree();
+	if (!vm_map_starved_p(kernel_map)) {
+		return CALLBACK_CHAIN_ABORT;
+	}
+	return CALLBACK_CHAIN_CONTINUE;
+}
+
+void
+soinit(void)
+{
+
+	/* Set the initial adjusted socket buffer size. */
+	if (sb_max_set(sb_max))
+		panic("bad initial sb_max value: %lu", sb_max);
+
+	callback_register(&vm_map_to_kernel(kernel_map)->vmk_reclaim_callback,
+	    &sokva_reclaimerentry, NULL, sokva_reclaim_callback);
+}
+
 /*
  * Socket operation routines.
  * These routines are called by the routines in
@@ -455,11 +473,25 @@ socreate(int dom, struct socket **aso, i
 	uid_t		uid;
 	int		error, s;
 
+	if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
+	    KAUTH_REQ_NETWORK_SOCKET_OPEN, (void *)(u_long)dom,
+	    (void *)(u_long)type, (void *)(u_long)proto) != 0)
+		return (EPERM);
+
 	if (proto)
 		prp = pffindproto(dom, proto, type);
 	else
 		prp = pffindtype(dom, type);
-	if (prp == 0 || prp->pr_usrreq == 0)
+	if (prp == 0) {
+		/* no support for domain */
+		if (pffinddomain(dom) == 0)
+			return (EAFNOSUPPORT);
+		/* no support for socket type */
+		if (proto == 0 && type != 0)
+			return (EPROTOTYPE);
+		return (EPROTONOSUPPORT);
+	}
+	if (prp->pr_usrreq == 0)
 		return (EPROTONOSUPPORT);
 	if (prp->pr_type != type)
 		return (EPROTOTYPE);
@@ -478,7 +510,7 @@ socreate(int dom, struct socket **aso, i
 	so->so_mowner = &prp->pr_domain->dom_mowner;
 #endif
 	if (l != NULL) {
-		uid = l->l_proc->p_ucred->cr_uid;
+		uid = kauth_cred_geteuid(l->l_cred);
 	} else {
 		uid = 0;
 	}
@@ -705,7 +737,7 @@ sodisconnect(struct socket *so)
 	    (struct lwp *)0);
  bad:
 	splx(s);
-	sodopendfree(so);
+	sodopendfree();
 	return (error);
 }
 
@@ -737,7 +769,7 @@ sosend(struct socket *so, struct mbuf *a
 	int		error, s, dontroute, atomic;
 
 	p = l->l_proc;
-	sodopendfree(so);
+	sodopendfree();
 
 	clen = 0;
 	atomic = sosendallatonce(so) || top;
@@ -825,9 +857,9 @@ sosend(struct socket *so, struct mbuf *a
 					mlen = MLEN;
 				}
 				MCLAIM(m, so->so_snd.sb_mowner);
-				if (use_sosend_loan &&
-				    uio->uio_iov->iov_len >= SOCK_LOAN_THRESH &&
-				    space >= SOCK_LOAN_THRESH &&
+				if (sock_loan_thresh >= 0 &&
+				    uio->uio_iov->iov_len >= sock_loan_thresh &&
+				    space >= sock_loan_thresh &&
 				    (len = sosend_loan(so, uio, m,
 						       space)) != 0) {
 					SOSEND_COUNTER_INCR(&sosend_loan_big);
@@ -955,7 +987,7 @@ soreceive(struct socket *so, struct mbuf
 		flags = 0;
 
 	if ((flags & MSG_DONTWAIT) == 0)
-		sodopendfree(so);
+		sodopendfree();
 
 	if (flags & MSG_OOB) {
 		m = m_get(M_WAIT, MT_DATA);
@@ -1390,6 +1422,7 @@ sosetopt(struct socket *so, int level, i
 {
 	int		error;
 	struct mbuf	*m;
+	struct linger	*l;
 
 	error = 0;
 	m = m0;
@@ -1406,13 +1439,18 @@ sosetopt(struct socket *so, int level, i
 				error = EINVAL;
 				goto bad;
 			}
-			if (mtod(m, struct linger *)->l_linger < 0 ||
-			    mtod(m, struct linger *)->l_linger > (INT_MAX / hz)) {
+			l = mtod(m, struct linger *);
+			if (l->l_linger < 0 || l->l_linger > USHRT_MAX ||
+			    l->l_linger > (INT_MAX / hz)) {
 				error = EDOM;
 				goto bad;
 			}
-			so->so_linger = mtod(m, struct linger *)->l_linger;
-			/* fall thru... */
+			so->so_linger = l->l_linger;
+			if (l->l_onoff)
+				so->so_options |= SO_LINGER;
+			else
+				so->so_options &= ~SO_LINGER;
+			break;
 
 		case SO_DEBUG:
 		case SO_KEEPALIVE:
@@ -1552,7 +1590,7 @@ sogetopt(struct socket *so, int level, i
 		case SO_LINGER:
 			m->m_len = sizeof(struct linger);
 			mtod(m, struct linger *)->l_onoff =
-				so->so_options & SO_LINGER;
+			    (so->so_options & SO_LINGER) ? 1 : 0;
 			mtod(m, struct linger *)->l_linger = so->so_linger;
 			break;
 
@@ -1565,7 +1603,7 @@ sogetopt(struct socket *so, int level, i
 		case SO_BROADCAST:
 		case SO_OOBINLINE:
 		case SO_TIMESTAMP:
-			*mtod(m, int *) = so->so_options & optname;
+			*mtod(m, int *) = (so->so_options & optname) ? 1 : 0;
 			break;
 
 		case SO_TYPE: