Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/kern/uipc_socket.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/kern/uipc_socket.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.186.2.1
retrieving revision 1.200.4.1
diff -u -p -r1.186.2.1 -r1.200.4.1
--- src/sys/kern/uipc_socket.c	2009/05/13 17:21:58	1.186.2.1
+++ src/sys/kern/uipc_socket.c	2011/03/05 20:55:24	1.200.4.1
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_socket.c,v 1.186.2.1 2009/05/13 17:21:58 jym Exp $	*/
+/*	$NetBSD: uipc_socket.c,v 1.200.4.1 2011/03/05 20:55:24 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.186.2.1 2009/05/13 17:21:58 jym Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.200.4.1 2011/03/05 20:55:24 rmind Exp $");
 
 #include "opt_compat_netbsd.h"
 #include "opt_sock_counters.h"
@@ -98,7 +98,9 @@ __KERNEL_RCSID(0, "$NetBSD: uipc_socket.
 #include <compat/sys/socket.h>
 #endif
 
-#include <uvm/uvm.h>
+#include <uvm/uvm_extern.h>
+#include <uvm/uvm_loan.h>
+#include <uvm/uvm_page.h>
 
 MALLOC_DEFINE(M_SOOPTS, "soopts", "socket options");
 MALLOC_DEFINE(M_SONAME, "soname", "socket name");
@@ -151,6 +153,8 @@ int somaxkva = SOMAXKVA;
 static int socurkva;
 static kcondvar_t socurkva_cv;
 
+static kauth_listener_t socket_listener;
+
 #define	SOCK_LOAN_CHUNK		65536
 
 static size_t sodopendfree(void);
@@ -384,7 +388,7 @@ sosend_loan(struct socket *so, struct ui
 
 	for (i = 0, va = lva; i < npgs; i++, va += PAGE_SIZE)
 		pmap_kenter_pa(va, VM_PAGE_TO_PHYS(m->m_ext.ext_pgs[i]),
-		    VM_PROT_READ);
+		    VM_PROT_READ, 0);
 	pmap_update(pmap_kernel());
 
 	lva += (vaddr_t) iov->iov_base & PAGE_MASK;
@@ -428,6 +432,62 @@ getsombuf(struct socket *so, int type)
 	return m;
 }
 
+static int
+socket_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	int result;
+	enum kauth_network_req req;
+
+	result = KAUTH_RESULT_DEFER;
+	req = (enum kauth_network_req)arg0;
+
+	if ((action != KAUTH_NETWORK_SOCKET) &&
+	    (action != KAUTH_NETWORK_BIND))
+		return result;
+
+	switch (req) {
+	case KAUTH_REQ_NETWORK_BIND_PORT:
+		result = KAUTH_RESULT_ALLOW;
+		break;
+
+	case KAUTH_REQ_NETWORK_SOCKET_DROP: {
+		/* Normal users can only drop their own connections. */
+		struct socket *so = (struct socket *)arg1;
+
+		if (proc_uidmatch(cred, so->so_cred))
+			result = KAUTH_RESULT_ALLOW;
+
+		break;
+		}
+
+	case KAUTH_REQ_NETWORK_SOCKET_OPEN:
+		/* We allow "raw" routing/bluetooth sockets to anyone. */
+		if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_OROUTE
+		    || (u_long)arg1 == PF_BLUETOOTH) {
+			result = KAUTH_RESULT_ALLOW;
+		} else {
+			/* Privileged, let secmodel handle this. */
+			if ((u_long)arg2 == SOCK_RAW)
+				break;
+		}
+
+		result = KAUTH_RESULT_ALLOW;
+
+		break;
+
+	case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
+		result = KAUTH_RESULT_ALLOW;
+
+		break;
+
+	default:
+		break;
+	}
+
+	return result;
+}
+
 void
 soinit(void)
 {
@@ -445,6 +505,9 @@ soinit(void)
 
 	callback_register(&vm_map_to_kernel(kernel_map)->vmk_reclaim_callback,
 	    &sokva_reclaimerentry, NULL, sokva_reclaim_callback);
+
+	socket_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
+	    socket_listener_cb, NULL);
 }
 
 /*
@@ -501,7 +564,6 @@ socreate(int dom, struct socket **aso, i
 #endif
 	uid = kauth_cred_geteuid(l->l_cred);
 	so->so_uidinfo = uid_find(uid);
-	so->so_egid = kauth_cred_getegid(l->l_cred);
 	so->so_cpid = l->l_proc->p_pid;
 	if (lockso != NULL) {
 		/* Caller wants us to share a lock. */
@@ -520,6 +582,7 @@ socreate(int dom, struct socket **aso, i
 		sofree(so);
 		return error;
 	}
+	so->so_cred = kauth_cred_dup(l->l_cred);
 	sounlock(so);
 	*aso = so;
 	return 0;
@@ -555,6 +618,19 @@ fsocreate(int domain, struct socket **so
 }
 
 int
+sofamily(const struct socket *so)
+{
+	const struct protosw *pr;
+	const struct domain *dom;
+
+	if ((pr = so->so_proto) == NULL)
+		return AF_UNSPEC;
+	if ((dom = pr->pr_domain) == NULL)
+		return AF_UNSPEC;
+	return dom->dom_family;
+}
+
+int
 sobind(struct socket *so, struct mbuf *nam, struct lwp *l)
 {
 	int	error;
@@ -696,6 +772,7 @@ soclose(struct socket *so)
  discard:
 	if (so->so_state & SS_NOFDREF)
 		panic("soclose: NOFDREF");
+	kauth_cred_free(so->so_cred);
 	so->so_state |= SS_NOFDREF;
 	sofree(so);
 	return (error);
@@ -828,6 +905,7 @@ sosend(struct socket *so, struct mbuf *a
 	struct proc	*p;
 	long		space, len, resid, clen, mlen;
 	int		error, s, dontroute, atomic;
+	short		wakeup_state = 0;
 
 	p = l->l_proc;
 	sodopendfree();
@@ -902,11 +980,17 @@ sosend(struct socket *so, struct mbuf *a
 				goto release;
 			}
 			sbunlock(&so->so_snd);
+			if (wakeup_state & SS_RESTARTSYS) {
+				error = ERESTART;
+				goto out;
+			}
 			error = sbwait(&so->so_snd);
 			if (error)
 				goto out;
+			wakeup_state = so->so_state;
 			goto restart;
 		}
+		wakeup_state = 0;
 		mp = &top;
 		space -= clen;
 		do {
@@ -941,7 +1025,7 @@ sosend(struct socket *so, struct mbuf *a
 				}
 				if (resid >= MINCLSIZE && space >= MCLBYTES) {
 					SOSEND_COUNTER_INCR(&sosend_copy_big);
-					m_clget(m, M_WAIT);
+					m_clget(m, M_DONTWAIT);
 					if ((m->m_flags & M_EXT) == 0)
 						goto nopages;
 					mlen = MCLBYTES;
@@ -1082,6 +1166,7 @@ soreceive(struct socket *so, struct mbuf
 	struct mbuf	*nextrecord;
 	int		mbuf_removed = 0;
 	const struct domain *dom;
+	short		wakeup_state = 0;
 
 	pr = so->so_proto;
 	atomic = pr->pr_flags & PR_ATOMIC;
@@ -1196,12 +1281,16 @@ soreceive(struct socket *so, struct mbuf
 		SBLASTRECORDCHK(&so->so_rcv, "soreceive sbwait 1");
 		SBLASTMBUFCHK(&so->so_rcv, "soreceive sbwait 1");
 		sbunlock(&so->so_rcv);
-		error = sbwait(&so->so_rcv);
+		if (wakeup_state & SS_RESTARTSYS)
+			error = ERESTART;
+		else
+			error = sbwait(&so->so_rcv);
 		if (error != 0) {
 			sounlock(so);
 			splx(s);
 			return error;
 		}
+		wakeup_state = so->so_state;
 		goto restart;
 	}
  dontblock:
@@ -1340,6 +1429,7 @@ soreceive(struct socket *so, struct mbuf
 			panic("receive 3");
 #endif
 		so->so_state &= ~SS_RCVATMARK;
+		wakeup_state = 0;
 		len = uio->uio_resid;
 		if (so->so_oobmark && len > so->so_oobmark - offset)
 			len = so->so_oobmark - offset;
@@ -1472,7 +1562,10 @@ soreceive(struct socket *so, struct mbuf
 				    NULL, (struct mbuf *)(long)flags, NULL, l);
 			SBLASTRECORDCHK(&so->so_rcv, "soreceive sbwait 2");
 			SBLASTMBUFCHK(&so->so_rcv, "soreceive sbwait 2");
-			error = sbwait(&so->so_rcv);
+			if (wakeup_state & SS_RESTARTSYS)
+				error = ERESTART;
+			else
+				error = sbwait(&so->so_rcv);
 			if (error != 0) {
 				sbunlock(&so->so_rcv);
 				sounlock(so);
@@ -1481,6 +1574,7 @@ soreceive(struct socket *so, struct mbuf
 			}
 			if ((m = so->so_rcv.sb_mb) != NULL)
 				nextrecord = m->m_nextpkt;
+			wakeup_state = so->so_state;
 		}
 	}
 
@@ -1547,18 +1641,23 @@ soshutdown(struct socket *so, int how)
 	return error;
 }
 
-int
-sodrain(struct socket *so)
+void
+sorestart(struct socket *so)
 {
-	int error;
-
+	/*
+	 * An application has called close() on an fd on which another
+	 * of its threads has called a socket system call.
+	 * Mark this and wake everyone up, and code that would block again
+	 * instead returns ERESTART.
+	 * On system call re-entry the fd is validated and EBADF returned.
+	 * Any other fd will block again on the 2nd syscall.
+	 */
 	solock(so);
-	so->so_state |= SS_ISDRAINING;
+	so->so_state |= SS_RESTARTSYS;
 	cv_broadcast(&so->so_cv);
-	error = soshutdown(so, SHUT_RDWR);
+	cv_broadcast(&so->so_snd.sb_cv);
+	cv_broadcast(&so->so_rcv.sb_cv);
 	sounlock(so);
-
-	return error;
 }
 
 void