 @@ -1,22 +1,22 @@
-/*	$NetBSD: uipc_usrreq.c,v 1.119.4.1 2009/02/16 03:31:13 snj Exp $	*/
+/*	$NetBSD: uipc_usrreq.c,v 1.119.4.2 2009/03/18 05:33:23 snj Exp $	*/
 /*-
- * Copyright (c) 1998, 2000, 2004, 2008 The NetBSD Foundation, Inc.
+ * Copyright (c) 1998, 2000, 2004, 2008, 2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
- * NASA Ames Research Center.
+ * NASA Ames Research Center, and by Andrew Doran.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 @@ -86,47 +86,49 @@
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)uipc_usrreq.c	8.9 (Berkeley) 5/14/95
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.119.4.1 2009/02/16 03:31:13 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.119.4.2 2009/03/18 05:33:23 snj Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/proc.h>
 #include <sys/filedesc.h>
 #include <sys/domain.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/unpcb.h>
 #include <sys/un.h>
 #include <sys/namei.h>
 #include <sys/vnode.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <sys/mbuf.h>
 #include <sys/kauth.h>
 #include <sys/kmem.h>
 #include <sys/atomic.h>
 #include <sys/uidinfo.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
 /*
  * Unix communications domain.
+ *
  * TODO:
  *	SEQPACKET, RDM
  *	rethink name space problems
  *	need a proper out-of-band
+ *
  * Notes on locking:
+ *
  * The generic rules noted in uipc_socket2.c apply.  In addition:
+ *
 @@ -159,36 +161,54 @@ __KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.
  *   independent lock because of visibility / garbage collection issues:
  *   if a socket has been associated with a lock at any point, that lock
  *   must remain valid until the socket is no longer visible in the system.
  *   The lock must not be freed or otherwise destroyed until any sockets
  *   that had referenced it have also been destroyed.
  */
 const struct sockaddr_un sun_noname = {
 	.sun_len = sizeof(sun_noname),
 	.sun_family = AF_LOCAL,
 };
 ino_t	unp_ino;			/* prototype for fake inode numbers */
 struct mbuf *unp_addsockcred(struct lwp *, struct mbuf *);
 static void unp_mark(file_t *);
 static void unp_scan(struct mbuf *, void (*)(file_t *), int);
 static void unp_discard_now(file_t *);
 static void unp_discard_later(file_t *);
 static void unp_thread(void *);
 static void unp_thread_kick(void);
 static kmutex_t *uipc_lock;
 static kcondvar_t unp_thread_cv;
 static lwp_t *unp_thread_lwp;
 static SLIST_HEAD(,file) unp_thread_discard;
 static int unp_defer;
 /*
  * Initialize Unix protocols.
  */
 void
 uipc_init(void)
+{
 	int error;
 	uipc_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
 	cv_init(&unp_thread_cv, "unpgc");
 	error = kthread_create(PRI_NONE, KTHREAD_MPSAFE, NULL, unp_thread,
 	    NULL, &unp_thread_lwp, "unpgc");
 	if (error != 0)
 		panic("uipc_init %d", error);
+}
 /*
  * A connection succeeded: disassociate both endpoints from the head's
  * lock, and make them share their own lock.  There is a race here: for
  * a very brief time one endpoint will be locked by a different lock
  * than the other end.  However, since the current thread holds the old
  * lock (the listening socket's lock, the head) access can still only be
  * made to one side of the connection.
  */
 static void
 unp_setpeerlocks(struct socket *so, struct socket *so2)
+{
 @@ -280,31 +300,29 @@ unp_output(struct mbuf *m, struct mbuf *
 	so2 = unp->unp_conn->unp_socket;
 	KASSERT(solocked(so2));
 	if (unp->unp_addr)
 		sun = unp->unp_addr;
 	else
 		sun = &sun_noname;
 	if (unp->unp_conn->unp_flags & UNP_WANTCRED)
 		control = unp_addsockcred(l, control);
 	if (sbappendaddr(&so2->so_rcv, (const struct sockaddr *)sun, m,
 	    control) == 0) {
 		so2->so_rcv.sb_overflowed++;
 	    	sounlock(so2);
 		unp_dispose(control);
 		m_freem(control);
 		m_freem(m);
 	    	solock(so2);
 		return (ENOBUFS);
 	} else {
 		sorwakeup(so2);
 		return (0);
+	}
+}
 void
 unp_setaddr(struct socket *so, struct mbuf *nam, bool peeraddr)
+{
 	const struct sockaddr_un *sun;
 	struct unpcb *unp;
 	bool ext;
 @@ -508,31 +526,29 @@ uipc_usrreq(struct socket *so, int req,
 					 * dropped until we have sent
 					 * the message and disconnected.
 					 * This is necessary to prevent
 					 * intervening control ops, like
 					 * another connection.
 					 */
 					error = unp_connect(so, nam, l);
+				}
 			} else {
 				if ((so->so_state & SS_ISCONNECTED) == 0)
 					error = ENOTCONN;
+			}
 			if (error) {
 				sounlock(so);
 				unp_dispose(control);
 				m_freem(control);
 				m_freem(m);
 				solock(so);
 				break;
+			}
 			KASSERT(p != NULL);
 			error = unp_output(m, control, unp, l);
 			if (nam)
 				unp_disconnect(unp);
 			break;
+		}
 		case SOCK_STREAM:
 #define	rcv (&so2->so_rcv)
 #define	snd (&so->so_snd)
 			if (unp->unp_conn == NULL) {
 @@ -561,30 +577,28 @@ uipc_usrreq(struct socket *so, int req,
 				sbappend(rcv, m);
 			snd->sb_mbmax -=
 			    rcv->sb_mbcnt - unp->unp_conn->unp_mbcnt;
 			unp->unp_conn->unp_mbcnt = rcv->sb_mbcnt;
 			newhiwat = snd->sb_hiwat -
 			    (rcv->sb_cc - unp->unp_conn->unp_cc);
 			(void)chgsbsize(so->so_uidinfo,
 			    &snd->sb_hiwat, newhiwat, RLIM_INFINITY);
 			unp->unp_conn->unp_cc = rcv->sb_cc;
 			sorwakeup(so2);
 #undef snd
 #undef rcv
 			if (control != NULL) {
 				sounlock(so);
 				unp_dispose(control);
 				m_freem(control);
 				solock(so);
+			}
 			break;
 		default:
 			panic("uipc 4");
+		}
 		break;
 	case PRU_ABORT:
 		(void)unp_drop(unp, ECONNABORTED);
 		KASSERT(so->so_head == NULL);
 #ifdef DIAGNOSTIC
 @@ -714,27 +728,28 @@ uipc_ctloutput(int op, struct socket *so
  * Both send and receive buffers are allocated PIPSIZ bytes of buffering
  * for stream sockets, although the total for sender and receiver is
  * actually only PIPSIZ.
  * Datagram sockets really use the sendspace as the maximum datagram size,
  * and don't really want to reserve the sendspace.  Their recvspace should
  * be large enough for at least one max-size datagram plus address.
  */
 #define	PIPSIZ	4096
 u_long	unpst_sendspace = PIPSIZ;
 u_long	unpst_recvspace = PIPSIZ;
 u_long	unpdg_sendspace = 2*1024;	/* really max datagram size */
 u_long	unpdg_recvspace = 4*1024;
-u_int	unp_rights;			/* file descriptors in flight */
+u_int	unp_rights;			/* files in flight */
 u_int	unp_rights_ratio = 2;		/* limit, fraction of maxfiles */
 int
 unp_attach(struct socket *so)
+{
 	struct unpcb *unp;
 	int error;
 	switch (so->so_type) {
 	case SOCK_STREAM:
 		if (so->so_lock == NULL) {
 			/*
 			 * XXX Assuming that no socket locks are held,
 			 * as this call may sleep.
 @@ -798,37 +813,34 @@ unp_detach(struct unpcb *unp)
 	if (unp->unp_conn)
 		unp_disconnect(unp);
 	while (unp->unp_refs) {
 		KASSERT(solocked2(so, unp->unp_refs->unp_socket));
 		if (unp_drop(unp->unp_refs, ECONNRESET)) {
 			solock(so);
 			goto retry;
+		}
+	}
 	soisdisconnected(so);
 	so->so_pcb = NULL;
 	if (unp_rights) {
 		/*
-		 * Normally the receive buffer is flushed later,
+		 * Normally the receive buffer is flushed later, in sofree,
-		 * in sofree, but if our receive buffer holds references
+		 * but if our receive buffer holds references to files that
-		 * to descriptors that are now garbage, we will dispose
+		 * are now garbage, we will enqueue those file references to
-		 * of those descriptor references after the garbage collector
+		 * the garbage collector and kick it into action.
 		 * gets them (resulting in a "panic: closef: count < 0").
 		 */
 		sorflush(so);
 		unp_free(unp);
-		sounlock(so);
+		unp_thread_kick();
 		unp_gc();
 		solock(so);
 	} else
 		unp_free(unp);
+}
 int
 unp_bind(struct socket *so, struct mbuf *nam, struct lwp *l)
+{
 	struct sockaddr_un *sun;
 	struct unpcb *unp;
 	vnode_t *vp;
 	struct vattr vattr;
 	size_t addrlen;
 	int error;
 @@ -1155,66 +1167,62 @@ unp_externalize(struct mbuf *rights, str
 	struct proc *p = l->l_proc;
 	int i, *fdp;
 	file_t **rp;
 	file_t *fp;
 	int nfds, error = 0;
 	nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) /
 	    sizeof(file_t *);
 	rp = (file_t **)CMSG_DATA(cm);
 	fdp = malloc(nfds * sizeof(int), M_TEMP, M_WAITOK);
 	rw_enter(&p->p_cwdi->cwdi_lock, RW_READER);
-	/* Make sure the recipient should be able to see the descriptors.. */
+	/* Make sure the recipient should be able to see the files.. */
 	if (p->p_cwdi->cwdi_rdir != NULL) {
 		rp = (file_t **)CMSG_DATA(cm);
 		for (i = 0; i < nfds; i++) {
 			fp = *rp++;
 			/*
 			 * If we are in a chroot'ed directory, and
 			 * someone wants to pass us a directory, make
 			 * sure it's inside the subtree we're allowed
 			 * to access.
 			 */
 			if (fp->f_type == DTYPE_VNODE) {
 				vnode_t *vp = (vnode_t *)fp->f_data;
 				if ((vp->v_type == VDIR) &&
 				    !vn_isunder(vp, p->p_cwdi->cwdi_rdir, l)) {
 					error = EPERM;
 					break;
+				}
+			}
+		}
+	}
  restart:
 	rp = (file_t **)CMSG_DATA(cm);
 	if (error != 0) {
 		for (i = 0; i < nfds; i++) {
 			fp = *rp;
 			/*
 			 * zero the pointer before calling unp_discard,
 			 * since it may end up in unp_gc()..
 			 */
 			*rp++ = 0;
-			unp_discard(fp);
+			unp_discard_now(fp);
+		}
 		goto out;
+	}
 	/*
 	 * First loop -- allocate file descriptor table slots for the
-	 * new descriptors.
+	 * new files.
 	 */
 	for (i = 0; i < nfds; i++) {
 		fp = *rp++;
 		if ((error = fd_alloc(p, 0, &fdp[i])) != 0) {
 			/*
 			 * Back out what we've done so far.
 			 */
 			for (--i; i >= 0; i--) {
 				fd_abort(p, NULL, fdp[i]);
+			}
 			if (error == ENOSPC) {
 				fd_tryexpand(p);
 				error = 0;
 @@ -1222,27 +1230,27 @@ unp_externalize(struct mbuf *rights, str
 				/*
 				 * This is the error that has historically
 				 * been returned, and some callers may
 				 * expect it.
 				 */
 				error = EMSGSIZE;
+			}
 			goto restart;
+		}
+	}
 	/*
 	 * Now that adding them has succeeded, update all of the
-	 * descriptor passing state.
+	 * file passing state and affix the descriptors.
 	 */
 	rp = (file_t **)CMSG_DATA(cm);
 	for (i = 0; i < nfds; i++) {
 		fp = *rp++;
 		atomic_dec_uint(&unp_rights);
 		fd_affix(p, fp, fdp[i]);
 		mutex_enter(&fp->f_lock);
 		fp->f_msgcount--;
 		mutex_exit(&fp->f_lock);
 		/*
 		 * Note that fd_affix() adds a reference to the file.
 		 * The file may already have been closed by another
 		 * LWP in the process, so we must drop the reference
 @@ -1257,52 +1265,61 @@ unp_externalize(struct mbuf *rights, str
 	 */
 	memcpy(CMSG_DATA(cm), fdp, nfds * sizeof(int));
 	cm->cmsg_len = CMSG_LEN(nfds * sizeof(int));
 	rights->m_len = CMSG_SPACE(nfds * sizeof(int));
  out:
 	rw_exit(&p->p_cwdi->cwdi_lock);
 	free(fdp, M_TEMP);
 	return (error);
+}
 int
 unp_internalize(struct mbuf **controlp)
+{
-	struct filedesc *fdescp = curlwp->l_fd;
+	filedesc_t *fdescp = curlwp->l_fd;
 	struct mbuf *control = *controlp;
 	struct cmsghdr *newcm, *cm = mtod(control, struct cmsghdr *);
 	file_t **rp, **files;
 	file_t *fp;
 	int i, fd, *fdp;
 	int nfds, error;
 	u_int maxmsg;
 	error = 0;
 	newcm = NULL;
 	/* Sanity check the control message header. */
 	if (cm->cmsg_type != SCM_RIGHTS || cm->cmsg_level != SOL_SOCKET ||
 	    cm->cmsg_len > control->m_len ||
 	    cm->cmsg_len < CMSG_ALIGN(sizeof(*cm)))
 		return (EINVAL);
 	/*
 	 * Verify that the file descriptors are valid, and acquire
 	 * a reference to each.
 	 */
 	nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof(int);
 	fdp = (int *)CMSG_DATA(cm);
 	maxmsg = maxfiles / unp_rights_ratio;
 	for (i = 0; i < nfds; i++) {
 		fd = *fdp++;
 		if (atomic_inc_uint_nv(&unp_rights) > maxmsg) {
 			atomic_dec_uint(&unp_rights);
 			nfds = i;
 			error = EAGAIN;
 			goto out;
+		}
 		if ((fp = fd_getfile(fd)) == NULL) {
 			atomic_dec_uint(&unp_rights);
 			nfds = i;
 			error = EBADF;
 			goto out;
+		}
+	}
 	/* Allocate new space and copy header into it. */
 	newcm = malloc(CMSG_SPACE(nfds * sizeof(file_t *)), M_MBUF, M_WAITOK);
 	if (newcm == NULL) {
 		error = E2BIG;
 		goto out;
+	}
 	memcpy(newcm, cm, sizeof(struct cmsghdr));
 @@ -1314,34 +1331,36 @@ unp_internalize(struct mbuf **controlp)
 	 * int won't get until we're done.  No need to lock, as we have
 	 * already validated the descriptors with fd_getfile().
 	 */
 	fdp = (int *)CMSG_DATA(cm) + nfds;
 	rp = files + nfds;
 	for (i = 0; i < nfds; i++) {
 		fp = fdescp->fd_ofiles[*--fdp]->ff_file;
 		KASSERT(fp != NULL);
 		mutex_enter(&fp->f_lock);
 		*--rp = fp;
 		fp->f_count++;
 		fp->f_msgcount++;
 		mutex_exit(&fp->f_lock);
 		atomic_inc_uint(&unp_rights);
+	}
  out:
  	/* Release descriptor references. */
 	fdp = (int *)CMSG_DATA(cm);
 	for (i = 0; i < nfds; i++) {
 		fd_putfile(*fdp++);
 		if (error != 0) {
 			atomic_dec_uint(&unp_rights);
+		}
+	}
 	if (error == 0) {
 		if (control->m_flags & M_EXT) {
 			m_freem(control);
 			*controlp = control = m_get(M_WAIT, MT_CONTROL);
+		}
 		MEXTADD(control, newcm, CMSG_SPACE(nfds * sizeof(file_t *)),
 		    M_MBUF, NULL, NULL);
 		cm = newcm;
 		/*
 		 * Adjust message & mbuf to note amount of space
 		 * actually used.
 @@ -1394,297 +1413,340 @@ unp_addsockcred(struct lwp *l, struct mb
 	/*
 	 * If a control message already exists, append us to the end.
 	 */
 	if (control != NULL) {
 		for (n = control; n->m_next != NULL; n = n->m_next)
+			;
 		n->m_next = m;
 	} else
 		control = m;
 	return (control);
+}
 int	unp_defer, unp_gcing;
 extern	struct domain unixdomain;
 /*
- * Comment added long after the fact explaining what's going on here.
+ * Do a mark-sweep GC of files in the system, to free up any which are
- * Do a mark-sweep GC of file descriptors on the system, to free up
+ * caught in flight to an about-to-be-closed socket.  Additionally,
- * any which are caught in flight to an about-to-be-closed socket.
+ * process deferred file closures.
  * Traditional mark-sweep gc's start at the "root", and mark
  * everything reachable from the root (which, in our case would be the
  * process table).  The mark bits are cleared during the sweep.
  * XXX For some inexplicable reason (perhaps because the file
  * descriptor tables used to live in the u area which could be swapped
  * out and thus hard to reach), we do multiple scans over the set of
  * descriptors, using use *two* mark bits per object (DEFER and MARK).
  * Whenever we find a descriptor which references other descriptors,
  * the ones it references are marked with both bits, and we iterate
  * over the whole file table until there are no more DEFER bits set.
  * We also make an extra pass *before* the GC to clear the mark bits,
  * which could have been cleared at almost no cost during the previous
  * sweep.
  */
-void
+static void
-unp_gc(void)
+unp_gc(file_t *dp)
+{
-	file_t *fp, *nextfp;
+	extern	struct domain unixdomain;
 	file_t *fp, *np;
 	struct socket *so, *so1;
-	file_t **extra_ref, **fpp;
+	u_int i, old, new;
-	int nunref, nslots, i;
+	bool didwork;
-	if (atomic_swap_uint(&unp_gcing, 1) == 1)
+	KASSERT(curlwp == unp_thread_lwp);
-		return;
+	KASSERT(mutex_owned(&filelist_lock));
- restart:
+	/*
- 	nslots = nfiles * 2;
+	 * First, process deferred file closures.
- 	extra_ref = kmem_alloc(nslots * sizeof(file_t *), KM_SLEEP);
+	 */
 	while (!SLIST_EMPTY(&unp_thread_discard)) {
 		fp = SLIST_FIRST(&unp_thread_discard);
 		KASSERT(fp->f_unpcount > 0);
 		KASSERT(fp->f_count > 0);
 		KASSERT(fp->f_msgcount > 0);
 		KASSERT(fp->f_count >= fp->f_unpcount);
 		KASSERT(fp->f_count >= fp->f_msgcount);
 		KASSERT(fp->f_msgcount >= fp->f_unpcount);
 		SLIST_REMOVE_HEAD(&unp_thread_discard, f_unplist);
 		i = fp->f_unpcount;
 		fp->f_unpcount = 0;
 		mutex_exit(&filelist_lock);
 		for (; i != 0; i--) {
 			unp_discard_now(fp);
+		}
 		mutex_enter(&filelist_lock);
+	}
-	mutex_enter(&filelist_lock);
+	/*
 	 * Clear mark bits.  Ensure that we don't consider new files
 	 * entering the file table during this loop (they will not have
 	 * FSCAN set).
 	 */
 	unp_defer = 0;
 	/* Clear mark bits */
 	LIST_FOREACH(fp, &filehead, f_list) {
-		atomic_and_uint(&fp->f_flag, ~(FMARK|FDEFER));
+		for (old = fp->f_flag;; old = new) {
 			new = atomic_cas_uint(&fp->f_flag, old,
 			    (old | FSCAN) & ~(FMARK|FDEFER));
 			if (__predict_true(old == new)) {
 				break;
+			}
+		}
+	}
 	/*
-	 * Iterate over the set of descriptors, marking ones believed
+	 * Iterate over the set of sockets, marking ones believed (based on
-	 * (based on refcount) to be referenced from a process, and
+	 * refcount) to be referenced from a process, and marking for rescan
-	 * marking for rescan descriptors which are queued on a socket.
+	 * sockets which are queued on a socket.  Recan continues descending
 	 * and searching for sockets referenced by sockets (FDEFER), until
 	 * there are no more socket->socket references to be discovered.
 	 */
 	do {
-		LIST_FOREACH(fp, &filehead, f_list) {
+		didwork = false;
 		for (fp = LIST_FIRST(&filehead); fp != NULL; fp = np) {
 			KASSERT(mutex_owned(&filelist_lock));
 			np = LIST_NEXT(fp, f_list);
 			mutex_enter(&fp->f_lock);
-			if (fp->f_flag & FDEFER) {
+			if ((fp->f_flag & FDEFER) != 0) {
 				atomic_and_uint(&fp->f_flag, ~FDEFER);
 				unp_defer--;
 				KASSERT(fp->f_count != 0);
 			} else {
 				if (fp->f_count == 0 ||
-				    (fp->f_flag & FMARK) ||
+				    (fp->f_flag & FMARK) != 0 ||
-				    fp->f_count == fp->f_msgcount) {
+				    fp->f_count == fp->f_msgcount ||
 				    fp->f_unpcount != 0) {
 					mutex_exit(&fp->f_lock);
 					continue;
+				}
+			}
 			atomic_or_uint(&fp->f_flag, FMARK);
 			if (fp->f_type != DTYPE_SOCKET ||
 			    (so = fp->f_data) == NULL ||
 			    so->so_proto->pr_domain != &unixdomain ||
-			    (so->so_proto->pr_flags&PR_RIGHTS) == 0) {
+			    (so->so_proto->pr_flags & PR_RIGHTS) == 0) {
 				mutex_exit(&fp->f_lock);
 				continue;
+			}
 #ifdef notdef
-			if (so->so_rcv.sb_flags & SB_LOCK) {
+			/* Gain file ref, mark our position, and unlock. */
-				mutex_exit(&fp->f_lock);
+			didwork = true;
-				mutex_exit(&filelist_lock);
+			LIST_INSERT_AFTER(fp, dp, f_list);
-				kmem_free(extra_ref, nslots * sizeof(file_t *));
+			fp->f_count++;
 				/*
 				 * This is problematical; it's not clear
 				 * we need to wait for the sockbuf to be
 				 * unlocked (on a uniprocessor, at least),
 				 * and it's also not clear what to do
 				 * if sbwait returns an error due to receipt
 				 * of a signal.  If sbwait does return
 				 * an error, we'll go into an infinite
 				 * loop.  Delete all of this for now.
 				 */
 				(void) sbwait(&so->so_rcv);
 				goto restart;
 #endif
 			mutex_exit(&fp->f_lock);
 			mutex_exit(&filelist_lock);
 			/*
-			 * XXX Locking a socket with filelist_lock held
+			 * Mark files referenced from sockets queued on the
-			 * is ugly.  filelist_lock can be taken by the
+			 * accept queue as well.
 			 * pagedaemon when reclaiming items from file_cache.
 			 * Socket activity could delay the pagedaemon.
 			 */
 			solock(so);
 			unp_scan(so->so_rcv.sb_mb, unp_mark, 0);
-			/*
+			if ((so->so_options & SO_ACCEPTCONN) != 0) {
 			 * Mark descriptors referenced from sockets queued
 			 * on the accept queue as well.
 			 */
 			if (so->so_options & SO_ACCEPTCONN) {
 				TAILQ_FOREACH(so1, &so->so_q0, so_qe) {
 					unp_scan(so1->so_rcv.sb_mb, unp_mark, 0);
+				}
 				TAILQ_FOREACH(so1, &so->so_q, so_qe) {
 					unp_scan(so1->so_rcv.sb_mb, unp_mark, 0);
+				}
+			}
 			sounlock(so);
 			/* Re-lock and restart from where we left off. */
 			closef(fp);
 			mutex_enter(&filelist_lock);
 			np = LIST_NEXT(dp, f_list);
 			LIST_REMOVE(dp, f_list);
+		}
-	} while (unp_defer);
+		/*
 		 * Bail early if we did nothing in the loop above.  Could
 		 * happen because of concurrent activity causing unp_defer
 		 * to get out of sync.
 		 */
 	} while (unp_defer != 0 && didwork);
 	/*
-	 * Sweep pass.  Find unmarked descriptors, and free them.
+	 * Sweep pass.
 	 * We grab an extra reference to each of the file table entries
 	 * that are not otherwise accessible and then free the rights
 	 * that are stored in messages on them.
 	 * The bug in the original code is a little tricky, so I'll describe
 	 * what's wrong with it here.
 	 * It is incorrect to simply unp_discard each entry for f_msgcount
 	 * times -- consider the case of sockets A and B that contain
 	 * references to each other.  On a last close of some other socket,
 	 * we trigger a gc since the number of outstanding rights (unp_rights)
 	 * is non-zero.  If during the sweep phase the gc code un_discards,
 	 * we end up doing a (full) closef on the descriptor.  A closef on A
 	 * results in the following chain.  Closef calls soo_close, which
 	 * calls soclose.   Soclose calls first (through the switch
 	 * uipc_usrreq) unp_detach, which re-invokes unp_gc.  Unp_gc simply
 	 * returns because the previous instance had set unp_gcing, and
 	 * we return all the way back to soclose, which marks the socket
 	 * with SS_NOFDREF, and then calls sofree.  Sofree calls sorflush
 	 * to free up the rights that are queued in messages on the socket A,
 	 * i.e., the reference on B.  The sorflush calls via the dom_dispose
 	 * switch unp_dispose, which unp_scans with unp_discard.  This second
 	 * instance of unp_discard just calls closef on B.
+	 *
-	 * Well, a similar chain occurs on B, resulting in a sorflush on B,
+	 * We grab an extra reference to each of the files that are
-	 * which results in another closef on A.  Unfortunately, A is already
+	 * not otherwise accessible and then free the rights that are
-	 * being closed, and the descriptor has already been marked with
+	 * stored in messages on them.
 	 * SS_NOFDREF, and soclose panics at this point.
 	 * Here, we first take an extra reference to each inaccessible
 	 * descriptor.  Then, if the inaccessible descriptor is a
 	 * socket, we call sorflush in case it is a Unix domain
 	 * socket.  After we destroy all the rights carried in
 	 * messages, we do a last closef to get rid of our extra
 	 * reference.  This is the last close, and the unp_detach etc
 	 * will shut down the socket.
 	 * 91/09/19, bsy@cs.cmu.edu
 	 */
-	if (nslots < nfiles) {
+	for (fp = LIST_FIRST(&filehead); fp != NULL; fp = np) {
-		mutex_exit(&filelist_lock);
+		KASSERT(mutex_owned(&filelist_lock));
-		kmem_free(extra_ref, nslots * sizeof(file_t *));
+		np = LIST_NEXT(fp, f_list);
 		goto restart;
 	for (nunref = 0, fp = LIST_FIRST(&filehead), fpp = extra_ref; fp != 0;
 	    fp = nextfp) {
 		nextfp = LIST_NEXT(fp, f_list);
 		mutex_enter(&fp->f_lock);
 		if (fp->f_count != 0 &&
-		    fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) {
+		/*
-			*fpp++ = fp;
+		 * Ignore non-sockets.
-			nunref++;
+		 * Ignore dead sockets, or sockets with pending close.
-			fp->f_count++;
+		 * Ignore sockets obviously referenced elsewhere.
 		 * Ignore sockets marked as referenced by our scan.
 		 * Ignore new sockets that did not exist during the scan.
 		 */
 		if (fp->f_type != DTYPE_SOCKET ||
 		    fp->f_count == 0 || fp->f_unpcount != 0 ||
 		    fp->f_count != fp->f_msgcount ||
 		    (fp->f_flag & (FMARK | FSCAN)) != FSCAN) {
 			mutex_exit(&fp->f_lock);
 			continue;
+		}
 		/* Gain file ref, mark our position, and unlock. */
 		LIST_INSERT_AFTER(fp, dp, f_list);
 		fp->f_count++;
 		mutex_exit(&fp->f_lock);
 		mutex_exit(&filelist_lock);
 		/*
 		 * Flush all data from the socket's receive buffer.
 		 * This will cause files referenced only by the
 		 * socket to be queued for close.
 		 */
 		so = fp->f_data;
 		solock(so);
 		sorflush(so);
 		sounlock(so);
 		/* Re-lock and restart from where we left off. */
 		closef(fp);
 		mutex_enter(&filelist_lock);
 		np = LIST_NEXT(dp, f_list);
 		LIST_REMOVE(dp, f_list);
+	}
 	mutex_exit(&filelist_lock);
-	for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) {
+/*
-		fp = *fpp;
+ * Garbage collector thread.  While SCM_RIGHTS messages are in transit,
-		if (fp->f_type == DTYPE_SOCKET) {
+ * wake once per second to garbage collect.  Run continually while we
-			so = fp->f_data;
+ * have deferred closes to process.
-			solock(so);
+ */
-			sorflush(fp->f_data);
+static void
-			sounlock(so);
+unp_thread(void *cookie)
+{
 	file_t *dp;
 	/* Allocate a dummy file for our scans. */
 	if ((dp = fgetdummy()) == NULL) {
 		panic("unp_thread");
+	}
 	mutex_enter(&filelist_lock);
 	for (;;) {
 		KASSERT(mutex_owned(&filelist_lock));
 		if (SLIST_EMPTY(&unp_thread_discard)) {
 			if (unp_rights != 0) {
 				(void)cv_timedwait(&unp_thread_cv,
 				    &filelist_lock, hz);
 			} else {
 				cv_wait(&unp_thread_cv, &filelist_lock);
+			}
+		}
 		unp_gc(dp);
+	}
-	for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) {
+	/* NOTREACHED */
 		closef(*fpp);
 /*
  * Kick the garbage collector into action if there is something for
  * it to process.
  */
 static void
 unp_thread_kick(void)
+{
 	if (!SLIST_EMPTY(&unp_thread_discard) || unp_rights != 0) {
 		mutex_enter(&filelist_lock);
 		cv_signal(&unp_thread_cv);
 		mutex_exit(&filelist_lock);
+	}
 	kmem_free(extra_ref, nslots * sizeof(file_t *));
 	atomic_swap_uint(&unp_gcing, 0);
+}
 void
 unp_dispose(struct mbuf *m)
+{
 	if (m)
-		unp_scan(m, unp_discard, 1);
+		unp_scan(m, unp_discard_later, 1);
+}
 void
 unp_scan(struct mbuf *m0, void (*op)(file_t *), int discard)
+{
 	struct mbuf *m;
-	file_t **rp;
+	file_t **rp, *fp;
 	struct cmsghdr *cm;
-	int i;
+	int i, qfds;
 	int qfds;
 	while (m0) {
 		for (m = m0; m; m = m->m_next) {
-			if (m->m_type == MT_CONTROL &&
+			if (m->m_type != MT_CONTROL ||
-			    m->m_len >= sizeof(*cm)) {
+			    m->m_len < sizeof(*cm)) {
-				cm = mtod(m, struct cmsghdr *);
+			    	continue;
 				if (cm->cmsg_level != SOL_SOCKET ||
-				    cm->cmsg_type != SCM_RIGHTS)
+			cm = mtod(m, struct cmsghdr *);
-					continue;
+			if (cm->cmsg_level != SOL_SOCKET ||
-				qfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm)))
+			    cm->cmsg_type != SCM_RIGHTS)
-				    / sizeof(file_t *);
+				continue;
-				rp = (file_t **)CMSG_DATA(cm);
+			qfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm)))
-				for (i = 0; i < qfds; i++) {
+			    / sizeof(file_t *);
-					file_t *fp = *rp;
+			rp = (file_t **)CMSG_DATA(cm);
-					if (discard)
+			for (i = 0; i < qfds; i++) {
-						*rp = 0;
+				fp = *rp;
-					(*op)(fp);
+				if (discard) {
-					rp++;
+					*rp = 0;
+				}
-				break;		/* XXX, but saves time */
+				(*op)(fp);
 				rp++;
+			}
+		}
 		m0 = m0->m_nextpkt;
+	}
+}
 void
 unp_mark(file_t *fp)
+{
 	if (fp == NULL)
 		return;
 	/* If we're already deferred, don't screw up the defer count */
 	mutex_enter(&fp->f_lock);
 	if (fp->f_flag & (FMARK | FDEFER)) {
 		mutex_exit(&fp->f_lock);
 		return;
+	}
 	/*
-	 * Minimize the number of deferrals...  Sockets are the only
+	 * Minimize the number of deferrals...  Sockets are the only type of
-	 * type of descriptor which can hold references to another
+	 * file which can hold references to another file, so just mark
-	 * descriptor, so just mark other descriptors, and defer
+	 * other files, and defer unmarked sockets for the next pass.
 	 * unmarked sockets for the next pass.
 	 */
 	if (fp->f_type == DTYPE_SOCKET) {
 		unp_defer++;
 		KASSERT(fp->f_count != 0);
 		atomic_or_uint(&fp->f_flag, FDEFER);
 	} else {
 		atomic_or_uint(&fp->f_flag, FMARK);
+	}
 	mutex_exit(&fp->f_lock);
 	return;
+}
-void
+static void
-unp_discard(file_t *fp)
+unp_discard_now(file_t *fp)
+{
 	if (fp == NULL)
 		return;
 	mutex_enter(&fp->f_lock);
 	KASSERT(fp->f_count > 0);
 	KASSERT(fp->f_msgcount > 0);
 	mutex_enter(&fp->f_lock);
 	fp->f_msgcount--;
 	mutex_exit(&fp->f_lock);
 	atomic_dec_uint(&unp_rights);
 	(void)closef(fp);
+}
 static void
 unp_discard_later(file_t *fp)
+{
 	if (fp == NULL)
 		return;
 	KASSERT(fp->f_count > 0);
 	KASSERT(fp->f_msgcount > 0);
 	mutex_enter(&filelist_lock);
 	if (fp->f_unpcount++ == 0) {
 		SLIST_INSERT_HEAD(&unp_thread_discard, fp, f_unplist);
+	}
 	mutex_exit(&filelist_lock);
+}

 @@ -1,14 +1,43 @@
-/*	$NetBSD: file.h,v 1.65 2008/06/24 10:26:27 gmcgarry Exp $	*/
+/*	$NetBSD: file.h,v 1.65.6.1 2009/03/18 05:33:23 snj Exp $	*/
 /*-
  * Copyright (c) 2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Andrew Doran.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1982, 1986, 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -43,60 +72,65 @@
 #include <sys/mutex.h>
 #include <sys/condvar.h>
 struct proc;
 struct lwp;
 struct uio;
 struct iovec;
 struct stat;
 struct knote;
 /*
  * Kernel file descriptor.  One entry for each open kernel vnode and
  * socket.
+ *
  * This structure is exported via the KERN_FILE and KERN_FILE2 sysctl
  * calls.  Only add members to the end, do not delete them.
  */
 struct file {
 	off_t		f_offset;	/* first, is 64-bit */
 	kauth_cred_t 	f_cred;		/* creds associated with descriptor */
 	const struct fileops {
 		int	(*fo_read)	(struct file *, off_t *, struct uio *,
 					    kauth_cred_t, int);
 		int	(*fo_write)	(struct file *, off_t *, struct uio *,
 					    kauth_cred_t, int);
 		int	(*fo_ioctl)	(struct file *, u_long, void *);
 		int	(*fo_fcntl)	(struct file *, u_int, void *);
 		int	(*fo_poll)	(struct file *, int);
 		int	(*fo_stat)	(struct file *, struct stat *);
 		int	(*fo_close)	(struct file *);
 		int	(*fo_kqfilter)	(struct file *, struct knote *);
 	} *f_ops;
 	void		*f_data;	/* descriptor data, e.g. vnode/socket */
 	LIST_ENTRY(file) f_list;	/* list of active files */
 	kmutex_t	f_lock;		/* lock on structure */
 	int		f_flag;		/* see fcntl.h */
-	u_int		f_iflags;	/* internal flags; FIF_* */
+	u_int		f_unused1;	/* unused; was internal flags; FIF_* */
 #define	DTYPE_VNODE	1		/* file */
 #define	DTYPE_SOCKET	2		/* communications endpoint */
 #define	DTYPE_PIPE	3		/* pipe */
 #define	DTYPE_KQUEUE	4		/* event queue */
 #define	DTYPE_MISC	5		/* misc file descriptor type */
 #define	DTYPE_CRYPTO	6		/* crypto */
 #define	DTYPE_MQUEUE	7		/* message queue */
 #define DTYPE_NAMES \
     "0", "file", "socket", "pipe", "kqueue", "misc", "crypto", "mqueue"
 	u_int		f_type;		/* descriptor type */
 	u_int		f_advice;	/* access pattern hint; UVM_ADV_* */
 	u_int		f_count;	/* reference count */
 	u_int		f_msgcount;	/* references from message queue */
 	u_int		f_unpcount;	/* deferred close: see uipc_usrreq.c */
 	SLIST_ENTRY(file) f_unplist;	/* deferred close: see uipc_usrreq.c */
 };
 #define FILE_LOCK(fp)	mutex_enter(&(fp)->f_lock)
 #define FILE_UNLOCK(fp)	mutex_exit(&(fp)->f_lock)
 /*
  * Flags for fo_read and fo_write and do_fileread/write/v
  */
 #define	FOF_UPDATE_OFFSET	0x0001	/* update the file offset */
 #define	FOF_IOV_SYSSPACE	0x0100	/* iov structure in kernel memory */
 LIST_HEAD(filelist, file);
 extern struct filelist	filehead;	/* head of list of open files */

 @@ -1,14 +1,14 @@
-/*	$NetBSD: fcntl.h,v 1.34 2006/10/05 14:48:33 chs Exp $	*/
+/*	$NetBSD: fcntl.h,v 1.34.64.1 2009/03/18 05:33:23 snj Exp $	*/
 /*-
  * Copyright (c) 1983, 1990, 1993
  *	The Regents of the University of California.  All rights reserved.
  * (c) UNIX System Laboratories, Inc.
  * All or some portions of this file are derived from material licensed
  * to the University of California by American Telephone and Telegraph
  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
  * the permission of UNIX System Laboratories, Inc.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
 @@ -115,26 +115,27 @@
 #ifdef _KERNEL
 /* convert from open() flags to/from fflags; convert O_RD/WR to FREAD/FWRITE */
 #define	FFLAGS(oflags)	((oflags) + 1)
 #define	OFLAGS(fflags)	((fflags) - 1)
 /* all bits settable during open(2) */
 #define	O_MASK		(O_ACCMODE|O_NONBLOCK|O_APPEND|O_SHLOCK|O_EXLOCK|\
 			 O_ASYNC|O_SYNC|O_CREAT|O_TRUNC|O_EXCL|O_DSYNC|\
 			 O_RSYNC|O_NOCTTY|O_ALT_IO|O_NOFOLLOW|O_DIRECT)
 #define	FMARK		0x00001000	/* mark during gc() */
 #define	FDEFER		0x00002000	/* defer for next gc pass */
 #define	FHASLOCK	0x00004000	/* descriptor holds advisory lock */
 #define	FSCAN		0x00100000	/* scan during gc passes */
 #define	FKIOCTL		0x80000000	/* kernel originated ioctl */
 /* bits settable by fcntl(F_SETFL, ...) */
 #define	FCNTLFLAGS	(FAPPEND|FASYNC|FFSYNC|FNONBLOCK|FDSYNC|FRSYNC|FALTIO|\
 			 FDIRECT)
 /* bits to save after open(2) */
 #define	FMASK		(FREAD|FWRITE|FCNTLFLAGS)
 #endif /* _KERNEL */
 /*
  * The O_* flags used to have only F* names, which were used in the kernel
  * and by fcntl.  We retain the F* names for the kernel f_flags field
  * and for backward compatibility for fcntl.
  */

 @@ -1,14 +1,14 @@
-/*	$NetBSD: param.h,v 1.330.4.3 2009/02/09 00:22:09 snj Exp $	*/
+/*	$NetBSD: param.h,v 1.330.4.4 2009/03/18 05:33:23 snj Exp $	*/
 /*-
  * Copyright (c) 1982, 1986, 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
  * (c) UNIX System Laboratories, Inc.
  * All or some portions of this file are derived from material licensed
  * to the University of California by American Telephone and Telegraph
  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
  * the permission of UNIX System Laboratories, Inc.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
 @@ -53,27 +53,27 @@
  *	m = minor version; a minor number of 99 indicates current.
  *	r = 0 (*)
  *	p = patchlevel
+ *
  * When new releases are made, src/gnu/usr.bin/groff/tmac/mdoc.local
  * needs to be updated and the changes sent back to the groff maintainers.
+ *
  * (*)	Up to 2.0I "release" used to be "",A-Z,Z[A-Z] but numeric
  *	    	e.g. NetBSD-1.2D  = 102040000 ('D' == 4)
  *	NetBSD-2.0H 	(200080000) was changed on 20041001 to:
  *	2.99.9		(299000900)
  */
-#define	__NetBSD_Version__	500000000	/* NetBSD 5.0_RC2 */
+#define	__NetBSD_Version__	500000001	/* NetBSD 5.0_RC2 */
 #define __NetBSD_Prereq__(M,m,p) (((((M) * 100000000) + \
     (m) * 1000000) + (p) * 100) <= __NetBSD_Version__)
 /*
  * Historical NetBSD #define
+ *
  * NetBSD 1.4 was the last release for which this value was incremented.
  * The value is now permanently fixed at 199905. It will never be
  * changed again.
+ *
  * New code must use __NetBSD_Version__ instead, and should not even
  * count on NetBSD being defined.

 @@ -1,14 +1,14 @@
-/*	$NetBSD: un.h,v 1.44 2008/08/06 15:01:24 plunky Exp $	*/
+/*	$NetBSD: un.h,v 1.44.4.1 2009/03/18 05:33:23 snj Exp $	*/
 /*
  * Copyright (c) 1982, 1986, 1993
  *	The Regents of the University of California.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -81,29 +81,26 @@ int	uipc_ctloutput(int, struct socket *,
 void	uipc_init (void);
 kmutex_t *uipc_dgramlock (void);
 kmutex_t *uipc_streamlock (void);
 kmutex_t *uipc_rawlock (void);
 int	unp_attach (struct socket *);
 int	unp_bind (struct socket *, struct mbuf *, struct lwp *);
 int	unp_connect (struct socket *, struct mbuf *, struct lwp *);
 int	unp_connect2 (struct socket *, struct socket *, int);
 void	unp_detach (struct unpcb *);
 void	unp_discard (struct file *);
 void	unp_disconnect (struct unpcb *);
 bool	unp_drop (struct unpcb *, int);
 void	unp_gc (void);
 void	unp_mark (struct file *);
 void	unp_scan (struct mbuf *, void (*)(struct file *), int);
 void	unp_shutdown (struct unpcb *);
 int 	unp_externalize (struct mbuf *, struct lwp *);
 int	unp_internalize (struct mbuf **);
 void 	unp_dispose (struct mbuf *);
 int	unp_output (struct mbuf *, struct mbuf *, struct unpcb *,
 	    struct lwp *);
 void	unp_setaddr (struct socket *, struct mbuf *, bool);
 #else /* !_KERNEL */
 /* actual length of an initialized sockaddr_un */
 #if defined(_NETBSD_SOURCE)
 #define SUN_LEN(su) \
 	(sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))