 @@ -1,1930 +1,1941 @@
-/*	$NetBSD: kern_descrip.c,v 1.182.6.3 2009/03/15 20:23:26 snj Exp $	*/
+/*	$NetBSD: kern_descrip.c,v 1.182.6.4 2009/03/18 05:33:23 snj Exp $	*/
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1982, 1986, 1989, 1991, 1993
  *	The Regents of the University of California.  All rights reserved.
  * (c) UNIX System Laboratories, Inc.
  * All or some portions of this file are derived from material licensed
  * to the University of California by American Telephone and Telegraph
  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
  * the permission of UNIX System Laboratories, Inc.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)kern_descrip.c	8.8 (Berkeley) 2/14/95
  */
 /*
  * File descriptor management.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.182.6.3 2009/03/15 20:23:26 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.182.6.4 2009/03/18 05:33:23 snj Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/filedesc.h>
 #include <sys/kernel.h>
 #include <sys/vnode.h>
 #include <sys/proc.h>
 #include <sys/file.h>
 #include <sys/namei.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <sys/fcntl.h>
 #include <sys/pool.h>
 #include <sys/syslog.h>
 #include <sys/unistd.h>
 #include <sys/resourcevar.h>
 #include <sys/conf.h>
 #include <sys/event.h>
 #include <sys/kauth.h>
 #include <sys/atomic.h>
 #include <sys/mount.h>
 #include <sys/syscallargs.h>
 #include <sys/cpu.h>
 static int	cwdi_ctor(void *, void *, int);
 static void	cwdi_dtor(void *, void *);
 static int	file_ctor(void *, void *, int);
 static void	file_dtor(void *, void *);
 static int	fdfile_ctor(void *, void *, int);
 static void	fdfile_dtor(void *, void *);
 static int	filedesc_ctor(void *, void *, int);
 static void	filedesc_dtor(void *, void *);
 static int	filedescopen(dev_t, int, int, lwp_t *);
 kmutex_t	filelist_lock;	/* lock on filehead */
 struct filelist	filehead;	/* head of list of open files */
 u_int		nfiles;		/* actual number of open files */
 static pool_cache_t cwdi_cache;
 static pool_cache_t filedesc_cache;
 static pool_cache_t file_cache;
 static pool_cache_t fdfile_cache;
 const struct cdevsw filedesc_cdevsw = {
 	filedescopen, noclose, noread, nowrite, noioctl,
 	nostop, notty, nopoll, nommap, nokqfilter, D_OTHER | D_MPSAFE,
 };
 /* For ease of reading. */
 __strong_alias(fd_putvnode,fd_putfile)
 __strong_alias(fd_putsock,fd_putfile)
 /*
  * Initialize the descriptor system.
  */
 void
 fd_sys_init(void)
+{
 	mutex_init(&filelist_lock, MUTEX_DEFAULT, IPL_NONE);
 	file_cache = pool_cache_init(sizeof(file_t), coherency_unit, 0,
 , "file", NULL, IPL_NONE, file_ctor, file_dtor, NULL);
 	KASSERT(file_cache != NULL);
 	fdfile_cache = pool_cache_init(sizeof(fdfile_t), coherency_unit, 0,
 	    PR_LARGECACHE, "fdfile", NULL, IPL_NONE, fdfile_ctor, fdfile_dtor,
 	    NULL);
 	KASSERT(fdfile_cache != NULL);
 	cwdi_cache = pool_cache_init(sizeof(struct cwdinfo), coherency_unit,
 , 0, "cwdi", NULL, IPL_NONE, cwdi_ctor, cwdi_dtor, NULL);
 	KASSERT(cwdi_cache != NULL);
 	filedesc_cache = pool_cache_init(sizeof(filedesc_t), coherency_unit,
 , 0, "filedesc", NULL, IPL_NONE, filedesc_ctor, filedesc_dtor,
 	    NULL);
 	KASSERT(filedesc_cache != NULL);
+}
 static int
 fd_next_zero(filedesc_t *fdp, uint32_t *bitmap, int want, u_int bits)
+{
 	int i, off, maxoff;
 	uint32_t sub;
 	KASSERT(mutex_owned(&fdp->fd_lock));
 	if (want > bits)
 		return -1;
 	off = want >> NDENTRYSHIFT;
 	i = want & NDENTRYMASK;
 	if (i) {
 		sub = bitmap[off] | ((u_int)~0 >> (NDENTRIES - i));
 		if (sub != ~0)
 			goto found;
 		off++;
+	}
 	maxoff = NDLOSLOTS(bits);
 	while (off < maxoff) {
 		if ((sub = bitmap[off]) != ~0)
 			goto found;
 		off++;
+	}
 	return (-1);
  found:
 	return (off << NDENTRYSHIFT) + ffs(~sub) - 1;
+}
 static int
 fd_last_set(filedesc_t *fd, int last)
+{
 	int off, i;
 	fdfile_t **ofiles = fd->fd_ofiles;
 	uint32_t *bitmap = fd->fd_lomap;
 	KASSERT(mutex_owned(&fd->fd_lock));
 	off = (last - 1) >> NDENTRYSHIFT;
 	while (off >= 0 && !bitmap[off])
 		off--;
 	if (off < 0)
 		return (-1);
 	i = ((off + 1) << NDENTRYSHIFT) - 1;
 	if (i >= last)
 		i = last - 1;
 	/* XXX should use bitmap */
 	/* XXXAD does not work for fd_copy() */
 	while (i > 0 && (ofiles[i] == NULL || !ofiles[i]->ff_allocated))
 		i--;
 	return (i);
+}
 void
 fd_used(filedesc_t *fdp, unsigned fd)
+{
 	u_int off = fd >> NDENTRYSHIFT;
 	fdfile_t *ff;
 	ff = fdp->fd_ofiles[fd];
 	KASSERT(mutex_owned(&fdp->fd_lock));
 	KASSERT((fdp->fd_lomap[off] & (1 << (fd & NDENTRYMASK))) == 0);
 	KASSERT(ff != NULL);
 	KASSERT(ff->ff_file == NULL);
    	KASSERT(!ff->ff_allocated);
    	ff->ff_allocated = 1;
 	fdp->fd_lomap[off] |= 1 << (fd & NDENTRYMASK);
 	if (fdp->fd_lomap[off] == ~0) {
 		KASSERT((fdp->fd_himap[off >> NDENTRYSHIFT] &
 		    (1 << (off & NDENTRYMASK))) == 0);
 		fdp->fd_himap[off >> NDENTRYSHIFT] |= 1 << (off & NDENTRYMASK);
+	}
 	if ((int)fd > fdp->fd_lastfile) {
 		fdp->fd_lastfile = fd;
+	}
 	if (fd >= NDFDFILE) {
 		fdp->fd_nused++;
 	} else {
 		KASSERT(ff == (fdfile_t *)fdp->fd_dfdfile[fd]);
+	}
+}
 void
 fd_unused(filedesc_t *fdp, unsigned fd)
+{
 	u_int off = fd >> NDENTRYSHIFT;
 	fdfile_t *ff;
 	ff = fdp->fd_ofiles[fd];
 	/*
 	 * Don't assert the lock is held here, as we may be copying
 	 * the table during exec() and it is not needed there.
 	 * procfs and sysctl are locked out by proc::p_reflock.
+	 *
 	 * KASSERT(mutex_owned(&fdp->fd_lock));
 	 */
 	KASSERT(ff != NULL);
 	KASSERT(ff->ff_file == NULL);
    	KASSERT(ff->ff_allocated);
 	if (fd < fdp->fd_freefile) {
 		fdp->fd_freefile = fd;
+	}
 	if (fdp->fd_lomap[off] == ~0) {
 		KASSERT((fdp->fd_himap[off >> NDENTRYSHIFT] &
 		    (1 << (off & NDENTRYMASK))) != 0);
 		fdp->fd_himap[off >> NDENTRYSHIFT] &=
 		    ~(1 << (off & NDENTRYMASK));
+	}
 	KASSERT((fdp->fd_lomap[off] & (1 << (fd & NDENTRYMASK))) != 0);
 	fdp->fd_lomap[off] &= ~(1 << (fd & NDENTRYMASK));
 	ff->ff_allocated = 0;
 	KASSERT(fd <= fdp->fd_lastfile);
 	if (fd == fdp->fd_lastfile) {
 		fdp->fd_lastfile = fd_last_set(fdp, fd);
+	}
 	if (fd >= NDFDFILE) {
 		KASSERT(fdp->fd_nused > 0);
 		fdp->fd_nused--;
 	} else {
 		KASSERT(ff == (fdfile_t *)fdp->fd_dfdfile[fd]);
+	}
+}
 /*
  * Custom version of fd_unused() for fd_copy(), where the descriptor
  * table is not yet fully initialized.
  */
 static inline void
 fd_zap(filedesc_t *fdp, unsigned fd)
+{
 	u_int off = fd >> NDENTRYSHIFT;
 	if (fd < fdp->fd_freefile) {
 		fdp->fd_freefile = fd;
+	}
 	if (fdp->fd_lomap[off] == ~0) {
 		KASSERT((fdp->fd_himap[off >> NDENTRYSHIFT] &
 		    (1 << (off & NDENTRYMASK))) != 0);
 		fdp->fd_himap[off >> NDENTRYSHIFT] &=
 		    ~(1 << (off & NDENTRYMASK));
+	}
 	KASSERT((fdp->fd_lomap[off] & (1 << (fd & NDENTRYMASK))) != 0);
 	fdp->fd_lomap[off] &= ~(1 << (fd & NDENTRYMASK));
+}
 bool
 fd_isused(filedesc_t *fdp, unsigned fd)
+{
 	u_int off = fd >> NDENTRYSHIFT;
 	KASSERT(fd < fdp->fd_nfiles);
 	return (fdp->fd_lomap[off] & (1 << (fd & NDENTRYMASK))) != 0;
+}
 /*
  * Look up the file structure corresponding to a file descriptor
  * and return the file, holding a reference on the descriptor.
  */
 inline file_t *
 fd_getfile(unsigned fd)
+{
 	filedesc_t *fdp;
 	fdfile_t *ff;
 	file_t *fp;
 	fdp = curlwp->l_fd;
 	/*
 	 * Look up the fdfile structure representing this descriptor.
 	 * Ensure that we see fd_nfiles before fd_ofiles since we
 	 * are doing this unlocked.  See fd_tryexpand().
 	 */
 	if (__predict_false(fd >= fdp->fd_nfiles)) {
 		return NULL;
+	}
 	membar_consumer();
 	ff = fdp->fd_ofiles[fd];
 	KASSERT(fd >= NDFDFILE || ff == (fdfile_t *)fdp->fd_dfdfile[fd]);
 	if (__predict_false(ff == NULL)) {
 		return NULL;
+	}
 	/*
 	 * Now get a reference to the descriptor.   Issue a memory
 	 * barrier to ensure that we acquire the file pointer _after_
 	 * adding a reference.  If no memory barrier, we could fetch
 	 * a stale pointer.
 	 */
 	atomic_inc_uint(&ff->ff_refcnt);
 #ifndef __HAVE_ATOMIC_AS_MEMBAR
 	membar_enter();
 #endif
 	/*
 	 * If the file is not open or is being closed then put the
 	 * reference back.
 	 */
 	fp = ff->ff_file;
 	if (__predict_true(fp != NULL)) {
 		return fp;
+	}
 	fd_putfile(fd);
 	return NULL;
+}
 /*
  * Release a reference to a file descriptor acquired with fd_getfile().
  */
 void
 fd_putfile(unsigned fd)
+{
 	filedesc_t *fdp;
 	fdfile_t *ff;
 	u_int u, v;
 	fdp = curlwp->l_fd;
 	ff = fdp->fd_ofiles[fd];
 	KASSERT(fd < fdp->fd_nfiles);
 	KASSERT(ff != NULL);
 	KASSERT((ff->ff_refcnt & FR_MASK) > 0);
 	KASSERT(fd >= NDFDFILE || ff == (fdfile_t *)fdp->fd_dfdfile[fd]);
 	/*
 	 * Ensure that any use of the file is complete and globally
 	 * visible before dropping the final reference.  If no membar,
 	 * the current CPU could still access memory associated with
 	 * the file after it has been freed or recycled by another
 	 * CPU.
 	 */
 #ifndef __HAVE_ATOMIC_AS_MEMBAR
 	membar_exit();
 #endif
 	/*
 	 * Be optimistic and start out with the assumption that no other
 	 * threads are trying to close the descriptor.  If the CAS fails,
 	 * we lost a race and/or it's being closed.
 	 */
 	for (u = ff->ff_refcnt & FR_MASK;; u = v) {
 		v = atomic_cas_uint(&ff->ff_refcnt, u, u - 1);
 		if (__predict_true(u == v)) {
 			return;
+		}
 		if (__predict_false((v & FR_CLOSING) != 0)) {
 			break;
+		}
+	}
 	/* Another thread is waiting to close the file: join it. */
 	(void)fd_close(fd);
+}
 /*
  * Convenience wrapper around fd_getfile() that returns reference
  * to a vnode.
  */
 int
 fd_getvnode(unsigned fd, file_t **fpp)
+{
 	vnode_t *vp;
 	file_t *fp;
 	fp = fd_getfile(fd);
 	if (__predict_false(fp == NULL)) {
 		return EBADF;
+	}
 	if (__predict_false(fp->f_type != DTYPE_VNODE)) {
 		fd_putfile(fd);
 		return EINVAL;
+	}
 	vp = fp->f_data;
 	if (__predict_false(vp->v_type == VBAD)) {
 		/* XXX Is this case really necessary? */
 		fd_putfile(fd);
 		return EBADF;
+	}
 	*fpp = fp;
 	return 0;
+}
 /*
  * Convenience wrapper around fd_getfile() that returns reference
  * to a socket.
  */
 int
 fd_getsock(unsigned fd, struct socket **sop)
+{
 	file_t *fp;
 	fp = fd_getfile(fd);
 	if (__predict_false(fp == NULL)) {
 		return EBADF;
+	}
 	if (__predict_false(fp->f_type != DTYPE_SOCKET)) {
 		fd_putfile(fd);
 		return ENOTSOCK;
+	}
 	*sop = fp->f_data;
 	return 0;
+}
 /*
  * Look up the file structure corresponding to a file descriptor
  * and return it with a reference held on the file, not the
  * descriptor.
+ *
  * This is heavyweight and only used when accessing descriptors
  * from a foreign process.  The caller must ensure that `p' does
  * not exit or fork across this call.
+ *
  * To release the file (not descriptor) reference, use closef().
  */
 file_t *
 fd_getfile2(proc_t *p, unsigned fd)
+{
 	filedesc_t *fdp;
 	fdfile_t *ff;
 	file_t *fp;
 	fdp = p->p_fd;
 	mutex_enter(&fdp->fd_lock);
 	if (fd > fdp->fd_nfiles) {
 		mutex_exit(&fdp->fd_lock);
 		return NULL;
+	}
 	if ((ff = fdp->fd_ofiles[fd]) == NULL) {
 		mutex_exit(&fdp->fd_lock);
 		return NULL;
+	}
 	mutex_enter(&ff->ff_lock);
 	if ((fp = ff->ff_file) == NULL) {
 		mutex_exit(&ff->ff_lock);
 		mutex_exit(&fdp->fd_lock);
 		return NULL;
+	}
 	mutex_enter(&fp->f_lock);
 	fp->f_count++;
 	mutex_exit(&fp->f_lock);
 	mutex_exit(&ff->ff_lock);
 	mutex_exit(&fdp->fd_lock);
 	return fp;
+}
 /*
  * Internal form of close.  Must be called with a reference to the
  * descriptor, and will drop the reference.  When all descriptor
  * references are dropped, releases the descriptor slot and a single
  * reference to the file structure.
  */
 int
 fd_close(unsigned fd)
+{
 	struct flock lf;
 	filedesc_t *fdp;
 	fdfile_t *ff;
 	file_t *fp;
 	proc_t *p;
 	lwp_t *l;
 	l = curlwp;
 	p = l->l_proc;
 	fdp = l->l_fd;
 	ff = fdp->fd_ofiles[fd];
 	KASSERT(fd >= NDFDFILE || ff == (fdfile_t *)fdp->fd_dfdfile[fd]);
 	mutex_enter(&ff->ff_lock);
 	KASSERT((ff->ff_refcnt & FR_MASK) > 0);
 	if (ff->ff_file == NULL) {
 		/*
 		 * Another user of the file is already closing, and is
 		 * waiting for other users of the file to drain.  Release
 		 * our reference, and wake up the closer.
 		 */
 		atomic_dec_uint(&ff->ff_refcnt);
 		cv_broadcast(&ff->ff_closing);
 		mutex_exit(&ff->ff_lock);
 		/*
 		 * An application error, so pretend that the descriptor
 		 * was already closed.  We can't safely wait for it to
 		 * be closed without potentially deadlocking.
 		 */
 		return (EBADF);
+	}
 	KASSERT((ff->ff_refcnt & FR_CLOSING) == 0);
 	/*
 	 * There may be multiple users of this file within the process.
 	 * Notify existing and new users that the file is closing.  This
 	 * will prevent them from adding additional uses to this file
 	 * while we are closing it.
 	 */
 	fp = ff->ff_file;
 	ff->ff_file = NULL;
 	ff->ff_exclose = false;
 	/*
 	 * We expect the caller to hold a descriptor reference - drop it.
 	 * The reference count may increase beyond zero at this point due
 	 * to an erroneous descriptor reference by an application, but
 	 * fd_getfile() will notice that the file is being closed and drop
 	 * the reference again.
 	 */
 #ifndef __HAVE_ATOMIC_AS_MEMBAR
 	membar_producer();
 #endif
 	if (__predict_false(atomic_dec_uint_nv(&ff->ff_refcnt) != 0)) {
 		/*
 		 * Wait for other references to drain.  This is typically
 		 * an application error - the descriptor is being closed
 		 * while still in use.
+		 *
 		 */
 		atomic_or_uint(&ff->ff_refcnt, FR_CLOSING);
 		/*
 		 * Remove any knotes attached to the file.  A knote
 		 * attached to the descriptor can hold references on it.
 		 */
 		if (!SLIST_EMPTY(&ff->ff_knlist)) {
 			mutex_exit(&ff->ff_lock);
 			knote_fdclose(fd);
 			mutex_enter(&ff->ff_lock);
+		}
 		/*
 		 * We need to see the count drop to zero at least once,
 		 * in order to ensure that all pre-existing references
 		 * have been drained.  New references past this point are
 		 * of no interest.
 		 */
 		while ((ff->ff_refcnt & FR_MASK) != 0) {
 			cv_wait(&ff->ff_closing, &ff->ff_lock);
+		}
 		atomic_and_uint(&ff->ff_refcnt, ~FR_CLOSING);
 	} else {
 		/* If no references, there must be no knotes. */
 		KASSERT(SLIST_EMPTY(&ff->ff_knlist));
+	}
 	mutex_exit(&ff->ff_lock);
 	/*
 	 * POSIX record locking dictates that any close releases ALL
 	 * locks owned by this process.  This is handled by setting
 	 * a flag in the unlock to free ONLY locks obeying POSIX
 	 * semantics, and not to free BSD-style file locks.
 	 * If the descriptor was in a message, POSIX-style locks
 	 * aren't passed with the descriptor.
 	 */
 	if ((p->p_flag & PK_ADVLOCK) != 0 && fp->f_type == DTYPE_VNODE) {
 		lf.l_whence = SEEK_SET;
 		lf.l_start = 0;
 		lf.l_len = 0;
 		lf.l_type = F_UNLCK;
 		(void)VOP_ADVLOCK(fp->f_data, p, F_UNLCK, &lf, F_POSIX);
+	}
 	/* Free descriptor slot. */
 	mutex_enter(&fdp->fd_lock);
 	fd_unused(fdp, fd);
 	mutex_exit(&fdp->fd_lock);
 	/* Now drop reference to the file itself. */
 	return closef(fp);
+}
 /*
  * Duplicate a file descriptor.
  */
 int
 fd_dup(file_t *fp, int minfd, int *newp, bool exclose)
+{
 	proc_t *p;
 	int error;
 	p = curproc;
 	while ((error = fd_alloc(p, minfd, newp)) != 0) {
 		if (error != ENOSPC) {
 			return error;
+		}
 		fd_tryexpand(p);
+	}
 	curlwp->l_fd->fd_ofiles[*newp]->ff_exclose = exclose;
 	fd_affix(p, fp, *newp);
 	return 0;
+}
 /*
  * dup2 operation.
  */
 int
 fd_dup2(file_t *fp, unsigned new)
+{
 	filedesc_t *fdp;
 	fdfile_t *ff;
 	fdp = curlwp->l_fd;
 	/*
 	 * Ensure there are enough slots in the descriptor table,
 	 * and allocate an fdfile_t up front in case we need it.
 	 */
 	while (new >= fdp->fd_nfiles) {
 		fd_tryexpand(curproc);
+	}
 	ff = pool_cache_get(fdfile_cache, PR_WAITOK);
 	/*
 	 * If there is already a file open, close it.  If the file is
 	 * half open, wait for it to be constructed before closing it.
 	 * XXX Potential for deadlock here?
 	 */
 	mutex_enter(&fdp->fd_lock);
 	while (fd_isused(fdp, new)) {
 		mutex_exit(&fdp->fd_lock);
 		if (fd_getfile(new) != NULL) {
 			(void)fd_close(new);
 		} else {
 			/* XXX Crummy, but unlikely to happen. */
 			kpause("dup2", false, 1, NULL);
+		}
 		mutex_enter(&fdp->fd_lock);
+	}
 	if (fdp->fd_ofiles[new] == NULL) {
 		KASSERT(new >= NDFDFILE);
 		fdp->fd_ofiles[new] = ff;
 		ff = NULL;
+	}
 	fd_used(fdp, new);
 	mutex_exit(&fdp->fd_lock);
 	/* Slot is now allocated.  Insert copy of the file. */
 	fd_affix(curproc, fp, new);
 	if (ff != NULL) {
 		pool_cache_put(fdfile_cache, ff);
+	}
 	return 0;
+}
 /*
  * Drop reference to a file structure.
  */
 int
 closef(file_t *fp)
+{
 	struct flock lf;
 	int error;
 	/*
 	 * Drop reference.  If referenced elsewhere it's still open
 	 * and we have nothing more to do.
 	 */
 	mutex_enter(&fp->f_lock);
 	KASSERT(fp->f_count > 0);
 	if (--fp->f_count > 0) {
 		mutex_exit(&fp->f_lock);
 		return 0;
+	}
 	KASSERT(fp->f_count == 0);
 	mutex_exit(&fp->f_lock);
 	/* We held the last reference - release locks, close and free. */
         if ((fp->f_flag & FHASLOCK) && fp->f_type == DTYPE_VNODE) {
         	lf.l_whence = SEEK_SET;
 		lf.l_start = 0;
 		lf.l_len = 0;
 		lf.l_type = F_UNLCK;
 		(void)VOP_ADVLOCK(fp->f_data, fp, F_UNLCK, &lf, F_FLOCK);
+	}
 	if (fp->f_ops != NULL) {
 		error = (*fp->f_ops->fo_close)(fp);
 	} else {
 		error = 0;
+	}
 	ffree(fp);
 	return error;
+}
 /*
  * Allocate a file descriptor for the process.
  */
 int
 fd_alloc(proc_t *p, int want, int *result)
+{
 	filedesc_t *fdp;
 	int i, lim, last, error;
 	u_int off, new;
 	fdfile_t *ff;
 	KASSERT(p == curproc || p == &proc0);
 	fdp = p->p_fd;
 	ff = pool_cache_get(fdfile_cache, PR_WAITOK);
 	KASSERT(ff->ff_refcnt == 0);
 	KASSERT(ff->ff_file == NULL);
 	/*
 	 * Search for a free descriptor starting at the higher
 	 * of want or fd_freefile.
 	 */
 	mutex_enter(&fdp->fd_lock);
 	KASSERT(fdp->fd_ofiles[0] == (fdfile_t *)fdp->fd_dfdfile[0]);
 	lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfiles);
 	last = min(fdp->fd_nfiles, lim);
 	for (;;) {
 		if ((i = want) < fdp->fd_freefile)
 			i = fdp->fd_freefile;
 		off = i >> NDENTRYSHIFT;
 		new = fd_next_zero(fdp, fdp->fd_himap, off,
 		    (last + NDENTRIES - 1) >> NDENTRYSHIFT);
 		if (new == -1)
 			break;
 		i = fd_next_zero(fdp, &fdp->fd_lomap[new],
 		    new > off ? 0 : i & NDENTRYMASK, NDENTRIES);
 		if (i == -1) {
 			/*
 			 * Free file descriptor in this block was
 			 * below want, try again with higher want.
 			 */
 			want = (new + 1) << NDENTRYSHIFT;
 			continue;
+		}
 		i += (new << NDENTRYSHIFT);
 		if (i >= last) {
 			break;
+		}
 		if (fdp->fd_ofiles[i] == NULL) {
 			KASSERT(i >= NDFDFILE);
 			fdp->fd_ofiles[i] = ff;
 		} else {
 		   	pool_cache_put(fdfile_cache, ff);
+		}
 		KASSERT(fdp->fd_ofiles[i]->ff_file == NULL);
 		fd_used(fdp, i);
 		if (want <= fdp->fd_freefile) {
 			fdp->fd_freefile = i;
+		}
 		*result = i;
 		mutex_exit(&fdp->fd_lock);
 		KASSERT(i >= NDFDFILE ||
 		    fdp->fd_ofiles[i] == (fdfile_t *)fdp->fd_dfdfile[i]);
 		return 0;
+	}
 	/* No space in current array.  Let the caller expand and retry. */
 	error = (fdp->fd_nfiles >= lim) ? EMFILE : ENOSPC;
 	mutex_exit(&fdp->fd_lock);
 	pool_cache_put(fdfile_cache, ff);
 	return error;
+}
 /*
  * Allocate memory for the open files array.
  */
 static fdfile_t **
 fd_ofile_alloc(int n)
+{
 	uintptr_t *ptr, sz;
 	KASSERT(n > NDFILE);
 	sz = (n + 2) * sizeof(uintptr_t);
 	ptr = kmem_alloc((size_t)sz, KM_SLEEP);
 	ptr[1] = sz;
 	return (fdfile_t **)(ptr + 2);
+}
 /*
  * Free an open files array.
  */
 static void
 fd_ofile_free(int n, fdfile_t **of)
+{
 	uintptr_t *ptr, sz;
 	KASSERT(n > NDFILE);
 	sz = (n + 2) * sizeof(uintptr_t);
 	ptr = (uintptr_t *)of - 2;
 	KASSERT(ptr[1] == sz);
 	kmem_free(ptr, sz);
+}
 /*
  * Allocate descriptor bitmap.
  */
 static void
 fd_map_alloc(int n, uint32_t **lo, uint32_t **hi)
+{
 	uint8_t *ptr;
 	size_t szlo, szhi;
 	KASSERT(n > NDENTRIES);
 	szlo = NDLOSLOTS(n) * sizeof(uint32_t);
 	szhi = NDHISLOTS(n) * sizeof(uint32_t);
 	ptr = kmem_alloc(szlo + szhi, KM_SLEEP);
 	*lo = (uint32_t *)ptr;
 	*hi = (uint32_t *)(ptr + szlo);
+}
 /*
  * Free descriptor bitmap.
  */
 static void
 fd_map_free(int n, uint32_t *lo, uint32_t *hi)
+{
 	size_t szlo, szhi;
 	KASSERT(n > NDENTRIES);
 	szlo = NDLOSLOTS(n) * sizeof(uint32_t);
 	szhi = NDHISLOTS(n) * sizeof(uint32_t);
 	KASSERT(hi == (uint32_t *)((uint8_t *)lo + szlo));
 	kmem_free(lo, szlo + szhi);
+}
 /*
  * Expand a process' descriptor table.
  */
 void
 fd_tryexpand(proc_t *p)
+{
 	filedesc_t *fdp;
 	int i, numfiles, oldnfiles;
 	fdfile_t **newofile;
 	uint32_t *newhimap, *newlomap;
 	KASSERT(p == curproc || p == &proc0);
 	fdp = p->p_fd;
 	newhimap = NULL;
 	newlomap = NULL;
 	oldnfiles = fdp->fd_nfiles;
 	if (oldnfiles < NDEXTENT)
 		numfiles = NDEXTENT;
 	else
 		numfiles = 2 * oldnfiles;
 	newofile = fd_ofile_alloc(numfiles);
 	if (NDHISLOTS(numfiles) > NDHISLOTS(oldnfiles)) {
 		fd_map_alloc(numfiles, &newlomap, &newhimap);
+	}
 	mutex_enter(&fdp->fd_lock);
 	KASSERT(fdp->fd_ofiles[0] == (fdfile_t *)fdp->fd_dfdfile[0]);
 	if (fdp->fd_nfiles != oldnfiles) {
 		/* fdp changed; caller must retry */
 		mutex_exit(&fdp->fd_lock);
 		fd_ofile_free(numfiles, newofile);
 		if (NDHISLOTS(numfiles) > NDHISLOTS(oldnfiles)) {
 			fd_map_free(numfiles, newlomap, newhimap);
+		}
 		return;
+	}
 	/* Copy the existing ofile array and zero the new portion. */
 	i = sizeof(fdfile_t *) * fdp->fd_nfiles;
 	memcpy(newofile, fdp->fd_ofiles, i);
 	memset((uint8_t *)newofile + i, 0, numfiles * sizeof(fdfile_t *) - i);
 	/*
 	 * Link old ofiles array into list to be discarded.  We defer
 	 * freeing until process exit if the descriptor table is visble
 	 * to other threads.
 	 */
 	if (oldnfiles > NDFILE) {
 		if ((fdp->fd_refcnt | p->p_nlwps) > 1) {
 			fdp->fd_ofiles[-2] = (void *)fdp->fd_discard;
 			fdp->fd_discard = fdp->fd_ofiles - 2;
 		} else {
 			fd_ofile_free(oldnfiles, fdp->fd_ofiles);
+		}
+	}
 	if (NDHISLOTS(numfiles) > NDHISLOTS(oldnfiles)) {
 		i = NDHISLOTS(oldnfiles) * sizeof(uint32_t);
 		memcpy(newhimap, fdp->fd_himap, i);
 		memset((uint8_t *)newhimap + i, 0,
 		    NDHISLOTS(numfiles) * sizeof(uint32_t) - i);
 		i = NDLOSLOTS(oldnfiles) * sizeof(uint32_t);
 		memcpy(newlomap, fdp->fd_lomap, i);
 		memset((uint8_t *)newlomap + i, 0,
 		    NDLOSLOTS(numfiles) * sizeof(uint32_t) - i);
 		if (NDHISLOTS(oldnfiles) > NDHISLOTS(NDFILE)) {
 			fd_map_free(oldnfiles, fdp->fd_lomap, fdp->fd_himap);
+		}
 		fdp->fd_himap = newhimap;
 		fdp->fd_lomap = newlomap;
+	}
 	/*
 	 * All other modifications must become globally visible before
 	 * the change to fd_nfiles.  See fd_getfile().
 	 */
 	fdp->fd_ofiles = newofile;
 	membar_producer();
 	fdp->fd_nfiles = numfiles;
 	mutex_exit(&fdp->fd_lock);
 	KASSERT(fdp->fd_ofiles[0] == (fdfile_t *)fdp->fd_dfdfile[0]);
+}
 /*
  * Create a new open file structure and allocate a file descriptor
  * for the current process.
  */
 int
 fd_allocfile(file_t **resultfp, int *resultfd)
+{
 	file_t *fp;
 	proc_t *p;
 	int error;
 	p = curproc;
 	while ((error = fd_alloc(p, 0, resultfd)) != 0) {
 		if (error != ENOSPC) {
 			return error;
+		}
 		fd_tryexpand(p);
+	}
 	fp = pool_cache_get(file_cache, PR_WAITOK);
 	KASSERT(fp->f_count == 0);
 	KASSERT(fp->f_msgcount == 0);
 	KASSERT(fp->f_unpcount == 0);
 	fp->f_cred = kauth_cred_get();
 	kauth_cred_hold(fp->f_cred);
 	if (__predict_false(atomic_inc_uint_nv(&nfiles) >= maxfiles)) {
 		fd_abort(p, fp, *resultfd);
 		tablefull("file", "increase kern.maxfiles or MAXFILES");
 		return ENFILE;
+	}
 	/*
 	 * Don't allow recycled files to be scanned.
 	 */
 	if ((fp->f_flag & FSCAN) != 0) {
 		mutex_enter(&fp->f_lock);
 		atomic_and_uint(&fp->f_flag, ~FSCAN);
 		mutex_exit(&fp->f_lock);
+	}
 	fp->f_advice = 0;
 	fp->f_msgcount = 0;
 	fp->f_offset = 0;
 	*resultfp = fp;
 	return 0;
+}
 /*
  * Successful creation of a new descriptor: make visible to the process.
  */
 void
 fd_affix(proc_t *p, file_t *fp, unsigned fd)
+{
 	fdfile_t *ff;
 	filedesc_t *fdp;
 	KASSERT(p == curproc || p == &proc0);
 	/* Add a reference to the file structure. */
 	mutex_enter(&fp->f_lock);
 	fp->f_count++;
 	mutex_exit(&fp->f_lock);
 	/*
 	 * Insert the new file into the descriptor slot.
+	 *
 	 * The memory barriers provided by lock activity in this routine
 	 * ensure that any updates to the file structure become globally
 	 * visible before the file becomes visible to other LWPs in the
 	 * current process.
 	 */
 	fdp = p->p_fd;
 	ff = fdp->fd_ofiles[fd];
 	KASSERT(ff != NULL);
 	KASSERT(ff->ff_file == NULL);
 	KASSERT(ff->ff_allocated);
 	KASSERT(fd_isused(fdp, fd));
 	KASSERT(fd >= NDFDFILE ||
 	    fdp->fd_ofiles[fd] == (fdfile_t *)fdp->fd_dfdfile[fd]);
 	/* No need to lock in order to make file initially visible. */
 	ff->ff_file = fp;
+}
 /*
  * Abort creation of a new descriptor: free descriptor slot and file.
  */
 void
 fd_abort(proc_t *p, file_t *fp, unsigned fd)
+{
 	filedesc_t *fdp;
 	fdfile_t *ff;
 	KASSERT(p == curproc || p == &proc0);
 	fdp = p->p_fd;
 	ff = fdp->fd_ofiles[fd];
 	KASSERT(fd >= NDFDFILE ||
 	    fdp->fd_ofiles[fd] == (fdfile_t *)fdp->fd_dfdfile[fd]);
 	mutex_enter(&fdp->fd_lock);
 	KASSERT(fd_isused(fdp, fd));
 	fd_unused(fdp, fd);
 	mutex_exit(&fdp->fd_lock);
 	if (fp != NULL) {
 		ffree(fp);
+	}
+}
 /*
  * Free a file descriptor.
  */
 void
 ffree(file_t *fp)
+{
 	KASSERT(fp->f_count == 0);
 	atomic_dec_uint(&nfiles);
 	kauth_cred_free(fp->f_cred);
 	pool_cache_put(file_cache, fp);
+}
 /*
  * Create an initial cwdinfo structure, using the same current and root
  * directories as curproc.
  */
 struct cwdinfo *
 cwdinit(void)
+{
 	struct cwdinfo *cwdi;
 	struct cwdinfo *copy;
 	cwdi = pool_cache_get(cwdi_cache, PR_WAITOK);
 	copy = curproc->p_cwdi;
 	rw_enter(&copy->cwdi_lock, RW_READER);
 	cwdi->cwdi_cdir = copy->cwdi_cdir;
 	if (cwdi->cwdi_cdir)
 		VREF(cwdi->cwdi_cdir);
 	cwdi->cwdi_rdir = copy->cwdi_rdir;
 	if (cwdi->cwdi_rdir)
 		VREF(cwdi->cwdi_rdir);
 	cwdi->cwdi_edir = copy->cwdi_edir;
 	if (cwdi->cwdi_edir)
 		VREF(cwdi->cwdi_edir);
 	cwdi->cwdi_cmask =  copy->cwdi_cmask;
 	cwdi->cwdi_refcnt = 1;
 	rw_exit(&copy->cwdi_lock);
 	return (cwdi);
+}
 static int
 cwdi_ctor(void *arg, void *obj, int flags)
+{
 	struct cwdinfo *cwdi = obj;
 	rw_init(&cwdi->cwdi_lock);
 	return 0;
+}
 static void
 cwdi_dtor(void *arg, void *obj)
+{
 	struct cwdinfo *cwdi = obj;
 	rw_destroy(&cwdi->cwdi_lock);
+}
 static int
 file_ctor(void *arg, void *obj, int flags)
+{
 	file_t *fp = obj;
 	memset(fp, 0, sizeof(*fp));
 	mutex_init(&fp->f_lock, MUTEX_DEFAULT, IPL_NONE);
 	mutex_enter(&filelist_lock);
 	LIST_INSERT_HEAD(&filehead, fp, f_list);
 	mutex_exit(&filelist_lock);
 	return 0;
+}
 static void
 file_dtor(void *arg, void *obj)
+{
 	file_t *fp = obj;
 	mutex_enter(&filelist_lock);
 	LIST_REMOVE(fp, f_list);
 	mutex_exit(&filelist_lock);
 	mutex_destroy(&fp->f_lock);
+}
 static int
 fdfile_ctor(void *arg, void *obj, int flags)
+{
 	fdfile_t *ff = obj;
 	memset(ff, 0, sizeof(*ff));
 	mutex_init(&ff->ff_lock, MUTEX_DEFAULT, IPL_NONE);
 	cv_init(&ff->ff_closing, "fdclose");
 	return 0;
+}
 static void
 fdfile_dtor(void *arg, void *obj)
+{
 	fdfile_t *ff = obj;
 	mutex_destroy(&ff->ff_lock);
 	cv_destroy(&ff->ff_closing);
+}
 file_t *
 fgetdummy(void)
+{
 	file_t *fp;
 	fp = kmem_alloc(sizeof(*fp), KM_SLEEP);
 	if (fp != NULL) {
 		memset(fp, 0, sizeof(*fp));
 		mutex_init(&fp->f_lock, MUTEX_DEFAULT, IPL_NONE);
+	}
 	return fp;
+}
 void
 fputdummy(file_t *fp)
+{
 	mutex_destroy(&fp->f_lock);
 	kmem_free(fp, sizeof(*fp));
+}
 /*
  * Make p2 share p1's cwdinfo.
  */
 void
 cwdshare(struct proc *p2)
+{
 	struct cwdinfo *cwdi;
 	cwdi = curproc->p_cwdi;
 	atomic_inc_uint(&cwdi->cwdi_refcnt);
 	p2->p_cwdi = cwdi;
+}
 /*
  * Release a cwdinfo structure.
  */
 void
 cwdfree(struct cwdinfo *cwdi)
+{
 	if (atomic_dec_uint_nv(&cwdi->cwdi_refcnt) > 0)
 		return;
 	vrele(cwdi->cwdi_cdir);
 	if (cwdi->cwdi_rdir)
 		vrele(cwdi->cwdi_rdir);
 	if (cwdi->cwdi_edir)
 		vrele(cwdi->cwdi_edir);
 	pool_cache_put(cwdi_cache, cwdi);
+}
 /*
  * Create an initial filedesc structure.
  */
 filedesc_t *
 fd_init(filedesc_t *fdp)
+{
 	unsigned fd;
 	if (fdp == NULL) {
 		fdp = pool_cache_get(filedesc_cache, PR_WAITOK);
 	} else {
 		filedesc_ctor(NULL, fdp, PR_WAITOK);
+	}
 	fdp->fd_refcnt = 1;
 	fdp->fd_ofiles = fdp->fd_dfiles;
 	fdp->fd_nfiles = NDFILE;
 	fdp->fd_himap = fdp->fd_dhimap;
 	fdp->fd_lomap = fdp->fd_dlomap;
 	KASSERT(fdp->fd_lastfile == -1);
 	KASSERT(fdp->fd_lastkqfile == -1);
 	KASSERT(fdp->fd_knhash == NULL);
 	memset(&fdp->fd_startzero, 0, sizeof(*fdp) -
 	    offsetof(filedesc_t, fd_startzero));
 	for (fd = 0; fd < NDFDFILE; fd++) {
 		fdp->fd_ofiles[fd] = (fdfile_t *)fdp->fd_dfdfile[fd];
+	}
 	return fdp;
+}
 /*
  * Initialize a file descriptor table.
  */
 static int
 filedesc_ctor(void *arg, void *obj, int flag)
+{
 	filedesc_t *fdp = obj;
 	int i;
 	memset(fdp, 0, sizeof(*fdp));
 	mutex_init(&fdp->fd_lock, MUTEX_DEFAULT, IPL_NONE);
 	fdp->fd_lastfile = -1;
 	fdp->fd_lastkqfile = -1;
 	CTASSERT(sizeof(fdp->fd_dfdfile[0]) >= sizeof(fdfile_t));
 	for (i = 0; i < NDFDFILE; i++) {
 		fdfile_ctor(NULL, fdp->fd_dfdfile[i], PR_WAITOK);
+	}
 	return 0;
+}
 static void
 filedesc_dtor(void *arg, void *obj)
+{
 	filedesc_t *fdp = obj;
 	int i;
 	for (i = 0; i < NDFDFILE; i++) {
 		fdfile_dtor(NULL, fdp->fd_dfdfile[i]);
+	}
 	mutex_destroy(&fdp->fd_lock);
+}
 /*
  * Make p2 share p1's filedesc structure.
  */
 void
 fd_share(struct proc *p2)
+{
 	filedesc_t *fdp;
 	fdp = curlwp->l_fd;
 	p2->p_fd = fdp;
 	atomic_inc_uint(&fdp->fd_refcnt);
+}
 /*
  * Copy a filedesc structure.
  */
 filedesc_t *
 fd_copy(void)
+{
 	filedesc_t *newfdp, *fdp;
 	fdfile_t *ff, *fflist, **ffp, **nffp, *ff2;
 	int i, nused, numfiles, lastfile, j, newlast;
 	file_t *fp;
 	fdp = curproc->p_fd;
 	newfdp = pool_cache_get(filedesc_cache, PR_WAITOK);
 	newfdp->fd_refcnt = 1;
 	KASSERT(newfdp->fd_knhash == NULL);
 	KASSERT(newfdp->fd_knhashmask == 0);
 	KASSERT(newfdp->fd_discard == NULL);
 	for (;;) {
 		numfiles = fdp->fd_nfiles;
 		lastfile = fdp->fd_lastfile;
 		/*
 		 * If the number of open files fits in the internal arrays
 		 * of the open file structure, use them, otherwise allocate
 		 * additional memory for the number of descriptors currently
 		 * in use.
 		 */
 		if (lastfile < NDFILE) {
 			i = NDFILE;
 			newfdp->fd_ofiles = newfdp->fd_dfiles;
 		} else {
 			/*
 			 * Compute the smallest multiple of NDEXTENT needed
 			 * for the file descriptors currently in use,
 			 * allowing the table to shrink.
 			 */
 			i = numfiles;
 			while (i >= 2 * NDEXTENT && i > lastfile * 2) {
 				i /= 2;
+			}
 			newfdp->fd_ofiles = fd_ofile_alloc(i);
 			KASSERT(i > NDFILE);
+		}
 		if (NDHISLOTS(i) <= NDHISLOTS(NDFILE)) {
 			newfdp->fd_himap = newfdp->fd_dhimap;
 			newfdp->fd_lomap = newfdp->fd_dlomap;
 		} else {
 			fd_map_alloc(i, &newfdp->fd_lomap,
 			    &newfdp->fd_himap);
+		}
 		/*
 		 * Allocate and string together fdfile structures.
 		 * We abuse fdfile_t::ff_file here, but it will be
 		 * cleared before this routine returns.
 		 */
 		nused = fdp->fd_nused;
 		fflist = NULL;
 		for (j = nused; j != 0; j--) {
 			ff = pool_cache_get(fdfile_cache, PR_WAITOK);
 			ff->ff_file = (void *)fflist;
 			fflist = ff;
+		}
 		mutex_enter(&fdp->fd_lock);
 		if (numfiles == fdp->fd_nfiles && nused == fdp->fd_nused &&
 		    lastfile == fdp->fd_lastfile) {
 			break;
+		}
 		mutex_exit(&fdp->fd_lock);
 		if (i > NDFILE) {
 			fd_ofile_free(i, newfdp->fd_ofiles);
+		}
 		if (NDHISLOTS(i) > NDHISLOTS(NDFILE)) {
 			fd_map_free(i, newfdp->fd_lomap, newfdp->fd_himap);
+		}
 		while (fflist != NULL) {
 			ff = fflist;
 			fflist = (void *)ff->ff_file;
 			ff->ff_file = NULL;
 			pool_cache_put(fdfile_cache, ff);
+		}
+	}
 	newfdp->fd_nfiles = i;
 	newfdp->fd_freefile = fdp->fd_freefile;
 	newfdp->fd_exclose = fdp->fd_exclose;
 	/*
 	 * Clear the entries that will not be copied over.
 	 * Avoid calling memset with 0 size.
 	 */
 	if (lastfile < (i-1)) {
 		memset(newfdp->fd_ofiles + lastfile + 1, 0,
 		    (i - lastfile - 1) * sizeof(file_t **));
+	}
 	if (i < NDENTRIES * NDENTRIES) {
 		i = NDENTRIES * NDENTRIES; /* size of inlined bitmaps */
+	}
 	memcpy(newfdp->fd_himap, fdp->fd_himap, NDHISLOTS(i)*sizeof(uint32_t));
 	memcpy(newfdp->fd_lomap, fdp->fd_lomap, NDLOSLOTS(i)*sizeof(uint32_t));
 	ffp = fdp->fd_ofiles;
 	nffp = newfdp->fd_ofiles;
 	j = imax(lastfile, (NDFDFILE - 1));
 	newlast = -1;
 	KASSERT(j < fdp->fd_nfiles);
 	for (i = 0; i <= j; i++, ffp++, *nffp++ = ff2) {
 		ff = *ffp;
 		/* Install built-in fdfiles even if unused here. */
 		if (i < NDFDFILE) {
 			ff2 = (fdfile_t *)newfdp->fd_dfdfile[i];
 		} else {
 			ff2 = NULL;
+		}
 		/* Determine if descriptor is active in parent. */
 		if (ff == NULL || !fd_isused(fdp, i)) {
 			KASSERT(ff != NULL || i >= NDFDFILE);
 			continue;
+		}
 		mutex_enter(&ff->ff_lock);
 		fp = ff->ff_file;
 		if (fp == NULL) {
 			/* Descriptor is half-open: free slot. */
 			fd_zap(newfdp, i);
 			mutex_exit(&ff->ff_lock);
 			continue;
+		}
 		if (fp->f_type == DTYPE_KQUEUE) {
 			/* kqueue descriptors cannot be copied. */
 			fd_zap(newfdp, i);
 			mutex_exit(&ff->ff_lock);
 			continue;
+		}
 		/* It's active: add a reference to the file. */
 		mutex_enter(&fp->f_lock);
 		fp->f_count++;
 		mutex_exit(&fp->f_lock);
 		/* Consume one fdfile_t to represent it. */
 		if (i >= NDFDFILE) {
 			ff2 = fflist;
 			fflist = (void *)ff2->ff_file;
+		}
 		ff2->ff_file = fp;
 		ff2->ff_exclose = ff->ff_exclose;
 		ff2->ff_allocated = true;
 		mutex_exit(&ff->ff_lock);
 		if (i > newlast) {
 			newlast = i;
+		}
+	}
 	mutex_exit(&fdp->fd_lock);
 	/* Discard unused fdfile_t structures. */
 	while (__predict_false(fflist != NULL)) {
 		ff = fflist;
 		fflist = (void *)ff->ff_file;
 		ff->ff_file = NULL;
 		pool_cache_put(fdfile_cache, ff);
 		nused--;
+	}
 	KASSERT(nused >= 0);
 	KASSERT(newfdp->fd_ofiles[0] == (fdfile_t *)newfdp->fd_dfdfile[0]);
 	newfdp->fd_nused = nused;
 	newfdp->fd_lastfile = newlast;
 	return (newfdp);
+}
 /*
  * Release a filedesc structure.
  */
 void
 fd_free(void)
+{
 	filedesc_t *fdp;
 	fdfile_t *ff;
 	file_t *fp;
 	int fd, lastfd;
 	void **discard;
 	fdp = curlwp->l_fd;
 	KASSERT(fdp->fd_ofiles[0] == (fdfile_t *)fdp->fd_dfdfile[0]);
 	if (atomic_dec_uint_nv(&fdp->fd_refcnt) > 0)
 		return;
 	/*
 	 * Close any files that the process holds open.
 	 */
 	for (fd = 0, lastfd = fdp->fd_nfiles - 1; fd <= lastfd; fd++) {
 		ff = fdp->fd_ofiles[fd];
 		KASSERT(fd >= NDFDFILE ||
 		    ff == (fdfile_t *)fdp->fd_dfdfile[fd]);
 		if ((ff = fdp->fd_ofiles[fd]) == NULL)
 			continue;
 		if ((fp = ff->ff_file) != NULL) {
 			/*
 			 * Must use fd_close() here as kqueue holds
 			 * long term references to descriptors.
 			 */
 			ff->ff_refcnt++;
 			fd_close(fd);
+		}
 		KASSERT(ff->ff_refcnt == 0);
 		KASSERT(ff->ff_file == NULL);
 		KASSERT(!ff->ff_exclose);
 		KASSERT(!ff->ff_allocated);
 		if (fd >= NDFDFILE) {
 			pool_cache_put(fdfile_cache, ff);
+		}
+	}
 	/*
 	 * Clean out the descriptor table for the next user and return
 	 * to the cache.
 	 */
 	while ((discard = fdp->fd_discard) != NULL) {
 		fdp->fd_discard = discard[0];
 		kmem_free(discard, (uintptr_t)discard[1]);
+	}
 	if (NDHISLOTS(fdp->fd_nfiles) > NDHISLOTS(NDFILE)) {
 		KASSERT(fdp->fd_himap != fdp->fd_dhimap);
 		KASSERT(fdp->fd_lomap != fdp->fd_dlomap);
 		fd_map_free(fdp->fd_nfiles, fdp->fd_lomap, fdp->fd_himap);
+	}
 	if (fdp->fd_nfiles > NDFILE) {
 		KASSERT(fdp->fd_ofiles != fdp->fd_dfiles);
 		fd_ofile_free(fdp->fd_nfiles, fdp->fd_ofiles);
+	}
 	if (fdp->fd_knhash != NULL) {
 		hashdone(fdp->fd_knhash, HASH_LIST, fdp->fd_knhashmask);
 		fdp->fd_knhash = NULL;
 		fdp->fd_knhashmask = 0;
 	} else {
 		KASSERT(fdp->fd_knhashmask == 0);
+	}
 	fdp->fd_lastkqfile = -1;
 	pool_cache_put(filedesc_cache, fdp);
+}
 /*
  * File Descriptor pseudo-device driver (/dev/fd/).
+ *
  * Opening minor device N dup()s the file (if any) connected to file
  * descriptor N belonging to the calling process.  Note that this driver
  * consists of only the ``open()'' routine, because all subsequent
  * references to this file will be direct to the other driver.
  */
 static int
 filedescopen(dev_t dev, int mode, int type, lwp_t *l)
+{
 	/*
 	 * XXX Kludge: set dupfd to contain the value of the
 	 * the file descriptor being sought for duplication. The error
 	 * return ensures that the vnode for this device will be released
 	 * by vn_open. Open will detect this special error and take the
 	 * actions in dupfdopen below. Other callers of vn_open or VOP_OPEN
 	 * will simply report the error.
 	 */
 	l->l_dupfd = minor(dev);	/* XXX */
 	return EDUPFD;
+}
 /*
  * Duplicate the specified descriptor to a free descriptor.
  */
 int
 fd_dupopen(int old, int *new, int mode, int error)
+{
 	filedesc_t *fdp;
 	fdfile_t *ff;
 	file_t *fp;
 	if ((fp = fd_getfile(old)) == NULL) {
 		return EBADF;
+	}
 	fdp = curlwp->l_fd;
 	ff = fdp->fd_ofiles[old];
 	/*
 	 * There are two cases of interest here.
+	 *
 	 * For EDUPFD simply dup (dfd) to file descriptor
 	 * (indx) and return.
+	 *
 	 * For EMOVEFD steal away the file structure from (dfd) and
 	 * store it in (indx).  (dfd) is effectively closed by
 	 * this operation.
+	 *
 	 * Any other error code is just returned.
 	 */
 	switch (error) {
 	case EDUPFD:
 		/*
 		 * Check that the mode the file is being opened for is a
 		 * subset of the mode of the existing descriptor.
 		 */
 		if (((mode & (FREAD|FWRITE)) | fp->f_flag) != fp->f_flag) {
 			error = EACCES;
 			break;
+		}
 		/* Copy it. */
 		error = fd_dup(fp, 0, new, fdp->fd_ofiles[old]->ff_exclose);
 		break;
 	case EMOVEFD:
 		/* Copy it. */
 		error = fd_dup(fp, 0, new, fdp->fd_ofiles[old]->ff_exclose);
 		if (error != 0) {
 			break;
+		}
 		/* Steal away the file pointer from 'old'. */
 		(void)fd_close(old);
 		return 0;
+	}
 	fd_putfile(old);
 	return error;
+}
 /*
  * Close open files on exec.
  */
 void
 fd_closeexec(void)
+{
 	struct cwdinfo *cwdi;
 	proc_t *p;
 	filedesc_t *fdp;
 	fdfile_t *ff;
 	lwp_t *l;
 	int fd;
 	l = curlwp;
 	p = l->l_proc;
 	fdp = p->p_fd;
 	cwdi = p->p_cwdi;
 	if (cwdi->cwdi_refcnt > 1) {
 		cwdi = cwdinit();
 		cwdfree(p->p_cwdi);
 		p->p_cwdi = cwdi;
+	}
 	if (p->p_cwdi->cwdi_edir) {
 		vrele(p->p_cwdi->cwdi_edir);
+	}
 	if (fdp->fd_refcnt > 1) {
 		fdp = fd_copy();
 		fd_free();
 		p->p_fd = fdp;
 		l->l_fd = fdp;
+	}
 	if (!fdp->fd_exclose) {
 		return;
+	}
 	fdp->fd_exclose = false;
 	for (fd = 0; fd <= fdp->fd_lastfile; fd++) {
 		if ((ff = fdp->fd_ofiles[fd]) == NULL) {
 			KASSERT(fd >= NDFDFILE);
 			continue;
+		}
 		KASSERT(fd >= NDFDFILE ||
 		    ff == (fdfile_t *)fdp->fd_dfdfile[fd]);
 		if (ff->ff_file == NULL)
 			continue;
 		if (ff->ff_exclose) {
 			/*
 			 * We need a reference to close the file.
 			 * No other threads can see the fdfile_t at
 			 * this point, so don't bother locking.
 			 */
 			KASSERT((ff->ff_refcnt & FR_CLOSING) == 0);
 			ff->ff_refcnt++;
 			fd_close(fd);
+		}
+	}
+}
 /*
  * It is unsafe for set[ug]id processes to be started with file
  * descriptors 0..2 closed, as these descriptors are given implicit
  * significance in the Standard C library.  fdcheckstd() will create a
  * descriptor referencing /dev/null for each of stdin, stdout, and
  * stderr that is not already open.
  */
 #define CHECK_UPTO 3
 int
 fd_checkstd(void)
+{
 	struct proc *p;
 	struct nameidata nd;
 	filedesc_t *fdp;
 	file_t *fp;
 	struct proc *pp;
 	int fd, i, error, flags = FREAD|FWRITE;
 	char closed[CHECK_UPTO * 3 + 1], which[3 + 1];
 	p = curproc;
 	closed[0] = '\0';
 	if ((fdp = p->p_fd) == NULL)
 		return (0);
 	for (i = 0; i < CHECK_UPTO; i++) {
 		KASSERT(i >= NDFDFILE ||
 		    fdp->fd_ofiles[i] == (fdfile_t *)fdp->fd_dfdfile[i]);
 		if (fdp->fd_ofiles[i]->ff_file != NULL)
 			continue;
 		snprintf(which, sizeof(which), ",%d", i);
 		strlcat(closed, which, sizeof(closed));
 		if ((error = fd_allocfile(&fp, &fd)) != 0)
 			return (error);
 		KASSERT(fd < CHECK_UPTO);
 		NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, "/dev/null");
 		if ((error = vn_open(&nd, flags, 0)) != 0) {
 			fd_abort(p, fp, fd);
 			return (error);
+		}
 		fp->f_data = nd.ni_vp;
 		fp->f_flag = flags;
 		fp->f_ops = &vnops;
 		fp->f_type = DTYPE_VNODE;
 		VOP_UNLOCK(nd.ni_vp, 0);
 		fd_affix(p, fp, fd);
+	}
 	if (closed[0] != '\0') {
 		mutex_enter(proc_lock);
 		pp = p->p_pptr;
 		mutex_enter(pp->p_lock);
 		log(LOG_WARNING, "set{u,g}id pid %d (%s) "
 		    "was invoked by uid %d ppid %d (%s) "
 		    "with fd %s closed\n",
 		    p->p_pid, p->p_comm, kauth_cred_geteuid(pp->p_cred),
 		    pp->p_pid, pp->p_comm, &closed[1]);
 		mutex_exit(pp->p_lock);
 		mutex_exit(proc_lock);
+	}
 	return (0);
+}
 #undef CHECK_UPTO
 /*
  * Sets descriptor owner. If the owner is a process, 'pgid'
  * is set to positive value, process ID. If the owner is process group,
  * 'pgid' is set to -pg_id.
  */
 int
 fsetown(pid_t *pgid, u_long cmd, const void *data)
+{
 	int id = *(const int *)data;
 	int error;
 	switch (cmd) {
 	case TIOCSPGRP:
 		if (id < 0)
 			return (EINVAL);
 		id = -id;
 		break;
 	default:
 		break;
+	}
 	if (id > 0 && !pfind(id))
 		return (ESRCH);
 	else if (id < 0 && (error = pgid_in_session(curproc, -id)))
 		return (error);
 	*pgid = id;
 	return (0);
+}
 /*
  * Return descriptor owner information. If the value is positive,
  * it's process ID. If it's negative, it's process group ID and
  * needs the sign removed before use.
  */
 int
 fgetown(pid_t pgid, u_long cmd, void *data)
+{
 	switch (cmd) {
 	case TIOCGPGRP:
 		*(int *)data = -pgid;
 		break;
 	default:
 		*(int *)data = pgid;
 		break;
+	}
 	return (0);
+}
 /*
  * Send signal to descriptor owner, either process or process group.
  */
 void
 fownsignal(pid_t pgid, int signo, int code, int band, void *fdescdata)
+{
 	struct proc *p1;
 	struct pgrp *pgrp;
 	ksiginfo_t ksi;
 	KASSERT(!cpu_intr_p());
 	KSI_INIT(&ksi);
 	ksi.ksi_signo = signo;
 	ksi.ksi_code = code;
 	ksi.ksi_band = band;
 	mutex_enter(proc_lock);
 	if (pgid > 0 && (p1 = p_find(pgid, PFIND_LOCKED)))
 		kpsignal(p1, &ksi, fdescdata);
 	else if (pgid < 0 && (pgrp = pg_find(-pgid, PFIND_LOCKED)))
 		kpgsignal(pgrp, &ksi, fdescdata, 0);
 	mutex_exit(proc_lock);
+}
 int
 fd_clone(file_t *fp, unsigned fd, int flag, const struct fileops *fops,
 	 void *data)
+{
 	fp->f_flag = flag;
 	fp->f_type = DTYPE_MISC;
 	fp->f_ops = fops;
 	fp->f_data = data;
 	curlwp->l_dupfd = fd;
 	fd_affix(curproc, fp, fd);
 	return EMOVEFD;
+}
 int
 fnullop_fcntl(file_t *fp, u_int cmd, void *data)
+{
 	if (cmd == F_SETFL)
 		return 0;
 	return EOPNOTSUPP;
+}
 int
 fnullop_poll(file_t *fp, int which)
+{
 	return 0;
+}
 int
 fnullop_kqfilter(file_t *fp, struct knote *kn)
+{
 	return 0;
+}
 int
 fbadop_read(file_t *fp, off_t *offset, struct uio *uio,
 	    kauth_cred_t cred, int flags)
+{
 	return EOPNOTSUPP;
+}
 int
 fbadop_write(file_t *fp, off_t *offset, struct uio *uio,
 	     kauth_cred_t cred, int flags)
+{
 	return EOPNOTSUPP;
+}
 int
 fbadop_ioctl(file_t *fp, u_long com, void *data)
+{
 	return EOPNOTSUPP;
+}
 int
 fbadop_stat(file_t *fp, struct stat *sb)
+{
 	return EOPNOTSUPP;
+}
 int
 fbadop_close(file_t *fp)
+{
 	return EOPNOTSUPP;
+}

 @@ -1,1690 +1,1752 @@
-/*	$NetBSD: uipc_usrreq.c,v 1.119.4.1 2009/02/16 03:31:13 snj Exp $	*/
+/*	$NetBSD: uipc_usrreq.c,v 1.119.4.2 2009/03/18 05:33:23 snj Exp $	*/
 /*-
- * Copyright (c) 1998, 2000, 2004, 2008 The NetBSD Foundation, Inc.
+ * Copyright (c) 1998, 2000, 2004, 2008, 2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
- * NASA Ames Research Center.
+ * NASA Ames Research Center, and by Andrew Doran.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1982, 1986, 1989, 1991, 1993
  *	The Regents of the University of California.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)uipc_usrreq.c	8.9 (Berkeley) 5/14/95
  */
 /*
  * Copyright (c) 1997 Christopher G. Demetriou.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
  *	This product includes software developed by the University of
  *	California, Berkeley and its contributors.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)uipc_usrreq.c	8.9 (Berkeley) 5/14/95
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.119.4.1 2009/02/16 03:31:13 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.119.4.2 2009/03/18 05:33:23 snj Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/proc.h>
 #include <sys/filedesc.h>
 #include <sys/domain.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/unpcb.h>
 #include <sys/un.h>
 #include <sys/namei.h>
 #include <sys/vnode.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <sys/mbuf.h>
 #include <sys/kauth.h>
 #include <sys/kmem.h>
 #include <sys/atomic.h>
 #include <sys/uidinfo.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
 /*
  * Unix communications domain.
+ *
  * TODO:
  *	SEQPACKET, RDM
  *	rethink name space problems
  *	need a proper out-of-band
+ *
  * Notes on locking:
+ *
  * The generic rules noted in uipc_socket2.c apply.  In addition:
+ *
  * o We have a global lock, uipc_lock.
+ *
  * o All datagram sockets are locked by uipc_lock.
+ *
  * o For stream socketpairs, the two endpoints are created sharing the same
  *   independent lock.  Sockets presented to PRU_CONNECT2 must already have
  *   matching locks.
+ *
  * o Stream sockets created via socket() start life with their own
  *   independent lock.
+ *
  * o Stream connections to a named endpoint are slightly more complicated.
  *   Sockets that have called listen() have their lock pointer mutated to
  *   the global uipc_lock.  When establishing a connection, the connecting
  *   socket also has its lock mutated to uipc_lock, which matches the head
  *   (listening socket).  We create a new socket for accept() to return, and
  *   that also shares the head's lock.  Until the connection is completely
  *   done on both ends, all three sockets are locked by uipc_lock.  Once the
  *   connection is complete, the association with the head's lock is broken.
  *   The connecting socket and the socket returned from accept() have their
  *   lock pointers mutated away from uipc_lock, and back to the connecting
  *   socket's original, independent lock.  The head continues to be locked
  *   by uipc_lock.
+ *
  * o If uipc_lock is determined to be a significant source of contention,
  *   it could easily be hashed out.  It is difficult to simply make it an
  *   independent lock because of visibility / garbage collection issues:
  *   if a socket has been associated with a lock at any point, that lock
  *   must remain valid until the socket is no longer visible in the system.
  *   The lock must not be freed or otherwise destroyed until any sockets
  *   that had referenced it have also been destroyed.
  */
 const struct sockaddr_un sun_noname = {
 	.sun_len = sizeof(sun_noname),
 	.sun_family = AF_LOCAL,
 };
 ino_t	unp_ino;			/* prototype for fake inode numbers */
 struct mbuf *unp_addsockcred(struct lwp *, struct mbuf *);
 static void unp_mark(file_t *);
 static void unp_scan(struct mbuf *, void (*)(file_t *), int);
 static void unp_discard_now(file_t *);
 static void unp_discard_later(file_t *);
 static void unp_thread(void *);
 static void unp_thread_kick(void);
 static kmutex_t *uipc_lock;
 static kcondvar_t unp_thread_cv;
 static lwp_t *unp_thread_lwp;
 static SLIST_HEAD(,file) unp_thread_discard;
 static int unp_defer;
 /*
  * Initialize Unix protocols.
  */
 void
 uipc_init(void)
+{
 	int error;
 	uipc_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
 	cv_init(&unp_thread_cv, "unpgc");
 	error = kthread_create(PRI_NONE, KTHREAD_MPSAFE, NULL, unp_thread,
 	    NULL, &unp_thread_lwp, "unpgc");
 	if (error != 0)
 		panic("uipc_init %d", error);
+}
 /*
  * A connection succeeded: disassociate both endpoints from the head's
  * lock, and make them share their own lock.  There is a race here: for
  * a very brief time one endpoint will be locked by a different lock
  * than the other end.  However, since the current thread holds the old
  * lock (the listening socket's lock, the head) access can still only be
  * made to one side of the connection.
  */
 static void
 unp_setpeerlocks(struct socket *so, struct socket *so2)
+{
 	struct unpcb *unp;
 	kmutex_t *lock;
 	KASSERT(solocked2(so, so2));
 	/*
 	 * Bail out if either end of the socket is not yet fully
 	 * connected or accepted.  We only break the lock association
 	 * with the head when the pair of sockets stand completely
 	 * on their own.
 	 */
 	if (so->so_head != NULL || so2->so_head != NULL)
 		return;
 	/*
 	 * Drop references to old lock.  A third reference (from the
 	 * queue head) must be held as we still hold its lock.  Bonus:
 	 * we don't need to worry about garbage collecting the lock.
 	 */
 	lock = so->so_lock;
 	KASSERT(lock == uipc_lock);
 	mutex_obj_free(lock);
 	mutex_obj_free(lock);
 	/*
 	 * Grab stream lock from the initiator and share between the two
 	 * endpoints.  Issue memory barrier to ensure all modifications
 	 * become globally visible before the lock change.  so2 is
 	 * assumed not to have a stream lock, because it was created
 	 * purely for the server side to accept this connection and
 	 * started out life using the domain-wide lock.
 	 */
 	unp = sotounpcb(so);
 	KASSERT(unp->unp_streamlock != NULL);
 	KASSERT(sotounpcb(so2)->unp_streamlock == NULL);
 	lock = unp->unp_streamlock;
 	unp->unp_streamlock = NULL;
 	mutex_obj_hold(lock);
 	membar_exit();
 	solockreset(so, lock);
 	solockreset(so2, lock);
+}
 /*
  * Reset a socket's lock back to the domain-wide lock.
  */
 static void
 unp_resetlock(struct socket *so)
+{
 	kmutex_t *olock, *nlock;
 	struct unpcb *unp;
 	KASSERT(solocked(so));
 	olock = so->so_lock;
 	nlock = uipc_lock;
 	if (olock == nlock)
 		return;
 	unp = sotounpcb(so);
 	KASSERT(unp->unp_streamlock == NULL);
 	unp->unp_streamlock = olock;
 	mutex_obj_hold(nlock);
 	mutex_enter(nlock);
 	solockreset(so, nlock);
 	mutex_exit(olock);
+}
 static void
 unp_free(struct unpcb *unp)
+{
 	if (unp->unp_addr)
 		free(unp->unp_addr, M_SONAME);
 	if (unp->unp_streamlock != NULL)
 		mutex_obj_free(unp->unp_streamlock);
 	free(unp, M_PCB);
+}
 int
 unp_output(struct mbuf *m, struct mbuf *control, struct unpcb *unp,
 	struct lwp *l)
+{
 	struct socket *so2;
 	const struct sockaddr_un *sun;
 	so2 = unp->unp_conn->unp_socket;
 	KASSERT(solocked(so2));
 	if (unp->unp_addr)
 		sun = unp->unp_addr;
 	else
 		sun = &sun_noname;
 	if (unp->unp_conn->unp_flags & UNP_WANTCRED)
 		control = unp_addsockcred(l, control);
 	if (sbappendaddr(&so2->so_rcv, (const struct sockaddr *)sun, m,
 	    control) == 0) {
 		so2->so_rcv.sb_overflowed++;
 	    	sounlock(so2);
 		unp_dispose(control);
 		m_freem(control);
 		m_freem(m);
 	    	solock(so2);
 		return (ENOBUFS);
 	} else {
 		sorwakeup(so2);
 		return (0);
+	}
+}
 void
 unp_setaddr(struct socket *so, struct mbuf *nam, bool peeraddr)
+{
 	const struct sockaddr_un *sun;
 	struct unpcb *unp;
 	bool ext;
 	unp = sotounpcb(so);
 	ext = false;
 	for (;;) {
 		sun = NULL;
 		if (peeraddr) {
 			if (unp->unp_conn && unp->unp_conn->unp_addr)
 				sun = unp->unp_conn->unp_addr;
 		} else {
 			if (unp->unp_addr)
 				sun = unp->unp_addr;
+		}
 		if (sun == NULL)
 			sun = &sun_noname;
 		nam->m_len = sun->sun_len;
 		if (nam->m_len > MLEN && !ext) {
 			sounlock(so);
 			MEXTMALLOC(nam, MAXPATHLEN * 2, M_WAITOK);
 			solock(so);
 			ext = true;
 		} else {
 			KASSERT(nam->m_len <= MAXPATHLEN * 2);
 			memcpy(mtod(nam, void *), sun, (size_t)nam->m_len);
 			break;
+		}
+	}
+}
 /*ARGSUSED*/
 int
 uipc_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
 	struct mbuf *control, struct lwp *l)
+{
 	struct unpcb *unp = sotounpcb(so);
 	struct socket *so2;
 	struct proc *p;
 	u_int newhiwat;
 	int error = 0;
 	if (req == PRU_CONTROL)
 		return (EOPNOTSUPP);
 #ifdef DIAGNOSTIC
 	if (req != PRU_SEND && req != PRU_SENDOOB && control)
 		panic("uipc_usrreq: unexpected control mbuf");
 #endif
 	p = l ? l->l_proc : NULL;
 	if (req != PRU_ATTACH) {
 		if (unp == 0) {
 			error = EINVAL;
 			goto release;
+		}
 		KASSERT(solocked(so));
+	}
 	switch (req) {
 	case PRU_ATTACH:
 		if (unp != 0) {
 			error = EISCONN;
 			break;
+		}
 		error = unp_attach(so);
 		break;
 	case PRU_DETACH:
 		unp_detach(unp);
 		break;
 	case PRU_BIND:
 		KASSERT(l != NULL);
 		error = unp_bind(so, nam, l);
 		break;
 	case PRU_LISTEN:
 		/*
 		 * If the socket can accept a connection, it must be
 		 * locked by uipc_lock.
 		 */
 		unp_resetlock(so);
 		if (unp->unp_vnode == 0)
 			error = EINVAL;
 		break;
 	case PRU_CONNECT:
 		KASSERT(l != NULL);
 		error = unp_connect(so, nam, l);
 		break;
 	case PRU_CONNECT2:
 		error = unp_connect2(so, (struct socket *)nam, PRU_CONNECT2);
 		break;
 	case PRU_DISCONNECT:
 		unp_disconnect(unp);
 		break;
 	case PRU_ACCEPT:
 		KASSERT(so->so_lock == uipc_lock);
 		/*
 		 * Mark the initiating STREAM socket as connected *ONLY*
 		 * after it's been accepted.  This prevents a client from
 		 * overrunning a server and receiving ECONNREFUSED.
 		 */
 		if (unp->unp_conn == NULL)
 			break;
 		so2 = unp->unp_conn->unp_socket;
 		if (so2->so_state & SS_ISCONNECTING) {
 			KASSERT(solocked2(so, so->so_head));
 			KASSERT(solocked2(so2, so->so_head));
 			soisconnected(so2);
+		}
 		/*
 		 * If the connection is fully established, break the
 		 * association with uipc_lock and give the connected
 		 * pair a seperate lock to share.
 		 */
 		unp_setpeerlocks(so2, so);
 		/*
 		 * Only now return peer's address, as we may need to
 		 * block in order to allocate memory.
+		 *
 		 * XXX Minor race: connection can be broken while
 		 * lock is dropped in unp_setaddr().  We will return
 		 * error == 0 and sun_noname as the peer address.
 		 */
 		unp_setaddr(so, nam, true);
 		break;
 	case PRU_SHUTDOWN:
 		socantsendmore(so);
 		unp_shutdown(unp);
 		break;
 	case PRU_RCVD:
 		switch (so->so_type) {
 		case SOCK_DGRAM:
 			panic("uipc 1");
 			/*NOTREACHED*/
 		case SOCK_STREAM:
 #define	rcv (&so->so_rcv)
 #define snd (&so2->so_snd)
 			if (unp->unp_conn == 0)
 				break;
 			so2 = unp->unp_conn->unp_socket;
 			KASSERT(solocked2(so, so2));
 			/*
 			 * Adjust backpressure on sender
 			 * and wakeup any waiting to write.
 			 */
 			snd->sb_mbmax += unp->unp_mbcnt - rcv->sb_mbcnt;
 			unp->unp_mbcnt = rcv->sb_mbcnt;
 			newhiwat = snd->sb_hiwat + unp->unp_cc - rcv->sb_cc;
 			(void)chgsbsize(so2->so_uidinfo,
 			    &snd->sb_hiwat, newhiwat, RLIM_INFINITY);
 			unp->unp_cc = rcv->sb_cc;
 			sowwakeup(so2);
 #undef snd
 #undef rcv
 			break;
 		default:
 			panic("uipc 2");
+		}
 		break;
 	case PRU_SEND:
 		/*
 		 * Note: unp_internalize() rejects any control message
 		 * other than SCM_RIGHTS, and only allows one.  This
 		 * has the side-effect of preventing a caller from
 		 * forging SCM_CREDS.
 		 */
 		if (control) {
 			sounlock(so);
 			error = unp_internalize(&control);
 			solock(so);
 			if (error != 0) {
 				m_freem(control);
 				m_freem(m);
 				break;
+			}
+		}
 		switch (so->so_type) {
 		case SOCK_DGRAM: {
 			KASSERT(so->so_lock == uipc_lock);
 			if (nam) {
 				if ((so->so_state & SS_ISCONNECTED) != 0)
 					error = EISCONN;
 				else {
 					/*
 					 * Note: once connected, the
 					 * socket's lock must not be
 					 * dropped until we have sent
 					 * the message and disconnected.
 					 * This is necessary to prevent
 					 * intervening control ops, like
 					 * another connection.
 					 */
 					error = unp_connect(so, nam, l);
+				}
 			} else {
 				if ((so->so_state & SS_ISCONNECTED) == 0)
 					error = ENOTCONN;
+			}
 			if (error) {
 				sounlock(so);
 				unp_dispose(control);
 				m_freem(control);
 				m_freem(m);
 				solock(so);
 				break;
+			}
 			KASSERT(p != NULL);
 			error = unp_output(m, control, unp, l);
 			if (nam)
 				unp_disconnect(unp);
 			break;
+		}
 		case SOCK_STREAM:
 #define	rcv (&so2->so_rcv)
 #define	snd (&so->so_snd)
 			if (unp->unp_conn == NULL) {
 				error = ENOTCONN;
 				break;
+			}
 			so2 = unp->unp_conn->unp_socket;
 			KASSERT(solocked2(so, so2));
 			if (unp->unp_conn->unp_flags & UNP_WANTCRED) {
 				/*
 				 * Credentials are passed only once on
 				 * SOCK_STREAM.
 				 */
 				unp->unp_conn->unp_flags &= ~UNP_WANTCRED;
 				control = unp_addsockcred(l, control);
+			}
 			/*
 			 * Send to paired receive port, and then reduce
 			 * send buffer hiwater marks to maintain backpressure.
 			 * Wake up readers.
 			 */
 			if (control) {
 				if (sbappendcontrol(rcv, m, control) != 0)
 					control = NULL;
 			} else
 				sbappend(rcv, m);
 			snd->sb_mbmax -=
 			    rcv->sb_mbcnt - unp->unp_conn->unp_mbcnt;
 			unp->unp_conn->unp_mbcnt = rcv->sb_mbcnt;
 			newhiwat = snd->sb_hiwat -
 			    (rcv->sb_cc - unp->unp_conn->unp_cc);
 			(void)chgsbsize(so->so_uidinfo,
 			    &snd->sb_hiwat, newhiwat, RLIM_INFINITY);
 			unp->unp_conn->unp_cc = rcv->sb_cc;
 			sorwakeup(so2);
 #undef snd
 #undef rcv
 			if (control != NULL) {
 				sounlock(so);
 				unp_dispose(control);
 				m_freem(control);
 				solock(so);
+			}
 			break;
 		default:
 			panic("uipc 4");
+		}
 		break;
 	case PRU_ABORT:
 		(void)unp_drop(unp, ECONNABORTED);
 		KASSERT(so->so_head == NULL);
 #ifdef DIAGNOSTIC
 		if (so->so_pcb == 0)
 			panic("uipc 5: drop killed pcb");
 #endif
 		unp_detach(unp);
 		break;
 	case PRU_SENSE:
 		((struct stat *) m)->st_blksize = so->so_snd.sb_hiwat;
 		if (so->so_type == SOCK_STREAM && unp->unp_conn != 0) {
 			so2 = unp->unp_conn->unp_socket;
 			KASSERT(solocked2(so, so2));
 			((struct stat *) m)->st_blksize += so2->so_rcv.sb_cc;
+		}
 		((struct stat *) m)->st_dev = NODEV;
 		if (unp->unp_ino == 0)
 			unp->unp_ino = unp_ino++;
 		((struct stat *) m)->st_atimespec =
 		    ((struct stat *) m)->st_mtimespec =
 		    ((struct stat *) m)->st_ctimespec = unp->unp_ctime;
 		((struct stat *) m)->st_ino = unp->unp_ino;
 		return (0);
 	case PRU_RCVOOB:
 		error = EOPNOTSUPP;
 		break;
 	case PRU_SENDOOB:
 		m_freem(control);
 		m_freem(m);
 		error = EOPNOTSUPP;
 		break;
 	case PRU_SOCKADDR:
 		unp_setaddr(so, nam, false);
 		break;
 	case PRU_PEERADDR:
 		unp_setaddr(so, nam, true);
 		break;
 	default:
 		panic("piusrreq");
+	}
 release:
 	return (error);
+}
 /*
  * Unix domain socket option processing.
  */
 int
 uipc_ctloutput(int op, struct socket *so, struct sockopt *sopt)
+{
 	struct unpcb *unp = sotounpcb(so);
 	int optval = 0, error = 0;
 	KASSERT(solocked(so));
 	if (sopt->sopt_level != 0) {
 		error = ENOPROTOOPT;
 	} else switch (op) {
 	case PRCO_SETOPT:
 		switch (sopt->sopt_name) {
 		case LOCAL_CREDS:
 		case LOCAL_CONNWAIT:
 			error = sockopt_getint(sopt, &optval);
 			if (error)
 				break;
 			switch (sopt->sopt_name) {
 #define	OPTSET(bit) \
 	if (optval) \
 		unp->unp_flags |= (bit); \
 	else \
 		unp->unp_flags &= ~(bit);
 			case LOCAL_CREDS:
 				OPTSET(UNP_WANTCRED);
 				break;
 			case LOCAL_CONNWAIT:
 				OPTSET(UNP_CONNWAIT);
 				break;
+			}
 			break;
 #undef OPTSET
 		default:
 			error = ENOPROTOOPT;
 			break;
+		}
 		break;
 	case PRCO_GETOPT:
 		sounlock(so);
 		switch (sopt->sopt_name) {
 		case LOCAL_PEEREID:
 			if (unp->unp_flags & UNP_EIDSVALID) {
 				error = sockopt_set(sopt,
 				    &unp->unp_connid, sizeof(unp->unp_connid));
 			} else {
 				error = EINVAL;
+			}
 			break;
 		case LOCAL_CREDS:
 #define	OPTBIT(bit)	(unp->unp_flags & (bit) ? 1 : 0)
 			optval = OPTBIT(UNP_WANTCRED);
 			error = sockopt_setint(sopt, optval);
 			break;
 #undef OPTBIT
 		default:
 			error = ENOPROTOOPT;
 			break;
+		}
 		solock(so);
 		break;
+	}
 	return (error);
+}
 /*
  * Both send and receive buffers are allocated PIPSIZ bytes of buffering
  * for stream sockets, although the total for sender and receiver is
  * actually only PIPSIZ.
  * Datagram sockets really use the sendspace as the maximum datagram size,
  * and don't really want to reserve the sendspace.  Their recvspace should
  * be large enough for at least one max-size datagram plus address.
  */
 #define	PIPSIZ	4096
 u_long	unpst_sendspace = PIPSIZ;
 u_long	unpst_recvspace = PIPSIZ;
 u_long	unpdg_sendspace = 2*1024;	/* really max datagram size */
 u_long	unpdg_recvspace = 4*1024;
-u_int	unp_rights;			/* file descriptors in flight */
+u_int	unp_rights;			/* files in flight */
 u_int	unp_rights_ratio = 2;		/* limit, fraction of maxfiles */
 int
 unp_attach(struct socket *so)
+{
 	struct unpcb *unp;
 	int error;
 	switch (so->so_type) {
 	case SOCK_STREAM:
 		if (so->so_lock == NULL) {
 			/*
 			 * XXX Assuming that no socket locks are held,
 			 * as this call may sleep.
 			 */
 			so->so_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
 			solock(so);
+		}
 		if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
 			error = soreserve(so, unpst_sendspace, unpst_recvspace);
 			if (error != 0)
 				return (error);
+		}
 		break;
 	case SOCK_DGRAM:
 		if (so->so_lock == NULL) {
 			mutex_obj_hold(uipc_lock);
 			so->so_lock = uipc_lock;
 			solock(so);
+		}
 		if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
 			error = soreserve(so, unpdg_sendspace, unpdg_recvspace);
 			if (error != 0)
 				return (error);
+		}
 		break;
 	default:
 		panic("unp_attach");
+	}
 	KASSERT(solocked(so));
 	unp = malloc(sizeof(*unp), M_PCB, M_NOWAIT);
 	if (unp == NULL)
 		return (ENOBUFS);
 	memset((void *)unp, 0, sizeof(*unp));
 	unp->unp_socket = so;
 	so->so_pcb = unp;
 	nanotime(&unp->unp_ctime);
 	return (0);
+}
 void
 unp_detach(struct unpcb *unp)
+{
 	struct socket *so;
 	vnode_t *vp;
 	so = unp->unp_socket;
  retry:
 	if ((vp = unp->unp_vnode) != NULL) {
 		sounlock(so);
 		/* Acquire v_interlock to protect against unp_connect(). */
 		/* XXXAD racy */
 		mutex_enter(&vp->v_interlock);
 		vp->v_socket = NULL;
 		vrelel(vp, 0);
 		solock(so);
 		unp->unp_vnode = NULL;
+	}
 	if (unp->unp_conn)
 		unp_disconnect(unp);
 	while (unp->unp_refs) {
 		KASSERT(solocked2(so, unp->unp_refs->unp_socket));
 		if (unp_drop(unp->unp_refs, ECONNRESET)) {
 			solock(so);
 			goto retry;
+		}
+	}
 	soisdisconnected(so);
 	so->so_pcb = NULL;
 	if (unp_rights) {
 		/*
-		 * Normally the receive buffer is flushed later,
+		 * Normally the receive buffer is flushed later, in sofree,
-		 * in sofree, but if our receive buffer holds references
+		 * but if our receive buffer holds references to files that
-		 * to descriptors that are now garbage, we will dispose
+		 * are now garbage, we will enqueue those file references to
-		 * of those descriptor references after the garbage collector
+		 * the garbage collector and kick it into action.
 		 * gets them (resulting in a "panic: closef: count < 0").
 		 */
 		sorflush(so);
 		unp_free(unp);
-		sounlock(so);
+		unp_thread_kick();
 		unp_gc();
 		solock(so);
 	} else
 		unp_free(unp);
+}
 int
 unp_bind(struct socket *so, struct mbuf *nam, struct lwp *l)
+{
 	struct sockaddr_un *sun;
 	struct unpcb *unp;
 	vnode_t *vp;
 	struct vattr vattr;
 	size_t addrlen;
 	int error;
 	struct nameidata nd;
 	proc_t *p;
 	unp = sotounpcb(so);
 	if (unp->unp_vnode != NULL)
 		return (EINVAL);
 	if ((unp->unp_flags & UNP_BUSY) != 0) {
 		/*
 		 * EALREADY may not be strictly accurate, but since this
 		 * is a major application error it's hardly a big deal.
 		 */
 		return (EALREADY);
+	}
 	unp->unp_flags |= UNP_BUSY;
 	sounlock(so);
 	/*
 	 * Allocate the new sockaddr.  We have to allocate one
 	 * extra byte so that we can ensure that the pathname
 	 * is nul-terminated.
 	 */
 	p = l->l_proc;
 	addrlen = nam->m_len + 1;
 	sun = malloc(addrlen, M_SONAME, M_WAITOK);
 	m_copydata(nam, 0, nam->m_len, (void *)sun);
 	*(((char *)sun) + nam->m_len) = '\0';
 	NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT | TRYEMULROOT, UIO_SYSSPACE,
 	    sun->sun_path);
 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */
 	if ((error = namei(&nd)) != 0)
 		goto bad;
 	vp = nd.ni_vp;
 	if (vp != NULL) {
 		VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
 		if (nd.ni_dvp == vp)
 			vrele(nd.ni_dvp);
 		else
 			vput(nd.ni_dvp);
 		vrele(vp);
 		error = EADDRINUSE;
 		goto bad;
+	}
 	VATTR_NULL(&vattr);
 	vattr.va_type = VSOCK;
 	vattr.va_mode = ACCESSPERMS & ~(p->p_cwdi->cwdi_cmask);
 	error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
 	if (error)
 		goto bad;
 	vp = nd.ni_vp;
 	solock(so);
 	vp->v_socket = unp->unp_socket;
 	unp->unp_vnode = vp;
 	unp->unp_addrlen = addrlen;
 	unp->unp_addr = sun;
 	unp->unp_connid.unp_pid = p->p_pid;
 	unp->unp_connid.unp_euid = kauth_cred_geteuid(l->l_cred);
 	unp->unp_connid.unp_egid = kauth_cred_getegid(l->l_cred);
 	unp->unp_flags |= UNP_EIDSBIND;
 	VOP_UNLOCK(vp, 0);
 	unp->unp_flags &= ~UNP_BUSY;
 	return (0);
  bad:
 	free(sun, M_SONAME);
 	solock(so);
 	unp->unp_flags &= ~UNP_BUSY;
 	return (error);
+}
 int
 unp_connect(struct socket *so, struct mbuf *nam, struct lwp *l)
+{
 	struct sockaddr_un *sun;
 	vnode_t *vp;
 	struct socket *so2, *so3;
 	struct unpcb *unp, *unp2, *unp3;
 	size_t addrlen;
 	int error;
 	struct nameidata nd;
 	unp = sotounpcb(so);
 	if ((unp->unp_flags & UNP_BUSY) != 0) {
 		/*
 		 * EALREADY may not be strictly accurate, but since this
 		 * is a major application error it's hardly a big deal.
 		 */
 		return (EALREADY);
+	}
 	unp->unp_flags |= UNP_BUSY;
 	sounlock(so);
 	/*
 	 * Allocate a temporary sockaddr.  We have to allocate one extra
 	 * byte so that we can ensure that the pathname is nul-terminated.
 	 * When we establish the connection, we copy the other PCB's
 	 * sockaddr to our own.
 	 */
 	addrlen = nam->m_len + 1;
 	sun = malloc(addrlen, M_SONAME, M_WAITOK);
 	m_copydata(nam, 0, nam->m_len, (void *)sun);
 	*(((char *)sun) + nam->m_len) = '\0';
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_SYSSPACE,
 	    sun->sun_path);
 	if ((error = namei(&nd)) != 0)
 		goto bad2;
 	vp = nd.ni_vp;
 	if (vp->v_type != VSOCK) {
 		error = ENOTSOCK;
 		goto bad;
+	}
 	if ((error = VOP_ACCESS(vp, VWRITE, l->l_cred)) != 0)
 		goto bad;
 	/* Acquire v_interlock to protect against unp_detach(). */
 	mutex_enter(&vp->v_interlock);
 	so2 = vp->v_socket;
 	if (so2 == NULL) {
 		mutex_exit(&vp->v_interlock);
 		error = ECONNREFUSED;
 		goto bad;
+	}
 	if (so->so_type != so2->so_type) {
 		mutex_exit(&vp->v_interlock);
 		error = EPROTOTYPE;
 		goto bad;
+	}
 	solock(so);
 	unp_resetlock(so);
 	mutex_exit(&vp->v_interlock);
 	if ((so->so_proto->pr_flags & PR_CONNREQUIRED) != 0) {
 		/*
 		 * This may seem somewhat fragile but is OK: if we can
 		 * see SO_ACCEPTCONN set on the endpoint, then it must
 		 * be locked by the domain-wide uipc_lock.
 		 */
 		KASSERT((so->so_options & SO_ACCEPTCONN) == 0 ||
 		    so2->so_lock == uipc_lock);
 		if ((so2->so_options & SO_ACCEPTCONN) == 0 ||
 		    (so3 = sonewconn(so2, 0)) == 0) {
 			error = ECONNREFUSED;
 			sounlock(so);
 			goto bad;
+		}
 		unp2 = sotounpcb(so2);
 		unp3 = sotounpcb(so3);
 		if (unp2->unp_addr) {
 			unp3->unp_addr = malloc(unp2->unp_addrlen,
 			    M_SONAME, M_WAITOK);
 			memcpy(unp3->unp_addr, unp2->unp_addr,
 			    unp2->unp_addrlen);
 			unp3->unp_addrlen = unp2->unp_addrlen;
+		}
 		unp3->unp_flags = unp2->unp_flags;
 		unp3->unp_connid.unp_pid = l->l_proc->p_pid;
 		unp3->unp_connid.unp_euid = kauth_cred_geteuid(l->l_cred);
 		unp3->unp_connid.unp_egid = kauth_cred_getegid(l->l_cred);
 		unp3->unp_flags |= UNP_EIDSVALID;
 		if (unp2->unp_flags & UNP_EIDSBIND) {
 			unp->unp_connid = unp2->unp_connid;
 			unp->unp_flags |= UNP_EIDSVALID;
+		}
 		so2 = so3;
+	}
 	error = unp_connect2(so, so2, PRU_CONNECT);
 	sounlock(so);
  bad:
 	vput(vp);
  bad2:
 	free(sun, M_SONAME);
 	solock(so);
 	unp->unp_flags &= ~UNP_BUSY;
 	return (error);
+}
 int
 unp_connect2(struct socket *so, struct socket *so2, int req)
+{
 	struct unpcb *unp = sotounpcb(so);
 	struct unpcb *unp2;
 	if (so2->so_type != so->so_type)
 		return (EPROTOTYPE);
 	/*
 	 * All three sockets involved must be locked by same lock:
+	 *
 	 * local endpoint (so)
 	 * remote endpoint (so2)
 	 * queue head (so->so_head, only if PR_CONNREQUIRED)
 	 */
 	KASSERT(solocked2(so, so2));
 	if (so->so_head != NULL) {
 		KASSERT(so->so_lock == uipc_lock);
 		KASSERT(solocked2(so, so->so_head));
+	}
 	unp2 = sotounpcb(so2);
 	unp->unp_conn = unp2;
 	switch (so->so_type) {
 	case SOCK_DGRAM:
 		unp->unp_nextref = unp2->unp_refs;
 		unp2->unp_refs = unp;
 		soisconnected(so);
 		break;
 	case SOCK_STREAM:
 		unp2->unp_conn = unp;
 		if (req == PRU_CONNECT &&
 		    ((unp->unp_flags | unp2->unp_flags) & UNP_CONNWAIT))
 			soisconnecting(so);
 		else
 			soisconnected(so);
 		soisconnected(so2);
 		/*
 		 * If the connection is fully established, break the
 		 * association with uipc_lock and give the connected
 		 * pair a seperate lock to share.  For CONNECT2, we
 		 * require that the locks already match (the sockets
 		 * are created that way).
 		 */
 		if (req == PRU_CONNECT)
 			unp_setpeerlocks(so, so2);
 		break;
 	default:
 		panic("unp_connect2");
+	}
 	return (0);
+}
 void
 unp_disconnect(struct unpcb *unp)
+{
 	struct unpcb *unp2 = unp->unp_conn;
 	struct socket *so;
 	if (unp2 == 0)
 		return;
 	unp->unp_conn = 0;
 	so = unp->unp_socket;
 	switch (so->so_type) {
 	case SOCK_DGRAM:
 		if (unp2->unp_refs == unp)
 			unp2->unp_refs = unp->unp_nextref;
 		else {
 			unp2 = unp2->unp_refs;
 			for (;;) {
 				KASSERT(solocked2(so, unp2->unp_socket));
 				if (unp2 == 0)
 					panic("unp_disconnect");
 				if (unp2->unp_nextref == unp)
 					break;
 				unp2 = unp2->unp_nextref;
+			}
 			unp2->unp_nextref = unp->unp_nextref;
+		}
 		unp->unp_nextref = 0;
 		so->so_state &= ~SS_ISCONNECTED;
 		break;
 	case SOCK_STREAM:
 		KASSERT(solocked2(so, unp2->unp_socket));
 		soisdisconnected(so);
 		unp2->unp_conn = 0;
 		soisdisconnected(unp2->unp_socket);
 		break;
+	}
+}
 #ifdef notdef
 unp_abort(struct unpcb *unp)
+{
 	unp_detach(unp);
+}
 #endif
 void
 unp_shutdown(struct unpcb *unp)
+{
 	struct socket *so;
 	if (unp->unp_socket->so_type == SOCK_STREAM && unp->unp_conn &&
 	    (so = unp->unp_conn->unp_socket))
 		socantrcvmore(so);
+}
 bool
 unp_drop(struct unpcb *unp, int errno)
+{
 	struct socket *so = unp->unp_socket;
 	KASSERT(solocked(so));
 	so->so_error = errno;
 	unp_disconnect(unp);
 	if (so->so_head) {
 		so->so_pcb = NULL;
 		/* sofree() drops the socket lock */
 		sofree(so);
 		unp_free(unp);
 		return true;
+	}
 	return false;
+}
 #ifdef notdef
 unp_drain(void)
+{
+}
 #endif
 int
 unp_externalize(struct mbuf *rights, struct lwp *l)
+{
 	struct cmsghdr *cm = mtod(rights, struct cmsghdr *);
 	struct proc *p = l->l_proc;
 	int i, *fdp;
 	file_t **rp;
 	file_t *fp;
 	int nfds, error = 0;
 	nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) /
 	    sizeof(file_t *);
 	rp = (file_t **)CMSG_DATA(cm);
 	fdp = malloc(nfds * sizeof(int), M_TEMP, M_WAITOK);
 	rw_enter(&p->p_cwdi->cwdi_lock, RW_READER);
-	/* Make sure the recipient should be able to see the descriptors.. */
+	/* Make sure the recipient should be able to see the files.. */
 	if (p->p_cwdi->cwdi_rdir != NULL) {
 		rp = (file_t **)CMSG_DATA(cm);
 		for (i = 0; i < nfds; i++) {
 			fp = *rp++;
 			/*
 			 * If we are in a chroot'ed directory, and
 			 * someone wants to pass us a directory, make
 			 * sure it's inside the subtree we're allowed
 			 * to access.
 			 */
 			if (fp->f_type == DTYPE_VNODE) {
 				vnode_t *vp = (vnode_t *)fp->f_data;
 				if ((vp->v_type == VDIR) &&
 				    !vn_isunder(vp, p->p_cwdi->cwdi_rdir, l)) {
 					error = EPERM;
 					break;
+				}
+			}
+		}
+	}
  restart:
 	rp = (file_t **)CMSG_DATA(cm);
 	if (error != 0) {
 		for (i = 0; i < nfds; i++) {
 			fp = *rp;
 			/*
 			 * zero the pointer before calling unp_discard,
 			 * since it may end up in unp_gc()..
 			 */
 			*rp++ = 0;
-			unp_discard(fp);
+			unp_discard_now(fp);
+		}
 		goto out;
+	}
 	/*
 	 * First loop -- allocate file descriptor table slots for the
-	 * new descriptors.
+	 * new files.
 	 */
 	for (i = 0; i < nfds; i++) {
 		fp = *rp++;
 		if ((error = fd_alloc(p, 0, &fdp[i])) != 0) {
 			/*
 			 * Back out what we've done so far.
 			 */
 			for (--i; i >= 0; i--) {
 				fd_abort(p, NULL, fdp[i]);
+			}
 			if (error == ENOSPC) {
 				fd_tryexpand(p);
 				error = 0;
 			} else {
 				/*
 				 * This is the error that has historically
 				 * been returned, and some callers may
 				 * expect it.
 				 */
 				error = EMSGSIZE;
+			}
 			goto restart;
+		}
+	}
 	/*
 	 * Now that adding them has succeeded, update all of the
-	 * descriptor passing state.
+	 * file passing state and affix the descriptors.
 	 */
 	rp = (file_t **)CMSG_DATA(cm);
 	for (i = 0; i < nfds; i++) {
 		fp = *rp++;
 		atomic_dec_uint(&unp_rights);
 		fd_affix(p, fp, fdp[i]);
 		mutex_enter(&fp->f_lock);
 		fp->f_msgcount--;
 		mutex_exit(&fp->f_lock);
 		/*
 		 * Note that fd_affix() adds a reference to the file.
 		 * The file may already have been closed by another
 		 * LWP in the process, so we must drop the reference
 		 * added by unp_internalize() with closef().
 		 */
 		closef(fp);
+	}
 	/*
 	 * Copy temporary array to message and adjust length, in case of
 	 * transition from large file_t pointers to ints.
 	 */
 	memcpy(CMSG_DATA(cm), fdp, nfds * sizeof(int));
 	cm->cmsg_len = CMSG_LEN(nfds * sizeof(int));
 	rights->m_len = CMSG_SPACE(nfds * sizeof(int));
  out:
 	rw_exit(&p->p_cwdi->cwdi_lock);
 	free(fdp, M_TEMP);
 	return (error);
+}
 int
 unp_internalize(struct mbuf **controlp)
+{
-	struct filedesc *fdescp = curlwp->l_fd;
+	filedesc_t *fdescp = curlwp->l_fd;
 	struct mbuf *control = *controlp;
 	struct cmsghdr *newcm, *cm = mtod(control, struct cmsghdr *);
 	file_t **rp, **files;
 	file_t *fp;
 	int i, fd, *fdp;
 	int nfds, error;
 	u_int maxmsg;
 	error = 0;
 	newcm = NULL;
 	/* Sanity check the control message header. */
 	if (cm->cmsg_type != SCM_RIGHTS || cm->cmsg_level != SOL_SOCKET ||
 	    cm->cmsg_len > control->m_len ||
 	    cm->cmsg_len < CMSG_ALIGN(sizeof(*cm)))
 		return (EINVAL);
 	/*
 	 * Verify that the file descriptors are valid, and acquire
 	 * a reference to each.
 	 */
 	nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof(int);
 	fdp = (int *)CMSG_DATA(cm);
 	maxmsg = maxfiles / unp_rights_ratio;
 	for (i = 0; i < nfds; i++) {
 		fd = *fdp++;
 		if (atomic_inc_uint_nv(&unp_rights) > maxmsg) {
 			atomic_dec_uint(&unp_rights);
 			nfds = i;
 			error = EAGAIN;
 			goto out;
+		}
 		if ((fp = fd_getfile(fd)) == NULL) {
 			atomic_dec_uint(&unp_rights);
 			nfds = i;
 			error = EBADF;
 			goto out;
+		}
+	}
 	/* Allocate new space and copy header into it. */
 	newcm = malloc(CMSG_SPACE(nfds * sizeof(file_t *)), M_MBUF, M_WAITOK);
 	if (newcm == NULL) {
 		error = E2BIG;
 		goto out;
+	}
 	memcpy(newcm, cm, sizeof(struct cmsghdr));
 	files = (file_t **)CMSG_DATA(newcm);
 	/*
 	 * Transform the file descriptors into file_t pointers, in
 	 * reverse order so that if pointers are bigger than ints, the
 	 * int won't get until we're done.  No need to lock, as we have
 	 * already validated the descriptors with fd_getfile().
 	 */
 	fdp = (int *)CMSG_DATA(cm) + nfds;
 	rp = files + nfds;
 	for (i = 0; i < nfds; i++) {
 		fp = fdescp->fd_ofiles[*--fdp]->ff_file;
 		KASSERT(fp != NULL);
 		mutex_enter(&fp->f_lock);
 		*--rp = fp;
 		fp->f_count++;
 		fp->f_msgcount++;
 		mutex_exit(&fp->f_lock);
 		atomic_inc_uint(&unp_rights);
+	}
  out:
  	/* Release descriptor references. */
 	fdp = (int *)CMSG_DATA(cm);
 	for (i = 0; i < nfds; i++) {
 		fd_putfile(*fdp++);
 		if (error != 0) {
 			atomic_dec_uint(&unp_rights);
+		}
+	}
 	if (error == 0) {
 		if (control->m_flags & M_EXT) {
 			m_freem(control);
 			*controlp = control = m_get(M_WAIT, MT_CONTROL);
+		}
 		MEXTADD(control, newcm, CMSG_SPACE(nfds * sizeof(file_t *)),
 		    M_MBUF, NULL, NULL);
 		cm = newcm;
 		/*
 		 * Adjust message & mbuf to note amount of space
 		 * actually used.
 		 */
 		cm->cmsg_len = CMSG_LEN(nfds * sizeof(file_t *));
 		control->m_len = CMSG_SPACE(nfds * sizeof(file_t *));
+	}
 	return error;
+}
 struct mbuf *
 unp_addsockcred(struct lwp *l, struct mbuf *control)
+{
 	struct cmsghdr *cmp;
 	struct sockcred *sc;
 	struct mbuf *m, *n;
 	int len, space, i;
 	len = CMSG_LEN(SOCKCREDSIZE(kauth_cred_ngroups(l->l_cred)));
 	space = CMSG_SPACE(SOCKCREDSIZE(kauth_cred_ngroups(l->l_cred)));
 	m = m_get(M_WAIT, MT_CONTROL);
 	if (space > MLEN) {
 		if (space > MCLBYTES)
 			MEXTMALLOC(m, space, M_WAITOK);
 		else
 			m_clget(m, M_WAIT);
 		if ((m->m_flags & M_EXT) == 0) {
 			m_free(m);
 			return (control);
+		}
+	}
 	m->m_len = space;
 	m->m_next = NULL;
 	cmp = mtod(m, struct cmsghdr *);
 	sc = (struct sockcred *)CMSG_DATA(cmp);
 	cmp->cmsg_len = len;
 	cmp->cmsg_level = SOL_SOCKET;
 	cmp->cmsg_type = SCM_CREDS;
 	sc->sc_uid = kauth_cred_getuid(l->l_cred);
 	sc->sc_euid = kauth_cred_geteuid(l->l_cred);
 	sc->sc_gid = kauth_cred_getgid(l->l_cred);
 	sc->sc_egid = kauth_cred_getegid(l->l_cred);
 	sc->sc_ngroups = kauth_cred_ngroups(l->l_cred);
 	for (i = 0; i < sc->sc_ngroups; i++)
 		sc->sc_groups[i] = kauth_cred_group(l->l_cred, i);
 	/*
 	 * If a control message already exists, append us to the end.
 	 */
 	if (control != NULL) {
 		for (n = control; n->m_next != NULL; n = n->m_next)
+			;
 		n->m_next = m;
 	} else
 		control = m;
 	return (control);
+}
 int	unp_defer, unp_gcing;
 extern	struct domain unixdomain;
 /*
- * Comment added long after the fact explaining what's going on here.
+ * Do a mark-sweep GC of files in the system, to free up any which are
- * Do a mark-sweep GC of file descriptors on the system, to free up
+ * caught in flight to an about-to-be-closed socket.  Additionally,
- * any which are caught in flight to an about-to-be-closed socket.
+ * process deferred file closures.
  * Traditional mark-sweep gc's start at the "root", and mark
  * everything reachable from the root (which, in our case would be the
  * process table).  The mark bits are cleared during the sweep.
  * XXX For some inexplicable reason (perhaps because the file
  * descriptor tables used to live in the u area which could be swapped
  * out and thus hard to reach), we do multiple scans over the set of
  * descriptors, using use *two* mark bits per object (DEFER and MARK).
  * Whenever we find a descriptor which references other descriptors,
  * the ones it references are marked with both bits, and we iterate
  * over the whole file table until there are no more DEFER bits set.
  * We also make an extra pass *before* the GC to clear the mark bits,
  * which could have been cleared at almost no cost during the previous
  * sweep.
  */
-void
+static void
-unp_gc(void)
+unp_gc(file_t *dp)
+{
-	file_t *fp, *nextfp;
+	extern	struct domain unixdomain;
 	file_t *fp, *np;
 	struct socket *so, *so1;
-	file_t **extra_ref, **fpp;
+	u_int i, old, new;
-	int nunref, nslots, i;
+	bool didwork;
-	if (atomic_swap_uint(&unp_gcing, 1) == 1)
+	KASSERT(curlwp == unp_thread_lwp);
-		return;
+	KASSERT(mutex_owned(&filelist_lock));
- restart:
+	/*
- 	nslots = nfiles * 2;
+	 * First, process deferred file closures.
- 	extra_ref = kmem_alloc(nslots * sizeof(file_t *), KM_SLEEP);
+	 */
 	while (!SLIST_EMPTY(&unp_thread_discard)) {
 		fp = SLIST_FIRST(&unp_thread_discard);
 		KASSERT(fp->f_unpcount > 0);
 		KASSERT(fp->f_count > 0);
 		KASSERT(fp->f_msgcount > 0);
 		KASSERT(fp->f_count >= fp->f_unpcount);
 		KASSERT(fp->f_count >= fp->f_msgcount);
 		KASSERT(fp->f_msgcount >= fp->f_unpcount);
 		SLIST_REMOVE_HEAD(&unp_thread_discard, f_unplist);
 		i = fp->f_unpcount;
 		fp->f_unpcount = 0;
 		mutex_exit(&filelist_lock);
 		for (; i != 0; i--) {
 			unp_discard_now(fp);
+		}
 		mutex_enter(&filelist_lock);
+	}
-	mutex_enter(&filelist_lock);
+	/*
 	 * Clear mark bits.  Ensure that we don't consider new files
 	 * entering the file table during this loop (they will not have
 	 * FSCAN set).
 	 */
 	unp_defer = 0;
 	/* Clear mark bits */
 	LIST_FOREACH(fp, &filehead, f_list) {
-		atomic_and_uint(&fp->f_flag, ~(FMARK|FDEFER));
+		for (old = fp->f_flag;; old = new) {
 			new = atomic_cas_uint(&fp->f_flag, old,
 			    (old | FSCAN) & ~(FMARK|FDEFER));
 			if (__predict_true(old == new)) {
 				break;
+			}
+		}
+	}
 	/*
-	 * Iterate over the set of descriptors, marking ones believed
+	 * Iterate over the set of sockets, marking ones believed (based on
-	 * (based on refcount) to be referenced from a process, and
+	 * refcount) to be referenced from a process, and marking for rescan
-	 * marking for rescan descriptors which are queued on a socket.
+	 * sockets which are queued on a socket.  Recan continues descending
 	 * and searching for sockets referenced by sockets (FDEFER), until
 	 * there are no more socket->socket references to be discovered.
 	 */
 	do {
-		LIST_FOREACH(fp, &filehead, f_list) {
+		didwork = false;
 		for (fp = LIST_FIRST(&filehead); fp != NULL; fp = np) {
 			KASSERT(mutex_owned(&filelist_lock));
 			np = LIST_NEXT(fp, f_list);
 			mutex_enter(&fp->f_lock);
-			if (fp->f_flag & FDEFER) {
+			if ((fp->f_flag & FDEFER) != 0) {
 				atomic_and_uint(&fp->f_flag, ~FDEFER);
 				unp_defer--;
 				KASSERT(fp->f_count != 0);
 			} else {
 				if (fp->f_count == 0 ||
-				    (fp->f_flag & FMARK) ||
+				    (fp->f_flag & FMARK) != 0 ||
-				    fp->f_count == fp->f_msgcount) {
+				    fp->f_count == fp->f_msgcount ||
 				    fp->f_unpcount != 0) {
 					mutex_exit(&fp->f_lock);
 					continue;
+				}
+			}
 			atomic_or_uint(&fp->f_flag, FMARK);
 			if (fp->f_type != DTYPE_SOCKET ||
 			    (so = fp->f_data) == NULL ||
 			    so->so_proto->pr_domain != &unixdomain ||
-			    (so->so_proto->pr_flags&PR_RIGHTS) == 0) {
+			    (so->so_proto->pr_flags & PR_RIGHTS) == 0) {
 				mutex_exit(&fp->f_lock);
 				continue;
+			}
 #ifdef notdef
-			if (so->so_rcv.sb_flags & SB_LOCK) {
+			/* Gain file ref, mark our position, and unlock. */
-				mutex_exit(&fp->f_lock);
+			didwork = true;
-				mutex_exit(&filelist_lock);
+			LIST_INSERT_AFTER(fp, dp, f_list);
-				kmem_free(extra_ref, nslots * sizeof(file_t *));
+			fp->f_count++;
 				/*
 				 * This is problematical; it's not clear
 				 * we need to wait for the sockbuf to be
 				 * unlocked (on a uniprocessor, at least),
 				 * and it's also not clear what to do
 				 * if sbwait returns an error due to receipt
 				 * of a signal.  If sbwait does return
 				 * an error, we'll go into an infinite
 				 * loop.  Delete all of this for now.
 				 */
 				(void) sbwait(&so->so_rcv);
 				goto restart;
 #endif
 			mutex_exit(&fp->f_lock);
 			mutex_exit(&filelist_lock);
 			/*
-			 * XXX Locking a socket with filelist_lock held
+			 * Mark files referenced from sockets queued on the
-			 * is ugly.  filelist_lock can be taken by the
+			 * accept queue as well.
 			 * pagedaemon when reclaiming items from file_cache.
 			 * Socket activity could delay the pagedaemon.
 			 */
 			solock(so);
 			unp_scan(so->so_rcv.sb_mb, unp_mark, 0);
-			/*
+			if ((so->so_options & SO_ACCEPTCONN) != 0) {
 			 * Mark descriptors referenced from sockets queued
 			 * on the accept queue as well.
 			 */
 			if (so->so_options & SO_ACCEPTCONN) {
 				TAILQ_FOREACH(so1, &so->so_q0, so_qe) {
 					unp_scan(so1->so_rcv.sb_mb, unp_mark, 0);
+				}
 				TAILQ_FOREACH(so1, &so->so_q, so_qe) {
 					unp_scan(so1->so_rcv.sb_mb, unp_mark, 0);
+				}
+			}
 			sounlock(so);
 			/* Re-lock and restart from where we left off. */
 			closef(fp);
 			mutex_enter(&filelist_lock);
 			np = LIST_NEXT(dp, f_list);
 			LIST_REMOVE(dp, f_list);
+		}
-	} while (unp_defer);
+		/*
 		 * Bail early if we did nothing in the loop above.  Could
 		 * happen because of concurrent activity causing unp_defer
 		 * to get out of sync.
 		 */
 	} while (unp_defer != 0 && didwork);
 	/*
-	 * Sweep pass.  Find unmarked descriptors, and free them.
+	 * Sweep pass.
 	 * We grab an extra reference to each of the file table entries
 	 * that are not otherwise accessible and then free the rights
 	 * that are stored in messages on them.
 	 * The bug in the original code is a little tricky, so I'll describe
 	 * what's wrong with it here.
 	 * It is incorrect to simply unp_discard each entry for f_msgcount
 	 * times -- consider the case of sockets A and B that contain
 	 * references to each other.  On a last close of some other socket,
 	 * we trigger a gc since the number of outstanding rights (unp_rights)
 	 * is non-zero.  If during the sweep phase the gc code un_discards,
 	 * we end up doing a (full) closef on the descriptor.  A closef on A
 	 * results in the following chain.  Closef calls soo_close, which
 	 * calls soclose.   Soclose calls first (through the switch
 	 * uipc_usrreq) unp_detach, which re-invokes unp_gc.  Unp_gc simply
 	 * returns because the previous instance had set unp_gcing, and
 	 * we return all the way back to soclose, which marks the socket
 	 * with SS_NOFDREF, and then calls sofree.  Sofree calls sorflush
 	 * to free up the rights that are queued in messages on the socket A,
 	 * i.e., the reference on B.  The sorflush calls via the dom_dispose
 	 * switch unp_dispose, which unp_scans with unp_discard.  This second
 	 * instance of unp_discard just calls closef on B.
+	 *
-	 * Well, a similar chain occurs on B, resulting in a sorflush on B,
+	 * We grab an extra reference to each of the files that are
-	 * which results in another closef on A.  Unfortunately, A is already
+	 * not otherwise accessible and then free the rights that are
-	 * being closed, and the descriptor has already been marked with
+	 * stored in messages on them.
 	 * SS_NOFDREF, and soclose panics at this point.
 	 * Here, we first take an extra reference to each inaccessible
 	 * descriptor.  Then, if the inaccessible descriptor is a
 	 * socket, we call sorflush in case it is a Unix domain
 	 * socket.  After we destroy all the rights carried in
 	 * messages, we do a last closef to get rid of our extra
 	 * reference.  This is the last close, and the unp_detach etc
 	 * will shut down the socket.
 	 * 91/09/19, bsy@cs.cmu.edu
 	 */
-	if (nslots < nfiles) {
+	for (fp = LIST_FIRST(&filehead); fp != NULL; fp = np) {
-		mutex_exit(&filelist_lock);
+		KASSERT(mutex_owned(&filelist_lock));
-		kmem_free(extra_ref, nslots * sizeof(file_t *));
+		np = LIST_NEXT(fp, f_list);
 		goto restart;
 	for (nunref = 0, fp = LIST_FIRST(&filehead), fpp = extra_ref; fp != 0;
 	    fp = nextfp) {
 		nextfp = LIST_NEXT(fp, f_list);
 		mutex_enter(&fp->f_lock);
 		if (fp->f_count != 0 &&
-		    fp->f_count == fp->f_msgcount && !(fp->f_flag & FMARK)) {
+		/*
-			*fpp++ = fp;
+		 * Ignore non-sockets.
-			nunref++;
+		 * Ignore dead sockets, or sockets with pending close.
-			fp->f_count++;
+		 * Ignore sockets obviously referenced elsewhere.
 		 * Ignore sockets marked as referenced by our scan.
 		 * Ignore new sockets that did not exist during the scan.
 		 */
 		if (fp->f_type != DTYPE_SOCKET ||
 		    fp->f_count == 0 || fp->f_unpcount != 0 ||
 		    fp->f_count != fp->f_msgcount ||
 		    (fp->f_flag & (FMARK | FSCAN)) != FSCAN) {
 			mutex_exit(&fp->f_lock);
 			continue;
+		}
 		/* Gain file ref, mark our position, and unlock. */
 		LIST_INSERT_AFTER(fp, dp, f_list);
 		fp->f_count++;
 		mutex_exit(&fp->f_lock);
 		mutex_exit(&filelist_lock);
 		/*
 		 * Flush all data from the socket's receive buffer.
 		 * This will cause files referenced only by the
 		 * socket to be queued for close.
 		 */
 		so = fp->f_data;
 		solock(so);
 		sorflush(so);
 		sounlock(so);
 		/* Re-lock and restart from where we left off. */
 		closef(fp);
 		mutex_enter(&filelist_lock);
 		np = LIST_NEXT(dp, f_list);
 		LIST_REMOVE(dp, f_list);
+	}
 	mutex_exit(&filelist_lock);
-	for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) {
+/*
-		fp = *fpp;
+ * Garbage collector thread.  While SCM_RIGHTS messages are in transit,
-		if (fp->f_type == DTYPE_SOCKET) {
+ * wake once per second to garbage collect.  Run continually while we
-			so = fp->f_data;
+ * have deferred closes to process.
-			solock(so);
+ */
-			sorflush(fp->f_data);
+static void
-			sounlock(so);
+unp_thread(void *cookie)
+{
 	file_t *dp;
 	/* Allocate a dummy file for our scans. */
 	if ((dp = fgetdummy()) == NULL) {
 		panic("unp_thread");
+	}
 	mutex_enter(&filelist_lock);
 	for (;;) {
 		KASSERT(mutex_owned(&filelist_lock));
 		if (SLIST_EMPTY(&unp_thread_discard)) {
 			if (unp_rights != 0) {
 				(void)cv_timedwait(&unp_thread_cv,
 				    &filelist_lock, hz);
 			} else {
 				cv_wait(&unp_thread_cv, &filelist_lock);
+			}
+		}
 		unp_gc(dp);
+	}
-	for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) {
+	/* NOTREACHED */
 		closef(*fpp);
 /*
  * Kick the garbage collector into action if there is something for
  * it to process.
  */
 static void
 unp_thread_kick(void)
+{
 	if (!SLIST_EMPTY(&unp_thread_discard) || unp_rights != 0) {
 		mutex_enter(&filelist_lock);
 		cv_signal(&unp_thread_cv);
 		mutex_exit(&filelist_lock);
+	}
 	kmem_free(extra_ref, nslots * sizeof(file_t *));
 	atomic_swap_uint(&unp_gcing, 0);
+}
 void
 unp_dispose(struct mbuf *m)
+{
 	if (m)
-		unp_scan(m, unp_discard, 1);
+		unp_scan(m, unp_discard_later, 1);
+}
 void
 unp_scan(struct mbuf *m0, void (*op)(file_t *), int discard)
+{
 	struct mbuf *m;
-	file_t **rp;
+	file_t **rp, *fp;
 	struct cmsghdr *cm;
-	int i;
+	int i, qfds;
 	int qfds;
 	while (m0) {
 		for (m = m0; m; m = m->m_next) {
-			if (m->m_type == MT_CONTROL &&
+			if (m->m_type != MT_CONTROL ||
-			    m->m_len >= sizeof(*cm)) {
+			    m->m_len < sizeof(*cm)) {
-				cm = mtod(m, struct cmsghdr *);
+			    	continue;
 				if (cm->cmsg_level != SOL_SOCKET ||
-				    cm->cmsg_type != SCM_RIGHTS)
+			cm = mtod(m, struct cmsghdr *);
-					continue;
+			if (cm->cmsg_level != SOL_SOCKET ||
-				qfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm)))
+			    cm->cmsg_type != SCM_RIGHTS)
-				    / sizeof(file_t *);
+				continue;
-				rp = (file_t **)CMSG_DATA(cm);
+			qfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm)))
-				for (i = 0; i < qfds; i++) {
+			    / sizeof(file_t *);
-					file_t *fp = *rp;
+			rp = (file_t **)CMSG_DATA(cm);
-					if (discard)
+			for (i = 0; i < qfds; i++) {
-						*rp = 0;
+				fp = *rp;
-					(*op)(fp);
+				if (discard) {
-					rp++;
+					*rp = 0;
+				}
-				break;		/* XXX, but saves time */
+				(*op)(fp);
 				rp++;
+			}
+		}
 		m0 = m0->m_nextpkt;
+	}
+}
 void
 unp_mark(file_t *fp)
+{
 	if (fp == NULL)
 		return;
 	/* If we're already deferred, don't screw up the defer count */
 	mutex_enter(&fp->f_lock);
 	if (fp->f_flag & (FMARK | FDEFER)) {
 		mutex_exit(&fp->f_lock);
 		return;
+	}
 	/*
-	 * Minimize the number of deferrals...  Sockets are the only
+	 * Minimize the number of deferrals...  Sockets are the only type of
-	 * type of descriptor which can hold references to another
+	 * file which can hold references to another file, so just mark
-	 * descriptor, so just mark other descriptors, and defer
+	 * other files, and defer unmarked sockets for the next pass.
 	 * unmarked sockets for the next pass.
 	 */
 	if (fp->f_type == DTYPE_SOCKET) {
 		unp_defer++;
 		KASSERT(fp->f_count != 0);
 		atomic_or_uint(&fp->f_flag, FDEFER);
 	} else {
 		atomic_or_uint(&fp->f_flag, FMARK);
+	}
 	mutex_exit(&fp->f_lock);
 	return;
+}
-void
+static void
-unp_discard(file_t *fp)
+unp_discard_now(file_t *fp)
+{
 	if (fp == NULL)
 		return;
 	mutex_enter(&fp->f_lock);
 	KASSERT(fp->f_count > 0);
 	KASSERT(fp->f_msgcount > 0);
 	mutex_enter(&fp->f_lock);
 	fp->f_msgcount--;
 	mutex_exit(&fp->f_lock);
 	atomic_dec_uint(&unp_rights);
 	(void)closef(fp);
+}
 static void
 unp_discard_later(file_t *fp)
+{
 	if (fp == NULL)
 		return;
 	KASSERT(fp->f_count > 0);
 	KASSERT(fp->f_msgcount > 0);
 	mutex_enter(&filelist_lock);
 	if (fp->f_unpcount++ == 0) {
 		SLIST_INSERT_HEAD(&unp_thread_discard, fp, f_unplist);
+	}
 	mutex_exit(&filelist_lock);
+}

 @@ -1,287 +1,288 @@
-/*	$NetBSD: fcntl.h,v 1.34 2006/10/05 14:48:33 chs Exp $	*/
+/*	$NetBSD: fcntl.h,v 1.34.64.1 2009/03/18 05:33:23 snj Exp $	*/
 /*-
  * Copyright (c) 1983, 1990, 1993
  *	The Regents of the University of California.  All rights reserved.
  * (c) UNIX System Laboratories, Inc.
  * All or some portions of this file are derived from material licensed
  * to the University of California by American Telephone and Telegraph
  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
  * the permission of UNIX System Laboratories, Inc.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)fcntl.h	8.3 (Berkeley) 1/21/94
  */
 #ifndef _SYS_FCNTL_H_
 #define	_SYS_FCNTL_H_
 /*
  * This file includes the definitions for open and fcntl
  * described by POSIX for <fcntl.h>; it also includes
  * related kernel definitions.
  */
 #ifndef _KERNEL
 #include <sys/featuretest.h>
 #include <sys/types.h>
 #if defined(_XOPEN_SOURCE) || defined(_NETBSD_SOURCE)
 #include <sys/stat.h>
 #endif /* _XOPEN_SOURCE || _NETBSD_SOURCE */
 #endif /* !_KERNEL */
 /*
  * File status flags: these are used by open(2), fcntl(2).
  * They are also used (indirectly) in the kernel file structure f_flags,
  * which is a superset of the open/fcntl flags.  Open flags and f_flags
  * are inter-convertible using OFLAGS(fflags) and FFLAGS(oflags).
  * Open/fcntl flags begin with O_; kernel-internal flags begin with F.
  */
 /* open-only flags */
 #define	O_RDONLY	0x00000000	/* open for reading only */
 #define	O_WRONLY	0x00000001	/* open for writing only */
 #define	O_RDWR		0x00000002	/* open for reading and writing */
 #define	O_ACCMODE	0x00000003	/* mask for above modes */
 /*
  * Kernel encoding of open mode; separate read and write bits that are
  * independently testable: 1 greater than the above.
+ *
  * XXX
  * FREAD and FWRITE are excluded from the #ifdef _KERNEL so that TIOCFLUSH,
  * which was documented to use FREAD/FWRITE, continues to work.
  */
 #if defined(_NETBSD_SOURCE)
 #define	FREAD		0x00000001
 #define	FWRITE		0x00000002
 #endif
 #define	O_NONBLOCK	0x00000004	/* no delay */
 #define	O_APPEND	0x00000008	/* set append mode */
 #if defined(_NETBSD_SOURCE)
 #define	O_SHLOCK	0x00000010	/* open with shared file lock */
 #define	O_EXLOCK	0x00000020	/* open with exclusive file lock */
 #define	O_ASYNC		0x00000040	/* signal pgrp when data ready */
 #endif
 #if (_POSIX_C_SOURCE - 0) >= 199309L || \
     (defined(_XOPEN_SOURCE) && defined(_XOPEN_SOURCE_EXTENDED)) || \
     (_XOPEN_SOURCE - 0) >= 500 || defined(_NETBSD_SOURCE)
 #define	O_SYNC		0x00000080	/* synchronous writes */
 #endif
 #if defined(_NETBSD_SOURCE)
 #define	O_NOFOLLOW	0x00000100	/* don't follow symlinks on the last */
 					/* path component */
 #endif
 #define	O_CREAT		0x00000200	/* create if nonexistent */
 #define	O_TRUNC		0x00000400	/* truncate to zero length */
 #define	O_EXCL		0x00000800	/* error if already exists */
 #if (_POSIX_C_SOURCE - 0) >= 199309L || (_XOPEN_SOURCE - 0) >= 500 || \
     defined(_NETBSD_SOURCE)
 #define	O_DSYNC		0x00010000	/* write: I/O data completion */
 #define	O_RSYNC		0x00020000	/* read: I/O completion as for write */
 #endif
 #if defined(_NETBSD_SOURCE)
 #define	O_ALT_IO	0x00040000	/* use alternate i/o semantics */
 #define	O_DIRECT	0x00080000	/* direct I/O hint */
 #endif
 /* defined by POSIX 1003.1; BSD default, but required to be bitwise distinct */
 #define	O_NOCTTY	0x00008000	/* don't assign controlling terminal */
 #ifdef _KERNEL
 /* convert from open() flags to/from fflags; convert O_RD/WR to FREAD/FWRITE */
 #define	FFLAGS(oflags)	((oflags) + 1)
 #define	OFLAGS(fflags)	((fflags) - 1)
 /* all bits settable during open(2) */
 #define	O_MASK		(O_ACCMODE|O_NONBLOCK|O_APPEND|O_SHLOCK|O_EXLOCK|\
 			 O_ASYNC|O_SYNC|O_CREAT|O_TRUNC|O_EXCL|O_DSYNC|\
 			 O_RSYNC|O_NOCTTY|O_ALT_IO|O_NOFOLLOW|O_DIRECT)
 #define	FMARK		0x00001000	/* mark during gc() */
 #define	FDEFER		0x00002000	/* defer for next gc pass */
 #define	FHASLOCK	0x00004000	/* descriptor holds advisory lock */
 #define	FSCAN		0x00100000	/* scan during gc passes */
 #define	FKIOCTL		0x80000000	/* kernel originated ioctl */
 /* bits settable by fcntl(F_SETFL, ...) */
 #define	FCNTLFLAGS	(FAPPEND|FASYNC|FFSYNC|FNONBLOCK|FDSYNC|FRSYNC|FALTIO|\
 			 FDIRECT)
 /* bits to save after open(2) */
 #define	FMASK		(FREAD|FWRITE|FCNTLFLAGS)
 #endif /* _KERNEL */
 /*
  * The O_* flags used to have only F* names, which were used in the kernel
  * and by fcntl.  We retain the F* names for the kernel f_flags field
  * and for backward compatibility for fcntl.
  */
 #if defined(_NETBSD_SOURCE)
 #define	FAPPEND		O_APPEND	/* kernel/compat */
 #define	FASYNC		O_ASYNC		/* kernel/compat */
 #define	O_FSYNC		O_SYNC		/* compat */
 #define	FNDELAY		O_NONBLOCK	/* compat */
 #define	O_NDELAY	O_NONBLOCK	/* compat */
 #endif
 #if defined(_KERNEL)
 #define	FNONBLOCK	O_NONBLOCK	/* kernel */
 #define	FFSYNC		O_SYNC		/* kernel */
 #define	FDSYNC		O_DSYNC		/* kernel */
 #define	FRSYNC		O_RSYNC		/* kernel */
 #define	FALTIO		O_ALT_IO	/* kernel */
 #define	FDIRECT		O_DIRECT	/* kernel */
 #endif
 /*
  * Constants used for fcntl(2)
  */
 /* command values */
 #define	F_DUPFD		0		/* duplicate file descriptor */
 #define	F_GETFD		1		/* get file descriptor flags */
 #define	F_SETFD		2		/* set file descriptor flags */
 #define	F_GETFL		3		/* get file status flags */
 #define	F_SETFL		4		/* set file status flags */
 #if (_POSIX_C_SOURCE - 0) >= 200112L || (_XOPEN_SOURCE - 0) >= 500 || \
     defined(_NETBSD_SOURCE)
 #define	F_GETOWN	5		/* get SIGIO/SIGURG proc/pgrp */
 #define	F_SETOWN	6		/* set SIGIO/SIGURG proc/pgrp */
 #endif
 #define	F_GETLK		7		/* get record locking information */
 #define	F_SETLK		8		/* set record locking information */
 #define	F_SETLKW	9		/* F_SETLK; wait if blocked */
 #if defined(_NETBSD_SOURCE)
 #define	F_CLOSEM	10		/* close all fds >= to the one given */
 #define	F_MAXFD		11		/* return the max open fd */
 #endif
 /* file descriptor flags (F_GETFD, F_SETFD) */
 #define	FD_CLOEXEC	1		/* close-on-exec flag */
 /* record locking flags (F_GETLK, F_SETLK, F_SETLKW) */
 #define	F_RDLCK		1		/* shared or read lock */
 #define	F_UNLCK		2		/* unlock */
 #define	F_WRLCK		3		/* exclusive or write lock */
 #ifdef _KERNEL
 #define	F_WAIT		0x010		/* Wait until lock is granted */
 #define	F_FLOCK		0x020	 	/* Use flock(2) semantics for lock */
 #define	F_POSIX		0x040	 	/* Use POSIX semantics for lock */
 #endif
 /* Constants for fcntl's passed to the underlying fs - like ioctl's. */
 #if defined(_NETBSD_SOURCE)
 #define	F_PARAM_MASK	0xfff
 #define	F_PARAM_LEN(x)	(((x) >> 16) & F_PARAM_MASK)
 #define	F_PARAM_MAX	4095
 #define	F_FSCTL		(int)0x80000000	/* This fcntl goes to the fs */
 #define	F_FSVOID	(int)0x40000000	/* no parameters */
 #define	F_FSOUT		(int)0x20000000	/* copy out parameter */
 #define	F_FSIN		(int)0x10000000	/* copy in parameter */
 #define	F_FSINOUT	(F_FSIN | F_FSOUT)
 #define	F_FSDIRMASK	(int)0x70000000	/* mask for IN/OUT/VOID */
 #define	F_FSPRIV	(int)0x00008000	/* command is fs-specific */
 /*
  * Define command macros for operations which, if implemented, must be
  * the same for all fs's.
  */
 #define	_FCN(inout, num, len) \
 		(F_FSCTL | inout | ((len & F_PARAM_MASK) << 16) | (num))
 #define	_FCNO(c)	_FCN(F_FSVOID,	(c), 0)
 #define	_FCNR(c, t)	_FCN(F_FSIN,	(c), (int)sizeof(t))
 #define	_FCNW(c, t)	_FCN(F_FSOUT,	(c), (int)sizeof(t))
 #define	_FCNRW(c, t)	_FCN(F_FSINOUT,	(c), (int)sizeof(t))
 /*
  * Define command macros for fs-specific commands.
  */
 #define	_FCN_FSPRIV(inout, fs, num, len) \
 	(F_FSCTL | F_FSPRIV | inout | ((len & F_PARAM_MASK) << 16) |	\
 	 (fs) << 8 | (num))
 #define	_FCNO_FSPRIV(f, c)	_FCN_FSPRIV(F_FSVOID,  (f), (c), 0)
 #define	_FCNR_FSPRIV(f, c, t)	_FCN_FSPRIV(F_FSIN,    (f), (c), (int)sizeof(t))
 #define	_FCNW_FSPRIV(f, c, t)	_FCN_FSPRIV(F_FSOUT,   (f), (c), (int)sizeof(t))
 #define	_FCNRW_FSPRIV(f, c, t)	_FCN_FSPRIV(F_FSINOUT, (f), (c), (int)sizeof(t))
 #endif /* _NETBSD_SOURCE */
 /*
  * Advisory file segment locking data type -
  * information passed to system by user
  */
 struct flock {
 	off_t	l_start;	/* starting offset */
 	off_t	l_len;		/* len = 0 means until end of file */
 	pid_t	l_pid;		/* lock owner */
 	short	l_type;		/* lock type: read/write, etc. */
 	short	l_whence;	/* type of l_start */
 };
 #if defined(_NETBSD_SOURCE)
 /* lock operations for flock(2) */
 #define	LOCK_SH		0x01		/* shared file lock */
 #define	LOCK_EX		0x02		/* exclusive file lock */
 #define	LOCK_NB		0x04		/* don't block when locking */
 #define	LOCK_UN		0x08		/* unlock file */
 #endif
 /* Always ensure that these are consistent with <stdio.h> and <unistd.h>! */
 #ifndef	SEEK_SET
 #define	SEEK_SET	0	/* set file offset to offset */
 #endif
 #ifndef	SEEK_CUR
 #define	SEEK_CUR	1	/* set file offset to current plus offset */
 #endif
 #ifndef	SEEK_END
 #define	SEEK_END	2	/* set file offset to EOF plus offset */
 #endif
 /*
  * posix_advise advisories.
  */
 #define	POSIX_FADV_NORMAL	0	/* default advice / no advice */
 #define	POSIX_FADV_RANDOM	1	/* random access */
 #define	POSIX_FADV_SEQUENTIAL	2	/* sequential access(lower to higher) */
 #define	POSIX_FADV_WILLNEED	3	/* be needed in near future */
 #define	POSIX_FADV_DONTNEED	4	/* not be needed in near future */
 #define	POSIX_FADV_NOREUSE	5	/* be accessed once */
 #ifndef _KERNEL
 #include <sys/cdefs.h>
 __BEGIN_DECLS
 int	open(const char *, int, ...);
 int	creat(const char *, mode_t);
 int	fcntl(int, int, ...);
 #if defined(_NETBSD_SOURCE)
 int	flock(int, int);
 #endif /* _NETBSD_SOURCE */
 int	posix_fadvise(int, off_t, off_t, int);
 __END_DECLS
 #endif /* !_KERNEL */
 #endif /* !_SYS_FCNTL_H_ */

 @@ -1,432 +1,432 @@
-/*	$NetBSD: param.h,v 1.330.4.3 2009/02/09 00:22:09 snj Exp $	*/
+/*	$NetBSD: param.h,v 1.330.4.4 2009/03/18 05:33:23 snj Exp $	*/
 /*-
  * Copyright (c) 1982, 1986, 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
  * (c) UNIX System Laboratories, Inc.
  * All or some portions of this file are derived from material licensed
  * to the University of California by American Telephone and Telegraph
  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
  * the permission of UNIX System Laboratories, Inc.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)param.h	8.3 (Berkeley) 4/4/95
  */
 #ifndef _SYS_PARAM_H_
 #define	_SYS_PARAM_H_
 /*
  * Historic BSD #defines -- probably will remain untouched for all time.
  */
 #define	BSD	199506		/* System version (year & month). */
 #define	BSD4_3	1
 #define	BSD4_4	1
 /*
  *	#define __NetBSD_Version__ MMmmrrpp00
+ *
  *	M = major version
  *	m = minor version; a minor number of 99 indicates current.
  *	r = 0 (*)
  *	p = patchlevel
+ *
  * When new releases are made, src/gnu/usr.bin/groff/tmac/mdoc.local
  * needs to be updated and the changes sent back to the groff maintainers.
+ *
  * (*)	Up to 2.0I "release" used to be "",A-Z,Z[A-Z] but numeric
  *	    	e.g. NetBSD-1.2D  = 102040000 ('D' == 4)
  *	NetBSD-2.0H 	(200080000) was changed on 20041001 to:
  *	2.99.9		(299000900)
  */
-#define	__NetBSD_Version__	500000000	/* NetBSD 5.0_RC2 */
+#define	__NetBSD_Version__	500000001	/* NetBSD 5.0_RC2 */
 #define __NetBSD_Prereq__(M,m,p) (((((M) * 100000000) + \
     (m) * 1000000) + (p) * 100) <= __NetBSD_Version__)
 /*
  * Historical NetBSD #define
+ *
  * NetBSD 1.4 was the last release for which this value was incremented.
  * The value is now permanently fixed at 199905. It will never be
  * changed again.
+ *
  * New code must use __NetBSD_Version__ instead, and should not even
  * count on NetBSD being defined.
+ *
  */
 #define	NetBSD	199905		/* NetBSD version (year & month). */
 #include <sys/null.h>
 #ifndef _LOCORE
 #include <sys/inttypes.h>
 #include <sys/types.h>
 #endif
 /*
  * Machine-independent constants (some used in following include files).
  * Redefined constants are from POSIX 1003.1 limits file.
+ *
  * MAXCOMLEN should be >= sizeof(ac_comm) (see <acct.h>)
  * MAXHOSTNAMELEN should be >= (_POSIX_HOST_NAME_MAX + 1) (see <limits.h>)
  * MAXLOGNAME should be >= UT_NAMESIZE (see <utmp.h>)
  */
 #include <sys/syslimits.h>
 #define	MAXCOMLEN	16		/* max command name remembered */
 #define	MAXINTERP	PATH_MAX	/* max interpreter file name length */
 /* DEPRECATED: use LOGIN_NAME_MAX instead. */
 #define	MAXLOGNAME	(LOGIN_NAME_MAX - 1) /* max login name length */
 #define	NCARGS		ARG_MAX		/* max bytes for an exec function */
 #define	NGROUPS		NGROUPS_MAX	/* max number groups */
 #define	NOGROUP		65535		/* marker for empty group set member */
 #define	MAXHOSTNAMELEN	256		/* max hostname size */
 #ifndef NOFILE
 #define	NOFILE		OPEN_MAX	/* max open files per process */
 #endif
 #ifndef MAXUPRC				/* max simultaneous processes */
 #define	MAXUPRC		CHILD_MAX	/* POSIX 1003.1-compliant default */
 #else
 #if (MAXUPRC - 0) < CHILD_MAX
 #error MAXUPRC less than CHILD_MAX.  See options(4) for details.
 #endif /* (MAXUPRC - 0) < CHILD_MAX */
 #endif /* !defined(MAXUPRC) */
 /* More types and definitions used throughout the kernel. */
 #ifdef _KERNEL
 #include <sys/cdefs.h>
 #include <sys/errno.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/ucred.h>
 #include <sys/uio.h>
 #ifndef NPROC
 #define	NPROC	(20 + 16 * MAXUSERS)
 #endif
 #ifndef NTEXT
 #define	NTEXT	(80 + NPROC / 8)		/* actually the object cache */
 #endif
 #ifndef NVNODE
 #define	NVNODE	(NPROC + NTEXT + 100)
 #define	NVNODE_IMPLICIT
 #endif
 #ifndef VNODE_VA_MAXPCT
 #define	VNODE_VA_MAXPCT	20
 #endif
 #ifndef BUFCACHE_VA_MAXPCT
 #define	BUFCACHE_VA_MAXPCT	20
 #endif
 #define	VNODE_COST	2048			/* assumed space in bytes */
 #endif /* _KERNEL */
 /* Signals. */
 #include <sys/signal.h>
 /* Machine type dependent parameters. */
 #include <machine/param.h>
 #include <machine/limits.h>
 /* pages ("clicks") to disk blocks */
 #define	ctod(x)		((x) << (PGSHIFT - DEV_BSHIFT))
 #define	dtoc(x)		((x) >> (PGSHIFT - DEV_BSHIFT))
 /* bytes to pages */
 #define	ctob(x)		((x) << PGSHIFT)
 #define	btoc(x)		(((x) + PGOFSET) >> PGSHIFT)
 /* bytes to disk blocks */
 #define	dbtob(x)	((x) << DEV_BSHIFT)
 #define	btodb(x)	((x) >> DEV_BSHIFT)
 #ifndef COHERENCY_UNIT
 #define	COHERENCY_UNIT		64
 #endif
 #ifndef CACHE_LINE_SIZE
 #define	CACHE_LINE_SIZE		64
 #endif
 #ifndef MAXCPUS
 #define	MAXCPUS			32
 #endif
 #ifndef MAX_LWP_PER_PROC
 #define	MAX_LWP_PER_PROC	8000
 #endif
 /*
  * Stack macros.  On most architectures, the stack grows down,
  * towards lower addresses; it is the rare architecture where
  * it grows up, towards higher addresses.
+ *
  * STACK_GROW and STACK_SHRINK adjust a stack pointer by some
  * size, no questions asked.  STACK_ALIGN aligns a stack pointer.
+ *
  * STACK_ALLOC returns a pointer to allocated stack space of
  * some size; given such a pointer and a size, STACK_MAX gives
  * the maximum (in the "maxsaddr" sense) stack address of the
  * allocated memory.
  */
 #if defined(_KERNEL) || defined(__EXPOSE_STACK)
 #ifdef __MACHINE_STACK_GROWS_UP
 #define	STACK_GROW(sp, _size)		(((char *)(void *)(sp)) + (_size))
 #define	STACK_SHRINK(sp, _size)		(((char *)(void *)(sp)) - (_size))
 #define	STACK_ALIGN(sp, bytes)	\
 	((char *)((((unsigned long)(sp)) + (bytes)) & ~(bytes)))
 #define	STACK_ALLOC(sp, _size)		((char *)(void *)(sp))
 #define	STACK_MAX(p, _size)		(((char *)(void *)(p)) + (_size))
 #else
 #define	STACK_GROW(sp, _size)		(((char *)(void *)(sp)) - (_size))
 #define	STACK_SHRINK(sp, _size)		(((char *)(void *)(sp)) + (_size))
 #define	STACK_ALIGN(sp, bytes)	\
 	((char *)(((unsigned long)(sp)) & ~(bytes)))
 #define	STACK_ALLOC(sp, _size)		(((char *)(void *)(sp)) - (_size))
 #define	STACK_MAX(p, _size)		((char *)(void *)(p))
 #endif
 #endif /* defined(_KERNEL) || defined(__EXPOSE_STACK) */
 /*
  * Historic priority levels.  These are meaningless and remain only
  * for source compatibility.  Do not use in new code.
  */
 #define	PSWP	0
 #define	PVM	4
 #define	PINOD	8
 #define	PRIBIO	16
 #define	PVFS	20
 #define	PZERO	22
 #define	PSOCK	24
 #define	PWAIT	32
 #define	PLOCK	36
 #define	PPAUSE	40
 #define	PUSER	50
 #define	MAXPRI	127
 #define	PCATCH		0x100	/* OR'd with pri for tsleep to check signals */
 #define	PNORELOCK	0x200	/* OR'd with pri for tsleep to not relock */
 /*
  * New priority levels.
  */
 #define	PRI_COUNT		224
 #define	PRI_NONE		(-1)
 #define	PRI_KERNEL_RT		192
 #define	NPRI_KERNEL_RT		32
 #define	MAXPRI_KERNEL_RT	(PRI_KERNEL_RT + NPRI_KERNEL_RT - 1)
 #define	PRI_USER_RT		128
 #define	NPRI_USER_RT		64
 #define	MAXPRI_USER_RT		(PRI_USER_RT + NPRI_USER_RT - 1)
 #define	PRI_KTHREAD		96
 #define	NPRI_KTHREAD		32
 #define	MAXPRI_KTHREAD		(PRI_KTHREAD + NPRI_KTHREAD - 1)
 #define	PRI_KERNEL		64
 #define	NPRI_KERNEL		32
 #define	MAXPRI_KERNEL		(PRI_KERNEL + NPRI_KERNEL - 1)
 #define	PRI_USER		0
 #define	NPRI_USER		64
 #define	MAXPRI_USER		(PRI_USER + NPRI_USER - 1)
 /* Priority range used by POSIX real-time features */
 #define	SCHED_PRI_MIN		0
 #define	SCHED_PRI_MAX		63
 /*
  * Kernel thread priorities.
  */
 #define	PRI_SOFTSERIAL	MAXPRI_KERNEL_RT
 #define	PRI_SOFTNET	(MAXPRI_KERNEL_RT - schedppq * 1)
 #define	PRI_SOFTBIO	(MAXPRI_KERNEL_RT - schedppq * 2)
 #define	PRI_SOFTCLOCK	(MAXPRI_KERNEL_RT - schedppq * 3)
 #define	PRI_XCALL	MAXPRI_KTHREAD
 #define	PRI_PGDAEMON	(MAXPRI_KTHREAD - schedppq * 1)
 #define	PRI_VM		(MAXPRI_KTHREAD - schedppq * 2)
 #define	PRI_IOFLUSH	(MAXPRI_KTHREAD - schedppq * 3)
 #define	PRI_BIO		(MAXPRI_KTHREAD - schedppq * 4)
 #define	PRI_IDLE	PRI_USER
 /*
  * Miscellaneous.
  */
 #define	NBPW	sizeof(int)	/* number of bytes per word (integer) */
 #define	CMASK	022		/* default file mask: S_IWGRP|S_IWOTH */
 #define	NODEV	(dev_t)(-1)	/* non-existent device */
 #define	CBLOCK	64		/* Clist block size, must be a power of 2. */
 #define	CBQSIZE	(CBLOCK/NBBY)	/* Quote bytes/cblock - can do better. */
 				/* Data chars/clist. */
 #define	CBSIZE	(CBLOCK - (int)sizeof(struct cblock *) - CBQSIZE)
 #define	CROUND	(CBLOCK - 1)	/* Clist rounding. */
 /*
  * File system parameters and macros.
+ *
  * The file system is made out of blocks of at most MAXBSIZE units, with
  * smaller units (fragments) only in the last direct block.  MAXBSIZE
  * primarily determines the size of buffers in the buffer pool.  It may be
  * made larger without any effect on existing file systems; however making
  * it smaller may make some file systems unmountable.
  */
 #ifndef MAXBSIZE				/* XXX */
 #define	MAXBSIZE	MAXPHYS
 #endif
 #define	MAXFRAG 	8
 /*
  * MAXPATHLEN defines the longest permissible path length after expanding
  * symbolic links. It is used to allocate a temporary buffer from the buffer
  * pool in which to do the name expansion, hence should be a power of two,
  * and must be less than or equal to MAXBSIZE.  MAXSYMLINKS defines the
  * maximum number of symbolic links that may be expanded in a path name.
  * It should be set high enough to allow all legitimate uses, but halt
  * infinite loops reasonably quickly.
+ *
  * MAXSYMLINKS should be >= _POSIX_SYMLOOP_MAX (see <limits.h>)
  */
 #define	MAXPATHLEN	PATH_MAX
 #define	MAXSYMLINKS	32
 /* Bit map related macros. */
 #define	setbit(a,i)	((a)[(i)/NBBY] |= 1<<((i)%NBBY))
 #define	clrbit(a,i)	((a)[(i)/NBBY] &= ~(1<<((i)%NBBY)))
 #define	isset(a,i)	((a)[(i)/NBBY] & (1<<((i)%NBBY)))
 #define	isclr(a,i)	(((a)[(i)/NBBY] & (1<<((i)%NBBY))) == 0)
 /* Macros for counting and rounding. */
 #ifndef howmany
 #define	howmany(x, y)	(((x)+((y)-1))/(y))
 #endif
 #define	roundup(x, y)	((((x)+((y)-1))/(y))*(y))
 #define	rounddown(x,y)	(((x)/(y))*(y))
 #define	roundup2(x, m)	(((x) + m - 1) & ~(m - 1))
 #define	powerof2(x)	((((x)-1)&(x))==0)
 /* Macros for min/max. */
 #define	MIN(a,b)	(((a)<(b))?(a):(b))
 #define	MAX(a,b)	(((a)>(b))?(a):(b))
 /*
  * Constants for setting the parameters of the kernel memory allocator.
+ *
  * 2 ** MINBUCKET is the smallest unit of memory that will be
  * allocated. It must be at least large enough to hold a pointer.
+ *
  * Units of memory less or equal to MAXALLOCSAVE will permanently
  * allocate physical memory; requests for these size pieces of
  * memory are quite fast. Allocations greater than MAXALLOCSAVE must
  * always allocate and free physical memory; requests for these
  * size allocations should be done infrequently as they will be slow.
+ *
  * Constraints: NBPG <= MAXALLOCSAVE <= 2 ** (MINBUCKET + 14), and
  * MAXALLOCSAVE must be a power of two.
  */
 #ifdef _LP64
 #define	MINBUCKET	5		/* 5 => min allocation of 32 bytes */
 #else
 #define	MINBUCKET	4		/* 4 => min allocation of 16 bytes */
 #endif
 #define	MAXALLOCSAVE	(2 * NBPG)
 /*
  * Scale factor for scaled integers used to count %cpu time and load avgs.
+ *
  * The number of CPU `tick's that map to a unique `%age' can be expressed
  * by the formula (1 / (2 ^ (FSHIFT - 11))).  The maximum load average that
  * can be calculated (assuming 32 bits) can be closely approximated using
  * the formula (2 ^ (2 * (16 - FSHIFT))) for (FSHIFT < 15).
+ *
  * For the scheduler to maintain a 1:1 mapping of CPU `tick' to `%age',
  * FSHIFT must be at least 11; this gives us a maximum load avg of ~1024.
  */
 #define	FSHIFT	11		/* bits to right of fixed binary point */
 #define	FSCALE	(1<<FSHIFT)
 /*
  * The time for a process to be blocked before being very swappable.
  * This is a number of seconds which the system takes as being a non-trivial
  * amount of real time.  You probably shouldn't change this;
  * it is used in subtle ways (fractions and multiples of it are, that is, like
  * half of a ``long time'', almost a long time, etc.)
  * It is related to human patience and other factors which don't really
  * change over time.
  */
 #define        MAXSLP          20
 /*
  * Defaults for Unified Buffer Cache parameters.
  * These may be overridden in <machine/param.h>.
  */
 #ifndef UBC_WINSHIFT
 #define	UBC_WINSHIFT	13
 #endif
 #ifndef UBC_NWINS
 #define	UBC_NWINS	1024
 #endif
 #ifdef _KERNEL
 /*
  * macro to convert from milliseconds to hz without integer overflow
  * Default version using only 32bits arithmetics.
  * 64bit port can define 64bit version in their <machine/param.h>
  * 0x20000 is safe for hz < 20000
  */
 #ifndef mstohz
 #define mstohz(ms) \
 	(__predict_false((ms) >= 0x20000) ? \
 	    ((ms +0u) / 1000u) * hz : \
 	    ((ms +0u) * hz) / 1000u)
 #endif
 #ifndef hztoms
 #define hztoms(t) \
 	(__predict_false((t) >= 0x20000) ? \
 	    ((t +0u) / hz) * 1000u : \
 	    ((t +0u) * 1000u) / hz)
 #endif
 extern const int schedppq;
 extern size_t coherency_unit;
 #endif /* _KERNEL */
 /*
  * Minimum alignment of "struct lwp" needed by the architecture.
  * This counts when packing a lock byte into a word alongside a
  * pointer to an LWP.
  */
 #ifndef MIN_LWP_ALIGNMENT
 #define	MIN_LWP_ALIGNMENT	32
 #endif
 #endif /* !_SYS_PARAM_H_ */