[apple/xnu.git] / osfmk / ipc / mach_msg.c

/*
 * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 * 
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */
/*
 * @OSF_COPYRIGHT@
 */
/* 
 * Mach Operating System
 * Copyright (c) 1991,1990,1989 Carnegie Mellon University
 * All Rights Reserved.
 * 
 * Permission to use, copy, modify and distribute this software and its
 * documentation is hereby granted, provided that both the copyright
 * notice and this permission notice appear in all copies of the
 * software, derivative works or modified versions, and any portions
 * thereof, and that both notices appear in supporting documentation.
 * 
 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
 * CONDITION.  CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
 * 
 * Carnegie Mellon requests users of this software to return to
 * 
 *  Software Distribution Coordinator  or  Software.Distribution@CS.CMU.EDU
 *  School of Computer Science
 *  Carnegie Mellon University
 *  Pittsburgh PA 15213-3890
 * 
 * any improvements or extensions that they make and grant Carnegie Mellon
 * the rights to redistribute these changes.
 */
/*
 * NOTICE: This file was modified by McAfee Research in 2004 to introduce
 * support for mandatory and extensible security protections.  This notice
 * is included in support of clause 2.2 (b) of the Apple Public License,
 * Version 2.0.
 * Copyright (c) 2005 SPARTA, Inc.
 */
/*
 */
/*
 *	File:	ipc/mach_msg.c
 *	Author:	Rich Draves
 *	Date:	1989
 *
 *	Exported message traps.  See mach/message.h.
 */

#include <mach/mach_types.h>
#include <mach/kern_return.h>
#include <mach/port.h>
#include <mach/message.h>
#include <mach/mig_errors.h>
#include <mach/mach_traps.h>

#include <kern/kern_types.h>
#include <kern/assert.h>
#include <kern/counters.h>
#include <kern/cpu_number.h>
#include <kern/ipc_kobject.h>
#include <kern/ipc_mig.h>
#include <kern/task.h>
#include <kern/thread.h>
#include <kern/lock.h>
#include <kern/sched_prim.h>
#include <kern/exception.h>
#include <kern/misc_protos.h>
#include <kern/kalloc.h>
#include <kern/processor.h>
#include <kern/syscall_subr.h>

#include <vm/vm_map.h>

#include <ipc/ipc_types.h>
#include <ipc/ipc_kmsg.h>
#include <ipc/ipc_mqueue.h>
#include <ipc/ipc_object.h>
#include <ipc/ipc_notify.h>
#include <ipc/ipc_port.h>
#include <ipc/ipc_pset.h>
#include <ipc/ipc_space.h>
#include <ipc/ipc_entry.h>

#include <machine/machine_routines.h>
#include <security/mac_mach_internal.h>

#include <sys/kdebug.h>


#ifndef offsetof
#define offsetof(type, member)  ((size_t)(&((type *)0)->member))
#endif /* offsetof */

/*
 * Forward declarations - kernel internal routines
 */

mach_msg_return_t mach_msg_send(
	mach_msg_header_t	*msg,
	mach_msg_option_t	option,
	mach_msg_size_t		send_size,
	mach_msg_timeout_t	send_timeout,
	mach_port_name_t	notify);

mach_msg_return_t mach_msg_receive(
	mach_msg_header_t	*msg,
	mach_msg_option_t	option,
	mach_msg_size_t		rcv_size,
	mach_port_name_t	rcv_name,
	mach_msg_timeout_t	rcv_timeout,
	void 			(*continuation)(mach_msg_return_t),
	mach_msg_size_t		slist_size);


mach_msg_return_t msg_receive_error(
	ipc_kmsg_t		kmsg,
	mach_vm_address_t	msg_addr,
	mach_msg_option_t	option,
	mach_port_seqno_t	seqno,
	ipc_space_t		space);

security_token_t KERNEL_SECURITY_TOKEN = KERNEL_SECURITY_TOKEN_VALUE;
audit_token_t KERNEL_AUDIT_TOKEN = KERNEL_AUDIT_TOKEN_VALUE;

mach_msg_format_0_trailer_t trailer_template = {
	/* mach_msg_trailer_type_t */ MACH_MSG_TRAILER_FORMAT_0,
	/* mach_msg_trailer_size_t */ MACH_MSG_TRAILER_MINIMUM_SIZE,
        /* mach_port_seqno_t */       0,
	/* security_token_t */        KERNEL_SECURITY_TOKEN_VALUE
};

/*
 *	Routine:	mach_msg_send
 *	Purpose:
 *		Send a message.
 *	Conditions:
 *		Nothing locked.
 *	Returns:
 *		MACH_MSG_SUCCESS	Sent the message.
 *		MACH_SEND_MSG_TOO_SMALL	Message smaller than a header.
 *		MACH_SEND_NO_BUFFER	Couldn't allocate buffer.
 *		MACH_SEND_INVALID_DATA	Couldn't copy message data.
 *		MACH_SEND_INVALID_HEADER
 *			Illegal value in the message header bits.
 *		MACH_SEND_INVALID_DEST	The space is dead.
 *		MACH_SEND_INVALID_NOTIFY	Bad notify port.
 *		MACH_SEND_INVALID_DEST	Can't copyin destination port.
 *		MACH_SEND_INVALID_REPLY	Can't copyin reply port.
 *		MACH_SEND_TIMED_OUT	Timeout expired without delivery.
 *		MACH_SEND_INTERRUPTED	Delivery interrupted.
 */

mach_msg_return_t
mach_msg_send(
	mach_msg_header_t	*msg,
	mach_msg_option_t	option,
	mach_msg_size_t		send_size,
	mach_msg_timeout_t	send_timeout,
	__unused mach_port_name_t	notify)
{
	ipc_space_t space = current_space();
	vm_map_t map = current_map();
	ipc_kmsg_t kmsg;
	mach_msg_return_t mr;
	mach_msg_size_t	msg_and_trailer_size;
	mach_msg_max_trailer_t	*trailer;

	if ((send_size < sizeof(mach_msg_header_t)) || (send_size & 3))
		return MACH_SEND_MSG_TOO_SMALL;

	if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE)
		return MACH_SEND_TOO_LARGE;
	
	msg_and_trailer_size = send_size + MAX_TRAILER_SIZE;

	kmsg = ipc_kmsg_alloc(msg_and_trailer_size);

	if (kmsg == IKM_NULL)
		return MACH_SEND_NO_BUFFER;

	(void) memcpy((void *) kmsg->ikm_header, (const void *) msg, send_size);

	kmsg->ikm_header->msgh_size = send_size;

	/* 
	 * reserve for the trailer the largest space (MAX_TRAILER_SIZE)
	 * However, the internal size field of the trailer (msgh_trailer_size)
	 * is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize
	 * the cases where no implicit data is requested.
	 */
	trailer = (mach_msg_max_trailer_t *) ((vm_offset_t)kmsg->ikm_header + send_size);
	trailer->msgh_sender = current_thread()->task->sec_token;
	trailer->msgh_audit = current_thread()->task->audit_token;
	trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
	trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
	
	mr = ipc_kmsg_copyin(kmsg, space, map, option & MACH_SEND_NOTIFY);
	if (mr != MACH_MSG_SUCCESS) {
		ipc_kmsg_free(kmsg);
		return mr;
	}

	mr = ipc_kmsg_send(kmsg, option & MACH_SEND_TIMEOUT, send_timeout);
	if (mr != MACH_MSG_SUCCESS) {
	    mr |= ipc_kmsg_copyout_pseudo(kmsg, space, map, MACH_MSG_BODY_NULL);
	    (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, 
			  kmsg->ikm_header->msgh_size);
	    ipc_kmsg_free(kmsg);
	}

	return mr;
}

/*
 *	Routine:	mach_msg_receive_results
 *	Purpose:
 *		Receive a message.
 *	Conditions:
 *		Nothing locked.
 *	Returns:
 *		MACH_MSG_SUCCESS	Received a message.
 *		MACH_RCV_INVALID_NAME	The name doesn't denote a right,
 *			or the denoted right is not receive or port set.
 *		MACH_RCV_IN_SET		Receive right is a member of a set.
 *		MACH_RCV_TOO_LARGE	Message wouldn't fit into buffer.
 *		MACH_RCV_TIMED_OUT	Timeout expired without a message.
 *		MACH_RCV_INTERRUPTED	Reception interrupted.
 *		MACH_RCV_PORT_DIED	Port/set died while receiving.
 *		MACH_RCV_PORT_CHANGED	Port moved into set while receiving.
 *		MACH_RCV_INVALID_DATA	Couldn't copy to user buffer.
 *		MACH_RCV_INVALID_NOTIFY	Bad notify port.
 *		MACH_RCV_HEADER_ERROR
 */

mach_msg_return_t
mach_msg_receive_results(void)
{
	thread_t          self = current_thread();
	ipc_space_t       space = current_space();
	vm_map_t	  map = current_map();

	ipc_object_t      object = self->ith_object;
	mach_msg_return_t mr = self->ith_state;
	mach_vm_address_t msg_addr = self->ith_msg_addr;
	mach_msg_option_t option = self->ith_option;
	ipc_kmsg_t        kmsg = self->ith_kmsg;
	mach_port_seqno_t seqno = self->ith_seqno;

	mach_msg_max_trailer_t *trailer;

	ipc_object_release(object);

	if (mr != MACH_MSG_SUCCESS) {

	  if (mr == MACH_RCV_TOO_LARGE ) {
	    if (option & MACH_RCV_LARGE) {
	      /*
	       * We need to inform the user-level code that it needs more
	       * space.  The value for how much space was returned in the
	       * msize save area instead of the message (which was left on
	       * the queue).
	       */
	      if (copyout((char *) &self->ith_msize,
			  msg_addr + offsetof(mach_msg_header_t, msgh_size),
			  sizeof(mach_msg_size_t)))
		mr = MACH_RCV_INVALID_DATA;
	      goto out;
	    }
		  
	    if (msg_receive_error(kmsg, msg_addr, option, seqno, space)
		== MACH_RCV_INVALID_DATA)
	      mr = MACH_RCV_INVALID_DATA;
	  }
	  goto out;
	}

	trailer = (mach_msg_max_trailer_t *)
			((vm_offset_t)kmsg->ikm_header +
			round_msg(kmsg->ikm_header->msgh_size));
	if (option & MACH_RCV_TRAILER_MASK) {
		trailer->msgh_seqno = seqno;
		trailer->msgh_context = 
			kmsg->ikm_header->msgh_remote_port->ip_context;
		trailer->msgh_trailer_size = REQUESTED_TRAILER_SIZE(option);

		if (MACH_RCV_TRAILER_ELEMENTS(option) >= 
				MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AV)){
#if CONFIG_MACF_MACH
		  if (kmsg->ikm_sender != NULL &&
		    IP_VALID(kmsg->ikm_header->msgh_remote_port) &&
		    mac_port_check_method(kmsg->ikm_sender,
		    &kmsg->ikm_sender->maclabel,
		    &kmsg->ikm_header->msgh_remote_port->ip_label,
		    kmsg->ikm_header->msgh_id) == 0)
		      trailer->msgh_ad = 1;
		  else
#endif
		      trailer->msgh_ad = 0;
		}

		/*
		 * The ipc_kmsg_t holds a reference to the label of a label
		 * handle, not the port. We must get a reference to the port
		 * and a send right to copyout to the receiver.
		 */

		if (option & MACH_RCV_TRAILER_ELEMENTS (MACH_RCV_TRAILER_LABELS)) {
#if CONFIG_MACF_MACH
		  if (kmsg->ikm_sender != NULL) {
		    ipc_labelh_t  lh = kmsg->ikm_sender->label;
		    kern_return_t kr;

		    ip_lock(lh->lh_port);
		    lh->lh_port->ip_mscount++;
		    lh->lh_port->ip_srights++;
		    ip_reference(lh->lh_port);
		    ip_unlock(lh->lh_port);

		    kr = ipc_object_copyout(space, (ipc_object_t)lh->lh_port,
					    MACH_MSG_TYPE_PORT_SEND, 0,
					    &trailer->msgh_labels.sender);
		    if (kr != KERN_SUCCESS) {
		      ip_lock(lh->lh_port);
		      ip_release(lh->lh_port);
		      ip_check_unlock(lh->lh_port);

		      trailer->msgh_labels.sender = 0;
		    }
		  } else {
		    trailer->msgh_labels.sender = 0;
		  }
#else
		    trailer->msgh_labels.sender = 0;
#endif
		}
	}

	/*
	 * If MACH_RCV_OVERWRITE was specified, try to get the scatter
	 * list and verify it against the contents of the message.  If
	 * there is any problem with it, we will continue without it as
	 * normal.
	 */
	if (option & MACH_RCV_OVERWRITE) {
		mach_msg_size_t slist_size = self->ith_scatter_list_size;
		mach_msg_body_t *slist;

		slist = ipc_kmsg_get_scatter(msg_addr, slist_size, kmsg);
		mr = ipc_kmsg_copyout(kmsg, space, map, slist);
		ipc_kmsg_free_scatter(slist, slist_size);
	} else {
		mr = ipc_kmsg_copyout(kmsg, space, map, MACH_MSG_BODY_NULL);
	}

	if (mr != MACH_MSG_SUCCESS) {
		if ((mr &~ MACH_MSG_MASK) == MACH_RCV_BODY_ERROR) {
			if (ipc_kmsg_put(msg_addr, kmsg, kmsg->ikm_header->msgh_size +
			   trailer->msgh_trailer_size) == MACH_RCV_INVALID_DATA)
				mr = MACH_RCV_INVALID_DATA;
		} 
		else {
			if (msg_receive_error(kmsg, msg_addr, option, seqno, space) 
						== MACH_RCV_INVALID_DATA)
				mr = MACH_RCV_INVALID_DATA;
		}
		goto out;
	}
	mr = ipc_kmsg_put(msg_addr,
			  kmsg,
			  kmsg->ikm_header->msgh_size + 
			  trailer->msgh_trailer_size);
 out:
	return mr;
}

mach_msg_return_t
mach_msg_receive(
	mach_msg_header_t	*msg,
	mach_msg_option_t	option,
	mach_msg_size_t		rcv_size,
	mach_port_name_t	rcv_name,
	mach_msg_timeout_t	rcv_timeout,
	void			(*continuation)(mach_msg_return_t),
	mach_msg_size_t		slist_size)
{
	thread_t self = current_thread();
	ipc_space_t space = current_space();
	ipc_object_t object;
	ipc_mqueue_t mqueue;
	mach_msg_return_t mr;

	mr = ipc_mqueue_copyin(space, rcv_name, &mqueue, &object);
 	if (mr != MACH_MSG_SUCCESS) {
		return mr;
	}
	/* hold ref for object */

	self->ith_msg_addr = CAST_DOWN(mach_vm_address_t, msg);
	self->ith_object = object;
	self->ith_msize = rcv_size;
	self->ith_option = option;
	self->ith_scatter_list_size = slist_size;
	self->ith_continuation = continuation;

	ipc_mqueue_receive(mqueue, option, rcv_size, rcv_timeout, THREAD_ABORTSAFE);
	if ((option & MACH_RCV_TIMEOUT) && rcv_timeout == 0)
		thread_poll_yield(self);
	return mach_msg_receive_results();
}

void
mach_msg_receive_continue(void)
{
	thread_t self = current_thread();

	(*self->ith_continuation)(mach_msg_receive_results());
}


/*
 *	Routine:	mach_msg_overwrite_trap [mach trap]
 *	Purpose:
 *		Possibly send a message; possibly receive a message.
 *	Conditions:
 *		Nothing locked.
 *	Returns:
 *		All of mach_msg_send and mach_msg_receive error codes.
 */

mach_msg_return_t
mach_msg_overwrite_trap(
	struct mach_msg_overwrite_trap_args *args)
{
  	mach_vm_address_t	msg_addr = args->msg;
	mach_msg_option_t	option = args->option;
	mach_msg_size_t		send_size = args->send_size;
	mach_msg_size_t		rcv_size = args->rcv_size;
	mach_port_name_t	rcv_name = args->rcv_name;
	mach_msg_timeout_t	msg_timeout = args->timeout;
	__unused mach_port_name_t notify = args->notify;
	mach_vm_address_t	rcv_msg_addr = args->rcv_msg;
        mach_msg_size_t		scatter_list_size = 0; /* NOT INITIALIZED - but not used in pactice */
	__unused mach_port_seqno_t temp_seqno = 0;

	mach_msg_return_t  mr = MACH_MSG_SUCCESS;
	vm_map_t map = current_map();
	
	if (option & MACH_SEND_MSG) {
		ipc_space_t space = current_space();
		ipc_kmsg_t kmsg;

		mr = ipc_kmsg_get(msg_addr, send_size, &kmsg);

		if (mr != MACH_MSG_SUCCESS)
			return mr;

		mr = ipc_kmsg_copyin(kmsg, space, map, option & MACH_SEND_NOTIFY);
		if (mr != MACH_MSG_SUCCESS) {
			ipc_kmsg_free(kmsg);
			return mr;
		}

		mr = ipc_kmsg_send(kmsg, option & MACH_SEND_TIMEOUT, msg_timeout);

		if (mr != MACH_MSG_SUCCESS) {
			mr |= ipc_kmsg_copyout_pseudo(kmsg, space, map, MACH_MSG_BODY_NULL);
			(void) ipc_kmsg_put(msg_addr, kmsg, kmsg->ikm_header->msgh_size);
			return mr;
		}

	}

	if (option & MACH_RCV_MSG) {
		thread_t self = current_thread();
		ipc_space_t space = current_space();
		ipc_object_t object;
		ipc_mqueue_t mqueue;

		mr = ipc_mqueue_copyin(space, rcv_name, &mqueue, &object);
		if (mr != MACH_MSG_SUCCESS) {
			return mr;
		}
		/* hold ref for object */

		/*
		 * 1. MACH_RCV_OVERWRITE is on, and rcv_msg is our scatter list
		 *    and receive buffer
		 * 2. MACH_RCV_OVERWRITE is off, and rcv_msg might be the
		 *    alternate receive buffer (separate send and receive buffers).
		 */
		if (option & MACH_RCV_OVERWRITE) 
			self->ith_msg_addr = rcv_msg_addr;
		else if (rcv_msg_addr != (mach_vm_address_t)0)
			self->ith_msg_addr = rcv_msg_addr;
		else
			self->ith_msg_addr = msg_addr;
		self->ith_object = object;
		self->ith_msize = rcv_size;
		self->ith_option = option;
		self->ith_scatter_list_size = scatter_list_size;
		self->ith_receiver_name = MACH_PORT_NULL;
		self->ith_continuation = thread_syscall_return;

		ipc_mqueue_receive(mqueue, option, rcv_size, msg_timeout, THREAD_ABORTSAFE);
		if ((option & MACH_RCV_TIMEOUT) && msg_timeout == 0)
			thread_poll_yield(self);
		return mach_msg_receive_results();
	}

	return MACH_MSG_SUCCESS;
}

/*
 *	Routine:	mach_msg_trap [mach trap]
 *	Purpose:
 *		Possibly send a message; possibly receive a message.
 *	Conditions:
 *		Nothing locked.
 *	Returns:
 *		All of mach_msg_send and mach_msg_receive error codes.
 */

mach_msg_return_t
mach_msg_trap(
	struct mach_msg_overwrite_trap_args *args)
{
	kern_return_t kr;
	args->rcv_msg = (mach_vm_address_t)0;

 	kr = mach_msg_overwrite_trap(args);
	return kr;
}
 

/*
 *	Routine:	msg_receive_error	[internal]
 *	Purpose:
 *		Builds a minimal header/trailer and copies it to
 *		the user message buffer.  Invoked when in the case of a
 *		MACH_RCV_TOO_LARGE or MACH_RCV_BODY_ERROR error.
 *	Conditions:
 *		Nothing locked.
 *	Returns:
 *		MACH_MSG_SUCCESS	minimal header/trailer copied
 *		MACH_RCV_INVALID_DATA	copyout to user buffer failed
 */
	
mach_msg_return_t
msg_receive_error(
	ipc_kmsg_t		kmsg,
	mach_vm_address_t	msg_addr,
	mach_msg_option_t	option,
	mach_port_seqno_t	seqno,
	ipc_space_t		space)
{
	mach_msg_max_trailer_t *trailer;
	mach_vm_address_t	context;

	context = kmsg->ikm_header->msgh_remote_port->ip_context;

	/*
	 * Copy out the destination port in the message.
 	 * Destroy all other rights and memory in the message.
	 */
	ipc_kmsg_copyout_dest(kmsg, space);

	/*
	 * Build a minimal message with the requested trailer.
	 */
	trailer = (mach_msg_max_trailer_t *) 
			((vm_offset_t)kmsg->ikm_header +
			round_msg(sizeof(mach_msg_header_t)));
	kmsg->ikm_header->msgh_size = sizeof(mach_msg_header_t);
	bcopy(  (char *)&trailer_template, 
		(char *)trailer, 
		sizeof(trailer_template));
	if (option & MACH_RCV_TRAILER_MASK) {
		trailer->msgh_context = context; 
		trailer->msgh_seqno = seqno;
		trailer->msgh_trailer_size = REQUESTED_TRAILER_SIZE(option);
	}

	/*
	 * Copy the message to user space
	 */
	if (ipc_kmsg_put(msg_addr, kmsg, kmsg->ikm_header->msgh_size +
			trailer->msgh_trailer_size) == MACH_RCV_INVALID_DATA)
		return(MACH_RCV_INVALID_DATA);
	else 
		return(MACH_MSG_SUCCESS);
}
Commit	Line	Data
1c79356b	1	/*
2d21ac55	2	* Copyright (c) 2000-2007 Apple Inc. All rights reserved.
1c79356b	3	*
2d21ac55	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
1c79356b	5	*
2d21ac55 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
8f6c56a5	14	*
2d21ac55 A	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5 A	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
8f6c56a5 A	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55 A	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
8f6c56a5	25	*
2d21ac55	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
1c79356b A	27	*/
	28	/*
	29	* @OSF_COPYRIGHT@
	30	*/
	31	/*
	32	* Mach Operating System
	33	* Copyright (c) 1991,1990,1989 Carnegie Mellon University
	34	* All Rights Reserved.
	35	*
	36	* Permission to use, copy, modify and distribute this software and its
	37	* documentation is hereby granted, provided that both the copyright
	38	* notice and this permission notice appear in all copies of the
	39	* software, derivative works or modified versions, and any portions
	40	* thereof, and that both notices appear in supporting documentation.
	41	*
	42	* CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
	43	* CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
	44	* ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
	45	*
	46	* Carnegie Mellon requests users of this software to return to
	47	*
	48	* Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
	49	* School of Computer Science
	50	* Carnegie Mellon University
	51	* Pittsburgh PA 15213-3890
	52	*
	53	* any improvements or extensions that they make and grant Carnegie Mellon
	54	* the rights to redistribute these changes.
	55	*/
2d21ac55 A	56	/*
	57	* NOTICE: This file was modified by McAfee Research in 2004 to introduce
	58	* support for mandatory and extensible security protections. This notice
	59	* is included in support of clause 2.2 (b) of the Apple Public License,
	60	* Version 2.0.
	61	* Copyright (c) 2005 SPARTA, Inc.
	62	*/
1c79356b A	63	/*
	64	*/
	65	/*
	66	* File: ipc/mach_msg.c
	67	* Author: Rich Draves
	68	* Date: 1989
	69	*
	70	* Exported message traps. See mach/message.h.
	71	*/
	72
91447636	73	#include <mach/mach_types.h>
1c79356b A	74	#include <mach/kern_return.h>
	75	#include <mach/port.h>
	76	#include <mach/message.h>
	77	#include <mach/mig_errors.h>
91447636 A	78	#include <mach/mach_traps.h>
	79
	80	#include <kern/kern_types.h>
1c79356b A	81	#include <kern/assert.h>
	82	#include <kern/counters.h>
	83	#include <kern/cpu_number.h>
91447636 A	84	#include <kern/ipc_kobject.h>
91447636 A	85	#include <kern/ipc_mig.h>
1c79356b A	86	#include <kern/task.h>
	87	#include <kern/thread.h>
	88	#include <kern/lock.h>
	89	#include <kern/sched_prim.h>
	90	#include <kern/exception.h>
	91	#include <kern/misc_protos.h>
91447636 A	92	#include <kern/kalloc.h>
	93	#include <kern/processor.h>
	94	#include <kern/syscall_subr.h>
	95
1c79356b	96	#include <vm/vm_map.h>
91447636 A	97
91447636 A	98	#include <ipc/ipc_types.h>
1c79356b A	99	#include <ipc/ipc_kmsg.h>
	100	#include <ipc/ipc_mqueue.h>
	101	#include <ipc/ipc_object.h>
	102	#include <ipc/ipc_notify.h>
	103	#include <ipc/ipc_port.h>
	104	#include <ipc/ipc_pset.h>
	105	#include <ipc/ipc_space.h>
	106	#include <ipc/ipc_entry.h>
0b4e3aa0	107
1c79356b	108	#include <machine/machine_routines.h>
2d21ac55	109	#include <security/mac_mach_internal.h>
91447636	110
1c79356b A	111	#include <sys/kdebug.h>
1c79356b A	112
2d21ac55	113
91447636 A	114	#ifndef offsetof
	115	#define offsetof(type, member) ((size_t)(&((type *)0)->member))
	116	#endif /* offsetof */
	117
1c79356b	118	/*
91447636	119	* Forward declarations - kernel internal routines
1c79356b A	120	*/
	121
	122	mach_msg_return_t mach_msg_send(
	123	mach_msg_header_t *msg,
	124	mach_msg_option_t option,
	125	mach_msg_size_t send_size,
91447636	126	mach_msg_timeout_t send_timeout,
1c79356b A	127	mach_port_name_t notify);
	128
	129	mach_msg_return_t mach_msg_receive(
	130	mach_msg_header_t *msg,
	131	mach_msg_option_t option,
	132	mach_msg_size_t rcv_size,
	133	mach_port_name_t rcv_name,
91447636	134	mach_msg_timeout_t rcv_timeout,
1c79356b A	135	void (*continuation)(mach_msg_return_t),
	136	mach_msg_size_t slist_size);
	137
	138
	139	mach_msg_return_t msg_receive_error(
	140	ipc_kmsg_t kmsg,
91447636	141	mach_vm_address_t msg_addr,
1c79356b A	142	mach_msg_option_t option,
	143	mach_port_seqno_t seqno,
	144	ipc_space_t space);
	145
1c79356b	146	security_token_t KERNEL_SECURITY_TOKEN = KERNEL_SECURITY_TOKEN_VALUE;
55e303ae	147	audit_token_t KERNEL_AUDIT_TOKEN = KERNEL_AUDIT_TOKEN_VALUE;
1c79356b A	148
	149	mach_msg_format_0_trailer_t trailer_template = {
	150	/* mach_msg_trailer_type_t */ MACH_MSG_TRAILER_FORMAT_0,
	151	/* mach_msg_trailer_size_t */ MACH_MSG_TRAILER_MINIMUM_SIZE,
	152	/* mach_port_seqno_t */ 0,
	153	/* security_token_t */ KERNEL_SECURITY_TOKEN_VALUE
	154	};
	155
	156	/*
	157	* Routine: mach_msg_send
	158	* Purpose:
	159	* Send a message.
	160	* Conditions:
	161	* Nothing locked.
	162	* Returns:
	163	* MACH_MSG_SUCCESS Sent the message.
	164	* MACH_SEND_MSG_TOO_SMALL Message smaller than a header.
	165	* MACH_SEND_NO_BUFFER Couldn't allocate buffer.
	166	* MACH_SEND_INVALID_DATA Couldn't copy message data.
	167	* MACH_SEND_INVALID_HEADER
	168	* Illegal value in the message header bits.
	169	* MACH_SEND_INVALID_DEST The space is dead.
	170	* MACH_SEND_INVALID_NOTIFY Bad notify port.
	171	* MACH_SEND_INVALID_DEST Can't copyin destination port.
	172	* MACH_SEND_INVALID_REPLY Can't copyin reply port.
	173	* MACH_SEND_TIMED_OUT Timeout expired without delivery.
	174	* MACH_SEND_INTERRUPTED Delivery interrupted.
1c79356b A	175	*/
	176
	177	mach_msg_return_t
	178	mach_msg_send(
	179	mach_msg_header_t *msg,
	180	mach_msg_option_t option,
	181	mach_msg_size_t send_size,
91447636	182	mach_msg_timeout_t send_timeout,
6d2010ae	183	__unused mach_port_name_t notify)
1c79356b A	184	{
	185	ipc_space_t space = current_space();
	186	vm_map_t map = current_map();
	187	ipc_kmsg_t kmsg;
	188	mach_msg_return_t mr;
91447636 A	189	mach_msg_size_t msg_and_trailer_size;
91447636 A	190	mach_msg_max_trailer_t *trailer;
1c79356b	191
91447636 A	192	if ((send_size < sizeof(mach_msg_header_t)) \|\| (send_size & 3))
91447636 A	193	return MACH_SEND_MSG_TOO_SMALL;
1c79356b	194
8ad349bb A	195	if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE)
	196	return MACH_SEND_TOO_LARGE;
	197
91447636 A	198	msg_and_trailer_size = send_size + MAX_TRAILER_SIZE;
	199
	200	kmsg = ipc_kmsg_alloc(msg_and_trailer_size);
	201
	202	if (kmsg == IKM_NULL)
	203	return MACH_SEND_NO_BUFFER;
	204
	205	(void) memcpy((void ) kmsg->ikm_header, (const void ) msg, send_size);
1c79356b	206
91447636 A	207	kmsg->ikm_header->msgh_size = send_size;
	208
	209	/*
	210	* reserve for the trailer the largest space (MAX_TRAILER_SIZE)
	211	* However, the internal size field of the trailer (msgh_trailer_size)
	212	* is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize
	213	* the cases where no implicit data is requested.
	214	*/
	215	trailer = (mach_msg_max_trailer_t *) ((vm_offset_t)kmsg->ikm_header + send_size);
	216	trailer->msgh_sender = current_thread()->task->sec_token;
	217	trailer->msgh_audit = current_thread()->task->audit_token;
	218	trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
	219	trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
	220
6d2010ae	221	mr = ipc_kmsg_copyin(kmsg, space, map, option & MACH_SEND_NOTIFY);
1c79356b A	222	if (mr != MACH_MSG_SUCCESS) {
	223	ipc_kmsg_free(kmsg);
	224	return mr;
	225	}
	226
91447636	227	mr = ipc_kmsg_send(kmsg, option & MACH_SEND_TIMEOUT, send_timeout);
1c79356b A	228	if (mr != MACH_MSG_SUCCESS) {
1c79356b A	229	mr \|= ipc_kmsg_copyout_pseudo(kmsg, space, map, MACH_MSG_BODY_NULL);
91447636 A	230	(void) memcpy((void ) msg, (const void ) kmsg->ikm_header,
	231	kmsg->ikm_header->msgh_size);
	232	ipc_kmsg_free(kmsg);
1c79356b A	233	}
	234
	235	return mr;
	236	}
	237
	238	/*
6d2010ae	239	* Routine: mach_msg_receive_results
1c79356b A	240	* Purpose:
	241	* Receive a message.
	242	* Conditions:
	243	* Nothing locked.
	244	* Returns:
	245	* MACH_MSG_SUCCESS Received a message.
	246	* MACH_RCV_INVALID_NAME The name doesn't denote a right,
	247	* or the denoted right is not receive or port set.
	248	* MACH_RCV_IN_SET Receive right is a member of a set.
	249	* MACH_RCV_TOO_LARGE Message wouldn't fit into buffer.
	250	* MACH_RCV_TIMED_OUT Timeout expired without a message.
	251	* MACH_RCV_INTERRUPTED Reception interrupted.
	252	* MACH_RCV_PORT_DIED Port/set died while receiving.
	253	* MACH_RCV_PORT_CHANGED Port moved into set while receiving.
	254	* MACH_RCV_INVALID_DATA Couldn't copy to user buffer.
	255	* MACH_RCV_INVALID_NOTIFY Bad notify port.
	256	* MACH_RCV_HEADER_ERROR
	257	*/
	258
	259	mach_msg_return_t
	260	mach_msg_receive_results(void)
	261	{
	262	thread_t self = current_thread();
	263	ipc_space_t space = current_space();
	264	vm_map_t map = current_map();
	265
	266	ipc_object_t object = self->ith_object;
	267	mach_msg_return_t mr = self->ith_state;
91447636	268	mach_vm_address_t msg_addr = self->ith_msg_addr;
1c79356b A	269	mach_msg_option_t option = self->ith_option;
	270	ipc_kmsg_t kmsg = self->ith_kmsg;
	271	mach_port_seqno_t seqno = self->ith_seqno;
1c79356b	272
2d21ac55	273	mach_msg_max_trailer_t *trailer;
1c79356b A	274
	275	ipc_object_release(object);
	276
	277	if (mr != MACH_MSG_SUCCESS) {
	278
	279	if (mr == MACH_RCV_TOO_LARGE ) {
	280	if (option & MACH_RCV_LARGE) {
	281	/*
	282	* We need to inform the user-level code that it needs more
	283	* space. The value for how much space was returned in the
	284	* msize save area instead of the message (which was left on
	285	* the queue).
	286	*/
	287	if (copyout((char *) &self->ith_msize,
91447636	288	msg_addr + offsetof(mach_msg_header_t, msgh_size),
1c79356b A	289	sizeof(mach_msg_size_t)))
	290	mr = MACH_RCV_INVALID_DATA;
	291	goto out;
	292	}
	293
91447636	294	if (msg_receive_error(kmsg, msg_addr, option, seqno, space)
1c79356b A	295	== MACH_RCV_INVALID_DATA)
	296	mr = MACH_RCV_INVALID_DATA;
	297	}
	298	goto out;
	299	}
	300
2d21ac55	301	trailer = (mach_msg_max_trailer_t *)
91447636 A	302	((vm_offset_t)kmsg->ikm_header +
91447636 A	303	round_msg(kmsg->ikm_header->msgh_size));
1c79356b A	304	if (option & MACH_RCV_TRAILER_MASK) {
1c79356b A	305	trailer->msgh_seqno = seqno;
b0d623f7 A	306	trailer->msgh_context =
b0d623f7 A	307	kmsg->ikm_header->msgh_remote_port->ip_context;
1c79356b	308	trailer->msgh_trailer_size = REQUESTED_TRAILER_SIZE(option);
2d21ac55	309
b0d623f7 A	310	if (MACH_RCV_TRAILER_ELEMENTS(option) >=
b0d623f7 A	311	MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AV)){
2d21ac55 A	312	#if CONFIG_MACF_MACH
	313	if (kmsg->ikm_sender != NULL &&
	314	IP_VALID(kmsg->ikm_header->msgh_remote_port) &&
	315	mac_port_check_method(kmsg->ikm_sender,
	316	&kmsg->ikm_sender->maclabel,
b0d623f7	317	&kmsg->ikm_header->msgh_remote_port->ip_label,
2d21ac55 A	318	kmsg->ikm_header->msgh_id) == 0)
	319	trailer->msgh_ad = 1;
	320	else
	321	#endif
	322	trailer->msgh_ad = 0;
	323	}
	324
	325	/*
	326	* The ipc_kmsg_t holds a reference to the label of a label
	327	* handle, not the port. We must get a reference to the port
	328	* and a send right to copyout to the receiver.
	329	*/
	330
	331	if (option & MACH_RCV_TRAILER_ELEMENTS (MACH_RCV_TRAILER_LABELS)) {
	332	#if CONFIG_MACF_MACH
	333	if (kmsg->ikm_sender != NULL) {
	334	ipc_labelh_t lh = kmsg->ikm_sender->label;
	335	kern_return_t kr;
	336
	337	ip_lock(lh->lh_port);
	338	lh->lh_port->ip_mscount++;
	339	lh->lh_port->ip_srights++;
	340	ip_reference(lh->lh_port);
	341	ip_unlock(lh->lh_port);
	342
	343	kr = ipc_object_copyout(space, (ipc_object_t)lh->lh_port,
	344	MACH_MSG_TYPE_PORT_SEND, 0,
	345	&trailer->msgh_labels.sender);
	346	if (kr != KERN_SUCCESS) {
	347	ip_lock(lh->lh_port);
	348	ip_release(lh->lh_port);
	349	ip_check_unlock(lh->lh_port);
	350
	351	trailer->msgh_labels.sender = 0;
	352	}
	353	} else {
	354	trailer->msgh_labels.sender = 0;
	355	}
	356	#else
	357	trailer->msgh_labels.sender = 0;
	358	#endif
	359	}
1c79356b A	360	}
	361
	362	/*
	363	* If MACH_RCV_OVERWRITE was specified, try to get the scatter
	364	* list and verify it against the contents of the message. If
	365	* there is any problem with it, we will continue without it as
	366	* normal.
	367	*/
	368	if (option & MACH_RCV_OVERWRITE) {
	369	mach_msg_size_t slist_size = self->ith_scatter_list_size;
	370	mach_msg_body_t *slist;
	371
91447636	372	slist = ipc_kmsg_get_scatter(msg_addr, slist_size, kmsg);
6d2010ae	373	mr = ipc_kmsg_copyout(kmsg, space, map, slist);
1c79356b A	374	ipc_kmsg_free_scatter(slist, slist_size);
1c79356b A	375	} else {
6d2010ae	376	mr = ipc_kmsg_copyout(kmsg, space, map, MACH_MSG_BODY_NULL);
1c79356b A	377	}
	378
	379	if (mr != MACH_MSG_SUCCESS) {
	380	if ((mr &~ MACH_MSG_MASK) == MACH_RCV_BODY_ERROR) {
91447636	381	if (ipc_kmsg_put(msg_addr, kmsg, kmsg->ikm_header->msgh_size +
1c79356b A	382	trailer->msgh_trailer_size) == MACH_RCV_INVALID_DATA)
	383	mr = MACH_RCV_INVALID_DATA;
	384	}
	385	else {
91447636	386	if (msg_receive_error(kmsg, msg_addr, option, seqno, space)
1c79356b A	387	== MACH_RCV_INVALID_DATA)
	388	mr = MACH_RCV_INVALID_DATA;
	389	}
	390	goto out;
	391	}
91447636	392	mr = ipc_kmsg_put(msg_addr,
1c79356b	393	kmsg,
91447636	394	kmsg->ikm_header->msgh_size +
1c79356b A	395	trailer->msgh_trailer_size);
	396	out:
	397	return mr;
	398	}
	399
	400	mach_msg_return_t
	401	mach_msg_receive(
	402	mach_msg_header_t *msg,
	403	mach_msg_option_t option,
	404	mach_msg_size_t rcv_size,
	405	mach_port_name_t rcv_name,
91447636	406	mach_msg_timeout_t rcv_timeout,
1c79356b A	407	void (*continuation)(mach_msg_return_t),
	408	mach_msg_size_t slist_size)
	409	{
	410	thread_t self = current_thread();
	411	ipc_space_t space = current_space();
1c79356b A	412	ipc_object_t object;
1c79356b A	413	ipc_mqueue_t mqueue;
1c79356b	414	mach_msg_return_t mr;
1c79356b A	415
	416	mr = ipc_mqueue_copyin(space, rcv_name, &mqueue, &object);
	417	if (mr != MACH_MSG_SUCCESS) {
	418	return mr;
	419	}
	420	/* hold ref for object */
	421
91447636	422	self->ith_msg_addr = CAST_DOWN(mach_vm_address_t, msg);
1c79356b A	423	self->ith_object = object;
	424	self->ith_msize = rcv_size;
	425	self->ith_option = option;
	426	self->ith_scatter_list_size = slist_size;
	427	self->ith_continuation = continuation;
	428
91447636 A	429	ipc_mqueue_receive(mqueue, option, rcv_size, rcv_timeout, THREAD_ABORTSAFE);
	430	if ((option & MACH_RCV_TIMEOUT) && rcv_timeout == 0)
	431	thread_poll_yield(self);
1c79356b A	432	return mach_msg_receive_results();
	433	}
	434
	435	void
	436	mach_msg_receive_continue(void)
	437	{
	438	thread_t self = current_thread();
	439
	440	(*self->ith_continuation)(mach_msg_receive_results());
	441	}
	442
1c79356b A	443
	444	/*
	445	* Routine: mach_msg_overwrite_trap [mach trap]
	446	* Purpose:
	447	* Possibly send a message; possibly receive a message.
	448	* Conditions:
	449	* Nothing locked.
	450	* Returns:
	451	* All of mach_msg_send and mach_msg_receive error codes.
	452	*/
	453
	454	mach_msg_return_t
	455	mach_msg_overwrite_trap(
91447636	456	struct mach_msg_overwrite_trap_args *args)
1c79356b	457	{
91447636 A	458	mach_vm_address_t msg_addr = args->msg;
	459	mach_msg_option_t option = args->option;
	460	mach_msg_size_t send_size = args->send_size;
	461	mach_msg_size_t rcv_size = args->rcv_size;
	462	mach_port_name_t rcv_name = args->rcv_name;
	463	mach_msg_timeout_t msg_timeout = args->timeout;
6d2010ae	464	__unused mach_port_name_t notify = args->notify;
91447636 A	465	mach_vm_address_t rcv_msg_addr = args->rcv_msg;
91447636 A	466	mach_msg_size_t scatter_list_size = 0; /* NOT INITIALIZED - but not used in pactice */
2d21ac55	467	__unused mach_port_seqno_t temp_seqno = 0;
91447636	468
1c79356b	469	mach_msg_return_t mr = MACH_MSG_SUCCESS;
b0d623f7 A	470	vm_map_t map = current_map();
b0d623f7 A	471
1c79356b	472	if (option & MACH_SEND_MSG) {
91447636	473	ipc_space_t space = current_space();
91447636 A	474	ipc_kmsg_t kmsg;
	475
	476	mr = ipc_kmsg_get(msg_addr, send_size, &kmsg);
	477
	478	if (mr != MACH_MSG_SUCCESS)
	479	return mr;
	480
6d2010ae	481	mr = ipc_kmsg_copyin(kmsg, space, map, option & MACH_SEND_NOTIFY);
1c79356b	482	if (mr != MACH_MSG_SUCCESS) {
91447636	483	ipc_kmsg_free(kmsg);
1c79356b A	484	return mr;
1c79356b A	485	}
91447636 A	486
	487	mr = ipc_kmsg_send(kmsg, option & MACH_SEND_TIMEOUT, msg_timeout);
	488
	489	if (mr != MACH_MSG_SUCCESS) {
	490	mr \|= ipc_kmsg_copyout_pseudo(kmsg, space, map, MACH_MSG_BODY_NULL);
	491	(void) ipc_kmsg_put(msg_addr, kmsg, kmsg->ikm_header->msgh_size);
	492	return mr;
	493	}
	494
1c79356b A	495	}
	496
	497	if (option & MACH_RCV_MSG) {
91447636 A	498	thread_t self = current_thread();
	499	ipc_space_t space = current_space();
	500	ipc_object_t object;
	501	ipc_mqueue_t mqueue;
	502
	503	mr = ipc_mqueue_copyin(space, rcv_name, &mqueue, &object);
	504	if (mr != MACH_MSG_SUCCESS) {
	505	return mr;
	506	}
	507	/* hold ref for object */
1c79356b A	508
	509	/*
	510	* 1. MACH_RCV_OVERWRITE is on, and rcv_msg is our scatter list
	511	* and receive buffer
	512	* 2. MACH_RCV_OVERWRITE is off, and rcv_msg might be the
	513	* alternate receive buffer (separate send and receive buffers).
	514	*/
	515	if (option & MACH_RCV_OVERWRITE)
91447636 A	516	self->ith_msg_addr = rcv_msg_addr;
	517	else if (rcv_msg_addr != (mach_vm_address_t)0)
	518	self->ith_msg_addr = rcv_msg_addr;
1c79356b	519	else
91447636 A	520	self->ith_msg_addr = msg_addr;
	521	self->ith_object = object;
	522	self->ith_msize = rcv_size;
	523	self->ith_option = option;
	524	self->ith_scatter_list_size = scatter_list_size;
b0d623f7	525	self->ith_receiver_name = MACH_PORT_NULL;
91447636 A	526	self->ith_continuation = thread_syscall_return;
	527
	528	ipc_mqueue_receive(mqueue, option, rcv_size, msg_timeout, THREAD_ABORTSAFE);
	529	if ((option & MACH_RCV_TIMEOUT) && msg_timeout == 0)
	530	thread_poll_yield(self);
	531	return mach_msg_receive_results();
1c79356b A	532	}
	533
	534	return MACH_MSG_SUCCESS;
	535	}
	536
9bccf70c A	537	/*
	538	* Routine: mach_msg_trap [mach trap]
	539	* Purpose:
	540	* Possibly send a message; possibly receive a message.
	541	* Conditions:
	542	* Nothing locked.
	543	* Returns:
	544	* All of mach_msg_send and mach_msg_receive error codes.
	545	*/
	546
	547	mach_msg_return_t
	548	mach_msg_trap(
91447636	549	struct mach_msg_overwrite_trap_args *args)
9bccf70c	550	{
91447636 A	551	kern_return_t kr;
	552	args->rcv_msg = (mach_vm_address_t)0;
	553
	554	kr = mach_msg_overwrite_trap(args);
	555	return kr;
9bccf70c A	556	}
	557
	558
1c79356b A	559	/*
	560	* Routine: msg_receive_error [internal]
	561	* Purpose:
	562	* Builds a minimal header/trailer and copies it to
	563	* the user message buffer. Invoked when in the case of a
	564	* MACH_RCV_TOO_LARGE or MACH_RCV_BODY_ERROR error.
	565	* Conditions:
	566	* Nothing locked.
	567	* Returns:
	568	* MACH_MSG_SUCCESS minimal header/trailer copied
	569	* MACH_RCV_INVALID_DATA copyout to user buffer failed
	570	*/
	571
	572	mach_msg_return_t
	573	msg_receive_error(
	574	ipc_kmsg_t kmsg,
91447636	575	mach_vm_address_t msg_addr,
1c79356b A	576	mach_msg_option_t option,
	577	mach_port_seqno_t seqno,
	578	ipc_space_t space)
	579	{
b0d623f7 A	580	mach_msg_max_trailer_t *trailer;
	581	mach_vm_address_t context;
	582
	583	context = kmsg->ikm_header->msgh_remote_port->ip_context;
1c79356b A	584
	585	/*
	586	* Copy out the destination port in the message.
	587	* Destroy all other rights and memory in the message.
	588	*/
	589	ipc_kmsg_copyout_dest(kmsg, space);
	590
	591	/*
	592	* Build a minimal message with the requested trailer.
	593	*/
b0d623f7	594	trailer = (mach_msg_max_trailer_t *)
91447636	595	((vm_offset_t)kmsg->ikm_header +
1c79356b	596	round_msg(sizeof(mach_msg_header_t)));
91447636	597	kmsg->ikm_header->msgh_size = sizeof(mach_msg_header_t);
1c79356b A	598	bcopy( (char *)&trailer_template,
	599	(char *)trailer,
	600	sizeof(trailer_template));
	601	if (option & MACH_RCV_TRAILER_MASK) {
b0d623f7	602	trailer->msgh_context = context;
1c79356b A	603	trailer->msgh_seqno = seqno;
	604	trailer->msgh_trailer_size = REQUESTED_TRAILER_SIZE(option);
	605	}
	606
	607	/*
	608	* Copy the message to user space
	609	*/
91447636	610	if (ipc_kmsg_put(msg_addr, kmsg, kmsg->ikm_header->msgh_size +
1c79356b A	611	trailer->msgh_trailer_size) == MACH_RCV_INVALID_DATA)
	612	return(MACH_RCV_INVALID_DATA);
	613	else
	614	return(MACH_MSG_SUCCESS);
	615	}