]> git.saurik.com Git - apple/xnu.git/blame - osfmk/kern/ipc_kobject.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-4903.241.1.tar.gz
[apple/xnu.git] / osfmk / kern / ipc_kobject.c
CommitLineData
1c79356b 1/*
39037602 2 * Copyright (c) 2000-2016 Apple Inc. All rights reserved.
1c79356b 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
1c79356b 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
8f6c56a5 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A		 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A		 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
8f6c56a5 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
1c79356b
A		 27 */
28/*
29 * @OSF_COPYRIGHT@
30 */
31/*
32 * Mach Operating System
33 * Copyright (c) 1991,1990,1989 Carnegie Mellon University
34 * All Rights Reserved.
35 *
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
41 *
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
45 *
46 * Carnegie Mellon requests users of this software to return to
47 *
48 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
52 *
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
55 */
2d21ac55
A		 56/*
57 * NOTICE: This file was modified by McAfee Research in 2004 to introduce
58 * support for mandatory and extensible security protections. This notice
59 * is included in support of clause 2.2 (b) of the Apple Public License,
60 * Version 2.0.
61 * Copyright (c) 2005 SPARTA, Inc.
62 */
1c79356b
A		 63/*
64 */
65/*
66 * File: kern/ipc_kobject.c
67 * Author: Rich Draves
68 * Date: 1989
69 *
70 * Functions for letting a port represent a kernel object.
71 */
72
73#include <mach_debug.h>
74#include <mach_ipc_test.h>
9bccf70c 75#include <mach/mig.h>
1c79356b
A		 76#include <mach/port.h>
77#include <mach/kern_return.h>
78#include <mach/message.h>
79#include <mach/mig_errors.h>
80#include <mach/notify.h>
91447636 81#include <mach/ndr.h>
b0d623f7 82#include <mach/vm_param.h>
91447636
A		 83
84#include <mach/mach_vm_server.h>
85#include <mach/mach_port_server.h>
86#include <mach/mach_host_server.h>
87#include <mach/host_priv_server.h>
88#include <mach/host_security_server.h>
89#include <mach/clock_server.h>
90#include <mach/clock_priv_server.h>
91447636 91#include <mach/lock_set_server.h>
d9a64523 92#include <mach/memory_entry_server.h>
91447636
A		 93#include <mach/memory_object_control_server.h>
94#include <mach/memory_object_default_server.h>
91447636
A		 95#include <mach/processor_server.h>
96#include <mach/processor_set_server.h>
91447636 97#include <mach/task_server.h>
fe8ab488
A		 98#include <mach/mach_voucher_server.h>
99#include <mach/mach_voucher_attr_control_server.h>
39037602 100#ifdef VM32_SUPPORT
b0d623f7
A		 101#include <mach/vm32_map_server.h>
102#endif
91447636
A		 103#include <mach/thread_act_server.h>
104
d9a64523
A		 105#include <mach/exc_server.h>
106#include <mach/mach_exc_server.h>
107
91447636
A		 108#include <device/device_types.h>
109#include <device/device_server.h>
110
111#include <UserNotification/UNDReplyServer.h>
112
b0d623f7
A		 113#if CONFIG_AUDIT
114#include <kern/audit_sessionport.h>
115#endif
116
91447636
A		 117#if MACH_MACHINE_ROUTINES
118#include <machine/machine_routines.h>
119#endif /* MACH_MACHINE_ROUTINES */
120#if XK_PROXY
121#include <uk_xkern/xk_uproxy_server.h>
122#endif /* XK_PROXY */
9bccf70c 123
91447636 124#include <kern/ipc_tt.h>
1c79356b 125#include <kern/ipc_mig.h>
d1ecb069 126#include <kern/ipc_misc.h>
1c79356b 127#include <kern/ipc_kobject.h>
55e303ae 128#include <kern/host_notify.h>
1c79356b 129#include <kern/mk_timer.h>
55e303ae 130#include <kern/misc_protos.h>
1c79356b
A		 131#include <ipc/ipc_kmsg.h>
132#include <ipc/ipc_port.h>
fe8ab488 133#include <ipc/ipc_voucher.h>
3e170ce0 134#include <kern/sync_sema.h>
1c79356b 135#include <kern/counters.h>
5ba3f43e 136#include <kern/work_interval.h>
1c79356b 137
91447636 138#include <vm/vm_protos.h>
1c79356b 139
2d21ac55
A		 140#include <security/mac_mach_internal.h>
141
39236c6e
A		 142extern char *proc_name_address(void *p);
143extern int proc_pid(void *p);
144
1c79356b
A		 145/*
146 * Routine: ipc_kobject_notify
147 * Purpose:
148 * Deliver notifications to kobjects that care about them.
149 */
150boolean_t
151ipc_kobject_notify(
152 mach_msg_header_t *request_header,
153 mach_msg_header_t *reply_header);
154
1c79356b
A		 155typedef struct {
156 mach_msg_id_t num;
157 mig_routine_t routine;
158 int size;
159#if MACH_COUNTERS
160 mach_counter_t callcount;
161#endif
162} mig_hash_t;
163
fe8ab488 164#define MAX_MIG_ENTRIES 1031
1c79356b
A		 165#define MIG_HASH(x) (x)
166
167#ifndef max
168#define max(a,b) (((a) > (b)) ? (a) : (b))
169#endif /* max */
170
fe8ab488
A		 171static mig_hash_t mig_buckets[MAX_MIG_ENTRIES];
172static int mig_table_max_displ;
173static mach_msg_size_t mig_reply_size = sizeof(mig_reply_error_t);
1c79356b 174
1c79356b
A		 175
176
91447636
A		 177const struct mig_subsystem *mig_e[] = {
178 (const struct mig_subsystem *)&mach_vm_subsystem,
179 (const struct mig_subsystem *)&mach_port_subsystem,
180 (const struct mig_subsystem *)&mach_host_subsystem,
181 (const struct mig_subsystem *)&host_priv_subsystem,
182 (const struct mig_subsystem *)&host_security_subsystem,
183 (const struct mig_subsystem *)&clock_subsystem,
184 (const struct mig_subsystem *)&clock_priv_subsystem,
185 (const struct mig_subsystem *)&processor_subsystem,
186 (const struct mig_subsystem *)&processor_set_subsystem,
187 (const struct mig_subsystem *)&is_iokit_subsystem,
91447636 188 (const struct mig_subsystem *)&lock_set_subsystem,
91447636
A		 189 (const struct mig_subsystem *)&task_subsystem,
190 (const struct mig_subsystem *)&thread_act_subsystem,
39037602 191#ifdef VM32_SUPPORT
b0d623f7
A		 192 (const struct mig_subsystem *)&vm32_map_subsystem,
193#endif
91447636 194 (const struct mig_subsystem *)&UNDReply_subsystem,
fe8ab488
A		 195 (const struct mig_subsystem *)&mach_voucher_subsystem,
196 (const struct mig_subsystem *)&mach_voucher_attr_control_subsystem,
d9a64523 197 (const struct mig_subsystem *)&memory_entry_subsystem,
1c79356b
A		 198
199#if XK_PROXY
91447636 200 (const struct mig_subsystem *)&do_uproxy_xk_uproxy_subsystem,
1c79356b
A		 201#endif /* XK_PROXY */
202#if MACH_MACHINE_ROUTINES
91447636 203 (const struct mig_subsystem *)&MACHINE_SUBSYSTEM,
1c79356b
A		 204#endif /* MACH_MACHINE_ROUTINES */
205#if MCMSG && iPSC860
91447636 206 (const struct mig_subsystem *)&mcmsg_info_subsystem,
1c79356b 207#endif /* MCMSG && iPSC860 */
d9a64523
A		 208 (const struct mig_subsystem *)&catch_exc_subsystem,
209 (const struct mig_subsystem *)&catch_mach_exc_subsystem,
210
1c79356b
A		 211};
212
213void
214mig_init(void)
215{
91447636
A		 216 unsigned int i, n = sizeof(mig_e)/sizeof(const struct mig_subsystem *);
217 int howmany;
218 mach_msg_id_t j, pos, nentry, range;
1c79356b
A		 219
220 for (i = 0; i < n; i++) {
221 range = mig_e[i]->end - mig_e[i]->start;
222 if (!mig_e[i]->start || range < 0)
223 panic("the msgh_ids in mig_e[] aren't valid!");
1c79356b
A		 224
225 for (j = 0; j < range; j++) {
226 if (mig_e[i]->routine[j].stub_routine) {
227 /* Only put real entries in the table */
228 nentry = j + mig_e[i]->start;
229 for (pos = MIG_HASH(nentry) % MAX_MIG_ENTRIES, howmany = 1;
230 mig_buckets[pos].num;
2d21ac55 231 pos++, pos = pos % MAX_MIG_ENTRIES, howmany++) {
1c79356b
A		 232 if (mig_buckets[pos].num == nentry) {
233 printf("message id = %d\n", nentry);
234 panic("multiple entries with the same msgh_id");
235 }
236 if (howmany == MAX_MIG_ENTRIES)
237 panic("the mig dispatch table is too small");
238 }
239
240 mig_buckets[pos].num = nentry;
241 mig_buckets[pos].routine = mig_e[i]->routine[j].stub_routine;
242 if (mig_e[i]->routine[j].max_reply_msg)
243 mig_buckets[pos].size = mig_e[i]->routine[j].max_reply_msg;
244 else
245 mig_buckets[pos].size = mig_e[i]->maxsize;
246
247 mig_table_max_displ = max(howmany, mig_table_max_displ);
248 }
249 }
250 }
0b4e3aa0 251 printf("mig_table_max_displ = %d\n", mig_table_max_displ);
1c79356b
A		 252}
253
254
255/*
256 * Routine: ipc_kobject_server
257 * Purpose:
258 * Handle a message sent to the kernel.
259 * Generates a reply message.
260 * Version for Untyped IPC.
261 * Conditions:
262 * Nothing locked.
263 */
264
265ipc_kmsg_t
266ipc_kobject_server(
39037602
A		 267 ipc_kmsg_t request,
268 mach_msg_option_t __unused option)
1c79356b
A		 269{
270 mach_msg_size_t reply_size;
271 ipc_kmsg_t reply;
272 kern_return_t kr;
1c79356b 273 ipc_port_t *destp;
4bd07ac2 274 ipc_port_t replyp = IPC_PORT_NULL;
1c79356b 275 mach_msg_format_0_trailer_t *trailer;
39037602
A		 276 mig_hash_t *ptr;
277 task_t task = TASK_NULL;
278 uint32_t exec_token;
279 boolean_t exec_token_changed = FALSE;
d9a64523 280 int request_msgh_id = request->ikm_header->msgh_id;
91447636 281
1c79356b 282 /*
91447636
A		 283 * Find out corresponding mig_hash entry if any
284 */
1c79356b 285 {
d9a64523 286 unsigned int i = (unsigned int)MIG_HASH(request_msgh_id);
39037602
A		 287 int max_iter = mig_table_max_displ;
288
289 do {
1c79356b 290 ptr = &mig_buckets[i++ % MAX_MIG_ENTRIES];
d9a64523 291 } while (request_msgh_id != ptr->num && ptr->num && --max_iter);
1c79356b 292
d9a64523 293 if (!ptr->routine || request_msgh_id != ptr->num) {
1c79356b
A		 294 ptr = (mig_hash_t *)0;
295 reply_size = mig_reply_size;
296 } else {
297 reply_size = ptr->size;
298#if MACH_COUNTER
299 ptr->callcount++;
300#endif
301 }
302 }
303
304 /* round up for trailer size */
305 reply_size += MAX_TRAILER_SIZE;
306 reply = ipc_kmsg_alloc(reply_size);
307
308 if (reply == IKM_NULL) {
309 printf("ipc_kobject_server: dropping request\n");
39037602 310 ipc_kmsg_trace_send(request, option);
1c79356b
A		 311 ipc_kmsg_destroy(request);
312 return IKM_NULL;
313 }
314
315 /*
316 * Initialize reply message.
317 */
318 {
91447636
A		 319#define InP ((mach_msg_header_t *) request->ikm_header)
320#define OutP ((mig_reply_error_t *) reply->ikm_header)
1c79356b 321
316670eb
A		 322 /*
323 * MIG should really assure no data leakage -
324 * but until it does, pessimistically zero the
325 * whole reply buffer.
326 */
327 bzero((void *)OutP, reply_size);
328
1c79356b
A		 329 OutP->NDR = NDR_record;
330 OutP->Head.msgh_size = sizeof(mig_reply_error_t);
331
332 OutP->Head.msgh_bits =
fe8ab488 333 MACH_MSGH_BITS_SET(MACH_MSGH_BITS_LOCAL(InP->msgh_bits), 0, 0, 0);
1c79356b 334 OutP->Head.msgh_remote_port = InP->msgh_local_port;
fe8ab488
A		 335 OutP->Head.msgh_local_port = MACH_PORT_NULL;
336 OutP->Head.msgh_voucher_port = MACH_PORT_NULL;
1c79356b
A		 337 OutP->Head.msgh_id = InP->msgh_id + 100;
338
339#undef InP
340#undef OutP
341 }
342
343 /*
344 * Find the routine to call, and call it
345 * to perform the kernel function
346 */
39037602 347 ipc_kmsg_trace_send(request, option);
1c79356b 348 {
39037602
A		 349 if (ptr) {
350 /*
351 * Check if the port is a task port, if its a task port then
352 * snapshot the task exec token before the mig routine call.
353 */
354 ipc_port_t port = request->ikm_header->msgh_remote_port;
355 if (IP_VALID(port) && ip_kotype(port) == IKOT_TASK) {
356 task = convert_port_to_task_with_exec_token(port, &exec_token);
357 }
358
91447636 359 (*ptr->routine)(request->ikm_header, reply->ikm_header);
39037602
A		 360
361 /* Check if the exec token changed during the mig routine */
362 if (task != TASK_NULL) {
363 if (exec_token != task->exec_token) {
364 exec_token_changed = TRUE;
365 }
366 task_deallocate(task);
367 }
368
1c79356b
A		 369 kernel_task->messages_received++;
370 }
371 else {
91447636 372 if (!ipc_kobject_notify(request->ikm_header, reply->ikm_header)){
4bd07ac2 373#if DEVELOPMENT || DEBUG
1c79356b 374 printf("ipc_kobject_server: bogus kernel message, id=%d\n",
91447636 375 request->ikm_header->msgh_id);
4bd07ac2 376#endif /* DEVELOPMENT || DEBUG */
91447636 377 _MIG_MSGID_INVALID(request->ikm_header->msgh_id);
1c79356b 378
91447636 379 ((mig_reply_error_t *) reply->ikm_header)->RetCode
1c79356b
A		 380 = MIG_BAD_ID;
381 }
382 else
383 kernel_task->messages_received++;
384 }
385 kernel_task->messages_sent++;
386 }
387
388 /*
389 * Destroy destination. The following code differs from
390 * ipc_object_destroy in that we release the send-once
391 * right instead of generating a send-once notification
392 * (which would bring us here again, creating a loop).
393 * It also differs in that we only expect send or
394 * send-once rights, never receive rights.
395 *
396 * We set msgh_remote_port to IP_NULL so that the kmsg
397 * destroy routines don't try to destroy the port twice.
398 */
91447636
A		 399 destp = (ipc_port_t *) &request->ikm_header->msgh_remote_port;
400 switch (MACH_MSGH_BITS_REMOTE(request->ikm_header->msgh_bits)) {
1c79356b
A		 401 case MACH_MSG_TYPE_PORT_SEND:
402 ipc_port_release_send(*destp);
403 break;
404
405 case MACH_MSG_TYPE_PORT_SEND_ONCE:
406 ipc_port_release_sonce(*destp);
407 break;
408
409 default:
9bccf70c 410 panic("ipc_kobject_server: strange destination rights");
1c79356b
A		 411 }
412 *destp = IP_NULL;
413
fe8ab488
A		 414 /*
415 * Destroy voucher. The kernel MIG servers never take ownership
416 * of vouchers sent in messages. Swallow any such rights here.
417 */
418 if (IP_VALID(request->ikm_voucher)) {
419 assert(MACH_MSG_TYPE_PORT_SEND ==
420 MACH_MSGH_BITS_VOUCHER(request->ikm_header->msgh_bits));
421 ipc_port_release_send(request->ikm_voucher);
422 request->ikm_voucher = IP_NULL;
423 }
424
91447636
A		 425 if (!(reply->ikm_header->msgh_bits & MACH_MSGH_BITS_COMPLEX) &&
426 ((mig_reply_error_t *) reply->ikm_header)->RetCode != KERN_SUCCESS)
427 kr = ((mig_reply_error_t *) reply->ikm_header)->RetCode;
1c79356b
A		 428 else
429 kr = KERN_SUCCESS;
430
431 if ((kr == KERN_SUCCESS) || (kr == MIG_NO_REPLY)) {
432 /*
433 * The server function is responsible for the contents
434 * of the message. The reply port right is moved
435 * to the reply message, and we have deallocated
436 * the destination port right, so we just need
437 * to free the kmsg.
438 */
439 ipc_kmsg_free(request);
440
441 } else {
442 /*
443 * The message contents of the request are intact.
444 * Destroy everthing except the reply port right,
445 * which is needed in the reply message.
446 */
91447636 447 request->ikm_header->msgh_local_port = MACH_PORT_NULL;
1c79356b
A		 448 ipc_kmsg_destroy(request);
449 }
450
4bd07ac2
A		 451 replyp = (ipc_port_t)reply->ikm_header->msgh_remote_port;
452
1c79356b
A		 453 if (kr == MIG_NO_REPLY) {
454 /*
455 * The server function will send a reply message
456 * using the reply port right, which it has saved.
457 */
458
459 ipc_kmsg_free(reply);
460
1c79356b 461 return IKM_NULL;
4bd07ac2 462 } else if (!IP_VALID(replyp)) {
1c79356b
A		 463 /*
464 * Can't queue the reply message if the destination
465 * (the reply port) isn't valid.
466 */
467
468 ipc_kmsg_destroy(reply);
469
4bd07ac2
A		 470 return IKM_NULL;
471 } else if (replyp->ip_receiver == ipc_space_kernel) {
472 /*
473 * Don't send replies to kobject kernel ports
474 */
475#if DEVELOPMENT || DEBUG
476 printf("%s: refusing to send reply to kobject %d port (id:%d)\n",
d9a64523 477 __func__, ip_kotype(replyp), request_msgh_id);
4bd07ac2
A		 478#endif /* DEVELOPMENT || DEBUG */
479 ipc_kmsg_destroy(reply);
1c79356b
A		 480 return IKM_NULL;
481 }
482
39037602
A		 483 /* Fail the MIG call if the task exec token changed during the call */
484 if (kr == KERN_SUCCESS && exec_token_changed) {
485 /*
486 * Create a new reply msg with error and destroy the old reply msg.
487 */
488 ipc_kmsg_t new_reply = ipc_kmsg_alloc(reply_size);
489
490 if (new_reply == IKM_NULL) {
491 printf("ipc_kobject_server: dropping request\n");
492 ipc_kmsg_destroy(reply);
493 return IKM_NULL;
494 }
495 /*
496 * Initialize the new reply message.
497 */
498 {
499#define OutP_new ((mig_reply_error_t *) new_reply->ikm_header)
500#define OutP_old ((mig_reply_error_t *) reply->ikm_header)
501
502 bzero((void *)OutP_new, reply_size);
503
504 OutP_new->NDR = OutP_old->NDR;
505 OutP_new->Head.msgh_size = sizeof(mig_reply_error_t);
506 OutP_new->Head.msgh_bits = OutP_old->Head.msgh_bits & ~MACH_MSGH_BITS_COMPLEX;
507 OutP_new->Head.msgh_remote_port = OutP_old->Head.msgh_remote_port;
508 OutP_new->Head.msgh_local_port = MACH_PORT_NULL;
509 OutP_new->Head.msgh_voucher_port = MACH_PORT_NULL;
510 OutP_new->Head.msgh_id = OutP_old->Head.msgh_id;
511
512 /* Set the error as KERN_INVALID_TASK */
513 OutP_new->RetCode = KERN_INVALID_TASK;
514
515#undef OutP_new
516#undef OutP_old
517 }
518
519 /*
520 * Destroy everything in reply except the reply port right,
521 * which is needed in the new reply message.
522 */
523 reply->ikm_header->msgh_remote_port = MACH_PORT_NULL;
524 ipc_kmsg_destroy(reply);
525
526 reply = new_reply;
527 }
528
1c79356b 529 trailer = (mach_msg_format_0_trailer_t *)
91447636
A		 530 ((vm_offset_t)reply->ikm_header + (int)reply->ikm_header->msgh_size);
531
1c79356b
A		 532 trailer->msgh_sender = KERNEL_SECURITY_TOKEN;
533 trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
534 trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
535
1c79356b
A		 536 return reply;
537}
538
539/*
540 * Routine: ipc_kobject_set
541 * Purpose:
542 * Make a port represent a kernel object of the given type.
543 * The caller is responsible for handling refs for the
544 * kernel object, if necessary.
545 * Conditions:
546 * Nothing locked. The port must be active if setting
547 * a kobject linkage. Clearing a linkage is OK on an
548 * inactive port.
549 */
550void
551ipc_kobject_set(
552 ipc_port_t port,
553 ipc_kobject_t kobject,
554 ipc_kobject_type_t type)
555{
556 ip_lock(port);
557 ipc_kobject_set_atomically(port, kobject, type);
558 ip_unlock(port);
559}
560
561void
562ipc_kobject_set_atomically(
563 ipc_port_t port,
564 ipc_kobject_t kobject,
565 ipc_kobject_type_t type)
566{
567 assert(type == IKOT_NONE || ip_active(port));
568#if MACH_ASSERT
569 port->ip_spares[2] = (port->ip_bits & IO_BITS_KOTYPE);
570#endif /* MACH_ASSERT */
571 port->ip_bits = (port->ip_bits &~ IO_BITS_KOTYPE) | type;
572 port->ip_kobject = kobject;
573}
574
575/*
576 * Routine: ipc_kobject_destroy
577 * Purpose:
578 * Release any kernel object resources associated
579 * with the port, which is being destroyed.
580 *
581 * This should only be needed when resources are
582 * associated with a user's port. In the normal case,
583 * when the kernel is the receiver, the code calling
584 * ipc_port_dealloc_kernel should clean up the resources.
585 * Conditions:
586 * The port is not locked, but it is dead.
587 */
588
589void
590ipc_kobject_destroy(
591 ipc_port_t port)
592{
593 switch (ip_kotype(port)) {
594
595 case IKOT_TIMER:
596 mk_timer_port_destroy(port);
597 break;
598
599 case IKOT_NAMED_ENTRY:
600 mach_destroy_memory_entry(port);
601 break;
602
55e303ae
A		 603 case IKOT_HOST_NOTIFY:
604 host_notify_port_destroy(port);
605 break;
606
607 default:
1c79356b
A		 608 break;
609 }
610}
611
612
1c79356b
A		 613boolean_t
614ipc_kobject_notify(
615 mach_msg_header_t *request_header,
616 mach_msg_header_t *reply_header)
617{
4bd07ac2 618 mach_msg_max_trailer_t * trailer;
1c79356b 619 ipc_port_t port = (ipc_port_t) request_header->msgh_remote_port;
1c79356b
A		 620
621 ((mig_reply_error_t *) reply_header)->RetCode = MIG_NO_REPLY;
4bd07ac2
A		 622
623 trailer = (mach_msg_max_trailer_t *)
624 ((vm_offset_t)request_header + request_header->msgh_size);
5ba3f43e
A		 625
626 /*
627 * The kobject notification is privileged and can change the
628 * refcount on kernel-internal objects - make sure
629 * that the message wasn't faked!
630 */
4bd07ac2
A		 631 if (0 != bcmp(&trailer->msgh_audit, &KERNEL_AUDIT_TOKEN,
632 sizeof(trailer->msgh_audit))) {
633 return FALSE;
634 }
635 if (0 != bcmp(&trailer->msgh_sender, &KERNEL_SECURITY_TOKEN,
636 sizeof(trailer->msgh_sender))) {
637 return FALSE;
638 }
639
1c79356b
A		 640 switch (request_header->msgh_id) {
641 case MACH_NOTIFY_NO_SENDERS:
3e170ce0
A		 642 switch (ip_kotype(port)) {
643 case IKOT_VOUCHER:
644 ipc_voucher_notify(request_header);
645 return TRUE;
646
647 case IKOT_VOUCHER_ATTR_CONTROL:
648 ipc_voucher_attr_control_notify(request_header);
649 return TRUE;
650
651 case IKOT_SEMAPHORE:
652 semaphore_notify(request_header);
653 return TRUE;
39037602
A		 654
655 case IKOT_TASK:
656 task_port_notify(request_header);
657 return TRUE;
3e170ce0
A		 658
659 case IKOT_NAMED_ENTRY:
660 ip_lock(port);
661
662 /*
663 * Bring the sequence number and mscount in
664 * line with ipc_port_destroy assertion.
665 */
666 port->ip_mscount = 0;
667 port->ip_messages.imq_seqno = 0;
668 ipc_port_destroy(port); /* releases lock */
669 return TRUE;
670
671 case IKOT_UPL:
672 upl_no_senders(
673 request_header->msgh_remote_port,
674 (mach_port_mscount_t)
675 ((mach_no_senders_notification_t *)
676 request_header)->not_count);
677 reply_header->msgh_remote_port = MACH_PORT_NULL;
678 return TRUE;
679
b0d623f7 680#if CONFIG_AUDIT
3e170ce0
A		 681 case IKOT_AU_SESSIONPORT:
682 audit_session_nosenders(request_header);
683 return TRUE;
b0d623f7 684#endif
3e170ce0
A		 685 case IKOT_FILEPORT:
686 fileport_notify(request_header);
687 return TRUE;
5ba3f43e
A		 688
689 case IKOT_WORK_INTERVAL:
690 work_interval_port_notify(request_header);
691 return TRUE;
692
3e170ce0 693 }
5ba3f43e 694 break;
0b4e3aa0 695
1c79356b
A		 696 case MACH_NOTIFY_PORT_DELETED:
697 case MACH_NOTIFY_PORT_DESTROYED:
698 case MACH_NOTIFY_SEND_ONCE:
699 case MACH_NOTIFY_DEAD_NAME:
700 break;
701
702 default:
703 return FALSE;
704 }
705 switch (ip_kotype(port)) {
706
707#ifdef IOKIT
708 case IKOT_IOKIT_OBJECT:
709 case IKOT_IOKIT_CONNECT:
a39ff7e2 710 case IKOT_IOKIT_IDENT:
1c79356b 711 {
1c79356b
A		 712 return iokit_notify(request_header);
713 }
714#endif
39236c6e
A		 715 case IKOT_TASK_RESUME:
716 {
717 return task_suspension_notify(request_header);
718 }
719
1c79356b
A		 720 default:
721 return FALSE;
722 }
723}
mirror of XNU