Commit | Line | Data |
1 | /* | |
2 | * Copyright (c) 2000-2008 Apple Computer, Inc. All rights reserved. | |
3 | * | |
5 | * | |
6 | * This file contains Original Code and/or Modifications of Original Code | |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. The rights granted to you under the License | |
10 | * may not be used to create, or enable the creation or redistribution of, | |
11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
12 | * circumvent, violate, or enable the circumvention or violation of, any | |
13 | * terms of an Apple operating system software license agreement. | |
14 | * | |
15 | * Please obtain a copy of the License at | |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
17 | * | |
18 | * The Original Code and all software distributed under the License are | |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
23 | * Please see the License for the specific language governing rights and | |
24 | * limitations under the License. | |
25 | * | |
27 | */ | |
28 | /* | |
29 | * @OSF_COPYRIGHT@ | |
30 | */ | |
31 | /* | |
32 | * Mach Operating System | |
33 | * Copyright (c) 1991,1990,1989 Carnegie Mellon University | |
34 | * All Rights Reserved. | |
35 | * | |
36 | * Permission to use, copy, modify and distribute this software and its | |
37 | * documentation is hereby granted, provided that both the copyright | |
38 | * notice and this permission notice appear in all copies of the | |
39 | * software, derivative works or modified versions, and any portions | |
40 | * thereof, and that both notices appear in supporting documentation. | |
41 | * | |
45 | * | |
46 | * Carnegie Mellon requests users of this software to return to | |
47 | * | |
48 | * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU | |
49 | * School of Computer Science | |
50 | * Carnegie Mellon University | |
51 | * Pittsburgh PA 15213-3890 | |
52 | * | |
53 | * any improvements or extensions that they make and grant Carnegie Mellon | |
54 | * the rights to redistribute these changes. | |
55 | */ | |
56 | /* | |
57 | * NOTICE: This file was modified by McAfee Research in 2004 to introduce | |
58 | * support for mandatory and extensible security protections. This notice | |
59 | * is included in support of clause 2.2 (b) of the Apple Public License, | |
60 | * Version 2.0. | |
61 | */ | |
62 | /* | |
63 | */ | |
64 | /* | |
65 | * File: ipc/ipc_port.h | |
66 | * Author: Rich Draves | |
67 | * Date: 1989 | |
68 | * | |
69 | * Definitions for ports. | |
70 | */ | |
71 | ||
72 | #ifndef _IPC_IPC_PORT_H_ | |
73 | #define _IPC_IPC_PORT_H_ | |
74 | ||
76 | ||
77 | #include <mach_rt.h> | |
78 | #include <mach_assert.h> | |
79 | #include <mach_debug.h> | |
80 | ||
81 | #include <mach/mach_types.h> | |
82 | #include <mach/boolean.h> | |
83 | #include <mach/kern_return.h> | |
84 | #include <mach/port.h> | |
85 | ||
86 | #include <kern/assert.h> | |
87 | #include <kern/kern_types.h> | |
88 | ||
89 | #include <ipc/ipc_types.h> | |
90 | #include <ipc/ipc_object.h> | |
91 | #include <ipc/ipc_mqueue.h> | |
92 | #include <ipc/ipc_space.h> | |
93 | ||
94 | #include <security/_label.h> | |
95 | ||
96 | /* | |
97 | * A receive right (port) can be in four states: | |
98 | * 1) dead (not active, ip_timestamp has death time) | |
99 | * 2) in a space (ip_receiver_name != 0, ip_receiver points | |
100 | * to the space but doesn't hold a ref for it) | |
101 | * 3) in transit (ip_receiver_name == 0, ip_destination points | |
102 | * to the destination port and holds a ref for it) | |
103 | * 4) in limbo (ip_receiver_name == 0, ip_destination == IP_NULL) | |
104 | * | |
105 | * If the port is active, and ip_receiver points to some space, | |
106 | * then ip_receiver_name != 0, and that space holds receive rights. | |
107 | * If the port is not active, then ip_timestamp contains a timestamp | |
108 | * taken when the port was destroyed. | |
109 | */ | |
110 | ||
111 | typedef unsigned int ipc_port_timestamp_t; | |
112 | ||
113 | struct ipc_port { | |
114 | ||
115 | /* | |
116 | * Initial sub-structure in common with ipc_pset | |
117 | * First element is an ipc_object second is a | |
118 | * message queue | |
119 | */ | |
120 | struct ipc_object ip_object; | |
121 | struct ipc_mqueue ip_messages; | |
122 | ||
123 | union { | |
124 | struct ipc_space *receiver; | |
125 | struct ipc_port *destination; | |
126 | ipc_port_timestamp_t timestamp; | |
127 | } data; | |
128 | ||
129 | union { | |
130 | ipc_kobject_t kobject; | |
131 | ipc_importance_task_t imp_task; | |
132 | uintptr_t alias; | |
133 | } kdata; | |
134 | ||
135 | struct ipc_port *ip_nsrequest; | |
136 | struct ipc_port *ip_pdrequest; | |
137 | struct ipc_port_request *ip_requests; | |
138 | struct ipc_kmsg *ip_premsg; | |
139 | ||
140 | mach_port_mscount_t ip_mscount; | |
141 | mach_port_rights_t ip_srights; | |
142 | mach_port_rights_t ip_sorights; | |
143 | ||
144 | natural_t ip_sprequests:1, /* send-possible requests outstanding */ | |
145 | ip_spimportant:1, /* ... at least one is importance donating */ | |
146 | ip_impdonation:1, /* port supports importance donation */ | |
147 | ip_tempowner:1, /* dont give donations to current receiver */ | |
148 | ip_guarded:1, /* port guarded (use context value as guard) */ | |
149 | ip_strict_guard:1, /* Strict guarding; Prevents user manipulation of context values directly */ | |
150 | ip_reserved:2, | |
151 | ip_impcount:24; /* number of importance donations in nested queue */ | |
152 | ||
153 | mach_vm_address_t ip_context; | |
154 | ||
155 | ||
156 | #if MACH_ASSERT | |
157 | #define IP_NSPARES 4 | |
158 | #define IP_CALLSTACK_MAX 16 | |
159 | queue_chain_t ip_port_links; /* all allocated ports */ | |
160 | thread_t ip_thread; /* who made me? thread context */ | |
161 | unsigned long ip_timetrack; /* give an idea of "when" created */ | |
162 | uintptr_t ip_callstack[IP_CALLSTACK_MAX]; /* stack trace */ | |
163 | unsigned long ip_spares[IP_NSPARES]; /* for debugging */ | |
164 | #endif /* MACH_ASSERT */ | |
165 | }; | |
166 | ||
167 | ||
168 | #define ip_references ip_object.io_references | |
169 | #define ip_bits ip_object.io_bits | |
170 | ||
171 | #define ip_receiver_name ip_messages.imq_receiver_name | |
172 | #define ip_pset_count ip_messages.imq_pset_count | |
173 | ||
174 | #define ip_receiver data.receiver | |
175 | #define ip_destination data.destination | |
176 | #define ip_timestamp data.timestamp | |
177 | ||
178 | #define ip_kobject kdata.kobject | |
179 | #define ip_imp_task kdata.imp_task | |
180 | #define ip_alias kdata.alias | |
181 | ||
182 | #define IP_NULL IPC_PORT_NULL | |
183 | #define IP_DEAD IPC_PORT_DEAD | |
184 | #define IP_VALID(port) IPC_PORT_VALID(port) | |
185 | ||
186 | #define ip_active(port) io_active(&(port)->ip_object) | |
187 | #define ip_lock_init(port) io_lock_init(&(port)->ip_object) | |
188 | #define ip_lock(port) io_lock(&(port)->ip_object) | |
189 | #define ip_lock_try(port) io_lock_try(&(port)->ip_object) | |
190 | #define ip_unlock(port) io_unlock(&(port)->ip_object) | |
191 | ||
192 | #define ip_reference(port) io_reference(&(port)->ip_object) | |
193 | #define ip_release(port) io_release(&(port)->ip_object) | |
194 | ||
195 | #define ip_kotype(port) io_kotype(&(port)->ip_object) | |
196 | ||
197 | #define ip_full_kernel(port) imq_full_kernel(&(port)->ip_messages) | |
198 | #define ip_full(port) imq_full(&(port)->ip_messages) | |
199 | ||
200 | /* | |
201 | * JMM - Preallocation flag | |
202 | * This flag indicates that there is a message buffer preallocated for this | |
203 | * port and we should use that when sending (from the kernel) rather than | |
204 | * allocate a new one. This avoids deadlocks during notification message | |
205 | * sends by critical system threads (which may be needed to free memory and | |
206 | * therefore cannot be blocked waiting for memory themselves). | |
207 | */ | |
208 | #define IP_BIT_PREALLOC 0x00008000 /* preallocated mesg */ | |
209 | #define IP_PREALLOC(port) ((port)->ip_bits & IP_BIT_PREALLOC) | |
210 | ||
211 | #define IP_SET_PREALLOC(port, kmsg) \ | |
212 | MACRO_BEGIN \ | |
213 | (port)->ip_bits |= IP_BIT_PREALLOC; \ | |
214 | (port)->ip_premsg = (kmsg); \ | |
215 | MACRO_END | |
216 | ||
217 | #define IP_CLEAR_PREALLOC(port, kmsg) \ | |
218 | MACRO_BEGIN \ | |
219 | assert((port)->ip_premsg == kmsg); \ | |
220 | (port)->ip_bits &= ~IP_BIT_PREALLOC; \ | |
221 | (port)->ip_premsg = IKM_NULL; \ | |
222 | MACRO_END | |
223 | ||
224 | /* JMM - address alignment/packing for LP64 */ | |
225 | struct ipc_port_request { | |
226 | union { | |
227 | struct ipc_port *port; | |
228 | ipc_port_request_index_t index; | |
229 | } notify; | |
230 | ||
231 | union { | |
232 | mach_port_name_t name; | |
233 | struct ipc_table_size *size; | |
234 | } name; | |
235 | }; | |
236 | ||
237 | #define ipr_next notify.index | |
238 | #define ipr_size name.size | |
239 | ||
240 | #define ipr_soright notify.port | |
241 | #define ipr_name name.name | |
242 | ||
243 | /* | |
244 | * Use the low bits in the ipr_soright to specify the request type | |
245 | */ | |
246 | #define IPR_SOR_SPARM_MASK 1 /* send-possible armed */ | |
247 | #define IPR_SOR_SPREQ_MASK 2 /* send-possible requested */ | |
248 | #define IPR_SOR_SPBIT_MASK 3 /* combo */ | |
249 | #define IPR_SOR_SPARMED(sor) (((uintptr_t)(sor) & IPR_SOR_SPARM_MASK) != 0) | |
250 | #define IPR_SOR_SPREQ(sor) (((uintptr_t)(sor) & IPR_SOR_SPREQ_MASK) != 0) | |
251 | #define IPR_SOR_PORT(sor) ((ipc_port_t)((uintptr_t)(sor) & ~IPR_SOR_SPBIT_MASK)) | |
252 | #define IPR_SOR_MAKE(p,m) ((ipc_port_t)((uintptr_t)(p) | (m))) | |
253 | ||
254 | extern lck_grp_t ipc_lck_grp; | |
255 | extern lck_attr_t ipc_lck_attr; | |
256 | ||
257 | /* | |
258 | * Taking the ipc_port_multiple lock grants the privilege | |
259 | * to lock multiple ports at once. No ports must locked | |
260 | * when it is taken. | |
261 | */ | |
262 | ||
263 | extern lck_spin_t ipc_port_multiple_lock_data; | |
264 | ||
265 | #define ipc_port_multiple_lock_init() \ | |
266 | lck_spin_init(&ipc_port_multiple_lock_data, &ipc_lck_grp, &ipc_lck_attr) | |
267 | ||
268 | #define ipc_port_multiple_lock() \ | |
269 | lck_spin_lock(&ipc_port_multiple_lock_data) | |
270 | ||
271 | #define ipc_port_multiple_unlock() \ | |
272 | lck_spin_unlock(&ipc_port_multiple_lock_data) | |
273 | ||
274 | /* | |
275 | * The port timestamp facility provides timestamps | |
276 | * for port destruction. It is used to serialize | |
277 | * mach_port_names with port death. | |
278 | */ | |
279 | ||
280 | extern ipc_port_timestamp_t ipc_port_timestamp_data; | |
281 | ||
282 | /* Retrieve a port timestamp value */ | |
283 | extern ipc_port_timestamp_t ipc_port_timestamp(void); | |
284 | ||
285 | /* | |
286 | * Compares two timestamps, and returns TRUE if one | |
287 | * happened before two. Note that this formulation | |
288 | * works when the timestamp wraps around at 2^32, | |
289 | * as long as one and two aren't too far apart. | |
290 | */ | |
291 | ||
292 | #define IP_TIMESTAMP_ORDER(one, two) ((int) ((one) - (two)) < 0) | |
293 | ||
294 | #define ipc_port_translate_receive(space, name, portp) \ | |
295 | ipc_object_translate((space), (name), \ | |
297 | (ipc_object_t *) (portp)) | |
298 | ||
299 | #define ipc_port_translate_send(space, name, portp) \ | |
300 | ipc_object_translate((space), (name), \ | |
302 | (ipc_object_t *) (portp)) | |
303 | ||
304 | /* Allocate a notification request slot */ | |
306 | extern kern_return_t | |
307 | ipc_port_request_alloc( | |
308 | ipc_port_t port, | |
309 | mach_port_name_t name, | |
310 | ipc_port_t soright, | |
311 | boolean_t send_possible, | |
312 | boolean_t immediate, | |
313 | ipc_port_request_index_t *indexp, | |
314 | boolean_t *importantp); | |
315 | #else | |
316 | extern kern_return_t | |
317 | ipc_port_request_alloc( | |
318 | ipc_port_t port, | |
319 | mach_port_name_t name, | |
320 | ipc_port_t soright, | |
321 | boolean_t send_possible, | |
322 | boolean_t immediate, | |
323 | ipc_port_request_index_t *indexp); | |
324 | #endif /* IMPORTANCE_INHERITANCE */ | |
325 | ||
326 | /* Grow one of a port's tables of notifcation requests */ | |
327 | extern kern_return_t ipc_port_request_grow( | |
328 | ipc_port_t port, | |
329 | ipc_table_elems_t target_size); | |
330 | ||
331 | /* Return the type(s) of notification requests outstanding */ | |
332 | extern mach_port_type_t ipc_port_request_type( | |
333 | ipc_port_t port, | |
334 | mach_port_name_t name, | |
335 | ipc_port_request_index_t index); | |
336 | ||
337 | /* Cancel a notification request and return the send-once right */ | |
338 | extern ipc_port_t ipc_port_request_cancel( | |
339 | ipc_port_t port, | |
340 | mach_port_name_t name, | |
341 | ipc_port_request_index_t index); | |
342 | ||
343 | /* Arm any delayed send-possible notification */ | |
345 | extern boolean_t ipc_port_request_sparm( | |
346 | ipc_port_t port, | |
347 | mach_port_name_t name, | |
348 | ipc_port_request_index_t index, | |
349 | mach_msg_option_t option); | |
350 | #else | |
351 | extern boolean_t ipc_port_request_sparm( | |
352 | ipc_port_t port, | |
353 | mach_port_name_t name, | |
354 | ipc_port_request_index_t index); | |
355 | #endif /* IMPORTANCE_INHERITANCE */ | |
356 | ||
357 | /* Macros for manipulating a port's dead name notificaiton requests */ | |
358 | #define ipc_port_request_rename(port, index, oname, nname) \ | |
359 | MACRO_BEGIN \ | |
360 | ipc_port_request_t ipr, table; \ | |
361 | \ | |
362 | assert(ip_active(port)); \ | |
363 | \ | |
364 | table = port->ip_requests; \ | |
365 | assert(table != IPR_NULL); \ | |
366 | \ | |
367 | ipr = &table[index]; \ | |
368 | assert(ipr->ipr_name == oname); \ | |
369 | \ | |
370 | ipr->ipr_name = nname; \ | |
371 | MACRO_END | |
372 | ||
373 | ||
374 | /* Make a port-deleted request */ | |
375 | extern void ipc_port_pdrequest( | |
376 | ipc_port_t port, | |
377 | ipc_port_t notify, | |
378 | ipc_port_t *previousp); | |
379 | ||
380 | /* Make a no-senders request */ | |
381 | extern void ipc_port_nsrequest( | |
382 | ipc_port_t port, | |
383 | mach_port_mscount_t sync, | |
384 | ipc_port_t notify, | |
385 | ipc_port_t *previousp); | |
386 | ||
387 | #define ipc_port_set_mscount(port, mscount) \ | |
388 | MACRO_BEGIN \ | |
389 | assert(ip_active(port)); \ | |
390 | \ | |
391 | (port)->ip_mscount = (mscount); \ | |
392 | MACRO_END | |
393 | ||
394 | /* Prepare a receive right for transmission/destruction */ | |
395 | extern void ipc_port_clear_receiver( | |
396 | ipc_port_t port, | |
397 | queue_t links); | |
398 | ||
399 | /* Initialize a newly-allocated port */ | |
400 | extern void ipc_port_init( | |
401 | ipc_port_t port, | |
402 | ipc_space_t space, | |
403 | mach_port_name_t name); | |
404 | ||
405 | /* Allocate a port */ | |
406 | extern kern_return_t ipc_port_alloc( | |
407 | ipc_space_t space, | |
408 | mach_port_name_t *namep, | |
409 | ipc_port_t *portp); | |
410 | ||
411 | /* Allocate a port, with a specific name */ | |
412 | extern kern_return_t ipc_port_alloc_name( | |
413 | ipc_space_t space, | |
414 | mach_port_name_t name, | |
415 | ipc_port_t *portp); | |
416 | ||
417 | /* Generate dead name notifications */ | |
418 | extern void ipc_port_dnnotify( | |
419 | ipc_port_t port); | |
420 | ||
421 | /* Generate send-possible notifications */ | |
422 | extern void ipc_port_spnotify( | |
423 | ipc_port_t port); | |
424 | ||
425 | /* Destroy a port */ | |
426 | extern void ipc_port_destroy( | |
427 | ipc_port_t port); | |
428 | ||
429 | /* Check if queueing "port" in a message for "dest" would create a circular | |
430 | group of ports and messages */ | |
431 | extern boolean_t | |
432 | ipc_port_check_circularity( | |
433 | ipc_port_t port, | |
434 | ipc_port_t dest); | |
435 | ||
437 | /* apply importance delta to port only */ | |
438 | extern mach_port_delta_t | |
439 | ipc_port_impcount_delta( | |
440 | ipc_port_t port, | |
441 | mach_port_delta_t delta, | |
442 | ipc_port_t base); | |
443 | ||
444 | /* apply importance delta to port, and return task importance for update */ | |
445 | extern boolean_t | |
446 | ipc_port_importance_delta_internal( | |
447 | ipc_port_t port, | |
448 | mach_port_delta_t *delta, | |
449 | ipc_importance_task_t *imp_task); | |
450 | ||
451 | /* Apply an importance delta to a port and reflect change in receiver task */ | |
452 | extern boolean_t | |
453 | ipc_port_importance_delta( | |
454 | ipc_port_t port, | |
455 | mach_port_delta_t delta); | |
456 | #endif /* IMPORTANCE_INHERITANCE */ | |
457 | ||
458 | /* Make a send-once notify port from a receive right */ | |
459 | extern ipc_port_t ipc_port_lookup_notify( | |
460 | ipc_space_t space, | |
461 | mach_port_name_t name); | |
462 | ||
463 | /* Make a naked send right from a receive right - port locked and active */ | |
464 | extern ipc_port_t ipc_port_make_send_locked( | |
465 | ipc_port_t port); | |
466 | ||
467 | /* Make a naked send right from a receive right */ | |
468 | extern ipc_port_t ipc_port_make_send( | |
469 | ipc_port_t port); | |
470 | ||
471 | /* Make a naked send right from another naked send right */ | |
472 | extern ipc_port_t ipc_port_copy_send( | |
473 | ipc_port_t port); | |
474 | ||
475 | /* Copyout a naked send right */ | |
476 | extern mach_port_name_t ipc_port_copyout_send( | |
477 | ipc_port_t sright, | |
478 | ipc_space_t space); | |
479 | ||
480 | #endif /* MACH_KERNEL_PRIVATE */ | |
481 | ||
482 | #if KERNEL_PRIVATE | |
483 | ||
484 | /* Release a (valid) naked send right */ | |
485 | extern void ipc_port_release_send( | |
486 | ipc_port_t port); | |
487 | ||
488 | extern void ipc_port_reference( | |
489 | ipc_port_t port); | |
490 | ||
491 | extern void ipc_port_release( | |
492 | ipc_port_t port); | |
493 | ||
494 | #endif /* KERNEL_PRIVATE */ | |
495 | ||
497 | ||
498 | /* Make a naked send-once right from a locked and active receive right */ | |
499 | extern ipc_port_t ipc_port_make_sonce_locked( | |
500 | ipc_port_t port); | |
501 | ||
502 | /* Make a naked send-once right from a receive right */ | |
503 | extern ipc_port_t ipc_port_make_sonce( | |
504 | ipc_port_t port); | |
505 | ||
506 | /* Release a naked send-once right */ | |
507 | extern void ipc_port_release_sonce( | |
508 | ipc_port_t port); | |
509 | ||
510 | /* Release a naked (in limbo or in transit) receive right */ | |
511 | extern void ipc_port_release_receive( | |
512 | ipc_port_t port); | |
513 | ||
514 | /* finalize the destruction of a port before it gets freed */ | |
515 | extern void ipc_port_finalize( | |
516 | ipc_port_t port); | |
517 | ||
518 | /* Allocate a port in a special space */ | |
519 | extern ipc_port_t ipc_port_alloc_special( | |
520 | ipc_space_t space); | |
521 | ||
522 | /* Deallocate a port in a special space */ | |
523 | extern void ipc_port_dealloc_special( | |
524 | ipc_port_t port, | |
525 | ipc_space_t space); | |
526 | ||
527 | #if MACH_ASSERT | |
528 | /* Track low-level port deallocation */ | |
529 | extern void ipc_port_track_dealloc( | |
530 | ipc_port_t port); | |
531 | ||
532 | /* Initialize general port debugging state */ | |
533 | extern void ipc_port_debug_init(void); | |
534 | #endif /* MACH_ASSERT */ | |
535 | ||
536 | #define ipc_port_alloc_kernel() \ | |
537 | ipc_port_alloc_special(ipc_space_kernel) | |
538 | #define ipc_port_dealloc_kernel(port) \ | |
539 | ipc_port_dealloc_special((port), ipc_space_kernel) | |
540 | ||
541 | #define ipc_port_alloc_reply() \ | |
542 | ipc_port_alloc_special(ipc_space_reply) | |
543 | #define ipc_port_dealloc_reply(port) \ | |
544 | ipc_port_dealloc_special((port), ipc_space_reply) | |
545 | ||
546 | #endif /* MACH_KERNEL_PRIVATE */ | |
547 | ||
548 | #endif /* _IPC_IPC_PORT_H_ */ |