]> git.saurik.com Git - apple/xnu.git/blob - osfmk/kern/ipc_mig.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-6153.11.26.tar.gz
[apple/xnu.git] / osfmk / kern / ipc_mig.c
1 /*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @OSF_COPYRIGHT@
30 */
31 /*
32 * Mach Operating System
33 * Copyright (c) 1991,1990 Carnegie Mellon University
34 * All Rights Reserved.
35 *
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
41 *
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
45 *
46 * Carnegie Mellon requests users of this software to return to
47 *
48 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
52 *
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
55 */
56 /*
57 */
58
59 #include <mach/boolean.h>
60 #include <mach/port.h>
61 #include <mach/mig.h>
62 #include <mach/mig_errors.h>
63 #include <mach/mach_types.h>
64 #include <mach/mach_traps.h>
65
66 #include <kern/ipc_tt.h>
67 #include <kern/ipc_mig.h>
68 #include <kern/kalloc.h>
69 #include <kern/task.h>
70 #include <kern/thread.h>
71 #include <kern/ipc_kobject.h>
72 #include <kern/misc_protos.h>
73
74 #include <ipc/port.h>
75 #include <ipc/ipc_kmsg.h>
76 #include <ipc/ipc_entry.h>
77 #include <ipc/ipc_object.h>
78 #include <ipc/ipc_mqueue.h>
79 #include <ipc/ipc_space.h>
80 #include <ipc/ipc_port.h>
81 #include <ipc/ipc_pset.h>
82 #include <ipc/ipc_notify.h>
83 #include <vm/vm_map.h>
84
85 #include <libkern/OSAtomic.h>
86
87 void
88 mach_msg_receive_results_complete(ipc_object_t object);
89
90 /*
91 * Routine: mach_msg_send_from_kernel
92 * Purpose:
93 * Send a message from the kernel.
94 *
95 * This is used by the client side of KernelUser interfaces
96 * to implement SimpleRoutines. Currently, this includes
97 * memory_object messages.
98 * Conditions:
99 * Nothing locked.
100 * Returns:
101 * MACH_MSG_SUCCESS Sent the message.
102 * MACH_SEND_INVALID_DEST Bad destination port.
103 * MACH_MSG_SEND_NO_BUFFER Destination port had inuse fixed bufer
104 * or destination is above kernel limit
105 */
106
107 #if IKM_SUPPORT_LEGACY
108
109 #undef mach_msg_send_from_kernel
110 mach_msg_return_t mach_msg_send_from_kernel(
111 mach_msg_header_t *msg,
112 mach_msg_size_t send_size);
113
114 mach_msg_return_t
115 mach_msg_send_from_kernel(
116 mach_msg_header_t *msg,
117 mach_msg_size_t send_size)
118 {
119 ipc_kmsg_t kmsg;
120 mach_msg_return_t mr;
121
122 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
123
124 mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
125 if (mr != MACH_MSG_SUCCESS) {
126 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
127 return mr;
128 }
129
130 mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg);
131 if (mr != MACH_MSG_SUCCESS) {
132 ipc_kmsg_free(kmsg);
133 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
134 return mr;
135 }
136
137 /*
138 * respect the thread's SEND_IMPORTANCE option to allow importance
139 * donation from the kernel-side of user threads
140 * (11938665 & 23925818)
141 */
142 mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT;
143 if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) {
144 option &= ~MACH_SEND_NOIMPORTANCE;
145 }
146
147 mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE);
148 if (mr != MACH_MSG_SUCCESS) {
149 ipc_kmsg_destroy(kmsg);
150 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
151 }
152
153 return mr;
154 }
155
156 #endif /* IKM_SUPPORT_LEGACY */
157
158 mach_msg_return_t
159 mach_msg_send_from_kernel_proper(
160 mach_msg_header_t *msg,
161 mach_msg_size_t send_size)
162 {
163 ipc_kmsg_t kmsg;
164 mach_msg_return_t mr;
165
166 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
167
168 mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
169 if (mr != MACH_MSG_SUCCESS) {
170 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
171 return mr;
172 }
173
174 mr = ipc_kmsg_copyin_from_kernel(kmsg);
175 if (mr != MACH_MSG_SUCCESS) {
176 ipc_kmsg_free(kmsg);
177 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
178 return mr;
179 }
180
181 /*
182 * respect the thread's SEND_IMPORTANCE option to force importance
183 * donation from the kernel-side of user threads
184 * (11938665 & 23925818)
185 */
186 mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT;
187 if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) {
188 option &= ~MACH_SEND_NOIMPORTANCE;
189 }
190
191 mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE);
192 if (mr != MACH_MSG_SUCCESS) {
193 ipc_kmsg_destroy(kmsg);
194 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
195 }
196
197 return mr;
198 }
199
200 mach_msg_return_t
201 mach_msg_send_from_kernel_with_options(
202 mach_msg_header_t *msg,
203 mach_msg_size_t send_size,
204 mach_msg_option_t option,
205 mach_msg_timeout_t timeout_val)
206 {
207 ipc_kmsg_t kmsg;
208 mach_msg_return_t mr;
209
210 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
211
212 mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
213 if (mr != MACH_MSG_SUCCESS) {
214 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
215 return mr;
216 }
217
218 mr = ipc_kmsg_copyin_from_kernel(kmsg);
219 if (mr != MACH_MSG_SUCCESS) {
220 ipc_kmsg_free(kmsg);
221 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
222 return mr;
223 }
224
225 /*
226 * Until we are sure of its effects, we are disabling
227 * importance donation from the kernel-side of user
228 * threads in importance-donating tasks - unless the
229 * option to force importance donation is passed in,
230 * or the thread's SEND_IMPORTANCE option has been set.
231 * (11938665 & 23925818)
232 */
233 if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) {
234 option &= ~MACH_SEND_NOIMPORTANCE;
235 } else if ((option & MACH_SEND_IMPORTANCE) == 0) {
236 option |= MACH_SEND_NOIMPORTANCE;
237 }
238
239 mr = ipc_kmsg_send(kmsg, option, timeout_val);
240
241 if (mr != MACH_MSG_SUCCESS) {
242 ipc_kmsg_destroy(kmsg);
243 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
244 }
245
246 return mr;
247 }
248
249
250 #if IKM_SUPPORT_LEGACY
251
252 mach_msg_return_t
253 mach_msg_send_from_kernel_with_options_legacy(
254 mach_msg_header_t *msg,
255 mach_msg_size_t send_size,
256 mach_msg_option_t option,
257 mach_msg_timeout_t timeout_val)
258 {
259 ipc_kmsg_t kmsg;
260 mach_msg_return_t mr;
261
262 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
263
264 mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
265 if (mr != MACH_MSG_SUCCESS) {
266 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
267 return mr;
268 }
269
270 mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg);
271 if (mr != MACH_MSG_SUCCESS) {
272 ipc_kmsg_free(kmsg);
273 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
274 return mr;
275 }
276
277 /*
278 * Until we are sure of its effects, we are disabling
279 * importance donation from the kernel-side of user
280 * threads in importance-donating tasks.
281 * (11938665 & 23925818)
282 */
283 if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) {
284 option &= ~MACH_SEND_NOIMPORTANCE;
285 } else {
286 option |= MACH_SEND_NOIMPORTANCE;
287 }
288
289 mr = ipc_kmsg_send(kmsg, option, timeout_val);
290
291 if (mr != MACH_MSG_SUCCESS) {
292 ipc_kmsg_destroy(kmsg);
293 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
294 }
295
296 return mr;
297 }
298
299 #endif /* IKM_SUPPORT_LEGACY */
300
301 /*
302 * Routine: mach_msg_rpc_from_kernel
303 * Purpose:
304 * Send a message from the kernel and receive a reply.
305 * Uses ith_rpc_reply for the reply port.
306 *
307 * This is used by the client side of KernelUser interfaces
308 * to implement Routines.
309 * Conditions:
310 * Nothing locked.
311 * Returns:
312 * MACH_MSG_SUCCESS Sent the message.
313 * MACH_RCV_PORT_DIED The reply port was deallocated.
314 */
315
316 mach_msg_return_t mach_msg_rpc_from_kernel_body(mach_msg_header_t *msg,
317 mach_msg_size_t send_size, mach_msg_size_t rcv_size, boolean_t legacy);
318
319 #if IKM_SUPPORT_LEGACY
320
321 #undef mach_msg_rpc_from_kernel
322 mach_msg_return_t
323 mach_msg_rpc_from_kernel(
324 mach_msg_header_t *msg,
325 mach_msg_size_t send_size,
326 mach_msg_size_t rcv_size);
327
328 mach_msg_return_t
329 mach_msg_rpc_from_kernel(
330 mach_msg_header_t *msg,
331 mach_msg_size_t send_size,
332 mach_msg_size_t rcv_size)
333 {
334 return mach_msg_rpc_from_kernel_body(msg, send_size, rcv_size, TRUE);
335 }
336
337 #endif /* IKM_SUPPORT_LEGACY */
338
339 mach_msg_return_t
340 mach_msg_rpc_from_kernel_proper(
341 mach_msg_header_t *msg,
342 mach_msg_size_t send_size,
343 mach_msg_size_t rcv_size)
344 {
345 return mach_msg_rpc_from_kernel_body(msg, send_size, rcv_size, FALSE);
346 }
347
348 mach_msg_return_t
349 mach_msg_rpc_from_kernel_body(
350 mach_msg_header_t *msg,
351 mach_msg_size_t send_size,
352 mach_msg_size_t rcv_size,
353 #if !IKM_SUPPORT_LEGACY
354 __unused
355 #endif
356 boolean_t legacy)
357 {
358 thread_t self = current_thread();
359 ipc_port_t reply;
360 ipc_kmsg_t kmsg;
361 mach_port_seqno_t seqno;
362 mach_msg_return_t mr;
363
364 assert(msg->msgh_local_port == MACH_PORT_NULL);
365
366 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
367
368 mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
369 if (mr != MACH_MSG_SUCCESS) {
370 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
371 return mr;
372 }
373
374 reply = self->ith_rpc_reply;
375 if (reply == IP_NULL) {
376 reply = ipc_port_alloc_reply();
377 if ((reply == IP_NULL) ||
378 (self->ith_rpc_reply != IP_NULL)) {
379 panic("mach_msg_rpc_from_kernel");
380 }
381 self->ith_rpc_reply = reply;
382 }
383
384 /* insert send-once right for the reply port */
385 kmsg->ikm_header->msgh_local_port = reply;
386 kmsg->ikm_header->msgh_bits |=
387 MACH_MSGH_BITS(0, MACH_MSG_TYPE_MAKE_SEND_ONCE);
388
389 #if IKM_SUPPORT_LEGACY
390 if (legacy) {
391 mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg);
392 } else {
393 mr = ipc_kmsg_copyin_from_kernel(kmsg);
394 }
395 #else
396 mr = ipc_kmsg_copyin_from_kernel(kmsg);
397 #endif
398 if (mr != MACH_MSG_SUCCESS) {
399 ipc_kmsg_free(kmsg);
400 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
401 return mr;
402 }
403
404 /*
405 * respect the thread's SEND_IMPORTANCE option to force importance
406 * donation from the kernel-side of user threads
407 * (11938665 & 23925818)
408 */
409 mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT;
410 if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) {
411 option &= ~MACH_SEND_NOIMPORTANCE;
412 }
413
414 mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE);
415 if (mr != MACH_MSG_SUCCESS) {
416 ipc_kmsg_destroy(kmsg);
417 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
418 return mr;
419 }
420
421 for (;;) {
422 ipc_mqueue_t mqueue;
423
424 assert(reply->ip_in_pset == 0);
425 require_ip_active(reply);
426
427 /* JMM - why this check? */
428 if (!self->active && !self->inspection) {
429 ipc_port_dealloc_reply(reply);
430 self->ith_rpc_reply = IP_NULL;
431 return MACH_RCV_INTERRUPTED;
432 }
433
434 self->ith_continuation = (void (*)(mach_msg_return_t))0;
435
436 mqueue = &reply->ip_messages;
437 ipc_mqueue_receive(mqueue,
438 MACH_MSG_OPTION_NONE,
439 MACH_MSG_SIZE_MAX,
440 MACH_MSG_TIMEOUT_NONE,
441 THREAD_INTERRUPTIBLE);
442
443 mr = self->ith_state;
444 kmsg = self->ith_kmsg;
445 seqno = self->ith_seqno;
446
447 mach_msg_receive_results_complete(ip_to_object(reply));
448
449 if (mr == MACH_MSG_SUCCESS) {
450 break;
451 }
452
453 assert(mr == MACH_RCV_INTERRUPTED);
454
455 assert(reply == self->ith_rpc_reply);
456
457 if (self->ast & AST_APC) {
458 ipc_port_dealloc_reply(reply);
459 self->ith_rpc_reply = IP_NULL;
460 return mr;
461 }
462 }
463
464 /*
465 * Check to see how much of the message/trailer can be received.
466 * We chose the maximum trailer that will fit, since we don't
467 * have options telling us which trailer elements the caller needed.
468 */
469 if (rcv_size >= kmsg->ikm_header->msgh_size) {
470 mach_msg_format_0_trailer_t *trailer = (mach_msg_format_0_trailer_t *)
471 ((vm_offset_t)kmsg->ikm_header + kmsg->ikm_header->msgh_size);
472
473 if (rcv_size >= kmsg->ikm_header->msgh_size + MAX_TRAILER_SIZE) {
474 /* Enough room for a maximum trailer */
475 trailer->msgh_trailer_size = MAX_TRAILER_SIZE;
476 } else if (rcv_size < kmsg->ikm_header->msgh_size +
477 trailer->msgh_trailer_size) {
478 /* no room for even the basic (default) trailer */
479 trailer->msgh_trailer_size = 0;
480 }
481 assert(trailer->msgh_trailer_type == MACH_MSG_TRAILER_FORMAT_0);
482 rcv_size = kmsg->ikm_header->msgh_size + trailer->msgh_trailer_size;
483 mr = MACH_MSG_SUCCESS;
484 } else {
485 mr = MACH_RCV_TOO_LARGE;
486 }
487
488
489 /*
490 * We want to preserve rights and memory in reply!
491 * We don't have to put them anywhere; just leave them
492 * as they are.
493 */
494 #if IKM_SUPPORT_LEGACY
495 if (legacy) {
496 ipc_kmsg_copyout_to_kernel_legacy(kmsg, ipc_space_reply);
497 } else {
498 ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply);
499 }
500 #else
501 ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply);
502 #endif
503 ipc_kmsg_put_to_kernel(msg, kmsg, rcv_size);
504 return mr;
505 }
506
507 /*
508 * Routine: mach_msg_destroy_from_kernel_proper
509 * Purpose:
510 * mach_msg_destroy_from_kernel_proper is used to destroy
511 * an unwanted/unexpected reply message from a MIG
512 * kernel-specific user-side stub. It is like ipc_kmsg_destroy(),
513 * except we no longer have the kmsg - just the contents.
514 */
515 void
516 mach_msg_destroy_from_kernel_proper(mach_msg_header_t *msg)
517 {
518 mach_msg_bits_t mbits = msg->msgh_bits;
519 ipc_object_t object;
520
521 object = (ipc_object_t) msg->msgh_remote_port;
522 if (IO_VALID(object)) {
523 ipc_object_destroy(object, MACH_MSGH_BITS_REMOTE(mbits));
524 }
525
526 /*
527 * The destination (now in msg->msgh_local_port via
528 * ipc_kmsg_copyout_to_kernel) has been consumed with
529 * ipc_object_copyout_dest.
530 */
531
532 /* MIG kernel users don't receive vouchers */
533 assert(!MACH_MSGH_BITS_VOUCHER(mbits));
534
535 /* For simple messages, we're done */
536 if ((mbits & MACH_MSGH_BITS_COMPLEX) == 0) {
537 return;
538 }
539
540 /* Discard descriptor contents */
541 mach_msg_body_t *body = (mach_msg_body_t *)(msg + 1);
542 mach_msg_descriptor_t *daddr = (mach_msg_descriptor_t *)(body + 1);
543 mach_msg_size_t i;
544
545 for (i = 0; i < body->msgh_descriptor_count; i++, daddr++) {
546 switch (daddr->type.type) {
547 case MACH_MSG_PORT_DESCRIPTOR: {
548 mach_msg_port_descriptor_t *dsc = &daddr->port;
549 if (IO_VALID((ipc_object_t) dsc->name)) {
550 ipc_object_destroy((ipc_object_t) dsc->name, dsc->disposition);
551 }
552 break;
553 }
554 case MACH_MSG_OOL_VOLATILE_DESCRIPTOR:
555 case MACH_MSG_OOL_DESCRIPTOR: {
556 mach_msg_ool_descriptor_t *dsc =
557 (mach_msg_ool_descriptor_t *)&daddr->out_of_line;
558
559 if (dsc->size > 0) {
560 vm_map_copy_discard((vm_map_copy_t) dsc->address);
561 } else {
562 assert(dsc->address == (void *) 0);
563 }
564 break;
565 }
566 case MACH_MSG_OOL_PORTS_DESCRIPTOR: {
567 ipc_object_t *objects;
568 mach_msg_type_number_t j;
569 mach_msg_ool_ports_descriptor_t *dsc;
570
571 dsc = (mach_msg_ool_ports_descriptor_t *)&daddr->ool_ports;
572 objects = (ipc_object_t *) dsc->address;
573
574 if (dsc->count == 0) {
575 break;
576 }
577 assert(objects != 0);
578 for (j = 0; j < dsc->count; j++) {
579 object = objects[j];
580 if (IO_VALID(object)) {
581 ipc_object_destroy(object, dsc->disposition);
582 }
583 }
584 kfree(dsc->address, (vm_size_t) dsc->count * sizeof(mach_port_t));
585 break;
586 }
587 case MACH_MSG_GUARDED_PORT_DESCRIPTOR: {
588 mach_msg_guarded_port_descriptor_t *dsc = (mach_msg_guarded_port_descriptor_t *)&daddr->guarded_port;
589 if (IO_VALID((ipc_object_t) dsc->name)) {
590 ipc_object_destroy((ipc_object_t) dsc->name, dsc->disposition);
591 }
592 break;
593 }
594 default:
595 break;
596 }
597 }
598 }
599
600 /************** These Calls are set up for kernel-loaded tasks/threads **************/
601
602 /*
603 * Routine: mach_msg_overwrite
604 * Purpose:
605 * Like mach_msg_overwrite_trap except that message buffers
606 * live in kernel space. Doesn't handle any options.
607 *
608 * This is used by in-kernel server threads to make
609 * kernel calls, to receive request messages, and
610 * to send reply messages.
611 * Conditions:
612 * Nothing locked.
613 * Returns:
614 */
615
616 mach_msg_return_t
617 mach_msg_overwrite(
618 mach_msg_header_t *msg,
619 mach_msg_option_t option,
620 mach_msg_size_t send_size,
621 mach_msg_size_t rcv_size,
622 mach_port_name_t rcv_name,
623 __unused mach_msg_timeout_t msg_timeout,
624 mach_msg_priority_t override,
625 __unused mach_msg_header_t *rcv_msg,
626 __unused mach_msg_size_t rcv_msg_size)
627 {
628 ipc_space_t space = current_space();
629 vm_map_t map = current_map();
630 ipc_kmsg_t kmsg;
631 mach_port_seqno_t seqno;
632 mach_msg_return_t mr;
633 mach_msg_trailer_size_t trailer_size;
634
635 if (option & MACH_SEND_MSG) {
636 mach_msg_size_t msg_and_trailer_size;
637 mach_msg_max_trailer_t *max_trailer;
638
639 if ((send_size & 3) ||
640 send_size < sizeof(mach_msg_header_t) ||
641 (send_size < sizeof(mach_msg_base_t) && (msg->msgh_bits & MACH_MSGH_BITS_COMPLEX))) {
642 return MACH_SEND_MSG_TOO_SMALL;
643 }
644
645 if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE) {
646 return MACH_SEND_TOO_LARGE;
647 }
648
649 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
650
651 msg_and_trailer_size = send_size + MAX_TRAILER_SIZE;
652 kmsg = ipc_kmsg_alloc(msg_and_trailer_size);
653
654 if (kmsg == IKM_NULL) {
655 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, MACH_SEND_NO_BUFFER);
656 return MACH_SEND_NO_BUFFER;
657 }
658
659 KERNEL_DEBUG_CONSTANT(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_LINK) | DBG_FUNC_NONE,
660 (uintptr_t)0, /* this should only be called from the kernel! */
661 VM_KERNEL_ADDRPERM((uintptr_t)kmsg),
662 0, 0,
663 0);
664 (void) memcpy((void *) kmsg->ikm_header, (const void *) msg, send_size);
665
666 kmsg->ikm_header->msgh_size = send_size;
667
668 /*
669 * Reserve for the trailer the largest space (MAX_TRAILER_SIZE)
670 * However, the internal size field of the trailer (msgh_trailer_size)
671 * is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize
672 * the cases where no implicit data is requested.
673 */
674 max_trailer = (mach_msg_max_trailer_t *) ((vm_offset_t)kmsg->ikm_header + send_size);
675 max_trailer->msgh_sender = current_thread()->task->sec_token;
676 max_trailer->msgh_audit = current_thread()->task->audit_token;
677 max_trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
678 max_trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
679
680 mr = ipc_kmsg_copyin(kmsg, space, map, override, &option);
681
682 if (mr != MACH_MSG_SUCCESS) {
683 ipc_kmsg_free(kmsg);
684 KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
685 return mr;
686 }
687
688 do {
689 mr = ipc_kmsg_send(kmsg, MACH_MSG_OPTION_NONE, MACH_MSG_TIMEOUT_NONE);
690 } while (mr == MACH_SEND_INTERRUPTED);
691
692 assert(mr == MACH_MSG_SUCCESS);
693 }
694
695 if (option & MACH_RCV_MSG) {
696 thread_t self = current_thread();
697
698 do {
699 ipc_object_t object;
700 ipc_mqueue_t mqueue;
701
702 mr = ipc_mqueue_copyin(space, rcv_name,
703 &mqueue, &object);
704 if (mr != MACH_MSG_SUCCESS) {
705 return mr;
706 }
707
708 /* hold ref for object */
709
710 self->ith_continuation = (void (*)(mach_msg_return_t))0;
711 ipc_mqueue_receive(mqueue,
712 MACH_MSG_OPTION_NONE,
713 MACH_MSG_SIZE_MAX,
714 MACH_MSG_TIMEOUT_NONE,
715 THREAD_ABORTSAFE);
716 mr = self->ith_state;
717 kmsg = self->ith_kmsg;
718 seqno = self->ith_seqno;
719
720 mach_msg_receive_results_complete(object);
721 io_release(object);
722 } while (mr == MACH_RCV_INTERRUPTED);
723
724 if (mr != MACH_MSG_SUCCESS) {
725 return mr;
726 }
727
728 trailer_size = ipc_kmsg_add_trailer(kmsg, space, option, current_thread(), seqno, TRUE,
729 kmsg->ikm_header->msgh_remote_port->ip_context);
730
731 if (rcv_size < (kmsg->ikm_header->msgh_size + trailer_size)) {
732 ipc_kmsg_copyout_dest(kmsg, space);
733 (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg);
734 ipc_kmsg_free(kmsg);
735 return MACH_RCV_TOO_LARGE;
736 }
737
738 mr = ipc_kmsg_copyout(kmsg, space, map, MACH_MSG_BODY_NULL, option);
739 if (mr != MACH_MSG_SUCCESS) {
740 if ((mr & ~MACH_MSG_MASK) == MACH_RCV_BODY_ERROR) {
741 ipc_kmsg_put_to_kernel(msg, kmsg,
742 kmsg->ikm_header->msgh_size + trailer_size);
743 } else {
744 ipc_kmsg_copyout_dest(kmsg, space);
745 (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg);
746 ipc_kmsg_free(kmsg);
747 }
748
749 return mr;
750 }
751
752 (void) memcpy((void *) msg, (const void *) kmsg->ikm_header,
753 kmsg->ikm_header->msgh_size + trailer_size);
754 ipc_kmsg_free(kmsg);
755 }
756
757 return MACH_MSG_SUCCESS;
758 }
759
760 /*
761 * Routine: mig_get_reply_port
762 * Purpose:
763 * Called by client side interfaces living in the kernel
764 * to get a reply port.
765 */
766 mach_port_t
767 mig_get_reply_port(void)
768 {
769 return MACH_PORT_NULL;
770 }
771
772 /*
773 * Routine: mig_dealloc_reply_port
774 * Purpose:
775 * Called by client side interfaces to get rid of a reply port.
776 */
777
778 void
779 mig_dealloc_reply_port(
780 __unused mach_port_t reply_port)
781 {
782 }
783
784 /*
785 * Routine: mig_put_reply_port
786 * Purpose:
787 * Called by client side interfaces after each RPC to
788 * let the client recycle the reply port if it wishes.
789 */
790 void
791 mig_put_reply_port(
792 __unused mach_port_t reply_port)
793 {
794 }
795
796 /*
797 * mig_strncpy.c - by Joshua Block
798 *
799 * mig_strncp -- Bounded string copy. Does what the library routine strncpy
800 * OUGHT to do: Copies the (null terminated) string in src into dest, a
801 * buffer of length len. Assures that the copy is still null terminated
802 * and doesn't overflow the buffer, truncating the copy if necessary.
803 *
804 * Parameters:
805 *
806 * dest - Pointer to destination buffer.
807 *
808 * src - Pointer to source string.
809 *
810 * len - Length of destination buffer.
811 */
812 int
813 mig_strncpy(
814 char *dest,
815 const char *src,
816 int len)
817 {
818 int i = 0;
819
820 if (len > 0) {
821 if (dest != NULL) {
822 if (src != NULL) {
823 for (i = 1; i < len; i++) {
824 if (!(*dest++ = *src++)) {
825 return i;
826 }
827 }
828 }
829 *dest = '\0';
830 }
831 }
832 return i;
833 }
834
835 /*
836 * mig_strncpy_zerofill -- Bounded string copy. Does what the
837 * library routine strncpy OUGHT to do: Copies the (null terminated)
838 * string in src into dest, a buffer of length len. Assures that
839 * the copy is still null terminated and doesn't overflow the buffer,
840 * truncating the copy if necessary. If the string in src is smaller
841 * than given length len, it will zero fill the remaining bytes in dest.
842 *
843 * Parameters:
844 *
845 * dest - Pointer to destination buffer.
846 *
847 * src - Pointer to source string.
848 *
849 * len - Length of destination buffer.
850 */
851 int
852 mig_strncpy_zerofill(
853 char *dest,
854 const char *src,
855 int len)
856 {
857 int i = 0;
858 boolean_t terminated = FALSE;
859 int retval = 0;
860
861 if (len <= 0 || dest == NULL) {
862 return 0;
863 }
864
865 if (src == NULL) {
866 terminated = TRUE;
867 }
868
869 for (i = 1; i < len; i++) {
870 if (!terminated) {
871 if (!(*dest++ = *src++)) {
872 retval = i;
873 terminated = TRUE;
874 }
875 } else {
876 *dest++ = '\0';
877 }
878 }
879
880 *dest = '\0';
881 if (!terminated) {
882 retval = i;
883 }
884
885 return retval;
886 }
887
888 void *
889 mig_user_allocate(
890 vm_size_t size)
891 {
892 return (char *)kalloc(size);
893 }
894
895 void
896 mig_user_deallocate(
897 char *data,
898 vm_size_t size)
899 {
900 kfree(data, size);
901 }
902
903 /*
904 * Routine: mig_object_init
905 * Purpose:
906 * Initialize the base class portion of a MIG object. We
907 * will lazy init the port, so just clear it for now.
908 */
909 kern_return_t
910 mig_object_init(
911 mig_object_t mig_object,
912 const IMIGObject *interface)
913 {
914 if (mig_object == MIG_OBJECT_NULL) {
915 return KERN_INVALID_ARGUMENT;
916 }
917 mig_object->pVtbl = (const IMIGObjectVtbl *)interface;
918 mig_object->port = MACH_PORT_NULL;
919 return KERN_SUCCESS;
920 }
921
922 /*
923 * Routine: mig_object_destroy
924 * Purpose:
925 * The object is being freed. This call lets us clean
926 * up any state we have have built up over the object's
927 * lifetime.
928 * Conditions:
929 * Since notifications and the port hold references on
930 * on the object, neither can exist when this is called.
931 * This is a good place to assert() that condition.
932 */
933 void
934 mig_object_destroy(
935 __assert_only mig_object_t mig_object)
936 {
937 assert(mig_object->port == MACH_PORT_NULL);
938 return;
939 }
940
941 /*
942 * Routine: mig_object_reference
943 * Purpose:
944 * Pure virtual helper to invoke the MIG object's AddRef
945 * method.
946 * Conditions:
947 * MIG object port may be locked.
948 */
949 void
950 mig_object_reference(
951 mig_object_t mig_object)
952 {
953 assert(mig_object != MIG_OBJECT_NULL);
954 mig_object->pVtbl->AddRef((IMIGObject *)mig_object);
955 }
956
957 /*
958 * Routine: mig_object_deallocate
959 * Purpose:
960 * Pure virtual helper to invoke the MIG object's Release
961 * method.
962 * Conditions:
963 * Nothing locked.
964 */
965 void
966 mig_object_deallocate(
967 mig_object_t mig_object)
968 {
969 assert(mig_object != MIG_OBJECT_NULL);
970 ipc_port_t port = mig_object->port;
971 if (mig_object->pVtbl->Release((IMIGObject *)mig_object) == 0) {
972 if (IP_VALID(port)) {
973 assert(!port->ip_srights);
974 ipc_port_dealloc_kernel(port);
975 }
976 }
977 }
978
979 /*
980 * Routine: convert_mig_object_to_port [interface]
981 * Purpose:
982 * Base implementation of MIG outtrans routine to convert from
983 * a mig object reference to a new send right on the object's
984 * port. The object reference is consumed.
985 * Returns:
986 * IP_NULL - Null MIG object supplied
987 * Otherwise, a newly made send right for the port
988 * Conditions:
989 * Nothing locked.
990 */
991 ipc_port_t
992 convert_mig_object_to_port(
993 mig_object_t mig_object)
994 {
995 if (mig_object == MIG_OBJECT_NULL) {
996 return IP_NULL;
997 }
998
999 /*
1000 * make a send right and donate our reference for mig_object_no_senders
1001 * if this is the first send right
1002 */
1003 if (!ipc_kobject_make_send_lazy_alloc_port(&mig_object->port,
1004 (ipc_kobject_t) mig_object, IKOT_MIG)) {
1005 mig_object_deallocate(mig_object);
1006 }
1007
1008 return mig_object->port;
1009 }
1010
1011
1012 /*
1013 * Routine: convert_port_to_mig_object [interface]
1014 * Purpose:
1015 * Base implementation of MIG intrans routine to convert from
1016 * an incoming port reference to a new reference on the
1017 * underlying object. A new reference must be created, because
1018 * the port's reference could go away asynchronously.
1019 * Returns:
1020 * NULL - Not an active MIG object port or iid not supported
1021 * Otherwise, a reference to the underlying MIG interface
1022 * Conditions:
1023 * Nothing locked.
1024 */
1025 mig_object_t
1026 convert_port_to_mig_object(
1027 ipc_port_t port,
1028 const MIGIID *iid)
1029 {
1030 mig_object_t mig_object;
1031 void *ppv;
1032
1033 if (!IP_VALID(port)) {
1034 return NULL;
1035 }
1036
1037 ip_lock(port);
1038 if (!ip_active(port) || (ip_kotype(port) != IKOT_MIG)) {
1039 ip_unlock(port);
1040 return NULL;
1041 }
1042
1043 /*
1044 * Our port points to some MIG object interface. Now
1045 * query it to get a reference to the desired interface.
1046 */
1047 ppv = NULL;
1048 mig_object = (mig_object_t)port->ip_kobject;
1049 mig_object->pVtbl->QueryInterface((IMIGObject *)mig_object, iid, &ppv);
1050 ip_unlock(port);
1051 return (mig_object_t)ppv;
1052 }
1053
1054 /*
1055 * Routine: mig_object_no_senders [interface]
1056 * Purpose:
1057 * Base implementation of a no-senders notification handler
1058 * for MIG objects. If there truly are no more senders, must
1059 * destroy the port and drop its reference on the object.
1060 * Conditions:
1061 * Nothing locked.
1062 */
1063 void
1064 mig_object_no_senders(
1065 ipc_port_t port)
1066 {
1067 require_ip_active(port);
1068 assert(IKOT_MIG == ip_kotype(port));
1069
1070 /* consume the reference donated by convert_mig_object_to_port */
1071 mig_object_deallocate((mig_object_t)port->ip_kobject);
1072 }
1073
1074 /*
1075 * Kernel implementation of the notification chain for MIG object
1076 * is kept separate from the actual objects, since there are expected
1077 * to be much fewer of them than actual objects.
1078 *
1079 * The implementation of this part of MIG objects is coming
1080 * "Real Soon Now"(TM).
1081 */
mirror of XNU