]> git.saurik.com Git - apple/xnu.git/blob - iokit/Kernel/IOUserClient.cpp
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-4903.231.4.tar.gz
[apple/xnu.git] / iokit / Kernel / IOUserClient.cpp
1 /*
2 * Copyright (c) 1998-2014 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29
30 #include <libkern/c++/OSKext.h>
31 #include <IOKit/IOKitServer.h>
32 #include <IOKit/IOKitKeysPrivate.h>
33 #include <IOKit/IOUserClient.h>
34 #include <IOKit/IOService.h>
35 #include <IOKit/IORegistryEntry.h>
36 #include <IOKit/IOCatalogue.h>
37 #include <IOKit/IOMemoryDescriptor.h>
38 #include <IOKit/IOBufferMemoryDescriptor.h>
39 #include <IOKit/IOLib.h>
40 #include <IOKit/IOBSD.h>
41 #include <IOKit/IOStatisticsPrivate.h>
42 #include <IOKit/IOTimeStamp.h>
43 #include <IOKit/IODeviceTreeSupport.h>
44 #include <IOKit/system.h>
45 #include <libkern/OSDebug.h>
46 #include <sys/proc.h>
47 #include <sys/kauth.h>
48 #include <sys/codesign.h>
49
50 #include <mach/sdt.h>
51
52 #if CONFIG_MACF
53
54 extern "C" {
55 #include <security/mac_framework.h>
56 };
57 #include <sys/kauth.h>
58
59 #define IOMACF_LOG 0
60
61 #endif /* CONFIG_MACF */
62
63 #include <IOKit/assert.h>
64
65 #include "IOServicePrivate.h"
66 #include "IOKitKernelInternal.h"
67
68 #define SCALAR64(x) ((io_user_scalar_t)((unsigned int)x))
69 #define SCALAR32(x) ((uint32_t )x)
70 #define ARG32(x) ((void *)(uintptr_t)SCALAR32(x))
71 #define REF64(x) ((io_user_reference_t)((UInt64)(x)))
72 #define REF32(x) ((int)(x))
73
74 enum
75 {
76 kIOUCAsync0Flags = 3ULL,
77 kIOUCAsync64Flag = 1ULL,
78 kIOUCAsyncErrorLoggedFlag = 2ULL
79 };
80
81 #if IOKITSTATS
82
83 #define IOStatisticsRegisterCounter() \
84 do { \
85 reserved->counter = IOStatistics::registerUserClient(this); \
86 } while (0)
87
88 #define IOStatisticsUnregisterCounter() \
89 do { \
90 if (reserved) \
91 IOStatistics::unregisterUserClient(reserved->counter); \
92 } while (0)
93
94 #define IOStatisticsClientCall() \
95 do { \
96 IOStatistics::countUserClientCall(client); \
97 } while (0)
98
99 #else
100
101 #define IOStatisticsRegisterCounter()
102 #define IOStatisticsUnregisterCounter()
103 #define IOStatisticsClientCall()
104
105 #endif /* IOKITSTATS */
106
107 #if DEVELOPMENT || DEBUG
108
109 #define FAKE_STACK_FRAME(a) \
110 const void ** __frameptr; \
111 const void * __retaddr; \
112 __frameptr = (typeof(__frameptr)) __builtin_frame_address(0); \
113 __retaddr = __frameptr[1]; \
114 __frameptr[1] = (a);
115
116 #define FAKE_STACK_FRAME_END() \
117 __frameptr[1] = __retaddr;
118
119 #else /* DEVELOPMENT || DEBUG */
120
121 #define FAKE_STACK_FRAME(a)
122 #define FAKE_STACK_FRAME_END()
123
124 #endif /* DEVELOPMENT || DEBUG */
125
126 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
127
128 extern "C" {
129
130 #include <mach/mach_traps.h>
131 #include <vm/vm_map.h>
132
133 } /* extern "C" */
134
135 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
136
137 // IOMachPort maps OSObjects to ports, avoiding adding an ivar to OSObject.
138
139 class IOMachPort : public OSObject
140 {
141 OSDeclareDefaultStructors(IOMachPort)
142 public:
143 OSObject * object;
144 ipc_port_t port;
145 UInt32 mscount;
146 UInt8 holdDestroy;
147
148 static IOMachPort * portForObject( OSObject * obj,
149 ipc_kobject_type_t type );
150 static bool noMoreSendersForObject( OSObject * obj,
151 ipc_kobject_type_t type, mach_port_mscount_t * mscount );
152 static void releasePortForObject( OSObject * obj,
153 ipc_kobject_type_t type );
154 static void setHoldDestroy( OSObject * obj, ipc_kobject_type_t type );
155
156 static OSDictionary * dictForType( ipc_kobject_type_t type );
157
158 static mach_port_name_t makeSendRightForTask( task_t task,
159 io_object_t obj, ipc_kobject_type_t type );
160
161 virtual void free() APPLE_KEXT_OVERRIDE;
162 };
163
164 #define super OSObject
165 OSDefineMetaClassAndStructors(IOMachPort, OSObject)
166
167 static IOLock * gIOObjectPortLock;
168
169 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
170
171 // not in dictForType() for debugging ease
172 static OSDictionary * gIOObjectPorts;
173 static OSDictionary * gIOConnectPorts;
174 static OSDictionary * gIOIdentifierPorts;
175
176 OSDictionary * IOMachPort::dictForType( ipc_kobject_type_t type )
177 {
178 OSDictionary ** dict;
179
180 switch (type)
181 {
182 case IKOT_IOKIT_OBJECT:
183 dict = &gIOObjectPorts;
184 break;
185 case IKOT_IOKIT_CONNECT:
186 dict = &gIOConnectPorts;
187 break;
188 case IKOT_IOKIT_IDENT:
189 dict = &gIOIdentifierPorts;
190 break;
191 default:
192 panic("dictForType %d", type);
193 dict = NULL;
194 break;
195 }
196
197 if( 0 == *dict)
198 *dict = OSDictionary::withCapacity( 1 );
199
200 return( *dict );
201 }
202
203 IOMachPort * IOMachPort::portForObject ( OSObject * obj,
204 ipc_kobject_type_t type )
205 {
206 IOMachPort * inst = 0;
207 OSDictionary * dict;
208
209 IOTakeLock( gIOObjectPortLock);
210
211 do {
212
213 dict = dictForType( type );
214 if( !dict)
215 continue;
216
217 if( (inst = (IOMachPort *)
218 dict->getObject( (const OSSymbol *) obj ))) {
219 inst->mscount++;
220 inst->retain();
221 continue;
222 }
223
224 inst = new IOMachPort;
225 if( inst && !inst->init()) {
226 inst = 0;
227 continue;
228 }
229
230 inst->port = iokit_alloc_object_port( obj, type );
231 if( inst->port) {
232 // retains obj
233 dict->setObject( (const OSSymbol *) obj, inst );
234 inst->mscount++;
235
236 } else {
237 inst->release();
238 inst = 0;
239 }
240
241 } while( false );
242
243 IOUnlock( gIOObjectPortLock);
244
245 return( inst );
246 }
247
248 bool IOMachPort::noMoreSendersForObject( OSObject * obj,
249 ipc_kobject_type_t type, mach_port_mscount_t * mscount )
250 {
251 OSDictionary * dict;
252 IOMachPort * machPort;
253 IOUserClient * uc;
254 bool destroyed = true;
255
256 IOTakeLock( gIOObjectPortLock);
257
258 if( (dict = dictForType( type ))) {
259 obj->retain();
260
261 machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
262 if( machPort) {
263 destroyed = (machPort->mscount <= *mscount);
264 if (!destroyed) *mscount = machPort->mscount;
265 else
266 {
267 if ((IKOT_IOKIT_CONNECT == type) && (uc = OSDynamicCast(IOUserClient, obj)))
268 {
269 uc->noMoreSenders();
270 }
271 dict->removeObject( (const OSSymbol *) obj );
272 }
273 }
274 obj->release();
275 }
276
277 IOUnlock( gIOObjectPortLock);
278
279 return( destroyed );
280 }
281
282 void IOMachPort::releasePortForObject( OSObject * obj,
283 ipc_kobject_type_t type )
284 {
285 OSDictionary * dict;
286 IOMachPort * machPort;
287
288 assert(IKOT_IOKIT_CONNECT != type);
289
290 IOTakeLock( gIOObjectPortLock);
291
292 if( (dict = dictForType( type ))) {
293 obj->retain();
294 machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
295 if( machPort && !machPort->holdDestroy)
296 dict->removeObject( (const OSSymbol *) obj );
297 obj->release();
298 }
299
300 IOUnlock( gIOObjectPortLock);
301 }
302
303 void IOMachPort::setHoldDestroy( OSObject * obj, ipc_kobject_type_t type )
304 {
305 OSDictionary * dict;
306 IOMachPort * machPort;
307
308 IOLockLock( gIOObjectPortLock );
309
310 if( (dict = dictForType( type ))) {
311 machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
312 if( machPort)
313 machPort->holdDestroy = true;
314 }
315
316 IOLockUnlock( gIOObjectPortLock );
317 }
318
319 void IOUserClient::destroyUserReferences( OSObject * obj )
320 {
321 IOMachPort::releasePortForObject( obj, IKOT_IOKIT_OBJECT );
322
323 // panther, 3160200
324 // IOMachPort::releasePortForObject( obj, IKOT_IOKIT_CONNECT );
325
326 OSDictionary * dict;
327
328 IOTakeLock( gIOObjectPortLock);
329 obj->retain();
330
331 if( (dict = IOMachPort::dictForType( IKOT_IOKIT_CONNECT )))
332 {
333 IOMachPort * port;
334 port = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
335 if (port)
336 {
337 IOUserClient * uc;
338 if ((uc = OSDynamicCast(IOUserClient, obj)))
339 {
340 uc->noMoreSenders();
341 if (uc->mappings)
342 {
343 dict->setObject((const OSSymbol *) uc->mappings, port);
344 iokit_switch_object_port(port->port, uc->mappings, IKOT_IOKIT_CONNECT);
345
346 uc->mappings->release();
347 uc->mappings = 0;
348 }
349 }
350 dict->removeObject( (const OSSymbol *) obj );
351 }
352 }
353 obj->release();
354 IOUnlock( gIOObjectPortLock);
355 }
356
357 mach_port_name_t IOMachPort::makeSendRightForTask( task_t task,
358 io_object_t obj, ipc_kobject_type_t type )
359 {
360 return( iokit_make_send_right( task, obj, type ));
361 }
362
363 void IOMachPort::free( void )
364 {
365 if( port)
366 iokit_destroy_object_port( port );
367 super::free();
368 }
369
370 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
371
372 class IOUserIterator : public OSIterator
373 {
374 OSDeclareDefaultStructors(IOUserIterator)
375 public:
376 OSObject * userIteratorObject;
377 IOLock * lock;
378
379 static IOUserIterator * withIterator(OSIterator * iter);
380 virtual bool init( void ) APPLE_KEXT_OVERRIDE;
381 virtual void free() APPLE_KEXT_OVERRIDE;
382
383 virtual void reset() APPLE_KEXT_OVERRIDE;
384 virtual bool isValid() APPLE_KEXT_OVERRIDE;
385 virtual OSObject * getNextObject() APPLE_KEXT_OVERRIDE;
386 virtual OSObject * copyNextObject();
387 };
388
389 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
390
391 class IOUserNotification : public IOUserIterator
392 {
393 OSDeclareDefaultStructors(IOUserNotification)
394
395 #define holdNotify userIteratorObject
396
397 public:
398
399 virtual void free() APPLE_KEXT_OVERRIDE;
400
401 virtual void setNotification( IONotifier * obj );
402
403 virtual void reset() APPLE_KEXT_OVERRIDE;
404 virtual bool isValid() APPLE_KEXT_OVERRIDE;
405 };
406
407 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
408
409 OSDefineMetaClassAndStructors( IOUserIterator, OSIterator )
410
411 IOUserIterator *
412 IOUserIterator::withIterator(OSIterator * iter)
413 {
414 IOUserIterator * me;
415
416 if (!iter) return (0);
417
418 me = new IOUserIterator;
419 if (me && !me->init())
420 {
421 me->release();
422 me = 0;
423 }
424 if (!me) return me;
425 me->userIteratorObject = iter;
426
427 return (me);
428 }
429
430 bool
431 IOUserIterator::init( void )
432 {
433 if (!OSObject::init()) return (false);
434
435 lock = IOLockAlloc();
436 if( !lock)
437 return( false );
438
439 return (true);
440 }
441
442 void
443 IOUserIterator::free()
444 {
445 if (userIteratorObject) userIteratorObject->release();
446 if (lock) IOLockFree(lock);
447 OSObject::free();
448 }
449
450 void
451 IOUserIterator::reset()
452 {
453 IOLockLock(lock);
454 assert(OSDynamicCast(OSIterator, userIteratorObject));
455 ((OSIterator *)userIteratorObject)->reset();
456 IOLockUnlock(lock);
457 }
458
459 bool
460 IOUserIterator::isValid()
461 {
462 bool ret;
463
464 IOLockLock(lock);
465 assert(OSDynamicCast(OSIterator, userIteratorObject));
466 ret = ((OSIterator *)userIteratorObject)->isValid();
467 IOLockUnlock(lock);
468
469 return (ret);
470 }
471
472 OSObject *
473 IOUserIterator::getNextObject()
474 {
475 assert(false);
476 return (NULL);
477 }
478
479 OSObject *
480 IOUserIterator::copyNextObject()
481 {
482 OSObject * ret = NULL;
483
484 IOLockLock(lock);
485 if (userIteratorObject) {
486 ret = ((OSIterator *)userIteratorObject)->getNextObject();
487 if (ret) ret->retain();
488 }
489 IOLockUnlock(lock);
490
491 return (ret);
492 }
493
494 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
495 extern "C" {
496
497 // functions called from osfmk/device/iokit_rpc.c
498
499 void
500 iokit_add_reference( io_object_t obj, ipc_kobject_type_t type )
501 {
502 IOUserClient * uc;
503
504 if (!obj) return;
505
506 if ((IKOT_IOKIT_CONNECT == type)
507 && (uc = OSDynamicCast(IOUserClient, obj)))
508 {
509 OSIncrementAtomic(&uc->__ipc);
510 }
511
512 obj->retain();
513 }
514
515 void
516 iokit_remove_reference( io_object_t obj )
517 {
518 if( obj)
519 obj->release();
520 }
521
522 void
523 iokit_remove_connect_reference( io_object_t obj )
524 {
525 IOUserClient * uc;
526 bool finalize = false;
527
528 if (!obj) return;
529
530 if ((uc = OSDynamicCast(IOUserClient, obj)))
531 {
532 if (1 == OSDecrementAtomic(&uc->__ipc) && uc->isInactive())
533 {
534 IOLockLock(gIOObjectPortLock);
535 if ((finalize = uc->__ipcFinal)) uc->__ipcFinal = false;
536 IOLockUnlock(gIOObjectPortLock);
537 }
538 if (finalize) uc->scheduleFinalize(true);
539 }
540
541 obj->release();
542 }
543
544 bool
545 IOUserClient::finalizeUserReferences(OSObject * obj)
546 {
547 IOUserClient * uc;
548 bool ok = true;
549
550 if ((uc = OSDynamicCast(IOUserClient, obj)))
551 {
552 IOLockLock(gIOObjectPortLock);
553 if ((uc->__ipcFinal = (0 != uc->__ipc))) ok = false;
554 IOLockUnlock(gIOObjectPortLock);
555 }
556 return (ok);
557 }
558
559 ipc_port_t
560 iokit_port_for_object( io_object_t obj, ipc_kobject_type_t type )
561 {
562 IOMachPort * machPort;
563 ipc_port_t port;
564
565 if( (machPort = IOMachPort::portForObject( obj, type ))) {
566
567 port = machPort->port;
568 if( port)
569 iokit_retain_port( port );
570
571 machPort->release();
572
573 } else
574 port = NULL;
575
576 return( port );
577 }
578
579 kern_return_t
580 iokit_client_died( io_object_t obj, ipc_port_t /* port */,
581 ipc_kobject_type_t type, mach_port_mscount_t * mscount )
582 {
583 IOUserClient * client;
584 IOMemoryMap * map;
585 IOUserNotification * notify;
586
587 if( !IOMachPort::noMoreSendersForObject( obj, type, mscount ))
588 return( kIOReturnNotReady );
589
590 if( IKOT_IOKIT_CONNECT == type)
591 {
592 if( (client = OSDynamicCast( IOUserClient, obj )))
593 {
594 IOStatisticsClientCall();
595 IOLockLock(client->lock);
596 client->clientDied();
597 IOLockUnlock(client->lock);
598 }
599 }
600 else if( IKOT_IOKIT_OBJECT == type)
601 {
602 if( (map = OSDynamicCast( IOMemoryMap, obj )))
603 map->taskDied();
604 else if( (notify = OSDynamicCast( IOUserNotification, obj )))
605 notify->setNotification( 0 );
606 }
607
608 return( kIOReturnSuccess );
609 }
610
611 }; /* extern "C" */
612
613 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
614
615 class IOServiceUserNotification : public IOUserNotification
616 {
617 OSDeclareDefaultStructors(IOServiceUserNotification)
618
619 struct PingMsg {
620 mach_msg_header_t msgHdr;
621 OSNotificationHeader64 notifyHeader;
622 };
623
624 enum { kMaxOutstanding = 1024 };
625
626 PingMsg * pingMsg;
627 vm_size_t msgSize;
628 OSArray * newSet;
629 bool armed;
630 bool ipcLogged;
631
632 public:
633
634 virtual bool init( mach_port_t port, natural_t type,
635 void * reference, vm_size_t referenceSize,
636 bool clientIs64 );
637 virtual void free() APPLE_KEXT_OVERRIDE;
638 void invalidatePort(void);
639
640 static bool _handler( void * target,
641 void * ref, IOService * newService, IONotifier * notifier );
642 virtual bool handler( void * ref, IOService * newService );
643
644 virtual OSObject * getNextObject() APPLE_KEXT_OVERRIDE;
645 virtual OSObject * copyNextObject() APPLE_KEXT_OVERRIDE;
646 };
647
648 class IOServiceMessageUserNotification : public IOUserNotification
649 {
650 OSDeclareDefaultStructors(IOServiceMessageUserNotification)
651
652 struct PingMsg {
653 mach_msg_header_t msgHdr;
654 mach_msg_body_t msgBody;
655 mach_msg_port_descriptor_t ports[1];
656 OSNotificationHeader64 notifyHeader __attribute__ ((packed));
657 };
658
659 PingMsg * pingMsg;
660 vm_size_t msgSize;
661 uint8_t clientIs64;
662 int owningPID;
663 bool ipcLogged;
664
665 public:
666
667 virtual bool init( mach_port_t port, natural_t type,
668 void * reference, vm_size_t referenceSize,
669 vm_size_t extraSize,
670 bool clientIs64 );
671
672 virtual void free() APPLE_KEXT_OVERRIDE;
673 void invalidatePort(void);
674
675 static IOReturn _handler( void * target, void * ref,
676 UInt32 messageType, IOService * provider,
677 void * messageArgument, vm_size_t argSize );
678 virtual IOReturn handler( void * ref,
679 UInt32 messageType, IOService * provider,
680 void * messageArgument, vm_size_t argSize );
681
682 virtual OSObject * getNextObject() APPLE_KEXT_OVERRIDE;
683 virtual OSObject * copyNextObject() APPLE_KEXT_OVERRIDE;
684 };
685
686 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
687
688 #undef super
689 #define super IOUserIterator
690 OSDefineMetaClass( IOUserNotification, IOUserIterator )
691 OSDefineAbstractStructors( IOUserNotification, IOUserIterator )
692
693 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
694
695 void IOUserNotification::free( void )
696 {
697 if (holdNotify)
698 {
699 assert(OSDynamicCast(IONotifier, holdNotify));
700 ((IONotifier *)holdNotify)->remove();
701 holdNotify = 0;
702 }
703 // can't be in handler now
704
705 super::free();
706 }
707
708
709 void IOUserNotification::setNotification( IONotifier * notify )
710 {
711 OSObject * previousNotify;
712
713 IOLockLock( gIOObjectPortLock);
714
715 previousNotify = holdNotify;
716 holdNotify = notify;
717
718 IOLockUnlock( gIOObjectPortLock);
719
720 if( previousNotify)
721 {
722 assert(OSDynamicCast(IONotifier, previousNotify));
723 ((IONotifier *)previousNotify)->remove();
724 }
725 }
726
727 void IOUserNotification::reset()
728 {
729 // ?
730 }
731
732 bool IOUserNotification::isValid()
733 {
734 return( true );
735 }
736
737 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
738
739 #undef super
740 #define super IOUserNotification
741 OSDefineMetaClassAndStructors(IOServiceUserNotification, IOUserNotification)
742
743 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
744
745 bool IOServiceUserNotification::init( mach_port_t port, natural_t type,
746 void * reference, vm_size_t referenceSize,
747 bool clientIs64 )
748 {
749 if( !super::init())
750 return( false );
751
752 newSet = OSArray::withCapacity( 1 );
753 if( !newSet)
754 return( false );
755
756 if (referenceSize > sizeof(OSAsyncReference64))
757 return( false );
758
759 msgSize = sizeof(PingMsg) - sizeof(OSAsyncReference64) + referenceSize;
760 pingMsg = (PingMsg *) IOMalloc( msgSize);
761 if( !pingMsg)
762 return( false );
763
764 bzero( pingMsg, msgSize);
765
766 pingMsg->msgHdr.msgh_remote_port = port;
767 pingMsg->msgHdr.msgh_bits = MACH_MSGH_BITS(
768 MACH_MSG_TYPE_COPY_SEND /*remote*/,
769 MACH_MSG_TYPE_MAKE_SEND /*local*/);
770 pingMsg->msgHdr.msgh_size = msgSize;
771 pingMsg->msgHdr.msgh_id = kOSNotificationMessageID;
772
773 pingMsg->notifyHeader.size = 0;
774 pingMsg->notifyHeader.type = type;
775 bcopy( reference, pingMsg->notifyHeader.reference, referenceSize );
776
777 return( true );
778 }
779
780 void IOServiceUserNotification::invalidatePort(void)
781 {
782 if (pingMsg) pingMsg->msgHdr.msgh_remote_port = MACH_PORT_NULL;
783 }
784
785 void IOServiceUserNotification::free( void )
786 {
787 PingMsg * _pingMsg;
788 vm_size_t _msgSize;
789 OSArray * _newSet;
790
791 _pingMsg = pingMsg;
792 _msgSize = msgSize;
793 _newSet = newSet;
794
795 super::free();
796
797 if( _pingMsg && _msgSize) {
798 if (_pingMsg->msgHdr.msgh_remote_port) {
799 iokit_release_port_send(_pingMsg->msgHdr.msgh_remote_port);
800 }
801 IOFree(_pingMsg, _msgSize);
802 }
803
804 if( _newSet)
805 _newSet->release();
806 }
807
808 bool IOServiceUserNotification::_handler( void * target,
809 void * ref, IOService * newService, IONotifier * notifier )
810 {
811 return( ((IOServiceUserNotification *) target)->handler( ref, newService ));
812 }
813
814 bool IOServiceUserNotification::handler( void * ref,
815 IOService * newService )
816 {
817 unsigned int count;
818 kern_return_t kr;
819 ipc_port_t port = NULL;
820 bool sendPing = false;
821
822 IOTakeLock( lock );
823
824 count = newSet->getCount();
825 if( count < kMaxOutstanding) {
826
827 newSet->setObject( newService );
828 if( (sendPing = (armed && (0 == count))))
829 armed = false;
830 }
831
832 IOUnlock( lock );
833
834 if( kIOServiceTerminatedNotificationType == pingMsg->notifyHeader.type)
835 IOMachPort::setHoldDestroy( newService, IKOT_IOKIT_OBJECT );
836
837 if( sendPing) {
838 if( (port = iokit_port_for_object( this, IKOT_IOKIT_OBJECT ) ))
839 pingMsg->msgHdr.msgh_local_port = port;
840 else
841 pingMsg->msgHdr.msgh_local_port = NULL;
842
843 kr = mach_msg_send_from_kernel_with_options( &pingMsg->msgHdr,
844 pingMsg->msgHdr.msgh_size,
845 (MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_IMPORTANCE),
846 0);
847 if( port)
848 iokit_release_port( port );
849
850 if( (KERN_SUCCESS != kr) && !ipcLogged)
851 {
852 ipcLogged = true;
853 IOLog("%s: mach_msg_send_from_kernel_proper(0x%x)\n", __PRETTY_FUNCTION__, kr );
854 }
855 }
856
857 return( true );
858 }
859 OSObject * IOServiceUserNotification::getNextObject()
860 {
861 assert(false);
862 return (NULL);
863 }
864
865 OSObject * IOServiceUserNotification::copyNextObject()
866 {
867 unsigned int count;
868 OSObject * result;
869
870 IOLockLock(lock);
871
872 count = newSet->getCount();
873 if( count ) {
874 result = newSet->getObject( count - 1 );
875 result->retain();
876 newSet->removeObject( count - 1);
877 } else {
878 result = 0;
879 armed = true;
880 }
881
882 IOLockUnlock(lock);
883
884 return( result );
885 }
886
887 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
888
889 OSDefineMetaClassAndStructors(IOServiceMessageUserNotification, IOUserNotification)
890
891 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
892
893 bool IOServiceMessageUserNotification::init( mach_port_t port, natural_t type,
894 void * reference, vm_size_t referenceSize, vm_size_t extraSize,
895 bool client64 )
896 {
897 if( !super::init())
898 return( false );
899
900 if (referenceSize > sizeof(OSAsyncReference64))
901 return( false );
902
903 clientIs64 = client64;
904
905 owningPID = proc_selfpid();
906
907 extraSize += sizeof(IOServiceInterestContent64);
908 msgSize = sizeof(PingMsg) - sizeof(OSAsyncReference64) + referenceSize;
909 pingMsg = (PingMsg *) IOMalloc( msgSize);
910 if( !pingMsg)
911 return( false );
912
913 bzero( pingMsg, msgSize);
914
915 pingMsg->msgHdr.msgh_remote_port = port;
916 pingMsg->msgHdr.msgh_bits = MACH_MSGH_BITS_COMPLEX
917 | MACH_MSGH_BITS(
918 MACH_MSG_TYPE_COPY_SEND /*remote*/,
919 MACH_MSG_TYPE_MAKE_SEND /*local*/);
920 pingMsg->msgHdr.msgh_size = msgSize;
921 pingMsg->msgHdr.msgh_id = kOSNotificationMessageID;
922
923 pingMsg->msgBody.msgh_descriptor_count = 1;
924
925 pingMsg->ports[0].name = 0;
926 pingMsg->ports[0].disposition = MACH_MSG_TYPE_MAKE_SEND;
927 pingMsg->ports[0].type = MACH_MSG_PORT_DESCRIPTOR;
928
929 pingMsg->notifyHeader.size = extraSize;
930 pingMsg->notifyHeader.type = type;
931 bcopy( reference, pingMsg->notifyHeader.reference, referenceSize );
932
933 return( true );
934 }
935
936 void IOServiceMessageUserNotification::invalidatePort(void)
937 {
938 if (pingMsg) pingMsg->msgHdr.msgh_remote_port = MACH_PORT_NULL;
939 }
940
941 void IOServiceMessageUserNotification::free( void )
942 {
943 PingMsg * _pingMsg;
944 vm_size_t _msgSize;
945
946 _pingMsg = pingMsg;
947 _msgSize = msgSize;
948
949 super::free();
950
951 if( _pingMsg && _msgSize) {
952 if (_pingMsg->msgHdr.msgh_remote_port) {
953 iokit_release_port_send(_pingMsg->msgHdr.msgh_remote_port);
954 }
955 IOFree( _pingMsg, _msgSize);
956 }
957 }
958
959 IOReturn IOServiceMessageUserNotification::_handler( void * target, void * ref,
960 UInt32 messageType, IOService * provider,
961 void * argument, vm_size_t argSize )
962 {
963 return( ((IOServiceMessageUserNotification *) target)->handler(
964 ref, messageType, provider, argument, argSize));
965 }
966
967 IOReturn IOServiceMessageUserNotification::handler( void * ref,
968 UInt32 messageType, IOService * provider,
969 void * messageArgument, vm_size_t callerArgSize )
970 {
971 enum { kLocalMsgSize = 0x100 };
972 uint64_t stackMsg[kLocalMsgSize / sizeof(uint64_t)];
973 void * allocMsg;
974 kern_return_t kr;
975 vm_size_t argSize;
976 vm_size_t thisMsgSize;
977 ipc_port_t thisPort, providerPort;
978 struct PingMsg * thisMsg;
979 IOServiceInterestContent64 * data;
980
981 if (kIOMessageCopyClientID == messageType)
982 {
983 *((void **) messageArgument) = OSNumber::withNumber(owningPID, 32);
984 return (kIOReturnSuccess);
985 }
986
987 if (callerArgSize == 0)
988 {
989 if (clientIs64) argSize = sizeof(data->messageArgument[0]);
990 else argSize = sizeof(uint32_t);
991 }
992 else
993 {
994 if( callerArgSize > kIOUserNotifyMaxMessageSize)
995 callerArgSize = kIOUserNotifyMaxMessageSize;
996 argSize = callerArgSize;
997 }
998
999 // adjust message size for ipc restrictions
1000 natural_t type;
1001 type = pingMsg->notifyHeader.type;
1002 type &= ~(kIOKitNoticationMsgSizeMask << kIOKitNoticationTypeSizeAdjShift);
1003 type |= ((argSize & kIOKitNoticationMsgSizeMask) << kIOKitNoticationTypeSizeAdjShift);
1004 argSize = (argSize + kIOKitNoticationMsgSizeMask) & ~kIOKitNoticationMsgSizeMask;
1005
1006 thisMsgSize = msgSize
1007 + sizeof( IOServiceInterestContent64 )
1008 - sizeof( data->messageArgument)
1009 + argSize;
1010
1011 if (thisMsgSize > sizeof(stackMsg))
1012 {
1013 allocMsg = IOMalloc(thisMsgSize);
1014 if (!allocMsg) return (kIOReturnNoMemory);
1015 thisMsg = (typeof(thisMsg)) allocMsg;
1016 }
1017 else
1018 {
1019 allocMsg = 0;
1020 thisMsg = (typeof(thisMsg)) stackMsg;
1021 }
1022
1023 bcopy(pingMsg, thisMsg, msgSize);
1024 thisMsg->notifyHeader.type = type;
1025 data = (IOServiceInterestContent64 *) (((uint8_t *) thisMsg) + msgSize);
1026 // == pingMsg->notifyHeader.content;
1027 data->messageType = messageType;
1028
1029 if (callerArgSize == 0)
1030 {
1031 data->messageArgument[0] = (io_user_reference_t) messageArgument;
1032 if (!clientIs64)
1033 {
1034 data->messageArgument[0] |= (data->messageArgument[0] << 32);
1035 }
1036 }
1037 else
1038 {
1039 bcopy( messageArgument, data->messageArgument, callerArgSize );
1040 bzero((void *)(((uintptr_t) &data->messageArgument[0]) + callerArgSize), argSize - callerArgSize);
1041 }
1042
1043 thisMsg->notifyHeader.type = type;
1044 thisMsg->msgHdr.msgh_size = thisMsgSize;
1045
1046 providerPort = iokit_port_for_object( provider, IKOT_IOKIT_OBJECT );
1047 thisMsg->ports[0].name = providerPort;
1048 thisPort = iokit_port_for_object( this, IKOT_IOKIT_OBJECT );
1049 thisMsg->msgHdr.msgh_local_port = thisPort;
1050
1051 kr = mach_msg_send_from_kernel_with_options( &thisMsg->msgHdr,
1052 thisMsg->msgHdr.msgh_size,
1053 (MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_IMPORTANCE),
1054 0);
1055 if( thisPort)
1056 iokit_release_port( thisPort );
1057 if( providerPort)
1058 iokit_release_port( providerPort );
1059
1060 if (allocMsg)
1061 IOFree(allocMsg, thisMsgSize);
1062
1063 if((KERN_SUCCESS != kr) && !ipcLogged)
1064 {
1065 ipcLogged = true;
1066 IOLog("%s: mach_msg_send_from_kernel_proper (0x%x)\n", __PRETTY_FUNCTION__, kr );
1067 }
1068
1069 return( kIOReturnSuccess );
1070 }
1071
1072 OSObject * IOServiceMessageUserNotification::getNextObject()
1073 {
1074 return( 0 );
1075 }
1076
1077 OSObject * IOServiceMessageUserNotification::copyNextObject()
1078 {
1079 return( NULL );
1080 }
1081
1082 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1083
1084 #undef super
1085 #define super IOService
1086 OSDefineMetaClassAndAbstractStructors( IOUserClient, IOService )
1087
1088 IOLock * gIOUserClientOwnersLock;
1089
1090 void IOUserClient::initialize( void )
1091 {
1092 gIOObjectPortLock = IOLockAlloc();
1093 gIOUserClientOwnersLock = IOLockAlloc();
1094 assert(gIOObjectPortLock && gIOUserClientOwnersLock);
1095 }
1096
1097 void IOUserClient::setAsyncReference(OSAsyncReference asyncRef,
1098 mach_port_t wakePort,
1099 void *callback, void *refcon)
1100 {
1101 asyncRef[kIOAsyncReservedIndex] = ((uintptr_t) wakePort)
1102 | (kIOUCAsync0Flags & asyncRef[kIOAsyncReservedIndex]);
1103 asyncRef[kIOAsyncCalloutFuncIndex] = (uintptr_t) callback;
1104 asyncRef[kIOAsyncCalloutRefconIndex] = (uintptr_t) refcon;
1105 }
1106
1107 void IOUserClient::setAsyncReference64(OSAsyncReference64 asyncRef,
1108 mach_port_t wakePort,
1109 mach_vm_address_t callback, io_user_reference_t refcon)
1110 {
1111 asyncRef[kIOAsyncReservedIndex] = ((io_user_reference_t) wakePort)
1112 | (kIOUCAsync0Flags & asyncRef[kIOAsyncReservedIndex]);
1113 asyncRef[kIOAsyncCalloutFuncIndex] = (io_user_reference_t) callback;
1114 asyncRef[kIOAsyncCalloutRefconIndex] = refcon;
1115 }
1116
1117 void IOUserClient::setAsyncReference64(OSAsyncReference64 asyncRef,
1118 mach_port_t wakePort,
1119 mach_vm_address_t callback, io_user_reference_t refcon, task_t task)
1120 {
1121 setAsyncReference64(asyncRef, wakePort, callback, refcon);
1122 if (vm_map_is_64bit(get_task_map(task))) {
1123 asyncRef[kIOAsyncReservedIndex] |= kIOUCAsync64Flag;
1124 }
1125 }
1126
1127 static OSDictionary * CopyConsoleUser(UInt32 uid)
1128 {
1129 OSArray * array;
1130 OSDictionary * user = 0;
1131
1132 if ((array = OSDynamicCast(OSArray,
1133 IORegistryEntry::getRegistryRoot()->copyProperty(gIOConsoleUsersKey))))
1134 {
1135 for (unsigned int idx = 0;
1136 (user = OSDynamicCast(OSDictionary, array->getObject(idx)));
1137 idx++) {
1138 OSNumber * num;
1139
1140 if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionUIDKey)))
1141 && (uid == num->unsigned32BitValue())) {
1142 user->retain();
1143 break;
1144 }
1145 }
1146 array->release();
1147 }
1148 return user;
1149 }
1150
1151 static OSDictionary * CopyUserOnConsole(void)
1152 {
1153 OSArray * array;
1154 OSDictionary * user = 0;
1155
1156 if ((array = OSDynamicCast(OSArray,
1157 IORegistryEntry::getRegistryRoot()->copyProperty(gIOConsoleUsersKey))))
1158 {
1159 for (unsigned int idx = 0;
1160 (user = OSDynamicCast(OSDictionary, array->getObject(idx)));
1161 idx++)
1162 {
1163 if (kOSBooleanTrue == user->getObject(gIOConsoleSessionOnConsoleKey))
1164 {
1165 user->retain();
1166 break;
1167 }
1168 }
1169 array->release();
1170 }
1171 return (user);
1172 }
1173
1174 IOReturn IOUserClient::clientHasAuthorization( task_t task,
1175 IOService * service )
1176 {
1177 proc_t p;
1178
1179 p = (proc_t) get_bsdtask_info(task);
1180 if (p)
1181 {
1182 uint64_t authorizationID;
1183
1184 authorizationID = proc_uniqueid(p);
1185 if (authorizationID)
1186 {
1187 if (service->getAuthorizationID() == authorizationID)
1188 {
1189 return (kIOReturnSuccess);
1190 }
1191 }
1192 }
1193
1194 return (kIOReturnNotPermitted);
1195 }
1196
1197 IOReturn IOUserClient::clientHasPrivilege( void * securityToken,
1198 const char * privilegeName )
1199 {
1200 kern_return_t kr;
1201 security_token_t token;
1202 mach_msg_type_number_t count;
1203 task_t task;
1204 OSDictionary * user;
1205 bool secureConsole;
1206
1207
1208 if (!strncmp(privilegeName, kIOClientPrivilegeForeground,
1209 sizeof(kIOClientPrivilegeForeground)))
1210 {
1211 if (task_is_gpu_denied(current_task()))
1212 return (kIOReturnNotPrivileged);
1213 else
1214 return (kIOReturnSuccess);
1215 }
1216
1217 if (!strncmp(privilegeName, kIOClientPrivilegeConsoleSession,
1218 sizeof(kIOClientPrivilegeConsoleSession)))
1219 {
1220 kauth_cred_t cred;
1221 proc_t p;
1222
1223 task = (task_t) securityToken;
1224 if (!task)
1225 task = current_task();
1226 p = (proc_t) get_bsdtask_info(task);
1227 kr = kIOReturnNotPrivileged;
1228
1229 if (p && (cred = kauth_cred_proc_ref(p)))
1230 {
1231 user = CopyUserOnConsole();
1232 if (user)
1233 {
1234 OSNumber * num;
1235 if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionAuditIDKey)))
1236 && (cred->cr_audit.as_aia_p->ai_asid == (au_asid_t) num->unsigned32BitValue()))
1237 {
1238 kr = kIOReturnSuccess;
1239 }
1240 user->release();
1241 }
1242 kauth_cred_unref(&cred);
1243 }
1244 return (kr);
1245 }
1246
1247 if ((secureConsole = !strncmp(privilegeName, kIOClientPrivilegeSecureConsoleProcess,
1248 sizeof(kIOClientPrivilegeSecureConsoleProcess))))
1249 task = (task_t)((IOUCProcessToken *)securityToken)->token;
1250 else
1251 task = (task_t)securityToken;
1252
1253 count = TASK_SECURITY_TOKEN_COUNT;
1254 kr = task_info( task, TASK_SECURITY_TOKEN, (task_info_t) &token, &count );
1255
1256 if (KERN_SUCCESS != kr)
1257 {}
1258 else if (!strncmp(privilegeName, kIOClientPrivilegeAdministrator,
1259 sizeof(kIOClientPrivilegeAdministrator))) {
1260 if (0 != token.val[0])
1261 kr = kIOReturnNotPrivileged;
1262 } else if (!strncmp(privilegeName, kIOClientPrivilegeLocalUser,
1263 sizeof(kIOClientPrivilegeLocalUser))) {
1264 user = CopyConsoleUser(token.val[0]);
1265 if ( user )
1266 user->release();
1267 else
1268 kr = kIOReturnNotPrivileged;
1269 } else if (secureConsole || !strncmp(privilegeName, kIOClientPrivilegeConsoleUser,
1270 sizeof(kIOClientPrivilegeConsoleUser))) {
1271 user = CopyConsoleUser(token.val[0]);
1272 if ( user ) {
1273 if (user->getObject(gIOConsoleSessionOnConsoleKey) != kOSBooleanTrue)
1274 kr = kIOReturnNotPrivileged;
1275 else if ( secureConsole ) {
1276 OSNumber * pid = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionSecureInputPIDKey));
1277 if ( pid && pid->unsigned32BitValue() != ((IOUCProcessToken *)securityToken)->pid)
1278 kr = kIOReturnNotPrivileged;
1279 }
1280 user->release();
1281 }
1282 else
1283 kr = kIOReturnNotPrivileged;
1284 } else
1285 kr = kIOReturnUnsupported;
1286
1287 return (kr);
1288 }
1289
1290 OSObject * IOUserClient::copyClientEntitlement( task_t task,
1291 const char * entitlement )
1292 {
1293 #define MAX_ENTITLEMENTS_LEN (128 * 1024)
1294
1295 proc_t p = NULL;
1296 pid_t pid = 0;
1297 char procname[MAXCOMLEN + 1] = "";
1298 size_t len = 0;
1299 void *entitlements_blob = NULL;
1300 char *entitlements_data = NULL;
1301 OSObject *entitlements_obj = NULL;
1302 OSDictionary *entitlements = NULL;
1303 OSString *errorString = NULL;
1304 OSObject *value = NULL;
1305
1306 p = (proc_t)get_bsdtask_info(task);
1307 if (p == NULL)
1308 goto fail;
1309 pid = proc_pid(p);
1310 proc_name(pid, procname, (int)sizeof(procname));
1311
1312 if (cs_entitlements_blob_get(p, &entitlements_blob, &len) != 0)
1313 goto fail;
1314
1315 if (len <= offsetof(CS_GenericBlob, data))
1316 goto fail;
1317
1318 /*
1319 * Per <rdar://problem/11593877>, enforce a limit on the amount of XML
1320 * we'll try to parse in the kernel.
1321 */
1322 len -= offsetof(CS_GenericBlob, data);
1323 if (len > MAX_ENTITLEMENTS_LEN) {
1324 IOLog("failed to parse entitlements for %s[%u]: %lu bytes of entitlements exceeds maximum of %u\n", procname, pid, len, MAX_ENTITLEMENTS_LEN);
1325 goto fail;
1326 }
1327
1328 /*
1329 * OSUnserializeXML() expects a nul-terminated string, but that isn't
1330 * what is stored in the entitlements blob. Copy the string and
1331 * terminate it.
1332 */
1333 entitlements_data = (char *)IOMalloc(len + 1);
1334 if (entitlements_data == NULL)
1335 goto fail;
1336 memcpy(entitlements_data, ((CS_GenericBlob *)entitlements_blob)->data, len);
1337 entitlements_data[len] = '\0';
1338
1339 entitlements_obj = OSUnserializeXML(entitlements_data, len + 1, &errorString);
1340 if (errorString != NULL) {
1341 IOLog("failed to parse entitlements for %s[%u]: %s\n", procname, pid, errorString->getCStringNoCopy());
1342 goto fail;
1343 }
1344 if (entitlements_obj == NULL)
1345 goto fail;
1346
1347 entitlements = OSDynamicCast(OSDictionary, entitlements_obj);
1348 if (entitlements == NULL)
1349 goto fail;
1350
1351 /* Fetch the entitlement value from the dictionary. */
1352 value = entitlements->getObject(entitlement);
1353 if (value != NULL)
1354 value->retain();
1355
1356 fail:
1357 if (entitlements_data != NULL)
1358 IOFree(entitlements_data, len + 1);
1359 if (entitlements_obj != NULL)
1360 entitlements_obj->release();
1361 if (errorString != NULL)
1362 errorString->release();
1363 return value;
1364 }
1365
1366 bool IOUserClient::init()
1367 {
1368 if (getPropertyTable() || super::init())
1369 return reserve();
1370
1371 return false;
1372 }
1373
1374 bool IOUserClient::init(OSDictionary * dictionary)
1375 {
1376 if (getPropertyTable() || super::init(dictionary))
1377 return reserve();
1378
1379 return false;
1380 }
1381
1382 bool IOUserClient::initWithTask(task_t owningTask,
1383 void * securityID,
1384 UInt32 type )
1385 {
1386 if (getPropertyTable() || super::init())
1387 return reserve();
1388
1389 return false;
1390 }
1391
1392 bool IOUserClient::initWithTask(task_t owningTask,
1393 void * securityID,
1394 UInt32 type,
1395 OSDictionary * properties )
1396 {
1397 bool ok;
1398
1399 ok = super::init( properties );
1400 ok &= initWithTask( owningTask, securityID, type );
1401
1402 return( ok );
1403 }
1404
1405 bool IOUserClient::reserve()
1406 {
1407 if(!reserved) {
1408 reserved = IONew(ExpansionData, 1);
1409 if (!reserved) {
1410 return false;
1411 }
1412 }
1413 setTerminateDefer(NULL, true);
1414 IOStatisticsRegisterCounter();
1415
1416 return true;
1417 }
1418
1419 struct IOUserClientOwner
1420 {
1421 task_t task;
1422 queue_chain_t taskLink;
1423 IOUserClient * uc;
1424 queue_chain_t ucLink;
1425 };
1426
1427 IOReturn
1428 IOUserClient::registerOwner(task_t task)
1429 {
1430 IOUserClientOwner * owner;
1431 IOReturn ret;
1432 bool newOwner;
1433
1434 IOLockLock(gIOUserClientOwnersLock);
1435
1436 newOwner = true;
1437 ret = kIOReturnSuccess;
1438
1439 if (!owners.next) queue_init(&owners);
1440 else
1441 {
1442 queue_iterate(&owners, owner, IOUserClientOwner *, ucLink)
1443 {
1444 if (task != owner->task) continue;
1445 newOwner = false;
1446 break;
1447 }
1448 }
1449 if (newOwner)
1450 {
1451 owner = IONew(IOUserClientOwner, 1);
1452 if (!owner) ret = kIOReturnNoMemory;
1453 else
1454 {
1455 owner->task = task;
1456 owner->uc = this;
1457 queue_enter_first(&owners, owner, IOUserClientOwner *, ucLink);
1458 queue_enter_first(task_io_user_clients(task), owner, IOUserClientOwner *, taskLink);
1459 }
1460 }
1461
1462 IOLockUnlock(gIOUserClientOwnersLock);
1463
1464 return (ret);
1465 }
1466
1467 void
1468 IOUserClient::noMoreSenders(void)
1469 {
1470 IOUserClientOwner * owner;
1471
1472 IOLockLock(gIOUserClientOwnersLock);
1473
1474 if (owners.next)
1475 {
1476 while (!queue_empty(&owners))
1477 {
1478 owner = (IOUserClientOwner *)(void *) queue_first(&owners);
1479 queue_remove(task_io_user_clients(owner->task), owner, IOUserClientOwner *, taskLink);
1480 queue_remove(&owners, owner, IOUserClientOwner *, ucLink);
1481 IODelete(owner, IOUserClientOwner, 1);
1482 }
1483 owners.next = owners.prev = NULL;
1484 }
1485
1486 IOLockUnlock(gIOUserClientOwnersLock);
1487 }
1488
1489 extern "C" kern_return_t
1490 iokit_task_terminate(task_t task)
1491 {
1492 IOUserClientOwner * owner;
1493 IOUserClient * dead;
1494 IOUserClient * uc;
1495 queue_head_t * taskque;
1496
1497 IOLockLock(gIOUserClientOwnersLock);
1498
1499 taskque = task_io_user_clients(task);
1500 dead = NULL;
1501 while (!queue_empty(taskque))
1502 {
1503 owner = (IOUserClientOwner *)(void *) queue_first(taskque);
1504 uc = owner->uc;
1505 queue_remove(taskque, owner, IOUserClientOwner *, taskLink);
1506 queue_remove(&uc->owners, owner, IOUserClientOwner *, ucLink);
1507 if (queue_empty(&uc->owners))
1508 {
1509 uc->retain();
1510 IOLog("destroying out of band connect for %s\n", uc->getName());
1511 // now using the uc queue head as a singly linked queue,
1512 // leaving .next as NULL to mark it empty
1513 uc->owners.next = NULL;
1514 uc->owners.prev = (queue_entry_t) dead;
1515 dead = uc;
1516 }
1517 IODelete(owner, IOUserClientOwner, 1);
1518 }
1519
1520 IOLockUnlock(gIOUserClientOwnersLock);
1521
1522 while (dead)
1523 {
1524 uc = dead;
1525 dead = (IOUserClient *)(void *) dead->owners.prev;
1526 uc->owners.prev = NULL;
1527 if (uc->sharedInstance || !uc->closed) uc->clientDied();
1528 uc->release();
1529 }
1530
1531 return (KERN_SUCCESS);
1532 }
1533
1534 void IOUserClient::free()
1535 {
1536 if( mappings) mappings->release();
1537 if (lock) IOLockFree(lock);
1538
1539 IOStatisticsUnregisterCounter();
1540
1541 assert(!owners.next);
1542 assert(!owners.prev);
1543
1544 if (reserved) IODelete(reserved, ExpansionData, 1);
1545
1546 super::free();
1547 }
1548
1549 IOReturn IOUserClient::clientDied( void )
1550 {
1551 IOReturn ret = kIOReturnNotReady;
1552
1553 if (sharedInstance || OSCompareAndSwap8(0, 1, &closed))
1554 {
1555 ret = clientClose();
1556 }
1557
1558 return (ret);
1559 }
1560
1561 IOReturn IOUserClient::clientClose( void )
1562 {
1563 return( kIOReturnUnsupported );
1564 }
1565
1566 IOService * IOUserClient::getService( void )
1567 {
1568 return( 0 );
1569 }
1570
1571 IOReturn IOUserClient::registerNotificationPort(
1572 mach_port_t /* port */,
1573 UInt32 /* type */,
1574 UInt32 /* refCon */)
1575 {
1576 return( kIOReturnUnsupported);
1577 }
1578
1579 IOReturn IOUserClient::registerNotificationPort(
1580 mach_port_t port,
1581 UInt32 type,
1582 io_user_reference_t refCon)
1583 {
1584 return (registerNotificationPort(port, type, (UInt32) refCon));
1585 }
1586
1587 IOReturn IOUserClient::getNotificationSemaphore( UInt32 notification_type,
1588 semaphore_t * semaphore )
1589 {
1590 return( kIOReturnUnsupported);
1591 }
1592
1593 IOReturn IOUserClient::connectClient( IOUserClient * /* client */ )
1594 {
1595 return( kIOReturnUnsupported);
1596 }
1597
1598 IOReturn IOUserClient::clientMemoryForType( UInt32 type,
1599 IOOptionBits * options,
1600 IOMemoryDescriptor ** memory )
1601 {
1602 return( kIOReturnUnsupported);
1603 }
1604
1605 #if !__LP64__
1606 IOMemoryMap * IOUserClient::mapClientMemory(
1607 IOOptionBits type,
1608 task_t task,
1609 IOOptionBits mapFlags,
1610 IOVirtualAddress atAddress )
1611 {
1612 return (NULL);
1613 }
1614 #endif
1615
1616 IOMemoryMap * IOUserClient::mapClientMemory64(
1617 IOOptionBits type,
1618 task_t task,
1619 IOOptionBits mapFlags,
1620 mach_vm_address_t atAddress )
1621 {
1622 IOReturn err;
1623 IOOptionBits options = 0;
1624 IOMemoryDescriptor * memory = 0;
1625 IOMemoryMap * map = 0;
1626
1627 err = clientMemoryForType( (UInt32) type, &options, &memory );
1628
1629 if( memory && (kIOReturnSuccess == err)) {
1630
1631 FAKE_STACK_FRAME(getMetaClass());
1632
1633 options = (options & ~kIOMapUserOptionsMask)
1634 | (mapFlags & kIOMapUserOptionsMask);
1635 map = memory->createMappingInTask( task, atAddress, options );
1636 memory->release();
1637
1638 FAKE_STACK_FRAME_END();
1639 }
1640
1641 return( map );
1642 }
1643
1644 IOReturn IOUserClient::exportObjectToClient(task_t task,
1645 OSObject *obj, io_object_t *clientObj)
1646 {
1647 mach_port_name_t name;
1648
1649 name = IOMachPort::makeSendRightForTask( task, obj, IKOT_IOKIT_OBJECT );
1650
1651 *(mach_port_name_t *)clientObj = name;
1652
1653 if (obj) obj->release();
1654
1655 return kIOReturnSuccess;
1656 }
1657
1658 IOReturn IOUserClient::copyPortNameForObjectInTask(task_t task,
1659 OSObject *obj, mach_port_name_t * port_name)
1660 {
1661 mach_port_name_t name;
1662
1663 name = IOMachPort::makeSendRightForTask( task, obj, IKOT_IOKIT_IDENT );
1664
1665 *(mach_port_name_t *) port_name = name;
1666
1667 return kIOReturnSuccess;
1668 }
1669
1670 IOReturn IOUserClient::copyObjectForPortNameInTask(task_t task, mach_port_name_t port_name,
1671 OSObject **obj)
1672 {
1673 OSObject * object;
1674
1675 object = iokit_lookup_object_with_port_name(port_name, IKOT_IOKIT_IDENT, task);
1676
1677 *obj = object;
1678
1679 return (object ? kIOReturnSuccess : kIOReturnIPCError);
1680 }
1681
1682 IOReturn IOUserClient::adjustPortNameReferencesInTask(task_t task, mach_port_name_t port_name, mach_port_delta_t delta)
1683 {
1684 return (iokit_mod_send_right(task, port_name, delta));
1685 }
1686
1687 IOExternalMethod * IOUserClient::getExternalMethodForIndex( UInt32 /* index */)
1688 {
1689 return( 0 );
1690 }
1691
1692 IOExternalAsyncMethod * IOUserClient::getExternalAsyncMethodForIndex( UInt32 /* index */)
1693 {
1694 return( 0 );
1695 }
1696
1697 IOExternalTrap * IOUserClient::
1698 getExternalTrapForIndex(UInt32 index)
1699 {
1700 return NULL;
1701 }
1702
1703 #pragma clang diagnostic push
1704 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
1705
1706 // Suppressing the deprecated-declarations warning. Avoiding the use of deprecated
1707 // functions can break clients of kexts implementing getExternalMethodForIndex()
1708 IOExternalMethod * IOUserClient::
1709 getTargetAndMethodForIndex(IOService **targetP, UInt32 index)
1710 {
1711 IOExternalMethod *method = getExternalMethodForIndex(index);
1712
1713 if (method)
1714 *targetP = (IOService *) method->object;
1715
1716 return method;
1717 }
1718
1719 IOExternalAsyncMethod * IOUserClient::
1720 getAsyncTargetAndMethodForIndex(IOService ** targetP, UInt32 index)
1721 {
1722 IOExternalAsyncMethod *method = getExternalAsyncMethodForIndex(index);
1723
1724 if (method)
1725 *targetP = (IOService *) method->object;
1726
1727 return method;
1728 }
1729
1730 IOExternalTrap * IOUserClient::
1731 getTargetAndTrapForIndex(IOService ** targetP, UInt32 index)
1732 {
1733 IOExternalTrap *trap = getExternalTrapForIndex(index);
1734
1735 if (trap) {
1736 *targetP = trap->object;
1737 }
1738
1739 return trap;
1740 }
1741 #pragma clang diagnostic pop
1742
1743 IOReturn IOUserClient::releaseAsyncReference64(OSAsyncReference64 reference)
1744 {
1745 mach_port_t port;
1746 port = (mach_port_t) (reference[0] & ~kIOUCAsync0Flags);
1747
1748 if (MACH_PORT_NULL != port)
1749 iokit_release_port_send(port);
1750
1751 return (kIOReturnSuccess);
1752 }
1753
1754 IOReturn IOUserClient::releaseNotificationPort(mach_port_t port)
1755 {
1756 if (MACH_PORT_NULL != port)
1757 iokit_release_port_send(port);
1758
1759 return (kIOReturnSuccess);
1760 }
1761
1762 IOReturn IOUserClient::sendAsyncResult(OSAsyncReference reference,
1763 IOReturn result, void *args[], UInt32 numArgs)
1764 {
1765 OSAsyncReference64 reference64;
1766 io_user_reference_t args64[kMaxAsyncArgs];
1767 unsigned int idx;
1768
1769 if (numArgs > kMaxAsyncArgs)
1770 return kIOReturnMessageTooLarge;
1771
1772 for (idx = 0; idx < kOSAsyncRef64Count; idx++)
1773 reference64[idx] = REF64(reference[idx]);
1774
1775 for (idx = 0; idx < numArgs; idx++)
1776 args64[idx] = REF64(args[idx]);
1777
1778 return (sendAsyncResult64(reference64, result, args64, numArgs));
1779 }
1780
1781 IOReturn IOUserClient::sendAsyncResult64WithOptions(OSAsyncReference64 reference,
1782 IOReturn result, io_user_reference_t args[], UInt32 numArgs, IOOptionBits options)
1783 {
1784 return _sendAsyncResult64(reference, result, args, numArgs, options);
1785 }
1786
1787 IOReturn IOUserClient::sendAsyncResult64(OSAsyncReference64 reference,
1788 IOReturn result, io_user_reference_t args[], UInt32 numArgs)
1789 {
1790 return _sendAsyncResult64(reference, result, args, numArgs, 0);
1791 }
1792
1793 IOReturn IOUserClient::_sendAsyncResult64(OSAsyncReference64 reference,
1794 IOReturn result, io_user_reference_t args[], UInt32 numArgs, IOOptionBits options)
1795 {
1796 struct ReplyMsg
1797 {
1798 mach_msg_header_t msgHdr;
1799 union
1800 {
1801 struct
1802 {
1803 OSNotificationHeader notifyHdr;
1804 IOAsyncCompletionContent asyncContent;
1805 uint32_t args[kMaxAsyncArgs];
1806 } msg32;
1807 struct
1808 {
1809 OSNotificationHeader64 notifyHdr;
1810 IOAsyncCompletionContent asyncContent;
1811 io_user_reference_t args[kMaxAsyncArgs] __attribute__ ((packed));
1812 } msg64;
1813 } m;
1814 };
1815 ReplyMsg replyMsg;
1816 mach_port_t replyPort;
1817 kern_return_t kr;
1818
1819 // If no reply port, do nothing.
1820 replyPort = (mach_port_t) (reference[0] & ~kIOUCAsync0Flags);
1821 if (replyPort == MACH_PORT_NULL)
1822 return kIOReturnSuccess;
1823
1824 if (numArgs > kMaxAsyncArgs)
1825 return kIOReturnMessageTooLarge;
1826
1827 bzero(&replyMsg, sizeof(replyMsg));
1828 replyMsg.msgHdr.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND /*remote*/,
1829 0 /*local*/);
1830 replyMsg.msgHdr.msgh_remote_port = replyPort;
1831 replyMsg.msgHdr.msgh_local_port = 0;
1832 replyMsg.msgHdr.msgh_id = kOSNotificationMessageID;
1833 if (kIOUCAsync64Flag & reference[0])
1834 {
1835 replyMsg.msgHdr.msgh_size =
1836 sizeof(replyMsg.msgHdr) + sizeof(replyMsg.m.msg64)
1837 - (kMaxAsyncArgs - numArgs) * sizeof(io_user_reference_t);
1838 replyMsg.m.msg64.notifyHdr.size = sizeof(IOAsyncCompletionContent)
1839 + numArgs * sizeof(io_user_reference_t);
1840 replyMsg.m.msg64.notifyHdr.type = kIOAsyncCompletionNotificationType;
1841 bcopy(reference, replyMsg.m.msg64.notifyHdr.reference, sizeof(OSAsyncReference64));
1842
1843 replyMsg.m.msg64.asyncContent.result = result;
1844 if (numArgs)
1845 bcopy(args, replyMsg.m.msg64.args, numArgs * sizeof(io_user_reference_t));
1846 }
1847 else
1848 {
1849 unsigned int idx;
1850
1851 replyMsg.msgHdr.msgh_size =
1852 sizeof(replyMsg.msgHdr) + sizeof(replyMsg.m.msg32)
1853 - (kMaxAsyncArgs - numArgs) * sizeof(uint32_t);
1854
1855 replyMsg.m.msg32.notifyHdr.size = sizeof(IOAsyncCompletionContent)
1856 + numArgs * sizeof(uint32_t);
1857 replyMsg.m.msg32.notifyHdr.type = kIOAsyncCompletionNotificationType;
1858
1859 for (idx = 0; idx < kOSAsyncRefCount; idx++)
1860 replyMsg.m.msg32.notifyHdr.reference[idx] = REF32(reference[idx]);
1861
1862 replyMsg.m.msg32.asyncContent.result = result;
1863
1864 for (idx = 0; idx < numArgs; idx++)
1865 replyMsg.m.msg32.args[idx] = REF32(args[idx]);
1866 }
1867
1868 if ((options & kIOUserNotifyOptionCanDrop) != 0) {
1869 kr = mach_msg_send_from_kernel_with_options( &replyMsg.msgHdr,
1870 replyMsg.msgHdr.msgh_size, MACH_SEND_TIMEOUT, MACH_MSG_TIMEOUT_NONE);
1871 } else {
1872 /* Fail on full queue. */
1873 kr = mach_msg_send_from_kernel_proper( &replyMsg.msgHdr,
1874 replyMsg.msgHdr.msgh_size);
1875 }
1876 if ((KERN_SUCCESS != kr) && (MACH_SEND_TIMED_OUT != kr) && !(kIOUCAsyncErrorLoggedFlag & reference[0]))
1877 {
1878 reference[0] |= kIOUCAsyncErrorLoggedFlag;
1879 IOLog("%s: mach_msg_send_from_kernel_proper(0x%x)\n", __PRETTY_FUNCTION__, kr );
1880 }
1881 return kr;
1882 }
1883
1884
1885 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1886
1887 extern "C" {
1888
1889 #define CHECK(cls,obj,out) \
1890 cls * out; \
1891 if( !(out = OSDynamicCast( cls, obj))) \
1892 return( kIOReturnBadArgument )
1893
1894 #define CHECKLOCKED(cls,obj,out) \
1895 IOUserIterator * oIter; \
1896 cls * out; \
1897 if( !(oIter = OSDynamicCast(IOUserIterator, obj))) \
1898 return (kIOReturnBadArgument); \
1899 if( !(out = OSDynamicCast(cls, oIter->userIteratorObject))) \
1900 return (kIOReturnBadArgument)
1901
1902 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1903
1904 // Create a vm_map_copy_t or kalloc'ed data for memory
1905 // to be copied out. ipc will free after the copyout.
1906
1907 static kern_return_t copyoutkdata( const void * data, vm_size_t len,
1908 io_buf_ptr_t * buf )
1909 {
1910 kern_return_t err;
1911 vm_map_copy_t copy;
1912
1913 err = vm_map_copyin( kernel_map, CAST_USER_ADDR_T(data), len,
1914 false /* src_destroy */, &copy);
1915
1916 assert( err == KERN_SUCCESS );
1917 if( err == KERN_SUCCESS )
1918 *buf = (char *) copy;
1919
1920 return( err );
1921 }
1922
1923 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1924
1925 /* Routine io_server_version */
1926 kern_return_t is_io_server_version(
1927 mach_port_t master_port,
1928 uint64_t *version)
1929 {
1930 *version = IOKIT_SERVER_VERSION;
1931 return (kIOReturnSuccess);
1932 }
1933
1934 /* Routine io_object_get_class */
1935 kern_return_t is_io_object_get_class(
1936 io_object_t object,
1937 io_name_t className )
1938 {
1939 const OSMetaClass* my_obj = NULL;
1940
1941 if( !object)
1942 return( kIOReturnBadArgument );
1943
1944 my_obj = object->getMetaClass();
1945 if (!my_obj) {
1946 return (kIOReturnNotFound);
1947 }
1948
1949 strlcpy( className, my_obj->getClassName(), sizeof(io_name_t));
1950
1951 return( kIOReturnSuccess );
1952 }
1953
1954 /* Routine io_object_get_superclass */
1955 kern_return_t is_io_object_get_superclass(
1956 mach_port_t master_port,
1957 io_name_t obj_name,
1958 io_name_t class_name)
1959 {
1960 IOReturn ret;
1961 const OSMetaClass * meta;
1962 const OSMetaClass * super;
1963 const OSSymbol * name;
1964 const char * cstr;
1965
1966 if (!obj_name || !class_name) return (kIOReturnBadArgument);
1967 if (master_port != master_device_port) return( kIOReturnNotPrivileged);
1968
1969 ret = kIOReturnNotFound;
1970 meta = 0;
1971 do
1972 {
1973 name = OSSymbol::withCString(obj_name);
1974 if (!name) break;
1975 meta = OSMetaClass::copyMetaClassWithName(name);
1976 if (!meta) break;
1977 super = meta->getSuperClass();
1978 if (!super) break;
1979 cstr = super->getClassName();
1980 if (!cstr) break;
1981 strlcpy(class_name, cstr, sizeof(io_name_t));
1982 ret = kIOReturnSuccess;
1983 }
1984 while (false);
1985
1986 OSSafeReleaseNULL(name);
1987 if (meta) meta->releaseMetaClass();
1988
1989 return (ret);
1990 }
1991
1992 /* Routine io_object_get_bundle_identifier */
1993 kern_return_t is_io_object_get_bundle_identifier(
1994 mach_port_t master_port,
1995 io_name_t obj_name,
1996 io_name_t bundle_name)
1997 {
1998 IOReturn ret;
1999 const OSMetaClass * meta;
2000 const OSSymbol * name;
2001 const OSSymbol * identifier;
2002 const char * cstr;
2003
2004 if (!obj_name || !bundle_name) return (kIOReturnBadArgument);
2005 if (master_port != master_device_port) return( kIOReturnNotPrivileged);
2006
2007 ret = kIOReturnNotFound;
2008 meta = 0;
2009 do
2010 {
2011 name = OSSymbol::withCString(obj_name);
2012 if (!name) break;
2013 meta = OSMetaClass::copyMetaClassWithName(name);
2014 if (!meta) break;
2015 identifier = meta->getKmodName();
2016 if (!identifier) break;
2017 cstr = identifier->getCStringNoCopy();
2018 if (!cstr) break;
2019 strlcpy(bundle_name, identifier->getCStringNoCopy(), sizeof(io_name_t));
2020 ret = kIOReturnSuccess;
2021 }
2022 while (false);
2023
2024 OSSafeReleaseNULL(name);
2025 if (meta) meta->releaseMetaClass();
2026
2027 return (ret);
2028 }
2029
2030 /* Routine io_object_conforms_to */
2031 kern_return_t is_io_object_conforms_to(
2032 io_object_t object,
2033 io_name_t className,
2034 boolean_t *conforms )
2035 {
2036 if( !object)
2037 return( kIOReturnBadArgument );
2038
2039 *conforms = (0 != object->metaCast( className ));
2040
2041 return( kIOReturnSuccess );
2042 }
2043
2044 /* Routine io_object_get_retain_count */
2045 kern_return_t is_io_object_get_retain_count(
2046 io_object_t object,
2047 uint32_t *retainCount )
2048 {
2049 if( !object)
2050 return( kIOReturnBadArgument );
2051
2052 *retainCount = object->getRetainCount();
2053 return( kIOReturnSuccess );
2054 }
2055
2056 /* Routine io_iterator_next */
2057 kern_return_t is_io_iterator_next(
2058 io_object_t iterator,
2059 io_object_t *object )
2060 {
2061 IOReturn ret;
2062 OSObject * obj;
2063 OSIterator * iter;
2064 IOUserIterator * uiter;
2065
2066 if ((uiter = OSDynamicCast(IOUserIterator, iterator)))
2067 {
2068 obj = uiter->copyNextObject();
2069 }
2070 else if ((iter = OSDynamicCast(OSIterator, iterator)))
2071 {
2072 obj = iter->getNextObject();
2073 if (obj) obj->retain();
2074 }
2075 else
2076 {
2077 return( kIOReturnBadArgument );
2078 }
2079
2080 if( obj) {
2081 *object = obj;
2082 ret = kIOReturnSuccess;
2083 } else
2084 ret = kIOReturnNoDevice;
2085
2086 return (ret);
2087 }
2088
2089 /* Routine io_iterator_reset */
2090 kern_return_t is_io_iterator_reset(
2091 io_object_t iterator )
2092 {
2093 CHECK( OSIterator, iterator, iter );
2094
2095 iter->reset();
2096
2097 return( kIOReturnSuccess );
2098 }
2099
2100 /* Routine io_iterator_is_valid */
2101 kern_return_t is_io_iterator_is_valid(
2102 io_object_t iterator,
2103 boolean_t *is_valid )
2104 {
2105 CHECK( OSIterator, iterator, iter );
2106
2107 *is_valid = iter->isValid();
2108
2109 return( kIOReturnSuccess );
2110 }
2111
2112
2113 static kern_return_t internal_io_service_match_property_table(
2114 io_service_t _service,
2115 const char * matching,
2116 mach_msg_type_number_t matching_size,
2117 boolean_t *matches)
2118 {
2119 CHECK( IOService, _service, service );
2120
2121 kern_return_t kr;
2122 OSObject * obj;
2123 OSDictionary * dict;
2124
2125 assert(matching_size);
2126 obj = OSUnserializeXML(matching, matching_size);
2127
2128 if( (dict = OSDynamicCast( OSDictionary, obj))) {
2129 *matches = service->passiveMatch( dict );
2130 kr = kIOReturnSuccess;
2131 } else
2132 kr = kIOReturnBadArgument;
2133
2134 if( obj)
2135 obj->release();
2136
2137 return( kr );
2138 }
2139
2140 /* Routine io_service_match_property_table */
2141 kern_return_t is_io_service_match_property_table(
2142 io_service_t service,
2143 io_string_t matching,
2144 boolean_t *matches )
2145 {
2146 return (kIOReturnUnsupported);
2147 }
2148
2149
2150 /* Routine io_service_match_property_table_ool */
2151 kern_return_t is_io_service_match_property_table_ool(
2152 io_object_t service,
2153 io_buf_ptr_t matching,
2154 mach_msg_type_number_t matchingCnt,
2155 kern_return_t *result,
2156 boolean_t *matches )
2157 {
2158 kern_return_t kr;
2159 vm_offset_t data;
2160 vm_map_offset_t map_data;
2161
2162 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching );
2163 data = CAST_DOWN(vm_offset_t, map_data);
2164
2165 if( KERN_SUCCESS == kr) {
2166 // must return success after vm_map_copyout() succeeds
2167 *result = internal_io_service_match_property_table(service,
2168 (const char *)data, matchingCnt, matches );
2169 vm_deallocate( kernel_map, data, matchingCnt );
2170 }
2171
2172 return( kr );
2173 }
2174
2175 /* Routine io_service_match_property_table_bin */
2176 kern_return_t is_io_service_match_property_table_bin(
2177 io_object_t service,
2178 io_struct_inband_t matching,
2179 mach_msg_type_number_t matchingCnt,
2180 boolean_t *matches)
2181 {
2182 return (internal_io_service_match_property_table(service, matching, matchingCnt, matches));
2183 }
2184
2185 static kern_return_t internal_io_service_get_matching_services(
2186 mach_port_t master_port,
2187 const char * matching,
2188 mach_msg_type_number_t matching_size,
2189 io_iterator_t *existing )
2190 {
2191 kern_return_t kr;
2192 OSObject * obj;
2193 OSDictionary * dict;
2194
2195 if( master_port != master_device_port)
2196 return( kIOReturnNotPrivileged);
2197
2198 assert(matching_size);
2199 obj = OSUnserializeXML(matching, matching_size);
2200
2201 if( (dict = OSDynamicCast( OSDictionary, obj))) {
2202 *existing = IOUserIterator::withIterator(IOService::getMatchingServices( dict ));
2203 kr = kIOReturnSuccess;
2204 } else
2205 kr = kIOReturnBadArgument;
2206
2207 if( obj)
2208 obj->release();
2209
2210 return( kr );
2211 }
2212
2213 /* Routine io_service_get_matching_services */
2214 kern_return_t is_io_service_get_matching_services(
2215 mach_port_t master_port,
2216 io_string_t matching,
2217 io_iterator_t *existing )
2218 {
2219 return (kIOReturnUnsupported);
2220 }
2221
2222 /* Routine io_service_get_matching_services_ool */
2223 kern_return_t is_io_service_get_matching_services_ool(
2224 mach_port_t master_port,
2225 io_buf_ptr_t matching,
2226 mach_msg_type_number_t matchingCnt,
2227 kern_return_t *result,
2228 io_object_t *existing )
2229 {
2230 kern_return_t kr;
2231 vm_offset_t data;
2232 vm_map_offset_t map_data;
2233
2234 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching );
2235 data = CAST_DOWN(vm_offset_t, map_data);
2236
2237 if( KERN_SUCCESS == kr) {
2238 // must return success after vm_map_copyout() succeeds
2239 // and mig will copy out objects on success
2240 *existing = 0;
2241 *result = internal_io_service_get_matching_services(master_port,
2242 (const char *) data, matchingCnt, existing);
2243 vm_deallocate( kernel_map, data, matchingCnt );
2244 }
2245
2246 return( kr );
2247 }
2248
2249 /* Routine io_service_get_matching_services_bin */
2250 kern_return_t is_io_service_get_matching_services_bin(
2251 mach_port_t master_port,
2252 io_struct_inband_t matching,
2253 mach_msg_type_number_t matchingCnt,
2254 io_object_t *existing)
2255 {
2256 return (internal_io_service_get_matching_services(master_port, matching, matchingCnt, existing));
2257 }
2258
2259
2260 static kern_return_t internal_io_service_get_matching_service(
2261 mach_port_t master_port,
2262 const char * matching,
2263 mach_msg_type_number_t matching_size,
2264 io_service_t *service )
2265 {
2266 kern_return_t kr;
2267 OSObject * obj;
2268 OSDictionary * dict;
2269
2270 if( master_port != master_device_port)
2271 return( kIOReturnNotPrivileged);
2272
2273 assert(matching_size);
2274 obj = OSUnserializeXML(matching, matching_size);
2275
2276 if( (dict = OSDynamicCast( OSDictionary, obj))) {
2277 *service = IOService::copyMatchingService( dict );
2278 kr = *service ? kIOReturnSuccess : kIOReturnNotFound;
2279 } else
2280 kr = kIOReturnBadArgument;
2281
2282 if( obj)
2283 obj->release();
2284
2285 return( kr );
2286 }
2287
2288 /* Routine io_service_get_matching_service */
2289 kern_return_t is_io_service_get_matching_service(
2290 mach_port_t master_port,
2291 io_string_t matching,
2292 io_service_t *service )
2293 {
2294 return (kIOReturnUnsupported);
2295 }
2296
2297 /* Routine io_service_get_matching_services_ool */
2298 kern_return_t is_io_service_get_matching_service_ool(
2299 mach_port_t master_port,
2300 io_buf_ptr_t matching,
2301 mach_msg_type_number_t matchingCnt,
2302 kern_return_t *result,
2303 io_object_t *service )
2304 {
2305 kern_return_t kr;
2306 vm_offset_t data;
2307 vm_map_offset_t map_data;
2308
2309 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching );
2310 data = CAST_DOWN(vm_offset_t, map_data);
2311
2312 if( KERN_SUCCESS == kr) {
2313 // must return success after vm_map_copyout() succeeds
2314 // and mig will copy out objects on success
2315 *service = 0;
2316 *result = internal_io_service_get_matching_service(master_port,
2317 (const char *) data, matchingCnt, service );
2318 vm_deallocate( kernel_map, data, matchingCnt );
2319 }
2320
2321 return( kr );
2322 }
2323
2324 /* Routine io_service_get_matching_service_bin */
2325 kern_return_t is_io_service_get_matching_service_bin(
2326 mach_port_t master_port,
2327 io_struct_inband_t matching,
2328 mach_msg_type_number_t matchingCnt,
2329 io_object_t *service)
2330 {
2331 return (internal_io_service_get_matching_service(master_port, matching, matchingCnt, service));
2332 }
2333
2334 static kern_return_t internal_io_service_add_notification(
2335 mach_port_t master_port,
2336 io_name_t notification_type,
2337 const char * matching,
2338 size_t matching_size,
2339 mach_port_t port,
2340 void * reference,
2341 vm_size_t referenceSize,
2342 bool client64,
2343 io_object_t * notification )
2344 {
2345 IOServiceUserNotification * userNotify = 0;
2346 IONotifier * notify = 0;
2347 const OSSymbol * sym;
2348 OSDictionary * dict;
2349 IOReturn err;
2350 unsigned long int userMsgType;
2351
2352 if( master_port != master_device_port)
2353 return( kIOReturnNotPrivileged);
2354
2355 do {
2356 err = kIOReturnNoResources;
2357
2358 if (matching_size > (sizeof(io_struct_inband_t) * 1024)) return(kIOReturnMessageTooLarge);
2359
2360 if( !(sym = OSSymbol::withCString( notification_type )))
2361 err = kIOReturnNoResources;
2362
2363 assert(matching_size);
2364 dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching, matching_size));
2365 if (!dict) {
2366 err = kIOReturnBadArgument;
2367 continue;
2368 }
2369
2370 if( (sym == gIOPublishNotification)
2371 || (sym == gIOFirstPublishNotification))
2372 userMsgType = kIOServicePublishNotificationType;
2373 else if( (sym == gIOMatchedNotification)
2374 || (sym == gIOFirstMatchNotification))
2375 userMsgType = kIOServiceMatchedNotificationType;
2376 else if ((sym == gIOTerminatedNotification)
2377 || (sym == gIOWillTerminateNotification))
2378 userMsgType = kIOServiceTerminatedNotificationType;
2379 else
2380 userMsgType = kLastIOKitNotificationType;
2381
2382 userNotify = new IOServiceUserNotification;
2383
2384 if( userNotify && !userNotify->init( port, userMsgType,
2385 reference, referenceSize, client64)) {
2386 userNotify->release();
2387 userNotify = 0;
2388 }
2389 if( !userNotify)
2390 continue;
2391
2392 notify = IOService::addMatchingNotification( sym, dict,
2393 &userNotify->_handler, userNotify );
2394 if( notify) {
2395 *notification = userNotify;
2396 userNotify->setNotification( notify );
2397 err = kIOReturnSuccess;
2398 } else
2399 err = kIOReturnUnsupported;
2400
2401 } while( false );
2402
2403 if ((kIOReturnSuccess != err) && userNotify)
2404 {
2405 userNotify->invalidatePort();
2406 userNotify->release();
2407 userNotify = 0;
2408 }
2409
2410 if( sym)
2411 sym->release();
2412 if( dict)
2413 dict->release();
2414
2415 return( err );
2416 }
2417
2418
2419 /* Routine io_service_add_notification */
2420 kern_return_t is_io_service_add_notification(
2421 mach_port_t master_port,
2422 io_name_t notification_type,
2423 io_string_t matching,
2424 mach_port_t port,
2425 io_async_ref_t reference,
2426 mach_msg_type_number_t referenceCnt,
2427 io_object_t * notification )
2428 {
2429 return (kIOReturnUnsupported);
2430 }
2431
2432 /* Routine io_service_add_notification_64 */
2433 kern_return_t is_io_service_add_notification_64(
2434 mach_port_t master_port,
2435 io_name_t notification_type,
2436 io_string_t matching,
2437 mach_port_t wake_port,
2438 io_async_ref64_t reference,
2439 mach_msg_type_number_t referenceCnt,
2440 io_object_t *notification )
2441 {
2442 return (kIOReturnUnsupported);
2443 }
2444
2445 /* Routine io_service_add_notification_bin */
2446 kern_return_t is_io_service_add_notification_bin
2447 (
2448 mach_port_t master_port,
2449 io_name_t notification_type,
2450 io_struct_inband_t matching,
2451 mach_msg_type_number_t matchingCnt,
2452 mach_port_t wake_port,
2453 io_async_ref_t reference,
2454 mach_msg_type_number_t referenceCnt,
2455 io_object_t *notification)
2456 {
2457 return (internal_io_service_add_notification(master_port, notification_type,
2458 matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref_t),
2459 false, notification));
2460 }
2461
2462 /* Routine io_service_add_notification_bin_64 */
2463 kern_return_t is_io_service_add_notification_bin_64
2464 (
2465 mach_port_t master_port,
2466 io_name_t notification_type,
2467 io_struct_inband_t matching,
2468 mach_msg_type_number_t matchingCnt,
2469 mach_port_t wake_port,
2470 io_async_ref64_t reference,
2471 mach_msg_type_number_t referenceCnt,
2472 io_object_t *notification)
2473 {
2474 return (internal_io_service_add_notification(master_port, notification_type,
2475 matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref64_t),
2476 true, notification));
2477 }
2478
2479 static kern_return_t internal_io_service_add_notification_ool(
2480 mach_port_t master_port,
2481 io_name_t notification_type,
2482 io_buf_ptr_t matching,
2483 mach_msg_type_number_t matchingCnt,
2484 mach_port_t wake_port,
2485 void * reference,
2486 vm_size_t referenceSize,
2487 bool client64,
2488 kern_return_t *result,
2489 io_object_t *notification )
2490 {
2491 kern_return_t kr;
2492 vm_offset_t data;
2493 vm_map_offset_t map_data;
2494
2495 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching );
2496 data = CAST_DOWN(vm_offset_t, map_data);
2497
2498 if( KERN_SUCCESS == kr) {
2499 // must return success after vm_map_copyout() succeeds
2500 // and mig will copy out objects on success
2501 *notification = 0;
2502 *result = internal_io_service_add_notification( master_port, notification_type,
2503 (char *) data, matchingCnt, wake_port, reference, referenceSize, client64, notification );
2504 vm_deallocate( kernel_map, data, matchingCnt );
2505 }
2506
2507 return( kr );
2508 }
2509
2510 /* Routine io_service_add_notification_ool */
2511 kern_return_t is_io_service_add_notification_ool(
2512 mach_port_t master_port,
2513 io_name_t notification_type,
2514 io_buf_ptr_t matching,
2515 mach_msg_type_number_t matchingCnt,
2516 mach_port_t wake_port,
2517 io_async_ref_t reference,
2518 mach_msg_type_number_t referenceCnt,
2519 kern_return_t *result,
2520 io_object_t *notification )
2521 {
2522 return (internal_io_service_add_notification_ool(master_port, notification_type,
2523 matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref_t),
2524 false, result, notification));
2525 }
2526
2527 /* Routine io_service_add_notification_ool_64 */
2528 kern_return_t is_io_service_add_notification_ool_64(
2529 mach_port_t master_port,
2530 io_name_t notification_type,
2531 io_buf_ptr_t matching,
2532 mach_msg_type_number_t matchingCnt,
2533 mach_port_t wake_port,
2534 io_async_ref64_t reference,
2535 mach_msg_type_number_t referenceCnt,
2536 kern_return_t *result,
2537 io_object_t *notification )
2538 {
2539 return (internal_io_service_add_notification_ool(master_port, notification_type,
2540 matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref64_t),
2541 true, result, notification));
2542 }
2543
2544 /* Routine io_service_add_notification_old */
2545 kern_return_t is_io_service_add_notification_old(
2546 mach_port_t master_port,
2547 io_name_t notification_type,
2548 io_string_t matching,
2549 mach_port_t port,
2550 // for binary compatibility reasons, this must be natural_t for ILP32
2551 natural_t ref,
2552 io_object_t * notification )
2553 {
2554 return( is_io_service_add_notification( master_port, notification_type,
2555 matching, port, &ref, 1, notification ));
2556 }
2557
2558
2559 static kern_return_t internal_io_service_add_interest_notification(
2560 io_object_t _service,
2561 io_name_t type_of_interest,
2562 mach_port_t port,
2563 void * reference,
2564 vm_size_t referenceSize,
2565 bool client64,
2566 io_object_t * notification )
2567 {
2568
2569 IOServiceMessageUserNotification * userNotify = 0;
2570 IONotifier * notify = 0;
2571 const OSSymbol * sym;
2572 IOReturn err;
2573
2574 CHECK( IOService, _service, service );
2575
2576 err = kIOReturnNoResources;
2577 if( (sym = OSSymbol::withCString( type_of_interest ))) do {
2578
2579 userNotify = new IOServiceMessageUserNotification;
2580
2581 if( userNotify && !userNotify->init( port, kIOServiceMessageNotificationType,
2582 reference, referenceSize,
2583 kIOUserNotifyMaxMessageSize,
2584 client64 )) {
2585 userNotify->release();
2586 userNotify = 0;
2587 }
2588 if( !userNotify)
2589 continue;
2590
2591 notify = service->registerInterest( sym,
2592 &userNotify->_handler, userNotify );
2593 if( notify) {
2594 *notification = userNotify;
2595 userNotify->setNotification( notify );
2596 err = kIOReturnSuccess;
2597 } else
2598 err = kIOReturnUnsupported;
2599
2600 sym->release();
2601
2602 } while( false );
2603
2604 if ((kIOReturnSuccess != err) && userNotify)
2605 {
2606 userNotify->invalidatePort();
2607 userNotify->release();
2608 userNotify = 0;
2609 }
2610
2611 return( err );
2612 }
2613
2614 /* Routine io_service_add_message_notification */
2615 kern_return_t is_io_service_add_interest_notification(
2616 io_object_t service,
2617 io_name_t type_of_interest,
2618 mach_port_t port,
2619 io_async_ref_t reference,
2620 mach_msg_type_number_t referenceCnt,
2621 io_object_t * notification )
2622 {
2623 return (internal_io_service_add_interest_notification(service, type_of_interest,
2624 port, &reference[0], sizeof(io_async_ref_t), false, notification));
2625 }
2626
2627 /* Routine io_service_add_interest_notification_64 */
2628 kern_return_t is_io_service_add_interest_notification_64(
2629 io_object_t service,
2630 io_name_t type_of_interest,
2631 mach_port_t wake_port,
2632 io_async_ref64_t reference,
2633 mach_msg_type_number_t referenceCnt,
2634 io_object_t *notification )
2635 {
2636 return (internal_io_service_add_interest_notification(service, type_of_interest,
2637 wake_port, &reference[0], sizeof(io_async_ref64_t), true, notification));
2638 }
2639
2640
2641 /* Routine io_service_acknowledge_notification */
2642 kern_return_t is_io_service_acknowledge_notification(
2643 io_object_t _service,
2644 natural_t notify_ref,
2645 natural_t response )
2646 {
2647 CHECK( IOService, _service, service );
2648
2649 return( service->acknowledgeNotification( (IONotificationRef)(uintptr_t) notify_ref,
2650 (IOOptionBits) response ));
2651
2652 }
2653
2654 /* Routine io_connect_get_semaphore */
2655 kern_return_t is_io_connect_get_notification_semaphore(
2656 io_connect_t connection,
2657 natural_t notification_type,
2658 semaphore_t *semaphore )
2659 {
2660 CHECK( IOUserClient, connection, client );
2661
2662 IOStatisticsClientCall();
2663 return( client->getNotificationSemaphore( (UInt32) notification_type,
2664 semaphore ));
2665 }
2666
2667 /* Routine io_registry_get_root_entry */
2668 kern_return_t is_io_registry_get_root_entry(
2669 mach_port_t master_port,
2670 io_object_t *root )
2671 {
2672 IORegistryEntry * entry;
2673
2674 if( master_port != master_device_port)
2675 return( kIOReturnNotPrivileged);
2676
2677 entry = IORegistryEntry::getRegistryRoot();
2678 if( entry)
2679 entry->retain();
2680 *root = entry;
2681
2682 return( kIOReturnSuccess );
2683 }
2684
2685 /* Routine io_registry_create_iterator */
2686 kern_return_t is_io_registry_create_iterator(
2687 mach_port_t master_port,
2688 io_name_t plane,
2689 uint32_t options,
2690 io_object_t *iterator )
2691 {
2692 if( master_port != master_device_port)
2693 return( kIOReturnNotPrivileged);
2694
2695 *iterator = IOUserIterator::withIterator(
2696 IORegistryIterator::iterateOver(
2697 IORegistryEntry::getPlane( plane ), options ));
2698
2699 return( *iterator ? kIOReturnSuccess : kIOReturnBadArgument );
2700 }
2701
2702 /* Routine io_registry_entry_create_iterator */
2703 kern_return_t is_io_registry_entry_create_iterator(
2704 io_object_t registry_entry,
2705 io_name_t plane,
2706 uint32_t options,
2707 io_object_t *iterator )
2708 {
2709 CHECK( IORegistryEntry, registry_entry, entry );
2710
2711 *iterator = IOUserIterator::withIterator(
2712 IORegistryIterator::iterateOver( entry,
2713 IORegistryEntry::getPlane( plane ), options ));
2714
2715 return( *iterator ? kIOReturnSuccess : kIOReturnBadArgument );
2716 }
2717
2718 /* Routine io_registry_iterator_enter */
2719 kern_return_t is_io_registry_iterator_enter_entry(
2720 io_object_t iterator )
2721 {
2722 CHECKLOCKED( IORegistryIterator, iterator, iter );
2723
2724 IOLockLock(oIter->lock);
2725 iter->enterEntry();
2726 IOLockUnlock(oIter->lock);
2727
2728 return( kIOReturnSuccess );
2729 }
2730
2731 /* Routine io_registry_iterator_exit */
2732 kern_return_t is_io_registry_iterator_exit_entry(
2733 io_object_t iterator )
2734 {
2735 bool didIt;
2736
2737 CHECKLOCKED( IORegistryIterator, iterator, iter );
2738
2739 IOLockLock(oIter->lock);
2740 didIt = iter->exitEntry();
2741 IOLockUnlock(oIter->lock);
2742
2743 return( didIt ? kIOReturnSuccess : kIOReturnNoDevice );
2744 }
2745
2746 /* Routine io_registry_entry_from_path */
2747 kern_return_t is_io_registry_entry_from_path(
2748 mach_port_t master_port,
2749 io_string_t path,
2750 io_object_t *registry_entry )
2751 {
2752 IORegistryEntry * entry;
2753
2754 if( master_port != master_device_port)
2755 return( kIOReturnNotPrivileged);
2756
2757 entry = IORegistryEntry::fromPath( path );
2758
2759 *registry_entry = entry;
2760
2761 return( kIOReturnSuccess );
2762 }
2763
2764
2765 /* Routine io_registry_entry_from_path */
2766 kern_return_t is_io_registry_entry_from_path_ool(
2767 mach_port_t master_port,
2768 io_string_inband_t path,
2769 io_buf_ptr_t path_ool,
2770 mach_msg_type_number_t path_oolCnt,
2771 kern_return_t *result,
2772 io_object_t *registry_entry)
2773 {
2774 IORegistryEntry * entry;
2775 vm_map_offset_t map_data;
2776 const char * cpath;
2777 IOReturn res;
2778 kern_return_t err;
2779
2780 if (master_port != master_device_port) return(kIOReturnNotPrivileged);
2781
2782 map_data = 0;
2783 entry = 0;
2784 res = err = KERN_SUCCESS;
2785 if (path[0]) cpath = path;
2786 else
2787 {
2788 if (!path_oolCnt) return(kIOReturnBadArgument);
2789 if (path_oolCnt > (sizeof(io_struct_inband_t) * 1024)) return(kIOReturnMessageTooLarge);
2790
2791 err = vm_map_copyout(kernel_map, &map_data, (vm_map_copy_t) path_ool);
2792 if (KERN_SUCCESS == err)
2793 {
2794 // must return success to mig after vm_map_copyout() succeeds, so result is actual
2795 cpath = CAST_DOWN(const char *, map_data);
2796 if (cpath[path_oolCnt - 1]) res = kIOReturnBadArgument;
2797 }
2798 }
2799
2800 if ((KERN_SUCCESS == err) && (KERN_SUCCESS == res))
2801 {
2802 entry = IORegistryEntry::fromPath(cpath);
2803 res = entry ? kIOReturnSuccess : kIOReturnNotFound;
2804 }
2805
2806 if (map_data) vm_deallocate(kernel_map, map_data, path_oolCnt);
2807
2808 if (KERN_SUCCESS != err) res = err;
2809 *registry_entry = entry;
2810 *result = res;
2811
2812 return (err);
2813 }
2814
2815
2816 /* Routine io_registry_entry_in_plane */
2817 kern_return_t is_io_registry_entry_in_plane(
2818 io_object_t registry_entry,
2819 io_name_t plane,
2820 boolean_t *inPlane )
2821 {
2822 CHECK( IORegistryEntry, registry_entry, entry );
2823
2824 *inPlane = entry->inPlane( IORegistryEntry::getPlane( plane ));
2825
2826 return( kIOReturnSuccess );
2827 }
2828
2829
2830 /* Routine io_registry_entry_get_path */
2831 kern_return_t is_io_registry_entry_get_path(
2832 io_object_t registry_entry,
2833 io_name_t plane,
2834 io_string_t path )
2835 {
2836 int length;
2837 CHECK( IORegistryEntry, registry_entry, entry );
2838
2839 length = sizeof( io_string_t);
2840 if( entry->getPath( path, &length, IORegistryEntry::getPlane( plane )))
2841 return( kIOReturnSuccess );
2842 else
2843 return( kIOReturnBadArgument );
2844 }
2845
2846 /* Routine io_registry_entry_get_path */
2847 kern_return_t is_io_registry_entry_get_path_ool(
2848 io_object_t registry_entry,
2849 io_name_t plane,
2850 io_string_inband_t path,
2851 io_buf_ptr_t *path_ool,
2852 mach_msg_type_number_t *path_oolCnt)
2853 {
2854 enum { kMaxPath = 16384 };
2855 IOReturn err;
2856 int length;
2857 char * buf;
2858
2859 CHECK( IORegistryEntry, registry_entry, entry );
2860
2861 *path_ool = NULL;
2862 *path_oolCnt = 0;
2863 length = sizeof(io_string_inband_t);
2864 if (entry->getPath(path, &length, IORegistryEntry::getPlane(plane))) err = kIOReturnSuccess;
2865 else
2866 {
2867 length = kMaxPath;
2868 buf = IONew(char, length);
2869 if (!buf) err = kIOReturnNoMemory;
2870 else if (!entry->getPath(buf, &length, IORegistryEntry::getPlane(plane))) err = kIOReturnError;
2871 else
2872 {
2873 *path_oolCnt = length;
2874 err = copyoutkdata(buf, length, path_ool);
2875 }
2876 if (buf) IODelete(buf, char, kMaxPath);
2877 }
2878
2879 return (err);
2880 }
2881
2882
2883 /* Routine io_registry_entry_get_name */
2884 kern_return_t is_io_registry_entry_get_name(
2885 io_object_t registry_entry,
2886 io_name_t name )
2887 {
2888 CHECK( IORegistryEntry, registry_entry, entry );
2889
2890 strncpy( name, entry->getName(), sizeof( io_name_t));
2891
2892 return( kIOReturnSuccess );
2893 }
2894
2895 /* Routine io_registry_entry_get_name_in_plane */
2896 kern_return_t is_io_registry_entry_get_name_in_plane(
2897 io_object_t registry_entry,
2898 io_name_t planeName,
2899 io_name_t name )
2900 {
2901 const IORegistryPlane * plane;
2902 CHECK( IORegistryEntry, registry_entry, entry );
2903
2904 if( planeName[0])
2905 plane = IORegistryEntry::getPlane( planeName );
2906 else
2907 plane = 0;
2908
2909 strncpy( name, entry->getName( plane), sizeof( io_name_t));
2910
2911 return( kIOReturnSuccess );
2912 }
2913
2914 /* Routine io_registry_entry_get_location_in_plane */
2915 kern_return_t is_io_registry_entry_get_location_in_plane(
2916 io_object_t registry_entry,
2917 io_name_t planeName,
2918 io_name_t location )
2919 {
2920 const IORegistryPlane * plane;
2921 CHECK( IORegistryEntry, registry_entry, entry );
2922
2923 if( planeName[0])
2924 plane = IORegistryEntry::getPlane( planeName );
2925 else
2926 plane = 0;
2927
2928 const char * cstr = entry->getLocation( plane );
2929
2930 if( cstr) {
2931 strncpy( location, cstr, sizeof( io_name_t));
2932 return( kIOReturnSuccess );
2933 } else
2934 return( kIOReturnNotFound );
2935 }
2936
2937 /* Routine io_registry_entry_get_registry_entry_id */
2938 kern_return_t is_io_registry_entry_get_registry_entry_id(
2939 io_object_t registry_entry,
2940 uint64_t *entry_id )
2941 {
2942 CHECK( IORegistryEntry, registry_entry, entry );
2943
2944 *entry_id = entry->getRegistryEntryID();
2945
2946 return (kIOReturnSuccess);
2947 }
2948
2949 /* Routine io_registry_entry_get_property */
2950 kern_return_t is_io_registry_entry_get_property_bytes(
2951 io_object_t registry_entry,
2952 io_name_t property_name,
2953 io_struct_inband_t buf,
2954 mach_msg_type_number_t *dataCnt )
2955 {
2956 OSObject * obj;
2957 OSData * data;
2958 OSString * str;
2959 OSBoolean * boo;
2960 OSNumber * off;
2961 UInt64 offsetBytes;
2962 unsigned int len = 0;
2963 const void * bytes = 0;
2964 IOReturn ret = kIOReturnSuccess;
2965
2966 CHECK( IORegistryEntry, registry_entry, entry );
2967
2968 #if CONFIG_MACF
2969 if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
2970 return kIOReturnNotPermitted;
2971 #endif
2972
2973 obj = entry->copyProperty(property_name);
2974 if( !obj)
2975 return( kIOReturnNoResources );
2976
2977 // One day OSData will be a common container base class
2978 // until then...
2979 if( (data = OSDynamicCast( OSData, obj ))) {
2980 len = data->getLength();
2981 bytes = data->getBytesNoCopy();
2982 if (!data->isSerializable()) len = 0;
2983
2984 } else if( (str = OSDynamicCast( OSString, obj ))) {
2985 len = str->getLength() + 1;
2986 bytes = str->getCStringNoCopy();
2987
2988 } else if( (boo = OSDynamicCast( OSBoolean, obj ))) {
2989 len = boo->isTrue() ? sizeof("Yes") : sizeof("No");
2990 bytes = boo->isTrue() ? "Yes" : "No";
2991
2992 } else if( (off = OSDynamicCast( OSNumber, obj ))) {
2993 offsetBytes = off->unsigned64BitValue();
2994 len = off->numberOfBytes();
2995 if (len > sizeof(offsetBytes)) len = sizeof(offsetBytes);
2996 bytes = &offsetBytes;
2997 #ifdef __BIG_ENDIAN__
2998 bytes = (const void *)
2999 (((UInt32) bytes) + (sizeof( UInt64) - len));
3000 #endif
3001
3002 } else
3003 ret = kIOReturnBadArgument;
3004
3005 if( bytes) {
3006 if( *dataCnt < len)
3007 ret = kIOReturnIPCError;
3008 else {
3009 *dataCnt = len;
3010 bcopy( bytes, buf, len );
3011 }
3012 }
3013 obj->release();
3014
3015 return( ret );
3016 }
3017
3018
3019 /* Routine io_registry_entry_get_property */
3020 kern_return_t is_io_registry_entry_get_property(
3021 io_object_t registry_entry,
3022 io_name_t property_name,
3023 io_buf_ptr_t *properties,
3024 mach_msg_type_number_t *propertiesCnt )
3025 {
3026 kern_return_t err;
3027 vm_size_t len;
3028 OSObject * obj;
3029
3030 CHECK( IORegistryEntry, registry_entry, entry );
3031
3032 #if CONFIG_MACF
3033 if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
3034 return kIOReturnNotPermitted;
3035 #endif
3036
3037 obj = entry->copyProperty(property_name);
3038 if( !obj)
3039 return( kIOReturnNotFound );
3040
3041 OSSerialize * s = OSSerialize::withCapacity(4096);
3042 if( !s) {
3043 obj->release();
3044 return( kIOReturnNoMemory );
3045 }
3046
3047 if( obj->serialize( s )) {
3048 len = s->getLength();
3049 *propertiesCnt = len;
3050 err = copyoutkdata( s->text(), len, properties );
3051
3052 } else
3053 err = kIOReturnUnsupported;
3054
3055 s->release();
3056 obj->release();
3057
3058 return( err );
3059 }
3060
3061 /* Routine io_registry_entry_get_property_recursively */
3062 kern_return_t is_io_registry_entry_get_property_recursively(
3063 io_object_t registry_entry,
3064 io_name_t plane,
3065 io_name_t property_name,
3066 uint32_t options,
3067 io_buf_ptr_t *properties,
3068 mach_msg_type_number_t *propertiesCnt )
3069 {
3070 kern_return_t err;
3071 vm_size_t len;
3072 OSObject * obj;
3073
3074 CHECK( IORegistryEntry, registry_entry, entry );
3075
3076 #if CONFIG_MACF
3077 if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
3078 return kIOReturnNotPermitted;
3079 #endif
3080
3081 obj = entry->copyProperty( property_name,
3082 IORegistryEntry::getPlane( plane ), options );
3083 if( !obj)
3084 return( kIOReturnNotFound );
3085
3086 OSSerialize * s = OSSerialize::withCapacity(4096);
3087 if( !s) {
3088 obj->release();
3089 return( kIOReturnNoMemory );
3090 }
3091
3092 if( obj->serialize( s )) {
3093 len = s->getLength();
3094 *propertiesCnt = len;
3095 err = copyoutkdata( s->text(), len, properties );
3096
3097 } else
3098 err = kIOReturnUnsupported;
3099
3100 s->release();
3101 obj->release();
3102
3103 return( err );
3104 }
3105
3106 /* Routine io_registry_entry_get_properties */
3107 kern_return_t is_io_registry_entry_get_properties(
3108 io_object_t registry_entry,
3109 io_buf_ptr_t *properties,
3110 mach_msg_type_number_t *propertiesCnt )
3111 {
3112 return (kIOReturnUnsupported);
3113 }
3114
3115 #if CONFIG_MACF
3116
3117 struct GetPropertiesEditorRef
3118 {
3119 kauth_cred_t cred;
3120 IORegistryEntry * entry;
3121 OSCollection * root;
3122 };
3123
3124 static const OSMetaClassBase *
3125 GetPropertiesEditor(void * reference,
3126 OSSerialize * s,
3127 OSCollection * container,
3128 const OSSymbol * name,
3129 const OSMetaClassBase * value)
3130 {
3131 GetPropertiesEditorRef * ref = (typeof(ref)) reference;
3132
3133 if (!ref->root) ref->root = container;
3134 if (ref->root == container)
3135 {
3136 if (0 != mac_iokit_check_get_property(ref->cred, ref->entry, name->getCStringNoCopy()))
3137 {
3138 value = 0;
3139 }
3140 }
3141 if (value) value->retain();
3142 return (value);
3143 }
3144
3145 #endif /* CONFIG_MACF */
3146
3147 /* Routine io_registry_entry_get_properties */
3148 kern_return_t is_io_registry_entry_get_properties_bin(
3149 io_object_t registry_entry,
3150 io_buf_ptr_t *properties,
3151 mach_msg_type_number_t *propertiesCnt)
3152 {
3153 kern_return_t err = kIOReturnSuccess;
3154 vm_size_t len;
3155 OSSerialize * s;
3156 OSSerialize::Editor editor = 0;
3157 void * editRef = 0;
3158
3159 CHECK(IORegistryEntry, registry_entry, entry);
3160
3161 #if CONFIG_MACF
3162 GetPropertiesEditorRef ref;
3163 if (mac_iokit_check_filter_properties(kauth_cred_get(), entry))
3164 {
3165 editor = &GetPropertiesEditor;
3166 editRef = &ref;
3167 ref.cred = kauth_cred_get();
3168 ref.entry = entry;
3169 ref.root = 0;
3170 }
3171 #endif
3172
3173 s = OSSerialize::binaryWithCapacity(4096, editor, editRef);
3174 if (!s) return (kIOReturnNoMemory);
3175
3176 if (!entry->serializeProperties(s)) err = kIOReturnUnsupported;
3177
3178 if (kIOReturnSuccess == err)
3179 {
3180 len = s->getLength();
3181 *propertiesCnt = len;
3182 err = copyoutkdata(s->text(), len, properties);
3183 }
3184 s->release();
3185
3186 return (err);
3187 }
3188
3189 /* Routine io_registry_entry_get_property_bin */
3190 kern_return_t is_io_registry_entry_get_property_bin(
3191 io_object_t registry_entry,
3192 io_name_t plane,
3193 io_name_t property_name,
3194 uint32_t options,
3195 io_buf_ptr_t *properties,
3196 mach_msg_type_number_t *propertiesCnt )
3197 {
3198 kern_return_t err;
3199 vm_size_t len;
3200 OSObject * obj;
3201 const OSSymbol * sym;
3202
3203 CHECK( IORegistryEntry, registry_entry, entry );
3204
3205 #if CONFIG_MACF
3206 if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
3207 return kIOReturnNotPermitted;
3208 #endif
3209
3210 sym = OSSymbol::withCString(property_name);
3211 if (!sym) return (kIOReturnNoMemory);
3212
3213 if (gIORegistryEntryPropertyKeysKey == sym)
3214 {
3215 obj = entry->copyPropertyKeys();
3216 }
3217 else
3218 {
3219 if ((kIORegistryIterateRecursively & options) && plane[0])
3220 {
3221 obj = entry->copyProperty(property_name,
3222 IORegistryEntry::getPlane(plane), options );
3223 }
3224 else
3225 {
3226 obj = entry->copyProperty(property_name);
3227 }
3228 if (obj && gIORemoveOnReadProperties->containsObject(sym)) entry->removeProperty(sym);
3229 }
3230
3231 sym->release();
3232 if (!obj) return (kIOReturnNotFound);
3233
3234 OSSerialize * s = OSSerialize::binaryWithCapacity(4096);
3235 if( !s) {
3236 obj->release();
3237 return( kIOReturnNoMemory );
3238 }
3239
3240 if( obj->serialize( s )) {
3241 len = s->getLength();
3242 *propertiesCnt = len;
3243 err = copyoutkdata( s->text(), len, properties );
3244
3245 } else err = kIOReturnUnsupported;
3246
3247 s->release();
3248 obj->release();
3249
3250 return( err );
3251 }
3252
3253
3254 /* Routine io_registry_entry_set_properties */
3255 kern_return_t is_io_registry_entry_set_properties
3256 (
3257 io_object_t registry_entry,
3258 io_buf_ptr_t properties,
3259 mach_msg_type_number_t propertiesCnt,
3260 kern_return_t * result)
3261 {
3262 OSObject * obj;
3263 kern_return_t err;
3264 IOReturn res;
3265 vm_offset_t data;
3266 vm_map_offset_t map_data;
3267
3268 CHECK( IORegistryEntry, registry_entry, entry );
3269
3270 if( propertiesCnt > sizeof(io_struct_inband_t) * 1024)
3271 return( kIOReturnMessageTooLarge);
3272
3273 err = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) properties );
3274 data = CAST_DOWN(vm_offset_t, map_data);
3275
3276 if( KERN_SUCCESS == err) {
3277
3278 FAKE_STACK_FRAME(entry->getMetaClass());
3279
3280 // must return success after vm_map_copyout() succeeds
3281 obj = OSUnserializeXML( (const char *) data, propertiesCnt );
3282 vm_deallocate( kernel_map, data, propertiesCnt );
3283
3284 if (!obj)
3285 res = kIOReturnBadArgument;
3286 #if CONFIG_MACF
3287 else if (0 != mac_iokit_check_set_properties(kauth_cred_get(),
3288 registry_entry, obj))
3289 {
3290 res = kIOReturnNotPermitted;
3291 }
3292 #endif
3293 else
3294 {
3295 res = entry->setProperties( obj );
3296 }
3297
3298 if (obj)
3299 obj->release();
3300
3301 FAKE_STACK_FRAME_END();
3302
3303 } else
3304 res = err;
3305
3306 *result = res;
3307 return( err );
3308 }
3309
3310 /* Routine io_registry_entry_get_child_iterator */
3311 kern_return_t is_io_registry_entry_get_child_iterator(
3312 io_object_t registry_entry,
3313 io_name_t plane,
3314 io_object_t *iterator )
3315 {
3316 CHECK( IORegistryEntry, registry_entry, entry );
3317
3318 *iterator = IOUserIterator::withIterator(entry->getChildIterator(
3319 IORegistryEntry::getPlane( plane )));
3320
3321 return( kIOReturnSuccess );
3322 }
3323
3324 /* Routine io_registry_entry_get_parent_iterator */
3325 kern_return_t is_io_registry_entry_get_parent_iterator(
3326 io_object_t registry_entry,
3327 io_name_t plane,
3328 io_object_t *iterator)
3329 {
3330 CHECK( IORegistryEntry, registry_entry, entry );
3331
3332 *iterator = IOUserIterator::withIterator(entry->getParentIterator(
3333 IORegistryEntry::getPlane( plane )));
3334
3335 return( kIOReturnSuccess );
3336 }
3337
3338 /* Routine io_service_get_busy_state */
3339 kern_return_t is_io_service_get_busy_state(
3340 io_object_t _service,
3341 uint32_t *busyState )
3342 {
3343 CHECK( IOService, _service, service );
3344
3345 *busyState = service->getBusyState();
3346
3347 return( kIOReturnSuccess );
3348 }
3349
3350 /* Routine io_service_get_state */
3351 kern_return_t is_io_service_get_state(
3352 io_object_t _service,
3353 uint64_t *state,
3354 uint32_t *busy_state,
3355 uint64_t *accumulated_busy_time )
3356 {
3357 CHECK( IOService, _service, service );
3358
3359 *state = service->getState();
3360 *busy_state = service->getBusyState();
3361 *accumulated_busy_time = service->getAccumulatedBusyTime();
3362
3363 return( kIOReturnSuccess );
3364 }
3365
3366 /* Routine io_service_wait_quiet */
3367 kern_return_t is_io_service_wait_quiet(
3368 io_object_t _service,
3369 mach_timespec_t wait_time )
3370 {
3371 uint64_t timeoutNS;
3372
3373 CHECK( IOService, _service, service );
3374
3375 timeoutNS = wait_time.tv_sec;
3376 timeoutNS *= kSecondScale;
3377 timeoutNS += wait_time.tv_nsec;
3378
3379 return( service->waitQuiet(timeoutNS) );
3380 }
3381
3382 /* Routine io_service_request_probe */
3383 kern_return_t is_io_service_request_probe(
3384 io_object_t _service,
3385 uint32_t options )
3386 {
3387 CHECK( IOService, _service, service );
3388
3389 return( service->requestProbe( options ));
3390 }
3391
3392 /* Routine io_service_get_authorization_id */
3393 kern_return_t is_io_service_get_authorization_id(
3394 io_object_t _service,
3395 uint64_t *authorization_id )
3396 {
3397 kern_return_t kr;
3398
3399 CHECK( IOService, _service, service );
3400
3401 kr = IOUserClient::clientHasPrivilege( (void *) current_task(),
3402 kIOClientPrivilegeAdministrator );
3403 if( kIOReturnSuccess != kr)
3404 return( kr );
3405
3406 *authorization_id = service->getAuthorizationID();
3407
3408 return( kr );
3409 }
3410
3411 /* Routine io_service_set_authorization_id */
3412 kern_return_t is_io_service_set_authorization_id(
3413 io_object_t _service,
3414 uint64_t authorization_id )
3415 {
3416 CHECK( IOService, _service, service );
3417
3418 return( service->setAuthorizationID( authorization_id ) );
3419 }
3420
3421 /* Routine io_service_open_ndr */
3422 kern_return_t is_io_service_open_extended(
3423 io_object_t _service,
3424 task_t owningTask,
3425 uint32_t connect_type,
3426 NDR_record_t ndr,
3427 io_buf_ptr_t properties,
3428 mach_msg_type_number_t propertiesCnt,
3429 kern_return_t * result,
3430 io_object_t *connection )
3431 {
3432 IOUserClient * client = 0;
3433 kern_return_t err = KERN_SUCCESS;
3434 IOReturn res = kIOReturnSuccess;
3435 OSDictionary * propertiesDict = 0;
3436 bool crossEndian;
3437 bool disallowAccess;
3438
3439 CHECK( IOService, _service, service );
3440
3441 if (!owningTask) return (kIOReturnBadArgument);
3442 assert(owningTask == current_task());
3443 if (owningTask != current_task()) return (kIOReturnBadArgument);
3444
3445 do
3446 {
3447 if (properties) return (kIOReturnUnsupported);
3448 #if 0
3449 {
3450 OSObject * obj;
3451 vm_offset_t data;
3452 vm_map_offset_t map_data;
3453
3454 if( propertiesCnt > sizeof(io_struct_inband_t))
3455 return( kIOReturnMessageTooLarge);
3456
3457 err = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) properties );
3458 res = err;
3459 data = CAST_DOWN(vm_offset_t, map_data);
3460 if (KERN_SUCCESS == err)
3461 {
3462 // must return success after vm_map_copyout() succeeds
3463 obj = OSUnserializeXML( (const char *) data, propertiesCnt );
3464 vm_deallocate( kernel_map, data, propertiesCnt );
3465 propertiesDict = OSDynamicCast(OSDictionary, obj);
3466 if (!propertiesDict)
3467 {
3468 res = kIOReturnBadArgument;
3469 if (obj)
3470 obj->release();
3471 }
3472 }
3473 if (kIOReturnSuccess != res)
3474 break;
3475 }
3476 #endif
3477 crossEndian = (ndr.int_rep != NDR_record.int_rep);
3478 if (crossEndian)
3479 {
3480 if (!propertiesDict)
3481 propertiesDict = OSDictionary::withCapacity(4);
3482 OSData * data = OSData::withBytes(&ndr, sizeof(ndr));
3483 if (data)
3484 {
3485 if (propertiesDict)
3486 propertiesDict->setObject(kIOUserClientCrossEndianKey, data);
3487 data->release();
3488 }
3489 }
3490
3491 res = service->newUserClient( owningTask, (void *) owningTask,
3492 connect_type, propertiesDict, &client );
3493
3494 if (propertiesDict)
3495 propertiesDict->release();
3496
3497 if (res == kIOReturnSuccess)
3498 {
3499 assert( OSDynamicCast(IOUserClient, client) );
3500
3501 client->sharedInstance = (0 != client->getProperty(kIOUserClientSharedInstanceKey));
3502 client->closed = false;
3503 client->lock = IOLockAlloc();
3504
3505 disallowAccess = (crossEndian
3506 && (kOSBooleanTrue != service->getProperty(kIOUserClientCrossEndianCompatibleKey))
3507 && (kOSBooleanTrue != client->getProperty(kIOUserClientCrossEndianCompatibleKey)));
3508 if (disallowAccess) res = kIOReturnUnsupported;
3509 #if CONFIG_MACF
3510 else if (0 != mac_iokit_check_open(kauth_cred_get(), client, connect_type))
3511 res = kIOReturnNotPermitted;
3512 #endif
3513
3514 if (kIOReturnSuccess == res) res = client->registerOwner(owningTask);
3515
3516 if (kIOReturnSuccess != res)
3517 {
3518 IOStatisticsClientCall();
3519 client->clientClose();
3520 client->release();
3521 client = 0;
3522 break;
3523 }
3524 OSString * creatorName = IOCopyLogNameForPID(proc_selfpid());
3525 if (creatorName)
3526 {
3527 client->setProperty(kIOUserClientCreatorKey, creatorName);
3528 creatorName->release();
3529 }
3530 client->setTerminateDefer(service, false);
3531 }
3532 }
3533 while (false);
3534
3535 *connection = client;
3536 *result = res;
3537
3538 return (err);
3539 }
3540
3541 /* Routine io_service_close */
3542 kern_return_t is_io_service_close(
3543 io_object_t connection )
3544 {
3545 OSSet * mappings;
3546 if ((mappings = OSDynamicCast(OSSet, connection)))
3547 return( kIOReturnSuccess );
3548
3549 CHECK( IOUserClient, connection, client );
3550
3551 IOStatisticsClientCall();
3552
3553 if (client->sharedInstance || OSCompareAndSwap8(0, 1, &client->closed))
3554 {
3555 IOLockLock(client->lock);
3556 client->clientClose();
3557 IOLockUnlock(client->lock);
3558 }
3559 else
3560 {
3561 IOLog("ignored is_io_service_close(0x%qx,%s)\n",
3562 client->getRegistryEntryID(), client->getName());
3563 }
3564
3565 return( kIOReturnSuccess );
3566 }
3567
3568 /* Routine io_connect_get_service */
3569 kern_return_t is_io_connect_get_service(
3570 io_object_t connection,
3571 io_object_t *service )
3572 {
3573 IOService * theService;
3574
3575 CHECK( IOUserClient, connection, client );
3576
3577 theService = client->getService();
3578 if( theService)
3579 theService->retain();
3580
3581 *service = theService;
3582
3583 return( theService ? kIOReturnSuccess : kIOReturnUnsupported );
3584 }
3585
3586 /* Routine io_connect_set_notification_port */
3587 kern_return_t is_io_connect_set_notification_port(
3588 io_object_t connection,
3589 uint32_t notification_type,
3590 mach_port_t port,
3591 uint32_t reference)
3592 {
3593 kern_return_t ret;
3594 CHECK( IOUserClient, connection, client );
3595
3596 IOStatisticsClientCall();
3597 IOLockLock(client->lock);
3598 ret = client->registerNotificationPort( port, notification_type,
3599 (io_user_reference_t) reference );
3600 IOLockUnlock(client->lock);
3601 return (ret);
3602 }
3603
3604 /* Routine io_connect_set_notification_port */
3605 kern_return_t is_io_connect_set_notification_port_64(
3606 io_object_t connection,
3607 uint32_t notification_type,
3608 mach_port_t port,
3609 io_user_reference_t reference)
3610 {
3611 kern_return_t ret;
3612 CHECK( IOUserClient, connection, client );
3613
3614 IOStatisticsClientCall();
3615 IOLockLock(client->lock);
3616 ret = client->registerNotificationPort( port, notification_type,
3617 reference );
3618 IOLockUnlock(client->lock);
3619 return (ret);
3620 }
3621
3622 /* Routine io_connect_map_memory_into_task */
3623 kern_return_t is_io_connect_map_memory_into_task
3624 (
3625 io_connect_t connection,
3626 uint32_t memory_type,
3627 task_t into_task,
3628 mach_vm_address_t *address,
3629 mach_vm_size_t *size,
3630 uint32_t flags
3631 )
3632 {
3633 IOReturn err;
3634 IOMemoryMap * map;
3635
3636 CHECK( IOUserClient, connection, client );
3637
3638 if (!into_task) return (kIOReturnBadArgument);
3639
3640 IOStatisticsClientCall();
3641 map = client->mapClientMemory64( memory_type, into_task, flags, *address );
3642
3643 if( map) {
3644 *address = map->getAddress();
3645 if( size)
3646 *size = map->getSize();
3647
3648 if( client->sharedInstance
3649 || (into_task != current_task())) {
3650 // push a name out to the task owning the map,
3651 // so we can clean up maps
3652 mach_port_name_t name __unused =
3653 IOMachPort::makeSendRightForTask(
3654 into_task, map, IKOT_IOKIT_OBJECT );
3655 map->release();
3656
3657 } else {
3658 // keep it with the user client
3659 IOLockLock( gIOObjectPortLock);
3660 if( 0 == client->mappings)
3661 client->mappings = OSSet::withCapacity(2);
3662 if( client->mappings)
3663 client->mappings->setObject( map);
3664 IOLockUnlock( gIOObjectPortLock);
3665 map->release();
3666 }
3667 err = kIOReturnSuccess;
3668
3669 } else
3670 err = kIOReturnBadArgument;
3671
3672 return( err );
3673 }
3674
3675 /* Routine is_io_connect_map_memory */
3676 kern_return_t is_io_connect_map_memory(
3677 io_object_t connect,
3678 uint32_t type,
3679 task_t task,
3680 uint32_t * mapAddr,
3681 uint32_t * mapSize,
3682 uint32_t flags )
3683 {
3684 IOReturn err;
3685 mach_vm_address_t address;
3686 mach_vm_size_t size;
3687
3688 address = SCALAR64(*mapAddr);
3689 size = SCALAR64(*mapSize);
3690
3691 err = is_io_connect_map_memory_into_task(connect, type, task, &address, &size, flags);
3692
3693 *mapAddr = SCALAR32(address);
3694 *mapSize = SCALAR32(size);
3695
3696 return (err);
3697 }
3698
3699 } /* extern "C" */
3700
3701 IOMemoryMap * IOUserClient::removeMappingForDescriptor(IOMemoryDescriptor * mem)
3702 {
3703 OSIterator * iter;
3704 IOMemoryMap * map = 0;
3705
3706 IOLockLock(gIOObjectPortLock);
3707
3708 iter = OSCollectionIterator::withCollection(mappings);
3709 if(iter)
3710 {
3711 while ((map = OSDynamicCast(IOMemoryMap, iter->getNextObject())))
3712 {
3713 if(mem == map->getMemoryDescriptor())
3714 {
3715 map->retain();
3716 mappings->removeObject(map);
3717 break;
3718 }
3719 }
3720 iter->release();
3721 }
3722
3723 IOLockUnlock(gIOObjectPortLock);
3724
3725 return (map);
3726 }
3727
3728 extern "C" {
3729
3730 /* Routine io_connect_unmap_memory_from_task */
3731 kern_return_t is_io_connect_unmap_memory_from_task
3732 (
3733 io_connect_t connection,
3734 uint32_t memory_type,
3735 task_t from_task,
3736 mach_vm_address_t address)
3737 {
3738 IOReturn err;
3739 IOOptionBits options = 0;
3740 IOMemoryDescriptor * memory = 0;
3741 IOMemoryMap * map;
3742
3743 CHECK( IOUserClient, connection, client );
3744
3745 if (!from_task) return (kIOReturnBadArgument);
3746
3747 IOStatisticsClientCall();
3748 err = client->clientMemoryForType( (UInt32) memory_type, &options, &memory );
3749
3750 if( memory && (kIOReturnSuccess == err)) {
3751
3752 options = (options & ~kIOMapUserOptionsMask)
3753 | kIOMapAnywhere | kIOMapReference;
3754
3755 map = memory->createMappingInTask( from_task, address, options );
3756 memory->release();
3757 if( map)
3758 {
3759 IOLockLock( gIOObjectPortLock);
3760 if( client->mappings)
3761 client->mappings->removeObject( map);
3762 IOLockUnlock( gIOObjectPortLock);
3763
3764 mach_port_name_t name = 0;
3765 if (from_task != current_task())
3766 {
3767 name = IOMachPort::makeSendRightForTask( from_task, map, IKOT_IOKIT_OBJECT );
3768 map->release();
3769 }
3770
3771 if (name)
3772 {
3773 map->userClientUnmap();
3774 err = iokit_mod_send_right( from_task, name, -2 );
3775 err = kIOReturnSuccess;
3776 }
3777 else
3778 IOMachPort::releasePortForObject( map, IKOT_IOKIT_OBJECT );
3779 if (from_task == current_task())
3780 map->release();
3781 }
3782 else
3783 err = kIOReturnBadArgument;
3784 }
3785
3786 return( err );
3787 }
3788
3789 kern_return_t is_io_connect_unmap_memory(
3790 io_object_t connect,
3791 uint32_t type,
3792 task_t task,
3793 uint32_t mapAddr )
3794 {
3795 IOReturn err;
3796 mach_vm_address_t address;
3797
3798 address = SCALAR64(mapAddr);
3799
3800 err = is_io_connect_unmap_memory_from_task(connect, type, task, mapAddr);
3801
3802 return (err);
3803 }
3804
3805
3806 /* Routine io_connect_add_client */
3807 kern_return_t is_io_connect_add_client(
3808 io_object_t connection,
3809 io_object_t connect_to)
3810 {
3811 CHECK( IOUserClient, connection, client );
3812 CHECK( IOUserClient, connect_to, to );
3813
3814 IOStatisticsClientCall();
3815 return( client->connectClient( to ) );
3816 }
3817
3818
3819 /* Routine io_connect_set_properties */
3820 kern_return_t is_io_connect_set_properties(
3821 io_object_t connection,
3822 io_buf_ptr_t properties,
3823 mach_msg_type_number_t propertiesCnt,
3824 kern_return_t * result)
3825 {
3826 return( is_io_registry_entry_set_properties( connection, properties, propertiesCnt, result ));
3827 }
3828
3829 /* Routine io_user_client_method */
3830 kern_return_t is_io_connect_method_var_output
3831 (
3832 io_connect_t connection,
3833 uint32_t selector,
3834 io_scalar_inband64_t scalar_input,
3835 mach_msg_type_number_t scalar_inputCnt,
3836 io_struct_inband_t inband_input,
3837 mach_msg_type_number_t inband_inputCnt,
3838 mach_vm_address_t ool_input,
3839 mach_vm_size_t ool_input_size,
3840 io_struct_inband_t inband_output,
3841 mach_msg_type_number_t *inband_outputCnt,
3842 io_scalar_inband64_t scalar_output,
3843 mach_msg_type_number_t *scalar_outputCnt,
3844 io_buf_ptr_t *var_output,
3845 mach_msg_type_number_t *var_outputCnt
3846 )
3847 {
3848 CHECK( IOUserClient, connection, client );
3849
3850 IOExternalMethodArguments args;
3851 IOReturn ret;
3852 IOMemoryDescriptor * inputMD = 0;
3853 OSObject * structureVariableOutputData = 0;
3854
3855 bzero(&args.__reserved[0], sizeof(args.__reserved));
3856 args.__reservedA = 0;
3857 args.version = kIOExternalMethodArgumentsCurrentVersion;
3858
3859 args.selector = selector;
3860
3861 args.asyncWakePort = MACH_PORT_NULL;
3862 args.asyncReference = 0;
3863 args.asyncReferenceCount = 0;
3864 args.structureVariableOutputData = &structureVariableOutputData;
3865
3866 args.scalarInput = scalar_input;
3867 args.scalarInputCount = scalar_inputCnt;
3868 args.structureInput = inband_input;
3869 args.structureInputSize = inband_inputCnt;
3870
3871 if (ool_input && (ool_input_size <= sizeof(io_struct_inband_t))) return (kIOReturnIPCError);
3872
3873 if (ool_input)
3874 inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size,
3875 kIODirectionOut | kIOMemoryMapCopyOnWrite,
3876 current_task());
3877
3878 args.structureInputDescriptor = inputMD;
3879
3880 args.scalarOutput = scalar_output;
3881 args.scalarOutputCount = *scalar_outputCnt;
3882 bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0]));
3883 args.structureOutput = inband_output;
3884 args.structureOutputSize = *inband_outputCnt;
3885 args.structureOutputDescriptor = NULL;
3886 args.structureOutputDescriptorSize = 0;
3887
3888 IOStatisticsClientCall();
3889 ret = client->externalMethod( selector, &args );
3890
3891 *scalar_outputCnt = args.scalarOutputCount;
3892 *inband_outputCnt = args.structureOutputSize;
3893
3894 if (var_outputCnt && var_output && (kIOReturnSuccess == ret))
3895 {
3896 OSSerialize * serialize;
3897 OSData * data;
3898 vm_size_t len;
3899
3900 if ((serialize = OSDynamicCast(OSSerialize, structureVariableOutputData)))
3901 {
3902 len = serialize->getLength();
3903 *var_outputCnt = len;
3904 ret = copyoutkdata(serialize->text(), len, var_output);
3905 }
3906 else if ((data = OSDynamicCast(OSData, structureVariableOutputData)))
3907 {
3908 len = data->getLength();
3909 *var_outputCnt = len;
3910 ret = copyoutkdata(data->getBytesNoCopy(), len, var_output);
3911 }
3912 else
3913 {
3914 ret = kIOReturnUnderrun;
3915 }
3916 }
3917
3918 if (inputMD)
3919 inputMD->release();
3920 if (structureVariableOutputData)
3921 structureVariableOutputData->release();
3922
3923 return (ret);
3924 }
3925
3926 /* Routine io_user_client_method */
3927 kern_return_t is_io_connect_method
3928 (
3929 io_connect_t connection,
3930 uint32_t selector,
3931 io_scalar_inband64_t scalar_input,
3932 mach_msg_type_number_t scalar_inputCnt,
3933 io_struct_inband_t inband_input,
3934 mach_msg_type_number_t inband_inputCnt,
3935 mach_vm_address_t ool_input,
3936 mach_vm_size_t ool_input_size,
3937 io_struct_inband_t inband_output,
3938 mach_msg_type_number_t *inband_outputCnt,
3939 io_scalar_inband64_t scalar_output,
3940 mach_msg_type_number_t *scalar_outputCnt,
3941 mach_vm_address_t ool_output,
3942 mach_vm_size_t *ool_output_size
3943 )
3944 {
3945 CHECK( IOUserClient, connection, client );
3946
3947 IOExternalMethodArguments args;
3948 IOReturn ret;
3949 IOMemoryDescriptor * inputMD = 0;
3950 IOMemoryDescriptor * outputMD = 0;
3951
3952 bzero(&args.__reserved[0], sizeof(args.__reserved));
3953 args.__reservedA = 0;
3954 args.version = kIOExternalMethodArgumentsCurrentVersion;
3955
3956 args.selector = selector;
3957
3958 args.asyncWakePort = MACH_PORT_NULL;
3959 args.asyncReference = 0;
3960 args.asyncReferenceCount = 0;
3961 args.structureVariableOutputData = 0;
3962
3963 args.scalarInput = scalar_input;
3964 args.scalarInputCount = scalar_inputCnt;
3965 args.structureInput = inband_input;
3966 args.structureInputSize = inband_inputCnt;
3967
3968 if (ool_input && (ool_input_size <= sizeof(io_struct_inband_t))) return (kIOReturnIPCError);
3969 if (ool_output && (*ool_output_size <= sizeof(io_struct_inband_t))) return (kIOReturnIPCError);
3970
3971 if (ool_input)
3972 inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size,
3973 kIODirectionOut | kIOMemoryMapCopyOnWrite,
3974 current_task());
3975
3976 args.structureInputDescriptor = inputMD;
3977
3978 args.scalarOutput = scalar_output;
3979 args.scalarOutputCount = *scalar_outputCnt;
3980 bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0]));
3981 args.structureOutput = inband_output;
3982 args.structureOutputSize = *inband_outputCnt;
3983
3984 if (ool_output && ool_output_size)
3985 {
3986 outputMD = IOMemoryDescriptor::withAddressRange(ool_output, *ool_output_size,
3987 kIODirectionIn, current_task());
3988 }
3989
3990 args.structureOutputDescriptor = outputMD;
3991 args.structureOutputDescriptorSize = ool_output_size ? *ool_output_size : 0;
3992
3993 IOStatisticsClientCall();
3994 ret = client->externalMethod( selector, &args );
3995
3996 *scalar_outputCnt = args.scalarOutputCount;
3997 *inband_outputCnt = args.structureOutputSize;
3998 *ool_output_size = args.structureOutputDescriptorSize;
3999
4000 if (inputMD)
4001 inputMD->release();
4002 if (outputMD)
4003 outputMD->release();
4004
4005 return (ret);
4006 }
4007
4008 /* Routine io_async_user_client_method */
4009 kern_return_t is_io_connect_async_method
4010 (
4011 io_connect_t connection,
4012 mach_port_t wake_port,
4013 io_async_ref64_t reference,
4014 mach_msg_type_number_t referenceCnt,
4015 uint32_t selector,
4016 io_scalar_inband64_t scalar_input,
4017 mach_msg_type_number_t scalar_inputCnt,
4018 io_struct_inband_t inband_input,
4019 mach_msg_type_number_t inband_inputCnt,
4020 mach_vm_address_t ool_input,
4021 mach_vm_size_t ool_input_size,
4022 io_struct_inband_t inband_output,
4023 mach_msg_type_number_t *inband_outputCnt,
4024 io_scalar_inband64_t scalar_output,
4025 mach_msg_type_number_t *scalar_outputCnt,
4026 mach_vm_address_t ool_output,
4027 mach_vm_size_t * ool_output_size
4028 )
4029 {
4030 CHECK( IOUserClient, connection, client );
4031
4032 IOExternalMethodArguments args;
4033 IOReturn ret;
4034 IOMemoryDescriptor * inputMD = 0;
4035 IOMemoryDescriptor * outputMD = 0;
4036
4037 bzero(&args.__reserved[0], sizeof(args.__reserved));
4038 args.__reservedA = 0;
4039 args.version = kIOExternalMethodArgumentsCurrentVersion;
4040
4041 reference[0] = (io_user_reference_t) wake_port;
4042 if (vm_map_is_64bit(get_task_map(current_task())))
4043 reference[0] |= kIOUCAsync64Flag;
4044
4045 args.selector = selector;
4046
4047 args.asyncWakePort = wake_port;
4048 args.asyncReference = reference;
4049 args.asyncReferenceCount = referenceCnt;
4050
4051 args.structureVariableOutputData = 0;
4052
4053 args.scalarInput = scalar_input;
4054 args.scalarInputCount = scalar_inputCnt;
4055 args.structureInput = inband_input;
4056 args.structureInputSize = inband_inputCnt;
4057
4058 if (ool_input && (ool_input_size <= sizeof(io_struct_inband_t))) return (kIOReturnIPCError);
4059 if (ool_output && (*ool_output_size <= sizeof(io_struct_inband_t))) return (kIOReturnIPCError);
4060
4061 if (ool_input)
4062 inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size,
4063 kIODirectionOut | kIOMemoryMapCopyOnWrite,
4064 current_task());
4065
4066 args.structureInputDescriptor = inputMD;
4067
4068 args.scalarOutput = scalar_output;
4069 args.scalarOutputCount = *scalar_outputCnt;
4070 bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0]));
4071 args.structureOutput = inband_output;
4072 args.structureOutputSize = *inband_outputCnt;
4073
4074 if (ool_output)
4075 {
4076 outputMD = IOMemoryDescriptor::withAddressRange(ool_output, *ool_output_size,
4077 kIODirectionIn, current_task());
4078 }
4079
4080 args.structureOutputDescriptor = outputMD;
4081 args.structureOutputDescriptorSize = *ool_output_size;
4082
4083 IOStatisticsClientCall();
4084 ret = client->externalMethod( selector, &args );
4085
4086 *inband_outputCnt = args.structureOutputSize;
4087 *ool_output_size = args.structureOutputDescriptorSize;
4088
4089 if (inputMD)
4090 inputMD->release();
4091 if (outputMD)
4092 outputMD->release();
4093
4094 return (ret);
4095 }
4096
4097 /* Routine io_connect_method_scalarI_scalarO */
4098 kern_return_t is_io_connect_method_scalarI_scalarO(
4099 io_object_t connect,
4100 uint32_t index,
4101 io_scalar_inband_t input,
4102 mach_msg_type_number_t inputCount,
4103 io_scalar_inband_t output,
4104 mach_msg_type_number_t * outputCount )
4105 {
4106 IOReturn err;
4107 uint32_t i;
4108 io_scalar_inband64_t _input;
4109 io_scalar_inband64_t _output;
4110
4111 mach_msg_type_number_t struct_outputCnt = 0;
4112 mach_vm_size_t ool_output_size = 0;
4113
4114 bzero(&_output[0], sizeof(_output));
4115 for (i = 0; i < inputCount; i++)
4116 _input[i] = SCALAR64(input[i]);
4117
4118 err = is_io_connect_method(connect, index,
4119 _input, inputCount,
4120 NULL, 0,
4121 0, 0,
4122 NULL, &struct_outputCnt,
4123 _output, outputCount,
4124 0, &ool_output_size);
4125
4126 for (i = 0; i < *outputCount; i++)
4127 output[i] = SCALAR32(_output[i]);
4128
4129 return (err);
4130 }
4131
4132 kern_return_t shim_io_connect_method_scalarI_scalarO(
4133 IOExternalMethod * method,
4134 IOService * object,
4135 const io_user_scalar_t * input,
4136 mach_msg_type_number_t inputCount,
4137 io_user_scalar_t * output,
4138 mach_msg_type_number_t * outputCount )
4139 {
4140 IOMethod func;
4141 io_scalar_inband_t _output;
4142 IOReturn err;
4143 err = kIOReturnBadArgument;
4144
4145 bzero(&_output[0], sizeof(_output));
4146 do {
4147
4148 if( inputCount != method->count0)
4149 {
4150 IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
4151 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
4152 continue;
4153 }
4154 if( *outputCount != method->count1)
4155 {
4156 IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1);
4157 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
4158 continue;
4159 }
4160
4161 func = method->func;
4162
4163 switch( inputCount) {
4164
4165 case 6:
4166 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4167 ARG32(input[3]), ARG32(input[4]), ARG32(input[5]) );
4168 break;
4169 case 5:
4170 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4171 ARG32(input[3]), ARG32(input[4]),
4172 &_output[0] );
4173 break;
4174 case 4:
4175 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4176 ARG32(input[3]),
4177 &_output[0], &_output[1] );
4178 break;
4179 case 3:
4180 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4181 &_output[0], &_output[1], &_output[2] );
4182 break;
4183 case 2:
4184 err = (object->*func)( ARG32(input[0]), ARG32(input[1]),
4185 &_output[0], &_output[1], &_output[2],
4186 &_output[3] );
4187 break;
4188 case 1:
4189 err = (object->*func)( ARG32(input[0]),
4190 &_output[0], &_output[1], &_output[2],
4191 &_output[3], &_output[4] );
4192 break;
4193 case 0:
4194 err = (object->*func)( &_output[0], &_output[1], &_output[2],
4195 &_output[3], &_output[4], &_output[5] );
4196 break;
4197
4198 default:
4199 IOLog("%s: Bad method table\n", object->getName());
4200 }
4201 }
4202 while( false);
4203
4204 uint32_t i;
4205 for (i = 0; i < *outputCount; i++)
4206 output[i] = SCALAR32(_output[i]);
4207
4208 return( err);
4209 }
4210
4211 /* Routine io_async_method_scalarI_scalarO */
4212 kern_return_t is_io_async_method_scalarI_scalarO(
4213 io_object_t connect,
4214 mach_port_t wake_port,
4215 io_async_ref_t reference,
4216 mach_msg_type_number_t referenceCnt,
4217 uint32_t index,
4218 io_scalar_inband_t input,
4219 mach_msg_type_number_t inputCount,
4220 io_scalar_inband_t output,
4221 mach_msg_type_number_t * outputCount )
4222 {
4223 IOReturn err;
4224 uint32_t i;
4225 io_scalar_inband64_t _input;
4226 io_scalar_inband64_t _output;
4227 io_async_ref64_t _reference;
4228
4229 bzero(&_output[0], sizeof(_output));
4230 for (i = 0; i < referenceCnt; i++)
4231 _reference[i] = REF64(reference[i]);
4232
4233 mach_msg_type_number_t struct_outputCnt = 0;
4234 mach_vm_size_t ool_output_size = 0;
4235
4236 for (i = 0; i < inputCount; i++)
4237 _input[i] = SCALAR64(input[i]);
4238
4239 err = is_io_connect_async_method(connect,
4240 wake_port, _reference, referenceCnt,
4241 index,
4242 _input, inputCount,
4243 NULL, 0,
4244 0, 0,
4245 NULL, &struct_outputCnt,
4246 _output, outputCount,
4247 0, &ool_output_size);
4248
4249 for (i = 0; i < *outputCount; i++)
4250 output[i] = SCALAR32(_output[i]);
4251
4252 return (err);
4253 }
4254 /* Routine io_async_method_scalarI_structureO */
4255 kern_return_t is_io_async_method_scalarI_structureO(
4256 io_object_t connect,
4257 mach_port_t wake_port,
4258 io_async_ref_t reference,
4259 mach_msg_type_number_t referenceCnt,
4260 uint32_t index,
4261 io_scalar_inband_t input,
4262 mach_msg_type_number_t inputCount,
4263 io_struct_inband_t output,
4264 mach_msg_type_number_t * outputCount )
4265 {
4266 uint32_t i;
4267 io_scalar_inband64_t _input;
4268 io_async_ref64_t _reference;
4269
4270 for (i = 0; i < referenceCnt; i++)
4271 _reference[i] = REF64(reference[i]);
4272
4273 mach_msg_type_number_t scalar_outputCnt = 0;
4274 mach_vm_size_t ool_output_size = 0;
4275
4276 for (i = 0; i < inputCount; i++)
4277 _input[i] = SCALAR64(input[i]);
4278
4279 return (is_io_connect_async_method(connect,
4280 wake_port, _reference, referenceCnt,
4281 index,
4282 _input, inputCount,
4283 NULL, 0,
4284 0, 0,
4285 output, outputCount,
4286 NULL, &scalar_outputCnt,
4287 0, &ool_output_size));
4288 }
4289
4290 /* Routine io_async_method_scalarI_structureI */
4291 kern_return_t is_io_async_method_scalarI_structureI(
4292 io_connect_t connect,
4293 mach_port_t wake_port,
4294 io_async_ref_t reference,
4295 mach_msg_type_number_t referenceCnt,
4296 uint32_t index,
4297 io_scalar_inband_t input,
4298 mach_msg_type_number_t inputCount,
4299 io_struct_inband_t inputStruct,
4300 mach_msg_type_number_t inputStructCount )
4301 {
4302 uint32_t i;
4303 io_scalar_inband64_t _input;
4304 io_async_ref64_t _reference;
4305
4306 for (i = 0; i < referenceCnt; i++)
4307 _reference[i] = REF64(reference[i]);
4308
4309 mach_msg_type_number_t scalar_outputCnt = 0;
4310 mach_msg_type_number_t inband_outputCnt = 0;
4311 mach_vm_size_t ool_output_size = 0;
4312
4313 for (i = 0; i < inputCount; i++)
4314 _input[i] = SCALAR64(input[i]);
4315
4316 return (is_io_connect_async_method(connect,
4317 wake_port, _reference, referenceCnt,
4318 index,
4319 _input, inputCount,
4320 inputStruct, inputStructCount,
4321 0, 0,
4322 NULL, &inband_outputCnt,
4323 NULL, &scalar_outputCnt,
4324 0, &ool_output_size));
4325 }
4326
4327 /* Routine io_async_method_structureI_structureO */
4328 kern_return_t is_io_async_method_structureI_structureO(
4329 io_object_t connect,
4330 mach_port_t wake_port,
4331 io_async_ref_t reference,
4332 mach_msg_type_number_t referenceCnt,
4333 uint32_t index,
4334 io_struct_inband_t input,
4335 mach_msg_type_number_t inputCount,
4336 io_struct_inband_t output,
4337 mach_msg_type_number_t * outputCount )
4338 {
4339 uint32_t i;
4340 mach_msg_type_number_t scalar_outputCnt = 0;
4341 mach_vm_size_t ool_output_size = 0;
4342 io_async_ref64_t _reference;
4343
4344 for (i = 0; i < referenceCnt; i++)
4345 _reference[i] = REF64(reference[i]);
4346
4347 return (is_io_connect_async_method(connect,
4348 wake_port, _reference, referenceCnt,
4349 index,
4350 NULL, 0,
4351 input, inputCount,
4352 0, 0,
4353 output, outputCount,
4354 NULL, &scalar_outputCnt,
4355 0, &ool_output_size));
4356 }
4357
4358
4359 kern_return_t shim_io_async_method_scalarI_scalarO(
4360 IOExternalAsyncMethod * method,
4361 IOService * object,
4362 mach_port_t asyncWakePort,
4363 io_user_reference_t * asyncReference,
4364 uint32_t asyncReferenceCount,
4365 const io_user_scalar_t * input,
4366 mach_msg_type_number_t inputCount,
4367 io_user_scalar_t * output,
4368 mach_msg_type_number_t * outputCount )
4369 {
4370 IOAsyncMethod func;
4371 uint32_t i;
4372 io_scalar_inband_t _output;
4373 IOReturn err;
4374 io_async_ref_t reference;
4375
4376 bzero(&_output[0], sizeof(_output));
4377 for (i = 0; i < asyncReferenceCount; i++)
4378 reference[i] = REF32(asyncReference[i]);
4379
4380 err = kIOReturnBadArgument;
4381
4382 do {
4383
4384 if( inputCount != method->count0)
4385 {
4386 IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
4387 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
4388 continue;
4389 }
4390 if( *outputCount != method->count1)
4391 {
4392 IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1);
4393 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
4394 continue;
4395 }
4396
4397 func = method->func;
4398
4399 switch( inputCount) {
4400
4401 case 6:
4402 err = (object->*func)( reference,
4403 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4404 ARG32(input[3]), ARG32(input[4]), ARG32(input[5]) );
4405 break;
4406 case 5:
4407 err = (object->*func)( reference,
4408 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4409 ARG32(input[3]), ARG32(input[4]),
4410 &_output[0] );
4411 break;
4412 case 4:
4413 err = (object->*func)( reference,
4414 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4415 ARG32(input[3]),
4416 &_output[0], &_output[1] );
4417 break;
4418 case 3:
4419 err = (object->*func)( reference,
4420 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4421 &_output[0], &_output[1], &_output[2] );
4422 break;
4423 case 2:
4424 err = (object->*func)( reference,
4425 ARG32(input[0]), ARG32(input[1]),
4426 &_output[0], &_output[1], &_output[2],
4427 &_output[3] );
4428 break;
4429 case 1:
4430 err = (object->*func)( reference,
4431 ARG32(input[0]),
4432 &_output[0], &_output[1], &_output[2],
4433 &_output[3], &_output[4] );
4434 break;
4435 case 0:
4436 err = (object->*func)( reference,
4437 &_output[0], &_output[1], &_output[2],
4438 &_output[3], &_output[4], &_output[5] );
4439 break;
4440
4441 default:
4442 IOLog("%s: Bad method table\n", object->getName());
4443 }
4444 }
4445 while( false);
4446
4447 for (i = 0; i < *outputCount; i++)
4448 output[i] = SCALAR32(_output[i]);
4449
4450 return( err);
4451 }
4452
4453
4454 /* Routine io_connect_method_scalarI_structureO */
4455 kern_return_t is_io_connect_method_scalarI_structureO(
4456 io_object_t connect,
4457 uint32_t index,
4458 io_scalar_inband_t input,
4459 mach_msg_type_number_t inputCount,
4460 io_struct_inband_t output,
4461 mach_msg_type_number_t * outputCount )
4462 {
4463 uint32_t i;
4464 io_scalar_inband64_t _input;
4465
4466 mach_msg_type_number_t scalar_outputCnt = 0;
4467 mach_vm_size_t ool_output_size = 0;
4468
4469 for (i = 0; i < inputCount; i++)
4470 _input[i] = SCALAR64(input[i]);
4471
4472 return (is_io_connect_method(connect, index,
4473 _input, inputCount,
4474 NULL, 0,
4475 0, 0,
4476 output, outputCount,
4477 NULL, &scalar_outputCnt,
4478 0, &ool_output_size));
4479 }
4480
4481 kern_return_t shim_io_connect_method_scalarI_structureO(
4482
4483 IOExternalMethod * method,
4484 IOService * object,
4485 const io_user_scalar_t * input,
4486 mach_msg_type_number_t inputCount,
4487 io_struct_inband_t output,
4488 IOByteCount * outputCount )
4489 {
4490 IOMethod func;
4491 IOReturn err;
4492
4493 err = kIOReturnBadArgument;
4494
4495 do {
4496 if( inputCount != method->count0)
4497 {
4498 IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
4499 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
4500 continue;
4501 }
4502 if( (kIOUCVariableStructureSize != method->count1)
4503 && (*outputCount != method->count1))
4504 {
4505 IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
4506 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
4507 continue;
4508 }
4509
4510 func = method->func;
4511
4512 switch( inputCount) {
4513
4514 case 5:
4515 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4516 ARG32(input[3]), ARG32(input[4]),
4517 output );
4518 break;
4519 case 4:
4520 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4521 ARG32(input[3]),
4522 output, (void *)outputCount );
4523 break;
4524 case 3:
4525 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4526 output, (void *)outputCount, 0 );
4527 break;
4528 case 2:
4529 err = (object->*func)( ARG32(input[0]), ARG32(input[1]),
4530 output, (void *)outputCount, 0, 0 );
4531 break;
4532 case 1:
4533 err = (object->*func)( ARG32(input[0]),
4534 output, (void *)outputCount, 0, 0, 0 );
4535 break;
4536 case 0:
4537 err = (object->*func)( output, (void *)outputCount, 0, 0, 0, 0 );
4538 break;
4539
4540 default:
4541 IOLog("%s: Bad method table\n", object->getName());
4542 }
4543 }
4544 while( false);
4545
4546 return( err);
4547 }
4548
4549
4550 kern_return_t shim_io_async_method_scalarI_structureO(
4551 IOExternalAsyncMethod * method,
4552 IOService * object,
4553 mach_port_t asyncWakePort,
4554 io_user_reference_t * asyncReference,
4555 uint32_t asyncReferenceCount,
4556 const io_user_scalar_t * input,
4557 mach_msg_type_number_t inputCount,
4558 io_struct_inband_t output,
4559 mach_msg_type_number_t * outputCount )
4560 {
4561 IOAsyncMethod func;
4562 uint32_t i;
4563 IOReturn err;
4564 io_async_ref_t reference;
4565
4566 for (i = 0; i < asyncReferenceCount; i++)
4567 reference[i] = REF32(asyncReference[i]);
4568
4569 err = kIOReturnBadArgument;
4570 do {
4571 if( inputCount != method->count0)
4572 {
4573 IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
4574 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
4575 continue;
4576 }
4577 if( (kIOUCVariableStructureSize != method->count1)
4578 && (*outputCount != method->count1))
4579 {
4580 IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
4581 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
4582 continue;
4583 }
4584
4585 func = method->func;
4586
4587 switch( inputCount) {
4588
4589 case 5:
4590 err = (object->*func)( reference,
4591 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4592 ARG32(input[3]), ARG32(input[4]),
4593 output );
4594 break;
4595 case 4:
4596 err = (object->*func)( reference,
4597 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4598 ARG32(input[3]),
4599 output, (void *)outputCount );
4600 break;
4601 case 3:
4602 err = (object->*func)( reference,
4603 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4604 output, (void *)outputCount, 0 );
4605 break;
4606 case 2:
4607 err = (object->*func)( reference,
4608 ARG32(input[0]), ARG32(input[1]),
4609 output, (void *)outputCount, 0, 0 );
4610 break;
4611 case 1:
4612 err = (object->*func)( reference,
4613 ARG32(input[0]),
4614 output, (void *)outputCount, 0, 0, 0 );
4615 break;
4616 case 0:
4617 err = (object->*func)( reference,
4618 output, (void *)outputCount, 0, 0, 0, 0 );
4619 break;
4620
4621 default:
4622 IOLog("%s: Bad method table\n", object->getName());
4623 }
4624 }
4625 while( false);
4626
4627 return( err);
4628 }
4629
4630 /* Routine io_connect_method_scalarI_structureI */
4631 kern_return_t is_io_connect_method_scalarI_structureI(
4632 io_connect_t connect,
4633 uint32_t index,
4634 io_scalar_inband_t input,
4635 mach_msg_type_number_t inputCount,
4636 io_struct_inband_t inputStruct,
4637 mach_msg_type_number_t inputStructCount )
4638 {
4639 uint32_t i;
4640 io_scalar_inband64_t _input;
4641
4642 mach_msg_type_number_t scalar_outputCnt = 0;
4643 mach_msg_type_number_t inband_outputCnt = 0;
4644 mach_vm_size_t ool_output_size = 0;
4645
4646 for (i = 0; i < inputCount; i++)
4647 _input[i] = SCALAR64(input[i]);
4648
4649 return (is_io_connect_method(connect, index,
4650 _input, inputCount,
4651 inputStruct, inputStructCount,
4652 0, 0,
4653 NULL, &inband_outputCnt,
4654 NULL, &scalar_outputCnt,
4655 0, &ool_output_size));
4656 }
4657
4658 kern_return_t shim_io_connect_method_scalarI_structureI(
4659 IOExternalMethod * method,
4660 IOService * object,
4661 const io_user_scalar_t * input,
4662 mach_msg_type_number_t inputCount,
4663 io_struct_inband_t inputStruct,
4664 mach_msg_type_number_t inputStructCount )
4665 {
4666 IOMethod func;
4667 IOReturn err = kIOReturnBadArgument;
4668
4669 do
4670 {
4671 if (inputCount != method->count0)
4672 {
4673 IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
4674 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
4675 continue;
4676 }
4677 if( (kIOUCVariableStructureSize != method->count1)
4678 && (inputStructCount != method->count1))
4679 {
4680 IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputStructCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
4681 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputStructCount, uint64_t, (uint64_t)method->count1);
4682 continue;
4683 }
4684
4685 func = method->func;
4686
4687 switch( inputCount) {
4688
4689 case 5:
4690 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4691 ARG32(input[3]), ARG32(input[4]),
4692 inputStruct );
4693 break;
4694 case 4:
4695 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), (void *) input[2],
4696 ARG32(input[3]),
4697 inputStruct, (void *)(uintptr_t)inputStructCount );
4698 break;
4699 case 3:
4700 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4701 inputStruct, (void *)(uintptr_t)inputStructCount,
4702 0 );
4703 break;
4704 case 2:
4705 err = (object->*func)( ARG32(input[0]), ARG32(input[1]),
4706 inputStruct, (void *)(uintptr_t)inputStructCount,
4707 0, 0 );
4708 break;
4709 case 1:
4710 err = (object->*func)( ARG32(input[0]),
4711 inputStruct, (void *)(uintptr_t)inputStructCount,
4712 0, 0, 0 );
4713 break;
4714 case 0:
4715 err = (object->*func)( inputStruct, (void *)(uintptr_t)inputStructCount,
4716 0, 0, 0, 0 );
4717 break;
4718
4719 default:
4720 IOLog("%s: Bad method table\n", object->getName());
4721 }
4722 }
4723 while (false);
4724
4725 return( err);
4726 }
4727
4728 kern_return_t shim_io_async_method_scalarI_structureI(
4729 IOExternalAsyncMethod * method,
4730 IOService * object,
4731 mach_port_t asyncWakePort,
4732 io_user_reference_t * asyncReference,
4733 uint32_t asyncReferenceCount,
4734 const io_user_scalar_t * input,
4735 mach_msg_type_number_t inputCount,
4736 io_struct_inband_t inputStruct,
4737 mach_msg_type_number_t inputStructCount )
4738 {
4739 IOAsyncMethod func;
4740 uint32_t i;
4741 IOReturn err = kIOReturnBadArgument;
4742 io_async_ref_t reference;
4743
4744 for (i = 0; i < asyncReferenceCount; i++)
4745 reference[i] = REF32(asyncReference[i]);
4746
4747 do
4748 {
4749 if (inputCount != method->count0)
4750 {
4751 IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
4752 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
4753 continue;
4754 }
4755 if( (kIOUCVariableStructureSize != method->count1)
4756 && (inputStructCount != method->count1))
4757 {
4758 IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputStructCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
4759 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputStructCount, uint64_t, (uint64_t)method->count1);
4760 continue;
4761 }
4762
4763 func = method->func;
4764
4765 switch( inputCount) {
4766
4767 case 5:
4768 err = (object->*func)( reference,
4769 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4770 ARG32(input[3]), ARG32(input[4]),
4771 inputStruct );
4772 break;
4773 case 4:
4774 err = (object->*func)( reference,
4775 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4776 ARG32(input[3]),
4777 inputStruct, (void *)(uintptr_t)inputStructCount );
4778 break;
4779 case 3:
4780 err = (object->*func)( reference,
4781 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
4782 inputStruct, (void *)(uintptr_t)inputStructCount,
4783 0 );
4784 break;
4785 case 2:
4786 err = (object->*func)( reference,
4787 ARG32(input[0]), ARG32(input[1]),
4788 inputStruct, (void *)(uintptr_t)inputStructCount,
4789 0, 0 );
4790 break;
4791 case 1:
4792 err = (object->*func)( reference,
4793 ARG32(input[0]),
4794 inputStruct, (void *)(uintptr_t)inputStructCount,
4795 0, 0, 0 );
4796 break;
4797 case 0:
4798 err = (object->*func)( reference,
4799 inputStruct, (void *)(uintptr_t)inputStructCount,
4800 0, 0, 0, 0 );
4801 break;
4802
4803 default:
4804 IOLog("%s: Bad method table\n", object->getName());
4805 }
4806 }
4807 while (false);
4808
4809 return( err);
4810 }
4811
4812 /* Routine io_connect_method_structureI_structureO */
4813 kern_return_t is_io_connect_method_structureI_structureO(
4814 io_object_t connect,
4815 uint32_t index,
4816 io_struct_inband_t input,
4817 mach_msg_type_number_t inputCount,
4818 io_struct_inband_t output,
4819 mach_msg_type_number_t * outputCount )
4820 {
4821 mach_msg_type_number_t scalar_outputCnt = 0;
4822 mach_vm_size_t ool_output_size = 0;
4823
4824 return (is_io_connect_method(connect, index,
4825 NULL, 0,
4826 input, inputCount,
4827 0, 0,
4828 output, outputCount,
4829 NULL, &scalar_outputCnt,
4830 0, &ool_output_size));
4831 }
4832
4833 kern_return_t shim_io_connect_method_structureI_structureO(
4834 IOExternalMethod * method,
4835 IOService * object,
4836 io_struct_inband_t input,
4837 mach_msg_type_number_t inputCount,
4838 io_struct_inband_t output,
4839 IOByteCount * outputCount )
4840 {
4841 IOMethod func;
4842 IOReturn err = kIOReturnBadArgument;
4843
4844 do
4845 {
4846 if( (kIOUCVariableStructureSize != method->count0)
4847 && (inputCount != method->count0))
4848 {
4849 IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0, (uint64_t)kIOUCVariableStructureSize);
4850 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
4851 continue;
4852 }
4853 if( (kIOUCVariableStructureSize != method->count1)
4854 && (*outputCount != method->count1))
4855 {
4856 IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
4857 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
4858 continue;
4859 }
4860
4861 func = method->func;
4862
4863 if( method->count1) {
4864 if( method->count0) {
4865 err = (object->*func)( input, output,
4866 (void *)(uintptr_t)inputCount, outputCount, 0, 0 );
4867 } else {
4868 err = (object->*func)( output, outputCount, 0, 0, 0, 0 );
4869 }
4870 } else {
4871 err = (object->*func)( input, (void *)(uintptr_t)inputCount, 0, 0, 0, 0 );
4872 }
4873 }
4874 while( false);
4875
4876
4877 return( err);
4878 }
4879
4880 kern_return_t shim_io_async_method_structureI_structureO(
4881 IOExternalAsyncMethod * method,
4882 IOService * object,
4883 mach_port_t asyncWakePort,
4884 io_user_reference_t * asyncReference,
4885 uint32_t asyncReferenceCount,
4886 io_struct_inband_t input,
4887 mach_msg_type_number_t inputCount,
4888 io_struct_inband_t output,
4889 mach_msg_type_number_t * outputCount )
4890 {
4891 IOAsyncMethod func;
4892 uint32_t i;
4893 IOReturn err;
4894 io_async_ref_t reference;
4895
4896 for (i = 0; i < asyncReferenceCount; i++)
4897 reference[i] = REF32(asyncReference[i]);
4898
4899 err = kIOReturnBadArgument;
4900 do
4901 {
4902 if( (kIOUCVariableStructureSize != method->count0)
4903 && (inputCount != method->count0))
4904 {
4905 IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0, (uint64_t)kIOUCVariableStructureSize);
4906 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
4907 continue;
4908 }
4909 if( (kIOUCVariableStructureSize != method->count1)
4910 && (*outputCount != method->count1))
4911 {
4912 IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
4913 DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
4914 continue;
4915 }
4916
4917 func = method->func;
4918
4919 if( method->count1) {
4920 if( method->count0) {
4921 err = (object->*func)( reference,
4922 input, output,
4923 (void *)(uintptr_t)inputCount, outputCount, 0, 0 );
4924 } else {
4925 err = (object->*func)( reference,
4926 output, outputCount, 0, 0, 0, 0 );
4927 }
4928 } else {
4929 err = (object->*func)( reference,
4930 input, (void *)(uintptr_t)inputCount, 0, 0, 0, 0 );
4931 }
4932 }
4933 while( false);
4934
4935 return( err);
4936 }
4937
4938 #if !NO_KEXTD
4939 bool gIOKextdClearedBusy = false;
4940 #endif
4941
4942 /* Routine io_catalog_send_data */
4943 kern_return_t is_io_catalog_send_data(
4944 mach_port_t master_port,
4945 uint32_t flag,
4946 io_buf_ptr_t inData,
4947 mach_msg_type_number_t inDataCount,
4948 kern_return_t * result)
4949 {
4950 #if NO_KEXTD
4951 return kIOReturnNotPrivileged;
4952 #else /* NO_KEXTD */
4953 OSObject * obj = 0;
4954 vm_offset_t data;
4955 kern_return_t kr = kIOReturnError;
4956
4957 //printf("io_catalog_send_data called. flag: %d\n", flag);
4958
4959 if( master_port != master_device_port)
4960 return kIOReturnNotPrivileged;
4961
4962 if( (flag != kIOCatalogRemoveKernelLinker &&
4963 flag != kIOCatalogKextdActive &&
4964 flag != kIOCatalogKextdFinishedLaunching) &&
4965 ( !inData || !inDataCount) )
4966 {
4967 return kIOReturnBadArgument;
4968 }
4969
4970 if (!IOTaskHasEntitlement(current_task(), "com.apple.rootless.kext-secure-management"))
4971 {
4972 OSString * taskName = IOCopyLogNameForPID(proc_selfpid());
4973 IOLog("IOCatalogueSendData(%s): Not entitled\n", taskName ? taskName->getCStringNoCopy() : "");
4974 OSSafeReleaseNULL(taskName);
4975 // For now, fake success to not break applications relying on this function succeeding.
4976 // See <rdar://problem/32554970> for more details.
4977 return kIOReturnSuccess;
4978 }
4979
4980 if (inData) {
4981 vm_map_offset_t map_data;
4982
4983 if( inDataCount > sizeof(io_struct_inband_t) * 1024)
4984 return( kIOReturnMessageTooLarge);
4985
4986 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t)inData);
4987 data = CAST_DOWN(vm_offset_t, map_data);
4988
4989 if( kr != KERN_SUCCESS)
4990 return kr;
4991
4992 // must return success after vm_map_copyout() succeeds
4993
4994 if( inDataCount ) {
4995 obj = (OSObject *)OSUnserializeXML((const char *)data, inDataCount);
4996 vm_deallocate( kernel_map, data, inDataCount );
4997 if( !obj) {
4998 *result = kIOReturnNoMemory;
4999 return( KERN_SUCCESS);
5000 }
5001 }
5002 }
5003
5004 switch ( flag ) {
5005 case kIOCatalogResetDrivers:
5006 case kIOCatalogResetDriversNoMatch: {
5007 OSArray * array;
5008
5009 array = OSDynamicCast(OSArray, obj);
5010 if (array) {
5011 if ( !gIOCatalogue->resetAndAddDrivers(array,
5012 flag == kIOCatalogResetDrivers) ) {
5013
5014 kr = kIOReturnError;
5015 }
5016 } else {
5017 kr = kIOReturnBadArgument;
5018 }
5019 }
5020 break;
5021
5022 case kIOCatalogAddDrivers:
5023 case kIOCatalogAddDriversNoMatch: {
5024 OSArray * array;
5025
5026 array = OSDynamicCast(OSArray, obj);
5027 if ( array ) {
5028 if ( !gIOCatalogue->addDrivers( array ,
5029 flag == kIOCatalogAddDrivers) ) {
5030 kr = kIOReturnError;
5031 }
5032 }
5033 else {
5034 kr = kIOReturnBadArgument;
5035 }
5036 }
5037 break;
5038
5039 case kIOCatalogRemoveDrivers:
5040 case kIOCatalogRemoveDriversNoMatch: {
5041 OSDictionary * dict;
5042
5043 dict = OSDynamicCast(OSDictionary, obj);
5044 if ( dict ) {
5045 if ( !gIOCatalogue->removeDrivers( dict,
5046 flag == kIOCatalogRemoveDrivers ) ) {
5047 kr = kIOReturnError;
5048 }
5049 }
5050 else {
5051 kr = kIOReturnBadArgument;
5052 }
5053 }
5054 break;
5055
5056 case kIOCatalogStartMatching: {
5057 OSDictionary * dict;
5058
5059 dict = OSDynamicCast(OSDictionary, obj);
5060 if ( dict ) {
5061 if ( !gIOCatalogue->startMatching( dict ) ) {
5062 kr = kIOReturnError;
5063 }
5064 }
5065 else {
5066 kr = kIOReturnBadArgument;
5067 }
5068 }
5069 break;
5070
5071 case kIOCatalogRemoveKernelLinker:
5072 kr = KERN_NOT_SUPPORTED;
5073 break;
5074
5075 case kIOCatalogKextdActive:
5076 #if !NO_KEXTD
5077 IOServiceTrace(IOSERVICE_KEXTD_ALIVE, 0, 0, 0, 0);
5078 OSKext::setKextdActive();
5079
5080 /* Dump all nonloaded startup extensions; kextd will now send them
5081 * down on request.
5082 */
5083 OSKext::flushNonloadedKexts( /* flushPrelinkedKexts */ false);
5084 #endif
5085 kr = kIOReturnSuccess;
5086 break;
5087
5088 case kIOCatalogKextdFinishedLaunching: {
5089 #if !NO_KEXTD
5090 if (!gIOKextdClearedBusy) {
5091 IOService * serviceRoot = IOService::getServiceRoot();
5092 if (serviceRoot) {
5093 IOServiceTrace(IOSERVICE_KEXTD_READY, 0, 0, 0, 0);
5094 serviceRoot->adjustBusy(-1);
5095 gIOKextdClearedBusy = true;
5096 }
5097 }
5098 #endif
5099 kr = kIOReturnSuccess;
5100 }
5101 break;
5102
5103 default:
5104 kr = kIOReturnBadArgument;
5105 break;
5106 }
5107
5108 if (obj) obj->release();
5109
5110 *result = kr;
5111 return( KERN_SUCCESS);
5112 #endif /* NO_KEXTD */
5113 }
5114
5115 /* Routine io_catalog_terminate */
5116 kern_return_t is_io_catalog_terminate(
5117 mach_port_t master_port,
5118 uint32_t flag,
5119 io_name_t name )
5120 {
5121 kern_return_t kr;
5122
5123 if( master_port != master_device_port )
5124 return kIOReturnNotPrivileged;
5125
5126 kr = IOUserClient::clientHasPrivilege( (void *) current_task(),
5127 kIOClientPrivilegeAdministrator );
5128 if( kIOReturnSuccess != kr)
5129 return( kr );
5130
5131 switch ( flag ) {
5132 #if !defined(SECURE_KERNEL)
5133 case kIOCatalogServiceTerminate:
5134 OSIterator * iter;
5135 IOService * service;
5136
5137 iter = IORegistryIterator::iterateOver(gIOServicePlane,
5138 kIORegistryIterateRecursively);
5139 if ( !iter )
5140 return kIOReturnNoMemory;
5141
5142 do {
5143 iter->reset();
5144 while( (service = (IOService *)iter->getNextObject()) ) {
5145 if( service->metaCast(name)) {
5146 if ( !service->terminate( kIOServiceRequired
5147 | kIOServiceSynchronous) ) {
5148 kr = kIOReturnUnsupported;
5149 break;
5150 }
5151 }
5152 }
5153 } while( !service && !iter->isValid());
5154 iter->release();
5155 break;
5156
5157 case kIOCatalogModuleUnload:
5158 case kIOCatalogModuleTerminate:
5159 kr = gIOCatalogue->terminateDriversForModule(name,
5160 flag == kIOCatalogModuleUnload);
5161 break;
5162 #endif
5163
5164 default:
5165 kr = kIOReturnBadArgument;
5166 break;
5167 }
5168
5169 return( kr );
5170 }
5171
5172 /* Routine io_catalog_get_data */
5173 kern_return_t is_io_catalog_get_data(
5174 mach_port_t master_port,
5175 uint32_t flag,
5176 io_buf_ptr_t *outData,
5177 mach_msg_type_number_t *outDataCount)
5178 {
5179 kern_return_t kr = kIOReturnSuccess;
5180 OSSerialize * s;
5181
5182 if( master_port != master_device_port)
5183 return kIOReturnNotPrivileged;
5184
5185 //printf("io_catalog_get_data called. flag: %d\n", flag);
5186
5187 s = OSSerialize::withCapacity(4096);
5188 if ( !s )
5189 return kIOReturnNoMemory;
5190
5191 kr = gIOCatalogue->serializeData(flag, s);
5192
5193 if ( kr == kIOReturnSuccess ) {
5194 vm_offset_t data;
5195 vm_map_copy_t copy;
5196 vm_size_t size;
5197
5198 size = s->getLength();
5199 kr = vm_allocate_kernel(kernel_map, &data, size, VM_FLAGS_ANYWHERE, VM_KERN_MEMORY_IOKIT);
5200 if ( kr == kIOReturnSuccess ) {
5201 bcopy(s->text(), (void *)data, size);
5202 kr = vm_map_copyin(kernel_map, (vm_map_address_t)data,
5203 (vm_map_size_t)size, true, &copy);
5204 *outData = (char *)copy;
5205 *outDataCount = size;
5206 }
5207 }
5208
5209 s->release();
5210
5211 return kr;
5212 }
5213
5214 /* Routine io_catalog_get_gen_count */
5215 kern_return_t is_io_catalog_get_gen_count(
5216 mach_port_t master_port,
5217 uint32_t *genCount)
5218 {
5219 if( master_port != master_device_port)
5220 return kIOReturnNotPrivileged;
5221
5222 //printf("io_catalog_get_gen_count called.\n");
5223
5224 if ( !genCount )
5225 return kIOReturnBadArgument;
5226
5227 *genCount = gIOCatalogue->getGenerationCount();
5228
5229 return kIOReturnSuccess;
5230 }
5231
5232 /* Routine io_catalog_module_loaded.
5233 * Is invoked from IOKitLib's IOCatalogueModuleLoaded(). Doesn't seem to be used.
5234 */
5235 kern_return_t is_io_catalog_module_loaded(
5236 mach_port_t master_port,
5237 io_name_t name)
5238 {
5239 if( master_port != master_device_port)
5240 return kIOReturnNotPrivileged;
5241
5242 //printf("io_catalog_module_loaded called. name %s\n", name);
5243
5244 if ( !name )
5245 return kIOReturnBadArgument;
5246
5247 gIOCatalogue->moduleHasLoaded(name);
5248
5249 return kIOReturnSuccess;
5250 }
5251
5252 kern_return_t is_io_catalog_reset(
5253 mach_port_t master_port,
5254 uint32_t flag)
5255 {
5256 if( master_port != master_device_port)
5257 return kIOReturnNotPrivileged;
5258
5259 switch ( flag ) {
5260 case kIOCatalogResetDefault:
5261 gIOCatalogue->reset();
5262 break;
5263
5264 default:
5265 return kIOReturnBadArgument;
5266 }
5267
5268 return kIOReturnSuccess;
5269 }
5270
5271 kern_return_t iokit_user_client_trap(struct iokit_user_client_trap_args *args)
5272 {
5273 kern_return_t result = kIOReturnBadArgument;
5274 IOUserClient *userClient;
5275
5276 if ((userClient = OSDynamicCast(IOUserClient,
5277 iokit_lookup_connect_ref_current_task((mach_port_name_t)(uintptr_t)args->userClientRef)))) {
5278 IOExternalTrap *trap;
5279 IOService *target = NULL;
5280
5281 trap = userClient->getTargetAndTrapForIndex(&target, args->index);
5282
5283 if (trap && target) {
5284 IOTrap func;
5285
5286 func = trap->func;
5287
5288 if (func) {
5289 result = (target->*func)(args->p1, args->p2, args->p3, args->p4, args->p5, args->p6);
5290 }
5291 }
5292
5293 iokit_remove_connect_reference(userClient);
5294 }
5295
5296 return result;
5297 }
5298
5299 /* Routine io_device_tree_entry_exists_with_name */
5300 kern_return_t is_io_device_tree_entry_exists_with_name(
5301 mach_port_t master_port,
5302 io_name_t name,
5303 boolean_t *exists )
5304 {
5305 OSCollectionIterator *iter;
5306
5307 if (master_port != master_device_port)
5308 return (kIOReturnNotPrivileged);
5309
5310 iter = IODTFindMatchingEntries(IORegistryEntry::getRegistryRoot(), kIODTRecursive, name);
5311 *exists = iter && iter->getNextObject();
5312 OSSafeReleaseNULL(iter);
5313
5314 return kIOReturnSuccess;
5315 }
5316
5317 } /* extern "C" */
5318
5319 IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArguments * args,
5320 IOExternalMethodDispatch * dispatch, OSObject * target, void * reference )
5321 {
5322 IOReturn err;
5323 IOService * object;
5324 IOByteCount structureOutputSize;
5325
5326 if (dispatch)
5327 {
5328 uint32_t count;
5329 count = dispatch->checkScalarInputCount;
5330 if ((kIOUCVariableStructureSize != count) && (count != args->scalarInputCount))
5331 {
5332 return (kIOReturnBadArgument);
5333 }
5334
5335 count = dispatch->checkStructureInputSize;
5336 if ((kIOUCVariableStructureSize != count)
5337 && (count != ((args->structureInputDescriptor)
5338 ? args->structureInputDescriptor->getLength() : args->structureInputSize)))
5339 {
5340 return (kIOReturnBadArgument);
5341 }
5342
5343 count = dispatch->checkScalarOutputCount;
5344 if ((kIOUCVariableStructureSize != count) && (count != args->scalarOutputCount))
5345 {
5346 return (kIOReturnBadArgument);
5347 }
5348
5349 count = dispatch->checkStructureOutputSize;
5350 if ((kIOUCVariableStructureSize != count)
5351 && (count != ((args->structureOutputDescriptor)
5352 ? args->structureOutputDescriptor->getLength() : args->structureOutputSize)))
5353 {
5354 return (kIOReturnBadArgument);
5355 }
5356
5357 if (dispatch->function)
5358 err = (*dispatch->function)(target, reference, args);
5359 else
5360 err = kIOReturnNoCompletion; /* implementator can dispatch */
5361
5362 return (err);
5363 }
5364
5365
5366 // pre-Leopard API's don't do ool structs
5367 if (args->structureInputDescriptor || args->structureOutputDescriptor)
5368 {
5369 err = kIOReturnIPCError;
5370 return (err);
5371 }
5372
5373 structureOutputSize = args->structureOutputSize;
5374
5375 if (args->asyncWakePort)
5376 {
5377 IOExternalAsyncMethod * method;
5378 object = 0;
5379 if( !(method = getAsyncTargetAndMethodForIndex(&object, selector)) || !object )
5380 return (kIOReturnUnsupported);
5381
5382 if (kIOUCForegroundOnly & method->flags)
5383 {
5384 if (task_is_gpu_denied(current_task()))
5385 return (kIOReturnNotPermitted);
5386 }
5387
5388 switch (method->flags & kIOUCTypeMask)
5389 {
5390 case kIOUCScalarIStructI:
5391 err = shim_io_async_method_scalarI_structureI( method, object,
5392 args->asyncWakePort, args->asyncReference, args->asyncReferenceCount,
5393 args->scalarInput, args->scalarInputCount,
5394 (char *)args->structureInput, args->structureInputSize );
5395 break;
5396
5397 case kIOUCScalarIScalarO:
5398 err = shim_io_async_method_scalarI_scalarO( method, object,
5399 args->asyncWakePort, args->asyncReference, args->asyncReferenceCount,
5400 args->scalarInput, args->scalarInputCount,
5401 args->scalarOutput, &args->scalarOutputCount );
5402 break;
5403
5404 case kIOUCScalarIStructO:
5405 err = shim_io_async_method_scalarI_structureO( method, object,
5406 args->asyncWakePort, args->asyncReference, args->asyncReferenceCount,
5407 args->scalarInput, args->scalarInputCount,
5408 (char *) args->structureOutput, &args->structureOutputSize );
5409 break;
5410
5411
5412 case kIOUCStructIStructO:
5413 err = shim_io_async_method_structureI_structureO( method, object,
5414 args->asyncWakePort, args->asyncReference, args->asyncReferenceCount,
5415 (char *)args->structureInput, args->structureInputSize,
5416 (char *) args->structureOutput, &args->structureOutputSize );
5417 break;
5418
5419 default:
5420 err = kIOReturnBadArgument;
5421 break;
5422 }
5423 }
5424 else
5425 {
5426 IOExternalMethod * method;
5427 object = 0;
5428 if( !(method = getTargetAndMethodForIndex(&object, selector)) || !object )
5429 return (kIOReturnUnsupported);
5430
5431 if (kIOUCForegroundOnly & method->flags)
5432 {
5433 if (task_is_gpu_denied(current_task()))
5434 return (kIOReturnNotPermitted);
5435 }
5436
5437 switch (method->flags & kIOUCTypeMask)
5438 {
5439 case kIOUCScalarIStructI:
5440 err = shim_io_connect_method_scalarI_structureI( method, object,
5441 args->scalarInput, args->scalarInputCount,
5442 (char *) args->structureInput, args->structureInputSize );
5443 break;
5444
5445 case kIOUCScalarIScalarO:
5446 err = shim_io_connect_method_scalarI_scalarO( method, object,
5447 args->scalarInput, args->scalarInputCount,
5448 args->scalarOutput, &args->scalarOutputCount );
5449 break;
5450
5451 case kIOUCScalarIStructO:
5452 err = shim_io_connect_method_scalarI_structureO( method, object,
5453 args->scalarInput, args->scalarInputCount,
5454 (char *) args->structureOutput, &structureOutputSize );
5455 break;
5456
5457
5458 case kIOUCStructIStructO:
5459 err = shim_io_connect_method_structureI_structureO( method, object,
5460 (char *) args->structureInput, args->structureInputSize,
5461 (char *) args->structureOutput, &structureOutputSize );
5462 break;
5463
5464 default:
5465 err = kIOReturnBadArgument;
5466 break;
5467 }
5468 }
5469
5470 args->structureOutputSize = structureOutputSize;
5471
5472 return (err);
5473 }
5474
5475 #if __LP64__
5476 OSMetaClassDefineReservedUnused(IOUserClient, 0);
5477 OSMetaClassDefineReservedUnused(IOUserClient, 1);
5478 #else
5479 OSMetaClassDefineReservedUsed(IOUserClient, 0);
5480 OSMetaClassDefineReservedUsed(IOUserClient, 1);
5481 #endif
5482 OSMetaClassDefineReservedUnused(IOUserClient, 2);
5483 OSMetaClassDefineReservedUnused(IOUserClient, 3);
5484 OSMetaClassDefineReservedUnused(IOUserClient, 4);
5485 OSMetaClassDefineReservedUnused(IOUserClient, 5);
5486 OSMetaClassDefineReservedUnused(IOUserClient, 6);
5487 OSMetaClassDefineReservedUnused(IOUserClient, 7);
5488 OSMetaClassDefineReservedUnused(IOUserClient, 8);
5489 OSMetaClassDefineReservedUnused(IOUserClient, 9);
5490 OSMetaClassDefineReservedUnused(IOUserClient, 10);
5491 OSMetaClassDefineReservedUnused(IOUserClient, 11);
5492 OSMetaClassDefineReservedUnused(IOUserClient, 12);
5493 OSMetaClassDefineReservedUnused(IOUserClient, 13);
5494 OSMetaClassDefineReservedUnused(IOUserClient, 14);
5495 OSMetaClassDefineReservedUnused(IOUserClient, 15);
5496
mirror of XNU