]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/kern/kern_newsysctl.c
xnu-3789.1.32.tar.gz
[apple/xnu.git] / bsd / kern / kern_newsysctl.c
index 0bba174a6ec7b09dc1755330d885da8c21214528..6895674f979c0e291693f65d88e0ed50f0b6c845 100644 (file)
@@ -1,25 +1,31 @@
 /*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2013 Apple Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License").  You may not use this file except in compliance with the
- * License.  Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
  * 
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
- * License for the specific language governing rights and limitations
- * under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
  * 
- * @APPLE_LICENSE_HEADER_END@
- */
-/*-
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
+ *
+ *
  * Copyright (c) 1982, 1986, 1989, 1993
  *     The Regents of the University of California.  All rights reserved.
  *
 #include <sys/kernel.h>
 #include <sys/sysctl.h>
 #include <sys/malloc.h>
-#include <sys/proc.h>
+#include <sys/proc_internal.h>
+#include <sys/kauth.h>
 #include <sys/systm.h>
+#include <sys/sysproto.h>
 
-/*
-struct sysctl_oid_list sysctl__debug_children;
-struct sysctl_oid_list sysctl__kern_children;
-struct sysctl_oid_list sysctl__net_children;
-struct sysctl_oid_list sysctl__sysctl_children;
-*/
-
-extern struct sysctl_oid *newsysctl_list[];
-
-
-static void
-sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i);
-
+#include <security/audit/audit.h>
+#include <pexpert/pexpert.h>
 
+lck_grp_t * sysctl_lock_group = NULL;
+lck_rw_t * sysctl_geometry_lock = NULL;
+lck_mtx_t * sysctl_unlocked_node_lock = NULL;
 
 /*
- * Locking and stats
+ * Conditionally allow dtrace to see these functions for debugging purposes.
  */
-static struct sysctl_lock {
-       int     sl_lock;
-       int     sl_want;
-       int     sl_locked;
-} memlock;
+#ifdef STATIC
+#undef STATIC
+#endif
+#if 0
+#define        STATIC
+#else
+#define STATIC static
+#endif
 
-static int sysctl_root SYSCTL_HANDLER_ARGS;
+/* forward declarations  of static functions */
+STATIC void sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i);
+STATIC int sysctl_sysctl_debug(struct sysctl_oid *oidp, void *arg1,
+       int arg2, struct sysctl_req *req);
+STATIC int sysctl_sysctl_name(struct sysctl_oid *oidp, void *arg1,
+       int arg2, struct sysctl_req *req);
+STATIC int sysctl_sysctl_next_ls (struct sysctl_oid_list *lsp,
+       int *name, u_int namelen, int *next, int *len, int level,
+       struct sysctl_oid **oidpp);
+STATIC int sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l);
+STATIC int sysctl_new_kernel(struct sysctl_req *req, void *p, size_t l);
+STATIC int name2oid (char *name, int *oid, u_int *len);
+STATIC int sysctl_sysctl_name2oid(struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req);
+STATIC int sysctl_sysctl_next(struct sysctl_oid *oidp, void *arg1, int arg2,
+        struct sysctl_req *req);
+STATIC int sysctl_sysctl_oidfmt(struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req);
+STATIC int sysctl_old_user(struct sysctl_req *req, const void *p, size_t l);
+STATIC int sysctl_new_user(struct sysctl_req *req, void *p, size_t l);
+
+STATIC void sysctl_create_user_req(struct sysctl_req *req, struct proc *p, user_addr_t oldp,
+                                                                  size_t oldlen, user_addr_t newp, size_t newlen);
+STATIC int sysctl_root(boolean_t from_kernel, boolean_t string_is_canonical, char *namestring, size_t namestringlen, int *name, u_int namelen, struct sysctl_req *req);
+
+int    kernel_sysctl(struct proc *p, int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen);
+int    kernel_sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
+int    userland_sysctl(boolean_t string_is_canonical,
+                                       char *namestring, size_t namestringlen,
+                                       int *name, u_int namelen, struct sysctl_req *req,
+                                       size_t *retval);
 
 struct sysctl_oid_list sysctl__children; /* root list */
 
@@ -103,27 +134,72 @@ struct sysctl_oid_list sysctl__children; /* root list */
  * Order by number in each list.
  */
 
-void sysctl_register_oid(struct sysctl_oid *oidp)
+void
+sysctl_register_oid(struct sysctl_oid *new_oidp)
 {
-       struct sysctl_oid_list *parent = oidp->oid_parent;
+       struct sysctl_oid *oidp = NULL;
+       struct sysctl_oid_list *parent = new_oidp->oid_parent;
        struct sysctl_oid *p;
        struct sysctl_oid *q;
        int n;
 
+       /*
+        * The OID can be old-style (needs copy), new style without an earlier
+        * version (also needs copy), or new style with a matching version (no
+        * copy needed).  Later versions are rejected (presumably, the OID
+        * structure was changed for a necessary reason).
+        */
+       if (!(new_oidp->oid_kind & CTLFLAG_OID2)) {
+               /*
+                * XXX: M_TEMP is perhaps not the most apropriate zone, as it
+                * XXX: will subject us to use-after-free by other consumers.
+                */
+               MALLOC(oidp, struct sysctl_oid *, sizeof(*oidp), M_TEMP, M_WAITOK | M_ZERO);
+               if (oidp == NULL)
+                       return;         /* reject: no memory */
+
+               /*
+                * Copy the structure only through the oid_fmt field, which
+                * is the last field in a non-OID2 OID structure.
+                *
+                * Note:        We may want to set the oid_descr to the
+                *              oid_name (or "") at some future date.
+                */
+               memcpy(oidp, new_oidp, offsetof(struct sysctl_oid, oid_descr));
+       } else {
+               /* It's a later version; handle the versions we know about */
+               switch (new_oidp->oid_version) {
+               case SYSCTL_OID_VERSION:
+                       /* current version */
+                       oidp = new_oidp;
+                       break;
+               default:
+                       return;                 /* rejects unknown version */
+               }
+       }
+
+       /* Get the write lock to modify the geometry */
+       lck_rw_lock_exclusive(sysctl_geometry_lock);
+
        /*
         * If this oid has a number OID_AUTO, give it a number which
         * is greater than any current oid.  Make sure it is at least
-        * 100 to leave space for pre-assigned oid numbers.
+        * OID_AUTO_START to leave space for pre-assigned oid numbers.
         */
-/*     sysctl_sysctl_debug_dump_node(parent, 3); */
        if (oidp->oid_number == OID_AUTO) {
-               /* First, find the highest oid in the parent list >99 */
-               n = 99;
+               /* First, find the highest oid in the parent list >OID_AUTO_START-1 */
+               n = OID_AUTO_START;
                SLIST_FOREACH(p, parent, oid_link) {
                        if (p->oid_number > n)
                                n = p->oid_number;
                }
                oidp->oid_number = n + 1;
+               /*
+                * Reflect the number in an llocated OID into the template
+                * of the caller for sysctl_unregister_oid() compares.
+                */
+               if (oidp != new_oidp)
+                       new_oidp->oid_number = oidp->oid_number;
        }
 
        /*
@@ -139,59 +215,261 @@ void sysctl_register_oid(struct sysctl_oid *oidp)
                SLIST_INSERT_AFTER(q, oidp, oid_link);
        else
                SLIST_INSERT_HEAD(parent, oidp, oid_link);
+
+       /* Release the write lock */
+       lck_rw_unlock_exclusive(sysctl_geometry_lock);
 }
 
-void sysctl_unregister_oid(struct sysctl_oid *oidp)
+void
+sysctl_unregister_oid(struct sysctl_oid *oidp)
 {
-       SLIST_REMOVE(oidp->oid_parent, oidp, sysctl_oid, oid_link);
+       struct sysctl_oid *removed_oidp = NULL; /* OID removed from tree */
+       struct sysctl_oid *old_oidp = NULL;     /* OID compatibility copy */
+
+       /* Get the write lock to modify the geometry */
+       lck_rw_lock_exclusive(sysctl_geometry_lock);
+
+       if (!(oidp->oid_kind & CTLFLAG_OID2)) {
+               /*
+                * We're using a copy so we can get the new fields in an
+                * old structure, so we have to iterate to compare the
+                * partial structure; when we find a match, we remove it
+                * normally and free the memory.
+                */
+               SLIST_FOREACH(old_oidp, oidp->oid_parent, oid_link) {
+                       if (!memcmp(&oidp->oid_number, &old_oidp->oid_number, (offsetof(struct sysctl_oid, oid_descr)-offsetof(struct sysctl_oid, oid_number)))) {
+                break;
+            }
+               }
+               if (old_oidp != NULL) {
+                       SLIST_REMOVE(old_oidp->oid_parent, old_oidp, sysctl_oid, oid_link);
+                       removed_oidp = old_oidp;
+               }
+       } else {
+               /* It's a later version; handle the versions we know about */
+               switch (oidp->oid_version) {
+               case SYSCTL_OID_VERSION:
+                       /* We can just remove the OID directly... */
+                       SLIST_REMOVE(oidp->oid_parent, oidp, sysctl_oid, oid_link);
+                       removed_oidp = oidp;
+                       break;
+               default:
+                        /* XXX: Can't happen; probably tree coruption.*/
+                       break;                  /* rejects unknown version */
+               }
+       }
+
+       /*
+        * We've removed it from the list at this point, but we don't want
+        * to return to the caller until all handler references have drained
+        * out.  Doing things in this order prevent other people coming in
+        * and starting new operations against the OID node we want removed.
+        *
+        * Note:        oidp could be NULL if it wasn't found.
+        */
+       while(removed_oidp && removed_oidp->oid_refcnt) {
+               lck_rw_sleep(sysctl_geometry_lock, LCK_SLEEP_EXCLUSIVE, &removed_oidp->oid_refcnt, THREAD_UNINT);
+       }
+
+       /* Release the write lock */
+       lck_rw_unlock_exclusive(sysctl_geometry_lock);
+
+       /* If it was allocated, free it after dropping the lock */
+       if (old_oidp != NULL) {
+               FREE(old_oidp, M_TEMP);
+       }
 }
 
 /*
  * Bulk-register all the oids in a linker_set.
  */
-void sysctl_register_set(struct linker_set *lsp)
+void
+sysctl_register_set(const char *set)
 {
-       int count = lsp->ls_length;
-       int i;
-       for (i = 0; i < count; i++)
-               sysctl_register_oid((struct sysctl_oid *) lsp->ls_items[i]);
+       struct sysctl_oid **oidpp, *oidp;
+
+       LINKER_SET_FOREACH(oidpp, struct sysctl_oid **, set) {
+               oidp = *oidpp;
+               if (!(oidp->oid_kind & CTLFLAG_NOAUTO)) {
+                   sysctl_register_oid(oidp);
+               }
+       }
 }
 
-void sysctl_unregister_set(struct linker_set *lsp)
+void
+sysctl_unregister_set(const char *set)
 {
-       int count = lsp->ls_length;
-       int i;
-       for (i = 0; i < count; i++)
-               sysctl_unregister_oid((struct sysctl_oid *) lsp->ls_items[i]);
+       struct sysctl_oid **oidpp, *oidp;
+
+       LINKER_SET_FOREACH(oidpp, struct sysctl_oid **, set) {
+               oidp = *oidpp;
+               if (!(oidp->oid_kind & CTLFLAG_NOAUTO)) {
+                   sysctl_unregister_oid(oidp);
+               }
+       }
 }
 
+/*
+ * Exported in BSDKernel.exports, kept for binary compatibility
+ */
+#if defined(__x86_64__)
+void
+sysctl_register_fixed(void)
+{
+}
+#endif
 
 /*
- * Register OID's from fixed list
+ * Register the kernel's oids on startup.
  */
 
-void sysctl_register_fixed()
+void
+sysctl_early_init(void)
 {
-    int i = 0;
+       /*
+        * Initialize the geometry lock for reading/modifying the
+        * sysctl tree. This is done here because IOKit registers
+        * some sysctl's before bsd_init() would otherwise perform
+        * subsystem initialization.
+        */
 
+       sysctl_lock_group  = lck_grp_alloc_init("sysctl", NULL);
+       sysctl_geometry_lock = lck_rw_alloc_init(sysctl_lock_group, NULL);
+       sysctl_unlocked_node_lock = lck_mtx_alloc_init(sysctl_lock_group, NULL);
 
-    while (newsysctl_list[i]) {
-/*     printf("Registering %d\n", i); */
-       sysctl_register_oid(newsysctl_list[i++]);
-    }
+       sysctl_register_set("__sysctl_set");
 }
 
 /*
- * Register the kernel's oids on startup.
+ * New handler interface
+ *   If the sysctl caller (user mode or kernel mode) is interested in the
+ *   value (req->oldptr != NULL), we copy the data (bigValue etc.) out,
+ *   if the caller wants to set the value (req->newptr), we copy
+ *   the data in (*pValue etc.).
  */
-struct linker_set sysctl_set;
 
-void sysctl_register_all(void *arg)
+int
+sysctl_io_number(struct sysctl_req *req, long long bigValue, size_t valueSize, void *pValue, int *changed) {
+       int             smallValue;
+       int             error;
+
+       if (changed) *changed = 0;
+
+       /*
+        * Handle the various combinations of caller buffer size and
+        * data value size.  We are generous in the case where the
+        * caller has specified a 32-bit buffer but the value is 64-bit
+        * sized.
+        */
+
+       /* 32 bit value expected or 32 bit buffer offered */
+       if (((valueSize == sizeof(int)) ||
+           ((req->oldlen == sizeof(int)) && (valueSize == sizeof(long long))))
+                       && (req->oldptr)) {
+               smallValue = (int)bigValue;
+               if ((long long)smallValue != bigValue)
+                       return(ERANGE);
+               error = SYSCTL_OUT(req, &smallValue, sizeof(smallValue));
+       } else {
+               /* any other case is either size-equal or a bug */
+               error = SYSCTL_OUT(req, &bigValue, valueSize);
+       }
+       /* error or nothing to set */
+       if (error || !req->newptr)
+               return(error);
+
+       /* set request for constant */
+       if (pValue == NULL)
+               return(EPERM);
+
+       /* set request needs to convert? */
+       if ((req->newlen == sizeof(int)) && (valueSize == sizeof(long long))) {
+               /* new value is 32 bits, upconvert to 64 bits */
+               error = SYSCTL_IN(req, &smallValue, sizeof(smallValue));
+               if (!error)
+                       *(long long *)pValue = (long long)smallValue;
+       } else if ((req->newlen == sizeof(long long)) && (valueSize == sizeof(int))) {
+               /* new value is 64 bits, downconvert to 32 bits and range check */
+               error = SYSCTL_IN(req, &bigValue, sizeof(bigValue));
+               if (!error) {
+                       smallValue = (int)bigValue;
+                       if ((long long)smallValue != bigValue)
+                               return(ERANGE);
+                       *(int *)pValue = smallValue;
+               }
+       } else {
+               /* sizes match, just copy in */
+               error = SYSCTL_IN(req, pValue, valueSize);
+       }
+       if (!error && changed)
+               *changed = 1;
+       return(error);
+}
+
+int
+sysctl_io_string(struct sysctl_req *req, char *pValue, size_t valueSize, int trunc, int *changed)
 {
-       sysctl_register_set(&sysctl_set);
+       int error;
+
+       if (changed) *changed = 0;
+
+       if (trunc && req->oldptr && req->oldlen && (req->oldlen<strlen(pValue) + 1)) {
+               /* If trunc != 0, if you give it a too small (but larger than
+                * 0 bytes) buffer, instead of returning ENOMEM, it truncates the
+                * returned string to the buffer size.  This preserves the semantics
+                * of some library routines implemented via sysctl, which truncate
+                * their returned data, rather than simply returning an error. The
+                * returned string is always NUL terminated. */
+               error = SYSCTL_OUT(req, pValue, req->oldlen-1);
+               if (!error) {
+                       char c = 0;
+                       error = SYSCTL_OUT(req, &c, 1);
+               }
+       } else {
+               /* Copy string out */
+               error = SYSCTL_OUT(req, pValue, strlen(pValue) + 1);
+       }
+
+       /* error or no new value */
+       if (error || !req->newptr)
+               return(error);
+
+       /* attempt to set read-only value */
+       if (valueSize == 0)
+               return(EPERM);
+
+       /* make sure there's room for the new string */
+       if (req->newlen >= valueSize)
+               return(EINVAL);
+
+       /* copy the string in and force NUL termination */
+       error = SYSCTL_IN(req, pValue, req->newlen);
+       pValue[req->newlen] = '\0';
+
+       if (!error && changed)
+               *changed = 1;
+       return(error);
 }
 
-SYSINIT(sysctl, SI_SUB_KMEM, SI_ORDER_ANY, sysctl_register_all, 0);
+int sysctl_io_opaque(struct sysctl_req *req,void *pValue, size_t valueSize, int *changed)
+{
+       int error;
+
+       if (changed) *changed = 0;
+
+       /* Copy blob out */
+       error = SYSCTL_OUT(req, pValue, valueSize);
+
+       /* error or nothing to set */
+       if (error || !req->newptr)
+               return(error);
+
+       error = SYSCTL_IN(req, pValue, valueSize);
+
+       if (!error && changed)
+               *changed = 1;
+       return(error);
+}
 
 /*
  * "Staff-functions"
@@ -211,7 +489,32 @@ SYSINIT(sysctl, SI_SUB_KMEM, SI_ORDER_ANY, sysctl_register_all, 0);
  * {0,4,...}   return the kind & format info for the "..." OID.
  */
 
-static void
+/*
+ * sysctl_sysctl_debug_dump_node
+ *
+ * Description:        Dump debug information for a given sysctl_oid_list at the
+ *             given oid depth out to the kernel log, via printf
+ *
+ * Parameters: l                               sysctl_oid_list pointer
+ *             i                               current node depth
+ *
+ * Returns:    (void)
+ *
+ * Implicit:   kernel log, modified
+ *
+ * Locks:      Assumes sysctl_geometry_lock is held prior to calling
+ *
+ * Notes:      This function may call itself recursively to resolve Node
+ *             values, which potentially have an inferioer sysctl_oid_list
+ *
+ *             This function is only callable indirectly via the function
+ *             sysctl_sysctl_debug()
+ *
+ * Bugs:       The node depth indentation does not work; this may be an
+ *             artifact of leading space removal by the log daemon itself
+ *             or some intermediate routine.
+ */
+STATIC void
 sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i)
 {
        int k;
@@ -224,7 +527,8 @@ sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i)
 
                printf("%d %s ", oidp->oid_number, oidp->oid_name);
 
-               printf("%c%c",
+               printf("%c%c%c",
+                       oidp->oid_kind & CTLFLAG_LOCKED ? 'L':' ',
                        oidp->oid_kind & CTLFLAG_RD ? 'R':' ',
                        oidp->oid_kind & CTLFLAG_WR ? 'W':' ');
 
@@ -249,35 +553,105 @@ sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i)
        }
 }
 
-static int
-sysctl_sysctl_debug SYSCTL_HANDLER_ARGS
+/*
+ * sysctl_sysctl_debug
+ *
+ * Description:        This function implements the "sysctl.debug" portion of the
+ *             OID space for sysctl.
+ *
+ * OID:                0, 0
+ *
+ * Parameters: __unused
+ *
+ * Returns:    ENOENT
+ *
+ * Implicit:   kernel log, modified
+ *
+ * Locks:      Acquires and then releases a read lock on the
+ *             sysctl_geometry_lock
+ */
+STATIC int
+sysctl_sysctl_debug(__unused struct sysctl_oid *oidp, __unused void *arg1,
+       __unused int arg2, __unused struct sysctl_req *req)
 {
+       lck_rw_lock_shared(sysctl_geometry_lock);
        sysctl_sysctl_debug_dump_node(&sysctl__children, 0);
+       lck_rw_done(sysctl_geometry_lock);
        return ENOENT;
 }
 
-SYSCTL_PROC(_sysctl, 0, debug, CTLTYPE_STRING|CTLFLAG_RD,
+SYSCTL_PROC(_sysctl, 0, debug, CTLTYPE_STRING|CTLFLAG_RD | CTLFLAG_LOCKED,
        0, 0, sysctl_sysctl_debug, "-", "");
 
-static int
-sysctl_sysctl_name SYSCTL_HANDLER_ARGS
+/*
+ * sysctl_sysctl_name
+ *
+ * Description:        Convert an OID into a string name; this is used by the user
+ *             space sysctl() command line utility; this is done in a purely
+ *             advisory capacity (e.g. to provide node names for "sysctl -A"
+ *             output).
+ *
+ * OID:                0, 1
+ *
+ * Parameters: oidp                            __unused
+ *             arg1                            A pointer to the OID name list
+ *                                             integer array, beginning at
+ *                                             adjusted option base 2
+ *             arg2                            The number of elements which
+ *                                             remain in the name array
+ *
+ * Returns:    0                               Success
+ *     SYSCTL_OUT:EPERM                        Permission denied
+ *     SYSCTL_OUT:EFAULT                       Bad user supplied buffer
+ *     SYSCTL_OUT:???                          Return value from user function
+ *                                             for SYSCTL_PROC leaf node
+ *
+ * Implict:    Contents of user request buffer, modified
+ *
+ * Locks:      Acquires and then releases a read lock on the
+ *             sysctl_geometry_lock
+ *
+ * Notes:      SPI (System Programming Interface); this is subject to change
+ *             and may not be relied upon by third party applications; use
+ *             a subprocess to communicate with the "sysctl" command line
+ *             command instead, if you believe you need this functionality.
+ *             Preferrably, use sysctlbyname() instead.
+ *
+ *             Setting of the NULL termination of the output string is
+ *             delayed until after the geometry lock is dropped.  If there
+ *             are no Entries remaining in the OID name list when this
+ *             function is called, it will still write out the termination
+ *             byte.
+ *
+ *             This function differs from other sysctl functions in that
+ *             it can not take an output buffer length of 0 to determine the
+ *             space which will be required.  It is suggested that the buffer
+ *             length be PATH_MAX, and that authors of new sysctl's refrain
+ *             from exceeding this string length.
+ */
+STATIC int
+sysctl_sysctl_name(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
+        struct sysctl_req *req)
 {
        int *name = (int *) arg1;
        u_int namelen = arg2;
        int error = 0;
        struct sysctl_oid *oid;
        struct sysctl_oid_list *lsp = &sysctl__children, *lsp2;
-       char buf[10];
+       char tempbuf[10];
 
+       lck_rw_lock_shared(sysctl_geometry_lock);
        while (namelen) {
                if (!lsp) {
-                       snprintf(buf,sizeof(buf),"%d",*name);
+                       snprintf(tempbuf,sizeof(tempbuf),"%d",*name);
                        if (req->oldidx)
                                error = SYSCTL_OUT(req, ".", 1);
                        if (!error)
-                               error = SYSCTL_OUT(req, buf, strlen(buf));
-                       if (error)
+                               error = SYSCTL_OUT(req, tempbuf, strlen(tempbuf));
+                       if (error) {
+                               lck_rw_done(sysctl_geometry_lock);
                                return (error);
+                       }
                        namelen--;
                        name++;
                        continue;
@@ -292,8 +666,10 @@ sysctl_sysctl_name SYSCTL_HANDLER_ARGS
                        if (!error)
                                error = SYSCTL_OUT(req, oid->oid_name,
                                        strlen(oid->oid_name));
-                       if (error)
+                       if (error) {
+                               lck_rw_done(sysctl_geometry_lock);
                                return (error);
+                       }
 
                        namelen--;
                        name++;
@@ -309,12 +685,45 @@ sysctl_sysctl_name SYSCTL_HANDLER_ARGS
                }
                lsp = lsp2;
        }
+       lck_rw_done(sysctl_geometry_lock);
        return (SYSCTL_OUT(req, "", 1));
 }
 
-SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD, sysctl_sysctl_name, "");
+SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_name, "");
 
-static int
+/*
+ * sysctl_sysctl_next_ls
+ *
+ * Description:        For a given OID name value, return the next consecutive OID
+ *             name value within the geometry tree
+ *
+ * Parameters: lsp                             The OID list to look in
+ *             name                            The OID name to start from
+ *             namelen                         The length of the OID name
+ *             next                            Pointer to new oid storage to
+ *                                             fill in
+ *             len                             Pointer to receive new OID
+ *                                             length value of storage written
+ *             level                           OID tree depth (used to compute
+ *                                             len value)
+ *             oidpp                           Pointer to OID list entry
+ *                                             pointer; used to walk the list
+ *                                             forward across recursion
+ *
+ * Returns:    0                               Returning a new entry
+ *             1                               End of geometry list reached
+ *
+ * Implicit:   *next                           Modified to contain the new OID
+ *             *len                            Modified to contain new length
+ *
+ * Locks:      Assumes sysctl_geometry_lock is held prior to calling
+ *
+ * Notes:      This function will not return OID values that have special
+ *             handlers, since we can not tell wheter these handlers consume
+ *             elements from the OID space as parameters.  For this reason,
+ *             we STRONGLY discourage these types of handlers
+ */
+STATIC int
 sysctl_sysctl_next_ls (struct sysctl_oid_list *lsp, int *name, u_int namelen, 
        int *next, int *len, int level, struct sysctl_oid **oidpp)
 {
@@ -332,6 +741,11 @@ sysctl_sysctl_next_ls (struct sysctl_oid_list *lsp, int *name, u_int namelen,
                                /* We really should call the handler here...*/
                                return 0;
                        lsp = (struct sysctl_oid_list *)oidp->oid_arg1;
+
+                       if (!SLIST_FIRST(lsp))
+                               /* This node had no children - skip it! */
+                               continue;
+
                        if (!sysctl_sysctl_next_ls (lsp, 0, 0, next+1, 
                                len, level+1, oidpp))
                                return 0;
@@ -369,8 +783,47 @@ sysctl_sysctl_next_ls (struct sysctl_oid_list *lsp, int *name, u_int namelen,
        return 1;
 }
 
-static int
-sysctl_sysctl_next SYSCTL_HANDLER_ARGS
+/*
+ * sysctl_sysctl_next
+ *
+ * Description:        This is an iterator function designed to iterate the oid tree
+ *             and provide a list of OIDs for use by the user space "sysctl"
+ *             command line tool
+ *
+ * OID:                0, 2
+ *
+ * Parameters: oidp                            __unused
+ *             arg1                            Pointer to start OID name
+ *             arg2                            Start OID name length
+ *             req                             Pointer to user request buffer
+ *
+ * Returns:    0                               Success
+ *             ENOENT                          Reached end of OID space
+ *     SYSCTL_OUT:EPERM                        Permission denied
+ *     SYSCTL_OUT:EFAULT                       Bad user supplied buffer
+ *     SYSCTL_OUT:???                          Return value from user function
+ *                                             for SYSCTL_PROC leaf node
+ *
+ * Implict:    Contents of user request buffer, modified
+ *
+ * Locks:      Acquires and then releases a read lock on the
+ *             sysctl_geometry_lock
+ *
+ * Notes:      SPI (System Programming Interface); this is subject to change
+ *             and may not be relied upon by third party applications; use
+ *             a subprocess to communicate with the "sysctl" command line
+ *             command instead, if you believe you need this functionality.
+ *             Preferrably, use sysctlbyname() instead.
+ *
+ *             This function differs from other sysctl functions in that
+ *             it can not take an output buffer length of 0 to determine the
+ *             space which will be required.  It is suggested that the buffer
+ *             length be PATH_MAX, and that authors of new sysctl's refrain
+ *             from exceeding this string length.
+ */
+STATIC int
+sysctl_sysctl_next(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
+        struct sysctl_req *req)
 {
        int *name = (int *) arg1;
        u_int namelen = arg2;
@@ -379,17 +832,38 @@ sysctl_sysctl_next SYSCTL_HANDLER_ARGS
        struct sysctl_oid_list *lsp = &sysctl__children;
        int newoid[CTL_MAXNAME];
 
+       lck_rw_lock_shared(sysctl_geometry_lock);
        i = sysctl_sysctl_next_ls (lsp, name, namelen, newoid, &j, 1, &oid);
+       lck_rw_done(sysctl_geometry_lock);
        if (i)
                return ENOENT;
        error = SYSCTL_OUT(req, newoid, j * sizeof (int));
        return (error);
 }
 
-SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD, sysctl_sysctl_next, "");
+SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_next, "");
 
-static int
-name2oid (char *name, int *oid, int *len, struct sysctl_oid **oidpp)
+/*
+ * name2oid
+ *
+ * Description:        Support function for use by sysctl_sysctl_name2oid(); looks
+ *             up an OID name given a string name.
+ *
+ * Parameters: name                            NULL terminated string name
+ *             oid                             Pointer to receive OID name
+ *             len                             Pointer to receive OID length
+ *                                             pointer value (see "Notes")
+ *
+ * Returns:    0                               Success
+ *             ENOENT                          Entry not found
+ *
+ * Implicit:   *oid                            Modified to contain OID value
+ *             *len                            Modified to contain OID length
+ *
+ * Locks:      Assumes sysctl_geometry_lock is held prior to calling
+ */
+STATIC int
+name2oid (char *name, int *oid, u_int *len)
 {
        int i;
        struct sysctl_oid *oidp;
@@ -422,8 +896,6 @@ name2oid (char *name, int *oid, int *len, struct sysctl_oid **oidpp)
                (*len)++;
 
                if (!i) {
-                       if (oidpp)
-                               *oidpp = oidp;
                        return (0);
                }
 
@@ -435,6 +907,7 @@ name2oid (char *name, int *oid, int *len, struct sysctl_oid **oidpp)
 
                lsp = (struct sysctl_oid_list *)oidp->oid_arg1;
                oidp = SLIST_FIRST(lsp);
+               *p = i; /* restore */
                name = p+1;
                for (p = name; *p && *p != '.'; p++) 
                                ;
@@ -445,20 +918,59 @@ name2oid (char *name, int *oid, int *len, struct sysctl_oid **oidpp)
        return ENOENT;
 }
 
-static int
-sysctl_sysctl_name2oid SYSCTL_HANDLER_ARGS
+/*
+ * sysctl_sysctl_name2oid
+ *
+ * Description:        Translate a string name to an OID name value; this is used by
+ *             the sysctlbyname() function as well as by the "sysctl" command
+ *             line command.
+ *
+ * OID:                0, 3
+ *
+ * Parameters: oidp                            __unused
+ *             arg1                            __unused
+ *             arg2                            __unused
+ *             req                             Request structure
+ *
+ * Returns:    ENOENT                          Input length too short
+ *             ENAMETOOLONG                    Input length too long
+ *             ENOMEM                          Could not allocate work area
+ *     SYSCTL_IN/OUT:EPERM                     Permission denied
+ *     SYSCTL_IN/OUT:EFAULT                    Bad user supplied buffer
+ *     SYSCTL_IN/OUT:???                       Return value from user function
+ *     name2oid:ENOENT                         Not found
+ *
+ * Implicit:   *req                            Contents of request, modified
+ *
+ * Locks:      Acquires and then releases a read lock on the
+ *             sysctl_geometry_lock
+ *
+ * Notes:      SPI (System Programming Interface); this is subject to change
+ *             and may not be relied upon by third party applications; use
+ *             a subprocess to communicate with the "sysctl" command line
+ *             command instead, if you believe you need this functionality.
+ *             Preferrably, use sysctlbyname() instead.
+ *
+ *             This function differs from other sysctl functions in that
+ *             it can not take an output buffer length of 0 to determine the
+ *             space which will be required.  It is suggested that the buffer
+ *             length be PATH_MAX, and that authors of new sysctl's refrain
+ *             from exceeding this string length.
+ */
+STATIC int
+sysctl_sysctl_name2oid(__unused struct sysctl_oid *oidp, __unused void *arg1,
+       __unused int arg2, struct sysctl_req *req)
 {
        char *p;
-       int error, oid[CTL_MAXNAME], len;
-       struct sysctl_oid *op = 0;
+       int error, oid[CTL_MAXNAME];
+       u_int len = 0;          /* set by name2oid() */
 
-       if (!req->newlen
+       if (req->newlen < 1
                return ENOENT;
        if (req->newlen >= MAXPATHLEN)  /* XXX arbitrary, undocumented */
                return (ENAMETOOLONG);
 
-       p = _MALLOC(req->newlen+1, M_TEMP, M_WAITOK);
-
+       MALLOC(p, char *,req->newlen+1, M_TEMP, M_WAITOK);
        if (!p)
            return ENOMEM;
 
@@ -470,7 +982,13 @@ sysctl_sysctl_name2oid SYSCTL_HANDLER_ARGS
 
        p [req->newlen] = '\0';
 
-       error = name2oid(p, oid, &len, &op);
+       /*
+        * Note:        We acquire and release the geometry lock here to
+        *              avoid making name2oid needlessly complex.
+        */
+       lck_rw_lock_shared(sysctl_geometry_lock);
+       error = name2oid(p, oid, &len);
+       lck_rw_done(sysctl_geometry_lock);
 
        FREE(p, M_TEMP);
 
@@ -481,18 +999,58 @@ sysctl_sysctl_name2oid SYSCTL_HANDLER_ARGS
        return (error);
 }
 
-SYSCTL_PROC(_sysctl, 3, name2oid, CTLFLAG_RW|CTLFLAG_ANYBODY, 0, 0, 
+SYSCTL_PROC(_sysctl, 3, name2oid, CTLFLAG_RW|CTLFLAG_ANYBODY|CTLFLAG_KERN | CTLFLAG_LOCKED, 0, 0, 
        sysctl_sysctl_name2oid, "I", "");
 
-static int
-sysctl_sysctl_oidfmt SYSCTL_HANDLER_ARGS
+/*
+ * sysctl_sysctl_oidfmt
+ *
+ * Description:        For a given OID name, determine the format of the data which
+ *             is associated with it.  This is used by the "sysctl" command
+ *             line command.
+ *
+ * OID:                0, 4
+ *
+ * Parameters: oidp                            __unused
+ *             arg1                            The OID name to look up
+ *             arg2                            The length of the OID name
+ *             req                             Pointer to user request buffer
+ *
+ * Returns:    0                               Success
+ *             EISDIR                          Malformed request
+ *             ENOENT                          No such OID name
+ *     SYSCTL_OUT:EPERM                        Permission denied
+ *     SYSCTL_OUT:EFAULT                       Bad user supplied buffer
+ *     SYSCTL_OUT:???                          Return value from user function
+ *
+ * Implict:    Contents of user request buffer, modified
+ *
+ * Locks:      Acquires and then releases a read lock on the
+ *             sysctl_geometry_lock
+ *
+ * Notes:      SPI (System Programming Interface); this is subject to change
+ *             and may not be relied upon by third party applications; use
+ *             a subprocess to communicate with the "sysctl" command line
+ *             command instead, if you believe you need this functionality.
+ *
+ *             This function differs from other sysctl functions in that
+ *             it can not take an output buffer length of 0 to determine the
+ *             space which will be required.  It is suggested that the buffer
+ *             length be PATH_MAX, and that authors of new sysctl's refrain
+ *             from exceeding this string length.
+ */
+STATIC int
+sysctl_sysctl_oidfmt(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
+        struct sysctl_req *req)
 {
-       int *name = (int *) arg1, error;
+       int *name = (int *) arg1;
+       int error = ENOENT;             /* default error: not found */
        u_int namelen = arg2;
-       int indx;
+       u_int indx;
        struct sysctl_oid *oid;
        struct sysctl_oid_list *lsp = &sysctl__children;
 
+       lck_rw_lock_shared(sysctl_geometry_lock);
        oid = SLIST_FIRST(lsp);
 
        indx = 0;
@@ -507,28 +1065,34 @@ sysctl_sysctl_oidfmt SYSCTL_HANDLER_ARGS
                                lsp = (struct sysctl_oid_list *)oid->oid_arg1;
                                oid = SLIST_FIRST(lsp);
                        } else {
-                               if (indx != namelen)
-                                       return EISDIR;
+                               if (indx != namelen) {
+                                       error =  EISDIR;
+                                       goto err;
+                               }
                                goto found;
                        }
                } else {
                        oid = SLIST_NEXT(oid, oid_link);
                }
        }
-       return ENOENT;
+       /* Not found */
+       goto err;
+
 found:
        if (!oid->oid_fmt)
-               return ENOENT;
+               goto err;
        error = SYSCTL_OUT(req, 
                &oid->oid_kind, sizeof(oid->oid_kind));
        if (!error)
                error = SYSCTL_OUT(req, oid->oid_fmt, 
                        strlen(oid->oid_fmt)+1);
+err:
+       lck_rw_done(sysctl_geometry_lock);
        return (error);
 }
 
+SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_oidfmt, "");
 
-SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD, sysctl_sysctl_oidfmt, "");
 
 /*
  * Default "handler" functions.
@@ -542,42 +1106,74 @@ SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD, sysctl_sysctl_oidfmt, "");
  */
 
 int
-sysctl_handle_int SYSCTL_HANDLER_ARGS
+sysctl_handle_int(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
+        struct sysctl_req *req)
 {
-       int error = 0;
-
-       if (arg1)
-               error = SYSCTL_OUT(req, arg1, sizeof(int));
-       else
-               error = SYSCTL_OUT(req, &arg2, sizeof(int));
+       return sysctl_io_number(req, arg1? *(int*)arg1: arg2, sizeof(int), arg1, NULL);
+}
 
-       if (error || !req->newptr)
-               return (error);
+/*
+ * Handle a long, signed or unsigned.  arg1 points to it.
+ */
 
+int
+sysctl_handle_long(__unused struct sysctl_oid *oidp, void *arg1,
+       __unused int arg2, struct sysctl_req *req)
+{
        if (!arg1)
-               error = EPERM;
-       else
-               error = SYSCTL_IN(req, arg1, sizeof(int));
-       return (error);
+               return (EINVAL);
+       return sysctl_io_number(req, *(long*)arg1, sizeof(long), arg1, NULL);
 }
 
 /*
- * Handle a long, signed or unsigned.  arg1 points to it.
+ * Handle a quad, signed or unsigned.  arg1 points to it.
  */
 
 int
-sysctl_handle_long SYSCTL_HANDLER_ARGS
+sysctl_handle_quad(__unused struct sysctl_oid *oidp, void *arg1,
+       __unused int arg2, struct sysctl_req *req)
+{
+       if (!arg1)
+               return (EINVAL);
+       return sysctl_io_number(req, *(long long*)arg1, sizeof(long long), arg1, NULL);
+}
+
+/*
+ * Expose an int value as a quad.
+ *
+ * This interface allows us to support interfaces defined
+ * as using quad values while the implementation is still
+ * using ints.
+ */
+int
+sysctl_handle_int2quad(__unused struct sysctl_oid *oidp, void *arg1,
+       __unused int arg2, struct sysctl_req *req)
 {
        int error = 0;
+       long long val;
+       int newval;
 
        if (!arg1)
                return (EINVAL);
-       error = SYSCTL_OUT(req, arg1, sizeof(long));
+       val = (long long)*(int *)arg1;
+       error = SYSCTL_OUT(req, &val, sizeof(long long));
 
        if (error || !req->newptr)
                return (error);
 
-       error = SYSCTL_IN(req, arg1, sizeof(long));
+       error = SYSCTL_IN(req, &val, sizeof(long long));
+       if (!error) {
+               /*
+                * Value must be representable; check by
+                * casting and then casting back.
+                */
+               newval = (int)val;
+               if ((long long)newval != val) {
+                       error = ERANGE;
+               } else {
+                       *(int *)arg1 = newval;
+               }
+       }
        return (error);
 }
 
@@ -589,24 +1185,10 @@ sysctl_handle_long SYSCTL_HANDLER_ARGS
  */
 
 int
-sysctl_handle_string SYSCTL_HANDLER_ARGS
+sysctl_handle_string( __unused struct sysctl_oid *oidp, void *arg1, int arg2,
+        struct sysctl_req *req)
 {
-       int error=0;
-
-       error = SYSCTL_OUT(req, arg1, strlen((char *)arg1)+1);
-
-       if (error || !req->newptr)
-               return (error);
-
-       if ((req->newlen - req->newidx) >= arg2) {
-               error = EINVAL;
-       } else {
-               arg2 = (req->newlen - req->newidx);
-               error = SYSCTL_IN(req, arg1, arg2);
-               ((char *)arg1)[arg2] = '\0';
-       }
-
-       return (error);
+       return sysctl_io_string(req, arg1, arg2, 0, NULL);
 }
 
 /*
@@ -615,39 +1197,26 @@ sysctl_handle_string SYSCTL_HANDLER_ARGS
  */
 
 int
-sysctl_handle_opaque SYSCTL_HANDLER_ARGS
+sysctl_handle_opaque(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
+        struct sysctl_req *req)
 {
-       int error;
-
-       error = SYSCTL_OUT(req, arg1, arg2);
-
-       if (error || !req->newptr)
-               return (error);
-
-       error = SYSCTL_IN(req, arg1, arg2);
-
-       return (error);
+       return sysctl_io_opaque(req, arg1, arg2, NULL);
 }
 
 /*
  * Transfer functions to/from kernel space.
- * XXX: rather untested at this point
  */
-static int
+STATIC int
 sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l)
 {
        size_t i = 0;
-       int error = 0;
 
        if (req->oldptr) {
                i = l;
                if (i > req->oldlen - req->oldidx)
                        i = req->oldlen - req->oldidx;
-               if (i > 0) {
-                       error = copyout(p, (char *)req->oldptr + req->oldidx, i);
-                       if (error)
-                           return error;
-               }
+               if (i > 0)
+                       bcopy((const void*)p, CAST_DOWN(char *, (req->oldptr + req->oldidx)), i);
        }
        req->oldidx += l;
        if (req->oldptr && i != l)
@@ -655,81 +1224,57 @@ sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l)
        return (0);
 }
 
-static int
+STATIC int
 sysctl_new_kernel(struct sysctl_req *req, void *p, size_t l)
 {
        if (!req->newptr)
                return 0;
        if (req->newlen - req->newidx < l)
                return (EINVAL);
-       copyin((char *)req->newptr + req->newidx, p, l);
+       bcopy(CAST_DOWN(char *, (req->newptr + req->newidx)), p, l);
        req->newidx += l;
        return (0);
 }
 
 int
-kernel_sysctl(struct proc *p, int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen, size_t *retval)
+kernel_sysctl(struct proc *p, int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen)
 {
        int error = 0;
        struct sysctl_req req;
 
+       /*
+        * Construct request.
+        */
        bzero(&req, sizeof req);
-
        req.p = p;
-
-       if (oldlenp) {
+       if (oldlenp)
                req.oldlen = *oldlenp;
-       }
-
-       if (old) {
-               req.oldptr= old;
-       }
-
+       if (old)
+               req.oldptr = CAST_USER_ADDR_T(old);
        if (newlen) {
                req.newlen = newlen;
-               req.newptr = new;
+               req.newptr = CAST_USER_ADDR_T(new);
        }
-
        req.oldfunc = sysctl_old_kernel;
        req.newfunc = sysctl_new_kernel;
        req.lock = 1;
 
-       /* XXX this should probably be done in a general way */
-       while (memlock.sl_lock) {
-               memlock.sl_want = 1;
-               (void) tsleep((caddr_t)&memlock, PRIBIO+1, "sysctl", 0);
-               memlock.sl_locked++;
-       }
-       memlock.sl_lock = 1;
-
-       error = sysctl_root(0, name, namelen, &req);
-
-       if (req.lock == 2)
-               vsunlock(req.oldptr, req.oldlen, B_WRITE);
-
-       memlock.sl_lock = 0;
-
-       if (memlock.sl_want) {
-               memlock.sl_want = 0;
-               wakeup((caddr_t)&memlock);
-       }
+       /* make the request */
+       error = sysctl_root(TRUE, FALSE, NULL, 0, name, namelen, &req);
 
        if (error && error != ENOMEM)
                return (error);
 
-       if (retval) {
-               if (req.oldptr && req.oldidx > req.oldlen)
-                       *retval = req.oldlen;
-               else
-                       *retval = req.oldidx;
-       }
+       if (oldlenp)
+               *oldlenp = req.oldidx;
+
        return (error);
 }
 
 /*
  * Transfer function to/from user space.
  */
-static int
+STATIC int
 sysctl_old_user(struct sysctl_req *req, const void *p, size_t l)
 {
        int error = 0;
@@ -742,8 +1287,7 @@ sysctl_old_user(struct sysctl_req *req, const void *p, size_t l)
                if (i > req->oldlen - req->oldidx)
                        i = req->oldlen - req->oldidx;
                if (i > 0)
-                       error = copyout(p, (char *)req->oldptr + req->oldidx,
-                                       i);
+                       error = copyout((const void*)p, (req->oldptr + req->oldidx), i);
        }
        req->oldidx += l;
        if (error)
@@ -753,7 +1297,7 @@ sysctl_old_user(struct sysctl_req *req, const void *p, size_t l)
        return (0);
 }
 
-static int
+STATIC int
 sysctl_new_user(struct sysctl_req *req, void *p, size_t l)
 {
        int error;
@@ -762,7 +1306,7 @@ sysctl_new_user(struct sysctl_req *req, void *p, size_t l)
                return 0;
        if (req->newlen - req->newidx < l)
                return (EINVAL);
-       error = copyin((char *)req->newptr + req->newidx, p, l);
+       error = copyin((req->newptr + req->newidx), p, l);
        req->newidx += l;
        return (error);
 }
@@ -773,64 +1317,187 @@ sysctl_new_user(struct sysctl_req *req, void *p, size_t l)
  */
 
 int
-sysctl_root SYSCTL_HANDLER_ARGS
+sysctl_root(boolean_t from_kernel, boolean_t string_is_canonical, char *namestring, size_t namestringlen, int *name, u_int namelen, struct sysctl_req *req)
 {
-       int *name = (int *) arg1;
-       u_int namelen = arg2;
-       int indx, i;
+       u_int indx;
+       int i;
        struct sysctl_oid *oid;
        struct sysctl_oid_list *lsp = &sysctl__children;
        int error;
+       boolean_t unlocked_node_found = FALSE;
+       boolean_t namestring_started = FALSE;
+
+       /* Get the read lock on the geometry */
+       lck_rw_lock_shared(sysctl_geometry_lock);
 
+       if (string_is_canonical) {
+               /* namestring is actually canonical, name/namelen needs to be populated */
+               error = name2oid(namestring, name, &namelen);
+               if (error) {
+                       goto err;
+               }
+       }
+       
        oid = SLIST_FIRST(lsp);
 
        indx = 0;
        while (oid && indx < CTL_MAXNAME) {
                if (oid->oid_number == name[indx]) {
+                       
+                       if (!from_kernel && !string_is_canonical) {
+                               if (namestring_started) {
+                                       if (strlcat(namestring, ".", namestringlen) >= namestringlen) {
+                                               error = ENAMETOOLONG;
+                                               goto err;
+                                       }
+                               }
+
+                               if (strlcat(namestring, oid->oid_name, namestringlen) >= namestringlen) {
+                                       error = ENAMETOOLONG;
+                                       goto err;
+                               }
+                               namestring_started = TRUE;
+                       }
+                       
                        indx++;
+                       if (!(oid->oid_kind & CTLFLAG_LOCKED))
+                       {
+                               unlocked_node_found = TRUE;
+                       }
                        if (oid->oid_kind & CTLFLAG_NOLOCK)
                                req->lock = 0;
+                       /*
+                        * For SYSCTL_PROC() functions which are for sysctl's
+                        * which have parameters at the end of their OID
+                        * space, you need to OR CTLTYPE_NODE into their
+                        * access value.
+                        *
+                        * NOTE: For binary backward compatibility ONLY! Do
+                        * NOT add new sysctl's that do this!  Existing
+                        * sysctl's which do this will eventually have
+                        * compatibility code in user space, and this method
+                        * will become unsupported.
+                        */
                        if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) {
                                if (oid->oid_handler)
                                        goto found;
                                if (indx == namelen)
-                                       return ENOENT;
+                               {
+                                       error = ENOENT;
+                                       goto err;
+                               }
+
                                lsp = (struct sysctl_oid_list *)oid->oid_arg1;
                                oid = SLIST_FIRST(lsp);
                        } else {
                                if (indx != namelen)
-                                       return EISDIR;
+                               {
+                                       error = EISDIR;
+                                       goto err;
+                               }
                                goto found;
                        }
                } else {
                        oid = SLIST_NEXT(oid, oid_link);
                }
        }
-       return ENOENT;
+       error = ENOENT;
+       goto err;
 found:
+       
+       /*
+        * indx is the index of the first remaining OID name,
+        * for sysctls that take them as arguments
+        */
+       if (!from_kernel && !string_is_canonical && (indx < namelen)) {
+               char tempbuf[10];
+               u_int indx2;
+               
+               for (indx2 = indx; indx2 < namelen; indx2++) {
+                       snprintf(tempbuf, sizeof(tempbuf), "%d",name[indx2]);
+                       
+                       if (namestring_started) {
+                               if (strlcat(namestring, ".", namestringlen) >= namestringlen) {
+                                       error = ENAMETOOLONG;
+                                       goto err;
+                               }
+                       }
+                       
+                       if (strlcat(namestring, tempbuf, namestringlen) >= namestringlen) {
+                               error = ENAMETOOLONG;
+                               goto err;
+                       }
+                       namestring_started = TRUE;
+               }
+       }
+       
        /* If writing isn't allowed */
        if (req->newptr && (!(oid->oid_kind & CTLFLAG_WR) ||
                            ((oid->oid_kind & CTLFLAG_SECURE) && securelevel > 0))) {
-               return (EPERM);
+               error = (EPERM);
+               goto err;
        }
 
-       /* Most likely only root can write */
+       /*
+        * If we're inside the kernel, the OID must be marked as kernel-valid.
+        */
+       if (from_kernel && !(oid->oid_kind & CTLFLAG_KERN))
+       {
+               error = (EPERM);
+               goto err;
+       }
+
+       /*
+        * This is where legacy enforcement of permissions occurs.  If the
+        * flag does not say CTLFLAG_ANYBODY, then we prohibit anyone but
+        * root from writing new values down.  If local enforcement happens
+        * at the leaf node, then it needs to be set as CTLFLAG_ANYBODY.  In
+        * addition, if the leaf node is set this way, then in order to do
+        * specific enforcement, it has to be of type SYSCTL_PROC.
+        */
        if (!(oid->oid_kind & CTLFLAG_ANYBODY) &&
            req->newptr && req->p &&
-           (error = suser(req->p->p_ucred, &req->p->p_acflag)))
-               return (error);
+           (error = proc_suser(req->p)))
+               goto err;
 
        if (!oid->oid_handler) {
-           return EINVAL;
+           error = EINVAL;
+               goto err;
        }
 
        /*
-        * Switch to the NETWORK funnel for CTL_NET and KERN_IPC sysctls
+        * Reference the OID and drop the geometry lock; this prevents the
+        * OID from being deleted out from under the handler call, but does
+        * not prevent other calls into handlers or calls to manage the
+        * geometry elsewhere from blocking...
         */
-
-       if ((req->newptr) && ((name[0] == CTL_NET) || ((name[0] == CTL_KERN) &&
-                                                      (name[1] == KERN_IPC))))
-            thread_funnel_switch(KERNEL_FUNNEL, NETWORK_FUNNEL);
+       OSAddAtomic(1, &oid->oid_refcnt);
+
+       lck_rw_done(sysctl_geometry_lock);
+
+#if CONFIG_MACF
+       if (!from_kernel) {
+               error = mac_system_check_sysctlbyname(kauth_cred_get(),
+                                                     namestring,
+                                                     name,
+                                                     namelen,
+                                                     req->oldptr,
+                                                     req->oldlen,
+                                                     req->newptr,
+                                                     req->newlen);
+               if (error)
+                       goto dropref;
+       }
+#endif
+       
+       /*
+        * ...however, we still have to grab the mutex for those calls which
+        * may be into code whose reentrancy is protected by it.
+        */
+       if (unlocked_node_found)
+       {
+               lck_mtx_lock(sysctl_unlocked_node_lock);
+       }
 
        if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) {
                i = (oid->oid_handler) (oid,
@@ -841,319 +1508,258 @@ found:
                                        oid->oid_arg1, oid->oid_arg2,
                                        req);
        }
+       error = i;
+
+       if (unlocked_node_found)
+       {
+               lck_mtx_unlock(sysctl_unlocked_node_lock);
+       }
+
+#if CONFIG_MACF
+       /* only used from another CONFIG_MACF block */
+dropref:
+#endif
 
        /*
-        * Switch back to the KERNEL funnel, if necessary
+        * This is tricky... we re-grab the geometry lock in order to drop
+        * the reference and wake on the address; since the geometry
+        * lock is a reader/writer lock rather than a mutex, we have to
+        * wake on all apparent 1->0 transitions.  This abuses the drop
+        * after the reference decrement in order to wake any lck_rw_sleep()
+        * in progress in sysctl_unregister_oid() that slept because of a
+        * non-zero reference count.
+        *
+        * Note:        OSAddAtomic() is defined to return the previous value;
+        *              we use this and the fact that the lock itself is a
+        *              barrier to avoid waking every time through on "hot"
+        *              OIDs.
         */
+       lck_rw_lock_shared(sysctl_geometry_lock);
+       if (OSAddAtomic(-1, &oid->oid_refcnt) == 1)
+               wakeup(&oid->oid_refcnt);
 
-       if ((req->newptr) && ((name[0] == CTL_NET) || ((name[0] == CTL_KERN) &&
-                                                      (name[1] == KERN_IPC))))
-            thread_funnel_switch(NETWORK_FUNNEL, KERNEL_FUNNEL);
-
-       return (i);
+err:
+       lck_rw_done(sysctl_geometry_lock);
+       return (error);
 }
 
-#ifndef _SYS_SYSPROTO_H_
-struct sysctl_args {
-       int     *name;
-       u_int   namelen;
-       void    *old;
-       size_t  *oldlenp;
-       void    *new;
-       size_t  newlen;
-};
-#endif
+void sysctl_create_user_req(struct sysctl_req *req, struct proc *p, user_addr_t oldp,
+                                                       size_t oldlen, user_addr_t newp, size_t newlen)
+{
+       bzero(req, sizeof(*req));
+       
+       req->p = p;
+       
+       req->oldlen = oldlen;
+       req->oldptr = oldp;
+       
+       if (newlen) {
+               req->newlen = newlen;
+               req->newptr = newp;
+       }
+       
+       req->oldfunc = sysctl_old_user;
+       req->newfunc = sysctl_new_user;
+       req->lock = 1;
+
+       return;
+}
 
 int
-/* __sysctl(struct proc *p, struct sysctl_args *uap) */
-new_sysctl(struct proc *p, struct sysctl_args *uap)
+sysctl(proc_t p, struct sysctl_args *uap, __unused int32_t *retval)
 {
-       int error, i, name[CTL_MAXNAME];
-       size_t j;
-
+       int error;
+       size_t oldlen = 0, newlen;
+       int name[CTL_MAXNAME];
+       struct sysctl_req req;
+       char *namestring;
+       size_t namestringlen = MAXPATHLEN;
+       
+       /*
+        * all top-level sysctl names are non-terminal
+        */
        if (uap->namelen > CTL_MAXNAME || uap->namelen < 2)
                return (EINVAL);
-
-       error = copyin(uap->name, &name, uap->namelen * sizeof(int));
-       if (error)
+       error = copyin(uap->name, &name[0], uap->namelen * sizeof(int));
+       if (error)
                return (error);
+       
+       AUDIT_ARG(ctlname, name, uap->namelen);
+       
+       if (uap->newlen > SIZE_T_MAX)
+               return (EINVAL);
+       newlen = (size_t)uap->newlen;
+       
+       if (uap->oldlenp != USER_ADDR_NULL) {
+               uint64_t        oldlen64 = fuulong(uap->oldlenp);
 
-       error = userland_sysctl(p, name, uap->namelen,
-               uap->old, uap->oldlenp, 0,
-               uap->new, uap->newlen, &j);
-       if (error && error != ENOMEM)
-               return (error);
-       if (uap->oldlenp) {
-               i = copyout(&j, uap->oldlenp, sizeof(j));
-               if (i)
-                       return (i);
+               /*
+                * If more than 4G, clamp to 4G
+                */
+               if (oldlen64 > SIZE_T_MAX)
+                       oldlen = SIZE_T_MAX;
+               else
+                       oldlen = (size_t)oldlen64;
+       }
+       
+       sysctl_create_user_req(&req, p, uap->old, oldlen, uap->new, newlen);
+
+       /* Guess that longest length for the passed-in MIB, if we can be more aggressive than MAXPATHLEN */
+       if (uap->namelen == 2) {
+               if (name[0] == CTL_KERN && name[1] < KERN_MAXID) {
+                       namestringlen = 32; /* "kern.speculative_reads_disabled" */
+               } else if (name[0] == CTL_HW && name[1] < HW_MAXID) {
+                       namestringlen = 32; /* "hw.cachelinesize_compat" */
+               }
+       }                       
+
+       MALLOC(namestring, char *, namestringlen, M_TEMP, M_WAITOK);
+       if (!namestring) {
+           oldlen = 0;
+           goto err;
        }
+
+       error = userland_sysctl(FALSE, namestring, namestringlen, name, uap->namelen, &req, &oldlen);
+       
+       FREE(namestring, M_TEMP);
+       
+       if ((error) && (error != ENOMEM))
+               return (error);
+       
+err:
+       if (uap->oldlenp != USER_ADDR_NULL)
+               error = suulong(uap->oldlenp, oldlen);
+       
        return (error);
 }
 
-/*
- * This is used from various compatibility syscalls too.  That's why name
- * must be in kernel space.
- */
 int
-userland_sysctl(struct proc *p, int *name, u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen, size_t *retval)
+sysctlbyname(proc_t p, struct sysctlbyname_args *uap, __unused int32_t *retval)
 {
-       int error = 0;
-       struct sysctl_req req, req2;
-
-       bzero(&req, sizeof req);
+       int error;
+       size_t oldlen = 0, newlen;
+       char *name;
+       size_t namelen = 0;
+       struct sysctl_req req;
+       int oid[CTL_MAXNAME];
 
-       req.p = p;
+       if (uap->namelen >= MAXPATHLEN) /* XXX arbitrary, undocumented */
+               return (ENAMETOOLONG);
+       namelen = (size_t)uap->namelen;
+       
+       MALLOC(name, char *, namelen+1, M_TEMP, M_WAITOK);
+       if (!name)
+           return ENOMEM;
 
-       if (oldlenp) {
-               if (inkernel) {
-                       req.oldlen = *oldlenp;
-               } else {
-                       error = copyin(oldlenp, &req.oldlen, sizeof(*oldlenp));
-                       if (error)
-                               return (error);
-               }
+       error = copyin(uap->name, name, namelen);
+       if (error) {
+               FREE(name, M_TEMP);
+               return (error);
        }
+       name[namelen] = '\0';
 
-       if (old) {
-               req.oldptr= old;
+       /* XXX
+        * AUDIT_ARG(ctlname, name, uap->namelen);
+        */
+       
+       if (uap->newlen > SIZE_T_MAX) {
+               FREE(name, M_TEMP);
+               return (EINVAL);
        }
-
-       if (newlen) {
-               req.newlen = newlen;
-               req.newptr = new;
+       newlen = (size_t)uap->newlen;
+       
+       if (uap->oldlenp != USER_ADDR_NULL) {
+               uint64_t        oldlen64 = fuulong(uap->oldlenp);
+               
+               /*
+                * If more than 4G, clamp to 4G
+                */
+               if (oldlen64 > SIZE_T_MAX)
+                       oldlen = SIZE_T_MAX;
+               else
+                       oldlen = (size_t)oldlen64;
        }
+       
+       sysctl_create_user_req(&req, p, uap->old, oldlen, uap->new, newlen);
 
-       req.oldfunc = sysctl_old_user;
-       req.newfunc = sysctl_new_user;
-       req.lock = 1;
+       error = userland_sysctl(TRUE, name, namelen+1, oid, CTL_MAXNAME, &req, &oldlen);
+       
+       FREE(name, M_TEMP);
+
+       if ((error) && (error != ENOMEM))
+               return (error);
+       
+       if (uap->oldlenp != USER_ADDR_NULL)
+               error = suulong(uap->oldlenp, oldlen);
+       
+       return (error);
+}
+
+/*
+ * This is used from various compatibility syscalls too.  That's why name
+ * must be in kernel space.
+ */
+int
+userland_sysctl(boolean_t string_is_canonical,
+                               char *namestring, size_t namestringlen,
+                               int *name, u_int namelen, struct sysctl_req *req,
+                size_t *retval)
+{
+       int error = 0;
+       struct sysctl_req req2;
 
        do {
-           req2 = req;
-           error = sysctl_root(0, name, namelen, &req2);
-       } while (error == EAGAIN);
+           /* if EAGAIN, reset output cursor */
+           req2 = *req;
+           if (!string_is_canonical)
+               namestring[0] = '\0';
 
-       req = req2;
+           error = sysctl_root(FALSE, string_is_canonical, namestring, namestringlen, name, namelen, &req2);
+       } while (error == EAGAIN);
 
        if (error && error != ENOMEM)
                return (error);
 
        if (retval) {
-               if (req.oldptr && req.oldidx > req.oldlen)
-                       *retval = req.oldlen;
+               if (req2.oldptr && req2.oldidx > req2.oldlen)
+                       *retval = req2.oldlen;
                else
-                       *retval = req.oldidx;
+                       *retval = req2.oldidx;
        }
        return (error);
 }
-#if 0
-
-#if COMPAT_43
-#include <sys/socket.h>
-#include <vm/vm_param.h>
-
-#define        KINFO_PROC              (0<<8)
-#define        KINFO_RT                (1<<8)
-#define        KINFO_VNODE             (2<<8)
-#define        KINFO_FILE              (3<<8)
-#define        KINFO_METER             (4<<8)
-#define        KINFO_LOADAVG           (5<<8)
-#define        KINFO_CLOCKRATE         (6<<8)
 
-/* Non-standard BSDI extension - only present on their 4.3 net-2 releases */
-#define        KINFO_BSDI_SYSINFO      (101<<8)
-
-/*
- * XXX this is bloat, but I hope it's better here than on the potentially
- * limited kernel stack...  -Peter
- */
-
-static struct {
-       int     bsdi_machine;           /* "i386" on BSD/386 */
-/*      ^^^ this is an offset to the string, relative to the struct start */
-       char    *pad0;
-       long    pad1;
-       long    pad2;
-       long    pad3;
-       u_long  pad4;
-       u_long  pad5;
-       u_long  pad6;
-
-       int     bsdi_ostype;            /* "BSD/386" on BSD/386 */
-       int     bsdi_osrelease;         /* "1.1" on BSD/386 */
-       long    pad7;
-       long    pad8;
-       char    *pad9;
-
-       long    pad10;
-       long    pad11;
-       int     pad12;
-       long    pad13;
-       quad_t  pad14;
-       long    pad15;
-
-       struct  timeval pad16;
-       /* we dont set this, because BSDI's uname used gethostname() instead */
-       int     bsdi_hostname;          /* hostname on BSD/386 */
-
-       /* the actual string data is appended here */
-
-} bsdi_si;
 /*
- * this data is appended to the end of the bsdi_si structure during copyout.
- * The "char *" offsets are relative to the base of the bsdi_si struct.
- * This contains "FreeBSD\02.0-BUILT-nnnnnn\0i386\0", and these strings
- * should not exceed the length of the buffer here... (or else!! :-)
+ * Kernel versions of the userland sysctl helper functions.
+ *
+ * These allow sysctl to be used in the same fashion in both
+ * userland and the kernel.
+ *
+ * Note that some sysctl handlers use copyin/copyout, which
+ * may not work correctly.
+ *
+ * The "sysctlbyname" KPI for use by kexts is aliased to this function.
  */
-static char bsdi_strings[80];  /* It had better be less than this! */
-
-#ifndef _SYS_SYSPROTO_H_
-struct getkerninfo_args {
-       int     op;
-       char    *where;
-       size_t  *size;
-       int     arg;
-};
-#endif
 
 int
-ogetkerninfo(struct proc *p, struct getkerninfo_args *uap)
+kernel_sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp, size_t newlen)
 {
-       int error, name[6];
-       size_t size;
-
-       switch (uap->op & 0xff00) {
-
-       case KINFO_RT:
-               name[0] = CTL_NET;
-               name[1] = PF_ROUTE;
-               name[2] = 0;
-               name[3] = (uap->op & 0xff0000) >> 16;
-               name[4] = uap->op & 0xff;
-               name[5] = uap->arg;
-               error = userland_sysctl(p, name, 6, uap->where, uap->size,
-                       0, 0, 0, &size);
-               break;
-
-       case KINFO_VNODE:
-               name[0] = CTL_KERN;
-               name[1] = KERN_VNODE;
-               error = userland_sysctl(p, name, 2, uap->where, uap->size,
-                       0, 0, 0, &size);
-               break;
-
-       case KINFO_PROC:
-               name[0] = CTL_KERN;
-               name[1] = KERN_PROC;
-               name[2] = uap->op & 0xff;
-               name[3] = uap->arg;
-               error = userland_sysctl(p, name, 4, uap->where, uap->size,
-                       0, 0, 0, &size);
-               break;
-
-       case KINFO_FILE:
-               name[0] = CTL_KERN;
-               name[1] = KERN_FILE;
-               error = userland_sysctl(p, name, 2, uap->where, uap->size,
-                       0, 0, 0, &size);
-               break;
-
-       case KINFO_METER:
-               name[0] = CTL_VM;
-               name[1] = VM_METER;
-               error = userland_sysctl(p, name, 2, uap->where, uap->size,
-                       0, 0, 0, &size);
-               break;
-
-       case KINFO_LOADAVG:
-               name[0] = CTL_VM;
-               name[1] = VM_LOADAVG;
-               error = userland_sysctl(p, name, 2, uap->where, uap->size,
-                       0, 0, 0, &size);
-               break;
-
-       case KINFO_CLOCKRATE:
-               name[0] = CTL_KERN;
-               name[1] = KERN_CLOCKRATE;
-               error = userland_sysctl(p, name, 2, uap->where, uap->size,
-                       0, 0, 0, &size);
-               break;
-
-       case KINFO_BSDI_SYSINFO: {
-               /*
-                * this is pretty crude, but it's just enough for uname()
-                * from BSDI's 1.x libc to work.
-                *
-                * In particular, it doesn't return the same results when
-                * the supplied buffer is too small.  BSDI's version apparently
-                * will return the amount copied, and set the *size to how
-                * much was needed.  The emulation framework here isn't capable
-                * of that, so we just set both to the amount copied.
-                * BSDI's 2.x product apparently fails with ENOMEM in this
-                * scenario.
-                */
-
-               u_int needed;
-               u_int left;
-               char *s;
-
-               bzero((char *)&bsdi_si, sizeof(bsdi_si));
-               bzero(bsdi_strings, sizeof(bsdi_strings));
-
-               s = bsdi_strings;
-
-               bsdi_si.bsdi_ostype = (s - bsdi_strings) + sizeof(bsdi_si);
-               strcpy(s, ostype);
-               s += strlen(s) + 1;
-
-               bsdi_si.bsdi_osrelease = (s - bsdi_strings) + sizeof(bsdi_si);
-               strcpy(s, osrelease);
-               s += strlen(s) + 1;
-
-               bsdi_si.bsdi_machine = (s - bsdi_strings) + sizeof(bsdi_si);
-               strcpy(s, machine);
-               s += strlen(s) + 1;
-
-               needed = sizeof(bsdi_si) + (s - bsdi_strings);
-
-               if (uap->where == NULL) {
-                       /* process is asking how much buffer to supply.. */
-                       size = needed;
-                       error = 0;
-                       break;
-               }
-
-
-               /* if too much buffer supplied, trim it down */
-               if (size > needed)
-                       size = needed;
-
-               /* how much of the buffer is remaining */
-               left = size;
-
-               if ((error = copyout((char *)&bsdi_si, uap->where, left)) != 0)
-                       break;
-
-               /* is there any point in continuing? */
-               if (left > sizeof(bsdi_si)) {
-                       left -= sizeof(bsdi_si);
-                       error = copyout(&bsdi_strings,
-                                       uap->where + sizeof(bsdi_si), left);
-               }
-               break;
-       }
-
-       default:
-               return (EOPNOTSUPP);
-       }
-       if (error)
-               return (error);
-       p->p_retval[0] = size;
-       if (uap->size)
-               error = copyout((caddr_t)&size, (caddr_t)uap->size,
-                   sizeof(size));
-       return (error);
+       int oid[CTL_MAXNAME];
+       int name2mib_oid[2];
+       int error;
+       size_t oidlen;
+
+       /* look up the OID with magic service node */
+       name2mib_oid[0] = 0;
+       name2mib_oid[1] = 3;
+
+       oidlen = sizeof(oid);
+       error = kernel_sysctl(current_proc(), name2mib_oid, 2, oid, &oidlen, __DECONST(void *, name), strlen(name));
+       oidlen /= sizeof(int);
+       
+       /* now use the OID */
+       if (error == 0)
+               error = kernel_sysctl(current_proc(), oid, oidlen, oldp, oldlenp, newp, newlen);
+       return(error);
 }
-#endif /* COMPAT_43 */
 
-#endif