/*
- * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
#include <mach/vm_types.h>
#endif /* ASSEMBLER */
+#include <os/base.h>
+#include <os/overflow.h>
+
/*
* The machine independent pages are refered to as PAGES. A page
* is some number of hardware pages, depending on the target machine.
#define atop_64(x) ((uint64_t)(x) >> PAGE_SHIFT)
#define ptoa_64(x) ((uint64_t)(x) << PAGE_SHIFT)
+#define atop_kernel(x) ((vm_address_t)(x) >> PAGE_SHIFT)
+#define ptoa_kernel(x) ((vm_address_t)(x) << PAGE_SHIFT)
+
/*
* While the following block is enabled, the legacy atop and ptoa
* macros will behave correctly. If not, they will generate
*/
#if 1
-#define atop(x) ((uint32_t)(x) >> PAGE_SHIFT)
-#define ptoa(x) ((uint32_t)(x) << PAGE_SHIFT)
+#define atop(x) ((vm_address_t)(x) >> PAGE_SHIFT)
+#define ptoa(x) ((vm_address_t)(x) << PAGE_SHIFT)
#else
#define atop(x) (0UL = 0)
#define ptoa(x) (0UL = 0)
#define mach_vm_round_page(x) (((mach_vm_offset_t)(x) + PAGE_MASK) & ~((signed)PAGE_MASK))
#define mach_vm_trunc_page(x) ((mach_vm_offset_t)(x) & ~((signed)PAGE_MASK))
+#define round_page_overflow(in, out) __os_warn_unused(({ \
+ bool __ovr = os_add_overflow(in, (__typeof__(*out))PAGE_MASK, out); \
+ *out &= ~((__typeof__(*out))PAGE_MASK); \
+ __ovr; \
+ }))
+
+static inline int OS_WARN_RESULT
+mach_vm_round_page_overflow(mach_vm_offset_t in, mach_vm_offset_t *out)
+{
+ return round_page_overflow(in, out);
+}
+
#define memory_object_round_page(x) (((memory_object_offset_t)(x) + PAGE_MASK) & ~((signed)PAGE_MASK))
#define memory_object_trunc_page(x) ((memory_object_offset_t)(x) & ~((signed)PAGE_MASK))
* address space size) VM types.
*/
-#define round_page(x) (((vm_offset_t)(x) + PAGE_MASK) & ~((signed)PAGE_MASK))
-#define trunc_page(x) ((vm_offset_t)(x) & ~((signed)PAGE_MASK))
+#define round_page(x) (((vm_offset_t)(x) + PAGE_MASK) & ~((vm_offset_t)PAGE_MASK))
+#define trunc_page(x) ((vm_offset_t)(x) & ~((vm_offset_t)PAGE_MASK))
/*
* Round off or truncate to the nearest page. These will work
* associated with the specific VM type should be used.
*/
-#define round_page_32(x) (((uint32_t)(x) + PAGE_MASK) & ~((signed)PAGE_MASK))
-#define trunc_page_32(x) ((uint32_t)(x) & ~((signed)PAGE_MASK))
-#define round_page_64(x) (((uint64_t)(x) + PAGE_MASK) & ~((signed)PAGE_MASK))
-#define trunc_page_64(x) ((uint64_t)(x) & ~((signed)PAGE_MASK))
-
+#define round_page_32(x) (((uint32_t)(x) + PAGE_MASK) & ~((uint32_t)PAGE_MASK))
+#define trunc_page_32(x) ((uint32_t)(x) & ~((uint32_t)PAGE_MASK))
+#define round_page_64(x) (((uint64_t)(x) + PAGE_MASK_64) & ~((uint64_t)PAGE_MASK_64))
+#define trunc_page_64(x) ((uint64_t)(x) & ~((uint64_t)PAGE_MASK_64))
/*
* Enable the following block to find uses of xxx_32 macros that should
* an exact page multiple.
*/
-#define page_aligned(x) ((((vm_object_offset_t) (x)) & PAGE_MASK) == 0)
+#define page_aligned(x) (((x) & PAGE_MASK) == 0)
extern vm_size_t mem_size; /* 32-bit size of memory - limited by maxmem - deprecated */
extern uint64_t max_mem; /* 64-bit size of memory - limited by maxmem */
+/*
+ * The default pager does not handle 64-bit offsets inside its objects,
+ * so this limits the size of anonymous memory objects to 4GB minus 1 page.
+ * When we need to allocate a chunk of anonymous memory over that size,
+ * we have to allocate more than one chunk.
+ */
+#define ANON_MAX_SIZE 0xFFFFF000ULL
+/*
+ * Work-around for <rdar://problem/6626493>
+ * Break large anonymous memory areas into 128MB chunks to alleviate
+ * the cost of copying when copy-on-write is not possible because a small
+ * portion of it being wired.
+ */
+#define ANON_CHUNK_SIZE (128ULL * 1024 * 1024) /* 128MB */
+
#ifdef XNU_KERNEL_PRIVATE
extern uint64_t mem_actual; /* 64-bit size of memory - not limited by maxmem */
extern uint64_t sane_size; /* Memory size to use for defaults calculations */
extern addr64_t vm_last_addr; /* Highest kernel virtual address known to the VM system */
+extern const vm_offset_t vm_min_kernel_address;
+extern const vm_offset_t vm_max_kernel_address;
+
+extern vm_offset_t vm_kernel_stext;
+extern vm_offset_t vm_kernel_etext;
+extern vm_offset_t vm_kernel_slid_base;
+extern vm_offset_t vm_kernel_slid_top;
+extern vm_offset_t vm_kernel_slide;
+extern vm_offset_t vm_kernel_addrperm;
+extern vm_offset_t vm_kext_base;
+extern vm_offset_t vm_kext_top;
+extern vm_offset_t vm_kernel_base;
+extern vm_offset_t vm_kernel_top;
+extern vm_offset_t vm_hib_base;
+
+#define VM_KERNEL_IS_SLID(_o) \
+ (((vm_offset_t)(_o) >= vm_kernel_slid_base) && \
+ ((vm_offset_t)(_o) < vm_kernel_slid_top))
+
+#define VM_KERNEL_SLIDE(_u) \
+ ((vm_offset_t)(_u) + vm_kernel_slide)
+
+/*
+ * The following macros are to be used when exposing kernel addresses to
+ * userspace via any of the various debug or info facilities that might exist
+ * (e.g. stackshot, proc_info syscall, etc.). It is important to understand
+ * the goal of each macro and choose the right one depending on what you are
+ * trying to do. Misuse of these macros can result in critical data leaks
+ * which in turn lead to all sorts of system vulnerabilities.
+ *
+ * Note that in general the ideal goal is to protect addresses from userspace
+ * in a way that is reversible assuming you know the permutation and/or slide.
+ *
+ * The macros are as follows:
+ *
+ * VM_KERNEL_UNSLIDE:
+ * Use this macro when you are exposing an address to userspace which is
+ * a "static" kernel or kext address (i.e. coming from text or data
+ * sections). These are the addresses which get "slid" via ASLR on kernel
+ * or kext load, and it's precisely the slide value we are trying to
+ * protect from userspace.
+ *
+ * VM_KERNEL_ADDRPERM:
+ * Use this macro when you are exposing an address to userspace which is
+ * coming from the kernel's "heap". Since these adresses are not "loaded"
+ * from anywhere, there is no slide applied and we instead apply the
+ * permutation value to obscure the address.
+ *
+ * VM_KERNEL_UNSLIDE_OR_ADDRPERM:
+ * Use this macro when you are exposing an address to userspace that could
+ * come from either kernel text/data *or* the heap. This is a rare case,
+ * but one that does come up and must be handled correctly. If the argument
+ * is known to be lower than any potential heap address, no transformation
+ * is applied, to avoid revealing the operation on a constant.
+ *
+ * Nesting of these macros should be considered invalid.
+ */
+#define VM_KERNEL_UNSLIDE(_v) \
+ ((VM_KERNEL_IS_SLID(_v)) ? \
+ (vm_offset_t)(_v) - vm_kernel_slide : \
+ (vm_offset_t)(_v))
+
+#define VM_KERNEL_ADDRPERM(_v) \
+ (((vm_offset_t)(_v) == 0) ? \
+ (vm_offset_t)(0) : \
+ (vm_offset_t)(_v) + vm_kernel_addrperm)
+
+#define VM_KERNEL_UNSLIDE_OR_PERM(_v) \
+ ((VM_KERNEL_IS_SLID(_v)) ? \
+ (vm_offset_t)(_v) - vm_kernel_slide : \
+ ((vm_offset_t)(_v) >= VM_MIN_KERNEL_AND_KEXT_ADDRESS ? VM_KERNEL_ADDRPERM(_v) : (vm_offset_t)(_v)))
+
+
#endif /* XNU_KERNEL_PRIVATE */
extern vm_size_t page_size;
extern vm_size_t page_mask;
-extern int page_shift;
+extern int page_shift;
/* We need a way to get rid of compiler warnings when we cast from */
-/* a 64 bit value to an address that is 32 bits. */
-/* We know at this point the cast is harmless but sometime in */
-/* the future it may not be. */
-/* When size of an int is no longer equal to size of uintptr_t then */
-/* the compile will fail and we know we need to fix our cast. */
+/* a 64 bit value to an address (which may be 32 bits or 64-bits). */
+/* An intptr_t is used convert the value to the right precision, and */
+/* then to an address. This macro is also used to convert addresses */
+/* to 32-bit integers, which is a hard failure for a 64-bit kernel */
#include <stdint.h>
#ifndef __CAST_DOWN_CHECK
#define __CAST_DOWN_CHECK
-typedef char __NEED_TO_CHANGE_CAST_DOWN[ sizeof(uintptr_t) == sizeof(int) ? 0 : -1 ];
-#define CAST_DOWN( type, addr ) ( ((type)((uintptr_t) (addr))) )
+
+#define CAST_DOWN( type, addr ) \
+ ( ((type)((uintptr_t) (addr)/(sizeof(type) < sizeof(uintptr_t) ? 0 : 1))) )
+
+#define CAST_DOWN_EXPLICIT( type, addr ) ( ((type)((uintptr_t) (addr))) )
+
#endif /* __CAST_DOWN_CHECK */
#endif /* ASSEMBLER */
projects / apple / xnu.git / blobdiff