#include <ipc/ipc_space.h>
#include <ipc/ipc_port.h>
#include <ipc/ipc_pset.h>
+#include <ipc/ipc_notify.h>
#include <vm/vm_map.h>
+#include <libkern/OSAtomic.h>
+
/*
* Routine: mach_msg_send_from_kernel
* Purpose:
* Nothing locked.
* Returns:
* MACH_MSG_SUCCESS Sent the message.
- * MACH_MSG_SEND_NO_BUFFER Destination port had inuse fixed bufer
* MACH_SEND_INVALID_DEST Bad destination port.
+ * MACH_MSG_SEND_NO_BUFFER Destination port had inuse fixed bufer
+ * or destination is above kernel limit
*/
+#if IKM_SUPPORT_LEGACY
+
+#undef mach_msg_send_from_kernel
+mach_msg_return_t mach_msg_send_from_kernel(
+ mach_msg_header_t *msg,
+ mach_msg_size_t send_size);
+
mach_msg_return_t
mach_msg_send_from_kernel(
mach_msg_header_t *msg,
ipc_kmsg_t kmsg;
mach_msg_return_t mr;
- if (!MACH_PORT_VALID((mach_port_name_t)msg->msgh_remote_port))
- return MACH_SEND_INVALID_DEST;
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
- if (mr != MACH_MSG_SUCCESS)
+ if (mr != MACH_MSG_SUCCESS) {
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
return mr;
+ }
- ipc_kmsg_copyin_from_kernel(kmsg);
- ipc_kmsg_send_always(kmsg);
+ mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg);
+ if (mr != MACH_MSG_SUCCESS) {
+ ipc_kmsg_free(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ return mr;
+ }
- return MACH_MSG_SUCCESS;
+ /*
+ * respect the thread's SEND_IMPORTANCE option to allow importance
+ * donation from the kernel-side of user threads
+ * (11938665 & 23925818)
+ */
+ mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT;
+ if (current_thread()->options & TH_OPT_SEND_IMPORTANCE)
+ option &= ~MACH_SEND_NOIMPORTANCE;
+
+ mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE);
+ if (mr != MACH_MSG_SUCCESS) {
+ ipc_kmsg_destroy(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ }
+
+ return mr;
+}
+
+#endif /* IKM_SUPPORT_LEGACY */
+
+mach_msg_return_t
+mach_msg_send_from_kernel_proper(
+ mach_msg_header_t *msg,
+ mach_msg_size_t send_size)
+{
+ ipc_kmsg_t kmsg;
+ mach_msg_return_t mr;
+
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
+
+ mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
+ if (mr != MACH_MSG_SUCCESS) {
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ return mr;
+ }
+
+ mr = ipc_kmsg_copyin_from_kernel(kmsg);
+ if (mr != MACH_MSG_SUCCESS) {
+ ipc_kmsg_free(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ return mr;
+ }
+
+ /*
+ * respect the thread's SEND_IMPORTANCE option to force importance
+ * donation from the kernel-side of user threads
+ * (11938665 & 23925818)
+ */
+ mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT;
+ if (current_thread()->options & TH_OPT_SEND_IMPORTANCE)
+ option &= ~MACH_SEND_NOIMPORTANCE;
+
+ mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE);
+ if (mr != MACH_MSG_SUCCESS) {
+ ipc_kmsg_destroy(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ }
+
+ return mr;
}
mach_msg_return_t
ipc_kmsg_t kmsg;
mach_msg_return_t mr;
- if (!MACH_PORT_VALID((mach_port_name_t)msg->msgh_remote_port))
- return MACH_SEND_INVALID_DEST;
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
- if (mr != MACH_MSG_SUCCESS)
+ if (mr != MACH_MSG_SUCCESS) {
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
return mr;
+ }
+
+ mr = ipc_kmsg_copyin_from_kernel(kmsg);
+ if (mr != MACH_MSG_SUCCESS) {
+ ipc_kmsg_free(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ return mr;
+ }
+
+ /*
+ * Until we are sure of its effects, we are disabling
+ * importance donation from the kernel-side of user
+ * threads in importance-donating tasks - unless the
+ * option to force importance donation is passed in,
+ * or the thread's SEND_IMPORTANCE option has been set.
+ * (11938665 & 23925818)
+ */
+ if (current_thread()->options & TH_OPT_SEND_IMPORTANCE)
+ option &= ~MACH_SEND_NOIMPORTANCE;
+ else if ((option & MACH_SEND_IMPORTANCE) == 0)
+ option |= MACH_SEND_NOIMPORTANCE;
- ipc_kmsg_copyin_from_kernel(kmsg);
mr = ipc_kmsg_send(kmsg, option, timeout_val);
+
+ if (mr != MACH_MSG_SUCCESS) {
+ ipc_kmsg_destroy(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ }
+
+ return mr;
+}
+
+
+#if IKM_SUPPORT_LEGACY
+
+mach_msg_return_t
+mach_msg_send_from_kernel_with_options_legacy(
+ mach_msg_header_t *msg,
+ mach_msg_size_t send_size,
+ mach_msg_option_t option,
+ mach_msg_timeout_t timeout_val)
+{
+ ipc_kmsg_t kmsg;
+ mach_msg_return_t mr;
+
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
+
+ mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
+ if (mr != MACH_MSG_SUCCESS) {
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ return mr;
+ }
+
+ mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ return mr;
+ }
+
+ /*
+ * Until we are sure of its effects, we are disabling
+ * importance donation from the kernel-side of user
+ * threads in importance-donating tasks.
+ * (11938665 & 23925818)
+ */
+ if (current_thread()->options & TH_OPT_SEND_IMPORTANCE)
+ option &= ~MACH_SEND_NOIMPORTANCE;
+ else
+ option |= MACH_SEND_NOIMPORTANCE;
+
+ mr = ipc_kmsg_send(kmsg, option, timeout_val);
+
+ if (mr != MACH_MSG_SUCCESS) {
+ ipc_kmsg_destroy(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
}
return mr;
}
+#endif /* IKM_SUPPORT_LEGACY */
+
/*
* Routine: mach_msg_rpc_from_kernel
* Purpose:
* MACH_RCV_PORT_DIED The reply port was deallocated.
*/
+mach_msg_return_t mach_msg_rpc_from_kernel_body(mach_msg_header_t *msg,
+ mach_msg_size_t send_size, mach_msg_size_t rcv_size, boolean_t legacy);
+
+#if IKM_SUPPORT_LEGACY
+
+#undef mach_msg_rpc_from_kernel
+mach_msg_return_t
+mach_msg_rpc_from_kernel(
+ mach_msg_header_t *msg,
+ mach_msg_size_t send_size,
+ mach_msg_size_t rcv_size);
+
mach_msg_return_t
mach_msg_rpc_from_kernel(
mach_msg_header_t *msg,
mach_msg_size_t send_size,
mach_msg_size_t rcv_size)
+{
+ return mach_msg_rpc_from_kernel_body(msg, send_size, rcv_size, TRUE);
+}
+
+#endif /* IKM_SUPPORT_LEGACY */
+
+mach_msg_return_t
+mach_msg_rpc_from_kernel_proper(
+ mach_msg_header_t *msg,
+ mach_msg_size_t send_size,
+ mach_msg_size_t rcv_size)
+{
+ return mach_msg_rpc_from_kernel_body(msg, send_size, rcv_size, FALSE);
+}
+
+mach_msg_return_t
+mach_msg_rpc_from_kernel_body(
+ mach_msg_header_t *msg,
+ mach_msg_size_t send_size,
+ mach_msg_size_t rcv_size,
+#if !IKM_SUPPORT_LEGACY
+ __unused
+#endif
+ boolean_t legacy)
{
thread_t self = current_thread();
ipc_port_t reply;
mach_port_seqno_t seqno;
mach_msg_return_t mr;
- assert(MACH_PORT_VALID((mach_port_name_t)msg->msgh_remote_port));
assert(msg->msgh_local_port == MACH_PORT_NULL);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
+
mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
- if (mr != MACH_MSG_SUCCESS)
+ if (mr != MACH_MSG_SUCCESS) {
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
return mr;
+ }
reply = self->ith_rpc_reply;
if (reply == IP_NULL) {
kmsg->ikm_header->msgh_bits |=
MACH_MSGH_BITS(0, MACH_MSG_TYPE_MAKE_SEND_ONCE);
- ipc_port_reference(reply);
+#if IKM_SUPPORT_LEGACY
+ if(legacy)
+ mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg);
+ else
+ mr = ipc_kmsg_copyin_from_kernel(kmsg);
+#else
+ mr = ipc_kmsg_copyin_from_kernel(kmsg);
+#endif
+ if (mr != MACH_MSG_SUCCESS) {
+ ipc_kmsg_free(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ return mr;
+ }
- ipc_kmsg_copyin_from_kernel(kmsg);
+ /*
+ * respect the thread's SEND_IMPORTANCE option to force importance
+ * donation from the kernel-side of user threads
+ * (11938665 & 23925818)
+ */
+ mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT;
+ if (current_thread()->options & TH_OPT_SEND_IMPORTANCE)
+ option &= ~MACH_SEND_NOIMPORTANCE;
- ipc_kmsg_send_always(kmsg);
+ mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE);
+ if (mr != MACH_MSG_SUCCESS) {
+ ipc_kmsg_destroy(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
+ return mr;
+ }
for (;;) {
ipc_mqueue_t mqueue;
- ip_lock(reply);
- if ( !ip_active(reply)) {
- ip_unlock(reply);
- ipc_port_release(reply);
- return MACH_RCV_PORT_DIED;
- }
- if (!self->active) {
- ip_unlock(reply);
- ipc_port_release(reply);
+ assert(reply->ip_in_pset == 0);
+ assert(ip_active(reply));
+
+ /* JMM - why this check? */
+ if (!self->active && !self->inspection) {
+ ipc_port_dealloc_reply(reply);
+ self->ith_rpc_reply = IP_NULL;
return MACH_RCV_INTERRUPTED;
}
- assert(reply->ip_pset_count == 0);
- mqueue = &reply->ip_messages;
- ip_unlock(reply);
-
self->ith_continuation = (void (*)(mach_msg_return_t))0;
+ mqueue = &reply->ip_messages;
ipc_mqueue_receive(mqueue,
MACH_MSG_OPTION_NONE,
MACH_MSG_SIZE_MAX,
assert(mr == MACH_RCV_INTERRUPTED);
- if (self->handlers) {
- ipc_port_release(reply);
+ assert(reply == self->ith_rpc_reply);
+
+ if (self->ast & AST_APC) {
+ ipc_port_dealloc_reply(reply);
+ self->ith_rpc_reply = IP_NULL;
return(mr);
}
}
- ipc_port_release(reply);
/*
* Check to see how much of the message/trailer can be received.
* We don't have to put them anywhere; just leave them
* as they are.
*/
- ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply);
+#if IKM_SUPPORT_LEGACY
+ if(legacy)
+ ipc_kmsg_copyout_to_kernel_legacy(kmsg, ipc_space_reply);
+ else
+ ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply);
+#else
+ ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply);
+#endif
ipc_kmsg_put_to_kernel(msg, kmsg, rcv_size);
return mr;
}
mach_msg_size_t rcv_size,
mach_port_name_t rcv_name,
__unused mach_msg_timeout_t msg_timeout,
- __unused mach_port_name_t notify,
+ mach_msg_priority_t override,
__unused mach_msg_header_t *rcv_msg,
__unused mach_msg_size_t rcv_msg_size)
{
ipc_kmsg_t kmsg;
mach_port_seqno_t seqno;
mach_msg_return_t mr;
- mach_msg_format_0_trailer_t *trailer;
+ mach_msg_trailer_size_t trailer_size;
if (option & MACH_SEND_MSG) {
mach_msg_size_t msg_and_trailer_size;
mach_msg_max_trailer_t *max_trailer;
- if ((send_size < sizeof(mach_msg_header_t)) || (send_size & 3))
+ if ((send_size & 3) ||
+ send_size < sizeof(mach_msg_header_t) ||
+ (send_size < sizeof(mach_msg_body_t) && (msg->msgh_bits & MACH_MSGH_BITS_COMPLEX)))
return MACH_SEND_MSG_TOO_SMALL;
if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE)
return MACH_SEND_TOO_LARGE;
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
+
msg_and_trailer_size = send_size + MAX_TRAILER_SIZE;
kmsg = ipc_kmsg_alloc(msg_and_trailer_size);
- if (kmsg == IKM_NULL)
+ if (kmsg == IKM_NULL) {
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, MACH_SEND_NO_BUFFER);
return MACH_SEND_NO_BUFFER;
+ }
+ KERNEL_DEBUG_CONSTANT(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_LINK) | DBG_FUNC_NONE,
+ (uintptr_t)0, /* this should only be called from the kernel! */
+ VM_KERNEL_ADDRPERM((uintptr_t)kmsg),
+ 0, 0,
+ 0);
(void) memcpy((void *) kmsg->ikm_header, (const void *) msg, send_size);
kmsg->ikm_header->msgh_size = send_size;
max_trailer->msgh_audit = current_thread()->task->audit_token;
max_trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
max_trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
-
- mr = ipc_kmsg_copyin(kmsg, space, map, MACH_PORT_NULL);
+
+ mr = ipc_kmsg_copyin(kmsg, space, map, override, &option);
+
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
+ KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
return mr;
}
- do
- mr = ipc_kmsg_send(kmsg, MACH_MSG_OPTION_NONE,
- MACH_MSG_TIMEOUT_NONE);
- while (mr == MACH_SEND_INTERRUPTED);
+ do {
+ mr = ipc_kmsg_send(kmsg, MACH_MSG_OPTION_NONE, MACH_MSG_TIMEOUT_NONE);
+ } while (mr == MACH_SEND_INTERRUPTED);
+
assert(mr == MACH_MSG_SUCCESS);
}
kmsg = self->ith_kmsg;
seqno = self->ith_seqno;
- ipc_object_release(object);
+ io_release(object);
} while (mr == MACH_RCV_INTERRUPTED);
+
if (mr != MACH_MSG_SUCCESS)
return mr;
- trailer = (mach_msg_format_0_trailer_t *)
- ((vm_offset_t)kmsg->ikm_header + kmsg->ikm_header->msgh_size);
- if (option & MACH_RCV_TRAILER_MASK) {
- trailer->msgh_seqno = seqno;
- trailer->msgh_trailer_size = REQUESTED_TRAILER_SIZE(option);
- }
+ trailer_size = ipc_kmsg_add_trailer(kmsg, space, option, current_thread(), seqno, TRUE,
+ kmsg->ikm_header->msgh_remote_port->ip_context);
- if (rcv_size < (kmsg->ikm_header->msgh_size + trailer->msgh_trailer_size)) {
+ if (rcv_size < (kmsg->ikm_header->msgh_size + trailer_size)) {
ipc_kmsg_copyout_dest(kmsg, space);
(void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg);
ipc_kmsg_free(kmsg);
return MACH_RCV_TOO_LARGE;
}
- mr = ipc_kmsg_copyout(kmsg, space, map, MACH_PORT_NULL,
- MACH_MSG_BODY_NULL);
+ mr = ipc_kmsg_copyout(kmsg, space, map, MACH_MSG_BODY_NULL, option);
if (mr != MACH_MSG_SUCCESS) {
if ((mr &~ MACH_MSG_MASK) == MACH_RCV_BODY_ERROR) {
ipc_kmsg_put_to_kernel(msg, kmsg,
- kmsg->ikm_header->msgh_size + trailer->msgh_trailer_size);
+ kmsg->ikm_header->msgh_size + trailer_size);
} else {
ipc_kmsg_copyout_dest(kmsg, space);
(void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg);
}
(void) memcpy((void *) msg, (const void *) kmsg->ikm_header,
- kmsg->ikm_header->msgh_size + trailer->msgh_trailer_size);
+ kmsg->ikm_header->msgh_size + trailer_size);
ipc_kmsg_free(kmsg);
}
mig_dealloc_reply_port(
__unused mach_port_t reply_port)
{
- panic("mig_dealloc_reply_port");
}
/*
return i;
}
-char *
+/*
+ * mig_strncpy_zerofill -- Bounded string copy. Does what the
+ * library routine strncpy OUGHT to do: Copies the (null terminated)
+ * string in src into dest, a buffer of length len. Assures that
+ * the copy is still null terminated and doesn't overflow the buffer,
+ * truncating the copy if necessary. If the string in src is smaller
+ * than given length len, it will zero fill the remaining bytes in dest.
+ *
+ * Parameters:
+ *
+ * dest - Pointer to destination buffer.
+ *
+ * src - Pointer to source string.
+ *
+ * len - Length of destination buffer.
+ */
+int
+mig_strncpy_zerofill(
+ char *dest,
+ const char *src,
+ int len)
+{
+ int i = 0;
+ boolean_t terminated = FALSE;
+ int retval = 0;
+
+ if (len <= 0 || dest == NULL) {
+ return 0;
+ }
+
+ if (src == NULL) {
+ terminated = TRUE;
+ }
+
+ for (i = 1; i < len; i++) {
+ if (!terminated) {
+ if (!(*dest++ = *src++)) {
+ retval = i;
+ terminated = TRUE;
+ }
+ } else {
+ *dest++ = '\0';
+ }
+ }
+
+ *dest = '\0';
+ if (!terminated) {
+ retval = i;
+ }
+
+ return retval;
+}
+
+void *
mig_user_allocate(
vm_size_t size)
{
assert(previous == IP_NULL);
- if (hw_compare_and_store((uint32_t)IP_NULL, (uint32_t)port,
- (uint32_t *)&mig_object->port)) {
+ if (OSCompareAndSwapPtr((void *)IP_NULL, (void *)port,
+ (void * volatile *)&mig_object->port)) {
deallocate = FALSE;
} else {
ipc_port_dealloc_kernel(port);
projects / apple / xnu.git / blobdiff