/*
- * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2020 Apple Computer, Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
+ *
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* unlawful or unlicensed copies of an Apple operating system, or to
* circumvent, violate, or enable the circumvention or violation of, any
* terms of an Apple operating system software license agreement.
- *
+ *
* Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
+ *
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
- *
+ *
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
/*
* @OSF_COPYRIGHT@
*/
-/*
+/*
* Mach Operating System
* Copyright (c) 1991,1990,1989 Carnegie Mellon University
* All Rights Reserved.
- *
+ *
* Permission to use, copy, modify and distribute this software and its
* documentation is hereby granted, provided that both the copyright
* notice and this permission notice appear in all copies of the
* software, derivative works or modified versions, and any portions
* thereof, and that both notices appear in supporting documentation.
- *
+ *
* CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
* CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
* ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
- *
+ *
* Carnegie Mellon requests users of this software to return to
- *
+ *
* Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
* School of Computer Science
* Carnegie Mellon University
* Pittsburgh PA 15213-3890
- *
+ *
* any improvements or extensions that they make and grant Carnegie Mellon
* the rights to redistribute these changes.
*/
#include <ipc/ipc_port.h>
#include <ipc/ipc_space.h>
#include <ipc/ipc_right.h>
+#include <prng/random.h>
#include <string.h>
-zone_t ipc_space_zone;
+/* Remove this in the future so port names are less predictable. */
+#define CONFIG_SEMI_RANDOM_ENTRIES
+#ifdef CONFIG_SEMI_RANDOM_ENTRIES
+#define NUM_SEQ_ENTRIES 8
+#endif
+
+ZONE_DECLARE(ipc_space_zone, "ipc spaces",
+ sizeof(struct ipc_space), ZC_NOENCRYPT);
+
ipc_space_t ipc_space_kernel;
ipc_space_t ipc_space_reply;
void
ipc_space_reference(
- ipc_space_t space)
+ ipc_space_t space)
{
is_reference(space);
}
void
ipc_space_release(
- ipc_space_t space)
+ ipc_space_t space)
{
is_release(space);
}
+/* Routine: ipc_space_get_rollpoint
+ * Purpose:
+ * Generate a new gencount rollover point from a space's entropy pool
+ */
+ipc_entry_bits_t
+ipc_space_get_rollpoint(
+ ipc_space_t space)
+{
+ return random_bool_gen_bits(
+ &space->bool_gen,
+ &space->is_entropy[0],
+ IS_ENTROPY_CNT,
+ IE_BITS_ROLL_BITS);
+}
+
+/*
+ * Routine: ipc_entry_rand_freelist
+ * Purpose:
+ * Pseudo-randomly permute the order of entries in an IPC space
+ * Arguments:
+ * space: the ipc space to initialize.
+ * table: the corresponding ipc table to initialize.
+ * bottom: the start of the range to initialize (inclusive).
+ * top: the end of the range to initialize (noninclusive).
+ */
+void
+ipc_space_rand_freelist(
+ ipc_space_t space,
+ ipc_entry_t table,
+ mach_port_index_t bottom,
+ mach_port_index_t top)
+{
+ int at_start = (bottom == 0);
+#ifdef CONFIG_SEMI_RANDOM_ENTRIES
+ /*
+ * Only make sequential entries at the start of the table, and not when
+ * we're growing the space.
+ */
+ ipc_entry_num_t total = 0;
+#endif
+
+ /* First entry in the free list is always free, and is the start of the free list. */
+ mach_port_index_t curr = bottom;
+ bottom++;
+ top--;
+
+ /*
+ * Initialize the free list in the table.
+ * Add the entries in pseudo-random order and randomly set the generation
+ * number, in order to frustrate attacks involving port name reuse.
+ */
+ while (bottom <= top) {
+ ipc_entry_t entry = &table[curr];
+ int which;
+#ifdef CONFIG_SEMI_RANDOM_ENTRIES
+ /*
+ * XXX: This is a horrible hack to make sure that randomizing the port
+ * doesn't break programs that might have (sad) hard-coded values for
+ * certain port names.
+ */
+ if (at_start && total++ < NUM_SEQ_ENTRIES) {
+ which = 0;
+ } else
+#endif
+ which = random_bool_gen_bits(
+ &space->bool_gen,
+ &space->is_entropy[0],
+ IS_ENTROPY_CNT,
+ 1);
+
+ mach_port_index_t next;
+ if (which) {
+ next = top;
+ top--;
+ } else {
+ next = bottom;
+ bottom++;
+ }
+
+ /*
+ * The entry's gencount will roll over on its first allocation, at which
+ * point a random rollover will be set for the entry.
+ */
+ entry->ie_bits = IE_BITS_GEN_MASK;
+ entry->ie_next = next;
+ entry->ie_object = IO_NULL;
+ entry->ie_dist = 0;
+ entry->ie_index = 0;
+ curr = next;
+ }
+ table[curr].ie_next = 0;
+ table[curr].ie_object = IO_NULL;
+ table[curr].ie_index = 0;
+ table[curr].ie_dist = 0;
+ table[curr].ie_bits = IE_BITS_GEN_MASK;
+
+ /* The freelist head should always have generation number set to 0 */
+ if (at_start) {
+ table[0].ie_bits = 0;
+ }
+}
+
+
/*
* Routine: ipc_space_create
* Purpose:
kern_return_t
ipc_space_create(
- ipc_table_size_t initial,
- ipc_space_t *spacep)
+ ipc_table_size_t initial,
+ ipc_label_t label,
+ ipc_space_t *spacep)
{
ipc_space_t space;
ipc_entry_t table;
ipc_entry_num_t new_size;
- mach_port_index_t index;
space = is_alloc();
- if (space == IS_NULL)
+ if (space == IS_NULL) {
return KERN_RESOURCE_SHORTAGE;
+ }
table = it_entries_alloc(initial);
if (table == IE_NULL) {
new_size = initial->its_size;
memset((void *) table, 0, new_size * sizeof(struct ipc_entry));
- /*
- * Initialize the free list in the table.
- * Add the entries in reverse order, and
- * set the generation number to -1, so that
- * initial allocations produce "natural" names.
- */
- for (index = 0; index < new_size; index++) {
- ipc_entry_t entry = &table[index];
+ /* Set to 0 so entropy pool refills */
+ memset((void *) space->is_entropy, 0, sizeof(space->is_entropy));
- entry->ie_bits = IE_BITS_GEN_MASK;
- entry->ie_next = index+1;
- }
- table[new_size-1].ie_next = 0;
+ random_bool_init(&space->bool_gen);
+ ipc_space_rand_freelist(space, table, 0, new_size);
is_lock_init(space);
space->is_bits = 2; /* 2 refs, active, not growing */
+ space->is_table_hashed = 0;
space->is_table_size = new_size;
+ space->is_table_free = new_size - 1;
space->is_table = table;
- space->is_table_next = initial+1;
+ space->is_table_next = initial + 1;
space->is_task = NULL;
+ space->is_label = label;
space->is_low_mod = new_size;
space->is_high_mod = 0;
+ space->is_node_id = HOST_LOCAL_NODE; /* HOST_LOCAL_NODE, except proxy spaces */
*spacep = space;
return KERN_SUCCESS;
}
+/*
+ * Routine: ipc_space_label
+ * Purpose:
+ * Modify the label on a space. The desired
+ * label must be a super-set of the current
+ * label for the space (as rights may already
+ * have been previously copied out under the
+ * old label value.
+ * Conditions:
+ * Nothing locked.
+ * Returns:
+ * KERN_SUCCESS Updated the label
+ * KERN_INVALID_VALUE label not a superset of old
+ */
+kern_return_t
+ipc_space_label(
+ ipc_space_t space,
+ ipc_label_t label)
+{
+ is_write_lock(space);
+ if (!is_active(space)) {
+ is_write_unlock(space);
+ return KERN_SUCCESS;
+ }
+
+ if ((space->is_label & label) != space->is_label) {
+ is_write_unlock(space);
+ return KERN_INVALID_VALUE;
+ }
+ space->is_label = label;
+ is_write_unlock(space);
+ return KERN_SUCCESS;
+}
+
+/*
+ * Routine: ipc_space_add_label
+ * Purpose:
+ * Modify the label on a space. The desired
+ * label is added to the labels already set
+ * on the space.
+ * Conditions:
+ * Nothing locked.
+ * Returns:
+ * KERN_SUCCESS Updated the label
+ * KERN_INVALID_VALUE label not a superset of old
+ */
+kern_return_t
+ipc_space_add_label(
+ ipc_space_t space,
+ ipc_label_t label)
+{
+ is_write_lock(space);
+ if (!is_active(space)) {
+ is_write_unlock(space);
+ return KERN_SUCCESS;
+ }
+
+ space->is_label |= label;
+ is_write_unlock(space);
+ return KERN_SUCCESS;
+}
/*
* Routine: ipc_space_create_special
* Purpose:
kern_return_t
ipc_space_create_special(
- ipc_space_t *spacep)
+ ipc_space_t *spacep)
{
ipc_space_t space;
space = is_alloc();
- if (space == IS_NULL)
+ if (space == IS_NULL) {
return KERN_RESOURCE_SHORTAGE;
+ }
is_lock_init(space);
- space->is_bits = IS_INACTIVE | 1; /* 1 ref, not active, not growing */
+
+ space->is_bits = IS_INACTIVE | 1; /* 1 ref, not active, not growing */
+ space->is_table = IE_NULL;
+ space->is_task = TASK_NULL;
+ space->is_label = IPC_LABEL_SPECIAL;
+ space->is_table_next = 0;
+ space->is_low_mod = 0;
+ space->is_high_mod = 0;
+ space->is_node_id = HOST_LOCAL_NODE; /* HOST_LOCAL_NODE, except proxy spaces */
+
*spacep = space;
return KERN_SUCCESS;
}
* we must wait until they finish and figure
* out the space died.
*/
- retry:
+retry:
is_write_lock(space);
- while (is_growing(space))
+ while (is_growing(space)) {
is_write_sleep(space);
+ }
if (!is_active(space)) {
is_write_unlock(space);
type = IE_BITS_TYPE(entry->ie_bits);
if (type != MACH_PORT_TYPE_NONE) {
- mach_port_name_t name = MACH_PORT_MAKE(index,
- IE_BITS_GEN(entry->ie_bits));
- ipc_right_destroy(space, name, entry); /* unlocks space */
+ mach_port_name_t name = MACH_PORT_MAKE(index,
+ IE_BITS_GEN(entry->ie_bits));
+ ipc_right_destroy(space, name, entry, FALSE, 0); /* unlocks space */
goto retry;
}
}
- /*
+ /*
* JMM - Now the table is cleaned out. We don't bother shrinking the
* size of the table at this point, but we probably should if it is
* really large.
*/
-
+
is_write_unlock(space);
}
void
ipc_space_terminate(
- ipc_space_t space)
+ ipc_space_t space)
{
ipc_entry_t table;
ipc_entry_num_t size;
* we must wait until they finish and figure
* out the space died.
*/
- while (is_growing(space))
+ while (is_growing(space)) {
is_write_sleep(space);
+ }
is_write_unlock(space);
mach_port_name_t name;
name = MACH_PORT_MAKE(index,
- IE_BITS_GEN(entry->ie_bits));
+ IE_BITS_GEN(entry->ie_bits));
ipc_right_terminate(space, name, entry);
}
}
- it_entries_free(space->is_table_next-1, table);
+ it_entries_free(space->is_table_next - 1, table);
space->is_table_size = 0;
+ space->is_table_free = 0;
/*
* Because the space is now dead,
*/
is_release(space);
}
-
-
projects / apple / xnu.git / blobdiff