]> git.saurik.com Git - apple/xnu.git/blobdiff - iokit/Kernel/IOUserClient.cpp
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-3789.51.2.tar.gz
[apple/xnu.git] / iokit / Kernel / IOUserClient.cpp
diff --git a/iokit/Kernel/IOUserClient.cpp b/iokit/Kernel/IOUserClient.cpp
index 1faa211e2af7c2f2a5819536e5e43efa8257f645..d568aaca2f2d269359effde1f8e42f09c69ad082 100644 (file)
--- a/iokit/Kernel/IOUserClient.cpp
+++ b/iokit/Kernel/IOUserClient.cpp
@@ -45,6 +45,8 @@
 #include <sys/kauth.h>
 #include <sys/codesign.h>
 
+#include <mach/sdt.h>
+
 #if CONFIG_MACF
 
 extern "C" {
@@ -69,8 +71,9 @@ extern "C" {
 
 enum
 {
-    kIOUCAsync0Flags = 3ULL,
-    kIOUCAsync64Flag = 1ULL
+    kIOUCAsync0Flags          = 3ULL,
+    kIOUCAsync64Flag          = 1ULL,
+    kIOUCAsyncErrorLoggedFlag = 2ULL
 };
 
 #if IOKITSTATS
@@ -99,6 +102,25 @@ do { \
 
 #endif /* IOKITSTATS */
 
+#if DEVELOPMENT || DEBUG
+
+#define FAKE_STACK_FRAME(a)                                             \
+        const void ** __frameptr;                                       \
+        const void  * __retaddr;                                        \
+        __frameptr = (typeof(__frameptr)) __builtin_frame_address(0);   \
+        __retaddr = __frameptr[1];                                      \
+        __frameptr[1] = (a);
+
+#define FAKE_STACK_FRAME_END()                                          \
+        __frameptr[1] = __retaddr;
+
+#else /* DEVELOPMENT || DEBUG */
+
+#define FAKE_STACK_FRAME(a)
+#define FAKE_STACK_FRAME_END()
+
+#endif /* DEVELOPMENT || DEBUG */
+
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
 // definitions we should get from osfmk
@@ -247,6 +269,7 @@ bool IOMachPort::noMoreSendersForObject( OSObject * obj,
 {
     OSDictionary *     dict;
     IOMachPort *       machPort;
+    IOUserClient *      uc;
     bool               destroyed = true;
 
     IOTakeLock( gIOObjectPortLock);
@@ -257,10 +280,15 @@ bool IOMachPort::noMoreSendersForObject( OSObject * obj,
        machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
        if( machPort) {
            destroyed = (machPort->mscount <= *mscount);
-           if( destroyed)
+           if (!destroyed) *mscount = machPort->mscount;
+            else
+            {
+               if ((IKOT_IOKIT_CONNECT == type) && (uc = OSDynamicCast(IOUserClient, obj)))
+               {
+                   uc->noMoreSenders();
+               }
                dict->removeObject( (const OSSymbol *) obj );
-           else
-               *mscount = machPort->mscount;
+           }
        } 
        obj->release();
     }
@@ -276,6 +304,8 @@ void IOMachPort::releasePortForObject( OSObject * obj,
     OSDictionary *     dict;
     IOMachPort *       machPort;
 
+    assert(IKOT_IOKIT_CONNECT != type);
+
     IOTakeLock( gIOObjectPortLock);
 
     if( (dict = dictForType( type ))) {
@@ -324,14 +354,18 @@ void IOUserClient::destroyUserReferences( OSObject * obj )
        if (port)
        {
            IOUserClient * uc;
-           if ((uc = OSDynamicCast(IOUserClient, obj)) && uc->mappings)
+           if ((uc = OSDynamicCast(IOUserClient, obj)))
            {
-               dict->setObject((const OSSymbol *) uc->mappings, port);
-               iokit_switch_object_port(port->port, uc->mappings, IKOT_IOKIT_CONNECT);
-
-               uc->mappings->release();
-               uc->mappings = 0;
-           }
+                uc->noMoreSenders();
+                if (uc->mappings)
+                {
+                    dict->setObject((const OSSymbol *) uc->mappings, port);
+                    iokit_switch_object_port(port->port, uc->mappings, IKOT_IOKIT_CONNECT);
+
+                    uc->mappings->release();
+                    uc->mappings = 0;
+                }
+            }
            dict->removeObject( (const OSSymbol *) obj );
        }
     }
@@ -567,10 +601,11 @@ iokit_client_died( io_object_t obj, ipc_port_t /* port */,
 
     if( IKOT_IOKIT_CONNECT == type)
     {
-       if( (client = OSDynamicCast( IOUserClient, obj ))) {
-               IOStatisticsClientCall();
+       if( (client = OSDynamicCast( IOUserClient, obj )))
+       {
+           IOStatisticsClientCall();
            client->clientDied();
-    }
+        }
     }
     else if( IKOT_IOKIT_OBJECT == type)
     {
@@ -603,6 +638,7 @@ class IOServiceUserNotification : public IOUserNotification
     OSArray    *       newSet;
     OSObject   *       lastEntry;
     bool               armed;
+    bool                ipcLogged;
 
 public:
 
@@ -633,6 +669,7 @@ class IOServiceMessageUserNotification : public IOUserNotification
     vm_size_t          msgSize;
     uint8_t            clientIs64;
     int                        owningPID;
+    bool                ipcLogged;
 
 public:
 
@@ -817,8 +854,11 @@ bool IOServiceUserNotification::handler( void * ref,
        if( port)
            iokit_release_port( port );
 
-        if( KERN_SUCCESS != kr)
-            IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr );
+        if( (KERN_SUCCESS != kr) && !ipcLogged)
+        {
+            ipcLogged = true;
+            IOLog("%s: mach_msg_send_from_kernel_proper(0x%x)\n", __PRETTY_FUNCTION__, kr );
+        }
     }
 
     return( true );
@@ -828,12 +868,11 @@ OSObject * IOServiceUserNotification::getNextObject()
 {
     unsigned int       count;
     OSObject *         result;
+    OSObject *         releaseEntry;
 
-    IOTakeLock( lock );
-
-    if( lastEntry)
-        lastEntry->release();
+    IOLockLock(lock);
 
+    releaseEntry = lastEntry;
     count = newSet->getCount();
     if( count ) {
         result = newSet->getObject( count - 1 );
@@ -845,7 +884,9 @@ OSObject * IOServiceUserNotification::getNextObject()
     }
     lastEntry = result;
 
-    IOUnlock( lock );
+    IOLockUnlock(lock);
+
+    if (releaseEntry) releaseEntry->release();
 
     return( result );
 }
@@ -871,7 +912,7 @@ bool IOServiceMessageUserNotification::init( mach_port_t port, natural_t type,
     owningPID = proc_selfpid();
 
     extraSize += sizeof(IOServiceInterestContent64);
-    msgSize = sizeof(PingMsg) - sizeof(OSAsyncReference64) + referenceSize + extraSize;
+    msgSize = sizeof(PingMsg) - sizeof(OSAsyncReference64) + referenceSize;
     pingMsg = (PingMsg *) IOMalloc( msgSize);
     if( !pingMsg)
         return( false );
@@ -927,13 +968,17 @@ IOReturn IOServiceMessageUserNotification::_handler( void * target, void * ref,
 
 IOReturn IOServiceMessageUserNotification::handler( void * ref,
                                     UInt32 messageType, IOService * provider,
-                                    void * messageArgument, vm_size_t argSize )
+                                    void * messageArgument, vm_size_t callerArgSize )
 {
+    enum                        { kLocalMsgSize = 0x100 };
+    uint64_t                     stackMsg[kLocalMsgSize / sizeof(uint64_t)];
+    void *                       allocMsg;
     kern_return_t               kr;
+    vm_size_t                           argSize;
+    vm_size_t                           thisMsgSize;
     ipc_port_t                          thisPort, providerPort;
-    IOServiceInterestContent64 * data = (IOServiceInterestContent64 *)
-                                       ((((uint8_t *) pingMsg) + msgSize) - pingMsg->notifyHeader.size);
-                                        // == pingMsg->notifyHeader.content;
+    struct PingMsg *             thisMsg;
+    IOServiceInterestContent64 * data;
 
     if (kIOMessageCopyClientID == messageType)
     {
@@ -941,24 +986,16 @@ IOReturn IOServiceMessageUserNotification::handler( void * ref,
         return (kIOReturnSuccess);
     }
 
-    data->messageType = messageType;
-
-    if( argSize == 0)
+    if (callerArgSize == 0)
     {
-       data->messageArgument[0] = (io_user_reference_t) messageArgument;
-       if (clientIs64)
-           argSize = sizeof(data->messageArgument[0]);
-       else
-       {
-           data->messageArgument[0] |= (data->messageArgument[0] << 32);
-           argSize = sizeof(uint32_t);
-       }
+       if (clientIs64) argSize = sizeof(data->messageArgument[0]);
+       else            argSize = sizeof(uint32_t);
     }
     else
     {
+        argSize = callerArgSize;
         if( argSize > kIOUserNotifyMaxMessageSize)
             argSize = kIOUserNotifyMaxMessageSize;
-        bcopy( messageArgument, data->messageArgument, argSize );
     }
 
     // adjust message size for ipc restrictions
@@ -966,20 +1003,55 @@ IOReturn IOServiceMessageUserNotification::handler( void * ref,
     type = pingMsg->notifyHeader.type;
     type &= ~(kIOKitNoticationMsgSizeMask << kIOKitNoticationTypeSizeAdjShift);
     type |= ((argSize & kIOKitNoticationMsgSizeMask) << kIOKitNoticationTypeSizeAdjShift);
-    pingMsg->notifyHeader.type = type;
     argSize = (argSize + kIOKitNoticationMsgSizeMask) & ~kIOKitNoticationMsgSizeMask;
 
-    pingMsg->msgHdr.msgh_size = msgSize - pingMsg->notifyHeader.size
-        + sizeof( IOServiceInterestContent64 )
-        - sizeof( data->messageArgument)
-        + argSize;
+    thisMsgSize = msgSize
+               + sizeof( IOServiceInterestContent64 )
+               - sizeof( data->messageArgument)
+               + argSize;
+
+    if (thisMsgSize > sizeof(stackMsg))
+    {
+       allocMsg = IOMalloc(thisMsgSize);
+       if (!allocMsg) return (kIOReturnNoMemory);
+       thisMsg = (typeof(thisMsg)) allocMsg;
+    }
+    else
+    {
+       allocMsg = 0;
+       thisMsg  = (typeof(thisMsg)) stackMsg;
+    }
+
+    bcopy(pingMsg, thisMsg, msgSize);
+    thisMsg->notifyHeader.type = type;
+    data = (IOServiceInterestContent64 *) (((uint8_t *) thisMsg) + msgSize);
+       // == pingMsg->notifyHeader.content;
+    data->messageType = messageType;
+
+    if (callerArgSize == 0)
+    {
+       data->messageArgument[0] = (io_user_reference_t) messageArgument;
+       if (!clientIs64)
+       {
+           data->messageArgument[0] |= (data->messageArgument[0] << 32);
+       }
+    }
+    else
+    {
+        bcopy( messageArgument, data->messageArgument, callerArgSize );
+        bzero((void *)(((uintptr_t) &data->messageArgument[0]) + callerArgSize), argSize - callerArgSize);
+    }
+
+    thisMsg->notifyHeader.type = type;
+    thisMsg->msgHdr.msgh_size  = thisMsgSize;
 
     providerPort = iokit_port_for_object( provider, IKOT_IOKIT_OBJECT );
-    pingMsg->ports[0].name = providerPort;
+    thisMsg->ports[0].name = providerPort;
     thisPort = iokit_port_for_object( this, IKOT_IOKIT_OBJECT );
-    pingMsg->msgHdr.msgh_local_port = thisPort;
-    kr = mach_msg_send_from_kernel_with_options( &pingMsg->msgHdr,
-                                                pingMsg->msgHdr.msgh_size,
+    thisMsg->msgHdr.msgh_local_port = thisPort;
+
+    kr = mach_msg_send_from_kernel_with_options( &thisMsg->msgHdr,
+                                                thisMsg->msgHdr.msgh_size,
                                                 (MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_IMPORTANCE),
                                                 0);
     if( thisPort)
@@ -987,8 +1059,14 @@ IOReturn IOServiceMessageUserNotification::handler( void * ref,
     if( providerPort)
        iokit_release_port( providerPort );
 
-    if( KERN_SUCCESS != kr)
-        IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr );
+    if (allocMsg)
+        IOFree(allocMsg, thisMsgSize);
+
+    if((KERN_SUCCESS != kr) && !ipcLogged)
+    {
+        ipcLogged = true;
+        IOLog("%s: mach_msg_send_from_kernel_proper (0x%x)\n", __PRETTY_FUNCTION__, kr );
+    }
 
     return( kIOReturnSuccess );
 }
@@ -1004,11 +1082,13 @@ OSObject * IOServiceMessageUserNotification::getNextObject()
 #define super IOService
 OSDefineMetaClassAndAbstractStructors( IOUserClient, IOService )
 
+IOLock       * gIOUserClientOwnersLock;
+
 void IOUserClient::initialize( void )
 {
-    gIOObjectPortLock = IOLockAlloc();
-
-    assert( gIOObjectPortLock );
+    gIOObjectPortLock       = IOLockAlloc();
+    gIOUserClientOwnersLock = IOLockAlloc();
+    assert(gIOObjectPortLock && gIOUserClientOwnersLock);
 }
 
 void IOUserClient::setAsyncReference(OSAsyncReference asyncRef,
@@ -1333,15 +1413,131 @@ bool IOUserClient::reserve()
     return true;
 }
 
+struct IOUserClientOwner
+{
+    task_t         task;
+    queue_chain_t  taskLink;
+    IOUserClient * uc;
+    queue_chain_t  ucLink;
+};
+
+IOReturn
+IOUserClient::registerOwner(task_t task)
+{
+    IOUserClientOwner * owner;
+    IOReturn            ret;
+    bool                newOwner;
+
+    IOLockLock(gIOUserClientOwnersLock);
+
+    newOwner = true;
+    ret = kIOReturnSuccess;
+
+    if (!owners.next) queue_init(&owners);
+    else
+    {
+        queue_iterate(&owners, owner, IOUserClientOwner *, ucLink)
+        {
+            if (task != owner->task) continue;
+            newOwner = false;
+            break;
+        }
+    }
+    if (newOwner)
+    {
+        owner = IONew(IOUserClientOwner, 1);
+        if (!newOwner) ret = kIOReturnNoMemory;
+        else
+        {
+            owner->task = task;
+            owner->uc   = this;
+            queue_enter_first(&owners, owner, IOUserClientOwner *, ucLink);
+            queue_enter_first(task_io_user_clients(task), owner, IOUserClientOwner *, taskLink);
+        }
+    }
+
+    IOLockUnlock(gIOUserClientOwnersLock);
+
+    return (ret);
+}
+
+void
+IOUserClient::noMoreSenders(void)
+{
+    IOUserClientOwner * owner;
+
+    IOLockLock(gIOUserClientOwnersLock);
+
+    if (owners.next)
+    {
+        while (!queue_empty(&owners))
+        {
+            owner = (IOUserClientOwner *)(void *) queue_first(&owners);
+            queue_remove(task_io_user_clients(owner->task), owner, IOUserClientOwner *, taskLink);
+            queue_remove(&owners, owner, IOUserClientOwner *, ucLink);
+            IODelete(owner, IOUserClientOwner, 1);
+        }
+        owners.next = owners.prev = NULL;
+    }
+
+    IOLockUnlock(gIOUserClientOwnersLock);
+}
+
+extern "C" kern_return_t
+iokit_task_terminate(task_t task)
+{
+    IOUserClientOwner * owner;
+    IOUserClient      * dead;
+    IOUserClient      * uc;
+    queue_head_t      * taskque;
+
+    IOLockLock(gIOUserClientOwnersLock);
+
+    taskque = task_io_user_clients(task);
+    dead = NULL;
+    while (!queue_empty(taskque))
+    {
+        owner = (IOUserClientOwner *)(void *) queue_first(taskque);
+        uc = owner->uc;
+        queue_remove(taskque, owner, IOUserClientOwner *, taskLink);
+        queue_remove(&uc->owners, owner, IOUserClientOwner *, ucLink);
+        if (queue_empty(&uc->owners))
+        {
+            uc->retain();
+            IOLog("destroying out of band connect for %s\n", uc->getName());
+            // now using the uc queue head as a singly linked queue,
+            // leaving .next as NULL to mark it empty
+            uc->owners.next = NULL;
+            uc->owners.prev = (queue_entry_t) dead;
+            dead = uc;
+        }
+        IODelete(owner, IOUserClientOwner, 1);
+    }
+
+    IOLockUnlock(gIOUserClientOwnersLock);
+
+    while (dead)
+    {
+        uc = dead;
+        dead = (IOUserClient *)(void *) dead->owners.prev;
+        uc->owners.prev = NULL;
+        if (uc->sharedInstance || !uc->closed) uc->clientDied();
+        uc->release();
+    }
+
+    return (KERN_SUCCESS);
+}
+
 void IOUserClient::free()
 {
-    if( mappings)
-        mappings->release();
+    if( mappings) mappings->release();
                
     IOStatisticsUnregisterCounter();
 
-    if (reserved)
-        IODelete(reserved, ExpansionData, 1);
+    assert(!owners.next);
+    assert(!owners.prev);
+
+    if (reserved) IODelete(reserved, ExpansionData, 1);
                
     super::free();
 }
@@ -1428,10 +1624,14 @@ IOMemoryMap * IOUserClient::mapClientMemory64(
 
     if( memory && (kIOReturnSuccess == err)) {
 
+        FAKE_STACK_FRAME(getMetaClass());
+
         options = (options & ~kIOMapUserOptionsMask)
                | (mapFlags & kIOMapUserOptionsMask);
        map = memory->createMappingInTask( task, atAddress, options );
        memory->release();
+
+        FAKE_STACK_FRAME_END();
     }
 
     return( map );
@@ -1458,6 +1658,17 @@ IOExternalAsyncMethod * IOUserClient::getExternalAsyncMethodForIndex( UInt32 /*
     return( 0 );
 }
 
+IOExternalTrap * IOUserClient::
+getExternalTrapForIndex(UInt32 index)
+{
+       return NULL;
+}
+
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
+// Suppressing the deprecated-declarations warning. Avoiding the use of deprecated
+// functions can break clients of kexts implementing getExternalMethodForIndex()
 IOExternalMethod * IOUserClient::
 getTargetAndMethodForIndex(IOService **targetP, UInt32 index)
 {
@@ -1480,12 +1691,6 @@ getAsyncTargetAndMethodForIndex(IOService ** targetP, UInt32 index)
     return method;
 }
 
-IOExternalTrap * IOUserClient::
-getExternalTrapForIndex(UInt32 index)
-{
-       return NULL;
-}
-
 IOExternalTrap * IOUserClient::
 getTargetAndTrapForIndex(IOService ** targetP, UInt32 index)
 {
@@ -1497,6 +1702,7 @@ getTargetAndTrapForIndex(IOService ** targetP, UInt32 index)
 
       return trap;
 }
+#pragma clang diagnostic pop
 
 IOReturn IOUserClient::releaseAsyncReference64(OSAsyncReference64 reference)
 {
@@ -1582,6 +1788,7 @@ IOReturn IOUserClient::_sendAsyncResult64(OSAsyncReference64 reference,
     if (numArgs > kMaxAsyncArgs)
         return kIOReturnMessageTooLarge;
 
+    bzero(&replyMsg, sizeof(replyMsg));
     replyMsg.msgHdr.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND /*remote*/,
                                                0 /*local*/);
     replyMsg.msgHdr.msgh_remote_port = replyPort;
@@ -1630,8 +1837,11 @@ IOReturn IOUserClient::_sendAsyncResult64(OSAsyncReference64 reference,
                kr = mach_msg_send_from_kernel_proper( &replyMsg.msgHdr,
                                                                                 replyMsg.msgHdr.msgh_size);
        }
-    if ((KERN_SUCCESS != kr) && (MACH_SEND_TIMED_OUT != kr))
-        IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr );
+    if ((KERN_SUCCESS != kr) && (MACH_SEND_TIMED_OUT != kr) && !(kIOUCAsyncErrorLoggedFlag & reference[0]))
+    {
+        reference[0] |= kIOUCAsyncErrorLoggedFlag;
+        IOLog("%s: mach_msg_send_from_kernel_proper(0x%x)\n", __PRETTY_FUNCTION__, kr );
+    }
     return kr;
 }
 
@@ -1868,8 +2078,9 @@ static kern_return_t internal_io_service_match_property_table(
     OSObject *         obj;
     OSDictionary *     dict;
 
-    obj = matching_size ? OSUnserializeXML(matching, matching_size)
-                       : OSUnserializeXML(matching);
+    assert(matching_size);
+    obj = OSUnserializeXML(matching, matching_size);
+
     if( (dict = OSDynamicCast( OSDictionary, obj))) {
         *matches = service->passiveMatch( dict );
        kr = kIOReturnSuccess;
@@ -1888,7 +2099,7 @@ kern_return_t is_io_service_match_property_table(
        io_string_t matching,
        boolean_t *matches )
 {
-    return (internal_io_service_match_property_table(service, matching, 0, matches));
+    return (kIOReturnUnsupported);
 }
 
 
@@ -1940,8 +2151,9 @@ static kern_return_t internal_io_service_get_matching_services(
     if( master_port != master_device_port)
         return( kIOReturnNotPrivileged);
 
-    obj = matching_size ? OSUnserializeXML(matching, matching_size)
-                       : OSUnserializeXML(matching);
+    assert(matching_size);
+    obj = OSUnserializeXML(matching, matching_size);
+
     if( (dict = OSDynamicCast( OSDictionary, obj))) {
         *existing = IOUserIterator::withIterator(IOService::getMatchingServices( dict ));
        kr = kIOReturnSuccess;
@@ -1960,7 +2172,7 @@ kern_return_t is_io_service_get_matching_services(
        io_string_t matching,
        io_iterator_t *existing )
 {
-    return (internal_io_service_get_matching_services(master_port, matching, 0, existing));
+    return (kIOReturnUnsupported);
 }
 
 /* Routine io_service_get_matching_services_ool */
@@ -2014,8 +2226,9 @@ static kern_return_t internal_io_service_get_matching_service(
     if( master_port != master_device_port)
         return( kIOReturnNotPrivileged);
 
-    obj = matching_size ? OSUnserializeXML(matching, matching_size)
-                       : OSUnserializeXML(matching);
+    assert(matching_size);
+    obj = OSUnserializeXML(matching, matching_size);
+
     if( (dict = OSDynamicCast( OSDictionary, obj))) {
         *service = IOService::copyMatchingService( dict );
        kr = *service ? kIOReturnSuccess : kIOReturnNotFound;
@@ -2034,7 +2247,7 @@ kern_return_t is_io_service_get_matching_service(
        io_string_t matching,
        io_service_t *service )
 {
-    return (internal_io_service_get_matching_service(master_port, matching, 0, service));
+    return (kIOReturnUnsupported);
 }
 
 /* Routine io_service_get_matching_services_ool */
@@ -2101,15 +2314,8 @@ static kern_return_t internal_io_service_add_notification(
         if( !(sym = OSSymbol::withCString( notification_type )))
            err = kIOReturnNoResources;
 
-       if (matching_size)
-       {
-            dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching, matching_size));
-       }
-       else
-       {
-           dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching));
-       }
-
+       assert(matching_size);
+       dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching, matching_size));
         if (!dict) {
             err = kIOReturnBadArgument;
            continue;
@@ -2167,9 +2373,7 @@ kern_return_t is_io_service_add_notification(
        mach_msg_type_number_t referenceCnt,
        io_object_t * notification )
 {
-    return (internal_io_service_add_notification(master_port, notification_type, 
-               matching, 0, port, &reference[0], sizeof(io_async_ref_t),
-               false, notification));
+    return (kIOReturnUnsupported);
 }
 
 /* Routine io_service_add_notification_64 */
@@ -2182,9 +2386,7 @@ kern_return_t is_io_service_add_notification_64(
        mach_msg_type_number_t referenceCnt,
        io_object_t *notification )
 {
-    return (internal_io_service_add_notification(master_port, notification_type, 
-               matching, 0, wake_port, &reference[0], sizeof(io_async_ref64_t),
-               true, notification));
+    return (kIOReturnUnsupported);
 }
 
 /* Routine io_service_add_notification_bin */
@@ -2718,6 +2920,7 @@ kern_return_t is_io_registry_entry_get_property_bytes(
     if( (data = OSDynamicCast( OSData, obj ))) {
        len = data->getLength();
        bytes = data->getBytesNoCopy();
+       if (!data->isSerializable()) len = 0;
 
     } else if( (str = OSDynamicCast( OSString, obj ))) {
        len = str->getLength() + 1;
@@ -2730,6 +2933,7 @@ kern_return_t is_io_registry_entry_get_property_bytes(
     } else if( (off = OSDynamicCast( OSNumber, obj ))) {
        offsetBytes = off->unsigned64BitValue();
        len = off->numberOfBytes();
+       if (len > sizeof(offsetBytes)) len = sizeof(offsetBytes);
        bytes = &offsetBytes;
 #ifdef __BIG_ENDIAN__
        bytes = (const void *)
@@ -2816,7 +3020,7 @@ kern_return_t is_io_registry_entry_get_property_recursively(
 #endif
 
     obj = entry->copyProperty( property_name,
-                               IORegistryEntry::getPlane( plane ), options);
+                               IORegistryEntry::getPlane( plane ), options );
     if( !obj)
         return( kIOReturnNotFound );
 
@@ -2840,86 +3044,13 @@ kern_return_t is_io_registry_entry_get_property_recursively(
     return( err );
 }
 
-#if CONFIG_MACF
-
-static kern_return_t
-filteredProperties(IORegistryEntry *entry, OSDictionary *properties, OSDictionary **filteredp)
-{
-    kern_return_t      err = 0;
-    OSDictionary       *filtered = NULL;
-    OSCollectionIterator *iter = NULL;
-    OSSymbol           *key;
-    OSObject           *p;
-    kauth_cred_t       cred = kauth_cred_get();
-
-    if (properties == NULL)
-       return kIOReturnUnsupported;
-
-    if ((iter = OSCollectionIterator::withCollection(properties)) == NULL ||
-        (filtered = OSDictionary::withCapacity(properties->getCapacity())) == NULL) {
-       err = kIOReturnNoMemory;
-       goto out;
-    }
-
-    while ((p = iter->getNextObject()) != NULL) {
-       if ((key = OSDynamicCast(OSSymbol, p)) == NULL ||
-           mac_iokit_check_get_property(cred, entry, key->getCStringNoCopy()) != 0)
-           continue;
-       filtered->setObject(key, properties->getObject(key));
-    }
-
-out:
-    if (iter != NULL)
-       iter->release();
-    *filteredp = filtered;
-    return err;
-}
-
-#endif
-
 /* Routine io_registry_entry_get_properties */
 kern_return_t is_io_registry_entry_get_properties(
        io_object_t registry_entry,
        io_buf_ptr_t *properties,
        mach_msg_type_number_t *propertiesCnt )
 {
-    kern_return_t      err = 0;
-    vm_size_t          len;
-
-    CHECK( IORegistryEntry, registry_entry, entry );
-
-    OSSerialize * s = OSSerialize::withCapacity(4096);
-    if( !s)
-       return( kIOReturnNoMemory );
-
-    if (!entry->serializeProperties(s))
-       err = kIOReturnUnsupported;
-
-#if CONFIG_MACF
-    if (!err && mac_iokit_check_filter_properties(kauth_cred_get(), entry)) {
-       OSObject *propobj = OSUnserializeXML(s->text(), s->getLength());
-       OSDictionary *filteredprops = NULL;
-       err = filteredProperties(entry, OSDynamicCast(OSDictionary, propobj), &filteredprops);
-       if (propobj) propobj->release();
-
-       if (!err) {
-           s->clearText();
-           if (!filteredprops->serialize(s))
-               err = kIOReturnUnsupported;
-       }
-       if (filteredprops != NULL)
-           filteredprops->release();
-    }
-#endif /* CONFIG_MACF */
-
-    if (!err) {
-       len = s->getLength();
-       *propertiesCnt = len;
-       err = copyoutkdata( s->text(), len, properties );
-    }
-
-    s->release();
-    return( err );
+    return (kIOReturnUnsupported);
 }
 
 #if CONFIG_MACF
@@ -2942,13 +3073,13 @@ GetPropertiesEditor(void                  * reference,
 
     if (!ref->root) ref->root = container;
     if (ref->root == container)
-       {
-               if (0 != mac_iokit_check_get_property(ref->cred, ref->entry, name->getCStringNoCopy())) 
-               {
-                       value = 0;
-               }
-       }
-       if (value) value->retain();
+    {
+        if (0 != mac_iokit_check_get_property(ref->cred, ref->entry, name->getCStringNoCopy()))
+        {
+                value = 0;
+        }
+    }
+    if (value) value->retain();
     return (value);
 }
 
@@ -2987,9 +3118,9 @@ kern_return_t is_io_registry_entry_get_properties_bin(
 
     if (kIOReturnSuccess == err)
     {
-               len = s->getLength();
-               *propertiesCnt = len;
-               err = copyoutkdata(s->text(), len, properties);
+        len = s->getLength();
+        *propertiesCnt = len;
+        err = copyoutkdata(s->text(), len, properties);
     }
     s->release();
 
@@ -3017,25 +3148,29 @@ kern_return_t is_io_registry_entry_get_property_bin(
         return kIOReturnNotPermitted;
 #endif
 
-    if ((kIORegistryIterateRecursively & options) && plane[0])
+    sym = OSSymbol::withCString(property_name);
+    if (!sym) return (kIOReturnNoMemory);
+
+    if (gIORegistryEntryPropertyKeysKey == sym)
     {
-       obj = entry->copyProperty(property_name,
-                                 IORegistryEntry::getPlane(plane), options);
+        obj = entry->copyPropertyKeys();
     }
     else
     {
-       obj = entry->copyProperty(property_name);
+        if ((kIORegistryIterateRecursively & options) && plane[0])
+        {
+            obj = entry->copyProperty(property_name,
+                                      IORegistryEntry::getPlane(plane), options );
+        }
+        else
+        {
+            obj = entry->copyProperty(property_name);
+        }
+        if (obj && gIORemoveOnReadProperties->containsObject(sym)) entry->removeProperty(sym);
     }
 
-    if( !obj)
-        return( kIOReturnNotFound );
-
-    sym = OSSymbol::withCString(property_name);
-    if (sym)
-    {
-        if (gIORemoveOnReadProperties->containsObject(sym)) entry->removeProperty(sym);
-        sym->release();
-    }
+    sym->release();
+    if (!obj) return (kIOReturnNotFound);
 
     OSSerialize * s = OSSerialize::binaryWithCapacity(4096);
     if( !s) {
@@ -3081,6 +3216,8 @@ kern_return_t is_io_registry_entry_set_properties
 
     if( KERN_SUCCESS == err) {
 
+        FAKE_STACK_FRAME(entry->getMetaClass());
+
         // must return success after vm_map_copyout() succeeds
         obj = OSUnserializeXML( (const char *) data, propertiesCnt );
        vm_deallocate( kernel_map, data, propertiesCnt );
@@ -3101,6 +3238,9 @@ kern_return_t is_io_registry_entry_set_properties
 
        if (obj)
            obj->release();
+
+        FAKE_STACK_FRAME_END();
+
     } else
         res = err;
 
@@ -3117,7 +3257,7 @@ kern_return_t is_io_registry_entry_get_child_iterator(
     CHECK( IORegistryEntry, registry_entry, entry );
 
     *iterator = entry->getChildIterator(
-       IORegistryEntry::getPlane( plane ));
+    IORegistryEntry::getPlane( plane ));
 
     return( kIOReturnSuccess );
 }
@@ -3239,11 +3379,14 @@ kern_return_t is_io_service_open_extended(
 
     CHECK( IOService, _service, service );
 
-    if (!owningTask) return (kIOReturnBadArgument);
+    if (!owningTask)                  return (kIOReturnBadArgument);
+    assert(owningTask == current_task());
+    if (owningTask != current_task()) return (kIOReturnBadArgument);
 
     do
     {
-       if (properties)
+       if (properties) return (kIOReturnUnsupported);
+#if 0
        {
            OSObject *      obj;
            vm_offset_t     data;
@@ -3271,7 +3414,7 @@ kern_return_t is_io_service_open_extended(
            if (kIOReturnSuccess != res)
                break;
        }
-
+#endif
        crossEndian = (ndr.int_rep != NDR_record.int_rep);
        if (crossEndian)
        {
@@ -3296,6 +3439,9 @@ kern_return_t is_io_service_open_extended(
        {
            assert( OSDynamicCast(IOUserClient, client) );
 
+           client->sharedInstance = (0 != client->getProperty(kIOUserClientSharedInstanceKey));
+           client->closed = false;
+
            disallowAccess = (crossEndian
                && (kOSBooleanTrue != service->getProperty(kIOUserClientCrossEndianCompatibleKey))
                && (kOSBooleanTrue != client->getProperty(kIOUserClientCrossEndianCompatibleKey)));
@@ -3304,6 +3450,9 @@ kern_return_t is_io_service_open_extended(
            else if (0 != mac_iokit_check_open(kauth_cred_get(), client, connect_type))
                res = kIOReturnNotPermitted;
 #endif
+
+           if (kIOReturnSuccess == res) res = client->registerOwner(owningTask);
+
            if (kIOReturnSuccess != res)
            {
                IOStatisticsClientCall();
@@ -3312,8 +3461,6 @@ kern_return_t is_io_service_open_extended(
                client = 0;
                break;
            }
-           client->sharedInstance = (0 != client->getProperty(kIOUserClientSharedInstanceKey));
-           client->closed = false;
            OSString * creatorName = IOCopyLogNameForPID(proc_selfpid());
            if (creatorName)
            {
@@ -3631,6 +3778,7 @@ kern_return_t is_io_connect_method_var_output
     OSObject *           structureVariableOutputData = 0;
 
     bzero(&args.__reserved[0], sizeof(args.__reserved));
+    args.__reservedA = 0;
     args.version = kIOExternalMethodArgumentsCurrentVersion;
 
     args.selector = selector;
@@ -3647,7 +3795,8 @@ kern_return_t is_io_connect_method_var_output
 
     if (ool_input)
        inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size, 
-                                                   kIODirectionOut, current_task());
+                                                   kIODirectionOut | kIOMemoryMapCopyOnWrite,
+                                                   current_task());
 
     args.structureInputDescriptor = inputMD;
 
@@ -3724,6 +3873,7 @@ kern_return_t is_io_connect_method
     IOMemoryDescriptor * outputMD = 0;
 
     bzero(&args.__reserved[0], sizeof(args.__reserved));
+    args.__reservedA = 0;
     args.version = kIOExternalMethodArgumentsCurrentVersion;
 
     args.selector = selector;
@@ -3740,7 +3890,8 @@ kern_return_t is_io_connect_method
 
     if (ool_input)
        inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size, 
-                                                   kIODirectionOut, current_task());
+                                                   kIODirectionOut | kIOMemoryMapCopyOnWrite,
+                                                   current_task());
 
     args.structureInputDescriptor = inputMD;
 
@@ -3804,6 +3955,7 @@ kern_return_t is_io_connect_async_method
     IOMemoryDescriptor * outputMD = 0;
 
     bzero(&args.__reserved[0], sizeof(args.__reserved));
+    args.__reservedA = 0;
     args.version = kIOExternalMethodArgumentsCurrentVersion;
 
     reference[0]            = (io_user_reference_t) wake_port;
@@ -3823,7 +3975,8 @@ kern_return_t is_io_connect_async_method
 
     if (ool_input)
        inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size,
-                                                   kIODirectionOut, current_task());
+                                                   kIODirectionOut | kIOMemoryMapCopyOnWrite,
+                                                   current_task());
 
     args.structureInputDescriptor = inputMD;
 
@@ -3909,12 +4062,14 @@ kern_return_t shim_io_connect_method_scalarI_scalarO(
 
        if( inputCount != method->count0)
        {
-           IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
            continue;
        }
        if( *outputCount != method->count1)
        {
-           IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
            continue;
        }
 
@@ -4143,12 +4298,14 @@ kern_return_t shim_io_async_method_scalarI_scalarO(
 
        if( inputCount != method->count0)
        {
-           IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
            continue;
        }
        if( *outputCount != method->count1)
        {
-           IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
            continue;
        }
 
@@ -4253,13 +4410,15 @@ kern_return_t shim_io_connect_method_scalarI_structureO(
     do {
        if( inputCount != method->count0)
        {
-           IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
            continue;
        }
        if( (kIOUCVariableStructureSize != method->count1)
                && (*outputCount != method->count1))
        {
-           IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
            continue;
        }
 
@@ -4326,13 +4485,15 @@ kern_return_t shim_io_async_method_scalarI_structureO(
     do {
        if( inputCount != method->count0)
        {
-           IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
            continue;
        }
        if( (kIOUCVariableStructureSize != method->count1)
                && (*outputCount != method->count1))
        {
-           IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
            continue;
        }
 
@@ -4424,13 +4585,15 @@ kern_return_t shim_io_connect_method_scalarI_structureI(
     {
        if (inputCount != method->count0)
        {
-           IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
            continue;
        }
        if( (kIOUCVariableStructureSize != method->count1)
                && (inputStructCount != method->count1))
        {
-           IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputStructCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputStructCount, uint64_t, (uint64_t)method->count1);
            continue;
        }
 
@@ -4500,13 +4663,15 @@ kern_return_t shim_io_async_method_scalarI_structureI(
     {
        if (inputCount != method->count0)
        {
-           IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
            continue;
        }
        if( (kIOUCVariableStructureSize != method->count1)
                && (inputStructCount != method->count1))
        {
-           IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputStructCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputStructCount, uint64_t, (uint64_t)method->count1);
            continue;
        }
 
@@ -4596,13 +4761,15 @@ kern_return_t shim_io_connect_method_structureI_structureO(
        if( (kIOUCVariableStructureSize != method->count0)
                && (inputCount != method->count0))
        {
-           IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0, (uint64_t)kIOUCVariableStructureSize);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
            continue;
        }
        if( (kIOUCVariableStructureSize != method->count1)
                && (*outputCount != method->count1))
        {
-           IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
            continue;
        }
 
@@ -4650,13 +4817,15 @@ kern_return_t shim_io_async_method_structureI_structureO(
        if( (kIOUCVariableStructureSize != method->count0)
                && (inputCount != method->count0))
        {
-           IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient inputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)inputCount, (uint64_t)method->count0, (uint64_t)kIOUCVariableStructureSize);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)inputCount, uint64_t, (uint64_t)method->count0);
            continue;
        }
        if( (kIOUCVariableStructureSize != method->count1)
                && (*outputCount != method->count1))
        {
-           IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName());
+           IOLog("%s:%d %s: IOUserClient outputCount count mismatch 0x%llx 0x%llx 0x%llx\n", __FUNCTION__, __LINE__, object->getName(), (uint64_t)*outputCount, (uint64_t)method->count1, (uint64_t)kIOUCVariableStructureSize);
+           DTRACE_IO2(iokit_count_mismatch, uint64_t, (uint64_t)*outputCount, uint64_t, (uint64_t)method->count1);
            continue;
        }
 
@@ -4681,6 +4850,10 @@ kern_return_t shim_io_async_method_structureI_structureO(
     return( err);
 }
 
+#if !NO_KEXTD
+bool gIOKextdClearedBusy = false;
+#endif
+
 /* Routine io_catalog_send_data */
 kern_return_t is_io_catalog_send_data(
         mach_port_t            master_port,
@@ -4816,14 +4989,12 @@ kern_return_t is_io_catalog_send_data(
 
         case kIOCatalogKextdFinishedLaunching: {
 #if !NO_KEXTD
-                static bool clearedBusy = false;
-
-                if (!clearedBusy) {
+                if (!gIOKextdClearedBusy) {
                     IOService * serviceRoot = IOService::getServiceRoot();
                     if (serviceRoot) {
                         IOServiceTrace(IOSERVICE_KEXTD_READY, 0, 0, 0, 0);
                         serviceRoot->adjustBusy(-1);
-                        clearedBusy = true;
+                        gIOKextdClearedBusy = true;
                     }
                 }
 #endif
mirror of XNU