xnu-2422.90.20.tar.gz

[apple/xnu.git] / bsd / kern / kern_mman.c
diff --git a/bsd/kern/kern_mman.c b/bsd/kern/kern_mman.c

index ed614c238d60f594c3144aaa2b0c9837ad007d40..575110d697f4b3ff30ed32d151090bad347721c3 100644 (file)
--- a/bsd/kern/kern_mman.c
+++ b/bsd/kern/kern_mman.c
@@ -1,23 +1,29 @@
  /*
  /*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
+ * Copyright (c) 2007 Apple Inc. All Rights Reserved.
+ * 
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
   * 
   * 
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License").  You may not use this file except in compliance with the
- * License.  Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
   * 
   * 
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
- * License for the specific language governing rights and limitations
- * under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
   * 
   * 
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
   */
  /*
   * Copyright (c) 1988 University of Utah.
   */
  /*
   * Copyright (c) 1988 University of Utah.
@@ -60,6 +66,12 @@
   *
   *     @(#)vm_mmap.c   8.10 (Berkeley) 2/19/95
   */
   *
   *     @(#)vm_mmap.c   8.10 (Berkeley) 2/19/95
   */
+/*
+ * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
+ * support for mandatory and extensible security protections.  This notice
+ * is included in support of clause 2.2 (b) of the Apple Public License,
+ * Version 2.0.
+ */
  
  /*
   * Mapped file (mmap) interface to VM
  
  /*
   * Mapped file (mmap) interface to VM
@@ -68,156 +80,112 @@
  #include <sys/param.h>
  #include <sys/systm.h>
  #include <sys/filedesc.h>
  #include <sys/param.h>
  #include <sys/systm.h>
  #include <sys/filedesc.h>
-#include <sys/proc.h>
+#include <sys/proc_internal.h>
+#include <sys/kauth.h>
  #include <sys/resourcevar.h>
  #include <sys/resourcevar.h>
-#include <sys/buf.h>
-#include <sys/vnode.h>
+#include <sys/vnode_internal.h>
  #include <sys/acct.h>
  #include <sys/wait.h>
  #include <sys/acct.h>
  #include <sys/wait.h>
-#include <sys/file.h>
+#include <sys/file_internal.h>
  #include <sys/vadvise.h>
  #include <sys/trace.h>
  #include <sys/mman.h>
  #include <sys/conf.h>
  #include <sys/stat.h>
  #include <sys/ubc.h>
  #include <sys/vadvise.h>
  #include <sys/trace.h>
  #include <sys/mman.h>
  #include <sys/conf.h>
  #include <sys/stat.h>
  #include <sys/ubc.h>
+#include <sys/ubc_internal.h>
+#include <sys/sysproto.h>
+#if CONFIG_PROTECT
+#include <sys/cprotect.h>
+#endif
  
  
-#include <mach/mach_types.h>
+#include <sys/syscall.h>
+#include <sys/kdebug.h>
  
  
-#include <kern/cpu_number.h>
-
-#include <vm/vm_map.h>
-#include <vm/vm_kern.h>
-#include <vm/vm_pager.h>
+#include <security/audit/audit.h>
+#include <bsm/audit_kevents.h>
  
  
+#include <mach/mach_types.h>
+#include <mach/mach_traps.h>
  #include <mach/vm_sync.h>
  #include <mach/vm_behavior.h>
  #include <mach/vm_inherit.h>
  #include <mach/vm_statistics.h>
  #include <mach/vm_sync.h>
  #include <mach/vm_behavior.h>
  #include <mach/vm_inherit.h>
  #include <mach/vm_statistics.h>
+#include <mach/mach_vm.h>
+#include <mach/vm_map.h>
+#include <mach/host_priv.h>
  
  
-struct sbrk_args {
-               int     incr;
-};
+#include <machine/machine_routines.h>
  
  
-/* ARGSUSED */
-int
-sbrk(p, uap, retval)
-       struct proc *p;
-       struct sbrk_args *uap;
-       register_t *retval;
-{
-       /* Not yet implemented */
-       return (EOPNOTSUPP);
-}
-
-struct sstk_args {
-       int     incr;
-} *uap;
-
-/* ARGSUSED */
-int
-sstk(p, uap, retval)
-       struct proc *p;
-       struct sstk_args *uap;
-       register_t *retval;
-{
-       /* Not yet implemented */
-       return (EOPNOTSUPP);
-}
+#include <kern/cpu_number.h>
+#include <kern/host.h>
+#include <kern/task.h>
  
  
-#if COMPAT_43
-/* ARGSUSED */
-int
-ogetpagesize(p, uap, retval)
-       struct proc *p;
-       void *uap;
-       register_t *retval;
-{
+#include <vm/vm_map.h>
+#include <vm/vm_kern.h>
+#include <vm/vm_pager.h>
+#include <vm/vm_protos.h>
  
  
-       *retval = PAGE_SIZE;
-       return (0);
-}
-#endif /* COMPAT_43 */
-
-struct osmmap_args {
-               caddr_t addr;
-               int     len;
-               int     prot;
-               int     share;
-               int     fd;
-               long    pos;
-};
-
-osmmap(curp, uap, retval)
-       struct proc *curp;
-       register struct osmmap_args *uap;
-       register_t *retval;
-{
-struct mmap_args {
-               caddr_t addr;
-               size_t len;
-               int prot;
-               int flags;
-               int fd;
-#ifdef DOUBLE_ALIGN_PARAMS
-               long pad;
-#endif
-               off_t pos;
-} newargs;
-
-       if ((uap->share ==  MAP_SHARED )|| (uap->share ==  MAP_PRIVATE )) {
-               newargs.addr = uap->addr;
-               newargs.len = (size_t)uap->len;
-               newargs.prot = uap->prot;
-               newargs.flags = uap->share;
-               newargs.fd = uap->fd;
-               newargs.pos = (off_t)uap->pos;
-               return(mmap(curp,&newargs, retval));
-       } else
-               return(EINVAL); 
-}
+/* XXX the following function should probably be static */
+kern_return_t map_fd_funneled(int, vm_object_offset_t, vm_offset_t *,
+                               boolean_t, vm_size_t);
  
  
-struct mmap_args {
-               caddr_t addr;
-               size_t len;
-               int prot;
-               int flags;
-               int fd;
-#ifdef DOUBLE_ALIGN_PARAMS
-               long pad;
-#endif
-               off_t pos;
-};
+/*
+ * XXX Internally, we use VM_PROT_* somewhat interchangeably, but the correct
+ * XXX usage is PROT_* from an interface perspective.  Thus the values of
+ * XXX VM_PROT_* and PROT_* need to correspond.
+ */
  int
  int
-mmap(p, uap, retval)
-       struct proc *p;
-       struct mmap_args *uap;
-       register_t *retval;
+mmap(proc_t p, struct mmap_args *uap, user_addr_t *retval)
  {
         /*
          *      Map in special device (must be SHARED) or file
          */
  {
         /*
          *      Map in special device (must be SHARED) or file
          */
-       struct file *fp;
+       struct fileproc *fp;
         register struct         vnode *vp;
         int                     flags;
         int                     prot;
         int                     err=0;
         vm_map_t                user_map;
         kern_return_t           result;
         register struct         vnode *vp;
         int                     flags;
         int                     prot;
         int                     err=0;
         vm_map_t                user_map;
         kern_return_t           result;
-       vm_offset_t             user_addr;
-       vm_size_t               user_size;
-       vm_offset_t             pageoff;
+       vm_map_offset_t         user_addr;
+       vm_map_size_t           user_size;
+       vm_object_offset_t      pageoff;
         vm_object_offset_t      file_pos;
         vm_object_offset_t      file_pos;
-       boolean_t               find_space, docow;
+       int                     alloc_flags=0;
+       boolean_t               docow;
         vm_prot_t               maxprot;
         void                    *handle;
         vm_prot_t               maxprot;
         void                    *handle;
-       vm_pager_t              pager;
+       memory_object_t         pager = MEMORY_OBJECT_NULL;
+       memory_object_control_t  control;
         int                     mapanon=0;
         int                     mapanon=0;
+       int                     fpref=0;
+       int error =0;
+       int fd = uap->fd;
+       int num_retries = 0;
+
+       user_map = current_map();
+       user_addr = (vm_map_offset_t)uap->addr;
+       user_size = (vm_map_size_t) uap->len;
+
+       AUDIT_ARG(addr, user_addr);
+       AUDIT_ARG(len, user_size);
+       AUDIT_ARG(fd, uap->fd);
  
  
-       user_addr = (vm_offset_t)uap->addr;
-       user_size = (vm_size_t) uap->len;
         prot = (uap->prot & VM_PROT_ALL);
         prot = (uap->prot & VM_PROT_ALL);
+#if 3777787
+       /*
+        * Since the hardware currently does not support writing without
+        * read-before-write, or execution-without-read, if the request is
+        * for write or execute access, we must imply read access as well;
+        * otherwise programs expecting this to work will fail to operate.
+        */
+       if (prot & (VM_PROT_EXECUTE | VM_PROT_WRITE))
+               prot |= VM_PROT_READ;
+#endif /* radar 3777787 */
+
         flags = uap->flags;
         flags = uap->flags;
+       vp = NULLVP;
  
         /*
          * The vm code does not have prototypes & compiler doesn't do the'
  
         /*
          * The vm code does not have prototypes & compiler doesn't do the'
@@ -228,24 +196,25 @@ mmap(p, uap, retval)
  
  
         /* make sure mapping fits into numeric range etc */
  
  
         /* make sure mapping fits into numeric range etc */
-       if ((file_pos + user_size > (vm_object_offset_t)-PAGE_SIZE_64) ||
-           ((ssize_t) uap->len < 0 )||
-           ((flags & MAP_ANON) && uap->fd != -1))
+       if (file_pos + user_size > (vm_object_offset_t)-PAGE_SIZE_64)
                 return (EINVAL);
  
         /*
          * Align the file position to a page boundary,
          * and save its page offset component.
          */
                 return (EINVAL);
  
         /*
          * Align the file position to a page boundary,
          * and save its page offset component.
          */
-       pageoff = ((vm_offset_t)file_pos & PAGE_MASK);
+       pageoff = (file_pos & vm_map_page_mask(user_map));
         file_pos -= (vm_object_offset_t)pageoff;
  
  
         /* Adjust size for rounding (on both ends). */
         file_pos -= (vm_object_offset_t)pageoff;
  
  
         /* Adjust size for rounding (on both ends). */
-       user_size += pageoff;                   /* low end... */
-       user_size = (vm_size_t) round_page(user_size);  /* hi end */
-
+       user_size += pageoff;   /* low end... */
+       user_size = vm_map_round_page(user_size,        
+                                     vm_map_page_mask(user_map)); /* hi end */
  
  
+       if ((flags & MAP_JIT) && ((flags & MAP_FIXED) || (flags & MAP_SHARED) || !(flags & MAP_ANON))){
+               return EINVAL;
+       }
         /*
          * Check for illegal addresses.  Watch out for address wrap... Note
          * that VM_*_ADDRESS are not constants due to casts (argh).
         /*
          * Check for illegal addresses.  Watch out for address wrap... Note
          * that VM_*_ADDRESS are not constants due to casts (argh).
@@ -257,14 +226,7 @@ mmap(p, uap, retval)
                  * should be aligned after adjustment by pageoff.
                  */
                 user_addr -= pageoff;
                  * should be aligned after adjustment by pageoff.
                  */
                 user_addr -= pageoff;
-               if (user_addr & PAGE_MASK)
-                       return (EINVAL);
-               /* Address range must be all in user VM space. */
-               if (VM_MAX_ADDRESS > 0 && (user_addr + user_size > VM_MAX_ADDRESS))
-                       return (EINVAL);
-               if (VM_MIN_ADDRESS > 0 && user_addr < VM_MIN_ADDRESS)
-                       return (EINVAL);
-               if (user_addr + user_size < user_addr)
+               if (user_addr & vm_map_page_mask(user_map))
                         return (EINVAL);
         }
  #ifdef notyet
                         return (EINVAL);
         }
  #ifdef notyet
@@ -277,49 +239,109 @@ mmap(p, uap, retval)
          * There should really be a pmap call to determine a reasonable
          * location.
          */
          * There should really be a pmap call to determine a reasonable
          * location.
          */
-       else if (addr < round_page(p->p_vmspace->vm_daddr + MAXDSIZ))
-               addr = round_page(p->p_vmspace->vm_daddr + MAXDSIZ);
+       else if (addr < vm_map_round_page(p->p_vmspace->vm_daddr + MAXDSIZ,
+                                         vm_map_page_mask(user_map)))
+               addr = vm_map_round_page(p->p_vmspace->vm_daddr + MAXDSIZ,
+                                        vm_map_page_mask(user_map));
  
  #endif
  
  
  #endif
  
+       alloc_flags = 0;
  
         if (flags & MAP_ANON) {
  
         if (flags & MAP_ANON) {
+
+               maxprot = VM_PROT_ALL;
+#if CONFIG_MACF
+               /*
+                * Entitlement check.
+                */
+               error = mac_proc_check_map_anon(p, user_addr, user_size, prot, flags, &maxprot);
+               if (error) {
+                       return EINVAL;
+               }               
+#endif /* MAC */
+
                 /*
                 /*
-                * Mapping blank space is trivial.
+                * Mapping blank space is trivial.  Use positive fds as the alias
+                * value for memory tracking. 
                  */
                  */
+               if (fd != -1) {
+                       /*
+                        * Use "fd" to pass (some) Mach VM allocation flags,
+                        * (see the VM_FLAGS_* definitions).
+                        */
+                       alloc_flags = fd & (VM_FLAGS_ALIAS_MASK | VM_FLAGS_SUPERPAGE_MASK |
+                                           VM_FLAGS_PURGABLE);
+                       if (alloc_flags != fd) {
+                               /* reject if there are any extra flags */
+                               return EINVAL;
+                       }
+               }
+                       
                 handle = NULL;
                 handle = NULL;
-               maxprot = VM_PROT_ALL;
                 file_pos = 0;
                 mapanon = 1;
         } else {
                 file_pos = 0;
                 mapanon = 1;
         } else {
+               struct vnode_attr va;
+               vfs_context_t ctx = vfs_context_current();
+
+               if (flags & MAP_JIT)
+                       return EINVAL;
+
                 /*
                  * Mapping file, get fp for validation. Obtain vnode and make
                  * sure it is of appropriate type.
                  */
                 /*
                  * Mapping file, get fp for validation. Obtain vnode and make
                  * sure it is of appropriate type.
                  */
-               err = fdgetf(p, uap->fd, &fp);
+               err = fp_lookup(p, fd, &fp, 0);
                 if (err)
                         return(err);
                 if (err)
                         return(err);
-               if(fp->f_type == DTYPE_PSXSHM) {
-                       uap->addr = user_addr;
-                       uap->len = user_size;
+               fpref = 1;
+               switch (FILEGLOB_DTYPE(fp->f_fglob)) {
+               case DTYPE_PSXSHM:
+                       uap->addr = (user_addr_t)user_addr;
+                       uap->len = (user_size_t)user_size;
                         uap->prot = prot;
                         uap->flags = flags;
                         uap->pos = file_pos;
                         uap->prot = prot;
                         uap->flags = flags;
                         uap->pos = file_pos;
-                       return(pshm_mmap(p, uap, retval, fp , pageoff));
+                       error = pshm_mmap(p, uap, retval, fp, (off_t)pageoff);
+                       goto bad;
+               case DTYPE_VNODE:
+                       break;
+               default:
+                       error = EINVAL;
+                       goto bad;
+               }
+               vp = (struct vnode *)fp->f_fglob->fg_data;
+               error = vnode_getwithref(vp);
+               if(error != 0)
+                       goto bad;
+
+               if (vp->v_type != VREG && vp->v_type != VCHR) {
+                       (void)vnode_put(vp);
+                       error = EINVAL;
+                       goto bad;
                 }
  
                 }
  
-               if (fp->f_type != DTYPE_VNODE)
-                       return(EINVAL);
-               vp = (struct vnode *)fp->f_data;
+               AUDIT_ARG(vnpath, vp, ARG_VNODE1);
+               
+               /*
+                * POSIX: mmap needs to update access time for mapped files
+                */
+               if ((vnode_vfsvisflags(vp) & MNT_NOATIME) == 0) {
+                       VATTR_INIT(&va);
+                       nanotime(&va.va_access_time);
+                       VATTR_SET_ACTIVE(&va, va_access_time);
+                       vnode_setattr(vp, &va, ctx);
+               }
  
  
-               if (vp->v_type != VREG && vp->v_type != VCHR)
-                       return (EINVAL);
                 /*
                  * XXX hack to handle use of /dev/zero to map anon memory (ala
                  * SunOS).
                  */
                 if (vp->v_type == VCHR || vp->v_type == VSTR) {
                 /*
                  * XXX hack to handle use of /dev/zero to map anon memory (ala
                  * SunOS).
                  */
                 if (vp->v_type == VCHR || vp->v_type == VSTR) {
-                       return(EOPNOTSUPP);
+                       (void)vnode_put(vp);
+                       error = ENODEV;
+                       goto bad;
                 } else {
                         /*
                          * Ensure that file and memory protections are
                 } else {
                         /*
                          * Ensure that file and memory protections are
@@ -331,10 +353,13 @@ mmap(p, uap, retval)
                          * proc does a setuid?
                          */
                         maxprot = VM_PROT_EXECUTE;      /* ??? */
                          * proc does a setuid?
                          */
                         maxprot = VM_PROT_EXECUTE;      /* ??? */
-                       if (fp->f_flag & FREAD)
+                       if (fp->f_fglob->fg_flag & FREAD)
                                 maxprot |= VM_PROT_READ;
                                 maxprot |= VM_PROT_READ;
-                       else if (prot & PROT_READ)
-                               return (EACCES);
+                       else if (prot & PROT_READ) {
+                               (void)vnode_put(vp);
+                               error = EACCES;
+                               goto bad;
+                       }
                         /*
                          * If we are sharing potential changes (either via
                          * MAP_SHARED or via the implicit sharing of character
                         /*
                          * If we are sharing potential changes (either via
                          * MAP_SHARED or via the implicit sharing of character
@@ -344,84 +369,175 @@ mmap(p, uap, retval)
                          */
  
                         if ((flags & MAP_SHARED) != 0) {
                          */
  
                         if ((flags & MAP_SHARED) != 0) {
-                               if ((fp->f_flag & FWRITE) != 0) {
-                                       struct vattr va;
-                                       if ((err =
-                                           VOP_GETATTR(vp, &va,
-                                                       p->p_ucred, p)))
-                                               return (err);
-                                       if ((va.va_flags &
-                                           (IMMUTABLE|APPEND)) == 0)
-                                               maxprot |= VM_PROT_WRITE;
-                                       else if (prot & PROT_WRITE)
-                                               return (EPERM);
-                               } else if ((prot & PROT_WRITE) != 0)
-                                       return (EACCES);
+                               if ((fp->f_fglob->fg_flag & FWRITE) != 0 &&
+                                   /*
+                                    * Do not allow writable mappings of 
+                                    * swap files (see vm_swapfile_pager.c).
+                                    */
+                                   !vnode_isswap(vp)) {
+                                       /*
+                                        * check for write access
+                                        *
+                                        * Note that we already made this check when granting FWRITE
+                                        * against the file, so it seems redundant here.
+                                        */
+                                       error = vnode_authorize(vp, NULL, KAUTH_VNODE_CHECKIMMUTABLE, ctx);
+ 
+                                       /* if not granted for any reason, but we wanted it, bad */
+                                       if ((prot & PROT_WRITE) && (error != 0)) {
+                                               vnode_put(vp);
+                                               goto bad;
+                                       }
+ 
+                                       /* if writable, remember */
+                                       if (error == 0)
+                                               maxprot |= VM_PROT_WRITE;
+
+                               } else if ((prot & PROT_WRITE) != 0) {
+                                       (void)vnode_put(vp);
+                                       error = EACCES;
+                                       goto bad;
+                               }
                         } else
                                 maxprot |= VM_PROT_WRITE;
  
                         handle = (void *)vp;
                         } else
                                 maxprot |= VM_PROT_WRITE;
  
                         handle = (void *)vp;
+#if CONFIG_MACF
+                       error = mac_file_check_mmap(vfs_context_ucred(ctx),
+                           fp->f_fglob, prot, flags, &maxprot);
+                       if (error) {
+                               (void)vnode_put(vp);
+                               goto bad;
+                       }
+#endif /* MAC */
+
+#if CONFIG_PROTECT
+                       {
+                               error = cp_handle_vnop(vp, CP_READ_ACCESS | CP_WRITE_ACCESS, 0);
+                               if (error) {
+                                       (void) vnode_put(vp);
+                                       goto bad;
+                               }
+                       }
+#endif /* CONFIG_PROTECT */
+
+
                 }
         }
  
                 }
         }
  
-       if (user_size == 0) 
-               return(0);
+       if (user_size == 0)  {
+               if (!mapanon)
+                       (void)vnode_put(vp);
+               error = 0;
+               goto bad;
+       }
  
         /*
          *      We bend a little - round the start and end addresses
          *      to the nearest page boundary.
          */
  
         /*
          *      We bend a little - round the start and end addresses
          *      to the nearest page boundary.
          */
-       user_size = round_page(user_size);
-
-       if (file_pos & PAGE_MASK_64)
-               return (EINVAL);
+       user_size = vm_map_round_page(user_size,
+                                     vm_map_page_mask(user_map));
  
  
-       user_map = current_map();
+       if (file_pos & vm_map_page_mask(user_map)) {
+               if (!mapanon)
+                       (void)vnode_put(vp);
+               error = EINVAL;
+               goto bad;
+       }
  
         if ((flags & MAP_FIXED) == 0) {
  
         if ((flags & MAP_FIXED) == 0) {
-               find_space = TRUE;
-               user_addr = round_page(user_addr); 
+               alloc_flags |= VM_FLAGS_ANYWHERE;
+               user_addr = vm_map_round_page(user_addr,
+                                             vm_map_page_mask(user_map));
         } else {
         } else {
-               if (user_addr != trunc_page(user_addr))
-                       return (EINVAL);
-               find_space = FALSE;
-               (void) vm_deallocate(user_map, user_addr, user_size);
+               if (user_addr != vm_map_trunc_page(user_addr,
+                                                  vm_map_page_mask(user_map))) {
+                       if (!mapanon)
+                               (void)vnode_put(vp);
+                       error = EINVAL;
+                       goto bad;
+               }
+               /*
+                * mmap(MAP_FIXED) will replace any existing mappings in the
+                * specified range, if the new mapping is successful.
+                * If we just deallocate the specified address range here,
+                * another thread might jump in and allocate memory in that
+                * range before we get a chance to establish the new mapping,
+                * and we won't have a chance to restore the old mappings.
+                * So we use VM_FLAGS_OVERWRITE to let Mach VM know that it
+                * has to deallocate the existing mappings and establish the
+                * new ones atomically.
+                */
+               alloc_flags |= VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE;
         }
  
         }
  
+       if (flags & MAP_NOCACHE)
+               alloc_flags |= VM_FLAGS_NO_CACHE;
  
  
+       if (flags & MAP_JIT){
+               alloc_flags |= VM_FLAGS_MAP_JIT;
+       }
         /*
          * Lookup/allocate object.
          */
         /*
          * Lookup/allocate object.
          */
-       if (flags & MAP_ANON) {
-               /*
-                * Unnamed anonymous regions always start at 0.
-                */
-               if (handle == 0)
-                       file_pos = 0;
-       }
-
         if (handle == NULL) {
         if (handle == NULL) {
-               pager = NULL;
+               control = NULL;
  #ifdef notyet
  /* Hmm .. */
  #if defined(VM_PROT_READ_IS_EXEC)
                 if (prot & VM_PROT_READ)
                         prot |= VM_PROT_EXECUTE;
  #ifdef notyet
  /* Hmm .. */
  #if defined(VM_PROT_READ_IS_EXEC)
                 if (prot & VM_PROT_READ)
                         prot |= VM_PROT_EXECUTE;
-
                 if (maxprot & VM_PROT_READ)
                         maxprot |= VM_PROT_EXECUTE;
  #endif
  #endif
                 if (maxprot & VM_PROT_READ)
                         maxprot |= VM_PROT_EXECUTE;
  #endif
  #endif
-               result = vm_allocate(user_map, &user_addr, user_size, find_space);
-               if (result != KERN_SUCCESS) 
-                               goto out;
-               
+
+#if 3777787
+               if (prot & (VM_PROT_EXECUTE | VM_PROT_WRITE))
+                       prot |= VM_PROT_READ;
+               if (maxprot & (VM_PROT_EXECUTE | VM_PROT_WRITE))
+                       maxprot |= VM_PROT_READ;
+#endif /* radar 3777787 */
+map_anon_retry:
+               result = vm_map_enter_mem_object(user_map,
+                                                &user_addr, user_size,
+                                                0, alloc_flags,
+                                                IPC_PORT_NULL, 0, FALSE,
+                                                prot, maxprot,
+                                                (flags & MAP_SHARED) ?
+                                                VM_INHERIT_SHARE : 
+                                                VM_INHERIT_DEFAULT);
+
+               /* If a non-binding address was specified for this anonymous
+                * mapping, retry the mapping with a zero base
+                * in the event the mapping operation failed due to
+                * lack of space between the address and the map's maximum.
+                */
+               if ((result == KERN_NO_SPACE) && ((flags & MAP_FIXED) == 0) && user_addr && (num_retries++ == 0)) {
+                       user_addr = vm_map_page_size(user_map);
+                       goto map_anon_retry;
+               }
         } else {
         } else {
-               UBCINFOCHECK("mmap", vp);
-               pager = ubc_getpager(vp);
+               if (vnode_isswap(vp)) {
+                       /*
+                        * Map swap files with a special pager
+                        * that returns obfuscated contents.
+                        */
+                       control = NULL;
+                       pager = swapfile_pager_setup(vp);
+                       if (pager != MEMORY_OBJECT_NULL) {
+                               control = swapfile_pager_control(pager);
+                       }
+               } else {
+                       control = ubc_getobject(vp, UBC_FLAGS_NONE);
+               }
                 
                 
-               if (pager == NULL)
-                       return (ENOMEM);
+               if (control == NULL) {
+                       (void)vnode_put(vp);
+                       error = ENOMEM;
+                       goto bad;
+               }
  
                 /*
                  *  Set credentials:
  
                 /*
                  *  Set credentials:
@@ -430,7 +546,7 @@ mmap(p, uap, retval)
                  *      with ones that only work for read.
                  */
  
                  *      with ones that only work for read.
                  */
  
-               ubc_setcred(vp, p);
+               ubc_setthreadcred(vp, p, current_thread());
                 docow = FALSE;
                 if ((flags & (MAP_ANON|MAP_SHARED)) == 0) {
                         docow = TRUE;
                 docow = FALSE;
                 if ((flags & (MAP_ANON|MAP_SHARED)) == 0) {
                         docow = TRUE;
@@ -441,83 +557,101 @@ mmap(p, uap, retval)
  #if defined(VM_PROT_READ_IS_EXEC)
                 if (prot & VM_PROT_READ)
                         prot |= VM_PROT_EXECUTE;
  #if defined(VM_PROT_READ_IS_EXEC)
                 if (prot & VM_PROT_READ)
                         prot |= VM_PROT_EXECUTE;
-
                 if (maxprot & VM_PROT_READ)
                         maxprot |= VM_PROT_EXECUTE;
  #endif
  #endif /* notyet */
  
                 if (maxprot & VM_PROT_READ)
                         maxprot |= VM_PROT_EXECUTE;
  #endif
  #endif /* notyet */
  
-               result = vm_map_64(user_map, &user_addr, user_size,
-                               0, find_space, pager, file_pos, docow,
-                         prot, maxprot, 
-                               VM_INHERIT_DEFAULT);
-
-               if (result != KERN_SUCCESS) 
-                               goto out;
-
-               ubc_map(vp);
+#if 3777787
+               if (prot & (VM_PROT_EXECUTE | VM_PROT_WRITE))
+                       prot |= VM_PROT_READ;
+               if (maxprot & (VM_PROT_EXECUTE | VM_PROT_WRITE))
+                       maxprot |= VM_PROT_READ;
+#endif /* radar 3777787 */
+map_file_retry:
+               result = vm_map_enter_mem_object_control(user_map,
+                                                &user_addr, user_size,
+                                                0, alloc_flags,
+                                                control, file_pos,
+                                                docow, prot, maxprot, 
+                                                (flags & MAP_SHARED) ?
+                                                VM_INHERIT_SHARE : 
+                                                VM_INHERIT_DEFAULT);
+
+               /* If a non-binding address was specified for this file backed
+                * mapping, retry the mapping with a zero base
+                * in the event the mapping operation failed due to
+                * lack of space between the address and the map's maximum.
+                */
+               if ((result == KERN_NO_SPACE) && ((flags & MAP_FIXED) == 0) && user_addr && (num_retries++ == 0)) {
+                       user_addr = vm_map_page_size(user_map);
+                       goto map_file_retry;
+               }
         }
  
         }
  
-       if (flags & (MAP_SHARED|MAP_INHERIT)) {
-               result = vm_inherit(user_map, user_addr, user_size,
-                               VM_INHERIT_SHARE);
-               if (result != KERN_SUCCESS) {
-                       (void) vm_deallocate(user_map, user_addr, user_size);
-                       goto out;
-               }
+       if (!mapanon) {
+               (void)vnode_put(vp);
         }
  
         }
  
-out:
         switch (result) {
         case KERN_SUCCESS:
         switch (result) {
         case KERN_SUCCESS:
-               if (!mapanon)
-                       *fdflags(p, uap->fd) |= UF_MAPPED;
-               *retval = (register_t)(user_addr + pageoff);
-               return (0);
+               *retval = user_addr + pageoff;
+               error = 0;
+               break;
         case KERN_INVALID_ADDRESS:
         case KERN_NO_SPACE:
         case KERN_INVALID_ADDRESS:
         case KERN_NO_SPACE:
-               return (ENOMEM);
+               error =  ENOMEM;
+               break;
         case KERN_PROTECTION_FAILURE:
         case KERN_PROTECTION_FAILURE:
-               return (EACCES);
+               error =  EACCES;
+               break;
         default:
         default:
-               return (EINVAL);
+               error =  EINVAL;
+               break;
         }
         }
-       /*NOTREACHED*/
+bad:
+       if (pager != MEMORY_OBJECT_NULL) {
+               /*
+                * Release the reference on the pager.
+                * If the mapping was successful, it now holds
+                * an extra reference.
+                */
+               memory_object_deallocate(pager);
+       }
+       if (fpref)
+               fp_drop(p, fd, fp, 0);
+
+       KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_mmap) | DBG_FUNC_NONE), fd, (uint32_t)(*retval), (uint32_t)user_size, error, 0);
+       KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO2, SYS_mmap) | DBG_FUNC_NONE), (uint32_t)(*retval >> 32), (uint32_t)(user_size >> 32),
+                             (uint32_t)(file_pos >> 32), (uint32_t)file_pos, 0);
+       return(error);
  }
  
  }
  
-struct msync_args {
-               caddr_t addr;
-               int len;
-               int flags;
-};
  int
  int
-msync(p, uap, retval)
-       struct proc *p;
-       struct msync_args *uap;
-       register_t *retval;
+msync(__unused proc_t p, struct msync_args *uap, int32_t *retval)
  {
  {
-       vm_offset_t addr;
-       vm_size_t size, pageoff;
+       __pthread_testcancel(1);
+       return(msync_nocancel(p, (struct msync_nocancel_args *)uap, retval));
+}
+
+int
+msync_nocancel(__unused proc_t p, struct msync_nocancel_args *uap, __unused int32_t *retval)
+{
+       mach_vm_offset_t addr;
+       mach_vm_size_t size;
         int flags;
         vm_map_t user_map;
         int rv;
         vm_sync_t sync_flags=0;
  
         int flags;
         vm_map_t user_map;
         int rv;
         vm_sync_t sync_flags=0;
  
-       addr = (vm_offset_t) uap->addr;
-       pageoff = (addr & PAGE_MASK);
-       addr -= pageoff;
-       size = uap->len;
-       size = (vm_size_t) round_page(size);
-       flags = uap->flags;
-
-       if (addr + size < addr)
-               return(EINVAL);
-
         user_map = current_map();
         user_map = current_map();
-
-       if ((flags & (MS_ASYNC|MS_INVALIDATE)) == (MS_ASYNC|MS_INVALIDATE))
-               return (EINVAL);
-
+       addr = (mach_vm_offset_t) uap->addr;
+       size = (mach_vm_size_t)uap->len;
+       KERNEL_DEBUG_CONSTANT((BSDDBG_CODE(DBG_BSD_SC_EXTENDED_INFO, SYS_msync) | DBG_FUNC_NONE), (uint32_t)(addr >> 32), (uint32_t)(size >> 32), 0, 0, 0);
+       if (addr & vm_map_page_mask(user_map)) {
+               /* UNIX SPEC: user address is not page-aligned, return EINVAL */
+               return EINVAL;
+       }
         if (size == 0) {
                 /*
                  * We cannot support this properly without maintaining
         if (size == 0) {
                 /*
                  * We cannot support this properly without maintaining
@@ -526,9 +660,14 @@ msync(p, uap, retval)
                  * inaccurate results, lets just return error as invalid size
                  * specified
                  */
                  * inaccurate results, lets just return error as invalid size
                  * specified
                  */
-               return(EINVAL);
+               return (EINVAL); /* XXX breaks posix apps */
         }
  
         }
  
+       flags = uap->flags;
+       /* disallow contradictory flags */
+       if ((flags & (MS_SYNC|MS_ASYNC)) == (MS_SYNC|MS_ASYNC))
+               return (EINVAL);
+
         if (flags & MS_KILLPAGES)
                 sync_flags |= VM_SYNC_KILLPAGES;
         if (flags & MS_DEACTIVATE)
         if (flags & MS_KILLPAGES)
                 sync_flags |= VM_SYNC_KILLPAGES;
         if (flags & MS_DEACTIVATE)
@@ -542,104 +681,86 @@ msync(p, uap, retval)
                 else 
                         sync_flags |= VM_SYNC_SYNCHRONOUS;
         }
                 else 
                         sync_flags |= VM_SYNC_SYNCHRONOUS;
         }
-       rv = vm_msync(user_map, addr, size, sync_flags);
+
+       sync_flags |= VM_SYNC_CONTIGUOUS;       /* complain if holes */
+
+       rv = mach_vm_msync(user_map, addr, size, sync_flags);
  
         switch (rv) {
         case KERN_SUCCESS:
                 break;
  
         switch (rv) {
         case KERN_SUCCESS:
                 break;
-       case KERN_INVALID_ADDRESS:
-               return (EINVAL);        /* Sun returns ENOMEM? */
+       case KERN_INVALID_ADDRESS:      /* hole in region being sync'ed */
+               return (ENOMEM);
         case KERN_FAILURE:
                 return (EIO);
         default:
                 return (EINVAL);
         }
         case KERN_FAILURE:
                 return (EIO);
         default:
                 return (EINVAL);
         }
-
         return (0);
         return (0);
-
  }
  
  
  }
  
  
-mremap()
+int
+munmap(__unused proc_t p, struct munmap_args *uap, __unused int32_t *retval)
  {
  {
-       /* Not yet implemented */
-       return (EOPNOTSUPP);
-}
-
-struct munmap_args {
-               caddr_t addr;
-               int     len;
-};
-munmap(p, uap, retval)
-       struct proc *p;
-       struct munmap_args *uap;
-       register_t *retval;
+       mach_vm_offset_t        user_addr;
+       mach_vm_size_t          user_size;
+       kern_return_t           result;
+       vm_map_t                user_map;
  
  
-{
-       vm_offset_t     user_addr;
-       vm_size_t       user_size, pageoff;
-       kern_return_t   result;
+       user_map = current_map();
+       user_addr = (mach_vm_offset_t) uap->addr;
+       user_size = (mach_vm_size_t) uap->len;
  
  
-       user_addr = (vm_offset_t) uap->addr;
-       user_size = (vm_size_t) uap->len;
+       AUDIT_ARG(addr, user_addr);
+       AUDIT_ARG(len, user_size);
  
  
-       pageoff = (user_addr & PAGE_MASK);
+       if (user_addr & vm_map_page_mask(user_map)) {
+               /* UNIX SPEC: user address is not page-aligned, return EINVAL */
+               return EINVAL;
+       }
  
  
-       user_addr -= pageoff;
-       user_size += pageoff;
-       user_size = round_page(user_size);
         if (user_addr + user_size < user_addr)
                 return(EINVAL);
  
         if (user_addr + user_size < user_addr)
                 return(EINVAL);
  
-       if (user_size == 0)
-               return (0);
-
-       /* Address range must be all in user VM space. */
-       if (VM_MAX_ADDRESS > 0 && (user_addr + user_size > VM_MAX_ADDRESS))
-               return (EINVAL);
-       if (VM_MIN_ADDRESS > 0 && user_addr < VM_MIN_ADDRESS)
-               return (EINVAL);
-
+       if (user_size == 0) {
+               /* UNIX SPEC: size is 0, return EINVAL */
+               return EINVAL;
+       }
  
  
-       result = vm_deallocate(current_map(), user_addr, user_size);
+       result = mach_vm_deallocate(user_map, user_addr, user_size);
         if (result != KERN_SUCCESS) {
                 return(EINVAL);
         }
         return(0);
  }
  
         if (result != KERN_SUCCESS) {
                 return(EINVAL);
         }
         return(0);
  }
  
-void
-munmapfd(p, fd)
-       struct proc *p;
-       int fd;
-{
-       /*
-        * XXX should vm_deallocate any regions mapped to this file
-        */
-       *fdflags(p, fd) &= ~UF_MAPPED;
-}
-
-struct mprotect_args {
-               caddr_t addr;
-               int len;
-               int prot;
-};
  int
  int
-mprotect(p, uap, retval)
-       struct proc *p;
-       struct mprotect_args *uap;
-       register_t *retval;
+mprotect(__unused proc_t p, struct mprotect_args *uap, __unused int32_t *retval)
  {
         register vm_prot_t prot;
  {
         register vm_prot_t prot;
-       vm_offset_t     user_addr;
-       vm_size_t       user_size, pageoff;
+       mach_vm_offset_t        user_addr;
+       mach_vm_size_t  user_size;
         kern_return_t   result;
         vm_map_t        user_map;
         kern_return_t   result;
         vm_map_t        user_map;
+#if CONFIG_MACF
+       int error;
+#endif
  
  
-       user_addr = (vm_offset_t) uap->addr;
-       user_size = (vm_size_t) uap->len;
-       prot = (vm_prot_t)(uap->prot & VM_PROT_ALL);
+       AUDIT_ARG(addr, uap->addr);
+       AUDIT_ARG(len, uap->len);
+       AUDIT_ARG(value32, uap->prot);
  
  
+       user_map = current_map();
+       user_addr = (mach_vm_offset_t) uap->addr;
+       user_size = (mach_vm_size_t) uap->len;
+       prot = (vm_prot_t)(uap->prot & (VM_PROT_ALL | VM_PROT_TRUSTED));
+
+       if (user_addr & vm_map_page_mask(user_map)) {
+               /* UNIX SPEC: user address is not page-aligned, return EINVAL */
+               return EINVAL;
+       }
+               
  #ifdef notyet
  /* Hmm .. */
  #if defined(VM_PROT_READ_IS_EXEC)
  #ifdef notyet
  /* Hmm .. */
  #if defined(VM_PROT_READ_IS_EXEC)
@@ -648,58 +769,92 @@ mprotect(p, uap, retval)
  #endif
  #endif /* notyet */
  
  #endif
  #endif /* notyet */
  
-       pageoff = (user_addr & PAGE_MASK);
-       user_addr -= pageoff;
-       user_size += pageoff;
-       user_size = round_page(user_size);
-       if (user_addr + user_size < user_addr)
-               return(EINVAL);
+#if 3936456
+       if (prot & (VM_PROT_EXECUTE | VM_PROT_WRITE))
+               prot |= VM_PROT_READ;
+#endif /* 3936456 */
  
  
-       user_map = current_map();
+#if CONFIG_MACF
+       /*
+        * The MAC check for mprotect is of limited use for 2 reasons:
+        * Without mmap revocation, the caller could have asked for the max
+        * protections initially instead of a reduced set, so a mprotect
+        * check would offer no new security.
+        * It is not possible to extract the vnode from the pager object(s)
+        * of the target memory range.
+        * However, the MAC check may be used to prevent a process from,
+        * e.g., making the stack executable.
+        */
+       error = mac_proc_check_mprotect(p, user_addr,
+                       user_size, prot);
+       if (error)
+               return (error);
+#endif
  
  
-       result = vm_map_protect(user_map, user_addr, user_addr+user_size, prot,
-                                        FALSE);
+       if(prot & VM_PROT_TRUSTED) {
+#if CONFIG_DYNAMIC_CODE_SIGNING
+               /* CODE SIGNING ENFORCEMENT - JIT support */
+               /* The special protection value VM_PROT_TRUSTED requests that we treat
+                * this page as if it had a valid code signature.
+                * If this is enabled, there MUST be a MAC policy implementing the 
+                * mac_proc_check_mprotect() hook above. Otherwise, Codesigning will be
+                * compromised because the check would always succeed and thusly any
+                * process could sign dynamically. */
+               result = vm_map_sign(
+                       user_map, 
+                       vm_map_trunc_page(user_addr,
+                                         vm_map_page_mask(user_map)),
+                       vm_map_round_page(user_addr+user_size,
+                                         vm_map_page_mask(user_map)));
+               switch (result) {
+                       case KERN_SUCCESS:
+                               break;
+                       case KERN_INVALID_ADDRESS:
+                               /* UNIX SPEC: for an invalid address range, return ENOMEM */
+                               return ENOMEM;
+                       default:
+                               return EINVAL;
+               }
+#else
+               return ENOTSUP;
+#endif
+       }
+       prot &= ~VM_PROT_TRUSTED;
+       
+       result = mach_vm_protect(user_map, user_addr, user_size,
+                                FALSE, prot);
         switch (result) {
         case KERN_SUCCESS:
                 return (0);
         case KERN_PROTECTION_FAILURE:
                 return (EACCES);
         switch (result) {
         case KERN_SUCCESS:
                 return (0);
         case KERN_PROTECTION_FAILURE:
                 return (EACCES);
+       case KERN_INVALID_ADDRESS:
+               /* UNIX SPEC: for an invalid address range, return ENOMEM */
+               return ENOMEM;
         }
         return (EINVAL);
  }
  
  
         }
         return (EINVAL);
  }
  
  
-struct minherit_args {
-       void *addr;
-       size_t len;
-       int inherit;
-};
-
  int
  int
-minherit(p, uap, retval)
-       struct proc *p;
-       struct minherit_args *uap;
-       register_t *retval;
+minherit(__unused proc_t p, struct minherit_args *uap, __unused int32_t *retval)
  {
  {
-       vm_offset_t addr;
-       vm_size_t size, pageoff;
+       mach_vm_offset_t addr;
+       mach_vm_size_t size;
         register vm_inherit_t inherit;
         vm_map_t        user_map;
         kern_return_t   result;
  
         register vm_inherit_t inherit;
         vm_map_t        user_map;
         kern_return_t   result;
  
-       addr = (vm_offset_t)uap->addr;
-       size = uap->len;
-       inherit = uap->inherit;
+       AUDIT_ARG(addr, uap->addr);
+       AUDIT_ARG(len, uap->len);
+       AUDIT_ARG(value32, uap->inherit);
  
  
-       pageoff = (addr & PAGE_MASK);
-       addr -= pageoff;
-       size += pageoff;
-       size = (vm_size_t) round_page(size);
-       if (addr + size < addr)
-               return(EINVAL);
+       addr = (mach_vm_offset_t)uap->addr;
+       size = (mach_vm_size_t)uap->len;
+       inherit = uap->inherit;
  
         user_map = current_map();
  
         user_map = current_map();
-       result = vm_inherit(user_map, addr, size,
+       result = mach_vm_inherit(user_map, addr, size,
                                 inherit);
         switch (result) {
         case KERN_SUCCESS:
                                 inherit);
         switch (result) {
         case KERN_SUCCESS:
@@ -710,45 +865,19 @@ minherit(p, uap, retval)
         return (EINVAL);
  }
  
         return (EINVAL);
  }
  
-struct madvise_args {
-               caddr_t addr;
-               int len;
-               int behav;
-};
-/* ARGSUSED */
  int
  int
-madvise(p, uap, retval)
-       struct proc *p;
-       struct madvise_args *uap;
-       register_t *retval;
+madvise(__unused proc_t p, struct madvise_args *uap, __unused int32_t *retval)
  {
         vm_map_t user_map;
  {
         vm_map_t user_map;
-       vm_offset_t start, end;
+       mach_vm_offset_t start;
+       mach_vm_size_t size;
         vm_behavior_t new_behavior;
         kern_return_t   result;
  
         vm_behavior_t new_behavior;
         kern_return_t   result;
  
-       /*
-        * Check for illegal addresses.  Watch out for address wrap... Note
-        * that VM_*_ADDRESS are not constants due to casts (argh).
-        */
-       if (VM_MAX_ADDRESS > 0 &&
-               ((vm_offset_t) uap->addr + uap->len) > VM_MAX_ADDRESS)
-               return (ENOMEM);
-       if (VM_MIN_ADDRESS > 0 && uap->addr < VM_MIN_ADDRESS)
-               return (ENOMEM);
-
-       if (((vm_offset_t) uap->addr + uap->len) < (vm_offset_t) uap->addr)
-               return (ENOMEM);
-
         /*
          * Since this routine is only advisory, we default to conservative
          * behavior.
          */
         /*
          * Since this routine is only advisory, we default to conservative
          * behavior.
          */
-       start = trunc_page((vm_offset_t) uap->addr);
-       end = round_page((vm_offset_t) uap->addr + uap->len);
-       
-       user_map = current_map();
-
         switch (uap->behav) {
                 case MADV_RANDOM:
                         new_behavior = VM_BEHAVIOR_RANDOM;
         switch (uap->behav) {
                 case MADV_RANDOM:
                         new_behavior = VM_BEHAVIOR_RANDOM;
@@ -765,37 +894,49 @@ madvise(p, uap, retval)
                 case MADV_DONTNEED:
                         new_behavior = VM_BEHAVIOR_DONTNEED;
                         break;
                 case MADV_DONTNEED:
                         new_behavior = VM_BEHAVIOR_DONTNEED;
                         break;
+               case MADV_FREE:
+                       new_behavior = VM_BEHAVIOR_FREE;
+                       break;
+               case MADV_ZERO_WIRED_PAGES:
+                       new_behavior = VM_BEHAVIOR_ZERO_WIRED_PAGES;
+                       break;
+               case MADV_FREE_REUSABLE:
+                       new_behavior = VM_BEHAVIOR_REUSABLE;
+                       break;
+               case MADV_FREE_REUSE:
+                       new_behavior = VM_BEHAVIOR_REUSE;
+                       break;
+               case MADV_CAN_REUSE:
+                       new_behavior = VM_BEHAVIOR_CAN_REUSE;
+                       break;
                 default:
                         return(EINVAL);
         }
  
                 default:
                         return(EINVAL);
         }
  
-       result = vm_behavior_set(user_map, start, end, new_behavior);
+       start = (mach_vm_offset_t) uap->addr;
+       size = (mach_vm_size_t) uap->len;
+       
+       user_map = current_map();
+
+       result = mach_vm_behavior_set(user_map, start, size, new_behavior);
         switch (result) {
         switch (result) {
-               case KERN_SUCCESS:
-                       return (0);
-               case KERN_INVALID_ADDRESS:
-                       return (EINVAL);
+       case KERN_SUCCESS:
+               return 0;
+       case KERN_INVALID_ADDRESS:
+               return EINVAL;
+       case KERN_NO_SPACE:     
+               return ENOMEM;
         }
  
         }
  
-       return (EINVAL);
+       return EINVAL;
  }
  
  }
  
-struct mincore_args {
-       const void *addr;
-       size_t len;
-       char *vec;
-};
-/* ARGSUSED */
  int
  int
-mincore(p, uap, retval)
-       struct proc *p;
-       struct mincore_args *uap;
-       register_t *retval;
+mincore(__unused proc_t p, struct mincore_args *uap, __unused int32_t *retval)
  {
  {
-       vm_offset_t addr, first_addr;
-       vm_offset_t end;
+       mach_vm_offset_t addr, first_addr, end;
         vm_map_t map;
         vm_map_t map;
-       char *vec;
+       user_addr_t vec;
         int error;
         int vecindex, lastvecindex;
         int mincoreinfo=0;
         int error;
         int vecindex, lastvecindex;
         int mincoreinfo=0;
@@ -803,17 +944,19 @@ mincore(p, uap, retval)
         kern_return_t   ret;
         int numref;
  
         kern_return_t   ret;
         int numref;
  
+       char c;
+
         map = current_map();
  
         /*
          * Make sure that the addresses presented are valid for user
          * mode.
          */
         map = current_map();
  
         /*
          * Make sure that the addresses presented are valid for user
          * mode.
          */
-       first_addr = addr = trunc_page((vm_offset_t) uap->addr);
-       end = addr + (vm_size_t)round_page(uap->len);
+       first_addr = addr = vm_map_trunc_page(uap->addr,
+                                             vm_map_page_mask(map));
+       end = addr + vm_map_round_page(uap->len,
+                                      vm_map_page_mask(map));
  
  
-       if (VM_MAX_ADDRESS > 0 && end > VM_MAX_ADDRESS)
-               return (EINVAL);
         if (end < addr)
                 return (EINVAL);
  
         if (end < addr)
                 return (EINVAL);
  
@@ -830,9 +973,9 @@ mincore(p, uap, retval)
          * up the pages elsewhere.
          */
         lastvecindex = -1;
          * up the pages elsewhere.
          */
         lastvecindex = -1;
-       for(addr; addr < end; addr += PAGE_SIZE) {
+       for( ; addr < end; addr += PAGE_SIZE ) {
                 pqueryinfo = 0;
                 pqueryinfo = 0;
-               ret = vm_map_page_query(map, addr, &pqueryinfo, &numref);
+               ret = mach_vm_page_query(map, addr, &pqueryinfo, &numref);
                 if (ret != KERN_SUCCESS) 
                         pqueryinfo = 0;
                 mincoreinfo = 0;
                 if (ret != KERN_SUCCESS) 
                         pqueryinfo = 0;
                 mincoreinfo = 0;
@@ -854,7 +997,8 @@ mincore(p, uap, retval)
                  * the byte vector is zeroed for those skipped entries.
                  */
                 while((lastvecindex + 1) < vecindex) {
                  * the byte vector is zeroed for those skipped entries.
                  */
                 while((lastvecindex + 1) < vecindex) {
-                       error = subyte( vec + lastvecindex, 0);
+                       c = 0;
+                       error = copyout(&c, vec + lastvecindex, 1);
                         if (error) {
                                 return (EFAULT);
                         }
                         if (error) {
                                 return (EFAULT);
                         }
@@ -864,7 +1008,8 @@ mincore(p, uap, retval)
                 /*
                  * Pass the page information to the user
                  */
                 /*
                  * Pass the page information to the user
                  */
-               error = subyte( vec + vecindex, mincoreinfo);
+               c = (char)mincoreinfo;
+               error = copyout(&c, vec + vecindex, 1);
                 if (error) {
                         return (EFAULT);
                 }
                 if (error) {
                         return (EFAULT);
                 }
@@ -877,7 +1022,8 @@ mincore(p, uap, retval)
          */
         vecindex = (end - first_addr) >> PAGE_SHIFT;
         while((lastvecindex + 1) < vecindex) {
          */
         vecindex = (end - first_addr) >> PAGE_SHIFT;
         while((lastvecindex + 1) < vecindex) {
-               error = subyte( vec + lastvecindex, 0);
+               c = 0;
+               error = copyout(&c, vec + lastvecindex, 1);
                 if (error) {
                         return (EFAULT);
                 }
                 if (error) {
                         return (EFAULT);
                 }
@@ -887,175 +1033,99 @@ mincore(p, uap, retval)
         return (0);
  }
  
         return (0);
  }
  
-struct mlock_args {
-               caddr_t addr;
-               size_t len;
-};
-
  int
  int
-mlock(p, uap, retval)
-       struct proc *p;
-       struct mlock_args *uap;
-       register_t *retval;
+mlock(__unused proc_t p, struct mlock_args *uap, __unused int32_t *retvalval)
  {
         vm_map_t user_map;
  {
         vm_map_t user_map;
-       vm_offset_t addr;
-       vm_size_t size, pageoff;
-       int error;
+       vm_map_offset_t addr;
+       vm_map_size_t size, pageoff;
         kern_return_t   result;
  
         kern_return_t   result;
  
-       addr = (vm_offset_t) uap->addr;
-       size = uap->len;
+       AUDIT_ARG(addr, uap->addr);
+       AUDIT_ARG(len, uap->len);
  
  
-       pageoff = (addr & PAGE_MASK);
-       addr -= pageoff;
-       size += pageoff;
-       size = (vm_size_t) round_page(size);
+       addr = (vm_map_offset_t) uap->addr;
+       size = (vm_map_size_t)uap->len;
  
         /* disable wrap around */
         if (addr + size < addr)
                 return (EINVAL);
  
         /* disable wrap around */
         if (addr + size < addr)
                 return (EINVAL);
-#ifdef notyet 
-/* Hmm.. What am I going to do with this? */
-       if (atop(size) + cnt.v_wire_count > vm_page_max_wired)
-               return (EAGAIN);
-#ifdef pmap_wired_count
-       if (size + ptoa(pmap_wired_count(vm_map_pmap(&p->p_vmspace->vm_map))) >
-           p->p_rlimit[RLIMIT_MEMLOCK].rlim_cur)
-               return (ENOMEM);
-#else
-       error = suser(p->p_ucred, &p->p_acflag);
-       if (error)
-               return (error);
-#endif
-#endif /* notyet */
+
+       if (size == 0)
+               return (0);
  
         user_map = current_map();
  
         user_map = current_map();
+       pageoff = (addr & vm_map_page_mask(user_map));
+       addr -= pageoff;
+       size = vm_map_round_page(size+pageoff, vm_map_page_mask(user_map));
  
  
-       /* vm_wire */
-       result = vm_map_wire(user_map, addr, (vm_offset_t)(addr+size), VM_PROT_NONE, TRUE);
-       return (result == KERN_SUCCESS ? 0 : ENOMEM);
+       /* have to call vm_map_wire directly to pass "I don't know" protections */
+       result = vm_map_wire(user_map, addr, addr+size, VM_PROT_NONE, TRUE);
+
+       if (result == KERN_RESOURCE_SHORTAGE)
+               return EAGAIN;
+       else if (result != KERN_SUCCESS)
+               return ENOMEM;
+
+       return 0;       /* KERN_SUCCESS */
  }
  
  }
  
-struct munlock_args {
-               caddr_t addr;
-               size_t len;
-};
  int
  int
-munlock(p, uap, retval)
-       struct proc *p;
-       struct munlock_args *uap;
-       register_t *retval;
+munlock(__unused proc_t p, struct munlock_args *uap, __unused int32_t *retval)
  {
  {
-       vm_offset_t addr;
-       vm_size_t size, pageoff;
-       int error;
+       mach_vm_offset_t addr;
+       mach_vm_size_t size;
         vm_map_t user_map;
         kern_return_t   result;
  
         vm_map_t user_map;
         kern_return_t   result;
  
-       addr = (vm_offset_t) uap->addr;
-       size = uap->len;
-
-       pageoff = (addr & PAGE_MASK);
-       addr -= pageoff;
-       size += pageoff;
-       size = (vm_size_t) round_page(size);
-
-       /* disable wrap around */
-       if (addr + size < addr)
-               return (EINVAL);
-
-#ifdef notyet 
-/* Hmm.. What am I going to do with this? */
-#ifndef pmap_wired_count
-       error = suser(p->p_ucred, &p->p_acflag);
-       if (error)
-               return (error);
-#endif
-#endif /* notyet */
+       AUDIT_ARG(addr, uap->addr);
+       AUDIT_ARG(addr, uap->len);
  
  
+       addr = (mach_vm_offset_t) uap->addr;
+       size = (mach_vm_size_t)uap->len;
         user_map = current_map();
  
         user_map = current_map();
  
-       /* vm_wire */
-       result = vm_wire(host_priv_self(), user_map, addr, size, VM_PROT_NONE);
+       /* JMM - need to remove all wirings by spec - this just removes one */
+       result = mach_vm_wire(host_priv_self(), user_map, addr, size, VM_PROT_NONE);
         return (result == KERN_SUCCESS ? 0 : ENOMEM);
  }
  
  
         return (result == KERN_SUCCESS ? 0 : ENOMEM);
  }
  
  
-struct mlockall_args {
-       int     how;
-};
-
  int
  int
-mlockall(p, uap)
-       struct proc *p;
-       struct mlockall_args *uap;
+mlockall(__unused proc_t p, __unused struct mlockall_args *uap, __unused int32_t *retval)
  {
         return (ENOSYS);
  }
  
  {
         return (ENOSYS);
  }
  
-struct munlockall_args {
-       int     how;
-};
-
  int
  int
-munlockall(p, uap)
-       struct proc *p;
-       struct munlockall_args *uap;
+munlockall(__unused proc_t p, __unused struct munlockall_args *uap, __unused int32_t *retval)
  {
         return(ENOSYS);
  }
  
  {
         return(ENOSYS);
  }
  
-
-/* BEGIN DEFUNCT */
-struct obreak_args {
-       char *nsiz;
-};
-obreak(p, uap, retval)
-       struct proc *p;
-       struct obreak_args *uap;
-       register_t *retval;
-{
-       /* Not implemented, obsolete */
-       return (ENOMEM);
-}
-
-int    both;
-
-ovadvise()
-{
-
-#ifdef lint
-       both = 0;
-#endif
-}
-/* END DEFUNCT */
-#if 1
-int print_map_addr=0;
-#endif /* 1 */
-
-/* CDY need to fix interface to allow user to map above 32 bits */
-kern_return_t map_fd(
-       int             fd,
-       vm_offset_t     offset,
-       vm_offset_t     *va,
-       boolean_t       findspace,
-       vm_size_t       size)
+/* USV: No! need to obsolete map_fd()! mmap() already supports 64 bits */
+kern_return_t
+map_fd(struct map_fd_args *args)
  {
  {
+       int             fd = args->fd;
+       vm_offset_t     offset = args->offset;
+       vm_offset_t     *va = args->va;
+       boolean_t       findspace = args->findspace;
+       vm_size_t       size = args->size;
         kern_return_t ret;
         kern_return_t ret;
-       boolean_t funnel_state;
-
-       funnel_state = thread_funnel_set(kernel_flock, TRUE);
  
  
-       ret = map_fd_funneled( fd, (vm_object_offset_t)offset, 
-                                                       va, findspace, size);
+       AUDIT_MACH_SYSCALL_ENTER(AUE_MAPFD);
+       AUDIT_ARG(addr, CAST_DOWN(user_addr_t, args->va));
+       AUDIT_ARG(fd, fd);
  
  
-       (void) thread_funnel_set(kernel_flock, FALSE);
+       ret = map_fd_funneled( fd, (vm_object_offset_t)offset, va, findspace, size);
  
  
+       AUDIT_MACH_SYSCALL_EXIT(ret);
         return ret;
  }
  
         return ret;
  }
  
-kern_return_t map_fd_funneled(
+kern_return_t
+map_fd_funneled(
         int                     fd,
         vm_object_offset_t      offset,
         vm_offset_t             *va,
         int                     fd,
         vm_object_offset_t      offset,
         vm_offset_t             *va,
@@ -1063,111 +1133,181 @@ kern_return_t map_fd_funneled(
         vm_size_t               size)
  {
         kern_return_t   result;
         vm_size_t               size)
  {
         kern_return_t   result;
-       struct file     *fp;
+       struct fileproc *fp;
         struct vnode    *vp;
         void *  pager;
         vm_offset_t     map_addr=0;
         vm_size_t       map_size;
         struct vnode    *vp;
         void *  pager;
         vm_offset_t     map_addr=0;
         vm_size_t       map_size;
-       vm_map_copy_t   tmp;
         int             err=0;
         int             err=0;
+       vm_prot_t       maxprot = VM_PROT_ALL;
         vm_map_t        my_map;
         vm_map_t        my_map;
-       struct proc     *p =(struct proc *)current_proc();
-#if 0
-       extern int print_map_addr;
-#endif /* 0 */
+       proc_t          p = current_proc();
+       struct vnode_attr vattr;
+
+       my_map = current_map();
  
         /*
          *      Find the inode; verify that it's a regular file.
          */
  
  
         /*
          *      Find the inode; verify that it's a regular file.
          */
  
-       err = fdgetf(p, fd, &fp);
+       err = fp_lookup(p, fd, &fp, 0);
         if (err)
                 return(err);
         
         if (err)
                 return(err);
         
-       if (fp->f_type != DTYPE_VNODE)
-               return(KERN_INVALID_ARGUMENT);
-       vp = (struct vnode *)fp->f_data;
+       if (FILEGLOB_DTYPE(fp->f_fglob) != DTYPE_VNODE) {
+               err = KERN_INVALID_ARGUMENT;
+               goto bad;
+       }
+
+       if (!(fp->f_fglob->fg_flag & FREAD)) {
+               err = KERN_PROTECTION_FAILURE;
+               goto bad;
+       }
+
+       vp = (struct vnode *)fp->f_fglob->fg_data;
+       err = vnode_getwithref(vp);
+       if(err != 0) 
+               goto bad;
+
+       if (vp->v_type != VREG) {
+               (void)vnode_put(vp);
+               err = KERN_INVALID_ARGUMENT;
+               goto bad;
+       }
+
+#if CONFIG_MACF
+       err = mac_file_check_mmap(vfs_context_ucred(vfs_context_current()),
+                       fp->f_fglob, VM_PROT_DEFAULT, MAP_FILE, &maxprot);
+       if (err) {
+               (void)vnode_put(vp);
+               goto bad;
+       }
+#endif /* MAC */
+
+#if CONFIG_PROTECT
+       /* check for content protection access */
+       {
+               err = cp_handle_vnop(vp, CP_READ_ACCESS | CP_WRITE_ACCESS, 0);
+               if (err != 0) { 
+                       (void) vnode_put(vp);
+                       goto bad;
+               }
+       }
+#endif /* CONFIG_PROTECT */
  
  
-       if (vp->v_type != VREG)
-               return (KERN_INVALID_ARGUMENT);
+       AUDIT_ARG(vnpath, vp, ARG_VNODE1);
  
  
-       if (offset & PAGE_MASK_64) {
+       /*
+        * POSIX: mmap needs to update access time for mapped files
+        */
+       if ((vnode_vfsvisflags(vp) & MNT_NOATIME) == 0) {
+               VATTR_INIT(&vattr);
+               nanotime(&vattr.va_access_time);
+               VATTR_SET_ACTIVE(&vattr, va_access_time);
+               vnode_setattr(vp, &vattr, vfs_context_current());
+       }
+       
+       if (offset & vm_map_page_mask(my_map)) {
                 printf("map_fd: file offset not page aligned(%d : %s)\n",p->p_pid, p->p_comm);
                 printf("map_fd: file offset not page aligned(%d : %s)\n",p->p_pid, p->p_comm);
-               return (KERN_INVALID_ARGUMENT);
+               (void)vnode_put(vp);
+               err = KERN_INVALID_ARGUMENT;
+               goto bad;
         }
         }
-       map_size = round_page(size);
+       map_size = vm_map_round_page(size, vm_map_page_mask(my_map));
  
         /*
          * Allow user to map in a zero length file.
          */
  
         /*
          * Allow user to map in a zero length file.
          */
-       if (size == 0)
-               return (KERN_SUCCESS);
+       if (size == 0) {
+               (void)vnode_put(vp);
+               err = KERN_SUCCESS;
+               goto bad;
+       }
         /*
          *      Map in the file.
          */
         /*
          *      Map in the file.
          */
-       UBCINFOCHECK("map_fd_funneled", vp);
-       pager = (void *) ubc_getpager(vp);
-       if (pager == NULL)
-               return (KERN_FAILURE);
-
-
-       my_map = current_map();
+       pager = (void *)ubc_getpager(vp);
+       if (pager == NULL) {
+               (void)vnode_put(vp);
+               err = KERN_FAILURE;
+               goto bad;
+       }
  
         result = vm_map_64(
                         my_map,
  
         result = vm_map_64(
                         my_map,
-                       &map_addr, map_size, (vm_offset_t)0, TRUE,
-                       pager, offset, TRUE,
-                       VM_PROT_DEFAULT, VM_PROT_ALL,
+                       &map_addr, map_size, (vm_offset_t)0, 
+                       VM_FLAGS_ANYWHERE, pager, offset, TRUE,
+                       VM_PROT_DEFAULT, maxprot,
                         VM_INHERIT_DEFAULT);
                         VM_INHERIT_DEFAULT);
-       if (result != KERN_SUCCESS)
-               return (result);
+       if (result != KERN_SUCCESS) {
+               (void)vnode_put(vp);
+               err = result;
+               goto bad;
+       }
  
  
         if (!findspace) {
  
  
         if (!findspace) {
-               vm_offset_t     dst_addr;
+               //K64todo fix for 64bit user?
+               uint32_t        dst_addr;
                 vm_map_copy_t   tmp;
  
                 vm_map_copy_t   tmp;
  
-               if (copyin(va, &dst_addr, sizeof (dst_addr))    ||
-                                       trunc_page(dst_addr) != dst_addr) {
+               if (copyin(CAST_USER_ADDR_T(va), &dst_addr, sizeof (dst_addr))  ||
+                   trunc_page(dst_addr) != dst_addr) {
                         (void) vm_map_remove(
                                         my_map,
                                         map_addr, map_addr + map_size,
                                         VM_MAP_NO_FLAGS);
                         (void) vm_map_remove(
                                         my_map,
                                         map_addr, map_addr + map_size,
                                         VM_MAP_NO_FLAGS);
-                       return (KERN_INVALID_ADDRESS);
+                       (void)vnode_put(vp);
+                       err = KERN_INVALID_ADDRESS;
+                       goto bad;
                 }
  
                 }
  
-               result = vm_map_copyin(
-                               my_map,
-                               map_addr, map_size, TRUE,
-                               &tmp);
+               result = vm_map_copyin(my_map, (vm_map_address_t)map_addr,
+                                      (vm_map_size_t)map_size, TRUE, &tmp);
                 if (result != KERN_SUCCESS) {
                         
                         (void) vm_map_remove(
                 if (result != KERN_SUCCESS) {
                         
                         (void) vm_map_remove(
-                                       my_map,
-                                       map_addr, map_addr + map_size,
-                                       VM_MAP_NO_FLAGS);
-                       return (result);
+                               my_map,
+                               vm_map_trunc_page(map_addr,
+                                                 vm_map_page_mask(my_map)),
+                               vm_map_round_page(map_addr + map_size,
+                                                 vm_map_page_mask(my_map)),
+                               VM_MAP_NO_FLAGS);
+                       (void)vnode_put(vp);
+                       err = result;
+                       goto bad;
                 }
  
                 }
  
-               result = vm_map_copy_overwrite(
-                                       my_map,
-                                       dst_addr, tmp, FALSE);
+               result = vm_map_copy_overwrite(my_map,
+                                       (vm_map_address_t)dst_addr, tmp, FALSE);
                 if (result != KERN_SUCCESS) {
                         vm_map_copy_discard(tmp);
                 if (result != KERN_SUCCESS) {
                         vm_map_copy_discard(tmp);
-                       return (result);
+                       (void)vnode_put(vp);
+                       err = result;
+                       goto bad;
                 }
         } else {
                 }
         } else {
-               if (copyout(&map_addr, va, sizeof (map_addr))) {
+               // K64todo bug compatible now, should fix for 64bit user
+               uint32_t user_map_addr = CAST_DOWN_EXPLICIT(uint32_t, map_addr);
+               if (copyout(&user_map_addr, CAST_USER_ADDR_T(va), sizeof (user_map_addr))) {
                         (void) vm_map_remove(
                         (void) vm_map_remove(
-                                       my_map,
-                                       map_addr, map_addr + map_size,
-                                       VM_MAP_NO_FLAGS);
-                       return (KERN_INVALID_ADDRESS);
+                               my_map,
+                               vm_map_trunc_page(map_addr,
+                                                 vm_map_page_mask(my_map)),
+                               vm_map_round_page(map_addr + map_size,
+                                                 vm_map_page_mask(my_map)),
+                               VM_MAP_NO_FLAGS);
+                       (void)vnode_put(vp);
+                       err = KERN_INVALID_ADDRESS;
+                       goto bad;
                 }
         }
  
                 }
         }
  
-       ubc_setcred(vp, current_proc());
-       ubc_map(vp);
-
-       return (KERN_SUCCESS);
+       ubc_setthreadcred(vp, current_proc(), current_thread());
+       (void)vnode_put(vp);
+       err = 0;
+bad:
+       fp_drop(p, fd, fp, 0);
+       return (err);
  }
  }
+