]> git.saurik.com Git - apple/xnu.git/blobdiff - osfmk/ipc/mach_port.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-7195.81.3.tar.gz
[apple/xnu.git] / osfmk / ipc / mach_port.c
diff --git a/osfmk/ipc/mach_port.c b/osfmk/ipc/mach_port.c
index 7d88c54810e9ff2b53735a2d34c6f26cd72fa9ae..2c0a4d854b4b4dd86fc18cf41c422c67931132e4 100644 (file)
--- a/osfmk/ipc/mach_port.c
+++ b/osfmk/ipc/mach_port.c
@@ -1,8 +1,8 @@
 /*
 /*
- * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2020 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
@@ -11,10 +11,10 @@
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
- * 
+ *
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -22,34 +22,34 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * @OSF_COPYRIGHT@
  */
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * @OSF_COPYRIGHT@
  */
-/* 
+/*
  * Mach Operating System
  * Copyright (c) 1991,1990,1989 Carnegie Mellon University
  * All Rights Reserved.
  * Mach Operating System
  * Copyright (c) 1991,1990,1989 Carnegie Mellon University
  * All Rights Reserved.
- * 
+ *
  * Permission to use, copy, modify and distribute this software and its
  * documentation is hereby granted, provided that both the copyright
  * notice and this permission notice appear in all copies of the
  * software, derivative works or modified versions, and any portions
  * thereof, and that both notices appear in supporting documentation.
  * Permission to use, copy, modify and distribute this software and its
  * documentation is hereby granted, provided that both the copyright
  * notice and this permission notice appear in all copies of the
  * software, derivative works or modified versions, and any portions
  * thereof, and that both notices appear in supporting documentation.
- * 
+ *
  * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
  * CONDITION.  CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
  * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
  * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
  * CONDITION.  CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
  * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
- * 
+ *
  * Carnegie Mellon requests users of this software to return to
  * Carnegie Mellon requests users of this software to return to
- * 
+ *
  *  Software Distribution Coordinator  or  Software.Distribution@CS.CMU.EDU
  *  School of Computer Science
  *  Carnegie Mellon University
  *  Pittsburgh PA 15213-3890
  *  Software Distribution Coordinator  or  Software.Distribution@CS.CMU.EDU
  *  School of Computer Science
  *  Carnegie Mellon University
  *  Pittsburgh PA 15213-3890
- * 
+ *
  * any improvements or extensions that they make and grant Carnegie Mellon
  * the rights to redistribute these changes.
  */
  * any improvements or extensions that they make and grant Carnegie Mellon
  * the rights to redistribute these changes.
  */
@@ -65,7 +65,7 @@
 /*
  *     File:   ipc/mach_port.c
  *     Author: Rich Draves
 /*
  *     File:   ipc/mach_port.c
  *     Author: Rich Draves
- *     Date:   1989
+ *     Date:   1989
  *
  *     Exported kernel calls.  See mach/mach_port.defs.
  */
  *
  *     Exported kernel calls.  See mach/mach_port.defs.
  */
@@ -82,7 +82,6 @@
 #include <kern/task.h>
 #include <kern/counters.h>
 #include <kern/thread.h>
 #include <kern/task.h>
 #include <kern/counters.h>
 #include <kern/thread.h>
-#include <kern/kalloc.h>
 #include <kern/exc_guard.h>
 #include <mach/mach_port_server.h>
 #include <vm/vm_map.h>
 #include <kern/exc_guard.h>
 #include <mach/mach_port_server.h>
 #include <vm/vm_map.h>
@@ -98,37 +97,23 @@
 #include <ipc/ipc_kmsg.h>
 #include <kern/misc_protos.h>
 #include <security/mac_mach_internal.h>
 #include <ipc/ipc_kmsg.h>
 #include <kern/misc_protos.h>
 #include <security/mac_mach_internal.h>
+#include <kern/work_interval.h>
+#include <kern/policy_internal.h>
 
 #if IMPORTANCE_INHERITANCE
 #include <ipc/ipc_importance.h>
 #endif
 
 
 #if IMPORTANCE_INHERITANCE
 #include <ipc/ipc_importance.h>
 #endif
 
-
-/*
- * Forward declarations
- */
-void mach_port_names_helper(
-       ipc_port_timestamp_t    timestamp,
-       ipc_entry_t             entry,
-       mach_port_name_t        name,
-       mach_port_name_t        *names,
-       mach_port_type_t        *types,
-       ipc_entry_num_t         *actualp);
-
-void mach_port_gst_helper(
-       ipc_pset_t              pset,
-       ipc_entry_num_t         maxnames,
-       mach_port_name_t        *names,
-       ipc_entry_num_t         *actualp);
-
-/* Needs port locked */
-void mach_port_get_status_helper(
-       ipc_port_t              port,
-       mach_port_status_t      *status);
+kern_return_t mach_port_get_attributes(ipc_space_t space, mach_port_name_t name,
+    int flavor, mach_port_info_t info, mach_msg_type_number_t  *count);
+kern_return_t mach_port_get_context(ipc_space_t space, mach_port_name_t name,
+    mach_vm_address_t *context);
+kern_return_t mach_port_get_set_status(ipc_space_t space, mach_port_name_t name,
+    mach_port_name_t **members, mach_msg_type_number_t *membersCnt);
 
 /* Zeroed template of qos flags */
 
 
 /* Zeroed template of qos flags */
 
-static mach_port_qos_t qos_template;
+static mach_port_qos_t  qos_template;
 
 /*
  *     Routine:        mach_port_names_helper
 
 /*
  *     Routine:        mach_port_names_helper
@@ -138,15 +123,14 @@ static mach_port_qos_t    qos_template;
  *     Conditions:
  *             Space containing entry is [at least] read-locked.
  */
  *     Conditions:
  *             Space containing entry is [at least] read-locked.
  */
-
-void
+static void
 mach_port_names_helper(
 mach_port_names_helper(
-       ipc_port_timestamp_t    timestamp,
-       ipc_entry_t             entry,
-       mach_port_name_t        name,
-       mach_port_name_t        *names,
-       mach_port_type_t        *types,
-       ipc_entry_num_t         *actualp)
+       ipc_port_timestamp_t    timestamp,
+       ipc_entry_t             entry,
+       mach_port_name_t        name,
+       mach_port_name_t        *names,
+       mach_port_type_t        *types,
+       ipc_entry_num_t         *actualp)
 {
        ipc_entry_bits_t bits;
        ipc_port_request_index_t request;
 {
        ipc_entry_bits_t bits;
        ipc_port_request_index_t request;
@@ -156,18 +140,17 @@ mach_port_names_helper(
 
        bits = entry->ie_bits;
        request = entry->ie_request;
 
        bits = entry->ie_bits;
        request = entry->ie_request;
-       __IGNORE_WCASTALIGN(port = (ipc_port_t) entry->ie_object);
+       port = ip_object_to_port(entry->ie_object);
 
        if (bits & MACH_PORT_TYPE_RECEIVE) {
                assert(IP_VALID(port));
 
                if (request != IE_REQ_NONE) {
                        ip_lock(port);
 
        if (bits & MACH_PORT_TYPE_RECEIVE) {
                assert(IP_VALID(port));
 
                if (request != IE_REQ_NONE) {
                        ip_lock(port);
-                       assert(ip_active(port));
+                       require_ip_active(port);
                        type |= ipc_port_request_type(port, name, request);
                        ip_unlock(port);
                }
                        type |= ipc_port_request_type(port, name, request);
                        ip_unlock(port);
                }
-
        } else if (bits & MACH_PORT_TYPE_SEND_RIGHTS) {
                mach_port_type_t reqtype;
 
        } else if (bits & MACH_PORT_TYPE_SEND_RIGHTS) {
                mach_port_type_t reqtype;
 
@@ -175,8 +158,8 @@ mach_port_names_helper(
                ip_lock(port);
 
                reqtype = (request != IE_REQ_NONE) ?
                ip_lock(port);
 
                reqtype = (request != IE_REQ_NONE) ?
-                         ipc_port_request_type(port, name, request) : 0;
-               
+                   ipc_port_request_type(port, name, request) : 0;
+
                /*
                 * If the port is alive, or was alive when the mach_port_names
                 * started, then return that fact.  Otherwise, pretend we found
                /*
                 * If the port is alive, or was alive when the mach_port_names
                 * started, then return that fact.  Otherwise, pretend we found
@@ -188,8 +171,9 @@ mach_port_names_helper(
                        bits &= ~(IE_BITS_TYPE_MASK);
                        bits |= MACH_PORT_TYPE_DEAD_NAME;
                        /* account for additional reference for dead-name notification */
                        bits &= ~(IE_BITS_TYPE_MASK);
                        bits |= MACH_PORT_TYPE_DEAD_NAME;
                        /* account for additional reference for dead-name notification */
-                       if (reqtype != 0)
+                       if (reqtype != 0) {
                                bits++;
                                bits++;
+                       }
                }
                ip_unlock(port);
        }
                }
                ip_unlock(port);
        }
@@ -199,7 +183,7 @@ mach_port_names_helper(
        actual = *actualp;
        names[actual] = name;
        types[actual] = type;
        actual = *actualp;
        names[actual] = name;
        types[actual] = type;
-       *actualp = actual+1;
+       *actualp = actual + 1;
 }
 
 /*
 }
 
 /*
@@ -221,32 +205,33 @@ mach_port_names_helper(
 
 kern_return_t
 mach_port_names(
 
 kern_return_t
 mach_port_names(
-       ipc_space_t             space,
-       mach_port_name_t        **namesp,
-       mach_msg_type_number_t  *namesCnt,
-       mach_port_type_t        **typesp,
-       mach_msg_type_number_t  *typesCnt)
+       ipc_space_t             space,
+       mach_port_name_t        **namesp,
+       mach_msg_type_number_t  *namesCnt,
+       mach_port_type_t        **typesp,
+       mach_msg_type_number_t  *typesCnt)
 {
        ipc_entry_t table;
        ipc_entry_num_t tsize;
        mach_port_index_t index;
 {
        ipc_entry_t table;
        ipc_entry_num_t tsize;
        mach_port_index_t index;
-       ipc_entry_num_t actual; /* this many names */
-       ipc_port_timestamp_t timestamp; /* logical time of this operation */
+       ipc_entry_num_t actual; /* this many names */
+       ipc_port_timestamp_t timestamp; /* logical time of this operation */
        mach_port_name_t *names;
        mach_port_type_t *types;
        kern_return_t kr;
 
        mach_port_name_t *names;
        mach_port_type_t *types;
        kern_return_t kr;
 
-       vm_size_t size;         /* size of allocated memory */
-       vm_offset_t addr1;      /* allocated memory, for names */
-       vm_offset_t addr2;      /* allocated memory, for types */
-       vm_map_copy_t memory1;  /* copied-in memory, for names */
-       vm_map_copy_t memory2;  /* copied-in memory, for types */
+       vm_size_t size;         /* size of allocated memory */
+       vm_offset_t addr1;      /* allocated memory, for names */
+       vm_offset_t addr2;      /* allocated memory, for types */
+       vm_map_copy_t memory1;  /* copied-in memory, for names */
+       vm_map_copy_t memory2;  /* copied-in memory, for types */
 
        /* safe simplifying assumption */
        static_assert(sizeof(mach_port_name_t) == sizeof(mach_port_type_t));
 
 
        /* safe simplifying assumption */
        static_assert(sizeof(mach_port_name_t) == sizeof(mach_port_type_t));
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
        size = 0;
 
 
        size = 0;
 
@@ -270,8 +255,9 @@ mach_port_names(
                        (bound * sizeof(mach_port_name_t)),
                        VM_MAP_PAGE_MASK(ipc_kernel_map));
 
                        (bound * sizeof(mach_port_name_t)),
                        VM_MAP_PAGE_MASK(ipc_kernel_map));
 
-               if (size_needed <= size)
+               if (size_needed <= size) {
                        break;
                        break;
+               }
 
                is_read_unlock(space);
 
 
                is_read_unlock(space);
 
@@ -282,8 +268,9 @@ mach_port_names(
                size = size_needed;
 
                kr = vm_allocate_kernel(ipc_kernel_map, &addr1, size, VM_FLAGS_ANYWHERE, VM_KERN_MEMORY_IPC);
                size = size_needed;
 
                kr = vm_allocate_kernel(ipc_kernel_map, &addr1, size, VM_FLAGS_ANYWHERE, VM_KERN_MEMORY_IPC);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        return KERN_RESOURCE_SHORTAGE;
                        return KERN_RESOURCE_SHORTAGE;
+               }
 
                kr = vm_allocate_kernel(ipc_kernel_map, &addr2, size, VM_FLAGS_ANYWHERE, VM_KERN_MEMORY_IPC);
                if (kr != KERN_SUCCESS) {
 
                kr = vm_allocate_kernel(ipc_kernel_map, &addr2, size, VM_FLAGS_ANYWHERE, VM_KERN_MEMORY_IPC);
                if (kr != KERN_SUCCESS) {
@@ -296,10 +283,10 @@ mach_port_names(
                kr = vm_map_wire_kernel(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr1,
                kr = vm_map_wire_kernel(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr1,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)),
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
                        vm_map_round_page(addr1 + size,
                        vm_map_round_page(addr1 + size,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)),
-                       VM_PROT_READ|VM_PROT_WRITE, VM_KERN_MEMORY_IPC,
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
+                       VM_PROT_READ | VM_PROT_WRITE, VM_KERN_MEMORY_IPC,
                        FALSE);
                if (kr != KERN_SUCCESS) {
                        kmem_free(ipc_kernel_map, addr1, size);
                        FALSE);
                if (kr != KERN_SUCCESS) {
                        kmem_free(ipc_kernel_map, addr1, size);
@@ -310,10 +297,10 @@ mach_port_names(
                kr = vm_map_wire_kernel(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr2,
                kr = vm_map_wire_kernel(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr2,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)),
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
                        vm_map_round_page(addr2 + size,
                        vm_map_round_page(addr2 + size,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)),
-                       VM_PROT_READ|VM_PROT_WRITE,
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
+                       VM_PROT_READ | VM_PROT_WRITE,
                        VM_KERN_MEMORY_IPC,
                        FALSE);
                if (kr != KERN_SUCCESS) {
                        VM_KERN_MEMORY_IPC,
                        FALSE);
                if (kr != KERN_SUCCESS) {
@@ -321,7 +308,6 @@ mach_port_names(
                        kmem_free(ipc_kernel_map, addr2, size);
                        return KERN_RESOURCE_SHORTAGE;
                }
                        kmem_free(ipc_kernel_map, addr2, size);
                        return KERN_RESOURCE_SHORTAGE;
                }
-
        }
        /* space is read-locked and active */
 
        }
        /* space is read-locked and active */
 
@@ -343,7 +329,7 @@ mach_port_names(
 
                        name = MACH_PORT_MAKE(index, IE_BITS_GEN(bits));
                        mach_port_names_helper(timestamp, entry, name, names,
 
                        name = MACH_PORT_MAKE(index, IE_BITS_GEN(bits));
                        mach_port_names_helper(timestamp, entry, name, names,
-                                              types, &actual);
+                           types, &actual);
                }
        }
 
                }
        }
 
@@ -363,8 +349,8 @@ mach_port_names(
 
                size_used = actual * sizeof(mach_port_name_t);
                vm_size_used =
 
                size_used = actual * sizeof(mach_port_name_t);
                vm_size_used =
-                       vm_map_round_page(size_used,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map));
+                   vm_map_round_page(size_used,
+                   VM_MAP_PAGE_MASK(ipc_kernel_map));
 
                /*
                 *      Make used memory pageable and get it into
 
                /*
                 *      Make used memory pageable and get it into
@@ -374,34 +360,34 @@ mach_port_names(
                kr = vm_map_unwire(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr1,
                kr = vm_map_unwire(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr1,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)),
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
                        vm_map_round_page(addr1 + vm_size_used,
                        vm_map_round_page(addr1 + vm_size_used,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)),
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
                        FALSE);
                assert(kr == KERN_SUCCESS);
 
                kr = vm_map_unwire(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr2,
                        FALSE);
                assert(kr == KERN_SUCCESS);
 
                kr = vm_map_unwire(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr2,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)),
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
                        vm_map_round_page(addr2 + vm_size_used,
                        vm_map_round_page(addr2 + vm_size_used,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)),
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
                        FALSE);
                assert(kr == KERN_SUCCESS);
 
                kr = vm_map_copyin(ipc_kernel_map, (vm_map_address_t)addr1,
                        FALSE);
                assert(kr == KERN_SUCCESS);
 
                kr = vm_map_copyin(ipc_kernel_map, (vm_map_address_t)addr1,
-                                  (vm_map_size_t)size_used, TRUE, &memory1);
+                   (vm_map_size_t)size_used, TRUE, &memory1);
                assert(kr == KERN_SUCCESS);
 
                kr = vm_map_copyin(ipc_kernel_map, (vm_map_address_t)addr2,
                assert(kr == KERN_SUCCESS);
 
                kr = vm_map_copyin(ipc_kernel_map, (vm_map_address_t)addr2,
-                                  (vm_map_size_t)size_used, TRUE, &memory2);
+                   (vm_map_size_t)size_used, TRUE, &memory2);
                assert(kr == KERN_SUCCESS);
 
                if (vm_size_used != size) {
                        kmem_free(ipc_kernel_map,
                assert(kr == KERN_SUCCESS);
 
                if (vm_size_used != size) {
                        kmem_free(ipc_kernel_map,
-                                 addr1 + vm_size_used, size - vm_size_used);
+                           addr1 + vm_size_used, size - vm_size_used);
                        kmem_free(ipc_kernel_map,
                        kmem_free(ipc_kernel_map,
-                                 addr2 + vm_size_used, size - vm_size_used);
+                           addr2 + vm_size_used, size - vm_size_used);
                }
        }
 
                }
        }
 
@@ -437,19 +423,21 @@ mach_port_names(
 
 kern_return_t
 mach_port_type(
 
 kern_return_t
 mach_port_type(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_port_type_t        *typep)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_port_type_t        *typep)
 {
        mach_port_urefs_t urefs;
        ipc_entry_t entry;
        kern_return_t kr;
 
 {
        mach_port_urefs_t urefs;
        ipc_entry_t entry;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (name == MACH_PORT_NULL)
+       if (name == MACH_PORT_NULL) {
                return KERN_INVALID_NAME;
                return KERN_INVALID_NAME;
+       }
 
        if (name == MACH_PORT_DEAD) {
                *typep = MACH_PORT_TYPE_DEAD_NAME;
 
        if (name == MACH_PORT_DEAD) {
                *typep = MACH_PORT_TYPE_DEAD_NAME;
@@ -458,7 +446,6 @@ mach_port_type(
 
        kr = ipc_right_lookup_write(space, name, &entry);
        if (kr != KERN_SUCCESS) {
 
        kr = ipc_right_lookup_write(space, name, &entry);
        if (kr != KERN_SUCCESS) {
-               mach_port_guard_exception(name, 0, 0, kGUARD_EXC_INVALID_NAME);
                return kr;
        }
 
                return kr;
        }
 
@@ -467,8 +454,8 @@ mach_port_type(
        /* space is unlocked */
 
 #if 1
        /* space is unlocked */
 
 #if 1
-        /* JMM - workaround rdar://problem/9121297 (CF being too picky on these bits). */
-        *typep &= ~(MACH_PORT_TYPE_SPREQUEST | MACH_PORT_TYPE_SPREQUEST_DELAYED);
+       /* JMM - workaround rdar://problem/9121297 (CF being too picky on these bits). */
+       *typep &= ~(MACH_PORT_TYPE_SPREQUEST | MACH_PORT_TYPE_SPREQUEST_DELAYED);
 #endif
 
        return kr;
 #endif
 
        return kr;
@@ -496,9 +483,9 @@ mach_port_type(
 
 kern_return_t
 mach_port_rename(
 
 kern_return_t
 mach_port_rename(
-       __unused ipc_space_t            space,
-       __unused mach_port_name_t       oname,
-       __unused mach_port_name_t       nname)
+       __unused ipc_space_t            space,
+       __unused mach_port_name_t       oname,
+       __unused mach_port_name_t       nname)
 {
        return KERN_NOT_SUPPORTED;
 }
 {
        return KERN_NOT_SUPPORTED;
 }
@@ -541,21 +528,22 @@ mach_port_rename(
 
 kern_return_t
 mach_port_allocate_name(
 
 kern_return_t
 mach_port_allocate_name(
-       ipc_space_t             space,
-       mach_port_right_t       right,
-       mach_port_name_t        name)
+       ipc_space_t             space,
+       mach_port_right_t       right,
+       mach_port_name_t        name)
 {
 {
-       kern_return_t           kr;
-       mach_port_qos_t         qos = qos_template;
+       kern_return_t           kr;
+       mach_port_qos_t         qos = qos_template;
 
        qos.name = TRUE;
 
 
        qos.name = TRUE;
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_VALUE;
                return KERN_INVALID_VALUE;
+       }
 
 
-       kr = mach_port_allocate_full (space, right, MACH_PORT_NULL,
-                                       &qos, &name);
-       return (kr);
+       kr = mach_port_allocate_full(space, right, MACH_PORT_NULL,
+           &qos, &name);
+       return kr;
 }
 
 /*
 }
 
 /*
@@ -578,24 +566,24 @@ mach_port_allocate_name(
 
 kern_return_t
 mach_port_allocate(
 
 kern_return_t
 mach_port_allocate(
-       ipc_space_t             space,
-       mach_port_right_t       right,
-       mach_port_name_t        *namep)
+       ipc_space_t             space,
+       mach_port_right_t       right,
+       mach_port_name_t        *namep)
 {
 {
-       kern_return_t           kr;
-       mach_port_qos_t         qos = qos_template;
+       kern_return_t           kr;
+       mach_port_qos_t         qos = qos_template;
 
 
-       kr = mach_port_allocate_full (space, right, MACH_PORT_NULL,
-                                       &qos, namep);
-       return (kr);
+       kr = mach_port_allocate_full(space, right, MACH_PORT_NULL,
+           &qos, namep);
+       return kr;
 }
 
 /*
  *     Routine:        mach_port_allocate_qos [kernel call]
  *     Purpose:
 }
 
 /*
  *     Routine:        mach_port_allocate_qos [kernel call]
  *     Purpose:
- *             Allocates a right, with qos options, in a space.  Like 
- *             mach_port_allocate_name, except that the implementation 
- *             picks a name for the right. The name may be any legal name 
+ *             Allocates a right, with qos options, in a space.  Like
+ *             mach_port_allocate_name, except that the implementation
+ *             picks a name for the right. The name may be any legal name
  *             in the space that doesn't currently denote a right.
  *     Conditions:
  *             Nothing locked.
  *             in the space that doesn't currently denote a right.
  *     Conditions:
  *             Nothing locked.
@@ -611,28 +599,33 @@ mach_port_allocate(
 
 kern_return_t
 mach_port_allocate_qos(
 
 kern_return_t
 mach_port_allocate_qos(
-       ipc_space_t             space,
-       mach_port_right_t       right,
-       mach_port_qos_t         *qosp,
-       mach_port_name_t        *namep)
+       ipc_space_t             space,
+       mach_port_right_t       right,
+       mach_port_qos_t         *qosp,
+       mach_port_name_t        *namep)
 {
 {
-       kern_return_t           kr;
+       kern_return_t           kr;
 
 
-       if (qosp->name)
+       if (qosp->name) {
                return KERN_INVALID_ARGUMENT;
                return KERN_INVALID_ARGUMENT;
-       kr = mach_port_allocate_full (space, right, MACH_PORT_NULL,
-                                       qosp, namep);
-       return (kr);
+       }
+       kr = mach_port_allocate_full(space, right, MACH_PORT_NULL,
+           qosp, namep);
+       return kr;
 }
 
 /*
  *     Routine:        mach_port_allocate_full [kernel call]
  *     Purpose:
 }
 
 /*
  *     Routine:        mach_port_allocate_full [kernel call]
  *     Purpose:
- *             Allocates a right in a space.  Supports all of the
- *             special cases, such as specifying a subsystem,
- *             a specific name, a real-time port, etc.
- *             The name may be any legal name in the space that doesn't
+ *             Allocates a right in a space.  Supports the
+ *             special case of specifying a name. The name may
+ *      be any legal name in the space that doesn't
  *             currently denote a right.
  *             currently denote a right.
+ *
+ *      While we no longer support users requesting
+ *      preallocated message for the port, we still
+ *      check for errors in such requests and then
+ *      just clear the request.
  *     Conditions:
  *             Nothing locked.
  *     Returns:
  *     Conditions:
  *             Nothing locked.
  *     Returns:
@@ -646,86 +639,141 @@ mach_port_allocate_qos(
 
 kern_return_t
 mach_port_allocate_full(
 
 kern_return_t
 mach_port_allocate_full(
-       ipc_space_t             space,
-       mach_port_right_t       right,
-       mach_port_t             proto,
-       mach_port_qos_t         *qosp,
-       mach_port_name_t        *namep)
+       ipc_space_t             space,
+       mach_port_right_t       right,
+       mach_port_t             proto,
+       mach_port_qos_t         *qosp,
+       mach_port_name_t        *namep)
 {
 {
-       ipc_kmsg_t              kmsg = IKM_NULL;
-       kern_return_t           kr;
+       kern_return_t           kr;
 
 
-       if (space == IS_NULL)
-               return (KERN_INVALID_TASK);
+       if (space == IS_NULL) {
+               return KERN_INVALID_TASK;
+       }
 
 
-       if (proto != MACH_PORT_NULL)
-               return (KERN_INVALID_VALUE);
+       if (proto != MACH_PORT_NULL) {
+               return KERN_INVALID_VALUE;
+       }
 
        if (qosp->name) {
 
        if (qosp->name) {
-               if (!MACH_PORT_VALID (*namep))
-                       return (KERN_INVALID_VALUE);
+               if (!MACH_PORT_VALID(*namep)) {
+                       return KERN_INVALID_VALUE;
+               }
        }
 
        }
 
+       /*
+        * Don't actually honor prealloc requests from user-space
+        * (for security reasons, and because it isn't guaranteed anyway).
+        * Keep old errors for legacy reasons.
+        */
        if (qosp->prealloc) {
                if (qosp->len > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE) {
                        return KERN_RESOURCE_SHORTAGE;
        if (qosp->prealloc) {
                if (qosp->len > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE) {
                        return KERN_RESOURCE_SHORTAGE;
-               } else {
-                       mach_msg_size_t size = qosp->len + MAX_TRAILER_SIZE;
+               }
+               if (right != MACH_PORT_RIGHT_RECEIVE) {
+                       return KERN_INVALID_VALUE;
+               }
+               qosp->prealloc = 0;
+       }
 
 
-                       if (right != MACH_PORT_RIGHT_RECEIVE) {
-                               return (KERN_INVALID_VALUE);
-                       }
+       kr = mach_port_allocate_internal(space, right, qosp, namep);
+       return kr;
+}
+
+
+/*
+ *     Routine:        mach_port_allocate_internal [kernel private]
+ *     Purpose:
+ *             Allocates a right in a space.  Supports all of the
+ *             special cases, a specific name, a real-time port, etc.
+ *             The name may be any legal name in the space that doesn't
+ *             currently denote a right.
+ *     Conditions:
+ *             Nothing locked.
+ *     Returns:
+ *             KERN_SUCCESS            The right is allocated.
+ *             KERN_INVALID_TASK       The space is null.
+ *             KERN_INVALID_TASK       The space is dead.
+ *             KERN_INVALID_VALUE      "right" isn't a legal kind of right.
+ *             KERN_RESOURCE_SHORTAGE  Couldn't allocate memory.
+ *             KERN_NO_SPACE           No room in space for another right.
+ */
+kern_return_t
+mach_port_allocate_internal(
+       ipc_space_t             space,
+       mach_port_right_t       right,
+       mach_port_qos_t         *qosp,
+       mach_port_name_t        *namep)
+{
+       kern_return_t   kr;
 
 
-                       kmsg = (ipc_kmsg_t)ipc_kmsg_prealloc(size);
+       assert(space != IS_NULL);
+
+       switch (right) {
+       case MACH_PORT_RIGHT_RECEIVE:
+       {
+               ipc_kmsg_t      kmsg = IKM_NULL;
+               ipc_port_t      port;
+
+               /*
+                * For in-kernel uses, only allow small (from the kmsg zone)
+                * preallocated messages for the port.
+                */
+               if (qosp->prealloc) {
+                       mach_msg_size_t size = qosp->len;
+
+                       if (size > IKM_SAVED_MSG_SIZE - MAX_TRAILER_SIZE) {
+                               panic("mach_port_allocate_internal: too large a prealloc kmsg");
+                       }
+                       kmsg = (ipc_kmsg_t)ipc_kmsg_prealloc(size + MAX_TRAILER_SIZE);
                        if (kmsg == IKM_NULL) {
                        if (kmsg == IKM_NULL) {
-                               return (KERN_RESOURCE_SHORTAGE);
+                               return KERN_RESOURCE_SHORTAGE;
                        }
                }
                        }
                }
-       }
 
 
-       switch (right) {
-           case MACH_PORT_RIGHT_RECEIVE:
-           {
-               ipc_port_t      port;
-
-               if (qosp->name)
-                       kr = ipc_port_alloc_name(space, *namep, &port);
-               else
-                       kr = ipc_port_alloc(space, namep, &port);
+               if (qosp->name) {
+                       kr = ipc_port_alloc_name(space, IPC_PORT_INIT_MESSAGE_QUEUE,
+                           *namep, &port);
+               } else {
+                       kr = ipc_port_alloc(space, IPC_PORT_INIT_MESSAGE_QUEUE,
+                           namep, &port);
+               }
                if (kr == KERN_SUCCESS) {
                if (kr == KERN_SUCCESS) {
-                       if (kmsg != IKM_NULL) 
+                       if (kmsg != IKM_NULL) {
                                ipc_kmsg_set_prealloc(kmsg, port);
                                ipc_kmsg_set_prealloc(kmsg, port);
-
+                       }
                        ip_unlock(port);
                        ip_unlock(port);
-
-               } else if (kmsg != IKM_NULL)
+               } else if (kmsg != IKM_NULL) {
                        ipc_kmsg_free(kmsg);
                        ipc_kmsg_free(kmsg);
+               }
                break;
                break;
-           }
+       }
 
 
-           case MACH_PORT_RIGHT_PORT_SET:
-           {
-               ipc_pset_t      pset;
+       case MACH_PORT_RIGHT_PORT_SET:
+       {
+               ipc_pset_t      pset;
 
 
-               if (qosp->name)
+               if (qosp->name) {
                        kr = ipc_pset_alloc_name(space, *namep, &pset);
                        kr = ipc_pset_alloc_name(space, *namep, &pset);
-               else
+               } else {
                        kr = ipc_pset_alloc(space, namep, &pset);
                        kr = ipc_pset_alloc(space, namep, &pset);
-               if (kr == KERN_SUCCESS)
+               }
+               if (kr == KERN_SUCCESS) {
                        ips_unlock(pset);
                        ips_unlock(pset);
+               }
                break;
                break;
-           }
+       }
 
 
-           case MACH_PORT_RIGHT_DEAD_NAME:
+       case MACH_PORT_RIGHT_DEAD_NAME:
                kr = ipc_object_alloc_dead(space, namep);
                break;
 
                kr = ipc_object_alloc_dead(space, namep);
                break;
 
-           default:
+       default:
                kr = KERN_INVALID_VALUE;
                break;
        }
 
                kr = KERN_INVALID_VALUE;
                break;
        }
 
-       return (kr);
+       return kr;
 }
 
 /*
 }
 
 /*
@@ -747,17 +795,19 @@ mach_port_allocate_full(
 
 kern_return_t
 mach_port_destroy(
 
 kern_return_t
 mach_port_destroy(
-       ipc_space_t             space,
-       mach_port_name_t        name)
+       ipc_space_t             space,
+       mach_port_name_t        name)
 {
        ipc_entry_t entry;
        kern_return_t kr;
 
 {
        ipc_entry_t entry;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_SUCCESS;
                return KERN_SUCCESS;
+       }
 
        kr = ipc_right_lookup_write(space, name, &entry);
        if (kr != KERN_SUCCESS) {
 
        kr = ipc_right_lookup_write(space, name, &entry);
        if (kr != KERN_SUCCESS) {
@@ -790,17 +840,19 @@ mach_port_destroy(
 
 kern_return_t
 mach_port_deallocate(
 
 kern_return_t
 mach_port_deallocate(
-       ipc_space_t             space,
-       mach_port_name_t        name)
+       ipc_space_t             space,
+       mach_port_name_t        name)
 {
        ipc_entry_t entry;
        kern_return_t kr;
 
 {
        ipc_entry_t entry;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_SUCCESS;
                return KERN_SUCCESS;
+       }
 
        kr = ipc_right_lookup_write(space, name, &entry);
        if (kr != KERN_SUCCESS) {
 
        kr = ipc_right_lookup_write(space, name, &entry);
        if (kr != KERN_SUCCESS) {
@@ -832,24 +884,26 @@ mach_port_deallocate(
 
 kern_return_t
 mach_port_get_refs(
 
 kern_return_t
 mach_port_get_refs(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_port_right_t       right,
-       mach_port_urefs_t       *urefsp)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_port_right_t       right,
+       mach_port_urefs_t       *urefsp)
 {
        mach_port_type_t type;
        mach_port_urefs_t urefs;
        ipc_entry_t entry;
        kern_return_t kr;
 
 {
        mach_port_type_t type;
        mach_port_urefs_t urefs;
        ipc_entry_t entry;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (right >= MACH_PORT_RIGHT_NUMBER)
+       if (right >= MACH_PORT_RIGHT_NUMBER) {
                return KERN_INVALID_VALUE;
                return KERN_INVALID_VALUE;
+       }
 
        if (!MACH_PORT_VALID(name)) {
 
        if (!MACH_PORT_VALID(name)) {
-               if (right == MACH_PORT_RIGHT_SEND ||
+               if (right == MACH_PORT_RIGHT_SEND ||
                    right == MACH_PORT_RIGHT_SEND_ONCE) {
                        *urefsp = 1;
                        return KERN_SUCCESS;
                    right == MACH_PORT_RIGHT_SEND_ONCE) {
                        *urefsp = 1;
                        return KERN_SUCCESS;
@@ -859,7 +913,6 @@ mach_port_get_refs(
 
        kr = ipc_right_lookup_write(space, name, &entry);
        if (kr != KERN_SUCCESS) {
 
        kr = ipc_right_lookup_write(space, name, &entry);
        if (kr != KERN_SUCCESS) {
-               mach_port_guard_exception(name, 0, 0, kGUARD_EXC_INVALID_NAME);
                return kr;
        }
 
                return kr;
        }
 
@@ -867,31 +920,33 @@ mach_port_get_refs(
        kr = ipc_right_info(space, name, entry, &type, &urefs);
        /* space is unlocked */
 
        kr = ipc_right_info(space, name, entry, &type, &urefs);
        /* space is unlocked */
 
-       if (kr != KERN_SUCCESS)
-               return kr;      
+       if (kr != KERN_SUCCESS) {
+               return kr;
+       }
 
 
-       if (type & MACH_PORT_TYPE(right))
+       if (type & MACH_PORT_TYPE(right)) {
                switch (right) {
                switch (right) {
-                   case MACH_PORT_RIGHT_SEND_ONCE:
+               case MACH_PORT_RIGHT_SEND_ONCE:
                        assert(urefs == 1);
                        assert(urefs == 1);
-                       /* fall-through */
+                       OS_FALLTHROUGH;
 
 
-                   case MACH_PORT_RIGHT_PORT_SET:
-                   case MACH_PORT_RIGHT_RECEIVE:
+               case MACH_PORT_RIGHT_PORT_SET:
+               case MACH_PORT_RIGHT_RECEIVE:
                        *urefsp = 1;
                        break;
 
                        *urefsp = 1;
                        break;
 
-                   case MACH_PORT_RIGHT_DEAD_NAME:
-                   case MACH_PORT_RIGHT_SEND:
+               case MACH_PORT_RIGHT_DEAD_NAME:
+               case MACH_PORT_RIGHT_SEND:
                        assert(urefs > 0);
                        *urefsp = urefs;
                        break;
 
                        assert(urefs > 0);
                        *urefsp = urefs;
                        break;
 
-                   default:
+               default:
                        panic("mach_port_get_refs: strange rights");
                }
                        panic("mach_port_get_refs: strange rights");
                }
-       else
+       } else {
                *urefsp = 0;
                *urefsp = 0;
+       }
 
        return kr;
 }
 
        return kr;
 }
@@ -918,24 +973,27 @@ mach_port_get_refs(
 
 kern_return_t
 mach_port_mod_refs(
 
 kern_return_t
 mach_port_mod_refs(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_port_right_t       right,
-       mach_port_delta_t       delta)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_port_right_t       right,
+       mach_port_delta_t       delta)
 {
        ipc_entry_t entry;
        kern_return_t kr;
 
 {
        ipc_entry_t entry;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (right >= MACH_PORT_RIGHT_NUMBER)
+       if (right >= MACH_PORT_RIGHT_NUMBER) {
                return KERN_INVALID_VALUE;
                return KERN_INVALID_VALUE;
+       }
 
        if (!MACH_PORT_VALID(name)) {
                if (right == MACH_PORT_RIGHT_SEND ||
 
        if (!MACH_PORT_VALID(name)) {
                if (right == MACH_PORT_RIGHT_SEND ||
-                   right == MACH_PORT_RIGHT_SEND_ONCE)
+                   right == MACH_PORT_RIGHT_SEND_ONCE) {
                        return KERN_SUCCESS;
                        return KERN_SUCCESS;
+               }
                return KERN_INVALID_NAME;
        }
 
                return KERN_INVALID_NAME;
        }
 
@@ -947,7 +1005,7 @@ mach_port_mod_refs(
 
        /* space is write-locked and active */
 
 
        /* space is write-locked and active */
 
-       kr = ipc_right_delta(space, name, entry, right, delta); /* unlocks */
+       kr = ipc_right_delta(space, name, entry, right, delta); /* unlocks */
        return kr;
 }
 
        return kr;
 }
 
@@ -992,25 +1050,27 @@ mach_port_mod_refs(
 
 kern_return_t
 mach_port_peek(
 
 kern_return_t
 mach_port_peek(
-       ipc_space_t                     space,
-       mach_port_name_t                name,
-       mach_msg_trailer_type_t         trailer_type,
-       mach_port_seqno_t               *seqnop,
-       mach_msg_size_t                 *msg_sizep,
-       mach_msg_id_t                   *msg_idp,
-       mach_msg_trailer_info_t         trailer_infop,
-       mach_msg_type_number_t          *trailer_sizep)
+       ipc_space_t                     space,
+       mach_port_name_t                name,
+       mach_msg_trailer_type_t         trailer_type,
+       mach_port_seqno_t               *seqnop,
+       mach_msg_size_t                 *msg_sizep,
+       mach_msg_id_t                   *msg_idp,
+       mach_msg_trailer_info_t         trailer_infop,
+       mach_msg_type_number_t          *trailer_sizep)
 {
        ipc_port_t port;
        kern_return_t kr;
        boolean_t found;
        mach_msg_max_trailer_t max_trailer;
 
 {
        ipc_port_t port;
        kern_return_t kr;
        boolean_t found;
        mach_msg_max_trailer_t max_trailer;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_RIGHT;
                return KERN_INVALID_RIGHT;
+       }
 
        /*
         * We don't allow anything greater than the audit trailer - to avoid
 
        /*
         * We don't allow anything greater than the audit trailer - to avoid
@@ -1027,20 +1087,21 @@ mach_port_peek(
        kr = ipc_port_translate_receive(space, name, &port);
        if (kr != KERN_SUCCESS) {
                mach_port_guard_exception(name, 0, 0,
        kr = ipc_port_translate_receive(space, name, &port);
        if (kr != KERN_SUCCESS) {
                mach_port_guard_exception(name, 0, 0,
-                                         ((KERN_INVALID_NAME == kr) ?
-                                          kGUARD_EXC_INVALID_NAME :
-                                          kGUARD_EXC_INVALID_RIGHT));
+                   ((KERN_INVALID_NAME == kr) ?
+                   kGUARD_EXC_INVALID_NAME :
+                   kGUARD_EXC_INVALID_RIGHT));
                return kr;
        }
 
        /* Port locked and active */
 
        found = ipc_mqueue_peek(&port->ip_messages, seqnop,
                return kr;
        }
 
        /* Port locked and active */
 
        found = ipc_mqueue_peek(&port->ip_messages, seqnop,
-                               msg_sizep, msg_idp, &max_trailer, NULL);
+           msg_sizep, msg_idp, &max_trailer, NULL);
        ip_unlock(port);
 
        ip_unlock(port);
 
-       if (found != TRUE)
+       if (found != TRUE) {
                return KERN_FAILURE;
                return KERN_FAILURE;
+       }
 
        max_trailer.msgh_seqno = *seqnop;
        memcpy(trailer_infop, &max_trailer, *trailer_sizep);
 
        max_trailer.msgh_seqno = *seqnop;
        memcpy(trailer_infop, &max_trailer, *trailer_sizep);
@@ -1064,26 +1125,28 @@ mach_port_peek(
 
 kern_return_t
 mach_port_set_mscount(
 
 kern_return_t
 mach_port_set_mscount(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_port_mscount_t     mscount)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_port_mscount_t     mscount)
 {
        ipc_port_t port;
        kern_return_t kr;
 
 {
        ipc_port_t port;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_RIGHT;
                return KERN_INVALID_RIGHT;
+       }
 
        kr = ipc_port_translate_receive(space, name, &port);
 
        kr = ipc_port_translate_receive(space, name, &port);
-       if (kr != KERN_SUCCESS)
+       if (kr != KERN_SUCCESS) {
                return kr;
                return kr;
+       }
        /* port is locked and active */
 
        /* port is locked and active */
 
-       ipc_port_set_mscount(port, mscount);
-
+       port->ip_mscount = mscount;
        ip_unlock(port);
        return KERN_SUCCESS;
 }
        ip_unlock(port);
        return KERN_SUCCESS;
 }
@@ -1104,22 +1167,25 @@ mach_port_set_mscount(
 
 kern_return_t
 mach_port_set_seqno(
 
 kern_return_t
 mach_port_set_seqno(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_port_seqno_t       seqno)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_port_seqno_t       seqno)
 {
        ipc_port_t port;
        kern_return_t kr;
 
 {
        ipc_port_t port;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_RIGHT;
                return KERN_INVALID_RIGHT;
+       }
 
        kr = ipc_port_translate_receive(space, name, &port);
 
        kr = ipc_port_translate_receive(space, name, &port);
-       if (kr != KERN_SUCCESS)
+       if (kr != KERN_SUCCESS) {
                return kr;
                return kr;
+       }
        /* port is locked and active */
 
        ipc_mqueue_set_seqno(&port->ip_messages, seqno);
        /* port is locked and active */
 
        ipc_mqueue_set_seqno(&port->ip_messages, seqno);
@@ -1144,35 +1210,58 @@ mach_port_set_seqno(
 
 kern_return_t
 mach_port_get_context(
 
 kern_return_t
 mach_port_get_context(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_vm_address_t       *context)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_vm_address_t       *context)
 {
        ipc_port_t port;
        kern_return_t kr;
 
 {
        ipc_port_t port;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_RIGHT;
                return KERN_INVALID_RIGHT;
+       }
 
        kr = ipc_port_translate_receive(space, name, &port);
 
        kr = ipc_port_translate_receive(space, name, &port);
-       if (kr != KERN_SUCCESS)
+       if (kr != KERN_SUCCESS) {
                return kr;
                return kr;
+       }
 
        /* Port locked and active */
 
        /* For strictly guarded ports, return empty context (which acts as guard) */
 
        /* Port locked and active */
 
        /* For strictly guarded ports, return empty context (which acts as guard) */
-       if (port->ip_strict_guard)
+       if (port->ip_strict_guard) {
                *context = 0;
                *context = 0;
-       else
+       } else {
                *context = port->ip_context;
                *context = port->ip_context;
+       }
 
        ip_unlock(port);
        return KERN_SUCCESS;
 }
 
 
        ip_unlock(port);
        return KERN_SUCCESS;
 }
 
+kern_return_t
+mach_port_get_context_from_user(
+       mach_port_t             port,
+       mach_port_name_t        name,
+       mach_vm_address_t       *context)
+{
+       kern_return_t kr;
+
+       ipc_space_t space = convert_port_to_space_check_type(port, NULL, TASK_FLAVOR_READ, FALSE);
+
+       if (space == IPC_SPACE_NULL) {
+               return KERN_INVALID_ARGUMENT;
+       }
+
+       kr = mach_port_get_context(space, name, context);
+
+       ipc_space_release(space);
+       return kr;
+}
 
 /*
  *     Routine:        mach_port_set_context [kernel call]
 
 /*
  *     Routine:        mach_port_set_context [kernel call]
@@ -1190,25 +1279,28 @@ mach_port_get_context(
 
 kern_return_t
 mach_port_set_context(
 
 kern_return_t
 mach_port_set_context(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_vm_address_t       context)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_vm_address_t       context)
 {
        ipc_port_t port;
        kern_return_t kr;
 
 {
        ipc_port_t port;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_RIGHT;
                return KERN_INVALID_RIGHT;
+       }
 
        kr = ipc_port_translate_receive(space, name, &port);
 
        kr = ipc_port_translate_receive(space, name, &port);
-       if (kr != KERN_SUCCESS)
+       if (kr != KERN_SUCCESS) {
                return kr;
                return kr;
+       }
 
        /* port is locked and active */
 
        /* port is locked and active */
-       if(port->ip_strict_guard) {
+       if (port->ip_strict_guard) {
                uint64_t portguard = port->ip_context;
                ip_unlock(port);
                /* For strictly guarded ports, disallow overwriting context; Raise Exception */
                uint64_t portguard = port->ip_context;
                ip_unlock(port);
                /* For strictly guarded ports, disallow overwriting context; Raise Exception */
@@ -1241,26 +1333,28 @@ mach_port_set_context(
 
 kern_return_t
 mach_port_get_set_status(
 
 kern_return_t
 mach_port_get_set_status(
-       ipc_space_t                     space,
-       mach_port_name_t                name,
-       mach_port_name_t                **members,
-       mach_msg_type_number_t          *membersCnt)
+       ipc_space_t                     space,
+       mach_port_name_t                name,
+       mach_port_name_t                **members,
+       mach_msg_type_number_t          *membersCnt)
 {
 {
-       ipc_entry_num_t actual;         /* this many members */
-       ipc_entry_num_t maxnames;       /* space for this many members */
+       ipc_entry_num_t actual;         /* this many members */
+       ipc_entry_num_t maxnames;       /* space for this many members */
        kern_return_t kr;
 
        kern_return_t kr;
 
-       vm_size_t size;         /* size of allocated memory */
-       vm_offset_t addr;       /* allocated memory */
-       vm_map_copy_t memory;   /* copied-in memory */
+       vm_size_t size;         /* size of allocated memory */
+       vm_offset_t addr;       /* allocated memory */
+       vm_map_copy_t memory;   /* copied-in memory */
 
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_RIGHT;
                return KERN_INVALID_RIGHT;
+       }
 
 
-       size = VM_MAP_PAGE_SIZE(ipc_kernel_map);        /* initial guess */
+       size = VM_MAP_PAGE_SIZE(ipc_kernel_map);        /* initial guess */
 
        for (;;) {
                mach_port_name_t *names;
 
        for (;;) {
                mach_port_name_t *names;
@@ -1268,13 +1362,14 @@ mach_port_get_set_status(
                ipc_pset_t pset;
 
                kr = vm_allocate_kernel(ipc_kernel_map, &addr, size, VM_FLAGS_ANYWHERE, VM_KERN_MEMORY_IPC);
                ipc_pset_t pset;
 
                kr = vm_allocate_kernel(ipc_kernel_map, &addr, size, VM_FLAGS_ANYWHERE, VM_KERN_MEMORY_IPC);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        return KERN_RESOURCE_SHORTAGE;
                        return KERN_RESOURCE_SHORTAGE;
+               }
 
                /* can't fault while we hold locks */
 
                kr = vm_map_wire_kernel(ipc_kernel_map, addr, addr + size,
 
                /* can't fault while we hold locks */
 
                kr = vm_map_wire_kernel(ipc_kernel_map, addr, addr + size,
-                                    VM_PROT_READ|VM_PROT_WRITE, VM_KERN_MEMORY_IPC, FALSE);
+                   VM_PROT_READ | VM_PROT_WRITE, VM_KERN_MEMORY_IPC, FALSE);
                assert(kr == KERN_SUCCESS);
 
                kr = ipc_object_translate(space, name, MACH_PORT_RIGHT_PORT_SET, &psobj);
                assert(kr == KERN_SUCCESS);
 
                kr = ipc_object_translate(space, name, MACH_PORT_RIGHT_PORT_SET, &psobj);
@@ -1284,9 +1379,9 @@ mach_port_get_set_status(
                }
 
                /* just use a portset reference from here on out */
                }
 
                /* just use a portset reference from here on out */
-               __IGNORE_WCASTALIGN(pset = (ipc_pset_t) psobj);
+               pset = ips_object_to_pset(psobj);
                ips_reference(pset);
                ips_reference(pset);
-               ips_unlock(pset); 
+               ips_unlock(pset);
 
                names = (mach_port_name_t *) addr;
                maxnames = (ipc_entry_num_t)(size / sizeof(mach_port_name_t));
 
                names = (mach_port_name_t *) addr;
                maxnames = (ipc_entry_num_t)(size / sizeof(mach_port_name_t));
@@ -1296,15 +1391,16 @@ mach_port_get_set_status(
                /* release the portset reference */
                ips_release(pset);
 
                /* release the portset reference */
                ips_release(pset);
 
-               if (actual <= maxnames)
+               if (actual <= maxnames) {
                        break;
                        break;
+               }
 
                /* didn't have enough memory; allocate more */
                kmem_free(ipc_kernel_map, addr, size);
                size = vm_map_round_page(
                        (actual * sizeof(mach_port_name_t)),
 
                /* didn't have enough memory; allocate more */
                kmem_free(ipc_kernel_map, addr, size);
                size = vm_map_round_page(
                        (actual * sizeof(mach_port_name_t)),
-                        VM_MAP_PAGE_MASK(ipc_kernel_map)) +
-                       VM_MAP_PAGE_SIZE(ipc_kernel_map);
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)) +
+                   VM_MAP_PAGE_SIZE(ipc_kernel_map);
        }
 
        if (actual == 0) {
        }
 
        if (actual == 0) {
@@ -1328,19 +1424,20 @@ mach_port_get_set_status(
                kr = vm_map_unwire(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr,
                kr = vm_map_unwire(
                        ipc_kernel_map,
                        vm_map_trunc_page(addr,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)), 
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
                        vm_map_round_page(addr + vm_size_used,
                        vm_map_round_page(addr + vm_size_used,
-                                         VM_MAP_PAGE_MASK(ipc_kernel_map)),
+                       VM_MAP_PAGE_MASK(ipc_kernel_map)),
                        FALSE);
                assert(kr == KERN_SUCCESS);
 
                kr = vm_map_copyin(ipc_kernel_map, (vm_map_address_t)addr,
                        FALSE);
                assert(kr == KERN_SUCCESS);
 
                kr = vm_map_copyin(ipc_kernel_map, (vm_map_address_t)addr,
-                                  (vm_map_size_t)size_used, TRUE, &memory);
+                   (vm_map_size_t)size_used, TRUE, &memory);
                assert(kr == KERN_SUCCESS);
 
                assert(kr == KERN_SUCCESS);
 
-               if (vm_size_used != size)
+               if (vm_size_used != size) {
                        kmem_free(ipc_kernel_map,
                        kmem_free(ipc_kernel_map,
-                                 addr + vm_size_used, size - vm_size_used);
+                           addr + vm_size_used, size - vm_size_used);
+               }
        }
 
        *members = (mach_port_name_t *) memory;
        }
 
        *members = (mach_port_name_t *) memory;
@@ -1348,6 +1445,27 @@ mach_port_get_set_status(
        return KERN_SUCCESS;
 }
 
        return KERN_SUCCESS;
 }
 
+kern_return_t
+mach_port_get_set_status_from_user(
+       mach_port_t                     port,
+       mach_port_name_t                name,
+       mach_port_name_t                **members,
+       mach_msg_type_number_t          *membersCnt)
+{
+       kern_return_t kr;
+
+       ipc_space_t space = convert_port_to_space_check_type(port, NULL, TASK_FLAVOR_READ, FALSE);
+
+       if (space == IPC_SPACE_NULL) {
+               return KERN_INVALID_ARGUMENT;
+       }
+
+       kr = mach_port_get_set_status(space, name, members, membersCnt);
+
+       ipc_space_release(space);
+       return kr;
+}
+
 /*
  *     Routine:        mach_port_move_member [kernel call]
  *     Purpose:
 /*
  *     Routine:        mach_port_move_member [kernel call]
  *     Purpose:
@@ -1371,22 +1489,24 @@ mach_port_get_set_status(
 
 kern_return_t
 mach_port_move_member(
 
 kern_return_t
 mach_port_move_member(
-       ipc_space_t             space,
-       mach_port_name_t        member,
-       mach_port_name_t        after)
+       ipc_space_t             space,
+       mach_port_name_t        member,
+       mach_port_name_t        after)
 {
 {
-       ipc_entry_t entry;
+       ipc_object_t port_obj, ps_obj;
        ipc_port_t port;
        ipc_port_t port;
-       ipc_pset_t nset;
+       ipc_pset_t nset = IPS_NULL;
        kern_return_t kr;
        uint64_t wq_link_id = 0;
        uint64_t wq_reserved_prepost = 0;
 
        kern_return_t kr;
        uint64_t wq_link_id = 0;
        uint64_t wq_reserved_prepost = 0;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(member))
+       if (!MACH_PORT_VALID(member)) {
                return KERN_INVALID_RIGHT;
                return KERN_INVALID_RIGHT;
+       }
 
        if (after == MACH_PORT_DEAD) {
                return KERN_INVALID_RIGHT;
 
        if (after == MACH_PORT_DEAD) {
                return KERN_INVALID_RIGHT;
@@ -1404,59 +1524,41 @@ mach_port_move_member(
                 */
                wq_link_id = waitq_link_reserve(NULL);
                wq_reserved_prepost = waitq_prepost_reserve(NULL, 10,
                 */
                wq_link_id = waitq_link_reserve(NULL);
                wq_reserved_prepost = waitq_prepost_reserve(NULL, 10,
-                                                           WAITQ_DONT_LOCK);
+                   WAITQ_DONT_LOCK);
                kr = ipc_pset_lazy_allocate(space, after);
                kr = ipc_pset_lazy_allocate(space, after);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        goto done;
                        goto done;
+               }
        }
 
        }
 
-       kr = ipc_right_lookup_read(space, member, &entry);
-       if (kr != KERN_SUCCESS)
-               goto done;
-       /* space is read-locked and active */
-
-       if ((entry->ie_bits & MACH_PORT_TYPE_RECEIVE) == 0) {
-               is_read_unlock(space);
-               kr = KERN_INVALID_RIGHT;
+       if (after != MACH_PORT_NULL) {
+               kr = ipc_object_translate_two(space,
+                   member, MACH_PORT_RIGHT_RECEIVE, &port_obj,
+                   after, MACH_PORT_RIGHT_PORT_SET, &ps_obj);
+       } else {
+               kr = ipc_object_translate(space,
+                   member, MACH_PORT_RIGHT_RECEIVE, &port_obj);
+       }
+       if (kr != KERN_SUCCESS) {
                goto done;
        }
 
                goto done;
        }
 
-       __IGNORE_WCASTALIGN(port = (ipc_port_t) entry->ie_object);
-       assert(port != IP_NULL);
-
-       if (after == MACH_PORT_NULL)
-               nset = IPS_NULL;
-       else {
-               entry = ipc_entry_lookup(space, after);
-               if (entry == IE_NULL) {
-                       is_read_unlock(space);
-                       kr = KERN_INVALID_NAME;
-                       goto done;
-               }
-
-               if ((entry->ie_bits & MACH_PORT_TYPE_PORT_SET) == 0) {
-                       is_read_unlock(space);
-                       kr = KERN_INVALID_RIGHT;
-                       goto done;
-               }
-
-               __IGNORE_WCASTALIGN(nset = (ipc_pset_t) entry->ie_object);
-               assert(nset != IPS_NULL);
+       port = ip_object_to_port(port_obj);
+       if (after != MACH_PORT_NULL) {
+               nset = ips_object_to_pset(ps_obj);
        }
        }
-       ip_lock(port);
-       assert(ip_active(port));
+       /* port and nset are locked */
+
        ipc_pset_remove_from_all(port);
 
        ipc_pset_remove_from_all(port);
 
-       if (nset != IPS_NULL) {
-               ips_lock(nset);
+       if (after != MACH_PORT_NULL) {
                kr = ipc_pset_add(nset, port, &wq_link_id, &wq_reserved_prepost);
                ips_unlock(nset);
        }
                kr = ipc_pset_add(nset, port, &wq_link_id, &wq_reserved_prepost);
                ips_unlock(nset);
        }
-       ip_unlock(port);
-       is_read_unlock(space);
 
 
- done:
+       ip_unlock(port);
 
 
+done:
        /*
         * on success the ipc_pset_add() will consume the wq_link_id
         * value (resetting it to 0), so this function is always safe to call.
        /*
         * on success the ipc_pset_add() will consume the wq_link_id
         * value (resetting it to 0), so this function is always safe to call.
@@ -1503,6 +1605,7 @@ mach_port_move_member(
  *             KERN_INVALID_CAPABILITY The notify port is dead.
  *     MACH_NOTIFY_PORT_DESTROYED:
  *             KERN_INVALID_VALUE      Sync isn't zero.
  *             KERN_INVALID_CAPABILITY The notify port is dead.
  *     MACH_NOTIFY_PORT_DESTROYED:
  *             KERN_INVALID_VALUE      Sync isn't zero.
+ *             KERN_FAILURE            Re-registering for this notification
  *     MACH_NOTIFY_DEAD_NAME:
  *             KERN_RESOURCE_SHORTAGE  Couldn't allocate memory.
  *             KERN_INVALID_ARGUMENT   Name denotes dead name, but
  *     MACH_NOTIFY_DEAD_NAME:
  *             KERN_RESOURCE_SHORTAGE  Couldn't allocate memory.
  *             KERN_INVALID_ARGUMENT   Name denotes dead name, but
@@ -1513,119 +1616,139 @@ mach_port_move_member(
 
 kern_return_t
 mach_port_request_notification(
 
 kern_return_t
 mach_port_request_notification(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_msg_id_t           id,
-       mach_port_mscount_t     sync,
-       ipc_port_t              notify,
-       ipc_port_t              *previousp)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_msg_id_t           id,
+       mach_port_mscount_t     sync,
+       ipc_port_t              notify,
+       ipc_port_t              *previousp)
 {
        kern_return_t kr;
 
 {
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (notify == IP_DEAD)
+       if (notify == IP_DEAD) {
                return KERN_INVALID_CAPABILITY;
                return KERN_INVALID_CAPABILITY;
+       }
 
 
-#if    NOTYET
+#if     NOTYET
        /*
         *      Requesting notifications on RPC ports is an error.
         */
        {
                ipc_port_t port;
        /*
         *      Requesting notifications on RPC ports is an error.
         */
        {
                ipc_port_t port;
-               ipc_entry_t entry;      
+               ipc_entry_t entry;
 
 
-               kr = ipc_right_lookup_write(space, name, &entry);       
-               if (kr != KERN_SUCCESS)
+               kr = ipc_right_lookup_write(space, name, &entry);
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
 
 
-               port = (ipc_port_t) entry->ie_object;
+               port = ip_object_to_port(entry->ie_object);
 
                if (port->ip_subsystem != NULL) {
                        is_write_unlock(space);
 
                if (port->ip_subsystem != NULL) {
                        is_write_unlock(space);
-                       panic("mach_port_request_notification: on RPC port!!"); 
+                       panic("mach_port_request_notification: on RPC port!!");
                        return KERN_INVALID_CAPABILITY;
                }
                is_write_unlock(space);
        }
                        return KERN_INVALID_CAPABILITY;
                }
                is_write_unlock(space);
        }
-#endif         /* NOTYET */
+#endif  /* NOTYET */
 
 
        switch (id) {
 
 
        switch (id) {
-           case MACH_NOTIFY_PORT_DESTROYED: {
-               ipc_port_t port, previous;
+       case MACH_NOTIFY_PORT_DESTROYED: {
+               ipc_port_t port;
 
 
-               if (sync != 0)
+               if (sync != 0) {
                        return KERN_INVALID_VALUE;
                        return KERN_INVALID_VALUE;
+               }
 
 
-               if (!MACH_PORT_VALID(name))
+               if (!MACH_PORT_VALID(name)) {
                        return KERN_INVALID_RIGHT;
                        return KERN_INVALID_RIGHT;
+               }
 
                kr = ipc_port_translate_receive(space, name, &port);
 
                kr = ipc_port_translate_receive(space, name, &port);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
                /* port is locked and active */
 
                /* port is locked and active */
 
-               /* you cannot register for port death notifications on a kobject */
-               if (ip_kotype(port) != IKOT_NONE) {
+               /*
+                * you cannot register for port death notifications on a kobject,
+                * kolabel or special reply port
+                */
+               if (ip_is_kobject(port) || ip_is_kolabeled(port) ||
+                   port->ip_specialreply) {
                        ip_unlock(port);
                        return KERN_INVALID_RIGHT;
                }
 
                        ip_unlock(port);
                        return KERN_INVALID_RIGHT;
                }
 
-               ipc_port_pdrequest(port, notify, &previous);
-               /* port is unlocked */
+               /* Allow only one registeration of this notification */
+               if (port->ip_pdrequest != IP_NULL) {
+                       ip_unlock(port);
+                       mach_port_guard_exception(name, 0, 0, kGUARD_EXC_KERN_FAILURE);
+                       return KERN_FAILURE;
+               }
 
 
-               *previousp = previous;
+               ipc_port_pdrequest(port, notify, previousp);
+               /* port is unlocked */
+               assert(*previousp == IP_NULL);
                break;
                break;
-           }
+       }
 
 
-           case MACH_NOTIFY_NO_SENDERS: {
+       case MACH_NOTIFY_NO_SENDERS: {
                ipc_port_t port;
 
                ipc_port_t port;
 
-               if (!MACH_PORT_VALID(name))
+               if (!MACH_PORT_VALID(name)) {
                        return KERN_INVALID_RIGHT;
                        return KERN_INVALID_RIGHT;
+               }
 
                kr = ipc_port_translate_receive(space, name, &port);
 
                kr = ipc_port_translate_receive(space, name, &port);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
                /* port is locked and active */
 
                ipc_port_nsrequest(port, sync, notify, previousp);
                /* port is unlocked */
                break;
                /* port is locked and active */
 
                ipc_port_nsrequest(port, sync, notify, previousp);
                /* port is unlocked */
                break;
-           }
+       }
 
 
-           case MACH_NOTIFY_SEND_POSSIBLE:
+       case MACH_NOTIFY_SEND_POSSIBLE:
 
 
-               if (!MACH_PORT_VALID(name)) {
-                       return KERN_INVALID_ARGUMENT;
+               if (!MACH_PORT_VALID(name)) {
+                       return KERN_INVALID_ARGUMENT;
                }
 
                kr = ipc_right_request_alloc(space, name, sync != 0,
                }
 
                kr = ipc_right_request_alloc(space, name, sync != 0,
-                                            TRUE, notify, previousp);
-               if (kr != KERN_SUCCESS)
+                   TRUE, notify, previousp);
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
                break;
 
                break;
 
-           case MACH_NOTIFY_DEAD_NAME:
+       case MACH_NOTIFY_DEAD_NAME:
 
 
-               if (!MACH_PORT_VALID(name)) {
+               if (!MACH_PORT_VALID(name)) {
                        /*
                         * Already dead.
                         * Should do immediate delivery check -
                         * will do that in the near future.
                         */
                        /*
                         * Already dead.
                         * Should do immediate delivery check -
                         * will do that in the near future.
                         */
-                       return KERN_INVALID_ARGUMENT;
+                       return KERN_INVALID_ARGUMENT;
                }
 
                kr = ipc_right_request_alloc(space, name, sync != 0,
                }
 
                kr = ipc_right_request_alloc(space, name, sync != 0,
-                                            FALSE, notify, previousp);
-               if (kr != KERN_SUCCESS)
+                   FALSE, notify, previousp);
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
                break;
 
                break;
 
-           default:
+       default:
                return KERN_INVALID_VALUE;
        }
 
                return KERN_INVALID_VALUE;
        }
 
@@ -1655,23 +1778,26 @@ mach_port_request_notification(
 
 kern_return_t
 mach_port_insert_right(
 
 kern_return_t
 mach_port_insert_right(
-       ipc_space_t                     space,
-       mach_port_name_t                name,
-       ipc_port_t                      poly,
-       mach_msg_type_name_t            polyPoly)
+       ipc_space_t                     space,
+       mach_port_name_t                name,
+       ipc_port_t                      poly,
+       mach_msg_type_name_t            polyPoly)
 {
 {
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
        if (!MACH_PORT_VALID(name) ||
 
        if (!MACH_PORT_VALID(name) ||
-           !MACH_MSG_TYPE_PORT_ANY_RIGHT(polyPoly))
+           !MACH_MSG_TYPE_PORT_ANY_RIGHT(polyPoly)) {
                return KERN_INVALID_VALUE;
                return KERN_INVALID_VALUE;
+       }
 
 
-       if (!IO_VALID((ipc_object_t) poly))
+       if (!IP_VALID(poly)) {
                return KERN_INVALID_CAPABILITY;
                return KERN_INVALID_CAPABILITY;
+       }
 
 
-       return ipc_object_copyout_name(space, (ipc_object_t) poly, 
-                                      polyPoly, FALSE, name);
+       return ipc_object_copyout_name(space, ip_to_object(poly),
+                  polyPoly, name);
 }
 
 /*
 }
 
 /*
@@ -1692,19 +1818,21 @@ mach_port_insert_right(
 
 kern_return_t
 mach_port_extract_right(
 
 kern_return_t
 mach_port_extract_right(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_msg_type_name_t    msgt_name,
-       ipc_port_t              *poly,
-       mach_msg_type_name_t    *polyPoly)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_msg_type_name_t    msgt_name,
+       ipc_port_t              *poly,
+       mach_msg_type_name_t    *polyPoly)
 {
        kern_return_t kr;
 
 {
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_MSG_TYPE_PORT_ANY(msgt_name))
+       if (!MACH_MSG_TYPE_PORT_ANY(msgt_name)) {
                return KERN_INVALID_VALUE;
                return KERN_INVALID_VALUE;
+       }
 
        if (!MACH_PORT_VALID(name)) {
                /*
 
        if (!MACH_PORT_VALID(name)) {
                /*
@@ -1715,10 +1843,12 @@ mach_port_extract_right(
                return KERN_INVALID_RIGHT;
        }
 
                return KERN_INVALID_RIGHT;
        }
 
-       kr = ipc_object_copyin(space, name, msgt_name, (ipc_object_t *) poly);
+       kr = ipc_object_copyin(space, name, msgt_name, (ipc_object_t *) poly, 0, NULL,
+           IPC_KMSG_FLAGS_ALLOW_IMMOVABLE_SEND);
 
 
-       if (kr == KERN_SUCCESS)
+       if (kr == KERN_SUCCESS) {
                *polyPoly = ipc_object_copyin_type(msgt_name);
                *polyPoly = ipc_object_copyin_type(msgt_name);
+       }
        return kr;
 }
 
        return kr;
 }
 
@@ -1732,9 +1862,10 @@ mach_port_extract_right(
  *     Returns:
  *             None.
  */
  *     Returns:
  *             None.
  */
-void mach_port_get_status_helper(
-       ipc_port_t              port,
-       mach_port_status_t      *statusp)
+static void
+mach_port_get_status_helper(
+       ipc_port_t              port,
+       mach_port_status_t      *statusp)
 {
        imq_lock(&port->ip_messages);
        /* don't leak set IDs, just indicate that the port is in one or not */
 {
        imq_lock(&port->ip_messages);
        /* don't leak set IDs, just indicate that the port is in one or not */
@@ -1764,105 +1895,121 @@ void mach_port_get_status_helper(
                if (port->ip_strict_guard) {
                        statusp->mps_flags |= MACH_PORT_STATUS_FLAG_STRICT_GUARD;
                }
                if (port->ip_strict_guard) {
                        statusp->mps_flags |= MACH_PORT_STATUS_FLAG_STRICT_GUARD;
                }
+               if (port->ip_immovable_receive) {
+                       statusp->mps_flags |= MACH_PORT_STATUS_FLAG_GUARD_IMMOVABLE_RECEIVE;
+               }
+       }
+       if (port->ip_no_grant) {
+               statusp->mps_flags |= MACH_PORT_STATUS_FLAG_NO_GRANT;
        }
        return;
 }
 
        }
        return;
 }
 
-
-
 kern_return_t
 mach_port_get_attributes(
 kern_return_t
 mach_port_get_attributes(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       int                     flavor,
-        mach_port_info_t       info,
-        mach_msg_type_number_t *count)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       int                     flavor,
+       mach_port_info_t        info,
+       mach_msg_type_number_t  *count)
 {
        ipc_port_t port;
        kern_return_t kr;
 
 {
        ipc_port_t port;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-        switch (flavor) {
-        case MACH_PORT_LIMITS_INFO: {
-                mach_port_limits_t *lp = (mach_port_limits_t *)info;
+       switch (flavor) {
+       case MACH_PORT_LIMITS_INFO: {
+               mach_port_limits_t *lp = (mach_port_limits_t *)info;
 
 
-                if (*count < MACH_PORT_LIMITS_INFO_COUNT)
-                        return KERN_FAILURE;
+               if (*count < MACH_PORT_LIMITS_INFO_COUNT) {
+                       return KERN_FAILURE;
+               }
 
 
-                if (!MACH_PORT_VALID(name)) {
+               if (!MACH_PORT_VALID(name)) {
                        *count = 0;
                        break;
                }
                        *count = 0;
                        break;
                }
-                       
-                kr = ipc_port_translate_receive(space, name, &port);
-                if (kr != KERN_SUCCESS)
-                        return kr;
-                /* port is locked and active */
 
 
-                lp->mpl_qlimit = port->ip_messages.imq_qlimit;
-                *count = MACH_PORT_LIMITS_INFO_COUNT;
-                ip_unlock(port);
-                break;
-        }
+               kr = ipc_port_translate_receive(space, name, &port);
+               if (kr != KERN_SUCCESS) {
+                       return kr;
+               }
+               /* port is locked and active */
+
+               lp->mpl_qlimit = port->ip_messages.imq_qlimit;
+               *count = MACH_PORT_LIMITS_INFO_COUNT;
+               ip_unlock(port);
+               break;
+       }
 
 
-        case MACH_PORT_RECEIVE_STATUS: {
+       case MACH_PORT_RECEIVE_STATUS: {
                mach_port_status_t *statusp = (mach_port_status_t *)info;
                mach_port_status_t *statusp = (mach_port_status_t *)info;
-               
-               if (*count < MACH_PORT_RECEIVE_STATUS_COUNT)
+
+               if (*count < MACH_PORT_RECEIVE_STATUS_COUNT) {
                        return KERN_FAILURE;
                        return KERN_FAILURE;
+               }
 
 
-               if (!MACH_PORT_VALID(name))
+               if (!MACH_PORT_VALID(name)) {
                        return KERN_INVALID_RIGHT;
                        return KERN_INVALID_RIGHT;
+               }
 
                kr = ipc_port_translate_receive(space, name, &port);
 
                kr = ipc_port_translate_receive(space, name, &port);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
                /* port is locked and active */
                mach_port_get_status_helper(port, statusp);
                *count = MACH_PORT_RECEIVE_STATUS_COUNT;
                ip_unlock(port);
                break;
        }
                /* port is locked and active */
                mach_port_get_status_helper(port, statusp);
                *count = MACH_PORT_RECEIVE_STATUS_COUNT;
                ip_unlock(port);
                break;
        }
-       
+
        case MACH_PORT_DNREQUESTS_SIZE: {
        case MACH_PORT_DNREQUESTS_SIZE: {
-               ipc_port_request_t      table;
-               
-                if (*count < MACH_PORT_DNREQUESTS_SIZE_COUNT)
-                        return KERN_FAILURE;
+               ipc_port_request_t      table;
+
+               if (*count < MACH_PORT_DNREQUESTS_SIZE_COUNT) {
+                       return KERN_FAILURE;
+               }
 
                if (!MACH_PORT_VALID(name)) {
                        *(int *)info = 0;
                        break;
                }
 
 
                if (!MACH_PORT_VALID(name)) {
                        *(int *)info = 0;
                        break;
                }
 
-                kr = ipc_port_translate_receive(space, name, &port);
-                if (kr != KERN_SUCCESS)
-                        return kr;
-                /* port is locked and active */
-               
+               kr = ipc_port_translate_receive(space, name, &port);
+               if (kr != KERN_SUCCESS) {
+                       return kr;
+               }
+               /* port is locked and active */
+
                table = port->ip_requests;
                table = port->ip_requests;
-               if (table == IPR_NULL)
+               if (table == IPR_NULL) {
                        *(int *)info = 0;
                        *(int *)info = 0;
-               else
+               } else {
                        *(int *)info = table->ipr_size->its_size;
                        *(int *)info = table->ipr_size->its_size;
-                *count = MACH_PORT_DNREQUESTS_SIZE_COUNT;
-                ip_unlock(port);
+               }
+               *count = MACH_PORT_DNREQUESTS_SIZE_COUNT;
+               ip_unlock(port);
                break;
        }
 
        case MACH_PORT_INFO_EXT: {
                mach_port_info_ext_t *mp_info = (mach_port_info_ext_t *)info;
                break;
        }
 
        case MACH_PORT_INFO_EXT: {
                mach_port_info_ext_t *mp_info = (mach_port_info_ext_t *)info;
-               if (*count < MACH_PORT_INFO_EXT_COUNT)
+               if (*count < MACH_PORT_INFO_EXT_COUNT) {
                        return KERN_FAILURE;
                        return KERN_FAILURE;
-                       
-               if (!MACH_PORT_VALID(name))
+               }
+
+               if (!MACH_PORT_VALID(name)) {
                        return KERN_INVALID_RIGHT;
                        return KERN_INVALID_RIGHT;
-               
+               }
+
                kr = ipc_port_translate_receive(space, name, &port);
                kr = ipc_port_translate_receive(space, name, &port);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
                /* port is locked and active */
                mach_port_get_status_helper(port, &mp_info->mpie_status);
                mp_info->mpie_boost_cnt = port->ip_impcount;
                /* port is locked and active */
                mach_port_get_status_helper(port, &mp_info->mpie_status);
                mp_info->mpie_boost_cnt = port->ip_impcount;
@@ -1871,86 +2018,118 @@ mach_port_get_attributes(
                break;
        }
 
                break;
        }
 
-        default:
+       default:
                return KERN_INVALID_ARGUMENT;
                return KERN_INVALID_ARGUMENT;
-                /*NOTREACHED*/
-        }                
+               /*NOTREACHED*/
+       }
 
        return KERN_SUCCESS;
 }
 
 
        return KERN_SUCCESS;
 }
 
+kern_return_t
+mach_port_get_attributes_from_user(
+       mach_port_t             port,
+       mach_port_name_t        name,
+       int                     flavor,
+       mach_port_info_t        info,
+       mach_msg_type_number_t  *count)
+{
+       kern_return_t kr;
+
+       ipc_space_t space = convert_port_to_space_check_type(port, NULL, TASK_FLAVOR_READ, FALSE);
+
+       if (space == IPC_SPACE_NULL) {
+               return KERN_INVALID_ARGUMENT;
+       }
+
+       kr = mach_port_get_attributes(space, name, flavor, info, count);
+
+       ipc_space_release(space);
+       return kr;
+}
+
 kern_return_t
 mach_port_set_attributes(
 kern_return_t
 mach_port_set_attributes(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       int                     flavor,
-        mach_port_info_t       info,
-        mach_msg_type_number_t count)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       int                     flavor,
+       mach_port_info_t        info,
+       mach_msg_type_number_t  count)
 {
        ipc_port_t port;
        kern_return_t kr;
 {
        ipc_port_t port;
        kern_return_t kr;
-        
-       if (space == IS_NULL)
+
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
+
+       switch (flavor) {
+       case MACH_PORT_LIMITS_INFO: {
+               mach_port_limits_t *mplp = (mach_port_limits_t *)info;
+
+               if (count < MACH_PORT_LIMITS_INFO_COUNT) {
+                       return KERN_FAILURE;
+               }
 
 
-        switch (flavor) {
-                
-        case MACH_PORT_LIMITS_INFO: {
-                mach_port_limits_t *mplp = (mach_port_limits_t *)info;
-                
-                if (count < MACH_PORT_LIMITS_INFO_COUNT)
-                        return KERN_FAILURE;
-                
-                if (mplp->mpl_qlimit > MACH_PORT_QLIMIT_MAX)
-                        return KERN_INVALID_VALUE;
-
-               if (!MACH_PORT_VALID(name))
+               if (mplp->mpl_qlimit > MACH_PORT_QLIMIT_MAX) {
+                       return KERN_INVALID_VALUE;
+               }
+
+               if (!MACH_PORT_VALID(name)) {
                        return KERN_INVALID_RIGHT;
                        return KERN_INVALID_RIGHT;
+               }
 
 
-                kr = ipc_port_translate_receive(space, name, &port);
-                if (kr != KERN_SUCCESS)
-                        return kr;
-                /* port is locked and active */
+               kr = ipc_port_translate_receive(space, name, &port);
+               if (kr != KERN_SUCCESS) {
+                       return kr;
+               }
+               /* port is locked and active */
 
 
-                ipc_mqueue_set_qlimit(&port->ip_messages, mplp->mpl_qlimit);
-                ip_unlock(port);
-                break;
-        }
+               ipc_mqueue_set_qlimit(&port->ip_messages, mplp->mpl_qlimit);
+               ip_unlock(port);
+               break;
+       }
        case MACH_PORT_DNREQUESTS_SIZE: {
        case MACH_PORT_DNREQUESTS_SIZE: {
-                if (count < MACH_PORT_DNREQUESTS_SIZE_COUNT)
-                        return KERN_FAILURE;
+               if (count < MACH_PORT_DNREQUESTS_SIZE_COUNT) {
+                       return KERN_FAILURE;
+               }
 
 
-               if (!MACH_PORT_VALID(name))
+               if (!MACH_PORT_VALID(name)) {
                        return KERN_INVALID_RIGHT;
                        return KERN_INVALID_RIGHT;
-                
-                kr = ipc_port_translate_receive(space, name, &port);
-                if (kr != KERN_SUCCESS)
-                        return kr;
-                /* port is locked and active */
-               
+               }
+
+               kr = ipc_port_translate_receive(space, name, &port);
+               if (kr != KERN_SUCCESS) {
+                       return kr;
+               }
+               /* port is locked and active */
+
                kr = ipc_port_request_grow(port, *(int *)info);
                kr = ipc_port_request_grow(port, *(int *)info);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
                break;
        }
        case MACH_PORT_TEMPOWNER:
                break;
        }
        case MACH_PORT_TEMPOWNER:
-               if (!MACH_PORT_VALID(name))
+               if (!MACH_PORT_VALID(name)) {
                        return KERN_INVALID_RIGHT;
                        return KERN_INVALID_RIGHT;
+               }
 
                ipc_importance_task_t release_imp_task = IIT_NULL;
                natural_t assertcnt = 0;
 
                kr = ipc_port_translate_receive(space, name, &port);
 
                ipc_importance_task_t release_imp_task = IIT_NULL;
                natural_t assertcnt = 0;
 
                kr = ipc_port_translate_receive(space, name, &port);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
                /* port is locked and active */
 
                /* port is locked and active */
 
-               /* 
+               /*
                 * don't allow temp-owner importance donation if user
                 * associated it with a kobject already (timer, host_notify target),
                 * or is a special reply port.
                 */
                 * don't allow temp-owner importance donation if user
                 * associated it with a kobject already (timer, host_notify target),
                 * or is a special reply port.
                 */
-               if (is_ipc_kobject(ip_kotype(port)) || port->ip_specialreply) {
+               if (ip_is_kobject(port) || port->ip_specialreply) {
                        ip_unlock(port);
                        return KERN_INVALID_ARGUMENT;
                }
                        ip_unlock(port);
                        return KERN_INVALID_ARGUMENT;
                }
@@ -1973,8 +2152,9 @@ mach_port_set_attributes(
                /* drop assertions from previous destination task */
                if (release_imp_task != IIT_NULL) {
                        assert(ipc_importance_task_is_any_receiver_type(release_imp_task));
                /* drop assertions from previous destination task */
                if (release_imp_task != IIT_NULL) {
                        assert(ipc_importance_task_is_any_receiver_type(release_imp_task));
-                       if (assertcnt > 0)
+                       if (assertcnt > 0) {
                                ipc_importance_task_drop_internal_assertion(release_imp_task, assertcnt);
                                ipc_importance_task_drop_internal_assertion(release_imp_task, assertcnt);
+                       }
                        ipc_importance_task_release(release_imp_task);
                } else if (assertcnt > 0) {
                        release_imp_task = current_task()->task_imp_base;
                        ipc_importance_task_release(release_imp_task);
                } else if (assertcnt > 0) {
                        release_imp_task = current_task()->task_imp_base;
@@ -1984,8 +2164,9 @@ mach_port_set_attributes(
                        }
                }
 #else
                        }
                }
 #else
-               if (release_imp_task != IIT_NULL)
+               if (release_imp_task != IIT_NULL) {
                        ipc_importance_task_release(release_imp_task);
                        ipc_importance_task_release(release_imp_task);
+               }
 #endif /* IMPORTANCE_INHERITANCE */
 
                break;
 #endif /* IMPORTANCE_INHERITANCE */
 
                break;
@@ -1993,19 +2174,21 @@ mach_port_set_attributes(
 #if IMPORTANCE_INHERITANCE
        case MACH_PORT_DENAP_RECEIVER:
        case MACH_PORT_IMPORTANCE_RECEIVER:
 #if IMPORTANCE_INHERITANCE
        case MACH_PORT_DENAP_RECEIVER:
        case MACH_PORT_IMPORTANCE_RECEIVER:
-               if (!MACH_PORT_VALID(name))
+               if (!MACH_PORT_VALID(name)) {
                        return KERN_INVALID_RIGHT;
                        return KERN_INVALID_RIGHT;
+               }
 
                kr = ipc_port_translate_receive(space, name, &port);
 
                kr = ipc_port_translate_receive(space, name, &port);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        return kr;
                        return kr;
+               }
 
 
-               /* 
+               /*
                 * don't allow importance donation if user associated
                 * it with a kobject already (timer, host_notify target),
                 * or is a special reply port.
                 */
                 * don't allow importance donation if user associated
                 * it with a kobject already (timer, host_notify target),
                 * or is a special reply port.
                 */
-               if (is_ipc_kobject(ip_kotype(port)) || port->ip_specialreply) {
+               if (ip_is_kobject(port) || port->ip_specialreply) {
                        ip_unlock(port);
                        return KERN_INVALID_ARGUMENT;
                }
                        ip_unlock(port);
                        return KERN_INVALID_ARGUMENT;
                }
@@ -2017,10 +2200,10 @@ mach_port_set_attributes(
                break;
 #endif /* IMPORTANCE_INHERITANCE */
 
                break;
 #endif /* IMPORTANCE_INHERITANCE */
 
-        default:
+       default:
                return KERN_INVALID_ARGUMENT;
                return KERN_INVALID_ARGUMENT;
-                /*NOTREACHED*/
-        }
+               /*NOTREACHED*/
+       }
        return KERN_SUCCESS;
 }
 
        return KERN_SUCCESS;
 }
 
@@ -2045,9 +2228,9 @@ mach_port_set_attributes(
 
 kern_return_t
 mach_port_insert_member(
 
 kern_return_t
 mach_port_insert_member(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_port_name_t        psname)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_port_name_t        psname)
 {
        ipc_object_t obj;
        ipc_object_t psobj;
 {
        ipc_object_t obj;
        ipc_object_t psobj;
@@ -2055,37 +2238,41 @@ mach_port_insert_member(
        uint64_t wq_link_id;
        uint64_t wq_reserved_prepost;
 
        uint64_t wq_link_id;
        uint64_t wq_reserved_prepost;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name) || !MACH_PORT_VALID(psname))
+       if (!MACH_PORT_VALID(name) || !MACH_PORT_VALID(psname)) {
                return KERN_INVALID_RIGHT;
                return KERN_INVALID_RIGHT;
+       }
 
        wq_link_id = waitq_link_reserve(NULL);
        wq_reserved_prepost = waitq_prepost_reserve(NULL, 10,
 
        wq_link_id = waitq_link_reserve(NULL);
        wq_reserved_prepost = waitq_prepost_reserve(NULL, 10,
-                                                   WAITQ_DONT_LOCK);
+           WAITQ_DONT_LOCK);
        kr = ipc_pset_lazy_allocate(space, psname);
        kr = ipc_pset_lazy_allocate(space, psname);
-       if (kr != KERN_SUCCESS)
+       if (kr != KERN_SUCCESS) {
                goto done;
                goto done;
+       }
 
 
 
 
-       kr = ipc_object_translate_two(space, 
-                                     name, MACH_PORT_RIGHT_RECEIVE, &obj,
-                                     psname, MACH_PORT_RIGHT_PORT_SET, &psobj);
-       if (kr != KERN_SUCCESS)
+       kr = ipc_object_translate_two(space,
+           name, MACH_PORT_RIGHT_RECEIVE, &obj,
+           psname, MACH_PORT_RIGHT_PORT_SET, &psobj);
+       if (kr != KERN_SUCCESS) {
                goto done;
                goto done;
+       }
 
        /* obj and psobj are locked (and were locked in that order) */
        assert(psobj != IO_NULL);
        assert(obj != IO_NULL);
 
 
        /* obj and psobj are locked (and were locked in that order) */
        assert(psobj != IO_NULL);
        assert(obj != IO_NULL);
 
-       __IGNORE_WCASTALIGN(kr = ipc_pset_add((ipc_pset_t)psobj, (ipc_port_t)obj,
-                                           &wq_link_id, &wq_reserved_prepost));
+       kr = ipc_pset_add(ips_object_to_pset(psobj), ip_object_to_port(obj),
+           &wq_link_id, &wq_reserved_prepost);
 
        io_unlock(psobj);
        io_unlock(obj);
 
 
        io_unlock(psobj);
        io_unlock(obj);
 
- done:
+done:
        /* on success, wq_link_id is reset to 0, so this is always safe */
        waitq_link_release(wq_link_id);
        waitq_prepost_release_reserve(wq_reserved_prepost);
        /* on success, wq_link_id is reset to 0, so this is always safe */
        waitq_link_release(wq_link_id);
        waitq_prepost_release_reserve(wq_reserved_prepost);
@@ -2113,31 +2300,34 @@ mach_port_insert_member(
 
 kern_return_t
 mach_port_extract_member(
 
 kern_return_t
 mach_port_extract_member(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_port_name_t        psname)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_port_name_t        psname)
 {
        ipc_object_t psobj;
        ipc_object_t obj;
        kern_return_t kr;
 
 {
        ipc_object_t psobj;
        ipc_object_t obj;
        kern_return_t kr;
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name) || !MACH_PORT_VALID(psname))
+       if (!MACH_PORT_VALID(name) || !MACH_PORT_VALID(psname)) {
                return KERN_INVALID_RIGHT;
                return KERN_INVALID_RIGHT;
+       }
 
 
-       kr = ipc_object_translate_two(space, 
-                                     name, MACH_PORT_RIGHT_RECEIVE, &obj,
-                                     psname, MACH_PORT_RIGHT_PORT_SET, &psobj);
-       if (kr != KERN_SUCCESS)
+       kr = ipc_object_translate_two(space,
+           name, MACH_PORT_RIGHT_RECEIVE, &obj,
+           psname, MACH_PORT_RIGHT_PORT_SET, &psobj);
+       if (kr != KERN_SUCCESS) {
                return kr;
                return kr;
+       }
 
        /* obj and psobj are both locked (and were locked in that order) */
        assert(psobj != IO_NULL);
        assert(obj != IO_NULL);
 
 
        /* obj and psobj are both locked (and were locked in that order) */
        assert(psobj != IO_NULL);
        assert(obj != IO_NULL);
 
-       __IGNORE_WCASTALIGN(kr = ipc_pset_remove((ipc_pset_t)psobj, (ipc_port_t)obj));
+       kr = ipc_pset_remove(ips_object_to_pset(psobj), ip_object_to_port(obj));
 
        io_unlock(psobj);
        io_unlock(obj);
 
        io_unlock(psobj);
        io_unlock(obj);
@@ -2152,13 +2342,14 @@ mach_port_extract_member(
  */
 kern_return_t
 task_set_port_space(
  */
 kern_return_t
 task_set_port_space(
-       ipc_space_t     space,
-       int             table_entries)
+       ipc_space_t     space,
+       int             table_entries)
 {
        kern_return_t kr;
 {
        kern_return_t kr;
-       
-       if (space == IS_NULL)
+
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
        is_write_lock(space);
 
 
        is_write_lock(space);
 
@@ -2168,8 +2359,9 @@ task_set_port_space(
        }
 
        kr = ipc_entry_grow_table(space, table_entries);
        }
 
        kr = ipc_entry_grow_table(space, table_entries);
-       if (kr == KERN_SUCCESS)
+       if (kr == KERN_SUCCESS) {
                is_write_unlock(space);
                is_write_unlock(space);
+       }
        return kr;
 }
 
        return kr;
 }
 
@@ -2185,16 +2377,27 @@ task_set_port_space(
  */
 static kern_return_t
 mach_port_guard_locked(
  */
 static kern_return_t
 mach_port_guard_locked(
-       ipc_port_t              port,
-       uint64_t                guard,
-       boolean_t               strict)
+       ipc_port_t              port,
+       uint64_t                guard,
+       uint64_t                flags)
 {
 {
-       if (port->ip_context)
+       if (port->ip_context) {
                return KERN_INVALID_ARGUMENT;
                return KERN_INVALID_ARGUMENT;
+       }
 
 
+       int strict = (flags & MPG_STRICT)? 1 : 0;
+       int immovable_receive = (flags & MPG_IMMOVABLE_RECEIVE)? 1 : 0;
+
+       imq_lock(&port->ip_messages);
        port->ip_context = guard;
        port->ip_guarded = 1;
        port->ip_context = guard;
        port->ip_guarded = 1;
-       port->ip_strict_guard = (strict)?1:0;
+       port->ip_strict_guard = strict;
+       /* ip_immovable_receive bit is sticky and can't be un-guarded */
+       if (!port->ip_immovable_receive) {
+               port->ip_immovable_receive = immovable_receive;
+       }
+       imq_unlock(&port->ip_messages);
+
        return KERN_SUCCESS;
 }
 
        return KERN_SUCCESS;
 }
 
@@ -2211,9 +2414,9 @@ mach_port_guard_locked(
  */
 static kern_return_t
 mach_port_unguard_locked(
  */
 static kern_return_t
 mach_port_unguard_locked(
-       ipc_port_t              port,
-       mach_port_name_t        name,
-       uint64_t                guard)
+       ipc_port_t              port,
+       mach_port_name_t        name,
+       uint64_t                guard)
 {
        /* Port locked and active */
        if (!port->ip_guarded) {
 {
        /* Port locked and active */
        if (!port->ip_guarded) {
@@ -2228,8 +2431,12 @@ mach_port_unguard_locked(
                return KERN_INVALID_ARGUMENT;
        }
 
                return KERN_INVALID_ARGUMENT;
        }
 
+       imq_lock(&port->ip_messages);
        port->ip_context = 0;
        port->ip_guarded = port->ip_strict_guard = 0;
        port->ip_context = 0;
        port->ip_guarded = port->ip_strict_guard = 0;
+       /* Don't clear the ip_immovable_receive bit */
+       imq_unlock(&port->ip_messages);
+
        return KERN_SUCCESS;
 }
 
        return KERN_SUCCESS;
 }
 
@@ -2246,10 +2453,10 @@ mach_port_unguard_locked(
  */
 void
 mach_port_guard_exception(
  */
 void
 mach_port_guard_exception(
-       mach_port_name_t        name,
-       __unused uint64_t       inguard,
-       uint64_t                        portguard,
-       unsigned                        reason)
+       mach_port_name_t        name,
+       __unused uint64_t       inguard,
+       uint64_t                        portguard,
+       unsigned                        reason)
 {
        mach_exception_code_t code = 0;
        EXC_GUARD_ENCODE_TYPE(code, GUARD_TYPE_MACH_PORT);
 {
        mach_exception_code_t code = 0;
        EXC_GUARD_ENCODE_TYPE(code, GUARD_TYPE_MACH_PORT);
@@ -2257,7 +2464,13 @@ mach_port_guard_exception(
        EXC_GUARD_ENCODE_TARGET(code, name);
        mach_exception_subcode_t subcode = (uint64_t)portguard;
        thread_t t = current_thread();
        EXC_GUARD_ENCODE_TARGET(code, name);
        mach_exception_subcode_t subcode = (uint64_t)portguard;
        thread_t t = current_thread();
-       thread_guard_violation(t, code, subcode);
+       boolean_t fatal = FALSE;
+       if (t->task->task_exc_guard & TASK_EXC_GUARD_MP_FATAL) {
+               fatal = TRUE;
+       } else if (reason <= MAX_FATAL_kGUARD_EXC_CODE) {
+               fatal = TRUE;
+       }
+       thread_guard_violation(t, code, subcode, fatal);
 }
 
 
 }
 
 
@@ -2273,7 +2486,7 @@ mach_port_guard_exception(
 
 void
 mach_port_guard_ast(thread_t t,
 
 void
 mach_port_guard_ast(thread_t t,
-       mach_exception_data_type_t code, mach_exception_data_type_t subcode)
+    mach_exception_data_type_t code, mach_exception_data_type_t subcode)
 {
        unsigned int reason = EXC_GUARD_DECODE_GUARD_FLAVOR(code);
        task_t task = t->task;
 {
        unsigned int reason = EXC_GUARD_DECODE_GUARD_FLAVOR(code);
        task_t task = t->task;
@@ -2282,14 +2495,17 @@ mach_port_guard_ast(thread_t t,
        assert(task != kernel_task);
 
        switch (reason) {
        assert(task != kernel_task);
 
        switch (reason) {
-               /*
-                * Fatal Mach port guards - always delivered synchronously
-                */
+       /*
+        * Fatal Mach port guards - always delivered synchronously
+        */
        case kGUARD_EXC_DESTROY:
        case kGUARD_EXC_MOD_REFS:
        case kGUARD_EXC_SET_CONTEXT:
        case kGUARD_EXC_UNGUARDED:
        case kGUARD_EXC_INCORRECT_GUARD:
        case kGUARD_EXC_DESTROY:
        case kGUARD_EXC_MOD_REFS:
        case kGUARD_EXC_SET_CONTEXT:
        case kGUARD_EXC_UNGUARDED:
        case kGUARD_EXC_INCORRECT_GUARD:
+       case kGUARD_EXC_IMMOVABLE:
+       case kGUARD_EXC_STRICT_REPLY:
+       case kGUARD_EXC_MSG_FILTERED:
                task_exception_notify(EXC_GUARD, code, subcode);
                task_bsdtask_kill(task);
                break;
                task_exception_notify(EXC_GUARD, code, subcode);
                task_bsdtask_kill(task);
                break;
@@ -2350,31 +2566,69 @@ mach_port_guard_ast(thread_t t,
 
 kern_return_t
 mach_port_construct(
 
 kern_return_t
 mach_port_construct(
-       ipc_space_t             space,
-       mach_port_options_t     *options,
-       uint64_t                context,
-       mach_port_name_t        *name)
+       ipc_space_t             space,
+       mach_port_options_t     *options,
+       uint64_t                context,
+       mach_port_name_t        *name)
 {
 {
-       kern_return_t           kr;
-       ipc_port_t              port;
+       kern_return_t           kr;
+       ipc_port_t              port;
+       ipc_port_init_flags_t   init_flags = IPC_PORT_INIT_MESSAGE_QUEUE;
 
 
-       if (space == IS_NULL)
-               return (KERN_INVALID_TASK);
+       if (space == IS_NULL) {
+               return KERN_INVALID_TASK;
+       }
+
+       if (options->flags & MPO_INSERT_SEND_RIGHT) {
+               init_flags |= IPC_PORT_INIT_MAKE_SEND_RIGHT;
+       }
+
+       if (options->flags & MPO_FILTER_MSG) {
+               init_flags |= IPC_PORT_INIT_FILTER_MESSAGE;
+       }
+
+       if (options->flags & MPO_TG_BLOCK_TRACKING) {
+               /* Check the task role to allow only TASK_GRAPHICS_SERVER to set this option */
+               if (proc_get_effective_task_policy(current_task(),
+                   TASK_POLICY_ROLE) != TASK_GRAPHICS_SERVER) {
+                       return KERN_DENIED;
+               }
+
+               /*
+                * Check the work interval port passed in to make sure it is the render server type.
+                * Since the creation of the render server work interval is privileged, this check
+                * acts as a guard to make sure only the render server is setting the thread group
+                * blocking behavior on the port.
+                */
+               mach_port_name_t wi_port_name = options->work_interval_port;
+               if (work_interval_port_type_render_server(wi_port_name) == false) {
+                       return KERN_INVALID_ARGUMENT;
+               }
+               init_flags |= IPC_PORT_INIT_TG_BLOCK_TRACKING;
+       }
 
        /* Allocate a new port in the IPC space */
 
        /* Allocate a new port in the IPC space */
-       kr = ipc_port_alloc(space, name, &port);
-       if (kr != KERN_SUCCESS)
+       kr = ipc_port_alloc(space, init_flags, name, &port);
+       if (kr != KERN_SUCCESS) {
                return kr;
                return kr;
-       
+       }
+
        /* Port locked and active */
        if (options->flags & MPO_CONTEXT_AS_GUARD) {
        /* Port locked and active */
        if (options->flags & MPO_CONTEXT_AS_GUARD) {
-               kr = mach_port_guard_locked(port, (uint64_t) context, (options->flags & MPO_STRICT));
+               uint64_t flags = 0;
+               if (options->flags & MPO_STRICT) {
+                       flags |= MPG_STRICT;
+               }
+               if (options->flags & MPO_IMMOVABLE_RECEIVE) {
+                       flags |= MPG_IMMOVABLE_RECEIVE;
+               }
+               kr = mach_port_guard_locked(port, (uint64_t) context, flags);
                /* A newly allocated and locked port should always be guarded successfully */
                assert(kr == KERN_SUCCESS);
        } else {
                port->ip_context = context;
        }
                /* A newly allocated and locked port should always be guarded successfully */
                assert(kr == KERN_SUCCESS);
        } else {
                port->ip_context = context;
        }
-       
+
        /* Unlock port */
        ip_unlock(port);
 
        /* Unlock port */
        ip_unlock(port);
 
@@ -2382,44 +2636,39 @@ mach_port_construct(
 
        if (options->flags & MPO_QLIMIT) {
                kr = mach_port_set_attributes(space, *name, MACH_PORT_LIMITS_INFO,
 
        if (options->flags & MPO_QLIMIT) {
                kr = mach_port_set_attributes(space, *name, MACH_PORT_LIMITS_INFO,
-                                             (mach_port_info_t)&options->mpl, sizeof(options->mpl)/sizeof(int));
-               if (kr != KERN_SUCCESS)
-                       goto cleanup;   
+                   (mach_port_info_t)&options->mpl, sizeof(options->mpl) / sizeof(int));
+               if (kr != KERN_SUCCESS) {
+                       goto cleanup;
+               }
        }
 
        if (options->flags & MPO_TEMPOWNER) {
                kr = mach_port_set_attributes(space, *name, MACH_PORT_TEMPOWNER, NULL, 0);
        }
 
        if (options->flags & MPO_TEMPOWNER) {
                kr = mach_port_set_attributes(space, *name, MACH_PORT_TEMPOWNER, NULL, 0);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        goto cleanup;
                        goto cleanup;
+               }
        }
 
        if (options->flags & MPO_IMPORTANCE_RECEIVER) {
                kr = mach_port_set_attributes(space, *name, MACH_PORT_IMPORTANCE_RECEIVER, NULL, 0);
        }
 
        if (options->flags & MPO_IMPORTANCE_RECEIVER) {
                kr = mach_port_set_attributes(space, *name, MACH_PORT_IMPORTANCE_RECEIVER, NULL, 0);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        goto cleanup;
                        goto cleanup;
+               }
        }
 
        if (options->flags & MPO_DENAP_RECEIVER) {
                kr = mach_port_set_attributes(space, *name, MACH_PORT_DENAP_RECEIVER, NULL, 0);
        }
 
        if (options->flags & MPO_DENAP_RECEIVER) {
                kr = mach_port_set_attributes(space, *name, MACH_PORT_DENAP_RECEIVER, NULL, 0);
-               if (kr != KERN_SUCCESS)
-                       goto cleanup;
-       }
-
-       if (options->flags & MPO_INSERT_SEND_RIGHT) {
-               kr = ipc_object_copyin(space, *name, MACH_MSG_TYPE_MAKE_SEND, (ipc_object_t *)&port);
-               if (kr != KERN_SUCCESS)
-                       goto cleanup;
-
-               kr = mach_port_insert_right(space, *name, port, MACH_MSG_TYPE_PORT_SEND);
-               if (kr != KERN_SUCCESS)
+               if (kr != KERN_SUCCESS) {
                        goto cleanup;
                        goto cleanup;
+               }
        }
 
        return KERN_SUCCESS;
 
 cleanup:
        /* Attempt to destroy port. If its already destroyed by some other thread, we're done */
        }
 
        return KERN_SUCCESS;
 
 cleanup:
        /* Attempt to destroy port. If its already destroyed by some other thread, we're done */
-       (void) mach_port_destruct(space, *name, 0, context);
+       (void) mach_port_destruct(space, *name,
+           (options->flags & MPO_INSERT_SEND_RIGHT) ? -1 : 0, context);
        return kr;
 }
 
        return kr;
 }
 
@@ -2442,19 +2691,21 @@ cleanup:
 
 kern_return_t
 mach_port_destruct(
 
 kern_return_t
 mach_port_destruct(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       mach_port_delta_t       srdelta,
-       uint64_t                guard)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       mach_port_delta_t       srdelta,
+       uint64_t                guard)
 {
 {
-       kern_return_t           kr;
-       ipc_entry_t             entry;
+       kern_return_t           kr;
+       ipc_entry_t             entry;
 
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_NAME;
                return KERN_INVALID_NAME;
+       }
 
        /* Remove reference for receive right */
        kr = ipc_right_lookup_write(space, name, &entry);
 
        /* Remove reference for receive right */
        kr = ipc_right_lookup_write(space, name, &entry);
@@ -2463,7 +2714,7 @@ mach_port_destruct(
                return kr;
        }
        /* space is write-locked and active */
                return kr;
        }
        /* space is write-locked and active */
-       kr = ipc_right_destruct(space, name, entry, srdelta, guard);    /* unlocks */
+       kr = ipc_right_destruct(space, name, entry, srdelta, guard);    /* unlocks */
 
        return kr;
 }
 
        return kr;
 }
@@ -2485,32 +2736,39 @@ mach_port_destruct(
  */
 kern_return_t
 mach_port_guard(
  */
 kern_return_t
 mach_port_guard(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       uint64_t                guard,
-       boolean_t               strict)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       uint64_t                guard,
+       boolean_t               strict)
 {
 {
-       kern_return_t           kr;
-       ipc_port_t              port;
+       kern_return_t           kr;
+       ipc_port_t              port;
+       uint64_t flags = 0;
 
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_NAME;
                return KERN_INVALID_NAME;
+       }
 
        /* Guard can be applied only to receive rights */
        kr = ipc_port_translate_receive(space, name, &port);
        if (kr != KERN_SUCCESS) {
                mach_port_guard_exception(name, 0, 0,
 
        /* Guard can be applied only to receive rights */
        kr = ipc_port_translate_receive(space, name, &port);
        if (kr != KERN_SUCCESS) {
                mach_port_guard_exception(name, 0, 0,
-                                         ((KERN_INVALID_NAME == kr) ?
-                                          kGUARD_EXC_INVALID_NAME :
-                                          kGUARD_EXC_INVALID_RIGHT));
+                   ((KERN_INVALID_NAME == kr) ?
+                   kGUARD_EXC_INVALID_NAME :
+                   kGUARD_EXC_INVALID_RIGHT));
                return kr;
        }
 
        /* Port locked and active */
                return kr;
        }
 
        /* Port locked and active */
-       kr = mach_port_guard_locked(port, guard, strict);
+       if (strict) {
+               flags = MPG_STRICT;
+       }
+
+       kr = mach_port_guard_locked(port, guard, flags);
        ip_unlock(port);
 
        if (KERN_INVALID_ARGUMENT == kr) {
        ip_unlock(port);
 
        if (KERN_INVALID_ARGUMENT == kr) {
@@ -2537,26 +2795,27 @@ mach_port_guard(
  */
 kern_return_t
 mach_port_unguard(
  */
 kern_return_t
 mach_port_unguard(
-       ipc_space_t             space,
-       mach_port_name_t        name,
-       uint64_t                guard)
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       uint64_t                guard)
 {
 {
-       
-       kern_return_t           kr;
-       ipc_port_t              port;
+       kern_return_t           kr;
+       ipc_port_t              port;
 
 
-       if (space == IS_NULL)
+       if (space == IS_NULL) {
                return KERN_INVALID_TASK;
                return KERN_INVALID_TASK;
+       }
 
 
-       if (!MACH_PORT_VALID(name))
+       if (!MACH_PORT_VALID(name)) {
                return KERN_INVALID_NAME;
                return KERN_INVALID_NAME;
+       }
 
        kr = ipc_port_translate_receive(space, name, &port);
        if (kr != KERN_SUCCESS) {
                mach_port_guard_exception(name, 0, 0,
 
        kr = ipc_port_translate_receive(space, name, &port);
        if (kr != KERN_SUCCESS) {
                mach_port_guard_exception(name, 0, 0,
-                                         ((KERN_INVALID_NAME == kr) ?
-                                          kGUARD_EXC_INVALID_NAME :
-                                          kGUARD_EXC_INVALID_RIGHT));
+                   ((KERN_INVALID_NAME == kr) ?
+                   kGUARD_EXC_INVALID_NAME :
+                   kGUARD_EXC_INVALID_RIGHT));
                return kr;
        }
 
                return kr;
        }
 
@@ -2567,3 +2826,130 @@ mach_port_unguard(
        return kr;
 }
 
        return kr;
 }
 
+/*
+ *     Routine:        mach_port_guard_with_flags [kernel call]
+ *     Purpose:
+ *             Guard a mach port with specified guard value and guard flags.
+ *             The context field of the port is used as the guard.
+ *     Conditions:
+ *             Should hold receive right for that port
+ *     Returns:
+ *             KERN_SUCCESS            The name is destroyed.
+ *             KERN_INVALID_TASK       The space is null.
+ *             KERN_INVALID_TASK       The space is dead.
+ *             KERN_INVALID_NAME       The name doesn't denote a right.
+ *             KERN_INVALID_RIGHT      The right isn't correct.
+ *             KERN_INVALID_ARGUMENT   Port already contains a context/guard.
+ *             KERN_INVALID_CAPABILITY Cannot set MPG_IMMOVABLE_RECEIVE flag for a port with
+ *                                     a movable port-destroyed notification port
+ */
+kern_return_t
+mach_port_guard_with_flags(
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       uint64_t                guard,
+       uint64_t                flags)
+{
+       kern_return_t           kr;
+       ipc_port_t              port;
+
+       if (space == IS_NULL) {
+               return KERN_INVALID_TASK;
+       }
+
+       if (!MACH_PORT_VALID(name)) {
+               return KERN_INVALID_NAME;
+       }
+
+       kr = ipc_port_translate_receive(space, name, &port);
+       if (kr != KERN_SUCCESS) {
+               mach_port_guard_exception(name, 0, 0,
+                   ((KERN_INVALID_NAME == kr) ?
+                   kGUARD_EXC_INVALID_NAME :
+                   kGUARD_EXC_INVALID_RIGHT));
+               return kr;
+       }
+
+       /* Port locked and active */
+       kr = mach_port_guard_locked(port, guard, flags);
+       ip_unlock(port);
+
+       if (KERN_INVALID_ARGUMENT == kr) {
+               mach_port_guard_exception(name, 0, 0, kGUARD_EXC_INVALID_ARGUMENT);
+       }
+
+       return kr;
+}
+
+/*
+ *     Routine:        mach_port_swap_guard [kernel call]
+ *     Purpose:
+ *             Swap guard value.
+ *     Conditions:
+ *             Port should already be guarded.
+ *     Returns:
+ *             KERN_SUCCESS            The name is destroyed.
+ *             KERN_INVALID_TASK       The space is null.
+ *             KERN_INVALID_TASK       The space is dead.
+ *             KERN_INVALID_NAME       The name doesn't denote a right.
+ *             KERN_INVALID_RIGHT      The right isn't correct.
+ *             KERN_INVALID_ARGUMENT   Port doesn't contain a guard; is strictly guarded
+ *                                     or the old_guard doesnt match the context
+ */
+kern_return_t
+mach_port_swap_guard(
+       ipc_space_t             space,
+       mach_port_name_t        name,
+       uint64_t                old_guard,
+       uint64_t                new_guard)
+{
+       kern_return_t           kr;
+       ipc_port_t              port;
+
+       if (space == IS_NULL) {
+               return KERN_INVALID_TASK;
+       }
+
+       if (!MACH_PORT_VALID(name)) {
+               return KERN_INVALID_NAME;
+       }
+
+       kr = ipc_port_translate_receive(space, name, &port);
+       if (kr != KERN_SUCCESS) {
+               mach_port_guard_exception(name, 0, 0,
+                   ((KERN_INVALID_NAME == kr) ?
+                   kGUARD_EXC_INVALID_NAME :
+                   kGUARD_EXC_INVALID_RIGHT));
+               return kr;
+       }
+
+       /* Port locked and active */
+       if (!port->ip_guarded) {
+               ip_unlock(port);
+               mach_port_guard_exception(name, old_guard, 0, kGUARD_EXC_UNGUARDED);
+               return KERN_INVALID_ARGUMENT;
+       }
+
+       if (port->ip_strict_guard) {
+               uint64_t portguard = port->ip_context;
+               ip_unlock(port);
+               /* For strictly guarded ports, disallow overwriting context; Raise Exception */
+               mach_port_guard_exception(name, old_guard, portguard, kGUARD_EXC_SET_CONTEXT);
+               return KERN_INVALID_ARGUMENT;
+       }
+
+       if (port->ip_context != old_guard) {
+               uint64_t portguard = port->ip_context;
+               ip_unlock(port);
+               mach_port_guard_exception(name, old_guard, portguard, kGUARD_EXC_INCORRECT_GUARD);
+               return KERN_INVALID_ARGUMENT;
+       }
+
+       imq_lock(&port->ip_messages);
+       port->ip_context = new_guard;
+       imq_unlock(&port->ip_messages);
+
+       ip_unlock(port);
+
+       return KERN_SUCCESS;
+}
mirror of XNU