/*
- * Copyright (c) 2000-2003 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2009 Apple Inc. All rights reserved.
*
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License"). You may not use this file except in compliance with the
- * License. Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
*
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
- * License for the specific language governing rights and limitations
- * under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
*
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
/*
* @OSF_COPYRIGHT@
*/
#include <mach/message.h>
#include <mach/mach_traps.h>
-#include <mach/etap_events.h>
#include <mach/mach_host_server.h>
+#include <mach/host_priv_server.h>
#include <kern/host.h>
#include <kern/processor.h>
-#include <kern/lock.h>
#include <kern/task.h>
#include <kern/thread.h>
#include <kern/ipc_host.h>
#include <ipc/ipc_port.h>
#include <ipc/ipc_space.h>
+#if CONFIG_MACF
+#include <security/mac_mach_internal.h>
+#endif
+
/*
* Forward declarations
*/
-void
-ipc_processor_terminate(
- processor_t processor);
-
-void
-ipc_processor_disable(
- processor_t processor);
-
boolean_t
ref_pset_port_locked(
ipc_port_t port, boolean_t matchn, processor_set_t *ppset);
* ipc_host_init: set up various things.
*/
+extern lck_grp_t host_notify_lock_grp;
+extern lck_attr_t host_notify_lock_attr;
+
void ipc_host_init(void)
{
ipc_port_t port;
int i;
- mutex_init(&realhost.lock, ETAP_MISC_MASTER);
+ lck_mtx_init(&realhost.lock, &host_notify_lock_grp, &host_notify_lock_attr);
/*
* Allocate and set up the two host ports.
/* the rest of the special ports will be set up later */
+ bzero(&realhost.exc_actions[0], sizeof(realhost.exc_actions[0]));
for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
realhost.exc_actions[i].port = IP_NULL;
- }/* for */
+ /* The mac framework is not yet initialized, so we defer
+ * initializing the labels to later, when they are set
+ * for the first time. */
+ realhost.exc_actions[i].label = NULL;
+ /* initialize the entire exception action struct */
+ realhost.exc_actions[i].behavior = 0;
+ realhost.exc_actions[i].flavor = 0;
+ realhost.exc_actions[i].privileged = FALSE;
+ }/* for */
/*
* Set up ipc for default processor set.
*/
- ipc_pset_init(&default_pset);
- ipc_pset_enable(&default_pset);
+ ipc_pset_init(&pset0);
+ ipc_pset_enable(&pset0);
/*
* And for master processor
*/
mach_port_name_t
-host_self_trap(void)
+host_self_trap(
+ __unused struct host_self_trap_args *args)
{
+ task_t self = current_task();
ipc_port_t sright;
+ mach_port_name_t name;
- sright = ipc_port_copy_send(current_task()->itk_host);
- return ipc_port_copyout_send(sright, current_space());
+ itk_lock(self);
+ sright = ipc_port_copy_send(self->itk_host);
+ itk_unlock(self);
+ name = ipc_port_copyout_send(sright, current_space());
+ return name;
}
/*
myport = processor->processor_self;
ipc_kobject_set(myport, (ipc_kobject_t) processor, IKOT_PROCESSOR);
}
-
-/*
- * ipc_processor_disable:
- *
- * Disable ipc control of processor by clearing port object.
- */
-void
-ipc_processor_disable(
- processor_t processor)
-{
- ipc_port_t myport;
-
- myport = processor->processor_self;
- if (myport == IP_NULL)
- return;
- ipc_kobject_set(myport, IKO_NULL, IKOT_NONE);
-}
-
-/*
- * ipc_processor_terminate:
- *
- * Processor is off-line. Destroy ipc control port.
- */
-void
-ipc_processor_terminate(
- processor_t processor)
-{
- ipc_port_t myport;
- spl_t s;
-
- s = splsched();
- processor_lock(processor);
- myport = processor->processor_self;
- if (myport == IP_NULL) {
- processor_unlock(processor);
- splx(s);
- return;
- }
-
- processor->processor_self = IP_NULL;
- processor_unlock(processor);
- splx(s);
-
- ipc_port_dealloc_kernel(myport);
-}
/*
* ipc_pset_init:
ipc_pset_enable(
processor_set_t pset)
{
- pset_lock(pset);
- if (pset->active) {
- ipc_kobject_set(pset->pset_self,
- (ipc_kobject_t) pset, IKOT_PSET);
- ipc_kobject_set(pset->pset_name_self,
- (ipc_kobject_t) pset, IKOT_PSET_NAME);
- pset->ref_count += 2;
- }
- pset_unlock(pset);
-}
-
-/*
- * ipc_pset_disable:
- *
- * Disable ipc access to a processor set by clearing the port objects.
- * Caller must hold pset lock and a reference to the pset. Ok to
- * just decrement pset reference count as a result.
- */
-void
-ipc_pset_disable(
- processor_set_t pset)
-{
- ipc_kobject_set(pset->pset_self, IKO_NULL, IKOT_NONE);
- ipc_kobject_set(pset->pset_name_self, IKO_NULL, IKOT_NONE);
- pset->ref_count -= 2;
-}
-
-/*
- * ipc_pset_terminate:
- *
- * Processor set is dead. Deallocate the ipc control structures.
- */
-void
-ipc_pset_terminate(
- processor_set_t pset)
-{
- ipc_port_dealloc_kernel(pset->pset_self);
- ipc_port_dealloc_kernel(pset->pset_name_self);
+ ipc_kobject_set(pset->pset_self, (ipc_kobject_t) pset, IKOT_PSET);
+ ipc_kobject_set(pset->pset_name_self, (ipc_kobject_t) pset, IKOT_PSET_NAME);
}
/*
- * processor_set_default, processor_set_default_priv:
+ * processor_set_default:
*
- * Return ports for manipulating default_processor set. MiG code
- * differentiates between these two routines.
+ * Return ports for manipulating default_processor set.
*/
kern_return_t
processor_set_default(
if (host == HOST_NULL)
return(KERN_INVALID_ARGUMENT);
- *pset = &default_pset;
- pset_reference(*pset);
- return(KERN_SUCCESS);
+ *pset = &pset0;
+
+ return (KERN_SUCCESS);
}
/*
host_t host = HOST_NULL;
if (IP_VALID(port)) {
- ip_lock(port);
- if (ip_active(port) &&
- ((ip_kotype(port) == IKOT_HOST) ||
- (ip_kotype(port) == IKOT_HOST_PRIV)
- ))
+ if (ip_kotype(port) == IKOT_HOST ||
+ ip_kotype(port) == IKOT_HOST_PRIV) {
host = (host_t) port->ip_kobject;
- ip_unlock(port);
+ assert(ip_active(port));
+ }
}
-
return host;
}
pset = PROCESSOR_SET_NULL;
if (ip_active(port) &&
((ip_kotype(port) == IKOT_PSET) ||
- (matchn && (ip_kotype(port) == IKOT_PSET_NAME)))) {
+ (matchn && (ip_kotype(port) == IKOT_PSET_NAME)))) {
pset = (processor_set_t) port->ip_kobject;
- if (!pset_lock_try(pset)) {
- ip_unlock(port);
- mutex_pause();
- return (FALSE);
- }
- pset->ref_count++;
- pset_unlock(pset);
}
+
*ppset = pset;
ip_unlock(port);
+
return (TRUE);
}
* Purpose:
* Convert from a processor to a port.
* Produces a naked send right which may be invalid.
+ * Processors are not reference counted, so nothing to release.
* Conditions:
* Nothing locked.
*/
convert_processor_to_port(
processor_t processor)
{
- ipc_port_t port;
- spl_t s;
-
- s = splsched();
- processor_lock(processor);
-
- if (processor->processor_self != IP_NULL)
- port = ipc_port_make_send(processor->processor_self);
- else
- port = IP_NULL;
-
- processor_unlock(processor);
- splx(s);
+ ipc_port_t port = processor->processor_self;
+ if (port != IP_NULL)
+ port = ipc_port_make_send(port);
return port;
}
* Routine: convert_pset_to_port
* Purpose:
* Convert from a pset to a port.
- * Consumes a pset ref; produces a naked send right
- * which may be invalid.
+ * Produces a naked send right which may be invalid.
+ * Processor sets are not reference counted, so nothing to release.
* Conditions:
* Nothing locked.
*/
convert_pset_to_port(
processor_set_t pset)
{
- ipc_port_t port;
+ ipc_port_t port = pset->pset_self;
- pset_lock(pset);
- if (pset->active)
- port = ipc_port_make_send(pset->pset_self);
- else
- port = IP_NULL;
- pset_unlock(pset);
+ if (port != IP_NULL)
+ port = ipc_port_make_send(port);
- pset_deallocate(pset);
return port;
}
* Routine: convert_pset_name_to_port
* Purpose:
* Convert from a pset to a port.
- * Consumes a pset ref; produces a naked send right
- * which may be invalid.
+ * Produces a naked send right which may be invalid.
+ * Processor sets are not reference counted, so nothing to release.
* Conditions:
* Nothing locked.
*/
convert_pset_name_to_port(
processor_set_name_t pset)
{
- ipc_port_t port;
+ ipc_port_t port = pset->pset_name_self;
- pset_lock(pset);
- if (pset->active)
- port = ipc_port_make_send(pset->pset_name_self);
- else
- port = IP_NULL;
- pset_unlock(pset);
+ if (port != IP_NULL)
+ port = ipc_port_make_send(port);
- pset_deallocate(pset);
return port;
}
*/
kern_return_t
host_set_exception_ports(
- host_priv_t host_priv,
+ host_priv_t host_priv,
exception_mask_t exception_mask,
ipc_port_t new_port,
exception_behavior_t new_behavior,
thread_state_flavor_t new_flavor)
{
- register int i;
+ int i;
ipc_port_t old_port[EXC_TYPES_COUNT];
+#if CONFIG_MACF
+ struct label *deferred_labels[EXC_TYPES_COUNT];
+ struct label *new_label;
+#endif
+
if (host_priv == HOST_PRIV_NULL) {
return KERN_INVALID_ARGUMENT;
}
- assert(host_priv == &realhost);
-
- if (exception_mask & ~EXC_MASK_ALL) {
+ if (exception_mask & ~EXC_MASK_VALID) {
return KERN_INVALID_ARGUMENT;
}
if (IP_VALID(new_port)) {
- switch (new_behavior) {
+ switch (new_behavior & ~MACH_EXCEPTION_CODES) {
case EXCEPTION_DEFAULT:
case EXCEPTION_STATE:
case EXCEPTION_STATE_IDENTITY:
return KERN_INVALID_ARGUMENT;
}
}
- /* Cannot easily check "new_flavor", but that just means that
- * the flavor in the generated exception message might be garbage:
- * GIGO
+
+ /*
+ * Check the validity of the thread_state_flavor by calling the
+ * VALID_THREAD_STATE_FLAVOR architecture dependent macro defined in
+ * osfmk/mach/ARCHITECTURE/thread_status.h
*/
+ if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor))
+ return (KERN_INVALID_ARGUMENT);
+
+#if CONFIG_MACF
+ if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0)
+ return KERN_NO_ACCESS;
+
+ new_label = mac_exc_create_label_for_current_proc();
+
+ for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
+ if (host_priv->exc_actions[i].label == NULL) {
+ deferred_labels[i] = mac_exc_create_label();
+ } else {
+ deferred_labels[i] = NULL;
+ }
+ }
+#endif
+
+ assert(host_priv == &realhost);
+
host_lock(host_priv);
for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
- if (exception_mask & (1 << i)) {
+#if CONFIG_MACF
+ if (host_priv->exc_actions[i].label == NULL) {
+ // Lazy initialization (see ipc_port_init).
+ mac_exc_associate_action_label(&host_priv->exc_actions[i], deferred_labels[i]);
+ deferred_labels[i] = NULL; // Label is used, do not free.
+ }
+#endif
+
+ if ((exception_mask & (1 << i))
+#if CONFIG_MACF
+ && mac_exc_update_action_label(&host_priv->exc_actions[i], new_label) == 0
+#endif
+ ) {
old_port[i] = host_priv->exc_actions[i].port;
+
host_priv->exc_actions[i].port =
ipc_port_copy_send(new_port);
host_priv->exc_actions[i].behavior = new_behavior;
host_priv->exc_actions[i].flavor = new_flavor;
- } else
+ } else {
old_port[i] = IP_NULL;
+ }
}/* for */
/*
* Consume send rights without any lock held.
*/
host_unlock(host_priv);
- for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++)
+
+#if CONFIG_MACF
+ mac_exc_free_label(new_label);
+#endif
+
+ for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
if (IP_VALID(old_port[i]))
ipc_port_release_send(old_port[i]);
+#if CONFIG_MACF
+ if (deferred_labels[i] != NULL) {
+ /* Deferred label went unused: Another thread has completed the lazy initialization. */
+ mac_exc_free_label(deferred_labels[i]);
+ }
+#endif
+ }
if (IP_VALID(new_port)) /* consume send right */
ipc_port_release_send(new_port);
exception_behavior_array_t behaviors,
thread_state_flavor_array_t flavors )
{
- register int i,
- j,
- count;
+ unsigned int i, j, count;
if (host_priv == HOST_PRIV_NULL)
return KERN_INVALID_ARGUMENT;
- if (exception_mask & ~EXC_MASK_ALL) {
+ if (exception_mask & ~EXC_MASK_VALID) {
return KERN_INVALID_ARGUMENT;
}
kern_return_t
host_swap_exception_ports(
- host_priv_t host_priv,
+ host_priv_t host_priv,
exception_mask_t exception_mask,
ipc_port_t new_port,
exception_behavior_t new_behavior,
exception_behavior_array_t behaviors,
thread_state_flavor_array_t flavors )
{
- register int i,
+ unsigned int i,
j,
count;
ipc_port_t old_port[EXC_TYPES_COUNT];
+#if CONFIG_MACF
+ struct label *deferred_labels[EXC_TYPES_COUNT];
+ struct label *new_label;
+#endif
+
if (host_priv == HOST_PRIV_NULL)
return KERN_INVALID_ARGUMENT;
- if (exception_mask & ~EXC_MASK_ALL) {
+ if (exception_mask & ~EXC_MASK_VALID) {
return KERN_INVALID_ARGUMENT;
}
return KERN_INVALID_ARGUMENT;
}
}
- /* Cannot easily check "new_flavor", but that just means that
- * the flavor in the generated exception message might be garbage:
- * GIGO */
- host_lock(host_priv);
+ if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor))
+ return (KERN_INVALID_ARGUMENT);
- count = 0;
+#if CONFIG_MACF
+ if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0)
+ return KERN_NO_ACCESS;
+ new_label = mac_exc_create_label_for_current_proc();
+
for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
- if (exception_mask & (1 << i)) {
+ if (host_priv->exc_actions[i].label == NULL) {
+ deferred_labels[i] = mac_exc_create_label();
+ } else {
+ deferred_labels[i] = NULL;
+ }
+ }
+#endif /* CONFIG_MACF */
+
+ host_lock(host_priv);
+
+ assert(EXC_TYPES_COUNT > FIRST_EXCEPTION);
+ for (count=0, i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT && count < *CountCnt; i++) {
+#if CONFIG_MACF
+ if (host_priv->exc_actions[i].label == NULL) {
+ // Lazy initialization (see ipc_port_init).
+ mac_exc_associate_action_label(&host_priv->exc_actions[i], deferred_labels[i]);
+ deferred_labels[i] = NULL; // Label is used, do not free.
+ }
+#endif
+
+ if ((exception_mask & (1 << i))
+#if CONFIG_MACF
+ && mac_exc_update_action_label(&host_priv->exc_actions[i], new_label) == 0
+#endif
+ ) {
for (j = 0; j < count; j++) {
/*
* search for an identical entry, if found
ipc_port_copy_send(new_port);
host_priv->exc_actions[i].behavior = new_behavior;
host_priv->exc_actions[i].flavor = new_flavor;
- if (count > *CountCnt) {
- break;
- }
- } else
+ } else {
old_port[i] = IP_NULL;
+ }
}/* for */
host_unlock(host_priv);
+#if CONFIG_MACF
+ mac_exc_free_label(new_label);
+#endif
+
/*
* Consume send rights without any lock held.
*/
- for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++)
+ while (--i >= FIRST_EXCEPTION) {
if (IP_VALID(old_port[i]))
ipc_port_release_send(old_port[i]);
+#if CONFIG_MACF
+ if (deferred_labels[i] != NULL) {
+ mac_exc_free_label(deferred_labels[i]); // Label unused.
+ }
+#endif
+ }
+
if (IP_VALID(new_port)) /* consume send right */
ipc_port_release_send(new_port);
*CountCnt = count;