]> git.saurik.com Git - apple/xnu.git/blobdiff - osfmk/kern/ipc_host.c
xnu-4903.241.1.tar.gz
[apple/xnu.git] / osfmk / kern / ipc_host.c
index 78c01a5432274ede75c72053f3e129164290f4f0..ca296055974d3aea3c6a7bb06c7db274239a966e 100644 (file)
@@ -1,23 +1,29 @@
 /*
- * Copyright (c) 2000-2003 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2009 Apple Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License").  You may not use this file except in compliance with the
- * License.  Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
  * 
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
- * License for the specific language governing rights and limitations
- * under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
  * 
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * @OSF_COPYRIGHT@
  */
 #include <mach/message.h>
 #include <mach/mach_traps.h>
-#include <mach/etap_events.h>
 #include <mach/mach_host_server.h>
+#include <mach/host_priv_server.h>
 #include <kern/host.h>
 #include <kern/processor.h>
-#include <kern/lock.h>
 #include <kern/task.h>
 #include <kern/thread.h>
 #include <kern/ipc_host.h>
 #include <ipc/ipc_port.h>
 #include <ipc/ipc_space.h>
 
+#if CONFIG_MACF
+#include <security/mac_mach_internal.h>
+#endif
+
 /*
  * Forward declarations
  */
 
-void
-ipc_processor_terminate(
-       processor_t     processor);
-
-void
-ipc_processor_disable(
-       processor_t     processor);
-
 boolean_t
 ref_pset_port_locked(
        ipc_port_t port, boolean_t matchn, processor_set_t *ppset);
@@ -91,12 +92,15 @@ ref_pset_port_locked(
  *     ipc_host_init: set up various things.
  */
 
+extern lck_grp_t               host_notify_lock_grp;
+extern lck_attr_t              host_notify_lock_attr;
+
 void ipc_host_init(void)
 {
        ipc_port_t      port;
        int i;
 
-       mutex_init(&realhost.lock, ETAP_MISC_MASTER);
+       lck_mtx_init(&realhost.lock, &host_notify_lock_grp, &host_notify_lock_attr);
 
        /*
         *      Allocate and set up the two host ports.
@@ -127,15 +131,24 @@ void ipc_host_init(void)
 
        /* the rest of the special ports will be set up later */
 
+       bzero(&realhost.exc_actions[0], sizeof(realhost.exc_actions[0]));
        for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
                        realhost.exc_actions[i].port = IP_NULL;
-               }/* for */
+                       /* The mac framework is not yet initialized, so we defer
+                        * initializing the labels to later, when they are set
+                        * for the first time. */
+                       realhost.exc_actions[i].label = NULL;
+                       /* initialize the entire exception action struct */
+                       realhost.exc_actions[i].behavior = 0;
+                       realhost.exc_actions[i].flavor = 0;
+                       realhost.exc_actions[i].privileged = FALSE;
+       }/* for */
 
        /*
         *      Set up ipc for default processor set.
         */
-       ipc_pset_init(&default_pset);
-       ipc_pset_enable(&default_pset);
+       ipc_pset_init(&pset0);
+       ipc_pset_enable(&pset0);
 
        /*
         *      And for master processor
@@ -156,12 +169,18 @@ void ipc_host_init(void)
  */
 
 mach_port_name_t
-host_self_trap(void)
+host_self_trap(
+       __unused struct host_self_trap_args *args)
 {
+       task_t self = current_task();
        ipc_port_t sright;
+       mach_port_name_t name;
 
-       sright = ipc_port_copy_send(current_task()->itk_host);
-       return ipc_port_copyout_send(sright, current_space());
+       itk_lock(self);
+       sright = ipc_port_copy_send(self->itk_host);
+       itk_unlock(self);
+       name = ipc_port_copyout_send(sright, current_space());
+       return name;
 }
 
 /*
@@ -196,51 +215,6 @@ ipc_processor_enable(
        myport = processor->processor_self;
        ipc_kobject_set(myport, (ipc_kobject_t) processor, IKOT_PROCESSOR);
 }
-
-/*
- *     ipc_processor_disable:
- *
- *     Disable ipc control of processor by clearing port object.
- */
-void
-ipc_processor_disable(
-       processor_t     processor)
-{
-       ipc_port_t      myport;
-
-       myport = processor->processor_self;
-       if (myport == IP_NULL)
-               return;
-       ipc_kobject_set(myport, IKO_NULL, IKOT_NONE);
-}
-
-/*
- *     ipc_processor_terminate:
- *
- *     Processor is off-line.  Destroy ipc control port.
- */
-void
-ipc_processor_terminate(
-       processor_t     processor)
-{
-       ipc_port_t      myport;
-       spl_t           s;
-
-       s = splsched();
-       processor_lock(processor);
-       myport = processor->processor_self;
-       if (myport == IP_NULL) {
-               processor_unlock(processor);
-               splx(s);
-               return;
-       }
-
-       processor->processor_self = IP_NULL;
-       processor_unlock(processor);
-       splx(s);
-
-       ipc_port_dealloc_kernel(myport);
-}
        
 /*
  *     ipc_pset_init:
@@ -274,51 +248,14 @@ void
 ipc_pset_enable(
        processor_set_t         pset)
 {
-       pset_lock(pset);
-       if (pset->active) {
-               ipc_kobject_set(pset->pset_self,
-                               (ipc_kobject_t) pset, IKOT_PSET);
-               ipc_kobject_set(pset->pset_name_self,
-                               (ipc_kobject_t) pset, IKOT_PSET_NAME);
-               pset->ref_count += 2;
-       }
-       pset_unlock(pset);
-}
-
-/*
- *     ipc_pset_disable:
- *
- *     Disable ipc access to a processor set by clearing the port objects.
- *     Caller must hold pset lock and a reference to the pset.  Ok to
- *     just decrement pset reference count as a result.
- */
-void
-ipc_pset_disable(
-       processor_set_t         pset)
-{
-       ipc_kobject_set(pset->pset_self, IKO_NULL, IKOT_NONE);
-       ipc_kobject_set(pset->pset_name_self, IKO_NULL, IKOT_NONE);
-       pset->ref_count -= 2;
-}
-
-/*
- *     ipc_pset_terminate:
- *
- *     Processor set is dead.  Deallocate the ipc control structures.
- */
-void
-ipc_pset_terminate(
-       processor_set_t         pset)
-{
-       ipc_port_dealloc_kernel(pset->pset_self);
-       ipc_port_dealloc_kernel(pset->pset_name_self);
+       ipc_kobject_set(pset->pset_self, (ipc_kobject_t) pset, IKOT_PSET);
+       ipc_kobject_set(pset->pset_name_self, (ipc_kobject_t) pset, IKOT_PSET_NAME);
 }
 
 /*
- *     processor_set_default, processor_set_default_priv:
+ *     processor_set_default:
  *
- *     Return ports for manipulating default_processor set.  MiG code
- *     differentiates between these two routines.
+ *     Return ports for manipulating default_processor set.
  */
 kern_return_t
 processor_set_default(
@@ -328,9 +265,9 @@ processor_set_default(
        if (host == HOST_NULL)
                return(KERN_INVALID_ARGUMENT);
 
-       *pset = &default_pset;
-       pset_reference(*pset);
-       return(KERN_SUCCESS);
+       *pset = &pset0;
+
+       return (KERN_SUCCESS);
 }
 
 /*
@@ -349,15 +286,12 @@ convert_port_to_host(
        host_t host = HOST_NULL;
 
        if (IP_VALID(port)) {
-               ip_lock(port);
-               if (ip_active(port) &&
-                   ((ip_kotype(port) == IKOT_HOST) ||
-                    (ip_kotype(port) == IKOT_HOST_PRIV) 
-                    ))
+               if (ip_kotype(port) == IKOT_HOST ||
+                   ip_kotype(port) == IKOT_HOST_PRIV) {
                        host = (host_t) port->ip_kobject;
-               ip_unlock(port);
+                       assert(ip_active(port));
+               }
        }
-
        return host;
 }
 
@@ -474,18 +408,13 @@ ref_pset_port_locked(ipc_port_t port, boolean_t matchn, processor_set_t *ppset)
        pset = PROCESSOR_SET_NULL;
        if (ip_active(port) &&
                ((ip_kotype(port) == IKOT_PSET) ||
-                (matchn && (ip_kotype(port) == IKOT_PSET_NAME)))) {
+                       (matchn && (ip_kotype(port) == IKOT_PSET_NAME)))) {
                pset = (processor_set_t) port->ip_kobject;
-               if (!pset_lock_try(pset)) {
-                       ip_unlock(port);
-                       mutex_pause();
-                       return (FALSE);
-               }
-               pset->ref_count++;
-               pset_unlock(pset);
        }
+
        *ppset = pset;
        ip_unlock(port);
+
        return (TRUE);
 }
 
@@ -513,6 +442,7 @@ convert_host_to_port(
  *     Purpose:
  *             Convert from a processor to a port.
  *             Produces a naked send right which may be invalid.
+ *             Processors are not reference counted, so nothing to release.
  *     Conditions:
  *             Nothing locked.
  */
@@ -521,20 +451,10 @@ ipc_port_t
 convert_processor_to_port(
        processor_t             processor)
 {
-       ipc_port_t port;
-       spl_t   s;
-
-       s = splsched();
-       processor_lock(processor);
-
-       if (processor->processor_self != IP_NULL)
-               port = ipc_port_make_send(processor->processor_self);
-       else
-               port = IP_NULL;
-
-       processor_unlock(processor);
-       splx(s);
+       ipc_port_t port = processor->processor_self;
 
+       if (port != IP_NULL)
+               port = ipc_port_make_send(port);
        return port;
 }
 
@@ -542,8 +462,8 @@ convert_processor_to_port(
  *     Routine:        convert_pset_to_port
  *     Purpose:
  *             Convert from a pset to a port.
- *             Consumes a pset ref; produces a naked send right
- *             which may be invalid.
+ *             Produces a naked send right which may be invalid.
+ *             Processor sets are not reference counted, so nothing to release.
  *     Conditions:
  *             Nothing locked.
  */
@@ -552,16 +472,11 @@ ipc_port_t
 convert_pset_to_port(
        processor_set_t         pset)
 {
-       ipc_port_t port;
+       ipc_port_t port = pset->pset_self;
 
-       pset_lock(pset);
-       if (pset->active)
-               port = ipc_port_make_send(pset->pset_self);
-       else
-               port = IP_NULL;
-       pset_unlock(pset);
+       if (port != IP_NULL)
+               port = ipc_port_make_send(port);
 
-       pset_deallocate(pset);
        return port;
 }
 
@@ -569,8 +484,8 @@ convert_pset_to_port(
  *     Routine:        convert_pset_name_to_port
  *     Purpose:
  *             Convert from a pset to a port.
- *             Consumes a pset ref; produces a naked send right
- *             which may be invalid.
+ *             Produces a naked send right which may be invalid.
+ *             Processor sets are not reference counted, so nothing to release.
  *     Conditions:
  *             Nothing locked.
  */
@@ -579,16 +494,11 @@ ipc_port_t
 convert_pset_name_to_port(
        processor_set_name_t            pset)
 {
-       ipc_port_t port;
+       ipc_port_t port = pset->pset_name_self;
 
-       pset_lock(pset);
-       if (pset->active)
-               port = ipc_port_make_send(pset->pset_name_self);
-       else
-               port = IP_NULL;
-       pset_unlock(pset);
+       if (port != IP_NULL)
+               port = ipc_port_make_send(port);
 
-       pset_deallocate(pset);
        return port;
 }
 
@@ -636,27 +546,30 @@ convert_port_to_host_security(
  */
 kern_return_t
 host_set_exception_ports(
-       host_priv_t                             host_priv,
+       host_priv_t                     host_priv,
        exception_mask_t                exception_mask,
        ipc_port_t                      new_port,
        exception_behavior_t            new_behavior,
        thread_state_flavor_t           new_flavor)
 {
-       register int    i;
+       int     i;
        ipc_port_t      old_port[EXC_TYPES_COUNT];
 
+#if CONFIG_MACF
+       struct label *deferred_labels[EXC_TYPES_COUNT];
+       struct label *new_label;
+#endif 
+
        if (host_priv == HOST_PRIV_NULL) {
                return KERN_INVALID_ARGUMENT;
        }
 
-       assert(host_priv == &realhost);
-
-       if (exception_mask & ~EXC_MASK_ALL) {
+       if (exception_mask & ~EXC_MASK_VALID) {
                return KERN_INVALID_ARGUMENT;
        }
 
        if (IP_VALID(new_port)) {
-               switch (new_behavior) {
+               switch (new_behavior & ~MACH_EXCEPTION_CODES) {
                case EXCEPTION_DEFAULT:
                case EXCEPTION_STATE:
                case EXCEPTION_STATE_IDENTITY:
@@ -665,30 +578,78 @@ host_set_exception_ports(
                        return KERN_INVALID_ARGUMENT;
                }
        }
-       /* Cannot easily check "new_flavor", but that just means that
-        * the flavor in the generated exception message might be garbage:
-        * GIGO
+
+       /*
+        * Check the validity of the thread_state_flavor by calling the
+        * VALID_THREAD_STATE_FLAVOR architecture dependent macro defined in
+        * osfmk/mach/ARCHITECTURE/thread_status.h
         */
+       if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor))
+               return (KERN_INVALID_ARGUMENT);
+
+#if CONFIG_MACF
+       if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0)
+               return KERN_NO_ACCESS;
+
+       new_label = mac_exc_create_label_for_current_proc();
+
+       for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
+               if (host_priv->exc_actions[i].label == NULL) {
+                       deferred_labels[i] = mac_exc_create_label();
+               } else {
+                       deferred_labels[i] = NULL;
+               }
+       }
+#endif
+
+       assert(host_priv == &realhost);
+
        host_lock(host_priv);
 
        for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
-               if (exception_mask & (1 << i)) {
+#if CONFIG_MACF
+               if (host_priv->exc_actions[i].label == NULL) {
+                       // Lazy initialization (see ipc_port_init).
+                       mac_exc_associate_action_label(&host_priv->exc_actions[i], deferred_labels[i]);
+                       deferred_labels[i] = NULL; // Label is used, do not free.
+               }
+#endif
+
+               if ((exception_mask & (1 << i))
+#if CONFIG_MACF
+                       && mac_exc_update_action_label(&host_priv->exc_actions[i], new_label) == 0
+#endif
+                       ) {
                        old_port[i] = host_priv->exc_actions[i].port;
+
                        host_priv->exc_actions[i].port =
                                ipc_port_copy_send(new_port);
                        host_priv->exc_actions[i].behavior = new_behavior;
                        host_priv->exc_actions[i].flavor = new_flavor;
-               } else
+               } else {
                        old_port[i] = IP_NULL;
+               }
        }/* for */
 
        /*
         * Consume send rights without any lock held.
         */
        host_unlock(host_priv);
-       for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++)
+
+#if CONFIG_MACF
+       mac_exc_free_label(new_label);
+#endif
+       
+       for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
                if (IP_VALID(old_port[i]))
                        ipc_port_release_send(old_port[i]);
+#if CONFIG_MACF
+               if (deferred_labels[i] != NULL) {
+                       /* Deferred label went unused: Another thread has completed the lazy initialization. */
+                       mac_exc_free_label(deferred_labels[i]);
+               }
+#endif
+       }
        if (IP_VALID(new_port))          /* consume send right */
                ipc_port_release_send(new_port);
 
@@ -723,14 +684,12 @@ host_get_exception_ports(
        exception_behavior_array_t      behaviors,
        thread_state_flavor_array_t     flavors         )
 {
-       register int    i,
-                       j,
-                       count;
+       unsigned int    i, j, count;
 
        if (host_priv == HOST_PRIV_NULL)
                return KERN_INVALID_ARGUMENT;
 
-       if (exception_mask & ~EXC_MASK_ALL) {
+       if (exception_mask & ~EXC_MASK_VALID) {
                return KERN_INVALID_ARGUMENT;
        }
 
@@ -776,7 +735,7 @@ host_get_exception_ports(
 
 kern_return_t
 host_swap_exception_ports(
-       host_priv_t                             host_priv,
+       host_priv_t                     host_priv,
        exception_mask_t                exception_mask,
        ipc_port_t                      new_port,
        exception_behavior_t            new_behavior,
@@ -787,15 +746,20 @@ host_swap_exception_ports(
        exception_behavior_array_t      behaviors,
        thread_state_flavor_array_t     flavors         )
 {
-       register int    i,
+       unsigned int    i,
                        j,
                        count;
        ipc_port_t      old_port[EXC_TYPES_COUNT];
 
+#if CONFIG_MACF
+       struct label *deferred_labels[EXC_TYPES_COUNT];
+       struct label *new_label;
+#endif 
+
        if (host_priv == HOST_PRIV_NULL)
                return KERN_INVALID_ARGUMENT;
 
-       if (exception_mask & ~EXC_MASK_ALL) {
+       if (exception_mask & ~EXC_MASK_VALID) {
                return KERN_INVALID_ARGUMENT;
        }
 
@@ -809,16 +773,42 @@ host_swap_exception_ports(
                        return KERN_INVALID_ARGUMENT;
                }
        }
-       /* Cannot easily check "new_flavor", but that just means that
-        * the flavor in the generated exception message might be garbage:
-        * GIGO */
 
-       host_lock(host_priv);
+       if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor))
+               return (KERN_INVALID_ARGUMENT);
 
-       count = 0;
+#if CONFIG_MACF
+       if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0)
+               return KERN_NO_ACCESS;
 
+       new_label = mac_exc_create_label_for_current_proc();
+       
        for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
-               if (exception_mask & (1 << i)) {
+               if (host_priv->exc_actions[i].label == NULL) {
+                       deferred_labels[i] = mac_exc_create_label();
+               } else {
+                       deferred_labels[i] = NULL;
+               }
+       }
+#endif /* CONFIG_MACF */
+
+       host_lock(host_priv);
+
+       assert(EXC_TYPES_COUNT > FIRST_EXCEPTION);
+       for (count=0, i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT && count < *CountCnt; i++) {
+#if CONFIG_MACF
+               if (host_priv->exc_actions[i].label == NULL) {
+                       // Lazy initialization (see ipc_port_init).
+                       mac_exc_associate_action_label(&host_priv->exc_actions[i], deferred_labels[i]);
+                       deferred_labels[i] = NULL; // Label is used, do not free.
+               }
+#endif
+
+               if ((exception_mask & (1 << i))
+#if CONFIG_MACF
+                       && mac_exc_update_action_label(&host_priv->exc_actions[i], new_label) == 0
+#endif
+                       ) {
                        for (j = 0; j < count; j++) {
 /*
  *                             search for an identical entry, if found
@@ -845,20 +835,29 @@ host_swap_exception_ports(
                                ipc_port_copy_send(new_port);
                        host_priv->exc_actions[i].behavior = new_behavior;
                        host_priv->exc_actions[i].flavor = new_flavor;
-                       if (count > *CountCnt) {
-                               break;
-                       }
-               } else
+               } else {
                        old_port[i] = IP_NULL;
+               }
        }/* for */
        host_unlock(host_priv);
 
+#if CONFIG_MACF
+       mac_exc_free_label(new_label);
+#endif
+       
        /*
         * Consume send rights without any lock held.
         */
-       for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++)
+       while (--i >= FIRST_EXCEPTION) {
                if (IP_VALID(old_port[i]))
                        ipc_port_release_send(old_port[i]);
+#if CONFIG_MACF
+               if (deferred_labels[i] != NULL) {
+                       mac_exc_free_label(deferred_labels[i]); // Label unused.
+               }
+#endif
+       }
+
        if (IP_VALID(new_port))          /* consume send right */
                ipc_port_release_send(new_port);
        *CountCnt = count;