X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/1c79356b52d46aa6b508fb032f5ae709b1f2897b..refs/heads/master:/osfmk/mach/port.h diff --git a/osfmk/mach/port.h b/osfmk/mach/port.h index 42c182000..9472cecea 100644 --- a/osfmk/mach/port.h +++ b/osfmk/mach/port.h @@ -1,159 +1,242 @@ /* - * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. + * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ - * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * @OSF_COPYRIGHT@ */ -/* +/* * Mach Operating System * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University * All Rights Reserved. - * + * * Permission to use, copy, modify and distribute this software and its * documentation is hereby granted, provided that both the copyright * notice and this permission notice appear in all copies of the * software, derivative works or modified versions, and any portions * thereof, and that both notices appear in supporting documentation. - * + * * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. - * + * * Carnegie Mellon requests users of this software to return to - * + * * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU * School of Computer Science * Carnegie Mellon University * Pittsburgh PA 15213-3890 - * + * * any improvements or extensions that they make and grant Carnegie Mellon * the rights to redistribute these changes. */ +/* + * NOTICE: This file was modified by McAfee Research in 2004 to introduce + * support for mandatory and extensible security protections. This notice + * is included in support of clause 2.2 (b) of the Apple Public License, + * Version 2.0. + */ /* */ /* * File: mach/port.h * - * Definition of a port + * Definition of a Mach port + * + * Mach ports are the endpoints to Mach-implemented communications + * channels (usually uni-directional message queues, but other types + * also exist). + * + * Unique collections of these endpoints are maintained for each + * Mach task. Each Mach port in the task's collection is given a + * [task-local] name to identify it - and the the various "rights" + * held by the task for that specific endpoint. + * + * This header defines the types used to identify these Mach ports + * and the various rights associated with them. For more info see: + * + * - manipulation of port rights in a given space + * - message queue [and port right passing] mechanism * - * [The basic port_t type should probably be machine-dependent, - * as it must be represented by a 32-bit integer.] */ -#ifndef _MACH_PORT_H_ +#ifndef _MACH_PORT_H_ #define _MACH_PORT_H_ +#include +#include #include #include /* - * A port_name_t is a 32 bit value which represents a name of a - * port right within some ipc space. This is a constant definition - * everywhere. + * mach_port_name_t - the local identity for a Mach port + * + * The name is Mach port namespace specific. It is used to + * identify the rights held for that port by the task whose + * namespace is implied [or specifically provided]. + * + * Use of this type usually implies just a name - no rights. + * See mach_port_t for a type that implies a "named right." + * + */ + +typedef natural_t mach_port_name_t; +typedef mach_port_name_t *mach_port_name_array_t; + +#ifdef KERNEL + +/* + * mach_port_t - a named port right + * + * In the kernel, "rights" are represented [named] by pointers to + * the ipc port object in question. There is no port namespace for the + * rights to be collected. * - * The type port_t represents a reference added or deleted to a - * port right. + * Actually, there is namespace for the kernel task. But most kernel + * code - including, but not limited to, Mach IPC code - lives in the + * limbo between the current user-level task and the "next" task. Very + * little of the kernel code runs in full kernel task context. So very + * little of it gets to use the kernel task's port name space. * - * At user space, this is represented by returning the name of - * the right(s) that got altered within the user's ipc space. - * So a port_t is the same type as a port_name_t there. + * Because of this implementation approach, all in-kernel rights for + * a given port coalesce [have the same name/pointer]. The actual + * references are counted in the port itself. It is up to the kernel + * code in question to "just remember" how many [and what type of] + * rights it holds and handle them appropriately. * - * Since there is no right space for the kernel proper (all rights - * are naked rights) these rights are represented by passing a - * pointer to the specific ipc_object_t subclass (typically - * ipc_port_t) that got altered/is to be altered. */ -typedef natural_t port_name_t; -typedef port_name_t *port_name_array_t; -#ifdef KERNEL_PRIVATE +#ifndef MACH_KERNEL_PRIVATE +/* + * For kernel code that resides outside of Mach proper, we opaque the + * port structure definition. + */ +struct ipc_port; + +#endif /* MACH_KERNEL_PRIVATE */ + +typedef struct ipc_port *ipc_port_t; -#include -typedef ipc_port_t port_t; +#define IPC_PORT_NULL ((ipc_port_t) NULL) +#define IPC_PORT_DEAD ((ipc_port_t)~0UL) +#define IPC_PORT_VALID(port) ipc_port_valid(port) -#else /* ! KERNEL_PRIVATE */ +static inline boolean_t +ipc_port_valid(ipc_port_t port) +{ + return port != IPC_PORT_DEAD && port; +} -typedef port_name_t port_t; +typedef ipc_port_t mach_port_t; -#endif /* KERNEL_PRIVATE */ +/* + * Since the 32-bit and 64-bit representations of ~0 are different, + * explicitly handle MACH_PORT_DEAD + */ + +#define CAST_MACH_PORT_TO_NAME(x) ((mach_port_name_t)(uintptr_t)(x)) +#define CAST_MACH_NAME_TO_PORT(x) ((x) == MACH_PORT_DEAD ? (mach_port_t)IPC_PORT_DEAD : (mach_port_t)(uintptr_t)(x)) + +#else /* KERNEL */ /* - * PORT_NULL is a legal value that can be carried in messages. + * mach_port_t - a named port right + * + * In user-space, "rights" are represented by the name of the + * right in the Mach port namespace. Even so, this type is + * presented as a unique one to more clearly denote the presence + * of a right coming along with the name. + * + * Often, various rights for a port held in a single name space + * will coalesce and are, therefore, be identified by a single name + * [this is the case for send and receive rights]. But not + * always [send-once rights currently get a unique name for + * each right]. + * + */ + +#include +#include + +#endif /* KERNEL */ + +typedef mach_port_t *mach_port_array_t; + +/* + * MACH_PORT_NULL is a legal value that can be carried in messages. * It indicates the absence of any port or port rights. (A port * argument keeps the message from being "simple", even if the - * value is PORT_NULL.) The value PORT_DEAD is also a legal + * value is MACH_PORT_NULL.) The value MACH_PORT_DEAD is also a legal * value that can be carried in messages. It indicates * that a port right was present, but it died. */ -#define PORT_NULL ((port_t) 0) -#define PORT_DEAD ((port_t) ~0) -#define PORT_VALID(name) \ - (((port_t)(name) != PORT_NULL) && \ - ((port_t)(name) != PORT_DEAD)) -/* - * Mach 3.0 renamed everything to have mach_ in front of it. - * Do that mapping here, so we have the types and macros in - * both formats. - */ -typedef port_t mach_port_t; -typedef port_t *mach_port_array_t; -typedef port_name_t mach_port_name_t; -typedef mach_port_name_t *mach_port_name_array_t; +#if defined(XNU_KERNEL_PRIVATE) && defined(__cplusplus) +#define MACH_PORT_NULL NULL +#else +#define MACH_PORT_NULL 0 /* intentional loose typing */ +#endif +#define MACH_PORT_DEAD ((mach_port_name_t) ~0) +#define MACH_PORT_VALID(name) \ + (((name) != MACH_PORT_NULL) && \ + ((name) != MACH_PORT_DEAD)) -#define MACH_PORT_NULL 0 /* intentional loose typing */ -#define MACH_PORT_DEAD ((mach_port_name_t) ~0) -#define MACH_PORT_VALID(name) \ - (((name) != MACH_PORT_NULL) && \ - ((name) != MACH_PORT_DEAD)) /* - * mach_port_name_t must be an unsigned type. Port values - * have two parts, a generation number and an index. - * These macros encapsulate all knowledge of how - * a mach_port_name_t is laid out. They are made visible - * to user tasks so that packages to map from a mach_port_name_t - * to associated user data can discount the generation - * nuber (if desired) in doing the mapping. + * For kernel-selected [assigned] port names, the name is + * comprised of two parts: a generation number and an index. + * This approach keeps the exact same name from being generated + * and reused too quickly [to catch right/reference counting bugs]. + * The dividing line between the constituent parts is exposed so + * that efficient "mach_port_name_t to data structure pointer" + * conversion implementation can be made. But it is possible + * for user-level code to assign their own names to Mach ports. + * These are not required to participate in this algorithm. So + * care should be taken before "assuming" this model. * - * Within the kernel, ipc/ipc_entry.c implicitly assumes - * when it uses the splay tree functions that the generation - * number is in the low bits, so that names are ordered first - * by index and then by generation. If the size of generation - * numbers changes, be sure to update IE_BITS_GEN_MASK and - * friends in ipc/ipc_entry.h. */ + #ifndef NO_PORT_GEN -#define MACH_PORT_INDEX(name) ((name) >> 8) -#define MACH_PORT_GEN(name) (((name) & 0xff) << 24) -#define MACH_PORT_MAKE(index, gen) \ - (((index) << 8) | (gen) >> 24) -#else -#define MACH_PORT_INDEX(name) (name) -#define MACH_PORT_GEN(name) (0) -#define MACH_PORT_MAKE(index, gen) (index) -#endif /* !NO_PORT_GEN */ + +#define MACH_PORT_INDEX(name) ((name) >> 8) +#define MACH_PORT_GEN(name) (((name) & 0xff) << 24) +#define MACH_PORT_MAKE(index, gen) \ + (((index) << 8) | (gen) >> 24) + +#else /* NO_PORT_GEN */ + +#define MACH_PORT_INDEX(name) (name) +#define MACH_PORT_GEN(name) (0) +#define MACH_PORT_MAKE(index, gen) (index) + +#endif /* NO_PORT_GEN */ + /* - * These are the different rights a task may have. + * These are the different rights a task may have for a port. * The MACH_PORT_RIGHT_* definitions are used as arguments * to mach_port_allocate, mach_port_get_refs, etc, to specify * a particular right to act upon. The mach_port_names and @@ -164,112 +247,267 @@ typedef mach_port_name_t *mach_port_name_array_t; typedef natural_t mach_port_right_t; -#define MACH_PORT_RIGHT_SEND ((mach_port_right_t) 0) -#define MACH_PORT_RIGHT_RECEIVE ((mach_port_right_t) 1) -#define MACH_PORT_RIGHT_SEND_ONCE ((mach_port_right_t) 2) -#define MACH_PORT_RIGHT_PORT_SET ((mach_port_right_t) 3) -#define MACH_PORT_RIGHT_DEAD_NAME ((mach_port_right_t) 4) -#define MACH_PORT_RIGHT_NUMBER ((mach_port_right_t) 5) +#define MACH_PORT_RIGHT_SEND ((mach_port_right_t) 0) +#define MACH_PORT_RIGHT_RECEIVE ((mach_port_right_t) 1) +#define MACH_PORT_RIGHT_SEND_ONCE ((mach_port_right_t) 2) +#define MACH_PORT_RIGHT_PORT_SET ((mach_port_right_t) 3) +#define MACH_PORT_RIGHT_DEAD_NAME ((mach_port_right_t) 4) +#define MACH_PORT_RIGHT_LABELH ((mach_port_right_t) 5) /* obsolete right */ +#define MACH_PORT_RIGHT_NUMBER ((mach_port_right_t) 6) /* right not implemented */ + +#ifdef MACH_KERNEL_PRIVATE +#define MACH_PORT_RIGHT_VALID_TRANSLATE(right) \ + ((right) >= MACH_PORT_RIGHT_SEND && (right) <= MACH_PORT_RIGHT_DEAD_NAME) +#endif typedef natural_t mach_port_type_t; typedef mach_port_type_t *mach_port_type_array_t; -#define MACH_PORT_TYPE(right) \ - ((mach_port_type_t)(((mach_port_type_t) 1) \ - << ((right) + ((mach_port_right_t) 16)))) -#define MACH_PORT_TYPE_NONE ((mach_port_type_t) 0L) -#define MACH_PORT_TYPE_SEND MACH_PORT_TYPE(MACH_PORT_RIGHT_SEND) -#define MACH_PORT_TYPE_RECEIVE MACH_PORT_TYPE(MACH_PORT_RIGHT_RECEIVE) +#define MACH_PORT_TYPE(right) \ + ((mach_port_type_t)(((mach_port_type_t) 1) \ + << ((right) + ((mach_port_right_t) 16)))) +#define MACH_PORT_TYPE_NONE ((mach_port_type_t) 0L) +#define MACH_PORT_TYPE_SEND MACH_PORT_TYPE(MACH_PORT_RIGHT_SEND) +#define MACH_PORT_TYPE_RECEIVE MACH_PORT_TYPE(MACH_PORT_RIGHT_RECEIVE) #define MACH_PORT_TYPE_SEND_ONCE MACH_PORT_TYPE(MACH_PORT_RIGHT_SEND_ONCE) -#define MACH_PORT_TYPE_PORT_SET MACH_PORT_TYPE(MACH_PORT_RIGHT_PORT_SET) +#define MACH_PORT_TYPE_PORT_SET MACH_PORT_TYPE(MACH_PORT_RIGHT_PORT_SET) #define MACH_PORT_TYPE_DEAD_NAME MACH_PORT_TYPE(MACH_PORT_RIGHT_DEAD_NAME) +#define MACH_PORT_TYPE_LABELH MACH_PORT_TYPE(MACH_PORT_RIGHT_LABELH) /* obsolete */ + +#ifdef MACH_KERNEL_PRIVATE +/* Holder used to have a receive right - remembered to filter exceptions */ +#define MACH_PORT_TYPE_EX_RECEIVE MACH_PORT_TYPE_LABELH +#endif /* Convenient combinations. */ -#define MACH_PORT_TYPE_SEND_RECEIVE \ - (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_RECEIVE) -#define MACH_PORT_TYPE_SEND_RIGHTS \ - (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_SEND_ONCE) -#define MACH_PORT_TYPE_PORT_RIGHTS \ - (MACH_PORT_TYPE_SEND_RIGHTS|MACH_PORT_TYPE_RECEIVE) -#define MACH_PORT_TYPE_PORT_OR_DEAD \ - (MACH_PORT_TYPE_PORT_RIGHTS|MACH_PORT_TYPE_DEAD_NAME) -#define MACH_PORT_TYPE_ALL_RIGHTS \ - (MACH_PORT_TYPE_PORT_OR_DEAD|MACH_PORT_TYPE_PORT_SET) +#define MACH_PORT_TYPE_SEND_RECEIVE \ + (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_RECEIVE) +#define MACH_PORT_TYPE_SEND_RIGHTS \ + (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_SEND_ONCE) +#define MACH_PORT_TYPE_PORT_RIGHTS \ + (MACH_PORT_TYPE_SEND_RIGHTS|MACH_PORT_TYPE_RECEIVE) +#define MACH_PORT_TYPE_PORT_OR_DEAD \ + (MACH_PORT_TYPE_PORT_RIGHTS|MACH_PORT_TYPE_DEAD_NAME) +#define MACH_PORT_TYPE_ALL_RIGHTS \ + (MACH_PORT_TYPE_PORT_OR_DEAD|MACH_PORT_TYPE_PORT_SET) /* Dummy type bits that mach_port_type/mach_port_names can return. */ -#define MACH_PORT_TYPE_DNREQUEST 0x80000000 +#define MACH_PORT_TYPE_DNREQUEST 0x80000000 +#define MACH_PORT_TYPE_SPREQUEST 0x40000000 +#define MACH_PORT_TYPE_SPREQUEST_DELAYED 0x20000000 /* User-references for capabilities. */ typedef natural_t mach_port_urefs_t; -typedef integer_t mach_port_delta_t; /* change in urefs */ +typedef integer_t mach_port_delta_t; /* change in urefs */ /* Attributes of ports. (See mach_port_get_receive_status.) */ -typedef natural_t mach_port_seqno_t; /* sequence number */ -typedef natural_t mach_port_mscount_t; /* make-send count */ -typedef natural_t mach_port_msgcount_t; /* number of msgs */ -typedef natural_t mach_port_rights_t; /* number of rights */ +typedef natural_t mach_port_seqno_t; /* sequence number */ +typedef natural_t mach_port_mscount_t; /* make-send count */ +typedef natural_t mach_port_msgcount_t; /* number of msgs */ +typedef natural_t mach_port_rights_t; /* number of rights */ /* - * A port may have NMS detection enabled, in which case - * it tracks outstanding send rights. Otherwise, there - * is no information available about outstanding srights. - * The return values are deliberately chosen to match - * the old boolean (0=FALSE=no srights, 1=TRUE=srights, - * 2=xxx=no information available). + * Are there outstanding send rights for a given port? */ -#define MACH_PORT_SRIGHTS_NONE 0 /* NMS: no srights */ -#define MACH_PORT_SRIGHTS_PRESENT 1 /* NMS: srights */ -#define MACH_PORT_SRIGHTS_NO_INFO 2 /* no NMS */ -typedef unsigned int mach_port_srights_t; /* status of send rights */ +#define MACH_PORT_SRIGHTS_NONE 0 /* no srights */ +#define MACH_PORT_SRIGHTS_PRESENT 1 /* srights */ +typedef unsigned int mach_port_srights_t; /* status of send rights */ typedef struct mach_port_status { - mach_port_name_t mps_pset; /* containing port set */ - mach_port_seqno_t mps_seqno; /* sequence number */ - mach_port_mscount_t mps_mscount; /* make-send count */ - mach_port_msgcount_t mps_qlimit; /* queue limit */ - mach_port_msgcount_t mps_msgcount; /* number in the queue */ - mach_port_rights_t mps_sorights; /* how many send-once rights */ - boolean_t mps_srights; /* do send rights exist? */ - boolean_t mps_pdrequest; /* port-deleted requested? */ - boolean_t mps_nsrequest; /* no-senders requested? */ - unsigned int mps_flags; /* port flags */ + mach_port_rights_t mps_pset; /* count of containing port sets */ + mach_port_seqno_t mps_seqno; /* sequence number */ + mach_port_mscount_t mps_mscount; /* make-send count */ + mach_port_msgcount_t mps_qlimit; /* queue limit */ + mach_port_msgcount_t mps_msgcount; /* number in the queue */ + mach_port_rights_t mps_sorights; /* how many send-once rights */ + boolean_t mps_srights; /* do send rights exist? */ + boolean_t mps_pdrequest; /* port-deleted requested? */ + boolean_t mps_nsrequest; /* no-senders requested? */ + natural_t mps_flags; /* port flags */ } mach_port_status_t; -#define MACH_PORT_QLIMIT_DEFAULT ((mach_port_msgcount_t) 5) -#define MACH_PORT_QLIMIT_MAX ((mach_port_msgcount_t) 16) +/* System-wide values for setting queue limits on a port */ +#define MACH_PORT_QLIMIT_ZERO (0) +#define MACH_PORT_QLIMIT_BASIC (5) +#define MACH_PORT_QLIMIT_SMALL (16) +#define MACH_PORT_QLIMIT_LARGE (1024) +#define MACH_PORT_QLIMIT_KERNEL (65534) +#define MACH_PORT_QLIMIT_MIN MACH_PORT_QLIMIT_ZERO +#define MACH_PORT_QLIMIT_DEFAULT MACH_PORT_QLIMIT_BASIC +#define MACH_PORT_QLIMIT_MAX MACH_PORT_QLIMIT_LARGE typedef struct mach_port_limits { - mach_port_msgcount_t mpl_qlimit; /* number of msgs */ + mach_port_msgcount_t mpl_qlimit; /* number of msgs */ } mach_port_limits_t; -typedef integer_t *mach_port_info_t; /* varying array of natural_t */ +/* Possible values for mps_flags (part of mach_port_status_t) */ +#define MACH_PORT_STATUS_FLAG_TEMPOWNER 0x01 +#define MACH_PORT_STATUS_FLAG_GUARDED 0x02 +#define MACH_PORT_STATUS_FLAG_STRICT_GUARD 0x04 +#define MACH_PORT_STATUS_FLAG_IMP_DONATION 0x08 +#define MACH_PORT_STATUS_FLAG_REVIVE 0x10 +#define MACH_PORT_STATUS_FLAG_TASKPTR 0x20 +#define MACH_PORT_STATUS_FLAG_GUARD_IMMOVABLE_RECEIVE 0x40 +#define MACH_PORT_STATUS_FLAG_NO_GRANT 0x80 + +typedef struct mach_port_info_ext { + mach_port_status_t mpie_status; + mach_port_msgcount_t mpie_boost_cnt; + uint32_t reserved[6]; +} mach_port_info_ext_t; + +typedef integer_t *mach_port_info_t; /* varying array of natural_t */ /* Flavors for mach_port_get/set_attributes() */ -typedef int mach_port_flavor_t; -#define MACH_PORT_LIMITS_INFO 1 /* uses mach_port_status_t */ -#define MACH_PORT_RECEIVE_STATUS 2 /* uses mach_port_limits_t */ -#define MACH_PORT_DNREQUESTS_SIZE 3 /* info is int */ - -#define MACH_PORT_LIMITS_INFO_COUNT \ - (sizeof(mach_port_limits_t)/sizeof(natural_t)) -#define MACH_PORT_RECEIVE_STATUS_COUNT \ - (sizeof(mach_port_status_t)/sizeof(natural_t)) +typedef int mach_port_flavor_t; +#define MACH_PORT_LIMITS_INFO 1 /* uses mach_port_limits_t */ +#define MACH_PORT_RECEIVE_STATUS 2 /* uses mach_port_status_t */ +#define MACH_PORT_DNREQUESTS_SIZE 3 /* info is int */ +#define MACH_PORT_TEMPOWNER 4 /* indicates receive right will be reassigned to another task */ +#define MACH_PORT_IMPORTANCE_RECEIVER 5 /* indicates recieve right accepts priority donation */ +#define MACH_PORT_DENAP_RECEIVER 6 /* indicates receive right accepts de-nap donation */ +#define MACH_PORT_INFO_EXT 7 /* uses mach_port_info_ext_t */ + +#define MACH_PORT_LIMITS_INFO_COUNT ((natural_t) \ + (sizeof(mach_port_limits_t)/sizeof(natural_t))) +#define MACH_PORT_RECEIVE_STATUS_COUNT ((natural_t) \ + (sizeof(mach_port_status_t)/sizeof(natural_t))) #define MACH_PORT_DNREQUESTS_SIZE_COUNT 1 - +#define MACH_PORT_INFO_EXT_COUNT ((natural_t) \ + (sizeof(mach_port_info_ext_t)/sizeof(natural_t))) /* * Structure used to pass information about port allocation requests. * Must be padded to 64-bits total length. */ - typedef struct mach_port_qos { - boolean_t name:1; /* name given */ - boolean_t prealloc:1; /* prealloced message */ - boolean_t pad1:30; - natural_t len; + unsigned int name:1; /* name given */ + unsigned int prealloc:1; /* prealloced message */ + boolean_t pad1:30; + natural_t len; } mach_port_qos_t; -#endif /* _MACH_PORT_H_ */ +/* Mach Port Guarding definitions */ + +/* + * Flags for mach_port_options (used for + * invocation of mach_port_construct). + * Indicates attributes to be set for the newly + * allocated port. + */ +#define MPO_CONTEXT_AS_GUARD 0x01 /* Add guard to the port */ +#define MPO_QLIMIT 0x02 /* Set qlimit for the port msg queue */ +#define MPO_TEMPOWNER 0x04 /* Set the tempowner bit of the port */ +#define MPO_IMPORTANCE_RECEIVER 0x08 /* Mark the port as importance receiver */ +#define MPO_INSERT_SEND_RIGHT 0x10 /* Insert a send right for the port */ +#define MPO_STRICT 0x20 /* Apply strict guarding for port */ +#define MPO_DENAP_RECEIVER 0x40 /* Mark the port as App de-nap receiver */ +#define MPO_IMMOVABLE_RECEIVE 0x80 /* Mark the port as immovable; protected by the guard context */ +#define MPO_FILTER_MSG 0x100 /* Allow message filtering */ +#define MPO_TG_BLOCK_TRACKING 0x200 /* Track blocking relationship for thread group during sync IPC */ + +/* + * Structure to define optional attributes for a newly + * constructed port. + */ +typedef struct mach_port_options { + uint32_t flags; /* Flags defining attributes for port */ + mach_port_limits_t mpl; /* Message queue limit for port */ + union { + uint64_t reserved[2]; /* Reserved */ + mach_port_name_t work_interval_port; /* Work interval port */ + }; +}mach_port_options_t; + +typedef mach_port_options_t *mach_port_options_ptr_t; + +/* + * EXC_GUARD represents a guard violation for both + * mach ports and file descriptors. GUARD_TYPE_ is used + * to differentiate among them. + */ +#define GUARD_TYPE_MACH_PORT 0x1 + +/* Reasons for exception for a guarded mach port */ +enum mach_port_guard_exception_codes { + kGUARD_EXC_DESTROY = 1u << 0, + kGUARD_EXC_MOD_REFS = 1u << 1, + kGUARD_EXC_SET_CONTEXT = 1u << 2, + kGUARD_EXC_UNGUARDED = 1u << 3, + kGUARD_EXC_INCORRECT_GUARD = 1u << 4, + kGUARD_EXC_IMMOVABLE = 1u << 5, + kGUARD_EXC_STRICT_REPLY = 1u << 6, + kGUARD_EXC_MSG_FILTERED = 1u << 7, + /* start of [optionally] non-fatal guards */ + kGUARD_EXC_INVALID_RIGHT = 1u << 8, + kGUARD_EXC_INVALID_NAME = 1u << 9, + kGUARD_EXC_INVALID_VALUE = 1u << 10, + kGUARD_EXC_INVALID_ARGUMENT = 1u << 11, + kGUARD_EXC_RIGHT_EXISTS = 1u << 12, + kGUARD_EXC_KERN_NO_SPACE = 1u << 13, + kGUARD_EXC_KERN_FAILURE = 1u << 14, + kGUARD_EXC_KERN_RESOURCE = 1u << 15, + kGUARD_EXC_SEND_INVALID_REPLY = 1u << 16, + kGUARD_EXC_SEND_INVALID_VOUCHER = 1u << 17, + kGUARD_EXC_SEND_INVALID_RIGHT = 1u << 18, + kGUARD_EXC_RCV_INVALID_NAME = 1u << 19, + kGUARD_EXC_RCV_GUARDED_DESC = 1u << 20, /* should never be fatal; for development only */ + kGUARD_EXC_MOD_REFS_NON_FATAL = 1u << 21, + kGUARD_EXC_IMMOVABLE_NON_FATAL = 1u << 22, +}; + +#define MAX_FATAL_kGUARD_EXC_CODE (1u << 7) + +/* + * Mach port guard flags. + */ +#define MPG_FLAGS_NONE (0x00ull) + +/* + * These flags are used as bits in the subcode of kGUARD_EXC_STRICT_REPLY exceptions. + */ +#define MPG_FLAGS_STRICT_REPLY_INVALID_REPLY_DISP (0x01ull << 56) +#define MPG_FLAGS_STRICT_REPLY_INVALID_REPLY_PORT (0x02ull << 56) +#define MPG_FLAGS_STRICT_REPLY_INVALID_VOUCHER (0x04ull << 56) +#define MPG_FLAGS_STRICT_REPLY_NO_BANK_ATTR (0x08ull << 56) +#define MPG_FLAGS_STRICT_REPLY_MISMATCHED_PERSONA (0x10ull << 56) +#define MPG_FLAGS_STRICT_REPLY_MASK (0xffull << 56) + +/* + * These flags are used as bits in the subcode of kGUARD_EXC_MOD_REFS exceptions. + */ +#define MPG_FLAGS_MOD_REFS_PINNED_DEALLOC (0x01ull << 56) + +/* + * These flags are used as bits in the subcode of kGUARD_EXC_IMMOVABLE exceptions. + */ +#define MPG_FLAGS_IMMOVABLE_PINNED (0x01ull << 56) + +/* + * Flags for mach_port_guard_with_flags. These flags extend + * the attributes associated with a guarded port. + */ +#define MPG_STRICT 0x01 /* Apply strict guarding for a port */ +#define MPG_IMMOVABLE_RECEIVE 0x02 /* Receive right cannot be moved out of the space */ + +#if !__DARWIN_UNIX03 && !defined(_NO_PORT_T_FROM_MACH) +/* + * Mach 3.0 renamed everything to have mach_ in front of it. + * These types and macros are provided for backward compatibility + * but are deprecated. + */ +typedef mach_port_t port_t; +typedef mach_port_name_t port_name_t; +typedef mach_port_name_t *port_name_array_t; + +#define PORT_NULL ((port_t) 0) +#define PORT_DEAD ((port_t) ~0) +#define PORT_VALID(name) \ + ((port_t)(name) != PORT_NULL && (port_t)(name) != PORT_DEAD) + +#endif /* !__DARWIN_UNIX03 && !_NO_PORT_T_FROM_MACH */ + +#endif /* _MACH_PORT_H_ */