X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/490019cf9519204c5fb36b2fba54ceb983bb6b72..d9a64523371fa019c4575bb400cbbc3a50ac9903:/iokit/Kernel/IOMemoryDescriptor.cpp diff --git a/iokit/Kernel/IOMemoryDescriptor.cpp b/iokit/Kernel/IOMemoryDescriptor.cpp index 0cff9ef1d..3c1c4674b 100644 --- a/iokit/Kernel/IOMemoryDescriptor.cpp +++ b/iokit/Kernel/IOMemoryDescriptor.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Apple Inc. All rights reserved. + * Copyright (c) 1998-2016 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * @@ -42,6 +42,7 @@ #include #include +#include #include "IOKitKernelInternal.h" @@ -50,6 +51,7 @@ #include #include #include +#include #include @@ -67,10 +69,6 @@ __BEGIN_DECLS extern ppnum_t pmap_find_phys(pmap_t pmap, addr64_t va); extern void ipc_port_release_send(ipc_port_t port); -// osfmk/device/iokit_rpc.c -unsigned int IODefaultCacheBits(addr64_t pa); -unsigned int IOTranslateCacheBits(struct phys_entry *pp); - __END_DECLS #define kIOMapperWaitSystem ((IOMapper *) 1) @@ -103,8 +101,6 @@ static IORecursiveLock * gIOMemoryLock; #define DEBG(fmt, args...) {} #endif -#define IOMD_DEBUG_DMAACTIVE 1 - /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ // Some data structures and accessor macros used by the initWithOptions @@ -130,26 +126,34 @@ struct ioPLBlock { unsigned int fFlags; // Flags }; -struct ioGMDData { +enum { kMaxWireTags = 6 }; + +struct ioGMDData +{ IOMapper * fMapper; - uint8_t fDMAMapNumAddressBits; uint64_t fDMAMapAlignment; uint64_t fMappedBase; uint64_t fMappedLength; uint64_t fPreparationID; #if IOTRACKING IOTracking fWireTracking; -#endif - unsigned int fPageCnt; - unsigned char fDiscontig:1; - unsigned char fCompletionError:1; - unsigned char _resv:6; +#endif /* IOTRACKING */ + unsigned int fPageCnt; + uint8_t fDMAMapNumAddressBits; + unsigned char fDiscontig:1; + unsigned char fCompletionError:1; + unsigned char fMappedBaseValid:1; + unsigned char _resv:3; + unsigned char fDMAAccess:2; + + /* variable length arrays */ + upl_page_info_t fPageList[1] #if __LP64__ - // align arrays to 8 bytes so following macros work - unsigned char fPad[3]; + // align fPageList as for ioPLBlock + __attribute__((aligned(sizeof(upl_t)))) #endif - upl_page_info_t fPageList[1]; /* variable length */ - ioPLBlock fBlocks[1]; /* variable length */ + ; + ioPLBlock fBlocks[1]; }; #define getDataP(osd) ((ioGMDData *) (osd)->getBytesNoCopy()) @@ -160,6 +164,8 @@ struct ioGMDData { #define computeDataSize(p, u) \ (offsetof(ioGMDData, fPageList) + p * sizeof(upl_page_info_t) + u * sizeof(ioPLBlock)) +enum { kIOMemoryHostOrRemote = kIOMemoryHostOnly | kIOMemoryRemote }; + /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ #define next_page(a) ( trunc_page(a) + PAGE_SIZE ) @@ -258,12 +264,20 @@ purgeableControlBits(IOOptionBits newState, vm_purgable_t * control, int * state *state = VM_PURGABLE_VOLATILE | (newState & ~kIOMemoryPurgeableControlMask); break; case kIOMemoryPurgeableEmpty: - *state = VM_PURGABLE_EMPTY; + *state = VM_PURGABLE_EMPTY | (newState & ~kIOMemoryPurgeableControlMask); break; default: err = kIOReturnBadArgument; break; } + + if (*control == VM_PURGABLE_SET_STATE) { + // let VM know this call is from the kernel and is allowed to alter + // the volatility of the memory entry even if it was created with + // MAP_MEM_PURGABLE_KERNEL_ONLY + *control = VM_PURGABLE_SET_STATE_FROM_KERNEL; + } + return (err); } @@ -318,6 +332,10 @@ vmProtForCacheMode(IOOptionBits cacheMode) SET_MAP_MEM(MAP_MEM_INNERWBACK, prot); break; + case kIOPostedWrite: + SET_MAP_MEM(MAP_MEM_POSTED, prot); + break; + case kIODefaultCache: default: SET_MAP_MEM(MAP_MEM_NOOP, prot); @@ -353,6 +371,10 @@ pagerFlagsForCacheMode(IOOptionBits cacheMode) pagerFlags = DEVICE_PAGER_COHERENT; break; + case kIOPostedWrite: + pagerFlags = DEVICE_PAGER_CACHE_INHIB | DEVICE_PAGER_COHERENT | DEVICE_PAGER_GUARDED | DEVICE_PAGER_EARLY_ACK; + break; + case kIODefaultCache: default: pagerFlags = -1U; @@ -373,17 +395,19 @@ struct IOMemoryEntry struct IOMemoryReference { - volatile SInt32 refCount; - vm_prot_t prot; - uint32_t capacity; - uint32_t count; - IOMemoryEntry entries[0]; + volatile SInt32 refCount; + vm_prot_t prot; + uint32_t capacity; + uint32_t count; + struct IOMemoryReference * mapRef; + IOMemoryEntry entries[0]; }; enum { kIOMemoryReferenceReuse = 0x00000001, kIOMemoryReferenceWrite = 0x00000002, + kIOMemoryReferenceCOW = 0x00000004, }; SInt32 gIOMemoryReferenceCount; @@ -425,6 +449,12 @@ IOGeneralMemoryDescriptor::memoryReferenceFree(IOMemoryReference * ref) IOMemoryEntry * entries; size_t size; + if (ref->mapRef) + { + memoryReferenceFree(ref->mapRef); + ref->mapRef = 0; + } + entries = ref->entries + ref->count; while (entries > &ref->entries[0]) { @@ -476,13 +506,17 @@ IOGeneralMemoryDescriptor::memoryReferenceCreate( ref = memoryReferenceAlloc(kCapacity, NULL); if (!ref) return (kIOReturnNoMemory); - tag = IOMemoryTag(kernel_map); + tag = getVMTag(kernel_map); entries = &ref->entries[0]; count = 0; + err = KERN_SUCCESS; offset = 0; rangeIdx = 0; - if (_task) getAddrLenForInd(nextAddr, nextLen, type, _ranges, rangeIdx); + if (_task) + { + getAddrLenForInd(nextAddr, nextLen, type, _ranges, rangeIdx); + } else { nextAddr = getPhysicalSegment(offset, &physLen, kIOMemoryMapperNone); @@ -495,7 +529,9 @@ IOGeneralMemoryDescriptor::memoryReferenceCreate( pagerFlags = IODefaultCacheBits(nextAddr); if (DEVICE_PAGER_CACHE_INHIB & pagerFlags) { - if (DEVICE_PAGER_GUARDED & pagerFlags) + if (DEVICE_PAGER_EARLY_ACK & pagerFlags) + mode = kIOPostedWrite; + else if (DEVICE_PAGER_GUARDED & pagerFlags) mode = kIOInhibitCache; else mode = kIOWriteCombineCache; @@ -516,6 +552,7 @@ IOGeneralMemoryDescriptor::memoryReferenceCreate( if (kIODefaultCache != cacheMode) prot |= VM_PROT_WRITE; if (kIODirectionOut != (kIODirectionOutIn & _flags)) prot |= VM_PROT_WRITE; if (kIOMemoryReferenceWrite & options) prot |= VM_PROT_WRITE; + if (kIOMemoryReferenceCOW & options) prot |= MAP_MEM_VM_COPY; if ((kIOMemoryReferenceReuse & options) && _memRef) { @@ -531,7 +568,16 @@ IOGeneralMemoryDescriptor::memoryReferenceCreate( { // IOBufferMemoryDescriptor alloc - set flags for entry + object create prot |= MAP_MEM_NAMED_CREATE; - if (kIOMemoryBufferPurgeable & _flags) prot |= MAP_MEM_PURGABLE; + if (kIOMemoryBufferPurgeable & _flags) + { + prot |= (MAP_MEM_PURGABLE | MAP_MEM_PURGABLE_KERNEL_ONLY); + if (VM_KERN_MEMORY_SKYWALK == tag) + { + prot |= MAP_MEM_LEDGER_TAG_NETWORK; + } + } + if (kIOMemoryUseReserve & _flags) prot |= MAP_MEM_GRAB_SECLUDED; + prot |= VM_PROT_WRITE; map = NULL; } @@ -566,7 +612,7 @@ IOGeneralMemoryDescriptor::memoryReferenceCreate( else prot &= ~MAP_MEM_NAMED_REUSE; } - err = mach_make_memory_entry_64(map, + err = mach_make_memory_entry_internal(map, &actualSize, entryAddr, prot, &entry, cloneEntry); if (KERN_SUCCESS != err) break; @@ -638,6 +684,13 @@ IOGeneralMemoryDescriptor::memoryReferenceCreate( ref->count = count; ref->prot = prot; + if (_task && (KERN_SUCCESS == err) + && (kIOMemoryMapCopyOnWrite & _flags) + && !(kIOMemoryReferenceCOW & options)) + { + err = memoryReferenceCreate(options | kIOMemoryReferenceCOW, &ref->mapRef); + } + if (KERN_SUCCESS == err) { if (MAP_MEM_NAMED_REUSE & prot) @@ -671,9 +724,9 @@ IOMemoryDescriptorMapAlloc(vm_map_t map, void * _ref) (vm_map_offset_t) 0, (((ref->options & kIOMapAnywhere) ? VM_FLAGS_ANYWHERE - : VM_FLAGS_FIXED) - | VM_MAKE_TAG(ref->tag) - | VM_FLAGS_IOKIT_ACCT), /* iokit accounting */ + : VM_FLAGS_FIXED)), + VM_MAP_KERNEL_FLAGS_NONE, + ref->tag, IPC_PORT_NULL, (memory_object_offset_t) 0, false, /* copy */ @@ -712,14 +765,19 @@ IOGeneralMemoryDescriptor::memoryReferenceMap( IOOptionBits type; IOOptionBits cacheMode; vm_tag_t tag; + // for the kIOMapPrefault option. + upl_page_info_t * pageList = NULL; + UInt currentPageIndex = 0; + bool didAlloc; - /* - * For the kIOMapPrefault option. - */ - upl_page_info_t *pageList = NULL; - UInt currentPageIndex = 0; + if (ref->mapRef) + { + err = memoryReferenceMap(ref->mapRef, map, inoffset, size, options, inaddr); + return (err); + } type = _flags & kIOMemoryTypeMask; + prot = VM_PROT_READ; if (!(kIOMapReadOnly & options)) prot |= VM_PROT_WRITE; prot &= ref->prot; @@ -731,11 +789,12 @@ IOGeneralMemoryDescriptor::memoryReferenceMap( memEntryCacheMode = (MAP_MEM_ONLY | VM_PROT_WRITE | prot | vmProtForCacheMode(cacheMode)); } - tag = IOMemoryTag(map); + tag = getVMTag(map); if (_task) { // Find first range for offset + if (!_rangesCount) return (kIOReturnBadArgument); for (remain = offset, rangeIdx = 0; rangeIdx < _rangesCount; rangeIdx++) { getAddrLenForInd(nextAddr, nextLen, type, _ranges, rangeIdx); @@ -757,7 +816,9 @@ IOGeneralMemoryDescriptor::memoryReferenceMap( nextAddr += remain; nextLen -= remain; pageOffset = (page_mask & nextAddr); - addr = 0; + addr = 0; + didAlloc = false; + if (!(options & kIOMapAnywhere)) { addr = *inaddr; @@ -801,11 +862,21 @@ IOGeneralMemoryDescriptor::memoryReferenceMap( err = IOMemoryDescriptorMapAlloc(ref.map, &ref); if (KERN_SUCCESS == err) { - addr = ref.mapped; - map = ref.map; + addr = ref.mapped; + map = ref.map; + didAlloc = true; } } + /* + * If the memory is associated with a device pager but doesn't have a UPL, + * it will be immediately faulted in through the pager via populateDevicePager(). + * kIOMapPrefault is redundant in that case, so don't try to use it for UPL + * operations. + */ + if ((reserved != NULL) && (reserved->dp.devicePager) && (_wireCount != 0)) + options &= ~kIOMapPrefault; + /* * Prefaulting is only possible if we wired the memory earlier. Check the * memory type, and the underlying data. @@ -816,11 +887,9 @@ IOGeneralMemoryDescriptor::memoryReferenceMap( * The memory must have been wired by calling ::prepare(), otherwise * we don't have the UPL. Without UPLs, pages cannot be pre-faulted */ - assert(map != kernel_map); assert(_wireCount != 0); assert(_memoryEntries != NULL); - if ((map == kernel_map) || - (_wireCount == 0) || + if ((_wireCount == 0) || (_memoryEntries == NULL)) { return kIOReturnBadArgument; @@ -890,17 +959,23 @@ IOGeneralMemoryDescriptor::memoryReferenceMap( chunk = entry->size - entryOffset; if (chunk) { + vm_map_kernel_flags_t vmk_flags; + + vmk_flags = VM_MAP_KERNEL_FLAGS_NONE; + vmk_flags.vmkf_iokit_acct = TRUE; /* iokit accounting */ + if (chunk > remain) chunk = remain; if (options & kIOMapPrefault) { UInt nb_pages = round_page(chunk) / PAGE_SIZE; + err = vm_map_enter_mem_object_prefault(map, &mapAddr, chunk, 0 /* mask */, - (VM_FLAGS_FIXED - | VM_FLAGS_OVERWRITE - | VM_MAKE_TAG(tag) - | VM_FLAGS_IOKIT_ACCT), /* iokit accounting */ + (VM_FLAGS_FIXED + | VM_FLAGS_OVERWRITE), + vmk_flags, + tag, entry->entry, entryOffset, prot, // cur @@ -918,9 +993,9 @@ IOGeneralMemoryDescriptor::memoryReferenceMap( &mapAddr, chunk, 0 /* mask */, (VM_FLAGS_FIXED - | VM_FLAGS_OVERWRITE - | VM_MAKE_TAG(tag) - | VM_FLAGS_IOKIT_ACCT), /* iokit accounting */ + | VM_FLAGS_OVERWRITE), + vmk_flags, + tag, entry->entry, entryOffset, false, // copy @@ -944,7 +1019,7 @@ IOGeneralMemoryDescriptor::memoryReferenceMap( } } - if ((KERN_SUCCESS != err) && addr && !(kIOMapOverwrite & options)) + if ((KERN_SUCCESS != err) && didAlloc) { (void) mach_vm_deallocate(map, trunc_page_64(addr), size); addr = 0; @@ -966,6 +1041,7 @@ IOGeneralMemoryDescriptor::memoryReferenceGetPageCounts( unsigned int totalResident, totalDirty; totalResident = totalDirty = 0; + err = kIOReturnSuccess; entries = ref->entries + ref->count; while (entries > &ref->entries[0]) { @@ -992,15 +1068,16 @@ IOGeneralMemoryDescriptor::memoryReferenceSetPurgeable( vm_purgable_t control; int totalState, state; - entries = ref->entries + ref->count; totalState = kIOMemoryPurgeableNonVolatile; + err = kIOReturnSuccess; + entries = ref->entries + ref->count; while (entries > &ref->entries[0]) { entries--; err = purgeableControlBits(newState, &control, &state); if (KERN_SUCCESS != err) break; - err = mach_memory_entry_purgable_control(entries->entry, control, &state); + err = memory_entry_purgeable_control_internal(entries->entry, control, &state); if (KERN_SUCCESS != err) break; err = purgeableStateBits(&state); if (KERN_SUCCESS != err) break; @@ -1427,7 +1504,7 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers, } // Grab the appropriate mapper - if (kIOMemoryHostOnly & options) options |= kIOMemoryMapperNone; + if (kIOMemoryHostOrRemote & options) options |= kIOMemoryMapperNone; if (kIOMemoryMapperNone & options) mapper = 0; // No Mapper else if (mapper == kIOMapperSystem) { @@ -1435,12 +1512,6 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers, gIOSystemMapper = mapper = IOMapper::gSystem; } - // Temp binary compatibility for kIOMemoryThreadSafe - if (kIOMemoryReserved6156215 & options) - { - options &= ~kIOMemoryReserved6156215; - options |= kIOMemoryThreadSafe; - } // Remove the dynamic internal use flags from the initial setting options &= ~(kIOMemoryPreparedReadOnly); _flags = options; @@ -1450,6 +1521,7 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers, _direction = (IODirection) (_flags & kIOMemoryDirectionMask); #endif /* !__LP64__ */ + _dmaReferences = 0; __iomd_reservedA = 0; __iomd_reservedB = 0; _highestPage = 0; @@ -1473,7 +1545,20 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers, if (!initMemoryEntries(dataSize, mapper)) return (false); dataP = getDataP(_memoryEntries); dataP->fPageCnt = 0; - + switch (kIOMemoryDirectionMask & options) + { + case kIODirectionOut: + dataP->fDMAAccess = kIODMAMapReadAccess; + break; + case kIODirectionIn: + dataP->fDMAAccess = kIODMAMapWriteAccess; + break; + case kIODirectionNone: + case kIODirectionOutIn: + default: + panic("bad dir for upl 0x%x\n", (int) options); + break; + } // _wireCount++; // UPLs start out life wired _length = count; @@ -1532,7 +1617,9 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers, case kIOMemoryTypeVirtual64: case kIOMemoryTypePhysical64: if (count == 1 +#ifndef __arm__ && (((IOAddressRange *) buffers)->address + ((IOAddressRange *) buffers)->length) <= 0x100000000ULL +#endif ) { if (kIOMemoryTypeVirtual64 == type) type = kIOMemoryTypeVirtual; @@ -1568,6 +1655,7 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers, break; } } + _rangesCount = count; // Find starting address within the vector of ranges Ranges vec = _ranges; @@ -1575,14 +1663,14 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers, unsigned int ind, pages = 0; for (ind = 0; ind < count; ind++) { mach_vm_address_t addr; - mach_vm_size_t len; + mach_vm_address_t endAddr; + mach_vm_size_t len; // addr & len are returned by this function getAddrLenForInd(addr, len, type, vec, ind); - if ((addr + len + PAGE_MASK) < addr) break; /* overflow */ - pages += (atop_64(addr + len + PAGE_MASK) - atop_64(addr)); - totalLength += len; - if (totalLength < len) break; /* overflow */ + if (os_add3_overflow(addr, len, PAGE_MASK, &endAddr)) break; + if (os_add_overflow(pages, (atop_64(endAddr) - atop_64(addr)), &pages)) break; + if (os_add_overflow(totalLength, len, &totalLength)) break; if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type)) { ppnum_t highPage = atop_64(addr + len - 1); @@ -1595,10 +1683,11 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers, _length = totalLength; _pages = pages; - _rangesCount = count; // Auto-prepare memory at creation time. // Implied completion when descriptor is free-ed + + if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type)) _wireCount++; // Physical MDs are, by definition, wired else { /* kIOMemoryTypeVirtual | kIOMemoryTypeVirtual64 | kIOMemoryTypeUIO */ @@ -1612,6 +1701,13 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers, dataP = getDataP(_memoryEntries); dataP->fPageCnt = _pages; + if (((_task != kernel_task) || (kIOMemoryBufferPageable & _flags)) + && (VM_KERN_MEMORY_NONE == _kernelTag)) + { + _kernelTag = IOMemoryTag(kernel_map); + if (_kernelTag == gIOSurfaceTag) _userTag = VM_MEMORY_IOSURFACE; + } + if ( (kIOMemoryPersistent & _flags) && !_memRef) { IOReturn @@ -1646,10 +1742,10 @@ void IOGeneralMemoryDescriptor::free() if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type)) { ioGMDData * dataP; - if (_memoryEntries && (dataP = getDataP(_memoryEntries)) && dataP->fMappedBase) + if (_memoryEntries && (dataP = getDataP(_memoryEntries)) && dataP->fMappedBaseValid) { - dataP->fMapper->iovmUnmapMemory(this, NULL, dataP->fMappedBase, dataP->fMappedLength); - dataP->fMappedBase = 0; + dmaUnmap(dataP->fMapper, NULL, 0, dataP->fMappedBase, dataP->fMappedLength); + dataP->fMappedBaseValid = dataP->fMappedBase = 0; } } else @@ -1738,7 +1834,15 @@ IOOptionBits IOMemoryDescriptor::getTag( void ) return( _tag); } +uint64_t IOMemoryDescriptor::getFlags(void) +{ + return (_flags); +} + #ifndef __LP64__ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wdeprecated-declarations" + // @@@ gvdl: who is using this API? Seems like a wierd thing to implement. IOPhysicalAddress IOMemoryDescriptor::getSourceSegment( IOByteCount offset, IOByteCount * length ) @@ -1752,6 +1856,9 @@ IOMemoryDescriptor::getSourceSegment( IOByteCount offset, IOByteCount * length return( (IOPhysicalAddress) physAddr ); // truncated but only page offset is used } + +#pragma clang diagnostic pop + #endif /* !__LP64__ */ IOByteCount IOMemoryDescriptor::readBytes @@ -1768,6 +1875,9 @@ IOByteCount IOMemoryDescriptor::readBytes return 0; } + assert (!(kIOMemoryRemote & _flags)); + if (kIOMemoryRemote & _flags) return (0); + if (kIOMemoryThreadSafe & _flags) LOCK; @@ -1819,6 +1929,9 @@ IOByteCount IOMemoryDescriptor::writeBytes return 0; } + assert (!(kIOMemoryRemote & _flags)); + if (kIOMemoryRemote & _flags) return (0); + if (kIOMemoryThreadSafe & _flags) LOCK; @@ -1851,7 +1964,11 @@ IOByteCount IOMemoryDescriptor::writeBytes assert(!remaining); +#if defined(__x86_64__) + // copypv does not cppvFsnk on intel +#else if (!srcAddr) performOperation(kIOMemoryIncoherentIOFlush, inoffset, length); +#endif return length - remaining; } @@ -1905,11 +2022,7 @@ void IOMemoryDescriptor::setPreparationID( void ) { if (getKernelReserved() && (kIOPreparationIDUnprepared == reserved->preparationID)) { -#if defined(__ppc__ ) - reserved->preparationID = gIOMDPreparationID++; -#else reserved->preparationID = OSIncrementAtomic64(&gIOMDPreparationID); -#endif } } @@ -1921,6 +2034,25 @@ uint64_t IOMemoryDescriptor::getPreparationID( void ) return (kIOPreparationIDUnsupported); } +void IOMemoryDescriptor::setVMTags(vm_tag_t kernelTag, vm_tag_t userTag) +{ + _kernelTag = kernelTag; + _userTag = userTag; +} + +vm_tag_t IOMemoryDescriptor::getVMTag(vm_map_t map) +{ + if (vm_kernel_map_is_kernel(map)) + { + if (VM_KERN_MEMORY_NONE != _kernelTag) return (_kernelTag); + } + else + { + if (VM_KERN_MEMORY_NONE != _userTag) return (_userTag); + } + return (IOMemoryTag(map)); +} + IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *vData, UInt dataSize) const { IOReturn err = kIOReturnSuccess; @@ -1952,32 +2084,47 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void * keepMap = (data->fMapper == gIOSystemMapper); keepMap &= ((data->fOffset == 0) && (data->fLength == _length)); + if ((data->fMapper == gIOSystemMapper) && _prepareLock) IOLockLock(_prepareLock); + remap = (!keepMap); remap |= (dataP->fDMAMapNumAddressBits < 64) && ((dataP->fMappedBase + _length) > (1ULL << dataP->fDMAMapNumAddressBits)); remap |= (dataP->fDMAMapAlignment > page_size); - if (remap || !dataP->fMappedBase) + if (remap || !dataP->fMappedBaseValid) { -// if (dataP->fMappedBase) OSReportWithBacktrace("kIOMDDMAMap whole %d remap %d params %d\n", whole, remap, params); +// if (dataP->fMappedBaseValid) OSReportWithBacktrace("kIOMDDMAMap whole %d remap %d params %d\n", whole, remap, params); err = md->dmaMap(data->fMapper, data->fCommand, &data->fMapSpec, data->fOffset, data->fLength, &data->fAlloc, &data->fAllocLength); - if (keepMap && (kIOReturnSuccess == err) && !dataP->fMappedBase) + if (keepMap && (kIOReturnSuccess == err) && !dataP->fMappedBaseValid) { - dataP->fMappedBase = data->fAlloc; - dataP->fMappedLength = data->fAllocLength; - data->fAllocLength = 0; // IOMD owns the alloc now + dataP->fMappedBase = data->fAlloc; + dataP->fMappedBaseValid = true; + dataP->fMappedLength = data->fAllocLength; + data->fAllocLength = 0; // IOMD owns the alloc now } } else { data->fAlloc = dataP->fMappedBase; data->fAllocLength = 0; // give out IOMD map + md->dmaMapRecord(data->fMapper, data->fCommand, dataP->fMappedLength); } data->fMapContig = !dataP->fDiscontig; - } + if ((data->fMapper == gIOSystemMapper) && _prepareLock) IOLockUnlock(_prepareLock); + } return (err); } + if (kIOMDDMAUnmap == op) + { + if (dataSize < sizeof(IOMDDMAMapArgs)) + return kIOReturnUnderrun; + IOMDDMAMapArgs * data = (IOMDDMAMapArgs *) vData; + + err = md->dmaUnmap(data->fMapper, data->fCommand, data->fOffset, data->fAlloc, data->fAllocLength); + + return kIOReturnSuccess; + } if (kIOMDAddDMAMapSpec == op) { @@ -2025,20 +2172,24 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void * } } - return kIOReturnSuccess; - -#if IOMD_DEBUG_DMAACTIVE - } else if (kIOMDDMAActive == op) { - if (params) OSIncrementAtomic(&md->__iomd_reservedA); - else { - if (md->__iomd_reservedA) - OSDecrementAtomic(&md->__iomd_reservedA); - else - panic("kIOMDSetDMAInactive"); - } -#endif /* IOMD_DEBUG_DMAACTIVE */ + return kIOReturnSuccess; + } - } else if (kIOMDWalkSegments != op) + else if (kIOMDDMAActive == op) + { + if (params) + { + int16_t prior; + prior = OSAddAtomic16(1, &md->_dmaReferences); + if (!prior) md->_mapName = NULL; + } + else + { + if (md->_dmaReferences) OSAddAtomic16(-1, &md->_dmaReferences); + else panic("_dmaReferences underflow"); + } + } + else if (kIOMDWalkSegments != op) return kIOReturnBadArgument; // Get the next segment @@ -2055,12 +2206,15 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void * isP = (InternalState *) vData; UInt offset = isP->fIO.fOffset; - bool mapped = isP->fIO.fMapped; + uint8_t mapped = isP->fIO.fMapped; + uint64_t mappedBase; + + if (mapped && (kIOMemoryRemote & _flags)) return (kIOReturnNotAttached); if (IOMapper::gSystem && mapped && (!(kIOMemoryHostOnly & _flags)) - && (!_memoryEntries || !getDataP(_memoryEntries)->fMappedBase)) -// && (_memoryEntries && !getDataP(_memoryEntries)->fMappedBase)) + && (!_memoryEntries || !getDataP(_memoryEntries)->fMappedBaseValid)) +// && (_memoryEntries && !getDataP(_memoryEntries)->fMappedBaseValid)) { if (!_memoryEntries && !md->initMemoryEntries(computeDataSize(0, 0), kIOMapperWaitSystem)) return (kIOReturnNoMemory); @@ -2074,7 +2228,22 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void * mapSpec.alignment = dataP->fDMAMapAlignment; err = md->dmaMap(dataP->fMapper, NULL, &mapSpec, 0, _length, &dataP->fMappedBase, &dataP->fMappedLength); if (kIOReturnSuccess != err) return (err); + dataP->fMappedBaseValid = true; + } + } + + if (kIOMDDMAWalkMappedLocal == mapped) mappedBase = isP->fIO.fMappedBase; + else if (mapped) + { + if (IOMapper::gSystem + && (!(kIOMemoryHostOnly & _flags)) + && _memoryEntries + && (dataP = getDataP(_memoryEntries)) + && dataP->fMappedBaseValid) + { + mappedBase = dataP->fMappedBase; } + else mapped = 0; } if (offset >= _length) @@ -2092,7 +2261,6 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void * UInt length; UInt64 address; - if ( (_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical) { // Physical address based memory descriptor @@ -2109,10 +2277,9 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void * length = off2Ind - offset; address = physP[ind - 1].address + len - length; - if (true && mapped && _memoryEntries - && (dataP = getDataP(_memoryEntries)) && dataP->fMappedBase) + if (true && mapped) { - address = dataP->fMappedBase + offset; + address = mappedBase + offset; } else { @@ -2146,10 +2313,9 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void * length = off2Ind - offset; address = physP[ind - 1].address + len - length; - if (true && mapped && _memoryEntries - && (dataP = getDataP(_memoryEntries)) && dataP->fMappedBase) + if (true && mapped) { - address = dataP->fMappedBase + offset; + address = mappedBase + offset; } else { @@ -2198,9 +2364,9 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void * // If a mapped address is requested and this is a pre-mapped IOPL // then just need to compute an offset relative to the mapped base. - if (mapped && dataP->fMappedBase) { + if (mapped) { offset += (ioplInfo.fPageOffset & PAGE_MASK); - address = trunc_page_64(dataP->fMappedBase) + ptoa_64(ioplInfo.fMappedPage) + offset; + address = trunc_page_64(mappedBase) + ptoa_64(ioplInfo.fMappedPage) + offset; continue; // Done leave do/while(false) now } @@ -2321,7 +2487,7 @@ IOGeneralMemoryDescriptor::getPhysicalSegment(IOByteCount offset, IOByteCount *l state->fOffset = offset; state->fLength = _length - offset; - state->fMapped = (0 == (options & kIOMemoryMapperNone)) && !(_flags & kIOMemoryHostOnly); + state->fMapped = (0 == (options & kIOMemoryMapperNone)) && !(_flags & kIOMemoryHostOrRemote); ret = dmaCommandOperation(kIOMDFirstSegment, _state, sizeof(_state)); @@ -2366,6 +2532,9 @@ IOGeneralMemoryDescriptor::getPhysicalSegment(IOByteCount offset, IOByteCount *l } #ifndef __LP64__ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wdeprecated-declarations" + addr64_t IOMemoryDescriptor::getPhysicalSegment(IOByteCount offset, IOByteCount *lengthOfSegment, IOOptionBits options) { @@ -2386,6 +2555,7 @@ IOMemoryDescriptor::getPhysicalSegment(IOByteCount offset, IOByteCount *lengthOf return (address); } +#pragma clang diagnostic pop addr64_t IOGeneralMemoryDescriptor::getPhysicalSegment64(IOByteCount offset, IOByteCount *lengthOfSegment) @@ -2461,6 +2631,9 @@ IOGeneralMemoryDescriptor::getSourceSegment(IOByteCount offset, IOByteCount *len return ((IOPhysicalAddress) getPhysicalSegment(offset, lengthOfSegment, _kIOMemorySourceSegment)); } +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wdeprecated-declarations" + void * IOGeneralMemoryDescriptor::getVirtualSegment(IOByteCount offset, IOByteCount * lengthOfSegment) { @@ -2471,6 +2644,7 @@ void * IOGeneralMemoryDescriptor::getVirtualSegment(IOByteCount offset, return 0; } +#pragma clang diagnostic pop #endif /* !__LP64__ */ IOReturn @@ -2518,8 +2692,19 @@ IOMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *vData, UInt data data->fMapContig = true; err = md->dmaMap(data->fMapper, data->fCommand, &data->fMapSpec, data->fOffset, data->fLength, &data->fAlloc, &data->fAllocLength); + return (err); } + else if (kIOMDDMAUnmap == op) + { + if (dataSize < sizeof(IOMDDMAMapArgs)) + return kIOReturnUnderrun; + IOMDDMAMapArgs * data = (IOMDDMAMapArgs *) vData; + + err = md->dmaUnmap(data->fMapper, data->fCommand, data->fOffset, data->fAlloc, data->fAllocLength); + + return (kIOReturnSuccess); + } else return kIOReturnBadArgument; return kIOReturnSuccess; @@ -2534,6 +2719,9 @@ IOGeneralMemoryDescriptor::setPurgeable( IOOptionBits newState, vm_purgable_t control; int state; + assert (!(kIOMemoryRemote & _flags)); + if (kIOMemoryRemote & _flags) return (kIOReturnNotAttached); + if (_memRef) { err = super::setPurgeable(newState, oldState); @@ -2557,7 +2745,14 @@ IOGeneralMemoryDescriptor::setPurgeable( IOOptionBits newState, break; } else + { curMap = get_task_map(_task); + if (NULL == curMap) + { + err = KERN_INVALID_ARGUMENT; + break; + } + } // can only do one range Ranges vec = _ranges; @@ -2569,7 +2764,7 @@ IOGeneralMemoryDescriptor::setPurgeable( IOOptionBits newState, err = purgeableControlBits(newState, &control, &state); if (kIOReturnSuccess != err) break; - err = mach_vm_purgable_control(curMap, addr, control, &state); + err = vm_map_purgable_control(curMap, addr, control, &state); if (oldState) { if (kIOReturnSuccess == err) @@ -2604,6 +2799,9 @@ IOReturn IOMemoryDescriptor::getPageCounts( IOByteCount * residentPageCount, { IOReturn err = kIOReturnNotReady; + assert (!(kIOMemoryRemote & _flags)); + if (kIOMemoryRemote & _flags) return (kIOReturnNotAttached); + if (kIOMemoryThreadSafe & _flags) LOCK; if (_memRef) err = IOGeneralMemoryDescriptor::memoryReferenceGetPageCounts(_memRef, residentPageCount, dirtyPageCount); else @@ -2625,8 +2823,13 @@ IOReturn IOMemoryDescriptor::getPageCounts( IOByteCount * residentPageCount, } +#if defined(__arm__) || defined(__arm64__) +extern "C" void dcache_incoherent_io_flush64(addr64_t pa, unsigned int count, unsigned int remaining, unsigned int *res); +extern "C" void dcache_incoherent_io_store64(addr64_t pa, unsigned int count, unsigned int remaining, unsigned int *res); +#else /* defined(__arm__) || defined(__arm64__) */ extern "C" void dcache_incoherent_io_flush64(addr64_t pa, unsigned int count); extern "C" void dcache_incoherent_io_store64(addr64_t pa, unsigned int count); +#endif /* defined(__arm__) || defined(__arm64__) */ static void SetEncryptOp(addr64_t pa, unsigned int count) { @@ -2658,15 +2861,41 @@ IOReturn IOMemoryDescriptor::performOperation( IOOptionBits options, IOByteCount remaining; unsigned int res; void (*func)(addr64_t pa, unsigned int count) = 0; +#if defined(__arm__) || defined(__arm64__) + void (*func_ext)(addr64_t pa, unsigned int count, unsigned int remaining, unsigned int *result) = 0; +#endif + + assert (!(kIOMemoryRemote & _flags)); + if (kIOMemoryRemote & _flags) return (kIOReturnNotAttached); switch (options) { case kIOMemoryIncoherentIOFlush: +#if defined(__arm__) || defined(__arm64__) + func_ext = &dcache_incoherent_io_flush64; +#if __ARM_COHERENT_IO__ + func_ext(0, 0, 0, &res); + return kIOReturnSuccess; +#else /* __ARM_COHERENT_IO__ */ + break; +#endif /* __ARM_COHERENT_IO__ */ +#else /* defined(__arm__) || defined(__arm64__) */ func = &dcache_incoherent_io_flush64; break; +#endif /* defined(__arm__) || defined(__arm64__) */ case kIOMemoryIncoherentIOStore: +#if defined(__arm__) || defined(__arm64__) + func_ext = &dcache_incoherent_io_store64; +#if __ARM_COHERENT_IO__ + func_ext(0, 0, 0, &res); + return kIOReturnSuccess; +#else /* __ARM_COHERENT_IO__ */ + break; +#endif /* __ARM_COHERENT_IO__ */ +#else /* defined(__arm__) || defined(__arm64__) */ func = &dcache_incoherent_io_store64; break; +#endif /* defined(__arm__) || defined(__arm64__) */ case kIOMemorySetEncrypted: func = &SetEncryptOp; @@ -2676,8 +2905,13 @@ IOReturn IOMemoryDescriptor::performOperation( IOOptionBits options, break; } +#if defined(__arm__) || defined(__arm64__) + if ((func == 0) && (func_ext == 0)) + return (kIOReturnUnsupported); +#else /* defined(__arm__) || defined(__arm64__) */ if (!func) return (kIOReturnUnsupported); +#endif /* defined(__arm__) || defined(__arm64__) */ if (kIOMemoryThreadSafe & _flags) LOCK; @@ -2698,7 +2932,19 @@ IOReturn IOMemoryDescriptor::performOperation( IOOptionBits options, if (dstLen > remaining) dstLen = remaining; +#if defined(__arm__) || defined(__arm64__) + if (func) + (*func)(dstAddr64, dstLen); + if (func_ext) { + (*func_ext)(dstAddr64, dstLen, remaining, &res); + if (res != 0x0UL) { + remaining = 0; + break; + } + } +#else /* defined(__arm__) || defined(__arm64__) */ (*func)(dstAddr64, dstLen); +#endif /* defined(__arm__) || defined(__arm64__) */ offset += dstLen; remaining -= dstLen; @@ -2710,11 +2956,27 @@ IOReturn IOMemoryDescriptor::performOperation( IOOptionBits options, return (remaining ? kIOReturnUnderrun : kIOReturnSuccess); } +/* + * + */ + #if defined(__i386__) || defined(__x86_64__) #define io_kernel_static_start vm_kernel_stext #define io_kernel_static_end vm_kernel_etext +#elif defined(__arm__) || defined(__arm64__) + +extern vm_offset_t static_memory_end; + +#if defined(__arm64__) +#define io_kernel_static_start vm_kext_base +#else /* defined(__arm64__) */ +#define io_kernel_static_start vm_kernel_stext +#endif /* defined(__arm64__) */ + +#define io_kernel_static_end static_memory_end + #else #error io_kernel_static_end is undefined for this architecture #endif @@ -2745,7 +3007,7 @@ io_get_kernel_static_upl( if (!phys) break; page_list[page].phys_addr = phys; - page_list[page].pageout = 0; + page_list[page].free_when_done = 0; page_list[page].absent = 0; page_list[page].dirty = 0; page_list[page].precious = 0; @@ -2762,28 +3024,36 @@ io_get_kernel_static_upl( IOReturn IOGeneralMemoryDescriptor::wireVirtual(IODirection forDirection) { IOOptionBits type = _flags & kIOMemoryTypeMask; - IOReturn error = kIOReturnCannotWire; + IOReturn error = kIOReturnSuccess; ioGMDData *dataP; upl_page_info_array_t pageInfo; ppnum_t mapBase; + vm_tag_t tag = VM_KERN_MEMORY_NONE; assert(kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type); if ((kIODirectionOutIn & forDirection) == kIODirectionNone) forDirection = (IODirection) (forDirection | getDirection()); + dataP = getDataP(_memoryEntries); upl_control_flags_t uplFlags; // This Mem Desc's default flags for upl creation switch (kIODirectionOutIn & forDirection) { - case kIODirectionOut: - // Pages do not need to be marked as dirty on commit - uplFlags = UPL_COPYOUT_FROM; - break; + case kIODirectionOut: + // Pages do not need to be marked as dirty on commit + uplFlags = UPL_COPYOUT_FROM; + dataP->fDMAAccess = kIODMAMapReadAccess; + break; - case kIODirectionIn: - default: - uplFlags = 0; // i.e. ~UPL_COPYOUT_FROM - break; + case kIODirectionIn: + dataP->fDMAAccess = kIODMAMapWriteAccess; + uplFlags = 0; // i.e. ~UPL_COPYOUT_FROM + break; + + default: + dataP->fDMAAccess = kIODMAMapReadAccess | kIODMAMapWriteAccess; + uplFlags = 0; // i.e. ~UPL_COPYOUT_FROM + break; } if (_wireCount) @@ -2793,208 +3063,201 @@ IOReturn IOGeneralMemoryDescriptor::wireVirtual(IODirection forDirection) OSReportWithBacktrace("IOMemoryDescriptor 0x%lx prepared read only", VM_KERNEL_ADDRPERM(this)); error = kIOReturnNotWritable; } - else error = kIOReturnSuccess; - return (error); } - - dataP = getDataP(_memoryEntries); - IOMapper *mapper; - mapper = dataP->fMapper; - dataP->fMappedBase = 0; - - uplFlags |= UPL_SET_IO_WIRE | UPL_SET_LITE; - uplFlags |= UPL_MEMORY_TAG_MAKE(IOMemoryTag(kernel_map)); - - if (kIODirectionPrepareToPhys32 & forDirection) + else { - if (!mapper) uplFlags |= UPL_NEED_32BIT_ADDR; - if (dataP->fDMAMapNumAddressBits > 32) dataP->fDMAMapNumAddressBits = 32; - } - if (kIODirectionPrepareNoFault & forDirection) uplFlags |= UPL_REQUEST_NO_FAULT; - if (kIODirectionPrepareNoZeroFill & forDirection) uplFlags |= UPL_NOZEROFILLIO; - if (kIODirectionPrepareNonCoherent & forDirection) uplFlags |= UPL_REQUEST_FORCE_COHERENCY; - - mapBase = 0; - - // Note that appendBytes(NULL) zeros the data up to the desired length - // and the length parameter is an unsigned int - size_t uplPageSize = dataP->fPageCnt * sizeof(upl_page_info_t); - if (uplPageSize > ((unsigned int)uplPageSize)) return (kIOReturnNoMemory); - if (!_memoryEntries->appendBytes(0, uplPageSize)) return (kIOReturnNoMemory); - dataP = 0; + IOMapper *mapper; - // Find the appropriate vm_map for the given task - vm_map_t curMap; - if (_task == kernel_task && (kIOMemoryBufferPageable & _flags)) curMap = 0; - else curMap = get_task_map(_task); + mapper = dataP->fMapper; + dataP->fMappedBaseValid = dataP->fMappedBase = 0; - // Iterate over the vector of virtual ranges - Ranges vec = _ranges; - unsigned int pageIndex = 0; - IOByteCount mdOffset = 0; - ppnum_t highestPage = 0; - - IOMemoryEntry * memRefEntry = 0; - if (_memRef) memRefEntry = &_memRef->entries[0]; - - for (UInt range = 0; range < _rangesCount; range++) { - ioPLBlock iopl; - mach_vm_address_t startPage; - mach_vm_size_t numBytes; - ppnum_t highPage = 0; - - // Get the startPage address and length of vec[range] - getAddrLenForInd(startPage, numBytes, type, vec, range); - iopl.fPageOffset = startPage & PAGE_MASK; - numBytes += iopl.fPageOffset; - startPage = trunc_page_64(startPage); - - if (mapper) - iopl.fMappedPage = mapBase + pageIndex; - else - iopl.fMappedPage = 0; - - // Iterate over the current range, creating UPLs - while (numBytes) { - vm_address_t kernelStart = (vm_address_t) startPage; - vm_map_t theMap; - if (curMap) theMap = curMap; - else if (_memRef) - { - theMap = NULL; - } - else - { - assert(_task == kernel_task); - theMap = IOPageableMapForAddress(kernelStart); - } - - // ioplFlags is an in/out parameter - upl_control_flags_t ioplFlags = uplFlags; - dataP = getDataP(_memoryEntries); - pageInfo = getPageList(dataP); - upl_page_list_ptr_t baseInfo = &pageInfo[pageIndex]; - - upl_size_t ioplSize = round_page(numBytes); - unsigned int numPageInfo = atop_32(ioplSize); - - if ((theMap == kernel_map) - && (kernelStart >= io_kernel_static_start) - && (kernelStart < io_kernel_static_end)) { - error = io_get_kernel_static_upl(theMap, - kernelStart, - &ioplSize, - &iopl.fIOPL, - baseInfo, - &numPageInfo, - &highPage); - } - else if (_memRef) { - memory_object_offset_t entryOffset; - - entryOffset = mdOffset; - entryOffset = (entryOffset - iopl.fPageOffset - memRefEntry->offset); - if (entryOffset >= memRefEntry->size) { - memRefEntry++; - if (memRefEntry >= &_memRef->entries[_memRef->count]) panic("memRefEntry"); - entryOffset = 0; - } - if (ioplSize > (memRefEntry->size - entryOffset)) ioplSize = (memRefEntry->size - entryOffset); - error = memory_object_iopl_request(memRefEntry->entry, - entryOffset, - &ioplSize, - &iopl.fIOPL, - baseInfo, - &numPageInfo, - &ioplFlags); - } - else { - assert(theMap); - error = vm_map_create_upl(theMap, - startPage, - (upl_size_t*)&ioplSize, - &iopl.fIOPL, - baseInfo, - &numPageInfo, - &ioplFlags); - } + uplFlags |= UPL_SET_IO_WIRE | UPL_SET_LITE; + tag = _kernelTag; + if (VM_KERN_MEMORY_NONE == tag) tag = IOMemoryTag(kernel_map); - assert(ioplSize); - if (error != KERN_SUCCESS) - goto abortExit; + if (kIODirectionPrepareToPhys32 & forDirection) + { + if (!mapper) uplFlags |= UPL_NEED_32BIT_ADDR; + if (dataP->fDMAMapNumAddressBits > 32) dataP->fDMAMapNumAddressBits = 32; + } + if (kIODirectionPrepareNoFault & forDirection) uplFlags |= UPL_REQUEST_NO_FAULT; + if (kIODirectionPrepareNoZeroFill & forDirection) uplFlags |= UPL_NOZEROFILLIO; + if (kIODirectionPrepareNonCoherent & forDirection) uplFlags |= UPL_REQUEST_FORCE_COHERENCY; + + mapBase = 0; + + // Note that appendBytes(NULL) zeros the data up to the desired length + // and the length parameter is an unsigned int + size_t uplPageSize = dataP->fPageCnt * sizeof(upl_page_info_t); + if (uplPageSize > ((unsigned int)uplPageSize)) return (kIOReturnNoMemory); + if (!_memoryEntries->appendBytes(0, uplPageSize)) return (kIOReturnNoMemory); + dataP = 0; + + // Find the appropriate vm_map for the given task + vm_map_t curMap; + if (_task == kernel_task && (kIOMemoryBufferPageable & _flags)) curMap = 0; + else curMap = get_task_map(_task); + + // Iterate over the vector of virtual ranges + Ranges vec = _ranges; + unsigned int pageIndex = 0; + IOByteCount mdOffset = 0; + ppnum_t highestPage = 0; + + IOMemoryEntry * memRefEntry = 0; + if (_memRef) memRefEntry = &_memRef->entries[0]; + + for (UInt range = 0; range < _rangesCount; range++) { + ioPLBlock iopl; + mach_vm_address_t startPage, startPageOffset; + mach_vm_size_t numBytes; + ppnum_t highPage = 0; + + // Get the startPage address and length of vec[range] + getAddrLenForInd(startPage, numBytes, type, vec, range); + startPageOffset = startPage & PAGE_MASK; + iopl.fPageOffset = startPageOffset; + numBytes += startPageOffset; + startPage = trunc_page_64(startPage); + + if (mapper) + iopl.fMappedPage = mapBase + pageIndex; + else + iopl.fMappedPage = 0; + + // Iterate over the current range, creating UPLs + while (numBytes) { + vm_address_t kernelStart = (vm_address_t) startPage; + vm_map_t theMap; + if (curMap) theMap = curMap; + else if (_memRef) + { + theMap = NULL; + } + else + { + assert(_task == kernel_task); + theMap = IOPageableMapForAddress(kernelStart); + } - if (iopl.fIOPL) - highPage = upl_get_highest_page(iopl.fIOPL); - if (highPage > highestPage) - highestPage = highPage; + // ioplFlags is an in/out parameter + upl_control_flags_t ioplFlags = uplFlags; + dataP = getDataP(_memoryEntries); + pageInfo = getPageList(dataP); + upl_page_list_ptr_t baseInfo = &pageInfo[pageIndex]; + + mach_vm_size_t _ioplSize = round_page(numBytes); + upl_size_t ioplSize = (_ioplSize <= MAX_UPL_SIZE_BYTES) ? _ioplSize : MAX_UPL_SIZE_BYTES; + unsigned int numPageInfo = atop_32(ioplSize); + + if ((theMap == kernel_map) + && (kernelStart >= io_kernel_static_start) + && (kernelStart < io_kernel_static_end)) { + error = io_get_kernel_static_upl(theMap, + kernelStart, + &ioplSize, + &iopl.fIOPL, + baseInfo, + &numPageInfo, + &highPage); + } + else if (_memRef) { + memory_object_offset_t entryOffset; + + entryOffset = mdOffset; + entryOffset = (entryOffset - iopl.fPageOffset - memRefEntry->offset); + if (entryOffset >= memRefEntry->size) { + memRefEntry++; + if (memRefEntry >= &_memRef->entries[_memRef->count]) panic("memRefEntry"); + entryOffset = 0; + } + if (ioplSize > (memRefEntry->size - entryOffset)) ioplSize = (memRefEntry->size - entryOffset); + error = memory_object_iopl_request(memRefEntry->entry, + entryOffset, + &ioplSize, + &iopl.fIOPL, + baseInfo, + &numPageInfo, + &ioplFlags, + tag); + } + else { + assert(theMap); + error = vm_map_create_upl(theMap, + startPage, + (upl_size_t*)&ioplSize, + &iopl.fIOPL, + baseInfo, + &numPageInfo, + &ioplFlags, + tag); + } - error = kIOReturnCannotWire; + if (error != KERN_SUCCESS) goto abortExit; - if (baseInfo->device) { - numPageInfo = 1; - iopl.fFlags = kIOPLOnDevice; - } - else { - iopl.fFlags = 0; - } + assert(ioplSize); - iopl.fIOMDOffset = mdOffset; - iopl.fPageInfo = pageIndex; - if (mapper && pageIndex && (page_mask & (mdOffset + iopl.fPageOffset))) dataP->fDiscontig = true; + if (iopl.fIOPL) + highPage = upl_get_highest_page(iopl.fIOPL); + if (highPage > highestPage) + highestPage = highPage; -#if 0 - // used to remove the upl for auto prepares here, for some errant code - // that freed memory before the descriptor pointing at it - if ((_flags & kIOMemoryAutoPrepare) && iopl.fIOPL) - { - upl_commit(iopl.fIOPL, 0, 0); - upl_deallocate(iopl.fIOPL); - iopl.fIOPL = 0; - } -#endif + if (baseInfo->device) { + numPageInfo = 1; + iopl.fFlags = kIOPLOnDevice; + } + else { + iopl.fFlags = 0; + } - if (!_memoryEntries->appendBytes(&iopl, sizeof(iopl))) { - // Clean up partial created and unsaved iopl - if (iopl.fIOPL) { - upl_abort(iopl.fIOPL, 0); - upl_deallocate(iopl.fIOPL); + iopl.fIOMDOffset = mdOffset; + iopl.fPageInfo = pageIndex; + if (mapper && pageIndex && (page_mask & (mdOffset + startPageOffset))) dataP->fDiscontig = true; + + if (!_memoryEntries->appendBytes(&iopl, sizeof(iopl))) { + // Clean up partial created and unsaved iopl + if (iopl.fIOPL) { + upl_abort(iopl.fIOPL, 0); + upl_deallocate(iopl.fIOPL); + } + goto abortExit; + } + dataP = 0; + + // Check for a multiple iopl's in one virtual range + pageIndex += numPageInfo; + mdOffset -= iopl.fPageOffset; + if (ioplSize < numBytes) { + numBytes -= ioplSize; + startPage += ioplSize; + mdOffset += ioplSize; + iopl.fPageOffset = 0; + if (mapper) iopl.fMappedPage = mapBase + pageIndex; + } + else { + mdOffset += numBytes; + break; } - goto abortExit; - } - dataP = 0; - - // Check for a multiple iopl's in one virtual range - pageIndex += numPageInfo; - mdOffset -= iopl.fPageOffset; - if (ioplSize < numBytes) { - numBytes -= ioplSize; - startPage += ioplSize; - mdOffset += ioplSize; - iopl.fPageOffset = 0; - if (mapper) iopl.fMappedPage = mapBase + pageIndex; - } - else { - mdOffset += numBytes; - break; } } - } - _highestPage = highestPage; + _highestPage = highestPage; - if (UPL_COPYOUT_FROM & uplFlags) _flags |= kIOMemoryPreparedReadOnly; + if (UPL_COPYOUT_FROM & uplFlags) _flags |= kIOMemoryPreparedReadOnly; + } - if ((kIOTracking & gIOKitDebug) - //&& !(_flags & kIOMemoryAutoPrepare) - ) - { - dataP = getDataP(_memoryEntries); #if IOTRACKING - IOTrackingAdd(gIOWireTracking, &dataP->fWireTracking, ptoa(_pages), false); -#endif + if (!(_flags & kIOMemoryAutoPrepare) && (kIOReturnSuccess == error)) + { + dataP = getDataP(_memoryEntries); + if (!dataP->fWireTracking.link.next) + { + IOTrackingAdd(gIOWireTracking, &dataP->fWireTracking, ptoa(_pages), false, tag); + } } +#endif /* IOTRACKING */ - return kIOReturnSuccess; + return (error); abortExit: { @@ -3048,6 +3311,7 @@ bool IOGeneralMemoryDescriptor::initMemoryEntries(size_t size, IOMapper * mapper dataP->fPreparationID = kIOPreparationIDUnprepared; dataP->fDiscontig = false; dataP->fCompletionError = false; + dataP->fMappedBaseValid = false; return (true); } @@ -3061,16 +3325,83 @@ IOReturn IOMemoryDescriptor::dmaMap( uint64_t * mapAddress, uint64_t * mapLength) { - IOReturn ret; + IOReturn err; uint32_t mapOptions; mapOptions = 0; mapOptions |= kIODMAMapReadAccess; if (!(kIOMemoryPreparedReadOnly & _flags)) mapOptions |= kIODMAMapWriteAccess; - ret = mapper->iovmMapMemory(this, offset, length, mapOptions, + err = mapper->iovmMapMemory(this, offset, length, mapOptions, mapSpec, command, NULL, mapAddress, mapLength); + if (kIOReturnSuccess == err) dmaMapRecord(mapper, command, *mapLength); + + return (err); +} + +void IOMemoryDescriptor::dmaMapRecord( + IOMapper * mapper, + IODMACommand * command, + uint64_t mapLength) +{ + kern_allocation_name_t alloc; + int16_t prior; + + if ((alloc = mapper->fAllocName) /* && mapper != IOMapper::gSystem */) + { + kern_allocation_update_size(mapper->fAllocName, mapLength); + } + + if (!command) return; + prior = OSAddAtomic16(1, &_dmaReferences); + if (!prior) + { + if (alloc && (VM_KERN_MEMORY_NONE != _kernelTag)) + { + _mapName = alloc; + mapLength = _length; + kern_allocation_update_subtotal(alloc, _kernelTag, mapLength); + } + else _mapName = NULL; + } +} + +IOReturn IOMemoryDescriptor::dmaUnmap( + IOMapper * mapper, + IODMACommand * command, + uint64_t offset, + uint64_t mapAddress, + uint64_t mapLength) +{ + IOReturn ret; + kern_allocation_name_t alloc; + kern_allocation_name_t mapName; + int16_t prior; + + mapName = 0; + prior = 0; + if (command) + { + mapName = _mapName; + if (_dmaReferences) prior = OSAddAtomic16(-1, &_dmaReferences); + else panic("_dmaReferences underflow"); + } + + if (!mapLength) return (kIOReturnSuccess); + + ret = mapper->iovmUnmapMemory(this, command, mapAddress, mapLength); + + if ((alloc = mapper->fAllocName)) + { + kern_allocation_update_size(alloc, -mapLength); + if ((1 == prior) && mapName && (VM_KERN_MEMORY_NONE != _kernelTag)) + { + mapLength = _length; + kern_allocation_update_subtotal(mapName, _kernelTag, -mapLength); + } + } + return (ret); } @@ -3089,6 +3420,7 @@ IOReturn IOGeneralMemoryDescriptor::dmaMap( *mapAddress = 0; if (kIOMemoryHostOnly & _flags) return (kIOReturnSuccess); + if (kIOMemoryRemote & _flags) return (kIOReturnNotAttached); if ((type == kIOMemoryTypePhysical) || (type == kIOMemoryTypePhysical64) || offset || (length != _length)) @@ -3120,20 +3452,22 @@ IOReturn IOGeneralMemoryDescriptor::dmaMap( mapOptions |= kIODMAMapPageListFullyOccupied; } - mapOptions |= kIODMAMapReadAccess; - if (!(kIOMemoryPreparedReadOnly & _flags)) mapOptions |= kIODMAMapWriteAccess; + assert(dataP->fDMAAccess); + mapOptions |= dataP->fDMAAccess; // Check for direct device non-paged memory if (ioplList->fFlags & kIOPLOnDevice) mapOptions |= kIODMAMapPhysicallyContiguous; IODMAMapPageList dmaPageList = { - .pageOffset = ioplList->fPageOffset & page_mask, + .pageOffset = (uint32_t)(ioplList->fPageOffset & page_mask), .pageListCount = _pages, .pageList = &pageList[0] }; err = mapper->iovmMapMemory(this, offset, length, mapOptions, &mapSpec, command, &dmaPageList, mapAddress, mapLength); + + if (kIOReturnSuccess == err) dmaMapRecord(mapper, command, *mapLength); } return (err); @@ -3151,33 +3485,34 @@ IOReturn IOGeneralMemoryDescriptor::dmaMap( IOReturn IOGeneralMemoryDescriptor::prepare(IODirection forDirection) { - IOReturn error = kIOReturnSuccess; + IOReturn error = kIOReturnSuccess; IOOptionBits type = _flags & kIOMemoryTypeMask; if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type)) return kIOReturnSuccess; - if (_prepareLock) - IOLockLock(_prepareLock); + assert (!(kIOMemoryRemote & _flags)); + if (kIOMemoryRemote & _flags) return (kIOReturnNotAttached); + + if (_prepareLock) IOLockLock(_prepareLock); if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type) { - error = wireVirtual(forDirection); + error = wireVirtual(forDirection); } if (kIOReturnSuccess == error) { - if (1 == ++_wireCount) - { - if (kIOMemoryClearEncrypt & _flags) - { - performOperation(kIOMemoryClearEncrypted, 0, _length); - } - } + if (1 == ++_wireCount) + { + if (kIOMemoryClearEncrypt & _flags) + { + performOperation(kIOMemoryClearEncrypted, 0, _length); + } + } } - if (_prepareLock) - IOLockUnlock(_prepareLock); + if (_prepareLock) IOLockUnlock(_prepareLock); return error; } @@ -3194,87 +3529,84 @@ IOReturn IOGeneralMemoryDescriptor::prepare(IODirection forDirection) IOReturn IOGeneralMemoryDescriptor::complete(IODirection forDirection) { IOOptionBits type = _flags & kIOMemoryTypeMask; - ioGMDData * dataP; + ioGMDData * dataP; if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type)) return kIOReturnSuccess; - if (_prepareLock) - IOLockLock(_prepareLock); + assert (!(kIOMemoryRemote & _flags)); + if (kIOMemoryRemote & _flags) return (kIOReturnNotAttached); - assert(_wireCount); + if (_prepareLock) IOLockLock(_prepareLock); + do + { + assert(_wireCount); + if (!_wireCount) break; + dataP = getDataP(_memoryEntries); + if (!dataP) break; - if ((kIODirectionCompleteWithError & forDirection) - && (dataP = getDataP(_memoryEntries))) - dataP->fCompletionError = true; + if (kIODirectionCompleteWithError & forDirection) dataP->fCompletionError = true; - if (_wireCount) - { if ((kIOMemoryClearEncrypt & _flags) && (1 == _wireCount)) { performOperation(kIOMemorySetEncrypted, 0, _length); } - _wireCount--; - if (!_wireCount || (kIODirectionCompleteWithDataValid & forDirection)) - { - IOOptionBits type = _flags & kIOMemoryTypeMask; - dataP = getDataP(_memoryEntries); - ioPLBlock *ioplList = getIOPLList(dataP); - UInt ind, count = getNumIOPL(_memoryEntries, dataP); + _wireCount--; + if (!_wireCount || (kIODirectionCompleteWithDataValid & forDirection)) + { + ioPLBlock *ioplList = getIOPLList(dataP); + UInt ind, count = getNumIOPL(_memoryEntries, dataP); - if (_wireCount) - { - // kIODirectionCompleteWithDataValid & forDirection - if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type) - { - for (ind = 0; ind < count; ind++) - { - if (ioplList[ind].fIOPL) iopl_valid_data(ioplList[ind].fIOPL); - } - } - } - else - { -#if IOMD_DEBUG_DMAACTIVE - if (__iomd_reservedA) panic("complete() while dma active"); -#endif /* IOMD_DEBUG_DMAACTIVE */ + if (_wireCount) + { + // kIODirectionCompleteWithDataValid & forDirection + if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type) + { + vm_tag_t tag; + tag = getVMTag(kernel_map); + for (ind = 0; ind < count; ind++) + { + if (ioplList[ind].fIOPL) iopl_valid_data(ioplList[ind].fIOPL, tag); + } + } + } + else + { + if (_dmaReferences) panic("complete() while dma active"); - if (dataP->fMappedBase) { - dataP->fMapper->iovmUnmapMemory(this, NULL, dataP->fMappedBase, dataP->fMappedLength); - dataP->fMappedBase = 0; - } - // Only complete iopls that we created which are for TypeVirtual - if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type) { + if (dataP->fMappedBaseValid) { + dmaUnmap(dataP->fMapper, NULL, 0, dataP->fMappedBase, dataP->fMappedLength); + dataP->fMappedBaseValid = dataP->fMappedBase = 0; + } #if IOTRACKING - if ((kIOTracking & gIOKitDebug) - //&& !(_flags & kIOMemoryAutoPrepare) - ) - { - IOTrackingRemove(gIOWireTracking, &dataP->fWireTracking, ptoa(_pages)); - } -#endif - for (ind = 0; ind < count; ind++) - if (ioplList[ind].fIOPL) { - if (dataP->fCompletionError) - upl_abort(ioplList[ind].fIOPL, 0 /*!UPL_ABORT_DUMP_PAGES*/); - else - upl_commit(ioplList[ind].fIOPL, 0, 0); - upl_deallocate(ioplList[ind].fIOPL); - } - } else if (kIOMemoryTypeUPL == type) { - upl_set_referenced(ioplList[0].fIOPL, false); - } + if (dataP->fWireTracking.link.next) IOTrackingRemove(gIOWireTracking, &dataP->fWireTracking, ptoa(_pages)); +#endif /* IOTRACKING */ + // Only complete iopls that we created which are for TypeVirtual + if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type) + { + for (ind = 0; ind < count; ind++) + if (ioplList[ind].fIOPL) { + if (dataP->fCompletionError) + upl_abort(ioplList[ind].fIOPL, 0 /*!UPL_ABORT_DUMP_PAGES*/); + else + upl_commit(ioplList[ind].fIOPL, 0, 0); + upl_deallocate(ioplList[ind].fIOPL); + } + } else if (kIOMemoryTypeUPL == type) { + upl_set_referenced(ioplList[0].fIOPL, false); + } - (void) _memoryEntries->initWithBytes(dataP, computeDataSize(0, 0)); // == setLength() + (void) _memoryEntries->initWithBytes(dataP, computeDataSize(0, 0)); // == setLength() - dataP->fPreparationID = kIOPreparationIDUnprepared; - } - } + dataP->fPreparationID = kIOPreparationIDUnprepared; + _flags &= ~kIOMemoryPreparedReadOnly; + } + } } + while (false); - if (_prepareLock) - IOLockUnlock(_prepareLock); + if (_prepareLock) IOLockUnlock(_prepareLock); return kIOReturnSuccess; } @@ -3305,6 +3637,9 @@ IOReturn IOGeneralMemoryDescriptor::doMap( if ((offset >= _length) || ((offset + length) > _length)) return( kIOReturnBadArgument ); + assert (!(kIOMemoryRemote & _flags)); + if (kIOMemoryRemote & _flags) return (0); + if (vec.v) getAddrLenForInd(range0Addr, range0Len, type, vec, 0); @@ -3313,6 +3648,7 @@ IOReturn IOGeneralMemoryDescriptor::doMap( && (mapping->fAddressTask == _task) && (mapping->fAddressMap == get_task_map(_task)) && (options & kIOMapAnywhere) + && (!(kIOMapUnique & options)) && (1 == _rangesCount) && (0 == offset) && range0Addr @@ -3362,12 +3698,11 @@ IOReturn IOGeneralMemoryDescriptor::doMap( size = round_page(mapping->fLength); flags = UPL_COPYOUT_FROM | UPL_SET_INTERNAL - | UPL_SET_LITE | UPL_SET_IO_WIRE | UPL_BLOCK_ACCESS - | UPL_MEMORY_TAG_MAKE(IOMemoryTag(kernel_map)); + | UPL_SET_LITE | UPL_SET_IO_WIRE | UPL_BLOCK_ACCESS; if (KERN_SUCCESS != memory_object_iopl_request(_memRef->entries[0].entry, 0, &size, &redirUPL2, NULL, NULL, - &flags)) + &flags, getVMTag(kernel_map))) redirUPL2 = NULL; for (lock_count = 0; @@ -3408,10 +3743,14 @@ IOReturn IOGeneralMemoryDescriptor::doMap( // upl_transpose> // else { - err = memoryReferenceMap(_memRef, mapping->fAddressMap, offset, length, options, &mapping->fAddress); + err = memoryReferenceMap(_memRef, mapping->fAddressMap, offset, length, options, &mapping->fAddress); #if IOTRACKING - if (err == KERN_SUCCESS) IOTrackingAdd(gIOMapTracking, &mapping->fTracking, length, false); -#endif + if ((err == KERN_SUCCESS) && ((kIOTracking & gIOKitDebug) || _task)) + { + // only dram maps in the default on developement case + IOTrackingAddUser(gIOMapTracking, &mapping->fTracking, mapping->fLength); + } +#endif /* IOTRACKING */ if ((err == KERN_SUCCESS) && pager) { err = populateDevicePager(pager, mapping->fAddressMap, mapping->fAddress, offset, length, options); @@ -3427,6 +3766,25 @@ IOReturn IOGeneralMemoryDescriptor::doMap( return (err); } +#if IOTRACKING +IOReturn +IOMemoryMapTracking(IOTrackingUser * tracking, task_t * task, + mach_vm_address_t * address, mach_vm_size_t * size) +{ +#define iomap_offsetof(type, field) ((size_t)(&((type *)0)->field)) + + IOMemoryMap * map = (typeof(map)) (((uintptr_t) tracking) - iomap_offsetof(IOMemoryMap, fTracking)); + + if (!map->fAddressMap || (map->fAddressMap != get_task_map(map->fAddressTask))) return (kIOReturnNotReady); + + *task = map->fAddressTask; + *address = map->fAddress; + *size = map->fLength; + + return (kIOReturnSuccess); +} +#endif /* IOTRACKING */ + IOReturn IOGeneralMemoryDescriptor::doUnmap( vm_map_t addressMap, IOVirtualAddress __address, @@ -3607,11 +3965,14 @@ IOReturn IOMemoryDescriptor::populateDevicePager( // faulting in later can't take place from interrupt level. if ((addressMap == kernel_map) && !(kIOMemoryRedirected & _flags)) { - vm_fault(addressMap, - (vm_map_offset_t)trunc_page_64(address), - VM_PROT_READ|VM_PROT_WRITE, - FALSE, THREAD_UNINT, NULL, - (vm_map_offset_t)0); + err = vm_fault(addressMap, + (vm_map_offset_t)trunc_page_64(address), + options & kIOMapReadOnly ? VM_PROT_READ : VM_PROT_READ|VM_PROT_WRITE, + FALSE, VM_KERN_MEMORY_NONE, + THREAD_UNINT, NULL, + (vm_map_offset_t)0); + + if (KERN_SUCCESS != err) break; } sourceOffset += segLen - pageOffset; @@ -3657,8 +4018,8 @@ IOReturn IOMemoryDescriptor::doUnmap( } #if IOTRACKING - IOTrackingRemove(gIOMapTracking, &mapping->fTracking, length); -#endif + IOTrackingRemoveUser(gIOMapTracking, &mapping->fTracking); +#endif /* IOTRACKING */ return (err); } @@ -3796,8 +4157,8 @@ void IOMemoryMap::taskDied( void ) LOCK; if (fUserClientUnmap) unmap(); #if IOTRACKING - else IOTrackingRemove(gIOMapTracking, &fTracking, fLength); -#endif + else IOTrackingRemoveUser(gIOMapTracking, &fTracking); +#endif /* IOTRACKING */ if( fAddressMap) { vm_map_deallocate(fAddressMap); @@ -3963,8 +4324,7 @@ IOReturn IOMemoryMap::wireRange( prot = (kIODirectionOutIn & options); if (prot) { - prot |= VM_PROT_MEMORY_TAG_MAKE(IOMemoryTag(kernel_map)); - kr = vm_map_wire(fAddressMap, start, end, prot, FALSE); + kr = vm_map_wire_kernel(fAddressMap, start, end, prot, fMemory->getVMTag(kernel_map), FALSE); } else { @@ -4126,11 +4486,10 @@ IOReturn IOMemoryMap::redirect(IOMemoryDescriptor * newBackingMemory, { upl_size_t size = round_page(fLength); upl_control_flags_t flags = UPL_COPYOUT_FROM | UPL_SET_INTERNAL - | UPL_SET_LITE | UPL_SET_IO_WIRE | UPL_BLOCK_ACCESS - | UPL_MEMORY_TAG_MAKE(IOMemoryTag(kernel_map)); + | UPL_SET_LITE | UPL_SET_IO_WIRE | UPL_BLOCK_ACCESS; if (KERN_SUCCESS != memory_object_iopl_request(fMemory->_memRef->entries[0].entry, 0, &size, &fRedirUPL, NULL, NULL, - &flags)) + &flags, fMemory->getVMTag(kernel_map))) fRedirUPL = 0; if (physMem) @@ -4183,9 +4542,8 @@ IOMemoryMap * IOMemoryDescriptor::makeMapping( if (!(kIOMap64Bit & options)) panic("IOMemoryDescriptor::makeMapping !64bit"); #endif /* !__LP64__ */ - IOMemoryDescriptor * mapDesc = 0; - IOMemoryMap * result = 0; - OSIterator * iter; + IOMemoryDescriptor * mapDesc = 0; + __block IOMemoryMap * result = 0; IOMemoryMap * mapping = (IOMemoryMap *) __address; mach_vm_size_t offset = mapping->fOffset + __offset; @@ -4230,20 +4588,17 @@ IOMemoryMap * IOMemoryDescriptor::makeMapping( else { // look for a compatible existing mapping - if( (iter = OSCollectionIterator::withCollection(_mappings))) + if (_mappings) _mappings->iterateObjects(^(OSObject * object) { - IOMemoryMap * lookMapping; - while ((lookMapping = (IOMemoryMap *) iter->getNextObject())) + IOMemoryMap * lookMapping = (IOMemoryMap *) object; + if ((result = lookMapping->copyCompatible(mapping))) { - if ((result = lookMapping->copyCompatible(mapping))) - { - addMapping(result); - result->setMemoryDescriptor(this, offset); - break; - } + addMapping(result); + result->setMemoryDescriptor(this, offset); + return (true); } - iter->release(); - } + return (false); + }); if (result || (options & kIOMapReference)) { if (result != mapping) @@ -4363,16 +4718,17 @@ void * IOMemoryDescriptor::getVirtualSegment(IOByteCount offset, bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const { - OSSymbol const *keys[2]; - OSObject *values[2]; + OSSymbol const *keys[2] = {0}; + OSObject *values[2] = {0}; OSArray * array; + vm_size_t vcopy_size; struct SerData { user_addr_t address; user_size_t length; - } *vcopy; + } *vcopy = NULL; unsigned int index, nRanges; - bool result; + bool result = false; IOOptionBits type = _flags & kIOMemoryTypeMask; @@ -4382,17 +4738,19 @@ bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const if (!array) return (false); nRanges = _rangesCount; - vcopy = (SerData *) IOMalloc(sizeof(SerData) * nRanges); - if (vcopy == 0) return false; + if (os_mul_overflow(sizeof(SerData), nRanges, &vcopy_size)) { + result = false; + goto bail; + } + vcopy = (SerData *) IOMalloc(vcopy_size); + if (vcopy == 0) { + result = false; + goto bail; + } keys[0] = OSSymbol::withCString("address"); keys[1] = OSSymbol::withCString("length"); - result = false; - values[0] = values[1] = 0; - - // From this point on we can go to bail. - // Copy the volatile data so we don't have to allocate memory // while the lock is held. LOCK; @@ -4452,7 +4810,7 @@ bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const if (keys[1]) keys[1]->release(); if (vcopy) - IOFree(vcopy, sizeof(SerData) * nRanges); + IOFree(vcopy, vcopy_size); return result; }