X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/b0d623f7f2ae71ed96e60569f61f9a9a27016e80..4ba76501152d51ccb5647018f3192c6096367d48:/osfmk/kern/audit_sessionport.c diff --git a/osfmk/kern/audit_sessionport.c b/osfmk/kern/audit_sessionport.c index f42000464..eb51597a2 100644 --- a/osfmk/kern/audit_sessionport.c +++ b/osfmk/kern/audit_sessionport.c @@ -30,65 +30,40 @@ #include #include #include +#include #if CONFIG_AUDIT /* * audit_session_mksend * - * Description: Obtain a send right for given audit session information. + * Description: Obtain a send right for given audit session. * * Parameters: *aia_p Audit session information to assosiate with - * the new port. - * *sessionport Pointer to the current session port. This may - * actually be set to IPC_PORT_NULL. - * - * Returns: !NULL Resulting send right. - * NULL Failed to allocate port (due to lack of memory - * resources). - * - * *sessionport The session port that may have been allocated. - * - * Notes: On return, sendport will be set to the new send right on success, - * or null/dead on error. + * the new port. + * *sessionport Pointer to the current session port. This may + * actually be set to IPC_PORT_NULL. + * + * Returns: !NULL Resulting send right. + * NULL Failed to allocate port (due to lack of memory + * resources). + * + * Assumptions: Caller holds a reference on the session during the call. + * If there were no outstanding send rights against the port, + * hold a reference on the session and arm a new no-senders + * notification to determine when to release that reference. + * Otherwise, by creating an additional send right, we share + * the port's reference until all send rights go away. */ ipc_port_t audit_session_mksend(struct auditinfo_addr *aia_p, ipc_port_t *sessionport) { - ipc_port_t notifyport; - ipc_port_t sendport = IPC_PORT_NULL; - - /* - * If we have an existing, active session port then use it. - */ - sendport = ipc_port_make_send(*sessionport); - if (IP_VALID(sendport)) { - ip_lock(sendport); - if (ip_active(sendport) && - IKOT_AU_SESSIONPORT == ip_kotype(sendport)) { - ip_unlock(sendport); - return (sendport); - } - ip_unlock(sendport); - ipc_port_release_send(sendport); + audit_session_aiaref(aia_p); + if (!ipc_kobject_make_send_lazy_alloc_port(sessionport, + (ipc_kobject_t)aia_p, IKOT_AU_SESSIONPORT)) { + audit_session_aiaunref(aia_p); } - /* - * Otherwise, create a new one for this session. - */ - *sessionport = ipc_port_alloc_kernel(); - if (IP_VALID(*sessionport)) { - ipc_kobject_set(*sessionport, (ipc_kobject_t)aia_p, - IKOT_AU_SESSIONPORT); - - /* Request a no-senders notification. */ - notifyport = ipc_port_make_sonce(*sessionport); - ip_lock(*sessionport); - /* unlocked by ipc_port_nsrequest */ - ipc_port_nsrequest(*sessionport, 1, notifyport, ¬ifyport); - } - sendport = ipc_port_make_send(*sessionport); - - return (sendport); + return *sessionport; } @@ -96,11 +71,11 @@ audit_session_mksend(struct auditinfo_addr *aia_p, ipc_port_t *sessionport) * audit_session_porttoaia * * Description: Obtain the audit session info associated with the given port. - + * * Parameters: port A Mach port. * * Returns: NULL The given Mach port did not reference audit - * session info. + * session info. * !NULL The audit session info that is associated with * the Mach port. * @@ -113,12 +88,14 @@ audit_session_porttoaia(ipc_port_t port) if (IP_VALID(port)) { ip_lock(port); - if (ip_active(port) && IKOT_AU_SESSIONPORT == ip_kotype(port)) + if (IKOT_AU_SESSIONPORT == ip_kotype(port)) { + require_ip_active(port); aia_p = (struct auditinfo_addr *)port->ip_kobject; + } ip_unlock(port); - } + } - return (aia_p); + return aia_p; } @@ -130,47 +107,35 @@ audit_session_porttoaia(ipc_port_t port) * Parameters: msg A Mach no-senders notification message. * * Notes: It is possible that new send rights are created after a - * no-senders notification has been sent (i.e. via audit_session_mksend). - * We check the port's mscount against the notification's not_count - * to detect when this happens, and re-arm the notification in that - * case. - * - * In the normal case (no new senders), we first mark the port - * as dying by setting its object type to IKOT_NONE so that - * audit_session_mksend will no longer use it to create - * additional send rights. We can then safely call - * audit_session_port_destroy with no locks. + * no-senders notification has been sent, but they will be protected + * by another aia reference. */ void audit_session_nosenders(mach_msg_header_t *msg) { mach_no_senders_notification_t *notification = (void *)msg; ipc_port_t port = notification->not_header.msgh_remote_port; - ipc_port_t notifyport; struct auditinfo_addr *port_aia_p = NULL; - if (!IP_VALID(port)) - return; - ip_lock(port); - if (ip_active(port) && IKOT_AU_SESSIONPORT == ip_kotype(port)) { - port_aia_p = (struct auditinfo_addr *)port->ip_kobject; - assert(NULL != port_aia_p); - if (port->ip_mscount <= notification->not_count) - ipc_kobject_set_atomically(port, IKO_NULL, IKOT_NONE); - else { - /* re-arm the notification */ - ip_unlock(port); - notifyport = ipc_port_make_sonce(port); - ip_lock(port); - /* unlocked by ipc_port_nsrequest */ - ipc_port_nsrequest(port, port->ip_mscount, notifyport, - ¬ifyport); - return; - } + require_ip_active(port); + assert(IKOT_AU_SESSIONPORT == ip_kotype(port)); + port_aia_p = (struct auditinfo_addr *)port->ip_kobject; + assert(NULL != port_aia_p); + + audit_session_aiaunref(port_aia_p); +} + +void +audit_session_portdestroy(ipc_port_t *sessionport) +{ + ipc_port_t port = *sessionport; + + if (IP_VALID(port)) { + require_ip_active(port); + assert(IKOT_AU_SESSIONPORT == ip_kotype(port)); + ipc_kobject_set_atomically(port, IKO_NULL, IKOT_NONE); + ipc_port_dealloc_kernel(port); + *sessionport = IP_NULL; } - ip_unlock(port); - if (NULL != port_aia_p) - audit_session_portaiadestroy(port_aia_p); - ipc_port_dealloc_kernel(port); } #endif /* CONFIG_AUDIT */