X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/c910b4d9d2451126ae3917b931cd4390c11e1d52..e2d2fc5c71f7d145cba7267989251af45e3bb5ba:/iokit/Kernel/IOUserClient.cpp diff --git a/iokit/Kernel/IOUserClient.cpp b/iokit/Kernel/IOUserClient.cpp index 940197e34..32ce10c0f 100644 --- a/iokit/Kernel/IOUserClient.cpp +++ b/iokit/Kernel/IOUserClient.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006 Apple Computer, Inc. All rights reserved. + * Copyright (c) 1998-2008 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * @@ -27,6 +27,7 @@ */ +#include #include #include #include @@ -34,8 +35,24 @@ #include #include #include +#include #include +#include +#include +#include #include +#include + +#if CONFIG_MACF + +extern "C" { +#include +}; +#include + +#define IOMACF_LOG 0 + +#endif /* CONFIG_MACF */ #include @@ -45,7 +62,7 @@ #define SCALAR64(x) ((io_user_scalar_t)((unsigned int)x)) #define SCALAR32(x) ((uint32_t )x) #define ARG32(x) ((void *)SCALAR32(x)) -#define REF64(x) ((io_user_reference_t)((natural_t)(x))) +#define REF64(x) ((io_user_reference_t)((UInt64)(x))) #define REF32(x) ((int)(x)) enum @@ -54,6 +71,32 @@ enum kIOUCAsync64Flag = 1ULL }; +#if IOKITSTATS + +#define IOStatisticsRegisterCounter() \ +do { \ + reserved->counter = IOStatistics::registerUserClient(this); \ +} while (0) + +#define IOStatisticsUnregisterCounter() \ +do { \ + if (reserved) \ + IOStatistics::unregisterUserClient(reserved->counter); \ +} while (0) + +#define IOStatisticsClientCall() \ +do { \ + IOStatistics::countUserClientCall(client); \ +} while (0) + +#else + +#define IOStatisticsRegisterCounter() +#define IOStatisticsUnregisterCounter() +#define IOStatisticsClientCall() + +#endif /* IOKITSTATS */ + /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ // definitions we should get from osfmk @@ -85,6 +128,7 @@ extern ipc_port_t master_device_port; extern void iokit_retain_port( ipc_port_t port ); extern void iokit_release_port( ipc_port_t port ); +extern void iokit_release_port_send( ipc_port_t port ); extern kern_return_t iokit_switch_object_port( ipc_port_t port, io_object_t obj, ipc_kobject_type_t type ); @@ -379,9 +423,11 @@ iokit_client_died( io_object_t obj, ipc_port_t /* port */, if( IKOT_IOKIT_CONNECT == type) { - if( (client = OSDynamicCast( IOUserClient, obj ))) + if( (client = OSDynamicCast( IOUserClient, obj ))) { + IOStatisticsClientCall(); client->clientDied(); } + } else if( IKOT_IOKIT_OBJECT == type) { if( (map = OSDynamicCast( IOMemoryMap, obj ))) @@ -422,7 +468,7 @@ public: virtual void free(); static bool _handler( void * target, - void * ref, IOService * newService ); + void * ref, IOService * newService, IONotifier * notifier ); virtual bool handler( void * ref, IOService * newService ); virtual OSObject * getNextObject(); @@ -436,7 +482,7 @@ class IOServiceMessageUserNotification : public IOUserNotification mach_msg_header_t msgHdr; mach_msg_body_t msgBody; mach_msg_port_descriptor_t ports[1]; - OSNotificationHeader64 notifyHeader; + OSNotificationHeader64 notifyHeader __attribute__ ((packed)); }; PingMsg * pingMsg; @@ -587,7 +633,7 @@ void IOServiceUserNotification::free( void ) } bool IOServiceUserNotification::_handler( void * target, - void * ref, IOService * newService ) + void * ref, IOService * newService, IONotifier * notifier ) { return( ((IOServiceUserNotification *) target)->handler( ref, newService )); } @@ -621,13 +667,13 @@ bool IOServiceUserNotification::handler( void * ref, else pingMsg->msgHdr.msgh_local_port = NULL; - kr = mach_msg_send_from_kernel( &pingMsg->msgHdr, + kr = mach_msg_send_from_kernel_proper( &pingMsg->msgHdr, pingMsg->msgHdr.msgh_size); if( port) iokit_release_port( port ); if( KERN_SUCCESS != kr) - IOLog("%s: mach_msg_send_from_kernel {%x}\n", __FILE__, kr ); + IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr ); } return( true ); @@ -754,7 +800,7 @@ IOReturn IOServiceMessageUserNotification::handler( void * ref, else { data->messageArgument[0] |= (data->messageArgument[0] << 32); - argSize = sizeof(messageArgument); + argSize = sizeof(uint32_t); } } else @@ -772,7 +818,7 @@ IOReturn IOServiceMessageUserNotification::handler( void * ref, pingMsg->ports[0].name = providerPort; thisPort = iokit_port_for_object( this, IKOT_IOKIT_OBJECT ); pingMsg->msgHdr.msgh_local_port = thisPort; - kr = mach_msg_send_from_kernel( &pingMsg->msgHdr, + kr = mach_msg_send_from_kernel_proper( &pingMsg->msgHdr, pingMsg->msgHdr.msgh_size); if( thisPort) iokit_release_port( thisPort ); @@ -780,7 +826,7 @@ IOReturn IOServiceMessageUserNotification::handler( void * ref, iokit_release_port( providerPort ); if( KERN_SUCCESS != kr) - IOLog("%s: mach_msg_send_from_kernel {%x}\n", __FILE__, kr ); + IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr ); return( kIOReturnSuccess ); } @@ -807,10 +853,10 @@ void IOUserClient::setAsyncReference(OSAsyncReference asyncRef, mach_port_t wakePort, void *callback, void *refcon) { - asyncRef[kIOAsyncReservedIndex] = ((natural_t) wakePort) + asyncRef[kIOAsyncReservedIndex] = ((uintptr_t) wakePort) | (kIOUCAsync0Flags & asyncRef[kIOAsyncReservedIndex]); - asyncRef[kIOAsyncCalloutFuncIndex] = (natural_t) callback; - asyncRef[kIOAsyncCalloutRefconIndex] = (natural_t) refcon; + asyncRef[kIOAsyncCalloutFuncIndex] = (uintptr_t) callback; + asyncRef[kIOAsyncCalloutRefconIndex] = (uintptr_t) refcon; } void IOUserClient::setAsyncReference64(OSAsyncReference64 asyncRef, @@ -823,7 +869,7 @@ void IOUserClient::setAsyncReference64(OSAsyncReference64 asyncRef, asyncRef[kIOAsyncCalloutRefconIndex] = refcon; } -inline OSDictionary * CopyConsoleUser(UInt32 uid) +static OSDictionary * CopyConsoleUser(UInt32 uid) { OSArray * array; OSDictionary * user = 0; @@ -847,6 +893,29 @@ inline OSDictionary * CopyConsoleUser(UInt32 uid) return user; } +static OSDictionary * CopyUserOnConsole(void) +{ + OSArray * array; + OSDictionary * user = 0; + + if ((array = OSDynamicCast(OSArray, + IORegistryEntry::getRegistryRoot()->copyProperty(gIOConsoleUsersKey)))) + { + for (unsigned int idx = 0; + (user = OSDynamicCast(OSDictionary, array->getObject(idx))); + idx++) + { + if (kOSBooleanTrue == user->getObject(gIOConsoleSessionOnConsoleKey)) + { + user->retain(); + break; + } + } + array->release(); + } + return (user); +} + IOReturn IOUserClient::clientHasPrivilege( void * securityToken, const char * privilegeName ) { @@ -857,26 +926,71 @@ IOReturn IOUserClient::clientHasPrivilege( void * securityToken, OSDictionary * user; bool secureConsole; - if ((secureConsole = !strcmp(privilegeName, kIOClientPrivilegeSecureConsoleProcess))) + + if (!strncmp(privilegeName, kIOClientPrivilegeForeground, + sizeof(kIOClientPrivilegeForeground))) + { + /* is graphics access denied for current task? */ + if (proc_get_task_selfgpuacc_deny() != 0) + return (kIOReturnNotPrivileged); + else + return (kIOReturnSuccess); + } + + if (!strncmp(privilegeName, kIOClientPrivilegeConsoleSession, + sizeof(kIOClientPrivilegeConsoleSession))) + { + kauth_cred_t cred; + proc_t p; + + task = (task_t) securityToken; + if (!task) + task = current_task(); + p = (proc_t) get_bsdtask_info(task); + kr = kIOReturnNotPrivileged; + + if (p && (cred = kauth_cred_proc_ref(p))) + { + user = CopyUserOnConsole(); + if (user) + { + OSNumber * num; + if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionAuditIDKey))) + && (cred->cr_audit.as_aia_p->ai_asid == (au_asid_t) num->unsigned32BitValue())) + { + kr = kIOReturnSuccess; + } + user->release(); + } + kauth_cred_unref(&cred); + } + return (kr); + } + + if ((secureConsole = !strncmp(privilegeName, kIOClientPrivilegeSecureConsoleProcess, + sizeof(kIOClientPrivilegeSecureConsoleProcess)))) task = (task_t)((IOUCProcessToken *)securityToken)->token; else task = (task_t)securityToken; - + count = TASK_SECURITY_TOKEN_COUNT; kr = task_info( task, TASK_SECURITY_TOKEN, (task_info_t) &token, &count ); if (KERN_SUCCESS != kr) {} - else if (!strcmp(privilegeName, kIOClientPrivilegeAdministrator)) { + else if (!strncmp(privilegeName, kIOClientPrivilegeAdministrator, + sizeof(kIOClientPrivilegeAdministrator))) { if (0 != token.val[0]) kr = kIOReturnNotPrivileged; - } else if (!strcmp(privilegeName, kIOClientPrivilegeLocalUser)) { + } else if (!strncmp(privilegeName, kIOClientPrivilegeLocalUser, + sizeof(kIOClientPrivilegeLocalUser))) { user = CopyConsoleUser(token.val[0]); if ( user ) user->release(); else kr = kIOReturnNotPrivileged; - } else if (secureConsole || !strcmp(privilegeName, kIOClientPrivilegeConsoleUser)) { + } else if (secureConsole || !strncmp(privilegeName, kIOClientPrivilegeConsoleUser, + sizeof(kIOClientPrivilegeConsoleUser))) { user = CopyConsoleUser(token.val[0]); if ( user ) { if (user->getObject(gIOConsoleSessionOnConsoleKey) != kOSBooleanTrue) @@ -898,28 +1012,28 @@ IOReturn IOUserClient::clientHasPrivilege( void * securityToken, bool IOUserClient::init() { - if( getPropertyTable()) - return true; - else - return super::init(); + if (getPropertyTable() || super::init()) + return reserve(); + + return false; } bool IOUserClient::init(OSDictionary * dictionary) { - if( getPropertyTable()) - return true; - else - return super::init(dictionary); + if (getPropertyTable() || super::init(dictionary)) + return reserve(); + + return false; } bool IOUserClient::initWithTask(task_t owningTask, void * securityID, UInt32 type ) -{ - if( getPropertyTable()) - return true; - else - return super::init(); +{ + if (getPropertyTable() || super::init()) + return reserve(); + + return false; } bool IOUserClient::initWithTask(task_t owningTask, @@ -935,11 +1049,30 @@ bool IOUserClient::initWithTask(task_t owningTask, return( ok ); } +bool IOUserClient::reserve() +{ + if(!reserved) { + reserved = IONew(ExpansionData, 1); + if (!reserved) { + return false; + } + } + + IOStatisticsRegisterCounter(); + + return true; +} + void IOUserClient::free() { if( mappings) mappings->release(); + + IOStatisticsUnregisterCounter(); + if (reserved) + IODelete(reserved, ExpansionData, 1); + super::free(); } @@ -966,6 +1099,14 @@ IOReturn IOUserClient::registerNotificationPort( return( kIOReturnUnsupported); } +IOReturn IOUserClient::registerNotificationPort( + mach_port_t port, + UInt32 type, + io_user_reference_t refCon) +{ + return (registerNotificationPort(port, type, (UInt32) refCon)); +} + IOReturn IOUserClient::getNotificationSemaphore( UInt32 notification_type, semaphore_t * semaphore ) { @@ -984,29 +1125,16 @@ IOReturn IOUserClient::clientMemoryForType( UInt32 type, return( kIOReturnUnsupported); } +#if !__LP64__ IOMemoryMap * IOUserClient::mapClientMemory( IOOptionBits type, task_t task, IOOptionBits mapFlags, IOVirtualAddress atAddress ) { - IOReturn err; - IOOptionBits options = 0; - IOMemoryDescriptor * memory; - IOMemoryMap * map = 0; - - err = clientMemoryForType( (UInt32) type, &options, &memory ); - - if( memory && (kIOReturnSuccess == err)) { - - options = (options & ~kIOMapUserOptionsMask) - | (mapFlags & kIOMapUserOptionsMask); - map = memory->map( task, atAddress, options ); - memory->release(); - } - - return( map ); + return (NULL); } +#endif IOMemoryMap * IOUserClient::mapClientMemory64( IOOptionBits type, @@ -1094,6 +1222,25 @@ getTargetAndTrapForIndex(IOService ** targetP, UInt32 index) return trap; } +IOReturn IOUserClient::releaseAsyncReference64(OSAsyncReference64 reference) +{ + mach_port_t port; + port = (mach_port_t) (reference[0] & ~kIOUCAsync0Flags); + + if (MACH_PORT_NULL != port) + iokit_release_port_send(port); + + return (kIOReturnSuccess); +} + +IOReturn IOUserClient::releaseNotificationPort(mach_port_t port) +{ + if (MACH_PORT_NULL != port) + iokit_release_port_send(port); + + return (kIOReturnSuccess); +} + IOReturn IOUserClient::sendAsyncResult(OSAsyncReference reference, IOReturn result, void *args[], UInt32 numArgs) { @@ -1131,8 +1278,7 @@ IOReturn IOUserClient::sendAsyncResult64(OSAsyncReference64 reference, { OSNotificationHeader64 notifyHdr; IOAsyncCompletionContent asyncContent; - uint32_t pad; - io_user_reference_t args[kMaxAsyncArgs]; + io_user_reference_t args[kMaxAsyncArgs] __attribute__ ((packed)); } msg64; } m; }; @@ -1159,7 +1305,6 @@ IOReturn IOUserClient::sendAsyncResult64(OSAsyncReference64 reference, sizeof(replyMsg.msgHdr) + sizeof(replyMsg.m.msg64) - (kMaxAsyncArgs - numArgs) * sizeof(io_user_reference_t); replyMsg.m.msg64.notifyHdr.size = sizeof(IOAsyncCompletionContent) - + sizeof(uint32_t) + numArgs * sizeof(io_user_reference_t); replyMsg.m.msg64.notifyHdr.type = kIOAsyncCompletionNotificationType; bcopy(reference, replyMsg.m.msg64.notifyHdr.reference, sizeof(OSAsyncReference64)); @@ -1189,10 +1334,10 @@ IOReturn IOUserClient::sendAsyncResult64(OSAsyncReference64 reference, replyMsg.m.msg32.args[idx] = REF32(args[idx]); } - kr = mach_msg_send_from_kernel( &replyMsg.msgHdr, + kr = mach_msg_send_from_kernel_proper( &replyMsg.msgHdr, replyMsg.msgHdr.msgh_size); if( KERN_SUCCESS != kr) - IOLog("%s: mach_msg_send_from_kernel {%x}\n", __FILE__, kr ); + IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr ); return kr; } @@ -1212,16 +1357,16 @@ kern_return_t is_io_object_get_class( io_name_t className ) { const OSMetaClass* my_obj = NULL; - - if( !object) - return( kIOReturnBadArgument ); + + if( !object) + return( kIOReturnBadArgument ); my_obj = object->getMetaClass(); if (!my_obj) { return (kIOReturnNotFound); } - strcpy( className, my_obj->getClassName()); + strlcpy( className, my_obj->getClassName(), sizeof(io_name_t)); return( kIOReturnSuccess ); } @@ -1405,9 +1550,9 @@ kern_return_t is_io_service_match_property_table_ool( kern_return_t *result, boolean_t *matches ) { - kern_return_t kr; - vm_offset_t data; - vm_map_offset_t map_data; + kern_return_t kr; + vm_offset_t data; + vm_map_offset_t map_data; kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching ); data = CAST_DOWN(vm_offset_t, map_data); @@ -1528,10 +1673,9 @@ static kern_return_t internal_io_service_add_notification( if( !userNotify) continue; - notify = IOService::addNotification( sym, dict, + notify = IOService::addMatchingNotification( sym, dict, &userNotify->_handler, userNotify ); if( notify) { - dict = 0; *notification = userNotify; userNotify->setNotification( notify ); err = kIOReturnSuccess; @@ -1649,6 +1793,7 @@ kern_return_t is_io_service_add_notification_old( io_name_t notification_type, io_string_t matching, mach_port_t port, + // for binary compatibility reasons, this must be natural_t for ILP32 natural_t ref, io_object_t * notification ) { @@ -1753,6 +1898,7 @@ kern_return_t is_io_connect_get_notification_semaphore( { CHECK( IOUserClient, connection, client ); + IOStatisticsClientCall(); return( client->getNotificationSemaphore( (UInt32) notification_type, semaphore )); } @@ -1933,10 +2079,22 @@ kern_return_t is_io_registry_entry_get_location_in_plane( return( kIOReturnNotFound ); } +/* Routine io_registry_entry_get_registry_entry_id */ +kern_return_t is_io_registry_entry_get_registry_entry_id( + io_object_t registry_entry, + uint64_t *entry_id ) +{ + CHECK( IORegistryEntry, registry_entry, entry ); + + *entry_id = entry->getRegistryEntryID(); + + return (kIOReturnSuccess); +} + // Create a vm_map_copy_t or kalloc'ed data for memory // to be copied out. ipc will free after the copyout. -static kern_return_t copyoutkdata( void * data, vm_size_t len, +static kern_return_t copyoutkdata( const void * data, vm_size_t len, io_buf_ptr_t * buf ) { kern_return_t err; @@ -2150,11 +2308,17 @@ kern_return_t is_io_registry_entry_set_properties obj = OSUnserializeXML( (const char *) data ); vm_deallocate( kernel_map, data, propertiesCnt ); - if( obj) { + if (!obj) + res = kIOReturnBadArgument; +#if CONFIG_MACF + else if (0 != mac_iokit_check_set_properties(kauth_cred_get(), + registry_entry, obj)) + res = kIOReturnNotPermitted; +#endif + else res = entry->setProperties( obj ); - obj->release(); - } else - res = kIOReturnBadArgument; + if (obj) + obj->release(); } else res = err; @@ -2205,11 +2369,15 @@ kern_return_t is_io_service_get_busy_state( /* Routine io_service_get_state */ kern_return_t is_io_service_get_state( io_object_t _service, - uint64_t *state ) + uint64_t *state, + uint32_t *busy_state, + uint64_t *accumulated_busy_time ) { CHECK( IOService, _service, service ); - *state = service->getState(); + *state = service->getState(); + *busy_state = service->getBusyState(); + *accumulated_busy_time = service->getAccumulatedBusyTime(); return( kIOReturnSuccess ); } @@ -2219,9 +2387,15 @@ kern_return_t is_io_service_wait_quiet( io_object_t _service, mach_timespec_t wait_time ) { + uint64_t timeoutNS; + CHECK( IOService, _service, service ); - return( service->waitQuiet( &wait_time )); + timeoutNS = wait_time.tv_sec; + timeoutNS *= kSecondScale; + timeoutNS += wait_time.tv_nsec; + + return( service->waitQuiet(timeoutNS) ); } /* Routine io_service_request_probe */ @@ -2234,30 +2408,6 @@ kern_return_t is_io_service_request_probe( return( service->requestProbe( options )); } - -/* Routine io_service_open */ -kern_return_t is_io_service_open( - io_object_t _service, - task_t owningTask, - uint32_t connect_type, - io_object_t *connection ) -{ - IOUserClient * client; - IOReturn err; - - CHECK( IOService, _service, service ); - - err = service->newUserClient( owningTask, (void *) owningTask, - connect_type, 0, &client ); - - if( err == kIOReturnSuccess) { - assert( OSDynamicCast(IOUserClient, client) ); - *connection = client; - } - - return( err); -} - /* Routine io_service_open_ndr */ kern_return_t is_io_service_open_extended( io_object_t _service, @@ -2333,16 +2483,26 @@ kern_return_t is_io_service_open_extended( disallowAccess = (crossEndian && (kOSBooleanTrue != service->getProperty(kIOUserClientCrossEndianCompatibleKey)) && (kOSBooleanTrue != client->getProperty(kIOUserClientCrossEndianCompatibleKey))); - - if (disallowAccess) + if (disallowAccess) res = kIOReturnUnsupported; +#if CONFIG_MACF + else if (0 != mac_iokit_check_open(kauth_cred_get(), client, connect_type)) + res = kIOReturnNotPermitted; +#endif + if (kIOReturnSuccess != res) { + IOStatisticsClientCall(); client->clientClose(); client->release(); client = 0; - res = kIOReturnUnsupported; break; } client->sharedInstance = (0 != client->getProperty(kIOUserClientSharedInstanceKey)); + OSString * creatorName = IOCopyLogNameForPID(proc_selfpid()); + if (creatorName) + { + client->setProperty(kIOUserClientCreatorKey, creatorName); + creatorName->release(); + } } } while (false); @@ -2363,6 +2523,7 @@ kern_return_t is_io_service_close( CHECK( IOUserClient, connection, client ); + IOStatisticsClientCall(); client->clientClose(); return( kIOReturnSuccess ); @@ -2395,8 +2556,9 @@ kern_return_t is_io_connect_set_notification_port( { CHECK( IOUserClient, connection, client ); + IOStatisticsClientCall(); return( client->registerNotificationPort( port, notification_type, - reference )); + (io_user_reference_t) reference )); } /* Routine io_connect_set_notification_port */ @@ -2408,6 +2570,7 @@ kern_return_t is_io_connect_set_notification_port_64( { CHECK( IOUserClient, connection, client ); + IOStatisticsClientCall(); return( client->registerNotificationPort( port, notification_type, reference )); } @@ -2428,6 +2591,7 @@ kern_return_t is_io_connect_map_memory_into_task CHECK( IOUserClient, connection, client ); + IOStatisticsClientCall(); map = client->mapClientMemory64( memory_type, into_task, flags, *address ); if( map) { @@ -2486,6 +2650,8 @@ kern_return_t is_io_connect_map_memory( return (err); } +} /* extern "C" */ + IOMemoryMap * IOUserClient::removeMappingForDescriptor(IOMemoryDescriptor * mem) { OSIterator * iter; @@ -2513,6 +2679,8 @@ IOMemoryMap * IOUserClient::removeMappingForDescriptor(IOMemoryDescriptor * mem) return (map); } +extern "C" { + /* Routine io_connect_unmap_memory_from_task */ kern_return_t is_io_connect_unmap_memory_from_task ( @@ -2528,6 +2696,7 @@ kern_return_t is_io_connect_unmap_memory_from_task CHECK( IOUserClient, connection, client ); + IOStatisticsClientCall(); err = client->clientMemoryForType( (UInt32) memory_type, &options, &memory ); if( memory && (kIOReturnSuccess == err)) { @@ -2549,7 +2718,7 @@ kern_return_t is_io_connect_unmap_memory_from_task name = IOMachPort::makeSendRightForTask( from_task, map, IKOT_IOKIT_OBJECT ); if (name) { - map->unmap(); + map->userClientUnmap(); err = iokit_mod_send_right( from_task, name, -2 ); err = kIOReturnSuccess; } @@ -2590,6 +2759,7 @@ kern_return_t is_io_connect_add_client( CHECK( IOUserClient, connection, client ); CHECK( IOUserClient, connect_to, to ); + IOStatisticsClientCall(); return( client->connectClient( to ) ); } @@ -2604,9 +2774,8 @@ kern_return_t is_io_connect_set_properties( return( is_io_registry_entry_set_properties( connection, properties, propertiesCnt, result )); } - /* Routine io_user_client_method */ -kern_return_t is_io_connect_method +kern_return_t is_io_connect_method_var_output ( io_connect_t connection, uint32_t selector, @@ -2616,12 +2785,104 @@ kern_return_t is_io_connect_method mach_msg_type_number_t inband_inputCnt, mach_vm_address_t ool_input, mach_vm_size_t ool_input_size, + io_struct_inband_t inband_output, + mach_msg_type_number_t *inband_outputCnt, io_scalar_inband64_t scalar_output, mach_msg_type_number_t *scalar_outputCnt, + io_buf_ptr_t *var_output, + mach_msg_type_number_t *var_outputCnt +) +{ + CHECK( IOUserClient, connection, client ); + + IOExternalMethodArguments args; + IOReturn ret; + IOMemoryDescriptor * inputMD = 0; + OSObject * structureVariableOutputData = 0; + + bzero(&args.__reserved[0], sizeof(args.__reserved)); + args.version = kIOExternalMethodArgumentsCurrentVersion; + + args.selector = selector; + + args.asyncWakePort = MACH_PORT_NULL; + args.asyncReference = 0; + args.asyncReferenceCount = 0; + args.structureVariableOutputData = &structureVariableOutputData; + + args.scalarInput = scalar_input; + args.scalarInputCount = scalar_inputCnt; + args.structureInput = inband_input; + args.structureInputSize = inband_inputCnt; + + if (ool_input) + inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size, + kIODirectionOut, current_task()); + + args.structureInputDescriptor = inputMD; + + args.scalarOutput = scalar_output; + args.scalarOutputCount = *scalar_outputCnt; + args.structureOutput = inband_output; + args.structureOutputSize = *inband_outputCnt; + args.structureOutputDescriptor = NULL; + args.structureOutputDescriptorSize = 0; + + IOStatisticsClientCall(); + ret = client->externalMethod( selector, &args ); + + *scalar_outputCnt = args.scalarOutputCount; + *inband_outputCnt = args.structureOutputSize; + + if (var_outputCnt && var_output && (kIOReturnSuccess == ret)) + { + OSSerialize * serialize; + OSData * data; + vm_size_t len; + + if ((serialize = OSDynamicCast(OSSerialize, structureVariableOutputData))) + { + len = serialize->getLength(); + *var_outputCnt = len; + ret = copyoutkdata(serialize->text(), len, var_output); + } + else if ((data = OSDynamicCast(OSData, structureVariableOutputData))) + { + len = data->getLength(); + *var_outputCnt = len; + ret = copyoutkdata(data->getBytesNoCopy(), len, var_output); + } + else + { + ret = kIOReturnUnderrun; + } + } + + if (inputMD) + inputMD->release(); + if (structureVariableOutputData) + structureVariableOutputData->release(); + + return (ret); +} + +/* Routine io_user_client_method */ +kern_return_t is_io_connect_method +( + io_connect_t connection, + uint32_t selector, + io_scalar_inband64_t scalar_input, + mach_msg_type_number_t scalar_inputCnt, + io_struct_inband_t inband_input, + mach_msg_type_number_t inband_inputCnt, + mach_vm_address_t ool_input, + mach_vm_size_t ool_input_size, io_struct_inband_t inband_output, mach_msg_type_number_t *inband_outputCnt, + io_scalar_inband64_t scalar_output, + mach_msg_type_number_t *scalar_outputCnt, mach_vm_address_t ool_output, - mach_vm_size_t * ool_output_size + mach_vm_size_t *ool_output_size ) { CHECK( IOUserClient, connection, client ); @@ -2636,9 +2897,10 @@ kern_return_t is_io_connect_method args.selector = selector; - args.asyncWakePort = MACH_PORT_NULL; - args.asyncReference = 0; - args.asyncReferenceCount = 0; + args.asyncWakePort = MACH_PORT_NULL; + args.asyncReference = 0; + args.asyncReferenceCount = 0; + args.structureVariableOutputData = 0; args.scalarInput = scalar_input; args.scalarInputCount = scalar_inputCnt; @@ -2656,15 +2918,16 @@ kern_return_t is_io_connect_method args.structureOutput = inband_output; args.structureOutputSize = *inband_outputCnt; - if (ool_output) + if (ool_output && ool_output_size) { outputMD = IOMemoryDescriptor::withAddressRange(ool_output, *ool_output_size, kIODirectionIn, current_task()); } args.structureOutputDescriptor = outputMD; - args.structureOutputDescriptorSize = *ool_output_size; + args.structureOutputDescriptorSize = ool_output_size ? *ool_output_size : 0; + IOStatisticsClientCall(); ret = client->externalMethod( selector, &args ); *scalar_outputCnt = args.scalarOutputCount; @@ -2693,10 +2956,10 @@ kern_return_t is_io_connect_async_method mach_msg_type_number_t inband_inputCnt, mach_vm_address_t ool_input, mach_vm_size_t ool_input_size, - io_scalar_inband64_t scalar_output, - mach_msg_type_number_t *scalar_outputCnt, io_struct_inband_t inband_output, mach_msg_type_number_t *inband_outputCnt, + io_scalar_inband64_t scalar_output, + mach_msg_type_number_t *scalar_outputCnt, mach_vm_address_t ool_output, mach_vm_size_t * ool_output_size ) @@ -2746,6 +3009,7 @@ kern_return_t is_io_connect_async_method args.structureOutputDescriptor = outputMD; args.structureOutputDescriptorSize = *ool_output_size; + IOStatisticsClientCall(); ret = client->externalMethod( selector, &args ); *inband_outputCnt = args.structureOutputSize; @@ -2783,8 +3047,8 @@ kern_return_t is_io_connect_method_scalarI_scalarO( _input, inputCount, NULL, 0, 0, 0, - _output, outputCount, NULL, &struct_outputCnt, + _output, outputCount, 0, &ool_output_size); for (i = 0; i < *outputCount; i++) @@ -2902,8 +3166,8 @@ kern_return_t is_io_async_method_scalarI_scalarO( _input, inputCount, NULL, 0, 0, 0, - _output, outputCount, NULL, &struct_outputCnt, + _output, outputCount, 0, &ool_output_size); for (i = 0; i < *outputCount; i++) @@ -2942,8 +3206,8 @@ kern_return_t is_io_async_method_scalarI_structureO( _input, inputCount, NULL, 0, 0, 0, - NULL, &scalar_outputCnt, output, outputCount, + NULL, &scalar_outputCnt, 0, &ool_output_size)); } @@ -2979,8 +3243,8 @@ kern_return_t is_io_async_method_scalarI_structureI( _input, inputCount, inputStruct, inputStructCount, 0, 0, - NULL, &scalar_outputCnt, NULL, &inband_outputCnt, + NULL, &scalar_outputCnt, 0, &ool_output_size)); } @@ -3010,8 +3274,8 @@ kern_return_t is_io_async_method_structureI_structureO( NULL, 0, input, inputCount, 0, 0, - NULL, &scalar_outputCnt, output, outputCount, + NULL, &scalar_outputCnt, 0, &ool_output_size)); } @@ -3130,8 +3394,8 @@ kern_return_t is_io_connect_method_scalarI_structureO( _input, inputCount, NULL, 0, 0, 0, - NULL, &scalar_outputCnt, output, outputCount, + NULL, &scalar_outputCnt, 0, &ool_output_size)); } @@ -3142,7 +3406,7 @@ kern_return_t shim_io_connect_method_scalarI_structureO( const io_user_scalar_t * input, mach_msg_type_number_t inputCount, io_struct_inband_t output, - mach_msg_type_number_t * outputCount ) + IOByteCount * outputCount ) { IOMethod func; IOReturn err; @@ -3303,8 +3567,8 @@ kern_return_t is_io_connect_method_scalarI_structureI( _input, inputCount, inputStruct, inputStructCount, 0, 0, - NULL, &scalar_outputCnt, NULL, &inband_outputCnt, + NULL, &scalar_outputCnt, 0, &ool_output_size)); } @@ -3476,8 +3740,8 @@ kern_return_t is_io_connect_method_structureI_structureO( NULL, 0, input, inputCount, 0, 0, - NULL, &scalar_outputCnt, output, outputCount, + NULL, &scalar_outputCnt, 0, &ool_output_size)); } @@ -3487,7 +3751,7 @@ kern_return_t shim_io_connect_method_structureI_structureO( io_struct_inband_t input, mach_msg_type_number_t inputCount, io_struct_inband_t output, - mach_msg_type_number_t * outputCount ) + IOByteCount * outputCount ) { IOMethod func; IOReturn err = kIOReturnBadArgument; @@ -3636,7 +3900,7 @@ kern_return_t is_io_make_matching( err = kIOReturnNoMemory; continue; } else - strcpy( matching, s->text()); + strlcpy(matching, s->text(), sizeof(io_string_t)); } while( false); @@ -3665,15 +3929,19 @@ kern_return_t is_io_catalog_send_data( if( master_port != master_device_port) return kIOReturnNotPrivileged; - // FIXME: This is a hack. Should have own function for removeKernelLinker() - if( (flag != kIOCatalogRemoveKernelLinker && flag != kIOCatalogKextdFinishedLaunching) && ( !inData || !inDataCount) ) + if( (flag != kIOCatalogRemoveKernelLinker && + flag != kIOCatalogKextdActive && + flag != kIOCatalogKextdFinishedLaunching) && + ( !inData || !inDataCount) ) + { return kIOReturnBadArgument; + } if (inData) { vm_map_offset_t map_data; kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t)inData); - data = CAST_DOWN(vm_offset_t, map_data); + data = CAST_DOWN(vm_offset_t, map_data); if( kr != KERN_SUCCESS) return kr; @@ -3691,6 +3959,23 @@ kern_return_t is_io_catalog_send_data( } switch ( flag ) { + case kIOCatalogResetDrivers: + case kIOCatalogResetDriversNoMatch: { + OSArray * array; + + array = OSDynamicCast(OSArray, obj); + if (array) { + if ( !gIOCatalogue->resetAndAddDrivers(array, + flag == kIOCatalogResetDrivers) ) { + + kr = kIOReturnError; + } + } else { + kr = kIOReturnBadArgument; + } + } + break; + case kIOCatalogAddDrivers: case kIOCatalogAddDriversNoMatch: { OSArray * array; @@ -3740,21 +4025,31 @@ kern_return_t is_io_catalog_send_data( } break; - case kIOCatalogRemoveKernelLinker: { - if (gIOCatalogue->removeKernelLinker() != KERN_SUCCESS) { - kr = kIOReturnError; - } else { - kr = kIOReturnSuccess; - } - } + case kIOCatalogRemoveKernelLinker: + kr = KERN_NOT_SUPPORTED; + break; + + case kIOCatalogKextdActive: +#if !NO_KEXTD + IOServiceTrace(IOSERVICE_KEXTD_ALIVE, 0, 0, 0, 0); + OSKext::setKextdActive(); + + /* Dump all nonloaded startup extensions; kextd will now send them + * down on request. + */ + OSKext::flushNonloadedKexts( /* flushPrelinkedKexts */ false); +#endif + kr = kIOReturnSuccess; break; case kIOCatalogKextdFinishedLaunching: { #if !NO_KEXTD static bool clearedBusy = false; + if (!clearedBusy) { IOService * serviceRoot = IOService::getServiceRoot(); if (serviceRoot) { + IOServiceTrace(IOSERVICE_KEXTD_READY, 0, 0, 0, 0); serviceRoot->adjustBusy(-1); clearedBusy = true; } @@ -3792,6 +4087,7 @@ kern_return_t is_io_catalog_terminate( return( kr ); switch ( flag ) { +#if !defined(SECURE_KERNEL) case kIOCatalogServiceTerminate: OSIterator * iter; IOService * service; @@ -3821,6 +4117,7 @@ kern_return_t is_io_catalog_terminate( kr = gIOCatalogue->terminateDriversForModule(name, flag == kIOCatalogModuleUnload); break; +#endif default: kr = kIOReturnBadArgument; @@ -3892,7 +4189,9 @@ kern_return_t is_io_catalog_get_gen_count( return kIOReturnSuccess; } -/* Routine io_catalog_module_loaded */ +/* Routine io_catalog_module_loaded. + * Is invoked from IOKitLib's IOCatalogueModuleLoaded(). Doesn't seem to be used. + */ kern_return_t is_io_catalog_module_loaded( mach_port_t master_port, io_name_t name) @@ -3957,11 +4256,14 @@ kern_return_t iokit_user_client_trap(struct iokit_user_client_trap_args *args) return result; } +} /* extern "C" */ + IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArguments * args, IOExternalMethodDispatch * dispatch, OSObject * target, void * reference ) { IOReturn err; IOService * object; + IOByteCount structureOutputSize; if (dispatch) { @@ -4002,6 +4304,7 @@ IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArgume return (err); } + // pre-Leopard API's don't do ool structs if (args->structureInputDescriptor || args->structureOutputDescriptor) { @@ -4009,6 +4312,8 @@ IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArgume return (err); } + structureOutputSize = args->structureOutputSize; + if (args->asyncWakePort) { IOExternalAsyncMethod * method; @@ -4016,6 +4321,13 @@ IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArgume if( !(method = getAsyncTargetAndMethodForIndex(&object, selector)) ) return (kIOReturnUnsupported); + if (kIOUCForegroundOnly & method->flags) + { + /* is graphics access denied for current task? */ + if (proc_get_task_selfgpuacc_deny() != 0) + return (kIOReturnNotPermitted); + } + switch (method->flags & kIOUCTypeMask) { case kIOUCScalarIStructI: @@ -4059,12 +4371,20 @@ IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArgume if( !(method = getTargetAndMethodForIndex(&object, selector)) ) return (kIOReturnUnsupported); + if (kIOUCForegroundOnly & method->flags) + { + /* is graphics access denied for current task? */ + if (proc_get_task_selfgpuacc_deny() != 0) + return (kIOReturnNotPermitted); + + } + switch (method->flags & kIOUCTypeMask) { case kIOUCScalarIStructI: err = shim_io_connect_method_scalarI_structureI( method, object, args->scalarInput, args->scalarInputCount, - (char *)args->structureInput, args->structureInputSize ); + (char *) args->structureInput, args->structureInputSize ); break; case kIOUCScalarIScalarO: @@ -4076,14 +4396,14 @@ IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArgume case kIOUCScalarIStructO: err = shim_io_connect_method_scalarI_structureO( method, object, args->scalarInput, args->scalarInputCount, - (char *) args->structureOutput, &args->structureOutputSize ); + (char *) args->structureOutput, &structureOutputSize ); break; case kIOUCStructIStructO: err = shim_io_connect_method_structureI_structureO( method, object, - (char *)args->structureInput, args->structureInputSize, - (char *) args->structureOutput, &args->structureOutputSize ); + (char *) args->structureInput, args->structureInputSize, + (char *) args->structureOutput, &structureOutputSize ); break; default: @@ -4091,14 +4411,20 @@ IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArgume break; } } + + args->structureOutputSize = structureOutputSize; + return (err); } -}; /* extern "C" */ - -OSMetaClassDefineReservedUsed(IOUserClient, 0); +#if __LP64__ +OSMetaClassDefineReservedUnused(IOUserClient, 0); OSMetaClassDefineReservedUnused(IOUserClient, 1); +#else +OSMetaClassDefineReservedUsed(IOUserClient, 0); +OSMetaClassDefineReservedUsed(IOUserClient, 1); +#endif OSMetaClassDefineReservedUnused(IOUserClient, 2); OSMetaClassDefineReservedUnused(IOUserClient, 3); OSMetaClassDefineReservedUnused(IOUserClient, 4);