1 | /* |
2 | * Copyright (c) 2013 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | |
29 | #include <mach/mach_types.h> |
30 | #include <mach/mach_traps.h> |
31 | #include <mach/notify.h> |
32 | #include <ipc/ipc_types.h> |
33 | #include <ipc/ipc_port.h> |
34 | #include <ipc/ipc_voucher.h> |
35 | #include <kern/ipc_kobject.h> |
36 | #include <kern/ipc_tt.h> |
37 | #include <kern/mach_param.h> |
38 | #include <kern/kalloc.h> |
39 | #include <kern/zalloc.h> |
40 | |
41 | #include <libkern/OSAtomic.h> |
42 | |
43 | #include <mach/mach_voucher_server.h> |
44 | #include <mach/mach_voucher_attr_control_server.h> |
45 | #include <mach/mach_host_server.h> |
46 | #include <voucher/ipc_pthread_priority_types.h> |
47 | |
48 | /* |
49 | * Sysctl variable; enable and disable tracing of voucher contents |
50 | */ |
51 | uint32_t ipc_voucher_trace_contents = 0; |
52 | |
53 | static zone_t ipc_voucher_zone; |
54 | static zone_t ipc_voucher_attr_control_zone; |
55 | |
56 | /* |
57 | * Voucher hash table |
58 | */ |
59 | #define IV_HASH_BUCKETS 127 |
60 | #define IV_HASH_BUCKET(x) ((x) % IV_HASH_BUCKETS) |
61 | |
62 | static queue_head_t ivht_bucket[IV_HASH_BUCKETS]; |
63 | static lck_spin_t ivht_lock_data; |
64 | static uint32_t ivht_count = 0; |
65 | |
66 | #define ivht_lock_init() \ |
67 | lck_spin_init(&ivht_lock_data, &ipc_lck_grp, &ipc_lck_attr) |
68 | #define ivht_lock_destroy() \ |
69 | lck_spin_destroy(&ivht_lock_data, &ipc_lck_grp) |
70 | #define ivht_lock() \ |
71 | lck_spin_lock(&ivht_lock_data) |
72 | #define ivht_lock_try() \ |
73 | lck_spin_try_lock(&ivht_lock_data) |
74 | #define ivht_unlock() \ |
75 | lck_spin_unlock(&ivht_lock_data) |
76 | |
77 | /* |
78 | * Global table of resource manager registrations |
79 | * |
80 | * NOTE: For now, limited to well-known resource managers |
81 | * eventually, will include dynamic allocations requiring |
82 | * table growth and hashing by key. |
83 | */ |
84 | static iv_index_t ivgt_keys_in_use = MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN; |
85 | static ipc_voucher_global_table_element iv_global_table[MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN]; |
86 | static lck_spin_t ivgt_lock_data; |
87 | |
88 | #define ivgt_lock_init() \ |
89 | lck_spin_init(&ivgt_lock_data, &ipc_lck_grp, &ipc_lck_attr) |
90 | #define ivgt_lock_destroy() \ |
91 | lck_spin_destroy(&ivgt_lock_data, &ipc_lck_grp) |
92 | #define ivgt_lock() \ |
93 | lck_spin_lock(&ivgt_lock_data) |
94 | #define ivgt_lock_try() \ |
95 | lck_spin_try_lock(&ivgt_lock_data) |
96 | #define ivgt_unlock() \ |
97 | lck_spin_unlock(&ivgt_lock_data) |
98 | |
99 | ipc_voucher_t iv_alloc(iv_index_t entries); |
100 | void iv_dealloc(ipc_voucher_t iv, boolean_t unhash); |
101 | |
102 | os_refgrp_decl(static, iv_refgrp, "voucher" , NULL); |
103 | os_refgrp_decl(static, ivac_refgrp, "voucher attribute control" , NULL); |
104 | |
105 | static inline void |
106 | iv_reference(ipc_voucher_t iv) |
107 | { |
108 | os_ref_retain(&iv->iv_refs); |
109 | } |
110 | |
111 | static inline void |
112 | iv_release(ipc_voucher_t iv) |
113 | { |
114 | if (os_ref_release(&iv->iv_refs) == 0) { |
115 | iv_dealloc(iv, TRUE); |
116 | } |
117 | } |
118 | |
119 | /* |
120 | * freelist helper macros |
121 | */ |
122 | #define IV_FREELIST_END ((iv_index_t) 0) |
123 | |
124 | /* |
125 | * Attribute value hashing helper macros |
126 | */ |
127 | #define IV_HASH_END UINT32_MAX |
128 | #define IV_HASH_VAL(sz, val) \ |
129 | (((val) >> 3) % (sz)) |
130 | |
131 | static inline iv_index_t |
132 | iv_hash_value( |
133 | iv_index_t key_index, |
134 | mach_voucher_attr_value_handle_t value) |
135 | { |
136 | ipc_voucher_attr_control_t ivac; |
137 | |
138 | ivac = iv_global_table[key_index].ivgte_control; |
139 | assert(IVAC_NULL != ivac); |
140 | return IV_HASH_VAL(ivac->ivac_init_table_size, value); |
141 | } |
142 | |
143 | /* |
144 | * Convert a key to an index. This key-index is used to both index |
145 | * into the voucher table of attribute cache indexes and also the |
146 | * table of resource managers by key. |
147 | * |
148 | * For now, well-known keys have a one-to-one mapping of indexes |
149 | * into these tables. But as time goes on, that may not always |
150 | * be the case (sparse use over time). This isolates the code from |
151 | * having to change in these cases - yet still lets us keep a densely |
152 | * packed set of tables. |
153 | */ |
154 | static inline iv_index_t |
155 | iv_key_to_index(mach_voucher_attr_key_t key) |
156 | { |
157 | if (MACH_VOUCHER_ATTR_KEY_ALL == key || |
158 | MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN < key) |
159 | return IV_UNUSED_KEYINDEX; |
160 | return (iv_index_t)key - 1; |
161 | } |
162 | |
163 | static inline mach_voucher_attr_key_t |
164 | iv_index_to_key(iv_index_t key_index) |
165 | { |
166 | if (MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN > key_index) |
167 | return iv_global_table[key_index].ivgte_key; |
168 | return MACH_VOUCHER_ATTR_KEY_NONE; |
169 | |
170 | } |
171 | |
172 | static void ivace_release(iv_index_t key_index, iv_index_t value_index); |
173 | static void ivace_lookup_values(iv_index_t key_index, iv_index_t value_index, |
174 | mach_voucher_attr_value_handle_array_t values, |
175 | mach_voucher_attr_value_handle_array_size_t *count); |
176 | |
177 | static iv_index_t iv_lookup(ipc_voucher_t, iv_index_t); |
178 | |
179 | |
180 | static void ivgt_lookup(iv_index_t, |
181 | boolean_t, |
182 | ipc_voucher_attr_manager_t *, |
183 | ipc_voucher_attr_control_t *); |
184 | |
185 | static kern_return_t |
186 | ipc_voucher_prepare_processing_recipe( |
187 | ipc_voucher_t voucher, |
188 | ipc_voucher_attr_raw_recipe_array_t recipes, |
189 | ipc_voucher_attr_raw_recipe_array_size_t *in_out_size, |
190 | mach_voucher_attr_recipe_command_t command, |
191 | ipc_voucher_attr_manager_flags flags, |
192 | int *need_processing); |
193 | |
194 | #if defined(MACH_VOUCHER_ATTR_KEY_USER_DATA) || defined(MACH_VOUCHER_ATTR_KEY_TEST) |
195 | void user_data_attr_manager_init(void); |
196 | #endif |
197 | |
198 | void |
199 | ipc_voucher_init(void) |
200 | { |
201 | natural_t ipc_voucher_max = (task_max + thread_max) * 2; |
202 | natural_t attr_manager_max = MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN; |
203 | iv_index_t i; |
204 | |
205 | ipc_voucher_zone = zinit(sizeof(struct ipc_voucher), |
206 | ipc_voucher_max * sizeof(struct ipc_voucher), |
207 | sizeof(struct ipc_voucher), |
208 | "ipc vouchers" ); |
209 | zone_change(ipc_voucher_zone, Z_NOENCRYPT, TRUE); |
210 | |
211 | ipc_voucher_attr_control_zone = zinit(sizeof(struct ipc_voucher_attr_control), |
212 | attr_manager_max * sizeof(struct ipc_voucher_attr_control), |
213 | sizeof(struct ipc_voucher_attr_control), |
214 | "ipc voucher attr controls" ); |
215 | zone_change(ipc_voucher_attr_control_zone, Z_NOENCRYPT, TRUE); |
216 | |
217 | /* initialize voucher hash */ |
218 | ivht_lock_init(); |
219 | for (i = 0; i < IV_HASH_BUCKETS; i++) |
220 | queue_init(&ivht_bucket[i]); |
221 | |
222 | /* initialize global table locking */ |
223 | ivgt_lock_init(); |
224 | |
225 | #if defined(MACH_VOUCHER_ATTR_KEY_USER_DATA) || defined(MACH_VOUCHER_ATTR_KEY_TEST) |
226 | user_data_attr_manager_init(); |
227 | #endif |
228 | } |
229 | |
230 | ipc_voucher_t |
231 | iv_alloc(iv_index_t entries) |
232 | { |
233 | ipc_voucher_t iv; |
234 | iv_index_t i; |
235 | |
236 | |
237 | iv = (ipc_voucher_t)zalloc(ipc_voucher_zone); |
238 | if (IV_NULL == iv) |
239 | return IV_NULL; |
240 | |
241 | os_ref_init(&iv->iv_refs, &iv_refgrp); |
242 | iv->iv_sum = 0; |
243 | iv->iv_hash = 0; |
244 | iv->iv_port = IP_NULL; |
245 | |
246 | if (entries > IV_ENTRIES_INLINE) { |
247 | iv_entry_t table; |
248 | |
249 | /* TODO - switch to ipc_table method of allocation */ |
250 | table = (iv_entry_t) kalloc(sizeof(*table) * entries); |
251 | if (IVE_NULL == table) { |
252 | zfree(ipc_voucher_zone, iv); |
253 | return IV_NULL; |
254 | } |
255 | iv->iv_table = table; |
256 | iv->iv_table_size = entries; |
257 | } else { |
258 | iv->iv_table = iv->iv_inline_table; |
259 | iv->iv_table_size = IV_ENTRIES_INLINE; |
260 | } |
261 | |
262 | /* initialize the table entries */ |
263 | for (i=0; i < iv->iv_table_size; i++) |
264 | iv->iv_table[i] = IV_UNUSED_VALINDEX; |
265 | |
266 | return (iv); |
267 | } |
268 | |
269 | /* |
270 | * Routine: iv_set |
271 | * Purpose: |
272 | * Set the voucher's value index for a given key index. |
273 | * Conditions: |
274 | * This is only called during voucher creation, as |
275 | * they are immutable once references are distributed. |
276 | */ |
277 | static void |
278 | iv_set(ipc_voucher_t iv, |
279 | iv_index_t key_index, |
280 | iv_index_t value_index) |
281 | { |
282 | assert(key_index < iv->iv_table_size); |
283 | iv->iv_table[key_index] = value_index; |
284 | } |
285 | |
286 | void |
287 | iv_dealloc(ipc_voucher_t iv, boolean_t unhash) |
288 | { |
289 | ipc_port_t port = iv->iv_port; |
290 | natural_t i; |
291 | |
292 | /* |
293 | * Do we have to remove it from the hash? |
294 | */ |
295 | if (unhash) { |
296 | ivht_lock(); |
297 | assert(os_ref_get_count(&iv->iv_refs) == 0); |
298 | assert(IV_HASH_BUCKETS > iv->iv_hash); |
299 | queue_remove(&ivht_bucket[iv->iv_hash], iv, ipc_voucher_t, iv_hash_link); |
300 | ivht_count--; |
301 | ivht_unlock(); |
302 | |
303 | KERNEL_DEBUG_CONSTANT(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_VOUCHER_DESTROY) | DBG_FUNC_NONE, |
304 | VM_KERNEL_ADDRPERM((uintptr_t)iv), 0, ivht_count, 0, 0); |
305 | |
306 | } else { |
307 | os_ref_count_t cnt __assert_only = os_ref_release(&iv->iv_refs); |
308 | assert(cnt == 0); |
309 | } |
310 | |
311 | /* |
312 | * if a port was allocated for this voucher, |
313 | * it must not have any remaining send rights, |
314 | * because the port's reference on the voucher |
315 | * is gone. We can just discard it now. |
316 | */ |
317 | if (IP_VALID(port)) { |
318 | assert(ip_active(port)); |
319 | assert(port->ip_srights == 0); |
320 | |
321 | ipc_port_dealloc_kernel(port); |
322 | } |
323 | |
324 | /* release the attribute references held by this voucher */ |
325 | for (i = 0; i < iv->iv_table_size; i++) { |
326 | ivace_release(i, iv->iv_table[i]); |
327 | #if MACH_ASSERT |
328 | iv_set(iv, i, ~0); |
329 | #endif |
330 | } |
331 | |
332 | if (iv->iv_table != iv->iv_inline_table) |
333 | kfree(iv->iv_table, |
334 | iv->iv_table_size * sizeof(*iv->iv_table)); |
335 | |
336 | zfree(ipc_voucher_zone, iv); |
337 | } |
338 | |
339 | /* |
340 | * Routine: iv_lookup |
341 | * Purpose: |
342 | * Find the voucher's value index for a given key_index |
343 | * Conditions: |
344 | * Vouchers are immutable, so no locking required to do |
345 | * a lookup. |
346 | */ |
347 | static inline iv_index_t |
348 | iv_lookup(ipc_voucher_t iv, iv_index_t key_index) |
349 | { |
350 | if (key_index < iv->iv_table_size) |
351 | return iv->iv_table[key_index]; |
352 | return IV_UNUSED_VALINDEX; |
353 | } |
354 | |
355 | /* |
356 | * Routine: unsafe_convert_port_to_voucher |
357 | * Purpose: |
358 | * Unsafe conversion of a port to a voucher. |
359 | * Intended only for use by trace and debugging |
360 | * code. Consumes nothing, validates very little, |
361 | * produces an unreferenced voucher, which you |
362 | * MAY NOT use as a voucher, only log as an |
363 | * address. |
364 | * Conditions: |
365 | * Caller has a send-right reference to port. |
366 | * Port may or may not be locked. |
367 | */ |
368 | uintptr_t |
369 | unsafe_convert_port_to_voucher( |
370 | ipc_port_t port) |
371 | { |
372 | if (IP_VALID(port)) { |
373 | uintptr_t voucher = (uintptr_t) port->ip_kobject; |
374 | |
375 | /* |
376 | * No need to lock because we have a reference on the |
377 | * port, and if it is a true voucher port, that reference |
378 | * keeps the voucher bound to the port (and active). |
379 | */ |
380 | if (ip_kotype(port) == IKOT_VOUCHER) |
381 | return (voucher); |
382 | } |
383 | return (uintptr_t)IV_NULL; |
384 | } |
385 | |
386 | /* |
387 | * Routine: convert_port_to_voucher |
388 | * Purpose: |
389 | * Convert from a port to a voucher. |
390 | * Doesn't consume the port [send-right] ref; |
391 | * produces a voucher ref, which may be null. |
392 | * Conditions: |
393 | * Caller has a send-right reference to port. |
394 | * Port may or may not be locked. |
395 | */ |
396 | ipc_voucher_t |
397 | convert_port_to_voucher( |
398 | ipc_port_t port) |
399 | { |
400 | if (IP_VALID(port)) { |
401 | ipc_voucher_t voucher = (ipc_voucher_t) port->ip_kobject; |
402 | |
403 | /* |
404 | * No need to lock because we have a reference on the |
405 | * port, and if it is a true voucher port, that reference |
406 | * keeps the voucher bound to the port (and active). |
407 | */ |
408 | if (ip_kotype(port) != IKOT_VOUCHER) |
409 | return IV_NULL; |
410 | |
411 | assert(ip_active(port)); |
412 | |
413 | ipc_voucher_reference(voucher); |
414 | return (voucher); |
415 | } |
416 | return IV_NULL; |
417 | } |
418 | |
419 | /* |
420 | * Routine: convert_port_name_to_voucher |
421 | * Purpose: |
422 | * Convert from a port name in the current space to a voucher. |
423 | * Produces a voucher ref, which may be null. |
424 | * Conditions: |
425 | * Nothing locked. |
426 | */ |
427 | |
428 | ipc_voucher_t |
429 | convert_port_name_to_voucher( |
430 | mach_port_name_t voucher_name) |
431 | { |
432 | ipc_voucher_t iv; |
433 | kern_return_t kr; |
434 | ipc_port_t port; |
435 | |
436 | if (MACH_PORT_VALID(voucher_name)) { |
437 | kr = ipc_port_translate_send(current_space(), voucher_name, &port); |
438 | if (KERN_SUCCESS != kr) |
439 | return IV_NULL; |
440 | |
441 | iv = convert_port_to_voucher(port); |
442 | ip_unlock(port); |
443 | return iv; |
444 | } |
445 | return IV_NULL; |
446 | } |
447 | |
448 | |
449 | void |
450 | ipc_voucher_reference(ipc_voucher_t voucher) |
451 | { |
452 | if (IPC_VOUCHER_NULL == voucher) |
453 | return; |
454 | |
455 | iv_reference(voucher); |
456 | } |
457 | |
458 | void |
459 | ipc_voucher_release(ipc_voucher_t voucher) |
460 | { |
461 | if (IPC_VOUCHER_NULL != voucher) |
462 | iv_release(voucher); |
463 | } |
464 | |
465 | /* |
466 | * Routine: ipc_voucher_notify |
467 | * Purpose: |
468 | * Called whenever the Mach port system detects no-senders |
469 | * on the voucher port. |
470 | * |
471 | * Each time the send-right count goes positive, a no-senders |
472 | * notification is armed (and a voucher reference is donated). |
473 | * So, each notification that comes in must release a voucher |
474 | * reference. If more send rights have been added since it |
475 | * fired (asynchronously), they will be protected by a different |
476 | * reference hold. |
477 | */ |
478 | void |
479 | ipc_voucher_notify(mach_msg_header_t *msg) |
480 | { |
481 | mach_no_senders_notification_t *notification = (void *)msg; |
482 | ipc_port_t port = notification->not_header.msgh_remote_port; |
483 | ipc_voucher_t iv; |
484 | |
485 | assert(ip_active(port)); |
486 | assert(IKOT_VOUCHER == ip_kotype(port)); |
487 | iv = (ipc_voucher_t)port->ip_kobject; |
488 | |
489 | ipc_voucher_release(iv); |
490 | } |
491 | |
492 | /* |
493 | * Convert a voucher to a port. |
494 | */ |
495 | ipc_port_t |
496 | convert_voucher_to_port(ipc_voucher_t voucher) |
497 | { |
498 | ipc_port_t port, send; |
499 | |
500 | if (IV_NULL == voucher) |
501 | return (IP_NULL); |
502 | |
503 | assert(os_ref_get_count(&voucher->iv_refs) > 0); |
504 | |
505 | /* create a port if needed */ |
506 | port = voucher->iv_port; |
507 | if (!IP_VALID(port)) { |
508 | port = ipc_port_alloc_kernel(); |
509 | assert(IP_VALID(port)); |
510 | ipc_kobject_set_atomically(port, (ipc_kobject_t) voucher, IKOT_VOUCHER); |
511 | |
512 | /* If we lose the race, deallocate and pick up the other guy's port */ |
513 | if (!OSCompareAndSwapPtr(IP_NULL, port, &voucher->iv_port)) { |
514 | ipc_port_dealloc_kernel(port); |
515 | port = voucher->iv_port; |
516 | assert(ip_kotype(port) == IKOT_VOUCHER); |
517 | assert(port->ip_kobject == (ipc_kobject_t)voucher); |
518 | } |
519 | } |
520 | |
521 | ip_lock(port); |
522 | assert(ip_active(port)); |
523 | send = ipc_port_make_send_locked(port); |
524 | |
525 | if (1 == port->ip_srights) { |
526 | ipc_port_t old_notify; |
527 | |
528 | /* transfer our ref to the port, and arm the no-senders notification */ |
529 | assert(IP_NULL == port->ip_nsrequest); |
530 | ipc_port_nsrequest(port, port->ip_mscount, ipc_port_make_sonce_locked(port), &old_notify); |
531 | /* port unlocked */ |
532 | assert(IP_NULL == old_notify); |
533 | } else { |
534 | /* piggyback on the existing port reference, so consume ours */ |
535 | ip_unlock(port); |
536 | ipc_voucher_release(voucher); |
537 | } |
538 | return (send); |
539 | } |
540 | |
541 | #define ivace_reset_data(ivace_elem, next_index) { \ |
542 | (ivace_elem)->ivace_value = 0xDEADC0DEDEADC0DE; \ |
543 | (ivace_elem)->ivace_refs = 0; \ |
544 | (ivace_elem)->ivace_persist = 0; \ |
545 | (ivace_elem)->ivace_made = 0; \ |
546 | (ivace_elem)->ivace_free = TRUE; \ |
547 | (ivace_elem)->ivace_releasing = FALSE; \ |
548 | (ivace_elem)->ivace_layered = 0; \ |
549 | (ivace_elem)->ivace_index = IV_HASH_END; \ |
550 | (ivace_elem)->ivace_next = (next_index); \ |
551 | } |
552 | |
553 | #define ivace_copy_data(ivace_src_elem, ivace_dst_elem) { \ |
554 | (ivace_dst_elem)->ivace_value = (ivace_src_elem)->ivace_value; \ |
555 | (ivace_dst_elem)->ivace_refs = (ivace_src_elem)->ivace_refs; \ |
556 | (ivace_dst_elem)->ivace_persist = (ivace_src_elem)->ivace_persist; \ |
557 | (ivace_dst_elem)->ivace_made = (ivace_src_elem)->ivace_made; \ |
558 | (ivace_dst_elem)->ivace_free = (ivace_src_elem)->ivace_free; \ |
559 | (ivace_dst_elem)->ivace_layered = (ivace_src_elem)->ivace_layered; \ |
560 | (ivace_dst_elem)->ivace_releasing = (ivace_src_elem)->ivace_releasing; \ |
561 | (ivace_dst_elem)->ivace_index = (ivace_src_elem)->ivace_index; \ |
562 | (ivace_dst_elem)->ivace_next = (ivace_src_elem)->ivace_next; \ |
563 | } |
564 | |
565 | ipc_voucher_attr_control_t |
566 | ivac_alloc(iv_index_t key_index) |
567 | { |
568 | ipc_voucher_attr_control_t ivac; |
569 | ivac_entry_t table; |
570 | natural_t i; |
571 | |
572 | |
573 | ivac = (ipc_voucher_attr_control_t)zalloc(ipc_voucher_attr_control_zone); |
574 | if (IVAC_NULL == ivac) |
575 | return IVAC_NULL; |
576 | |
577 | os_ref_init(&ivac->ivac_refs, &ivac_refgrp); |
578 | ivac->ivac_is_growing = FALSE; |
579 | ivac->ivac_port = IP_NULL; |
580 | |
581 | /* start with just the inline table */ |
582 | table = (ivac_entry_t) kalloc(IVAC_ENTRIES_MIN * sizeof(ivac_entry)); |
583 | ivac->ivac_table = table; |
584 | ivac->ivac_table_size = IVAC_ENTRIES_MIN; |
585 | ivac->ivac_init_table_size = IVAC_ENTRIES_MIN; |
586 | for (i = 0; i < ivac->ivac_table_size; i++) { |
587 | ivace_reset_data(&table[i], i+1); |
588 | } |
589 | |
590 | /* the default table entry is never on freelist */ |
591 | table[0].ivace_next = IV_HASH_END; |
592 | table[0].ivace_free = FALSE; |
593 | table[i-1].ivace_next = IV_FREELIST_END; |
594 | ivac->ivac_freelist = 1; |
595 | ivac_lock_init(ivac); |
596 | ivac->ivac_key_index = key_index; |
597 | return (ivac); |
598 | } |
599 | |
600 | |
601 | void |
602 | ivac_dealloc(ipc_voucher_attr_control_t ivac) |
603 | { |
604 | ipc_voucher_attr_manager_t ivam = IVAM_NULL; |
605 | iv_index_t key_index = ivac->ivac_key_index; |
606 | ipc_port_t port = ivac->ivac_port; |
607 | natural_t i; |
608 | |
609 | /* |
610 | * If the control is in the global table, we |
611 | * have to remove it from there before we (re)confirm |
612 | * that the reference count is still zero. |
613 | */ |
614 | ivgt_lock(); |
615 | if (os_ref_get_count(&ivac->ivac_refs) > 0) { |
616 | ivgt_unlock(); |
617 | return; |
618 | } |
619 | |
620 | /* take it out of the global table */ |
621 | if (iv_global_table[key_index].ivgte_control == ivac) { |
622 | ivam = iv_global_table[key_index].ivgte_manager; |
623 | iv_global_table[key_index].ivgte_manager = IVAM_NULL; |
624 | iv_global_table[key_index].ivgte_control = IVAC_NULL; |
625 | iv_global_table[key_index].ivgte_key = MACH_VOUCHER_ATTR_KEY_NONE; |
626 | } |
627 | ivgt_unlock(); |
628 | |
629 | /* release the reference held on the resource manager */ |
630 | if (IVAM_NULL != ivam) |
631 | (ivam->ivam_release)(ivam); |
632 | |
633 | /* |
634 | * if a port was allocated for this voucher, |
635 | * it must not have any remaining send rights, |
636 | * because the port's reference on the voucher |
637 | * is gone. We can just discard it now. |
638 | */ |
639 | if (IP_VALID(port)) { |
640 | assert(ip_active(port)); |
641 | assert(port->ip_srights == 0); |
642 | |
643 | ipc_port_dealloc_kernel(port); |
644 | } |
645 | |
646 | /* |
647 | * the resource manager's control reference and all references |
648 | * held by the specific value caches are gone, so free the |
649 | * table. |
650 | */ |
651 | #ifdef MACH_DEBUG |
652 | for (i = 0; i < ivac->ivac_table_size; i++) |
653 | if (ivac->ivac_table[i].ivace_refs != 0) |
654 | panic("deallocing a resource manager with live refs to its attr values\n" ); |
655 | #endif |
656 | kfree(ivac->ivac_table, ivac->ivac_table_size * sizeof(*ivac->ivac_table)); |
657 | ivac_lock_destroy(ivac); |
658 | zfree(ipc_voucher_attr_control_zone, ivac); |
659 | } |
660 | |
661 | void |
662 | ipc_voucher_attr_control_reference(ipc_voucher_attr_control_t control) |
663 | { |
664 | ivac_reference(control); |
665 | } |
666 | |
667 | void |
668 | ipc_voucher_attr_control_release(ipc_voucher_attr_control_t control) |
669 | { |
670 | ivac_release(control); |
671 | } |
672 | |
673 | /* |
674 | * Routine: convert_port_to_voucher_attr_control reference |
675 | * Purpose: |
676 | * Convert from a port to a voucher attribute control. |
677 | * Doesn't consume the port ref; produces a voucher ref, |
678 | * which may be null. |
679 | * Conditions: |
680 | * Nothing locked. |
681 | */ |
682 | ipc_voucher_attr_control_t |
683 | convert_port_to_voucher_attr_control( |
684 | ipc_port_t port) |
685 | { |
686 | if (IP_VALID(port)) { |
687 | ipc_voucher_attr_control_t ivac = (ipc_voucher_attr_control_t) port->ip_kobject; |
688 | |
689 | /* |
690 | * No need to lock because we have a reference on the |
691 | * port, and if it is a true voucher control port, |
692 | * that reference keeps the voucher bound to the port |
693 | * (and active). |
694 | */ |
695 | if (ip_kotype(port) != IKOT_VOUCHER_ATTR_CONTROL) |
696 | return IVAC_NULL; |
697 | |
698 | assert(ip_active(port)); |
699 | |
700 | ivac_reference(ivac); |
701 | return (ivac); |
702 | } |
703 | return IVAC_NULL; |
704 | } |
705 | |
706 | void |
707 | ipc_voucher_attr_control_notify(mach_msg_header_t *msg) |
708 | { |
709 | mach_no_senders_notification_t *notification = (void *)msg; |
710 | ipc_port_t port = notification->not_header.msgh_remote_port; |
711 | ipc_voucher_attr_control_t ivac; |
712 | |
713 | assert(IKOT_VOUCHER_ATTR_CONTROL == ip_kotype(port)); |
714 | ip_lock(port); |
715 | assert(ip_active(port)); |
716 | |
717 | /* if no new send rights, drop a control reference */ |
718 | if (port->ip_mscount == notification->not_count) { |
719 | ivac = (ipc_voucher_attr_control_t)port->ip_kobject; |
720 | ip_unlock(port); |
721 | |
722 | ivac_release(ivac); |
723 | } else { |
724 | ip_unlock(port); |
725 | } |
726 | } |
727 | |
728 | /* |
729 | * Convert a voucher attr control to a port. |
730 | */ |
731 | ipc_port_t |
732 | convert_voucher_attr_control_to_port(ipc_voucher_attr_control_t control) |
733 | { |
734 | ipc_port_t port, send; |
735 | |
736 | if (IVAC_NULL == control) |
737 | return (IP_NULL); |
738 | |
739 | /* create a port if needed */ |
740 | port = control->ivac_port; |
741 | if (!IP_VALID(port)) { |
742 | port = ipc_port_alloc_kernel(); |
743 | assert(IP_VALID(port)); |
744 | if (OSCompareAndSwapPtr(IP_NULL, port, &control->ivac_port)) { |
745 | ip_lock(port); |
746 | ipc_kobject_set_atomically(port, (ipc_kobject_t) control, IKOT_VOUCHER_ATTR_CONTROL); |
747 | } else { |
748 | ipc_port_dealloc_kernel(port); |
749 | port = control->ivac_port; |
750 | ip_lock(port); |
751 | assert(ip_kotype(port) == IKOT_VOUCHER_ATTR_CONTROL); |
752 | assert(port->ip_kobject == (ipc_kobject_t)control); |
753 | } |
754 | } else |
755 | ip_lock(port); |
756 | |
757 | assert(ip_active(port)); |
758 | send = ipc_port_make_send_locked(port); |
759 | |
760 | if (1 == port->ip_srights) { |
761 | ipc_port_t old_notify; |
762 | |
763 | /* transfer our ref to the port, and arm the no-senders notification */ |
764 | assert(IP_NULL == port->ip_nsrequest); |
765 | ipc_port_nsrequest(port, port->ip_mscount, ipc_port_make_sonce_locked(port), &old_notify); |
766 | assert(IP_NULL == old_notify); |
767 | /* ipc_port_nsrequest unlocks the port */ |
768 | } else { |
769 | /* piggyback on the existing port reference, so consume ours */ |
770 | ip_unlock(port); |
771 | ivac_release(control); |
772 | } |
773 | return (send); |
774 | } |
775 | |
776 | /* |
777 | * Look up the values for a given <key, index> pair. |
778 | */ |
779 | static void |
780 | ivace_lookup_values( |
781 | iv_index_t key_index, |
782 | iv_index_t value_index, |
783 | mach_voucher_attr_value_handle_array_t values, |
784 | mach_voucher_attr_value_handle_array_size_t *count) |
785 | { |
786 | ipc_voucher_attr_control_t ivac; |
787 | ivac_entry_t ivace; |
788 | |
789 | if (IV_UNUSED_VALINDEX == value_index || |
790 | MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN <= key_index) { |
791 | *count = 0; |
792 | return; |
793 | } |
794 | |
795 | ivac = iv_global_table[key_index].ivgte_control; |
796 | assert(IVAC_NULL != ivac); |
797 | |
798 | /* |
799 | * Get the entry and then the linked values. |
800 | */ |
801 | ivac_lock(ivac); |
802 | assert(value_index < ivac->ivac_table_size); |
803 | ivace = &ivac->ivac_table[value_index]; |
804 | |
805 | /* |
806 | * TODO: support chained values (for effective vouchers). |
807 | */ |
808 | assert(ivace->ivace_refs > 0); |
809 | values[0] = ivace->ivace_value; |
810 | ivac_unlock(ivac); |
811 | *count = 1; |
812 | } |
813 | |
814 | /* |
815 | * ivac_grow_table - Allocate a bigger table of attribute values |
816 | * |
817 | * Conditions: ivac is locked on entry and again on return |
818 | */ |
819 | static void |
820 | ivac_grow_table(ipc_voucher_attr_control_t ivac) |
821 | { |
822 | iv_index_t i = 0; |
823 | |
824 | /* NOTE: do not modify *_table and *_size values once set */ |
825 | ivac_entry_t new_table = NULL, old_table = NULL; |
826 | iv_index_t new_size, old_size; |
827 | |
828 | if (ivac->ivac_is_growing) { |
829 | ivac_sleep(ivac); |
830 | return; |
831 | } |
832 | |
833 | ivac->ivac_is_growing = 1; |
834 | if (ivac->ivac_table_size >= IVAC_ENTRIES_MAX) { |
835 | panic("Cannot grow ipc space beyond IVAC_ENTRIES_MAX. Some process is leaking vouchers" ); |
836 | return; |
837 | } |
838 | |
839 | old_size = ivac->ivac_table_size; |
840 | ivac_unlock(ivac); |
841 | |
842 | new_size = old_size * 2; |
843 | |
844 | assert(new_size > old_size); |
845 | assert(new_size < IVAC_ENTRIES_MAX); |
846 | |
847 | new_table = kalloc(sizeof(ivac_entry) * new_size); |
848 | if (!new_table){ |
849 | panic("Failed to grow ivac table to size %d\n" , new_size); |
850 | return; |
851 | } |
852 | |
853 | /* setup the free list for new entries */ |
854 | for (i = old_size; i < new_size; i++) { |
855 | ivace_reset_data(&new_table[i], i+1); |
856 | } |
857 | |
858 | ivac_lock(ivac); |
859 | |
860 | for (i = 0; i < ivac->ivac_table_size; i++){ |
861 | ivace_copy_data(&ivac->ivac_table[i], &new_table[i]); |
862 | } |
863 | |
864 | old_table = ivac->ivac_table; |
865 | |
866 | ivac->ivac_table = new_table; |
867 | ivac->ivac_table_size = new_size; |
868 | |
869 | /* adding new free entries at head of freelist */ |
870 | ivac->ivac_table[new_size - 1].ivace_next = ivac->ivac_freelist; |
871 | ivac->ivac_freelist = old_size; |
872 | ivac->ivac_is_growing = 0; |
873 | ivac_wakeup(ivac); |
874 | |
875 | if (old_table){ |
876 | ivac_unlock(ivac); |
877 | kfree(old_table, old_size * sizeof(ivac_entry)); |
878 | ivac_lock(ivac); |
879 | } |
880 | } |
881 | |
882 | /* |
883 | * ivace_reference_by_index |
884 | * |
885 | * Take an additional reference on the <key_index, val_index> |
886 | * cached value. It is assumed the caller already holds a |
887 | * reference to the same cached key-value pair. |
888 | */ |
889 | static void |
890 | ivace_reference_by_index( |
891 | iv_index_t key_index, |
892 | iv_index_t val_index) |
893 | { |
894 | ipc_voucher_attr_control_t ivac; |
895 | ivac_entry_t ivace; |
896 | |
897 | if (IV_UNUSED_VALINDEX == val_index) |
898 | return; |
899 | |
900 | ivgt_lookup(key_index, FALSE, NULL, &ivac); |
901 | assert(IVAC_NULL != ivac); |
902 | |
903 | ivac_lock(ivac); |
904 | assert(val_index < ivac->ivac_table_size); |
905 | ivace = &ivac->ivac_table[val_index]; |
906 | |
907 | assert(0xdeadc0dedeadc0de != ivace->ivace_value); |
908 | assert(0 < ivace->ivace_refs); |
909 | assert(!ivace->ivace_free); |
910 | |
911 | /* Take ref only on non-persistent values */ |
912 | if (!ivace->ivace_persist) { |
913 | ivace->ivace_refs++; |
914 | } |
915 | ivac_unlock(ivac); |
916 | } |
917 | |
918 | |
919 | /* |
920 | * Look up the values for a given <key, index> pair. |
921 | * |
922 | * Consumes a reference on the passed voucher control. |
923 | * Either it is donated to a newly-created value cache |
924 | * or it is released (if we piggy back on an existing |
925 | * value cache entry). |
926 | */ |
927 | static iv_index_t |
928 | ivace_reference_by_value( |
929 | ipc_voucher_attr_control_t ivac, |
930 | mach_voucher_attr_value_handle_t value, |
931 | mach_voucher_attr_value_flags_t flag) |
932 | { |
933 | ivac_entry_t ivace = IVACE_NULL; |
934 | iv_index_t hash_index; |
935 | iv_index_t index; |
936 | |
937 | if (IVAC_NULL == ivac) { |
938 | return IV_UNUSED_VALINDEX; |
939 | } |
940 | |
941 | ivac_lock(ivac); |
942 | restart: |
943 | hash_index = IV_HASH_VAL(ivac->ivac_init_table_size, value); |
944 | index = ivac->ivac_table[hash_index].ivace_index; |
945 | while (index != IV_HASH_END) { |
946 | assert(index < ivac->ivac_table_size); |
947 | ivace = &ivac->ivac_table[index]; |
948 | assert(!ivace->ivace_free); |
949 | |
950 | if (ivace->ivace_value == value) |
951 | break; |
952 | |
953 | assert(ivace->ivace_next != index); |
954 | index = ivace->ivace_next; |
955 | } |
956 | |
957 | /* found it? */ |
958 | if (index != IV_HASH_END) { |
959 | /* only add reference on non-persistent value */ |
960 | if (!ivace->ivace_persist) { |
961 | ivace->ivace_refs++; |
962 | ivace->ivace_made++; |
963 | } |
964 | |
965 | ivac_unlock(ivac); |
966 | ivac_release(ivac); |
967 | return index; |
968 | } |
969 | |
970 | /* insert new entry in the table */ |
971 | index = ivac->ivac_freelist; |
972 | if (IV_FREELIST_END == index) { |
973 | /* freelist empty */ |
974 | ivac_grow_table(ivac); |
975 | goto restart; |
976 | } |
977 | |
978 | /* take the entry off the freelist */ |
979 | ivace = &ivac->ivac_table[index]; |
980 | ivac->ivac_freelist = ivace->ivace_next; |
981 | |
982 | /* initialize the new entry */ |
983 | ivace->ivace_value = value; |
984 | ivace->ivace_refs = 1; |
985 | ivace->ivace_made = 1; |
986 | ivace->ivace_free = FALSE; |
987 | ivace->ivace_persist = (flag & MACH_VOUCHER_ATTR_VALUE_FLAGS_PERSIST) ? TRUE : FALSE; |
988 | |
989 | /* insert the new entry in the proper hash chain */ |
990 | ivace->ivace_next = ivac->ivac_table[hash_index].ivace_index; |
991 | ivac->ivac_table[hash_index].ivace_index = index; |
992 | ivac_unlock(ivac); |
993 | |
994 | /* donated passed in ivac reference to new entry */ |
995 | |
996 | return index; |
997 | } |
998 | |
999 | /* |
1000 | * Release a reference on the given <key_index, value_index> pair. |
1001 | * |
1002 | * Conditions: called with nothing locked, as it may cause |
1003 | * callouts and/or messaging to the resource |
1004 | * manager. |
1005 | */ |
1006 | static void ivace_release( |
1007 | iv_index_t key_index, |
1008 | iv_index_t value_index) |
1009 | { |
1010 | ipc_voucher_attr_control_t ivac; |
1011 | ipc_voucher_attr_manager_t ivam; |
1012 | mach_voucher_attr_value_handle_t value; |
1013 | mach_voucher_attr_value_reference_t made; |
1014 | mach_voucher_attr_key_t key; |
1015 | iv_index_t hash_index; |
1016 | ivac_entry_t ivace; |
1017 | kern_return_t kr; |
1018 | |
1019 | /* cant release the default value */ |
1020 | if (IV_UNUSED_VALINDEX == value_index) |
1021 | return; |
1022 | |
1023 | ivgt_lookup(key_index, FALSE, &ivam, &ivac); |
1024 | assert(IVAC_NULL != ivac); |
1025 | assert(IVAM_NULL != ivam); |
1026 | |
1027 | ivac_lock(ivac); |
1028 | assert(value_index < ivac->ivac_table_size); |
1029 | ivace = &ivac->ivac_table[value_index]; |
1030 | |
1031 | assert(0 < ivace->ivace_refs); |
1032 | |
1033 | /* cant release persistent values */ |
1034 | if (ivace->ivace_persist) { |
1035 | ivac_unlock(ivac); |
1036 | return; |
1037 | } |
1038 | |
1039 | if (0 < --ivace->ivace_refs) { |
1040 | ivac_unlock(ivac); |
1041 | return; |
1042 | } |
1043 | |
1044 | key = iv_index_to_key(key_index); |
1045 | assert(MACH_VOUCHER_ATTR_KEY_NONE != key); |
1046 | |
1047 | /* |
1048 | * if last return reply is still pending, |
1049 | * let it handle this later return when |
1050 | * the previous reply comes in. |
1051 | */ |
1052 | if (ivace->ivace_releasing) { |
1053 | ivac_unlock(ivac); |
1054 | return; |
1055 | } |
1056 | |
1057 | /* claim releasing */ |
1058 | ivace->ivace_releasing = TRUE; |
1059 | value = ivace->ivace_value; |
1060 | |
1061 | redrive: |
1062 | assert(value == ivace->ivace_value); |
1063 | assert(!ivace->ivace_free); |
1064 | made = ivace->ivace_made; |
1065 | ivac_unlock(ivac); |
1066 | |
1067 | /* callout to manager's release_value */ |
1068 | kr = (ivam->ivam_release_value)(ivam, key, value, made); |
1069 | |
1070 | /* recalculate entry address as table may have changed */ |
1071 | ivac_lock(ivac); |
1072 | ivace = &ivac->ivac_table[value_index]; |
1073 | assert(value == ivace->ivace_value); |
1074 | |
1075 | /* |
1076 | * new made values raced with this return. If the |
1077 | * manager OK'ed the prior release, we have to start |
1078 | * the made numbering over again (pretend the race |
1079 | * didn't happen). If the entry has zero refs again, |
1080 | * re-drive the release. |
1081 | */ |
1082 | if (ivace->ivace_made != made) { |
1083 | if (KERN_SUCCESS == kr) |
1084 | ivace->ivace_made -= made; |
1085 | |
1086 | if (0 == ivace->ivace_refs) |
1087 | goto redrive; |
1088 | |
1089 | ivace->ivace_releasing = FALSE; |
1090 | ivac_unlock(ivac); |
1091 | return; |
1092 | } else { |
1093 | /* |
1094 | * If the manager returned FAILURE, someone took a |
1095 | * reference on the value but have not updated the ivace, |
1096 | * release the lock and return since thread who got |
1097 | * the new reference will update the ivace and will have |
1098 | * non-zero reference on the value. |
1099 | */ |
1100 | if (KERN_SUCCESS != kr) { |
1101 | ivace->ivace_releasing = FALSE; |
1102 | ivac_unlock(ivac); |
1103 | return; |
1104 | } |
1105 | } |
1106 | |
1107 | assert(0 == ivace->ivace_refs); |
1108 | |
1109 | /* |
1110 | * going away - remove entry from its hash |
1111 | * If its at the head of the hash bucket list (common), unchain |
1112 | * at the head. Otherwise walk the chain until the next points |
1113 | * at this entry, and remove it from the the list there. |
1114 | */ |
1115 | hash_index = iv_hash_value(key_index, value); |
1116 | if (ivac->ivac_table[hash_index].ivace_index == value_index) { |
1117 | ivac->ivac_table[hash_index].ivace_index = ivace->ivace_next; |
1118 | } else { |
1119 | hash_index = ivac->ivac_table[hash_index].ivace_index; |
1120 | assert(IV_HASH_END != hash_index); |
1121 | while (ivac->ivac_table[hash_index].ivace_next != value_index) { |
1122 | hash_index = ivac->ivac_table[hash_index].ivace_next; |
1123 | assert(IV_HASH_END != hash_index); |
1124 | } |
1125 | ivac->ivac_table[hash_index].ivace_next = ivace->ivace_next; |
1126 | } |
1127 | |
1128 | /* Put this entry on the freelist */ |
1129 | ivace->ivace_value = 0xdeadc0dedeadc0de; |
1130 | ivace->ivace_releasing = FALSE; |
1131 | ivace->ivace_free = TRUE; |
1132 | ivace->ivace_made = 0; |
1133 | ivace->ivace_next = ivac->ivac_freelist; |
1134 | ivac->ivac_freelist = value_index; |
1135 | ivac_unlock(ivac); |
1136 | |
1137 | /* release the reference this value held on its cache control */ |
1138 | ivac_release(ivac); |
1139 | |
1140 | return; |
1141 | } |
1142 | |
1143 | |
1144 | /* |
1145 | * ivgt_looup |
1146 | * |
1147 | * Lookup an entry in the global table from the context of a manager |
1148 | * registration. Adds a reference to the control to keep the results |
1149 | * around (if needed). |
1150 | * |
1151 | * Because of the calling point, we can't be sure the manager is |
1152 | * [fully] registered yet. So, we must hold the global table lock |
1153 | * during the lookup to synchronize with in-parallel registrations |
1154 | * (and possible table growth). |
1155 | */ |
1156 | static void |
1157 | ivgt_lookup(iv_index_t key_index, |
1158 | boolean_t take_reference, |
1159 | ipc_voucher_attr_manager_t *manager, |
1160 | ipc_voucher_attr_control_t *control) |
1161 | { |
1162 | ipc_voucher_attr_control_t ivac; |
1163 | |
1164 | if (key_index < MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN) { |
1165 | ivgt_lock(); |
1166 | if (NULL != manager) |
1167 | *manager = iv_global_table[key_index].ivgte_manager; |
1168 | ivac = iv_global_table[key_index].ivgte_control; |
1169 | if (IVAC_NULL != ivac) { |
1170 | assert(key_index == ivac->ivac_key_index); |
1171 | if (take_reference) { |
1172 | assert(NULL != control); |
1173 | ivac_reference(ivac); |
1174 | } |
1175 | } |
1176 | ivgt_unlock(); |
1177 | if (NULL != control) |
1178 | *control = ivac; |
1179 | } else { |
1180 | if (NULL != manager) |
1181 | *manager = IVAM_NULL; |
1182 | if (NULL != control) |
1183 | *control = IVAC_NULL; |
1184 | } |
1185 | } |
1186 | |
1187 | /* |
1188 | * Routine: ipc_replace_voucher_value |
1189 | * Purpose: |
1190 | * Replace the <voucher, key> value with the results of |
1191 | * running the supplied command through the resource |
1192 | * manager's get-value callback. |
1193 | * Conditions: |
1194 | * Nothing locked (may invoke user-space repeatedly). |
1195 | * Caller holds references on voucher and previous voucher. |
1196 | */ |
1197 | static kern_return_t |
1198 | ipc_replace_voucher_value( |
1199 | ipc_voucher_t voucher, |
1200 | mach_voucher_attr_key_t key, |
1201 | mach_voucher_attr_recipe_command_t command, |
1202 | ipc_voucher_t prev_voucher, |
1203 | mach_voucher_attr_content_t content, |
1204 | mach_voucher_attr_content_size_t content_size) |
1205 | { |
1206 | mach_voucher_attr_value_handle_t previous_vals[MACH_VOUCHER_ATTR_VALUE_MAX_NESTED]; |
1207 | mach_voucher_attr_value_handle_array_size_t previous_vals_count; |
1208 | mach_voucher_attr_value_handle_t new_value; |
1209 | mach_voucher_attr_value_flags_t new_flag; |
1210 | ipc_voucher_t new_value_voucher; |
1211 | ipc_voucher_attr_manager_t ivam; |
1212 | ipc_voucher_attr_control_t ivac; |
1213 | iv_index_t prev_val_index; |
1214 | iv_index_t save_val_index; |
1215 | iv_index_t val_index; |
1216 | iv_index_t key_index; |
1217 | kern_return_t kr; |
1218 | |
1219 | /* |
1220 | * Get the manager for this key_index. |
1221 | * Returns a reference on the control. |
1222 | */ |
1223 | key_index = iv_key_to_index(key); |
1224 | ivgt_lookup(key_index, TRUE, &ivam, &ivac); |
1225 | if (IVAM_NULL == ivam) |
1226 | return KERN_INVALID_ARGUMENT; |
1227 | |
1228 | /* save the current value stored in the forming voucher */ |
1229 | save_val_index = iv_lookup(voucher, key_index); |
1230 | |
1231 | /* |
1232 | * Get the previous value(s) for this key creation. |
1233 | * If a previous voucher is specified, they come from there. |
1234 | * Otherwise, they come from the intermediate values already |
1235 | * in the forming voucher. |
1236 | */ |
1237 | prev_val_index = (IV_NULL != prev_voucher) ? |
1238 | iv_lookup(prev_voucher, key_index) : |
1239 | save_val_index; |
1240 | ivace_lookup_values(key_index, prev_val_index, |
1241 | previous_vals, &previous_vals_count); |
1242 | |
1243 | /* Call out to resource manager to get new value */ |
1244 | new_value_voucher = IV_NULL; |
1245 | kr = (ivam->ivam_get_value)( |
1246 | ivam, key, command, |
1247 | previous_vals, previous_vals_count, |
1248 | content, content_size, |
1249 | &new_value, &new_flag, &new_value_voucher); |
1250 | if (KERN_SUCCESS != kr) { |
1251 | ivac_release(ivac); |
1252 | return kr; |
1253 | } |
1254 | |
1255 | /* TODO: value insertion from returned voucher */ |
1256 | if (IV_NULL != new_value_voucher) |
1257 | iv_release(new_value_voucher); |
1258 | |
1259 | /* |
1260 | * Find or create a slot in the table associated |
1261 | * with this attribute value. The ivac reference |
1262 | * is transferred to a new value, or consumed if |
1263 | * we find a matching existing value. |
1264 | */ |
1265 | val_index = ivace_reference_by_value(ivac, new_value, new_flag); |
1266 | iv_set(voucher, key_index, val_index); |
1267 | |
1268 | /* |
1269 | * release saved old value from the newly forming voucher |
1270 | * This is saved until the end to avoid churning the |
1271 | * release logic in cases where the same value is returned |
1272 | * as was there before. |
1273 | */ |
1274 | ivace_release(key_index, save_val_index); |
1275 | |
1276 | return KERN_SUCCESS; |
1277 | } |
1278 | |
1279 | /* |
1280 | * Routine: ipc_directly_replace_voucher_value |
1281 | * Purpose: |
1282 | * Replace the <voucher, key> value with the value-handle |
1283 | * supplied directly by the attribute manager. |
1284 | * Conditions: |
1285 | * Nothing locked. |
1286 | * Caller holds references on voucher. |
1287 | * A made reference to the value-handle is donated by the caller. |
1288 | */ |
1289 | static kern_return_t |
1290 | ipc_directly_replace_voucher_value( |
1291 | ipc_voucher_t voucher, |
1292 | mach_voucher_attr_key_t key, |
1293 | mach_voucher_attr_value_handle_t new_value) |
1294 | { |
1295 | ipc_voucher_attr_manager_t ivam; |
1296 | ipc_voucher_attr_control_t ivac; |
1297 | iv_index_t save_val_index; |
1298 | iv_index_t val_index; |
1299 | iv_index_t key_index; |
1300 | |
1301 | /* |
1302 | * Get the manager for this key_index. |
1303 | * Returns a reference on the control. |
1304 | */ |
1305 | key_index = iv_key_to_index(key); |
1306 | ivgt_lookup(key_index, TRUE, &ivam, &ivac); |
1307 | if (IVAM_NULL == ivam) |
1308 | return KERN_INVALID_ARGUMENT; |
1309 | |
1310 | /* save the current value stored in the forming voucher */ |
1311 | save_val_index = iv_lookup(voucher, key_index); |
1312 | |
1313 | /* |
1314 | * Find or create a slot in the table associated |
1315 | * with this attribute value. The ivac reference |
1316 | * is transferred to a new value, or consumed if |
1317 | * we find a matching existing value. |
1318 | */ |
1319 | val_index = ivace_reference_by_value(ivac, new_value, |
1320 | MACH_VOUCHER_ATTR_VALUE_FLAGS_NONE); |
1321 | iv_set(voucher, key_index, val_index); |
1322 | |
1323 | /* |
1324 | * release saved old value from the newly forming voucher |
1325 | * This is saved until the end to avoid churning the |
1326 | * release logic in cases where the same value is returned |
1327 | * as was there before. |
1328 | */ |
1329 | ivace_release(key_index, save_val_index); |
1330 | |
1331 | return KERN_SUCCESS; |
1332 | } |
1333 | |
1334 | static kern_return_t |
1335 | ipc_execute_voucher_recipe_command( |
1336 | ipc_voucher_t voucher, |
1337 | mach_voucher_attr_key_t key, |
1338 | mach_voucher_attr_recipe_command_t command, |
1339 | ipc_voucher_t prev_iv, |
1340 | mach_voucher_attr_content_t content, |
1341 | mach_voucher_attr_content_size_t content_size, |
1342 | boolean_t key_priv) |
1343 | { |
1344 | iv_index_t prev_val_index; |
1345 | iv_index_t val_index; |
1346 | kern_return_t kr; |
1347 | |
1348 | switch (command) { |
1349 | |
1350 | /* |
1351 | * MACH_VOUCHER_ATTR_COPY |
1352 | * Copy the attribute(s) from the previous voucher to the new |
1353 | * one. A wildcard key is an acceptable value - indicating a |
1354 | * desire to copy all the attribute values from the previous |
1355 | * voucher. |
1356 | */ |
1357 | case MACH_VOUCHER_ATTR_COPY: |
1358 | |
1359 | /* no recipe data on a copy */ |
1360 | if (0 < content_size) |
1361 | return KERN_INVALID_ARGUMENT; |
1362 | |
1363 | /* nothing to copy from? - done */ |
1364 | if (IV_NULL == prev_iv) |
1365 | return KERN_SUCCESS; |
1366 | |
1367 | if (MACH_VOUCHER_ATTR_KEY_ALL == key) { |
1368 | iv_index_t limit, j; |
1369 | |
1370 | /* reconcile possible difference in voucher sizes */ |
1371 | limit = (prev_iv->iv_table_size < voucher->iv_table_size) ? |
1372 | prev_iv->iv_table_size : |
1373 | voucher->iv_table_size; |
1374 | |
1375 | /* wildcard matching */ |
1376 | for (j = 0; j < limit; j++) { |
1377 | /* release old value being replaced */ |
1378 | val_index = iv_lookup(voucher, j); |
1379 | ivace_release(j, val_index); |
1380 | |
1381 | /* replace with reference to prev voucher's value */ |
1382 | prev_val_index = iv_lookup(prev_iv, j); |
1383 | ivace_reference_by_index(j, prev_val_index); |
1384 | iv_set(voucher, j, prev_val_index); |
1385 | } |
1386 | } else { |
1387 | iv_index_t key_index; |
1388 | |
1389 | /* copy just one key */ |
1390 | key_index = iv_key_to_index(key); |
1391 | if (ivgt_keys_in_use < key_index) |
1392 | return KERN_INVALID_ARGUMENT; |
1393 | |
1394 | /* release old value being replaced */ |
1395 | val_index = iv_lookup(voucher, key_index); |
1396 | ivace_release(key_index, val_index); |
1397 | |
1398 | /* replace with reference to prev voucher's value */ |
1399 | prev_val_index = iv_lookup(prev_iv, key_index); |
1400 | ivace_reference_by_index(key_index, prev_val_index); |
1401 | iv_set(voucher, key_index, prev_val_index); |
1402 | } |
1403 | break; |
1404 | |
1405 | /* |
1406 | * MACH_VOUCHER_ATTR_REMOVE |
1407 | * Remove the attribute(s) from the under construction voucher. |
1408 | * A wildcard key is an acceptable value - indicating a desire |
1409 | * to remove all the attribute values set up so far in the voucher. |
1410 | * If a previous voucher is specified, only remove the value it |
1411 | * it matches the value in the previous voucher. |
1412 | */ |
1413 | case MACH_VOUCHER_ATTR_REMOVE: |
1414 | /* no recipe data on a remove */ |
1415 | if (0 < content_size) |
1416 | return KERN_INVALID_ARGUMENT; |
1417 | |
1418 | if (MACH_VOUCHER_ATTR_KEY_ALL == key) { |
1419 | iv_index_t limit, j; |
1420 | |
1421 | /* reconcile possible difference in voucher sizes */ |
1422 | limit = (IV_NULL == prev_iv) ? voucher->iv_table_size : |
1423 | ((prev_iv->iv_table_size < voucher->iv_table_size) ? |
1424 | prev_iv->iv_table_size : voucher->iv_table_size); |
1425 | |
1426 | /* wildcard matching */ |
1427 | for (j = 0; j < limit; j++) { |
1428 | val_index = iv_lookup(voucher, j); |
1429 | |
1430 | /* If not matched in previous, skip */ |
1431 | if (IV_NULL != prev_iv) { |
1432 | prev_val_index = iv_lookup(prev_iv, j); |
1433 | if (val_index != prev_val_index) |
1434 | continue; |
1435 | } |
1436 | /* release and clear */ |
1437 | ivace_release(j, val_index); |
1438 | iv_set(voucher, j, IV_UNUSED_VALINDEX); |
1439 | } |
1440 | } else { |
1441 | iv_index_t key_index; |
1442 | |
1443 | /* copy just one key */ |
1444 | key_index = iv_key_to_index(key); |
1445 | if (ivgt_keys_in_use < key_index) |
1446 | return KERN_INVALID_ARGUMENT; |
1447 | |
1448 | val_index = iv_lookup(voucher, key_index); |
1449 | |
1450 | /* If not matched in previous, skip */ |
1451 | if (IV_NULL != prev_iv) { |
1452 | prev_val_index = iv_lookup(prev_iv, key_index); |
1453 | if (val_index != prev_val_index) |
1454 | break; |
1455 | } |
1456 | |
1457 | /* release and clear */ |
1458 | ivace_release(key_index, val_index); |
1459 | iv_set(voucher, key_index, IV_UNUSED_VALINDEX); |
1460 | } |
1461 | break; |
1462 | |
1463 | /* |
1464 | * MACH_VOUCHER_ATTR_SET_VALUE_HANDLE |
1465 | * Use key-privilege to set a value handle for the attribute directly, |
1466 | * rather than triggering a callback into the attribute manager to |
1467 | * interpret a recipe to generate the value handle. |
1468 | */ |
1469 | case MACH_VOUCHER_ATTR_SET_VALUE_HANDLE: |
1470 | if (key_priv) { |
1471 | mach_voucher_attr_value_handle_t new_value; |
1472 | |
1473 | if (sizeof(mach_voucher_attr_value_handle_t) != content_size) |
1474 | return KERN_INVALID_ARGUMENT; |
1475 | |
1476 | new_value = *(mach_voucher_attr_value_handle_t *)(void *)content; |
1477 | kr = ipc_directly_replace_voucher_value(voucher, |
1478 | key, |
1479 | new_value); |
1480 | if (KERN_SUCCESS != kr) |
1481 | return kr; |
1482 | } else |
1483 | return KERN_INVALID_CAPABILITY; |
1484 | break; |
1485 | |
1486 | /* |
1487 | * MACH_VOUCHER_ATTR_REDEEM |
1488 | * Redeem the attribute(s) from the previous voucher for a possibly |
1489 | * new value in the new voucher. A wildcard key is an acceptable value, |
1490 | * indicating a desire to redeem all the values. |
1491 | */ |
1492 | case MACH_VOUCHER_ATTR_REDEEM: |
1493 | |
1494 | if (MACH_VOUCHER_ATTR_KEY_ALL == key) { |
1495 | iv_index_t limit, j; |
1496 | |
1497 | /* reconcile possible difference in voucher sizes */ |
1498 | if (IV_NULL != prev_iv) |
1499 | limit = (prev_iv->iv_table_size < voucher->iv_table_size) ? |
1500 | prev_iv->iv_table_size : |
1501 | voucher->iv_table_size; |
1502 | else |
1503 | limit = voucher->iv_table_size; |
1504 | |
1505 | /* wildcard matching */ |
1506 | for (j = 0; j < limit; j++) { |
1507 | mach_voucher_attr_key_t j_key; |
1508 | |
1509 | j_key = iv_index_to_key(j); |
1510 | |
1511 | /* skip non-existent managers */ |
1512 | if (MACH_VOUCHER_ATTR_KEY_NONE == j_key) |
1513 | continue; |
1514 | |
1515 | /* get the new value from redeem (skip empty previous) */ |
1516 | kr = ipc_replace_voucher_value(voucher, |
1517 | j_key, |
1518 | command, |
1519 | prev_iv, |
1520 | content, |
1521 | content_size); |
1522 | if (KERN_SUCCESS != kr) |
1523 | return kr; |
1524 | } |
1525 | break; |
1526 | } |
1527 | /* fall thru for single key redemption */ |
1528 | |
1529 | /* |
1530 | * DEFAULT: |
1531 | * Replace the current value for the <voucher, key> pair with whatever |
1532 | * value the resource manager returns for the command and recipe |
1533 | * combination provided. |
1534 | */ |
1535 | default: |
1536 | kr = ipc_replace_voucher_value(voucher, |
1537 | key, |
1538 | command, |
1539 | prev_iv, |
1540 | content, |
1541 | content_size); |
1542 | if (KERN_SUCCESS != kr) |
1543 | return kr; |
1544 | |
1545 | break; |
1546 | } |
1547 | return KERN_SUCCESS; |
1548 | } |
1549 | |
1550 | /* |
1551 | * Routine: iv_checksum |
1552 | * Purpose: |
1553 | * Compute the voucher sum. This is more position- |
1554 | * relevant than many other checksums - important for |
1555 | * vouchers (arrays of low, oft-reused, indexes). |
1556 | */ |
1557 | static inline iv_index_t |
1558 | iv_checksum(ipc_voucher_t voucher, boolean_t *emptyp) |
1559 | { |
1560 | iv_index_t c = 0; |
1561 | |
1562 | boolean_t empty = TRUE; |
1563 | if (0 < voucher->iv_table_size) { |
1564 | iv_index_t i = voucher->iv_table_size - 1; |
1565 | |
1566 | do { |
1567 | iv_index_t v = voucher->iv_table[i]; |
1568 | c = c << 3 | c >> (32 - 3); /* rotate */ |
1569 | c = ~c; /* invert */ |
1570 | if (0 < v) { |
1571 | c += v; /* add in */ |
1572 | empty = FALSE; |
1573 | } |
1574 | } while (0 < i--); |
1575 | } |
1576 | *emptyp = empty; |
1577 | return c; |
1578 | } |
1579 | |
1580 | /* |
1581 | * Routine: iv_dedup |
1582 | * Purpose: |
1583 | * See if the set of values represented by this new voucher |
1584 | * already exist in another voucher. If so return a reference |
1585 | * to the existing voucher and deallocate the voucher provided. |
1586 | * Otherwise, insert this one in the hash and return it. |
1587 | * Conditions: |
1588 | * A voucher reference is donated on entry. |
1589 | * Returns: |
1590 | * A voucher reference (may be different than on entry). |
1591 | */ |
1592 | static ipc_voucher_t |
1593 | iv_dedup(ipc_voucher_t new_iv) |
1594 | { |
1595 | boolean_t empty; |
1596 | iv_index_t sum; |
1597 | iv_index_t hash; |
1598 | ipc_voucher_t iv; |
1599 | |
1600 | sum = iv_checksum(new_iv, &empty); |
1601 | |
1602 | /* If all values are default, that's the empty (NULL) voucher */ |
1603 | if (empty) { |
1604 | iv_dealloc(new_iv, FALSE); |
1605 | return IV_NULL; |
1606 | } |
1607 | |
1608 | hash = IV_HASH_BUCKET(sum); |
1609 | |
1610 | ivht_lock(); |
1611 | queue_iterate(&ivht_bucket[hash], iv, ipc_voucher_t, iv_hash_link) { |
1612 | assert(iv->iv_hash == hash); |
1613 | |
1614 | /* if not already deallocating and sums match... */ |
1615 | if ((os_ref_get_count(&iv->iv_refs) > 0) && (iv->iv_sum == sum)) { |
1616 | iv_index_t i; |
1617 | |
1618 | assert(iv->iv_table_size <= new_iv->iv_table_size); |
1619 | |
1620 | /* and common entries match... */ |
1621 | for (i = 0; i < iv->iv_table_size; i++) |
1622 | if (iv->iv_table[i] != new_iv->iv_table[i]) |
1623 | break; |
1624 | if (i < iv->iv_table_size) |
1625 | continue; |
1626 | |
1627 | /* and all extra entries in new one are unused... */ |
1628 | while (i < new_iv->iv_table_size) |
1629 | if (new_iv->iv_table[i++] != IV_UNUSED_VALINDEX) |
1630 | break; |
1631 | if (i < new_iv->iv_table_size) |
1632 | continue; |
1633 | |
1634 | /* ... we found a match... */ |
1635 | |
1636 | /* can we get a ref before it hits 0 |
1637 | * |
1638 | * This is thread safe. If the reference count is zero before we |
1639 | * adjust it, no other thread can have a reference to the voucher. |
1640 | * The dealloc code requires holding the ivht_lock, so |
1641 | * the voucher cannot be yanked out from under us. |
1642 | */ |
1643 | if (!os_ref_retain_try(&iv->iv_refs)) { |
1644 | continue; |
1645 | } |
1646 | |
1647 | ivht_unlock(); |
1648 | |
1649 | /* referenced previous, so deallocate the new one */ |
1650 | iv_dealloc(new_iv, FALSE); |
1651 | return iv; |
1652 | } |
1653 | } |
1654 | |
1655 | /* add the new voucher to the hash, and return it */ |
1656 | new_iv->iv_sum = sum; |
1657 | new_iv->iv_hash = hash; |
1658 | queue_enter(&ivht_bucket[hash], new_iv, ipc_voucher_t, iv_hash_link); |
1659 | ivht_count++; |
1660 | ivht_unlock(); |
1661 | |
1662 | /* |
1663 | * This code is disabled for KDEBUG_LEVEL_IST and KDEBUG_LEVEL_NONE |
1664 | */ |
1665 | #if (KDEBUG_LEVEL >= KDEBUG_LEVEL_STANDARD) |
1666 | if (kdebug_enable & ~KDEBUG_ENABLE_PPT) { |
1667 | uintptr_t voucher_addr = VM_KERNEL_ADDRPERM((uintptr_t)new_iv); |
1668 | uintptr_t attr_tracepoints_needed = 0; |
1669 | |
1670 | if (ipc_voucher_trace_contents) { |
1671 | /* |
1672 | * voucher_contents sizing is a bit more constrained |
1673 | * than might be obvious. |
1674 | * |
1675 | * This is typically a uint8_t typed array. However, |
1676 | * we want to access it as a uintptr_t to efficiently |
1677 | * copyout the data in tracepoints. |
1678 | * |
1679 | * This constrains the size to uintptr_t bytes, and |
1680 | * adds a minimimum alignment requirement equivalent |
1681 | * to a uintptr_t. |
1682 | * |
1683 | * Further constraining the size is the fact that it |
1684 | * is copied out 4 uintptr_t chunks at a time. We do |
1685 | * NOT want to run off the end of the array and copyout |
1686 | * random stack data. |
1687 | * |
1688 | * So the minimum size is 4 * sizeof(uintptr_t), and |
1689 | * the minimum alignment is uintptr_t aligned. |
1690 | */ |
1691 | |
1692 | #define PAYLOAD_PER_TRACEPOINT (4 * sizeof(uintptr_t)) |
1693 | #define PAYLOAD_SIZE 1024 |
1694 | |
1695 | static_assert(PAYLOAD_SIZE % PAYLOAD_PER_TRACEPOINT == 0, "size invariant violated" ); |
1696 | |
1697 | mach_voucher_attr_raw_recipe_array_size_t payload_size = PAYLOAD_SIZE; |
1698 | uintptr_t payload[PAYLOAD_SIZE / sizeof(uintptr_t)]; |
1699 | kern_return_t kr; |
1700 | |
1701 | kr = mach_voucher_extract_all_attr_recipes(new_iv, (mach_voucher_attr_raw_recipe_array_t)payload, &payload_size); |
1702 | if (KERN_SUCCESS == kr) { |
1703 | attr_tracepoints_needed = (payload_size + PAYLOAD_PER_TRACEPOINT - 1) / PAYLOAD_PER_TRACEPOINT; |
1704 | |
1705 | /* |
1706 | * To prevent leaking data from the stack, we |
1707 | * need to zero data to the end of a tracepoint |
1708 | * payload. |
1709 | */ |
1710 | size_t remainder = payload_size % PAYLOAD_PER_TRACEPOINT; |
1711 | if (remainder) { |
1712 | bzero((uint8_t*)payload + payload_size, |
1713 | PAYLOAD_PER_TRACEPOINT - remainder); |
1714 | } |
1715 | } |
1716 | |
1717 | KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_VOUCHER_CREATE), |
1718 | voucher_addr, new_iv->iv_table_size, ivht_count, |
1719 | payload_size); |
1720 | |
1721 | uintptr_t index = 0; |
1722 | while (attr_tracepoints_needed--) { |
1723 | KDBG(MACHDBG_CODE(DBG_MACH_IPC, |
1724 | MACH_IPC_VOUCHER_CREATE_ATTR_DATA), payload[index], |
1725 | payload[index + 1], payload[index + 2], |
1726 | payload[index + 3]); |
1727 | index += 4; |
1728 | } |
1729 | } else { |
1730 | KDBG(MACHDBG_CODE(DBG_MACH_IPC, MACH_IPC_VOUCHER_CREATE), |
1731 | voucher_addr, new_iv->iv_table_size, ivht_count); |
1732 | } |
1733 | } |
1734 | #endif /* KDEBUG_LEVEL >= KDEBUG_LEVEL_STANDARD */ |
1735 | |
1736 | return new_iv; |
1737 | } |
1738 | |
1739 | /* |
1740 | * Routine: ipc_create_mach_voucher |
1741 | * Purpose: |
1742 | * Create a new mach voucher and initialize it with the |
1743 | * value(s) created by having the appropriate resource |
1744 | * managers interpret the supplied recipe commands and |
1745 | * data. |
1746 | * Conditions: |
1747 | * Nothing locked (may invoke user-space repeatedly). |
1748 | * Caller holds references on previous vouchers. |
1749 | * Previous vouchers are passed as voucher indexes. |
1750 | */ |
1751 | kern_return_t |
1752 | ipc_create_mach_voucher( |
1753 | ipc_voucher_attr_raw_recipe_array_t recipes, |
1754 | ipc_voucher_attr_raw_recipe_array_size_t recipe_size, |
1755 | ipc_voucher_t *new_voucher) |
1756 | { |
1757 | ipc_voucher_attr_recipe_t sub_recipe; |
1758 | ipc_voucher_attr_recipe_size_t recipe_used = 0; |
1759 | ipc_voucher_t voucher; |
1760 | kern_return_t kr = KERN_SUCCESS; |
1761 | |
1762 | /* if nothing to do ... */ |
1763 | if (0 == recipe_size) { |
1764 | *new_voucher = IV_NULL; |
1765 | return KERN_SUCCESS; |
1766 | } |
1767 | |
1768 | /* allocate a voucher */ |
1769 | voucher = iv_alloc(ivgt_keys_in_use); |
1770 | if (IV_NULL == voucher) |
1771 | return KERN_RESOURCE_SHORTAGE; |
1772 | |
1773 | /* iterate over the recipe items */ |
1774 | while (0 < recipe_size - recipe_used) { |
1775 | |
1776 | if (recipe_size - recipe_used < sizeof(*sub_recipe)) { |
1777 | kr = KERN_INVALID_ARGUMENT; |
1778 | break; |
1779 | } |
1780 | |
1781 | /* find the next recipe */ |
1782 | sub_recipe = (ipc_voucher_attr_recipe_t)(void *)&recipes[recipe_used]; |
1783 | if (recipe_size - recipe_used - sizeof(*sub_recipe) < sub_recipe->content_size) { |
1784 | kr = KERN_INVALID_ARGUMENT; |
1785 | break; |
1786 | } |
1787 | recipe_used += sizeof(*sub_recipe) + sub_recipe->content_size; |
1788 | |
1789 | kr = ipc_execute_voucher_recipe_command(voucher, |
1790 | sub_recipe->key, |
1791 | sub_recipe->command, |
1792 | sub_recipe->previous_voucher, |
1793 | sub_recipe->content, |
1794 | sub_recipe->content_size, |
1795 | FALSE); |
1796 | if (KERN_SUCCESS != kr) |
1797 | break; |
1798 | } |
1799 | |
1800 | if (KERN_SUCCESS == kr) { |
1801 | *new_voucher = iv_dedup(voucher); |
1802 | } else { |
1803 | iv_dealloc(voucher, FALSE); |
1804 | *new_voucher = IV_NULL; |
1805 | } |
1806 | return kr; |
1807 | } |
1808 | |
1809 | /* |
1810 | * Routine: ipc_voucher_attr_control_create_mach_voucher |
1811 | * Purpose: |
1812 | * Create a new mach voucher and initialize it with the |
1813 | * value(s) created by having the appropriate resource |
1814 | * managers interpret the supplied recipe commands and |
1815 | * data. |
1816 | * |
1817 | * The resource manager control's privilege over its |
1818 | * particular key value is reflected on to the execution |
1819 | * code, allowing internal commands (like setting a |
1820 | * key value handle directly, rather than having to |
1821 | * create a recipe, that will generate a callback just |
1822 | * to get the value. |
1823 | * |
1824 | * Conditions: |
1825 | * Nothing locked (may invoke user-space repeatedly). |
1826 | * Caller holds references on previous vouchers. |
1827 | * Previous vouchers are passed as voucher indexes. |
1828 | */ |
1829 | kern_return_t |
1830 | ipc_voucher_attr_control_create_mach_voucher( |
1831 | ipc_voucher_attr_control_t control, |
1832 | ipc_voucher_attr_raw_recipe_array_t recipes, |
1833 | ipc_voucher_attr_raw_recipe_array_size_t recipe_size, |
1834 | ipc_voucher_t *new_voucher) |
1835 | { |
1836 | mach_voucher_attr_key_t control_key; |
1837 | ipc_voucher_attr_recipe_t sub_recipe; |
1838 | ipc_voucher_attr_recipe_size_t recipe_used = 0; |
1839 | ipc_voucher_t voucher = IV_NULL; |
1840 | kern_return_t kr = KERN_SUCCESS; |
1841 | |
1842 | if (IPC_VOUCHER_ATTR_CONTROL_NULL == control) |
1843 | return KERN_INVALID_CAPABILITY; |
1844 | |
1845 | /* if nothing to do ... */ |
1846 | if (0 == recipe_size) { |
1847 | *new_voucher = IV_NULL; |
1848 | return KERN_SUCCESS; |
1849 | } |
1850 | |
1851 | /* allocate new voucher */ |
1852 | voucher = iv_alloc(ivgt_keys_in_use); |
1853 | if (IV_NULL == voucher) |
1854 | return KERN_RESOURCE_SHORTAGE; |
1855 | |
1856 | control_key = iv_index_to_key(control->ivac_key_index); |
1857 | |
1858 | /* iterate over the recipe items */ |
1859 | while (0 < recipe_size - recipe_used) { |
1860 | |
1861 | if (recipe_size - recipe_used < sizeof(*sub_recipe)) { |
1862 | kr = KERN_INVALID_ARGUMENT; |
1863 | break; |
1864 | } |
1865 | |
1866 | /* find the next recipe */ |
1867 | sub_recipe = (ipc_voucher_attr_recipe_t)(void *)&recipes[recipe_used]; |
1868 | if (recipe_size - recipe_used - sizeof(*sub_recipe) < sub_recipe->content_size) { |
1869 | kr = KERN_INVALID_ARGUMENT; |
1870 | break; |
1871 | } |
1872 | recipe_used += sizeof(*sub_recipe) + sub_recipe->content_size; |
1873 | |
1874 | kr = ipc_execute_voucher_recipe_command(voucher, |
1875 | sub_recipe->key, |
1876 | sub_recipe->command, |
1877 | sub_recipe->previous_voucher, |
1878 | sub_recipe->content, |
1879 | sub_recipe->content_size, |
1880 | (sub_recipe->key == control_key)); |
1881 | if (KERN_SUCCESS != kr) |
1882 | break; |
1883 | } |
1884 | |
1885 | if (KERN_SUCCESS == kr) { |
1886 | *new_voucher = iv_dedup(voucher); |
1887 | } else { |
1888 | *new_voucher = IV_NULL; |
1889 | iv_dealloc(voucher, FALSE); |
1890 | } |
1891 | return kr; |
1892 | } |
1893 | |
1894 | /* |
1895 | * ipc_register_well_known_mach_voucher_attr_manager |
1896 | * |
1897 | * Register the resource manager responsible for a given key value. |
1898 | */ |
1899 | kern_return_t |
1900 | ipc_register_well_known_mach_voucher_attr_manager( |
1901 | ipc_voucher_attr_manager_t manager, |
1902 | mach_voucher_attr_value_handle_t default_value, |
1903 | mach_voucher_attr_key_t key, |
1904 | ipc_voucher_attr_control_t *control) |
1905 | { |
1906 | ipc_voucher_attr_control_t new_control; |
1907 | iv_index_t key_index; |
1908 | iv_index_t hash_index; |
1909 | |
1910 | if (IVAM_NULL == manager) |
1911 | return KERN_INVALID_ARGUMENT; |
1912 | |
1913 | key_index = iv_key_to_index(key); |
1914 | if (IV_UNUSED_KEYINDEX == key_index) |
1915 | return KERN_INVALID_ARGUMENT; |
1916 | |
1917 | new_control = ivac_alloc(key_index); |
1918 | if (IVAC_NULL == new_control) |
1919 | return KERN_RESOURCE_SHORTAGE; |
1920 | |
1921 | /* insert the default value into slot 0 */ |
1922 | new_control->ivac_table[IV_UNUSED_VALINDEX].ivace_value = default_value; |
1923 | new_control->ivac_table[IV_UNUSED_VALINDEX].ivace_refs = IVACE_REFS_MAX; |
1924 | new_control->ivac_table[IV_UNUSED_VALINDEX].ivace_made = IVACE_REFS_MAX; |
1925 | new_control->ivac_table[IV_UNUSED_VALINDEX].ivace_persist = TRUE; |
1926 | assert(IV_HASH_END == new_control->ivac_table[IV_UNUSED_VALINDEX].ivace_next); |
1927 | |
1928 | ivgt_lock(); |
1929 | if (IVAM_NULL != iv_global_table[key_index].ivgte_manager) { |
1930 | ivgt_unlock(); |
1931 | ivac_release(new_control); |
1932 | return KERN_INVALID_ARGUMENT; |
1933 | } |
1934 | |
1935 | /* fill in the global table slot for this key */ |
1936 | iv_global_table[key_index].ivgte_manager = manager; |
1937 | iv_global_table[key_index].ivgte_control = new_control; |
1938 | iv_global_table[key_index].ivgte_key = key; |
1939 | |
1940 | /* insert the default value into the hash (in case it is returned later) */ |
1941 | hash_index = iv_hash_value(key_index, default_value); |
1942 | assert(IV_HASH_END == new_control->ivac_table[hash_index].ivace_index); |
1943 | new_control->ivac_table[hash_index].ivace_index = IV_UNUSED_VALINDEX; |
1944 | |
1945 | ivgt_unlock(); |
1946 | |
1947 | /* return the reference on the new cache control to the caller */ |
1948 | *control = new_control; |
1949 | |
1950 | return KERN_SUCCESS; |
1951 | } |
1952 | |
1953 | /* |
1954 | * Routine: mach_voucher_extract_attr_content |
1955 | * Purpose: |
1956 | * Extract the content for a given <voucher, key> pair. |
1957 | * |
1958 | * If a value other than the default is present for this |
1959 | * <voucher,key> pair, we need to contact the resource |
1960 | * manager to extract the content/meaning of the value(s) |
1961 | * present. Otherwise, return success (but no data). |
1962 | * |
1963 | * Conditions: |
1964 | * Nothing locked - as it may upcall to user-space. |
1965 | * The caller holds a reference on the voucher. |
1966 | */ |
1967 | kern_return_t |
1968 | ( |
1969 | ipc_voucher_t voucher, |
1970 | mach_voucher_attr_key_t key, |
1971 | mach_voucher_attr_content_t content, |
1972 | mach_voucher_attr_content_size_t *in_out_size) |
1973 | { |
1974 | mach_voucher_attr_value_handle_t vals[MACH_VOUCHER_ATTR_VALUE_MAX_NESTED]; |
1975 | mach_voucher_attr_value_handle_array_size_t vals_count; |
1976 | mach_voucher_attr_recipe_command_t command; |
1977 | ipc_voucher_attr_manager_t manager; |
1978 | iv_index_t value_index; |
1979 | iv_index_t key_index; |
1980 | kern_return_t kr; |
1981 | |
1982 | |
1983 | if (IV_NULL == voucher) |
1984 | return KERN_INVALID_ARGUMENT; |
1985 | |
1986 | key_index = iv_key_to_index(key); |
1987 | |
1988 | value_index = iv_lookup(voucher, key_index); |
1989 | if (IV_UNUSED_VALINDEX == value_index) { |
1990 | *in_out_size = 0; |
1991 | return KERN_SUCCESS; |
1992 | } |
1993 | |
1994 | /* |
1995 | * Get the manager for this key_index. The |
1996 | * existence of a non-default value for this |
1997 | * slot within our voucher will keep the |
1998 | * manager referenced during the callout. |
1999 | */ |
2000 | ivgt_lookup(key_index, FALSE, &manager, NULL); |
2001 | if (IVAM_NULL == manager) { |
2002 | return KERN_INVALID_ARGUMENT; |
2003 | } |
2004 | |
2005 | /* |
2006 | * Get the value(s) to pass to the manager |
2007 | * for this value_index. |
2008 | */ |
2009 | ivace_lookup_values(key_index, value_index, |
2010 | vals, &vals_count); |
2011 | assert(0 < vals_count); |
2012 | |
2013 | /* callout to manager */ |
2014 | |
2015 | kr = (manager->ivam_extract_content)(manager, key, |
2016 | vals, vals_count, |
2017 | &command, |
2018 | content, in_out_size); |
2019 | return kr; |
2020 | } |
2021 | |
2022 | /* |
2023 | * Routine: mach_voucher_extract_attr_recipe |
2024 | * Purpose: |
2025 | * Extract a recipe for a given <voucher, key> pair. |
2026 | * |
2027 | * If a value other than the default is present for this |
2028 | * <voucher,key> pair, we need to contact the resource |
2029 | * manager to extract the content/meaning of the value(s) |
2030 | * present. Otherwise, return success (but no data). |
2031 | * |
2032 | * Conditions: |
2033 | * Nothing locked - as it may upcall to user-space. |
2034 | * The caller holds a reference on the voucher. |
2035 | */ |
2036 | kern_return_t |
2037 | ( |
2038 | ipc_voucher_t voucher, |
2039 | mach_voucher_attr_key_t key, |
2040 | mach_voucher_attr_raw_recipe_t raw_recipe, |
2041 | mach_voucher_attr_raw_recipe_size_t *in_out_size) |
2042 | { |
2043 | mach_voucher_attr_value_handle_t vals[MACH_VOUCHER_ATTR_VALUE_MAX_NESTED]; |
2044 | mach_voucher_attr_value_handle_array_size_t vals_count; |
2045 | ipc_voucher_attr_manager_t manager; |
2046 | mach_voucher_attr_recipe_t recipe; |
2047 | iv_index_t value_index; |
2048 | iv_index_t key_index; |
2049 | kern_return_t kr; |
2050 | |
2051 | |
2052 | if (IV_NULL == voucher) |
2053 | return KERN_INVALID_ARGUMENT; |
2054 | |
2055 | key_index = iv_key_to_index(key); |
2056 | |
2057 | value_index = iv_lookup(voucher, key_index); |
2058 | if (IV_UNUSED_VALINDEX == value_index) { |
2059 | *in_out_size = 0; |
2060 | return KERN_SUCCESS; |
2061 | } |
2062 | |
2063 | if (*in_out_size < sizeof(*recipe)) |
2064 | return KERN_NO_SPACE; |
2065 | |
2066 | recipe = (mach_voucher_attr_recipe_t)(void *)raw_recipe; |
2067 | recipe->key = key; |
2068 | recipe->command = MACH_VOUCHER_ATTR_NOOP; |
2069 | recipe->previous_voucher = MACH_VOUCHER_NAME_NULL; |
2070 | recipe->content_size = *in_out_size - sizeof(*recipe); |
2071 | |
2072 | /* |
2073 | * Get the manager for this key_index. The |
2074 | * existence of a non-default value for this |
2075 | * slot within our voucher will keep the |
2076 | * manager referenced during the callout. |
2077 | */ |
2078 | ivgt_lookup(key_index, FALSE, &manager, NULL); |
2079 | if (IVAM_NULL == manager) { |
2080 | return KERN_INVALID_ARGUMENT; |
2081 | } |
2082 | |
2083 | /* |
2084 | * Get the value(s) to pass to the manager |
2085 | * for this value_index. |
2086 | */ |
2087 | ivace_lookup_values(key_index, value_index, |
2088 | vals, &vals_count); |
2089 | assert(0 < vals_count); |
2090 | |
2091 | /* callout to manager */ |
2092 | kr = (manager->ivam_extract_content)(manager, key, |
2093 | vals, vals_count, |
2094 | &recipe->command, |
2095 | recipe->content, &recipe->content_size); |
2096 | if (KERN_SUCCESS == kr) { |
2097 | assert(*in_out_size - sizeof(*recipe) >= recipe->content_size); |
2098 | *in_out_size = sizeof(*recipe) + recipe->content_size; |
2099 | } |
2100 | |
2101 | return kr; |
2102 | } |
2103 | |
2104 | |
2105 | |
2106 | /* |
2107 | * Routine: mach_voucher_extract_all_attr_recipes |
2108 | * Purpose: |
2109 | * Extract all the (non-default) contents for a given voucher, |
2110 | * building up a recipe that could be provided to a future |
2111 | * voucher creation call. |
2112 | * Conditions: |
2113 | * Nothing locked (may invoke user-space). |
2114 | * Caller holds a reference on the supplied voucher. |
2115 | */ |
2116 | kern_return_t |
2117 | ( |
2118 | ipc_voucher_t voucher, |
2119 | mach_voucher_attr_raw_recipe_array_t recipes, |
2120 | mach_voucher_attr_raw_recipe_array_size_t *in_out_size) |
2121 | { |
2122 | mach_voucher_attr_recipe_size_t recipe_size = *in_out_size; |
2123 | mach_voucher_attr_recipe_size_t recipe_used = 0; |
2124 | iv_index_t key_index; |
2125 | |
2126 | if (IV_NULL == voucher) |
2127 | return KERN_INVALID_ARGUMENT; |
2128 | |
2129 | for (key_index = 0; key_index < voucher->iv_table_size; key_index++) { |
2130 | mach_voucher_attr_value_handle_t vals[MACH_VOUCHER_ATTR_VALUE_MAX_NESTED]; |
2131 | mach_voucher_attr_value_handle_array_size_t vals_count; |
2132 | mach_voucher_attr_content_size_t content_size; |
2133 | ipc_voucher_attr_manager_t manager; |
2134 | mach_voucher_attr_recipe_t recipe; |
2135 | mach_voucher_attr_key_t key; |
2136 | iv_index_t value_index; |
2137 | kern_return_t kr; |
2138 | |
2139 | /* don't output anything for a default value */ |
2140 | value_index = iv_lookup(voucher, key_index); |
2141 | if (IV_UNUSED_VALINDEX == value_index) |
2142 | continue; |
2143 | |
2144 | if (recipe_size - recipe_used < sizeof(*recipe)) |
2145 | return KERN_NO_SPACE; |
2146 | |
2147 | /* |
2148 | * Get the manager for this key_index. The |
2149 | * existence of a non-default value for this |
2150 | * slot within our voucher will keep the |
2151 | * manager referenced during the callout. |
2152 | */ |
2153 | ivgt_lookup(key_index, FALSE, &manager, NULL); |
2154 | assert(IVAM_NULL != manager); |
2155 | if (IVAM_NULL == manager) { |
2156 | continue; |
2157 | } |
2158 | |
2159 | recipe = (mach_voucher_attr_recipe_t)(void *)&recipes[recipe_used]; |
2160 | content_size = recipe_size - recipe_used - sizeof(*recipe); |
2161 | |
2162 | /* |
2163 | * Get the value(s) to pass to the manager |
2164 | * for this value_index. |
2165 | */ |
2166 | ivace_lookup_values(key_index, value_index, |
2167 | vals, &vals_count); |
2168 | assert(0 < vals_count); |
2169 | |
2170 | key = iv_index_to_key(key_index); |
2171 | |
2172 | recipe->key = key; |
2173 | recipe->command = MACH_VOUCHER_ATTR_NOOP; |
2174 | recipe->content_size = content_size; |
2175 | |
2176 | /* callout to manager */ |
2177 | kr = (manager->ivam_extract_content)(manager, key, |
2178 | vals, vals_count, |
2179 | &recipe->command, |
2180 | recipe->content, &recipe->content_size); |
2181 | if (KERN_SUCCESS != kr) |
2182 | return kr; |
2183 | |
2184 | assert(recipe->content_size <= content_size); |
2185 | recipe_used += sizeof(*recipe) + recipe->content_size; |
2186 | } |
2187 | |
2188 | *in_out_size = recipe_used; |
2189 | return KERN_SUCCESS; |
2190 | } |
2191 | |
2192 | /* |
2193 | * Routine: mach_voucher_debug_info |
2194 | * Purpose: |
2195 | * Extract all the (non-default) contents for a given mach port name, |
2196 | * building up a recipe that could be provided to a future |
2197 | * voucher creation call. |
2198 | * Conditions: |
2199 | * Nothing locked (may invoke user-space). |
2200 | * Caller may not hold a reference on the supplied voucher. |
2201 | */ |
2202 | #if !(DEVELOPMENT || DEBUG) |
2203 | kern_return_t |
2204 | mach_voucher_debug_info( |
2205 | ipc_space_t __unused space, |
2206 | mach_port_name_t __unused voucher_name, |
2207 | mach_voucher_attr_raw_recipe_array_t __unused recipes, |
2208 | mach_voucher_attr_raw_recipe_array_size_t __unused *in_out_size) |
2209 | { |
2210 | return KERN_NOT_SUPPORTED; |
2211 | } |
2212 | #else |
2213 | kern_return_t |
2214 | mach_voucher_debug_info( |
2215 | ipc_space_t space, |
2216 | mach_port_name_t voucher_name, |
2217 | mach_voucher_attr_raw_recipe_array_t recipes, |
2218 | mach_voucher_attr_raw_recipe_array_size_t *in_out_size) |
2219 | { |
2220 | ipc_voucher_t voucher = IPC_VOUCHER_NULL; |
2221 | kern_return_t kr; |
2222 | ipc_port_t port = MACH_PORT_NULL; |
2223 | |
2224 | if (!MACH_PORT_VALID(voucher_name)) { |
2225 | return KERN_INVALID_ARGUMENT; |
2226 | } |
2227 | |
2228 | kr = ipc_port_translate_send(space, voucher_name, &port); |
2229 | if (KERN_SUCCESS != kr) |
2230 | return KERN_INVALID_ARGUMENT; |
2231 | |
2232 | voucher = convert_port_to_voucher(port); |
2233 | ip_unlock(port); |
2234 | |
2235 | if (voucher) { |
2236 | kr = mach_voucher_extract_all_attr_recipes(voucher, recipes, in_out_size); |
2237 | ipc_voucher_release(voucher); |
2238 | return kr; |
2239 | } |
2240 | |
2241 | return KERN_FAILURE; |
2242 | } |
2243 | #endif |
2244 | |
2245 | /* |
2246 | * Routine: mach_voucher_attr_command |
2247 | * Purpose: |
2248 | * Invoke an attribute-specific command through this voucher. |
2249 | * |
2250 | * The voucher layout, membership, etc... is not altered |
2251 | * through the execution of this command. |
2252 | * |
2253 | * Conditions: |
2254 | * Nothing locked - as it may upcall to user-space. |
2255 | * The caller holds a reference on the voucher. |
2256 | */ |
2257 | kern_return_t |
2258 | mach_voucher_attr_command( |
2259 | ipc_voucher_t voucher, |
2260 | mach_voucher_attr_key_t key, |
2261 | mach_voucher_attr_command_t command, |
2262 | mach_voucher_attr_content_t in_content, |
2263 | mach_voucher_attr_content_size_t in_content_size, |
2264 | mach_voucher_attr_content_t out_content, |
2265 | mach_voucher_attr_content_size_t *out_content_size) |
2266 | { |
2267 | mach_voucher_attr_value_handle_t vals[MACH_VOUCHER_ATTR_VALUE_MAX_NESTED]; |
2268 | mach_voucher_attr_value_handle_array_size_t vals_count; |
2269 | ipc_voucher_attr_manager_t manager; |
2270 | ipc_voucher_attr_control_t control; |
2271 | iv_index_t value_index; |
2272 | iv_index_t key_index; |
2273 | kern_return_t kr; |
2274 | |
2275 | |
2276 | if (IV_NULL == voucher) |
2277 | return KERN_INVALID_ARGUMENT; |
2278 | |
2279 | key_index = iv_key_to_index(key); |
2280 | |
2281 | /* |
2282 | * Get the manager for this key_index. |
2283 | * Allowing commands against the default value |
2284 | * for an attribute means that we have to hold |
2285 | * reference on the attribute manager control |
2286 | * to keep the manager around during the command |
2287 | * execution. |
2288 | */ |
2289 | ivgt_lookup(key_index, TRUE, &manager, &control); |
2290 | if (IVAM_NULL == manager) { |
2291 | return KERN_INVALID_ARGUMENT; |
2292 | } |
2293 | |
2294 | /* |
2295 | * Get the values for this <voucher, key> pair |
2296 | * to pass to the attribute manager. It is still |
2297 | * permissible to execute a command against the |
2298 | * default value (empty value array). |
2299 | */ |
2300 | value_index = iv_lookup(voucher, key_index); |
2301 | ivace_lookup_values(key_index, value_index, |
2302 | vals, &vals_count); |
2303 | |
2304 | /* callout to manager */ |
2305 | kr = (manager->ivam_command)(manager, key, |
2306 | vals, vals_count, |
2307 | command, |
2308 | in_content, in_content_size, |
2309 | out_content, out_content_size); |
2310 | |
2311 | /* release reference on control */ |
2312 | ivac_release(control); |
2313 | |
2314 | return kr; |
2315 | } |
2316 | |
2317 | /* |
2318 | * Routine: mach_voucher_attr_control_get_values |
2319 | * Purpose: |
2320 | * For a given voucher, get the value handle associated with the |
2321 | * specified attribute manager. |
2322 | */ |
2323 | kern_return_t |
2324 | mach_voucher_attr_control_get_values( |
2325 | ipc_voucher_attr_control_t control, |
2326 | ipc_voucher_t voucher, |
2327 | mach_voucher_attr_value_handle_array_t out_values, |
2328 | mach_voucher_attr_value_handle_array_size_t *in_out_size) |
2329 | { |
2330 | iv_index_t key_index, value_index; |
2331 | |
2332 | if (IPC_VOUCHER_ATTR_CONTROL_NULL == control) |
2333 | return KERN_INVALID_CAPABILITY; |
2334 | |
2335 | if (IV_NULL == voucher) |
2336 | return KERN_INVALID_ARGUMENT; |
2337 | |
2338 | if (0 == *in_out_size) |
2339 | return KERN_SUCCESS; |
2340 | |
2341 | key_index = control->ivac_key_index; |
2342 | |
2343 | assert(os_ref_get_count(&voucher->iv_refs) > 0); |
2344 | value_index = iv_lookup(voucher, key_index); |
2345 | ivace_lookup_values(key_index, value_index, |
2346 | out_values, in_out_size); |
2347 | return KERN_SUCCESS; |
2348 | } |
2349 | |
2350 | /* |
2351 | * Routine: mach_voucher_attr_control_create_mach_voucher |
2352 | * Purpose: |
2353 | * Create a new mach voucher and initialize it by processing the |
2354 | * supplied recipe(s). |
2355 | * |
2356 | * Coming in on the attribute control port denotes special privileges |
2357 | * over they key associated with the control port. |
2358 | * |
2359 | * Coming in from user-space, each recipe item will have a previous |
2360 | * recipe port name that needs to be converted to a voucher. Because |
2361 | * we can't rely on the port namespace to hold a reference on each |
2362 | * previous voucher port for the duration of processing that command, |
2363 | * we have to convert the name to a voucher reference and release it |
2364 | * after the command processing is done. |
2365 | */ |
2366 | kern_return_t |
2367 | mach_voucher_attr_control_create_mach_voucher( |
2368 | ipc_voucher_attr_control_t control, |
2369 | mach_voucher_attr_raw_recipe_array_t recipes, |
2370 | mach_voucher_attr_raw_recipe_size_t recipe_size, |
2371 | ipc_voucher_t *new_voucher) |
2372 | { |
2373 | mach_voucher_attr_key_t control_key; |
2374 | mach_voucher_attr_recipe_t sub_recipe; |
2375 | mach_voucher_attr_recipe_size_t recipe_used = 0; |
2376 | ipc_voucher_t voucher = IV_NULL; |
2377 | kern_return_t kr = KERN_SUCCESS; |
2378 | |
2379 | if (IPC_VOUCHER_ATTR_CONTROL_NULL == control) |
2380 | return KERN_INVALID_CAPABILITY; |
2381 | |
2382 | /* if nothing to do ... */ |
2383 | if (0 == recipe_size) { |
2384 | *new_voucher = IV_NULL; |
2385 | return KERN_SUCCESS; |
2386 | } |
2387 | |
2388 | /* allocate new voucher */ |
2389 | voucher = iv_alloc(ivgt_keys_in_use); |
2390 | if (IV_NULL == voucher) |
2391 | return KERN_RESOURCE_SHORTAGE; |
2392 | |
2393 | control_key = iv_index_to_key(control->ivac_key_index); |
2394 | |
2395 | /* iterate over the recipe items */ |
2396 | while (0 < recipe_size - recipe_used) { |
2397 | ipc_voucher_t prev_iv; |
2398 | |
2399 | if (recipe_size - recipe_used < sizeof(*sub_recipe)) { |
2400 | kr = KERN_INVALID_ARGUMENT; |
2401 | break; |
2402 | } |
2403 | |
2404 | /* find the next recipe */ |
2405 | sub_recipe = (mach_voucher_attr_recipe_t)(void *)&recipes[recipe_used]; |
2406 | if (recipe_size - recipe_used - sizeof(*sub_recipe) < sub_recipe->content_size) { |
2407 | kr = KERN_INVALID_ARGUMENT; |
2408 | break; |
2409 | } |
2410 | recipe_used += sizeof(*sub_recipe) + sub_recipe->content_size; |
2411 | |
2412 | /* convert voucher port name (current space) into a voucher reference */ |
2413 | prev_iv = convert_port_name_to_voucher(sub_recipe->previous_voucher); |
2414 | if (MACH_PORT_NULL != sub_recipe->previous_voucher && IV_NULL == prev_iv) { |
2415 | kr = KERN_INVALID_CAPABILITY; |
2416 | break; |
2417 | } |
2418 | |
2419 | kr = ipc_execute_voucher_recipe_command(voucher, |
2420 | sub_recipe->key, |
2421 | sub_recipe->command, |
2422 | prev_iv, |
2423 | sub_recipe->content, |
2424 | sub_recipe->content_size, |
2425 | (sub_recipe->key == control_key)); |
2426 | ipc_voucher_release(prev_iv); |
2427 | |
2428 | if (KERN_SUCCESS != kr) |
2429 | break; |
2430 | } |
2431 | |
2432 | if (KERN_SUCCESS == kr) { |
2433 | *new_voucher = iv_dedup(voucher); |
2434 | } else { |
2435 | *new_voucher = IV_NULL; |
2436 | iv_dealloc(voucher, FALSE); |
2437 | } |
2438 | return kr; |
2439 | } |
2440 | |
2441 | /* |
2442 | * Routine: host_create_mach_voucher |
2443 | * Purpose: |
2444 | * Create a new mach voucher and initialize it by processing the |
2445 | * supplied recipe(s). |
2446 | * |
2447 | * Comming in from user-space, each recipe item will have a previous |
2448 | * recipe port name that needs to be converted to a voucher. Because |
2449 | * we can't rely on the port namespace to hold a reference on each |
2450 | * previous voucher port for the duration of processing that command, |
2451 | * we have to convert the name to a voucher reference and release it |
2452 | * after the command processing is done. |
2453 | */ |
2454 | kern_return_t |
2455 | host_create_mach_voucher( |
2456 | host_t host, |
2457 | mach_voucher_attr_raw_recipe_array_t recipes, |
2458 | mach_voucher_attr_raw_recipe_size_t recipe_size, |
2459 | ipc_voucher_t *new_voucher) |
2460 | { |
2461 | mach_voucher_attr_recipe_t sub_recipe; |
2462 | mach_voucher_attr_recipe_size_t recipe_used = 0; |
2463 | ipc_voucher_t voucher = IV_NULL; |
2464 | kern_return_t kr = KERN_SUCCESS; |
2465 | |
2466 | if (host == HOST_NULL) |
2467 | return KERN_INVALID_ARGUMENT; |
2468 | |
2469 | /* if nothing to do ... */ |
2470 | if (0 == recipe_size) { |
2471 | *new_voucher = IV_NULL; |
2472 | return KERN_SUCCESS; |
2473 | } |
2474 | |
2475 | /* allocate new voucher */ |
2476 | voucher = iv_alloc(ivgt_keys_in_use); |
2477 | if (IV_NULL == voucher) |
2478 | return KERN_RESOURCE_SHORTAGE; |
2479 | |
2480 | /* iterate over the recipe items */ |
2481 | while (0 < recipe_size - recipe_used) { |
2482 | ipc_voucher_t prev_iv; |
2483 | |
2484 | if (recipe_size - recipe_used < sizeof(*sub_recipe)) { |
2485 | kr = KERN_INVALID_ARGUMENT; |
2486 | break; |
2487 | } |
2488 | |
2489 | /* find the next recipe */ |
2490 | sub_recipe = (mach_voucher_attr_recipe_t)(void *)&recipes[recipe_used]; |
2491 | if (recipe_size - recipe_used - sizeof(*sub_recipe) < sub_recipe->content_size) { |
2492 | kr = KERN_INVALID_ARGUMENT; |
2493 | break; |
2494 | } |
2495 | recipe_used += sizeof(*sub_recipe) + sub_recipe->content_size; |
2496 | |
2497 | /* convert voucher port name (current space) into a voucher reference */ |
2498 | prev_iv = convert_port_name_to_voucher(sub_recipe->previous_voucher); |
2499 | if (MACH_PORT_NULL != sub_recipe->previous_voucher && IV_NULL == prev_iv) { |
2500 | kr = KERN_INVALID_CAPABILITY; |
2501 | break; |
2502 | } |
2503 | |
2504 | kr = ipc_execute_voucher_recipe_command(voucher, |
2505 | sub_recipe->key, |
2506 | sub_recipe->command, |
2507 | prev_iv, |
2508 | sub_recipe->content, |
2509 | sub_recipe->content_size, |
2510 | FALSE); |
2511 | ipc_voucher_release(prev_iv); |
2512 | |
2513 | if (KERN_SUCCESS != kr) |
2514 | break; |
2515 | } |
2516 | |
2517 | if (KERN_SUCCESS == kr) { |
2518 | *new_voucher = iv_dedup(voucher); |
2519 | } else { |
2520 | *new_voucher = IV_NULL; |
2521 | iv_dealloc(voucher, FALSE); |
2522 | } |
2523 | return kr; |
2524 | } |
2525 | |
2526 | /* |
2527 | * Routine: host_register_well_known_mach_voucher_attr_manager |
2528 | * Purpose: |
2529 | * Register the user-level resource manager responsible for a given |
2530 | * key value. |
2531 | * Conditions: |
2532 | * The manager port passed in has to be converted/wrapped |
2533 | * in an ipc_voucher_attr_manager_t structure and then call the |
2534 | * internal variant. We have a generic ipc voucher manager |
2535 | * type that implements a MIG proxy out to user-space just for |
2536 | * this purpose. |
2537 | */ |
2538 | kern_return_t |
2539 | host_register_well_known_mach_voucher_attr_manager( |
2540 | host_t host, |
2541 | mach_voucher_attr_manager_t __unused manager, |
2542 | mach_voucher_attr_value_handle_t __unused default_value, |
2543 | mach_voucher_attr_key_t __unused key, |
2544 | ipc_voucher_attr_control_t __unused *control) |
2545 | { |
2546 | if (HOST_NULL == host) |
2547 | return KERN_INVALID_HOST; |
2548 | |
2549 | #if 1 |
2550 | return KERN_NOT_SUPPORTED; |
2551 | #else |
2552 | /* |
2553 | * Allocate a mig_voucher_attr_manager_t that provides the |
2554 | * MIG proxy functions for the three manager callbacks and |
2555 | * store the port right in there. |
2556 | * |
2557 | * If the user-space manager dies, we'll detect it on our |
2558 | * next upcall, and cleanup the proxy at that point. |
2559 | */ |
2560 | mig_voucher_attr_manager_t proxy; |
2561 | kern_return_t kr; |
2562 | |
2563 | proxy = mvam_alloc(manager); |
2564 | |
2565 | kr = ipc_register_well_known_mach_voucher_attr_manager(&proxy->mvam_manager, |
2566 | default_value, |
2567 | key, |
2568 | control); |
2569 | if (KERN_SUCCESS != kr) |
2570 | mvam_release(proxy); |
2571 | |
2572 | return kr; |
2573 | #endif |
2574 | } |
2575 | |
2576 | /* |
2577 | * Routine: host_register_mach_voucher_attr_manager |
2578 | * Purpose: |
2579 | * Register the user-space resource manager and return a |
2580 | * dynamically allocated key. |
2581 | * Conditions: |
2582 | * Wrap the supplied port with the MIG proxy ipc |
2583 | * voucher resource manager, and then call the internal |
2584 | * variant. |
2585 | */ |
2586 | kern_return_t |
2587 | host_register_mach_voucher_attr_manager( |
2588 | host_t host, |
2589 | mach_voucher_attr_manager_t __unused manager, |
2590 | mach_voucher_attr_value_handle_t __unused default_value, |
2591 | mach_voucher_attr_key_t __unused *key, |
2592 | ipc_voucher_attr_control_t __unused *control) |
2593 | { |
2594 | if (HOST_NULL == host) |
2595 | return KERN_INVALID_HOST; |
2596 | |
2597 | return KERN_NOT_SUPPORTED; |
2598 | } |
2599 | |
2600 | /* |
2601 | * Routine: ipc_get_pthpriority_from_kmsg_voucher |
2602 | * Purpose: |
2603 | * Get the canonicalized pthread priority from the voucher attached in the kmsg. |
2604 | */ |
2605 | kern_return_t |
2606 | ipc_get_pthpriority_from_kmsg_voucher( |
2607 | ipc_kmsg_t kmsg, |
2608 | ipc_pthread_priority_value_t *canonicalize_priority_value) |
2609 | { |
2610 | ipc_voucher_t pthread_priority_voucher; |
2611 | mach_voucher_attr_raw_recipe_size_t content_size = |
2612 | sizeof(mach_voucher_attr_recipe_data_t) + sizeof(ipc_pthread_priority_value_t); |
2613 | uint8_t content_data[content_size]; |
2614 | mach_voucher_attr_recipe_t cur_content; |
2615 | kern_return_t kr = KERN_SUCCESS; |
2616 | |
2617 | if (!IP_VALID(kmsg->ikm_voucher)) { |
2618 | return KERN_FAILURE; |
2619 | } |
2620 | |
2621 | pthread_priority_voucher = (ipc_voucher_t)kmsg->ikm_voucher->ip_kobject; |
2622 | kr = mach_voucher_extract_attr_recipe(pthread_priority_voucher, |
2623 | MACH_VOUCHER_ATTR_KEY_PTHPRIORITY, |
2624 | content_data, |
2625 | &content_size); |
2626 | if (kr != KERN_SUCCESS) { |
2627 | return kr; |
2628 | } |
2629 | |
2630 | /* return KERN_INVALID_VALUE for default value */ |
2631 | if (content_size < sizeof(mach_voucher_attr_recipe_t)) { |
2632 | return KERN_INVALID_VALUE; |
2633 | } |
2634 | |
2635 | cur_content = (mach_voucher_attr_recipe_t) (void *) &content_data[0]; |
2636 | assert(cur_content->content_size == sizeof(ipc_pthread_priority_value_t)); |
2637 | memcpy(canonicalize_priority_value, cur_content->content, sizeof(ipc_pthread_priority_value_t)); |
2638 | |
2639 | return KERN_SUCCESS; |
2640 | } |
2641 | |
2642 | |
2643 | /* |
2644 | * Routine: ipc_voucher_send_preprocessing |
2645 | * Purpose: |
2646 | * Processing of the voucher in the kmsg before sending it. |
2647 | * Currently use to switch PERSONA_TOKEN in case of process with |
2648 | * no com.apple.private.personas.propagate entitlement. |
2649 | */ |
2650 | void |
2651 | ipc_voucher_send_preprocessing(ipc_kmsg_t kmsg) |
2652 | { |
2653 | uint8_t recipes[(MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN + 1) * sizeof(ipc_voucher_attr_recipe_data_t)]; |
2654 | ipc_voucher_attr_raw_recipe_array_size_t recipe_size = (MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN + 1) * |
2655 | sizeof(ipc_voucher_attr_recipe_data_t); |
2656 | ipc_voucher_t pre_processed_voucher; |
2657 | ipc_voucher_t voucher_to_send; |
2658 | kern_return_t kr; |
2659 | int need_preprocessing = FALSE; |
2660 | |
2661 | if (!IP_VALID(kmsg->ikm_voucher) || current_task() == kernel_task) { |
2662 | return; |
2663 | } |
2664 | |
2665 | /* setup recipe for preprocessing of all the attributes. */ |
2666 | pre_processed_voucher = (ipc_voucher_t)kmsg->ikm_voucher->ip_kobject; |
2667 | |
2668 | kr = ipc_voucher_prepare_processing_recipe(pre_processed_voucher, |
2669 | (mach_voucher_attr_raw_recipe_array_t)recipes, |
2670 | &recipe_size, MACH_VOUCHER_ATTR_SEND_PREPROCESS, |
2671 | IVAM_FLAGS_SUPPORT_SEND_PREPROCESS, &need_preprocessing); |
2672 | |
2673 | assert(KERN_SUCCESS == kr); |
2674 | /* |
2675 | * Only do send preprocessing if the voucher needs any pre processing. |
2676 | */ |
2677 | if (need_preprocessing) { |
2678 | kr = ipc_create_mach_voucher(recipes, |
2679 | recipe_size, |
2680 | &voucher_to_send); |
2681 | assert(KERN_SUCCESS == kr); |
2682 | ipc_port_release_send(kmsg->ikm_voucher); |
2683 | kmsg->ikm_voucher = convert_voucher_to_port(voucher_to_send); |
2684 | } |
2685 | } |
2686 | |
2687 | /* |
2688 | * Routine: ipc_voucher_receive_postprocessing |
2689 | * Purpose: |
2690 | * Redeems the voucher attached to the kmsg. |
2691 | * Note: |
2692 | * Although it is possible to call ipc_importance_receive |
2693 | * here, it is called in mach_msg_receive_results and not here |
2694 | * in order to maintain symmetry with ipc_voucher_send_preprocessing. |
2695 | */ |
2696 | void |
2697 | ipc_voucher_receive_postprocessing( |
2698 | ipc_kmsg_t kmsg, |
2699 | mach_msg_option_t option) |
2700 | { |
2701 | uint8_t recipes[(MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN + 1) * sizeof(ipc_voucher_attr_recipe_data_t)]; |
2702 | ipc_voucher_attr_raw_recipe_array_size_t recipe_size = (MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN + 1) * |
2703 | sizeof(ipc_voucher_attr_recipe_data_t); |
2704 | ipc_voucher_t recv_voucher; |
2705 | ipc_voucher_t sent_voucher; |
2706 | kern_return_t kr; |
2707 | int need_postprocessing = FALSE; |
2708 | |
2709 | if ((option & MACH_RCV_VOUCHER) == 0 || (!IP_VALID(kmsg->ikm_voucher)) || |
2710 | current_task() == kernel_task) { |
2711 | return; |
2712 | } |
2713 | |
2714 | /* setup recipe for auto redeem of all the attributes. */ |
2715 | sent_voucher = (ipc_voucher_t)kmsg->ikm_voucher->ip_kobject; |
2716 | |
2717 | kr = ipc_voucher_prepare_processing_recipe(sent_voucher, |
2718 | (mach_voucher_attr_raw_recipe_array_t)recipes, |
2719 | &recipe_size, MACH_VOUCHER_ATTR_AUTO_REDEEM, |
2720 | IVAM_FLAGS_SUPPORT_RECEIVE_POSTPROCESS, &need_postprocessing); |
2721 | |
2722 | assert(KERN_SUCCESS == kr); |
2723 | |
2724 | /* |
2725 | * Only do receive postprocessing if the voucher needs any post processing. |
2726 | */ |
2727 | if (need_postprocessing) { |
2728 | kr = ipc_create_mach_voucher(recipes, |
2729 | recipe_size, |
2730 | &recv_voucher); |
2731 | assert(KERN_SUCCESS == kr); |
2732 | /* swap the voucher port (and set voucher bits in case it didn't already exist) */ |
2733 | kmsg->ikm_header->msgh_bits |= (MACH_MSG_TYPE_MOVE_SEND << 16); |
2734 | ipc_port_release_send(kmsg->ikm_voucher); |
2735 | kmsg->ikm_voucher = convert_voucher_to_port(recv_voucher); |
2736 | } |
2737 | } |
2738 | |
2739 | /* |
2740 | * Routine: ipc_voucher_prepare_processing_recipe |
2741 | * Purpose: |
2742 | * Check if the given voucher has an attribute which supports |
2743 | * the given flag and prepare a recipe to apply that supported |
2744 | * command. |
2745 | */ |
2746 | static kern_return_t |
2747 | ipc_voucher_prepare_processing_recipe( |
2748 | ipc_voucher_t voucher, |
2749 | ipc_voucher_attr_raw_recipe_array_t recipes, |
2750 | ipc_voucher_attr_raw_recipe_array_size_t *in_out_size, |
2751 | mach_voucher_attr_recipe_command_t command, |
2752 | ipc_voucher_attr_manager_flags flags, |
2753 | int *need_processing) |
2754 | { |
2755 | ipc_voucher_attr_raw_recipe_array_size_t recipe_size = *in_out_size; |
2756 | ipc_voucher_attr_raw_recipe_array_size_t recipe_used = 0; |
2757 | iv_index_t key_index; |
2758 | ipc_voucher_attr_recipe_t recipe; |
2759 | |
2760 | if (IV_NULL == voucher) |
2761 | return KERN_INVALID_ARGUMENT; |
2762 | |
2763 | /* Setup a recipe to copy all attributes. */ |
2764 | if (recipe_size < sizeof(*recipe)) |
2765 | return KERN_NO_SPACE; |
2766 | |
2767 | *need_processing = FALSE; |
2768 | recipe = (ipc_voucher_attr_recipe_t)(void *)&recipes[recipe_used]; |
2769 | recipe->key = MACH_VOUCHER_ATTR_KEY_ALL; |
2770 | recipe->command = MACH_VOUCHER_ATTR_COPY; |
2771 | recipe->previous_voucher = voucher; |
2772 | recipe->content_size = 0; |
2773 | recipe_used += sizeof(*recipe) + recipe->content_size; |
2774 | |
2775 | for (key_index = 0; key_index < voucher->iv_table_size; key_index++) { |
2776 | ipc_voucher_attr_manager_t manager; |
2777 | mach_voucher_attr_key_t key; |
2778 | iv_index_t value_index; |
2779 | |
2780 | /* don't output anything for a default value */ |
2781 | value_index = iv_lookup(voucher, key_index); |
2782 | if (IV_UNUSED_VALINDEX == value_index) |
2783 | continue; |
2784 | |
2785 | if (recipe_size - recipe_used < sizeof(*recipe)) |
2786 | return KERN_NO_SPACE; |
2787 | |
2788 | recipe = (ipc_voucher_attr_recipe_t)(void *)&recipes[recipe_used]; |
2789 | |
2790 | /* |
2791 | * Get the manager for this key_index. The |
2792 | * existence of a non-default value for this |
2793 | * slot within our voucher will keep the |
2794 | * manager referenced during the callout. |
2795 | */ |
2796 | ivgt_lookup(key_index, FALSE, &manager, NULL); |
2797 | assert(IVAM_NULL != manager); |
2798 | if (IVAM_NULL == manager) { |
2799 | continue; |
2800 | } |
2801 | |
2802 | /* Check if the supported flag is set in the manager */ |
2803 | if ((manager->ivam_flags & flags) == 0) |
2804 | continue; |
2805 | |
2806 | key = iv_index_to_key(key_index); |
2807 | |
2808 | recipe->key = key; |
2809 | recipe->command = command; |
2810 | recipe->content_size = 0; |
2811 | recipe->previous_voucher = voucher; |
2812 | |
2813 | recipe_used += sizeof(*recipe) + recipe->content_size; |
2814 | *need_processing = TRUE; |
2815 | } |
2816 | |
2817 | *in_out_size = recipe_used; |
2818 | return KERN_SUCCESS; |
2819 | } |
2820 | |
2821 | /* |
2822 | * Activity id Generation |
2823 | */ |
2824 | uint64_t voucher_activity_id; |
2825 | |
2826 | #define generate_activity_id(x) \ |
2827 | ((uint64_t)OSAddAtomic64((x), (int64_t *)&voucher_activity_id)) |
2828 | |
2829 | /* |
2830 | * Routine: mach_init_activity_id |
2831 | * Purpose: |
2832 | * Initialize voucher activity id. |
2833 | */ |
2834 | void |
2835 | mach_init_activity_id(void) |
2836 | { |
2837 | voucher_activity_id = 1; |
2838 | } |
2839 | |
2840 | /* |
2841 | * Routine: mach_generate_activity_id |
2842 | * Purpose: |
2843 | * Generate a system wide voucher activity id. |
2844 | */ |
2845 | kern_return_t |
2846 | mach_generate_activity_id( |
2847 | struct mach_generate_activity_id_args *args) |
2848 | { |
2849 | uint64_t activity_id; |
2850 | kern_return_t kr = KERN_SUCCESS; |
2851 | |
2852 | if (args->count <= 0 || args->count > MACH_ACTIVITY_ID_COUNT_MAX) { |
2853 | return KERN_INVALID_ARGUMENT; |
2854 | } |
2855 | |
2856 | activity_id = generate_activity_id(args->count); |
2857 | kr = copyout(&activity_id, args->activity_id, sizeof (activity_id)); |
2858 | |
2859 | return (kr); |
2860 | } |
2861 | |
2862 | #if defined(MACH_VOUCHER_ATTR_KEY_USER_DATA) || defined(MACH_VOUCHER_ATTR_KEY_TEST) |
2863 | |
2864 | /* |
2865 | * Build-in a simple User Data Resource Manager |
2866 | */ |
2867 | #define USER_DATA_MAX_DATA (16*1024) |
2868 | |
2869 | struct user_data_value_element { |
2870 | mach_voucher_attr_value_reference_t e_made; |
2871 | mach_voucher_attr_content_size_t e_size; |
2872 | iv_index_t e_sum; |
2873 | iv_index_t e_hash; |
2874 | queue_chain_t e_hash_link; |
2875 | uint8_t e_data[]; |
2876 | }; |
2877 | |
2878 | typedef struct user_data_value_element *user_data_element_t; |
2879 | |
2880 | /* |
2881 | * User Data Voucher Hash Table |
2882 | */ |
2883 | #define USER_DATA_HASH_BUCKETS 127 |
2884 | #define USER_DATA_HASH_BUCKET(x) ((x) % USER_DATA_HASH_BUCKETS) |
2885 | |
2886 | static queue_head_t user_data_bucket[USER_DATA_HASH_BUCKETS]; |
2887 | static lck_spin_t user_data_lock_data; |
2888 | |
2889 | #define user_data_lock_init() \ |
2890 | lck_spin_init(&user_data_lock_data, &ipc_lck_grp, &ipc_lck_attr) |
2891 | #define user_data_lock_destroy() \ |
2892 | lck_spin_destroy(&user_data_lock_data, &ipc_lck_grp) |
2893 | #define user_data_lock() \ |
2894 | lck_spin_lock(&user_data_lock_data) |
2895 | #define user_data_lock_try() \ |
2896 | lck_spin_try_lock(&user_data_lock_data) |
2897 | #define user_data_unlock() \ |
2898 | lck_spin_unlock(&user_data_lock_data) |
2899 | |
2900 | static kern_return_t |
2901 | user_data_release_value( |
2902 | ipc_voucher_attr_manager_t manager, |
2903 | mach_voucher_attr_key_t key, |
2904 | mach_voucher_attr_value_handle_t value, |
2905 | mach_voucher_attr_value_reference_t sync); |
2906 | |
2907 | static kern_return_t |
2908 | user_data_get_value( |
2909 | ipc_voucher_attr_manager_t manager, |
2910 | mach_voucher_attr_key_t key, |
2911 | mach_voucher_attr_recipe_command_t command, |
2912 | mach_voucher_attr_value_handle_array_t prev_values, |
2913 | mach_voucher_attr_value_handle_array_size_t prev_value_count, |
2914 | mach_voucher_attr_content_t content, |
2915 | mach_voucher_attr_content_size_t content_size, |
2916 | mach_voucher_attr_value_handle_t *out_value, |
2917 | mach_voucher_attr_value_flags_t *out_flags, |
2918 | ipc_voucher_t *out_value_voucher); |
2919 | |
2920 | static kern_return_t |
2921 | user_data_extract_content( |
2922 | ipc_voucher_attr_manager_t manager, |
2923 | mach_voucher_attr_key_t key, |
2924 | mach_voucher_attr_value_handle_array_t values, |
2925 | mach_voucher_attr_value_handle_array_size_t value_count, |
2926 | mach_voucher_attr_recipe_command_t *out_command, |
2927 | mach_voucher_attr_content_t out_content, |
2928 | mach_voucher_attr_content_size_t *in_out_content_size); |
2929 | |
2930 | static kern_return_t |
2931 | user_data_command( |
2932 | ipc_voucher_attr_manager_t manager, |
2933 | mach_voucher_attr_key_t key, |
2934 | mach_voucher_attr_value_handle_array_t values, |
2935 | mach_msg_type_number_t value_count, |
2936 | mach_voucher_attr_command_t command, |
2937 | mach_voucher_attr_content_t in_content, |
2938 | mach_voucher_attr_content_size_t in_content_size, |
2939 | mach_voucher_attr_content_t out_content, |
2940 | mach_voucher_attr_content_size_t *out_content_size); |
2941 | |
2942 | static void |
2943 | user_data_release( |
2944 | ipc_voucher_attr_manager_t manager); |
2945 | |
2946 | struct ipc_voucher_attr_manager user_data_manager = { |
2947 | .ivam_release_value = user_data_release_value, |
2948 | .ivam_get_value = user_data_get_value, |
2949 | .ivam_extract_content = user_data_extract_content, |
2950 | .ivam_command = user_data_command, |
2951 | .ivam_release = user_data_release, |
2952 | .ivam_flags = IVAM_FLAGS_NONE, |
2953 | }; |
2954 | |
2955 | ipc_voucher_attr_control_t user_data_control; |
2956 | ipc_voucher_attr_control_t test_control; |
2957 | |
2958 | #if defined(MACH_VOUCHER_ATTR_KEY_USER_DATA) && defined(MACH_VOUCHER_ATTR_KEY_TEST) |
2959 | #define USER_DATA_ASSERT_KEY(key) \ |
2960 | assert(MACH_VOUCHER_ATTR_KEY_USER_DATA == (key) || \ |
2961 | MACH_VOUCHER_ATTR_KEY_TEST == (key)); |
2962 | #elif defined(MACH_VOUCHER_ATTR_KEY_USER_DATA) |
2963 | #define USER_DATA_ASSERT_KEY(key) assert(MACH_VOUCHER_ATTR_KEY_USER_DATA == (key)) |
2964 | #else |
2965 | #define USER_DATA_ASSERT_KEY(key) assert(MACH_VOUCHER_ATTR_KEY_TEST == (key)) |
2966 | #endif |
2967 | |
2968 | /* |
2969 | * Routine: user_data_release_value |
2970 | * Purpose: |
2971 | * Release a made reference on a specific value managed by |
2972 | * this voucher attribute manager. |
2973 | * Conditions: |
2974 | * Must remove the element associated with this value from |
2975 | * the hash if this is the last know made reference. |
2976 | */ |
2977 | static kern_return_t |
2978 | user_data_release_value( |
2979 | ipc_voucher_attr_manager_t __assert_only manager, |
2980 | mach_voucher_attr_key_t __assert_only key, |
2981 | mach_voucher_attr_value_handle_t value, |
2982 | mach_voucher_attr_value_reference_t sync) |
2983 | { |
2984 | user_data_element_t elem; |
2985 | iv_index_t hash; |
2986 | |
2987 | assert (&user_data_manager == manager); |
2988 | USER_DATA_ASSERT_KEY(key); |
2989 | |
2990 | elem = (user_data_element_t)value; |
2991 | hash = elem->e_hash; |
2992 | |
2993 | user_data_lock(); |
2994 | if (sync == elem->e_made) { |
2995 | queue_remove(&user_data_bucket[hash], elem, user_data_element_t, e_hash_link); |
2996 | user_data_unlock(); |
2997 | kfree(elem, sizeof(*elem) + elem->e_size); |
2998 | return KERN_SUCCESS; |
2999 | } |
3000 | assert(sync < elem->e_made); |
3001 | user_data_unlock(); |
3002 | |
3003 | return KERN_FAILURE; |
3004 | } |
3005 | |
3006 | /* |
3007 | * Routine: user_data_checksum |
3008 | * Purpose: |
3009 | * Provide a rudimentary checksum for the data presented |
3010 | * to these voucher attribute managers. |
3011 | */ |
3012 | static iv_index_t |
3013 | user_data_checksum( |
3014 | mach_voucher_attr_content_t content, |
3015 | mach_voucher_attr_content_size_t content_size) |
3016 | { |
3017 | mach_voucher_attr_content_size_t i; |
3018 | iv_index_t cksum = 0; |
3019 | |
3020 | for(i = 0; i < content_size; i++, content++) { |
3021 | cksum = (cksum << 8) ^ (cksum + *(unsigned char *)content); |
3022 | } |
3023 | |
3024 | return (~cksum); |
3025 | } |
3026 | |
3027 | /* |
3028 | * Routine: user_data_dedup |
3029 | * Purpose: |
3030 | * See if the content represented by this request already exists |
3031 | * in another user data element. If so return a made reference |
3032 | * to the existing element. Otherwise, create a new element and |
3033 | * return that (after inserting it in the hash). |
3034 | * Conditions: |
3035 | * Nothing locked. |
3036 | * Returns: |
3037 | * A made reference on the user_data_element_t |
3038 | */ |
3039 | static user_data_element_t |
3040 | user_data_dedup( |
3041 | mach_voucher_attr_content_t content, |
3042 | mach_voucher_attr_content_size_t content_size) |
3043 | { |
3044 | iv_index_t sum; |
3045 | iv_index_t hash; |
3046 | user_data_element_t elem; |
3047 | user_data_element_t alloc = NULL; |
3048 | |
3049 | sum = user_data_checksum(content, content_size); |
3050 | hash = USER_DATA_HASH_BUCKET(sum); |
3051 | |
3052 | retry: |
3053 | user_data_lock(); |
3054 | queue_iterate(&user_data_bucket[hash], elem, user_data_element_t, e_hash_link) { |
3055 | assert(elem->e_hash == hash); |
3056 | |
3057 | /* if sums match... */ |
3058 | if (elem->e_sum == sum && elem->e_size == content_size) { |
3059 | iv_index_t i; |
3060 | |
3061 | /* and all data matches */ |
3062 | for (i = 0; i < content_size; i++) |
3063 | if (elem->e_data[i] != content[i]) |
3064 | break; |
3065 | if (i < content_size) |
3066 | continue; |
3067 | |
3068 | /* ... we found a match... */ |
3069 | |
3070 | elem->e_made++; |
3071 | user_data_unlock(); |
3072 | |
3073 | if (NULL != alloc) |
3074 | kfree(alloc, sizeof(*alloc) + content_size); |
3075 | |
3076 | return elem; |
3077 | } |
3078 | } |
3079 | |
3080 | if (NULL == alloc) { |
3081 | user_data_unlock(); |
3082 | |
3083 | alloc = (user_data_element_t)kalloc(sizeof(*alloc) + content_size); |
3084 | alloc->e_made = 1; |
3085 | alloc->e_size = content_size; |
3086 | alloc->e_sum = sum; |
3087 | alloc->e_hash = hash; |
3088 | memcpy(alloc->e_data, content, content_size); |
3089 | goto retry; |
3090 | } |
3091 | |
3092 | queue_enter(&user_data_bucket[hash], alloc, user_data_element_t, e_hash_link); |
3093 | user_data_unlock(); |
3094 | |
3095 | return alloc; |
3096 | } |
3097 | |
3098 | static kern_return_t |
3099 | user_data_get_value( |
3100 | ipc_voucher_attr_manager_t __assert_only manager, |
3101 | mach_voucher_attr_key_t __assert_only key, |
3102 | mach_voucher_attr_recipe_command_t command, |
3103 | mach_voucher_attr_value_handle_array_t prev_values, |
3104 | mach_voucher_attr_value_handle_array_size_t prev_value_count, |
3105 | mach_voucher_attr_content_t content, |
3106 | mach_voucher_attr_content_size_t content_size, |
3107 | mach_voucher_attr_value_handle_t *out_value, |
3108 | mach_voucher_attr_value_flags_t *out_flags, |
3109 | ipc_voucher_t *out_value_voucher) |
3110 | { |
3111 | user_data_element_t elem; |
3112 | |
3113 | assert (&user_data_manager == manager); |
3114 | USER_DATA_ASSERT_KEY(key); |
3115 | |
3116 | /* never an out voucher */ |
3117 | *out_value_voucher = IPC_VOUCHER_NULL; |
3118 | *out_flags = MACH_VOUCHER_ATTR_VALUE_FLAGS_NONE; |
3119 | |
3120 | switch (command) { |
3121 | |
3122 | case MACH_VOUCHER_ATTR_REDEEM: |
3123 | |
3124 | /* redeem of previous values is the value */ |
3125 | if (0 < prev_value_count) { |
3126 | elem = (user_data_element_t)prev_values[0]; |
3127 | assert(0 < elem->e_made); |
3128 | elem->e_made++; |
3129 | *out_value = prev_values[0]; |
3130 | return KERN_SUCCESS; |
3131 | } |
3132 | |
3133 | /* redeem of default is default */ |
3134 | *out_value = 0; |
3135 | return KERN_SUCCESS; |
3136 | |
3137 | case MACH_VOUCHER_ATTR_USER_DATA_STORE: |
3138 | if (USER_DATA_MAX_DATA < content_size) |
3139 | return KERN_RESOURCE_SHORTAGE; |
3140 | |
3141 | /* empty is the default */ |
3142 | if (0 == content_size) { |
3143 | *out_value = 0; |
3144 | return KERN_SUCCESS; |
3145 | } |
3146 | |
3147 | elem = user_data_dedup(content, content_size); |
3148 | *out_value = (mach_voucher_attr_value_handle_t)elem; |
3149 | return KERN_SUCCESS; |
3150 | |
3151 | default: |
3152 | /* every other command is unknown */ |
3153 | return KERN_INVALID_ARGUMENT; |
3154 | } |
3155 | } |
3156 | |
3157 | static kern_return_t |
3158 | ( |
3159 | ipc_voucher_attr_manager_t __assert_only manager, |
3160 | mach_voucher_attr_key_t __assert_only key, |
3161 | mach_voucher_attr_value_handle_array_t values, |
3162 | mach_voucher_attr_value_handle_array_size_t value_count, |
3163 | mach_voucher_attr_recipe_command_t *out_command, |
3164 | mach_voucher_attr_content_t out_content, |
3165 | mach_voucher_attr_content_size_t *in_out_content_size) |
3166 | { |
3167 | mach_voucher_attr_content_size_t size = 0; |
3168 | user_data_element_t elem; |
3169 | unsigned int i; |
3170 | |
3171 | assert (&user_data_manager == manager); |
3172 | USER_DATA_ASSERT_KEY(key); |
3173 | |
3174 | /* concatenate the stored data items */ |
3175 | for (i = 0; i < value_count ; i++) { |
3176 | elem = (user_data_element_t)values[i]; |
3177 | assert(USER_DATA_MAX_DATA >= elem->e_size); |
3178 | |
3179 | if (size + elem->e_size > *in_out_content_size) |
3180 | return KERN_NO_SPACE; |
3181 | |
3182 | memcpy(&out_content[size], elem->e_data, elem->e_size); |
3183 | size += elem->e_size; |
3184 | } |
3185 | *out_command = MACH_VOUCHER_ATTR_BITS_STORE; |
3186 | *in_out_content_size = size; |
3187 | return KERN_SUCCESS; |
3188 | } |
3189 | |
3190 | static kern_return_t |
3191 | user_data_command( |
3192 | ipc_voucher_attr_manager_t __assert_only manager, |
3193 | mach_voucher_attr_key_t __assert_only key, |
3194 | mach_voucher_attr_value_handle_array_t __unused values, |
3195 | mach_msg_type_number_t __unused value_count, |
3196 | mach_voucher_attr_command_t __unused command, |
3197 | mach_voucher_attr_content_t __unused in_content, |
3198 | mach_voucher_attr_content_size_t __unused in_content_size, |
3199 | mach_voucher_attr_content_t __unused out_content, |
3200 | mach_voucher_attr_content_size_t __unused *out_content_size) |
3201 | { |
3202 | assert (&user_data_manager == manager); |
3203 | USER_DATA_ASSERT_KEY(key); |
3204 | return KERN_FAILURE; |
3205 | } |
3206 | |
3207 | static void |
3208 | user_data_release( |
3209 | ipc_voucher_attr_manager_t manager) |
3210 | { |
3211 | if (manager != &user_data_manager) |
3212 | return; |
3213 | |
3214 | panic("Voucher user-data manager released" ); |
3215 | } |
3216 | |
3217 | static int user_data_manager_inited = 0; |
3218 | |
3219 | void |
3220 | user_data_attr_manager_init() |
3221 | { |
3222 | kern_return_t kr; |
3223 | |
3224 | #if defined(MACH_VOUCHER_ATTR_KEY_USER_DATA) |
3225 | if ((user_data_manager_inited & 0x1) != 0x1) { |
3226 | kr = ipc_register_well_known_mach_voucher_attr_manager(&user_data_manager, |
3227 | (mach_voucher_attr_value_handle_t)0, |
3228 | MACH_VOUCHER_ATTR_KEY_USER_DATA, |
3229 | &user_data_control); |
3230 | if (KERN_SUCCESS != kr) |
3231 | printf("Voucher user-data manager register(USER-DATA) returned %d" , kr); |
3232 | else |
3233 | user_data_manager_inited |= 0x1; |
3234 | } |
3235 | #endif |
3236 | #if defined(MACH_VOUCHER_ATTR_KEY_TEST) |
3237 | if ((user_data_manager_inited & 0x2) != 0x2) { |
3238 | kr = ipc_register_well_known_mach_voucher_attr_manager(&user_data_manager, |
3239 | (mach_voucher_attr_value_handle_t)0, |
3240 | MACH_VOUCHER_ATTR_KEY_TEST, |
3241 | &test_control); |
3242 | if (KERN_SUCCESS != kr) |
3243 | printf("Voucher user-data manager register(TEST) returned %d" , kr); |
3244 | else |
3245 | user_data_manager_inited |= 0x2; |
3246 | } |
3247 | #endif |
3248 | #if defined(MACH_VOUCHER_ATTR_KEY_USER_DATA) || defined(MACH_VOUCHER_ATTR_KEY_TEST) |
3249 | int i; |
3250 | |
3251 | for (i=0; i < USER_DATA_HASH_BUCKETS; i++) |
3252 | queue_init(&user_data_bucket[i]); |
3253 | |
3254 | user_data_lock_init(); |
3255 | #endif |
3256 | } |
3257 | |
3258 | #endif /* MACH_DEBUG */ |
3259 | |