| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | /* |
| 29 | * @OSF_COPYRIGHT@ |
| 30 | */ |
| 31 | /* |
| 32 | * Mach Operating System |
| 33 | * Copyright (c) 1991,1990 Carnegie Mellon University |
| 34 | * All Rights Reserved. |
| 35 | * |
| 36 | * Permission to use, copy, modify and distribute this software and its |
| 37 | * documentation is hereby granted, provided that both the copyright |
| 38 | * notice and this permission notice appear in all copies of the |
| 39 | * software, derivative works or modified versions, and any portions |
| 40 | * thereof, and that both notices appear in supporting documentation. |
| 41 | * |
| 42 | * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" |
| 43 | * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR |
| 44 | * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. |
| 45 | * |
| 46 | * Carnegie Mellon requests users of this software to return to |
| 47 | * |
| 48 | * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU |
| 49 | * School of Computer Science |
| 50 | * Carnegie Mellon University |
| 51 | * Pittsburgh PA 15213-3890 |
| 52 | * |
| 53 | * any improvements or extensions that they make and grant Carnegie Mellon |
| 54 | * the rights to redistribute these changes. |
| 55 | */ |
| 56 | /* |
| 57 | */ |
| 58 | |
| 59 | #include <mach/boolean.h> |
| 60 | #include <mach/port.h> |
| 61 | #include <mach/mig.h> |
| 62 | #include <mach/mig_errors.h> |
| 63 | #include <mach/mach_types.h> |
| 64 | #include <mach/mach_traps.h> |
| 65 | |
| 66 | #include <kern/ipc_tt.h> |
| 67 | #include <kern/ipc_mig.h> |
| 68 | #include <kern/kalloc.h> |
| 69 | #include <kern/task.h> |
| 70 | #include <kern/thread.h> |
| 71 | #include <kern/ipc_kobject.h> |
| 72 | #include <kern/misc_protos.h> |
| 73 | |
| 74 | #include <ipc/port.h> |
| 75 | #include <ipc/ipc_kmsg.h> |
| 76 | #include <ipc/ipc_entry.h> |
| 77 | #include <ipc/ipc_object.h> |
| 78 | #include <ipc/ipc_mqueue.h> |
| 79 | #include <ipc/ipc_space.h> |
| 80 | #include <ipc/ipc_port.h> |
| 81 | #include <ipc/ipc_pset.h> |
| 82 | #include <ipc/ipc_notify.h> |
| 83 | #include <vm/vm_map.h> |
| 84 | |
| 85 | #include <libkern/OSAtomic.h> |
| 86 | |
| 87 | void |
| 88 | mach_msg_receive_results_complete(ipc_object_t object); |
| 89 | |
| 90 | /* |
| 91 | * Routine: mach_msg_send_from_kernel |
| 92 | * Purpose: |
| 93 | * Send a message from the kernel. |
| 94 | * |
| 95 | * This is used by the client side of KernelUser interfaces |
| 96 | * to implement SimpleRoutines. Currently, this includes |
| 97 | * memory_object messages. |
| 98 | * Conditions: |
| 99 | * Nothing locked. |
| 100 | * Returns: |
| 101 | * MACH_MSG_SUCCESS Sent the message. |
| 102 | * MACH_SEND_INVALID_DEST Bad destination port. |
| 103 | * MACH_MSG_SEND_NO_BUFFER Destination port had inuse fixed bufer |
| 104 | * or destination is above kernel limit |
| 105 | */ |
| 106 | |
| 107 | #if IKM_SUPPORT_LEGACY |
| 108 | |
| 109 | #undef mach_msg_send_from_kernel |
| 110 | mach_msg_return_t mach_msg_send_from_kernel( |
| 111 | mach_msg_header_t *msg, |
| 112 | mach_msg_size_t send_size); |
| 113 | |
| 114 | mach_msg_return_t |
| 115 | mach_msg_send_from_kernel( |
| 116 | mach_msg_header_t *msg, |
| 117 | mach_msg_size_t send_size) |
| 118 | { |
| 119 | ipc_kmsg_t kmsg; |
| 120 | mach_msg_return_t mr; |
| 121 | |
| 122 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
| 123 | |
| 124 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
| 125 | if (mr != MACH_MSG_SUCCESS) { |
| 126 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 127 | return mr; |
| 128 | } |
| 129 | |
| 130 | mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg); |
| 131 | if (mr != MACH_MSG_SUCCESS) { |
| 132 | ipc_kmsg_free(kmsg); |
| 133 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 134 | return mr; |
| 135 | } |
| 136 | |
| 137 | /* |
| 138 | * respect the thread's SEND_IMPORTANCE option to allow importance |
| 139 | * donation from the kernel-side of user threads |
| 140 | * (11938665 & 23925818) |
| 141 | */ |
| 142 | mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT; |
| 143 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
| 144 | option &= ~MACH_SEND_NOIMPORTANCE; |
| 145 | |
| 146 | mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE); |
| 147 | if (mr != MACH_MSG_SUCCESS) { |
| 148 | ipc_kmsg_destroy(kmsg); |
| 149 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 150 | } |
| 151 | |
| 152 | return mr; |
| 153 | } |
| 154 | |
| 155 | #endif /* IKM_SUPPORT_LEGACY */ |
| 156 | |
| 157 | mach_msg_return_t |
| 158 | mach_msg_send_from_kernel_proper( |
| 159 | mach_msg_header_t *msg, |
| 160 | mach_msg_size_t send_size) |
| 161 | { |
| 162 | ipc_kmsg_t kmsg; |
| 163 | mach_msg_return_t mr; |
| 164 | |
| 165 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
| 166 | |
| 167 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
| 168 | if (mr != MACH_MSG_SUCCESS) { |
| 169 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 170 | return mr; |
| 171 | } |
| 172 | |
| 173 | mr = ipc_kmsg_copyin_from_kernel(kmsg); |
| 174 | if (mr != MACH_MSG_SUCCESS) { |
| 175 | ipc_kmsg_free(kmsg); |
| 176 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 177 | return mr; |
| 178 | } |
| 179 | |
| 180 | /* |
| 181 | * respect the thread's SEND_IMPORTANCE option to force importance |
| 182 | * donation from the kernel-side of user threads |
| 183 | * (11938665 & 23925818) |
| 184 | */ |
| 185 | mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT; |
| 186 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
| 187 | option &= ~MACH_SEND_NOIMPORTANCE; |
| 188 | |
| 189 | mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE); |
| 190 | if (mr != MACH_MSG_SUCCESS) { |
| 191 | ipc_kmsg_destroy(kmsg); |
| 192 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 193 | } |
| 194 | |
| 195 | return mr; |
| 196 | } |
| 197 | |
| 198 | mach_msg_return_t |
| 199 | mach_msg_send_from_kernel_with_options( |
| 200 | mach_msg_header_t *msg, |
| 201 | mach_msg_size_t send_size, |
| 202 | mach_msg_option_t option, |
| 203 | mach_msg_timeout_t timeout_val) |
| 204 | { |
| 205 | ipc_kmsg_t kmsg; |
| 206 | mach_msg_return_t mr; |
| 207 | |
| 208 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
| 209 | |
| 210 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
| 211 | if (mr != MACH_MSG_SUCCESS) { |
| 212 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 213 | return mr; |
| 214 | } |
| 215 | |
| 216 | mr = ipc_kmsg_copyin_from_kernel(kmsg); |
| 217 | if (mr != MACH_MSG_SUCCESS) { |
| 218 | ipc_kmsg_free(kmsg); |
| 219 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 220 | return mr; |
| 221 | } |
| 222 | |
| 223 | /* |
| 224 | * Until we are sure of its effects, we are disabling |
| 225 | * importance donation from the kernel-side of user |
| 226 | * threads in importance-donating tasks - unless the |
| 227 | * option to force importance donation is passed in, |
| 228 | * or the thread's SEND_IMPORTANCE option has been set. |
| 229 | * (11938665 & 23925818) |
| 230 | */ |
| 231 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
| 232 | option &= ~MACH_SEND_NOIMPORTANCE; |
| 233 | else if ((option & MACH_SEND_IMPORTANCE) == 0) |
| 234 | option |= MACH_SEND_NOIMPORTANCE; |
| 235 | |
| 236 | mr = ipc_kmsg_send(kmsg, option, timeout_val); |
| 237 | |
| 238 | if (mr != MACH_MSG_SUCCESS) { |
| 239 | ipc_kmsg_destroy(kmsg); |
| 240 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 241 | } |
| 242 | |
| 243 | return mr; |
| 244 | } |
| 245 | |
| 246 | |
| 247 | #if IKM_SUPPORT_LEGACY |
| 248 | |
| 249 | mach_msg_return_t |
| 250 | mach_msg_send_from_kernel_with_options_legacy( |
| 251 | mach_msg_header_t *msg, |
| 252 | mach_msg_size_t send_size, |
| 253 | mach_msg_option_t option, |
| 254 | mach_msg_timeout_t timeout_val) |
| 255 | { |
| 256 | ipc_kmsg_t kmsg; |
| 257 | mach_msg_return_t mr; |
| 258 | |
| 259 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
| 260 | |
| 261 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
| 262 | if (mr != MACH_MSG_SUCCESS) { |
| 263 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 264 | return mr; |
| 265 | } |
| 266 | |
| 267 | mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg); |
| 268 | if (mr != MACH_MSG_SUCCESS) { |
| 269 | ipc_kmsg_free(kmsg); |
| 270 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 271 | return mr; |
| 272 | } |
| 273 | |
| 274 | /* |
| 275 | * Until we are sure of its effects, we are disabling |
| 276 | * importance donation from the kernel-side of user |
| 277 | * threads in importance-donating tasks. |
| 278 | * (11938665 & 23925818) |
| 279 | */ |
| 280 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
| 281 | option &= ~MACH_SEND_NOIMPORTANCE; |
| 282 | else |
| 283 | option |= MACH_SEND_NOIMPORTANCE; |
| 284 | |
| 285 | mr = ipc_kmsg_send(kmsg, option, timeout_val); |
| 286 | |
| 287 | if (mr != MACH_MSG_SUCCESS) { |
| 288 | ipc_kmsg_destroy(kmsg); |
| 289 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 290 | } |
| 291 | |
| 292 | return mr; |
| 293 | } |
| 294 | |
| 295 | #endif /* IKM_SUPPORT_LEGACY */ |
| 296 | |
| 297 | /* |
| 298 | * Routine: mach_msg_rpc_from_kernel |
| 299 | * Purpose: |
| 300 | * Send a message from the kernel and receive a reply. |
| 301 | * Uses ith_rpc_reply for the reply port. |
| 302 | * |
| 303 | * This is used by the client side of KernelUser interfaces |
| 304 | * to implement Routines. |
| 305 | * Conditions: |
| 306 | * Nothing locked. |
| 307 | * Returns: |
| 308 | * MACH_MSG_SUCCESS Sent the message. |
| 309 | * MACH_RCV_PORT_DIED The reply port was deallocated. |
| 310 | */ |
| 311 | |
| 312 | mach_msg_return_t mach_msg_rpc_from_kernel_body(mach_msg_header_t *msg, |
| 313 | mach_msg_size_t send_size, mach_msg_size_t rcv_size, boolean_t legacy); |
| 314 | |
| 315 | #if IKM_SUPPORT_LEGACY |
| 316 | |
| 317 | #undef mach_msg_rpc_from_kernel |
| 318 | mach_msg_return_t |
| 319 | mach_msg_rpc_from_kernel( |
| 320 | mach_msg_header_t *msg, |
| 321 | mach_msg_size_t send_size, |
| 322 | mach_msg_size_t rcv_size); |
| 323 | |
| 324 | mach_msg_return_t |
| 325 | mach_msg_rpc_from_kernel( |
| 326 | mach_msg_header_t *msg, |
| 327 | mach_msg_size_t send_size, |
| 328 | mach_msg_size_t rcv_size) |
| 329 | { |
| 330 | return mach_msg_rpc_from_kernel_body(msg, send_size, rcv_size, TRUE); |
| 331 | } |
| 332 | |
| 333 | #endif /* IKM_SUPPORT_LEGACY */ |
| 334 | |
| 335 | mach_msg_return_t |
| 336 | mach_msg_rpc_from_kernel_proper( |
| 337 | mach_msg_header_t *msg, |
| 338 | mach_msg_size_t send_size, |
| 339 | mach_msg_size_t rcv_size) |
| 340 | { |
| 341 | return mach_msg_rpc_from_kernel_body(msg, send_size, rcv_size, FALSE); |
| 342 | } |
| 343 | |
| 344 | mach_msg_return_t |
| 345 | mach_msg_rpc_from_kernel_body( |
| 346 | mach_msg_header_t *msg, |
| 347 | mach_msg_size_t send_size, |
| 348 | mach_msg_size_t rcv_size, |
| 349 | #if !IKM_SUPPORT_LEGACY |
| 350 | __unused |
| 351 | #endif |
| 352 | boolean_t legacy) |
| 353 | { |
| 354 | thread_t self = current_thread(); |
| 355 | ipc_port_t reply; |
| 356 | ipc_kmsg_t kmsg; |
| 357 | mach_port_seqno_t seqno; |
| 358 | mach_msg_return_t mr; |
| 359 | |
| 360 | assert(msg->msgh_local_port == MACH_PORT_NULL); |
| 361 | |
| 362 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
| 363 | |
| 364 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
| 365 | if (mr != MACH_MSG_SUCCESS) { |
| 366 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 367 | return mr; |
| 368 | } |
| 369 | |
| 370 | reply = self->ith_rpc_reply; |
| 371 | if (reply == IP_NULL) { |
| 372 | reply = ipc_port_alloc_reply(); |
| 373 | if ((reply == IP_NULL) || |
| 374 | (self->ith_rpc_reply != IP_NULL)) |
| 375 | panic("mach_msg_rpc_from_kernel"); |
| 376 | self->ith_rpc_reply = reply; |
| 377 | } |
| 378 | |
| 379 | /* insert send-once right for the reply port */ |
| 380 | kmsg->ikm_header->msgh_local_port = reply; |
| 381 | kmsg->ikm_header->msgh_bits |= |
| 382 | MACH_MSGH_BITS(0, MACH_MSG_TYPE_MAKE_SEND_ONCE); |
| 383 | |
| 384 | #if IKM_SUPPORT_LEGACY |
| 385 | if(legacy) |
| 386 | mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg); |
| 387 | else |
| 388 | mr = ipc_kmsg_copyin_from_kernel(kmsg); |
| 389 | #else |
| 390 | mr = ipc_kmsg_copyin_from_kernel(kmsg); |
| 391 | #endif |
| 392 | if (mr != MACH_MSG_SUCCESS) { |
| 393 | ipc_kmsg_free(kmsg); |
| 394 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 395 | return mr; |
| 396 | } |
| 397 | |
| 398 | /* |
| 399 | * respect the thread's SEND_IMPORTANCE option to force importance |
| 400 | * donation from the kernel-side of user threads |
| 401 | * (11938665 & 23925818) |
| 402 | */ |
| 403 | mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT; |
| 404 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
| 405 | option &= ~MACH_SEND_NOIMPORTANCE; |
| 406 | |
| 407 | mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE); |
| 408 | if (mr != MACH_MSG_SUCCESS) { |
| 409 | ipc_kmsg_destroy(kmsg); |
| 410 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 411 | return mr; |
| 412 | } |
| 413 | |
| 414 | for (;;) { |
| 415 | ipc_mqueue_t mqueue; |
| 416 | ipc_object_t object; |
| 417 | |
| 418 | assert(reply->ip_in_pset == 0); |
| 419 | assert(ip_active(reply)); |
| 420 | |
| 421 | /* JMM - why this check? */ |
| 422 | if (!self->active && !self->inspection) { |
| 423 | ipc_port_dealloc_reply(reply); |
| 424 | self->ith_rpc_reply = IP_NULL; |
| 425 | return MACH_RCV_INTERRUPTED; |
| 426 | } |
| 427 | |
| 428 | self->ith_continuation = (void (*)(mach_msg_return_t))0; |
| 429 | |
| 430 | mqueue = &reply->ip_messages; |
| 431 | ipc_mqueue_receive(mqueue, |
| 432 | MACH_MSG_OPTION_NONE, |
| 433 | MACH_MSG_SIZE_MAX, |
| 434 | MACH_MSG_TIMEOUT_NONE, |
| 435 | THREAD_INTERRUPTIBLE); |
| 436 | |
| 437 | mr = self->ith_state; |
| 438 | kmsg = self->ith_kmsg; |
| 439 | seqno = self->ith_seqno; |
| 440 | |
| 441 | __IGNORE_WCASTALIGN(object = (ipc_object_t) reply); |
| 442 | mach_msg_receive_results_complete(object); |
| 443 | |
| 444 | if (mr == MACH_MSG_SUCCESS) |
| 445 | { |
| 446 | break; |
| 447 | } |
| 448 | |
| 449 | assert(mr == MACH_RCV_INTERRUPTED); |
| 450 | |
| 451 | assert(reply == self->ith_rpc_reply); |
| 452 | |
| 453 | if (self->ast & AST_APC) { |
| 454 | ipc_port_dealloc_reply(reply); |
| 455 | self->ith_rpc_reply = IP_NULL; |
| 456 | return(mr); |
| 457 | } |
| 458 | } |
| 459 | |
| 460 | /* |
| 461 | * Check to see how much of the message/trailer can be received. |
| 462 | * We chose the maximum trailer that will fit, since we don't |
| 463 | * have options telling us which trailer elements the caller needed. |
| 464 | */ |
| 465 | if (rcv_size >= kmsg->ikm_header->msgh_size) { |
| 466 | mach_msg_format_0_trailer_t *trailer = (mach_msg_format_0_trailer_t *) |
| 467 | ((vm_offset_t)kmsg->ikm_header + kmsg->ikm_header->msgh_size); |
| 468 | |
| 469 | if (rcv_size >= kmsg->ikm_header->msgh_size + MAX_TRAILER_SIZE) { |
| 470 | /* Enough room for a maximum trailer */ |
| 471 | trailer->msgh_trailer_size = MAX_TRAILER_SIZE; |
| 472 | } |
| 473 | else if (rcv_size < kmsg->ikm_header->msgh_size + |
| 474 | trailer->msgh_trailer_size) { |
| 475 | /* no room for even the basic (default) trailer */ |
| 476 | trailer->msgh_trailer_size = 0; |
| 477 | } |
| 478 | assert(trailer->msgh_trailer_type == MACH_MSG_TRAILER_FORMAT_0); |
| 479 | rcv_size = kmsg->ikm_header->msgh_size + trailer->msgh_trailer_size; |
| 480 | mr = MACH_MSG_SUCCESS; |
| 481 | } else { |
| 482 | mr = MACH_RCV_TOO_LARGE; |
| 483 | } |
| 484 | |
| 485 | |
| 486 | /* |
| 487 | * We want to preserve rights and memory in reply! |
| 488 | * We don't have to put them anywhere; just leave them |
| 489 | * as they are. |
| 490 | */ |
| 491 | #if IKM_SUPPORT_LEGACY |
| 492 | if(legacy) |
| 493 | ipc_kmsg_copyout_to_kernel_legacy(kmsg, ipc_space_reply); |
| 494 | else |
| 495 | ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply); |
| 496 | #else |
| 497 | ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply); |
| 498 | #endif |
| 499 | ipc_kmsg_put_to_kernel(msg, kmsg, rcv_size); |
| 500 | return mr; |
| 501 | } |
| 502 | |
| 503 | |
| 504 | /************** These Calls are set up for kernel-loaded tasks/threads **************/ |
| 505 | |
| 506 | /* |
| 507 | * Routine: mach_msg_overwrite |
| 508 | * Purpose: |
| 509 | * Like mach_msg_overwrite_trap except that message buffers |
| 510 | * live in kernel space. Doesn't handle any options. |
| 511 | * |
| 512 | * This is used by in-kernel server threads to make |
| 513 | * kernel calls, to receive request messages, and |
| 514 | * to send reply messages. |
| 515 | * Conditions: |
| 516 | * Nothing locked. |
| 517 | * Returns: |
| 518 | */ |
| 519 | |
| 520 | mach_msg_return_t |
| 521 | mach_msg_overwrite( |
| 522 | mach_msg_header_t *msg, |
| 523 | mach_msg_option_t option, |
| 524 | mach_msg_size_t send_size, |
| 525 | mach_msg_size_t rcv_size, |
| 526 | mach_port_name_t rcv_name, |
| 527 | __unused mach_msg_timeout_t msg_timeout, |
| 528 | mach_msg_priority_t override, |
| 529 | __unused mach_msg_header_t *rcv_msg, |
| 530 | __unused mach_msg_size_t rcv_msg_size) |
| 531 | { |
| 532 | ipc_space_t space = current_space(); |
| 533 | vm_map_t map = current_map(); |
| 534 | ipc_kmsg_t kmsg; |
| 535 | mach_port_seqno_t seqno; |
| 536 | mach_msg_return_t mr; |
| 537 | mach_msg_trailer_size_t trailer_size; |
| 538 | |
| 539 | if (option & MACH_SEND_MSG) { |
| 540 | mach_msg_size_t msg_and_trailer_size; |
| 541 | mach_msg_max_trailer_t *max_trailer; |
| 542 | |
| 543 | if ((send_size & 3) || |
| 544 | send_size < sizeof(mach_msg_header_t) || |
| 545 | (send_size < sizeof(mach_msg_body_t) && (msg->msgh_bits & MACH_MSGH_BITS_COMPLEX))) |
| 546 | return MACH_SEND_MSG_TOO_SMALL; |
| 547 | |
| 548 | if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE) |
| 549 | return MACH_SEND_TOO_LARGE; |
| 550 | |
| 551 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
| 552 | |
| 553 | msg_and_trailer_size = send_size + MAX_TRAILER_SIZE; |
| 554 | kmsg = ipc_kmsg_alloc(msg_and_trailer_size); |
| 555 | |
| 556 | if (kmsg == IKM_NULL) { |
| 557 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, MACH_SEND_NO_BUFFER); |
| 558 | return MACH_SEND_NO_BUFFER; |
| 559 | } |
| 560 | |
| 561 | KERNEL_DEBUG_CONSTANT(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_LINK) | DBG_FUNC_NONE, |
| 562 | (uintptr_t)0, /* this should only be called from the kernel! */ |
| 563 | VM_KERNEL_ADDRPERM((uintptr_t)kmsg), |
| 564 | 0, 0, |
| 565 | 0); |
| 566 | (void) memcpy((void *) kmsg->ikm_header, (const void *) msg, send_size); |
| 567 | |
| 568 | kmsg->ikm_header->msgh_size = send_size; |
| 569 | |
| 570 | /* |
| 571 | * Reserve for the trailer the largest space (MAX_TRAILER_SIZE) |
| 572 | * However, the internal size field of the trailer (msgh_trailer_size) |
| 573 | * is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize |
| 574 | * the cases where no implicit data is requested. |
| 575 | */ |
| 576 | max_trailer = (mach_msg_max_trailer_t *) ((vm_offset_t)kmsg->ikm_header + send_size); |
| 577 | max_trailer->msgh_sender = current_thread()->task->sec_token; |
| 578 | max_trailer->msgh_audit = current_thread()->task->audit_token; |
| 579 | max_trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0; |
| 580 | max_trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE; |
| 581 | |
| 582 | mr = ipc_kmsg_copyin(kmsg, space, map, override, &option); |
| 583 | |
| 584 | if (mr != MACH_MSG_SUCCESS) { |
| 585 | ipc_kmsg_free(kmsg); |
| 586 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 587 | return mr; |
| 588 | } |
| 589 | |
| 590 | do { |
| 591 | mr = ipc_kmsg_send(kmsg, MACH_MSG_OPTION_NONE, MACH_MSG_TIMEOUT_NONE); |
| 592 | } while (mr == MACH_SEND_INTERRUPTED); |
| 593 | |
| 594 | assert(mr == MACH_MSG_SUCCESS); |
| 595 | } |
| 596 | |
| 597 | if (option & MACH_RCV_MSG) { |
| 598 | thread_t self = current_thread(); |
| 599 | |
| 600 | do { |
| 601 | ipc_object_t object; |
| 602 | ipc_mqueue_t mqueue; |
| 603 | |
| 604 | mr = ipc_mqueue_copyin(space, rcv_name, |
| 605 | &mqueue, &object); |
| 606 | if (mr != MACH_MSG_SUCCESS) |
| 607 | return mr; |
| 608 | |
| 609 | /* hold ref for object */ |
| 610 | |
| 611 | self->ith_continuation = (void (*)(mach_msg_return_t))0; |
| 612 | ipc_mqueue_receive(mqueue, |
| 613 | MACH_MSG_OPTION_NONE, |
| 614 | MACH_MSG_SIZE_MAX, |
| 615 | MACH_MSG_TIMEOUT_NONE, |
| 616 | THREAD_ABORTSAFE); |
| 617 | mr = self->ith_state; |
| 618 | kmsg = self->ith_kmsg; |
| 619 | seqno = self->ith_seqno; |
| 620 | |
| 621 | mach_msg_receive_results_complete(object); |
| 622 | io_release(object); |
| 623 | |
| 624 | } while (mr == MACH_RCV_INTERRUPTED); |
| 625 | |
| 626 | if (mr != MACH_MSG_SUCCESS) |
| 627 | return mr; |
| 628 | |
| 629 | trailer_size = ipc_kmsg_add_trailer(kmsg, space, option, current_thread(), seqno, TRUE, |
| 630 | kmsg->ikm_header->msgh_remote_port->ip_context); |
| 631 | |
| 632 | if (rcv_size < (kmsg->ikm_header->msgh_size + trailer_size)) { |
| 633 | ipc_kmsg_copyout_dest(kmsg, space); |
| 634 | (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg); |
| 635 | ipc_kmsg_free(kmsg); |
| 636 | return MACH_RCV_TOO_LARGE; |
| 637 | } |
| 638 | |
| 639 | mr = ipc_kmsg_copyout(kmsg, space, map, MACH_MSG_BODY_NULL, option); |
| 640 | if (mr != MACH_MSG_SUCCESS) { |
| 641 | if ((mr &~ MACH_MSG_MASK) == MACH_RCV_BODY_ERROR) { |
| 642 | ipc_kmsg_put_to_kernel(msg, kmsg, |
| 643 | kmsg->ikm_header->msgh_size + trailer_size); |
| 644 | } else { |
| 645 | ipc_kmsg_copyout_dest(kmsg, space); |
| 646 | (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg); |
| 647 | ipc_kmsg_free(kmsg); |
| 648 | } |
| 649 | |
| 650 | return mr; |
| 651 | } |
| 652 | |
| 653 | (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, |
| 654 | kmsg->ikm_header->msgh_size + trailer_size); |
| 655 | ipc_kmsg_free(kmsg); |
| 656 | } |
| 657 | |
| 658 | return MACH_MSG_SUCCESS; |
| 659 | } |
| 660 | |
| 661 | /* |
| 662 | * Routine: mig_get_reply_port |
| 663 | * Purpose: |
| 664 | * Called by client side interfaces living in the kernel |
| 665 | * to get a reply port. |
| 666 | */ |
| 667 | mach_port_t |
| 668 | mig_get_reply_port(void) |
| 669 | { |
| 670 | return (MACH_PORT_NULL); |
| 671 | } |
| 672 | |
| 673 | /* |
| 674 | * Routine: mig_dealloc_reply_port |
| 675 | * Purpose: |
| 676 | * Called by client side interfaces to get rid of a reply port. |
| 677 | */ |
| 678 | |
| 679 | void |
| 680 | mig_dealloc_reply_port( |
| 681 | __unused mach_port_t reply_port) |
| 682 | { |
| 683 | } |
| 684 | |
| 685 | /* |
| 686 | * Routine: mig_put_reply_port |
| 687 | * Purpose: |
| 688 | * Called by client side interfaces after each RPC to |
| 689 | * let the client recycle the reply port if it wishes. |
| 690 | */ |
| 691 | void |
| 692 | mig_put_reply_port( |
| 693 | __unused mach_port_t reply_port) |
| 694 | { |
| 695 | } |
| 696 | |
| 697 | /* |
| 698 | * mig_strncpy.c - by Joshua Block |
| 699 | * |
| 700 | * mig_strncp -- Bounded string copy. Does what the library routine strncpy |
| 701 | * OUGHT to do: Copies the (null terminated) string in src into dest, a |
| 702 | * buffer of length len. Assures that the copy is still null terminated |
| 703 | * and doesn't overflow the buffer, truncating the copy if necessary. |
| 704 | * |
| 705 | * Parameters: |
| 706 | * |
| 707 | * dest - Pointer to destination buffer. |
| 708 | * |
| 709 | * src - Pointer to source string. |
| 710 | * |
| 711 | * len - Length of destination buffer. |
| 712 | */ |
| 713 | int |
| 714 | mig_strncpy( |
| 715 | char *dest, |
| 716 | const char *src, |
| 717 | int len) |
| 718 | { |
| 719 | int i = 0; |
| 720 | |
| 721 | if (len > 0) |
| 722 | if (dest != NULL) { |
| 723 | if (src != NULL) |
| 724 | for (i=1; i<len; i++) |
| 725 | if (! (*dest++ = *src++)) |
| 726 | return i; |
| 727 | *dest = '\0'; |
| 728 | } |
| 729 | return i; |
| 730 | } |
| 731 | |
| 732 | /* |
| 733 | * mig_strncpy_zerofill -- Bounded string copy. Does what the |
| 734 | * library routine strncpy OUGHT to do: Copies the (null terminated) |
| 735 | * string in src into dest, a buffer of length len. Assures that |
| 736 | * the copy is still null terminated and doesn't overflow the buffer, |
| 737 | * truncating the copy if necessary. If the string in src is smaller |
| 738 | * than given length len, it will zero fill the remaining bytes in dest. |
| 739 | * |
| 740 | * Parameters: |
| 741 | * |
| 742 | * dest - Pointer to destination buffer. |
| 743 | * |
| 744 | * src - Pointer to source string. |
| 745 | * |
| 746 | * len - Length of destination buffer. |
| 747 | */ |
| 748 | int |
| 749 | mig_strncpy_zerofill( |
| 750 | char *dest, |
| 751 | const char *src, |
| 752 | int len) |
| 753 | { |
| 754 | int i = 0; |
| 755 | boolean_t terminated = FALSE; |
| 756 | int retval = 0; |
| 757 | |
| 758 | if (len <= 0 || dest == NULL) { |
| 759 | return 0; |
| 760 | } |
| 761 | |
| 762 | if (src == NULL) { |
| 763 | terminated = TRUE; |
| 764 | } |
| 765 | |
| 766 | for (i = 1; i < len; i++) { |
| 767 | if (!terminated) { |
| 768 | if (!(*dest++ = *src++)) { |
| 769 | retval = i; |
| 770 | terminated = TRUE; |
| 771 | } |
| 772 | } else { |
| 773 | *dest++ = '\0'; |
| 774 | } |
| 775 | } |
| 776 | |
| 777 | *dest = '\0'; |
| 778 | if (!terminated) { |
| 779 | retval = i; |
| 780 | } |
| 781 | |
| 782 | return retval; |
| 783 | } |
| 784 | |
| 785 | void * |
| 786 | mig_user_allocate( |
| 787 | vm_size_t size) |
| 788 | { |
| 789 | return (char *)kalloc(size); |
| 790 | } |
| 791 | |
| 792 | void |
| 793 | mig_user_deallocate( |
| 794 | char *data, |
| 795 | vm_size_t size) |
| 796 | { |
| 797 | kfree(data, size); |
| 798 | } |
| 799 | |
| 800 | /* |
| 801 | * Routine: mig_object_init |
| 802 | * Purpose: |
| 803 | * Initialize the base class portion of a MIG object. We |
| 804 | * will lazy init the port, so just clear it for now. |
| 805 | */ |
| 806 | kern_return_t |
| 807 | mig_object_init( |
| 808 | mig_object_t mig_object, |
| 809 | const IMIGObject *interface) |
| 810 | { |
| 811 | if (mig_object == MIG_OBJECT_NULL) |
| 812 | return KERN_INVALID_ARGUMENT; |
| 813 | mig_object->pVtbl = (const IMIGObjectVtbl *)interface; |
| 814 | mig_object->port = MACH_PORT_NULL; |
| 815 | return KERN_SUCCESS; |
| 816 | } |
| 817 | |
| 818 | /* |
| 819 | * Routine: mig_object_destroy |
| 820 | * Purpose: |
| 821 | * The object is being freed. This call lets us clean |
| 822 | * up any state we have have built up over the object's |
| 823 | * lifetime. |
| 824 | * Conditions: |
| 825 | * Since notifications and the port hold references on |
| 826 | * on the object, neither can exist when this is called. |
| 827 | * This is a good place to assert() that condition. |
| 828 | */ |
| 829 | void |
| 830 | mig_object_destroy( |
| 831 | __assert_only mig_object_t mig_object) |
| 832 | { |
| 833 | assert(mig_object->port == MACH_PORT_NULL); |
| 834 | return; |
| 835 | } |
| 836 | |
| 837 | /* |
| 838 | * Routine: mig_object_reference |
| 839 | * Purpose: |
| 840 | * Pure virtual helper to invoke the MIG object's AddRef |
| 841 | * method. |
| 842 | * Conditions: |
| 843 | * MIG object port may be locked. |
| 844 | */ |
| 845 | void |
| 846 | mig_object_reference( |
| 847 | mig_object_t mig_object) |
| 848 | { |
| 849 | assert(mig_object != MIG_OBJECT_NULL); |
| 850 | mig_object->pVtbl->AddRef((IMIGObject *)mig_object); |
| 851 | } |
| 852 | |
| 853 | /* |
| 854 | * Routine: mig_object_deallocate |
| 855 | * Purpose: |
| 856 | * Pure virtual helper to invoke the MIG object's Release |
| 857 | * method. |
| 858 | * Conditions: |
| 859 | * Nothing locked. |
| 860 | */ |
| 861 | void |
| 862 | mig_object_deallocate( |
| 863 | mig_object_t mig_object) |
| 864 | { |
| 865 | assert(mig_object != MIG_OBJECT_NULL); |
| 866 | mig_object->pVtbl->Release((IMIGObject *)mig_object); |
| 867 | } |
| 868 | |
| 869 | /* |
| 870 | * Routine: convert_mig_object_to_port [interface] |
| 871 | * Purpose: |
| 872 | * Base implementation of MIG outtrans routine to convert from |
| 873 | * a mig object reference to a new send right on the object's |
| 874 | * port. The object reference is consumed. |
| 875 | * Returns: |
| 876 | * IP_NULL - Null MIG object supplied |
| 877 | * Otherwise, a newly made send right for the port |
| 878 | * Conditions: |
| 879 | * Nothing locked. |
| 880 | */ |
| 881 | ipc_port_t |
| 882 | convert_mig_object_to_port( |
| 883 | mig_object_t mig_object) |
| 884 | { |
| 885 | ipc_port_t port; |
| 886 | boolean_t deallocate = TRUE; |
| 887 | |
| 888 | if (mig_object == MIG_OBJECT_NULL) |
| 889 | return IP_NULL; |
| 890 | |
| 891 | port = mig_object->port; |
| 892 | while ((port == IP_NULL) || |
| 893 | ((port = ipc_port_make_send(port)) == IP_NULL)) { |
| 894 | ipc_port_t previous; |
| 895 | |
| 896 | /* |
| 897 | * Either the port was never set up, or it was just |
| 898 | * deallocated out from under us by the no-senders |
| 899 | * processing. In either case, we must: |
| 900 | * Attempt to make one |
| 901 | * Arrange for no senders |
| 902 | * Try to atomically register it with the object |
| 903 | * Destroy it if we are raced. |
| 904 | */ |
| 905 | port = ipc_port_alloc_kernel(); |
| 906 | ip_lock(port); |
| 907 | ipc_kobject_set_atomically(port, |
| 908 | (ipc_kobject_t) mig_object, |
| 909 | IKOT_MIG); |
| 910 | |
| 911 | /* make a sonce right for the notification */ |
| 912 | port->ip_sorights++; |
| 913 | ip_reference(port); |
| 914 | |
| 915 | ipc_port_nsrequest(port, 1, port, &previous); |
| 916 | /* port unlocked */ |
| 917 | |
| 918 | assert(previous == IP_NULL); |
| 919 | |
| 920 | if (OSCompareAndSwapPtr((void *)IP_NULL, (void *)port, |
| 921 | (void * volatile *)&mig_object->port)) { |
| 922 | deallocate = FALSE; |
| 923 | } else { |
| 924 | ipc_port_dealloc_kernel(port); |
| 925 | port = mig_object->port; |
| 926 | } |
| 927 | } |
| 928 | |
| 929 | if (deallocate) |
| 930 | mig_object->pVtbl->Release((IMIGObject *)mig_object); |
| 931 | |
| 932 | return (port); |
| 933 | } |
| 934 | |
| 935 | |
| 936 | /* |
| 937 | * Routine: convert_port_to_mig_object [interface] |
| 938 | * Purpose: |
| 939 | * Base implementation of MIG intrans routine to convert from |
| 940 | * an incoming port reference to a new reference on the |
| 941 | * underlying object. A new reference must be created, because |
| 942 | * the port's reference could go away asynchronously. |
| 943 | * Returns: |
| 944 | * NULL - Not an active MIG object port or iid not supported |
| 945 | * Otherwise, a reference to the underlying MIG interface |
| 946 | * Conditions: |
| 947 | * Nothing locked. |
| 948 | */ |
| 949 | mig_object_t |
| 950 | convert_port_to_mig_object( |
| 951 | ipc_port_t port, |
| 952 | const MIGIID *iid) |
| 953 | { |
| 954 | mig_object_t mig_object; |
| 955 | void *ppv; |
| 956 | |
| 957 | if (!IP_VALID(port)) |
| 958 | return NULL; |
| 959 | |
| 960 | ip_lock(port); |
| 961 | if (!ip_active(port) || (ip_kotype(port) != IKOT_MIG)) { |
| 962 | ip_unlock(port); |
| 963 | return NULL; |
| 964 | } |
| 965 | |
| 966 | /* |
| 967 | * Our port points to some MIG object interface. Now |
| 968 | * query it to get a reference to the desired interface. |
| 969 | */ |
| 970 | ppv = NULL; |
| 971 | mig_object = (mig_object_t)port->ip_kobject; |
| 972 | mig_object->pVtbl->QueryInterface((IMIGObject *)mig_object, iid, &ppv); |
| 973 | ip_unlock(port); |
| 974 | return (mig_object_t)ppv; |
| 975 | } |
| 976 | |
| 977 | /* |
| 978 | * Routine: mig_object_no_senders [interface] |
| 979 | * Purpose: |
| 980 | * Base implementation of a no-senders notification handler |
| 981 | * for MIG objects. If there truly are no more senders, must |
| 982 | * destroy the port and drop its reference on the object. |
| 983 | * Returns: |
| 984 | * TRUE - port deallocate and reference dropped |
| 985 | * FALSE - more senders arrived, re-registered for notification |
| 986 | * Conditions: |
| 987 | * Nothing locked. |
| 988 | */ |
| 989 | |
| 990 | boolean_t |
| 991 | mig_object_no_senders( |
| 992 | ipc_port_t port, |
| 993 | mach_port_mscount_t mscount) |
| 994 | { |
| 995 | mig_object_t mig_object; |
| 996 | |
| 997 | ip_lock(port); |
| 998 | if (port->ip_mscount > mscount) { |
| 999 | ipc_port_t previous; |
| 1000 | |
| 1001 | /* |
| 1002 | * Somebody created new send rights while the |
| 1003 | * notification was in-flight. Just create a |
| 1004 | * new send-once right and re-register with |
| 1005 | * the new (higher) mscount threshold. |
| 1006 | */ |
| 1007 | /* make a sonce right for the notification */ |
| 1008 | port->ip_sorights++; |
| 1009 | ip_reference(port); |
| 1010 | ipc_port_nsrequest(port, mscount, port, &previous); |
| 1011 | /* port unlocked */ |
| 1012 | |
| 1013 | assert(previous == IP_NULL); |
| 1014 | return (FALSE); |
| 1015 | } |
| 1016 | |
| 1017 | /* |
| 1018 | * Clear the port pointer while we have it locked. |
| 1019 | */ |
| 1020 | mig_object = (mig_object_t)port->ip_kobject; |
| 1021 | mig_object->port = IP_NULL; |
| 1022 | |
| 1023 | /* |
| 1024 | * Bring the sequence number and mscount in |
| 1025 | * line with ipc_port_destroy assertion. |
| 1026 | */ |
| 1027 | port->ip_mscount = 0; |
| 1028 | port->ip_messages.imq_seqno = 0; |
| 1029 | ipc_port_destroy(port); /* releases lock */ |
| 1030 | |
| 1031 | /* |
| 1032 | * Release the port's reference on the object. |
| 1033 | */ |
| 1034 | mig_object->pVtbl->Release((IMIGObject *)mig_object); |
| 1035 | return (TRUE); |
| 1036 | } |
| 1037 | |
| 1038 | /* |
| 1039 | * Kernel implementation of the notification chain for MIG object |
| 1040 | * is kept separate from the actual objects, since there are expected |
| 1041 | * to be much fewer of them than actual objects. |
| 1042 | * |
| 1043 | * The implementation of this part of MIG objects is coming |
| 1044 | * "Real Soon Now"(TM). |
| 1045 | */ |
| 1046 |
Generated on 2018-Dec-24 from project xnu revision 4903.221.2
Powered by 
Code Browser 2.1
Generator usage only permitted with license.