1 | /* |
2 | * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | /* |
29 | * @OSF_COPYRIGHT@ |
30 | */ |
31 | /* |
32 | * Mach Operating System |
33 | * Copyright (c) 1991,1990 Carnegie Mellon University |
34 | * All Rights Reserved. |
35 | * |
36 | * Permission to use, copy, modify and distribute this software and its |
37 | * documentation is hereby granted, provided that both the copyright |
38 | * notice and this permission notice appear in all copies of the |
39 | * software, derivative works or modified versions, and any portions |
40 | * thereof, and that both notices appear in supporting documentation. |
41 | * |
42 | * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" |
43 | * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR |
44 | * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. |
45 | * |
46 | * Carnegie Mellon requests users of this software to return to |
47 | * |
48 | * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU |
49 | * School of Computer Science |
50 | * Carnegie Mellon University |
51 | * Pittsburgh PA 15213-3890 |
52 | * |
53 | * any improvements or extensions that they make and grant Carnegie Mellon |
54 | * the rights to redistribute these changes. |
55 | */ |
56 | /* |
57 | */ |
58 | |
59 | #include <mach/boolean.h> |
60 | #include <mach/port.h> |
61 | #include <mach/mig.h> |
62 | #include <mach/mig_errors.h> |
63 | #include <mach/mach_types.h> |
64 | #include <mach/mach_traps.h> |
65 | |
66 | #include <kern/ipc_tt.h> |
67 | #include <kern/ipc_mig.h> |
68 | #include <kern/kalloc.h> |
69 | #include <kern/task.h> |
70 | #include <kern/thread.h> |
71 | #include <kern/ipc_kobject.h> |
72 | #include <kern/misc_protos.h> |
73 | |
74 | #include <ipc/port.h> |
75 | #include <ipc/ipc_kmsg.h> |
76 | #include <ipc/ipc_entry.h> |
77 | #include <ipc/ipc_object.h> |
78 | #include <ipc/ipc_mqueue.h> |
79 | #include <ipc/ipc_space.h> |
80 | #include <ipc/ipc_port.h> |
81 | #include <ipc/ipc_pset.h> |
82 | #include <ipc/ipc_notify.h> |
83 | #include <vm/vm_map.h> |
84 | |
85 | #include <libkern/OSAtomic.h> |
86 | |
87 | void |
88 | mach_msg_receive_results_complete(ipc_object_t object); |
89 | |
90 | /* |
91 | * Routine: mach_msg_send_from_kernel |
92 | * Purpose: |
93 | * Send a message from the kernel. |
94 | * |
95 | * This is used by the client side of KernelUser interfaces |
96 | * to implement SimpleRoutines. Currently, this includes |
97 | * memory_object messages. |
98 | * Conditions: |
99 | * Nothing locked. |
100 | * Returns: |
101 | * MACH_MSG_SUCCESS Sent the message. |
102 | * MACH_SEND_INVALID_DEST Bad destination port. |
103 | * MACH_MSG_SEND_NO_BUFFER Destination port had inuse fixed bufer |
104 | * or destination is above kernel limit |
105 | */ |
106 | |
107 | #if IKM_SUPPORT_LEGACY |
108 | |
109 | #undef mach_msg_send_from_kernel |
110 | mach_msg_return_t mach_msg_send_from_kernel( |
111 | mach_msg_header_t *msg, |
112 | mach_msg_size_t send_size); |
113 | |
114 | mach_msg_return_t |
115 | mach_msg_send_from_kernel( |
116 | mach_msg_header_t *msg, |
117 | mach_msg_size_t send_size) |
118 | { |
119 | ipc_kmsg_t kmsg; |
120 | mach_msg_return_t mr; |
121 | |
122 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
123 | |
124 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
125 | if (mr != MACH_MSG_SUCCESS) { |
126 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
127 | return mr; |
128 | } |
129 | |
130 | mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg); |
131 | if (mr != MACH_MSG_SUCCESS) { |
132 | ipc_kmsg_free(kmsg); |
133 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
134 | return mr; |
135 | } |
136 | |
137 | /* |
138 | * respect the thread's SEND_IMPORTANCE option to allow importance |
139 | * donation from the kernel-side of user threads |
140 | * (11938665 & 23925818) |
141 | */ |
142 | mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT; |
143 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
144 | option &= ~MACH_SEND_NOIMPORTANCE; |
145 | |
146 | mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE); |
147 | if (mr != MACH_MSG_SUCCESS) { |
148 | ipc_kmsg_destroy(kmsg); |
149 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
150 | } |
151 | |
152 | return mr; |
153 | } |
154 | |
155 | #endif /* IKM_SUPPORT_LEGACY */ |
156 | |
157 | mach_msg_return_t |
158 | mach_msg_send_from_kernel_proper( |
159 | mach_msg_header_t *msg, |
160 | mach_msg_size_t send_size) |
161 | { |
162 | ipc_kmsg_t kmsg; |
163 | mach_msg_return_t mr; |
164 | |
165 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
166 | |
167 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
168 | if (mr != MACH_MSG_SUCCESS) { |
169 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
170 | return mr; |
171 | } |
172 | |
173 | mr = ipc_kmsg_copyin_from_kernel(kmsg); |
174 | if (mr != MACH_MSG_SUCCESS) { |
175 | ipc_kmsg_free(kmsg); |
176 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
177 | return mr; |
178 | } |
179 | |
180 | /* |
181 | * respect the thread's SEND_IMPORTANCE option to force importance |
182 | * donation from the kernel-side of user threads |
183 | * (11938665 & 23925818) |
184 | */ |
185 | mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT; |
186 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
187 | option &= ~MACH_SEND_NOIMPORTANCE; |
188 | |
189 | mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE); |
190 | if (mr != MACH_MSG_SUCCESS) { |
191 | ipc_kmsg_destroy(kmsg); |
192 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
193 | } |
194 | |
195 | return mr; |
196 | } |
197 | |
198 | mach_msg_return_t |
199 | mach_msg_send_from_kernel_with_options( |
200 | mach_msg_header_t *msg, |
201 | mach_msg_size_t send_size, |
202 | mach_msg_option_t option, |
203 | mach_msg_timeout_t timeout_val) |
204 | { |
205 | ipc_kmsg_t kmsg; |
206 | mach_msg_return_t mr; |
207 | |
208 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
209 | |
210 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
211 | if (mr != MACH_MSG_SUCCESS) { |
212 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
213 | return mr; |
214 | } |
215 | |
216 | mr = ipc_kmsg_copyin_from_kernel(kmsg); |
217 | if (mr != MACH_MSG_SUCCESS) { |
218 | ipc_kmsg_free(kmsg); |
219 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
220 | return mr; |
221 | } |
222 | |
223 | /* |
224 | * Until we are sure of its effects, we are disabling |
225 | * importance donation from the kernel-side of user |
226 | * threads in importance-donating tasks - unless the |
227 | * option to force importance donation is passed in, |
228 | * or the thread's SEND_IMPORTANCE option has been set. |
229 | * (11938665 & 23925818) |
230 | */ |
231 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
232 | option &= ~MACH_SEND_NOIMPORTANCE; |
233 | else if ((option & MACH_SEND_IMPORTANCE) == 0) |
234 | option |= MACH_SEND_NOIMPORTANCE; |
235 | |
236 | mr = ipc_kmsg_send(kmsg, option, timeout_val); |
237 | |
238 | if (mr != MACH_MSG_SUCCESS) { |
239 | ipc_kmsg_destroy(kmsg); |
240 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
241 | } |
242 | |
243 | return mr; |
244 | } |
245 | |
246 | |
247 | #if IKM_SUPPORT_LEGACY |
248 | |
249 | mach_msg_return_t |
250 | mach_msg_send_from_kernel_with_options_legacy( |
251 | mach_msg_header_t *msg, |
252 | mach_msg_size_t send_size, |
253 | mach_msg_option_t option, |
254 | mach_msg_timeout_t timeout_val) |
255 | { |
256 | ipc_kmsg_t kmsg; |
257 | mach_msg_return_t mr; |
258 | |
259 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
260 | |
261 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
262 | if (mr != MACH_MSG_SUCCESS) { |
263 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
264 | return mr; |
265 | } |
266 | |
267 | mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg); |
268 | if (mr != MACH_MSG_SUCCESS) { |
269 | ipc_kmsg_free(kmsg); |
270 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
271 | return mr; |
272 | } |
273 | |
274 | /* |
275 | * Until we are sure of its effects, we are disabling |
276 | * importance donation from the kernel-side of user |
277 | * threads in importance-donating tasks. |
278 | * (11938665 & 23925818) |
279 | */ |
280 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
281 | option &= ~MACH_SEND_NOIMPORTANCE; |
282 | else |
283 | option |= MACH_SEND_NOIMPORTANCE; |
284 | |
285 | mr = ipc_kmsg_send(kmsg, option, timeout_val); |
286 | |
287 | if (mr != MACH_MSG_SUCCESS) { |
288 | ipc_kmsg_destroy(kmsg); |
289 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
290 | } |
291 | |
292 | return mr; |
293 | } |
294 | |
295 | #endif /* IKM_SUPPORT_LEGACY */ |
296 | |
297 | /* |
298 | * Routine: mach_msg_rpc_from_kernel |
299 | * Purpose: |
300 | * Send a message from the kernel and receive a reply. |
301 | * Uses ith_rpc_reply for the reply port. |
302 | * |
303 | * This is used by the client side of KernelUser interfaces |
304 | * to implement Routines. |
305 | * Conditions: |
306 | * Nothing locked. |
307 | * Returns: |
308 | * MACH_MSG_SUCCESS Sent the message. |
309 | * MACH_RCV_PORT_DIED The reply port was deallocated. |
310 | */ |
311 | |
312 | mach_msg_return_t mach_msg_rpc_from_kernel_body(mach_msg_header_t *msg, |
313 | mach_msg_size_t send_size, mach_msg_size_t rcv_size, boolean_t legacy); |
314 | |
315 | #if IKM_SUPPORT_LEGACY |
316 | |
317 | #undef mach_msg_rpc_from_kernel |
318 | mach_msg_return_t |
319 | mach_msg_rpc_from_kernel( |
320 | mach_msg_header_t *msg, |
321 | mach_msg_size_t send_size, |
322 | mach_msg_size_t rcv_size); |
323 | |
324 | mach_msg_return_t |
325 | mach_msg_rpc_from_kernel( |
326 | mach_msg_header_t *msg, |
327 | mach_msg_size_t send_size, |
328 | mach_msg_size_t rcv_size) |
329 | { |
330 | return mach_msg_rpc_from_kernel_body(msg, send_size, rcv_size, TRUE); |
331 | } |
332 | |
333 | #endif /* IKM_SUPPORT_LEGACY */ |
334 | |
335 | mach_msg_return_t |
336 | mach_msg_rpc_from_kernel_proper( |
337 | mach_msg_header_t *msg, |
338 | mach_msg_size_t send_size, |
339 | mach_msg_size_t rcv_size) |
340 | { |
341 | return mach_msg_rpc_from_kernel_body(msg, send_size, rcv_size, FALSE); |
342 | } |
343 | |
344 | mach_msg_return_t |
345 | mach_msg_rpc_from_kernel_body( |
346 | mach_msg_header_t *msg, |
347 | mach_msg_size_t send_size, |
348 | mach_msg_size_t rcv_size, |
349 | #if !IKM_SUPPORT_LEGACY |
350 | __unused |
351 | #endif |
352 | boolean_t legacy) |
353 | { |
354 | thread_t self = current_thread(); |
355 | ipc_port_t reply; |
356 | ipc_kmsg_t kmsg; |
357 | mach_port_seqno_t seqno; |
358 | mach_msg_return_t mr; |
359 | |
360 | assert(msg->msgh_local_port == MACH_PORT_NULL); |
361 | |
362 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
363 | |
364 | mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg); |
365 | if (mr != MACH_MSG_SUCCESS) { |
366 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
367 | return mr; |
368 | } |
369 | |
370 | reply = self->ith_rpc_reply; |
371 | if (reply == IP_NULL) { |
372 | reply = ipc_port_alloc_reply(); |
373 | if ((reply == IP_NULL) || |
374 | (self->ith_rpc_reply != IP_NULL)) |
375 | panic("mach_msg_rpc_from_kernel" ); |
376 | self->ith_rpc_reply = reply; |
377 | } |
378 | |
379 | /* insert send-once right for the reply port */ |
380 | kmsg->ikm_header->msgh_local_port = reply; |
381 | kmsg->ikm_header->msgh_bits |= |
382 | MACH_MSGH_BITS(0, MACH_MSG_TYPE_MAKE_SEND_ONCE); |
383 | |
384 | #if IKM_SUPPORT_LEGACY |
385 | if(legacy) |
386 | mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg); |
387 | else |
388 | mr = ipc_kmsg_copyin_from_kernel(kmsg); |
389 | #else |
390 | mr = ipc_kmsg_copyin_from_kernel(kmsg); |
391 | #endif |
392 | if (mr != MACH_MSG_SUCCESS) { |
393 | ipc_kmsg_free(kmsg); |
394 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
395 | return mr; |
396 | } |
397 | |
398 | /* |
399 | * respect the thread's SEND_IMPORTANCE option to force importance |
400 | * donation from the kernel-side of user threads |
401 | * (11938665 & 23925818) |
402 | */ |
403 | mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT; |
404 | if (current_thread()->options & TH_OPT_SEND_IMPORTANCE) |
405 | option &= ~MACH_SEND_NOIMPORTANCE; |
406 | |
407 | mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE); |
408 | if (mr != MACH_MSG_SUCCESS) { |
409 | ipc_kmsg_destroy(kmsg); |
410 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
411 | return mr; |
412 | } |
413 | |
414 | for (;;) { |
415 | ipc_mqueue_t mqueue; |
416 | ipc_object_t object; |
417 | |
418 | assert(reply->ip_in_pset == 0); |
419 | assert(ip_active(reply)); |
420 | |
421 | /* JMM - why this check? */ |
422 | if (!self->active && !self->inspection) { |
423 | ipc_port_dealloc_reply(reply); |
424 | self->ith_rpc_reply = IP_NULL; |
425 | return MACH_RCV_INTERRUPTED; |
426 | } |
427 | |
428 | self->ith_continuation = (void (*)(mach_msg_return_t))0; |
429 | |
430 | mqueue = &reply->ip_messages; |
431 | ipc_mqueue_receive(mqueue, |
432 | MACH_MSG_OPTION_NONE, |
433 | MACH_MSG_SIZE_MAX, |
434 | MACH_MSG_TIMEOUT_NONE, |
435 | THREAD_INTERRUPTIBLE); |
436 | |
437 | mr = self->ith_state; |
438 | kmsg = self->ith_kmsg; |
439 | seqno = self->ith_seqno; |
440 | |
441 | __IGNORE_WCASTALIGN(object = (ipc_object_t) reply); |
442 | mach_msg_receive_results_complete(object); |
443 | |
444 | if (mr == MACH_MSG_SUCCESS) |
445 | { |
446 | break; |
447 | } |
448 | |
449 | assert(mr == MACH_RCV_INTERRUPTED); |
450 | |
451 | assert(reply == self->ith_rpc_reply); |
452 | |
453 | if (self->ast & AST_APC) { |
454 | ipc_port_dealloc_reply(reply); |
455 | self->ith_rpc_reply = IP_NULL; |
456 | return(mr); |
457 | } |
458 | } |
459 | |
460 | /* |
461 | * Check to see how much of the message/trailer can be received. |
462 | * We chose the maximum trailer that will fit, since we don't |
463 | * have options telling us which trailer elements the caller needed. |
464 | */ |
465 | if (rcv_size >= kmsg->ikm_header->msgh_size) { |
466 | mach_msg_format_0_trailer_t *trailer = (mach_msg_format_0_trailer_t *) |
467 | ((vm_offset_t)kmsg->ikm_header + kmsg->ikm_header->msgh_size); |
468 | |
469 | if (rcv_size >= kmsg->ikm_header->msgh_size + MAX_TRAILER_SIZE) { |
470 | /* Enough room for a maximum trailer */ |
471 | trailer->msgh_trailer_size = MAX_TRAILER_SIZE; |
472 | } |
473 | else if (rcv_size < kmsg->ikm_header->msgh_size + |
474 | trailer->msgh_trailer_size) { |
475 | /* no room for even the basic (default) trailer */ |
476 | trailer->msgh_trailer_size = 0; |
477 | } |
478 | assert(trailer->msgh_trailer_type == MACH_MSG_TRAILER_FORMAT_0); |
479 | rcv_size = kmsg->ikm_header->msgh_size + trailer->msgh_trailer_size; |
480 | mr = MACH_MSG_SUCCESS; |
481 | } else { |
482 | mr = MACH_RCV_TOO_LARGE; |
483 | } |
484 | |
485 | |
486 | /* |
487 | * We want to preserve rights and memory in reply! |
488 | * We don't have to put them anywhere; just leave them |
489 | * as they are. |
490 | */ |
491 | #if IKM_SUPPORT_LEGACY |
492 | if(legacy) |
493 | ipc_kmsg_copyout_to_kernel_legacy(kmsg, ipc_space_reply); |
494 | else |
495 | ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply); |
496 | #else |
497 | ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply); |
498 | #endif |
499 | ipc_kmsg_put_to_kernel(msg, kmsg, rcv_size); |
500 | return mr; |
501 | } |
502 | |
503 | |
504 | /************** These Calls are set up for kernel-loaded tasks/threads **************/ |
505 | |
506 | /* |
507 | * Routine: mach_msg_overwrite |
508 | * Purpose: |
509 | * Like mach_msg_overwrite_trap except that message buffers |
510 | * live in kernel space. Doesn't handle any options. |
511 | * |
512 | * This is used by in-kernel server threads to make |
513 | * kernel calls, to receive request messages, and |
514 | * to send reply messages. |
515 | * Conditions: |
516 | * Nothing locked. |
517 | * Returns: |
518 | */ |
519 | |
520 | mach_msg_return_t |
521 | mach_msg_overwrite( |
522 | mach_msg_header_t *msg, |
523 | mach_msg_option_t option, |
524 | mach_msg_size_t send_size, |
525 | mach_msg_size_t rcv_size, |
526 | mach_port_name_t rcv_name, |
527 | __unused mach_msg_timeout_t msg_timeout, |
528 | mach_msg_priority_t override, |
529 | __unused mach_msg_header_t *rcv_msg, |
530 | __unused mach_msg_size_t rcv_msg_size) |
531 | { |
532 | ipc_space_t space = current_space(); |
533 | vm_map_t map = current_map(); |
534 | ipc_kmsg_t kmsg; |
535 | mach_port_seqno_t seqno; |
536 | mach_msg_return_t mr; |
537 | mach_msg_trailer_size_t trailer_size; |
538 | |
539 | if (option & MACH_SEND_MSG) { |
540 | mach_msg_size_t msg_and_trailer_size; |
541 | mach_msg_max_trailer_t *max_trailer; |
542 | |
543 | if ((send_size & 3) || |
544 | send_size < sizeof(mach_msg_header_t) || |
545 | (send_size < sizeof(mach_msg_body_t) && (msg->msgh_bits & MACH_MSGH_BITS_COMPLEX))) |
546 | return MACH_SEND_MSG_TOO_SMALL; |
547 | |
548 | if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE) |
549 | return MACH_SEND_TOO_LARGE; |
550 | |
551 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
552 | |
553 | msg_and_trailer_size = send_size + MAX_TRAILER_SIZE; |
554 | kmsg = ipc_kmsg_alloc(msg_and_trailer_size); |
555 | |
556 | if (kmsg == IKM_NULL) { |
557 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, MACH_SEND_NO_BUFFER); |
558 | return MACH_SEND_NO_BUFFER; |
559 | } |
560 | |
561 | KERNEL_DEBUG_CONSTANT(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_LINK) | DBG_FUNC_NONE, |
562 | (uintptr_t)0, /* this should only be called from the kernel! */ |
563 | VM_KERNEL_ADDRPERM((uintptr_t)kmsg), |
564 | 0, 0, |
565 | 0); |
566 | (void) memcpy((void *) kmsg->ikm_header, (const void *) msg, send_size); |
567 | |
568 | kmsg->ikm_header->msgh_size = send_size; |
569 | |
570 | /* |
571 | * Reserve for the trailer the largest space (MAX_TRAILER_SIZE) |
572 | * However, the internal size field of the trailer (msgh_trailer_size) |
573 | * is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize |
574 | * the cases where no implicit data is requested. |
575 | */ |
576 | max_trailer = (mach_msg_max_trailer_t *) ((vm_offset_t)kmsg->ikm_header + send_size); |
577 | max_trailer->msgh_sender = current_thread()->task->sec_token; |
578 | max_trailer->msgh_audit = current_thread()->task->audit_token; |
579 | max_trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0; |
580 | max_trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE; |
581 | |
582 | mr = ipc_kmsg_copyin(kmsg, space, map, override, &option); |
583 | |
584 | if (mr != MACH_MSG_SUCCESS) { |
585 | ipc_kmsg_free(kmsg); |
586 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
587 | return mr; |
588 | } |
589 | |
590 | do { |
591 | mr = ipc_kmsg_send(kmsg, MACH_MSG_OPTION_NONE, MACH_MSG_TIMEOUT_NONE); |
592 | } while (mr == MACH_SEND_INTERRUPTED); |
593 | |
594 | assert(mr == MACH_MSG_SUCCESS); |
595 | } |
596 | |
597 | if (option & MACH_RCV_MSG) { |
598 | thread_t self = current_thread(); |
599 | |
600 | do { |
601 | ipc_object_t object; |
602 | ipc_mqueue_t mqueue; |
603 | |
604 | mr = ipc_mqueue_copyin(space, rcv_name, |
605 | &mqueue, &object); |
606 | if (mr != MACH_MSG_SUCCESS) |
607 | return mr; |
608 | |
609 | /* hold ref for object */ |
610 | |
611 | self->ith_continuation = (void (*)(mach_msg_return_t))0; |
612 | ipc_mqueue_receive(mqueue, |
613 | MACH_MSG_OPTION_NONE, |
614 | MACH_MSG_SIZE_MAX, |
615 | MACH_MSG_TIMEOUT_NONE, |
616 | THREAD_ABORTSAFE); |
617 | mr = self->ith_state; |
618 | kmsg = self->ith_kmsg; |
619 | seqno = self->ith_seqno; |
620 | |
621 | mach_msg_receive_results_complete(object); |
622 | io_release(object); |
623 | |
624 | } while (mr == MACH_RCV_INTERRUPTED); |
625 | |
626 | if (mr != MACH_MSG_SUCCESS) |
627 | return mr; |
628 | |
629 | trailer_size = ipc_kmsg_add_trailer(kmsg, space, option, current_thread(), seqno, TRUE, |
630 | kmsg->ikm_header->msgh_remote_port->ip_context); |
631 | |
632 | if (rcv_size < (kmsg->ikm_header->msgh_size + trailer_size)) { |
633 | ipc_kmsg_copyout_dest(kmsg, space); |
634 | (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg); |
635 | ipc_kmsg_free(kmsg); |
636 | return MACH_RCV_TOO_LARGE; |
637 | } |
638 | |
639 | mr = ipc_kmsg_copyout(kmsg, space, map, MACH_MSG_BODY_NULL, option); |
640 | if (mr != MACH_MSG_SUCCESS) { |
641 | if ((mr &~ MACH_MSG_MASK) == MACH_RCV_BODY_ERROR) { |
642 | ipc_kmsg_put_to_kernel(msg, kmsg, |
643 | kmsg->ikm_header->msgh_size + trailer_size); |
644 | } else { |
645 | ipc_kmsg_copyout_dest(kmsg, space); |
646 | (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg); |
647 | ipc_kmsg_free(kmsg); |
648 | } |
649 | |
650 | return mr; |
651 | } |
652 | |
653 | (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, |
654 | kmsg->ikm_header->msgh_size + trailer_size); |
655 | ipc_kmsg_free(kmsg); |
656 | } |
657 | |
658 | return MACH_MSG_SUCCESS; |
659 | } |
660 | |
661 | /* |
662 | * Routine: mig_get_reply_port |
663 | * Purpose: |
664 | * Called by client side interfaces living in the kernel |
665 | * to get a reply port. |
666 | */ |
667 | mach_port_t |
668 | mig_get_reply_port(void) |
669 | { |
670 | return (MACH_PORT_NULL); |
671 | } |
672 | |
673 | /* |
674 | * Routine: mig_dealloc_reply_port |
675 | * Purpose: |
676 | * Called by client side interfaces to get rid of a reply port. |
677 | */ |
678 | |
679 | void |
680 | mig_dealloc_reply_port( |
681 | __unused mach_port_t reply_port) |
682 | { |
683 | } |
684 | |
685 | /* |
686 | * Routine: mig_put_reply_port |
687 | * Purpose: |
688 | * Called by client side interfaces after each RPC to |
689 | * let the client recycle the reply port if it wishes. |
690 | */ |
691 | void |
692 | mig_put_reply_port( |
693 | __unused mach_port_t reply_port) |
694 | { |
695 | } |
696 | |
697 | /* |
698 | * mig_strncpy.c - by Joshua Block |
699 | * |
700 | * mig_strncp -- Bounded string copy. Does what the library routine strncpy |
701 | * OUGHT to do: Copies the (null terminated) string in src into dest, a |
702 | * buffer of length len. Assures that the copy is still null terminated |
703 | * and doesn't overflow the buffer, truncating the copy if necessary. |
704 | * |
705 | * Parameters: |
706 | * |
707 | * dest - Pointer to destination buffer. |
708 | * |
709 | * src - Pointer to source string. |
710 | * |
711 | * len - Length of destination buffer. |
712 | */ |
713 | int |
714 | mig_strncpy( |
715 | char *dest, |
716 | const char *src, |
717 | int len) |
718 | { |
719 | int i = 0; |
720 | |
721 | if (len > 0) |
722 | if (dest != NULL) { |
723 | if (src != NULL) |
724 | for (i=1; i<len; i++) |
725 | if (! (*dest++ = *src++)) |
726 | return i; |
727 | *dest = '\0'; |
728 | } |
729 | return i; |
730 | } |
731 | |
732 | /* |
733 | * mig_strncpy_zerofill -- Bounded string copy. Does what the |
734 | * library routine strncpy OUGHT to do: Copies the (null terminated) |
735 | * string in src into dest, a buffer of length len. Assures that |
736 | * the copy is still null terminated and doesn't overflow the buffer, |
737 | * truncating the copy if necessary. If the string in src is smaller |
738 | * than given length len, it will zero fill the remaining bytes in dest. |
739 | * |
740 | * Parameters: |
741 | * |
742 | * dest - Pointer to destination buffer. |
743 | * |
744 | * src - Pointer to source string. |
745 | * |
746 | * len - Length of destination buffer. |
747 | */ |
748 | int |
749 | mig_strncpy_zerofill( |
750 | char *dest, |
751 | const char *src, |
752 | int len) |
753 | { |
754 | int i = 0; |
755 | boolean_t terminated = FALSE; |
756 | int retval = 0; |
757 | |
758 | if (len <= 0 || dest == NULL) { |
759 | return 0; |
760 | } |
761 | |
762 | if (src == NULL) { |
763 | terminated = TRUE; |
764 | } |
765 | |
766 | for (i = 1; i < len; i++) { |
767 | if (!terminated) { |
768 | if (!(*dest++ = *src++)) { |
769 | retval = i; |
770 | terminated = TRUE; |
771 | } |
772 | } else { |
773 | *dest++ = '\0'; |
774 | } |
775 | } |
776 | |
777 | *dest = '\0'; |
778 | if (!terminated) { |
779 | retval = i; |
780 | } |
781 | |
782 | return retval; |
783 | } |
784 | |
785 | void * |
786 | mig_user_allocate( |
787 | vm_size_t size) |
788 | { |
789 | return (char *)kalloc(size); |
790 | } |
791 | |
792 | void |
793 | mig_user_deallocate( |
794 | char *data, |
795 | vm_size_t size) |
796 | { |
797 | kfree(data, size); |
798 | } |
799 | |
800 | /* |
801 | * Routine: mig_object_init |
802 | * Purpose: |
803 | * Initialize the base class portion of a MIG object. We |
804 | * will lazy init the port, so just clear it for now. |
805 | */ |
806 | kern_return_t |
807 | mig_object_init( |
808 | mig_object_t mig_object, |
809 | const IMIGObject *interface) |
810 | { |
811 | if (mig_object == MIG_OBJECT_NULL) |
812 | return KERN_INVALID_ARGUMENT; |
813 | mig_object->pVtbl = (const IMIGObjectVtbl *)interface; |
814 | mig_object->port = MACH_PORT_NULL; |
815 | return KERN_SUCCESS; |
816 | } |
817 | |
818 | /* |
819 | * Routine: mig_object_destroy |
820 | * Purpose: |
821 | * The object is being freed. This call lets us clean |
822 | * up any state we have have built up over the object's |
823 | * lifetime. |
824 | * Conditions: |
825 | * Since notifications and the port hold references on |
826 | * on the object, neither can exist when this is called. |
827 | * This is a good place to assert() that condition. |
828 | */ |
829 | void |
830 | mig_object_destroy( |
831 | __assert_only mig_object_t mig_object) |
832 | { |
833 | assert(mig_object->port == MACH_PORT_NULL); |
834 | return; |
835 | } |
836 | |
837 | /* |
838 | * Routine: mig_object_reference |
839 | * Purpose: |
840 | * Pure virtual helper to invoke the MIG object's AddRef |
841 | * method. |
842 | * Conditions: |
843 | * MIG object port may be locked. |
844 | */ |
845 | void |
846 | mig_object_reference( |
847 | mig_object_t mig_object) |
848 | { |
849 | assert(mig_object != MIG_OBJECT_NULL); |
850 | mig_object->pVtbl->AddRef((IMIGObject *)mig_object); |
851 | } |
852 | |
853 | /* |
854 | * Routine: mig_object_deallocate |
855 | * Purpose: |
856 | * Pure virtual helper to invoke the MIG object's Release |
857 | * method. |
858 | * Conditions: |
859 | * Nothing locked. |
860 | */ |
861 | void |
862 | mig_object_deallocate( |
863 | mig_object_t mig_object) |
864 | { |
865 | assert(mig_object != MIG_OBJECT_NULL); |
866 | mig_object->pVtbl->Release((IMIGObject *)mig_object); |
867 | } |
868 | |
869 | /* |
870 | * Routine: convert_mig_object_to_port [interface] |
871 | * Purpose: |
872 | * Base implementation of MIG outtrans routine to convert from |
873 | * a mig object reference to a new send right on the object's |
874 | * port. The object reference is consumed. |
875 | * Returns: |
876 | * IP_NULL - Null MIG object supplied |
877 | * Otherwise, a newly made send right for the port |
878 | * Conditions: |
879 | * Nothing locked. |
880 | */ |
881 | ipc_port_t |
882 | convert_mig_object_to_port( |
883 | mig_object_t mig_object) |
884 | { |
885 | ipc_port_t port; |
886 | boolean_t deallocate = TRUE; |
887 | |
888 | if (mig_object == MIG_OBJECT_NULL) |
889 | return IP_NULL; |
890 | |
891 | port = mig_object->port; |
892 | while ((port == IP_NULL) || |
893 | ((port = ipc_port_make_send(port)) == IP_NULL)) { |
894 | ipc_port_t previous; |
895 | |
896 | /* |
897 | * Either the port was never set up, or it was just |
898 | * deallocated out from under us by the no-senders |
899 | * processing. In either case, we must: |
900 | * Attempt to make one |
901 | * Arrange for no senders |
902 | * Try to atomically register it with the object |
903 | * Destroy it if we are raced. |
904 | */ |
905 | port = ipc_port_alloc_kernel(); |
906 | ip_lock(port); |
907 | ipc_kobject_set_atomically(port, |
908 | (ipc_kobject_t) mig_object, |
909 | IKOT_MIG); |
910 | |
911 | /* make a sonce right for the notification */ |
912 | port->ip_sorights++; |
913 | ip_reference(port); |
914 | |
915 | ipc_port_nsrequest(port, 1, port, &previous); |
916 | /* port unlocked */ |
917 | |
918 | assert(previous == IP_NULL); |
919 | |
920 | if (OSCompareAndSwapPtr((void *)IP_NULL, (void *)port, |
921 | (void * volatile *)&mig_object->port)) { |
922 | deallocate = FALSE; |
923 | } else { |
924 | ipc_port_dealloc_kernel(port); |
925 | port = mig_object->port; |
926 | } |
927 | } |
928 | |
929 | if (deallocate) |
930 | mig_object->pVtbl->Release((IMIGObject *)mig_object); |
931 | |
932 | return (port); |
933 | } |
934 | |
935 | |
936 | /* |
937 | * Routine: convert_port_to_mig_object [interface] |
938 | * Purpose: |
939 | * Base implementation of MIG intrans routine to convert from |
940 | * an incoming port reference to a new reference on the |
941 | * underlying object. A new reference must be created, because |
942 | * the port's reference could go away asynchronously. |
943 | * Returns: |
944 | * NULL - Not an active MIG object port or iid not supported |
945 | * Otherwise, a reference to the underlying MIG interface |
946 | * Conditions: |
947 | * Nothing locked. |
948 | */ |
949 | mig_object_t |
950 | convert_port_to_mig_object( |
951 | ipc_port_t port, |
952 | const MIGIID *iid) |
953 | { |
954 | mig_object_t mig_object; |
955 | void *ppv; |
956 | |
957 | if (!IP_VALID(port)) |
958 | return NULL; |
959 | |
960 | ip_lock(port); |
961 | if (!ip_active(port) || (ip_kotype(port) != IKOT_MIG)) { |
962 | ip_unlock(port); |
963 | return NULL; |
964 | } |
965 | |
966 | /* |
967 | * Our port points to some MIG object interface. Now |
968 | * query it to get a reference to the desired interface. |
969 | */ |
970 | ppv = NULL; |
971 | mig_object = (mig_object_t)port->ip_kobject; |
972 | mig_object->pVtbl->QueryInterface((IMIGObject *)mig_object, iid, &ppv); |
973 | ip_unlock(port); |
974 | return (mig_object_t)ppv; |
975 | } |
976 | |
977 | /* |
978 | * Routine: mig_object_no_senders [interface] |
979 | * Purpose: |
980 | * Base implementation of a no-senders notification handler |
981 | * for MIG objects. If there truly are no more senders, must |
982 | * destroy the port and drop its reference on the object. |
983 | * Returns: |
984 | * TRUE - port deallocate and reference dropped |
985 | * FALSE - more senders arrived, re-registered for notification |
986 | * Conditions: |
987 | * Nothing locked. |
988 | */ |
989 | |
990 | boolean_t |
991 | mig_object_no_senders( |
992 | ipc_port_t port, |
993 | mach_port_mscount_t mscount) |
994 | { |
995 | mig_object_t mig_object; |
996 | |
997 | ip_lock(port); |
998 | if (port->ip_mscount > mscount) { |
999 | ipc_port_t previous; |
1000 | |
1001 | /* |
1002 | * Somebody created new send rights while the |
1003 | * notification was in-flight. Just create a |
1004 | * new send-once right and re-register with |
1005 | * the new (higher) mscount threshold. |
1006 | */ |
1007 | /* make a sonce right for the notification */ |
1008 | port->ip_sorights++; |
1009 | ip_reference(port); |
1010 | ipc_port_nsrequest(port, mscount, port, &previous); |
1011 | /* port unlocked */ |
1012 | |
1013 | assert(previous == IP_NULL); |
1014 | return (FALSE); |
1015 | } |
1016 | |
1017 | /* |
1018 | * Clear the port pointer while we have it locked. |
1019 | */ |
1020 | mig_object = (mig_object_t)port->ip_kobject; |
1021 | mig_object->port = IP_NULL; |
1022 | |
1023 | /* |
1024 | * Bring the sequence number and mscount in |
1025 | * line with ipc_port_destroy assertion. |
1026 | */ |
1027 | port->ip_mscount = 0; |
1028 | port->ip_messages.imq_seqno = 0; |
1029 | ipc_port_destroy(port); /* releases lock */ |
1030 | |
1031 | /* |
1032 | * Release the port's reference on the object. |
1033 | */ |
1034 | mig_object->pVtbl->Release((IMIGObject *)mig_object); |
1035 | return (TRUE); |
1036 | } |
1037 | |
1038 | /* |
1039 | * Kernel implementation of the notification chain for MIG object |
1040 | * is kept separate from the actual objects, since there are expected |
1041 | * to be much fewer of them than actual objects. |
1042 | * |
1043 | * The implementation of this part of MIG objects is coming |
1044 | * "Real Soon Now"(TM). |
1045 | */ |
1046 | |