__private_extern__ kern_return_t
chudxnu_task_write(
task_t task,
uint64_t useraddr,
void *kernaddr,
vm_size_t size)
{
kern_return_t ret = KERN_SUCCESS;
boolean_t old_level;
if(ml_at_interrupt_context()) {
return KERN_FAILURE; // can't poke into tasks on interrupt stack
}
/*
* pmap layer requires interrupts to be on
*/
old_level = ml_set_interrupts_enabled(TRUE);
if(current_task()==task) {
if(copyout(kernaddr, useraddr, size)) {
ret = KERN_FAILURE;
}
} else {
vm_map_t map = get_task_map(task);
ret = vm_map_write_user(map, kernaddr, useraddr, size);
}
ml_set_interrupts_enabled(old_level);
return ret;
}
/* Not called from probe context */
int
uwrite(proc_t *p, void *buf, user_size_t len, user_addr_t a)
{
kern_return_t ret;
ASSERT(p != NULL);
ASSERT(p->task != NULL);
task_t task = p->task;
/*
* Grab a reference to the task vm_map_t to make sure
* the map isn't pulled out from under us.
*
* Because the proc_lock is not held at all times on all code
* paths leading here, it is possible for the proc to have
* exited. If the map is null, fail.
*/
vm_map_t map = get_task_map_reference(task);
if (map) {
/* Find the memory permissions. */
uint32_t nestingDepth=999999;
vm_region_submap_short_info_data_64_t info;
mach_msg_type_number_t count = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64;
mach_vm_address_t address = (mach_vm_address_t)a;
mach_vm_size_t sizeOfRegion = (mach_vm_size_t)len;
ret = mach_vm_region_recurse(map, &address, &sizeOfRegion, &nestingDepth, (vm_region_recurse_info_t)&info, &count);
if (ret != KERN_SUCCESS)
goto done;
vm_prot_t reprotect;
if (!(info.protection & VM_PROT_WRITE)) {
/* Save the original protection values for restoration later */
reprotect = info.protection;
if (info.max_protection & VM_PROT_WRITE) {
/* The memory is not currently writable, but can be made writable. */
ret = mach_vm_protect (map, (mach_vm_offset_t)a, (mach_vm_size_t)len, 0, (reprotect & ~VM_PROT_EXECUTE) | VM_PROT_WRITE);
} else {
/*
* The memory is not currently writable, and cannot be made writable. We need to COW this memory.
*
* Strange, we can't just say "reprotect | VM_PROT_COPY", that fails.
*/
ret = mach_vm_protect (map, (mach_vm_offset_t)a, (mach_vm_size_t)len, 0, VM_PROT_COPY | VM_PROT_READ | VM_PROT_WRITE);
}
if (ret != KERN_SUCCESS)
goto done;
} else {
/* The memory was already writable. */
reprotect = VM_PROT_NONE;
}
ret = vm_map_write_user( map,
buf,
(vm_map_address_t)a,
(vm_size_t)len);
dtrace_flush_caches();
if (ret != KERN_SUCCESS)
goto done;
if (reprotect != VM_PROT_NONE) {
ASSERT(reprotect & VM_PROT_EXECUTE);
ret = mach_vm_protect (map, (mach_vm_offset_t)a, (mach_vm_size_t)len, 0, reprotect);
}
done:
vm_map_deallocate(map);
} else
ret = KERN_TERMINATED;
return (int)ret;
}
