mach_msg_return_t
mach_msg_send_from_kernel_proper(
mach_msg_header_t *msg,
mach_msg_size_t send_size)
{
ipc_kmsg_t kmsg;
mach_msg_return_t mr;
mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
if (mr != MACH_MSG_SUCCESS)
return mr;
mr = ipc_kmsg_copyin_from_kernel(kmsg);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
return mr;
}
mr = ipc_kmsg_send(kmsg,
MACH_SEND_KERNEL_DEFAULT,
MACH_MSG_TIMEOUT_NONE);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_destroy(kmsg);
}
return mr;
}
/* lifted from ipc_mig.c:mach_msg_send_from_kernel_proper() */
static mach_msg_return_t
mach_msg_send_from_remote_kernel(mach_msg_header_t *msg,
mach_msg_size_t send_size,
mach_node_t node)
{
ipc_kmsg_t kmsg;
mach_msg_return_t mr;
mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
if (mr != MACH_MSG_SUCCESS)
return mr;
mr = ipc_kmsg_copyin_from_kernel(kmsg);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
return mr;
}
kmsg->ikm_node = node; // node that needs to receive message ack
mr = ipc_kmsg_send(kmsg,
MACH_SEND_KERNEL_DEFAULT,
MACH_MSG_TIMEOUT_NONE);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_destroy(kmsg);
}
return mr;
}
mach_msg_return_t
mach_msg_send_from_kernel_with_options(
mach_msg_header_t *msg,
mach_msg_size_t send_size,
mach_msg_option_t option,
mach_msg_timeout_t timeout_val)
{
ipc_kmsg_t kmsg;
mach_msg_return_t mr;
KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
if (mr != MACH_MSG_SUCCESS) {
KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
return mr;
}
mr = ipc_kmsg_copyin_from_kernel(kmsg);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
return mr;
}
/*
* Until we are sure of its effects, we are disabling
* importance donation from the kernel-side of user
* threads in importance-donating tasks - unless the
* option to force importance donation is passed in,
* or the thread's SEND_IMPORTANCE option has been set.
* (11938665 & 23925818)
*/
if (current_thread()->options & TH_OPT_SEND_IMPORTANCE)
option &= ~MACH_SEND_NOIMPORTANCE;
else if ((option & MACH_SEND_IMPORTANCE) == 0)
option |= MACH_SEND_NOIMPORTANCE;
mr = ipc_kmsg_send(kmsg, option, timeout_val);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_destroy(kmsg);
KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
}
return mr;
}
mach_msg_return_t
mach_msg_send_from_kernel_proper(
mach_msg_header_t *msg,
mach_msg_size_t send_size)
{
ipc_kmsg_t kmsg;
mach_msg_return_t mr;
KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START);
mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
if (mr != MACH_MSG_SUCCESS) {
KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
return mr;
}
mr = ipc_kmsg_copyin_from_kernel(kmsg);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
return mr;
}
/*
* respect the thread's SEND_IMPORTANCE option to force importance
* donation from the kernel-side of user threads
* (11938665 & 23925818)
*/
mach_msg_option_t option = MACH_SEND_KERNEL_DEFAULT;
if (current_thread()->options & TH_OPT_SEND_IMPORTANCE)
option &= ~MACH_SEND_NOIMPORTANCE;
mr = ipc_kmsg_send(kmsg, option, MACH_MSG_TIMEOUT_NONE);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_destroy(kmsg);
KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr);
}
return mr;
}
mach_msg_return_t
mach_msg_send_from_kernel_with_options(
mach_msg_header_t *msg,
mach_msg_size_t send_size,
mach_msg_option_t option,
mach_msg_timeout_t timeout_val)
{
ipc_kmsg_t kmsg;
mach_msg_return_t mr;
mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
if (mr != MACH_MSG_SUCCESS)
return mr;
mr = ipc_kmsg_copyin_from_kernel(kmsg);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
return mr;
}
#if 11938665
/*
* Until we are sure of its effects, we are disabling
* importance donation from the kernel-side of user
* threads in importance-donating tasks - unless the
* option to force importance donation is passed in.
*/
if ((option & MACH_SEND_IMPORTANCE) == 0)
option |= MACH_SEND_NOIMPORTANCE;
#endif
mr = ipc_kmsg_send(kmsg, option, timeout_val);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_destroy(kmsg);
}
return mr;
}
void
ipc_port_destroy(
ipc_port_t port)
{
ipc_port_t pdrequest, nsrequest;
ipc_mqueue_t mqueue;
ipc_kmsg_t kmsg;
#if IMPORTANCE_INHERITANCE
task_t release_imp_task = TASK_NULL;
thread_t self = current_thread();
boolean_t top = (self->ith_assertions == 0);
natural_t assertcnt = 0;
#endif /* IMPORTANCE_INHERITANCE */
assert(ip_active(port));
/* port->ip_receiver_name is garbage */
/* port->ip_receiver/port->ip_destination is garbage */
assert(port->ip_pset_count == 0);
assert(port->ip_mscount == 0);
/* check for a backup port */
pdrequest = port->ip_pdrequest;
#if IMPORTANCE_INHERITANCE
/* determine how may assertions to drop and from whom */
if (port->ip_tempowner != 0) {
assert(top);
if (port->ip_taskptr != 0) {
release_imp_task = port->ip_imp_task;
port->ip_imp_task = TASK_NULL;
port->ip_taskptr = 0;
assertcnt = port->ip_impcount;
}
/* Otherwise, nothing to drop */
} else {
assert(port->ip_taskptr == 0);
assertcnt = port->ip_impcount;
if (pdrequest != IP_NULL)
/* mark in limbo for the journey */
port->ip_tempowner = 1;
}
if (top)
self->ith_assertions = assertcnt;
#endif /* IMPORTANCE_INHERITANCE */
if (pdrequest != IP_NULL) {
/* we assume the ref for pdrequest */
port->ip_pdrequest = IP_NULL;
/* make port be in limbo */
port->ip_receiver_name = MACH_PORT_NULL;
port->ip_destination = IP_NULL;
ip_unlock(port);
/* consumes our refs for port and pdrequest */
ipc_notify_port_destroyed(pdrequest, port);
goto drop_assertions;
}
/* once port is dead, we don't need to keep it locked */
port->ip_object.io_bits &= ~IO_BITS_ACTIVE;
port->ip_timestamp = ipc_port_timestamp();
/*
* If the port has a preallocated message buffer and that buffer
* is not inuse, free it. If it has an inuse one, then the kmsg
* free will detect that we freed the association and it can free it
* like a normal buffer.
*/
if (IP_PREALLOC(port)) {
ipc_port_t inuse_port;
kmsg = port->ip_premsg;
assert(kmsg != IKM_NULL);
inuse_port = ikm_prealloc_inuse_port(kmsg);
IP_CLEAR_PREALLOC(port, kmsg);
ip_unlock(port);
if (inuse_port != IP_NULL) {
assert(inuse_port == port);
} else {
ipc_kmsg_free(kmsg);
}
} else {
ip_unlock(port);
}
/* throw away no-senders request */
nsrequest = port->ip_nsrequest;
if (nsrequest != IP_NULL)
ipc_notify_send_once(nsrequest); /* consumes ref */
/* destroy any queued messages */
mqueue = &port->ip_messages;
ipc_mqueue_destroy(mqueue);
/* generate dead-name notifications */
ipc_port_dnnotify(port);
ipc_kobject_destroy(port);
ip_release(port); /* consume caller's ref */
drop_assertions:
#if IMPORTANCE_INHERITANCE
if (release_imp_task != TASK_NULL) {
if (assertcnt > 0) {
assert(top);
self->ith_assertions = 0;
assert(release_imp_task->imp_receiver != 0);
task_importance_drop_internal_assertion(release_imp_task, assertcnt);
}
task_deallocate(release_imp_task);
} else if (assertcnt > 0) {
if (top) {
self->ith_assertions = 0;
release_imp_task = current_task();
if (release_imp_task->imp_receiver != 0) {
task_importance_drop_internal_assertion(release_imp_task, assertcnt);
}
} else {
/* the port chain we are enqueued on should cover our assertions */
assert(assertcnt <= self->ith_assertions);
}
}
#endif /* IMPORTANCE_INHERITANCE */
}
mach_msg_return_t
mach_msg_overwrite(
mach_msg_header_t *msg,
mach_msg_option_t option,
mach_msg_size_t send_size,
mach_msg_size_t rcv_size,
mach_port_name_t rcv_name,
__unused mach_msg_timeout_t msg_timeout,
__unused mach_port_name_t notify,
__unused mach_msg_header_t *rcv_msg,
__unused mach_msg_size_t rcv_msg_size)
{
ipc_space_t space = current_space();
vm_map_t map = current_map();
ipc_kmsg_t kmsg;
mach_port_seqno_t seqno;
mach_msg_return_t mr;
mach_msg_trailer_size_t trailer_size;
if (option & MACH_SEND_MSG) {
mach_msg_size_t msg_and_trailer_size;
mach_msg_max_trailer_t *max_trailer;
if ((send_size < sizeof(mach_msg_header_t)) || (send_size & 3))
return MACH_SEND_MSG_TOO_SMALL;
if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE)
return MACH_SEND_TOO_LARGE;
msg_and_trailer_size = send_size + MAX_TRAILER_SIZE;
kmsg = ipc_kmsg_alloc(msg_and_trailer_size);
if (kmsg == IKM_NULL)
return MACH_SEND_NO_BUFFER;
(void) memcpy((void *) kmsg->ikm_header, (const void *) msg, send_size);
kmsg->ikm_header->msgh_size = send_size;
/*
* Reserve for the trailer the largest space (MAX_TRAILER_SIZE)
* However, the internal size field of the trailer (msgh_trailer_size)
* is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize
* the cases where no implicit data is requested.
*/
max_trailer = (mach_msg_max_trailer_t *) ((vm_offset_t)kmsg->ikm_header + send_size);
max_trailer->msgh_sender = current_thread()->task->sec_token;
max_trailer->msgh_audit = current_thread()->task->audit_token;
max_trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
max_trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
mr = ipc_kmsg_copyin(kmsg, space, map, &option);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
return mr;
}
do {
mr = ipc_kmsg_send(kmsg, MACH_MSG_OPTION_NONE, MACH_MSG_TIMEOUT_NONE);
} while (mr == MACH_SEND_INTERRUPTED);
assert(mr == MACH_MSG_SUCCESS);
}
if (option & MACH_RCV_MSG) {
thread_t self = current_thread();
do {
ipc_object_t object;
ipc_mqueue_t mqueue;
mr = ipc_mqueue_copyin(space, rcv_name,
&mqueue, &object);
if (mr != MACH_MSG_SUCCESS)
return mr;
/* hold ref for object */
self->ith_continuation = (void (*)(mach_msg_return_t))0;
ipc_mqueue_receive(mqueue,
MACH_MSG_OPTION_NONE,
MACH_MSG_SIZE_MAX,
MACH_MSG_TIMEOUT_NONE,
THREAD_ABORTSAFE);
mr = self->ith_state;
kmsg = self->ith_kmsg;
seqno = self->ith_seqno;
io_release(object);
} while (mr == MACH_RCV_INTERRUPTED);
if (mr != MACH_MSG_SUCCESS)
return mr;
trailer_size = ipc_kmsg_add_trailer(kmsg, space, option, current_thread(), seqno, TRUE,
kmsg->ikm_header->msgh_remote_port->ip_context);
if (rcv_size < (kmsg->ikm_header->msgh_size + trailer_size)) {
ipc_kmsg_copyout_dest(kmsg, space);
(void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg);
ipc_kmsg_free(kmsg);
return MACH_RCV_TOO_LARGE;
}
mr = ipc_kmsg_copyout(kmsg, space, map, MACH_MSG_BODY_NULL, option);
if (mr != MACH_MSG_SUCCESS) {
if ((mr &~ MACH_MSG_MASK) == MACH_RCV_BODY_ERROR) {
ipc_kmsg_put_to_kernel(msg, kmsg,
kmsg->ikm_header->msgh_size + trailer_size);
} else {
ipc_kmsg_copyout_dest(kmsg, space);
(void) memcpy((void *) msg, (const void *) kmsg->ikm_header, sizeof *msg);
ipc_kmsg_free(kmsg);
}
return mr;
}
(void) memcpy((void *) msg, (const void *) kmsg->ikm_header,
kmsg->ikm_header->msgh_size + trailer_size);
ipc_kmsg_free(kmsg);
}
return MACH_MSG_SUCCESS;
}
mach_msg_return_t
mach_msg_rpc_from_kernel_body(
mach_msg_header_t *msg,
mach_msg_size_t send_size,
mach_msg_size_t rcv_size,
#if !IKM_SUPPORT_LEGACY
__unused
#endif
boolean_t legacy)
{
thread_t self = current_thread();
ipc_port_t reply;
ipc_kmsg_t kmsg;
mach_port_seqno_t seqno;
mach_msg_return_t mr;
assert(msg->msgh_local_port == MACH_PORT_NULL);
mr = ipc_kmsg_get_from_kernel(msg, send_size, &kmsg);
if (mr != MACH_MSG_SUCCESS)
return mr;
reply = self->ith_rpc_reply;
if (reply == IP_NULL) {
reply = ipc_port_alloc_reply();
if ((reply == IP_NULL) ||
(self->ith_rpc_reply != IP_NULL))
panic("mach_msg_rpc_from_kernel");
self->ith_rpc_reply = reply;
}
/* insert send-once right for the reply port */
kmsg->ikm_header->msgh_local_port = reply;
kmsg->ikm_header->msgh_bits |=
MACH_MSGH_BITS(0, MACH_MSG_TYPE_MAKE_SEND_ONCE);
#if IKM_SUPPORT_LEGACY
if(legacy)
mr = ipc_kmsg_copyin_from_kernel_legacy(kmsg);
else
mr = ipc_kmsg_copyin_from_kernel(kmsg);
#else
mr = ipc_kmsg_copyin_from_kernel(kmsg);
#endif
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
return mr;
}
mr = ipc_kmsg_send(kmsg,
MACH_SEND_KERNEL_DEFAULT,
MACH_MSG_TIMEOUT_NONE);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_destroy(kmsg);
return mr;
}
for (;;) {
ipc_mqueue_t mqueue;
assert(reply->ip_pset_count == 0);
assert(ip_active(reply));
/* JMM - why this check? */
if (!self->active) {
ipc_port_dealloc_reply(reply);
self->ith_rpc_reply = IP_NULL;
return MACH_RCV_INTERRUPTED;
}
self->ith_continuation = (void (*)(mach_msg_return_t))0;
mqueue = &reply->ip_messages;
ipc_mqueue_receive(mqueue,
MACH_MSG_OPTION_NONE,
MACH_MSG_SIZE_MAX,
MACH_MSG_TIMEOUT_NONE,
THREAD_INTERRUPTIBLE);
mr = self->ith_state;
kmsg = self->ith_kmsg;
seqno = self->ith_seqno;
if (mr == MACH_MSG_SUCCESS)
{
break;
}
assert(mr == MACH_RCV_INTERRUPTED);
assert(reply == self->ith_rpc_reply);
if (self->handlers) {
ipc_port_dealloc_reply(reply);
self->ith_rpc_reply = IP_NULL;
return(mr);
}
}
/*
* Check to see how much of the message/trailer can be received.
* We chose the maximum trailer that will fit, since we don't
* have options telling us which trailer elements the caller needed.
*/
if (rcv_size >= kmsg->ikm_header->msgh_size) {
mach_msg_format_0_trailer_t *trailer = (mach_msg_format_0_trailer_t *)
((vm_offset_t)kmsg->ikm_header + kmsg->ikm_header->msgh_size);
if (rcv_size >= kmsg->ikm_header->msgh_size + MAX_TRAILER_SIZE) {
/* Enough room for a maximum trailer */
trailer->msgh_trailer_size = MAX_TRAILER_SIZE;
}
else if (rcv_size < kmsg->ikm_header->msgh_size +
trailer->msgh_trailer_size) {
/* no room for even the basic (default) trailer */
trailer->msgh_trailer_size = 0;
}
assert(trailer->msgh_trailer_type == MACH_MSG_TRAILER_FORMAT_0);
rcv_size = kmsg->ikm_header->msgh_size + trailer->msgh_trailer_size;
mr = MACH_MSG_SUCCESS;
} else {
mr = MACH_RCV_TOO_LARGE;
}
/*
* We want to preserve rights and memory in reply!
* We don't have to put them anywhere; just leave them
* as they are.
*/
#if IKM_SUPPORT_LEGACY
if(legacy)
ipc_kmsg_copyout_to_kernel_legacy(kmsg, ipc_space_reply);
else
ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply);
#else
ipc_kmsg_copyout_to_kernel(kmsg, ipc_space_reply);
#endif
ipc_kmsg_put_to_kernel(msg, kmsg, rcv_size);
return mr;
}
void
ipc_port_destroy(
ipc_port_t port)
{
ipc_port_t pdrequest, nsrequest;
ipc_mqueue_t mqueue;
ipc_kmsg_t kmsg;
ipc_port_request_t dnrequests;
assert(ip_active(port));
/* port->ip_receiver_name is garbage */
/* port->ip_receiver/port->ip_destination is garbage */
assert(port->ip_pset_count == 0);
assert(port->ip_mscount == 0);
/* first check for a backup port */
pdrequest = port->ip_pdrequest;
if (pdrequest != IP_NULL) {
/* we assume the ref for pdrequest */
port->ip_pdrequest = IP_NULL;
/* make port be in limbo */
port->ip_receiver_name = MACH_PORT_NULL;
port->ip_destination = IP_NULL;
ip_unlock(port);
/* consumes our refs for port and pdrequest */
ipc_notify_port_destroyed(pdrequest, port);
return;
}
/* once port is dead, we don't need to keep it locked */
port->ip_object.io_bits &= ~IO_BITS_ACTIVE;
port->ip_timestamp = ipc_port_timestamp();
/* save for later */
dnrequests = port->ip_dnrequests;
port->ip_dnrequests = IPR_NULL;
/*
* If the port has a preallocated message buffer and that buffer
* is not inuse, free it. If it has an inuse one, then the kmsg
* free will detect that we freed the association and it can free it
* like a normal buffer.
*/
if (IP_PREALLOC(port)) {
kmsg = port->ip_premsg;
assert(kmsg != IKM_NULL);
IP_CLEAR_PREALLOC(port, kmsg);
if (!ikm_prealloc_inuse(kmsg))
ipc_kmsg_free(kmsg);
}
ip_unlock(port);
/* throw away no-senders request */
nsrequest = port->ip_nsrequest;
if (nsrequest != IP_NULL)
ipc_notify_send_once(nsrequest); /* consumes ref */
/* destroy any queued messages */
mqueue = &port->ip_messages;
ipc_mqueue_destroy(mqueue);
/* generate dead-name notifications */
if (dnrequests != IPR_NULL) {
ipc_port_dnnotify(port, dnrequests);
}
ipc_kobject_destroy(port);
ipc_port_release(port); /* consume caller's ref */
}
ipc_kmsg_t
ipc_kobject_server(
ipc_kmsg_t request,
mach_msg_option_t __unused option)
{
mach_msg_size_t reply_size;
ipc_kmsg_t reply;
kern_return_t kr;
ipc_port_t *destp;
ipc_port_t replyp = IPC_PORT_NULL;
mach_msg_format_0_trailer_t *trailer;
mig_hash_t *ptr;
task_t task = TASK_NULL;
uint32_t exec_token;
boolean_t exec_token_changed = FALSE;
/*
* Find out corresponding mig_hash entry if any
*/
{
int key = request->ikm_header->msgh_id;
unsigned int i = (unsigned int)MIG_HASH(key);
int max_iter = mig_table_max_displ;
do {
ptr = &mig_buckets[i++ % MAX_MIG_ENTRIES];
} while (key != ptr->num && ptr->num && --max_iter);
if (!ptr->routine || key != ptr->num) {
ptr = (mig_hash_t *)0;
reply_size = mig_reply_size;
} else {
reply_size = ptr->size;
#if MACH_COUNTER
ptr->callcount++;
#endif
}
}
/* round up for trailer size */
reply_size += MAX_TRAILER_SIZE;
reply = ipc_kmsg_alloc(reply_size);
if (reply == IKM_NULL) {
printf("ipc_kobject_server: dropping request\n");
ipc_kmsg_trace_send(request, option);
ipc_kmsg_destroy(request);
return IKM_NULL;
}
/*
* Initialize reply message.
*/
{
#define InP ((mach_msg_header_t *) request->ikm_header)
#define OutP ((mig_reply_error_t *) reply->ikm_header)
/*
* MIG should really assure no data leakage -
* but until it does, pessimistically zero the
* whole reply buffer.
*/
bzero((void *)OutP, reply_size);
OutP->NDR = NDR_record;
OutP->Head.msgh_size = sizeof(mig_reply_error_t);
OutP->Head.msgh_bits =
MACH_MSGH_BITS_SET(MACH_MSGH_BITS_LOCAL(InP->msgh_bits), 0, 0, 0);
OutP->Head.msgh_remote_port = InP->msgh_local_port;
OutP->Head.msgh_local_port = MACH_PORT_NULL;
OutP->Head.msgh_voucher_port = MACH_PORT_NULL;
OutP->Head.msgh_id = InP->msgh_id + 100;
#undef InP
#undef OutP
}
/*
* Find the routine to call, and call it
* to perform the kernel function
*/
ipc_kmsg_trace_send(request, option);
{
if (ptr) {
/*
* Check if the port is a task port, if its a task port then
* snapshot the task exec token before the mig routine call.
*/
ipc_port_t port = request->ikm_header->msgh_remote_port;
if (IP_VALID(port) && ip_kotype(port) == IKOT_TASK) {
task = convert_port_to_task_with_exec_token(port, &exec_token);
}
(*ptr->routine)(request->ikm_header, reply->ikm_header);
/* Check if the exec token changed during the mig routine */
if (task != TASK_NULL) {
if (exec_token != task->exec_token) {
exec_token_changed = TRUE;
}
task_deallocate(task);
}
kernel_task->messages_received++;
}
else {
if (!ipc_kobject_notify(request->ikm_header, reply->ikm_header)){
#if DEVELOPMENT || DEBUG
printf("ipc_kobject_server: bogus kernel message, id=%d\n",
request->ikm_header->msgh_id);
#endif /* DEVELOPMENT || DEBUG */
_MIG_MSGID_INVALID(request->ikm_header->msgh_id);
((mig_reply_error_t *) reply->ikm_header)->RetCode
= MIG_BAD_ID;
}
else
kernel_task->messages_received++;
}
kernel_task->messages_sent++;
}
/*
* Destroy destination. The following code differs from
* ipc_object_destroy in that we release the send-once
* right instead of generating a send-once notification
* (which would bring us here again, creating a loop).
* It also differs in that we only expect send or
* send-once rights, never receive rights.
*
* We set msgh_remote_port to IP_NULL so that the kmsg
* destroy routines don't try to destroy the port twice.
*/
destp = (ipc_port_t *) &request->ikm_header->msgh_remote_port;
switch (MACH_MSGH_BITS_REMOTE(request->ikm_header->msgh_bits)) {
case MACH_MSG_TYPE_PORT_SEND:
ipc_port_release_send(*destp);
break;
case MACH_MSG_TYPE_PORT_SEND_ONCE:
ipc_port_release_sonce(*destp);
break;
default:
panic("ipc_kobject_server: strange destination rights");
}
*destp = IP_NULL;
/*
* Destroy voucher. The kernel MIG servers never take ownership
* of vouchers sent in messages. Swallow any such rights here.
*/
if (IP_VALID(request->ikm_voucher)) {
assert(MACH_MSG_TYPE_PORT_SEND ==
MACH_MSGH_BITS_VOUCHER(request->ikm_header->msgh_bits));
ipc_port_release_send(request->ikm_voucher);
request->ikm_voucher = IP_NULL;
}
if (!(reply->ikm_header->msgh_bits & MACH_MSGH_BITS_COMPLEX) &&
((mig_reply_error_t *) reply->ikm_header)->RetCode != KERN_SUCCESS)
kr = ((mig_reply_error_t *) reply->ikm_header)->RetCode;
else
kr = KERN_SUCCESS;
if ((kr == KERN_SUCCESS) || (kr == MIG_NO_REPLY)) {
/*
* The server function is responsible for the contents
* of the message. The reply port right is moved
* to the reply message, and we have deallocated
* the destination port right, so we just need
* to free the kmsg.
*/
ipc_kmsg_free(request);
} else {
/*
* The message contents of the request are intact.
* Destroy everthing except the reply port right,
* which is needed in the reply message.
*/
request->ikm_header->msgh_local_port = MACH_PORT_NULL;
ipc_kmsg_destroy(request);
}
replyp = (ipc_port_t)reply->ikm_header->msgh_remote_port;
if (kr == MIG_NO_REPLY) {
/*
* The server function will send a reply message
* using the reply port right, which it has saved.
*/
ipc_kmsg_free(reply);
return IKM_NULL;
} else if (!IP_VALID(replyp)) {
/*
* Can't queue the reply message if the destination
* (the reply port) isn't valid.
*/
ipc_kmsg_destroy(reply);
return IKM_NULL;
} else if (replyp->ip_receiver == ipc_space_kernel) {
/*
* Don't send replies to kobject kernel ports
*/
#if DEVELOPMENT || DEBUG
printf("%s: refusing to send reply to kobject %d port (id:%d)\n",
__func__, ip_kotype(replyp),
request->ikm_header->msgh_id);
#endif /* DEVELOPMENT || DEBUG */
ipc_kmsg_destroy(reply);
return IKM_NULL;
}
/* Fail the MIG call if the task exec token changed during the call */
if (kr == KERN_SUCCESS && exec_token_changed) {
/*
* Create a new reply msg with error and destroy the old reply msg.
*/
ipc_kmsg_t new_reply = ipc_kmsg_alloc(reply_size);
if (new_reply == IKM_NULL) {
printf("ipc_kobject_server: dropping request\n");
ipc_kmsg_destroy(reply);
return IKM_NULL;
}
/*
* Initialize the new reply message.
*/
{
#define OutP_new ((mig_reply_error_t *) new_reply->ikm_header)
#define OutP_old ((mig_reply_error_t *) reply->ikm_header)
bzero((void *)OutP_new, reply_size);
OutP_new->NDR = OutP_old->NDR;
OutP_new->Head.msgh_size = sizeof(mig_reply_error_t);
OutP_new->Head.msgh_bits = OutP_old->Head.msgh_bits & ~MACH_MSGH_BITS_COMPLEX;
OutP_new->Head.msgh_remote_port = OutP_old->Head.msgh_remote_port;
OutP_new->Head.msgh_local_port = MACH_PORT_NULL;
OutP_new->Head.msgh_voucher_port = MACH_PORT_NULL;
OutP_new->Head.msgh_id = OutP_old->Head.msgh_id;
/* Set the error as KERN_INVALID_TASK */
OutP_new->RetCode = KERN_INVALID_TASK;
#undef OutP_new
#undef OutP_old
}
/*
* Destroy everything in reply except the reply port right,
* which is needed in the new reply message.
*/
reply->ikm_header->msgh_remote_port = MACH_PORT_NULL;
ipc_kmsg_destroy(reply);
reply = new_reply;
}
trailer = (mach_msg_format_0_trailer_t *)
((vm_offset_t)reply->ikm_header + (int)reply->ikm_header->msgh_size);
trailer->msgh_sender = KERNEL_SECURITY_TOKEN;
trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
return reply;
}
mach_msg_return_t
mach_msg_overwrite_trap(
struct mach_msg_overwrite_trap_args *args)
{
mach_vm_address_t msg_addr = args->msg;
mach_msg_option_t option = args->option;
mach_msg_size_t send_size = args->send_size;
mach_msg_size_t rcv_size = args->rcv_size;
mach_port_name_t rcv_name = args->rcv_name;
mach_msg_timeout_t msg_timeout = args->timeout;
__unused mach_port_name_t notify = args->notify;
mach_vm_address_t rcv_msg_addr = args->rcv_msg;
__unused mach_port_seqno_t temp_seqno = 0;
mach_msg_return_t mr = MACH_MSG_SUCCESS;
vm_map_t map = current_map();
/* Only accept options allowed by the user */
option &= MACH_MSG_OPTION_USER;
if (option & MACH_SEND_MSG) {
ipc_space_t space = current_space();
ipc_kmsg_t kmsg;
mr = ipc_kmsg_get(msg_addr, send_size, &kmsg);
if (mr != MACH_MSG_SUCCESS)
return mr;
mr = ipc_kmsg_copyin(kmsg, space, map, &option);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
return mr;
}
mr = ipc_kmsg_send(kmsg, option, msg_timeout);
if (mr != MACH_MSG_SUCCESS) {
mr |= ipc_kmsg_copyout_pseudo(kmsg, space, map, MACH_MSG_BODY_NULL);
(void) ipc_kmsg_put(msg_addr, kmsg, kmsg->ikm_header->msgh_size);
return mr;
}
}
if (option & MACH_RCV_MSG) {
thread_t self = current_thread();
ipc_space_t space = current_space();
ipc_object_t object;
ipc_mqueue_t mqueue;
mr = ipc_mqueue_copyin(space, rcv_name, &mqueue, &object);
if (mr != MACH_MSG_SUCCESS) {
return mr;
}
/* hold ref for object */
if (rcv_msg_addr != (mach_vm_address_t)0)
self->ith_msg_addr = rcv_msg_addr;
else
self->ith_msg_addr = msg_addr;
self->ith_object = object;
self->ith_msize = rcv_size;
self->ith_option = option;
self->ith_receiver_name = MACH_PORT_NULL;
self->ith_continuation = thread_syscall_return;
ipc_mqueue_receive(mqueue, option, rcv_size, msg_timeout, THREAD_ABORTSAFE);
if ((option & MACH_RCV_TIMEOUT) && msg_timeout == 0)
thread_poll_yield(self);
return mach_msg_receive_results();
}
return MACH_MSG_SUCCESS;
}
mach_msg_return_t
mach_msg_send(
mach_msg_header_t *msg,
mach_msg_option_t option,
mach_msg_size_t send_size,
mach_msg_timeout_t send_timeout,
__unused mach_port_name_t notify)
{
ipc_space_t space = current_space();
vm_map_t map = current_map();
ipc_kmsg_t kmsg;
mach_msg_return_t mr;
mach_msg_size_t msg_and_trailer_size;
mach_msg_max_trailer_t *trailer;
if ((send_size < sizeof(mach_msg_header_t)) || (send_size & 3))
return MACH_SEND_MSG_TOO_SMALL;
if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE)
return MACH_SEND_TOO_LARGE;
msg_and_trailer_size = send_size + MAX_TRAILER_SIZE;
kmsg = ipc_kmsg_alloc(msg_and_trailer_size);
if (kmsg == IKM_NULL)
return MACH_SEND_NO_BUFFER;
(void) memcpy((void *) kmsg->ikm_header, (const void *) msg, send_size);
kmsg->ikm_header->msgh_size = send_size;
/*
* reserve for the trailer the largest space (MAX_TRAILER_SIZE)
* However, the internal size field of the trailer (msgh_trailer_size)
* is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize
* the cases where no implicit data is requested.
*/
trailer = (mach_msg_max_trailer_t *) ((vm_offset_t)kmsg->ikm_header + send_size);
trailer->msgh_sender = current_thread()->task->sec_token;
trailer->msgh_audit = current_thread()->task->audit_token;
trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
mr = ipc_kmsg_copyin(kmsg, space, map, &option);
if (mr != MACH_MSG_SUCCESS) {
ipc_kmsg_free(kmsg);
return mr;
}
mr = ipc_kmsg_send(kmsg, option, send_timeout);
if (mr != MACH_MSG_SUCCESS) {
mr |= ipc_kmsg_copyout_pseudo(kmsg, space, map, MACH_MSG_BODY_NULL);
(void) memcpy((void *) msg, (const void *) kmsg->ikm_header,
kmsg->ikm_header->msgh_size);
ipc_kmsg_free(kmsg);
}
return mr;
}
ipc_kmsg_t
ipc_kobject_server(
ipc_kmsg_t request)
{
mach_msg_size_t reply_size;
ipc_kmsg_t reply;
kern_return_t kr;
ipc_port_t *destp;
mach_msg_format_0_trailer_t *trailer;
register mig_hash_t *ptr;
/*
* Find out corresponding mig_hash entry if any
*/
{
register int key = request->ikm_header->msgh_id;
register int i = MIG_HASH(key);
register int max_iter = mig_table_max_displ;
do
ptr = &mig_buckets[i++ % MAX_MIG_ENTRIES];
while (key != ptr->num && ptr->num && --max_iter);
if (!ptr->routine || key != ptr->num) {
ptr = (mig_hash_t *)0;
reply_size = mig_reply_size;
} else {
reply_size = ptr->size;
#if MACH_COUNTER
ptr->callcount++;
#endif
}
}
/* round up for trailer size */
reply_size += MAX_TRAILER_SIZE;
reply = ipc_kmsg_alloc(reply_size);
if (reply == IKM_NULL) {
printf("ipc_kobject_server: dropping request\n");
ipc_kmsg_destroy(request);
return IKM_NULL;
}
/*
* Initialize reply message.
*/
{
#define InP ((mach_msg_header_t *) request->ikm_header)
#define OutP ((mig_reply_error_t *) reply->ikm_header)
/*
* MIG should really assure no data leakage -
* but until it does, pessimistically zero the
* whole reply buffer.
*/
bzero((void *)OutP, reply_size);
OutP->NDR = NDR_record;
OutP->Head.msgh_size = sizeof(mig_reply_error_t);
OutP->Head.msgh_bits =
MACH_MSGH_BITS_SET(MACH_MSGH_BITS_LOCAL(InP->msgh_bits), 0, 0, 0);
OutP->Head.msgh_remote_port = InP->msgh_local_port;
OutP->Head.msgh_local_port = MACH_PORT_NULL;
OutP->Head.msgh_voucher_port = MACH_PORT_NULL;
OutP->Head.msgh_id = InP->msgh_id + 100;
#undef InP
#undef OutP
}
/*
* Find the routine to call, and call it
* to perform the kernel function
*/
{
if (ptr) {
(*ptr->routine)(request->ikm_header, reply->ikm_header);
kernel_task->messages_received++;
}
else {
if (!ipc_kobject_notify(request->ikm_header, reply->ikm_header)){
#if MACH_IPC_TEST
printf("ipc_kobject_server: bogus kernel message, id=%d\n",
request->ikm_header->msgh_id);
#endif /* MACH_IPC_TEST */
_MIG_MSGID_INVALID(request->ikm_header->msgh_id);
((mig_reply_error_t *) reply->ikm_header)->RetCode
= MIG_BAD_ID;
}
else
kernel_task->messages_received++;
}
kernel_task->messages_sent++;
}
/*
* Destroy destination. The following code differs from
* ipc_object_destroy in that we release the send-once
* right instead of generating a send-once notification
* (which would bring us here again, creating a loop).
* It also differs in that we only expect send or
* send-once rights, never receive rights.
*
* We set msgh_remote_port to IP_NULL so that the kmsg
* destroy routines don't try to destroy the port twice.
*/
destp = (ipc_port_t *) &request->ikm_header->msgh_remote_port;
switch (MACH_MSGH_BITS_REMOTE(request->ikm_header->msgh_bits)) {
case MACH_MSG_TYPE_PORT_SEND:
ipc_port_release_send(*destp);
break;
case MACH_MSG_TYPE_PORT_SEND_ONCE:
ipc_port_release_sonce(*destp);
break;
default:
panic("ipc_kobject_server: strange destination rights");
}
*destp = IP_NULL;
/*
* Destroy voucher. The kernel MIG servers never take ownership
* of vouchers sent in messages. Swallow any such rights here.
*/
if (IP_VALID(request->ikm_voucher)) {
assert(MACH_MSG_TYPE_PORT_SEND ==
MACH_MSGH_BITS_VOUCHER(request->ikm_header->msgh_bits));
ipc_port_release_send(request->ikm_voucher);
request->ikm_voucher = IP_NULL;
}
if (!(reply->ikm_header->msgh_bits & MACH_MSGH_BITS_COMPLEX) &&
((mig_reply_error_t *) reply->ikm_header)->RetCode != KERN_SUCCESS)
kr = ((mig_reply_error_t *) reply->ikm_header)->RetCode;
else
kr = KERN_SUCCESS;
if ((kr == KERN_SUCCESS) || (kr == MIG_NO_REPLY)) {
/*
* The server function is responsible for the contents
* of the message. The reply port right is moved
* to the reply message, and we have deallocated
* the destination port right, so we just need
* to free the kmsg.
*/
ipc_kmsg_free(request);
} else {
/*
* The message contents of the request are intact.
* Destroy everthing except the reply port right,
* which is needed in the reply message.
*/
request->ikm_header->msgh_local_port = MACH_PORT_NULL;
ipc_kmsg_destroy(request);
}
if (kr == MIG_NO_REPLY) {
/*
* The server function will send a reply message
* using the reply port right, which it has saved.
*/
ipc_kmsg_free(reply);
return IKM_NULL;
} else if (!IP_VALID((ipc_port_t)reply->ikm_header->msgh_remote_port)) {
/*
* Can't queue the reply message if the destination
* (the reply port) isn't valid.
*/
ipc_kmsg_destroy(reply);
return IKM_NULL;
}
trailer = (mach_msg_format_0_trailer_t *)
((vm_offset_t)reply->ikm_header + (int)reply->ikm_header->msgh_size);
trailer->msgh_sender = KERNEL_SECURITY_TOKEN;
trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
return reply;
}
kern_return_t
mach_port_allocate_full(
ipc_space_t space,
mach_port_right_t right,
mach_port_t proto,
mach_port_qos_t *qosp,
mach_port_name_t *namep)
{
ipc_kmsg_t kmsg;
kern_return_t kr;
if (space == IS_NULL)
return (KERN_INVALID_TASK);
if (proto != MACH_PORT_NULL)
return (KERN_INVALID_VALUE);
if (qosp->name) {
if (!MACH_PORT_VALID (*namep))
return (KERN_INVALID_VALUE);
if (is_fast_space (space))
return (KERN_FAILURE);
}
if (qosp->prealloc) {
mach_msg_size_t size = qosp->len + MAX_TRAILER_SIZE;
if (right != MACH_PORT_RIGHT_RECEIVE)
return (KERN_INVALID_VALUE);
kmsg = (ipc_kmsg_t)kalloc(ikm_plus_overhead(size));
if (kmsg == IKM_NULL)
return (KERN_RESOURCE_SHORTAGE);
ikm_init(kmsg, size);
}
switch (right) {
case MACH_PORT_RIGHT_RECEIVE:
{
ipc_port_t port;
if (qosp->name)
kr = ipc_port_alloc_name(space, *namep, &port);
else
kr = ipc_port_alloc(space, namep, &port);
if (kr == KERN_SUCCESS) {
if (qosp->prealloc)
ipc_kmsg_set_prealloc(kmsg, port);
ip_unlock(port);
} else if (qosp->prealloc)
ipc_kmsg_free(kmsg);
break;
}
case MACH_PORT_RIGHT_PORT_SET:
{
ipc_pset_t pset;
if (qosp->name)
kr = ipc_pset_alloc_name(space, *namep, &pset);
else
kr = ipc_pset_alloc(space, namep, &pset);
if (kr == KERN_SUCCESS)
ips_unlock(pset);
break;
}
case MACH_PORT_RIGHT_DEAD_NAME:
kr = ipc_object_alloc_dead(space, namep);
break;
default:
kr = KERN_INVALID_VALUE;
break;
}
return (kr);
}
