![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ipc_kmsg.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Apple XNU] / XNU / osfmk / ipc|
Return to ipc_kmsg.c CVS log | Up to [Apple XNU] / XNU / osfmk / ipc |
1.1 ! root 1: /* ! 2: * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. ! 3: * ! 4: * @APPLE_LICENSE_HEADER_START@ ! 5: * ! 6: * The contents of this file constitute Original Code as defined in and ! 7: * are subject to the Apple Public Source License Version 1.1 (the ! 8: * "License"). You may not use this file except in compliance with the ! 9: * License. Please obtain a copy of the License at ! 10: * http://www.apple.com/publicsource and read it before using this file. ! 11: * ! 12: * This Original Code and all software distributed under the License are ! 13: * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER ! 14: * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, ! 15: * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, ! 16: * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the ! 17: * License for the specific language governing rights and limitations ! 18: * under the License. ! 19: * ! 20: * @APPLE_LICENSE_HEADER_END@ ! 21: */ ! 22: /* ! 23: * @OSF_COPYRIGHT@ ! 24: */ ! 25: /* ! 26: * Mach Operating System ! 27: * Copyright (c) 1991,1990,1989 Carnegie Mellon University ! 28: * All Rights Reserved. ! 29: * ! 30: * Permission to use, copy, modify and distribute this software and its ! 31: * documentation is hereby granted, provided that both the copyright ! 32: * notice and this permission notice appear in all copies of the ! 33: * software, derivative works or modified versions, and any portions ! 34: * thereof, and that both notices appear in supporting documentation. ! 35: * ! 36: * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" ! 37: * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR ! 38: * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. ! 39: * ! 40: * Carnegie Mellon requests users of this software to return to ! 41: * ! 42: * Software Distribution Coordinator or [email protected] ! 43: * School of Computer Science ! 44: * Carnegie Mellon University ! 45: * Pittsburgh PA 15213-3890 ! 46: * ! 47: * any improvements or extensions that they make and grant Carnegie Mellon ! 48: * the rights to redistribute these changes. ! 49: */ ! 50: /* ! 51: */ ! 52: /* ! 53: * File: ipc/ipc_kmsg.c ! 54: * Author: Rich Draves ! 55: * Date: 1989 ! 56: * ! 57: * Operations on kernel messages. ! 58: */ ! 59: ! 60: #include <cpus.h> ! 61: #include <dipc.h> ! 62: #include <mach_rt.h> ! 63: #include <norma_vm.h> ! 64: ! 65: #include <mach/boolean.h> ! 66: #include <mach/kern_return.h> ! 67: #include <mach/message.h> ! 68: #include <mach/port.h> ! 69: #include <kern/assert.h> ! 70: #include <kern/kalloc.h> ! 71: #include <kern/thread.h> ! 72: #include <kern/sched_prim.h> ! 73: #if MACH_RT ! 74: #include <kern/rtmalloc.h> ! 75: #endif /* MACH_RT */ ! 76: #include <kern/spl.h> ! 77: #include <kern/misc_protos.h> ! 78: #include <kern/counters.h> ! 79: #include <vm/vm_map.h> ! 80: #include <vm/vm_object.h> ! 81: #include <vm/vm_kern.h> ! 82: #include <ipc/port.h> ! 83: #include <ipc/ipc_entry.h> ! 84: #include <ipc/ipc_kmsg.h> ! 85: #include <ipc/ipc_notify.h> ! 86: #include <ipc/ipc_object.h> ! 87: #include <ipc/ipc_space.h> ! 88: #include <ipc/ipc_port.h> ! 89: #include <ipc/ipc_right.h> ! 90: #include <ipc/ipc_hash.h> ! 91: #include <ipc/ipc_table.h> ! 92: ! 93: #include <string.h> ! 94: ! 95: extern vm_map_t ipc_kernel_copy_map; ! 96: extern vm_size_t ipc_kmsg_max_vm_space; ! 97: extern vm_size_t msg_ool_size_small; ! 98: ! 99: #if MACH_RT ! 100: extern vm_size_t msg_ool_size_small_rt; ! 101: #define MSG_OOL_SIZE_SMALL(rt) ((rt) ? msg_ool_size_small_rt : \ ! 102: msg_ool_size_small) ! 103: #else /* MACH_RT */ ! 104: #define MSG_OOL_SIZE_SMALL(rt) msg_ool_size_small ! 105: #endif /* MACH_RT */ ! 106: ! 107: ! 108: /* ! 109: * Forward declarations ! 110: */ ! 111: ! 112: void ipc_kmsg_clean( ! 113: ipc_kmsg_t kmsg); ! 114: ! 115: void ipc_kmsg_clean_body( ! 116: ipc_kmsg_t kmsg, ! 117: mach_msg_type_number_t number); ! 118: ! 119: void ipc_kmsg_clean_partial( ! 120: ipc_kmsg_t kmsg, ! 121: mach_msg_type_number_t number, ! 122: vm_offset_t paddr, ! 123: vm_size_t length); ! 124: ! 125: mach_msg_return_t ipc_kmsg_copyout_body( ! 126: ipc_kmsg_t kmsg, ! 127: ipc_space_t space, ! 128: vm_map_t map, ! 129: mach_msg_body_t *slist); ! 130: ! 131: mach_msg_return_t ipc_kmsg_copyin_body( ! 132: ipc_kmsg_t kmsg, ! 133: ipc_space_t space, ! 134: vm_map_t map); ! 135: ! 136: void ikm_cache_init(void); ! 137: ! 138: ! 139: /* ! 140: * Routine: ipc_kmsg_enqueue ! 141: * Purpose: ! 142: * Enqueue a kmsg. ! 143: */ ! 144: ! 145: void ! 146: ipc_kmsg_enqueue( ! 147: ipc_kmsg_queue_t queue, ! 148: ipc_kmsg_t kmsg) ! 149: { ! 150: ipc_kmsg_enqueue_macro(queue, kmsg); ! 151: } ! 152: ! 153: /* ! 154: * Routine: ipc_kmsg_dequeue ! 155: * Purpose: ! 156: * Dequeue and return a kmsg. ! 157: */ ! 158: ! 159: ipc_kmsg_t ! 160: ipc_kmsg_dequeue( ! 161: ipc_kmsg_queue_t queue) ! 162: { ! 163: ipc_kmsg_t first; ! 164: ! 165: first = ipc_kmsg_queue_first(queue); ! 166: ! 167: if (first != IKM_NULL) ! 168: ipc_kmsg_rmqueue_first_macro(queue, first); ! 169: ! 170: return first; ! 171: } ! 172: ! 173: /* ! 174: * Routine: ipc_kmsg_rmqueue ! 175: * Purpose: ! 176: * Pull a kmsg out of a queue. ! 177: */ ! 178: ! 179: void ! 180: ipc_kmsg_rmqueue( ! 181: ipc_kmsg_queue_t queue, ! 182: ipc_kmsg_t kmsg) ! 183: { ! 184: ipc_kmsg_t next, prev; ! 185: ! 186: assert(queue->ikmq_base != IKM_NULL); ! 187: ! 188: next = kmsg->ikm_next; ! 189: prev = kmsg->ikm_prev; ! 190: ! 191: if (next == kmsg) { ! 192: assert(prev == kmsg); ! 193: assert(queue->ikmq_base == kmsg); ! 194: ! 195: queue->ikmq_base = IKM_NULL; ! 196: } else { ! 197: if (queue->ikmq_base == kmsg) ! 198: queue->ikmq_base = next; ! 199: ! 200: next->ikm_prev = prev; ! 201: prev->ikm_next = next; ! 202: } ! 203: /* XXX Temporary debug logic */ ! 204: kmsg->ikm_next = IKM_BOGUS; ! 205: kmsg->ikm_prev = IKM_BOGUS; ! 206: } ! 207: ! 208: /* ! 209: * Routine: ipc_kmsg_queue_next ! 210: * Purpose: ! 211: * Return the kmsg following the given kmsg. ! 212: * (Or IKM_NULL if it is the last one in the queue.) ! 213: */ ! 214: ! 215: ipc_kmsg_t ! 216: ipc_kmsg_queue_next( ! 217: ipc_kmsg_queue_t queue, ! 218: ipc_kmsg_t kmsg) ! 219: { ! 220: ipc_kmsg_t next; ! 221: ! 222: assert(queue->ikmq_base != IKM_NULL); ! 223: ! 224: next = kmsg->ikm_next; ! 225: if (queue->ikmq_base == next) ! 226: next = IKM_NULL; ! 227: ! 228: return next; ! 229: } ! 230: ! 231: /* ! 232: * Routine: ipc_kmsg_destroy ! 233: * Purpose: ! 234: * Destroys a kernel message. Releases all rights, ! 235: * references, and memory held by the message. ! 236: * Frees the message. ! 237: * Conditions: ! 238: * No locks held. ! 239: */ ! 240: ! 241: void ! 242: ipc_kmsg_destroy( ! 243: ipc_kmsg_t kmsg) ! 244: { ! 245: ipc_kmsg_queue_t queue; ! 246: boolean_t empty; ! 247: ! 248: /* ! 249: * ipc_kmsg_clean can cause more messages to be destroyed. ! 250: * Curtail recursion by queueing messages. If a message ! 251: * is already queued, then this is a recursive call. ! 252: */ ! 253: ! 254: queue = &(current_thread()->ith_messages); ! 255: empty = ipc_kmsg_queue_empty(queue); ! 256: ipc_kmsg_enqueue(queue, kmsg); ! 257: ! 258: if (empty) { ! 259: /* must leave kmsg in queue while cleaning it */ ! 260: ! 261: while ((kmsg = ipc_kmsg_queue_first(queue)) != IKM_NULL) { ! 262: ipc_kmsg_clean(kmsg); ! 263: ipc_kmsg_rmqueue(queue, kmsg); ! 264: ikm_free(kmsg); ! 265: } ! 266: } ! 267: } ! 268: ! 269: /* ! 270: * Routine: ipc_kmsg_destroy_dest ! 271: * Purpose: ! 272: * Destroys a kernel message. Releases all rights, ! 273: * references, and memory held by the message (including ! 274: * the destination port reference. ! 275: * Frees the message. ! 276: * Conditions: ! 277: * No locks held. ! 278: */ ! 279: ! 280: ipc_kmsg_destroy_dest( ! 281: ipc_kmsg_t kmsg) ! 282: { ! 283: ipc_port_t port; ! 284: ! 285: port = kmsg->ikm_header.msgh_remote_port; ! 286: ! 287: ipc_port_release(port); ! 288: kmsg->ikm_header.msgh_remote_port = MACH_PORT_NULL; ! 289: ipc_kmsg_destroy(kmsg); ! 290: } ! 291: ! 292: /* ! 293: * Routine: ipc_kmsg_clean_body ! 294: * Purpose: ! 295: * Cleans the body of a kernel message. ! 296: * Releases all rights, references, and memory. ! 297: * ! 298: * Conditions: ! 299: * No locks held. ! 300: */ ! 301: ! 302: void ! 303: ipc_kmsg_clean_body( ! 304: ipc_kmsg_t kmsg, ! 305: mach_msg_type_number_t number) ! 306: { ! 307: mach_msg_descriptor_t *saddr, *eaddr; ! 308: boolean_t rt; ! 309: ! 310: if ( number == 0 ) ! 311: return; ! 312: ! 313: rt = KMSG_IS_RT(kmsg); ! 314: saddr = (mach_msg_descriptor_t *) ! 315: ((mach_msg_base_t *) &kmsg->ikm_header + 1); ! 316: eaddr = saddr + number; ! 317: ! 318: for ( ; saddr < eaddr; saddr++ ) { ! 319: ! 320: switch (saddr->type.type) { ! 321: ! 322: case MACH_MSG_PORT_DESCRIPTOR: { ! 323: mach_msg_port_descriptor_t *dsc; ! 324: ! 325: dsc = &saddr->port; ! 326: ! 327: /* ! 328: * Destroy port rights carried in the message ! 329: */ ! 330: if (!IO_VALID((ipc_object_t) dsc->name)) ! 331: continue; ! 332: ipc_object_destroy((ipc_object_t) dsc->name, dsc->disposition); ! 333: break; ! 334: } ! 335: case MACH_MSG_OOL_VOLATILE_DESCRIPTOR: ! 336: case MACH_MSG_OOL_DESCRIPTOR : { ! 337: mach_msg_ool_descriptor_t *dsc; ! 338: ! 339: dsc = &saddr->out_of_line; ! 340: ! 341: /* ! 342: * Destroy memory carried in the message ! 343: */ ! 344: if (dsc->size == 0) { ! 345: assert(dsc->address == (void *) 0); ! 346: } else { ! 347: if (dsc->copy == MACH_MSG_PHYSICAL_COPY && ! 348: dsc->size < MSG_OOL_SIZE_SMALL(rt)) { ! 349: KFREE((vm_offset_t)dsc->address, ! 350: (vm_size_t)dsc->size, ! 351: rt); ! 352: } else { ! 353: vm_map_copy_discard((vm_map_copy_t) dsc->address); ! 354: } ! 355: } ! 356: break; ! 357: } ! 358: case MACH_MSG_OOL_PORTS_DESCRIPTOR : { ! 359: ipc_object_t *objects; ! 360: mach_msg_type_number_t j; ! 361: mach_msg_ool_ports_descriptor_t *dsc; ! 362: ! 363: dsc = &saddr->ool_ports; ! 364: objects = (ipc_object_t *) dsc->address; ! 365: ! 366: if (dsc->count == 0) { ! 367: break; ! 368: } ! 369: ! 370: assert(objects != (ipc_object_t *) 0); ! 371: ! 372: /* destroy port rights carried in the message */ ! 373: ! 374: for (j = 0; j < dsc->count; j++) { ! 375: ipc_object_t object = objects[j]; ! 376: ! 377: if (!IO_VALID(object)) ! 378: continue; ! 379: ! 380: ipc_object_destroy(object, dsc->disposition); ! 381: } ! 382: ! 383: /* destroy memory carried in the message */ ! 384: ! 385: assert(dsc->count != 0); ! 386: ! 387: KFREE((vm_offset_t) dsc->address, ! 388: (vm_size_t) dsc->count * sizeof(mach_port_name_t), ! 389: rt); ! 390: break; ! 391: } ! 392: default : { ! 393: printf("cleanup: don't understand this type of descriptor\n"); ! 394: } ! 395: } ! 396: } ! 397: } ! 398: ! 399: /* ! 400: * Routine: ipc_kmsg_clean_partial ! 401: * Purpose: ! 402: * Cleans a partially-acquired kernel message. ! 403: * number is the index of the type descriptor ! 404: * in the body of the message that contained the error. ! 405: * If dolast, the memory and port rights in this last ! 406: * type spec are also cleaned. In that case, number ! 407: * specifies the number of port rights to clean. ! 408: * Conditions: ! 409: * Nothing locked. ! 410: */ ! 411: ! 412: void ! 413: ipc_kmsg_clean_partial( ! 414: ipc_kmsg_t kmsg, ! 415: mach_msg_type_number_t number, ! 416: vm_offset_t paddr, ! 417: vm_size_t length) ! 418: { ! 419: ipc_object_t object; ! 420: mach_msg_bits_t mbits = kmsg->ikm_header.msgh_bits; ! 421: ! 422: object = (ipc_object_t) kmsg->ikm_header.msgh_remote_port; ! 423: assert(IO_VALID(object)); ! 424: ipc_object_destroy(object, MACH_MSGH_BITS_REMOTE(mbits)); ! 425: ! 426: object = (ipc_object_t) kmsg->ikm_header.msgh_local_port; ! 427: if (IO_VALID(object)) ! 428: ipc_object_destroy(object, MACH_MSGH_BITS_LOCAL(mbits)); ! 429: ! 430: if (paddr) { ! 431: (void) vm_deallocate(ipc_kernel_copy_map, paddr, length); ! 432: } ! 433: ! 434: ipc_kmsg_clean_body(kmsg, number); ! 435: } ! 436: ! 437: /* ! 438: * Routine: ipc_kmsg_clean ! 439: * Purpose: ! 440: * Cleans a kernel message. Releases all rights, ! 441: * references, and memory held by the message. ! 442: * Conditions: ! 443: * No locks held. ! 444: */ ! 445: ! 446: void ! 447: ipc_kmsg_clean( ! 448: ipc_kmsg_t kmsg) ! 449: { ! 450: ipc_object_t object; ! 451: mach_msg_bits_t mbits; ! 452: ! 453: mbits = kmsg->ikm_header.msgh_bits; ! 454: object = (ipc_object_t) kmsg->ikm_header.msgh_remote_port; ! 455: if (IO_VALID(object)) ! 456: ipc_object_destroy(object, MACH_MSGH_BITS_REMOTE(mbits)); ! 457: ! 458: object = (ipc_object_t) kmsg->ikm_header.msgh_local_port; ! 459: if (IO_VALID(object)) ! 460: ipc_object_destroy(object, MACH_MSGH_BITS_LOCAL(mbits)); ! 461: ! 462: if (mbits & MACH_MSGH_BITS_COMPLEX) { ! 463: mach_msg_body_t *body; ! 464: ! 465: body = (mach_msg_body_t *) (&kmsg->ikm_header + 1); ! 466: ipc_kmsg_clean_body(kmsg, body->msgh_descriptor_count); ! 467: } ! 468: } ! 469: ! 470: /* ! 471: * Routine: ipc_kmsg_free ! 472: * Purpose: ! 473: * Free a kernel message buffer. ! 474: * Conditions: ! 475: * Nothing locked. ! 476: */ ! 477: ! 478: void ! 479: ipc_kmsg_free( ! 480: ipc_kmsg_t kmsg) ! 481: { ! 482: vm_size_t size = kmsg->ikm_size; ! 483: ! 484: if (kmsg->ikm_size != IKM_SAVED_KMSG_SIZE || ! 485: KMSG_IS_RT(kmsg) || ! 486: !ikm_cache_put(kmsg)) ! 487: KFREE((vm_offset_t) kmsg, size, KMSG_IS_RT(kmsg)); ! 488: } ! 489: ! 490: /* ! 491: * Routine: ipc_kmsg_get ! 492: * Purpose: ! 493: * Allocates a kernel message buffer. ! 494: * Copies a user message to the message buffer. ! 495: * Conditions: ! 496: * Nothing locked. ! 497: * Returns: ! 498: * MACH_MSG_SUCCESS Acquired a message buffer. ! 499: * MACH_SEND_MSG_TOO_SMALL Message smaller than a header. ! 500: * MACH_SEND_MSG_TOO_SMALL Message size not long-word multiple. ! 501: * MACH_SEND_NO_BUFFER Couldn't allocate a message buffer. ! 502: * MACH_SEND_INVALID_DATA Couldn't copy message data. ! 503: */ ! 504: ! 505: mach_msg_return_t ! 506: ipc_kmsg_get( ! 507: mach_msg_header_t *msg, ! 508: mach_msg_size_t size, ! 509: ipc_kmsg_t *kmsgp, ! 510: ipc_space_t space) ! 511: { ! 512: mach_msg_size_t msg_and_trailer_size; ! 513: ipc_kmsg_t kmsg; ! 514: mach_msg_format_0_trailer_t *trailer; ! 515: mach_port_name_t dest_name; ! 516: ipc_entry_t dest_entry; ! 517: ipc_port_t dest_port; ! 518: #if MACH_RT ! 519: boolean_t rt = FALSE; ! 520: #endif /* MACH_RT */ ! 521: ! 522: if ((size < sizeof(mach_msg_header_t)) || (size & 3)) ! 523: return MACH_SEND_MSG_TOO_SMALL; ! 524: ! 525: #if 0 /* used to be MACH_RT */ ! 526: /* ! 527: * JMM - We don't do this now, let's not pay the price ! 528: */ ! 529: /* ! 530: * Copyin just the destination mach_port_name_t ! 531: */ ! 532: if (copyinmsg((char *) &msg->msgh_remote_port, ! 533: (char *) &dest_name, ! 534: sizeof(mach_port_name_t))) { ! 535: return MACH_SEND_INVALID_DATA; ! 536: } ! 537: ! 538: /* ! 539: * Validate the space ! 540: */ ! 541: is_write_lock(space); ! 542: if (!space->is_active) { ! 543: is_write_unlock(space); ! 544: return MACH_SEND_INVALID_DEST; ! 545: } ! 546: ! 547: /* ! 548: * Lookup and validate the entry ! 549: */ ! 550: dest_entry = ipc_entry_lookup(space, dest_name); ! 551: if (dest_entry == IE_NULL) { ! 552: is_write_unlock(space); ! 553: return MACH_SEND_INVALID_DEST; ! 554: } ! 555: ! 556: /* ! 557: * Extract the port and check whether it is an RT port ! 558: */ ! 559: dest_port = (ipc_port_t) dest_entry->ie_object; ! 560: if (dest_port == IP_NULL) { ! 561: is_write_unlock(space); ! 562: return MACH_SEND_INVALID_DEST; ! 563: } ! 564: ! 565: rt = IP_RT(dest_port); ! 566: is_write_unlock(space); ! 567: #endif /* 0 used to be MACH_RT */ ! 568: ! 569: msg_and_trailer_size = size + MAX_TRAILER_SIZE; ! 570: ! 571: if (msg_and_trailer_size <= IKM_SAVED_MSG_SIZE) { ! 572: if ( ! 573: #if MACH_RT ! 574: (!rt) && ! 575: #endif /* MACH_RT */ ! 576: ikm_cache_get(&kmsg)) { ! 577: ikm_check_initialized(kmsg, IKM_SAVED_KMSG_SIZE); ! 578: } else { ! 579: #if MACH_RT ! 580: if (rt) ! 581: kmsg = ikm_rtalloc(IKM_SAVED_MSG_SIZE); ! 582: else ! 583: #endif /* MACH_RT */ ! 584: kmsg = ikm_alloc(IKM_SAVED_MSG_SIZE); ! 585: if (kmsg == IKM_NULL) ! 586: return MACH_SEND_NO_BUFFER; ! 587: ikm_init(kmsg, IKM_SAVED_MSG_SIZE); ! 588: } ! 589: } else { ! 590: #if MACH_RT ! 591: if (rt) ! 592: kmsg = ikm_rtalloc(msg_and_trailer_size); ! 593: else ! 594: #endif /* MACH_RT */ ! 595: kmsg = ikm_alloc(msg_and_trailer_size); ! 596: ! 597: if (kmsg == IKM_NULL) ! 598: return MACH_SEND_NO_BUFFER; ! 599: ikm_init(kmsg, msg_and_trailer_size); ! 600: } ! 601: ! 602: if (copyinmsg((char *) msg, (char *) &kmsg->ikm_header, size)) { ! 603: #if MACH_RT ! 604: if (rt) ! 605: KMSG_MARK_RT(kmsg); ! 606: #endif /* MACH_RT */ ! 607: ikm_free(kmsg); ! 608: return MACH_SEND_INVALID_DATA; ! 609: } ! 610: ! 611: kmsg->ikm_header.msgh_size = size; ! 612: #if MACH_RT ! 613: if (rt) ! 614: KMSG_MARK_RT(kmsg); ! 615: #endif /* MACH_RT */ ! 616: ! 617: /* ! 618: * I reserve for the trailer the largest space (MAX_TRAILER_SIZE) ! 619: * However, the internal size field of the trailer (msgh_trailer_size) ! 620: * is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize ! 621: * the cases where no implicit data is requested. ! 622: */ ! 623: trailer = (mach_msg_format_0_trailer_t *) ((vm_offset_t)&kmsg->ikm_header + size); ! 624: trailer->msgh_sender = current_thread()->top_act->task->sec_token; ! 625: trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0; ! 626: trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE; ! 627: ! 628: *kmsgp = kmsg; ! 629: return MACH_MSG_SUCCESS; ! 630: } ! 631: ! 632: /* ! 633: * Routine: ipc_kmsg_get_from_kernel ! 634: * Purpose: ! 635: * Allocates a kernel message buffer. ! 636: * Copies a kernel message to the message buffer. ! 637: * Only resource errors are allowed. ! 638: * Conditions: ! 639: * Nothing locked. ! 640: * Ports in header are ipc_port_t. ! 641: * Returns: ! 642: * MACH_MSG_SUCCESS Acquired a message buffer. ! 643: * MACH_SEND_NO_BUFFER Couldn't allocate a message buffer. ! 644: */ ! 645: ! 646: mach_msg_return_t ! 647: ipc_kmsg_get_from_kernel( ! 648: mach_msg_header_t *msg, ! 649: mach_msg_size_t size, ! 650: ipc_kmsg_t *kmsgp) ! 651: { ! 652: ipc_kmsg_t kmsg; ! 653: mach_msg_size_t msg_and_trailer_size; ! 654: mach_msg_format_0_trailer_t *trailer; ! 655: ipc_port_t dest_port; ! 656: #if MACH_RT ! 657: boolean_t rt; ! 658: #endif /* MACH_RT */ ! 659: ! 660: assert(size >= sizeof(mach_msg_header_t)); ! 661: assert((size & 3) == 0); ! 662: ! 663: /* round up for ikm_cache */ ! 664: msg_and_trailer_size = size + MAX_TRAILER_SIZE; ! 665: if (msg_and_trailer_size < IKM_SAVED_MSG_SIZE) ! 666: msg_and_trailer_size = IKM_SAVED_MSG_SIZE; ! 667: ! 668: assert(IP_VALID((ipc_port_t) msg->msgh_remote_port)); ! 669: ! 670: #if MACH_RT ! 671: rt = IP_RT((ipc_port_t) msg->msgh_remote_port); ! 672: ! 673: if (rt) ! 674: kmsg = ikm_rtalloc(msg_and_trailer_size); ! 675: else ! 676: #endif /* MACH_RT */ ! 677: kmsg = ikm_alloc(msg_and_trailer_size); ! 678: ! 679: if (kmsg == IKM_NULL) ! 680: return MACH_SEND_NO_BUFFER; ! 681: ikm_init(kmsg, msg_and_trailer_size); ! 682: ! 683: (void) memcpy((void *) &kmsg->ikm_header, (const void *) msg, size); ! 684: ! 685: kmsg->ikm_header.msgh_size = size; ! 686: #if MACH_RT ! 687: if (rt) ! 688: KMSG_MARK_RT(kmsg); ! 689: #endif /* MACH_RT */ ! 690: ! 691: /* ! 692: * I reserve for the trailer the largest space (MAX_TRAILER_SIZE) ! 693: * However, the internal size field of the trailer (msgh_trailer_size) ! 694: * is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize ! 695: * the cases where no implicit data is requested. ! 696: */ ! 697: trailer = (mach_msg_format_0_trailer_t *) ((vm_offset_t)&kmsg->ikm_header + size); ! 698: trailer->msgh_sender = KERNEL_SECURITY_TOKEN; ! 699: trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0; ! 700: trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE; ! 701: ! 702: *kmsgp = kmsg; ! 703: return MACH_MSG_SUCCESS; ! 704: } ! 705: ! 706: /* ! 707: * Routine: ipc_kmsg_send ! 708: * Purpose: ! 709: * Send a message. The message holds a reference ! 710: * for the destination port in the msgh_remote_port field. ! 711: * ! 712: * If unsuccessful, the caller still has possession of ! 713: * the message and must do something with it. If successful, ! 714: * the message is queued, given to a receiver, destroyed, ! 715: * or handled directly by the kernel via mach_msg. ! 716: * Conditions: ! 717: * Nothing locked. ! 718: * Returns: ! 719: * MACH_MSG_SUCCESS The message was accepted. ! 720: * MACH_SEND_TIMED_OUT Caller still has message. ! 721: * MACH_SEND_INTERRUPTED Caller still has message. ! 722: */ ! 723: mach_msg_return_t ! 724: ipc_kmsg_send( ! 725: ipc_kmsg_t kmsg, ! 726: mach_msg_option_t option, ! 727: mach_msg_timeout_t timeout) ! 728: { ! 729: kern_return_t save_wait_result; ! 730: ! 731: ipc_port_t port; ! 732: port = (ipc_port_t) kmsg->ikm_header.msgh_remote_port; ! 733: assert(IP_VALID(port)); ! 734: ! 735: ip_lock(port); ! 736: ! 737: if (port->ip_receiver == ipc_space_kernel) { ! 738: ! 739: /* ! 740: * We can check ip_receiver == ipc_space_kernel ! 741: * before checking that the port is active because ! 742: * ipc_port_dealloc_kernel clears ip_receiver ! 743: * before destroying a kernel port. ! 744: */ ! 745: assert(ip_active(port)); ! 746: port->ip_messages.imq_seqno++; ! 747: ip_unlock(port); ! 748: ! 749: current_task()->messages_sent++; ! 750: ! 751: /* ! 752: * Call the server routine, and get the reply message to send. ! 753: */ ! 754: kmsg = ipc_kobject_server(kmsg); ! 755: if (kmsg == IKM_NULL) ! 756: return MACH_MSG_SUCCESS; ! 757: ! 758: port = (ipc_port_t) kmsg->ikm_header.msgh_remote_port; ! 759: assert(IP_VALID(port)); ! 760: ip_lock(port); ! 761: /* fall thru with reply - same options */ ! 762: } ! 763: ! 764: /* ! 765: * Can't deliver to a dead port. ! 766: * However, we can pretend it got sent ! 767: * and was then immediately destroyed. ! 768: */ ! 769: if (!ip_active(port)) { ! 770: /* ! 771: * We can't let ipc_kmsg_destroy deallocate ! 772: * the port right, because we might end up ! 773: * in an infinite loop trying to deliver ! 774: * a send-once notification. ! 775: */ ! 776: ! 777: ip_release(port); ! 778: ip_check_unlock(port); ! 779: kmsg->ikm_header.msgh_remote_port = MACH_PORT_NULL; ! 780: ipc_kmsg_destroy(kmsg); ! 781: return MACH_MSG_SUCCESS; ! 782: } ! 783: ! 784: if (kmsg->ikm_header.msgh_bits & MACH_MSGH_BITS_CIRCULAR) { ! 785: ip_unlock(port); ! 786: ! 787: /* don't allow the creation of a circular loop */ ! 788: ! 789: ipc_kmsg_destroy(kmsg); ! 790: return MACH_MSG_SUCCESS; ! 791: } ! 792: ! 793: /* ! 794: * We have a valid message and a valid reference on the port. ! 795: * we can unlock the port and call mqueue_send() on it's message ! 796: * queue. ! 797: */ ! 798: ip_unlock(port); ! 799: return (ipc_mqueue_send(&port->ip_messages, kmsg, option, timeout)); ! 800: } ! 801: ! 802: /* ! 803: * Routine: ipc_kmsg_put ! 804: * Purpose: ! 805: * Copies a message buffer to a user message. ! 806: * Copies only the specified number of bytes. ! 807: * Frees the message buffer. ! 808: * Conditions: ! 809: * Nothing locked. The message buffer must have clean ! 810: * header fields. ! 811: * Returns: ! 812: * MACH_MSG_SUCCESS Copied data out of message buffer. ! 813: * MACH_RCV_INVALID_DATA Couldn't copy to user message. ! 814: */ ! 815: ! 816: mach_msg_return_t ! 817: ipc_kmsg_put( ! 818: mach_msg_header_t *msg, ! 819: ipc_kmsg_t kmsg, ! 820: mach_msg_size_t size) ! 821: { ! 822: mach_msg_return_t mr; ! 823: ! 824: ikm_check_initialized(kmsg, kmsg->ikm_size); ! 825: ! 826: if (copyoutmsg((const char *) &kmsg->ikm_header, (char *) msg, size)) ! 827: mr = MACH_RCV_INVALID_DATA; ! 828: else ! 829: mr = MACH_MSG_SUCCESS; ! 830: ! 831: if (kmsg->ikm_size != IKM_SAVED_KMSG_SIZE || ! 832: KMSG_IS_RT(kmsg) || ! 833: !ikm_cache_put(kmsg)) ! 834: ikm_free(kmsg); ! 835: ! 836: return mr; ! 837: } ! 838: ! 839: /* ! 840: * Routine: ipc_kmsg_put_to_kernel ! 841: * Purpose: ! 842: * Copies a message buffer to a kernel message. ! 843: * Frees the message buffer. ! 844: * No errors allowed. ! 845: * Conditions: ! 846: * Nothing locked. ! 847: */ ! 848: ! 849: void ! 850: ipc_kmsg_put_to_kernel( ! 851: mach_msg_header_t *msg, ! 852: ipc_kmsg_t kmsg, ! 853: mach_msg_size_t size) ! 854: { ! 855: (void) memcpy((void *) msg, (const void *) &kmsg->ikm_header, size); ! 856: ! 857: ikm_free(kmsg); ! 858: } ! 859: ! 860: /* ! 861: * Routine: ipc_kmsg_copyin_header ! 862: * Purpose: ! 863: * "Copy-in" port rights in the header of a message. ! 864: * Operates atomically; if it doesn't succeed the ! 865: * message header and the space are left untouched. ! 866: * If it does succeed the remote/local port fields ! 867: * contain object pointers instead of port names, ! 868: * and the bits field is updated. The destination port ! 869: * will be a valid port pointer. ! 870: * ! 871: * The notify argument implements the MACH_SEND_CANCEL option. ! 872: * If it is not MACH_PORT_NULL, it should name a receive right. ! 873: * If the processing of the destination port would generate ! 874: * a port-deleted notification (because the right for the ! 875: * destination port is destroyed and it had a request for ! 876: * a dead-name notification registered), and the port-deleted ! 877: * notification would be sent to the named receive right, ! 878: * then it isn't sent and the send-once right for the notify ! 879: * port is quietly destroyed. ! 880: * ! 881: * Conditions: ! 882: * Nothing locked. ! 883: * Returns: ! 884: * MACH_MSG_SUCCESS Successful copyin. ! 885: * MACH_SEND_INVALID_HEADER ! 886: * Illegal value in the message header bits. ! 887: * MACH_SEND_INVALID_DEST The space is dead. ! 888: * MACH_SEND_INVALID_NOTIFY ! 889: * Notify is non-null and doesn't name a receive right. ! 890: * (Either KERN_INVALID_NAME or KERN_INVALID_RIGHT.) ! 891: * MACH_SEND_INVALID_DEST Can't copyin destination port. ! 892: * (Either KERN_INVALID_NAME or KERN_INVALID_RIGHT.) ! 893: * MACH_SEND_INVALID_REPLY Can't copyin reply port. ! 894: * (Either KERN_INVALID_NAME or KERN_INVALID_RIGHT.) ! 895: */ ! 896: ! 897: mach_msg_return_t ! 898: ipc_kmsg_copyin_header( ! 899: mach_msg_header_t *msg, ! 900: ipc_space_t space, ! 901: mach_port_name_t notify) ! 902: { ! 903: mach_msg_bits_t mbits = msg->msgh_bits &~ MACH_MSGH_BITS_CIRCULAR; ! 904: mach_port_name_t dest_name = (mach_port_name_t)msg->msgh_remote_port; ! 905: mach_port_name_t reply_name = (mach_port_name_t)msg->msgh_local_port; ! 906: kern_return_t kr; ! 907: ! 908: mach_msg_type_name_t dest_type = MACH_MSGH_BITS_REMOTE(mbits); ! 909: mach_msg_type_name_t reply_type = MACH_MSGH_BITS_LOCAL(mbits); ! 910: ipc_object_t dest_port, reply_port; ! 911: ipc_port_t dest_soright, reply_soright; ! 912: ipc_port_t notify_port; ! 913: ! 914: if (!MACH_MSG_TYPE_PORT_ANY_SEND(dest_type)) ! 915: return MACH_SEND_INVALID_HEADER; ! 916: ! 917: if ((reply_type == 0) ? ! 918: (reply_name != MACH_PORT_NULL) : ! 919: !MACH_MSG_TYPE_PORT_ANY_SEND(reply_type)) ! 920: return MACH_SEND_INVALID_HEADER; ! 921: ! 922: reply_soright = IP_NULL; /* in case we go to invalid dest early */ ! 923: ! 924: is_write_lock(space); ! 925: if (!space->is_active) ! 926: goto invalid_dest; ! 927: ! 928: if (notify != MACH_PORT_NULL) { ! 929: ipc_entry_t entry; ! 930: ! 931: if ((entry = ipc_entry_lookup(space, notify)) == IE_NULL) { ! 932: is_write_unlock(space); ! 933: return MACH_SEND_INVALID_NOTIFY; ! 934: } ! 935: if((entry->ie_bits & MACH_PORT_TYPE_RECEIVE) == 0) { ! 936: is_write_unlock(space); ! 937: return MACH_SEND_INVALID_NOTIFY; ! 938: } ! 939: ! 940: notify_port = (ipc_port_t) entry->ie_object; ! 941: } ! 942: ! 943: if (dest_name == reply_name) { ! 944: ipc_entry_t entry; ! 945: mach_port_name_t name = dest_name; ! 946: ! 947: /* ! 948: * Destination and reply ports are the same! ! 949: * This is a little tedious to make atomic, because ! 950: * there are 25 combinations of dest_type/reply_type. ! 951: * However, most are easy. If either is move-sonce, ! 952: * then there must be an error. If either are ! 953: * make-send or make-sonce, then we must be looking ! 954: * at a receive right so the port can't die. ! 955: * The hard cases are the combinations of ! 956: * copy-send and make-send. ! 957: */ ! 958: ! 959: entry = ipc_entry_lookup(space, name); ! 960: if (entry == IE_NULL) ! 961: goto invalid_dest; ! 962: ! 963: assert(reply_type != 0); /* because name not null */ ! 964: ! 965: if (!ipc_right_copyin_check(space, name, entry, reply_type)) ! 966: goto invalid_reply; ! 967: ! 968: if ((dest_type == MACH_MSG_TYPE_MOVE_SEND_ONCE) || ! 969: (reply_type == MACH_MSG_TYPE_MOVE_SEND_ONCE)) { ! 970: /* ! 971: * Why must there be an error? To get a valid ! 972: * destination, this entry must name a live ! 973: * port (not a dead name or dead port). However ! 974: * a successful move-sonce will destroy a ! 975: * live entry. Therefore the other copyin, ! 976: * whatever it is, would fail. We've already ! 977: * checked for reply port errors above, ! 978: * so report a destination error. ! 979: */ ! 980: ! 981: goto invalid_dest; ! 982: } else if ((dest_type == MACH_MSG_TYPE_MAKE_SEND) || ! 983: (dest_type == MACH_MSG_TYPE_MAKE_SEND_ONCE) || ! 984: (reply_type == MACH_MSG_TYPE_MAKE_SEND) || ! 985: (reply_type == MACH_MSG_TYPE_MAKE_SEND_ONCE)) { ! 986: kr = ipc_right_copyin(space, name, entry, ! 987: dest_type, FALSE, ! 988: &dest_port, &dest_soright); ! 989: if (kr != KERN_SUCCESS) ! 990: goto invalid_dest; ! 991: ! 992: /* ! 993: * Either dest or reply needs a receive right. ! 994: * We know the receive right is there, because ! 995: * of the copyin_check and copyin calls. Hence ! 996: * the port is not in danger of dying. If dest ! 997: * used the receive right, then the right needed ! 998: * by reply (and verified by copyin_check) will ! 999: * still be there. ! 1000: */ ! 1001: ! 1002: assert(IO_VALID(dest_port)); ! 1003: assert(entry->ie_bits & MACH_PORT_TYPE_RECEIVE); ! 1004: assert(dest_soright == IP_NULL); ! 1005: ! 1006: kr = ipc_right_copyin(space, name, entry, ! 1007: reply_type, TRUE, ! 1008: &reply_port, &reply_soright); ! 1009: ! 1010: assert(kr == KERN_SUCCESS); ! 1011: assert(reply_port == dest_port); ! 1012: assert(entry->ie_bits & MACH_PORT_TYPE_RECEIVE); ! 1013: assert(reply_soright == IP_NULL); ! 1014: } else if ((dest_type == MACH_MSG_TYPE_COPY_SEND) && ! 1015: (reply_type == MACH_MSG_TYPE_COPY_SEND)) { ! 1016: /* ! 1017: * To make this atomic, just do one copy-send, ! 1018: * and dup the send right we get out. ! 1019: */ ! 1020: ! 1021: kr = ipc_right_copyin(space, name, entry, ! 1022: dest_type, FALSE, ! 1023: &dest_port, &dest_soright); ! 1024: if (kr != KERN_SUCCESS) ! 1025: goto invalid_dest; ! 1026: ! 1027: assert(entry->ie_bits & MACH_PORT_TYPE_SEND); ! 1028: assert(dest_soright == IP_NULL); ! 1029: ! 1030: /* ! 1031: * It's OK if the port we got is dead now, ! 1032: * so reply_port is IP_DEAD, because the msg ! 1033: * won't go anywhere anyway. ! 1034: */ ! 1035: ! 1036: reply_port = (ipc_object_t) ! 1037: ipc_port_copy_send((ipc_port_t) dest_port); ! 1038: reply_soright = IP_NULL; ! 1039: } else if ((dest_type == MACH_MSG_TYPE_MOVE_SEND) && ! 1040: (reply_type == MACH_MSG_TYPE_MOVE_SEND)) { ! 1041: /* ! 1042: * This is an easy case. Just use our ! 1043: * handy-dandy special-purpose copyin call ! 1044: * to get two send rights for the price of one. ! 1045: */ ! 1046: ! 1047: kr = ipc_right_copyin_two(space, name, entry, ! 1048: &dest_port, &dest_soright); ! 1049: if (kr != KERN_SUCCESS) ! 1050: goto invalid_dest; ! 1051: ! 1052: /* the entry might need to be deallocated */ ! 1053: if (IE_BITS_TYPE(entry->ie_bits) == MACH_PORT_TYPE_NONE) ! 1054: ipc_entry_dealloc(space, name, entry); ! 1055: ! 1056: reply_port = dest_port; ! 1057: reply_soright = IP_NULL; ! 1058: } else { ! 1059: ipc_port_t soright; ! 1060: ! 1061: assert(((dest_type == MACH_MSG_TYPE_COPY_SEND) && ! 1062: (reply_type == MACH_MSG_TYPE_MOVE_SEND)) || ! 1063: ((dest_type == MACH_MSG_TYPE_MOVE_SEND) && ! 1064: (reply_type == MACH_MSG_TYPE_COPY_SEND))); ! 1065: ! 1066: /* ! 1067: * To make this atomic, just do a move-send, ! 1068: * and dup the send right we get out. ! 1069: */ ! 1070: ! 1071: kr = ipc_right_copyin(space, name, entry, ! 1072: MACH_MSG_TYPE_MOVE_SEND, FALSE, ! 1073: &dest_port, &soright); ! 1074: if (kr != KERN_SUCCESS) ! 1075: goto invalid_dest; ! 1076: ! 1077: /* the entry might need to be deallocated */ ! 1078: ! 1079: if (IE_BITS_TYPE(entry->ie_bits) == MACH_PORT_TYPE_NONE) ! 1080: ipc_entry_dealloc(space, name, entry); ! 1081: ! 1082: /* ! 1083: * It's OK if the port we got is dead now, ! 1084: * so reply_port is IP_DEAD, because the msg ! 1085: * won't go anywhere anyway. ! 1086: */ ! 1087: ! 1088: reply_port = (ipc_object_t) ! 1089: ipc_port_copy_send((ipc_port_t) dest_port); ! 1090: ! 1091: if (dest_type == MACH_MSG_TYPE_MOVE_SEND) { ! 1092: dest_soright = soright; ! 1093: reply_soright = IP_NULL; ! 1094: } else { ! 1095: dest_soright = IP_NULL; ! 1096: reply_soright = soright; ! 1097: } ! 1098: } ! 1099: } else if (!MACH_PORT_VALID(reply_name)) { ! 1100: ipc_entry_t entry; ! 1101: ! 1102: /* ! 1103: * No reply port! This is an easy case ! 1104: * to make atomic. Just copyin the destination. ! 1105: */ ! 1106: ! 1107: entry = ipc_entry_lookup(space, dest_name); ! 1108: if (entry == IE_NULL) ! 1109: goto invalid_dest; ! 1110: ! 1111: kr = ipc_right_copyin(space, dest_name, entry, ! 1112: dest_type, FALSE, ! 1113: &dest_port, &dest_soright); ! 1114: if (kr != KERN_SUCCESS) ! 1115: goto invalid_dest; ! 1116: ! 1117: /* the entry might need to be deallocated */ ! 1118: ! 1119: if (IE_BITS_TYPE(entry->ie_bits) == MACH_PORT_TYPE_NONE) ! 1120: ipc_entry_dealloc(space, dest_name, entry); ! 1121: ! 1122: reply_port = (ipc_object_t) reply_name; ! 1123: reply_soright = IP_NULL; ! 1124: } else { ! 1125: ipc_entry_t dest_entry, reply_entry; ! 1126: ipc_port_t saved_reply; ! 1127: ! 1128: /* ! 1129: * This is the tough case to make atomic. ! 1130: * The difficult problem is serializing with port death. ! 1131: * At the time we copyin dest_port, it must be alive. ! 1132: * If reply_port is alive when we copyin it, then ! 1133: * we are OK, because we serialize before the death ! 1134: * of both ports. Assume reply_port is dead at copyin. ! 1135: * Then if dest_port dies/died after reply_port died, ! 1136: * we are OK, because we serialize between the death ! 1137: * of the two ports. So the bad case is when dest_port ! 1138: * dies after its copyin, reply_port dies before its ! 1139: * copyin, and dest_port dies before reply_port. Then ! 1140: * the copyins operated as if dest_port was alive ! 1141: * and reply_port was dead, which shouldn't have happened ! 1142: * because they died in the other order. ! 1143: * ! 1144: * Note that it is easy for a user task to tell if ! 1145: * a copyin happened before or after a port died. ! 1146: * For example, suppose both dest and reply are ! 1147: * send-once rights (types are both move-sonce) and ! 1148: * both rights have dead-name requests registered. ! 1149: * If a port dies before copyin, a dead-name notification ! 1150: * is generated and the dead name's urefs are incremented, ! 1151: * and if the copyin happens first, a port-deleted ! 1152: * notification is generated. ! 1153: * ! 1154: * Note that although the entries are different, ! 1155: * dest_port and reply_port might still be the same. ! 1156: * ! 1157: * JMM - The code to handle this was too expensive and, anyway, ! 1158: * we intend to separate the dest lookup from the reply copyin ! 1159: * by a wide margin, so the user will have to learn to deal! ! 1160: * I will be making the change soon! ! 1161: */ ! 1162: ! 1163: dest_entry = ipc_entry_lookup(space, dest_name); ! 1164: if (dest_entry == IE_NULL) ! 1165: goto invalid_dest; ! 1166: ! 1167: reply_entry = ipc_entry_lookup(space, reply_name); ! 1168: if (reply_entry == IE_NULL) ! 1169: goto invalid_reply; ! 1170: ! 1171: assert(dest_entry != reply_entry); /* names are not equal */ ! 1172: assert(reply_type != 0); /* because reply_name not null */ ! 1173: ! 1174: if (!ipc_right_copyin_check(space, reply_name, reply_entry, ! 1175: reply_type)) ! 1176: goto invalid_reply; ! 1177: ! 1178: kr = ipc_right_copyin(space, dest_name, dest_entry, ! 1179: dest_type, FALSE, ! 1180: &dest_port, &dest_soright); ! 1181: if (kr != KERN_SUCCESS) ! 1182: goto invalid_dest; ! 1183: ! 1184: assert(IO_VALID(dest_port)); ! 1185: ! 1186: kr = ipc_right_copyin(space, reply_name, reply_entry, ! 1187: reply_type, TRUE, ! 1188: &reply_port, &reply_soright); ! 1189: ! 1190: assert(kr == KERN_SUCCESS); ! 1191: ! 1192: /* the entries might need to be deallocated */ ! 1193: ! 1194: if (IE_BITS_TYPE(reply_entry->ie_bits) == MACH_PORT_TYPE_NONE) ! 1195: ipc_entry_dealloc(space, reply_name, reply_entry); ! 1196: ! 1197: if (IE_BITS_TYPE(dest_entry->ie_bits) == MACH_PORT_TYPE_NONE) ! 1198: ipc_entry_dealloc(space, dest_name, dest_entry); ! 1199: } ! 1200: ! 1201: /* ! 1202: * At this point, dest_port, reply_port, ! 1203: * dest_soright, reply_soright are all initialized. ! 1204: * Any defunct entries have been deallocated. ! 1205: * The space is still write-locked, and we need to ! 1206: * make the MACH_SEND_CANCEL check. The notify_port pointer ! 1207: * is still usable, because the copyin code above won't ever ! 1208: * deallocate a receive right, so its entry still exists ! 1209: * and holds a ref. Note notify_port might even equal ! 1210: * dest_port or reply_port. ! 1211: */ ! 1212: ! 1213: if ((notify != MACH_PORT_NULL) && ! 1214: (dest_soright == notify_port)) { ! 1215: ipc_port_release_sonce(dest_soright); ! 1216: dest_soright = IP_NULL; ! 1217: } ! 1218: ! 1219: is_write_unlock(space); ! 1220: ! 1221: if (dest_soright != IP_NULL) ! 1222: ipc_notify_port_deleted(dest_soright, dest_name); ! 1223: ! 1224: if (reply_soright != IP_NULL) ! 1225: ipc_notify_port_deleted(reply_soright, reply_name); ! 1226: ! 1227: dest_type = ipc_object_copyin_type(dest_type); ! 1228: reply_type = ipc_object_copyin_type(reply_type); ! 1229: ! 1230: msg->msgh_bits = (MACH_MSGH_BITS_OTHER(mbits) | ! 1231: MACH_MSGH_BITS(dest_type, reply_type)); ! 1232: msg->msgh_remote_port = (ipc_port_t)dest_port; ! 1233: msg->msgh_local_port = (ipc_port_t)reply_port; ! 1234: ! 1235: return MACH_MSG_SUCCESS; ! 1236: ! 1237: invalid_reply: ! 1238: is_write_unlock(space); ! 1239: return MACH_SEND_INVALID_REPLY; ! 1240: ! 1241: invalid_dest: ! 1242: is_write_unlock(space); ! 1243: if (reply_soright != IP_NULL) ! 1244: ipc_notify_port_deleted(reply_soright, reply_name); ! 1245: return MACH_SEND_INVALID_DEST; ! 1246: } ! 1247: ! 1248: /* ! 1249: * Routine: ipc_kmsg_copyin_body ! 1250: * Purpose: ! 1251: * "Copy-in" port rights and out-of-line memory ! 1252: * in the message body. ! 1253: * ! 1254: * In all failure cases, the message is left holding ! 1255: * no rights or memory. However, the message buffer ! 1256: * is not deallocated. If successful, the message ! 1257: * contains a valid destination port. ! 1258: * Conditions: ! 1259: * Nothing locked. ! 1260: * Returns: ! 1261: * MACH_MSG_SUCCESS Successful copyin. ! 1262: * MACH_SEND_INVALID_MEMORY Can't grab out-of-line memory. ! 1263: * MACH_SEND_INVALID_RIGHT Can't copyin port right in body. ! 1264: * MACH_SEND_INVALID_TYPE Bad type specification. ! 1265: * MACH_SEND_MSG_TOO_SMALL Body is too small for types/data. ! 1266: * MACH_SEND_INVALID_RT_OOL_SIZE OOL Buffer too large for RT ! 1267: * MACH_MSG_INVALID_RT_DESCRIPTOR Dealloc and RT are incompatible ! 1268: */ ! 1269: ! 1270: mach_msg_return_t ! 1271: ipc_kmsg_copyin_body( ! 1272: ipc_kmsg_t kmsg, ! 1273: ipc_space_t space, ! 1274: vm_map_t map) ! 1275: { ! 1276: ipc_object_t dest; ! 1277: mach_msg_body_t *body; ! 1278: mach_msg_descriptor_t *saddr, *eaddr; ! 1279: boolean_t complex; ! 1280: mach_msg_return_t mr; ! 1281: boolean_t use_page_lists, steal_pages; ! 1282: int i; ! 1283: kern_return_t kr; ! 1284: vm_size_t space_needed = 0; ! 1285: vm_offset_t paddr = 0; ! 1286: mach_msg_descriptor_t *sstart; ! 1287: vm_map_copy_t copy = VM_MAP_COPY_NULL; ! 1288: #if MACH_RT ! 1289: boolean_t rt; ! 1290: #endif /* MACH_RT */ ! 1291: ! 1292: /* ! 1293: * Determine if the target is a kernel port. ! 1294: */ ! 1295: dest = (ipc_object_t) kmsg->ikm_header.msgh_remote_port; ! 1296: complex = FALSE; ! 1297: use_page_lists = ipc_kobject_vm_page_list(ip_kotype((ipc_port_t)dest)); ! 1298: steal_pages = ipc_kobject_vm_page_steal(ip_kotype((ipc_port_t)dest)); ! 1299: #if MACH_RT ! 1300: rt = KMSG_IS_RT(kmsg); ! 1301: #endif /* MACH_RT */ ! 1302: ! 1303: body = (mach_msg_body_t *) (&kmsg->ikm_header + 1); ! 1304: saddr = (mach_msg_descriptor_t *) (body + 1); ! 1305: eaddr = saddr + body->msgh_descriptor_count; ! 1306: ! 1307: /* make sure the message does not ask for more msg descriptors ! 1308: * than the message can hold. ! 1309: */ ! 1310: ! 1311: if (eaddr <= saddr || ! 1312: eaddr > (mach_msg_descriptor_t *) (&kmsg->ikm_header + ! 1313: kmsg->ikm_header.msgh_size)) { ! 1314: ipc_kmsg_clean_partial(kmsg,0,0,0); ! 1315: return MACH_SEND_MSG_TOO_SMALL; ! 1316: } ! 1317: ! 1318: /* ! 1319: * Make an initial pass to determine kernal VM space requirements for ! 1320: * physical copies. ! 1321: */ ! 1322: for (sstart = saddr; sstart < eaddr; sstart++) { ! 1323: ! 1324: if (sstart->type.type == MACH_MSG_OOL_DESCRIPTOR || ! 1325: sstart->type.type == MACH_MSG_OOL_VOLATILE_DESCRIPTOR) { ! 1326: ! 1327: assert(!(sstart->out_of_line.copy == MACH_MSG_PHYSICAL_COPY && ! 1328: (use_page_lists || steal_pages))); ! 1329: ! 1330: if (sstart->out_of_line.copy != MACH_MSG_PHYSICAL_COPY && ! 1331: sstart->out_of_line.copy != MACH_MSG_VIRTUAL_COPY) { ! 1332: /* ! 1333: * Invalid copy option ! 1334: */ ! 1335: ipc_kmsg_clean_partial(kmsg,0,0,0); ! 1336: return MACH_SEND_INVALID_TYPE; ! 1337: } ! 1338: ! 1339: if (sstart->out_of_line.copy == MACH_MSG_PHYSICAL_COPY && ! 1340: sstart->out_of_line.size >= MSG_OOL_SIZE_SMALL(rt) && ! 1341: !sstart->out_of_line.deallocate) { ! 1342: ! 1343: /* ! 1344: * Out-of-line memory descriptor, accumulate kernel ! 1345: * memory requirements ! 1346: */ ! 1347: space_needed += round_page(sstart->out_of_line.size); ! 1348: if (space_needed > ipc_kmsg_max_vm_space) { ! 1349: ! 1350: /* ! 1351: * Per message kernel memory limit exceeded ! 1352: */ ! 1353: ipc_kmsg_clean_partial(kmsg,0,0,0); ! 1354: return MACH_MSG_VM_KERNEL; ! 1355: } ! 1356: } ! 1357: } ! 1358: } ! 1359: ! 1360: /* ! 1361: * Allocate space in the pageable kernel ipc copy map for all the ! 1362: * ool data that is to be physically copied. Map is marked wait for ! 1363: * space. ! 1364: */ ! 1365: if (space_needed) { ! 1366: #if MACH_RT ! 1367: if (rt) { ! 1368: ipc_kmsg_clean_partial(kmsg,0,0,0); ! 1369: return MACH_SEND_INVALID_RT_OOL_SIZE; ! 1370: } ! 1371: #endif /* MACH_RT */ ! 1372: if (vm_allocate(ipc_kernel_copy_map, &paddr, space_needed, ! 1373: TRUE) != KERN_SUCCESS) { ! 1374: ipc_kmsg_clean_partial(kmsg,0,0,0); ! 1375: return MACH_MSG_VM_KERNEL; ! 1376: } ! 1377: } ! 1378: ! 1379: /* ! 1380: * handle the OOL regions and port descriptors. ! 1381: * the check for complex messages was done earlier. ! 1382: */ ! 1383: ! 1384: for (i = 0, sstart = saddr; sstart < eaddr; sstart++) { ! 1385: ! 1386: switch (sstart->type.type) { ! 1387: ! 1388: case MACH_MSG_PORT_DESCRIPTOR: { ! 1389: mach_msg_type_name_t name; ! 1390: ipc_object_t object; ! 1391: mach_msg_port_descriptor_t *dsc; ! 1392: ! 1393: dsc = &sstart->port; ! 1394: ! 1395: /* this is really the type SEND, SEND_ONCE, etc. */ ! 1396: name = dsc->disposition; ! 1397: dsc->disposition = ipc_object_copyin_type(name); ! 1398: ! 1399: if (!MACH_PORT_VALID((mach_port_name_t)dsc->name)) { ! 1400: complex = TRUE; ! 1401: break; ! 1402: } ! 1403: kr = ipc_object_copyin(space, (mach_port_name_t)dsc->name, name, &object); ! 1404: if (kr != KERN_SUCCESS) { ! 1405: ipc_kmsg_clean_partial(kmsg, i, paddr, space_needed); ! 1406: return MACH_SEND_INVALID_RIGHT; ! 1407: } ! 1408: if ((dsc->disposition == MACH_MSG_TYPE_PORT_RECEIVE) && ! 1409: ipc_port_check_circularity((ipc_port_t) object, ! 1410: (ipc_port_t) dest)) { ! 1411: kmsg->ikm_header.msgh_bits |= MACH_MSGH_BITS_CIRCULAR; ! 1412: } ! 1413: dsc->name = (ipc_port_t) object; ! 1414: complex = TRUE; ! 1415: break; ! 1416: } ! 1417: case MACH_MSG_OOL_VOLATILE_DESCRIPTOR: ! 1418: case MACH_MSG_OOL_DESCRIPTOR: { ! 1419: vm_size_t length; ! 1420: boolean_t dealloc; ! 1421: vm_offset_t addr; ! 1422: vm_offset_t kaddr; ! 1423: mach_msg_ool_descriptor_t *dsc; ! 1424: ! 1425: dsc = &sstart->out_of_line; ! 1426: #if MACH_RT ! 1427: if ((dealloc = dsc->deallocate) && rt) { ! 1428: /* If RT, we cannot have paddr */ ! 1429: ipc_kmsg_clean_partial(kmsg, i, 0, 0); ! 1430: return MACH_MSG_INVALID_RT_DESCRIPTOR; ! 1431: } ! 1432: #else /* MACH_RT */ ! 1433: dealloc = dsc->deallocate; ! 1434: #endif /* MACH_RT */ ! 1435: addr = (vm_offset_t) dsc->address; ! 1436: ! 1437: length = dsc->size; ! 1438: ! 1439: if (length == 0) { ! 1440: dsc->address = 0; ! 1441: } else if (use_page_lists) { ! 1442: int options; ! 1443: ! 1444: #if MACH_RT ! 1445: assert(!rt); ! 1446: #endif /* MACH_RT */ ! 1447: /* ! 1448: * Use page list copy mechanism if specified. Since the ! 1449: * destination is a kernel port, no RT handling is ! 1450: * necessary. ! 1451: */ ! 1452: if (steal_pages == FALSE) { ! 1453: /* ! 1454: * XXX Temporary Hackaround. ! 1455: * XXX Because the same page ! 1456: * XXX might be in more than one ! 1457: * XXX out of line region, steal ! 1458: * XXX (busy) pages from previous ! 1459: * XXX region so that this copyin ! 1460: * XXX won't block (permanently). ! 1461: */ ! 1462: if (copy != VM_MAP_COPY_NULL) ! 1463: vm_map_copy_steal_pages(copy); ! 1464: } ! 1465: ! 1466: /* ! 1467: * Set up options for copying in page list. ! 1468: * If deallocating, steal pages to prevent ! 1469: * vm code from lazy evaluating deallocation. ! 1470: */ ! 1471: options = VM_PROT_READ; ! 1472: if (dealloc) { ! 1473: options |= VM_MAP_COPYIN_OPT_SRC_DESTROY | ! 1474: VM_MAP_COPYIN_OPT_STEAL_PAGES; ! 1475: } ! 1476: else if (steal_pages) { ! 1477: options |= VM_MAP_COPYIN_OPT_STEAL_PAGES; ! 1478: } ! 1479: ! 1480: if (vm_map_copyin_page_list(map, addr, length, options, ! 1481: ©, FALSE) ! 1482: != KERN_SUCCESS) { ! 1483: ! 1484: ipc_kmsg_clean_partial(kmsg, i, paddr, space_needed); ! 1485: return MACH_SEND_INVALID_MEMORY; ! 1486: } ! 1487: ! 1488: dsc->address = (void *) copy; ! 1489: dsc->copy = MACH_MSG_PAGE_LIST_COPY_T; ! 1490: } else if (length < MSG_OOL_SIZE_SMALL(rt) && ! 1491: dsc->copy == MACH_MSG_PHYSICAL_COPY) { ! 1492: ! 1493: /* ! 1494: * If the data is 'small' enough, always kalloc space for ! 1495: * it and copy it in. The data will be copied out ! 1496: * on the message receive. This is a performance ! 1497: * optimization that assumes the cost of VM operations ! 1498: * dominates the copyin/copyout overhead for 'small' ! 1499: * regions. ! 1500: * If the kernel is the message target, a consistent data ! 1501: * repesentation is needed for ool data since kernel ! 1502: * functions may deallocate the ool data. In this case ! 1503: * a vm_map_copy_t is allocated along with the space for ! 1504: * the data as an optimization. No RT handling is needed. ! 1505: */ ! 1506: if (is_ipc_kobject(ip_kotype((ipc_port_t)dest))) { ! 1507: vm_map_copy_t copy; ! 1508: vm_size_t kalloc_size = sizeof(struct vm_map_copy) + ! 1509: length; ! 1510: ! 1511: #if MACH_RT ! 1512: assert(!rt); ! 1513: #endif /* MACH_RT */ ! 1514: copy = (vm_map_copy_t) kalloc(kalloc_size); ! 1515: if (copy == VM_MAP_COPY_NULL) { ! 1516: ipc_kmsg_clean_partial(kmsg, i, paddr, ! 1517: space_needed); ! 1518: return MACH_MSG_VM_KERNEL; ! 1519: } ! 1520: copy->type = VM_MAP_COPY_KERNEL_BUFFER; ! 1521: if (copyin((const char *) addr, (char *) (copy + 1), ! 1522: length)) { ! 1523: kfree((vm_offset_t) copy, kalloc_size); ! 1524: ipc_kmsg_clean_partial(kmsg, i, paddr, ! 1525: space_needed); ! 1526: return MACH_SEND_INVALID_MEMORY; ! 1527: } ! 1528: dsc->address = (void *) copy; ! 1529: dsc->copy = MACH_MSG_KALLOC_COPY_T; ! 1530: copy->size = length; ! 1531: copy->offset = 0; ! 1532: copy->cpy_kdata = (vm_offset_t) (copy + 1); ! 1533: copy->cpy_kalloc_size = kalloc_size; ! 1534: } else { ! 1535: if ((kaddr = KALLOC(length, rt)) == (vm_offset_t) 0) { ! 1536: ipc_kmsg_clean_partial(kmsg, i, paddr, ! 1537: space_needed); ! 1538: return MACH_MSG_VM_KERNEL; ! 1539: } ! 1540: ! 1541: if (copyin((const char *) addr, (char *) kaddr, ! 1542: length)) { ! 1543: KFREE(kaddr, length, rt); ! 1544: ipc_kmsg_clean_partial(kmsg, i, paddr, ! 1545: space_needed); ! 1546: return MACH_SEND_INVALID_MEMORY; ! 1547: } ! 1548: dsc->address = (void *) kaddr; ! 1549: } ! 1550: if (dealloc) { ! 1551: (void) vm_map_remove(map, trunc_page(addr), ! 1552: round_page(addr + length), ! 1553: VM_MAP_REMOVE_WAIT_FOR_KWIRE| ! 1554: VM_MAP_REMOVE_INTERRUPTIBLE); ! 1555: } ! 1556: } else { ! 1557: if ((dsc->copy == MACH_MSG_PHYSICAL_COPY) && !dealloc) { ! 1558: ! 1559: /* ! 1560: * If the request is a physical copy and the source ! 1561: * is not being deallocated, then allocate space ! 1562: * in the kernel's pageable ipc copy map and copy ! 1563: * the data in. The semantics guarantee that the ! 1564: * data will have been physically copied before ! 1565: * the send operation terminates. Thus if the data ! 1566: * is not being deallocated, we must be prepared ! 1567: * to page if the region is sufficiently large. ! 1568: */ ! 1569: if (copyin((const char *) addr, (char *) paddr, ! 1570: length)) { ! 1571: ipc_kmsg_clean_partial(kmsg, i, paddr, ! 1572: space_needed); ! 1573: return MACH_SEND_INVALID_MEMORY; ! 1574: } ! 1575: ! 1576: /* ! 1577: * The kernel ipc copy map is marked no_zero_fill. ! 1578: * If the transfer is not a page multiple, we need ! 1579: * to zero fill the balance. ! 1580: */ ! 1581: if (!page_aligned(length)) { ! 1582: (void) memset((void *) (paddr + length), 0, ! 1583: round_page(length) - length); ! 1584: } ! 1585: if (vm_map_copyin(ipc_kernel_copy_map, paddr, length, ! 1586: TRUE, ©) != KERN_SUCCESS) { ! 1587: ipc_kmsg_clean_partial(kmsg, i, paddr, ! 1588: space_needed); ! 1589: return MACH_MSG_VM_KERNEL; ! 1590: } ! 1591: paddr += round_page(length); ! 1592: space_needed -= round_page(length); ! 1593: } else { ! 1594: ! 1595: /* ! 1596: * Make a virtual copy of the of the data if requested ! 1597: * or if a physical copy was requested but the source ! 1598: * is being deallocated. This is an invalid ! 1599: * path if RT. ! 1600: */ ! 1601: #if MACH_RT ! 1602: if (rt) { ! 1603: ipc_kmsg_clean_partial(kmsg, i, paddr, ! 1604: space_needed); ! 1605: return MACH_SEND_INVALID_TYPE; ! 1606: } ! 1607: #endif /* MACH_RT */ ! 1608: if (vm_map_copyin(map, addr, length, ! 1609: dealloc, ©) != KERN_SUCCESS) { ! 1610: ipc_kmsg_clean_partial(kmsg, i, paddr, ! 1611: space_needed); ! 1612: return MACH_SEND_INVALID_MEMORY; ! 1613: } ! 1614: } ! 1615: dsc->address = (void *) copy; ! 1616: } ! 1617: complex = TRUE; ! 1618: break; ! 1619: } ! 1620: case MACH_MSG_OOL_PORTS_DESCRIPTOR: { ! 1621: vm_size_t length; ! 1622: vm_offset_t data; ! 1623: vm_offset_t addr; ! 1624: ipc_object_t *objects; ! 1625: int j; ! 1626: mach_msg_type_name_t name; ! 1627: mach_msg_ool_ports_descriptor_t *dsc; ! 1628: ! 1629: dsc = &sstart->ool_ports; ! 1630: addr = (vm_offset_t) dsc->address; ! 1631: ! 1632: /* calculate length of data in bytes, rounding up */ ! 1633: length = dsc->count * sizeof(mach_port_name_t); ! 1634: ! 1635: if (length == 0) { ! 1636: complex = TRUE; ! 1637: dsc->address = (void *) 0; ! 1638: break; ! 1639: } ! 1640: ! 1641: data = KALLOC(length, rt); ! 1642: ! 1643: if (data == 0) { ! 1644: ipc_kmsg_clean_partial(kmsg, i, paddr, space_needed); ! 1645: return MACH_SEND_NO_BUFFER; ! 1646: } ! 1647: ! 1648: if (copyinmap(map, addr, data, length)) { ! 1649: KFREE(data, length, rt); ! 1650: ipc_kmsg_clean_partial(kmsg, i, paddr, space_needed); ! 1651: return MACH_SEND_INVALID_MEMORY; ! 1652: } ! 1653: ! 1654: if (dsc->deallocate) { ! 1655: (void) vm_deallocate(map, addr, length); ! 1656: } ! 1657: ! 1658: dsc->address = (void *) data; ! 1659: ! 1660: /* this is really the type SEND, SEND_ONCE, etc. */ ! 1661: name = dsc->disposition; ! 1662: dsc->disposition = ipc_object_copyin_type(name); ! 1663: ! 1664: objects = (ipc_object_t *) data; ! 1665: ! 1666: for ( j = 0; j < dsc->count; j++) { ! 1667: mach_port_name_t port = (mach_port_name_t) objects[j]; ! 1668: ipc_object_t object; ! 1669: ! 1670: if (!MACH_PORT_VALID(port)) ! 1671: continue; ! 1672: ! 1673: kr = ipc_object_copyin(space, port, name, &object); ! 1674: ! 1675: if (kr != KERN_SUCCESS) { ! 1676: int k; ! 1677: ! 1678: for(k = 0; k < j; k++) { ! 1679: object = objects[k]; ! 1680: if (!MACH_PORT_VALID(port)) ! 1681: continue; ! 1682: ipc_object_destroy(object, dsc->disposition); ! 1683: } ! 1684: KFREE(data, length, rt); ! 1685: ipc_kmsg_clean_partial(kmsg, i, paddr, space_needed); ! 1686: return MACH_SEND_INVALID_RIGHT; ! 1687: } ! 1688: ! 1689: if ((dsc->disposition == MACH_MSG_TYPE_PORT_RECEIVE) && ! 1690: ipc_port_check_circularity( ! 1691: (ipc_port_t) object, ! 1692: (ipc_port_t) dest)) ! 1693: kmsg->ikm_header.msgh_bits |= MACH_MSGH_BITS_CIRCULAR; ! 1694: ! 1695: objects[j] = object; ! 1696: } ! 1697: ! 1698: complex = TRUE; ! 1699: break; ! 1700: } ! 1701: default: { ! 1702: /* ! 1703: * Invalid descriptor ! 1704: */ ! 1705: ipc_kmsg_clean_partial(kmsg, i, paddr, space_needed); ! 1706: return MACH_SEND_INVALID_TYPE; ! 1707: } ! 1708: } ! 1709: i++ ; ! 1710: } ! 1711: ! 1712: if (!complex) ! 1713: kmsg->ikm_header.msgh_bits &= ~MACH_MSGH_BITS_COMPLEX; ! 1714: return MACH_MSG_SUCCESS; ! 1715: } ! 1716: ! 1717: ! 1718: /* ! 1719: * Routine: ipc_kmsg_copyin ! 1720: * Purpose: ! 1721: * "Copy-in" port rights and out-of-line memory ! 1722: * in the message. ! 1723: * ! 1724: * In all failure cases, the message is left holding ! 1725: * no rights or memory. However, the message buffer ! 1726: * is not deallocated. If successful, the message ! 1727: * contains a valid destination port. ! 1728: * Conditions: ! 1729: * Nothing locked. ! 1730: * Returns: ! 1731: * MACH_MSG_SUCCESS Successful copyin. ! 1732: * MACH_SEND_INVALID_HEADER ! 1733: * Illegal value in the message header bits. ! 1734: * MACH_SEND_INVALID_NOTIFY Bad notify port. ! 1735: * MACH_SEND_INVALID_DEST Can't copyin destination port. ! 1736: * MACH_SEND_INVALID_REPLY Can't copyin reply port. ! 1737: * MACH_SEND_INVALID_MEMORY Can't grab out-of-line memory. ! 1738: * MACH_SEND_INVALID_RIGHT Can't copyin port right in body. ! 1739: * MACH_SEND_INVALID_TYPE Bad type specification. ! 1740: * MACH_SEND_MSG_TOO_SMALL Body is too small for types/data. ! 1741: */ ! 1742: ! 1743: mach_msg_return_t ! 1744: ipc_kmsg_copyin( ! 1745: ipc_kmsg_t kmsg, ! 1746: ipc_space_t space, ! 1747: vm_map_t map, ! 1748: mach_port_name_t notify) ! 1749: { ! 1750: mach_msg_return_t mr; ! 1751: ! 1752: mr = ipc_kmsg_copyin_header(&kmsg->ikm_header, space, notify); ! 1753: if (mr != MACH_MSG_SUCCESS) ! 1754: return mr; ! 1755: ! 1756: if ((kmsg->ikm_header.msgh_bits & MACH_MSGH_BITS_COMPLEX) == 0) ! 1757: return MACH_MSG_SUCCESS; ! 1758: ! 1759: return( ipc_kmsg_copyin_body( kmsg, space, map) ); ! 1760: } ! 1761: ! 1762: /* ! 1763: * Routine: ipc_kmsg_copyin_from_kernel ! 1764: * Purpose: ! 1765: * "Copy-in" port rights and out-of-line memory ! 1766: * in a message sent from the kernel. ! 1767: * ! 1768: * Because the message comes from the kernel, ! 1769: * the implementation assumes there are no errors ! 1770: * or peculiarities in the message. ! 1771: * ! 1772: * Returns TRUE if queueing the message ! 1773: * would result in a circularity. ! 1774: * Conditions: ! 1775: * Nothing locked. ! 1776: */ ! 1777: ! 1778: void ! 1779: ipc_kmsg_copyin_from_kernel( ! 1780: ipc_kmsg_t kmsg) ! 1781: { ! 1782: mach_msg_bits_t bits = kmsg->ikm_header.msgh_bits; ! 1783: mach_msg_type_name_t rname = MACH_MSGH_BITS_REMOTE(bits); ! 1784: mach_msg_type_name_t lname = MACH_MSGH_BITS_LOCAL(bits); ! 1785: ipc_object_t remote = (ipc_object_t) kmsg->ikm_header.msgh_remote_port; ! 1786: ipc_object_t local = (ipc_object_t) kmsg->ikm_header.msgh_local_port; ! 1787: ! 1788: /* translate the destination and reply ports */ ! 1789: ! 1790: ipc_object_copyin_from_kernel(remote, rname); ! 1791: if (IO_VALID(local)) ! 1792: ipc_object_copyin_from_kernel(local, lname); ! 1793: ! 1794: /* ! 1795: * The common case is a complex message with no reply port, ! 1796: * because that is what the memory_object interface uses. ! 1797: */ ! 1798: ! 1799: if (bits == (MACH_MSGH_BITS_COMPLEX | ! 1800: MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0))) { ! 1801: bits = (MACH_MSGH_BITS_COMPLEX | ! 1802: MACH_MSGH_BITS(MACH_MSG_TYPE_PORT_SEND, 0)); ! 1803: ! 1804: kmsg->ikm_header.msgh_bits = bits; ! 1805: } else { ! 1806: bits = (MACH_MSGH_BITS_OTHER(bits) | ! 1807: MACH_MSGH_BITS(ipc_object_copyin_type(rname), ! 1808: ipc_object_copyin_type(lname))); ! 1809: ! 1810: kmsg->ikm_header.msgh_bits = bits; ! 1811: if ((bits & MACH_MSGH_BITS_COMPLEX) == 0) ! 1812: return; ! 1813: } ! 1814: { ! 1815: mach_msg_descriptor_t *saddr, *eaddr; ! 1816: mach_msg_body_t *body; ! 1817: ! 1818: body = (mach_msg_body_t *) (&kmsg->ikm_header + 1); ! 1819: saddr = (mach_msg_descriptor_t *) (body + 1); ! 1820: eaddr = (mach_msg_descriptor_t *) saddr + body->msgh_descriptor_count; ! 1821: ! 1822: for ( ; saddr < eaddr; saddr++) { ! 1823: ! 1824: switch (saddr->type.type) { ! 1825: ! 1826: case MACH_MSG_PORT_DESCRIPTOR: { ! 1827: mach_msg_type_name_t name; ! 1828: ipc_object_t object; ! 1829: mach_msg_port_descriptor_t *dsc; ! 1830: ! 1831: dsc = &saddr->port; ! 1832: ! 1833: /* this is really the type SEND, SEND_ONCE, etc. */ ! 1834: name = dsc->disposition; ! 1835: object = (ipc_object_t) dsc->name; ! 1836: dsc->disposition = ipc_object_copyin_type(name); ! 1837: ! 1838: if (!IO_VALID(object)) { ! 1839: break; ! 1840: } ! 1841: ! 1842: ipc_object_copyin_from_kernel(object, name); ! 1843: ! 1844: /* CDY avoid circularity when the destination is also */ ! 1845: /* the kernel. This check should be changed into an */ ! 1846: /* assert when the new kobject model is in place since*/ ! 1847: /* ports will not be used in kernel to kernel chats */ ! 1848: ! 1849: if (((ipc_port_t)remote)->ip_receiver != ipc_space_kernel) { ! 1850: if ((dsc->disposition == MACH_MSG_TYPE_PORT_RECEIVE) && ! 1851: ipc_port_check_circularity((ipc_port_t) object, ! 1852: (ipc_port_t) remote)) { ! 1853: kmsg->ikm_header.msgh_bits |= ! 1854: MACH_MSGH_BITS_CIRCULAR; ! 1855: } ! 1856: } ! 1857: break; ! 1858: } ! 1859: case MACH_MSG_OOL_VOLATILE_DESCRIPTOR: ! 1860: case MACH_MSG_OOL_DESCRIPTOR: { ! 1861: /* ! 1862: * The sender should supply ready-made memory, i.e. ! 1863: * a vm_map_copy_t, so we don't need to do anything. ! 1864: */ ! 1865: break; ! 1866: } ! 1867: case MACH_MSG_OOL_PORTS_DESCRIPTOR: { ! 1868: ipc_object_t *objects; ! 1869: int j; ! 1870: mach_msg_type_name_t name; ! 1871: mach_msg_ool_ports_descriptor_t *dsc; ! 1872: ! 1873: dsc = &saddr->ool_ports; ! 1874: ! 1875: /* this is really the type SEND, SEND_ONCE, etc. */ ! 1876: name = dsc->disposition; ! 1877: dsc->disposition = ipc_object_copyin_type(name); ! 1878: ! 1879: objects = (ipc_object_t *) dsc->address; ! 1880: ! 1881: for ( j = 0; j < dsc->count; j++) { ! 1882: ipc_object_t object = objects[j]; ! 1883: ! 1884: if (!IO_VALID(object)) ! 1885: continue; ! 1886: ! 1887: ipc_object_copyin_from_kernel(object, name); ! 1888: ! 1889: if ((dsc->disposition == MACH_MSG_TYPE_PORT_RECEIVE) && ! 1890: ipc_port_check_circularity( ! 1891: (ipc_port_t) object, ! 1892: (ipc_port_t) remote)) ! 1893: kmsg->ikm_header.msgh_bits |= MACH_MSGH_BITS_CIRCULAR; ! 1894: } ! 1895: break; ! 1896: } ! 1897: default: { ! 1898: #if MACH_ASSERT ! 1899: panic("ipc_kmsg_copyin_from_kernel: bad descriptor"); ! 1900: #endif /* MACH_ASSERT */ ! 1901: } ! 1902: } ! 1903: } ! 1904: } ! 1905: } ! 1906: ! 1907: /* ! 1908: * Routine: ipc_kmsg_copyout_header ! 1909: * Purpose: ! 1910: * "Copy-out" port rights in the header of a message. ! 1911: * Operates atomically; if it doesn't succeed the ! 1912: * message header and the space are left untouched. ! 1913: * If it does succeed the remote/local port fields ! 1914: * contain port names instead of object pointers, ! 1915: * and the bits field is updated. ! 1916: * ! 1917: * The notify argument implements the MACH_RCV_NOTIFY option. ! 1918: * If it is not MACH_PORT_NULL, it should name a receive right. ! 1919: * If the process of receiving the reply port creates a ! 1920: * new right in the receiving task, then the new right is ! 1921: * automatically registered for a dead-name notification, ! 1922: * with the notify port supplying the send-once right. ! 1923: * Conditions: ! 1924: * Nothing locked. ! 1925: * Returns: ! 1926: * MACH_MSG_SUCCESS Copied out port rights. ! 1927: * MACH_RCV_INVALID_NOTIFY ! 1928: * Notify is non-null and doesn't name a receive right. ! 1929: * (Either KERN_INVALID_NAME or KERN_INVALID_RIGHT.) ! 1930: * MACH_RCV_HEADER_ERROR|MACH_MSG_IPC_SPACE ! 1931: * The space is dead. ! 1932: * MACH_RCV_HEADER_ERROR|MACH_MSG_IPC_SPACE ! 1933: * No room in space for another name. ! 1934: * MACH_RCV_HEADER_ERROR|MACH_MSG_IPC_KERNEL ! 1935: * Couldn't allocate memory for the reply port. ! 1936: * MACH_RCV_HEADER_ERROR|MACH_MSG_IPC_KERNEL ! 1937: * Couldn't allocate memory for the dead-name request. ! 1938: */ ! 1939: ! 1940: mach_msg_return_t ! 1941: ipc_kmsg_copyout_header( ! 1942: mach_msg_header_t *msg, ! 1943: ipc_space_t space, ! 1944: mach_port_name_t notify) ! 1945: { ! 1946: mach_msg_bits_t mbits = msg->msgh_bits; ! 1947: ipc_port_t dest = (ipc_port_t) msg->msgh_remote_port; ! 1948: ! 1949: assert(IP_VALID(dest)); ! 1950: ! 1951: { ! 1952: mach_msg_type_name_t dest_type = MACH_MSGH_BITS_REMOTE(mbits); ! 1953: mach_msg_type_name_t reply_type = MACH_MSGH_BITS_LOCAL(mbits); ! 1954: ipc_port_t reply = (ipc_port_t) msg->msgh_local_port; ! 1955: mach_port_name_t dest_name, reply_name; ! 1956: ! 1957: if (IP_VALID(reply)) { ! 1958: ipc_port_t notify_port; ! 1959: ipc_entry_t entry; ! 1960: kern_return_t kr; ! 1961: ! 1962: /* ! 1963: * Handling notify (for MACH_RCV_NOTIFY) is tricky. ! 1964: * The problem is atomically making a send-once right ! 1965: * from the notify port and installing it for a ! 1966: * dead-name request in the new entry, because this ! 1967: * requires two port locks (on the notify port and ! 1968: * the reply port). However, we can safely make ! 1969: * and consume send-once rights for the notify port ! 1970: * as long as we hold the space locked. This isn't ! 1971: * an atomicity problem, because the only way ! 1972: * to detect that a send-once right has been created ! 1973: * and then consumed if it wasn't needed is by getting ! 1974: * at the receive right to look at ip_sorights, and ! 1975: * because the space is write-locked status calls can't ! 1976: * lookup the notify port receive right. When we make ! 1977: * the send-once right, we lock the notify port, ! 1978: * so any status calls in progress will be done. ! 1979: */ ! 1980: ! 1981: is_write_lock(space); ! 1982: ! 1983: for (;;) { ! 1984: ipc_port_request_index_t request; ! 1985: ! 1986: if (!space->is_active) { ! 1987: is_write_unlock(space); ! 1988: return (MACH_RCV_HEADER_ERROR| ! 1989: MACH_MSG_IPC_SPACE); ! 1990: } ! 1991: ! 1992: if (notify != MACH_PORT_NULL) { ! 1993: notify_port = ipc_port_lookup_notify(space, ! 1994: notify); ! 1995: if (notify_port == IP_NULL) { ! 1996: is_write_unlock(space); ! 1997: return MACH_RCV_INVALID_NOTIFY; ! 1998: } ! 1999: } else ! 2000: notify_port = IP_NULL; ! 2001: ! 2002: if ((reply_type != MACH_MSG_TYPE_PORT_SEND_ONCE) && ! 2003: ipc_right_reverse(space, (ipc_object_t) reply, ! 2004: &reply_name, &entry)) { ! 2005: /* reply port is locked and active */ ! 2006: ! 2007: /* ! 2008: * We don't need the notify_port ! 2009: * send-once right, but we can't release ! 2010: * it here because reply port is locked. ! 2011: * Wait until after the copyout to ! 2012: * release the notify port right. ! 2013: */ ! 2014: ! 2015: assert(entry->ie_bits & ! 2016: MACH_PORT_TYPE_SEND_RECEIVE); ! 2017: break; ! 2018: } ! 2019: ! 2020: ip_lock(reply); ! 2021: if (!ip_active(reply)) { ! 2022: ip_release(reply); ! 2023: ip_check_unlock(reply); ! 2024: ! 2025: if (notify_port != IP_NULL) ! 2026: ipc_port_release_sonce(notify_port); ! 2027: ! 2028: ip_lock(dest); ! 2029: is_write_unlock(space); ! 2030: ! 2031: reply = IP_DEAD; ! 2032: reply_name = MACH_PORT_DEAD; ! 2033: goto copyout_dest; ! 2034: } ! 2035: ! 2036: reply_name = (mach_port_name_t)reply; ! 2037: kr = ipc_entry_get(space, &reply_name, &entry); ! 2038: if (kr != KERN_SUCCESS) { ! 2039: ip_unlock(reply); ! 2040: ! 2041: if (notify_port != IP_NULL) ! 2042: ipc_port_release_sonce(notify_port); ! 2043: ! 2044: /* space is locked */ ! 2045: kr = ipc_entry_grow_table(space, ! 2046: ITS_SIZE_NONE); ! 2047: if (kr != KERN_SUCCESS) { ! 2048: /* space is unlocked */ ! 2049: ! 2050: if (kr == KERN_RESOURCE_SHORTAGE) ! 2051: return (MACH_RCV_HEADER_ERROR| ! 2052: MACH_MSG_IPC_KERNEL); ! 2053: else ! 2054: return (MACH_RCV_HEADER_ERROR| ! 2055: MACH_MSG_IPC_SPACE); ! 2056: } ! 2057: /* space is locked again; start over */ ! 2058: ! 2059: continue; ! 2060: } ! 2061: assert(IE_BITS_TYPE(entry->ie_bits) == ! 2062: MACH_PORT_TYPE_NONE); ! 2063: assert(entry->ie_object == IO_NULL); ! 2064: ! 2065: if (notify_port == IP_NULL) { ! 2066: /* not making a dead-name request */ ! 2067: ! 2068: entry->ie_object = (ipc_object_t) reply; ! 2069: break; ! 2070: } ! 2071: ! 2072: kr = ipc_port_dnrequest(reply, reply_name, ! 2073: notify_port, &request); ! 2074: if (kr != KERN_SUCCESS) { ! 2075: ip_unlock(reply); ! 2076: ! 2077: ipc_port_release_sonce(notify_port); ! 2078: ! 2079: ipc_entry_dealloc(space, reply_name, entry); ! 2080: is_write_unlock(space); ! 2081: ! 2082: ip_lock(reply); ! 2083: if (!ip_active(reply)) { ! 2084: /* will fail next time around loop */ ! 2085: ! 2086: ip_unlock(reply); ! 2087: is_write_lock(space); ! 2088: continue; ! 2089: } ! 2090: ! 2091: kr = ipc_port_dngrow(reply, ITS_SIZE_NONE); ! 2092: /* port is unlocked */ ! 2093: if (kr != KERN_SUCCESS) ! 2094: return (MACH_RCV_HEADER_ERROR| ! 2095: MACH_MSG_IPC_KERNEL); ! 2096: ! 2097: is_write_lock(space); ! 2098: continue; ! 2099: } ! 2100: ! 2101: notify_port = IP_NULL; /* don't release right below */ ! 2102: ! 2103: entry->ie_object = (ipc_object_t) reply; ! 2104: entry->ie_request = request; ! 2105: break; ! 2106: } ! 2107: ! 2108: /* space and reply port are locked and active */ ! 2109: ! 2110: ip_reference(reply); /* hold onto the reply port */ ! 2111: ! 2112: kr = ipc_right_copyout(space, reply_name, entry, ! 2113: reply_type, TRUE, (ipc_object_t) reply); ! 2114: /* reply port is unlocked */ ! 2115: assert(kr == KERN_SUCCESS); ! 2116: ! 2117: if (notify_port != IP_NULL) ! 2118: ipc_port_release_sonce(notify_port); ! 2119: ! 2120: ip_lock(dest); ! 2121: is_write_unlock(space); ! 2122: } else { ! 2123: /* ! 2124: * No reply port! This is an easy case. ! 2125: * We only need to have the space locked ! 2126: * when checking notify and when locking ! 2127: * the destination (to ensure atomicity). ! 2128: */ ! 2129: ! 2130: is_read_lock(space); ! 2131: if (!space->is_active) { ! 2132: is_read_unlock(space); ! 2133: return MACH_RCV_HEADER_ERROR|MACH_MSG_IPC_SPACE; ! 2134: } ! 2135: ! 2136: if (notify != MACH_PORT_NULL) { ! 2137: ipc_entry_t entry; ! 2138: ! 2139: /* must check notify even though it won't be used */ ! 2140: ! 2141: if ((entry = ipc_entry_lookup(space, notify)) == IE_NULL) { ! 2142: is_read_unlock(space); ! 2143: return MACH_RCV_INVALID_NOTIFY; ! 2144: } ! 2145: ! 2146: if ((entry->ie_bits & MACH_PORT_TYPE_RECEIVE) == 0) { ! 2147: is_read_unlock(space); ! 2148: return MACH_RCV_INVALID_NOTIFY; ! 2149: } ! 2150: } ! 2151: ! 2152: ip_lock(dest); ! 2153: is_read_unlock(space); ! 2154: ! 2155: reply_name = (mach_port_name_t) reply; ! 2156: } ! 2157: ! 2158: /* ! 2159: * At this point, the space is unlocked and the destination ! 2160: * port is locked. (Lock taken while space was locked.) ! 2161: * reply_name is taken care of; we still need dest_name. ! 2162: * We still hold a ref for reply (if it is valid). ! 2163: * ! 2164: * If the space holds receive rights for the destination, ! 2165: * we return its name for the right. Otherwise the task ! 2166: * managed to destroy or give away the receive right between ! 2167: * receiving the message and this copyout. If the destination ! 2168: * is dead, return MACH_PORT_DEAD, and if the receive right ! 2169: * exists somewhere else (another space, in transit) ! 2170: * return MACH_PORT_NULL. ! 2171: * ! 2172: * Making this copyout operation atomic with the previous ! 2173: * copyout of the reply port is a bit tricky. If there was ! 2174: * no real reply port (it wasn't IP_VALID) then this isn't ! 2175: * an issue. If the reply port was dead at copyout time, ! 2176: * then we are OK, because if dest is dead we serialize ! 2177: * after the death of both ports and if dest is alive ! 2178: * we serialize after reply died but before dest's (later) death. ! 2179: * So assume reply was alive when we copied it out. If dest ! 2180: * is alive, then we are OK because we serialize before ! 2181: * the ports' deaths. So assume dest is dead when we look at it. ! 2182: * If reply dies/died after dest, then we are OK because ! 2183: * we serialize after dest died but before reply dies. ! 2184: * So the hard case is when reply is alive at copyout, ! 2185: * dest is dead at copyout, and reply died before dest died. ! 2186: * In this case pretend that dest is still alive, so ! 2187: * we serialize while both ports are alive. ! 2188: * ! 2189: * Because the space lock is held across the copyout of reply ! 2190: * and locking dest, the receive right for dest can't move ! 2191: * in or out of the space while the copyouts happen, so ! 2192: * that isn't an atomicity problem. In the last hard case ! 2193: * above, this implies that when dest is dead that the ! 2194: * space couldn't have had receive rights for dest at ! 2195: * the time reply was copied-out, so when we pretend ! 2196: * that dest is still alive, we can return MACH_PORT_NULL. ! 2197: * ! 2198: * If dest == reply, then we have to make it look like ! 2199: * either both copyouts happened before the port died, ! 2200: * or both happened after the port died. This special ! 2201: * case works naturally if the timestamp comparison ! 2202: * is done correctly. ! 2203: */ ! 2204: ! 2205: copyout_dest: ! 2206: ! 2207: if (ip_active(dest)) { ! 2208: ipc_object_copyout_dest(space, (ipc_object_t) dest, ! 2209: dest_type, &dest_name); ! 2210: /* dest is unlocked */ ! 2211: } else { ! 2212: ipc_port_timestamp_t timestamp; ! 2213: ! 2214: timestamp = dest->ip_timestamp; ! 2215: ip_release(dest); ! 2216: ip_check_unlock(dest); ! 2217: ! 2218: if (IP_VALID(reply)) { ! 2219: ip_lock(reply); ! 2220: if (ip_active(reply) || ! 2221: IP_TIMESTAMP_ORDER(timestamp, ! 2222: reply->ip_timestamp)) ! 2223: dest_name = MACH_PORT_DEAD; ! 2224: else ! 2225: dest_name = MACH_PORT_NULL; ! 2226: ip_unlock(reply); ! 2227: } else ! 2228: dest_name = MACH_PORT_DEAD; ! 2229: } ! 2230: ! 2231: if (IP_VALID(reply)) ! 2232: ipc_port_release(reply); ! 2233: ! 2234: msg->msgh_bits = (MACH_MSGH_BITS_OTHER(mbits) | ! 2235: MACH_MSGH_BITS(reply_type, dest_type)); ! 2236: msg->msgh_local_port = (ipc_port_t)dest_name; ! 2237: msg->msgh_remote_port = (ipc_port_t)reply_name; ! 2238: } ! 2239: ! 2240: return MACH_MSG_SUCCESS; ! 2241: } ! 2242: ! 2243: /* ! 2244: * Routine: ipc_kmsg_copyout_object ! 2245: * Purpose: ! 2246: * Copy-out a port right. Always returns a name, ! 2247: * even for unsuccessful return codes. Always ! 2248: * consumes the supplied object. ! 2249: * Conditions: ! 2250: * Nothing locked. ! 2251: * Returns: ! 2252: * MACH_MSG_SUCCESS The space acquired the right ! 2253: * (name is valid) or the object is dead (MACH_PORT_DEAD). ! 2254: * MACH_MSG_IPC_SPACE No room in space for the right, ! 2255: * or the space is dead. (Name is MACH_PORT_NULL.) ! 2256: * MACH_MSG_IPC_KERNEL Kernel resource shortage. ! 2257: * (Name is MACH_PORT_NULL.) ! 2258: */ ! 2259: ! 2260: mach_msg_return_t ! 2261: ipc_kmsg_copyout_object( ! 2262: ipc_space_t space, ! 2263: ipc_object_t object, ! 2264: mach_msg_type_name_t msgt_name, ! 2265: mach_port_name_t *namep) ! 2266: { ! 2267: kern_return_t kr; ! 2268: ! 2269: if (!IO_VALID(object)) { ! 2270: *namep = (mach_port_name_t) object; ! 2271: return MACH_MSG_SUCCESS; ! 2272: } ! 2273: ! 2274: kr = ipc_object_copyout(space, object, msgt_name, TRUE, namep); ! 2275: if (kr != KERN_SUCCESS) { ! 2276: ipc_object_destroy(object, msgt_name); ! 2277: ! 2278: if (kr == KERN_INVALID_CAPABILITY) ! 2279: *namep = MACH_PORT_DEAD; ! 2280: else { ! 2281: *namep = MACH_PORT_NULL; ! 2282: ! 2283: if (kr == KERN_RESOURCE_SHORTAGE) ! 2284: return MACH_MSG_IPC_KERNEL; ! 2285: else ! 2286: return MACH_MSG_IPC_SPACE; ! 2287: } ! 2288: } ! 2289: ! 2290: return MACH_MSG_SUCCESS; ! 2291: } ! 2292: ! 2293: /* ! 2294: * Routine: ipc_kmsg_copyout_body ! 2295: * Purpose: ! 2296: * "Copy-out" port rights and out-of-line memory ! 2297: * in the body of a message. ! 2298: * ! 2299: * The error codes are a combination of special bits. ! 2300: * The copyout proceeds despite errors. ! 2301: * Conditions: ! 2302: * Nothing locked. ! 2303: * Returns: ! 2304: * MACH_MSG_SUCCESS Successful copyout. ! 2305: * MACH_MSG_IPC_SPACE No room for port right in name space. ! 2306: * MACH_MSG_VM_SPACE No room for memory in address space. ! 2307: * MACH_MSG_IPC_KERNEL Resource shortage handling port right. ! 2308: * MACH_MSG_VM_KERNEL Resource shortage handling memory. ! 2309: * MACH_MSG_INVALID_RT_DESCRIPTOR Descriptor incompatible with RT ! 2310: */ ! 2311: ! 2312: mach_msg_return_t ! 2313: ipc_kmsg_copyout_body( ! 2314: ipc_kmsg_t kmsg, ! 2315: ipc_space_t space, ! 2316: vm_map_t map, ! 2317: mach_msg_body_t *slist) ! 2318: { ! 2319: mach_msg_body_t *body; ! 2320: mach_msg_descriptor_t *saddr, *eaddr; ! 2321: mach_msg_return_t mr = MACH_MSG_SUCCESS; ! 2322: kern_return_t kr; ! 2323: vm_offset_t data; ! 2324: mach_msg_descriptor_t *sstart, *send; ! 2325: #if MACH_RT ! 2326: boolean_t rt; ! 2327: #endif /* MACH_RT */ ! 2328: ! 2329: body = (mach_msg_body_t *) (&kmsg->ikm_header + 1); ! 2330: saddr = (mach_msg_descriptor_t *) (body + 1); ! 2331: eaddr = saddr + body->msgh_descriptor_count; ! 2332: #if MACH_RT ! 2333: rt = KMSG_IS_RT(kmsg); ! 2334: #endif /* MACH_RT */ ! 2335: ! 2336: /* ! 2337: * Do scatter list setup ! 2338: */ ! 2339: if (slist != MACH_MSG_BODY_NULL) { ! 2340: sstart = (mach_msg_descriptor_t *) (slist + 1); ! 2341: send = sstart + slist->msgh_descriptor_count; ! 2342: } ! 2343: else { ! 2344: sstart = MACH_MSG_DESCRIPTOR_NULL; ! 2345: } ! 2346: ! 2347: for ( ; saddr < eaddr; saddr++ ) { ! 2348: ! 2349: switch (saddr->type.type) { ! 2350: ! 2351: case MACH_MSG_PORT_DESCRIPTOR: { ! 2352: mach_msg_port_descriptor_t *dsc; ! 2353: ! 2354: /* ! 2355: * Copyout port right carried in the message ! 2356: */ ! 2357: dsc = &saddr->port; ! 2358: mr |= ipc_kmsg_copyout_object(space, ! 2359: (ipc_object_t) dsc->name, ! 2360: dsc->disposition, ! 2361: (mach_port_name_t *) &dsc->name); ! 2362: ! 2363: break; ! 2364: } ! 2365: case MACH_MSG_OOL_VOLATILE_DESCRIPTOR: ! 2366: case MACH_MSG_OOL_DESCRIPTOR : { ! 2367: vm_offset_t rcv_addr; ! 2368: vm_offset_t snd_addr; ! 2369: mach_msg_ool_descriptor_t *dsc; ! 2370: mach_msg_copy_options_t copy_option; ! 2371: ! 2372: SKIP_PORT_DESCRIPTORS(sstart, send); ! 2373: ! 2374: dsc = &saddr->out_of_line; ! 2375: ! 2376: assert(dsc->copy != MACH_MSG_KALLOC_COPY_T); ! 2377: assert(dsc->copy != MACH_MSG_PAGE_LIST_COPY_T); ! 2378: ! 2379: copy_option = dsc->copy; ! 2380: ! 2381: if ((snd_addr = (vm_offset_t) dsc->address) != 0) { ! 2382: if (sstart != MACH_MSG_DESCRIPTOR_NULL && ! 2383: sstart->out_of_line.copy == MACH_MSG_OVERWRITE) { ! 2384: ! 2385: /* ! 2386: * There is an overwrite descriptor specified in the ! 2387: * scatter list for this ool data. The descriptor ! 2388: * has already been verified ! 2389: */ ! 2390: rcv_addr = (vm_offset_t) sstart->out_of_line.address; ! 2391: dsc->copy = MACH_MSG_OVERWRITE; ! 2392: } else { ! 2393: dsc->copy = MACH_MSG_ALLOCATE; ! 2394: } ! 2395: ! 2396: if (copy_option == MACH_MSG_PHYSICAL_COPY && ! 2397: dsc->size < MSG_OOL_SIZE_SMALL(rt)) { ! 2398: ! 2399: /* ! 2400: * Sufficiently 'small' data was copied into a kalloc'ed ! 2401: * buffer copy was requested. Just copy it out and ! 2402: * free the buffer. ! 2403: */ ! 2404: if (dsc->copy == MACH_MSG_ALLOCATE) { ! 2405: #if MACH_RT ! 2406: /* ! 2407: * The MACH_MSG_ALLOCATE option is not ! 2408: * compatible with RT behavior. ! 2409: */ ! 2410: if (rt) { ! 2411: mr |= MACH_MSG_INVALID_RT_DESCRIPTOR; ! 2412: KFREE(snd_addr, dsc->size, rt); ! 2413: dsc->address = (void *) 0; ! 2414: INCREMENT_SCATTER(sstart); ! 2415: break; ! 2416: } ! 2417: #endif /* MACH_RT */ ! 2418: ! 2419: /* ! 2420: * If there is no overwrite region, allocate ! 2421: * space in receiver's address space for the ! 2422: * data ! 2423: */ ! 2424: if ((kr = vm_allocate(map, &rcv_addr, dsc->size, ! 2425: TRUE)) != KERN_SUCCESS) { ! 2426: if (kr == KERN_RESOURCE_SHORTAGE) ! 2427: mr |= MACH_MSG_VM_KERNEL; ! 2428: else ! 2429: mr |= MACH_MSG_VM_SPACE; ! 2430: KFREE(snd_addr, dsc->size, rt); ! 2431: dsc->address = (void *) 0; ! 2432: INCREMENT_SCATTER(sstart); ! 2433: break; ! 2434: } ! 2435: } ! 2436: (void) copyoutmap(map, snd_addr, rcv_addr, dsc->size); ! 2437: KFREE(snd_addr, dsc->size, rt); ! 2438: } else { ! 2439: ! 2440: /* ! 2441: * Whether the data was virtually or physically ! 2442: * copied we have a vm_map_copy_t for it. ! 2443: * If there's an overwrite region specified ! 2444: * overwrite it, otherwise do a virtual copy out. ! 2445: */ ! 2446: if (dsc->copy == MACH_MSG_OVERWRITE) { ! 2447: kr = vm_map_copy_overwrite(map, rcv_addr, ! 2448: (vm_map_copy_t) dsc->address, TRUE); ! 2449: } else { ! 2450: kr = vm_map_copyout(map, &rcv_addr, ! 2451: (vm_map_copy_t) dsc->address); ! 2452: } ! 2453: if (kr != KERN_SUCCESS) { ! 2454: if (kr == KERN_RESOURCE_SHORTAGE) ! 2455: mr |= MACH_MSG_VM_KERNEL; ! 2456: else ! 2457: mr |= MACH_MSG_VM_SPACE; ! 2458: vm_map_copy_discard((vm_map_copy_t) dsc->address); ! 2459: dsc->address = 0; ! 2460: INCREMENT_SCATTER(sstart); ! 2461: break; ! 2462: } ! 2463: } ! 2464: dsc->address = (void *) rcv_addr; ! 2465: } ! 2466: INCREMENT_SCATTER(sstart); ! 2467: break; ! 2468: } ! 2469: case MACH_MSG_OOL_PORTS_DESCRIPTOR : { ! 2470: vm_offset_t addr; ! 2471: mach_port_name_t *objects; ! 2472: mach_msg_type_number_t j; ! 2473: vm_size_t length; ! 2474: mach_msg_ool_ports_descriptor_t *dsc; ! 2475: ! 2476: SKIP_PORT_DESCRIPTORS(sstart, send); ! 2477: ! 2478: dsc = &saddr->ool_ports; ! 2479: ! 2480: length = dsc->count * sizeof(mach_port_name_t); ! 2481: ! 2482: if (length != 0) { ! 2483: if (sstart != MACH_MSG_DESCRIPTOR_NULL && ! 2484: sstart->ool_ports.copy == MACH_MSG_OVERWRITE) { ! 2485: ! 2486: /* ! 2487: * There is an overwrite descriptor specified in the ! 2488: * scatter list for this ool data. The descriptor ! 2489: * has already been verified ! 2490: */ ! 2491: addr = (vm_offset_t) sstart->out_of_line.address; ! 2492: dsc->copy = MACH_MSG_OVERWRITE; ! 2493: } ! 2494: else { ! 2495: #if MACH_RT ! 2496: /* ! 2497: * The MACH_MSG_ALLOCATE option is not ! 2498: * compatible with RT behavior. ! 2499: */ ! 2500: if (rt) { ! 2501: mr |= MACH_MSG_INVALID_RT_DESCRIPTOR; ! 2502: ipc_kmsg_clean_body(kmsg, ! 2503: body->msgh_descriptor_count); ! 2504: dsc->address = 0; ! 2505: INCREMENT_SCATTER(sstart); ! 2506: break; ! 2507: } ! 2508: #endif /* MACH_RT */ ! 2509: ! 2510: /* ! 2511: * Dynamically allocate the region ! 2512: */ ! 2513: dsc->copy = MACH_MSG_ALLOCATE; ! 2514: if ((kr = vm_allocate(map, &addr, length, TRUE)) != ! 2515: KERN_SUCCESS) { ! 2516: ipc_kmsg_clean_body(kmsg, ! 2517: body->msgh_descriptor_count); ! 2518: dsc->address = 0; ! 2519: ! 2520: if (kr == KERN_RESOURCE_SHORTAGE){ ! 2521: mr |= MACH_MSG_VM_KERNEL; ! 2522: } else { ! 2523: mr |= MACH_MSG_VM_SPACE; ! 2524: } ! 2525: INCREMENT_SCATTER(sstart); ! 2526: break; ! 2527: } ! 2528: } ! 2529: } else { ! 2530: INCREMENT_SCATTER(sstart); ! 2531: break; ! 2532: } ! 2533: ! 2534: ! 2535: objects = (mach_port_name_t *) dsc->address ; ! 2536: ! 2537: /* copyout port rights carried in the message */ ! 2538: ! 2539: for ( j = 0; j < dsc->count ; j++) { ! 2540: ipc_object_t object = ! 2541: (ipc_object_t) objects[j]; ! 2542: ! 2543: mr |= ipc_kmsg_copyout_object(space, object, ! 2544: dsc->disposition, &objects[j]); ! 2545: } ! 2546: ! 2547: /* copyout to memory allocated above */ ! 2548: ! 2549: data = (vm_offset_t) dsc->address; ! 2550: (void) copyoutmap(map, data, addr, length); ! 2551: KFREE(data, length, rt); ! 2552: ! 2553: dsc->address = (void *) addr; ! 2554: INCREMENT_SCATTER(sstart); ! 2555: break; ! 2556: } ! 2557: default : { ! 2558: panic("untyped IPC copyout body: invalid message descriptor"); ! 2559: } ! 2560: } ! 2561: } ! 2562: return mr; ! 2563: } ! 2564: ! 2565: /* ! 2566: * Routine: ipc_kmsg_copyout ! 2567: * Purpose: ! 2568: * "Copy-out" port rights and out-of-line memory ! 2569: * in the message. ! 2570: * Conditions: ! 2571: * Nothing locked. ! 2572: * Returns: ! 2573: * MACH_MSG_SUCCESS Copied out all rights and memory. ! 2574: * MACH_RCV_INVALID_NOTIFY Bad notify port. ! 2575: * Rights and memory in the message are intact. ! 2576: * MACH_RCV_HEADER_ERROR + special bits ! 2577: * Rights and memory in the message are intact. ! 2578: * MACH_RCV_BODY_ERROR + special bits ! 2579: * The message header was successfully copied out. ! 2580: * As much of the body was handled as possible. ! 2581: */ ! 2582: ! 2583: mach_msg_return_t ! 2584: ipc_kmsg_copyout( ! 2585: ipc_kmsg_t kmsg, ! 2586: ipc_space_t space, ! 2587: vm_map_t map, ! 2588: mach_port_name_t notify, ! 2589: mach_msg_body_t *slist) ! 2590: { ! 2591: mach_msg_return_t mr; ! 2592: ! 2593: mr = ipc_kmsg_copyout_header(&kmsg->ikm_header, space, notify); ! 2594: if (mr != MACH_MSG_SUCCESS) ! 2595: return mr; ! 2596: ! 2597: if (kmsg->ikm_header.msgh_bits & MACH_MSGH_BITS_COMPLEX) { ! 2598: mr = ipc_kmsg_copyout_body(kmsg, space, map, slist); ! 2599: ! 2600: if (mr != MACH_MSG_SUCCESS) ! 2601: mr |= MACH_RCV_BODY_ERROR; ! 2602: } ! 2603: ! 2604: return mr; ! 2605: } ! 2606: ! 2607: /* ! 2608: * Routine: ipc_kmsg_copyout_pseudo ! 2609: * Purpose: ! 2610: * Does a pseudo-copyout of the message. ! 2611: * This is like a regular copyout, except ! 2612: * that the ports in the header are handled ! 2613: * as if they are in the body. They aren't reversed. ! 2614: * ! 2615: * The error codes are a combination of special bits. ! 2616: * The copyout proceeds despite errors. ! 2617: * Conditions: ! 2618: * Nothing locked. ! 2619: * Returns: ! 2620: * MACH_MSG_SUCCESS Successful copyout. ! 2621: * MACH_MSG_IPC_SPACE No room for port right in name space. ! 2622: * MACH_MSG_VM_SPACE No room for memory in address space. ! 2623: * MACH_MSG_IPC_KERNEL Resource shortage handling port right. ! 2624: * MACH_MSG_VM_KERNEL Resource shortage handling memory. ! 2625: */ ! 2626: ! 2627: mach_msg_return_t ! 2628: ipc_kmsg_copyout_pseudo( ! 2629: ipc_kmsg_t kmsg, ! 2630: ipc_space_t space, ! 2631: vm_map_t map, ! 2632: mach_msg_body_t *slist) ! 2633: { ! 2634: mach_msg_bits_t mbits = kmsg->ikm_header.msgh_bits; ! 2635: ipc_object_t dest = (ipc_object_t) kmsg->ikm_header.msgh_remote_port; ! 2636: ipc_object_t reply = (ipc_object_t) kmsg->ikm_header.msgh_local_port; ! 2637: mach_msg_type_name_t dest_type = MACH_MSGH_BITS_REMOTE(mbits); ! 2638: mach_msg_type_name_t reply_type = MACH_MSGH_BITS_LOCAL(mbits); ! 2639: mach_port_name_t dest_name, reply_name; ! 2640: mach_msg_return_t mr; ! 2641: ! 2642: assert(IO_VALID(dest)); ! 2643: ! 2644: mr = (ipc_kmsg_copyout_object(space, dest, dest_type, &dest_name) | ! 2645: ipc_kmsg_copyout_object(space, reply, reply_type, &reply_name)); ! 2646: ! 2647: kmsg->ikm_header.msgh_bits = mbits &~ MACH_MSGH_BITS_CIRCULAR; ! 2648: kmsg->ikm_header.msgh_remote_port = (ipc_port_t)dest_name; ! 2649: kmsg->ikm_header.msgh_local_port = (ipc_port_t)reply_name; ! 2650: ! 2651: if (mbits & MACH_MSGH_BITS_COMPLEX) { ! 2652: mr |= ipc_kmsg_copyout_body(kmsg, space, map, slist); ! 2653: } ! 2654: ! 2655: return mr; ! 2656: } ! 2657: ! 2658: /* ! 2659: * Routine: ipc_kmsg_copyout_dest ! 2660: * Purpose: ! 2661: * Copies out the destination port in the message. ! 2662: * Destroys all other rights and memory in the message. ! 2663: * Conditions: ! 2664: * Nothing locked. ! 2665: */ ! 2666: ! 2667: void ! 2668: ipc_kmsg_copyout_dest( ! 2669: ipc_kmsg_t kmsg, ! 2670: ipc_space_t space) ! 2671: { ! 2672: mach_msg_bits_t mbits; ! 2673: ipc_object_t dest; ! 2674: ipc_object_t reply; ! 2675: mach_msg_type_name_t dest_type; ! 2676: mach_msg_type_name_t reply_type; ! 2677: mach_port_name_t dest_name, reply_name; ! 2678: ! 2679: mbits = kmsg->ikm_header.msgh_bits; ! 2680: dest = (ipc_object_t) kmsg->ikm_header.msgh_remote_port; ! 2681: reply = (ipc_object_t) kmsg->ikm_header.msgh_local_port; ! 2682: dest_type = MACH_MSGH_BITS_REMOTE(mbits); ! 2683: reply_type = MACH_MSGH_BITS_LOCAL(mbits); ! 2684: ! 2685: assert(IO_VALID(dest)); ! 2686: ! 2687: io_lock(dest); ! 2688: if (io_active(dest)) { ! 2689: ipc_object_copyout_dest(space, dest, dest_type, &dest_name); ! 2690: /* dest is unlocked */ ! 2691: } else { ! 2692: io_release(dest); ! 2693: io_check_unlock(dest); ! 2694: dest_name = MACH_PORT_DEAD; ! 2695: } ! 2696: ! 2697: if (IO_VALID(reply)) { ! 2698: ipc_object_destroy(reply, reply_type); ! 2699: reply_name = MACH_PORT_NULL; ! 2700: } else ! 2701: reply_name = (mach_port_name_t) reply; ! 2702: ! 2703: kmsg->ikm_header.msgh_bits = (MACH_MSGH_BITS_OTHER(mbits) | ! 2704: MACH_MSGH_BITS(reply_type, dest_type)); ! 2705: kmsg->ikm_header.msgh_local_port = (ipc_port_t)dest_name; ! 2706: kmsg->ikm_header.msgh_remote_port = (ipc_port_t)reply_name; ! 2707: ! 2708: if (mbits & MACH_MSGH_BITS_COMPLEX) { ! 2709: mach_msg_body_t *body; ! 2710: ! 2711: body = (mach_msg_body_t *) (&kmsg->ikm_header + 1); ! 2712: ipc_kmsg_clean_body(kmsg, body->msgh_descriptor_count); ! 2713: } ! 2714: } ! 2715: ! 2716: /* ! 2717: * Routine: ipc_kmsg_check_scatter ! 2718: * Purpose: ! 2719: * Checks scatter and gather lists for consistency. ! 2720: * ! 2721: * Algorithm: ! 2722: * The gather is assumed valid since it has been copied in. ! 2723: * The scatter list has only been range checked. ! 2724: * Gather list descriptors are sequentially paired with scatter ! 2725: * list descriptors, with port descriptors in either list ignored. ! 2726: * Descriptors are consistent if the type fileds match and size ! 2727: * of the scatter descriptor is less than or equal to the ! 2728: * size of the gather descriptor. A MACH_MSG_ALLOCATE copy ! 2729: * strategy in a scatter descriptor matches any size in the ! 2730: * corresponding gather descriptor assuming they are the same type. ! 2731: * Either list may be larger than the other. During the ! 2732: * subsequent copy out, excess scatter descriptors are ignored ! 2733: * and excess gather descriptors default to dynamic allocation. ! 2734: * ! 2735: * In the case of a size error, a new scatter list is formed ! 2736: * from the gather list copying only the size and type fields. ! 2737: * ! 2738: * Conditions: ! 2739: * Nothing locked. ! 2740: * Returns: ! 2741: * MACH_MSG_SUCCESS Lists are consistent ! 2742: * MACH_RCV_INVALID_TYPE Scatter type does not match ! 2743: * gather type ! 2744: * MACH_RCV_SCATTER_SMALL Scatter size less than gather ! 2745: * size ! 2746: */ ! 2747: ! 2748: mach_msg_return_t ! 2749: ipc_kmsg_check_scatter( ! 2750: ipc_kmsg_t kmsg, ! 2751: mach_msg_option_t option, ! 2752: mach_msg_body_t **slistp, ! 2753: mach_msg_size_t *sizep) ! 2754: { ! 2755: mach_msg_body_t *body; ! 2756: mach_msg_descriptor_t *gstart, *gend; ! 2757: mach_msg_descriptor_t *sstart, *send; ! 2758: mach_msg_return_t mr = MACH_MSG_SUCCESS; ! 2759: ! 2760: assert(*slistp != MACH_MSG_BODY_NULL); ! 2761: assert(*sizep != 0); ! 2762: ! 2763: body = (mach_msg_body_t *) (&kmsg->ikm_header + 1); ! 2764: gstart = (mach_msg_descriptor_t *) (body + 1); ! 2765: gend = gstart + body->msgh_descriptor_count; ! 2766: ! 2767: sstart = (mach_msg_descriptor_t *) (*slistp + 1); ! 2768: send = sstart + (*slistp)->msgh_descriptor_count; ! 2769: ! 2770: while (gstart < gend) { ! 2771: mach_msg_descriptor_type_t g_type; ! 2772: ! 2773: /* ! 2774: * Skip port descriptors in gather list. ! 2775: */ ! 2776: g_type = gstart->type.type; ! 2777: ! 2778: if (g_type != MACH_MSG_PORT_DESCRIPTOR) { ! 2779: ! 2780: /* ! 2781: * A scatter list with a 0 descriptor count is treated as an ! 2782: * automatic size mismatch. ! 2783: */ ! 2784: if ((*slistp)->msgh_descriptor_count == 0) { ! 2785: return(MACH_RCV_SCATTER_SMALL); ! 2786: } ! 2787: ! 2788: /* ! 2789: * Skip port descriptors in scatter list. ! 2790: */ ! 2791: while (sstart < send) { ! 2792: if (sstart->type.type != MACH_MSG_PORT_DESCRIPTOR) ! 2793: break; ! 2794: sstart++; ! 2795: } ! 2796: ! 2797: /* ! 2798: * No more scatter descriptors, we're done ! 2799: */ ! 2800: if (sstart >= send) { ! 2801: break; ! 2802: } ! 2803: ! 2804: /* ! 2805: * Check type, copy and size fields ! 2806: */ ! 2807: if (g_type == MACH_MSG_OOL_DESCRIPTOR || ! 2808: g_type == MACH_MSG_OOL_VOLATILE_DESCRIPTOR) { ! 2809: if (sstart->type.type != MACH_MSG_OOL_DESCRIPTOR && ! 2810: sstart->type.type != MACH_MSG_OOL_VOLATILE_DESCRIPTOR) { ! 2811: return(MACH_RCV_INVALID_TYPE); ! 2812: } ! 2813: if (sstart->out_of_line.copy == MACH_MSG_OVERWRITE && ! 2814: gstart->out_of_line.size > sstart->out_of_line.size) { ! 2815: return(MACH_RCV_SCATTER_SMALL); ! 2816: } ! 2817: } ! 2818: else { ! 2819: if (sstart->type.type != MACH_MSG_OOL_PORTS_DESCRIPTOR) { ! 2820: return(MACH_RCV_INVALID_TYPE); ! 2821: } ! 2822: if (sstart->ool_ports.copy == MACH_MSG_OVERWRITE && ! 2823: gstart->ool_ports.count > sstart->ool_ports.count) { ! 2824: return(MACH_RCV_SCATTER_SMALL); ! 2825: } ! 2826: } ! 2827: sstart++; ! 2828: } ! 2829: gstart++; ! 2830: } ! 2831: ! 2832: return(mr); ! 2833: } ! 2834: ! 2835: ! 2836: /* ! 2837: * We keep a per-processor cache of kernel message buffers. ! 2838: * The cache saves the overhead/locking of using kalloc/kfree. ! 2839: * The per-processor cache seems to miss less than a per-thread cache, ! 2840: * and it also uses less memory. Access to the cache doesn't ! 2841: * require locking. ! 2842: */ ! 2843: #define IKM_STASH 16 /* # of cache entries per cpu */ ! 2844: ipc_kmsg_t ipc_kmsg_cache[ NCPUS ][ IKM_STASH ]; ! 2845: unsigned int ipc_kmsg_cache_avail[NCPUS]; ! 2846: counter(unsigned int c_ipc_kmsg_cache_tries = 0;) ! 2847: counter(unsigned int c_ipc_kmsg_cache_misses = 0;) ! 2848: ! 2849: /* ! 2850: * Routine: ikm_cache_get ! 2851: * Purpose: Attempt to allocate from the per-cpu IKM cache. ! 2852: * Conditions: Nothing locked. ! 2853: * ! 2854: * If the IKM cache for the current cpu is not empty, this routine ! 2855: * will return the address of the block, nulling out the cache. ! 2856: * TRUE is returned for success, FALSE for failure. ! 2857: * Preemption must be disabled while in here. ! 2858: */ ! 2859: ! 2860: boolean_t ! 2861: ikm_cache_get( ! 2862: ipc_kmsg_t * kmsg) ! 2863: { ! 2864: register unsigned int cpu, i; ! 2865: ! 2866: counter(++c_ipc_kmsg_cache_tries); ! 2867: disable_preemption(); ! 2868: cpu = cpu_number(); ! 2869: ! 2870: if (ipc_kmsg_cache_avail[cpu]) { ! 2871: for (i = 0; i < IKM_STASH; i++) { ! 2872: if ( *kmsg = ipc_kmsg_cache[cpu][i] ) { ! 2873: ipc_kmsg_cache[cpu][i] = IKM_NULL; ! 2874: ipc_kmsg_cache_avail[cpu]--; ! 2875: enable_preemption(); ! 2876: return(TRUE); ! 2877: } ! 2878: } ! 2879: } ! 2880: ! 2881: enable_preemption(); ! 2882: counter(++c_ipc_kmsg_cache_misses); ! 2883: return(FALSE); ! 2884: } ! 2885: ! 2886: /* ! 2887: * Routine: ikm_cache_put ! 2888: * Purpose: Attempt to free a block to the per-cpu IKM cache. ! 2889: * Conditions: Nothing locked. ! 2890: * ! 2891: * If the IKM cache for the current cpu is empty, this routine ! 2892: * will store its argument into the cache. ! 2893: * TRUE is returned for success, FALSE for failure. ! 2894: * Preemption must be disabled while in here. ! 2895: */ ! 2896: ! 2897: boolean_t ! 2898: ikm_cache_put( ! 2899: ipc_kmsg_t kmsg) ! 2900: { ! 2901: unsigned int cpu, i; ! 2902: ! 2903: disable_preemption(); ! 2904: cpu = cpu_number(); ! 2905: ! 2906: if (ipc_kmsg_cache_avail[cpu] < IKM_STASH) { ! 2907: for (i = 0; i < IKM_STASH; i++) { ! 2908: if (ipc_kmsg_cache[cpu][i] == IKM_NULL) { ! 2909: ipc_kmsg_cache[cpu][i] = kmsg; ! 2910: ipc_kmsg_cache_avail[cpu]++; ! 2911: enable_preemption(); ! 2912: return(TRUE); ! 2913: } ! 2914: } ! 2915: } ! 2916: ! 2917: enable_preemption(); ! 2918: return(FALSE); ! 2919: } ! 2920: ! 2921: ! 2922: void ! 2923: ikm_cache_init() ! 2924: { ! 2925: unsigned int cpu, i; ! 2926: ! 2927: for (cpu = 0; cpu < NCPUS; ++cpu) { ! 2928: ipc_kmsg_cache_avail[cpu] = 0; ! 2929: for (i = 0; i < IKM_STASH; ++i) ! 2930: ipc_kmsg_cache[cpu][i] = IKM_NULL; ! 2931: } ! 2932: } ! 2933: ! 2934: ! 2935: /* ! 2936: * Routine: ipc_kmsg_copyout_to_kernel ! 2937: * Purpose: ! 2938: * Copies out the destination and reply ports in the message. ! 2939: * Leaves all other rights and memory in the message alone. ! 2940: * Conditions: ! 2941: * Nothing locked. ! 2942: * ! 2943: * Derived from ipc_kmsg_copyout_dest. ! 2944: * Use by mach_msg_rpc_from_kernel (which used to use copyout_dest). ! 2945: * We really do want to save rights and memory. ! 2946: */ ! 2947: ! 2948: void ! 2949: ipc_kmsg_copyout_to_kernel( ! 2950: ipc_kmsg_t kmsg, ! 2951: ipc_space_t space) ! 2952: { ! 2953: ipc_object_t dest; ! 2954: ipc_object_t reply; ! 2955: mach_msg_type_name_t dest_type; ! 2956: mach_msg_type_name_t reply_type; ! 2957: mach_port_name_t dest_name, reply_name; ! 2958: ! 2959: dest = (ipc_object_t) kmsg->ikm_header.msgh_remote_port; ! 2960: reply = (ipc_object_t) kmsg->ikm_header.msgh_local_port; ! 2961: dest_type = MACH_MSGH_BITS_REMOTE(kmsg->ikm_header.msgh_bits); ! 2962: reply_type = MACH_MSGH_BITS_LOCAL(kmsg->ikm_header.msgh_bits); ! 2963: ! 2964: assert(IO_VALID(dest)); ! 2965: ! 2966: io_lock(dest); ! 2967: if (io_active(dest)) { ! 2968: ipc_object_copyout_dest(space, dest, dest_type, &dest_name); ! 2969: /* dest is unlocked */ ! 2970: } else { ! 2971: io_release(dest); ! 2972: io_check_unlock(dest); ! 2973: dest_name = MACH_PORT_DEAD; ! 2974: } ! 2975: ! 2976: reply_name = (mach_port_name_t) reply; ! 2977: ! 2978: kmsg->ikm_header.msgh_bits = ! 2979: (MACH_MSGH_BITS_OTHER(kmsg->ikm_header.msgh_bits) | ! 2980: MACH_MSGH_BITS(reply_type, dest_type)); ! 2981: kmsg->ikm_header.msgh_local_port = (ipc_port_t)dest_name; ! 2982: kmsg->ikm_header.msgh_remote_port = (ipc_port_t)reply_name; ! 2983: } ! 2984: ! 2985: #include <mach_kdb.h> ! 2986: #if MACH_KDB ! 2987: ! 2988: #include <ddb/db_output.h> ! 2989: #include <ipc/ipc_print.h> ! 2990: /* ! 2991: * Forward declarations ! 2992: */ ! 2993: void ipc_msg_print_untyped( ! 2994: mach_msg_body_t *body); ! 2995: ! 2996: char * ipc_type_name( ! 2997: int type_name, ! 2998: boolean_t received); ! 2999: ! 3000: void ipc_print_type_name( ! 3001: int type_name); ! 3002: ! 3003: char * ! 3004: msgh_bit_decode( ! 3005: mach_msg_bits_t bit); ! 3006: ! 3007: char * ! 3008: mm_copy_options_string( ! 3009: mach_msg_copy_options_t option); ! 3010: ! 3011: void db_print_msg_uid(mach_msg_header_t *); ! 3012: ! 3013: ! 3014: char * ! 3015: ipc_type_name( ! 3016: int type_name, ! 3017: boolean_t received) ! 3018: { ! 3019: switch (type_name) { ! 3020: case MACH_MSG_TYPE_PORT_NAME: ! 3021: return "port_name"; ! 3022: ! 3023: case MACH_MSG_TYPE_MOVE_RECEIVE: ! 3024: if (received) { ! 3025: return "port_receive"; ! 3026: } else { ! 3027: return "move_receive"; ! 3028: } ! 3029: ! 3030: case MACH_MSG_TYPE_MOVE_SEND: ! 3031: if (received) { ! 3032: return "port_send"; ! 3033: } else { ! 3034: return "move_send"; ! 3035: } ! 3036: ! 3037: case MACH_MSG_TYPE_MOVE_SEND_ONCE: ! 3038: if (received) { ! 3039: return "port_send_once"; ! 3040: } else { ! 3041: return "move_send_once"; ! 3042: } ! 3043: ! 3044: case MACH_MSG_TYPE_COPY_SEND: ! 3045: return "copy_send"; ! 3046: ! 3047: case MACH_MSG_TYPE_MAKE_SEND: ! 3048: return "make_send"; ! 3049: ! 3050: case MACH_MSG_TYPE_MAKE_SEND_ONCE: ! 3051: return "make_send_once"; ! 3052: ! 3053: default: ! 3054: return (char *) 0; ! 3055: } ! 3056: } ! 3057: ! 3058: void ! 3059: ipc_print_type_name( ! 3060: int type_name) ! 3061: { ! 3062: char *name = ipc_type_name(type_name, TRUE); ! 3063: if (name) { ! 3064: printf("%s", name); ! 3065: } else { ! 3066: printf("type%d", type_name); ! 3067: } ! 3068: } ! 3069: ! 3070: /* ! 3071: * ipc_kmsg_print [ debug ] ! 3072: */ ! 3073: void ! 3074: ipc_kmsg_print( ! 3075: ipc_kmsg_t kmsg) ! 3076: { ! 3077: iprintf("kmsg=0x%x\n", kmsg); ! 3078: iprintf("ikm_next=0x%x, prev=0x%x, size=%d", ! 3079: kmsg->ikm_next, ! 3080: kmsg->ikm_prev, ! 3081: kmsg->ikm_size); ! 3082: printf("\n"); ! 3083: ipc_msg_print(&kmsg->ikm_header); ! 3084: } ! 3085: ! 3086: char * ! 3087: msgh_bit_decode( ! 3088: mach_msg_bits_t bit) ! 3089: { ! 3090: switch (bit) { ! 3091: case MACH_MSGH_BITS_COMPLEX: return "complex"; ! 3092: case MACH_MSGH_BITS_CIRCULAR: return "circular"; ! 3093: case MACH_MSGH_BITS_RTALLOC: return "rtmalloc"; ! 3094: default: return (char *) 0; ! 3095: } ! 3096: } ! 3097: ! 3098: /* ! 3099: * ipc_msg_print [ debug ] ! 3100: */ ! 3101: void ! 3102: ipc_msg_print( ! 3103: mach_msg_header_t *msgh) ! 3104: { ! 3105: mach_msg_bits_t mbits; ! 3106: unsigned int bit, i; ! 3107: char *bit_name; ! 3108: int needs_comma; ! 3109: ! 3110: mbits = msgh->msgh_bits; ! 3111: iprintf("msgh_bits=0x%x: l=0x%x,r=0x%x\n", ! 3112: mbits, ! 3113: MACH_MSGH_BITS_LOCAL(msgh->msgh_bits), ! 3114: MACH_MSGH_BITS_REMOTE(msgh->msgh_bits)); ! 3115: ! 3116: mbits = MACH_MSGH_BITS_OTHER(mbits) & ~MACH_MSGH_BITS_UNUSED; ! 3117: db_indent += 2; ! 3118: if (mbits) ! 3119: iprintf("decoded bits: "); ! 3120: needs_comma = 0; ! 3121: for (i = 0, bit = 1; i < sizeof(mbits) * 8; ++i, bit <<= 1) { ! 3122: if ((mbits & bit) == 0) ! 3123: continue; ! 3124: bit_name = msgh_bit_decode((mach_msg_bits_t)bit); ! 3125: if (bit_name) ! 3126: printf("%s%s", needs_comma ? "," : "", bit_name); ! 3127: else ! 3128: printf("%sunknown(0x%x),", needs_comma ? "," : "", bit); ! 3129: ++needs_comma; ! 3130: } ! 3131: if (msgh->msgh_bits & MACH_MSGH_BITS_UNUSED) { ! 3132: printf("%sunused=0x%x,", needs_comma ? "," : "", ! 3133: msgh->msgh_bits & MACH_MSGH_BITS_UNUSED); ! 3134: } ! 3135: printf("\n"); ! 3136: db_indent -= 2; ! 3137: ! 3138: needs_comma = 1; ! 3139: if (msgh->msgh_remote_port) { ! 3140: iprintf("remote=0x%x(", msgh->msgh_remote_port); ! 3141: ipc_print_type_name(MACH_MSGH_BITS_REMOTE(msgh->msgh_bits)); ! 3142: printf(")"); ! 3143: } else { ! 3144: iprintf("remote=null"); ! 3145: } ! 3146: ! 3147: if (msgh->msgh_local_port) { ! 3148: printf("%slocal=0x%x(", needs_comma ? "," : "", ! 3149: msgh->msgh_local_port); ! 3150: ipc_print_type_name(MACH_MSGH_BITS_LOCAL(msgh->msgh_bits)); ! 3151: printf(")\n"); ! 3152: } else { ! 3153: printf("local=null\n"); ! 3154: } ! 3155: ! 3156: iprintf("msgh_id=%d, size=%d\n", ! 3157: msgh->msgh_id, ! 3158: msgh->msgh_size); ! 3159: ! 3160: if (mbits & MACH_MSGH_BITS_COMPLEX) { ! 3161: ipc_msg_print_untyped((mach_msg_body_t *) (msgh + 1)); ! 3162: } ! 3163: } ! 3164: ! 3165: ! 3166: char * ! 3167: mm_copy_options_string( ! 3168: mach_msg_copy_options_t option) ! 3169: { ! 3170: char *name; ! 3171: ! 3172: switch (option) { ! 3173: case MACH_MSG_PHYSICAL_COPY: ! 3174: name = "PHYSICAL"; ! 3175: break; ! 3176: case MACH_MSG_VIRTUAL_COPY: ! 3177: name = "VIRTUAL"; ! 3178: break; ! 3179: case MACH_MSG_OVERWRITE: ! 3180: name = "OVERWRITE"; ! 3181: break; ! 3182: case MACH_MSG_ALLOCATE: ! 3183: name = "ALLOCATE"; ! 3184: break; ! 3185: case MACH_MSG_KALLOC_COPY_T: ! 3186: name = "KALLOC_COPY_T"; ! 3187: break; ! 3188: case MACH_MSG_PAGE_LIST_COPY_T: ! 3189: name = "PAGE_LIST_COPY_T"; ! 3190: break; ! 3191: default: ! 3192: name = "unknown"; ! 3193: break; ! 3194: } ! 3195: return name; ! 3196: } ! 3197: ! 3198: void ! 3199: ipc_msg_print_untyped( ! 3200: mach_msg_body_t *body) ! 3201: { ! 3202: mach_msg_descriptor_t *saddr, *send; ! 3203: mach_msg_descriptor_type_t type; ! 3204: ! 3205: iprintf("%d descriptors %d: \n", body->msgh_descriptor_count); ! 3206: ! 3207: saddr = (mach_msg_descriptor_t *) (body + 1); ! 3208: send = saddr + body->msgh_descriptor_count; ! 3209: ! 3210: for ( ; saddr < send; saddr++ ) { ! 3211: ! 3212: type = saddr->type.type; ! 3213: ! 3214: switch (type) { ! 3215: ! 3216: case MACH_MSG_PORT_DESCRIPTOR: { ! 3217: mach_msg_port_descriptor_t *dsc; ! 3218: ! 3219: dsc = &saddr->port; ! 3220: iprintf("-- PORT name = 0x%x disp = ", dsc->name); ! 3221: ipc_print_type_name(dsc->disposition); ! 3222: printf("\n"); ! 3223: break; ! 3224: } ! 3225: case MACH_MSG_OOL_VOLATILE_DESCRIPTOR: ! 3226: case MACH_MSG_OOL_DESCRIPTOR: { ! 3227: mach_msg_ool_descriptor_t *dsc; ! 3228: ! 3229: dsc = &saddr->out_of_line; ! 3230: iprintf("-- OOL%s addr = 0x%x size = 0x%x copy = %s %s\n", ! 3231: type == MACH_MSG_OOL_DESCRIPTOR ? "" : " VOLATILE", ! 3232: dsc->address, dsc->size, ! 3233: mm_copy_options_string(dsc->copy), ! 3234: dsc->deallocate ? "DEALLOC" : ""); ! 3235: break; ! 3236: } ! 3237: case MACH_MSG_OOL_PORTS_DESCRIPTOR : { ! 3238: mach_msg_ool_ports_descriptor_t *dsc; ! 3239: ! 3240: dsc = &saddr->ool_ports; ! 3241: ! 3242: iprintf("-- OOL_PORTS addr = 0x%x count = 0x%x ", ! 3243: dsc->address, dsc->count); ! 3244: printf("disp = "); ! 3245: ipc_print_type_name(dsc->disposition); ! 3246: printf(" copy = %s %s\n", ! 3247: mm_copy_options_string(dsc->copy), ! 3248: dsc->deallocate ? "DEALLOC" : ""); ! 3249: break; ! 3250: } ! 3251: ! 3252: default: { ! 3253: iprintf("-- UNKNOWN DESCRIPTOR 0x%x\n", type); ! 3254: break; ! 3255: } ! 3256: } ! 3257: } ! 3258: } ! 3259: #endif /* MACH_KDB */
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.