![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ipc_object.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Apple XNU] / XNU / osfmk / ipc|
Return to ipc_object.c CVS log | Up to [Apple XNU] / XNU / osfmk / ipc |
1.1 root 1: /*
2: * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
3: *
4: * @APPLE_LICENSE_HEADER_START@
5: *
6: * The contents of this file constitute Original Code as defined in and
7: * are subject to the Apple Public Source License Version 1.1 (the
8: * "License"). You may not use this file except in compliance with the
9: * License. Please obtain a copy of the License at
10: * http://www.apple.com/publicsource and read it before using this file.
11: *
12: * This Original Code and all software distributed under the License are
13: * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14: * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15: * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16: * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17: * License for the specific language governing rights and limitations
18: * under the License.
19: *
20: * @APPLE_LICENSE_HEADER_END@
21: */
22: /*
23: * @OSF_COPYRIGHT@
24: */
25: /*
26: * Mach Operating System
27: * Copyright (c) 1991,1990,1989 Carnegie Mellon University
28: * All Rights Reserved.
29: *
30: * Permission to use, copy, modify and distribute this software and its
31: * documentation is hereby granted, provided that both the copyright
32: * notice and this permission notice appear in all copies of the
33: * software, derivative works or modified versions, and any portions
34: * thereof, and that both notices appear in supporting documentation.
35: *
36: * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
37: * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
38: * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
39: *
40: * Carnegie Mellon requests users of this software to return to
41: *
42: * Software Distribution Coordinator or [email protected]
43: * School of Computer Science
44: * Carnegie Mellon University
45: * Pittsburgh PA 15213-3890
46: *
47: * any improvements or extensions that they make and grant Carnegie Mellon
48: * the rights to redistribute these changes.
49: */
50: /*
51: */
52: /*
53: * File: ipc/ipc_object.c
54: * Author: Rich Draves
55: * Date: 1989
56: *
57: * Functions to manipulate IPC objects.
58: */
59:
60: #include <dipc.h>
61: #include <mach_rt.h>
62:
63: #include <mach/boolean.h>
64: #include <mach/kern_return.h>
65: #include <mach/port.h>
66: #include <mach/message.h>
67: #include <kern/misc_protos.h>
68: #include <ipc/port.h>
69: #include <ipc/ipc_space.h>
70: #include <ipc/ipc_entry.h>
71: #include <ipc/ipc_object.h>
72: #include <ipc/ipc_hash.h>
73: #include <ipc/ipc_right.h>
74: #include <ipc/ipc_notify.h>
75: #include <ipc/ipc_pset.h>
76:
77: zone_t ipc_object_zones[IOT_NUMBER];
78:
79: /*
80: * Routine: ipc_object_reference
81: * Purpose:
82: * Take a reference to an object.
83: */
84:
85: void
86: ipc_object_reference(
87: ipc_object_t object)
88: {
89: io_lock(object);
90: assert(object->io_references > 0);
91: io_reference(object);
92: io_unlock(object);
93: }
94:
95: /*
96: * Routine: ipc_object_release
97: * Purpose:
98: * Release a reference to an object.
99: */
100:
101: void
102: ipc_object_release(
103: ipc_object_t object)
104: {
105: io_lock(object);
106: assert(object->io_references > 0);
107: io_release(object);
108: io_check_unlock(object);
109: }
110:
111: /*
112: * Routine: ipc_object_translate
113: * Purpose:
114: * Look up an object in a space.
115: * Conditions:
116: * Nothing locked before. If successful, the object
117: * is returned locked. The caller doesn't get a ref.
118: * Returns:
119: * KERN_SUCCESS Objected returned locked.
120: * KERN_INVALID_TASK The space is dead.
121: * KERN_INVALID_NAME The name doesn't denote a right.
122: * KERN_INVALID_RIGHT Name doesn't denote the correct right.
123: */
124:
125: kern_return_t
126: ipc_object_translate(
127: ipc_space_t space,
128: mach_port_name_t name,
129: mach_port_right_t right,
130: ipc_object_t *objectp)
131: {
132: ipc_entry_t entry;
133: ipc_object_t object;
134: kern_return_t kr;
135:
136: kr = ipc_right_lookup_read(space, name, &entry);
137: if (kr != KERN_SUCCESS)
138: return kr;
139: /* space is read-locked and active */
140:
141: if ((entry->ie_bits & MACH_PORT_TYPE(right)) == MACH_PORT_TYPE_NONE) {
142: is_read_unlock(space);
143: return KERN_INVALID_RIGHT;
144: }
145:
146: object = entry->ie_object;
147: assert(object != IO_NULL);
148:
149: io_lock(object);
150: is_read_unlock(space);
151:
152: *objectp = object;
153: return KERN_SUCCESS;
154: }
155:
156: /*
157: * Routine: ipc_object_alloc_dead
158: * Purpose:
159: * Allocate a dead-name entry.
160: * Conditions:
161: * Nothing locked.
162: * Returns:
163: * KERN_SUCCESS The dead name is allocated.
164: * KERN_INVALID_TASK The space is dead.
165: * KERN_NO_SPACE No room for an entry in the space.
166: * KERN_RESOURCE_SHORTAGE Couldn't allocate memory.
167: */
168:
169: kern_return_t
170: ipc_object_alloc_dead(
171: ipc_space_t space,
172: mach_port_name_t *namep)
173: {
174: ipc_entry_t entry;
175: kern_return_t kr;
176:
177: int i;
178:
179:
180: kr = ipc_entry_alloc(space, namep, &entry);
181: if (kr != KERN_SUCCESS)
182: return kr;
183: /* space is write-locked */
184:
185: /* null object, MACH_PORT_TYPE_DEAD_NAME, 1 uref */
186:
187: assert(entry->ie_object == IO_NULL);
188: entry->ie_bits |= MACH_PORT_TYPE_DEAD_NAME | 1;
189:
190: is_write_unlock(space);
191: return KERN_SUCCESS;
192: }
193:
194: /*
195: * Routine: ipc_object_alloc_dead_name
196: * Purpose:
197: * Allocate a dead-name entry, with a specific name.
198: * Conditions:
199: * Nothing locked.
200: * Returns:
201: * KERN_SUCCESS The dead name is allocated.
202: * KERN_INVALID_TASK The space is dead.
203: * KERN_NAME_EXISTS The name already denotes a right.
204: * KERN_RESOURCE_SHORTAGE Couldn't allocate memory.
205: */
206:
207: kern_return_t
208: ipc_object_alloc_dead_name(
209: ipc_space_t space,
210: mach_port_name_t name)
211: {
212: ipc_entry_t entry;
213: kern_return_t kr;
214:
215: int i;
216:
217:
218: kr = ipc_entry_alloc_name(space, name, &entry);
219: if (kr != KERN_SUCCESS)
220: return kr;
221: /* space is write-locked */
222:
223: if (ipc_right_inuse(space, name, entry))
224: return KERN_NAME_EXISTS;
225:
226: /* null object, MACH_PORT_TYPE_DEAD_NAME, 1 uref */
227:
228: assert(entry->ie_object == IO_NULL);
229: entry->ie_bits |= MACH_PORT_TYPE_DEAD_NAME | 1;
230:
231: is_write_unlock(space);
232: return KERN_SUCCESS;
233: }
234:
235: /*
236: * Routine: ipc_object_alloc
237: * Purpose:
238: * Allocate an object.
239: * Conditions:
240: * Nothing locked. If successful, the object is returned locked.
241: * The caller doesn't get a reference for the object.
242: * Returns:
243: * KERN_SUCCESS The object is allocated.
244: * KERN_INVALID_TASK The space is dead.
245: * KERN_NO_SPACE No room for an entry in the space.
246: * KERN_RESOURCE_SHORTAGE Couldn't allocate memory.
247: */
248:
249: kern_return_t
250: ipc_object_alloc(
251: ipc_space_t space,
252: ipc_object_type_t otype,
253: mach_port_type_t type,
254: mach_port_urefs_t urefs,
255: mach_port_name_t *namep,
256: ipc_object_t *objectp)
257: {
258: ipc_object_t object;
259: ipc_entry_t entry;
260: kern_return_t kr;
261:
262: assert(otype < IOT_NUMBER);
263: assert((type & MACH_PORT_TYPE_ALL_RIGHTS) == type);
264: assert(type != MACH_PORT_TYPE_NONE);
265: assert(urefs <= MACH_PORT_UREFS_MAX);
266:
267: object = io_alloc(otype);
268: if (object == IO_NULL)
269: return KERN_RESOURCE_SHORTAGE;
270:
271: if (otype == IOT_PORT) {
272: ipc_port_t port = (ipc_port_t)object;
273:
274: bzero((char *)port, sizeof(*port));
275: } else if (otype == IOT_PORT_SET) {
276: ipc_pset_t pset = (ipc_pset_t)object;
277:
278: bzero((char *)pset, sizeof(*pset));
279: }
280:
281: io_lock_init(object);
282: *namep = (mach_port_name_t)object;
283: kr = ipc_entry_alloc(space, namep, &entry);
284: if (kr != KERN_SUCCESS) {
285: io_free(otype, object);
286: return kr;
287: }
288: /* space is write-locked */
289:
290: entry->ie_bits |= type | urefs;
291: entry->ie_object = object;
292:
293: io_lock(object);
294: is_write_unlock(space);
295:
296: object->io_references = 1; /* for entry, not caller */
297: object->io_bits = io_makebits(TRUE, otype, 0);
298:
299: *objectp = object;
300: return KERN_SUCCESS;
301: }
302:
303: /*
304: * Routine: ipc_object_alloc_name
305: * Purpose:
306: * Allocate an object, with a specific name.
307: * Conditions:
308: * Nothing locked. If successful, the object is returned locked.
309: * The caller doesn't get a reference for the object.
310: * Returns:
311: * KERN_SUCCESS The object is allocated.
312: * KERN_INVALID_TASK The space is dead.
313: * KERN_NAME_EXISTS The name already denotes a right.
314: * KERN_RESOURCE_SHORTAGE Couldn't allocate memory.
315: */
316:
317: kern_return_t
318: ipc_object_alloc_name(
319: ipc_space_t space,
320: ipc_object_type_t otype,
321: mach_port_type_t type,
322: mach_port_urefs_t urefs,
323: mach_port_name_t name,
324: ipc_object_t *objectp)
325: {
326: ipc_object_t object;
327: ipc_entry_t entry;
328: kern_return_t kr;
329:
330: assert(otype < IOT_NUMBER);
331: assert((type & MACH_PORT_TYPE_ALL_RIGHTS) == type);
332: assert(type != MACH_PORT_TYPE_NONE);
333: assert(urefs <= MACH_PORT_UREFS_MAX);
334:
335: object = io_alloc(otype);
336: if (object == IO_NULL)
337: return KERN_RESOURCE_SHORTAGE;
338:
339: if (otype == IOT_PORT) {
340: ipc_port_t port = (ipc_port_t)object;
341:
342: bzero((char *)port, sizeof(*port));
343: } else if (otype == IOT_PORT_SET) {
344: ipc_pset_t pset = (ipc_pset_t)object;
345:
346: bzero((char *)pset, sizeof(*pset));
347: }
348:
349: io_lock_init(object);
350: kr = ipc_entry_alloc_name(space, name, &entry);
351: if (kr != KERN_SUCCESS) {
352: io_free(otype, object);
353: return kr;
354: }
355: /* space is write-locked */
356:
357: if (ipc_right_inuse(space, name, entry)) {
358: io_free(otype, object);
359: return KERN_NAME_EXISTS;
360: }
361:
362: entry->ie_bits |= type | urefs;
363: entry->ie_object = object;
364:
365: io_lock(object);
366: is_write_unlock(space);
367:
368: object->io_references = 1; /* for entry, not caller */
369: object->io_bits = io_makebits(TRUE, otype, 0);
370:
371: *objectp = object;
372: return KERN_SUCCESS;
373: }
374:
375: /*
376: * Routine: ipc_object_copyin_type
377: * Purpose:
378: * Convert a send type name to a received type name.
379: */
380:
381: mach_msg_type_name_t
382: ipc_object_copyin_type(
383: mach_msg_type_name_t msgt_name)
384: {
385: switch (msgt_name) {
386: case 0:
387: return 0;
388:
389: case MACH_MSG_TYPE_MOVE_RECEIVE:
390: case MACH_MSG_TYPE_COPY_RECEIVE:
391: return MACH_MSG_TYPE_PORT_RECEIVE;
392:
393: case MACH_MSG_TYPE_MOVE_SEND_ONCE:
394: case MACH_MSG_TYPE_MAKE_SEND_ONCE:
395: return MACH_MSG_TYPE_PORT_SEND_ONCE;
396:
397: case MACH_MSG_TYPE_MOVE_SEND:
398: case MACH_MSG_TYPE_MAKE_SEND:
399: case MACH_MSG_TYPE_COPY_SEND:
400: return MACH_MSG_TYPE_PORT_SEND;
401:
402: default:
403: panic("ipc_object_copyin_type: strange rights");
404: return (mach_msg_type_name_t) 0; /* Shut up the compiler */
405: }
406: }
407:
408: /*
409: * Routine: ipc_object_copyin
410: * Purpose:
411: * Copyin a capability from a space.
412: * If successful, the caller gets a ref
413: * for the resulting object, unless it is IO_DEAD.
414: * Conditions:
415: * Nothing locked.
416: * Returns:
417: * KERN_SUCCESS Acquired an object, possibly IO_DEAD.
418: * KERN_INVALID_TASK The space is dead.
419: * KERN_INVALID_NAME Name doesn't exist in space.
420: * KERN_INVALID_RIGHT Name doesn't denote correct right.
421: */
422:
423: kern_return_t
424: ipc_object_copyin(
425: ipc_space_t space,
426: mach_port_name_t name,
427: mach_msg_type_name_t msgt_name,
428: ipc_object_t *objectp)
429: {
430: ipc_entry_t entry;
431: ipc_port_t soright;
432: kern_return_t kr;
433:
434: int i;
435:
436: /*
437: * Could first try a read lock when doing
438: * MACH_MSG_TYPE_COPY_SEND, MACH_MSG_TYPE_MAKE_SEND,
439: * and MACH_MSG_TYPE_MAKE_SEND_ONCE.
440: */
441:
442: kr = ipc_right_lookup_write(space, name, &entry);
443: if (kr != KERN_SUCCESS)
444: return kr;
445: /* space is write-locked and active */
446:
447: kr = ipc_right_copyin(space, name, entry,
448: msgt_name, TRUE,
449: objectp, &soright);
450: if (IE_BITS_TYPE(entry->ie_bits) == MACH_PORT_TYPE_NONE)
451: ipc_entry_dealloc(space, name, entry);
452: is_write_unlock(space);
453:
454: if ((kr == KERN_SUCCESS) && (soright != IP_NULL))
455: ipc_notify_port_deleted(soright, name);
456:
457: return kr;
458: }
459:
460: /*
461: * Routine: ipc_object_copyin_from_kernel
462: * Purpose:
463: * Copyin a naked capability from the kernel.
464: *
465: * MACH_MSG_TYPE_MOVE_RECEIVE
466: * The receiver must be ipc_space_kernel.
467: * Consumes the naked receive right.
468: * MACH_MSG_TYPE_COPY_SEND
469: * A naked send right must be supplied.
470: * The port gains a reference, and a send right
471: * if the port is still active.
472: * MACH_MSG_TYPE_MAKE_SEND
473: * The receiver must be ipc_space_kernel.
474: * The port gains a reference and a send right.
475: * MACH_MSG_TYPE_MOVE_SEND
476: * Consumes a naked send right.
477: * MACH_MSG_TYPE_MAKE_SEND_ONCE
478: * The port gains a reference and a send-once right.
479: * Receiver also be the caller of device subsystem,
480: * so no assertion.
481: * MACH_MSG_TYPE_MOVE_SEND_ONCE
482: * Consumes a naked send-once right.
483: * Conditions:
484: * Nothing locked.
485: */
486:
487: void
488: ipc_object_copyin_from_kernel(
489: ipc_object_t object,
490: mach_msg_type_name_t msgt_name)
491: {
492: assert(IO_VALID(object));
493:
494: switch (msgt_name) {
495: case MACH_MSG_TYPE_MOVE_RECEIVE: {
496: ipc_port_t port = (ipc_port_t) object;
497:
498: ip_lock(port);
499: assert(ip_active(port));
500: assert(port->ip_receiver_name != MACH_PORT_NULL);
501: assert(port->ip_receiver == ipc_space_kernel);
502:
503: /* relevant part of ipc_port_clear_receiver */
504: ipc_port_set_mscount(port, 0);
505:
506: port->ip_receiver_name = MACH_PORT_NULL;
507: port->ip_destination = IP_NULL;
508: ip_unlock(port);
509: break;
510: }
511:
512: case MACH_MSG_TYPE_COPY_SEND: {
513: ipc_port_t port = (ipc_port_t) object;
514:
515: ip_lock(port);
516: if (ip_active(port)) {
517: assert(port->ip_srights > 0);
518: port->ip_srights++;
519: }
520: ip_reference(port);
521: ip_unlock(port);
522: break;
523: }
524:
525: case MACH_MSG_TYPE_MAKE_SEND: {
526: ipc_port_t port = (ipc_port_t) object;
527:
528: ip_lock(port);
529: assert(ip_active(port));
530: assert(port->ip_receiver_name != MACH_PORT_NULL);
531: assert(port->ip_receiver == ipc_space_kernel);
532:
533: ip_reference(port);
534: port->ip_mscount++;
535: port->ip_srights++;
536: ip_unlock(port);
537: break;
538: }
539:
540: case MACH_MSG_TYPE_MOVE_SEND:
541: /* move naked send right into the message */
542: break;
543:
544: case MACH_MSG_TYPE_MAKE_SEND_ONCE: {
545: ipc_port_t port = (ipc_port_t) object;
546:
547: ip_lock(port);
548: assert(ip_active(port));
549: assert(port->ip_receiver_name != MACH_PORT_NULL);
550:
551: ip_reference(port);
552: port->ip_sorights++;
553: ip_unlock(port);
554: break;
555: }
556:
557: case MACH_MSG_TYPE_MOVE_SEND_ONCE:
558: /* move naked send-once right into the message */
559: break;
560:
561: default:
562: panic("ipc_object_copyin_from_kernel: strange rights");
563: }
564: }
565:
566: /*
567: * Routine: ipc_object_destroy
568: * Purpose:
569: * Destroys a naked capability.
570: * Consumes a ref for the object.
571: *
572: * A receive right should be in limbo or in transit.
573: * Conditions:
574: * Nothing locked.
575: */
576:
577: void
578: ipc_object_destroy(
579: ipc_object_t object,
580: mach_msg_type_name_t msgt_name)
581: {
582: assert(IO_VALID(object));
583: assert(io_otype(object) == IOT_PORT);
584:
585: switch (msgt_name) {
586: case MACH_MSG_TYPE_PORT_SEND:
587: ipc_port_release_send((ipc_port_t) object);
588: break;
589:
590: case MACH_MSG_TYPE_PORT_SEND_ONCE:
591: ipc_notify_send_once((ipc_port_t) object);
592: break;
593:
594: case MACH_MSG_TYPE_PORT_RECEIVE:
595: ipc_port_release_receive((ipc_port_t) object);
596: break;
597:
598: default:
599: panic("ipc_object_destroy: strange rights");
600: }
601: }
602:
603: /*
604: * Routine: ipc_object_copyout
605: * Purpose:
606: * Copyout a capability, placing it into a space.
607: * If successful, consumes a ref for the object.
608: * Conditions:
609: * Nothing locked.
610: * Returns:
611: * KERN_SUCCESS Copied out object, consumed ref.
612: * KERN_INVALID_TASK The space is dead.
613: * KERN_INVALID_CAPABILITY The object is dead.
614: * KERN_NO_SPACE No room in space for another right.
615: * KERN_RESOURCE_SHORTAGE No memory available.
616: * KERN_UREFS_OVERFLOW Urefs limit exceeded
617: * and overflow wasn't specified.
618: */
619:
620: kern_return_t
621: ipc_object_copyout(
622: ipc_space_t space,
623: ipc_object_t object,
624: mach_msg_type_name_t msgt_name,
625: boolean_t overflow,
626: mach_port_name_t *namep)
627: {
628: mach_port_name_t name;
629: ipc_entry_t entry;
630: kern_return_t kr;
631:
632: assert(IO_VALID(object));
633: assert(io_otype(object) == IOT_PORT);
634:
635: is_write_lock(space);
636:
637: for (;;) {
638: if (!space->is_active) {
639: is_write_unlock(space);
640: return KERN_INVALID_TASK;
641: }
642:
643: if ((msgt_name != MACH_MSG_TYPE_PORT_SEND_ONCE) &&
644: ipc_right_reverse(space, object, &name, &entry)) {
645: /* object is locked and active */
646:
647: assert(entry->ie_bits & MACH_PORT_TYPE_SEND_RECEIVE);
648: break;
649: }
650:
651: name = (mach_port_name_t)object;
652: kr = ipc_entry_get(space, &name, &entry);
653: if (kr != KERN_SUCCESS) {
654: /* unlocks/locks space, so must start again */
655:
656: kr = ipc_entry_grow_table(space, ITS_SIZE_NONE);
657: if (kr != KERN_SUCCESS)
658: return kr; /* space is unlocked */
659:
660: continue;
661: }
662:
663: assert(IE_BITS_TYPE(entry->ie_bits) == MACH_PORT_TYPE_NONE);
664: assert(entry->ie_object == IO_NULL);
665:
666: io_lock(object);
667: if (!io_active(object)) {
668: io_unlock(object);
669: ipc_entry_dealloc(space, name, entry);
670: is_write_unlock(space);
671: return KERN_INVALID_CAPABILITY;
672: }
673:
674: entry->ie_object = object;
675: break;
676: }
677:
678: /* space is write-locked and active, object is locked and active */
679:
680: kr = ipc_right_copyout(space, name, entry,
681: msgt_name, overflow, object);
682: /* object is unlocked */
683: is_write_unlock(space);
684:
685: if (kr == KERN_SUCCESS)
686: *namep = name;
687: return kr;
688: }
689:
690: /*
691: * Routine: ipc_object_copyout_name
692: * Purpose:
693: * Copyout a capability, placing it into a space.
694: * The specified name is used for the capability.
695: * If successful, consumes a ref for the object.
696: * Conditions:
697: * Nothing locked.
698: * Returns:
699: * KERN_SUCCESS Copied out object, consumed ref.
700: * KERN_INVALID_TASK The space is dead.
701: * KERN_INVALID_CAPABILITY The object is dead.
702: * KERN_RESOURCE_SHORTAGE No memory available.
703: * KERN_UREFS_OVERFLOW Urefs limit exceeded
704: * and overflow wasn't specified.
705: * KERN_RIGHT_EXISTS Space has rights under another name.
706: * KERN_NAME_EXISTS Name is already used.
707: */
708:
709: kern_return_t
710: ipc_object_copyout_name(
711: ipc_space_t space,
712: ipc_object_t object,
713: mach_msg_type_name_t msgt_name,
714: boolean_t overflow,
715: mach_port_name_t name)
716: {
717: mach_port_name_t oname;
718: ipc_entry_t oentry;
719: ipc_entry_t entry;
720: kern_return_t kr;
721:
722: int i;
723:
724: assert(IO_VALID(object));
725: assert(io_otype(object) == IOT_PORT);
726:
727: kr = ipc_entry_alloc_name(space, name, &entry);
728: if (kr != KERN_SUCCESS)
729: return kr;
730: /* space is write-locked and active */
731:
732: if ((msgt_name != MACH_MSG_TYPE_PORT_SEND_ONCE) &&
733: ipc_right_reverse(space, object, &oname, &oentry)) {
734: /* object is locked and active */
735:
736: if (name != oname) {
737: io_unlock(object);
738:
739: if (IE_BITS_TYPE(entry->ie_bits) == MACH_PORT_TYPE_NONE)
740: ipc_entry_dealloc(space, name, entry);
741:
742: is_write_unlock(space);
743: return KERN_RIGHT_EXISTS;
744: }
745:
746: assert(entry == oentry);
747: assert(entry->ie_bits & MACH_PORT_TYPE_SEND_RECEIVE);
748: } else {
749: if (ipc_right_inuse(space, name, entry))
750: return KERN_NAME_EXISTS;
751:
752: assert(IE_BITS_TYPE(entry->ie_bits) == MACH_PORT_TYPE_NONE);
753: assert(entry->ie_object == IO_NULL);
754:
755: io_lock(object);
756: if (!io_active(object)) {
757: io_unlock(object);
758: ipc_entry_dealloc(space, name, entry);
759: is_write_unlock(space);
760: return KERN_INVALID_CAPABILITY;
761: }
762:
763: entry->ie_object = object;
764: }
765:
766: /* space is write-locked and active, object is locked and active */
767:
768: kr = ipc_right_copyout(space, name, entry,
769: msgt_name, overflow, object);
770: /* object is unlocked */
771: is_write_unlock(space);
772: return kr;
773: }
774:
775: /*
776: * Routine: ipc_object_copyout_dest
777: * Purpose:
778: * Translates/consumes the destination right of a message.
779: * This is unlike normal copyout because the right is consumed
780: * in a funny way instead of being given to the receiving space.
781: * The receiver gets his name for the port, if he has receive
782: * rights, otherwise MACH_PORT_NULL.
783: * Conditions:
784: * The object is locked and active. Nothing else locked.
785: * The object is unlocked and loses a reference.
786: */
787:
788: void
789: ipc_object_copyout_dest(
790: ipc_space_t space,
791: ipc_object_t object,
792: mach_msg_type_name_t msgt_name,
793: mach_port_name_t *namep)
794: {
795: mach_port_name_t name;
796:
797: assert(IO_VALID(object));
798: assert(io_active(object));
799:
800: io_release(object);
801:
802: /*
803: * If the space is the receiver/owner of the object,
804: * then we quietly consume the right and return
805: * the space's name for the object. Otherwise
806: * we destroy the right and return MACH_PORT_NULL.
807: */
808:
809: switch (msgt_name) {
810: case MACH_MSG_TYPE_PORT_SEND: {
811: ipc_port_t port = (ipc_port_t) object;
812: ipc_port_t nsrequest = IP_NULL;
813: mach_port_mscount_t mscount;
814:
815: if (port->ip_receiver == space)
816: name = port->ip_receiver_name;
817: else
818: name = MACH_PORT_NULL;
819:
820: assert(port->ip_srights > 0);
821: if (--port->ip_srights == 0 &&
822: port->ip_nsrequest != IP_NULL) {
823: nsrequest = port->ip_nsrequest;
824: port->ip_nsrequest = IP_NULL;
825: mscount = port->ip_mscount;
826: ip_unlock(port);
827: ipc_notify_no_senders(nsrequest, mscount);
828: } else
829: ip_unlock(port);
830: break;
831: }
832:
833: case MACH_MSG_TYPE_PORT_SEND_ONCE: {
834: ipc_port_t port = (ipc_port_t) object;
835:
836: assert(port->ip_sorights > 0);
837:
838: if (port->ip_receiver == space) {
839: /* quietly consume the send-once right */
840:
841: port->ip_sorights--;
842: name = port->ip_receiver_name;
843: ip_unlock(port);
844: } else {
845: /*
846: * A very bizarre case. The message
847: * was received, but before this copyout
848: * happened the space lost receive rights.
849: * We can't quietly consume the soright
850: * out from underneath some other task,
851: * so generate a send-once notification.
852: */
853:
854: ip_reference(port); /* restore ref */
855: ip_unlock(port);
856:
857: ipc_notify_send_once(port);
858: name = MACH_PORT_NULL;
859: }
860:
861: break;
862: }
863:
864: default:
865: panic("ipc_object_copyout_dest: strange rights");
866: }
867:
868: *namep = name;
869: }
870:
871: /*
872: * Routine: ipc_object_rename
873: * Purpose:
874: * Rename an entry in a space.
875: * Conditions:
876: * Nothing locked.
877: * Returns:
878: * KERN_SUCCESS Renamed the entry.
879: * KERN_INVALID_TASK The space was dead.
880: * KERN_INVALID_NAME oname didn't denote an entry.
881: * KERN_NAME_EXISTS nname already denoted an entry.
882: * KERN_RESOURCE_SHORTAGE Couldn't allocate new entry.
883: */
884:
885: kern_return_t
886: ipc_object_rename(
887: ipc_space_t space,
888: mach_port_name_t oname,
889: mach_port_name_t nname)
890: {
891: ipc_entry_t oentry, nentry;
892: kern_return_t kr;
893:
894: int i;
895:
896: kr = ipc_entry_alloc_name(space, nname, &nentry);
897: if (kr != KERN_SUCCESS)
898: return kr;
899:
900: /* space is write-locked and active */
901:
902: if (ipc_right_inuse(space, nname, nentry)) {
903: /* space is unlocked */
904: return KERN_NAME_EXISTS;
905: }
906:
907: /* don't let ipc_entry_lookup see the uninitialized new entry */
908:
909: if ((oname == nname) ||
910: ((oentry = ipc_entry_lookup(space, oname)) == IE_NULL)) {
911: ipc_entry_dealloc(space, nname, nentry);
912: is_write_unlock(space);
913: return KERN_INVALID_NAME;
914: }
915:
916: kr = ipc_right_rename(space, oname, oentry, nname, nentry);
917: /* space is unlocked */
918: return kr;
919: }
920:
921: #if MACH_ASSERT
922: /*
923: * Check whether the object is a port if so, free it. But
924: * keep track of that fact.
925: */
926: void
927: io_free(
928: unsigned int otype,
929: ipc_object_t object)
930: {
931: ipc_port_t port;
932:
933: if (otype == IOT_PORT) {
934: port = (ipc_port_t) object;
935: #if MACH_ASSERT
936: ipc_port_track_dealloc(port);
937: #endif /* MACH_ASSERT */
938: }
939: zfree(ipc_object_zones[otype], (vm_offset_t) object);
940: }
941: #endif /* MACH_ASSERT */
942:
943: #if MACH_RT
944: /*
945: * Routine: ipc_object_is_rt
946: * Purpose:
947: * Determine if an object is a real-time object.
948: * Conditions:
949: * Nothing locked.
950: */
951:
952: boolean_t
953: ipc_object_is_rt(
954: ipc_object_t object)
955: {
956: assert(IO_VALID(object));
957:
958: switch (io_otype(object)) {
959: case IOT_PORT:
960: return IP_RT((ipc_port_t) object);
961: case IOT_PORT_SET:
962: return FALSE;
963: default:
964: #if MACH_ASSERT
965: assert(FALSE);
966: #else
967: panic("ipc_object_is_rt: strange object type");
968: #endif
969: }
970: return FALSE;
971: }
972: #endif /* MACH_RT */
973:
974: #include <mach_kdb.h>
975: #if MACH_KDB
976:
977: #include <ddb/db_output.h>
978:
979: #define printf kdbprintf
980:
981: /*
982: * Routine: ipc_object_print
983: * Purpose:
984: * Pretty-print an object for kdb.
985: */
986:
987: char *ikot_print_array[IKOT_MAX_TYPE] = {
988: "(NONE) ",
989: "(THREAD) ",
990: "(TASK) ",
991: "(HOST) ",
992: "(HOST_PRIV) ",
993: "(PROCESSOR) ",
994: "(PSET) ",
995: "(PSET_NAME) ",
996: "(PAGER) ",
997: "(PAGER_REQUEST) ",
998: "(DEVICE) ", /* 10 */
999: "(XMM_OBJECT) ",
1000: "(XMM_PAGER) ",
1001: "(XMM_KERNEL) ",
1002: "(XMM_REPLY) ",
1003: "(PAGER_TERMINATING)",
1004: "(PAGING_NAME) ",
1005: "(HOST_SECURITY) ",
1006: "(LEDGER) ",
1007: "(MASTER_DEVICE) ",
1008: "(ACTIVATION) ", /* 20 */
1009: "(SUBSYSTEM) ",
1010: "(IO_DONE_QUEUE) ",
1011: "(SEMAPHORE) ",
1012: "(LOCK_SET) ",
1013: "(CLOCK) ",
1014: "(CLOCK_CTRL) ", /* 26 */
1015: "(IOKIT) ", /* 27 */
1016: "(NAMED_MEM_ENTRY) ", /* 28 */
1017: /* << new entries here */
1018: "(UNKNOWN) " /* magic catchall */
1019: }; /* Please keep in sync with kern/ipc_kobject.h */
1020:
1021: void
1022: ipc_object_print(
1023: ipc_object_t object)
1024: {
1025: int kotype;
1026:
1027: iprintf("%s", io_active(object) ? "active" : "dead");
1028: printf(", refs=%d", object->io_references);
1029: printf(", otype=%d", io_otype(object));
1030: kotype = io_kotype(object);
1031: if (kotype >= 0 && kotype < IKOT_MAX_TYPE)
1032: printf(", kotype=%d %s\n", io_kotype(object),
1033: ikot_print_array[kotype]);
1034: else
1035: printf(", kotype=0x%x %s\n", io_kotype(object),
1036: ikot_print_array[IKOT_UNKNOWN]);
1037: }
1038:
1039: #endif /* MACH_KDB */
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.