![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ipc_right.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Apple XNU] / XNU / osfmk / ipc|
Return to ipc_right.c CVS log | Up to [Apple XNU] / XNU / osfmk / ipc |
1.1 root 1: /*
2: * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
3: *
4: * @APPLE_LICENSE_HEADER_START@
5: *
6: * The contents of this file constitute Original Code as defined in and
7: * are subject to the Apple Public Source License Version 1.1 (the
8: * "License"). You may not use this file except in compliance with the
9: * License. Please obtain a copy of the License at
10: * http://www.apple.com/publicsource and read it before using this file.
11: *
12: * This Original Code and all software distributed under the License are
13: * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14: * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15: * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16: * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17: * License for the specific language governing rights and limitations
18: * under the License.
19: *
20: * @APPLE_LICENSE_HEADER_END@
21: */
22: /*
23: * @OSF_FREE_COPYRIGHT@
24: */
25: /*
26: * Mach Operating System
27: * Copyright (c) 1991,1990,1989 Carnegie Mellon University
28: * All Rights Reserved.
29: *
30: * Permission to use, copy, modify and distribute this software and its
31: * documentation is hereby granted, provided that both the copyright
32: * notice and this permission notice appear in all copies of the
33: * software, derivative works or modified versions, and any portions
34: * thereof, and that both notices appear in supporting documentation.
35: *
36: * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
37: * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
38: * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
39: *
40: * Carnegie Mellon requests users of this software to return to
41: *
42: * Software Distribution Coordinator or [email protected]
43: * School of Computer Science
44: * Carnegie Mellon University
45: * Pittsburgh PA 15213-3890
46: *
47: * any improvements or extensions that they make and grant Carnegie Mellon
48: * the rights to redistribute these changes.
49: */
50: /*
51: */
52: /*
53: * File: ipc/ipc_right.c
54: * Author: Rich Draves
55: * Date: 1989
56: *
57: * Functions to manipulate IPC capabilities.
58: */
59:
60: #include <dipc.h>
61:
62: #include <mach/boolean.h>
63: #include <mach/kern_return.h>
64: #include <mach/port.h>
65: #include <mach/message.h>
66: #include <kern/assert.h>
67: #include <kern/misc_protos.h>
68: #include <kern/ipc_subsystem.h>
69: #include <ipc/port.h>
70: #include <ipc/ipc_entry.h>
71: #include <ipc/ipc_space.h>
72: #include <ipc/ipc_object.h>
73: #include <ipc/ipc_hash.h>
74: #include <ipc/ipc_port.h>
75: #include <ipc/ipc_pset.h>
76: #include <ipc/ipc_right.h>
77: #include <ipc/ipc_notify.h>
78: #include <ipc/ipc_table.h>
79:
80: /*
81: * Routine: ipc_right_lookup_write
82: * Purpose:
83: * Finds an entry in a space, given the name.
84: * Conditions:
85: * Nothing locked. If successful, the space is write-locked.
86: * Returns:
87: * KERN_SUCCESS Found an entry.
88: * KERN_INVALID_TASK The space is dead.
89: * KERN_INVALID_NAME Name doesn't exist in space.
90: */
91:
92: kern_return_t
93: ipc_right_lookup_write(
94: ipc_space_t space,
95: mach_port_name_t name,
96: ipc_entry_t *entryp)
97: {
98: ipc_entry_t entry;
99:
100: assert(space != IS_NULL);
101:
102: is_write_lock(space);
103:
104: if (!space->is_active) {
105: is_write_unlock(space);
106: return KERN_INVALID_TASK;
107: }
108:
109: if ((entry = ipc_entry_lookup(space, name)) == IE_NULL) {
110: is_write_unlock(space);
111: return KERN_INVALID_NAME;
112: }
113:
114: *entryp = entry;
115: return KERN_SUCCESS;
116: }
117:
118: /*
119: * Routine: ipc_right_reverse
120: * Purpose:
121: * Translate (space, object) -> (name, entry).
122: * Only finds send/receive rights.
123: * Returns TRUE if an entry is found; if so,
124: * the object is locked and active.
125: * Conditions:
126: * The space must be locked (read or write) and active.
127: * Nothing else locked.
128: */
129:
130: boolean_t
131: ipc_right_reverse(
132: ipc_space_t space,
133: ipc_object_t object,
134: mach_port_name_t *namep,
135: ipc_entry_t *entryp)
136: {
137: ipc_port_t port;
138: mach_port_name_t name;
139: ipc_entry_t entry;
140:
141: /* would switch on io_otype to handle multiple types of object */
142:
143: assert(space->is_active);
144: assert(io_otype(object) == IOT_PORT);
145:
146: port = (ipc_port_t) object;
147:
148: ip_lock(port);
149: if (!ip_active(port)) {
150: ip_unlock(port);
151:
152: return FALSE;
153: }
154:
155: if (port->ip_receiver == space) {
156: name = port->ip_receiver_name;
157: assert(name != MACH_PORT_NULL);
158:
159: entry = ipc_entry_lookup(space, name);
160:
161: assert(entry != IE_NULL);
162: assert(entry->ie_bits & MACH_PORT_TYPE_RECEIVE);
163: assert(port == (ipc_port_t) entry->ie_object);
164:
165: *namep = name;
166: *entryp = entry;
167: return TRUE;
168: }
169:
170: if (ipc_hash_lookup(space, (ipc_object_t) port, namep, entryp)) {
171: assert((entry = *entryp) != IE_NULL);
172: assert(IE_BITS_TYPE(entry->ie_bits) == MACH_PORT_TYPE_SEND);
173: assert(port == (ipc_port_t) entry->ie_object);
174:
175: return TRUE;
176: }
177:
178: ip_unlock(port);
179: return FALSE;
180: }
181:
182: /*
183: * Routine: ipc_right_dnrequest
184: * Purpose:
185: * Make a dead-name request, returning the previously
186: * registered send-once right. If notify is IP_NULL,
187: * just cancels the previously registered request.
188: *
189: * This interacts with the IE_BITS_COMPAT, because they
190: * both use ie_request. If this is a compat entry, then
191: * previous always gets IP_NULL. If notify is IP_NULL,
192: * then the entry remains a compat entry. Otherwise
193: * the real dead-name request is registered and the entry
194: * is no longer a compat entry.
195: * Conditions:
196: * Nothing locked. May allocate memory.
197: * Only consumes/returns refs if successful.
198: * Returns:
199: * KERN_SUCCESS Made/canceled dead-name request.
200: * KERN_INVALID_TASK The space is dead.
201: * KERN_INVALID_NAME Name doesn't exist in space.
202: * KERN_INVALID_RIGHT Name doesn't denote port/dead rights.
203: * KERN_INVALID_ARGUMENT Name denotes dead name, but
204: * immediate is FALSE or notify is IP_NULL.
205: * KERN_UREFS_OVERFLOW Name denotes dead name, but
206: * generating immediate notif. would overflow urefs.
207: * KERN_RESOURCE_SHORTAGE Couldn't allocate memory.
208: */
209:
210: kern_return_t
211: ipc_right_dnrequest(
212: ipc_space_t space,
213: mach_port_name_t name,
214: boolean_t immediate,
215: ipc_port_t notify,
216: ipc_port_t *previousp)
217: {
218: ipc_port_t previous;
219:
220: for (;;) {
221: ipc_entry_t entry;
222: ipc_entry_bits_t bits;
223: kern_return_t kr;
224:
225: kr = ipc_right_lookup_write(space, name, &entry);
226: if (kr != KERN_SUCCESS)
227: return kr;
228: /* space is write-locked and active */
229: bits = entry->ie_bits;
230: if (bits & MACH_PORT_TYPE_PORT_RIGHTS) {
231: ipc_port_t port;
232: ipc_port_request_index_t request;
233:
234: port = (ipc_port_t) entry->ie_object;
235: assert(port != IP_NULL);
236:
237: if (!ipc_right_check(space, port, name, entry)) {
238: /* port is locked and active */
239:
240: if (notify == IP_NULL) {
241: previous = ipc_right_dncancel_macro(
242: space, port, name, entry);
243:
244: ip_unlock(port);
245: is_write_unlock(space);
246: break;
247: }
248:
249: /*
250: * If a registered soright exists,
251: * want to atomically switch with it.
252: * If ipc_port_dncancel finds us a
253: * soright, then the following
254: * ipc_port_dnrequest will reuse
255: * that slot, so we are guaranteed
256: * not to unlock and retry.
257: */
258:
259: previous = ipc_right_dncancel_macro(space,
260: port, name, entry);
261:
262: kr = ipc_port_dnrequest(port, name, notify,
263: &request);
264: if (kr != KERN_SUCCESS) {
265: assert(previous == IP_NULL);
266: is_write_unlock(space);
267:
268: kr = ipc_port_dngrow(port,
269: ITS_SIZE_NONE);
270: /* port is unlocked */
271: if (kr != KERN_SUCCESS)
272: return kr;
273:
274: continue;
275: }
276:
277: assert(request != 0);
278: ip_unlock(port);
279:
280: entry->ie_request = request;
281: is_write_unlock(space);
282: break;
283: } else {
284:
285: /*
286: * Our capability bits were changed by ipc_right_check
287: * because it found an inactive port and removed our
288: * references to it (converting our entry into a dead
289: * one). Reload the bits (and obviously we can't use
290: * the port name anymore).
291: */
292: bits = entry->ie_bits;
293:
294: }
295:
296: assert(bits & MACH_PORT_TYPE_DEAD_NAME);
297: }
298:
299: if ((bits & MACH_PORT_TYPE_DEAD_NAME) &&
300: immediate && (notify != IP_NULL)) {
301: mach_port_urefs_t urefs = IE_BITS_UREFS(bits);
302:
303: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_DEAD_NAME);
304: assert(urefs > 0);
305:
306: if (MACH_PORT_UREFS_OVERFLOW(urefs, 1)) {
307: is_write_unlock(space);
308: return KERN_UREFS_OVERFLOW;
309: }
310:
311: (entry->ie_bits)++; /* increment urefs */
312: is_write_unlock(space);
313:
314: ipc_notify_dead_name(notify, name);
315: previous = IP_NULL;
316: break;
317: }
318:
319: is_write_unlock(space);
320: if (bits & MACH_PORT_TYPE_PORT_OR_DEAD)
321: return KERN_INVALID_ARGUMENT;
322: else
323: return KERN_INVALID_RIGHT;
324: }
325:
326: *previousp = previous;
327: return KERN_SUCCESS;
328: }
329:
330: /*
331: * Routine: ipc_right_dncancel
332: * Purpose:
333: * Cancel a dead-name request and return the send-once right.
334: * Afterwards, entry->ie_request == 0.
335: * Conditions:
336: * The space must be write-locked; the port must be locked.
337: * The port must be active; the space doesn't have to be.
338: */
339:
340: ipc_port_t
341: ipc_right_dncancel(
342: ipc_space_t space,
343: ipc_port_t port,
344: mach_port_name_t name,
345: ipc_entry_t entry)
346: {
347: ipc_port_t dnrequest;
348:
349: assert(ip_active(port));
350: assert(port == (ipc_port_t) entry->ie_object);
351:
352: dnrequest = ipc_port_dncancel(port, name, entry->ie_request);
353: entry->ie_request = 0;
354:
355: return dnrequest;
356: }
357:
358: /*
359: * Routine: ipc_right_inuse
360: * Purpose:
361: * Check if an entry is being used.
362: * Returns TRUE if it is.
363: * Conditions:
364: * The space is write-locked and active.
365: * It is unlocked if the entry is inuse.
366: */
367:
368: boolean_t
369: ipc_right_inuse(
370: ipc_space_t space,
371: mach_port_name_t name,
372: ipc_entry_t entry)
373: {
374: if (IE_BITS_TYPE(entry->ie_bits) != MACH_PORT_TYPE_NONE) {
375: is_write_unlock(space);
376: return TRUE;
377: }
378: return FALSE;
379: }
380:
381: /*
382: * Routine: ipc_right_check
383: * Purpose:
384: * Check if the port has died. If it has,
385: * clean up the entry and return TRUE.
386: * Conditions:
387: * The space is write-locked; the port is not locked.
388: * If returns FALSE, the port is also locked and active.
389: * Otherwise, entry is converted to a dead name, freeing
390: * a reference to port.
391: */
392:
393: boolean_t
394: ipc_right_check(
395: ipc_space_t space,
396: ipc_port_t port,
397: mach_port_name_t name,
398: ipc_entry_t entry)
399: {
400: ipc_entry_bits_t bits;
401:
402: assert(space->is_active);
403: assert(port == (ipc_port_t) entry->ie_object);
404:
405: ip_lock(port);
406: if (ip_active(port))
407: return FALSE;
408: ip_unlock(port);
409:
410: /* this was either a pure send right or a send-once right */
411:
412: bits = entry->ie_bits;
413: assert((bits & MACH_PORT_TYPE_RECEIVE) == 0);
414: assert(IE_BITS_UREFS(bits) > 0);
415:
416: if (bits & MACH_PORT_TYPE_SEND) {
417: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND);
418: } else {
419: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE);
420: assert(IE_BITS_UREFS(bits) == 1);
421: }
422:
423:
424: ipc_port_release(port);
425:
426: /* convert entry to dead name */
427:
428: if ((bits & MACH_PORT_TYPE_SEND) && !(bits & MACH_PORT_TYPE_RECEIVE))
429: ipc_hash_delete(space, (ipc_object_t)port, name, entry);
430:
431: bits = (bits &~ IE_BITS_TYPE_MASK) | MACH_PORT_TYPE_DEAD_NAME;
432:
433: /*
434: * If there was a notification request outstanding on this
435: * name, and since the port went dead, that notification
436: * must already be on its way up from the port layer. We
437: * don't need the index of the notification port anymore.
438: *
439: * JMM - We also add a reference to the entry since the
440: * notification only carries the name and NOT a reference
441: * (or right). This makes for pretty loose reference
442: * counting, since it is only happenstance that we
443: * detected the notification in progress like this.
444: * But most (all?) calls that try to deal with this entry
445: * will also come through here, so the reference gets added
446: * before the entry gets used eventually (I would rather it
447: * be explicit in the notification generation, though)
448: */
449: if (entry->ie_request != 0) {
450: assert(IE_BITS_UREFS(bits) < MACH_PORT_UREFS_MAX);
451: entry->ie_request = 0;
452: bits++;
453: }
454: entry->ie_bits = bits;
455: entry->ie_object = IO_NULL;
456: return TRUE;
457: }
458:
459: /*
460: * Routine: ipc_right_clean
461: * Purpose:
462: * Cleans up an entry in a dead space.
463: * The entry isn't deallocated or removed
464: * from reverse hash tables.
465: * Conditions:
466: * The space is dead and unlocked.
467: */
468:
469: void
470: ipc_right_clean(
471: ipc_space_t space,
472: mach_port_name_t name,
473: ipc_entry_t entry)
474: {
475: ipc_entry_bits_t bits;
476: mach_port_type_t type;
477:
478: bits = entry->ie_bits;
479: type = IE_BITS_TYPE(bits);
480:
481: assert(!space->is_active);
482:
483: /*
484: * IE_BITS_COMPAT/ipc_right_dncancel doesn't have this
485: * problem, because we check that the port is active. If
486: * we didn't cancel IE_BITS_COMPAT, ipc_port_destroy
487: * would still work, but dead space refs would accumulate
488: * in ip_dnrequests. They would use up slots in
489: * ip_dnrequests and keep the spaces from being freed.
490: */
491:
492: switch (type) {
493: case MACH_PORT_TYPE_DEAD_NAME:
494: assert(entry->ie_request == 0);
495: assert(entry->ie_object == IO_NULL);
496: break;
497:
498: case MACH_PORT_TYPE_PORT_SET: {
499: ipc_pset_t pset = (ipc_pset_t) entry->ie_object;
500:
501: assert(entry->ie_request == 0);
502: assert(pset != IPS_NULL);
503:
504: ips_lock(pset);
505: assert(ips_active(pset));
506:
507: ipc_pset_destroy(pset); /* consumes ref, unlocks */
508: break;
509: }
510:
511: case MACH_PORT_TYPE_SEND:
512: case MACH_PORT_TYPE_RECEIVE:
513: case MACH_PORT_TYPE_SEND_RECEIVE:
514: case MACH_PORT_TYPE_SEND_ONCE: {
515: ipc_port_t port = (ipc_port_t) entry->ie_object;
516: ipc_port_t dnrequest;
517: ipc_port_t nsrequest = IP_NULL;
518: mach_port_mscount_t mscount;
519:
520: assert(port != IP_NULL);
521: ip_lock(port);
522:
523: if (!ip_active(port)) {
524: ip_release(port);
525: ip_check_unlock(port);
526: break;
527: }
528:
529: dnrequest = ipc_right_dncancel_macro(space, port,
530: name, entry);
531:
532: if (type & MACH_PORT_TYPE_SEND) {
533: assert(port->ip_srights > 0);
534: if (--port->ip_srights == 0
535: ) {
536: nsrequest = port->ip_nsrequest;
537: if (nsrequest != IP_NULL) {
538: port->ip_nsrequest = IP_NULL;
539: mscount = port->ip_mscount;
540: }
541: }
542: }
543:
544: if (type & MACH_PORT_TYPE_RECEIVE) {
545: assert(port->ip_receiver_name == name);
546: assert(port->ip_receiver == space);
547:
548: ipc_port_clear_receiver(port);
549: ipc_port_destroy(port); /* consumes our ref, unlocks */
550: } else if (type & MACH_PORT_TYPE_SEND_ONCE) {
551: assert(port->ip_sorights > 0);
552: ip_unlock(port);
553:
554: ipc_notify_send_once(port); /* consumes our ref */
555: } else {
556: assert(port->ip_receiver != space);
557:
558: ip_release(port);
559: ip_unlock(port); /* port is active */
560: }
561:
562: if (nsrequest != IP_NULL)
563: ipc_notify_no_senders(nsrequest, mscount);
564:
565: if (dnrequest != IP_NULL)
566: ipc_notify_port_deleted(dnrequest, name);
567: break;
568: }
569:
570: default:
571: panic("ipc_right_clean: strange type");
572: }
573: }
574:
575: /*
576: * Routine: ipc_right_destroy
577: * Purpose:
578: * Destroys an entry in a space.
579: * Conditions:
580: * The space is write-locked.
581: * The space must be active.
582: * Returns:
583: * KERN_SUCCESS The entry was destroyed.
584: */
585:
586: kern_return_t
587: ipc_right_destroy(
588: ipc_space_t space,
589: mach_port_name_t name,
590: ipc_entry_t entry)
591: {
592: ipc_entry_bits_t bits;
593: mach_port_type_t type;
594:
595: bits = entry->ie_bits;
596: entry->ie_bits &= ~IE_BITS_TYPE_MASK;
597: type = IE_BITS_TYPE(bits);
598:
599: assert(space->is_active);
600:
601: switch (type) {
602: case MACH_PORT_TYPE_DEAD_NAME:
603: assert(entry->ie_request == 0);
604: assert(entry->ie_object == IO_NULL);
605:
606: ipc_entry_dealloc(space, name, entry);
607: break;
608:
609: case MACH_PORT_TYPE_PORT_SET: {
610: ipc_pset_t pset = (ipc_pset_t) entry->ie_object;
611:
612: assert(entry->ie_request == 0);
613: assert(pset != IPS_NULL);
614:
615: entry->ie_object = IO_NULL;
616: /* port sets are not sharable entries on a subspace basis */
617: /* so there is no need to check the subspace array here */
618: ipc_entry_dealloc(space, name, entry);
619:
620: ips_lock(pset);
621: assert(ips_active(pset));
622:
623: ipc_pset_destroy(pset); /* consumes ref, unlocks */
624: break;
625: }
626:
627: case MACH_PORT_TYPE_SEND:
628: case MACH_PORT_TYPE_RECEIVE:
629: case MACH_PORT_TYPE_SEND_RECEIVE:
630: case MACH_PORT_TYPE_SEND_ONCE: {
631: ipc_port_t port = (ipc_port_t) entry->ie_object;
632: ipc_port_t nsrequest = IP_NULL;
633: mach_port_mscount_t mscount;
634: ipc_port_t dnrequest;
635:
636: assert(port != IP_NULL);
637:
638: if (type == MACH_PORT_TYPE_SEND)
639: ipc_hash_delete(space, (ipc_object_t) port,
640: name, entry);
641:
642: ip_lock(port);
643:
644: if (!ip_active(port)) {
645: assert((type & MACH_PORT_TYPE_RECEIVE) == 0);
646: ip_release(port);
647: ip_check_unlock(port);
648:
649: entry->ie_request = 0;
650: entry->ie_object = IO_NULL;
651: ipc_entry_dealloc(space, name, entry);
652:
653: break;
654: }
655:
656: dnrequest = ipc_right_dncancel_macro(space, port, name, entry);
657:
658: entry->ie_object = IO_NULL;
659: ipc_entry_dealloc(space, name, entry);
660:
661: if (type & MACH_PORT_TYPE_SEND) {
662: assert(port->ip_srights > 0);
663: if (--port->ip_srights == 0) {
664: nsrequest = port->ip_nsrequest;
665: if (nsrequest != IP_NULL) {
666: port->ip_nsrequest = IP_NULL;
667: mscount = port->ip_mscount;
668: }
669: }
670: }
671:
672: if (type & MACH_PORT_TYPE_RECEIVE) {
673: assert(ip_active(port));
674: assert(port->ip_receiver == space);
675:
676: if (port->ip_subsystem)
677: subsystem_deallocate(
678: port->ip_subsystem->subsystem);
679: ipc_port_clear_receiver(port);
680: ipc_port_destroy(port); /* consumes our ref, unlocks */
681: } else if (type & MACH_PORT_TYPE_SEND_ONCE) {
682: assert(port->ip_sorights > 0);
683: ip_unlock(port);
684:
685: ipc_notify_send_once(port); /* consumes our ref */
686: } else {
687: assert(port->ip_receiver != space);
688:
689: ip_release(port);
690: ip_unlock(port);
691: }
692:
693: if (nsrequest != IP_NULL)
694: ipc_notify_no_senders(nsrequest, mscount);
695:
696: if (dnrequest != IP_NULL)
697: ipc_notify_port_deleted(dnrequest, name);
698: break;
699: }
700:
701: default:
702: panic("ipc_right_destroy: strange type");
703: }
704:
705: return KERN_SUCCESS;
706: }
707:
708: /*
709: * Routine: ipc_right_dealloc
710: * Purpose:
711: * Releases a send/send-once/dead-name user ref.
712: * Like ipc_right_delta with a delta of -1,
713: * but looks at the entry to determine the right.
714: * Conditions:
715: * The space is write-locked, and is unlocked upon return.
716: * The space must be active.
717: * Returns:
718: * KERN_SUCCESS A user ref was released.
719: * KERN_INVALID_RIGHT Entry has wrong type.
720: */
721:
722: kern_return_t
723: ipc_right_dealloc(
724: ipc_space_t space,
725: mach_port_name_t name,
726: ipc_entry_t entry)
727: {
728:
729: ipc_entry_bits_t bits;
730: mach_port_type_t type;
731:
732: bits = entry->ie_bits;
733: type = IE_BITS_TYPE(bits);
734:
735:
736: assert(space->is_active);
737:
738: switch (type) {
739: case MACH_PORT_TYPE_DEAD_NAME: {
740: dead_name:
741:
742: assert(IE_BITS_UREFS(bits) > 0);
743: assert(entry->ie_request == 0);
744: assert(entry->ie_object == IO_NULL);
745:
746: if (IE_BITS_UREFS(bits) == 1) {
747: ipc_entry_dealloc(space, name, entry);
748: }
749: else
750: entry->ie_bits = bits-1; /* decrement urefs */
751:
752: is_write_unlock(space);
753: break;
754: }
755:
756: case MACH_PORT_TYPE_SEND_ONCE: {
757: ipc_port_t port, dnrequest;
758:
759: assert(IE_BITS_UREFS(bits) == 1);
760:
761: port = (ipc_port_t) entry->ie_object;
762: assert(port != IP_NULL);
763:
764: if (ipc_right_check(space, port, name, entry)) {
765:
766: bits = entry->ie_bits;
767: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_DEAD_NAME);
768: goto dead_name;
769: }
770: /* port is locked and active */
771:
772: assert(port->ip_sorights > 0);
773:
774: dnrequest = ipc_right_dncancel_macro(space, port, name, entry);
775: ip_unlock(port);
776:
777: entry->ie_object = IO_NULL;
778: ipc_entry_dealloc(space, name, entry);
779:
780: is_write_unlock(space);
781:
782: ipc_notify_send_once(port);
783:
784: if (dnrequest != IP_NULL)
785: ipc_notify_port_deleted(dnrequest, name);
786: break;
787: }
788:
789: case MACH_PORT_TYPE_SEND: {
790: ipc_port_t port;
791: ipc_port_t dnrequest = IP_NULL;
792: ipc_port_t nsrequest = IP_NULL;
793: mach_port_mscount_t mscount;
794:
795:
796: assert(IE_BITS_UREFS(bits) > 0);
797:
798: port = (ipc_port_t) entry->ie_object;
799: assert(port != IP_NULL);
800:
801: if (ipc_right_check(space, port, name, entry)) {
802: bits = entry->ie_bits;
803: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_DEAD_NAME);
804: goto dead_name;
805: }
806: /* port is locked and active */
807:
808: assert(port->ip_srights > 0);
809:
810: if (IE_BITS_UREFS(bits) == 1) {
811: if (--port->ip_srights == 0) {
812: nsrequest = port->ip_nsrequest;
813: if (nsrequest != IP_NULL) {
814: port->ip_nsrequest = IP_NULL;
815: mscount = port->ip_mscount;
816: }
817: }
818:
819: dnrequest = ipc_right_dncancel_macro(space, port,
820: name, entry);
821: ipc_hash_delete(space, (ipc_object_t) port,
822: name, entry);
823:
824: ip_release(port);
825: entry->ie_object = IO_NULL;
826: ipc_entry_dealloc(space, name, entry);
827:
828: } else
829: entry->ie_bits = bits-1; /* decrement urefs */
830:
831: /* even if dropped a ref, port is active */
832: ip_unlock(port);
833: is_write_unlock(space);
834:
835: if (nsrequest != IP_NULL)
836: ipc_notify_no_senders(nsrequest, mscount);
837:
838: if (dnrequest != IP_NULL)
839: ipc_notify_port_deleted(dnrequest, name);
840: break;
841: }
842:
843: case MACH_PORT_TYPE_SEND_RECEIVE: {
844: ipc_port_t port;
845: ipc_port_t nsrequest = IP_NULL;
846: mach_port_mscount_t mscount;
847:
848: assert(IE_BITS_UREFS(bits) > 0);
849:
850: port = (ipc_port_t) entry->ie_object;
851: assert(port != IP_NULL);
852:
853: ip_lock(port);
854: assert(ip_active(port));
855: assert(port->ip_receiver_name == name);
856: assert(port->ip_receiver == space);
857: assert(port->ip_srights > 0);
858:
859: if (IE_BITS_UREFS(bits) == 1) {
860: if (--port->ip_srights == 0) {
861: nsrequest = port->ip_nsrequest;
862: if (nsrequest != IP_NULL) {
863: port->ip_nsrequest = IP_NULL;
864: mscount = port->ip_mscount;
865: }
866: }
867:
868: entry->ie_bits = bits &~ (IE_BITS_UREFS_MASK |
869: MACH_PORT_TYPE_SEND);
870: } else
871: entry->ie_bits = bits-1; /* decrement urefs */
872:
873: ip_unlock(port);
874: is_write_unlock(space);
875:
876: if (nsrequest != IP_NULL)
877: ipc_notify_no_senders(nsrequest, mscount);
878: break;
879: }
880:
881: default:
882: is_write_unlock(space);
883: return KERN_INVALID_RIGHT;
884: }
885:
886: return KERN_SUCCESS;
887: }
888:
889: /*
890: * Routine: ipc_right_delta
891: * Purpose:
892: * Modifies the user-reference count for a right.
893: * May deallocate the right, if the count goes to zero.
894: * Conditions:
895: * The space is write-locked, and is unlocked upon return.
896: * The space must be active.
897: * Returns:
898: * KERN_SUCCESS Count was modified.
899: * KERN_INVALID_RIGHT Entry has wrong type.
900: * KERN_INVALID_VALUE Bad delta for the right.
901: * KERN_UREFS_OVERFLOW OK delta, except would overflow.
902: */
903:
904: kern_return_t
905: ipc_right_delta(
906: ipc_space_t space,
907: mach_port_name_t name,
908: ipc_entry_t entry,
909: mach_port_right_t right,
910: mach_port_delta_t delta)
911: {
912: ipc_entry_bits_t bits;
913:
914: bits = entry->ie_bits;
915:
916:
917: /*
918: * The following is used (for case MACH_PORT_RIGHT_DEAD_NAME) in the
919: * switch below. It is used to keep track of those cases (in DIPC)
920: * where we have postponed the dropping of a port reference. Since
921: * the dropping of the reference could cause the port to disappear
922: * we postpone doing so when we are holding the space lock.
923: */
924:
925: assert(space->is_active);
926: assert(right < MACH_PORT_RIGHT_NUMBER);
927:
928: /* Rights-specific restrictions and operations. */
929:
930: switch (right) {
931: case MACH_PORT_RIGHT_PORT_SET: {
932: ipc_pset_t pset;
933:
934: if ((bits & MACH_PORT_TYPE_PORT_SET) == 0)
935: goto invalid_right;
936:
937: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_PORT_SET);
938: assert(IE_BITS_UREFS(bits) == 0);
939: assert(entry->ie_request == 0);
940:
941: if (delta == 0)
942: goto success;
943:
944: if (delta != -1)
945: goto invalid_value;
946:
947: pset = (ipc_pset_t) entry->ie_object;
948: assert(pset != IPS_NULL);
949:
950:
951:
952: entry->ie_object = IO_NULL;
953: ipc_entry_dealloc(space, name, entry);
954:
955:
956: ips_lock(pset);
957: assert(ips_active(pset));
958: is_write_unlock(space);
959:
960: ipc_pset_destroy(pset); /* consumes ref, unlocks */
961: break;
962: }
963:
964: case MACH_PORT_RIGHT_RECEIVE: {
965: ipc_port_t port;
966: ipc_port_t dnrequest = IP_NULL;
967:
968: if ((bits & MACH_PORT_TYPE_RECEIVE) == 0)
969: goto invalid_right;
970:
971: if (delta == 0)
972: goto success;
973:
974: if (delta != -1)
975: goto invalid_value;
976:
977: port = (ipc_port_t) entry->ie_object;
978: assert(port != IP_NULL);
979:
980: /*
981: * The port lock is needed for ipc_right_dncancel;
982: * otherwise, we wouldn't have to take the lock
983: * until just before dropping the space lock.
984: */
985:
986: ip_lock(port);
987: assert(ip_active(port));
988: assert(port->ip_receiver_name == name);
989: assert(port->ip_receiver == space);
990:
991: if (bits & MACH_PORT_TYPE_SEND) {
992: assert(IE_BITS_TYPE(bits) ==
993: MACH_PORT_TYPE_SEND_RECEIVE);
994: assert(IE_BITS_UREFS(bits) > 0);
995: assert(IE_BITS_UREFS(bits) < MACH_PORT_UREFS_MAX);
996: assert(port->ip_srights > 0);
997:
998: /*
999: * The remaining send right turns into a
1000: * dead name. Notice we don't decrement
1001: * ip_srights, generate a no-senders notif,
1002: * or use ipc_right_dncancel, because the
1003: * port is destroyed "first".
1004: */
1005: bits &= ~IE_BITS_TYPE_MASK;
1006: bits |= MACH_PORT_TYPE_DEAD_NAME;
1007: if (entry->ie_request) {
1008: entry->ie_request = 0;
1009: bits++;
1010: }
1011: entry->ie_bits = bits;
1012: entry->ie_object = IO_NULL;
1013: } else {
1014: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_RECEIVE);
1015: assert(IE_BITS_UREFS(bits) == 0);
1016:
1017: dnrequest = ipc_right_dncancel_macro(space, port,
1018: name, entry);
1019: entry->ie_object = IO_NULL;
1020: ipc_entry_dealloc(space, name, entry);
1021: }
1022: is_write_unlock(space);
1023:
1024: ipc_port_clear_receiver(port);
1025: ipc_port_destroy(port); /* consumes ref, unlocks */
1026:
1027: if (dnrequest != IP_NULL)
1028: ipc_notify_port_deleted(dnrequest, name);
1029: break;
1030: }
1031:
1032: case MACH_PORT_RIGHT_SEND_ONCE: {
1033: ipc_port_t port, dnrequest;
1034:
1035: if ((bits & MACH_PORT_TYPE_SEND_ONCE) == 0)
1036: goto invalid_right;
1037:
1038: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE);
1039: assert(IE_BITS_UREFS(bits) == 1);
1040:
1041: port = (ipc_port_t) entry->ie_object;
1042: assert(port != IP_NULL);
1043:
1044: if (ipc_right_check(space, port, name, entry)) {
1045: assert(!(entry->ie_bits & MACH_PORT_TYPE_SEND_ONCE));
1046: goto invalid_right;
1047: }
1048: /* port is locked and active */
1049:
1050: assert(port->ip_sorights > 0);
1051:
1052: if ((delta > 0) || (delta < -1)) {
1053: ip_unlock(port);
1054: goto invalid_value;
1055: }
1056:
1057: if (delta == 0) {
1058: ip_unlock(port);
1059: goto success;
1060: }
1061:
1062: dnrequest = ipc_right_dncancel_macro(space, port, name, entry);
1063: ip_unlock(port);
1064:
1065: entry->ie_object = IO_NULL;
1066: ipc_entry_dealloc(space, name, entry);
1067:
1068: is_write_unlock(space);
1069:
1070: ipc_notify_send_once(port);
1071:
1072: if (dnrequest != IP_NULL)
1073: ipc_notify_port_deleted(dnrequest, name);
1074: break;
1075: }
1076:
1077: case MACH_PORT_RIGHT_DEAD_NAME: {
1078: mach_port_urefs_t urefs;
1079:
1080: if (bits & MACH_PORT_TYPE_SEND_RIGHTS) {
1081: ipc_port_t port;
1082:
1083: port = (ipc_port_t) entry->ie_object;
1084: assert(port != IP_NULL);
1085:
1086: if (!ipc_right_check(space, port, name, entry)) {
1087: /* port is locked and active */
1088: ip_unlock(port);
1089: goto invalid_right;
1090: }
1091: bits = entry->ie_bits;
1092: } else if ((bits & MACH_PORT_TYPE_DEAD_NAME) == 0)
1093: goto invalid_right;
1094:
1095: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_DEAD_NAME);
1096: assert(IE_BITS_UREFS(bits) > 0);
1097: assert(entry->ie_object == IO_NULL);
1098: assert(entry->ie_request == 0);
1099:
1100: urefs = IE_BITS_UREFS(bits);
1101: if (MACH_PORT_UREFS_UNDERFLOW(urefs, delta))
1102: goto invalid_value;
1103: if (MACH_PORT_UREFS_OVERFLOW(urefs, delta))
1104: goto urefs_overflow;
1105:
1106: if ((urefs + delta) == 0) {
1107: ipc_entry_dealloc(space, name, entry);
1108: }
1109: else
1110: entry->ie_bits = bits + delta;
1111:
1112: is_write_unlock(space);
1113:
1114: break;
1115: }
1116:
1117: case MACH_PORT_RIGHT_SEND: {
1118: mach_port_urefs_t urefs;
1119: ipc_port_t port;
1120: ipc_port_t dnrequest = IP_NULL;
1121: ipc_port_t nsrequest = IP_NULL;
1122: mach_port_mscount_t mscount;
1123:
1124: if ((bits & MACH_PORT_TYPE_SEND) == 0)
1125: goto invalid_right;
1126:
1127: /* maximum urefs for send is MACH_PORT_UREFS_MAX-1 */
1128:
1129: port = (ipc_port_t) entry->ie_object;
1130: assert(port != IP_NULL);
1131:
1132: if (ipc_right_check(space, port, name, entry)) {
1133: assert((entry->ie_bits & MACH_PORT_TYPE_SEND) == 0);
1134: goto invalid_right;
1135: }
1136: /* port is locked and active */
1137:
1138: assert(port->ip_srights > 0);
1139:
1140: urefs = IE_BITS_UREFS(bits);
1141: if (MACH_PORT_UREFS_UNDERFLOW(urefs, delta)) {
1142: ip_unlock(port);
1143: goto invalid_value;
1144: }
1145: if (MACH_PORT_UREFS_OVERFLOW(urefs+1, delta)) {
1146: ip_unlock(port);
1147: goto urefs_overflow;
1148: }
1149:
1150: if ((urefs + delta) == 0) {
1151: if (--port->ip_srights == 0) {
1152: nsrequest = port->ip_nsrequest;
1153: if (nsrequest != IP_NULL) {
1154: port->ip_nsrequest = IP_NULL;
1155: mscount = port->ip_mscount;
1156: }
1157: }
1158:
1159: if (bits & MACH_PORT_TYPE_RECEIVE) {
1160: assert(port->ip_receiver_name == name);
1161: assert(port->ip_receiver == space);
1162: assert(IE_BITS_TYPE(bits) ==
1163: MACH_PORT_TYPE_SEND_RECEIVE);
1164:
1165: entry->ie_bits = bits &~ (IE_BITS_UREFS_MASK|
1166: MACH_PORT_TYPE_SEND);
1167: } else {
1168: assert(IE_BITS_TYPE(bits) ==
1169: MACH_PORT_TYPE_SEND);
1170:
1171: dnrequest = ipc_right_dncancel_macro(space, port,
1172: name, entry);
1173: ipc_hash_delete(space, (ipc_object_t) port,
1174: name, entry);
1175:
1176: ip_release(port);
1177:
1178: entry->ie_object = IO_NULL;
1179: ipc_entry_dealloc(space, name, entry);
1180: }
1181: } else
1182: entry->ie_bits = bits + delta;
1183:
1184: /* even if dropped a ref, port is active */
1185: ip_unlock(port);
1186: is_write_unlock(space);
1187:
1188: if (nsrequest != IP_NULL)
1189: ipc_notify_no_senders(nsrequest, mscount);
1190:
1191: if (dnrequest != IP_NULL)
1192: ipc_notify_port_deleted(dnrequest, name);
1193: break;
1194: }
1195:
1196: default:
1197: panic("ipc_right_delta: strange right");
1198: }
1199:
1200: return KERN_SUCCESS;
1201:
1202: success:
1203: is_write_unlock(space);
1204: return KERN_SUCCESS;
1205:
1206: invalid_right:
1207: is_write_unlock(space);
1208: return KERN_INVALID_RIGHT;
1209:
1210: invalid_value:
1211: is_write_unlock(space);
1212: return KERN_INVALID_VALUE;
1213:
1214: urefs_overflow:
1215: is_write_unlock(space);
1216: return KERN_UREFS_OVERFLOW;
1217: }
1218:
1219: /*
1220: * Routine: ipc_right_info
1221: * Purpose:
1222: * Retrieves information about the right.
1223: * Conditions:
1224: * The space is write-locked, and is unlocked upon return
1225: * if the call is unsuccessful. The space must be active.
1226: * Returns:
1227: * KERN_SUCCESS Retrieved info; space still locked.
1228: */
1229:
1230: kern_return_t
1231: ipc_right_info(
1232: ipc_space_t space,
1233: mach_port_name_t name,
1234: ipc_entry_t entry,
1235: mach_port_type_t *typep,
1236: mach_port_urefs_t *urefsp)
1237: {
1238: ipc_entry_bits_t bits;
1239: mach_port_type_t type;
1240: ipc_port_request_index_t request;
1241:
1242: bits = entry->ie_bits;
1243:
1244: if (bits & MACH_PORT_TYPE_SEND_RIGHTS) {
1245: ipc_port_t port = (ipc_port_t) entry->ie_object;
1246:
1247: if (ipc_right_check(space, port, name, entry)) {
1248: bits = entry->ie_bits;
1249: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_DEAD_NAME);
1250: } else
1251: ip_unlock(port);
1252: }
1253:
1254: type = IE_BITS_TYPE(bits);
1255: request = entry->ie_request;
1256:
1257: if (request != 0)
1258: type |= MACH_PORT_TYPE_DNREQUEST;
1259:
1260: *typep = type;
1261: *urefsp = IE_BITS_UREFS(bits);
1262: return KERN_SUCCESS;
1263: }
1264:
1265: /*
1266: * Routine: ipc_right_copyin_check
1267: * Purpose:
1268: * Check if a subsequent ipc_right_copyin would succeed.
1269: * Conditions:
1270: * The space is locked (read or write) and active.
1271: */
1272:
1273: boolean_t
1274: ipc_right_copyin_check(
1275: ipc_space_t space,
1276: mach_port_name_t name,
1277: ipc_entry_t entry,
1278: mach_msg_type_name_t msgt_name)
1279: {
1280: ipc_entry_bits_t bits;
1281:
1282: bits= entry->ie_bits;
1283: assert(space->is_active);
1284:
1285: switch (msgt_name) {
1286: case MACH_MSG_TYPE_MAKE_SEND:
1287: case MACH_MSG_TYPE_MAKE_SEND_ONCE:
1288: case MACH_MSG_TYPE_MOVE_RECEIVE:
1289: if ((bits & MACH_PORT_TYPE_RECEIVE) == 0)
1290: return FALSE;
1291:
1292: break;
1293:
1294: case MACH_MSG_TYPE_COPY_SEND:
1295: case MACH_MSG_TYPE_MOVE_SEND:
1296: case MACH_MSG_TYPE_MOVE_SEND_ONCE: {
1297: ipc_port_t port;
1298: boolean_t active;
1299:
1300: if (bits & MACH_PORT_TYPE_DEAD_NAME)
1301: break;
1302:
1303: if ((bits & MACH_PORT_TYPE_SEND_RIGHTS) == 0)
1304: return FALSE;
1305:
1306: port = (ipc_port_t) entry->ie_object;
1307: assert(port != IP_NULL);
1308:
1309: ip_lock(port);
1310: active = ip_active(port);
1311: ip_unlock(port);
1312:
1313: if (!active) {
1314: break;
1315: }
1316:
1317: if (msgt_name == MACH_MSG_TYPE_MOVE_SEND_ONCE) {
1318: if ((bits & MACH_PORT_TYPE_SEND_ONCE) == 0)
1319: return FALSE;
1320: } else {
1321: if ((bits & MACH_PORT_TYPE_SEND) == 0)
1322: return FALSE;
1323: }
1324:
1325: break;
1326: }
1327:
1328: default:
1329: panic("ipc_right_copyin_check: strange rights");
1330: }
1331:
1332: return TRUE;
1333: }
1334:
1335: /*
1336: * Routine: ipc_right_copyin
1337: * Purpose:
1338: * Copyin a capability from a space.
1339: * If successful, the caller gets a ref
1340: * for the resulting object, unless it is IO_DEAD,
1341: * and possibly a send-once right which should
1342: * be used in a port-deleted notification.
1343: *
1344: * If deadok is not TRUE, the copyin operation
1345: * will fail instead of producing IO_DEAD.
1346: *
1347: * The entry is never deallocated (except
1348: * when KERN_INVALID_NAME), so the caller
1349: * should deallocate the entry if its type
1350: * is MACH_PORT_TYPE_NONE.
1351: * Conditions:
1352: * The space is write-locked and active.
1353: * Returns:
1354: * KERN_SUCCESS Acquired an object, possibly IO_DEAD.
1355: * KERN_INVALID_RIGHT Name doesn't denote correct right.
1356: */
1357:
1358: kern_return_t
1359: ipc_right_copyin(
1360: ipc_space_t space,
1361: mach_port_name_t name,
1362: ipc_entry_t entry,
1363: mach_msg_type_name_t msgt_name,
1364: boolean_t deadok,
1365: ipc_object_t *objectp,
1366: ipc_port_t *sorightp)
1367: {
1368: ipc_entry_bits_t bits;
1369:
1370: bits = entry->ie_bits;
1371:
1372: assert(space->is_active);
1373:
1374: switch (msgt_name) {
1375: case MACH_MSG_TYPE_MAKE_SEND: {
1376: ipc_port_t port;
1377:
1378: if ((bits & MACH_PORT_TYPE_RECEIVE) == 0)
1379: goto invalid_right;
1380:
1381: port = (ipc_port_t) entry->ie_object;
1382: assert(port != IP_NULL);
1383:
1384: ip_lock(port);
1385: assert(ip_active(port));
1386: assert(port->ip_receiver_name == name);
1387: assert(port->ip_receiver == space);
1388:
1389: port->ip_mscount++;
1390: port->ip_srights++;
1391: ip_reference(port);
1392: ip_unlock(port);
1393:
1394: *objectp = (ipc_object_t) port;
1395: *sorightp = IP_NULL;
1396: break;
1397: }
1398:
1399: case MACH_MSG_TYPE_MAKE_SEND_ONCE: {
1400: ipc_port_t port;
1401:
1402: if ((bits & MACH_PORT_TYPE_RECEIVE) == 0)
1403: goto invalid_right;
1404:
1405: port = (ipc_port_t) entry->ie_object;
1406: assert(port != IP_NULL);
1407:
1408: ip_lock(port);
1409: assert(ip_active(port));
1410: assert(port->ip_receiver_name == name);
1411: assert(port->ip_receiver == space);
1412:
1413: port->ip_sorights++;
1414: ip_reference(port);
1415: ip_unlock(port);
1416:
1417: *objectp = (ipc_object_t) port;
1418: *sorightp = IP_NULL;
1419: break;
1420: }
1421:
1422: case MACH_MSG_TYPE_MOVE_RECEIVE: {
1423: ipc_port_t port;
1424: ipc_port_t dnrequest = IP_NULL;
1425:
1426: if ((bits & MACH_PORT_TYPE_RECEIVE) == 0)
1427: goto invalid_right;
1428:
1429: port = (ipc_port_t) entry->ie_object;
1430: assert(port != IP_NULL);
1431:
1432: ip_lock(port);
1433: assert(ip_active(port));
1434: assert(port->ip_receiver_name == name);
1435: assert(port->ip_receiver == space);
1436:
1437: if (bits & MACH_PORT_TYPE_SEND) {
1438: assert(IE_BITS_TYPE(bits) ==
1439: MACH_PORT_TYPE_SEND_RECEIVE);
1440: assert(IE_BITS_UREFS(bits) > 0);
1441: assert(port->ip_srights > 0);
1442:
1443: ipc_hash_insert(space, (ipc_object_t) port,
1444: name, entry);
1445: ip_reference(port);
1446: } else {
1447: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_RECEIVE);
1448: assert(IE_BITS_UREFS(bits) == 0);
1449:
1450: dnrequest = ipc_right_dncancel_macro(space, port,
1451: name, entry);
1452: entry->ie_object = IO_NULL;
1453: }
1454: entry->ie_bits = bits &~ MACH_PORT_TYPE_RECEIVE;
1455:
1456: ipc_port_clear_receiver(port);
1457:
1458: port->ip_receiver_name = MACH_PORT_NULL;
1459: port->ip_destination = IP_NULL;
1460: ip_unlock(port);
1461:
1462: *objectp = (ipc_object_t) port;
1463: *sorightp = dnrequest;
1464: break;
1465: }
1466:
1467: case MACH_MSG_TYPE_COPY_SEND: {
1468: ipc_port_t port;
1469:
1470: if (bits & MACH_PORT_TYPE_DEAD_NAME)
1471: goto copy_dead;
1472:
1473: /* allow for dead send-once rights */
1474:
1475: if ((bits & MACH_PORT_TYPE_SEND_RIGHTS) == 0)
1476: goto invalid_right;
1477:
1478: assert(IE_BITS_UREFS(bits) > 0);
1479:
1480: port = (ipc_port_t) entry->ie_object;
1481: assert(port != IP_NULL);
1482:
1483: if (ipc_right_check(space, port, name, entry)) {
1484: bits = entry->ie_bits;
1485: goto copy_dead;
1486: }
1487: /* port is locked and active */
1488:
1489: if ((bits & MACH_PORT_TYPE_SEND) == 0) {
1490: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE);
1491: assert(port->ip_sorights > 0);
1492:
1493: ip_unlock(port);
1494: goto invalid_right;
1495: }
1496:
1497: assert(port->ip_srights > 0);
1498:
1499: port->ip_srights++;
1500: ip_reference(port);
1501: ip_unlock(port);
1502:
1503: *objectp = (ipc_object_t) port;
1504: *sorightp = IP_NULL;
1505: break;
1506: }
1507:
1508: case MACH_MSG_TYPE_MOVE_SEND: {
1509: ipc_port_t port;
1510: ipc_port_t dnrequest = IP_NULL;
1511:
1512: if (bits & MACH_PORT_TYPE_DEAD_NAME)
1513: goto move_dead;
1514:
1515: /* allow for dead send-once rights */
1516:
1517: if ((bits & MACH_PORT_TYPE_SEND_RIGHTS) == 0)
1518: goto invalid_right;
1519:
1520: assert(IE_BITS_UREFS(bits) > 0);
1521:
1522: port = (ipc_port_t) entry->ie_object;
1523: assert(port != IP_NULL);
1524:
1525: if (ipc_right_check(space, port, name, entry)) {
1526: bits = entry->ie_bits;
1527: goto move_dead;
1528: }
1529: /* port is locked and active */
1530:
1531: if ((bits & MACH_PORT_TYPE_SEND) == 0) {
1532: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE);
1533: assert(port->ip_sorights > 0);
1534:
1535: ip_unlock(port);
1536: goto invalid_right;
1537: }
1538:
1539: assert(port->ip_srights > 0);
1540:
1541: if (IE_BITS_UREFS(bits) == 1) {
1542: if (bits & MACH_PORT_TYPE_RECEIVE) {
1543: assert(port->ip_receiver_name == name);
1544: assert(port->ip_receiver == space);
1545: assert(IE_BITS_TYPE(bits) ==
1546: MACH_PORT_TYPE_SEND_RECEIVE);
1547:
1548: ip_reference(port);
1549: } else {
1550: assert(IE_BITS_TYPE(bits) ==
1551: MACH_PORT_TYPE_SEND);
1552:
1553: dnrequest = ipc_right_dncancel_macro(space, port,
1554: name, entry);
1555: ipc_hash_delete(space, (ipc_object_t) port,
1556: name, entry);
1557: entry->ie_object = IO_NULL;
1558: }
1559: entry->ie_bits = bits &~
1560: (IE_BITS_UREFS_MASK|MACH_PORT_TYPE_SEND);
1561: } else {
1562: port->ip_srights++;
1563: ip_reference(port);
1564: entry->ie_bits = bits-1; /* decrement urefs */
1565: }
1566:
1567: ip_unlock(port);
1568:
1569: *objectp = (ipc_object_t) port;
1570: *sorightp = dnrequest;
1571: break;
1572: }
1573:
1574: case MACH_MSG_TYPE_MOVE_SEND_ONCE: {
1575: ipc_port_t port;
1576: ipc_port_t dnrequest;
1577:
1578: if (bits & MACH_PORT_TYPE_DEAD_NAME)
1579: goto move_dead;
1580:
1581: /* allow for dead send rights */
1582:
1583: if ((bits & MACH_PORT_TYPE_SEND_RIGHTS) == 0)
1584: goto invalid_right;
1585:
1586: assert(IE_BITS_UREFS(bits) > 0);
1587:
1588: port = (ipc_port_t) entry->ie_object;
1589: assert(port != IP_NULL);
1590:
1591: if (ipc_right_check(space, port, name, entry)) {
1592: bits = entry->ie_bits;
1593: goto move_dead;
1594: }
1595: /* port is locked and active */
1596:
1597: if ((bits & MACH_PORT_TYPE_SEND_ONCE) == 0) {
1598: assert(bits & MACH_PORT_TYPE_SEND);
1599: assert(port->ip_srights > 0);
1600:
1601: ip_unlock(port);
1602: goto invalid_right;
1603: }
1604:
1605: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE);
1606: assert(IE_BITS_UREFS(bits) == 1);
1607: assert(port->ip_sorights > 0);
1608:
1609: dnrequest = ipc_right_dncancel_macro(space, port, name, entry);
1610: ip_unlock(port);
1611:
1612: entry->ie_object = IO_NULL;
1613: entry->ie_bits = bits &~
1614: (IE_BITS_UREFS_MASK | MACH_PORT_TYPE_SEND_ONCE);
1615:
1616: *objectp = (ipc_object_t) port;
1617: *sorightp = dnrequest;
1618: break;
1619: }
1620:
1621: default:
1622: panic("ipc_right_copyin: strange rights");
1623: }
1624:
1625: return KERN_SUCCESS;
1626:
1627: copy_dead:
1628: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_DEAD_NAME);
1629: assert(IE_BITS_UREFS(bits) > 0);
1630: assert(entry->ie_request == 0);
1631: assert(entry->ie_object == 0);
1632:
1633: if (!deadok)
1634: goto invalid_right;
1635:
1636: *objectp = IO_DEAD;
1637: *sorightp = IP_NULL;
1638: return KERN_SUCCESS;
1639:
1640: move_dead:
1641: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_DEAD_NAME);
1642: assert(IE_BITS_UREFS(bits) > 0);
1643: assert(entry->ie_request == 0);
1644: assert(entry->ie_object == 0);
1645:
1646: if (!deadok)
1647: goto invalid_right;
1648:
1649: if (IE_BITS_UREFS(bits) == 1) {
1650: bits &= ~MACH_PORT_TYPE_DEAD_NAME;
1651: }
1652: entry->ie_bits = bits-1; /* decrement urefs */
1653:
1654: *objectp = IO_DEAD;
1655: *sorightp = IP_NULL;
1656: return KERN_SUCCESS;
1657:
1658: invalid_right:
1659: return KERN_INVALID_RIGHT;
1660: }
1661:
1662: /*
1663: * Routine: ipc_right_copyin_undo
1664: * Purpose:
1665: * Undoes the effects of an ipc_right_copyin
1666: * of a send/send-once right that is dead.
1667: * (Object is either IO_DEAD or a dead port.)
1668: * Conditions:
1669: * The space is write-locked and active.
1670: */
1671:
1672: void
1673: ipc_right_copyin_undo(
1674: ipc_space_t space,
1675: mach_port_name_t name,
1676: ipc_entry_t entry,
1677: mach_msg_type_name_t msgt_name,
1678: ipc_object_t object,
1679: ipc_port_t soright)
1680: {
1681: ipc_entry_bits_t bits;
1682:
1683: bits = entry->ie_bits;
1684:
1685: assert(space->is_active);
1686:
1687: assert((msgt_name == MACH_MSG_TYPE_MOVE_SEND) ||
1688: (msgt_name == MACH_MSG_TYPE_COPY_SEND) ||
1689: (msgt_name == MACH_MSG_TYPE_MOVE_SEND_ONCE));
1690:
1691: if (soright != IP_NULL) {
1692: assert((msgt_name == MACH_MSG_TYPE_MOVE_SEND) ||
1693: (msgt_name == MACH_MSG_TYPE_MOVE_SEND_ONCE));
1694: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_NONE);
1695: assert(object != IO_DEAD);
1696:
1697: entry->ie_bits = ((bits &~ IE_BITS_RIGHT_MASK) |
1698: MACH_PORT_TYPE_DEAD_NAME | 2);
1699:
1700: } else if (IE_BITS_TYPE(bits) == MACH_PORT_TYPE_NONE) {
1701: assert((msgt_name == MACH_MSG_TYPE_MOVE_SEND) ||
1702: (msgt_name == MACH_MSG_TYPE_MOVE_SEND_ONCE));
1703:
1704: entry->ie_bits = ((bits &~ IE_BITS_RIGHT_MASK) |
1705: MACH_PORT_TYPE_DEAD_NAME | 1);
1706: } else if (IE_BITS_TYPE(bits) == MACH_PORT_TYPE_DEAD_NAME) {
1707: assert(object == IO_DEAD);
1708: assert(IE_BITS_UREFS(bits) > 0);
1709:
1710: if (msgt_name != MACH_MSG_TYPE_COPY_SEND) {
1711: assert(IE_BITS_UREFS(bits) < MACH_PORT_UREFS_MAX);
1712: entry->ie_bits = bits+1; /* increment urefs */
1713: }
1714: } else {
1715: assert((msgt_name == MACH_MSG_TYPE_MOVE_SEND) ||
1716: (msgt_name == MACH_MSG_TYPE_COPY_SEND));
1717: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND);
1718: assert(object != IO_DEAD);
1719: assert(entry->ie_object == object);
1720: assert(IE_BITS_UREFS(bits) > 0);
1721:
1722: if (msgt_name != MACH_MSG_TYPE_COPY_SEND) {
1723: assert(IE_BITS_UREFS(bits) < MACH_PORT_UREFS_MAX-1);
1724: entry->ie_bits = bits+1; /* increment urefs */
1725: }
1726:
1727: /*
1728: * May as well convert the entry to a dead name.
1729: * (Or if it is a compat entry, destroy it.)
1730: */
1731:
1732: (void) ipc_right_check(space, (ipc_port_t) object,
1733: name, entry);
1734: /* object is dead so it is not locked */
1735: }
1736:
1737: /* release the reference acquired by copyin */
1738:
1739: if (object != IO_DEAD)
1740: ipc_object_release(object);
1741: }
1742:
1743: /*
1744: * Routine: ipc_right_copyin_two
1745: * Purpose:
1746: * Like ipc_right_copyin with MACH_MSG_TYPE_MOVE_SEND
1747: * and deadok == FALSE, except that this moves two
1748: * send rights at once.
1749: * Conditions:
1750: * The space is write-locked and active.
1751: * The object is returned with two refs/send rights.
1752: * Returns:
1753: * KERN_SUCCESS Acquired an object.
1754: * KERN_INVALID_RIGHT Name doesn't denote correct right.
1755: */
1756:
1757: kern_return_t
1758: ipc_right_copyin_two(
1759: ipc_space_t space,
1760: mach_port_name_t name,
1761: ipc_entry_t entry,
1762: ipc_object_t *objectp,
1763: ipc_port_t *sorightp)
1764: {
1765: ipc_entry_bits_t bits;
1766: mach_port_urefs_t urefs;
1767: ipc_port_t port;
1768: ipc_port_t dnrequest = IP_NULL;
1769:
1770: assert(space->is_active);
1771:
1772: bits = entry->ie_bits;
1773:
1774: if ((bits & MACH_PORT_TYPE_SEND) == 0)
1775: goto invalid_right;
1776:
1777: urefs = IE_BITS_UREFS(bits);
1778: if (urefs < 2)
1779: goto invalid_right;
1780:
1781: port = (ipc_port_t) entry->ie_object;
1782: assert(port != IP_NULL);
1783:
1784: if (ipc_right_check(space, port, name, entry)) {
1785: goto invalid_right;
1786: }
1787: /* port is locked and active */
1788:
1789: assert(port->ip_srights > 0);
1790:
1791: if (urefs == 2) {
1792: if (bits & MACH_PORT_TYPE_RECEIVE) {
1793: assert(port->ip_receiver_name == name);
1794: assert(port->ip_receiver == space);
1795: assert(IE_BITS_TYPE(bits) ==
1796: MACH_PORT_TYPE_SEND_RECEIVE);
1797:
1798: port->ip_srights++;
1799: ip_reference(port);
1800: ip_reference(port);
1801: } else {
1802: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND);
1803:
1804: dnrequest = ipc_right_dncancel_macro(space, port,
1805: name, entry);
1806:
1807: port->ip_srights++;
1808: ip_reference(port);
1809: ipc_hash_delete(space, (ipc_object_t) port,
1810: name, entry);
1811: entry->ie_object = IO_NULL;
1812: }
1813: entry->ie_bits = bits &~ (IE_BITS_UREFS_MASK|MACH_PORT_TYPE_SEND);
1814: } else {
1815: port->ip_srights += 2;
1816: ip_reference(port);
1817: ip_reference(port);
1818: entry->ie_bits = bits-2; /* decrement urefs */
1819: }
1820: ip_unlock(port);
1821:
1822: *objectp = (ipc_object_t) port;
1823: *sorightp = dnrequest;
1824: return KERN_SUCCESS;
1825:
1826: invalid_right:
1827: return KERN_INVALID_RIGHT;
1828: }
1829:
1830: /*
1831: * Routine: ipc_right_copyout
1832: * Purpose:
1833: * Copyout a capability to a space.
1834: * If successful, consumes a ref for the object.
1835: *
1836: * Always succeeds when given a newly-allocated entry,
1837: * because user-reference overflow isn't a possibility.
1838: *
1839: * If copying out the object would cause the user-reference
1840: * count in the entry to overflow, and overflow is TRUE,
1841: * then instead the user-reference count is left pegged
1842: * to its maximum value and the copyout succeeds anyway.
1843: * Conditions:
1844: * The space is write-locked and active.
1845: * The object is locked and active.
1846: * The object is unlocked; the space isn't.
1847: * Returns:
1848: * KERN_SUCCESS Copied out capability.
1849: * KERN_UREFS_OVERFLOW User-refs would overflow;
1850: * guaranteed not to happen with a fresh entry
1851: * or if overflow=TRUE was specified.
1852: */
1853:
1854: kern_return_t
1855: ipc_right_copyout(
1856: ipc_space_t space,
1857: mach_port_name_t name,
1858: ipc_entry_t entry,
1859: mach_msg_type_name_t msgt_name,
1860: boolean_t overflow,
1861: ipc_object_t object)
1862: {
1863: ipc_entry_bits_t bits;
1864: ipc_port_t port;
1865:
1866: bits = entry->ie_bits;
1867:
1868: assert(IO_VALID(object));
1869: assert(io_otype(object) == IOT_PORT);
1870: assert(io_active(object));
1871: assert(entry->ie_object == object);
1872:
1873: port = (ipc_port_t) object;
1874:
1875: switch (msgt_name) {
1876: case MACH_MSG_TYPE_PORT_SEND_ONCE:
1877:
1878: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_NONE);
1879: assert(port->ip_sorights > 0);
1880:
1881: /* transfer send-once right and ref to entry */
1882: ip_unlock(port);
1883:
1884: entry->ie_bits = bits | (MACH_PORT_TYPE_SEND_ONCE | 1);
1885: break;
1886:
1887: case MACH_MSG_TYPE_PORT_SEND:
1888: assert(port->ip_srights > 0);
1889:
1890: if (bits & MACH_PORT_TYPE_SEND) {
1891: mach_port_urefs_t urefs = IE_BITS_UREFS(bits);
1892:
1893: assert(port->ip_srights > 1);
1894: assert(urefs > 0);
1895: assert(urefs < MACH_PORT_UREFS_MAX);
1896:
1897: if (urefs+1 == MACH_PORT_UREFS_MAX) {
1898: if (overflow) {
1899: /* leave urefs pegged to maximum */
1900:
1901: port->ip_srights--;
1902: ip_release(port);
1903: ip_unlock(port);
1904: return KERN_SUCCESS;
1905: }
1906:
1907: ip_unlock(port);
1908: return KERN_UREFS_OVERFLOW;
1909: }
1910:
1911: port->ip_srights--;
1912: ip_release(port);
1913: ip_unlock(port);
1914: } else if (bits & MACH_PORT_TYPE_RECEIVE) {
1915: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_RECEIVE);
1916: assert(IE_BITS_UREFS(bits) == 0);
1917:
1918: /* transfer send right to entry */
1919: ip_release(port);
1920: ip_unlock(port);
1921: } else {
1922: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_NONE);
1923: assert(IE_BITS_UREFS(bits) == 0);
1924:
1925: /* transfer send right and ref to entry */
1926: ip_unlock(port);
1927:
1928: /* entry is locked holding ref, so can use port */
1929:
1930: ipc_hash_insert(space, (ipc_object_t) port,
1931: name, entry);
1932: }
1933:
1934: entry->ie_bits = (bits | MACH_PORT_TYPE_SEND) + 1;
1935: break;
1936:
1937: case MACH_MSG_TYPE_PORT_RECEIVE: {
1938: ipc_port_t dest;
1939:
1940: assert(port->ip_mscount == 0);
1941: assert(port->ip_receiver_name == MACH_PORT_NULL);
1942: dest = port->ip_destination;
1943:
1944: port->ip_receiver_name = name;
1945: port->ip_receiver = space;
1946:
1947: assert((bits & MACH_PORT_TYPE_RECEIVE) == 0);
1948:
1949: if (bits & MACH_PORT_TYPE_SEND) {
1950: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND);
1951: assert(IE_BITS_UREFS(bits) > 0);
1952: assert(port->ip_srights > 0);
1953:
1954: ip_release(port);
1955: ip_unlock(port);
1956:
1957: /* entry is locked holding ref, so can use port */
1958:
1959: ipc_hash_delete(space, (ipc_object_t) port,
1960: name, entry);
1961: } else {
1962: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_NONE);
1963: assert(IE_BITS_UREFS(bits) == 0);
1964:
1965: /* transfer ref to entry */
1966: ip_unlock(port);
1967: }
1968: entry->ie_bits = bits | MACH_PORT_TYPE_RECEIVE;
1969:
1970: if (dest != IP_NULL)
1971: ipc_port_release(dest);
1972: break;
1973: }
1974:
1975: default:
1976: panic("ipc_right_copyout: strange rights");
1977: }
1978:
1979: return KERN_SUCCESS;
1980: }
1981:
1982: /*
1983: * Routine: ipc_right_rename
1984: * Purpose:
1985: * Transfer an entry from one name to another.
1986: * The old entry is deallocated.
1987: * Conditions:
1988: * The space is write-locked and active.
1989: * The new entry is unused. Upon return,
1990: * the space is unlocked.
1991: * Returns:
1992: * KERN_SUCCESS Moved entry to new name.
1993: */
1994:
1995: kern_return_t
1996: ipc_right_rename(
1997: ipc_space_t space,
1998: mach_port_name_t oname,
1999: ipc_entry_t oentry,
2000: mach_port_name_t nname,
2001: ipc_entry_t nentry)
2002: {
2003: ipc_port_request_index_t request = oentry->ie_request;
2004: ipc_entry_bits_t bits = oentry->ie_bits;
2005: ipc_object_t object = oentry->ie_object;
2006:
2007: assert(space->is_active);
2008: assert(oname != nname);
2009:
2010: /*
2011: * If IE_BITS_COMPAT, we can't allow the entry to be renamed
2012: * if the port is dead. (This would foil ipc_port_destroy.)
2013: * Instead we should fail because oentry shouldn't exist.
2014: * Note IE_BITS_COMPAT implies ie_request != 0.
2015: */
2016:
2017: if (request != 0) {
2018: ipc_port_t port;
2019:
2020: assert(bits & MACH_PORT_TYPE_PORT_RIGHTS);
2021: port = (ipc_port_t) object;
2022: assert(port != IP_NULL);
2023:
2024: if (ipc_right_check(space, port, oname, oentry)) {
2025: request = 0;
2026: object = IO_NULL;
2027: bits = oentry->ie_bits;
2028: assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_DEAD_NAME);
2029: assert(oentry->ie_request == 0);
2030: } else {
2031: /* port is locked and active */
2032:
2033: ipc_port_dnrename(port, request, oname, nname);
2034: ip_unlock(port);
2035: oentry->ie_request = 0;
2036: }
2037: }
2038:
2039: /* initialize nentry before letting ipc_hash_insert see it */
2040:
2041: assert((nentry->ie_bits & IE_BITS_RIGHT_MASK) == 0);
2042: nentry->ie_bits |= bits & IE_BITS_RIGHT_MASK;
2043: nentry->ie_request = request;
2044: nentry->ie_object = object;
2045:
2046: switch (IE_BITS_TYPE(bits)) {
2047: case MACH_PORT_TYPE_SEND: {
2048: ipc_port_t port;
2049:
2050: port = (ipc_port_t) object;
2051: assert(port != IP_NULL);
2052:
2053: /* remember, there are no other share entries possible */
2054: /* or we can't do the rename. Therefore we do not need */
2055: /* to check the other subspaces */
2056: ipc_hash_delete(space, (ipc_object_t) port, oname, oentry);
2057: ipc_hash_insert(space, (ipc_object_t) port, nname, nentry);
2058: break;
2059: }
2060:
2061: case MACH_PORT_TYPE_RECEIVE:
2062: case MACH_PORT_TYPE_SEND_RECEIVE: {
2063: ipc_port_t port;
2064:
2065: port = (ipc_port_t) object;
2066: assert(port != IP_NULL);
2067:
2068: ip_lock(port);
2069: assert(ip_active(port));
2070: assert(port->ip_receiver_name == oname);
2071: assert(port->ip_receiver == space);
2072:
2073: port->ip_receiver_name = nname;
2074: ip_unlock(port);
2075: break;
2076: }
2077:
2078: case MACH_PORT_TYPE_PORT_SET: {
2079: ipc_pset_t pset;
2080:
2081: pset = (ipc_pset_t) object;
2082: assert(pset != IPS_NULL);
2083:
2084: ips_lock(pset);
2085: assert(ips_active(pset));
2086: assert(pset->ips_local_name == oname);
2087:
2088: pset->ips_local_name = nname;
2089: ips_unlock(pset);
2090: break;
2091: }
2092:
2093: case MACH_PORT_TYPE_SEND_ONCE:
2094: case MACH_PORT_TYPE_DEAD_NAME:
2095: break;
2096:
2097: default:
2098: panic("ipc_right_rename: strange rights");
2099: }
2100:
2101: assert(oentry->ie_request == 0);
2102: oentry->ie_object = IO_NULL;
2103: ipc_entry_dealloc(space, oname, oentry);
2104: is_write_unlock(space);
2105:
2106: return KERN_SUCCESS;
2107: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.