| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2000-2007 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | /* |
| 29 | * @OSF_COPYRIGHT@ |
| 30 | */ |
| 31 | /* |
| 32 | * Mach Operating System |
| 33 | * Copyright (c) 1991,1990,1989 Carnegie Mellon University |
| 34 | * All Rights Reserved. |
| 35 | * |
| 36 | * Permission to use, copy, modify and distribute this software and its |
| 37 | * documentation is hereby granted, provided that both the copyright |
| 38 | * notice and this permission notice appear in all copies of the |
| 39 | * software, derivative works or modified versions, and any portions |
| 40 | * thereof, and that both notices appear in supporting documentation. |
| 41 | * |
| 42 | * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" |
| 43 | * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR |
| 44 | * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. |
| 45 | * |
| 46 | * Carnegie Mellon requests users of this software to return to |
| 47 | * |
| 48 | * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU |
| 49 | * School of Computer Science |
| 50 | * Carnegie Mellon University |
| 51 | * Pittsburgh PA 15213-3890 |
| 52 | * |
| 53 | * any improvements or extensions that they make and grant Carnegie Mellon |
| 54 | * the rights to redistribute these changes. |
| 55 | */ |
| 56 | /* |
| 57 | * NOTICE: This file was modified by McAfee Research in 2004 to introduce |
| 58 | * support for mandatory and extensible security protections. This notice |
| 59 | * is included in support of clause 2.2 (b) of the Apple Public License, |
| 60 | * Version 2.0. |
| 61 | * Copyright (c) 2005 SPARTA, Inc. |
| 62 | */ |
| 63 | /* |
| 64 | */ |
| 65 | /* |
| 66 | * File: ipc/mach_msg.c |
| 67 | * Author: Rich Draves |
| 68 | * Date: 1989 |
| 69 | * |
| 70 | * Exported message traps. See mach/message.h. |
| 71 | */ |
| 72 | |
| 73 | #include <mach/mach_types.h> |
| 74 | #include <mach/kern_return.h> |
| 75 | #include <mach/port.h> |
| 76 | #include <mach/message.h> |
| 77 | #include <mach/mig_errors.h> |
| 78 | #include <mach/mach_traps.h> |
| 79 | |
| 80 | #include <kern/kern_types.h> |
| 81 | #include <kern/assert.h> |
| 82 | #include <kern/counters.h> |
| 83 | #include <kern/cpu_number.h> |
| 84 | #include <kern/ipc_kobject.h> |
| 85 | #include <kern/ipc_mig.h> |
| 86 | #include <kern/task.h> |
| 87 | #include <kern/thread.h> |
| 88 | #include <kern/sched_prim.h> |
| 89 | #include <kern/exception.h> |
| 90 | #include <kern/misc_protos.h> |
| 91 | #include <kern/kalloc.h> |
| 92 | #include <kern/processor.h> |
| 93 | #include <kern/syscall_subr.h> |
| 94 | #include <kern/policy_internal.h> |
| 95 | |
| 96 | #include <vm/vm_map.h> |
| 97 | |
| 98 | #include <ipc/port.h> |
| 99 | #include <ipc/ipc_types.h> |
| 100 | #include <ipc/ipc_kmsg.h> |
| 101 | #include <ipc/ipc_mqueue.h> |
| 102 | #include <ipc/ipc_object.h> |
| 103 | #include <ipc/ipc_notify.h> |
| 104 | #include <ipc/ipc_port.h> |
| 105 | #include <ipc/ipc_pset.h> |
| 106 | #include <ipc/ipc_space.h> |
| 107 | #include <ipc/ipc_entry.h> |
| 108 | #include <ipc/ipc_importance.h> |
| 109 | #include <ipc/ipc_voucher.h> |
| 110 | |
| 111 | #include <machine/machine_routines.h> |
| 112 | #include <security/mac_mach_internal.h> |
| 113 | |
| 114 | #include <sys/kdebug.h> |
| 115 | |
| 116 | #ifndef offsetof |
| 117 | #define offsetof(type, member) ((size_t)(&((type *)0)->member)) |
| 118 | #endif /* offsetof */ |
| 119 | |
| 120 | /* |
| 121 | * Forward declarations - kernel internal routines |
| 122 | */ |
| 123 | |
| 124 | mach_msg_return_t mach_msg_send( |
| 125 | mach_msg_header_t *msg, |
| 126 | mach_msg_option_t option, |
| 127 | mach_msg_size_t send_size, |
| 128 | mach_msg_timeout_t send_timeout, |
| 129 | mach_port_name_t notify); |
| 130 | |
| 131 | mach_msg_return_t mach_msg_receive( |
| 132 | mach_msg_header_t *msg, |
| 133 | mach_msg_option_t option, |
| 134 | mach_msg_size_t rcv_size, |
| 135 | mach_port_name_t rcv_name, |
| 136 | mach_msg_timeout_t rcv_timeout, |
| 137 | void (*continuation)(mach_msg_return_t), |
| 138 | mach_msg_size_t slist_size); |
| 139 | |
| 140 | |
| 141 | mach_msg_return_t msg_receive_error( |
| 142 | ipc_kmsg_t kmsg, |
| 143 | mach_msg_option_t option, |
| 144 | mach_vm_address_t rcv_addr, |
| 145 | mach_msg_size_t rcv_size, |
| 146 | mach_port_seqno_t seqno, |
| 147 | ipc_space_t space, |
| 148 | mach_msg_size_t *out_size); |
| 149 | |
| 150 | static mach_msg_return_t |
| 151 | mach_msg_rcv_link_special_reply_port( |
| 152 | ipc_port_t special_reply_port, |
| 153 | mach_port_name_t dest_name_port); |
| 154 | |
| 155 | void |
| 156 | mach_msg_receive_results_complete(ipc_object_t object); |
| 157 | |
| 158 | security_token_t KERNEL_SECURITY_TOKEN = KERNEL_SECURITY_TOKEN_VALUE; |
| 159 | audit_token_t KERNEL_AUDIT_TOKEN = KERNEL_AUDIT_TOKEN_VALUE; |
| 160 | |
| 161 | mach_msg_format_0_trailer_t trailer_template = { |
| 162 | /* mach_msg_trailer_type_t */ MACH_MSG_TRAILER_FORMAT_0, |
| 163 | /* mach_msg_trailer_size_t */ MACH_MSG_TRAILER_MINIMUM_SIZE, |
| 164 | /* mach_port_seqno_t */ 0, |
| 165 | /* security_token_t */ KERNEL_SECURITY_TOKEN_VALUE |
| 166 | }; |
| 167 | |
| 168 | /* |
| 169 | * Routine: mach_msg_send [Kernel Internal] |
| 170 | * Purpose: |
| 171 | * Routine for kernel-task threads to send a message. |
| 172 | * |
| 173 | * Unlike mach_msg_send_from_kernel(), this routine |
| 174 | * looks port names up in the kernel's port namespace |
| 175 | * and copies in the kernel virtual memory (instead |
| 176 | * of taking a vm_map_copy_t pointer for OOL descriptors). |
| 177 | * Conditions: |
| 178 | * Nothing locked. |
| 179 | * Returns: |
| 180 | * MACH_MSG_SUCCESS Sent the message. |
| 181 | * MACH_SEND_MSG_TOO_SMALL Message smaller than a header. |
| 182 | * MACH_SEND_NO_BUFFER Couldn't allocate buffer. |
| 183 | * MACH_SEND_INVALID_DATA Couldn't copy message data. |
| 184 | * MACH_SEND_INVALID_HEADER |
| 185 | * Illegal value in the message header bits. |
| 186 | * MACH_SEND_INVALID_DEST The space is dead. |
| 187 | * MACH_SEND_INVALID_NOTIFY Bad notify port. |
| 188 | * MACH_SEND_INVALID_DEST Can't copyin destination port. |
| 189 | * MACH_SEND_INVALID_REPLY Can't copyin reply port. |
| 190 | * MACH_SEND_TIMED_OUT Timeout expired without delivery. |
| 191 | * MACH_SEND_INTERRUPTED Delivery interrupted. |
| 192 | */ |
| 193 | |
| 194 | mach_msg_return_t |
| 195 | mach_msg_send( |
| 196 | mach_msg_header_t *msg, |
| 197 | mach_msg_option_t option, |
| 198 | mach_msg_size_t send_size, |
| 199 | mach_msg_timeout_t send_timeout, |
| 200 | mach_msg_priority_t override) |
| 201 | { |
| 202 | ipc_space_t space = current_space(); |
| 203 | vm_map_t map = current_map(); |
| 204 | ipc_kmsg_t kmsg; |
| 205 | mach_msg_return_t mr; |
| 206 | mach_msg_size_t msg_and_trailer_size; |
| 207 | mach_msg_max_trailer_t *trailer; |
| 208 | |
| 209 | option |= MACH_SEND_KERNEL; |
| 210 | |
| 211 | if ((send_size & 3) || |
| 212 | send_size < sizeof(mach_msg_header_t) || |
| 213 | (send_size < sizeof(mach_msg_base_t) && (msg->msgh_bits & MACH_MSGH_BITS_COMPLEX))) |
| 214 | return MACH_SEND_MSG_TOO_SMALL; |
| 215 | |
| 216 | if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE) |
| 217 | return MACH_SEND_TOO_LARGE; |
| 218 | |
| 219 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
| 220 | |
| 221 | msg_and_trailer_size = send_size + MAX_TRAILER_SIZE; |
| 222 | |
| 223 | kmsg = ipc_kmsg_alloc(msg_and_trailer_size); |
| 224 | |
| 225 | if (kmsg == IKM_NULL) { |
| 226 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, MACH_SEND_NO_BUFFER); |
| 227 | return MACH_SEND_NO_BUFFER; |
| 228 | } |
| 229 | |
| 230 | KERNEL_DEBUG_CONSTANT(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_LINK) | DBG_FUNC_NONE, |
| 231 | (uintptr_t)0, /* this should only be called from the kernel! */ |
| 232 | VM_KERNEL_ADDRPERM((uintptr_t)kmsg), |
| 233 | 0, 0, |
| 234 | 0); |
| 235 | (void) memcpy((void *) kmsg->ikm_header, (const void *) msg, send_size); |
| 236 | |
| 237 | kmsg->ikm_header->msgh_size = send_size; |
| 238 | |
| 239 | /* |
| 240 | * reserve for the trailer the largest space (MAX_TRAILER_SIZE) |
| 241 | * However, the internal size field of the trailer (msgh_trailer_size) |
| 242 | * is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize |
| 243 | * the cases where no implicit data is requested. |
| 244 | */ |
| 245 | trailer = (mach_msg_max_trailer_t *) ((vm_offset_t)kmsg->ikm_header + send_size); |
| 246 | trailer->msgh_sender = current_thread()->task->sec_token; |
| 247 | trailer->msgh_audit = current_thread()->task->audit_token; |
| 248 | trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0; |
| 249 | trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE; |
| 250 | |
| 251 | mr = ipc_kmsg_copyin(kmsg, space, map, override, &option); |
| 252 | |
| 253 | if (mr != MACH_MSG_SUCCESS) { |
| 254 | ipc_kmsg_free(kmsg); |
| 255 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 256 | return mr; |
| 257 | } |
| 258 | |
| 259 | mr = ipc_kmsg_send(kmsg, option, send_timeout); |
| 260 | |
| 261 | if (mr != MACH_MSG_SUCCESS) { |
| 262 | mr |= ipc_kmsg_copyout_pseudo(kmsg, space, map, MACH_MSG_BODY_NULL); |
| 263 | (void) memcpy((void *) msg, (const void *) kmsg->ikm_header, |
| 264 | kmsg->ikm_header->msgh_size); |
| 265 | ipc_kmsg_free(kmsg); |
| 266 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 267 | } |
| 268 | |
| 269 | return mr; |
| 270 | } |
| 271 | |
| 272 | /* |
| 273 | * message header as seen at user-space |
| 274 | * (for MACH_RCV_LARGE/IDENTITY updating) |
| 275 | */ |
| 276 | typedef struct |
| 277 | { |
| 278 | mach_msg_bits_t msgh_bits; |
| 279 | mach_msg_size_t msgh_size; |
| 280 | mach_port_name_t msgh_remote_port; |
| 281 | mach_port_name_t msgh_local_port; |
| 282 | mach_msg_size_t msgh_reserved; |
| 283 | mach_msg_id_t msgh_id; |
| 284 | } mach_msg_user_header_t; |
| 285 | |
| 286 | /* |
| 287 | * Routine: mach_msg_receive_results |
| 288 | * Purpose: |
| 289 | * Receive a message. |
| 290 | * Conditions: |
| 291 | * Nothing locked. |
| 292 | * Returns: |
| 293 | * MACH_MSG_SUCCESS Received a message. |
| 294 | * MACH_RCV_INVALID_NAME The name doesn't denote a right, |
| 295 | * or the denoted right is not receive or port set. |
| 296 | * MACH_RCV_IN_SET Receive right is a member of a set. |
| 297 | * MACH_RCV_TOO_LARGE Message wouldn't fit into buffer. |
| 298 | * MACH_RCV_TIMED_OUT Timeout expired without a message. |
| 299 | * MACH_RCV_INTERRUPTED Reception interrupted. |
| 300 | * MACH_RCV_PORT_DIED Port/set died while receiving. |
| 301 | * MACH_RCV_PORT_CHANGED Port moved into set while receiving. |
| 302 | * MACH_RCV_INVALID_DATA Couldn't copy to user buffer. |
| 303 | * MACH_RCV_INVALID_NOTIFY Bad notify port. |
| 304 | * MACH_RCV_HEADER_ERROR |
| 305 | */ |
| 306 | |
| 307 | mach_msg_return_t |
| 308 | mach_msg_receive_results( |
| 309 | mach_msg_size_t *sizep) |
| 310 | { |
| 311 | thread_t self = current_thread(); |
| 312 | ipc_space_t space = current_space(); |
| 313 | vm_map_t map = current_map(); |
| 314 | |
| 315 | ipc_object_t object = self->ith_object; |
| 316 | mach_msg_return_t mr = self->ith_state; |
| 317 | mach_vm_address_t rcv_addr = self->ith_msg_addr; |
| 318 | mach_msg_size_t rcv_size = self->ith_rsize; |
| 319 | mach_msg_option_t option = self->ith_option; |
| 320 | ipc_kmsg_t kmsg = self->ith_kmsg; |
| 321 | mach_port_seqno_t seqno = self->ith_seqno; |
| 322 | |
| 323 | mach_msg_trailer_size_t trailer_size; |
| 324 | mach_msg_size_t size = 0; |
| 325 | |
| 326 | /* |
| 327 | * unlink the special_reply_port before releasing reference to object. |
| 328 | * get the thread's turnstile, if the thread donated it's turnstile to the port |
| 329 | */ |
| 330 | mach_msg_receive_results_complete(object); |
| 331 | io_release(object); |
| 332 | |
| 333 | if (mr != MACH_MSG_SUCCESS) { |
| 334 | |
| 335 | if (mr == MACH_RCV_TOO_LARGE) { |
| 336 | |
| 337 | /* |
| 338 | * If the receive operation occurs with MACH_RCV_LARGE set |
| 339 | * then no message was extracted from the queue, and the size |
| 340 | * and (optionally) receiver names were the only thing captured. |
| 341 | * Just copyout the size (and optional port name) in a fake |
| 342 | * header. |
| 343 | */ |
| 344 | if (option & MACH_RCV_LARGE) { |
| 345 | |
| 346 | if ((option & MACH_RCV_STACK) == 0 && |
| 347 | rcv_size >= offsetof(mach_msg_user_header_t, msgh_reserved)) { |
| 348 | |
| 349 | /* |
| 350 | * We need to inform the user-level code that it needs more |
| 351 | * space. The value for how much space was returned in the |
| 352 | * msize save area instead of the message (which was left on |
| 353 | * the queue). |
| 354 | */ |
| 355 | if (option & MACH_RCV_LARGE_IDENTITY) { |
| 356 | if (copyout((char *) &self->ith_receiver_name, |
| 357 | rcv_addr + offsetof(mach_msg_user_header_t, msgh_local_port), |
| 358 | sizeof(mach_port_name_t))) |
| 359 | mr = MACH_RCV_INVALID_DATA; |
| 360 | } |
| 361 | if (copyout((char *) &self->ith_msize, |
| 362 | rcv_addr + offsetof(mach_msg_user_header_t, msgh_size), |
| 363 | sizeof(mach_msg_size_t))) |
| 364 | mr = MACH_RCV_INVALID_DATA; |
| 365 | } |
| 366 | } else { |
| 367 | |
| 368 | /* discard importance in message */ |
| 369 | ipc_importance_clean(kmsg); |
| 370 | |
| 371 | if (msg_receive_error(kmsg, option, rcv_addr, rcv_size, seqno, space, &size) |
| 372 | == MACH_RCV_INVALID_DATA) |
| 373 | mr = MACH_RCV_INVALID_DATA; |
| 374 | } |
| 375 | } |
| 376 | |
| 377 | if (sizep) |
| 378 | *sizep = size; |
| 379 | return mr; |
| 380 | } |
| 381 | |
| 382 | /* MACH_MSG_SUCCESS */ |
| 383 | |
| 384 | #if IMPORTANCE_INHERITANCE |
| 385 | |
| 386 | /* adopt/transform any importance attributes carried in the message */ |
| 387 | ipc_importance_receive(kmsg, option); |
| 388 | |
| 389 | #endif /* IMPORTANCE_INHERITANCE */ |
| 390 | |
| 391 | /* auto redeem the voucher in the message */ |
| 392 | ipc_voucher_receive_postprocessing(kmsg, option); |
| 393 | |
| 394 | trailer_size = ipc_kmsg_add_trailer(kmsg, space, option, self, seqno, FALSE, |
| 395 | kmsg->ikm_header->msgh_remote_port->ip_context); |
| 396 | |
| 397 | mr = ipc_kmsg_copyout(kmsg, space, map, MACH_MSG_BODY_NULL, option); |
| 398 | |
| 399 | if (mr != MACH_MSG_SUCCESS) { |
| 400 | |
| 401 | /* already received importance, so have to undo that here */ |
| 402 | ipc_importance_unreceive(kmsg, option); |
| 403 | |
| 404 | /* if we had a body error copyout what we have, otherwise a simple header/trailer */ |
| 405 | if ((mr &~ MACH_MSG_MASK) == MACH_RCV_BODY_ERROR) { |
| 406 | if (ipc_kmsg_put(kmsg, option, rcv_addr, rcv_size, trailer_size, &size) == MACH_RCV_INVALID_DATA) |
| 407 | mr = MACH_RCV_INVALID_DATA; |
| 408 | } else { |
| 409 | if (msg_receive_error(kmsg, option, rcv_addr, rcv_size, seqno, space, &size) |
| 410 | == MACH_RCV_INVALID_DATA) |
| 411 | mr = MACH_RCV_INVALID_DATA; |
| 412 | } |
| 413 | } else { |
| 414 | /* capture ksmg QoS values to the thread continuation state */ |
| 415 | self->ith_qos = kmsg->ikm_qos; |
| 416 | self->ith_qos_override = kmsg->ikm_qos_override; |
| 417 | mr = ipc_kmsg_put(kmsg, option, rcv_addr, rcv_size, trailer_size, &size); |
| 418 | } |
| 419 | |
| 420 | if (sizep) |
| 421 | *sizep = size; |
| 422 | return mr; |
| 423 | } |
| 424 | |
| 425 | /* |
| 426 | * Routine: mach_msg_receive [Kernel Internal] |
| 427 | * Purpose: |
| 428 | * Routine for kernel-task threads to actively receive a message. |
| 429 | * |
| 430 | * Unlike being dispatched to by ipc_kobject_server() or the |
| 431 | * reply part of mach_msg_rpc_from_kernel(), this routine |
| 432 | * looks up the receive port name in the kernel's port |
| 433 | * namespace and copies out received port rights to that namespace |
| 434 | * as well. Out-of-line memory is copied out the kernel's |
| 435 | * address space (rather than just providing the vm_map_copy_t). |
| 436 | * Conditions: |
| 437 | * Nothing locked. |
| 438 | * Returns: |
| 439 | * MACH_MSG_SUCCESS Received a message. |
| 440 | * See <mach/message.h> for list of MACH_RCV_XXX errors. |
| 441 | */ |
| 442 | mach_msg_return_t |
| 443 | mach_msg_receive( |
| 444 | mach_msg_header_t *msg, |
| 445 | mach_msg_option_t option, |
| 446 | mach_msg_size_t rcv_size, |
| 447 | mach_port_name_t rcv_name, |
| 448 | mach_msg_timeout_t rcv_timeout, |
| 449 | void (*continuation)(mach_msg_return_t), |
| 450 | __unused mach_msg_size_t slist_size) |
| 451 | { |
| 452 | thread_t self = current_thread(); |
| 453 | ipc_space_t space = current_space(); |
| 454 | ipc_object_t object; |
| 455 | ipc_mqueue_t mqueue; |
| 456 | mach_msg_return_t mr; |
| 457 | |
| 458 | mr = ipc_mqueue_copyin(space, rcv_name, &mqueue, &object); |
| 459 | if (mr != MACH_MSG_SUCCESS) { |
| 460 | return mr; |
| 461 | } |
| 462 | /* hold ref for object */ |
| 463 | |
| 464 | self->ith_msg_addr = CAST_DOWN(mach_vm_address_t, msg); |
| 465 | self->ith_object = object; |
| 466 | self->ith_rsize = rcv_size; |
| 467 | self->ith_msize = 0; |
| 468 | self->ith_option = option; |
| 469 | self->ith_continuation = continuation; |
| 470 | self->ith_knote = ITH_KNOTE_NULL; |
| 471 | |
| 472 | ipc_mqueue_receive(mqueue, option, rcv_size, rcv_timeout, THREAD_ABORTSAFE); |
| 473 | if ((option & MACH_RCV_TIMEOUT) && rcv_timeout == 0) |
| 474 | thread_poll_yield(self); |
| 475 | return mach_msg_receive_results(NULL); |
| 476 | } |
| 477 | |
| 478 | void |
| 479 | mach_msg_receive_continue(void) |
| 480 | { |
| 481 | mach_msg_return_t mr; |
| 482 | thread_t self = current_thread(); |
| 483 | |
| 484 | if (self->ith_state == MACH_PEEK_READY) |
| 485 | mr = MACH_PEEK_READY; |
| 486 | else |
| 487 | mr = mach_msg_receive_results(NULL); |
| 488 | (*self->ith_continuation)(mr); |
| 489 | } |
| 490 | |
| 491 | |
| 492 | /* |
| 493 | * Routine: mach_msg_overwrite_trap [mach trap] |
| 494 | * Purpose: |
| 495 | * Possibly send a message; possibly receive a message. |
| 496 | * Conditions: |
| 497 | * Nothing locked. |
| 498 | * Returns: |
| 499 | * All of mach_msg_send and mach_msg_receive error codes. |
| 500 | */ |
| 501 | |
| 502 | mach_msg_return_t |
| 503 | mach_msg_overwrite_trap( |
| 504 | struct mach_msg_overwrite_trap_args *args) |
| 505 | { |
| 506 | mach_vm_address_t msg_addr = args->msg; |
| 507 | mach_msg_option_t option = args->option; |
| 508 | mach_msg_size_t send_size = args->send_size; |
| 509 | mach_msg_size_t rcv_size = args->rcv_size; |
| 510 | mach_port_name_t rcv_name = args->rcv_name; |
| 511 | mach_msg_timeout_t msg_timeout = args->timeout; |
| 512 | mach_msg_priority_t override = args->override; |
| 513 | mach_vm_address_t rcv_msg_addr = args->rcv_msg; |
| 514 | __unused mach_port_seqno_t temp_seqno = 0; |
| 515 | |
| 516 | mach_msg_return_t mr = MACH_MSG_SUCCESS; |
| 517 | vm_map_t map = current_map(); |
| 518 | |
| 519 | /* Only accept options allowed by the user */ |
| 520 | option &= MACH_MSG_OPTION_USER; |
| 521 | |
| 522 | if (option & MACH_SEND_MSG) { |
| 523 | ipc_space_t space = current_space(); |
| 524 | ipc_kmsg_t kmsg; |
| 525 | |
| 526 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_START); |
| 527 | |
| 528 | mr = ipc_kmsg_get(msg_addr, send_size, &kmsg); |
| 529 | |
| 530 | if (mr != MACH_MSG_SUCCESS) { |
| 531 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 532 | return mr; |
| 533 | } |
| 534 | |
| 535 | KERNEL_DEBUG_CONSTANT(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_LINK) | DBG_FUNC_NONE, |
| 536 | (uintptr_t)msg_addr, |
| 537 | VM_KERNEL_ADDRPERM((uintptr_t)kmsg), |
| 538 | 0, 0, |
| 539 | 0); |
| 540 | |
| 541 | mr = ipc_kmsg_copyin(kmsg, space, map, override, &option); |
| 542 | |
| 543 | if (mr != MACH_MSG_SUCCESS) { |
| 544 | ipc_kmsg_free(kmsg); |
| 545 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 546 | return mr; |
| 547 | } |
| 548 | |
| 549 | mr = ipc_kmsg_send(kmsg, option, msg_timeout); |
| 550 | |
| 551 | if (mr != MACH_MSG_SUCCESS) { |
| 552 | mr |= ipc_kmsg_copyout_pseudo(kmsg, space, map, MACH_MSG_BODY_NULL); |
| 553 | (void) ipc_kmsg_put(kmsg, option, msg_addr, send_size, 0, NULL); |
| 554 | KDBG(MACHDBG_CODE(DBG_MACH_IPC,MACH_IPC_KMSG_INFO) | DBG_FUNC_END, mr); |
| 555 | return mr; |
| 556 | } |
| 557 | |
| 558 | } |
| 559 | |
| 560 | if (option & MACH_RCV_MSG) { |
| 561 | thread_t self = current_thread(); |
| 562 | ipc_space_t space = current_space(); |
| 563 | ipc_object_t object; |
| 564 | ipc_mqueue_t mqueue; |
| 565 | |
| 566 | mr = ipc_mqueue_copyin(space, rcv_name, &mqueue, &object); |
| 567 | if (mr != MACH_MSG_SUCCESS) { |
| 568 | mach_port_guard_exception(rcv_name, 0, 0, kGUARD_EXC_RCV_INVALID_NAME); |
| 569 | return mr; |
| 570 | } |
| 571 | /* hold ref for object */ |
| 572 | |
| 573 | if ((option & MACH_RCV_SYNC_WAIT) && !(option & MACH_SEND_SYNC_OVERRIDE)) { |
| 574 | ipc_port_t special_reply_port; |
| 575 | __IGNORE_WCASTALIGN(special_reply_port = (ipc_port_t) object); |
| 576 | /* link the special reply port to the destination */ |
| 577 | mr = mach_msg_rcv_link_special_reply_port(special_reply_port, |
| 578 | (mach_port_name_t)override); |
| 579 | if (mr != MACH_MSG_SUCCESS) { |
| 580 | io_release(object); |
| 581 | return mr; |
| 582 | } |
| 583 | } |
| 584 | |
| 585 | if (rcv_msg_addr != (mach_vm_address_t)0) |
| 586 | self->ith_msg_addr = rcv_msg_addr; |
| 587 | else |
| 588 | self->ith_msg_addr = msg_addr; |
| 589 | self->ith_object = object; |
| 590 | self->ith_rsize = rcv_size; |
| 591 | self->ith_msize = 0; |
| 592 | self->ith_option = option; |
| 593 | self->ith_receiver_name = MACH_PORT_NULL; |
| 594 | self->ith_continuation = thread_syscall_return; |
| 595 | self->ith_knote = ITH_KNOTE_NULL; |
| 596 | |
| 597 | ipc_mqueue_receive(mqueue, option, rcv_size, msg_timeout, THREAD_ABORTSAFE); |
| 598 | if ((option & MACH_RCV_TIMEOUT) && msg_timeout == 0) |
| 599 | thread_poll_yield(self); |
| 600 | return mach_msg_receive_results(NULL); |
| 601 | } |
| 602 | |
| 603 | return MACH_MSG_SUCCESS; |
| 604 | } |
| 605 | |
| 606 | /* |
| 607 | * Routine: mach_msg_rcv_link_special_reply_port |
| 608 | * Purpose: |
| 609 | * Link the special reply port(rcv right) to the |
| 610 | * other end of the sync ipc channel. |
| 611 | * Conditions: |
| 612 | * Nothing locked. |
| 613 | * Returns: |
| 614 | * None. |
| 615 | */ |
| 616 | static mach_msg_return_t |
| 617 | mach_msg_rcv_link_special_reply_port( |
| 618 | ipc_port_t special_reply_port, |
| 619 | mach_port_name_t dest_name_port) |
| 620 | { |
| 621 | ipc_port_t dest_port = IP_NULL; |
| 622 | kern_return_t kr; |
| 623 | |
| 624 | if (current_thread()->ith_special_reply_port != special_reply_port) { |
| 625 | return MACH_RCV_INVALID_NOTIFY; |
| 626 | } |
| 627 | |
| 628 | /* Copyin the destination port */ |
| 629 | if (!MACH_PORT_VALID(dest_name_port)) { |
| 630 | return MACH_RCV_INVALID_NOTIFY; |
| 631 | } |
| 632 | |
| 633 | kr = ipc_object_copyin(current_space(), |
| 634 | dest_name_port, MACH_MSG_TYPE_COPY_SEND, |
| 635 | (ipc_object_t *) &dest_port); |
| 636 | |
| 637 | /* |
| 638 | * The receive right of dest port might have gone away, |
| 639 | * do not fail the receive in that case. |
| 640 | */ |
| 641 | if (kr == KERN_SUCCESS && IP_VALID(dest_port)) { |
| 642 | ipc_port_link_special_reply_port(special_reply_port, |
| 643 | dest_port); |
| 644 | |
| 645 | /* release the send right */ |
| 646 | ipc_port_release_send(dest_port); |
| 647 | } |
| 648 | return MACH_MSG_SUCCESS; |
| 649 | } |
| 650 | |
| 651 | /* |
| 652 | * Routine: mach_msg_receive_results_complete |
| 653 | * Purpose: |
| 654 | * Get thread's turnstile back from the object and |
| 655 | * if object is a special reply port then reset its |
| 656 | * linkage. |
| 657 | * Condition: |
| 658 | * Nothing locked. |
| 659 | * Returns: |
| 660 | * None. |
| 661 | */ |
| 662 | void |
| 663 | mach_msg_receive_results_complete(ipc_object_t object) |
| 664 | { |
| 665 | thread_t self = current_thread(); |
| 666 | ipc_port_t port = IPC_PORT_NULL; |
| 667 | boolean_t get_turnstile = self->turnstile ? FALSE : TRUE; |
| 668 | |
| 669 | if (io_otype(object) == IOT_PORT) { |
| 670 | __IGNORE_WCASTALIGN(port = (ipc_port_t) object); |
| 671 | } else { |
| 672 | assert(self->turnstile != TURNSTILE_NULL); |
| 673 | return; |
| 674 | } |
| 675 | |
| 676 | uint8_t flags = IPC_PORT_ADJUST_SR_ALLOW_SYNC_LINKAGE; |
| 677 | |
| 678 | /* |
| 679 | * Don't clear the ip_srp_msg_sent bit if... |
| 680 | */ |
| 681 | if (!((self->ith_state == MACH_RCV_TOO_LARGE && self->ith_option & MACH_RCV_LARGE) || //msg was too large and the next receive will get it |
| 682 | self->ith_state == MACH_RCV_INTERRUPTED || |
| 683 | self->ith_state == MACH_RCV_TIMED_OUT || |
| 684 | self->ith_state == MACH_RCV_PORT_CHANGED || |
| 685 | self->ith_state == MACH_PEEK_READY)) { |
| 686 | |
| 687 | flags |= IPC_PORT_ADJUST_SR_RECEIVED_MSG; |
| 688 | } |
| 689 | |
| 690 | ipc_port_adjust_special_reply_port(port, |
| 691 | flags, get_turnstile); |
| 692 | /* thread now has a turnstile */ |
| 693 | } |
| 694 | |
| 695 | /* |
| 696 | * Routine: mach_msg_trap [mach trap] |
| 697 | * Purpose: |
| 698 | * Possibly send a message; possibly receive a message. |
| 699 | * Conditions: |
| 700 | * Nothing locked. |
| 701 | * Returns: |
| 702 | * All of mach_msg_send and mach_msg_receive error codes. |
| 703 | */ |
| 704 | |
| 705 | mach_msg_return_t |
| 706 | mach_msg_trap( |
| 707 | struct mach_msg_overwrite_trap_args *args) |
| 708 | { |
| 709 | kern_return_t kr; |
| 710 | args->rcv_msg = (mach_vm_address_t)0; |
| 711 | |
| 712 | kr = mach_msg_overwrite_trap(args); |
| 713 | return kr; |
| 714 | } |
| 715 | |
| 716 | |
| 717 | /* |
| 718 | * Routine: msg_receive_error [internal] |
| 719 | * Purpose: |
| 720 | * Builds a minimal header/trailer and copies it to |
| 721 | * the user message buffer. Invoked when in the case of a |
| 722 | * MACH_RCV_TOO_LARGE or MACH_RCV_BODY_ERROR error. |
| 723 | * Conditions: |
| 724 | * Nothing locked. |
| 725 | * size - maximum buffer size on input, |
| 726 | * actual copied-out size on output |
| 727 | * Returns: |
| 728 | * MACH_MSG_SUCCESS minimal header/trailer copied |
| 729 | * MACH_RCV_INVALID_DATA copyout to user buffer failed |
| 730 | */ |
| 731 | |
| 732 | mach_msg_return_t |
| 733 | msg_receive_error( |
| 734 | ipc_kmsg_t kmsg, |
| 735 | mach_msg_option_t option, |
| 736 | mach_vm_address_t rcv_addr, |
| 737 | mach_msg_size_t rcv_size, |
| 738 | mach_port_seqno_t seqno, |
| 739 | ipc_space_t space, |
| 740 | mach_msg_size_t *sizep) |
| 741 | { |
| 742 | mach_vm_address_t context; |
| 743 | mach_msg_trailer_size_t trailer_size; |
| 744 | mach_msg_max_trailer_t *trailer; |
| 745 | |
| 746 | context = kmsg->ikm_header->msgh_remote_port->ip_context; |
| 747 | |
| 748 | /* |
| 749 | * Copy out the destination port in the message. |
| 750 | * Destroy all other rights and memory in the message. |
| 751 | */ |
| 752 | ipc_kmsg_copyout_dest(kmsg, space); |
| 753 | |
| 754 | /* |
| 755 | * Build a minimal message with the requested trailer. |
| 756 | */ |
| 757 | trailer = (mach_msg_max_trailer_t *) |
| 758 | ((vm_offset_t)kmsg->ikm_header + |
| 759 | round_msg(sizeof(mach_msg_header_t))); |
| 760 | kmsg->ikm_header->msgh_size = sizeof(mach_msg_header_t); |
| 761 | bcopy( (char *)&trailer_template, |
| 762 | (char *)trailer, |
| 763 | sizeof(trailer_template)); |
| 764 | |
| 765 | trailer_size = ipc_kmsg_add_trailer(kmsg, space, |
| 766 | option, current_thread(), seqno, |
| 767 | TRUE, context); |
| 768 | |
| 769 | /* |
| 770 | * Copy the message to user space and return the size |
| 771 | * (note that ipc_kmsg_put may also adjust the actual |
| 772 | * size copied out to user-space). |
| 773 | */ |
| 774 | if (ipc_kmsg_put(kmsg, option, rcv_addr, rcv_size, trailer_size, sizep) == MACH_RCV_INVALID_DATA) |
| 775 | return(MACH_RCV_INVALID_DATA); |
| 776 | else |
| 777 | return(MACH_MSG_SUCCESS); |
| 778 | } |
| 779 |
Generated on 2019-Apr-09 from project codebrowser revision 4903.221.2
Powered by 
Code Browser 2.1
Generator usage only permitted with license.