1 /*
2 * Copyright (c) 2000-2016 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @OSF_COPYRIGHT@
30 */
31 /*
32 * Mach Operating System
33 * Copyright (c) 1991,1990,1989 Carnegie Mellon University
34 * All Rights Reserved.
35 *
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
41 *
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
45 *
46 * Carnegie Mellon requests users of this software to return to
47 *
48 * Software Distribution Coordinator or [email protected]
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
52 *
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
55 */
56 /*
57 * NOTICE: This file was modified by McAfee Research in 2004 to introduce
58 * support for mandatory and extensible security protections. This notice
59 * is included in support of clause 2.2 (b) of the Apple Public License,
60 * Version 2.0.
61 */
62 /*
63 */
64 /*
65 * File: ipc/ipc_space.h
66 * Author: Rich Draves
67 * Date: 1989
68 *
69 * Definitions for IPC spaces of capabilities.
70 */
71
72 #ifndef _IPC_IPC_SPACE_H_
73 #define _IPC_IPC_SPACE_H_
74
75
76 #include <prng/random.h>
77 #include <mach/mach_types.h>
78 #include <mach/boolean.h>
79 #include <mach/kern_return.h>
80 #include <mach/vm_types.h>
81
82 #include <sys/appleapiopts.h>
83
84 #ifdef __APPLE_API_PRIVATE
85 #ifdef MACH_KERNEL_PRIVATE
86 #include <kern/macro_help.h>
87 #include <kern/kern_types.h>
88 #include <kern/smr.h>
89 #include <kern/locks.h>
90 #include <kern/task.h>
91 #include <kern/zalloc.h>
92 #include <ipc/ipc_entry.h>
93 #include <ipc/ipc_types.h>
94
95 #include <os/refcnt.h>
96
97 /*
98 * Every task has a space of IPC capabilities.
99 * IPC operations like send and receive use this space.
100 * IPC kernel calls manipulate the space of the target task.
101 *
102 * Every space has a non-NULL is_table with is_table[0].ie_size entries.
103 *
104 * Only one thread can be growing the space at a time. Others
105 * that need it grown wait for the first. We do almost all the
106 * work with the space unlocked, so lookups proceed pretty much
107 * unaffected while the grow operation is underway.
108 */
109
110 typedef natural_t ipc_space_refs_t;
111 #define IS_ENTROPY_CNT 1 /* per-space entropy pool size */
112
113 #define IS_FLAGS_BITS 6
114 #if CONFIG_PROC_RESOURCE_LIMITS
115 #define IS_ABOVE_SOFT_LIMIT_NOTIFY 0x01 /* space has hit the soft limit */
116 #define IS_ABOVE_HARD_LIMIT_NOTIFY 0x02 /* space has hit the hard limit */
117 #define IS_SOFT_LIMIT_NOTIFIED 0x04 /* Sent soft limit notification */
118 #define IS_HARD_LIMIT_NOTIFIED 0x08 /* Sent hard limit notification */
119 #endif /* CONFIG_PROC_RESOURCE_LIMITS */
120 #define IS_AT_MAX_LIMIT_NOTIFY 0x10 /* space has hit the max limit */
121 #define IS_AT_MAX_LIMIT_NOTIFIED 0x20 /* sent max limit notification */
122
123 struct ipc_space {
124 lck_ticket_t is_lock;
125 os_ref_atomic_t is_bits; /* holds refs, active, growing */
126 ipc_entry_num_t is_table_hashed;/* count of hashed elements */
127 ipc_entry_num_t is_table_free; /* count of free elements */
128 SMR_POINTER(ipc_entry_table_t XNU_PTRAUTH_SIGNED_PTR("ipc_space.is_table")) is_table; /* an array of entries */
129 task_t XNU_PTRAUTH_SIGNED_PTR("ipc_space.is_task") is_task; /* associated task */
130 thread_t is_grower; /* thread growing the space */
131 ipc_label_t is_label; /* [private] mandatory access label */
132 ipc_entry_num_t is_low_mod; /* lowest modified entry during growth */
133 ipc_entry_num_t is_high_mod; /* highest modified entry during growth */
134 struct bool_gen bool_gen; /* state for boolean RNG */
135 unsigned int is_entropy[IS_ENTROPY_CNT]; /* pool of entropy taken from RNG */
136 int is_node_id; /* HOST_LOCAL_NODE, or remote node if proxy space */
137 #if CONFIG_PROC_RESOURCE_LIMITS
138 ipc_entry_num_t is_table_size_soft_limit; /* resource_notify is sent when the table size hits this limit */
139 ipc_entry_num_t is_table_size_hard_limit; /* same as soft limit except the task is killed soon after data collection */
140 #endif /* CONFIG_PROC_RESOURCE_LIMITS */
141 };
142
143 #define IS_NULL ((ipc_space_t) 0)
144 #define IS_INSPECT_NULL ((ipc_space_inspect_t) 0)
145
146 static inline bool
is_bits_set(ipc_space_t is,uint32_t bit)147 is_bits_set(ipc_space_t is, uint32_t bit)
148 {
149 return (os_atomic_or_orig(&is->is_bits, bit, relaxed) & bit) == 0;
150 }
151
152 static inline bool
is_bits_clear(ipc_space_t is,uint32_t bit)153 is_bits_clear(ipc_space_t is, uint32_t bit)
154 {
155 return (os_atomic_andnot_orig(&is->is_bits, bit, relaxed) & bit) != 0;
156 }
157
158 static inline bool
is_bits_test(ipc_space_t is,uint32_t bit)159 is_bits_test(ipc_space_t is, uint32_t bit)
160 {
161 return os_ref_get_raw_mask(&is->is_bits) & bit;
162 }
163
164 #define is_active(is) (smr_unsafe_load(&(is)->is_table) != 0UL)
165 #define is_growing(is) ((is)->is_grower != THREAD_NULL)
166
167 static inline ipc_entry_table_t
is_active_table(ipc_space_t space)168 is_active_table(ipc_space_t space)
169 {
170 ipc_entry_table_t table;
171
172 table = smr_serialized_load(&space->is_table);
173 assert(table != NULL);
174 return table;
175 }
176
177 #if CONFIG_PROC_RESOURCE_LIMITS
178 #define is_above_soft_limit_notify(is) is_bits_test(is, IS_ABOVE_SOFT_LIMIT_NOTIFY)
179 #define is_above_hard_limit_notify(is) is_bits_test(is, IS_ABOVE_HARD_LIMIT_NOTIFY)
180
181 static inline void
is_above_soft_limit_send_notification(ipc_space_t is)182 is_above_soft_limit_send_notification(ipc_space_t is)
183 {
184 is_bits_set(is, IS_ABOVE_SOFT_LIMIT_NOTIFY);
185 }
186
187 static inline void
is_above_hard_limit_send_notification(ipc_space_t is)188 is_above_hard_limit_send_notification(ipc_space_t is)
189 {
190 is_bits_set(is, IS_ABOVE_HARD_LIMIT_NOTIFY);
191 }
192
193 #define is_soft_limit_already_notified(is) is_bits_test(is, IS_SOFT_LIMIT_NOTIFIED)
194 #define is_hard_limit_already_notified(is) is_bits_test(is, IS_HARD_LIMIT_NOTIFIED)
195
196 static inline void
is_soft_limit_notified(ipc_space_t is)197 is_soft_limit_notified(ipc_space_t is)
198 {
199 is_bits_set(is, IS_SOFT_LIMIT_NOTIFIED);
200 }
201
202 static inline void
is_hard_limit_notified(ipc_space_t is)203 is_hard_limit_notified(ipc_space_t is)
204 {
205 is_bits_set(is, IS_HARD_LIMIT_NOTIFIED);
206 }
207
208 #endif /* CONFIG_PROC_RESOURCE_LIMITS */
209
210 #define is_at_max_limit_notify(is) is_bits_test(is, IS_AT_MAX_LIMIT_NOTIFY)
211 #define is_at_max_limit_already_notified(is) is_bits_test(is, IS_AT_MAX_LIMIT_NOTIFIED)
212
213 static inline void
is_at_max_limit_send_notification(ipc_space_t is)214 is_at_max_limit_send_notification(ipc_space_t is)
215 {
216 is_bits_set(is, IS_AT_MAX_LIMIT_NOTIFY);
217 }
218
219 static inline void
is_at_max_limit_notified(ipc_space_t is)220 is_at_max_limit_notified(ipc_space_t is)
221 {
222 is_bits_set(is, IS_AT_MAX_LIMIT_NOTIFIED);
223 }
224
225 extern ipc_space_t ipc_space_kernel;
226 extern ipc_space_t ipc_space_reply;
227 extern lck_grp_t ipc_lck_grp;
228 extern lck_attr_t ipc_lck_attr;
229
230 #define is_read_lock(is) ipc_space_lock(is)
231 #define is_read_unlock(is) ipc_space_unlock(is)
232
233 #define is_write_lock(is) ipc_space_lock(is)
234 #define is_write_unlock(is) ipc_space_unlock(is)
235 #define is_write_sleep(is) ipc_space_lock_sleep(is)
236
237 #define is_reference(is) ipc_space_reference(is)
238 #define is_release(is) ipc_space_release(is)
239
240 #define current_space() (current_task()->itk_space)
241
242 extern void ipc_space_lock(
243 ipc_space_t space);
244
245 extern void ipc_space_unlock(
246 ipc_space_t space);
247
248 extern void ipc_space_lock_sleep(
249 ipc_space_t space);
250
251 extern void ipc_space_retire_table(
252 ipc_entry_table_t table);
253
254 /* Create a special IPC space */
255 extern kern_return_t ipc_space_create_special(
256 ipc_space_t *spacep);
257
258 /* Create a new IPC space */
259 extern kern_return_t ipc_space_create(
260 ipc_label_t label,
261 ipc_space_t *spacep);
262
263 /* Change the label on an existing space */
264 extern kern_return_t ipc_space_label(
265 ipc_space_t space,
266 ipc_label_t label);
267
268 /* Add a label to an existing space */
269 extern kern_return_t ipc_space_add_label(
270 ipc_space_t space,
271 ipc_label_t label);
272
273 /* Mark a space as dead and cleans up the entries*/
274 extern void ipc_space_terminate(
275 ipc_space_t space);
276
277 /* Permute the order of a range within an IPC space */
278 extern void ipc_space_rand_freelist(
279 ipc_space_t space,
280 ipc_entry_t table,
281 mach_port_index_t bottom,
282 mach_port_index_t top);
283
284 /* Generate a new gencount rollover point from a space's entropy pool */
285 extern ipc_entry_bits_t ipc_space_get_rollpoint(ipc_space_t space);
286
287 #if CONFIG_PROC_RESOURCE_LIMITS
288 /* Set limits on a space's size */
289 extern kern_return_t ipc_space_set_table_size_limits(
290 ipc_space_t space,
291 ipc_entry_num_t soft_limit,
292 ipc_entry_num_t hard_limit);
293
294 extern void ipc_space_check_limit_exceeded(
295 ipc_space_t space);
296 #endif /* CONFIG_PROC_RESOURCE_LIMITS */
297
298 extern kern_return_t ipc_space_get_table_size_and_limits(
299 ipc_space_t space,
300 ipc_entry_num_t *current_limit,
301 ipc_entry_num_t *soft_limit,
302 ipc_entry_num_t *hard_limit);
303
304 extern void ipc_space_set_at_max_limit(
305 ipc_space_t space);
306
307 #endif /* MACH_KERNEL_PRIVATE */
308 #endif /* __APPLE_API_PRIVATE */
309
310 #ifdef __APPLE_API_UNSTABLE
311 #ifndef MACH_KERNEL_PRIVATE
312
313 extern ipc_space_t current_space(void);
314
315 #endif /* !MACH_KERNEL_PRIVATE */
316 #endif /* __APPLE_API_UNSTABLE */
317
318 /* Take a reference on a space */
319 extern void ipc_space_reference(
320 ipc_space_t space);
321
322 /* Realase a reference on a space */
323 extern void ipc_space_release(
324 ipc_space_t space);
325
326 #endif /* _IPC_IPC_SPACE_H_ */
327