1 /*
2 * Copyright (c) 1998-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #include <IOKit/IORPC.h>
30 #include <IOKit/IOKitServer.h>
31 #include <IOKit/IOKitKeysPrivate.h>
32 #include <IOKit/IOKernelReportStructs.h>
33 #include <IOKit/IOUserClient.h>
34 #include <IOKit/IOService.h>
35 #include <IOKit/IORegistryEntry.h>
36 #include <IOKit/IOCatalogue.h>
37 #include <IOKit/IOMemoryDescriptor.h>
38 #include <IOKit/IOBufferMemoryDescriptor.h>
39 #include <IOKit/IOSubMemoryDescriptor.h>
40 #include <IOKit/IOMultiMemoryDescriptor.h>
41 #include <IOKit/IOMapper.h>
42 #include <IOKit/IOLib.h>
43 #include <IOKit/IOHibernatePrivate.h>
44 #include <IOKit/IOBSD.h>
45 #include <IOKit/system.h>
46 #include <IOKit/IOUserServer.h>
47 #include <IOKit/IOInterruptEventSource.h>
48 #include <IOKit/IOTimerEventSource.h>
49 #include <IOKit/pwr_mgt/RootDomain.h>
50 #include <libkern/c++/OSAllocation.h>
51 #include <libkern/c++/OSKext.h>
52 #include <libkern/c++/OSSharedPtr.h>
53 #include <libkern/OSDebug.h>
54 #include <libkern/Block.h>
55 #include <sys/proc.h>
56 #include <sys/reboot.h>
57 #include "IOKitKernelInternal.h"
58
59 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
60
61 #include <DriverKit/IODispatchQueue.h>
62 #include <DriverKit/OSObject.h>
63 #include <DriverKit/OSAction.h>
64 #include <DriverKit/IODispatchSource.h>
65 #include <DriverKit/IOInterruptDispatchSource.h>
66 #include <DriverKit/IOService.h>
67 #include <DriverKit/IOMemoryDescriptor.h>
68 #include <DriverKit/IOBufferMemoryDescriptor.h>
69 #include <DriverKit/IOMemoryMap.h>
70 #include <DriverKit/IODataQueueDispatchSource.h>
71 #include <DriverKit/IOServiceNotificationDispatchSource.h>
72 #include <DriverKit/IOServiceStateNotificationDispatchSource.h>
73 #include <DriverKit/IOEventLink.h>
74 #include <DriverKit/IOWorkGroup.h>
75 #include <DriverKit/IOUserServer.h>
76
77 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
78
79 #include <System/IODataQueueDispatchSourceShared.h>
80
81 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
82
83 TUNABLE(SInt64, gIODKDebug, "dk", kIODKEnable);
84
85 static OSString * gIOSystemStateSleepDescriptionKey;
86 static const OSSymbol * gIOSystemStateSleepDescriptionReasonKey;
87 static const OSSymbol * gIOSystemStateSleepDescriptionHibernateStateKey;
88
89 static OSString * gIOSystemStateHaltDescriptionKey;
90 static const OSSymbol * gIOSystemStateHaltDescriptionHaltStateKey;
91
92 static OSString * gIOSystemStatePowerSourceDescriptionKey;
93 static const OSSymbol * gIOSystemStatePowerSourceDescriptionACAttachedKey;
94
95 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
96
97 struct IOPStrings;
98
99 class OSUserMetaClass : public OSObject
100 {
101 OSDeclareDefaultStructors(OSUserMetaClass);
102 public:
103 const OSSymbol * name;
104 const OSMetaClass * meta;
105 OSUserMetaClass * superMeta;
106
107 queue_chain_t link;
108
109 OSClassDescription * description;
110 IOPStrings * queueNames;
111 uint32_t methodCount;
112 uint64_t * methods;
113
114 virtual void free() override;
115 virtual kern_return_t Dispatch(const IORPC rpc) APPLE_KEXT_OVERRIDE;
116 };
117 OSDefineMetaClassAndStructors(OSUserMetaClass, OSObject);
118
119 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
120
121 class IOUserService : public IOService
122 {
123 friend class IOService;
124
125 OSDeclareDefaultStructors(IOUserService)
126
127 virtual bool
128 start(IOService * provider) APPLE_KEXT_OVERRIDE;
129 };
130
131 OSDefineMetaClassAndStructors(IOUserService, IOService)
132
133 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
134
135 class IOUserUserClient : public IOUserClient
136 {
137 OSDeclareDefaultStructors(IOUserUserClient);
138 public:
139 task_t fTask;
140 OSDictionary * fWorkGroups;
141 OSDictionary * fEventLinks;
142 IOLock * fLock;
143
144 IOReturn setTask(task_t task);
145 IOReturn eventlinkConfigurationTrap(void * p1, void * p2, void * p3, void * p4, void * p5, void * p6);
146 IOReturn workgroupConfigurationTrap(void * p1, void * p2, void * p3, void * p4, void * p5, void * p6);
147
148 virtual bool init( OSDictionary * dictionary ) APPLE_KEXT_OVERRIDE;
149 virtual void free() APPLE_KEXT_OVERRIDE;
150 virtual void stop(IOService * provider) APPLE_KEXT_OVERRIDE;
151 virtual IOReturn clientClose(void) APPLE_KEXT_OVERRIDE;
152 virtual IOReturn setProperties(OSObject * properties) APPLE_KEXT_OVERRIDE;
153 virtual IOReturn externalMethod(uint32_t selector, IOExternalMethodArguments * args,
154 IOExternalMethodDispatch * dispatch, OSObject * target, void * reference) APPLE_KEXT_OVERRIDE;
155 virtual IOReturn clientMemoryForType(UInt32 type,
156 IOOptionBits * options,
157 IOMemoryDescriptor ** memory) APPLE_KEXT_OVERRIDE;
158 virtual IOExternalTrap * getTargetAndTrapForIndex( IOService **targetP, UInt32 index ) APPLE_KEXT_OVERRIDE;
159 };
160
161 OSDefineMetaClassAndStructors(IOUserServerCheckInToken, OSObject);
162 OSDefineMetaClassAndStructors(_IOUserServerCheckInCancellationHandler, OSObject);
163
164 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
165
166
167 bool
start(IOService * provider)168 IOUserService::start(IOService * provider)
169 {
170 bool ok = true;
171 IOReturn ret;
172
173 ret = Start(provider);
174 if (kIOReturnSuccess != ret) {
175 return false;
176 }
177
178 return ok;
179 }
180
181 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
182
183 #undef super
184
185 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
186
187 struct IODispatchQueue_IVars {
188 IOUserServer * userServer;
189 IODispatchQueue * queue;
190 queue_chain_t link;
191 uint64_t tid;
192
193 mach_port_t serverPort;
194 };
195
196 struct OSAction_IVars {
197 OSObject * target;
198 uint64_t targetmsgid;
199 uint64_t msgid;
200 IOUserServer * userServer;
201 OSActionAbortedHandler abortedHandler;
202 OSString * typeName;
203 void * reference;
204 size_t referenceSize;
205 };
206
207 struct IOWorkGroup_IVars {
208 IOUserServer * userServer;
209 OSString * name;
210 IOUserUserClient * userClient;
211 };
212
213 struct IOEventLink_IVars {
214 IOUserServer * userServer;
215 OSString * name;
216 IOUserUserClient * userClient;
217 };
218
219 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
220
221 kern_return_t
GetRegistryEntryID_Impl(uint64_t * registryEntryID)222 IOService::GetRegistryEntryID_Impl(
223 uint64_t * registryEntryID)
224 {
225 IOReturn ret = kIOReturnSuccess;
226
227 *registryEntryID = getRegistryEntryID();
228
229 return ret;
230 }
231
232 kern_return_t
SetName_Impl(const char * name)233 IOService::SetName_Impl(
234 const char * name)
235 {
236 IOReturn ret = kIOReturnSuccess;
237
238 setName(name);
239
240 return ret;
241 }
242
243 kern_return_t
CopyName_Impl(OSString ** name)244 IOService::CopyName_Impl(
245 OSString ** name)
246 {
247 const OSString * str = copyName();
248 *name = __DECONST(OSString *, str);
249 return str ? kIOReturnSuccess : kIOReturnError;
250 }
251
252
253 kern_return_t
Start_Impl(IOService * provider)254 IOService::Start_Impl(
255 IOService * provider)
256 {
257 IOReturn ret = kIOReturnSuccess;
258 return ret;
259 }
260
261
262 IOReturn
UpdateReport_Impl(OSData * channels,uint32_t action,uint32_t * outElementCount,uint64_t offset,uint64_t capacity,IOMemoryDescriptor * buffer)263 IOService::UpdateReport_Impl(OSData *channels, uint32_t action,
264 uint32_t *outElementCount,
265 uint64_t offset, uint64_t capacity,
266 IOMemoryDescriptor *buffer)
267 {
268 return kIOReturnUnsupported;
269 }
270
271 IOReturn
ConfigureReport_Impl(OSData * channels,uint32_t action,uint32_t * outCount)272 IOService::ConfigureReport_Impl(OSData *channels, uint32_t action, uint32_t *outCount)
273 {
274 return kIOReturnUnsupported;
275 }
276
277 // adapt old signature of configureReport to the iig-friendly signature of ConfigureReport
278 IOReturn
_ConfigureReport(IOReportChannelList * channelList,IOReportConfigureAction action,void * result,void * destination)279 IOService::_ConfigureReport(IOReportChannelList *channelList,
280 IOReportConfigureAction action,
281 void *result,
282 void *destination)
283 {
284 if (action != kIOReportEnable && action != kIOReportGetDimensions && action != kIOReportDisable) {
285 return kIOReturnUnsupported;
286 }
287 static_assert(sizeof(IOReportChannelList) == 8);
288 static_assert(sizeof(IOReportChannel) == 16);
289 unsigned int size_of_channels;
290 bool overflow = os_mul_and_add_overflow(channelList->nchannels, sizeof(IOReportChannel), sizeof(IOReportChannelList), &size_of_channels);
291 if (overflow) {
292 return kIOReturnOverrun;
293 }
294 OSSharedPtr<OSData> sp_channels(OSData::withBytesNoCopy(channelList, size_of_channels), libkern::no_retain);
295 if (!sp_channels) {
296 return kIOReturnNoMemory;
297 }
298 int *resultp = (int*) result;
299 uint32_t count = 0;
300 IOReturn r = ConfigureReport(sp_channels.get(), action, &count);
301 int new_result;
302 overflow = os_add_overflow(*resultp, count, &new_result);
303 if (overflow) {
304 return kIOReturnOverrun;
305 }
306 *resultp = new_result;
307 return r;
308 }
309
310 // adapt old signature of updateReport to the iig-friendly signature of UpdateReport
311 IOReturn
_UpdateReport(IOReportChannelList * channelList,IOReportUpdateAction action,void * result,void * destination)312 IOService::_UpdateReport(IOReportChannelList *channelList,
313 IOReportUpdateAction action,
314 void *result,
315 void *destination)
316 {
317 if (action != kIOReportCopyChannelData) {
318 return kIOReturnUnsupported;
319 }
320 unsigned int size_of_channels;
321 bool overflow = os_mul_and_add_overflow(channelList->nchannels, sizeof(IOReportChannel), sizeof(IOReportChannelList), &size_of_channels);
322 if (overflow) {
323 return kIOReturnOverrun;
324 }
325 OSSharedPtr<OSData> sp_channels(OSData::withBytesNoCopy(channelList, size_of_channels), libkern::no_retain);
326 if (!sp_channels) {
327 return kIOReturnNoMemory;
328 }
329 int *resultp = (int*) result;
330 uint32_t count = 0;
331 auto buffer = (IOBufferMemoryDescriptor*) destination;
332 uint64_t length = buffer->getLength();
333 buffer->setLength(buffer->getCapacity());
334 IOReturn r = UpdateReport(sp_channels.get(), action, &count, length, buffer->getCapacity() - length, buffer);
335 int new_result;
336 overflow = os_add_overflow(*resultp, count, &new_result);
337 size_t new_length;
338 overflow = overflow || os_mul_and_add_overflow(count, sizeof(IOReportElement), length, &new_length);
339 if (overflow || new_length > buffer->getCapacity()) {
340 buffer->setLength(length);
341 return kIOReturnOverrun;
342 }
343 *resultp = new_result;
344 buffer->setLength(new_length);
345 return r;
346 }
347
348
349 IOReturn
SetLegend_Impl(OSArray * legend,bool is_public)350 IOService::SetLegend_Impl(OSArray *legend, bool is_public)
351 {
352 bool ok = setProperty(kIOReportLegendKey, legend);
353 ok = ok && setProperty(kIOReportLegendPublicKey, is_public);
354 return ok ? kIOReturnSuccess : kIOReturnError;
355 }
356
357
358 kern_return_t
RegisterService_Impl()359 IOService::RegisterService_Impl()
360 {
361 IOReturn ret = kIOReturnSuccess;
362
363 registerService(kIOServiceAsynchronous);
364
365 return ret;
366 }
367
368 kern_return_t
CopyDispatchQueue_Impl(const char * name,IODispatchQueue ** queue)369 IOService::CopyDispatchQueue_Impl(
370 const char * name,
371 IODispatchQueue ** queue)
372 {
373 IODispatchQueue * result;
374 IOService * service;
375 IOReturn ret;
376 uint32_t index;
377
378 if (!reserved->uvars) {
379 return kIOReturnError;
380 }
381
382 ret = kIOReturnNotFound;
383 index = -1U;
384 if (!strcmp("Default", name)) {
385 index = 0;
386 } else if (reserved->uvars->userMeta
387 && reserved->uvars->userMeta->queueNames) {
388 index = reserved->uvars->userServer->stringArrayIndex(reserved->uvars->userMeta->queueNames, name);
389 if (index != -1U) {
390 index++;
391 }
392 }
393 if (index == -1U) {
394 if ((service = getProvider())) {
395 ret = service->CopyDispatchQueue(name, queue);
396 }
397 } else {
398 result = reserved->uvars->queueArray[index];
399 if (result) {
400 result->retain();
401 *queue = result;
402 ret = kIOReturnSuccess;
403 }
404 }
405
406 return ret;
407 }
408
409 kern_return_t
CreateDefaultDispatchQueue_Impl(IODispatchQueue ** queue)410 IOService::CreateDefaultDispatchQueue_Impl(
411 IODispatchQueue ** queue)
412 {
413 return kIOReturnError;
414 }
415
416 kern_return_t
CoreAnalyticsSendEvent_Impl(uint64_t options,OSString * eventName,OSDictionary * eventPayload)417 IOService::CoreAnalyticsSendEvent_Impl(
418 uint64_t options,
419 OSString * eventName,
420 OSDictionary * eventPayload)
421 {
422 kern_return_t ret;
423
424 if (NULL == gIOCoreAnalyticsSendEventProc) {
425 // perhaps save for later?
426 return kIOReturnNotReady;
427 }
428
429 ret = (*gIOCoreAnalyticsSendEventProc)(options, eventName, eventPayload);
430
431 return ret;
432 }
433
434 kern_return_t
SetDispatchQueue_Impl(const char * name,IODispatchQueue * queue)435 IOService::SetDispatchQueue_Impl(
436 const char * name,
437 IODispatchQueue * queue)
438 {
439 IOReturn ret = kIOReturnSuccess;
440 uint32_t index;
441
442 if (!reserved->uvars) {
443 return kIOReturnError;
444 }
445
446 if (kIODKLogSetup & gIODKDebug) {
447 DKLOG(DKS "::SetDispatchQueue(%s)\n", DKN(this), name);
448 }
449 queue->ivars->userServer = reserved->uvars->userServer;
450 index = -1U;
451 if (!strcmp("Default", name)) {
452 index = 0;
453 } else if (reserved->uvars->userMeta
454 && reserved->uvars->userMeta->queueNames) {
455 index = reserved->uvars->userServer->stringArrayIndex(reserved->uvars->userMeta->queueNames, name);
456 if (index != -1U) {
457 index++;
458 }
459 }
460 if (index == -1U) {
461 ret = kIOReturnBadArgument;
462 } else {
463 reserved->uvars->queueArray[index] = queue;
464 queue->retain();
465 }
466
467 return ret;
468 }
469
470 IOService *
GetProvider() const471 IOService::GetProvider() const
472 {
473 return getProvider();
474 }
475
476 kern_return_t
SetProperties_Impl(OSDictionary * properties)477 IOService::SetProperties_Impl(
478 OSDictionary * properties)
479 {
480 IOUserServer * us;
481 OSDictionary * dict;
482 IOReturn ret;
483
484 us = (typeof(us))thread_iokit_tls_get(0);
485 dict = OSDynamicCast(OSDictionary, properties);
486 if (NULL == us) {
487 if (!dict) {
488 return kIOReturnBadArgument;
489 }
490 bool ok __block = true;
491 dict->iterateObjects(^bool (const OSSymbol * key, OSObject * value) {
492 ok = setProperty(key, value);
493 return !ok;
494 });
495 ret = ok ? kIOReturnSuccess : kIOReturnNotWritable;
496 return ret;
497 }
498
499 ret = setProperties(properties);
500
501 if (kIOReturnUnsupported == ret) {
502 if (dict && reserved->uvars && (reserved->uvars->userServer == us)) {
503 ret = runPropertyActionBlock(^IOReturn (void) {
504 OSDictionary * userProps;
505 IOReturn ret;
506
507 userProps = OSDynamicCast(OSDictionary, getProperty(gIOUserServicePropertiesKey));
508 if (userProps) {
509 userProps = (typeof(userProps))userProps->copyCollection();
510 } else {
511 userProps = OSDictionary::withCapacity(4);
512 }
513 if (!userProps) {
514 ret = kIOReturnNoMemory;
515 } else {
516 bool ok = userProps->merge(dict);
517 if (ok) {
518 ok = setProperty(gIOUserServicePropertiesKey, userProps);
519 }
520 OSSafeReleaseNULL(userProps);
521 ret = ok ? kIOReturnSuccess : kIOReturnNotWritable;
522 }
523 return ret;
524 });
525 }
526 }
527
528 return ret;
529 }
530
531 kern_return_t
RemoveProperty_Impl(OSString * propertyName)532 IOService::RemoveProperty_Impl(OSString * propertyName)
533 {
534 IOUserServer * us = (IOUserServer *)thread_iokit_tls_get(0);
535 IOReturn ret = kIOReturnUnsupported;
536
537 if (NULL == propertyName) {
538 return kIOReturnUnsupported;
539 }
540 if (NULL == us) {
541 removeProperty(propertyName);
542 return kIOReturnSuccess;
543 }
544 if (reserved && reserved->uvars && reserved->uvars->userServer == us) {
545 ret = runPropertyActionBlock(^IOReturn (void) {
546 OSDictionary * userProps;
547 userProps = OSDynamicCast(OSDictionary, getProperty(gIOUserServicePropertiesKey));
548 if (userProps) {
549 userProps = (OSDictionary *)userProps->copyCollection();
550 if (!userProps) {
551 return kIOReturnNoMemory;
552 }
553 userProps->removeObject(propertyName);
554 bool ok = setProperty(gIOUserServicePropertiesKey, userProps);
555 OSSafeReleaseNULL(userProps);
556 return ok ? kIOReturnSuccess : kIOReturnNotWritable;
557 } else {
558 return kIOReturnNotFound;
559 }
560 });
561 }
562 return ret;
563 }
564
565 kern_return_t
CopyProperties_Impl(OSDictionary ** properties)566 IOService::CopyProperties_Impl(
567 OSDictionary ** properties)
568 {
569 OSDictionary * props;
570 OSDictionary * userProps;
571
572 props = dictionaryWithProperties();
573 userProps = OSDynamicCast(OSDictionary, props->getObject(gIOUserServicePropertiesKey));
574 if (userProps) {
575 props->merge(userProps);
576 props->removeObject(gIOUserServicePropertiesKey);
577 }
578
579 *properties = props;
580
581 return props ? kIOReturnSuccess : kIOReturnNoMemory;
582 }
583
584 kern_return_t
RequireMaxBusStall_Impl(uint64_t u64ns)585 IOService::RequireMaxBusStall_Impl(
586 uint64_t u64ns)
587 {
588 IOReturn ret;
589 UInt32 ns;
590
591 if (os_convert_overflow(u64ns, &ns)) {
592 return kIOReturnBadArgument;
593 }
594 ret = requireMaxBusStall(ns);
595
596 return kIOReturnSuccess;
597 }
598
599 #if PRIVATE_WIFI_ONLY
600 kern_return_t
UserSetProperties_Impl(OSContainer * properties)601 IOService::UserSetProperties_Impl(
602 OSContainer * properties)
603 {
604 return kIOReturnUnsupported;
605 }
606 #endif /* PRIVATE_WIFI_ONLY */
607
608 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
609
610 kern_return_t
_CopyState_Impl(_IOMDPrivateState * state)611 IOMemoryDescriptor::_CopyState_Impl(
612 _IOMDPrivateState * state)
613 {
614 IOReturn ret;
615
616 state->length = _length;
617 state->options = _flags;
618
619 ret = kIOReturnSuccess;
620
621 return ret;
622 }
623
624 kern_return_t
GetLength(uint64_t * returnLength)625 IOMemoryDescriptor::GetLength(uint64_t * returnLength)
626 {
627 *returnLength = getLength();
628
629 return kIOReturnSuccess;
630 }
631
632 kern_return_t
CreateMapping_Impl(uint64_t options,uint64_t address,uint64_t offset,uint64_t length,uint64_t alignment,IOMemoryMap ** map)633 IOMemoryDescriptor::CreateMapping_Impl(
634 uint64_t options,
635 uint64_t address,
636 uint64_t offset,
637 uint64_t length,
638 uint64_t alignment,
639 IOMemoryMap ** map)
640 {
641 IOReturn ret;
642 IOMemoryMap * resultMap;
643 IOOptionBits koptions;
644 mach_vm_address_t atAddress;
645
646 ret = kIOReturnSuccess;
647 koptions = 0;
648 resultMap = NULL;
649
650 if (kIOMemoryMapFixedAddress & options) {
651 atAddress = address;
652 koptions = 0;
653 } else {
654 switch (kIOMemoryMapGuardedMask & options) {
655 default:
656 case kIOMemoryMapGuardedDefault:
657 koptions |= kIOMapGuardedSmall;
658 break;
659 case kIOMemoryMapGuardedNone:
660 break;
661 case kIOMemoryMapGuardedSmall:
662 koptions |= kIOMapGuardedSmall;
663 break;
664 case kIOMemoryMapGuardedLarge:
665 koptions |= kIOMapGuardedLarge;
666 break;
667 }
668 atAddress = 0;
669 koptions |= kIOMapAnywhere;
670 }
671
672 if ((kIOMemoryMapReadOnly & options) || (kIODirectionOut == getDirection())) {
673 if (!reserved || (current_task() != reserved->creator)) {
674 koptions |= kIOMapReadOnly;
675 }
676 }
677
678 switch (0xFF00 & options) {
679 case kIOMemoryMapCacheModeDefault:
680 koptions |= kIOMapDefaultCache;
681 break;
682 case kIOMemoryMapCacheModeInhibit:
683 koptions |= kIOMapInhibitCache;
684 break;
685 case kIOMemoryMapCacheModeCopyback:
686 koptions |= kIOMapCopybackCache;
687 break;
688 case kIOMemoryMapCacheModeWriteThrough:
689 koptions |= kIOMapWriteThruCache;
690 break;
691 default:
692 ret = kIOReturnBadArgument;
693 }
694
695 if (kIOReturnSuccess == ret) {
696 resultMap = createMappingInTask(current_task(), atAddress, koptions, offset, length);
697 if (!resultMap) {
698 ret = kIOReturnError;
699 }
700 }
701
702 *map = resultMap;
703
704 return ret;
705 }
706
707 kern_return_t
CreateSubMemoryDescriptor_Impl(uint64_t memoryDescriptorCreateOptions,uint64_t offset,uint64_t length,IOMemoryDescriptor * ofDescriptor,IOMemoryDescriptor ** memory)708 IOMemoryDescriptor::CreateSubMemoryDescriptor_Impl(
709 uint64_t memoryDescriptorCreateOptions,
710 uint64_t offset,
711 uint64_t length,
712 IOMemoryDescriptor * ofDescriptor,
713 IOMemoryDescriptor ** memory)
714 {
715 IOReturn ret;
716 IOMemoryDescriptor * iomd;
717 IOByteCount mdOffset;
718 IOByteCount mdLength;
719 IOByteCount mdEnd;
720
721 if (!ofDescriptor) {
722 return kIOReturnBadArgument;
723 }
724 if (memoryDescriptorCreateOptions & ~kIOMemoryDirectionOutIn) {
725 return kIOReturnBadArgument;
726 }
727 if (os_convert_overflow(offset, &mdOffset)) {
728 return kIOReturnBadArgument;
729 }
730 if (os_convert_overflow(length, &mdLength)) {
731 return kIOReturnBadArgument;
732 }
733 if (os_add_overflow(mdOffset, mdLength, &mdEnd)) {
734 return kIOReturnBadArgument;
735 }
736 if (mdEnd > ofDescriptor->getLength()) {
737 return kIOReturnBadArgument;
738 }
739
740 iomd = IOSubMemoryDescriptor::withSubRange(
741 ofDescriptor, mdOffset, mdLength, (IOOptionBits) memoryDescriptorCreateOptions);
742
743 if (iomd) {
744 ret = kIOReturnSuccess;
745 *memory = iomd;
746 } else {
747 ret = kIOReturnNoMemory;
748 *memory = NULL;
749 }
750
751 return ret;
752 }
753
754 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
755
756 kern_return_t
CreateWithMemoryDescriptors_Impl(uint64_t memoryDescriptorCreateOptions,uint32_t withDescriptorsCount,IOMemoryDescriptor ** const withDescriptors,IOMemoryDescriptor ** memory)757 IOMemoryDescriptor::CreateWithMemoryDescriptors_Impl(
758 uint64_t memoryDescriptorCreateOptions,
759 uint32_t withDescriptorsCount,
760 IOMemoryDescriptor ** const withDescriptors,
761 IOMemoryDescriptor ** memory)
762 {
763 IOReturn ret;
764 IOMemoryDescriptor * iomd;
765
766 if (!withDescriptors) {
767 return kIOReturnBadArgument;
768 }
769 if (!withDescriptorsCount) {
770 return kIOReturnBadArgument;
771 }
772 if (memoryDescriptorCreateOptions & ~kIOMemoryDirectionOutIn) {
773 return kIOReturnBadArgument;
774 }
775
776 for (unsigned int idx = 0; idx < withDescriptorsCount; idx++) {
777 if (NULL == withDescriptors[idx]) {
778 return kIOReturnBadArgument;
779 }
780 }
781
782 iomd = IOMultiMemoryDescriptor::withDescriptors(withDescriptors, withDescriptorsCount,
783 (IODirection) memoryDescriptorCreateOptions, false);
784
785 if (iomd) {
786 ret = kIOReturnSuccess;
787 *memory = iomd;
788 } else {
789 ret = kIOReturnNoMemory;
790 *memory = NULL;
791 }
792
793 return ret;
794 }
795
796 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
797
798 kern_return_t
CreateMemoryDescriptorFromClient_Impl(uint64_t memoryDescriptorCreateOptions,uint32_t segmentsCount,const IOAddressSegment segments[32],IOMemoryDescriptor ** memory)799 IOUserClient::CreateMemoryDescriptorFromClient_Impl(
800 uint64_t memoryDescriptorCreateOptions,
801 uint32_t segmentsCount,
802 const IOAddressSegment segments[32],
803 IOMemoryDescriptor ** memory)
804 {
805 IOReturn ret;
806 IOMemoryDescriptor * iomd;
807 IOOptionBits mdOptions;
808 IOUserUserClient * me;
809 IOAddressRange * ranges;
810
811 me = OSDynamicCast(IOUserUserClient, this);
812 if (!me) {
813 return kIOReturnBadArgument;
814 }
815 if (!me->fTask) {
816 return kIOReturnNotReady;
817 }
818
819 mdOptions = 0;
820 if (kIOMemoryDirectionOut & memoryDescriptorCreateOptions) {
821 mdOptions |= kIODirectionOut;
822 }
823 if (kIOMemoryDirectionIn & memoryDescriptorCreateOptions) {
824 mdOptions |= kIODirectionIn;
825 }
826 if (!(kIOMemoryDisableCopyOnWrite & memoryDescriptorCreateOptions)) {
827 mdOptions |= kIOMemoryMapCopyOnWrite;
828 }
829
830 static_assert(sizeof(IOAddressRange) == sizeof(IOAddressSegment));
831 ranges = __DECONST(IOAddressRange *, &segments[0]);
832
833 iomd = IOMemoryDescriptor::withAddressRanges(
834 ranges, segmentsCount,
835 mdOptions, me->fTask);
836
837 if (iomd) {
838 ret = kIOReturnSuccess;
839 *memory = iomd;
840 } else {
841 ret = kIOReturnNoMemory;
842 *memory = NULL;
843 }
844
845 return ret;
846 }
847
848 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
849
850 kern_return_t
_CopyState_Impl(_IOMemoryMapPrivateState * state)851 IOMemoryMap::_CopyState_Impl(
852 _IOMemoryMapPrivateState * state)
853 {
854 IOReturn ret;
855
856 state->offset = fOffset;
857 state->length = getLength();
858 state->address = getAddress();
859 state->options = getMapOptions();
860
861 ret = kIOReturnSuccess;
862
863 return ret;
864 }
865
866 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
867
868 kern_return_t
Create_Impl(uint64_t options,uint64_t capacity,uint64_t alignment,IOBufferMemoryDescriptor ** memory)869 IOBufferMemoryDescriptor::Create_Impl(
870 uint64_t options,
871 uint64_t capacity,
872 uint64_t alignment,
873 IOBufferMemoryDescriptor ** memory)
874 {
875 IOReturn ret;
876 IOOptionBits bmdOptions;
877 IOBufferMemoryDescriptor * bmd;
878 IOMemoryDescriptorReserved * reserved;
879
880 if (options & ~((uint64_t) kIOMemoryDirectionOutIn)) {
881 // no other options currently defined
882 return kIOReturnBadArgument;
883 }
884 bmdOptions = (options & kIOMemoryDirectionOutIn) | kIOMemoryKernelUserShared;
885 bmd = IOBufferMemoryDescriptor::inTaskWithOptions(
886 kernel_task, bmdOptions, capacity, alignment);
887
888 *memory = bmd;
889
890 if (!bmd) {
891 return kIOReturnNoMemory;
892 }
893
894 reserved = bmd->getKernelReserved();
895 reserved->creator = current_task();
896 task_reference(reserved->creator);
897
898 ret = kIOReturnSuccess;
899
900 return ret;
901 }
902
903 kern_return_t
SetLength_Impl(uint64_t length)904 IOBufferMemoryDescriptor::SetLength_Impl(
905 uint64_t length)
906 {
907 setLength(length);
908 return kIOReturnSuccess;
909 }
910
911
912 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
913
914 kern_return_t
Create_Impl(IOService * device,uint64_t options,const IODMACommandSpecification * specification,IODMACommand ** command)915 IODMACommand::Create_Impl(
916 IOService * device,
917 uint64_t options,
918 const IODMACommandSpecification * specification,
919 IODMACommand ** command)
920 {
921 IOReturn ret;
922 IODMACommand * dma;
923 IODMACommand::SegmentOptions segmentOptions;
924 IOMapper * mapper;
925
926 if (options & ~((uint64_t) kIODMACommandCreateNoOptions)) {
927 // no other options currently defined
928 return kIOReturnBadArgument;
929 }
930
931 if (os_convert_overflow(specification->maxAddressBits, &segmentOptions.fNumAddressBits)) {
932 return kIOReturnBadArgument;
933 }
934 segmentOptions.fMaxSegmentSize = 0;
935 segmentOptions.fMaxTransferSize = 0;
936 segmentOptions.fAlignment = 1;
937 segmentOptions.fAlignmentLength = 1;
938 segmentOptions.fAlignmentInternalSegments = 1;
939 segmentOptions.fStructSize = sizeof(segmentOptions);
940
941 mapper = IOMapper::copyMapperForDevice(device);
942
943 dma = IODMACommand::withSpecification(
944 kIODMACommandOutputHost64,
945 &segmentOptions,
946 kIODMAMapOptionMapped,
947 mapper,
948 NULL);
949
950 OSSafeReleaseNULL(mapper);
951 *command = dma;
952
953 if (!dma) {
954 return kIOReturnNoMemory;
955 }
956 ret = kIOReturnSuccess;
957
958 return ret;
959 }
960
961 kern_return_t
PrepareForDMA_Impl(uint64_t options,IOMemoryDescriptor * memory,uint64_t offset,uint64_t length,uint64_t * flags,uint32_t * segmentsCount,IOAddressSegment * segments)962 IODMACommand::PrepareForDMA_Impl(
963 uint64_t options,
964 IOMemoryDescriptor * memory,
965 uint64_t offset,
966 uint64_t length,
967 uint64_t * flags,
968 uint32_t * segmentsCount,
969 IOAddressSegment * segments)
970 {
971 IOReturn ret;
972 uint64_t lflags, mdFlags;
973 UInt32 numSegments;
974 UInt64 genOffset;
975
976 if (options & ~((uint64_t) kIODMACommandPrepareForDMANoOptions)) {
977 // no other options currently defined
978 return kIOReturnBadArgument;
979 }
980
981 // uses IOMD direction
982 ret = memory->prepare();
983 if (kIOReturnSuccess != ret) {
984 return ret;
985 }
986
987 ret = setMemoryDescriptor(memory, false);
988 if (kIOReturnSuccess != ret) {
989 memory->complete();
990 return ret;
991 }
992
993 ret = prepare(offset, length);
994 if (kIOReturnSuccess != ret) {
995 clearMemoryDescriptor(false);
996 memory->complete();
997 return ret;
998 }
999
1000 static_assert(sizeof(IODMACommand::Segment64) == sizeof(IOAddressSegment));
1001
1002 numSegments = *segmentsCount;
1003 genOffset = 0;
1004 ret = genIOVMSegments(&genOffset, segments, &numSegments);
1005
1006 if (kIOReturnSuccess == ret) {
1007 mdFlags = fMemory->getFlags();
1008 lflags = 0;
1009 if (kIODirectionOut & mdFlags) {
1010 lflags |= kIOMemoryDirectionOut;
1011 }
1012 if (kIODirectionIn & mdFlags) {
1013 lflags |= kIOMemoryDirectionIn;
1014 }
1015 *flags = lflags;
1016 *segmentsCount = numSegments;
1017 }
1018
1019 return ret;
1020 }
1021
1022 kern_return_t
CompleteDMA_Impl(uint64_t options)1023 IODMACommand::CompleteDMA_Impl(
1024 uint64_t options)
1025 {
1026 IOReturn ret, completeRet;
1027 IOMemoryDescriptor * md;
1028
1029 if (options & ~((uint64_t) kIODMACommandCompleteDMANoOptions)) {
1030 // no other options currently defined
1031 return kIOReturnBadArgument;
1032 }
1033 if (!fActive) {
1034 return kIOReturnNotReady;
1035 }
1036
1037 md = __DECONST(IOMemoryDescriptor *, fMemory);
1038 if (md) {
1039 md->retain();
1040 }
1041
1042 ret = clearMemoryDescriptor(true);
1043
1044 if (md) {
1045 completeRet = md->complete();
1046 OSSafeReleaseNULL(md);
1047 if (kIOReturnSuccess == ret) {
1048 ret = completeRet;
1049 }
1050 }
1051
1052 return ret;
1053 }
1054
1055 kern_return_t
GetPreparation_Impl(uint64_t * offset,uint64_t * length,IOMemoryDescriptor ** memory)1056 IODMACommand::GetPreparation_Impl(
1057 uint64_t * offset,
1058 uint64_t * length,
1059 IOMemoryDescriptor ** memory)
1060 {
1061 IOReturn ret;
1062 IOMemoryDescriptor * md;
1063
1064 if (!fActive) {
1065 return kIOReturnNotReady;
1066 }
1067
1068 ret = getPreparedOffsetAndLength(offset, length);
1069 if (kIOReturnSuccess != ret) {
1070 return ret;
1071 }
1072
1073 if (memory) {
1074 md = __DECONST(IOMemoryDescriptor *, fMemory);
1075 *memory = md;
1076 if (!md) {
1077 ret = kIOReturnNotReady;
1078 } else {
1079 md->retain();
1080 }
1081 }
1082 return ret;
1083 }
1084
1085 kern_return_t
PerformOperation_Impl(uint64_t options,uint64_t dmaOffset,uint64_t length,uint64_t dataOffset,IOMemoryDescriptor * data)1086 IODMACommand::PerformOperation_Impl(
1087 uint64_t options,
1088 uint64_t dmaOffset,
1089 uint64_t length,
1090 uint64_t dataOffset,
1091 IOMemoryDescriptor * data)
1092 {
1093 IOReturn ret;
1094 OSDataAllocation<uint8_t> buffer;
1095 UInt64 copiedDMA;
1096 IOByteCount mdOffset, mdLength, copied;
1097
1098 if (options & ~((uint64_t)
1099 (kIODMACommandPerformOperationOptionRead
1100 | kIODMACommandPerformOperationOptionWrite
1101 | kIODMACommandPerformOperationOptionZero))) {
1102 // no other options currently defined
1103 return kIOReturnBadArgument;
1104 }
1105
1106 if (!fActive) {
1107 return kIOReturnNotReady;
1108 }
1109 if (os_convert_overflow(dataOffset, &mdOffset)) {
1110 return kIOReturnBadArgument;
1111 }
1112 if (os_convert_overflow(length, &mdLength)) {
1113 return kIOReturnBadArgument;
1114 }
1115 if (length > fMemory->getLength()) {
1116 return kIOReturnBadArgument;
1117 }
1118 buffer = OSDataAllocation<uint8_t>(length, OSAllocateMemory);
1119 if (!buffer) {
1120 return kIOReturnNoMemory;
1121 }
1122
1123 switch (options) {
1124 case kIODMACommandPerformOperationOptionZero:
1125 bzero(buffer.data(), length);
1126 copiedDMA = writeBytes(dmaOffset, buffer.data(), length);
1127 if (copiedDMA != length) {
1128 ret = kIOReturnUnderrun;
1129 break;
1130 }
1131 ret = kIOReturnSuccess;
1132 break;
1133
1134 case kIODMACommandPerformOperationOptionRead:
1135 case kIODMACommandPerformOperationOptionWrite:
1136
1137 if (!data) {
1138 ret = kIOReturnBadArgument;
1139 break;
1140 }
1141 if (length > data->getLength()) {
1142 ret = kIOReturnBadArgument;
1143 break;
1144 }
1145 if (kIODMACommandPerformOperationOptionWrite == options) {
1146 copied = data->readBytes(mdOffset, buffer.data(), mdLength);
1147 if (copied != mdLength) {
1148 ret = kIOReturnUnderrun;
1149 break;
1150 }
1151 copiedDMA = writeBytes(dmaOffset, buffer.data(), length);
1152 if (copiedDMA != length) {
1153 ret = kIOReturnUnderrun;
1154 break;
1155 }
1156 } else { /* kIODMACommandPerformOperationOptionRead */
1157 copiedDMA = readBytes(dmaOffset, buffer.data(), length);
1158 if (copiedDMA != length) {
1159 ret = kIOReturnUnderrun;
1160 break;
1161 }
1162 copied = data->writeBytes(mdOffset, buffer.data(), mdLength);
1163 if (copied != mdLength) {
1164 ret = kIOReturnUnderrun;
1165 break;
1166 }
1167 }
1168 ret = kIOReturnSuccess;
1169 break;
1170 default:
1171 ret = kIOReturnBadArgument;
1172 break;
1173 }
1174
1175 return ret;
1176 }
1177
1178
1179 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1180
1181 static kern_return_t
OSActionCreateWithTypeNameInternal(OSObject * target,uint64_t targetmsgid,uint64_t msgid,size_t referenceSize,OSString * typeName,bool fromKernel,OSAction ** action)1182 OSActionCreateWithTypeNameInternal(OSObject * target, uint64_t targetmsgid, uint64_t msgid, size_t referenceSize, OSString * typeName, bool fromKernel, OSAction ** action)
1183 {
1184 OSAction * inst = NULL;
1185 void * reference = NULL; // must release
1186 const OSSymbol *sym = NULL; // must release
1187 OSObject *obj = NULL; // must release
1188 const OSMetaClass *actionMetaClass = NULL; // do not release
1189 kern_return_t ret;
1190
1191 if (fromKernel && typeName) {
1192 /* The action is being constructed in the kernel with a type name */
1193 sym = OSSymbol::withString(typeName);
1194 actionMetaClass = OSMetaClass::getMetaClassWithName(sym);
1195 if (actionMetaClass && actionMetaClass->getSuperClass() == OSTypeID(OSAction)) {
1196 obj = actionMetaClass->alloc();
1197 if (!obj) {
1198 ret = kIOReturnNoMemory;
1199 goto finish;
1200 }
1201 inst = OSDynamicCast(OSAction, obj);
1202 obj = NULL; // prevent release
1203 assert(inst); // obj is a subclass of OSAction so the dynamic cast should always work
1204 } else {
1205 DKLOG("Attempted to create action object with type \"%s\" which does not inherit from OSAction\n", typeName->getCStringNoCopy());
1206 ret = kIOReturnBadArgument;
1207 goto finish;
1208 }
1209 } else {
1210 inst = OSTypeAlloc(OSAction);
1211 if (!inst) {
1212 ret = kIOReturnNoMemory;
1213 goto finish;
1214 }
1215 }
1216
1217 if (referenceSize != 0) {
1218 reference = IONewZeroData(uint8_t, referenceSize);
1219 if (reference == NULL) {
1220 ret = kIOReturnNoMemory;
1221 goto finish;
1222 }
1223 }
1224
1225 inst->ivars = IONewZero(OSAction_IVars, 1);
1226 if (!inst->ivars) {
1227 ret = kIOReturnNoMemory;
1228 goto finish;
1229 }
1230 if (target) {
1231 target->retain();
1232 if (!fromKernel && !OSDynamicCast(IOService, target)) {
1233 IOUserServer * us;
1234 us = (typeof(us))thread_iokit_tls_get(0);
1235 inst->ivars->userServer = OSDynamicCast(IOUserServer, us);
1236 assert(inst->ivars->userServer);
1237 inst->ivars->userServer->retain();
1238 }
1239 }
1240 inst->ivars->target = target;
1241 inst->ivars->targetmsgid = targetmsgid;
1242 inst->ivars->msgid = msgid;
1243
1244 inst->ivars->reference = reference;
1245 inst->ivars->referenceSize = referenceSize;
1246 reference = NULL; // prevent release
1247
1248 if (typeName) {
1249 typeName->retain();
1250 }
1251 inst->ivars->typeName = typeName;
1252
1253 *action = inst;
1254 inst = NULL; // prevent release
1255 ret = kIOReturnSuccess;
1256
1257 finish:
1258 OSSafeReleaseNULL(obj);
1259 OSSafeReleaseNULL(sym);
1260 OSSafeReleaseNULL(inst);
1261 if (reference) {
1262 IODeleteData(reference, uint8_t, referenceSize);
1263 }
1264
1265 return ret;
1266 }
1267
1268 kern_return_t
Create(OSAction_Create_Args)1269 OSAction::Create(OSAction_Create_Args)
1270 {
1271 return OSAction::CreateWithTypeName(target, targetmsgid, msgid, referenceSize, NULL, action);
1272 }
1273
1274 kern_return_t
CreateWithTypeName(OSAction_CreateWithTypeName_Args)1275 OSAction::CreateWithTypeName(OSAction_CreateWithTypeName_Args)
1276 {
1277 return OSActionCreateWithTypeNameInternal(target, targetmsgid, msgid, referenceSize, typeName, true, action);
1278 }
1279
1280 kern_return_t
Create_Impl(OSObject * target,uint64_t targetmsgid,uint64_t msgid,size_t referenceSize,OSAction ** action)1281 OSAction::Create_Impl(
1282 OSObject * target,
1283 uint64_t targetmsgid,
1284 uint64_t msgid,
1285 size_t referenceSize,
1286 OSAction ** action)
1287 {
1288 return OSAction::CreateWithTypeName_Impl(target, targetmsgid, msgid, referenceSize, NULL, action);
1289 }
1290
1291 kern_return_t
CreateWithTypeName_Impl(OSObject * target,uint64_t targetmsgid,uint64_t msgid,size_t referenceSize,OSString * typeName,OSAction ** action)1292 OSAction::CreateWithTypeName_Impl(
1293 OSObject * target,
1294 uint64_t targetmsgid,
1295 uint64_t msgid,
1296 size_t referenceSize,
1297 OSString * typeName,
1298 OSAction ** action)
1299 {
1300 return OSActionCreateWithTypeNameInternal(target, targetmsgid, msgid, referenceSize, typeName, false, action);
1301 }
1302
1303 void
free()1304 OSAction::free()
1305 {
1306 if (ivars) {
1307 if (ivars->abortedHandler) {
1308 Block_release(ivars->abortedHandler);
1309 ivars->abortedHandler = NULL;
1310 }
1311 OSSafeReleaseNULL(ivars->target);
1312 OSSafeReleaseNULL(ivars->typeName);
1313 OSSafeReleaseNULL(ivars->userServer);
1314 if (ivars->reference) {
1315 assert(ivars->referenceSize > 0);
1316 IODeleteData(ivars->reference, uint8_t, ivars->referenceSize);
1317 }
1318 IOSafeDeleteNULL(ivars, OSAction_IVars, 1);
1319 }
1320 return super::free();
1321 }
1322
1323 void *
GetReference()1324 OSAction::GetReference()
1325 {
1326 assert(ivars && ivars->referenceSize && ivars->reference);
1327 return ivars->reference;
1328 }
1329
1330 kern_return_t
SetAbortedHandler(OSActionAbortedHandler handler)1331 OSAction::SetAbortedHandler(OSActionAbortedHandler handler)
1332 {
1333 ivars->abortedHandler = Block_copy(handler);
1334 return kIOReturnSuccess;
1335 }
1336
1337 void
Aborted_Impl(void)1338 OSAction::Aborted_Impl(void)
1339 {
1340 if (ivars->abortedHandler) {
1341 ivars->abortedHandler();
1342 }
1343 }
1344
1345 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1346
1347 struct IODispatchSource_IVars {
1348 queue_chain_t link;
1349 IODispatchSource * source;
1350 IOUserServer * server;
1351 IODispatchQueue_IVars * queue;
1352 bool enabled;
1353 };
1354
1355 bool
init()1356 IODispatchSource::init()
1357 {
1358 if (!super::init()) {
1359 return false;
1360 }
1361
1362 ivars = IOMallocType(IODispatchSource_IVars);
1363
1364 ivars->source = this;
1365
1366 return true;
1367 }
1368
1369 void
free()1370 IODispatchSource::free()
1371 {
1372 IOFreeType(ivars, IODispatchSource_IVars);
1373 super::free();
1374 }
1375
1376 kern_return_t
SetEnable_Impl(bool enable)1377 IODispatchSource::SetEnable_Impl(
1378 bool enable)
1379 {
1380 return SetEnableWithCompletion(enable, NULL);
1381 }
1382
1383 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1384
1385 struct IOInterruptDispatchSource_IVars {
1386 IOService * provider;
1387 uint32_t intIndex;
1388 uint32_t flags;
1389 int interruptType;
1390 IOSimpleLock * lock;
1391 thread_t waiter;
1392 uint64_t count;
1393 uint64_t time;
1394 OSAction * action;
1395 bool enable;
1396 };
1397
1398 static void
IOInterruptDispatchSourceInterrupt(OSObject * target,void * refCon,IOService * nub,int source)1399 IOInterruptDispatchSourceInterrupt(OSObject * target, void * refCon,
1400 IOService * nub, int source )
1401 {
1402 IOInterruptDispatchSource_IVars * ivars = (typeof(ivars))refCon;
1403 IOInterruptState is;
1404
1405 is = IOSimpleLockLockDisableInterrupt(ivars->lock);
1406 ivars->count++;
1407 ivars->time = (kIOInterruptSourceContinuousTime & ivars->flags)
1408 ? mach_continuous_time() : mach_absolute_time();
1409 if (ivars->waiter) {
1410 thread_wakeup_thread((event_t) ivars, ivars->waiter);
1411 ivars->waiter = NULL;
1412 }
1413 if (kIOInterruptTypeLevel & ivars->interruptType) {
1414 ivars->provider->disableInterrupt(ivars->intIndex);
1415 }
1416 IOSimpleLockUnlockEnableInterrupt(ivars->lock, is);
1417 }
1418
1419 kern_return_t
Create_Impl(IOService * provider,uint32_t indexAndFlags,IODispatchQueue * queue,IOInterruptDispatchSource ** source)1420 IOInterruptDispatchSource::Create_Impl(
1421 IOService * provider,
1422 uint32_t indexAndFlags,
1423 IODispatchQueue * queue,
1424 IOInterruptDispatchSource ** source)
1425 {
1426 IOReturn ret;
1427 IOInterruptDispatchSource * inst;
1428 uint32_t index;
1429 uint32_t flags;
1430
1431 index = indexAndFlags & kIOInterruptSourceIndexMask;
1432 flags = indexAndFlags & ~kIOInterruptSourceIndexMask;
1433
1434 inst = OSTypeAlloc(IOInterruptDispatchSource);
1435 if (!inst->init()) {
1436 inst->free();
1437 return kIOReturnNoMemory;
1438 }
1439
1440 inst->ivars->lock = IOSimpleLockAlloc();
1441
1442 ret = provider->getInterruptType(index, &inst->ivars->interruptType);
1443 if (kIOReturnSuccess != ret) {
1444 OSSafeReleaseNULL(inst);
1445 return ret;
1446 }
1447 ret = provider->registerInterrupt(index, inst, IOInterruptDispatchSourceInterrupt, inst->ivars);
1448 if (kIOReturnSuccess == ret) {
1449 inst->ivars->intIndex = index;
1450 inst->ivars->flags = flags;
1451 inst->ivars->provider = provider;
1452 inst->ivars->provider->retain();
1453 *source = inst;
1454 }
1455 return ret;
1456 }
1457
1458 kern_return_t
GetInterruptType_Impl(IOService * provider,uint32_t index,uint64_t * interruptType)1459 IOInterruptDispatchSource::GetInterruptType_Impl(
1460 IOService * provider,
1461 uint32_t index,
1462 uint64_t * interruptType)
1463 {
1464 IOReturn ret;
1465 int type;
1466
1467 *interruptType = 0;
1468 ret = provider->getInterruptType(index, &type);
1469 if (kIOReturnSuccess == ret) {
1470 *interruptType = type;
1471 }
1472
1473 return ret;
1474 }
1475
1476 bool
init()1477 IOInterruptDispatchSource::init()
1478 {
1479 if (!super::init()) {
1480 return false;
1481 }
1482 ivars = IOMallocType(IOInterruptDispatchSource_IVars);
1483
1484 return true;
1485 }
1486
1487 void
free()1488 IOInterruptDispatchSource::free()
1489 {
1490 IOReturn ret;
1491
1492 if (ivars && ivars->provider) {
1493 ret = ivars->provider->unregisterInterrupt(ivars->intIndex);
1494 assert(kIOReturnSuccess == ret);
1495 ivars->provider->release();
1496 }
1497
1498 if (ivars && ivars->lock) {
1499 IOSimpleLockFree(ivars->lock);
1500 }
1501
1502 IOFreeType(ivars, IOInterruptDispatchSource_IVars);
1503
1504 super::free();
1505 }
1506
1507 kern_return_t
SetHandler_Impl(OSAction * action)1508 IOInterruptDispatchSource::SetHandler_Impl(
1509 OSAction * action)
1510 {
1511 IOReturn ret;
1512 OSAction * oldAction;
1513
1514 oldAction = (typeof(oldAction))ivars->action;
1515 if (oldAction && OSCompareAndSwapPtr(oldAction, NULL, &ivars->action)) {
1516 oldAction->release();
1517 }
1518 action->retain();
1519 ivars->action = action;
1520
1521 ret = kIOReturnSuccess;
1522
1523 return ret;
1524 }
1525
1526 kern_return_t
SetEnableWithCompletion_Impl(bool enable,IODispatchSourceCancelHandler handler)1527 IOInterruptDispatchSource::SetEnableWithCompletion_Impl(
1528 bool enable,
1529 IODispatchSourceCancelHandler handler)
1530 {
1531 IOReturn ret;
1532 IOInterruptState is;
1533
1534 if (enable == ivars->enable) {
1535 return kIOReturnSuccess;
1536 }
1537
1538 if (enable) {
1539 is = IOSimpleLockLockDisableInterrupt(ivars->lock);
1540 ivars->enable = enable;
1541 IOSimpleLockUnlockEnableInterrupt(ivars->lock, is);
1542 ret = ivars->provider->enableInterrupt(ivars->intIndex);
1543 } else {
1544 ret = ivars->provider->disableInterrupt(ivars->intIndex);
1545 is = IOSimpleLockLockDisableInterrupt(ivars->lock);
1546 ivars->enable = enable;
1547 IOSimpleLockUnlockEnableInterrupt(ivars->lock, is);
1548 }
1549
1550 return ret;
1551 }
1552
1553 kern_return_t
Cancel_Impl(IODispatchSourceCancelHandler handler)1554 IOInterruptDispatchSource::Cancel_Impl(
1555 IODispatchSourceCancelHandler handler)
1556 {
1557 return kIOReturnUnsupported;
1558 }
1559
1560 kern_return_t
CheckForWork_Impl(const IORPC rpc,bool synchronous)1561 IOInterruptDispatchSource::CheckForWork_Impl(
1562 const IORPC rpc,
1563 bool synchronous)
1564 {
1565 IOReturn ret = kIOReturnNotReady;
1566 IOInterruptState is;
1567 bool willWait;
1568 wait_result_t waitResult;
1569 uint64_t icount;
1570 uint64_t itime;
1571 thread_t self;
1572
1573 self = current_thread();
1574 icount = 0;
1575 do {
1576 is = IOSimpleLockLockDisableInterrupt(ivars->lock);
1577 if ((icount = ivars->count)) {
1578 itime = ivars->time;
1579 ivars->count = 0;
1580 waitResult = THREAD_AWAKENED;
1581 } else if (synchronous) {
1582 assert(NULL == ivars->waiter);
1583 ivars->waiter = self;
1584 waitResult = assert_wait((event_t) ivars, THREAD_INTERRUPTIBLE);
1585 }
1586 willWait = (synchronous && (waitResult == THREAD_WAITING));
1587 if (willWait && (kIOInterruptTypeLevel & ivars->interruptType) && ivars->enable) {
1588 IOSimpleLockUnlockEnableInterrupt(ivars->lock, is);
1589 ivars->provider->enableInterrupt(ivars->intIndex);
1590 } else {
1591 IOSimpleLockUnlockEnableInterrupt(ivars->lock, is);
1592 }
1593 if (willWait) {
1594 waitResult = thread_block(THREAD_CONTINUE_NULL);
1595 if (THREAD_INTERRUPTED == waitResult) {
1596 is = IOSimpleLockLockDisableInterrupt(ivars->lock);
1597 ivars->waiter = NULL;
1598 IOSimpleLockUnlockEnableInterrupt(ivars->lock, is);
1599 break;
1600 }
1601 }
1602 } while (synchronous && !icount);
1603
1604 if (icount && ivars->action) {
1605 ret = InterruptOccurred(rpc, ivars->action, icount, itime);
1606 }
1607
1608 return ret;
1609 }
1610
1611 void
InterruptOccurred_Impl(OSAction * action,uint64_t count,uint64_t time)1612 IOInterruptDispatchSource::InterruptOccurred_Impl(
1613 OSAction * action,
1614 uint64_t count,
1615 uint64_t time)
1616 {
1617 }
1618
1619 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1620
1621 enum {
1622 kIOServiceNotificationTypeCount = kIOServiceNotificationTypeLast + 1,
1623 };
1624
1625 struct IOServiceNotificationDispatchSource_IVars {
1626 OSObject * serverName;
1627 OSAction * action;
1628 IOLock * lock;
1629 IONotifier * notifier;
1630 OSDictionary * interestNotifiers;
1631 OSArray * pending[kIOServiceNotificationTypeCount];
1632 bool enable;
1633 };
1634
1635 kern_return_t
Create_Impl(OSDictionary * matching,uint64_t options,IODispatchQueue * queue,IOServiceNotificationDispatchSource ** notification)1636 IOServiceNotificationDispatchSource::Create_Impl(
1637 OSDictionary * matching,
1638 uint64_t options,
1639 IODispatchQueue * queue,
1640 IOServiceNotificationDispatchSource ** notification)
1641 {
1642 IOUserServer * us;
1643 IOReturn ret;
1644 IOServiceNotificationDispatchSource * inst;
1645
1646 inst = OSTypeAlloc(IOServiceNotificationDispatchSource);
1647 if (!inst->init()) {
1648 OSSafeReleaseNULL(inst);
1649 return kIOReturnNoMemory;
1650 }
1651
1652 us = (typeof(us))thread_iokit_tls_get(0);
1653 assert(OSDynamicCast(IOUserServer, us));
1654 if (!us) {
1655 OSSafeReleaseNULL(inst);
1656 return kIOReturnError;
1657 }
1658 inst->ivars->serverName = us->copyProperty(gIOUserServerNameKey);
1659 if (!inst->ivars->serverName) {
1660 OSSafeReleaseNULL(inst);
1661 return kIOReturnNoMemory;
1662 }
1663
1664 inst->ivars->lock = IOLockAlloc();
1665 if (!inst->ivars->lock) {
1666 OSSafeReleaseNULL(inst);
1667 return kIOReturnNoMemory;
1668 }
1669 for (uint32_t idx = 0; idx < kIOServiceNotificationTypeCount; idx++) {
1670 inst->ivars->pending[idx] = OSArray::withCapacity(4);
1671 if (!inst->ivars->pending[idx]) {
1672 OSSafeReleaseNULL(inst);
1673 return kIOReturnNoMemory;
1674 }
1675 }
1676 inst->ivars->interestNotifiers = OSDictionary::withCapacity(4);
1677 if (!inst->ivars->interestNotifiers) {
1678 OSSafeReleaseNULL(inst);
1679 return kIOReturnNoMemory;
1680 }
1681
1682 inst->ivars->notifier = IOService::addMatchingNotification(gIOMatchedNotification, matching, 0 /*priority*/,
1683 ^bool (IOService * newService, IONotifier * notifier) {
1684 bool notifyReady = false;
1685 IONotifier * interest;
1686 OSObject * serverName;
1687 bool okToUse;
1688
1689 serverName = newService->copyProperty(gIOUserServerNameKey);
1690 okToUse = (serverName && inst->ivars->serverName->isEqualTo(serverName));
1691 OSSafeReleaseNULL(serverName);
1692 if (!okToUse) {
1693 return false;
1694 }
1695
1696 IOLockLock(inst->ivars->lock);
1697 notifyReady = (0 == inst->ivars->pending[kIOServiceNotificationTypeMatched]->getCount());
1698 inst->ivars->pending[kIOServiceNotificationTypeMatched]->setObject(newService);
1699 IOLockUnlock(inst->ivars->lock);
1700
1701 interest = newService->registerInterest(gIOGeneralInterest,
1702 ^IOReturn (uint32_t messageType, IOService * provider,
1703 void * messageArgument, size_t argSize) {
1704 IONotifier * interest;
1705 bool notifyReady = false;
1706
1707 switch (messageType) {
1708 case kIOMessageServiceIsTerminated:
1709 IOLockLock(inst->ivars->lock);
1710 notifyReady = (0 == inst->ivars->pending[kIOServiceNotificationTypeTerminated]->getCount());
1711 inst->ivars->pending[kIOServiceNotificationTypeTerminated]->setObject(provider);
1712 interest = (typeof(interest))inst->ivars->interestNotifiers->getObject((const OSSymbol *) newService);
1713 assert(interest);
1714 interest->remove();
1715 inst->ivars->interestNotifiers->removeObject((const OSSymbol *) newService);
1716 IOLockUnlock(inst->ivars->lock);
1717 break;
1718 default:
1719 break;
1720 }
1721 if (notifyReady && inst->ivars->action) {
1722 inst->ServiceNotificationReady(inst->ivars->action);
1723 }
1724 return kIOReturnSuccess;
1725 });
1726 if (interest) {
1727 IOLockLock(inst->ivars->lock);
1728 inst->ivars->interestNotifiers->setObject((const OSSymbol *) newService, interest);
1729 IOLockUnlock(inst->ivars->lock);
1730 }
1731 if (notifyReady) {
1732 if (inst->ivars->action) {
1733 inst->ServiceNotificationReady(inst->ivars->action);
1734 }
1735 }
1736 return false;
1737 });
1738
1739 if (!inst->ivars->notifier) {
1740 OSSafeReleaseNULL(inst);
1741 ret = kIOReturnError;
1742 }
1743
1744 *notification = inst;
1745 ret = kIOReturnSuccess;
1746
1747 return ret;
1748 }
1749
1750 kern_return_t
CopyNextNotification_Impl(uint64_t * type,IOService ** service,uint64_t * options)1751 IOServiceNotificationDispatchSource::CopyNextNotification_Impl(
1752 uint64_t * type,
1753 IOService ** service,
1754 uint64_t * options)
1755 {
1756 IOService * next;
1757 uint32_t idx;
1758
1759 IOLockLock(ivars->lock);
1760 for (idx = 0; idx < kIOServiceNotificationTypeCount; idx++) {
1761 next = (IOService *) ivars->pending[idx]->getObject(0);
1762 if (next) {
1763 next->retain();
1764 ivars->pending[idx]->removeObject(0);
1765 break;
1766 }
1767 }
1768 IOLockUnlock(ivars->lock);
1769
1770 if (idx == kIOServiceNotificationTypeCount) {
1771 idx = kIOServiceNotificationTypeNone;
1772 }
1773 *type = idx;
1774 *service = next;
1775 *options = 0;
1776
1777 return kIOReturnSuccess;
1778 }
1779
1780 bool
init()1781 IOServiceNotificationDispatchSource::init()
1782 {
1783 if (!super::init()) {
1784 return false;
1785 }
1786 ivars = IOMallocType(IOServiceNotificationDispatchSource_IVars);
1787
1788 return true;
1789 }
1790
1791 void
free()1792 IOServiceNotificationDispatchSource::free()
1793 {
1794 if (ivars) {
1795 OSSafeReleaseNULL(ivars->serverName);
1796 if (ivars->interestNotifiers) {
1797 ivars->interestNotifiers->iterateObjects(^bool (const OSSymbol * key, OSObject * object) {
1798 IONotifier * interest = (typeof(interest))object;
1799 interest->remove();
1800 return false;
1801 });
1802 OSSafeReleaseNULL(ivars->interestNotifiers);
1803 }
1804 for (uint32_t idx = 0; idx < kIOServiceNotificationTypeCount; idx++) {
1805 OSSafeReleaseNULL(ivars->pending[idx]);
1806 }
1807 if (ivars->lock) {
1808 IOLockFree(ivars->lock);
1809 ivars->lock = NULL;
1810 }
1811 if (ivars->notifier) {
1812 ivars->notifier->remove();
1813 ivars->notifier = NULL;
1814 }
1815 IOFreeType(ivars, IOServiceNotificationDispatchSource_IVars);
1816 }
1817
1818 super::free();
1819 }
1820
1821 kern_return_t
SetHandler_Impl(OSAction * action)1822 IOServiceNotificationDispatchSource::SetHandler_Impl(
1823 OSAction * action)
1824 {
1825 IOReturn ret;
1826 bool notifyReady;
1827
1828 notifyReady = false;
1829
1830 IOLockLock(ivars->lock);
1831 OSSafeReleaseNULL(ivars->action);
1832 action->retain();
1833 ivars->action = action;
1834 if (action) {
1835 for (uint32_t idx = 0; idx < kIOServiceNotificationTypeCount; idx++) {
1836 notifyReady = (ivars->pending[idx]->getCount());
1837 if (notifyReady) {
1838 break;
1839 }
1840 }
1841 }
1842 IOLockUnlock(ivars->lock);
1843
1844 if (notifyReady) {
1845 ServiceNotificationReady(action);
1846 }
1847 ret = kIOReturnSuccess;
1848
1849 return ret;
1850 }
1851
1852 kern_return_t
SetEnableWithCompletion_Impl(bool enable,IODispatchSourceCancelHandler handler)1853 IOServiceNotificationDispatchSource::SetEnableWithCompletion_Impl(
1854 bool enable,
1855 IODispatchSourceCancelHandler handler)
1856 {
1857 if (enable == ivars->enable) {
1858 return kIOReturnSuccess;
1859 }
1860
1861 IOLockLock(ivars->lock);
1862 ivars->enable = enable;
1863 IOLockUnlock(ivars->lock);
1864
1865 return kIOReturnSuccess;
1866 }
1867
1868 kern_return_t
Cancel_Impl(IODispatchSourceCancelHandler handler)1869 IOServiceNotificationDispatchSource::Cancel_Impl(
1870 IODispatchSourceCancelHandler handler)
1871 {
1872 return kIOReturnUnsupported;
1873 }
1874
1875 kern_return_t
CheckForWork_Impl(const IORPC rpc,bool synchronous)1876 IOServiceNotificationDispatchSource::CheckForWork_Impl(
1877 const IORPC rpc,
1878 bool synchronous)
1879 {
1880 return kIOReturnNotReady;
1881 }
1882
1883 kern_return_t
DeliverNotifications(IOServiceNotificationBlock block)1884 IOServiceNotificationDispatchSource::DeliverNotifications(IOServiceNotificationBlock block)
1885 {
1886 return kIOReturnUnsupported;
1887 }
1888
1889
1890 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1891
1892 OSDictionary *
CreatePropertyMatchingDictionary(const char * key,OSObjectPtr value,OSDictionary * matching)1893 IOService::CreatePropertyMatchingDictionary(const char * key, OSObjectPtr value, OSDictionary * matching)
1894 {
1895 OSDictionary * result;
1896 const OSSymbol * keySym;
1897
1898 keySym = OSSymbol::withCString(key);
1899 result = propertyMatching(keySym, (const OSObject *) value, matching);
1900 OSSafeReleaseNULL(keySym);
1901
1902 return result;
1903 }
1904
1905 OSDictionary *
CreatePropertyMatchingDictionary(const char * key,const char * stringValue,OSDictionary * matching)1906 IOService::CreatePropertyMatchingDictionary(const char * key, const char * stringValue, OSDictionary * matching)
1907 {
1908 OSDictionary * result;
1909 OSString * value;
1910
1911 value = OSString::withCString(stringValue);
1912 result = CreatePropertyMatchingDictionary(key, value, matching);
1913 OSSafeReleaseNULL(value);
1914
1915 return result;
1916 }
1917
1918 OSDictionary *
CreateKernelClassMatchingDictionary(OSString * className,OSDictionary * matching)1919 IOService::CreateKernelClassMatchingDictionary(OSString * className, OSDictionary * matching)
1920 {
1921 if (!className) {
1922 return NULL;
1923 }
1924 if (!matching) {
1925 matching = OSDictionary::withCapacity(2);
1926 if (!matching) {
1927 return NULL;
1928 }
1929 }
1930 matching->setObject(kIOProviderClassKey, className);
1931
1932 return matching;
1933 }
1934
1935 OSDictionary *
CreateKernelClassMatchingDictionary(const char * className,OSDictionary * matching)1936 IOService::CreateKernelClassMatchingDictionary(const char * className, OSDictionary * matching)
1937 {
1938 OSDictionary * result;
1939 OSString * string;
1940
1941 string = OSString::withCString(className);
1942 result = CreateKernelClassMatchingDictionary(string, matching);
1943 OSSafeReleaseNULL(string);
1944
1945 return result;
1946 }
1947
1948 OSDictionary *
CreateUserClassMatchingDictionary(OSString * className,OSDictionary * matching)1949 IOService::CreateUserClassMatchingDictionary(OSString * className, OSDictionary * matching)
1950 {
1951 return CreatePropertyMatchingDictionary(kIOUserClassKey, className, matching);
1952 }
1953
1954 OSDictionary *
CreateUserClassMatchingDictionary(const char * className,OSDictionary * matching)1955 IOService::CreateUserClassMatchingDictionary(const char * className, OSDictionary * matching)
1956 {
1957 return CreatePropertyMatchingDictionary(kIOUserClassKey, className, matching);
1958 }
1959
1960 OSDictionary *
CreateNameMatchingDictionary(OSString * serviceName,OSDictionary * matching)1961 IOService::CreateNameMatchingDictionary(OSString * serviceName, OSDictionary * matching)
1962 {
1963 if (!serviceName) {
1964 return NULL;
1965 }
1966 if (!matching) {
1967 matching = OSDictionary::withCapacity(2);
1968 if (!matching) {
1969 return NULL;
1970 }
1971 }
1972 matching->setObject(kIONameMatchKey, serviceName);
1973
1974 return matching;
1975 }
1976
1977 OSDictionary *
CreateNameMatchingDictionary(const char * serviceName,OSDictionary * matching)1978 IOService::CreateNameMatchingDictionary(const char * serviceName, OSDictionary * matching)
1979 {
1980 OSDictionary * result;
1981 OSString * string;
1982
1983 string = OSString::withCString(serviceName);
1984 result = CreateNameMatchingDictionary(string, matching);
1985 OSSafeReleaseNULL(string);
1986
1987 return result;
1988 }
1989
1990
1991
1992 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1993
1994 kern_return_t
waitInterruptTrap(void * p1,void * p2,void * p3,void * p4,void * p5,void * p6)1995 IOUserServer::waitInterruptTrap(void * p1, void * p2, void * p3, void * p4, void * p5, void * p6)
1996 {
1997 IOReturn ret = kIOReturnBadArgument;
1998 IOInterruptState is;
1999 IOInterruptDispatchSource * interrupt;
2000 IOInterruptDispatchSource_IVars * ivars;
2001 IOInterruptDispatchSourcePayload payload;
2002
2003 bool willWait;
2004 wait_result_t waitResult;
2005 thread_t self;
2006
2007 OSObject * object;
2008
2009 object = iokit_lookup_object_with_port_name((mach_port_name_t)(uintptr_t)p1, IKOT_UEXT_OBJECT, current_task());
2010
2011 if (!object) {
2012 return kIOReturnBadArgument;
2013 }
2014 if (!(interrupt = OSDynamicCast(IOInterruptDispatchSource, object))) {
2015 ret = kIOReturnBadArgument;
2016 } else {
2017 self = current_thread();
2018 ivars = interrupt->ivars;
2019 payload.count = 0;
2020 do {
2021 is = IOSimpleLockLockDisableInterrupt(ivars->lock);
2022 if ((payload.count = ivars->count)) {
2023 payload.time = ivars->time;
2024 ivars->count = 0;
2025 waitResult = THREAD_AWAKENED;
2026 } else {
2027 assert(NULL == ivars->waiter);
2028 ivars->waiter = self;
2029 waitResult = assert_wait((event_t) ivars, THREAD_INTERRUPTIBLE);
2030 }
2031 willWait = (waitResult == THREAD_WAITING);
2032 if (willWait && (kIOInterruptTypeLevel & ivars->interruptType) && ivars->enable) {
2033 IOSimpleLockUnlockEnableInterrupt(ivars->lock, is);
2034 ivars->provider->enableInterrupt(ivars->intIndex);
2035 } else {
2036 IOSimpleLockUnlockEnableInterrupt(ivars->lock, is);
2037 }
2038 if (willWait) {
2039 waitResult = thread_block(THREAD_CONTINUE_NULL);
2040 if (THREAD_INTERRUPTED == waitResult) {
2041 is = IOSimpleLockLockDisableInterrupt(ivars->lock);
2042 ivars->waiter = NULL;
2043 IOSimpleLockUnlockEnableInterrupt(ivars->lock, is);
2044 break;
2045 }
2046 }
2047 } while (!payload.count);
2048 ret = (payload.count ? kIOReturnSuccess : kIOReturnAborted);
2049 }
2050
2051 if (kIOReturnSuccess == ret) {
2052 int copyerr = copyout(&payload, (user_addr_t) p2, sizeof(payload));
2053 if (copyerr) {
2054 ret = kIOReturnVMError;
2055 }
2056 }
2057
2058 object->release();
2059
2060 return ret;
2061 }
2062
2063 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2064
2065 kern_return_t
Create_Impl(const char * name,uint64_t tag,uint64_t options,OSString * bundleID,IOUserServer ** server)2066 IOUserServer::Create_Impl(
2067 const char * name,
2068 uint64_t tag,
2069 uint64_t options,
2070 OSString * bundleID,
2071 IOUserServer ** server)
2072 {
2073 IOReturn ret;
2074 IOUserServer * us;
2075 const OSSymbol * sym;
2076 OSNumber * serverTag;
2077 io_name_t rname;
2078 OSKext * kext;
2079
2080 us = (typeof(us))thread_iokit_tls_get(0);
2081 assert(OSDynamicCast(IOUserServer, us));
2082 if (kIODKLogSetup & gIODKDebug) {
2083 DKLOG(DKS "::Create(" DKS ") %p\n", DKN(us), name, tag, us);
2084 }
2085 if (!us) {
2086 return kIOReturnError;
2087 }
2088
2089 if (bundleID) {
2090 kext = OSKext::lookupKextWithIdentifier(bundleID->getCStringNoCopy());
2091 if (kext) {
2092 us->setTaskLoadTag(kext);
2093 us->setDriverKitUUID(kext);
2094 OSKext::OSKextLogDriverKitInfoLoad(kext);
2095 OSSafeReleaseNULL(kext);
2096 } else {
2097 DKLOG(DKS "::Create(" DKS "): could not find OSKext for %s\n", DKN(us), name, tag, bundleID->getCStringNoCopy());
2098 }
2099
2100 us->fAllocationName = kern_allocation_name_allocate(bundleID->getCStringNoCopy(), 0);
2101 assert(us->fAllocationName);
2102 }
2103
2104 sym = OSSymbol::withCString(name);
2105 serverTag = OSNumber::withNumber(tag, 64);
2106
2107 us->setProperty(gIOUserServerNameKey, (OSObject *) sym);
2108 us->setProperty(gIOUserServerTagKey, serverTag);
2109
2110 serverTag->release();
2111 OSSafeReleaseNULL(sym);
2112
2113 snprintf(rname, sizeof(rname), "IOUserServer(%s-0x%qx)", name, tag);
2114 us->setName(rname);
2115
2116 us->retain();
2117 *server = us;
2118 ret = kIOReturnSuccess;
2119
2120 return ret;
2121 }
2122
2123 kern_return_t
RegisterService_Impl()2124 IOUserServer::RegisterService_Impl()
2125 {
2126 kern_return_t ret = IOService::RegisterService_Impl();
2127
2128 return ret;
2129 }
2130
2131 kern_return_t
Exit_Impl(const char * reason)2132 IOUserServer::Exit_Impl(
2133 const char * reason)
2134 {
2135 return kIOReturnUnsupported;
2136 }
2137
2138 kern_return_t
LoadModule_Impl(const char * path)2139 IOUserServer::LoadModule_Impl(
2140 const char * path)
2141 {
2142 return kIOReturnUnsupported;
2143 }
2144
2145
2146 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2147
2148 kern_return_t
Create_Impl(const char * name,uint64_t options,uint64_t priority,IODispatchQueue ** queue)2149 IODispatchQueue::Create_Impl(
2150 const char * name,
2151 uint64_t options,
2152 uint64_t priority,
2153 IODispatchQueue ** queue)
2154 {
2155 IODispatchQueue * result;
2156 IOUserServer * us;
2157
2158 result = OSTypeAlloc(IODispatchQueue);
2159 if (!result) {
2160 return kIOReturnNoMemory;
2161 }
2162 if (!result->init()) {
2163 OSSafeReleaseNULL(result);
2164 return kIOReturnNoMemory;
2165 }
2166
2167 *queue = result;
2168
2169 if (!strcmp("Root", name)) {
2170 us = (typeof(us))thread_iokit_tls_get(0);
2171 assert(OSDynamicCast(IOUserServer, us));
2172 us->setRootQueue(result);
2173 }
2174
2175 if (kIODKLogSetup & gIODKDebug) {
2176 DKLOG("IODispatchQueue::Create %s %p\n", name, result);
2177 }
2178
2179 return kIOReturnSuccess;
2180 }
2181
2182 kern_return_t
SetPort_Impl(mach_port_t port)2183 IODispatchQueue::SetPort_Impl(
2184 mach_port_t port)
2185 {
2186 if (MACH_PORT_NULL != ivars->serverPort) {
2187 return kIOReturnNotReady;
2188 }
2189
2190 ivars->serverPort = port;
2191 return kIOReturnSuccess;
2192 }
2193
2194 bool
init()2195 IODispatchQueue::init()
2196 {
2197 ivars = IOMallocType(IODispatchQueue_IVars);
2198 ivars->queue = this;
2199
2200 return true;
2201 }
2202
2203 void
free()2204 IODispatchQueue::free()
2205 {
2206 if (ivars && ivars->serverPort) {
2207 ipc_port_release_send(ivars->serverPort);
2208 ivars->serverPort = MACH_PORT_NULL;
2209 }
2210 IOFreeType(ivars, IODispatchQueue_IVars);
2211 super::free();
2212 }
2213
2214 bool
OnQueue()2215 IODispatchQueue::OnQueue()
2216 {
2217 return false;
2218 }
2219
2220 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2221
2222
2223 kern_return_t
Dispatch(IORPC rpc)2224 OSMetaClassBase::Dispatch(IORPC rpc)
2225 {
2226 return kIOReturnUnsupported;
2227 }
2228
2229 kern_return_t
Invoke(IORPC rpc)2230 OSMetaClassBase::Invoke(IORPC rpc)
2231 {
2232 IOReturn ret = kIOReturnUnsupported;
2233 OSMetaClassBase * object;
2234 OSAction * action;
2235 IOService * service;
2236 IOUserServer * us;
2237 IORPCMessage * message;
2238
2239 assert(rpc.sendSize >= (sizeof(IORPCMessageMach) + sizeof(IORPCMessage)));
2240 message = IORPCMessageFromMach(rpc.message, false);
2241 if (!message) {
2242 return kIOReturnIPCError;
2243 }
2244 message->flags |= kIORPCMessageKernel;
2245
2246 us = NULL;
2247 if (!(kIORPCMessageLocalHost & message->flags)) {
2248 us = OSDynamicCast(IOUserServer, this);
2249 if (!us) {
2250 IOEventLink * eventLink = NULL;
2251 IOWorkGroup * workgroup = NULL;
2252
2253 if ((action = OSDynamicCast(OSAction, this))) {
2254 object = IOUserServer::target(action, message);
2255 } else {
2256 object = this;
2257 }
2258 if ((service = OSDynamicCast(IOService, object))
2259 && service->reserved->uvars) {
2260 // xxx other classes
2261 us = service->reserved->uvars->userServer;
2262 } else if (action) {
2263 us = action->ivars->userServer;
2264 } else if ((eventLink = OSDynamicCast(IOEventLink, object))) {
2265 us = eventLink->ivars->userServer;
2266 } else if ((workgroup = OSDynamicCast(IOWorkGroup, object))) {
2267 us = workgroup->ivars->userServer;
2268 }
2269 }
2270 }
2271 if (us) {
2272 message->flags |= kIORPCMessageRemote;
2273 ret = us->rpc(rpc);
2274 if (kIOReturnSuccess != ret) {
2275 if (kIODKLogIPC & gIODKDebug) {
2276 DKLOG("OSMetaClassBase::Invoke user 0x%x\n", ret);
2277 }
2278 }
2279 } else {
2280 if (kIODKLogIPC & gIODKDebug) {
2281 DKLOG("OSMetaClassBase::Invoke kernel %s 0x%qx\n", getMetaClass()->getClassName(), message->msgid);
2282 }
2283 void * prior = thread_iokit_tls_get(0);
2284 thread_iokit_tls_set(0, NULL);
2285 ret = Dispatch(rpc);
2286 thread_iokit_tls_set(0, prior);
2287 }
2288
2289 return ret;
2290 }
2291
2292 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2293
2294 struct IOPStrings {
2295 uint32_t dataSize;
2296 uint32_t count;
2297 const char strings[0];
2298 };
2299
2300 kern_return_t
Dispatch(IORPC rpc)2301 OSUserMetaClass::Dispatch(IORPC rpc)
2302 {
2303 if (meta) {
2304 return const_cast<OSMetaClass *>(meta)->Dispatch(rpc);
2305 } else {
2306 return kIOReturnUnsupported;
2307 }
2308 }
2309
2310 void
free()2311 OSUserMetaClass::free()
2312 {
2313 if (queueNames) {
2314 IOFreeData(queueNames, sizeof(IOPStrings) + queueNames->dataSize * sizeof(char));
2315 queueNames = NULL;
2316 }
2317 if (description) {
2318 IOFreeData(description, description->descriptionSize);
2319 description = NULL;
2320 }
2321 IODeleteData(methods, uint64_t, 2 * methodCount);
2322 if (meta) {
2323 meta->releaseMetaClass();
2324 }
2325 if (name) {
2326 name->release();
2327 }
2328 OSObject::free();
2329 }
2330
2331 /*
2332 * Sets the loadTag of the associated OSKext
2333 * in the dext task.
2334 * NOTE: different instances of the same OSKext
2335 * (so same BounleID but different tasks)
2336 * will have the same loadTag.
2337 */
2338 void
setTaskLoadTag(OSKext * kext)2339 IOUserServer::setTaskLoadTag(OSKext *kext)
2340 {
2341 task_t owningTask;
2342 uint32_t loadTag, prev_taskloadTag;
2343
2344 owningTask = this->fOwningTask;
2345 if (!owningTask) {
2346 printf("%s: fOwningTask not found\n", __FUNCTION__);
2347 return;
2348 }
2349
2350 loadTag = kext->getLoadTag();
2351 prev_taskloadTag = set_task_loadTag(owningTask, loadTag);
2352 if (prev_taskloadTag) {
2353 printf("%s: found the task loadTag already set to %u (set to %u)\n",
2354 __FUNCTION__, prev_taskloadTag, loadTag);
2355 }
2356 }
2357
2358 /*
2359 * Sets the OSKext uuid as the uuid of the userspace
2360 * dext executable.
2361 */
2362 void
setDriverKitUUID(OSKext * kext)2363 IOUserServer::setDriverKitUUID(OSKext *kext)
2364 {
2365 task_t task;
2366 proc_t p;
2367 uuid_t p_uuid, k_uuid;
2368 OSData *k_data_uuid;
2369 OSData *new_uuid;
2370 uuid_string_t uuid_string = "";
2371
2372 task = this->fOwningTask;
2373 if (!task) {
2374 printf("%s: fOwningTask not found\n", __FUNCTION__);
2375 return;
2376 }
2377
2378 p = (proc_t)(get_bsdtask_info(task));
2379 if (!p) {
2380 printf("%s: proc not found\n", __FUNCTION__);
2381 return;
2382 }
2383 proc_getexecutableuuid(p, p_uuid, sizeof(p_uuid));
2384
2385 k_data_uuid = kext->copyUUID();
2386 if (k_data_uuid) {
2387 memcpy(&k_uuid, k_data_uuid->getBytesNoCopy(), sizeof(k_uuid));
2388 OSSafeReleaseNULL(k_data_uuid);
2389 if (uuid_compare(k_uuid, p_uuid) != 0) {
2390 printf("%s: uuid not matching\n", __FUNCTION__);
2391 }
2392 return;
2393 }
2394
2395 uuid_unparse(p_uuid, uuid_string);
2396 new_uuid = OSData::withValue(p_uuid);
2397 kext->setDriverKitUUID(new_uuid);
2398 }
2399
2400 void
setCheckInToken(IOUserServerCheckInToken * token)2401 IOUserServer::setCheckInToken(IOUserServerCheckInToken *token)
2402 {
2403 if (token != NULL && fCheckInToken == NULL) {
2404 token->retain();
2405 fCheckInToken = token;
2406 } else {
2407 printf("%s: failed to set check in token. token=%p, fCheckInToken=%p\n", __FUNCTION__, token, fCheckInToken);
2408 }
2409 }
2410
2411 bool
serviceMatchesCheckInToken(IOUserServerCheckInToken * token)2412 IOUserServer::serviceMatchesCheckInToken(IOUserServerCheckInToken *token)
2413 {
2414 if (token != NULL) {
2415 bool result = token == fCheckInToken;
2416 if (result) {
2417 fCheckInToken->complete();
2418 }
2419 return result;
2420 } else {
2421 printf("%s: null check in token\n", __FUNCTION__);
2422 return false;
2423 }
2424 }
2425
2426 // entitlements - dict of entitlements to check
2427 // prop - string - if present return true
2428 // - array of strings - if any present return true
2429 // - array of arrays of strings - in each leaf array all must be present
2430 // - if any top level array succeeds return true
2431 // consumes one reference of prop
2432 bool
checkEntitlements(OSDictionary * entitlements,OSObject * prop,IOService * provider,IOService * dext)2433 IOUserServer::checkEntitlements(
2434 OSDictionary * entitlements, OSObject * prop,
2435 IOService * provider, IOService * dext)
2436 {
2437 OSDictionary * matching;
2438
2439 if (!prop) {
2440 return true;
2441 }
2442 if (!entitlements) {
2443 OSSafeReleaseNULL(prop);
2444 return false;
2445 }
2446
2447 matching = NULL;
2448 if (dext) {
2449 matching = dext->dictionaryWithProperties();
2450 if (!matching) {
2451 OSSafeReleaseNULL(prop);
2452 return false;
2453 }
2454 }
2455
2456 bool allPresent __block;
2457 prop->iterateObjects(^bool (OSObject * object) {
2458 allPresent = false;
2459 object->iterateObjects(^bool (OSObject * object) {
2460 OSString * string;
2461 OSObject * value;
2462 string = OSDynamicCast(OSString, object);
2463 value = entitlements->getObject(string);
2464 if (matching && value) {
2465 matching->setObject(string, value);
2466 }
2467 allPresent = (NULL != value);
2468 // early terminate if not found
2469 return !allPresent;
2470 });
2471 // early terminate if found
2472 return allPresent;
2473 });
2474
2475 if (allPresent && matching && provider) {
2476 allPresent = provider->matchPropertyTable(matching);
2477 }
2478
2479 OSSafeReleaseNULL(matching);
2480 OSSafeReleaseNULL(prop);
2481
2482 return allPresent;
2483 }
2484
2485 bool
checkEntitlements(IOService * provider,IOService * dext)2486 IOUserServer::checkEntitlements(IOService * provider, IOService * dext)
2487 {
2488 OSObject * prop;
2489 bool ok;
2490
2491 if (!fOwningTask) {
2492 return false;
2493 }
2494
2495 prop = provider->copyProperty(gIOServiceDEXTEntitlementsKey);
2496 ok = checkEntitlements(fEntitlements, prop, provider, dext);
2497 if (!ok) {
2498 DKLOG(DKS ": provider entitlements check failed\n", DKN(dext));
2499 }
2500 if (ok) {
2501 prop = dext->copyProperty(gIOServiceDEXTEntitlementsKey);
2502 ok = checkEntitlements(fEntitlements, prop, NULL, NULL);
2503 if (!ok) {
2504 DKLOG(DKS ": family entitlements check failed\n", DKN(dext));
2505 }
2506 }
2507
2508 return ok;
2509 }
2510
2511 IOReturn
exit(const char * reason)2512 IOUserServer::exit(const char * reason)
2513 {
2514 DKLOG("%s::exit(%s)\n", getName(), reason);
2515 Exit(reason);
2516 return kIOReturnSuccess;
2517 }
2518
2519 OSObjectUserVars *
varsForObject(OSObject * obj)2520 IOUserServer::varsForObject(OSObject * obj)
2521 {
2522 IOService * service;
2523
2524 if ((service = OSDynamicCast(IOService, obj))) {
2525 return service->reserved->uvars;
2526 }
2527
2528 return NULL;
2529 }
2530
2531 IOPStrings *
copyInStringArray(const char * string,uint32_t userSize)2532 IOUserServer::copyInStringArray(const char * string, uint32_t userSize)
2533 {
2534 IOPStrings * array;
2535 vm_size_t alloc;
2536 size_t len;
2537 const char * cstr;
2538 const char * end;
2539
2540 if (userSize <= 1) {
2541 return NULL;
2542 }
2543
2544 if (os_add_overflow(sizeof(IOPStrings), userSize, &alloc)) {
2545 assert(false);
2546 return NULL;
2547 }
2548 if (alloc > 16384) {
2549 assert(false);
2550 return NULL;
2551 }
2552 array = (typeof(array))IOMallocData(alloc);
2553 if (!array) {
2554 return NULL;
2555 }
2556 array->dataSize = userSize;
2557 bcopy(string, (void *) &array->strings[0], userSize);
2558
2559 array->count = 0;
2560 cstr = &array->strings[0];
2561 end = &array->strings[array->dataSize];
2562 while ((len = (unsigned char)cstr[0])) {
2563 cstr++;
2564 if ((cstr + len) >= end) {
2565 break;
2566 }
2567 cstr += len;
2568 array->count++;
2569 }
2570 if (len) {
2571 IOFreeData(array, alloc);
2572 array = NULL;
2573 }
2574
2575 return array;
2576 }
2577
2578 uint32_t
stringArrayIndex(IOPStrings * array,const char * look)2579 IOUserServer::stringArrayIndex(IOPStrings * array, const char * look)
2580 {
2581 uint32_t idx;
2582 size_t len, llen;
2583 const char * cstr;
2584 const char * end;
2585
2586 idx = 0;
2587 cstr = &array->strings[0];
2588 end = &array->strings[array->dataSize];
2589 llen = strlen(look);
2590 while ((len = (unsigned char)cstr[0])) {
2591 cstr++;
2592 if ((cstr + len) >= end) {
2593 break;
2594 }
2595 if ((len == llen) && !strncmp(cstr, look, len)) {
2596 return idx;
2597 }
2598 cstr += len;
2599 idx++;
2600 }
2601
2602 return -1U;
2603 }
2604 #define kIODispatchQueueStopped ((IODispatchQueue *) -1L)
2605
2606 IODispatchQueue *
queueForObject(OSObject * obj,uint64_t msgid)2607 IOUserServer::queueForObject(OSObject * obj, uint64_t msgid)
2608 {
2609 IODispatchQueue * queue;
2610 OSObjectUserVars * uvars;
2611 uint64_t option;
2612
2613 uvars = varsForObject(obj);
2614 if (!uvars) {
2615 return NULL;
2616 }
2617 if (!uvars->queueArray) {
2618 if (uvars->stopped) {
2619 return kIODispatchQueueStopped;
2620 }
2621 return NULL;
2622 }
2623 queue = uvars->queueArray[0];
2624
2625 if (uvars->userMeta
2626 && uvars->userMeta->methods) {
2627 uint32_t idx, baseIdx;
2628 uint32_t lim;
2629 // bsearch
2630 for (baseIdx = 0, lim = uvars->userMeta->methodCount; lim; lim >>= 1) {
2631 idx = baseIdx + (lim >> 1);
2632 if (msgid == uvars->userMeta->methods[idx]) {
2633 option = uvars->userMeta->methods[uvars->userMeta->methodCount + idx];
2634 option &= 0xFF;
2635 if (option < uvars->userMeta->queueNames->count) {
2636 queue = uvars->queueArray[option + 1];
2637 }
2638 break;
2639 } else if (msgid > uvars->userMeta->methods[idx]) {
2640 // move right
2641 baseIdx += (lim >> 1) + 1;
2642 lim--;
2643 }
2644 // else move left
2645 }
2646 }
2647 return queue;
2648 }
2649
2650 IOReturn
objectInstantiate(OSObject * obj,IORPC rpc,IORPCMessage * message)2651 IOUserServer::objectInstantiate(OSObject * obj, IORPC rpc, IORPCMessage * message)
2652 {
2653 IOReturn ret;
2654 OSString * str;
2655 OSObject * prop;
2656 IOService * service;
2657
2658 OSAction * action;
2659 OSObject * target;
2660 uint32_t queueCount, queueAlloc;
2661 const char * resultClassName;
2662 uint64_t resultFlags;
2663
2664 mach_msg_size_t replySize;
2665 uint32_t methodCount;
2666 const uint64_t * methods;
2667 IODispatchQueue * queue;
2668 OSUserMetaClass * userMeta;
2669 OSObjectUserVars * uvars;
2670 uint32_t idx;
2671 ipc_port_t sendPort;
2672
2673 OSObject_Instantiate_Rpl_Content * reply;
2674
2675 queueCount = 0;
2676 methodCount = 0;
2677 methods = NULL;
2678 str = NULL;
2679 prop = NULL;
2680 userMeta = NULL;
2681 resultClassName = NULL;
2682 resultFlags = 0;
2683 ret = kIOReturnUnsupportedMode;
2684
2685 service = OSDynamicCast(IOService, obj);
2686 action = OSDynamicCast(OSAction, obj);
2687 if (!service) {
2688 // xxx other classes hosted
2689 resultFlags |= kOSObjectRPCKernel;
2690 resultFlags |= kOSObjectRPCRemote;
2691 } else {
2692 if (service->isInactive()) {
2693 DKLOG(DKS "::instantiate inactive\n", DKN(service));
2694 return kIOReturnOffline;
2695 }
2696 prop = service->copyProperty(gIOUserClassKey);
2697 str = OSDynamicCast(OSString, prop);
2698 if (!service->reserved->uvars) {
2699 resultFlags |= kOSObjectRPCRemote;
2700 resultFlags |= kOSObjectRPCKernel;
2701 } else if (this != service->reserved->uvars->userServer) {
2702 // remote, use base class
2703 resultFlags |= kOSObjectRPCRemote;
2704 }
2705 if (service->reserved->uvars && service->reserved->uvars->userServer) {
2706 if (!str) {
2707 DKLOG("no IOUserClass defined for " DKS "\n", DKN(service));
2708 OSSafeReleaseNULL(prop);
2709 return kIOReturnError;
2710 }
2711 IOLockLock(service->reserved->uvars->userServer->fLock);
2712 userMeta = (typeof(userMeta))service->reserved->uvars->userServer->fClasses->getObject(str);
2713 IOLockUnlock(service->reserved->uvars->userServer->fLock);
2714 }
2715 }
2716 if (!str && !userMeta) {
2717 const OSMetaClass * meta;
2718 meta = obj->getMetaClass();
2719 IOLockLock(fLock);
2720 if (action) {
2721 str = action->ivars->typeName;
2722 if (str) {
2723 userMeta = (typeof(userMeta))fClasses->getObject(str);
2724 }
2725 }
2726 while (meta && !userMeta) {
2727 str = (OSString *) meta->getClassNameSymbol();
2728 userMeta = (typeof(userMeta))fClasses->getObject(str);
2729 if (!userMeta) {
2730 meta = meta->getSuperClass();
2731 }
2732 }
2733 IOLockUnlock(fLock);
2734 }
2735 if (str) {
2736 if (!userMeta) {
2737 IOLockLock(fLock);
2738 userMeta = (typeof(userMeta))fClasses->getObject(str);
2739 IOLockUnlock(fLock);
2740 }
2741 if (kIODKLogSetup & gIODKDebug) {
2742 DKLOG("userMeta %s %p\n", str->getCStringNoCopy(), userMeta);
2743 }
2744 if (userMeta) {
2745 if (kOSObjectRPCRemote & resultFlags) {
2746 if (!action) {
2747 /* Special case: For OSAction subclasses, do not use the superclass */
2748 while (userMeta && !(kOSClassCanRemote & userMeta->description->flags)) {
2749 userMeta = userMeta->superMeta;
2750 }
2751 }
2752 if (userMeta) {
2753 resultClassName = userMeta->description->name;
2754 ret = kIOReturnSuccess;
2755 }
2756 } else {
2757 service->reserved->uvars->userMeta = userMeta;
2758 queueAlloc = 1;
2759 if (userMeta->queueNames) {
2760 queueAlloc += userMeta->queueNames->count;
2761 }
2762 service->reserved->uvars->queueArray =
2763 IONewZero(IODispatchQueue *, queueAlloc);
2764 resultClassName = str->getCStringNoCopy();
2765 ret = kIOReturnSuccess;
2766 }
2767 } else if (kIODKLogSetup & gIODKDebug) {
2768 DKLOG("userMeta %s was not found in fClasses\n", str->getCStringNoCopy());
2769 IOLockLock(fLock);
2770 fClasses->iterateObjects(^bool (const OSSymbol * key, OSObject * val) {
2771 DKLOG(" fClasses[\"%s\"] => %p\n", key->getCStringNoCopy(), val);
2772 return false;
2773 });
2774 IOLockUnlock(fLock);
2775 }
2776 }
2777 OSSafeReleaseNULL(prop);
2778
2779 IORPCMessageMach * machReply = rpc.reply;
2780 replySize = sizeof(OSObject_Instantiate_Rpl);
2781
2782 if ((kIOReturnSuccess == ret) && (kOSObjectRPCRemote & resultFlags)) {
2783 target = obj;
2784 if (action) {
2785 if (action->ivars->referenceSize) {
2786 resultFlags |= kOSObjectRPCKernel;
2787 } else {
2788 resultFlags &= ~kOSObjectRPCKernel;
2789 if (action->ivars->target) {
2790 target = action->ivars->target;
2791 queueCount = 1;
2792 queue = queueForObject(target, action->ivars->targetmsgid);
2793 if (!queue && action->ivars->userServer) {
2794 queue = action->ivars->userServer->fRootQueue;
2795 }
2796 idx = 0;
2797 sendPort = NULL;
2798 if (queue && (kIODispatchQueueStopped != queue)) {
2799 sendPort = ipc_port_copy_send(queue->ivars->serverPort);
2800 }
2801 replySize = sizeof(OSObject_Instantiate_Rpl)
2802 + queueCount * sizeof(machReply->objects[0])
2803 + 2 * methodCount * sizeof(reply->methods[0]);
2804 if (replySize > rpc.replySize) {
2805 assert(false);
2806 return kIOReturnIPCError;
2807 }
2808 machReply->objects[idx].type = MACH_MSG_PORT_DESCRIPTOR;
2809 machReply->objects[idx].disposition = MACH_MSG_TYPE_MOVE_SEND;
2810 machReply->objects[idx].name = sendPort;
2811 machReply->objects[idx].pad2 = 0;
2812 machReply->objects[idx].pad_end = 0;
2813 }
2814 }
2815 } else {
2816 uvars = varsForObject(target);
2817 if (uvars && uvars->userMeta) {
2818 queueCount = 1;
2819 if (uvars->userMeta->queueNames) {
2820 queueCount += uvars->userMeta->queueNames->count;
2821 }
2822 methods = &uvars->userMeta->methods[0];
2823 methodCount = uvars->userMeta->methodCount;
2824 replySize = sizeof(OSObject_Instantiate_Rpl)
2825 + queueCount * sizeof(machReply->objects[0])
2826 + 2 * methodCount * sizeof(reply->methods[0]);
2827 if (replySize > rpc.replySize) {
2828 assert(false);
2829 return kIOReturnIPCError;
2830 }
2831 for (idx = 0; idx < queueCount; idx++) {
2832 queue = uvars->queueArray[idx];
2833 sendPort = NULL;
2834 if (queue) {
2835 sendPort = ipc_port_copy_send(queue->ivars->serverPort);
2836 }
2837 machReply->objects[idx].type = MACH_MSG_PORT_DESCRIPTOR;
2838 machReply->objects[idx].disposition = MACH_MSG_TYPE_MOVE_SEND;
2839 machReply->objects[idx].name = sendPort;
2840 machReply->objects[idx].pad2 = 0;
2841 machReply->objects[idx].pad_end = 0;
2842 }
2843 }
2844 }
2845 }
2846
2847 if (kIODKLogIPC & gIODKDebug) {
2848 DKLOG("instantiate object %s with user class %s\n", obj->getMetaClass()->getClassName(), str ? str->getCStringNoCopy() : "(null)");
2849 }
2850
2851 if (kIOReturnSuccess != ret) {
2852 DKLOG("%s: no user class found\n", str ? str->getCStringNoCopy() : obj->getMetaClass()->getClassName());
2853 resultClassName = "unknown";
2854 }
2855
2856 machReply->msgh.msgh_id = kIORPCVersionCurrentReply;
2857 machReply->msgh.msgh_size = replySize;
2858 machReply->msgh_body.msgh_descriptor_count = queueCount;
2859
2860 reply = (typeof(reply))IORPCMessageFromMach(machReply, true);
2861 if (!reply) {
2862 return kIOReturnIPCError;
2863 }
2864 if (methodCount) {
2865 bcopy(methods, &reply->methods[0], methodCount * 2 * sizeof(reply->methods[0]));
2866 }
2867 reply->__hdr.msgid = OSObject_Instantiate_ID;
2868 reply->__hdr.flags = kIORPCMessageOneway;
2869 reply->__hdr.objectRefs = 0;
2870 reply->__pad = 0;
2871 reply->flags = resultFlags;
2872 strlcpy(reply->classname, resultClassName, sizeof(reply->classname));
2873 reply->__result = ret;
2874
2875 ret = kIOReturnSuccess;
2876
2877 return ret;
2878 }
2879
2880 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2881
2882 IOReturn
kernelDispatch(OSObject * obj,IORPC rpc)2883 IOUserServer::kernelDispatch(OSObject * obj, IORPC rpc)
2884 {
2885 IOReturn ret;
2886 IORPCMessage * message;
2887
2888 message = IORPCMessageFromMach(rpc.message, false);
2889 if (!message) {
2890 return kIOReturnIPCError;
2891 }
2892
2893 if (OSObject_Instantiate_ID == message->msgid) {
2894 ret = objectInstantiate(obj, rpc, message);
2895 if (kIOReturnSuccess != ret) {
2896 DKLOG("%s: instantiate failed 0x%x\n", obj->getMetaClass()->getClassName(), ret);
2897 }
2898 } else {
2899 if (kIODKLogIPC & gIODKDebug) {
2900 DKLOG("%s::Dispatch kernel 0x%qx\n", obj->getMetaClass()->getClassName(), message->msgid);
2901 }
2902 ret = obj->Dispatch(rpc);
2903 if (kIODKLogIPC & gIODKDebug) {
2904 DKLOG("%s::Dispatch kernel 0x%qx result 0x%x\n", obj->getMetaClass()->getClassName(), message->msgid, ret);
2905 }
2906 }
2907
2908 return ret;
2909 }
2910
2911
2912 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2913
2914 OSObject *
target(OSAction * action,IORPCMessage * message)2915 IOUserServer::target(OSAction * action, IORPCMessage * message)
2916 {
2917 OSObject * object;
2918
2919 if (message->msgid != action->ivars->msgid) {
2920 return action;
2921 }
2922 object = action->ivars->target;
2923 if (!object) {
2924 return action;
2925 }
2926 message->msgid = action->ivars->targetmsgid;
2927 message->objects[0] = (OSObjectRef) object;
2928 if (kIORPCMessageRemote & message->flags) {
2929 object->retain();
2930 #ifndef __clang_analyzer__
2931 // Hide the release of 'action' from the clang static analyzer to suppress
2932 // an overrelease diagnostic. The analyzer doesn't have a way to express the
2933 // non-standard contract of this method, which is that it releases 'action' when
2934 // the message flags have kIORPCMessageRemote set.
2935 action->release();
2936 #endif
2937 }
2938 if (kIODKLogIPC & gIODKDebug) {
2939 DKLOG("TARGET %s msg 0x%qx from 0x%qx\n", object->getMetaClass()->getClassName(), message->msgid, action->ivars->msgid);
2940 }
2941
2942 return object;
2943 }
2944
2945 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2946
2947 kern_return_t
uext_server(ipc_port_t receiver,ipc_kmsg_t requestkmsg,ipc_kmsg_t * pReply)2948 uext_server(ipc_port_t receiver, ipc_kmsg_t requestkmsg, ipc_kmsg_t * pReply)
2949 {
2950 kern_return_t ret;
2951 IORPCMessageMach * msgin;
2952 OSObject * object;
2953 IOUserServer * server;
2954
2955 msgin = (typeof(msgin))ipc_kmsg_msg_header(requestkmsg);
2956
2957 object = IOUserServer::copyObjectForSendRight(receiver, IKOT_UEXT_OBJECT);
2958 server = OSDynamicCast(IOUserServer, object);
2959 if (!server) {
2960 OSSafeReleaseNULL(object);
2961 return KERN_INVALID_NAME;
2962 }
2963 ret = server->server(requestkmsg, pReply);
2964 object->release();
2965
2966 return ret;
2967 }
2968
2969 /*
2970 * Chosen to hit kalloc zones (as opposed to the VM).
2971 * doesn't include the trailer size which ipc_kmsg_alloc() will add
2972 */
2973 #define MAX_UEXT_REPLY_SIZE 0x17c0
2974 static_assert(MAX_UEXT_REPLY_SIZE + MAX_TRAILER_SIZE <= KALLOC_SAFE_ALLOC_SIZE);
2975
2976 kern_return_t
server(ipc_kmsg_t requestkmsg,ipc_kmsg_t * pReply)2977 IOUserServer::server(ipc_kmsg_t requestkmsg, ipc_kmsg_t * pReply)
2978 {
2979 kern_return_t ret;
2980 mach_msg_size_t replyAlloc;
2981 ipc_kmsg_t replykmsg;
2982 IORPCMessageMach * msgin;
2983 IORPCMessage * message;
2984 IORPCMessageMach * msgout;
2985 IORPCMessage * reply;
2986 uint32_t replySize;
2987 OSObject * object;
2988 OSAction * action;
2989 bool oneway;
2990 uint64_t msgid;
2991
2992 msgin = (typeof(msgin))ipc_kmsg_msg_header(requestkmsg);
2993 replyAlloc = 0;
2994 msgout = NULL;
2995 replykmsg = NULL;
2996
2997 if (msgin->msgh.msgh_size < (sizeof(IORPCMessageMach) + sizeof(IORPCMessage))) {
2998 if (kIODKLogIPC & gIODKDebug) {
2999 DKLOG("UEXT notify %o\n", msgin->msgh.msgh_id);
3000 }
3001 return KERN_NOT_SUPPORTED;
3002 }
3003
3004 if (!(MACH_MSGH_BITS_COMPLEX & msgin->msgh.msgh_bits)) {
3005 msgin->msgh_body.msgh_descriptor_count = 0;
3006 }
3007 message = IORPCMessageFromMach(msgin, false);
3008 if (!message) {
3009 return kIOReturnIPCError;
3010 }
3011 if (message->objectRefs == 0) {
3012 return kIOReturnIPCError;
3013 }
3014 ret = copyInObjects(msgin, message, msgin->msgh.msgh_size, true, false);
3015 if (kIOReturnSuccess != ret) {
3016 if (kIODKLogIPC & gIODKDebug) {
3017 DKLOG("UEXT copyin(0x%x) %x\n", ret, msgin->msgh.msgh_id);
3018 }
3019 return KERN_NOT_SUPPORTED;
3020 }
3021
3022 if (msgin->msgh_body.msgh_descriptor_count < 1) {
3023 return KERN_NOT_SUPPORTED;
3024 }
3025 object = (OSObject *) message->objects[0];
3026 msgid = message->msgid;
3027 message->flags &= ~kIORPCMessageKernel;
3028 message->flags |= kIORPCMessageRemote;
3029
3030 if ((action = OSDynamicCast(OSAction, object))) {
3031 object = target(action, message);
3032 msgid = message->msgid;
3033 }
3034
3035 oneway = (0 != (kIORPCMessageOneway & message->flags));
3036 assert(oneway || (MACH_PORT_NULL != msgin->msgh.msgh_local_port));
3037
3038 replyAlloc = oneway ? 0 : MAX_UEXT_REPLY_SIZE;
3039 if (replyAlloc) {
3040 /*
3041 * Same as:
3042 * ipc_kmsg_alloc(replyAlloc, 0,
3043 * IPC_KMSG_ALLOC_KERNEL | IPC_KMSG_ALLOC_ZERO |
3044 * IPC_KMSG_ALLOC_NOFAIL);
3045 */
3046 replykmsg = ipc_kmsg_alloc_uext_reply(replyAlloc);
3047 msgout = (typeof(msgout))ipc_kmsg_msg_header(replykmsg);
3048 }
3049
3050 IORPC rpc = { .message = msgin, .reply = msgout, .sendSize = msgin->msgh.msgh_size, .replySize = replyAlloc };
3051
3052 if (object) {
3053 kern_allocation_name_t prior;
3054 bool setAllocationName;
3055
3056 setAllocationName = (NULL != fAllocationName);
3057 if (setAllocationName) {
3058 prior = thread_set_allocation_name(fAllocationName);
3059 }
3060 thread_iokit_tls_set(0, this);
3061 ret = kernelDispatch(object, rpc);
3062 thread_iokit_tls_set(0, NULL);
3063 if (setAllocationName) {
3064 thread_set_allocation_name(prior);
3065 }
3066 } else {
3067 ret = kIOReturnBadArgument;
3068 }
3069
3070 // release objects
3071 consumeObjects(message, msgin->msgh.msgh_size);
3072
3073 // release ports
3074 copyInObjects(msgin, message, msgin->msgh.msgh_size, false, true);
3075
3076 if (!oneway) {
3077 if (kIOReturnSuccess == ret) {
3078 replySize = msgout->msgh.msgh_size;
3079 reply = IORPCMessageFromMach(msgout, true);
3080 if (!reply) {
3081 ret = kIOReturnIPCError;
3082 } else {
3083 ret = copyOutObjects(msgout, reply, replySize, (kIORPCVersionCurrentReply == msgout->msgh.msgh_id) /* =>!InvokeReply */);
3084 }
3085 }
3086 if (kIOReturnSuccess != ret) {
3087 IORPCMessageErrorReturnContent * errorMsg;
3088
3089 msgout->msgh_body.msgh_descriptor_count = 0;
3090 msgout->msgh.msgh_id = kIORPCVersionCurrentReply;
3091 errorMsg = (typeof(errorMsg))IORPCMessageFromMach(msgout, true);
3092 errorMsg->hdr.msgid = message->msgid;
3093 errorMsg->hdr.flags = kIORPCMessageOneway | kIORPCMessageError;
3094 errorMsg->hdr.objectRefs = 0;
3095 errorMsg->result = ret;
3096 errorMsg->pad = 0;
3097 replySize = sizeof(IORPCMessageErrorReturn);
3098 }
3099
3100 msgout->msgh.msgh_bits = MACH_MSGH_BITS_COMPLEX |
3101 MACH_MSGH_BITS_SET(MACH_MSGH_BITS_LOCAL(msgin->msgh.msgh_bits) /*remote*/, 0 /*local*/, 0, 0);
3102
3103 msgout->msgh.msgh_remote_port = msgin->msgh.msgh_local_port;
3104 msgout->msgh.msgh_local_port = MACH_PORT_NULL;
3105 msgout->msgh.msgh_voucher_port = (mach_port_name_t) 0;
3106 msgout->msgh.msgh_reserved = 0;
3107 msgout->msgh.msgh_size = replySize;
3108 }
3109
3110 *pReply = replykmsg;
3111 return KERN_SUCCESS;
3112 }
3113
3114 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
3115
3116 #define MAX_OBJECT_COUNT(mach, size, message) \
3117 ((uint32_t)(((((size) + ((uintptr_t) (mach))) - ((uintptr_t) (&message->objects[0]))) / sizeof(OSObjectRef))))
3118
3119 kern_return_t
IOUserServerUEXTTrap(OSObject * object,void * p1,void * p2,void * p3,void * p4,void * p5,void * p6)3120 IOUserServerUEXTTrap(OSObject * object, void * p1, void * p2, void * p3, void * p4, void * p5, void * p6)
3121 {
3122 const user_addr_t msg = (uintptr_t) p1;
3123 size_t inSize = (uintptr_t) p2;
3124 user_addr_t out = (uintptr_t) p3;
3125 size_t outSize = (uintptr_t) p4;
3126 mach_port_name_t objectName1 = (mach_port_name_t)(uintptr_t) p5;
3127 size_t totalSize;
3128 OSObject * objectArg1;
3129
3130 IORPCMessageMach * mach;
3131 mach_msg_port_descriptor_t * descs;
3132
3133 #pragma pack(4)
3134 struct {
3135 uint32_t pad;
3136 IORPCMessageMach mach;
3137 mach_msg_port_descriptor_t objects[2];
3138 IOTrapMessageBuffer buffer;
3139 } buffer;
3140 #pragma pack()
3141
3142 IOReturn ret;
3143 OSAction * action;
3144 int copyerr;
3145 IORPCMessage * message;
3146 IORPCMessage * reply;
3147 IORPC rpc;
3148 uint64_t refs;
3149 uint32_t maxObjectCount;
3150 size_t copySize;
3151 uint64_t * replyHdr;
3152 uintptr_t p;
3153
3154 bzero(&buffer, sizeof(buffer));
3155
3156 p = (typeof(p)) & buffer.buffer[0];
3157 if (os_add_overflow(inSize, outSize, &totalSize)) {
3158 return kIOReturnMessageTooLarge;
3159 }
3160 if (totalSize > sizeof(buffer.buffer)) {
3161 return kIOReturnMessageTooLarge;
3162 }
3163 if (inSize < sizeof(IORPCMessage)) {
3164 return kIOReturnIPCError;
3165 }
3166 copyerr = copyin(msg, &buffer.buffer[0], inSize);
3167 if (copyerr) {
3168 return kIOReturnVMError;
3169 }
3170
3171 message = (typeof(message))p;
3172 refs = message->objectRefs;
3173 if ((refs > 2) || !refs) {
3174 return kIOReturnUnsupported;
3175 }
3176 if (!(kIORPCMessageSimpleReply & message->flags)) {
3177 return kIOReturnUnsupported;
3178 }
3179
3180 descs = (typeof(descs))(p - refs * sizeof(*descs));
3181 mach = (typeof(mach))(p - refs * sizeof(*descs) - sizeof(*mach));
3182
3183 mach->msgh.msgh_id = kIORPCVersionCurrent;
3184 mach->msgh.msgh_size = (mach_msg_size_t) (sizeof(IORPCMessageMach) + refs * sizeof(*descs) + inSize); // totalSize was checked
3185 mach->msgh_body.msgh_descriptor_count = ((mach_msg_size_t) refs);
3186
3187 rpc.message = mach;
3188 rpc.sendSize = mach->msgh.msgh_size;
3189 rpc.reply = (IORPCMessageMach *) (p + inSize);
3190 rpc.replySize = ((uint32_t) (sizeof(buffer.buffer) - inSize)); // inSize was checked
3191
3192 message->objects[0] = 0;
3193 if ((action = OSDynamicCast(OSAction, object))) {
3194 maxObjectCount = MAX_OBJECT_COUNT(rpc.message, rpc.sendSize, message);
3195 if (refs > maxObjectCount) {
3196 return kIOReturnBadArgument;
3197 }
3198 object = IOUserServer::target(action, message);
3199 message->objects[1] = (OSObjectRef) action;
3200 if (kIODKLogIPC & gIODKDebug) {
3201 DKLOG("%s::Dispatch(trap) kernel 0x%qx\n", object->getMetaClass()->getClassName(), message->msgid);
3202 }
3203 ret = object->Dispatch(rpc);
3204 } else {
3205 objectArg1 = NULL;
3206 if (refs > 1) {
3207 if (objectName1) {
3208 objectArg1 = iokit_lookup_uext_ref_current_task(objectName1);
3209 if (!objectArg1) {
3210 return kIOReturnIPCError;
3211 }
3212 }
3213 message->objects[1] = (OSObjectRef) objectArg1;
3214 }
3215 if (kIODKLogIPC & gIODKDebug) {
3216 DKLOG("%s::Dispatch(trap) kernel 0x%qx\n", object->getMetaClass()->getClassName(), message->msgid);
3217 }
3218 ret = object->Dispatch(rpc);
3219 if (kIODKLogIPC & gIODKDebug) {
3220 DKLOG("%s::Dispatch(trap) kernel 0x%qx 0x%x\n", object->getMetaClass()->getClassName(), message->msgid, ret);
3221 }
3222 OSSafeReleaseNULL(objectArg1);
3223
3224 if (kIOReturnSuccess == ret) {
3225 if (rpc.reply->msgh_body.msgh_descriptor_count) {
3226 return kIOReturnIPCError;
3227 }
3228 reply = IORPCMessageFromMach(rpc.reply, rpc.reply->msgh.msgh_size);
3229 if (!reply) {
3230 return kIOReturnIPCError;
3231 }
3232 copySize = rpc.reply->msgh.msgh_size - (((uintptr_t) reply) - ((uintptr_t) rpc.reply)) + sizeof(uint64_t);
3233 if (copySize > outSize) {
3234 return kIOReturnIPCError;
3235 }
3236 replyHdr = (uint64_t *) reply;
3237 replyHdr--;
3238 replyHdr[0] = copySize;
3239 copyerr = copyout(replyHdr, out, copySize);
3240 if (copyerr) {
3241 return kIOReturnVMError;
3242 }
3243 }
3244 }
3245
3246 return ret;
3247 }
3248
3249 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
3250
3251 IOReturn
rpc(IORPC rpc)3252 IOUserServer::rpc(IORPC rpc)
3253 {
3254 if (isInactive() && !fRootQueue) {
3255 return kIOReturnOffline;
3256 }
3257
3258 IOReturn ret;
3259 IORPCMessage * message;
3260 IORPCMessageMach * mach;
3261 mach_msg_id_t machid;
3262 uint32_t sendSize, replySize;
3263 bool oneway;
3264 uint64_t msgid;
3265 IODispatchQueue * queue;
3266 IOService * service;
3267 ipc_port_t port;
3268 ipc_port_t sendPort;
3269
3270 queue = NULL;
3271 port = NULL;
3272 sendPort = NULL;
3273
3274 mach = rpc.message;
3275 sendSize = rpc.sendSize;
3276 replySize = rpc.replySize;
3277
3278 assert(sendSize >= (sizeof(IORPCMessageMach) + sizeof(IORPCMessage)));
3279
3280 message = IORPCMessageFromMach(mach, false);
3281 if (!message) {
3282 return kIOReturnIPCError;
3283 }
3284 msgid = message->msgid;
3285 machid = (msgid >> 32);
3286
3287 if (mach->msgh_body.msgh_descriptor_count < 1) {
3288 return kIOReturnNoMedia;
3289 }
3290
3291 IOLockLock(gIOUserServerLock);
3292 if ((service = OSDynamicCast(IOService, (OSObject *) message->objects[0]))) {
3293 queue = queueForObject(service, msgid);
3294 }
3295 if (!queue) {
3296 queue = fRootQueue;
3297 }
3298 if (queue && (kIODispatchQueueStopped != queue)) {
3299 port = queue->ivars->serverPort;
3300 }
3301 if (port) {
3302 sendPort = ipc_port_copy_send(port);
3303 }
3304 IOLockUnlock(gIOUserServerLock);
3305 if (!sendPort) {
3306 return kIOReturnNotReady;
3307 }
3308
3309 oneway = (0 != (kIORPCMessageOneway & message->flags));
3310
3311 ret = copyOutObjects(mach, message, sendSize, false);
3312
3313 mach->msgh.msgh_bits = MACH_MSGH_BITS_COMPLEX |
3314 MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, (oneway ? 0 : MACH_MSG_TYPE_MAKE_SEND_ONCE));
3315 mach->msgh.msgh_remote_port = sendPort;
3316 mach->msgh.msgh_local_port = (oneway ? MACH_PORT_NULL : mig_get_reply_port());
3317 mach->msgh.msgh_id = kIORPCVersionCurrent;
3318 mach->msgh.msgh_reserved = 0;
3319
3320 boolean_t message_moved;
3321
3322 if (oneway) {
3323 ret = kernel_mach_msg_send(&mach->msgh, sendSize,
3324 MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_NOIMPORTANCE,
3325 0, &message_moved);
3326 } else {
3327 assert(replySize >= (sizeof(IORPCMessageMach) + sizeof(IORPCMessage)));
3328 ret = kernel_mach_msg_rpc(&mach->msgh, sendSize, replySize, FALSE, &message_moved);
3329 }
3330
3331 ipc_port_release_send(sendPort);
3332
3333 if (MACH_MSG_SUCCESS != ret) {
3334 if (kIODKLogIPC & gIODKDebug) {
3335 DKLOG("mach_msg() failed 0x%x\n", ret);
3336 }
3337 if (!message_moved) {
3338 // release ports
3339 copyInObjects(mach, message, sendSize, false, true);
3340 }
3341 }
3342
3343 if ((KERN_SUCCESS == ret) && !oneway) {
3344 if (kIORPCVersionCurrentReply != mach->msgh.msgh_id) {
3345 ret = (MACH_NOTIFY_SEND_ONCE == mach->msgh.msgh_id) ? MIG_SERVER_DIED : MIG_REPLY_MISMATCH;
3346 } else if ((replySize = mach->msgh.msgh_size) < (sizeof(IORPCMessageMach) + sizeof(IORPCMessage))) {
3347 // printf("BAD REPLY SIZE\n");
3348 ret = MIG_BAD_ARGUMENTS;
3349 } else {
3350 if (!(MACH_MSGH_BITS_COMPLEX & mach->msgh.msgh_bits)) {
3351 mach->msgh_body.msgh_descriptor_count = 0;
3352 }
3353 message = IORPCMessageFromMach(mach, true);
3354 if (!message) {
3355 ret = kIOReturnIPCError;
3356 } else if (message->msgid != msgid) {
3357 // printf("BAD REPLY ID\n");
3358 ret = MIG_BAD_ARGUMENTS;
3359 } else {
3360 bool isError = (0 != (kIORPCMessageError & message->flags));
3361 ret = copyInObjects(mach, message, replySize, !isError, true);
3362 if (kIOReturnSuccess != ret) {
3363 if (kIODKLogIPC & gIODKDebug) {
3364 DKLOG("rpc copyin(0x%x) %x\n", ret, mach->msgh.msgh_id);
3365 }
3366 return KERN_NOT_SUPPORTED;
3367 }
3368 if (isError) {
3369 IORPCMessageErrorReturnContent * errorMsg = (typeof(errorMsg))message;
3370 ret = errorMsg->result;
3371 }
3372 }
3373 }
3374 }
3375
3376 return ret;
3377 }
3378
3379 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
3380
3381 IORPCMessage *
IORPCMessageFromMach(IORPCMessageMach * msg,bool reply)3382 IORPCMessageFromMach(IORPCMessageMach * msg, bool reply)
3383 {
3384 mach_msg_size_t idx, count;
3385 mach_msg_port_descriptor_t * desc;
3386 mach_msg_port_descriptor_t * maxDesc;
3387 size_t size, msgsize;
3388 bool upgrade;
3389
3390 msgsize = msg->msgh.msgh_size;
3391 count = msg->msgh_body.msgh_descriptor_count;
3392 desc = &msg->objects[0];
3393 maxDesc = (typeof(maxDesc))(((uintptr_t) msg) + msgsize);
3394 upgrade = (msg->msgh.msgh_id != (reply ? kIORPCVersionCurrentReply : kIORPCVersionCurrent));
3395
3396 if (upgrade) {
3397 OSReportWithBacktrace("obsolete message");
3398 return NULL;
3399 }
3400
3401 for (idx = 0; idx < count; idx++) {
3402 if (desc >= maxDesc) {
3403 return NULL;
3404 }
3405 switch (desc->type) {
3406 case MACH_MSG_PORT_DESCRIPTOR:
3407 size = sizeof(mach_msg_port_descriptor_t);
3408 break;
3409 case MACH_MSG_OOL_DESCRIPTOR:
3410 size = sizeof(mach_msg_ool_descriptor_t);
3411 break;
3412 default:
3413 return NULL;
3414 }
3415 desc = (typeof(desc))(((uintptr_t) desc) + size);
3416 }
3417 return (IORPCMessage *)(uintptr_t) desc;
3418 }
3419
3420 ipc_port_t
copySendRightForObject(OSObject * object,ipc_kobject_type_t type)3421 IOUserServer::copySendRightForObject(OSObject * object, ipc_kobject_type_t type)
3422 {
3423 ipc_port_t port;
3424 ipc_port_t sendPort = NULL;
3425
3426 port = iokit_port_for_object(object, type);
3427 if (port) {
3428 sendPort = ipc_port_make_send(port);
3429 iokit_release_port(port);
3430 }
3431
3432 return sendPort;
3433 }
3434
3435 OSObject *
copyObjectForSendRight(ipc_port_t port,ipc_kobject_type_t type)3436 IOUserServer::copyObjectForSendRight(ipc_port_t port, ipc_kobject_type_t type)
3437 {
3438 OSObject * object;
3439 object = iokit_lookup_io_object(port, type);
3440 return object;
3441 }
3442
3443 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
3444
3445 // Create a vm_map_copy_t or kalloc'ed data for memory
3446 // to be copied out. ipc will free after the copyout.
3447
3448 static kern_return_t
copyoutkdata(const void * data,vm_size_t len,void ** buf)3449 copyoutkdata(const void * data, vm_size_t len, void ** buf)
3450 {
3451 kern_return_t err;
3452 vm_map_copy_t copy;
3453
3454 err = vm_map_copyin( kernel_map, CAST_USER_ADDR_T(data), len,
3455 false /* src_destroy */, ©);
3456
3457 assert( err == KERN_SUCCESS );
3458 if (err == KERN_SUCCESS) {
3459 *buf = (char *) copy;
3460 }
3461
3462 return err;
3463 }
3464
3465 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
3466
3467 IOReturn
copyOutObjects(IORPCMessageMach * mach,IORPCMessage * message,size_t size,bool consume)3468 IOUserServer::copyOutObjects(IORPCMessageMach * mach, IORPCMessage * message,
3469 size_t size, bool consume)
3470 {
3471 uint64_t refs;
3472 uint32_t idx, maxObjectCount;
3473 ipc_port_t port;
3474 OSObject * object;
3475 size_t descsize;
3476 mach_msg_port_descriptor_t * desc;
3477 mach_msg_ool_descriptor_t * ool;
3478 vm_map_copy_t copy;
3479 void * address;
3480 mach_msg_size_t length;
3481 kern_return_t kr;
3482 OSSerialize * s;
3483
3484 refs = message->objectRefs;
3485 maxObjectCount = MAX_OBJECT_COUNT(mach, size, message);
3486 // assert(refs <= mach->msgh_body.msgh_descriptor_count);
3487 // assert(refs <= maxObjectCount);
3488 if (refs > mach->msgh_body.msgh_descriptor_count) {
3489 return kIOReturnBadArgument;
3490 }
3491 if (refs > maxObjectCount) {
3492 return kIOReturnBadArgument;
3493 }
3494
3495 desc = &mach->objects[0];
3496 for (idx = 0; idx < refs; idx++) {
3497 object = (OSObject *) message->objects[idx];
3498
3499 switch (desc->type) {
3500 case MACH_MSG_PORT_DESCRIPTOR:
3501 descsize = sizeof(mach_msg_port_descriptor_t);
3502 port = NULL;
3503 if (object) {
3504 port = copySendRightForObject(object, IKOT_UEXT_OBJECT);
3505 if (!port) {
3506 break;
3507 }
3508 if (consume) {
3509 object->release();
3510 }
3511 message->objects[idx] = 0;
3512 }
3513 // desc->type = MACH_MSG_PORT_DESCRIPTOR;
3514 desc->disposition = MACH_MSG_TYPE_MOVE_SEND;
3515 desc->name = port;
3516 desc->pad2 = 0;
3517 desc->pad_end = 0;
3518 break;
3519
3520 case MACH_MSG_OOL_DESCRIPTOR:
3521 descsize = sizeof(mach_msg_ool_descriptor_t);
3522
3523 length = 0;
3524 address = NULL;
3525 if (object) {
3526 s = OSSerialize::binaryWithCapacity(4096);
3527 assert(s);
3528 if (!s) {
3529 break;
3530 }
3531 s->setIndexed(true);
3532 if (!object->serialize(s)) {
3533 assert(false);
3534 descsize = -1UL;
3535 s->release();
3536 break;
3537 }
3538 length = s->getLength();
3539 kr = copyoutkdata(s->text(), length, &address);
3540 s->release();
3541 if (KERN_SUCCESS != kr) {
3542 descsize = -1UL;
3543 address = NULL;
3544 length = 0;
3545 }
3546 if (consume) {
3547 object->release();
3548 }
3549 message->objects[idx] = 0;
3550 }
3551 ool = (typeof(ool))desc;
3552 // ool->type = MACH_MSG_OOL_DESCRIPTOR;
3553 ool->deallocate = false;
3554 ool->copy = MACH_MSG_PHYSICAL_COPY;
3555 ool->size = length;
3556 ool->address = address;
3557 break;
3558
3559 default:
3560 descsize = -1UL;
3561 break;
3562 }
3563 if (-1UL == descsize) {
3564 break;
3565 }
3566 desc = (typeof(desc))(((uintptr_t) desc) + descsize);
3567 }
3568
3569 if (idx >= refs) {
3570 return kIOReturnSuccess;
3571 }
3572
3573 desc = &mach->objects[0];
3574 while (idx--) {
3575 switch (desc->type) {
3576 case MACH_MSG_PORT_DESCRIPTOR:
3577 descsize = sizeof(mach_msg_port_descriptor_t);
3578 port = desc->name;
3579 if (port) {
3580 ipc_port_release_send(port);
3581 }
3582 break;
3583
3584 case MACH_MSG_OOL_DESCRIPTOR:
3585 descsize = sizeof(mach_msg_ool_descriptor_t);
3586 ool = (typeof(ool))desc;
3587 copy = (vm_map_copy_t) ool->address;
3588 if (copy) {
3589 vm_map_copy_discard(copy);
3590 }
3591 break;
3592
3593 default:
3594 descsize = -1UL;
3595 break;
3596 }
3597 if (-1UL == descsize) {
3598 break;
3599 }
3600 desc = (typeof(desc))(((uintptr_t) desc) + descsize);
3601 }
3602
3603 return kIOReturnBadArgument;
3604 }
3605
3606 IOReturn
copyInObjects(IORPCMessageMach * mach,IORPCMessage * message,size_t size,bool copyObjects,bool consumePorts)3607 IOUserServer::copyInObjects(IORPCMessageMach * mach, IORPCMessage * message,
3608 size_t size, bool copyObjects, bool consumePorts)
3609 {
3610 uint64_t refs;
3611 uint32_t idx, maxObjectCount;
3612 ipc_port_t port;
3613 OSObject * object;
3614 size_t descsize;
3615 mach_msg_port_descriptor_t * desc;
3616 mach_msg_ool_descriptor_t * ool;
3617 vm_map_address_t copyoutdata;
3618 kern_return_t kr;
3619
3620 refs = message->objectRefs;
3621 maxObjectCount = MAX_OBJECT_COUNT(mach, size, message);
3622 // assert(refs <= mach->msgh_body.msgh_descriptor_count);
3623 // assert(refs <= maxObjectCount);
3624 if (refs > mach->msgh_body.msgh_descriptor_count) {
3625 return kIOReturnBadArgument;
3626 }
3627 if (refs > maxObjectCount) {
3628 return kIOReturnBadArgument;
3629 }
3630
3631 desc = &mach->objects[0];
3632 for (idx = 0; idx < refs; idx++) {
3633 switch (desc->type) {
3634 case MACH_MSG_PORT_DESCRIPTOR:
3635 descsize = sizeof(mach_msg_port_descriptor_t);
3636
3637 object = NULL;
3638 port = desc->name;
3639 if (port) {
3640 if (copyObjects) {
3641 object = copyObjectForSendRight(port, IKOT_UEXT_OBJECT);
3642 if (!object) {
3643 descsize = -1UL;
3644 break;
3645 }
3646 }
3647 if (consumePorts) {
3648 ipc_port_release_send(port);
3649 }
3650 }
3651 break;
3652
3653 case MACH_MSG_OOL_DESCRIPTOR:
3654 descsize = sizeof(mach_msg_ool_descriptor_t);
3655 ool = (typeof(ool))desc;
3656
3657 object = NULL;
3658 if (copyObjects && ool->size && ool->address) {
3659 kr = vm_map_copyout(kernel_map, ©outdata, (vm_map_copy_t) ool->address);
3660 if (KERN_SUCCESS == kr) {
3661 object = OSUnserializeXML((const char *) copyoutdata, ool->size);
3662 kr = vm_deallocate(kernel_map, copyoutdata, ool->size);
3663 assert(KERN_SUCCESS == kr);
3664 // vm_map_copyout() has consumed the vm_map_copy_t in the message
3665 ool->size = 0;
3666 ool->address = NULL;
3667 }
3668 if (!object) {
3669 descsize = -1UL;
3670 break;
3671 }
3672 }
3673 break;
3674
3675 default:
3676 descsize = -1UL;
3677 break;
3678 }
3679 if (-1UL == descsize) {
3680 break;
3681 }
3682 if (copyObjects) {
3683 message->objects[idx] = (OSObjectRef) object;
3684 }
3685 desc = (typeof(desc))(((uintptr_t) desc) + descsize);
3686 }
3687
3688 if (idx >= refs) {
3689 return kIOReturnSuccess;
3690 }
3691
3692 while (idx--) {
3693 object = (OSObject *) message->objects[idx];
3694 OSSafeReleaseNULL(object);
3695 message->objects[idx] = 0;
3696 }
3697
3698 return kIOReturnBadArgument;
3699 }
3700
3701 IOReturn
consumeObjects(IORPCMessage * message,size_t messageSize)3702 IOUserServer::consumeObjects(IORPCMessage * message, size_t messageSize)
3703 {
3704 uint64_t refs, idx;
3705 OSObject * object;
3706
3707 refs = message->objectRefs;
3708 for (idx = 0; idx < refs; idx++) {
3709 object = (OSObject *) message->objects[idx];
3710 if (object) {
3711 object->release();
3712 message->objects[idx] = 0;
3713 }
3714 }
3715
3716 return kIOReturnSuccess;
3717 }
3718
3719 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
3720
3721 bool
finalize(IOOptionBits options)3722 IOUserServer::finalize(IOOptionBits options)
3723 {
3724 OSArray * services;
3725
3726 if (kIODKLogSetup & gIODKDebug) {
3727 DKLOG("%s::finalize(%p)\n", getName(), this);
3728 }
3729
3730 IOLockLock(gIOUserServerLock);
3731 OSSafeReleaseNULL(fRootQueue);
3732 IOLockUnlock(gIOUserServerLock);
3733
3734 services = NULL;
3735 IOLockLock(fLock);
3736 if (fServices) {
3737 services = OSArray::withArray(fServices);
3738 }
3739 IOLockUnlock(fLock);
3740
3741 if (services) {
3742 services->iterateObjects(^bool (OSObject * obj) {
3743 int service __unused; // hide outer defn
3744 IOService * nextService;
3745 IOService * provider;
3746 bool started = false;
3747
3748 nextService = (IOService *) obj;
3749 if (kIODKLogSetup & gIODKDebug) {
3750 DKLOG("%s::terminate(" DKS ")\n", getName(), DKN(nextService));
3751 }
3752 if (nextService->reserved->uvars) {
3753 started = nextService->reserved->uvars->started;
3754 nextService->reserved->uvars->serverDied = true;
3755 if (started) {
3756 provider = nextService->getProvider();
3757 serviceDidStop(nextService, provider);
3758 nextService->terminate(kIOServiceTerminateNeedWillTerminate
3759 | kIOServiceTerminateWithRematch
3760 | kIOServiceTerminateWithRematchCurrentDext);
3761 }
3762 }
3763 if (!started) {
3764 DKLOG("%s::terminate(" DKS ") server exit before start()\n", getName(), DKN(nextService));
3765 serviceStop(nextService, NULL);
3766 }
3767 return false;
3768 });
3769 services->release();
3770 }
3771
3772 return IOUserClient::finalize(options);
3773 }
3774
3775 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
3776
3777 #undef super
3778 #define super IOUserClient
3779
OSDefineMetaClassAndStructors(IOUserServer,IOUserClient)3780 OSDefineMetaClassAndStructors(IOUserServer, IOUserClient)
3781
3782 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
3783
3784 IOUserClient * IOUserServer::withTask(task_t owningTask)
3785 {
3786 IOUserServer * inst;
3787
3788 assert(owningTask == current_task());
3789 if (!task_is_driver(owningTask)) {
3790 DKLOG("IOUserServer may only be created with driver tasks\n");
3791 return NULL;
3792 }
3793
3794 inst = new IOUserServer;
3795 if (inst && !inst->init()) {
3796 inst->release();
3797 inst = NULL;
3798 return inst;
3799 }
3800 OS_ANALYZER_SUPPRESS("82033761") inst->PMinit();
3801
3802 inst->fOwningTask = current_task();
3803 inst->fEntitlements = IOUserClient::copyClientEntitlements(inst->fOwningTask);
3804
3805 if (!(kIODKDisableEntitlementChecking & gIODKDebug)) {
3806 proc_t p;
3807 pid_t pid;
3808 const char * name;
3809 p = (proc_t)get_bsdtask_info(inst->fOwningTask);
3810 if (p) {
3811 name = proc_best_name(p);
3812 pid = proc_pid(p);
3813 } else {
3814 name = "unknown";
3815 pid = 0;
3816 }
3817
3818 if (inst->fEntitlements == NULL) {
3819 #if DEVELOPMENT || DEBUG
3820 panic("entitlements are missing for %s[%d]\n", name, pid);
3821 #else
3822 DKLOG("entitlements are missing for %s[%d]\n", name, pid);
3823 #endif /* DEVELOPMENT || DEBUG */
3824 }
3825
3826 if (!IOCurrentTaskHasEntitlement(gIODriverKitEntitlementKey->getCStringNoCopy())) {
3827 IOLog(kIODriverKitEntitlementKey " entitlement check failed for %s[%d]\n", name, pid);
3828 inst->release();
3829 inst = NULL;
3830 return inst;
3831 }
3832 }
3833
3834 /* Mark the current task's space as eligible for uext object ports */
3835 iokit_label_dext_task(inst->fOwningTask);
3836
3837 inst->fLock = IOLockAlloc();
3838 inst->fServices = OSArray::withCapacity(4);
3839 inst->fClasses = OSDictionary::withCapacity(16);
3840 inst->fClasses->setOptions(OSCollection::kSort, OSCollection::kSort);
3841
3842 return inst;
3843 }
3844
3845 IOReturn
clientClose(void)3846 IOUserServer::clientClose(void)
3847 {
3848 OSArray * services;
3849
3850 if (kIODKLogSetup & gIODKDebug) {
3851 DKLOG("%s::clientClose(%p)\n", getName(), this);
3852 }
3853
3854 services = NULL;
3855 IOLockLock(fLock);
3856 if (fServices) {
3857 services = OSArray::withArray(fServices);
3858 }
3859 IOLockUnlock(fLock);
3860
3861 // if this was a an expected exit, termination and stop should have detached at this
3862 // point, so send any provider still attached and not owned by this user server
3863 // the ClientCrashed() notification
3864 if (services) {
3865 services->iterateObjects(^bool (OSObject * obj) {
3866 int service __unused; // hide outer defn
3867 IOService * nextService;
3868 IOService * provider;
3869
3870 nextService = (IOService *) obj;
3871 if (nextService->isInactive()) {
3872 return false;
3873 }
3874 provider = nextService->getProvider();
3875 if (provider
3876 && (!provider->reserved->uvars || (provider->reserved->uvars->userServer != this))) {
3877 if (kIODKLogSetup & gIODKDebug) {
3878 DKLOG(DKS "::ClientCrashed(" DKS ")\n", DKN(provider), DKN(nextService));
3879 }
3880 provider->ClientCrashed(nextService, 0);
3881 }
3882 return false;
3883 });
3884 services->release();
3885 }
3886
3887 terminate();
3888 return kIOReturnSuccess;
3889 }
3890
3891 IOReturn
setProperties(OSObject * properties)3892 IOUserServer::setProperties(OSObject * properties)
3893 {
3894 IOReturn kr = kIOReturnUnsupported;
3895 return kr;
3896 }
3897
3898 void
stop(IOService * provider)3899 IOUserServer::stop(IOService * provider)
3900 {
3901 fOwningTask = TASK_NULL;
3902
3903 PMstop();
3904
3905 IOServicePH::serverRemove(this);
3906
3907 OSSafeReleaseNULL(fRootQueue);
3908
3909 if (fInterruptLock) {
3910 IOSimpleLockFree(fInterruptLock);
3911 }
3912 }
3913
3914 void
free()3915 IOUserServer::free()
3916 {
3917 OSSafeReleaseNULL(fEntitlements);
3918 OSSafeReleaseNULL(fClasses);
3919 if (fLock) {
3920 IOLockFree(fLock);
3921 }
3922 OSSafeReleaseNULL(fServices);
3923 OSSafeReleaseNULL(fCheckInToken);
3924 if (fAllocationName) {
3925 kern_allocation_name_release(fAllocationName);
3926 fAllocationName = NULL;
3927 }
3928 IOUserClient::free();
3929 }
3930
3931 IOReturn
registerClass(OSClassDescription * desc,uint32_t size,OSUserMetaClass ** pCls)3932 IOUserServer::registerClass(OSClassDescription * desc, uint32_t size, OSUserMetaClass ** pCls)
3933 {
3934 OSUserMetaClass * cls;
3935 const OSSymbol * sym;
3936 uint64_t * methodOptions;
3937 const char * queueNames;
3938 uint32_t methodOptionsEnd, queueNamesEnd;
3939 IOReturn ret = kIOReturnSuccess;
3940
3941 if (size < sizeof(OSClassDescription)) {
3942 assert(false);
3943 return kIOReturnBadArgument;
3944 }
3945
3946 if (kIODKLogSetup & gIODKDebug) {
3947 DKLOG("%s::registerClass %s, %d, %d\n", getName(), desc->name, desc->queueNamesSize, desc->methodNamesSize);
3948 }
3949
3950 if (desc->descriptionSize != size) {
3951 assert(false);
3952 return kIOReturnBadArgument;
3953 }
3954 if (os_add_overflow(desc->queueNamesOffset, desc->queueNamesSize, &queueNamesEnd)) {
3955 assert(false);
3956 return kIOReturnBadArgument;
3957 }
3958 if (queueNamesEnd > size) {
3959 assert(false);
3960 return kIOReturnBadArgument;
3961 }
3962 if (os_add_overflow(desc->methodOptionsOffset, desc->methodOptionsSize, &methodOptionsEnd)) {
3963 assert(false);
3964 return kIOReturnBadArgument;
3965 }
3966 if (methodOptionsEnd > size) {
3967 assert(false);
3968 return kIOReturnBadArgument;
3969 }
3970 // overlaps?
3971 if ((desc->queueNamesOffset >= desc->methodOptionsOffset) && (desc->queueNamesOffset < methodOptionsEnd)) {
3972 assert(false);
3973 return kIOReturnBadArgument;
3974 }
3975 if ((queueNamesEnd >= desc->methodOptionsOffset) && (queueNamesEnd < methodOptionsEnd)) {
3976 assert(false);
3977 return kIOReturnBadArgument;
3978 }
3979
3980 if (desc->methodOptionsSize & ((2 * sizeof(uint64_t)) - 1)) {
3981 assert(false);
3982 return kIOReturnBadArgument;
3983 }
3984 if (sizeof(desc->name) == strnlen(desc->name, sizeof(desc->name))) {
3985 assert(false);
3986 return kIOReturnBadArgument;
3987 }
3988 if (sizeof(desc->superName) == strnlen(desc->superName, sizeof(desc->superName))) {
3989 assert(false);
3990 return kIOReturnBadArgument;
3991 }
3992
3993 cls = OSTypeAlloc(OSUserMetaClass);
3994 assert(cls);
3995 if (!cls) {
3996 return kIOReturnNoMemory;
3997 }
3998
3999 cls->description = (typeof(cls->description))IOMallocData(size);
4000 assert(cls->description);
4001 if (!cls->description) {
4002 assert(false);
4003 cls->release();
4004 return kIOReturnNoMemory;
4005 }
4006 bcopy(desc, cls->description, size);
4007
4008 cls->methodCount = desc->methodOptionsSize / (2 * sizeof(uint64_t));
4009 cls->methods = IONewData(uint64_t, 2 * cls->methodCount);
4010 if (!cls->methods) {
4011 assert(false);
4012 cls->release();
4013 return kIOReturnNoMemory;
4014 }
4015
4016 methodOptions = (typeof(methodOptions))(((uintptr_t) desc) + desc->methodOptionsOffset);
4017 bcopy(methodOptions, cls->methods, 2 * cls->methodCount * sizeof(uint64_t));
4018
4019 queueNames = (typeof(queueNames))(((uintptr_t) desc) + desc->queueNamesOffset);
4020 cls->queueNames = copyInStringArray(queueNames, desc->queueNamesSize);
4021
4022 sym = OSSymbol::withCString(desc->name);
4023 assert(sym);
4024 if (!sym) {
4025 assert(false);
4026 cls->release();
4027 return kIOReturnNoMemory;
4028 }
4029
4030 cls->name = sym;
4031 cls->meta = OSMetaClass::copyMetaClassWithName(sym);
4032 IOLockLock(fLock);
4033 cls->superMeta = OSDynamicCast(OSUserMetaClass, fClasses->getObject(desc->superName));
4034 if (fClasses->getObject(sym) != NULL) {
4035 /* class with this name exists */
4036 ret = kIOReturnBadArgument;
4037 } else {
4038 if (fClasses->setObject(sym, cls)) {
4039 *pCls = cls;
4040 } else {
4041 /* could not add class to fClasses */
4042 ret = kIOReturnNoMemory;
4043 }
4044 }
4045 IOLockUnlock(fLock);
4046 cls->release();
4047 return ret;
4048 }
4049
4050 IOReturn
registerClass(OSClassDescription * desc,uint32_t size,OSSharedPtr<OSUserMetaClass> & pCls)4051 IOUserServer::registerClass(OSClassDescription * desc, uint32_t size, OSSharedPtr<OSUserMetaClass>& pCls)
4052 {
4053 OSUserMetaClass* pClsRaw = NULL;
4054 IOReturn result = registerClass(desc, size, &pClsRaw);
4055 if (result == kIOReturnSuccess) {
4056 pCls.reset(pClsRaw, OSRetain);
4057 }
4058 return result;
4059 }
4060
4061 IOReturn
setRootQueue(IODispatchQueue * queue)4062 IOUserServer::setRootQueue(IODispatchQueue * queue)
4063 {
4064 assert(!fRootQueue);
4065 if (fRootQueue) {
4066 return kIOReturnStillOpen;
4067 }
4068 queue->retain();
4069 fRootQueue = queue;
4070
4071 return kIOReturnSuccess;
4072 }
4073
4074 IOReturn
externalMethod(uint32_t selector,IOExternalMethodArguments * args,IOExternalMethodDispatch * dispatch,OSObject * target,void * reference)4075 IOUserServer::externalMethod(uint32_t selector, IOExternalMethodArguments * args,
4076 IOExternalMethodDispatch * dispatch, OSObject * target, void * reference)
4077 {
4078 IOReturn ret = kIOReturnBadArgument;
4079 mach_port_name_t portname;
4080
4081 switch (selector) {
4082 case kIOUserServerMethodRegisterClass:
4083 {
4084 OSUserMetaClass * cls;
4085 if (!args->structureInputSize) {
4086 return kIOReturnBadArgument;
4087 }
4088 if (args->scalarOutputCount != 2) {
4089 return kIOReturnBadArgument;
4090 }
4091 ret = registerClass((OSClassDescription *) args->structureInput, args->structureInputSize, &cls);
4092 if (kIOReturnSuccess == ret) {
4093 portname = iokit_make_send_right(fOwningTask, cls, IKOT_UEXT_OBJECT);
4094 assert(portname);
4095 args->scalarOutput[0] = portname;
4096 args->scalarOutput[1] = kOSObjectRPCRemote;
4097 }
4098 break;
4099 }
4100 case kIOUserServerMethodStart:
4101 {
4102 if (args->scalarOutputCount != 1) {
4103 return kIOReturnBadArgument;
4104 }
4105 if (!(kIODKDisableCheckInTokenVerification & gIODKDebug)) {
4106 if (args->scalarInputCount != 1) {
4107 return kIOReturnBadArgument;
4108 }
4109 mach_port_name_t checkInPortName = ((typeof(checkInPortName))args->scalarInput[0]);
4110 OSObject * obj = iokit_lookup_object_with_port_name(checkInPortName, IKOT_IOKIT_IDENT, fOwningTask);
4111 IOUserServerCheckInToken * retrievedToken = OSDynamicCast(IOUserServerCheckInToken, obj);
4112 if (retrievedToken != NULL) {
4113 setCheckInToken(retrievedToken);
4114 } else {
4115 OSSafeReleaseNULL(obj);
4116 return kIOReturnBadArgument;
4117 }
4118 OSSafeReleaseNULL(obj);
4119 }
4120 portname = iokit_make_send_right(fOwningTask, this, IKOT_UEXT_OBJECT);
4121 assert(portname);
4122 args->scalarOutput[0] = portname;
4123 ret = kIOReturnSuccess;
4124 break;
4125 }
4126 default:
4127 break;
4128 }
4129
4130 return ret;
4131 }
4132
4133 IOExternalTrap *
getTargetAndTrapForIndex(IOService ** targetP,UInt32 index)4134 IOUserServer::getTargetAndTrapForIndex( IOService **targetP, UInt32 index )
4135 {
4136 static const IOExternalTrap trapTemplate[] = {
4137 { NULL, (IOTrap) & IOUserServer::waitInterruptTrap},
4138 };
4139 if (index >= (sizeof(trapTemplate) / sizeof(IOExternalTrap))) {
4140 return NULL;
4141 }
4142 *targetP = this;
4143 return (IOExternalTrap *)&trapTemplate[index];
4144 }
4145
4146 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
4147
4148 IOReturn
serviceAttach(IOService * service,IOService * provider)4149 IOUserServer::serviceAttach(IOService * service, IOService * provider)
4150 {
4151 IOReturn ret;
4152 OSObjectUserVars * vars;
4153 OSObject * prop;
4154 OSString * str;
4155 OSSymbol const* bundleID;
4156 char execPath[1024];
4157
4158 vars = IOMallocType(OSObjectUserVars);
4159 service->reserved->uvars = vars;
4160
4161 vars->userServer = this;
4162 vars->userServer->retain();
4163 vars->uvarsLock = IOLockAlloc();
4164 IOLockLock(fLock);
4165 if (-1U == fServices->getNextIndexOfObject(service, 0)) {
4166 fServices->setObject(service);
4167
4168 // Add to IOAssociatedServices
4169 OSObject * serviceArrayObj = copyProperty(gIOAssociatedServicesKey);
4170 OSArray * serviceArray = OSDynamicCast(OSArray, serviceArrayObj);
4171 if (!serviceArray) {
4172 serviceArray = OSArray::withCapacity(0);
4173 } else {
4174 serviceArray = OSDynamicCast(OSArray, serviceArray->copyCollection());
4175 assert(serviceArray != NULL);
4176 }
4177
4178 OSNumber * registryEntryNumber = OSNumber::withNumber(service->getRegistryEntryID(), 64);
4179 serviceArray->setObject(registryEntryNumber);
4180 setProperty(gIOAssociatedServicesKey, serviceArray);
4181 OSSafeReleaseNULL(registryEntryNumber);
4182 OSSafeReleaseNULL(serviceArray);
4183 OSSafeReleaseNULL(serviceArrayObj);
4184 }
4185 IOLockUnlock(fLock);
4186
4187 prop = service->copyProperty(gIOUserClassKey);
4188 str = OSDynamicCast(OSString, prop);
4189 if (str) {
4190 service->setName(str);
4191 }
4192 OSSafeReleaseNULL(prop);
4193
4194 prop = service->copyProperty(gIOModuleIdentifierKey);
4195 bundleID = OSDynamicCast(OSSymbol, prop);
4196 if (bundleID) {
4197 execPath[0] = 0;
4198 bool ok = OSKext::copyUserExecutablePath(bundleID, execPath, sizeof(execPath));
4199 if (ok) {
4200 ret = LoadModule(execPath);
4201 if (kIODKLogSetup & gIODKDebug) {
4202 DKLOG("%s::LoadModule 0x%x %s\n", getName(), ret, execPath);
4203 }
4204 }
4205 }
4206 OSSafeReleaseNULL(prop);
4207
4208 ret = kIOReturnSuccess;
4209
4210 return ret;
4211 }
4212
4213 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
4214
4215 #define kDriverKitUCPrefix "com.apple.developer.driverkit.userclient-access."
4216
4217 IOReturn
serviceNewUserClient(IOService * service,task_t owningTask,void * securityID,uint32_t type,OSDictionary * properties,IOUserClient ** handler)4218 IOUserServer::serviceNewUserClient(IOService * service, task_t owningTask, void * securityID,
4219 uint32_t type, OSDictionary * properties, IOUserClient ** handler)
4220 {
4221 IOReturn ret;
4222 IOUserClient * uc;
4223 IOUserUserClient * userUC;
4224 OSDictionary * entitlements;
4225 OSObject * prop;
4226 OSObject * bundleID;
4227 bool ok;
4228
4229 entitlements = IOUserClient::copyClientEntitlements(owningTask);
4230 if (!entitlements) {
4231 entitlements = OSDictionary::withCapacity(8);
4232 }
4233 if (entitlements && (kIOReturnSuccess == clientHasPrivilege((void *) owningTask, kIOClientPrivilegeAdministrator))) {
4234 entitlements->setObject(kIODriverKitUserClientEntitlementAdministratorKey, kOSBooleanTrue);
4235 }
4236
4237 *handler = NULL;
4238 ret = service->_NewUserClient(type, entitlements, &uc);
4239 if (kIOReturnSuccess != ret) {
4240 OSSafeReleaseNULL(entitlements);
4241 return ret;
4242 }
4243 userUC = OSDynamicCast(IOUserUserClient, uc);
4244 if (!userUC) {
4245 uc->terminate(kIOServiceTerminateNeedWillTerminate);
4246 OSSafeReleaseNULL(uc);
4247 OSSafeReleaseNULL(entitlements);
4248 return kIOReturnUnsupported;
4249 }
4250 userUC->setTask(owningTask);
4251
4252 if (!(kIODKDisableEntitlementChecking & gIODKDebug)) {
4253 if (entitlements && (prop = entitlements->getObject(gIODriverKitRequiredEntitlementsKey))) {
4254 prop->retain();
4255 ok = checkEntitlements(fEntitlements, prop, NULL, NULL);
4256 if (!ok && fEntitlements && fEntitlements->getObject(gIODriverKitUserClientEntitlementAllowAnyKey)) {
4257 ok = true;
4258 }
4259 } else {
4260 bundleID = NULL;
4261 if (fEntitlements && fEntitlements->getObject(gIODriverKitUserClientEntitlementAllowAnyKey)) {
4262 ok = true;
4263 } else {
4264 bundleID = service->copyProperty(gIOModuleIdentifierKey);
4265 ok = (entitlements
4266 && bundleID
4267 && (prop = entitlements->getObject(gIODriverKitUserClientEntitlementsKey)));
4268 if (ok) {
4269 bool found __block = false;
4270 ok = prop->iterateObjects(^bool (OSObject * object) {
4271 found = object->isEqualTo(bundleID);
4272 return found;
4273 });
4274 ok = found;
4275 }
4276 OSSafeReleaseNULL(bundleID);
4277 }
4278 if (ok) {
4279 prop = userUC->copyProperty(gIOServiceDEXTEntitlementsKey);
4280 ok = checkEntitlements(entitlements, prop, NULL, NULL);
4281 }
4282 }
4283
4284 if (!ok) {
4285 DKLOG(DKS ":UC entitlements check failed\n", DKN(userUC));
4286 uc->terminate(kIOServiceTerminateNeedWillTerminate);
4287 OSSafeReleaseNULL(uc);
4288 OSSafeReleaseNULL(entitlements);
4289 return kIOReturnNotPermitted;
4290 }
4291 }
4292
4293 OSSafeReleaseNULL(entitlements);
4294 *handler = userUC;
4295
4296 return ret;
4297 }
4298
4299 IOReturn
serviceNewUserClient(IOService * service,task_t owningTask,void * securityID,uint32_t type,OSDictionary * properties,OSSharedPtr<IOUserClient> & handler)4300 IOUserServer::serviceNewUserClient(IOService * service, task_t owningTask, void * securityID,
4301 uint32_t type, OSDictionary * properties, OSSharedPtr<IOUserClient>& handler)
4302 {
4303 IOUserClient* handlerRaw = NULL;
4304 IOReturn result = serviceNewUserClient(service, owningTask, securityID, type, properties, &handlerRaw);
4305 handler.reset(handlerRaw, OSNoRetain);
4306 return result;
4307 }
4308
4309 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
4310
4311 static IOPMPowerState
4312 sPowerStates[] = {
4313 { .version = kIOPMPowerStateVersion1,
4314 .capabilityFlags = 0,
4315 .outputPowerCharacter = 0,
4316 .inputPowerRequirement = 0},
4317 { .version = kIOPMPowerStateVersion1,
4318 .capabilityFlags = kIOPMLowPower,
4319 .outputPowerCharacter = kIOPMLowPower,
4320 .inputPowerRequirement = kIOPMLowPower},
4321 { .version = kIOPMPowerStateVersion1,
4322 .capabilityFlags = kIOPMPowerOn,
4323 .outputPowerCharacter = kIOPMPowerOn,
4324 .inputPowerRequirement = kIOPMPowerOn},
4325 };
4326
4327 IOReturn
setPowerState(unsigned long state,IOService * service)4328 IOUserServer::setPowerState(unsigned long state, IOService * service)
4329 {
4330 if (kIODKLogPM & gIODKDebug) {
4331 DKLOG(DKS "::setPowerState(%ld) %d\n", DKN(service), state, fSystemPowerAck);
4332 }
4333 return kIOPMAckImplied;
4334 }
4335
4336 IOReturn
serviceSetPowerState(IOService * controllingDriver,IOService * service,IOPMPowerFlags flags,unsigned long state)4337 IOUserServer::serviceSetPowerState(IOService * controllingDriver, IOService * service, IOPMPowerFlags flags, unsigned long state)
4338 {
4339 IOReturn ret;
4340 bool sendIt = false;
4341
4342 IOLockLock(fLock);
4343 if (service->reserved->uvars) {
4344 if (!fSystemOff && !(kIODKDisablePM & gIODKDebug)) {
4345 service->reserved->uvars->willPower = true;
4346 service->reserved->uvars->willPowerState = state;
4347 service->reserved->uvars->controllingDriver = controllingDriver;
4348 sendIt = true;
4349 } else {
4350 service->reserved->uvars->willPower = false;
4351 }
4352 }
4353 IOLockUnlock(fLock);
4354
4355 if (sendIt) {
4356 if (kIODKLogPM & gIODKDebug) {
4357 DKLOG(DKS "::serviceSetPowerState(%ld) %d\n", DKN(service), state, fSystemPowerAck);
4358 }
4359 ret = service->SetPowerState((uint32_t) flags);
4360 if (kIOReturnSuccess == ret) {
4361 return 20 * 1000 * 1000;
4362 } else {
4363 IOLockLock(fLock);
4364 service->reserved->uvars->willPower = false;
4365 IOLockUnlock(fLock);
4366 }
4367 }
4368
4369 return kIOPMAckImplied;
4370 }
4371
4372 IOReturn
powerStateWillChangeTo(IOPMPowerFlags flags,unsigned long state,IOService * service)4373 IOUserServer::powerStateWillChangeTo(IOPMPowerFlags flags, unsigned long state, IOService * service)
4374 {
4375 return kIOPMAckImplied;
4376 }
4377
4378 IOReturn
powerStateDidChangeTo(IOPMPowerFlags flags,unsigned long state,IOService * service)4379 IOUserServer::powerStateDidChangeTo(IOPMPowerFlags flags, unsigned long state, IOService * service)
4380 {
4381 unsigned int idx;
4382 bool pmAck;
4383
4384 pmAck = false;
4385 IOLockLock(fLock);
4386 idx = fServices->getNextIndexOfObject(service, 0);
4387 if (-1U == idx) {
4388 IOLockUnlock(fLock);
4389 return kIOPMAckImplied;
4390 }
4391
4392 service->reserved->uvars->powerState = (0 != state);
4393 bool allPowerStates __block = 0;
4394 if (!state) {
4395 // any service on?
4396 fServices->iterateObjects(^bool (OSObject * obj) {
4397 int service __unused; // hide outer defn
4398 IOService * nextService;
4399 nextService = (IOService *) obj;
4400 allPowerStates = nextService->reserved->uvars->powerState;
4401 // early terminate if true
4402 return allPowerStates;
4403 });
4404 }
4405 if (kIODKLogPM & gIODKDebug) {
4406 DKLOG(DKS "::powerStateDidChangeTo(%ld) %d, %d\n", DKN(service), state, allPowerStates, fSystemPowerAck);
4407 }
4408 if (!allPowerStates && (pmAck = fSystemPowerAck)) {
4409 fSystemPowerAck = false;
4410 fSystemOff = true;
4411 }
4412 IOLockUnlock(fLock);
4413
4414 if (pmAck) {
4415 IOServicePH::serverAck(this);
4416 }
4417
4418 return kIOPMAckImplied;
4419 }
4420
4421 kern_return_t
SetPowerState_Impl(uint32_t powerFlags)4422 IOService::SetPowerState_Impl(
4423 uint32_t powerFlags)
4424 {
4425 if (kIODKLogPM & gIODKDebug) {
4426 DKLOG(DKS "::SetPowerState(%d), %d\n", DKN(this), powerFlags, reserved->uvars->willPower);
4427 }
4428 if (reserved->uvars
4429 && reserved->uvars->userServer
4430 && reserved->uvars->willPower) {
4431 IOReturn ret;
4432 reserved->uvars->willPower = false;
4433 ret = reserved->uvars->controllingDriver->setPowerState(reserved->uvars->willPowerState, this);
4434 if (kIOPMAckImplied == ret) {
4435 acknowledgeSetPowerState();
4436 }
4437 return kIOReturnSuccess;
4438 }
4439 return kIOReturnNotReady;
4440 }
4441
4442 kern_return_t
ChangePowerState_Impl(uint32_t powerFlags)4443 IOService::ChangePowerState_Impl(
4444 uint32_t powerFlags)
4445 {
4446 switch (powerFlags) {
4447 case kIOServicePowerCapabilityOff:
4448 changePowerStateToPriv(0);
4449 break;
4450 case kIOServicePowerCapabilityLow:
4451 changePowerStateToPriv(1);
4452 break;
4453 case kIOServicePowerCapabilityOn:
4454 changePowerStateToPriv(2);
4455 break;
4456 default:
4457 return kIOReturnBadArgument;
4458 }
4459
4460 return kIOReturnSuccess;
4461 }
4462
4463 kern_return_t
_ClaimSystemWakeEvent_Impl(IOService * device,uint64_t flags,const char * reason,OSContainer * details)4464 IOService::_ClaimSystemWakeEvent_Impl(
4465 IOService * device,
4466 uint64_t flags,
4467 const char * reason,
4468 OSContainer * details)
4469 {
4470 IOPMrootDomain * rootDomain;
4471 IOOptionBits pmFlags;
4472
4473 rootDomain = getPMRootDomain();
4474 if (!rootDomain) {
4475 return kIOReturnNotReady;
4476 }
4477 if (os_convert_overflow(flags, &pmFlags)) {
4478 return kIOReturnBadArgument;
4479 }
4480 rootDomain->claimSystemWakeEvent(device, pmFlags, reason, details);
4481
4482 return kIOReturnSuccess;
4483 }
4484
4485 kern_return_t
Create_Impl(IOService * provider,const char * propertiesKey,IOService ** result)4486 IOService::Create_Impl(
4487 IOService * provider,
4488 const char * propertiesKey,
4489 IOService ** result)
4490 {
4491 OSObject * inst;
4492 IOService * service;
4493 OSString * str;
4494 const OSSymbol * sym;
4495 OSObject * prop;
4496 OSDictionary * properties;
4497 kern_return_t ret;
4498
4499 if (provider != this) {
4500 return kIOReturnUnsupported;
4501 }
4502
4503 ret = kIOReturnUnsupported;
4504 inst = NULL;
4505 service = NULL;
4506
4507 prop = copyProperty(propertiesKey);
4508 properties = OSDynamicCast(OSDictionary, prop);
4509 assert(properties);
4510 if (properties) {
4511 str = OSDynamicCast(OSString, properties->getObject(gIOClassKey));
4512 assert(str);
4513 sym = OSSymbol::withString(str);
4514 if (sym) {
4515 inst = OSMetaClass::allocClassWithName(sym);
4516 service = OSDynamicCast(IOService, inst);
4517 if (service && service->init(properties) && service->attach(this)) {
4518 reserved->uvars->userServer->serviceAttach(service, this);
4519 service->reserved->uvars->started = true;
4520 ret = kIOReturnSuccess;
4521 *result = service;
4522 }
4523 OSSafeReleaseNULL(sym);
4524 }
4525 }
4526
4527 OSSafeReleaseNULL(prop);
4528 if (kIOReturnSuccess != ret) {
4529 OSSafeReleaseNULL(inst);
4530 }
4531
4532 return ret;
4533 }
4534
4535 kern_return_t
Terminate_Impl(uint64_t options)4536 IOService::Terminate_Impl(
4537 uint64_t options)
4538 {
4539 IOUserServer * us;
4540
4541 if (options) {
4542 return kIOReturnUnsupported;
4543 }
4544
4545 us = (typeof(us))thread_iokit_tls_get(0);
4546 if (!reserved->uvars
4547 || (reserved->uvars->userServer != us)) {
4548 return kIOReturnNotPermitted;
4549 }
4550 terminate(kIOServiceTerminateNeedWillTerminate);
4551
4552 return kIOReturnSuccess;
4553 }
4554
4555 kern_return_t
NewUserClient_Impl(uint32_t type,IOUserClient ** userClient)4556 IOService::NewUserClient_Impl(
4557 uint32_t type,
4558 IOUserClient ** userClient)
4559 {
4560 return kIOReturnError;
4561 }
4562
4563 kern_return_t
_NewUserClient_Impl(uint32_t type,OSDictionary * entitlements,IOUserClient ** userClient)4564 IOService::_NewUserClient_Impl(
4565 uint32_t type,
4566 OSDictionary * entitlements,
4567 IOUserClient ** userClient)
4568 {
4569 return kIOReturnError;
4570 }
4571
4572 kern_return_t
SearchProperty_Impl(const char * name,const char * plane,uint64_t options,OSContainer ** property)4573 IOService::SearchProperty_Impl(
4574 const char * name,
4575 const char * plane,
4576 uint64_t options,
4577 OSContainer ** property)
4578 {
4579 OSObject * object __block;
4580 IOService * provider;
4581 IOOptionBits regOptions;
4582
4583 if (kIOServiceSearchPropertyParents & options) {
4584 regOptions = kIORegistryIterateParents | kIORegistryIterateRecursively;
4585 } else {
4586 regOptions = 0;
4587 }
4588
4589 object = copyProperty(name, IORegistryEntry::getPlane(plane), regOptions);
4590
4591 if (NULL == object) {
4592 for (provider = this; provider; provider = provider->getProvider()) {
4593 provider->runPropertyActionBlock(^IOReturn (void) {
4594 OSDictionary * userProps;
4595 object = provider->getProperty(name);
4596 if (!object
4597 && (userProps = OSDynamicCast(OSDictionary, provider->getProperty(gIOUserServicePropertiesKey)))) {
4598 object = userProps->getObject(name);
4599 }
4600 if (object) {
4601 object->retain();
4602 }
4603 return kIOReturnSuccess;
4604 });
4605 if (object || !(kIORegistryIterateParents & options)) {
4606 break;
4607 }
4608 }
4609 }
4610
4611 *property = object;
4612
4613 return object ? kIOReturnSuccess : kIOReturnNotFound;
4614 }
4615
4616 kern_return_t
StringFromReturn_Impl(IOReturn retval,OSString ** str)4617 IOService::StringFromReturn_Impl(
4618 IOReturn retval,
4619 OSString ** str)
4620 {
4621 OSString *obj = OSString::withCString(stringFromReturn(retval));
4622 *str = obj;
4623 return obj ? kIOReturnSuccess : kIOReturnError;
4624 }
4625
4626 kern_return_t
CopyProviderProperties_Impl(OSArray * propertyKeys,OSArray ** properties)4627 IOService::CopyProviderProperties_Impl(
4628 OSArray * propertyKeys,
4629 OSArray ** properties)
4630 {
4631 IOReturn ret;
4632 OSArray * result;
4633 IOService * provider;
4634
4635 result = OSArray::withCapacity(8);
4636 if (!result) {
4637 return kIOReturnNoMemory;
4638 }
4639
4640 ret = kIOReturnSuccess;
4641 for (provider = this; provider; provider = provider->getProvider()) {
4642 OSObject * obj;
4643 OSDictionary * props;
4644
4645 obj = provider->copyProperty(gIOSupportedPropertiesKey);
4646 props = OSDynamicCast(OSDictionary, obj);
4647 if (!props) {
4648 OSSafeReleaseNULL(obj);
4649 props = provider->dictionaryWithProperties();
4650 }
4651 if (!props) {
4652 ret = kIOReturnNoMemory;
4653 break;
4654 }
4655
4656 bool __block addClass = true;
4657 if (propertyKeys) {
4658 OSDictionary * retProps;
4659 retProps = OSDictionary::withCapacity(4);
4660 addClass = false;
4661 if (!retProps) {
4662 ret = kIOReturnNoMemory;
4663 OSSafeReleaseNULL(props);
4664 break;
4665 }
4666 propertyKeys->iterateObjects(^bool (OSObject * _key) {
4667 OSString * key = OSDynamicCast(OSString, _key);
4668 if (gIOClassKey->isEqualTo(key)) {
4669 addClass = true;
4670 return false;
4671 }
4672 retProps->setObject(key, props->getObject(key));
4673 return false;
4674 });
4675 OSSafeReleaseNULL(props);
4676 props = retProps;
4677 }
4678 if (addClass) {
4679 OSArray * classes = OSArray::withCapacity(8);
4680 if (!classes) {
4681 OSSafeReleaseNULL(props);
4682 ret = kIOReturnNoMemory;
4683 break;
4684 }
4685 for (const OSMetaClass * meta = provider->getMetaClass(); meta; meta = meta->getSuperClass()) {
4686 classes->setObject(meta->getClassNameSymbol());
4687 }
4688 props->setObject(gIOClassKey, classes);
4689 OSSafeReleaseNULL(classes);
4690 }
4691 bool ok = result->setObject(props);
4692 props->release();
4693 if (!ok) {
4694 ret = kIOReturnNoMemory;
4695 break;
4696 }
4697 }
4698 if (kIOReturnSuccess != ret) {
4699 OSSafeReleaseNULL(result);
4700 }
4701 *properties = result;
4702 return ret;
4703 }
4704
4705 IOReturn
AdjustBusy_Impl(int32_t delta)4706 IOService::AdjustBusy_Impl(int32_t delta)
4707 {
4708 adjustBusy(delta);
4709 return kIOReturnSuccess;
4710 }
4711
4712 IOReturn
GetBusyState_Impl(uint32_t * busyState)4713 IOService::GetBusyState_Impl(uint32_t *busyState)
4714 {
4715 *busyState = getBusyState();
4716 return kIOReturnSuccess;
4717 }
4718
4719 void
systemPower(bool powerOff)4720 IOUserServer::systemPower(bool powerOff)
4721 {
4722 OSArray * services;
4723 {
4724 OSDictionary * sleepDescription;
4725 OSObject * prop;
4726
4727 sleepDescription = OSDictionary::withCapacity(4);
4728 if (sleepDescription) {
4729 prop = getPMRootDomain()->copyProperty(kRootDomainSleepReasonKey);
4730 if (prop) {
4731 sleepDescription->setObject(gIOSystemStateSleepDescriptionReasonKey, prop);
4732 OSSafeReleaseNULL(prop);
4733 }
4734 prop = getPMRootDomain()->copyProperty(kIOHibernateStateKey);
4735 if (prop) {
4736 sleepDescription->setObject(gIOSystemStateSleepDescriptionHibernateStateKey, prop);
4737 OSSafeReleaseNULL(prop);
4738 }
4739 getSystemStateNotificationService()->StateNotificationItemSet(gIOSystemStateSleepDescriptionKey, sleepDescription);
4740 OSSafeReleaseNULL(sleepDescription);
4741 }
4742 }
4743
4744 IOLockLock(fLock);
4745 services = OSArray::withArray(fServices);
4746
4747 bool allPowerStates __block = 0;
4748 // any service on?
4749 fServices->iterateObjects(^bool (OSObject * obj) {
4750 int service __unused; // hide outer defn
4751 IOService * nextService;
4752 nextService = (IOService *) obj;
4753 allPowerStates = nextService->reserved->uvars->powerState;
4754 // early terminate if true
4755 return allPowerStates;
4756 });
4757
4758 if (kIODKLogPM & gIODKDebug) {
4759 DKLOG("%s::powerOff(%d) %d\n", getName(), powerOff, allPowerStates);
4760 }
4761
4762 if (powerOff) {
4763 fSystemPowerAck = allPowerStates;
4764 if (!fSystemPowerAck) {
4765 fSystemOff = true;
4766 }
4767 IOLockUnlock(fLock);
4768
4769 if (!fSystemPowerAck) {
4770 IOServicePH::serverAck(this);
4771 } else {
4772 if (services) {
4773 services->iterateObjects(^bool (OSObject * obj) {
4774 int service __unused; // hide outer defn
4775 IOService * nextService;
4776 nextService = (IOService *) obj;
4777 if (kIODKLogPM & gIODKDebug) {
4778 DKLOG("changePowerStateWithOverrideTo(" DKS ", %d)\n", DKN(nextService), 0);
4779 }
4780 nextService->reserved->uvars->powerOverride = nextService->getPowerState();
4781 nextService->changePowerStateWithOverrideTo(0, 0);
4782 return false;
4783 });
4784 }
4785 }
4786 } else {
4787 fSystemOff = false;
4788 IOLockUnlock(fLock);
4789 if (services) {
4790 services->iterateObjects(^bool (OSObject * obj) {
4791 int service __unused; // hide outer defn
4792 IOService * nextService;
4793 nextService = (IOService *) obj;
4794 if (-1U != nextService->reserved->uvars->powerOverride) {
4795 if (kIODKLogPM & gIODKDebug) {
4796 DKLOG("changePowerStateWithOverrideTo(" DKS ", %d)\n", DKN(nextService), nextService->reserved->uvars->powerOverride);
4797 }
4798 nextService->changePowerStateWithOverrideTo(nextService->reserved->uvars->powerOverride, 0);
4799 nextService->reserved->uvars->powerOverride = -1U;
4800 }
4801 return false;
4802 });
4803 }
4804 }
4805 OSSafeReleaseNULL(services);
4806 }
4807
4808
4809 void
systemHalt(int howto)4810 IOUserServer::systemHalt(int howto)
4811 {
4812 OSArray * services;
4813
4814 if (true || (kIODKLogPM & gIODKDebug)) {
4815 DKLOG("%s::systemHalt()\n", getName());
4816 }
4817
4818 {
4819 OSDictionary * haltDescription;
4820 OSNumber * state;
4821 uint64_t haltStateFlags;
4822
4823 haltDescription = OSDictionary::withCapacity(4);
4824 if (haltDescription) {
4825 haltStateFlags = 0;
4826 if (RB_HALT & howto) {
4827 haltStateFlags |= kIOServiceHaltStatePowerOff;
4828 } else {
4829 haltStateFlags |= kIOServiceHaltStateRestart;
4830 }
4831 state = OSNumber::withNumber(haltStateFlags, 64);
4832 haltDescription->setObject(gIOSystemStateHaltDescriptionHaltStateKey, state);
4833 getSystemStateNotificationService()->StateNotificationItemSet(gIOSystemStateHaltDescriptionKey, haltDescription);
4834
4835 OSSafeReleaseNULL(state);
4836 OSSafeReleaseNULL(haltDescription);
4837 }
4838 }
4839
4840 IOLockLock(fLock);
4841 services = OSArray::withArray(fServices);
4842 IOLockUnlock(fLock);
4843
4844 if (services) {
4845 services->iterateObjects(^bool (OSObject * obj) {
4846 int service __unused; // hide outer defn
4847 IOService * nextService;
4848 IOService * provider;
4849 IOOptionBits terminateOptions;
4850 bool root;
4851
4852 nextService = (IOService *) obj;
4853 provider = nextService->getProvider();
4854 if (!provider) {
4855 DKLOG("stale service " DKS " found, skipping termination\n", DKN(nextService));
4856 return false;
4857 }
4858 root = (NULL == provider->getProperty(gIOUserServerNameKey, gIOServicePlane));
4859 if (true || (kIODKLogPM & gIODKDebug)) {
4860 DKLOG("%d: terminate(" DKS ")\n", root, DKN(nextService));
4861 }
4862 if (!root) {
4863 return false;
4864 }
4865 terminateOptions = kIOServiceRequired | kIOServiceTerminateNeedWillTerminate;
4866 if (!nextService->terminate(terminateOptions)) {
4867 IOLog("failed to terminate service %s-0x%llx\n", nextService->getName(), nextService->getRegistryEntryID());
4868 }
4869 return false;
4870 });
4871 }
4872 OSSafeReleaseNULL(services);
4873 }
4874
4875 void
powerSourceChanged(bool acAttached)4876 IOUserServer::powerSourceChanged(bool acAttached)
4877 {
4878 OSDictionary * powerSourceDescription;
4879
4880 powerSourceDescription = OSDictionary::withCapacity(4);
4881 if (!powerSourceDescription) {
4882 return;
4883 }
4884 powerSourceDescription->setObject(gIOSystemStatePowerSourceDescriptionACAttachedKey, acAttached ? kOSBooleanTrue : kOSBooleanFalse);
4885 getSystemStateNotificationService()->StateNotificationItemSet(gIOSystemStatePowerSourceDescriptionKey, powerSourceDescription);
4886
4887 OSSafeReleaseNULL(powerSourceDescription);
4888 }
4889
4890 IOReturn
serviceStarted(IOService * service,IOService * provider,bool result)4891 IOUserServer::serviceStarted(IOService * service, IOService * provider, bool result)
4892 {
4893 IOReturn ret;
4894 IOService * pmProvider;
4895 bool joinTree;
4896
4897 DKLOG(DKS "::start(" DKS ") %s\n", DKN(service), DKN(provider), result ? "ok" : "fail");
4898
4899 if (!result) {
4900 ret = kIOReturnSuccess;
4901 return ret;
4902 }
4903
4904 if (!fRootNotifier) {
4905 ret = registerPowerDriver(this, sPowerStates, sizeof(sPowerStates) / sizeof(sPowerStates[0]));
4906 assert(kIOReturnSuccess == ret);
4907 IOServicePH::serverAdd(this);
4908 fRootNotifier = true;
4909 }
4910
4911 joinTree = false;
4912 if (!(kIODKDisablePM & gIODKDebug) && !service->pm_vars) {
4913 service->PMinit();
4914 ret = service->registerPowerDriver(this, sPowerStates, sizeof(sPowerStates) / sizeof(sPowerStates[0]));
4915 assert(kIOReturnSuccess == ret);
4916 joinTree = true;
4917 }
4918
4919 pmProvider = service;
4920 while (pmProvider && !pmProvider->inPlane(gIOPowerPlane)) {
4921 pmProvider = pmProvider->getProvider();
4922 }
4923 if (pmProvider) {
4924 IOService * entry;
4925 OSObject * prop;
4926 OSObject * nextProp;
4927 OSString * str;
4928
4929 entry = pmProvider;
4930 prop = NULL;
4931 do {
4932 nextProp = entry->copyProperty("non-removable");
4933 if (nextProp) {
4934 OSSafeReleaseNULL(prop);
4935 prop = nextProp;
4936 }
4937 entry = entry->getProvider();
4938 } while (entry);
4939 if (prop) {
4940 str = OSDynamicCast(OSString, prop);
4941 if (str && str->isEqualTo("yes")) {
4942 pmProvider = NULL;
4943 }
4944 prop->release();
4945 }
4946 }
4947
4948 if (!(kIODKDisablePM & gIODKDebug) && pmProvider) {
4949 IOLockLock(fLock);
4950 service->reserved->uvars->powerState = true;
4951 IOLockUnlock(fLock);
4952
4953 if (joinTree) {
4954 pmProvider->joinPMtree(service);
4955 service->reserved->uvars->userServerPM = true;
4956 }
4957 }
4958
4959 service->registerInterestedDriver(this);
4960 service->reserved->uvars->started = true;
4961
4962 return kIOReturnSuccess;
4963 }
4964
4965
4966 IOReturn
serviceOpen(IOService * provider,IOService * client)4967 IOUserServer::serviceOpen(IOService * provider, IOService * client)
4968 {
4969 OSObjectUserVars * uvars;
4970
4971 IOLockLock(client->reserved->uvars->uvarsLock);
4972 uvars = client->reserved->uvars;
4973 if (!uvars->openProviders) {
4974 uvars->openProviders = OSArray::withObjects((const OSObject **) &provider, 1);
4975 } else if (-1U == uvars->openProviders->getNextIndexOfObject(provider, 0)) {
4976 uvars->openProviders->setObject(provider);
4977 }
4978 IOLockUnlock(client->reserved->uvars->uvarsLock);
4979
4980 return kIOReturnSuccess;
4981 }
4982
4983 IOReturn
serviceClose(IOService * provider,IOService * client)4984 IOUserServer::serviceClose(IOService * provider, IOService * client)
4985 {
4986 OSObjectUserVars * uvars;
4987 unsigned int idx;
4988 IOReturn ret;
4989
4990 IOLockLock(client->reserved->uvars->uvarsLock);
4991 uvars = client->reserved->uvars;
4992 if (!uvars->openProviders) {
4993 ret = kIOReturnNotOpen;
4994 goto finish;
4995 }
4996 idx = uvars->openProviders->getNextIndexOfObject(provider, 0);
4997 if (-1U == idx) {
4998 ret = kIOReturnNotOpen;
4999 goto finish;
5000 }
5001 uvars->openProviders->removeObject(idx);
5002 if (!uvars->openProviders->getCount()) {
5003 OSSafeReleaseNULL(uvars->openProviders);
5004 }
5005
5006 ret = kIOReturnSuccess;
5007
5008 finish:
5009 IOLockUnlock(client->reserved->uvars->uvarsLock);
5010
5011 return ret;
5012 }
5013
5014
5015 IOReturn
serviceStop(IOService * service,IOService *)5016 IOUserServer::serviceStop(IOService * service, IOService *)
5017 {
5018 IOReturn ret;
5019 uint32_t idx, queueAlloc;
5020 bool pmAck;
5021 OSObjectUserVars * uvars;
5022
5023 pmAck = false;
5024 IOLockLock(fLock);
5025 idx = fServices->getNextIndexOfObject(service, 0);
5026 if (-1U != idx) {
5027 fServices->removeObject(idx);
5028
5029 // Remove the service from IOAssociatedServices
5030 OSObject * serviceArrayObj = copyProperty(gIOAssociatedServicesKey);
5031 OSArray * serviceArray = OSDynamicCast(OSArray, serviceArrayObj);
5032 assert(serviceArray != NULL);
5033
5034 serviceArray = OSDynamicCast(OSArray, serviceArray->copyCollection());
5035 assert(serviceArray != NULL);
5036
5037 // Index should be the same as it was in fServices
5038 OSNumber * __assert_only registryEntryID = OSDynamicCast(OSNumber, serviceArray->getObject(idx));
5039 assert(registryEntryID);
5040
5041 // ensure it is the right service
5042 assert(registryEntryID->unsigned64BitValue() == service->getRegistryEntryID());
5043 serviceArray->removeObject(idx);
5044
5045 setProperty(gIOAssociatedServicesKey, serviceArray);
5046 OSSafeReleaseNULL(serviceArray);
5047 OSSafeReleaseNULL(serviceArrayObj);
5048
5049 uvars = service->reserved->uvars;
5050 uvars->stopped = true;
5051 uvars->powerState = 0;
5052
5053 bool allPowerStates __block = 0;
5054 // any service on?
5055 fServices->iterateObjects(^bool (OSObject * obj) {
5056 int service __unused; // hide outer defn
5057 IOService * nextService;
5058 nextService = (IOService *) obj;
5059 allPowerStates = nextService->reserved->uvars->powerState;
5060 // early terminate if true
5061 return allPowerStates;
5062 });
5063
5064 if (!allPowerStates && (pmAck = fSystemPowerAck)) {
5065 fSystemPowerAck = false;
5066 fSystemOff = true;
5067 }
5068 }
5069 IOLockUnlock(fLock);
5070 if (pmAck) {
5071 IOServicePH::serverAck(this);
5072 }
5073
5074 if (-1U == idx) {
5075 return kIOReturnSuccess;
5076 }
5077
5078 if (uvars->queueArray && uvars->userMeta) {
5079 queueAlloc = 1;
5080 if (uvars->userMeta->queueNames) {
5081 queueAlloc += uvars->userMeta->queueNames->count;
5082 }
5083 for (idx = 0; idx < queueAlloc; idx++) {
5084 OSSafeReleaseNULL(uvars->queueArray[idx]);
5085 }
5086 IOSafeDeleteNULL(uvars->queueArray, IODispatchQueue *, queueAlloc);
5087 }
5088
5089 (void) service->deRegisterInterestedDriver(this);
5090 if (uvars->userServerPM) {
5091 service->PMstop();
5092 }
5093
5094 ret = kIOReturnSuccess;
5095 return ret;
5096 }
5097
5098 void
serviceFree(IOService * service)5099 IOUserServer::serviceFree(IOService * service)
5100 {
5101 OSObjectUserVars * uvars;
5102
5103 uvars = service->reserved->uvars;
5104 if (!uvars) {
5105 return;
5106 }
5107 OSSafeReleaseNULL(uvars->userServer);
5108 IOLockFree(uvars->uvarsLock);
5109 IOFreeType(service->reserved->uvars, OSObjectUserVars);
5110 }
5111
5112 void
serviceWillTerminate(IOService * client,IOService * provider,IOOptionBits options)5113 IOUserServer::serviceWillTerminate(IOService * client, IOService * provider, IOOptionBits options)
5114 {
5115 IOReturn ret;
5116 bool willTerminate;
5117
5118 willTerminate = false;
5119 IOLockLock(client->reserved->uvars->uvarsLock);
5120 if (!client->reserved->uvars->serverDied
5121 && !client->reserved->uvars->willTerminate) {
5122 client->reserved->uvars->willTerminate = true;
5123 willTerminate = true;
5124 }
5125 IOLockUnlock(client->reserved->uvars->uvarsLock);
5126
5127 if (willTerminate) {
5128 if (provider->isInactive() || IOServicePH::serverSlept()) {
5129 client->Stop_async(provider);
5130 ret = kIOReturnOffline;
5131 } else {
5132 ret = client->Stop(provider);
5133 }
5134 if (kIOReturnSuccess != ret) {
5135 IOUserServer::serviceDidStop(client, provider);
5136 ret = kIOReturnSuccess;
5137 }
5138 }
5139 }
5140
5141 void
serviceDidTerminate(IOService * client,IOService * provider,IOOptionBits options,bool * defer)5142 IOUserServer::serviceDidTerminate(IOService * client, IOService * provider, IOOptionBits options, bool * defer)
5143 {
5144 IOLockLock(client->reserved->uvars->uvarsLock);
5145 client->reserved->uvars->didTerminate = true;
5146 if (!client->reserved->uvars->serverDied
5147 && !client->reserved->uvars->stopped) {
5148 *defer = true;
5149 }
5150 IOLockUnlock(client->reserved->uvars->uvarsLock);
5151 }
5152
5153 void
serviceDidStop(IOService * client,IOService * provider)5154 IOUserServer::serviceDidStop(IOService * client, IOService * provider)
5155 {
5156 bool complete;
5157 OSArray * closeArray;
5158
5159 complete = false;
5160 closeArray = NULL;
5161
5162 IOLockLock(client->reserved->uvars->uvarsLock);
5163 if (client->reserved->uvars
5164 && client->reserved->uvars->willTerminate
5165 && !client->reserved->uvars->stopped) {
5166 client->reserved->uvars->stopped = true;
5167 complete = client->reserved->uvars->didTerminate;
5168 }
5169
5170 if (client->reserved->uvars) {
5171 closeArray = client->reserved->uvars->openProviders;
5172 client->reserved->uvars->openProviders = NULL;
5173 }
5174 IOLockUnlock(client->reserved->uvars->uvarsLock);
5175
5176 if (closeArray) {
5177 closeArray->iterateObjects(^bool (OSObject * obj) {
5178 IOService * toClose;
5179 toClose = OSDynamicCast(IOService, obj);
5180 if (toClose) {
5181 DKLOG(DKS ":force close (" DKS ")\n", DKN(client), DKN(toClose));
5182 toClose->close(client);
5183 }
5184 return false;
5185 });
5186 closeArray->release();
5187 }
5188
5189 if (complete) {
5190 bool defer = false;
5191 client->didTerminate(provider, 0, &defer);
5192 }
5193 }
5194
5195 kern_return_t
ClientCrashed_Impl(IOService * client,uint64_t options)5196 IOService::ClientCrashed_Impl(
5197 IOService * client,
5198 uint64_t options)
5199 {
5200 return kIOReturnUnsupported;
5201 }
5202
5203 kern_return_t
Stop_Impl(IOService * provider)5204 IOService::Stop_Impl(
5205 IOService * provider)
5206 {
5207 IOUserServer::serviceDidStop(this, provider);
5208
5209 return kIOReturnSuccess;
5210 }
5211
5212 void
Stop_async_Impl(IOService * provider)5213 IOService::Stop_async_Impl(
5214 IOService * provider)
5215 {
5216 }
5217
5218 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
5219
5220 #undef super
5221 #define super IOUserClient
5222
OSDefineMetaClassAndStructors(IOUserUserClient,IOUserClient)5223 OSDefineMetaClassAndStructors(IOUserUserClient, IOUserClient)
5224
5225 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
5226
5227 bool
5228 IOUserUserClient::init(OSDictionary * properties)
5229 {
5230 if (!super::init(properties)) {
5231 return false;
5232 }
5233
5234 fWorkGroups = OSDictionary::withCapacity(0);
5235 if (fWorkGroups == NULL) {
5236 return false;
5237 }
5238
5239 fEventLinks = OSDictionary::withCapacity(0);
5240 if (fEventLinks == NULL) {
5241 return false;
5242 }
5243
5244 fLock = IOLockAlloc();
5245
5246 return true;
5247 }
5248
5249 void
free()5250 IOUserUserClient::free()
5251 {
5252 OSSafeReleaseNULL(fWorkGroups);
5253 OSSafeReleaseNULL(fEventLinks);
5254 if (fLock) {
5255 IOLockFree(fLock);
5256 }
5257
5258 super::free();
5259 }
5260
5261 IOReturn
setTask(task_t task)5262 IOUserUserClient::setTask(task_t task)
5263 {
5264 task_reference(task);
5265 fTask = task;
5266
5267 return kIOReturnSuccess;
5268 }
5269
5270 void
stop(IOService * provider)5271 IOUserUserClient::stop(IOService * provider)
5272 {
5273 if (fTask) {
5274 task_deallocate(fTask);
5275 fTask = NULL;
5276 }
5277 super::stop(provider);
5278 }
5279
5280 IOReturn
clientClose(void)5281 IOUserUserClient::clientClose(void)
5282 {
5283 terminate(kIOServiceTerminateNeedWillTerminate);
5284 return kIOReturnSuccess;
5285 }
5286
5287 IOReturn
setProperties(OSObject * properties)5288 IOUserUserClient::setProperties(OSObject * properties)
5289 {
5290 IOReturn ret = kIOReturnUnsupported;
5291 return ret;
5292 }
5293
5294 // p1 - name of object
5295 // p2 - length of object name
5296 // p3 - mach port name
5297
5298 kern_return_t
eventlinkConfigurationTrap(void * p1,void * p2,void * p3,void * p4,void * p5,void * p6)5299 IOUserUserClient::eventlinkConfigurationTrap(void * p1, void * p2, void * p3, void * p4, void * p5, void * p6)
5300 {
5301 user_addr_t userObjectName = (user_addr_t)p1;
5302 mach_port_name_t portName = (mach_port_name_t)(uintptr_t)p3;
5303 mach_port_t port = MACH_PORT_NULL;
5304 ipc_kobject_type_t portType;
5305 char eventlinkName[kIOEventLinkMaxNameLength + 1] = {0};
5306 size_t eventLinkNameLen;
5307 OSString * eventlinkNameStr = NULL; // must release
5308 IOEventLink * eventLink = NULL; // do not release
5309 kern_return_t ret;
5310
5311 ret = copyinstr(userObjectName, &eventlinkName[0], sizeof(eventlinkName), &eventLinkNameLen);
5312 if (ret != kIOReturnSuccess) {
5313 goto finish;
5314 }
5315
5316 // ensure string length matches trap argument
5317 if (eventLinkNameLen != (size_t)p2 + 1) {
5318 ret = kIOReturnBadArgument;
5319 goto finish;
5320 }
5321
5322 eventlinkNameStr = OSString::withCStringNoCopy(eventlinkName);
5323 if (eventlinkNameStr == NULL) {
5324 ret = kIOReturnNoMemory;
5325 goto finish;
5326 }
5327
5328 IOLockLock(fLock);
5329 eventLink = OSDynamicCast(IOEventLink, fEventLinks->getObject(eventlinkNameStr));
5330 if (eventLink) {
5331 eventLink->retain();
5332 }
5333 IOLockUnlock(fLock);
5334
5335 if (eventLink == NULL) {
5336 ret = kIOReturnNotFound;
5337 goto finish;
5338 }
5339
5340 port = iokit_lookup_raw_current_task(portName, &portType);
5341
5342 if (port == NULL) {
5343 ret = kIOReturnNotFound;
5344 goto finish;
5345 }
5346
5347 if (portType != IKOT_EVENTLINK) {
5348 ret = kIOReturnBadArgument;
5349 goto finish;
5350 }
5351
5352 ret = eventLink->SetEventlinkPort(port);
5353 if (ret != kIOReturnSuccess) {
5354 if (kIODKLogSetup & gIODKDebug) {
5355 DKLOG(DKS " %s SetEventlinkPort() returned %x\n", DKN(this), eventlinkNameStr->getCStringNoCopy(), ret);
5356 }
5357 goto finish;
5358 }
5359
5360 finish:
5361 if (port != NULL) {
5362 iokit_release_port_send(port);
5363 }
5364
5365 OSSafeReleaseNULL(eventlinkNameStr);
5366 OSSafeReleaseNULL(eventLink);
5367
5368 return ret;
5369 }
5370
5371 kern_return_t
workgroupConfigurationTrap(void * p1,void * p2,void * p3,void * p4,void * p5,void * p6)5372 IOUserUserClient::workgroupConfigurationTrap(void * p1, void * p2, void * p3, void * p4, void * p5, void * p6)
5373 {
5374 user_addr_t userObjectName = (user_addr_t)p1;
5375 mach_port_name_t portName = (mach_port_name_t)(uintptr_t)p3;
5376 mach_port_t port = MACH_PORT_NULL;
5377 ipc_kobject_type_t portType;
5378 char workgroupName[kIOWorkGroupMaxNameLength + 1] = {0};
5379 size_t workgroupNameLen;
5380 OSString * workgroupNameStr = NULL; // must release
5381 IOWorkGroup * workgroup = NULL; // do not release
5382 kern_return_t ret;
5383
5384 ret = copyinstr(userObjectName, &workgroupName[0], sizeof(workgroupName), &workgroupNameLen);
5385 if (ret != kIOReturnSuccess) {
5386 goto finish;
5387 }
5388
5389 // ensure string length matches trap argument
5390 if (workgroupNameLen != (size_t)p2 + 1) {
5391 ret = kIOReturnBadArgument;
5392 goto finish;
5393 }
5394
5395 workgroupNameStr = OSString::withCStringNoCopy(workgroupName);
5396 if (workgroupNameStr == NULL) {
5397 ret = kIOReturnNoMemory;
5398 goto finish;
5399 }
5400
5401 IOLockLock(fLock);
5402 workgroup = OSDynamicCast(IOWorkGroup, fWorkGroups->getObject(workgroupNameStr));
5403 if (workgroup) {
5404 workgroup->retain();
5405 }
5406 IOLockUnlock(fLock);
5407
5408 if (workgroup == NULL) {
5409 ret = kIOReturnNotFound;
5410 goto finish;
5411 }
5412
5413 port = iokit_lookup_raw_current_task(portName, &portType);
5414
5415 if (port == NULL) {
5416 ret = kIOReturnNotFound;
5417 goto finish;
5418 }
5419
5420 if (portType != IKOT_WORK_INTERVAL) {
5421 ret = kIOReturnBadArgument;
5422 goto finish;
5423 }
5424
5425 ret = workgroup->SetWorkGroupPort(port);
5426 if (ret != kIOReturnSuccess) {
5427 if (kIODKLogSetup & gIODKDebug) {
5428 DKLOG(DKS " %s SetWorkGroupPort() returned %x\n", DKN(this), workgroupNameStr->getCStringNoCopy(), ret);
5429 }
5430 goto finish;
5431 }
5432
5433 finish:
5434
5435 if (port != NULL) {
5436 iokit_release_port_send(port);
5437 }
5438
5439 OSSafeReleaseNULL(workgroupNameStr);
5440 OSSafeReleaseNULL(workgroup);
5441
5442 return ret;
5443 }
5444
5445 IOExternalTrap *
getTargetAndTrapForIndex(IOService ** targetP,UInt32 index)5446 IOUserUserClient::getTargetAndTrapForIndex( IOService **targetP, UInt32 index )
5447 {
5448 static const IOExternalTrap trapTemplate[] = {
5449 { NULL, (IOTrap) & IOUserUserClient::eventlinkConfigurationTrap},
5450 { NULL, (IOTrap) & IOUserUserClient::workgroupConfigurationTrap},
5451 };
5452 if (index >= (sizeof(trapTemplate) / sizeof(IOExternalTrap))) {
5453 return NULL;
5454 }
5455 *targetP = this;
5456 return (IOExternalTrap *)&trapTemplate[index];
5457 }
5458
5459 kern_return_t
CopyClientEntitlements_Impl(OSDictionary ** entitlements)5460 IOUserClient::CopyClientEntitlements_Impl(OSDictionary ** entitlements)
5461 {
5462 return kIOReturnUnsupported;
5463 };
5464
5465 struct IOUserUserClientActionRef {
5466 OSAsyncReference64 asyncRef;
5467 };
5468
5469 void
KernelCompletion_Impl(OSAction * action,IOReturn status,const unsigned long long * asyncData,uint32_t asyncDataCount)5470 IOUserClient::KernelCompletion_Impl(
5471 OSAction * action,
5472 IOReturn status,
5473 const unsigned long long * asyncData,
5474 uint32_t asyncDataCount)
5475 {
5476 IOUserUserClientActionRef * ref;
5477
5478 ref = (typeof(ref))action->GetReference();
5479
5480 IOUserClient::sendAsyncResult64(ref->asyncRef, status, (io_user_reference_t *) asyncData, asyncDataCount);
5481 }
5482
5483 kern_return_t
_ExternalMethod_Impl(uint64_t selector,const unsigned long long * scalarInput,uint32_t scalarInputCount,OSData * structureInput,IOMemoryDescriptor * structureInputDescriptor,unsigned long long * scalarOutput,uint32_t * scalarOutputCount,uint64_t structureOutputMaximumSize,OSData ** structureOutput,IOMemoryDescriptor * structureOutputDescriptor,OSAction * completion)5484 IOUserClient::_ExternalMethod_Impl(
5485 uint64_t selector,
5486 const unsigned long long * scalarInput,
5487 uint32_t scalarInputCount,
5488 OSData * structureInput,
5489 IOMemoryDescriptor * structureInputDescriptor,
5490 unsigned long long * scalarOutput,
5491 uint32_t * scalarOutputCount,
5492 uint64_t structureOutputMaximumSize,
5493 OSData ** structureOutput,
5494 IOMemoryDescriptor * structureOutputDescriptor,
5495 OSAction * completion)
5496 {
5497 return kIOReturnUnsupported;
5498 }
5499
5500 IOReturn
clientMemoryForType(UInt32 type,IOOptionBits * koptions,IOMemoryDescriptor ** kmemory)5501 IOUserUserClient::clientMemoryForType(UInt32 type,
5502 IOOptionBits * koptions,
5503 IOMemoryDescriptor ** kmemory)
5504 {
5505 IOReturn kr;
5506 uint64_t options;
5507 IOMemoryDescriptor * memory;
5508
5509 kr = CopyClientMemoryForType(type, &options, &memory);
5510
5511 *koptions = 0;
5512 *kmemory = NULL;
5513 if (kIOReturnSuccess != kr) {
5514 return kr;
5515 }
5516
5517 if (kIOUserClientMemoryReadOnly & options) {
5518 *koptions |= kIOMapReadOnly;
5519 }
5520 *kmemory = memory;
5521
5522 return kr;
5523 }
5524
5525 IOReturn
externalMethod(uint32_t selector,IOExternalMethodArguments * args,IOExternalMethodDispatch * dispatch,OSObject * target,void * reference)5526 IOUserUserClient::externalMethod(uint32_t selector, IOExternalMethodArguments * args,
5527 IOExternalMethodDispatch * dispatch, OSObject * target, void * reference)
5528 {
5529 IOReturn kr;
5530 OSData * structureInput;
5531 OSData * structureOutput;
5532 size_t copylen;
5533 uint64_t structureOutputSize;
5534 OSAction * action;
5535 IOUserUserClientActionRef * ref;
5536 mach_port_t wake_port = MACH_PORT_NULL;
5537
5538 kr = kIOReturnUnsupported;
5539 structureInput = NULL;
5540 action = NULL;
5541 ref = NULL;
5542
5543 if (args->structureInputSize) {
5544 structureInput = OSData::withBytesNoCopy((void *) args->structureInput, args->structureInputSize);
5545 }
5546
5547 if (MACH_PORT_NULL != args->asyncWakePort) {
5548 // this retain is for the OSAction to release
5549 wake_port = ipc_port_make_send(args->asyncWakePort);
5550 kr = CreateActionKernelCompletion(sizeof(IOUserUserClientActionRef), &action);
5551 assert(KERN_SUCCESS == kr);
5552 ref = (typeof(ref))action->GetReference();
5553 bcopy(args->asyncReference, &ref->asyncRef[0], args->asyncReferenceCount * sizeof(ref->asyncRef[0]));
5554 kr = action->SetAbortedHandler(^(void) {
5555 IOUserUserClientActionRef * ref;
5556 IOReturn ret;
5557
5558 ref = (typeof(ref))action->GetReference();
5559 ret = releaseAsyncReference64(ref->asyncRef);
5560 assert(kIOReturnSuccess == ret);
5561 bzero(&ref->asyncRef[0], sizeof(ref->asyncRef));
5562 });
5563 assert(KERN_SUCCESS == kr);
5564 }
5565
5566 if (args->structureVariableOutputData) {
5567 structureOutputSize = kIOUserClientVariableStructureSize;
5568 } else if (args->structureOutputDescriptor) {
5569 structureOutputSize = args->structureOutputDescriptor->getLength();
5570 } else {
5571 structureOutputSize = args->structureOutputSize;
5572 }
5573
5574 kr = _ExternalMethod(selector, &args->scalarInput[0], args->scalarInputCount,
5575 structureInput, args->structureInputDescriptor,
5576 args->scalarOutput, &args->scalarOutputCount,
5577 structureOutputSize, &structureOutput, args->structureOutputDescriptor,
5578 action);
5579
5580 OSSafeReleaseNULL(structureInput);
5581 OSSafeReleaseNULL(action);
5582
5583 if (kIOReturnSuccess != kr) {
5584 // mig will destroy any async port
5585 return kr;
5586 }
5587 if (MACH_PORT_NULL != wake_port) {
5588 // this release is for the mig created send right
5589 iokit_release_port_send(wake_port);
5590 }
5591
5592 if (structureOutput) {
5593 if (args->structureVariableOutputData) {
5594 *args->structureVariableOutputData = structureOutput;
5595 } else {
5596 copylen = structureOutput->getLength();
5597 if (copylen > args->structureOutputSize) {
5598 kr = kIOReturnBadArgument;
5599 } else {
5600 bcopy((const void *) structureOutput->getBytesNoCopy(), args->structureOutput, copylen);
5601 args->structureOutputSize = (uint32_t) copylen;
5602 }
5603 OSSafeReleaseNULL(structureOutput);
5604 }
5605 }
5606
5607 return kr;
5608 }
5609
5610 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
5611
5612 extern IORecursiveLock * gDriverKitLaunchLock;
5613 extern OSSet * gDriverKitLaunches;
5614
5615 _IOUserServerCheckInCancellationHandler *
setCancellationHandler(IOUserServerCheckInCancellationHandler handler,void * handlerArgs)5616 IOUserServerCheckInToken::setCancellationHandler(IOUserServerCheckInCancellationHandler handler,
5617 void* handlerArgs)
5618 {
5619 _IOUserServerCheckInCancellationHandler * handlerObj = _IOUserServerCheckInCancellationHandler::withHandler(handler, handlerArgs);
5620 if (!handlerObj) {
5621 goto finish;
5622 }
5623
5624 IORecursiveLockLock(gDriverKitLaunchLock);
5625
5626 assert(fState != kIOUserServerCheckInComplete);
5627
5628 if (fState == kIOUserServerCheckInCanceled) {
5629 // Send cancel notification if we set the handler after this was canceled
5630 handlerObj->call(this);
5631 } else if (fState == kIOUserServerCheckInPending) {
5632 fHandlers->setObject(handlerObj);
5633 }
5634
5635 IORecursiveLockUnlock(gDriverKitLaunchLock);
5636
5637 finish:
5638 return handlerObj;
5639 }
5640
5641 void
removeCancellationHandler(_IOUserServerCheckInCancellationHandler * handler)5642 IOUserServerCheckInToken::removeCancellationHandler(_IOUserServerCheckInCancellationHandler * handler)
5643 {
5644 IORecursiveLockLock(gDriverKitLaunchLock);
5645
5646 fHandlers->removeObject(handler);
5647
5648 IORecursiveLockUnlock(gDriverKitLaunchLock);
5649 }
5650
5651 void
cancel()5652 IOUserServerCheckInToken::cancel()
5653 {
5654 IORecursiveLockLock(gDriverKitLaunchLock);
5655
5656 if (fState == kIOUserServerCheckInPending) {
5657 fState = kIOUserServerCheckInCanceled;
5658 if (gDriverKitLaunches != NULL) {
5659 // Remove pending launch from list, if we have not shut down yet.
5660 gDriverKitLaunches->removeObject(this);
5661 }
5662
5663 fHandlers->iterateObjects(^bool (OSObject * obj){
5664 _IOUserServerCheckInCancellationHandler * handlerObj = OSDynamicCast(_IOUserServerCheckInCancellationHandler, obj);
5665 if (handlerObj) {
5666 handlerObj->call(this);
5667 }
5668 return false;
5669 });
5670 fHandlers->flushCollection();
5671 }
5672
5673 IORecursiveLockUnlock(gDriverKitLaunchLock);
5674 }
5675
5676 void
complete()5677 IOUserServerCheckInToken::complete()
5678 {
5679 IORecursiveLockLock(gDriverKitLaunchLock);
5680
5681 if (fState == kIOUserServerCheckInPending && --fPendingCount == 0) {
5682 fState = kIOUserServerCheckInComplete;
5683 if (gDriverKitLaunches != NULL) {
5684 // Remove pending launch from list, if we have not shut down yet.
5685 gDriverKitLaunches->removeObject(this);
5686 }
5687
5688 // No need to hold on to the cancellation handlers
5689 fHandlers->flushCollection();
5690 }
5691
5692 IORecursiveLockUnlock(gDriverKitLaunchLock);
5693 }
5694
5695 bool
init(const OSSymbol * serverName,OSNumber * serverTag)5696 IOUserServerCheckInToken::init(const OSSymbol * serverName, OSNumber * serverTag)
5697 {
5698 if (!OSObject::init()) {
5699 return false;
5700 }
5701
5702 if (!serverName) {
5703 return false;
5704 }
5705 fServerName = serverName;
5706 fServerName->retain();
5707
5708 if (!serverTag) {
5709 return false;
5710 }
5711 fServerTag = serverTag;
5712 fServerTag->retain();
5713
5714 fHandlers = OSSet::withCapacity(0);
5715 if (!fHandlers) {
5716 return false;
5717 }
5718
5719 fState = kIOUserServerCheckInPending;
5720 fPendingCount = 1;
5721
5722 return true;
5723 }
5724
5725 void
free()5726 IOUserServerCheckInToken::free()
5727 {
5728 OSSafeReleaseNULL(fServerName);
5729 OSSafeReleaseNULL(fServerTag);
5730 OSSafeReleaseNULL(fHandlers);
5731
5732 OSObject::free();
5733 }
5734
5735 const OSSymbol *
copyServerName() const5736 IOUserServerCheckInToken::copyServerName() const
5737 {
5738 fServerName->retain();
5739 return fServerName;
5740 }
5741
5742 OSNumber *
copyServerTag() const5743 IOUserServerCheckInToken::copyServerTag() const
5744 {
5745 fServerTag->retain();
5746 return fServerTag;
5747 }
5748
5749 IOUserServer *
launchUserServer(OSString * bundleID,const OSSymbol * serverName,OSNumber * serverTag,bool reuseIfExists,IOUserServerCheckInToken ** resultToken)5750 IOUserServer::launchUserServer(OSString * bundleID, const OSSymbol * serverName, OSNumber * serverTag, bool reuseIfExists, IOUserServerCheckInToken ** resultToken)
5751 {
5752 IOUserServer *me = NULL;
5753 IOUserServerCheckInToken * token = NULL;
5754 OSDictionary * matching = NULL; // must release
5755
5756 IORecursiveLockLock(gDriverKitLaunchLock);
5757
5758 if (gDriverKitLaunches == NULL) {
5759 // About to shut down, don't launch anything
5760 goto finish;
5761 }
5762
5763 if (reuseIfExists) {
5764 const char * serverNameCStr;
5765 const char * bundleIDCStr;
5766 const char * endOrgCStr;
5767
5768 serverNameCStr = serverName->getCStringNoCopy();
5769 bundleIDCStr = bundleID->getCStringNoCopy();
5770 (endOrgCStr = strchr(bundleIDCStr, '.')) && (endOrgCStr = strchr(endOrgCStr + 1, '.'));
5771 reuseIfExists = endOrgCStr && (0 == strncmp(bundleIDCStr, serverNameCStr, endOrgCStr + 1 - bundleIDCStr));
5772 if (!reuseIfExists) {
5773 IOLog(kIOUserServerNameKey " \"%s\" not correct organization for bundleID \"%s\"\n", serverNameCStr, bundleIDCStr);
5774 }
5775 }
5776
5777 // Find existing server
5778 if (reuseIfExists) {
5779 token = IOUserServerCheckInToken::findExistingToken(serverName);
5780 if (token) {
5781 // Launch in progress, return token
5782 goto finish;
5783 } else {
5784 // Check if launch completed
5785 matching = IOService::serviceMatching(gIOUserServerClassKey);
5786 if (!matching) {
5787 goto finish;
5788 }
5789 IOService::propertyMatching(gIOUserServerNameKey, serverName, matching);
5790 IOService * service = IOService::copyMatchingService(matching);
5791 IOUserServer * userServer = OSDynamicCast(IOUserServer, service);
5792 if (userServer) {
5793 // found existing user server
5794 me = userServer;
5795 goto finish;
5796 } else {
5797 OSSafeReleaseNULL(service);
5798 }
5799 }
5800 }
5801
5802 // No existing server, request launch
5803 token = new IOUserServerCheckInToken;
5804 if (!token) {
5805 goto finish;
5806 }
5807 if (token && !token->init(serverName, serverTag)) {
5808 OSSafeReleaseNULL(token);
5809 goto finish;
5810 }
5811
5812 gDriverKitLaunches->setObject(token);
5813 OSKext::requestDaemonLaunch(bundleID, (OSString *)serverName, serverTag, token);
5814
5815 finish:
5816 IORecursiveLockUnlock(gDriverKitLaunchLock);
5817 OSSafeReleaseNULL(matching);
5818
5819 if (resultToken) {
5820 *resultToken = token;
5821 } else {
5822 OSSafeReleaseNULL(token);
5823 }
5824
5825 return me;
5826 }
5827
5828 /*
5829 * IOUserServerCheckInTokens are used to track dext launches. They have three possible states:
5830 *
5831 * - Pending: A dext launch is pending
5832 * - Canceled: Dext launch failed
5833 * - Complete: Dext launch is complete
5834 *
5835 * A token can be shared among multiple IOServices that are waiting for dexts if the IOUserServerName
5836 * is the same. This allows dexts to be reused and host multiple services. All pending tokens are stored
5837 * in gDriverKitLaunches and we check here before creating a new token when launching a dext.
5838 *
5839 * A token starts in the pending state with a pending count of 1. When we reuse a token, we increase the
5840 * pending count of the token.
5841 *
5842 * The token is sent to userspace as a mach port through kernelmanagerd/driverkitd to the dext. The dext then
5843 * uses that token to check in to the kernel. If any part of the dext launch failed (dext crashed, kmd crashed, etc.)
5844 * we get a no-senders notification for the token in the kernel and the token goes into the Canceled state.
5845 *
5846 * Once the dext checks in to the kernel, we decrement the pending count for the token. When the pending count reaches
5847 * 0, the token goes into the Complete state. So if the token is in the Complete state, there are no kernel matching threads
5848 * waiting on the dext to check in.
5849 */
5850
5851 IOUserServerCheckInToken *
findExistingToken(const OSSymbol * serverName)5852 IOUserServerCheckInToken::findExistingToken(const OSSymbol * serverName)
5853 {
5854 IOUserServerCheckInToken * __block result = NULL;
5855
5856 IORecursiveLockLock(gDriverKitLaunchLock);
5857 if (gDriverKitLaunches == NULL) {
5858 goto finish;
5859 }
5860
5861 gDriverKitLaunches->iterateObjects(^(OSObject * obj) {
5862 IOUserServerCheckInToken * token = OSDynamicCast(IOUserServerCheckInToken, obj);
5863 if (token) {
5864 // Check if server name matches
5865 const OSSymbol * tokenServerName = token->fServerName;
5866 if (tokenServerName->isEqualTo(serverName)) {
5867 assert(token->fState == kIOUserServerCheckInPending);
5868 token->fPendingCount++;
5869 result = token;
5870 result->retain();
5871 }
5872 }
5873 return result != NULL;
5874 });
5875
5876 finish:
5877 IORecursiveLockUnlock(gDriverKitLaunchLock);
5878 return result;
5879 }
5880
5881 void
cancelAll()5882 IOUserServerCheckInToken::cancelAll()
5883 {
5884 OSSet * tokensToCancel;
5885
5886 IORecursiveLockLock(gDriverKitLaunchLock);
5887 tokensToCancel = gDriverKitLaunches;
5888 gDriverKitLaunches = NULL;
5889
5890
5891 tokensToCancel->iterateObjects(^(OSObject *obj) {
5892 IOUserServerCheckInToken * token = OSDynamicCast(IOUserServerCheckInToken, obj);
5893 if (token) {
5894 token->cancel();
5895 }
5896 return false;
5897 });
5898
5899 IORecursiveLockUnlock(gDriverKitLaunchLock);
5900
5901 OSSafeReleaseNULL(tokensToCancel);
5902 }
5903
5904 void
call(IOUserServerCheckInToken * token)5905 _IOUserServerCheckInCancellationHandler::call(IOUserServerCheckInToken * token)
5906 {
5907 fHandler(token, fHandlerArgs);
5908 }
5909
5910 _IOUserServerCheckInCancellationHandler *
withHandler(IOUserServerCheckInCancellationHandler handler,void * args)5911 _IOUserServerCheckInCancellationHandler::withHandler(IOUserServerCheckInCancellationHandler handler, void * args)
5912 {
5913 _IOUserServerCheckInCancellationHandler * handlerObj = NULL;
5914 if (!handler) {
5915 goto finish;
5916 }
5917
5918 handlerObj = new _IOUserServerCheckInCancellationHandler;
5919 if (!handlerObj) {
5920 goto finish;
5921 }
5922
5923 handlerObj->fHandler = handler;
5924 handlerObj->fHandlerArgs = args;
5925
5926 finish:
5927 return handlerObj;
5928 }
5929
5930 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
5931
5932 struct IOServiceStateNotificationDispatchSource_IVars {
5933 IOLock * fLock;
5934 IOService * fStateNotification;
5935 IOStateNotificationListenerRef fListener;
5936 OSAction * fAction;
5937 bool fEnable;
5938 bool fArmed;
5939 };
5940
5941 kern_return_t
Create_Impl(IOService * service,OSArray * items,IODispatchQueue * queue,IOServiceStateNotificationDispatchSource ** outSource)5942 IOServiceStateNotificationDispatchSource::Create_Impl(IOService * service, OSArray * items,
5943 IODispatchQueue * queue, IOServiceStateNotificationDispatchSource ** outSource)
5944 {
5945 kern_return_t kr;
5946 IOServiceStateNotificationDispatchSource * source;
5947
5948 source = OSTypeAlloc(IOServiceStateNotificationDispatchSource);
5949 source->init();
5950
5951 source->ivars->fStateNotification = service;
5952 kr = service->stateNotificationListenerAdd(items, &source->ivars->fListener, ^kern_return_t () {
5953 OSAction * action;
5954
5955 action = NULL;
5956 IOLockLock(source->ivars->fLock);
5957 if (source->ivars->fArmed && source->ivars->fAction) {
5958 source->ivars->fArmed = false;
5959 action = source->ivars->fAction;
5960 action->retain();
5961 }
5962 IOLockUnlock(source->ivars->fLock);
5963 if (action) {
5964 source->StateNotificationReady(action);
5965 OSSafeReleaseNULL(action);
5966 }
5967 return kIOReturnSuccess;
5968 });
5969
5970 if (kIOReturnSuccess != kr) {
5971 OSSafeReleaseNULL(source);
5972 }
5973 *outSource = source;
5974
5975 return kr;
5976 }
5977
5978
5979 bool
init()5980 IOServiceStateNotificationDispatchSource::init()
5981 {
5982 if (!IODispatchSource::init()) {
5983 return false;
5984 }
5985 ivars = IOMallocType(IOServiceStateNotificationDispatchSource_IVars);
5986 if (!ivars) {
5987 return false;
5988 }
5989 ivars->fLock = IOLockAlloc();
5990 if (!ivars->fLock) {
5991 return false;
5992 }
5993 ivars->fArmed = true;
5994
5995 return true;
5996 }
5997
5998 void
free()5999 IOServiceStateNotificationDispatchSource::free()
6000 {
6001 if (ivars) {
6002 if (ivars->fListener) {
6003 ivars->fStateNotification->stateNotificationListenerRemove(ivars->fListener);
6004 }
6005 if (ivars->fLock) {
6006 IOLockFree(ivars->fLock);
6007 }
6008 IOFreeType(ivars, IOServiceStateNotificationDispatchSource_IVars);
6009 }
6010 IODispatchSource::free();
6011 }
6012
6013 kern_return_t
SetHandler_Impl(OSAction * action)6014 IOServiceStateNotificationDispatchSource::SetHandler_Impl(OSAction * action)
6015 {
6016 IOReturn ret;
6017 bool notifyReady;
6018
6019 notifyReady = false;
6020
6021 IOLockLock(ivars->fLock);
6022 action->retain();
6023 OSSafeReleaseNULL(ivars->fAction);
6024 ivars->fAction = action;
6025 if (action) {
6026 notifyReady = true;
6027 }
6028 IOLockUnlock(ivars->fLock);
6029
6030 if (notifyReady) {
6031 StateNotificationReady(action);
6032 }
6033 ret = kIOReturnSuccess;
6034
6035 return ret;
6036 }
6037
6038 kern_return_t
SetEnableWithCompletion_Impl(bool enable,IODispatchSourceCancelHandler handler)6039 IOServiceStateNotificationDispatchSource::SetEnableWithCompletion_Impl(
6040 bool enable,
6041 IODispatchSourceCancelHandler handler)
6042 {
6043 if (enable == ivars->fEnable) {
6044 return kIOReturnSuccess;
6045 }
6046
6047 IOLockLock(ivars->fLock);
6048 ivars->fEnable = enable;
6049 IOLockUnlock(ivars->fLock);
6050
6051 return kIOReturnSuccess;
6052 }
6053
6054 kern_return_t
Cancel_Impl(IODispatchSourceCancelHandler handler)6055 IOServiceStateNotificationDispatchSource::Cancel_Impl(
6056 IODispatchSourceCancelHandler handler)
6057 {
6058 return kIOReturnUnsupported;
6059 }
6060
6061 kern_return_t
StateNotificationBegin_Impl(void)6062 IOServiceStateNotificationDispatchSource::StateNotificationBegin_Impl(void)
6063 {
6064 IOLockLock(ivars->fLock);
6065 ivars->fArmed = true;
6066 IOLockUnlock(ivars->fLock);
6067
6068 return kIOReturnSuccess;
6069 }
6070
6071 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
6072
6073 #include <IOKit/IOServiceStateNotificationEventSource.h>
6074
6075 OSDefineMetaClassAndStructors(IOServiceStateNotificationEventSource, IOEventSource)
6076 OSMetaClassDefineReservedUnused(IOServiceStateNotificationEventSource, 0);
6077 OSMetaClassDefineReservedUnused(IOServiceStateNotificationEventSource, 1);
6078 OSMetaClassDefineReservedUnused(IOServiceStateNotificationEventSource, 2);
6079 OSMetaClassDefineReservedUnused(IOServiceStateNotificationEventSource, 3);
6080 OSMetaClassDefineReservedUnused(IOServiceStateNotificationEventSource, 4);
6081 OSMetaClassDefineReservedUnused(IOServiceStateNotificationEventSource, 5);
6082 OSMetaClassDefineReservedUnused(IOServiceStateNotificationEventSource, 6);
6083 OSMetaClassDefineReservedUnused(IOServiceStateNotificationEventSource, 7);
6084
6085 OSPtr<IOServiceStateNotificationEventSource>
serviceStateNotificationEventSource(IOService * service,OSArray * items,ActionBlock inAction)6086 IOServiceStateNotificationEventSource::serviceStateNotificationEventSource(IOService *service,
6087 OSArray * items,
6088 ActionBlock inAction)
6089 {
6090 kern_return_t kr;
6091 IOServiceStateNotificationEventSource * source;
6092
6093 source = OSTypeAlloc(IOServiceStateNotificationEventSource);
6094 if (source && !source->init(service, NULL)) {
6095 OSSafeReleaseNULL(source);
6096 }
6097
6098 if (!source) {
6099 return nullptr;
6100 }
6101
6102 source->fStateNotification = service;
6103 kr = service->stateNotificationListenerAdd(items, &source->fListener, ^kern_return_t () {
6104 if (!source->workLoop) {
6105 return kIOReturnSuccess;
6106 }
6107 source->workLoop->runActionBlock(^IOReturn (void) {
6108 source->fArmed = true;
6109 return kIOReturnSuccess;
6110 });
6111 source->signalWorkAvailable();
6112 return kIOReturnSuccess;
6113 });
6114
6115 if (kIOReturnSuccess != kr) {
6116 OSSafeReleaseNULL(source);
6117 }
6118
6119 if (source) {
6120 source->setActionBlock((IOEventSource::ActionBlock) inAction);
6121 }
6122
6123 return source;
6124 }
6125
6126 void
free()6127 IOServiceStateNotificationEventSource::free()
6128 {
6129 if (fListener) {
6130 fStateNotification->stateNotificationListenerRemove(fListener);
6131 }
6132 IOEventSource::free();
6133 }
6134
6135 void
enable()6136 IOServiceStateNotificationEventSource::enable()
6137 {
6138 fEnable = true;
6139 }
6140
6141 void
disable()6142 IOServiceStateNotificationEventSource::disable()
6143 {
6144 fEnable = false;
6145 }
6146
6147 void
setWorkLoop(IOWorkLoop * inWorkLoop)6148 IOServiceStateNotificationEventSource::setWorkLoop(IOWorkLoop *inWorkLoop)
6149 {
6150 IOEventSource::setWorkLoop(inWorkLoop);
6151 }
6152
6153 bool
checkForWork()6154 IOServiceStateNotificationEventSource::checkForWork()
6155 {
6156 ActionBlock intActionBlock = (ActionBlock) actionBlock;
6157
6158 if (fArmed) {
6159 fArmed = false;
6160 (intActionBlock)();
6161 }
6162
6163 return false;
6164 }
6165
6166 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
6167
6168 OSDefineMetaClassAndStructors(IOSystemStateNotification, IOService);
6169
6170 class IOStateNotificationItem : public OSObject
6171 {
6172 OSDeclareDefaultStructors(IOStateNotificationItem);
6173
6174 public:
6175 virtual bool init() override;
6176
6177 OSDictionary * fSchema;
6178 OSDictionary * fValue;
6179 OSSet * fListeners;
6180 };
6181 OSDefineMetaClassAndStructors(IOStateNotificationItem, OSObject);
6182
6183
6184 class IOStateNotificationListener : public OSObject
6185 {
6186 OSDeclareDefaultStructors(IOStateNotificationListener);
6187
6188 public:
6189 virtual bool init() override;
6190 virtual void free() override;
6191
6192 IOStateNotificationHandler fHandler;
6193 };
6194 OSDefineMetaClassAndStructors(IOStateNotificationListener, OSObject);
6195
6196
6197 bool
init()6198 IOStateNotificationItem::init()
6199 {
6200 return OSObject::init();
6201 }
6202
6203 bool
init()6204 IOStateNotificationListener::init()
6205 {
6206 return OSObject::init();
6207 }
6208
6209 void
free()6210 IOStateNotificationListener::free()
6211 {
6212 if (fHandler) {
6213 Block_release(fHandler);
6214 }
6215 OSObject::free();
6216 }
6217
6218
6219 struct IOServiceStateChangeVars {
6220 IOLock * fLock;
6221 OSDictionary * fItems;
6222 };
6223
6224 IOService *
initialize(void)6225 IOSystemStateNotification::initialize(void)
6226 {
6227 IOSystemStateNotification * me;
6228 IOServiceStateChangeVars * vars;
6229
6230 me = OSTypeAlloc(IOSystemStateNotification);
6231 me->init();
6232 vars = IOMallocType(IOServiceStateChangeVars);
6233 me->reserved->svars = vars;
6234 vars->fLock = IOLockAlloc();
6235 vars->fItems = OSDictionary::withCapacity(16);
6236 {
6237 kern_return_t ret;
6238
6239 gIOSystemStateSleepDescriptionKey = (OSString *)OSSymbol::withCStringNoCopy(kIOSystemStateSleepDescriptionKey);
6240 gIOSystemStateSleepDescriptionHibernateStateKey = OSSymbol::withCStringNoCopy(kIOSystemStateSleepDescriptionHibernateStateKey);
6241 gIOSystemStateSleepDescriptionReasonKey = OSSymbol::withCStringNoCopy(kIOSystemStateSleepDescriptionReasonKey);
6242
6243 ret = me->StateNotificationItemCreate(gIOSystemStateSleepDescriptionKey, NULL);
6244 assert(kIOReturnSuccess == ret);
6245
6246 gIOSystemStateHaltDescriptionKey = (OSString *)OSSymbol::withCStringNoCopy(kIOSystemStateHaltDescriptionKey);
6247 gIOSystemStateHaltDescriptionHaltStateKey = OSSymbol::withCStringNoCopy(kIOSystemStateHaltDescriptionHaltStateKey);
6248
6249 ret = me->StateNotificationItemCreate(gIOSystemStateHaltDescriptionKey, NULL);
6250 assert(kIOReturnSuccess == ret);
6251
6252 gIOSystemStatePowerSourceDescriptionKey = (OSString *)OSSymbol::withCStringNoCopy(kIOSystemStatePowerSourceDescriptionKey);
6253 gIOSystemStatePowerSourceDescriptionACAttachedKey = OSSymbol::withCStringNoCopy(kIOSystemStatePowerSourceDescriptionACAttachedKey);
6254
6255 ret = me->StateNotificationItemCreate(gIOSystemStatePowerSourceDescriptionKey, NULL);
6256 assert(kIOReturnSuccess == ret);
6257 }
6258
6259 return me;
6260 }
6261
6262 bool
serializeProperties(OSSerialize * s) const6263 IOSystemStateNotification::serializeProperties(OSSerialize * s) const
6264 {
6265 IOServiceStateChangeVars * ivars = reserved->svars;
6266
6267 bool ok;
6268 OSDictionary * result;
6269
6270 result = OSDictionary::withCapacity(16);
6271
6272 IOLockLock(ivars->fLock);
6273 ivars->fItems->iterateObjects(^bool (const OSSymbol * key, OSObject * object) {
6274 IOStateNotificationItem * item;
6275
6276 item = (typeof(item))object;
6277 if (!item->fValue) {
6278 return false;
6279 }
6280 result->setObject(key, item->fValue);
6281 return false;
6282 });
6283 IOLockUnlock(ivars->fLock);
6284
6285 ok = result->serialize(s);
6286 OSSafeReleaseNULL(result);
6287
6288 return ok;
6289 }
6290
6291 kern_return_t
setProperties(OSObject * properties)6292 IOSystemStateNotification::setProperties(OSObject * properties)
6293 {
6294 kern_return_t kr;
6295 OSDictionary * dict;
6296 OSDictionary * schema;
6297 OSDictionary * value;
6298 OSString * itemName;
6299
6300 dict = OSDynamicCast(OSDictionary, properties);
6301 if (!dict) {
6302 return kIOReturnBadArgument;
6303 }
6304
6305 if ((schema = OSDynamicCast(OSDictionary, dict->getObject(kIOStateNotificationItemCreateKey)))) {
6306 itemName = OSDynamicCast(OSString, schema->getObject(kIOStateNotificationNameKey));
6307 kr = StateNotificationItemCreate(itemName, schema);
6308 } else if ((value = OSDynamicCast(OSDictionary, dict->getObject(kIOStateNotificationItemSetKey)))) {
6309 itemName = OSDynamicCast(OSString, value->getObject(kIOStateNotificationNameKey));
6310 itemName->retain();
6311 value->removeObject(kIOStateNotificationNameKey);
6312 kr = StateNotificationItemSet(itemName, value);
6313 itemName->release();
6314 } else {
6315 kr = kIOReturnError;
6316 }
6317
6318 return kr;
6319 }
6320
6321 kern_return_t
CopySystemStateNotificationService_Impl(IOService ** outService)6322 IOService::CopySystemStateNotificationService_Impl(IOService ** outService)
6323 {
6324 IOService * service;
6325
6326 service = getSystemStateNotificationService();
6327 service->retain();
6328 *outService = service;
6329
6330 return kIOReturnSuccess;
6331 }
6332
6333 IOStateNotificationItem *
stateNotificationItemCopy(OSString * itemName,OSDictionary * schema)6334 IOService::stateNotificationItemCopy(OSString * itemName, OSDictionary * schema)
6335 {
6336 IOServiceStateChangeVars * ivars = reserved->svars;
6337
6338 const OSSymbol * name;
6339 IOStateNotificationItem * item;
6340
6341 name = OSSymbol::withString(itemName);
6342
6343 IOLockLock(ivars->fLock);
6344 if ((item = (typeof(item))ivars->fItems->getObject(name))) {
6345 item->retain();
6346 } else {
6347 item = OSTypeAlloc(IOStateNotificationItem);
6348 item->init();
6349 item->fListeners = OSSet::withCapacity(16);
6350
6351 if (schema) {
6352 schema->retain();
6353 } else {
6354 schema = OSDictionary::withCapacity(8);
6355 }
6356 schema->setObject(kIOStateNotificationNameKey, name);
6357 item->fSchema = schema;
6358 ivars->fItems->setObject(name, item);
6359 }
6360 IOLockUnlock(ivars->fLock);
6361
6362 OSSafeReleaseNULL(name);
6363
6364 return item;
6365 }
6366
6367 kern_return_t
StateNotificationItemCreate_Impl(OSString * itemName,OSDictionary * schema)6368 IOService::StateNotificationItemCreate_Impl(OSString * itemName, OSDictionary * schema)
6369 {
6370 IOStateNotificationItem * item;
6371
6372 item = stateNotificationItemCopy(itemName, schema);
6373 if (!item) {
6374 return kIOReturnNoMemory;
6375 }
6376 item->release();
6377
6378 return kIOReturnSuccess;
6379 }
6380
6381 kern_return_t
StateNotificationItemSet_Impl(OSString * itemName,OSDictionary * value)6382 IOService::StateNotificationItemSet_Impl(OSString * itemName, OSDictionary * value)
6383 {
6384 IOServiceStateChangeVars * ivars = reserved->svars;
6385
6386 OSSet * listeners;
6387 IOStateNotificationItem * item;
6388
6389 value->retain();
6390 IOLockLock(ivars->fLock);
6391 item = (typeof(item))ivars->fItems->getObject(itemName);
6392 OSSafeReleaseNULL(item->fValue);
6393 item->fValue = value;
6394 listeners = NULL;
6395 if (item->fListeners->getCount()) {
6396 listeners = OSSet::withSet(item->fListeners);
6397 }
6398 IOLockUnlock(ivars->fLock);
6399
6400 if (listeners) {
6401 listeners->iterateObjects(^bool (OSObject * object) {
6402 IOStateNotificationListener * listener;
6403
6404 listener = (typeof(listener))object;
6405 listener->fHandler();
6406 return false;
6407 });
6408 OSSafeReleaseNULL(listeners);
6409 }
6410
6411 return kIOReturnSuccess;
6412 }
6413
6414 kern_return_t
StateNotificationItemCopy_Impl(OSString * itemName,OSDictionary ** outValue)6415 IOService::StateNotificationItemCopy_Impl(OSString * itemName, OSDictionary ** outValue)
6416 {
6417 IOServiceStateChangeVars * ivars = reserved->svars;
6418
6419 kern_return_t ret;
6420 IOStateNotificationItem * item;
6421 OSDictionary * value;
6422
6423 IOLockLock(ivars->fLock);
6424 item = (typeof(item))ivars->fItems->getObject(itemName);
6425 if (item) {
6426 value = item->fValue;
6427 } else {
6428 value = NULL;
6429 }
6430 if (!value) {
6431 ret = kIOReturnNotFound;
6432 } else {
6433 value->retain();
6434 ret = kIOReturnSuccess;
6435 }
6436 IOLockUnlock(ivars->fLock);
6437
6438 *outValue = value;
6439
6440 return ret;
6441 }
6442
6443 kern_return_t
stateNotificationListenerAdd(OSArray * items,IOStateNotificationListenerRef * outRef,IOStateNotificationHandler handler)6444 IOService::stateNotificationListenerAdd(OSArray * items,
6445 IOStateNotificationListenerRef * outRef,
6446 IOStateNotificationHandler handler)
6447 {
6448 IOServiceStateChangeVars * ivars = reserved->svars;
6449
6450 kern_return_t kr __block;
6451 IOStateNotificationListener * listener;
6452
6453 listener = OSTypeAlloc(IOStateNotificationListener);
6454 listener->init();
6455 listener->fHandler = Block_copy(handler);
6456
6457 kr = kIOReturnSuccess;
6458 items->iterateObjects(^bool (OSObject * object) {
6459 OSString * itemName;
6460 IOStateNotificationItem * item;
6461
6462 itemName = OSDynamicCast(OSString, object);
6463 if (!itemName) {
6464 kr = kIOReturnBadArgument;
6465 return true;
6466 }
6467 item = stateNotificationItemCopy(itemName, NULL);
6468 if (!item) {
6469 kr = kIOReturnNoMemory;
6470 return true;
6471 }
6472 IOLockLock(ivars->fLock);
6473 item->fListeners->setObject(listener);
6474 IOLockUnlock(ivars->fLock);
6475 item->release();
6476 return false;
6477 });
6478
6479 if (kIOReturnSuccess != kr) {
6480 stateNotificationListenerRemove(listener);
6481 OSSafeReleaseNULL(listener);
6482 }
6483 *outRef = listener;
6484
6485 return kr;
6486 }
6487
6488
6489 kern_return_t
stateNotificationListenerRemove(IOStateNotificationListenerRef ref)6490 IOService::stateNotificationListenerRemove(IOStateNotificationListenerRef ref)
6491 {
6492 IOServiceStateChangeVars * ivars = reserved->svars;
6493
6494 IOStateNotificationListener * listener;
6495 kern_return_t kr;
6496
6497 kr = kIOReturnSuccess;
6498 listener = (typeof(listener))ref;
6499
6500 IOLockLock(ivars->fLock);
6501 ivars->fItems->iterateObjects(^bool (const OSSymbol * key, OSObject * object) {
6502 IOStateNotificationItem * item;
6503
6504 item = (typeof(item))object;
6505 item->fListeners->removeObject(listener);
6506 return false;
6507 });
6508 IOLockUnlock(ivars->fLock);
6509
6510 return kr;
6511 }
6512
6513
6514
6515 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
6516
6517 kern_return_t
Create_Impl(OSString * name,IOUserClient * userClient,IOWorkGroup ** workgroup)6518 IOWorkGroup::Create_Impl(OSString * name, IOUserClient * userClient, IOWorkGroup ** workgroup)
6519 {
6520 IOWorkGroup * inst = NULL;
6521 IOUserUserClient * uc = NULL;
6522 kern_return_t ret = kIOReturnError;
6523 IOUserServer * us;
6524
6525 if (name == NULL) {
6526 ret = kIOReturnBadArgument;
6527 goto finish;
6528 }
6529
6530 if (name->getLength() > kIOWorkGroupMaxNameLength) {
6531 ret = kIOReturnBadArgument;
6532 goto finish;
6533 }
6534
6535 uc = OSDynamicCast(IOUserUserClient, userClient);
6536 if (uc == NULL) {
6537 ret = kIOReturnBadArgument;
6538 goto finish;
6539 }
6540
6541 inst = OSTypeAlloc(IOWorkGroup);
6542 if (!inst->init()) {
6543 inst->free();
6544 inst = NULL;
6545 ret = kIOReturnNoMemory;
6546 goto finish;
6547 }
6548
6549 us = (typeof(us))thread_iokit_tls_get(0);
6550 inst->ivars->userServer = OSDynamicCast(IOUserServer, us);
6551
6552 if (inst->ivars->userServer == NULL) {
6553 ret = kIOReturnBadArgument;
6554 goto finish;
6555 }
6556 inst->ivars->userServer->retain();
6557
6558 inst->ivars->name = name;
6559 inst->ivars->name->retain();
6560
6561 inst->ivars->userClient = uc; // no retain
6562
6563 IOLockLock(uc->fLock);
6564 uc->fWorkGroups->setObject(name, inst);
6565 IOLockUnlock(uc->fLock);
6566 ret = kIOReturnSuccess;
6567
6568 finish:
6569 if (ret != kIOReturnSuccess) {
6570 OSSafeReleaseNULL(inst);
6571 } else {
6572 *workgroup = inst;
6573 }
6574
6575 return ret;
6576 }
6577
6578 kern_return_t
InvalidateKernel_Impl(IOUserClient * client)6579 IOWorkGroup::InvalidateKernel_Impl(IOUserClient * client)
6580 {
6581 IOUserUserClient * uc = OSDynamicCast(IOUserUserClient, client);
6582
6583 if (uc == NULL) {
6584 return kIOReturnBadArgument;
6585 }
6586
6587 if (uc != ivars->userClient) {
6588 return kIOReturnBadArgument;
6589 }
6590
6591 IOLockLock(uc->fLock);
6592 uc->fWorkGroups->removeObject(ivars->name);
6593 IOLockUnlock(uc->fLock);
6594
6595 return kIOReturnSuccess;
6596 }
6597
6598 kern_return_t
SetWorkGroupPort_Impl(mach_port_t port)6599 IOWorkGroup::SetWorkGroupPort_Impl(mach_port_t port)
6600 {
6601 return kIOReturnUnsupported;
6602 }
6603
6604 bool
init()6605 IOWorkGroup::init()
6606 {
6607 if (!OSObject::init()) {
6608 return false;
6609 }
6610 ivars = IOMallocType(IOWorkGroup_IVars);
6611
6612 return true;
6613 }
6614
6615 void
free()6616 IOWorkGroup::free()
6617 {
6618 if (ivars) {
6619 OSSafeReleaseNULL(ivars->userServer);
6620 OSSafeReleaseNULL(ivars->name);
6621 IOFreeType(ivars, IOWorkGroup_IVars);
6622 }
6623
6624 OSObject::free();
6625 }
6626
6627 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
6628
6629 kern_return_t
Create_Impl(OSString * name,IOUserClient * userClient,IOEventLink ** eventlink)6630 IOEventLink::Create_Impl(OSString * name, IOUserClient * userClient, IOEventLink ** eventlink)
6631 {
6632 IOEventLink * inst = NULL;
6633 IOUserUserClient * uc = NULL;
6634 IOUserServer * us;
6635 kern_return_t ret = kIOReturnError;
6636
6637 if (name == NULL) {
6638 ret = kIOReturnBadArgument;
6639 goto finish;
6640 }
6641
6642 if (name->getLength() > kIOEventLinkMaxNameLength) {
6643 ret = kIOReturnBadArgument;
6644 goto finish;
6645 }
6646
6647 uc = OSDynamicCast(IOUserUserClient, userClient);
6648 if (uc == NULL) {
6649 ret = kIOReturnBadArgument;
6650 goto finish;
6651 }
6652
6653 inst = OSTypeAlloc(IOEventLink);
6654 if (!inst->init()) {
6655 inst->free();
6656 inst = NULL;
6657 ret = kIOReturnNoMemory;
6658 goto finish;
6659 }
6660
6661 us = (typeof(us))thread_iokit_tls_get(0);
6662 inst->ivars->userServer = OSDynamicCast(IOUserServer, us);
6663
6664 if (inst->ivars->userServer == NULL) {
6665 ret = kIOReturnBadArgument;
6666 goto finish;
6667 }
6668 inst->ivars->userServer->retain();
6669
6670 inst->ivars->name = name;
6671 inst->ivars->name->retain();
6672
6673 inst->ivars->userClient = uc; // no retain
6674
6675 IOLockLock(uc->fLock);
6676 uc->fEventLinks->setObject(name, inst);
6677 IOLockUnlock(uc->fLock);
6678
6679 ret = kIOReturnSuccess;
6680
6681 finish:
6682 if (ret != kIOReturnSuccess) {
6683 OSSafeReleaseNULL(inst);
6684 } else {
6685 *eventlink = inst;
6686 }
6687
6688 return ret;
6689 }
6690
6691 kern_return_t
InvalidateKernel_Impl(IOUserClient * client)6692 IOEventLink::InvalidateKernel_Impl(IOUserClient * client)
6693 {
6694 IOUserUserClient * uc = OSDynamicCast(IOUserUserClient, client);
6695
6696 if (uc == NULL) {
6697 return kIOReturnBadArgument;
6698 }
6699
6700 if (uc != ivars->userClient) {
6701 return kIOReturnBadArgument;
6702 }
6703
6704 IOLockLock(uc->fLock);
6705 uc->fEventLinks->removeObject(ivars->name);
6706 IOLockUnlock(uc->fLock);
6707
6708 return kIOReturnSuccess;
6709 }
6710
6711 bool
init()6712 IOEventLink::init()
6713 {
6714 if (!OSObject::init()) {
6715 return false;
6716 }
6717 ivars = IOMallocType(IOEventLink_IVars);
6718
6719 return true;
6720 }
6721
6722 void
free()6723 IOEventLink::free()
6724 {
6725 if (ivars) {
6726 OSSafeReleaseNULL(ivars->userServer);
6727 OSSafeReleaseNULL(ivars->name);
6728 IOFreeType(ivars, IOEventLink_IVars);
6729 }
6730
6731 OSObject::free();
6732 }
6733
6734 kern_return_t
SetEventlinkPort_Impl(mach_port_t port __unused)6735 IOEventLink::SetEventlinkPort_Impl(mach_port_t port __unused)
6736 {
6737 return kIOReturnUnsupported;
6738 }
6739