1 /*
2 * Copyright (c) 2000-2020 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @OSF_COPYRIGHT@
30 */
31 /*
32 * Mach Operating System
33 * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University
34 * All Rights Reserved.
35 *
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
41 *
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
45 *
46 * Carnegie Mellon requests users of this software to return to
47 *
48 * Software Distribution Coordinator or [email protected]
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
52 *
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
55 */
56 /*
57 */
58 /*
59 * File: mach/vm_param.h
60 * Author: Avadis Tevanian, Jr., Michael Wayne Young
61 * Date: 1985
62 *
63 * Machine independent virtual memory parameters.
64 *
65 */
66
67 #ifndef _MACH_VM_PARAM_H_
68 #define _MACH_VM_PARAM_H_
69
70 #include <mach/machine/vm_param.h>
71
72 #ifdef KERNEL
73
74 #ifndef ASSEMBLER
75 #include <mach/vm_types.h>
76 #endif /* ASSEMBLER */
77
78 #include <os/base.h>
79 #include <os/overflow.h>
80
81 /*
82 * The machine independent pages are refered to as PAGES. A page
83 * is some number of hardware pages, depending on the target machine.
84 */
85
86 #ifndef ASSEMBLER
87
88 #define PAGE_SIZE_64 (unsigned long long)PAGE_SIZE /* pagesize in addr units */
89 #define PAGE_MASK_64 (unsigned long long)PAGE_MASK /* mask for off in page */
90
91 /*
92 * Convert addresses to pages and vice versa. No rounding is used.
93 * The atop_32 and ptoa_32 macros should not be use on 64 bit types.
94 * The round_page_64 and trunc_page_64 macros should be used instead.
95 */
96
97 #define atop_32(x) ((uint32_t)(x) >> PAGE_SHIFT)
98 #define ptoa_32(x) ((uint32_t)(x) << PAGE_SHIFT)
99 #define atop_64(x) ((uint64_t)(x) >> PAGE_SHIFT)
100 #define ptoa_64(x) ((uint64_t)(x) << PAGE_SHIFT)
101
102 #define atop_kernel(x) ((vm_address_t)(x) >> PAGE_SHIFT)
103 #define ptoa_kernel(x) ((vm_address_t)(x) << PAGE_SHIFT)
104
105 /*
106 * While the following block is enabled, the legacy atop and ptoa
107 * macros will behave correctly. If not, they will generate
108 * invalid lvalue errors.
109 */
110
111 #if 1
112 #define atop(x) ((vm_address_t)(x) >> PAGE_SHIFT)
113 #define ptoa(x) ((vm_address_t)(x) << PAGE_SHIFT)
114 #else
115 #define atop(x) (0UL = 0)
116 #define ptoa(x) (0UL = 0)
117 #endif
118
119 /*
120 * Page-size rounding macros for the Public fixed-width VM types.
121 */
122 #define mach_vm_round_page(x) (((mach_vm_offset_t)(x) + PAGE_MASK) & ~((signed)PAGE_MASK))
123 #define mach_vm_trunc_page(x) ((mach_vm_offset_t)(x) & ~((signed)PAGE_MASK))
124
125 #define round_page_overflow(in, out) __os_warn_unused(({ \
126 bool __ovr = os_add_overflow(in, (__typeof__(*out))PAGE_MASK, out); \
127 *out &= ~((__typeof__(*out))PAGE_MASK); \
128 __ovr; \
129 }))
130
131 static inline int OS_WARN_RESULT
mach_vm_round_page_overflow(mach_vm_offset_t in,mach_vm_offset_t * out)132 mach_vm_round_page_overflow(mach_vm_offset_t in, mach_vm_offset_t *out)
133 {
134 return round_page_overflow(in, out);
135 }
136
137 #define memory_object_round_page(x) (((memory_object_offset_t)(x) + PAGE_MASK) & ~((signed)PAGE_MASK))
138 #define memory_object_trunc_page(x) ((memory_object_offset_t)(x) & ~((signed)PAGE_MASK))
139
140 /*
141 * Rounding macros for the legacy (scalable with the current task's
142 * address space size) VM types.
143 */
144
145 #define round_page(x) (((vm_offset_t)(x) + PAGE_MASK) & ~((vm_offset_t)PAGE_MASK))
146 #define trunc_page(x) ((vm_offset_t)(x) & ~((vm_offset_t)PAGE_MASK))
147
148 /*
149 * Round off or truncate to the nearest page. These will work
150 * for either addresses or counts. (i.e. 1 byte rounds to 1 page
151 * bytes. The round_page_32 and trunc_page_32 macros should not be
152 * use on 64 bit types. The round_page_64 and trunc_page_64 macros
153 * should be used instead.
154 *
155 * These should only be used in the rare case the size of the address
156 * or length is hard-coded as 32 or 64 bit. Otherwise, the macros
157 * associated with the specific VM type should be used.
158 */
159
160 #define round_page_32(x) (((uint32_t)(x) + PAGE_MASK) & ~((uint32_t)PAGE_MASK))
161 #define trunc_page_32(x) ((uint32_t)(x) & ~((uint32_t)PAGE_MASK))
162 #define round_page_64(x) (((uint64_t)(x) + PAGE_MASK_64) & ~((uint64_t)PAGE_MASK_64))
163 #define trunc_page_64(x) ((uint64_t)(x) & ~((uint64_t)PAGE_MASK_64))
164
165 #define round_page_mask_32(x, mask) (((uint32_t)(x) + (mask)) & ~((uint32_t)(mask)))
166 #define trunc_page_mask_32(x, mask) ((uint32_t)(x) & ~((uint32_t)(mask)))
167 #define round_page_mask_64(x, mask) (((uint64_t)(x) + (mask)) & ~((uint64_t)(mask)))
168 #define trunc_page_mask_64(x, mask) ((uint64_t)(x) & ~((uint64_t)(mask)))
169
170 /*
171 * Enable the following block to find uses of xxx_32 macros that should
172 * be xxx_64. These macros only work in C code, not C++. The resulting
173 * binaries are not functional. Look for invalid lvalue errors in
174 * the compiler output.
175 *
176 * Enabling the following block will also find use of the xxx_64 macros
177 * that have been passed pointers. The parameters should be case to an
178 * unsigned long type first. Look for invalid operands to binary + error
179 * in the compiler output.
180 */
181
182 #if 0
183 #undef atop_32
184 #undef ptoa_32
185 #undef round_page_32
186 #undef trunc_page_32
187 #undef atop_64
188 #undef ptoa_64
189 #undef round_page_64
190 #undef trunc_page_64
191
192 #ifndef __cplusplus
193
194 #define atop_32(x) \
195 (__builtin_choose_expr (sizeof(x) != sizeof(uint64_t), \
196 (*(long *)0), \
197 (0UL)) = 0)
198
199 #define ptoa_32(x) \
200 (__builtin_choose_expr (sizeof(x) != sizeof(uint64_t), \
201 (*(long *)0), \
202 (0UL)) = 0)
203
204 #define round_page_32(x) \
205 (__builtin_choose_expr (sizeof(x) != sizeof(uint64_t), \
206 (*(long *)0), \
207 (0UL)) = 0)
208
209 #define trunc_page_32(x) \
210 (__builtin_choose_expr (sizeof(x) != sizeof(uint64_t), \
211 (*(long *)0), \
212 (0UL)) = 0)
213 #else
214
215 #define atop_32(x) (0)
216 #define ptoa_32(x) (0)
217 #define round_page_32(x) (0)
218 #define trunc_page_32(x) (0)
219
220 #endif /* ! __cplusplus */
221
222 #define atop_64(x) ((uint64_t)((x) + (uint8_t *)0))
223 #define ptoa_64(x) ((uint64_t)((x) + (uint8_t *)0))
224 #define round_page_64(x) ((uint64_t)((x) + (uint8_t *)0))
225 #define trunc_page_64(x) ((uint64_t)((x) + (uint8_t *)0))
226
227 #endif
228
229 /*
230 * Determine whether an address is page-aligned, or a count is
231 * an exact page multiple.
232 */
233
234 #define page_aligned(x) (((x) & PAGE_MASK) == 0)
235
236 extern vm_size_t mem_size; /* 32-bit size of memory - limited by maxmem - deprecated */
237 extern uint64_t max_mem; /* 64-bit size of memory - limited by maxmem */
238
239 /*
240 * The VM compressor pager uses 32-bit page numbers, so this limits the size
241 * of anonymous memory objects to 0xffffffff pages.
242 * When we need to allocate a chunk of anonymous memory over that size,
243 * we have to allocate more than one chunk.
244 */
245 #define ANON_MAX_PAGES 0xFFFFFFFFULL
246 #define ANON_MAX_SIZE (ANON_MAX_PAGES << PAGE_SHIFT)
247 /*
248 * Work-around for <rdar://problem/6626493>
249 * Break large anonymous memory areas into 128MB chunks to alleviate
250 * the cost of copying when copy-on-write is not possible because a small
251 * portion of it being wired.
252 */
253 #define ANON_CHUNK_SIZE (128ULL * 1024 * 1024) /* 128MB */
254
255 /*
256 * The 'medium' malloc allocator would like its regions
257 * to be chunked up into MALLOC_MEDIUM_CHUNK_SIZE chunks
258 * and backed by different objects. This avoids contention
259 * on a single large object and showed solid improvements on high
260 * core machines with workloads involving video and graphics processing.
261 */
262 #define MALLOC_MEDIUM_CHUNK_SIZE (8ULL * 1024 * 1024) /* 8 MB */
263
264 #ifdef KERNEL_PRIVATE
265 extern uint64_t sane_size; /* Memory size to use for defaults calculations */
266 #endif /* KERNEL_PRIVATE */
267
268 #ifdef XNU_KERNEL_PRIVATE
269
270 #include <kern/debug.h>
271
272 extern uint64_t mem_actual; /* 64-bit size of memory - not limited by maxmem */
273 extern uint64_t max_mem_actual; /* Size of physical memory adjusted by maxmem */
274 extern addr64_t vm_last_addr; /* Highest kernel virtual address known to the VM system */
275
276 extern const vm_offset_t vm_min_kernel_address;
277 extern const vm_offset_t vm_max_kernel_address;
278
279 extern vm_offset_t vm_kernel_stext;
280 extern vm_offset_t vm_kernel_etext;
281 extern vm_offset_t vm_kernel_slid_base;
282 extern vm_offset_t vm_kernel_slid_top;
283 extern vm_offset_t vm_kernel_slide;
284 extern vm_offset_t vm_kernel_addrperm;
285 extern vm_offset_t vm_kext_base;
286 extern vm_offset_t vm_kext_top;
287 extern vm_offset_t vm_kernel_base;
288 extern vm_offset_t vm_kernel_top;
289 extern vm_offset_t vm_hib_base;
290
291 extern vm_offset_t vm_kernel_builtinkmod_text;
292 extern vm_offset_t vm_kernel_builtinkmod_text_end;
293
294 #define VM_KERNEL_IS_SLID(_o) \
295 (((vm_offset_t)VM_KERNEL_STRIP_PTR(_o) >= vm_kernel_slid_base) && \
296 ((vm_offset_t)VM_KERNEL_STRIP_PTR(_o) < vm_kernel_slid_top))
297
298 #define VM_KERNEL_SLIDE(_u) ((vm_offset_t)(_u) + vm_kernel_slide)
299
300 /*
301 * The following macros are to be used when exposing kernel addresses to
302 * userspace via any of the various debug or info facilities that might exist
303 * (e.g. stackshot, proc_info syscall, etc.). It is important to understand
304 * the goal of each macro and choose the right one depending on what you are
305 * trying to do. Misuse of these macros can result in critical data leaks
306 * which in turn lead to all sorts of system vulnerabilities. It is invalid to
307 * call these macros on a non-kernel address (NULL is allowed).
308 *
309 * VM_KERNEL_UNSLIDE:
310 * Use this macro when you are exposing an address to userspace which is
311 * *guaranteed* to be a "static" kernel or kext address (i.e. coming from text
312 * or data sections). These are the addresses which get "slid" via ASLR on
313 * kernel or kext load, and it's precisely the slide value we are trying to
314 * protect from userspace.
315 *
316 * VM_KERNEL_ADDRHIDE:
317 * Use when exposing an address for internal purposes: debugging, tracing,
318 * etc. The address will be unslid if necessary. Other addresses will be
319 * hidden on customer builds, and unmodified on internal builds.
320 *
321 * VM_KERNEL_ADDRHASH:
322 * Use this macro when exposing a kernel address to userspace on customer
323 * builds. The address can be from the static kernel or kext regions, or the
324 * kernel heap. The address will be unslid or hashed as appropriate.
325 *
326 *
327 * ** SECURITY WARNING: The following macros can leak kernel secrets.
328 * Use *only* in performance *critical* code.
329 *
330 * VM_KERNEL_ADDRPERM:
331 * VM_KERNEL_UNSLIDE_OR_PERM:
332 * Use these macros when exposing a kernel address to userspace on customer
333 * builds. The address can be from the static kernel or kext regions, or the
334 * kernel heap. The address will be unslid or permuted as appropriate.
335 *
336 * Nesting of these macros should be considered invalid.
337 */
338
339 #define __DO_UNSLIDE(_v) ((vm_offset_t)VM_KERNEL_STRIP_PTR(_v) - vm_kernel_slide)
340
341 #if DEBUG || DEVELOPMENT
342 #define VM_KERNEL_ADDRHIDE(_v) (VM_KERNEL_IS_SLID(_v) ? __DO_UNSLIDE(_v) : (vm_address_t)VM_KERNEL_STRIP_PTR(_v))
343 #else
344 #define VM_KERNEL_ADDRHIDE(_v) (VM_KERNEL_IS_SLID(_v) ? __DO_UNSLIDE(_v) : (vm_address_t)0)
345 #endif /* DEBUG || DEVELOPMENT */
346
347 #define VM_KERNEL_ADDRHASH(_v) vm_kernel_addrhash((vm_offset_t)(_v))
348
349 #define VM_KERNEL_UNSLIDE_OR_PERM(_v) ({ \
350 VM_KERNEL_IS_SLID(_v) ? __DO_UNSLIDE(_v) : \
351 VM_KERNEL_ADDRESS(_v) ? ((vm_offset_t)VM_KERNEL_STRIP_PTR(_v) + vm_kernel_addrperm) : \
352 (vm_offset_t)VM_KERNEL_STRIP_PTR(_v); \
353 })
354
355 #define VM_KERNEL_UNSLIDE(_v) ({ \
356 VM_KERNEL_IS_SLID(_v) ? __DO_UNSLIDE(_v) : (vm_offset_t)0; \
357 })
358
359 #define VM_KERNEL_ADDRPERM(_v) VM_KERNEL_UNSLIDE_OR_PERM(_v)
360
361 #undef mach_vm_round_page
362 #undef round_page
363 #undef round_page_32
364 #undef round_page_64
365
366 static inline int
mach_vm_size_unit(mach_vm_size_t size)367 mach_vm_size_unit(mach_vm_size_t size)
368 {
369 uint32_t bits = 64u - (uint32_t)__builtin_clzll((size / 10) | 1);
370
371 return "BKMGTPE"[bits / 10];
372 }
373
374 static inline uint32_t
mach_vm_size_pretty(mach_vm_size_t size)375 mach_vm_size_pretty(mach_vm_size_t size)
376 {
377 uint32_t bits = 64u - (uint32_t)__builtin_clzll((size / 10) | 1);
378
379 return (uint32_t)(size >> (bits - bits % 10));
380 }
381
382 static inline mach_vm_offset_t
mach_vm_round_page(mach_vm_offset_t x)383 mach_vm_round_page(mach_vm_offset_t x)
384 {
385 if (round_page_overflow(x, &x)) {
386 panic("overflow detected");
387 }
388 return x;
389 }
390
391 static inline vm_offset_t
round_page(vm_offset_t x)392 round_page(vm_offset_t x)
393 {
394 if (round_page_overflow(x, &x)) {
395 panic("overflow detected");
396 }
397 return x;
398 }
399
400 static inline mach_vm_offset_t
round_page_64(mach_vm_offset_t x)401 round_page_64(mach_vm_offset_t x)
402 {
403 if (round_page_overflow(x, &x)) {
404 panic("overflow detected");
405 }
406 return x;
407 }
408
409 static inline uint32_t
round_page_32(uint32_t x)410 round_page_32(uint32_t x)
411 {
412 if (round_page_overflow(x, &x)) {
413 panic("overflow detected");
414 }
415 return x;
416 }
417
418
419 /*!
420 * @typedef vm_packing_params_t
421 *
422 * @brief
423 * Data structure representing the packing parameters for a given packed pointer
424 * encoding.
425 *
426 * @discussion
427 * Several data structures wish to pack their pointers on less than 64bits
428 * on LP64 in order to save memory.
429 *
430 * Adopters are supposed to define 3 macros:
431 * - @c *_BITS: number of storage bits used for the packing,
432 * - @c *_SHIFT: number of non significant low bits (expected to be 0),
433 * - @c *_BASE: the base against which to encode.
434 *
435 * The encoding is a no-op when @c *_BITS is equal to @c __WORDSIZE and
436 * @c *_SHIFT is 0.
437 *
438 *
439 * The convenience macro @c VM_PACKING_PARAMS can be used to create
440 * a @c vm_packing_params_t structure out of those definitions.
441 *
442 * It is customary to declare a constant global per scheme for the sake
443 * of debuggers to be able to dynamically decide how to unpack various schemes.
444 *
445 *
446 * This uses 2 possible schemes (who both preserve @c NULL):
447 *
448 * 1. When the storage bits and shift are sufficiently large (strictly more than
449 * VM_KERNEL_POINTER_SIGNIFICANT_BITS), a sign-extension scheme can be used.
450 *
451 * This allows to represent any kernel pointer.
452 *
453 * 2. Else, a base-relative scheme can be used, typical bases are:
454 *
455 * - @c KERNEL_PMAP_HEAP_RANGE_START when only pointers to heap (zone)
456 * allocated objects need to be packed,
457 *
458 * - @c VM_MIN_KERNEL_AND_KEXT_ADDRESS when pointers to kernel globals also
459 * need this.
460 *
461 * When such an ecoding is used, @c zone_restricted_va_max() must be taught
462 * about it.
463 */
464 typedef struct vm_packing_params {
465 vm_offset_t vmpp_base;
466 uint8_t vmpp_bits;
467 uint8_t vmpp_shift;
468 bool vmpp_base_relative;
469 } vm_packing_params_t;
470
471
472 /*!
473 * @macro VM_PACKING_IS_BASE_RELATIVE
474 *
475 * @brief
476 * Whether the packing scheme with those parameters will be base-relative.
477 */
478 #define VM_PACKING_IS_BASE_RELATIVE(ns) \
479 (ns##_BITS + ns##_SHIFT <= VM_KERNEL_POINTER_SIGNIFICANT_BITS)
480
481
482 /*!
483 * @macro VM_PACKING_PARAMS
484 *
485 * @brief
486 * Constructs a @c vm_packing_params_t structure based on the convention that
487 * macros with the @c _BASE, @c _BITS and @c _SHIFT suffixes have been defined
488 * to the proper values.
489 */
490 #define VM_PACKING_PARAMS(ns) \
491 (vm_packing_params_t){ \
492 .vmpp_base = ns##_BASE, \
493 .vmpp_bits = ns##_BITS, \
494 .vmpp_shift = ns##_SHIFT, \
495 .vmpp_base_relative = VM_PACKING_IS_BASE_RELATIVE(ns), \
496 }
497
498 /**
499 * @function vm_pack_pointer
500 *
501 * @brief
502 * Packs a pointer according to the specified parameters.
503 *
504 * @discussion
505 * The convenience @c VM_PACK_POINTER macro allows to synthesize
506 * the @c params argument.
507 *
508 * @param ptr The pointer to pack.
509 * @param params The encoding parameters.
510 * @returns The packed pointer.
511 */
512 static inline vm_offset_t
vm_pack_pointer(vm_offset_t ptr,vm_packing_params_t params)513 vm_pack_pointer(vm_offset_t ptr, vm_packing_params_t params)
514 {
515 if (!params.vmpp_base_relative) {
516 return ptr >> params.vmpp_shift;
517 }
518 if (ptr) {
519 return (ptr - params.vmpp_base) >> params.vmpp_shift;
520 }
521 return (vm_offset_t)0;
522 }
523 #define VM_PACK_POINTER(ptr, ns) \
524 vm_pack_pointer(ptr, VM_PACKING_PARAMS(ns))
525
526 /**
527 * @function vm_unpack_pointer
528 *
529 * @brief
530 * Unpacks a pointer packed with @c vm_pack_pointer().
531 *
532 * @discussion
533 * The convenience @c VM_UNPACK_POINTER macro allows to synthesize
534 * the @c params argument.
535 *
536 * @param packed The packed value to decode.
537 * @param params The encoding parameters.
538 * @returns The unpacked pointer.
539 */
540 static inline vm_offset_t
vm_unpack_pointer(vm_offset_t packed,vm_packing_params_t params)541 vm_unpack_pointer(vm_offset_t packed, vm_packing_params_t params)
542 {
543 if (!params.vmpp_base_relative) {
544 intptr_t addr = (intptr_t)packed;
545 addr <<= __WORDSIZE - params.vmpp_bits;
546 addr >>= __WORDSIZE - params.vmpp_bits - params.vmpp_shift;
547 return (vm_offset_t)addr;
548 }
549 if (packed) {
550 return (packed << params.vmpp_shift) + params.vmpp_base;
551 }
552 return (vm_offset_t)0;
553 }
554 #define VM_UNPACK_POINTER(packed, ns) \
555 vm_unpack_pointer(packed, VM_PACKING_PARAMS(ns))
556
557 /**
558 * @function vm_packing_max_packable
559 *
560 * @brief
561 * Returns the largest packable address for the given parameters.
562 *
563 * @discussion
564 * The convenience @c VM_PACKING_MAX_PACKABLE macro allows to synthesize
565 * the @c params argument.
566 *
567 * @param params The encoding parameters.
568 * @returns The largest packable pointer.
569 */
570 static inline vm_offset_t
vm_packing_max_packable(vm_packing_params_t params)571 vm_packing_max_packable(vm_packing_params_t params)
572 {
573 if (!params.vmpp_base_relative) {
574 return VM_MAX_KERNEL_ADDRESS;
575 }
576
577 vm_offset_t ptr = params.vmpp_base +
578 (((1ul << params.vmpp_bits) - 1) << params.vmpp_shift);
579
580 return ptr >= params.vmpp_base ? ptr : VM_MAX_KERNEL_ADDRESS;
581 }
582 #define VM_PACKING_MAX_PACKABLE(ns) \
583 vm_packing_max_packable(VM_PACKING_PARAMS(ns))
584
585
586 __abortlike
587 extern void
588 vm_packing_pointer_invalid(vm_offset_t ptr, vm_packing_params_t params);
589
590 /**
591 * @function vm_verify_pointer_packable
592 *
593 * @brief
594 * Panics if the specified pointer cannot be packed with the specified
595 * parameters.
596 *
597 * @discussion
598 * The convenience @c VM_VERIFY_POINTER_PACKABLE macro allows to synthesize
599 * the @c params argument.
600 *
601 * The convenience @c VM_ASSERT_POINTER_PACKABLE macro allows to synthesize
602 * the @c params argument, and is erased when assertions are disabled.
603 *
604 * @param ptr The packed value to decode.
605 * @param params The encoding parameters.
606 */
607 static inline void
vm_verify_pointer_packable(vm_offset_t ptr,vm_packing_params_t params)608 vm_verify_pointer_packable(vm_offset_t ptr, vm_packing_params_t params)
609 {
610 if (ptr & ((1ul << params.vmpp_shift) - 1)) {
611 vm_packing_pointer_invalid(ptr, params);
612 }
613 if (!params.vmpp_base_relative || ptr == 0) {
614 return;
615 }
616 if (ptr <= params.vmpp_base || ptr > vm_packing_max_packable(params)) {
617 vm_packing_pointer_invalid(ptr, params);
618 }
619 }
620 #define VM_VERIFY_POINTER_PACKABLE(ptr, ns) \
621 vm_verify_pointer_packable(ptr, VM_PACKING_PARAMS(ns))
622
623 #if DEBUG || DEVELOPMENT
624 #define VM_ASSERT_POINTER_PACKABLE(ptr, ns) \
625 VM_VERIFY_POINTER_PACKABLE(ptr, ns)
626 #else
627 #define VM_ASSERT_POINTER_PACKABLE(ptr, ns) ((void)(ptr))
628 #endif
629
630 /**
631 * @function vm_verify_pointer_range
632 *
633 * @brief
634 * Panics if some pointers in the specified range can't be packed with the
635 * specified parameters.
636 *
637 * @param subsystem The subsystem requiring the packing.
638 * @param min_address The smallest address of the range.
639 * @param max_address The largest address of the range.
640 * @param params The encoding parameters.
641 */
642 extern void
643 vm_packing_verify_range(
644 const char *subsystem,
645 vm_offset_t min_address,
646 vm_offset_t max_address,
647 vm_packing_params_t params);
648
649 #endif /* XNU_KERNEL_PRIVATE */
650
651 extern vm_size_t page_size;
652 extern vm_size_t page_mask;
653 extern int page_shift;
654
655 /* We need a way to get rid of compiler warnings when we cast from */
656 /* a 64 bit value to an address (which may be 32 bits or 64-bits). */
657 /* An intptr_t is used convert the value to the right precision, and */
658 /* then to an address. This macro is also used to convert addresses */
659 /* to 32-bit integers, which is a hard failure for a 64-bit kernel */
660 #include <stdint.h>
661 #ifndef __CAST_DOWN_CHECK
662 #define __CAST_DOWN_CHECK
663
664 #define CAST_DOWN( type, addr ) \
665 ( ((type)((uintptr_t) (addr)/(sizeof(type) < sizeof(uintptr_t) ? 0 : 1))) )
666
667 #define CAST_DOWN_EXPLICIT( type, addr ) ( ((type)((uintptr_t) (addr))) )
668
669 #endif /* __CAST_DOWN_CHECK */
670
671 #endif /* ASSEMBLER */
672
673 #endif /* KERNEL */
674
675 #endif /* _MACH_VM_PARAM_H_ */
676