1 /* 2 * Copyright (c) 1998-2014 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 30 #include <libkern/c++/OSKext.h> 31 #include <IOKit/IOKitServer.h> 32 #include <IOKit/IOKitKeysPrivate.h> 33 #include <IOKit/IOUserClient.h> 34 #include <IOKit/IOService.h> 35 #include <IOKit/IORegistryEntry.h> 36 #include <IOKit/IOCatalogue.h> 37 #include <IOKit/IOMemoryDescriptor.h> 38 #include <IOKit/IOBufferMemoryDescriptor.h> 39 #include <IOKit/IOLib.h> 40 #include <IOKit/IOStatisticsPrivate.h> 41 #include <IOKit/IOTimeStamp.h> 42 #include <IOKit/system.h> 43 #include <libkern/OSDebug.h> 44 #include <sys/proc.h> 45 #include <sys/kauth.h> 46 #include <sys/codesign.h> 47 48 #if CONFIG_MACF 49 50 extern "C" { 51 #include <security/mac_framework.h> 52 }; 53 #include <sys/kauth.h> 54 55 #define IOMACF_LOG 0 56 57 #endif /* CONFIG_MACF */ 58 59 #include <IOKit/assert.h> 60 61 #include "IOServicePrivate.h" 62 #include "IOKitKernelInternal.h" 63 64 #define SCALAR64(x) ((io_user_scalar_t)((unsigned int)x)) 65 #define SCALAR32(x) ((uint32_t )x) 66 #define ARG32(x) ((void *)(uintptr_t)SCALAR32(x)) 67 #define REF64(x) ((io_user_reference_t)((UInt64)(x))) 68 #define REF32(x) ((int)(x)) 69 70 enum 71 { 72 kIOUCAsync0Flags = 3ULL, 73 kIOUCAsync64Flag = 1ULL 74 }; 75 76 #if IOKITSTATS 77 78 #define IOStatisticsRegisterCounter() \ 79 do { \ 80 reserved->counter = IOStatistics::registerUserClient(this); \ 81 } while (0) 82 83 #define IOStatisticsUnregisterCounter() \ 84 do { \ 85 if (reserved) \ 86 IOStatistics::unregisterUserClient(reserved->counter); \ 87 } while (0) 88 89 #define IOStatisticsClientCall() \ 90 do { \ 91 IOStatistics::countUserClientCall(client); \ 92 } while (0) 93 94 #else 95 96 #define IOStatisticsRegisterCounter() 97 #define IOStatisticsUnregisterCounter() 98 #define IOStatisticsClientCall() 99 100 #endif /* IOKITSTATS */ 101 102 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 103 104 // definitions we should get from osfmk 105 106 //typedef struct ipc_port * ipc_port_t; 107 typedef natural_t ipc_kobject_type_t; 108 109 #define IKOT_IOKIT_SPARE 27 110 #define IKOT_IOKIT_CONNECT 29 111 #define IKOT_IOKIT_OBJECT 30 112 113 extern "C" { 114 115 extern ipc_port_t iokit_alloc_object_port( io_object_t obj, 116 ipc_kobject_type_t type ); 117 118 extern kern_return_t iokit_destroy_object_port( ipc_port_t port ); 119 120 extern mach_port_name_t iokit_make_send_right( task_t task, 121 io_object_t obj, ipc_kobject_type_t type ); 122 123 extern kern_return_t iokit_mod_send_right( task_t task, mach_port_name_t name, mach_port_delta_t delta ); 124 125 extern io_object_t iokit_lookup_connect_ref(io_object_t clientRef, ipc_space_t task); 126 127 extern io_object_t iokit_lookup_connect_ref_current_task(io_object_t clientRef); 128 129 extern ipc_port_t master_device_port; 130 131 extern void iokit_retain_port( ipc_port_t port ); 132 extern void iokit_release_port( ipc_port_t port ); 133 extern void iokit_release_port_send( ipc_port_t port ); 134 135 extern kern_return_t iokit_switch_object_port( ipc_port_t port, io_object_t obj, ipc_kobject_type_t type ); 136 137 #include <mach/mach_traps.h> 138 #include <vm/vm_map.h> 139 140 } /* extern "C" */ 141 142 143 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 144 145 // IOMachPort maps OSObjects to ports, avoiding adding an ivar to OSObject. 146 147 class IOMachPort : public OSObject 148 { 149 OSDeclareDefaultStructors(IOMachPort) 150 public: 151 OSObject * object; 152 ipc_port_t port; 153 UInt32 mscount; 154 UInt8 holdDestroy; 155 156 static IOMachPort * portForObject( OSObject * obj, 157 ipc_kobject_type_t type ); 158 static bool noMoreSendersForObject( OSObject * obj, 159 ipc_kobject_type_t type, mach_port_mscount_t * mscount ); 160 static void releasePortForObject( OSObject * obj, 161 ipc_kobject_type_t type ); 162 static void setHoldDestroy( OSObject * obj, ipc_kobject_type_t type ); 163 164 static OSDictionary * dictForType( ipc_kobject_type_t type ); 165 166 static mach_port_name_t makeSendRightForTask( task_t task, 167 io_object_t obj, ipc_kobject_type_t type ); 168 169 virtual void free(); 170 }; 171 172 #define super OSObject 173 OSDefineMetaClassAndStructors(IOMachPort, OSObject) 174 175 static IOLock * gIOObjectPortLock; 176 177 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 178 179 // not in dictForType() for debugging ease 180 static OSDictionary * gIOObjectPorts; 181 static OSDictionary * gIOConnectPorts; 182 183 OSDictionary * IOMachPort::dictForType( ipc_kobject_type_t type ) 184 { 185 OSDictionary ** dict; 186 187 if( IKOT_IOKIT_OBJECT == type ) 188 dict = &gIOObjectPorts; 189 else if( IKOT_IOKIT_CONNECT == type ) 190 dict = &gIOConnectPorts; 191 else 192 return( 0 ); 193 194 if( 0 == *dict) 195 *dict = OSDictionary::withCapacity( 1 ); 196 197 return( *dict ); 198 } 199 200 IOMachPort * IOMachPort::portForObject ( OSObject * obj, 201 ipc_kobject_type_t type ) 202 { 203 IOMachPort * inst = 0; 204 OSDictionary * dict; 205 206 IOTakeLock( gIOObjectPortLock); 207 208 do { 209 210 dict = dictForType( type ); 211 if( !dict) 212 continue; 213 214 if( (inst = (IOMachPort *) 215 dict->getObject( (const OSSymbol *) obj ))) { 216 inst->mscount++; 217 inst->retain(); 218 continue; 219 } 220 221 inst = new IOMachPort; 222 if( inst && !inst->init()) { 223 inst = 0; 224 continue; 225 } 226 227 inst->port = iokit_alloc_object_port( obj, type ); 228 if( inst->port) { 229 // retains obj 230 dict->setObject( (const OSSymbol *) obj, inst ); 231 inst->mscount++; 232 233 } else { 234 inst->release(); 235 inst = 0; 236 } 237 238 } while( false ); 239 240 IOUnlock( gIOObjectPortLock); 241 242 return( inst ); 243 } 244 245 bool IOMachPort::noMoreSendersForObject( OSObject * obj, 246 ipc_kobject_type_t type, mach_port_mscount_t * mscount ) 247 { 248 OSDictionary * dict; 249 IOMachPort * machPort; 250 bool destroyed = true; 251 252 IOTakeLock( gIOObjectPortLock); 253 254 if( (dict = dictForType( type ))) { 255 obj->retain(); 256 257 machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj ); 258 if( machPort) { 259 destroyed = (machPort->mscount <= *mscount); 260 if( destroyed) 261 dict->removeObject( (const OSSymbol *) obj ); 262 else 263 *mscount = machPort->mscount; 264 } 265 obj->release(); 266 } 267 268 IOUnlock( gIOObjectPortLock); 269 270 return( destroyed ); 271 } 272 273 void IOMachPort::releasePortForObject( OSObject * obj, 274 ipc_kobject_type_t type ) 275 { 276 OSDictionary * dict; 277 IOMachPort * machPort; 278 279 IOTakeLock( gIOObjectPortLock); 280 281 if( (dict = dictForType( type ))) { 282 obj->retain(); 283 machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj ); 284 if( machPort && !machPort->holdDestroy) 285 dict->removeObject( (const OSSymbol *) obj ); 286 obj->release(); 287 } 288 289 IOUnlock( gIOObjectPortLock); 290 } 291 292 void IOMachPort::setHoldDestroy( OSObject * obj, ipc_kobject_type_t type ) 293 { 294 OSDictionary * dict; 295 IOMachPort * machPort; 296 297 IOLockLock( gIOObjectPortLock ); 298 299 if( (dict = dictForType( type ))) { 300 machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj ); 301 if( machPort) 302 machPort->holdDestroy = true; 303 } 304 305 IOLockUnlock( gIOObjectPortLock ); 306 } 307 308 void IOUserClient::destroyUserReferences( OSObject * obj ) 309 { 310 IOMachPort::releasePortForObject( obj, IKOT_IOKIT_OBJECT ); 311 312 // panther, 3160200 313 // IOMachPort::releasePortForObject( obj, IKOT_IOKIT_CONNECT ); 314 315 OSDictionary * dict; 316 317 IOTakeLock( gIOObjectPortLock); 318 obj->retain(); 319 320 if( (dict = IOMachPort::dictForType( IKOT_IOKIT_CONNECT ))) 321 { 322 IOMachPort * port; 323 port = (IOMachPort *) dict->getObject( (const OSSymbol *) obj ); 324 if (port) 325 { 326 IOUserClient * uc; 327 if ((uc = OSDynamicCast(IOUserClient, obj)) && uc->mappings) 328 { 329 dict->setObject((const OSSymbol *) uc->mappings, port); 330 iokit_switch_object_port(port->port, uc->mappings, IKOT_IOKIT_CONNECT); 331 332 uc->mappings->release(); 333 uc->mappings = 0; 334 } 335 dict->removeObject( (const OSSymbol *) obj ); 336 } 337 } 338 obj->release(); 339 IOUnlock( gIOObjectPortLock); 340 } 341 342 mach_port_name_t IOMachPort::makeSendRightForTask( task_t task, 343 io_object_t obj, ipc_kobject_type_t type ) 344 { 345 return( iokit_make_send_right( task, obj, type )); 346 } 347 348 void IOMachPort::free( void ) 349 { 350 if( port) 351 iokit_destroy_object_port( port ); 352 super::free(); 353 } 354 355 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 356 357 class IOUserNotification : public OSIterator 358 { 359 OSDeclareDefaultStructors(IOUserNotification) 360 361 IONotifier * holdNotify; 362 IOLock * lock; 363 364 public: 365 366 virtual bool init( void ); 367 virtual void free(); 368 369 virtual void setNotification( IONotifier * obj ); 370 371 virtual void reset(); 372 virtual bool isValid(); 373 }; 374 375 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 376 extern "C" { 377 378 // functions called from osfmk/device/iokit_rpc.c 379 380 void 381 iokit_add_reference( io_object_t obj ) 382 { 383 if( obj) 384 obj->retain(); 385 } 386 387 void 388 iokit_remove_reference( io_object_t obj ) 389 { 390 if( obj) 391 obj->release(); 392 } 393 394 ipc_port_t 395 iokit_port_for_object( io_object_t obj, ipc_kobject_type_t type ) 396 { 397 IOMachPort * machPort; 398 ipc_port_t port; 399 400 if( (machPort = IOMachPort::portForObject( obj, type ))) { 401 402 port = machPort->port; 403 if( port) 404 iokit_retain_port( port ); 405 406 machPort->release(); 407 408 } else 409 port = NULL; 410 411 return( port ); 412 } 413 414 kern_return_t 415 iokit_client_died( io_object_t obj, ipc_port_t /* port */, 416 ipc_kobject_type_t type, mach_port_mscount_t * mscount ) 417 { 418 IOUserClient * client; 419 IOMemoryMap * map; 420 IOUserNotification * notify; 421 422 if( !IOMachPort::noMoreSendersForObject( obj, type, mscount )) 423 return( kIOReturnNotReady ); 424 425 if( IKOT_IOKIT_CONNECT == type) 426 { 427 if( (client = OSDynamicCast( IOUserClient, obj ))) { 428 IOStatisticsClientCall(); 429 client->clientDied(); 430 } 431 } 432 else if( IKOT_IOKIT_OBJECT == type) 433 { 434 if( (map = OSDynamicCast( IOMemoryMap, obj ))) 435 map->taskDied(); 436 else if( (notify = OSDynamicCast( IOUserNotification, obj ))) 437 notify->setNotification( 0 ); 438 } 439 440 return( kIOReturnSuccess ); 441 } 442 443 }; /* extern "C" */ 444 445 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 446 447 class IOServiceUserNotification : public IOUserNotification 448 { 449 OSDeclareDefaultStructors(IOServiceUserNotification) 450 451 struct PingMsg { 452 mach_msg_header_t msgHdr; 453 OSNotificationHeader64 notifyHeader; 454 }; 455 456 enum { kMaxOutstanding = 1024 }; 457 458 PingMsg * pingMsg; 459 vm_size_t msgSize; 460 OSArray * newSet; 461 OSObject * lastEntry; 462 bool armed; 463 464 public: 465 466 virtual bool init( mach_port_t port, natural_t type, 467 void * reference, vm_size_t referenceSize, 468 bool clientIs64 ); 469 virtual void free(); 470 471 static bool _handler( void * target, 472 void * ref, IOService * newService, IONotifier * notifier ); 473 virtual bool handler( void * ref, IOService * newService ); 474 475 virtual OSObject * getNextObject(); 476 }; 477 478 class IOServiceMessageUserNotification : public IOUserNotification 479 { 480 OSDeclareDefaultStructors(IOServiceMessageUserNotification) 481 482 struct PingMsg { 483 mach_msg_header_t msgHdr; 484 mach_msg_body_t msgBody; 485 mach_msg_port_descriptor_t ports[1]; 486 OSNotificationHeader64 notifyHeader __attribute__ ((packed)); 487 }; 488 489 PingMsg * pingMsg; 490 vm_size_t msgSize; 491 uint8_t clientIs64; 492 int owningPID; 493 494 public: 495 496 virtual bool init( mach_port_t port, natural_t type, 497 void * reference, vm_size_t referenceSize, 498 vm_size_t extraSize, 499 bool clientIs64 ); 500 501 virtual void free(); 502 503 static IOReturn _handler( void * target, void * ref, 504 UInt32 messageType, IOService * provider, 505 void * messageArgument, vm_size_t argSize ); 506 virtual IOReturn handler( void * ref, 507 UInt32 messageType, IOService * provider, 508 void * messageArgument, vm_size_t argSize ); 509 510 virtual OSObject * getNextObject(); 511 }; 512 513 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 514 515 #undef super 516 #define super OSIterator 517 OSDefineMetaClass( IOUserNotification, OSIterator ) 518 OSDefineAbstractStructors( IOUserNotification, OSIterator ) 519 520 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 521 522 bool IOUserNotification::init( void ) 523 { 524 if( !super::init()) 525 return( false ); 526 527 lock = IOLockAlloc(); 528 if( !lock) 529 return( false ); 530 531 return( true ); 532 } 533 534 void IOUserNotification::free( void ) 535 { 536 if( holdNotify) 537 holdNotify->remove(); 538 // can't be in handler now 539 540 if( lock) 541 IOLockFree( lock ); 542 543 super::free(); 544 } 545 546 547 void IOUserNotification::setNotification( IONotifier * notify ) 548 { 549 IONotifier * previousNotify; 550 551 IOLockLock( gIOObjectPortLock); 552 553 previousNotify = holdNotify; 554 holdNotify = notify; 555 556 IOLockUnlock( gIOObjectPortLock); 557 558 if( previousNotify) 559 previousNotify->remove(); 560 } 561 562 void IOUserNotification::reset() 563 { 564 // ? 565 } 566 567 bool IOUserNotification::isValid() 568 { 569 return( true ); 570 } 571 572 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 573 574 #undef super 575 #define super IOUserNotification 576 OSDefineMetaClassAndStructors(IOServiceUserNotification, IOUserNotification) 577 578 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 579 580 bool IOServiceUserNotification::init( mach_port_t port, natural_t type, 581 void * reference, vm_size_t referenceSize, 582 bool clientIs64 ) 583 { 584 if( !super::init()) 585 return( false ); 586 587 newSet = OSArray::withCapacity( 1 ); 588 if( !newSet) 589 return( false ); 590 591 if (referenceSize > sizeof(OSAsyncReference64)) 592 return( false ); 593 594 msgSize = sizeof(PingMsg) - sizeof(OSAsyncReference64) + referenceSize; 595 pingMsg = (PingMsg *) IOMalloc( msgSize); 596 if( !pingMsg) 597 return( false ); 598 599 bzero( pingMsg, msgSize); 600 601 pingMsg->msgHdr.msgh_remote_port = port; 602 pingMsg->msgHdr.msgh_bits = MACH_MSGH_BITS( 603 MACH_MSG_TYPE_COPY_SEND /*remote*/, 604 MACH_MSG_TYPE_MAKE_SEND /*local*/); 605 pingMsg->msgHdr.msgh_size = msgSize; 606 pingMsg->msgHdr.msgh_id = kOSNotificationMessageID; 607 608 pingMsg->notifyHeader.size = 0; 609 pingMsg->notifyHeader.type = type; 610 bcopy( reference, pingMsg->notifyHeader.reference, referenceSize ); 611 612 return( true ); 613 } 614 615 void IOServiceUserNotification::free( void ) 616 { 617 PingMsg * _pingMsg; 618 vm_size_t _msgSize; 619 OSArray * _newSet; 620 OSObject * _lastEntry; 621 622 _pingMsg = pingMsg; 623 _msgSize = msgSize; 624 _lastEntry = lastEntry; 625 _newSet = newSet; 626 627 super::free(); 628 629 if( _pingMsg && _msgSize) { 630 if (_pingMsg->msgHdr.msgh_remote_port) { 631 iokit_release_port_send(_pingMsg->msgHdr.msgh_remote_port); 632 } 633 IOFree(_pingMsg, _msgSize); 634 } 635 636 if( _lastEntry) 637 _lastEntry->release(); 638 639 if( _newSet) 640 _newSet->release(); 641 } 642 643 bool IOServiceUserNotification::_handler( void * target, 644 void * ref, IOService * newService, IONotifier * notifier ) 645 { 646 return( ((IOServiceUserNotification *) target)->handler( ref, newService )); 647 } 648 649 bool IOServiceUserNotification::handler( void * ref, 650 IOService * newService ) 651 { 652 unsigned int count; 653 kern_return_t kr; 654 ipc_port_t port = NULL; 655 bool sendPing = false; 656 657 IOTakeLock( lock ); 658 659 count = newSet->getCount(); 660 if( count < kMaxOutstanding) { 661 662 newSet->setObject( newService ); 663 if( (sendPing = (armed && (0 == count)))) 664 armed = false; 665 } 666 667 IOUnlock( lock ); 668 669 if( kIOServiceTerminatedNotificationType == pingMsg->notifyHeader.type) 670 IOMachPort::setHoldDestroy( newService, IKOT_IOKIT_OBJECT ); 671 672 if( sendPing) { 673 if( (port = iokit_port_for_object( this, IKOT_IOKIT_OBJECT ) )) 674 pingMsg->msgHdr.msgh_local_port = port; 675 else 676 pingMsg->msgHdr.msgh_local_port = NULL; 677 678 kr = mach_msg_send_from_kernel_with_options( &pingMsg->msgHdr, 679 pingMsg->msgHdr.msgh_size, 680 (MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_IMPORTANCE), 681 0); 682 if( port) 683 iokit_release_port( port ); 684 685 if( KERN_SUCCESS != kr) 686 IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr ); 687 } 688 689 return( true ); 690 } 691 692 OSObject * IOServiceUserNotification::getNextObject() 693 { 694 unsigned int count; 695 OSObject * result; 696 697 IOTakeLock( lock ); 698 699 if( lastEntry) 700 lastEntry->release(); 701 702 count = newSet->getCount(); 703 if( count ) { 704 result = newSet->getObject( count - 1 ); 705 result->retain(); 706 newSet->removeObject( count - 1); 707 } else { 708 result = 0; 709 armed = true; 710 } 711 lastEntry = result; 712 713 IOUnlock( lock ); 714 715 return( result ); 716 } 717 718 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 719 720 OSDefineMetaClassAndStructors(IOServiceMessageUserNotification, IOUserNotification) 721 722 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 723 724 bool IOServiceMessageUserNotification::init( mach_port_t port, natural_t type, 725 void * reference, vm_size_t referenceSize, vm_size_t extraSize, 726 bool client64 ) 727 { 728 if( !super::init()) 729 return( false ); 730 731 if (referenceSize > sizeof(OSAsyncReference64)) 732 return( false ); 733 734 clientIs64 = client64; 735 736 owningPID = proc_selfpid(); 737 738 extraSize += sizeof(IOServiceInterestContent64); 739 msgSize = sizeof(PingMsg) - sizeof(OSAsyncReference64) + referenceSize + extraSize; 740 pingMsg = (PingMsg *) IOMalloc( msgSize); 741 if( !pingMsg) 742 return( false ); 743 744 bzero( pingMsg, msgSize); 745 746 pingMsg->msgHdr.msgh_remote_port = port; 747 pingMsg->msgHdr.msgh_bits = MACH_MSGH_BITS_COMPLEX 748 | MACH_MSGH_BITS( 749 MACH_MSG_TYPE_COPY_SEND /*remote*/, 750 MACH_MSG_TYPE_MAKE_SEND /*local*/); 751 pingMsg->msgHdr.msgh_size = msgSize; 752 pingMsg->msgHdr.msgh_id = kOSNotificationMessageID; 753 754 pingMsg->msgBody.msgh_descriptor_count = 1; 755 756 pingMsg->ports[0].name = 0; 757 pingMsg->ports[0].disposition = MACH_MSG_TYPE_MAKE_SEND; 758 pingMsg->ports[0].type = MACH_MSG_PORT_DESCRIPTOR; 759 760 pingMsg->notifyHeader.size = extraSize; 761 pingMsg->notifyHeader.type = type; 762 bcopy( reference, pingMsg->notifyHeader.reference, referenceSize ); 763 764 return( true ); 765 } 766 767 void IOServiceMessageUserNotification::free( void ) 768 { 769 PingMsg * _pingMsg; 770 vm_size_t _msgSize; 771 772 _pingMsg = pingMsg; 773 _msgSize = msgSize; 774 775 super::free(); 776 777 if( _pingMsg && _msgSize) { 778 if (_pingMsg->msgHdr.msgh_remote_port) { 779 iokit_release_port_send(_pingMsg->msgHdr.msgh_remote_port); 780 } 781 IOFree( _pingMsg, _msgSize); 782 } 783 } 784 785 IOReturn IOServiceMessageUserNotification::_handler( void * target, void * ref, 786 UInt32 messageType, IOService * provider, 787 void * argument, vm_size_t argSize ) 788 { 789 return( ((IOServiceMessageUserNotification *) target)->handler( 790 ref, messageType, provider, argument, argSize)); 791 } 792 793 IOReturn IOServiceMessageUserNotification::handler( void * ref, 794 UInt32 messageType, IOService * provider, 795 void * messageArgument, vm_size_t argSize ) 796 { 797 kern_return_t kr; 798 ipc_port_t thisPort, providerPort; 799 IOServiceInterestContent64 * data = (IOServiceInterestContent64 *) 800 ((((uint8_t *) pingMsg) + msgSize) - pingMsg->notifyHeader.size); 801 // == pingMsg->notifyHeader.content; 802 803 if (kIOMessageCopyClientID == messageType) 804 { 805 *((void **) messageArgument) = OSNumber::withNumber(owningPID, 32); 806 return (kIOReturnSuccess); 807 } 808 809 data->messageType = messageType; 810 811 if( argSize == 0) 812 { 813 data->messageArgument[0] = (io_user_reference_t) messageArgument; 814 if (clientIs64) 815 argSize = sizeof(data->messageArgument[0]); 816 else 817 { 818 data->messageArgument[0] |= (data->messageArgument[0] << 32); 819 argSize = sizeof(uint32_t); 820 } 821 } 822 else 823 { 824 if( argSize > kIOUserNotifyMaxMessageSize) 825 argSize = kIOUserNotifyMaxMessageSize; 826 bcopy( messageArgument, data->messageArgument, argSize ); 827 } 828 829 // adjust message size for ipc restrictions 830 natural_t type; 831 type = pingMsg->notifyHeader.type; 832 type &= ~(kIOKitNoticationMsgSizeMask << kIOKitNoticationTypeSizeAdjShift); 833 type |= ((argSize & kIOKitNoticationMsgSizeMask) << kIOKitNoticationTypeSizeAdjShift); 834 pingMsg->notifyHeader.type = type; 835 argSize = (argSize + kIOKitNoticationMsgSizeMask) & ~kIOKitNoticationMsgSizeMask; 836 837 pingMsg->msgHdr.msgh_size = msgSize - pingMsg->notifyHeader.size 838 + sizeof( IOServiceInterestContent64 ) 839 - sizeof( data->messageArgument) 840 + argSize; 841 842 providerPort = iokit_port_for_object( provider, IKOT_IOKIT_OBJECT ); 843 pingMsg->ports[0].name = providerPort; 844 thisPort = iokit_port_for_object( this, IKOT_IOKIT_OBJECT ); 845 pingMsg->msgHdr.msgh_local_port = thisPort; 846 kr = mach_msg_send_from_kernel_with_options( &pingMsg->msgHdr, 847 pingMsg->msgHdr.msgh_size, 848 (MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_IMPORTANCE), 849 0); 850 if( thisPort) 851 iokit_release_port( thisPort ); 852 if( providerPort) 853 iokit_release_port( providerPort ); 854 855 if( KERN_SUCCESS != kr) 856 IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr ); 857 858 return( kIOReturnSuccess ); 859 } 860 861 OSObject * IOServiceMessageUserNotification::getNextObject() 862 { 863 return( 0 ); 864 } 865 866 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 867 868 #undef super 869 #define super IOService 870 OSDefineMetaClassAndAbstractStructors( IOUserClient, IOService ) 871 872 void IOUserClient::initialize( void ) 873 { 874 gIOObjectPortLock = IOLockAlloc(); 875 876 assert( gIOObjectPortLock ); 877 } 878 879 void IOUserClient::setAsyncReference(OSAsyncReference asyncRef, 880 mach_port_t wakePort, 881 void *callback, void *refcon) 882 { 883 asyncRef[kIOAsyncReservedIndex] = ((uintptr_t) wakePort) 884 | (kIOUCAsync0Flags & asyncRef[kIOAsyncReservedIndex]); 885 asyncRef[kIOAsyncCalloutFuncIndex] = (uintptr_t) callback; 886 asyncRef[kIOAsyncCalloutRefconIndex] = (uintptr_t) refcon; 887 } 888 889 void IOUserClient::setAsyncReference64(OSAsyncReference64 asyncRef, 890 mach_port_t wakePort, 891 mach_vm_address_t callback, io_user_reference_t refcon) 892 { 893 asyncRef[kIOAsyncReservedIndex] = ((io_user_reference_t) wakePort) 894 | (kIOUCAsync0Flags & asyncRef[kIOAsyncReservedIndex]); 895 asyncRef[kIOAsyncCalloutFuncIndex] = (io_user_reference_t) callback; 896 asyncRef[kIOAsyncCalloutRefconIndex] = refcon; 897 } 898 899 void IOUserClient::setAsyncReference64(OSAsyncReference64 asyncRef, 900 mach_port_t wakePort, 901 mach_vm_address_t callback, io_user_reference_t refcon, task_t task) 902 { 903 setAsyncReference64(asyncRef, wakePort, callback, refcon); 904 if (vm_map_is_64bit(get_task_map(task))) { 905 asyncRef[kIOAsyncReservedIndex] |= kIOUCAsync64Flag; 906 } 907 } 908 909 static OSDictionary * CopyConsoleUser(UInt32 uid) 910 { 911 OSArray * array; 912 OSDictionary * user = 0; 913 914 if ((array = OSDynamicCast(OSArray, 915 IORegistryEntry::getRegistryRoot()->copyProperty(gIOConsoleUsersKey)))) 916 { 917 for (unsigned int idx = 0; 918 (user = OSDynamicCast(OSDictionary, array->getObject(idx))); 919 idx++) { 920 OSNumber * num; 921 922 if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionUIDKey))) 923 && (uid == num->unsigned32BitValue())) { 924 user->retain(); 925 break; 926 } 927 } 928 array->release(); 929 } 930 return user; 931 } 932 933 static OSDictionary * CopyUserOnConsole(void) 934 { 935 OSArray * array; 936 OSDictionary * user = 0; 937 938 if ((array = OSDynamicCast(OSArray, 939 IORegistryEntry::getRegistryRoot()->copyProperty(gIOConsoleUsersKey)))) 940 { 941 for (unsigned int idx = 0; 942 (user = OSDynamicCast(OSDictionary, array->getObject(idx))); 943 idx++) 944 { 945 if (kOSBooleanTrue == user->getObject(gIOConsoleSessionOnConsoleKey)) 946 { 947 user->retain(); 948 break; 949 } 950 } 951 array->release(); 952 } 953 return (user); 954 } 955 956 IOReturn IOUserClient::clientHasAuthorization( task_t task, 957 IOService * service ) 958 { 959 proc_t p; 960 961 p = (proc_t) get_bsdtask_info(task); 962 if (p) 963 { 964 uint64_t authorizationID; 965 966 authorizationID = proc_uniqueid(p); 967 if (authorizationID) 968 { 969 if (service->getAuthorizationID() == authorizationID) 970 { 971 return (kIOReturnSuccess); 972 } 973 } 974 } 975 976 return (kIOReturnNotPermitted); 977 } 978 979 IOReturn IOUserClient::clientHasPrivilege( void * securityToken, 980 const char * privilegeName ) 981 { 982 kern_return_t kr; 983 security_token_t token; 984 mach_msg_type_number_t count; 985 task_t task; 986 OSDictionary * user; 987 bool secureConsole; 988 989 990 if (!strncmp(privilegeName, kIOClientPrivilegeForeground, 991 sizeof(kIOClientPrivilegeForeground))) 992 { 993 if (task_is_gpu_denied(current_task())) 994 return (kIOReturnNotPrivileged); 995 else 996 return (kIOReturnSuccess); 997 } 998 999 if (!strncmp(privilegeName, kIOClientPrivilegeConsoleSession, 1000 sizeof(kIOClientPrivilegeConsoleSession))) 1001 { 1002 kauth_cred_t cred; 1003 proc_t p; 1004 1005 task = (task_t) securityToken; 1006 if (!task) 1007 task = current_task(); 1008 p = (proc_t) get_bsdtask_info(task); 1009 kr = kIOReturnNotPrivileged; 1010 1011 if (p && (cred = kauth_cred_proc_ref(p))) 1012 { 1013 user = CopyUserOnConsole(); 1014 if (user) 1015 { 1016 OSNumber * num; 1017 if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionAuditIDKey))) 1018 && (cred->cr_audit.as_aia_p->ai_asid == (au_asid_t) num->unsigned32BitValue())) 1019 { 1020 kr = kIOReturnSuccess; 1021 } 1022 user->release(); 1023 } 1024 kauth_cred_unref(&cred); 1025 } 1026 return (kr); 1027 } 1028 1029 if ((secureConsole = !strncmp(privilegeName, kIOClientPrivilegeSecureConsoleProcess, 1030 sizeof(kIOClientPrivilegeSecureConsoleProcess)))) 1031 task = (task_t)((IOUCProcessToken *)securityToken)->token; 1032 else 1033 task = (task_t)securityToken; 1034 1035 count = TASK_SECURITY_TOKEN_COUNT; 1036 kr = task_info( task, TASK_SECURITY_TOKEN, (task_info_t) &token, &count ); 1037 1038 if (KERN_SUCCESS != kr) 1039 {} 1040 else if (!strncmp(privilegeName, kIOClientPrivilegeAdministrator, 1041 sizeof(kIOClientPrivilegeAdministrator))) { 1042 if (0 != token.val[0]) 1043 kr = kIOReturnNotPrivileged; 1044 } else if (!strncmp(privilegeName, kIOClientPrivilegeLocalUser, 1045 sizeof(kIOClientPrivilegeLocalUser))) { 1046 user = CopyConsoleUser(token.val[0]); 1047 if ( user ) 1048 user->release(); 1049 else 1050 kr = kIOReturnNotPrivileged; 1051 } else if (secureConsole || !strncmp(privilegeName, kIOClientPrivilegeConsoleUser, 1052 sizeof(kIOClientPrivilegeConsoleUser))) { 1053 user = CopyConsoleUser(token.val[0]); 1054 if ( user ) { 1055 if (user->getObject(gIOConsoleSessionOnConsoleKey) != kOSBooleanTrue) 1056 kr = kIOReturnNotPrivileged; 1057 else if ( secureConsole ) { 1058 OSNumber * pid = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionSecureInputPIDKey)); 1059 if ( pid && pid->unsigned32BitValue() != ((IOUCProcessToken *)securityToken)->pid) 1060 kr = kIOReturnNotPrivileged; 1061 } 1062 user->release(); 1063 } 1064 else 1065 kr = kIOReturnNotPrivileged; 1066 } else 1067 kr = kIOReturnUnsupported; 1068 1069 return (kr); 1070 } 1071 1072 OSObject * IOUserClient::copyClientEntitlement( task_t task, 1073 const char * entitlement ) 1074 { 1075 #define MAX_ENTITLEMENTS_LEN (128 * 1024) 1076 1077 proc_t p = NULL; 1078 pid_t pid = 0; 1079 char procname[MAXCOMLEN + 1] = ""; 1080 size_t len = 0; 1081 void *entitlements_blob = NULL; 1082 char *entitlements_data = NULL; 1083 OSObject *entitlements_obj = NULL; 1084 OSDictionary *entitlements = NULL; 1085 OSString *errorString = NULL; 1086 OSObject *value = NULL; 1087 1088 p = (proc_t)get_bsdtask_info(task); 1089 if (p == NULL) 1090 goto fail; 1091 pid = proc_pid(p); 1092 proc_name(pid, procname, (int)sizeof(procname)); 1093 1094 if (cs_entitlements_blob_get(p, &entitlements_blob, &len) != 0) 1095 goto fail; 1096 1097 if (len <= offsetof(CS_GenericBlob, data)) 1098 goto fail; 1099 1100 /* 1101 * Per <rdar://problem/11593877>, enforce a limit on the amount of XML 1102 * we'll try to parse in the kernel. 1103 */ 1104 len -= offsetof(CS_GenericBlob, data); 1105 if (len > MAX_ENTITLEMENTS_LEN) { 1106 IOLog("failed to parse entitlements for %s[%u]: %lu bytes of entitlements exceeds maximum of %u\n", procname, pid, len, MAX_ENTITLEMENTS_LEN); 1107 goto fail; 1108 } 1109 1110 /* 1111 * OSUnserializeXML() expects a nul-terminated string, but that isn't 1112 * what is stored in the entitlements blob. Copy the string and 1113 * terminate it. 1114 */ 1115 entitlements_data = (char *)IOMalloc(len + 1); 1116 if (entitlements_data == NULL) 1117 goto fail; 1118 memcpy(entitlements_data, ((CS_GenericBlob *)entitlements_blob)->data, len); 1119 entitlements_data[len] = '\0'; 1120 1121 entitlements_obj = OSUnserializeXML(entitlements_data, len + 1, &errorString); 1122 if (errorString != NULL) { 1123 IOLog("failed to parse entitlements for %s[%u]: %s\n", procname, pid, errorString->getCStringNoCopy()); 1124 goto fail; 1125 } 1126 if (entitlements_obj == NULL) 1127 goto fail; 1128 1129 entitlements = OSDynamicCast(OSDictionary, entitlements_obj); 1130 if (entitlements == NULL) 1131 goto fail; 1132 1133 /* Fetch the entitlement value from the dictionary. */ 1134 value = entitlements->getObject(entitlement); 1135 if (value != NULL) 1136 value->retain(); 1137 1138 fail: 1139 if (entitlements_data != NULL) 1140 IOFree(entitlements_data, len + 1); 1141 if (entitlements_obj != NULL) 1142 entitlements_obj->release(); 1143 if (errorString != NULL) 1144 errorString->release(); 1145 return value; 1146 } 1147 1148 bool IOUserClient::init() 1149 { 1150 if (getPropertyTable() || super::init()) 1151 return reserve(); 1152 1153 return false; 1154 } 1155 1156 bool IOUserClient::init(OSDictionary * dictionary) 1157 { 1158 if (getPropertyTable() || super::init(dictionary)) 1159 return reserve(); 1160 1161 return false; 1162 } 1163 1164 bool IOUserClient::initWithTask(task_t owningTask, 1165 void * securityID, 1166 UInt32 type ) 1167 { 1168 if (getPropertyTable() || super::init()) 1169 return reserve(); 1170 1171 return false; 1172 } 1173 1174 bool IOUserClient::initWithTask(task_t owningTask, 1175 void * securityID, 1176 UInt32 type, 1177 OSDictionary * properties ) 1178 { 1179 bool ok; 1180 1181 ok = super::init( properties ); 1182 ok &= initWithTask( owningTask, securityID, type ); 1183 1184 return( ok ); 1185 } 1186 1187 bool IOUserClient::reserve() 1188 { 1189 if(!reserved) { 1190 reserved = IONew(ExpansionData, 1); 1191 if (!reserved) { 1192 return false; 1193 } 1194 } 1195 setTerminateDefer(NULL, true); 1196 IOStatisticsRegisterCounter(); 1197 1198 return true; 1199 } 1200 1201 void IOUserClient::free() 1202 { 1203 if( mappings) 1204 mappings->release(); 1205 1206 IOStatisticsUnregisterCounter(); 1207 1208 if (reserved) 1209 IODelete(reserved, ExpansionData, 1); 1210 1211 super::free(); 1212 } 1213 1214 IOReturn IOUserClient::clientDied( void ) 1215 { 1216 return( clientClose()); 1217 } 1218 1219 IOReturn IOUserClient::clientClose( void ) 1220 { 1221 return( kIOReturnUnsupported ); 1222 } 1223 1224 IOService * IOUserClient::getService( void ) 1225 { 1226 return( 0 ); 1227 } 1228 1229 IOReturn IOUserClient::registerNotificationPort( 1230 mach_port_t /* port */, 1231 UInt32 /* type */, 1232 UInt32 /* refCon */) 1233 { 1234 return( kIOReturnUnsupported); 1235 } 1236 1237 IOReturn IOUserClient::registerNotificationPort( 1238 mach_port_t port, 1239 UInt32 type, 1240 io_user_reference_t refCon) 1241 { 1242 return (registerNotificationPort(port, type, (UInt32) refCon)); 1243 } 1244 1245 IOReturn IOUserClient::getNotificationSemaphore( UInt32 notification_type, 1246 semaphore_t * semaphore ) 1247 { 1248 return( kIOReturnUnsupported); 1249 } 1250 1251 IOReturn IOUserClient::connectClient( IOUserClient * /* client */ ) 1252 { 1253 return( kIOReturnUnsupported); 1254 } 1255 1256 IOReturn IOUserClient::clientMemoryForType( UInt32 type, 1257 IOOptionBits * options, 1258 IOMemoryDescriptor ** memory ) 1259 { 1260 return( kIOReturnUnsupported); 1261 } 1262 1263 #if !__LP64__ 1264 IOMemoryMap * IOUserClient::mapClientMemory( 1265 IOOptionBits type, 1266 task_t task, 1267 IOOptionBits mapFlags, 1268 IOVirtualAddress atAddress ) 1269 { 1270 return (NULL); 1271 } 1272 #endif 1273 1274 IOMemoryMap * IOUserClient::mapClientMemory64( 1275 IOOptionBits type, 1276 task_t task, 1277 IOOptionBits mapFlags, 1278 mach_vm_address_t atAddress ) 1279 { 1280 IOReturn err; 1281 IOOptionBits options = 0; 1282 IOMemoryDescriptor * memory; 1283 IOMemoryMap * map = 0; 1284 1285 err = clientMemoryForType( (UInt32) type, &options, &memory ); 1286 1287 if( memory && (kIOReturnSuccess == err)) { 1288 1289 options = (options & ~kIOMapUserOptionsMask) 1290 | (mapFlags & kIOMapUserOptionsMask); 1291 map = memory->createMappingInTask( task, atAddress, options ); 1292 memory->release(); 1293 } 1294 1295 return( map ); 1296 } 1297 1298 IOReturn IOUserClient::exportObjectToClient(task_t task, 1299 OSObject *obj, io_object_t *clientObj) 1300 { 1301 mach_port_name_t name; 1302 1303 name = IOMachPort::makeSendRightForTask( task, obj, IKOT_IOKIT_OBJECT ); 1304 1305 *(mach_port_name_t *)clientObj = name; 1306 return kIOReturnSuccess; 1307 } 1308 1309 IOExternalMethod * IOUserClient::getExternalMethodForIndex( UInt32 /* index */) 1310 { 1311 return( 0 ); 1312 } 1313 1314 IOExternalAsyncMethod * IOUserClient::getExternalAsyncMethodForIndex( UInt32 /* index */) 1315 { 1316 return( 0 ); 1317 } 1318 1319 IOExternalMethod * IOUserClient:: 1320 getTargetAndMethodForIndex(IOService **targetP, UInt32 index) 1321 { 1322 IOExternalMethod *method = getExternalMethodForIndex(index); 1323 1324 if (method) 1325 *targetP = (IOService *) method->object; 1326 1327 return method; 1328 } 1329 1330 IOExternalAsyncMethod * IOUserClient:: 1331 getAsyncTargetAndMethodForIndex(IOService ** targetP, UInt32 index) 1332 { 1333 IOExternalAsyncMethod *method = getExternalAsyncMethodForIndex(index); 1334 1335 if (method) 1336 *targetP = (IOService *) method->object; 1337 1338 return method; 1339 } 1340 1341 IOExternalTrap * IOUserClient:: 1342 getExternalTrapForIndex(UInt32 index) 1343 { 1344 return NULL; 1345 } 1346 1347 IOExternalTrap * IOUserClient:: 1348 getTargetAndTrapForIndex(IOService ** targetP, UInt32 index) 1349 { 1350 IOExternalTrap *trap = getExternalTrapForIndex(index); 1351 1352 if (trap) { 1353 *targetP = trap->object; 1354 } 1355 1356 return trap; 1357 } 1358 1359 IOReturn IOUserClient::releaseAsyncReference64(OSAsyncReference64 reference) 1360 { 1361 mach_port_t port; 1362 port = (mach_port_t) (reference[0] & ~kIOUCAsync0Flags); 1363 1364 if (MACH_PORT_NULL != port) 1365 iokit_release_port_send(port); 1366 1367 return (kIOReturnSuccess); 1368 } 1369 1370 IOReturn IOUserClient::releaseNotificationPort(mach_port_t port) 1371 { 1372 if (MACH_PORT_NULL != port) 1373 iokit_release_port_send(port); 1374 1375 return (kIOReturnSuccess); 1376 } 1377 1378 IOReturn IOUserClient::sendAsyncResult(OSAsyncReference reference, 1379 IOReturn result, void *args[], UInt32 numArgs) 1380 { 1381 OSAsyncReference64 reference64; 1382 io_user_reference_t args64[kMaxAsyncArgs]; 1383 unsigned int idx; 1384 1385 if (numArgs > kMaxAsyncArgs) 1386 return kIOReturnMessageTooLarge; 1387 1388 for (idx = 0; idx < kOSAsyncRef64Count; idx++) 1389 reference64[idx] = REF64(reference[idx]); 1390 1391 for (idx = 0; idx < numArgs; idx++) 1392 args64[idx] = REF64(args[idx]); 1393 1394 return (sendAsyncResult64(reference64, result, args64, numArgs)); 1395 } 1396 1397 IOReturn IOUserClient::sendAsyncResult64WithOptions(OSAsyncReference64 reference, 1398 IOReturn result, io_user_reference_t args[], UInt32 numArgs, IOOptionBits options) 1399 { 1400 return _sendAsyncResult64(reference, result, args, numArgs, options); 1401 } 1402 1403 IOReturn IOUserClient::sendAsyncResult64(OSAsyncReference64 reference, 1404 IOReturn result, io_user_reference_t args[], UInt32 numArgs) 1405 { 1406 return _sendAsyncResult64(reference, result, args, numArgs, 0); 1407 } 1408 1409 IOReturn IOUserClient::_sendAsyncResult64(OSAsyncReference64 reference, 1410 IOReturn result, io_user_reference_t args[], UInt32 numArgs, IOOptionBits options) 1411 { 1412 struct ReplyMsg 1413 { 1414 mach_msg_header_t msgHdr; 1415 union 1416 { 1417 struct 1418 { 1419 OSNotificationHeader notifyHdr; 1420 IOAsyncCompletionContent asyncContent; 1421 uint32_t args[kMaxAsyncArgs]; 1422 } msg32; 1423 struct 1424 { 1425 OSNotificationHeader64 notifyHdr; 1426 IOAsyncCompletionContent asyncContent; 1427 io_user_reference_t args[kMaxAsyncArgs] __attribute__ ((packed)); 1428 } msg64; 1429 } m; 1430 }; 1431 ReplyMsg replyMsg; 1432 mach_port_t replyPort; 1433 kern_return_t kr; 1434 1435 // If no reply port, do nothing. 1436 replyPort = (mach_port_t) (reference[0] & ~kIOUCAsync0Flags); 1437 if (replyPort == MACH_PORT_NULL) 1438 return kIOReturnSuccess; 1439 1440 if (numArgs > kMaxAsyncArgs) 1441 return kIOReturnMessageTooLarge; 1442 1443 replyMsg.msgHdr.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND /*remote*/, 1444 0 /*local*/); 1445 replyMsg.msgHdr.msgh_remote_port = replyPort; 1446 replyMsg.msgHdr.msgh_local_port = 0; 1447 replyMsg.msgHdr.msgh_id = kOSNotificationMessageID; 1448 if (kIOUCAsync64Flag & reference[0]) 1449 { 1450 replyMsg.msgHdr.msgh_size = 1451 sizeof(replyMsg.msgHdr) + sizeof(replyMsg.m.msg64) 1452 - (kMaxAsyncArgs - numArgs) * sizeof(io_user_reference_t); 1453 replyMsg.m.msg64.notifyHdr.size = sizeof(IOAsyncCompletionContent) 1454 + numArgs * sizeof(io_user_reference_t); 1455 replyMsg.m.msg64.notifyHdr.type = kIOAsyncCompletionNotificationType; 1456 bcopy(reference, replyMsg.m.msg64.notifyHdr.reference, sizeof(OSAsyncReference64)); 1457 1458 replyMsg.m.msg64.asyncContent.result = result; 1459 if (numArgs) 1460 bcopy(args, replyMsg.m.msg64.args, numArgs * sizeof(io_user_reference_t)); 1461 } 1462 else 1463 { 1464 unsigned int idx; 1465 1466 replyMsg.msgHdr.msgh_size = 1467 sizeof(replyMsg.msgHdr) + sizeof(replyMsg.m.msg32) 1468 - (kMaxAsyncArgs - numArgs) * sizeof(uint32_t); 1469 1470 replyMsg.m.msg32.notifyHdr.size = sizeof(IOAsyncCompletionContent) 1471 + numArgs * sizeof(uint32_t); 1472 replyMsg.m.msg32.notifyHdr.type = kIOAsyncCompletionNotificationType; 1473 1474 for (idx = 0; idx < kOSAsyncRefCount; idx++) 1475 replyMsg.m.msg32.notifyHdr.reference[idx] = REF32(reference[idx]); 1476 1477 replyMsg.m.msg32.asyncContent.result = result; 1478 1479 for (idx = 0; idx < numArgs; idx++) 1480 replyMsg.m.msg32.args[idx] = REF32(args[idx]); 1481 } 1482 1483 if ((options & kIOUserNotifyOptionCanDrop) != 0) { 1484 kr = mach_msg_send_from_kernel_with_options( &replyMsg.msgHdr, 1485 replyMsg.msgHdr.msgh_size, MACH_SEND_TIMEOUT, MACH_MSG_TIMEOUT_NONE); 1486 } else { 1487 /* Fail on full queue. */ 1488 kr = mach_msg_send_from_kernel_proper( &replyMsg.msgHdr, 1489 replyMsg.msgHdr.msgh_size); 1490 } 1491 if ((KERN_SUCCESS != kr) && (MACH_SEND_TIMED_OUT != kr)) 1492 IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr ); 1493 return kr; 1494 } 1495 1496 1497 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 1498 1499 extern "C" { 1500 1501 #define CHECK(cls,obj,out) \ 1502 cls * out; \ 1503 if( !(out = OSDynamicCast( cls, obj))) \ 1504 return( kIOReturnBadArgument ) 1505 1506 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 1507 1508 /* Routine io_server_version */ 1509 kern_return_t is_io_server_version( 1510 mach_port_t master_port, 1511 uint64_t *version) 1512 { 1513 *version = IOKIT_SERVER_VERSION; 1514 return (kIOReturnSuccess); 1515 } 1516 1517 /* Routine io_object_get_class */ 1518 kern_return_t is_io_object_get_class( 1519 io_object_t object, 1520 io_name_t className ) 1521 { 1522 const OSMetaClass* my_obj = NULL; 1523 1524 if( !object) 1525 return( kIOReturnBadArgument ); 1526 1527 my_obj = object->getMetaClass(); 1528 if (!my_obj) { 1529 return (kIOReturnNotFound); 1530 } 1531 1532 strlcpy( className, my_obj->getClassName(), sizeof(io_name_t)); 1533 return( kIOReturnSuccess ); 1534 } 1535 1536 /* Routine io_object_get_superclass */ 1537 kern_return_t is_io_object_get_superclass( 1538 mach_port_t master_port, 1539 io_name_t obj_name, 1540 io_name_t class_name) 1541 { 1542 const OSMetaClass* my_obj = NULL; 1543 const OSMetaClass* superclass = NULL; 1544 const OSSymbol *my_name = NULL; 1545 const char *my_cstr = NULL; 1546 1547 if (!obj_name || !class_name) 1548 return (kIOReturnBadArgument); 1549 1550 if( master_port != master_device_port) 1551 return( kIOReturnNotPrivileged); 1552 1553 my_name = OSSymbol::withCString(obj_name); 1554 1555 if (my_name) { 1556 my_obj = OSMetaClass::getMetaClassWithName(my_name); 1557 my_name->release(); 1558 } 1559 if (my_obj) { 1560 superclass = my_obj->getSuperClass(); 1561 } 1562 1563 if (!superclass) { 1564 return( kIOReturnNotFound ); 1565 } 1566 1567 my_cstr = superclass->getClassName(); 1568 1569 if (my_cstr) { 1570 strlcpy(class_name, my_cstr, sizeof(io_name_t)); 1571 return( kIOReturnSuccess ); 1572 } 1573 return (kIOReturnNotFound); 1574 } 1575 1576 /* Routine io_object_get_bundle_identifier */ 1577 kern_return_t is_io_object_get_bundle_identifier( 1578 mach_port_t master_port, 1579 io_name_t obj_name, 1580 io_name_t bundle_name) 1581 { 1582 const OSMetaClass* my_obj = NULL; 1583 const OSSymbol *my_name = NULL; 1584 const OSSymbol *identifier = NULL; 1585 const char *my_cstr = NULL; 1586 1587 if (!obj_name || !bundle_name) 1588 return (kIOReturnBadArgument); 1589 1590 if( master_port != master_device_port) 1591 return( kIOReturnNotPrivileged); 1592 1593 my_name = OSSymbol::withCString(obj_name); 1594 1595 if (my_name) { 1596 my_obj = OSMetaClass::getMetaClassWithName(my_name); 1597 my_name->release(); 1598 } 1599 1600 if (my_obj) { 1601 identifier = my_obj->getKmodName(); 1602 } 1603 if (!identifier) { 1604 return( kIOReturnNotFound ); 1605 } 1606 1607 my_cstr = identifier->getCStringNoCopy(); 1608 if (my_cstr) { 1609 strlcpy(bundle_name, identifier->getCStringNoCopy(), sizeof(io_name_t)); 1610 return( kIOReturnSuccess ); 1611 } 1612 1613 return (kIOReturnBadArgument); 1614 } 1615 1616 /* Routine io_object_conforms_to */ 1617 kern_return_t is_io_object_conforms_to( 1618 io_object_t object, 1619 io_name_t className, 1620 boolean_t *conforms ) 1621 { 1622 if( !object) 1623 return( kIOReturnBadArgument ); 1624 1625 *conforms = (0 != object->metaCast( className )); 1626 return( kIOReturnSuccess ); 1627 } 1628 1629 /* Routine io_object_get_retain_count */ 1630 kern_return_t is_io_object_get_retain_count( 1631 io_object_t object, 1632 uint32_t *retainCount ) 1633 { 1634 if( !object) 1635 return( kIOReturnBadArgument ); 1636 1637 *retainCount = object->getRetainCount(); 1638 return( kIOReturnSuccess ); 1639 } 1640 1641 /* Routine io_iterator_next */ 1642 kern_return_t is_io_iterator_next( 1643 io_object_t iterator, 1644 io_object_t *object ) 1645 { 1646 OSObject * obj; 1647 1648 CHECK( OSIterator, iterator, iter ); 1649 1650 obj = iter->getNextObject(); 1651 if( obj) { 1652 obj->retain(); 1653 *object = obj; 1654 return( kIOReturnSuccess ); 1655 } else 1656 return( kIOReturnNoDevice ); 1657 } 1658 1659 /* Routine io_iterator_reset */ 1660 kern_return_t is_io_iterator_reset( 1661 io_object_t iterator ) 1662 { 1663 CHECK( OSIterator, iterator, iter ); 1664 1665 iter->reset(); 1666 1667 return( kIOReturnSuccess ); 1668 } 1669 1670 /* Routine io_iterator_is_valid */ 1671 kern_return_t is_io_iterator_is_valid( 1672 io_object_t iterator, 1673 boolean_t *is_valid ) 1674 { 1675 CHECK( OSIterator, iterator, iter ); 1676 1677 *is_valid = iter->isValid(); 1678 1679 return( kIOReturnSuccess ); 1680 } 1681 1682 1683 static kern_return_t internal_io_service_match_property_table( 1684 io_service_t _service, 1685 const char * matching, 1686 mach_msg_type_number_t matching_size, 1687 boolean_t *matches) 1688 { 1689 CHECK( IOService, _service, service ); 1690 1691 kern_return_t kr; 1692 OSObject * obj; 1693 OSDictionary * dict; 1694 1695 obj = matching_size ? OSUnserializeXML(matching, matching_size) 1696 : OSUnserializeXML(matching); 1697 if( (dict = OSDynamicCast( OSDictionary, obj))) { 1698 *matches = service->passiveMatch( dict ); 1699 kr = kIOReturnSuccess; 1700 } else 1701 kr = kIOReturnBadArgument; 1702 1703 if( obj) 1704 obj->release(); 1705 1706 return( kr ); 1707 } 1708 1709 /* Routine io_service_match_property_table */ 1710 kern_return_t is_io_service_match_property_table( 1711 io_service_t service, 1712 io_string_t matching, 1713 boolean_t *matches ) 1714 { 1715 return (internal_io_service_match_property_table(service, matching, 0, matches)); 1716 } 1717 1718 1719 /* Routine io_service_match_property_table_ool */ 1720 kern_return_t is_io_service_match_property_table_ool( 1721 io_object_t service, 1722 io_buf_ptr_t matching, 1723 mach_msg_type_number_t matchingCnt, 1724 kern_return_t *result, 1725 boolean_t *matches ) 1726 { 1727 kern_return_t kr; 1728 vm_offset_t data; 1729 vm_map_offset_t map_data; 1730 1731 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching ); 1732 data = CAST_DOWN(vm_offset_t, map_data); 1733 1734 if( KERN_SUCCESS == kr) { 1735 // must return success after vm_map_copyout() succeeds 1736 *result = internal_io_service_match_property_table(service, 1737 (const char *)data, matchingCnt, matches ); 1738 vm_deallocate( kernel_map, data, matchingCnt ); 1739 } 1740 1741 return( kr ); 1742 } 1743 1744 /* Routine io_service_match_property_table_bin */ 1745 kern_return_t is_io_service_match_property_table_bin( 1746 io_object_t service, 1747 io_struct_inband_t matching, 1748 mach_msg_type_number_t matchingCnt, 1749 boolean_t *matches) 1750 { 1751 return (internal_io_service_match_property_table(service, matching, matchingCnt, matches)); 1752 } 1753 1754 static kern_return_t internal_io_service_get_matching_services( 1755 mach_port_t master_port, 1756 const char * matching, 1757 mach_msg_type_number_t matching_size, 1758 io_iterator_t *existing ) 1759 { 1760 kern_return_t kr; 1761 OSObject * obj; 1762 OSDictionary * dict; 1763 1764 if( master_port != master_device_port) 1765 return( kIOReturnNotPrivileged); 1766 1767 obj = matching_size ? OSUnserializeXML(matching, matching_size) 1768 : OSUnserializeXML(matching); 1769 if( (dict = OSDynamicCast( OSDictionary, obj))) { 1770 *existing = IOService::getMatchingServices( dict ); 1771 kr = kIOReturnSuccess; 1772 } else 1773 kr = kIOReturnBadArgument; 1774 1775 if( obj) 1776 obj->release(); 1777 1778 return( kr ); 1779 } 1780 1781 /* Routine io_service_get_matching_services */ 1782 kern_return_t is_io_service_get_matching_services( 1783 mach_port_t master_port, 1784 io_string_t matching, 1785 io_iterator_t *existing ) 1786 { 1787 return (internal_io_service_get_matching_services(master_port, matching, 0, existing)); 1788 } 1789 1790 /* Routine io_service_get_matching_services_ool */ 1791 kern_return_t is_io_service_get_matching_services_ool( 1792 mach_port_t master_port, 1793 io_buf_ptr_t matching, 1794 mach_msg_type_number_t matchingCnt, 1795 kern_return_t *result, 1796 io_object_t *existing ) 1797 { 1798 kern_return_t kr; 1799 vm_offset_t data; 1800 vm_map_offset_t map_data; 1801 1802 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching ); 1803 data = CAST_DOWN(vm_offset_t, map_data); 1804 1805 if( KERN_SUCCESS == kr) { 1806 // must return success after vm_map_copyout() succeeds 1807 *result = internal_io_service_get_matching_services(master_port, 1808 (const char *) data, matchingCnt, existing); 1809 vm_deallocate( kernel_map, data, matchingCnt ); 1810 } 1811 1812 return( kr ); 1813 } 1814 1815 /* Routine io_service_get_matching_services_bin */ 1816 kern_return_t is_io_service_get_matching_services_bin( 1817 mach_port_t master_port, 1818 io_struct_inband_t matching, 1819 mach_msg_type_number_t matchingCnt, 1820 io_object_t *existing) 1821 { 1822 return (internal_io_service_get_matching_services(master_port, matching, matchingCnt, existing)); 1823 } 1824 1825 1826 static kern_return_t internal_io_service_get_matching_service( 1827 mach_port_t master_port, 1828 const char * matching, 1829 mach_msg_type_number_t matching_size, 1830 io_service_t *service ) 1831 { 1832 kern_return_t kr; 1833 OSObject * obj; 1834 OSDictionary * dict; 1835 1836 if( master_port != master_device_port) 1837 return( kIOReturnNotPrivileged); 1838 1839 obj = matching_size ? OSUnserializeXML(matching, matching_size) 1840 : OSUnserializeXML(matching); 1841 if( (dict = OSDynamicCast( OSDictionary, obj))) { 1842 *service = IOService::copyMatchingService( dict ); 1843 kr = *service ? kIOReturnSuccess : kIOReturnNotFound; 1844 } else 1845 kr = kIOReturnBadArgument; 1846 1847 if( obj) 1848 obj->release(); 1849 1850 return( kr ); 1851 } 1852 1853 /* Routine io_service_get_matching_service */ 1854 kern_return_t is_io_service_get_matching_service( 1855 mach_port_t master_port, 1856 io_string_t matching, 1857 io_service_t *service ) 1858 { 1859 return (internal_io_service_get_matching_service(master_port, matching, 0, service)); 1860 } 1861 1862 /* Routine io_service_get_matching_services_ool */ 1863 kern_return_t is_io_service_get_matching_service_ool( 1864 mach_port_t master_port, 1865 io_buf_ptr_t matching, 1866 mach_msg_type_number_t matchingCnt, 1867 kern_return_t *result, 1868 io_object_t *service ) 1869 { 1870 kern_return_t kr; 1871 vm_offset_t data; 1872 vm_map_offset_t map_data; 1873 1874 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching ); 1875 data = CAST_DOWN(vm_offset_t, map_data); 1876 1877 if( KERN_SUCCESS == kr) { 1878 // must return success after vm_map_copyout() succeeds 1879 *result = internal_io_service_get_matching_service(master_port, 1880 (const char *) data, matchingCnt, service ); 1881 vm_deallocate( kernel_map, data, matchingCnt ); 1882 } 1883 1884 return( kr ); 1885 } 1886 1887 /* Routine io_service_get_matching_service_bin */ 1888 kern_return_t is_io_service_get_matching_service_bin( 1889 mach_port_t master_port, 1890 io_struct_inband_t matching, 1891 mach_msg_type_number_t matchingCnt, 1892 io_object_t *service) 1893 { 1894 return (internal_io_service_get_matching_service(master_port, matching, matchingCnt, service)); 1895 } 1896 1897 static kern_return_t internal_io_service_add_notification( 1898 mach_port_t master_port, 1899 io_name_t notification_type, 1900 const char * matching, 1901 size_t matching_size, 1902 mach_port_t port, 1903 void * reference, 1904 vm_size_t referenceSize, 1905 bool client64, 1906 io_object_t * notification ) 1907 { 1908 IOServiceUserNotification * userNotify = 0; 1909 IONotifier * notify = 0; 1910 const OSSymbol * sym; 1911 OSDictionary * dict; 1912 IOReturn err; 1913 unsigned long int userMsgType; 1914 1915 if( master_port != master_device_port) 1916 return( kIOReturnNotPrivileged); 1917 1918 do { 1919 err = kIOReturnNoResources; 1920 1921 if( !(sym = OSSymbol::withCString( notification_type ))) 1922 err = kIOReturnNoResources; 1923 1924 if (matching_size) 1925 { 1926 dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching, matching_size)); 1927 } 1928 else 1929 { 1930 dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching)); 1931 } 1932 1933 if (!dict) { 1934 err = kIOReturnBadArgument; 1935 continue; 1936 } 1937 1938 if( (sym == gIOPublishNotification) 1939 || (sym == gIOFirstPublishNotification)) 1940 userMsgType = kIOServicePublishNotificationType; 1941 else if( (sym == gIOMatchedNotification) 1942 || (sym == gIOFirstMatchNotification)) 1943 userMsgType = kIOServiceMatchedNotificationType; 1944 else if( sym == gIOTerminatedNotification) 1945 userMsgType = kIOServiceTerminatedNotificationType; 1946 else 1947 userMsgType = kLastIOKitNotificationType; 1948 1949 userNotify = new IOServiceUserNotification; 1950 1951 if( userNotify && !userNotify->init( port, userMsgType, 1952 reference, referenceSize, client64)) { 1953 iokit_release_port_send(port); 1954 userNotify->release(); 1955 userNotify = 0; 1956 } 1957 if( !userNotify) 1958 continue; 1959 1960 notify = IOService::addMatchingNotification( sym, dict, 1961 &userNotify->_handler, userNotify ); 1962 if( notify) { 1963 *notification = userNotify; 1964 userNotify->setNotification( notify ); 1965 err = kIOReturnSuccess; 1966 } else 1967 err = kIOReturnUnsupported; 1968 1969 } while( false ); 1970 1971 if( sym) 1972 sym->release(); 1973 if( dict) 1974 dict->release(); 1975 1976 return( err ); 1977 } 1978 1979 1980 /* Routine io_service_add_notification */ 1981 kern_return_t is_io_service_add_notification( 1982 mach_port_t master_port, 1983 io_name_t notification_type, 1984 io_string_t matching, 1985 mach_port_t port, 1986 io_async_ref_t reference, 1987 mach_msg_type_number_t referenceCnt, 1988 io_object_t * notification ) 1989 { 1990 return (internal_io_service_add_notification(master_port, notification_type, 1991 matching, 0, port, &reference[0], sizeof(io_async_ref_t), 1992 false, notification)); 1993 } 1994 1995 /* Routine io_service_add_notification_64 */ 1996 kern_return_t is_io_service_add_notification_64( 1997 mach_port_t master_port, 1998 io_name_t notification_type, 1999 io_string_t matching, 2000 mach_port_t wake_port, 2001 io_async_ref64_t reference, 2002 mach_msg_type_number_t referenceCnt, 2003 io_object_t *notification ) 2004 { 2005 return (internal_io_service_add_notification(master_port, notification_type, 2006 matching, 0, wake_port, &reference[0], sizeof(io_async_ref64_t), 2007 true, notification)); 2008 } 2009 2010 /* Routine io_service_add_notification_bin */ 2011 kern_return_t is_io_service_add_notification_bin 2012 ( 2013 mach_port_t master_port, 2014 io_name_t notification_type, 2015 io_struct_inband_t matching, 2016 mach_msg_type_number_t matchingCnt, 2017 mach_port_t wake_port, 2018 io_async_ref_t reference, 2019 mach_msg_type_number_t referenceCnt, 2020 io_object_t *notification) 2021 { 2022 return (internal_io_service_add_notification(master_port, notification_type, 2023 matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref_t), 2024 false, notification)); 2025 } 2026 2027 /* Routine io_service_add_notification_bin_64 */ 2028 kern_return_t is_io_service_add_notification_bin_64 2029 ( 2030 mach_port_t master_port, 2031 io_name_t notification_type, 2032 io_struct_inband_t matching, 2033 mach_msg_type_number_t matchingCnt, 2034 mach_port_t wake_port, 2035 io_async_ref64_t reference, 2036 mach_msg_type_number_t referenceCnt, 2037 io_object_t *notification) 2038 { 2039 return (internal_io_service_add_notification(master_port, notification_type, 2040 matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref64_t), 2041 true, notification)); 2042 } 2043 2044 static kern_return_t internal_io_service_add_notification_ool( 2045 mach_port_t master_port, 2046 io_name_t notification_type, 2047 io_buf_ptr_t matching, 2048 mach_msg_type_number_t matchingCnt, 2049 mach_port_t wake_port, 2050 void * reference, 2051 vm_size_t referenceSize, 2052 bool client64, 2053 kern_return_t *result, 2054 io_object_t *notification ) 2055 { 2056 kern_return_t kr; 2057 vm_offset_t data; 2058 vm_map_offset_t map_data; 2059 2060 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching ); 2061 data = CAST_DOWN(vm_offset_t, map_data); 2062 2063 if( KERN_SUCCESS == kr) { 2064 // must return success after vm_map_copyout() succeeds 2065 *result = internal_io_service_add_notification( master_port, notification_type, 2066 (char *) data, matchingCnt, wake_port, reference, referenceSize, client64, notification ); 2067 vm_deallocate( kernel_map, data, matchingCnt ); 2068 } 2069 2070 return( kr ); 2071 } 2072 2073 /* Routine io_service_add_notification_ool */ 2074 kern_return_t is_io_service_add_notification_ool( 2075 mach_port_t master_port, 2076 io_name_t notification_type, 2077 io_buf_ptr_t matching, 2078 mach_msg_type_number_t matchingCnt, 2079 mach_port_t wake_port, 2080 io_async_ref_t reference, 2081 mach_msg_type_number_t referenceCnt, 2082 kern_return_t *result, 2083 io_object_t *notification ) 2084 { 2085 return (internal_io_service_add_notification_ool(master_port, notification_type, 2086 matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref_t), 2087 false, result, notification)); 2088 } 2089 2090 /* Routine io_service_add_notification_ool_64 */ 2091 kern_return_t is_io_service_add_notification_ool_64( 2092 mach_port_t master_port, 2093 io_name_t notification_type, 2094 io_buf_ptr_t matching, 2095 mach_msg_type_number_t matchingCnt, 2096 mach_port_t wake_port, 2097 io_async_ref64_t reference, 2098 mach_msg_type_number_t referenceCnt, 2099 kern_return_t *result, 2100 io_object_t *notification ) 2101 { 2102 return (internal_io_service_add_notification_ool(master_port, notification_type, 2103 matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref64_t), 2104 true, result, notification)); 2105 } 2106 2107 /* Routine io_service_add_notification_old */ 2108 kern_return_t is_io_service_add_notification_old( 2109 mach_port_t master_port, 2110 io_name_t notification_type, 2111 io_string_t matching, 2112 mach_port_t port, 2113 // for binary compatibility reasons, this must be natural_t for ILP32 2114 natural_t ref, 2115 io_object_t * notification ) 2116 { 2117 return( is_io_service_add_notification( master_port, notification_type, 2118 matching, port, &ref, 1, notification )); 2119 } 2120 2121 2122 static kern_return_t internal_io_service_add_interest_notification( 2123 io_object_t _service, 2124 io_name_t type_of_interest, 2125 mach_port_t port, 2126 void * reference, 2127 vm_size_t referenceSize, 2128 bool client64, 2129 io_object_t * notification ) 2130 { 2131 2132 IOServiceMessageUserNotification * userNotify = 0; 2133 IONotifier * notify = 0; 2134 const OSSymbol * sym; 2135 IOReturn err; 2136 2137 CHECK( IOService, _service, service ); 2138 2139 err = kIOReturnNoResources; 2140 if( (sym = OSSymbol::withCString( type_of_interest ))) do { 2141 2142 userNotify = new IOServiceMessageUserNotification; 2143 2144 if( userNotify && !userNotify->init( port, kIOServiceMessageNotificationType, 2145 reference, referenceSize, 2146 kIOUserNotifyMaxMessageSize, 2147 client64 )) { 2148 iokit_release_port_send(port); 2149 userNotify->release(); 2150 userNotify = 0; 2151 } 2152 if( !userNotify) 2153 continue; 2154 2155 notify = service->registerInterest( sym, 2156 &userNotify->_handler, userNotify ); 2157 if( notify) { 2158 *notification = userNotify; 2159 userNotify->setNotification( notify ); 2160 err = kIOReturnSuccess; 2161 } else 2162 err = kIOReturnUnsupported; 2163 2164 sym->release(); 2165 2166 } while( false ); 2167 2168 return( err ); 2169 } 2170 2171 /* Routine io_service_add_message_notification */ 2172 kern_return_t is_io_service_add_interest_notification( 2173 io_object_t service, 2174 io_name_t type_of_interest, 2175 mach_port_t port, 2176 io_async_ref_t reference, 2177 mach_msg_type_number_t referenceCnt, 2178 io_object_t * notification ) 2179 { 2180 return (internal_io_service_add_interest_notification(service, type_of_interest, 2181 port, &reference[0], sizeof(io_async_ref_t), false, notification)); 2182 } 2183 2184 /* Routine io_service_add_interest_notification_64 */ 2185 kern_return_t is_io_service_add_interest_notification_64( 2186 io_object_t service, 2187 io_name_t type_of_interest, 2188 mach_port_t wake_port, 2189 io_async_ref64_t reference, 2190 mach_msg_type_number_t referenceCnt, 2191 io_object_t *notification ) 2192 { 2193 return (internal_io_service_add_interest_notification(service, type_of_interest, 2194 wake_port, &reference[0], sizeof(io_async_ref64_t), true, notification)); 2195 } 2196 2197 2198 /* Routine io_service_acknowledge_notification */ 2199 kern_return_t is_io_service_acknowledge_notification( 2200 io_object_t _service, 2201 natural_t notify_ref, 2202 natural_t response ) 2203 { 2204 CHECK( IOService, _service, service ); 2205 2206 return( service->acknowledgeNotification( (IONotificationRef)(uintptr_t) notify_ref, 2207 (IOOptionBits) response )); 2208 2209 } 2210 2211 /* Routine io_connect_get_semaphore */ 2212 kern_return_t is_io_connect_get_notification_semaphore( 2213 io_connect_t connection, 2214 natural_t notification_type, 2215 semaphore_t *semaphore ) 2216 { 2217 CHECK( IOUserClient, connection, client ); 2218 2219 IOStatisticsClientCall(); 2220 return( client->getNotificationSemaphore( (UInt32) notification_type, 2221 semaphore )); 2222 } 2223 2224 /* Routine io_registry_get_root_entry */ 2225 kern_return_t is_io_registry_get_root_entry( 2226 mach_port_t master_port, 2227 io_object_t *root ) 2228 { 2229 IORegistryEntry * entry; 2230 2231 if( master_port != master_device_port) 2232 return( kIOReturnNotPrivileged); 2233 2234 entry = IORegistryEntry::getRegistryRoot(); 2235 if( entry) 2236 entry->retain(); 2237 *root = entry; 2238 2239 return( kIOReturnSuccess ); 2240 } 2241 2242 /* Routine io_registry_create_iterator */ 2243 kern_return_t is_io_registry_create_iterator( 2244 mach_port_t master_port, 2245 io_name_t plane, 2246 uint32_t options, 2247 io_object_t *iterator ) 2248 { 2249 if( master_port != master_device_port) 2250 return( kIOReturnNotPrivileged); 2251 2252 *iterator = IORegistryIterator::iterateOver( 2253 IORegistryEntry::getPlane( plane ), options ); 2254 2255 return( *iterator ? kIOReturnSuccess : kIOReturnBadArgument ); 2256 } 2257 2258 /* Routine io_registry_entry_create_iterator */ 2259 kern_return_t is_io_registry_entry_create_iterator( 2260 io_object_t registry_entry, 2261 io_name_t plane, 2262 uint32_t options, 2263 io_object_t *iterator ) 2264 { 2265 CHECK( IORegistryEntry, registry_entry, entry ); 2266 2267 *iterator = IORegistryIterator::iterateOver( entry, 2268 IORegistryEntry::getPlane( plane ), options ); 2269 2270 return( *iterator ? kIOReturnSuccess : kIOReturnBadArgument ); 2271 } 2272 2273 /* Routine io_registry_iterator_enter */ 2274 kern_return_t is_io_registry_iterator_enter_entry( 2275 io_object_t iterator ) 2276 { 2277 CHECK( IORegistryIterator, iterator, iter ); 2278 2279 iter->enterEntry(); 2280 2281 return( kIOReturnSuccess ); 2282 } 2283 2284 /* Routine io_registry_iterator_exit */ 2285 kern_return_t is_io_registry_iterator_exit_entry( 2286 io_object_t iterator ) 2287 { 2288 bool didIt; 2289 2290 CHECK( IORegistryIterator, iterator, iter ); 2291 2292 didIt = iter->exitEntry(); 2293 2294 return( didIt ? kIOReturnSuccess : kIOReturnNoDevice ); 2295 } 2296 2297 /* Routine io_registry_entry_from_path */ 2298 kern_return_t is_io_registry_entry_from_path( 2299 mach_port_t master_port, 2300 io_string_t path, 2301 io_object_t *registry_entry ) 2302 { 2303 IORegistryEntry * entry; 2304 2305 if( master_port != master_device_port) 2306 return( kIOReturnNotPrivileged); 2307 2308 entry = IORegistryEntry::fromPath( path ); 2309 2310 *registry_entry = entry; 2311 2312 return( kIOReturnSuccess ); 2313 } 2314 2315 /* Routine io_registry_entry_in_plane */ 2316 kern_return_t is_io_registry_entry_in_plane( 2317 io_object_t registry_entry, 2318 io_name_t plane, 2319 boolean_t *inPlane ) 2320 { 2321 CHECK( IORegistryEntry, registry_entry, entry ); 2322 2323 *inPlane = entry->inPlane( IORegistryEntry::getPlane( plane )); 2324 2325 return( kIOReturnSuccess ); 2326 } 2327 2328 2329 /* Routine io_registry_entry_get_path */ 2330 kern_return_t is_io_registry_entry_get_path( 2331 io_object_t registry_entry, 2332 io_name_t plane, 2333 io_string_t path ) 2334 { 2335 int length; 2336 CHECK( IORegistryEntry, registry_entry, entry ); 2337 2338 length = sizeof( io_string_t); 2339 if( entry->getPath( path, &length, IORegistryEntry::getPlane( plane ))) 2340 return( kIOReturnSuccess ); 2341 else 2342 return( kIOReturnBadArgument ); 2343 } 2344 2345 2346 /* Routine io_registry_entry_get_name */ 2347 kern_return_t is_io_registry_entry_get_name( 2348 io_object_t registry_entry, 2349 io_name_t name ) 2350 { 2351 CHECK( IORegistryEntry, registry_entry, entry ); 2352 2353 strncpy( name, entry->getName(), sizeof( io_name_t)); 2354 2355 return( kIOReturnSuccess ); 2356 } 2357 2358 /* Routine io_registry_entry_get_name_in_plane */ 2359 kern_return_t is_io_registry_entry_get_name_in_plane( 2360 io_object_t registry_entry, 2361 io_name_t planeName, 2362 io_name_t name ) 2363 { 2364 const IORegistryPlane * plane; 2365 CHECK( IORegistryEntry, registry_entry, entry ); 2366 2367 if( planeName[0]) 2368 plane = IORegistryEntry::getPlane( planeName ); 2369 else 2370 plane = 0; 2371 2372 strncpy( name, entry->getName( plane), sizeof( io_name_t)); 2373 2374 return( kIOReturnSuccess ); 2375 } 2376 2377 /* Routine io_registry_entry_get_location_in_plane */ 2378 kern_return_t is_io_registry_entry_get_location_in_plane( 2379 io_object_t registry_entry, 2380 io_name_t planeName, 2381 io_name_t location ) 2382 { 2383 const IORegistryPlane * plane; 2384 CHECK( IORegistryEntry, registry_entry, entry ); 2385 2386 if( planeName[0]) 2387 plane = IORegistryEntry::getPlane( planeName ); 2388 else 2389 plane = 0; 2390 2391 const char * cstr = entry->getLocation( plane ); 2392 2393 if( cstr) { 2394 strncpy( location, cstr, sizeof( io_name_t)); 2395 return( kIOReturnSuccess ); 2396 } else 2397 return( kIOReturnNotFound ); 2398 } 2399 2400 /* Routine io_registry_entry_get_registry_entry_id */ 2401 kern_return_t is_io_registry_entry_get_registry_entry_id( 2402 io_object_t registry_entry, 2403 uint64_t *entry_id ) 2404 { 2405 CHECK( IORegistryEntry, registry_entry, entry ); 2406 2407 *entry_id = entry->getRegistryEntryID(); 2408 2409 return (kIOReturnSuccess); 2410 } 2411 2412 // Create a vm_map_copy_t or kalloc'ed data for memory 2413 // to be copied out. ipc will free after the copyout. 2414 2415 static kern_return_t copyoutkdata( const void * data, vm_size_t len, 2416 io_buf_ptr_t * buf ) 2417 { 2418 kern_return_t err; 2419 vm_map_copy_t copy; 2420 2421 err = vm_map_copyin( kernel_map, CAST_USER_ADDR_T(data), len, 2422 false /* src_destroy */, ©); 2423 2424 assert( err == KERN_SUCCESS ); 2425 if( err == KERN_SUCCESS ) 2426 *buf = (char *) copy; 2427 2428 return( err ); 2429 } 2430 2431 /* Routine io_registry_entry_get_property */ 2432 kern_return_t is_io_registry_entry_get_property_bytes( 2433 io_object_t registry_entry, 2434 io_name_t property_name, 2435 io_struct_inband_t buf, 2436 mach_msg_type_number_t *dataCnt ) 2437 { 2438 OSObject * obj; 2439 OSData * data; 2440 OSString * str; 2441 OSBoolean * boo; 2442 OSNumber * off; 2443 UInt64 offsetBytes; 2444 unsigned int len = 0; 2445 const void * bytes = 0; 2446 IOReturn ret = kIOReturnSuccess; 2447 2448 CHECK( IORegistryEntry, registry_entry, entry ); 2449 2450 #if CONFIG_MACF 2451 if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name)) 2452 return kIOReturnNotPermitted; 2453 #endif 2454 2455 obj = entry->copyProperty(property_name); 2456 if( !obj) 2457 return( kIOReturnNoResources ); 2458 2459 // One day OSData will be a common container base class 2460 // until then... 2461 if( (data = OSDynamicCast( OSData, obj ))) { 2462 len = data->getLength(); 2463 bytes = data->getBytesNoCopy(); 2464 2465 } else if( (str = OSDynamicCast( OSString, obj ))) { 2466 len = str->getLength() + 1; 2467 bytes = str->getCStringNoCopy(); 2468 2469 } else if( (boo = OSDynamicCast( OSBoolean, obj ))) { 2470 len = boo->isTrue() ? sizeof("Yes") : sizeof("No"); 2471 bytes = boo->isTrue() ? "Yes" : "No"; 2472 2473 } else if( (off = OSDynamicCast( OSNumber, obj ))) { 2474 offsetBytes = off->unsigned64BitValue(); 2475 len = off->numberOfBytes(); 2476 bytes = &offsetBytes; 2477 #ifdef __BIG_ENDIAN__ 2478 bytes = (const void *) 2479 (((UInt32) bytes) + (sizeof( UInt64) - len)); 2480 #endif 2481 2482 } else 2483 ret = kIOReturnBadArgument; 2484 2485 if( bytes) { 2486 if( *dataCnt < len) 2487 ret = kIOReturnIPCError; 2488 else { 2489 *dataCnt = len; 2490 bcopy( bytes, buf, len ); 2491 } 2492 } 2493 obj->release(); 2494 2495 return( ret ); 2496 } 2497 2498 2499 /* Routine io_registry_entry_get_property */ 2500 kern_return_t is_io_registry_entry_get_property( 2501 io_object_t registry_entry, 2502 io_name_t property_name, 2503 io_buf_ptr_t *properties, 2504 mach_msg_type_number_t *propertiesCnt ) 2505 { 2506 kern_return_t err; 2507 vm_size_t len; 2508 OSObject * obj; 2509 2510 CHECK( IORegistryEntry, registry_entry, entry ); 2511 2512 #if CONFIG_MACF 2513 if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name)) 2514 return kIOReturnNotPermitted; 2515 #endif 2516 2517 obj = entry->copyProperty(property_name); 2518 if( !obj) 2519 return( kIOReturnNotFound ); 2520 2521 OSSerialize * s = OSSerialize::withCapacity(4096); 2522 if( !s) { 2523 obj->release(); 2524 return( kIOReturnNoMemory ); 2525 } 2526 2527 if( obj->serialize( s )) { 2528 len = s->getLength(); 2529 *propertiesCnt = len; 2530 err = copyoutkdata( s->text(), len, properties ); 2531 2532 } else 2533 err = kIOReturnUnsupported; 2534 2535 s->release(); 2536 obj->release(); 2537 2538 return( err ); 2539 } 2540 2541 /* Routine io_registry_entry_get_property_recursively */ 2542 kern_return_t is_io_registry_entry_get_property_recursively( 2543 io_object_t registry_entry, 2544 io_name_t plane, 2545 io_name_t property_name, 2546 uint32_t options, 2547 io_buf_ptr_t *properties, 2548 mach_msg_type_number_t *propertiesCnt ) 2549 { 2550 kern_return_t err; 2551 vm_size_t len; 2552 OSObject * obj; 2553 2554 CHECK( IORegistryEntry, registry_entry, entry ); 2555 2556 #if CONFIG_MACF 2557 if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name)) 2558 return kIOReturnNotPermitted; 2559 #endif 2560 2561 obj = entry->copyProperty( property_name, 2562 IORegistryEntry::getPlane( plane ), options); 2563 if( !obj) 2564 return( kIOReturnNotFound ); 2565 2566 OSSerialize * s = OSSerialize::withCapacity(4096); 2567 if( !s) { 2568 obj->release(); 2569 return( kIOReturnNoMemory ); 2570 } 2571 2572 if( obj->serialize( s )) { 2573 len = s->getLength(); 2574 *propertiesCnt = len; 2575 err = copyoutkdata( s->text(), len, properties ); 2576 2577 } else 2578 err = kIOReturnUnsupported; 2579 2580 s->release(); 2581 obj->release(); 2582 2583 return( err ); 2584 } 2585 2586 #if CONFIG_MACF 2587 2588 static kern_return_t 2589 filteredProperties(IORegistryEntry *entry, OSDictionary *properties, OSDictionary **filteredp) 2590 { 2591 kern_return_t err = 0; 2592 OSDictionary *filtered = NULL; 2593 OSCollectionIterator *iter = NULL; 2594 OSSymbol *key; 2595 OSObject *p; 2596 kauth_cred_t cred = kauth_cred_get(); 2597 2598 if (properties == NULL) 2599 return kIOReturnUnsupported; 2600 2601 if ((iter = OSCollectionIterator::withCollection(properties)) == NULL || 2602 (filtered = OSDictionary::withCapacity(properties->getCapacity())) == NULL) { 2603 err = kIOReturnNoMemory; 2604 goto out; 2605 } 2606 2607 while ((p = iter->getNextObject()) != NULL) { 2608 if ((key = OSDynamicCast(OSSymbol, p)) == NULL || 2609 mac_iokit_check_get_property(cred, entry, key->getCStringNoCopy()) != 0) 2610 continue; 2611 filtered->setObject(key, properties->getObject(key)); 2612 } 2613 2614 out: 2615 if (iter != NULL) 2616 iter->release(); 2617 *filteredp = filtered; 2618 return err; 2619 } 2620 2621 #endif 2622 2623 /* Routine io_registry_entry_get_properties */ 2624 kern_return_t is_io_registry_entry_get_properties( 2625 io_object_t registry_entry, 2626 io_buf_ptr_t *properties, 2627 mach_msg_type_number_t *propertiesCnt ) 2628 { 2629 kern_return_t err = 0; 2630 vm_size_t len; 2631 2632 CHECK( IORegistryEntry, registry_entry, entry ); 2633 2634 OSSerialize * s = OSSerialize::withCapacity(4096); 2635 if( !s) 2636 return( kIOReturnNoMemory ); 2637 2638 if (!entry->serializeProperties(s)) 2639 err = kIOReturnUnsupported; 2640 2641 #if CONFIG_MACF 2642 if (!err && mac_iokit_check_filter_properties(kauth_cred_get(), entry)) { 2643 OSObject *propobj = OSUnserializeXML(s->text(), s->getLength()); 2644 OSDictionary *filteredprops = NULL; 2645 err = filteredProperties(entry, OSDynamicCast(OSDictionary, propobj), &filteredprops); 2646 if (propobj) propobj->release(); 2647 2648 if (!err) { 2649 s->clearText(); 2650 if (!filteredprops->serialize(s)) 2651 err = kIOReturnUnsupported; 2652 } 2653 if (filteredprops != NULL) 2654 filteredprops->release(); 2655 } 2656 #endif /* CONFIG_MACF */ 2657 2658 if (!err) { 2659 len = s->getLength(); 2660 *propertiesCnt = len; 2661 err = copyoutkdata( s->text(), len, properties ); 2662 } 2663 2664 s->release(); 2665 return( err ); 2666 } 2667 2668 #if CONFIG_MACF 2669 2670 struct GetPropertiesEditorRef 2671 { 2672 kauth_cred_t cred; 2673 IORegistryEntry * entry; 2674 OSCollection * root; 2675 }; 2676 2677 static const OSMetaClassBase * 2678 GetPropertiesEditor(void * reference, 2679 OSSerialize * s, 2680 OSCollection * container, 2681 const OSSymbol * name, 2682 const OSMetaClassBase * value) 2683 { 2684 GetPropertiesEditorRef * ref = (typeof(ref)) reference; 2685 2686 if (!ref->root) ref->root = container; 2687 if (ref->root == container) 2688 { 2689 if (0 != mac_iokit_check_get_property(ref->cred, ref->entry, name->getCStringNoCopy())) 2690 { 2691 value = 0; 2692 } 2693 } 2694 if (value) value->retain(); 2695 return (value); 2696 } 2697 2698 #endif /* CONFIG_MACF */ 2699 2700 /* Routine io_registry_entry_get_properties */ 2701 kern_return_t is_io_registry_entry_get_properties_bin( 2702 io_object_t registry_entry, 2703 io_buf_ptr_t *properties, 2704 mach_msg_type_number_t *propertiesCnt) 2705 { 2706 kern_return_t err = kIOReturnSuccess; 2707 vm_size_t len; 2708 OSSerialize * s; 2709 OSSerialize::Editor editor = 0; 2710 void * editRef = 0; 2711 2712 CHECK(IORegistryEntry, registry_entry, entry); 2713 2714 #if CONFIG_MACF 2715 GetPropertiesEditorRef ref; 2716 if (mac_iokit_check_filter_properties(kauth_cred_get(), entry)) 2717 { 2718 editor = &GetPropertiesEditor; 2719 editRef = &ref; 2720 ref.cred = kauth_cred_get(); 2721 ref.entry = entry; 2722 ref.root = 0; 2723 } 2724 #endif 2725 2726 s = OSSerialize::binaryWithCapacity(4096, editor, editRef); 2727 if (!s) return (kIOReturnNoMemory); 2728 2729 if (!entry->serializeProperties(s)) err = kIOReturnUnsupported; 2730 2731 if (kIOReturnSuccess == err) 2732 { 2733 len = s->getLength(); 2734 *propertiesCnt = len; 2735 err = copyoutkdata(s->text(), len, properties); 2736 } 2737 s->release(); 2738 2739 return (err); 2740 } 2741 2742 /* Routine io_registry_entry_get_property_bin */ 2743 kern_return_t is_io_registry_entry_get_property_bin( 2744 io_object_t registry_entry, 2745 io_name_t plane, 2746 io_name_t property_name, 2747 uint32_t options, 2748 io_buf_ptr_t *properties, 2749 mach_msg_type_number_t *propertiesCnt ) 2750 { 2751 kern_return_t err; 2752 vm_size_t len; 2753 OSObject * obj; 2754 const OSSymbol * sym; 2755 2756 CHECK( IORegistryEntry, registry_entry, entry ); 2757 2758 #if CONFIG_MACF 2759 if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name)) 2760 return kIOReturnNotPermitted; 2761 #endif 2762 2763 if ((kIORegistryIterateRecursively & options) && plane[0]) 2764 { 2765 obj = entry->copyProperty(property_name, 2766 IORegistryEntry::getPlane(plane), options); 2767 } 2768 else 2769 { 2770 obj = entry->copyProperty(property_name); 2771 } 2772 2773 if( !obj) 2774 return( kIOReturnNotFound ); 2775 2776 sym = OSSymbol::withCString(property_name); 2777 if (sym) 2778 { 2779 if (gIORemoveOnReadProperties->containsObject(sym)) entry->removeProperty(sym); 2780 sym->release(); 2781 } 2782 2783 OSSerialize * s = OSSerialize::binaryWithCapacity(4096); 2784 if( !s) { 2785 obj->release(); 2786 return( kIOReturnNoMemory ); 2787 } 2788 2789 if( obj->serialize( s )) { 2790 len = s->getLength(); 2791 *propertiesCnt = len; 2792 err = copyoutkdata( s->text(), len, properties ); 2793 2794 } else err = kIOReturnUnsupported; 2795 2796 s->release(); 2797 obj->release(); 2798 2799 return( err ); 2800 } 2801 2802 /* Routine io_registry_entry_set_properties */ 2803 kern_return_t is_io_registry_entry_set_properties 2804 ( 2805 io_object_t registry_entry, 2806 io_buf_ptr_t properties, 2807 mach_msg_type_number_t propertiesCnt, 2808 kern_return_t * result) 2809 { 2810 OSObject * obj; 2811 kern_return_t err; 2812 IOReturn res; 2813 vm_offset_t data; 2814 vm_map_offset_t map_data; 2815 2816 CHECK( IORegistryEntry, registry_entry, entry ); 2817 2818 if( propertiesCnt > sizeof(io_struct_inband_t) * 1024) 2819 return( kIOReturnMessageTooLarge); 2820 2821 err = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) properties ); 2822 data = CAST_DOWN(vm_offset_t, map_data); 2823 2824 if( KERN_SUCCESS == err) { 2825 2826 // must return success after vm_map_copyout() succeeds 2827 obj = OSUnserializeXML( (const char *) data, propertiesCnt ); 2828 vm_deallocate( kernel_map, data, propertiesCnt ); 2829 2830 if (!obj) 2831 res = kIOReturnBadArgument; 2832 #if CONFIG_MACF 2833 else if (0 != mac_iokit_check_set_properties(kauth_cred_get(), 2834 registry_entry, obj)) 2835 { 2836 res = kIOReturnNotPermitted; 2837 } 2838 #endif 2839 else 2840 { 2841 res = entry->setProperties( obj ); 2842 } 2843 2844 if (obj) 2845 obj->release(); 2846 } else 2847 res = err; 2848 2849 *result = res; 2850 return( err ); 2851 } 2852 2853 /* Routine io_registry_entry_get_child_iterator */ 2854 kern_return_t is_io_registry_entry_get_child_iterator( 2855 io_object_t registry_entry, 2856 io_name_t plane, 2857 io_object_t *iterator ) 2858 { 2859 CHECK( IORegistryEntry, registry_entry, entry ); 2860 2861 *iterator = entry->getChildIterator( 2862 IORegistryEntry::getPlane( plane )); 2863 2864 return( kIOReturnSuccess ); 2865 } 2866 2867 /* Routine io_registry_entry_get_parent_iterator */ 2868 kern_return_t is_io_registry_entry_get_parent_iterator( 2869 io_object_t registry_entry, 2870 io_name_t plane, 2871 io_object_t *iterator) 2872 { 2873 CHECK( IORegistryEntry, registry_entry, entry ); 2874 2875 *iterator = entry->getParentIterator( 2876 IORegistryEntry::getPlane( plane )); 2877 2878 return( kIOReturnSuccess ); 2879 } 2880 2881 /* Routine io_service_get_busy_state */ 2882 kern_return_t is_io_service_get_busy_state( 2883 io_object_t _service, 2884 uint32_t *busyState ) 2885 { 2886 CHECK( IOService, _service, service ); 2887 2888 *busyState = service->getBusyState(); 2889 2890 return( kIOReturnSuccess ); 2891 } 2892 2893 /* Routine io_service_get_state */ 2894 kern_return_t is_io_service_get_state( 2895 io_object_t _service, 2896 uint64_t *state, 2897 uint32_t *busy_state, 2898 uint64_t *accumulated_busy_time ) 2899 { 2900 CHECK( IOService, _service, service ); 2901 2902 *state = service->getState(); 2903 *busy_state = service->getBusyState(); 2904 *accumulated_busy_time = service->getAccumulatedBusyTime(); 2905 2906 return( kIOReturnSuccess ); 2907 } 2908 2909 /* Routine io_service_wait_quiet */ 2910 kern_return_t is_io_service_wait_quiet( 2911 io_object_t _service, 2912 mach_timespec_t wait_time ) 2913 { 2914 uint64_t timeoutNS; 2915 2916 CHECK( IOService, _service, service ); 2917 2918 timeoutNS = wait_time.tv_sec; 2919 timeoutNS *= kSecondScale; 2920 timeoutNS += wait_time.tv_nsec; 2921 2922 return( service->waitQuiet(timeoutNS) ); 2923 } 2924 2925 /* Routine io_service_request_probe */ 2926 kern_return_t is_io_service_request_probe( 2927 io_object_t _service, 2928 uint32_t options ) 2929 { 2930 CHECK( IOService, _service, service ); 2931 2932 return( service->requestProbe( options )); 2933 } 2934 2935 /* Routine io_service_get_authorization_id */ 2936 kern_return_t is_io_service_get_authorization_id( 2937 io_object_t _service, 2938 uint64_t *authorization_id ) 2939 { 2940 kern_return_t kr; 2941 2942 CHECK( IOService, _service, service ); 2943 2944 kr = IOUserClient::clientHasPrivilege( (void *) current_task(), 2945 kIOClientPrivilegeAdministrator ); 2946 if( kIOReturnSuccess != kr) 2947 return( kr ); 2948 2949 *authorization_id = service->getAuthorizationID(); 2950 2951 return( kr ); 2952 } 2953 2954 /* Routine io_service_set_authorization_id */ 2955 kern_return_t is_io_service_set_authorization_id( 2956 io_object_t _service, 2957 uint64_t authorization_id ) 2958 { 2959 CHECK( IOService, _service, service ); 2960 2961 return( service->setAuthorizationID( authorization_id ) ); 2962 } 2963 2964 /* Routine io_service_open_ndr */ 2965 kern_return_t is_io_service_open_extended( 2966 io_object_t _service, 2967 task_t owningTask, 2968 uint32_t connect_type, 2969 NDR_record_t ndr, 2970 io_buf_ptr_t properties, 2971 mach_msg_type_number_t propertiesCnt, 2972 kern_return_t * result, 2973 io_object_t *connection ) 2974 { 2975 IOUserClient * client = 0; 2976 kern_return_t err = KERN_SUCCESS; 2977 IOReturn res = kIOReturnSuccess; 2978 OSDictionary * propertiesDict = 0; 2979 bool crossEndian; 2980 bool disallowAccess; 2981 2982 CHECK( IOService, _service, service ); 2983 2984 do 2985 { 2986 if (properties) 2987 { 2988 OSObject * obj; 2989 vm_offset_t data; 2990 vm_map_offset_t map_data; 2991 2992 if( propertiesCnt > sizeof(io_struct_inband_t)) 2993 return( kIOReturnMessageTooLarge); 2994 2995 err = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) properties ); 2996 res = err; 2997 data = CAST_DOWN(vm_offset_t, map_data); 2998 if (KERN_SUCCESS == err) 2999 { 3000 // must return success after vm_map_copyout() succeeds 3001 obj = OSUnserializeXML( (const char *) data, propertiesCnt ); 3002 vm_deallocate( kernel_map, data, propertiesCnt ); 3003 propertiesDict = OSDynamicCast(OSDictionary, obj); 3004 if (!propertiesDict) 3005 { 3006 res = kIOReturnBadArgument; 3007 if (obj) 3008 obj->release(); 3009 } 3010 } 3011 if (kIOReturnSuccess != res) 3012 break; 3013 } 3014 3015 crossEndian = (ndr.int_rep != NDR_record.int_rep); 3016 if (crossEndian) 3017 { 3018 if (!propertiesDict) 3019 propertiesDict = OSDictionary::withCapacity(4); 3020 OSData * data = OSData::withBytes(&ndr, sizeof(ndr)); 3021 if (data) 3022 { 3023 if (propertiesDict) 3024 propertiesDict->setObject(kIOUserClientCrossEndianKey, data); 3025 data->release(); 3026 } 3027 } 3028 3029 res = service->newUserClient( owningTask, (void *) owningTask, 3030 connect_type, propertiesDict, &client ); 3031 3032 if (propertiesDict) 3033 propertiesDict->release(); 3034 3035 if (res == kIOReturnSuccess) 3036 { 3037 assert( OSDynamicCast(IOUserClient, client) ); 3038 3039 disallowAccess = (crossEndian 3040 && (kOSBooleanTrue != service->getProperty(kIOUserClientCrossEndianCompatibleKey)) 3041 && (kOSBooleanTrue != client->getProperty(kIOUserClientCrossEndianCompatibleKey))); 3042 if (disallowAccess) res = kIOReturnUnsupported; 3043 #if CONFIG_MACF 3044 else if (0 != mac_iokit_check_open(kauth_cred_get(), client, connect_type)) 3045 res = kIOReturnNotPermitted; 3046 #endif 3047 if (kIOReturnSuccess != res) 3048 { 3049 IOStatisticsClientCall(); 3050 client->clientClose(); 3051 client->release(); 3052 client = 0; 3053 break; 3054 } 3055 client->sharedInstance = (0 != client->getProperty(kIOUserClientSharedInstanceKey)); 3056 OSString * creatorName = IOCopyLogNameForPID(proc_selfpid()); 3057 if (creatorName) 3058 { 3059 client->setProperty(kIOUserClientCreatorKey, creatorName); 3060 creatorName->release(); 3061 } 3062 client->setTerminateDefer(service, false); 3063 } 3064 } 3065 while (false); 3066 3067 *connection = client; 3068 *result = res; 3069 3070 return (err); 3071 } 3072 3073 /* Routine io_service_close */ 3074 kern_return_t is_io_service_close( 3075 io_object_t connection ) 3076 { 3077 OSSet * mappings; 3078 if ((mappings = OSDynamicCast(OSSet, connection))) 3079 return( kIOReturnSuccess ); 3080 3081 CHECK( IOUserClient, connection, client ); 3082 3083 IOStatisticsClientCall(); 3084 client->clientClose(); 3085 3086 return( kIOReturnSuccess ); 3087 } 3088 3089 /* Routine io_connect_get_service */ 3090 kern_return_t is_io_connect_get_service( 3091 io_object_t connection, 3092 io_object_t *service ) 3093 { 3094 IOService * theService; 3095 3096 CHECK( IOUserClient, connection, client ); 3097 3098 theService = client->getService(); 3099 if( theService) 3100 theService->retain(); 3101 3102 *service = theService; 3103 3104 return( theService ? kIOReturnSuccess : kIOReturnUnsupported ); 3105 } 3106 3107 /* Routine io_connect_set_notification_port */ 3108 kern_return_t is_io_connect_set_notification_port( 3109 io_object_t connection, 3110 uint32_t notification_type, 3111 mach_port_t port, 3112 uint32_t reference) 3113 { 3114 CHECK( IOUserClient, connection, client ); 3115 3116 IOStatisticsClientCall(); 3117 return( client->registerNotificationPort( port, notification_type, 3118 (io_user_reference_t) reference )); 3119 } 3120 3121 /* Routine io_connect_set_notification_port */ 3122 kern_return_t is_io_connect_set_notification_port_64( 3123 io_object_t connection, 3124 uint32_t notification_type, 3125 mach_port_t port, 3126 io_user_reference_t reference) 3127 { 3128 CHECK( IOUserClient, connection, client ); 3129 3130 IOStatisticsClientCall(); 3131 return( client->registerNotificationPort( port, notification_type, 3132 reference )); 3133 } 3134 3135 /* Routine io_connect_map_memory_into_task */ 3136 kern_return_t is_io_connect_map_memory_into_task 3137 ( 3138 io_connect_t connection, 3139 uint32_t memory_type, 3140 task_t into_task, 3141 mach_vm_address_t *address, 3142 mach_vm_size_t *size, 3143 uint32_t flags 3144 ) 3145 { 3146 IOReturn err; 3147 IOMemoryMap * map; 3148 3149 CHECK( IOUserClient, connection, client ); 3150 3151 IOStatisticsClientCall(); 3152 map = client->mapClientMemory64( memory_type, into_task, flags, *address ); 3153 3154 if( map) { 3155 *address = map->getAddress(); 3156 if( size) 3157 *size = map->getSize(); 3158 3159 if( client->sharedInstance 3160 || (into_task != current_task())) { 3161 // push a name out to the task owning the map, 3162 // so we can clean up maps 3163 mach_port_name_t name __unused = 3164 IOMachPort::makeSendRightForTask( 3165 into_task, map, IKOT_IOKIT_OBJECT ); 3166 3167 } else { 3168 // keep it with the user client 3169 IOLockLock( gIOObjectPortLock); 3170 if( 0 == client->mappings) 3171 client->mappings = OSSet::withCapacity(2); 3172 if( client->mappings) 3173 client->mappings->setObject( map); 3174 IOLockUnlock( gIOObjectPortLock); 3175 map->release(); 3176 } 3177 err = kIOReturnSuccess; 3178 3179 } else 3180 err = kIOReturnBadArgument; 3181 3182 return( err ); 3183 } 3184 3185 /* Routine is_io_connect_map_memory */ 3186 kern_return_t is_io_connect_map_memory( 3187 io_object_t connect, 3188 uint32_t type, 3189 task_t task, 3190 uint32_t * mapAddr, 3191 uint32_t * mapSize, 3192 uint32_t flags ) 3193 { 3194 IOReturn err; 3195 mach_vm_address_t address; 3196 mach_vm_size_t size; 3197 3198 address = SCALAR64(*mapAddr); 3199 size = SCALAR64(*mapSize); 3200 3201 err = is_io_connect_map_memory_into_task(connect, type, task, &address, &size, flags); 3202 3203 *mapAddr = SCALAR32(address); 3204 *mapSize = SCALAR32(size); 3205 3206 return (err); 3207 } 3208 3209 } /* extern "C" */ 3210 3211 IOMemoryMap * IOUserClient::removeMappingForDescriptor(IOMemoryDescriptor * mem) 3212 { 3213 OSIterator * iter; 3214 IOMemoryMap * map = 0; 3215 3216 IOLockLock(gIOObjectPortLock); 3217 3218 iter = OSCollectionIterator::withCollection(mappings); 3219 if(iter) 3220 { 3221 while ((map = OSDynamicCast(IOMemoryMap, iter->getNextObject()))) 3222 { 3223 if(mem == map->getMemoryDescriptor()) 3224 { 3225 map->retain(); 3226 mappings->removeObject(map); 3227 break; 3228 } 3229 } 3230 iter->release(); 3231 } 3232 3233 IOLockUnlock(gIOObjectPortLock); 3234 3235 return (map); 3236 } 3237 3238 extern "C" { 3239 3240 /* Routine io_connect_unmap_memory_from_task */ 3241 kern_return_t is_io_connect_unmap_memory_from_task 3242 ( 3243 io_connect_t connection, 3244 uint32_t memory_type, 3245 task_t from_task, 3246 mach_vm_address_t address) 3247 { 3248 IOReturn err; 3249 IOOptionBits options = 0; 3250 IOMemoryDescriptor * memory; 3251 IOMemoryMap * map; 3252 3253 CHECK( IOUserClient, connection, client ); 3254 3255 IOStatisticsClientCall(); 3256 err = client->clientMemoryForType( (UInt32) memory_type, &options, &memory ); 3257 3258 if( memory && (kIOReturnSuccess == err)) { 3259 3260 options = (options & ~kIOMapUserOptionsMask) 3261 | kIOMapAnywhere | kIOMapReference; 3262 3263 map = memory->createMappingInTask( from_task, address, options ); 3264 memory->release(); 3265 if( map) 3266 { 3267 IOLockLock( gIOObjectPortLock); 3268 if( client->mappings) 3269 client->mappings->removeObject( map); 3270 IOLockUnlock( gIOObjectPortLock); 3271 3272 mach_port_name_t name = 0; 3273 if (from_task != current_task()) 3274 name = IOMachPort::makeSendRightForTask( from_task, map, IKOT_IOKIT_OBJECT ); 3275 if (name) 3276 { 3277 map->userClientUnmap(); 3278 err = iokit_mod_send_right( from_task, name, -2 ); 3279 err = kIOReturnSuccess; 3280 } 3281 else 3282 IOMachPort::releasePortForObject( map, IKOT_IOKIT_OBJECT ); 3283 if (from_task == current_task()) 3284 map->release(); 3285 } 3286 else 3287 err = kIOReturnBadArgument; 3288 } 3289 3290 return( err ); 3291 } 3292 3293 kern_return_t is_io_connect_unmap_memory( 3294 io_object_t connect, 3295 uint32_t type, 3296 task_t task, 3297 uint32_t mapAddr ) 3298 { 3299 IOReturn err; 3300 mach_vm_address_t address; 3301 3302 address = SCALAR64(mapAddr); 3303 3304 err = is_io_connect_unmap_memory_from_task(connect, type, task, mapAddr); 3305 3306 return (err); 3307 } 3308 3309 3310 /* Routine io_connect_add_client */ 3311 kern_return_t is_io_connect_add_client( 3312 io_object_t connection, 3313 io_object_t connect_to) 3314 { 3315 CHECK( IOUserClient, connection, client ); 3316 CHECK( IOUserClient, connect_to, to ); 3317 3318 IOStatisticsClientCall(); 3319 return( client->connectClient( to ) ); 3320 } 3321 3322 3323 /* Routine io_connect_set_properties */ 3324 kern_return_t is_io_connect_set_properties( 3325 io_object_t connection, 3326 io_buf_ptr_t properties, 3327 mach_msg_type_number_t propertiesCnt, 3328 kern_return_t * result) 3329 { 3330 return( is_io_registry_entry_set_properties( connection, properties, propertiesCnt, result )); 3331 } 3332 3333 /* Routine io_user_client_method */ 3334 kern_return_t is_io_connect_method_var_output 3335 ( 3336 io_connect_t connection, 3337 uint32_t selector, 3338 io_scalar_inband64_t scalar_input, 3339 mach_msg_type_number_t scalar_inputCnt, 3340 io_struct_inband_t inband_input, 3341 mach_msg_type_number_t inband_inputCnt, 3342 mach_vm_address_t ool_input, 3343 mach_vm_size_t ool_input_size, 3344 io_struct_inband_t inband_output, 3345 mach_msg_type_number_t *inband_outputCnt, 3346 io_scalar_inband64_t scalar_output, 3347 mach_msg_type_number_t *scalar_outputCnt, 3348 io_buf_ptr_t *var_output, 3349 mach_msg_type_number_t *var_outputCnt 3350 ) 3351 { 3352 CHECK( IOUserClient, connection, client ); 3353 3354 IOExternalMethodArguments args; 3355 IOReturn ret; 3356 IOMemoryDescriptor * inputMD = 0; 3357 OSObject * structureVariableOutputData = 0; 3358 3359 bzero(&args.__reserved[0], sizeof(args.__reserved)); 3360 args.version = kIOExternalMethodArgumentsCurrentVersion; 3361 3362 args.selector = selector; 3363 3364 args.asyncWakePort = MACH_PORT_NULL; 3365 args.asyncReference = 0; 3366 args.asyncReferenceCount = 0; 3367 args.structureVariableOutputData = &structureVariableOutputData; 3368 3369 args.scalarInput = scalar_input; 3370 args.scalarInputCount = scalar_inputCnt; 3371 args.structureInput = inband_input; 3372 args.structureInputSize = inband_inputCnt; 3373 3374 if (ool_input) 3375 inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size, 3376 kIODirectionOut, current_task()); 3377 3378 args.structureInputDescriptor = inputMD; 3379 3380 args.scalarOutput = scalar_output; 3381 args.scalarOutputCount = *scalar_outputCnt; 3382 bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0])); 3383 args.structureOutput = inband_output; 3384 args.structureOutputSize = *inband_outputCnt; 3385 args.structureOutputDescriptor = NULL; 3386 args.structureOutputDescriptorSize = 0; 3387 3388 IOStatisticsClientCall(); 3389 ret = client->externalMethod( selector, &args ); 3390 3391 *scalar_outputCnt = args.scalarOutputCount; 3392 *inband_outputCnt = args.structureOutputSize; 3393 3394 if (var_outputCnt && var_output && (kIOReturnSuccess == ret)) 3395 { 3396 OSSerialize * serialize; 3397 OSData * data; 3398 vm_size_t len; 3399 3400 if ((serialize = OSDynamicCast(OSSerialize, structureVariableOutputData))) 3401 { 3402 len = serialize->getLength(); 3403 *var_outputCnt = len; 3404 ret = copyoutkdata(serialize->text(), len, var_output); 3405 } 3406 else if ((data = OSDynamicCast(OSData, structureVariableOutputData))) 3407 { 3408 len = data->getLength(); 3409 *var_outputCnt = len; 3410 ret = copyoutkdata(data->getBytesNoCopy(), len, var_output); 3411 } 3412 else 3413 { 3414 ret = kIOReturnUnderrun; 3415 } 3416 } 3417 3418 if (inputMD) 3419 inputMD->release(); 3420 if (structureVariableOutputData) 3421 structureVariableOutputData->release(); 3422 3423 return (ret); 3424 } 3425 3426 /* Routine io_user_client_method */ 3427 kern_return_t is_io_connect_method 3428 ( 3429 io_connect_t connection, 3430 uint32_t selector, 3431 io_scalar_inband64_t scalar_input, 3432 mach_msg_type_number_t scalar_inputCnt, 3433 io_struct_inband_t inband_input, 3434 mach_msg_type_number_t inband_inputCnt, 3435 mach_vm_address_t ool_input, 3436 mach_vm_size_t ool_input_size, 3437 io_struct_inband_t inband_output, 3438 mach_msg_type_number_t *inband_outputCnt, 3439 io_scalar_inband64_t scalar_output, 3440 mach_msg_type_number_t *scalar_outputCnt, 3441 mach_vm_address_t ool_output, 3442 mach_vm_size_t *ool_output_size 3443 ) 3444 { 3445 CHECK( IOUserClient, connection, client ); 3446 3447 IOExternalMethodArguments args; 3448 IOReturn ret; 3449 IOMemoryDescriptor * inputMD = 0; 3450 IOMemoryDescriptor * outputMD = 0; 3451 3452 bzero(&args.__reserved[0], sizeof(args.__reserved)); 3453 args.version = kIOExternalMethodArgumentsCurrentVersion; 3454 3455 args.selector = selector; 3456 3457 args.asyncWakePort = MACH_PORT_NULL; 3458 args.asyncReference = 0; 3459 args.asyncReferenceCount = 0; 3460 args.structureVariableOutputData = 0; 3461 3462 args.scalarInput = scalar_input; 3463 args.scalarInputCount = scalar_inputCnt; 3464 args.structureInput = inband_input; 3465 args.structureInputSize = inband_inputCnt; 3466 3467 if (ool_input) 3468 inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size, 3469 kIODirectionOut, current_task()); 3470 3471 args.structureInputDescriptor = inputMD; 3472 3473 args.scalarOutput = scalar_output; 3474 args.scalarOutputCount = *scalar_outputCnt; 3475 bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0])); 3476 args.structureOutput = inband_output; 3477 args.structureOutputSize = *inband_outputCnt; 3478 3479 if (ool_output && ool_output_size) 3480 { 3481 outputMD = IOMemoryDescriptor::withAddressRange(ool_output, *ool_output_size, 3482 kIODirectionIn, current_task()); 3483 } 3484 3485 args.structureOutputDescriptor = outputMD; 3486 args.structureOutputDescriptorSize = ool_output_size ? *ool_output_size : 0; 3487 3488 IOStatisticsClientCall(); 3489 ret = client->externalMethod( selector, &args ); 3490 3491 *scalar_outputCnt = args.scalarOutputCount; 3492 *inband_outputCnt = args.structureOutputSize; 3493 *ool_output_size = args.structureOutputDescriptorSize; 3494 3495 if (inputMD) 3496 inputMD->release(); 3497 if (outputMD) 3498 outputMD->release(); 3499 3500 return (ret); 3501 } 3502 3503 /* Routine io_async_user_client_method */ 3504 kern_return_t is_io_connect_async_method 3505 ( 3506 io_connect_t connection, 3507 mach_port_t wake_port, 3508 io_async_ref64_t reference, 3509 mach_msg_type_number_t referenceCnt, 3510 uint32_t selector, 3511 io_scalar_inband64_t scalar_input, 3512 mach_msg_type_number_t scalar_inputCnt, 3513 io_struct_inband_t inband_input, 3514 mach_msg_type_number_t inband_inputCnt, 3515 mach_vm_address_t ool_input, 3516 mach_vm_size_t ool_input_size, 3517 io_struct_inband_t inband_output, 3518 mach_msg_type_number_t *inband_outputCnt, 3519 io_scalar_inband64_t scalar_output, 3520 mach_msg_type_number_t *scalar_outputCnt, 3521 mach_vm_address_t ool_output, 3522 mach_vm_size_t * ool_output_size 3523 ) 3524 { 3525 CHECK( IOUserClient, connection, client ); 3526 3527 IOExternalMethodArguments args; 3528 IOReturn ret; 3529 IOMemoryDescriptor * inputMD = 0; 3530 IOMemoryDescriptor * outputMD = 0; 3531 3532 bzero(&args.__reserved[0], sizeof(args.__reserved)); 3533 args.version = kIOExternalMethodArgumentsCurrentVersion; 3534 3535 reference[0] = (io_user_reference_t) wake_port; 3536 if (vm_map_is_64bit(get_task_map(current_task()))) 3537 reference[0] |= kIOUCAsync64Flag; 3538 3539 args.selector = selector; 3540 3541 args.asyncWakePort = wake_port; 3542 args.asyncReference = reference; 3543 args.asyncReferenceCount = referenceCnt; 3544 3545 args.scalarInput = scalar_input; 3546 args.scalarInputCount = scalar_inputCnt; 3547 args.structureInput = inband_input; 3548 args.structureInputSize = inband_inputCnt; 3549 3550 if (ool_input) 3551 inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size, 3552 kIODirectionOut, current_task()); 3553 3554 args.structureInputDescriptor = inputMD; 3555 3556 args.scalarOutput = scalar_output; 3557 args.scalarOutputCount = *scalar_outputCnt; 3558 bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0])); 3559 args.structureOutput = inband_output; 3560 args.structureOutputSize = *inband_outputCnt; 3561 3562 if (ool_output) 3563 { 3564 outputMD = IOMemoryDescriptor::withAddressRange(ool_output, *ool_output_size, 3565 kIODirectionIn, current_task()); 3566 } 3567 3568 args.structureOutputDescriptor = outputMD; 3569 args.structureOutputDescriptorSize = *ool_output_size; 3570 3571 IOStatisticsClientCall(); 3572 ret = client->externalMethod( selector, &args ); 3573 3574 *inband_outputCnt = args.structureOutputSize; 3575 *ool_output_size = args.structureOutputDescriptorSize; 3576 3577 if (inputMD) 3578 inputMD->release(); 3579 if (outputMD) 3580 outputMD->release(); 3581 3582 return (ret); 3583 } 3584 3585 /* Routine io_connect_method_scalarI_scalarO */ 3586 kern_return_t is_io_connect_method_scalarI_scalarO( 3587 io_object_t connect, 3588 uint32_t index, 3589 io_scalar_inband_t input, 3590 mach_msg_type_number_t inputCount, 3591 io_scalar_inband_t output, 3592 mach_msg_type_number_t * outputCount ) 3593 { 3594 IOReturn err; 3595 uint32_t i; 3596 io_scalar_inband64_t _input; 3597 io_scalar_inband64_t _output; 3598 3599 mach_msg_type_number_t struct_outputCnt = 0; 3600 mach_vm_size_t ool_output_size = 0; 3601 3602 bzero(&_output[0], sizeof(_output)); 3603 for (i = 0; i < inputCount; i++) 3604 _input[i] = SCALAR64(input[i]); 3605 3606 err = is_io_connect_method(connect, index, 3607 _input, inputCount, 3608 NULL, 0, 3609 0, 0, 3610 NULL, &struct_outputCnt, 3611 _output, outputCount, 3612 0, &ool_output_size); 3613 3614 for (i = 0; i < *outputCount; i++) 3615 output[i] = SCALAR32(_output[i]); 3616 3617 return (err); 3618 } 3619 3620 kern_return_t shim_io_connect_method_scalarI_scalarO( 3621 IOExternalMethod * method, 3622 IOService * object, 3623 const io_user_scalar_t * input, 3624 mach_msg_type_number_t inputCount, 3625 io_user_scalar_t * output, 3626 mach_msg_type_number_t * outputCount ) 3627 { 3628 IOMethod func; 3629 io_scalar_inband_t _output; 3630 IOReturn err; 3631 err = kIOReturnBadArgument; 3632 3633 bzero(&_output[0], sizeof(_output)); 3634 do { 3635 3636 if( inputCount != method->count0) 3637 { 3638 IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName()); 3639 continue; 3640 } 3641 if( *outputCount != method->count1) 3642 { 3643 IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName()); 3644 continue; 3645 } 3646 3647 func = method->func; 3648 3649 switch( inputCount) { 3650 3651 case 6: 3652 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 3653 ARG32(input[3]), ARG32(input[4]), ARG32(input[5]) ); 3654 break; 3655 case 5: 3656 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 3657 ARG32(input[3]), ARG32(input[4]), 3658 &_output[0] ); 3659 break; 3660 case 4: 3661 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 3662 ARG32(input[3]), 3663 &_output[0], &_output[1] ); 3664 break; 3665 case 3: 3666 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 3667 &_output[0], &_output[1], &_output[2] ); 3668 break; 3669 case 2: 3670 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), 3671 &_output[0], &_output[1], &_output[2], 3672 &_output[3] ); 3673 break; 3674 case 1: 3675 err = (object->*func)( ARG32(input[0]), 3676 &_output[0], &_output[1], &_output[2], 3677 &_output[3], &_output[4] ); 3678 break; 3679 case 0: 3680 err = (object->*func)( &_output[0], &_output[1], &_output[2], 3681 &_output[3], &_output[4], &_output[5] ); 3682 break; 3683 3684 default: 3685 IOLog("%s: Bad method table\n", object->getName()); 3686 } 3687 } 3688 while( false); 3689 3690 uint32_t i; 3691 for (i = 0; i < *outputCount; i++) 3692 output[i] = SCALAR32(_output[i]); 3693 3694 return( err); 3695 } 3696 3697 /* Routine io_async_method_scalarI_scalarO */ 3698 kern_return_t is_io_async_method_scalarI_scalarO( 3699 io_object_t connect, 3700 mach_port_t wake_port, 3701 io_async_ref_t reference, 3702 mach_msg_type_number_t referenceCnt, 3703 uint32_t index, 3704 io_scalar_inband_t input, 3705 mach_msg_type_number_t inputCount, 3706 io_scalar_inband_t output, 3707 mach_msg_type_number_t * outputCount ) 3708 { 3709 IOReturn err; 3710 uint32_t i; 3711 io_scalar_inband64_t _input; 3712 io_scalar_inband64_t _output; 3713 io_async_ref64_t _reference; 3714 3715 bzero(&_output[0], sizeof(_output)); 3716 for (i = 0; i < referenceCnt; i++) 3717 _reference[i] = REF64(reference[i]); 3718 3719 mach_msg_type_number_t struct_outputCnt = 0; 3720 mach_vm_size_t ool_output_size = 0; 3721 3722 for (i = 0; i < inputCount; i++) 3723 _input[i] = SCALAR64(input[i]); 3724 3725 err = is_io_connect_async_method(connect, 3726 wake_port, _reference, referenceCnt, 3727 index, 3728 _input, inputCount, 3729 NULL, 0, 3730 0, 0, 3731 NULL, &struct_outputCnt, 3732 _output, outputCount, 3733 0, &ool_output_size); 3734 3735 for (i = 0; i < *outputCount; i++) 3736 output[i] = SCALAR32(_output[i]); 3737 3738 return (err); 3739 } 3740 /* Routine io_async_method_scalarI_structureO */ 3741 kern_return_t is_io_async_method_scalarI_structureO( 3742 io_object_t connect, 3743 mach_port_t wake_port, 3744 io_async_ref_t reference, 3745 mach_msg_type_number_t referenceCnt, 3746 uint32_t index, 3747 io_scalar_inband_t input, 3748 mach_msg_type_number_t inputCount, 3749 io_struct_inband_t output, 3750 mach_msg_type_number_t * outputCount ) 3751 { 3752 uint32_t i; 3753 io_scalar_inband64_t _input; 3754 io_async_ref64_t _reference; 3755 3756 for (i = 0; i < referenceCnt; i++) 3757 _reference[i] = REF64(reference[i]); 3758 3759 mach_msg_type_number_t scalar_outputCnt = 0; 3760 mach_vm_size_t ool_output_size = 0; 3761 3762 for (i = 0; i < inputCount; i++) 3763 _input[i] = SCALAR64(input[i]); 3764 3765 return (is_io_connect_async_method(connect, 3766 wake_port, _reference, referenceCnt, 3767 index, 3768 _input, inputCount, 3769 NULL, 0, 3770 0, 0, 3771 output, outputCount, 3772 NULL, &scalar_outputCnt, 3773 0, &ool_output_size)); 3774 } 3775 3776 /* Routine io_async_method_scalarI_structureI */ 3777 kern_return_t is_io_async_method_scalarI_structureI( 3778 io_connect_t connect, 3779 mach_port_t wake_port, 3780 io_async_ref_t reference, 3781 mach_msg_type_number_t referenceCnt, 3782 uint32_t index, 3783 io_scalar_inband_t input, 3784 mach_msg_type_number_t inputCount, 3785 io_struct_inband_t inputStruct, 3786 mach_msg_type_number_t inputStructCount ) 3787 { 3788 uint32_t i; 3789 io_scalar_inband64_t _input; 3790 io_async_ref64_t _reference; 3791 3792 for (i = 0; i < referenceCnt; i++) 3793 _reference[i] = REF64(reference[i]); 3794 3795 mach_msg_type_number_t scalar_outputCnt = 0; 3796 mach_msg_type_number_t inband_outputCnt = 0; 3797 mach_vm_size_t ool_output_size = 0; 3798 3799 for (i = 0; i < inputCount; i++) 3800 _input[i] = SCALAR64(input[i]); 3801 3802 return (is_io_connect_async_method(connect, 3803 wake_port, _reference, referenceCnt, 3804 index, 3805 _input, inputCount, 3806 inputStruct, inputStructCount, 3807 0, 0, 3808 NULL, &inband_outputCnt, 3809 NULL, &scalar_outputCnt, 3810 0, &ool_output_size)); 3811 } 3812 3813 /* Routine io_async_method_structureI_structureO */ 3814 kern_return_t is_io_async_method_structureI_structureO( 3815 io_object_t connect, 3816 mach_port_t wake_port, 3817 io_async_ref_t reference, 3818 mach_msg_type_number_t referenceCnt, 3819 uint32_t index, 3820 io_struct_inband_t input, 3821 mach_msg_type_number_t inputCount, 3822 io_struct_inband_t output, 3823 mach_msg_type_number_t * outputCount ) 3824 { 3825 uint32_t i; 3826 mach_msg_type_number_t scalar_outputCnt = 0; 3827 mach_vm_size_t ool_output_size = 0; 3828 io_async_ref64_t _reference; 3829 3830 for (i = 0; i < referenceCnt; i++) 3831 _reference[i] = REF64(reference[i]); 3832 3833 return (is_io_connect_async_method(connect, 3834 wake_port, _reference, referenceCnt, 3835 index, 3836 NULL, 0, 3837 input, inputCount, 3838 0, 0, 3839 output, outputCount, 3840 NULL, &scalar_outputCnt, 3841 0, &ool_output_size)); 3842 } 3843 3844 3845 kern_return_t shim_io_async_method_scalarI_scalarO( 3846 IOExternalAsyncMethod * method, 3847 IOService * object, 3848 mach_port_t asyncWakePort, 3849 io_user_reference_t * asyncReference, 3850 uint32_t asyncReferenceCount, 3851 const io_user_scalar_t * input, 3852 mach_msg_type_number_t inputCount, 3853 io_user_scalar_t * output, 3854 mach_msg_type_number_t * outputCount ) 3855 { 3856 IOAsyncMethod func; 3857 uint32_t i; 3858 io_scalar_inband_t _output; 3859 IOReturn err; 3860 io_async_ref_t reference; 3861 3862 bzero(&_output[0], sizeof(_output)); 3863 for (i = 0; i < asyncReferenceCount; i++) 3864 reference[i] = REF32(asyncReference[i]); 3865 3866 err = kIOReturnBadArgument; 3867 3868 do { 3869 3870 if( inputCount != method->count0) 3871 { 3872 IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName()); 3873 continue; 3874 } 3875 if( *outputCount != method->count1) 3876 { 3877 IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName()); 3878 continue; 3879 } 3880 3881 func = method->func; 3882 3883 switch( inputCount) { 3884 3885 case 6: 3886 err = (object->*func)( reference, 3887 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 3888 ARG32(input[3]), ARG32(input[4]), ARG32(input[5]) ); 3889 break; 3890 case 5: 3891 err = (object->*func)( reference, 3892 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 3893 ARG32(input[3]), ARG32(input[4]), 3894 &_output[0] ); 3895 break; 3896 case 4: 3897 err = (object->*func)( reference, 3898 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 3899 ARG32(input[3]), 3900 &_output[0], &_output[1] ); 3901 break; 3902 case 3: 3903 err = (object->*func)( reference, 3904 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 3905 &_output[0], &_output[1], &_output[2] ); 3906 break; 3907 case 2: 3908 err = (object->*func)( reference, 3909 ARG32(input[0]), ARG32(input[1]), 3910 &_output[0], &_output[1], &_output[2], 3911 &_output[3] ); 3912 break; 3913 case 1: 3914 err = (object->*func)( reference, 3915 ARG32(input[0]), 3916 &_output[0], &_output[1], &_output[2], 3917 &_output[3], &_output[4] ); 3918 break; 3919 case 0: 3920 err = (object->*func)( reference, 3921 &_output[0], &_output[1], &_output[2], 3922 &_output[3], &_output[4], &_output[5] ); 3923 break; 3924 3925 default: 3926 IOLog("%s: Bad method table\n", object->getName()); 3927 } 3928 } 3929 while( false); 3930 3931 for (i = 0; i < *outputCount; i++) 3932 output[i] = SCALAR32(_output[i]); 3933 3934 return( err); 3935 } 3936 3937 3938 /* Routine io_connect_method_scalarI_structureO */ 3939 kern_return_t is_io_connect_method_scalarI_structureO( 3940 io_object_t connect, 3941 uint32_t index, 3942 io_scalar_inband_t input, 3943 mach_msg_type_number_t inputCount, 3944 io_struct_inband_t output, 3945 mach_msg_type_number_t * outputCount ) 3946 { 3947 uint32_t i; 3948 io_scalar_inband64_t _input; 3949 3950 mach_msg_type_number_t scalar_outputCnt = 0; 3951 mach_vm_size_t ool_output_size = 0; 3952 3953 for (i = 0; i < inputCount; i++) 3954 _input[i] = SCALAR64(input[i]); 3955 3956 return (is_io_connect_method(connect, index, 3957 _input, inputCount, 3958 NULL, 0, 3959 0, 0, 3960 output, outputCount, 3961 NULL, &scalar_outputCnt, 3962 0, &ool_output_size)); 3963 } 3964 3965 kern_return_t shim_io_connect_method_scalarI_structureO( 3966 3967 IOExternalMethod * method, 3968 IOService * object, 3969 const io_user_scalar_t * input, 3970 mach_msg_type_number_t inputCount, 3971 io_struct_inband_t output, 3972 IOByteCount * outputCount ) 3973 { 3974 IOMethod func; 3975 IOReturn err; 3976 3977 err = kIOReturnBadArgument; 3978 3979 do { 3980 if( inputCount != method->count0) 3981 { 3982 IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName()); 3983 continue; 3984 } 3985 if( (kIOUCVariableStructureSize != method->count1) 3986 && (*outputCount != method->count1)) 3987 { 3988 IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName()); 3989 continue; 3990 } 3991 3992 func = method->func; 3993 3994 switch( inputCount) { 3995 3996 case 5: 3997 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 3998 ARG32(input[3]), ARG32(input[4]), 3999 output ); 4000 break; 4001 case 4: 4002 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4003 ARG32(input[3]), 4004 output, (void *)outputCount ); 4005 break; 4006 case 3: 4007 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4008 output, (void *)outputCount, 0 ); 4009 break; 4010 case 2: 4011 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), 4012 output, (void *)outputCount, 0, 0 ); 4013 break; 4014 case 1: 4015 err = (object->*func)( ARG32(input[0]), 4016 output, (void *)outputCount, 0, 0, 0 ); 4017 break; 4018 case 0: 4019 err = (object->*func)( output, (void *)outputCount, 0, 0, 0, 0 ); 4020 break; 4021 4022 default: 4023 IOLog("%s: Bad method table\n", object->getName()); 4024 } 4025 } 4026 while( false); 4027 4028 return( err); 4029 } 4030 4031 4032 kern_return_t shim_io_async_method_scalarI_structureO( 4033 IOExternalAsyncMethod * method, 4034 IOService * object, 4035 mach_port_t asyncWakePort, 4036 io_user_reference_t * asyncReference, 4037 uint32_t asyncReferenceCount, 4038 const io_user_scalar_t * input, 4039 mach_msg_type_number_t inputCount, 4040 io_struct_inband_t output, 4041 mach_msg_type_number_t * outputCount ) 4042 { 4043 IOAsyncMethod func; 4044 uint32_t i; 4045 IOReturn err; 4046 io_async_ref_t reference; 4047 4048 for (i = 0; i < asyncReferenceCount; i++) 4049 reference[i] = REF32(asyncReference[i]); 4050 4051 err = kIOReturnBadArgument; 4052 do { 4053 if( inputCount != method->count0) 4054 { 4055 IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName()); 4056 continue; 4057 } 4058 if( (kIOUCVariableStructureSize != method->count1) 4059 && (*outputCount != method->count1)) 4060 { 4061 IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName()); 4062 continue; 4063 } 4064 4065 func = method->func; 4066 4067 switch( inputCount) { 4068 4069 case 5: 4070 err = (object->*func)( reference, 4071 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4072 ARG32(input[3]), ARG32(input[4]), 4073 output ); 4074 break; 4075 case 4: 4076 err = (object->*func)( reference, 4077 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4078 ARG32(input[3]), 4079 output, (void *)outputCount ); 4080 break; 4081 case 3: 4082 err = (object->*func)( reference, 4083 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4084 output, (void *)outputCount, 0 ); 4085 break; 4086 case 2: 4087 err = (object->*func)( reference, 4088 ARG32(input[0]), ARG32(input[1]), 4089 output, (void *)outputCount, 0, 0 ); 4090 break; 4091 case 1: 4092 err = (object->*func)( reference, 4093 ARG32(input[0]), 4094 output, (void *)outputCount, 0, 0, 0 ); 4095 break; 4096 case 0: 4097 err = (object->*func)( reference, 4098 output, (void *)outputCount, 0, 0, 0, 0 ); 4099 break; 4100 4101 default: 4102 IOLog("%s: Bad method table\n", object->getName()); 4103 } 4104 } 4105 while( false); 4106 4107 return( err); 4108 } 4109 4110 /* Routine io_connect_method_scalarI_structureI */ 4111 kern_return_t is_io_connect_method_scalarI_structureI( 4112 io_connect_t connect, 4113 uint32_t index, 4114 io_scalar_inband_t input, 4115 mach_msg_type_number_t inputCount, 4116 io_struct_inband_t inputStruct, 4117 mach_msg_type_number_t inputStructCount ) 4118 { 4119 uint32_t i; 4120 io_scalar_inband64_t _input; 4121 4122 mach_msg_type_number_t scalar_outputCnt = 0; 4123 mach_msg_type_number_t inband_outputCnt = 0; 4124 mach_vm_size_t ool_output_size = 0; 4125 4126 for (i = 0; i < inputCount; i++) 4127 _input[i] = SCALAR64(input[i]); 4128 4129 return (is_io_connect_method(connect, index, 4130 _input, inputCount, 4131 inputStruct, inputStructCount, 4132 0, 0, 4133 NULL, &inband_outputCnt, 4134 NULL, &scalar_outputCnt, 4135 0, &ool_output_size)); 4136 } 4137 4138 kern_return_t shim_io_connect_method_scalarI_structureI( 4139 IOExternalMethod * method, 4140 IOService * object, 4141 const io_user_scalar_t * input, 4142 mach_msg_type_number_t inputCount, 4143 io_struct_inband_t inputStruct, 4144 mach_msg_type_number_t inputStructCount ) 4145 { 4146 IOMethod func; 4147 IOReturn err = kIOReturnBadArgument; 4148 4149 do 4150 { 4151 if( (kIOUCVariableStructureSize != method->count0) 4152 && (inputCount != method->count0)) 4153 { 4154 IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName()); 4155 continue; 4156 } 4157 if( (kIOUCVariableStructureSize != method->count1) 4158 && (inputStructCount != method->count1)) 4159 { 4160 IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName()); 4161 continue; 4162 } 4163 4164 func = method->func; 4165 4166 switch( inputCount) { 4167 4168 case 5: 4169 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4170 ARG32(input[3]), ARG32(input[4]), 4171 inputStruct ); 4172 break; 4173 case 4: 4174 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), (void *) input[2], 4175 ARG32(input[3]), 4176 inputStruct, (void *)(uintptr_t)inputStructCount ); 4177 break; 4178 case 3: 4179 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4180 inputStruct, (void *)(uintptr_t)inputStructCount, 4181 0 ); 4182 break; 4183 case 2: 4184 err = (object->*func)( ARG32(input[0]), ARG32(input[1]), 4185 inputStruct, (void *)(uintptr_t)inputStructCount, 4186 0, 0 ); 4187 break; 4188 case 1: 4189 err = (object->*func)( ARG32(input[0]), 4190 inputStruct, (void *)(uintptr_t)inputStructCount, 4191 0, 0, 0 ); 4192 break; 4193 case 0: 4194 err = (object->*func)( inputStruct, (void *)(uintptr_t)inputStructCount, 4195 0, 0, 0, 0 ); 4196 break; 4197 4198 default: 4199 IOLog("%s: Bad method table\n", object->getName()); 4200 } 4201 } 4202 while (false); 4203 4204 return( err); 4205 } 4206 4207 kern_return_t shim_io_async_method_scalarI_structureI( 4208 IOExternalAsyncMethod * method, 4209 IOService * object, 4210 mach_port_t asyncWakePort, 4211 io_user_reference_t * asyncReference, 4212 uint32_t asyncReferenceCount, 4213 const io_user_scalar_t * input, 4214 mach_msg_type_number_t inputCount, 4215 io_struct_inband_t inputStruct, 4216 mach_msg_type_number_t inputStructCount ) 4217 { 4218 IOAsyncMethod func; 4219 uint32_t i; 4220 IOReturn err = kIOReturnBadArgument; 4221 io_async_ref_t reference; 4222 4223 for (i = 0; i < asyncReferenceCount; i++) 4224 reference[i] = REF32(asyncReference[i]); 4225 4226 do 4227 { 4228 if( (kIOUCVariableStructureSize != method->count0) 4229 && (inputCount != method->count0)) 4230 { 4231 IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName()); 4232 continue; 4233 } 4234 if( (kIOUCVariableStructureSize != method->count1) 4235 && (inputStructCount != method->count1)) 4236 { 4237 IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName()); 4238 continue; 4239 } 4240 4241 func = method->func; 4242 4243 switch( inputCount) { 4244 4245 case 5: 4246 err = (object->*func)( reference, 4247 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4248 ARG32(input[3]), ARG32(input[4]), 4249 inputStruct ); 4250 break; 4251 case 4: 4252 err = (object->*func)( reference, 4253 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4254 ARG32(input[3]), 4255 inputStruct, (void *)(uintptr_t)inputStructCount ); 4256 break; 4257 case 3: 4258 err = (object->*func)( reference, 4259 ARG32(input[0]), ARG32(input[1]), ARG32(input[2]), 4260 inputStruct, (void *)(uintptr_t)inputStructCount, 4261 0 ); 4262 break; 4263 case 2: 4264 err = (object->*func)( reference, 4265 ARG32(input[0]), ARG32(input[1]), 4266 inputStruct, (void *)(uintptr_t)inputStructCount, 4267 0, 0 ); 4268 break; 4269 case 1: 4270 err = (object->*func)( reference, 4271 ARG32(input[0]), 4272 inputStruct, (void *)(uintptr_t)inputStructCount, 4273 0, 0, 0 ); 4274 break; 4275 case 0: 4276 err = (object->*func)( reference, 4277 inputStruct, (void *)(uintptr_t)inputStructCount, 4278 0, 0, 0, 0 ); 4279 break; 4280 4281 default: 4282 IOLog("%s: Bad method table\n", object->getName()); 4283 } 4284 } 4285 while (false); 4286 4287 return( err); 4288 } 4289 4290 /* Routine io_connect_method_structureI_structureO */ 4291 kern_return_t is_io_connect_method_structureI_structureO( 4292 io_object_t connect, 4293 uint32_t index, 4294 io_struct_inband_t input, 4295 mach_msg_type_number_t inputCount, 4296 io_struct_inband_t output, 4297 mach_msg_type_number_t * outputCount ) 4298 { 4299 mach_msg_type_number_t scalar_outputCnt = 0; 4300 mach_vm_size_t ool_output_size = 0; 4301 4302 return (is_io_connect_method(connect, index, 4303 NULL, 0, 4304 input, inputCount, 4305 0, 0, 4306 output, outputCount, 4307 NULL, &scalar_outputCnt, 4308 0, &ool_output_size)); 4309 } 4310 4311 kern_return_t shim_io_connect_method_structureI_structureO( 4312 IOExternalMethod * method, 4313 IOService * object, 4314 io_struct_inband_t input, 4315 mach_msg_type_number_t inputCount, 4316 io_struct_inband_t output, 4317 IOByteCount * outputCount ) 4318 { 4319 IOMethod func; 4320 IOReturn err = kIOReturnBadArgument; 4321 4322 do 4323 { 4324 if( (kIOUCVariableStructureSize != method->count0) 4325 && (inputCount != method->count0)) 4326 { 4327 IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName()); 4328 continue; 4329 } 4330 if( (kIOUCVariableStructureSize != method->count1) 4331 && (*outputCount != method->count1)) 4332 { 4333 IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName()); 4334 continue; 4335 } 4336 4337 func = method->func; 4338 4339 if( method->count1) { 4340 if( method->count0) { 4341 err = (object->*func)( input, output, 4342 (void *)(uintptr_t)inputCount, outputCount, 0, 0 ); 4343 } else { 4344 err = (object->*func)( output, outputCount, 0, 0, 0, 0 ); 4345 } 4346 } else { 4347 err = (object->*func)( input, (void *)(uintptr_t)inputCount, 0, 0, 0, 0 ); 4348 } 4349 } 4350 while( false); 4351 4352 4353 return( err); 4354 } 4355 4356 kern_return_t shim_io_async_method_structureI_structureO( 4357 IOExternalAsyncMethod * method, 4358 IOService * object, 4359 mach_port_t asyncWakePort, 4360 io_user_reference_t * asyncReference, 4361 uint32_t asyncReferenceCount, 4362 io_struct_inband_t input, 4363 mach_msg_type_number_t inputCount, 4364 io_struct_inband_t output, 4365 mach_msg_type_number_t * outputCount ) 4366 { 4367 IOAsyncMethod func; 4368 uint32_t i; 4369 IOReturn err; 4370 io_async_ref_t reference; 4371 4372 for (i = 0; i < asyncReferenceCount; i++) 4373 reference[i] = REF32(asyncReference[i]); 4374 4375 err = kIOReturnBadArgument; 4376 do 4377 { 4378 if( (kIOUCVariableStructureSize != method->count0) 4379 && (inputCount != method->count0)) 4380 { 4381 IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName()); 4382 continue; 4383 } 4384 if( (kIOUCVariableStructureSize != method->count1) 4385 && (*outputCount != method->count1)) 4386 { 4387 IOLog("%s: IOUserClient outputCount count mismatch\n", object->getName()); 4388 continue; 4389 } 4390 4391 func = method->func; 4392 4393 if( method->count1) { 4394 if( method->count0) { 4395 err = (object->*func)( reference, 4396 input, output, 4397 (void *)(uintptr_t)inputCount, outputCount, 0, 0 ); 4398 } else { 4399 err = (object->*func)( reference, 4400 output, outputCount, 0, 0, 0, 0 ); 4401 } 4402 } else { 4403 err = (object->*func)( reference, 4404 input, (void *)(uintptr_t)inputCount, 0, 0, 0, 0 ); 4405 } 4406 } 4407 while( false); 4408 4409 return( err); 4410 } 4411 4412 /* Routine io_catalog_send_data */ 4413 kern_return_t is_io_catalog_send_data( 4414 mach_port_t master_port, 4415 uint32_t flag, 4416 io_buf_ptr_t inData, 4417 mach_msg_type_number_t inDataCount, 4418 kern_return_t * result) 4419 { 4420 OSObject * obj = 0; 4421 vm_offset_t data; 4422 kern_return_t kr = kIOReturnError; 4423 4424 //printf("io_catalog_send_data called. flag: %d\n", flag); 4425 4426 if( master_port != master_device_port) 4427 return kIOReturnNotPrivileged; 4428 4429 if( (flag != kIOCatalogRemoveKernelLinker && 4430 flag != kIOCatalogKextdActive && 4431 flag != kIOCatalogKextdFinishedLaunching) && 4432 ( !inData || !inDataCount) ) 4433 { 4434 return kIOReturnBadArgument; 4435 } 4436 4437 if (inData) { 4438 vm_map_offset_t map_data; 4439 4440 if( inDataCount > sizeof(io_struct_inband_t) * 1024) 4441 return( kIOReturnMessageTooLarge); 4442 4443 kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t)inData); 4444 data = CAST_DOWN(vm_offset_t, map_data); 4445 4446 if( kr != KERN_SUCCESS) 4447 return kr; 4448 4449 // must return success after vm_map_copyout() succeeds 4450 4451 if( inDataCount ) { 4452 obj = (OSObject *)OSUnserializeXML((const char *)data, inDataCount); 4453 vm_deallocate( kernel_map, data, inDataCount ); 4454 if( !obj) { 4455 *result = kIOReturnNoMemory; 4456 return( KERN_SUCCESS); 4457 } 4458 } 4459 } 4460 4461 switch ( flag ) { 4462 case kIOCatalogResetDrivers: 4463 case kIOCatalogResetDriversNoMatch: { 4464 OSArray * array; 4465 4466 array = OSDynamicCast(OSArray, obj); 4467 if (array) { 4468 if ( !gIOCatalogue->resetAndAddDrivers(array, 4469 flag == kIOCatalogResetDrivers) ) { 4470 4471 kr = kIOReturnError; 4472 } 4473 } else { 4474 kr = kIOReturnBadArgument; 4475 } 4476 } 4477 break; 4478 4479 case kIOCatalogAddDrivers: 4480 case kIOCatalogAddDriversNoMatch: { 4481 OSArray * array; 4482 4483 array = OSDynamicCast(OSArray, obj); 4484 if ( array ) { 4485 if ( !gIOCatalogue->addDrivers( array , 4486 flag == kIOCatalogAddDrivers) ) { 4487 kr = kIOReturnError; 4488 } 4489 } 4490 else { 4491 kr = kIOReturnBadArgument; 4492 } 4493 } 4494 break; 4495 4496 case kIOCatalogRemoveDrivers: 4497 case kIOCatalogRemoveDriversNoMatch: { 4498 OSDictionary * dict; 4499 4500 dict = OSDynamicCast(OSDictionary, obj); 4501 if ( dict ) { 4502 if ( !gIOCatalogue->removeDrivers( dict, 4503 flag == kIOCatalogRemoveDrivers ) ) { 4504 kr = kIOReturnError; 4505 } 4506 } 4507 else { 4508 kr = kIOReturnBadArgument; 4509 } 4510 } 4511 break; 4512 4513 case kIOCatalogStartMatching: { 4514 OSDictionary * dict; 4515 4516 dict = OSDynamicCast(OSDictionary, obj); 4517 if ( dict ) { 4518 if ( !gIOCatalogue->startMatching( dict ) ) { 4519 kr = kIOReturnError; 4520 } 4521 } 4522 else { 4523 kr = kIOReturnBadArgument; 4524 } 4525 } 4526 break; 4527 4528 case kIOCatalogRemoveKernelLinker: 4529 kr = KERN_NOT_SUPPORTED; 4530 break; 4531 4532 case kIOCatalogKextdActive: 4533 #if !NO_KEXTD 4534 IOServiceTrace(IOSERVICE_KEXTD_ALIVE, 0, 0, 0, 0); 4535 OSKext::setKextdActive(); 4536 4537 /* Dump all nonloaded startup extensions; kextd will now send them 4538 * down on request. 4539 */ 4540 OSKext::flushNonloadedKexts( /* flushPrelinkedKexts */ false); 4541 #endif 4542 kr = kIOReturnSuccess; 4543 break; 4544 4545 case kIOCatalogKextdFinishedLaunching: { 4546 #if !NO_KEXTD 4547 static bool clearedBusy = false; 4548 4549 if (!clearedBusy) { 4550 IOService * serviceRoot = IOService::getServiceRoot(); 4551 if (serviceRoot) { 4552 IOServiceTrace(IOSERVICE_KEXTD_READY, 0, 0, 0, 0); 4553 serviceRoot->adjustBusy(-1); 4554 clearedBusy = true; 4555 } 4556 } 4557 #endif 4558 kr = kIOReturnSuccess; 4559 } 4560 break; 4561 4562 default: 4563 kr = kIOReturnBadArgument; 4564 break; 4565 } 4566 4567 if (obj) obj->release(); 4568 4569 *result = kr; 4570 return( KERN_SUCCESS); 4571 } 4572 4573 /* Routine io_catalog_terminate */ 4574 kern_return_t is_io_catalog_terminate( 4575 mach_port_t master_port, 4576 uint32_t flag, 4577 io_name_t name ) 4578 { 4579 kern_return_t kr; 4580 4581 if( master_port != master_device_port ) 4582 return kIOReturnNotPrivileged; 4583 4584 kr = IOUserClient::clientHasPrivilege( (void *) current_task(), 4585 kIOClientPrivilegeAdministrator ); 4586 if( kIOReturnSuccess != kr) 4587 return( kr ); 4588 4589 switch ( flag ) { 4590 #if !defined(SECURE_KERNEL) 4591 case kIOCatalogServiceTerminate: 4592 OSIterator * iter; 4593 IOService * service; 4594 4595 iter = IORegistryIterator::iterateOver(gIOServicePlane, 4596 kIORegistryIterateRecursively); 4597 if ( !iter ) 4598 return kIOReturnNoMemory; 4599 4600 do { 4601 iter->reset(); 4602 while( (service = (IOService *)iter->getNextObject()) ) { 4603 if( service->metaCast(name)) { 4604 if ( !service->terminate( kIOServiceRequired 4605 | kIOServiceSynchronous) ) { 4606 kr = kIOReturnUnsupported; 4607 break; 4608 } 4609 } 4610 } 4611 } while( !service && !iter->isValid()); 4612 iter->release(); 4613 break; 4614 4615 case kIOCatalogModuleUnload: 4616 case kIOCatalogModuleTerminate: 4617 kr = gIOCatalogue->terminateDriversForModule(name, 4618 flag == kIOCatalogModuleUnload); 4619 break; 4620 #endif 4621 4622 default: 4623 kr = kIOReturnBadArgument; 4624 break; 4625 } 4626 4627 return( kr ); 4628 } 4629 4630 /* Routine io_catalog_get_data */ 4631 kern_return_t is_io_catalog_get_data( 4632 mach_port_t master_port, 4633 uint32_t flag, 4634 io_buf_ptr_t *outData, 4635 mach_msg_type_number_t *outDataCount) 4636 { 4637 kern_return_t kr = kIOReturnSuccess; 4638 OSSerialize * s; 4639 4640 if( master_port != master_device_port) 4641 return kIOReturnNotPrivileged; 4642 4643 //printf("io_catalog_get_data called. flag: %d\n", flag); 4644 4645 s = OSSerialize::withCapacity(4096); 4646 if ( !s ) 4647 return kIOReturnNoMemory; 4648 4649 kr = gIOCatalogue->serializeData(flag, s); 4650 4651 if ( kr == kIOReturnSuccess ) { 4652 vm_offset_t data; 4653 vm_map_copy_t copy; 4654 vm_size_t size; 4655 4656 size = s->getLength(); 4657 kr = vm_allocate(kernel_map, &data, size, VM_FLAGS_ANYWHERE); 4658 if ( kr == kIOReturnSuccess ) { 4659 bcopy(s->text(), (void *)data, size); 4660 kr = vm_map_copyin(kernel_map, (vm_map_address_t)data, 4661 (vm_map_size_t)size, true, ©); 4662 *outData = (char *)copy; 4663 *outDataCount = size; 4664 } 4665 } 4666 4667 s->release(); 4668 4669 return kr; 4670 } 4671 4672 /* Routine io_catalog_get_gen_count */ 4673 kern_return_t is_io_catalog_get_gen_count( 4674 mach_port_t master_port, 4675 uint32_t *genCount) 4676 { 4677 if( master_port != master_device_port) 4678 return kIOReturnNotPrivileged; 4679 4680 //printf("io_catalog_get_gen_count called.\n"); 4681 4682 if ( !genCount ) 4683 return kIOReturnBadArgument; 4684 4685 *genCount = gIOCatalogue->getGenerationCount(); 4686 4687 return kIOReturnSuccess; 4688 } 4689 4690 /* Routine io_catalog_module_loaded. 4691 * Is invoked from IOKitLib's IOCatalogueModuleLoaded(). Doesn't seem to be used. 4692 */ 4693 kern_return_t is_io_catalog_module_loaded( 4694 mach_port_t master_port, 4695 io_name_t name) 4696 { 4697 if( master_port != master_device_port) 4698 return kIOReturnNotPrivileged; 4699 4700 //printf("io_catalog_module_loaded called. name %s\n", name); 4701 4702 if ( !name ) 4703 return kIOReturnBadArgument; 4704 4705 gIOCatalogue->moduleHasLoaded(name); 4706 4707 return kIOReturnSuccess; 4708 } 4709 4710 kern_return_t is_io_catalog_reset( 4711 mach_port_t master_port, 4712 uint32_t flag) 4713 { 4714 if( master_port != master_device_port) 4715 return kIOReturnNotPrivileged; 4716 4717 switch ( flag ) { 4718 case kIOCatalogResetDefault: 4719 gIOCatalogue->reset(); 4720 break; 4721 4722 default: 4723 return kIOReturnBadArgument; 4724 } 4725 4726 return kIOReturnSuccess; 4727 } 4728 4729 kern_return_t iokit_user_client_trap(struct iokit_user_client_trap_args *args) 4730 { 4731 kern_return_t result = kIOReturnBadArgument; 4732 IOUserClient *userClient; 4733 4734 if ((userClient = OSDynamicCast(IOUserClient, 4735 iokit_lookup_connect_ref_current_task((OSObject *)(args->userClientRef))))) { 4736 IOExternalTrap *trap; 4737 IOService *target = NULL; 4738 4739 trap = userClient->getTargetAndTrapForIndex(&target, args->index); 4740 4741 if (trap && target) { 4742 IOTrap func; 4743 4744 func = trap->func; 4745 4746 if (func) { 4747 result = (target->*func)(args->p1, args->p2, args->p3, args->p4, args->p5, args->p6); 4748 } 4749 } 4750 4751 userClient->release(); 4752 } 4753 4754 return result; 4755 } 4756 4757 } /* extern "C" */ 4758 4759 IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArguments * args, 4760 IOExternalMethodDispatch * dispatch, OSObject * target, void * reference ) 4761 { 4762 IOReturn err; 4763 IOService * object; 4764 IOByteCount structureOutputSize; 4765 4766 if (dispatch) 4767 { 4768 uint32_t count; 4769 count = dispatch->checkScalarInputCount; 4770 if ((kIOUCVariableStructureSize != count) && (count != args->scalarInputCount)) 4771 { 4772 return (kIOReturnBadArgument); 4773 } 4774 4775 count = dispatch->checkStructureInputSize; 4776 if ((kIOUCVariableStructureSize != count) 4777 && (count != ((args->structureInputDescriptor) 4778 ? args->structureInputDescriptor->getLength() : args->structureInputSize))) 4779 { 4780 return (kIOReturnBadArgument); 4781 } 4782 4783 count = dispatch->checkScalarOutputCount; 4784 if ((kIOUCVariableStructureSize != count) && (count != args->scalarOutputCount)) 4785 { 4786 return (kIOReturnBadArgument); 4787 } 4788 4789 count = dispatch->checkStructureOutputSize; 4790 if ((kIOUCVariableStructureSize != count) 4791 && (count != ((args->structureOutputDescriptor) 4792 ? args->structureOutputDescriptor->getLength() : args->structureOutputSize))) 4793 { 4794 return (kIOReturnBadArgument); 4795 } 4796 4797 if (dispatch->function) 4798 err = (*dispatch->function)(target, reference, args); 4799 else 4800 err = kIOReturnNoCompletion; /* implementator can dispatch */ 4801 4802 return (err); 4803 } 4804 4805 4806 // pre-Leopard API's don't do ool structs 4807 if (args->structureInputDescriptor || args->structureOutputDescriptor) 4808 { 4809 err = kIOReturnIPCError; 4810 return (err); 4811 } 4812 4813 structureOutputSize = args->structureOutputSize; 4814 4815 if (args->asyncWakePort) 4816 { 4817 IOExternalAsyncMethod * method; 4818 4819 if( !(method = getAsyncTargetAndMethodForIndex(&object, selector)) ) 4820 return (kIOReturnUnsupported); 4821 4822 if (kIOUCForegroundOnly & method->flags) 4823 { 4824 if (task_is_gpu_denied(current_task())) 4825 return (kIOReturnNotPermitted); 4826 } 4827 4828 switch (method->flags & kIOUCTypeMask) 4829 { 4830 case kIOUCScalarIStructI: 4831 err = shim_io_async_method_scalarI_structureI( method, object, 4832 args->asyncWakePort, args->asyncReference, args->asyncReferenceCount, 4833 args->scalarInput, args->scalarInputCount, 4834 (char *)args->structureInput, args->structureInputSize ); 4835 break; 4836 4837 case kIOUCScalarIScalarO: 4838 err = shim_io_async_method_scalarI_scalarO( method, object, 4839 args->asyncWakePort, args->asyncReference, args->asyncReferenceCount, 4840 args->scalarInput, args->scalarInputCount, 4841 args->scalarOutput, &args->scalarOutputCount ); 4842 break; 4843 4844 case kIOUCScalarIStructO: 4845 err = shim_io_async_method_scalarI_structureO( method, object, 4846 args->asyncWakePort, args->asyncReference, args->asyncReferenceCount, 4847 args->scalarInput, args->scalarInputCount, 4848 (char *) args->structureOutput, &args->structureOutputSize ); 4849 break; 4850 4851 4852 case kIOUCStructIStructO: 4853 err = shim_io_async_method_structureI_structureO( method, object, 4854 args->asyncWakePort, args->asyncReference, args->asyncReferenceCount, 4855 (char *)args->structureInput, args->structureInputSize, 4856 (char *) args->structureOutput, &args->structureOutputSize ); 4857 break; 4858 4859 default: 4860 err = kIOReturnBadArgument; 4861 break; 4862 } 4863 } 4864 else 4865 { 4866 IOExternalMethod * method; 4867 4868 if( !(method = getTargetAndMethodForIndex(&object, selector)) ) 4869 return (kIOReturnUnsupported); 4870 4871 if (kIOUCForegroundOnly & method->flags) 4872 { 4873 if (task_is_gpu_denied(current_task())) 4874 return (kIOReturnNotPermitted); 4875 } 4876 4877 switch (method->flags & kIOUCTypeMask) 4878 { 4879 case kIOUCScalarIStructI: 4880 err = shim_io_connect_method_scalarI_structureI( method, object, 4881 args->scalarInput, args->scalarInputCount, 4882 (char *) args->structureInput, args->structureInputSize ); 4883 break; 4884 4885 case kIOUCScalarIScalarO: 4886 err = shim_io_connect_method_scalarI_scalarO( method, object, 4887 args->scalarInput, args->scalarInputCount, 4888 args->scalarOutput, &args->scalarOutputCount ); 4889 break; 4890 4891 case kIOUCScalarIStructO: 4892 err = shim_io_connect_method_scalarI_structureO( method, object, 4893 args->scalarInput, args->scalarInputCount, 4894 (char *) args->structureOutput, &structureOutputSize ); 4895 break; 4896 4897 4898 case kIOUCStructIStructO: 4899 err = shim_io_connect_method_structureI_structureO( method, object, 4900 (char *) args->structureInput, args->structureInputSize, 4901 (char *) args->structureOutput, &structureOutputSize ); 4902 break; 4903 4904 default: 4905 err = kIOReturnBadArgument; 4906 break; 4907 } 4908 } 4909 4910 args->structureOutputSize = structureOutputSize; 4911 4912 return (err); 4913 } 4914 4915 4916 #if __LP64__ 4917 OSMetaClassDefineReservedUnused(IOUserClient, 0); 4918 OSMetaClassDefineReservedUnused(IOUserClient, 1); 4919 #else 4920 OSMetaClassDefineReservedUsed(IOUserClient, 0); 4921 OSMetaClassDefineReservedUsed(IOUserClient, 1); 4922 #endif 4923 OSMetaClassDefineReservedUnused(IOUserClient, 2); 4924 OSMetaClassDefineReservedUnused(IOUserClient, 3); 4925 OSMetaClassDefineReservedUnused(IOUserClient, 4); 4926 OSMetaClassDefineReservedUnused(IOUserClient, 5); 4927 OSMetaClassDefineReservedUnused(IOUserClient, 6); 4928 OSMetaClassDefineReservedUnused(IOUserClient, 7); 4929 OSMetaClassDefineReservedUnused(IOUserClient, 8); 4930 OSMetaClassDefineReservedUnused(IOUserClient, 9); 4931 OSMetaClassDefineReservedUnused(IOUserClient, 10); 4932 OSMetaClassDefineReservedUnused(IOUserClient, 11); 4933 OSMetaClassDefineReservedUnused(IOUserClient, 12); 4934 OSMetaClassDefineReservedUnused(IOUserClient, 13); 4935 OSMetaClassDefineReservedUnused(IOUserClient, 14); 4936 OSMetaClassDefineReservedUnused(IOUserClient, 15); 4937 4938