Syscalls' user space interface implementation

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Syscalls' user space interface implementation

Postby vega01 » Sun Feb 07, 2016 6:04 pm

Hi,

I was looking into user space side of syscalls interface and when I looked at the source code of mach_port_deallocate I found out I cannot locate implementation of _kernelrpc_mach_port_deallocate which is called inside mach_port_deallocate. I looked in xnu and libc source code. Is source code for this and other functions like _kernelrpc_mach_port_allocate and _kernelrpc_mach_port_destroy available?
vega01
 
Posts: 19
Joined: Mon Sep 28, 2015 4:59 pm

Re: Syscalls' user space interface implementation

Postby morpheus » Sun Feb 07, 2016 10:54 pm

They're right in the XNU sources..

http://newosxbook.com/src.jl?tree=xnu&f ... ocate_trap

But they're mere wrappers over the "standard" ones, which auto-determine the task port from the caller. That's all.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: Syscalls' user space interface implementation

Postby vega01 » Mon Feb 08, 2016 7:36 pm

Thanks for quick answer! However as my question wasn't clear enough, I'm still confused. I can see two functions called mach_port_deallocate: one in xnu/libsyscall/mach/mach_port.c and one in xnu/osfmk/ipc/mach_port.c . The one in libsyscall calls two functions: _kernelrpc_mach_port_deallocate_trap (which is a syscall and I believe you pointed the kernel side handler of it) and the _kernelrpc_mach_port_deallocate which source I cannot find.

Is the source of _kernelrpc_mach_port_deallocate (not _kernelrpc_mach_port_deallocate_trap) available and if so, where could I find it? I know it's called from user space, so it must be implemented also in a code available in user space, but cannot find it.
vega01
 
Posts: 19
Joined: Mon Sep 28, 2015 4:59 pm

Re: Syscalls' user space interface implementation

Postby morpheus » Mon Feb 08, 2016 11:21 pm

Oh. That. That's a mach msg wrapper generated using MIG, which is why you can't see it. Run "mig" over the .defs file (mach_port.defs) and you'll see the user mode side of it (in mach_portUser.c), which is basically crafting a message and sending it.

/* Routine mach_port_deallocate */
mig_external kern_return_t _kernelrpc_mach_port_deallocate
(
ipc_space_t task,
mach_port_name_t name
)
{

#ifdef __MigPackStructs
#pragma pack(4)
#endif
typedef struct {
mach_msg_header_t Head;
NDR_record_t NDR;
mach_port_name_t name;
} Request __attribute__((unused));
#ifdef __MigPackStructs
#pragma pack()
#endif

..

msg_result = mach_msg(&InP->Head, MACH_SEND_MSG|MACH_RCV_MSG|MACH_MSG_OPTION_NONE, (mach_msg_size_t)sizeof(Request), (mach_msg_size_t)sizeof(Reply), InP->Head.msgh_reply_port, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL);
__AfterSendRpc(3206, "mach_port_deallocate")
if (msg_result != MACH_MSG_SUCCESS) {
__MachMsgErrorWithoutTimeout(msg_result);
{ return msg_result; }

...



You can also see the assembly of it in /usr/lib/system/libsystem_kernel:


[quote]__kernelrpc_mach_port_deallocate:
0000000000005d20 pushq %rbp
0000000000005d21 movq %rsp, %rbp
0000000000005d24 pushq %rbx
0000000000005d25 subq $0x38, %rsp
0000000000005d29 leaq _NDR_record(%rip), %rax
0000000000005d30 movq (%rax), %rax
0000000000005d33 movq %rax, -0x20(%rbp)
0000000000005d37 movl %esi, -0x18(%rbp)
0000000000005d3a movl $0x1513, -0x38(%rbp) ## imm = 0x1513
0000000000005d41 movl %edi, -0x30(%rbp)
0000000000005d44 callq _mig_get_reply_port
0000000000005d49 movl %eax, -0x2c(%rbp)
0000000000005d4c movl $0xc86, -0x24(%rbp) ## imm = 0xC86
0000000000005d53 movl $0x0, (%rsp)
0000000000005d5a leaq -0x38(%rbp), %rdi
0000000000005d5e movl $0x3, %esi
0000000000005d63 movl $0x24, %edx
0000000000005d68 movl $0x2c, %ecx
0000000000005d6d xorl %r9d, %r9d
0000000000005d70 movl %eax, %r8d
0000000000005d73 callq _mach_msg
...

ok?
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: Syscalls' user space interface implementation

Postby vega01 » Tue Feb 09, 2016 8:48 pm

Now it's clear! :-) I suspected it might be auto-generated somewhere, but didn't know where to look for. I got to looking for these wrappers from ARM disassembly side. Now I see they are generated by running mach_install_mig.sh .

Thank you for taking time to answer, sharing the knowledge and for the great articles! I hope the new book will be out soon, can't wait!
vega01
 
Posts: 19
Joined: Mon Sep 28, 2015 4:59 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 2 guests