Re: [RFC PATCH 1/3] Add unprivileged processor_name_t type

Samuel Thibault Sun, 22 Mar 2026 13:30:57 -0700

Applied, thanks!


Manolo de Medici, le mer. 18 mars 2026 21:29:10 +0000, a ecrit:
> We don't expect unprivileged users to be able to start and stop
> processors. As such, we need the unprivileged version of the
> processor_t mach type.
> ---
>  include/mach/mach_types.defs | 10 +++++++
>  include/mach/mach_types.h    |  2 ++
>  kern/ipc_host.c              | 56 +++++++++++++++++++++++++++++++++++-
>  kern/ipc_host.h              |  6 ++++
>  kern/ipc_kobject.h           |  5 ++--
>  kern/processor.c             |  1 +
>  kern/processor.h             |  2 ++
>  7 files changed, 79 insertions(+), 3 deletions(-)
> 
> diff --git a/include/mach/mach_types.defs b/include/mach/mach_types.defs
> index 74196018..466bf17f 100644
> --- a/include/mach/mach_types.defs
> +++ b/include/mach/mach_types.defs
> @@ -231,6 +231,16 @@ type processor_t = mach_port_t
>  type processor_array_t               = ^array[] of processor_t;
>  type processor_info_t                = array[*:1024] of integer_t;
>  
> +type processor_name_t = mach_port_t
> +                ctype: mach_port_t
> +#if     KERNEL_SERVER
> +                intran: processor_t 
> convert_port_to_processor_name(mach_port_t)
> +                outtran: mach_port_t 
> convert_processor_name_to_port(processor_t)
> +#endif  /* KERNEL_SERVER */
> +                ;
> +
> +type processor_name_array_t          = ^array[] of processor_name_t;
> +
>  type processor_set_t = mach_port_t
>               ctype: mach_port_t
>  #if  KERNEL_SERVER
> diff --git a/include/mach/mach_types.h b/include/mach/mach_types.h
> index 5ecd686a..9e6f88ac 100644
> --- a/include/mach/mach_types.h
> +++ b/include/mach/mach_types.h
> @@ -73,7 +73,9 @@ typedef     thread_t        *thread_array_t;
>  typedef mach_port_t  host_t;
>  typedef mach_port_t  host_priv_t;
>  typedef mach_port_t  processor_t;
> +typedef mach_port_t  processor_name_t;
>  typedef mach_port_t  *processor_array_t;
> +typedef mach_port_t  *processor_name_array_t;
>  typedef mach_port_t  processor_set_t;
>  typedef mach_port_t  processor_set_name_t;
>  typedef mach_port_t  *processor_set_array_t;
> diff --git a/kern/ipc_host.c b/kern/ipc_host.c
> index d033b2ec..3c71af78 100644
> --- a/kern/ipc_host.c
> +++ b/kern/ipc_host.c
> @@ -109,7 +109,7 @@ mach_host_self(void)
>  /*
>   *   ipc_processor_init:
>   *
> - *   Initialize ipc access to processor by allocating port.
> + *   Initialize ipc access to processor by allocating the ports.
>   *   Enable ipc control of processor by setting port object.
>   */
>  
> @@ -124,6 +124,12 @@ ipc_processor_init(
>               panic("ipc_processor_init");
>       processor->processor_self = port;
>       ipc_kobject_set(port, (ipc_kobject_t) processor, IKOT_PROCESSOR);
> +
> +        port = ipc_port_alloc_kernel();
> +        if (port == IP_NULL)
> +                panic("ipc_processor_init");
> +        processor->processor_name_self = port;
> +        ipc_kobject_set(port, (ipc_kobject_t) processor, 
> IKOT_PROCESSOR_NAME);
>  }
>  
>  
> @@ -299,6 +305,35 @@ convert_port_to_processor(
>       return processor;
>  }
>  
> +/*
> + *      Routine:        convert_port_to_processor_name
> + *      Purpose:
> + *              Convert from a port to a processor.
> + *              Doesn't consume the port ref;
> + *              the processor produced may be null.
> + *      Conditions:
> + *              Nothing locked.
> + */
> +
> +processor_t
> +convert_port_to_processor_name(
> +     ipc_port_t      port)
> +{
> +     processor_t processor = PROCESSOR_NULL;
> +
> +     if (likely(IP_VALID(port))) {
> +             ip_lock(port);
> +             if (ip_active(port) &&
> +                 ((ip_kotype(port) == IKOT_PROCESSOR) ||
> +                  (ip_kotype(port) == IKOT_PROCESSOR_NAME))) {
> +                     processor = (processor_t) port->ip_kobject;
> +             }
> +             ip_unlock(port);
> +     }
> +
> +     return processor;
> +}
> +
>  /*
>   *   Routine:        convert_port_to_pset
>   *   Purpose:
> @@ -397,6 +432,25 @@ convert_processor_to_port(processor_t processor)
>       return port;
>  }
>  
> +/*
> + *      Routine:        convert_processor_name_to_port
> + *      Purpose:
> + *              Convert from a processor to a port.
> + *              Produces a naked send right which is always valid.
> + *      Conditions:
> + *              Nothing locked.
> + */
> +
> +ipc_port_t
> +convert_processor_name_to_port(processor_t processor)
> +{
> +        ipc_port_t port;
> +
> +        port = ipc_port_make_send(processor->processor_name_self);
> +
> +        return port;
> +}
> +
>  /*
>   *   Routine:        convert_pset_to_port
>   *   Purpose:
> diff --git a/kern/ipc_host.h b/kern/ipc_host.h
> index cd2ffaa2..ffaa85d9 100644
> --- a/kern/ipc_host.h
> +++ b/kern/ipc_host.h
> @@ -54,9 +54,15 @@ convert_port_to_host_priv(struct ipc_port *);
>  extern processor_t
>  convert_port_to_processor(struct ipc_port *);
>  
> +extern processor_t
> +convert_port_to_processor_name(struct ipc_port *);
> +
>  extern struct ipc_port *
>  convert_processor_to_port(processor_t);
>  
> +extern struct ipc_port *
> +convert_processor_name_to_port(processor_t);
> +
>  extern processor_set_t
>  convert_port_to_pset(struct ipc_port *);
>  
> diff --git a/kern/ipc_kobject.h b/kern/ipc_kobject.h
> index 649f8e61..9115c784 100644
> --- a/kern/ipc_kobject.h
> +++ b/kern/ipc_kobject.h
> @@ -78,9 +78,10 @@ typedef unsigned int ipc_kobject_type_t;
>  #define IKOT_CLOCK_CTRL              26
>  #define      IKOT_PAGER_PROXY        27
>  #define      IKOT_USER_DEVICE        28
> +#define IKOT_PROCESSOR_NAME  29
>                                       /* << new entries here  */
> -#define      IKOT_UNKNOWN            29      /* magic catchall       */
> -#define      IKOT_MAX_TYPE           30      /* # of IKOT_ types     */
> +#define      IKOT_UNKNOWN            30      /* magic catchall       */
> +#define      IKOT_MAX_TYPE           31      /* # of IKOT_ types     */
>   /* Please keep ipc/ipc_object.c:ikot_print_array up to date */
>  
>  #define is_ipc_kobject(ikot) (ikot != IKOT_NONE)
> diff --git a/kern/processor.c b/kern/processor.c
> index ba82ca2a..ee1f7694 100644
> --- a/kern/processor.c
> +++ b/kern/processor.c
> @@ -207,6 +207,7 @@ void processor_init(
>       queue_init(&pr->processors);
>       simple_lock_init(&pr->lock);
>       pr->processor_self = IP_NULL;
> +     pr->processor_name_self = IP_NULL;
>       pr->slot_num = slot_num;
>  }
>  
> diff --git a/kern/processor.h b/kern/processor.h
> index 3bb4dfbf..810fa1ef 100644
> --- a/kern/processor.h
> +++ b/kern/processor.h
> @@ -121,6 +121,7 @@ struct processor {
>       queue_chain_t   processors;     /* all processors in set */
>       decl_simple_lock_data(, lock)
>       struct ipc_port *processor_self;        /* port for operations */
> +     struct ipc_port *processor_name_self;   /* unprivileged name port */
>       int             slot_num;       /* machine-indep slot number */
>  #if  NCPUS > 1
>       ast_check_t     ast_check_data; /* for remote ast_check invocation */
> @@ -239,6 +240,7 @@ extern processor_t        master_processor;
>  #define processor_unlock(pr) simple_unlock(&(pr)->lock)
>  
>  typedef mach_port_t  *processor_array_t;
> +typedef mach_port_t  *processor_name_array_t;
>  typedef mach_port_t  *processor_set_array_t;
>  typedef mach_port_t  *processor_set_name_array_t;
>  
> -- 
> 2.53.0
> 
> 

-- 
Samuel
What's this script do?
    unzip ; touch ; finger ; mount ; gasp ; yes ; umount ; sleep
Hint for the answer: not everything is computer-oriented. Sometimes you're
in a sleeping bag, camping out.
(Contributed by Frans van der Zande.)

Re: [RFC PATCH 1/3] Add unprivileged processor_name_t type

Reply via email to