From 7cf7999e02a943191ba1bd574f6d51d203772623 Mon Sep 17 00:00:00 2001 From: Subv Date: Sun, 1 Oct 2017 21:56:43 -0500 Subject: [PATCH] Kernel/IPC: Added a function to translate the IPC command buffer from one process to another. Currently only CopyHandle, MoveHandle and CallingPid descriptors are implemented. --- src/core/CMakeLists.txt | 2 + src/core/hle/kernel/errors.h | 2 +- src/core/hle/kernel/ipc.cpp | 93 ++++++++++++++++++++++++++++++++++++ src/core/hle/kernel/ipc.h | 14 ++++++ 4 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 src/core/hle/kernel/ipc.cpp create mode 100644 src/core/hle/kernel/ipc.h diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt index 2618da18c..8c36a1b3e 100644 --- a/src/core/CMakeLists.txt +++ b/src/core/CMakeLists.txt @@ -61,6 +61,7 @@ set(SRCS hle/kernel/timer.cpp hle/kernel/vm_manager.cpp hle/kernel/wait_object.cpp + hle/kernel/ipc.cpp hle/lock.cpp hle/romfs.cpp hle/service/ac/ac.cpp @@ -247,6 +248,7 @@ set(HEADERS hle/kernel/event.h hle/kernel/handle_table.h hle/kernel/hle_ipc.h + hle/kernel/ipc.h hle/kernel/kernel.h hle/kernel/memory.h hle/kernel/mutex.h diff --git a/src/core/hle/kernel/errors.h b/src/core/hle/kernel/errors.h index 004764c63..509ffee58 100644 --- a/src/core/hle/kernel/errors.h +++ b/src/core/hle/kernel/errors.h @@ -7,7 +7,6 @@ #include "core/hle/result.h" namespace Kernel { - namespace ErrCodes { enum { OutOfHandles = 19, @@ -18,6 +17,7 @@ enum { WrongPermission = 46, InvalidBufferDescriptor = 48, MaxConnectionsReached = 52, + CommandTooLarge = 54, }; } diff --git a/src/core/hle/kernel/ipc.cpp b/src/core/hle/kernel/ipc.cpp new file mode 100644 index 000000000..e66ad6dc7 --- /dev/null +++ b/src/core/hle/kernel/ipc.cpp @@ -0,0 +1,93 @@ +// Copyright 2017 Citra Emulator Project +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#include "core/hle/ipc.h" +#include "core/hle/kernel/handle_table.h" +#include "core/hle/kernel/ipc.h" +#include "core/hle/kernel/kernel.h" +#include "core/hle/kernel/memory.h" +#include "core/hle/kernel/process.h" +#include "core/hle/kernel/thread.h" +#include "core/memory.h" + +namespace Kernel { + +ResultCode TranslateCommandBuffer(SharedPtr src_thread, SharedPtr dst_thread, + VAddr src_address, VAddr dst_address) { + + auto& src_process = src_thread->owner_process; + + IPC::Header header; + // TODO(Subv): Replace by Memory::Read32 when possible. + Memory::ReadBlock(*src_process, src_address, &header.raw, sizeof(header.raw)); + + size_t untranslated_size = 1u + header.normal_params_size; + size_t command_size = untranslated_size + header.translate_params_size; + + // Note: The real kernel does not check that the command length fits into the IPC buffer area. + ASSERT(command_size <= IPC::COMMAND_BUFFER_LENGTH); + + std::array cmd_buf; + Memory::ReadBlock(*src_process, src_address, cmd_buf.data(), command_size * sizeof(u32)); + + size_t i = untranslated_size; + while (i < command_size) { + u32 descriptor = cmd_buf[i]; + i += 1; + + switch (IPC::GetDescriptorType(descriptor)) { + case IPC::DescriptorType::CopyHandle: + case IPC::DescriptorType::MoveHandle: { + u32 num_handles = IPC::HandleNumberFromDesc(descriptor); + // Note: The real kernel does not check that the number of handles fits into the command + // buffer before writing them, only after finishing. + if (i + num_handles > command_size) { + return ResultCode(ErrCodes::CommandTooLarge, ErrorModule::OS, + ErrorSummary::InvalidState, ErrorLevel::Status); + } + + for (u32 j = 0; j < num_handles; ++j) { + Handle handle = cmd_buf[i]; + SharedPtr object = nullptr; + // Perform pseudo-handle detection here because by the time this function is called, + // the current thread and process are no longer the ones which created this IPC + // request, but the ones that are handling it. + if (handle == CurrentThread) { + object = src_thread; + } else if (handle == CurrentProcess) { + object = src_process; + } else if (handle != 0) { + object = g_handle_table.GetGeneric(handle); + if (descriptor == IPC::DescriptorType::MoveHandle) { + g_handle_table.Close(handle); + } + } + + if (object == nullptr) { + // Note: The real kernel sets invalid translated handles to 0 in the target + // command buffer. + cmd_buf[i++] = 0; + continue; + } + + auto result = g_handle_table.Create(std::move(object)); + cmd_buf[i++] = result.ValueOr(0); + } + break; + } + case IPC::DescriptorType::CallingPid: { + cmd_buf[i++] = src_process->process_id; + break; + } + default: + UNIMPLEMENTED_MSG("Unsupported handle translation: 0x%08X", descriptor); + } + } + + Memory::WriteBlock(*dst_thread->owner_process, dst_address, cmd_buf.data(), + command_size * sizeof(u32)); + + return RESULT_SUCCESS; +} +} // namespace Kernel diff --git a/src/core/hle/kernel/ipc.h b/src/core/hle/kernel/ipc.h new file mode 100644 index 000000000..ac81d1ad4 --- /dev/null +++ b/src/core/hle/kernel/ipc.h @@ -0,0 +1,14 @@ +// Copyright 2017 Citra Emulator Project +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#pragma once + +#include "common/common_types.h" +#include "core/hle/kernel/thread.h" + +namespace Kernel { +/// Performs IPC command buffer translation from one process to another. +ResultCode TranslateCommandBuffer(SharedPtr src_thread, SharedPtr dst_thread, + VAddr src_address, VAddr dst_address); +} // namespace Kernel